projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'sound-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
[linux-2.6-block.git] / security / smack / smack_lsm.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
e114e473
CS		 2/*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
5c6d1125 7 * Authors:
e114e473 8 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 10 *
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 13 * Paul Moore <paul@paul-moore.com>
5c6d1125 14 * Copyright (C) 2010 Nokia Corporation
84088ba2 15 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 16 */
17
18#include <linux/xattr.h>
19#include <linux/pagemap.h>
20#include <linux/mount.h>
21#include <linux/stat.h>
e114e473
CS		 22#include <linux/kd.h>
23#include <asm/ioctls.h>
07feee8f 24#include <linux/ip.h>
e114e473
CS		 25#include <linux/tcp.h>
26#include <linux/udp.h>
c6739443 27#include <linux/dccp.h>
d66a8acb 28#include <linux/icmpv6.h>
5a0e3ad6 29#include <linux/slab.h>
e114e473 30#include <linux/mutex.h>
e114e473 31#include <net/cipso_ipv4.h>
c6739443
CS		 32#include <net/ip.h>
33#include <net/ipv6.h>
d20bdda6 34#include <linux/audit.h>
1fd7317d 35#include <linux/magic.h>
2a7dba39 36#include <linux/dcache.h>
16014d87 37#include <linux/personality.h>
40401530
AV		 38#include <linux/msg.h>
39#include <linux/shm.h>
40#include <linux/binfmts.h>
3bf2789c 41#include <linux/parser.h>
2febd254
DH		 42#include <linux/fs_context.h>
43#include <linux/fs_parser.h>
e114e473
CS		 44#include "smack.h"
45
5c6d1125
JS		 46#define TRANS_TRUE "TRUE"
47#define TRANS_TRUE_SIZE 4
48
c6739443
CS		 49#define SMK_CONNECTING 0
50#define SMK_RECEIVING 1
51#define SMK_SENDING 2
52
21abb1ec 53#ifdef SMACK_IPV6_PORT_LABELING
3c7ce342 54DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 55static LIST_HEAD(smk_ipv6_port_list);
21abb1ec 56#endif
1a5b472b 57static struct kmem_cache *smack_inode_cache;
4e328b08 58struct kmem_cache *smack_rule_cache;
69f287ae 59int smack_enabled;
c6739443 60
c3300aaf
AV		 61#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
62static struct {
63 const char *name;
64 int len;
65 int opt;
66} smk_mount_opts[] = {
6e7739fc 67 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
c3300aaf 68 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
3bf2789c 69};
c3300aaf
AV		 70#undef A
71
72static int match_opt_prefix(char *s, int l, char **arg)
73{
74 int i;
75
76 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
77 size_t len = smk_mount_opts[i].len;
78 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
79 continue;
80 if (len == l || s[len] != '=')
81 continue;
82 *arg = s + len + 1;
83 return smk_mount_opts[i].opt;
84 }
85 return Opt_error;
86}
3bf2789c 87
3d04c924
CS		 88#ifdef CONFIG_SECURITY_SMACK_BRINGUP
89static char *smk_bu_mess[] = {
90 "Bringup Error", /* Unused */
91 "Bringup", /* SMACK_BRINGUP_ALLOW */
92 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
93 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
94};
95
d166c802
CS		 96static void smk_bu_mode(int mode, char *s)
97{
98 int i = 0;
99
100 if (mode & MAY_READ)
101 s[i++] = 'r';
102 if (mode & MAY_WRITE)
103 s[i++] = 'w';
104 if (mode & MAY_EXEC)
105 s[i++] = 'x';
106 if (mode & MAY_APPEND)
107 s[i++] = 'a';
108 if (mode & MAY_TRANSMUTE)
109 s[i++] = 't';
110 if (mode & MAY_LOCK)
111 s[i++] = 'l';
112 if (i == 0)
113 s[i++] = '-';
114 s[i] = '\0';
115}
116#endif
117
118#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 119static int smk_bu_note(char *note, struct smack_known *sskp,
120 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 121{
122 char acc[SMK_NUM_ACCESS_TYPE + 1];
123
124 if (rc <= 0)
125 return rc;
bf4b2fee
CS		 126 if (rc > SMACK_UNCONFINED_OBJECT)
127 rc = 0;
d166c802
CS		 128
129 smk_bu_mode(mode, acc);
bf4b2fee 130 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 131 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 132 return 0;
133}
134#else
21c7eae2 135#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 136#endif
137
138#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 139static int smk_bu_current(char *note, struct smack_known *oskp,
140 int mode, int rc)
d166c802 141{
b17103a8 142 struct task_smack *tsp = smack_cred(current_cred());
d166c802
CS		 143 char acc[SMK_NUM_ACCESS_TYPE + 1];
144
145 if (rc <= 0)
146 return rc;
bf4b2fee
CS		 147 if (rc > SMACK_UNCONFINED_OBJECT)
148 rc = 0;
d166c802
CS		 149
150 smk_bu_mode(mode, acc);
bf4b2fee 151 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 152 tsp->smk_task->smk_known, oskp->smk_known,
153 acc, current->comm, note);
d166c802
CS		 154 return 0;
155}
156#else
21c7eae2 157#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 158#endif
159
160#ifdef CONFIG_SECURITY_SMACK_BRINGUP
161static int smk_bu_task(struct task_struct *otp, int mode, int rc)
162{
b17103a8 163 struct task_smack *tsp = smack_cred(current_cred());
6d1cff2a 164 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 165 char acc[SMK_NUM_ACCESS_TYPE + 1];
166
167 if (rc <= 0)
168 return rc;
bf4b2fee
CS		 169 if (rc > SMACK_UNCONFINED_OBJECT)
170 rc = 0;
d166c802
CS		 171
172 smk_bu_mode(mode, acc);
bf4b2fee 173 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 174 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 175 current->comm, otp->comm);
176 return 0;
177}
178#else
179#define smk_bu_task(otp, mode, RC) (RC)
180#endif
181
182#ifdef CONFIG_SECURITY_SMACK_BRINGUP
183static int smk_bu_inode(struct inode *inode, int mode, int rc)
184{
b17103a8 185 struct task_smack *tsp = smack_cred(current_cred());
fb4021b6 186 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 187 char acc[SMK_NUM_ACCESS_TYPE + 1];
188
bf4b2fee
CS		 189 if (isp->smk_flags & SMK_INODE_IMPURE)
190 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
191 inode->i_sb->s_id, inode->i_ino, current->comm);
192
d166c802
CS		 193 if (rc <= 0)
194 return rc;
bf4b2fee
CS		 195 if (rc > SMACK_UNCONFINED_OBJECT)
196 rc = 0;
197 if (rc == SMACK_UNCONFINED_SUBJECT &&
198 (mode & (MAY_WRITE | MAY_APPEND)))
199 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 200
201 smk_bu_mode(mode, acc);
bf4b2fee
CS		 202
203 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
204 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 205 inode->i_sb->s_id, inode->i_ino, current->comm);
206 return 0;
207}
208#else
209#define smk_bu_inode(inode, mode, RC) (RC)
210#endif
211
212#ifdef CONFIG_SECURITY_SMACK_BRINGUP
213static int smk_bu_file(struct file *file, int mode, int rc)
214{
b17103a8 215 struct task_smack *tsp = smack_cred(current_cred());
d166c802 216 struct smack_known *sskp = tsp->smk_task;
5e7270a6 217 struct inode *inode = file_inode(file);
fb4021b6 218 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 219 char acc[SMK_NUM_ACCESS_TYPE + 1];
220
bf4b2fee
CS		 221 if (isp->smk_flags & SMK_INODE_IMPURE)
222 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
223 inode->i_sb->s_id, inode->i_ino, current->comm);
224
d166c802
CS		 225 if (rc <= 0)
226 return rc;
bf4b2fee
CS		 227 if (rc > SMACK_UNCONFINED_OBJECT)
228 rc = 0;
d166c802
CS		 229
230 smk_bu_mode(mode, acc);
bf4b2fee 231 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 232 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 233 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 234 current->comm);
235 return 0;
236}
237#else
238#define smk_bu_file(file, mode, RC) (RC)
239#endif
240
241#ifdef CONFIG_SECURITY_SMACK_BRINGUP
242static int smk_bu_credfile(const struct cred *cred, struct file *file,
243 int mode, int rc)
244{
b17103a8 245 struct task_smack *tsp = smack_cred(cred);
d166c802 246 struct smack_known *sskp = tsp->smk_task;
45063097 247 struct inode *inode = file_inode(file);
fb4021b6 248 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 249 char acc[SMK_NUM_ACCESS_TYPE + 1];
250
bf4b2fee
CS		 251 if (isp->smk_flags & SMK_INODE_IMPURE)
252 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
253 inode->i_sb->s_id, inode->i_ino, current->comm);
254
d166c802
CS		 255 if (rc <= 0)
256 return rc;
bf4b2fee
CS		 257 if (rc > SMACK_UNCONFINED_OBJECT)
258 rc = 0;
d166c802
CS		 259
260 smk_bu_mode(mode, acc);
bf4b2fee 261 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 262 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 263 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 264 current->comm);
265 return 0;
266}
267#else
268#define smk_bu_credfile(cred, file, mode, RC) (RC)
269#endif
270
e114e473
CS		 271/**
272 * smk_fetch - Fetch the smack label from a file.
1a28979b 273 * @name: type of the label (attribute)
e114e473
CS		 274 * @ip: a pointer to the inode
275 * @dp: a pointer to the dentry
276 *
e774ad68
LP		 277 * Returns a pointer to the master list entry for the Smack label,
278 * NULL if there was no label to fetch, or an error code.
e114e473 279 */
2f823ff8
CS		 280static struct smack_known *smk_fetch(const char *name, struct inode *ip,
281 struct dentry *dp)
e114e473
CS		 282{
283 int rc;
f7112e6c 284 char *buffer;
2f823ff8 285 struct smack_known *skp = NULL;
e114e473 286
5d6c3191 287 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 288 return ERR_PTR(-EOPNOTSUPP);
e114e473 289
e5bfad3d 290 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
f7112e6c 291 if (buffer == NULL)
e774ad68 292 return ERR_PTR(-ENOMEM);
e114e473 293
5d6c3191 294 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 295 if (rc < 0)
296 skp = ERR_PTR(rc);
297 else if (rc == 0)
298 skp = NULL;
299 else
2f823ff8 300 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 301
302 kfree(buffer);
303
2f823ff8 304 return skp;
e114e473
CS		 305}
306
307/**
afb1cbe3 308 * init_inode_smack - initialize an inode security blob
a1a07f22 309 * @inode: inode to extract the info from
21c7eae2 310 * @skp: a pointer to the Smack label entry to use in the blob
e114e473 311 *
e114e473 312 */
afb1cbe3 313static void init_inode_smack(struct inode *inode, struct smack_known *skp)
e114e473 314{
afb1cbe3 315 struct inode_smack *isp = smack_inode(inode);
e114e473 316
21c7eae2 317 isp->smk_inode = skp;
e114e473
CS		 318 isp->smk_flags = 0;
319 mutex_init(&isp->smk_lock);
e114e473
CS		 320}
321
7898e1f8 322/**
bbd3662a
CS		 323 * init_task_smack - initialize a task security blob
324 * @tsp: blob to initialize
1a28979b
LP		 325 * @task: a pointer to the Smack label for the running task
326 * @forked: a pointer to the Smack label for the forked task
7898e1f8 327 *
7898e1f8 328 */
bbd3662a
CS		 329static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
330 struct smack_known *forked)
7898e1f8 331{
7898e1f8
CS		 332 tsp->smk_task = task;
333 tsp->smk_forked = forked;
334 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 335 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8 336 mutex_init(&tsp->smk_rules_lock);
7898e1f8
CS		 337}
338
339/**
340 * smk_copy_rules - copy a rule set
1a28979b
LP		 341 * @nhead: new rules header pointer
342 * @ohead: old rules header pointer
343 * @gfp: type of the memory for the allocation
7898e1f8
CS		 344 *
345 * Returns 0 on success, -ENOMEM on error
346 */
347static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
348 gfp_t gfp)
349{
350 struct smack_rule *nrp;
351 struct smack_rule *orp;
352 int rc = 0;
353
7898e1f8 354 list_for_each_entry_rcu(orp, ohead, list) {
4e328b08 355 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
7898e1f8
CS		 356 if (nrp == NULL) {
357 rc = -ENOMEM;
358 break;
359 }
360 *nrp = *orp;
361 list_add_rcu(&nrp->list, nhead);
362 }
363 return rc;
364}
365
38416e53
ZJ		 366/**
367 * smk_copy_relabel - copy smk_relabel labels list
368 * @nhead: new rules header pointer
369 * @ohead: old rules header pointer
370 * @gfp: type of the memory for the allocation
371 *
372 * Returns 0 on success, -ENOMEM on error
373 */
374static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
375 gfp_t gfp)
376{
377 struct smack_known_list_elem *nklep;
378 struct smack_known_list_elem *oklep;
379
38416e53
ZJ		 380 list_for_each_entry(oklep, ohead, list) {
381 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
382 if (nklep == NULL) {
383 smk_destroy_label_list(nhead);
384 return -ENOMEM;
385 }
386 nklep->smk_label = oklep->smk_label;
387 list_add(&nklep->list, nhead);
388 }
389
390 return 0;
391}
392
5663884c
LP		 393/**
394 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
395 * @mode - input mode in form of PTRACE_MODE_*
396 *
397 * Returns a converted MAY_* mode usable by smack rules
398 */
399static inline unsigned int smk_ptrace_mode(unsigned int mode)
400{
3dfb7d8c 401 if (mode & PTRACE_MODE_ATTACH)
5663884c 402 return MAY_READWRITE;
3dfb7d8c
JH		 403 if (mode & PTRACE_MODE_READ)
404 return MAY_READ;
5663884c
LP		 405
406 return 0;
407}
408
409/**
410 * smk_ptrace_rule_check - helper for ptrace access
411 * @tracer: tracer process
21c7eae2 412 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 413 * @mode: ptrace attachment mode (PTRACE_MODE_*)
414 * @func: name of the function that called us, used for audit
415 *
416 * Returns 0 on access granted, -error on error
417 */
21c7eae2
LP		 418static int smk_ptrace_rule_check(struct task_struct *tracer,
419 struct smack_known *tracee_known,
5663884c
LP		 420 unsigned int mode, const char *func)
421{
422 int rc;
423 struct smk_audit_info ad, *saip = NULL;
424 struct task_smack *tsp;
21c7eae2 425 struct smack_known *tracer_known;
dcb569cf 426 const struct cred *tracercred;
5663884c
LP		 427
428 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
429 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
430 smk_ad_setfield_u_tsk(&ad, tracer);
431 saip = &ad;
432 }
433
6d1cff2a 434 rcu_read_lock();
dcb569cf 435 tracercred = __task_cred(tracer);
b17103a8 436 tsp = smack_cred(tracercred);
21c7eae2 437 tracer_known = smk_of_task(tsp);
5663884c 438
66867818
LP		 439 if ((mode & PTRACE_MODE_ATTACH) &&
440 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
441 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 442 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 443 rc = 0;
444 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
445 rc = -EACCES;
dcb569cf 446 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 447 rc = 0;
448 else
449 rc = -EACCES;
450
451 if (saip)
21c7eae2
LP		 452 smack_log(tracer_known->smk_known,
453 tracee_known->smk_known,
454 0, rc, saip);
66867818 455
6d1cff2a 456 rcu_read_unlock();
66867818
LP		 457 return rc;
458 }
459
460 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 461 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 462
463 rcu_read_unlock();
5663884c
LP		 464 return rc;
465}
466
e114e473
CS		 467/*
468 * LSM hooks.
469 * We he, that is fun!
470 */
471
472/**
9e48858f 473 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 474 * @ctp: child task pointer
5663884c 475 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 476 *
477 * Returns 0 if access is OK, an error code otherwise
478 *
5663884c 479 * Do the capability checks.
e114e473 480 */
9e48858f 481static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 482{
2f823ff8 483 struct smack_known *skp;
e114e473 484
6d1cff2a 485 skp = smk_of_task_struct(ctp);
ecfcc53f 486
b1d9e6b0 487 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 488}
489
490/**
491 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
492 * @ptp: parent task pointer
493 *
494 * Returns 0 if access is OK, an error code otherwise
495 *
5663884c 496 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 497 */
498static int smack_ptrace_traceme(struct task_struct *ptp)
499{
500 int rc;
2f823ff8 501 struct smack_known *skp;
5cd9c58f 502
b17103a8 503 skp = smk_of_task(smack_cred(current_cred()));
ecfcc53f 504
21c7eae2 505 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 506 return rc;
507}
508
509/**
510 * smack_syslog - Smack approval on syslog
a1a07f22 511 * @typefrom_file: unused
e114e473 512 *
e114e473
CS		 513 * Returns 0 on success, error code otherwise.
514 */
12b3052c 515static int smack_syslog(int typefrom_file)
e114e473 516{
12b3052c 517 int rc = 0;
2f823ff8 518 struct smack_known *skp = smk_of_current();
e114e473 519
1880eff7 520 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 521 return 0;
522
24ea1b6e 523 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 524 rc = -EACCES;
525
526 return rc;
527}
528
e114e473
CS		 529/*
530 * Superblock Hooks.
531 */
532
533/**
534 * smack_sb_alloc_security - allocate a superblock blob
535 * @sb: the superblock getting the blob
536 *
537 * Returns 0 on success or -ENOMEM on error.
538 */
539static int smack_sb_alloc_security(struct super_block *sb)
540{
541 struct superblock_smack *sbsp;
542
543 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
544
545 if (sbsp == NULL)
546 return -ENOMEM;
547
21c7eae2
LP		 548 sbsp->smk_root = &smack_known_floor;
549 sbsp->smk_default = &smack_known_floor;
550 sbsp->smk_floor = &smack_known_floor;
551 sbsp->smk_hat = &smack_known_hat;
e830b394 552 /*
9f50eda2 553 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 554 */
e114e473
CS		 555 sb->s_security = sbsp;
556
557 return 0;
558}
559
560/**
561 * smack_sb_free_security - free a superblock blob
562 * @sb: the superblock getting the blob
563 *
564 */
565static void smack_sb_free_security(struct super_block *sb)
566{
567 kfree(sb->s_security);
568 sb->s_security = NULL;
569}
570
12085b14
AV		 571struct smack_mnt_opts {
572 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
573};
e114e473 574
204cc0cc
AV		 575static void smack_free_mnt_opts(void *mnt_opts)
576{
12085b14
AV		 577 struct smack_mnt_opts *opts = mnt_opts;
578 kfree(opts->fsdefault);
579 kfree(opts->fsfloor);
580 kfree(opts->fshat);
581 kfree(opts->fsroot);
582 kfree(opts->fstransmute);
204cc0cc
AV		 583 kfree(opts);
584}
e114e473 585
55c0e5bd
AV		 586static int smack_add_opt(int token, const char *s, void **mnt_opts)
587{
588 struct smack_mnt_opts *opts = *mnt_opts;
e114e473 589
55c0e5bd
AV		 590 if (!opts) {
591 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
592 if (!opts)
593 return -ENOMEM;
594 *mnt_opts = opts;
e114e473 595 }
55c0e5bd
AV		 596 if (!s)
597 return -ENOMEM;
e114e473 598
55c0e5bd
AV		 599 switch (token) {
600 case Opt_fsdefault:
601 if (opts->fsdefault)
602 goto out_opt_err;
603 opts->fsdefault = s;
604 break;
605 case Opt_fsfloor:
606 if (opts->fsfloor)
607 goto out_opt_err;
608 opts->fsfloor = s;
609 break;
610 case Opt_fshat:
611 if (opts->fshat)
612 goto out_opt_err;
613 opts->fshat = s;
614 break;
615 case Opt_fsroot:
616 if (opts->fsroot)
617 goto out_opt_err;
618 opts->fsroot = s;
619 break;
620 case Opt_fstransmute:
621 if (opts->fstransmute)
622 goto out_opt_err;
623 opts->fstransmute = s;
624 break;
625 }
e114e473 626 return 0;
55c0e5bd
AV		 627
628out_opt_err:
629 pr_warn("Smack: duplicate mount options\n");
630 return -EINVAL;
e114e473
CS		 631}
632
0b52075e
AV		 633/**
634 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
635 * @fc: The new filesystem context.
636 * @src_fc: The source filesystem context being duplicated.
637 *
638 * Returns 0 on success or -ENOMEM on error.
639 */
640static int smack_fs_context_dup(struct fs_context *fc,
641 struct fs_context *src_fc)
642{
643 struct smack_mnt_opts *dst, *src = src_fc->security;
644
645 if (!src)
646 return 0;
647
648 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
649 if (!fc->security)
650 return -ENOMEM;
651 dst = fc->security;
652
653 if (src->fsdefault) {
654 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
655 if (!dst->fsdefault)
656 return -ENOMEM;
657 }
658 if (src->fsfloor) {
659 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
660 if (!dst->fsfloor)
661 return -ENOMEM;
662 }
663 if (src->fshat) {
664 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
665 if (!dst->fshat)
666 return -ENOMEM;
667 }
668 if (src->fsroot) {
669 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
670 if (!dst->fsroot)
671 return -ENOMEM;
672 }
673 if (src->fstransmute) {
674 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
675 if (!dst->fstransmute)
676 return -ENOMEM;
677 }
678 return 0;
679}
680
2febd254 681static const struct fs_parameter_spec smack_param_specs[] = {
6e7739fc
CS		 682 fsparam_string("smackfsdef", Opt_fsdefault),
683 fsparam_string("smackfsdefault", Opt_fsdefault),
684 fsparam_string("smackfsfloor", Opt_fsfloor),
685 fsparam_string("smackfshat", Opt_fshat),
686 fsparam_string("smackfsroot", Opt_fsroot),
687 fsparam_string("smackfstransmute", Opt_fstransmute),
2febd254
DH		 688 {}
689};
690
691static const struct fs_parameter_description smack_fs_parameters = {
692 .name = "smack",
693 .specs = smack_param_specs,
694};
695
696/**
697 * smack_fs_context_parse_param - Parse a single mount parameter
698 * @fc: The new filesystem context being constructed.
699 * @param: The parameter.
700 *
701 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
702 * error.
703 */
704static int smack_fs_context_parse_param(struct fs_context *fc,
705 struct fs_parameter *param)
706{
707 struct fs_parse_result result;
708 int opt, rc;
709
710 opt = fs_parse(fc, &smack_fs_parameters, param, &result);
711 if (opt < 0)
712 return opt;
713
714 rc = smack_add_opt(opt, param->string, &fc->security);
715 if (!rc)
716 param->string = NULL;
717 return rc;
718}
719
d2497e12 720static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
3bf2789c 721{
d2497e12
AV		 722 char *from = options, *to = options;
723 bool first = true;
3bf2789c 724
c3300aaf
AV		 725 while (1) {
726 char *next = strchr(from, ',');
727 int token, len, rc;
728 char *arg = NULL;
3bf2789c 729
c3300aaf
AV		 730 if (next)
731 len = next - from;
732 else
733 len = strlen(from);
3bf2789c 734
c3300aaf 735 token = match_opt_prefix(from, len, &arg);
d2497e12
AV		 736 if (token != Opt_error) {
737 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
738 rc = smack_add_opt(token, arg, mnt_opts);
739 if (unlikely(rc)) {
740 kfree(arg);
741 if (*mnt_opts)
742 smack_free_mnt_opts(*mnt_opts);
743 *mnt_opts = NULL;
744 return rc;
745 }
746 } else {
747 if (!first) { // copy with preceding comma
748 from--;
749 len++;
750 }
751 if (to != from)
752 memmove(to, from, len);
753 to += len;
754 first = false;
3bf2789c 755 }
c3300aaf
AV		 756 if (!from[len])
757 break;
758 from += len + 1;
3bf2789c 759 }
d2497e12 760 *to = '\0';
3bf2789c 761 return 0;
3bf2789c
VT		 762}
763
764/**
765 * smack_set_mnt_opts - set Smack specific mount options
e114e473 766 * @sb: the file system superblock
a1a07f22 767 * @mnt_opts: Smack mount options
3bf2789c
VT		 768 * @kern_flags: mount option from kernel space or user space
769 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 770 *
771 * Returns 0 on success, an error code on failure
3bf2789c
VT		 772 *
773 * Allow filesystems with binary mount data to explicitly set Smack mount
774 * labels.
e114e473 775 */
3bf2789c 776static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 777 void *mnt_opts,
3bf2789c
VT		 778 unsigned long kern_flags,
779 unsigned long *set_kern_flags)
e114e473
CS		 780{
781 struct dentry *root = sb->s_root;
c6f493d6 782 struct inode *inode = d_backing_inode(root);
e114e473
CS		 783 struct superblock_smack *sp = sb->s_security;
784 struct inode_smack *isp;
24ea1b6e 785 struct smack_known *skp;
12085b14
AV		 786 struct smack_mnt_opts *opts = mnt_opts;
787 bool transmute = false;
e114e473 788
9f50eda2 789 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 790 return 0;
eb982cb4 791
afb1cbe3
CS		 792 if (inode->i_security == NULL) {
793 int rc = lsm_inode_alloc(inode);
794
795 if (rc)
796 return rc;
797 }
798
2097f599
HS		 799 if (!smack_privileged(CAP_MAC_ADMIN)) {
800 /*
801 * Unprivileged mounts don't get to specify Smack values.
802 */
12085b14 803 if (opts)
2097f599
HS		 804 return -EPERM;
805 /*
806 * Unprivileged mounts get root and default from the caller.
807 */
808 skp = smk_of_current();
809 sp->smk_root = skp;
810 sp->smk_default = skp;
811 /*
812 * For a handful of fs types with no user-controlled
813 * backing store it's okay to trust security labels
814 * in the filesystem. The rest are untrusted.
815 */
816 if (sb->s_user_ns != &init_user_ns &&
817 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
818 sb->s_magic != RAMFS_MAGIC) {
12085b14 819 transmute = true;
2097f599
HS		 820 sp->smk_flags |= SMK_SB_UNTRUSTED;
821 }
822 }
823
9f50eda2 824 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 825
12085b14
AV		 826 if (opts) {
827 if (opts->fsdefault) {
828 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 829 if (IS_ERR(skp))
830 return PTR_ERR(skp);
3bf2789c 831 sp->smk_default = skp;
12085b14
AV		 832 }
833 if (opts->fsfloor) {
834 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 835 if (IS_ERR(skp))
836 return PTR_ERR(skp);
837 sp->smk_floor = skp;
12085b14
AV		 838 }
839 if (opts->fshat) {
840 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 841 if (IS_ERR(skp))
842 return PTR_ERR(skp);
3bf2789c 843 sp->smk_hat = skp;
12085b14
AV		 844 }
845 if (opts->fsroot) {
846 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 847 if (IS_ERR(skp))
848 return PTR_ERR(skp);
849 sp->smk_root = skp;
12085b14
AV		 850 }
851 if (opts->fstransmute) {
852 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 853 if (IS_ERR(skp))
854 return PTR_ERR(skp);
855 sp->smk_root = skp;
12085b14 856 transmute = true;
e114e473
CS		 857 }
858 }
859
860 /*
861 * Initialize the root inode.
862 */
afb1cbe3 863 init_inode_smack(inode, sp->smk_root);
e114e473 864
afb1cbe3
CS		 865 if (transmute) {
866 isp = smack_inode(inode);
e830b394 867 isp->smk_flags |= SMK_INODE_TRANSMUTE;
afb1cbe3 868 }
e830b394 869
e114e473
CS		 870 return 0;
871}
872
873/**
874 * smack_sb_statfs - Smack check on statfs
875 * @dentry: identifies the file system in question
876 *
877 * Returns 0 if current can read the floor of the filesystem,
878 * and error code otherwise
879 */
880static int smack_sb_statfs(struct dentry *dentry)
881{
882 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 883 int rc;
884 struct smk_audit_info ad;
885
a269434d 886 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 887 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 888
ecfcc53f 889 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 890 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 891 return rc;
e114e473
CS		 892}
893
676dac4b
CS		 894/*
895 * BPRM hooks
896 */
897
ce8a4321
CS		 898/**
899 * smack_bprm_set_creds - set creds for exec
900 * @bprm: the exec information
901 *
5663884c 902 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 903 */
676dac4b
CS		 904static int smack_bprm_set_creds(struct linux_binprm *bprm)
905{
496ad9aa 906 struct inode *inode = file_inode(bprm->file);
b17103a8 907 struct task_smack *bsp = smack_cred(bprm->cred);
676dac4b 908 struct inode_smack *isp;
809c02e0 909 struct superblock_smack *sbsp;
676dac4b
CS		 910 int rc;
911
ddb4a144 912 if (bprm->called_set_creds)
676dac4b
CS		 913 return 0;
914
fb4021b6 915 isp = smack_inode(inode);
84088ba2 916 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 917 return 0;
918
809c02e0
SF		 919 sbsp = inode->i_sb->s_security;
920 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
921 isp->smk_task != sbsp->smk_root)
922 return 0;
923
9227dd2a 924 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 925 struct task_struct *tracer;
926 rc = 0;
927
928 rcu_read_lock();
929 tracer = ptrace_parent(current);
930 if (likely(tracer != NULL))
931 rc = smk_ptrace_rule_check(tracer,
21c7eae2 932 isp->smk_task,
5663884c
LP		 933 PTRACE_MODE_ATTACH,
934 __func__);
935 rcu_read_unlock();
936
937 if (rc != 0)
938 return rc;
3675f052
JH		 939 }
940 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
84088ba2 941 return -EPERM;
676dac4b 942
84088ba2
JS		 943 bsp->smk_task = isp->smk_task;
944 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 945
ccbb6e10
KC		 946 /* Decide if this is a secure exec. */
947 if (bsp->smk_task != bsp->smk_forked)
948 bprm->secureexec = 1;
949
84088ba2
JS		 950 return 0;
951}
676dac4b 952
e114e473
CS		 953/*
954 * Inode hooks
955 */
956
957/**
958 * smack_inode_alloc_security - allocate an inode blob
251a2a95 959 * @inode: the inode in need of a blob
e114e473 960 *
a1a07f22 961 * Returns 0
e114e473
CS		 962 */
963static int smack_inode_alloc_security(struct inode *inode)
964{
2f823ff8
CS		 965 struct smack_known *skp = smk_of_current();
966
afb1cbe3 967 init_inode_smack(inode, skp);
e114e473
CS		 968 return 0;
969}
970
e114e473
CS		 971/**
972 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 973 * @inode: the newly created inode
974 * @dir: containing directory object
2a7dba39 975 * @qstr: unused
e114e473
CS		 976 * @name: where to put the attribute name
977 * @value: where to put the attribute value
978 * @len: where to put the length of the attribute
979 *
980 * Returns 0 if it all works out, -ENOMEM if there's no memory
981 */
982static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 983 const struct qstr *qstr, const char **name,
2a7dba39 984 void **value, size_t *len)
e114e473 985{
fb4021b6 986 struct inode_smack *issp = smack_inode(inode);
2f823ff8 987 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 988 struct smack_known *isp = smk_of_inode(inode);
989 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 990 int may;
e114e473 991
9548906b
TH		 992 if (name)
993 *name = XATTR_SMACK_SUFFIX;
e114e473 994
68390ccf 995 if (value && len) {
7898e1f8 996 rcu_read_lock();
21c7eae2
LP		 997 may = smk_access_entry(skp->smk_known, dsp->smk_known,
998 &skp->smk_rules);
7898e1f8 999 rcu_read_unlock();
5c6d1125
JS		 1000
1001 /*
1002 * If the access rule allows transmutation and
1003 * the directory requests transmutation then
1004 * by all means transmute.
2267b13a 1005 * Mark the inode as changed.
5c6d1125 1006 */
7898e1f8 1007 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 1008 smk_inode_transmutable(dir)) {
5c6d1125 1009 isp = dsp;
2267b13a
CS		 1010 issp->smk_flags |= SMK_INODE_CHANGED;
1011 }
5c6d1125 1012
21c7eae2 1013 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 1014 if (*value == NULL)
1015 return -ENOMEM;
e114e473 1016
21c7eae2 1017 *len = strlen(isp->smk_known);
68390ccf 1018 }
e114e473
CS		 1019
1020 return 0;
1021}
1022
1023/**
1024 * smack_inode_link - Smack check on link
1025 * @old_dentry: the existing object
1026 * @dir: unused
1027 * @new_dentry: the new object
1028 *
1029 * Returns 0 if access is permitted, an error code otherwise
1030 */
1031static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1032 struct dentry *new_dentry)
1033{
21c7eae2 1034 struct smack_known *isp;
ecfcc53f
EB		 1035 struct smk_audit_info ad;
1036 int rc;
1037
a269434d 1038 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1039 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1040
c6f493d6 1041 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1042 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1043 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1044
8802565b 1045 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1046 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1047 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1048 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1049 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1050 }
1051
1052 return rc;
1053}
1054
1055/**
1056 * smack_inode_unlink - Smack check on inode deletion
1057 * @dir: containing directory object
1058 * @dentry: file to unlink
1059 *
1060 * Returns 0 if current can write the containing directory
1061 * and the object, error code otherwise
1062 */
1063static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1064{
c6f493d6 1065 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1066 struct smk_audit_info ad;
e114e473
CS		 1067 int rc;
1068
a269434d 1069 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1070 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1071
e114e473
CS		 1072 /*
1073 * You need write access to the thing you're unlinking
1074 */
ecfcc53f 1075 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1076 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1077 if (rc == 0) {
e114e473
CS		 1078 /*
1079 * You also need write access to the containing directory
1080 */
cdb56b60 1081 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1082 smk_ad_setfield_u_fs_inode(&ad, dir);
1083 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1084 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1085 }
e114e473
CS		 1086 return rc;
1087}
1088
1089/**
1090 * smack_inode_rmdir - Smack check on directory deletion
1091 * @dir: containing directory object
1092 * @dentry: directory to unlink
1093 *
1094 * Returns 0 if current can write the containing directory
1095 * and the directory, error code otherwise
1096 */
1097static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1098{
ecfcc53f 1099 struct smk_audit_info ad;
e114e473
CS		 1100 int rc;
1101
a269434d 1102 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1103 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1104
e114e473
CS		 1105 /*
1106 * You need write access to the thing you're removing
1107 */
c6f493d6
DH		 1108 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1109 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1110 if (rc == 0) {
e114e473
CS		 1111 /*
1112 * You also need write access to the containing directory
1113 */
cdb56b60 1114 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1115 smk_ad_setfield_u_fs_inode(&ad, dir);
1116 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1117 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1118 }
e114e473
CS		 1119
1120 return rc;
1121}
1122
1123/**
1124 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1125 * @old_inode: unused
1126 * @old_dentry: the old object
1127 * @new_inode: unused
1128 * @new_dentry: the new object
e114e473
CS		 1129 *
1130 * Read and write access is required on both the old and
1131 * new directories.
1132 *
1133 * Returns 0 if access is permitted, an error code otherwise
1134 */
1135static int smack_inode_rename(struct inode *old_inode,
1136 struct dentry *old_dentry,
1137 struct inode *new_inode,
1138 struct dentry *new_dentry)
1139{
1140 int rc;
21c7eae2 1141 struct smack_known *isp;
ecfcc53f
EB		 1142 struct smk_audit_info ad;
1143
a269434d 1144 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1145 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1146
c6f493d6 1147 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1148 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1149 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1150
8802565b 1151 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1152 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1153 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1154 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1155 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1156 }
e114e473
CS		 1157 return rc;
1158}
1159
1160/**
1161 * smack_inode_permission - Smack version of permission()
1162 * @inode: the inode in question
1163 * @mask: the access requested
e114e473
CS		 1164 *
1165 * This is the important Smack hook.
1166 *
a1a07f22 1167 * Returns 0 if access is permitted, an error code otherwise
e114e473 1168 */
e74f71eb 1169static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1170{
9f50eda2 1171 struct superblock_smack *sbsp = inode->i_sb->s_security;
ecfcc53f 1172 struct smk_audit_info ad;
e74f71eb 1173 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1174 int rc;
d09ca739
EP		 1175
1176 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1177 /*
1178 * No permission to check. Existence test. Yup, it's there.
1179 */
1180 if (mask == 0)
1181 return 0;
8c9e80ed 1182
9f50eda2
SF		 1183 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1184 if (smk_of_inode(inode) != sbsp->smk_root)
1185 return -EACCES;
1186 }
1187
8c9e80ed 1188 /* May be droppable after audit */
e74f71eb 1189 if (no_block)
8c9e80ed 1190 return -ECHILD;
f48b7399 1191 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1192 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1193 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1194 rc = smk_bu_inode(inode, mask, rc);
1195 return rc;
e114e473
CS		 1196}
1197
1198/**
1199 * smack_inode_setattr - Smack check for setting attributes
1200 * @dentry: the object
1201 * @iattr: for the force flag
1202 *
1203 * Returns 0 if access is permitted, an error code otherwise
1204 */
1205static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1206{
ecfcc53f 1207 struct smk_audit_info ad;
d166c802
CS		 1208 int rc;
1209
e114e473
CS		 1210 /*
1211 * Need to allow for clearing the setuid bit.
1212 */
1213 if (iattr->ia_valid & ATTR_FORCE)
1214 return 0;
a269434d 1215 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1216 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1217
c6f493d6
DH		 1218 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1219 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1220 return rc;
e114e473
CS		 1221}
1222
1223/**
1224 * smack_inode_getattr - Smack check for getting attributes
a1a07f22 1225 * @path: path to extract the info from
e114e473
CS		 1226 *
1227 * Returns 0 if access is permitted, an error code otherwise
1228 */
3f7036a0 1229static int smack_inode_getattr(const struct path *path)
e114e473 1230{
ecfcc53f 1231 struct smk_audit_info ad;
c6f493d6 1232 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1233 int rc;
ecfcc53f 1234
f48b7399 1235 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1236 smk_ad_setfield_u_fs_path(&ad, *path);
1237 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1238 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1239 return rc;
e114e473
CS		 1240}
1241
1242/**
1243 * smack_inode_setxattr - Smack check for setting xattrs
1244 * @dentry: the object
1245 * @name: name of the attribute
e95ef49b
LP		 1246 * @value: value of the attribute
1247 * @size: size of the value
e114e473
CS		 1248 * @flags: unused
1249 *
1250 * This protects the Smack attribute explicitly.
1251 *
1252 * Returns 0 if access is permitted, an error code otherwise
1253 */
8f0cfa52
DH		 1254static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1255 const void *value, size_t size, int flags)
e114e473 1256{
ecfcc53f 1257 struct smk_audit_info ad;
19760ad0
CS		 1258 struct smack_known *skp;
1259 int check_priv = 0;
1260 int check_import = 0;
1261 int check_star = 0;
bcdca225 1262 int rc = 0;
e114e473 1263
19760ad0
CS		 1264 /*
1265 * Check label validity here so import won't fail in post_setxattr
1266 */
bcdca225
CS		 1267 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1268 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1269 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1270 check_priv = 1;
1271 check_import = 1;
1272 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1273 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1274 check_priv = 1;
1275 check_import = 1;
1276 check_star = 1;
5c6d1125 1277 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1278 check_priv = 1;
5c6d1125
JS		 1279 if (size != TRANS_TRUE_SIZE ||
1280 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1281 rc = -EINVAL;
bcdca225
CS		 1282 } else
1283 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1284
19760ad0
CS		 1285 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1286 rc = -EPERM;
1287
1288 if (rc == 0 && check_import) {
b862e561 1289 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1290 if (IS_ERR(skp))
1291 rc = PTR_ERR(skp);
1292 else if (skp == NULL || (check_star &&
19760ad0
CS		 1293 (skp == &smack_known_star || skp == &smack_known_web)))
1294 rc = -EINVAL;
1295 }
1296
a269434d 1297 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1298 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1299
d166c802 1300 if (rc == 0) {
c6f493d6
DH		 1301 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1302 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1303 }
bcdca225
CS		 1304
1305 return rc;
e114e473
CS		 1306}
1307
1308/**
1309 * smack_inode_post_setxattr - Apply the Smack update approved above
1310 * @dentry: object
1311 * @name: attribute name
1312 * @value: attribute value
1313 * @size: attribute size
1314 * @flags: unused
1315 *
1316 * Set the pointer in the inode blob to the entry found
1317 * in the master label list.
1318 */
8f0cfa52
DH		 1319static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1320 const void *value, size_t size, int flags)
e114e473 1321{
2f823ff8 1322 struct smack_known *skp;
fb4021b6 1323 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
676dac4b 1324
2f823ff8
CS		 1325 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1326 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1327 return;
1328 }
1329
676dac4b 1330 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1331 skp = smk_import_entry(value, size);
e774ad68 1332 if (!IS_ERR(skp))
21c7eae2 1333 isp->smk_inode = skp;
5c6d1125 1334 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1335 skp = smk_import_entry(value, size);
e774ad68 1336 if (!IS_ERR(skp))
2f823ff8 1337 isp->smk_task = skp;
7898e1f8 1338 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1339 skp = smk_import_entry(value, size);
e774ad68 1340 if (!IS_ERR(skp))
2f823ff8 1341 isp->smk_mmap = skp;
2f823ff8 1342 }
e114e473
CS		 1343
1344 return;
1345}
1346
ce8a4321 1347/**
e114e473
CS		 1348 * smack_inode_getxattr - Smack check on getxattr
1349 * @dentry: the object
1350 * @name: unused
1351 *
1352 * Returns 0 if access is permitted, an error code otherwise
1353 */
8f0cfa52 1354static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1355{
ecfcc53f 1356 struct smk_audit_info ad;
d166c802 1357 int rc;
ecfcc53f 1358
a269434d 1359 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1360 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1361
c6f493d6
DH		 1362 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1363 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1364 return rc;
e114e473
CS		 1365}
1366
ce8a4321 1367/**
e114e473
CS		 1368 * smack_inode_removexattr - Smack check on removexattr
1369 * @dentry: the object
1370 * @name: name of the attribute
1371 *
1372 * Removing the Smack attribute requires CAP_MAC_ADMIN
1373 *
1374 * Returns 0 if access is permitted, an error code otherwise
1375 */
8f0cfa52 1376static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1377{
676dac4b 1378 struct inode_smack *isp;
ecfcc53f 1379 struct smk_audit_info ad;
bcdca225 1380 int rc = 0;
e114e473 1381
bcdca225
CS		 1382 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1383 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1384 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1385 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1386 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1387 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1388 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1389 rc = -EPERM;
1390 } else
1391 rc = cap_inode_removexattr(dentry, name);
1392
f59bdfba
CS		 1393 if (rc != 0)
1394 return rc;
1395
a269434d 1396 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1397 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1398
c6f493d6
DH		 1399 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1400 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1401 if (rc != 0)
1402 return rc;
1403
fb4021b6 1404 isp = smack_inode(d_backing_inode(dentry));
f59bdfba
CS		 1405 /*
1406 * Don't do anything special for these.
1407 * XATTR_NAME_SMACKIPIN
1408 * XATTR_NAME_SMACKIPOUT
f59bdfba 1409 */
8012495e 1410 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1411 struct super_block *sbp = dentry->d_sb;
8012495e
JB		 1412 struct superblock_smack *sbsp = sbp->s_security;
1413
1414 isp->smk_inode = sbsp->smk_default;
1415 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1416 isp->smk_task = NULL;
f59bdfba 1417 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1418 isp->smk_mmap = NULL;
f59bdfba
CS		 1419 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1420 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1421
f59bdfba 1422 return 0;
e114e473
CS		 1423}
1424
1425/**
1426 * smack_inode_getsecurity - get smack xattrs
1427 * @inode: the object
1428 * @name: attribute name
1429 * @buffer: where to put the result
57e7ba04 1430 * @alloc: duplicate memory
e114e473
CS		 1431 *
1432 * Returns the size of the attribute or an error code
1433 */
ea861dfd 1434static int smack_inode_getsecurity(struct inode *inode,
e114e473
CS		 1435 const char *name, void **buffer,
1436 bool alloc)
1437{
1438 struct socket_smack *ssp;
1439 struct socket *sock;
1440 struct super_block *sbp;
1441 struct inode *ip = (struct inode *)inode;
21c7eae2 1442 struct smack_known *isp;
e114e473 1443
57e7ba04 1444 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1445 isp = smk_of_inode(inode);
57e7ba04
CS		 1446 else {
1447 /*
1448 * The rest of the Smack xattrs are only on sockets.
1449 */
1450 sbp = ip->i_sb;
1451 if (sbp->s_magic != SOCKFS_MAGIC)
1452 return -EOPNOTSUPP;
e114e473 1453
57e7ba04
CS		 1454 sock = SOCKET_I(ip);
1455 if (sock == NULL || sock->sk == NULL)
1456 return -EOPNOTSUPP;
e114e473 1457
57e7ba04 1458 ssp = sock->sk->sk_security;
e114e473 1459
57e7ba04
CS		 1460 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1461 isp = ssp->smk_in;
1462 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1463 isp = ssp->smk_out;
1464 else
1465 return -EOPNOTSUPP;
1466 }
e114e473 1467
57e7ba04
CS		 1468 if (alloc) {
1469 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1470 if (*buffer == NULL)
1471 return -ENOMEM;
e114e473
CS		 1472 }
1473
57e7ba04 1474 return strlen(isp->smk_known);
e114e473
CS		 1475}
1476
1477
1478/**
1479 * smack_inode_listsecurity - list the Smack attributes
1480 * @inode: the object
1481 * @buffer: where they go
1482 * @buffer_size: size of buffer
e114e473
CS		 1483 */
1484static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1485 size_t buffer_size)
1486{
fd5c9d23 1487 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1488
fd5c9d23 1489 if (buffer != NULL && len <= buffer_size)
e114e473 1490 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1491
1492 return len;
e114e473
CS		 1493}
1494
d20bdda6
AD		 1495/**
1496 * smack_inode_getsecid - Extract inode's security id
1497 * @inode: inode to extract the info from
1498 * @secid: where result will be saved
1499 */
d6335d77 1500static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1501{
0f8983cf 1502 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1503
0f8983cf 1504 *secid = skp->smk_secid;
d20bdda6
AD		 1505}
1506
e114e473
CS		 1507/*
1508 * File Hooks
1509 */
1510
491a0b08
CS		 1511/*
1512 * There is no smack_file_permission hook
e114e473
CS		 1513 *
1514 * Should access checks be done on each read or write?
1515 * UNICOS and SELinux say yes.
1516 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1517 *
1518 * I'll say no for now. Smack does not do the frequent
1519 * label changing that SELinux does.
1520 */
e114e473
CS		 1521
1522/**
1523 * smack_file_alloc_security - assign a file security blob
1524 * @file: the object
1525 *
1526 * The security blob for a file is a pointer to the master
1527 * label list, so no allocation is done.
1528 *
5e7270a6
CS		 1529 * f_security is the owner security information. It
1530 * isn't used on file access checks, it's for send_sigio.
1531 *
e114e473
CS		 1532 * Returns 0
1533 */
1534static int smack_file_alloc_security(struct file *file)
1535{
f28952ac 1536 struct smack_known **blob = smack_file(file);
2f823ff8 1537
f28952ac 1538 *blob = smk_of_current();
e114e473
CS		 1539 return 0;
1540}
1541
e114e473
CS		 1542/**
1543 * smack_file_ioctl - Smack check on ioctls
1544 * @file: the object
1545 * @cmd: what to do
1546 * @arg: unused
1547 *
1548 * Relies heavily on the correct use of the ioctl command conventions.
1549 *
1550 * Returns 0 if allowed, error code otherwise
1551 */
1552static int smack_file_ioctl(struct file *file, unsigned int cmd,
1553 unsigned long arg)
1554{
1555 int rc = 0;
ecfcc53f 1556 struct smk_audit_info ad;
5e7270a6 1557 struct inode *inode = file_inode(file);
ecfcc53f 1558
83a1e53f
SWK		 1559 if (unlikely(IS_PRIVATE(inode)))
1560 return 0;
1561
f48b7399 1562 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1563 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1564
d166c802 1565 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1566 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1567 rc = smk_bu_file(file, MAY_WRITE, rc);
1568 }
e114e473 1569
d166c802 1570 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1571 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1572 rc = smk_bu_file(file, MAY_READ, rc);
1573 }
e114e473
CS		 1574
1575 return rc;
1576}
1577
1578/**
1579 * smack_file_lock - Smack check on file locking
1580 * @file: the object
251a2a95 1581 * @cmd: unused
e114e473 1582 *
c0ab6e56 1583 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1584 */
1585static int smack_file_lock(struct file *file, unsigned int cmd)
1586{
ecfcc53f 1587 struct smk_audit_info ad;
d166c802 1588 int rc;
5e7270a6 1589 struct inode *inode = file_inode(file);
ecfcc53f 1590
83a1e53f
SWK		 1591 if (unlikely(IS_PRIVATE(inode)))
1592 return 0;
1593
92f42509
EP		 1594 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1595 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1596 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1597 rc = smk_bu_file(file, MAY_LOCK, rc);
1598 return rc;
e114e473
CS		 1599}
1600
1601/**
1602 * smack_file_fcntl - Smack check on fcntl
1603 * @file: the object
1604 * @cmd: what action to check
1605 * @arg: unused
1606 *
531f1d45
CS		 1607 * Generally these operations are harmless.
1608 * File locking operations present an obvious mechanism
1609 * for passing information, so they require write access.
1610 *
e114e473
CS		 1611 * Returns 0 if current has access, error code otherwise
1612 */
1613static int smack_file_fcntl(struct file *file, unsigned int cmd,
1614 unsigned long arg)
1615{
ecfcc53f 1616 struct smk_audit_info ad;
531f1d45 1617 int rc = 0;
5e7270a6 1618 struct inode *inode = file_inode(file);
ecfcc53f 1619
83a1e53f
SWK		 1620 if (unlikely(IS_PRIVATE(inode)))
1621 return 0;
1622
e114e473 1623 switch (cmd) {
e114e473 1624 case F_GETLK:
c0ab6e56 1625 break;
e114e473
CS		 1626 case F_SETLK:
1627 case F_SETLKW:
c0ab6e56
CS		 1628 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1629 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1630 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1631 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1632 break;
e114e473
CS		 1633 case F_SETOWN:
1634 case F_SETSIG:
531f1d45
CS		 1635 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1636 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1637 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1638 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1639 break;
1640 default:
531f1d45 1641 break;
e114e473
CS		 1642 }
1643
1644 return rc;
1645}
1646
7898e1f8 1647/**
e5467859 1648 * smack_mmap_file :
7898e1f8
CS		 1649 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1650 * if mapping anonymous memory.
1651 * @file contains the file structure for file to map (may be NULL).
1652 * @reqprot contains the protection requested by the application.
1653 * @prot contains the protection that will be applied by the kernel.
1654 * @flags contains the operational flags.
1655 * Return 0 if permission is granted.
1656 */
e5467859 1657static int smack_mmap_file(struct file *file,
7898e1f8 1658 unsigned long reqprot, unsigned long prot,
e5467859 1659 unsigned long flags)
7898e1f8 1660{
272cd7a8 1661 struct smack_known *skp;
2f823ff8 1662 struct smack_known *mkp;
7898e1f8
CS		 1663 struct smack_rule *srp;
1664 struct task_smack *tsp;
21c7eae2 1665 struct smack_known *okp;
7898e1f8 1666 struct inode_smack *isp;
809c02e0 1667 struct superblock_smack *sbsp;
0e0a070d
CS		 1668 int may;
1669 int mmay;
1670 int tmay;
7898e1f8
CS		 1671 int rc;
1672
496ad9aa 1673 if (file == NULL)
7898e1f8
CS		 1674 return 0;
1675
83a1e53f
SWK		 1676 if (unlikely(IS_PRIVATE(file_inode(file))))
1677 return 0;
1678
fb4021b6 1679 isp = smack_inode(file_inode(file));
7898e1f8
CS		 1680 if (isp->smk_mmap == NULL)
1681 return 0;
809c02e0
SF		 1682 sbsp = file_inode(file)->i_sb->s_security;
1683 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1684 isp->smk_mmap != sbsp->smk_root)
1685 return -EACCES;
2f823ff8 1686 mkp = isp->smk_mmap;
7898e1f8 1687
b17103a8 1688 tsp = smack_cred(current_cred());
2f823ff8 1689 skp = smk_of_current();
7898e1f8
CS		 1690 rc = 0;
1691
1692 rcu_read_lock();
1693 /*
1694 * For each Smack rule associated with the subject
1695 * label verify that the SMACK64MMAP also has access
1696 * to that rule's object label.
7898e1f8 1697 */
272cd7a8 1698 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1699 okp = srp->smk_object;
7898e1f8
CS		 1700 /*
1701 * Matching labels always allows access.
1702 */
21c7eae2 1703 if (mkp->smk_known == okp->smk_known)
7898e1f8 1704 continue;
0e0a070d
CS		 1705 /*
1706 * If there is a matching local rule take
1707 * that into account as well.
1708 */
21c7eae2
LP		 1709 may = smk_access_entry(srp->smk_subject->smk_known,
1710 okp->smk_known,
1711 &tsp->smk_rules);
0e0a070d
CS		 1712 if (may == -ENOENT)
1713 may = srp->smk_access;
1714 else
1715 may &= srp->smk_access;
1716 /*
1717 * If may is zero the SMACK64MMAP subject can't
1718 * possibly have less access.
1719 */
1720 if (may == 0)
1721 continue;
1722
1723 /*
1724 * Fetch the global list entry.
1725 * If there isn't one a SMACK64MMAP subject
1726 * can't have as much access as current.
1727 */
21c7eae2
LP		 1728 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1729 &mkp->smk_rules);
0e0a070d
CS		 1730 if (mmay == -ENOENT) {
1731 rc = -EACCES;
1732 break;
1733 }
1734 /*
1735 * If there is a local entry it modifies the
1736 * potential access, too.
1737 */
21c7eae2
LP		 1738 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1739 &tsp->smk_rules);
0e0a070d
CS		 1740 if (tmay != -ENOENT)
1741 mmay &= tmay;
7898e1f8 1742
0e0a070d
CS		 1743 /*
1744 * If there is any access available to current that is
1745 * not available to a SMACK64MMAP subject
1746 * deny access.
1747 */
75a25637 1748 if ((may | mmay) != mmay) {
0e0a070d 1749 rc = -EACCES;
7898e1f8 1750 break;
0e0a070d 1751 }
7898e1f8
CS		 1752 }
1753
1754 rcu_read_unlock();
1755
1756 return rc;
1757}
1758
e114e473
CS		 1759/**
1760 * smack_file_set_fowner - set the file security blob value
1761 * @file: object in question
1762 *
e114e473 1763 */
e0b93edd 1764static void smack_file_set_fowner(struct file *file)
e114e473 1765{
f28952ac
CS		 1766 struct smack_known **blob = smack_file(file);
1767
1768 *blob = smk_of_current();
e114e473
CS		 1769}
1770
1771/**
1772 * smack_file_send_sigiotask - Smack on sigio
1773 * @tsk: The target task
1774 * @fown: the object the signal come from
1775 * @signum: unused
1776 *
1777 * Allow a privileged task to get signals even if it shouldn't
1778 *
1779 * Returns 0 if a subject with the object's smack could
1780 * write to the task, an error code otherwise.
1781 */
1782static int smack_file_send_sigiotask(struct task_struct *tsk,
1783 struct fown_struct *fown, int signum)
1784{
f28952ac 1785 struct smack_known **blob;
2f823ff8 1786 struct smack_known *skp;
b17103a8 1787 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
dcb569cf 1788 const struct cred *tcred;
e114e473
CS		 1789 struct file *file;
1790 int rc;
ecfcc53f 1791 struct smk_audit_info ad;
e114e473
CS		 1792
1793 /*
1794 * struct fown_struct is never outside the context of a struct file
1795 */
1796 file = container_of(fown, struct file, f_owner);
7898e1f8 1797
ecfcc53f 1798 /* we don't log here as rc can be overriden */
f28952ac
CS		 1799 blob = smack_file(file);
1800 skp = *blob;
c60b9066
CS		 1801 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1802 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1803
1804 rcu_read_lock();
1805 tcred = __task_cred(tsk);
1806 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1807 rc = 0;
dcb569cf 1808 rcu_read_unlock();
ecfcc53f
EB		 1809
1810 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1811 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1812 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1813 return rc;
1814}
1815
1816/**
1817 * smack_file_receive - Smack file receive check
1818 * @file: the object
1819 *
1820 * Returns 0 if current has access, error code otherwise
1821 */
1822static int smack_file_receive(struct file *file)
1823{
d166c802 1824 int rc;
e114e473 1825 int may = 0;
ecfcc53f 1826 struct smk_audit_info ad;
5e7270a6 1827 struct inode *inode = file_inode(file);
79be0935
CS		 1828 struct socket *sock;
1829 struct task_smack *tsp;
1830 struct socket_smack *ssp;
e114e473 1831
9777582e
SWK		 1832 if (unlikely(IS_PRIVATE(inode)))
1833 return 0;
1834
4482a44f 1835 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1836 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1837
51d59af2 1838 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935
CS		 1839 sock = SOCKET_I(inode);
1840 ssp = sock->sk->sk_security;
b17103a8 1841 tsp = smack_cred(current_cred());
79be0935
CS		 1842 /*
1843 * If the receiving process can't write to the
1844 * passed socket or if the passed socket can't
1845 * write to the receiving process don't accept
1846 * the passed socket.
1847 */
1848 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1849 rc = smk_bu_file(file, may, rc);
1850 if (rc < 0)
1851 return rc;
1852 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1853 rc = smk_bu_file(file, may, rc);
1854 return rc;
1855 }
e114e473
CS		 1856 /*
1857 * This code relies on bitmasks.
1858 */
1859 if (file->f_mode & FMODE_READ)
1860 may = MAY_READ;
1861 if (file->f_mode & FMODE_WRITE)
1862 may |= MAY_WRITE;
1863
5e7270a6 1864 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1865 rc = smk_bu_file(file, may, rc);
1866 return rc;
e114e473
CS		 1867}
1868
531f1d45 1869/**
83d49856 1870 * smack_file_open - Smack dentry open processing
531f1d45 1871 * @file: the object
531f1d45
CS		 1872 *
1873 * Set the security blob in the file structure.
a6834c0b
CS		 1874 * Allow the open only if the task has read access. There are
1875 * many read operations (e.g. fstat) that you can do with an
1876 * fd even if you have the file open write-only.
531f1d45 1877 *
a1a07f22 1878 * Returns 0 if current has access, error code otherwise
531f1d45 1879 */
94817692 1880static int smack_file_open(struct file *file)
531f1d45 1881{
b17103a8 1882 struct task_smack *tsp = smack_cred(file->f_cred);
5e7270a6 1883 struct inode *inode = file_inode(file);
a6834c0b
CS		 1884 struct smk_audit_info ad;
1885 int rc;
531f1d45 1886
a6834c0b
CS		 1887 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1888 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1889 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 1890 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 1891
1892 return rc;
531f1d45
CS		 1893}
1894
e114e473
CS		 1895/*
1896 * Task hooks
1897 */
1898
ee18d64c
DH		 1899/**
1900 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
a1a07f22 1901 * @cred: the new credentials
ee18d64c
DH		 1902 * @gfp: the atomicity of any memory allocations
1903 *
1904 * Prepare a blank set of credentials for modification. This must allocate all
1905 * the memory the LSM module might require such that cred_transfer() can
1906 * complete without error.
1907 */
1908static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1909{
bbd3662a 1910 init_task_smack(smack_cred(cred), NULL, NULL);
ee18d64c
DH		 1911 return 0;
1912}
1913
1914
e114e473 1915/**
f1752eec
DH		 1916 * smack_cred_free - "free" task-level security credentials
1917 * @cred: the credentials in question
e114e473 1918 *
e114e473 1919 */
f1752eec 1920static void smack_cred_free(struct cred *cred)
e114e473 1921{
b17103a8 1922 struct task_smack *tsp = smack_cred(cred);
7898e1f8
CS		 1923 struct smack_rule *rp;
1924 struct list_head *l;
1925 struct list_head *n;
1926
38416e53
ZJ		 1927 smk_destroy_label_list(&tsp->smk_relabel);
1928
7898e1f8
CS		 1929 list_for_each_safe(l, n, &tsp->smk_rules) {
1930 rp = list_entry(l, struct smack_rule, list);
1931 list_del(&rp->list);
4e328b08 1932 kmem_cache_free(smack_rule_cache, rp);
7898e1f8 1933 }
e114e473
CS		 1934}
1935
d84f4f99
DH		 1936/**
1937 * smack_cred_prepare - prepare new set of credentials for modification
1938 * @new: the new credentials
1939 * @old: the original credentials
1940 * @gfp: the atomicity of any memory allocations
1941 *
1942 * Prepare a new set of credentials for modification.
1943 */
1944static int smack_cred_prepare(struct cred *new, const struct cred *old,
1945 gfp_t gfp)
1946{
b17103a8 1947 struct task_smack *old_tsp = smack_cred(old);
bbd3662a 1948 struct task_smack *new_tsp = smack_cred(new);
7898e1f8 1949 int rc;
676dac4b 1950
bbd3662a 1951 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
b437aba8 1952
7898e1f8
CS		 1953 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1954 if (rc != 0)
1955 return rc;
1956
38416e53
ZJ		 1957 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1958 gfp);
bbd3662a 1959 return rc;
d84f4f99
DH		 1960}
1961
ee18d64c
DH		 1962/**
1963 * smack_cred_transfer - Transfer the old credentials to the new credentials
1964 * @new: the new credentials
1965 * @old: the original credentials
1966 *
1967 * Fill in a set of blank credentials from another set of credentials.
1968 */
1969static void smack_cred_transfer(struct cred *new, const struct cred *old)
1970{
b17103a8
CS		 1971 struct task_smack *old_tsp = smack_cred(old);
1972 struct task_smack *new_tsp = smack_cred(new);
676dac4b
CS		 1973
1974 new_tsp->smk_task = old_tsp->smk_task;
1975 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1976 mutex_init(&new_tsp->smk_rules_lock);
1977 INIT_LIST_HEAD(&new_tsp->smk_rules);
1978
7898e1f8 1979 /* cbs copy rule list */
ee18d64c
DH		 1980}
1981
3ec30113
MG		 1982/**
1983 * smack_cred_getsecid - get the secid corresponding to a creds structure
a1a07f22 1984 * @cred: the object creds
3ec30113
MG		 1985 * @secid: where to put the result
1986 *
1987 * Sets the secid to contain a u32 version of the smack label.
1988 */
b17103a8 1989static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
3ec30113
MG		 1990{
1991 struct smack_known *skp;
1992
1993 rcu_read_lock();
b17103a8 1994 skp = smk_of_task(smack_cred(cred));
3ec30113
MG		 1995 *secid = skp->smk_secid;
1996 rcu_read_unlock();
1997}
1998
3a3b7ce9
DH		 1999/**
2000 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2001 * @new: points to the set of credentials to be modified.
2002 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2003 *
2004 * Set the security data for a kernel service.
2005 */
2006static int smack_kernel_act_as(struct cred *new, u32 secid)
2007{
b17103a8 2008 struct task_smack *new_tsp = smack_cred(new);
3a3b7ce9 2009
152f91d4 2010 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2011 return 0;
2012}
2013
2014/**
2015 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2016 * @new: points to the set of credentials to be modified
2017 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2018 *
2019 * Set the file creation context in a set of credentials to the same
2020 * as the objective context of the specified inode
2021 */
2022static int smack_kernel_create_files_as(struct cred *new,
2023 struct inode *inode)
2024{
fb4021b6 2025 struct inode_smack *isp = smack_inode(inode);
b17103a8 2026 struct task_smack *tsp = smack_cred(new);
3a3b7ce9 2027
21c7eae2 2028 tsp->smk_forked = isp->smk_inode;
2f823ff8 2029 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2030 return 0;
2031}
2032
ecfcc53f
EB		 2033/**
2034 * smk_curacc_on_task - helper to log task related access
2035 * @p: the task object
531f1d45
CS		 2036 * @access: the access requested
2037 * @caller: name of the calling function for audit
ecfcc53f
EB		 2038 *
2039 * Return 0 if access is permitted
2040 */
531f1d45
CS		 2041static int smk_curacc_on_task(struct task_struct *p, int access,
2042 const char *caller)
ecfcc53f
EB		 2043{
2044 struct smk_audit_info ad;
6d1cff2a 2045 struct smack_known *skp = smk_of_task_struct(p);
d166c802 2046 int rc;
ecfcc53f 2047
531f1d45 2048 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2049 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2050 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2051 rc = smk_bu_task(p, access, rc);
2052 return rc;
ecfcc53f
EB		 2053}
2054
e114e473
CS		 2055/**
2056 * smack_task_setpgid - Smack check on setting pgid
2057 * @p: the task object
2058 * @pgid: unused
2059 *
2060 * Return 0 if write access is permitted
2061 */
2062static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2063{
531f1d45 2064 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2065}
2066
2067/**
2068 * smack_task_getpgid - Smack access check for getpgid
2069 * @p: the object task
2070 *
2071 * Returns 0 if current can read the object task, error code otherwise
2072 */
2073static int smack_task_getpgid(struct task_struct *p)
2074{
531f1d45 2075 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2076}
2077
2078/**
2079 * smack_task_getsid - Smack access check for getsid
2080 * @p: the object task
2081 *
2082 * Returns 0 if current can read the object task, error code otherwise
2083 */
2084static int smack_task_getsid(struct task_struct *p)
2085{
531f1d45 2086 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2087}
2088
2089/**
2090 * smack_task_getsecid - get the secid of the task
2091 * @p: the object task
2092 * @secid: where to put the result
2093 *
2094 * Sets the secid to contain a u32 version of the smack label.
2095 */
2096static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2097{
6d1cff2a 2098 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 2099
2100 *secid = skp->smk_secid;
e114e473
CS		 2101}
2102
2103/**
2104 * smack_task_setnice - Smack check on setting nice
2105 * @p: the task object
2106 * @nice: unused
2107 *
2108 * Return 0 if write access is permitted
2109 */
2110static int smack_task_setnice(struct task_struct *p, int nice)
2111{
b1d9e6b0 2112 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2113}
2114
2115/**
2116 * smack_task_setioprio - Smack check on setting ioprio
2117 * @p: the task object
2118 * @ioprio: unused
2119 *
2120 * Return 0 if write access is permitted
2121 */
2122static int smack_task_setioprio(struct task_struct *p, int ioprio)
2123{
b1d9e6b0 2124 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2125}
2126
2127/**
2128 * smack_task_getioprio - Smack check on reading ioprio
2129 * @p: the task object
2130 *
2131 * Return 0 if read access is permitted
2132 */
2133static int smack_task_getioprio(struct task_struct *p)
2134{
531f1d45 2135 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2136}
2137
2138/**
2139 * smack_task_setscheduler - Smack check on setting scheduler
2140 * @p: the task object
e114e473
CS		 2141 *
2142 * Return 0 if read access is permitted
2143 */
b0ae1981 2144static int smack_task_setscheduler(struct task_struct *p)
e114e473 2145{
b1d9e6b0 2146 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2147}
2148
2149/**
2150 * smack_task_getscheduler - Smack check on reading scheduler
2151 * @p: the task object
2152 *
2153 * Return 0 if read access is permitted
2154 */
2155static int smack_task_getscheduler(struct task_struct *p)
2156{
531f1d45 2157 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2158}
2159
2160/**
2161 * smack_task_movememory - Smack check on moving memory
2162 * @p: the task object
2163 *
2164 * Return 0 if write access is permitted
2165 */
2166static int smack_task_movememory(struct task_struct *p)
2167{
531f1d45 2168 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2169}
2170
2171/**
2172 * smack_task_kill - Smack check on signal delivery
2173 * @p: the task object
2174 * @info: unused
2175 * @sig: unused
6b4f3d01 2176 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2177 *
2178 * Return 0 if write access is permitted
2179 *
e114e473 2180 */
ae7795bc 2181static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2182 int sig, const struct cred *cred)
e114e473 2183{
ecfcc53f 2184 struct smk_audit_info ad;
2f823ff8 2185 struct smack_known *skp;
6d1cff2a 2186 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 2187 int rc;
ecfcc53f 2188
18d872f7
RK		 2189 if (!sig)
2190 return 0; /* null signal; existence test */
2191
ecfcc53f
EB		 2192 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2193 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2194 /*
2195 * Sending a signal requires that the sender
2196 * can write the receiver.
2197 */
6b4f3d01 2198 if (cred == NULL) {
c60b9066
CS		 2199 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2200 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2201 return rc;
2202 }
e114e473 2203 /*
6b4f3d01 2204 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2205 * specific behavior. This is not clean. For one thing
2206 * we can't take privilege into account.
2207 */
b17103a8 2208 skp = smk_of_task(smack_cred(cred));
c60b9066
CS		 2209 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2210 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2211 return rc;
e114e473
CS		 2212}
2213
e114e473
CS		 2214/**
2215 * smack_task_to_inode - copy task smack into the inode blob
2216 * @p: task to copy from
251a2a95 2217 * @inode: inode to copy to
e114e473
CS		 2218 *
2219 * Sets the smack pointer in the inode security blob
2220 */
2221static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2222{
fb4021b6 2223 struct inode_smack *isp = smack_inode(inode);
6d1cff2a 2224 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2225
21c7eae2 2226 isp->smk_inode = skp;
7b4e8843 2227 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2228}
2229
2230/*
2231 * Socket hooks.
2232 */
2233
2234/**
2235 * smack_sk_alloc_security - Allocate a socket blob
2236 * @sk: the socket
2237 * @family: unused
251a2a95 2238 * @gfp_flags: memory allocation flags
e114e473
CS		 2239 *
2240 * Assign Smack pointers to current
2241 *
2242 * Returns 0 on success, -ENOMEM is there's no memory
2243 */
2244static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2245{
2f823ff8 2246 struct smack_known *skp = smk_of_current();
e114e473
CS		 2247 struct socket_smack *ssp;
2248
2249 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2250 if (ssp == NULL)
2251 return -ENOMEM;
2252
08382c9f 2253 /*
2254 * Sockets created by kernel threads receive web label.
2255 */
2256 if (unlikely(current->flags & PF_KTHREAD)) {
2257 ssp->smk_in = &smack_known_web;
2258 ssp->smk_out = &smack_known_web;
2259 } else {
2260 ssp->smk_in = skp;
2261 ssp->smk_out = skp;
2262 }
272cd7a8 2263 ssp->smk_packet = NULL;
e114e473
CS		 2264
2265 sk->sk_security = ssp;
2266
2267 return 0;
2268}
2269
2270/**
2271 * smack_sk_free_security - Free a socket blob
2272 * @sk: the socket
2273 *
2274 * Clears the blob pointer
2275 */
2276static void smack_sk_free_security(struct sock *sk)
2277{
0c96d1f5
VG		 2278#ifdef SMACK_IPV6_PORT_LABELING
2279 struct smk_port_label *spp;
2280
2281 if (sk->sk_family == PF_INET6) {
2282 rcu_read_lock();
2283 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2284 if (spp->smk_sock != sk)
2285 continue;
2286 spp->smk_can_reuse = 1;
2287 break;
2288 }
2289 rcu_read_unlock();
2290 }
2291#endif
e114e473
CS		 2292 kfree(sk->sk_security);
2293}
2294
07feee8f 2295/**
21abb1ec 2296* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2297* @sip: the object end
2298*
2299* looks for host based access restrictions
2300*
2301* This version will only be appropriate for really small sets of single label
2302* hosts. The caller is responsible for ensuring that the RCU read lock is
2303* taken before calling this function.
2304*
2305* Returns the label of the far end or NULL if it's not special.
2306*/
21abb1ec 2307static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2308{
21abb1ec 2309 struct smk_net4addr *snp;
07feee8f
PM		 2310 struct in_addr *siap = &sip->sin_addr;
2311
2312 if (siap->s_addr == 0)
2313 return NULL;
2314
21abb1ec
CS		 2315 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2316 /*
2317 * we break after finding the first match because
2318 * the list is sorted from longest to shortest mask
2319 * so we have found the most specific match
2320 */
2321 if (snp->smk_host.s_addr ==
2322 (siap->s_addr & snp->smk_mask.s_addr))
2323 return snp->smk_label;
2324
2325 return NULL;
2326}
2327
2328#if IS_ENABLED(CONFIG_IPV6)
2329/*
2330 * smk_ipv6_localhost - Check for local ipv6 host address
2331 * @sip: the address
2332 *
2333 * Returns boolean true if this is the localhost address
2334 */
2335static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2336{
2337 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2338 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2339
2340 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2341 ntohs(be16p[7]) == 1)
2342 return true;
2343 return false;
2344}
2345
2346/**
2347* smack_ipv6host_label - check host based restrictions
2348* @sip: the object end
2349*
2350* looks for host based access restrictions
2351*
2352* This version will only be appropriate for really small sets of single label
2353* hosts. The caller is responsible for ensuring that the RCU read lock is
2354* taken before calling this function.
2355*
2356* Returns the label of the far end or NULL if it's not special.
2357*/
2358static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2359{
2360 struct smk_net6addr *snp;
2361 struct in6_addr *sap = &sip->sin6_addr;
2362 int i;
2363 int found = 0;
2364
2365 /*
2366 * It's local. Don't look for a host label.
2367 */
2368 if (smk_ipv6_localhost(sip))
2369 return NULL;
2370
2371 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2372 /*
2373 * If the label is NULL the entry has
2374 * been renounced. Ignore it.
2375 */
2376 if (snp->smk_label == NULL)
2377 continue;
07feee8f
PM		 2378 /*
2379 * we break after finding the first match because
2380 * the list is sorted from longest to shortest mask
2381 * so we have found the most specific match
2382 */
21abb1ec 2383 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2384 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2385 snp->smk_host.s6_addr16[i]) {
2386 found = 0;
2387 break;
2388 }
4303154e 2389 }
21abb1ec
CS		 2390 if (found)
2391 return snp->smk_label;
2392 }
07feee8f
PM		 2393
2394 return NULL;
2395}
21abb1ec 2396#endif /* CONFIG_IPV6 */
07feee8f 2397
e114e473
CS		 2398/**
2399 * smack_netlabel - Set the secattr on a socket
2400 * @sk: the socket
6d3dc07c 2401 * @labeled: socket label scheme
e114e473
CS		 2402 *
2403 * Convert the outbound smack value (smk_out) to a
2404 * secattr and attach it to the socket.
2405 *
2406 * Returns 0 on success or an error code
2407 */
6d3dc07c 2408static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2409{
f7112e6c 2410 struct smack_known *skp;
07feee8f 2411 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2412 int rc = 0;
e114e473 2413
6d3dc07c
CS		 2414 /*
2415 * Usually the netlabel code will handle changing the
2416 * packet labeling based on the label.
2417 * The case of a single label host is different, because
2418 * a single label host should never get a labeled packet
2419 * even though the label is usually associated with a packet
2420 * label.
2421 */
2422 local_bh_disable();
2423 bh_lock_sock_nested(sk);
2424
2425 if (ssp->smk_out == smack_net_ambient ||
2426 labeled == SMACK_UNLABELED_SOCKET)
2427 netlbl_sock_delattr(sk);
2428 else {
2f823ff8 2429 skp = ssp->smk_out;
f7112e6c 2430 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2431 }
2432
2433 bh_unlock_sock(sk);
2434 local_bh_enable();
4bc87e62 2435
e114e473
CS		 2436 return rc;
2437}
2438
07feee8f
PM		 2439/**
2440 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2441 * @sk: the socket
2442 * @sap: the destination address
2443 *
2444 * Set the correct secattr for the given socket based on the destination
2445 * address and perform any outbound access checks needed.
2446 *
2447 * Returns 0 on success or an error code.
2448 *
2449 */
2450static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2451{
2f823ff8 2452 struct smack_known *skp;
07feee8f
PM		 2453 int rc;
2454 int sk_lbl;
21c7eae2 2455 struct smack_known *hkp;
07feee8f 2456 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2457 struct smk_audit_info ad;
07feee8f
PM		 2458
2459 rcu_read_lock();
21abb1ec 2460 hkp = smack_ipv4host_label(sap);
21c7eae2 2461 if (hkp != NULL) {
ecfcc53f 2462#ifdef CONFIG_AUDIT
923e9a13
KC		 2463 struct lsm_network_audit net;
2464
48c62af6
EP		 2465 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2466 ad.a.u.net->family = sap->sin_family;
2467 ad.a.u.net->dport = sap->sin_port;
2468 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2469#endif
923e9a13 2470 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2471 skp = ssp->smk_out;
21c7eae2
LP		 2472 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2473 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2474 } else {
2475 sk_lbl = SMACK_CIPSO_SOCKET;
2476 rc = 0;
2477 }
2478 rcu_read_unlock();
2479 if (rc != 0)
2480 return rc;
2481
2482 return smack_netlabel(sk, sk_lbl);
2483}
2484
21abb1ec
CS		 2485#if IS_ENABLED(CONFIG_IPV6)
2486/**
2487 * smk_ipv6_check - check Smack access
2488 * @subject: subject Smack label
2489 * @object: object Smack label
2490 * @address: address
2491 * @act: the action being taken
2492 *
2493 * Check an IPv6 access
2494 */
2495static int smk_ipv6_check(struct smack_known *subject,
2496 struct smack_known *object,
2497 struct sockaddr_in6 *address, int act)
2498{
2499#ifdef CONFIG_AUDIT
2500 struct lsm_network_audit net;
2501#endif
2502 struct smk_audit_info ad;
2503 int rc;
2504
2505#ifdef CONFIG_AUDIT
2506 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2507 ad.a.u.net->family = PF_INET6;
2508 ad.a.u.net->dport = ntohs(address->sin6_port);
2509 if (act == SMK_RECEIVING)
2510 ad.a.u.net->v6info.saddr = address->sin6_addr;
2511 else
2512 ad.a.u.net->v6info.daddr = address->sin6_addr;
2513#endif
2514 rc = smk_access(subject, object, MAY_WRITE, &ad);
2515 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2516 return rc;
2517}
2518#endif /* CONFIG_IPV6 */
2519
2520#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2521/**
2522 * smk_ipv6_port_label - Smack port access table management
2523 * @sock: socket
2524 * @address: address
2525 *
2526 * Create or update the port list entry
2527 */
2528static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2529{
2530 struct sock *sk = sock->sk;
2531 struct sockaddr_in6 *addr6;
2532 struct socket_smack *ssp = sock->sk->sk_security;
2533 struct smk_port_label *spp;
2534 unsigned short port = 0;
2535
2536 if (address == NULL) {
2537 /*
2538 * This operation is changing the Smack information
2539 * on the bound socket. Take the changes to the port
2540 * as well.
2541 */
3c7ce342
VG		 2542 rcu_read_lock();
2543 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2544 if (sk != spp->smk_sock)
2545 continue;
2546 spp->smk_in = ssp->smk_in;
2547 spp->smk_out = ssp->smk_out;
3c7ce342 2548 rcu_read_unlock();
c6739443
CS		 2549 return;
2550 }
2551 /*
2552 * A NULL address is only used for updating existing
2553 * bound entries. If there isn't one, it's OK.
2554 */
3c7ce342 2555 rcu_read_unlock();
c6739443
CS		 2556 return;
2557 }
2558
2559 addr6 = (struct sockaddr_in6 *)address;
2560 port = ntohs(addr6->sin6_port);
2561 /*
2562 * This is a special case that is safely ignored.
2563 */
2564 if (port == 0)
2565 return;
2566
2567 /*
2568 * Look for an existing port list entry.
2569 * This is an indication that a port is getting reused.
2570 */
3c7ce342
VG		 2571 rcu_read_lock();
2572 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2573 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2574 continue;
0c96d1f5
VG		 2575 if (spp->smk_can_reuse != 1) {
2576 rcu_read_unlock();
2577 return;
2578 }
c6739443
CS		 2579 spp->smk_port = port;
2580 spp->smk_sock = sk;
2581 spp->smk_in = ssp->smk_in;
2582 spp->smk_out = ssp->smk_out;
0c96d1f5 2583 spp->smk_can_reuse = 0;
3c7ce342 2584 rcu_read_unlock();
c6739443
CS		 2585 return;
2586 }
3c7ce342 2587 rcu_read_unlock();
c6739443
CS		 2588 /*
2589 * A new port entry is required.
2590 */
2591 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2592 if (spp == NULL)
2593 return;
2594
2595 spp->smk_port = port;
2596 spp->smk_sock = sk;
2597 spp->smk_in = ssp->smk_in;
2598 spp->smk_out = ssp->smk_out;
9d44c973 2599 spp->smk_sock_type = sock->type;
0c96d1f5 2600 spp->smk_can_reuse = 0;
c6739443 2601
3c7ce342
VG		 2602 mutex_lock(&smack_ipv6_lock);
2603 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2604 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2605 return;
2606}
2607
2608/**
2609 * smk_ipv6_port_check - check Smack port access
a1a07f22 2610 * @sk: socket
c6739443 2611 * @address: address
a1a07f22 2612 * @act: the action being taken
c6739443
CS		 2613 *
2614 * Create or update the port list entry
2615 */
6ea06247 2616static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2617 int act)
2618{
c6739443
CS		 2619 struct smk_port_label *spp;
2620 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2621 struct smack_known *skp = NULL;
2622 unsigned short port;
21c7eae2 2623 struct smack_known *object;
c6739443
CS		 2624
2625 if (act == SMK_RECEIVING) {
21abb1ec 2626 skp = smack_ipv6host_label(address);
21c7eae2 2627 object = ssp->smk_in;
c6739443 2628 } else {
2f823ff8 2629 skp = ssp->smk_out;
21abb1ec 2630 object = smack_ipv6host_label(address);
c6739443
CS		 2631 }
2632
2633 /*
21abb1ec 2634 * The other end is a single label host.
c6739443 2635 */
21abb1ec
CS		 2636 if (skp != NULL && object != NULL)
2637 return smk_ipv6_check(skp, object, address, act);
2638 if (skp == NULL)
2639 skp = smack_net_ambient;
2640 if (object == NULL)
2641 object = smack_net_ambient;
c6739443
CS		 2642
2643 /*
2644 * It's remote, so port lookup does no good.
2645 */
21abb1ec
CS		 2646 if (!smk_ipv6_localhost(address))
2647 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2648
2649 /*
2650 * It's local so the send check has to have passed.
2651 */
21abb1ec
CS		 2652 if (act == SMK_RECEIVING)
2653 return 0;
c6739443 2654
21abb1ec 2655 port = ntohs(address->sin6_port);
3c7ce342
VG		 2656 rcu_read_lock();
2657 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2658 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2659 continue;
21c7eae2 2660 object = spp->smk_in;
c6739443 2661 if (act == SMK_CONNECTING)
54e70ec5 2662 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2663 break;
2664 }
3c7ce342 2665 rcu_read_unlock();
c6739443 2666
21abb1ec 2667 return smk_ipv6_check(skp, object, address, act);
c6739443 2668}
21abb1ec 2669#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2670
e114e473
CS		 2671/**
2672 * smack_inode_setsecurity - set smack xattrs
2673 * @inode: the object
2674 * @name: attribute name
2675 * @value: attribute value
2676 * @size: size of the attribute
2677 * @flags: unused
2678 *
2679 * Sets the named attribute in the appropriate blob
2680 *
2681 * Returns 0 on success, or an error code
2682 */
2683static int smack_inode_setsecurity(struct inode *inode, const char *name,
2684 const void *value, size_t size, int flags)
2685{
2f823ff8 2686 struct smack_known *skp;
fb4021b6 2687 struct inode_smack *nsp = smack_inode(inode);
e114e473
CS		 2688 struct socket_smack *ssp;
2689 struct socket *sock;
4bc87e62 2690 int rc = 0;
e114e473 2691
f7112e6c 2692 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2693 return -EINVAL;
e114e473 2694
2f823ff8 2695 skp = smk_import_entry(value, size);
e774ad68
LP		 2696 if (IS_ERR(skp))
2697 return PTR_ERR(skp);
e114e473
CS		 2698
2699 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2700 nsp->smk_inode = skp;
ddd29ec6 2701 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2702 return 0;
2703 }
2704 /*
2705 * The rest of the Smack xattrs are only on sockets.
2706 */
2707 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2708 return -EOPNOTSUPP;
2709
2710 sock = SOCKET_I(inode);
2e1d146a 2711 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2712 return -EOPNOTSUPP;
2713
2714 ssp = sock->sk->sk_security;
2715
2716 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2717 ssp->smk_in = skp;
e114e473 2718 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2719 ssp->smk_out = skp;
c6739443 2720 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2721 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2722 if (rc != 0)
2723 printk(KERN_WARNING
2724 "Smack: \"%s\" netlbl error %d.\n",
2725 __func__, -rc);
2726 }
e114e473
CS		 2727 } else
2728 return -EOPNOTSUPP;
2729
21abb1ec 2730#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2731 if (sock->sk->sk_family == PF_INET6)
2732 smk_ipv6_port_label(sock, NULL);
21abb1ec 2733#endif
c6739443 2734
e114e473
CS		 2735 return 0;
2736}
2737
2738/**
2739 * smack_socket_post_create - finish socket setup
2740 * @sock: the socket
2741 * @family: protocol family
2742 * @type: unused
2743 * @protocol: unused
2744 * @kern: unused
2745 *
2746 * Sets the netlabel information on the socket
2747 *
2748 * Returns 0 on success, and error code otherwise
2749 */
2750static int smack_socket_post_create(struct socket *sock, int family,
2751 int type, int protocol, int kern)
2752{
7412301b
ML		 2753 struct socket_smack *ssp;
2754
2755 if (sock->sk == NULL)
2756 return 0;
2757
2758 /*
2759 * Sockets created by kernel threads receive web label.
2760 */
2761 if (unlikely(current->flags & PF_KTHREAD)) {
2762 ssp = sock->sk->sk_security;
2763 ssp->smk_in = &smack_known_web;
2764 ssp->smk_out = &smack_known_web;
2765 }
2766
2767 if (family != PF_INET)
e114e473
CS		 2768 return 0;
2769 /*
2770 * Set the outbound netlbl.
2771 */
6d3dc07c
CS		 2772 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2773}
2774
5859cdf5
TG		 2775/**
2776 * smack_socket_socketpair - create socket pair
2777 * @socka: one socket
2778 * @sockb: another socket
2779 *
2780 * Cross reference the peer labels for SO_PEERSEC
2781 *
a1a07f22 2782 * Returns 0
5859cdf5
TG		 2783 */
2784static int smack_socket_socketpair(struct socket *socka,
2785 struct socket *sockb)
2786{
2787 struct socket_smack *asp = socka->sk->sk_security;
2788 struct socket_smack *bsp = sockb->sk->sk_security;
2789
2790 asp->smk_packet = bsp->smk_out;
2791 bsp->smk_packet = asp->smk_out;
2792
2793 return 0;
2794}
2795
21abb1ec 2796#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2797/**
2798 * smack_socket_bind - record port binding information.
2799 * @sock: the socket
2800 * @address: the port address
2801 * @addrlen: size of the address
2802 *
2803 * Records the label bound to a port.
2804 *
b9ef5513 2805 * Returns 0 on success, and error code otherwise
c6739443
CS		 2806 */
2807static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2808 int addrlen)
2809{
b9ef5513
TH		 2810 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2811 if (addrlen < SIN6_LEN_RFC2133 ||
2812 address->sa_family != AF_INET6)
2813 return -EINVAL;
c6739443 2814 smk_ipv6_port_label(sock, address);
b9ef5513 2815 }
c6739443
CS		 2816 return 0;
2817}
21abb1ec 2818#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2819
6d3dc07c
CS		 2820/**
2821 * smack_socket_connect - connect access check
2822 * @sock: the socket
2823 * @sap: the other end
2824 * @addrlen: size of sap
2825 *
2826 * Verifies that a connection may be possible
2827 *
2828 * Returns 0 on success, and error code otherwise
2829 */
2830static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2831 int addrlen)
2832{
c6739443 2833 int rc = 0;
21abb1ec
CS		 2834#if IS_ENABLED(CONFIG_IPV6)
2835 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2836#endif
2837#ifdef SMACK_IPV6_SECMARK_LABELING
2838 struct smack_known *rsp;
da49b5da 2839 struct socket_smack *ssp;
21abb1ec 2840#endif
c6739443
CS		 2841
2842 if (sock->sk == NULL)
6d3dc07c 2843 return 0;
6d3dc07c 2844
da49b5da
VG		 2845#ifdef SMACK_IPV6_SECMARK_LABELING
2846 ssp = sock->sk->sk_security;
2847#endif
2848
c6739443
CS		 2849 switch (sock->sk->sk_family) {
2850 case PF_INET:
b9ef5513
TH		 2851 if (addrlen < sizeof(struct sockaddr_in) ||
2852 sap->sa_family != AF_INET)
c6739443
CS		 2853 return -EINVAL;
2854 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2855 break;
2856 case PF_INET6:
b9ef5513 2857 if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6)
c6739443 2858 return -EINVAL;
21abb1ec
CS		 2859#ifdef SMACK_IPV6_SECMARK_LABELING
2860 rsp = smack_ipv6host_label(sip);
2861 if (rsp != NULL)
2862 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
6ea06247 2863 SMK_CONNECTING);
21abb1ec
CS		 2864#endif
2865#ifdef SMACK_IPV6_PORT_LABELING
2866 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2867#endif
c6739443
CS		 2868 break;
2869 }
2870 return rc;
e114e473
CS		 2871}
2872
2873/**
2874 * smack_flags_to_may - convert S_ to MAY_ values
2875 * @flags: the S_ value
2876 *
2877 * Returns the equivalent MAY_ value
2878 */
2879static int smack_flags_to_may(int flags)
2880{
2881 int may = 0;
2882
2883 if (flags & S_IRUGO)
2884 may |= MAY_READ;
2885 if (flags & S_IWUGO)
2886 may |= MAY_WRITE;
2887 if (flags & S_IXUGO)
2888 may |= MAY_EXEC;
2889
2890 return may;
2891}
2892
2893/**
2894 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2895 * @msg: the object
2896 *
2897 * Returns 0
2898 */
2899static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2900{
ecd5f82e 2901 struct smack_known **blob = smack_msg_msg(msg);
2f823ff8 2902
ecd5f82e 2903 *blob = smk_of_current();
e114e473
CS		 2904 return 0;
2905}
2906
e114e473 2907/**
0d79cbf8
EB		 2908 * smack_of_ipc - the smack pointer for the ipc
2909 * @isp: the object
e114e473
CS		 2910 *
2911 * Returns a pointer to the smack value
2912 */
0d79cbf8 2913static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 2914{
019bcca4
CS		 2915 struct smack_known **blob = smack_ipc(isp);
2916
2917 return *blob;
e114e473
CS		 2918}
2919
2920/**
0d79cbf8
EB		 2921 * smack_ipc_alloc_security - Set the security blob for ipc
2922 * @isp: the object
e114e473
CS		 2923 *
2924 * Returns 0
2925 */
0d79cbf8 2926static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 2927{
019bcca4 2928 struct smack_known **blob = smack_ipc(isp);
e114e473 2929
019bcca4 2930 *blob = smk_of_current();
e114e473
CS		 2931 return 0;
2932}
2933
ecfcc53f
EB		 2934/**
2935 * smk_curacc_shm : check if current has access on shm
0d79cbf8 2936 * @isp : the object
ecfcc53f
EB		 2937 * @access : access requested
2938 *
2939 * Returns 0 if current has the requested access, error code otherwise
2940 */
0d79cbf8 2941static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 2942{
0d79cbf8 2943 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 2944 struct smk_audit_info ad;
d166c802 2945 int rc;
ecfcc53f
EB		 2946
2947#ifdef CONFIG_AUDIT
2948 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 2949 ad.a.u.ipc_id = isp->id;
ecfcc53f 2950#endif
d166c802
CS		 2951 rc = smk_curacc(ssp, access, &ad);
2952 rc = smk_bu_current("shm", ssp, access, rc);
2953 return rc;
ecfcc53f
EB		 2954}
2955
e114e473
CS		 2956/**
2957 * smack_shm_associate - Smack access check for shm
0d79cbf8 2958 * @isp: the object
e114e473
CS		 2959 * @shmflg: access requested
2960 *
2961 * Returns 0 if current has the requested access, error code otherwise
2962 */
0d79cbf8 2963static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 2964{
e114e473
CS		 2965 int may;
2966
2967 may = smack_flags_to_may(shmflg);
0d79cbf8 2968 return smk_curacc_shm(isp, may);
e114e473
CS		 2969}
2970
2971/**
2972 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 2973 * @isp: the object
e114e473
CS		 2974 * @cmd: what it wants to do
2975 *
2976 * Returns 0 if current has the requested access, error code otherwise
2977 */
0d79cbf8 2978static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 2979{
e114e473
CS		 2980 int may;
2981
2982 switch (cmd) {
2983 case IPC_STAT:
2984 case SHM_STAT:
c21a6970 2985 case SHM_STAT_ANY:
e114e473
CS		 2986 may = MAY_READ;
2987 break;
2988 case IPC_SET:
2989 case SHM_LOCK:
2990 case SHM_UNLOCK:
2991 case IPC_RMID:
2992 may = MAY_READWRITE;
2993 break;
2994 case IPC_INFO:
2995 case SHM_INFO:
2996 /*
2997 * System level information.
2998 */
2999 return 0;
3000 default:
3001 return -EINVAL;
3002 }
0d79cbf8 3003 return smk_curacc_shm(isp, may);
e114e473
CS		 3004}
3005
3006/**
3007 * smack_shm_shmat - Smack access for shmat
0d79cbf8 3008 * @isp: the object
e114e473
CS		 3009 * @shmaddr: unused
3010 * @shmflg: access requested
3011 *
3012 * Returns 0 if current has the requested access, error code otherwise
3013 */
a1a07f22 3014static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
e114e473
CS		 3015 int shmflg)
3016{
e114e473
CS		 3017 int may;
3018
3019 may = smack_flags_to_may(shmflg);
a1a07f22 3020 return smk_curacc_shm(isp, may);
e114e473
CS		 3021}
3022
ecfcc53f
EB		 3023/**
3024 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3025 * @isp : the object
ecfcc53f
EB		 3026 * @access : access requested
3027 *
3028 * Returns 0 if current has the requested access, error code otherwise
3029 */
0d79cbf8 3030static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3031{
0d79cbf8 3032 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3033 struct smk_audit_info ad;
d166c802 3034 int rc;
ecfcc53f
EB		 3035
3036#ifdef CONFIG_AUDIT
3037 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3038 ad.a.u.ipc_id = isp->id;
ecfcc53f 3039#endif
d166c802
CS		 3040 rc = smk_curacc(ssp, access, &ad);
3041 rc = smk_bu_current("sem", ssp, access, rc);
3042 return rc;
ecfcc53f
EB		 3043}
3044
e114e473
CS		 3045/**
3046 * smack_sem_associate - Smack access check for sem
0d79cbf8 3047 * @isp: the object
e114e473
CS		 3048 * @semflg: access requested
3049 *
3050 * Returns 0 if current has the requested access, error code otherwise
3051 */
0d79cbf8 3052static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3053{
e114e473
CS		 3054 int may;
3055
3056 may = smack_flags_to_may(semflg);
0d79cbf8 3057 return smk_curacc_sem(isp, may);
e114e473
CS		 3058}
3059
3060/**
3061 * smack_sem_shmctl - Smack access check for sem
0d79cbf8 3062 * @isp: the object
e114e473
CS		 3063 * @cmd: what it wants to do
3064 *
3065 * Returns 0 if current has the requested access, error code otherwise
3066 */
0d79cbf8 3067static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3068{
e114e473
CS		 3069 int may;
3070
3071 switch (cmd) {
3072 case GETPID:
3073 case GETNCNT:
3074 case GETZCNT:
3075 case GETVAL:
3076 case GETALL:
3077 case IPC_STAT:
3078 case SEM_STAT:
a280d6dc 3079 case SEM_STAT_ANY:
e114e473
CS		 3080 may = MAY_READ;
3081 break;
3082 case SETVAL:
3083 case SETALL:
3084 case IPC_RMID:
3085 case IPC_SET:
3086 may = MAY_READWRITE;
3087 break;
3088 case IPC_INFO:
3089 case SEM_INFO:
3090 /*
3091 * System level information
3092 */
3093 return 0;
3094 default:
3095 return -EINVAL;
3096 }
3097
0d79cbf8 3098 return smk_curacc_sem(isp, may);
e114e473
CS		 3099}
3100
3101/**
3102 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3103 * @isp: the object
e114e473
CS		 3104 * @sops: unused
3105 * @nsops: unused
3106 * @alter: unused
3107 *
3108 * Treated as read and write in all cases.
3109 *
3110 * Returns 0 if access is allowed, error code otherwise
3111 */
0d79cbf8 3112static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3113 unsigned nsops, int alter)
3114{
0d79cbf8 3115 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3116}
3117
ecfcc53f
EB		 3118/**
3119 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3120 * @isp : the msq
ecfcc53f
EB		 3121 * @access : access requested
3122 *
3123 * return 0 if current has access, error otherwise
3124 */
0d79cbf8 3125static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3126{
0d79cbf8 3127 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3128 struct smk_audit_info ad;
d166c802 3129 int rc;
ecfcc53f
EB		 3130
3131#ifdef CONFIG_AUDIT
3132 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3133 ad.a.u.ipc_id = isp->id;
ecfcc53f 3134#endif
d166c802
CS		 3135 rc = smk_curacc(msp, access, &ad);
3136 rc = smk_bu_current("msq", msp, access, rc);
3137 return rc;
ecfcc53f
EB		 3138}
3139
e114e473
CS		 3140/**
3141 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3142 * @isp: the object
e114e473
CS		 3143 * @msqflg: access requested
3144 *
3145 * Returns 0 if current has the requested access, error code otherwise
3146 */
0d79cbf8 3147static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3148{
e114e473
CS		 3149 int may;
3150
3151 may = smack_flags_to_may(msqflg);
0d79cbf8 3152 return smk_curacc_msq(isp, may);
e114e473
CS		 3153}
3154
3155/**
3156 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3157 * @isp: the object
e114e473
CS		 3158 * @cmd: what it wants to do
3159 *
3160 * Returns 0 if current has the requested access, error code otherwise
3161 */
0d79cbf8 3162static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3163{
e114e473
CS		 3164 int may;
3165
3166 switch (cmd) {
3167 case IPC_STAT:
3168 case MSG_STAT:
23c8cec8 3169 case MSG_STAT_ANY:
e114e473
CS		 3170 may = MAY_READ;
3171 break;
3172 case IPC_SET:
3173 case IPC_RMID:
3174 may = MAY_READWRITE;
3175 break;
3176 case IPC_INFO:
3177 case MSG_INFO:
3178 /*
3179 * System level information
3180 */
3181 return 0;
3182 default:
3183 return -EINVAL;
3184 }
3185
0d79cbf8 3186 return smk_curacc_msq(isp, may);
e114e473
CS		 3187}
3188
3189/**
3190 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3191 * @isp: the object
e114e473
CS		 3192 * @msg: unused
3193 * @msqflg: access requested
3194 *
3195 * Returns 0 if current has the requested access, error code otherwise
3196 */
0d79cbf8 3197static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3198 int msqflg)
3199{
ecfcc53f 3200 int may;
e114e473 3201
ecfcc53f 3202 may = smack_flags_to_may(msqflg);
0d79cbf8 3203 return smk_curacc_msq(isp, may);
e114e473
CS		 3204}
3205
3206/**
3207 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3208 * @isp: the object
e114e473
CS		 3209 * @msg: unused
3210 * @target: unused
3211 * @type: unused
3212 * @mode: unused
3213 *
3214 * Returns 0 if current has read and write access, error code otherwise
3215 */
0d79cbf8 3216static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3217 struct task_struct *target, long type, int mode)
3218{
0d79cbf8 3219 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3220}
3221
3222/**
3223 * smack_ipc_permission - Smack access for ipc_permission()
3224 * @ipp: the object permissions
3225 * @flag: access requested
3226 *
3227 * Returns 0 if current has read and write access, error code otherwise
3228 */
3229static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3230{
019bcca4
CS		 3231 struct smack_known **blob = smack_ipc(ipp);
3232 struct smack_known *iskp = *blob;
ecfcc53f
EB		 3233 int may = smack_flags_to_may(flag);
3234 struct smk_audit_info ad;
d166c802 3235 int rc;
e114e473 3236
ecfcc53f
EB		 3237#ifdef CONFIG_AUDIT
3238 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3239 ad.a.u.ipc_id = ipp->id;
3240#endif
21c7eae2
LP		 3241 rc = smk_curacc(iskp, may, &ad);
3242 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3243 return rc;
e114e473
CS		 3244}
3245
d20bdda6
AD		 3246/**
3247 * smack_ipc_getsecid - Extract smack security id
251a2a95 3248 * @ipp: the object permissions
d20bdda6
AD		 3249 * @secid: where result will be saved
3250 */
3251static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3252{
019bcca4
CS		 3253 struct smack_known **blob = smack_ipc(ipp);
3254 struct smack_known *iskp = *blob;
d20bdda6 3255
21c7eae2 3256 *secid = iskp->smk_secid;
d20bdda6
AD		 3257}
3258
e114e473
CS		 3259/**
3260 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3261 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3262 * @inode: the object
3263 *
3264 * Set the inode's security blob if it hasn't been done already.
3265 */
3266static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3267{
3268 struct super_block *sbp;
3269 struct superblock_smack *sbsp;
3270 struct inode_smack *isp;
2f823ff8
CS		 3271 struct smack_known *skp;
3272 struct smack_known *ckp = smk_of_current();
21c7eae2 3273 struct smack_known *final;
5c6d1125
JS		 3274 char trattr[TRANS_TRUE_SIZE];
3275 int transflag = 0;
2267b13a 3276 int rc;
e114e473
CS		 3277 struct dentry *dp;
3278
3279 if (inode == NULL)
3280 return;
3281
fb4021b6 3282 isp = smack_inode(inode);
e114e473
CS		 3283
3284 mutex_lock(&isp->smk_lock);
3285 /*
3286 * If the inode is already instantiated
3287 * take the quick way out
3288 */
3289 if (isp->smk_flags & SMK_INODE_INSTANT)
3290 goto unlockandout;
3291
3292 sbp = inode->i_sb;
3293 sbsp = sbp->s_security;
3294 /*
3295 * We're going to use the superblock default label
3296 * if there's no label on the file.
3297 */
3298 final = sbsp->smk_default;
3299
e97dcb0e
CS		 3300 /*
3301 * If this is the root inode the superblock
3302 * may be in the process of initialization.
3303 * If that is the case use the root value out
3304 * of the superblock.
3305 */
3306 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3307 switch (sbp->s_magic) {
3308 case CGROUP_SUPER_MAGIC:
58c442f3 3309 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3310 /*
3311 * The cgroup filesystem is never mounted,
3312 * so there's no opportunity to set the mount
3313 * options.
3314 */
21c7eae2
LP		 3315 sbsp->smk_root = &smack_known_star;
3316 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3317 isp->smk_inode = sbsp->smk_root;
3318 break;
3319 case TMPFS_MAGIC:
3320 /*
3321 * What about shmem/tmpfs anonymous files with dentry
3322 * obtained from d_alloc_pseudo()?
3323 */
3324 isp->smk_inode = smk_of_current();
3325 break;
8da4aba5
RK		 3326 case PIPEFS_MAGIC:
3327 isp->smk_inode = smk_of_current();
3328 break;
805b65a8
RK		 3329 case SOCKFS_MAGIC:
3330 /*
3331 * Socket access is controlled by the socket
3332 * structures associated with the task involved.
3333 */
3334 isp->smk_inode = &smack_known_star;
3335 break;
1d8c2326
ŁS		 3336 default:
3337 isp->smk_inode = sbsp->smk_root;
3338 break;
36ea735b 3339 }
e97dcb0e
CS		 3340 isp->smk_flags |= SMK_INODE_INSTANT;
3341 goto unlockandout;
3342 }
3343
e114e473
CS		 3344 /*
3345 * This is pretty hackish.
3346 * Casey says that we shouldn't have to do
3347 * file system specific code, but it does help
3348 * with keeping it simple.
3349 */
3350 switch (sbp->s_magic) {
3351 case SMACK_MAGIC:
36ea735b 3352 case CGROUP_SUPER_MAGIC:
58c442f3 3353 case CGROUP2_SUPER_MAGIC:
e114e473 3354 /*
25985edc 3355 * Casey says that it's a little embarrassing
e114e473
CS		 3356 * that the smack file system doesn't do
3357 * extended attributes.
36ea735b 3358 *
36ea735b 3359 * Cgroupfs is special
e114e473 3360 */
21c7eae2 3361 final = &smack_known_star;
e114e473
CS		 3362 break;
3363 case DEVPTS_SUPER_MAGIC:
3364 /*
3365 * devpts seems content with the label of the task.
3366 * Programs that change smack have to treat the
3367 * pty with respect.
3368 */
21c7eae2 3369 final = ckp;
e114e473 3370 break;
e114e473
CS		 3371 case PROC_SUPER_MAGIC:
3372 /*
3373 * Casey says procfs appears not to care.
3374 * The superblock default suffices.
3375 */
3376 break;
3377 case TMPFS_MAGIC:
3378 /*
3379 * Device labels should come from the filesystem,
3380 * but watch out, because they're volitile,
3381 * getting recreated on every reboot.
3382 */
21c7eae2 3383 final = &smack_known_star;
e114e473 3384 /*
e114e473
CS		 3385 * If a smack value has been set we want to use it,
3386 * but since tmpfs isn't giving us the opportunity
3387 * to set mount options simulate setting the
3388 * superblock default.
3389 */
09186e50 3390 /* Fall through */
e114e473
CS		 3391 default:
3392 /*
3393 * This isn't an understood special case.
3394 * Get the value from the xattr.
b4e0d5f0
CS		 3395 */
3396
3397 /*
3398 * UNIX domain sockets use lower level socket data.
3399 */
3400 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3401 final = &smack_known_star;
b4e0d5f0
CS		 3402 break;
3403 }
3404 /*
e114e473
CS		 3405 * No xattr support means, alas, no SMACK label.
3406 * Use the aforeapplied default.
3407 * It would be curious if the label of the task
3408 * does not match that assigned.
3409 */
5d6c3191
AG		 3410 if (!(inode->i_opflags & IOP_XATTR))
3411 break;
e114e473
CS		 3412 /*
3413 * Get the dentry for xattr.
3414 */
3e62cbb8 3415 dp = dget(opt_dentry);
2f823ff8 3416 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3417 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3418 final = skp;
2267b13a
CS		 3419
3420 /*
3421 * Transmuting directory
3422 */
3423 if (S_ISDIR(inode->i_mode)) {
3424 /*
3425 * If this is a new directory and the label was
3426 * transmuted when the inode was initialized
3427 * set the transmute attribute on the directory
3428 * and mark the inode.
3429 *
3430 * If there is a transmute attribute on the
3431 * directory mark the inode.
3432 */
3433 if (isp->smk_flags & SMK_INODE_CHANGED) {
3434 isp->smk_flags &= ~SMK_INODE_CHANGED;
5d6c3191 3435 rc = __vfs_setxattr(dp, inode,
5c6d1125 3436 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3437 TRANS_TRUE, TRANS_TRUE_SIZE,
3438 0);
3439 } else {
5d6c3191 3440 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3441 XATTR_NAME_SMACKTRANSMUTE, trattr,
3442 TRANS_TRUE_SIZE);
3443 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3444 TRANS_TRUE_SIZE) != 0)
3445 rc = -EINVAL;
5c6d1125 3446 }
2267b13a
CS		 3447 if (rc >= 0)
3448 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3449 }
809c02e0
SF		 3450 /*
3451 * Don't let the exec or mmap label be "*" or "@".
3452 */
3453 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3454 if (IS_ERR(skp) || skp == &smack_known_star ||
3455 skp == &smack_known_web)
3456 skp = NULL;
3457 isp->smk_task = skp;
e774ad68 3458
19760ad0 3459 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3460 if (IS_ERR(skp) || skp == &smack_known_star ||
3461 skp == &smack_known_web)
19760ad0
CS		 3462 skp = NULL;
3463 isp->smk_mmap = skp;
676dac4b 3464
e114e473
CS		 3465 dput(dp);
3466 break;
3467 }
3468
3469 if (final == NULL)
21c7eae2 3470 isp->smk_inode = ckp;
e114e473
CS		 3471 else
3472 isp->smk_inode = final;
3473
5c6d1125 3474 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3475
3476unlockandout:
3477 mutex_unlock(&isp->smk_lock);
3478 return;
3479}
3480
3481/**
3482 * smack_getprocattr - Smack process attribute access
3483 * @p: the object task
3484 * @name: the name of the attribute in /proc/.../attr
3485 * @value: where to put the result
3486 *
3487 * Places a copy of the task Smack into value
3488 *
3489 * Returns the length of the smack label or an error code
3490 */
3491static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3492{
6d1cff2a 3493 struct smack_known *skp = smk_of_task_struct(p);
e114e473
CS		 3494 char *cp;
3495 int slen;
3496
3497 if (strcmp(name, "current") != 0)
3498 return -EINVAL;
3499
2f823ff8 3500 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3501 if (cp == NULL)
3502 return -ENOMEM;
3503
3504 slen = strlen(cp);
3505 *value = cp;
3506 return slen;
3507}
3508
3509/**
3510 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3511 * @name: the name of the attribute in /proc/.../attr
3512 * @value: the value to set
3513 * @size: the size of the value
3514 *
3515 * Sets the Smack value of the task. Only setting self
3516 * is permitted and only with privilege
3517 *
3518 * Returns the length of the smack label or an error code
3519 */
b21507e2 3520static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3521{
b17103a8 3522 struct task_smack *tsp = smack_cred(current_cred());
d84f4f99 3523 struct cred *new;
2f823ff8 3524 struct smack_known *skp;
38416e53
ZJ		 3525 struct smack_known_list_elem *sklep;
3526 int rc;
e114e473 3527
38416e53 3528 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3529 return -EPERM;
3530
f7112e6c 3531 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3532 return -EINVAL;
3533
3534 if (strcmp(name, "current") != 0)
3535 return -EINVAL;
3536
2f823ff8 3537 skp = smk_import_entry(value, size);
e774ad68
LP		 3538 if (IS_ERR(skp))
3539 return PTR_ERR(skp);
e114e473 3540
6d3dc07c 3541 /*
7128ea15
HS		 3542 * No process is ever allowed the web ("@") label
3543 * and the star ("*") label.
6d3dc07c 3544 */
7128ea15
HS		 3545 if (skp == &smack_known_web || skp == &smack_known_star)
3546 return -EINVAL;
6d3dc07c 3547
38416e53
ZJ		 3548 if (!smack_privileged(CAP_MAC_ADMIN)) {
3549 rc = -EPERM;
3550 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3551 if (sklep->smk_label == skp) {
3552 rc = 0;
3553 break;
3554 }
3555 if (rc)
3556 return rc;
3557 }
3558
d84f4f99 3559 new = prepare_creds();
6d3dc07c 3560 if (new == NULL)
d84f4f99 3561 return -ENOMEM;
7898e1f8 3562
b17103a8 3563 tsp = smack_cred(new);
2f823ff8 3564 tsp->smk_task = skp;
38416e53
ZJ		 3565 /*
3566 * process can change its label only once
3567 */
3568 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3569
d84f4f99 3570 commit_creds(new);
e114e473
CS		 3571 return size;
3572}
3573
3574/**
3575 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3576 * @sock: one sock
3577 * @other: the other sock
e114e473
CS		 3578 * @newsk: unused
3579 *
3580 * Return 0 if a subject with the smack of sock could access
3581 * an object with the smack of other, otherwise an error code
3582 */
3610cda5
DM		 3583static int smack_unix_stream_connect(struct sock *sock,
3584 struct sock *other, struct sock *newsk)
e114e473 3585{
2f823ff8 3586 struct smack_known *skp;
54e70ec5 3587 struct smack_known *okp;
d2e7ad19
JM		 3588 struct socket_smack *ssp = sock->sk_security;
3589 struct socket_smack *osp = other->sk_security;
975d5e55 3590 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3591 struct smk_audit_info ad;
b4e0d5f0 3592 int rc = 0;
923e9a13
KC		 3593#ifdef CONFIG_AUDIT
3594 struct lsm_network_audit net;
923e9a13 3595#endif
b4e0d5f0 3596
2f823ff8
CS		 3597 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3598 skp = ssp->smk_out;
96be7b54 3599 okp = osp->smk_in;
54e70ec5
CS		 3600#ifdef CONFIG_AUDIT
3601 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3602 smk_ad_setfield_u_net_sk(&ad, other);
3603#endif
21c7eae2
LP		 3604 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3605 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3606 if (rc == 0) {
96be7b54
ZJ		 3607 okp = osp->smk_out;
3608 skp = ssp->smk_in;
138a868f 3609 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3610 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3611 MAY_WRITE, rc);
3612 }
2f823ff8 3613 }
b4e0d5f0 3614
975d5e55
CS		 3615 /*
3616 * Cross reference the peer labels for SO_PEERSEC.
3617 */
3618 if (rc == 0) {
54e70ec5
CS		 3619 nsp->smk_packet = ssp->smk_out;
3620 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3621 }
3622
b4e0d5f0 3623 return rc;
e114e473
CS		 3624}
3625
3626/**
3627 * smack_unix_may_send - Smack access on UDS
3628 * @sock: one socket
3629 * @other: the other socket
3630 *
3631 * Return 0 if a subject with the smack of sock could access
3632 * an object with the smack of other, otherwise an error code
3633 */
3634static int smack_unix_may_send(struct socket *sock, struct socket *other)
3635{
b4e0d5f0
CS		 3636 struct socket_smack *ssp = sock->sk->sk_security;
3637 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3638 struct smk_audit_info ad;
d166c802 3639 int rc;
e114e473 3640
923e9a13
KC		 3641#ifdef CONFIG_AUDIT
3642 struct lsm_network_audit net;
3643
48c62af6 3644 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3645 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3646#endif
b4e0d5f0 3647
2f823ff8
CS		 3648 if (smack_privileged(CAP_MAC_OVERRIDE))
3649 return 0;
b4e0d5f0 3650
21c7eae2
LP		 3651 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3652 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3653 return rc;
e114e473
CS		 3654}
3655
6d3dc07c
CS		 3656/**
3657 * smack_socket_sendmsg - Smack check based on destination host
3658 * @sock: the socket
251a2a95 3659 * @msg: the message
6d3dc07c
CS		 3660 * @size: the size of the message
3661 *
c6739443
CS		 3662 * Return 0 if the current subject can write to the destination host.
3663 * For IPv4 this is only a question if the destination is a single label host.
3664 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3665 */
3666static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3667 int size)
3668{
3669 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3670#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3671 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3672#endif
3673#ifdef SMACK_IPV6_SECMARK_LABELING
3674 struct socket_smack *ssp = sock->sk->sk_security;
3675 struct smack_known *rsp;
3676#endif
c6739443 3677 int rc = 0;
6d3dc07c
CS		 3678
3679 /*
3680 * Perfectly reasonable for this to be NULL
3681 */
c6739443 3682 if (sip == NULL)
6d3dc07c
CS		 3683 return 0;
3684
81bd0d56 3685 switch (sock->sk->sk_family) {
c6739443 3686 case AF_INET:
b9ef5513
TH		 3687 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3688 sip->sin_family != AF_INET)
3689 return -EINVAL;
c6739443
CS		 3690 rc = smack_netlabel_send(sock->sk, sip);
3691 break;
619ae03e 3692#if IS_ENABLED(CONFIG_IPV6)
c6739443 3693 case AF_INET6:
b9ef5513
TH		 3694 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3695 sap->sin6_family != AF_INET6)
3696 return -EINVAL;
21abb1ec
CS		 3697#ifdef SMACK_IPV6_SECMARK_LABELING
3698 rsp = smack_ipv6host_label(sap);
3699 if (rsp != NULL)
3700 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3701 SMK_CONNECTING);
3702#endif
3703#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3704 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3705#endif
619ae03e 3706#endif /* IS_ENABLED(CONFIG_IPV6) */
c6739443
CS		 3707 break;
3708 }
3709 return rc;
6d3dc07c
CS		 3710}
3711
e114e473 3712/**
251a2a95 3713 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3714 * @sap: netlabel secattr
272cd7a8 3715 * @ssp: socket security information
e114e473 3716 *
2f823ff8 3717 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3718 */
2f823ff8
CS		 3719static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3720 struct socket_smack *ssp)
e114e473 3721{
2f823ff8 3722 struct smack_known *skp;
f7112e6c 3723 int found = 0;
677264e8
CS		 3724 int acat;
3725 int kcat;
e114e473 3726
6d3dc07c 3727 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3728 /*
6d3dc07c 3729 * Looks like a CIPSO packet.
e114e473
CS		 3730 * If there are flags but no level netlabel isn't
3731 * behaving the way we expect it to.
3732 *
f7112e6c 3733 * Look it up in the label table
e114e473
CS		 3734 * Without guidance regarding the smack value
3735 * for the packet fall back on the network
3736 * ambient value.
3737 */
f7112e6c 3738 rcu_read_lock();
348dc288 3739 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3740 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3741 continue;
677264e8
CS		 3742 /*
3743 * Compare the catsets. Use the netlbl APIs.
3744 */
3745 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3746 if ((skp->smk_netlabel.flags &
3747 NETLBL_SECATTR_MLS_CAT) == 0)
3748 found = 1;
3749 break;
3750 }
3751 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3752 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3753 acat + 1);
3754 kcat = netlbl_catmap_walk(
677264e8
CS		 3755 skp->smk_netlabel.attr.mls.cat,
3756 kcat + 1);
3757 if (acat < 0 || kcat < 0)
3758 break;
3759 }
3760 if (acat == kcat) {
3761 found = 1;
3762 break;
3763 }
6d3dc07c 3764 }
f7112e6c
CS		 3765 rcu_read_unlock();
3766
3767 if (found)
2f823ff8 3768 return skp;
f7112e6c 3769
54e70ec5 3770 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3771 return &smack_known_web;
3772 return &smack_known_star;
e114e473 3773 }
152f91d4 3774 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
6d3dc07c
CS		 3775 /*
3776 * Looks like a fallback, which gives us a secid.
3777 */
152f91d4 3778 return smack_from_secid(sap->attr.secid);
e114e473 3779 /*
6d3dc07c
CS		 3780 * Without guidance regarding the smack value
3781 * for the packet fall back on the network
3782 * ambient value.
e114e473 3783 */
272cd7a8 3784 return smack_net_ambient;
e114e473
CS		 3785}
3786
69f287ae 3787#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3788static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3789{
c6739443
CS		 3790 u8 nexthdr;
3791 int offset;
3792 int proto = -EINVAL;
3793 struct ipv6hdr _ipv6h;
3794 struct ipv6hdr *ip6;
3795 __be16 frag_off;
3796 struct tcphdr _tcph, *th;
3797 struct udphdr _udph, *uh;
3798 struct dccp_hdr _dccph, *dh;
3799
3800 sip->sin6_port = 0;
3801
3802 offset = skb_network_offset(skb);
3803 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3804 if (ip6 == NULL)
3805 return -EINVAL;
3806 sip->sin6_addr = ip6->saddr;
3807
3808 nexthdr = ip6->nexthdr;
3809 offset += sizeof(_ipv6h);
3810 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3811 if (offset < 0)
3812 return -EINVAL;
3813
3814 proto = nexthdr;
3815 switch (proto) {
3816 case IPPROTO_TCP:
3817 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3818 if (th != NULL)
3819 sip->sin6_port = th->source;
3820 break;
3821 case IPPROTO_UDP:
a07ef951 3822 case IPPROTO_UDPLITE:
c6739443
CS		 3823 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3824 if (uh != NULL)
3825 sip->sin6_port = uh->source;
3826 break;
3827 case IPPROTO_DCCP:
3828 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3829 if (dh != NULL)
3830 sip->sin6_port = dh->dccph_sport;
3831 break;
3832 }
3833 return proto;
3834}
69f287ae 3835#endif /* CONFIG_IPV6 */
c6739443 3836
e114e473
CS		 3837/**
3838 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3839 * @sk: socket
3840 * @skb: packet
3841 *
3842 * Returns 0 if the packet should be delivered, an error code otherwise
3843 */
3844static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3845{
3846 struct netlbl_lsm_secattr secattr;
3847 struct socket_smack *ssp = sk->sk_security;
69f287ae 3848 struct smack_known *skp = NULL;
c6739443 3849 int rc = 0;
ecfcc53f 3850 struct smk_audit_info ad;
129a9989 3851 u16 family = sk->sk_family;
923e9a13 3852#ifdef CONFIG_AUDIT
48c62af6 3853 struct lsm_network_audit net;
923e9a13 3854#endif
69f287ae
CS		 3855#if IS_ENABLED(CONFIG_IPV6)
3856 struct sockaddr_in6 sadd;
3857 int proto;
129a9989
PS		 3858
3859 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3860 family = PF_INET;
69f287ae
CS		 3861#endif /* CONFIG_IPV6 */
3862
129a9989 3863 switch (family) {
c6739443 3864 case PF_INET:
69f287ae
CS		 3865#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3866 /*
3867 * If there is a secmark use it rather than the CIPSO label.
3868 * If there is no secmark fall back to CIPSO.
3869 * The secmark is assumed to reflect policy better.
3870 */
3871 if (skb && skb->secmark != 0) {
3872 skp = smack_from_secid(skb->secmark);
3873 goto access_check;
3874 }
3875#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3876 /*
3877 * Translate what netlabel gave us.
3878 */
3879 netlbl_secattr_init(&secattr);
6d3dc07c 3880
129a9989 3881 rc = netlbl_skbuff_getattr(skb, family, &secattr);
c6739443 3882 if (rc == 0)
2f823ff8 3883 skp = smack_from_secattr(&secattr, ssp);
c6739443 3884 else
2f823ff8 3885 skp = smack_net_ambient;
6d3dc07c 3886
c6739443 3887 netlbl_secattr_destroy(&secattr);
6d3dc07c 3888
69f287ae
CS		 3889#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3890access_check:
3891#endif
ecfcc53f 3892#ifdef CONFIG_AUDIT
c6739443 3893 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3894 ad.a.u.net->family = family;
c6739443
CS		 3895 ad.a.u.net->netif = skb->skb_iif;
3896 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3897#endif
c6739443
CS		 3898 /*
3899 * Receiving a packet requires that the other end
3900 * be able to write here. Read access is not required.
3901 * This is the simplist possible security model
3902 * for networking.
3903 */
21c7eae2
LP		 3904 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3905 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3906 MAY_WRITE, rc);
c6739443 3907 if (rc != 0)
129a9989 3908 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 3909 break;
69f287ae 3910#if IS_ENABLED(CONFIG_IPV6)
c6739443 3911 case PF_INET6:
69f287ae 3912 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 3913 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3914 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 3915 break;
21abb1ec 3916#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae
CS		 3917 if (skb && skb->secmark != 0)
3918 skp = smack_from_secid(skb->secmark);
f7450bc6
CS		 3919 else if (smk_ipv6_localhost(&sadd))
3920 break;
c6739443 3921 else
21abb1ec
CS		 3922 skp = smack_ipv6host_label(&sadd);
3923 if (skp == NULL)
69f287ae 3924 skp = smack_net_ambient;
3f4287e7
JJB		 3925 if (skb == NULL)
3926 break;
69f287ae
CS		 3927#ifdef CONFIG_AUDIT
3928 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3929 ad.a.u.net->family = family;
69f287ae
CS		 3930 ad.a.u.net->netif = skb->skb_iif;
3931 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3932#endif /* CONFIG_AUDIT */
3933 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3934 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3935 MAY_WRITE, rc);
21abb1ec
CS		 3936#endif /* SMACK_IPV6_SECMARK_LABELING */
3937#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 3938 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 3939#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 3940 if (rc != 0)
3941 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3942 ICMPV6_ADM_PROHIBITED, 0);
c6739443 3943 break;
69f287ae 3944#endif /* CONFIG_IPV6 */
c6739443 3945 }
69f287ae 3946
a8134296 3947 return rc;
e114e473
CS		 3948}
3949
3950/**
3951 * smack_socket_getpeersec_stream - pull in packet label
3952 * @sock: the socket
3953 * @optval: user's destination
3954 * @optlen: size thereof
251a2a95 3955 * @len: max thereof
e114e473
CS		 3956 *
3957 * returns zero on success, an error code otherwise
3958 */
3959static int smack_socket_getpeersec_stream(struct socket *sock,
3960 char __user *optval,
3961 int __user *optlen, unsigned len)
3962{
3963 struct socket_smack *ssp;
272cd7a8
CS		 3964 char *rcp = "";
3965 int slen = 1;
e114e473
CS		 3966 int rc = 0;
3967
3968 ssp = sock->sk->sk_security;
272cd7a8 3969 if (ssp->smk_packet != NULL) {
54e70ec5 3970 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 3971 slen = strlen(rcp) + 1;
3972 }
e114e473
CS		 3973
3974 if (slen > len)
3975 rc = -ERANGE;
272cd7a8 3976 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 3977 rc = -EFAULT;
3978
3979 if (put_user(slen, optlen) != 0)
3980 rc = -EFAULT;
3981
3982 return rc;
3983}
3984
3985
3986/**
3987 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 3988 * @sock: the peer socket
e114e473
CS		 3989 * @skb: packet data
3990 * @secid: pointer to where to put the secid of the packet
3991 *
3992 * Sets the netlabel socket state on sk from parent
3993 */
3994static int smack_socket_getpeersec_dgram(struct socket *sock,
3995 struct sk_buff *skb, u32 *secid)
3996
3997{
3998 struct netlbl_lsm_secattr secattr;
272cd7a8 3999 struct socket_smack *ssp = NULL;
2f823ff8 4000 struct smack_known *skp;
b4e0d5f0
CS		 4001 int family = PF_UNSPEC;
4002 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 4003 int rc;
4004
b4e0d5f0
CS		 4005 if (skb != NULL) {
4006 if (skb->protocol == htons(ETH_P_IP))
4007 family = PF_INET;
69f287ae 4008#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4009 else if (skb->protocol == htons(ETH_P_IPV6))
4010 family = PF_INET6;
69f287ae 4011#endif /* CONFIG_IPV6 */
e114e473 4012 }
b4e0d5f0
CS		 4013 if (family == PF_UNSPEC && sock != NULL)
4014 family = sock->sk->sk_family;
e114e473 4015
69f287ae
CS		 4016 switch (family) {
4017 case PF_UNIX:
272cd7a8 4018 ssp = sock->sk->sk_security;
2f823ff8 4019 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4020 break;
4021 case PF_INET:
4022#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4023 s = skb->secmark;
4024 if (s != 0)
4025 break;
4026#endif
b4e0d5f0
CS		 4027 /*
4028 * Translate what netlabel gave us.
4029 */
272cd7a8
CS		 4030 if (sock != NULL && sock->sk != NULL)
4031 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 4032 netlbl_secattr_init(&secattr);
4033 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4034 if (rc == 0) {
2f823ff8
CS		 4035 skp = smack_from_secattr(&secattr, ssp);
4036 s = skp->smk_secid;
b4e0d5f0
CS		 4037 }
4038 netlbl_secattr_destroy(&secattr);
69f287ae 4039 break;
69f287ae 4040 case PF_INET6:
21abb1ec 4041#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae 4042 s = skb->secmark;
21abb1ec 4043#endif
69f287ae 4044 break;
b4e0d5f0
CS		 4045 }
4046 *secid = s;
e114e473
CS		 4047 if (s == 0)
4048 return -EINVAL;
e114e473
CS		 4049 return 0;
4050}
4051
4052/**
07feee8f
PM		 4053 * smack_sock_graft - Initialize a newly created socket with an existing sock
4054 * @sk: child sock
4055 * @parent: parent socket
e114e473 4056 *
07feee8f
PM		 4057 * Set the smk_{in,out} state of an existing sock based on the process that
4058 * is creating the new socket.
e114e473
CS		 4059 */
4060static void smack_sock_graft(struct sock *sk, struct socket *parent)
4061{
4062 struct socket_smack *ssp;
2f823ff8 4063 struct smack_known *skp = smk_of_current();
e114e473 4064
07feee8f
PM		 4065 if (sk == NULL ||
4066 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4067 return;
4068
4069 ssp = sk->sk_security;
54e70ec5 4070 ssp->smk_in = skp;
2f823ff8 4071 ssp->smk_out = skp;
07feee8f 4072 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4073}
4074
4075/**
4076 * smack_inet_conn_request - Smack access check on connect
4077 * @sk: socket involved
4078 * @skb: packet
4079 * @req: unused
4080 *
4081 * Returns 0 if a task with the packet label could write to
4082 * the socket, otherwise an error code
4083 */
4084static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4085 struct request_sock *req)
4086{
07feee8f 4087 u16 family = sk->sk_family;
f7112e6c 4088 struct smack_known *skp;
e114e473 4089 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4090 struct netlbl_lsm_secattr secattr;
4091 struct sockaddr_in addr;
4092 struct iphdr *hdr;
21c7eae2 4093 struct smack_known *hskp;
e114e473 4094 int rc;
ecfcc53f 4095 struct smk_audit_info ad;
923e9a13 4096#ifdef CONFIG_AUDIT
48c62af6 4097 struct lsm_network_audit net;
923e9a13 4098#endif
e114e473 4099
69f287ae 4100#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4101 if (family == PF_INET6) {
4102 /*
4103 * Handle mapped IPv4 packets arriving
4104 * via IPv6 sockets. Don't set up netlabel
4105 * processing on IPv6.
4106 */
4107 if (skb->protocol == htons(ETH_P_IP))
4108 family = PF_INET;
4109 else
4110 return 0;
4111 }
69f287ae 4112#endif /* CONFIG_IPV6 */
e114e473 4113
7f368ad3
CS		 4114#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4115 /*
4116 * If there is a secmark use it rather than the CIPSO label.
4117 * If there is no secmark fall back to CIPSO.
4118 * The secmark is assumed to reflect policy better.
4119 */
4120 if (skb && skb->secmark != 0) {
4121 skp = smack_from_secid(skb->secmark);
4122 goto access_check;
4123 }
4124#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4125
07feee8f
PM		 4126 netlbl_secattr_init(&secattr);
4127 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 4128 if (rc == 0)
2f823ff8 4129 skp = smack_from_secattr(&secattr, ssp);
e114e473 4130 else
2f823ff8 4131 skp = &smack_known_huh;
07feee8f
PM		 4132 netlbl_secattr_destroy(&secattr);
4133
7f368ad3
CS		 4134#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4135access_check:
4136#endif
4137
ecfcc53f 4138#ifdef CONFIG_AUDIT
48c62af6
EP		 4139 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4140 ad.a.u.net->family = family;
4141 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4142 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4143#endif
e114e473 4144 /*
07feee8f
PM		 4145 * Receiving a packet requires that the other end be able to write
4146 * here. Read access is not required.
e114e473 4147 */
21c7eae2
LP		 4148 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4149 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4150 if (rc != 0)
4151 return rc;
4152
4153 /*
4154 * Save the peer's label in the request_sock so we can later setup
4155 * smk_packet in the child socket so that SO_PEERCRED can report it.
4156 */
2f823ff8 4157 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4158
4159 /*
4160 * We need to decide if we want to label the incoming connection here
4161 * if we do we only need to label the request_sock and the stack will
25985edc 4162 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4163 */
4164 hdr = ip_hdr(skb);
4165 addr.sin_addr.s_addr = hdr->saddr;
4166 rcu_read_lock();
21abb1ec 4167 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4168 rcu_read_unlock();
4169
21c7eae2 4170 if (hskp == NULL)
f7112e6c 4171 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4172 else
07feee8f 4173 netlbl_req_delattr(req);
e114e473
CS		 4174
4175 return rc;
4176}
4177
07feee8f
PM		 4178/**
4179 * smack_inet_csk_clone - Copy the connection information to the new socket
4180 * @sk: the new socket
4181 * @req: the connection's request_sock
4182 *
4183 * Transfer the connection's peer label to the newly created socket.
4184 */
4185static void smack_inet_csk_clone(struct sock *sk,
4186 const struct request_sock *req)
4187{
4188 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4189 struct smack_known *skp;
07feee8f 4190
2f823ff8
CS		 4191 if (req->peer_secid != 0) {
4192 skp = smack_from_secid(req->peer_secid);
54e70ec5 4193 ssp->smk_packet = skp;
2f823ff8 4194 } else
272cd7a8 4195 ssp->smk_packet = NULL;
07feee8f
PM		 4196}
4197
e114e473
CS		 4198/*
4199 * Key management security hooks
4200 *
4201 * Casey has not tested key support very heavily.
4202 * The permission check is most likely too restrictive.
4203 * If you care about keys please have a look.
4204 */
4205#ifdef CONFIG_KEYS
4206
4207/**
4208 * smack_key_alloc - Set the key security blob
4209 * @key: object
d84f4f99 4210 * @cred: the credentials to use
e114e473
CS		 4211 * @flags: unused
4212 *
4213 * No allocation required
4214 *
4215 * Returns 0
4216 */
d84f4f99 4217static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4218 unsigned long flags)
4219{
b17103a8 4220 struct smack_known *skp = smk_of_task(smack_cred(cred));
2f823ff8 4221
21c7eae2 4222 key->security = skp;
e114e473
CS		 4223 return 0;
4224}
4225
4226/**
4227 * smack_key_free - Clear the key security blob
4228 * @key: the object
4229 *
4230 * Clear the blob pointer
4231 */
4232static void smack_key_free(struct key *key)
4233{
4234 key->security = NULL;
4235}
4236
1a28979b 4237/**
e114e473
CS		 4238 * smack_key_permission - Smack access on a key
4239 * @key_ref: gets to the object
d84f4f99 4240 * @cred: the credentials to use
1a28979b 4241 * @perm: requested key permissions
e114e473
CS		 4242 *
4243 * Return 0 if the task has read and write to the object,
4244 * an error code otherwise
4245 */
4246static int smack_key_permission(key_ref_t key_ref,
f5895943 4247 const struct cred *cred, unsigned perm)
e114e473
CS		 4248{
4249 struct key *keyp;
ecfcc53f 4250 struct smk_audit_info ad;
b17103a8 4251 struct smack_known *tkp = smk_of_task(smack_cred(cred));
fffea214 4252 int request = 0;
d166c802 4253 int rc;
e114e473 4254
5b841bfa
ZM		 4255 /*
4256 * Validate requested permissions
4257 */
4258 if (perm & ~KEY_NEED_ALL)
4259 return -EINVAL;
4260
e114e473
CS		 4261 keyp = key_ref_to_ptr(key_ref);
4262 if (keyp == NULL)
4263 return -EINVAL;
4264 /*
4265 * If the key hasn't been initialized give it access so that
4266 * it may do so.
4267 */
4268 if (keyp->security == NULL)
4269 return 0;
4270 /*
4271 * This should not occur
4272 */
2f823ff8 4273 if (tkp == NULL)
e114e473 4274 return -EACCES;
d19dfe58
CS		 4275
4276 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4277 return 0;
4278
ecfcc53f
EB		 4279#ifdef CONFIG_AUDIT
4280 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4281 ad.a.u.key_struct.key = keyp->serial;
4282 ad.a.u.key_struct.key_desc = keyp->description;
4283#endif
5b841bfa
ZM		 4284 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4285 request |= MAY_READ;
fffea214 4286 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
5b841bfa 4287 request |= MAY_WRITE;
d166c802
CS		 4288 rc = smk_access(tkp, keyp->security, request, &ad);
4289 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4290 return rc;
e114e473 4291}
7fc5f36e
JB		 4292
4293/*
4294 * smack_key_getsecurity - Smack label tagging the key
4295 * @key points to the key to be queried
4296 * @_buffer points to a pointer that should be set to point to the
4297 * resulting string (if no label or an error occurs).
4298 * Return the length of the string (including terminating NUL) or -ve if
4299 * an error.
4300 * May also return 0 (and a NULL buffer pointer) if there is no label.
4301 */
4302static int smack_key_getsecurity(struct key *key, char **_buffer)
4303{
4304 struct smack_known *skp = key->security;
4305 size_t length;
4306 char *copy;
4307
4308 if (key->security == NULL) {
4309 *_buffer = NULL;
4310 return 0;
4311 }
4312
4313 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4314 if (copy == NULL)
4315 return -ENOMEM;
4316 length = strlen(copy) + 1;
4317
4318 *_buffer = copy;
4319 return length;
4320}
4321
e114e473
CS		 4322#endif /* CONFIG_KEYS */
4323
d20bdda6
AD		 4324/*
4325 * Smack Audit hooks
4326 *
4327 * Audit requires a unique representation of each Smack specific
4328 * rule. This unique representation is used to distinguish the
4329 * object to be audited from remaining kernel objects and also
4330 * works as a glue between the audit hooks.
4331 *
4332 * Since repository entries are added but never deleted, we'll use
4333 * the smack_known label address related to the given audit rule as
4334 * the needed unique representation. This also better fits the smack
4335 * model where nearly everything is a label.
4336 */
4337#ifdef CONFIG_AUDIT
4338
4339/**
4340 * smack_audit_rule_init - Initialize a smack audit rule
4341 * @field: audit rule fields given from user-space (audit.h)
4342 * @op: required testing operator (=, !=, >, <, ...)
4343 * @rulestr: smack label to be audited
4344 * @vrule: pointer to save our own audit rule representation
4345 *
4346 * Prepare to audit cases where (@field @op @rulestr) is true.
4347 * The label to be audited is created if necessay.
4348 */
4349static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4350{
21c7eae2 4351 struct smack_known *skp;
d20bdda6
AD		 4352 char **rule = (char **)vrule;
4353 *rule = NULL;
4354
4355 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4356 return -EINVAL;
4357
5af75d8d 4358 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4359 return -EINVAL;
4360
21c7eae2 4361 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4362 if (IS_ERR(skp))
4363 return PTR_ERR(skp);
4364
4365 *rule = skp->smk_known;
d20bdda6
AD		 4366
4367 return 0;
4368}
4369
4370/**
4371 * smack_audit_rule_known - Distinguish Smack audit rules
4372 * @krule: rule of interest, in Audit kernel representation format
4373 *
4374 * This is used to filter Smack rules from remaining Audit ones.
4375 * If it's proved that this rule belongs to us, the
4376 * audit_rule_match hook will be called to do the final judgement.
4377 */
4378static int smack_audit_rule_known(struct audit_krule *krule)
4379{
4380 struct audit_field *f;
4381 int i;
4382
4383 for (i = 0; i < krule->field_count; i++) {
4384 f = &krule->fields[i];
4385
4386 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4387 return 1;
4388 }
4389
4390 return 0;
4391}
4392
4393/**
4394 * smack_audit_rule_match - Audit given object ?
4395 * @secid: security id for identifying the object to test
4396 * @field: audit rule flags given from user-space
4397 * @op: required testing operator
4398 * @vrule: smack internal rule presentation
d20bdda6
AD		 4399 *
4400 * The core Audit hook. It's used to take the decision of
4401 * whether to audit or not to audit a given object.
4402 */
90462a5b 4403static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
d20bdda6 4404{
2f823ff8 4405 struct smack_known *skp;
d20bdda6
AD		 4406 char *rule = vrule;
4407
4eb0f4ab
RGB		 4408 if (unlikely(!rule)) {
4409 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4410 return -ENOENT;
4411 }
4412
4413 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4414 return 0;
4415
2f823ff8 4416 skp = smack_from_secid(secid);
d20bdda6
AD		 4417
4418 /*
4419 * No need to do string comparisons. If a match occurs,
4420 * both pointers will point to the same smack_known
4421 * label.
4422 */
5af75d8d 4423 if (op == Audit_equal)
2f823ff8 4424 return (rule == skp->smk_known);
5af75d8d 4425 if (op == Audit_not_equal)
2f823ff8 4426 return (rule != skp->smk_known);
d20bdda6
AD		 4427
4428 return 0;
4429}
4430
491a0b08
CS		 4431/*
4432 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4433 * No memory was allocated.
4434 */
d20bdda6
AD		 4435
4436#endif /* CONFIG_AUDIT */
4437
746df9b5
DQ		 4438/**
4439 * smack_ismaclabel - check if xattr @name references a smack MAC label
4440 * @name: Full xattr name to check.
4441 */
4442static int smack_ismaclabel(const char *name)
4443{
4444 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4445}
4446
4447
251a2a95 4448/**
e114e473
CS		 4449 * smack_secid_to_secctx - return the smack label for a secid
4450 * @secid: incoming integer
4451 * @secdata: destination
4452 * @seclen: how long it is
4453 *
4454 * Exists for networking code.
4455 */
4456static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4457{
2f823ff8 4458 struct smack_known *skp = smack_from_secid(secid);
e114e473 4459
d5630b9d 4460 if (secdata)
2f823ff8
CS		 4461 *secdata = skp->smk_known;
4462 *seclen = strlen(skp->smk_known);
e114e473
CS		 4463 return 0;
4464}
4465
251a2a95 4466/**
4bc87e62
CS		 4467 * smack_secctx_to_secid - return the secid for a smack label
4468 * @secdata: smack label
4469 * @seclen: how long result is
4470 * @secid: outgoing integer
4471 *
4472 * Exists for audit and networking code.
4473 */
e52c1764 4474static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4475{
21c7eae2
LP		 4476 struct smack_known *skp = smk_find_entry(secdata);
4477
4478 if (skp)
4479 *secid = skp->smk_secid;
4480 else
4481 *secid = 0;
4bc87e62
CS		 4482 return 0;
4483}
4484
491a0b08
CS		 4485/*
4486 * There used to be a smack_release_secctx hook
4487 * that did nothing back when hooks were in a vector.
4488 * Now that there's a list such a hook adds cost.
e114e473 4489 */
e114e473 4490
1ee65e37
DQ		 4491static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4492{
4493 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4494}
4495
4496static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4497{
4498 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4499}
4500
4501static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4502{
0f8983cf 4503 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4504
0f8983cf
CS		 4505 *ctx = skp->smk_known;
4506 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4507 return 0;
4508}
4509
d6d80cb5
CS		 4510static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4511{
4512
4513 struct task_smack *tsp;
4514 struct smack_known *skp;
4515 struct inode_smack *isp;
4516 struct cred *new_creds = *new;
4517
4518 if (new_creds == NULL) {
4519 new_creds = prepare_creds();
4520 if (new_creds == NULL)
4521 return -ENOMEM;
4522 }
4523
b17103a8 4524 tsp = smack_cred(new_creds);
d6d80cb5
CS		 4525
4526 /*
4527 * Get label from overlay inode and set it in create_sid
4528 */
fb4021b6 4529 isp = smack_inode(d_inode(dentry->d_parent));
d6d80cb5
CS		 4530 skp = isp->smk_inode;
4531 tsp->smk_task = skp;
4532 *new = new_creds;
4533 return 0;
4534}
4535
4536static int smack_inode_copy_up_xattr(const char *name)
4537{
4538 /*
4539 * Return 1 if this is the smack access Smack attribute.
4540 */
4541 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4542 return 1;
4543
4544 return -EOPNOTSUPP;
4545}
4546
4547static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4548 struct qstr *name,
4549 const struct cred *old,
4550 struct cred *new)
4551{
b17103a8
CS		 4552 struct task_smack *otsp = smack_cred(old);
4553 struct task_smack *ntsp = smack_cred(new);
d6d80cb5
CS		 4554 struct inode_smack *isp;
4555 int may;
4556
4557 /*
4558 * Use the process credential unless all of
4559 * the transmuting criteria are met
4560 */
4561 ntsp->smk_task = otsp->smk_task;
4562
4563 /*
4564 * the attribute of the containing directory
4565 */
fb4021b6 4566 isp = smack_inode(d_inode(dentry->d_parent));
d6d80cb5
CS		 4567
4568 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4569 rcu_read_lock();
4570 may = smk_access_entry(otsp->smk_task->smk_known,
4571 isp->smk_inode->smk_known,
4572 &otsp->smk_task->smk_rules);
4573 rcu_read_unlock();
4574
4575 /*
4576 * If the directory is transmuting and the rule
4577 * providing access is transmuting use the containing
4578 * directory label instead of the process label.
4579 */
4580 if (may > 0 && (may & MAY_TRANSMUTE))
4581 ntsp->smk_task = isp->smk_inode;
4582 }
4583 return 0;
4584}
4585
bbd3662a
CS		 4586struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4587 .lbs_cred = sizeof(struct task_smack),
33bf60ca 4588 .lbs_file = sizeof(struct smack_known *),
afb1cbe3 4589 .lbs_inode = sizeof(struct inode_smack),
ecd5f82e
CS		 4590 .lbs_ipc = sizeof(struct smack_known *),
4591 .lbs_msg_msg = sizeof(struct smack_known *),
bbd3662a
CS		 4592};
4593
ca97d939 4594static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4595 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4596 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4597 LSM_HOOK_INIT(syslog, smack_syslog),
4598
0b52075e 4599 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
2febd254
DH		 4600 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4601
e20b043a
CS		 4602 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4603 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
204cc0cc 4604 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 4605 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 4606 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 4607 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a
CS		 4608
4609 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
e20b043a
CS		 4610
4611 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
e20b043a
CS		 4612 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4613 LSM_HOOK_INIT(inode_link, smack_inode_link),
4614 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4615 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4616 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4617 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4618 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4619 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4620 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4621 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4622 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4623 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4624 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4625 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4626 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4627 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4628
e20b043a 4629 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
e20b043a
CS		 4630 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4631 LSM_HOOK_INIT(file_lock, smack_file_lock),
4632 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4633 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4634 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4635 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4636 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4637 LSM_HOOK_INIT(file_receive, smack_file_receive),
4638
4639 LSM_HOOK_INIT(file_open, smack_file_open),
4640
4641 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4642 LSM_HOOK_INIT(cred_free, smack_cred_free),
4643 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4644 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 4645 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 4646 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4647 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4648 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4649 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4650 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4651 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4652 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4653 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4654 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4655 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4656 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4657 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4658 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4659 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4660
4661 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4662 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4663
4664 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
e20b043a 4665
0d79cbf8 4666 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4667 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4668 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4669 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4670 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4671
0d79cbf8 4672 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4673 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4674 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4675 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4676
0d79cbf8 4677 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4678 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4679 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4680 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4681
4682 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4683
4684 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4685 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4686
4687 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4688 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4689
4690 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 4691 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 4692#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4693 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4694#endif
e20b043a
CS		 4695 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4696 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4697 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4698 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4699 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4700 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4701 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4702 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4703 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4704 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4705
e114e473
CS		 4706 /* key management security hooks */
4707#ifdef CONFIG_KEYS
e20b043a
CS		 4708 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4709 LSM_HOOK_INIT(key_free, smack_key_free),
4710 LSM_HOOK_INIT(key_permission, smack_key_permission),
4711 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
e114e473 4712#endif /* CONFIG_KEYS */
d20bdda6
AD		 4713
4714 /* Audit hooks */
4715#ifdef CONFIG_AUDIT
e20b043a
CS		 4716 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4717 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4718 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4719#endif /* CONFIG_AUDIT */
4720
e20b043a
CS		 4721 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4722 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4723 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4724 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4725 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4726 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 4727 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4728 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4729 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
e114e473
CS		 4730};
4731
7198e2ee 4732
86812bb0 4733static __init void init_smack_known_list(void)
7198e2ee 4734{
86812bb0
CS		 4735 /*
4736 * Initialize rule list locks
4737 */
4738 mutex_init(&smack_known_huh.smk_rules_lock);
4739 mutex_init(&smack_known_hat.smk_rules_lock);
4740 mutex_init(&smack_known_floor.smk_rules_lock);
4741 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4742 mutex_init(&smack_known_web.smk_rules_lock);
4743 /*
4744 * Initialize rule lists
4745 */
4746 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4747 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4748 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4749 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4750 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4751 /*
4752 * Create the known labels list
4753 */
4d7cf4a1
TS		 4754 smk_insert_entry(&smack_known_huh);
4755 smk_insert_entry(&smack_known_hat);
4756 smk_insert_entry(&smack_known_star);
4757 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4758 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4759}
4760
e114e473
CS		 4761/**
4762 * smack_init - initialize the smack system
4763 *
a1a07f22 4764 * Returns 0 on success, -ENOMEM is there's no memory
e114e473
CS		 4765 */
4766static __init int smack_init(void)
4767{
bbd3662a 4768 struct cred *cred = (struct cred *) current->cred;
676dac4b 4769 struct task_smack *tsp;
d84f4f99 4770
1a5b472b
R		 4771 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4772 if (!smack_inode_cache)
4773 return -ENOMEM;
4774
4e328b08
CS		 4775 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4776 if (!smack_rule_cache) {
4777 kmem_cache_destroy(smack_inode_cache);
4778 return -ENOMEM;
4779 }
4780
bbd3662a
CS		 4781 /*
4782 * Set the security state for the initial task.
4783 */
4784 tsp = smack_cred(cred);
4785 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4786
4787 /*
4788 * Register with LSM
4789 */
4790 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
d21b7b04
JB		 4791 smack_enabled = 1;
4792
21abb1ec
CS		 4793 pr_info("Smack: Initializing.\n");
4794#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4795 pr_info("Smack: Netfilter enabled.\n");
4796#endif
4797#ifdef SMACK_IPV6_PORT_LABELING
4798 pr_info("Smack: IPv6 port labeling enabled.\n");
4799#endif
4800#ifdef SMACK_IPV6_SECMARK_LABELING
4801 pr_info("Smack: IPv6 Netfilter enabled.\n");
4802#endif
e114e473 4803
86812bb0
CS		 4804 /* initialize the smack_known_list */
4805 init_smack_known_list();
e114e473 4806
e114e473
CS		 4807 return 0;
4808}
4809
4810/*
4811 * Smack requires early initialization in order to label
4812 * all processes and objects when they are created.
4813 */
3d6e5f6d 4814DEFINE_LSM(smack) = {
07aed2f2 4815 .name = "smack",
14bd99c8 4816 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
bbd3662a 4817 .blobs = &smack_blob_sizes,
3d6e5f6d
KC		 4818 .init = smack_init,
4819};
Linux 6.x block layer and io_uring tree(s)