projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
introduce cloning of fs_context
[linux-block.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
d66a8acb 31#include <linux/icmpv6.h>
5a0e3ad6 32#include <linux/slab.h>
e114e473
CS		 33#include <linux/mutex.h>
34#include <linux/pipe_fs_i.h>
e114e473 35#include <net/cipso_ipv4.h>
c6739443
CS		 36#include <net/ip.h>
37#include <net/ipv6.h>
d20bdda6 38#include <linux/audit.h>
1fd7317d 39#include <linux/magic.h>
2a7dba39 40#include <linux/dcache.h>
16014d87 41#include <linux/personality.h>
40401530
AV		 42#include <linux/msg.h>
43#include <linux/shm.h>
44#include <linux/binfmts.h>
3bf2789c 45#include <linux/parser.h>
2febd254
DH		 46#include <linux/fs_context.h>
47#include <linux/fs_parser.h>
e114e473
CS		 48#include "smack.h"
49
5c6d1125
JS		 50#define TRANS_TRUE "TRUE"
51#define TRANS_TRUE_SIZE 4
52
c6739443
CS		 53#define SMK_CONNECTING 0
54#define SMK_RECEIVING 1
55#define SMK_SENDING 2
56
21abb1ec 57#ifdef SMACK_IPV6_PORT_LABELING
3c7ce342 58DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 59static LIST_HEAD(smk_ipv6_port_list);
21abb1ec 60#endif
1a5b472b 61static struct kmem_cache *smack_inode_cache;
69f287ae 62int smack_enabled;
c6739443 63
c3300aaf
AV		 64#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
65static struct {
66 const char *name;
67 int len;
68 int opt;
69} smk_mount_opts[] = {
70 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
3bf2789c 71};
c3300aaf
AV		 72#undef A
73
74static int match_opt_prefix(char *s, int l, char **arg)
75{
76 int i;
77
78 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
79 size_t len = smk_mount_opts[i].len;
80 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
81 continue;
82 if (len == l || s[len] != '=')
83 continue;
84 *arg = s + len + 1;
85 return smk_mount_opts[i].opt;
86 }
87 return Opt_error;
88}
3bf2789c 89
3d04c924
CS		 90#ifdef CONFIG_SECURITY_SMACK_BRINGUP
91static char *smk_bu_mess[] = {
92 "Bringup Error", /* Unused */
93 "Bringup", /* SMACK_BRINGUP_ALLOW */
94 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
95 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
96};
97
d166c802
CS		 98static void smk_bu_mode(int mode, char *s)
99{
100 int i = 0;
101
102 if (mode & MAY_READ)
103 s[i++] = 'r';
104 if (mode & MAY_WRITE)
105 s[i++] = 'w';
106 if (mode & MAY_EXEC)
107 s[i++] = 'x';
108 if (mode & MAY_APPEND)
109 s[i++] = 'a';
110 if (mode & MAY_TRANSMUTE)
111 s[i++] = 't';
112 if (mode & MAY_LOCK)
113 s[i++] = 'l';
114 if (i == 0)
115 s[i++] = '-';
116 s[i] = '\0';
117}
118#endif
119
120#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 121static int smk_bu_note(char *note, struct smack_known *sskp,
122 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 123{
124 char acc[SMK_NUM_ACCESS_TYPE + 1];
125
126 if (rc <= 0)
127 return rc;
bf4b2fee
CS		 128 if (rc > SMACK_UNCONFINED_OBJECT)
129 rc = 0;
d166c802
CS		 130
131 smk_bu_mode(mode, acc);
bf4b2fee 132 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 133 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 134 return 0;
135}
136#else
21c7eae2 137#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 138#endif
139
140#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 141static int smk_bu_current(char *note, struct smack_known *oskp,
142 int mode, int rc)
d166c802
CS		 143{
144 struct task_smack *tsp = current_security();
145 char acc[SMK_NUM_ACCESS_TYPE + 1];
146
147 if (rc <= 0)
148 return rc;
bf4b2fee
CS		 149 if (rc > SMACK_UNCONFINED_OBJECT)
150 rc = 0;
d166c802
CS		 151
152 smk_bu_mode(mode, acc);
bf4b2fee 153 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 154 tsp->smk_task->smk_known, oskp->smk_known,
155 acc, current->comm, note);
d166c802
CS		 156 return 0;
157}
158#else
21c7eae2 159#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 160#endif
161
162#ifdef CONFIG_SECURITY_SMACK_BRINGUP
163static int smk_bu_task(struct task_struct *otp, int mode, int rc)
164{
165 struct task_smack *tsp = current_security();
6d1cff2a 166 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 167 char acc[SMK_NUM_ACCESS_TYPE + 1];
168
169 if (rc <= 0)
170 return rc;
bf4b2fee
CS		 171 if (rc > SMACK_UNCONFINED_OBJECT)
172 rc = 0;
d166c802
CS		 173
174 smk_bu_mode(mode, acc);
bf4b2fee 175 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 176 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 177 current->comm, otp->comm);
178 return 0;
179}
180#else
181#define smk_bu_task(otp, mode, RC) (RC)
182#endif
183
184#ifdef CONFIG_SECURITY_SMACK_BRINGUP
185static int smk_bu_inode(struct inode *inode, int mode, int rc)
186{
187 struct task_smack *tsp = current_security();
bf4b2fee 188 struct inode_smack *isp = inode->i_security;
d166c802
CS		 189 char acc[SMK_NUM_ACCESS_TYPE + 1];
190
bf4b2fee
CS		 191 if (isp->smk_flags & SMK_INODE_IMPURE)
192 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
193 inode->i_sb->s_id, inode->i_ino, current->comm);
194
d166c802
CS		 195 if (rc <= 0)
196 return rc;
bf4b2fee
CS		 197 if (rc > SMACK_UNCONFINED_OBJECT)
198 rc = 0;
199 if (rc == SMACK_UNCONFINED_SUBJECT &&
200 (mode & (MAY_WRITE | MAY_APPEND)))
201 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 202
203 smk_bu_mode(mode, acc);
bf4b2fee
CS		 204
205 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
206 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 207 inode->i_sb->s_id, inode->i_ino, current->comm);
208 return 0;
209}
210#else
211#define smk_bu_inode(inode, mode, RC) (RC)
212#endif
213
214#ifdef CONFIG_SECURITY_SMACK_BRINGUP
215static int smk_bu_file(struct file *file, int mode, int rc)
216{
217 struct task_smack *tsp = current_security();
218 struct smack_known *sskp = tsp->smk_task;
5e7270a6 219 struct inode *inode = file_inode(file);
bf4b2fee 220 struct inode_smack *isp = inode->i_security;
d166c802
CS		 221 char acc[SMK_NUM_ACCESS_TYPE + 1];
222
bf4b2fee
CS		 223 if (isp->smk_flags & SMK_INODE_IMPURE)
224 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
225 inode->i_sb->s_id, inode->i_ino, current->comm);
226
d166c802
CS		 227 if (rc <= 0)
228 return rc;
bf4b2fee
CS		 229 if (rc > SMACK_UNCONFINED_OBJECT)
230 rc = 0;
d166c802
CS		 231
232 smk_bu_mode(mode, acc);
bf4b2fee 233 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 234 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 235 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 236 current->comm);
237 return 0;
238}
239#else
240#define smk_bu_file(file, mode, RC) (RC)
241#endif
242
243#ifdef CONFIG_SECURITY_SMACK_BRINGUP
244static int smk_bu_credfile(const struct cred *cred, struct file *file,
245 int mode, int rc)
246{
247 struct task_smack *tsp = cred->security;
248 struct smack_known *sskp = tsp->smk_task;
45063097 249 struct inode *inode = file_inode(file);
bf4b2fee 250 struct inode_smack *isp = inode->i_security;
d166c802
CS		 251 char acc[SMK_NUM_ACCESS_TYPE + 1];
252
bf4b2fee
CS		 253 if (isp->smk_flags & SMK_INODE_IMPURE)
254 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
255 inode->i_sb->s_id, inode->i_ino, current->comm);
256
d166c802
CS		 257 if (rc <= 0)
258 return rc;
bf4b2fee
CS		 259 if (rc > SMACK_UNCONFINED_OBJECT)
260 rc = 0;
d166c802
CS		 261
262 smk_bu_mode(mode, acc);
bf4b2fee 263 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 264 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 265 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 266 current->comm);
267 return 0;
268}
269#else
270#define smk_bu_credfile(cred, file, mode, RC) (RC)
271#endif
272
e114e473
CS		 273/**
274 * smk_fetch - Fetch the smack label from a file.
1a28979b 275 * @name: type of the label (attribute)
e114e473
CS		 276 * @ip: a pointer to the inode
277 * @dp: a pointer to the dentry
278 *
e774ad68
LP		 279 * Returns a pointer to the master list entry for the Smack label,
280 * NULL if there was no label to fetch, or an error code.
e114e473 281 */
2f823ff8
CS		 282static struct smack_known *smk_fetch(const char *name, struct inode *ip,
283 struct dentry *dp)
e114e473
CS		 284{
285 int rc;
f7112e6c 286 char *buffer;
2f823ff8 287 struct smack_known *skp = NULL;
e114e473 288
5d6c3191 289 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 290 return ERR_PTR(-EOPNOTSUPP);
e114e473 291
f7112e6c
CS		 292 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
293 if (buffer == NULL)
e774ad68 294 return ERR_PTR(-ENOMEM);
e114e473 295
5d6c3191 296 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 297 if (rc < 0)
298 skp = ERR_PTR(rc);
299 else if (rc == 0)
300 skp = NULL;
301 else
2f823ff8 302 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 303
304 kfree(buffer);
305
2f823ff8 306 return skp;
e114e473
CS		 307}
308
309/**
310 * new_inode_smack - allocate an inode security blob
21c7eae2 311 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 312 *
313 * Returns the new blob or NULL if there's no memory available
314 */
1eddfe8e 315static struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 316{
317 struct inode_smack *isp;
318
1a5b472b 319 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 320 if (isp == NULL)
321 return NULL;
322
21c7eae2 323 isp->smk_inode = skp;
e114e473
CS		 324 isp->smk_flags = 0;
325 mutex_init(&isp->smk_lock);
326
327 return isp;
328}
329
7898e1f8
CS		 330/**
331 * new_task_smack - allocate a task security blob
1a28979b
LP		 332 * @task: a pointer to the Smack label for the running task
333 * @forked: a pointer to the Smack label for the forked task
334 * @gfp: type of the memory for the allocation
7898e1f8
CS		 335 *
336 * Returns the new blob or NULL if there's no memory available
337 */
2f823ff8
CS		 338static struct task_smack *new_task_smack(struct smack_known *task,
339 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 340{
341 struct task_smack *tsp;
342
343 tsp = kzalloc(sizeof(struct task_smack), gfp);
344 if (tsp == NULL)
345 return NULL;
346
347 tsp->smk_task = task;
348 tsp->smk_forked = forked;
349 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 350 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8
CS		 351 mutex_init(&tsp->smk_rules_lock);
352
353 return tsp;
354}
355
356/**
357 * smk_copy_rules - copy a rule set
1a28979b
LP		 358 * @nhead: new rules header pointer
359 * @ohead: old rules header pointer
360 * @gfp: type of the memory for the allocation
7898e1f8
CS		 361 *
362 * Returns 0 on success, -ENOMEM on error
363 */
364static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
365 gfp_t gfp)
366{
367 struct smack_rule *nrp;
368 struct smack_rule *orp;
369 int rc = 0;
370
7898e1f8
CS		 371 list_for_each_entry_rcu(orp, ohead, list) {
372 nrp = kzalloc(sizeof(struct smack_rule), gfp);
373 if (nrp == NULL) {
374 rc = -ENOMEM;
375 break;
376 }
377 *nrp = *orp;
378 list_add_rcu(&nrp->list, nhead);
379 }
380 return rc;
381}
382
38416e53
ZJ		 383/**
384 * smk_copy_relabel - copy smk_relabel labels list
385 * @nhead: new rules header pointer
386 * @ohead: old rules header pointer
387 * @gfp: type of the memory for the allocation
388 *
389 * Returns 0 on success, -ENOMEM on error
390 */
391static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
392 gfp_t gfp)
393{
394 struct smack_known_list_elem *nklep;
395 struct smack_known_list_elem *oklep;
396
38416e53
ZJ		 397 list_for_each_entry(oklep, ohead, list) {
398 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
399 if (nklep == NULL) {
400 smk_destroy_label_list(nhead);
401 return -ENOMEM;
402 }
403 nklep->smk_label = oklep->smk_label;
404 list_add(&nklep->list, nhead);
405 }
406
407 return 0;
408}
409
5663884c
LP		 410/**
411 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
412 * @mode - input mode in form of PTRACE_MODE_*
413 *
414 * Returns a converted MAY_* mode usable by smack rules
415 */
416static inline unsigned int smk_ptrace_mode(unsigned int mode)
417{
3dfb7d8c 418 if (mode & PTRACE_MODE_ATTACH)
5663884c 419 return MAY_READWRITE;
3dfb7d8c
JH		 420 if (mode & PTRACE_MODE_READ)
421 return MAY_READ;
5663884c
LP		 422
423 return 0;
424}
425
426/**
427 * smk_ptrace_rule_check - helper for ptrace access
428 * @tracer: tracer process
21c7eae2 429 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 430 * @mode: ptrace attachment mode (PTRACE_MODE_*)
431 * @func: name of the function that called us, used for audit
432 *
433 * Returns 0 on access granted, -error on error
434 */
21c7eae2
LP		 435static int smk_ptrace_rule_check(struct task_struct *tracer,
436 struct smack_known *tracee_known,
5663884c
LP		 437 unsigned int mode, const char *func)
438{
439 int rc;
440 struct smk_audit_info ad, *saip = NULL;
441 struct task_smack *tsp;
21c7eae2 442 struct smack_known *tracer_known;
dcb569cf 443 const struct cred *tracercred;
5663884c
LP		 444
445 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
446 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
447 smk_ad_setfield_u_tsk(&ad, tracer);
448 saip = &ad;
449 }
450
6d1cff2a 451 rcu_read_lock();
dcb569cf
CS		 452 tracercred = __task_cred(tracer);
453 tsp = tracercred->security;
21c7eae2 454 tracer_known = smk_of_task(tsp);
5663884c 455
66867818
LP		 456 if ((mode & PTRACE_MODE_ATTACH) &&
457 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
458 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 459 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 460 rc = 0;
461 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
462 rc = -EACCES;
dcb569cf 463 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 464 rc = 0;
465 else
466 rc = -EACCES;
467
468 if (saip)
21c7eae2
LP		 469 smack_log(tracer_known->smk_known,
470 tracee_known->smk_known,
471 0, rc, saip);
66867818 472
6d1cff2a 473 rcu_read_unlock();
66867818
LP		 474 return rc;
475 }
476
477 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 478 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 479
480 rcu_read_unlock();
5663884c
LP		 481 return rc;
482}
483
e114e473
CS		 484/*
485 * LSM hooks.
486 * We he, that is fun!
487 */
488
489/**
9e48858f 490 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 491 * @ctp: child task pointer
5663884c 492 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 493 *
494 * Returns 0 if access is OK, an error code otherwise
495 *
5663884c 496 * Do the capability checks.
e114e473 497 */
9e48858f 498static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 499{
2f823ff8 500 struct smack_known *skp;
e114e473 501
6d1cff2a 502 skp = smk_of_task_struct(ctp);
ecfcc53f 503
b1d9e6b0 504 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 505}
506
507/**
508 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
509 * @ptp: parent task pointer
510 *
511 * Returns 0 if access is OK, an error code otherwise
512 *
5663884c 513 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 514 */
515static int smack_ptrace_traceme(struct task_struct *ptp)
516{
517 int rc;
2f823ff8 518 struct smack_known *skp;
5cd9c58f 519
959e6c7f 520 skp = smk_of_task(current_security());
ecfcc53f 521
21c7eae2 522 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 523 return rc;
524}
525
526/**
527 * smack_syslog - Smack approval on syslog
528 * @type: message type
529 *
e114e473
CS		 530 * Returns 0 on success, error code otherwise.
531 */
12b3052c 532static int smack_syslog(int typefrom_file)
e114e473 533{
12b3052c 534 int rc = 0;
2f823ff8 535 struct smack_known *skp = smk_of_current();
e114e473 536
1880eff7 537 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 538 return 0;
539
24ea1b6e 540 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 541 rc = -EACCES;
542
543 return rc;
544}
545
e114e473
CS		 546/*
547 * Superblock Hooks.
548 */
549
550/**
551 * smack_sb_alloc_security - allocate a superblock blob
552 * @sb: the superblock getting the blob
553 *
554 * Returns 0 on success or -ENOMEM on error.
555 */
556static int smack_sb_alloc_security(struct super_block *sb)
557{
558 struct superblock_smack *sbsp;
559
560 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
561
562 if (sbsp == NULL)
563 return -ENOMEM;
564
21c7eae2
LP		 565 sbsp->smk_root = &smack_known_floor;
566 sbsp->smk_default = &smack_known_floor;
567 sbsp->smk_floor = &smack_known_floor;
568 sbsp->smk_hat = &smack_known_hat;
e830b394 569 /*
9f50eda2 570 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 571 */
e114e473
CS		 572 sb->s_security = sbsp;
573
574 return 0;
575}
576
577/**
578 * smack_sb_free_security - free a superblock blob
579 * @sb: the superblock getting the blob
580 *
581 */
582static void smack_sb_free_security(struct super_block *sb)
583{
584 kfree(sb->s_security);
585 sb->s_security = NULL;
586}
587
12085b14
AV		 588struct smack_mnt_opts {
589 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
590};
e114e473 591
204cc0cc
AV		 592static void smack_free_mnt_opts(void *mnt_opts)
593{
12085b14
AV		 594 struct smack_mnt_opts *opts = mnt_opts;
595 kfree(opts->fsdefault);
596 kfree(opts->fsfloor);
597 kfree(opts->fshat);
598 kfree(opts->fsroot);
599 kfree(opts->fstransmute);
204cc0cc
AV		 600 kfree(opts);
601}
e114e473 602
55c0e5bd
AV		 603static int smack_add_opt(int token, const char *s, void **mnt_opts)
604{
605 struct smack_mnt_opts *opts = *mnt_opts;
e114e473 606
55c0e5bd
AV		 607 if (!opts) {
608 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
609 if (!opts)
610 return -ENOMEM;
611 *mnt_opts = opts;
e114e473 612 }
55c0e5bd
AV		 613 if (!s)
614 return -ENOMEM;
e114e473 615
55c0e5bd
AV		 616 switch (token) {
617 case Opt_fsdefault:
618 if (opts->fsdefault)
619 goto out_opt_err;
620 opts->fsdefault = s;
621 break;
622 case Opt_fsfloor:
623 if (opts->fsfloor)
624 goto out_opt_err;
625 opts->fsfloor = s;
626 break;
627 case Opt_fshat:
628 if (opts->fshat)
629 goto out_opt_err;
630 opts->fshat = s;
631 break;
632 case Opt_fsroot:
633 if (opts->fsroot)
634 goto out_opt_err;
635 opts->fsroot = s;
636 break;
637 case Opt_fstransmute:
638 if (opts->fstransmute)
639 goto out_opt_err;
640 opts->fstransmute = s;
641 break;
642 }
e114e473 643 return 0;
55c0e5bd
AV		 644
645out_opt_err:
646 pr_warn("Smack: duplicate mount options\n");
647 return -EINVAL;
e114e473
CS		 648}
649
0b52075e
AV		 650/**
651 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
652 * @fc: The new filesystem context.
653 * @src_fc: The source filesystem context being duplicated.
654 *
655 * Returns 0 on success or -ENOMEM on error.
656 */
657static int smack_fs_context_dup(struct fs_context *fc,
658 struct fs_context *src_fc)
659{
660 struct smack_mnt_opts *dst, *src = src_fc->security;
661
662 if (!src)
663 return 0;
664
665 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
666 if (!fc->security)
667 return -ENOMEM;
668 dst = fc->security;
669
670 if (src->fsdefault) {
671 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
672 if (!dst->fsdefault)
673 return -ENOMEM;
674 }
675 if (src->fsfloor) {
676 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
677 if (!dst->fsfloor)
678 return -ENOMEM;
679 }
680 if (src->fshat) {
681 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
682 if (!dst->fshat)
683 return -ENOMEM;
684 }
685 if (src->fsroot) {
686 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
687 if (!dst->fsroot)
688 return -ENOMEM;
689 }
690 if (src->fstransmute) {
691 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
692 if (!dst->fstransmute)
693 return -ENOMEM;
694 }
695 return 0;
696}
697
2febd254
DH		 698static const struct fs_parameter_spec smack_param_specs[] = {
699 fsparam_string("fsdefault", Opt_fsdefault),
700 fsparam_string("fsfloor", Opt_fsfloor),
701 fsparam_string("fshat", Opt_fshat),
702 fsparam_string("fsroot", Opt_fsroot),
703 fsparam_string("fstransmute", Opt_fstransmute),
704 {}
705};
706
707static const struct fs_parameter_description smack_fs_parameters = {
708 .name = "smack",
709 .specs = smack_param_specs,
710};
711
712/**
713 * smack_fs_context_parse_param - Parse a single mount parameter
714 * @fc: The new filesystem context being constructed.
715 * @param: The parameter.
716 *
717 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
718 * error.
719 */
720static int smack_fs_context_parse_param(struct fs_context *fc,
721 struct fs_parameter *param)
722{
723 struct fs_parse_result result;
724 int opt, rc;
725
726 opt = fs_parse(fc, &smack_fs_parameters, param, &result);
727 if (opt < 0)
728 return opt;
729
730 rc = smack_add_opt(opt, param->string, &fc->security);
731 if (!rc)
732 param->string = NULL;
733 return rc;
734}
735
d2497e12 736static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
3bf2789c 737{
d2497e12
AV		 738 char *from = options, *to = options;
739 bool first = true;
3bf2789c 740
c3300aaf
AV		 741 while (1) {
742 char *next = strchr(from, ',');
743 int token, len, rc;
744 char *arg = NULL;
3bf2789c 745
c3300aaf
AV		 746 if (next)
747 len = next - from;
748 else
749 len = strlen(from);
3bf2789c 750
c3300aaf 751 token = match_opt_prefix(from, len, &arg);
d2497e12
AV		 752 if (token != Opt_error) {
753 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
754 rc = smack_add_opt(token, arg, mnt_opts);
755 if (unlikely(rc)) {
756 kfree(arg);
757 if (*mnt_opts)
758 smack_free_mnt_opts(*mnt_opts);
759 *mnt_opts = NULL;
760 return rc;
761 }
762 } else {
763 if (!first) { // copy with preceding comma
764 from--;
765 len++;
766 }
767 if (to != from)
768 memmove(to, from, len);
769 to += len;
770 first = false;
3bf2789c 771 }
c3300aaf
AV		 772 if (!from[len])
773 break;
774 from += len + 1;
3bf2789c 775 }
d2497e12 776 *to = '\0';
3bf2789c 777 return 0;
3bf2789c
VT		 778}
779
780/**
781 * smack_set_mnt_opts - set Smack specific mount options
e114e473 782 * @sb: the file system superblock
3bf2789c
VT		 783 * @opts: Smack mount options
784 * @kern_flags: mount option from kernel space or user space
785 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 786 *
787 * Returns 0 on success, an error code on failure
3bf2789c
VT		 788 *
789 * Allow filesystems with binary mount data to explicitly set Smack mount
790 * labels.
e114e473 791 */
3bf2789c 792static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 793 void *mnt_opts,
3bf2789c
VT		 794 unsigned long kern_flags,
795 unsigned long *set_kern_flags)
e114e473
CS		 796{
797 struct dentry *root = sb->s_root;
c6f493d6 798 struct inode *inode = d_backing_inode(root);
e114e473
CS		 799 struct superblock_smack *sp = sb->s_security;
800 struct inode_smack *isp;
24ea1b6e 801 struct smack_known *skp;
12085b14
AV		 802 struct smack_mnt_opts *opts = mnt_opts;
803 bool transmute = false;
e114e473 804
9f50eda2 805 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 806 return 0;
eb982cb4 807
2097f599
HS		 808 if (!smack_privileged(CAP_MAC_ADMIN)) {
809 /*
810 * Unprivileged mounts don't get to specify Smack values.
811 */
12085b14 812 if (opts)
2097f599
HS		 813 return -EPERM;
814 /*
815 * Unprivileged mounts get root and default from the caller.
816 */
817 skp = smk_of_current();
818 sp->smk_root = skp;
819 sp->smk_default = skp;
820 /*
821 * For a handful of fs types with no user-controlled
822 * backing store it's okay to trust security labels
823 * in the filesystem. The rest are untrusted.
824 */
825 if (sb->s_user_ns != &init_user_ns &&
826 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
827 sb->s_magic != RAMFS_MAGIC) {
12085b14 828 transmute = true;
2097f599
HS		 829 sp->smk_flags |= SMK_SB_UNTRUSTED;
830 }
831 }
832
9f50eda2 833 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 834
12085b14
AV		 835 if (opts) {
836 if (opts->fsdefault) {
837 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 838 if (IS_ERR(skp))
839 return PTR_ERR(skp);
3bf2789c 840 sp->smk_default = skp;
12085b14
AV		 841 }
842 if (opts->fsfloor) {
843 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 844 if (IS_ERR(skp))
845 return PTR_ERR(skp);
846 sp->smk_floor = skp;
12085b14
AV		 847 }
848 if (opts->fshat) {
849 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 850 if (IS_ERR(skp))
851 return PTR_ERR(skp);
3bf2789c 852 sp->smk_hat = skp;
12085b14
AV		 853 }
854 if (opts->fsroot) {
855 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 856 if (IS_ERR(skp))
857 return PTR_ERR(skp);
858 sp->smk_root = skp;
12085b14
AV		 859 }
860 if (opts->fstransmute) {
861 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 862 if (IS_ERR(skp))
863 return PTR_ERR(skp);
864 sp->smk_root = skp;
12085b14 865 transmute = true;
e114e473
CS		 866 }
867 }
868
869 /*
870 * Initialize the root inode.
871 */
872 isp = inode->i_security;
55dfc5da
JB		 873 if (isp == NULL) {
874 isp = new_inode_smack(sp->smk_root);
875 if (isp == NULL)
876 return -ENOMEM;
877 inode->i_security = isp;
e830b394 878 } else
e114e473
CS		 879 isp->smk_inode = sp->smk_root;
880
e830b394
CS		 881 if (transmute)
882 isp->smk_flags |= SMK_INODE_TRANSMUTE;
883
e114e473
CS		 884 return 0;
885}
886
887/**
888 * smack_sb_statfs - Smack check on statfs
889 * @dentry: identifies the file system in question
890 *
891 * Returns 0 if current can read the floor of the filesystem,
892 * and error code otherwise
893 */
894static int smack_sb_statfs(struct dentry *dentry)
895{
896 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 897 int rc;
898 struct smk_audit_info ad;
899
a269434d 900 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 901 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 902
ecfcc53f 903 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 904 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 905 return rc;
e114e473
CS		 906}
907
676dac4b
CS		 908/*
909 * BPRM hooks
910 */
911
ce8a4321
CS		 912/**
913 * smack_bprm_set_creds - set creds for exec
914 * @bprm: the exec information
915 *
5663884c 916 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 917 */
676dac4b
CS		 918static int smack_bprm_set_creds(struct linux_binprm *bprm)
919{
496ad9aa 920 struct inode *inode = file_inode(bprm->file);
84088ba2 921 struct task_smack *bsp = bprm->cred->security;
676dac4b 922 struct inode_smack *isp;
809c02e0 923 struct superblock_smack *sbsp;
676dac4b
CS		 924 int rc;
925
ddb4a144 926 if (bprm->called_set_creds)
676dac4b
CS		 927 return 0;
928
84088ba2
JS		 929 isp = inode->i_security;
930 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 931 return 0;
932
809c02e0
SF		 933 sbsp = inode->i_sb->s_security;
934 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
935 isp->smk_task != sbsp->smk_root)
936 return 0;
937
9227dd2a 938 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 939 struct task_struct *tracer;
940 rc = 0;
941
942 rcu_read_lock();
943 tracer = ptrace_parent(current);
944 if (likely(tracer != NULL))
945 rc = smk_ptrace_rule_check(tracer,
21c7eae2 946 isp->smk_task,
5663884c
LP		 947 PTRACE_MODE_ATTACH,
948 __func__);
949 rcu_read_unlock();
950
951 if (rc != 0)
952 return rc;
953 } else if (bprm->unsafe)
84088ba2 954 return -EPERM;
676dac4b 955
84088ba2
JS		 956 bsp->smk_task = isp->smk_task;
957 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 958
ccbb6e10
KC		 959 /* Decide if this is a secure exec. */
960 if (bsp->smk_task != bsp->smk_forked)
961 bprm->secureexec = 1;
962
84088ba2
JS		 963 return 0;
964}
676dac4b 965
e114e473
CS		 966/*
967 * Inode hooks
968 */
969
970/**
971 * smack_inode_alloc_security - allocate an inode blob
251a2a95 972 * @inode: the inode in need of a blob
e114e473
CS		 973 *
974 * Returns 0 if it gets a blob, -ENOMEM otherwise
975 */
976static int smack_inode_alloc_security(struct inode *inode)
977{
2f823ff8
CS		 978 struct smack_known *skp = smk_of_current();
979
21c7eae2 980 inode->i_security = new_inode_smack(skp);
e114e473
CS		 981 if (inode->i_security == NULL)
982 return -ENOMEM;
983 return 0;
984}
985
986/**
3d4f673a
HS		 987 * smack_inode_free_rcu - Free inode_smack blob from cache
988 * @head: the rcu_head for getting inode_smack pointer
989 *
990 * Call back function called from call_rcu() to free
991 * the i_security blob pointer in inode
992 */
993static void smack_inode_free_rcu(struct rcu_head *head)
994{
995 struct inode_smack *issp;
996
997 issp = container_of(head, struct inode_smack, smk_rcu);
998 kmem_cache_free(smack_inode_cache, issp);
999}
1000
1001/**
1002 * smack_inode_free_security - free an inode blob using call_rcu()
251a2a95 1003 * @inode: the inode with a blob
e114e473 1004 *
3d4f673a 1005 * Clears the blob pointer in inode using RCU
e114e473
CS		 1006 */
1007static void smack_inode_free_security(struct inode *inode)
1008{
3d4f673a
HS		 1009 struct inode_smack *issp = inode->i_security;
1010
1011 /*
1012 * The inode may still be referenced in a path walk and
1013 * a call to smack_inode_permission() can be made
1014 * after smack_inode_free_security() is called.
1015 * To avoid race condition free the i_security via RCU
1016 * and leave the current inode->i_security pointer intact.
1017 * The inode will be freed after the RCU grace period too.
1018 */
1019 call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
e114e473
CS		 1020}
1021
1022/**
1023 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 1024 * @inode: the newly created inode
1025 * @dir: containing directory object
2a7dba39 1026 * @qstr: unused
e114e473
CS		 1027 * @name: where to put the attribute name
1028 * @value: where to put the attribute value
1029 * @len: where to put the length of the attribute
1030 *
1031 * Returns 0 if it all works out, -ENOMEM if there's no memory
1032 */
1033static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 1034 const struct qstr *qstr, const char **name,
2a7dba39 1035 void **value, size_t *len)
e114e473 1036{
2267b13a 1037 struct inode_smack *issp = inode->i_security;
2f823ff8 1038 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 1039 struct smack_known *isp = smk_of_inode(inode);
1040 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 1041 int may;
e114e473 1042
9548906b
TH		 1043 if (name)
1044 *name = XATTR_SMACK_SUFFIX;
e114e473 1045
68390ccf 1046 if (value && len) {
7898e1f8 1047 rcu_read_lock();
21c7eae2
LP		 1048 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1049 &skp->smk_rules);
7898e1f8 1050 rcu_read_unlock();
5c6d1125
JS		 1051
1052 /*
1053 * If the access rule allows transmutation and
1054 * the directory requests transmutation then
1055 * by all means transmute.
2267b13a 1056 * Mark the inode as changed.
5c6d1125 1057 */
7898e1f8 1058 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 1059 smk_inode_transmutable(dir)) {
5c6d1125 1060 isp = dsp;
2267b13a
CS		 1061 issp->smk_flags |= SMK_INODE_CHANGED;
1062 }
5c6d1125 1063
21c7eae2 1064 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 1065 if (*value == NULL)
1066 return -ENOMEM;
e114e473 1067
21c7eae2 1068 *len = strlen(isp->smk_known);
68390ccf 1069 }
e114e473
CS		 1070
1071 return 0;
1072}
1073
1074/**
1075 * smack_inode_link - Smack check on link
1076 * @old_dentry: the existing object
1077 * @dir: unused
1078 * @new_dentry: the new object
1079 *
1080 * Returns 0 if access is permitted, an error code otherwise
1081 */
1082static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1083 struct dentry *new_dentry)
1084{
21c7eae2 1085 struct smack_known *isp;
ecfcc53f
EB		 1086 struct smk_audit_info ad;
1087 int rc;
1088
a269434d 1089 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1090 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1091
c6f493d6 1092 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1093 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1094 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1095
8802565b 1096 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1097 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1098 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1099 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1100 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1101 }
1102
1103 return rc;
1104}
1105
1106/**
1107 * smack_inode_unlink - Smack check on inode deletion
1108 * @dir: containing directory object
1109 * @dentry: file to unlink
1110 *
1111 * Returns 0 if current can write the containing directory
1112 * and the object, error code otherwise
1113 */
1114static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1115{
c6f493d6 1116 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1117 struct smk_audit_info ad;
e114e473
CS		 1118 int rc;
1119
a269434d 1120 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1121 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1122
e114e473
CS		 1123 /*
1124 * You need write access to the thing you're unlinking
1125 */
ecfcc53f 1126 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1127 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1128 if (rc == 0) {
e114e473
CS		 1129 /*
1130 * You also need write access to the containing directory
1131 */
cdb56b60 1132 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1133 smk_ad_setfield_u_fs_inode(&ad, dir);
1134 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1135 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1136 }
e114e473
CS		 1137 return rc;
1138}
1139
1140/**
1141 * smack_inode_rmdir - Smack check on directory deletion
1142 * @dir: containing directory object
1143 * @dentry: directory to unlink
1144 *
1145 * Returns 0 if current can write the containing directory
1146 * and the directory, error code otherwise
1147 */
1148static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1149{
ecfcc53f 1150 struct smk_audit_info ad;
e114e473
CS		 1151 int rc;
1152
a269434d 1153 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1154 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1155
e114e473
CS		 1156 /*
1157 * You need write access to the thing you're removing
1158 */
c6f493d6
DH		 1159 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1160 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1161 if (rc == 0) {
e114e473
CS		 1162 /*
1163 * You also need write access to the containing directory
1164 */
cdb56b60 1165 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1166 smk_ad_setfield_u_fs_inode(&ad, dir);
1167 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1168 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1169 }
e114e473
CS		 1170
1171 return rc;
1172}
1173
1174/**
1175 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1176 * @old_inode: unused
1177 * @old_dentry: the old object
1178 * @new_inode: unused
1179 * @new_dentry: the new object
e114e473
CS		 1180 *
1181 * Read and write access is required on both the old and
1182 * new directories.
1183 *
1184 * Returns 0 if access is permitted, an error code otherwise
1185 */
1186static int smack_inode_rename(struct inode *old_inode,
1187 struct dentry *old_dentry,
1188 struct inode *new_inode,
1189 struct dentry *new_dentry)
1190{
1191 int rc;
21c7eae2 1192 struct smack_known *isp;
ecfcc53f
EB		 1193 struct smk_audit_info ad;
1194
a269434d 1195 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1196 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1197
c6f493d6 1198 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1199 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1200 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1201
8802565b 1202 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1203 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1204 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1205 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1206 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1207 }
e114e473
CS		 1208 return rc;
1209}
1210
1211/**
1212 * smack_inode_permission - Smack version of permission()
1213 * @inode: the inode in question
1214 * @mask: the access requested
e114e473
CS		 1215 *
1216 * This is the important Smack hook.
1217 *
1218 * Returns 0 if access is permitted, -EACCES otherwise
1219 */
e74f71eb 1220static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1221{
9f50eda2 1222 struct superblock_smack *sbsp = inode->i_sb->s_security;
ecfcc53f 1223 struct smk_audit_info ad;
e74f71eb 1224 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1225 int rc;
d09ca739
EP		 1226
1227 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1228 /*
1229 * No permission to check. Existence test. Yup, it's there.
1230 */
1231 if (mask == 0)
1232 return 0;
8c9e80ed 1233
9f50eda2
SF		 1234 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1235 if (smk_of_inode(inode) != sbsp->smk_root)
1236 return -EACCES;
1237 }
1238
8c9e80ed 1239 /* May be droppable after audit */
e74f71eb 1240 if (no_block)
8c9e80ed 1241 return -ECHILD;
f48b7399 1242 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1243 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1244 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1245 rc = smk_bu_inode(inode, mask, rc);
1246 return rc;
e114e473
CS		 1247}
1248
1249/**
1250 * smack_inode_setattr - Smack check for setting attributes
1251 * @dentry: the object
1252 * @iattr: for the force flag
1253 *
1254 * Returns 0 if access is permitted, an error code otherwise
1255 */
1256static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1257{
ecfcc53f 1258 struct smk_audit_info ad;
d166c802
CS		 1259 int rc;
1260
e114e473
CS		 1261 /*
1262 * Need to allow for clearing the setuid bit.
1263 */
1264 if (iattr->ia_valid & ATTR_FORCE)
1265 return 0;
a269434d 1266 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1267 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1268
c6f493d6
DH		 1269 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1270 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1271 return rc;
e114e473
CS		 1272}
1273
1274/**
1275 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1276 * @mnt: vfsmount of the object
e114e473
CS		 1277 * @dentry: the object
1278 *
1279 * Returns 0 if access is permitted, an error code otherwise
1280 */
3f7036a0 1281static int smack_inode_getattr(const struct path *path)
e114e473 1282{
ecfcc53f 1283 struct smk_audit_info ad;
c6f493d6 1284 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1285 int rc;
ecfcc53f 1286
f48b7399 1287 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1288 smk_ad_setfield_u_fs_path(&ad, *path);
1289 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1290 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1291 return rc;
e114e473
CS		 1292}
1293
1294/**
1295 * smack_inode_setxattr - Smack check for setting xattrs
1296 * @dentry: the object
1297 * @name: name of the attribute
e95ef49b
LP		 1298 * @value: value of the attribute
1299 * @size: size of the value
e114e473
CS		 1300 * @flags: unused
1301 *
1302 * This protects the Smack attribute explicitly.
1303 *
1304 * Returns 0 if access is permitted, an error code otherwise
1305 */
8f0cfa52
DH		 1306static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1307 const void *value, size_t size, int flags)
e114e473 1308{
ecfcc53f 1309 struct smk_audit_info ad;
19760ad0
CS		 1310 struct smack_known *skp;
1311 int check_priv = 0;
1312 int check_import = 0;
1313 int check_star = 0;
bcdca225 1314 int rc = 0;
e114e473 1315
19760ad0
CS		 1316 /*
1317 * Check label validity here so import won't fail in post_setxattr
1318 */
bcdca225
CS		 1319 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1320 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1321 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1322 check_priv = 1;
1323 check_import = 1;
1324 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1325 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1326 check_priv = 1;
1327 check_import = 1;
1328 check_star = 1;
5c6d1125 1329 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1330 check_priv = 1;
5c6d1125
JS		 1331 if (size != TRANS_TRUE_SIZE ||
1332 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1333 rc = -EINVAL;
bcdca225
CS		 1334 } else
1335 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1336
19760ad0
CS		 1337 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1338 rc = -EPERM;
1339
1340 if (rc == 0 && check_import) {
b862e561 1341 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1342 if (IS_ERR(skp))
1343 rc = PTR_ERR(skp);
1344 else if (skp == NULL || (check_star &&
19760ad0
CS		 1345 (skp == &smack_known_star || skp == &smack_known_web)))
1346 rc = -EINVAL;
1347 }
1348
a269434d 1349 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1350 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1351
d166c802 1352 if (rc == 0) {
c6f493d6
DH		 1353 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1354 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1355 }
bcdca225
CS		 1356
1357 return rc;
e114e473
CS		 1358}
1359
1360/**
1361 * smack_inode_post_setxattr - Apply the Smack update approved above
1362 * @dentry: object
1363 * @name: attribute name
1364 * @value: attribute value
1365 * @size: attribute size
1366 * @flags: unused
1367 *
1368 * Set the pointer in the inode blob to the entry found
1369 * in the master label list.
1370 */
8f0cfa52
DH		 1371static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1372 const void *value, size_t size, int flags)
e114e473 1373{
2f823ff8 1374 struct smack_known *skp;
c6f493d6 1375 struct inode_smack *isp = d_backing_inode(dentry)->i_security;
676dac4b 1376
2f823ff8
CS		 1377 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1378 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1379 return;
1380 }
1381
676dac4b 1382 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1383 skp = smk_import_entry(value, size);
e774ad68 1384 if (!IS_ERR(skp))
21c7eae2 1385 isp->smk_inode = skp;
5c6d1125 1386 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1387 skp = smk_import_entry(value, size);
e774ad68 1388 if (!IS_ERR(skp))
2f823ff8 1389 isp->smk_task = skp;
7898e1f8 1390 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1391 skp = smk_import_entry(value, size);
e774ad68 1392 if (!IS_ERR(skp))
2f823ff8 1393 isp->smk_mmap = skp;
2f823ff8 1394 }
e114e473
CS		 1395
1396 return;
1397}
1398
ce8a4321 1399/**
e114e473
CS		 1400 * smack_inode_getxattr - Smack check on getxattr
1401 * @dentry: the object
1402 * @name: unused
1403 *
1404 * Returns 0 if access is permitted, an error code otherwise
1405 */
8f0cfa52 1406static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1407{
ecfcc53f 1408 struct smk_audit_info ad;
d166c802 1409 int rc;
ecfcc53f 1410
a269434d 1411 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1412 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1413
c6f493d6
DH		 1414 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1415 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1416 return rc;
e114e473
CS		 1417}
1418
ce8a4321 1419/**
e114e473
CS		 1420 * smack_inode_removexattr - Smack check on removexattr
1421 * @dentry: the object
1422 * @name: name of the attribute
1423 *
1424 * Removing the Smack attribute requires CAP_MAC_ADMIN
1425 *
1426 * Returns 0 if access is permitted, an error code otherwise
1427 */
8f0cfa52 1428static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1429{
676dac4b 1430 struct inode_smack *isp;
ecfcc53f 1431 struct smk_audit_info ad;
bcdca225 1432 int rc = 0;
e114e473 1433
bcdca225
CS		 1434 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1435 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1436 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1437 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1438 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1439 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1440 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1441 rc = -EPERM;
1442 } else
1443 rc = cap_inode_removexattr(dentry, name);
1444
f59bdfba
CS		 1445 if (rc != 0)
1446 return rc;
1447
a269434d 1448 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1449 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1450
c6f493d6
DH		 1451 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1452 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1453 if (rc != 0)
1454 return rc;
1455
c6f493d6 1456 isp = d_backing_inode(dentry)->i_security;
f59bdfba
CS		 1457 /*
1458 * Don't do anything special for these.
1459 * XATTR_NAME_SMACKIPIN
1460 * XATTR_NAME_SMACKIPOUT
f59bdfba 1461 */
8012495e 1462 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1463 struct super_block *sbp = dentry->d_sb;
8012495e
JB		 1464 struct superblock_smack *sbsp = sbp->s_security;
1465
1466 isp->smk_inode = sbsp->smk_default;
1467 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1468 isp->smk_task = NULL;
f59bdfba 1469 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1470 isp->smk_mmap = NULL;
f59bdfba
CS		 1471 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1472 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1473
f59bdfba 1474 return 0;
e114e473
CS		 1475}
1476
1477/**
1478 * smack_inode_getsecurity - get smack xattrs
1479 * @inode: the object
1480 * @name: attribute name
1481 * @buffer: where to put the result
57e7ba04 1482 * @alloc: duplicate memory
e114e473
CS		 1483 *
1484 * Returns the size of the attribute or an error code
1485 */
ea861dfd 1486static int smack_inode_getsecurity(struct inode *inode,
e114e473
CS		 1487 const char *name, void **buffer,
1488 bool alloc)
1489{
1490 struct socket_smack *ssp;
1491 struct socket *sock;
1492 struct super_block *sbp;
1493 struct inode *ip = (struct inode *)inode;
21c7eae2 1494 struct smack_known *isp;
e114e473 1495
57e7ba04 1496 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1497 isp = smk_of_inode(inode);
57e7ba04
CS		 1498 else {
1499 /*
1500 * The rest of the Smack xattrs are only on sockets.
1501 */
1502 sbp = ip->i_sb;
1503 if (sbp->s_magic != SOCKFS_MAGIC)
1504 return -EOPNOTSUPP;
e114e473 1505
57e7ba04
CS		 1506 sock = SOCKET_I(ip);
1507 if (sock == NULL || sock->sk == NULL)
1508 return -EOPNOTSUPP;
e114e473 1509
57e7ba04 1510 ssp = sock->sk->sk_security;
e114e473 1511
57e7ba04
CS		 1512 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1513 isp = ssp->smk_in;
1514 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1515 isp = ssp->smk_out;
1516 else
1517 return -EOPNOTSUPP;
1518 }
e114e473 1519
57e7ba04
CS		 1520 if (alloc) {
1521 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1522 if (*buffer == NULL)
1523 return -ENOMEM;
e114e473
CS		 1524 }
1525
57e7ba04 1526 return strlen(isp->smk_known);
e114e473
CS		 1527}
1528
1529
1530/**
1531 * smack_inode_listsecurity - list the Smack attributes
1532 * @inode: the object
1533 * @buffer: where they go
1534 * @buffer_size: size of buffer
e114e473
CS		 1535 */
1536static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1537 size_t buffer_size)
1538{
fd5c9d23 1539 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1540
fd5c9d23 1541 if (buffer != NULL && len <= buffer_size)
e114e473 1542 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1543
1544 return len;
e114e473
CS		 1545}
1546
d20bdda6
AD		 1547/**
1548 * smack_inode_getsecid - Extract inode's security id
1549 * @inode: inode to extract the info from
1550 * @secid: where result will be saved
1551 */
d6335d77 1552static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1553{
0f8983cf 1554 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1555
0f8983cf 1556 *secid = skp->smk_secid;
d20bdda6
AD		 1557}
1558
e114e473
CS		 1559/*
1560 * File Hooks
1561 */
1562
491a0b08
CS		 1563/*
1564 * There is no smack_file_permission hook
e114e473
CS		 1565 *
1566 * Should access checks be done on each read or write?
1567 * UNICOS and SELinux say yes.
1568 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1569 *
1570 * I'll say no for now. Smack does not do the frequent
1571 * label changing that SELinux does.
1572 */
e114e473
CS		 1573
1574/**
1575 * smack_file_alloc_security - assign a file security blob
1576 * @file: the object
1577 *
1578 * The security blob for a file is a pointer to the master
1579 * label list, so no allocation is done.
1580 *
5e7270a6
CS		 1581 * f_security is the owner security information. It
1582 * isn't used on file access checks, it's for send_sigio.
1583 *
e114e473
CS		 1584 * Returns 0
1585 */
1586static int smack_file_alloc_security(struct file *file)
1587{
2f823ff8
CS		 1588 struct smack_known *skp = smk_of_current();
1589
21c7eae2 1590 file->f_security = skp;
e114e473
CS		 1591 return 0;
1592}
1593
1594/**
1595 * smack_file_free_security - clear a file security blob
1596 * @file: the object
1597 *
1598 * The security blob for a file is a pointer to the master
1599 * label list, so no memory is freed.
1600 */
1601static void smack_file_free_security(struct file *file)
1602{
1603 file->f_security = NULL;
1604}
1605
1606/**
1607 * smack_file_ioctl - Smack check on ioctls
1608 * @file: the object
1609 * @cmd: what to do
1610 * @arg: unused
1611 *
1612 * Relies heavily on the correct use of the ioctl command conventions.
1613 *
1614 * Returns 0 if allowed, error code otherwise
1615 */
1616static int smack_file_ioctl(struct file *file, unsigned int cmd,
1617 unsigned long arg)
1618{
1619 int rc = 0;
ecfcc53f 1620 struct smk_audit_info ad;
5e7270a6 1621 struct inode *inode = file_inode(file);
ecfcc53f 1622
83a1e53f
SWK		 1623 if (unlikely(IS_PRIVATE(inode)))
1624 return 0;
1625
f48b7399 1626 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1627 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1628
d166c802 1629 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1630 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1631 rc = smk_bu_file(file, MAY_WRITE, rc);
1632 }
e114e473 1633
d166c802 1634 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1635 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1636 rc = smk_bu_file(file, MAY_READ, rc);
1637 }
e114e473
CS		 1638
1639 return rc;
1640}
1641
1642/**
1643 * smack_file_lock - Smack check on file locking
1644 * @file: the object
251a2a95 1645 * @cmd: unused
e114e473 1646 *
c0ab6e56 1647 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1648 */
1649static int smack_file_lock(struct file *file, unsigned int cmd)
1650{
ecfcc53f 1651 struct smk_audit_info ad;
d166c802 1652 int rc;
5e7270a6 1653 struct inode *inode = file_inode(file);
ecfcc53f 1654
83a1e53f
SWK		 1655 if (unlikely(IS_PRIVATE(inode)))
1656 return 0;
1657
92f42509
EP		 1658 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1659 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1660 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1661 rc = smk_bu_file(file, MAY_LOCK, rc);
1662 return rc;
e114e473
CS		 1663}
1664
1665/**
1666 * smack_file_fcntl - Smack check on fcntl
1667 * @file: the object
1668 * @cmd: what action to check
1669 * @arg: unused
1670 *
531f1d45
CS		 1671 * Generally these operations are harmless.
1672 * File locking operations present an obvious mechanism
1673 * for passing information, so they require write access.
1674 *
e114e473
CS		 1675 * Returns 0 if current has access, error code otherwise
1676 */
1677static int smack_file_fcntl(struct file *file, unsigned int cmd,
1678 unsigned long arg)
1679{
ecfcc53f 1680 struct smk_audit_info ad;
531f1d45 1681 int rc = 0;
5e7270a6 1682 struct inode *inode = file_inode(file);
ecfcc53f 1683
83a1e53f
SWK		 1684 if (unlikely(IS_PRIVATE(inode)))
1685 return 0;
1686
e114e473 1687 switch (cmd) {
e114e473 1688 case F_GETLK:
c0ab6e56 1689 break;
e114e473
CS		 1690 case F_SETLK:
1691 case F_SETLKW:
c0ab6e56
CS		 1692 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1693 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1694 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1695 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1696 break;
e114e473
CS		 1697 case F_SETOWN:
1698 case F_SETSIG:
531f1d45
CS		 1699 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1700 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1701 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1702 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1703 break;
1704 default:
531f1d45 1705 break;
e114e473
CS		 1706 }
1707
1708 return rc;
1709}
1710
7898e1f8 1711/**
e5467859 1712 * smack_mmap_file :
7898e1f8
CS		 1713 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1714 * if mapping anonymous memory.
1715 * @file contains the file structure for file to map (may be NULL).
1716 * @reqprot contains the protection requested by the application.
1717 * @prot contains the protection that will be applied by the kernel.
1718 * @flags contains the operational flags.
1719 * Return 0 if permission is granted.
1720 */
e5467859 1721static int smack_mmap_file(struct file *file,
7898e1f8 1722 unsigned long reqprot, unsigned long prot,
e5467859 1723 unsigned long flags)
7898e1f8 1724{
272cd7a8 1725 struct smack_known *skp;
2f823ff8 1726 struct smack_known *mkp;
7898e1f8
CS		 1727 struct smack_rule *srp;
1728 struct task_smack *tsp;
21c7eae2 1729 struct smack_known *okp;
7898e1f8 1730 struct inode_smack *isp;
809c02e0 1731 struct superblock_smack *sbsp;
0e0a070d
CS		 1732 int may;
1733 int mmay;
1734 int tmay;
7898e1f8
CS		 1735 int rc;
1736
496ad9aa 1737 if (file == NULL)
7898e1f8
CS		 1738 return 0;
1739
83a1e53f
SWK		 1740 if (unlikely(IS_PRIVATE(file_inode(file))))
1741 return 0;
1742
496ad9aa 1743 isp = file_inode(file)->i_security;
7898e1f8
CS		 1744 if (isp->smk_mmap == NULL)
1745 return 0;
809c02e0
SF		 1746 sbsp = file_inode(file)->i_sb->s_security;
1747 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1748 isp->smk_mmap != sbsp->smk_root)
1749 return -EACCES;
2f823ff8 1750 mkp = isp->smk_mmap;
7898e1f8
CS		 1751
1752 tsp = current_security();
2f823ff8 1753 skp = smk_of_current();
7898e1f8
CS		 1754 rc = 0;
1755
1756 rcu_read_lock();
1757 /*
1758 * For each Smack rule associated with the subject
1759 * label verify that the SMACK64MMAP also has access
1760 * to that rule's object label.
7898e1f8 1761 */
272cd7a8 1762 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1763 okp = srp->smk_object;
7898e1f8
CS		 1764 /*
1765 * Matching labels always allows access.
1766 */
21c7eae2 1767 if (mkp->smk_known == okp->smk_known)
7898e1f8 1768 continue;
0e0a070d
CS		 1769 /*
1770 * If there is a matching local rule take
1771 * that into account as well.
1772 */
21c7eae2
LP		 1773 may = smk_access_entry(srp->smk_subject->smk_known,
1774 okp->smk_known,
1775 &tsp->smk_rules);
0e0a070d
CS		 1776 if (may == -ENOENT)
1777 may = srp->smk_access;
1778 else
1779 may &= srp->smk_access;
1780 /*
1781 * If may is zero the SMACK64MMAP subject can't
1782 * possibly have less access.
1783 */
1784 if (may == 0)
1785 continue;
1786
1787 /*
1788 * Fetch the global list entry.
1789 * If there isn't one a SMACK64MMAP subject
1790 * can't have as much access as current.
1791 */
21c7eae2
LP		 1792 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1793 &mkp->smk_rules);
0e0a070d
CS		 1794 if (mmay == -ENOENT) {
1795 rc = -EACCES;
1796 break;
1797 }
1798 /*
1799 * If there is a local entry it modifies the
1800 * potential access, too.
1801 */
21c7eae2
LP		 1802 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1803 &tsp->smk_rules);
0e0a070d
CS		 1804 if (tmay != -ENOENT)
1805 mmay &= tmay;
7898e1f8 1806
0e0a070d
CS		 1807 /*
1808 * If there is any access available to current that is
1809 * not available to a SMACK64MMAP subject
1810 * deny access.
1811 */
75a25637 1812 if ((may | mmay) != mmay) {
0e0a070d 1813 rc = -EACCES;
7898e1f8 1814 break;
0e0a070d 1815 }
7898e1f8
CS		 1816 }
1817
1818 rcu_read_unlock();
1819
1820 return rc;
1821}
1822
e114e473
CS		 1823/**
1824 * smack_file_set_fowner - set the file security blob value
1825 * @file: object in question
1826 *
e114e473 1827 */
e0b93edd 1828static void smack_file_set_fowner(struct file *file)
e114e473 1829{
5e7270a6 1830 file->f_security = smk_of_current();
e114e473
CS		 1831}
1832
1833/**
1834 * smack_file_send_sigiotask - Smack on sigio
1835 * @tsk: The target task
1836 * @fown: the object the signal come from
1837 * @signum: unused
1838 *
1839 * Allow a privileged task to get signals even if it shouldn't
1840 *
1841 * Returns 0 if a subject with the object's smack could
1842 * write to the task, an error code otherwise.
1843 */
1844static int smack_file_send_sigiotask(struct task_struct *tsk,
1845 struct fown_struct *fown, int signum)
1846{
2f823ff8
CS		 1847 struct smack_known *skp;
1848 struct smack_known *tkp = smk_of_task(tsk->cred->security);
dcb569cf 1849 const struct cred *tcred;
e114e473
CS		 1850 struct file *file;
1851 int rc;
ecfcc53f 1852 struct smk_audit_info ad;
e114e473
CS		 1853
1854 /*
1855 * struct fown_struct is never outside the context of a struct file
1856 */
1857 file = container_of(fown, struct file, f_owner);
7898e1f8 1858
ecfcc53f 1859 /* we don't log here as rc can be overriden */
21c7eae2 1860 skp = file->f_security;
c60b9066
CS		 1861 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1862 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1863
1864 rcu_read_lock();
1865 tcred = __task_cred(tsk);
1866 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1867 rc = 0;
dcb569cf 1868 rcu_read_unlock();
ecfcc53f
EB		 1869
1870 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1871 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1872 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1873 return rc;
1874}
1875
1876/**
1877 * smack_file_receive - Smack file receive check
1878 * @file: the object
1879 *
1880 * Returns 0 if current has access, error code otherwise
1881 */
1882static int smack_file_receive(struct file *file)
1883{
d166c802 1884 int rc;
e114e473 1885 int may = 0;
ecfcc53f 1886 struct smk_audit_info ad;
5e7270a6 1887 struct inode *inode = file_inode(file);
79be0935
CS		 1888 struct socket *sock;
1889 struct task_smack *tsp;
1890 struct socket_smack *ssp;
e114e473 1891
9777582e
SWK		 1892 if (unlikely(IS_PRIVATE(inode)))
1893 return 0;
1894
4482a44f 1895 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1896 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1897
51d59af2 1898 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935
CS		 1899 sock = SOCKET_I(inode);
1900 ssp = sock->sk->sk_security;
1901 tsp = current_security();
1902 /*
1903 * If the receiving process can't write to the
1904 * passed socket or if the passed socket can't
1905 * write to the receiving process don't accept
1906 * the passed socket.
1907 */
1908 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1909 rc = smk_bu_file(file, may, rc);
1910 if (rc < 0)
1911 return rc;
1912 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1913 rc = smk_bu_file(file, may, rc);
1914 return rc;
1915 }
e114e473
CS		 1916 /*
1917 * This code relies on bitmasks.
1918 */
1919 if (file->f_mode & FMODE_READ)
1920 may = MAY_READ;
1921 if (file->f_mode & FMODE_WRITE)
1922 may |= MAY_WRITE;
1923
5e7270a6 1924 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1925 rc = smk_bu_file(file, may, rc);
1926 return rc;
e114e473
CS		 1927}
1928
531f1d45 1929/**
83d49856 1930 * smack_file_open - Smack dentry open processing
531f1d45 1931 * @file: the object
a6834c0b 1932 * @cred: task credential
531f1d45
CS		 1933 *
1934 * Set the security blob in the file structure.
a6834c0b
CS		 1935 * Allow the open only if the task has read access. There are
1936 * many read operations (e.g. fstat) that you can do with an
1937 * fd even if you have the file open write-only.
531f1d45
CS		 1938 *
1939 * Returns 0
1940 */
94817692 1941static int smack_file_open(struct file *file)
531f1d45 1942{
94817692 1943 struct task_smack *tsp = file->f_cred->security;
5e7270a6 1944 struct inode *inode = file_inode(file);
a6834c0b
CS		 1945 struct smk_audit_info ad;
1946 int rc;
531f1d45 1947
a6834c0b
CS		 1948 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1949 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1950 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 1951 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 1952
1953 return rc;
531f1d45
CS		 1954}
1955
e114e473
CS		 1956/*
1957 * Task hooks
1958 */
1959
ee18d64c
DH		 1960/**
1961 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1962 * @new: the new credentials
1963 * @gfp: the atomicity of any memory allocations
1964 *
1965 * Prepare a blank set of credentials for modification. This must allocate all
1966 * the memory the LSM module might require such that cred_transfer() can
1967 * complete without error.
1968 */
1969static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1970{
7898e1f8
CS		 1971 struct task_smack *tsp;
1972
1973 tsp = new_task_smack(NULL, NULL, gfp);
1974 if (tsp == NULL)
676dac4b 1975 return -ENOMEM;
7898e1f8
CS		 1976
1977 cred->security = tsp;
1978
ee18d64c
DH		 1979 return 0;
1980}
1981
1982
e114e473 1983/**
f1752eec
DH		 1984 * smack_cred_free - "free" task-level security credentials
1985 * @cred: the credentials in question
e114e473 1986 *
e114e473 1987 */
f1752eec 1988static void smack_cred_free(struct cred *cred)
e114e473 1989{
7898e1f8
CS		 1990 struct task_smack *tsp = cred->security;
1991 struct smack_rule *rp;
1992 struct list_head *l;
1993 struct list_head *n;
1994
1995 if (tsp == NULL)
1996 return;
1997 cred->security = NULL;
1998
38416e53
ZJ		 1999 smk_destroy_label_list(&tsp->smk_relabel);
2000
7898e1f8
CS		 2001 list_for_each_safe(l, n, &tsp->smk_rules) {
2002 rp = list_entry(l, struct smack_rule, list);
2003 list_del(&rp->list);
2004 kfree(rp);
2005 }
2006 kfree(tsp);
e114e473
CS		 2007}
2008
d84f4f99
DH		 2009/**
2010 * smack_cred_prepare - prepare new set of credentials for modification
2011 * @new: the new credentials
2012 * @old: the original credentials
2013 * @gfp: the atomicity of any memory allocations
2014 *
2015 * Prepare a new set of credentials for modification.
2016 */
2017static int smack_cred_prepare(struct cred *new, const struct cred *old,
2018 gfp_t gfp)
2019{
676dac4b
CS		 2020 struct task_smack *old_tsp = old->security;
2021 struct task_smack *new_tsp;
7898e1f8 2022 int rc;
676dac4b 2023
7898e1f8 2024 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 2025 if (new_tsp == NULL)
2026 return -ENOMEM;
2027
b437aba8
HS		 2028 new->security = new_tsp;
2029
7898e1f8
CS		 2030 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2031 if (rc != 0)
2032 return rc;
2033
38416e53
ZJ		 2034 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2035 gfp);
2036 if (rc != 0)
2037 return rc;
2038
d84f4f99
DH		 2039 return 0;
2040}
2041
ee18d64c
DH		 2042/**
2043 * smack_cred_transfer - Transfer the old credentials to the new credentials
2044 * @new: the new credentials
2045 * @old: the original credentials
2046 *
2047 * Fill in a set of blank credentials from another set of credentials.
2048 */
2049static void smack_cred_transfer(struct cred *new, const struct cred *old)
2050{
676dac4b
CS		 2051 struct task_smack *old_tsp = old->security;
2052 struct task_smack *new_tsp = new->security;
2053
2054 new_tsp->smk_task = old_tsp->smk_task;
2055 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 2056 mutex_init(&new_tsp->smk_rules_lock);
2057 INIT_LIST_HEAD(&new_tsp->smk_rules);
2058
2059
2060 /* cbs copy rule list */
ee18d64c
DH		 2061}
2062
3ec30113
MG		 2063/**
2064 * smack_cred_getsecid - get the secid corresponding to a creds structure
2065 * @c: the object creds
2066 * @secid: where to put the result
2067 *
2068 * Sets the secid to contain a u32 version of the smack label.
2069 */
2070static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2071{
2072 struct smack_known *skp;
2073
2074 rcu_read_lock();
2075 skp = smk_of_task(c->security);
2076 *secid = skp->smk_secid;
2077 rcu_read_unlock();
2078}
2079
3a3b7ce9
DH		 2080/**
2081 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2082 * @new: points to the set of credentials to be modified.
2083 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2084 *
2085 * Set the security data for a kernel service.
2086 */
2087static int smack_kernel_act_as(struct cred *new, u32 secid)
2088{
676dac4b 2089 struct task_smack *new_tsp = new->security;
3a3b7ce9 2090
152f91d4 2091 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2092 return 0;
2093}
2094
2095/**
2096 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2097 * @new: points to the set of credentials to be modified
2098 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2099 *
2100 * Set the file creation context in a set of credentials to the same
2101 * as the objective context of the specified inode
2102 */
2103static int smack_kernel_create_files_as(struct cred *new,
2104 struct inode *inode)
2105{
2106 struct inode_smack *isp = inode->i_security;
676dac4b 2107 struct task_smack *tsp = new->security;
3a3b7ce9 2108
21c7eae2 2109 tsp->smk_forked = isp->smk_inode;
2f823ff8 2110 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2111 return 0;
2112}
2113
ecfcc53f
EB		 2114/**
2115 * smk_curacc_on_task - helper to log task related access
2116 * @p: the task object
531f1d45
CS		 2117 * @access: the access requested
2118 * @caller: name of the calling function for audit
ecfcc53f
EB		 2119 *
2120 * Return 0 if access is permitted
2121 */
531f1d45
CS		 2122static int smk_curacc_on_task(struct task_struct *p, int access,
2123 const char *caller)
ecfcc53f
EB		 2124{
2125 struct smk_audit_info ad;
6d1cff2a 2126 struct smack_known *skp = smk_of_task_struct(p);
d166c802 2127 int rc;
ecfcc53f 2128
531f1d45 2129 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2130 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2131 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2132 rc = smk_bu_task(p, access, rc);
2133 return rc;
ecfcc53f
EB		 2134}
2135
e114e473
CS		 2136/**
2137 * smack_task_setpgid - Smack check on setting pgid
2138 * @p: the task object
2139 * @pgid: unused
2140 *
2141 * Return 0 if write access is permitted
2142 */
2143static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2144{
531f1d45 2145 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2146}
2147
2148/**
2149 * smack_task_getpgid - Smack access check for getpgid
2150 * @p: the object task
2151 *
2152 * Returns 0 if current can read the object task, error code otherwise
2153 */
2154static int smack_task_getpgid(struct task_struct *p)
2155{
531f1d45 2156 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2157}
2158
2159/**
2160 * smack_task_getsid - Smack access check for getsid
2161 * @p: the object task
2162 *
2163 * Returns 0 if current can read the object task, error code otherwise
2164 */
2165static int smack_task_getsid(struct task_struct *p)
2166{
531f1d45 2167 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2168}
2169
2170/**
2171 * smack_task_getsecid - get the secid of the task
2172 * @p: the object task
2173 * @secid: where to put the result
2174 *
2175 * Sets the secid to contain a u32 version of the smack label.
2176 */
2177static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2178{
6d1cff2a 2179 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 2180
2181 *secid = skp->smk_secid;
e114e473
CS		 2182}
2183
2184/**
2185 * smack_task_setnice - Smack check on setting nice
2186 * @p: the task object
2187 * @nice: unused
2188 *
2189 * Return 0 if write access is permitted
2190 */
2191static int smack_task_setnice(struct task_struct *p, int nice)
2192{
b1d9e6b0 2193 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2194}
2195
2196/**
2197 * smack_task_setioprio - Smack check on setting ioprio
2198 * @p: the task object
2199 * @ioprio: unused
2200 *
2201 * Return 0 if write access is permitted
2202 */
2203static int smack_task_setioprio(struct task_struct *p, int ioprio)
2204{
b1d9e6b0 2205 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2206}
2207
2208/**
2209 * smack_task_getioprio - Smack check on reading ioprio
2210 * @p: the task object
2211 *
2212 * Return 0 if read access is permitted
2213 */
2214static int smack_task_getioprio(struct task_struct *p)
2215{
531f1d45 2216 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2217}
2218
2219/**
2220 * smack_task_setscheduler - Smack check on setting scheduler
2221 * @p: the task object
2222 * @policy: unused
2223 * @lp: unused
2224 *
2225 * Return 0 if read access is permitted
2226 */
b0ae1981 2227static int smack_task_setscheduler(struct task_struct *p)
e114e473 2228{
b1d9e6b0 2229 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2230}
2231
2232/**
2233 * smack_task_getscheduler - Smack check on reading scheduler
2234 * @p: the task object
2235 *
2236 * Return 0 if read access is permitted
2237 */
2238static int smack_task_getscheduler(struct task_struct *p)
2239{
531f1d45 2240 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2241}
2242
2243/**
2244 * smack_task_movememory - Smack check on moving memory
2245 * @p: the task object
2246 *
2247 * Return 0 if write access is permitted
2248 */
2249static int smack_task_movememory(struct task_struct *p)
2250{
531f1d45 2251 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2252}
2253
2254/**
2255 * smack_task_kill - Smack check on signal delivery
2256 * @p: the task object
2257 * @info: unused
2258 * @sig: unused
6b4f3d01 2259 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2260 *
2261 * Return 0 if write access is permitted
2262 *
e114e473 2263 */
ae7795bc 2264static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2265 int sig, const struct cred *cred)
e114e473 2266{
ecfcc53f 2267 struct smk_audit_info ad;
2f823ff8 2268 struct smack_known *skp;
6d1cff2a 2269 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 2270 int rc;
ecfcc53f 2271
18d872f7
RK		 2272 if (!sig)
2273 return 0; /* null signal; existence test */
2274
ecfcc53f
EB		 2275 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2276 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2277 /*
2278 * Sending a signal requires that the sender
2279 * can write the receiver.
2280 */
6b4f3d01 2281 if (cred == NULL) {
c60b9066
CS		 2282 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2283 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2284 return rc;
2285 }
e114e473 2286 /*
6b4f3d01 2287 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2288 * specific behavior. This is not clean. For one thing
2289 * we can't take privilege into account.
2290 */
6b4f3d01 2291 skp = smk_of_task(cred->security);
c60b9066
CS		 2292 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2293 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2294 return rc;
e114e473
CS		 2295}
2296
e114e473
CS		 2297/**
2298 * smack_task_to_inode - copy task smack into the inode blob
2299 * @p: task to copy from
251a2a95 2300 * @inode: inode to copy to
e114e473
CS		 2301 *
2302 * Sets the smack pointer in the inode security blob
2303 */
2304static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2305{
2306 struct inode_smack *isp = inode->i_security;
6d1cff2a 2307 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2308
21c7eae2 2309 isp->smk_inode = skp;
7b4e8843 2310 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2311}
2312
2313/*
2314 * Socket hooks.
2315 */
2316
2317/**
2318 * smack_sk_alloc_security - Allocate a socket blob
2319 * @sk: the socket
2320 * @family: unused
251a2a95 2321 * @gfp_flags: memory allocation flags
e114e473
CS		 2322 *
2323 * Assign Smack pointers to current
2324 *
2325 * Returns 0 on success, -ENOMEM is there's no memory
2326 */
2327static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2328{
2f823ff8 2329 struct smack_known *skp = smk_of_current();
e114e473
CS		 2330 struct socket_smack *ssp;
2331
2332 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2333 if (ssp == NULL)
2334 return -ENOMEM;
2335
08382c9f 2336 /*
2337 * Sockets created by kernel threads receive web label.
2338 */
2339 if (unlikely(current->flags & PF_KTHREAD)) {
2340 ssp->smk_in = &smack_known_web;
2341 ssp->smk_out = &smack_known_web;
2342 } else {
2343 ssp->smk_in = skp;
2344 ssp->smk_out = skp;
2345 }
272cd7a8 2346 ssp->smk_packet = NULL;
e114e473
CS		 2347
2348 sk->sk_security = ssp;
2349
2350 return 0;
2351}
2352
2353/**
2354 * smack_sk_free_security - Free a socket blob
2355 * @sk: the socket
2356 *
2357 * Clears the blob pointer
2358 */
2359static void smack_sk_free_security(struct sock *sk)
2360{
0c96d1f5
VG		 2361#ifdef SMACK_IPV6_PORT_LABELING
2362 struct smk_port_label *spp;
2363
2364 if (sk->sk_family == PF_INET6) {
2365 rcu_read_lock();
2366 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2367 if (spp->smk_sock != sk)
2368 continue;
2369 spp->smk_can_reuse = 1;
2370 break;
2371 }
2372 rcu_read_unlock();
2373 }
2374#endif
e114e473
CS		 2375 kfree(sk->sk_security);
2376}
2377
07feee8f 2378/**
21abb1ec 2379* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2380* @sip: the object end
2381*
2382* looks for host based access restrictions
2383*
2384* This version will only be appropriate for really small sets of single label
2385* hosts. The caller is responsible for ensuring that the RCU read lock is
2386* taken before calling this function.
2387*
2388* Returns the label of the far end or NULL if it's not special.
2389*/
21abb1ec 2390static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2391{
21abb1ec 2392 struct smk_net4addr *snp;
07feee8f
PM		 2393 struct in_addr *siap = &sip->sin_addr;
2394
2395 if (siap->s_addr == 0)
2396 return NULL;
2397
21abb1ec
CS		 2398 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2399 /*
2400 * we break after finding the first match because
2401 * the list is sorted from longest to shortest mask
2402 * so we have found the most specific match
2403 */
2404 if (snp->smk_host.s_addr ==
2405 (siap->s_addr & snp->smk_mask.s_addr))
2406 return snp->smk_label;
2407
2408 return NULL;
2409}
2410
2411#if IS_ENABLED(CONFIG_IPV6)
2412/*
2413 * smk_ipv6_localhost - Check for local ipv6 host address
2414 * @sip: the address
2415 *
2416 * Returns boolean true if this is the localhost address
2417 */
2418static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2419{
2420 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2421 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2422
2423 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2424 ntohs(be16p[7]) == 1)
2425 return true;
2426 return false;
2427}
2428
2429/**
2430* smack_ipv6host_label - check host based restrictions
2431* @sip: the object end
2432*
2433* looks for host based access restrictions
2434*
2435* This version will only be appropriate for really small sets of single label
2436* hosts. The caller is responsible for ensuring that the RCU read lock is
2437* taken before calling this function.
2438*
2439* Returns the label of the far end or NULL if it's not special.
2440*/
2441static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2442{
2443 struct smk_net6addr *snp;
2444 struct in6_addr *sap = &sip->sin6_addr;
2445 int i;
2446 int found = 0;
2447
2448 /*
2449 * It's local. Don't look for a host label.
2450 */
2451 if (smk_ipv6_localhost(sip))
2452 return NULL;
2453
2454 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2455 /*
2456 * If the label is NULL the entry has
2457 * been renounced. Ignore it.
2458 */
2459 if (snp->smk_label == NULL)
2460 continue;
07feee8f
PM		 2461 /*
2462 * we break after finding the first match because
2463 * the list is sorted from longest to shortest mask
2464 * so we have found the most specific match
2465 */
21abb1ec 2466 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2467 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2468 snp->smk_host.s6_addr16[i]) {
2469 found = 0;
2470 break;
2471 }
4303154e 2472 }
21abb1ec
CS		 2473 if (found)
2474 return snp->smk_label;
2475 }
07feee8f
PM		 2476
2477 return NULL;
2478}
21abb1ec 2479#endif /* CONFIG_IPV6 */
07feee8f 2480
e114e473
CS		 2481/**
2482 * smack_netlabel - Set the secattr on a socket
2483 * @sk: the socket
6d3dc07c 2484 * @labeled: socket label scheme
e114e473
CS		 2485 *
2486 * Convert the outbound smack value (smk_out) to a
2487 * secattr and attach it to the socket.
2488 *
2489 * Returns 0 on success or an error code
2490 */
6d3dc07c 2491static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2492{
f7112e6c 2493 struct smack_known *skp;
07feee8f 2494 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2495 int rc = 0;
e114e473 2496
6d3dc07c
CS		 2497 /*
2498 * Usually the netlabel code will handle changing the
2499 * packet labeling based on the label.
2500 * The case of a single label host is different, because
2501 * a single label host should never get a labeled packet
2502 * even though the label is usually associated with a packet
2503 * label.
2504 */
2505 local_bh_disable();
2506 bh_lock_sock_nested(sk);
2507
2508 if (ssp->smk_out == smack_net_ambient ||
2509 labeled == SMACK_UNLABELED_SOCKET)
2510 netlbl_sock_delattr(sk);
2511 else {
2f823ff8 2512 skp = ssp->smk_out;
f7112e6c 2513 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2514 }
2515
2516 bh_unlock_sock(sk);
2517 local_bh_enable();
4bc87e62 2518
e114e473
CS		 2519 return rc;
2520}
2521
07feee8f
PM		 2522/**
2523 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2524 * @sk: the socket
2525 * @sap: the destination address
2526 *
2527 * Set the correct secattr for the given socket based on the destination
2528 * address and perform any outbound access checks needed.
2529 *
2530 * Returns 0 on success or an error code.
2531 *
2532 */
2533static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2534{
2f823ff8 2535 struct smack_known *skp;
07feee8f
PM		 2536 int rc;
2537 int sk_lbl;
21c7eae2 2538 struct smack_known *hkp;
07feee8f 2539 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2540 struct smk_audit_info ad;
07feee8f
PM		 2541
2542 rcu_read_lock();
21abb1ec 2543 hkp = smack_ipv4host_label(sap);
21c7eae2 2544 if (hkp != NULL) {
ecfcc53f 2545#ifdef CONFIG_AUDIT
923e9a13
KC		 2546 struct lsm_network_audit net;
2547
48c62af6
EP		 2548 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2549 ad.a.u.net->family = sap->sin_family;
2550 ad.a.u.net->dport = sap->sin_port;
2551 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2552#endif
923e9a13 2553 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2554 skp = ssp->smk_out;
21c7eae2
LP		 2555 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2556 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2557 } else {
2558 sk_lbl = SMACK_CIPSO_SOCKET;
2559 rc = 0;
2560 }
2561 rcu_read_unlock();
2562 if (rc != 0)
2563 return rc;
2564
2565 return smack_netlabel(sk, sk_lbl);
2566}
2567
21abb1ec
CS		 2568#if IS_ENABLED(CONFIG_IPV6)
2569/**
2570 * smk_ipv6_check - check Smack access
2571 * @subject: subject Smack label
2572 * @object: object Smack label
2573 * @address: address
2574 * @act: the action being taken
2575 *
2576 * Check an IPv6 access
2577 */
2578static int smk_ipv6_check(struct smack_known *subject,
2579 struct smack_known *object,
2580 struct sockaddr_in6 *address, int act)
2581{
2582#ifdef CONFIG_AUDIT
2583 struct lsm_network_audit net;
2584#endif
2585 struct smk_audit_info ad;
2586 int rc;
2587
2588#ifdef CONFIG_AUDIT
2589 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2590 ad.a.u.net->family = PF_INET6;
2591 ad.a.u.net->dport = ntohs(address->sin6_port);
2592 if (act == SMK_RECEIVING)
2593 ad.a.u.net->v6info.saddr = address->sin6_addr;
2594 else
2595 ad.a.u.net->v6info.daddr = address->sin6_addr;
2596#endif
2597 rc = smk_access(subject, object, MAY_WRITE, &ad);
2598 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2599 return rc;
2600}
2601#endif /* CONFIG_IPV6 */
2602
2603#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2604/**
2605 * smk_ipv6_port_label - Smack port access table management
2606 * @sock: socket
2607 * @address: address
2608 *
2609 * Create or update the port list entry
2610 */
2611static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2612{
2613 struct sock *sk = sock->sk;
2614 struct sockaddr_in6 *addr6;
2615 struct socket_smack *ssp = sock->sk->sk_security;
2616 struct smk_port_label *spp;
2617 unsigned short port = 0;
2618
2619 if (address == NULL) {
2620 /*
2621 * This operation is changing the Smack information
2622 * on the bound socket. Take the changes to the port
2623 * as well.
2624 */
3c7ce342
VG		 2625 rcu_read_lock();
2626 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2627 if (sk != spp->smk_sock)
2628 continue;
2629 spp->smk_in = ssp->smk_in;
2630 spp->smk_out = ssp->smk_out;
3c7ce342 2631 rcu_read_unlock();
c6739443
CS		 2632 return;
2633 }
2634 /*
2635 * A NULL address is only used for updating existing
2636 * bound entries. If there isn't one, it's OK.
2637 */
3c7ce342 2638 rcu_read_unlock();
c6739443
CS		 2639 return;
2640 }
2641
2642 addr6 = (struct sockaddr_in6 *)address;
2643 port = ntohs(addr6->sin6_port);
2644 /*
2645 * This is a special case that is safely ignored.
2646 */
2647 if (port == 0)
2648 return;
2649
2650 /*
2651 * Look for an existing port list entry.
2652 * This is an indication that a port is getting reused.
2653 */
3c7ce342
VG		 2654 rcu_read_lock();
2655 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2656 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2657 continue;
0c96d1f5
VG		 2658 if (spp->smk_can_reuse != 1) {
2659 rcu_read_unlock();
2660 return;
2661 }
c6739443
CS		 2662 spp->smk_port = port;
2663 spp->smk_sock = sk;
2664 spp->smk_in = ssp->smk_in;
2665 spp->smk_out = ssp->smk_out;
0c96d1f5 2666 spp->smk_can_reuse = 0;
3c7ce342 2667 rcu_read_unlock();
c6739443
CS		 2668 return;
2669 }
3c7ce342 2670 rcu_read_unlock();
c6739443
CS		 2671 /*
2672 * A new port entry is required.
2673 */
2674 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2675 if (spp == NULL)
2676 return;
2677
2678 spp->smk_port = port;
2679 spp->smk_sock = sk;
2680 spp->smk_in = ssp->smk_in;
2681 spp->smk_out = ssp->smk_out;
9d44c973 2682 spp->smk_sock_type = sock->type;
0c96d1f5 2683 spp->smk_can_reuse = 0;
c6739443 2684
3c7ce342
VG		 2685 mutex_lock(&smack_ipv6_lock);
2686 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2687 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2688 return;
2689}
2690
2691/**
2692 * smk_ipv6_port_check - check Smack port access
2693 * @sock: socket
2694 * @address: address
2695 *
2696 * Create or update the port list entry
2697 */
6ea06247 2698static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2699 int act)
2700{
c6739443
CS		 2701 struct smk_port_label *spp;
2702 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2703 struct smack_known *skp = NULL;
2704 unsigned short port;
21c7eae2 2705 struct smack_known *object;
c6739443
CS		 2706
2707 if (act == SMK_RECEIVING) {
21abb1ec 2708 skp = smack_ipv6host_label(address);
21c7eae2 2709 object = ssp->smk_in;
c6739443 2710 } else {
2f823ff8 2711 skp = ssp->smk_out;
21abb1ec 2712 object = smack_ipv6host_label(address);
c6739443
CS		 2713 }
2714
2715 /*
21abb1ec 2716 * The other end is a single label host.
c6739443 2717 */
21abb1ec
CS		 2718 if (skp != NULL && object != NULL)
2719 return smk_ipv6_check(skp, object, address, act);
2720 if (skp == NULL)
2721 skp = smack_net_ambient;
2722 if (object == NULL)
2723 object = smack_net_ambient;
c6739443
CS		 2724
2725 /*
2726 * It's remote, so port lookup does no good.
2727 */
21abb1ec
CS		 2728 if (!smk_ipv6_localhost(address))
2729 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2730
2731 /*
2732 * It's local so the send check has to have passed.
2733 */
21abb1ec
CS		 2734 if (act == SMK_RECEIVING)
2735 return 0;
c6739443 2736
21abb1ec 2737 port = ntohs(address->sin6_port);
3c7ce342
VG		 2738 rcu_read_lock();
2739 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2740 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2741 continue;
21c7eae2 2742 object = spp->smk_in;
c6739443 2743 if (act == SMK_CONNECTING)
54e70ec5 2744 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2745 break;
2746 }
3c7ce342 2747 rcu_read_unlock();
c6739443 2748
21abb1ec 2749 return smk_ipv6_check(skp, object, address, act);
c6739443 2750}
21abb1ec 2751#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2752
e114e473
CS		 2753/**
2754 * smack_inode_setsecurity - set smack xattrs
2755 * @inode: the object
2756 * @name: attribute name
2757 * @value: attribute value
2758 * @size: size of the attribute
2759 * @flags: unused
2760 *
2761 * Sets the named attribute in the appropriate blob
2762 *
2763 * Returns 0 on success, or an error code
2764 */
2765static int smack_inode_setsecurity(struct inode *inode, const char *name,
2766 const void *value, size_t size, int flags)
2767{
2f823ff8 2768 struct smack_known *skp;
e114e473
CS		 2769 struct inode_smack *nsp = inode->i_security;
2770 struct socket_smack *ssp;
2771 struct socket *sock;
4bc87e62 2772 int rc = 0;
e114e473 2773
f7112e6c 2774 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2775 return -EINVAL;
e114e473 2776
2f823ff8 2777 skp = smk_import_entry(value, size);
e774ad68
LP		 2778 if (IS_ERR(skp))
2779 return PTR_ERR(skp);
e114e473
CS		 2780
2781 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2782 nsp->smk_inode = skp;
ddd29ec6 2783 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2784 return 0;
2785 }
2786 /*
2787 * The rest of the Smack xattrs are only on sockets.
2788 */
2789 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2790 return -EOPNOTSUPP;
2791
2792 sock = SOCKET_I(inode);
2e1d146a 2793 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2794 return -EOPNOTSUPP;
2795
2796 ssp = sock->sk->sk_security;
2797
2798 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2799 ssp->smk_in = skp;
e114e473 2800 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2801 ssp->smk_out = skp;
c6739443 2802 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2803 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2804 if (rc != 0)
2805 printk(KERN_WARNING
2806 "Smack: \"%s\" netlbl error %d.\n",
2807 __func__, -rc);
2808 }
e114e473
CS		 2809 } else
2810 return -EOPNOTSUPP;
2811
21abb1ec 2812#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2813 if (sock->sk->sk_family == PF_INET6)
2814 smk_ipv6_port_label(sock, NULL);
21abb1ec 2815#endif
c6739443 2816
e114e473
CS		 2817 return 0;
2818}
2819
2820/**
2821 * smack_socket_post_create - finish socket setup
2822 * @sock: the socket
2823 * @family: protocol family
2824 * @type: unused
2825 * @protocol: unused
2826 * @kern: unused
2827 *
2828 * Sets the netlabel information on the socket
2829 *
2830 * Returns 0 on success, and error code otherwise
2831 */
2832static int smack_socket_post_create(struct socket *sock, int family,
2833 int type, int protocol, int kern)
2834{
7412301b
ML		 2835 struct socket_smack *ssp;
2836
2837 if (sock->sk == NULL)
2838 return 0;
2839
2840 /*
2841 * Sockets created by kernel threads receive web label.
2842 */
2843 if (unlikely(current->flags & PF_KTHREAD)) {
2844 ssp = sock->sk->sk_security;
2845 ssp->smk_in = &smack_known_web;
2846 ssp->smk_out = &smack_known_web;
2847 }
2848
2849 if (family != PF_INET)
e114e473
CS		 2850 return 0;
2851 /*
2852 * Set the outbound netlbl.
2853 */
6d3dc07c
CS		 2854 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2855}
2856
5859cdf5
TG		 2857/**
2858 * smack_socket_socketpair - create socket pair
2859 * @socka: one socket
2860 * @sockb: another socket
2861 *
2862 * Cross reference the peer labels for SO_PEERSEC
2863 *
2864 * Returns 0 on success, and error code otherwise
2865 */
2866static int smack_socket_socketpair(struct socket *socka,
2867 struct socket *sockb)
2868{
2869 struct socket_smack *asp = socka->sk->sk_security;
2870 struct socket_smack *bsp = sockb->sk->sk_security;
2871
2872 asp->smk_packet = bsp->smk_out;
2873 bsp->smk_packet = asp->smk_out;
2874
2875 return 0;
2876}
2877
21abb1ec 2878#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2879/**
2880 * smack_socket_bind - record port binding information.
2881 * @sock: the socket
2882 * @address: the port address
2883 * @addrlen: size of the address
2884 *
2885 * Records the label bound to a port.
2886 *
2887 * Returns 0
2888 */
2889static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2890 int addrlen)
2891{
2892 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2893 smk_ipv6_port_label(sock, address);
c6739443
CS		 2894 return 0;
2895}
21abb1ec 2896#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2897
6d3dc07c
CS		 2898/**
2899 * smack_socket_connect - connect access check
2900 * @sock: the socket
2901 * @sap: the other end
2902 * @addrlen: size of sap
2903 *
2904 * Verifies that a connection may be possible
2905 *
2906 * Returns 0 on success, and error code otherwise
2907 */
2908static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2909 int addrlen)
2910{
c6739443 2911 int rc = 0;
21abb1ec
CS		 2912#if IS_ENABLED(CONFIG_IPV6)
2913 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2914#endif
2915#ifdef SMACK_IPV6_SECMARK_LABELING
2916 struct smack_known *rsp;
da49b5da 2917 struct socket_smack *ssp;
21abb1ec 2918#endif
c6739443
CS		 2919
2920 if (sock->sk == NULL)
6d3dc07c 2921 return 0;
6d3dc07c 2922
da49b5da
VG		 2923#ifdef SMACK_IPV6_SECMARK_LABELING
2924 ssp = sock->sk->sk_security;
2925#endif
2926
c6739443
CS		 2927 switch (sock->sk->sk_family) {
2928 case PF_INET:
2929 if (addrlen < sizeof(struct sockaddr_in))
2930 return -EINVAL;
2931 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2932 break;
2933 case PF_INET6:
2934 if (addrlen < sizeof(struct sockaddr_in6))
2935 return -EINVAL;
21abb1ec
CS		 2936#ifdef SMACK_IPV6_SECMARK_LABELING
2937 rsp = smack_ipv6host_label(sip);
2938 if (rsp != NULL)
2939 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
6ea06247 2940 SMK_CONNECTING);
21abb1ec
CS		 2941#endif
2942#ifdef SMACK_IPV6_PORT_LABELING
2943 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2944#endif
c6739443
CS		 2945 break;
2946 }
2947 return rc;
e114e473
CS		 2948}
2949
2950/**
2951 * smack_flags_to_may - convert S_ to MAY_ values
2952 * @flags: the S_ value
2953 *
2954 * Returns the equivalent MAY_ value
2955 */
2956static int smack_flags_to_may(int flags)
2957{
2958 int may = 0;
2959
2960 if (flags & S_IRUGO)
2961 may |= MAY_READ;
2962 if (flags & S_IWUGO)
2963 may |= MAY_WRITE;
2964 if (flags & S_IXUGO)
2965 may |= MAY_EXEC;
2966
2967 return may;
2968}
2969
2970/**
2971 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2972 * @msg: the object
2973 *
2974 * Returns 0
2975 */
2976static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2977{
2f823ff8
CS		 2978 struct smack_known *skp = smk_of_current();
2979
21c7eae2 2980 msg->security = skp;
e114e473
CS		 2981 return 0;
2982}
2983
2984/**
2985 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2986 * @msg: the object
2987 *
2988 * Clears the blob pointer
2989 */
2990static void smack_msg_msg_free_security(struct msg_msg *msg)
2991{
2992 msg->security = NULL;
2993}
2994
2995/**
0d79cbf8
EB		 2996 * smack_of_ipc - the smack pointer for the ipc
2997 * @isp: the object
e114e473
CS		 2998 *
2999 * Returns a pointer to the smack value
3000 */
0d79cbf8 3001static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 3002{
0d79cbf8 3003 return (struct smack_known *)isp->security;
e114e473
CS		 3004}
3005
3006/**
0d79cbf8
EB		 3007 * smack_ipc_alloc_security - Set the security blob for ipc
3008 * @isp: the object
e114e473
CS		 3009 *
3010 * Returns 0
3011 */
0d79cbf8 3012static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 3013{
2f823ff8 3014 struct smack_known *skp = smk_of_current();
e114e473 3015
21c7eae2 3016 isp->security = skp;
e114e473
CS		 3017 return 0;
3018}
3019
3020/**
0d79cbf8
EB		 3021 * smack_ipc_free_security - Clear the security blob for ipc
3022 * @isp: the object
e114e473
CS		 3023 *
3024 * Clears the blob pointer
3025 */
0d79cbf8 3026static void smack_ipc_free_security(struct kern_ipc_perm *isp)
e114e473 3027{
e114e473
CS		 3028 isp->security = NULL;
3029}
3030
ecfcc53f
EB		 3031/**
3032 * smk_curacc_shm : check if current has access on shm
0d79cbf8 3033 * @isp : the object
ecfcc53f
EB		 3034 * @access : access requested
3035 *
3036 * Returns 0 if current has the requested access, error code otherwise
3037 */
0d79cbf8 3038static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 3039{
0d79cbf8 3040 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3041 struct smk_audit_info ad;
d166c802 3042 int rc;
ecfcc53f
EB		 3043
3044#ifdef CONFIG_AUDIT
3045 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3046 ad.a.u.ipc_id = isp->id;
ecfcc53f 3047#endif
d166c802
CS		 3048 rc = smk_curacc(ssp, access, &ad);
3049 rc = smk_bu_current("shm", ssp, access, rc);
3050 return rc;
ecfcc53f
EB		 3051}
3052
e114e473
CS		 3053/**
3054 * smack_shm_associate - Smack access check for shm
0d79cbf8 3055 * @isp: the object
e114e473
CS		 3056 * @shmflg: access requested
3057 *
3058 * Returns 0 if current has the requested access, error code otherwise
3059 */
0d79cbf8 3060static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 3061{
e114e473
CS		 3062 int may;
3063
3064 may = smack_flags_to_may(shmflg);
0d79cbf8 3065 return smk_curacc_shm(isp, may);
e114e473
CS		 3066}
3067
3068/**
3069 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 3070 * @isp: the object
e114e473
CS		 3071 * @cmd: what it wants to do
3072 *
3073 * Returns 0 if current has the requested access, error code otherwise
3074 */
0d79cbf8 3075static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3076{
e114e473
CS		 3077 int may;
3078
3079 switch (cmd) {
3080 case IPC_STAT:
3081 case SHM_STAT:
c21a6970 3082 case SHM_STAT_ANY:
e114e473
CS		 3083 may = MAY_READ;
3084 break;
3085 case IPC_SET:
3086 case SHM_LOCK:
3087 case SHM_UNLOCK:
3088 case IPC_RMID:
3089 may = MAY_READWRITE;
3090 break;
3091 case IPC_INFO:
3092 case SHM_INFO:
3093 /*
3094 * System level information.
3095 */
3096 return 0;
3097 default:
3098 return -EINVAL;
3099 }
0d79cbf8 3100 return smk_curacc_shm(isp, may);
e114e473
CS		 3101}
3102
3103/**
3104 * smack_shm_shmat - Smack access for shmat
0d79cbf8 3105 * @isp: the object
e114e473
CS		 3106 * @shmaddr: unused
3107 * @shmflg: access requested
3108 *
3109 * Returns 0 if current has the requested access, error code otherwise
3110 */
0d79cbf8 3111static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
e114e473
CS		 3112 int shmflg)
3113{
e114e473
CS		 3114 int may;
3115
3116 may = smack_flags_to_may(shmflg);
0d79cbf8 3117 return smk_curacc_shm(ipc, may);
e114e473
CS		 3118}
3119
ecfcc53f
EB		 3120/**
3121 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3122 * @isp : the object
ecfcc53f
EB		 3123 * @access : access requested
3124 *
3125 * Returns 0 if current has the requested access, error code otherwise
3126 */
0d79cbf8 3127static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3128{
0d79cbf8 3129 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3130 struct smk_audit_info ad;
d166c802 3131 int rc;
ecfcc53f
EB		 3132
3133#ifdef CONFIG_AUDIT
3134 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3135 ad.a.u.ipc_id = isp->id;
ecfcc53f 3136#endif
d166c802
CS		 3137 rc = smk_curacc(ssp, access, &ad);
3138 rc = smk_bu_current("sem", ssp, access, rc);
3139 return rc;
ecfcc53f
EB		 3140}
3141
e114e473
CS		 3142/**
3143 * smack_sem_associate - Smack access check for sem
0d79cbf8 3144 * @isp: the object
e114e473
CS		 3145 * @semflg: access requested
3146 *
3147 * Returns 0 if current has the requested access, error code otherwise
3148 */
0d79cbf8 3149static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3150{
e114e473
CS		 3151 int may;
3152
3153 may = smack_flags_to_may(semflg);
0d79cbf8 3154 return smk_curacc_sem(isp, may);
e114e473
CS		 3155}
3156
3157/**
3158 * smack_sem_shmctl - Smack access check for sem
0d79cbf8 3159 * @isp: the object
e114e473
CS		 3160 * @cmd: what it wants to do
3161 *
3162 * Returns 0 if current has the requested access, error code otherwise
3163 */
0d79cbf8 3164static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3165{
e114e473
CS		 3166 int may;
3167
3168 switch (cmd) {
3169 case GETPID:
3170 case GETNCNT:
3171 case GETZCNT:
3172 case GETVAL:
3173 case GETALL:
3174 case IPC_STAT:
3175 case SEM_STAT:
a280d6dc 3176 case SEM_STAT_ANY:
e114e473
CS		 3177 may = MAY_READ;
3178 break;
3179 case SETVAL:
3180 case SETALL:
3181 case IPC_RMID:
3182 case IPC_SET:
3183 may = MAY_READWRITE;
3184 break;
3185 case IPC_INFO:
3186 case SEM_INFO:
3187 /*
3188 * System level information
3189 */
3190 return 0;
3191 default:
3192 return -EINVAL;
3193 }
3194
0d79cbf8 3195 return smk_curacc_sem(isp, may);
e114e473
CS		 3196}
3197
3198/**
3199 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3200 * @isp: the object
e114e473
CS		 3201 * @sops: unused
3202 * @nsops: unused
3203 * @alter: unused
3204 *
3205 * Treated as read and write in all cases.
3206 *
3207 * Returns 0 if access is allowed, error code otherwise
3208 */
0d79cbf8 3209static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3210 unsigned nsops, int alter)
3211{
0d79cbf8 3212 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3213}
3214
ecfcc53f
EB		 3215/**
3216 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3217 * @isp : the msq
ecfcc53f
EB		 3218 * @access : access requested
3219 *
3220 * return 0 if current has access, error otherwise
3221 */
0d79cbf8 3222static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3223{
0d79cbf8 3224 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3225 struct smk_audit_info ad;
d166c802 3226 int rc;
ecfcc53f
EB		 3227
3228#ifdef CONFIG_AUDIT
3229 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3230 ad.a.u.ipc_id = isp->id;
ecfcc53f 3231#endif
d166c802
CS		 3232 rc = smk_curacc(msp, access, &ad);
3233 rc = smk_bu_current("msq", msp, access, rc);
3234 return rc;
ecfcc53f
EB		 3235}
3236
e114e473
CS		 3237/**
3238 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3239 * @isp: the object
e114e473
CS		 3240 * @msqflg: access requested
3241 *
3242 * Returns 0 if current has the requested access, error code otherwise
3243 */
0d79cbf8 3244static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3245{
e114e473
CS		 3246 int may;
3247
3248 may = smack_flags_to_may(msqflg);
0d79cbf8 3249 return smk_curacc_msq(isp, may);
e114e473
CS		 3250}
3251
3252/**
3253 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3254 * @isp: the object
e114e473
CS		 3255 * @cmd: what it wants to do
3256 *
3257 * Returns 0 if current has the requested access, error code otherwise
3258 */
0d79cbf8 3259static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3260{
e114e473
CS		 3261 int may;
3262
3263 switch (cmd) {
3264 case IPC_STAT:
3265 case MSG_STAT:
23c8cec8 3266 case MSG_STAT_ANY:
e114e473
CS		 3267 may = MAY_READ;
3268 break;
3269 case IPC_SET:
3270 case IPC_RMID:
3271 may = MAY_READWRITE;
3272 break;
3273 case IPC_INFO:
3274 case MSG_INFO:
3275 /*
3276 * System level information
3277 */
3278 return 0;
3279 default:
3280 return -EINVAL;
3281 }
3282
0d79cbf8 3283 return smk_curacc_msq(isp, may);
e114e473
CS		 3284}
3285
3286/**
3287 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3288 * @isp: the object
e114e473
CS		 3289 * @msg: unused
3290 * @msqflg: access requested
3291 *
3292 * Returns 0 if current has the requested access, error code otherwise
3293 */
0d79cbf8 3294static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3295 int msqflg)
3296{
ecfcc53f 3297 int may;
e114e473 3298
ecfcc53f 3299 may = smack_flags_to_may(msqflg);
0d79cbf8 3300 return smk_curacc_msq(isp, may);
e114e473
CS		 3301}
3302
3303/**
3304 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3305 * @isp: the object
e114e473
CS		 3306 * @msg: unused
3307 * @target: unused
3308 * @type: unused
3309 * @mode: unused
3310 *
3311 * Returns 0 if current has read and write access, error code otherwise
3312 */
0d79cbf8 3313static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3314 struct task_struct *target, long type, int mode)
3315{
0d79cbf8 3316 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3317}
3318
3319/**
3320 * smack_ipc_permission - Smack access for ipc_permission()
3321 * @ipp: the object permissions
3322 * @flag: access requested
3323 *
3324 * Returns 0 if current has read and write access, error code otherwise
3325 */
3326static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3327{
21c7eae2 3328 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 3329 int may = smack_flags_to_may(flag);
3330 struct smk_audit_info ad;
d166c802 3331 int rc;
e114e473 3332
ecfcc53f
EB		 3333#ifdef CONFIG_AUDIT
3334 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3335 ad.a.u.ipc_id = ipp->id;
3336#endif
21c7eae2
LP		 3337 rc = smk_curacc(iskp, may, &ad);
3338 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3339 return rc;
e114e473
CS		 3340}
3341
d20bdda6
AD		 3342/**
3343 * smack_ipc_getsecid - Extract smack security id
251a2a95 3344 * @ipp: the object permissions
d20bdda6
AD		 3345 * @secid: where result will be saved
3346 */
3347static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3348{
21c7eae2 3349 struct smack_known *iskp = ipp->security;
d20bdda6 3350
21c7eae2 3351 *secid = iskp->smk_secid;
d20bdda6
AD		 3352}
3353
e114e473
CS		 3354/**
3355 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3356 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3357 * @inode: the object
3358 *
3359 * Set the inode's security blob if it hasn't been done already.
3360 */
3361static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3362{
3363 struct super_block *sbp;
3364 struct superblock_smack *sbsp;
3365 struct inode_smack *isp;
2f823ff8
CS		 3366 struct smack_known *skp;
3367 struct smack_known *ckp = smk_of_current();
21c7eae2 3368 struct smack_known *final;
5c6d1125
JS		 3369 char trattr[TRANS_TRUE_SIZE];
3370 int transflag = 0;
2267b13a 3371 int rc;
e114e473
CS		 3372 struct dentry *dp;
3373
3374 if (inode == NULL)
3375 return;
3376
3377 isp = inode->i_security;
3378
3379 mutex_lock(&isp->smk_lock);
3380 /*
3381 * If the inode is already instantiated
3382 * take the quick way out
3383 */
3384 if (isp->smk_flags & SMK_INODE_INSTANT)
3385 goto unlockandout;
3386
3387 sbp = inode->i_sb;
3388 sbsp = sbp->s_security;
3389 /*
3390 * We're going to use the superblock default label
3391 * if there's no label on the file.
3392 */
3393 final = sbsp->smk_default;
3394
e97dcb0e
CS		 3395 /*
3396 * If this is the root inode the superblock
3397 * may be in the process of initialization.
3398 * If that is the case use the root value out
3399 * of the superblock.
3400 */
3401 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3402 switch (sbp->s_magic) {
3403 case CGROUP_SUPER_MAGIC:
58c442f3 3404 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3405 /*
3406 * The cgroup filesystem is never mounted,
3407 * so there's no opportunity to set the mount
3408 * options.
3409 */
21c7eae2
LP		 3410 sbsp->smk_root = &smack_known_star;
3411 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3412 isp->smk_inode = sbsp->smk_root;
3413 break;
3414 case TMPFS_MAGIC:
3415 /*
3416 * What about shmem/tmpfs anonymous files with dentry
3417 * obtained from d_alloc_pseudo()?
3418 */
3419 isp->smk_inode = smk_of_current();
3420 break;
8da4aba5
RK		 3421 case PIPEFS_MAGIC:
3422 isp->smk_inode = smk_of_current();
3423 break;
805b65a8
RK		 3424 case SOCKFS_MAGIC:
3425 /*
3426 * Socket access is controlled by the socket
3427 * structures associated with the task involved.
3428 */
3429 isp->smk_inode = &smack_known_star;
3430 break;
1d8c2326
ŁS		 3431 default:
3432 isp->smk_inode = sbsp->smk_root;
3433 break;
36ea735b 3434 }
e97dcb0e
CS		 3435 isp->smk_flags |= SMK_INODE_INSTANT;
3436 goto unlockandout;
3437 }
3438
e114e473
CS		 3439 /*
3440 * This is pretty hackish.
3441 * Casey says that we shouldn't have to do
3442 * file system specific code, but it does help
3443 * with keeping it simple.
3444 */
3445 switch (sbp->s_magic) {
3446 case SMACK_MAGIC:
36ea735b 3447 case CGROUP_SUPER_MAGIC:
58c442f3 3448 case CGROUP2_SUPER_MAGIC:
e114e473 3449 /*
25985edc 3450 * Casey says that it's a little embarrassing
e114e473
CS		 3451 * that the smack file system doesn't do
3452 * extended attributes.
36ea735b 3453 *
36ea735b 3454 * Cgroupfs is special
e114e473 3455 */
21c7eae2 3456 final = &smack_known_star;
e114e473
CS		 3457 break;
3458 case DEVPTS_SUPER_MAGIC:
3459 /*
3460 * devpts seems content with the label of the task.
3461 * Programs that change smack have to treat the
3462 * pty with respect.
3463 */
21c7eae2 3464 final = ckp;
e114e473 3465 break;
e114e473
CS		 3466 case PROC_SUPER_MAGIC:
3467 /*
3468 * Casey says procfs appears not to care.
3469 * The superblock default suffices.
3470 */
3471 break;
3472 case TMPFS_MAGIC:
3473 /*
3474 * Device labels should come from the filesystem,
3475 * but watch out, because they're volitile,
3476 * getting recreated on every reboot.
3477 */
21c7eae2 3478 final = &smack_known_star;
e114e473 3479 /*
b1fed3ed 3480 * Fall through.
e114e473
CS		 3481 *
3482 * If a smack value has been set we want to use it,
3483 * but since tmpfs isn't giving us the opportunity
3484 * to set mount options simulate setting the
3485 * superblock default.
3486 */
3487 default:
3488 /*
3489 * This isn't an understood special case.
3490 * Get the value from the xattr.
b4e0d5f0
CS		 3491 */
3492
3493 /*
3494 * UNIX domain sockets use lower level socket data.
3495 */
3496 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3497 final = &smack_known_star;
b4e0d5f0
CS		 3498 break;
3499 }
3500 /*
e114e473
CS		 3501 * No xattr support means, alas, no SMACK label.
3502 * Use the aforeapplied default.
3503 * It would be curious if the label of the task
3504 * does not match that assigned.
3505 */
5d6c3191
AG		 3506 if (!(inode->i_opflags & IOP_XATTR))
3507 break;
e114e473
CS		 3508 /*
3509 * Get the dentry for xattr.
3510 */
3e62cbb8 3511 dp = dget(opt_dentry);
2f823ff8 3512 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3513 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3514 final = skp;
2267b13a
CS		 3515
3516 /*
3517 * Transmuting directory
3518 */
3519 if (S_ISDIR(inode->i_mode)) {
3520 /*
3521 * If this is a new directory and the label was
3522 * transmuted when the inode was initialized
3523 * set the transmute attribute on the directory
3524 * and mark the inode.
3525 *
3526 * If there is a transmute attribute on the
3527 * directory mark the inode.
3528 */
3529 if (isp->smk_flags & SMK_INODE_CHANGED) {
3530 isp->smk_flags &= ~SMK_INODE_CHANGED;
5d6c3191 3531 rc = __vfs_setxattr(dp, inode,
5c6d1125 3532 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3533 TRANS_TRUE, TRANS_TRUE_SIZE,
3534 0);
3535 } else {
5d6c3191 3536 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3537 XATTR_NAME_SMACKTRANSMUTE, trattr,
3538 TRANS_TRUE_SIZE);
3539 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3540 TRANS_TRUE_SIZE) != 0)
3541 rc = -EINVAL;
5c6d1125 3542 }
2267b13a
CS		 3543 if (rc >= 0)
3544 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3545 }
809c02e0
SF		 3546 /*
3547 * Don't let the exec or mmap label be "*" or "@".
3548 */
3549 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3550 if (IS_ERR(skp) || skp == &smack_known_star ||
3551 skp == &smack_known_web)
3552 skp = NULL;
3553 isp->smk_task = skp;
e774ad68 3554
19760ad0 3555 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3556 if (IS_ERR(skp) || skp == &smack_known_star ||
3557 skp == &smack_known_web)
19760ad0
CS		 3558 skp = NULL;
3559 isp->smk_mmap = skp;
676dac4b 3560
e114e473
CS		 3561 dput(dp);
3562 break;
3563 }
3564
3565 if (final == NULL)
21c7eae2 3566 isp->smk_inode = ckp;
e114e473
CS		 3567 else
3568 isp->smk_inode = final;
3569
5c6d1125 3570 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3571
3572unlockandout:
3573 mutex_unlock(&isp->smk_lock);
3574 return;
3575}
3576
3577/**
3578 * smack_getprocattr - Smack process attribute access
3579 * @p: the object task
3580 * @name: the name of the attribute in /proc/.../attr
3581 * @value: where to put the result
3582 *
3583 * Places a copy of the task Smack into value
3584 *
3585 * Returns the length of the smack label or an error code
3586 */
3587static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3588{
6d1cff2a 3589 struct smack_known *skp = smk_of_task_struct(p);
e114e473
CS		 3590 char *cp;
3591 int slen;
3592
3593 if (strcmp(name, "current") != 0)
3594 return -EINVAL;
3595
2f823ff8 3596 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3597 if (cp == NULL)
3598 return -ENOMEM;
3599
3600 slen = strlen(cp);
3601 *value = cp;
3602 return slen;
3603}
3604
3605/**
3606 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3607 * @name: the name of the attribute in /proc/.../attr
3608 * @value: the value to set
3609 * @size: the size of the value
3610 *
3611 * Sets the Smack value of the task. Only setting self
3612 * is permitted and only with privilege
3613 *
3614 * Returns the length of the smack label or an error code
3615 */
b21507e2 3616static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3617{
38416e53 3618 struct task_smack *tsp = current_security();
d84f4f99 3619 struct cred *new;
2f823ff8 3620 struct smack_known *skp;
38416e53
ZJ		 3621 struct smack_known_list_elem *sklep;
3622 int rc;
e114e473 3623
38416e53 3624 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3625 return -EPERM;
3626
f7112e6c 3627 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3628 return -EINVAL;
3629
3630 if (strcmp(name, "current") != 0)
3631 return -EINVAL;
3632
2f823ff8 3633 skp = smk_import_entry(value, size);
e774ad68
LP		 3634 if (IS_ERR(skp))
3635 return PTR_ERR(skp);
e114e473 3636
6d3dc07c 3637 /*
7128ea15
HS		 3638 * No process is ever allowed the web ("@") label
3639 * and the star ("*") label.
6d3dc07c 3640 */
7128ea15
HS		 3641 if (skp == &smack_known_web || skp == &smack_known_star)
3642 return -EINVAL;
6d3dc07c 3643
38416e53
ZJ		 3644 if (!smack_privileged(CAP_MAC_ADMIN)) {
3645 rc = -EPERM;
3646 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3647 if (sklep->smk_label == skp) {
3648 rc = 0;
3649 break;
3650 }
3651 if (rc)
3652 return rc;
3653 }
3654
d84f4f99 3655 new = prepare_creds();
6d3dc07c 3656 if (new == NULL)
d84f4f99 3657 return -ENOMEM;
7898e1f8 3658
46a2f3b9 3659 tsp = new->security;
2f823ff8 3660 tsp->smk_task = skp;
38416e53
ZJ		 3661 /*
3662 * process can change its label only once
3663 */
3664 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3665
d84f4f99 3666 commit_creds(new);
e114e473
CS		 3667 return size;
3668}
3669
3670/**
3671 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3672 * @sock: one sock
3673 * @other: the other sock
e114e473
CS		 3674 * @newsk: unused
3675 *
3676 * Return 0 if a subject with the smack of sock could access
3677 * an object with the smack of other, otherwise an error code
3678 */
3610cda5
DM		 3679static int smack_unix_stream_connect(struct sock *sock,
3680 struct sock *other, struct sock *newsk)
e114e473 3681{
2f823ff8 3682 struct smack_known *skp;
54e70ec5 3683 struct smack_known *okp;
d2e7ad19
JM		 3684 struct socket_smack *ssp = sock->sk_security;
3685 struct socket_smack *osp = other->sk_security;
975d5e55 3686 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3687 struct smk_audit_info ad;
b4e0d5f0 3688 int rc = 0;
923e9a13
KC		 3689#ifdef CONFIG_AUDIT
3690 struct lsm_network_audit net;
923e9a13 3691#endif
b4e0d5f0 3692
2f823ff8
CS		 3693 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3694 skp = ssp->smk_out;
96be7b54 3695 okp = osp->smk_in;
54e70ec5
CS		 3696#ifdef CONFIG_AUDIT
3697 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3698 smk_ad_setfield_u_net_sk(&ad, other);
3699#endif
21c7eae2
LP		 3700 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3701 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3702 if (rc == 0) {
96be7b54
ZJ		 3703 okp = osp->smk_out;
3704 skp = ssp->smk_in;
138a868f 3705 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3706 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3707 MAY_WRITE, rc);
3708 }
2f823ff8 3709 }
b4e0d5f0 3710
975d5e55
CS		 3711 /*
3712 * Cross reference the peer labels for SO_PEERSEC.
3713 */
3714 if (rc == 0) {
54e70ec5
CS		 3715 nsp->smk_packet = ssp->smk_out;
3716 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3717 }
3718
b4e0d5f0 3719 return rc;
e114e473
CS		 3720}
3721
3722/**
3723 * smack_unix_may_send - Smack access on UDS
3724 * @sock: one socket
3725 * @other: the other socket
3726 *
3727 * Return 0 if a subject with the smack of sock could access
3728 * an object with the smack of other, otherwise an error code
3729 */
3730static int smack_unix_may_send(struct socket *sock, struct socket *other)
3731{
b4e0d5f0
CS		 3732 struct socket_smack *ssp = sock->sk->sk_security;
3733 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3734 struct smk_audit_info ad;
d166c802 3735 int rc;
e114e473 3736
923e9a13
KC		 3737#ifdef CONFIG_AUDIT
3738 struct lsm_network_audit net;
3739
48c62af6 3740 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3741 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3742#endif
b4e0d5f0 3743
2f823ff8
CS		 3744 if (smack_privileged(CAP_MAC_OVERRIDE))
3745 return 0;
b4e0d5f0 3746
21c7eae2
LP		 3747 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3748 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3749 return rc;
e114e473
CS		 3750}
3751
6d3dc07c
CS		 3752/**
3753 * smack_socket_sendmsg - Smack check based on destination host
3754 * @sock: the socket
251a2a95 3755 * @msg: the message
6d3dc07c
CS		 3756 * @size: the size of the message
3757 *
c6739443
CS		 3758 * Return 0 if the current subject can write to the destination host.
3759 * For IPv4 this is only a question if the destination is a single label host.
3760 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3761 */
3762static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3763 int size)
3764{
3765 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3766#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3767 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3768#endif
3769#ifdef SMACK_IPV6_SECMARK_LABELING
3770 struct socket_smack *ssp = sock->sk->sk_security;
3771 struct smack_known *rsp;
3772#endif
c6739443 3773 int rc = 0;
6d3dc07c
CS		 3774
3775 /*
3776 * Perfectly reasonable for this to be NULL
3777 */
c6739443 3778 if (sip == NULL)
6d3dc07c
CS		 3779 return 0;
3780
81bd0d56 3781 switch (sock->sk->sk_family) {
c6739443
CS		 3782 case AF_INET:
3783 rc = smack_netlabel_send(sock->sk, sip);
3784 break;
3785 case AF_INET6:
21abb1ec
CS		 3786#ifdef SMACK_IPV6_SECMARK_LABELING
3787 rsp = smack_ipv6host_label(sap);
3788 if (rsp != NULL)
3789 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3790 SMK_CONNECTING);
3791#endif
3792#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3793 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3794#endif
c6739443
CS		 3795 break;
3796 }
3797 return rc;
6d3dc07c
CS		 3798}
3799
e114e473 3800/**
251a2a95 3801 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3802 * @sap: netlabel secattr
272cd7a8 3803 * @ssp: socket security information
e114e473 3804 *
2f823ff8 3805 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3806 */
2f823ff8
CS		 3807static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3808 struct socket_smack *ssp)
e114e473 3809{
2f823ff8 3810 struct smack_known *skp;
f7112e6c 3811 int found = 0;
677264e8
CS		 3812 int acat;
3813 int kcat;
e114e473 3814
6d3dc07c 3815 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3816 /*
6d3dc07c 3817 * Looks like a CIPSO packet.
e114e473
CS		 3818 * If there are flags but no level netlabel isn't
3819 * behaving the way we expect it to.
3820 *
f7112e6c 3821 * Look it up in the label table
e114e473
CS		 3822 * Without guidance regarding the smack value
3823 * for the packet fall back on the network
3824 * ambient value.
3825 */
f7112e6c 3826 rcu_read_lock();
348dc288 3827 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3828 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3829 continue;
677264e8
CS		 3830 /*
3831 * Compare the catsets. Use the netlbl APIs.
3832 */
3833 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3834 if ((skp->smk_netlabel.flags &
3835 NETLBL_SECATTR_MLS_CAT) == 0)
3836 found = 1;
3837 break;
3838 }
3839 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3840 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3841 acat + 1);
3842 kcat = netlbl_catmap_walk(
677264e8
CS		 3843 skp->smk_netlabel.attr.mls.cat,
3844 kcat + 1);
3845 if (acat < 0 || kcat < 0)
3846 break;
3847 }
3848 if (acat == kcat) {
3849 found = 1;
3850 break;
3851 }
6d3dc07c 3852 }
f7112e6c
CS		 3853 rcu_read_unlock();
3854
3855 if (found)
2f823ff8 3856 return skp;
f7112e6c 3857
54e70ec5 3858 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3859 return &smack_known_web;
3860 return &smack_known_star;
e114e473 3861 }
152f91d4 3862 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
6d3dc07c
CS		 3863 /*
3864 * Looks like a fallback, which gives us a secid.
3865 */
152f91d4 3866 return smack_from_secid(sap->attr.secid);
e114e473 3867 /*
6d3dc07c
CS		 3868 * Without guidance regarding the smack value
3869 * for the packet fall back on the network
3870 * ambient value.
e114e473 3871 */
272cd7a8 3872 return smack_net_ambient;
e114e473
CS		 3873}
3874
69f287ae 3875#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3876static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3877{
c6739443
CS		 3878 u8 nexthdr;
3879 int offset;
3880 int proto = -EINVAL;
3881 struct ipv6hdr _ipv6h;
3882 struct ipv6hdr *ip6;
3883 __be16 frag_off;
3884 struct tcphdr _tcph, *th;
3885 struct udphdr _udph, *uh;
3886 struct dccp_hdr _dccph, *dh;
3887
3888 sip->sin6_port = 0;
3889
3890 offset = skb_network_offset(skb);
3891 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3892 if (ip6 == NULL)
3893 return -EINVAL;
3894 sip->sin6_addr = ip6->saddr;
3895
3896 nexthdr = ip6->nexthdr;
3897 offset += sizeof(_ipv6h);
3898 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3899 if (offset < 0)
3900 return -EINVAL;
3901
3902 proto = nexthdr;
3903 switch (proto) {
3904 case IPPROTO_TCP:
3905 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3906 if (th != NULL)
3907 sip->sin6_port = th->source;
3908 break;
3909 case IPPROTO_UDP:
a07ef951 3910 case IPPROTO_UDPLITE:
c6739443
CS		 3911 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3912 if (uh != NULL)
3913 sip->sin6_port = uh->source;
3914 break;
3915 case IPPROTO_DCCP:
3916 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3917 if (dh != NULL)
3918 sip->sin6_port = dh->dccph_sport;
3919 break;
3920 }
3921 return proto;
3922}
69f287ae 3923#endif /* CONFIG_IPV6 */
c6739443 3924
e114e473
CS		 3925/**
3926 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3927 * @sk: socket
3928 * @skb: packet
3929 *
3930 * Returns 0 if the packet should be delivered, an error code otherwise
3931 */
3932static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3933{
3934 struct netlbl_lsm_secattr secattr;
3935 struct socket_smack *ssp = sk->sk_security;
69f287ae 3936 struct smack_known *skp = NULL;
c6739443 3937 int rc = 0;
ecfcc53f 3938 struct smk_audit_info ad;
129a9989 3939 u16 family = sk->sk_family;
923e9a13 3940#ifdef CONFIG_AUDIT
48c62af6 3941 struct lsm_network_audit net;
923e9a13 3942#endif
69f287ae
CS		 3943#if IS_ENABLED(CONFIG_IPV6)
3944 struct sockaddr_in6 sadd;
3945 int proto;
129a9989
PS		 3946
3947 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3948 family = PF_INET;
69f287ae
CS		 3949#endif /* CONFIG_IPV6 */
3950
129a9989 3951 switch (family) {
c6739443 3952 case PF_INET:
69f287ae
CS		 3953#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3954 /*
3955 * If there is a secmark use it rather than the CIPSO label.
3956 * If there is no secmark fall back to CIPSO.
3957 * The secmark is assumed to reflect policy better.
3958 */
3959 if (skb && skb->secmark != 0) {
3960 skp = smack_from_secid(skb->secmark);
3961 goto access_check;
3962 }
3963#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3964 /*
3965 * Translate what netlabel gave us.
3966 */
3967 netlbl_secattr_init(&secattr);
6d3dc07c 3968
129a9989 3969 rc = netlbl_skbuff_getattr(skb, family, &secattr);
c6739443 3970 if (rc == 0)
2f823ff8 3971 skp = smack_from_secattr(&secattr, ssp);
c6739443 3972 else
2f823ff8 3973 skp = smack_net_ambient;
6d3dc07c 3974
c6739443 3975 netlbl_secattr_destroy(&secattr);
6d3dc07c 3976
69f287ae
CS		 3977#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3978access_check:
3979#endif
ecfcc53f 3980#ifdef CONFIG_AUDIT
c6739443 3981 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3982 ad.a.u.net->family = family;
c6739443
CS		 3983 ad.a.u.net->netif = skb->skb_iif;
3984 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3985#endif
c6739443
CS		 3986 /*
3987 * Receiving a packet requires that the other end
3988 * be able to write here. Read access is not required.
3989 * This is the simplist possible security model
3990 * for networking.
3991 */
21c7eae2
LP		 3992 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3993 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3994 MAY_WRITE, rc);
c6739443 3995 if (rc != 0)
129a9989 3996 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 3997 break;
69f287ae 3998#if IS_ENABLED(CONFIG_IPV6)
c6739443 3999 case PF_INET6:
69f287ae 4000 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 4001 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4002 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 4003 break;
21abb1ec 4004#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae
CS		 4005 if (skb && skb->secmark != 0)
4006 skp = smack_from_secid(skb->secmark);
c6739443 4007 else
21abb1ec
CS		 4008 skp = smack_ipv6host_label(&sadd);
4009 if (skp == NULL)
69f287ae
CS		 4010 skp = smack_net_ambient;
4011#ifdef CONFIG_AUDIT
4012 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 4013 ad.a.u.net->family = family;
69f287ae
CS		 4014 ad.a.u.net->netif = skb->skb_iif;
4015 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4016#endif /* CONFIG_AUDIT */
4017 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4018 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4019 MAY_WRITE, rc);
21abb1ec
CS		 4020#endif /* SMACK_IPV6_SECMARK_LABELING */
4021#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 4022 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 4023#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 4024 if (rc != 0)
4025 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4026 ICMPV6_ADM_PROHIBITED, 0);
c6739443 4027 break;
69f287ae 4028#endif /* CONFIG_IPV6 */
c6739443 4029 }
69f287ae 4030
a8134296 4031 return rc;
e114e473
CS		 4032}
4033
4034/**
4035 * smack_socket_getpeersec_stream - pull in packet label
4036 * @sock: the socket
4037 * @optval: user's destination
4038 * @optlen: size thereof
251a2a95 4039 * @len: max thereof
e114e473
CS		 4040 *
4041 * returns zero on success, an error code otherwise
4042 */
4043static int smack_socket_getpeersec_stream(struct socket *sock,
4044 char __user *optval,
4045 int __user *optlen, unsigned len)
4046{
4047 struct socket_smack *ssp;
272cd7a8
CS		 4048 char *rcp = "";
4049 int slen = 1;
e114e473
CS		 4050 int rc = 0;
4051
4052 ssp = sock->sk->sk_security;
272cd7a8 4053 if (ssp->smk_packet != NULL) {
54e70ec5 4054 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4055 slen = strlen(rcp) + 1;
4056 }
e114e473
CS		 4057
4058 if (slen > len)
4059 rc = -ERANGE;
272cd7a8 4060 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 4061 rc = -EFAULT;
4062
4063 if (put_user(slen, optlen) != 0)
4064 rc = -EFAULT;
4065
4066 return rc;
4067}
4068
4069
4070/**
4071 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4072 * @sock: the peer socket
e114e473
CS		 4073 * @skb: packet data
4074 * @secid: pointer to where to put the secid of the packet
4075 *
4076 * Sets the netlabel socket state on sk from parent
4077 */
4078static int smack_socket_getpeersec_dgram(struct socket *sock,
4079 struct sk_buff *skb, u32 *secid)
4080
4081{
4082 struct netlbl_lsm_secattr secattr;
272cd7a8 4083 struct socket_smack *ssp = NULL;
2f823ff8 4084 struct smack_known *skp;
b4e0d5f0
CS		 4085 int family = PF_UNSPEC;
4086 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 4087 int rc;
4088
b4e0d5f0
CS		 4089 if (skb != NULL) {
4090 if (skb->protocol == htons(ETH_P_IP))
4091 family = PF_INET;
69f287ae 4092#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4093 else if (skb->protocol == htons(ETH_P_IPV6))
4094 family = PF_INET6;
69f287ae 4095#endif /* CONFIG_IPV6 */
e114e473 4096 }
b4e0d5f0
CS		 4097 if (family == PF_UNSPEC && sock != NULL)
4098 family = sock->sk->sk_family;
e114e473 4099
69f287ae
CS		 4100 switch (family) {
4101 case PF_UNIX:
272cd7a8 4102 ssp = sock->sk->sk_security;
2f823ff8 4103 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4104 break;
4105 case PF_INET:
4106#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4107 s = skb->secmark;
4108 if (s != 0)
4109 break;
4110#endif
b4e0d5f0
CS		 4111 /*
4112 * Translate what netlabel gave us.
4113 */
272cd7a8
CS		 4114 if (sock != NULL && sock->sk != NULL)
4115 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 4116 netlbl_secattr_init(&secattr);
4117 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4118 if (rc == 0) {
2f823ff8
CS		 4119 skp = smack_from_secattr(&secattr, ssp);
4120 s = skp->smk_secid;
b4e0d5f0
CS		 4121 }
4122 netlbl_secattr_destroy(&secattr);
69f287ae 4123 break;
69f287ae 4124 case PF_INET6:
21abb1ec 4125#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae 4126 s = skb->secmark;
21abb1ec 4127#endif
69f287ae 4128 break;
b4e0d5f0
CS		 4129 }
4130 *secid = s;
e114e473
CS		 4131 if (s == 0)
4132 return -EINVAL;
e114e473
CS		 4133 return 0;
4134}
4135
4136/**
07feee8f
PM		 4137 * smack_sock_graft - Initialize a newly created socket with an existing sock
4138 * @sk: child sock
4139 * @parent: parent socket
e114e473 4140 *
07feee8f
PM		 4141 * Set the smk_{in,out} state of an existing sock based on the process that
4142 * is creating the new socket.
e114e473
CS		 4143 */
4144static void smack_sock_graft(struct sock *sk, struct socket *parent)
4145{
4146 struct socket_smack *ssp;
2f823ff8 4147 struct smack_known *skp = smk_of_current();
e114e473 4148
07feee8f
PM		 4149 if (sk == NULL ||
4150 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4151 return;
4152
4153 ssp = sk->sk_security;
54e70ec5 4154 ssp->smk_in = skp;
2f823ff8 4155 ssp->smk_out = skp;
07feee8f 4156 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4157}
4158
4159/**
4160 * smack_inet_conn_request - Smack access check on connect
4161 * @sk: socket involved
4162 * @skb: packet
4163 * @req: unused
4164 *
4165 * Returns 0 if a task with the packet label could write to
4166 * the socket, otherwise an error code
4167 */
4168static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4169 struct request_sock *req)
4170{
07feee8f 4171 u16 family = sk->sk_family;
f7112e6c 4172 struct smack_known *skp;
e114e473 4173 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4174 struct netlbl_lsm_secattr secattr;
4175 struct sockaddr_in addr;
4176 struct iphdr *hdr;
21c7eae2 4177 struct smack_known *hskp;
e114e473 4178 int rc;
ecfcc53f 4179 struct smk_audit_info ad;
923e9a13 4180#ifdef CONFIG_AUDIT
48c62af6 4181 struct lsm_network_audit net;
923e9a13 4182#endif
e114e473 4183
69f287ae 4184#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4185 if (family == PF_INET6) {
4186 /*
4187 * Handle mapped IPv4 packets arriving
4188 * via IPv6 sockets. Don't set up netlabel
4189 * processing on IPv6.
4190 */
4191 if (skb->protocol == htons(ETH_P_IP))
4192 family = PF_INET;
4193 else
4194 return 0;
4195 }
69f287ae 4196#endif /* CONFIG_IPV6 */
e114e473 4197
7f368ad3
CS		 4198#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4199 /*
4200 * If there is a secmark use it rather than the CIPSO label.
4201 * If there is no secmark fall back to CIPSO.
4202 * The secmark is assumed to reflect policy better.
4203 */
4204 if (skb && skb->secmark != 0) {
4205 skp = smack_from_secid(skb->secmark);
4206 goto access_check;
4207 }
4208#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4209
07feee8f
PM		 4210 netlbl_secattr_init(&secattr);
4211 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 4212 if (rc == 0)
2f823ff8 4213 skp = smack_from_secattr(&secattr, ssp);
e114e473 4214 else
2f823ff8 4215 skp = &smack_known_huh;
07feee8f
PM		 4216 netlbl_secattr_destroy(&secattr);
4217
7f368ad3
CS		 4218#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4219access_check:
4220#endif
4221
ecfcc53f 4222#ifdef CONFIG_AUDIT
48c62af6
EP		 4223 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4224 ad.a.u.net->family = family;
4225 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4226 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4227#endif
e114e473 4228 /*
07feee8f
PM		 4229 * Receiving a packet requires that the other end be able to write
4230 * here. Read access is not required.
e114e473 4231 */
21c7eae2
LP		 4232 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4233 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4234 if (rc != 0)
4235 return rc;
4236
4237 /*
4238 * Save the peer's label in the request_sock so we can later setup
4239 * smk_packet in the child socket so that SO_PEERCRED can report it.
4240 */
2f823ff8 4241 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4242
4243 /*
4244 * We need to decide if we want to label the incoming connection here
4245 * if we do we only need to label the request_sock and the stack will
25985edc 4246 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4247 */
4248 hdr = ip_hdr(skb);
4249 addr.sin_addr.s_addr = hdr->saddr;
4250 rcu_read_lock();
21abb1ec 4251 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4252 rcu_read_unlock();
4253
21c7eae2 4254 if (hskp == NULL)
f7112e6c 4255 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4256 else
07feee8f 4257 netlbl_req_delattr(req);
e114e473
CS		 4258
4259 return rc;
4260}
4261
07feee8f
PM		 4262/**
4263 * smack_inet_csk_clone - Copy the connection information to the new socket
4264 * @sk: the new socket
4265 * @req: the connection's request_sock
4266 *
4267 * Transfer the connection's peer label to the newly created socket.
4268 */
4269static void smack_inet_csk_clone(struct sock *sk,
4270 const struct request_sock *req)
4271{
4272 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4273 struct smack_known *skp;
07feee8f 4274
2f823ff8
CS		 4275 if (req->peer_secid != 0) {
4276 skp = smack_from_secid(req->peer_secid);
54e70ec5 4277 ssp->smk_packet = skp;
2f823ff8 4278 } else
272cd7a8 4279 ssp->smk_packet = NULL;
07feee8f
PM		 4280}
4281
e114e473
CS		 4282/*
4283 * Key management security hooks
4284 *
4285 * Casey has not tested key support very heavily.
4286 * The permission check is most likely too restrictive.
4287 * If you care about keys please have a look.
4288 */
4289#ifdef CONFIG_KEYS
4290
4291/**
4292 * smack_key_alloc - Set the key security blob
4293 * @key: object
d84f4f99 4294 * @cred: the credentials to use
e114e473
CS		 4295 * @flags: unused
4296 *
4297 * No allocation required
4298 *
4299 * Returns 0
4300 */
d84f4f99 4301static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4302 unsigned long flags)
4303{
2f823ff8
CS		 4304 struct smack_known *skp = smk_of_task(cred->security);
4305
21c7eae2 4306 key->security = skp;
e114e473
CS		 4307 return 0;
4308}
4309
4310/**
4311 * smack_key_free - Clear the key security blob
4312 * @key: the object
4313 *
4314 * Clear the blob pointer
4315 */
4316static void smack_key_free(struct key *key)
4317{
4318 key->security = NULL;
4319}
4320
1a28979b 4321/**
e114e473
CS		 4322 * smack_key_permission - Smack access on a key
4323 * @key_ref: gets to the object
d84f4f99 4324 * @cred: the credentials to use
1a28979b 4325 * @perm: requested key permissions
e114e473
CS		 4326 *
4327 * Return 0 if the task has read and write to the object,
4328 * an error code otherwise
4329 */
4330static int smack_key_permission(key_ref_t key_ref,
f5895943 4331 const struct cred *cred, unsigned perm)
e114e473
CS		 4332{
4333 struct key *keyp;
ecfcc53f 4334 struct smk_audit_info ad;
2f823ff8 4335 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 4336 int request = 0;
d166c802 4337 int rc;
e114e473 4338
5b841bfa
ZM		 4339 /*
4340 * Validate requested permissions
4341 */
4342 if (perm & ~KEY_NEED_ALL)
4343 return -EINVAL;
4344
e114e473
CS		 4345 keyp = key_ref_to_ptr(key_ref);
4346 if (keyp == NULL)
4347 return -EINVAL;
4348 /*
4349 * If the key hasn't been initialized give it access so that
4350 * it may do so.
4351 */
4352 if (keyp->security == NULL)
4353 return 0;
4354 /*
4355 * This should not occur
4356 */
2f823ff8 4357 if (tkp == NULL)
e114e473 4358 return -EACCES;
d19dfe58
CS		 4359
4360 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4361 return 0;
4362
ecfcc53f
EB		 4363#ifdef CONFIG_AUDIT
4364 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4365 ad.a.u.key_struct.key = keyp->serial;
4366 ad.a.u.key_struct.key_desc = keyp->description;
4367#endif
5b841bfa
ZM		 4368 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4369 request |= MAY_READ;
fffea214 4370 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
5b841bfa 4371 request |= MAY_WRITE;
d166c802
CS		 4372 rc = smk_access(tkp, keyp->security, request, &ad);
4373 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4374 return rc;
e114e473 4375}
7fc5f36e
JB		 4376
4377/*
4378 * smack_key_getsecurity - Smack label tagging the key
4379 * @key points to the key to be queried
4380 * @_buffer points to a pointer that should be set to point to the
4381 * resulting string (if no label or an error occurs).
4382 * Return the length of the string (including terminating NUL) or -ve if
4383 * an error.
4384 * May also return 0 (and a NULL buffer pointer) if there is no label.
4385 */
4386static int smack_key_getsecurity(struct key *key, char **_buffer)
4387{
4388 struct smack_known *skp = key->security;
4389 size_t length;
4390 char *copy;
4391
4392 if (key->security == NULL) {
4393 *_buffer = NULL;
4394 return 0;
4395 }
4396
4397 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4398 if (copy == NULL)
4399 return -ENOMEM;
4400 length = strlen(copy) + 1;
4401
4402 *_buffer = copy;
4403 return length;
4404}
4405
e114e473
CS		 4406#endif /* CONFIG_KEYS */
4407
d20bdda6
AD		 4408/*
4409 * Smack Audit hooks
4410 *
4411 * Audit requires a unique representation of each Smack specific
4412 * rule. This unique representation is used to distinguish the
4413 * object to be audited from remaining kernel objects and also
4414 * works as a glue between the audit hooks.
4415 *
4416 * Since repository entries are added but never deleted, we'll use
4417 * the smack_known label address related to the given audit rule as
4418 * the needed unique representation. This also better fits the smack
4419 * model where nearly everything is a label.
4420 */
4421#ifdef CONFIG_AUDIT
4422
4423/**
4424 * smack_audit_rule_init - Initialize a smack audit rule
4425 * @field: audit rule fields given from user-space (audit.h)
4426 * @op: required testing operator (=, !=, >, <, ...)
4427 * @rulestr: smack label to be audited
4428 * @vrule: pointer to save our own audit rule representation
4429 *
4430 * Prepare to audit cases where (@field @op @rulestr) is true.
4431 * The label to be audited is created if necessay.
4432 */
4433static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4434{
21c7eae2 4435 struct smack_known *skp;
d20bdda6
AD		 4436 char **rule = (char **)vrule;
4437 *rule = NULL;
4438
4439 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4440 return -EINVAL;
4441
5af75d8d 4442 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4443 return -EINVAL;
4444
21c7eae2 4445 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4446 if (IS_ERR(skp))
4447 return PTR_ERR(skp);
4448
4449 *rule = skp->smk_known;
d20bdda6
AD		 4450
4451 return 0;
4452}
4453
4454/**
4455 * smack_audit_rule_known - Distinguish Smack audit rules
4456 * @krule: rule of interest, in Audit kernel representation format
4457 *
4458 * This is used to filter Smack rules from remaining Audit ones.
4459 * If it's proved that this rule belongs to us, the
4460 * audit_rule_match hook will be called to do the final judgement.
4461 */
4462static int smack_audit_rule_known(struct audit_krule *krule)
4463{
4464 struct audit_field *f;
4465 int i;
4466
4467 for (i = 0; i < krule->field_count; i++) {
4468 f = &krule->fields[i];
4469
4470 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4471 return 1;
4472 }
4473
4474 return 0;
4475}
4476
4477/**
4478 * smack_audit_rule_match - Audit given object ?
4479 * @secid: security id for identifying the object to test
4480 * @field: audit rule flags given from user-space
4481 * @op: required testing operator
4482 * @vrule: smack internal rule presentation
4483 * @actx: audit context associated with the check
4484 *
4485 * The core Audit hook. It's used to take the decision of
4486 * whether to audit or not to audit a given object.
4487 */
4488static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4489 struct audit_context *actx)
4490{
2f823ff8 4491 struct smack_known *skp;
d20bdda6
AD		 4492 char *rule = vrule;
4493
4eb0f4ab
RGB		 4494 if (unlikely(!rule)) {
4495 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4496 return -ENOENT;
4497 }
4498
4499 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4500 return 0;
4501
2f823ff8 4502 skp = smack_from_secid(secid);
d20bdda6
AD		 4503
4504 /*
4505 * No need to do string comparisons. If a match occurs,
4506 * both pointers will point to the same smack_known
4507 * label.
4508 */
5af75d8d 4509 if (op == Audit_equal)
2f823ff8 4510 return (rule == skp->smk_known);
5af75d8d 4511 if (op == Audit_not_equal)
2f823ff8 4512 return (rule != skp->smk_known);
d20bdda6
AD		 4513
4514 return 0;
4515}
4516
491a0b08
CS		 4517/*
4518 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4519 * No memory was allocated.
4520 */
d20bdda6
AD		 4521
4522#endif /* CONFIG_AUDIT */
4523
746df9b5
DQ		 4524/**
4525 * smack_ismaclabel - check if xattr @name references a smack MAC label
4526 * @name: Full xattr name to check.
4527 */
4528static int smack_ismaclabel(const char *name)
4529{
4530 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4531}
4532
4533
251a2a95 4534/**
e114e473
CS		 4535 * smack_secid_to_secctx - return the smack label for a secid
4536 * @secid: incoming integer
4537 * @secdata: destination
4538 * @seclen: how long it is
4539 *
4540 * Exists for networking code.
4541 */
4542static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4543{
2f823ff8 4544 struct smack_known *skp = smack_from_secid(secid);
e114e473 4545
d5630b9d 4546 if (secdata)
2f823ff8
CS		 4547 *secdata = skp->smk_known;
4548 *seclen = strlen(skp->smk_known);
e114e473
CS		 4549 return 0;
4550}
4551
251a2a95 4552/**
4bc87e62
CS		 4553 * smack_secctx_to_secid - return the secid for a smack label
4554 * @secdata: smack label
4555 * @seclen: how long result is
4556 * @secid: outgoing integer
4557 *
4558 * Exists for audit and networking code.
4559 */
e52c1764 4560static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4561{
21c7eae2
LP		 4562 struct smack_known *skp = smk_find_entry(secdata);
4563
4564 if (skp)
4565 *secid = skp->smk_secid;
4566 else
4567 *secid = 0;
4bc87e62
CS		 4568 return 0;
4569}
4570
491a0b08
CS		 4571/*
4572 * There used to be a smack_release_secctx hook
4573 * that did nothing back when hooks were in a vector.
4574 * Now that there's a list such a hook adds cost.
e114e473 4575 */
e114e473 4576
1ee65e37
DQ		 4577static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4578{
4579 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4580}
4581
4582static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4583{
4584 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4585}
4586
4587static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4588{
0f8983cf 4589 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4590
0f8983cf
CS		 4591 *ctx = skp->smk_known;
4592 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4593 return 0;
4594}
4595
d6d80cb5
CS		 4596static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4597{
4598
4599 struct task_smack *tsp;
4600 struct smack_known *skp;
4601 struct inode_smack *isp;
4602 struct cred *new_creds = *new;
4603
4604 if (new_creds == NULL) {
4605 new_creds = prepare_creds();
4606 if (new_creds == NULL)
4607 return -ENOMEM;
4608 }
4609
4610 tsp = new_creds->security;
4611
4612 /*
4613 * Get label from overlay inode and set it in create_sid
4614 */
4615 isp = d_inode(dentry->d_parent)->i_security;
4616 skp = isp->smk_inode;
4617 tsp->smk_task = skp;
4618 *new = new_creds;
4619 return 0;
4620}
4621
4622static int smack_inode_copy_up_xattr(const char *name)
4623{
4624 /*
4625 * Return 1 if this is the smack access Smack attribute.
4626 */
4627 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4628 return 1;
4629
4630 return -EOPNOTSUPP;
4631}
4632
4633static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4634 struct qstr *name,
4635 const struct cred *old,
4636 struct cred *new)
4637{
4638 struct task_smack *otsp = old->security;
4639 struct task_smack *ntsp = new->security;
4640 struct inode_smack *isp;
4641 int may;
4642
4643 /*
4644 * Use the process credential unless all of
4645 * the transmuting criteria are met
4646 */
4647 ntsp->smk_task = otsp->smk_task;
4648
4649 /*
4650 * the attribute of the containing directory
4651 */
4652 isp = d_inode(dentry->d_parent)->i_security;
4653
4654 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4655 rcu_read_lock();
4656 may = smk_access_entry(otsp->smk_task->smk_known,
4657 isp->smk_inode->smk_known,
4658 &otsp->smk_task->smk_rules);
4659 rcu_read_unlock();
4660
4661 /*
4662 * If the directory is transmuting and the rule
4663 * providing access is transmuting use the containing
4664 * directory label instead of the process label.
4665 */
4666 if (may > 0 && (may & MAY_TRANSMUTE))
4667 ntsp->smk_task = isp->smk_inode;
4668 }
4669 return 0;
4670}
4671
ca97d939 4672static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4673 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4674 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4675 LSM_HOOK_INIT(syslog, smack_syslog),
4676
0b52075e 4677 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
2febd254
DH		 4678 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4679
e20b043a
CS		 4680 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4681 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
204cc0cc 4682 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 4683 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 4684 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 4685 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a
CS		 4686
4687 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
e20b043a
CS		 4688
4689 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4690 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4691 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4692 LSM_HOOK_INIT(inode_link, smack_inode_link),
4693 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4694 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4695 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4696 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4697 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4698 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4699 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4700 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4701 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4702 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4703 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4704 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4705 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4706 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4707
e20b043a
CS		 4708 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4709 LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4710 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4711 LSM_HOOK_INIT(file_lock, smack_file_lock),
4712 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4713 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4714 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4715 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4716 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4717 LSM_HOOK_INIT(file_receive, smack_file_receive),
4718
4719 LSM_HOOK_INIT(file_open, smack_file_open),
4720
4721 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4722 LSM_HOOK_INIT(cred_free, smack_cred_free),
4723 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4724 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 4725 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 4726 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4727 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4728 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4729 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4730 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4731 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4732 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4733 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4734 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4735 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4736 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4737 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4738 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4739 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4740
4741 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4742 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4743
4744 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4745 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4746
0d79cbf8
EB		 4747 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4748 LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
e20b043a
CS		 4749 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4750 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4751 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4752 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4753
0d79cbf8
EB		 4754 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4755 LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
e20b043a
CS		 4756 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4757 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4758 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4759
0d79cbf8
EB		 4760 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4761 LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
e20b043a
CS		 4762 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4763 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4764 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4765
4766 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4767
4768 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4769 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4770
4771 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4772 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4773
4774 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 4775 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 4776#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4777 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4778#endif
e20b043a
CS		 4779 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4780 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4781 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4782 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4783 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4784 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4785 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4786 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4787 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4788 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4789
e114e473
CS		 4790 /* key management security hooks */
4791#ifdef CONFIG_KEYS
e20b043a
CS		 4792 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4793 LSM_HOOK_INIT(key_free, smack_key_free),
4794 LSM_HOOK_INIT(key_permission, smack_key_permission),
4795 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
e114e473 4796#endif /* CONFIG_KEYS */
d20bdda6
AD		 4797
4798 /* Audit hooks */
4799#ifdef CONFIG_AUDIT
e20b043a
CS		 4800 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4801 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4802 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4803#endif /* CONFIG_AUDIT */
4804
e20b043a
CS		 4805 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4806 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4807 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4808 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4809 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4810 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 4811 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4812 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4813 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
e114e473
CS		 4814};
4815
7198e2ee 4816
86812bb0 4817static __init void init_smack_known_list(void)
7198e2ee 4818{
86812bb0
CS		 4819 /*
4820 * Initialize rule list locks
4821 */
4822 mutex_init(&smack_known_huh.smk_rules_lock);
4823 mutex_init(&smack_known_hat.smk_rules_lock);
4824 mutex_init(&smack_known_floor.smk_rules_lock);
4825 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4826 mutex_init(&smack_known_web.smk_rules_lock);
4827 /*
4828 * Initialize rule lists
4829 */
4830 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4831 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4832 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4833 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4834 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4835 /*
4836 * Create the known labels list
4837 */
4d7cf4a1
TS		 4838 smk_insert_entry(&smack_known_huh);
4839 smk_insert_entry(&smack_known_hat);
4840 smk_insert_entry(&smack_known_star);
4841 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4842 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4843}
4844
e114e473
CS		 4845/**
4846 * smack_init - initialize the smack system
4847 *
4848 * Returns 0
4849 */
4850static __init int smack_init(void)
4851{
d84f4f99 4852 struct cred *cred;
676dac4b 4853 struct task_smack *tsp;
d84f4f99 4854
b1d9e6b0 4855 if (!security_module_enable("smack"))
7898e1f8
CS		 4856 return 0;
4857
1a5b472b
R		 4858 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4859 if (!smack_inode_cache)
4860 return -ENOMEM;
4861
2f823ff8
CS		 4862 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4863 GFP_KERNEL);
1a5b472b
R		 4864 if (tsp == NULL) {
4865 kmem_cache_destroy(smack_inode_cache);
676dac4b 4866 return -ENOMEM;
1a5b472b 4867 }
676dac4b 4868
d21b7b04
JB		 4869 smack_enabled = 1;
4870
21abb1ec
CS		 4871 pr_info("Smack: Initializing.\n");
4872#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4873 pr_info("Smack: Netfilter enabled.\n");
4874#endif
4875#ifdef SMACK_IPV6_PORT_LABELING
4876 pr_info("Smack: IPv6 port labeling enabled.\n");
4877#endif
4878#ifdef SMACK_IPV6_SECMARK_LABELING
4879 pr_info("Smack: IPv6 Netfilter enabled.\n");
4880#endif
e114e473
CS		 4881
4882 /*
4883 * Set the security state for the initial task.
4884 */
d84f4f99 4885 cred = (struct cred *) current->cred;
676dac4b 4886 cred->security = tsp;
e114e473 4887
86812bb0
CS		 4888 /* initialize the smack_known_list */
4889 init_smack_known_list();
e114e473
CS		 4890
4891 /*
4892 * Register with LSM
4893 */
d69dece5 4894 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
e114e473
CS		 4895
4896 return 0;
4897}
4898
4899/*
4900 * Smack requires early initialization in order to label
4901 * all processes and objects when they are created.
4902 */
3d6e5f6d 4903DEFINE_LSM(smack) = {
07aed2f2 4904 .name = "smack",
3d6e5f6d
KC		 4905 .init = smack_init,
4906};
Linux 6.x block layer and io_uring tree(s)