projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Smack: Rework file hooks
[linux-block.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
5a0e3ad6 31#include <linux/slab.h>
e114e473
CS		 32#include <linux/mutex.h>
33#include <linux/pipe_fs_i.h>
e114e473 34#include <net/cipso_ipv4.h>
c6739443
CS		 35#include <net/ip.h>
36#include <net/ipv6.h>
d20bdda6 37#include <linux/audit.h>
1fd7317d 38#include <linux/magic.h>
2a7dba39 39#include <linux/dcache.h>
16014d87 40#include <linux/personality.h>
40401530
AV		 41#include <linux/msg.h>
42#include <linux/shm.h>
43#include <linux/binfmts.h>
e114e473
CS		 44#include "smack.h"
45
c69e8d9c
DH		 46#define task_security(task) (task_cred_xxx((task), security))
47
5c6d1125
JS		 48#define TRANS_TRUE "TRUE"
49#define TRANS_TRUE_SIZE 4
50
c6739443
CS		 51#define SMK_CONNECTING 0
52#define SMK_RECEIVING 1
53#define SMK_SENDING 2
54
55LIST_HEAD(smk_ipv6_port_list);
1a5b472b 56static struct kmem_cache *smack_inode_cache;
c6739443 57
d166c802
CS		 58#ifdef CONFIG_SECURITY_SMACK_BRINGUP
59static void smk_bu_mode(int mode, char *s)
60{
61 int i = 0;
62
63 if (mode & MAY_READ)
64 s[i++] = 'r';
65 if (mode & MAY_WRITE)
66 s[i++] = 'w';
67 if (mode & MAY_EXEC)
68 s[i++] = 'x';
69 if (mode & MAY_APPEND)
70 s[i++] = 'a';
71 if (mode & MAY_TRANSMUTE)
72 s[i++] = 't';
73 if (mode & MAY_LOCK)
74 s[i++] = 'l';
75 if (i == 0)
76 s[i++] = '-';
77 s[i] = '\0';
78}
79#endif
80
81#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 82static int smk_bu_note(char *note, struct smack_known *sskp,
83 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 84{
85 char acc[SMK_NUM_ACCESS_TYPE + 1];
86
87 if (rc <= 0)
88 return rc;
89
90 smk_bu_mode(mode, acc);
91 pr_info("Smack Bringup: (%s %s %s) %s\n",
21c7eae2 92 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 93 return 0;
94}
95#else
21c7eae2 96#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 97#endif
98
99#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 100static int smk_bu_current(char *note, struct smack_known *oskp,
101 int mode, int rc)
d166c802
CS		 102{
103 struct task_smack *tsp = current_security();
104 char acc[SMK_NUM_ACCESS_TYPE + 1];
105
106 if (rc <= 0)
107 return rc;
108
109 smk_bu_mode(mode, acc);
110 pr_info("Smack Bringup: (%s %s %s) %s %s\n",
21c7eae2
LP		 111 tsp->smk_task->smk_known, oskp->smk_known,
112 acc, current->comm, note);
d166c802
CS		 113 return 0;
114}
115#else
21c7eae2 116#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 117#endif
118
119#ifdef CONFIG_SECURITY_SMACK_BRINGUP
120static int smk_bu_task(struct task_struct *otp, int mode, int rc)
121{
122 struct task_smack *tsp = current_security();
123 struct task_smack *otsp = task_security(otp);
124 char acc[SMK_NUM_ACCESS_TYPE + 1];
125
126 if (rc <= 0)
127 return rc;
128
129 smk_bu_mode(mode, acc);
130 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
131 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
132 current->comm, otp->comm);
133 return 0;
134}
135#else
136#define smk_bu_task(otp, mode, RC) (RC)
137#endif
138
139#ifdef CONFIG_SECURITY_SMACK_BRINGUP
140static int smk_bu_inode(struct inode *inode, int mode, int rc)
141{
142 struct task_smack *tsp = current_security();
143 char acc[SMK_NUM_ACCESS_TYPE + 1];
144
145 if (rc <= 0)
146 return rc;
147
148 smk_bu_mode(mode, acc);
149 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
21c7eae2 150 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
d166c802
CS		 151 inode->i_sb->s_id, inode->i_ino, current->comm);
152 return 0;
153}
154#else
155#define smk_bu_inode(inode, mode, RC) (RC)
156#endif
157
158#ifdef CONFIG_SECURITY_SMACK_BRINGUP
159static int smk_bu_file(struct file *file, int mode, int rc)
160{
161 struct task_smack *tsp = current_security();
162 struct smack_known *sskp = tsp->smk_task;
5e7270a6 163 struct inode *inode = file_inode(file);
d166c802
CS		 164 char acc[SMK_NUM_ACCESS_TYPE + 1];
165
166 if (rc <= 0)
167 return rc;
168
169 smk_bu_mode(mode, acc);
a455589f 170 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
5e7270a6 171 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 172 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 173 current->comm);
174 return 0;
175}
176#else
177#define smk_bu_file(file, mode, RC) (RC)
178#endif
179
180#ifdef CONFIG_SECURITY_SMACK_BRINGUP
181static int smk_bu_credfile(const struct cred *cred, struct file *file,
182 int mode, int rc)
183{
184 struct task_smack *tsp = cred->security;
185 struct smack_known *sskp = tsp->smk_task;
186 struct inode *inode = file->f_inode;
187 char acc[SMK_NUM_ACCESS_TYPE + 1];
188
189 if (rc <= 0)
190 return rc;
191
192 smk_bu_mode(mode, acc);
a455589f 193 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
21c7eae2 194 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 195 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 196 current->comm);
197 return 0;
198}
199#else
200#define smk_bu_credfile(cred, file, mode, RC) (RC)
201#endif
202
e114e473
CS		 203/**
204 * smk_fetch - Fetch the smack label from a file.
1a28979b 205 * @name: type of the label (attribute)
e114e473
CS		 206 * @ip: a pointer to the inode
207 * @dp: a pointer to the dentry
208 *
209 * Returns a pointer to the master list entry for the Smack label
210 * or NULL if there was no label to fetch.
211 */
2f823ff8
CS		 212static struct smack_known *smk_fetch(const char *name, struct inode *ip,
213 struct dentry *dp)
e114e473
CS		 214{
215 int rc;
f7112e6c 216 char *buffer;
2f823ff8 217 struct smack_known *skp = NULL;
e114e473
CS		 218
219 if (ip->i_op->getxattr == NULL)
220 return NULL;
221
f7112e6c
CS		 222 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
223 if (buffer == NULL)
e114e473
CS		 224 return NULL;
225
f7112e6c
CS		 226 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
227 if (rc > 0)
2f823ff8 228 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 229
230 kfree(buffer);
231
2f823ff8 232 return skp;
e114e473
CS		 233}
234
235/**
236 * new_inode_smack - allocate an inode security blob
21c7eae2 237 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 238 *
239 * Returns the new blob or NULL if there's no memory available
240 */
21c7eae2 241struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 242{
243 struct inode_smack *isp;
244
1a5b472b 245 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 246 if (isp == NULL)
247 return NULL;
248
21c7eae2 249 isp->smk_inode = skp;
e114e473
CS		 250 isp->smk_flags = 0;
251 mutex_init(&isp->smk_lock);
252
253 return isp;
254}
255
7898e1f8
CS		 256/**
257 * new_task_smack - allocate a task security blob
1a28979b
LP		 258 * @task: a pointer to the Smack label for the running task
259 * @forked: a pointer to the Smack label for the forked task
260 * @gfp: type of the memory for the allocation
7898e1f8
CS		 261 *
262 * Returns the new blob or NULL if there's no memory available
263 */
2f823ff8
CS		 264static struct task_smack *new_task_smack(struct smack_known *task,
265 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 266{
267 struct task_smack *tsp;
268
269 tsp = kzalloc(sizeof(struct task_smack), gfp);
270 if (tsp == NULL)
271 return NULL;
272
273 tsp->smk_task = task;
274 tsp->smk_forked = forked;
275 INIT_LIST_HEAD(&tsp->smk_rules);
276 mutex_init(&tsp->smk_rules_lock);
277
278 return tsp;
279}
280
281/**
282 * smk_copy_rules - copy a rule set
1a28979b
LP		 283 * @nhead: new rules header pointer
284 * @ohead: old rules header pointer
285 * @gfp: type of the memory for the allocation
7898e1f8
CS		 286 *
287 * Returns 0 on success, -ENOMEM on error
288 */
289static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
290 gfp_t gfp)
291{
292 struct smack_rule *nrp;
293 struct smack_rule *orp;
294 int rc = 0;
295
296 INIT_LIST_HEAD(nhead);
297
298 list_for_each_entry_rcu(orp, ohead, list) {
299 nrp = kzalloc(sizeof(struct smack_rule), gfp);
300 if (nrp == NULL) {
301 rc = -ENOMEM;
302 break;
303 }
304 *nrp = *orp;
305 list_add_rcu(&nrp->list, nhead);
306 }
307 return rc;
308}
309
5663884c
LP		 310/**
311 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
312 * @mode - input mode in form of PTRACE_MODE_*
313 *
314 * Returns a converted MAY_* mode usable by smack rules
315 */
316static inline unsigned int smk_ptrace_mode(unsigned int mode)
317{
318 switch (mode) {
319 case PTRACE_MODE_READ:
320 return MAY_READ;
321 case PTRACE_MODE_ATTACH:
322 return MAY_READWRITE;
323 }
324
325 return 0;
326}
327
328/**
329 * smk_ptrace_rule_check - helper for ptrace access
330 * @tracer: tracer process
21c7eae2 331 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 332 * @mode: ptrace attachment mode (PTRACE_MODE_*)
333 * @func: name of the function that called us, used for audit
334 *
335 * Returns 0 on access granted, -error on error
336 */
21c7eae2
LP		 337static int smk_ptrace_rule_check(struct task_struct *tracer,
338 struct smack_known *tracee_known,
5663884c
LP		 339 unsigned int mode, const char *func)
340{
341 int rc;
342 struct smk_audit_info ad, *saip = NULL;
343 struct task_smack *tsp;
21c7eae2 344 struct smack_known *tracer_known;
5663884c
LP		 345
346 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
347 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
348 smk_ad_setfield_u_tsk(&ad, tracer);
349 saip = &ad;
350 }
351
352 tsp = task_security(tracer);
21c7eae2 353 tracer_known = smk_of_task(tsp);
5663884c 354
66867818
LP		 355 if ((mode & PTRACE_MODE_ATTACH) &&
356 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
357 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 358 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 359 rc = 0;
360 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
361 rc = -EACCES;
362 else if (capable(CAP_SYS_PTRACE))
363 rc = 0;
364 else
365 rc = -EACCES;
366
367 if (saip)
21c7eae2
LP		 368 smack_log(tracer_known->smk_known,
369 tracee_known->smk_known,
370 0, rc, saip);
66867818
LP		 371
372 return rc;
373 }
374
375 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 376 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
5663884c
LP		 377 return rc;
378}
379
e114e473
CS		 380/*
381 * LSM hooks.
382 * We he, that is fun!
383 */
384
385/**
9e48858f 386 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 387 * @ctp: child task pointer
5663884c 388 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 389 *
390 * Returns 0 if access is OK, an error code otherwise
391 *
5663884c 392 * Do the capability checks.
e114e473 393 */
9e48858f 394static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473
CS		 395{
396 int rc;
2f823ff8 397 struct smack_known *skp;
e114e473 398
9e48858f 399 rc = cap_ptrace_access_check(ctp, mode);
e114e473
CS		 400 if (rc != 0)
401 return rc;
402
2f823ff8 403 skp = smk_of_task(task_security(ctp));
ecfcc53f 404
21c7eae2 405 rc = smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 406 return rc;
407}
408
409/**
410 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
411 * @ptp: parent task pointer
412 *
413 * Returns 0 if access is OK, an error code otherwise
414 *
5663884c 415 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 416 */
417static int smack_ptrace_traceme(struct task_struct *ptp)
418{
419 int rc;
2f823ff8 420 struct smack_known *skp;
5cd9c58f
DH		 421
422 rc = cap_ptrace_traceme(ptp);
423 if (rc != 0)
424 return rc;
e114e473 425
959e6c7f 426 skp = smk_of_task(current_security());
ecfcc53f 427
21c7eae2 428 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 429 return rc;
430}
431
432/**
433 * smack_syslog - Smack approval on syslog
434 * @type: message type
435 *
e114e473
CS		 436 * Returns 0 on success, error code otherwise.
437 */
12b3052c 438static int smack_syslog(int typefrom_file)
e114e473 439{
12b3052c 440 int rc = 0;
2f823ff8 441 struct smack_known *skp = smk_of_current();
e114e473 442
1880eff7 443 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 444 return 0;
445
24ea1b6e 446 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 447 rc = -EACCES;
448
449 return rc;
450}
451
452
453/*
454 * Superblock Hooks.
455 */
456
457/**
458 * smack_sb_alloc_security - allocate a superblock blob
459 * @sb: the superblock getting the blob
460 *
461 * Returns 0 on success or -ENOMEM on error.
462 */
463static int smack_sb_alloc_security(struct super_block *sb)
464{
465 struct superblock_smack *sbsp;
466
467 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
468
469 if (sbsp == NULL)
470 return -ENOMEM;
471
21c7eae2
LP		 472 sbsp->smk_root = &smack_known_floor;
473 sbsp->smk_default = &smack_known_floor;
474 sbsp->smk_floor = &smack_known_floor;
475 sbsp->smk_hat = &smack_known_hat;
e830b394
CS		 476 /*
477 * smk_initialized will be zero from kzalloc.
478 */
e114e473
CS		 479 sb->s_security = sbsp;
480
481 return 0;
482}
483
484/**
485 * smack_sb_free_security - free a superblock blob
486 * @sb: the superblock getting the blob
487 *
488 */
489static void smack_sb_free_security(struct super_block *sb)
490{
491 kfree(sb->s_security);
492 sb->s_security = NULL;
493}
494
495/**
496 * smack_sb_copy_data - copy mount options data for processing
e114e473 497 * @orig: where to start
251a2a95 498 * @smackopts: mount options string
e114e473
CS		 499 *
500 * Returns 0 on success or -ENOMEM on error.
501 *
502 * Copy the Smack specific mount options out of the mount
503 * options list.
504 */
e0007529 505static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 506{
507 char *cp, *commap, *otheropts, *dp;
508
e114e473
CS		 509 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
510 if (otheropts == NULL)
511 return -ENOMEM;
512
513 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
514 if (strstr(cp, SMK_FSDEFAULT) == cp)
515 dp = smackopts;
516 else if (strstr(cp, SMK_FSFLOOR) == cp)
517 dp = smackopts;
518 else if (strstr(cp, SMK_FSHAT) == cp)
519 dp = smackopts;
520 else if (strstr(cp, SMK_FSROOT) == cp)
521 dp = smackopts;
e830b394
CS		 522 else if (strstr(cp, SMK_FSTRANS) == cp)
523 dp = smackopts;
e114e473
CS		 524 else
525 dp = otheropts;
526
527 commap = strchr(cp, ',');
528 if (commap != NULL)
529 *commap = '\0';
530
531 if (*dp != '\0')
532 strcat(dp, ",");
533 strcat(dp, cp);
534 }
535
536 strcpy(orig, otheropts);
537 free_page((unsigned long)otheropts);
538
539 return 0;
540}
541
542/**
543 * smack_sb_kern_mount - Smack specific mount processing
544 * @sb: the file system superblock
12204e24 545 * @flags: the mount flags
e114e473
CS		 546 * @data: the smack mount options
547 *
548 * Returns 0 on success, an error code on failure
549 */
12204e24 550static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
e114e473
CS		 551{
552 struct dentry *root = sb->s_root;
553 struct inode *inode = root->d_inode;
554 struct superblock_smack *sp = sb->s_security;
555 struct inode_smack *isp;
24ea1b6e 556 struct smack_known *skp;
e114e473
CS		 557 char *op;
558 char *commap;
e830b394 559 int transmute = 0;
24ea1b6e 560 int specified = 0;
e114e473 561
e830b394 562 if (sp->smk_initialized)
e114e473 563 return 0;
eb982cb4 564
e114e473 565 sp->smk_initialized = 1;
e114e473
CS		 566
567 for (op = data; op != NULL; op = commap) {
568 commap = strchr(op, ',');
569 if (commap != NULL)
570 *commap++ = '\0';
571
572 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
573 op += strlen(SMK_FSHAT);
21c7eae2
LP		 574 skp = smk_import_entry(op, 0);
575 if (skp != NULL) {
576 sp->smk_hat = skp;
24ea1b6e
CS		 577 specified = 1;
578 }
e114e473
CS		 579 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
580 op += strlen(SMK_FSFLOOR);
21c7eae2
LP		 581 skp = smk_import_entry(op, 0);
582 if (skp != NULL) {
583 sp->smk_floor = skp;
24ea1b6e
CS		 584 specified = 1;
585 }
e114e473
CS		 586 } else if (strncmp(op, SMK_FSDEFAULT,
587 strlen(SMK_FSDEFAULT)) == 0) {
588 op += strlen(SMK_FSDEFAULT);
21c7eae2
LP		 589 skp = smk_import_entry(op, 0);
590 if (skp != NULL) {
591 sp->smk_default = skp;
24ea1b6e
CS		 592 specified = 1;
593 }
e114e473
CS		 594 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
595 op += strlen(SMK_FSROOT);
21c7eae2
LP		 596 skp = smk_import_entry(op, 0);
597 if (skp != NULL) {
598 sp->smk_root = skp;
24ea1b6e
CS		 599 specified = 1;
600 }
e830b394
CS		 601 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
602 op += strlen(SMK_FSTRANS);
21c7eae2
LP		 603 skp = smk_import_entry(op, 0);
604 if (skp != NULL) {
605 sp->smk_root = skp;
e830b394 606 transmute = 1;
24ea1b6e 607 specified = 1;
e830b394 608 }
e114e473
CS		 609 }
610 }
611
24ea1b6e
CS		 612 if (!smack_privileged(CAP_MAC_ADMIN)) {
613 /*
614 * Unprivileged mounts don't get to specify Smack values.
615 */
616 if (specified)
617 return -EPERM;
618 /*
619 * Unprivileged mounts get root and default from the caller.
620 */
621 skp = smk_of_current();
21c7eae2
LP		 622 sp->smk_root = skp;
623 sp->smk_default = skp;
24ea1b6e 624 }
e114e473
CS		 625 /*
626 * Initialize the root inode.
627 */
628 isp = inode->i_security;
55dfc5da
JB		 629 if (isp == NULL) {
630 isp = new_inode_smack(sp->smk_root);
631 if (isp == NULL)
632 return -ENOMEM;
633 inode->i_security = isp;
e830b394 634 } else
e114e473
CS		 635 isp->smk_inode = sp->smk_root;
636
e830b394
CS		 637 if (transmute)
638 isp->smk_flags |= SMK_INODE_TRANSMUTE;
639
e114e473
CS		 640 return 0;
641}
642
643/**
644 * smack_sb_statfs - Smack check on statfs
645 * @dentry: identifies the file system in question
646 *
647 * Returns 0 if current can read the floor of the filesystem,
648 * and error code otherwise
649 */
650static int smack_sb_statfs(struct dentry *dentry)
651{
652 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 653 int rc;
654 struct smk_audit_info ad;
655
a269434d 656 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 657 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 658
ecfcc53f 659 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 660 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 661 return rc;
e114e473
CS		 662}
663
676dac4b
CS		 664/*
665 * BPRM hooks
666 */
667
ce8a4321
CS		 668/**
669 * smack_bprm_set_creds - set creds for exec
670 * @bprm: the exec information
671 *
5663884c 672 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 673 */
676dac4b
CS		 674static int smack_bprm_set_creds(struct linux_binprm *bprm)
675{
496ad9aa 676 struct inode *inode = file_inode(bprm->file);
84088ba2 677 struct task_smack *bsp = bprm->cred->security;
676dac4b 678 struct inode_smack *isp;
676dac4b
CS		 679 int rc;
680
681 rc = cap_bprm_set_creds(bprm);
682 if (rc != 0)
683 return rc;
684
685 if (bprm->cred_prepared)
686 return 0;
687
84088ba2
JS		 688 isp = inode->i_security;
689 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 690 return 0;
691
5663884c
LP		 692 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
693 struct task_struct *tracer;
694 rc = 0;
695
696 rcu_read_lock();
697 tracer = ptrace_parent(current);
698 if (likely(tracer != NULL))
699 rc = smk_ptrace_rule_check(tracer,
21c7eae2 700 isp->smk_task,
5663884c
LP		 701 PTRACE_MODE_ATTACH,
702 __func__);
703 rcu_read_unlock();
704
705 if (rc != 0)
706 return rc;
707 } else if (bprm->unsafe)
84088ba2 708 return -EPERM;
676dac4b 709
84088ba2
JS		 710 bsp->smk_task = isp->smk_task;
711 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 712
84088ba2
JS		 713 return 0;
714}
676dac4b 715
84088ba2
JS		 716/**
717 * smack_bprm_committing_creds - Prepare to install the new credentials
718 * from bprm.
719 *
720 * @bprm: binprm for exec
721 */
722static void smack_bprm_committing_creds(struct linux_binprm *bprm)
723{
724 struct task_smack *bsp = bprm->cred->security;
676dac4b 725
84088ba2
JS		 726 if (bsp->smk_task != bsp->smk_forked)
727 current->pdeath_signal = 0;
728}
729
730/**
731 * smack_bprm_secureexec - Return the decision to use secureexec.
732 * @bprm: binprm for exec
733 *
734 * Returns 0 on success.
735 */
736static int smack_bprm_secureexec(struct linux_binprm *bprm)
737{
738 struct task_smack *tsp = current_security();
739 int ret = cap_bprm_secureexec(bprm);
740
741 if (!ret && (tsp->smk_task != tsp->smk_forked))
742 ret = 1;
743
744 return ret;
676dac4b
CS		 745}
746
e114e473
CS		 747/*
748 * Inode hooks
749 */
750
751/**
752 * smack_inode_alloc_security - allocate an inode blob
251a2a95 753 * @inode: the inode in need of a blob
e114e473
CS		 754 *
755 * Returns 0 if it gets a blob, -ENOMEM otherwise
756 */
757static int smack_inode_alloc_security(struct inode *inode)
758{
2f823ff8
CS		 759 struct smack_known *skp = smk_of_current();
760
21c7eae2 761 inode->i_security = new_inode_smack(skp);
e114e473
CS		 762 if (inode->i_security == NULL)
763 return -ENOMEM;
764 return 0;
765}
766
767/**
768 * smack_inode_free_security - free an inode blob
251a2a95 769 * @inode: the inode with a blob
e114e473
CS		 770 *
771 * Clears the blob pointer in inode
772 */
773static void smack_inode_free_security(struct inode *inode)
774{
1a5b472b 775 kmem_cache_free(smack_inode_cache, inode->i_security);
e114e473
CS		 776 inode->i_security = NULL;
777}
778
779/**
780 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 781 * @inode: the newly created inode
782 * @dir: containing directory object
2a7dba39 783 * @qstr: unused
e114e473
CS		 784 * @name: where to put the attribute name
785 * @value: where to put the attribute value
786 * @len: where to put the length of the attribute
787 *
788 * Returns 0 if it all works out, -ENOMEM if there's no memory
789 */
790static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 791 const struct qstr *qstr, const char **name,
2a7dba39 792 void **value, size_t *len)
e114e473 793{
2267b13a 794 struct inode_smack *issp = inode->i_security;
2f823ff8 795 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 796 struct smack_known *isp = smk_of_inode(inode);
797 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 798 int may;
e114e473 799
9548906b
TH		 800 if (name)
801 *name = XATTR_SMACK_SUFFIX;
e114e473 802
68390ccf 803 if (value && len) {
7898e1f8 804 rcu_read_lock();
21c7eae2
LP		 805 may = smk_access_entry(skp->smk_known, dsp->smk_known,
806 &skp->smk_rules);
7898e1f8 807 rcu_read_unlock();
5c6d1125
JS		 808
809 /*
810 * If the access rule allows transmutation and
811 * the directory requests transmutation then
812 * by all means transmute.
2267b13a 813 * Mark the inode as changed.
5c6d1125 814 */
7898e1f8 815 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 816 smk_inode_transmutable(dir)) {
5c6d1125 817 isp = dsp;
2267b13a
CS		 818 issp->smk_flags |= SMK_INODE_CHANGED;
819 }
5c6d1125 820
21c7eae2 821 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 822 if (*value == NULL)
823 return -ENOMEM;
e114e473 824
21c7eae2 825 *len = strlen(isp->smk_known);
68390ccf 826 }
e114e473
CS		 827
828 return 0;
829}
830
831/**
832 * smack_inode_link - Smack check on link
833 * @old_dentry: the existing object
834 * @dir: unused
835 * @new_dentry: the new object
836 *
837 * Returns 0 if access is permitted, an error code otherwise
838 */
839static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
840 struct dentry *new_dentry)
841{
21c7eae2 842 struct smack_known *isp;
ecfcc53f
EB		 843 struct smk_audit_info ad;
844 int rc;
845
a269434d 846 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 847 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 848
849 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 850 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 851 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
e114e473
CS		 852
853 if (rc == 0 && new_dentry->d_inode != NULL) {
854 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 855 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
856 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 857 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
e114e473
CS		 858 }
859
860 return rc;
861}
862
863/**
864 * smack_inode_unlink - Smack check on inode deletion
865 * @dir: containing directory object
866 * @dentry: file to unlink
867 *
868 * Returns 0 if current can write the containing directory
869 * and the object, error code otherwise
870 */
871static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
872{
873 struct inode *ip = dentry->d_inode;
ecfcc53f 874 struct smk_audit_info ad;
e114e473
CS		 875 int rc;
876
a269434d 877 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 878 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
879
e114e473
CS		 880 /*
881 * You need write access to the thing you're unlinking
882 */
ecfcc53f 883 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 884 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 885 if (rc == 0) {
e114e473
CS		 886 /*
887 * You also need write access to the containing directory
888 */
cdb56b60 889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 890 smk_ad_setfield_u_fs_inode(&ad, dir);
891 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 892 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 893 }
e114e473
CS		 894 return rc;
895}
896
897/**
898 * smack_inode_rmdir - Smack check on directory deletion
899 * @dir: containing directory object
900 * @dentry: directory to unlink
901 *
902 * Returns 0 if current can write the containing directory
903 * and the directory, error code otherwise
904 */
905static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
906{
ecfcc53f 907 struct smk_audit_info ad;
e114e473
CS		 908 int rc;
909
a269434d 910 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 911 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
912
e114e473
CS		 913 /*
914 * You need write access to the thing you're removing
915 */
ecfcc53f 916 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 917 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
ecfcc53f 918 if (rc == 0) {
e114e473
CS		 919 /*
920 * You also need write access to the containing directory
921 */
cdb56b60 922 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 923 smk_ad_setfield_u_fs_inode(&ad, dir);
924 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 925 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 926 }
e114e473
CS		 927
928 return rc;
929}
930
931/**
932 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 933 * @old_inode: unused
934 * @old_dentry: the old object
935 * @new_inode: unused
936 * @new_dentry: the new object
e114e473
CS		 937 *
938 * Read and write access is required on both the old and
939 * new directories.
940 *
941 * Returns 0 if access is permitted, an error code otherwise
942 */
943static int smack_inode_rename(struct inode *old_inode,
944 struct dentry *old_dentry,
945 struct inode *new_inode,
946 struct dentry *new_dentry)
947{
948 int rc;
21c7eae2 949 struct smack_known *isp;
ecfcc53f
EB		 950 struct smk_audit_info ad;
951
a269434d 952 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 953 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 954
955 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 956 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 957 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
e114e473
CS		 958
959 if (rc == 0 && new_dentry->d_inode != NULL) {
960 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 961 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
962 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 963 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
e114e473 964 }
e114e473
CS		 965 return rc;
966}
967
968/**
969 * smack_inode_permission - Smack version of permission()
970 * @inode: the inode in question
971 * @mask: the access requested
e114e473
CS		 972 *
973 * This is the important Smack hook.
974 *
975 * Returns 0 if access is permitted, -EACCES otherwise
976 */
e74f71eb 977static int smack_inode_permission(struct inode *inode, int mask)
e114e473 978{
ecfcc53f 979 struct smk_audit_info ad;
e74f71eb 980 int no_block = mask & MAY_NOT_BLOCK;
d166c802 981 int rc;
d09ca739
EP		 982
983 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 984 /*
985 * No permission to check. Existence test. Yup, it's there.
986 */
987 if (mask == 0)
988 return 0;
8c9e80ed
AK		 989
990 /* May be droppable after audit */
e74f71eb 991 if (no_block)
8c9e80ed 992 return -ECHILD;
f48b7399 993 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 994 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 995 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
996 rc = smk_bu_inode(inode, mask, rc);
997 return rc;
e114e473
CS		 998}
999
1000/**
1001 * smack_inode_setattr - Smack check for setting attributes
1002 * @dentry: the object
1003 * @iattr: for the force flag
1004 *
1005 * Returns 0 if access is permitted, an error code otherwise
1006 */
1007static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1008{
ecfcc53f 1009 struct smk_audit_info ad;
d166c802
CS		 1010 int rc;
1011
e114e473
CS		 1012 /*
1013 * Need to allow for clearing the setuid bit.
1014 */
1015 if (iattr->ia_valid & ATTR_FORCE)
1016 return 0;
a269434d 1017 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1018 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1019
d166c802
CS		 1020 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1021 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1022 return rc;
e114e473
CS		 1023}
1024
1025/**
1026 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1027 * @mnt: vfsmount of the object
e114e473
CS		 1028 * @dentry: the object
1029 *
1030 * Returns 0 if access is permitted, an error code otherwise
1031 */
1032static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1033{
ecfcc53f 1034 struct smk_audit_info ad;
a269434d 1035 struct path path;
d166c802 1036 int rc;
ecfcc53f 1037
a269434d
EP		 1038 path.dentry = dentry;
1039 path.mnt = mnt;
ecfcc53f 1040
f48b7399 1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
a269434d 1042 smk_ad_setfield_u_fs_path(&ad, path);
d166c802
CS		 1043 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1044 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1045 return rc;
e114e473
CS		 1046}
1047
1048/**
1049 * smack_inode_setxattr - Smack check for setting xattrs
1050 * @dentry: the object
1051 * @name: name of the attribute
e95ef49b
LP		 1052 * @value: value of the attribute
1053 * @size: size of the value
e114e473
CS		 1054 * @flags: unused
1055 *
1056 * This protects the Smack attribute explicitly.
1057 *
1058 * Returns 0 if access is permitted, an error code otherwise
1059 */
8f0cfa52
DH		 1060static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1061 const void *value, size_t size, int flags)
e114e473 1062{
ecfcc53f 1063 struct smk_audit_info ad;
19760ad0
CS		 1064 struct smack_known *skp;
1065 int check_priv = 0;
1066 int check_import = 0;
1067 int check_star = 0;
bcdca225 1068 int rc = 0;
e114e473 1069
19760ad0
CS		 1070 /*
1071 * Check label validity here so import won't fail in post_setxattr
1072 */
bcdca225
CS		 1073 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1074 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1075 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1076 check_priv = 1;
1077 check_import = 1;
1078 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1079 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1080 check_priv = 1;
1081 check_import = 1;
1082 check_star = 1;
5c6d1125 1083 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1084 check_priv = 1;
5c6d1125
JS		 1085 if (size != TRANS_TRUE_SIZE ||
1086 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1087 rc = -EINVAL;
bcdca225
CS		 1088 } else
1089 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1090
19760ad0
CS		 1091 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1092 rc = -EPERM;
1093
1094 if (rc == 0 && check_import) {
b862e561 1095 skp = size ? smk_import_entry(value, size) : NULL;
19760ad0
CS		 1096 if (skp == NULL || (check_star &&
1097 (skp == &smack_known_star || skp == &smack_known_web)))
1098 rc = -EINVAL;
1099 }
1100
a269434d 1101 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1102 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1103
d166c802 1104 if (rc == 0) {
ecfcc53f 1105 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802
CS		 1106 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1107 }
bcdca225
CS		 1108
1109 return rc;
e114e473
CS		 1110}
1111
1112/**
1113 * smack_inode_post_setxattr - Apply the Smack update approved above
1114 * @dentry: object
1115 * @name: attribute name
1116 * @value: attribute value
1117 * @size: attribute size
1118 * @flags: unused
1119 *
1120 * Set the pointer in the inode blob to the entry found
1121 * in the master label list.
1122 */
8f0cfa52
DH		 1123static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1124 const void *value, size_t size, int flags)
e114e473 1125{
2f823ff8 1126 struct smack_known *skp;
5c6d1125 1127 struct inode_smack *isp = dentry->d_inode->i_security;
676dac4b 1128
2f823ff8
CS		 1129 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1130 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1131 return;
1132 }
1133
676dac4b 1134 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1135 skp = smk_import_entry(value, size);
2f823ff8 1136 if (skp != NULL)
21c7eae2 1137 isp->smk_inode = skp;
676dac4b 1138 else
21c7eae2 1139 isp->smk_inode = &smack_known_invalid;
5c6d1125 1140 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1141 skp = smk_import_entry(value, size);
2f823ff8
CS		 1142 if (skp != NULL)
1143 isp->smk_task = skp;
676dac4b 1144 else
2f823ff8 1145 isp->smk_task = &smack_known_invalid;
7898e1f8 1146 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1147 skp = smk_import_entry(value, size);
2f823ff8
CS		 1148 if (skp != NULL)
1149 isp->smk_mmap = skp;
7898e1f8 1150 else
2f823ff8
CS		 1151 isp->smk_mmap = &smack_known_invalid;
1152 }
e114e473
CS		 1153
1154 return;
1155}
1156
ce8a4321 1157/**
e114e473
CS		 1158 * smack_inode_getxattr - Smack check on getxattr
1159 * @dentry: the object
1160 * @name: unused
1161 *
1162 * Returns 0 if access is permitted, an error code otherwise
1163 */
8f0cfa52 1164static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1165{
ecfcc53f 1166 struct smk_audit_info ad;
d166c802 1167 int rc;
ecfcc53f 1168
a269434d 1169 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1170 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1171
d166c802
CS		 1172 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1173 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1174 return rc;
e114e473
CS		 1175}
1176
ce8a4321 1177/**
e114e473
CS		 1178 * smack_inode_removexattr - Smack check on removexattr
1179 * @dentry: the object
1180 * @name: name of the attribute
1181 *
1182 * Removing the Smack attribute requires CAP_MAC_ADMIN
1183 *
1184 * Returns 0 if access is permitted, an error code otherwise
1185 */
8f0cfa52 1186static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1187{
676dac4b 1188 struct inode_smack *isp;
ecfcc53f 1189 struct smk_audit_info ad;
bcdca225 1190 int rc = 0;
e114e473 1191
bcdca225
CS		 1192 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1193 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1194 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1195 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1196 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1197 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1198 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1199 rc = -EPERM;
1200 } else
1201 rc = cap_inode_removexattr(dentry, name);
1202
f59bdfba
CS		 1203 if (rc != 0)
1204 return rc;
1205
a269434d 1206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1207 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1208
f59bdfba 1209 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 1210 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
f59bdfba
CS		 1211 if (rc != 0)
1212 return rc;
1213
1214 isp = dentry->d_inode->i_security;
1215 /*
1216 * Don't do anything special for these.
1217 * XATTR_NAME_SMACKIPIN
1218 * XATTR_NAME_SMACKIPOUT
1219 * XATTR_NAME_SMACKEXEC
1220 */
1221 if (strcmp(name, XATTR_NAME_SMACK) == 0)
676dac4b 1222 isp->smk_task = NULL;
f59bdfba 1223 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1224 isp->smk_mmap = NULL;
f59bdfba
CS		 1225 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1226 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1227
f59bdfba 1228 return 0;
e114e473
CS		 1229}
1230
1231/**
1232 * smack_inode_getsecurity - get smack xattrs
1233 * @inode: the object
1234 * @name: attribute name
1235 * @buffer: where to put the result
251a2a95 1236 * @alloc: unused
e114e473
CS		 1237 *
1238 * Returns the size of the attribute or an error code
1239 */
1240static int smack_inode_getsecurity(const struct inode *inode,
1241 const char *name, void **buffer,
1242 bool alloc)
1243{
1244 struct socket_smack *ssp;
1245 struct socket *sock;
1246 struct super_block *sbp;
1247 struct inode *ip = (struct inode *)inode;
21c7eae2 1248 struct smack_known *isp;
e114e473
CS		 1249 int ilen;
1250 int rc = 0;
1251
1252 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1253 isp = smk_of_inode(inode);
21c7eae2
LP		 1254 ilen = strlen(isp->smk_known);
1255 *buffer = isp->smk_known;
e114e473
CS		 1256 return ilen;
1257 }
1258
1259 /*
1260 * The rest of the Smack xattrs are only on sockets.
1261 */
1262 sbp = ip->i_sb;
1263 if (sbp->s_magic != SOCKFS_MAGIC)
1264 return -EOPNOTSUPP;
1265
1266 sock = SOCKET_I(ip);
2e1d146a 1267 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 1268 return -EOPNOTSUPP;
1269
1270 ssp = sock->sk->sk_security;
1271
1272 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
21c7eae2 1273 isp = ssp->smk_in;
e114e473 1274 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
21c7eae2 1275 isp = ssp->smk_out;
e114e473
CS		 1276 else
1277 return -EOPNOTSUPP;
1278
21c7eae2 1279 ilen = strlen(isp->smk_known);
e114e473 1280 if (rc == 0) {
21c7eae2 1281 *buffer = isp->smk_known;
e114e473
CS		 1282 rc = ilen;
1283 }
1284
1285 return rc;
1286}
1287
1288
1289/**
1290 * smack_inode_listsecurity - list the Smack attributes
1291 * @inode: the object
1292 * @buffer: where they go
1293 * @buffer_size: size of buffer
1294 *
1295 * Returns 0 on success, -EINVAL otherwise
1296 */
1297static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1298 size_t buffer_size)
1299{
fd5c9d23 1300 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1301
fd5c9d23 1302 if (buffer != NULL && len <= buffer_size)
e114e473 1303 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1304
1305 return len;
e114e473
CS		 1306}
1307
d20bdda6
AD		 1308/**
1309 * smack_inode_getsecid - Extract inode's security id
1310 * @inode: inode to extract the info from
1311 * @secid: where result will be saved
1312 */
1313static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1314{
1315 struct inode_smack *isp = inode->i_security;
1316
21c7eae2 1317 *secid = isp->smk_inode->smk_secid;
d20bdda6
AD		 1318}
1319
e114e473
CS		 1320/*
1321 * File Hooks
1322 */
1323
1324/**
1325 * smack_file_permission - Smack check on file operations
1326 * @file: unused
1327 * @mask: unused
1328 *
1329 * Returns 0
1330 *
1331 * Should access checks be done on each read or write?
1332 * UNICOS and SELinux say yes.
1333 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1334 *
1335 * I'll say no for now. Smack does not do the frequent
1336 * label changing that SELinux does.
1337 */
1338static int smack_file_permission(struct file *file, int mask)
1339{
1340 return 0;
1341}
1342
1343/**
1344 * smack_file_alloc_security - assign a file security blob
1345 * @file: the object
1346 *
1347 * The security blob for a file is a pointer to the master
1348 * label list, so no allocation is done.
1349 *
5e7270a6
CS		 1350 * f_security is the owner security information. It
1351 * isn't used on file access checks, it's for send_sigio.
1352 *
e114e473
CS		 1353 * Returns 0
1354 */
1355static int smack_file_alloc_security(struct file *file)
1356{
2f823ff8
CS		 1357 struct smack_known *skp = smk_of_current();
1358
21c7eae2 1359 file->f_security = skp;
e114e473
CS		 1360 return 0;
1361}
1362
1363/**
1364 * smack_file_free_security - clear a file security blob
1365 * @file: the object
1366 *
1367 * The security blob for a file is a pointer to the master
1368 * label list, so no memory is freed.
1369 */
1370static void smack_file_free_security(struct file *file)
1371{
1372 file->f_security = NULL;
1373}
1374
1375/**
1376 * smack_file_ioctl - Smack check on ioctls
1377 * @file: the object
1378 * @cmd: what to do
1379 * @arg: unused
1380 *
1381 * Relies heavily on the correct use of the ioctl command conventions.
1382 *
1383 * Returns 0 if allowed, error code otherwise
1384 */
1385static int smack_file_ioctl(struct file *file, unsigned int cmd,
1386 unsigned long arg)
1387{
1388 int rc = 0;
ecfcc53f 1389 struct smk_audit_info ad;
5e7270a6 1390 struct inode *inode = file_inode(file);
ecfcc53f 1391
f48b7399 1392 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1393 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1394
d166c802 1395 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1396 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1397 rc = smk_bu_file(file, MAY_WRITE, rc);
1398 }
e114e473 1399
d166c802 1400 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1401 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1402 rc = smk_bu_file(file, MAY_READ, rc);
1403 }
e114e473
CS		 1404
1405 return rc;
1406}
1407
1408/**
1409 * smack_file_lock - Smack check on file locking
1410 * @file: the object
251a2a95 1411 * @cmd: unused
e114e473 1412 *
c0ab6e56 1413 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1414 */
1415static int smack_file_lock(struct file *file, unsigned int cmd)
1416{
ecfcc53f 1417 struct smk_audit_info ad;
d166c802 1418 int rc;
5e7270a6 1419 struct inode *inode = file_inode(file);
ecfcc53f 1420
92f42509
EP		 1421 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1422 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1423 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1424 rc = smk_bu_file(file, MAY_LOCK, rc);
1425 return rc;
e114e473
CS		 1426}
1427
1428/**
1429 * smack_file_fcntl - Smack check on fcntl
1430 * @file: the object
1431 * @cmd: what action to check
1432 * @arg: unused
1433 *
531f1d45
CS		 1434 * Generally these operations are harmless.
1435 * File locking operations present an obvious mechanism
1436 * for passing information, so they require write access.
1437 *
e114e473
CS		 1438 * Returns 0 if current has access, error code otherwise
1439 */
1440static int smack_file_fcntl(struct file *file, unsigned int cmd,
1441 unsigned long arg)
1442{
ecfcc53f 1443 struct smk_audit_info ad;
531f1d45 1444 int rc = 0;
5e7270a6 1445 struct inode *inode = file_inode(file);
ecfcc53f 1446
e114e473 1447 switch (cmd) {
e114e473 1448 case F_GETLK:
c0ab6e56 1449 break;
e114e473
CS		 1450 case F_SETLK:
1451 case F_SETLKW:
c0ab6e56
CS		 1452 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1453 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1454 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1455 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1456 break;
e114e473
CS		 1457 case F_SETOWN:
1458 case F_SETSIG:
531f1d45
CS		 1459 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1460 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1461 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1462 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1463 break;
1464 default:
531f1d45 1465 break;
e114e473
CS		 1466 }
1467
1468 return rc;
1469}
1470
7898e1f8 1471/**
e5467859 1472 * smack_mmap_file :
7898e1f8
CS		 1473 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1474 * if mapping anonymous memory.
1475 * @file contains the file structure for file to map (may be NULL).
1476 * @reqprot contains the protection requested by the application.
1477 * @prot contains the protection that will be applied by the kernel.
1478 * @flags contains the operational flags.
1479 * Return 0 if permission is granted.
1480 */
e5467859 1481static int smack_mmap_file(struct file *file,
7898e1f8 1482 unsigned long reqprot, unsigned long prot,
e5467859 1483 unsigned long flags)
7898e1f8 1484{
272cd7a8 1485 struct smack_known *skp;
2f823ff8 1486 struct smack_known *mkp;
7898e1f8
CS		 1487 struct smack_rule *srp;
1488 struct task_smack *tsp;
21c7eae2 1489 struct smack_known *okp;
7898e1f8 1490 struct inode_smack *isp;
0e0a070d
CS		 1491 int may;
1492 int mmay;
1493 int tmay;
7898e1f8
CS		 1494 int rc;
1495
496ad9aa 1496 if (file == NULL)
7898e1f8
CS		 1497 return 0;
1498
496ad9aa 1499 isp = file_inode(file)->i_security;
7898e1f8
CS		 1500 if (isp->smk_mmap == NULL)
1501 return 0;
2f823ff8 1502 mkp = isp->smk_mmap;
7898e1f8
CS		 1503
1504 tsp = current_security();
2f823ff8 1505 skp = smk_of_current();
7898e1f8
CS		 1506 rc = 0;
1507
1508 rcu_read_lock();
1509 /*
1510 * For each Smack rule associated with the subject
1511 * label verify that the SMACK64MMAP also has access
1512 * to that rule's object label.
7898e1f8 1513 */
272cd7a8 1514 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1515 okp = srp->smk_object;
7898e1f8
CS		 1516 /*
1517 * Matching labels always allows access.
1518 */
21c7eae2 1519 if (mkp->smk_known == okp->smk_known)
7898e1f8 1520 continue;
0e0a070d
CS		 1521 /*
1522 * If there is a matching local rule take
1523 * that into account as well.
1524 */
21c7eae2
LP		 1525 may = smk_access_entry(srp->smk_subject->smk_known,
1526 okp->smk_known,
1527 &tsp->smk_rules);
0e0a070d
CS		 1528 if (may == -ENOENT)
1529 may = srp->smk_access;
1530 else
1531 may &= srp->smk_access;
1532 /*
1533 * If may is zero the SMACK64MMAP subject can't
1534 * possibly have less access.
1535 */
1536 if (may == 0)
1537 continue;
1538
1539 /*
1540 * Fetch the global list entry.
1541 * If there isn't one a SMACK64MMAP subject
1542 * can't have as much access as current.
1543 */
21c7eae2
LP		 1544 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1545 &mkp->smk_rules);
0e0a070d
CS		 1546 if (mmay == -ENOENT) {
1547 rc = -EACCES;
1548 break;
1549 }
1550 /*
1551 * If there is a local entry it modifies the
1552 * potential access, too.
1553 */
21c7eae2
LP		 1554 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1555 &tsp->smk_rules);
0e0a070d
CS		 1556 if (tmay != -ENOENT)
1557 mmay &= tmay;
7898e1f8 1558
0e0a070d
CS		 1559 /*
1560 * If there is any access available to current that is
1561 * not available to a SMACK64MMAP subject
1562 * deny access.
1563 */
75a25637 1564 if ((may | mmay) != mmay) {
0e0a070d 1565 rc = -EACCES;
7898e1f8 1566 break;
0e0a070d 1567 }
7898e1f8
CS		 1568 }
1569
1570 rcu_read_unlock();
1571
1572 return rc;
1573}
1574
e114e473
CS		 1575/**
1576 * smack_file_set_fowner - set the file security blob value
1577 * @file: object in question
1578 *
e114e473 1579 */
e0b93edd 1580static void smack_file_set_fowner(struct file *file)
e114e473 1581{
5e7270a6 1582 file->f_security = smk_of_current();
e114e473
CS		 1583}
1584
1585/**
1586 * smack_file_send_sigiotask - Smack on sigio
1587 * @tsk: The target task
1588 * @fown: the object the signal come from
1589 * @signum: unused
1590 *
1591 * Allow a privileged task to get signals even if it shouldn't
1592 *
1593 * Returns 0 if a subject with the object's smack could
1594 * write to the task, an error code otherwise.
1595 */
1596static int smack_file_send_sigiotask(struct task_struct *tsk,
1597 struct fown_struct *fown, int signum)
1598{
2f823ff8
CS		 1599 struct smack_known *skp;
1600 struct smack_known *tkp = smk_of_task(tsk->cred->security);
e114e473
CS		 1601 struct file *file;
1602 int rc;
ecfcc53f 1603 struct smk_audit_info ad;
e114e473
CS		 1604
1605 /*
1606 * struct fown_struct is never outside the context of a struct file
1607 */
1608 file = container_of(fown, struct file, f_owner);
7898e1f8 1609
ecfcc53f 1610 /* we don't log here as rc can be overriden */
21c7eae2
LP		 1611 skp = file->f_security;
1612 rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1613 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
5cd9c58f 1614 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1615 rc = 0;
1616
1617 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1618 smk_ad_setfield_u_tsk(&ad, tsk);
21c7eae2 1619 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
e114e473
CS		 1620 return rc;
1621}
1622
1623/**
1624 * smack_file_receive - Smack file receive check
1625 * @file: the object
1626 *
1627 * Returns 0 if current has access, error code otherwise
1628 */
1629static int smack_file_receive(struct file *file)
1630{
d166c802 1631 int rc;
e114e473 1632 int may = 0;
ecfcc53f 1633 struct smk_audit_info ad;
5e7270a6 1634 struct inode *inode = file_inode(file);
e114e473 1635
4482a44f 1636 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1637 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473
CS		 1638 /*
1639 * This code relies on bitmasks.
1640 */
1641 if (file->f_mode & FMODE_READ)
1642 may = MAY_READ;
1643 if (file->f_mode & FMODE_WRITE)
1644 may |= MAY_WRITE;
1645
5e7270a6 1646 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1647 rc = smk_bu_file(file, may, rc);
1648 return rc;
e114e473
CS		 1649}
1650
531f1d45 1651/**
83d49856 1652 * smack_file_open - Smack dentry open processing
531f1d45 1653 * @file: the object
a6834c0b 1654 * @cred: task credential
531f1d45
CS		 1655 *
1656 * Set the security blob in the file structure.
a6834c0b
CS		 1657 * Allow the open only if the task has read access. There are
1658 * many read operations (e.g. fstat) that you can do with an
1659 * fd even if you have the file open write-only.
531f1d45
CS		 1660 *
1661 * Returns 0
1662 */
83d49856 1663static int smack_file_open(struct file *file, const struct cred *cred)
531f1d45 1664{
a6834c0b 1665 struct task_smack *tsp = cred->security;
5e7270a6 1666 struct inode *inode = file_inode(file);
a6834c0b
CS		 1667 struct smk_audit_info ad;
1668 int rc;
531f1d45 1669
5e7270a6 1670 if (smack_privileged(CAP_MAC_OVERRIDE))
a6834c0b 1671 return 0;
531f1d45 1672
a6834c0b
CS		 1673 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1674 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1675 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
d166c802 1676 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
a6834c0b
CS		 1677
1678 return rc;
531f1d45
CS		 1679}
1680
e114e473
CS		 1681/*
1682 * Task hooks
1683 */
1684
ee18d64c
DH		 1685/**
1686 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1687 * @new: the new credentials
1688 * @gfp: the atomicity of any memory allocations
1689 *
1690 * Prepare a blank set of credentials for modification. This must allocate all
1691 * the memory the LSM module might require such that cred_transfer() can
1692 * complete without error.
1693 */
1694static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1695{
7898e1f8
CS		 1696 struct task_smack *tsp;
1697
1698 tsp = new_task_smack(NULL, NULL, gfp);
1699 if (tsp == NULL)
676dac4b 1700 return -ENOMEM;
7898e1f8
CS		 1701
1702 cred->security = tsp;
1703
ee18d64c
DH		 1704 return 0;
1705}
1706
1707
e114e473 1708/**
f1752eec
DH		 1709 * smack_cred_free - "free" task-level security credentials
1710 * @cred: the credentials in question
e114e473 1711 *
e114e473 1712 */
f1752eec 1713static void smack_cred_free(struct cred *cred)
e114e473 1714{
7898e1f8
CS		 1715 struct task_smack *tsp = cred->security;
1716 struct smack_rule *rp;
1717 struct list_head *l;
1718 struct list_head *n;
1719
1720 if (tsp == NULL)
1721 return;
1722 cred->security = NULL;
1723
1724 list_for_each_safe(l, n, &tsp->smk_rules) {
1725 rp = list_entry(l, struct smack_rule, list);
1726 list_del(&rp->list);
1727 kfree(rp);
1728 }
1729 kfree(tsp);
e114e473
CS		 1730}
1731
d84f4f99
DH		 1732/**
1733 * smack_cred_prepare - prepare new set of credentials for modification
1734 * @new: the new credentials
1735 * @old: the original credentials
1736 * @gfp: the atomicity of any memory allocations
1737 *
1738 * Prepare a new set of credentials for modification.
1739 */
1740static int smack_cred_prepare(struct cred *new, const struct cred *old,
1741 gfp_t gfp)
1742{
676dac4b
CS		 1743 struct task_smack *old_tsp = old->security;
1744 struct task_smack *new_tsp;
7898e1f8 1745 int rc;
676dac4b 1746
7898e1f8 1747 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1748 if (new_tsp == NULL)
1749 return -ENOMEM;
1750
7898e1f8
CS		 1751 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1752 if (rc != 0)
1753 return rc;
1754
676dac4b 1755 new->security = new_tsp;
d84f4f99
DH		 1756 return 0;
1757}
1758
ee18d64c
DH		 1759/**
1760 * smack_cred_transfer - Transfer the old credentials to the new credentials
1761 * @new: the new credentials
1762 * @old: the original credentials
1763 *
1764 * Fill in a set of blank credentials from another set of credentials.
1765 */
1766static void smack_cred_transfer(struct cred *new, const struct cred *old)
1767{
676dac4b
CS		 1768 struct task_smack *old_tsp = old->security;
1769 struct task_smack *new_tsp = new->security;
1770
1771 new_tsp->smk_task = old_tsp->smk_task;
1772 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1773 mutex_init(&new_tsp->smk_rules_lock);
1774 INIT_LIST_HEAD(&new_tsp->smk_rules);
1775
1776
1777 /* cbs copy rule list */
ee18d64c
DH		 1778}
1779
3a3b7ce9
DH		 1780/**
1781 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 1782 * @new: points to the set of credentials to be modified.
1783 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 1784 *
1785 * Set the security data for a kernel service.
1786 */
1787static int smack_kernel_act_as(struct cred *new, u32 secid)
1788{
676dac4b 1789 struct task_smack *new_tsp = new->security;
2f823ff8 1790 struct smack_known *skp = smack_from_secid(secid);
3a3b7ce9 1791
2f823ff8 1792 if (skp == NULL)
3a3b7ce9
DH		 1793 return -EINVAL;
1794
2f823ff8 1795 new_tsp->smk_task = skp;
3a3b7ce9
DH		 1796 return 0;
1797}
1798
1799/**
1800 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 1801 * @new: points to the set of credentials to be modified
1802 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 1803 *
1804 * Set the file creation context in a set of credentials to the same
1805 * as the objective context of the specified inode
1806 */
1807static int smack_kernel_create_files_as(struct cred *new,
1808 struct inode *inode)
1809{
1810 struct inode_smack *isp = inode->i_security;
676dac4b 1811 struct task_smack *tsp = new->security;
3a3b7ce9 1812
21c7eae2 1813 tsp->smk_forked = isp->smk_inode;
2f823ff8 1814 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 1815 return 0;
1816}
1817
ecfcc53f
EB		 1818/**
1819 * smk_curacc_on_task - helper to log task related access
1820 * @p: the task object
531f1d45
CS		 1821 * @access: the access requested
1822 * @caller: name of the calling function for audit
ecfcc53f
EB		 1823 *
1824 * Return 0 if access is permitted
1825 */
531f1d45
CS		 1826static int smk_curacc_on_task(struct task_struct *p, int access,
1827 const char *caller)
ecfcc53f
EB		 1828{
1829 struct smk_audit_info ad;
2f823ff8 1830 struct smack_known *skp = smk_of_task(task_security(p));
d166c802 1831 int rc;
ecfcc53f 1832
531f1d45 1833 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 1834 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 1835 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 1836 rc = smk_bu_task(p, access, rc);
1837 return rc;
ecfcc53f
EB		 1838}
1839
e114e473
CS		 1840/**
1841 * smack_task_setpgid - Smack check on setting pgid
1842 * @p: the task object
1843 * @pgid: unused
1844 *
1845 * Return 0 if write access is permitted
1846 */
1847static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1848{
531f1d45 1849 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1850}
1851
1852/**
1853 * smack_task_getpgid - Smack access check for getpgid
1854 * @p: the object task
1855 *
1856 * Returns 0 if current can read the object task, error code otherwise
1857 */
1858static int smack_task_getpgid(struct task_struct *p)
1859{
531f1d45 1860 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1861}
1862
1863/**
1864 * smack_task_getsid - Smack access check for getsid
1865 * @p: the object task
1866 *
1867 * Returns 0 if current can read the object task, error code otherwise
1868 */
1869static int smack_task_getsid(struct task_struct *p)
1870{
531f1d45 1871 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1872}
1873
1874/**
1875 * smack_task_getsecid - get the secid of the task
1876 * @p: the object task
1877 * @secid: where to put the result
1878 *
1879 * Sets the secid to contain a u32 version of the smack label.
1880 */
1881static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1882{
2f823ff8
CS		 1883 struct smack_known *skp = smk_of_task(task_security(p));
1884
1885 *secid = skp->smk_secid;
e114e473
CS		 1886}
1887
1888/**
1889 * smack_task_setnice - Smack check on setting nice
1890 * @p: the task object
1891 * @nice: unused
1892 *
1893 * Return 0 if write access is permitted
1894 */
1895static int smack_task_setnice(struct task_struct *p, int nice)
1896{
bcdca225
CS		 1897 int rc;
1898
1899 rc = cap_task_setnice(p, nice);
1900 if (rc == 0)
531f1d45 1901 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1902 return rc;
e114e473
CS		 1903}
1904
1905/**
1906 * smack_task_setioprio - Smack check on setting ioprio
1907 * @p: the task object
1908 * @ioprio: unused
1909 *
1910 * Return 0 if write access is permitted
1911 */
1912static int smack_task_setioprio(struct task_struct *p, int ioprio)
1913{
bcdca225
CS		 1914 int rc;
1915
1916 rc = cap_task_setioprio(p, ioprio);
1917 if (rc == 0)
531f1d45 1918 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1919 return rc;
e114e473
CS		 1920}
1921
1922/**
1923 * smack_task_getioprio - Smack check on reading ioprio
1924 * @p: the task object
1925 *
1926 * Return 0 if read access is permitted
1927 */
1928static int smack_task_getioprio(struct task_struct *p)
1929{
531f1d45 1930 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1931}
1932
1933/**
1934 * smack_task_setscheduler - Smack check on setting scheduler
1935 * @p: the task object
1936 * @policy: unused
1937 * @lp: unused
1938 *
1939 * Return 0 if read access is permitted
1940 */
b0ae1981 1941static int smack_task_setscheduler(struct task_struct *p)
e114e473 1942{
bcdca225
CS		 1943 int rc;
1944
b0ae1981 1945 rc = cap_task_setscheduler(p);
bcdca225 1946 if (rc == 0)
531f1d45 1947 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1948 return rc;
e114e473
CS		 1949}
1950
1951/**
1952 * smack_task_getscheduler - Smack check on reading scheduler
1953 * @p: the task object
1954 *
1955 * Return 0 if read access is permitted
1956 */
1957static int smack_task_getscheduler(struct task_struct *p)
1958{
531f1d45 1959 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1960}
1961
1962/**
1963 * smack_task_movememory - Smack check on moving memory
1964 * @p: the task object
1965 *
1966 * Return 0 if write access is permitted
1967 */
1968static int smack_task_movememory(struct task_struct *p)
1969{
531f1d45 1970 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1971}
1972
1973/**
1974 * smack_task_kill - Smack check on signal delivery
1975 * @p: the task object
1976 * @info: unused
1977 * @sig: unused
1978 * @secid: identifies the smack to use in lieu of current's
1979 *
1980 * Return 0 if write access is permitted
1981 *
1982 * The secid behavior is an artifact of an SELinux hack
1983 * in the USB code. Someday it may go away.
1984 */
1985static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1986 int sig, u32 secid)
1987{
ecfcc53f 1988 struct smk_audit_info ad;
2f823ff8
CS		 1989 struct smack_known *skp;
1990 struct smack_known *tkp = smk_of_task(task_security(p));
d166c802 1991 int rc;
ecfcc53f
EB		 1992
1993 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1994 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 1995 /*
1996 * Sending a signal requires that the sender
1997 * can write the receiver.
1998 */
d166c802 1999 if (secid == 0) {
21c7eae2 2000 rc = smk_curacc(tkp, MAY_WRITE, &ad);
d166c802
CS		 2001 rc = smk_bu_task(p, MAY_WRITE, rc);
2002 return rc;
2003 }
e114e473
CS		 2004 /*
2005 * If the secid isn't 0 we're dealing with some USB IO
2006 * specific behavior. This is not clean. For one thing
2007 * we can't take privilege into account.
2008 */
2f823ff8 2009 skp = smack_from_secid(secid);
21c7eae2
LP		 2010 rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2011 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
d166c802 2012 return rc;
e114e473
CS		 2013}
2014
2015/**
2016 * smack_task_wait - Smack access check for waiting
2017 * @p: task to wait for
2018 *
c00bedb3 2019 * Returns 0
e114e473
CS		 2020 */
2021static int smack_task_wait(struct task_struct *p)
2022{
e114e473 2023 /*
c00bedb3
CS		 2024 * Allow the operation to succeed.
2025 * Zombies are bad.
2026 * In userless environments (e.g. phones) programs
2027 * get marked with SMACK64EXEC and even if the parent
2028 * and child shouldn't be talking the parent still
2029 * may expect to know when the child exits.
e114e473 2030 */
c00bedb3 2031 return 0;
e114e473
CS		 2032}
2033
2034/**
2035 * smack_task_to_inode - copy task smack into the inode blob
2036 * @p: task to copy from
251a2a95 2037 * @inode: inode to copy to
e114e473
CS		 2038 *
2039 * Sets the smack pointer in the inode security blob
2040 */
2041static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2042{
2043 struct inode_smack *isp = inode->i_security;
2f823ff8
CS		 2044 struct smack_known *skp = smk_of_task(task_security(p));
2045
21c7eae2 2046 isp->smk_inode = skp;
e114e473
CS		 2047}
2048
2049/*
2050 * Socket hooks.
2051 */
2052
2053/**
2054 * smack_sk_alloc_security - Allocate a socket blob
2055 * @sk: the socket
2056 * @family: unused
251a2a95 2057 * @gfp_flags: memory allocation flags
e114e473
CS		 2058 *
2059 * Assign Smack pointers to current
2060 *
2061 * Returns 0 on success, -ENOMEM is there's no memory
2062 */
2063static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2064{
2f823ff8 2065 struct smack_known *skp = smk_of_current();
e114e473
CS		 2066 struct socket_smack *ssp;
2067
2068 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2069 if (ssp == NULL)
2070 return -ENOMEM;
2071
54e70ec5 2072 ssp->smk_in = skp;
2f823ff8 2073 ssp->smk_out = skp;
272cd7a8 2074 ssp->smk_packet = NULL;
e114e473
CS		 2075
2076 sk->sk_security = ssp;
2077
2078 return 0;
2079}
2080
2081/**
2082 * smack_sk_free_security - Free a socket blob
2083 * @sk: the socket
2084 *
2085 * Clears the blob pointer
2086 */
2087static void smack_sk_free_security(struct sock *sk)
2088{
2089 kfree(sk->sk_security);
2090}
2091
07feee8f
PM		 2092/**
2093* smack_host_label - check host based restrictions
2094* @sip: the object end
2095*
2096* looks for host based access restrictions
2097*
2098* This version will only be appropriate for really small sets of single label
2099* hosts. The caller is responsible for ensuring that the RCU read lock is
2100* taken before calling this function.
2101*
2102* Returns the label of the far end or NULL if it's not special.
2103*/
21c7eae2 2104static struct smack_known *smack_host_label(struct sockaddr_in *sip)
07feee8f
PM		 2105{
2106 struct smk_netlbladdr *snp;
2107 struct in_addr *siap = &sip->sin_addr;
2108
2109 if (siap->s_addr == 0)
2110 return NULL;
2111
2112 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2113 /*
2114 * we break after finding the first match because
2115 * the list is sorted from longest to shortest mask
2116 * so we have found the most specific match
2117 */
2118 if ((&snp->smk_host.sin_addr)->s_addr ==
4303154e
EB		 2119 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2120 /* we have found the special CIPSO option */
21c7eae2 2121 if (snp->smk_label == &smack_cipso_option)
4303154e 2122 return NULL;
07feee8f 2123 return snp->smk_label;
4303154e 2124 }
07feee8f
PM		 2125
2126 return NULL;
2127}
2128
e114e473
CS		 2129/**
2130 * smack_netlabel - Set the secattr on a socket
2131 * @sk: the socket
6d3dc07c 2132 * @labeled: socket label scheme
e114e473
CS		 2133 *
2134 * Convert the outbound smack value (smk_out) to a
2135 * secattr and attach it to the socket.
2136 *
2137 * Returns 0 on success or an error code
2138 */
6d3dc07c 2139static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2140{
f7112e6c 2141 struct smack_known *skp;
07feee8f 2142 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2143 int rc = 0;
e114e473 2144
6d3dc07c
CS		 2145 /*
2146 * Usually the netlabel code will handle changing the
2147 * packet labeling based on the label.
2148 * The case of a single label host is different, because
2149 * a single label host should never get a labeled packet
2150 * even though the label is usually associated with a packet
2151 * label.
2152 */
2153 local_bh_disable();
2154 bh_lock_sock_nested(sk);
2155
2156 if (ssp->smk_out == smack_net_ambient ||
2157 labeled == SMACK_UNLABELED_SOCKET)
2158 netlbl_sock_delattr(sk);
2159 else {
2f823ff8 2160 skp = ssp->smk_out;
f7112e6c 2161 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2162 }
2163
2164 bh_unlock_sock(sk);
2165 local_bh_enable();
4bc87e62 2166
e114e473
CS		 2167 return rc;
2168}
2169
07feee8f
PM		 2170/**
2171 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2172 * @sk: the socket
2173 * @sap: the destination address
2174 *
2175 * Set the correct secattr for the given socket based on the destination
2176 * address and perform any outbound access checks needed.
2177 *
2178 * Returns 0 on success or an error code.
2179 *
2180 */
2181static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2182{
2f823ff8 2183 struct smack_known *skp;
07feee8f
PM		 2184 int rc;
2185 int sk_lbl;
21c7eae2 2186 struct smack_known *hkp;
07feee8f 2187 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2188 struct smk_audit_info ad;
07feee8f
PM		 2189
2190 rcu_read_lock();
21c7eae2
LP		 2191 hkp = smack_host_label(sap);
2192 if (hkp != NULL) {
ecfcc53f 2193#ifdef CONFIG_AUDIT
923e9a13
KC		 2194 struct lsm_network_audit net;
2195
48c62af6
EP		 2196 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2197 ad.a.u.net->family = sap->sin_family;
2198 ad.a.u.net->dport = sap->sin_port;
2199 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2200#endif
923e9a13 2201 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2202 skp = ssp->smk_out;
21c7eae2
LP		 2203 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2204 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2205 } else {
2206 sk_lbl = SMACK_CIPSO_SOCKET;
2207 rc = 0;
2208 }
2209 rcu_read_unlock();
2210 if (rc != 0)
2211 return rc;
2212
2213 return smack_netlabel(sk, sk_lbl);
2214}
2215
c6739443
CS		 2216/**
2217 * smk_ipv6_port_label - Smack port access table management
2218 * @sock: socket
2219 * @address: address
2220 *
2221 * Create or update the port list entry
2222 */
2223static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2224{
2225 struct sock *sk = sock->sk;
2226 struct sockaddr_in6 *addr6;
2227 struct socket_smack *ssp = sock->sk->sk_security;
2228 struct smk_port_label *spp;
2229 unsigned short port = 0;
2230
2231 if (address == NULL) {
2232 /*
2233 * This operation is changing the Smack information
2234 * on the bound socket. Take the changes to the port
2235 * as well.
2236 */
2237 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2238 if (sk != spp->smk_sock)
2239 continue;
2240 spp->smk_in = ssp->smk_in;
2241 spp->smk_out = ssp->smk_out;
2242 return;
2243 }
2244 /*
2245 * A NULL address is only used for updating existing
2246 * bound entries. If there isn't one, it's OK.
2247 */
2248 return;
2249 }
2250
2251 addr6 = (struct sockaddr_in6 *)address;
2252 port = ntohs(addr6->sin6_port);
2253 /*
2254 * This is a special case that is safely ignored.
2255 */
2256 if (port == 0)
2257 return;
2258
2259 /*
2260 * Look for an existing port list entry.
2261 * This is an indication that a port is getting reused.
2262 */
2263 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2264 if (spp->smk_port != port)
2265 continue;
2266 spp->smk_port = port;
2267 spp->smk_sock = sk;
2268 spp->smk_in = ssp->smk_in;
2269 spp->smk_out = ssp->smk_out;
2270 return;
2271 }
2272
2273 /*
2274 * A new port entry is required.
2275 */
2276 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2277 if (spp == NULL)
2278 return;
2279
2280 spp->smk_port = port;
2281 spp->smk_sock = sk;
2282 spp->smk_in = ssp->smk_in;
2283 spp->smk_out = ssp->smk_out;
2284
2285 list_add(&spp->list, &smk_ipv6_port_list);
2286 return;
2287}
2288
2289/**
2290 * smk_ipv6_port_check - check Smack port access
2291 * @sock: socket
2292 * @address: address
2293 *
2294 * Create or update the port list entry
2295 */
6ea06247 2296static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2297 int act)
2298{
2299 __be16 *bep;
2300 __be32 *be32p;
c6739443
CS		 2301 struct smk_port_label *spp;
2302 struct socket_smack *ssp = sk->sk_security;
2f823ff8 2303 struct smack_known *skp;
c6739443 2304 unsigned short port = 0;
21c7eae2 2305 struct smack_known *object;
c6739443 2306 struct smk_audit_info ad;
d166c802 2307 int rc;
c6739443
CS		 2308#ifdef CONFIG_AUDIT
2309 struct lsm_network_audit net;
2310#endif
2311
2312 if (act == SMK_RECEIVING) {
2f823ff8 2313 skp = smack_net_ambient;
21c7eae2 2314 object = ssp->smk_in;
c6739443 2315 } else {
2f823ff8 2316 skp = ssp->smk_out;
21c7eae2 2317 object = smack_net_ambient;
c6739443
CS		 2318 }
2319
2320 /*
2321 * Get the IP address and port from the address.
2322 */
6ea06247
CS		 2323 port = ntohs(address->sin6_port);
2324 bep = (__be16 *)(&address->sin6_addr);
2325 be32p = (__be32 *)(&address->sin6_addr);
c6739443
CS		 2326
2327 /*
2328 * It's remote, so port lookup does no good.
2329 */
2330 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2331 goto auditout;
2332
2333 /*
2334 * It's local so the send check has to have passed.
2335 */
2336 if (act == SMK_RECEIVING) {
2f823ff8 2337 skp = &smack_known_web;
c6739443
CS		 2338 goto auditout;
2339 }
2340
2341 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2342 if (spp->smk_port != port)
2343 continue;
21c7eae2 2344 object = spp->smk_in;
c6739443 2345 if (act == SMK_CONNECTING)
54e70ec5 2346 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2347 break;
2348 }
2349
2350auditout:
2351
2352#ifdef CONFIG_AUDIT
2353 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2354 ad.a.u.net->family = sk->sk_family;
2355 ad.a.u.net->dport = port;
2356 if (act == SMK_RECEIVING)
6ea06247 2357 ad.a.u.net->v6info.saddr = address->sin6_addr;
c6739443 2358 else
6ea06247 2359 ad.a.u.net->v6info.daddr = address->sin6_addr;
c6739443 2360#endif
d166c802
CS		 2361 rc = smk_access(skp, object, MAY_WRITE, &ad);
2362 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2363 return rc;
c6739443
CS		 2364}
2365
e114e473
CS		 2366/**
2367 * smack_inode_setsecurity - set smack xattrs
2368 * @inode: the object
2369 * @name: attribute name
2370 * @value: attribute value
2371 * @size: size of the attribute
2372 * @flags: unused
2373 *
2374 * Sets the named attribute in the appropriate blob
2375 *
2376 * Returns 0 on success, or an error code
2377 */
2378static int smack_inode_setsecurity(struct inode *inode, const char *name,
2379 const void *value, size_t size, int flags)
2380{
2f823ff8 2381 struct smack_known *skp;
e114e473
CS		 2382 struct inode_smack *nsp = inode->i_security;
2383 struct socket_smack *ssp;
2384 struct socket *sock;
4bc87e62 2385 int rc = 0;
e114e473 2386
f7112e6c 2387 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2388 return -EINVAL;
e114e473 2389
2f823ff8
CS		 2390 skp = smk_import_entry(value, size);
2391 if (skp == NULL)
e114e473
CS		 2392 return -EINVAL;
2393
2394 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2395 nsp->smk_inode = skp;
ddd29ec6 2396 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2397 return 0;
2398 }
2399 /*
2400 * The rest of the Smack xattrs are only on sockets.
2401 */
2402 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2403 return -EOPNOTSUPP;
2404
2405 sock = SOCKET_I(inode);
2e1d146a 2406 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2407 return -EOPNOTSUPP;
2408
2409 ssp = sock->sk->sk_security;
2410
2411 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2412 ssp->smk_in = skp;
e114e473 2413 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2414 ssp->smk_out = skp;
c6739443 2415 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2416 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2417 if (rc != 0)
2418 printk(KERN_WARNING
2419 "Smack: \"%s\" netlbl error %d.\n",
2420 __func__, -rc);
2421 }
e114e473
CS		 2422 } else
2423 return -EOPNOTSUPP;
2424
c6739443
CS		 2425 if (sock->sk->sk_family == PF_INET6)
2426 smk_ipv6_port_label(sock, NULL);
2427
e114e473
CS		 2428 return 0;
2429}
2430
2431/**
2432 * smack_socket_post_create - finish socket setup
2433 * @sock: the socket
2434 * @family: protocol family
2435 * @type: unused
2436 * @protocol: unused
2437 * @kern: unused
2438 *
2439 * Sets the netlabel information on the socket
2440 *
2441 * Returns 0 on success, and error code otherwise
2442 */
2443static int smack_socket_post_create(struct socket *sock, int family,
2444 int type, int protocol, int kern)
2445{
2e1d146a 2446 if (family != PF_INET || sock->sk == NULL)
e114e473
CS		 2447 return 0;
2448 /*
2449 * Set the outbound netlbl.
2450 */
6d3dc07c
CS		 2451 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2452}
2453
c6739443
CS		 2454/**
2455 * smack_socket_bind - record port binding information.
2456 * @sock: the socket
2457 * @address: the port address
2458 * @addrlen: size of the address
2459 *
2460 * Records the label bound to a port.
2461 *
2462 * Returns 0
2463 */
2464static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2465 int addrlen)
2466{
2467 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2468 smk_ipv6_port_label(sock, address);
2469
2470 return 0;
2471}
2472
6d3dc07c
CS		 2473/**
2474 * smack_socket_connect - connect access check
2475 * @sock: the socket
2476 * @sap: the other end
2477 * @addrlen: size of sap
2478 *
2479 * Verifies that a connection may be possible
2480 *
2481 * Returns 0 on success, and error code otherwise
2482 */
2483static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2484 int addrlen)
2485{
c6739443
CS		 2486 int rc = 0;
2487
2488 if (sock->sk == NULL)
6d3dc07c 2489 return 0;
6d3dc07c 2490
c6739443
CS		 2491 switch (sock->sk->sk_family) {
2492 case PF_INET:
2493 if (addrlen < sizeof(struct sockaddr_in))
2494 return -EINVAL;
2495 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2496 break;
2497 case PF_INET6:
2498 if (addrlen < sizeof(struct sockaddr_in6))
2499 return -EINVAL;
6ea06247
CS		 2500 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2501 SMK_CONNECTING);
c6739443
CS		 2502 break;
2503 }
2504 return rc;
e114e473
CS		 2505}
2506
2507/**
2508 * smack_flags_to_may - convert S_ to MAY_ values
2509 * @flags: the S_ value
2510 *
2511 * Returns the equivalent MAY_ value
2512 */
2513static int smack_flags_to_may(int flags)
2514{
2515 int may = 0;
2516
2517 if (flags & S_IRUGO)
2518 may |= MAY_READ;
2519 if (flags & S_IWUGO)
2520 may |= MAY_WRITE;
2521 if (flags & S_IXUGO)
2522 may |= MAY_EXEC;
2523
2524 return may;
2525}
2526
2527/**
2528 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2529 * @msg: the object
2530 *
2531 * Returns 0
2532 */
2533static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2534{
2f823ff8
CS		 2535 struct smack_known *skp = smk_of_current();
2536
21c7eae2 2537 msg->security = skp;
e114e473
CS		 2538 return 0;
2539}
2540
2541/**
2542 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2543 * @msg: the object
2544 *
2545 * Clears the blob pointer
2546 */
2547static void smack_msg_msg_free_security(struct msg_msg *msg)
2548{
2549 msg->security = NULL;
2550}
2551
2552/**
2553 * smack_of_shm - the smack pointer for the shm
2554 * @shp: the object
2555 *
2556 * Returns a pointer to the smack value
2557 */
21c7eae2 2558static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
e114e473 2559{
21c7eae2 2560 return (struct smack_known *)shp->shm_perm.security;
e114e473
CS		 2561}
2562
2563/**
2564 * smack_shm_alloc_security - Set the security blob for shm
2565 * @shp: the object
2566 *
2567 * Returns 0
2568 */
2569static int smack_shm_alloc_security(struct shmid_kernel *shp)
2570{
2571 struct kern_ipc_perm *isp = &shp->shm_perm;
2f823ff8 2572 struct smack_known *skp = smk_of_current();
e114e473 2573
21c7eae2 2574 isp->security = skp;
e114e473
CS		 2575 return 0;
2576}
2577
2578/**
2579 * smack_shm_free_security - Clear the security blob for shm
2580 * @shp: the object
2581 *
2582 * Clears the blob pointer
2583 */
2584static void smack_shm_free_security(struct shmid_kernel *shp)
2585{
2586 struct kern_ipc_perm *isp = &shp->shm_perm;
2587
2588 isp->security = NULL;
2589}
2590
ecfcc53f
EB		 2591/**
2592 * smk_curacc_shm : check if current has access on shm
2593 * @shp : the object
2594 * @access : access requested
2595 *
2596 * Returns 0 if current has the requested access, error code otherwise
2597 */
2598static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2599{
21c7eae2 2600 struct smack_known *ssp = smack_of_shm(shp);
ecfcc53f 2601 struct smk_audit_info ad;
d166c802 2602 int rc;
ecfcc53f
EB		 2603
2604#ifdef CONFIG_AUDIT
2605 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2606 ad.a.u.ipc_id = shp->shm_perm.id;
2607#endif
d166c802
CS		 2608 rc = smk_curacc(ssp, access, &ad);
2609 rc = smk_bu_current("shm", ssp, access, rc);
2610 return rc;
ecfcc53f
EB		 2611}
2612
e114e473
CS		 2613/**
2614 * smack_shm_associate - Smack access check for shm
2615 * @shp: the object
2616 * @shmflg: access requested
2617 *
2618 * Returns 0 if current has the requested access, error code otherwise
2619 */
2620static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2621{
e114e473
CS		 2622 int may;
2623
2624 may = smack_flags_to_may(shmflg);
ecfcc53f 2625 return smk_curacc_shm(shp, may);
e114e473
CS		 2626}
2627
2628/**
2629 * smack_shm_shmctl - Smack access check for shm
2630 * @shp: the object
2631 * @cmd: what it wants to do
2632 *
2633 * Returns 0 if current has the requested access, error code otherwise
2634 */
2635static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2636{
e114e473
CS		 2637 int may;
2638
2639 switch (cmd) {
2640 case IPC_STAT:
2641 case SHM_STAT:
2642 may = MAY_READ;
2643 break;
2644 case IPC_SET:
2645 case SHM_LOCK:
2646 case SHM_UNLOCK:
2647 case IPC_RMID:
2648 may = MAY_READWRITE;
2649 break;
2650 case IPC_INFO:
2651 case SHM_INFO:
2652 /*
2653 * System level information.
2654 */
2655 return 0;
2656 default:
2657 return -EINVAL;
2658 }
ecfcc53f 2659 return smk_curacc_shm(shp, may);
e114e473
CS		 2660}
2661
2662/**
2663 * smack_shm_shmat - Smack access for shmat
2664 * @shp: the object
2665 * @shmaddr: unused
2666 * @shmflg: access requested
2667 *
2668 * Returns 0 if current has the requested access, error code otherwise
2669 */
2670static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2671 int shmflg)
2672{
e114e473
CS		 2673 int may;
2674
2675 may = smack_flags_to_may(shmflg);
ecfcc53f 2676 return smk_curacc_shm(shp, may);
e114e473
CS		 2677}
2678
2679/**
2680 * smack_of_sem - the smack pointer for the sem
2681 * @sma: the object
2682 *
2683 * Returns a pointer to the smack value
2684 */
21c7eae2 2685static struct smack_known *smack_of_sem(struct sem_array *sma)
e114e473 2686{
21c7eae2 2687 return (struct smack_known *)sma->sem_perm.security;
e114e473
CS		 2688}
2689
2690/**
2691 * smack_sem_alloc_security - Set the security blob for sem
2692 * @sma: the object
2693 *
2694 * Returns 0
2695 */
2696static int smack_sem_alloc_security(struct sem_array *sma)
2697{
2698 struct kern_ipc_perm *isp = &sma->sem_perm;
2f823ff8 2699 struct smack_known *skp = smk_of_current();
e114e473 2700
21c7eae2 2701 isp->security = skp;
e114e473
CS		 2702 return 0;
2703}
2704
2705/**
2706 * smack_sem_free_security - Clear the security blob for sem
2707 * @sma: the object
2708 *
2709 * Clears the blob pointer
2710 */
2711static void smack_sem_free_security(struct sem_array *sma)
2712{
2713 struct kern_ipc_perm *isp = &sma->sem_perm;
2714
2715 isp->security = NULL;
2716}
2717
ecfcc53f
EB		 2718/**
2719 * smk_curacc_sem : check if current has access on sem
2720 * @sma : the object
2721 * @access : access requested
2722 *
2723 * Returns 0 if current has the requested access, error code otherwise
2724 */
2725static int smk_curacc_sem(struct sem_array *sma, int access)
2726{
21c7eae2 2727 struct smack_known *ssp = smack_of_sem(sma);
ecfcc53f 2728 struct smk_audit_info ad;
d166c802 2729 int rc;
ecfcc53f
EB		 2730
2731#ifdef CONFIG_AUDIT
2732 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2733 ad.a.u.ipc_id = sma->sem_perm.id;
2734#endif
d166c802
CS		 2735 rc = smk_curacc(ssp, access, &ad);
2736 rc = smk_bu_current("sem", ssp, access, rc);
2737 return rc;
ecfcc53f
EB		 2738}
2739
e114e473
CS		 2740/**
2741 * smack_sem_associate - Smack access check for sem
2742 * @sma: the object
2743 * @semflg: access requested
2744 *
2745 * Returns 0 if current has the requested access, error code otherwise
2746 */
2747static int smack_sem_associate(struct sem_array *sma, int semflg)
2748{
e114e473
CS		 2749 int may;
2750
2751 may = smack_flags_to_may(semflg);
ecfcc53f 2752 return smk_curacc_sem(sma, may);
e114e473
CS		 2753}
2754
2755/**
2756 * smack_sem_shmctl - Smack access check for sem
2757 * @sma: the object
2758 * @cmd: what it wants to do
2759 *
2760 * Returns 0 if current has the requested access, error code otherwise
2761 */
2762static int smack_sem_semctl(struct sem_array *sma, int cmd)
2763{
e114e473
CS		 2764 int may;
2765
2766 switch (cmd) {
2767 case GETPID:
2768 case GETNCNT:
2769 case GETZCNT:
2770 case GETVAL:
2771 case GETALL:
2772 case IPC_STAT:
2773 case SEM_STAT:
2774 may = MAY_READ;
2775 break;
2776 case SETVAL:
2777 case SETALL:
2778 case IPC_RMID:
2779 case IPC_SET:
2780 may = MAY_READWRITE;
2781 break;
2782 case IPC_INFO:
2783 case SEM_INFO:
2784 /*
2785 * System level information
2786 */
2787 return 0;
2788 default:
2789 return -EINVAL;
2790 }
2791
ecfcc53f 2792 return smk_curacc_sem(sma, may);
e114e473
CS		 2793}
2794
2795/**
2796 * smack_sem_semop - Smack checks of semaphore operations
2797 * @sma: the object
2798 * @sops: unused
2799 * @nsops: unused
2800 * @alter: unused
2801 *
2802 * Treated as read and write in all cases.
2803 *
2804 * Returns 0 if access is allowed, error code otherwise
2805 */
2806static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2807 unsigned nsops, int alter)
2808{
ecfcc53f 2809 return smk_curacc_sem(sma, MAY_READWRITE);
e114e473
CS		 2810}
2811
2812/**
2813 * smack_msg_alloc_security - Set the security blob for msg
2814 * @msq: the object
2815 *
2816 * Returns 0
2817 */
2818static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2819{
2820 struct kern_ipc_perm *kisp = &msq->q_perm;
2f823ff8 2821 struct smack_known *skp = smk_of_current();
e114e473 2822
21c7eae2 2823 kisp->security = skp;
e114e473
CS		 2824 return 0;
2825}
2826
2827/**
2828 * smack_msg_free_security - Clear the security blob for msg
2829 * @msq: the object
2830 *
2831 * Clears the blob pointer
2832 */
2833static void smack_msg_queue_free_security(struct msg_queue *msq)
2834{
2835 struct kern_ipc_perm *kisp = &msq->q_perm;
2836
2837 kisp->security = NULL;
2838}
2839
2840/**
2841 * smack_of_msq - the smack pointer for the msq
2842 * @msq: the object
2843 *
21c7eae2 2844 * Returns a pointer to the smack label entry
e114e473 2845 */
21c7eae2 2846static struct smack_known *smack_of_msq(struct msg_queue *msq)
e114e473 2847{
21c7eae2 2848 return (struct smack_known *)msq->q_perm.security;
e114e473
CS		 2849}
2850
ecfcc53f
EB		 2851/**
2852 * smk_curacc_msq : helper to check if current has access on msq
2853 * @msq : the msq
2854 * @access : access requested
2855 *
2856 * return 0 if current has access, error otherwise
2857 */
2858static int smk_curacc_msq(struct msg_queue *msq, int access)
2859{
21c7eae2 2860 struct smack_known *msp = smack_of_msq(msq);
ecfcc53f 2861 struct smk_audit_info ad;
d166c802 2862 int rc;
ecfcc53f
EB		 2863
2864#ifdef CONFIG_AUDIT
2865 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2866 ad.a.u.ipc_id = msq->q_perm.id;
2867#endif
d166c802
CS		 2868 rc = smk_curacc(msp, access, &ad);
2869 rc = smk_bu_current("msq", msp, access, rc);
2870 return rc;
ecfcc53f
EB		 2871}
2872
e114e473
CS		 2873/**
2874 * smack_msg_queue_associate - Smack access check for msg_queue
2875 * @msq: the object
2876 * @msqflg: access requested
2877 *
2878 * Returns 0 if current has the requested access, error code otherwise
2879 */
2880static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2881{
e114e473
CS		 2882 int may;
2883
2884 may = smack_flags_to_may(msqflg);
ecfcc53f 2885 return smk_curacc_msq(msq, may);
e114e473
CS		 2886}
2887
2888/**
2889 * smack_msg_queue_msgctl - Smack access check for msg_queue
2890 * @msq: the object
2891 * @cmd: what it wants to do
2892 *
2893 * Returns 0 if current has the requested access, error code otherwise
2894 */
2895static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2896{
e114e473
CS		 2897 int may;
2898
2899 switch (cmd) {
2900 case IPC_STAT:
2901 case MSG_STAT:
2902 may = MAY_READ;
2903 break;
2904 case IPC_SET:
2905 case IPC_RMID:
2906 may = MAY_READWRITE;
2907 break;
2908 case IPC_INFO:
2909 case MSG_INFO:
2910 /*
2911 * System level information
2912 */
2913 return 0;
2914 default:
2915 return -EINVAL;
2916 }
2917
ecfcc53f 2918 return smk_curacc_msq(msq, may);
e114e473
CS		 2919}
2920
2921/**
2922 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2923 * @msq: the object
2924 * @msg: unused
2925 * @msqflg: access requested
2926 *
2927 * Returns 0 if current has the requested access, error code otherwise
2928 */
2929static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2930 int msqflg)
2931{
ecfcc53f 2932 int may;
e114e473 2933
ecfcc53f
EB		 2934 may = smack_flags_to_may(msqflg);
2935 return smk_curacc_msq(msq, may);
e114e473
CS		 2936}
2937
2938/**
2939 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2940 * @msq: the object
2941 * @msg: unused
2942 * @target: unused
2943 * @type: unused
2944 * @mode: unused
2945 *
2946 * Returns 0 if current has read and write access, error code otherwise
2947 */
2948static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2949 struct task_struct *target, long type, int mode)
2950{
ecfcc53f 2951 return smk_curacc_msq(msq, MAY_READWRITE);
e114e473
CS		 2952}
2953
2954/**
2955 * smack_ipc_permission - Smack access for ipc_permission()
2956 * @ipp: the object permissions
2957 * @flag: access requested
2958 *
2959 * Returns 0 if current has read and write access, error code otherwise
2960 */
2961static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2962{
21c7eae2 2963 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 2964 int may = smack_flags_to_may(flag);
2965 struct smk_audit_info ad;
d166c802 2966 int rc;
e114e473 2967
ecfcc53f
EB		 2968#ifdef CONFIG_AUDIT
2969 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2970 ad.a.u.ipc_id = ipp->id;
2971#endif
21c7eae2
LP		 2972 rc = smk_curacc(iskp, may, &ad);
2973 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 2974 return rc;
e114e473
CS		 2975}
2976
d20bdda6
AD		 2977/**
2978 * smack_ipc_getsecid - Extract smack security id
251a2a95 2979 * @ipp: the object permissions
d20bdda6
AD		 2980 * @secid: where result will be saved
2981 */
2982static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2983{
21c7eae2 2984 struct smack_known *iskp = ipp->security;
d20bdda6 2985
21c7eae2 2986 *secid = iskp->smk_secid;
d20bdda6
AD		 2987}
2988
e114e473
CS		 2989/**
2990 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 2991 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 2992 * @inode: the object
2993 *
2994 * Set the inode's security blob if it hasn't been done already.
2995 */
2996static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2997{
2998 struct super_block *sbp;
2999 struct superblock_smack *sbsp;
3000 struct inode_smack *isp;
2f823ff8
CS		 3001 struct smack_known *skp;
3002 struct smack_known *ckp = smk_of_current();
21c7eae2 3003 struct smack_known *final;
5c6d1125
JS		 3004 char trattr[TRANS_TRUE_SIZE];
3005 int transflag = 0;
2267b13a 3006 int rc;
e114e473
CS		 3007 struct dentry *dp;
3008
3009 if (inode == NULL)
3010 return;
3011
3012 isp = inode->i_security;
3013
3014 mutex_lock(&isp->smk_lock);
3015 /*
3016 * If the inode is already instantiated
3017 * take the quick way out
3018 */
3019 if (isp->smk_flags & SMK_INODE_INSTANT)
3020 goto unlockandout;
3021
3022 sbp = inode->i_sb;
3023 sbsp = sbp->s_security;
3024 /*
3025 * We're going to use the superblock default label
3026 * if there's no label on the file.
3027 */
3028 final = sbsp->smk_default;
3029
e97dcb0e
CS		 3030 /*
3031 * If this is the root inode the superblock
3032 * may be in the process of initialization.
3033 * If that is the case use the root value out
3034 * of the superblock.
3035 */
3036 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3037 switch (sbp->s_magic) {
3038 case CGROUP_SUPER_MAGIC:
36ea735b
CS		 3039 /*
3040 * The cgroup filesystem is never mounted,
3041 * so there's no opportunity to set the mount
3042 * options.
3043 */
21c7eae2
LP		 3044 sbsp->smk_root = &smack_known_star;
3045 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3046 isp->smk_inode = sbsp->smk_root;
3047 break;
3048 case TMPFS_MAGIC:
3049 /*
3050 * What about shmem/tmpfs anonymous files with dentry
3051 * obtained from d_alloc_pseudo()?
3052 */
3053 isp->smk_inode = smk_of_current();
3054 break;
3055 default:
3056 isp->smk_inode = sbsp->smk_root;
3057 break;
36ea735b 3058 }
e97dcb0e
CS		 3059 isp->smk_flags |= SMK_INODE_INSTANT;
3060 goto unlockandout;
3061 }
3062
e114e473
CS		 3063 /*
3064 * This is pretty hackish.
3065 * Casey says that we shouldn't have to do
3066 * file system specific code, but it does help
3067 * with keeping it simple.
3068 */
3069 switch (sbp->s_magic) {
3070 case SMACK_MAGIC:
36ea735b
CS		 3071 case PIPEFS_MAGIC:
3072 case SOCKFS_MAGIC:
3073 case CGROUP_SUPER_MAGIC:
e114e473 3074 /*
25985edc 3075 * Casey says that it's a little embarrassing
e114e473
CS		 3076 * that the smack file system doesn't do
3077 * extended attributes.
36ea735b 3078 *
e114e473 3079 * Casey says pipes are easy (?)
36ea735b
CS		 3080 *
3081 * Socket access is controlled by the socket
3082 * structures associated with the task involved.
3083 *
3084 * Cgroupfs is special
e114e473 3085 */
21c7eae2 3086 final = &smack_known_star;
e114e473
CS		 3087 break;
3088 case DEVPTS_SUPER_MAGIC:
3089 /*
3090 * devpts seems content with the label of the task.
3091 * Programs that change smack have to treat the
3092 * pty with respect.
3093 */
21c7eae2 3094 final = ckp;
e114e473 3095 break;
e114e473
CS		 3096 case PROC_SUPER_MAGIC:
3097 /*
3098 * Casey says procfs appears not to care.
3099 * The superblock default suffices.
3100 */
3101 break;
3102 case TMPFS_MAGIC:
3103 /*
3104 * Device labels should come from the filesystem,
3105 * but watch out, because they're volitile,
3106 * getting recreated on every reboot.
3107 */
21c7eae2 3108 final = &smack_known_star;
e114e473
CS		 3109 /*
3110 * No break.
3111 *
3112 * If a smack value has been set we want to use it,
3113 * but since tmpfs isn't giving us the opportunity
3114 * to set mount options simulate setting the
3115 * superblock default.
3116 */
3117 default:
3118 /*
3119 * This isn't an understood special case.
3120 * Get the value from the xattr.
b4e0d5f0
CS		 3121 */
3122
3123 /*
3124 * UNIX domain sockets use lower level socket data.
3125 */
3126 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3127 final = &smack_known_star;
b4e0d5f0
CS		 3128 break;
3129 }
3130 /*
e114e473
CS		 3131 * No xattr support means, alas, no SMACK label.
3132 * Use the aforeapplied default.
3133 * It would be curious if the label of the task
3134 * does not match that assigned.
3135 */
3136 if (inode->i_op->getxattr == NULL)
3137 break;
3138 /*
3139 * Get the dentry for xattr.
3140 */
3e62cbb8 3141 dp = dget(opt_dentry);
2f823ff8
CS		 3142 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3143 if (skp != NULL)
21c7eae2 3144 final = skp;
2267b13a
CS		 3145
3146 /*
3147 * Transmuting directory
3148 */
3149 if (S_ISDIR(inode->i_mode)) {
3150 /*
3151 * If this is a new directory and the label was
3152 * transmuted when the inode was initialized
3153 * set the transmute attribute on the directory
3154 * and mark the inode.
3155 *
3156 * If there is a transmute attribute on the
3157 * directory mark the inode.
3158 */
3159 if (isp->smk_flags & SMK_INODE_CHANGED) {
3160 isp->smk_flags &= ~SMK_INODE_CHANGED;
3161 rc = inode->i_op->setxattr(dp,
5c6d1125 3162 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3163 TRANS_TRUE, TRANS_TRUE_SIZE,
3164 0);
3165 } else {
3166 rc = inode->i_op->getxattr(dp,
3167 XATTR_NAME_SMACKTRANSMUTE, trattr,
3168 TRANS_TRUE_SIZE);
3169 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3170 TRANS_TRUE_SIZE) != 0)
3171 rc = -EINVAL;
5c6d1125 3172 }
2267b13a
CS		 3173 if (rc >= 0)
3174 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3175 }
19760ad0
CS		 3176 /*
3177 * Don't let the exec or mmap label be "*" or "@".
3178 */
3179 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3180 if (skp == &smack_known_star || skp == &smack_known_web)
3181 skp = NULL;
3182 isp->smk_task = skp;
3183 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3184 if (skp == &smack_known_star || skp == &smack_known_web)
3185 skp = NULL;
3186 isp->smk_mmap = skp;
676dac4b 3187
e114e473
CS		 3188 dput(dp);
3189 break;
3190 }
3191
3192 if (final == NULL)
21c7eae2 3193 isp->smk_inode = ckp;
e114e473
CS		 3194 else
3195 isp->smk_inode = final;
3196
5c6d1125 3197 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3198
3199unlockandout:
3200 mutex_unlock(&isp->smk_lock);
3201 return;
3202}
3203
3204/**
3205 * smack_getprocattr - Smack process attribute access
3206 * @p: the object task
3207 * @name: the name of the attribute in /proc/.../attr
3208 * @value: where to put the result
3209 *
3210 * Places a copy of the task Smack into value
3211 *
3212 * Returns the length of the smack label or an error code
3213 */
3214static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3215{
2f823ff8 3216 struct smack_known *skp = smk_of_task(task_security(p));
e114e473
CS		 3217 char *cp;
3218 int slen;
3219
3220 if (strcmp(name, "current") != 0)
3221 return -EINVAL;
3222
2f823ff8 3223 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3224 if (cp == NULL)
3225 return -ENOMEM;
3226
3227 slen = strlen(cp);
3228 *value = cp;
3229 return slen;
3230}
3231
3232/**
3233 * smack_setprocattr - Smack process attribute setting
3234 * @p: the object task
3235 * @name: the name of the attribute in /proc/.../attr
3236 * @value: the value to set
3237 * @size: the size of the value
3238 *
3239 * Sets the Smack value of the task. Only setting self
3240 * is permitted and only with privilege
3241 *
3242 * Returns the length of the smack label or an error code
3243 */
3244static int smack_setprocattr(struct task_struct *p, char *name,
3245 void *value, size_t size)
3246{
676dac4b 3247 struct task_smack *tsp;
d84f4f99 3248 struct cred *new;
2f823ff8 3249 struct smack_known *skp;
e114e473 3250
e114e473
CS		 3251 /*
3252 * Changing another process' Smack value is too dangerous
3253 * and supports no sane use case.
3254 */
3255 if (p != current)
3256 return -EPERM;
3257
1880eff7 3258 if (!smack_privileged(CAP_MAC_ADMIN))
5cd9c58f
DH		 3259 return -EPERM;
3260
f7112e6c 3261 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3262 return -EINVAL;
3263
3264 if (strcmp(name, "current") != 0)
3265 return -EINVAL;
3266
2f823ff8
CS		 3267 skp = smk_import_entry(value, size);
3268 if (skp == NULL)
e114e473
CS		 3269 return -EINVAL;
3270
6d3dc07c
CS		 3271 /*
3272 * No process is ever allowed the web ("@") label.
3273 */
2f823ff8 3274 if (skp == &smack_known_web)
6d3dc07c
CS		 3275 return -EPERM;
3276
d84f4f99 3277 new = prepare_creds();
6d3dc07c 3278 if (new == NULL)
d84f4f99 3279 return -ENOMEM;
7898e1f8 3280
46a2f3b9 3281 tsp = new->security;
2f823ff8 3282 tsp->smk_task = skp;
7898e1f8 3283
d84f4f99 3284 commit_creds(new);
e114e473
CS		 3285 return size;
3286}
3287
3288/**
3289 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3290 * @sock: one sock
3291 * @other: the other sock
e114e473
CS		 3292 * @newsk: unused
3293 *
3294 * Return 0 if a subject with the smack of sock could access
3295 * an object with the smack of other, otherwise an error code
3296 */
3610cda5
DM		 3297static int smack_unix_stream_connect(struct sock *sock,
3298 struct sock *other, struct sock *newsk)
e114e473 3299{
2f823ff8 3300 struct smack_known *skp;
54e70ec5 3301 struct smack_known *okp;
d2e7ad19
JM		 3302 struct socket_smack *ssp = sock->sk_security;
3303 struct socket_smack *osp = other->sk_security;
975d5e55 3304 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3305 struct smk_audit_info ad;
b4e0d5f0 3306 int rc = 0;
923e9a13
KC		 3307#ifdef CONFIG_AUDIT
3308 struct lsm_network_audit net;
923e9a13 3309#endif
b4e0d5f0 3310
2f823ff8
CS		 3311 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3312 skp = ssp->smk_out;
96be7b54 3313 okp = osp->smk_in;
54e70ec5
CS		 3314#ifdef CONFIG_AUDIT
3315 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3316 smk_ad_setfield_u_net_sk(&ad, other);
3317#endif
21c7eae2
LP		 3318 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3319 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3320 if (rc == 0) {
96be7b54
ZJ		 3321 okp = osp->smk_out;
3322 skp = ssp->smk_in;
21c7eae2
LP		 3323 rc = smk_access(okp, skp, MAY_WRITE, NULL);
3324 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3325 MAY_WRITE, rc);
3326 }
2f823ff8 3327 }
b4e0d5f0 3328
975d5e55
CS		 3329 /*
3330 * Cross reference the peer labels for SO_PEERSEC.
3331 */
3332 if (rc == 0) {
54e70ec5
CS		 3333 nsp->smk_packet = ssp->smk_out;
3334 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3335 }
3336
b4e0d5f0 3337 return rc;
e114e473
CS		 3338}
3339
3340/**
3341 * smack_unix_may_send - Smack access on UDS
3342 * @sock: one socket
3343 * @other: the other socket
3344 *
3345 * Return 0 if a subject with the smack of sock could access
3346 * an object with the smack of other, otherwise an error code
3347 */
3348static int smack_unix_may_send(struct socket *sock, struct socket *other)
3349{
b4e0d5f0
CS		 3350 struct socket_smack *ssp = sock->sk->sk_security;
3351 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3352 struct smk_audit_info ad;
d166c802 3353 int rc;
e114e473 3354
923e9a13
KC		 3355#ifdef CONFIG_AUDIT
3356 struct lsm_network_audit net;
3357
48c62af6 3358 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3359 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3360#endif
b4e0d5f0 3361
2f823ff8
CS		 3362 if (smack_privileged(CAP_MAC_OVERRIDE))
3363 return 0;
b4e0d5f0 3364
21c7eae2
LP		 3365 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3366 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3367 return rc;
e114e473
CS		 3368}
3369
6d3dc07c
CS		 3370/**
3371 * smack_socket_sendmsg - Smack check based on destination host
3372 * @sock: the socket
251a2a95 3373 * @msg: the message
6d3dc07c
CS		 3374 * @size: the size of the message
3375 *
c6739443
CS		 3376 * Return 0 if the current subject can write to the destination host.
3377 * For IPv4 this is only a question if the destination is a single label host.
3378 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3379 */
3380static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3381 int size)
3382{
3383 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
6ea06247 3384 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
c6739443 3385 int rc = 0;
6d3dc07c
CS		 3386
3387 /*
3388 * Perfectly reasonable for this to be NULL
3389 */
c6739443 3390 if (sip == NULL)
6d3dc07c
CS		 3391 return 0;
3392
c6739443
CS		 3393 switch (sip->sin_family) {
3394 case AF_INET:
3395 rc = smack_netlabel_send(sock->sk, sip);
3396 break;
3397 case AF_INET6:
3398 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3399 break;
3400 }
3401 return rc;
6d3dc07c
CS		 3402}
3403
e114e473 3404/**
251a2a95 3405 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3406 * @sap: netlabel secattr
272cd7a8 3407 * @ssp: socket security information
e114e473 3408 *
2f823ff8 3409 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3410 */
2f823ff8
CS		 3411static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3412 struct socket_smack *ssp)
e114e473 3413{
2f823ff8 3414 struct smack_known *skp;
f7112e6c 3415 int found = 0;
677264e8
CS		 3416 int acat;
3417 int kcat;
e114e473 3418
6d3dc07c 3419 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3420 /*
6d3dc07c 3421 * Looks like a CIPSO packet.
e114e473
CS		 3422 * If there are flags but no level netlabel isn't
3423 * behaving the way we expect it to.
3424 *
f7112e6c 3425 * Look it up in the label table
e114e473
CS		 3426 * Without guidance regarding the smack value
3427 * for the packet fall back on the network
3428 * ambient value.
3429 */
f7112e6c 3430 rcu_read_lock();
2f823ff8
CS		 3431 list_for_each_entry(skp, &smack_known_list, list) {
3432 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3433 continue;
677264e8
CS		 3434 /*
3435 * Compare the catsets. Use the netlbl APIs.
3436 */
3437 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3438 if ((skp->smk_netlabel.flags &
3439 NETLBL_SECATTR_MLS_CAT) == 0)
3440 found = 1;
3441 break;
3442 }
3443 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3444 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3445 acat + 1);
3446 kcat = netlbl_catmap_walk(
677264e8
CS		 3447 skp->smk_netlabel.attr.mls.cat,
3448 kcat + 1);
3449 if (acat < 0 || kcat < 0)
3450 break;
3451 }
3452 if (acat == kcat) {
3453 found = 1;
3454 break;
3455 }
6d3dc07c 3456 }
f7112e6c
CS		 3457 rcu_read_unlock();
3458
3459 if (found)
2f823ff8 3460 return skp;
f7112e6c 3461
54e70ec5 3462 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3463 return &smack_known_web;
3464 return &smack_known_star;
e114e473 3465 }
6d3dc07c
CS		 3466 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3467 /*
3468 * Looks like a fallback, which gives us a secid.
3469 */
2f823ff8 3470 skp = smack_from_secid(sap->attr.secid);
6d3dc07c
CS		 3471 /*
3472 * This has got to be a bug because it is
3473 * impossible to specify a fallback without
3474 * specifying the label, which will ensure
3475 * it has a secid, and the only way to get a
3476 * secid is from a fallback.
3477 */
2f823ff8
CS		 3478 BUG_ON(skp == NULL);
3479 return skp;
e114e473
CS		 3480 }
3481 /*
6d3dc07c
CS		 3482 * Without guidance regarding the smack value
3483 * for the packet fall back on the network
3484 * ambient value.
e114e473 3485 */
272cd7a8 3486 return smack_net_ambient;
e114e473
CS		 3487}
3488
6ea06247 3489static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3490{
c6739443
CS		 3491 u8 nexthdr;
3492 int offset;
3493 int proto = -EINVAL;
3494 struct ipv6hdr _ipv6h;
3495 struct ipv6hdr *ip6;
3496 __be16 frag_off;
3497 struct tcphdr _tcph, *th;
3498 struct udphdr _udph, *uh;
3499 struct dccp_hdr _dccph, *dh;
3500
3501 sip->sin6_port = 0;
3502
3503 offset = skb_network_offset(skb);
3504 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3505 if (ip6 == NULL)
3506 return -EINVAL;
3507 sip->sin6_addr = ip6->saddr;
3508
3509 nexthdr = ip6->nexthdr;
3510 offset += sizeof(_ipv6h);
3511 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3512 if (offset < 0)
3513 return -EINVAL;
3514
3515 proto = nexthdr;
3516 switch (proto) {
3517 case IPPROTO_TCP:
3518 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3519 if (th != NULL)
3520 sip->sin6_port = th->source;
3521 break;
3522 case IPPROTO_UDP:
3523 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3524 if (uh != NULL)
3525 sip->sin6_port = uh->source;
3526 break;
3527 case IPPROTO_DCCP:
3528 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3529 if (dh != NULL)
3530 sip->sin6_port = dh->dccph_sport;
3531 break;
3532 }
3533 return proto;
3534}
3535
e114e473
CS		 3536/**
3537 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3538 * @sk: socket
3539 * @skb: packet
3540 *
3541 * Returns 0 if the packet should be delivered, an error code otherwise
3542 */
3543static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3544{
3545 struct netlbl_lsm_secattr secattr;
3546 struct socket_smack *ssp = sk->sk_security;
2f823ff8 3547 struct smack_known *skp;
6ea06247 3548 struct sockaddr_in6 sadd;
c6739443 3549 int rc = 0;
ecfcc53f 3550 struct smk_audit_info ad;
923e9a13 3551#ifdef CONFIG_AUDIT
48c62af6 3552 struct lsm_network_audit net;
923e9a13 3553#endif
c6739443
CS		 3554 switch (sk->sk_family) {
3555 case PF_INET:
3556 /*
3557 * Translate what netlabel gave us.
3558 */
3559 netlbl_secattr_init(&secattr);
6d3dc07c 3560
c6739443
CS		 3561 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3562 if (rc == 0)
2f823ff8 3563 skp = smack_from_secattr(&secattr, ssp);
c6739443 3564 else
2f823ff8 3565 skp = smack_net_ambient;
6d3dc07c 3566
c6739443 3567 netlbl_secattr_destroy(&secattr);
6d3dc07c 3568
ecfcc53f 3569#ifdef CONFIG_AUDIT
c6739443
CS		 3570 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3571 ad.a.u.net->family = sk->sk_family;
3572 ad.a.u.net->netif = skb->skb_iif;
3573 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3574#endif
c6739443
CS		 3575 /*
3576 * Receiving a packet requires that the other end
3577 * be able to write here. Read access is not required.
3578 * This is the simplist possible security model
3579 * for networking.
3580 */
21c7eae2
LP		 3581 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3582 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3583 MAY_WRITE, rc);
c6739443
CS		 3584 if (rc != 0)
3585 netlbl_skbuff_err(skb, rc, 0);
3586 break;
3587 case PF_INET6:
3588 rc = smk_skb_to_addr_ipv6(skb, &sadd);
3589 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3590 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3591 else
3592 rc = 0;
3593 break;
3594 }
a8134296 3595 return rc;
e114e473
CS		 3596}
3597
3598/**
3599 * smack_socket_getpeersec_stream - pull in packet label
3600 * @sock: the socket
3601 * @optval: user's destination
3602 * @optlen: size thereof
251a2a95 3603 * @len: max thereof
e114e473
CS		 3604 *
3605 * returns zero on success, an error code otherwise
3606 */
3607static int smack_socket_getpeersec_stream(struct socket *sock,
3608 char __user *optval,
3609 int __user *optlen, unsigned len)
3610{
3611 struct socket_smack *ssp;
272cd7a8
CS		 3612 char *rcp = "";
3613 int slen = 1;
e114e473
CS		 3614 int rc = 0;
3615
3616 ssp = sock->sk->sk_security;
272cd7a8 3617 if (ssp->smk_packet != NULL) {
54e70ec5 3618 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 3619 slen = strlen(rcp) + 1;
3620 }
e114e473
CS		 3621
3622 if (slen > len)
3623 rc = -ERANGE;
272cd7a8 3624 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 3625 rc = -EFAULT;
3626
3627 if (put_user(slen, optlen) != 0)
3628 rc = -EFAULT;
3629
3630 return rc;
3631}
3632
3633
3634/**
3635 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 3636 * @sock: the peer socket
e114e473
CS		 3637 * @skb: packet data
3638 * @secid: pointer to where to put the secid of the packet
3639 *
3640 * Sets the netlabel socket state on sk from parent
3641 */
3642static int smack_socket_getpeersec_dgram(struct socket *sock,
3643 struct sk_buff *skb, u32 *secid)
3644
3645{
3646 struct netlbl_lsm_secattr secattr;
272cd7a8 3647 struct socket_smack *ssp = NULL;
2f823ff8 3648 struct smack_known *skp;
b4e0d5f0
CS		 3649 int family = PF_UNSPEC;
3650 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 3651 int rc;
3652
b4e0d5f0
CS		 3653 if (skb != NULL) {
3654 if (skb->protocol == htons(ETH_P_IP))
3655 family = PF_INET;
3656 else if (skb->protocol == htons(ETH_P_IPV6))
3657 family = PF_INET6;
e114e473 3658 }
b4e0d5f0
CS		 3659 if (family == PF_UNSPEC && sock != NULL)
3660 family = sock->sk->sk_family;
e114e473 3661
b4e0d5f0 3662 if (family == PF_UNIX) {
272cd7a8 3663 ssp = sock->sk->sk_security;
2f823ff8 3664 s = ssp->smk_out->smk_secid;
b4e0d5f0
CS		 3665 } else if (family == PF_INET || family == PF_INET6) {
3666 /*
3667 * Translate what netlabel gave us.
3668 */
272cd7a8
CS		 3669 if (sock != NULL && sock->sk != NULL)
3670 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 3671 netlbl_secattr_init(&secattr);
3672 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3673 if (rc == 0) {
2f823ff8
CS		 3674 skp = smack_from_secattr(&secattr, ssp);
3675 s = skp->smk_secid;
b4e0d5f0
CS		 3676 }
3677 netlbl_secattr_destroy(&secattr);
3678 }
3679 *secid = s;
e114e473
CS		 3680 if (s == 0)
3681 return -EINVAL;
e114e473
CS		 3682 return 0;
3683}
3684
3685/**
07feee8f
PM		 3686 * smack_sock_graft - Initialize a newly created socket with an existing sock
3687 * @sk: child sock
3688 * @parent: parent socket
e114e473 3689 *
07feee8f
PM		 3690 * Set the smk_{in,out} state of an existing sock based on the process that
3691 * is creating the new socket.
e114e473
CS		 3692 */
3693static void smack_sock_graft(struct sock *sk, struct socket *parent)
3694{
3695 struct socket_smack *ssp;
2f823ff8 3696 struct smack_known *skp = smk_of_current();
e114e473 3697
07feee8f
PM		 3698 if (sk == NULL ||
3699 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 3700 return;
3701
3702 ssp = sk->sk_security;
54e70ec5 3703 ssp->smk_in = skp;
2f823ff8 3704 ssp->smk_out = skp;
07feee8f 3705 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 3706}
3707
3708/**
3709 * smack_inet_conn_request - Smack access check on connect
3710 * @sk: socket involved
3711 * @skb: packet
3712 * @req: unused
3713 *
3714 * Returns 0 if a task with the packet label could write to
3715 * the socket, otherwise an error code
3716 */
3717static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3718 struct request_sock *req)
3719{
07feee8f 3720 u16 family = sk->sk_family;
f7112e6c 3721 struct smack_known *skp;
e114e473 3722 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 3723 struct netlbl_lsm_secattr secattr;
3724 struct sockaddr_in addr;
3725 struct iphdr *hdr;
21c7eae2 3726 struct smack_known *hskp;
e114e473 3727 int rc;
ecfcc53f 3728 struct smk_audit_info ad;
923e9a13 3729#ifdef CONFIG_AUDIT
48c62af6 3730 struct lsm_network_audit net;
923e9a13 3731#endif
e114e473 3732
c6739443
CS		 3733 if (family == PF_INET6) {
3734 /*
3735 * Handle mapped IPv4 packets arriving
3736 * via IPv6 sockets. Don't set up netlabel
3737 * processing on IPv6.
3738 */
3739 if (skb->protocol == htons(ETH_P_IP))
3740 family = PF_INET;
3741 else
3742 return 0;
3743 }
e114e473 3744
07feee8f
PM		 3745 netlbl_secattr_init(&secattr);
3746 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 3747 if (rc == 0)
2f823ff8 3748 skp = smack_from_secattr(&secattr, ssp);
e114e473 3749 else
2f823ff8 3750 skp = &smack_known_huh;
07feee8f
PM		 3751 netlbl_secattr_destroy(&secattr);
3752
ecfcc53f 3753#ifdef CONFIG_AUDIT
48c62af6
EP		 3754 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3755 ad.a.u.net->family = family;
3756 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 3757 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3758#endif
e114e473 3759 /*
07feee8f
PM		 3760 * Receiving a packet requires that the other end be able to write
3761 * here. Read access is not required.
e114e473 3762 */
21c7eae2
LP		 3763 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3764 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 3765 if (rc != 0)
3766 return rc;
3767
3768 /*
3769 * Save the peer's label in the request_sock so we can later setup
3770 * smk_packet in the child socket so that SO_PEERCRED can report it.
3771 */
2f823ff8 3772 req->peer_secid = skp->smk_secid;
07feee8f
PM		 3773
3774 /*
3775 * We need to decide if we want to label the incoming connection here
3776 * if we do we only need to label the request_sock and the stack will
25985edc 3777 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 3778 */
3779 hdr = ip_hdr(skb);
3780 addr.sin_addr.s_addr = hdr->saddr;
3781 rcu_read_lock();
21c7eae2 3782 hskp = smack_host_label(&addr);
f7112e6c
CS		 3783 rcu_read_unlock();
3784
21c7eae2 3785 if (hskp == NULL)
f7112e6c 3786 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 3787 else
07feee8f 3788 netlbl_req_delattr(req);
e114e473
CS		 3789
3790 return rc;
3791}
3792
07feee8f
PM		 3793/**
3794 * smack_inet_csk_clone - Copy the connection information to the new socket
3795 * @sk: the new socket
3796 * @req: the connection's request_sock
3797 *
3798 * Transfer the connection's peer label to the newly created socket.
3799 */
3800static void smack_inet_csk_clone(struct sock *sk,
3801 const struct request_sock *req)
3802{
3803 struct socket_smack *ssp = sk->sk_security;
2f823ff8 3804 struct smack_known *skp;
07feee8f 3805
2f823ff8
CS		 3806 if (req->peer_secid != 0) {
3807 skp = smack_from_secid(req->peer_secid);
54e70ec5 3808 ssp->smk_packet = skp;
2f823ff8 3809 } else
272cd7a8 3810 ssp->smk_packet = NULL;
07feee8f
PM		 3811}
3812
e114e473
CS		 3813/*
3814 * Key management security hooks
3815 *
3816 * Casey has not tested key support very heavily.
3817 * The permission check is most likely too restrictive.
3818 * If you care about keys please have a look.
3819 */
3820#ifdef CONFIG_KEYS
3821
3822/**
3823 * smack_key_alloc - Set the key security blob
3824 * @key: object
d84f4f99 3825 * @cred: the credentials to use
e114e473
CS		 3826 * @flags: unused
3827 *
3828 * No allocation required
3829 *
3830 * Returns 0
3831 */
d84f4f99 3832static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 3833 unsigned long flags)
3834{
2f823ff8
CS		 3835 struct smack_known *skp = smk_of_task(cred->security);
3836
21c7eae2 3837 key->security = skp;
e114e473
CS		 3838 return 0;
3839}
3840
3841/**
3842 * smack_key_free - Clear the key security blob
3843 * @key: the object
3844 *
3845 * Clear the blob pointer
3846 */
3847static void smack_key_free(struct key *key)
3848{
3849 key->security = NULL;
3850}
3851
1a28979b 3852/**
e114e473
CS		 3853 * smack_key_permission - Smack access on a key
3854 * @key_ref: gets to the object
d84f4f99 3855 * @cred: the credentials to use
1a28979b 3856 * @perm: requested key permissions
e114e473
CS		 3857 *
3858 * Return 0 if the task has read and write to the object,
3859 * an error code otherwise
3860 */
3861static int smack_key_permission(key_ref_t key_ref,
f5895943 3862 const struct cred *cred, unsigned perm)
e114e473
CS		 3863{
3864 struct key *keyp;
ecfcc53f 3865 struct smk_audit_info ad;
2f823ff8 3866 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 3867 int request = 0;
d166c802 3868 int rc;
e114e473
CS		 3869
3870 keyp = key_ref_to_ptr(key_ref);
3871 if (keyp == NULL)
3872 return -EINVAL;
3873 /*
3874 * If the key hasn't been initialized give it access so that
3875 * it may do so.
3876 */
3877 if (keyp->security == NULL)
3878 return 0;
3879 /*
3880 * This should not occur
3881 */
2f823ff8 3882 if (tkp == NULL)
e114e473 3883 return -EACCES;
ecfcc53f
EB		 3884#ifdef CONFIG_AUDIT
3885 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3886 ad.a.u.key_struct.key = keyp->serial;
3887 ad.a.u.key_struct.key_desc = keyp->description;
3888#endif
fffea214
DK		 3889 if (perm & KEY_NEED_READ)
3890 request = MAY_READ;
3891 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3892 request = MAY_WRITE;
d166c802
CS		 3893 rc = smk_access(tkp, keyp->security, request, &ad);
3894 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3895 return rc;
e114e473
CS		 3896}
3897#endif /* CONFIG_KEYS */
3898
d20bdda6
AD		 3899/*
3900 * Smack Audit hooks
3901 *
3902 * Audit requires a unique representation of each Smack specific
3903 * rule. This unique representation is used to distinguish the
3904 * object to be audited from remaining kernel objects and also
3905 * works as a glue between the audit hooks.
3906 *
3907 * Since repository entries are added but never deleted, we'll use
3908 * the smack_known label address related to the given audit rule as
3909 * the needed unique representation. This also better fits the smack
3910 * model where nearly everything is a label.
3911 */
3912#ifdef CONFIG_AUDIT
3913
3914/**
3915 * smack_audit_rule_init - Initialize a smack audit rule
3916 * @field: audit rule fields given from user-space (audit.h)
3917 * @op: required testing operator (=, !=, >, <, ...)
3918 * @rulestr: smack label to be audited
3919 * @vrule: pointer to save our own audit rule representation
3920 *
3921 * Prepare to audit cases where (@field @op @rulestr) is true.
3922 * The label to be audited is created if necessay.
3923 */
3924static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3925{
21c7eae2 3926 struct smack_known *skp;
d20bdda6
AD		 3927 char **rule = (char **)vrule;
3928 *rule = NULL;
3929
3930 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3931 return -EINVAL;
3932
5af75d8d 3933 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 3934 return -EINVAL;
3935
21c7eae2
LP		 3936 skp = smk_import_entry(rulestr, 0);
3937 if (skp)
3938 *rule = skp->smk_known;
d20bdda6
AD		 3939
3940 return 0;
3941}
3942
3943/**
3944 * smack_audit_rule_known - Distinguish Smack audit rules
3945 * @krule: rule of interest, in Audit kernel representation format
3946 *
3947 * This is used to filter Smack rules from remaining Audit ones.
3948 * If it's proved that this rule belongs to us, the
3949 * audit_rule_match hook will be called to do the final judgement.
3950 */
3951static int smack_audit_rule_known(struct audit_krule *krule)
3952{
3953 struct audit_field *f;
3954 int i;
3955
3956 for (i = 0; i < krule->field_count; i++) {
3957 f = &krule->fields[i];
3958
3959 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3960 return 1;
3961 }
3962
3963 return 0;
3964}
3965
3966/**
3967 * smack_audit_rule_match - Audit given object ?
3968 * @secid: security id for identifying the object to test
3969 * @field: audit rule flags given from user-space
3970 * @op: required testing operator
3971 * @vrule: smack internal rule presentation
3972 * @actx: audit context associated with the check
3973 *
3974 * The core Audit hook. It's used to take the decision of
3975 * whether to audit or not to audit a given object.
3976 */
3977static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3978 struct audit_context *actx)
3979{
2f823ff8 3980 struct smack_known *skp;
d20bdda6
AD		 3981 char *rule = vrule;
3982
4eb0f4ab
RGB		 3983 if (unlikely(!rule)) {
3984 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 3985 return -ENOENT;
3986 }
3987
3988 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3989 return 0;
3990
2f823ff8 3991 skp = smack_from_secid(secid);
d20bdda6
AD		 3992
3993 /*
3994 * No need to do string comparisons. If a match occurs,
3995 * both pointers will point to the same smack_known
3996 * label.
3997 */
5af75d8d 3998 if (op == Audit_equal)
2f823ff8 3999 return (rule == skp->smk_known);
5af75d8d 4000 if (op == Audit_not_equal)
2f823ff8 4001 return (rule != skp->smk_known);
d20bdda6
AD		 4002
4003 return 0;
4004}
4005
4006/**
4007 * smack_audit_rule_free - free smack rule representation
4008 * @vrule: rule to be freed.
4009 *
4010 * No memory was allocated.
4011 */
4012static void smack_audit_rule_free(void *vrule)
4013{
4014 /* No-op */
4015}
4016
4017#endif /* CONFIG_AUDIT */
4018
746df9b5
DQ		 4019/**
4020 * smack_ismaclabel - check if xattr @name references a smack MAC label
4021 * @name: Full xattr name to check.
4022 */
4023static int smack_ismaclabel(const char *name)
4024{
4025 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4026}
4027
4028
251a2a95 4029/**
e114e473
CS		 4030 * smack_secid_to_secctx - return the smack label for a secid
4031 * @secid: incoming integer
4032 * @secdata: destination
4033 * @seclen: how long it is
4034 *
4035 * Exists for networking code.
4036 */
4037static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4038{
2f823ff8 4039 struct smack_known *skp = smack_from_secid(secid);
e114e473 4040
d5630b9d 4041 if (secdata)
2f823ff8
CS		 4042 *secdata = skp->smk_known;
4043 *seclen = strlen(skp->smk_known);
e114e473
CS		 4044 return 0;
4045}
4046
251a2a95 4047/**
4bc87e62
CS		 4048 * smack_secctx_to_secid - return the secid for a smack label
4049 * @secdata: smack label
4050 * @seclen: how long result is
4051 * @secid: outgoing integer
4052 *
4053 * Exists for audit and networking code.
4054 */
e52c1764 4055static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4056{
21c7eae2
LP		 4057 struct smack_known *skp = smk_find_entry(secdata);
4058
4059 if (skp)
4060 *secid = skp->smk_secid;
4061 else
4062 *secid = 0;
4bc87e62
CS		 4063 return 0;
4064}
4065
251a2a95 4066/**
e114e473 4067 * smack_release_secctx - don't do anything.
251a2a95
RD		 4068 * @secdata: unused
4069 * @seclen: unused
e114e473
CS		 4070 *
4071 * Exists to make sure nothing gets done, and properly
4072 */
4073static void smack_release_secctx(char *secdata, u32 seclen)
4074{
4075}
4076
1ee65e37
DQ		 4077static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4078{
4079 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4080}
4081
4082static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4083{
4084 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4085}
4086
4087static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4088{
4089 int len = 0;
4090 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4091
4092 if (len < 0)
4093 return len;
4094 *ctxlen = len;
4095 return 0;
4096}
4097
076c54c5
AD		 4098struct security_operations smack_ops = {
4099 .name = "smack",
4100
9e48858f 4101 .ptrace_access_check = smack_ptrace_access_check,
5cd9c58f 4102 .ptrace_traceme = smack_ptrace_traceme,
e114e473 4103 .syslog = smack_syslog,
e114e473
CS		 4104
4105 .sb_alloc_security = smack_sb_alloc_security,
4106 .sb_free_security = smack_sb_free_security,
4107 .sb_copy_data = smack_sb_copy_data,
4108 .sb_kern_mount = smack_sb_kern_mount,
4109 .sb_statfs = smack_sb_statfs,
e114e473 4110
676dac4b 4111 .bprm_set_creds = smack_bprm_set_creds,
84088ba2
JS		 4112 .bprm_committing_creds = smack_bprm_committing_creds,
4113 .bprm_secureexec = smack_bprm_secureexec,
676dac4b 4114
e114e473
CS		 4115 .inode_alloc_security = smack_inode_alloc_security,
4116 .inode_free_security = smack_inode_free_security,
4117 .inode_init_security = smack_inode_init_security,
4118 .inode_link = smack_inode_link,
4119 .inode_unlink = smack_inode_unlink,
4120 .inode_rmdir = smack_inode_rmdir,
4121 .inode_rename = smack_inode_rename,
4122 .inode_permission = smack_inode_permission,
4123 .inode_setattr = smack_inode_setattr,
4124 .inode_getattr = smack_inode_getattr,
4125 .inode_setxattr = smack_inode_setxattr,
4126 .inode_post_setxattr = smack_inode_post_setxattr,
4127 .inode_getxattr = smack_inode_getxattr,
4128 .inode_removexattr = smack_inode_removexattr,
4129 .inode_getsecurity = smack_inode_getsecurity,
4130 .inode_setsecurity = smack_inode_setsecurity,
4131 .inode_listsecurity = smack_inode_listsecurity,
d20bdda6 4132 .inode_getsecid = smack_inode_getsecid,
e114e473
CS		 4133
4134 .file_permission = smack_file_permission,
4135 .file_alloc_security = smack_file_alloc_security,
4136 .file_free_security = smack_file_free_security,
4137 .file_ioctl = smack_file_ioctl,
4138 .file_lock = smack_file_lock,
4139 .file_fcntl = smack_file_fcntl,
e5467859
AV		 4140 .mmap_file = smack_mmap_file,
4141 .mmap_addr = cap_mmap_addr,
e114e473
CS		 4142 .file_set_fowner = smack_file_set_fowner,
4143 .file_send_sigiotask = smack_file_send_sigiotask,
4144 .file_receive = smack_file_receive,
4145
83d49856 4146 .file_open = smack_file_open,
531f1d45 4147
ee18d64c 4148 .cred_alloc_blank = smack_cred_alloc_blank,
f1752eec 4149 .cred_free = smack_cred_free,
d84f4f99 4150 .cred_prepare = smack_cred_prepare,
ee18d64c 4151 .cred_transfer = smack_cred_transfer,
3a3b7ce9
DH		 4152 .kernel_act_as = smack_kernel_act_as,
4153 .kernel_create_files_as = smack_kernel_create_files_as,
e114e473
CS		 4154 .task_setpgid = smack_task_setpgid,
4155 .task_getpgid = smack_task_getpgid,
4156 .task_getsid = smack_task_getsid,
4157 .task_getsecid = smack_task_getsecid,
4158 .task_setnice = smack_task_setnice,
4159 .task_setioprio = smack_task_setioprio,
4160 .task_getioprio = smack_task_getioprio,
4161 .task_setscheduler = smack_task_setscheduler,
4162 .task_getscheduler = smack_task_getscheduler,
4163 .task_movememory = smack_task_movememory,
4164 .task_kill = smack_task_kill,
4165 .task_wait = smack_task_wait,
e114e473
CS		 4166 .task_to_inode = smack_task_to_inode,
4167
4168 .ipc_permission = smack_ipc_permission,
d20bdda6 4169 .ipc_getsecid = smack_ipc_getsecid,
e114e473
CS		 4170
4171 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
4172 .msg_msg_free_security = smack_msg_msg_free_security,
4173
4174 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
4175 .msg_queue_free_security = smack_msg_queue_free_security,
4176 .msg_queue_associate = smack_msg_queue_associate,
4177 .msg_queue_msgctl = smack_msg_queue_msgctl,
4178 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
4179 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
4180
4181 .shm_alloc_security = smack_shm_alloc_security,
4182 .shm_free_security = smack_shm_free_security,
4183 .shm_associate = smack_shm_associate,
4184 .shm_shmctl = smack_shm_shmctl,
4185 .shm_shmat = smack_shm_shmat,
4186
4187 .sem_alloc_security = smack_sem_alloc_security,
4188 .sem_free_security = smack_sem_free_security,
4189 .sem_associate = smack_sem_associate,
4190 .sem_semctl = smack_sem_semctl,
4191 .sem_semop = smack_sem_semop,
4192
e114e473
CS		 4193 .d_instantiate = smack_d_instantiate,
4194
4195 .getprocattr = smack_getprocattr,
4196 .setprocattr = smack_setprocattr,
4197
4198 .unix_stream_connect = smack_unix_stream_connect,
4199 .unix_may_send = smack_unix_may_send,
4200
4201 .socket_post_create = smack_socket_post_create,
c6739443 4202 .socket_bind = smack_socket_bind,
6d3dc07c
CS		 4203 .socket_connect = smack_socket_connect,
4204 .socket_sendmsg = smack_socket_sendmsg,
e114e473
CS		 4205 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
4206 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
4207 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
4208 .sk_alloc_security = smack_sk_alloc_security,
4209 .sk_free_security = smack_sk_free_security,
4210 .sock_graft = smack_sock_graft,
4211 .inet_conn_request = smack_inet_conn_request,
07feee8f 4212 .inet_csk_clone = smack_inet_csk_clone,
d20bdda6 4213
e114e473
CS		 4214 /* key management security hooks */
4215#ifdef CONFIG_KEYS
4216 .key_alloc = smack_key_alloc,
4217 .key_free = smack_key_free,
4218 .key_permission = smack_key_permission,
4219#endif /* CONFIG_KEYS */
d20bdda6
AD		 4220
4221 /* Audit hooks */
4222#ifdef CONFIG_AUDIT
4223 .audit_rule_init = smack_audit_rule_init,
4224 .audit_rule_known = smack_audit_rule_known,
4225 .audit_rule_match = smack_audit_rule_match,
4226 .audit_rule_free = smack_audit_rule_free,
4227#endif /* CONFIG_AUDIT */
4228
746df9b5 4229 .ismaclabel = smack_ismaclabel,
e114e473 4230 .secid_to_secctx = smack_secid_to_secctx,
4bc87e62 4231 .secctx_to_secid = smack_secctx_to_secid,
e114e473 4232 .release_secctx = smack_release_secctx,
1ee65e37
DQ		 4233 .inode_notifysecctx = smack_inode_notifysecctx,
4234 .inode_setsecctx = smack_inode_setsecctx,
4235 .inode_getsecctx = smack_inode_getsecctx,
e114e473
CS		 4236};
4237
7198e2ee 4238
86812bb0 4239static __init void init_smack_known_list(void)
7198e2ee 4240{
86812bb0
CS		 4241 /*
4242 * Initialize rule list locks
4243 */
4244 mutex_init(&smack_known_huh.smk_rules_lock);
4245 mutex_init(&smack_known_hat.smk_rules_lock);
4246 mutex_init(&smack_known_floor.smk_rules_lock);
4247 mutex_init(&smack_known_star.smk_rules_lock);
4248 mutex_init(&smack_known_invalid.smk_rules_lock);
4249 mutex_init(&smack_known_web.smk_rules_lock);
4250 /*
4251 * Initialize rule lists
4252 */
4253 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4254 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4255 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4256 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4257 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4258 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4259 /*
4260 * Create the known labels list
4261 */
4d7cf4a1
TS		 4262 smk_insert_entry(&smack_known_huh);
4263 smk_insert_entry(&smack_known_hat);
4264 smk_insert_entry(&smack_known_star);
4265 smk_insert_entry(&smack_known_floor);
4266 smk_insert_entry(&smack_known_invalid);
4267 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4268}
4269
e114e473
CS		 4270/**
4271 * smack_init - initialize the smack system
4272 *
4273 * Returns 0
4274 */
4275static __init int smack_init(void)
4276{
d84f4f99 4277 struct cred *cred;
676dac4b 4278 struct task_smack *tsp;
d84f4f99 4279
7898e1f8
CS		 4280 if (!security_module_enable(&smack_ops))
4281 return 0;
4282
1a5b472b
R		 4283 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4284 if (!smack_inode_cache)
4285 return -ENOMEM;
4286
2f823ff8
CS		 4287 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4288 GFP_KERNEL);
1a5b472b
R		 4289 if (tsp == NULL) {
4290 kmem_cache_destroy(smack_inode_cache);
676dac4b 4291 return -ENOMEM;
1a5b472b 4292 }
676dac4b 4293
e114e473
CS		 4294 printk(KERN_INFO "Smack: Initializing.\n");
4295
4296 /*
4297 * Set the security state for the initial task.
4298 */
d84f4f99 4299 cred = (struct cred *) current->cred;
676dac4b 4300 cred->security = tsp;
e114e473 4301
86812bb0
CS		 4302 /* initialize the smack_known_list */
4303 init_smack_known_list();
e114e473
CS		 4304
4305 /*
4306 * Register with LSM
4307 */
4308 if (register_security(&smack_ops))
4309 panic("smack: Unable to register with kernel.\n");
4310
4311 return 0;
4312}
4313
4314/*
4315 * Smack requires early initialization in order to label
4316 * all processes and objects when they are created.
4317 */
4318security_initcall(smack_init);
Linux 6.x block layer and io_uring tree(s)