root/security/smack/smack_lsm.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. match_opt_prefix
  2. smk_bu_mode
  3. smk_bu_note
  4. smk_bu_current
  5. smk_bu_task
  6. smk_bu_inode
  7. smk_bu_file
  8. smk_bu_credfile
  9. smk_fetch
  10. init_inode_smack
  11. init_task_smack
  12. smk_copy_rules
  13. smk_copy_relabel
  14. smk_ptrace_mode
  15. smk_ptrace_rule_check
  16. smack_ptrace_access_check
  17. smack_ptrace_traceme
  18. smack_syslog
  19. smack_sb_alloc_security
  20. smack_sb_free_security
  21. smack_free_mnt_opts
  22. smack_add_opt
  23. smack_fs_context_dup
  24. smack_fs_context_parse_param
  25. smack_sb_eat_lsm_opts
  26. smack_set_mnt_opts
  27. smack_sb_statfs
  28. smack_bprm_set_creds
  29. smack_inode_alloc_security
  30. smack_inode_init_security
  31. smack_inode_link
  32. smack_inode_unlink
  33. smack_inode_rmdir
  34. smack_inode_rename
  35. smack_inode_permission
  36. smack_inode_setattr
  37. smack_inode_getattr
  38. smack_inode_setxattr
  39. smack_inode_post_setxattr
  40. smack_inode_getxattr
  41. smack_inode_removexattr
  42. smack_inode_getsecurity
  43. smack_inode_listsecurity
  44. smack_inode_getsecid
  45. smack_file_alloc_security
  46. smack_file_ioctl
  47. smack_file_lock
  48. smack_file_fcntl
  49. smack_mmap_file
  50. smack_file_set_fowner
  51. smack_file_send_sigiotask
  52. smack_file_receive
  53. smack_file_open
  54. smack_cred_alloc_blank
  55. smack_cred_free
  56. smack_cred_prepare
  57. smack_cred_transfer
  58. smack_cred_getsecid
  59. smack_kernel_act_as
  60. smack_kernel_create_files_as
  61. smk_curacc_on_task
  62. smack_task_setpgid
  63. smack_task_getpgid
  64. smack_task_getsid
  65. smack_task_getsecid
  66. smack_task_setnice
  67. smack_task_setioprio
  68. smack_task_getioprio
  69. smack_task_setscheduler
  70. smack_task_getscheduler
  71. smack_task_movememory
  72. smack_task_kill
  73. smack_task_to_inode
  74. smack_sk_alloc_security
  75. smack_sk_free_security
  76. smack_ipv4host_label
  77. smk_ipv6_localhost
  78. smack_ipv6host_label
  79. smack_netlabel
  80. smack_netlabel_send
  81. smk_ipv6_check
  82. smk_ipv6_port_label
  83. smk_ipv6_port_check
  84. smack_inode_setsecurity
  85. smack_socket_post_create
  86. smack_socket_socketpair
  87. smack_socket_bind
  88. smack_socket_connect
  89. smack_flags_to_may
  90. smack_msg_msg_alloc_security
  91. smack_of_ipc
  92. smack_ipc_alloc_security
  93. smk_curacc_shm
  94. smack_shm_associate
  95. smack_shm_shmctl
  96. smack_shm_shmat
  97. smk_curacc_sem
  98. smack_sem_associate
  99. smack_sem_semctl
  100. smack_sem_semop
  101. smk_curacc_msq
  102. smack_msg_queue_associate
  103. smack_msg_queue_msgctl
  104. smack_msg_queue_msgsnd
  105. smack_msg_queue_msgrcv
  106. smack_ipc_permission
  107. smack_ipc_getsecid
  108. smack_d_instantiate
  109. smack_getprocattr
  110. smack_setprocattr
  111. smack_unix_stream_connect
  112. smack_unix_may_send
  113. smack_socket_sendmsg
  114. smack_from_secattr
  115. smk_skb_to_addr_ipv6
  116. smack_socket_sock_rcv_skb
  117. smack_socket_getpeersec_stream
  118. smack_socket_getpeersec_dgram
  119. smack_sock_graft
  120. smack_inet_conn_request
  121. smack_inet_csk_clone
  122. smack_key_alloc
  123. smack_key_free
  124. smack_key_permission
  125. smack_key_getsecurity
  126. smack_audit_rule_init
  127. smack_audit_rule_known
  128. smack_audit_rule_match
  129. smack_ismaclabel
  130. smack_secid_to_secctx
  131. smack_secctx_to_secid
  132. smack_inode_notifysecctx
  133. smack_inode_setsecctx
  134. smack_inode_getsecctx
  135. smack_inode_copy_up
  136. smack_inode_copy_up_xattr
  137. smack_dentry_create_files_as
  138. init_smack_known_list
  139. smack_init

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  *  Simplified MAC Kernel (smack) security module
   4  *
   5  *  This file contains the smack hook function implementations.
   6  *
   7  *  Authors:
   8  *      Casey Schaufler <casey@schaufler-ca.com>
   9  *      Jarkko Sakkinen <jarkko.sakkinen@intel.com>
  10  *
  11  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  12  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  13  *                Paul Moore <paul@paul-moore.com>
  14  *  Copyright (C) 2010 Nokia Corporation
  15  *  Copyright (C) 2011 Intel Corporation.
  16  */
  17 
  18 #include <linux/xattr.h>
  19 #include <linux/pagemap.h>
  20 #include <linux/mount.h>
  21 #include <linux/stat.h>
  22 #include <linux/kd.h>
  23 #include <asm/ioctls.h>
  24 #include <linux/ip.h>
  25 #include <linux/tcp.h>
  26 #include <linux/udp.h>
  27 #include <linux/dccp.h>
  28 #include <linux/icmpv6.h>
  29 #include <linux/slab.h>
  30 #include <linux/mutex.h>
  31 #include <linux/pipe_fs_i.h>
  32 #include <net/cipso_ipv4.h>
  33 #include <net/ip.h>
  34 #include <net/ipv6.h>
  35 #include <linux/audit.h>
  36 #include <linux/magic.h>
  37 #include <linux/dcache.h>
  38 #include <linux/personality.h>
  39 #include <linux/msg.h>
  40 #include <linux/shm.h>
  41 #include <linux/binfmts.h>
  42 #include <linux/parser.h>
  43 #include <linux/fs_context.h>
  44 #include <linux/fs_parser.h>
  45 #include "smack.h"
  46 
  47 #define TRANS_TRUE      "TRUE"
  48 #define TRANS_TRUE_SIZE 4
  49 
  50 #define SMK_CONNECTING  0
  51 #define SMK_RECEIVING   1
  52 #define SMK_SENDING     2
  53 
  54 static DEFINE_MUTEX(smack_ipv6_lock);
  55 static LIST_HEAD(smk_ipv6_port_list);
  56 static struct kmem_cache *smack_inode_cache;
  57 struct kmem_cache *smack_rule_cache;
  58 int smack_enabled;
  59 
  60 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
  61 static struct {
  62         const char *name;
  63         int len;
  64         int opt;
  65 } smk_mount_opts[] = {
  66         {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
  67         A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
  68 };
  69 #undef A
  70 
  71 static int match_opt_prefix(char *s, int l, char **arg)
  72 {
  73         int i;
  74 
  75         for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
  76                 size_t len = smk_mount_opts[i].len;
  77                 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
  78                         continue;
  79                 if (len == l || s[len] != '=')
  80                         continue;
  81                 *arg = s + len + 1;
  82                 return smk_mount_opts[i].opt;
  83         }
  84         return Opt_error;
  85 }
  86 
  87 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  88 static char *smk_bu_mess[] = {
  89         "Bringup Error",        /* Unused */
  90         "Bringup",              /* SMACK_BRINGUP_ALLOW */
  91         "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
  92         "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
  93 };
  94 
  95 static void smk_bu_mode(int mode, char *s)
  96 {
  97         int i = 0;
  98 
  99         if (mode & MAY_READ)
 100                 s[i++] = 'r';
 101         if (mode & MAY_WRITE)
 102                 s[i++] = 'w';
 103         if (mode & MAY_EXEC)
 104                 s[i++] = 'x';
 105         if (mode & MAY_APPEND)
 106                 s[i++] = 'a';
 107         if (mode & MAY_TRANSMUTE)
 108                 s[i++] = 't';
 109         if (mode & MAY_LOCK)
 110                 s[i++] = 'l';
 111         if (i == 0)
 112                 s[i++] = '-';
 113         s[i] = '\0';
 114 }
 115 #endif
 116 
 117 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 118 static int smk_bu_note(char *note, struct smack_known *sskp,
 119                        struct smack_known *oskp, int mode, int rc)
 120 {
 121         char acc[SMK_NUM_ACCESS_TYPE + 1];
 122 
 123         if (rc <= 0)
 124                 return rc;
 125         if (rc > SMACK_UNCONFINED_OBJECT)
 126                 rc = 0;
 127 
 128         smk_bu_mode(mode, acc);
 129         pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
 130                 sskp->smk_known, oskp->smk_known, acc, note);
 131         return 0;
 132 }
 133 #else
 134 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
 135 #endif
 136 
 137 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 138 static int smk_bu_current(char *note, struct smack_known *oskp,
 139                           int mode, int rc)
 140 {
 141         struct task_smack *tsp = smack_cred(current_cred());
 142         char acc[SMK_NUM_ACCESS_TYPE + 1];
 143 
 144         if (rc <= 0)
 145                 return rc;
 146         if (rc > SMACK_UNCONFINED_OBJECT)
 147                 rc = 0;
 148 
 149         smk_bu_mode(mode, acc);
 150         pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
 151                 tsp->smk_task->smk_known, oskp->smk_known,
 152                 acc, current->comm, note);
 153         return 0;
 154 }
 155 #else
 156 #define smk_bu_current(note, oskp, mode, RC) (RC)
 157 #endif
 158 
 159 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 160 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
 161 {
 162         struct task_smack *tsp = smack_cred(current_cred());
 163         struct smack_known *smk_task = smk_of_task_struct(otp);
 164         char acc[SMK_NUM_ACCESS_TYPE + 1];
 165 
 166         if (rc <= 0)
 167                 return rc;
 168         if (rc > SMACK_UNCONFINED_OBJECT)
 169                 rc = 0;
 170 
 171         smk_bu_mode(mode, acc);
 172         pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
 173                 tsp->smk_task->smk_known, smk_task->smk_known, acc,
 174                 current->comm, otp->comm);
 175         return 0;
 176 }
 177 #else
 178 #define smk_bu_task(otp, mode, RC) (RC)
 179 #endif
 180 
 181 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 182 static int smk_bu_inode(struct inode *inode, int mode, int rc)
 183 {
 184         struct task_smack *tsp = smack_cred(current_cred());
 185         struct inode_smack *isp = smack_inode(inode);
 186         char acc[SMK_NUM_ACCESS_TYPE + 1];
 187 
 188         if (isp->smk_flags & SMK_INODE_IMPURE)
 189                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 190                         inode->i_sb->s_id, inode->i_ino, current->comm);
 191 
 192         if (rc <= 0)
 193                 return rc;
 194         if (rc > SMACK_UNCONFINED_OBJECT)
 195                 rc = 0;
 196         if (rc == SMACK_UNCONFINED_SUBJECT &&
 197             (mode & (MAY_WRITE | MAY_APPEND)))
 198                 isp->smk_flags |= SMK_INODE_IMPURE;
 199 
 200         smk_bu_mode(mode, acc);
 201 
 202         pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
 203                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
 204                 inode->i_sb->s_id, inode->i_ino, current->comm);
 205         return 0;
 206 }
 207 #else
 208 #define smk_bu_inode(inode, mode, RC) (RC)
 209 #endif
 210 
 211 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 212 static int smk_bu_file(struct file *file, int mode, int rc)
 213 {
 214         struct task_smack *tsp = smack_cred(current_cred());
 215         struct smack_known *sskp = tsp->smk_task;
 216         struct inode *inode = file_inode(file);
 217         struct inode_smack *isp = smack_inode(inode);
 218         char acc[SMK_NUM_ACCESS_TYPE + 1];
 219 
 220         if (isp->smk_flags & SMK_INODE_IMPURE)
 221                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 222                         inode->i_sb->s_id, inode->i_ino, current->comm);
 223 
 224         if (rc <= 0)
 225                 return rc;
 226         if (rc > SMACK_UNCONFINED_OBJECT)
 227                 rc = 0;
 228 
 229         smk_bu_mode(mode, acc);
 230         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 231                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 232                 inode->i_sb->s_id, inode->i_ino, file,
 233                 current->comm);
 234         return 0;
 235 }
 236 #else
 237 #define smk_bu_file(file, mode, RC) (RC)
 238 #endif
 239 
 240 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 241 static int smk_bu_credfile(const struct cred *cred, struct file *file,
 242                                 int mode, int rc)
 243 {
 244         struct task_smack *tsp = smack_cred(cred);
 245         struct smack_known *sskp = tsp->smk_task;
 246         struct inode *inode = file_inode(file);
 247         struct inode_smack *isp = smack_inode(inode);
 248         char acc[SMK_NUM_ACCESS_TYPE + 1];
 249 
 250         if (isp->smk_flags & SMK_INODE_IMPURE)
 251                 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 252                         inode->i_sb->s_id, inode->i_ino, current->comm);
 253 
 254         if (rc <= 0)
 255                 return rc;
 256         if (rc > SMACK_UNCONFINED_OBJECT)
 257                 rc = 0;
 258 
 259         smk_bu_mode(mode, acc);
 260         pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 261                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 262                 inode->i_sb->s_id, inode->i_ino, file,
 263                 current->comm);
 264         return 0;
 265 }
 266 #else
 267 #define smk_bu_credfile(cred, file, mode, RC) (RC)
 268 #endif
 269 
 270 /**
 271  * smk_fetch - Fetch the smack label from a file.
 272  * @name: type of the label (attribute)
 273  * @ip: a pointer to the inode
 274  * @dp: a pointer to the dentry
 275  *
 276  * Returns a pointer to the master list entry for the Smack label,
 277  * NULL if there was no label to fetch, or an error code.
 278  */
 279 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
 280                                         struct dentry *dp)
 281 {
 282         int rc;
 283         char *buffer;
 284         struct smack_known *skp = NULL;
 285 
 286         if (!(ip->i_opflags & IOP_XATTR))
 287                 return ERR_PTR(-EOPNOTSUPP);
 288 
 289         buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
 290         if (buffer == NULL)
 291                 return ERR_PTR(-ENOMEM);
 292 
 293         rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
 294         if (rc < 0)
 295                 skp = ERR_PTR(rc);
 296         else if (rc == 0)
 297                 skp = NULL;
 298         else
 299                 skp = smk_import_entry(buffer, rc);
 300 
 301         kfree(buffer);
 302 
 303         return skp;
 304 }
 305 
 306 /**
 307  * init_inode_smack - initialize an inode security blob
 308  * @inode: inode to extract the info from
 309  * @skp: a pointer to the Smack label entry to use in the blob
 310  *
 311  */
 312 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
 313 {
 314         struct inode_smack *isp = smack_inode(inode);
 315 
 316         isp->smk_inode = skp;
 317         isp->smk_flags = 0;
 318         mutex_init(&isp->smk_lock);
 319 }
 320 
 321 /**
 322  * init_task_smack - initialize a task security blob
 323  * @tsp: blob to initialize
 324  * @task: a pointer to the Smack label for the running task
 325  * @forked: a pointer to the Smack label for the forked task
 326  *
 327  */
 328 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
 329                                         struct smack_known *forked)
 330 {
 331         tsp->smk_task = task;
 332         tsp->smk_forked = forked;
 333         INIT_LIST_HEAD(&tsp->smk_rules);
 334         INIT_LIST_HEAD(&tsp->smk_relabel);
 335         mutex_init(&tsp->smk_rules_lock);
 336 }
 337 
 338 /**
 339  * smk_copy_rules - copy a rule set
 340  * @nhead: new rules header pointer
 341  * @ohead: old rules header pointer
 342  * @gfp: type of the memory for the allocation
 343  *
 344  * Returns 0 on success, -ENOMEM on error
 345  */
 346 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
 347                                 gfp_t gfp)
 348 {
 349         struct smack_rule *nrp;
 350         struct smack_rule *orp;
 351         int rc = 0;
 352 
 353         list_for_each_entry_rcu(orp, ohead, list) {
 354                 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
 355                 if (nrp == NULL) {
 356                         rc = -ENOMEM;
 357                         break;
 358                 }
 359                 *nrp = *orp;
 360                 list_add_rcu(&nrp->list, nhead);
 361         }
 362         return rc;
 363 }
 364 
 365 /**
 366  * smk_copy_relabel - copy smk_relabel labels list
 367  * @nhead: new rules header pointer
 368  * @ohead: old rules header pointer
 369  * @gfp: type of the memory for the allocation
 370  *
 371  * Returns 0 on success, -ENOMEM on error
 372  */
 373 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
 374                                 gfp_t gfp)
 375 {
 376         struct smack_known_list_elem *nklep;
 377         struct smack_known_list_elem *oklep;
 378 
 379         list_for_each_entry(oklep, ohead, list) {
 380                 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
 381                 if (nklep == NULL) {
 382                         smk_destroy_label_list(nhead);
 383                         return -ENOMEM;
 384                 }
 385                 nklep->smk_label = oklep->smk_label;
 386                 list_add(&nklep->list, nhead);
 387         }
 388 
 389         return 0;
 390 }
 391 
 392 /**
 393  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
 394  * @mode - input mode in form of PTRACE_MODE_*
 395  *
 396  * Returns a converted MAY_* mode usable by smack rules
 397  */
 398 static inline unsigned int smk_ptrace_mode(unsigned int mode)
 399 {
 400         if (mode & PTRACE_MODE_ATTACH)
 401                 return MAY_READWRITE;
 402         if (mode & PTRACE_MODE_READ)
 403                 return MAY_READ;
 404 
 405         return 0;
 406 }
 407 
 408 /**
 409  * smk_ptrace_rule_check - helper for ptrace access
 410  * @tracer: tracer process
 411  * @tracee_known: label entry of the process that's about to be traced
 412  * @mode: ptrace attachment mode (PTRACE_MODE_*)
 413  * @func: name of the function that called us, used for audit
 414  *
 415  * Returns 0 on access granted, -error on error
 416  */
 417 static int smk_ptrace_rule_check(struct task_struct *tracer,
 418                                  struct smack_known *tracee_known,
 419                                  unsigned int mode, const char *func)
 420 {
 421         int rc;
 422         struct smk_audit_info ad, *saip = NULL;
 423         struct task_smack *tsp;
 424         struct smack_known *tracer_known;
 425         const struct cred *tracercred;
 426 
 427         if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
 428                 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
 429                 smk_ad_setfield_u_tsk(&ad, tracer);
 430                 saip = &ad;
 431         }
 432 
 433         rcu_read_lock();
 434         tracercred = __task_cred(tracer);
 435         tsp = smack_cred(tracercred);
 436         tracer_known = smk_of_task(tsp);
 437 
 438         if ((mode & PTRACE_MODE_ATTACH) &&
 439             (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
 440              smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
 441                 if (tracer_known->smk_known == tracee_known->smk_known)
 442                         rc = 0;
 443                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 444                         rc = -EACCES;
 445                 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
 446                         rc = 0;
 447                 else
 448                         rc = -EACCES;
 449 
 450                 if (saip)
 451                         smack_log(tracer_known->smk_known,
 452                                   tracee_known->smk_known,
 453                                   0, rc, saip);
 454 
 455                 rcu_read_unlock();
 456                 return rc;
 457         }
 458 
 459         /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
 460         rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
 461 
 462         rcu_read_unlock();
 463         return rc;
 464 }
 465 
 466 /*
 467  * LSM hooks.
 468  * We he, that is fun!
 469  */
 470 
 471 /**
 472  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
 473  * @ctp: child task pointer
 474  * @mode: ptrace attachment mode (PTRACE_MODE_*)
 475  *
 476  * Returns 0 if access is OK, an error code otherwise
 477  *
 478  * Do the capability checks.
 479  */
 480 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 481 {
 482         struct smack_known *skp;
 483 
 484         skp = smk_of_task_struct(ctp);
 485 
 486         return smk_ptrace_rule_check(current, skp, mode, __func__);
 487 }
 488 
 489 /**
 490  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
 491  * @ptp: parent task pointer
 492  *
 493  * Returns 0 if access is OK, an error code otherwise
 494  *
 495  * Do the capability checks, and require PTRACE_MODE_ATTACH.
 496  */
 497 static int smack_ptrace_traceme(struct task_struct *ptp)
 498 {
 499         int rc;
 500         struct smack_known *skp;
 501 
 502         skp = smk_of_task(smack_cred(current_cred()));
 503 
 504         rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
 505         return rc;
 506 }
 507 
 508 /**
 509  * smack_syslog - Smack approval on syslog
 510  * @typefrom_file: unused
 511  *
 512  * Returns 0 on success, error code otherwise.
 513  */
 514 static int smack_syslog(int typefrom_file)
 515 {
 516         int rc = 0;
 517         struct smack_known *skp = smk_of_current();
 518 
 519         if (smack_privileged(CAP_MAC_OVERRIDE))
 520                 return 0;
 521 
 522         if (smack_syslog_label != NULL && smack_syslog_label != skp)
 523                 rc = -EACCES;
 524 
 525         return rc;
 526 }
 527 
 528 /*
 529  * Superblock Hooks.
 530  */
 531 
 532 /**
 533  * smack_sb_alloc_security - allocate a superblock blob
 534  * @sb: the superblock getting the blob
 535  *
 536  * Returns 0 on success or -ENOMEM on error.
 537  */
 538 static int smack_sb_alloc_security(struct super_block *sb)
 539 {
 540         struct superblock_smack *sbsp;
 541 
 542         sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
 543 
 544         if (sbsp == NULL)
 545                 return -ENOMEM;
 546 
 547         sbsp->smk_root = &smack_known_floor;
 548         sbsp->smk_default = &smack_known_floor;
 549         sbsp->smk_floor = &smack_known_floor;
 550         sbsp->smk_hat = &smack_known_hat;
 551         /*
 552          * SMK_SB_INITIALIZED will be zero from kzalloc.
 553          */
 554         sb->s_security = sbsp;
 555 
 556         return 0;
 557 }
 558 
 559 /**
 560  * smack_sb_free_security - free a superblock blob
 561  * @sb: the superblock getting the blob
 562  *
 563  */
 564 static void smack_sb_free_security(struct super_block *sb)
 565 {
 566         kfree(sb->s_security);
 567         sb->s_security = NULL;
 568 }
 569 
 570 struct smack_mnt_opts {
 571         const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
 572 };
 573 
 574 static void smack_free_mnt_opts(void *mnt_opts)
 575 {
 576         struct smack_mnt_opts *opts = mnt_opts;
 577         kfree(opts->fsdefault);
 578         kfree(opts->fsfloor);
 579         kfree(opts->fshat);
 580         kfree(opts->fsroot);
 581         kfree(opts->fstransmute);
 582         kfree(opts);
 583 }
 584 
 585 static int smack_add_opt(int token, const char *s, void **mnt_opts)
 586 {
 587         struct smack_mnt_opts *opts = *mnt_opts;
 588 
 589         if (!opts) {
 590                 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 591                 if (!opts)
 592                         return -ENOMEM;
 593                 *mnt_opts = opts;
 594         }
 595         if (!s)
 596                 return -ENOMEM;
 597 
 598         switch (token) {
 599         case Opt_fsdefault:
 600                 if (opts->fsdefault)
 601                         goto out_opt_err;
 602                 opts->fsdefault = s;
 603                 break;
 604         case Opt_fsfloor:
 605                 if (opts->fsfloor)
 606                         goto out_opt_err;
 607                 opts->fsfloor = s;
 608                 break;
 609         case Opt_fshat:
 610                 if (opts->fshat)
 611                         goto out_opt_err;
 612                 opts->fshat = s;
 613                 break;
 614         case Opt_fsroot:
 615                 if (opts->fsroot)
 616                         goto out_opt_err;
 617                 opts->fsroot = s;
 618                 break;
 619         case Opt_fstransmute:
 620                 if (opts->fstransmute)
 621                         goto out_opt_err;
 622                 opts->fstransmute = s;
 623                 break;
 624         }
 625         return 0;
 626 
 627 out_opt_err:
 628         pr_warn("Smack: duplicate mount options\n");
 629         return -EINVAL;
 630 }
 631 
 632 /**
 633  * smack_fs_context_dup - Duplicate the security data on fs_context duplication
 634  * @fc: The new filesystem context.
 635  * @src_fc: The source filesystem context being duplicated.
 636  *
 637  * Returns 0 on success or -ENOMEM on error.
 638  */
 639 static int smack_fs_context_dup(struct fs_context *fc,
 640                                 struct fs_context *src_fc)
 641 {
 642         struct smack_mnt_opts *dst, *src = src_fc->security;
 643 
 644         if (!src)
 645                 return 0;
 646 
 647         fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 648         if (!fc->security)
 649                 return -ENOMEM;
 650         dst = fc->security;
 651 
 652         if (src->fsdefault) {
 653                 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
 654                 if (!dst->fsdefault)
 655                         return -ENOMEM;
 656         }
 657         if (src->fsfloor) {
 658                 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
 659                 if (!dst->fsfloor)
 660                         return -ENOMEM;
 661         }
 662         if (src->fshat) {
 663                 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
 664                 if (!dst->fshat)
 665                         return -ENOMEM;
 666         }
 667         if (src->fsroot) {
 668                 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
 669                 if (!dst->fsroot)
 670                         return -ENOMEM;
 671         }
 672         if (src->fstransmute) {
 673                 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
 674                 if (!dst->fstransmute)
 675                         return -ENOMEM;
 676         }
 677         return 0;
 678 }
 679 
 680 static const struct fs_parameter_spec smack_param_specs[] = {
 681         fsparam_string("smackfsdef",            Opt_fsdefault),
 682         fsparam_string("smackfsdefault",        Opt_fsdefault),
 683         fsparam_string("smackfsfloor",          Opt_fsfloor),
 684         fsparam_string("smackfshat",            Opt_fshat),
 685         fsparam_string("smackfsroot",           Opt_fsroot),
 686         fsparam_string("smackfstransmute",      Opt_fstransmute),
 687         {}
 688 };
 689 
 690 static const struct fs_parameter_description smack_fs_parameters = {
 691         .name           = "smack",
 692         .specs          = smack_param_specs,
 693 };
 694 
 695 /**
 696  * smack_fs_context_parse_param - Parse a single mount parameter
 697  * @fc: The new filesystem context being constructed.
 698  * @param: The parameter.
 699  *
 700  * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
 701  * error.
 702  */
 703 static int smack_fs_context_parse_param(struct fs_context *fc,
 704                                         struct fs_parameter *param)
 705 {
 706         struct fs_parse_result result;
 707         int opt, rc;
 708 
 709         opt = fs_parse(fc, &smack_fs_parameters, param, &result);
 710         if (opt < 0)
 711                 return opt;
 712 
 713         rc = smack_add_opt(opt, param->string, &fc->security);
 714         if (!rc)
 715                 param->string = NULL;
 716         return rc;
 717 }
 718 
 719 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
 720 {
 721         char *from = options, *to = options;
 722         bool first = true;
 723 
 724         while (1) {
 725                 char *next = strchr(from, ',');
 726                 int token, len, rc;
 727                 char *arg = NULL;
 728 
 729                 if (next)
 730                         len = next - from;
 731                 else
 732                         len = strlen(from);
 733 
 734                 token = match_opt_prefix(from, len, &arg);
 735                 if (token != Opt_error) {
 736                         arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
 737                         rc = smack_add_opt(token, arg, mnt_opts);
 738                         if (unlikely(rc)) {
 739                                 kfree(arg);
 740                                 if (*mnt_opts)
 741                                         smack_free_mnt_opts(*mnt_opts);
 742                                 *mnt_opts = NULL;
 743                                 return rc;
 744                         }
 745                 } else {
 746                         if (!first) {   // copy with preceding comma
 747                                 from--;
 748                                 len++;
 749                         }
 750                         if (to != from)
 751                                 memmove(to, from, len);
 752                         to += len;
 753                         first = false;
 754                 }
 755                 if (!from[len])
 756                         break;
 757                 from += len + 1;
 758         }
 759         *to = '\0';
 760         return 0;
 761 }
 762 
 763 /**
 764  * smack_set_mnt_opts - set Smack specific mount options
 765  * @sb: the file system superblock
 766  * @mnt_opts: Smack mount options
 767  * @kern_flags: mount option from kernel space or user space
 768  * @set_kern_flags: where to store converted mount opts
 769  *
 770  * Returns 0 on success, an error code on failure
 771  *
 772  * Allow filesystems with binary mount data to explicitly set Smack mount
 773  * labels.
 774  */
 775 static int smack_set_mnt_opts(struct super_block *sb,
 776                 void *mnt_opts,
 777                 unsigned long kern_flags,
 778                 unsigned long *set_kern_flags)
 779 {
 780         struct dentry *root = sb->s_root;
 781         struct inode *inode = d_backing_inode(root);
 782         struct superblock_smack *sp = sb->s_security;
 783         struct inode_smack *isp;
 784         struct smack_known *skp;
 785         struct smack_mnt_opts *opts = mnt_opts;
 786         bool transmute = false;
 787 
 788         if (sp->smk_flags & SMK_SB_INITIALIZED)
 789                 return 0;
 790 
 791         if (inode->i_security == NULL) {
 792                 int rc = lsm_inode_alloc(inode);
 793 
 794                 if (rc)
 795                         return rc;
 796         }
 797 
 798         if (!smack_privileged(CAP_MAC_ADMIN)) {
 799                 /*
 800                  * Unprivileged mounts don't get to specify Smack values.
 801                  */
 802                 if (opts)
 803                         return -EPERM;
 804                 /*
 805                  * Unprivileged mounts get root and default from the caller.
 806                  */
 807                 skp = smk_of_current();
 808                 sp->smk_root = skp;
 809                 sp->smk_default = skp;
 810                 /*
 811                  * For a handful of fs types with no user-controlled
 812                  * backing store it's okay to trust security labels
 813                  * in the filesystem. The rest are untrusted.
 814                  */
 815                 if (sb->s_user_ns != &init_user_ns &&
 816                     sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
 817                     sb->s_magic != RAMFS_MAGIC) {
 818                         transmute = true;
 819                         sp->smk_flags |= SMK_SB_UNTRUSTED;
 820                 }
 821         }
 822 
 823         sp->smk_flags |= SMK_SB_INITIALIZED;
 824 
 825         if (opts) {
 826                 if (opts->fsdefault) {
 827                         skp = smk_import_entry(opts->fsdefault, 0);
 828                         if (IS_ERR(skp))
 829                                 return PTR_ERR(skp);
 830                         sp->smk_default = skp;
 831                 }
 832                 if (opts->fsfloor) {
 833                         skp = smk_import_entry(opts->fsfloor, 0);
 834                         if (IS_ERR(skp))
 835                                 return PTR_ERR(skp);
 836                         sp->smk_floor = skp;
 837                 }
 838                 if (opts->fshat) {
 839                         skp = smk_import_entry(opts->fshat, 0);
 840                         if (IS_ERR(skp))
 841                                 return PTR_ERR(skp);
 842                         sp->smk_hat = skp;
 843                 }
 844                 if (opts->fsroot) {
 845                         skp = smk_import_entry(opts->fsroot, 0);
 846                         if (IS_ERR(skp))
 847                                 return PTR_ERR(skp);
 848                         sp->smk_root = skp;
 849                 }
 850                 if (opts->fstransmute) {
 851                         skp = smk_import_entry(opts->fstransmute, 0);
 852                         if (IS_ERR(skp))
 853                                 return PTR_ERR(skp);
 854                         sp->smk_root = skp;
 855                         transmute = true;
 856                 }
 857         }
 858 
 859         /*
 860          * Initialize the root inode.
 861          */
 862         init_inode_smack(inode, sp->smk_root);
 863 
 864         if (transmute) {
 865                 isp = smack_inode(inode);
 866                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
 867         }
 868 
 869         return 0;
 870 }
 871 
 872 /**
 873  * smack_sb_statfs - Smack check on statfs
 874  * @dentry: identifies the file system in question
 875  *
 876  * Returns 0 if current can read the floor of the filesystem,
 877  * and error code otherwise
 878  */
 879 static int smack_sb_statfs(struct dentry *dentry)
 880 {
 881         struct superblock_smack *sbp = dentry->d_sb->s_security;
 882         int rc;
 883         struct smk_audit_info ad;
 884 
 885         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 886         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 887 
 888         rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
 889         rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
 890         return rc;
 891 }
 892 
 893 /*
 894  * BPRM hooks
 895  */
 896 
 897 /**
 898  * smack_bprm_set_creds - set creds for exec
 899  * @bprm: the exec information
 900  *
 901  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
 902  */
 903 static int smack_bprm_set_creds(struct linux_binprm *bprm)
 904 {
 905         struct inode *inode = file_inode(bprm->file);
 906         struct task_smack *bsp = smack_cred(bprm->cred);
 907         struct inode_smack *isp;
 908         struct superblock_smack *sbsp;
 909         int rc;
 910 
 911         if (bprm->called_set_creds)
 912                 return 0;
 913 
 914         isp = smack_inode(inode);
 915         if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
 916                 return 0;
 917 
 918         sbsp = inode->i_sb->s_security;
 919         if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
 920             isp->smk_task != sbsp->smk_root)
 921                 return 0;
 922 
 923         if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
 924                 struct task_struct *tracer;
 925                 rc = 0;
 926 
 927                 rcu_read_lock();
 928                 tracer = ptrace_parent(current);
 929                 if (likely(tracer != NULL))
 930                         rc = smk_ptrace_rule_check(tracer,
 931                                                    isp->smk_task,
 932                                                    PTRACE_MODE_ATTACH,
 933                                                    __func__);
 934                 rcu_read_unlock();
 935 
 936                 if (rc != 0)
 937                         return rc;
 938         }
 939         if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
 940                 return -EPERM;
 941 
 942         bsp->smk_task = isp->smk_task;
 943         bprm->per_clear |= PER_CLEAR_ON_SETID;
 944 
 945         /* Decide if this is a secure exec. */
 946         if (bsp->smk_task != bsp->smk_forked)
 947                 bprm->secureexec = 1;
 948 
 949         return 0;
 950 }
 951 
 952 /*
 953  * Inode hooks
 954  */
 955 
 956 /**
 957  * smack_inode_alloc_security - allocate an inode blob
 958  * @inode: the inode in need of a blob
 959  *
 960  * Returns 0
 961  */
 962 static int smack_inode_alloc_security(struct inode *inode)
 963 {
 964         struct smack_known *skp = smk_of_current();
 965 
 966         init_inode_smack(inode, skp);
 967         return 0;
 968 }
 969 
 970 /**
 971  * smack_inode_init_security - copy out the smack from an inode
 972  * @inode: the newly created inode
 973  * @dir: containing directory object
 974  * @qstr: unused
 975  * @name: where to put the attribute name
 976  * @value: where to put the attribute value
 977  * @len: where to put the length of the attribute
 978  *
 979  * Returns 0 if it all works out, -ENOMEM if there's no memory
 980  */
 981 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 982                                      const struct qstr *qstr, const char **name,
 983                                      void **value, size_t *len)
 984 {
 985         struct inode_smack *issp = smack_inode(inode);
 986         struct smack_known *skp = smk_of_current();
 987         struct smack_known *isp = smk_of_inode(inode);
 988         struct smack_known *dsp = smk_of_inode(dir);
 989         int may;
 990 
 991         if (name)
 992                 *name = XATTR_SMACK_SUFFIX;
 993 
 994         if (value && len) {
 995                 rcu_read_lock();
 996                 may = smk_access_entry(skp->smk_known, dsp->smk_known,
 997                                        &skp->smk_rules);
 998                 rcu_read_unlock();
 999 
1000                 /*
1001                  * If the access rule allows transmutation and
1002                  * the directory requests transmutation then
1003                  * by all means transmute.
1004                  * Mark the inode as changed.
1005                  */
1006                 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1007                     smk_inode_transmutable(dir)) {
1008                         isp = dsp;
1009                         issp->smk_flags |= SMK_INODE_CHANGED;
1010                 }
1011 
1012                 *value = kstrdup(isp->smk_known, GFP_NOFS);
1013                 if (*value == NULL)
1014                         return -ENOMEM;
1015 
1016                 *len = strlen(isp->smk_known);
1017         }
1018 
1019         return 0;
1020 }
1021 
1022 /**
1023  * smack_inode_link - Smack check on link
1024  * @old_dentry: the existing object
1025  * @dir: unused
1026  * @new_dentry: the new object
1027  *
1028  * Returns 0 if access is permitted, an error code otherwise
1029  */
1030 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1031                             struct dentry *new_dentry)
1032 {
1033         struct smack_known *isp;
1034         struct smk_audit_info ad;
1035         int rc;
1036 
1037         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1038         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1039 
1040         isp = smk_of_inode(d_backing_inode(old_dentry));
1041         rc = smk_curacc(isp, MAY_WRITE, &ad);
1042         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1043 
1044         if (rc == 0 && d_is_positive(new_dentry)) {
1045                 isp = smk_of_inode(d_backing_inode(new_dentry));
1046                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1047                 rc = smk_curacc(isp, MAY_WRITE, &ad);
1048                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1049         }
1050 
1051         return rc;
1052 }
1053 
1054 /**
1055  * smack_inode_unlink - Smack check on inode deletion
1056  * @dir: containing directory object
1057  * @dentry: file to unlink
1058  *
1059  * Returns 0 if current can write the containing directory
1060  * and the object, error code otherwise
1061  */
1062 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1063 {
1064         struct inode *ip = d_backing_inode(dentry);
1065         struct smk_audit_info ad;
1066         int rc;
1067 
1068         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1069         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1070 
1071         /*
1072          * You need write access to the thing you're unlinking
1073          */
1074         rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1075         rc = smk_bu_inode(ip, MAY_WRITE, rc);
1076         if (rc == 0) {
1077                 /*
1078                  * You also need write access to the containing directory
1079                  */
1080                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1081                 smk_ad_setfield_u_fs_inode(&ad, dir);
1082                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1083                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1084         }
1085         return rc;
1086 }
1087 
1088 /**
1089  * smack_inode_rmdir - Smack check on directory deletion
1090  * @dir: containing directory object
1091  * @dentry: directory to unlink
1092  *
1093  * Returns 0 if current can write the containing directory
1094  * and the directory, error code otherwise
1095  */
1096 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1097 {
1098         struct smk_audit_info ad;
1099         int rc;
1100 
1101         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1102         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1103 
1104         /*
1105          * You need write access to the thing you're removing
1106          */
1107         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1108         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1109         if (rc == 0) {
1110                 /*
1111                  * You also need write access to the containing directory
1112                  */
1113                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1114                 smk_ad_setfield_u_fs_inode(&ad, dir);
1115                 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1116                 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1117         }
1118 
1119         return rc;
1120 }
1121 
1122 /**
1123  * smack_inode_rename - Smack check on rename
1124  * @old_inode: unused
1125  * @old_dentry: the old object
1126  * @new_inode: unused
1127  * @new_dentry: the new object
1128  *
1129  * Read and write access is required on both the old and
1130  * new directories.
1131  *
1132  * Returns 0 if access is permitted, an error code otherwise
1133  */
1134 static int smack_inode_rename(struct inode *old_inode,
1135                               struct dentry *old_dentry,
1136                               struct inode *new_inode,
1137                               struct dentry *new_dentry)
1138 {
1139         int rc;
1140         struct smack_known *isp;
1141         struct smk_audit_info ad;
1142 
1143         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1144         smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1145 
1146         isp = smk_of_inode(d_backing_inode(old_dentry));
1147         rc = smk_curacc(isp, MAY_READWRITE, &ad);
1148         rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1149 
1150         if (rc == 0 && d_is_positive(new_dentry)) {
1151                 isp = smk_of_inode(d_backing_inode(new_dentry));
1152                 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1153                 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1154                 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1155         }
1156         return rc;
1157 }
1158 
1159 /**
1160  * smack_inode_permission - Smack version of permission()
1161  * @inode: the inode in question
1162  * @mask: the access requested
1163  *
1164  * This is the important Smack hook.
1165  *
1166  * Returns 0 if access is permitted, an error code otherwise
1167  */
1168 static int smack_inode_permission(struct inode *inode, int mask)
1169 {
1170         struct superblock_smack *sbsp = inode->i_sb->s_security;
1171         struct smk_audit_info ad;
1172         int no_block = mask & MAY_NOT_BLOCK;
1173         int rc;
1174 
1175         mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1176         /*
1177          * No permission to check. Existence test. Yup, it's there.
1178          */
1179         if (mask == 0)
1180                 return 0;
1181 
1182         if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1183                 if (smk_of_inode(inode) != sbsp->smk_root)
1184                         return -EACCES;
1185         }
1186 
1187         /* May be droppable after audit */
1188         if (no_block)
1189                 return -ECHILD;
1190         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1191         smk_ad_setfield_u_fs_inode(&ad, inode);
1192         rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1193         rc = smk_bu_inode(inode, mask, rc);
1194         return rc;
1195 }
1196 
1197 /**
1198  * smack_inode_setattr - Smack check for setting attributes
1199  * @dentry: the object
1200  * @iattr: for the force flag
1201  *
1202  * Returns 0 if access is permitted, an error code otherwise
1203  */
1204 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1205 {
1206         struct smk_audit_info ad;
1207         int rc;
1208 
1209         /*
1210          * Need to allow for clearing the setuid bit.
1211          */
1212         if (iattr->ia_valid & ATTR_FORCE)
1213                 return 0;
1214         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1215         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1216 
1217         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1218         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1219         return rc;
1220 }
1221 
1222 /**
1223  * smack_inode_getattr - Smack check for getting attributes
1224  * @path: path to extract the info from
1225  *
1226  * Returns 0 if access is permitted, an error code otherwise
1227  */
1228 static int smack_inode_getattr(const struct path *path)
1229 {
1230         struct smk_audit_info ad;
1231         struct inode *inode = d_backing_inode(path->dentry);
1232         int rc;
1233 
1234         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1235         smk_ad_setfield_u_fs_path(&ad, *path);
1236         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1237         rc = smk_bu_inode(inode, MAY_READ, rc);
1238         return rc;
1239 }
1240 
1241 /**
1242  * smack_inode_setxattr - Smack check for setting xattrs
1243  * @dentry: the object
1244  * @name: name of the attribute
1245  * @value: value of the attribute
1246  * @size: size of the value
1247  * @flags: unused
1248  *
1249  * This protects the Smack attribute explicitly.
1250  *
1251  * Returns 0 if access is permitted, an error code otherwise
1252  */
1253 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1254                                 const void *value, size_t size, int flags)
1255 {
1256         struct smk_audit_info ad;
1257         struct smack_known *skp;
1258         int check_priv = 0;
1259         int check_import = 0;
1260         int check_star = 0;
1261         int rc = 0;
1262 
1263         /*
1264          * Check label validity here so import won't fail in post_setxattr
1265          */
1266         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1267             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1268             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1269                 check_priv = 1;
1270                 check_import = 1;
1271         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1272                    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1273                 check_priv = 1;
1274                 check_import = 1;
1275                 check_star = 1;
1276         } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1277                 check_priv = 1;
1278                 if (size != TRANS_TRUE_SIZE ||
1279                     strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1280                         rc = -EINVAL;
1281         } else
1282                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1283 
1284         if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1285                 rc = -EPERM;
1286 
1287         if (rc == 0 && check_import) {
1288                 skp = size ? smk_import_entry(value, size) : NULL;
1289                 if (IS_ERR(skp))
1290                         rc = PTR_ERR(skp);
1291                 else if (skp == NULL || (check_star &&
1292                     (skp == &smack_known_star || skp == &smack_known_web)))
1293                         rc = -EINVAL;
1294         }
1295 
1296         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1297         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1298 
1299         if (rc == 0) {
1300                 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1301                 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1302         }
1303 
1304         return rc;
1305 }
1306 
1307 /**
1308  * smack_inode_post_setxattr - Apply the Smack update approved above
1309  * @dentry: object
1310  * @name: attribute name
1311  * @value: attribute value
1312  * @size: attribute size
1313  * @flags: unused
1314  *
1315  * Set the pointer in the inode blob to the entry found
1316  * in the master label list.
1317  */
1318 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1319                                       const void *value, size_t size, int flags)
1320 {
1321         struct smack_known *skp;
1322         struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1323 
1324         if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1325                 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1326                 return;
1327         }
1328 
1329         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1330                 skp = smk_import_entry(value, size);
1331                 if (!IS_ERR(skp))
1332                         isp->smk_inode = skp;
1333         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1334                 skp = smk_import_entry(value, size);
1335                 if (!IS_ERR(skp))
1336                         isp->smk_task = skp;
1337         } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1338                 skp = smk_import_entry(value, size);
1339                 if (!IS_ERR(skp))
1340                         isp->smk_mmap = skp;
1341         }
1342 
1343         return;
1344 }
1345 
1346 /**
1347  * smack_inode_getxattr - Smack check on getxattr
1348  * @dentry: the object
1349  * @name: unused
1350  *
1351  * Returns 0 if access is permitted, an error code otherwise
1352  */
1353 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1354 {
1355         struct smk_audit_info ad;
1356         int rc;
1357 
1358         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1359         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1360 
1361         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1362         rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1363         return rc;
1364 }
1365 
1366 /**
1367  * smack_inode_removexattr - Smack check on removexattr
1368  * @dentry: the object
1369  * @name: name of the attribute
1370  *
1371  * Removing the Smack attribute requires CAP_MAC_ADMIN
1372  *
1373  * Returns 0 if access is permitted, an error code otherwise
1374  */
1375 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1376 {
1377         struct inode_smack *isp;
1378         struct smk_audit_info ad;
1379         int rc = 0;
1380 
1381         if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1382             strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1383             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1384             strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1385             strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1386             strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1387                 if (!smack_privileged(CAP_MAC_ADMIN))
1388                         rc = -EPERM;
1389         } else
1390                 rc = cap_inode_removexattr(dentry, name);
1391 
1392         if (rc != 0)
1393                 return rc;
1394 
1395         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1396         smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1397 
1398         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1399         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1400         if (rc != 0)
1401                 return rc;
1402 
1403         isp = smack_inode(d_backing_inode(dentry));
1404         /*
1405          * Don't do anything special for these.
1406          *      XATTR_NAME_SMACKIPIN
1407          *      XATTR_NAME_SMACKIPOUT
1408          */
1409         if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1410                 struct super_block *sbp = dentry->d_sb;
1411                 struct superblock_smack *sbsp = sbp->s_security;
1412 
1413                 isp->smk_inode = sbsp->smk_default;
1414         } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1415                 isp->smk_task = NULL;
1416         else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1417                 isp->smk_mmap = NULL;
1418         else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1419                 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1420 
1421         return 0;
1422 }
1423 
1424 /**
1425  * smack_inode_getsecurity - get smack xattrs
1426  * @inode: the object
1427  * @name: attribute name
1428  * @buffer: where to put the result
1429  * @alloc: duplicate memory
1430  *
1431  * Returns the size of the attribute or an error code
1432  */
1433 static int smack_inode_getsecurity(struct inode *inode,
1434                                    const char *name, void **buffer,
1435                                    bool alloc)
1436 {
1437         struct socket_smack *ssp;
1438         struct socket *sock;
1439         struct super_block *sbp;
1440         struct inode *ip = (struct inode *)inode;
1441         struct smack_known *isp;
1442 
1443         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1444                 isp = smk_of_inode(inode);
1445         else {
1446                 /*
1447                  * The rest of the Smack xattrs are only on sockets.
1448                  */
1449                 sbp = ip->i_sb;
1450                 if (sbp->s_magic != SOCKFS_MAGIC)
1451                         return -EOPNOTSUPP;
1452 
1453                 sock = SOCKET_I(ip);
1454                 if (sock == NULL || sock->sk == NULL)
1455                         return -EOPNOTSUPP;
1456 
1457                 ssp = sock->sk->sk_security;
1458 
1459                 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1460                         isp = ssp->smk_in;
1461                 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1462                         isp = ssp->smk_out;
1463                 else
1464                         return -EOPNOTSUPP;
1465         }
1466 
1467         if (alloc) {
1468                 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1469                 if (*buffer == NULL)
1470                         return -ENOMEM;
1471         }
1472 
1473         return strlen(isp->smk_known);
1474 }
1475 
1476 
1477 /**
1478  * smack_inode_listsecurity - list the Smack attributes
1479  * @inode: the object
1480  * @buffer: where they go
1481  * @buffer_size: size of buffer
1482  */
1483 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1484                                     size_t buffer_size)
1485 {
1486         int len = sizeof(XATTR_NAME_SMACK);
1487 
1488         if (buffer != NULL && len <= buffer_size)
1489                 memcpy(buffer, XATTR_NAME_SMACK, len);
1490 
1491         return len;
1492 }
1493 
1494 /**
1495  * smack_inode_getsecid - Extract inode's security id
1496  * @inode: inode to extract the info from
1497  * @secid: where result will be saved
1498  */
1499 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1500 {
1501         struct smack_known *skp = smk_of_inode(inode);
1502 
1503         *secid = skp->smk_secid;
1504 }
1505 
1506 /*
1507  * File Hooks
1508  */
1509 
1510 /*
1511  * There is no smack_file_permission hook
1512  *
1513  * Should access checks be done on each read or write?
1514  * UNICOS and SELinux say yes.
1515  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1516  *
1517  * I'll say no for now. Smack does not do the frequent
1518  * label changing that SELinux does.
1519  */
1520 
1521 /**
1522  * smack_file_alloc_security - assign a file security blob
1523  * @file: the object
1524  *
1525  * The security blob for a file is a pointer to the master
1526  * label list, so no allocation is done.
1527  *
1528  * f_security is the owner security information. It
1529  * isn't used on file access checks, it's for send_sigio.
1530  *
1531  * Returns 0
1532  */
1533 static int smack_file_alloc_security(struct file *file)
1534 {
1535         struct smack_known **blob = smack_file(file);
1536 
1537         *blob = smk_of_current();
1538         return 0;
1539 }
1540 
1541 /**
1542  * smack_file_ioctl - Smack check on ioctls
1543  * @file: the object
1544  * @cmd: what to do
1545  * @arg: unused
1546  *
1547  * Relies heavily on the correct use of the ioctl command conventions.
1548  *
1549  * Returns 0 if allowed, error code otherwise
1550  */
1551 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1552                             unsigned long arg)
1553 {
1554         int rc = 0;
1555         struct smk_audit_info ad;
1556         struct inode *inode = file_inode(file);
1557 
1558         if (unlikely(IS_PRIVATE(inode)))
1559                 return 0;
1560 
1561         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1562         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1563 
1564         if (_IOC_DIR(cmd) & _IOC_WRITE) {
1565                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1566                 rc = smk_bu_file(file, MAY_WRITE, rc);
1567         }
1568 
1569         if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1570                 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1571                 rc = smk_bu_file(file, MAY_READ, rc);
1572         }
1573 
1574         return rc;
1575 }
1576 
1577 /**
1578  * smack_file_lock - Smack check on file locking
1579  * @file: the object
1580  * @cmd: unused
1581  *
1582  * Returns 0 if current has lock access, error code otherwise
1583  */
1584 static int smack_file_lock(struct file *file, unsigned int cmd)
1585 {
1586         struct smk_audit_info ad;
1587         int rc;
1588         struct inode *inode = file_inode(file);
1589 
1590         if (unlikely(IS_PRIVATE(inode)))
1591                 return 0;
1592 
1593         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1594         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1595         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1596         rc = smk_bu_file(file, MAY_LOCK, rc);
1597         return rc;
1598 }
1599 
1600 /**
1601  * smack_file_fcntl - Smack check on fcntl
1602  * @file: the object
1603  * @cmd: what action to check
1604  * @arg: unused
1605  *
1606  * Generally these operations are harmless.
1607  * File locking operations present an obvious mechanism
1608  * for passing information, so they require write access.
1609  *
1610  * Returns 0 if current has access, error code otherwise
1611  */
1612 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1613                             unsigned long arg)
1614 {
1615         struct smk_audit_info ad;
1616         int rc = 0;
1617         struct inode *inode = file_inode(file);
1618 
1619         if (unlikely(IS_PRIVATE(inode)))
1620                 return 0;
1621 
1622         switch (cmd) {
1623         case F_GETLK:
1624                 break;
1625         case F_SETLK:
1626         case F_SETLKW:
1627                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1628                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1629                 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1630                 rc = smk_bu_file(file, MAY_LOCK, rc);
1631                 break;
1632         case F_SETOWN:
1633         case F_SETSIG:
1634                 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1635                 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1636                 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1637                 rc = smk_bu_file(file, MAY_WRITE, rc);
1638                 break;
1639         default:
1640                 break;
1641         }
1642 
1643         return rc;
1644 }
1645 
1646 /**
1647  * smack_mmap_file :
1648  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1649  * if mapping anonymous memory.
1650  * @file contains the file structure for file to map (may be NULL).
1651  * @reqprot contains the protection requested by the application.
1652  * @prot contains the protection that will be applied by the kernel.
1653  * @flags contains the operational flags.
1654  * Return 0 if permission is granted.
1655  */
1656 static int smack_mmap_file(struct file *file,
1657                            unsigned long reqprot, unsigned long prot,
1658                            unsigned long flags)
1659 {
1660         struct smack_known *skp;
1661         struct smack_known *mkp;
1662         struct smack_rule *srp;
1663         struct task_smack *tsp;
1664         struct smack_known *okp;
1665         struct inode_smack *isp;
1666         struct superblock_smack *sbsp;
1667         int may;
1668         int mmay;
1669         int tmay;
1670         int rc;
1671 
1672         if (file == NULL)
1673                 return 0;
1674 
1675         if (unlikely(IS_PRIVATE(file_inode(file))))
1676                 return 0;
1677 
1678         isp = smack_inode(file_inode(file));
1679         if (isp->smk_mmap == NULL)
1680                 return 0;
1681         sbsp = file_inode(file)->i_sb->s_security;
1682         if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1683             isp->smk_mmap != sbsp->smk_root)
1684                 return -EACCES;
1685         mkp = isp->smk_mmap;
1686 
1687         tsp = smack_cred(current_cred());
1688         skp = smk_of_current();
1689         rc = 0;
1690 
1691         rcu_read_lock();
1692         /*
1693          * For each Smack rule associated with the subject
1694          * label verify that the SMACK64MMAP also has access
1695          * to that rule's object label.
1696          */
1697         list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1698                 okp = srp->smk_object;
1699                 /*
1700                  * Matching labels always allows access.
1701                  */
1702                 if (mkp->smk_known == okp->smk_known)
1703                         continue;
1704                 /*
1705                  * If there is a matching local rule take
1706                  * that into account as well.
1707                  */
1708                 may = smk_access_entry(srp->smk_subject->smk_known,
1709                                        okp->smk_known,
1710                                        &tsp->smk_rules);
1711                 if (may == -ENOENT)
1712                         may = srp->smk_access;
1713                 else
1714                         may &= srp->smk_access;
1715                 /*
1716                  * If may is zero the SMACK64MMAP subject can't
1717                  * possibly have less access.
1718                  */
1719                 if (may == 0)
1720                         continue;
1721 
1722                 /*
1723                  * Fetch the global list entry.
1724                  * If there isn't one a SMACK64MMAP subject
1725                  * can't have as much access as current.
1726                  */
1727                 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1728                                         &mkp->smk_rules);
1729                 if (mmay == -ENOENT) {
1730                         rc = -EACCES;
1731                         break;
1732                 }
1733                 /*
1734                  * If there is a local entry it modifies the
1735                  * potential access, too.
1736                  */
1737                 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1738                                         &tsp->smk_rules);
1739                 if (tmay != -ENOENT)
1740                         mmay &= tmay;
1741 
1742                 /*
1743                  * If there is any access available to current that is
1744                  * not available to a SMACK64MMAP subject
1745                  * deny access.
1746                  */
1747                 if ((may | mmay) != mmay) {
1748                         rc = -EACCES;
1749                         break;
1750                 }
1751         }
1752 
1753         rcu_read_unlock();
1754 
1755         return rc;
1756 }
1757 
1758 /**
1759  * smack_file_set_fowner - set the file security blob value
1760  * @file: object in question
1761  *
1762  */
1763 static void smack_file_set_fowner(struct file *file)
1764 {
1765         struct smack_known **blob = smack_file(file);
1766 
1767         *blob = smk_of_current();
1768 }
1769 
1770 /**
1771  * smack_file_send_sigiotask - Smack on sigio
1772  * @tsk: The target task
1773  * @fown: the object the signal come from
1774  * @signum: unused
1775  *
1776  * Allow a privileged task to get signals even if it shouldn't
1777  *
1778  * Returns 0 if a subject with the object's smack could
1779  * write to the task, an error code otherwise.
1780  */
1781 static int smack_file_send_sigiotask(struct task_struct *tsk,
1782                                      struct fown_struct *fown, int signum)
1783 {
1784         struct smack_known **blob;
1785         struct smack_known *skp;
1786         struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1787         const struct cred *tcred;
1788         struct file *file;
1789         int rc;
1790         struct smk_audit_info ad;
1791 
1792         /*
1793          * struct fown_struct is never outside the context of a struct file
1794          */
1795         file = container_of(fown, struct file, f_owner);
1796 
1797         /* we don't log here as rc can be overriden */
1798         blob = smack_file(file);
1799         skp = *blob;
1800         rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1801         rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1802 
1803         rcu_read_lock();
1804         tcred = __task_cred(tsk);
1805         if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1806                 rc = 0;
1807         rcu_read_unlock();
1808 
1809         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1810         smk_ad_setfield_u_tsk(&ad, tsk);
1811         smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1812         return rc;
1813 }
1814 
1815 /**
1816  * smack_file_receive - Smack file receive check
1817  * @file: the object
1818  *
1819  * Returns 0 if current has access, error code otherwise
1820  */
1821 static int smack_file_receive(struct file *file)
1822 {
1823         int rc;
1824         int may = 0;
1825         struct smk_audit_info ad;
1826         struct inode *inode = file_inode(file);
1827         struct socket *sock;
1828         struct task_smack *tsp;
1829         struct socket_smack *ssp;
1830 
1831         if (unlikely(IS_PRIVATE(inode)))
1832                 return 0;
1833 
1834         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1835         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1836 
1837         if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1838                 sock = SOCKET_I(inode);
1839                 ssp = sock->sk->sk_security;
1840                 tsp = smack_cred(current_cred());
1841                 /*
1842                  * If the receiving process can't write to the
1843                  * passed socket or if the passed socket can't
1844                  * write to the receiving process don't accept
1845                  * the passed socket.
1846                  */
1847                 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1848                 rc = smk_bu_file(file, may, rc);
1849                 if (rc < 0)
1850                         return rc;
1851                 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1852                 rc = smk_bu_file(file, may, rc);
1853                 return rc;
1854         }
1855         /*
1856          * This code relies on bitmasks.
1857          */
1858         if (file->f_mode & FMODE_READ)
1859                 may = MAY_READ;
1860         if (file->f_mode & FMODE_WRITE)
1861                 may |= MAY_WRITE;
1862 
1863         rc = smk_curacc(smk_of_inode(inode), may, &ad);
1864         rc = smk_bu_file(file, may, rc);
1865         return rc;
1866 }
1867 
1868 /**
1869  * smack_file_open - Smack dentry open processing
1870  * @file: the object
1871  *
1872  * Set the security blob in the file structure.
1873  * Allow the open only if the task has read access. There are
1874  * many read operations (e.g. fstat) that you can do with an
1875  * fd even if you have the file open write-only.
1876  *
1877  * Returns 0 if current has access, error code otherwise
1878  */
1879 static int smack_file_open(struct file *file)
1880 {
1881         struct task_smack *tsp = smack_cred(file->f_cred);
1882         struct inode *inode = file_inode(file);
1883         struct smk_audit_info ad;
1884         int rc;
1885 
1886         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1887         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1888         rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1889         rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1890 
1891         return rc;
1892 }
1893 
1894 /*
1895  * Task hooks
1896  */
1897 
1898 /**
1899  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1900  * @cred: the new credentials
1901  * @gfp: the atomicity of any memory allocations
1902  *
1903  * Prepare a blank set of credentials for modification.  This must allocate all
1904  * the memory the LSM module might require such that cred_transfer() can
1905  * complete without error.
1906  */
1907 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1908 {
1909         init_task_smack(smack_cred(cred), NULL, NULL);
1910         return 0;
1911 }
1912 
1913 
1914 /**
1915  * smack_cred_free - "free" task-level security credentials
1916  * @cred: the credentials in question
1917  *
1918  */
1919 static void smack_cred_free(struct cred *cred)
1920 {
1921         struct task_smack *tsp = smack_cred(cred);
1922         struct smack_rule *rp;
1923         struct list_head *l;
1924         struct list_head *n;
1925 
1926         smk_destroy_label_list(&tsp->smk_relabel);
1927 
1928         list_for_each_safe(l, n, &tsp->smk_rules) {
1929                 rp = list_entry(l, struct smack_rule, list);
1930                 list_del(&rp->list);
1931                 kmem_cache_free(smack_rule_cache, rp);
1932         }
1933 }
1934 
1935 /**
1936  * smack_cred_prepare - prepare new set of credentials for modification
1937  * @new: the new credentials
1938  * @old: the original credentials
1939  * @gfp: the atomicity of any memory allocations
1940  *
1941  * Prepare a new set of credentials for modification.
1942  */
1943 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1944                               gfp_t gfp)
1945 {
1946         struct task_smack *old_tsp = smack_cred(old);
1947         struct task_smack *new_tsp = smack_cred(new);
1948         int rc;
1949 
1950         init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1951 
1952         rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1953         if (rc != 0)
1954                 return rc;
1955 
1956         rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1957                                 gfp);
1958         return rc;
1959 }
1960 
1961 /**
1962  * smack_cred_transfer - Transfer the old credentials to the new credentials
1963  * @new: the new credentials
1964  * @old: the original credentials
1965  *
1966  * Fill in a set of blank credentials from another set of credentials.
1967  */
1968 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1969 {
1970         struct task_smack *old_tsp = smack_cred(old);
1971         struct task_smack *new_tsp = smack_cred(new);
1972 
1973         new_tsp->smk_task = old_tsp->smk_task;
1974         new_tsp->smk_forked = old_tsp->smk_task;
1975         mutex_init(&new_tsp->smk_rules_lock);
1976         INIT_LIST_HEAD(&new_tsp->smk_rules);
1977 
1978         /* cbs copy rule list */
1979 }
1980 
1981 /**
1982  * smack_cred_getsecid - get the secid corresponding to a creds structure
1983  * @cred: the object creds
1984  * @secid: where to put the result
1985  *
1986  * Sets the secid to contain a u32 version of the smack label.
1987  */
1988 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
1989 {
1990         struct smack_known *skp;
1991 
1992         rcu_read_lock();
1993         skp = smk_of_task(smack_cred(cred));
1994         *secid = skp->smk_secid;
1995         rcu_read_unlock();
1996 }
1997 
1998 /**
1999  * smack_kernel_act_as - Set the subjective context in a set of credentials
2000  * @new: points to the set of credentials to be modified.
2001  * @secid: specifies the security ID to be set
2002  *
2003  * Set the security data for a kernel service.
2004  */
2005 static int smack_kernel_act_as(struct cred *new, u32 secid)
2006 {
2007         struct task_smack *new_tsp = smack_cred(new);
2008 
2009         new_tsp->smk_task = smack_from_secid(secid);
2010         return 0;
2011 }
2012 
2013 /**
2014  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2015  * @new: points to the set of credentials to be modified
2016  * @inode: points to the inode to use as a reference
2017  *
2018  * Set the file creation context in a set of credentials to the same
2019  * as the objective context of the specified inode
2020  */
2021 static int smack_kernel_create_files_as(struct cred *new,
2022                                         struct inode *inode)
2023 {
2024         struct inode_smack *isp = smack_inode(inode);
2025         struct task_smack *tsp = smack_cred(new);
2026 
2027         tsp->smk_forked = isp->smk_inode;
2028         tsp->smk_task = tsp->smk_forked;
2029         return 0;
2030 }
2031 
2032 /**
2033  * smk_curacc_on_task - helper to log task related access
2034  * @p: the task object
2035  * @access: the access requested
2036  * @caller: name of the calling function for audit
2037  *
2038  * Return 0 if access is permitted
2039  */
2040 static int smk_curacc_on_task(struct task_struct *p, int access,
2041                                 const char *caller)
2042 {
2043         struct smk_audit_info ad;
2044         struct smack_known *skp = smk_of_task_struct(p);
2045         int rc;
2046 
2047         smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2048         smk_ad_setfield_u_tsk(&ad, p);
2049         rc = smk_curacc(skp, access, &ad);
2050         rc = smk_bu_task(p, access, rc);
2051         return rc;
2052 }
2053 
2054 /**
2055  * smack_task_setpgid - Smack check on setting pgid
2056  * @p: the task object
2057  * @pgid: unused
2058  *
2059  * Return 0 if write access is permitted
2060  */
2061 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2062 {
2063         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2064 }
2065 
2066 /**
2067  * smack_task_getpgid - Smack access check for getpgid
2068  * @p: the object task
2069  *
2070  * Returns 0 if current can read the object task, error code otherwise
2071  */
2072 static int smack_task_getpgid(struct task_struct *p)
2073 {
2074         return smk_curacc_on_task(p, MAY_READ, __func__);
2075 }
2076 
2077 /**
2078  * smack_task_getsid - Smack access check for getsid
2079  * @p: the object task
2080  *
2081  * Returns 0 if current can read the object task, error code otherwise
2082  */
2083 static int smack_task_getsid(struct task_struct *p)
2084 {
2085         return smk_curacc_on_task(p, MAY_READ, __func__);
2086 }
2087 
2088 /**
2089  * smack_task_getsecid - get the secid of the task
2090  * @p: the object task
2091  * @secid: where to put the result
2092  *
2093  * Sets the secid to contain a u32 version of the smack label.
2094  */
2095 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2096 {
2097         struct smack_known *skp = smk_of_task_struct(p);
2098 
2099         *secid = skp->smk_secid;
2100 }
2101 
2102 /**
2103  * smack_task_setnice - Smack check on setting nice
2104  * @p: the task object
2105  * @nice: unused
2106  *
2107  * Return 0 if write access is permitted
2108  */
2109 static int smack_task_setnice(struct task_struct *p, int nice)
2110 {
2111         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2112 }
2113 
2114 /**
2115  * smack_task_setioprio - Smack check on setting ioprio
2116  * @p: the task object
2117  * @ioprio: unused
2118  *
2119  * Return 0 if write access is permitted
2120  */
2121 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2122 {
2123         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2124 }
2125 
2126 /**
2127  * smack_task_getioprio - Smack check on reading ioprio
2128  * @p: the task object
2129  *
2130  * Return 0 if read access is permitted
2131  */
2132 static int smack_task_getioprio(struct task_struct *p)
2133 {
2134         return smk_curacc_on_task(p, MAY_READ, __func__);
2135 }
2136 
2137 /**
2138  * smack_task_setscheduler - Smack check on setting scheduler
2139  * @p: the task object
2140  *
2141  * Return 0 if read access is permitted
2142  */
2143 static int smack_task_setscheduler(struct task_struct *p)
2144 {
2145         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2146 }
2147 
2148 /**
2149  * smack_task_getscheduler - Smack check on reading scheduler
2150  * @p: the task object
2151  *
2152  * Return 0 if read access is permitted
2153  */
2154 static int smack_task_getscheduler(struct task_struct *p)
2155 {
2156         return smk_curacc_on_task(p, MAY_READ, __func__);
2157 }
2158 
2159 /**
2160  * smack_task_movememory - Smack check on moving memory
2161  * @p: the task object
2162  *
2163  * Return 0 if write access is permitted
2164  */
2165 static int smack_task_movememory(struct task_struct *p)
2166 {
2167         return smk_curacc_on_task(p, MAY_WRITE, __func__);
2168 }
2169 
2170 /**
2171  * smack_task_kill - Smack check on signal delivery
2172  * @p: the task object
2173  * @info: unused
2174  * @sig: unused
2175  * @cred: identifies the cred to use in lieu of current's
2176  *
2177  * Return 0 if write access is permitted
2178  *
2179  */
2180 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2181                            int sig, const struct cred *cred)
2182 {
2183         struct smk_audit_info ad;
2184         struct smack_known *skp;
2185         struct smack_known *tkp = smk_of_task_struct(p);
2186         int rc;
2187 
2188         if (!sig)
2189                 return 0; /* null signal; existence test */
2190 
2191         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2192         smk_ad_setfield_u_tsk(&ad, p);
2193         /*
2194          * Sending a signal requires that the sender
2195          * can write the receiver.
2196          */
2197         if (cred == NULL) {
2198                 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2199                 rc = smk_bu_task(p, MAY_DELIVER, rc);
2200                 return rc;
2201         }
2202         /*
2203          * If the cred isn't NULL we're dealing with some USB IO
2204          * specific behavior. This is not clean. For one thing
2205          * we can't take privilege into account.
2206          */
2207         skp = smk_of_task(smack_cred(cred));
2208         rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2209         rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2210         return rc;
2211 }
2212 
2213 /**
2214  * smack_task_to_inode - copy task smack into the inode blob
2215  * @p: task to copy from
2216  * @inode: inode to copy to
2217  *
2218  * Sets the smack pointer in the inode security blob
2219  */
2220 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2221 {
2222         struct inode_smack *isp = smack_inode(inode);
2223         struct smack_known *skp = smk_of_task_struct(p);
2224 
2225         isp->smk_inode = skp;
2226         isp->smk_flags |= SMK_INODE_INSTANT;
2227 }
2228 
2229 /*
2230  * Socket hooks.
2231  */
2232 
2233 /**
2234  * smack_sk_alloc_security - Allocate a socket blob
2235  * @sk: the socket
2236  * @family: unused
2237  * @gfp_flags: memory allocation flags
2238  *
2239  * Assign Smack pointers to current
2240  *
2241  * Returns 0 on success, -ENOMEM is there's no memory
2242  */
2243 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2244 {
2245         struct smack_known *skp = smk_of_current();
2246         struct socket_smack *ssp;
2247 
2248         ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2249         if (ssp == NULL)
2250                 return -ENOMEM;
2251 
2252         /*
2253          * Sockets created by kernel threads receive web label.
2254          */
2255         if (unlikely(current->flags & PF_KTHREAD)) {
2256                 ssp->smk_in = &smack_known_web;
2257                 ssp->smk_out = &smack_known_web;
2258         } else {
2259                 ssp->smk_in = skp;
2260                 ssp->smk_out = skp;
2261         }
2262         ssp->smk_packet = NULL;
2263 
2264         sk->sk_security = ssp;
2265 
2266         return 0;
2267 }
2268 
2269 /**
2270  * smack_sk_free_security - Free a socket blob
2271  * @sk: the socket
2272  *
2273  * Clears the blob pointer
2274  */
2275 static void smack_sk_free_security(struct sock *sk)
2276 {
2277 #ifdef SMACK_IPV6_PORT_LABELING
2278         struct smk_port_label *spp;
2279 
2280         if (sk->sk_family == PF_INET6) {
2281                 rcu_read_lock();
2282                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2283                         if (spp->smk_sock != sk)
2284                                 continue;
2285                         spp->smk_can_reuse = 1;
2286                         break;
2287                 }
2288                 rcu_read_unlock();
2289         }
2290 #endif
2291         kfree(sk->sk_security);
2292 }
2293 
2294 /**
2295 * smack_ipv4host_label - check host based restrictions
2296 * @sip: the object end
2297 *
2298 * looks for host based access restrictions
2299 *
2300 * This version will only be appropriate for really small sets of single label
2301 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2302 * taken before calling this function.
2303 *
2304 * Returns the label of the far end or NULL if it's not special.
2305 */
2306 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2307 {
2308         struct smk_net4addr *snp;
2309         struct in_addr *siap = &sip->sin_addr;
2310 
2311         if (siap->s_addr == 0)
2312                 return NULL;
2313 
2314         list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2315                 /*
2316                  * we break after finding the first match because
2317                  * the list is sorted from longest to shortest mask
2318                  * so we have found the most specific match
2319                  */
2320                 if (snp->smk_host.s_addr ==
2321                     (siap->s_addr & snp->smk_mask.s_addr))
2322                         return snp->smk_label;
2323 
2324         return NULL;
2325 }
2326 
2327 /*
2328  * smk_ipv6_localhost - Check for local ipv6 host address
2329  * @sip: the address
2330  *
2331  * Returns boolean true if this is the localhost address
2332  */
2333 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2334 {
2335         __be16 *be16p = (__be16 *)&sip->sin6_addr;
2336         __be32 *be32p = (__be32 *)&sip->sin6_addr;
2337 
2338         if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2339             ntohs(be16p[7]) == 1)
2340                 return true;
2341         return false;
2342 }
2343 
2344 /**
2345 * smack_ipv6host_label - check host based restrictions
2346 * @sip: the object end
2347 *
2348 * looks for host based access restrictions
2349 *
2350 * This version will only be appropriate for really small sets of single label
2351 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2352 * taken before calling this function.
2353 *
2354 * Returns the label of the far end or NULL if it's not special.
2355 */
2356 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2357 {
2358         struct smk_net6addr *snp;
2359         struct in6_addr *sap = &sip->sin6_addr;
2360         int i;
2361         int found = 0;
2362 
2363         /*
2364          * It's local. Don't look for a host label.
2365          */
2366         if (smk_ipv6_localhost(sip))
2367                 return NULL;
2368 
2369         list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2370                 /*
2371                  * If the label is NULL the entry has
2372                  * been renounced. Ignore it.
2373                  */
2374                 if (snp->smk_label == NULL)
2375                         continue;
2376                 /*
2377                 * we break after finding the first match because
2378                 * the list is sorted from longest to shortest mask
2379                 * so we have found the most specific match
2380                 */
2381                 for (found = 1, i = 0; i < 8; i++) {
2382                         if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2383                             snp->smk_host.s6_addr16[i]) {
2384                                 found = 0;
2385                                 break;
2386                         }
2387                 }
2388                 if (found)
2389                         return snp->smk_label;
2390         }
2391 
2392         return NULL;
2393 }
2394 
2395 /**
2396  * smack_netlabel - Set the secattr on a socket
2397  * @sk: the socket
2398  * @labeled: socket label scheme
2399  *
2400  * Convert the outbound smack value (smk_out) to a
2401  * secattr and attach it to the socket.
2402  *
2403  * Returns 0 on success or an error code
2404  */
2405 static int smack_netlabel(struct sock *sk, int labeled)
2406 {
2407         struct smack_known *skp;
2408         struct socket_smack *ssp = sk->sk_security;
2409         int rc = 0;
2410 
2411         /*
2412          * Usually the netlabel code will handle changing the
2413          * packet labeling based on the label.
2414          * The case of a single label host is different, because
2415          * a single label host should never get a labeled packet
2416          * even though the label is usually associated with a packet
2417          * label.
2418          */
2419         local_bh_disable();
2420         bh_lock_sock_nested(sk);
2421 
2422         if (ssp->smk_out == smack_net_ambient ||
2423             labeled == SMACK_UNLABELED_SOCKET)
2424                 netlbl_sock_delattr(sk);
2425         else {
2426                 skp = ssp->smk_out;
2427                 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2428         }
2429 
2430         bh_unlock_sock(sk);
2431         local_bh_enable();
2432 
2433         return rc;
2434 }
2435 
2436 /**
2437  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2438  * @sk: the socket
2439  * @sap: the destination address
2440  *
2441  * Set the correct secattr for the given socket based on the destination
2442  * address and perform any outbound access checks needed.
2443  *
2444  * Returns 0 on success or an error code.
2445  *
2446  */
2447 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2448 {
2449         struct smack_known *skp;
2450         int rc;
2451         int sk_lbl;
2452         struct smack_known *hkp;
2453         struct socket_smack *ssp = sk->sk_security;
2454         struct smk_audit_info ad;
2455 
2456         rcu_read_lock();
2457         hkp = smack_ipv4host_label(sap);
2458         if (hkp != NULL) {
2459 #ifdef CONFIG_AUDIT
2460                 struct lsm_network_audit net;
2461 
2462                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2463                 ad.a.u.net->family = sap->sin_family;
2464                 ad.a.u.net->dport = sap->sin_port;
2465                 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2466 #endif
2467                 sk_lbl = SMACK_UNLABELED_SOCKET;
2468                 skp = ssp->smk_out;
2469                 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2470                 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2471         } else {
2472                 sk_lbl = SMACK_CIPSO_SOCKET;
2473                 rc = 0;
2474         }
2475         rcu_read_unlock();
2476         if (rc != 0)
2477                 return rc;
2478 
2479         return smack_netlabel(sk, sk_lbl);
2480 }
2481 
2482 /**
2483  * smk_ipv6_check - check Smack access
2484  * @subject: subject Smack label
2485  * @object: object Smack label
2486  * @address: address
2487  * @act: the action being taken
2488  *
2489  * Check an IPv6 access
2490  */
2491 static int smk_ipv6_check(struct smack_known *subject,
2492                                 struct smack_known *object,
2493                                 struct sockaddr_in6 *address, int act)
2494 {
2495 #ifdef CONFIG_AUDIT
2496         struct lsm_network_audit net;
2497 #endif
2498         struct smk_audit_info ad;
2499         int rc;
2500 
2501 #ifdef CONFIG_AUDIT
2502         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2503         ad.a.u.net->family = PF_INET6;
2504         ad.a.u.net->dport = ntohs(address->sin6_port);
2505         if (act == SMK_RECEIVING)
2506                 ad.a.u.net->v6info.saddr = address->sin6_addr;
2507         else
2508                 ad.a.u.net->v6info.daddr = address->sin6_addr;
2509 #endif
2510         rc = smk_access(subject, object, MAY_WRITE, &ad);
2511         rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2512         return rc;
2513 }
2514 
2515 #ifdef SMACK_IPV6_PORT_LABELING
2516 /**
2517  * smk_ipv6_port_label - Smack port access table management
2518  * @sock: socket
2519  * @address: address
2520  *
2521  * Create or update the port list entry
2522  */
2523 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2524 {
2525         struct sock *sk = sock->sk;
2526         struct sockaddr_in6 *addr6;
2527         struct socket_smack *ssp = sock->sk->sk_security;
2528         struct smk_port_label *spp;
2529         unsigned short port = 0;
2530 
2531         if (address == NULL) {
2532                 /*
2533                  * This operation is changing the Smack information
2534                  * on the bound socket. Take the changes to the port
2535                  * as well.
2536                  */
2537                 rcu_read_lock();
2538                 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2539                         if (sk != spp->smk_sock)
2540                                 continue;
2541                         spp->smk_in = ssp->smk_in;
2542                         spp->smk_out = ssp->smk_out;
2543                         rcu_read_unlock();
2544                         return;
2545                 }
2546                 /*
2547                  * A NULL address is only used for updating existing
2548                  * bound entries. If there isn't one, it's OK.
2549                  */
2550                 rcu_read_unlock();
2551                 return;
2552         }
2553 
2554         addr6 = (struct sockaddr_in6 *)address;
2555         port = ntohs(addr6->sin6_port);
2556         /*
2557          * This is a special case that is safely ignored.
2558          */
2559         if (port == 0)
2560                 return;
2561 
2562         /*
2563          * Look for an existing port list entry.
2564          * This is an indication that a port is getting reused.
2565          */
2566         rcu_read_lock();
2567         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2568                 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2569                         continue;
2570                 if (spp->smk_can_reuse != 1) {
2571                         rcu_read_unlock();
2572                         return;
2573                 }
2574                 spp->smk_port = port;
2575                 spp->smk_sock = sk;
2576                 spp->smk_in = ssp->smk_in;
2577                 spp->smk_out = ssp->smk_out;
2578                 spp->smk_can_reuse = 0;
2579                 rcu_read_unlock();
2580                 return;
2581         }
2582         rcu_read_unlock();
2583         /*
2584          * A new port entry is required.
2585          */
2586         spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2587         if (spp == NULL)
2588                 return;
2589 
2590         spp->smk_port = port;
2591         spp->smk_sock = sk;
2592         spp->smk_in = ssp->smk_in;
2593         spp->smk_out = ssp->smk_out;
2594         spp->smk_sock_type = sock->type;
2595         spp->smk_can_reuse = 0;
2596 
2597         mutex_lock(&smack_ipv6_lock);
2598         list_add_rcu(&spp->list, &smk_ipv6_port_list);
2599         mutex_unlock(&smack_ipv6_lock);
2600         return;
2601 }
2602 #endif
2603 
2604 /**
2605  * smk_ipv6_port_check - check Smack port access
2606  * @sk: socket
2607  * @address: address
2608  * @act: the action being taken
2609  *
2610  * Create or update the port list entry
2611  */
2612 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2613                                 int act)
2614 {
2615         struct smk_port_label *spp;
2616         struct socket_smack *ssp = sk->sk_security;
2617         struct smack_known *skp = NULL;
2618         unsigned short port;
2619         struct smack_known *object;
2620 
2621         if (act == SMK_RECEIVING) {
2622                 skp = smack_ipv6host_label(address);
2623                 object = ssp->smk_in;
2624         } else {
2625                 skp = ssp->smk_out;
2626                 object = smack_ipv6host_label(address);
2627         }
2628 
2629         /*
2630          * The other end is a single label host.
2631          */
2632         if (skp != NULL && object != NULL)
2633                 return smk_ipv6_check(skp, object, address, act);
2634         if (skp == NULL)
2635                 skp = smack_net_ambient;
2636         if (object == NULL)
2637                 object = smack_net_ambient;
2638 
2639         /*
2640          * It's remote, so port lookup does no good.
2641          */
2642         if (!smk_ipv6_localhost(address))
2643                 return smk_ipv6_check(skp, object, address, act);
2644 
2645         /*
2646          * It's local so the send check has to have passed.
2647          */
2648         if (act == SMK_RECEIVING)
2649                 return 0;
2650 
2651         port = ntohs(address->sin6_port);
2652         rcu_read_lock();
2653         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2654                 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2655                         continue;
2656                 object = spp->smk_in;
2657                 if (act == SMK_CONNECTING)
2658                         ssp->smk_packet = spp->smk_out;
2659                 break;
2660         }
2661         rcu_read_unlock();
2662 
2663         return smk_ipv6_check(skp, object, address, act);
2664 }
2665 
2666 /**
2667  * smack_inode_setsecurity - set smack xattrs
2668  * @inode: the object
2669  * @name: attribute name
2670  * @value: attribute value
2671  * @size: size of the attribute
2672  * @flags: unused
2673  *
2674  * Sets the named attribute in the appropriate blob
2675  *
2676  * Returns 0 on success, or an error code
2677  */
2678 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2679                                    const void *value, size_t size, int flags)
2680 {
2681         struct smack_known *skp;
2682         struct inode_smack *nsp = smack_inode(inode);
2683         struct socket_smack *ssp;
2684         struct socket *sock;
2685         int rc = 0;
2686 
2687         if (value == NULL || size > SMK_LONGLABEL || size == 0)
2688                 return -EINVAL;
2689 
2690         skp = smk_import_entry(value, size);
2691         if (IS_ERR(skp))
2692                 return PTR_ERR(skp);
2693 
2694         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2695                 nsp->smk_inode = skp;
2696                 nsp->smk_flags |= SMK_INODE_INSTANT;
2697                 return 0;
2698         }
2699         /*
2700          * The rest of the Smack xattrs are only on sockets.
2701          */
2702         if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2703                 return -EOPNOTSUPP;
2704 
2705         sock = SOCKET_I(inode);
2706         if (sock == NULL || sock->sk == NULL)
2707                 return -EOPNOTSUPP;
2708 
2709         ssp = sock->sk->sk_security;
2710 
2711         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2712                 ssp->smk_in = skp;
2713         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2714                 ssp->smk_out = skp;
2715                 if (sock->sk->sk_family == PF_INET) {
2716                         rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2717                         if (rc != 0)
2718                                 printk(KERN_WARNING
2719                                         "Smack: \"%s\" netlbl error %d.\n",
2720                                         __func__, -rc);
2721                 }
2722         } else
2723                 return -EOPNOTSUPP;
2724 
2725 #ifdef SMACK_IPV6_PORT_LABELING
2726         if (sock->sk->sk_family == PF_INET6)
2727                 smk_ipv6_port_label(sock, NULL);
2728 #endif
2729 
2730         return 0;
2731 }
2732 
2733 /**
2734  * smack_socket_post_create - finish socket setup
2735  * @sock: the socket
2736  * @family: protocol family
2737  * @type: unused
2738  * @protocol: unused
2739  * @kern: unused
2740  *
2741  * Sets the netlabel information on the socket
2742  *
2743  * Returns 0 on success, and error code otherwise
2744  */
2745 static int smack_socket_post_create(struct socket *sock, int family,
2746                                     int type, int protocol, int kern)
2747 {
2748         struct socket_smack *ssp;
2749 
2750         if (sock->sk == NULL)
2751                 return 0;
2752 
2753         /*
2754          * Sockets created by kernel threads receive web label.
2755          */
2756         if (unlikely(current->flags & PF_KTHREAD)) {
2757                 ssp = sock->sk->sk_security;
2758                 ssp->smk_in = &smack_known_web;
2759                 ssp->smk_out = &smack_known_web;
2760         }
2761 
2762         if (family != PF_INET)
2763                 return 0;
2764         /*
2765          * Set the outbound netlbl.
2766          */
2767         return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2768 }
2769 
2770 /**
2771  * smack_socket_socketpair - create socket pair
2772  * @socka: one socket
2773  * @sockb: another socket
2774  *
2775  * Cross reference the peer labels for SO_PEERSEC
2776  *
2777  * Returns 0
2778  */
2779 static int smack_socket_socketpair(struct socket *socka,
2780                                    struct socket *sockb)
2781 {
2782         struct socket_smack *asp = socka->sk->sk_security;
2783         struct socket_smack *bsp = sockb->sk->sk_security;
2784 
2785         asp->smk_packet = bsp->smk_out;
2786         bsp->smk_packet = asp->smk_out;
2787 
2788         return 0;
2789 }
2790 
2791 #ifdef SMACK_IPV6_PORT_LABELING
2792 /**
2793  * smack_socket_bind - record port binding information.
2794  * @sock: the socket
2795  * @address: the port address
2796  * @addrlen: size of the address
2797  *
2798  * Records the label bound to a port.
2799  *
2800  * Returns 0 on success, and error code otherwise
2801  */
2802 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2803                                 int addrlen)
2804 {
2805         if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2806                 if (addrlen < SIN6_LEN_RFC2133 ||
2807                     address->sa_family != AF_INET6)
2808                         return -EINVAL;
2809                 smk_ipv6_port_label(sock, address);
2810         }
2811         return 0;
2812 }
2813 #endif /* SMACK_IPV6_PORT_LABELING */
2814 
2815 /**
2816  * smack_socket_connect - connect access check
2817  * @sock: the socket
2818  * @sap: the other end
2819  * @addrlen: size of sap
2820  *
2821  * Verifies that a connection may be possible
2822  *
2823  * Returns 0 on success, and error code otherwise
2824  */
2825 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2826                                 int addrlen)
2827 {
2828         int rc = 0;
2829 
2830         if (sock->sk == NULL)
2831                 return 0;
2832         if (sock->sk->sk_family != PF_INET &&
2833             (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2834                 return 0;
2835         if (addrlen < offsetofend(struct sockaddr, sa_family))
2836                 return 0;
2837         if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2838                 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2839                 struct smack_known *rsp = NULL;
2840 
2841                 if (addrlen < SIN6_LEN_RFC2133)
2842                         return 0;
2843                 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2844                         rsp = smack_ipv6host_label(sip);
2845                 if (rsp != NULL) {
2846                         struct socket_smack *ssp = sock->sk->sk_security;
2847 
2848                         rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2849                                             SMK_CONNECTING);
2850                 }
2851                 if (__is_defined(SMACK_IPV6_PORT_LABELING))
2852                         rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2853 
2854                 return rc;
2855         }
2856         if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2857                 return 0;
2858         rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2859         return rc;
2860 }
2861 
2862 /**
2863  * smack_flags_to_may - convert S_ to MAY_ values
2864  * @flags: the S_ value
2865  *
2866  * Returns the equivalent MAY_ value
2867  */
2868 static int smack_flags_to_may(int flags)
2869 {
2870         int may = 0;
2871 
2872         if (flags & S_IRUGO)
2873                 may |= MAY_READ;
2874         if (flags & S_IWUGO)
2875                 may |= MAY_WRITE;
2876         if (flags & S_IXUGO)
2877                 may |= MAY_EXEC;
2878 
2879         return may;
2880 }
2881 
2882 /**
2883  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2884  * @msg: the object
2885  *
2886  * Returns 0
2887  */
2888 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2889 {
2890         struct smack_known **blob = smack_msg_msg(msg);
2891 
2892         *blob = smk_of_current();
2893         return 0;
2894 }
2895 
2896 /**
2897  * smack_of_ipc - the smack pointer for the ipc
2898  * @isp: the object
2899  *
2900  * Returns a pointer to the smack value
2901  */
2902 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2903 {
2904         struct smack_known **blob = smack_ipc(isp);
2905 
2906         return *blob;
2907 }
2908 
2909 /**
2910  * smack_ipc_alloc_security - Set the security blob for ipc
2911  * @isp: the object
2912  *
2913  * Returns 0
2914  */
2915 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
2916 {
2917         struct smack_known **blob = smack_ipc(isp);
2918 
2919         *blob = smk_of_current();
2920         return 0;
2921 }
2922 
2923 /**
2924  * smk_curacc_shm : check if current has access on shm
2925  * @isp : the object
2926  * @access : access requested
2927  *
2928  * Returns 0 if current has the requested access, error code otherwise
2929  */
2930 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
2931 {
2932         struct smack_known *ssp = smack_of_ipc(isp);
2933         struct smk_audit_info ad;
2934         int rc;
2935 
2936 #ifdef CONFIG_AUDIT
2937         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2938         ad.a.u.ipc_id = isp->id;
2939 #endif
2940         rc = smk_curacc(ssp, access, &ad);
2941         rc = smk_bu_current("shm", ssp, access, rc);
2942         return rc;
2943 }
2944 
2945 /**
2946  * smack_shm_associate - Smack access check for shm
2947  * @isp: the object
2948  * @shmflg: access requested
2949  *
2950  * Returns 0 if current has the requested access, error code otherwise
2951  */
2952 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
2953 {
2954         int may;
2955 
2956         may = smack_flags_to_may(shmflg);
2957         return smk_curacc_shm(isp, may);
2958 }
2959 
2960 /**
2961  * smack_shm_shmctl - Smack access check for shm
2962  * @isp: the object
2963  * @cmd: what it wants to do
2964  *
2965  * Returns 0 if current has the requested access, error code otherwise
2966  */
2967 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
2968 {
2969         int may;
2970 
2971         switch (cmd) {
2972         case IPC_STAT:
2973         case SHM_STAT:
2974         case SHM_STAT_ANY:
2975                 may = MAY_READ;
2976                 break;
2977         case IPC_SET:
2978         case SHM_LOCK:
2979         case SHM_UNLOCK:
2980         case IPC_RMID:
2981                 may = MAY_READWRITE;
2982                 break;
2983         case IPC_INFO:
2984         case SHM_INFO:
2985                 /*
2986                  * System level information.
2987                  */
2988                 return 0;
2989         default:
2990                 return -EINVAL;
2991         }
2992         return smk_curacc_shm(isp, may);
2993 }
2994 
2995 /**
2996  * smack_shm_shmat - Smack access for shmat
2997  * @isp: the object
2998  * @shmaddr: unused
2999  * @shmflg: access requested
3000  *
3001  * Returns 0 if current has the requested access, error code otherwise
3002  */
3003 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3004                            int shmflg)
3005 {
3006         int may;
3007 
3008         may = smack_flags_to_may(shmflg);
3009         return smk_curacc_shm(isp, may);
3010 }
3011 
3012 /**
3013  * smk_curacc_sem : check if current has access on sem
3014  * @isp : the object
3015  * @access : access requested
3016  *
3017  * Returns 0 if current has the requested access, error code otherwise
3018  */
3019 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3020 {
3021         struct smack_known *ssp = smack_of_ipc(isp);
3022         struct smk_audit_info ad;
3023         int rc;
3024 
3025 #ifdef CONFIG_AUDIT
3026         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3027         ad.a.u.ipc_id = isp->id;
3028 #endif
3029         rc = smk_curacc(ssp, access, &ad);
3030         rc = smk_bu_current("sem", ssp, access, rc);
3031         return rc;
3032 }
3033 
3034 /**
3035  * smack_sem_associate - Smack access check for sem
3036  * @isp: the object
3037  * @semflg: access requested
3038  *
3039  * Returns 0 if current has the requested access, error code otherwise
3040  */
3041 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3042 {
3043         int may;
3044 
3045         may = smack_flags_to_may(semflg);
3046         return smk_curacc_sem(isp, may);
3047 }
3048 
3049 /**
3050  * smack_sem_shmctl - Smack access check for sem
3051  * @isp: the object
3052  * @cmd: what it wants to do
3053  *
3054  * Returns 0 if current has the requested access, error code otherwise
3055  */
3056 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3057 {
3058         int may;
3059 
3060         switch (cmd) {
3061         case GETPID:
3062         case GETNCNT:
3063         case GETZCNT:
3064         case GETVAL:
3065         case GETALL:
3066         case IPC_STAT:
3067         case SEM_STAT:
3068         case SEM_STAT_ANY:
3069                 may = MAY_READ;
3070                 break;
3071         case SETVAL:
3072         case SETALL:
3073         case IPC_RMID:
3074         case IPC_SET:
3075                 may = MAY_READWRITE;
3076                 break;
3077         case IPC_INFO:
3078         case SEM_INFO:
3079                 /*
3080                  * System level information
3081                  */
3082                 return 0;
3083         default:
3084                 return -EINVAL;
3085         }
3086 
3087         return smk_curacc_sem(isp, may);
3088 }
3089 
3090 /**
3091  * smack_sem_semop - Smack checks of semaphore operations
3092  * @isp: the object
3093  * @sops: unused
3094  * @nsops: unused
3095  * @alter: unused
3096  *
3097  * Treated as read and write in all cases.
3098  *
3099  * Returns 0 if access is allowed, error code otherwise
3100  */
3101 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3102                            unsigned nsops, int alter)
3103 {
3104         return smk_curacc_sem(isp, MAY_READWRITE);
3105 }
3106 
3107 /**
3108  * smk_curacc_msq : helper to check if current has access on msq
3109  * @isp : the msq
3110  * @access : access requested
3111  *
3112  * return 0 if current has access, error otherwise
3113  */
3114 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3115 {
3116         struct smack_known *msp = smack_of_ipc(isp);
3117         struct smk_audit_info ad;
3118         int rc;
3119 
3120 #ifdef CONFIG_AUDIT
3121         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3122         ad.a.u.ipc_id = isp->id;
3123 #endif
3124         rc = smk_curacc(msp, access, &ad);
3125         rc = smk_bu_current("msq", msp, access, rc);
3126         return rc;
3127 }
3128 
3129 /**
3130  * smack_msg_queue_associate - Smack access check for msg_queue
3131  * @isp: the object
3132  * @msqflg: access requested
3133  *
3134  * Returns 0 if current has the requested access, error code otherwise
3135  */
3136 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3137 {
3138         int may;
3139 
3140         may = smack_flags_to_may(msqflg);
3141         return smk_curacc_msq(isp, may);
3142 }
3143 
3144 /**
3145  * smack_msg_queue_msgctl - Smack access check for msg_queue
3146  * @isp: the object
3147  * @cmd: what it wants to do
3148  *
3149  * Returns 0 if current has the requested access, error code otherwise
3150  */
3151 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3152 {
3153         int may;
3154 
3155         switch (cmd) {
3156         case IPC_STAT:
3157         case MSG_STAT:
3158         case MSG_STAT_ANY:
3159                 may = MAY_READ;
3160                 break;
3161         case IPC_SET:
3162         case IPC_RMID:
3163                 may = MAY_READWRITE;
3164                 break;
3165         case IPC_INFO:
3166         case MSG_INFO:
3167                 /*
3168                  * System level information
3169                  */
3170                 return 0;
3171         default:
3172                 return -EINVAL;
3173         }
3174 
3175         return smk_curacc_msq(isp, may);
3176 }
3177 
3178 /**
3179  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3180  * @isp: the object
3181  * @msg: unused
3182  * @msqflg: access requested
3183  *
3184  * Returns 0 if current has the requested access, error code otherwise
3185  */
3186 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3187                                   int msqflg)
3188 {
3189         int may;
3190 
3191         may = smack_flags_to_may(msqflg);
3192         return smk_curacc_msq(isp, may);
3193 }
3194 
3195 /**
3196  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3197  * @isp: the object
3198  * @msg: unused
3199  * @target: unused
3200  * @type: unused
3201  * @mode: unused
3202  *
3203  * Returns 0 if current has read and write access, error code otherwise
3204  */
3205 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
3206                         struct task_struct *target, long type, int mode)
3207 {
3208         return smk_curacc_msq(isp, MAY_READWRITE);
3209 }
3210 
3211 /**
3212  * smack_ipc_permission - Smack access for ipc_permission()
3213  * @ipp: the object permissions
3214  * @flag: access requested
3215  *
3216  * Returns 0 if current has read and write access, error code otherwise
3217  */
3218 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3219 {
3220         struct smack_known **blob = smack_ipc(ipp);
3221         struct smack_known *iskp = *blob;
3222         int may = smack_flags_to_may(flag);
3223         struct smk_audit_info ad;
3224         int rc;
3225 
3226 #ifdef CONFIG_AUDIT
3227         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3228         ad.a.u.ipc_id = ipp->id;
3229 #endif
3230         rc = smk_curacc(iskp, may, &ad);
3231         rc = smk_bu_current("svipc", iskp, may, rc);
3232         return rc;
3233 }
3234 
3235 /**
3236  * smack_ipc_getsecid - Extract smack security id
3237  * @ipp: the object permissions
3238  * @secid: where result will be saved
3239  */
3240 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3241 {
3242         struct smack_known **blob = smack_ipc(ipp);
3243         struct smack_known *iskp = *blob;
3244 
3245         *secid = iskp->smk_secid;
3246 }
3247 
3248 /**
3249  * smack_d_instantiate - Make sure the blob is correct on an inode
3250  * @opt_dentry: dentry where inode will be attached
3251  * @inode: the object
3252  *
3253  * Set the inode's security blob if it hasn't been done already.
3254  */
3255 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3256 {
3257         struct super_block *sbp;
3258         struct superblock_smack *sbsp;
3259         struct inode_smack *isp;
3260         struct smack_known *skp;
3261         struct smack_known *ckp = smk_of_current();
3262         struct smack_known *final;
3263         char trattr[TRANS_TRUE_SIZE];
3264         int transflag = 0;
3265         int rc;
3266         struct dentry *dp;
3267 
3268         if (inode == NULL)
3269                 return;
3270 
3271         isp = smack_inode(inode);
3272 
3273         mutex_lock(&isp->smk_lock);
3274         /*
3275          * If the inode is already instantiated
3276          * take the quick way out
3277          */
3278         if (isp->smk_flags & SMK_INODE_INSTANT)
3279                 goto unlockandout;
3280 
3281         sbp = inode->i_sb;
3282         sbsp = sbp->s_security;
3283         /*
3284          * We're going to use the superblock default label
3285          * if there's no label on the file.
3286          */
3287         final = sbsp->smk_default;
3288 
3289         /*
3290          * If this is the root inode the superblock
3291          * may be in the process of initialization.
3292          * If that is the case use the root value out
3293          * of the superblock.
3294          */
3295         if (opt_dentry->d_parent == opt_dentry) {
3296                 switch (sbp->s_magic) {
3297                 case CGROUP_SUPER_MAGIC:
3298                 case CGROUP2_SUPER_MAGIC:
3299                         /*
3300                          * The cgroup filesystem is never mounted,
3301                          * so there's no opportunity to set the mount
3302                          * options.
3303                          */
3304                         sbsp->smk_root = &smack_known_star;
3305                         sbsp->smk_default = &smack_known_star;
3306                         isp->smk_inode = sbsp->smk_root;
3307                         break;
3308                 case TMPFS_MAGIC:
3309                         /*
3310                          * What about shmem/tmpfs anonymous files with dentry
3311                          * obtained from d_alloc_pseudo()?
3312                          */
3313                         isp->smk_inode = smk_of_current();
3314                         break;
3315                 case PIPEFS_MAGIC:
3316                         isp->smk_inode = smk_of_current();
3317                         break;
3318                 case SOCKFS_MAGIC:
3319                         /*
3320                          * Socket access is controlled by the socket
3321                          * structures associated with the task involved.
3322                          */
3323                         isp->smk_inode = &smack_known_star;
3324                         break;
3325                 default:
3326                         isp->smk_inode = sbsp->smk_root;
3327                         break;
3328                 }
3329                 isp->smk_flags |= SMK_INODE_INSTANT;
3330                 goto unlockandout;
3331         }
3332 
3333         /*
3334          * This is pretty hackish.
3335          * Casey says that we shouldn't have to do
3336          * file system specific code, but it does help
3337          * with keeping it simple.
3338          */
3339         switch (sbp->s_magic) {
3340         case SMACK_MAGIC:
3341         case CGROUP_SUPER_MAGIC:
3342         case CGROUP2_SUPER_MAGIC:
3343                 /*
3344                  * Casey says that it's a little embarrassing
3345                  * that the smack file system doesn't do
3346                  * extended attributes.
3347                  *
3348                  * Cgroupfs is special
3349                  */
3350                 final = &smack_known_star;
3351                 break;
3352         case DEVPTS_SUPER_MAGIC:
3353                 /*
3354                  * devpts seems content with the label of the task.
3355                  * Programs that change smack have to treat the
3356                  * pty with respect.
3357                  */
3358                 final = ckp;
3359                 break;
3360         case PROC_SUPER_MAGIC:
3361                 /*
3362                  * Casey says procfs appears not to care.
3363                  * The superblock default suffices.
3364                  */
3365                 break;
3366         case TMPFS_MAGIC:
3367                 /*
3368                  * Device labels should come from the filesystem,
3369                  * but watch out, because they're volitile,
3370                  * getting recreated on every reboot.
3371                  */
3372                 final = &smack_known_star;
3373                 /*
3374                  * If a smack value has been set we want to use it,
3375                  * but since tmpfs isn't giving us the opportunity
3376                  * to set mount options simulate setting the
3377                  * superblock default.
3378                  */
3379                 /* Fall through */
3380         default:
3381                 /*
3382                  * This isn't an understood special case.
3383                  * Get the value from the xattr.
3384                  */
3385 
3386                 /*
3387                  * UNIX domain sockets use lower level socket data.
3388                  */
3389                 if (S_ISSOCK(inode->i_mode)) {
3390                         final = &smack_known_star;
3391                         break;
3392                 }
3393                 /*
3394                  * No xattr support means, alas, no SMACK label.
3395                  * Use the aforeapplied default.
3396                  * It would be curious if the label of the task
3397                  * does not match that assigned.
3398                  */
3399                 if (!(inode->i_opflags & IOP_XATTR))
3400                         break;
3401                 /*
3402                  * Get the dentry for xattr.
3403                  */
3404                 dp = dget(opt_dentry);
3405                 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3406                 if (!IS_ERR_OR_NULL(skp))
3407                         final = skp;
3408 
3409                 /*
3410                  * Transmuting directory
3411                  */
3412                 if (S_ISDIR(inode->i_mode)) {
3413                         /*
3414                          * If this is a new directory and the label was
3415                          * transmuted when the inode was initialized
3416                          * set the transmute attribute on the directory
3417                          * and mark the inode.
3418                          *
3419                          * If there is a transmute attribute on the
3420                          * directory mark the inode.
3421                          */
3422                         if (isp->smk_flags & SMK_INODE_CHANGED) {
3423                                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3424                                 rc = __vfs_setxattr(dp, inode,
3425                                         XATTR_NAME_SMACKTRANSMUTE,
3426                                         TRANS_TRUE, TRANS_TRUE_SIZE,
3427                                         0);
3428                         } else {
3429                                 rc = __vfs_getxattr(dp, inode,
3430                                         XATTR_NAME_SMACKTRANSMUTE, trattr,
3431                                         TRANS_TRUE_SIZE);
3432                                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3433                                                        TRANS_TRUE_SIZE) != 0)
3434                                         rc = -EINVAL;
3435                         }
3436                         if (rc >= 0)
3437                                 transflag = SMK_INODE_TRANSMUTE;
3438                 }
3439                 /*
3440                  * Don't let the exec or mmap label be "*" or "@".
3441                  */
3442                 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3443                 if (IS_ERR(skp) || skp == &smack_known_star ||
3444                     skp == &smack_known_web)
3445                         skp = NULL;
3446                 isp->smk_task = skp;
3447 
3448                 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3449                 if (IS_ERR(skp) || skp == &smack_known_star ||
3450                     skp == &smack_known_web)
3451                         skp = NULL;
3452                 isp->smk_mmap = skp;
3453 
3454                 dput(dp);
3455                 break;
3456         }
3457 
3458         if (final == NULL)
3459                 isp->smk_inode = ckp;
3460         else
3461                 isp->smk_inode = final;
3462 
3463         isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3464 
3465 unlockandout:
3466         mutex_unlock(&isp->smk_lock);
3467         return;
3468 }
3469 
3470 /**
3471  * smack_getprocattr - Smack process attribute access
3472  * @p: the object task
3473  * @name: the name of the attribute in /proc/.../attr
3474  * @value: where to put the result
3475  *
3476  * Places a copy of the task Smack into value
3477  *
3478  * Returns the length of the smack label or an error code
3479  */
3480 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3481 {
3482         struct smack_known *skp = smk_of_task_struct(p);
3483         char *cp;
3484         int slen;
3485 
3486         if (strcmp(name, "current") != 0)
3487                 return -EINVAL;
3488 
3489         cp = kstrdup(skp->smk_known, GFP_KERNEL);
3490         if (cp == NULL)
3491                 return -ENOMEM;
3492 
3493         slen = strlen(cp);
3494         *value = cp;
3495         return slen;
3496 }
3497 
3498 /**
3499  * smack_setprocattr - Smack process attribute setting
3500  * @name: the name of the attribute in /proc/.../attr
3501  * @value: the value to set
3502  * @size: the size of the value
3503  *
3504  * Sets the Smack value of the task. Only setting self
3505  * is permitted and only with privilege
3506  *
3507  * Returns the length of the smack label or an error code
3508  */
3509 static int smack_setprocattr(const char *name, void *value, size_t size)
3510 {
3511         struct task_smack *tsp = smack_cred(current_cred());
3512         struct cred *new;
3513         struct smack_known *skp;
3514         struct smack_known_list_elem *sklep;
3515         int rc;
3516 
3517         if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3518                 return -EPERM;
3519 
3520         if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3521                 return -EINVAL;
3522 
3523         if (strcmp(name, "current") != 0)
3524                 return -EINVAL;
3525 
3526         skp = smk_import_entry(value, size);
3527         if (IS_ERR(skp))
3528                 return PTR_ERR(skp);
3529 
3530         /*
3531          * No process is ever allowed the web ("@") label
3532          * and the star ("*") label.
3533          */
3534         if (skp == &smack_known_web || skp == &smack_known_star)
3535                 return -EINVAL;
3536 
3537         if (!smack_privileged(CAP_MAC_ADMIN)) {
3538                 rc = -EPERM;
3539                 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3540                         if (sklep->smk_label == skp) {
3541                                 rc = 0;
3542                                 break;
3543                         }
3544                 if (rc)
3545                         return rc;
3546         }
3547 
3548         new = prepare_creds();
3549         if (new == NULL)
3550                 return -ENOMEM;
3551 
3552         tsp = smack_cred(new);
3553         tsp->smk_task = skp;
3554         /*
3555          * process can change its label only once
3556          */
3557         smk_destroy_label_list(&tsp->smk_relabel);
3558 
3559         commit_creds(new);
3560         return size;
3561 }
3562 
3563 /**
3564  * smack_unix_stream_connect - Smack access on UDS
3565  * @sock: one sock
3566  * @other: the other sock
3567  * @newsk: unused
3568  *
3569  * Return 0 if a subject with the smack of sock could access
3570  * an object with the smack of other, otherwise an error code
3571  */
3572 static int smack_unix_stream_connect(struct sock *sock,
3573                                      struct sock *other, struct sock *newsk)
3574 {
3575         struct smack_known *skp;
3576         struct smack_known *okp;
3577         struct socket_smack *ssp = sock->sk_security;
3578         struct socket_smack *osp = other->sk_security;
3579         struct socket_smack *nsp = newsk->sk_security;
3580         struct smk_audit_info ad;
3581         int rc = 0;
3582 #ifdef CONFIG_AUDIT
3583         struct lsm_network_audit net;
3584 #endif
3585 
3586         if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3587                 skp = ssp->smk_out;
3588                 okp = osp->smk_in;
3589 #ifdef CONFIG_AUDIT
3590                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3591                 smk_ad_setfield_u_net_sk(&ad, other);
3592 #endif
3593                 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3594                 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3595                 if (rc == 0) {
3596                         okp = osp->smk_out;
3597                         skp = ssp->smk_in;
3598                         rc = smk_access(okp, skp, MAY_WRITE, &ad);
3599                         rc = smk_bu_note("UDS connect", okp, skp,
3600                                                 MAY_WRITE, rc);
3601                 }
3602         }
3603 
3604         /*
3605          * Cross reference the peer labels for SO_PEERSEC.
3606          */
3607         if (rc == 0) {
3608                 nsp->smk_packet = ssp->smk_out;
3609                 ssp->smk_packet = osp->smk_out;
3610         }
3611 
3612         return rc;
3613 }
3614 
3615 /**
3616  * smack_unix_may_send - Smack access on UDS
3617  * @sock: one socket
3618  * @other: the other socket
3619  *
3620  * Return 0 if a subject with the smack of sock could access
3621  * an object with the smack of other, otherwise an error code
3622  */
3623 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3624 {
3625         struct socket_smack *ssp = sock->sk->sk_security;
3626         struct socket_smack *osp = other->sk->sk_security;
3627         struct smk_audit_info ad;
3628         int rc;
3629 
3630 #ifdef CONFIG_AUDIT
3631         struct lsm_network_audit net;
3632 
3633         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3634         smk_ad_setfield_u_net_sk(&ad, other->sk);
3635 #endif
3636 
3637         if (smack_privileged(CAP_MAC_OVERRIDE))
3638                 return 0;
3639 
3640         rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3641         rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3642         return rc;
3643 }
3644 
3645 /**
3646  * smack_socket_sendmsg - Smack check based on destination host
3647  * @sock: the socket
3648  * @msg: the message
3649  * @size: the size of the message
3650  *
3651  * Return 0 if the current subject can write to the destination host.
3652  * For IPv4 this is only a question if the destination is a single label host.
3653  * For IPv6 this is a check against the label of the port.
3654  */
3655 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3656                                 int size)
3657 {
3658         struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3659 #if IS_ENABLED(CONFIG_IPV6)
3660         struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3661 #endif
3662 #ifdef SMACK_IPV6_SECMARK_LABELING
3663         struct socket_smack *ssp = sock->sk->sk_security;
3664         struct smack_known *rsp;
3665 #endif
3666         int rc = 0;
3667 
3668         /*
3669          * Perfectly reasonable for this to be NULL
3670          */
3671         if (sip == NULL)
3672                 return 0;
3673 
3674         switch (sock->sk->sk_family) {
3675         case AF_INET:
3676                 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3677                     sip->sin_family != AF_INET)
3678                         return -EINVAL;
3679                 rc = smack_netlabel_send(sock->sk, sip);
3680                 break;
3681 #if IS_ENABLED(CONFIG_IPV6)
3682         case AF_INET6:
3683                 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3684                     sap->sin6_family != AF_INET6)
3685                         return -EINVAL;
3686 #ifdef SMACK_IPV6_SECMARK_LABELING
3687                 rsp = smack_ipv6host_label(sap);
3688                 if (rsp != NULL)
3689                         rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3690                                                 SMK_CONNECTING);
3691 #endif
3692 #ifdef SMACK_IPV6_PORT_LABELING
3693                 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3694 #endif
3695 #endif /* IS_ENABLED(CONFIG_IPV6) */
3696                 break;
3697         }
3698         return rc;
3699 }
3700 
3701 /**
3702  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3703  * @sap: netlabel secattr
3704  * @ssp: socket security information
3705  *
3706  * Returns a pointer to a Smack label entry found on the label list.
3707  */
3708 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3709                                                 struct socket_smack *ssp)
3710 {
3711         struct smack_known *skp;
3712         int found = 0;
3713         int acat;
3714         int kcat;
3715 
3716         if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3717                 /*
3718                  * Looks like a CIPSO packet.
3719                  * If there are flags but no level netlabel isn't
3720                  * behaving the way we expect it to.
3721                  *
3722                  * Look it up in the label table
3723                  * Without guidance regarding the smack value
3724                  * for the packet fall back on the network
3725                  * ambient value.
3726                  */
3727                 rcu_read_lock();
3728                 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3729                         if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3730                                 continue;
3731                         /*
3732                          * Compare the catsets. Use the netlbl APIs.
3733                          */
3734                         if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3735                                 if ((skp->smk_netlabel.flags &
3736                                      NETLBL_SECATTR_MLS_CAT) == 0)
3737                                         found = 1;
3738                                 break;
3739                         }
3740                         for (acat = -1, kcat = -1; acat == kcat; ) {
3741                                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3742                                                           acat + 1);
3743                                 kcat = netlbl_catmap_walk(
3744                                         skp->smk_netlabel.attr.mls.cat,
3745                                         kcat + 1);
3746                                 if (acat < 0 || kcat < 0)
3747                                         break;
3748                         }
3749                         if (acat == kcat) {
3750                                 found = 1;
3751                                 break;
3752                         }
3753                 }
3754                 rcu_read_unlock();
3755 
3756                 if (found)
3757                         return skp;
3758 
3759                 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3760                         return &smack_known_web;
3761                 return &smack_known_star;
3762         }
3763         if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3764                 /*
3765                  * Looks like a fallback, which gives us a secid.
3766                  */
3767                 return smack_from_secid(sap->attr.secid);
3768         /*
3769          * Without guidance regarding the smack value
3770          * for the packet fall back on the network
3771          * ambient value.
3772          */
3773         return smack_net_ambient;
3774 }
3775 
3776 #if IS_ENABLED(CONFIG_IPV6)
3777 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3778 {
3779         u8 nexthdr;
3780         int offset;
3781         int proto = -EINVAL;
3782         struct ipv6hdr _ipv6h;
3783         struct ipv6hdr *ip6;
3784         __be16 frag_off;
3785         struct tcphdr _tcph, *th;
3786         struct udphdr _udph, *uh;
3787         struct dccp_hdr _dccph, *dh;
3788 
3789         sip->sin6_port = 0;
3790 
3791         offset = skb_network_offset(skb);
3792         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3793         if (ip6 == NULL)
3794                 return -EINVAL;
3795         sip->sin6_addr = ip6->saddr;
3796 
3797         nexthdr = ip6->nexthdr;
3798         offset += sizeof(_ipv6h);
3799         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3800         if (offset < 0)
3801                 return -EINVAL;
3802 
3803         proto = nexthdr;
3804         switch (proto) {
3805         case IPPROTO_TCP:
3806                 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3807                 if (th != NULL)
3808                         sip->sin6_port = th->source;
3809                 break;
3810         case IPPROTO_UDP:
3811         case IPPROTO_UDPLITE:
3812                 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3813                 if (uh != NULL)
3814                         sip->sin6_port = uh->source;
3815                 break;
3816         case IPPROTO_DCCP:
3817                 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3818                 if (dh != NULL)
3819                         sip->sin6_port = dh->dccph_sport;
3820                 break;
3821         }
3822         return proto;
3823 }
3824 #endif /* CONFIG_IPV6 */
3825 
3826 /**
3827  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3828  * @sk: socket
3829  * @skb: packet
3830  *
3831  * Returns 0 if the packet should be delivered, an error code otherwise
3832  */
3833 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3834 {
3835         struct netlbl_lsm_secattr secattr;
3836         struct socket_smack *ssp = sk->sk_security;
3837         struct smack_known *skp = NULL;
3838         int rc = 0;
3839         struct smk_audit_info ad;
3840         u16 family = sk->sk_family;
3841 #ifdef CONFIG_AUDIT
3842         struct lsm_network_audit net;
3843 #endif
3844 #if IS_ENABLED(CONFIG_IPV6)
3845         struct sockaddr_in6 sadd;
3846         int proto;
3847 
3848         if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3849                 family = PF_INET;
3850 #endif /* CONFIG_IPV6 */
3851 
3852         switch (family) {
3853         case PF_INET:
3854 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3855                 /*
3856                  * If there is a secmark use it rather than the CIPSO label.
3857                  * If there is no secmark fall back to CIPSO.
3858                  * The secmark is assumed to reflect policy better.
3859                  */
3860                 if (skb && skb->secmark != 0) {
3861                         skp = smack_from_secid(skb->secmark);
3862                         goto access_check;
3863                 }
3864 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3865                 /*
3866                  * Translate what netlabel gave us.
3867                  */
3868                 netlbl_secattr_init(&secattr);
3869 
3870                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3871                 if (rc == 0)
3872                         skp = smack_from_secattr(&secattr, ssp);
3873                 else
3874                         skp = smack_net_ambient;
3875 
3876                 netlbl_secattr_destroy(&secattr);
3877 
3878 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
3879 access_check:
3880 #endif
3881 #ifdef CONFIG_AUDIT
3882                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3883                 ad.a.u.net->family = family;
3884                 ad.a.u.net->netif = skb->skb_iif;
3885                 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3886 #endif
3887                 /*
3888                  * Receiving a packet requires that the other end
3889                  * be able to write here. Read access is not required.
3890                  * This is the simplist possible security model
3891                  * for networking.
3892                  */
3893                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3894                 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3895                                         MAY_WRITE, rc);
3896                 if (rc != 0)
3897                         netlbl_skbuff_err(skb, family, rc, 0);
3898                 break;
3899 #if IS_ENABLED(CONFIG_IPV6)
3900         case PF_INET6:
3901                 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3902                 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3903                     proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3904                         break;
3905 #ifdef SMACK_IPV6_SECMARK_LABELING
3906                 if (skb && skb->secmark != 0)
3907                         skp = smack_from_secid(skb->secmark);
3908                 else if (smk_ipv6_localhost(&sadd))
3909                         break;
3910                 else
3911                         skp = smack_ipv6host_label(&sadd);
3912                 if (skp == NULL)
3913                         skp = smack_net_ambient;
3914                 if (skb == NULL)
3915                         break;
3916 #ifdef CONFIG_AUDIT
3917                 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3918                 ad.a.u.net->family = family;
3919                 ad.a.u.net->netif = skb->skb_iif;
3920                 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3921 #endif /* CONFIG_AUDIT */
3922                 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3923                 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3924                                         MAY_WRITE, rc);
3925 #endif /* SMACK_IPV6_SECMARK_LABELING */
3926 #ifdef SMACK_IPV6_PORT_LABELING
3927                 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3928 #endif /* SMACK_IPV6_PORT_LABELING */
3929                 if (rc != 0)
3930                         icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3931                                         ICMPV6_ADM_PROHIBITED, 0);
3932                 break;
3933 #endif /* CONFIG_IPV6 */
3934         }
3935 
3936         return rc;
3937 }
3938 
3939 /**
3940  * smack_socket_getpeersec_stream - pull in packet label
3941  * @sock: the socket
3942  * @optval: user's destination
3943  * @optlen: size thereof
3944  * @len: max thereof
3945  *
3946  * returns zero on success, an error code otherwise
3947  */
3948 static int smack_socket_getpeersec_stream(struct socket *sock,
3949                                           char __user *optval,
3950                                           int __user *optlen, unsigned len)
3951 {
3952         struct socket_smack *ssp;
3953         char *rcp = "";
3954         int slen = 1;
3955         int rc = 0;
3956 
3957         ssp = sock->sk->sk_security;
3958         if (ssp->smk_packet != NULL) {
3959                 rcp = ssp->smk_packet->smk_known;
3960                 slen = strlen(rcp) + 1;
3961         }
3962 
3963         if (slen > len)
3964                 rc = -ERANGE;
3965         else if (copy_to_user(optval, rcp, slen) != 0)
3966                 rc = -EFAULT;
3967 
3968         if (put_user(slen, optlen) != 0)
3969                 rc = -EFAULT;
3970 
3971         return rc;
3972 }
3973 
3974 
3975 /**
3976  * smack_socket_getpeersec_dgram - pull in packet label
3977  * @sock: the peer socket
3978  * @skb: packet data
3979  * @secid: pointer to where to put the secid of the packet
3980  *
3981  * Sets the netlabel socket state on sk from parent
3982  */
3983 static int smack_socket_getpeersec_dgram(struct socket *sock,
3984                                          struct sk_buff *skb, u32 *secid)
3985 
3986 {
3987         struct netlbl_lsm_secattr secattr;
3988         struct socket_smack *ssp = NULL;
3989         struct smack_known *skp;
3990         int family = PF_UNSPEC;
3991         u32 s = 0;      /* 0 is the invalid secid */
3992         int rc;
3993 
3994         if (skb != NULL) {
3995                 if (skb->protocol == htons(ETH_P_IP))
3996                         family = PF_INET;
3997 #if IS_ENABLED(CONFIG_IPV6)
3998                 else if (skb->protocol == htons(ETH_P_IPV6))
3999                         family = PF_INET6;
4000 #endif /* CONFIG_IPV6 */
4001         }
4002         if (family == PF_UNSPEC && sock != NULL)
4003                 family = sock->sk->sk_family;
4004 
4005         switch (family) {
4006         case PF_UNIX:
4007                 ssp = sock->sk->sk_security;
4008                 s = ssp->smk_out->smk_secid;
4009                 break;
4010         case PF_INET:
4011 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4012                 s = skb->secmark;
4013                 if (s != 0)
4014                         break;
4015 #endif
4016                 /*
4017                  * Translate what netlabel gave us.
4018                  */
4019                 if (sock != NULL && sock->sk != NULL)
4020                         ssp = sock->sk->sk_security;
4021                 netlbl_secattr_init(&secattr);
4022                 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4023                 if (rc == 0) {
4024                         skp = smack_from_secattr(&secattr, ssp);
4025                         s = skp->smk_secid;
4026                 }
4027                 netlbl_secattr_destroy(&secattr);
4028                 break;
4029         case PF_INET6:
4030 #ifdef SMACK_IPV6_SECMARK_LABELING
4031                 s = skb->secmark;
4032 #endif
4033                 break;
4034         }
4035         *secid = s;
4036         if (s == 0)
4037                 return -EINVAL;
4038         return 0;
4039 }
4040 
4041 /**
4042  * smack_sock_graft - Initialize a newly created socket with an existing sock
4043  * @sk: child sock
4044  * @parent: parent socket
4045  *
4046  * Set the smk_{in,out} state of an existing sock based on the process that
4047  * is creating the new socket.
4048  */
4049 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4050 {
4051         struct socket_smack *ssp;
4052         struct smack_known *skp = smk_of_current();
4053 
4054         if (sk == NULL ||
4055             (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4056                 return;
4057 
4058         ssp = sk->sk_security;
4059         ssp->smk_in = skp;
4060         ssp->smk_out = skp;
4061         /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4062 }
4063 
4064 /**
4065  * smack_inet_conn_request - Smack access check on connect
4066  * @sk: socket involved
4067  * @skb: packet
4068  * @req: unused
4069  *
4070  * Returns 0 if a task with the packet label could write to
4071  * the socket, otherwise an error code
4072  */
4073 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4074                                    struct request_sock *req)
4075 {
4076         u16 family = sk->sk_family;
4077         struct smack_known *skp;
4078         struct socket_smack *ssp = sk->sk_security;
4079         struct netlbl_lsm_secattr secattr;
4080         struct sockaddr_in addr;
4081         struct iphdr *hdr;
4082         struct smack_known *hskp;
4083         int rc;
4084         struct smk_audit_info ad;
4085 #ifdef CONFIG_AUDIT
4086         struct lsm_network_audit net;
4087 #endif
4088 
4089 #if IS_ENABLED(CONFIG_IPV6)
4090         if (family == PF_INET6) {
4091                 /*
4092                  * Handle mapped IPv4 packets arriving
4093                  * via IPv6 sockets. Don't set up netlabel
4094                  * processing on IPv6.
4095                  */
4096                 if (skb->protocol == htons(ETH_P_IP))
4097                         family = PF_INET;
4098                 else
4099                         return 0;
4100         }
4101 #endif /* CONFIG_IPV6 */
4102 
4103 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4104         /*
4105          * If there is a secmark use it rather than the CIPSO label.
4106          * If there is no secmark fall back to CIPSO.
4107          * The secmark is assumed to reflect policy better.
4108          */
4109         if (skb && skb->secmark != 0) {
4110                 skp = smack_from_secid(skb->secmark);
4111                 goto access_check;
4112         }
4113 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4114 
4115         netlbl_secattr_init(&secattr);
4116         rc = netlbl_skbuff_getattr(skb, family, &secattr);
4117         if (rc == 0)
4118                 skp = smack_from_secattr(&secattr, ssp);
4119         else
4120                 skp = &smack_known_huh;
4121         netlbl_secattr_destroy(&secattr);
4122 
4123 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4124 access_check:
4125 #endif
4126 
4127 #ifdef CONFIG_AUDIT
4128         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4129         ad.a.u.net->family = family;
4130         ad.a.u.net->netif = skb->skb_iif;
4131         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4132 #endif
4133         /*
4134          * Receiving a packet requires that the other end be able to write
4135          * here. Read access is not required.
4136          */
4137         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4138         rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4139         if (rc != 0)
4140                 return rc;
4141 
4142         /*
4143          * Save the peer's label in the request_sock so we can later setup
4144          * smk_packet in the child socket so that SO_PEERCRED can report it.
4145          */
4146         req->peer_secid = skp->smk_secid;
4147 
4148         /*
4149          * We need to decide if we want to label the incoming connection here
4150          * if we do we only need to label the request_sock and the stack will
4151          * propagate the wire-label to the sock when it is created.
4152          */
4153         hdr = ip_hdr(skb);
4154         addr.sin_addr.s_addr = hdr->saddr;
4155         rcu_read_lock();
4156         hskp = smack_ipv4host_label(&addr);
4157         rcu_read_unlock();
4158 
4159         if (hskp == NULL)
4160                 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4161         else
4162                 netlbl_req_delattr(req);
4163 
4164         return rc;
4165 }
4166 
4167 /**
4168  * smack_inet_csk_clone - Copy the connection information to the new socket
4169  * @sk: the new socket
4170  * @req: the connection's request_sock
4171  *
4172  * Transfer the connection's peer label to the newly created socket.
4173  */
4174 static void smack_inet_csk_clone(struct sock *sk,
4175                                  const struct request_sock *req)
4176 {
4177         struct socket_smack *ssp = sk->sk_security;
4178         struct smack_known *skp;
4179 
4180         if (req->peer_secid != 0) {
4181                 skp = smack_from_secid(req->peer_secid);
4182                 ssp->smk_packet = skp;
4183         } else
4184                 ssp->smk_packet = NULL;
4185 }
4186 
4187 /*
4188  * Key management security hooks
4189  *
4190  * Casey has not tested key support very heavily.
4191  * The permission check is most likely too restrictive.
4192  * If you care about keys please have a look.
4193  */
4194 #ifdef CONFIG_KEYS
4195 
4196 /**
4197  * smack_key_alloc - Set the key security blob
4198  * @key: object
4199  * @cred: the credentials to use
4200  * @flags: unused
4201  *
4202  * No allocation required
4203  *
4204  * Returns 0
4205  */
4206 static int smack_key_alloc(struct key *key, const struct cred *cred,
4207                            unsigned long flags)
4208 {
4209         struct smack_known *skp = smk_of_task(smack_cred(cred));
4210 
4211         key->security = skp;
4212         return 0;
4213 }
4214 
4215 /**
4216  * smack_key_free - Clear the key security blob
4217  * @key: the object
4218  *
4219  * Clear the blob pointer
4220  */
4221 static void smack_key_free(struct key *key)
4222 {
4223         key->security = NULL;
4224 }
4225 
4226 /**
4227  * smack_key_permission - Smack access on a key
4228  * @key_ref: gets to the object
4229  * @cred: the credentials to use
4230  * @perm: requested key permissions
4231  *
4232  * Return 0 if the task has read and write to the object,
4233  * an error code otherwise
4234  */
4235 static int smack_key_permission(key_ref_t key_ref,
4236                                 const struct cred *cred, unsigned perm)
4237 {
4238         struct key *keyp;
4239         struct smk_audit_info ad;
4240         struct smack_known *tkp = smk_of_task(smack_cred(cred));
4241         int request = 0;
4242         int rc;
4243 
4244         /*
4245          * Validate requested permissions
4246          */
4247         if (perm & ~KEY_NEED_ALL)
4248                 return -EINVAL;
4249 
4250         keyp = key_ref_to_ptr(key_ref);
4251         if (keyp == NULL)
4252                 return -EINVAL;
4253         /*
4254          * If the key hasn't been initialized give it access so that
4255          * it may do so.
4256          */
4257         if (keyp->security == NULL)
4258                 return 0;
4259         /*
4260          * This should not occur
4261          */
4262         if (tkp == NULL)
4263                 return -EACCES;
4264 
4265         if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4266                 return 0;
4267 
4268 #ifdef CONFIG_AUDIT
4269         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4270         ad.a.u.key_struct.key = keyp->serial;
4271         ad.a.u.key_struct.key_desc = keyp->description;
4272 #endif
4273         if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4274                 request |= MAY_READ;
4275         if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4276                 request |= MAY_WRITE;
4277         rc = smk_access(tkp, keyp->security, request, &ad);
4278         rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4279         return rc;
4280 }
4281 
4282 /*
4283  * smack_key_getsecurity - Smack label tagging the key
4284  * @key points to the key to be queried
4285  * @_buffer points to a pointer that should be set to point to the
4286  * resulting string (if no label or an error occurs).
4287  * Return the length of the string (including terminating NUL) or -ve if
4288  * an error.
4289  * May also return 0 (and a NULL buffer pointer) if there is no label.
4290  */
4291 static int smack_key_getsecurity(struct key *key, char **_buffer)
4292 {
4293         struct smack_known *skp = key->security;
4294         size_t length;
4295         char *copy;
4296 
4297         if (key->security == NULL) {
4298                 *_buffer = NULL;
4299                 return 0;
4300         }
4301 
4302         copy = kstrdup(skp->smk_known, GFP_KERNEL);
4303         if (copy == NULL)
4304                 return -ENOMEM;
4305         length = strlen(copy) + 1;
4306 
4307         *_buffer = copy;
4308         return length;
4309 }
4310 
4311 #endif /* CONFIG_KEYS */
4312 
4313 /*
4314  * Smack Audit hooks
4315  *
4316  * Audit requires a unique representation of each Smack specific
4317  * rule. This unique representation is used to distinguish the
4318  * object to be audited from remaining kernel objects and also
4319  * works as a glue between the audit hooks.
4320  *
4321  * Since repository entries are added but never deleted, we'll use
4322  * the smack_known label address related to the given audit rule as
4323  * the needed unique representation. This also better fits the smack
4324  * model where nearly everything is a label.
4325  */
4326 #ifdef CONFIG_AUDIT
4327 
4328 /**
4329  * smack_audit_rule_init - Initialize a smack audit rule
4330  * @field: audit rule fields given from user-space (audit.h)
4331  * @op: required testing operator (=, !=, >, <, ...)
4332  * @rulestr: smack label to be audited
4333  * @vrule: pointer to save our own audit rule representation
4334  *
4335  * Prepare to audit cases where (@field @op @rulestr) is true.
4336  * The label to be audited is created if necessay.
4337  */
4338 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4339 {
4340         struct smack_known *skp;
4341         char **rule = (char **)vrule;
4342         *rule = NULL;
4343 
4344         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4345                 return -EINVAL;
4346 
4347         if (op != Audit_equal && op != Audit_not_equal)
4348                 return -EINVAL;
4349 
4350         skp = smk_import_entry(rulestr, 0);
4351         if (IS_ERR(skp))
4352                 return PTR_ERR(skp);
4353 
4354         *rule = skp->smk_known;
4355 
4356         return 0;
4357 }
4358 
4359 /**
4360  * smack_audit_rule_known - Distinguish Smack audit rules
4361  * @krule: rule of interest, in Audit kernel representation format
4362  *
4363  * This is used to filter Smack rules from remaining Audit ones.
4364  * If it's proved that this rule belongs to us, the
4365  * audit_rule_match hook will be called to do the final judgement.
4366  */
4367 static int smack_audit_rule_known(struct audit_krule *krule)
4368 {
4369         struct audit_field *f;
4370         int i;
4371 
4372         for (i = 0; i < krule->field_count; i++) {
4373                 f = &krule->fields[i];
4374 
4375                 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4376                         return 1;
4377         }
4378 
4379         return 0;
4380 }
4381 
4382 /**
4383  * smack_audit_rule_match - Audit given object ?
4384  * @secid: security id for identifying the object to test
4385  * @field: audit rule flags given from user-space
4386  * @op: required testing operator
4387  * @vrule: smack internal rule presentation
4388  *
4389  * The core Audit hook. It's used to take the decision of
4390  * whether to audit or not to audit a given object.
4391  */
4392 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4393 {
4394         struct smack_known *skp;
4395         char *rule = vrule;
4396 
4397         if (unlikely(!rule)) {
4398                 WARN_ONCE(1, "Smack: missing rule\n");
4399                 return -ENOENT;
4400         }
4401 
4402         if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4403                 return 0;
4404 
4405         skp = smack_from_secid(secid);
4406 
4407         /*
4408          * No need to do string comparisons. If a match occurs,
4409          * both pointers will point to the same smack_known
4410          * label.
4411          */
4412         if (op == Audit_equal)
4413                 return (rule == skp->smk_known);
4414         if (op == Audit_not_equal)
4415                 return (rule != skp->smk_known);
4416 
4417         return 0;
4418 }
4419 
4420 /*
4421  * There is no need for a smack_audit_rule_free hook.
4422  * No memory was allocated.
4423  */
4424 
4425 #endif /* CONFIG_AUDIT */
4426 
4427 /**
4428  * smack_ismaclabel - check if xattr @name references a smack MAC label
4429  * @name: Full xattr name to check.
4430  */
4431 static int smack_ismaclabel(const char *name)
4432 {
4433         return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4434 }
4435 
4436 
4437 /**
4438  * smack_secid_to_secctx - return the smack label for a secid
4439  * @secid: incoming integer
4440  * @secdata: destination
4441  * @seclen: how long it is
4442  *
4443  * Exists for networking code.
4444  */
4445 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4446 {
4447         struct smack_known *skp = smack_from_secid(secid);
4448 
4449         if (secdata)
4450                 *secdata = skp->smk_known;
4451         *seclen = strlen(skp->smk_known);
4452         return 0;
4453 }
4454 
4455 /**
4456  * smack_secctx_to_secid - return the secid for a smack label
4457  * @secdata: smack label
4458  * @seclen: how long result is
4459  * @secid: outgoing integer
4460  *
4461  * Exists for audit and networking code.
4462  */
4463 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4464 {
4465         struct smack_known *skp = smk_find_entry(secdata);
4466 
4467         if (skp)
4468                 *secid = skp->smk_secid;
4469         else
4470                 *secid = 0;
4471         return 0;
4472 }
4473 
4474 /*
4475  * There used to be a smack_release_secctx hook
4476  * that did nothing back when hooks were in a vector.
4477  * Now that there's a list such a hook adds cost.
4478  */
4479 
4480 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4481 {
4482         return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4483 }
4484 
4485 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4486 {
4487         return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4488 }
4489 
4490 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4491 {
4492         struct smack_known *skp = smk_of_inode(inode);
4493 
4494         *ctx = skp->smk_known;
4495         *ctxlen = strlen(skp->smk_known);
4496         return 0;
4497 }
4498 
4499 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4500 {
4501 
4502         struct task_smack *tsp;
4503         struct smack_known *skp;
4504         struct inode_smack *isp;
4505         struct cred *new_creds = *new;
4506 
4507         if (new_creds == NULL) {
4508                 new_creds = prepare_creds();
4509                 if (new_creds == NULL)
4510                         return -ENOMEM;
4511         }
4512 
4513         tsp = smack_cred(new_creds);
4514 
4515         /*
4516          * Get label from overlay inode and set it in create_sid
4517          */
4518         isp = smack_inode(d_inode(dentry->d_parent));
4519         skp = isp->smk_inode;
4520         tsp->smk_task = skp;
4521         *new = new_creds;
4522         return 0;
4523 }
4524 
4525 static int smack_inode_copy_up_xattr(const char *name)
4526 {
4527         /*
4528          * Return 1 if this is the smack access Smack attribute.
4529          */
4530         if (strcmp(name, XATTR_NAME_SMACK) == 0)
4531                 return 1;
4532 
4533         return -EOPNOTSUPP;
4534 }
4535 
4536 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4537                                         struct qstr *name,
4538                                         const struct cred *old,
4539                                         struct cred *new)
4540 {
4541         struct task_smack *otsp = smack_cred(old);
4542         struct task_smack *ntsp = smack_cred(new);
4543         struct inode_smack *isp;
4544         int may;
4545 
4546         /*
4547          * Use the process credential unless all of
4548          * the transmuting criteria are met
4549          */
4550         ntsp->smk_task = otsp->smk_task;
4551 
4552         /*
4553          * the attribute of the containing directory
4554          */
4555         isp = smack_inode(d_inode(dentry->d_parent));
4556 
4557         if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4558                 rcu_read_lock();
4559                 may = smk_access_entry(otsp->smk_task->smk_known,
4560                                        isp->smk_inode->smk_known,
4561                                        &otsp->smk_task->smk_rules);
4562                 rcu_read_unlock();
4563 
4564                 /*
4565                  * If the directory is transmuting and the rule
4566                  * providing access is transmuting use the containing
4567                  * directory label instead of the process label.
4568                  */
4569                 if (may > 0 && (may & MAY_TRANSMUTE))
4570                         ntsp->smk_task = isp->smk_inode;
4571         }
4572         return 0;
4573 }
4574 
4575 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4576         .lbs_cred = sizeof(struct task_smack),
4577         .lbs_file = sizeof(struct smack_known *),
4578         .lbs_inode = sizeof(struct inode_smack),
4579         .lbs_ipc = sizeof(struct smack_known *),
4580         .lbs_msg_msg = sizeof(struct smack_known *),
4581 };
4582 
4583 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4584         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4585         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4586         LSM_HOOK_INIT(syslog, smack_syslog),
4587 
4588         LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4589         LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4590 
4591         LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4592         LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4593         LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4594         LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4595         LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4596         LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4597 
4598         LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4599 
4600         LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4601         LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4602         LSM_HOOK_INIT(inode_link, smack_inode_link),
4603         LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4604         LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4605         LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4606         LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4607         LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4608         LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4609         LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4610         LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4611         LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4612         LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4613         LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4614         LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4615         LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4616         LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4617 
4618         LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4619         LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4620         LSM_HOOK_INIT(file_lock, smack_file_lock),
4621         LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4622         LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4623         LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4624         LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4625         LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4626         LSM_HOOK_INIT(file_receive, smack_file_receive),
4627 
4628         LSM_HOOK_INIT(file_open, smack_file_open),
4629 
4630         LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4631         LSM_HOOK_INIT(cred_free, smack_cred_free),
4632         LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4633         LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4634         LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4635         LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4636         LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4637         LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4638         LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4639         LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4640         LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4641         LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4642         LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4643         LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4644         LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4645         LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4646         LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4647         LSM_HOOK_INIT(task_kill, smack_task_kill),
4648         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4649 
4650         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4651         LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4652 
4653         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4654 
4655         LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4656         LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4657         LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4658         LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4659         LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4660 
4661         LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4662         LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4663         LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4664         LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4665 
4666         LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4667         LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4668         LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4669         LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4670 
4671         LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4672 
4673         LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4674         LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4675 
4676         LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4677         LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4678 
4679         LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4680         LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4681 #ifdef SMACK_IPV6_PORT_LABELING
4682         LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4683 #endif
4684         LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4685         LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4686         LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4687         LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4688         LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4689         LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4690         LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4691         LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4692         LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4693         LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4694 
4695  /* key management security hooks */
4696 #ifdef CONFIG_KEYS
4697         LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4698         LSM_HOOK_INIT(key_free, smack_key_free),
4699         LSM_HOOK_INIT(key_permission, smack_key_permission),
4700         LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4701 #endif /* CONFIG_KEYS */
4702 
4703  /* Audit hooks */
4704 #ifdef CONFIG_AUDIT
4705         LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4706         LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4707         LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4708 #endif /* CONFIG_AUDIT */
4709 
4710         LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4711         LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4712         LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4713         LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4714         LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4715         LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4716         LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4717         LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4718         LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4719 };
4720 
4721 
4722 static __init void init_smack_known_list(void)
4723 {
4724         /*
4725          * Initialize rule list locks
4726          */
4727         mutex_init(&smack_known_huh.smk_rules_lock);
4728         mutex_init(&smack_known_hat.smk_rules_lock);
4729         mutex_init(&smack_known_floor.smk_rules_lock);
4730         mutex_init(&smack_known_star.smk_rules_lock);
4731         mutex_init(&smack_known_web.smk_rules_lock);
4732         /*
4733          * Initialize rule lists
4734          */
4735         INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4736         INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4737         INIT_LIST_HEAD(&smack_known_star.smk_rules);
4738         INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4739         INIT_LIST_HEAD(&smack_known_web.smk_rules);
4740         /*
4741          * Create the known labels list
4742          */
4743         smk_insert_entry(&smack_known_huh);
4744         smk_insert_entry(&smack_known_hat);
4745         smk_insert_entry(&smack_known_star);
4746         smk_insert_entry(&smack_known_floor);
4747         smk_insert_entry(&smack_known_web);
4748 }
4749 
4750 /**
4751  * smack_init - initialize the smack system
4752  *
4753  * Returns 0 on success, -ENOMEM is there's no memory
4754  */
4755 static __init int smack_init(void)
4756 {
4757         struct cred *cred = (struct cred *) current->cred;
4758         struct task_smack *tsp;
4759 
4760         smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4761         if (!smack_inode_cache)
4762                 return -ENOMEM;
4763 
4764         smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4765         if (!smack_rule_cache) {
4766                 kmem_cache_destroy(smack_inode_cache);
4767                 return -ENOMEM;
4768         }
4769 
4770         /*
4771          * Set the security state for the initial task.
4772          */
4773         tsp = smack_cred(cred);
4774         init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4775 
4776         /*
4777          * Register with LSM
4778          */
4779         security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4780         smack_enabled = 1;
4781 
4782         pr_info("Smack:  Initializing.\n");
4783 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4784         pr_info("Smack:  Netfilter enabled.\n");
4785 #endif
4786 #ifdef SMACK_IPV6_PORT_LABELING
4787         pr_info("Smack:  IPv6 port labeling enabled.\n");
4788 #endif
4789 #ifdef SMACK_IPV6_SECMARK_LABELING
4790         pr_info("Smack:  IPv6 Netfilter enabled.\n");
4791 #endif
4792 
4793         /* initialize the smack_known_list */
4794         init_smack_known_list();
4795 
4796         return 0;
4797 }
4798 
4799 /*
4800  * Smack requires early initialization in order to label
4801  * all processes and objects when they are created.
4802  */
4803 DEFINE_LSM(smack) = {
4804         .name = "smack",
4805         .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
4806         .blobs = &smack_blob_sizes,
4807         .init = smack_init,
4808 };

/* [<][>][^][v][top][bottom][index][help] */