security/smack/smack_lsm.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *  Simplified MAC Kernel (smack) security module
0004  *
0005  *  This file contains the smack hook function implementations.
0006  *
0007  *  Authors:
0008  *  Casey Schaufler <casey@schaufler-ca.com>
0009  *  Jarkko Sakkinen <jarkko.sakkinen@intel.com>
0010  *
0011  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
0012  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
0013  *                Paul Moore <paul@paul-moore.com>
0014  *  Copyright (C) 2010 Nokia Corporation
0015  *  Copyright (C) 2011 Intel Corporation.
0016  */
0017
0018 #include <linux/xattr.h>
0019 #include <linux/pagemap.h>
0020 #include <linux/mount.h>
0021 #include <linux/stat.h>
0022 #include <linux/kd.h>
0023 #include <asm/ioctls.h>
0024 #include <linux/ip.h>
0025 #include <linux/tcp.h>
0026 #include <linux/udp.h>
0027 #include <linux/dccp.h>
0028 #include <linux/icmpv6.h>
0029 #include <linux/slab.h>
0030 #include <linux/mutex.h>
0031 #include <net/cipso_ipv4.h>
0032 #include <net/ip.h>
0033 #include <net/ipv6.h>
0034 #include <linux/audit.h>
0035 #include <linux/magic.h>
0036 #include <linux/dcache.h>
0037 #include <linux/personality.h>
0038 #include <linux/msg.h>
0039 #include <linux/shm.h>
0040 #include <linux/binfmts.h>
0041 #include <linux/parser.h>
0042 #include <linux/fs_context.h>
0043 #include <linux/fs_parser.h>
0044 #include <linux/watch_queue.h>
0045 #include <linux/io_uring.h>
0046 #include "smack.h"
0047
0048 #define TRANS_TRUE  "TRUE"
0049 #define TRANS_TRUE_SIZE 4
0050
0051 #define SMK_CONNECTING  0
0052 #define SMK_RECEIVING   1
0053 #define SMK_SENDING 2
0054
0055 #ifdef SMACK_IPV6_PORT_LABELING
0056 static DEFINE_MUTEX(smack_ipv6_lock);
0057 static LIST_HEAD(smk_ipv6_port_list);
0058 #endif
0059 struct kmem_cache *smack_rule_cache;
0060 int smack_enabled __initdata;
0061
0062 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
0063 static struct {
0064     const char *name;
0065     int len;
0066     int opt;
0067 } smk_mount_opts[] = {
0068     {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
0069     A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
0070 };
0071 #undef A
0072
0073 static int match_opt_prefix(char *s, int l, char **arg)
0074 {
0075     int i;
0076
0077     for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
0078         size_t len = smk_mount_opts[i].len;
0079         if (len > l || memcmp(s, smk_mount_opts[i].name, len))
0080             continue;
0081         if (len == l || s[len] != '=')
0082             continue;
0083         *arg = s + len + 1;
0084         return smk_mount_opts[i].opt;
0085     }
0086     return Opt_error;
0087 }
0088
0089 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0090 static char *smk_bu_mess[] = {
0091     "Bringup Error",    /* Unused */
0092     "Bringup",      /* SMACK_BRINGUP_ALLOW */
0093     "Unconfined Subject",   /* SMACK_UNCONFINED_SUBJECT */
0094     "Unconfined Object",    /* SMACK_UNCONFINED_OBJECT */
0095 };
0096
0097 static void smk_bu_mode(int mode, char *s)
0098 {
0099     int i = 0;
0100
0101     if (mode & MAY_READ)
0102         s[i++] = 'r';
0103     if (mode & MAY_WRITE)
0104         s[i++] = 'w';
0105     if (mode & MAY_EXEC)
0106         s[i++] = 'x';
0107     if (mode & MAY_APPEND)
0108         s[i++] = 'a';
0109     if (mode & MAY_TRANSMUTE)
0110         s[i++] = 't';
0111     if (mode & MAY_LOCK)
0112         s[i++] = 'l';
0113     if (i == 0)
0114         s[i++] = '-';
0115     s[i] = '\0';
0116 }
0117 #endif
0118
0119 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0120 static int smk_bu_note(char *note, struct smack_known *sskp,
0121                struct smack_known *oskp, int mode, int rc)
0122 {
0123     char acc[SMK_NUM_ACCESS_TYPE + 1];
0124
0125     if (rc <= 0)
0126         return rc;
0127     if (rc > SMACK_UNCONFINED_OBJECT)
0128         rc = 0;
0129
0130     smk_bu_mode(mode, acc);
0131     pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
0132         sskp->smk_known, oskp->smk_known, acc, note);
0133     return 0;
0134 }
0135 #else
0136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
0137 #endif
0138
0139 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0140 static int smk_bu_current(char *note, struct smack_known *oskp,
0141               int mode, int rc)
0142 {
0143     struct task_smack *tsp = smack_cred(current_cred());
0144     char acc[SMK_NUM_ACCESS_TYPE + 1];
0145
0146     if (rc <= 0)
0147         return rc;
0148     if (rc > SMACK_UNCONFINED_OBJECT)
0149         rc = 0;
0150
0151     smk_bu_mode(mode, acc);
0152     pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
0153         tsp->smk_task->smk_known, oskp->smk_known,
0154         acc, current->comm, note);
0155     return 0;
0156 }
0157 #else
0158 #define smk_bu_current(note, oskp, mode, RC) (RC)
0159 #endif
0160
0161 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0162 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
0163 {
0164     struct task_smack *tsp = smack_cred(current_cred());
0165     struct smack_known *smk_task = smk_of_task_struct_obj(otp);
0166     char acc[SMK_NUM_ACCESS_TYPE + 1];
0167
0168     if (rc <= 0)
0169         return rc;
0170     if (rc > SMACK_UNCONFINED_OBJECT)
0171         rc = 0;
0172
0173     smk_bu_mode(mode, acc);
0174     pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
0175         tsp->smk_task->smk_known, smk_task->smk_known, acc,
0176         current->comm, otp->comm);
0177     return 0;
0178 }
0179 #else
0180 #define smk_bu_task(otp, mode, RC) (RC)
0181 #endif
0182
0183 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0184 static int smk_bu_inode(struct inode *inode, int mode, int rc)
0185 {
0186     struct task_smack *tsp = smack_cred(current_cred());
0187     struct inode_smack *isp = smack_inode(inode);
0188     char acc[SMK_NUM_ACCESS_TYPE + 1];
0189
0190     if (isp->smk_flags & SMK_INODE_IMPURE)
0191         pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
0192             inode->i_sb->s_id, inode->i_ino, current->comm);
0193
0194     if (rc <= 0)
0195         return rc;
0196     if (rc > SMACK_UNCONFINED_OBJECT)
0197         rc = 0;
0198     if (rc == SMACK_UNCONFINED_SUBJECT &&
0199         (mode & (MAY_WRITE | MAY_APPEND)))
0200         isp->smk_flags |= SMK_INODE_IMPURE;
0201
0202     smk_bu_mode(mode, acc);
0203
0204     pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
0205         tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
0206         inode->i_sb->s_id, inode->i_ino, current->comm);
0207     return 0;
0208 }
0209 #else
0210 #define smk_bu_inode(inode, mode, RC) (RC)
0211 #endif
0212
0213 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0214 static int smk_bu_file(struct file *file, int mode, int rc)
0215 {
0216     struct task_smack *tsp = smack_cred(current_cred());
0217     struct smack_known *sskp = tsp->smk_task;
0218     struct inode *inode = file_inode(file);
0219     struct inode_smack *isp = smack_inode(inode);
0220     char acc[SMK_NUM_ACCESS_TYPE + 1];
0221
0222     if (isp->smk_flags & SMK_INODE_IMPURE)
0223         pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
0224             inode->i_sb->s_id, inode->i_ino, current->comm);
0225
0226     if (rc <= 0)
0227         return rc;
0228     if (rc > SMACK_UNCONFINED_OBJECT)
0229         rc = 0;
0230
0231     smk_bu_mode(mode, acc);
0232     pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
0233         sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
0234         inode->i_sb->s_id, inode->i_ino, file,
0235         current->comm);
0236     return 0;
0237 }
0238 #else
0239 #define smk_bu_file(file, mode, RC) (RC)
0240 #endif
0241
0242 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
0243 static int smk_bu_credfile(const struct cred *cred, struct file *file,
0244                 int mode, int rc)
0245 {
0246     struct task_smack *tsp = smack_cred(cred);
0247     struct smack_known *sskp = tsp->smk_task;
0248     struct inode *inode = file_inode(file);
0249     struct inode_smack *isp = smack_inode(inode);
0250     char acc[SMK_NUM_ACCESS_TYPE + 1];
0251
0252     if (isp->smk_flags & SMK_INODE_IMPURE)
0253         pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
0254             inode->i_sb->s_id, inode->i_ino, current->comm);
0255
0256     if (rc <= 0)
0257         return rc;
0258     if (rc > SMACK_UNCONFINED_OBJECT)
0259         rc = 0;
0260
0261     smk_bu_mode(mode, acc);
0262     pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
0263         sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
0264         inode->i_sb->s_id, inode->i_ino, file,
0265         current->comm);
0266     return 0;
0267 }
0268 #else
0269 #define smk_bu_credfile(cred, file, mode, RC) (RC)
0270 #endif
0271
0272 /**
0273  * smk_fetch - Fetch the smack label from a file.
0274  * @name: type of the label (attribute)
0275  * @ip: a pointer to the inode
0276  * @dp: a pointer to the dentry
0277  *
0278  * Returns a pointer to the master list entry for the Smack label,
0279  * NULL if there was no label to fetch, or an error code.
0280  */
0281 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
0282                     struct dentry *dp)
0283 {
0284     int rc;
0285     char *buffer;
0286     struct smack_known *skp = NULL;
0287
0288     if (!(ip->i_opflags & IOP_XATTR))
0289         return ERR_PTR(-EOPNOTSUPP);
0290
0291     buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
0292     if (buffer == NULL)
0293         return ERR_PTR(-ENOMEM);
0294
0295     rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
0296     if (rc < 0)
0297         skp = ERR_PTR(rc);
0298     else if (rc == 0)
0299         skp = NULL;
0300     else
0301         skp = smk_import_entry(buffer, rc);
0302
0303     kfree(buffer);
0304
0305     return skp;
0306 }
0307
0308 /**
0309  * init_inode_smack - initialize an inode security blob
0310  * @inode: inode to extract the info from
0311  * @skp: a pointer to the Smack label entry to use in the blob
0312  *
0313  */
0314 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
0315 {
0316     struct inode_smack *isp = smack_inode(inode);
0317
0318     isp->smk_inode = skp;
0319     isp->smk_flags = 0;
0320 }
0321
0322 /**
0323  * init_task_smack - initialize a task security blob
0324  * @tsp: blob to initialize
0325  * @task: a pointer to the Smack label for the running task
0326  * @forked: a pointer to the Smack label for the forked task
0327  *
0328  */
0329 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
0330                     struct smack_known *forked)
0331 {
0332     tsp->smk_task = task;
0333     tsp->smk_forked = forked;
0334     INIT_LIST_HEAD(&tsp->smk_rules);
0335     INIT_LIST_HEAD(&tsp->smk_relabel);
0336     mutex_init(&tsp->smk_rules_lock);
0337 }
0338
0339 /**
0340  * smk_copy_rules - copy a rule set
0341  * @nhead: new rules header pointer
0342  * @ohead: old rules header pointer
0343  * @gfp: type of the memory for the allocation
0344  *
0345  * Returns 0 on success, -ENOMEM on error
0346  */
0347 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
0348                 gfp_t gfp)
0349 {
0350     struct smack_rule *nrp;
0351     struct smack_rule *orp;
0352     int rc = 0;
0353
0354     list_for_each_entry_rcu(orp, ohead, list) {
0355         nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
0356         if (nrp == NULL) {
0357             rc = -ENOMEM;
0358             break;
0359         }
0360         *nrp = *orp;
0361         list_add_rcu(&nrp->list, nhead);
0362     }
0363     return rc;
0364 }
0365
0366 /**
0367  * smk_copy_relabel - copy smk_relabel labels list
0368  * @nhead: new rules header pointer
0369  * @ohead: old rules header pointer
0370  * @gfp: type of the memory for the allocation
0371  *
0372  * Returns 0 on success, -ENOMEM on error
0373  */
0374 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
0375                 gfp_t gfp)
0376 {
0377     struct smack_known_list_elem *nklep;
0378     struct smack_known_list_elem *oklep;
0379
0380     list_for_each_entry(oklep, ohead, list) {
0381         nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
0382         if (nklep == NULL) {
0383             smk_destroy_label_list(nhead);
0384             return -ENOMEM;
0385         }
0386         nklep->smk_label = oklep->smk_label;
0387         list_add(&nklep->list, nhead);
0388     }
0389
0390     return 0;
0391 }
0392
0393 /**
0394  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
0395  * @mode: input mode in form of PTRACE_MODE_*
0396  *
0397  * Returns a converted MAY_* mode usable by smack rules
0398  */
0399 static inline unsigned int smk_ptrace_mode(unsigned int mode)
0400 {
0401     if (mode & PTRACE_MODE_ATTACH)
0402         return MAY_READWRITE;
0403     if (mode & PTRACE_MODE_READ)
0404         return MAY_READ;
0405
0406     return 0;
0407 }
0408
0409 /**
0410  * smk_ptrace_rule_check - helper for ptrace access
0411  * @tracer: tracer process
0412  * @tracee_known: label entry of the process that's about to be traced
0413  * @mode: ptrace attachment mode (PTRACE_MODE_*)
0414  * @func: name of the function that called us, used for audit
0415  *
0416  * Returns 0 on access granted, -error on error
0417  */
0418 static int smk_ptrace_rule_check(struct task_struct *tracer,
0419                  struct smack_known *tracee_known,
0420                  unsigned int mode, const char *func)
0421 {
0422     int rc;
0423     struct smk_audit_info ad, *saip = NULL;
0424     struct task_smack *tsp;
0425     struct smack_known *tracer_known;
0426     const struct cred *tracercred;
0427
0428     if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
0429         smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
0430         smk_ad_setfield_u_tsk(&ad, tracer);
0431         saip = &ad;
0432     }
0433
0434     rcu_read_lock();
0435     tracercred = __task_cred(tracer);
0436     tsp = smack_cred(tracercred);
0437     tracer_known = smk_of_task(tsp);
0438
0439     if ((mode & PTRACE_MODE_ATTACH) &&
0440         (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
0441          smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
0442         if (tracer_known->smk_known == tracee_known->smk_known)
0443             rc = 0;
0444         else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
0445             rc = -EACCES;
0446         else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
0447             rc = 0;
0448         else
0449             rc = -EACCES;
0450
0451         if (saip)
0452             smack_log(tracer_known->smk_known,
0453                   tracee_known->smk_known,
0454                   0, rc, saip);
0455
0456         rcu_read_unlock();
0457         return rc;
0458     }
0459
0460     /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
0461     rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
0462
0463     rcu_read_unlock();
0464     return rc;
0465 }
0466
0467 /*
0468  * LSM hooks.
0469  * We he, that is fun!
0470  */
0471
0472 /**
0473  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
0474  * @ctp: child task pointer
0475  * @mode: ptrace attachment mode (PTRACE_MODE_*)
0476  *
0477  * Returns 0 if access is OK, an error code otherwise
0478  *
0479  * Do the capability checks.
0480  */
0481 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
0482 {
0483     struct smack_known *skp;
0484
0485     skp = smk_of_task_struct_obj(ctp);
0486
0487     return smk_ptrace_rule_check(current, skp, mode, __func__);
0488 }
0489
0490 /**
0491  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
0492  * @ptp: parent task pointer
0493  *
0494  * Returns 0 if access is OK, an error code otherwise
0495  *
0496  * Do the capability checks, and require PTRACE_MODE_ATTACH.
0497  */
0498 static int smack_ptrace_traceme(struct task_struct *ptp)
0499 {
0500     int rc;
0501     struct smack_known *skp;
0502
0503     skp = smk_of_task(smack_cred(current_cred()));
0504
0505     rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
0506     return rc;
0507 }
0508
0509 /**
0510  * smack_syslog - Smack approval on syslog
0511  * @typefrom_file: unused
0512  *
0513  * Returns 0 on success, error code otherwise.
0514  */
0515 static int smack_syslog(int typefrom_file)
0516 {
0517     int rc = 0;
0518     struct smack_known *skp = smk_of_current();
0519
0520     if (smack_privileged(CAP_MAC_OVERRIDE))
0521         return 0;
0522
0523     if (smack_syslog_label != NULL && smack_syslog_label != skp)
0524         rc = -EACCES;
0525
0526     return rc;
0527 }
0528
0529 /*
0530  * Superblock Hooks.
0531  */
0532
0533 /**
0534  * smack_sb_alloc_security - allocate a superblock blob
0535  * @sb: the superblock getting the blob
0536  *
0537  * Returns 0 on success or -ENOMEM on error.
0538  */
0539 static int smack_sb_alloc_security(struct super_block *sb)
0540 {
0541     struct superblock_smack *sbsp = smack_superblock(sb);
0542
0543     sbsp->smk_root = &smack_known_floor;
0544     sbsp->smk_default = &smack_known_floor;
0545     sbsp->smk_floor = &smack_known_floor;
0546     sbsp->smk_hat = &smack_known_hat;
0547     /*
0548      * SMK_SB_INITIALIZED will be zero from kzalloc.
0549      */
0550
0551     return 0;
0552 }
0553
0554 struct smack_mnt_opts {
0555     const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
0556 };
0557
0558 static void smack_free_mnt_opts(void *mnt_opts)
0559 {
0560     struct smack_mnt_opts *opts = mnt_opts;
0561     kfree(opts->fsdefault);
0562     kfree(opts->fsfloor);
0563     kfree(opts->fshat);
0564     kfree(opts->fsroot);
0565     kfree(opts->fstransmute);
0566     kfree(opts);
0567 }
0568
0569 static int smack_add_opt(int token, const char *s, void **mnt_opts)
0570 {
0571     struct smack_mnt_opts *opts = *mnt_opts;
0572
0573     if (!opts) {
0574         opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
0575         if (!opts)
0576             return -ENOMEM;
0577         *mnt_opts = opts;
0578     }
0579     if (!s)
0580         return -ENOMEM;
0581
0582     switch (token) {
0583     case Opt_fsdefault:
0584         if (opts->fsdefault)
0585             goto out_opt_err;
0586         opts->fsdefault = s;
0587         break;
0588     case Opt_fsfloor:
0589         if (opts->fsfloor)
0590             goto out_opt_err;
0591         opts->fsfloor = s;
0592         break;
0593     case Opt_fshat:
0594         if (opts->fshat)
0595             goto out_opt_err;
0596         opts->fshat = s;
0597         break;
0598     case Opt_fsroot:
0599         if (opts->fsroot)
0600             goto out_opt_err;
0601         opts->fsroot = s;
0602         break;
0603     case Opt_fstransmute:
0604         if (opts->fstransmute)
0605             goto out_opt_err;
0606         opts->fstransmute = s;
0607         break;
0608     }
0609     return 0;
0610
0611 out_opt_err:
0612     pr_warn("Smack: duplicate mount options\n");
0613     return -EINVAL;
0614 }
0615
0616 /**
0617  * smack_fs_context_dup - Duplicate the security data on fs_context duplication
0618  * @fc: The new filesystem context.
0619  * @src_fc: The source filesystem context being duplicated.
0620  *
0621  * Returns 0 on success or -ENOMEM on error.
0622  */
0623 static int smack_fs_context_dup(struct fs_context *fc,
0624                 struct fs_context *src_fc)
0625 {
0626     struct smack_mnt_opts *dst, *src = src_fc->security;
0627
0628     if (!src)
0629         return 0;
0630
0631     fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
0632     if (!fc->security)
0633         return -ENOMEM;
0634     dst = fc->security;
0635
0636     if (src->fsdefault) {
0637         dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
0638         if (!dst->fsdefault)
0639             return -ENOMEM;
0640     }
0641     if (src->fsfloor) {
0642         dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
0643         if (!dst->fsfloor)
0644             return -ENOMEM;
0645     }
0646     if (src->fshat) {
0647         dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
0648         if (!dst->fshat)
0649             return -ENOMEM;
0650     }
0651     if (src->fsroot) {
0652         dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
0653         if (!dst->fsroot)
0654             return -ENOMEM;
0655     }
0656     if (src->fstransmute) {
0657         dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
0658         if (!dst->fstransmute)
0659             return -ENOMEM;
0660     }
0661     return 0;
0662 }
0663
0664 static const struct fs_parameter_spec smack_fs_parameters[] = {
0665     fsparam_string("smackfsdef",        Opt_fsdefault),
0666     fsparam_string("smackfsdefault",    Opt_fsdefault),
0667     fsparam_string("smackfsfloor",      Opt_fsfloor),
0668     fsparam_string("smackfshat",        Opt_fshat),
0669     fsparam_string("smackfsroot",       Opt_fsroot),
0670     fsparam_string("smackfstransmute",  Opt_fstransmute),
0671     {}
0672 };
0673
0674 /**
0675  * smack_fs_context_parse_param - Parse a single mount parameter
0676  * @fc: The new filesystem context being constructed.
0677  * @param: The parameter.
0678  *
0679  * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
0680  * error.
0681  */
0682 static int smack_fs_context_parse_param(struct fs_context *fc,
0683                     struct fs_parameter *param)
0684 {
0685     struct fs_parse_result result;
0686     int opt, rc;
0687
0688     opt = fs_parse(fc, smack_fs_parameters, param, &result);
0689     if (opt < 0)
0690         return opt;
0691
0692     rc = smack_add_opt(opt, param->string, &fc->security);
0693     if (!rc)
0694         param->string = NULL;
0695     return rc;
0696 }
0697
0698 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
0699 {
0700     char *from = options, *to = options;
0701     bool first = true;
0702
0703     while (1) {
0704         char *next = strchr(from, ',');
0705         int token, len, rc;
0706         char *arg = NULL;
0707
0708         if (next)
0709             len = next - from;
0710         else
0711             len = strlen(from);
0712
0713         token = match_opt_prefix(from, len, &arg);
0714         if (token != Opt_error) {
0715             arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
0716             rc = smack_add_opt(token, arg, mnt_opts);
0717             if (unlikely(rc)) {
0718                 kfree(arg);
0719                 if (*mnt_opts)
0720                     smack_free_mnt_opts(*mnt_opts);
0721                 *mnt_opts = NULL;
0722                 return rc;
0723             }
0724         } else {
0725             if (!first) {   // copy with preceding comma
0726                 from--;
0727                 len++;
0728             }
0729             if (to != from)
0730                 memmove(to, from, len);
0731             to += len;
0732             first = false;
0733         }
0734         if (!from[len])
0735             break;
0736         from += len + 1;
0737     }
0738     *to = '\0';
0739     return 0;
0740 }
0741
0742 /**
0743  * smack_set_mnt_opts - set Smack specific mount options
0744  * @sb: the file system superblock
0745  * @mnt_opts: Smack mount options
0746  * @kern_flags: mount option from kernel space or user space
0747  * @set_kern_flags: where to store converted mount opts
0748  *
0749  * Returns 0 on success, an error code on failure
0750  *
0751  * Allow filesystems with binary mount data to explicitly set Smack mount
0752  * labels.
0753  */
0754 static int smack_set_mnt_opts(struct super_block *sb,
0755         void *mnt_opts,
0756         unsigned long kern_flags,
0757         unsigned long *set_kern_flags)
0758 {
0759     struct dentry *root = sb->s_root;
0760     struct inode *inode = d_backing_inode(root);
0761     struct superblock_smack *sp = smack_superblock(sb);
0762     struct inode_smack *isp;
0763     struct smack_known *skp;
0764     struct smack_mnt_opts *opts = mnt_opts;
0765     bool transmute = false;
0766
0767     if (sp->smk_flags & SMK_SB_INITIALIZED)
0768         return 0;
0769
0770     if (!smack_privileged(CAP_MAC_ADMIN)) {
0771         /*
0772          * Unprivileged mounts don't get to specify Smack values.
0773          */
0774         if (opts)
0775             return -EPERM;
0776         /*
0777          * Unprivileged mounts get root and default from the caller.
0778          */
0779         skp = smk_of_current();
0780         sp->smk_root = skp;
0781         sp->smk_default = skp;
0782         /*
0783          * For a handful of fs types with no user-controlled
0784          * backing store it's okay to trust security labels
0785          * in the filesystem. The rest are untrusted.
0786          */
0787         if (sb->s_user_ns != &init_user_ns &&
0788             sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
0789             sb->s_magic != RAMFS_MAGIC) {
0790             transmute = true;
0791             sp->smk_flags |= SMK_SB_UNTRUSTED;
0792         }
0793     }
0794
0795     sp->smk_flags |= SMK_SB_INITIALIZED;
0796
0797     if (opts) {
0798         if (opts->fsdefault) {
0799             skp = smk_import_entry(opts->fsdefault, 0);
0800             if (IS_ERR(skp))
0801                 return PTR_ERR(skp);
0802             sp->smk_default = skp;
0803         }
0804         if (opts->fsfloor) {
0805             skp = smk_import_entry(opts->fsfloor, 0);
0806             if (IS_ERR(skp))
0807                 return PTR_ERR(skp);
0808             sp->smk_floor = skp;
0809         }
0810         if (opts->fshat) {
0811             skp = smk_import_entry(opts->fshat, 0);
0812             if (IS_ERR(skp))
0813                 return PTR_ERR(skp);
0814             sp->smk_hat = skp;
0815         }
0816         if (opts->fsroot) {
0817             skp = smk_import_entry(opts->fsroot, 0);
0818             if (IS_ERR(skp))
0819                 return PTR_ERR(skp);
0820             sp->smk_root = skp;
0821         }
0822         if (opts->fstransmute) {
0823             skp = smk_import_entry(opts->fstransmute, 0);
0824             if (IS_ERR(skp))
0825                 return PTR_ERR(skp);
0826             sp->smk_root = skp;
0827             transmute = true;
0828         }
0829     }
0830
0831     /*
0832      * Initialize the root inode.
0833      */
0834     init_inode_smack(inode, sp->smk_root);
0835
0836     if (transmute) {
0837         isp = smack_inode(inode);
0838         isp->smk_flags |= SMK_INODE_TRANSMUTE;
0839     }
0840
0841     return 0;
0842 }
0843
0844 /**
0845  * smack_sb_statfs - Smack check on statfs
0846  * @dentry: identifies the file system in question
0847  *
0848  * Returns 0 if current can read the floor of the filesystem,
0849  * and error code otherwise
0850  */
0851 static int smack_sb_statfs(struct dentry *dentry)
0852 {
0853     struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
0854     int rc;
0855     struct smk_audit_info ad;
0856
0857     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
0858     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
0859
0860     rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
0861     rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
0862     return rc;
0863 }
0864
0865 /*
0866  * BPRM hooks
0867  */
0868
0869 /**
0870  * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
0871  * @bprm: the exec information
0872  *
0873  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
0874  */
0875 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
0876 {
0877     struct inode *inode = file_inode(bprm->file);
0878     struct task_smack *bsp = smack_cred(bprm->cred);
0879     struct inode_smack *isp;
0880     struct superblock_smack *sbsp;
0881     int rc;
0882
0883     isp = smack_inode(inode);
0884     if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
0885         return 0;
0886
0887     sbsp = smack_superblock(inode->i_sb);
0888     if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
0889         isp->smk_task != sbsp->smk_root)
0890         return 0;
0891
0892     if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
0893         struct task_struct *tracer;
0894         rc = 0;
0895
0896         rcu_read_lock();
0897         tracer = ptrace_parent(current);
0898         if (likely(tracer != NULL))
0899             rc = smk_ptrace_rule_check(tracer,
0900                            isp->smk_task,
0901                            PTRACE_MODE_ATTACH,
0902                            __func__);
0903         rcu_read_unlock();
0904
0905         if (rc != 0)
0906             return rc;
0907     }
0908     if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
0909         return -EPERM;
0910
0911     bsp->smk_task = isp->smk_task;
0912     bprm->per_clear |= PER_CLEAR_ON_SETID;
0913
0914     /* Decide if this is a secure exec. */
0915     if (bsp->smk_task != bsp->smk_forked)
0916         bprm->secureexec = 1;
0917
0918     return 0;
0919 }
0920
0921 /*
0922  * Inode hooks
0923  */
0924
0925 /**
0926  * smack_inode_alloc_security - allocate an inode blob
0927  * @inode: the inode in need of a blob
0928  *
0929  * Returns 0
0930  */
0931 static int smack_inode_alloc_security(struct inode *inode)
0932 {
0933     struct smack_known *skp = smk_of_current();
0934
0935     init_inode_smack(inode, skp);
0936     return 0;
0937 }
0938
0939 /**
0940  * smack_inode_init_security - copy out the smack from an inode
0941  * @inode: the newly created inode
0942  * @dir: containing directory object
0943  * @qstr: unused
0944  * @name: where to put the attribute name
0945  * @value: where to put the attribute value
0946  * @len: where to put the length of the attribute
0947  *
0948  * Returns 0 if it all works out, -ENOMEM if there's no memory
0949  */
0950 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
0951                      const struct qstr *qstr, const char **name,
0952                      void **value, size_t *len)
0953 {
0954     struct inode_smack *issp = smack_inode(inode);
0955     struct smack_known *skp = smk_of_current();
0956     struct smack_known *isp = smk_of_inode(inode);
0957     struct smack_known *dsp = smk_of_inode(dir);
0958     int may;
0959
0960     if (name)
0961         *name = XATTR_SMACK_SUFFIX;
0962
0963     if (value && len) {
0964         rcu_read_lock();
0965         may = smk_access_entry(skp->smk_known, dsp->smk_known,
0966                        &skp->smk_rules);
0967         rcu_read_unlock();
0968
0969         /*
0970          * If the access rule allows transmutation and
0971          * the directory requests transmutation then
0972          * by all means transmute.
0973          * Mark the inode as changed.
0974          */
0975         if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
0976             smk_inode_transmutable(dir)) {
0977             isp = dsp;
0978             issp->smk_flags |= SMK_INODE_CHANGED;
0979         }
0980
0981         *value = kstrdup(isp->smk_known, GFP_NOFS);
0982         if (*value == NULL)
0983             return -ENOMEM;
0984
0985         *len = strlen(isp->smk_known);
0986     }
0987
0988     return 0;
0989 }
0990
0991 /**
0992  * smack_inode_link - Smack check on link
0993  * @old_dentry: the existing object
0994  * @dir: unused
0995  * @new_dentry: the new object
0996  *
0997  * Returns 0 if access is permitted, an error code otherwise
0998  */
0999 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1000                 struct dentry *new_dentry)
1001 {
1002     struct smack_known *isp;
1003     struct smk_audit_info ad;
1004     int rc;
1005
1006     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1007     smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1008
1009     isp = smk_of_inode(d_backing_inode(old_dentry));
1010     rc = smk_curacc(isp, MAY_WRITE, &ad);
1011     rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1012
1013     if (rc == 0 && d_is_positive(new_dentry)) {
1014         isp = smk_of_inode(d_backing_inode(new_dentry));
1015         smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1016         rc = smk_curacc(isp, MAY_WRITE, &ad);
1017         rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1018     }
1019
1020     return rc;
1021 }
1022
1023 /**
1024  * smack_inode_unlink - Smack check on inode deletion
1025  * @dir: containing directory object
1026  * @dentry: file to unlink
1027  *
1028  * Returns 0 if current can write the containing directory
1029  * and the object, error code otherwise
1030  */
1031 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1032 {
1033     struct inode *ip = d_backing_inode(dentry);
1034     struct smk_audit_info ad;
1035     int rc;
1036
1037     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1038     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1039
1040     /*
1041      * You need write access to the thing you're unlinking
1042      */
1043     rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1044     rc = smk_bu_inode(ip, MAY_WRITE, rc);
1045     if (rc == 0) {
1046         /*
1047          * You also need write access to the containing directory
1048          */
1049         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1050         smk_ad_setfield_u_fs_inode(&ad, dir);
1051         rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1052         rc = smk_bu_inode(dir, MAY_WRITE, rc);
1053     }
1054     return rc;
1055 }
1056
1057 /**
1058  * smack_inode_rmdir - Smack check on directory deletion
1059  * @dir: containing directory object
1060  * @dentry: directory to unlink
1061  *
1062  * Returns 0 if current can write the containing directory
1063  * and the directory, error code otherwise
1064  */
1065 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1066 {
1067     struct smk_audit_info ad;
1068     int rc;
1069
1070     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1071     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1072
1073     /*
1074      * You need write access to the thing you're removing
1075      */
1076     rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1077     rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1078     if (rc == 0) {
1079         /*
1080          * You also need write access to the containing directory
1081          */
1082         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1083         smk_ad_setfield_u_fs_inode(&ad, dir);
1084         rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1085         rc = smk_bu_inode(dir, MAY_WRITE, rc);
1086     }
1087
1088     return rc;
1089 }
1090
1091 /**
1092  * smack_inode_rename - Smack check on rename
1093  * @old_inode: unused
1094  * @old_dentry: the old object
1095  * @new_inode: unused
1096  * @new_dentry: the new object
1097  *
1098  * Read and write access is required on both the old and
1099  * new directories.
1100  *
1101  * Returns 0 if access is permitted, an error code otherwise
1102  */
1103 static int smack_inode_rename(struct inode *old_inode,
1104                   struct dentry *old_dentry,
1105                   struct inode *new_inode,
1106                   struct dentry *new_dentry)
1107 {
1108     int rc;
1109     struct smack_known *isp;
1110     struct smk_audit_info ad;
1111
1112     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1113     smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1114
1115     isp = smk_of_inode(d_backing_inode(old_dentry));
1116     rc = smk_curacc(isp, MAY_READWRITE, &ad);
1117     rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1118
1119     if (rc == 0 && d_is_positive(new_dentry)) {
1120         isp = smk_of_inode(d_backing_inode(new_dentry));
1121         smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1122         rc = smk_curacc(isp, MAY_READWRITE, &ad);
1123         rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1124     }
1125     return rc;
1126 }
1127
1128 /**
1129  * smack_inode_permission - Smack version of permission()
1130  * @inode: the inode in question
1131  * @mask: the access requested
1132  *
1133  * This is the important Smack hook.
1134  *
1135  * Returns 0 if access is permitted, an error code otherwise
1136  */
1137 static int smack_inode_permission(struct inode *inode, int mask)
1138 {
1139     struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1140     struct smk_audit_info ad;
1141     int no_block = mask & MAY_NOT_BLOCK;
1142     int rc;
1143
1144     mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1145     /*
1146      * No permission to check. Existence test. Yup, it's there.
1147      */
1148     if (mask == 0)
1149         return 0;
1150
1151     if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1152         if (smk_of_inode(inode) != sbsp->smk_root)
1153             return -EACCES;
1154     }
1155
1156     /* May be droppable after audit */
1157     if (no_block)
1158         return -ECHILD;
1159     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1160     smk_ad_setfield_u_fs_inode(&ad, inode);
1161     rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1162     rc = smk_bu_inode(inode, mask, rc);
1163     return rc;
1164 }
1165
1166 /**
1167  * smack_inode_setattr - Smack check for setting attributes
1168  * @dentry: the object
1169  * @iattr: for the force flag
1170  *
1171  * Returns 0 if access is permitted, an error code otherwise
1172  */
1173 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1174 {
1175     struct smk_audit_info ad;
1176     int rc;
1177
1178     /*
1179      * Need to allow for clearing the setuid bit.
1180      */
1181     if (iattr->ia_valid & ATTR_FORCE)
1182         return 0;
1183     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1184     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1185
1186     rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1187     rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1188     return rc;
1189 }
1190
1191 /**
1192  * smack_inode_getattr - Smack check for getting attributes
1193  * @path: path to extract the info from
1194  *
1195  * Returns 0 if access is permitted, an error code otherwise
1196  */
1197 static int smack_inode_getattr(const struct path *path)
1198 {
1199     struct smk_audit_info ad;
1200     struct inode *inode = d_backing_inode(path->dentry);
1201     int rc;
1202
1203     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1204     smk_ad_setfield_u_fs_path(&ad, *path);
1205     rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1206     rc = smk_bu_inode(inode, MAY_READ, rc);
1207     return rc;
1208 }
1209
1210 /**
1211  * smack_inode_setxattr - Smack check for setting xattrs
1212  * @mnt_userns: active user namespace
1213  * @dentry: the object
1214  * @name: name of the attribute
1215  * @value: value of the attribute
1216  * @size: size of the value
1217  * @flags: unused
1218  *
1219  * This protects the Smack attribute explicitly.
1220  *
1221  * Returns 0 if access is permitted, an error code otherwise
1222  */
1223 static int smack_inode_setxattr(struct user_namespace *mnt_userns,
1224                 struct dentry *dentry, const char *name,
1225                 const void *value, size_t size, int flags)
1226 {
1227     struct smk_audit_info ad;
1228     struct smack_known *skp;
1229     int check_priv = 0;
1230     int check_import = 0;
1231     int check_star = 0;
1232     int rc = 0;
1233
1234     /*
1235      * Check label validity here so import won't fail in post_setxattr
1236      */
1237     if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1238         strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1239         strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1240         check_priv = 1;
1241         check_import = 1;
1242     } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1243            strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1244         check_priv = 1;
1245         check_import = 1;
1246         check_star = 1;
1247     } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1248         check_priv = 1;
1249         if (size != TRANS_TRUE_SIZE ||
1250             strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1251             rc = -EINVAL;
1252     } else
1253         rc = cap_inode_setxattr(dentry, name, value, size, flags);
1254
1255     if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1256         rc = -EPERM;
1257
1258     if (rc == 0 && check_import) {
1259         skp = size ? smk_import_entry(value, size) : NULL;
1260         if (IS_ERR(skp))
1261             rc = PTR_ERR(skp);
1262         else if (skp == NULL || (check_star &&
1263             (skp == &smack_known_star || skp == &smack_known_web)))
1264             rc = -EINVAL;
1265     }
1266
1267     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1268     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1269
1270     if (rc == 0) {
1271         rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1272         rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1273     }
1274
1275     return rc;
1276 }
1277
1278 /**
1279  * smack_inode_post_setxattr - Apply the Smack update approved above
1280  * @dentry: object
1281  * @name: attribute name
1282  * @value: attribute value
1283  * @size: attribute size
1284  * @flags: unused
1285  *
1286  * Set the pointer in the inode blob to the entry found
1287  * in the master label list.
1288  */
1289 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1290                       const void *value, size_t size, int flags)
1291 {
1292     struct smack_known *skp;
1293     struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1294
1295     if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1296         isp->smk_flags |= SMK_INODE_TRANSMUTE;
1297         return;
1298     }
1299
1300     if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1301         skp = smk_import_entry(value, size);
1302         if (!IS_ERR(skp))
1303             isp->smk_inode = skp;
1304     } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1305         skp = smk_import_entry(value, size);
1306         if (!IS_ERR(skp))
1307             isp->smk_task = skp;
1308     } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1309         skp = smk_import_entry(value, size);
1310         if (!IS_ERR(skp))
1311             isp->smk_mmap = skp;
1312     }
1313
1314     return;
1315 }
1316
1317 /**
1318  * smack_inode_getxattr - Smack check on getxattr
1319  * @dentry: the object
1320  * @name: unused
1321  *
1322  * Returns 0 if access is permitted, an error code otherwise
1323  */
1324 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1325 {
1326     struct smk_audit_info ad;
1327     int rc;
1328
1329     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1330     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1331
1332     rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1333     rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1334     return rc;
1335 }
1336
1337 /**
1338  * smack_inode_removexattr - Smack check on removexattr
1339  * @mnt_userns: active user namespace
1340  * @dentry: the object
1341  * @name: name of the attribute
1342  *
1343  * Removing the Smack attribute requires CAP_MAC_ADMIN
1344  *
1345  * Returns 0 if access is permitted, an error code otherwise
1346  */
1347 static int smack_inode_removexattr(struct user_namespace *mnt_userns,
1348                    struct dentry *dentry, const char *name)
1349 {
1350     struct inode_smack *isp;
1351     struct smk_audit_info ad;
1352     int rc = 0;
1353
1354     if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1355         strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1356         strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1357         strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1358         strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1359         strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1360         if (!smack_privileged(CAP_MAC_ADMIN))
1361             rc = -EPERM;
1362     } else
1363         rc = cap_inode_removexattr(mnt_userns, dentry, name);
1364
1365     if (rc != 0)
1366         return rc;
1367
1368     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1369     smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1370
1371     rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1372     rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1373     if (rc != 0)
1374         return rc;
1375
1376     isp = smack_inode(d_backing_inode(dentry));
1377     /*
1378      * Don't do anything special for these.
1379      *  XATTR_NAME_SMACKIPIN
1380      *  XATTR_NAME_SMACKIPOUT
1381      */
1382     if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1383         struct super_block *sbp = dentry->d_sb;
1384         struct superblock_smack *sbsp = smack_superblock(sbp);
1385
1386         isp->smk_inode = sbsp->smk_default;
1387     } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1388         isp->smk_task = NULL;
1389     else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1390         isp->smk_mmap = NULL;
1391     else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1392         isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1393
1394     return 0;
1395 }
1396
1397 /**
1398  * smack_inode_getsecurity - get smack xattrs
1399  * @mnt_userns: active user namespace
1400  * @inode: the object
1401  * @name: attribute name
1402  * @buffer: where to put the result
1403  * @alloc: duplicate memory
1404  *
1405  * Returns the size of the attribute or an error code
1406  */
1407 static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
1408                    struct inode *inode, const char *name,
1409                    void **buffer, bool alloc)
1410 {
1411     struct socket_smack *ssp;
1412     struct socket *sock;
1413     struct super_block *sbp;
1414     struct inode *ip = (struct inode *)inode;
1415     struct smack_known *isp;
1416
1417     if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
1418         isp = smk_of_inode(inode);
1419     else {
1420         /*
1421          * The rest of the Smack xattrs are only on sockets.
1422          */
1423         sbp = ip->i_sb;
1424         if (sbp->s_magic != SOCKFS_MAGIC)
1425             return -EOPNOTSUPP;
1426
1427         sock = SOCKET_I(ip);
1428         if (sock == NULL || sock->sk == NULL)
1429             return -EOPNOTSUPP;
1430
1431         ssp = sock->sk->sk_security;
1432
1433         if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1434             isp = ssp->smk_in;
1435         else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1436             isp = ssp->smk_out;
1437         else
1438             return -EOPNOTSUPP;
1439     }
1440
1441     if (alloc) {
1442         *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1443         if (*buffer == NULL)
1444             return -ENOMEM;
1445     }
1446
1447     return strlen(isp->smk_known);
1448 }
1449
1450
1451 /**
1452  * smack_inode_listsecurity - list the Smack attributes
1453  * @inode: the object
1454  * @buffer: where they go
1455  * @buffer_size: size of buffer
1456  */
1457 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1458                     size_t buffer_size)
1459 {
1460     int len = sizeof(XATTR_NAME_SMACK);
1461
1462     if (buffer != NULL && len <= buffer_size)
1463         memcpy(buffer, XATTR_NAME_SMACK, len);
1464
1465     return len;
1466 }
1467
1468 /**
1469  * smack_inode_getsecid - Extract inode's security id
1470  * @inode: inode to extract the info from
1471  * @secid: where result will be saved
1472  */
1473 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1474 {
1475     struct smack_known *skp = smk_of_inode(inode);
1476
1477     *secid = skp->smk_secid;
1478 }
1479
1480 /*
1481  * File Hooks
1482  */
1483
1484 /*
1485  * There is no smack_file_permission hook
1486  *
1487  * Should access checks be done on each read or write?
1488  * UNICOS and SELinux say yes.
1489  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1490  *
1491  * I'll say no for now. Smack does not do the frequent
1492  * label changing that SELinux does.
1493  */
1494
1495 /**
1496  * smack_file_alloc_security - assign a file security blob
1497  * @file: the object
1498  *
1499  * The security blob for a file is a pointer to the master
1500  * label list, so no allocation is done.
1501  *
1502  * f_security is the owner security information. It
1503  * isn't used on file access checks, it's for send_sigio.
1504  *
1505  * Returns 0
1506  */
1507 static int smack_file_alloc_security(struct file *file)
1508 {
1509     struct smack_known **blob = smack_file(file);
1510
1511     *blob = smk_of_current();
1512     return 0;
1513 }
1514
1515 /**
1516  * smack_file_ioctl - Smack check on ioctls
1517  * @file: the object
1518  * @cmd: what to do
1519  * @arg: unused
1520  *
1521  * Relies heavily on the correct use of the ioctl command conventions.
1522  *
1523  * Returns 0 if allowed, error code otherwise
1524  */
1525 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1526                 unsigned long arg)
1527 {
1528     int rc = 0;
1529     struct smk_audit_info ad;
1530     struct inode *inode = file_inode(file);
1531
1532     if (unlikely(IS_PRIVATE(inode)))
1533         return 0;
1534
1535     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1536     smk_ad_setfield_u_fs_path(&ad, file->f_path);
1537
1538     if (_IOC_DIR(cmd) & _IOC_WRITE) {
1539         rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1540         rc = smk_bu_file(file, MAY_WRITE, rc);
1541     }
1542
1543     if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1544         rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1545         rc = smk_bu_file(file, MAY_READ, rc);
1546     }
1547
1548     return rc;
1549 }
1550
1551 /**
1552  * smack_file_lock - Smack check on file locking
1553  * @file: the object
1554  * @cmd: unused
1555  *
1556  * Returns 0 if current has lock access, error code otherwise
1557  */
1558 static int smack_file_lock(struct file *file, unsigned int cmd)
1559 {
1560     struct smk_audit_info ad;
1561     int rc;
1562     struct inode *inode = file_inode(file);
1563
1564     if (unlikely(IS_PRIVATE(inode)))
1565         return 0;
1566
1567     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1568     smk_ad_setfield_u_fs_path(&ad, file->f_path);
1569     rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1570     rc = smk_bu_file(file, MAY_LOCK, rc);
1571     return rc;
1572 }
1573
1574 /**
1575  * smack_file_fcntl - Smack check on fcntl
1576  * @file: the object
1577  * @cmd: what action to check
1578  * @arg: unused
1579  *
1580  * Generally these operations are harmless.
1581  * File locking operations present an obvious mechanism
1582  * for passing information, so they require write access.
1583  *
1584  * Returns 0 if current has access, error code otherwise
1585  */
1586 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1587                 unsigned long arg)
1588 {
1589     struct smk_audit_info ad;
1590     int rc = 0;
1591     struct inode *inode = file_inode(file);
1592
1593     if (unlikely(IS_PRIVATE(inode)))
1594         return 0;
1595
1596     switch (cmd) {
1597     case F_GETLK:
1598         break;
1599     case F_SETLK:
1600     case F_SETLKW:
1601         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1602         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1603         rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1604         rc = smk_bu_file(file, MAY_LOCK, rc);
1605         break;
1606     case F_SETOWN:
1607     case F_SETSIG:
1608         smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1609         smk_ad_setfield_u_fs_path(&ad, file->f_path);
1610         rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1611         rc = smk_bu_file(file, MAY_WRITE, rc);
1612         break;
1613     default:
1614         break;
1615     }
1616
1617     return rc;
1618 }
1619
1620 /**
1621  * smack_mmap_file - Check permissions for a mmap operation.
1622  * @file: contains the file structure for file to map (may be NULL).
1623  * @reqprot: contains the protection requested by the application.
1624  * @prot: contains the protection that will be applied by the kernel.
1625  * @flags: contains the operational flags.
1626  *
1627  * The @file may be NULL, e.g. if mapping anonymous memory.
1628  *
1629  * Return 0 if permission is granted.
1630  */
1631 static int smack_mmap_file(struct file *file,
1632                unsigned long reqprot, unsigned long prot,
1633                unsigned long flags)
1634 {
1635     struct smack_known *skp;
1636     struct smack_known *mkp;
1637     struct smack_rule *srp;
1638     struct task_smack *tsp;
1639     struct smack_known *okp;
1640     struct inode_smack *isp;
1641     struct superblock_smack *sbsp;
1642     int may;
1643     int mmay;
1644     int tmay;
1645     int rc;
1646
1647     if (file == NULL)
1648         return 0;
1649
1650     if (unlikely(IS_PRIVATE(file_inode(file))))
1651         return 0;
1652
1653     isp = smack_inode(file_inode(file));
1654     if (isp->smk_mmap == NULL)
1655         return 0;
1656     sbsp = smack_superblock(file_inode(file)->i_sb);
1657     if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1658         isp->smk_mmap != sbsp->smk_root)
1659         return -EACCES;
1660     mkp = isp->smk_mmap;
1661
1662     tsp = smack_cred(current_cred());
1663     skp = smk_of_current();
1664     rc = 0;
1665
1666     rcu_read_lock();
1667     /*
1668      * For each Smack rule associated with the subject
1669      * label verify that the SMACK64MMAP also has access
1670      * to that rule's object label.
1671      */
1672     list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1673         okp = srp->smk_object;
1674         /*
1675          * Matching labels always allows access.
1676          */
1677         if (mkp->smk_known == okp->smk_known)
1678             continue;
1679         /*
1680          * If there is a matching local rule take
1681          * that into account as well.
1682          */
1683         may = smk_access_entry(srp->smk_subject->smk_known,
1684                        okp->smk_known,
1685                        &tsp->smk_rules);
1686         if (may == -ENOENT)
1687             may = srp->smk_access;
1688         else
1689             may &= srp->smk_access;
1690         /*
1691          * If may is zero the SMACK64MMAP subject can't
1692          * possibly have less access.
1693          */
1694         if (may == 0)
1695             continue;
1696
1697         /*
1698          * Fetch the global list entry.
1699          * If there isn't one a SMACK64MMAP subject
1700          * can't have as much access as current.
1701          */
1702         mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1703                     &mkp->smk_rules);
1704         if (mmay == -ENOENT) {
1705             rc = -EACCES;
1706             break;
1707         }
1708         /*
1709          * If there is a local entry it modifies the
1710          * potential access, too.
1711          */
1712         tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1713                     &tsp->smk_rules);
1714         if (tmay != -ENOENT)
1715             mmay &= tmay;
1716
1717         /*
1718          * If there is any access available to current that is
1719          * not available to a SMACK64MMAP subject
1720          * deny access.
1721          */
1722         if ((may | mmay) != mmay) {
1723             rc = -EACCES;
1724             break;
1725         }
1726     }
1727
1728     rcu_read_unlock();
1729
1730     return rc;
1731 }
1732
1733 /**
1734  * smack_file_set_fowner - set the file security blob value
1735  * @file: object in question
1736  *
1737  */
1738 static void smack_file_set_fowner(struct file *file)
1739 {
1740     struct smack_known **blob = smack_file(file);
1741
1742     *blob = smk_of_current();
1743 }
1744
1745 /**
1746  * smack_file_send_sigiotask - Smack on sigio
1747  * @tsk: The target task
1748  * @fown: the object the signal come from
1749  * @signum: unused
1750  *
1751  * Allow a privileged task to get signals even if it shouldn't
1752  *
1753  * Returns 0 if a subject with the object's smack could
1754  * write to the task, an error code otherwise.
1755  */
1756 static int smack_file_send_sigiotask(struct task_struct *tsk,
1757                      struct fown_struct *fown, int signum)
1758 {
1759     struct smack_known **blob;
1760     struct smack_known *skp;
1761     struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1762     const struct cred *tcred;
1763     struct file *file;
1764     int rc;
1765     struct smk_audit_info ad;
1766
1767     /*
1768      * struct fown_struct is never outside the context of a struct file
1769      */
1770     file = container_of(fown, struct file, f_owner);
1771
1772     /* we don't log here as rc can be overriden */
1773     blob = smack_file(file);
1774     skp = *blob;
1775     rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1776     rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1777
1778     rcu_read_lock();
1779     tcred = __task_cred(tsk);
1780     if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1781         rc = 0;
1782     rcu_read_unlock();
1783
1784     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1785     smk_ad_setfield_u_tsk(&ad, tsk);
1786     smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1787     return rc;
1788 }
1789
1790 /**
1791  * smack_file_receive - Smack file receive check
1792  * @file: the object
1793  *
1794  * Returns 0 if current has access, error code otherwise
1795  */
1796 static int smack_file_receive(struct file *file)
1797 {
1798     int rc;
1799     int may = 0;
1800     struct smk_audit_info ad;
1801     struct inode *inode = file_inode(file);
1802     struct socket *sock;
1803     struct task_smack *tsp;
1804     struct socket_smack *ssp;
1805
1806     if (unlikely(IS_PRIVATE(inode)))
1807         return 0;
1808
1809     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1810     smk_ad_setfield_u_fs_path(&ad, file->f_path);
1811
1812     if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1813         sock = SOCKET_I(inode);
1814         ssp = sock->sk->sk_security;
1815         tsp = smack_cred(current_cred());
1816         /*
1817          * If the receiving process can't write to the
1818          * passed socket or if the passed socket can't
1819          * write to the receiving process don't accept
1820          * the passed socket.
1821          */
1822         rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1823         rc = smk_bu_file(file, may, rc);
1824         if (rc < 0)
1825             return rc;
1826         rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1827         rc = smk_bu_file(file, may, rc);
1828         return rc;
1829     }
1830     /*
1831      * This code relies on bitmasks.
1832      */
1833     if (file->f_mode & FMODE_READ)
1834         may = MAY_READ;
1835     if (file->f_mode & FMODE_WRITE)
1836         may |= MAY_WRITE;
1837
1838     rc = smk_curacc(smk_of_inode(inode), may, &ad);
1839     rc = smk_bu_file(file, may, rc);
1840     return rc;
1841 }
1842
1843 /**
1844  * smack_file_open - Smack dentry open processing
1845  * @file: the object
1846  *
1847  * Set the security blob in the file structure.
1848  * Allow the open only if the task has read access. There are
1849  * many read operations (e.g. fstat) that you can do with an
1850  * fd even if you have the file open write-only.
1851  *
1852  * Returns 0 if current has access, error code otherwise
1853  */
1854 static int smack_file_open(struct file *file)
1855 {
1856     struct task_smack *tsp = smack_cred(file->f_cred);
1857     struct inode *inode = file_inode(file);
1858     struct smk_audit_info ad;
1859     int rc;
1860
1861     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1862     smk_ad_setfield_u_fs_path(&ad, file->f_path);
1863     rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1864     rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1865
1866     return rc;
1867 }
1868
1869 /*
1870  * Task hooks
1871  */
1872
1873 /**
1874  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1875  * @cred: the new credentials
1876  * @gfp: the atomicity of any memory allocations
1877  *
1878  * Prepare a blank set of credentials for modification.  This must allocate all
1879  * the memory the LSM module might require such that cred_transfer() can
1880  * complete without error.
1881  */
1882 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1883 {
1884     init_task_smack(smack_cred(cred), NULL, NULL);
1885     return 0;
1886 }
1887
1888
1889 /**
1890  * smack_cred_free - "free" task-level security credentials
1891  * @cred: the credentials in question
1892  *
1893  */
1894 static void smack_cred_free(struct cred *cred)
1895 {
1896     struct task_smack *tsp = smack_cred(cred);
1897     struct smack_rule *rp;
1898     struct list_head *l;
1899     struct list_head *n;
1900
1901     smk_destroy_label_list(&tsp->smk_relabel);
1902
1903     list_for_each_safe(l, n, &tsp->smk_rules) {
1904         rp = list_entry(l, struct smack_rule, list);
1905         list_del(&rp->list);
1906         kmem_cache_free(smack_rule_cache, rp);
1907     }
1908 }
1909
1910 /**
1911  * smack_cred_prepare - prepare new set of credentials for modification
1912  * @new: the new credentials
1913  * @old: the original credentials
1914  * @gfp: the atomicity of any memory allocations
1915  *
1916  * Prepare a new set of credentials for modification.
1917  */
1918 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1919                   gfp_t gfp)
1920 {
1921     struct task_smack *old_tsp = smack_cred(old);
1922     struct task_smack *new_tsp = smack_cred(new);
1923     int rc;
1924
1925     init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
1926
1927     rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1928     if (rc != 0)
1929         return rc;
1930
1931     rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1932                 gfp);
1933     return rc;
1934 }
1935
1936 /**
1937  * smack_cred_transfer - Transfer the old credentials to the new credentials
1938  * @new: the new credentials
1939  * @old: the original credentials
1940  *
1941  * Fill in a set of blank credentials from another set of credentials.
1942  */
1943 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1944 {
1945     struct task_smack *old_tsp = smack_cred(old);
1946     struct task_smack *new_tsp = smack_cred(new);
1947
1948     new_tsp->smk_task = old_tsp->smk_task;
1949     new_tsp->smk_forked = old_tsp->smk_task;
1950     mutex_init(&new_tsp->smk_rules_lock);
1951     INIT_LIST_HEAD(&new_tsp->smk_rules);
1952
1953     /* cbs copy rule list */
1954 }
1955
1956 /**
1957  * smack_cred_getsecid - get the secid corresponding to a creds structure
1958  * @cred: the object creds
1959  * @secid: where to put the result
1960  *
1961  * Sets the secid to contain a u32 version of the smack label.
1962  */
1963 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
1964 {
1965     struct smack_known *skp;
1966
1967     rcu_read_lock();
1968     skp = smk_of_task(smack_cred(cred));
1969     *secid = skp->smk_secid;
1970     rcu_read_unlock();
1971 }
1972
1973 /**
1974  * smack_kernel_act_as - Set the subjective context in a set of credentials
1975  * @new: points to the set of credentials to be modified.
1976  * @secid: specifies the security ID to be set
1977  *
1978  * Set the security data for a kernel service.
1979  */
1980 static int smack_kernel_act_as(struct cred *new, u32 secid)
1981 {
1982     struct task_smack *new_tsp = smack_cred(new);
1983
1984     new_tsp->smk_task = smack_from_secid(secid);
1985     return 0;
1986 }
1987
1988 /**
1989  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1990  * @new: points to the set of credentials to be modified
1991  * @inode: points to the inode to use as a reference
1992  *
1993  * Set the file creation context in a set of credentials to the same
1994  * as the objective context of the specified inode
1995  */
1996 static int smack_kernel_create_files_as(struct cred *new,
1997                     struct inode *inode)
1998 {
1999     struct inode_smack *isp = smack_inode(inode);
2000     struct task_smack *tsp = smack_cred(new);
2001
2002     tsp->smk_forked = isp->smk_inode;
2003     tsp->smk_task = tsp->smk_forked;
2004     return 0;
2005 }
2006
2007 /**
2008  * smk_curacc_on_task - helper to log task related access
2009  * @p: the task object
2010  * @access: the access requested
2011  * @caller: name of the calling function for audit
2012  *
2013  * Return 0 if access is permitted
2014  */
2015 static int smk_curacc_on_task(struct task_struct *p, int access,
2016                 const char *caller)
2017 {
2018     struct smk_audit_info ad;
2019     struct smack_known *skp = smk_of_task_struct_obj(p);
2020     int rc;
2021
2022     smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2023     smk_ad_setfield_u_tsk(&ad, p);
2024     rc = smk_curacc(skp, access, &ad);
2025     rc = smk_bu_task(p, access, rc);
2026     return rc;
2027 }
2028
2029 /**
2030  * smack_task_setpgid - Smack check on setting pgid
2031  * @p: the task object
2032  * @pgid: unused
2033  *
2034  * Return 0 if write access is permitted
2035  */
2036 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2037 {
2038     return smk_curacc_on_task(p, MAY_WRITE, __func__);
2039 }
2040
2041 /**
2042  * smack_task_getpgid - Smack access check for getpgid
2043  * @p: the object task
2044  *
2045  * Returns 0 if current can read the object task, error code otherwise
2046  */
2047 static int smack_task_getpgid(struct task_struct *p)
2048 {
2049     return smk_curacc_on_task(p, MAY_READ, __func__);
2050 }
2051
2052 /**
2053  * smack_task_getsid - Smack access check for getsid
2054  * @p: the object task
2055  *
2056  * Returns 0 if current can read the object task, error code otherwise
2057  */
2058 static int smack_task_getsid(struct task_struct *p)
2059 {
2060     return smk_curacc_on_task(p, MAY_READ, __func__);
2061 }
2062
2063 /**
2064  * smack_current_getsecid_subj - get the subjective secid of the current task
2065  * @secid: where to put the result
2066  *
2067  * Sets the secid to contain a u32 version of the task's subjective smack label.
2068  */
2069 static void smack_current_getsecid_subj(u32 *secid)
2070 {
2071     struct smack_known *skp = smk_of_current();
2072
2073     *secid = skp->smk_secid;
2074 }
2075
2076 /**
2077  * smack_task_getsecid_obj - get the objective secid of the task
2078  * @p: the task
2079  * @secid: where to put the result
2080  *
2081  * Sets the secid to contain a u32 version of the task's objective smack label.
2082  */
2083 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
2084 {
2085     struct smack_known *skp = smk_of_task_struct_obj(p);
2086
2087     *secid = skp->smk_secid;
2088 }
2089
2090 /**
2091  * smack_task_setnice - Smack check on setting nice
2092  * @p: the task object
2093  * @nice: unused
2094  *
2095  * Return 0 if write access is permitted
2096  */
2097 static int smack_task_setnice(struct task_struct *p, int nice)
2098 {
2099     return smk_curacc_on_task(p, MAY_WRITE, __func__);
2100 }
2101
2102 /**
2103  * smack_task_setioprio - Smack check on setting ioprio
2104  * @p: the task object
2105  * @ioprio: unused
2106  *
2107  * Return 0 if write access is permitted
2108  */
2109 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2110 {
2111     return smk_curacc_on_task(p, MAY_WRITE, __func__);
2112 }
2113
2114 /**
2115  * smack_task_getioprio - Smack check on reading ioprio
2116  * @p: the task object
2117  *
2118  * Return 0 if read access is permitted
2119  */
2120 static int smack_task_getioprio(struct task_struct *p)
2121 {
2122     return smk_curacc_on_task(p, MAY_READ, __func__);
2123 }
2124
2125 /**
2126  * smack_task_setscheduler - Smack check on setting scheduler
2127  * @p: the task object
2128  *
2129  * Return 0 if read access is permitted
2130  */
2131 static int smack_task_setscheduler(struct task_struct *p)
2132 {
2133     return smk_curacc_on_task(p, MAY_WRITE, __func__);
2134 }
2135
2136 /**
2137  * smack_task_getscheduler - Smack check on reading scheduler
2138  * @p: the task object
2139  *
2140  * Return 0 if read access is permitted
2141  */
2142 static int smack_task_getscheduler(struct task_struct *p)
2143 {
2144     return smk_curacc_on_task(p, MAY_READ, __func__);
2145 }
2146
2147 /**
2148  * smack_task_movememory - Smack check on moving memory
2149  * @p: the task object
2150  *
2151  * Return 0 if write access is permitted
2152  */
2153 static int smack_task_movememory(struct task_struct *p)
2154 {
2155     return smk_curacc_on_task(p, MAY_WRITE, __func__);
2156 }
2157
2158 /**
2159  * smack_task_kill - Smack check on signal delivery
2160  * @p: the task object
2161  * @info: unused
2162  * @sig: unused
2163  * @cred: identifies the cred to use in lieu of current's
2164  *
2165  * Return 0 if write access is permitted
2166  *
2167  */
2168 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2169                int sig, const struct cred *cred)
2170 {
2171     struct smk_audit_info ad;
2172     struct smack_known *skp;
2173     struct smack_known *tkp = smk_of_task_struct_obj(p);
2174     int rc;
2175
2176     if (!sig)
2177         return 0; /* null signal; existence test */
2178
2179     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2180     smk_ad_setfield_u_tsk(&ad, p);
2181     /*
2182      * Sending a signal requires that the sender
2183      * can write the receiver.
2184      */
2185     if (cred == NULL) {
2186         rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2187         rc = smk_bu_task(p, MAY_DELIVER, rc);
2188         return rc;
2189     }
2190     /*
2191      * If the cred isn't NULL we're dealing with some USB IO
2192      * specific behavior. This is not clean. For one thing
2193      * we can't take privilege into account.
2194      */
2195     skp = smk_of_task(smack_cred(cred));
2196     rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2197     rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2198     return rc;
2199 }
2200
2201 /**
2202  * smack_task_to_inode - copy task smack into the inode blob
2203  * @p: task to copy from
2204  * @inode: inode to copy to
2205  *
2206  * Sets the smack pointer in the inode security blob
2207  */
2208 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2209 {
2210     struct inode_smack *isp = smack_inode(inode);
2211     struct smack_known *skp = smk_of_task_struct_obj(p);
2212
2213     isp->smk_inode = skp;
2214     isp->smk_flags |= SMK_INODE_INSTANT;
2215 }
2216
2217 /*
2218  * Socket hooks.
2219  */
2220
2221 /**
2222  * smack_sk_alloc_security - Allocate a socket blob
2223  * @sk: the socket
2224  * @family: unused
2225  * @gfp_flags: memory allocation flags
2226  *
2227  * Assign Smack pointers to current
2228  *
2229  * Returns 0 on success, -ENOMEM is there's no memory
2230  */
2231 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2232 {
2233     struct smack_known *skp = smk_of_current();
2234     struct socket_smack *ssp;
2235
2236     ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2237     if (ssp == NULL)
2238         return -ENOMEM;
2239
2240     /*
2241      * Sockets created by kernel threads receive web label.
2242      */
2243     if (unlikely(current->flags & PF_KTHREAD)) {
2244         ssp->smk_in = &smack_known_web;
2245         ssp->smk_out = &smack_known_web;
2246     } else {
2247         ssp->smk_in = skp;
2248         ssp->smk_out = skp;
2249     }
2250     ssp->smk_packet = NULL;
2251
2252     sk->sk_security = ssp;
2253
2254     return 0;
2255 }
2256
2257 /**
2258  * smack_sk_free_security - Free a socket blob
2259  * @sk: the socket
2260  *
2261  * Clears the blob pointer
2262  */
2263 static void smack_sk_free_security(struct sock *sk)
2264 {
2265 #ifdef SMACK_IPV6_PORT_LABELING
2266     struct smk_port_label *spp;
2267
2268     if (sk->sk_family == PF_INET6) {
2269         rcu_read_lock();
2270         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2271             if (spp->smk_sock != sk)
2272                 continue;
2273             spp->smk_can_reuse = 1;
2274             break;
2275         }
2276         rcu_read_unlock();
2277     }
2278 #endif
2279     kfree(sk->sk_security);
2280 }
2281
2282 /**
2283 * smack_ipv4host_label - check host based restrictions
2284 * @sip: the object end
2285 *
2286 * looks for host based access restrictions
2287 *
2288 * This version will only be appropriate for really small sets of single label
2289 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2290 * taken before calling this function.
2291 *
2292 * Returns the label of the far end or NULL if it's not special.
2293 */
2294 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2295 {
2296     struct smk_net4addr *snp;
2297     struct in_addr *siap = &sip->sin_addr;
2298
2299     if (siap->s_addr == 0)
2300         return NULL;
2301
2302     list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2303         /*
2304          * we break after finding the first match because
2305          * the list is sorted from longest to shortest mask
2306          * so we have found the most specific match
2307          */
2308         if (snp->smk_host.s_addr ==
2309             (siap->s_addr & snp->smk_mask.s_addr))
2310             return snp->smk_label;
2311
2312     return NULL;
2313 }
2314
2315 /*
2316  * smk_ipv6_localhost - Check for local ipv6 host address
2317  * @sip: the address
2318  *
2319  * Returns boolean true if this is the localhost address
2320  */
2321 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2322 {
2323     __be16 *be16p = (__be16 *)&sip->sin6_addr;
2324     __be32 *be32p = (__be32 *)&sip->sin6_addr;
2325
2326     if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2327         ntohs(be16p[7]) == 1)
2328         return true;
2329     return false;
2330 }
2331
2332 /**
2333 * smack_ipv6host_label - check host based restrictions
2334 * @sip: the object end
2335 *
2336 * looks for host based access restrictions
2337 *
2338 * This version will only be appropriate for really small sets of single label
2339 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2340 * taken before calling this function.
2341 *
2342 * Returns the label of the far end or NULL if it's not special.
2343 */
2344 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2345 {
2346     struct smk_net6addr *snp;
2347     struct in6_addr *sap = &sip->sin6_addr;
2348     int i;
2349     int found = 0;
2350
2351     /*
2352      * It's local. Don't look for a host label.
2353      */
2354     if (smk_ipv6_localhost(sip))
2355         return NULL;
2356
2357     list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2358         /*
2359          * If the label is NULL the entry has
2360          * been renounced. Ignore it.
2361          */
2362         if (snp->smk_label == NULL)
2363             continue;
2364         /*
2365         * we break after finding the first match because
2366         * the list is sorted from longest to shortest mask
2367         * so we have found the most specific match
2368         */
2369         for (found = 1, i = 0; i < 8; i++) {
2370             if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2371                 snp->smk_host.s6_addr16[i]) {
2372                 found = 0;
2373                 break;
2374             }
2375         }
2376         if (found)
2377             return snp->smk_label;
2378     }
2379
2380     return NULL;
2381 }
2382
2383 /**
2384  * smack_netlbl_add - Set the secattr on a socket
2385  * @sk: the socket
2386  *
2387  * Attach the outbound smack value (smk_out) to the socket.
2388  *
2389  * Returns 0 on success or an error code
2390  */
2391 static int smack_netlbl_add(struct sock *sk)
2392 {
2393     struct socket_smack *ssp = sk->sk_security;
2394     struct smack_known *skp = ssp->smk_out;
2395     int rc;
2396
2397     local_bh_disable();
2398     bh_lock_sock_nested(sk);
2399
2400     rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2401     switch (rc) {
2402     case 0:
2403         ssp->smk_state = SMK_NETLBL_LABELED;
2404         break;
2405     case -EDESTADDRREQ:
2406         ssp->smk_state = SMK_NETLBL_REQSKB;
2407         rc = 0;
2408         break;
2409     }
2410
2411     bh_unlock_sock(sk);
2412     local_bh_enable();
2413
2414     return rc;
2415 }
2416
2417 /**
2418  * smack_netlbl_delete - Remove the secattr from a socket
2419  * @sk: the socket
2420  *
2421  * Remove the outbound smack value from a socket
2422  */
2423 static void smack_netlbl_delete(struct sock *sk)
2424 {
2425     struct socket_smack *ssp = sk->sk_security;
2426
2427     /*
2428      * Take the label off the socket if one is set.
2429      */
2430     if (ssp->smk_state != SMK_NETLBL_LABELED)
2431         return;
2432
2433     local_bh_disable();
2434     bh_lock_sock_nested(sk);
2435     netlbl_sock_delattr(sk);
2436     bh_unlock_sock(sk);
2437     local_bh_enable();
2438     ssp->smk_state = SMK_NETLBL_UNLABELED;
2439 }
2440
2441 /**
2442  * smk_ipv4_check - Perform IPv4 host access checks
2443  * @sk: the socket
2444  * @sap: the destination address
2445  *
2446  * Set the correct secattr for the given socket based on the destination
2447  * address and perform any outbound access checks needed.
2448  *
2449  * Returns 0 on success or an error code.
2450  *
2451  */
2452 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2453 {
2454     struct smack_known *skp;
2455     int rc = 0;
2456     struct smack_known *hkp;
2457     struct socket_smack *ssp = sk->sk_security;
2458     struct smk_audit_info ad;
2459
2460     rcu_read_lock();
2461     hkp = smack_ipv4host_label(sap);
2462     if (hkp != NULL) {
2463 #ifdef CONFIG_AUDIT
2464         struct lsm_network_audit net;
2465
2466         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2467         ad.a.u.net->family = sap->sin_family;
2468         ad.a.u.net->dport = sap->sin_port;
2469         ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2470 #endif
2471         skp = ssp->smk_out;
2472         rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2473         rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2474         /*
2475          * Clear the socket netlabel if it's set.
2476          */
2477         if (!rc)
2478             smack_netlbl_delete(sk);
2479     }
2480     rcu_read_unlock();
2481
2482     return rc;
2483 }
2484
2485 /**
2486  * smk_ipv6_check - check Smack access
2487  * @subject: subject Smack label
2488  * @object: object Smack label
2489  * @address: address
2490  * @act: the action being taken
2491  *
2492  * Check an IPv6 access
2493  */
2494 static int smk_ipv6_check(struct smack_known *subject,
2495                 struct smack_known *object,
2496                 struct sockaddr_in6 *address, int act)
2497 {
2498 #ifdef CONFIG_AUDIT
2499     struct lsm_network_audit net;
2500 #endif
2501     struct smk_audit_info ad;
2502     int rc;
2503
2504 #ifdef CONFIG_AUDIT
2505     smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2506     ad.a.u.net->family = PF_INET6;
2507     ad.a.u.net->dport = address->sin6_port;
2508     if (act == SMK_RECEIVING)
2509         ad.a.u.net->v6info.saddr = address->sin6_addr;
2510     else
2511         ad.a.u.net->v6info.daddr = address->sin6_addr;
2512 #endif
2513     rc = smk_access(subject, object, MAY_WRITE, &ad);
2514     rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2515     return rc;
2516 }
2517
2518 #ifdef SMACK_IPV6_PORT_LABELING
2519 /**
2520  * smk_ipv6_port_label - Smack port access table management
2521  * @sock: socket
2522  * @address: address
2523  *
2524  * Create or update the port list entry
2525  */
2526 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2527 {
2528     struct sock *sk = sock->sk;
2529     struct sockaddr_in6 *addr6;
2530     struct socket_smack *ssp = sock->sk->sk_security;
2531     struct smk_port_label *spp;
2532     unsigned short port = 0;
2533
2534     if (address == NULL) {
2535         /*
2536          * This operation is changing the Smack information
2537          * on the bound socket. Take the changes to the port
2538          * as well.
2539          */
2540         rcu_read_lock();
2541         list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2542             if (sk != spp->smk_sock)
2543                 continue;
2544             spp->smk_in = ssp->smk_in;
2545             spp->smk_out = ssp->smk_out;
2546             rcu_read_unlock();
2547             return;
2548         }
2549         /*
2550          * A NULL address is only used for updating existing
2551          * bound entries. If there isn't one, it's OK.
2552          */
2553         rcu_read_unlock();
2554         return;
2555     }
2556
2557     addr6 = (struct sockaddr_in6 *)address;
2558     port = ntohs(addr6->sin6_port);
2559     /*
2560      * This is a special case that is safely ignored.
2561      */
2562     if (port == 0)
2563         return;
2564
2565     /*
2566      * Look for an existing port list entry.
2567      * This is an indication that a port is getting reused.
2568      */
2569     rcu_read_lock();
2570     list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2571         if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2572             continue;
2573         if (spp->smk_can_reuse != 1) {
2574             rcu_read_unlock();
2575             return;
2576         }
2577         spp->smk_port = port;
2578         spp->smk_sock = sk;
2579         spp->smk_in = ssp->smk_in;
2580         spp->smk_out = ssp->smk_out;
2581         spp->smk_can_reuse = 0;
2582         rcu_read_unlock();
2583         return;
2584     }
2585     rcu_read_unlock();
2586     /*
2587      * A new port entry is required.
2588      */
2589     spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2590     if (spp == NULL)
2591         return;
2592
2593     spp->smk_port = port;
2594     spp->smk_sock = sk;
2595     spp->smk_in = ssp->smk_in;
2596     spp->smk_out = ssp->smk_out;
2597     spp->smk_sock_type = sock->type;
2598     spp->smk_can_reuse = 0;
2599
2600     mutex_lock(&smack_ipv6_lock);
2601     list_add_rcu(&spp->list, &smk_ipv6_port_list);
2602     mutex_unlock(&smack_ipv6_lock);
2603     return;
2604 }
2605
2606 /**
2607  * smk_ipv6_port_check - check Smack port access
2608  * @sk: socket
2609  * @address: address
2610  * @act: the action being taken
2611  *
2612  * Create or update the port list entry
2613  */
2614 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2615                 int act)
2616 {
2617     struct smk_port_label *spp;
2618     struct socket_smack *ssp = sk->sk_security;
2619     struct smack_known *skp = NULL;
2620     unsigned short port;
2621     struct smack_known *object;
2622
2623     if (act == SMK_RECEIVING) {
2624         skp = smack_ipv6host_label(address);
2625         object = ssp->smk_in;
2626     } else {
2627         skp = ssp->smk_out;
2628         object = smack_ipv6host_label(address);
2629     }
2630
2631     /*
2632      * The other end is a single label host.
2633      */
2634     if (skp != NULL && object != NULL)
2635         return smk_ipv6_check(skp, object, address, act);
2636     if (skp == NULL)
2637         skp = smack_net_ambient;
2638     if (object == NULL)
2639         object = smack_net_ambient;
2640
2641     /*
2642      * It's remote, so port lookup does no good.
2643      */
2644     if (!smk_ipv6_localhost(address))
2645         return smk_ipv6_check(skp, object, address, act);
2646
2647     /*
2648      * It's local so the send check has to have passed.
2649      */
2650     if (act == SMK_RECEIVING)
2651         return 0;
2652
2653     port = ntohs(address->sin6_port);
2654     rcu_read_lock();
2655     list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2656         if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2657             continue;
2658         object = spp->smk_in;
2659         if (act == SMK_CONNECTING)
2660             ssp->smk_packet = spp->smk_out;
2661         break;
2662     }
2663     rcu_read_unlock();
2664
2665     return smk_ipv6_check(skp, object, address, act);
2666 }
2667 #endif
2668
2669 /**
2670  * smack_inode_setsecurity - set smack xattrs
2671  * @inode: the object
2672  * @name: attribute name
2673  * @value: attribute value
2674  * @size: size of the attribute
2675  * @flags: unused
2676  *
2677  * Sets the named attribute in the appropriate blob
2678  *
2679  * Returns 0 on success, or an error code
2680  */
2681 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2682                    const void *value, size_t size, int flags)
2683 {
2684     struct smack_known *skp;
2685     struct inode_smack *nsp = smack_inode(inode);
2686     struct socket_smack *ssp;
2687     struct socket *sock;
2688     int rc = 0;
2689
2690     if (value == NULL || size > SMK_LONGLABEL || size == 0)
2691         return -EINVAL;
2692
2693     skp = smk_import_entry(value, size);
2694     if (IS_ERR(skp))
2695         return PTR_ERR(skp);
2696
2697     if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2698         nsp->smk_inode = skp;
2699         nsp->smk_flags |= SMK_INODE_INSTANT;
2700         return 0;
2701     }
2702     /*
2703      * The rest of the Smack xattrs are only on sockets.
2704      */
2705     if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2706         return -EOPNOTSUPP;
2707
2708     sock = SOCKET_I(inode);
2709     if (sock == NULL || sock->sk == NULL)
2710         return -EOPNOTSUPP;
2711
2712     ssp = sock->sk->sk_security;
2713
2714     if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2715         ssp->smk_in = skp;
2716     else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2717         ssp->smk_out = skp;
2718         if (sock->sk->sk_family == PF_INET) {
2719             rc = smack_netlbl_add(sock->sk);
2720             if (rc != 0)
2721                 printk(KERN_WARNING
2722                     "Smack: \"%s\" netlbl error %d.\n",
2723                     __func__, -rc);
2724         }
2725     } else
2726         return -EOPNOTSUPP;
2727
2728 #ifdef SMACK_IPV6_PORT_LABELING
2729     if (sock->sk->sk_family == PF_INET6)
2730         smk_ipv6_port_label(sock, NULL);
2731 #endif
2732
2733     return 0;
2734 }
2735
2736 /**
2737  * smack_socket_post_create - finish socket setup
2738  * @sock: the socket
2739  * @family: protocol family
2740  * @type: unused
2741  * @protocol: unused
2742  * @kern: unused
2743  *
2744  * Sets the netlabel information on the socket
2745  *
2746  * Returns 0 on success, and error code otherwise
2747  */
2748 static int smack_socket_post_create(struct socket *sock, int family,
2749                     int type, int protocol, int kern)
2750 {
2751     struct socket_smack *ssp;
2752
2753     if (sock->sk == NULL)
2754         return 0;
2755
2756     /*
2757      * Sockets created by kernel threads receive web label.
2758      */
2759     if (unlikely(current->flags & PF_KTHREAD)) {
2760         ssp = sock->sk->sk_security;
2761         ssp->smk_in = &smack_known_web;
2762         ssp->smk_out = &smack_known_web;
2763     }
2764
2765     if (family != PF_INET)
2766         return 0;
2767     /*
2768      * Set the outbound netlbl.
2769      */
2770     return smack_netlbl_add(sock->sk);
2771 }
2772
2773 /**
2774  * smack_socket_socketpair - create socket pair
2775  * @socka: one socket
2776  * @sockb: another socket
2777  *
2778  * Cross reference the peer labels for SO_PEERSEC
2779  *
2780  * Returns 0
2781  */
2782 static int smack_socket_socketpair(struct socket *socka,
2783                            struct socket *sockb)
2784 {
2785     struct socket_smack *asp = socka->sk->sk_security;
2786     struct socket_smack *bsp = sockb->sk->sk_security;
2787
2788     asp->smk_packet = bsp->smk_out;
2789     bsp->smk_packet = asp->smk_out;
2790
2791     return 0;
2792 }
2793
2794 #ifdef SMACK_IPV6_PORT_LABELING
2795 /**
2796  * smack_socket_bind - record port binding information.
2797  * @sock: the socket
2798  * @address: the port address
2799  * @addrlen: size of the address
2800  *
2801  * Records the label bound to a port.
2802  *
2803  * Returns 0 on success, and error code otherwise
2804  */
2805 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2806                 int addrlen)
2807 {
2808     if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2809         if (addrlen < SIN6_LEN_RFC2133 ||
2810             address->sa_family != AF_INET6)
2811             return -EINVAL;
2812         smk_ipv6_port_label(sock, address);
2813     }
2814     return 0;
2815 }
2816 #endif /* SMACK_IPV6_PORT_LABELING */
2817
2818 /**
2819  * smack_socket_connect - connect access check
2820  * @sock: the socket
2821  * @sap: the other end
2822  * @addrlen: size of sap
2823  *
2824  * Verifies that a connection may be possible
2825  *
2826  * Returns 0 on success, and error code otherwise
2827  */
2828 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2829                 int addrlen)
2830 {
2831     int rc = 0;
2832
2833     if (sock->sk == NULL)
2834         return 0;
2835     if (sock->sk->sk_family != PF_INET &&
2836         (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2837         return 0;
2838     if (addrlen < offsetofend(struct sockaddr, sa_family))
2839         return 0;
2840     if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2841         struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2842         struct smack_known *rsp = NULL;
2843
2844         if (addrlen < SIN6_LEN_RFC2133)
2845             return 0;
2846         if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2847             rsp = smack_ipv6host_label(sip);
2848         if (rsp != NULL) {
2849             struct socket_smack *ssp = sock->sk->sk_security;
2850
2851             rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2852                         SMK_CONNECTING);
2853         }
2854 #ifdef SMACK_IPV6_PORT_LABELING
2855         rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2856 #endif
2857
2858         return rc;
2859     }
2860     if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2861         return 0;
2862     rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
2863     return rc;
2864 }
2865
2866 /**
2867  * smack_flags_to_may - convert S_ to MAY_ values
2868  * @flags: the S_ value
2869  *
2870  * Returns the equivalent MAY_ value
2871  */
2872 static int smack_flags_to_may(int flags)
2873 {
2874     int may = 0;
2875
2876     if (flags & S_IRUGO)
2877         may |= MAY_READ;
2878     if (flags & S_IWUGO)
2879         may |= MAY_WRITE;
2880     if (flags & S_IXUGO)
2881         may |= MAY_EXEC;
2882
2883     return may;
2884 }
2885
2886 /**
2887  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2888  * @msg: the object
2889  *
2890  * Returns 0
2891  */
2892 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2893 {
2894     struct smack_known **blob = smack_msg_msg(msg);
2895
2896     *blob = smk_of_current();
2897     return 0;
2898 }
2899
2900 /**
2901  * smack_of_ipc - the smack pointer for the ipc
2902  * @isp: the object
2903  *
2904  * Returns a pointer to the smack value
2905  */
2906 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
2907 {
2908     struct smack_known **blob = smack_ipc(isp);
2909
2910     return *blob;
2911 }
2912
2913 /**
2914  * smack_ipc_alloc_security - Set the security blob for ipc
2915  * @isp: the object
2916  *
2917  * Returns 0
2918  */
2919 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
2920 {
2921     struct smack_known **blob = smack_ipc(isp);
2922
2923     *blob = smk_of_current();
2924     return 0;
2925 }
2926
2927 /**
2928  * smk_curacc_shm : check if current has access on shm
2929  * @isp : the object
2930  * @access : access requested
2931  *
2932  * Returns 0 if current has the requested access, error code otherwise
2933  */
2934 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
2935 {
2936     struct smack_known *ssp = smack_of_ipc(isp);
2937     struct smk_audit_info ad;
2938     int rc;
2939
2940 #ifdef CONFIG_AUDIT
2941     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2942     ad.a.u.ipc_id = isp->id;
2943 #endif
2944     rc = smk_curacc(ssp, access, &ad);
2945     rc = smk_bu_current("shm", ssp, access, rc);
2946     return rc;
2947 }
2948
2949 /**
2950  * smack_shm_associate - Smack access check for shm
2951  * @isp: the object
2952  * @shmflg: access requested
2953  *
2954  * Returns 0 if current has the requested access, error code otherwise
2955  */
2956 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
2957 {
2958     int may;
2959
2960     may = smack_flags_to_may(shmflg);
2961     return smk_curacc_shm(isp, may);
2962 }
2963
2964 /**
2965  * smack_shm_shmctl - Smack access check for shm
2966  * @isp: the object
2967  * @cmd: what it wants to do
2968  *
2969  * Returns 0 if current has the requested access, error code otherwise
2970  */
2971 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
2972 {
2973     int may;
2974
2975     switch (cmd) {
2976     case IPC_STAT:
2977     case SHM_STAT:
2978     case SHM_STAT_ANY:
2979         may = MAY_READ;
2980         break;
2981     case IPC_SET:
2982     case SHM_LOCK:
2983     case SHM_UNLOCK:
2984     case IPC_RMID:
2985         may = MAY_READWRITE;
2986         break;
2987     case IPC_INFO:
2988     case SHM_INFO:
2989         /*
2990          * System level information.
2991          */
2992         return 0;
2993     default:
2994         return -EINVAL;
2995     }
2996     return smk_curacc_shm(isp, may);
2997 }
2998
2999 /**
3000  * smack_shm_shmat - Smack access for shmat
3001  * @isp: the object
3002  * @shmaddr: unused
3003  * @shmflg: access requested
3004  *
3005  * Returns 0 if current has the requested access, error code otherwise
3006  */
3007 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3008                int shmflg)
3009 {
3010     int may;
3011
3012     may = smack_flags_to_may(shmflg);
3013     return smk_curacc_shm(isp, may);
3014 }
3015
3016 /**
3017  * smk_curacc_sem : check if current has access on sem
3018  * @isp : the object
3019  * @access : access requested
3020  *
3021  * Returns 0 if current has the requested access, error code otherwise
3022  */
3023 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3024 {
3025     struct smack_known *ssp = smack_of_ipc(isp);
3026     struct smk_audit_info ad;
3027     int rc;
3028
3029 #ifdef CONFIG_AUDIT
3030     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3031     ad.a.u.ipc_id = isp->id;
3032 #endif
3033     rc = smk_curacc(ssp, access, &ad);
3034     rc = smk_bu_current("sem", ssp, access, rc);
3035     return rc;
3036 }
3037
3038 /**
3039  * smack_sem_associate - Smack access check for sem
3040  * @isp: the object
3041  * @semflg: access requested
3042  *
3043  * Returns 0 if current has the requested access, error code otherwise
3044  */
3045 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3046 {
3047     int may;
3048
3049     may = smack_flags_to_may(semflg);
3050     return smk_curacc_sem(isp, may);
3051 }
3052
3053 /**
3054  * smack_sem_semctl - Smack access check for sem
3055  * @isp: the object
3056  * @cmd: what it wants to do
3057  *
3058  * Returns 0 if current has the requested access, error code otherwise
3059  */
3060 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3061 {
3062     int may;
3063
3064     switch (cmd) {
3065     case GETPID:
3066     case GETNCNT:
3067     case GETZCNT:
3068     case GETVAL:
3069     case GETALL:
3070     case IPC_STAT:
3071     case SEM_STAT:
3072     case SEM_STAT_ANY:
3073         may = MAY_READ;
3074         break;
3075     case SETVAL:
3076     case SETALL:
3077     case IPC_RMID:
3078     case IPC_SET:
3079         may = MAY_READWRITE;
3080         break;
3081     case IPC_INFO:
3082     case SEM_INFO:
3083         /*
3084          * System level information
3085          */
3086         return 0;
3087     default:
3088         return -EINVAL;
3089     }
3090
3091     return smk_curacc_sem(isp, may);
3092 }
3093
3094 /**
3095  * smack_sem_semop - Smack checks of semaphore operations
3096  * @isp: the object
3097  * @sops: unused
3098  * @nsops: unused
3099  * @alter: unused
3100  *
3101  * Treated as read and write in all cases.
3102  *
3103  * Returns 0 if access is allowed, error code otherwise
3104  */
3105 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3106                unsigned nsops, int alter)
3107 {
3108     return smk_curacc_sem(isp, MAY_READWRITE);
3109 }
3110
3111 /**
3112  * smk_curacc_msq : helper to check if current has access on msq
3113  * @isp : the msq
3114  * @access : access requested
3115  *
3116  * return 0 if current has access, error otherwise
3117  */
3118 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3119 {
3120     struct smack_known *msp = smack_of_ipc(isp);
3121     struct smk_audit_info ad;
3122     int rc;
3123
3124 #ifdef CONFIG_AUDIT
3125     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3126     ad.a.u.ipc_id = isp->id;
3127 #endif
3128     rc = smk_curacc(msp, access, &ad);
3129     rc = smk_bu_current("msq", msp, access, rc);
3130     return rc;
3131 }
3132
3133 /**
3134  * smack_msg_queue_associate - Smack access check for msg_queue
3135  * @isp: the object
3136  * @msqflg: access requested
3137  *
3138  * Returns 0 if current has the requested access, error code otherwise
3139  */
3140 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3141 {
3142     int may;
3143
3144     may = smack_flags_to_may(msqflg);
3145     return smk_curacc_msq(isp, may);
3146 }
3147
3148 /**
3149  * smack_msg_queue_msgctl - Smack access check for msg_queue
3150  * @isp: the object
3151  * @cmd: what it wants to do
3152  *
3153  * Returns 0 if current has the requested access, error code otherwise
3154  */
3155 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3156 {
3157     int may;
3158
3159     switch (cmd) {
3160     case IPC_STAT:
3161     case MSG_STAT:
3162     case MSG_STAT_ANY:
3163         may = MAY_READ;
3164         break;
3165     case IPC_SET:
3166     case IPC_RMID:
3167         may = MAY_READWRITE;
3168         break;
3169     case IPC_INFO:
3170     case MSG_INFO:
3171         /*
3172          * System level information
3173          */
3174         return 0;
3175     default:
3176         return -EINVAL;
3177     }
3178
3179     return smk_curacc_msq(isp, may);
3180 }
3181
3182 /**
3183  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3184  * @isp: the object
3185  * @msg: unused
3186  * @msqflg: access requested
3187  *
3188  * Returns 0 if current has the requested access, error code otherwise
3189  */
3190 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3191                   int msqflg)
3192 {
3193     int may;
3194
3195     may = smack_flags_to_may(msqflg);
3196     return smk_curacc_msq(isp, may);
3197 }
3198
3199 /**
3200  * smack_msg_queue_msgrcv - Smack access check for msg_queue
3201  * @isp: the object
3202  * @msg: unused
3203  * @target: unused
3204  * @type: unused
3205  * @mode: unused
3206  *
3207  * Returns 0 if current has read and write access, error code otherwise
3208  */
3209 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3210                   struct msg_msg *msg,
3211                   struct task_struct *target, long type,
3212                   int mode)
3213 {
3214     return smk_curacc_msq(isp, MAY_READWRITE);
3215 }
3216
3217 /**
3218  * smack_ipc_permission - Smack access for ipc_permission()
3219  * @ipp: the object permissions
3220  * @flag: access requested
3221  *
3222  * Returns 0 if current has read and write access, error code otherwise
3223  */
3224 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3225 {
3226     struct smack_known **blob = smack_ipc(ipp);
3227     struct smack_known *iskp = *blob;
3228     int may = smack_flags_to_may(flag);
3229     struct smk_audit_info ad;
3230     int rc;
3231
3232 #ifdef CONFIG_AUDIT
3233     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3234     ad.a.u.ipc_id = ipp->id;
3235 #endif
3236     rc = smk_curacc(iskp, may, &ad);
3237     rc = smk_bu_current("svipc", iskp, may, rc);
3238     return rc;
3239 }
3240
3241 /**
3242  * smack_ipc_getsecid - Extract smack security id
3243  * @ipp: the object permissions
3244  * @secid: where result will be saved
3245  */
3246 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3247 {
3248     struct smack_known **blob = smack_ipc(ipp);
3249     struct smack_known *iskp = *blob;
3250
3251     *secid = iskp->smk_secid;
3252 }
3253
3254 /**
3255  * smack_d_instantiate - Make sure the blob is correct on an inode
3256  * @opt_dentry: dentry where inode will be attached
3257  * @inode: the object
3258  *
3259  * Set the inode's security blob if it hasn't been done already.
3260  */
3261 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3262 {
3263     struct super_block *sbp;
3264     struct superblock_smack *sbsp;
3265     struct inode_smack *isp;
3266     struct smack_known *skp;
3267     struct smack_known *ckp = smk_of_current();
3268     struct smack_known *final;
3269     char trattr[TRANS_TRUE_SIZE];
3270     int transflag = 0;
3271     int rc;
3272     struct dentry *dp;
3273
3274     if (inode == NULL)
3275         return;
3276
3277     isp = smack_inode(inode);
3278
3279     /*
3280      * If the inode is already instantiated
3281      * take the quick way out
3282      */
3283     if (isp->smk_flags & SMK_INODE_INSTANT)
3284         return;
3285
3286     sbp = inode->i_sb;
3287     sbsp = smack_superblock(sbp);
3288     /*
3289      * We're going to use the superblock default label
3290      * if there's no label on the file.
3291      */
3292     final = sbsp->smk_default;
3293
3294     /*
3295      * If this is the root inode the superblock
3296      * may be in the process of initialization.
3297      * If that is the case use the root value out
3298      * of the superblock.
3299      */
3300     if (opt_dentry->d_parent == opt_dentry) {
3301         switch (sbp->s_magic) {
3302         case CGROUP_SUPER_MAGIC:
3303         case CGROUP2_SUPER_MAGIC:
3304             /*
3305              * The cgroup filesystem is never mounted,
3306              * so there's no opportunity to set the mount
3307              * options.
3308              */
3309             sbsp->smk_root = &smack_known_star;
3310             sbsp->smk_default = &smack_known_star;
3311             isp->smk_inode = sbsp->smk_root;
3312             break;
3313         case TMPFS_MAGIC:
3314             /*
3315              * What about shmem/tmpfs anonymous files with dentry
3316              * obtained from d_alloc_pseudo()?
3317              */
3318             isp->smk_inode = smk_of_current();
3319             break;
3320         case PIPEFS_MAGIC:
3321             isp->smk_inode = smk_of_current();
3322             break;
3323         case SOCKFS_MAGIC:
3324             /*
3325              * Socket access is controlled by the socket
3326              * structures associated with the task involved.
3327              */
3328             isp->smk_inode = &smack_known_star;
3329             break;
3330         default:
3331             isp->smk_inode = sbsp->smk_root;
3332             break;
3333         }
3334         isp->smk_flags |= SMK_INODE_INSTANT;
3335         return;
3336     }
3337
3338     /*
3339      * This is pretty hackish.
3340      * Casey says that we shouldn't have to do
3341      * file system specific code, but it does help
3342      * with keeping it simple.
3343      */
3344     switch (sbp->s_magic) {
3345     case SMACK_MAGIC:
3346     case CGROUP_SUPER_MAGIC:
3347     case CGROUP2_SUPER_MAGIC:
3348         /*
3349          * Casey says that it's a little embarrassing
3350          * that the smack file system doesn't do
3351          * extended attributes.
3352          *
3353          * Cgroupfs is special
3354          */
3355         final = &smack_known_star;
3356         break;
3357     case DEVPTS_SUPER_MAGIC:
3358         /*
3359          * devpts seems content with the label of the task.
3360          * Programs that change smack have to treat the
3361          * pty with respect.
3362          */
3363         final = ckp;
3364         break;
3365     case PROC_SUPER_MAGIC:
3366         /*
3367          * Casey says procfs appears not to care.
3368          * The superblock default suffices.
3369          */
3370         break;
3371     case TMPFS_MAGIC:
3372         /*
3373          * Device labels should come from the filesystem,
3374          * but watch out, because they're volitile,
3375          * getting recreated on every reboot.
3376          */
3377         final = &smack_known_star;
3378         /*
3379          * If a smack value has been set we want to use it,
3380          * but since tmpfs isn't giving us the opportunity
3381          * to set mount options simulate setting the
3382          * superblock default.
3383          */
3384         fallthrough;
3385     default:
3386         /*
3387          * This isn't an understood special case.
3388          * Get the value from the xattr.
3389          */
3390
3391         /*
3392          * UNIX domain sockets use lower level socket data.
3393          */
3394         if (S_ISSOCK(inode->i_mode)) {
3395             final = &smack_known_star;
3396             break;
3397         }
3398         /*
3399          * No xattr support means, alas, no SMACK label.
3400          * Use the aforeapplied default.
3401          * It would be curious if the label of the task
3402          * does not match that assigned.
3403          */
3404         if (!(inode->i_opflags & IOP_XATTR))
3405                 break;
3406         /*
3407          * Get the dentry for xattr.
3408          */
3409         dp = dget(opt_dentry);
3410         skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3411         if (!IS_ERR_OR_NULL(skp))
3412             final = skp;
3413
3414         /*
3415          * Transmuting directory
3416          */
3417         if (S_ISDIR(inode->i_mode)) {
3418             /*
3419              * If this is a new directory and the label was
3420              * transmuted when the inode was initialized
3421              * set the transmute attribute on the directory
3422              * and mark the inode.
3423              *
3424              * If there is a transmute attribute on the
3425              * directory mark the inode.
3426              */
3427             if (isp->smk_flags & SMK_INODE_CHANGED) {
3428                 isp->smk_flags &= ~SMK_INODE_CHANGED;
3429                 rc = __vfs_setxattr(&init_user_ns, dp, inode,
3430                     XATTR_NAME_SMACKTRANSMUTE,
3431                     TRANS_TRUE, TRANS_TRUE_SIZE,
3432                     0);
3433             } else {
3434                 rc = __vfs_getxattr(dp, inode,
3435                     XATTR_NAME_SMACKTRANSMUTE, trattr,
3436                     TRANS_TRUE_SIZE);
3437                 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3438                                TRANS_TRUE_SIZE) != 0)
3439                     rc = -EINVAL;
3440             }
3441             if (rc >= 0)
3442                 transflag = SMK_INODE_TRANSMUTE;
3443         }
3444         /*
3445          * Don't let the exec or mmap label be "*" or "@".
3446          */
3447         skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3448         if (IS_ERR(skp) || skp == &smack_known_star ||
3449             skp == &smack_known_web)
3450             skp = NULL;
3451         isp->smk_task = skp;
3452
3453         skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3454         if (IS_ERR(skp) || skp == &smack_known_star ||
3455             skp == &smack_known_web)
3456             skp = NULL;
3457         isp->smk_mmap = skp;
3458
3459         dput(dp);
3460         break;
3461     }
3462
3463     if (final == NULL)
3464         isp->smk_inode = ckp;
3465     else
3466         isp->smk_inode = final;
3467
3468     isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3469
3470     return;
3471 }
3472
3473 /**
3474  * smack_getprocattr - Smack process attribute access
3475  * @p: the object task
3476  * @name: the name of the attribute in /proc/.../attr
3477  * @value: where to put the result
3478  *
3479  * Places a copy of the task Smack into value
3480  *
3481  * Returns the length of the smack label or an error code
3482  */
3483 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3484 {
3485     struct smack_known *skp = smk_of_task_struct_obj(p);
3486     char *cp;
3487     int slen;
3488
3489     if (strcmp(name, "current") != 0)
3490         return -EINVAL;
3491
3492     cp = kstrdup(skp->smk_known, GFP_KERNEL);
3493     if (cp == NULL)
3494         return -ENOMEM;
3495
3496     slen = strlen(cp);
3497     *value = cp;
3498     return slen;
3499 }
3500
3501 /**
3502  * smack_setprocattr - Smack process attribute setting
3503  * @name: the name of the attribute in /proc/.../attr
3504  * @value: the value to set
3505  * @size: the size of the value
3506  *
3507  * Sets the Smack value of the task. Only setting self
3508  * is permitted and only with privilege
3509  *
3510  * Returns the length of the smack label or an error code
3511  */
3512 static int smack_setprocattr(const char *name, void *value, size_t size)
3513 {
3514     struct task_smack *tsp = smack_cred(current_cred());
3515     struct cred *new;
3516     struct smack_known *skp;
3517     struct smack_known_list_elem *sklep;
3518     int rc;
3519
3520     if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3521         return -EPERM;
3522
3523     if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3524         return -EINVAL;
3525
3526     if (strcmp(name, "current") != 0)
3527         return -EINVAL;
3528
3529     skp = smk_import_entry(value, size);
3530     if (IS_ERR(skp))
3531         return PTR_ERR(skp);
3532
3533     /*
3534      * No process is ever allowed the web ("@") label
3535      * and the star ("*") label.
3536      */
3537     if (skp == &smack_known_web || skp == &smack_known_star)
3538         return -EINVAL;
3539
3540     if (!smack_privileged(CAP_MAC_ADMIN)) {
3541         rc = -EPERM;
3542         list_for_each_entry(sklep, &tsp->smk_relabel, list)
3543             if (sklep->smk_label == skp) {
3544                 rc = 0;
3545                 break;
3546             }
3547         if (rc)
3548             return rc;
3549     }
3550
3551     new = prepare_creds();
3552     if (new == NULL)
3553         return -ENOMEM;
3554
3555     tsp = smack_cred(new);
3556     tsp->smk_task = skp;
3557     /*
3558      * process can change its label only once
3559      */
3560     smk_destroy_label_list(&tsp->smk_relabel);
3561
3562     commit_creds(new);
3563     return size;
3564 }
3565
3566 /**
3567  * smack_unix_stream_connect - Smack access on UDS
3568  * @sock: one sock
3569  * @other: the other sock
3570  * @newsk: unused
3571  *
3572  * Return 0 if a subject with the smack of sock could access
3573  * an object with the smack of other, otherwise an error code
3574  */
3575 static int smack_unix_stream_connect(struct sock *sock,
3576                      struct sock *other, struct sock *newsk)
3577 {
3578     struct smack_known *skp;
3579     struct smack_known *okp;
3580     struct socket_smack *ssp = sock->sk_security;
3581     struct socket_smack *osp = other->sk_security;
3582     struct socket_smack *nsp = newsk->sk_security;
3583     struct smk_audit_info ad;
3584     int rc = 0;
3585 #ifdef CONFIG_AUDIT
3586     struct lsm_network_audit net;
3587 #endif
3588
3589     if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3590         skp = ssp->smk_out;
3591         okp = osp->smk_in;
3592 #ifdef CONFIG_AUDIT
3593         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3594         smk_ad_setfield_u_net_sk(&ad, other);
3595 #endif
3596         rc = smk_access(skp, okp, MAY_WRITE, &ad);
3597         rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3598         if (rc == 0) {
3599             okp = osp->smk_out;
3600             skp = ssp->smk_in;
3601             rc = smk_access(okp, skp, MAY_WRITE, &ad);
3602             rc = smk_bu_note("UDS connect", okp, skp,
3603                         MAY_WRITE, rc);
3604         }
3605     }
3606
3607     /*
3608      * Cross reference the peer labels for SO_PEERSEC.
3609      */
3610     if (rc == 0) {
3611         nsp->smk_packet = ssp->smk_out;
3612         ssp->smk_packet = osp->smk_out;
3613     }
3614
3615     return rc;
3616 }
3617
3618 /**
3619  * smack_unix_may_send - Smack access on UDS
3620  * @sock: one socket
3621  * @other: the other socket
3622  *
3623  * Return 0 if a subject with the smack of sock could access
3624  * an object with the smack of other, otherwise an error code
3625  */
3626 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3627 {
3628     struct socket_smack *ssp = sock->sk->sk_security;
3629     struct socket_smack *osp = other->sk->sk_security;
3630     struct smk_audit_info ad;
3631     int rc;
3632
3633 #ifdef CONFIG_AUDIT
3634     struct lsm_network_audit net;
3635
3636     smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3637     smk_ad_setfield_u_net_sk(&ad, other->sk);
3638 #endif
3639
3640     if (smack_privileged(CAP_MAC_OVERRIDE))
3641         return 0;
3642
3643     rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3644     rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3645     return rc;
3646 }
3647
3648 /**
3649  * smack_socket_sendmsg - Smack check based on destination host
3650  * @sock: the socket
3651  * @msg: the message
3652  * @size: the size of the message
3653  *
3654  * Return 0 if the current subject can write to the destination host.
3655  * For IPv4 this is only a question if the destination is a single label host.
3656  * For IPv6 this is a check against the label of the port.
3657  */
3658 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3659                 int size)
3660 {
3661     struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3662 #if IS_ENABLED(CONFIG_IPV6)
3663     struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3664 #endif
3665 #ifdef SMACK_IPV6_SECMARK_LABELING
3666     struct socket_smack *ssp = sock->sk->sk_security;
3667     struct smack_known *rsp;
3668 #endif
3669     int rc = 0;
3670
3671     /*
3672      * Perfectly reasonable for this to be NULL
3673      */
3674     if (sip == NULL)
3675         return 0;
3676
3677     switch (sock->sk->sk_family) {
3678     case AF_INET:
3679         if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3680             sip->sin_family != AF_INET)
3681             return -EINVAL;
3682         rc = smk_ipv4_check(sock->sk, sip);
3683         break;
3684 #if IS_ENABLED(CONFIG_IPV6)
3685     case AF_INET6:
3686         if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3687             sap->sin6_family != AF_INET6)
3688             return -EINVAL;
3689 #ifdef SMACK_IPV6_SECMARK_LABELING
3690         rsp = smack_ipv6host_label(sap);
3691         if (rsp != NULL)
3692             rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3693                         SMK_CONNECTING);
3694 #endif
3695 #ifdef SMACK_IPV6_PORT_LABELING
3696         rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3697 #endif
3698 #endif /* IS_ENABLED(CONFIG_IPV6) */
3699         break;
3700     }
3701     return rc;
3702 }
3703
3704 /**
3705  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3706  * @sap: netlabel secattr
3707  * @ssp: socket security information
3708  *
3709  * Returns a pointer to a Smack label entry found on the label list.
3710  */
3711 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3712                         struct socket_smack *ssp)
3713 {
3714     struct smack_known *skp;
3715     int found = 0;
3716     int acat;
3717     int kcat;
3718
3719     /*
3720      * Netlabel found it in the cache.
3721      */
3722     if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3723         return (struct smack_known *)sap->cache->data;
3724
3725     if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3726         /*
3727          * Looks like a fallback, which gives us a secid.
3728          */
3729         return smack_from_secid(sap->attr.secid);
3730
3731     if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3732         /*
3733          * Looks like a CIPSO packet.
3734          * If there are flags but no level netlabel isn't
3735          * behaving the way we expect it to.
3736          *
3737          * Look it up in the label table
3738          * Without guidance regarding the smack value
3739          * for the packet fall back on the network
3740          * ambient value.
3741          */
3742         rcu_read_lock();
3743         list_for_each_entry_rcu(skp, &smack_known_list, list) {
3744             if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3745                 continue;
3746             /*
3747              * Compare the catsets. Use the netlbl APIs.
3748              */
3749             if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3750                 if ((skp->smk_netlabel.flags &
3751                      NETLBL_SECATTR_MLS_CAT) == 0)
3752                     found = 1;
3753                 break;
3754             }
3755             for (acat = -1, kcat = -1; acat == kcat; ) {
3756                 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3757                               acat + 1);
3758                 kcat = netlbl_catmap_walk(
3759                     skp->smk_netlabel.attr.mls.cat,
3760                     kcat + 1);
3761                 if (acat < 0 || kcat < 0)
3762                     break;
3763             }
3764             if (acat == kcat) {
3765                 found = 1;
3766                 break;
3767             }
3768         }
3769         rcu_read_unlock();
3770
3771         if (found)
3772             return skp;
3773
3774         if (ssp != NULL && ssp->smk_in == &smack_known_star)
3775             return &smack_known_web;
3776         return &smack_known_star;
3777     }
3778     /*
3779      * Without guidance regarding the smack value
3780      * for the packet fall back on the network
3781      * ambient value.
3782      */
3783     return smack_net_ambient;
3784 }
3785
3786 #if IS_ENABLED(CONFIG_IPV6)
3787 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3788 {
3789     u8 nexthdr;
3790     int offset;
3791     int proto = -EINVAL;
3792     struct ipv6hdr _ipv6h;
3793     struct ipv6hdr *ip6;
3794     __be16 frag_off;
3795     struct tcphdr _tcph, *th;
3796     struct udphdr _udph, *uh;
3797     struct dccp_hdr _dccph, *dh;
3798
3799     sip->sin6_port = 0;
3800
3801     offset = skb_network_offset(skb);
3802     ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3803     if (ip6 == NULL)
3804         return -EINVAL;
3805     sip->sin6_addr = ip6->saddr;
3806
3807     nexthdr = ip6->nexthdr;
3808     offset += sizeof(_ipv6h);
3809     offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3810     if (offset < 0)
3811         return -EINVAL;
3812
3813     proto = nexthdr;
3814     switch (proto) {
3815     case IPPROTO_TCP:
3816         th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3817         if (th != NULL)
3818             sip->sin6_port = th->source;
3819         break;
3820     case IPPROTO_UDP:
3821     case IPPROTO_UDPLITE:
3822         uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3823         if (uh != NULL)
3824             sip->sin6_port = uh->source;
3825         break;
3826     case IPPROTO_DCCP:
3827         dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3828         if (dh != NULL)
3829             sip->sin6_port = dh->dccph_sport;
3830         break;
3831     }
3832     return proto;
3833 }
3834 #endif /* CONFIG_IPV6 */
3835
3836 /**
3837  * smack_from_skb - Smack data from the secmark in an skb
3838  * @skb: packet
3839  *
3840  * Returns smack_known of the secmark or NULL if that won't work.
3841  */
3842 #ifdef CONFIG_NETWORK_SECMARK
3843 static struct smack_known *smack_from_skb(struct sk_buff *skb)
3844 {
3845     if (skb == NULL || skb->secmark == 0)
3846         return NULL;
3847
3848     return smack_from_secid(skb->secmark);
3849 }
3850 #else
3851 static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3852 {
3853     return NULL;
3854 }
3855 #endif
3856
3857 /**
3858  * smack_from_netlbl - Smack data from the IP options in an skb
3859  * @sk: socket data came in on
3860  * @family: address family
3861  * @skb: packet
3862  *
3863  * Find the Smack label in the IP options. If it hasn't been
3864  * added to the netlabel cache, add it here.
3865  *
3866  * Returns smack_known of the IP options or NULL if that won't work.
3867  */
3868 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
3869                          struct sk_buff *skb)
3870 {
3871     struct netlbl_lsm_secattr secattr;
3872     struct socket_smack *ssp = NULL;
3873     struct smack_known *skp = NULL;
3874
3875     netlbl_secattr_init(&secattr);
3876
3877     if (sk)
3878         ssp = sk->sk_security;
3879
3880     if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
3881         skp = smack_from_secattr(&secattr, ssp);
3882         if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
3883             netlbl_cache_add(skb, family, &skp->smk_netlabel);
3884     }
3885
3886     netlbl_secattr_destroy(&secattr);
3887
3888     return skp;
3889 }
3890
3891 /**
3892  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3893  * @sk: socket
3894  * @skb: packet
3895  *
3896  * Returns 0 if the packet should be delivered, an error code otherwise
3897  */
3898 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3899 {
3900     struct socket_smack *ssp = sk->sk_security;
3901     struct smack_known *skp = NULL;
3902     int rc = 0;
3903     struct smk_audit_info ad;
3904     u16 family = sk->sk_family;
3905 #ifdef CONFIG_AUDIT
3906     struct lsm_network_audit net;
3907 #endif
3908 #if IS_ENABLED(CONFIG_IPV6)
3909     struct sockaddr_in6 sadd;
3910     int proto;
3911
3912     if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3913         family = PF_INET;
3914 #endif /* CONFIG_IPV6 */
3915
3916     switch (family) {
3917     case PF_INET:
3918         /*
3919          * If there is a secmark use it rather than the CIPSO label.
3920          * If there is no secmark fall back to CIPSO.
3921          * The secmark is assumed to reflect policy better.
3922          */
3923         skp = smack_from_skb(skb);
3924         if (skp == NULL) {
3925             skp = smack_from_netlbl(sk, family, skb);
3926             if (skp == NULL)
3927                 skp = smack_net_ambient;
3928         }
3929
3930 #ifdef CONFIG_AUDIT
3931         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3932         ad.a.u.net->family = family;
3933         ad.a.u.net->netif = skb->skb_iif;
3934         ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3935 #endif
3936         /*
3937          * Receiving a packet requires that the other end
3938          * be able to write here. Read access is not required.
3939          * This is the simplist possible security model
3940          * for networking.
3941          */
3942         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3943         rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3944                     MAY_WRITE, rc);
3945         if (rc != 0)
3946             netlbl_skbuff_err(skb, family, rc, 0);
3947         break;
3948 #if IS_ENABLED(CONFIG_IPV6)
3949     case PF_INET6:
3950         proto = smk_skb_to_addr_ipv6(skb, &sadd);
3951         if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3952             proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
3953             break;
3954 #ifdef SMACK_IPV6_SECMARK_LABELING
3955         skp = smack_from_skb(skb);
3956         if (skp == NULL) {
3957             if (smk_ipv6_localhost(&sadd))
3958                 break;
3959             skp = smack_ipv6host_label(&sadd);
3960             if (skp == NULL)
3961                 skp = smack_net_ambient;
3962         }
3963 #ifdef CONFIG_AUDIT
3964         smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3965         ad.a.u.net->family = family;
3966         ad.a.u.net->netif = skb->skb_iif;
3967         ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3968 #endif /* CONFIG_AUDIT */
3969         rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3970         rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3971                     MAY_WRITE, rc);
3972 #endif /* SMACK_IPV6_SECMARK_LABELING */
3973 #ifdef SMACK_IPV6_PORT_LABELING
3974         rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3975 #endif /* SMACK_IPV6_PORT_LABELING */
3976         if (rc != 0)
3977             icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3978                     ICMPV6_ADM_PROHIBITED, 0);
3979         break;
3980 #endif /* CONFIG_IPV6 */
3981     }
3982
3983     return rc;
3984 }
3985
3986 /**
3987  * smack_socket_getpeersec_stream - pull in packet label
3988  * @sock: the socket
3989  * @optval: user's destination
3990  * @optlen: size thereof
3991  * @len: max thereof
3992  *
3993  * returns zero on success, an error code otherwise
3994  */
3995 static int smack_socket_getpeersec_stream(struct socket *sock,
3996                       char __user *optval,
3997                       int __user *optlen, unsigned len)
3998 {
3999     struct socket_smack *ssp;
4000     char *rcp = "";
4001     int slen = 1;
4002     int rc = 0;
4003
4004     ssp = sock->sk->sk_security;
4005     if (ssp->smk_packet != NULL) {
4006         rcp = ssp->smk_packet->smk_known;
4007         slen = strlen(rcp) + 1;
4008     }
4009
4010     if (slen > len)
4011         rc = -ERANGE;
4012     else if (copy_to_user(optval, rcp, slen) != 0)
4013         rc = -EFAULT;
4014
4015     if (put_user(slen, optlen) != 0)
4016         rc = -EFAULT;
4017
4018     return rc;
4019 }
4020
4021
4022 /**
4023  * smack_socket_getpeersec_dgram - pull in packet label
4024  * @sock: the peer socket
4025  * @skb: packet data
4026  * @secid: pointer to where to put the secid of the packet
4027  *
4028  * Sets the netlabel socket state on sk from parent
4029  */
4030 static int smack_socket_getpeersec_dgram(struct socket *sock,
4031                      struct sk_buff *skb, u32 *secid)
4032
4033 {
4034     struct socket_smack *ssp = NULL;
4035     struct smack_known *skp;
4036     struct sock *sk = NULL;
4037     int family = PF_UNSPEC;
4038     u32 s = 0;  /* 0 is the invalid secid */
4039
4040     if (skb != NULL) {
4041         if (skb->protocol == htons(ETH_P_IP))
4042             family = PF_INET;
4043 #if IS_ENABLED(CONFIG_IPV6)
4044         else if (skb->protocol == htons(ETH_P_IPV6))
4045             family = PF_INET6;
4046 #endif /* CONFIG_IPV6 */
4047     }
4048     if (family == PF_UNSPEC && sock != NULL)
4049         family = sock->sk->sk_family;
4050
4051     switch (family) {
4052     case PF_UNIX:
4053         ssp = sock->sk->sk_security;
4054         s = ssp->smk_out->smk_secid;
4055         break;
4056     case PF_INET:
4057         skp = smack_from_skb(skb);
4058         if (skp) {
4059             s = skp->smk_secid;
4060             break;
4061         }
4062         /*
4063          * Translate what netlabel gave us.
4064          */
4065         if (sock != NULL)
4066             sk = sock->sk;
4067         skp = smack_from_netlbl(sk, family, skb);
4068         if (skp != NULL)
4069             s = skp->smk_secid;
4070         break;
4071     case PF_INET6:
4072 #ifdef SMACK_IPV6_SECMARK_LABELING
4073         skp = smack_from_skb(skb);
4074         if (skp)
4075             s = skp->smk_secid;
4076 #endif
4077         break;
4078     }
4079     *secid = s;
4080     if (s == 0)
4081         return -EINVAL;
4082     return 0;
4083 }
4084
4085 /**
4086  * smack_sock_graft - Initialize a newly created socket with an existing sock
4087  * @sk: child sock
4088  * @parent: parent socket
4089  *
4090  * Set the smk_{in,out} state of an existing sock based on the process that
4091  * is creating the new socket.
4092  */
4093 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4094 {
4095     struct socket_smack *ssp;
4096     struct smack_known *skp = smk_of_current();
4097
4098     if (sk == NULL ||
4099         (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4100         return;
4101
4102     ssp = sk->sk_security;
4103     ssp->smk_in = skp;
4104     ssp->smk_out = skp;
4105     /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4106 }
4107
4108 /**
4109  * smack_inet_conn_request - Smack access check on connect
4110  * @sk: socket involved
4111  * @skb: packet
4112  * @req: unused
4113  *
4114  * Returns 0 if a task with the packet label could write to
4115  * the socket, otherwise an error code
4116  */
4117 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4118                    struct request_sock *req)
4119 {
4120     u16 family = sk->sk_family;
4121     struct smack_known *skp;
4122     struct socket_smack *ssp = sk->sk_security;
4123     struct sockaddr_in addr;
4124     struct iphdr *hdr;
4125     struct smack_known *hskp;
4126     int rc;
4127     struct smk_audit_info ad;
4128 #ifdef CONFIG_AUDIT
4129     struct lsm_network_audit net;
4130 #endif
4131
4132 #if IS_ENABLED(CONFIG_IPV6)
4133     if (family == PF_INET6) {
4134         /*
4135          * Handle mapped IPv4 packets arriving
4136          * via IPv6 sockets. Don't set up netlabel
4137          * processing on IPv6.
4138          */
4139         if (skb->protocol == htons(ETH_P_IP))
4140             family = PF_INET;
4141         else
4142             return 0;
4143     }
4144 #endif /* CONFIG_IPV6 */
4145
4146     /*
4147      * If there is a secmark use it rather than the CIPSO label.
4148      * If there is no secmark fall back to CIPSO.
4149      * The secmark is assumed to reflect policy better.
4150      */
4151     skp = smack_from_skb(skb);
4152     if (skp == NULL) {
4153         skp = smack_from_netlbl(sk, family, skb);
4154         if (skp == NULL)
4155             skp = &smack_known_huh;
4156     }
4157
4158 #ifdef CONFIG_AUDIT
4159     smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4160     ad.a.u.net->family = family;
4161     ad.a.u.net->netif = skb->skb_iif;
4162     ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4163 #endif
4164     /*
4165      * Receiving a packet requires that the other end be able to write
4166      * here. Read access is not required.
4167      */
4168     rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4169     rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4170     if (rc != 0)
4171         return rc;
4172
4173     /*
4174      * Save the peer's label in the request_sock so we can later setup
4175      * smk_packet in the child socket so that SO_PEERCRED can report it.
4176      */
4177     req->peer_secid = skp->smk_secid;
4178
4179     /*
4180      * We need to decide if we want to label the incoming connection here
4181      * if we do we only need to label the request_sock and the stack will
4182      * propagate the wire-label to the sock when it is created.
4183      */
4184     hdr = ip_hdr(skb);
4185     addr.sin_addr.s_addr = hdr->saddr;
4186     rcu_read_lock();
4187     hskp = smack_ipv4host_label(&addr);
4188     rcu_read_unlock();
4189
4190     if (hskp == NULL)
4191         rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4192     else
4193         netlbl_req_delattr(req);
4194
4195     return rc;
4196 }
4197
4198 /**
4199  * smack_inet_csk_clone - Copy the connection information to the new socket
4200  * @sk: the new socket
4201  * @req: the connection's request_sock
4202  *
4203  * Transfer the connection's peer label to the newly created socket.
4204  */
4205 static void smack_inet_csk_clone(struct sock *sk,
4206                  const struct request_sock *req)
4207 {
4208     struct socket_smack *ssp = sk->sk_security;
4209     struct smack_known *skp;
4210
4211     if (req->peer_secid != 0) {
4212         skp = smack_from_secid(req->peer_secid);
4213         ssp->smk_packet = skp;
4214     } else
4215         ssp->smk_packet = NULL;
4216 }
4217
4218 /*
4219  * Key management security hooks
4220  *
4221  * Casey has not tested key support very heavily.
4222  * The permission check is most likely too restrictive.
4223  * If you care about keys please have a look.
4224  */
4225 #ifdef CONFIG_KEYS
4226
4227 /**
4228  * smack_key_alloc - Set the key security blob
4229  * @key: object
4230  * @cred: the credentials to use
4231  * @flags: unused
4232  *
4233  * No allocation required
4234  *
4235  * Returns 0
4236  */
4237 static int smack_key_alloc(struct key *key, const struct cred *cred,
4238                unsigned long flags)
4239 {
4240     struct smack_known *skp = smk_of_task(smack_cred(cred));
4241
4242     key->security = skp;
4243     return 0;
4244 }
4245
4246 /**
4247  * smack_key_free - Clear the key security blob
4248  * @key: the object
4249  *
4250  * Clear the blob pointer
4251  */
4252 static void smack_key_free(struct key *key)
4253 {
4254     key->security = NULL;
4255 }
4256
4257 /**
4258  * smack_key_permission - Smack access on a key
4259  * @key_ref: gets to the object
4260  * @cred: the credentials to use
4261  * @need_perm: requested key permission
4262  *
4263  * Return 0 if the task has read and write to the object,
4264  * an error code otherwise
4265  */
4266 static int smack_key_permission(key_ref_t key_ref,
4267                 const struct cred *cred,
4268                 enum key_need_perm need_perm)
4269 {
4270     struct key *keyp;
4271     struct smk_audit_info ad;
4272     struct smack_known *tkp = smk_of_task(smack_cred(cred));
4273     int request = 0;
4274     int rc;
4275
4276     /*
4277      * Validate requested permissions
4278      */
4279     switch (need_perm) {
4280     case KEY_NEED_READ:
4281     case KEY_NEED_SEARCH:
4282     case KEY_NEED_VIEW:
4283         request |= MAY_READ;
4284         break;
4285     case KEY_NEED_WRITE:
4286     case KEY_NEED_LINK:
4287     case KEY_NEED_SETATTR:
4288         request |= MAY_WRITE;
4289         break;
4290     case KEY_NEED_UNSPECIFIED:
4291     case KEY_NEED_UNLINK:
4292     case KEY_SYSADMIN_OVERRIDE:
4293     case KEY_AUTHTOKEN_OVERRIDE:
4294     case KEY_DEFER_PERM_CHECK:
4295         return 0;
4296     default:
4297         return -EINVAL;
4298     }
4299
4300     keyp = key_ref_to_ptr(key_ref);
4301     if (keyp == NULL)
4302         return -EINVAL;
4303     /*
4304      * If the key hasn't been initialized give it access so that
4305      * it may do so.
4306      */
4307     if (keyp->security == NULL)
4308         return 0;
4309     /*
4310      * This should not occur
4311      */
4312     if (tkp == NULL)
4313         return -EACCES;
4314
4315     if (smack_privileged(CAP_MAC_OVERRIDE))
4316         return 0;
4317
4318 #ifdef CONFIG_AUDIT
4319     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4320     ad.a.u.key_struct.key = keyp->serial;
4321     ad.a.u.key_struct.key_desc = keyp->description;
4322 #endif
4323     rc = smk_access(tkp, keyp->security, request, &ad);
4324     rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4325     return rc;
4326 }
4327
4328 /*
4329  * smack_key_getsecurity - Smack label tagging the key
4330  * @key points to the key to be queried
4331  * @_buffer points to a pointer that should be set to point to the
4332  * resulting string (if no label or an error occurs).
4333  * Return the length of the string (including terminating NUL) or -ve if
4334  * an error.
4335  * May also return 0 (and a NULL buffer pointer) if there is no label.
4336  */
4337 static int smack_key_getsecurity(struct key *key, char **_buffer)
4338 {
4339     struct smack_known *skp = key->security;
4340     size_t length;
4341     char *copy;
4342
4343     if (key->security == NULL) {
4344         *_buffer = NULL;
4345         return 0;
4346     }
4347
4348     copy = kstrdup(skp->smk_known, GFP_KERNEL);
4349     if (copy == NULL)
4350         return -ENOMEM;
4351     length = strlen(copy) + 1;
4352
4353     *_buffer = copy;
4354     return length;
4355 }
4356
4357
4358 #ifdef CONFIG_KEY_NOTIFICATIONS
4359 /**
4360  * smack_watch_key - Smack access to watch a key for notifications.
4361  * @key: The key to be watched
4362  *
4363  * Return 0 if the @watch->cred has permission to read from the key object and
4364  * an error otherwise.
4365  */
4366 static int smack_watch_key(struct key *key)
4367 {
4368     struct smk_audit_info ad;
4369     struct smack_known *tkp = smk_of_current();
4370     int rc;
4371
4372     if (key == NULL)
4373         return -EINVAL;
4374     /*
4375      * If the key hasn't been initialized give it access so that
4376      * it may do so.
4377      */
4378     if (key->security == NULL)
4379         return 0;
4380     /*
4381      * This should not occur
4382      */
4383     if (tkp == NULL)
4384         return -EACCES;
4385
4386     if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4387         return 0;
4388
4389 #ifdef CONFIG_AUDIT
4390     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4391     ad.a.u.key_struct.key = key->serial;
4392     ad.a.u.key_struct.key_desc = key->description;
4393 #endif
4394     rc = smk_access(tkp, key->security, MAY_READ, &ad);
4395     rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4396     return rc;
4397 }
4398 #endif /* CONFIG_KEY_NOTIFICATIONS */
4399 #endif /* CONFIG_KEYS */
4400
4401 #ifdef CONFIG_WATCH_QUEUE
4402 /**
4403  * smack_post_notification - Smack access to post a notification to a queue
4404  * @w_cred: The credentials of the watcher.
4405  * @cred: The credentials of the event source (may be NULL).
4406  * @n: The notification message to be posted.
4407  */
4408 static int smack_post_notification(const struct cred *w_cred,
4409                    const struct cred *cred,
4410                    struct watch_notification *n)
4411 {
4412     struct smk_audit_info ad;
4413     struct smack_known *subj, *obj;
4414     int rc;
4415
4416     /* Always let maintenance notifications through. */
4417     if (n->type == WATCH_TYPE_META)
4418         return 0;
4419
4420     if (!cred)
4421         return 0;
4422     subj = smk_of_task(smack_cred(cred));
4423     obj = smk_of_task(smack_cred(w_cred));
4424
4425     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4426     rc = smk_access(subj, obj, MAY_WRITE, &ad);
4427     rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4428     return rc;
4429 }
4430 #endif /* CONFIG_WATCH_QUEUE */
4431
4432 /*
4433  * Smack Audit hooks
4434  *
4435  * Audit requires a unique representation of each Smack specific
4436  * rule. This unique representation is used to distinguish the
4437  * object to be audited from remaining kernel objects and also
4438  * works as a glue between the audit hooks.
4439  *
4440  * Since repository entries are added but never deleted, we'll use
4441  * the smack_known label address related to the given audit rule as
4442  * the needed unique representation. This also better fits the smack
4443  * model where nearly everything is a label.
4444  */
4445 #ifdef CONFIG_AUDIT
4446
4447 /**
4448  * smack_audit_rule_init - Initialize a smack audit rule
4449  * @field: audit rule fields given from user-space (audit.h)
4450  * @op: required testing operator (=, !=, >, <, ...)
4451  * @rulestr: smack label to be audited
4452  * @vrule: pointer to save our own audit rule representation
4453  *
4454  * Prepare to audit cases where (@field @op @rulestr) is true.
4455  * The label to be audited is created if necessay.
4456  */
4457 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4458 {
4459     struct smack_known *skp;
4460     char **rule = (char **)vrule;
4461     *rule = NULL;
4462
4463     if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4464         return -EINVAL;
4465
4466     if (op != Audit_equal && op != Audit_not_equal)
4467         return -EINVAL;
4468
4469     skp = smk_import_entry(rulestr, 0);
4470     if (IS_ERR(skp))
4471         return PTR_ERR(skp);
4472
4473     *rule = skp->smk_known;
4474
4475     return 0;
4476 }
4477
4478 /**
4479  * smack_audit_rule_known - Distinguish Smack audit rules
4480  * @krule: rule of interest, in Audit kernel representation format
4481  *
4482  * This is used to filter Smack rules from remaining Audit ones.
4483  * If it's proved that this rule belongs to us, the
4484  * audit_rule_match hook will be called to do the final judgement.
4485  */
4486 static int smack_audit_rule_known(struct audit_krule *krule)
4487 {
4488     struct audit_field *f;
4489     int i;
4490
4491     for (i = 0; i < krule->field_count; i++) {
4492         f = &krule->fields[i];
4493
4494         if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4495             return 1;
4496     }
4497
4498     return 0;
4499 }
4500
4501 /**
4502  * smack_audit_rule_match - Audit given object ?
4503  * @secid: security id for identifying the object to test
4504  * @field: audit rule flags given from user-space
4505  * @op: required testing operator
4506  * @vrule: smack internal rule presentation
4507  *
4508  * The core Audit hook. It's used to take the decision of
4509  * whether to audit or not to audit a given object.
4510  */
4511 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4512 {
4513     struct smack_known *skp;
4514     char *rule = vrule;
4515
4516     if (unlikely(!rule)) {
4517         WARN_ONCE(1, "Smack: missing rule\n");
4518         return -ENOENT;
4519     }
4520
4521     if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4522         return 0;
4523
4524     skp = smack_from_secid(secid);
4525
4526     /*
4527      * No need to do string comparisons. If a match occurs,
4528      * both pointers will point to the same smack_known
4529      * label.
4530      */
4531     if (op == Audit_equal)
4532         return (rule == skp->smk_known);
4533     if (op == Audit_not_equal)
4534         return (rule != skp->smk_known);
4535
4536     return 0;
4537 }
4538
4539 /*
4540  * There is no need for a smack_audit_rule_free hook.
4541  * No memory was allocated.
4542  */
4543
4544 #endif /* CONFIG_AUDIT */
4545
4546 /**
4547  * smack_ismaclabel - check if xattr @name references a smack MAC label
4548  * @name: Full xattr name to check.
4549  */
4550 static int smack_ismaclabel(const char *name)
4551 {
4552     return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4553 }
4554
4555
4556 /**
4557  * smack_secid_to_secctx - return the smack label for a secid
4558  * @secid: incoming integer
4559  * @secdata: destination
4560  * @seclen: how long it is
4561  *
4562  * Exists for networking code.
4563  */
4564 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4565 {
4566     struct smack_known *skp = smack_from_secid(secid);
4567
4568     if (secdata)
4569         *secdata = skp->smk_known;
4570     *seclen = strlen(skp->smk_known);
4571     return 0;
4572 }
4573
4574 /**
4575  * smack_secctx_to_secid - return the secid for a smack label
4576  * @secdata: smack label
4577  * @seclen: how long result is
4578  * @secid: outgoing integer
4579  *
4580  * Exists for audit and networking code.
4581  */
4582 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4583 {
4584     struct smack_known *skp = smk_find_entry(secdata);
4585
4586     if (skp)
4587         *secid = skp->smk_secid;
4588     else
4589         *secid = 0;
4590     return 0;
4591 }
4592
4593 /*
4594  * There used to be a smack_release_secctx hook
4595  * that did nothing back when hooks were in a vector.
4596  * Now that there's a list such a hook adds cost.
4597  */
4598
4599 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4600 {
4601     return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4602                        ctxlen, 0);
4603 }
4604
4605 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4606 {
4607     return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
4608                      ctx, ctxlen, 0);
4609 }
4610
4611 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4612 {
4613     struct smack_known *skp = smk_of_inode(inode);
4614
4615     *ctx = skp->smk_known;
4616     *ctxlen = strlen(skp->smk_known);
4617     return 0;
4618 }
4619
4620 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4621 {
4622
4623     struct task_smack *tsp;
4624     struct smack_known *skp;
4625     struct inode_smack *isp;
4626     struct cred *new_creds = *new;
4627
4628     if (new_creds == NULL) {
4629         new_creds = prepare_creds();
4630         if (new_creds == NULL)
4631             return -ENOMEM;
4632     }
4633
4634     tsp = smack_cred(new_creds);
4635
4636     /*
4637      * Get label from overlay inode and set it in create_sid
4638      */
4639     isp = smack_inode(d_inode(dentry));
4640     skp = isp->smk_inode;
4641     tsp->smk_task = skp;
4642     *new = new_creds;
4643     return 0;
4644 }
4645
4646 static int smack_inode_copy_up_xattr(const char *name)
4647 {
4648     /*
4649      * Return 1 if this is the smack access Smack attribute.
4650      */
4651     if (strcmp(name, XATTR_NAME_SMACK) == 0)
4652         return 1;
4653
4654     return -EOPNOTSUPP;
4655 }
4656
4657 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4658                     struct qstr *name,
4659                     const struct cred *old,
4660                     struct cred *new)
4661 {
4662     struct task_smack *otsp = smack_cred(old);
4663     struct task_smack *ntsp = smack_cred(new);
4664     struct inode_smack *isp;
4665     int may;
4666
4667     /*
4668      * Use the process credential unless all of
4669      * the transmuting criteria are met
4670      */
4671     ntsp->smk_task = otsp->smk_task;
4672
4673     /*
4674      * the attribute of the containing directory
4675      */
4676     isp = smack_inode(d_inode(dentry->d_parent));
4677
4678     if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4679         rcu_read_lock();
4680         may = smk_access_entry(otsp->smk_task->smk_known,
4681                        isp->smk_inode->smk_known,
4682                        &otsp->smk_task->smk_rules);
4683         rcu_read_unlock();
4684
4685         /*
4686          * If the directory is transmuting and the rule
4687          * providing access is transmuting use the containing
4688          * directory label instead of the process label.
4689          */
4690         if (may > 0 && (may & MAY_TRANSMUTE))
4691             ntsp->smk_task = isp->smk_inode;
4692     }
4693     return 0;
4694 }
4695
4696 #ifdef CONFIG_IO_URING
4697 /**
4698  * smack_uring_override_creds - Is io_uring cred override allowed?
4699  * @new: the target creds
4700  *
4701  * Check to see if the current task is allowed to override it's credentials
4702  * to service an io_uring operation.
4703  */
4704 static int smack_uring_override_creds(const struct cred *new)
4705 {
4706     struct task_smack *tsp = smack_cred(current_cred());
4707     struct task_smack *nsp = smack_cred(new);
4708
4709     /*
4710      * Allow the degenerate case where the new Smack value is
4711      * the same as the current Smack value.
4712      */
4713     if (tsp->smk_task == nsp->smk_task)
4714         return 0;
4715
4716     if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4717         return 0;
4718
4719     return -EPERM;
4720 }
4721
4722 /**
4723  * smack_uring_sqpoll - check if a io_uring polling thread can be created
4724  *
4725  * Check to see if the current task is allowed to create a new io_uring
4726  * kernel polling thread.
4727  */
4728 static int smack_uring_sqpoll(void)
4729 {
4730     if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4731         return 0;
4732
4733     return -EPERM;
4734 }
4735
4736 /**
4737  * smack_uring_cmd - check on file operations for io_uring
4738  * @ioucmd: the command in question
4739  *
4740  * Make a best guess about whether a io_uring "command" should
4741  * be allowed. Use the same logic used for determining if the
4742  * file could be opened for read in the absence of better criteria.
4743  */
4744 static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
4745 {
4746     struct file *file = ioucmd->file;
4747     struct smk_audit_info ad;
4748     struct task_smack *tsp;
4749     struct inode *inode;
4750     int rc;
4751
4752     if (!file)
4753         return -EINVAL;
4754
4755     tsp = smack_cred(file->f_cred);
4756     inode = file_inode(file);
4757
4758     smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
4759     smk_ad_setfield_u_fs_path(&ad, file->f_path);
4760     rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
4761     rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
4762
4763     return rc;
4764 }
4765
4766 #endif /* CONFIG_IO_URING */
4767
4768 struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4769     .lbs_cred = sizeof(struct task_smack),
4770     .lbs_file = sizeof(struct smack_known *),
4771     .lbs_inode = sizeof(struct inode_smack),
4772     .lbs_ipc = sizeof(struct smack_known *),
4773     .lbs_msg_msg = sizeof(struct smack_known *),
4774     .lbs_superblock = sizeof(struct superblock_smack),
4775 };
4776
4777 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4778     LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4779     LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4780     LSM_HOOK_INIT(syslog, smack_syslog),
4781
4782     LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4783     LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4784
4785     LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4786     LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4787     LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4788     LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4789     LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4790
4791     LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
4792
4793     LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4794     LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4795     LSM_HOOK_INIT(inode_link, smack_inode_link),
4796     LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4797     LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4798     LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4799     LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4800     LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4801     LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4802     LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4803     LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4804     LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4805     LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4806     LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4807     LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4808     LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4809     LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4810
4811     LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4812     LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4813     LSM_HOOK_INIT(file_lock, smack_file_lock),
4814     LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4815     LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4816     LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4817     LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4818     LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4819     LSM_HOOK_INIT(file_receive, smack_file_receive),
4820
4821     LSM_HOOK_INIT(file_open, smack_file_open),
4822
4823     LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4824     LSM_HOOK_INIT(cred_free, smack_cred_free),
4825     LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4826     LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4827     LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4828     LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4829     LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4830     LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4831     LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4832     LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4833     LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
4834     LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
4835     LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4836     LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4837     LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4838     LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4839     LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4840     LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4841     LSM_HOOK_INIT(task_kill, smack_task_kill),
4842     LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4843
4844     LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4845     LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4846
4847     LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4848
4849     LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4850     LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4851     LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4852     LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4853     LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4854
4855     LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4856     LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4857     LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4858     LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4859
4860     LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4861     LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4862     LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4863     LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4864
4865     LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4866
4867     LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4868     LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4869
4870     LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4871     LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4872
4873     LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4874     LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4875 #ifdef SMACK_IPV6_PORT_LABELING
4876     LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4877 #endif
4878     LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4879     LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4880     LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4881     LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4882     LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4883     LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4884     LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4885     LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4886     LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4887     LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4888
4889  /* key management security hooks */
4890 #ifdef CONFIG_KEYS
4891     LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4892     LSM_HOOK_INIT(key_free, smack_key_free),
4893     LSM_HOOK_INIT(key_permission, smack_key_permission),
4894     LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4895 #ifdef CONFIG_KEY_NOTIFICATIONS
4896     LSM_HOOK_INIT(watch_key, smack_watch_key),
4897 #endif
4898 #endif /* CONFIG_KEYS */
4899
4900 #ifdef CONFIG_WATCH_QUEUE
4901     LSM_HOOK_INIT(post_notification, smack_post_notification),
4902 #endif
4903
4904  /* Audit hooks */
4905 #ifdef CONFIG_AUDIT
4906     LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4907     LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4908     LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4909 #endif /* CONFIG_AUDIT */
4910
4911     LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4912     LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4913     LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4914     LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4915     LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4916     LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4917     LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4918     LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4919     LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
4920 #ifdef CONFIG_IO_URING
4921     LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
4922     LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
4923     LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
4924 #endif
4925 };
4926
4927
4928 static __init void init_smack_known_list(void)
4929 {
4930     /*
4931      * Initialize rule list locks
4932      */
4933     mutex_init(&smack_known_huh.smk_rules_lock);
4934     mutex_init(&smack_known_hat.smk_rules_lock);
4935     mutex_init(&smack_known_floor.smk_rules_lock);
4936     mutex_init(&smack_known_star.smk_rules_lock);
4937     mutex_init(&smack_known_web.smk_rules_lock);
4938     /*
4939      * Initialize rule lists
4940      */
4941     INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4942     INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4943     INIT_LIST_HEAD(&smack_known_star.smk_rules);
4944     INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4945     INIT_LIST_HEAD(&smack_known_web.smk_rules);
4946     /*
4947      * Create the known labels list
4948      */
4949     smk_insert_entry(&smack_known_huh);
4950     smk_insert_entry(&smack_known_hat);
4951     smk_insert_entry(&smack_known_star);
4952     smk_insert_entry(&smack_known_floor);
4953     smk_insert_entry(&smack_known_web);
4954 }
4955
4956 /**
4957  * smack_init - initialize the smack system
4958  *
4959  * Returns 0 on success, -ENOMEM is there's no memory
4960  */
4961 static __init int smack_init(void)
4962 {
4963     struct cred *cred = (struct cred *) current->cred;
4964     struct task_smack *tsp;
4965
4966     smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4967     if (!smack_rule_cache)
4968         return -ENOMEM;
4969
4970     /*
4971      * Set the security state for the initial task.
4972      */
4973     tsp = smack_cred(cred);
4974     init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4975
4976     /*
4977      * Register with LSM
4978      */
4979     security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4980     smack_enabled = 1;
4981
4982     pr_info("Smack:  Initializing.\n");
4983 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4984     pr_info("Smack:  Netfilter enabled.\n");
4985 #endif
4986 #ifdef SMACK_IPV6_PORT_LABELING
4987     pr_info("Smack:  IPv6 port labeling enabled.\n");
4988 #endif
4989 #ifdef SMACK_IPV6_SECMARK_LABELING
4990     pr_info("Smack:  IPv6 Netfilter enabled.\n");
4991 #endif
4992
4993     /* initialize the smack_known_list */
4994     init_smack_known_list();
4995
4996     return 0;
4997 }
4998
4999 /*
5000  * Smack requires early initialization in order to label
5001  * all processes and objects when they are created.
5002  */
5003 DEFINE_LSM(smack) = {
5004     .name = "smack",
5005     .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5006     .blobs = &smack_blob_sizes,
5007     .init = smack_init,
5008 };