security/smack/smack_lsm.c at 989a7241df87526bfef0396567e71ebe53a84ae4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / smack / smack_lsm.c
at 989a7241df87526bfef0396567e71ebe53a84ae4 2593 lines 59 kB view raw
wrap content
   1/*
   2 *  Simplified MAC Kernel (smack) security module
   3 *
   4 *  This file contains the smack hook function implementations.
   5 *
   6 *  Author:
   7 *	Casey Schaufler <casey@schaufler-ca.com>
   8 *
   9 *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  10 *
  11 *	This program is free software; you can redistribute it and/or modify
  12 *	it under the terms of the GNU General Public License version 2,
  13 *      as published by the Free Software Foundation.
  14 */
  15
  16#include <linux/xattr.h>
  17#include <linux/pagemap.h>
  18#include <linux/mount.h>
  19#include <linux/stat.h>
  20#include <linux/ext2_fs.h>
  21#include <linux/kd.h>
  22#include <asm/ioctls.h>
  23#include <linux/tcp.h>
  24#include <linux/udp.h>
  25#include <linux/mutex.h>
  26#include <linux/pipe_fs_i.h>
  27#include <net/netlabel.h>
  28#include <net/cipso_ipv4.h>
  29
  30#include "smack.h"
  31
  32/*
  33 * I hope these are the hokeyist lines of code in the module. Casey.
  34 */
  35#define DEVPTS_SUPER_MAGIC	0x1cd1
  36#define SOCKFS_MAGIC		0x534F434B
  37#define TMPFS_MAGIC		0x01021994
  38
  39/**
  40 * smk_fetch - Fetch the smack label from a file.
  41 * @ip: a pointer to the inode
  42 * @dp: a pointer to the dentry
  43 *
  44 * Returns a pointer to the master list entry for the Smack label
  45 * or NULL if there was no label to fetch.
  46 */
  47static char *smk_fetch(struct inode *ip, struct dentry *dp)
  48{
  49	int rc;
  50	char in[SMK_LABELLEN];
  51
  52	if (ip->i_op->getxattr == NULL)
  53		return NULL;
  54
  55	rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN);
  56	if (rc < 0)
  57		return NULL;
  58
  59	return smk_import(in, rc);
  60}
  61
  62/**
  63 * new_inode_smack - allocate an inode security blob
  64 * @smack: a pointer to the Smack label to use in the blob
  65 *
  66 * Returns the new blob or NULL if there's no memory available
  67 */
  68struct inode_smack *new_inode_smack(char *smack)
  69{
  70	struct inode_smack *isp;
  71
  72	isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
  73	if (isp == NULL)
  74		return NULL;
  75
  76	isp->smk_inode = smack;
  77	isp->smk_flags = 0;
  78	mutex_init(&isp->smk_lock);
  79
  80	return isp;
  81}
  82
  83/*
  84 * LSM hooks.
  85 * We he, that is fun!
  86 */
  87
  88/**
  89 * smack_ptrace - Smack approval on ptrace
  90 * @ptp: parent task pointer
  91 * @ctp: child task pointer
  92 *
  93 * Returns 0 if access is OK, an error code otherwise
  94 *
  95 * Do the capability checks, and require read and write.
  96 */
  97static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp)
  98{
  99	int rc;
 100
 101	rc = cap_ptrace(ptp, ctp);
 102	if (rc != 0)
 103		return rc;
 104
 105	rc = smk_access(ptp->security, ctp->security, MAY_READWRITE);
 106	if (rc != 0 && __capable(ptp, CAP_MAC_OVERRIDE))
 107		return 0;
 108
 109	return rc;
 110}
 111
 112/**
 113 * smack_syslog - Smack approval on syslog
 114 * @type: message type
 115 *
 116 * Require that the task has the floor label
 117 *
 118 * Returns 0 on success, error code otherwise.
 119 */
 120static int smack_syslog(int type)
 121{
 122	int rc;
 123	char *sp = current->security;
 124
 125	rc = cap_syslog(type);
 126	if (rc != 0)
 127		return rc;
 128
 129	if (capable(CAP_MAC_OVERRIDE))
 130		return 0;
 131
 132	 if (sp != smack_known_floor.smk_known)
 133		rc = -EACCES;
 134
 135	return rc;
 136}
 137
 138
 139/*
 140 * Superblock Hooks.
 141 */
 142
 143/**
 144 * smack_sb_alloc_security - allocate a superblock blob
 145 * @sb: the superblock getting the blob
 146 *
 147 * Returns 0 on success or -ENOMEM on error.
 148 */
 149static int smack_sb_alloc_security(struct super_block *sb)
 150{
 151	struct superblock_smack *sbsp;
 152
 153	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
 154
 155	if (sbsp == NULL)
 156		return -ENOMEM;
 157
 158	sbsp->smk_root = smack_known_floor.smk_known;
 159	sbsp->smk_default = smack_known_floor.smk_known;
 160	sbsp->smk_floor = smack_known_floor.smk_known;
 161	sbsp->smk_hat = smack_known_hat.smk_known;
 162	sbsp->smk_initialized = 0;
 163	spin_lock_init(&sbsp->smk_sblock);
 164
 165	sb->s_security = sbsp;
 166
 167	return 0;
 168}
 169
 170/**
 171 * smack_sb_free_security - free a superblock blob
 172 * @sb: the superblock getting the blob
 173 *
 174 */
 175static void smack_sb_free_security(struct super_block *sb)
 176{
 177	kfree(sb->s_security);
 178	sb->s_security = NULL;
 179}
 180
 181/**
 182 * smack_sb_copy_data - copy mount options data for processing
 183 * @type: file system type
 184 * @orig: where to start
 185 * @smackopts
 186 *
 187 * Returns 0 on success or -ENOMEM on error.
 188 *
 189 * Copy the Smack specific mount options out of the mount
 190 * options list.
 191 */
 192static int smack_sb_copy_data(char *orig, char *smackopts)
 193{
 194	char *cp, *commap, *otheropts, *dp;
 195
 196	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
 197	if (otheropts == NULL)
 198		return -ENOMEM;
 199
 200	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
 201		if (strstr(cp, SMK_FSDEFAULT) == cp)
 202			dp = smackopts;
 203		else if (strstr(cp, SMK_FSFLOOR) == cp)
 204			dp = smackopts;
 205		else if (strstr(cp, SMK_FSHAT) == cp)
 206			dp = smackopts;
 207		else if (strstr(cp, SMK_FSROOT) == cp)
 208			dp = smackopts;
 209		else
 210			dp = otheropts;
 211
 212		commap = strchr(cp, ',');
 213		if (commap != NULL)
 214			*commap = '\0';
 215
 216		if (*dp != '\0')
 217			strcat(dp, ",");
 218		strcat(dp, cp);
 219	}
 220
 221	strcpy(orig, otheropts);
 222	free_page((unsigned long)otheropts);
 223
 224	return 0;
 225}
 226
 227/**
 228 * smack_sb_kern_mount - Smack specific mount processing
 229 * @sb: the file system superblock
 230 * @data: the smack mount options
 231 *
 232 * Returns 0 on success, an error code on failure
 233 */
 234static int smack_sb_kern_mount(struct super_block *sb, void *data)
 235{
 236	struct dentry *root = sb->s_root;
 237	struct inode *inode = root->d_inode;
 238	struct superblock_smack *sp = sb->s_security;
 239	struct inode_smack *isp;
 240	char *op;
 241	char *commap;
 242	char *nsp;
 243
 244	spin_lock(&sp->smk_sblock);
 245	if (sp->smk_initialized != 0) {
 246		spin_unlock(&sp->smk_sblock);
 247		return 0;
 248	}
 249	sp->smk_initialized = 1;
 250	spin_unlock(&sp->smk_sblock);
 251
 252	for (op = data; op != NULL; op = commap) {
 253		commap = strchr(op, ',');
 254		if (commap != NULL)
 255			*commap++ = '\0';
 256
 257		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
 258			op += strlen(SMK_FSHAT);
 259			nsp = smk_import(op, 0);
 260			if (nsp != NULL)
 261				sp->smk_hat = nsp;
 262		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
 263			op += strlen(SMK_FSFLOOR);
 264			nsp = smk_import(op, 0);
 265			if (nsp != NULL)
 266				sp->smk_floor = nsp;
 267		} else if (strncmp(op, SMK_FSDEFAULT,
 268				   strlen(SMK_FSDEFAULT)) == 0) {
 269			op += strlen(SMK_FSDEFAULT);
 270			nsp = smk_import(op, 0);
 271			if (nsp != NULL)
 272				sp->smk_default = nsp;
 273		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
 274			op += strlen(SMK_FSROOT);
 275			nsp = smk_import(op, 0);
 276			if (nsp != NULL)
 277				sp->smk_root = nsp;
 278		}
 279	}
 280
 281	/*
 282	 * Initialize the root inode.
 283	 */
 284	isp = inode->i_security;
 285	if (isp == NULL)
 286		inode->i_security = new_inode_smack(sp->smk_root);
 287	else
 288		isp->smk_inode = sp->smk_root;
 289
 290	return 0;
 291}
 292
 293/**
 294 * smack_sb_statfs - Smack check on statfs
 295 * @dentry: identifies the file system in question
 296 *
 297 * Returns 0 if current can read the floor of the filesystem,
 298 * and error code otherwise
 299 */
 300static int smack_sb_statfs(struct dentry *dentry)
 301{
 302	struct superblock_smack *sbp = dentry->d_sb->s_security;
 303
 304	return smk_curacc(sbp->smk_floor, MAY_READ);
 305}
 306
 307/**
 308 * smack_sb_mount - Smack check for mounting
 309 * @dev_name: unused
 310 * @nd: mount point
 311 * @type: unused
 312 * @flags: unused
 313 * @data: unused
 314 *
 315 * Returns 0 if current can write the floor of the filesystem
 316 * being mounted on, an error code otherwise.
 317 */
 318static int smack_sb_mount(char *dev_name, struct nameidata *nd,
 319			  char *type, unsigned long flags, void *data)
 320{
 321	struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
 322
 323	return smk_curacc(sbp->smk_floor, MAY_WRITE);
 324}
 325
 326/**
 327 * smack_sb_umount - Smack check for unmounting
 328 * @mnt: file system to unmount
 329 * @flags: unused
 330 *
 331 * Returns 0 if current can write the floor of the filesystem
 332 * being unmounted, an error code otherwise.
 333 */
 334static int smack_sb_umount(struct vfsmount *mnt, int flags)
 335{
 336	struct superblock_smack *sbp;
 337
 338	sbp = mnt->mnt_sb->s_security;
 339
 340	return smk_curacc(sbp->smk_floor, MAY_WRITE);
 341}
 342
 343/*
 344 * Inode hooks
 345 */
 346
 347/**
 348 * smack_inode_alloc_security - allocate an inode blob
 349 * @inode - the inode in need of a blob
 350 *
 351 * Returns 0 if it gets a blob, -ENOMEM otherwise
 352 */
 353static int smack_inode_alloc_security(struct inode *inode)
 354{
 355	inode->i_security = new_inode_smack(current->security);
 356	if (inode->i_security == NULL)
 357		return -ENOMEM;
 358	return 0;
 359}
 360
 361/**
 362 * smack_inode_free_security - free an inode blob
 363 * @inode - the inode with a blob
 364 *
 365 * Clears the blob pointer in inode
 366 */
 367static void smack_inode_free_security(struct inode *inode)
 368{
 369	kfree(inode->i_security);
 370	inode->i_security = NULL;
 371}
 372
 373/**
 374 * smack_inode_init_security - copy out the smack from an inode
 375 * @inode: the inode
 376 * @dir: unused
 377 * @name: where to put the attribute name
 378 * @value: where to put the attribute value
 379 * @len: where to put the length of the attribute
 380 *
 381 * Returns 0 if it all works out, -ENOMEM if there's no memory
 382 */
 383static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 384				     char **name, void **value, size_t *len)
 385{
 386	char *isp = smk_of_inode(inode);
 387
 388	if (name) {
 389		*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
 390		if (*name == NULL)
 391			return -ENOMEM;
 392	}
 393
 394	if (value) {
 395		*value = kstrdup(isp, GFP_KERNEL);
 396		if (*value == NULL)
 397			return -ENOMEM;
 398	}
 399
 400	if (len)
 401		*len = strlen(isp) + 1;
 402
 403	return 0;
 404}
 405
 406/**
 407 * smack_inode_link - Smack check on link
 408 * @old_dentry: the existing object
 409 * @dir: unused
 410 * @new_dentry: the new object
 411 *
 412 * Returns 0 if access is permitted, an error code otherwise
 413 */
 414static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
 415			    struct dentry *new_dentry)
 416{
 417	int rc;
 418	char *isp;
 419
 420	isp = smk_of_inode(old_dentry->d_inode);
 421	rc = smk_curacc(isp, MAY_WRITE);
 422
 423	if (rc == 0 && new_dentry->d_inode != NULL) {
 424		isp = smk_of_inode(new_dentry->d_inode);
 425		rc = smk_curacc(isp, MAY_WRITE);
 426	}
 427
 428	return rc;
 429}
 430
 431/**
 432 * smack_inode_unlink - Smack check on inode deletion
 433 * @dir: containing directory object
 434 * @dentry: file to unlink
 435 *
 436 * Returns 0 if current can write the containing directory
 437 * and the object, error code otherwise
 438 */
 439static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
 440{
 441	struct inode *ip = dentry->d_inode;
 442	int rc;
 443
 444	/*
 445	 * You need write access to the thing you're unlinking
 446	 */
 447	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE);
 448	if (rc == 0)
 449		/*
 450		 * You also need write access to the containing directory
 451		 */
 452		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
 453
 454	return rc;
 455}
 456
 457/**
 458 * smack_inode_rmdir - Smack check on directory deletion
 459 * @dir: containing directory object
 460 * @dentry: directory to unlink
 461 *
 462 * Returns 0 if current can write the containing directory
 463 * and the directory, error code otherwise
 464 */
 465static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
 466{
 467	int rc;
 468
 469	/*
 470	 * You need write access to the thing you're removing
 471	 */
 472	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
 473	if (rc == 0)
 474		/*
 475		 * You also need write access to the containing directory
 476		 */
 477		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
 478
 479	return rc;
 480}
 481
 482/**
 483 * smack_inode_rename - Smack check on rename
 484 * @old_inode: the old directory
 485 * @old_dentry: unused
 486 * @new_inode: the new directory
 487 * @new_dentry: unused
 488 *
 489 * Read and write access is required on both the old and
 490 * new directories.
 491 *
 492 * Returns 0 if access is permitted, an error code otherwise
 493 */
 494static int smack_inode_rename(struct inode *old_inode,
 495			      struct dentry *old_dentry,
 496			      struct inode *new_inode,
 497			      struct dentry *new_dentry)
 498{
 499	int rc;
 500	char *isp;
 501
 502	isp = smk_of_inode(old_dentry->d_inode);
 503	rc = smk_curacc(isp, MAY_READWRITE);
 504
 505	if (rc == 0 && new_dentry->d_inode != NULL) {
 506		isp = smk_of_inode(new_dentry->d_inode);
 507		rc = smk_curacc(isp, MAY_READWRITE);
 508	}
 509
 510	return rc;
 511}
 512
 513/**
 514 * smack_inode_permission - Smack version of permission()
 515 * @inode: the inode in question
 516 * @mask: the access requested
 517 * @nd: unused
 518 *
 519 * This is the important Smack hook.
 520 *
 521 * Returns 0 if access is permitted, -EACCES otherwise
 522 */
 523static int smack_inode_permission(struct inode *inode, int mask,
 524				  struct nameidata *nd)
 525{
 526	/*
 527	 * No permission to check. Existence test. Yup, it's there.
 528	 */
 529	if (mask == 0)
 530		return 0;
 531
 532	return smk_curacc(smk_of_inode(inode), mask);
 533}
 534
 535/**
 536 * smack_inode_setattr - Smack check for setting attributes
 537 * @dentry: the object
 538 * @iattr: for the force flag
 539 *
 540 * Returns 0 if access is permitted, an error code otherwise
 541 */
 542static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 543{
 544	/*
 545	 * Need to allow for clearing the setuid bit.
 546	 */
 547	if (iattr->ia_valid & ATTR_FORCE)
 548		return 0;
 549
 550	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
 551}
 552
 553/**
 554 * smack_inode_getattr - Smack check for getting attributes
 555 * @mnt: unused
 556 * @dentry: the object
 557 *
 558 * Returns 0 if access is permitted, an error code otherwise
 559 */
 560static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 561{
 562	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
 563}
 564
 565/**
 566 * smack_inode_setxattr - Smack check for setting xattrs
 567 * @dentry: the object
 568 * @name: name of the attribute
 569 * @value: unused
 570 * @size: unused
 571 * @flags: unused
 572 *
 573 * This protects the Smack attribute explicitly.
 574 *
 575 * Returns 0 if access is permitted, an error code otherwise
 576 */
 577static int smack_inode_setxattr(struct dentry *dentry, char *name,
 578				void *value, size_t size, int flags)
 579{
 580	int rc = 0;
 581
 582	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 583	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 584	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
 585		if (!capable(CAP_MAC_ADMIN))
 586			rc = -EPERM;
 587	} else
 588		rc = cap_inode_setxattr(dentry, name, value, size, flags);
 589
 590	if (rc == 0)
 591		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
 592
 593	return rc;
 594}
 595
 596/**
 597 * smack_inode_post_setxattr - Apply the Smack update approved above
 598 * @dentry: object
 599 * @name: attribute name
 600 * @value: attribute value
 601 * @size: attribute size
 602 * @flags: unused
 603 *
 604 * Set the pointer in the inode blob to the entry found
 605 * in the master label list.
 606 */
 607static void smack_inode_post_setxattr(struct dentry *dentry, char *name,
 608				      void *value, size_t size, int flags)
 609{
 610	struct inode_smack *isp;
 611	char *nsp;
 612
 613	/*
 614	 * Not SMACK
 615	 */
 616	if (strcmp(name, XATTR_NAME_SMACK))
 617		return;
 618
 619	if (size >= SMK_LABELLEN)
 620		return;
 621
 622	isp = dentry->d_inode->i_security;
 623
 624	/*
 625	 * No locking is done here. This is a pointer
 626	 * assignment.
 627	 */
 628	nsp = smk_import(value, size);
 629	if (nsp != NULL)
 630		isp->smk_inode = nsp;
 631	else
 632		isp->smk_inode = smack_known_invalid.smk_known;
 633
 634	return;
 635}
 636
 637/*
 638 * smack_inode_getxattr - Smack check on getxattr
 639 * @dentry: the object
 640 * @name: unused
 641 *
 642 * Returns 0 if access is permitted, an error code otherwise
 643 */
 644static int smack_inode_getxattr(struct dentry *dentry, char *name)
 645{
 646	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
 647}
 648
 649/*
 650 * smack_inode_removexattr - Smack check on removexattr
 651 * @dentry: the object
 652 * @name: name of the attribute
 653 *
 654 * Removing the Smack attribute requires CAP_MAC_ADMIN
 655 *
 656 * Returns 0 if access is permitted, an error code otherwise
 657 */
 658static int smack_inode_removexattr(struct dentry *dentry, char *name)
 659{
 660	int rc = 0;
 661
 662	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 663	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 664	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
 665		if (!capable(CAP_MAC_ADMIN))
 666			rc = -EPERM;
 667	} else
 668		rc = cap_inode_removexattr(dentry, name);
 669
 670	if (rc == 0)
 671		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
 672
 673	return rc;
 674}
 675
 676/**
 677 * smack_inode_getsecurity - get smack xattrs
 678 * @inode: the object
 679 * @name: attribute name
 680 * @buffer: where to put the result
 681 * @size: size of the buffer
 682 * @err: unused
 683 *
 684 * Returns the size of the attribute or an error code
 685 */
 686static int smack_inode_getsecurity(const struct inode *inode,
 687				   const char *name, void **buffer,
 688				   bool alloc)
 689{
 690	struct socket_smack *ssp;
 691	struct socket *sock;
 692	struct super_block *sbp;
 693	struct inode *ip = (struct inode *)inode;
 694	char *isp;
 695	int ilen;
 696	int rc = 0;
 697
 698	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
 699		isp = smk_of_inode(inode);
 700		ilen = strlen(isp) + 1;
 701		*buffer = isp;
 702		return ilen;
 703	}
 704
 705	/*
 706	 * The rest of the Smack xattrs are only on sockets.
 707	 */
 708	sbp = ip->i_sb;
 709	if (sbp->s_magic != SOCKFS_MAGIC)
 710		return -EOPNOTSUPP;
 711
 712	sock = SOCKET_I(ip);
 713	if (sock == NULL || sock->sk == NULL)
 714		return -EOPNOTSUPP;
 715
 716	ssp = sock->sk->sk_security;
 717
 718	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
 719		isp = ssp->smk_in;
 720	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
 721		isp = ssp->smk_out;
 722	else
 723		return -EOPNOTSUPP;
 724
 725	ilen = strlen(isp) + 1;
 726	if (rc == 0) {
 727		*buffer = isp;
 728		rc = ilen;
 729	}
 730
 731	return rc;
 732}
 733
 734
 735/**
 736 * smack_inode_listsecurity - list the Smack attributes
 737 * @inode: the object
 738 * @buffer: where they go
 739 * @buffer_size: size of buffer
 740 *
 741 * Returns 0 on success, -EINVAL otherwise
 742 */
 743static int smack_inode_listsecurity(struct inode *inode, char *buffer,
 744				    size_t buffer_size)
 745{
 746	int len = strlen(XATTR_NAME_SMACK);
 747
 748	if (buffer != NULL && len <= buffer_size) {
 749		memcpy(buffer, XATTR_NAME_SMACK, len);
 750		return len;
 751	}
 752	return -EINVAL;
 753}
 754
 755/*
 756 * File Hooks
 757 */
 758
 759/**
 760 * smack_file_permission - Smack check on file operations
 761 * @file: unused
 762 * @mask: unused
 763 *
 764 * Returns 0
 765 *
 766 * Should access checks be done on each read or write?
 767 * UNICOS and SELinux say yes.
 768 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
 769 *
 770 * I'll say no for now. Smack does not do the frequent
 771 * label changing that SELinux does.
 772 */
 773static int smack_file_permission(struct file *file, int mask)
 774{
 775	return 0;
 776}
 777
 778/**
 779 * smack_file_alloc_security - assign a file security blob
 780 * @file: the object
 781 *
 782 * The security blob for a file is a pointer to the master
 783 * label list, so no allocation is done.
 784 *
 785 * Returns 0
 786 */
 787static int smack_file_alloc_security(struct file *file)
 788{
 789	file->f_security = current->security;
 790	return 0;
 791}
 792
 793/**
 794 * smack_file_free_security - clear a file security blob
 795 * @file: the object
 796 *
 797 * The security blob for a file is a pointer to the master
 798 * label list, so no memory is freed.
 799 */
 800static void smack_file_free_security(struct file *file)
 801{
 802	file->f_security = NULL;
 803}
 804
 805/**
 806 * smack_file_ioctl - Smack check on ioctls
 807 * @file: the object
 808 * @cmd: what to do
 809 * @arg: unused
 810 *
 811 * Relies heavily on the correct use of the ioctl command conventions.
 812 *
 813 * Returns 0 if allowed, error code otherwise
 814 */
 815static int smack_file_ioctl(struct file *file, unsigned int cmd,
 816			    unsigned long arg)
 817{
 818	int rc = 0;
 819
 820	if (_IOC_DIR(cmd) & _IOC_WRITE)
 821		rc = smk_curacc(file->f_security, MAY_WRITE);
 822
 823	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
 824		rc = smk_curacc(file->f_security, MAY_READ);
 825
 826	return rc;
 827}
 828
 829/**
 830 * smack_file_lock - Smack check on file locking
 831 * @file: the object
 832 * @cmd unused
 833 *
 834 * Returns 0 if current has write access, error code otherwise
 835 */
 836static int smack_file_lock(struct file *file, unsigned int cmd)
 837{
 838	return smk_curacc(file->f_security, MAY_WRITE);
 839}
 840
 841/**
 842 * smack_file_fcntl - Smack check on fcntl
 843 * @file: the object
 844 * @cmd: what action to check
 845 * @arg: unused
 846 *
 847 * Returns 0 if current has access, error code otherwise
 848 */
 849static int smack_file_fcntl(struct file *file, unsigned int cmd,
 850			    unsigned long arg)
 851{
 852	int rc;
 853
 854	switch (cmd) {
 855	case F_DUPFD:
 856	case F_GETFD:
 857	case F_GETFL:
 858	case F_GETLK:
 859	case F_GETOWN:
 860	case F_GETSIG:
 861		rc = smk_curacc(file->f_security, MAY_READ);
 862		break;
 863	case F_SETFD:
 864	case F_SETFL:
 865	case F_SETLK:
 866	case F_SETLKW:
 867	case F_SETOWN:
 868	case F_SETSIG:
 869		rc = smk_curacc(file->f_security, MAY_WRITE);
 870		break;
 871	default:
 872		rc = smk_curacc(file->f_security, MAY_READWRITE);
 873	}
 874
 875	return rc;
 876}
 877
 878/**
 879 * smack_file_set_fowner - set the file security blob value
 880 * @file: object in question
 881 *
 882 * Returns 0
 883 * Further research may be required on this one.
 884 */
 885static int smack_file_set_fowner(struct file *file)
 886{
 887	file->f_security = current->security;
 888	return 0;
 889}
 890
 891/**
 892 * smack_file_send_sigiotask - Smack on sigio
 893 * @tsk: The target task
 894 * @fown: the object the signal come from
 895 * @signum: unused
 896 *
 897 * Allow a privileged task to get signals even if it shouldn't
 898 *
 899 * Returns 0 if a subject with the object's smack could
 900 * write to the task, an error code otherwise.
 901 */
 902static int smack_file_send_sigiotask(struct task_struct *tsk,
 903				     struct fown_struct *fown, int signum)
 904{
 905	struct file *file;
 906	int rc;
 907
 908	/*
 909	 * struct fown_struct is never outside the context of a struct file
 910	 */
 911	file = container_of(fown, struct file, f_owner);
 912	rc = smk_access(file->f_security, tsk->security, MAY_WRITE);
 913	if (rc != 0 && __capable(tsk, CAP_MAC_OVERRIDE))
 914		return 0;
 915	return rc;
 916}
 917
 918/**
 919 * smack_file_receive - Smack file receive check
 920 * @file: the object
 921 *
 922 * Returns 0 if current has access, error code otherwise
 923 */
 924static int smack_file_receive(struct file *file)
 925{
 926	int may = 0;
 927
 928	/*
 929	 * This code relies on bitmasks.
 930	 */
 931	if (file->f_mode & FMODE_READ)
 932		may = MAY_READ;
 933	if (file->f_mode & FMODE_WRITE)
 934		may |= MAY_WRITE;
 935
 936	return smk_curacc(file->f_security, may);
 937}
 938
 939/*
 940 * Task hooks
 941 */
 942
 943/**
 944 * smack_task_alloc_security - "allocate" a task blob
 945 * @tsk: the task in need of a blob
 946 *
 947 * Smack isn't using copies of blobs. Everyone
 948 * points to an immutable list. No alloc required.
 949 * No data copy required.
 950 *
 951 * Always returns 0
 952 */
 953static int smack_task_alloc_security(struct task_struct *tsk)
 954{
 955	tsk->security = current->security;
 956
 957	return 0;
 958}
 959
 960/**
 961 * smack_task_free_security - "free" a task blob
 962 * @task: the task with the blob
 963 *
 964 * Smack isn't using copies of blobs. Everyone
 965 * points to an immutable list. The blobs never go away.
 966 * There is no leak here.
 967 */
 968static void smack_task_free_security(struct task_struct *task)
 969{
 970	task->security = NULL;
 971}
 972
 973/**
 974 * smack_task_setpgid - Smack check on setting pgid
 975 * @p: the task object
 976 * @pgid: unused
 977 *
 978 * Return 0 if write access is permitted
 979 */
 980static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
 981{
 982	return smk_curacc(p->security, MAY_WRITE);
 983}
 984
 985/**
 986 * smack_task_getpgid - Smack access check for getpgid
 987 * @p: the object task
 988 *
 989 * Returns 0 if current can read the object task, error code otherwise
 990 */
 991static int smack_task_getpgid(struct task_struct *p)
 992{
 993	return smk_curacc(p->security, MAY_READ);
 994}
 995
 996/**
 997 * smack_task_getsid - Smack access check for getsid
 998 * @p: the object task
 999 *
1000 * Returns 0 if current can read the object task, error code otherwise
1001 */
1002static int smack_task_getsid(struct task_struct *p)
1003{
1004	return smk_curacc(p->security, MAY_READ);
1005}
1006
1007/**
1008 * smack_task_getsecid - get the secid of the task
1009 * @p: the object task
1010 * @secid: where to put the result
1011 *
1012 * Sets the secid to contain a u32 version of the smack label.
1013 */
1014static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1015{
1016	*secid = smack_to_secid(p->security);
1017}
1018
1019/**
1020 * smack_task_setnice - Smack check on setting nice
1021 * @p: the task object
1022 * @nice: unused
1023 *
1024 * Return 0 if write access is permitted
1025 */
1026static int smack_task_setnice(struct task_struct *p, int nice)
1027{
1028	int rc;
1029
1030	rc = cap_task_setnice(p, nice);
1031	if (rc == 0)
1032		rc = smk_curacc(p->security, MAY_WRITE);
1033	return rc;
1034}
1035
1036/**
1037 * smack_task_setioprio - Smack check on setting ioprio
1038 * @p: the task object
1039 * @ioprio: unused
1040 *
1041 * Return 0 if write access is permitted
1042 */
1043static int smack_task_setioprio(struct task_struct *p, int ioprio)
1044{
1045	int rc;
1046
1047	rc = cap_task_setioprio(p, ioprio);
1048	if (rc == 0)
1049		rc = smk_curacc(p->security, MAY_WRITE);
1050	return rc;
1051}
1052
1053/**
1054 * smack_task_getioprio - Smack check on reading ioprio
1055 * @p: the task object
1056 *
1057 * Return 0 if read access is permitted
1058 */
1059static int smack_task_getioprio(struct task_struct *p)
1060{
1061	return smk_curacc(p->security, MAY_READ);
1062}
1063
1064/**
1065 * smack_task_setscheduler - Smack check on setting scheduler
1066 * @p: the task object
1067 * @policy: unused
1068 * @lp: unused
1069 *
1070 * Return 0 if read access is permitted
1071 */
1072static int smack_task_setscheduler(struct task_struct *p, int policy,
1073				   struct sched_param *lp)
1074{
1075	int rc;
1076
1077	rc = cap_task_setscheduler(p, policy, lp);
1078	if (rc == 0)
1079		rc = smk_curacc(p->security, MAY_WRITE);
1080	return rc;
1081}
1082
1083/**
1084 * smack_task_getscheduler - Smack check on reading scheduler
1085 * @p: the task object
1086 *
1087 * Return 0 if read access is permitted
1088 */
1089static int smack_task_getscheduler(struct task_struct *p)
1090{
1091	return smk_curacc(p->security, MAY_READ);
1092}
1093
1094/**
1095 * smack_task_movememory - Smack check on moving memory
1096 * @p: the task object
1097 *
1098 * Return 0 if write access is permitted
1099 */
1100static int smack_task_movememory(struct task_struct *p)
1101{
1102	return smk_curacc(p->security, MAY_WRITE);
1103}
1104
1105/**
1106 * smack_task_kill - Smack check on signal delivery
1107 * @p: the task object
1108 * @info: unused
1109 * @sig: unused
1110 * @secid: identifies the smack to use in lieu of current's
1111 *
1112 * Return 0 if write access is permitted
1113 *
1114 * The secid behavior is an artifact of an SELinux hack
1115 * in the USB code. Someday it may go away.
1116 */
1117static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1118			   int sig, u32 secid)
1119{
1120	int rc;
1121
1122	rc = cap_task_kill(p, info, sig, secid);
1123	if (rc != 0)
1124		return rc;
1125	/*
1126	 * Special cases where signals really ought to go through
1127	 * in spite of policy. Stephen Smalley suggests it may
1128	 * make sense to change the caller so that it doesn't
1129	 * bother with the LSM hook in these cases.
1130	 */
1131	if (info != SEND_SIG_NOINFO &&
1132	    (is_si_special(info) || SI_FROMKERNEL(info)))
1133		return 0;
1134	/*
1135	 * Sending a signal requires that the sender
1136	 * can write the receiver.
1137	 */
1138	if (secid == 0)
1139		return smk_curacc(p->security, MAY_WRITE);
1140	/*
1141	 * If the secid isn't 0 we're dealing with some USB IO
1142	 * specific behavior. This is not clean. For one thing
1143	 * we can't take privilege into account.
1144	 */
1145	return smk_access(smack_from_secid(secid), p->security, MAY_WRITE);
1146}
1147
1148/**
1149 * smack_task_wait - Smack access check for waiting
1150 * @p: task to wait for
1151 *
1152 * Returns 0 if current can wait for p, error code otherwise
1153 */
1154static int smack_task_wait(struct task_struct *p)
1155{
1156	int rc;
1157
1158	rc = smk_access(current->security, p->security, MAY_WRITE);
1159	if (rc == 0)
1160		return 0;
1161
1162	/*
1163	 * Allow the operation to succeed if either task
1164	 * has privilege to perform operations that might
1165	 * account for the smack labels having gotten to
1166	 * be different in the first place.
1167	 *
1168	 * This breaks the strict subjet/object access
1169	 * control ideal, taking the object's privilege
1170	 * state into account in the decision as well as
1171	 * the smack value.
1172	 */
1173	if (capable(CAP_MAC_OVERRIDE) || __capable(p, CAP_MAC_OVERRIDE))
1174		return 0;
1175
1176	return rc;
1177}
1178
1179/**
1180 * smack_task_to_inode - copy task smack into the inode blob
1181 * @p: task to copy from
1182 * inode: inode to copy to
1183 *
1184 * Sets the smack pointer in the inode security blob
1185 */
1186static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1187{
1188	struct inode_smack *isp = inode->i_security;
1189	isp->smk_inode = p->security;
1190}
1191
1192/*
1193 * Socket hooks.
1194 */
1195
1196/**
1197 * smack_sk_alloc_security - Allocate a socket blob
1198 * @sk: the socket
1199 * @family: unused
1200 * @priority: memory allocation priority
1201 *
1202 * Assign Smack pointers to current
1203 *
1204 * Returns 0 on success, -ENOMEM is there's no memory
1205 */
1206static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1207{
1208	char *csp = current->security;
1209	struct socket_smack *ssp;
1210
1211	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1212	if (ssp == NULL)
1213		return -ENOMEM;
1214
1215	ssp->smk_in = csp;
1216	ssp->smk_out = csp;
1217	ssp->smk_packet[0] = '\0';
1218
1219	sk->sk_security = ssp;
1220
1221	return 0;
1222}
1223
1224/**
1225 * smack_sk_free_security - Free a socket blob
1226 * @sk: the socket
1227 *
1228 * Clears the blob pointer
1229 */
1230static void smack_sk_free_security(struct sock *sk)
1231{
1232	kfree(sk->sk_security);
1233}
1234
1235/**
1236 * smack_set_catset - convert a capset to netlabel mls categories
1237 * @catset: the Smack categories
1238 * @sap: where to put the netlabel categories
1239 *
1240 * Allocates and fills attr.mls.cat
1241 */
1242static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1243{
1244	unsigned char *cp;
1245	unsigned char m;
1246	int cat;
1247	int rc;
1248	int byte;
1249
1250	if (catset == 0)
1251		return;
1252
1253	sap->flags |= NETLBL_SECATTR_MLS_CAT;
1254	sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1255	sap->attr.mls.cat->startbit = 0;
1256
1257	for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1258		for (m = 0x80; m != 0; m >>= 1, cat++) {
1259			if ((m & *cp) == 0)
1260				continue;
1261			rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1262							  cat, GFP_ATOMIC);
1263		}
1264}
1265
1266/**
1267 * smack_to_secattr - fill a secattr from a smack value
1268 * @smack: the smack value
1269 * @nlsp: where the result goes
1270 *
1271 * Casey says that CIPSO is good enough for now.
1272 * It can be used to effect.
1273 * It can also be abused to effect when necessary.
1274 * Appologies to the TSIG group in general and GW in particular.
1275 */
1276static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1277{
1278	struct smack_cipso cipso;
1279	int rc;
1280
1281	switch (smack_net_nltype) {
1282	case NETLBL_NLTYPE_CIPSOV4:
1283		nlsp->domain = kstrdup(smack, GFP_ATOMIC);
1284		nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
1285
1286		rc = smack_to_cipso(smack, &cipso);
1287		if (rc == 0) {
1288			nlsp->attr.mls.lvl = cipso.smk_level;
1289			smack_set_catset(cipso.smk_catset, nlsp);
1290		} else {
1291			nlsp->attr.mls.lvl = smack_cipso_direct;
1292			smack_set_catset(smack, nlsp);
1293		}
1294		break;
1295	default:
1296		break;
1297	}
1298}
1299
1300/**
1301 * smack_netlabel - Set the secattr on a socket
1302 * @sk: the socket
1303 *
1304 * Convert the outbound smack value (smk_out) to a
1305 * secattr and attach it to the socket.
1306 *
1307 * Returns 0 on success or an error code
1308 */
1309static int smack_netlabel(struct sock *sk)
1310{
1311	struct socket_smack *ssp;
1312	struct netlbl_lsm_secattr secattr;
1313	int rc;
1314
1315	ssp = sk->sk_security;
1316	netlbl_secattr_init(&secattr);
1317	smack_to_secattr(ssp->smk_out, &secattr);
1318	rc = netlbl_sock_setattr(sk, &secattr);
1319	netlbl_secattr_destroy(&secattr);
1320
1321	return rc;
1322}
1323
1324/**
1325 * smack_inode_setsecurity - set smack xattrs
1326 * @inode: the object
1327 * @name: attribute name
1328 * @value: attribute value
1329 * @size: size of the attribute
1330 * @flags: unused
1331 *
1332 * Sets the named attribute in the appropriate blob
1333 *
1334 * Returns 0 on success, or an error code
1335 */
1336static int smack_inode_setsecurity(struct inode *inode, const char *name,
1337				   const void *value, size_t size, int flags)
1338{
1339	char *sp;
1340	struct inode_smack *nsp = inode->i_security;
1341	struct socket_smack *ssp;
1342	struct socket *sock;
1343	int rc = 0;
1344
1345	if (value == NULL || size > SMK_LABELLEN)
1346		return -EACCES;
1347
1348	sp = smk_import(value, size);
1349	if (sp == NULL)
1350		return -EINVAL;
1351
1352	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1353		nsp->smk_inode = sp;
1354		return 0;
1355	}
1356	/*
1357	 * The rest of the Smack xattrs are only on sockets.
1358	 */
1359	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1360		return -EOPNOTSUPP;
1361
1362	sock = SOCKET_I(inode);
1363	if (sock == NULL || sock->sk == NULL)
1364		return -EOPNOTSUPP;
1365
1366	ssp = sock->sk->sk_security;
1367
1368	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1369		ssp->smk_in = sp;
1370	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1371		ssp->smk_out = sp;
1372		rc = smack_netlabel(sock->sk);
1373		if (rc != 0)
1374			printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
1375			       __func__, -rc);
1376	} else
1377		return -EOPNOTSUPP;
1378
1379	return 0;
1380}
1381
1382/**
1383 * smack_socket_post_create - finish socket setup
1384 * @sock: the socket
1385 * @family: protocol family
1386 * @type: unused
1387 * @protocol: unused
1388 * @kern: unused
1389 *
1390 * Sets the netlabel information on the socket
1391 *
1392 * Returns 0 on success, and error code otherwise
1393 */
1394static int smack_socket_post_create(struct socket *sock, int family,
1395				    int type, int protocol, int kern)
1396{
1397	if (family != PF_INET || sock->sk == NULL)
1398		return 0;
1399	/*
1400	 * Set the outbound netlbl.
1401	 */
1402	return smack_netlabel(sock->sk);
1403}
1404
1405/**
1406 * smack_flags_to_may - convert S_ to MAY_ values
1407 * @flags: the S_ value
1408 *
1409 * Returns the equivalent MAY_ value
1410 */
1411static int smack_flags_to_may(int flags)
1412{
1413	int may = 0;
1414
1415	if (flags & S_IRUGO)
1416		may |= MAY_READ;
1417	if (flags & S_IWUGO)
1418		may |= MAY_WRITE;
1419	if (flags & S_IXUGO)
1420		may |= MAY_EXEC;
1421
1422	return may;
1423}
1424
1425/**
1426 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
1427 * @msg: the object
1428 *
1429 * Returns 0
1430 */
1431static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1432{
1433	msg->security = current->security;
1434	return 0;
1435}
1436
1437/**
1438 * smack_msg_msg_free_security - Clear the security blob for msg_msg
1439 * @msg: the object
1440 *
1441 * Clears the blob pointer
1442 */
1443static void smack_msg_msg_free_security(struct msg_msg *msg)
1444{
1445	msg->security = NULL;
1446}
1447
1448/**
1449 * smack_of_shm - the smack pointer for the shm
1450 * @shp: the object
1451 *
1452 * Returns a pointer to the smack value
1453 */
1454static char *smack_of_shm(struct shmid_kernel *shp)
1455{
1456	return (char *)shp->shm_perm.security;
1457}
1458
1459/**
1460 * smack_shm_alloc_security - Set the security blob for shm
1461 * @shp: the object
1462 *
1463 * Returns 0
1464 */
1465static int smack_shm_alloc_security(struct shmid_kernel *shp)
1466{
1467	struct kern_ipc_perm *isp = &shp->shm_perm;
1468
1469	isp->security = current->security;
1470	return 0;
1471}
1472
1473/**
1474 * smack_shm_free_security - Clear the security blob for shm
1475 * @shp: the object
1476 *
1477 * Clears the blob pointer
1478 */
1479static void smack_shm_free_security(struct shmid_kernel *shp)
1480{
1481	struct kern_ipc_perm *isp = &shp->shm_perm;
1482
1483	isp->security = NULL;
1484}
1485
1486/**
1487 * smack_shm_associate - Smack access check for shm
1488 * @shp: the object
1489 * @shmflg: access requested
1490 *
1491 * Returns 0 if current has the requested access, error code otherwise
1492 */
1493static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1494{
1495	char *ssp = smack_of_shm(shp);
1496	int may;
1497
1498	may = smack_flags_to_may(shmflg);
1499	return smk_curacc(ssp, may);
1500}
1501
1502/**
1503 * smack_shm_shmctl - Smack access check for shm
1504 * @shp: the object
1505 * @cmd: what it wants to do
1506 *
1507 * Returns 0 if current has the requested access, error code otherwise
1508 */
1509static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1510{
1511	char *ssp = smack_of_shm(shp);
1512	int may;
1513
1514	switch (cmd) {
1515	case IPC_STAT:
1516	case SHM_STAT:
1517		may = MAY_READ;
1518		break;
1519	case IPC_SET:
1520	case SHM_LOCK:
1521	case SHM_UNLOCK:
1522	case IPC_RMID:
1523		may = MAY_READWRITE;
1524		break;
1525	case IPC_INFO:
1526	case SHM_INFO:
1527		/*
1528		 * System level information.
1529		 */
1530		return 0;
1531	default:
1532		return -EINVAL;
1533	}
1534
1535	return smk_curacc(ssp, may);
1536}
1537
1538/**
1539 * smack_shm_shmat - Smack access for shmat
1540 * @shp: the object
1541 * @shmaddr: unused
1542 * @shmflg: access requested
1543 *
1544 * Returns 0 if current has the requested access, error code otherwise
1545 */
1546static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
1547			   int shmflg)
1548{
1549	char *ssp = smack_of_shm(shp);
1550	int may;
1551
1552	may = smack_flags_to_may(shmflg);
1553	return smk_curacc(ssp, may);
1554}
1555
1556/**
1557 * smack_of_sem - the smack pointer for the sem
1558 * @sma: the object
1559 *
1560 * Returns a pointer to the smack value
1561 */
1562static char *smack_of_sem(struct sem_array *sma)
1563{
1564	return (char *)sma->sem_perm.security;
1565}
1566
1567/**
1568 * smack_sem_alloc_security - Set the security blob for sem
1569 * @sma: the object
1570 *
1571 * Returns 0
1572 */
1573static int smack_sem_alloc_security(struct sem_array *sma)
1574{
1575	struct kern_ipc_perm *isp = &sma->sem_perm;
1576
1577	isp->security = current->security;
1578	return 0;
1579}
1580
1581/**
1582 * smack_sem_free_security - Clear the security blob for sem
1583 * @sma: the object
1584 *
1585 * Clears the blob pointer
1586 */
1587static void smack_sem_free_security(struct sem_array *sma)
1588{
1589	struct kern_ipc_perm *isp = &sma->sem_perm;
1590
1591	isp->security = NULL;
1592}
1593
1594/**
1595 * smack_sem_associate - Smack access check for sem
1596 * @sma: the object
1597 * @semflg: access requested
1598 *
1599 * Returns 0 if current has the requested access, error code otherwise
1600 */
1601static int smack_sem_associate(struct sem_array *sma, int semflg)
1602{
1603	char *ssp = smack_of_sem(sma);
1604	int may;
1605
1606	may = smack_flags_to_may(semflg);
1607	return smk_curacc(ssp, may);
1608}
1609
1610/**
1611 * smack_sem_shmctl - Smack access check for sem
1612 * @sma: the object
1613 * @cmd: what it wants to do
1614 *
1615 * Returns 0 if current has the requested access, error code otherwise
1616 */
1617static int smack_sem_semctl(struct sem_array *sma, int cmd)
1618{
1619	char *ssp = smack_of_sem(sma);
1620	int may;
1621
1622	switch (cmd) {
1623	case GETPID:
1624	case GETNCNT:
1625	case GETZCNT:
1626	case GETVAL:
1627	case GETALL:
1628	case IPC_STAT:
1629	case SEM_STAT:
1630		may = MAY_READ;
1631		break;
1632	case SETVAL:
1633	case SETALL:
1634	case IPC_RMID:
1635	case IPC_SET:
1636		may = MAY_READWRITE;
1637		break;
1638	case IPC_INFO:
1639	case SEM_INFO:
1640		/*
1641		 * System level information
1642		 */
1643		return 0;
1644	default:
1645		return -EINVAL;
1646	}
1647
1648	return smk_curacc(ssp, may);
1649}
1650
1651/**
1652 * smack_sem_semop - Smack checks of semaphore operations
1653 * @sma: the object
1654 * @sops: unused
1655 * @nsops: unused
1656 * @alter: unused
1657 *
1658 * Treated as read and write in all cases.
1659 *
1660 * Returns 0 if access is allowed, error code otherwise
1661 */
1662static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
1663			   unsigned nsops, int alter)
1664{
1665	char *ssp = smack_of_sem(sma);
1666
1667	return smk_curacc(ssp, MAY_READWRITE);
1668}
1669
1670/**
1671 * smack_msg_alloc_security - Set the security blob for msg
1672 * @msq: the object
1673 *
1674 * Returns 0
1675 */
1676static int smack_msg_queue_alloc_security(struct msg_queue *msq)
1677{
1678	struct kern_ipc_perm *kisp = &msq->q_perm;
1679
1680	kisp->security = current->security;
1681	return 0;
1682}
1683
1684/**
1685 * smack_msg_free_security - Clear the security blob for msg
1686 * @msq: the object
1687 *
1688 * Clears the blob pointer
1689 */
1690static void smack_msg_queue_free_security(struct msg_queue *msq)
1691{
1692	struct kern_ipc_perm *kisp = &msq->q_perm;
1693
1694	kisp->security = NULL;
1695}
1696
1697/**
1698 * smack_of_msq - the smack pointer for the msq
1699 * @msq: the object
1700 *
1701 * Returns a pointer to the smack value
1702 */
1703static char *smack_of_msq(struct msg_queue *msq)
1704{
1705	return (char *)msq->q_perm.security;
1706}
1707
1708/**
1709 * smack_msg_queue_associate - Smack access check for msg_queue
1710 * @msq: the object
1711 * @msqflg: access requested
1712 *
1713 * Returns 0 if current has the requested access, error code otherwise
1714 */
1715static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
1716{
1717	char *msp = smack_of_msq(msq);
1718	int may;
1719
1720	may = smack_flags_to_may(msqflg);
1721	return smk_curacc(msp, may);
1722}
1723
1724/**
1725 * smack_msg_queue_msgctl - Smack access check for msg_queue
1726 * @msq: the object
1727 * @cmd: what it wants to do
1728 *
1729 * Returns 0 if current has the requested access, error code otherwise
1730 */
1731static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1732{
1733	char *msp = smack_of_msq(msq);
1734	int may;
1735
1736	switch (cmd) {
1737	case IPC_STAT:
1738	case MSG_STAT:
1739		may = MAY_READ;
1740		break;
1741	case IPC_SET:
1742	case IPC_RMID:
1743		may = MAY_READWRITE;
1744		break;
1745	case IPC_INFO:
1746	case MSG_INFO:
1747		/*
1748		 * System level information
1749		 */
1750		return 0;
1751	default:
1752		return -EINVAL;
1753	}
1754
1755	return smk_curacc(msp, may);
1756}
1757
1758/**
1759 * smack_msg_queue_msgsnd - Smack access check for msg_queue
1760 * @msq: the object
1761 * @msg: unused
1762 * @msqflg: access requested
1763 *
1764 * Returns 0 if current has the requested access, error code otherwise
1765 */
1766static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
1767				  int msqflg)
1768{
1769	char *msp = smack_of_msq(msq);
1770	int rc;
1771
1772	rc = smack_flags_to_may(msqflg);
1773	return smk_curacc(msp, rc);
1774}
1775
1776/**
1777 * smack_msg_queue_msgsnd - Smack access check for msg_queue
1778 * @msq: the object
1779 * @msg: unused
1780 * @target: unused
1781 * @type: unused
1782 * @mode: unused
1783 *
1784 * Returns 0 if current has read and write access, error code otherwise
1785 */
1786static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1787			struct task_struct *target, long type, int mode)
1788{
1789	char *msp = smack_of_msq(msq);
1790
1791	return smk_curacc(msp, MAY_READWRITE);
1792}
1793
1794/**
1795 * smack_ipc_permission - Smack access for ipc_permission()
1796 * @ipp: the object permissions
1797 * @flag: access requested
1798 *
1799 * Returns 0 if current has read and write access, error code otherwise
1800 */
1801static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
1802{
1803	char *isp = ipp->security;
1804	int may;
1805
1806	may = smack_flags_to_may(flag);
1807	return smk_curacc(isp, may);
1808}
1809
1810/* module stacking operations */
1811
1812/**
1813 * smack_register_security - stack capability module
1814 * @name: module name
1815 * @ops: module operations - ignored
1816 *
1817 * Allow the capability module to register.
1818 */
1819static int smack_register_security(const char *name,
1820				   struct security_operations *ops)
1821{
1822	if (strcmp(name, "capability") != 0)
1823		return -EINVAL;
1824
1825	printk(KERN_INFO "%s:  Registering secondary module %s\n",
1826	       __func__, name);
1827
1828	return 0;
1829}
1830
1831/**
1832 * smack_d_instantiate - Make sure the blob is correct on an inode
1833 * @opt_dentry: unused
1834 * @inode: the object
1835 *
1836 * Set the inode's security blob if it hasn't been done already.
1837 */
1838static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
1839{
1840	struct super_block *sbp;
1841	struct superblock_smack *sbsp;
1842	struct inode_smack *isp;
1843	char *csp = current->security;
1844	char *fetched;
1845	char *final;
1846	struct dentry *dp;
1847
1848	if (inode == NULL)
1849		return;
1850
1851	isp = inode->i_security;
1852
1853	mutex_lock(&isp->smk_lock);
1854	/*
1855	 * If the inode is already instantiated
1856	 * take the quick way out
1857	 */
1858	if (isp->smk_flags & SMK_INODE_INSTANT)
1859		goto unlockandout;
1860
1861	sbp = inode->i_sb;
1862	sbsp = sbp->s_security;
1863	/*
1864	 * We're going to use the superblock default label
1865	 * if there's no label on the file.
1866	 */
1867	final = sbsp->smk_default;
1868
1869	/*
1870	 * This is pretty hackish.
1871	 * Casey says that we shouldn't have to do
1872	 * file system specific code, but it does help
1873	 * with keeping it simple.
1874	 */
1875	switch (sbp->s_magic) {
1876	case SMACK_MAGIC:
1877		/*
1878		 * Casey says that it's a little embarassing
1879		 * that the smack file system doesn't do
1880		 * extended attributes.
1881		 */
1882		final = smack_known_star.smk_known;
1883		break;
1884	case PIPEFS_MAGIC:
1885		/*
1886		 * Casey says pipes are easy (?)
1887		 */
1888		final = smack_known_star.smk_known;
1889		break;
1890	case DEVPTS_SUPER_MAGIC:
1891		/*
1892		 * devpts seems content with the label of the task.
1893		 * Programs that change smack have to treat the
1894		 * pty with respect.
1895		 */
1896		final = csp;
1897		break;
1898	case SOCKFS_MAGIC:
1899		/*
1900		 * Casey says sockets get the smack of the task.
1901		 */
1902		final = csp;
1903		break;
1904	case PROC_SUPER_MAGIC:
1905		/*
1906		 * Casey says procfs appears not to care.
1907		 * The superblock default suffices.
1908		 */
1909		break;
1910	case TMPFS_MAGIC:
1911		/*
1912		 * Device labels should come from the filesystem,
1913		 * but watch out, because they're volitile,
1914		 * getting recreated on every reboot.
1915		 */
1916		final = smack_known_star.smk_known;
1917		/*
1918		 * No break.
1919		 *
1920		 * If a smack value has been set we want to use it,
1921		 * but since tmpfs isn't giving us the opportunity
1922		 * to set mount options simulate setting the
1923		 * superblock default.
1924		 */
1925	default:
1926		/*
1927		 * This isn't an understood special case.
1928		 * Get the value from the xattr.
1929		 *
1930		 * No xattr support means, alas, no SMACK label.
1931		 * Use the aforeapplied default.
1932		 * It would be curious if the label of the task
1933		 * does not match that assigned.
1934		 */
1935		if (inode->i_op->getxattr == NULL)
1936			break;
1937		/*
1938		 * Get the dentry for xattr.
1939		 */
1940		if (opt_dentry == NULL) {
1941			dp = d_find_alias(inode);
1942			if (dp == NULL)
1943				break;
1944		} else {
1945			dp = dget(opt_dentry);
1946			if (dp == NULL)
1947				break;
1948		}
1949
1950		fetched = smk_fetch(inode, dp);
1951		if (fetched != NULL)
1952			final = fetched;
1953
1954		dput(dp);
1955		break;
1956	}
1957
1958	if (final == NULL)
1959		isp->smk_inode = csp;
1960	else
1961		isp->smk_inode = final;
1962
1963	isp->smk_flags |= SMK_INODE_INSTANT;
1964
1965unlockandout:
1966	mutex_unlock(&isp->smk_lock);
1967	return;
1968}
1969
1970/**
1971 * smack_getprocattr - Smack process attribute access
1972 * @p: the object task
1973 * @name: the name of the attribute in /proc/.../attr
1974 * @value: where to put the result
1975 *
1976 * Places a copy of the task Smack into value
1977 *
1978 * Returns the length of the smack label or an error code
1979 */
1980static int smack_getprocattr(struct task_struct *p, char *name, char **value)
1981{
1982	char *cp;
1983	int slen;
1984
1985	if (strcmp(name, "current") != 0)
1986		return -EINVAL;
1987
1988	cp = kstrdup(p->security, GFP_KERNEL);
1989	if (cp == NULL)
1990		return -ENOMEM;
1991
1992	slen = strlen(cp);
1993	*value = cp;
1994	return slen;
1995}
1996
1997/**
1998 * smack_setprocattr - Smack process attribute setting
1999 * @p: the object task
2000 * @name: the name of the attribute in /proc/.../attr
2001 * @value: the value to set
2002 * @size: the size of the value
2003 *
2004 * Sets the Smack value of the task. Only setting self
2005 * is permitted and only with privilege
2006 *
2007 * Returns the length of the smack label or an error code
2008 */
2009static int smack_setprocattr(struct task_struct *p, char *name,
2010			     void *value, size_t size)
2011{
2012	char *newsmack;
2013
2014	if (!__capable(p, CAP_MAC_ADMIN))
2015		return -EPERM;
2016
2017	/*
2018	 * Changing another process' Smack value is too dangerous
2019	 * and supports no sane use case.
2020	 */
2021	if (p != current)
2022		return -EPERM;
2023
2024	if (value == NULL || size == 0 || size >= SMK_LABELLEN)
2025		return -EINVAL;
2026
2027	if (strcmp(name, "current") != 0)
2028		return -EINVAL;
2029
2030	newsmack = smk_import(value, size);
2031	if (newsmack == NULL)
2032		return -EINVAL;
2033
2034	p->security = newsmack;
2035	return size;
2036}
2037
2038/**
2039 * smack_unix_stream_connect - Smack access on UDS
2040 * @sock: one socket
2041 * @other: the other socket
2042 * @newsk: unused
2043 *
2044 * Return 0 if a subject with the smack of sock could access
2045 * an object with the smack of other, otherwise an error code
2046 */
2047static int smack_unix_stream_connect(struct socket *sock,
2048				     struct socket *other, struct sock *newsk)
2049{
2050	struct inode *sp = SOCK_INODE(sock);
2051	struct inode *op = SOCK_INODE(other);
2052
2053	return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE);
2054}
2055
2056/**
2057 * smack_unix_may_send - Smack access on UDS
2058 * @sock: one socket
2059 * @other: the other socket
2060 *
2061 * Return 0 if a subject with the smack of sock could access
2062 * an object with the smack of other, otherwise an error code
2063 */
2064static int smack_unix_may_send(struct socket *sock, struct socket *other)
2065{
2066	struct inode *sp = SOCK_INODE(sock);
2067	struct inode *op = SOCK_INODE(other);
2068
2069	return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE);
2070}
2071
2072/**
2073 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat
2074 * 	pair to smack
2075 * @sap: netlabel secattr
2076 * @sip: where to put the result
2077 *
2078 * Copies a smack label into sip
2079 */
2080static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip)
2081{
2082	char smack[SMK_LABELLEN];
2083	int pcat;
2084
2085	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) == 0) {
2086		/*
2087		 * If there are flags but no level netlabel isn't
2088		 * behaving the way we expect it to.
2089		 *
2090		 * Without guidance regarding the smack value
2091		 * for the packet fall back on the network
2092		 * ambient value.
2093		 */
2094		strncpy(sip, smack_net_ambient, SMK_MAXLEN);
2095		return;
2096	}
2097	/*
2098	 * Get the categories, if any
2099	 */
2100	memset(smack, '\0', SMK_LABELLEN);
2101	if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2102		for (pcat = -1;;) {
2103			pcat = netlbl_secattr_catmap_walk(sap->attr.mls.cat,
2104							  pcat + 1);
2105			if (pcat < 0)
2106				break;
2107			smack_catset_bit(pcat, smack);
2108		}
2109	/*
2110	 * If it is CIPSO using smack direct mapping
2111	 * we are already done. WeeHee.
2112	 */
2113	if (sap->attr.mls.lvl == smack_cipso_direct) {
2114		memcpy(sip, smack, SMK_MAXLEN);
2115		return;
2116	}
2117	/*
2118	 * Look it up in the supplied table if it is not a direct mapping.
2119	 */
2120	smack_from_cipso(sap->attr.mls.lvl, smack, sip);
2121	return;
2122}
2123
2124/**
2125 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2126 * @sk: socket
2127 * @skb: packet
2128 *
2129 * Returns 0 if the packet should be delivered, an error code otherwise
2130 */
2131static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2132{
2133	struct netlbl_lsm_secattr secattr;
2134	struct socket_smack *ssp = sk->sk_security;
2135	char smack[SMK_LABELLEN];
2136	int rc;
2137
2138	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2139		return 0;
2140
2141	/*
2142	 * Translate what netlabel gave us.
2143	 */
2144	memset(smack, '\0', SMK_LABELLEN);
2145	netlbl_secattr_init(&secattr);
2146	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2147	if (rc == 0)
2148		smack_from_secattr(&secattr, smack);
2149	else
2150		strncpy(smack, smack_net_ambient, SMK_MAXLEN);
2151	netlbl_secattr_destroy(&secattr);
2152	/*
2153	 * Receiving a packet requires that the other end
2154	 * be able to write here. Read access is not required.
2155	 * This is the simplist possible security model
2156	 * for networking.
2157	 */
2158	return smk_access(smack, ssp->smk_in, MAY_WRITE);
2159}
2160
2161/**
2162 * smack_socket_getpeersec_stream - pull in packet label
2163 * @sock: the socket
2164 * @optval: user's destination
2165 * @optlen: size thereof
2166 * @len: max thereoe
2167 *
2168 * returns zero on success, an error code otherwise
2169 */
2170static int smack_socket_getpeersec_stream(struct socket *sock,
2171					  char __user *optval,
2172					  int __user *optlen, unsigned len)
2173{
2174	struct socket_smack *ssp;
2175	int slen;
2176	int rc = 0;
2177
2178	ssp = sock->sk->sk_security;
2179	slen = strlen(ssp->smk_packet) + 1;
2180
2181	if (slen > len)
2182		rc = -ERANGE;
2183	else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
2184		rc = -EFAULT;
2185
2186	if (put_user(slen, optlen) != 0)
2187		rc = -EFAULT;
2188
2189	return rc;
2190}
2191
2192
2193/**
2194 * smack_socket_getpeersec_dgram - pull in packet label
2195 * @sock: the socket
2196 * @skb: packet data
2197 * @secid: pointer to where to put the secid of the packet
2198 *
2199 * Sets the netlabel socket state on sk from parent
2200 */
2201static int smack_socket_getpeersec_dgram(struct socket *sock,
2202					 struct sk_buff *skb, u32 *secid)
2203
2204{
2205	struct netlbl_lsm_secattr secattr;
2206	struct sock *sk;
2207	char smack[SMK_LABELLEN];
2208	int family = PF_INET;
2209	u32 s;
2210	int rc;
2211
2212	/*
2213	 * Only works for families with packets.
2214	 */
2215	if (sock != NULL) {
2216		sk = sock->sk;
2217		if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2218			return 0;
2219		family = sk->sk_family;
2220	}
2221	/*
2222	 * Translate what netlabel gave us.
2223	 */
2224	memset(smack, '\0', SMK_LABELLEN);
2225	netlbl_secattr_init(&secattr);
2226	rc = netlbl_skbuff_getattr(skb, family, &secattr);
2227	if (rc == 0)
2228		smack_from_secattr(&secattr, smack);
2229	netlbl_secattr_destroy(&secattr);
2230
2231	/*
2232	 * Give up if we couldn't get anything
2233	 */
2234	if (rc != 0)
2235		return rc;
2236
2237	s = smack_to_secid(smack);
2238	if (s == 0)
2239		return -EINVAL;
2240
2241	*secid = s;
2242	return 0;
2243}
2244
2245/**
2246 * smack_sock_graft - graft access state between two sockets
2247 * @sk: fresh sock
2248 * @parent: donor socket
2249 *
2250 * Sets the netlabel socket state on sk from parent
2251 */
2252static void smack_sock_graft(struct sock *sk, struct socket *parent)
2253{
2254	struct socket_smack *ssp;
2255	int rc;
2256
2257	if (sk == NULL)
2258		return;
2259
2260	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2261		return;
2262
2263	ssp = sk->sk_security;
2264	ssp->smk_in = current->security;
2265	ssp->smk_out = current->security;
2266	ssp->smk_packet[0] = '\0';
2267
2268	rc = smack_netlabel(sk);
2269	if (rc != 0)
2270		printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
2271		       __func__, -rc);
2272}
2273
2274/**
2275 * smack_inet_conn_request - Smack access check on connect
2276 * @sk: socket involved
2277 * @skb: packet
2278 * @req: unused
2279 *
2280 * Returns 0 if a task with the packet label could write to
2281 * the socket, otherwise an error code
2282 */
2283static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
2284				   struct request_sock *req)
2285{
2286	struct netlbl_lsm_secattr skb_secattr;
2287	struct socket_smack *ssp = sk->sk_security;
2288	char smack[SMK_LABELLEN];
2289	int rc;
2290
2291	if (skb == NULL)
2292		return -EACCES;
2293
2294	memset(smack, '\0', SMK_LABELLEN);
2295	netlbl_secattr_init(&skb_secattr);
2296	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &skb_secattr);
2297	if (rc == 0)
2298		smack_from_secattr(&skb_secattr, smack);
2299	else
2300		strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
2301	netlbl_secattr_destroy(&skb_secattr);
2302	/*
2303	 * Receiving a packet requires that the other end
2304	 * be able to write here. Read access is not required.
2305	 *
2306	 * If the request is successful save the peer's label
2307	 * so that SO_PEERCRED can report it.
2308	 */
2309	rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
2310	if (rc == 0)
2311		strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
2312
2313	return rc;
2314}
2315
2316/*
2317 * Key management security hooks
2318 *
2319 * Casey has not tested key support very heavily.
2320 * The permission check is most likely too restrictive.
2321 * If you care about keys please have a look.
2322 */
2323#ifdef CONFIG_KEYS
2324
2325/**
2326 * smack_key_alloc - Set the key security blob
2327 * @key: object
2328 * @tsk: the task associated with the key
2329 * @flags: unused
2330 *
2331 * No allocation required
2332 *
2333 * Returns 0
2334 */
2335static int smack_key_alloc(struct key *key, struct task_struct *tsk,
2336			   unsigned long flags)
2337{
2338	key->security = tsk->security;
2339	return 0;
2340}
2341
2342/**
2343 * smack_key_free - Clear the key security blob
2344 * @key: the object
2345 *
2346 * Clear the blob pointer
2347 */
2348static void smack_key_free(struct key *key)
2349{
2350	key->security = NULL;
2351}
2352
2353/*
2354 * smack_key_permission - Smack access on a key
2355 * @key_ref: gets to the object
2356 * @context: task involved
2357 * @perm: unused
2358 *
2359 * Return 0 if the task has read and write to the object,
2360 * an error code otherwise
2361 */
2362static int smack_key_permission(key_ref_t key_ref,
2363				struct task_struct *context, key_perm_t perm)
2364{
2365	struct key *keyp;
2366
2367	keyp = key_ref_to_ptr(key_ref);
2368	if (keyp == NULL)
2369		return -EINVAL;
2370	/*
2371	 * If the key hasn't been initialized give it access so that
2372	 * it may do so.
2373	 */
2374	if (keyp->security == NULL)
2375		return 0;
2376	/*
2377	 * This should not occur
2378	 */
2379	if (context->security == NULL)
2380		return -EACCES;
2381
2382	return smk_access(context->security, keyp->security, MAY_READWRITE);
2383}
2384#endif /* CONFIG_KEYS */
2385
2386/*
2387 * smack_secid_to_secctx - return the smack label for a secid
2388 * @secid: incoming integer
2389 * @secdata: destination
2390 * @seclen: how long it is
2391 *
2392 * Exists for networking code.
2393 */
2394static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2395{
2396	char *sp = smack_from_secid(secid);
2397
2398	*secdata = sp;
2399	*seclen = strlen(sp);
2400	return 0;
2401}
2402
2403/*
2404 * smack_secctx_to_secid - return the secid for a smack label
2405 * @secdata: smack label
2406 * @seclen: how long result is
2407 * @secid: outgoing integer
2408 *
2409 * Exists for audit and networking code.
2410 */
2411static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
2412{
2413	*secid = smack_to_secid(secdata);
2414	return 0;
2415}
2416
2417/*
2418 * smack_release_secctx - don't do anything.
2419 * @key_ref: unused
2420 * @context: unused
2421 * @perm: unused
2422 *
2423 * Exists to make sure nothing gets done, and properly
2424 */
2425static void smack_release_secctx(char *secdata, u32 seclen)
2426{
2427}
2428
2429static struct security_operations smack_ops = {
2430	.ptrace = 			smack_ptrace,
2431	.capget = 			cap_capget,
2432	.capset_check = 		cap_capset_check,
2433	.capset_set = 			cap_capset_set,
2434	.capable = 			cap_capable,
2435	.syslog = 			smack_syslog,
2436	.settime = 			cap_settime,
2437	.vm_enough_memory = 		cap_vm_enough_memory,
2438
2439	.bprm_apply_creds = 		cap_bprm_apply_creds,
2440	.bprm_set_security = 		cap_bprm_set_security,
2441	.bprm_secureexec = 		cap_bprm_secureexec,
2442
2443	.sb_alloc_security = 		smack_sb_alloc_security,
2444	.sb_free_security = 		smack_sb_free_security,
2445	.sb_copy_data = 		smack_sb_copy_data,
2446	.sb_kern_mount = 		smack_sb_kern_mount,
2447	.sb_statfs = 			smack_sb_statfs,
2448	.sb_mount = 			smack_sb_mount,
2449	.sb_umount = 			smack_sb_umount,
2450
2451	.inode_alloc_security = 	smack_inode_alloc_security,
2452	.inode_free_security = 		smack_inode_free_security,
2453	.inode_init_security = 		smack_inode_init_security,
2454	.inode_link = 			smack_inode_link,
2455	.inode_unlink = 		smack_inode_unlink,
2456	.inode_rmdir = 			smack_inode_rmdir,
2457	.inode_rename = 		smack_inode_rename,
2458	.inode_permission = 		smack_inode_permission,
2459	.inode_setattr = 		smack_inode_setattr,
2460	.inode_getattr = 		smack_inode_getattr,
2461	.inode_setxattr = 		smack_inode_setxattr,
2462	.inode_post_setxattr = 		smack_inode_post_setxattr,
2463	.inode_getxattr = 		smack_inode_getxattr,
2464	.inode_removexattr = 		smack_inode_removexattr,
2465	.inode_need_killpriv =		cap_inode_need_killpriv,
2466	.inode_killpriv =		cap_inode_killpriv,
2467	.inode_getsecurity = 		smack_inode_getsecurity,
2468	.inode_setsecurity = 		smack_inode_setsecurity,
2469	.inode_listsecurity = 		smack_inode_listsecurity,
2470
2471	.file_permission = 		smack_file_permission,
2472	.file_alloc_security = 		smack_file_alloc_security,
2473	.file_free_security = 		smack_file_free_security,
2474	.file_ioctl = 			smack_file_ioctl,
2475	.file_lock = 			smack_file_lock,
2476	.file_fcntl = 			smack_file_fcntl,
2477	.file_set_fowner = 		smack_file_set_fowner,
2478	.file_send_sigiotask = 		smack_file_send_sigiotask,
2479	.file_receive = 		smack_file_receive,
2480
2481	.task_alloc_security = 		smack_task_alloc_security,
2482	.task_free_security = 		smack_task_free_security,
2483	.task_post_setuid =		cap_task_post_setuid,
2484	.task_setpgid = 		smack_task_setpgid,
2485	.task_getpgid = 		smack_task_getpgid,
2486	.task_getsid = 			smack_task_getsid,
2487	.task_getsecid = 		smack_task_getsecid,
2488	.task_setnice = 		smack_task_setnice,
2489	.task_setioprio = 		smack_task_setioprio,
2490	.task_getioprio = 		smack_task_getioprio,
2491	.task_setscheduler = 		smack_task_setscheduler,
2492	.task_getscheduler = 		smack_task_getscheduler,
2493	.task_movememory = 		smack_task_movememory,
2494	.task_kill = 			smack_task_kill,
2495	.task_wait = 			smack_task_wait,
2496	.task_reparent_to_init =	cap_task_reparent_to_init,
2497	.task_to_inode = 		smack_task_to_inode,
2498
2499	.ipc_permission = 		smack_ipc_permission,
2500
2501	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
2502	.msg_msg_free_security = 	smack_msg_msg_free_security,
2503
2504	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
2505	.msg_queue_free_security = 	smack_msg_queue_free_security,
2506	.msg_queue_associate = 		smack_msg_queue_associate,
2507	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
2508	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
2509	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
2510
2511	.shm_alloc_security = 		smack_shm_alloc_security,
2512	.shm_free_security = 		smack_shm_free_security,
2513	.shm_associate = 		smack_shm_associate,
2514	.shm_shmctl = 			smack_shm_shmctl,
2515	.shm_shmat = 			smack_shm_shmat,
2516
2517	.sem_alloc_security = 		smack_sem_alloc_security,
2518	.sem_free_security = 		smack_sem_free_security,
2519	.sem_associate = 		smack_sem_associate,
2520	.sem_semctl = 			smack_sem_semctl,
2521	.sem_semop = 			smack_sem_semop,
2522
2523	.netlink_send =			cap_netlink_send,
2524	.netlink_recv = 		cap_netlink_recv,
2525
2526	.register_security = 		smack_register_security,
2527
2528	.d_instantiate = 		smack_d_instantiate,
2529
2530	.getprocattr = 			smack_getprocattr,
2531	.setprocattr = 			smack_setprocattr,
2532
2533	.unix_stream_connect = 		smack_unix_stream_connect,
2534	.unix_may_send = 		smack_unix_may_send,
2535
2536	.socket_post_create = 		smack_socket_post_create,
2537	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
2538	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
2539	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
2540	.sk_alloc_security = 		smack_sk_alloc_security,
2541	.sk_free_security = 		smack_sk_free_security,
2542	.sock_graft = 			smack_sock_graft,
2543	.inet_conn_request = 		smack_inet_conn_request,
2544 /* key management security hooks */
2545#ifdef CONFIG_KEYS
2546	.key_alloc = 			smack_key_alloc,
2547	.key_free = 			smack_key_free,
2548	.key_permission = 		smack_key_permission,
2549#endif /* CONFIG_KEYS */
2550	.secid_to_secctx = 		smack_secid_to_secctx,
2551	.secctx_to_secid = 		smack_secctx_to_secid,
2552	.release_secctx = 		smack_release_secctx,
2553};
2554
2555/**
2556 * smack_init - initialize the smack system
2557 *
2558 * Returns 0
2559 */
2560static __init int smack_init(void)
2561{
2562	printk(KERN_INFO "Smack:  Initializing.\n");
2563
2564	/*
2565	 * Set the security state for the initial task.
2566	 */
2567	current->security = &smack_known_floor.smk_known;
2568
2569	/*
2570	 * Initialize locks
2571	 */
2572	spin_lock_init(&smack_known_unset.smk_cipsolock);
2573	spin_lock_init(&smack_known_huh.smk_cipsolock);
2574	spin_lock_init(&smack_known_hat.smk_cipsolock);
2575	spin_lock_init(&smack_known_star.smk_cipsolock);
2576	spin_lock_init(&smack_known_floor.smk_cipsolock);
2577	spin_lock_init(&smack_known_invalid.smk_cipsolock);
2578
2579	/*
2580	 * Register with LSM
2581	 */
2582	if (register_security(&smack_ops))
2583		panic("smack: Unable to register with kernel.\n");
2584
2585	return 0;
2586}
2587
2588/*
2589 * Smack requires early initialization in order to label
2590 * all processes and objects when they are created.
2591 */
2592security_initcall(smack_init);
2593
Configure Feed

Configure Feed
