security/smack/smack_lsm.c at v2.6.37-rc1

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / smack / smack_lsm.c
at v2.6.37-rc1 3246 lines 78 kB view raw
wrap content
   1/*
   2 *  Simplified MAC Kernel (smack) security module
   3 *
   4 *  This file contains the smack hook function implementations.
   5 *
   6 *  Author:
   7 *	Casey Schaufler <casey@schaufler-ca.com>
   8 *
   9 *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  10 *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  11 *                Paul Moore <paul.moore@hp.com>
  12 *
  13 *	This program is free software; you can redistribute it and/or modify
  14 *	it under the terms of the GNU General Public License version 2,
  15 *      as published by the Free Software Foundation.
  16 */
  17
  18#include <linux/xattr.h>
  19#include <linux/pagemap.h>
  20#include <linux/mount.h>
  21#include <linux/stat.h>
  22#include <linux/kd.h>
  23#include <asm/ioctls.h>
  24#include <linux/ip.h>
  25#include <linux/tcp.h>
  26#include <linux/udp.h>
  27#include <linux/slab.h>
  28#include <linux/mutex.h>
  29#include <linux/pipe_fs_i.h>
  30#include <net/netlabel.h>
  31#include <net/cipso_ipv4.h>
  32#include <linux/audit.h>
  33#include <linux/magic.h>
  34#include "smack.h"
  35
  36#define task_security(task)	(task_cred_xxx((task), security))
  37
  38/**
  39 * smk_fetch - Fetch the smack label from a file.
  40 * @ip: a pointer to the inode
  41 * @dp: a pointer to the dentry
  42 *
  43 * Returns a pointer to the master list entry for the Smack label
  44 * or NULL if there was no label to fetch.
  45 */
  46static char *smk_fetch(struct inode *ip, struct dentry *dp)
  47{
  48	int rc;
  49	char in[SMK_LABELLEN];
  50
  51	if (ip->i_op->getxattr == NULL)
  52		return NULL;
  53
  54	rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN);
  55	if (rc < 0)
  56		return NULL;
  57
  58	return smk_import(in, rc);
  59}
  60
  61/**
  62 * new_inode_smack - allocate an inode security blob
  63 * @smack: a pointer to the Smack label to use in the blob
  64 *
  65 * Returns the new blob or NULL if there's no memory available
  66 */
  67struct inode_smack *new_inode_smack(char *smack)
  68{
  69	struct inode_smack *isp;
  70
  71	isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
  72	if (isp == NULL)
  73		return NULL;
  74
  75	isp->smk_inode = smack;
  76	isp->smk_flags = 0;
  77	mutex_init(&isp->smk_lock);
  78
  79	return isp;
  80}
  81
  82/*
  83 * LSM hooks.
  84 * We he, that is fun!
  85 */
  86
  87/**
  88 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
  89 * @ctp: child task pointer
  90 * @mode: ptrace attachment mode
  91 *
  92 * Returns 0 if access is OK, an error code otherwise
  93 *
  94 * Do the capability checks, and require read and write.
  95 */
  96static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
  97{
  98	int rc;
  99	struct smk_audit_info ad;
 100	char *sp, *tsp;
 101
 102	rc = cap_ptrace_access_check(ctp, mode);
 103	if (rc != 0)
 104		return rc;
 105
 106	sp = current_security();
 107	tsp = task_security(ctp);
 108	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 109	smk_ad_setfield_u_tsk(&ad, ctp);
 110
 111	/* we won't log here, because rc can be overriden */
 112	rc = smk_access(sp, tsp, MAY_READWRITE, NULL);
 113	if (rc != 0 && capable(CAP_MAC_OVERRIDE))
 114		rc = 0;
 115
 116	smack_log(sp, tsp, MAY_READWRITE, rc, &ad);
 117	return rc;
 118}
 119
 120/**
 121 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
 122 * @ptp: parent task pointer
 123 *
 124 * Returns 0 if access is OK, an error code otherwise
 125 *
 126 * Do the capability checks, and require read and write.
 127 */
 128static int smack_ptrace_traceme(struct task_struct *ptp)
 129{
 130	int rc;
 131	struct smk_audit_info ad;
 132	char *sp, *tsp;
 133
 134	rc = cap_ptrace_traceme(ptp);
 135	if (rc != 0)
 136		return rc;
 137
 138	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 139	smk_ad_setfield_u_tsk(&ad, ptp);
 140
 141	sp = current_security();
 142	tsp = task_security(ptp);
 143	/* we won't log here, because rc can be overriden */
 144	rc = smk_access(tsp, sp, MAY_READWRITE, NULL);
 145	if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
 146		rc = 0;
 147
 148	smack_log(tsp, sp, MAY_READWRITE, rc, &ad);
 149	return rc;
 150}
 151
 152/**
 153 * smack_syslog - Smack approval on syslog
 154 * @type: message type
 155 *
 156 * Require that the task has the floor label
 157 *
 158 * Returns 0 on success, error code otherwise.
 159 */
 160static int smack_syslog(int type, bool from_file)
 161{
 162	int rc;
 163	char *sp = current_security();
 164
 165	rc = cap_syslog(type, from_file);
 166	if (rc != 0)
 167		return rc;
 168
 169	if (capable(CAP_MAC_OVERRIDE))
 170		return 0;
 171
 172	 if (sp != smack_known_floor.smk_known)
 173		rc = -EACCES;
 174
 175	return rc;
 176}
 177
 178
 179/*
 180 * Superblock Hooks.
 181 */
 182
 183/**
 184 * smack_sb_alloc_security - allocate a superblock blob
 185 * @sb: the superblock getting the blob
 186 *
 187 * Returns 0 on success or -ENOMEM on error.
 188 */
 189static int smack_sb_alloc_security(struct super_block *sb)
 190{
 191	struct superblock_smack *sbsp;
 192
 193	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
 194
 195	if (sbsp == NULL)
 196		return -ENOMEM;
 197
 198	sbsp->smk_root = smack_known_floor.smk_known;
 199	sbsp->smk_default = smack_known_floor.smk_known;
 200	sbsp->smk_floor = smack_known_floor.smk_known;
 201	sbsp->smk_hat = smack_known_hat.smk_known;
 202	sbsp->smk_initialized = 0;
 203	spin_lock_init(&sbsp->smk_sblock);
 204
 205	sb->s_security = sbsp;
 206
 207	return 0;
 208}
 209
 210/**
 211 * smack_sb_free_security - free a superblock blob
 212 * @sb: the superblock getting the blob
 213 *
 214 */
 215static void smack_sb_free_security(struct super_block *sb)
 216{
 217	kfree(sb->s_security);
 218	sb->s_security = NULL;
 219}
 220
 221/**
 222 * smack_sb_copy_data - copy mount options data for processing
 223 * @orig: where to start
 224 * @smackopts: mount options string
 225 *
 226 * Returns 0 on success or -ENOMEM on error.
 227 *
 228 * Copy the Smack specific mount options out of the mount
 229 * options list.
 230 */
 231static int smack_sb_copy_data(char *orig, char *smackopts)
 232{
 233	char *cp, *commap, *otheropts, *dp;
 234
 235	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
 236	if (otheropts == NULL)
 237		return -ENOMEM;
 238
 239	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
 240		if (strstr(cp, SMK_FSDEFAULT) == cp)
 241			dp = smackopts;
 242		else if (strstr(cp, SMK_FSFLOOR) == cp)
 243			dp = smackopts;
 244		else if (strstr(cp, SMK_FSHAT) == cp)
 245			dp = smackopts;
 246		else if (strstr(cp, SMK_FSROOT) == cp)
 247			dp = smackopts;
 248		else
 249			dp = otheropts;
 250
 251		commap = strchr(cp, ',');
 252		if (commap != NULL)
 253			*commap = '\0';
 254
 255		if (*dp != '\0')
 256			strcat(dp, ",");
 257		strcat(dp, cp);
 258	}
 259
 260	strcpy(orig, otheropts);
 261	free_page((unsigned long)otheropts);
 262
 263	return 0;
 264}
 265
 266/**
 267 * smack_sb_kern_mount - Smack specific mount processing
 268 * @sb: the file system superblock
 269 * @flags: the mount flags
 270 * @data: the smack mount options
 271 *
 272 * Returns 0 on success, an error code on failure
 273 */
 274static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 275{
 276	struct dentry *root = sb->s_root;
 277	struct inode *inode = root->d_inode;
 278	struct superblock_smack *sp = sb->s_security;
 279	struct inode_smack *isp;
 280	char *op;
 281	char *commap;
 282	char *nsp;
 283
 284	spin_lock(&sp->smk_sblock);
 285	if (sp->smk_initialized != 0) {
 286		spin_unlock(&sp->smk_sblock);
 287		return 0;
 288	}
 289	sp->smk_initialized = 1;
 290	spin_unlock(&sp->smk_sblock);
 291
 292	for (op = data; op != NULL; op = commap) {
 293		commap = strchr(op, ',');
 294		if (commap != NULL)
 295			*commap++ = '\0';
 296
 297		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
 298			op += strlen(SMK_FSHAT);
 299			nsp = smk_import(op, 0);
 300			if (nsp != NULL)
 301				sp->smk_hat = nsp;
 302		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
 303			op += strlen(SMK_FSFLOOR);
 304			nsp = smk_import(op, 0);
 305			if (nsp != NULL)
 306				sp->smk_floor = nsp;
 307		} else if (strncmp(op, SMK_FSDEFAULT,
 308				   strlen(SMK_FSDEFAULT)) == 0) {
 309			op += strlen(SMK_FSDEFAULT);
 310			nsp = smk_import(op, 0);
 311			if (nsp != NULL)
 312				sp->smk_default = nsp;
 313		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
 314			op += strlen(SMK_FSROOT);
 315			nsp = smk_import(op, 0);
 316			if (nsp != NULL)
 317				sp->smk_root = nsp;
 318		}
 319	}
 320
 321	/*
 322	 * Initialize the root inode.
 323	 */
 324	isp = inode->i_security;
 325	if (isp == NULL)
 326		inode->i_security = new_inode_smack(sp->smk_root);
 327	else
 328		isp->smk_inode = sp->smk_root;
 329
 330	return 0;
 331}
 332
 333/**
 334 * smack_sb_statfs - Smack check on statfs
 335 * @dentry: identifies the file system in question
 336 *
 337 * Returns 0 if current can read the floor of the filesystem,
 338 * and error code otherwise
 339 */
 340static int smack_sb_statfs(struct dentry *dentry)
 341{
 342	struct superblock_smack *sbp = dentry->d_sb->s_security;
 343	int rc;
 344	struct smk_audit_info ad;
 345
 346	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 347	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 348
 349	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
 350	return rc;
 351}
 352
 353/**
 354 * smack_sb_mount - Smack check for mounting
 355 * @dev_name: unused
 356 * @path: mount point
 357 * @type: unused
 358 * @flags: unused
 359 * @data: unused
 360 *
 361 * Returns 0 if current can write the floor of the filesystem
 362 * being mounted on, an error code otherwise.
 363 */
 364static int smack_sb_mount(char *dev_name, struct path *path,
 365			  char *type, unsigned long flags, void *data)
 366{
 367	struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
 368	struct smk_audit_info ad;
 369
 370	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 371	smk_ad_setfield_u_fs_path(&ad, *path);
 372
 373	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 374}
 375
 376/**
 377 * smack_sb_umount - Smack check for unmounting
 378 * @mnt: file system to unmount
 379 * @flags: unused
 380 *
 381 * Returns 0 if current can write the floor of the filesystem
 382 * being unmounted, an error code otherwise.
 383 */
 384static int smack_sb_umount(struct vfsmount *mnt, int flags)
 385{
 386	struct superblock_smack *sbp;
 387	struct smk_audit_info ad;
 388
 389	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 390	smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);
 391	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
 392
 393	sbp = mnt->mnt_sb->s_security;
 394	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 395}
 396
 397/*
 398 * Inode hooks
 399 */
 400
 401/**
 402 * smack_inode_alloc_security - allocate an inode blob
 403 * @inode: the inode in need of a blob
 404 *
 405 * Returns 0 if it gets a blob, -ENOMEM otherwise
 406 */
 407static int smack_inode_alloc_security(struct inode *inode)
 408{
 409	inode->i_security = new_inode_smack(current_security());
 410	if (inode->i_security == NULL)
 411		return -ENOMEM;
 412	return 0;
 413}
 414
 415/**
 416 * smack_inode_free_security - free an inode blob
 417 * @inode: the inode with a blob
 418 *
 419 * Clears the blob pointer in inode
 420 */
 421static void smack_inode_free_security(struct inode *inode)
 422{
 423	kfree(inode->i_security);
 424	inode->i_security = NULL;
 425}
 426
 427/**
 428 * smack_inode_init_security - copy out the smack from an inode
 429 * @inode: the inode
 430 * @dir: unused
 431 * @name: where to put the attribute name
 432 * @value: where to put the attribute value
 433 * @len: where to put the length of the attribute
 434 *
 435 * Returns 0 if it all works out, -ENOMEM if there's no memory
 436 */
 437static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 438				     char **name, void **value, size_t *len)
 439{
 440	char *isp = smk_of_inode(inode);
 441
 442	if (name) {
 443		*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
 444		if (*name == NULL)
 445			return -ENOMEM;
 446	}
 447
 448	if (value) {
 449		*value = kstrdup(isp, GFP_KERNEL);
 450		if (*value == NULL)
 451			return -ENOMEM;
 452	}
 453
 454	if (len)
 455		*len = strlen(isp) + 1;
 456
 457	return 0;
 458}
 459
 460/**
 461 * smack_inode_link - Smack check on link
 462 * @old_dentry: the existing object
 463 * @dir: unused
 464 * @new_dentry: the new object
 465 *
 466 * Returns 0 if access is permitted, an error code otherwise
 467 */
 468static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
 469			    struct dentry *new_dentry)
 470{
 471	char *isp;
 472	struct smk_audit_info ad;
 473	int rc;
 474
 475	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 476	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 477
 478	isp = smk_of_inode(old_dentry->d_inode);
 479	rc = smk_curacc(isp, MAY_WRITE, &ad);
 480
 481	if (rc == 0 && new_dentry->d_inode != NULL) {
 482		isp = smk_of_inode(new_dentry->d_inode);
 483		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 484		rc = smk_curacc(isp, MAY_WRITE, &ad);
 485	}
 486
 487	return rc;
 488}
 489
 490/**
 491 * smack_inode_unlink - Smack check on inode deletion
 492 * @dir: containing directory object
 493 * @dentry: file to unlink
 494 *
 495 * Returns 0 if current can write the containing directory
 496 * and the object, error code otherwise
 497 */
 498static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
 499{
 500	struct inode *ip = dentry->d_inode;
 501	struct smk_audit_info ad;
 502	int rc;
 503
 504	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 505	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 506
 507	/*
 508	 * You need write access to the thing you're unlinking
 509	 */
 510	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
 511	if (rc == 0) {
 512		/*
 513		 * You also need write access to the containing directory
 514		 */
 515		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
 516		smk_ad_setfield_u_fs_inode(&ad, dir);
 517		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 518	}
 519	return rc;
 520}
 521
 522/**
 523 * smack_inode_rmdir - Smack check on directory deletion
 524 * @dir: containing directory object
 525 * @dentry: directory to unlink
 526 *
 527 * Returns 0 if current can write the containing directory
 528 * and the directory, error code otherwise
 529 */
 530static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
 531{
 532	struct smk_audit_info ad;
 533	int rc;
 534
 535	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 536	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 537
 538	/*
 539	 * You need write access to the thing you're removing
 540	 */
 541	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 542	if (rc == 0) {
 543		/*
 544		 * You also need write access to the containing directory
 545		 */
 546		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
 547		smk_ad_setfield_u_fs_inode(&ad, dir);
 548		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 549	}
 550
 551	return rc;
 552}
 553
 554/**
 555 * smack_inode_rename - Smack check on rename
 556 * @old_inode: the old directory
 557 * @old_dentry: unused
 558 * @new_inode: the new directory
 559 * @new_dentry: unused
 560 *
 561 * Read and write access is required on both the old and
 562 * new directories.
 563 *
 564 * Returns 0 if access is permitted, an error code otherwise
 565 */
 566static int smack_inode_rename(struct inode *old_inode,
 567			      struct dentry *old_dentry,
 568			      struct inode *new_inode,
 569			      struct dentry *new_dentry)
 570{
 571	int rc;
 572	char *isp;
 573	struct smk_audit_info ad;
 574
 575	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 576	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 577
 578	isp = smk_of_inode(old_dentry->d_inode);
 579	rc = smk_curacc(isp, MAY_READWRITE, &ad);
 580
 581	if (rc == 0 && new_dentry->d_inode != NULL) {
 582		isp = smk_of_inode(new_dentry->d_inode);
 583		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 584		rc = smk_curacc(isp, MAY_READWRITE, &ad);
 585	}
 586	return rc;
 587}
 588
 589/**
 590 * smack_inode_permission - Smack version of permission()
 591 * @inode: the inode in question
 592 * @mask: the access requested
 593 *
 594 * This is the important Smack hook.
 595 *
 596 * Returns 0 if access is permitted, -EACCES otherwise
 597 */
 598static int smack_inode_permission(struct inode *inode, int mask)
 599{
 600	struct smk_audit_info ad;
 601
 602	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
 603	/*
 604	 * No permission to check. Existence test. Yup, it's there.
 605	 */
 606	if (mask == 0)
 607		return 0;
 608	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 609	smk_ad_setfield_u_fs_inode(&ad, inode);
 610	return smk_curacc(smk_of_inode(inode), mask, &ad);
 611}
 612
 613/**
 614 * smack_inode_setattr - Smack check for setting attributes
 615 * @dentry: the object
 616 * @iattr: for the force flag
 617 *
 618 * Returns 0 if access is permitted, an error code otherwise
 619 */
 620static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 621{
 622	struct smk_audit_info ad;
 623	/*
 624	 * Need to allow for clearing the setuid bit.
 625	 */
 626	if (iattr->ia_valid & ATTR_FORCE)
 627		return 0;
 628	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 629	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 630
 631	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 632}
 633
 634/**
 635 * smack_inode_getattr - Smack check for getting attributes
 636 * @mnt: unused
 637 * @dentry: the object
 638 *
 639 * Returns 0 if access is permitted, an error code otherwise
 640 */
 641static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 642{
 643	struct smk_audit_info ad;
 644
 645	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 646	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 647	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
 648	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 649}
 650
 651/**
 652 * smack_inode_setxattr - Smack check for setting xattrs
 653 * @dentry: the object
 654 * @name: name of the attribute
 655 * @value: unused
 656 * @size: unused
 657 * @flags: unused
 658 *
 659 * This protects the Smack attribute explicitly.
 660 *
 661 * Returns 0 if access is permitted, an error code otherwise
 662 */
 663static int smack_inode_setxattr(struct dentry *dentry, const char *name,
 664				const void *value, size_t size, int flags)
 665{
 666	struct smk_audit_info ad;
 667	int rc = 0;
 668
 669	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 670	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 671	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
 672		if (!capable(CAP_MAC_ADMIN))
 673			rc = -EPERM;
 674		/*
 675		 * check label validity here so import wont fail on
 676		 * post_setxattr
 677		 */
 678		if (size == 0 || size >= SMK_LABELLEN ||
 679		    smk_import(value, size) == NULL)
 680			rc = -EINVAL;
 681	} else
 682		rc = cap_inode_setxattr(dentry, name, value, size, flags);
 683
 684	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 685	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 686
 687	if (rc == 0)
 688		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 689
 690	return rc;
 691}
 692
 693/**
 694 * smack_inode_post_setxattr - Apply the Smack update approved above
 695 * @dentry: object
 696 * @name: attribute name
 697 * @value: attribute value
 698 * @size: attribute size
 699 * @flags: unused
 700 *
 701 * Set the pointer in the inode blob to the entry found
 702 * in the master label list.
 703 */
 704static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
 705				      const void *value, size_t size, int flags)
 706{
 707	struct inode_smack *isp;
 708	char *nsp;
 709
 710	/*
 711	 * Not SMACK
 712	 */
 713	if (strcmp(name, XATTR_NAME_SMACK))
 714		return;
 715
 716	isp = dentry->d_inode->i_security;
 717
 718	/*
 719	 * No locking is done here. This is a pointer
 720	 * assignment.
 721	 */
 722	nsp = smk_import(value, size);
 723	if (nsp != NULL)
 724		isp->smk_inode = nsp;
 725	else
 726		isp->smk_inode = smack_known_invalid.smk_known;
 727
 728	return;
 729}
 730
 731/*
 732 * smack_inode_getxattr - Smack check on getxattr
 733 * @dentry: the object
 734 * @name: unused
 735 *
 736 * Returns 0 if access is permitted, an error code otherwise
 737 */
 738static int smack_inode_getxattr(struct dentry *dentry, const char *name)
 739{
 740	struct smk_audit_info ad;
 741
 742	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 743	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 744
 745	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 746}
 747
 748/*
 749 * smack_inode_removexattr - Smack check on removexattr
 750 * @dentry: the object
 751 * @name: name of the attribute
 752 *
 753 * Removing the Smack attribute requires CAP_MAC_ADMIN
 754 *
 755 * Returns 0 if access is permitted, an error code otherwise
 756 */
 757static int smack_inode_removexattr(struct dentry *dentry, const char *name)
 758{
 759	struct smk_audit_info ad;
 760	int rc = 0;
 761
 762	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 763	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 764	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
 765		if (!capable(CAP_MAC_ADMIN))
 766			rc = -EPERM;
 767	} else
 768		rc = cap_inode_removexattr(dentry, name);
 769
 770	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 771	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 772	if (rc == 0)
 773		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 774
 775	return rc;
 776}
 777
 778/**
 779 * smack_inode_getsecurity - get smack xattrs
 780 * @inode: the object
 781 * @name: attribute name
 782 * @buffer: where to put the result
 783 * @alloc: unused
 784 *
 785 * Returns the size of the attribute or an error code
 786 */
 787static int smack_inode_getsecurity(const struct inode *inode,
 788				   const char *name, void **buffer,
 789				   bool alloc)
 790{
 791	struct socket_smack *ssp;
 792	struct socket *sock;
 793	struct super_block *sbp;
 794	struct inode *ip = (struct inode *)inode;
 795	char *isp;
 796	int ilen;
 797	int rc = 0;
 798
 799	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
 800		isp = smk_of_inode(inode);
 801		ilen = strlen(isp) + 1;
 802		*buffer = isp;
 803		return ilen;
 804	}
 805
 806	/*
 807	 * The rest of the Smack xattrs are only on sockets.
 808	 */
 809	sbp = ip->i_sb;
 810	if (sbp->s_magic != SOCKFS_MAGIC)
 811		return -EOPNOTSUPP;
 812
 813	sock = SOCKET_I(ip);
 814	if (sock == NULL || sock->sk == NULL)
 815		return -EOPNOTSUPP;
 816
 817	ssp = sock->sk->sk_security;
 818
 819	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
 820		isp = ssp->smk_in;
 821	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
 822		isp = ssp->smk_out;
 823	else
 824		return -EOPNOTSUPP;
 825
 826	ilen = strlen(isp) + 1;
 827	if (rc == 0) {
 828		*buffer = isp;
 829		rc = ilen;
 830	}
 831
 832	return rc;
 833}
 834
 835
 836/**
 837 * smack_inode_listsecurity - list the Smack attributes
 838 * @inode: the object
 839 * @buffer: where they go
 840 * @buffer_size: size of buffer
 841 *
 842 * Returns 0 on success, -EINVAL otherwise
 843 */
 844static int smack_inode_listsecurity(struct inode *inode, char *buffer,
 845				    size_t buffer_size)
 846{
 847	int len = strlen(XATTR_NAME_SMACK);
 848
 849	if (buffer != NULL && len <= buffer_size) {
 850		memcpy(buffer, XATTR_NAME_SMACK, len);
 851		return len;
 852	}
 853	return -EINVAL;
 854}
 855
 856/**
 857 * smack_inode_getsecid - Extract inode's security id
 858 * @inode: inode to extract the info from
 859 * @secid: where result will be saved
 860 */
 861static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
 862{
 863	struct inode_smack *isp = inode->i_security;
 864
 865	*secid = smack_to_secid(isp->smk_inode);
 866}
 867
 868/*
 869 * File Hooks
 870 */
 871
 872/**
 873 * smack_file_permission - Smack check on file operations
 874 * @file: unused
 875 * @mask: unused
 876 *
 877 * Returns 0
 878 *
 879 * Should access checks be done on each read or write?
 880 * UNICOS and SELinux say yes.
 881 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
 882 *
 883 * I'll say no for now. Smack does not do the frequent
 884 * label changing that SELinux does.
 885 */
 886static int smack_file_permission(struct file *file, int mask)
 887{
 888	return 0;
 889}
 890
 891/**
 892 * smack_file_alloc_security - assign a file security blob
 893 * @file: the object
 894 *
 895 * The security blob for a file is a pointer to the master
 896 * label list, so no allocation is done.
 897 *
 898 * Returns 0
 899 */
 900static int smack_file_alloc_security(struct file *file)
 901{
 902	file->f_security = current_security();
 903	return 0;
 904}
 905
 906/**
 907 * smack_file_free_security - clear a file security blob
 908 * @file: the object
 909 *
 910 * The security blob for a file is a pointer to the master
 911 * label list, so no memory is freed.
 912 */
 913static void smack_file_free_security(struct file *file)
 914{
 915	file->f_security = NULL;
 916}
 917
 918/**
 919 * smack_file_ioctl - Smack check on ioctls
 920 * @file: the object
 921 * @cmd: what to do
 922 * @arg: unused
 923 *
 924 * Relies heavily on the correct use of the ioctl command conventions.
 925 *
 926 * Returns 0 if allowed, error code otherwise
 927 */
 928static int smack_file_ioctl(struct file *file, unsigned int cmd,
 929			    unsigned long arg)
 930{
 931	int rc = 0;
 932	struct smk_audit_info ad;
 933
 934	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 935	smk_ad_setfield_u_fs_path(&ad, file->f_path);
 936
 937	if (_IOC_DIR(cmd) & _IOC_WRITE)
 938		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
 939
 940	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
 941		rc = smk_curacc(file->f_security, MAY_READ, &ad);
 942
 943	return rc;
 944}
 945
 946/**
 947 * smack_file_lock - Smack check on file locking
 948 * @file: the object
 949 * @cmd: unused
 950 *
 951 * Returns 0 if current has write access, error code otherwise
 952 */
 953static int smack_file_lock(struct file *file, unsigned int cmd)
 954{
 955	struct smk_audit_info ad;
 956
 957	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 958	smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);
 959	return smk_curacc(file->f_security, MAY_WRITE, &ad);
 960}
 961
 962/**
 963 * smack_file_fcntl - Smack check on fcntl
 964 * @file: the object
 965 * @cmd: what action to check
 966 * @arg: unused
 967 *
 968 * Returns 0 if current has access, error code otherwise
 969 */
 970static int smack_file_fcntl(struct file *file, unsigned int cmd,
 971			    unsigned long arg)
 972{
 973	struct smk_audit_info ad;
 974	int rc;
 975
 976	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
 977	smk_ad_setfield_u_fs_path(&ad, file->f_path);
 978
 979	switch (cmd) {
 980	case F_DUPFD:
 981	case F_GETFD:
 982	case F_GETFL:
 983	case F_GETLK:
 984	case F_GETOWN:
 985	case F_GETSIG:
 986		rc = smk_curacc(file->f_security, MAY_READ, &ad);
 987		break;
 988	case F_SETFD:
 989	case F_SETFL:
 990	case F_SETLK:
 991	case F_SETLKW:
 992	case F_SETOWN:
 993	case F_SETSIG:
 994		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
 995		break;
 996	default:
 997		rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);
 998	}
 999
1000	return rc;
1001}
1002
1003/**
1004 * smack_file_set_fowner - set the file security blob value
1005 * @file: object in question
1006 *
1007 * Returns 0
1008 * Further research may be required on this one.
1009 */
1010static int smack_file_set_fowner(struct file *file)
1011{
1012	file->f_security = current_security();
1013	return 0;
1014}
1015
1016/**
1017 * smack_file_send_sigiotask - Smack on sigio
1018 * @tsk: The target task
1019 * @fown: the object the signal come from
1020 * @signum: unused
1021 *
1022 * Allow a privileged task to get signals even if it shouldn't
1023 *
1024 * Returns 0 if a subject with the object's smack could
1025 * write to the task, an error code otherwise.
1026 */
1027static int smack_file_send_sigiotask(struct task_struct *tsk,
1028				     struct fown_struct *fown, int signum)
1029{
1030	struct file *file;
1031	int rc;
1032	char *tsp = tsk->cred->security;
1033	struct smk_audit_info ad;
1034
1035	/*
1036	 * struct fown_struct is never outside the context of a struct file
1037	 */
1038	file = container_of(fown, struct file, f_owner);
1039	/* we don't log here as rc can be overriden */
1040	rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1041	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1042		rc = 0;
1043
1044	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1045	smk_ad_setfield_u_tsk(&ad, tsk);
1046	smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1047	return rc;
1048}
1049
1050/**
1051 * smack_file_receive - Smack file receive check
1052 * @file: the object
1053 *
1054 * Returns 0 if current has access, error code otherwise
1055 */
1056static int smack_file_receive(struct file *file)
1057{
1058	int may = 0;
1059	struct smk_audit_info ad;
1060
1061	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1062	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1063	/*
1064	 * This code relies on bitmasks.
1065	 */
1066	if (file->f_mode & FMODE_READ)
1067		may = MAY_READ;
1068	if (file->f_mode & FMODE_WRITE)
1069		may |= MAY_WRITE;
1070
1071	return smk_curacc(file->f_security, may, &ad);
1072}
1073
1074/*
1075 * Task hooks
1076 */
1077
1078/**
1079 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1080 * @new: the new credentials
1081 * @gfp: the atomicity of any memory allocations
1082 *
1083 * Prepare a blank set of credentials for modification.  This must allocate all
1084 * the memory the LSM module might require such that cred_transfer() can
1085 * complete without error.
1086 */
1087static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1088{
1089	cred->security = NULL;
1090	return 0;
1091}
1092
1093
1094/**
1095 * smack_cred_free - "free" task-level security credentials
1096 * @cred: the credentials in question
1097 *
1098 * Smack isn't using copies of blobs. Everyone
1099 * points to an immutable list. The blobs never go away.
1100 * There is no leak here.
1101 */
1102static void smack_cred_free(struct cred *cred)
1103{
1104	cred->security = NULL;
1105}
1106
1107/**
1108 * smack_cred_prepare - prepare new set of credentials for modification
1109 * @new: the new credentials
1110 * @old: the original credentials
1111 * @gfp: the atomicity of any memory allocations
1112 *
1113 * Prepare a new set of credentials for modification.
1114 */
1115static int smack_cred_prepare(struct cred *new, const struct cred *old,
1116			      gfp_t gfp)
1117{
1118	new->security = old->security;
1119	return 0;
1120}
1121
1122/**
1123 * smack_cred_transfer - Transfer the old credentials to the new credentials
1124 * @new: the new credentials
1125 * @old: the original credentials
1126 *
1127 * Fill in a set of blank credentials from another set of credentials.
1128 */
1129static void smack_cred_transfer(struct cred *new, const struct cred *old)
1130{
1131	new->security = old->security;
1132}
1133
1134/**
1135 * smack_kernel_act_as - Set the subjective context in a set of credentials
1136 * @new: points to the set of credentials to be modified.
1137 * @secid: specifies the security ID to be set
1138 *
1139 * Set the security data for a kernel service.
1140 */
1141static int smack_kernel_act_as(struct cred *new, u32 secid)
1142{
1143	char *smack = smack_from_secid(secid);
1144
1145	if (smack == NULL)
1146		return -EINVAL;
1147
1148	new->security = smack;
1149	return 0;
1150}
1151
1152/**
1153 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1154 * @new: points to the set of credentials to be modified
1155 * @inode: points to the inode to use as a reference
1156 *
1157 * Set the file creation context in a set of credentials to the same
1158 * as the objective context of the specified inode
1159 */
1160static int smack_kernel_create_files_as(struct cred *new,
1161					struct inode *inode)
1162{
1163	struct inode_smack *isp = inode->i_security;
1164
1165	new->security = isp->smk_inode;
1166	return 0;
1167}
1168
1169/**
1170 * smk_curacc_on_task - helper to log task related access
1171 * @p: the task object
1172 * @access : the access requested
1173 *
1174 * Return 0 if access is permitted
1175 */
1176static int smk_curacc_on_task(struct task_struct *p, int access)
1177{
1178	struct smk_audit_info ad;
1179
1180	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1181	smk_ad_setfield_u_tsk(&ad, p);
1182	return smk_curacc(task_security(p), access, &ad);
1183}
1184
1185/**
1186 * smack_task_setpgid - Smack check on setting pgid
1187 * @p: the task object
1188 * @pgid: unused
1189 *
1190 * Return 0 if write access is permitted
1191 */
1192static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1193{
1194	return smk_curacc_on_task(p, MAY_WRITE);
1195}
1196
1197/**
1198 * smack_task_getpgid - Smack access check for getpgid
1199 * @p: the object task
1200 *
1201 * Returns 0 if current can read the object task, error code otherwise
1202 */
1203static int smack_task_getpgid(struct task_struct *p)
1204{
1205	return smk_curacc_on_task(p, MAY_READ);
1206}
1207
1208/**
1209 * smack_task_getsid - Smack access check for getsid
1210 * @p: the object task
1211 *
1212 * Returns 0 if current can read the object task, error code otherwise
1213 */
1214static int smack_task_getsid(struct task_struct *p)
1215{
1216	return smk_curacc_on_task(p, MAY_READ);
1217}
1218
1219/**
1220 * smack_task_getsecid - get the secid of the task
1221 * @p: the object task
1222 * @secid: where to put the result
1223 *
1224 * Sets the secid to contain a u32 version of the smack label.
1225 */
1226static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1227{
1228	*secid = smack_to_secid(task_security(p));
1229}
1230
1231/**
1232 * smack_task_setnice - Smack check on setting nice
1233 * @p: the task object
1234 * @nice: unused
1235 *
1236 * Return 0 if write access is permitted
1237 */
1238static int smack_task_setnice(struct task_struct *p, int nice)
1239{
1240	int rc;
1241
1242	rc = cap_task_setnice(p, nice);
1243	if (rc == 0)
1244		rc = smk_curacc_on_task(p, MAY_WRITE);
1245	return rc;
1246}
1247
1248/**
1249 * smack_task_setioprio - Smack check on setting ioprio
1250 * @p: the task object
1251 * @ioprio: unused
1252 *
1253 * Return 0 if write access is permitted
1254 */
1255static int smack_task_setioprio(struct task_struct *p, int ioprio)
1256{
1257	int rc;
1258
1259	rc = cap_task_setioprio(p, ioprio);
1260	if (rc == 0)
1261		rc = smk_curacc_on_task(p, MAY_WRITE);
1262	return rc;
1263}
1264
1265/**
1266 * smack_task_getioprio - Smack check on reading ioprio
1267 * @p: the task object
1268 *
1269 * Return 0 if read access is permitted
1270 */
1271static int smack_task_getioprio(struct task_struct *p)
1272{
1273	return smk_curacc_on_task(p, MAY_READ);
1274}
1275
1276/**
1277 * smack_task_setscheduler - Smack check on setting scheduler
1278 * @p: the task object
1279 * @policy: unused
1280 * @lp: unused
1281 *
1282 * Return 0 if read access is permitted
1283 */
1284static int smack_task_setscheduler(struct task_struct *p)
1285{
1286	int rc;
1287
1288	rc = cap_task_setscheduler(p);
1289	if (rc == 0)
1290		rc = smk_curacc_on_task(p, MAY_WRITE);
1291	return rc;
1292}
1293
1294/**
1295 * smack_task_getscheduler - Smack check on reading scheduler
1296 * @p: the task object
1297 *
1298 * Return 0 if read access is permitted
1299 */
1300static int smack_task_getscheduler(struct task_struct *p)
1301{
1302	return smk_curacc_on_task(p, MAY_READ);
1303}
1304
1305/**
1306 * smack_task_movememory - Smack check on moving memory
1307 * @p: the task object
1308 *
1309 * Return 0 if write access is permitted
1310 */
1311static int smack_task_movememory(struct task_struct *p)
1312{
1313	return smk_curacc_on_task(p, MAY_WRITE);
1314}
1315
1316/**
1317 * smack_task_kill - Smack check on signal delivery
1318 * @p: the task object
1319 * @info: unused
1320 * @sig: unused
1321 * @secid: identifies the smack to use in lieu of current's
1322 *
1323 * Return 0 if write access is permitted
1324 *
1325 * The secid behavior is an artifact of an SELinux hack
1326 * in the USB code. Someday it may go away.
1327 */
1328static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1329			   int sig, u32 secid)
1330{
1331	struct smk_audit_info ad;
1332
1333	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1334	smk_ad_setfield_u_tsk(&ad, p);
1335	/*
1336	 * Sending a signal requires that the sender
1337	 * can write the receiver.
1338	 */
1339	if (secid == 0)
1340		return smk_curacc(task_security(p), MAY_WRITE, &ad);
1341	/*
1342	 * If the secid isn't 0 we're dealing with some USB IO
1343	 * specific behavior. This is not clean. For one thing
1344	 * we can't take privilege into account.
1345	 */
1346	return smk_access(smack_from_secid(secid), task_security(p),
1347			  MAY_WRITE, &ad);
1348}
1349
1350/**
1351 * smack_task_wait - Smack access check for waiting
1352 * @p: task to wait for
1353 *
1354 * Returns 0 if current can wait for p, error code otherwise
1355 */
1356static int smack_task_wait(struct task_struct *p)
1357{
1358	struct smk_audit_info ad;
1359	char *sp = current_security();
1360	char *tsp = task_security(p);
1361	int rc;
1362
1363	/* we don't log here, we can be overriden */
1364	rc = smk_access(sp, tsp, MAY_WRITE, NULL);
1365	if (rc == 0)
1366		goto out_log;
1367
1368	/*
1369	 * Allow the operation to succeed if either task
1370	 * has privilege to perform operations that might
1371	 * account for the smack labels having gotten to
1372	 * be different in the first place.
1373	 *
1374	 * This breaks the strict subject/object access
1375	 * control ideal, taking the object's privilege
1376	 * state into account in the decision as well as
1377	 * the smack value.
1378	 */
1379	if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
1380		rc = 0;
1381	/* we log only if we didn't get overriden */
1382 out_log:
1383	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1384	smk_ad_setfield_u_tsk(&ad, p);
1385	smack_log(sp, tsp, MAY_WRITE, rc, &ad);
1386	return rc;
1387}
1388
1389/**
1390 * smack_task_to_inode - copy task smack into the inode blob
1391 * @p: task to copy from
1392 * @inode: inode to copy to
1393 *
1394 * Sets the smack pointer in the inode security blob
1395 */
1396static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1397{
1398	struct inode_smack *isp = inode->i_security;
1399	isp->smk_inode = task_security(p);
1400}
1401
1402/*
1403 * Socket hooks.
1404 */
1405
1406/**
1407 * smack_sk_alloc_security - Allocate a socket blob
1408 * @sk: the socket
1409 * @family: unused
1410 * @gfp_flags: memory allocation flags
1411 *
1412 * Assign Smack pointers to current
1413 *
1414 * Returns 0 on success, -ENOMEM is there's no memory
1415 */
1416static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1417{
1418	char *csp = current_security();
1419	struct socket_smack *ssp;
1420
1421	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1422	if (ssp == NULL)
1423		return -ENOMEM;
1424
1425	ssp->smk_in = csp;
1426	ssp->smk_out = csp;
1427	ssp->smk_packet[0] = '\0';
1428
1429	sk->sk_security = ssp;
1430
1431	return 0;
1432}
1433
1434/**
1435 * smack_sk_free_security - Free a socket blob
1436 * @sk: the socket
1437 *
1438 * Clears the blob pointer
1439 */
1440static void smack_sk_free_security(struct sock *sk)
1441{
1442	kfree(sk->sk_security);
1443}
1444
1445/**
1446* smack_host_label - check host based restrictions
1447* @sip: the object end
1448*
1449* looks for host based access restrictions
1450*
1451* This version will only be appropriate for really small sets of single label
1452* hosts.  The caller is responsible for ensuring that the RCU read lock is
1453* taken before calling this function.
1454*
1455* Returns the label of the far end or NULL if it's not special.
1456*/
1457static char *smack_host_label(struct sockaddr_in *sip)
1458{
1459	struct smk_netlbladdr *snp;
1460	struct in_addr *siap = &sip->sin_addr;
1461
1462	if (siap->s_addr == 0)
1463		return NULL;
1464
1465	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1466		/*
1467		* we break after finding the first match because
1468		* the list is sorted from longest to shortest mask
1469		* so we have found the most specific match
1470		*/
1471		if ((&snp->smk_host.sin_addr)->s_addr ==
1472		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1473			/* we have found the special CIPSO option */
1474			if (snp->smk_label == smack_cipso_option)
1475				return NULL;
1476			return snp->smk_label;
1477		}
1478
1479	return NULL;
1480}
1481
1482/**
1483 * smack_set_catset - convert a capset to netlabel mls categories
1484 * @catset: the Smack categories
1485 * @sap: where to put the netlabel categories
1486 *
1487 * Allocates and fills attr.mls.cat
1488 */
1489static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1490{
1491	unsigned char *cp;
1492	unsigned char m;
1493	int cat;
1494	int rc;
1495	int byte;
1496
1497	if (!catset)
1498		return;
1499
1500	sap->flags |= NETLBL_SECATTR_MLS_CAT;
1501	sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1502	sap->attr.mls.cat->startbit = 0;
1503
1504	for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1505		for (m = 0x80; m != 0; m >>= 1, cat++) {
1506			if ((m & *cp) == 0)
1507				continue;
1508			rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1509							  cat, GFP_ATOMIC);
1510		}
1511}
1512
1513/**
1514 * smack_to_secattr - fill a secattr from a smack value
1515 * @smack: the smack value
1516 * @nlsp: where the result goes
1517 *
1518 * Casey says that CIPSO is good enough for now.
1519 * It can be used to effect.
1520 * It can also be abused to effect when necessary.
1521 * Appologies to the TSIG group in general and GW in particular.
1522 */
1523static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1524{
1525	struct smack_cipso cipso;
1526	int rc;
1527
1528	nlsp->domain = smack;
1529	nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
1530
1531	rc = smack_to_cipso(smack, &cipso);
1532	if (rc == 0) {
1533		nlsp->attr.mls.lvl = cipso.smk_level;
1534		smack_set_catset(cipso.smk_catset, nlsp);
1535	} else {
1536		nlsp->attr.mls.lvl = smack_cipso_direct;
1537		smack_set_catset(smack, nlsp);
1538	}
1539}
1540
1541/**
1542 * smack_netlabel - Set the secattr on a socket
1543 * @sk: the socket
1544 * @labeled: socket label scheme
1545 *
1546 * Convert the outbound smack value (smk_out) to a
1547 * secattr and attach it to the socket.
1548 *
1549 * Returns 0 on success or an error code
1550 */
1551static int smack_netlabel(struct sock *sk, int labeled)
1552{
1553	struct socket_smack *ssp = sk->sk_security;
1554	struct netlbl_lsm_secattr secattr;
1555	int rc = 0;
1556
1557	/*
1558	 * Usually the netlabel code will handle changing the
1559	 * packet labeling based on the label.
1560	 * The case of a single label host is different, because
1561	 * a single label host should never get a labeled packet
1562	 * even though the label is usually associated with a packet
1563	 * label.
1564	 */
1565	local_bh_disable();
1566	bh_lock_sock_nested(sk);
1567
1568	if (ssp->smk_out == smack_net_ambient ||
1569	    labeled == SMACK_UNLABELED_SOCKET)
1570		netlbl_sock_delattr(sk);
1571	else {
1572		netlbl_secattr_init(&secattr);
1573		smack_to_secattr(ssp->smk_out, &secattr);
1574		rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);
1575		netlbl_secattr_destroy(&secattr);
1576	}
1577
1578	bh_unlock_sock(sk);
1579	local_bh_enable();
1580
1581	return rc;
1582}
1583
1584/**
1585 * smack_netlbel_send - Set the secattr on a socket and perform access checks
1586 * @sk: the socket
1587 * @sap: the destination address
1588 *
1589 * Set the correct secattr for the given socket based on the destination
1590 * address and perform any outbound access checks needed.
1591 *
1592 * Returns 0 on success or an error code.
1593 *
1594 */
1595static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1596{
1597	int rc;
1598	int sk_lbl;
1599	char *hostsp;
1600	struct socket_smack *ssp = sk->sk_security;
1601	struct smk_audit_info ad;
1602
1603	rcu_read_lock();
1604	hostsp = smack_host_label(sap);
1605	if (hostsp != NULL) {
1606		sk_lbl = SMACK_UNLABELED_SOCKET;
1607#ifdef CONFIG_AUDIT
1608		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
1609		ad.a.u.net.family = sap->sin_family;
1610		ad.a.u.net.dport = sap->sin_port;
1611		ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;
1612#endif
1613		rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1614	} else {
1615		sk_lbl = SMACK_CIPSO_SOCKET;
1616		rc = 0;
1617	}
1618	rcu_read_unlock();
1619	if (rc != 0)
1620		return rc;
1621
1622	return smack_netlabel(sk, sk_lbl);
1623}
1624
1625/**
1626 * smack_inode_setsecurity - set smack xattrs
1627 * @inode: the object
1628 * @name: attribute name
1629 * @value: attribute value
1630 * @size: size of the attribute
1631 * @flags: unused
1632 *
1633 * Sets the named attribute in the appropriate blob
1634 *
1635 * Returns 0 on success, or an error code
1636 */
1637static int smack_inode_setsecurity(struct inode *inode, const char *name,
1638				   const void *value, size_t size, int flags)
1639{
1640	char *sp;
1641	struct inode_smack *nsp = inode->i_security;
1642	struct socket_smack *ssp;
1643	struct socket *sock;
1644	int rc = 0;
1645
1646	if (value == NULL || size > SMK_LABELLEN || size == 0)
1647		return -EACCES;
1648
1649	sp = smk_import(value, size);
1650	if (sp == NULL)
1651		return -EINVAL;
1652
1653	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1654		nsp->smk_inode = sp;
1655		nsp->smk_flags |= SMK_INODE_INSTANT;
1656		return 0;
1657	}
1658	/*
1659	 * The rest of the Smack xattrs are only on sockets.
1660	 */
1661	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1662		return -EOPNOTSUPP;
1663
1664	sock = SOCKET_I(inode);
1665	if (sock == NULL || sock->sk == NULL)
1666		return -EOPNOTSUPP;
1667
1668	ssp = sock->sk->sk_security;
1669
1670	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1671		ssp->smk_in = sp;
1672	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1673		ssp->smk_out = sp;
1674		rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1675		if (rc != 0)
1676			printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
1677			       __func__, -rc);
1678	} else
1679		return -EOPNOTSUPP;
1680
1681	return 0;
1682}
1683
1684/**
1685 * smack_socket_post_create - finish socket setup
1686 * @sock: the socket
1687 * @family: protocol family
1688 * @type: unused
1689 * @protocol: unused
1690 * @kern: unused
1691 *
1692 * Sets the netlabel information on the socket
1693 *
1694 * Returns 0 on success, and error code otherwise
1695 */
1696static int smack_socket_post_create(struct socket *sock, int family,
1697				    int type, int protocol, int kern)
1698{
1699	if (family != PF_INET || sock->sk == NULL)
1700		return 0;
1701	/*
1702	 * Set the outbound netlbl.
1703	 */
1704	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1705}
1706
1707/**
1708 * smack_socket_connect - connect access check
1709 * @sock: the socket
1710 * @sap: the other end
1711 * @addrlen: size of sap
1712 *
1713 * Verifies that a connection may be possible
1714 *
1715 * Returns 0 on success, and error code otherwise
1716 */
1717static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
1718				int addrlen)
1719{
1720	if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
1721		return 0;
1722	if (addrlen < sizeof(struct sockaddr_in))
1723		return -EINVAL;
1724
1725	return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
1726}
1727
1728/**
1729 * smack_flags_to_may - convert S_ to MAY_ values
1730 * @flags: the S_ value
1731 *
1732 * Returns the equivalent MAY_ value
1733 */
1734static int smack_flags_to_may(int flags)
1735{
1736	int may = 0;
1737
1738	if (flags & S_IRUGO)
1739		may |= MAY_READ;
1740	if (flags & S_IWUGO)
1741		may |= MAY_WRITE;
1742	if (flags & S_IXUGO)
1743		may |= MAY_EXEC;
1744
1745	return may;
1746}
1747
1748/**
1749 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
1750 * @msg: the object
1751 *
1752 * Returns 0
1753 */
1754static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1755{
1756	msg->security = current_security();
1757	return 0;
1758}
1759
1760/**
1761 * smack_msg_msg_free_security - Clear the security blob for msg_msg
1762 * @msg: the object
1763 *
1764 * Clears the blob pointer
1765 */
1766static void smack_msg_msg_free_security(struct msg_msg *msg)
1767{
1768	msg->security = NULL;
1769}
1770
1771/**
1772 * smack_of_shm - the smack pointer for the shm
1773 * @shp: the object
1774 *
1775 * Returns a pointer to the smack value
1776 */
1777static char *smack_of_shm(struct shmid_kernel *shp)
1778{
1779	return (char *)shp->shm_perm.security;
1780}
1781
1782/**
1783 * smack_shm_alloc_security - Set the security blob for shm
1784 * @shp: the object
1785 *
1786 * Returns 0
1787 */
1788static int smack_shm_alloc_security(struct shmid_kernel *shp)
1789{
1790	struct kern_ipc_perm *isp = &shp->shm_perm;
1791
1792	isp->security = current_security();
1793	return 0;
1794}
1795
1796/**
1797 * smack_shm_free_security - Clear the security blob for shm
1798 * @shp: the object
1799 *
1800 * Clears the blob pointer
1801 */
1802static void smack_shm_free_security(struct shmid_kernel *shp)
1803{
1804	struct kern_ipc_perm *isp = &shp->shm_perm;
1805
1806	isp->security = NULL;
1807}
1808
1809/**
1810 * smk_curacc_shm : check if current has access on shm
1811 * @shp : the object
1812 * @access : access requested
1813 *
1814 * Returns 0 if current has the requested access, error code otherwise
1815 */
1816static int smk_curacc_shm(struct shmid_kernel *shp, int access)
1817{
1818	char *ssp = smack_of_shm(shp);
1819	struct smk_audit_info ad;
1820
1821#ifdef CONFIG_AUDIT
1822	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1823	ad.a.u.ipc_id = shp->shm_perm.id;
1824#endif
1825	return smk_curacc(ssp, access, &ad);
1826}
1827
1828/**
1829 * smack_shm_associate - Smack access check for shm
1830 * @shp: the object
1831 * @shmflg: access requested
1832 *
1833 * Returns 0 if current has the requested access, error code otherwise
1834 */
1835static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1836{
1837	int may;
1838
1839	may = smack_flags_to_may(shmflg);
1840	return smk_curacc_shm(shp, may);
1841}
1842
1843/**
1844 * smack_shm_shmctl - Smack access check for shm
1845 * @shp: the object
1846 * @cmd: what it wants to do
1847 *
1848 * Returns 0 if current has the requested access, error code otherwise
1849 */
1850static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1851{
1852	int may;
1853
1854	switch (cmd) {
1855	case IPC_STAT:
1856	case SHM_STAT:
1857		may = MAY_READ;
1858		break;
1859	case IPC_SET:
1860	case SHM_LOCK:
1861	case SHM_UNLOCK:
1862	case IPC_RMID:
1863		may = MAY_READWRITE;
1864		break;
1865	case IPC_INFO:
1866	case SHM_INFO:
1867		/*
1868		 * System level information.
1869		 */
1870		return 0;
1871	default:
1872		return -EINVAL;
1873	}
1874	return smk_curacc_shm(shp, may);
1875}
1876
1877/**
1878 * smack_shm_shmat - Smack access for shmat
1879 * @shp: the object
1880 * @shmaddr: unused
1881 * @shmflg: access requested
1882 *
1883 * Returns 0 if current has the requested access, error code otherwise
1884 */
1885static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
1886			   int shmflg)
1887{
1888	int may;
1889
1890	may = smack_flags_to_may(shmflg);
1891	return smk_curacc_shm(shp, may);
1892}
1893
1894/**
1895 * smack_of_sem - the smack pointer for the sem
1896 * @sma: the object
1897 *
1898 * Returns a pointer to the smack value
1899 */
1900static char *smack_of_sem(struct sem_array *sma)
1901{
1902	return (char *)sma->sem_perm.security;
1903}
1904
1905/**
1906 * smack_sem_alloc_security - Set the security blob for sem
1907 * @sma: the object
1908 *
1909 * Returns 0
1910 */
1911static int smack_sem_alloc_security(struct sem_array *sma)
1912{
1913	struct kern_ipc_perm *isp = &sma->sem_perm;
1914
1915	isp->security = current_security();
1916	return 0;
1917}
1918
1919/**
1920 * smack_sem_free_security - Clear the security blob for sem
1921 * @sma: the object
1922 *
1923 * Clears the blob pointer
1924 */
1925static void smack_sem_free_security(struct sem_array *sma)
1926{
1927	struct kern_ipc_perm *isp = &sma->sem_perm;
1928
1929	isp->security = NULL;
1930}
1931
1932/**
1933 * smk_curacc_sem : check if current has access on sem
1934 * @sma : the object
1935 * @access : access requested
1936 *
1937 * Returns 0 if current has the requested access, error code otherwise
1938 */
1939static int smk_curacc_sem(struct sem_array *sma, int access)
1940{
1941	char *ssp = smack_of_sem(sma);
1942	struct smk_audit_info ad;
1943
1944#ifdef CONFIG_AUDIT
1945	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1946	ad.a.u.ipc_id = sma->sem_perm.id;
1947#endif
1948	return smk_curacc(ssp, access, &ad);
1949}
1950
1951/**
1952 * smack_sem_associate - Smack access check for sem
1953 * @sma: the object
1954 * @semflg: access requested
1955 *
1956 * Returns 0 if current has the requested access, error code otherwise
1957 */
1958static int smack_sem_associate(struct sem_array *sma, int semflg)
1959{
1960	int may;
1961
1962	may = smack_flags_to_may(semflg);
1963	return smk_curacc_sem(sma, may);
1964}
1965
1966/**
1967 * smack_sem_shmctl - Smack access check for sem
1968 * @sma: the object
1969 * @cmd: what it wants to do
1970 *
1971 * Returns 0 if current has the requested access, error code otherwise
1972 */
1973static int smack_sem_semctl(struct sem_array *sma, int cmd)
1974{
1975	int may;
1976
1977	switch (cmd) {
1978	case GETPID:
1979	case GETNCNT:
1980	case GETZCNT:
1981	case GETVAL:
1982	case GETALL:
1983	case IPC_STAT:
1984	case SEM_STAT:
1985		may = MAY_READ;
1986		break;
1987	case SETVAL:
1988	case SETALL:
1989	case IPC_RMID:
1990	case IPC_SET:
1991		may = MAY_READWRITE;
1992		break;
1993	case IPC_INFO:
1994	case SEM_INFO:
1995		/*
1996		 * System level information
1997		 */
1998		return 0;
1999	default:
2000		return -EINVAL;
2001	}
2002
2003	return smk_curacc_sem(sma, may);
2004}
2005
2006/**
2007 * smack_sem_semop - Smack checks of semaphore operations
2008 * @sma: the object
2009 * @sops: unused
2010 * @nsops: unused
2011 * @alter: unused
2012 *
2013 * Treated as read and write in all cases.
2014 *
2015 * Returns 0 if access is allowed, error code otherwise
2016 */
2017static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2018			   unsigned nsops, int alter)
2019{
2020	return smk_curacc_sem(sma, MAY_READWRITE);
2021}
2022
2023/**
2024 * smack_msg_alloc_security - Set the security blob for msg
2025 * @msq: the object
2026 *
2027 * Returns 0
2028 */
2029static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2030{
2031	struct kern_ipc_perm *kisp = &msq->q_perm;
2032
2033	kisp->security = current_security();
2034	return 0;
2035}
2036
2037/**
2038 * smack_msg_free_security - Clear the security blob for msg
2039 * @msq: the object
2040 *
2041 * Clears the blob pointer
2042 */
2043static void smack_msg_queue_free_security(struct msg_queue *msq)
2044{
2045	struct kern_ipc_perm *kisp = &msq->q_perm;
2046
2047	kisp->security = NULL;
2048}
2049
2050/**
2051 * smack_of_msq - the smack pointer for the msq
2052 * @msq: the object
2053 *
2054 * Returns a pointer to the smack value
2055 */
2056static char *smack_of_msq(struct msg_queue *msq)
2057{
2058	return (char *)msq->q_perm.security;
2059}
2060
2061/**
2062 * smk_curacc_msq : helper to check if current has access on msq
2063 * @msq : the msq
2064 * @access : access requested
2065 *
2066 * return 0 if current has access, error otherwise
2067 */
2068static int smk_curacc_msq(struct msg_queue *msq, int access)
2069{
2070	char *msp = smack_of_msq(msq);
2071	struct smk_audit_info ad;
2072
2073#ifdef CONFIG_AUDIT
2074	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2075	ad.a.u.ipc_id = msq->q_perm.id;
2076#endif
2077	return smk_curacc(msp, access, &ad);
2078}
2079
2080/**
2081 * smack_msg_queue_associate - Smack access check for msg_queue
2082 * @msq: the object
2083 * @msqflg: access requested
2084 *
2085 * Returns 0 if current has the requested access, error code otherwise
2086 */
2087static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2088{
2089	int may;
2090
2091	may = smack_flags_to_may(msqflg);
2092	return smk_curacc_msq(msq, may);
2093}
2094
2095/**
2096 * smack_msg_queue_msgctl - Smack access check for msg_queue
2097 * @msq: the object
2098 * @cmd: what it wants to do
2099 *
2100 * Returns 0 if current has the requested access, error code otherwise
2101 */
2102static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2103{
2104	int may;
2105
2106	switch (cmd) {
2107	case IPC_STAT:
2108	case MSG_STAT:
2109		may = MAY_READ;
2110		break;
2111	case IPC_SET:
2112	case IPC_RMID:
2113		may = MAY_READWRITE;
2114		break;
2115	case IPC_INFO:
2116	case MSG_INFO:
2117		/*
2118		 * System level information
2119		 */
2120		return 0;
2121	default:
2122		return -EINVAL;
2123	}
2124
2125	return smk_curacc_msq(msq, may);
2126}
2127
2128/**
2129 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2130 * @msq: the object
2131 * @msg: unused
2132 * @msqflg: access requested
2133 *
2134 * Returns 0 if current has the requested access, error code otherwise
2135 */
2136static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2137				  int msqflg)
2138{
2139	int may;
2140
2141	may = smack_flags_to_may(msqflg);
2142	return smk_curacc_msq(msq, may);
2143}
2144
2145/**
2146 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2147 * @msq: the object
2148 * @msg: unused
2149 * @target: unused
2150 * @type: unused
2151 * @mode: unused
2152 *
2153 * Returns 0 if current has read and write access, error code otherwise
2154 */
2155static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2156			struct task_struct *target, long type, int mode)
2157{
2158	return smk_curacc_msq(msq, MAY_READWRITE);
2159}
2160
2161/**
2162 * smack_ipc_permission - Smack access for ipc_permission()
2163 * @ipp: the object permissions
2164 * @flag: access requested
2165 *
2166 * Returns 0 if current has read and write access, error code otherwise
2167 */
2168static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2169{
2170	char *isp = ipp->security;
2171	int may = smack_flags_to_may(flag);
2172	struct smk_audit_info ad;
2173
2174#ifdef CONFIG_AUDIT
2175	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2176	ad.a.u.ipc_id = ipp->id;
2177#endif
2178	return smk_curacc(isp, may, &ad);
2179}
2180
2181/**
2182 * smack_ipc_getsecid - Extract smack security id
2183 * @ipp: the object permissions
2184 * @secid: where result will be saved
2185 */
2186static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2187{
2188	char *smack = ipp->security;
2189
2190	*secid = smack_to_secid(smack);
2191}
2192
2193/**
2194 * smack_d_instantiate - Make sure the blob is correct on an inode
2195 * @opt_dentry: dentry where inode will be attached
2196 * @inode: the object
2197 *
2198 * Set the inode's security blob if it hasn't been done already.
2199 */
2200static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2201{
2202	struct super_block *sbp;
2203	struct superblock_smack *sbsp;
2204	struct inode_smack *isp;
2205	char *csp = current_security();
2206	char *fetched;
2207	char *final;
2208	struct dentry *dp;
2209
2210	if (inode == NULL)
2211		return;
2212
2213	isp = inode->i_security;
2214
2215	mutex_lock(&isp->smk_lock);
2216	/*
2217	 * If the inode is already instantiated
2218	 * take the quick way out
2219	 */
2220	if (isp->smk_flags & SMK_INODE_INSTANT)
2221		goto unlockandout;
2222
2223	sbp = inode->i_sb;
2224	sbsp = sbp->s_security;
2225	/*
2226	 * We're going to use the superblock default label
2227	 * if there's no label on the file.
2228	 */
2229	final = sbsp->smk_default;
2230
2231	/*
2232	 * If this is the root inode the superblock
2233	 * may be in the process of initialization.
2234	 * If that is the case use the root value out
2235	 * of the superblock.
2236	 */
2237	if (opt_dentry->d_parent == opt_dentry) {
2238		isp->smk_inode = sbsp->smk_root;
2239		isp->smk_flags |= SMK_INODE_INSTANT;
2240		goto unlockandout;
2241	}
2242
2243	/*
2244	 * This is pretty hackish.
2245	 * Casey says that we shouldn't have to do
2246	 * file system specific code, but it does help
2247	 * with keeping it simple.
2248	 */
2249	switch (sbp->s_magic) {
2250	case SMACK_MAGIC:
2251		/*
2252		 * Casey says that it's a little embarassing
2253		 * that the smack file system doesn't do
2254		 * extended attributes.
2255		 */
2256		final = smack_known_star.smk_known;
2257		break;
2258	case PIPEFS_MAGIC:
2259		/*
2260		 * Casey says pipes are easy (?)
2261		 */
2262		final = smack_known_star.smk_known;
2263		break;
2264	case DEVPTS_SUPER_MAGIC:
2265		/*
2266		 * devpts seems content with the label of the task.
2267		 * Programs that change smack have to treat the
2268		 * pty with respect.
2269		 */
2270		final = csp;
2271		break;
2272	case SOCKFS_MAGIC:
2273		/*
2274		 * Casey says sockets get the smack of the task.
2275		 */
2276		final = csp;
2277		break;
2278	case PROC_SUPER_MAGIC:
2279		/*
2280		 * Casey says procfs appears not to care.
2281		 * The superblock default suffices.
2282		 */
2283		break;
2284	case TMPFS_MAGIC:
2285		/*
2286		 * Device labels should come from the filesystem,
2287		 * but watch out, because they're volitile,
2288		 * getting recreated on every reboot.
2289		 */
2290		final = smack_known_star.smk_known;
2291		/*
2292		 * No break.
2293		 *
2294		 * If a smack value has been set we want to use it,
2295		 * but since tmpfs isn't giving us the opportunity
2296		 * to set mount options simulate setting the
2297		 * superblock default.
2298		 */
2299	default:
2300		/*
2301		 * This isn't an understood special case.
2302		 * Get the value from the xattr.
2303		 *
2304		 * No xattr support means, alas, no SMACK label.
2305		 * Use the aforeapplied default.
2306		 * It would be curious if the label of the task
2307		 * does not match that assigned.
2308		 */
2309		if (inode->i_op->getxattr == NULL)
2310			break;
2311		/*
2312		 * Get the dentry for xattr.
2313		 */
2314		dp = dget(opt_dentry);
2315		fetched = smk_fetch(inode, dp);
2316		if (fetched != NULL)
2317			final = fetched;
2318		dput(dp);
2319		break;
2320	}
2321
2322	if (final == NULL)
2323		isp->smk_inode = csp;
2324	else
2325		isp->smk_inode = final;
2326
2327	isp->smk_flags |= SMK_INODE_INSTANT;
2328
2329unlockandout:
2330	mutex_unlock(&isp->smk_lock);
2331	return;
2332}
2333
2334/**
2335 * smack_getprocattr - Smack process attribute access
2336 * @p: the object task
2337 * @name: the name of the attribute in /proc/.../attr
2338 * @value: where to put the result
2339 *
2340 * Places a copy of the task Smack into value
2341 *
2342 * Returns the length of the smack label or an error code
2343 */
2344static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2345{
2346	char *cp;
2347	int slen;
2348
2349	if (strcmp(name, "current") != 0)
2350		return -EINVAL;
2351
2352	cp = kstrdup(task_security(p), GFP_KERNEL);
2353	if (cp == NULL)
2354		return -ENOMEM;
2355
2356	slen = strlen(cp);
2357	*value = cp;
2358	return slen;
2359}
2360
2361/**
2362 * smack_setprocattr - Smack process attribute setting
2363 * @p: the object task
2364 * @name: the name of the attribute in /proc/.../attr
2365 * @value: the value to set
2366 * @size: the size of the value
2367 *
2368 * Sets the Smack value of the task. Only setting self
2369 * is permitted and only with privilege
2370 *
2371 * Returns the length of the smack label or an error code
2372 */
2373static int smack_setprocattr(struct task_struct *p, char *name,
2374			     void *value, size_t size)
2375{
2376	struct cred *new;
2377	char *newsmack;
2378
2379	/*
2380	 * Changing another process' Smack value is too dangerous
2381	 * and supports no sane use case.
2382	 */
2383	if (p != current)
2384		return -EPERM;
2385
2386	if (!capable(CAP_MAC_ADMIN))
2387		return -EPERM;
2388
2389	if (value == NULL || size == 0 || size >= SMK_LABELLEN)
2390		return -EINVAL;
2391
2392	if (strcmp(name, "current") != 0)
2393		return -EINVAL;
2394
2395	newsmack = smk_import(value, size);
2396	if (newsmack == NULL)
2397		return -EINVAL;
2398
2399	/*
2400	 * No process is ever allowed the web ("@") label.
2401	 */
2402	if (newsmack == smack_known_web.smk_known)
2403		return -EPERM;
2404
2405	new = prepare_creds();
2406	if (new == NULL)
2407		return -ENOMEM;
2408	new->security = newsmack;
2409	commit_creds(new);
2410	return size;
2411}
2412
2413/**
2414 * smack_unix_stream_connect - Smack access on UDS
2415 * @sock: one socket
2416 * @other: the other socket
2417 * @newsk: unused
2418 *
2419 * Return 0 if a subject with the smack of sock could access
2420 * an object with the smack of other, otherwise an error code
2421 */
2422static int smack_unix_stream_connect(struct socket *sock,
2423				     struct socket *other, struct sock *newsk)
2424{
2425	struct inode *sp = SOCK_INODE(sock);
2426	struct inode *op = SOCK_INODE(other);
2427	struct smk_audit_info ad;
2428
2429	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2430	smk_ad_setfield_u_net_sk(&ad, other->sk);
2431	return smk_access(smk_of_inode(sp), smk_of_inode(op),
2432				 MAY_READWRITE, &ad);
2433}
2434
2435/**
2436 * smack_unix_may_send - Smack access on UDS
2437 * @sock: one socket
2438 * @other: the other socket
2439 *
2440 * Return 0 if a subject with the smack of sock could access
2441 * an object with the smack of other, otherwise an error code
2442 */
2443static int smack_unix_may_send(struct socket *sock, struct socket *other)
2444{
2445	struct inode *sp = SOCK_INODE(sock);
2446	struct inode *op = SOCK_INODE(other);
2447	struct smk_audit_info ad;
2448
2449	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2450	smk_ad_setfield_u_net_sk(&ad, other->sk);
2451	return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad);
2452}
2453
2454/**
2455 * smack_socket_sendmsg - Smack check based on destination host
2456 * @sock: the socket
2457 * @msg: the message
2458 * @size: the size of the message
2459 *
2460 * Return 0 if the current subject can write to the destination
2461 * host. This is only a question if the destination is a single
2462 * label host.
2463 */
2464static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2465				int size)
2466{
2467	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
2468
2469	/*
2470	 * Perfectly reasonable for this to be NULL
2471	 */
2472	if (sip == NULL || sip->sin_family != AF_INET)
2473		return 0;
2474
2475	return smack_netlabel_send(sock->sk, sip);
2476}
2477
2478
2479/**
2480 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2481 * @sap: netlabel secattr
2482 * @sip: where to put the result
2483 *
2484 * Copies a smack label into sip
2485 */
2486static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip)
2487{
2488	char smack[SMK_LABELLEN];
2489	char *sp;
2490	int pcat;
2491
2492	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2493		/*
2494		 * Looks like a CIPSO packet.
2495		 * If there are flags but no level netlabel isn't
2496		 * behaving the way we expect it to.
2497		 *
2498		 * Get the categories, if any
2499		 * Without guidance regarding the smack value
2500		 * for the packet fall back on the network
2501		 * ambient value.
2502		 */
2503		memset(smack, '\0', SMK_LABELLEN);
2504		if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2505			for (pcat = -1;;) {
2506				pcat = netlbl_secattr_catmap_walk(
2507					sap->attr.mls.cat, pcat + 1);
2508				if (pcat < 0)
2509					break;
2510				smack_catset_bit(pcat, smack);
2511			}
2512		/*
2513		 * If it is CIPSO using smack direct mapping
2514		 * we are already done. WeeHee.
2515		 */
2516		if (sap->attr.mls.lvl == smack_cipso_direct) {
2517			memcpy(sip, smack, SMK_MAXLEN);
2518			return;
2519		}
2520		/*
2521		 * Look it up in the supplied table if it is not
2522		 * a direct mapping.
2523		 */
2524		smack_from_cipso(sap->attr.mls.lvl, smack, sip);
2525		return;
2526	}
2527	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2528		/*
2529		 * Looks like a fallback, which gives us a secid.
2530		 */
2531		sp = smack_from_secid(sap->attr.secid);
2532		/*
2533		 * This has got to be a bug because it is
2534		 * impossible to specify a fallback without
2535		 * specifying the label, which will ensure
2536		 * it has a secid, and the only way to get a
2537		 * secid is from a fallback.
2538		 */
2539		BUG_ON(sp == NULL);
2540		strncpy(sip, sp, SMK_MAXLEN);
2541		return;
2542	}
2543	/*
2544	 * Without guidance regarding the smack value
2545	 * for the packet fall back on the network
2546	 * ambient value.
2547	 */
2548	strncpy(sip, smack_net_ambient, SMK_MAXLEN);
2549	return;
2550}
2551
2552/**
2553 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2554 * @sk: socket
2555 * @skb: packet
2556 *
2557 * Returns 0 if the packet should be delivered, an error code otherwise
2558 */
2559static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2560{
2561	struct netlbl_lsm_secattr secattr;
2562	struct socket_smack *ssp = sk->sk_security;
2563	char smack[SMK_LABELLEN];
2564	char *csp;
2565	int rc;
2566	struct smk_audit_info ad;
2567	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2568		return 0;
2569
2570	/*
2571	 * Translate what netlabel gave us.
2572	 */
2573	netlbl_secattr_init(&secattr);
2574
2575	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2576	if (rc == 0) {
2577		smack_from_secattr(&secattr, smack);
2578		csp = smack;
2579	} else
2580		csp = smack_net_ambient;
2581
2582	netlbl_secattr_destroy(&secattr);
2583
2584#ifdef CONFIG_AUDIT
2585	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2586	ad.a.u.net.family = sk->sk_family;
2587	ad.a.u.net.netif = skb->skb_iif;
2588	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2589#endif
2590	/*
2591	 * Receiving a packet requires that the other end
2592	 * be able to write here. Read access is not required.
2593	 * This is the simplist possible security model
2594	 * for networking.
2595	 */
2596	rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2597	if (rc != 0)
2598		netlbl_skbuff_err(skb, rc, 0);
2599	return rc;
2600}
2601
2602/**
2603 * smack_socket_getpeersec_stream - pull in packet label
2604 * @sock: the socket
2605 * @optval: user's destination
2606 * @optlen: size thereof
2607 * @len: max thereof
2608 *
2609 * returns zero on success, an error code otherwise
2610 */
2611static int smack_socket_getpeersec_stream(struct socket *sock,
2612					  char __user *optval,
2613					  int __user *optlen, unsigned len)
2614{
2615	struct socket_smack *ssp;
2616	int slen;
2617	int rc = 0;
2618
2619	ssp = sock->sk->sk_security;
2620	slen = strlen(ssp->smk_packet) + 1;
2621
2622	if (slen > len)
2623		rc = -ERANGE;
2624	else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
2625		rc = -EFAULT;
2626
2627	if (put_user(slen, optlen) != 0)
2628		rc = -EFAULT;
2629
2630	return rc;
2631}
2632
2633
2634/**
2635 * smack_socket_getpeersec_dgram - pull in packet label
2636 * @sock: the socket
2637 * @skb: packet data
2638 * @secid: pointer to where to put the secid of the packet
2639 *
2640 * Sets the netlabel socket state on sk from parent
2641 */
2642static int smack_socket_getpeersec_dgram(struct socket *sock,
2643					 struct sk_buff *skb, u32 *secid)
2644
2645{
2646	struct netlbl_lsm_secattr secattr;
2647	struct sock *sk;
2648	char smack[SMK_LABELLEN];
2649	int family = PF_INET;
2650	u32 s;
2651	int rc;
2652
2653	/*
2654	 * Only works for families with packets.
2655	 */
2656	if (sock != NULL) {
2657		sk = sock->sk;
2658		if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2659			return 0;
2660		family = sk->sk_family;
2661	}
2662	/*
2663	 * Translate what netlabel gave us.
2664	 */
2665	netlbl_secattr_init(&secattr);
2666	rc = netlbl_skbuff_getattr(skb, family, &secattr);
2667	if (rc == 0)
2668		smack_from_secattr(&secattr, smack);
2669	netlbl_secattr_destroy(&secattr);
2670
2671	/*
2672	 * Give up if we couldn't get anything
2673	 */
2674	if (rc != 0)
2675		return rc;
2676
2677	s = smack_to_secid(smack);
2678	if (s == 0)
2679		return -EINVAL;
2680
2681	*secid = s;
2682	return 0;
2683}
2684
2685/**
2686 * smack_sock_graft - Initialize a newly created socket with an existing sock
2687 * @sk: child sock
2688 * @parent: parent socket
2689 *
2690 * Set the smk_{in,out} state of an existing sock based on the process that
2691 * is creating the new socket.
2692 */
2693static void smack_sock_graft(struct sock *sk, struct socket *parent)
2694{
2695	struct socket_smack *ssp;
2696
2697	if (sk == NULL ||
2698	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
2699		return;
2700
2701	ssp = sk->sk_security;
2702	ssp->smk_in = ssp->smk_out = current_security();
2703	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
2704}
2705
2706/**
2707 * smack_inet_conn_request - Smack access check on connect
2708 * @sk: socket involved
2709 * @skb: packet
2710 * @req: unused
2711 *
2712 * Returns 0 if a task with the packet label could write to
2713 * the socket, otherwise an error code
2714 */
2715static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
2716				   struct request_sock *req)
2717{
2718	u16 family = sk->sk_family;
2719	struct socket_smack *ssp = sk->sk_security;
2720	struct netlbl_lsm_secattr secattr;
2721	struct sockaddr_in addr;
2722	struct iphdr *hdr;
2723	char smack[SMK_LABELLEN];
2724	int rc;
2725	struct smk_audit_info ad;
2726
2727	/* handle mapped IPv4 packets arriving via IPv6 sockets */
2728	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
2729		family = PF_INET;
2730
2731	netlbl_secattr_init(&secattr);
2732	rc = netlbl_skbuff_getattr(skb, family, &secattr);
2733	if (rc == 0)
2734		smack_from_secattr(&secattr, smack);
2735	else
2736		strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
2737	netlbl_secattr_destroy(&secattr);
2738
2739#ifdef CONFIG_AUDIT
2740	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2741	ad.a.u.net.family = family;
2742	ad.a.u.net.netif = skb->skb_iif;
2743	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2744#endif
2745	/*
2746	 * Receiving a packet requires that the other end be able to write
2747	 * here. Read access is not required.
2748	 */
2749	rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);
2750	if (rc != 0)
2751		return rc;
2752
2753	/*
2754	 * Save the peer's label in the request_sock so we can later setup
2755	 * smk_packet in the child socket so that SO_PEERCRED can report it.
2756	 */
2757	req->peer_secid = smack_to_secid(smack);
2758
2759	/*
2760	 * We need to decide if we want to label the incoming connection here
2761	 * if we do we only need to label the request_sock and the stack will
2762	 * propogate the wire-label to the sock when it is created.
2763	 */
2764	hdr = ip_hdr(skb);
2765	addr.sin_addr.s_addr = hdr->saddr;
2766	rcu_read_lock();
2767	if (smack_host_label(&addr) == NULL) {
2768		rcu_read_unlock();
2769		netlbl_secattr_init(&secattr);
2770		smack_to_secattr(smack, &secattr);
2771		rc = netlbl_req_setattr(req, &secattr);
2772		netlbl_secattr_destroy(&secattr);
2773	} else {
2774		rcu_read_unlock();
2775		netlbl_req_delattr(req);
2776	}
2777
2778	return rc;
2779}
2780
2781/**
2782 * smack_inet_csk_clone - Copy the connection information to the new socket
2783 * @sk: the new socket
2784 * @req: the connection's request_sock
2785 *
2786 * Transfer the connection's peer label to the newly created socket.
2787 */
2788static void smack_inet_csk_clone(struct sock *sk,
2789				 const struct request_sock *req)
2790{
2791	struct socket_smack *ssp = sk->sk_security;
2792	char *smack;
2793
2794	if (req->peer_secid != 0) {
2795		smack = smack_from_secid(req->peer_secid);
2796		strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
2797	} else
2798		ssp->smk_packet[0] = '\0';
2799}
2800
2801/*
2802 * Key management security hooks
2803 *
2804 * Casey has not tested key support very heavily.
2805 * The permission check is most likely too restrictive.
2806 * If you care about keys please have a look.
2807 */
2808#ifdef CONFIG_KEYS
2809
2810/**
2811 * smack_key_alloc - Set the key security blob
2812 * @key: object
2813 * @cred: the credentials to use
2814 * @flags: unused
2815 *
2816 * No allocation required
2817 *
2818 * Returns 0
2819 */
2820static int smack_key_alloc(struct key *key, const struct cred *cred,
2821			   unsigned long flags)
2822{
2823	key->security = cred->security;
2824	return 0;
2825}
2826
2827/**
2828 * smack_key_free - Clear the key security blob
2829 * @key: the object
2830 *
2831 * Clear the blob pointer
2832 */
2833static void smack_key_free(struct key *key)
2834{
2835	key->security = NULL;
2836}
2837
2838/*
2839 * smack_key_permission - Smack access on a key
2840 * @key_ref: gets to the object
2841 * @cred: the credentials to use
2842 * @perm: unused
2843 *
2844 * Return 0 if the task has read and write to the object,
2845 * an error code otherwise
2846 */
2847static int smack_key_permission(key_ref_t key_ref,
2848				const struct cred *cred, key_perm_t perm)
2849{
2850	struct key *keyp;
2851	struct smk_audit_info ad;
2852
2853	keyp = key_ref_to_ptr(key_ref);
2854	if (keyp == NULL)
2855		return -EINVAL;
2856	/*
2857	 * If the key hasn't been initialized give it access so that
2858	 * it may do so.
2859	 */
2860	if (keyp->security == NULL)
2861		return 0;
2862	/*
2863	 * This should not occur
2864	 */
2865	if (cred->security == NULL)
2866		return -EACCES;
2867#ifdef CONFIG_AUDIT
2868	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
2869	ad.a.u.key_struct.key = keyp->serial;
2870	ad.a.u.key_struct.key_desc = keyp->description;
2871#endif
2872	return smk_access(cred->security, keyp->security,
2873				 MAY_READWRITE, &ad);
2874}
2875#endif /* CONFIG_KEYS */
2876
2877/*
2878 * Smack Audit hooks
2879 *
2880 * Audit requires a unique representation of each Smack specific
2881 * rule. This unique representation is used to distinguish the
2882 * object to be audited from remaining kernel objects and also
2883 * works as a glue between the audit hooks.
2884 *
2885 * Since repository entries are added but never deleted, we'll use
2886 * the smack_known label address related to the given audit rule as
2887 * the needed unique representation. This also better fits the smack
2888 * model where nearly everything is a label.
2889 */
2890#ifdef CONFIG_AUDIT
2891
2892/**
2893 * smack_audit_rule_init - Initialize a smack audit rule
2894 * @field: audit rule fields given from user-space (audit.h)
2895 * @op: required testing operator (=, !=, >, <, ...)
2896 * @rulestr: smack label to be audited
2897 * @vrule: pointer to save our own audit rule representation
2898 *
2899 * Prepare to audit cases where (@field @op @rulestr) is true.
2900 * The label to be audited is created if necessay.
2901 */
2902static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
2903{
2904	char **rule = (char **)vrule;
2905	*rule = NULL;
2906
2907	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
2908		return -EINVAL;
2909
2910	if (op != Audit_equal && op != Audit_not_equal)
2911		return -EINVAL;
2912
2913	*rule = smk_import(rulestr, 0);
2914
2915	return 0;
2916}
2917
2918/**
2919 * smack_audit_rule_known - Distinguish Smack audit rules
2920 * @krule: rule of interest, in Audit kernel representation format
2921 *
2922 * This is used to filter Smack rules from remaining Audit ones.
2923 * If it's proved that this rule belongs to us, the
2924 * audit_rule_match hook will be called to do the final judgement.
2925 */
2926static int smack_audit_rule_known(struct audit_krule *krule)
2927{
2928	struct audit_field *f;
2929	int i;
2930
2931	for (i = 0; i < krule->field_count; i++) {
2932		f = &krule->fields[i];
2933
2934		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
2935			return 1;
2936	}
2937
2938	return 0;
2939}
2940
2941/**
2942 * smack_audit_rule_match - Audit given object ?
2943 * @secid: security id for identifying the object to test
2944 * @field: audit rule flags given from user-space
2945 * @op: required testing operator
2946 * @vrule: smack internal rule presentation
2947 * @actx: audit context associated with the check
2948 *
2949 * The core Audit hook. It's used to take the decision of
2950 * whether to audit or not to audit a given object.
2951 */
2952static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
2953				  struct audit_context *actx)
2954{
2955	char *smack;
2956	char *rule = vrule;
2957
2958	if (!rule) {
2959		audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
2960			  "Smack: missing rule\n");
2961		return -ENOENT;
2962	}
2963
2964	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
2965		return 0;
2966
2967	smack = smack_from_secid(secid);
2968
2969	/*
2970	 * No need to do string comparisons. If a match occurs,
2971	 * both pointers will point to the same smack_known
2972	 * label.
2973	 */
2974	if (op == Audit_equal)
2975		return (rule == smack);
2976	if (op == Audit_not_equal)
2977		return (rule != smack);
2978
2979	return 0;
2980}
2981
2982/**
2983 * smack_audit_rule_free - free smack rule representation
2984 * @vrule: rule to be freed.
2985 *
2986 * No memory was allocated.
2987 */
2988static void smack_audit_rule_free(void *vrule)
2989{
2990	/* No-op */
2991}
2992
2993#endif /* CONFIG_AUDIT */
2994
2995/**
2996 * smack_secid_to_secctx - return the smack label for a secid
2997 * @secid: incoming integer
2998 * @secdata: destination
2999 * @seclen: how long it is
3000 *
3001 * Exists for networking code.
3002 */
3003static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3004{
3005	char *sp = smack_from_secid(secid);
3006
3007	if (secdata)
3008		*secdata = sp;
3009	*seclen = strlen(sp);
3010	return 0;
3011}
3012
3013/**
3014 * smack_secctx_to_secid - return the secid for a smack label
3015 * @secdata: smack label
3016 * @seclen: how long result is
3017 * @secid: outgoing integer
3018 *
3019 * Exists for audit and networking code.
3020 */
3021static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3022{
3023	*secid = smack_to_secid(secdata);
3024	return 0;
3025}
3026
3027/**
3028 * smack_release_secctx - don't do anything.
3029 * @secdata: unused
3030 * @seclen: unused
3031 *
3032 * Exists to make sure nothing gets done, and properly
3033 */
3034static void smack_release_secctx(char *secdata, u32 seclen)
3035{
3036}
3037
3038static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3039{
3040	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3041}
3042
3043static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3044{
3045	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3046}
3047
3048static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3049{
3050	int len = 0;
3051	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3052
3053	if (len < 0)
3054		return len;
3055	*ctxlen = len;
3056	return 0;
3057}
3058
3059struct security_operations smack_ops = {
3060	.name =				"smack",
3061
3062	.ptrace_access_check =		smack_ptrace_access_check,
3063	.ptrace_traceme =		smack_ptrace_traceme,
3064	.syslog = 			smack_syslog,
3065
3066	.sb_alloc_security = 		smack_sb_alloc_security,
3067	.sb_free_security = 		smack_sb_free_security,
3068	.sb_copy_data = 		smack_sb_copy_data,
3069	.sb_kern_mount = 		smack_sb_kern_mount,
3070	.sb_statfs = 			smack_sb_statfs,
3071	.sb_mount = 			smack_sb_mount,
3072	.sb_umount = 			smack_sb_umount,
3073
3074	.inode_alloc_security = 	smack_inode_alloc_security,
3075	.inode_free_security = 		smack_inode_free_security,
3076	.inode_init_security = 		smack_inode_init_security,
3077	.inode_link = 			smack_inode_link,
3078	.inode_unlink = 		smack_inode_unlink,
3079	.inode_rmdir = 			smack_inode_rmdir,
3080	.inode_rename = 		smack_inode_rename,
3081	.inode_permission = 		smack_inode_permission,
3082	.inode_setattr = 		smack_inode_setattr,
3083	.inode_getattr = 		smack_inode_getattr,
3084	.inode_setxattr = 		smack_inode_setxattr,
3085	.inode_post_setxattr = 		smack_inode_post_setxattr,
3086	.inode_getxattr = 		smack_inode_getxattr,
3087	.inode_removexattr = 		smack_inode_removexattr,
3088	.inode_getsecurity = 		smack_inode_getsecurity,
3089	.inode_setsecurity = 		smack_inode_setsecurity,
3090	.inode_listsecurity = 		smack_inode_listsecurity,
3091	.inode_getsecid =		smack_inode_getsecid,
3092
3093	.file_permission = 		smack_file_permission,
3094	.file_alloc_security = 		smack_file_alloc_security,
3095	.file_free_security = 		smack_file_free_security,
3096	.file_ioctl = 			smack_file_ioctl,
3097	.file_lock = 			smack_file_lock,
3098	.file_fcntl = 			smack_file_fcntl,
3099	.file_set_fowner = 		smack_file_set_fowner,
3100	.file_send_sigiotask = 		smack_file_send_sigiotask,
3101	.file_receive = 		smack_file_receive,
3102
3103	.cred_alloc_blank =		smack_cred_alloc_blank,
3104	.cred_free =			smack_cred_free,
3105	.cred_prepare =			smack_cred_prepare,
3106	.cred_transfer =		smack_cred_transfer,
3107	.kernel_act_as =		smack_kernel_act_as,
3108	.kernel_create_files_as =	smack_kernel_create_files_as,
3109	.task_setpgid = 		smack_task_setpgid,
3110	.task_getpgid = 		smack_task_getpgid,
3111	.task_getsid = 			smack_task_getsid,
3112	.task_getsecid = 		smack_task_getsecid,
3113	.task_setnice = 		smack_task_setnice,
3114	.task_setioprio = 		smack_task_setioprio,
3115	.task_getioprio = 		smack_task_getioprio,
3116	.task_setscheduler = 		smack_task_setscheduler,
3117	.task_getscheduler = 		smack_task_getscheduler,
3118	.task_movememory = 		smack_task_movememory,
3119	.task_kill = 			smack_task_kill,
3120	.task_wait = 			smack_task_wait,
3121	.task_to_inode = 		smack_task_to_inode,
3122
3123	.ipc_permission = 		smack_ipc_permission,
3124	.ipc_getsecid =			smack_ipc_getsecid,
3125
3126	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
3127	.msg_msg_free_security = 	smack_msg_msg_free_security,
3128
3129	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
3130	.msg_queue_free_security = 	smack_msg_queue_free_security,
3131	.msg_queue_associate = 		smack_msg_queue_associate,
3132	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
3133	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
3134	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
3135
3136	.shm_alloc_security = 		smack_shm_alloc_security,
3137	.shm_free_security = 		smack_shm_free_security,
3138	.shm_associate = 		smack_shm_associate,
3139	.shm_shmctl = 			smack_shm_shmctl,
3140	.shm_shmat = 			smack_shm_shmat,
3141
3142	.sem_alloc_security = 		smack_sem_alloc_security,
3143	.sem_free_security = 		smack_sem_free_security,
3144	.sem_associate = 		smack_sem_associate,
3145	.sem_semctl = 			smack_sem_semctl,
3146	.sem_semop = 			smack_sem_semop,
3147
3148	.d_instantiate = 		smack_d_instantiate,
3149
3150	.getprocattr = 			smack_getprocattr,
3151	.setprocattr = 			smack_setprocattr,
3152
3153	.unix_stream_connect = 		smack_unix_stream_connect,
3154	.unix_may_send = 		smack_unix_may_send,
3155
3156	.socket_post_create = 		smack_socket_post_create,
3157	.socket_connect =		smack_socket_connect,
3158	.socket_sendmsg =		smack_socket_sendmsg,
3159	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
3160	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
3161	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
3162	.sk_alloc_security = 		smack_sk_alloc_security,
3163	.sk_free_security = 		smack_sk_free_security,
3164	.sock_graft = 			smack_sock_graft,
3165	.inet_conn_request = 		smack_inet_conn_request,
3166	.inet_csk_clone =		smack_inet_csk_clone,
3167
3168 /* key management security hooks */
3169#ifdef CONFIG_KEYS
3170	.key_alloc = 			smack_key_alloc,
3171	.key_free = 			smack_key_free,
3172	.key_permission = 		smack_key_permission,
3173#endif /* CONFIG_KEYS */
3174
3175 /* Audit hooks */
3176#ifdef CONFIG_AUDIT
3177	.audit_rule_init =		smack_audit_rule_init,
3178	.audit_rule_known =		smack_audit_rule_known,
3179	.audit_rule_match =		smack_audit_rule_match,
3180	.audit_rule_free =		smack_audit_rule_free,
3181#endif /* CONFIG_AUDIT */
3182
3183	.secid_to_secctx = 		smack_secid_to_secctx,
3184	.secctx_to_secid = 		smack_secctx_to_secid,
3185	.release_secctx = 		smack_release_secctx,
3186	.inode_notifysecctx =		smack_inode_notifysecctx,
3187	.inode_setsecctx =		smack_inode_setsecctx,
3188	.inode_getsecctx =		smack_inode_getsecctx,
3189};
3190
3191
3192static __init void init_smack_know_list(void)
3193{
3194	list_add(&smack_known_huh.list, &smack_known_list);
3195	list_add(&smack_known_hat.list, &smack_known_list);
3196	list_add(&smack_known_star.list, &smack_known_list);
3197	list_add(&smack_known_floor.list, &smack_known_list);
3198	list_add(&smack_known_invalid.list, &smack_known_list);
3199	list_add(&smack_known_web.list, &smack_known_list);
3200}
3201
3202/**
3203 * smack_init - initialize the smack system
3204 *
3205 * Returns 0
3206 */
3207static __init int smack_init(void)
3208{
3209	struct cred *cred;
3210
3211	if (!security_module_enable(&smack_ops))
3212		return 0;
3213
3214	printk(KERN_INFO "Smack:  Initializing.\n");
3215
3216	/*
3217	 * Set the security state for the initial task.
3218	 */
3219	cred = (struct cred *) current->cred;
3220	cred->security = &smack_known_floor.smk_known;
3221
3222	/* initialize the smack_know_list */
3223	init_smack_know_list();
3224	/*
3225	 * Initialize locks
3226	 */
3227	spin_lock_init(&smack_known_huh.smk_cipsolock);
3228	spin_lock_init(&smack_known_hat.smk_cipsolock);
3229	spin_lock_init(&smack_known_star.smk_cipsolock);
3230	spin_lock_init(&smack_known_floor.smk_cipsolock);
3231	spin_lock_init(&smack_known_invalid.smk_cipsolock);
3232
3233	/*
3234	 * Register with LSM
3235	 */
3236	if (register_security(&smack_ops))
3237		panic("smack: Unable to register with kernel.\n");
3238
3239	return 0;
3240}
3241
3242/*
3243 * Smack requires early initialization in order to label
3244 * all processes and objects when they are created.
3245 */
3246security_initcall(smack_init);
Configure Feed

Configure Feed
