security/smack/smack_lsm.c at v3.4-rc2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / smack / smack_lsm.c
at v3.4-rc2 3692 lines 89 kB view raw
wrap content
   1/*
   2 *  Simplified MAC Kernel (smack) security module
   3 *
   4 *  This file contains the smack hook function implementations.
   5 *
   6 *  Authors:
   7 *	Casey Schaufler <casey@schaufler-ca.com>
   8 *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
   9 *
  10 *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  11 *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  12 *                Paul Moore <paul@paul-moore.com>
  13 *  Copyright (C) 2010 Nokia Corporation
  14 *  Copyright (C) 2011 Intel Corporation.
  15 *
  16 *	This program is free software; you can redistribute it and/or modify
  17 *	it under the terms of the GNU General Public License version 2,
  18 *      as published by the Free Software Foundation.
  19 */
  20
  21#include <linux/xattr.h>
  22#include <linux/pagemap.h>
  23#include <linux/mount.h>
  24#include <linux/stat.h>
  25#include <linux/kd.h>
  26#include <asm/ioctls.h>
  27#include <linux/ip.h>
  28#include <linux/tcp.h>
  29#include <linux/udp.h>
  30#include <linux/slab.h>
  31#include <linux/mutex.h>
  32#include <linux/pipe_fs_i.h>
  33#include <net/netlabel.h>
  34#include <net/cipso_ipv4.h>
  35#include <linux/audit.h>
  36#include <linux/magic.h>
  37#include <linux/dcache.h>
  38#include <linux/personality.h>
  39#include <linux/msg.h>
  40#include <linux/shm.h>
  41#include <linux/binfmts.h>
  42#include "smack.h"
  43
  44#define task_security(task)	(task_cred_xxx((task), security))
  45
  46#define TRANS_TRUE	"TRUE"
  47#define TRANS_TRUE_SIZE	4
  48
  49/**
  50 * smk_fetch - Fetch the smack label from a file.
  51 * @ip: a pointer to the inode
  52 * @dp: a pointer to the dentry
  53 *
  54 * Returns a pointer to the master list entry for the Smack label
  55 * or NULL if there was no label to fetch.
  56 */
  57static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
  58{
  59	int rc;
  60	char in[SMK_LABELLEN];
  61
  62	if (ip->i_op->getxattr == NULL)
  63		return NULL;
  64
  65	rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN);
  66	if (rc < 0)
  67		return NULL;
  68
  69	return smk_import(in, rc);
  70}
  71
  72/**
  73 * new_inode_smack - allocate an inode security blob
  74 * @smack: a pointer to the Smack label to use in the blob
  75 *
  76 * Returns the new blob or NULL if there's no memory available
  77 */
  78struct inode_smack *new_inode_smack(char *smack)
  79{
  80	struct inode_smack *isp;
  81
  82	isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
  83	if (isp == NULL)
  84		return NULL;
  85
  86	isp->smk_inode = smack;
  87	isp->smk_flags = 0;
  88	mutex_init(&isp->smk_lock);
  89
  90	return isp;
  91}
  92
  93/**
  94 * new_task_smack - allocate a task security blob
  95 * @smack: a pointer to the Smack label to use in the blob
  96 *
  97 * Returns the new blob or NULL if there's no memory available
  98 */
  99static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
 100{
 101	struct task_smack *tsp;
 102
 103	tsp = kzalloc(sizeof(struct task_smack), gfp);
 104	if (tsp == NULL)
 105		return NULL;
 106
 107	tsp->smk_task = task;
 108	tsp->smk_forked = forked;
 109	INIT_LIST_HEAD(&tsp->smk_rules);
 110	mutex_init(&tsp->smk_rules_lock);
 111
 112	return tsp;
 113}
 114
 115/**
 116 * smk_copy_rules - copy a rule set
 117 * @nhead - new rules header pointer
 118 * @ohead - old rules header pointer
 119 *
 120 * Returns 0 on success, -ENOMEM on error
 121 */
 122static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
 123				gfp_t gfp)
 124{
 125	struct smack_rule *nrp;
 126	struct smack_rule *orp;
 127	int rc = 0;
 128
 129	INIT_LIST_HEAD(nhead);
 130
 131	list_for_each_entry_rcu(orp, ohead, list) {
 132		nrp = kzalloc(sizeof(struct smack_rule), gfp);
 133		if (nrp == NULL) {
 134			rc = -ENOMEM;
 135			break;
 136		}
 137		*nrp = *orp;
 138		list_add_rcu(&nrp->list, nhead);
 139	}
 140	return rc;
 141}
 142
 143/*
 144 * LSM hooks.
 145 * We he, that is fun!
 146 */
 147
 148/**
 149 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
 150 * @ctp: child task pointer
 151 * @mode: ptrace attachment mode
 152 *
 153 * Returns 0 if access is OK, an error code otherwise
 154 *
 155 * Do the capability checks, and require read and write.
 156 */
 157static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 158{
 159	int rc;
 160	struct smk_audit_info ad;
 161	char *tsp;
 162
 163	rc = cap_ptrace_access_check(ctp, mode);
 164	if (rc != 0)
 165		return rc;
 166
 167	tsp = smk_of_task(task_security(ctp));
 168	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 169	smk_ad_setfield_u_tsk(&ad, ctp);
 170
 171	rc = smk_curacc(tsp, MAY_READWRITE, &ad);
 172	return rc;
 173}
 174
 175/**
 176 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
 177 * @ptp: parent task pointer
 178 *
 179 * Returns 0 if access is OK, an error code otherwise
 180 *
 181 * Do the capability checks, and require read and write.
 182 */
 183static int smack_ptrace_traceme(struct task_struct *ptp)
 184{
 185	int rc;
 186	struct smk_audit_info ad;
 187	char *tsp;
 188
 189	rc = cap_ptrace_traceme(ptp);
 190	if (rc != 0)
 191		return rc;
 192
 193	tsp = smk_of_task(task_security(ptp));
 194	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 195	smk_ad_setfield_u_tsk(&ad, ptp);
 196
 197	rc = smk_curacc(tsp, MAY_READWRITE, &ad);
 198	return rc;
 199}
 200
 201/**
 202 * smack_syslog - Smack approval on syslog
 203 * @type: message type
 204 *
 205 * Require that the task has the floor label
 206 *
 207 * Returns 0 on success, error code otherwise.
 208 */
 209static int smack_syslog(int typefrom_file)
 210{
 211	int rc = 0;
 212	char *sp = smk_of_current();
 213
 214	if (capable(CAP_MAC_OVERRIDE))
 215		return 0;
 216
 217	 if (sp != smack_known_floor.smk_known)
 218		rc = -EACCES;
 219
 220	return rc;
 221}
 222
 223
 224/*
 225 * Superblock Hooks.
 226 */
 227
 228/**
 229 * smack_sb_alloc_security - allocate a superblock blob
 230 * @sb: the superblock getting the blob
 231 *
 232 * Returns 0 on success or -ENOMEM on error.
 233 */
 234static int smack_sb_alloc_security(struct super_block *sb)
 235{
 236	struct superblock_smack *sbsp;
 237
 238	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
 239
 240	if (sbsp == NULL)
 241		return -ENOMEM;
 242
 243	sbsp->smk_root = smack_known_floor.smk_known;
 244	sbsp->smk_default = smack_known_floor.smk_known;
 245	sbsp->smk_floor = smack_known_floor.smk_known;
 246	sbsp->smk_hat = smack_known_hat.smk_known;
 247	sbsp->smk_initialized = 0;
 248	spin_lock_init(&sbsp->smk_sblock);
 249
 250	sb->s_security = sbsp;
 251
 252	return 0;
 253}
 254
 255/**
 256 * smack_sb_free_security - free a superblock blob
 257 * @sb: the superblock getting the blob
 258 *
 259 */
 260static void smack_sb_free_security(struct super_block *sb)
 261{
 262	kfree(sb->s_security);
 263	sb->s_security = NULL;
 264}
 265
 266/**
 267 * smack_sb_copy_data - copy mount options data for processing
 268 * @orig: where to start
 269 * @smackopts: mount options string
 270 *
 271 * Returns 0 on success or -ENOMEM on error.
 272 *
 273 * Copy the Smack specific mount options out of the mount
 274 * options list.
 275 */
 276static int smack_sb_copy_data(char *orig, char *smackopts)
 277{
 278	char *cp, *commap, *otheropts, *dp;
 279
 280	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
 281	if (otheropts == NULL)
 282		return -ENOMEM;
 283
 284	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
 285		if (strstr(cp, SMK_FSDEFAULT) == cp)
 286			dp = smackopts;
 287		else if (strstr(cp, SMK_FSFLOOR) == cp)
 288			dp = smackopts;
 289		else if (strstr(cp, SMK_FSHAT) == cp)
 290			dp = smackopts;
 291		else if (strstr(cp, SMK_FSROOT) == cp)
 292			dp = smackopts;
 293		else
 294			dp = otheropts;
 295
 296		commap = strchr(cp, ',');
 297		if (commap != NULL)
 298			*commap = '\0';
 299
 300		if (*dp != '\0')
 301			strcat(dp, ",");
 302		strcat(dp, cp);
 303	}
 304
 305	strcpy(orig, otheropts);
 306	free_page((unsigned long)otheropts);
 307
 308	return 0;
 309}
 310
 311/**
 312 * smack_sb_kern_mount - Smack specific mount processing
 313 * @sb: the file system superblock
 314 * @flags: the mount flags
 315 * @data: the smack mount options
 316 *
 317 * Returns 0 on success, an error code on failure
 318 */
 319static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 320{
 321	struct dentry *root = sb->s_root;
 322	struct inode *inode = root->d_inode;
 323	struct superblock_smack *sp = sb->s_security;
 324	struct inode_smack *isp;
 325	char *op;
 326	char *commap;
 327	char *nsp;
 328
 329	spin_lock(&sp->smk_sblock);
 330	if (sp->smk_initialized != 0) {
 331		spin_unlock(&sp->smk_sblock);
 332		return 0;
 333	}
 334	sp->smk_initialized = 1;
 335	spin_unlock(&sp->smk_sblock);
 336
 337	for (op = data; op != NULL; op = commap) {
 338		commap = strchr(op, ',');
 339		if (commap != NULL)
 340			*commap++ = '\0';
 341
 342		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
 343			op += strlen(SMK_FSHAT);
 344			nsp = smk_import(op, 0);
 345			if (nsp != NULL)
 346				sp->smk_hat = nsp;
 347		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
 348			op += strlen(SMK_FSFLOOR);
 349			nsp = smk_import(op, 0);
 350			if (nsp != NULL)
 351				sp->smk_floor = nsp;
 352		} else if (strncmp(op, SMK_FSDEFAULT,
 353				   strlen(SMK_FSDEFAULT)) == 0) {
 354			op += strlen(SMK_FSDEFAULT);
 355			nsp = smk_import(op, 0);
 356			if (nsp != NULL)
 357				sp->smk_default = nsp;
 358		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
 359			op += strlen(SMK_FSROOT);
 360			nsp = smk_import(op, 0);
 361			if (nsp != NULL)
 362				sp->smk_root = nsp;
 363		}
 364	}
 365
 366	/*
 367	 * Initialize the root inode.
 368	 */
 369	isp = inode->i_security;
 370	if (isp == NULL)
 371		inode->i_security = new_inode_smack(sp->smk_root);
 372	else
 373		isp->smk_inode = sp->smk_root;
 374
 375	return 0;
 376}
 377
 378/**
 379 * smack_sb_statfs - Smack check on statfs
 380 * @dentry: identifies the file system in question
 381 *
 382 * Returns 0 if current can read the floor of the filesystem,
 383 * and error code otherwise
 384 */
 385static int smack_sb_statfs(struct dentry *dentry)
 386{
 387	struct superblock_smack *sbp = dentry->d_sb->s_security;
 388	int rc;
 389	struct smk_audit_info ad;
 390
 391	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 392	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 393
 394	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
 395	return rc;
 396}
 397
 398/**
 399 * smack_sb_mount - Smack check for mounting
 400 * @dev_name: unused
 401 * @path: mount point
 402 * @type: unused
 403 * @flags: unused
 404 * @data: unused
 405 *
 406 * Returns 0 if current can write the floor of the filesystem
 407 * being mounted on, an error code otherwise.
 408 */
 409static int smack_sb_mount(char *dev_name, struct path *path,
 410			  char *type, unsigned long flags, void *data)
 411{
 412	struct superblock_smack *sbp = path->dentry->d_sb->s_security;
 413	struct smk_audit_info ad;
 414
 415	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 416	smk_ad_setfield_u_fs_path(&ad, *path);
 417
 418	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 419}
 420
 421/**
 422 * smack_sb_umount - Smack check for unmounting
 423 * @mnt: file system to unmount
 424 * @flags: unused
 425 *
 426 * Returns 0 if current can write the floor of the filesystem
 427 * being unmounted, an error code otherwise.
 428 */
 429static int smack_sb_umount(struct vfsmount *mnt, int flags)
 430{
 431	struct superblock_smack *sbp;
 432	struct smk_audit_info ad;
 433	struct path path;
 434
 435	path.dentry = mnt->mnt_root;
 436	path.mnt = mnt;
 437
 438	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 439	smk_ad_setfield_u_fs_path(&ad, path);
 440
 441	sbp = path.dentry->d_sb->s_security;
 442	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 443}
 444
 445/*
 446 * BPRM hooks
 447 */
 448
 449/**
 450 * smack_bprm_set_creds - set creds for exec
 451 * @bprm: the exec information
 452 *
 453 * Returns 0 if it gets a blob, -ENOMEM otherwise
 454 */
 455static int smack_bprm_set_creds(struct linux_binprm *bprm)
 456{
 457	struct inode *inode = bprm->file->f_path.dentry->d_inode;
 458	struct task_smack *bsp = bprm->cred->security;
 459	struct inode_smack *isp;
 460	int rc;
 461
 462	rc = cap_bprm_set_creds(bprm);
 463	if (rc != 0)
 464		return rc;
 465
 466	if (bprm->cred_prepared)
 467		return 0;
 468
 469	isp = inode->i_security;
 470	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
 471		return 0;
 472
 473	if (bprm->unsafe)
 474		return -EPERM;
 475
 476	bsp->smk_task = isp->smk_task;
 477	bprm->per_clear |= PER_CLEAR_ON_SETID;
 478
 479	return 0;
 480}
 481
 482/**
 483 * smack_bprm_committing_creds - Prepare to install the new credentials
 484 * from bprm.
 485 *
 486 * @bprm: binprm for exec
 487 */
 488static void smack_bprm_committing_creds(struct linux_binprm *bprm)
 489{
 490	struct task_smack *bsp = bprm->cred->security;
 491
 492	if (bsp->smk_task != bsp->smk_forked)
 493		current->pdeath_signal = 0;
 494}
 495
 496/**
 497 * smack_bprm_secureexec - Return the decision to use secureexec.
 498 * @bprm: binprm for exec
 499 *
 500 * Returns 0 on success.
 501 */
 502static int smack_bprm_secureexec(struct linux_binprm *bprm)
 503{
 504	struct task_smack *tsp = current_security();
 505	int ret = cap_bprm_secureexec(bprm);
 506
 507	if (!ret && (tsp->smk_task != tsp->smk_forked))
 508		ret = 1;
 509
 510	return ret;
 511}
 512
 513/*
 514 * Inode hooks
 515 */
 516
 517/**
 518 * smack_inode_alloc_security - allocate an inode blob
 519 * @inode: the inode in need of a blob
 520 *
 521 * Returns 0 if it gets a blob, -ENOMEM otherwise
 522 */
 523static int smack_inode_alloc_security(struct inode *inode)
 524{
 525	inode->i_security = new_inode_smack(smk_of_current());
 526	if (inode->i_security == NULL)
 527		return -ENOMEM;
 528	return 0;
 529}
 530
 531/**
 532 * smack_inode_free_security - free an inode blob
 533 * @inode: the inode with a blob
 534 *
 535 * Clears the blob pointer in inode
 536 */
 537static void smack_inode_free_security(struct inode *inode)
 538{
 539	kfree(inode->i_security);
 540	inode->i_security = NULL;
 541}
 542
 543/**
 544 * smack_inode_init_security - copy out the smack from an inode
 545 * @inode: the inode
 546 * @dir: unused
 547 * @qstr: unused
 548 * @name: where to put the attribute name
 549 * @value: where to put the attribute value
 550 * @len: where to put the length of the attribute
 551 *
 552 * Returns 0 if it all works out, -ENOMEM if there's no memory
 553 */
 554static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 555				     const struct qstr *qstr, char **name,
 556				     void **value, size_t *len)
 557{
 558	struct smack_known *skp;
 559	char *csp = smk_of_current();
 560	char *isp = smk_of_inode(inode);
 561	char *dsp = smk_of_inode(dir);
 562	int may;
 563
 564	if (name) {
 565		*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
 566		if (*name == NULL)
 567			return -ENOMEM;
 568	}
 569
 570	if (value) {
 571		skp = smk_find_entry(csp);
 572		rcu_read_lock();
 573		may = smk_access_entry(csp, dsp, &skp->smk_rules);
 574		rcu_read_unlock();
 575
 576		/*
 577		 * If the access rule allows transmutation and
 578		 * the directory requests transmutation then
 579		 * by all means transmute.
 580		 */
 581		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
 582		    smk_inode_transmutable(dir))
 583			isp = dsp;
 584
 585		*value = kstrdup(isp, GFP_KERNEL);
 586		if (*value == NULL)
 587			return -ENOMEM;
 588	}
 589
 590	if (len)
 591		*len = strlen(isp) + 1;
 592
 593	return 0;
 594}
 595
 596/**
 597 * smack_inode_link - Smack check on link
 598 * @old_dentry: the existing object
 599 * @dir: unused
 600 * @new_dentry: the new object
 601 *
 602 * Returns 0 if access is permitted, an error code otherwise
 603 */
 604static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
 605			    struct dentry *new_dentry)
 606{
 607	char *isp;
 608	struct smk_audit_info ad;
 609	int rc;
 610
 611	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 612	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 613
 614	isp = smk_of_inode(old_dentry->d_inode);
 615	rc = smk_curacc(isp, MAY_WRITE, &ad);
 616
 617	if (rc == 0 && new_dentry->d_inode != NULL) {
 618		isp = smk_of_inode(new_dentry->d_inode);
 619		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 620		rc = smk_curacc(isp, MAY_WRITE, &ad);
 621	}
 622
 623	return rc;
 624}
 625
 626/**
 627 * smack_inode_unlink - Smack check on inode deletion
 628 * @dir: containing directory object
 629 * @dentry: file to unlink
 630 *
 631 * Returns 0 if current can write the containing directory
 632 * and the object, error code otherwise
 633 */
 634static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
 635{
 636	struct inode *ip = dentry->d_inode;
 637	struct smk_audit_info ad;
 638	int rc;
 639
 640	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 641	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 642
 643	/*
 644	 * You need write access to the thing you're unlinking
 645	 */
 646	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
 647	if (rc == 0) {
 648		/*
 649		 * You also need write access to the containing directory
 650		 */
 651		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
 652		smk_ad_setfield_u_fs_inode(&ad, dir);
 653		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 654	}
 655	return rc;
 656}
 657
 658/**
 659 * smack_inode_rmdir - Smack check on directory deletion
 660 * @dir: containing directory object
 661 * @dentry: directory to unlink
 662 *
 663 * Returns 0 if current can write the containing directory
 664 * and the directory, error code otherwise
 665 */
 666static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
 667{
 668	struct smk_audit_info ad;
 669	int rc;
 670
 671	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 672	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 673
 674	/*
 675	 * You need write access to the thing you're removing
 676	 */
 677	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 678	if (rc == 0) {
 679		/*
 680		 * You also need write access to the containing directory
 681		 */
 682		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
 683		smk_ad_setfield_u_fs_inode(&ad, dir);
 684		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 685	}
 686
 687	return rc;
 688}
 689
 690/**
 691 * smack_inode_rename - Smack check on rename
 692 * @old_inode: the old directory
 693 * @old_dentry: unused
 694 * @new_inode: the new directory
 695 * @new_dentry: unused
 696 *
 697 * Read and write access is required on both the old and
 698 * new directories.
 699 *
 700 * Returns 0 if access is permitted, an error code otherwise
 701 */
 702static int smack_inode_rename(struct inode *old_inode,
 703			      struct dentry *old_dentry,
 704			      struct inode *new_inode,
 705			      struct dentry *new_dentry)
 706{
 707	int rc;
 708	char *isp;
 709	struct smk_audit_info ad;
 710
 711	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 712	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 713
 714	isp = smk_of_inode(old_dentry->d_inode);
 715	rc = smk_curacc(isp, MAY_READWRITE, &ad);
 716
 717	if (rc == 0 && new_dentry->d_inode != NULL) {
 718		isp = smk_of_inode(new_dentry->d_inode);
 719		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 720		rc = smk_curacc(isp, MAY_READWRITE, &ad);
 721	}
 722	return rc;
 723}
 724
 725/**
 726 * smack_inode_permission - Smack version of permission()
 727 * @inode: the inode in question
 728 * @mask: the access requested
 729 *
 730 * This is the important Smack hook.
 731 *
 732 * Returns 0 if access is permitted, -EACCES otherwise
 733 */
 734static int smack_inode_permission(struct inode *inode, int mask)
 735{
 736	struct smk_audit_info ad;
 737	int no_block = mask & MAY_NOT_BLOCK;
 738
 739	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
 740	/*
 741	 * No permission to check. Existence test. Yup, it's there.
 742	 */
 743	if (mask == 0)
 744		return 0;
 745
 746	/* May be droppable after audit */
 747	if (no_block)
 748		return -ECHILD;
 749	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
 750	smk_ad_setfield_u_fs_inode(&ad, inode);
 751	return smk_curacc(smk_of_inode(inode), mask, &ad);
 752}
 753
 754/**
 755 * smack_inode_setattr - Smack check for setting attributes
 756 * @dentry: the object
 757 * @iattr: for the force flag
 758 *
 759 * Returns 0 if access is permitted, an error code otherwise
 760 */
 761static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 762{
 763	struct smk_audit_info ad;
 764	/*
 765	 * Need to allow for clearing the setuid bit.
 766	 */
 767	if (iattr->ia_valid & ATTR_FORCE)
 768		return 0;
 769	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 770	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 771
 772	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 773}
 774
 775/**
 776 * smack_inode_getattr - Smack check for getting attributes
 777 * @mnt: unused
 778 * @dentry: the object
 779 *
 780 * Returns 0 if access is permitted, an error code otherwise
 781 */
 782static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 783{
 784	struct smk_audit_info ad;
 785	struct path path;
 786
 787	path.dentry = dentry;
 788	path.mnt = mnt;
 789
 790	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 791	smk_ad_setfield_u_fs_path(&ad, path);
 792	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 793}
 794
 795/**
 796 * smack_inode_setxattr - Smack check for setting xattrs
 797 * @dentry: the object
 798 * @name: name of the attribute
 799 * @value: unused
 800 * @size: unused
 801 * @flags: unused
 802 *
 803 * This protects the Smack attribute explicitly.
 804 *
 805 * Returns 0 if access is permitted, an error code otherwise
 806 */
 807static int smack_inode_setxattr(struct dentry *dentry, const char *name,
 808				const void *value, size_t size, int flags)
 809{
 810	struct smk_audit_info ad;
 811	int rc = 0;
 812
 813	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 814	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 815	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
 816	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
 817	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
 818		if (!capable(CAP_MAC_ADMIN))
 819			rc = -EPERM;
 820		/*
 821		 * check label validity here so import wont fail on
 822		 * post_setxattr
 823		 */
 824		if (size == 0 || size >= SMK_LABELLEN ||
 825		    smk_import(value, size) == NULL)
 826			rc = -EINVAL;
 827	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
 828		if (!capable(CAP_MAC_ADMIN))
 829			rc = -EPERM;
 830		if (size != TRANS_TRUE_SIZE ||
 831		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
 832			rc = -EINVAL;
 833	} else
 834		rc = cap_inode_setxattr(dentry, name, value, size, flags);
 835
 836	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 837	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 838
 839	if (rc == 0)
 840		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 841
 842	return rc;
 843}
 844
 845/**
 846 * smack_inode_post_setxattr - Apply the Smack update approved above
 847 * @dentry: object
 848 * @name: attribute name
 849 * @value: attribute value
 850 * @size: attribute size
 851 * @flags: unused
 852 *
 853 * Set the pointer in the inode blob to the entry found
 854 * in the master label list.
 855 */
 856static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
 857				      const void *value, size_t size, int flags)
 858{
 859	char *nsp;
 860	struct inode_smack *isp = dentry->d_inode->i_security;
 861
 862	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
 863		nsp = smk_import(value, size);
 864		if (nsp != NULL)
 865			isp->smk_inode = nsp;
 866		else
 867			isp->smk_inode = smack_known_invalid.smk_known;
 868	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
 869		nsp = smk_import(value, size);
 870		if (nsp != NULL)
 871			isp->smk_task = nsp;
 872		else
 873			isp->smk_task = smack_known_invalid.smk_known;
 874	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
 875		nsp = smk_import(value, size);
 876		if (nsp != NULL)
 877			isp->smk_mmap = nsp;
 878		else
 879			isp->smk_mmap = smack_known_invalid.smk_known;
 880	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
 881		isp->smk_flags |= SMK_INODE_TRANSMUTE;
 882
 883	return;
 884}
 885
 886/**
 887 * smack_inode_getxattr - Smack check on getxattr
 888 * @dentry: the object
 889 * @name: unused
 890 *
 891 * Returns 0 if access is permitted, an error code otherwise
 892 */
 893static int smack_inode_getxattr(struct dentry *dentry, const char *name)
 894{
 895	struct smk_audit_info ad;
 896
 897	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 898	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 899
 900	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
 901}
 902
 903/**
 904 * smack_inode_removexattr - Smack check on removexattr
 905 * @dentry: the object
 906 * @name: name of the attribute
 907 *
 908 * Removing the Smack attribute requires CAP_MAC_ADMIN
 909 *
 910 * Returns 0 if access is permitted, an error code otherwise
 911 */
 912static int smack_inode_removexattr(struct dentry *dentry, const char *name)
 913{
 914	struct inode_smack *isp;
 915	struct smk_audit_info ad;
 916	int rc = 0;
 917
 918	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
 919	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 920	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
 921	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
 922	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
 923	    strcmp(name, XATTR_NAME_SMACKMMAP)) {
 924		if (!capable(CAP_MAC_ADMIN))
 925			rc = -EPERM;
 926	} else
 927		rc = cap_inode_removexattr(dentry, name);
 928
 929	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 930	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 931	if (rc == 0)
 932		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 933
 934	if (rc == 0) {
 935		isp = dentry->d_inode->i_security;
 936		isp->smk_task = NULL;
 937		isp->smk_mmap = NULL;
 938	}
 939
 940	return rc;
 941}
 942
 943/**
 944 * smack_inode_getsecurity - get smack xattrs
 945 * @inode: the object
 946 * @name: attribute name
 947 * @buffer: where to put the result
 948 * @alloc: unused
 949 *
 950 * Returns the size of the attribute or an error code
 951 */
 952static int smack_inode_getsecurity(const struct inode *inode,
 953				   const char *name, void **buffer,
 954				   bool alloc)
 955{
 956	struct socket_smack *ssp;
 957	struct socket *sock;
 958	struct super_block *sbp;
 959	struct inode *ip = (struct inode *)inode;
 960	char *isp;
 961	int ilen;
 962	int rc = 0;
 963
 964	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
 965		isp = smk_of_inode(inode);
 966		ilen = strlen(isp) + 1;
 967		*buffer = isp;
 968		return ilen;
 969	}
 970
 971	/*
 972	 * The rest of the Smack xattrs are only on sockets.
 973	 */
 974	sbp = ip->i_sb;
 975	if (sbp->s_magic != SOCKFS_MAGIC)
 976		return -EOPNOTSUPP;
 977
 978	sock = SOCKET_I(ip);
 979	if (sock == NULL || sock->sk == NULL)
 980		return -EOPNOTSUPP;
 981
 982	ssp = sock->sk->sk_security;
 983
 984	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
 985		isp = ssp->smk_in;
 986	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
 987		isp = ssp->smk_out;
 988	else
 989		return -EOPNOTSUPP;
 990
 991	ilen = strlen(isp) + 1;
 992	if (rc == 0) {
 993		*buffer = isp;
 994		rc = ilen;
 995	}
 996
 997	return rc;
 998}
 999
1000
1001/**
1002 * smack_inode_listsecurity - list the Smack attributes
1003 * @inode: the object
1004 * @buffer: where they go
1005 * @buffer_size: size of buffer
1006 *
1007 * Returns 0 on success, -EINVAL otherwise
1008 */
1009static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1010				    size_t buffer_size)
1011{
1012	int len = strlen(XATTR_NAME_SMACK);
1013
1014	if (buffer != NULL && len <= buffer_size) {
1015		memcpy(buffer, XATTR_NAME_SMACK, len);
1016		return len;
1017	}
1018	return -EINVAL;
1019}
1020
1021/**
1022 * smack_inode_getsecid - Extract inode's security id
1023 * @inode: inode to extract the info from
1024 * @secid: where result will be saved
1025 */
1026static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1027{
1028	struct inode_smack *isp = inode->i_security;
1029
1030	*secid = smack_to_secid(isp->smk_inode);
1031}
1032
1033/*
1034 * File Hooks
1035 */
1036
1037/**
1038 * smack_file_permission - Smack check on file operations
1039 * @file: unused
1040 * @mask: unused
1041 *
1042 * Returns 0
1043 *
1044 * Should access checks be done on each read or write?
1045 * UNICOS and SELinux say yes.
1046 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1047 *
1048 * I'll say no for now. Smack does not do the frequent
1049 * label changing that SELinux does.
1050 */
1051static int smack_file_permission(struct file *file, int mask)
1052{
1053	return 0;
1054}
1055
1056/**
1057 * smack_file_alloc_security - assign a file security blob
1058 * @file: the object
1059 *
1060 * The security blob for a file is a pointer to the master
1061 * label list, so no allocation is done.
1062 *
1063 * Returns 0
1064 */
1065static int smack_file_alloc_security(struct file *file)
1066{
1067	file->f_security = smk_of_current();
1068	return 0;
1069}
1070
1071/**
1072 * smack_file_free_security - clear a file security blob
1073 * @file: the object
1074 *
1075 * The security blob for a file is a pointer to the master
1076 * label list, so no memory is freed.
1077 */
1078static void smack_file_free_security(struct file *file)
1079{
1080	file->f_security = NULL;
1081}
1082
1083/**
1084 * smack_file_ioctl - Smack check on ioctls
1085 * @file: the object
1086 * @cmd: what to do
1087 * @arg: unused
1088 *
1089 * Relies heavily on the correct use of the ioctl command conventions.
1090 *
1091 * Returns 0 if allowed, error code otherwise
1092 */
1093static int smack_file_ioctl(struct file *file, unsigned int cmd,
1094			    unsigned long arg)
1095{
1096	int rc = 0;
1097	struct smk_audit_info ad;
1098
1099	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1100	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1101
1102	if (_IOC_DIR(cmd) & _IOC_WRITE)
1103		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1104
1105	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
1106		rc = smk_curacc(file->f_security, MAY_READ, &ad);
1107
1108	return rc;
1109}
1110
1111/**
1112 * smack_file_lock - Smack check on file locking
1113 * @file: the object
1114 * @cmd: unused
1115 *
1116 * Returns 0 if current has write access, error code otherwise
1117 */
1118static int smack_file_lock(struct file *file, unsigned int cmd)
1119{
1120	struct smk_audit_info ad;
1121
1122	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1123	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1124	return smk_curacc(file->f_security, MAY_WRITE, &ad);
1125}
1126
1127/**
1128 * smack_file_fcntl - Smack check on fcntl
1129 * @file: the object
1130 * @cmd: what action to check
1131 * @arg: unused
1132 *
1133 * Generally these operations are harmless.
1134 * File locking operations present an obvious mechanism
1135 * for passing information, so they require write access.
1136 *
1137 * Returns 0 if current has access, error code otherwise
1138 */
1139static int smack_file_fcntl(struct file *file, unsigned int cmd,
1140			    unsigned long arg)
1141{
1142	struct smk_audit_info ad;
1143	int rc = 0;
1144
1145
1146	switch (cmd) {
1147	case F_GETLK:
1148	case F_SETLK:
1149	case F_SETLKW:
1150	case F_SETOWN:
1151	case F_SETSIG:
1152		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1153		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1154		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1155		break;
1156	default:
1157		break;
1158	}
1159
1160	return rc;
1161}
1162
1163/**
1164 * smack_file_mmap :
1165 * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1166 * if mapping anonymous memory.
1167 * @file contains the file structure for file to map (may be NULL).
1168 * @reqprot contains the protection requested by the application.
1169 * @prot contains the protection that will be applied by the kernel.
1170 * @flags contains the operational flags.
1171 * Return 0 if permission is granted.
1172 */
1173static int smack_file_mmap(struct file *file,
1174			   unsigned long reqprot, unsigned long prot,
1175			   unsigned long flags, unsigned long addr,
1176			   unsigned long addr_only)
1177{
1178	struct smack_known *skp;
1179	struct smack_rule *srp;
1180	struct task_smack *tsp;
1181	char *sp;
1182	char *msmack;
1183	char *osmack;
1184	struct inode_smack *isp;
1185	struct dentry *dp;
1186	int may;
1187	int mmay;
1188	int tmay;
1189	int rc;
1190
1191	/* do DAC check on address space usage */
1192	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
1193	if (rc || addr_only)
1194		return rc;
1195
1196	if (file == NULL || file->f_dentry == NULL)
1197		return 0;
1198
1199	dp = file->f_dentry;
1200
1201	if (dp->d_inode == NULL)
1202		return 0;
1203
1204	isp = dp->d_inode->i_security;
1205	if (isp->smk_mmap == NULL)
1206		return 0;
1207	msmack = isp->smk_mmap;
1208
1209	tsp = current_security();
1210	sp = smk_of_current();
1211	skp = smk_find_entry(sp);
1212	rc = 0;
1213
1214	rcu_read_lock();
1215	/*
1216	 * For each Smack rule associated with the subject
1217	 * label verify that the SMACK64MMAP also has access
1218	 * to that rule's object label.
1219	 */
1220	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1221		osmack = srp->smk_object;
1222		/*
1223		 * Matching labels always allows access.
1224		 */
1225		if (msmack == osmack)
1226			continue;
1227		/*
1228		 * If there is a matching local rule take
1229		 * that into account as well.
1230		 */
1231		may = smk_access_entry(srp->smk_subject, osmack,
1232					&tsp->smk_rules);
1233		if (may == -ENOENT)
1234			may = srp->smk_access;
1235		else
1236			may &= srp->smk_access;
1237		/*
1238		 * If may is zero the SMACK64MMAP subject can't
1239		 * possibly have less access.
1240		 */
1241		if (may == 0)
1242			continue;
1243
1244		/*
1245		 * Fetch the global list entry.
1246		 * If there isn't one a SMACK64MMAP subject
1247		 * can't have as much access as current.
1248		 */
1249		skp = smk_find_entry(msmack);
1250		mmay = smk_access_entry(msmack, osmack, &skp->smk_rules);
1251		if (mmay == -ENOENT) {
1252			rc = -EACCES;
1253			break;
1254		}
1255		/*
1256		 * If there is a local entry it modifies the
1257		 * potential access, too.
1258		 */
1259		tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1260		if (tmay != -ENOENT)
1261			mmay &= tmay;
1262
1263		/*
1264		 * If there is any access available to current that is
1265		 * not available to a SMACK64MMAP subject
1266		 * deny access.
1267		 */
1268		if ((may | mmay) != mmay) {
1269			rc = -EACCES;
1270			break;
1271		}
1272	}
1273
1274	rcu_read_unlock();
1275
1276	return rc;
1277}
1278
1279/**
1280 * smack_file_set_fowner - set the file security blob value
1281 * @file: object in question
1282 *
1283 * Returns 0
1284 * Further research may be required on this one.
1285 */
1286static int smack_file_set_fowner(struct file *file)
1287{
1288	file->f_security = smk_of_current();
1289	return 0;
1290}
1291
1292/**
1293 * smack_file_send_sigiotask - Smack on sigio
1294 * @tsk: The target task
1295 * @fown: the object the signal come from
1296 * @signum: unused
1297 *
1298 * Allow a privileged task to get signals even if it shouldn't
1299 *
1300 * Returns 0 if a subject with the object's smack could
1301 * write to the task, an error code otherwise.
1302 */
1303static int smack_file_send_sigiotask(struct task_struct *tsk,
1304				     struct fown_struct *fown, int signum)
1305{
1306	struct file *file;
1307	int rc;
1308	char *tsp = smk_of_task(tsk->cred->security);
1309	struct smk_audit_info ad;
1310
1311	/*
1312	 * struct fown_struct is never outside the context of a struct file
1313	 */
1314	file = container_of(fown, struct file, f_owner);
1315
1316	/* we don't log here as rc can be overriden */
1317	rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1318	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1319		rc = 0;
1320
1321	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1322	smk_ad_setfield_u_tsk(&ad, tsk);
1323	smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1324	return rc;
1325}
1326
1327/**
1328 * smack_file_receive - Smack file receive check
1329 * @file: the object
1330 *
1331 * Returns 0 if current has access, error code otherwise
1332 */
1333static int smack_file_receive(struct file *file)
1334{
1335	int may = 0;
1336	struct smk_audit_info ad;
1337
1338	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1339	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1340	/*
1341	 * This code relies on bitmasks.
1342	 */
1343	if (file->f_mode & FMODE_READ)
1344		may = MAY_READ;
1345	if (file->f_mode & FMODE_WRITE)
1346		may |= MAY_WRITE;
1347
1348	return smk_curacc(file->f_security, may, &ad);
1349}
1350
1351/**
1352 * smack_dentry_open - Smack dentry open processing
1353 * @file: the object
1354 * @cred: unused
1355 *
1356 * Set the security blob in the file structure.
1357 *
1358 * Returns 0
1359 */
1360static int smack_dentry_open(struct file *file, const struct cred *cred)
1361{
1362	struct inode_smack *isp = file->f_path.dentry->d_inode->i_security;
1363
1364	file->f_security = isp->smk_inode;
1365
1366	return 0;
1367}
1368
1369/*
1370 * Task hooks
1371 */
1372
1373/**
1374 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1375 * @new: the new credentials
1376 * @gfp: the atomicity of any memory allocations
1377 *
1378 * Prepare a blank set of credentials for modification.  This must allocate all
1379 * the memory the LSM module might require such that cred_transfer() can
1380 * complete without error.
1381 */
1382static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1383{
1384	struct task_smack *tsp;
1385
1386	tsp = new_task_smack(NULL, NULL, gfp);
1387	if (tsp == NULL)
1388		return -ENOMEM;
1389
1390	cred->security = tsp;
1391
1392	return 0;
1393}
1394
1395
1396/**
1397 * smack_cred_free - "free" task-level security credentials
1398 * @cred: the credentials in question
1399 *
1400 */
1401static void smack_cred_free(struct cred *cred)
1402{
1403	struct task_smack *tsp = cred->security;
1404	struct smack_rule *rp;
1405	struct list_head *l;
1406	struct list_head *n;
1407
1408	if (tsp == NULL)
1409		return;
1410	cred->security = NULL;
1411
1412	list_for_each_safe(l, n, &tsp->smk_rules) {
1413		rp = list_entry(l, struct smack_rule, list);
1414		list_del(&rp->list);
1415		kfree(rp);
1416	}
1417	kfree(tsp);
1418}
1419
1420/**
1421 * smack_cred_prepare - prepare new set of credentials for modification
1422 * @new: the new credentials
1423 * @old: the original credentials
1424 * @gfp: the atomicity of any memory allocations
1425 *
1426 * Prepare a new set of credentials for modification.
1427 */
1428static int smack_cred_prepare(struct cred *new, const struct cred *old,
1429			      gfp_t gfp)
1430{
1431	struct task_smack *old_tsp = old->security;
1432	struct task_smack *new_tsp;
1433	int rc;
1434
1435	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1436	if (new_tsp == NULL)
1437		return -ENOMEM;
1438
1439	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1440	if (rc != 0)
1441		return rc;
1442
1443	new->security = new_tsp;
1444	return 0;
1445}
1446
1447/**
1448 * smack_cred_transfer - Transfer the old credentials to the new credentials
1449 * @new: the new credentials
1450 * @old: the original credentials
1451 *
1452 * Fill in a set of blank credentials from another set of credentials.
1453 */
1454static void smack_cred_transfer(struct cred *new, const struct cred *old)
1455{
1456	struct task_smack *old_tsp = old->security;
1457	struct task_smack *new_tsp = new->security;
1458
1459	new_tsp->smk_task = old_tsp->smk_task;
1460	new_tsp->smk_forked = old_tsp->smk_task;
1461	mutex_init(&new_tsp->smk_rules_lock);
1462	INIT_LIST_HEAD(&new_tsp->smk_rules);
1463
1464
1465	/* cbs copy rule list */
1466}
1467
1468/**
1469 * smack_kernel_act_as - Set the subjective context in a set of credentials
1470 * @new: points to the set of credentials to be modified.
1471 * @secid: specifies the security ID to be set
1472 *
1473 * Set the security data for a kernel service.
1474 */
1475static int smack_kernel_act_as(struct cred *new, u32 secid)
1476{
1477	struct task_smack *new_tsp = new->security;
1478	char *smack = smack_from_secid(secid);
1479
1480	if (smack == NULL)
1481		return -EINVAL;
1482
1483	new_tsp->smk_task = smack;
1484	return 0;
1485}
1486
1487/**
1488 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1489 * @new: points to the set of credentials to be modified
1490 * @inode: points to the inode to use as a reference
1491 *
1492 * Set the file creation context in a set of credentials to the same
1493 * as the objective context of the specified inode
1494 */
1495static int smack_kernel_create_files_as(struct cred *new,
1496					struct inode *inode)
1497{
1498	struct inode_smack *isp = inode->i_security;
1499	struct task_smack *tsp = new->security;
1500
1501	tsp->smk_forked = isp->smk_inode;
1502	tsp->smk_task = isp->smk_inode;
1503	return 0;
1504}
1505
1506/**
1507 * smk_curacc_on_task - helper to log task related access
1508 * @p: the task object
1509 * @access: the access requested
1510 * @caller: name of the calling function for audit
1511 *
1512 * Return 0 if access is permitted
1513 */
1514static int smk_curacc_on_task(struct task_struct *p, int access,
1515				const char *caller)
1516{
1517	struct smk_audit_info ad;
1518
1519	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1520	smk_ad_setfield_u_tsk(&ad, p);
1521	return smk_curacc(smk_of_task(task_security(p)), access, &ad);
1522}
1523
1524/**
1525 * smack_task_setpgid - Smack check on setting pgid
1526 * @p: the task object
1527 * @pgid: unused
1528 *
1529 * Return 0 if write access is permitted
1530 */
1531static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1532{
1533	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1534}
1535
1536/**
1537 * smack_task_getpgid - Smack access check for getpgid
1538 * @p: the object task
1539 *
1540 * Returns 0 if current can read the object task, error code otherwise
1541 */
1542static int smack_task_getpgid(struct task_struct *p)
1543{
1544	return smk_curacc_on_task(p, MAY_READ, __func__);
1545}
1546
1547/**
1548 * smack_task_getsid - Smack access check for getsid
1549 * @p: the object task
1550 *
1551 * Returns 0 if current can read the object task, error code otherwise
1552 */
1553static int smack_task_getsid(struct task_struct *p)
1554{
1555	return smk_curacc_on_task(p, MAY_READ, __func__);
1556}
1557
1558/**
1559 * smack_task_getsecid - get the secid of the task
1560 * @p: the object task
1561 * @secid: where to put the result
1562 *
1563 * Sets the secid to contain a u32 version of the smack label.
1564 */
1565static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1566{
1567	*secid = smack_to_secid(smk_of_task(task_security(p)));
1568}
1569
1570/**
1571 * smack_task_setnice - Smack check on setting nice
1572 * @p: the task object
1573 * @nice: unused
1574 *
1575 * Return 0 if write access is permitted
1576 */
1577static int smack_task_setnice(struct task_struct *p, int nice)
1578{
1579	int rc;
1580
1581	rc = cap_task_setnice(p, nice);
1582	if (rc == 0)
1583		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1584	return rc;
1585}
1586
1587/**
1588 * smack_task_setioprio - Smack check on setting ioprio
1589 * @p: the task object
1590 * @ioprio: unused
1591 *
1592 * Return 0 if write access is permitted
1593 */
1594static int smack_task_setioprio(struct task_struct *p, int ioprio)
1595{
1596	int rc;
1597
1598	rc = cap_task_setioprio(p, ioprio);
1599	if (rc == 0)
1600		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1601	return rc;
1602}
1603
1604/**
1605 * smack_task_getioprio - Smack check on reading ioprio
1606 * @p: the task object
1607 *
1608 * Return 0 if read access is permitted
1609 */
1610static int smack_task_getioprio(struct task_struct *p)
1611{
1612	return smk_curacc_on_task(p, MAY_READ, __func__);
1613}
1614
1615/**
1616 * smack_task_setscheduler - Smack check on setting scheduler
1617 * @p: the task object
1618 * @policy: unused
1619 * @lp: unused
1620 *
1621 * Return 0 if read access is permitted
1622 */
1623static int smack_task_setscheduler(struct task_struct *p)
1624{
1625	int rc;
1626
1627	rc = cap_task_setscheduler(p);
1628	if (rc == 0)
1629		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1630	return rc;
1631}
1632
1633/**
1634 * smack_task_getscheduler - Smack check on reading scheduler
1635 * @p: the task object
1636 *
1637 * Return 0 if read access is permitted
1638 */
1639static int smack_task_getscheduler(struct task_struct *p)
1640{
1641	return smk_curacc_on_task(p, MAY_READ, __func__);
1642}
1643
1644/**
1645 * smack_task_movememory - Smack check on moving memory
1646 * @p: the task object
1647 *
1648 * Return 0 if write access is permitted
1649 */
1650static int smack_task_movememory(struct task_struct *p)
1651{
1652	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1653}
1654
1655/**
1656 * smack_task_kill - Smack check on signal delivery
1657 * @p: the task object
1658 * @info: unused
1659 * @sig: unused
1660 * @secid: identifies the smack to use in lieu of current's
1661 *
1662 * Return 0 if write access is permitted
1663 *
1664 * The secid behavior is an artifact of an SELinux hack
1665 * in the USB code. Someday it may go away.
1666 */
1667static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1668			   int sig, u32 secid)
1669{
1670	struct smk_audit_info ad;
1671
1672	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1673	smk_ad_setfield_u_tsk(&ad, p);
1674	/*
1675	 * Sending a signal requires that the sender
1676	 * can write the receiver.
1677	 */
1678	if (secid == 0)
1679		return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE,
1680				  &ad);
1681	/*
1682	 * If the secid isn't 0 we're dealing with some USB IO
1683	 * specific behavior. This is not clean. For one thing
1684	 * we can't take privilege into account.
1685	 */
1686	return smk_access(smack_from_secid(secid),
1687			  smk_of_task(task_security(p)), MAY_WRITE, &ad);
1688}
1689
1690/**
1691 * smack_task_wait - Smack access check for waiting
1692 * @p: task to wait for
1693 *
1694 * Returns 0 if current can wait for p, error code otherwise
1695 */
1696static int smack_task_wait(struct task_struct *p)
1697{
1698	struct smk_audit_info ad;
1699	char *sp = smk_of_current();
1700	char *tsp = smk_of_forked(task_security(p));
1701	int rc;
1702
1703	/* we don't log here, we can be overriden */
1704	rc = smk_access(tsp, sp, MAY_WRITE, NULL);
1705	if (rc == 0)
1706		goto out_log;
1707
1708	/*
1709	 * Allow the operation to succeed if either task
1710	 * has privilege to perform operations that might
1711	 * account for the smack labels having gotten to
1712	 * be different in the first place.
1713	 *
1714	 * This breaks the strict subject/object access
1715	 * control ideal, taking the object's privilege
1716	 * state into account in the decision as well as
1717	 * the smack value.
1718	 */
1719	if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
1720		rc = 0;
1721	/* we log only if we didn't get overriden */
1722 out_log:
1723	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1724	smk_ad_setfield_u_tsk(&ad, p);
1725	smack_log(tsp, sp, MAY_WRITE, rc, &ad);
1726	return rc;
1727}
1728
1729/**
1730 * smack_task_to_inode - copy task smack into the inode blob
1731 * @p: task to copy from
1732 * @inode: inode to copy to
1733 *
1734 * Sets the smack pointer in the inode security blob
1735 */
1736static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1737{
1738	struct inode_smack *isp = inode->i_security;
1739	isp->smk_inode = smk_of_task(task_security(p));
1740}
1741
1742/*
1743 * Socket hooks.
1744 */
1745
1746/**
1747 * smack_sk_alloc_security - Allocate a socket blob
1748 * @sk: the socket
1749 * @family: unused
1750 * @gfp_flags: memory allocation flags
1751 *
1752 * Assign Smack pointers to current
1753 *
1754 * Returns 0 on success, -ENOMEM is there's no memory
1755 */
1756static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1757{
1758	char *csp = smk_of_current();
1759	struct socket_smack *ssp;
1760
1761	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1762	if (ssp == NULL)
1763		return -ENOMEM;
1764
1765	ssp->smk_in = csp;
1766	ssp->smk_out = csp;
1767	ssp->smk_packet = NULL;
1768
1769	sk->sk_security = ssp;
1770
1771	return 0;
1772}
1773
1774/**
1775 * smack_sk_free_security - Free a socket blob
1776 * @sk: the socket
1777 *
1778 * Clears the blob pointer
1779 */
1780static void smack_sk_free_security(struct sock *sk)
1781{
1782	kfree(sk->sk_security);
1783}
1784
1785/**
1786* smack_host_label - check host based restrictions
1787* @sip: the object end
1788*
1789* looks for host based access restrictions
1790*
1791* This version will only be appropriate for really small sets of single label
1792* hosts.  The caller is responsible for ensuring that the RCU read lock is
1793* taken before calling this function.
1794*
1795* Returns the label of the far end or NULL if it's not special.
1796*/
1797static char *smack_host_label(struct sockaddr_in *sip)
1798{
1799	struct smk_netlbladdr *snp;
1800	struct in_addr *siap = &sip->sin_addr;
1801
1802	if (siap->s_addr == 0)
1803		return NULL;
1804
1805	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1806		/*
1807		* we break after finding the first match because
1808		* the list is sorted from longest to shortest mask
1809		* so we have found the most specific match
1810		*/
1811		if ((&snp->smk_host.sin_addr)->s_addr ==
1812		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1813			/* we have found the special CIPSO option */
1814			if (snp->smk_label == smack_cipso_option)
1815				return NULL;
1816			return snp->smk_label;
1817		}
1818
1819	return NULL;
1820}
1821
1822/**
1823 * smack_set_catset - convert a capset to netlabel mls categories
1824 * @catset: the Smack categories
1825 * @sap: where to put the netlabel categories
1826 *
1827 * Allocates and fills attr.mls.cat
1828 */
1829static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1830{
1831	unsigned char *cp;
1832	unsigned char m;
1833	int cat;
1834	int rc;
1835	int byte;
1836
1837	if (!catset)
1838		return;
1839
1840	sap->flags |= NETLBL_SECATTR_MLS_CAT;
1841	sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1842	sap->attr.mls.cat->startbit = 0;
1843
1844	for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1845		for (m = 0x80; m != 0; m >>= 1, cat++) {
1846			if ((m & *cp) == 0)
1847				continue;
1848			rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1849							  cat, GFP_ATOMIC);
1850		}
1851}
1852
1853/**
1854 * smack_to_secattr - fill a secattr from a smack value
1855 * @smack: the smack value
1856 * @nlsp: where the result goes
1857 *
1858 * Casey says that CIPSO is good enough for now.
1859 * It can be used to effect.
1860 * It can also be abused to effect when necessary.
1861 * Apologies to the TSIG group in general and GW in particular.
1862 */
1863static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1864{
1865	struct smack_cipso cipso;
1866	int rc;
1867
1868	nlsp->domain = smack;
1869	nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
1870
1871	rc = smack_to_cipso(smack, &cipso);
1872	if (rc == 0) {
1873		nlsp->attr.mls.lvl = cipso.smk_level;
1874		smack_set_catset(cipso.smk_catset, nlsp);
1875	} else {
1876		nlsp->attr.mls.lvl = smack_cipso_direct;
1877		smack_set_catset(smack, nlsp);
1878	}
1879}
1880
1881/**
1882 * smack_netlabel - Set the secattr on a socket
1883 * @sk: the socket
1884 * @labeled: socket label scheme
1885 *
1886 * Convert the outbound smack value (smk_out) to a
1887 * secattr and attach it to the socket.
1888 *
1889 * Returns 0 on success or an error code
1890 */
1891static int smack_netlabel(struct sock *sk, int labeled)
1892{
1893	struct socket_smack *ssp = sk->sk_security;
1894	struct netlbl_lsm_secattr secattr;
1895	int rc = 0;
1896
1897	/*
1898	 * Usually the netlabel code will handle changing the
1899	 * packet labeling based on the label.
1900	 * The case of a single label host is different, because
1901	 * a single label host should never get a labeled packet
1902	 * even though the label is usually associated with a packet
1903	 * label.
1904	 */
1905	local_bh_disable();
1906	bh_lock_sock_nested(sk);
1907
1908	if (ssp->smk_out == smack_net_ambient ||
1909	    labeled == SMACK_UNLABELED_SOCKET)
1910		netlbl_sock_delattr(sk);
1911	else {
1912		netlbl_secattr_init(&secattr);
1913		smack_to_secattr(ssp->smk_out, &secattr);
1914		rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);
1915		netlbl_secattr_destroy(&secattr);
1916	}
1917
1918	bh_unlock_sock(sk);
1919	local_bh_enable();
1920
1921	return rc;
1922}
1923
1924/**
1925 * smack_netlbel_send - Set the secattr on a socket and perform access checks
1926 * @sk: the socket
1927 * @sap: the destination address
1928 *
1929 * Set the correct secattr for the given socket based on the destination
1930 * address and perform any outbound access checks needed.
1931 *
1932 * Returns 0 on success or an error code.
1933 *
1934 */
1935static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1936{
1937	int rc;
1938	int sk_lbl;
1939	char *hostsp;
1940	struct socket_smack *ssp = sk->sk_security;
1941	struct smk_audit_info ad;
1942	struct lsm_network_audit net;
1943
1944	rcu_read_lock();
1945	hostsp = smack_host_label(sap);
1946	if (hostsp != NULL) {
1947		sk_lbl = SMACK_UNLABELED_SOCKET;
1948#ifdef CONFIG_AUDIT
1949		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
1950		ad.a.u.net->family = sap->sin_family;
1951		ad.a.u.net->dport = sap->sin_port;
1952		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
1953#endif
1954		rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1955	} else {
1956		sk_lbl = SMACK_CIPSO_SOCKET;
1957		rc = 0;
1958	}
1959	rcu_read_unlock();
1960	if (rc != 0)
1961		return rc;
1962
1963	return smack_netlabel(sk, sk_lbl);
1964}
1965
1966/**
1967 * smack_inode_setsecurity - set smack xattrs
1968 * @inode: the object
1969 * @name: attribute name
1970 * @value: attribute value
1971 * @size: size of the attribute
1972 * @flags: unused
1973 *
1974 * Sets the named attribute in the appropriate blob
1975 *
1976 * Returns 0 on success, or an error code
1977 */
1978static int smack_inode_setsecurity(struct inode *inode, const char *name,
1979				   const void *value, size_t size, int flags)
1980{
1981	char *sp;
1982	struct inode_smack *nsp = inode->i_security;
1983	struct socket_smack *ssp;
1984	struct socket *sock;
1985	int rc = 0;
1986
1987	if (value == NULL || size > SMK_LABELLEN || size == 0)
1988		return -EACCES;
1989
1990	sp = smk_import(value, size);
1991	if (sp == NULL)
1992		return -EINVAL;
1993
1994	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1995		nsp->smk_inode = sp;
1996		nsp->smk_flags |= SMK_INODE_INSTANT;
1997		return 0;
1998	}
1999	/*
2000	 * The rest of the Smack xattrs are only on sockets.
2001	 */
2002	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2003		return -EOPNOTSUPP;
2004
2005	sock = SOCKET_I(inode);
2006	if (sock == NULL || sock->sk == NULL)
2007		return -EOPNOTSUPP;
2008
2009	ssp = sock->sk->sk_security;
2010
2011	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2012		ssp->smk_in = sp;
2013	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2014		ssp->smk_out = sp;
2015		if (sock->sk->sk_family != PF_UNIX) {
2016			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2017			if (rc != 0)
2018				printk(KERN_WARNING
2019					"Smack: \"%s\" netlbl error %d.\n",
2020					__func__, -rc);
2021		}
2022	} else
2023		return -EOPNOTSUPP;
2024
2025	return 0;
2026}
2027
2028/**
2029 * smack_socket_post_create - finish socket setup
2030 * @sock: the socket
2031 * @family: protocol family
2032 * @type: unused
2033 * @protocol: unused
2034 * @kern: unused
2035 *
2036 * Sets the netlabel information on the socket
2037 *
2038 * Returns 0 on success, and error code otherwise
2039 */
2040static int smack_socket_post_create(struct socket *sock, int family,
2041				    int type, int protocol, int kern)
2042{
2043	if (family != PF_INET || sock->sk == NULL)
2044		return 0;
2045	/*
2046	 * Set the outbound netlbl.
2047	 */
2048	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2049}
2050
2051/**
2052 * smack_socket_connect - connect access check
2053 * @sock: the socket
2054 * @sap: the other end
2055 * @addrlen: size of sap
2056 *
2057 * Verifies that a connection may be possible
2058 *
2059 * Returns 0 on success, and error code otherwise
2060 */
2061static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2062				int addrlen)
2063{
2064	if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
2065		return 0;
2066	if (addrlen < sizeof(struct sockaddr_in))
2067		return -EINVAL;
2068
2069	return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2070}
2071
2072/**
2073 * smack_flags_to_may - convert S_ to MAY_ values
2074 * @flags: the S_ value
2075 *
2076 * Returns the equivalent MAY_ value
2077 */
2078static int smack_flags_to_may(int flags)
2079{
2080	int may = 0;
2081
2082	if (flags & S_IRUGO)
2083		may |= MAY_READ;
2084	if (flags & S_IWUGO)
2085		may |= MAY_WRITE;
2086	if (flags & S_IXUGO)
2087		may |= MAY_EXEC;
2088
2089	return may;
2090}
2091
2092/**
2093 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2094 * @msg: the object
2095 *
2096 * Returns 0
2097 */
2098static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2099{
2100	msg->security = smk_of_current();
2101	return 0;
2102}
2103
2104/**
2105 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2106 * @msg: the object
2107 *
2108 * Clears the blob pointer
2109 */
2110static void smack_msg_msg_free_security(struct msg_msg *msg)
2111{
2112	msg->security = NULL;
2113}
2114
2115/**
2116 * smack_of_shm - the smack pointer for the shm
2117 * @shp: the object
2118 *
2119 * Returns a pointer to the smack value
2120 */
2121static char *smack_of_shm(struct shmid_kernel *shp)
2122{
2123	return (char *)shp->shm_perm.security;
2124}
2125
2126/**
2127 * smack_shm_alloc_security - Set the security blob for shm
2128 * @shp: the object
2129 *
2130 * Returns 0
2131 */
2132static int smack_shm_alloc_security(struct shmid_kernel *shp)
2133{
2134	struct kern_ipc_perm *isp = &shp->shm_perm;
2135
2136	isp->security = smk_of_current();
2137	return 0;
2138}
2139
2140/**
2141 * smack_shm_free_security - Clear the security blob for shm
2142 * @shp: the object
2143 *
2144 * Clears the blob pointer
2145 */
2146static void smack_shm_free_security(struct shmid_kernel *shp)
2147{
2148	struct kern_ipc_perm *isp = &shp->shm_perm;
2149
2150	isp->security = NULL;
2151}
2152
2153/**
2154 * smk_curacc_shm : check if current has access on shm
2155 * @shp : the object
2156 * @access : access requested
2157 *
2158 * Returns 0 if current has the requested access, error code otherwise
2159 */
2160static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2161{
2162	char *ssp = smack_of_shm(shp);
2163	struct smk_audit_info ad;
2164
2165#ifdef CONFIG_AUDIT
2166	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2167	ad.a.u.ipc_id = shp->shm_perm.id;
2168#endif
2169	return smk_curacc(ssp, access, &ad);
2170}
2171
2172/**
2173 * smack_shm_associate - Smack access check for shm
2174 * @shp: the object
2175 * @shmflg: access requested
2176 *
2177 * Returns 0 if current has the requested access, error code otherwise
2178 */
2179static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2180{
2181	int may;
2182
2183	may = smack_flags_to_may(shmflg);
2184	return smk_curacc_shm(shp, may);
2185}
2186
2187/**
2188 * smack_shm_shmctl - Smack access check for shm
2189 * @shp: the object
2190 * @cmd: what it wants to do
2191 *
2192 * Returns 0 if current has the requested access, error code otherwise
2193 */
2194static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2195{
2196	int may;
2197
2198	switch (cmd) {
2199	case IPC_STAT:
2200	case SHM_STAT:
2201		may = MAY_READ;
2202		break;
2203	case IPC_SET:
2204	case SHM_LOCK:
2205	case SHM_UNLOCK:
2206	case IPC_RMID:
2207		may = MAY_READWRITE;
2208		break;
2209	case IPC_INFO:
2210	case SHM_INFO:
2211		/*
2212		 * System level information.
2213		 */
2214		return 0;
2215	default:
2216		return -EINVAL;
2217	}
2218	return smk_curacc_shm(shp, may);
2219}
2220
2221/**
2222 * smack_shm_shmat - Smack access for shmat
2223 * @shp: the object
2224 * @shmaddr: unused
2225 * @shmflg: access requested
2226 *
2227 * Returns 0 if current has the requested access, error code otherwise
2228 */
2229static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2230			   int shmflg)
2231{
2232	int may;
2233
2234	may = smack_flags_to_may(shmflg);
2235	return smk_curacc_shm(shp, may);
2236}
2237
2238/**
2239 * smack_of_sem - the smack pointer for the sem
2240 * @sma: the object
2241 *
2242 * Returns a pointer to the smack value
2243 */
2244static char *smack_of_sem(struct sem_array *sma)
2245{
2246	return (char *)sma->sem_perm.security;
2247}
2248
2249/**
2250 * smack_sem_alloc_security - Set the security blob for sem
2251 * @sma: the object
2252 *
2253 * Returns 0
2254 */
2255static int smack_sem_alloc_security(struct sem_array *sma)
2256{
2257	struct kern_ipc_perm *isp = &sma->sem_perm;
2258
2259	isp->security = smk_of_current();
2260	return 0;
2261}
2262
2263/**
2264 * smack_sem_free_security - Clear the security blob for sem
2265 * @sma: the object
2266 *
2267 * Clears the blob pointer
2268 */
2269static void smack_sem_free_security(struct sem_array *sma)
2270{
2271	struct kern_ipc_perm *isp = &sma->sem_perm;
2272
2273	isp->security = NULL;
2274}
2275
2276/**
2277 * smk_curacc_sem : check if current has access on sem
2278 * @sma : the object
2279 * @access : access requested
2280 *
2281 * Returns 0 if current has the requested access, error code otherwise
2282 */
2283static int smk_curacc_sem(struct sem_array *sma, int access)
2284{
2285	char *ssp = smack_of_sem(sma);
2286	struct smk_audit_info ad;
2287
2288#ifdef CONFIG_AUDIT
2289	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2290	ad.a.u.ipc_id = sma->sem_perm.id;
2291#endif
2292	return smk_curacc(ssp, access, &ad);
2293}
2294
2295/**
2296 * smack_sem_associate - Smack access check for sem
2297 * @sma: the object
2298 * @semflg: access requested
2299 *
2300 * Returns 0 if current has the requested access, error code otherwise
2301 */
2302static int smack_sem_associate(struct sem_array *sma, int semflg)
2303{
2304	int may;
2305
2306	may = smack_flags_to_may(semflg);
2307	return smk_curacc_sem(sma, may);
2308}
2309
2310/**
2311 * smack_sem_shmctl - Smack access check for sem
2312 * @sma: the object
2313 * @cmd: what it wants to do
2314 *
2315 * Returns 0 if current has the requested access, error code otherwise
2316 */
2317static int smack_sem_semctl(struct sem_array *sma, int cmd)
2318{
2319	int may;
2320
2321	switch (cmd) {
2322	case GETPID:
2323	case GETNCNT:
2324	case GETZCNT:
2325	case GETVAL:
2326	case GETALL:
2327	case IPC_STAT:
2328	case SEM_STAT:
2329		may = MAY_READ;
2330		break;
2331	case SETVAL:
2332	case SETALL:
2333	case IPC_RMID:
2334	case IPC_SET:
2335		may = MAY_READWRITE;
2336		break;
2337	case IPC_INFO:
2338	case SEM_INFO:
2339		/*
2340		 * System level information
2341		 */
2342		return 0;
2343	default:
2344		return -EINVAL;
2345	}
2346
2347	return smk_curacc_sem(sma, may);
2348}
2349
2350/**
2351 * smack_sem_semop - Smack checks of semaphore operations
2352 * @sma: the object
2353 * @sops: unused
2354 * @nsops: unused
2355 * @alter: unused
2356 *
2357 * Treated as read and write in all cases.
2358 *
2359 * Returns 0 if access is allowed, error code otherwise
2360 */
2361static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2362			   unsigned nsops, int alter)
2363{
2364	return smk_curacc_sem(sma, MAY_READWRITE);
2365}
2366
2367/**
2368 * smack_msg_alloc_security - Set the security blob for msg
2369 * @msq: the object
2370 *
2371 * Returns 0
2372 */
2373static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2374{
2375	struct kern_ipc_perm *kisp = &msq->q_perm;
2376
2377	kisp->security = smk_of_current();
2378	return 0;
2379}
2380
2381/**
2382 * smack_msg_free_security - Clear the security blob for msg
2383 * @msq: the object
2384 *
2385 * Clears the blob pointer
2386 */
2387static void smack_msg_queue_free_security(struct msg_queue *msq)
2388{
2389	struct kern_ipc_perm *kisp = &msq->q_perm;
2390
2391	kisp->security = NULL;
2392}
2393
2394/**
2395 * smack_of_msq - the smack pointer for the msq
2396 * @msq: the object
2397 *
2398 * Returns a pointer to the smack value
2399 */
2400static char *smack_of_msq(struct msg_queue *msq)
2401{
2402	return (char *)msq->q_perm.security;
2403}
2404
2405/**
2406 * smk_curacc_msq : helper to check if current has access on msq
2407 * @msq : the msq
2408 * @access : access requested
2409 *
2410 * return 0 if current has access, error otherwise
2411 */
2412static int smk_curacc_msq(struct msg_queue *msq, int access)
2413{
2414	char *msp = smack_of_msq(msq);
2415	struct smk_audit_info ad;
2416
2417#ifdef CONFIG_AUDIT
2418	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2419	ad.a.u.ipc_id = msq->q_perm.id;
2420#endif
2421	return smk_curacc(msp, access, &ad);
2422}
2423
2424/**
2425 * smack_msg_queue_associate - Smack access check for msg_queue
2426 * @msq: the object
2427 * @msqflg: access requested
2428 *
2429 * Returns 0 if current has the requested access, error code otherwise
2430 */
2431static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2432{
2433	int may;
2434
2435	may = smack_flags_to_may(msqflg);
2436	return smk_curacc_msq(msq, may);
2437}
2438
2439/**
2440 * smack_msg_queue_msgctl - Smack access check for msg_queue
2441 * @msq: the object
2442 * @cmd: what it wants to do
2443 *
2444 * Returns 0 if current has the requested access, error code otherwise
2445 */
2446static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2447{
2448	int may;
2449
2450	switch (cmd) {
2451	case IPC_STAT:
2452	case MSG_STAT:
2453		may = MAY_READ;
2454		break;
2455	case IPC_SET:
2456	case IPC_RMID:
2457		may = MAY_READWRITE;
2458		break;
2459	case IPC_INFO:
2460	case MSG_INFO:
2461		/*
2462		 * System level information
2463		 */
2464		return 0;
2465	default:
2466		return -EINVAL;
2467	}
2468
2469	return smk_curacc_msq(msq, may);
2470}
2471
2472/**
2473 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2474 * @msq: the object
2475 * @msg: unused
2476 * @msqflg: access requested
2477 *
2478 * Returns 0 if current has the requested access, error code otherwise
2479 */
2480static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2481				  int msqflg)
2482{
2483	int may;
2484
2485	may = smack_flags_to_may(msqflg);
2486	return smk_curacc_msq(msq, may);
2487}
2488
2489/**
2490 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2491 * @msq: the object
2492 * @msg: unused
2493 * @target: unused
2494 * @type: unused
2495 * @mode: unused
2496 *
2497 * Returns 0 if current has read and write access, error code otherwise
2498 */
2499static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2500			struct task_struct *target, long type, int mode)
2501{
2502	return smk_curacc_msq(msq, MAY_READWRITE);
2503}
2504
2505/**
2506 * smack_ipc_permission - Smack access for ipc_permission()
2507 * @ipp: the object permissions
2508 * @flag: access requested
2509 *
2510 * Returns 0 if current has read and write access, error code otherwise
2511 */
2512static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2513{
2514	char *isp = ipp->security;
2515	int may = smack_flags_to_may(flag);
2516	struct smk_audit_info ad;
2517
2518#ifdef CONFIG_AUDIT
2519	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2520	ad.a.u.ipc_id = ipp->id;
2521#endif
2522	return smk_curacc(isp, may, &ad);
2523}
2524
2525/**
2526 * smack_ipc_getsecid - Extract smack security id
2527 * @ipp: the object permissions
2528 * @secid: where result will be saved
2529 */
2530static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2531{
2532	char *smack = ipp->security;
2533
2534	*secid = smack_to_secid(smack);
2535}
2536
2537/**
2538 * smack_d_instantiate - Make sure the blob is correct on an inode
2539 * @opt_dentry: dentry where inode will be attached
2540 * @inode: the object
2541 *
2542 * Set the inode's security blob if it hasn't been done already.
2543 */
2544static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2545{
2546	struct super_block *sbp;
2547	struct superblock_smack *sbsp;
2548	struct inode_smack *isp;
2549	char *csp = smk_of_current();
2550	char *fetched;
2551	char *final;
2552	char trattr[TRANS_TRUE_SIZE];
2553	int transflag = 0;
2554	struct dentry *dp;
2555
2556	if (inode == NULL)
2557		return;
2558
2559	isp = inode->i_security;
2560
2561	mutex_lock(&isp->smk_lock);
2562	/*
2563	 * If the inode is already instantiated
2564	 * take the quick way out
2565	 */
2566	if (isp->smk_flags & SMK_INODE_INSTANT)
2567		goto unlockandout;
2568
2569	sbp = inode->i_sb;
2570	sbsp = sbp->s_security;
2571	/*
2572	 * We're going to use the superblock default label
2573	 * if there's no label on the file.
2574	 */
2575	final = sbsp->smk_default;
2576
2577	/*
2578	 * If this is the root inode the superblock
2579	 * may be in the process of initialization.
2580	 * If that is the case use the root value out
2581	 * of the superblock.
2582	 */
2583	if (opt_dentry->d_parent == opt_dentry) {
2584		isp->smk_inode = sbsp->smk_root;
2585		isp->smk_flags |= SMK_INODE_INSTANT;
2586		goto unlockandout;
2587	}
2588
2589	/*
2590	 * This is pretty hackish.
2591	 * Casey says that we shouldn't have to do
2592	 * file system specific code, but it does help
2593	 * with keeping it simple.
2594	 */
2595	switch (sbp->s_magic) {
2596	case SMACK_MAGIC:
2597		/*
2598		 * Casey says that it's a little embarrassing
2599		 * that the smack file system doesn't do
2600		 * extended attributes.
2601		 */
2602		final = smack_known_star.smk_known;
2603		break;
2604	case PIPEFS_MAGIC:
2605		/*
2606		 * Casey says pipes are easy (?)
2607		 */
2608		final = smack_known_star.smk_known;
2609		break;
2610	case DEVPTS_SUPER_MAGIC:
2611		/*
2612		 * devpts seems content with the label of the task.
2613		 * Programs that change smack have to treat the
2614		 * pty with respect.
2615		 */
2616		final = csp;
2617		break;
2618	case SOCKFS_MAGIC:
2619		/*
2620		 * Socket access is controlled by the socket
2621		 * structures associated with the task involved.
2622		 */
2623		final = smack_known_star.smk_known;
2624		break;
2625	case PROC_SUPER_MAGIC:
2626		/*
2627		 * Casey says procfs appears not to care.
2628		 * The superblock default suffices.
2629		 */
2630		break;
2631	case TMPFS_MAGIC:
2632		/*
2633		 * Device labels should come from the filesystem,
2634		 * but watch out, because they're volitile,
2635		 * getting recreated on every reboot.
2636		 */
2637		final = smack_known_star.smk_known;
2638		/*
2639		 * No break.
2640		 *
2641		 * If a smack value has been set we want to use it,
2642		 * but since tmpfs isn't giving us the opportunity
2643		 * to set mount options simulate setting the
2644		 * superblock default.
2645		 */
2646	default:
2647		/*
2648		 * This isn't an understood special case.
2649		 * Get the value from the xattr.
2650		 */
2651
2652		/*
2653		 * UNIX domain sockets use lower level socket data.
2654		 */
2655		if (S_ISSOCK(inode->i_mode)) {
2656			final = smack_known_star.smk_known;
2657			break;
2658		}
2659		/*
2660		 * No xattr support means, alas, no SMACK label.
2661		 * Use the aforeapplied default.
2662		 * It would be curious if the label of the task
2663		 * does not match that assigned.
2664		 */
2665		if (inode->i_op->getxattr == NULL)
2666			break;
2667		/*
2668		 * Get the dentry for xattr.
2669		 */
2670		dp = dget(opt_dentry);
2671		fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2672		if (fetched != NULL) {
2673			final = fetched;
2674			if (S_ISDIR(inode->i_mode)) {
2675				trattr[0] = '\0';
2676				inode->i_op->getxattr(dp,
2677					XATTR_NAME_SMACKTRANSMUTE,
2678					trattr, TRANS_TRUE_SIZE);
2679				if (strncmp(trattr, TRANS_TRUE,
2680					    TRANS_TRUE_SIZE) == 0)
2681					transflag = SMK_INODE_TRANSMUTE;
2682			}
2683		}
2684		isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2685		isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2686
2687		dput(dp);
2688		break;
2689	}
2690
2691	if (final == NULL)
2692		isp->smk_inode = csp;
2693	else
2694		isp->smk_inode = final;
2695
2696	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
2697
2698unlockandout:
2699	mutex_unlock(&isp->smk_lock);
2700	return;
2701}
2702
2703/**
2704 * smack_getprocattr - Smack process attribute access
2705 * @p: the object task
2706 * @name: the name of the attribute in /proc/.../attr
2707 * @value: where to put the result
2708 *
2709 * Places a copy of the task Smack into value
2710 *
2711 * Returns the length of the smack label or an error code
2712 */
2713static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2714{
2715	char *cp;
2716	int slen;
2717
2718	if (strcmp(name, "current") != 0)
2719		return -EINVAL;
2720
2721	cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL);
2722	if (cp == NULL)
2723		return -ENOMEM;
2724
2725	slen = strlen(cp);
2726	*value = cp;
2727	return slen;
2728}
2729
2730/**
2731 * smack_setprocattr - Smack process attribute setting
2732 * @p: the object task
2733 * @name: the name of the attribute in /proc/.../attr
2734 * @value: the value to set
2735 * @size: the size of the value
2736 *
2737 * Sets the Smack value of the task. Only setting self
2738 * is permitted and only with privilege
2739 *
2740 * Returns the length of the smack label or an error code
2741 */
2742static int smack_setprocattr(struct task_struct *p, char *name,
2743			     void *value, size_t size)
2744{
2745	int rc;
2746	struct task_smack *tsp;
2747	struct task_smack *oldtsp;
2748	struct cred *new;
2749	char *newsmack;
2750
2751	/*
2752	 * Changing another process' Smack value is too dangerous
2753	 * and supports no sane use case.
2754	 */
2755	if (p != current)
2756		return -EPERM;
2757
2758	if (!capable(CAP_MAC_ADMIN))
2759		return -EPERM;
2760
2761	if (value == NULL || size == 0 || size >= SMK_LABELLEN)
2762		return -EINVAL;
2763
2764	if (strcmp(name, "current") != 0)
2765		return -EINVAL;
2766
2767	newsmack = smk_import(value, size);
2768	if (newsmack == NULL)
2769		return -EINVAL;
2770
2771	/*
2772	 * No process is ever allowed the web ("@") label.
2773	 */
2774	if (newsmack == smack_known_web.smk_known)
2775		return -EPERM;
2776
2777	oldtsp = p->cred->security;
2778	new = prepare_creds();
2779	if (new == NULL)
2780		return -ENOMEM;
2781
2782	tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL);
2783	if (tsp == NULL) {
2784		kfree(new);
2785		return -ENOMEM;
2786	}
2787	rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL);
2788	if (rc != 0)
2789		return rc;
2790
2791	new->security = tsp;
2792	commit_creds(new);
2793	return size;
2794}
2795
2796/**
2797 * smack_unix_stream_connect - Smack access on UDS
2798 * @sock: one sock
2799 * @other: the other sock
2800 * @newsk: unused
2801 *
2802 * Return 0 if a subject with the smack of sock could access
2803 * an object with the smack of other, otherwise an error code
2804 */
2805static int smack_unix_stream_connect(struct sock *sock,
2806				     struct sock *other, struct sock *newsk)
2807{
2808	struct socket_smack *ssp = sock->sk_security;
2809	struct socket_smack *osp = other->sk_security;
2810	struct socket_smack *nsp = newsk->sk_security;
2811	struct smk_audit_info ad;
2812	struct lsm_network_audit net;
2813	int rc = 0;
2814
2815	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2816	smk_ad_setfield_u_net_sk(&ad, other);
2817
2818	if (!capable(CAP_MAC_OVERRIDE))
2819		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2820
2821	/*
2822	 * Cross reference the peer labels for SO_PEERSEC.
2823	 */
2824	if (rc == 0) {
2825		nsp->smk_packet = ssp->smk_out;
2826		ssp->smk_packet = osp->smk_out;
2827	}
2828
2829	return rc;
2830}
2831
2832/**
2833 * smack_unix_may_send - Smack access on UDS
2834 * @sock: one socket
2835 * @other: the other socket
2836 *
2837 * Return 0 if a subject with the smack of sock could access
2838 * an object with the smack of other, otherwise an error code
2839 */
2840static int smack_unix_may_send(struct socket *sock, struct socket *other)
2841{
2842	struct socket_smack *ssp = sock->sk->sk_security;
2843	struct socket_smack *osp = other->sk->sk_security;
2844	struct smk_audit_info ad;
2845	struct lsm_network_audit net;
2846	int rc = 0;
2847
2848	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2849	smk_ad_setfield_u_net_sk(&ad, other->sk);
2850
2851	if (!capable(CAP_MAC_OVERRIDE))
2852		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2853
2854	return rc;
2855}
2856
2857/**
2858 * smack_socket_sendmsg - Smack check based on destination host
2859 * @sock: the socket
2860 * @msg: the message
2861 * @size: the size of the message
2862 *
2863 * Return 0 if the current subject can write to the destination
2864 * host. This is only a question if the destination is a single
2865 * label host.
2866 */
2867static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2868				int size)
2869{
2870	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
2871
2872	/*
2873	 * Perfectly reasonable for this to be NULL
2874	 */
2875	if (sip == NULL || sip->sin_family != AF_INET)
2876		return 0;
2877
2878	return smack_netlabel_send(sock->sk, sip);
2879}
2880
2881/**
2882 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2883 * @sap: netlabel secattr
2884 * @ssp: socket security information
2885 *
2886 * Returns a pointer to a Smack label found on the label list.
2887 */
2888static char *smack_from_secattr(struct netlbl_lsm_secattr *sap,
2889				struct socket_smack *ssp)
2890{
2891	struct smack_known *skp;
2892	char smack[SMK_LABELLEN];
2893	char *sp;
2894	int pcat;
2895
2896	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2897		/*
2898		 * Looks like a CIPSO packet.
2899		 * If there are flags but no level netlabel isn't
2900		 * behaving the way we expect it to.
2901		 *
2902		 * Get the categories, if any
2903		 * Without guidance regarding the smack value
2904		 * for the packet fall back on the network
2905		 * ambient value.
2906		 */
2907		memset(smack, '\0', SMK_LABELLEN);
2908		if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2909			for (pcat = -1;;) {
2910				pcat = netlbl_secattr_catmap_walk(
2911					sap->attr.mls.cat, pcat + 1);
2912				if (pcat < 0)
2913					break;
2914				smack_catset_bit(pcat, smack);
2915			}
2916		/*
2917		 * If it is CIPSO using smack direct mapping
2918		 * we are already done. WeeHee.
2919		 */
2920		if (sap->attr.mls.lvl == smack_cipso_direct) {
2921			/*
2922			 * The label sent is usually on the label list.
2923			 *
2924			 * If it is not we may still want to allow the
2925			 * delivery.
2926			 *
2927			 * If the recipient is accepting all packets
2928			 * because it is using the star ("*") label
2929			 * for SMACK64IPIN provide the web ("@") label
2930			 * so that a directed response will succeed.
2931			 * This is not very correct from a MAC point
2932			 * of view, but gets around the problem that
2933			 * locking prevents adding the newly discovered
2934			 * label to the list.
2935			 * The case where the recipient is not using
2936			 * the star label should obviously fail.
2937			 * The easy way to do this is to provide the
2938			 * star label as the subject label.
2939			 */
2940			skp = smk_find_entry(smack);
2941			if (skp != NULL)
2942				return skp->smk_known;
2943			if (ssp != NULL &&
2944			    ssp->smk_in == smack_known_star.smk_known)
2945				return smack_known_web.smk_known;
2946			return smack_known_star.smk_known;
2947		}
2948		/*
2949		 * Look it up in the supplied table if it is not
2950		 * a direct mapping.
2951		 */
2952		sp = smack_from_cipso(sap->attr.mls.lvl, smack);
2953		if (sp != NULL)
2954			return sp;
2955		if (ssp != NULL && ssp->smk_in == smack_known_star.smk_known)
2956			return smack_known_web.smk_known;
2957		return smack_known_star.smk_known;
2958	}
2959	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2960		/*
2961		 * Looks like a fallback, which gives us a secid.
2962		 */
2963		sp = smack_from_secid(sap->attr.secid);
2964		/*
2965		 * This has got to be a bug because it is
2966		 * impossible to specify a fallback without
2967		 * specifying the label, which will ensure
2968		 * it has a secid, and the only way to get a
2969		 * secid is from a fallback.
2970		 */
2971		BUG_ON(sp == NULL);
2972		return sp;
2973	}
2974	/*
2975	 * Without guidance regarding the smack value
2976	 * for the packet fall back on the network
2977	 * ambient value.
2978	 */
2979	return smack_net_ambient;
2980}
2981
2982/**
2983 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2984 * @sk: socket
2985 * @skb: packet
2986 *
2987 * Returns 0 if the packet should be delivered, an error code otherwise
2988 */
2989static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2990{
2991	struct netlbl_lsm_secattr secattr;
2992	struct socket_smack *ssp = sk->sk_security;
2993	char *csp;
2994	int rc;
2995	struct smk_audit_info ad;
2996	struct lsm_network_audit net;
2997	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2998		return 0;
2999
3000	/*
3001	 * Translate what netlabel gave us.
3002	 */
3003	netlbl_secattr_init(&secattr);
3004
3005	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3006	if (rc == 0)
3007		csp = smack_from_secattr(&secattr, ssp);
3008	else
3009		csp = smack_net_ambient;
3010
3011	netlbl_secattr_destroy(&secattr);
3012
3013#ifdef CONFIG_AUDIT
3014	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3015	ad.a.u.net->family = sk->sk_family;
3016	ad.a.u.net->netif = skb->skb_iif;
3017	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3018#endif
3019	/*
3020	 * Receiving a packet requires that the other end
3021	 * be able to write here. Read access is not required.
3022	 * This is the simplist possible security model
3023	 * for networking.
3024	 */
3025	rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
3026	if (rc != 0)
3027		netlbl_skbuff_err(skb, rc, 0);
3028	return rc;
3029}
3030
3031/**
3032 * smack_socket_getpeersec_stream - pull in packet label
3033 * @sock: the socket
3034 * @optval: user's destination
3035 * @optlen: size thereof
3036 * @len: max thereof
3037 *
3038 * returns zero on success, an error code otherwise
3039 */
3040static int smack_socket_getpeersec_stream(struct socket *sock,
3041					  char __user *optval,
3042					  int __user *optlen, unsigned len)
3043{
3044	struct socket_smack *ssp;
3045	char *rcp = "";
3046	int slen = 1;
3047	int rc = 0;
3048
3049	ssp = sock->sk->sk_security;
3050	if (ssp->smk_packet != NULL) {
3051		rcp = ssp->smk_packet;
3052		slen = strlen(rcp) + 1;
3053	}
3054
3055	if (slen > len)
3056		rc = -ERANGE;
3057	else if (copy_to_user(optval, rcp, slen) != 0)
3058		rc = -EFAULT;
3059
3060	if (put_user(slen, optlen) != 0)
3061		rc = -EFAULT;
3062
3063	return rc;
3064}
3065
3066
3067/**
3068 * smack_socket_getpeersec_dgram - pull in packet label
3069 * @sock: the peer socket
3070 * @skb: packet data
3071 * @secid: pointer to where to put the secid of the packet
3072 *
3073 * Sets the netlabel socket state on sk from parent
3074 */
3075static int smack_socket_getpeersec_dgram(struct socket *sock,
3076					 struct sk_buff *skb, u32 *secid)
3077
3078{
3079	struct netlbl_lsm_secattr secattr;
3080	struct socket_smack *ssp = NULL;
3081	char *sp;
3082	int family = PF_UNSPEC;
3083	u32 s = 0;	/* 0 is the invalid secid */
3084	int rc;
3085
3086	if (skb != NULL) {
3087		if (skb->protocol == htons(ETH_P_IP))
3088			family = PF_INET;
3089		else if (skb->protocol == htons(ETH_P_IPV6))
3090			family = PF_INET6;
3091	}
3092	if (family == PF_UNSPEC && sock != NULL)
3093		family = sock->sk->sk_family;
3094
3095	if (family == PF_UNIX) {
3096		ssp = sock->sk->sk_security;
3097		s = smack_to_secid(ssp->smk_out);
3098	} else if (family == PF_INET || family == PF_INET6) {
3099		/*
3100		 * Translate what netlabel gave us.
3101		 */
3102		if (sock != NULL && sock->sk != NULL)
3103			ssp = sock->sk->sk_security;
3104		netlbl_secattr_init(&secattr);
3105		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3106		if (rc == 0) {
3107			sp = smack_from_secattr(&secattr, ssp);
3108			s = smack_to_secid(sp);
3109		}
3110		netlbl_secattr_destroy(&secattr);
3111	}
3112	*secid = s;
3113	if (s == 0)
3114		return -EINVAL;
3115	return 0;
3116}
3117
3118/**
3119 * smack_sock_graft - Initialize a newly created socket with an existing sock
3120 * @sk: child sock
3121 * @parent: parent socket
3122 *
3123 * Set the smk_{in,out} state of an existing sock based on the process that
3124 * is creating the new socket.
3125 */
3126static void smack_sock_graft(struct sock *sk, struct socket *parent)
3127{
3128	struct socket_smack *ssp;
3129
3130	if (sk == NULL ||
3131	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3132		return;
3133
3134	ssp = sk->sk_security;
3135	ssp->smk_in = ssp->smk_out = smk_of_current();
3136	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
3137}
3138
3139/**
3140 * smack_inet_conn_request - Smack access check on connect
3141 * @sk: socket involved
3142 * @skb: packet
3143 * @req: unused
3144 *
3145 * Returns 0 if a task with the packet label could write to
3146 * the socket, otherwise an error code
3147 */
3148static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3149				   struct request_sock *req)
3150{
3151	u16 family = sk->sk_family;
3152	struct socket_smack *ssp = sk->sk_security;
3153	struct netlbl_lsm_secattr secattr;
3154	struct sockaddr_in addr;
3155	struct iphdr *hdr;
3156	char *sp;
3157	int rc;
3158	struct smk_audit_info ad;
3159	struct lsm_network_audit net;
3160
3161	/* handle mapped IPv4 packets arriving via IPv6 sockets */
3162	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3163		family = PF_INET;
3164
3165	netlbl_secattr_init(&secattr);
3166	rc = netlbl_skbuff_getattr(skb, family, &secattr);
3167	if (rc == 0)
3168		sp = smack_from_secattr(&secattr, ssp);
3169	else
3170		sp = smack_known_huh.smk_known;
3171	netlbl_secattr_destroy(&secattr);
3172
3173#ifdef CONFIG_AUDIT
3174	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3175	ad.a.u.net->family = family;
3176	ad.a.u.net->netif = skb->skb_iif;
3177	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3178#endif
3179	/*
3180	 * Receiving a packet requires that the other end be able to write
3181	 * here. Read access is not required.
3182	 */
3183	rc = smk_access(sp, ssp->smk_in, MAY_WRITE, &ad);
3184	if (rc != 0)
3185		return rc;
3186
3187	/*
3188	 * Save the peer's label in the request_sock so we can later setup
3189	 * smk_packet in the child socket so that SO_PEERCRED can report it.
3190	 */
3191	req->peer_secid = smack_to_secid(sp);
3192
3193	/*
3194	 * We need to decide if we want to label the incoming connection here
3195	 * if we do we only need to label the request_sock and the stack will
3196	 * propagate the wire-label to the sock when it is created.
3197	 */
3198	hdr = ip_hdr(skb);
3199	addr.sin_addr.s_addr = hdr->saddr;
3200	rcu_read_lock();
3201	if (smack_host_label(&addr) == NULL) {
3202		rcu_read_unlock();
3203		netlbl_secattr_init(&secattr);
3204		smack_to_secattr(sp, &secattr);
3205		rc = netlbl_req_setattr(req, &secattr);
3206		netlbl_secattr_destroy(&secattr);
3207	} else {
3208		rcu_read_unlock();
3209		netlbl_req_delattr(req);
3210	}
3211
3212	return rc;
3213}
3214
3215/**
3216 * smack_inet_csk_clone - Copy the connection information to the new socket
3217 * @sk: the new socket
3218 * @req: the connection's request_sock
3219 *
3220 * Transfer the connection's peer label to the newly created socket.
3221 */
3222static void smack_inet_csk_clone(struct sock *sk,
3223				 const struct request_sock *req)
3224{
3225	struct socket_smack *ssp = sk->sk_security;
3226
3227	if (req->peer_secid != 0)
3228		ssp->smk_packet = smack_from_secid(req->peer_secid);
3229	else
3230		ssp->smk_packet = NULL;
3231}
3232
3233/*
3234 * Key management security hooks
3235 *
3236 * Casey has not tested key support very heavily.
3237 * The permission check is most likely too restrictive.
3238 * If you care about keys please have a look.
3239 */
3240#ifdef CONFIG_KEYS
3241
3242/**
3243 * smack_key_alloc - Set the key security blob
3244 * @key: object
3245 * @cred: the credentials to use
3246 * @flags: unused
3247 *
3248 * No allocation required
3249 *
3250 * Returns 0
3251 */
3252static int smack_key_alloc(struct key *key, const struct cred *cred,
3253			   unsigned long flags)
3254{
3255	key->security = smk_of_task(cred->security);
3256	return 0;
3257}
3258
3259/**
3260 * smack_key_free - Clear the key security blob
3261 * @key: the object
3262 *
3263 * Clear the blob pointer
3264 */
3265static void smack_key_free(struct key *key)
3266{
3267	key->security = NULL;
3268}
3269
3270/*
3271 * smack_key_permission - Smack access on a key
3272 * @key_ref: gets to the object
3273 * @cred: the credentials to use
3274 * @perm: unused
3275 *
3276 * Return 0 if the task has read and write to the object,
3277 * an error code otherwise
3278 */
3279static int smack_key_permission(key_ref_t key_ref,
3280				const struct cred *cred, key_perm_t perm)
3281{
3282	struct key *keyp;
3283	struct smk_audit_info ad;
3284	char *tsp = smk_of_task(cred->security);
3285
3286	keyp = key_ref_to_ptr(key_ref);
3287	if (keyp == NULL)
3288		return -EINVAL;
3289	/*
3290	 * If the key hasn't been initialized give it access so that
3291	 * it may do so.
3292	 */
3293	if (keyp->security == NULL)
3294		return 0;
3295	/*
3296	 * This should not occur
3297	 */
3298	if (tsp == NULL)
3299		return -EACCES;
3300#ifdef CONFIG_AUDIT
3301	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3302	ad.a.u.key_struct.key = keyp->serial;
3303	ad.a.u.key_struct.key_desc = keyp->description;
3304#endif
3305	return smk_access(tsp, keyp->security,
3306				 MAY_READWRITE, &ad);
3307}
3308#endif /* CONFIG_KEYS */
3309
3310/*
3311 * Smack Audit hooks
3312 *
3313 * Audit requires a unique representation of each Smack specific
3314 * rule. This unique representation is used to distinguish the
3315 * object to be audited from remaining kernel objects and also
3316 * works as a glue between the audit hooks.
3317 *
3318 * Since repository entries are added but never deleted, we'll use
3319 * the smack_known label address related to the given audit rule as
3320 * the needed unique representation. This also better fits the smack
3321 * model where nearly everything is a label.
3322 */
3323#ifdef CONFIG_AUDIT
3324
3325/**
3326 * smack_audit_rule_init - Initialize a smack audit rule
3327 * @field: audit rule fields given from user-space (audit.h)
3328 * @op: required testing operator (=, !=, >, <, ...)
3329 * @rulestr: smack label to be audited
3330 * @vrule: pointer to save our own audit rule representation
3331 *
3332 * Prepare to audit cases where (@field @op @rulestr) is true.
3333 * The label to be audited is created if necessay.
3334 */
3335static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3336{
3337	char **rule = (char **)vrule;
3338	*rule = NULL;
3339
3340	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3341		return -EINVAL;
3342
3343	if (op != Audit_equal && op != Audit_not_equal)
3344		return -EINVAL;
3345
3346	*rule = smk_import(rulestr, 0);
3347
3348	return 0;
3349}
3350
3351/**
3352 * smack_audit_rule_known - Distinguish Smack audit rules
3353 * @krule: rule of interest, in Audit kernel representation format
3354 *
3355 * This is used to filter Smack rules from remaining Audit ones.
3356 * If it's proved that this rule belongs to us, the
3357 * audit_rule_match hook will be called to do the final judgement.
3358 */
3359static int smack_audit_rule_known(struct audit_krule *krule)
3360{
3361	struct audit_field *f;
3362	int i;
3363
3364	for (i = 0; i < krule->field_count; i++) {
3365		f = &krule->fields[i];
3366
3367		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3368			return 1;
3369	}
3370
3371	return 0;
3372}
3373
3374/**
3375 * smack_audit_rule_match - Audit given object ?
3376 * @secid: security id for identifying the object to test
3377 * @field: audit rule flags given from user-space
3378 * @op: required testing operator
3379 * @vrule: smack internal rule presentation
3380 * @actx: audit context associated with the check
3381 *
3382 * The core Audit hook. It's used to take the decision of
3383 * whether to audit or not to audit a given object.
3384 */
3385static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3386				  struct audit_context *actx)
3387{
3388	char *smack;
3389	char *rule = vrule;
3390
3391	if (!rule) {
3392		audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
3393			  "Smack: missing rule\n");
3394		return -ENOENT;
3395	}
3396
3397	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3398		return 0;
3399
3400	smack = smack_from_secid(secid);
3401
3402	/*
3403	 * No need to do string comparisons. If a match occurs,
3404	 * both pointers will point to the same smack_known
3405	 * label.
3406	 */
3407	if (op == Audit_equal)
3408		return (rule == smack);
3409	if (op == Audit_not_equal)
3410		return (rule != smack);
3411
3412	return 0;
3413}
3414
3415/**
3416 * smack_audit_rule_free - free smack rule representation
3417 * @vrule: rule to be freed.
3418 *
3419 * No memory was allocated.
3420 */
3421static void smack_audit_rule_free(void *vrule)
3422{
3423	/* No-op */
3424}
3425
3426#endif /* CONFIG_AUDIT */
3427
3428/**
3429 * smack_secid_to_secctx - return the smack label for a secid
3430 * @secid: incoming integer
3431 * @secdata: destination
3432 * @seclen: how long it is
3433 *
3434 * Exists for networking code.
3435 */
3436static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3437{
3438	char *sp = smack_from_secid(secid);
3439
3440	if (secdata)
3441		*secdata = sp;
3442	*seclen = strlen(sp);
3443	return 0;
3444}
3445
3446/**
3447 * smack_secctx_to_secid - return the secid for a smack label
3448 * @secdata: smack label
3449 * @seclen: how long result is
3450 * @secid: outgoing integer
3451 *
3452 * Exists for audit and networking code.
3453 */
3454static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3455{
3456	*secid = smack_to_secid(secdata);
3457	return 0;
3458}
3459
3460/**
3461 * smack_release_secctx - don't do anything.
3462 * @secdata: unused
3463 * @seclen: unused
3464 *
3465 * Exists to make sure nothing gets done, and properly
3466 */
3467static void smack_release_secctx(char *secdata, u32 seclen)
3468{
3469}
3470
3471static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3472{
3473	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3474}
3475
3476static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3477{
3478	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3479}
3480
3481static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3482{
3483	int len = 0;
3484	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3485
3486	if (len < 0)
3487		return len;
3488	*ctxlen = len;
3489	return 0;
3490}
3491
3492struct security_operations smack_ops = {
3493	.name =				"smack",
3494
3495	.ptrace_access_check =		smack_ptrace_access_check,
3496	.ptrace_traceme =		smack_ptrace_traceme,
3497	.syslog = 			smack_syslog,
3498
3499	.sb_alloc_security = 		smack_sb_alloc_security,
3500	.sb_free_security = 		smack_sb_free_security,
3501	.sb_copy_data = 		smack_sb_copy_data,
3502	.sb_kern_mount = 		smack_sb_kern_mount,
3503	.sb_statfs = 			smack_sb_statfs,
3504	.sb_mount = 			smack_sb_mount,
3505	.sb_umount = 			smack_sb_umount,
3506
3507	.bprm_set_creds =		smack_bprm_set_creds,
3508	.bprm_committing_creds =	smack_bprm_committing_creds,
3509	.bprm_secureexec =		smack_bprm_secureexec,
3510
3511	.inode_alloc_security = 	smack_inode_alloc_security,
3512	.inode_free_security = 		smack_inode_free_security,
3513	.inode_init_security = 		smack_inode_init_security,
3514	.inode_link = 			smack_inode_link,
3515	.inode_unlink = 		smack_inode_unlink,
3516	.inode_rmdir = 			smack_inode_rmdir,
3517	.inode_rename = 		smack_inode_rename,
3518	.inode_permission = 		smack_inode_permission,
3519	.inode_setattr = 		smack_inode_setattr,
3520	.inode_getattr = 		smack_inode_getattr,
3521	.inode_setxattr = 		smack_inode_setxattr,
3522	.inode_post_setxattr = 		smack_inode_post_setxattr,
3523	.inode_getxattr = 		smack_inode_getxattr,
3524	.inode_removexattr = 		smack_inode_removexattr,
3525	.inode_getsecurity = 		smack_inode_getsecurity,
3526	.inode_setsecurity = 		smack_inode_setsecurity,
3527	.inode_listsecurity = 		smack_inode_listsecurity,
3528	.inode_getsecid =		smack_inode_getsecid,
3529
3530	.file_permission = 		smack_file_permission,
3531	.file_alloc_security = 		smack_file_alloc_security,
3532	.file_free_security = 		smack_file_free_security,
3533	.file_ioctl = 			smack_file_ioctl,
3534	.file_lock = 			smack_file_lock,
3535	.file_fcntl = 			smack_file_fcntl,
3536	.file_mmap =			smack_file_mmap,
3537	.file_set_fowner = 		smack_file_set_fowner,
3538	.file_send_sigiotask = 		smack_file_send_sigiotask,
3539	.file_receive = 		smack_file_receive,
3540
3541	.dentry_open =			smack_dentry_open,
3542
3543	.cred_alloc_blank =		smack_cred_alloc_blank,
3544	.cred_free =			smack_cred_free,
3545	.cred_prepare =			smack_cred_prepare,
3546	.cred_transfer =		smack_cred_transfer,
3547	.kernel_act_as =		smack_kernel_act_as,
3548	.kernel_create_files_as =	smack_kernel_create_files_as,
3549	.task_setpgid = 		smack_task_setpgid,
3550	.task_getpgid = 		smack_task_getpgid,
3551	.task_getsid = 			smack_task_getsid,
3552	.task_getsecid = 		smack_task_getsecid,
3553	.task_setnice = 		smack_task_setnice,
3554	.task_setioprio = 		smack_task_setioprio,
3555	.task_getioprio = 		smack_task_getioprio,
3556	.task_setscheduler = 		smack_task_setscheduler,
3557	.task_getscheduler = 		smack_task_getscheduler,
3558	.task_movememory = 		smack_task_movememory,
3559	.task_kill = 			smack_task_kill,
3560	.task_wait = 			smack_task_wait,
3561	.task_to_inode = 		smack_task_to_inode,
3562
3563	.ipc_permission = 		smack_ipc_permission,
3564	.ipc_getsecid =			smack_ipc_getsecid,
3565
3566	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
3567	.msg_msg_free_security = 	smack_msg_msg_free_security,
3568
3569	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
3570	.msg_queue_free_security = 	smack_msg_queue_free_security,
3571	.msg_queue_associate = 		smack_msg_queue_associate,
3572	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
3573	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
3574	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
3575
3576	.shm_alloc_security = 		smack_shm_alloc_security,
3577	.shm_free_security = 		smack_shm_free_security,
3578	.shm_associate = 		smack_shm_associate,
3579	.shm_shmctl = 			smack_shm_shmctl,
3580	.shm_shmat = 			smack_shm_shmat,
3581
3582	.sem_alloc_security = 		smack_sem_alloc_security,
3583	.sem_free_security = 		smack_sem_free_security,
3584	.sem_associate = 		smack_sem_associate,
3585	.sem_semctl = 			smack_sem_semctl,
3586	.sem_semop = 			smack_sem_semop,
3587
3588	.d_instantiate = 		smack_d_instantiate,
3589
3590	.getprocattr = 			smack_getprocattr,
3591	.setprocattr = 			smack_setprocattr,
3592
3593	.unix_stream_connect = 		smack_unix_stream_connect,
3594	.unix_may_send = 		smack_unix_may_send,
3595
3596	.socket_post_create = 		smack_socket_post_create,
3597	.socket_connect =		smack_socket_connect,
3598	.socket_sendmsg =		smack_socket_sendmsg,
3599	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
3600	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
3601	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
3602	.sk_alloc_security = 		smack_sk_alloc_security,
3603	.sk_free_security = 		smack_sk_free_security,
3604	.sock_graft = 			smack_sock_graft,
3605	.inet_conn_request = 		smack_inet_conn_request,
3606	.inet_csk_clone =		smack_inet_csk_clone,
3607
3608 /* key management security hooks */
3609#ifdef CONFIG_KEYS
3610	.key_alloc = 			smack_key_alloc,
3611	.key_free = 			smack_key_free,
3612	.key_permission = 		smack_key_permission,
3613#endif /* CONFIG_KEYS */
3614
3615 /* Audit hooks */
3616#ifdef CONFIG_AUDIT
3617	.audit_rule_init =		smack_audit_rule_init,
3618	.audit_rule_known =		smack_audit_rule_known,
3619	.audit_rule_match =		smack_audit_rule_match,
3620	.audit_rule_free =		smack_audit_rule_free,
3621#endif /* CONFIG_AUDIT */
3622
3623	.secid_to_secctx = 		smack_secid_to_secctx,
3624	.secctx_to_secid = 		smack_secctx_to_secid,
3625	.release_secctx = 		smack_release_secctx,
3626	.inode_notifysecctx =		smack_inode_notifysecctx,
3627	.inode_setsecctx =		smack_inode_setsecctx,
3628	.inode_getsecctx =		smack_inode_getsecctx,
3629};
3630
3631
3632static __init void init_smack_know_list(void)
3633{
3634	list_add(&smack_known_huh.list, &smack_known_list);
3635	list_add(&smack_known_hat.list, &smack_known_list);
3636	list_add(&smack_known_star.list, &smack_known_list);
3637	list_add(&smack_known_floor.list, &smack_known_list);
3638	list_add(&smack_known_invalid.list, &smack_known_list);
3639	list_add(&smack_known_web.list, &smack_known_list);
3640}
3641
3642/**
3643 * smack_init - initialize the smack system
3644 *
3645 * Returns 0
3646 */
3647static __init int smack_init(void)
3648{
3649	struct cred *cred;
3650	struct task_smack *tsp;
3651
3652	if (!security_module_enable(&smack_ops))
3653		return 0;
3654
3655	tsp = new_task_smack(smack_known_floor.smk_known,
3656				smack_known_floor.smk_known, GFP_KERNEL);
3657	if (tsp == NULL)
3658		return -ENOMEM;
3659
3660	printk(KERN_INFO "Smack:  Initializing.\n");
3661
3662	/*
3663	 * Set the security state for the initial task.
3664	 */
3665	cred = (struct cred *) current->cred;
3666	cred->security = tsp;
3667
3668	/* initialize the smack_know_list */
3669	init_smack_know_list();
3670	/*
3671	 * Initialize locks
3672	 */
3673	spin_lock_init(&smack_known_huh.smk_cipsolock);
3674	spin_lock_init(&smack_known_hat.smk_cipsolock);
3675	spin_lock_init(&smack_known_star.smk_cipsolock);
3676	spin_lock_init(&smack_known_floor.smk_cipsolock);
3677	spin_lock_init(&smack_known_invalid.smk_cipsolock);
3678
3679	/*
3680	 * Register with LSM
3681	 */
3682	if (register_security(&smack_ops))
3683		panic("smack: Unable to register with kernel.\n");
3684
3685	return 0;
3686}
3687
3688/*
3689 * Smack requires early initialization in order to label
3690 * all processes and objects when they are created.
3691 */
3692security_initcall(smack_init);
Configure Feed

Configure Feed
