security/smack/smack_lsm.c at v4.2-rc3

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / smack / smack_lsm.c
at v4.2-rc3 4479 lines 110 kB view raw
wrap content
   1/*
   2 *  Simplified MAC Kernel (smack) security module
   3 *
   4 *  This file contains the smack hook function implementations.
   5 *
   6 *  Authors:
   7 *	Casey Schaufler <casey@schaufler-ca.com>
   8 *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
   9 *
  10 *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
  11 *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  12 *                Paul Moore <paul@paul-moore.com>
  13 *  Copyright (C) 2010 Nokia Corporation
  14 *  Copyright (C) 2011 Intel Corporation.
  15 *
  16 *	This program is free software; you can redistribute it and/or modify
  17 *	it under the terms of the GNU General Public License version 2,
  18 *      as published by the Free Software Foundation.
  19 */
  20
  21#include <linux/xattr.h>
  22#include <linux/pagemap.h>
  23#include <linux/mount.h>
  24#include <linux/stat.h>
  25#include <linux/kd.h>
  26#include <asm/ioctls.h>
  27#include <linux/ip.h>
  28#include <linux/tcp.h>
  29#include <linux/udp.h>
  30#include <linux/dccp.h>
  31#include <linux/slab.h>
  32#include <linux/mutex.h>
  33#include <linux/pipe_fs_i.h>
  34#include <net/cipso_ipv4.h>
  35#include <net/ip.h>
  36#include <net/ipv6.h>
  37#include <linux/audit.h>
  38#include <linux/magic.h>
  39#include <linux/dcache.h>
  40#include <linux/personality.h>
  41#include <linux/msg.h>
  42#include <linux/shm.h>
  43#include <linux/binfmts.h>
  44#include "smack.h"
  45
  46#define TRANS_TRUE	"TRUE"
  47#define TRANS_TRUE_SIZE	4
  48
  49#define SMK_CONNECTING	0
  50#define SMK_RECEIVING	1
  51#define SMK_SENDING	2
  52
  53#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
  54LIST_HEAD(smk_ipv6_port_list);
  55#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
  56static struct kmem_cache *smack_inode_cache;
  57int smack_enabled;
  58
  59#ifdef CONFIG_SECURITY_SMACK_BRINGUP
  60static char *smk_bu_mess[] = {
  61	"Bringup Error",	/* Unused */
  62	"Bringup",		/* SMACK_BRINGUP_ALLOW */
  63	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
  64	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
  65};
  66
  67static void smk_bu_mode(int mode, char *s)
  68{
  69	int i = 0;
  70
  71	if (mode & MAY_READ)
  72		s[i++] = 'r';
  73	if (mode & MAY_WRITE)
  74		s[i++] = 'w';
  75	if (mode & MAY_EXEC)
  76		s[i++] = 'x';
  77	if (mode & MAY_APPEND)
  78		s[i++] = 'a';
  79	if (mode & MAY_TRANSMUTE)
  80		s[i++] = 't';
  81	if (mode & MAY_LOCK)
  82		s[i++] = 'l';
  83	if (i == 0)
  84		s[i++] = '-';
  85	s[i] = '\0';
  86}
  87#endif
  88
  89#ifdef CONFIG_SECURITY_SMACK_BRINGUP
  90static int smk_bu_note(char *note, struct smack_known *sskp,
  91		       struct smack_known *oskp, int mode, int rc)
  92{
  93	char acc[SMK_NUM_ACCESS_TYPE + 1];
  94
  95	if (rc <= 0)
  96		return rc;
  97	if (rc > SMACK_UNCONFINED_OBJECT)
  98		rc = 0;
  99
 100	smk_bu_mode(mode, acc);
 101	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
 102		sskp->smk_known, oskp->smk_known, acc, note);
 103	return 0;
 104}
 105#else
 106#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
 107#endif
 108
 109#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 110static int smk_bu_current(char *note, struct smack_known *oskp,
 111			  int mode, int rc)
 112{
 113	struct task_smack *tsp = current_security();
 114	char acc[SMK_NUM_ACCESS_TYPE + 1];
 115
 116	if (rc <= 0)
 117		return rc;
 118	if (rc > SMACK_UNCONFINED_OBJECT)
 119		rc = 0;
 120
 121	smk_bu_mode(mode, acc);
 122	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
 123		tsp->smk_task->smk_known, oskp->smk_known,
 124		acc, current->comm, note);
 125	return 0;
 126}
 127#else
 128#define smk_bu_current(note, oskp, mode, RC) (RC)
 129#endif
 130
 131#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 132static int smk_bu_task(struct task_struct *otp, int mode, int rc)
 133{
 134	struct task_smack *tsp = current_security();
 135	struct smack_known *smk_task = smk_of_task_struct(otp);
 136	char acc[SMK_NUM_ACCESS_TYPE + 1];
 137
 138	if (rc <= 0)
 139		return rc;
 140	if (rc > SMACK_UNCONFINED_OBJECT)
 141		rc = 0;
 142
 143	smk_bu_mode(mode, acc);
 144	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
 145		tsp->smk_task->smk_known, smk_task->smk_known, acc,
 146		current->comm, otp->comm);
 147	return 0;
 148}
 149#else
 150#define smk_bu_task(otp, mode, RC) (RC)
 151#endif
 152
 153#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 154static int smk_bu_inode(struct inode *inode, int mode, int rc)
 155{
 156	struct task_smack *tsp = current_security();
 157	struct inode_smack *isp = inode->i_security;
 158	char acc[SMK_NUM_ACCESS_TYPE + 1];
 159
 160	if (isp->smk_flags & SMK_INODE_IMPURE)
 161		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 162			inode->i_sb->s_id, inode->i_ino, current->comm);
 163
 164	if (rc <= 0)
 165		return rc;
 166	if (rc > SMACK_UNCONFINED_OBJECT)
 167		rc = 0;
 168	if (rc == SMACK_UNCONFINED_SUBJECT &&
 169	    (mode & (MAY_WRITE | MAY_APPEND)))
 170		isp->smk_flags |= SMK_INODE_IMPURE;
 171
 172	smk_bu_mode(mode, acc);
 173
 174	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
 175		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
 176		inode->i_sb->s_id, inode->i_ino, current->comm);
 177	return 0;
 178}
 179#else
 180#define smk_bu_inode(inode, mode, RC) (RC)
 181#endif
 182
 183#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 184static int smk_bu_file(struct file *file, int mode, int rc)
 185{
 186	struct task_smack *tsp = current_security();
 187	struct smack_known *sskp = tsp->smk_task;
 188	struct inode *inode = file_inode(file);
 189	struct inode_smack *isp = inode->i_security;
 190	char acc[SMK_NUM_ACCESS_TYPE + 1];
 191
 192	if (isp->smk_flags & SMK_INODE_IMPURE)
 193		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 194			inode->i_sb->s_id, inode->i_ino, current->comm);
 195
 196	if (rc <= 0)
 197		return rc;
 198	if (rc > SMACK_UNCONFINED_OBJECT)
 199		rc = 0;
 200
 201	smk_bu_mode(mode, acc);
 202	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 203		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 204		inode->i_sb->s_id, inode->i_ino, file,
 205		current->comm);
 206	return 0;
 207}
 208#else
 209#define smk_bu_file(file, mode, RC) (RC)
 210#endif
 211
 212#ifdef CONFIG_SECURITY_SMACK_BRINGUP
 213static int smk_bu_credfile(const struct cred *cred, struct file *file,
 214				int mode, int rc)
 215{
 216	struct task_smack *tsp = cred->security;
 217	struct smack_known *sskp = tsp->smk_task;
 218	struct inode *inode = file->f_inode;
 219	struct inode_smack *isp = inode->i_security;
 220	char acc[SMK_NUM_ACCESS_TYPE + 1];
 221
 222	if (isp->smk_flags & SMK_INODE_IMPURE)
 223		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
 224			inode->i_sb->s_id, inode->i_ino, current->comm);
 225
 226	if (rc <= 0)
 227		return rc;
 228	if (rc > SMACK_UNCONFINED_OBJECT)
 229		rc = 0;
 230
 231	smk_bu_mode(mode, acc);
 232	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
 233		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
 234		inode->i_sb->s_id, inode->i_ino, file,
 235		current->comm);
 236	return 0;
 237}
 238#else
 239#define smk_bu_credfile(cred, file, mode, RC) (RC)
 240#endif
 241
 242/**
 243 * smk_fetch - Fetch the smack label from a file.
 244 * @name: type of the label (attribute)
 245 * @ip: a pointer to the inode
 246 * @dp: a pointer to the dentry
 247 *
 248 * Returns a pointer to the master list entry for the Smack label,
 249 * NULL if there was no label to fetch, or an error code.
 250 */
 251static struct smack_known *smk_fetch(const char *name, struct inode *ip,
 252					struct dentry *dp)
 253{
 254	int rc;
 255	char *buffer;
 256	struct smack_known *skp = NULL;
 257
 258	if (ip->i_op->getxattr == NULL)
 259		return ERR_PTR(-EOPNOTSUPP);
 260
 261	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
 262	if (buffer == NULL)
 263		return ERR_PTR(-ENOMEM);
 264
 265	rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
 266	if (rc < 0)
 267		skp = ERR_PTR(rc);
 268	else if (rc == 0)
 269		skp = NULL;
 270	else
 271		skp = smk_import_entry(buffer, rc);
 272
 273	kfree(buffer);
 274
 275	return skp;
 276}
 277
 278/**
 279 * new_inode_smack - allocate an inode security blob
 280 * @skp: a pointer to the Smack label entry to use in the blob
 281 *
 282 * Returns the new blob or NULL if there's no memory available
 283 */
 284struct inode_smack *new_inode_smack(struct smack_known *skp)
 285{
 286	struct inode_smack *isp;
 287
 288	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
 289	if (isp == NULL)
 290		return NULL;
 291
 292	isp->smk_inode = skp;
 293	isp->smk_flags = 0;
 294	mutex_init(&isp->smk_lock);
 295
 296	return isp;
 297}
 298
 299/**
 300 * new_task_smack - allocate a task security blob
 301 * @task: a pointer to the Smack label for the running task
 302 * @forked: a pointer to the Smack label for the forked task
 303 * @gfp: type of the memory for the allocation
 304 *
 305 * Returns the new blob or NULL if there's no memory available
 306 */
 307static struct task_smack *new_task_smack(struct smack_known *task,
 308					struct smack_known *forked, gfp_t gfp)
 309{
 310	struct task_smack *tsp;
 311
 312	tsp = kzalloc(sizeof(struct task_smack), gfp);
 313	if (tsp == NULL)
 314		return NULL;
 315
 316	tsp->smk_task = task;
 317	tsp->smk_forked = forked;
 318	INIT_LIST_HEAD(&tsp->smk_rules);
 319	mutex_init(&tsp->smk_rules_lock);
 320
 321	return tsp;
 322}
 323
 324/**
 325 * smk_copy_rules - copy a rule set
 326 * @nhead: new rules header pointer
 327 * @ohead: old rules header pointer
 328 * @gfp: type of the memory for the allocation
 329 *
 330 * Returns 0 on success, -ENOMEM on error
 331 */
 332static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
 333				gfp_t gfp)
 334{
 335	struct smack_rule *nrp;
 336	struct smack_rule *orp;
 337	int rc = 0;
 338
 339	INIT_LIST_HEAD(nhead);
 340
 341	list_for_each_entry_rcu(orp, ohead, list) {
 342		nrp = kzalloc(sizeof(struct smack_rule), gfp);
 343		if (nrp == NULL) {
 344			rc = -ENOMEM;
 345			break;
 346		}
 347		*nrp = *orp;
 348		list_add_rcu(&nrp->list, nhead);
 349	}
 350	return rc;
 351}
 352
 353/**
 354 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
 355 * @mode - input mode in form of PTRACE_MODE_*
 356 *
 357 * Returns a converted MAY_* mode usable by smack rules
 358 */
 359static inline unsigned int smk_ptrace_mode(unsigned int mode)
 360{
 361	switch (mode) {
 362	case PTRACE_MODE_READ:
 363		return MAY_READ;
 364	case PTRACE_MODE_ATTACH:
 365		return MAY_READWRITE;
 366	}
 367
 368	return 0;
 369}
 370
 371/**
 372 * smk_ptrace_rule_check - helper for ptrace access
 373 * @tracer: tracer process
 374 * @tracee_known: label entry of the process that's about to be traced
 375 * @mode: ptrace attachment mode (PTRACE_MODE_*)
 376 * @func: name of the function that called us, used for audit
 377 *
 378 * Returns 0 on access granted, -error on error
 379 */
 380static int smk_ptrace_rule_check(struct task_struct *tracer,
 381				 struct smack_known *tracee_known,
 382				 unsigned int mode, const char *func)
 383{
 384	int rc;
 385	struct smk_audit_info ad, *saip = NULL;
 386	struct task_smack *tsp;
 387	struct smack_known *tracer_known;
 388
 389	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
 390		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
 391		smk_ad_setfield_u_tsk(&ad, tracer);
 392		saip = &ad;
 393	}
 394
 395	rcu_read_lock();
 396	tsp = __task_cred(tracer)->security;
 397	tracer_known = smk_of_task(tsp);
 398
 399	if ((mode & PTRACE_MODE_ATTACH) &&
 400	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
 401	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
 402		if (tracer_known->smk_known == tracee_known->smk_known)
 403			rc = 0;
 404		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 405			rc = -EACCES;
 406		else if (capable(CAP_SYS_PTRACE))
 407			rc = 0;
 408		else
 409			rc = -EACCES;
 410
 411		if (saip)
 412			smack_log(tracer_known->smk_known,
 413				  tracee_known->smk_known,
 414				  0, rc, saip);
 415
 416		rcu_read_unlock();
 417		return rc;
 418	}
 419
 420	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
 421	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
 422
 423	rcu_read_unlock();
 424	return rc;
 425}
 426
 427/*
 428 * LSM hooks.
 429 * We he, that is fun!
 430 */
 431
 432/**
 433 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
 434 * @ctp: child task pointer
 435 * @mode: ptrace attachment mode (PTRACE_MODE_*)
 436 *
 437 * Returns 0 if access is OK, an error code otherwise
 438 *
 439 * Do the capability checks.
 440 */
 441static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 442{
 443	struct smack_known *skp;
 444
 445	skp = smk_of_task_struct(ctp);
 446
 447	return smk_ptrace_rule_check(current, skp, mode, __func__);
 448}
 449
 450/**
 451 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
 452 * @ptp: parent task pointer
 453 *
 454 * Returns 0 if access is OK, an error code otherwise
 455 *
 456 * Do the capability checks, and require PTRACE_MODE_ATTACH.
 457 */
 458static int smack_ptrace_traceme(struct task_struct *ptp)
 459{
 460	int rc;
 461	struct smack_known *skp;
 462
 463	skp = smk_of_task(current_security());
 464
 465	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
 466	return rc;
 467}
 468
 469/**
 470 * smack_syslog - Smack approval on syslog
 471 * @type: message type
 472 *
 473 * Returns 0 on success, error code otherwise.
 474 */
 475static int smack_syslog(int typefrom_file)
 476{
 477	int rc = 0;
 478	struct smack_known *skp = smk_of_current();
 479
 480	if (smack_privileged(CAP_MAC_OVERRIDE))
 481		return 0;
 482
 483	if (smack_syslog_label != NULL && smack_syslog_label != skp)
 484		rc = -EACCES;
 485
 486	return rc;
 487}
 488
 489
 490/*
 491 * Superblock Hooks.
 492 */
 493
 494/**
 495 * smack_sb_alloc_security - allocate a superblock blob
 496 * @sb: the superblock getting the blob
 497 *
 498 * Returns 0 on success or -ENOMEM on error.
 499 */
 500static int smack_sb_alloc_security(struct super_block *sb)
 501{
 502	struct superblock_smack *sbsp;
 503
 504	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
 505
 506	if (sbsp == NULL)
 507		return -ENOMEM;
 508
 509	sbsp->smk_root = &smack_known_floor;
 510	sbsp->smk_default = &smack_known_floor;
 511	sbsp->smk_floor = &smack_known_floor;
 512	sbsp->smk_hat = &smack_known_hat;
 513	/*
 514	 * smk_initialized will be zero from kzalloc.
 515	 */
 516	sb->s_security = sbsp;
 517
 518	return 0;
 519}
 520
 521/**
 522 * smack_sb_free_security - free a superblock blob
 523 * @sb: the superblock getting the blob
 524 *
 525 */
 526static void smack_sb_free_security(struct super_block *sb)
 527{
 528	kfree(sb->s_security);
 529	sb->s_security = NULL;
 530}
 531
 532/**
 533 * smack_sb_copy_data - copy mount options data for processing
 534 * @orig: where to start
 535 * @smackopts: mount options string
 536 *
 537 * Returns 0 on success or -ENOMEM on error.
 538 *
 539 * Copy the Smack specific mount options out of the mount
 540 * options list.
 541 */
 542static int smack_sb_copy_data(char *orig, char *smackopts)
 543{
 544	char *cp, *commap, *otheropts, *dp;
 545
 546	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
 547	if (otheropts == NULL)
 548		return -ENOMEM;
 549
 550	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
 551		if (strstr(cp, SMK_FSDEFAULT) == cp)
 552			dp = smackopts;
 553		else if (strstr(cp, SMK_FSFLOOR) == cp)
 554			dp = smackopts;
 555		else if (strstr(cp, SMK_FSHAT) == cp)
 556			dp = smackopts;
 557		else if (strstr(cp, SMK_FSROOT) == cp)
 558			dp = smackopts;
 559		else if (strstr(cp, SMK_FSTRANS) == cp)
 560			dp = smackopts;
 561		else
 562			dp = otheropts;
 563
 564		commap = strchr(cp, ',');
 565		if (commap != NULL)
 566			*commap = '\0';
 567
 568		if (*dp != '\0')
 569			strcat(dp, ",");
 570		strcat(dp, cp);
 571	}
 572
 573	strcpy(orig, otheropts);
 574	free_page((unsigned long)otheropts);
 575
 576	return 0;
 577}
 578
 579/**
 580 * smack_sb_kern_mount - Smack specific mount processing
 581 * @sb: the file system superblock
 582 * @flags: the mount flags
 583 * @data: the smack mount options
 584 *
 585 * Returns 0 on success, an error code on failure
 586 */
 587static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 588{
 589	struct dentry *root = sb->s_root;
 590	struct inode *inode = d_backing_inode(root);
 591	struct superblock_smack *sp = sb->s_security;
 592	struct inode_smack *isp;
 593	struct smack_known *skp;
 594	char *op;
 595	char *commap;
 596	int transmute = 0;
 597	int specified = 0;
 598
 599	if (sp->smk_initialized)
 600		return 0;
 601
 602	sp->smk_initialized = 1;
 603
 604	for (op = data; op != NULL; op = commap) {
 605		commap = strchr(op, ',');
 606		if (commap != NULL)
 607			*commap++ = '\0';
 608
 609		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
 610			op += strlen(SMK_FSHAT);
 611			skp = smk_import_entry(op, 0);
 612			if (IS_ERR(skp))
 613				return PTR_ERR(skp);
 614			sp->smk_hat = skp;
 615			specified = 1;
 616
 617		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
 618			op += strlen(SMK_FSFLOOR);
 619			skp = smk_import_entry(op, 0);
 620			if (IS_ERR(skp))
 621				return PTR_ERR(skp);
 622			sp->smk_floor = skp;
 623			specified = 1;
 624
 625		} else if (strncmp(op, SMK_FSDEFAULT,
 626				   strlen(SMK_FSDEFAULT)) == 0) {
 627			op += strlen(SMK_FSDEFAULT);
 628			skp = smk_import_entry(op, 0);
 629			if (IS_ERR(skp))
 630				return PTR_ERR(skp);
 631			sp->smk_default = skp;
 632			specified = 1;
 633
 634		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
 635			op += strlen(SMK_FSROOT);
 636			skp = smk_import_entry(op, 0);
 637			if (IS_ERR(skp))
 638				return PTR_ERR(skp);
 639			sp->smk_root = skp;
 640			specified = 1;
 641
 642		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
 643			op += strlen(SMK_FSTRANS);
 644			skp = smk_import_entry(op, 0);
 645			if (IS_ERR(skp))
 646				return PTR_ERR(skp);
 647			sp->smk_root = skp;
 648			transmute = 1;
 649			specified = 1;
 650		}
 651	}
 652
 653	if (!smack_privileged(CAP_MAC_ADMIN)) {
 654		/*
 655		 * Unprivileged mounts don't get to specify Smack values.
 656		 */
 657		if (specified)
 658			return -EPERM;
 659		/*
 660		 * Unprivileged mounts get root and default from the caller.
 661		 */
 662		skp = smk_of_current();
 663		sp->smk_root = skp;
 664		sp->smk_default = skp;
 665	}
 666	/*
 667	 * Initialize the root inode.
 668	 */
 669	isp = inode->i_security;
 670	if (isp == NULL) {
 671		isp = new_inode_smack(sp->smk_root);
 672		if (isp == NULL)
 673			return -ENOMEM;
 674		inode->i_security = isp;
 675	} else
 676		isp->smk_inode = sp->smk_root;
 677
 678	if (transmute)
 679		isp->smk_flags |= SMK_INODE_TRANSMUTE;
 680
 681	return 0;
 682}
 683
 684/**
 685 * smack_sb_statfs - Smack check on statfs
 686 * @dentry: identifies the file system in question
 687 *
 688 * Returns 0 if current can read the floor of the filesystem,
 689 * and error code otherwise
 690 */
 691static int smack_sb_statfs(struct dentry *dentry)
 692{
 693	struct superblock_smack *sbp = dentry->d_sb->s_security;
 694	int rc;
 695	struct smk_audit_info ad;
 696
 697	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 698	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 699
 700	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
 701	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
 702	return rc;
 703}
 704
 705/*
 706 * BPRM hooks
 707 */
 708
 709/**
 710 * smack_bprm_set_creds - set creds for exec
 711 * @bprm: the exec information
 712 *
 713 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
 714 */
 715static int smack_bprm_set_creds(struct linux_binprm *bprm)
 716{
 717	struct inode *inode = file_inode(bprm->file);
 718	struct task_smack *bsp = bprm->cred->security;
 719	struct inode_smack *isp;
 720	int rc;
 721
 722	if (bprm->cred_prepared)
 723		return 0;
 724
 725	isp = inode->i_security;
 726	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
 727		return 0;
 728
 729	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
 730		struct task_struct *tracer;
 731		rc = 0;
 732
 733		rcu_read_lock();
 734		tracer = ptrace_parent(current);
 735		if (likely(tracer != NULL))
 736			rc = smk_ptrace_rule_check(tracer,
 737						   isp->smk_task,
 738						   PTRACE_MODE_ATTACH,
 739						   __func__);
 740		rcu_read_unlock();
 741
 742		if (rc != 0)
 743			return rc;
 744	} else if (bprm->unsafe)
 745		return -EPERM;
 746
 747	bsp->smk_task = isp->smk_task;
 748	bprm->per_clear |= PER_CLEAR_ON_SETID;
 749
 750	return 0;
 751}
 752
 753/**
 754 * smack_bprm_committing_creds - Prepare to install the new credentials
 755 * from bprm.
 756 *
 757 * @bprm: binprm for exec
 758 */
 759static void smack_bprm_committing_creds(struct linux_binprm *bprm)
 760{
 761	struct task_smack *bsp = bprm->cred->security;
 762
 763	if (bsp->smk_task != bsp->smk_forked)
 764		current->pdeath_signal = 0;
 765}
 766
 767/**
 768 * smack_bprm_secureexec - Return the decision to use secureexec.
 769 * @bprm: binprm for exec
 770 *
 771 * Returns 0 on success.
 772 */
 773static int smack_bprm_secureexec(struct linux_binprm *bprm)
 774{
 775	struct task_smack *tsp = current_security();
 776
 777	if (tsp->smk_task != tsp->smk_forked)
 778		return 1;
 779
 780	return 0;
 781}
 782
 783/*
 784 * Inode hooks
 785 */
 786
 787/**
 788 * smack_inode_alloc_security - allocate an inode blob
 789 * @inode: the inode in need of a blob
 790 *
 791 * Returns 0 if it gets a blob, -ENOMEM otherwise
 792 */
 793static int smack_inode_alloc_security(struct inode *inode)
 794{
 795	struct smack_known *skp = smk_of_current();
 796
 797	inode->i_security = new_inode_smack(skp);
 798	if (inode->i_security == NULL)
 799		return -ENOMEM;
 800	return 0;
 801}
 802
 803/**
 804 * smack_inode_free_security - free an inode blob
 805 * @inode: the inode with a blob
 806 *
 807 * Clears the blob pointer in inode
 808 */
 809static void smack_inode_free_security(struct inode *inode)
 810{
 811	kmem_cache_free(smack_inode_cache, inode->i_security);
 812	inode->i_security = NULL;
 813}
 814
 815/**
 816 * smack_inode_init_security - copy out the smack from an inode
 817 * @inode: the newly created inode
 818 * @dir: containing directory object
 819 * @qstr: unused
 820 * @name: where to put the attribute name
 821 * @value: where to put the attribute value
 822 * @len: where to put the length of the attribute
 823 *
 824 * Returns 0 if it all works out, -ENOMEM if there's no memory
 825 */
 826static int smack_inode_init_security(struct inode *inode, struct inode *dir,
 827				     const struct qstr *qstr, const char **name,
 828				     void **value, size_t *len)
 829{
 830	struct inode_smack *issp = inode->i_security;
 831	struct smack_known *skp = smk_of_current();
 832	struct smack_known *isp = smk_of_inode(inode);
 833	struct smack_known *dsp = smk_of_inode(dir);
 834	int may;
 835
 836	if (name)
 837		*name = XATTR_SMACK_SUFFIX;
 838
 839	if (value && len) {
 840		rcu_read_lock();
 841		may = smk_access_entry(skp->smk_known, dsp->smk_known,
 842				       &skp->smk_rules);
 843		rcu_read_unlock();
 844
 845		/*
 846		 * If the access rule allows transmutation and
 847		 * the directory requests transmutation then
 848		 * by all means transmute.
 849		 * Mark the inode as changed.
 850		 */
 851		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
 852		    smk_inode_transmutable(dir)) {
 853			isp = dsp;
 854			issp->smk_flags |= SMK_INODE_CHANGED;
 855		}
 856
 857		*value = kstrdup(isp->smk_known, GFP_NOFS);
 858		if (*value == NULL)
 859			return -ENOMEM;
 860
 861		*len = strlen(isp->smk_known);
 862	}
 863
 864	return 0;
 865}
 866
 867/**
 868 * smack_inode_link - Smack check on link
 869 * @old_dentry: the existing object
 870 * @dir: unused
 871 * @new_dentry: the new object
 872 *
 873 * Returns 0 if access is permitted, an error code otherwise
 874 */
 875static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
 876			    struct dentry *new_dentry)
 877{
 878	struct smack_known *isp;
 879	struct smk_audit_info ad;
 880	int rc;
 881
 882	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 883	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 884
 885	isp = smk_of_inode(d_backing_inode(old_dentry));
 886	rc = smk_curacc(isp, MAY_WRITE, &ad);
 887	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
 888
 889	if (rc == 0 && d_is_positive(new_dentry)) {
 890		isp = smk_of_inode(d_backing_inode(new_dentry));
 891		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 892		rc = smk_curacc(isp, MAY_WRITE, &ad);
 893		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
 894	}
 895
 896	return rc;
 897}
 898
 899/**
 900 * smack_inode_unlink - Smack check on inode deletion
 901 * @dir: containing directory object
 902 * @dentry: file to unlink
 903 *
 904 * Returns 0 if current can write the containing directory
 905 * and the object, error code otherwise
 906 */
 907static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
 908{
 909	struct inode *ip = d_backing_inode(dentry);
 910	struct smk_audit_info ad;
 911	int rc;
 912
 913	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 914	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 915
 916	/*
 917	 * You need write access to the thing you're unlinking
 918	 */
 919	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
 920	rc = smk_bu_inode(ip, MAY_WRITE, rc);
 921	if (rc == 0) {
 922		/*
 923		 * You also need write access to the containing directory
 924		 */
 925		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
 926		smk_ad_setfield_u_fs_inode(&ad, dir);
 927		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 928		rc = smk_bu_inode(dir, MAY_WRITE, rc);
 929	}
 930	return rc;
 931}
 932
 933/**
 934 * smack_inode_rmdir - Smack check on directory deletion
 935 * @dir: containing directory object
 936 * @dentry: directory to unlink
 937 *
 938 * Returns 0 if current can write the containing directory
 939 * and the directory, error code otherwise
 940 */
 941static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
 942{
 943	struct smk_audit_info ad;
 944	int rc;
 945
 946	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 947	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
 948
 949	/*
 950	 * You need write access to the thing you're removing
 951	 */
 952	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
 953	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
 954	if (rc == 0) {
 955		/*
 956		 * You also need write access to the containing directory
 957		 */
 958		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
 959		smk_ad_setfield_u_fs_inode(&ad, dir);
 960		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
 961		rc = smk_bu_inode(dir, MAY_WRITE, rc);
 962	}
 963
 964	return rc;
 965}
 966
 967/**
 968 * smack_inode_rename - Smack check on rename
 969 * @old_inode: unused
 970 * @old_dentry: the old object
 971 * @new_inode: unused
 972 * @new_dentry: the new object
 973 *
 974 * Read and write access is required on both the old and
 975 * new directories.
 976 *
 977 * Returns 0 if access is permitted, an error code otherwise
 978 */
 979static int smack_inode_rename(struct inode *old_inode,
 980			      struct dentry *old_dentry,
 981			      struct inode *new_inode,
 982			      struct dentry *new_dentry)
 983{
 984	int rc;
 985	struct smack_known *isp;
 986	struct smk_audit_info ad;
 987
 988	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
 989	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
 990
 991	isp = smk_of_inode(d_backing_inode(old_dentry));
 992	rc = smk_curacc(isp, MAY_READWRITE, &ad);
 993	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
 994
 995	if (rc == 0 && d_is_positive(new_dentry)) {
 996		isp = smk_of_inode(d_backing_inode(new_dentry));
 997		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
 998		rc = smk_curacc(isp, MAY_READWRITE, &ad);
 999		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1000	}
1001	return rc;
1002}
1003
1004/**
1005 * smack_inode_permission - Smack version of permission()
1006 * @inode: the inode in question
1007 * @mask: the access requested
1008 *
1009 * This is the important Smack hook.
1010 *
1011 * Returns 0 if access is permitted, -EACCES otherwise
1012 */
1013static int smack_inode_permission(struct inode *inode, int mask)
1014{
1015	struct smk_audit_info ad;
1016	int no_block = mask & MAY_NOT_BLOCK;
1017	int rc;
1018
1019	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1020	/*
1021	 * No permission to check. Existence test. Yup, it's there.
1022	 */
1023	if (mask == 0)
1024		return 0;
1025
1026	/* May be droppable after audit */
1027	if (no_block)
1028		return -ECHILD;
1029	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1030	smk_ad_setfield_u_fs_inode(&ad, inode);
1031	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1032	rc = smk_bu_inode(inode, mask, rc);
1033	return rc;
1034}
1035
1036/**
1037 * smack_inode_setattr - Smack check for setting attributes
1038 * @dentry: the object
1039 * @iattr: for the force flag
1040 *
1041 * Returns 0 if access is permitted, an error code otherwise
1042 */
1043static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1044{
1045	struct smk_audit_info ad;
1046	int rc;
1047
1048	/*
1049	 * Need to allow for clearing the setuid bit.
1050	 */
1051	if (iattr->ia_valid & ATTR_FORCE)
1052		return 0;
1053	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1054	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1055
1056	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1057	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1058	return rc;
1059}
1060
1061/**
1062 * smack_inode_getattr - Smack check for getting attributes
1063 * @mnt: vfsmount of the object
1064 * @dentry: the object
1065 *
1066 * Returns 0 if access is permitted, an error code otherwise
1067 */
1068static int smack_inode_getattr(const struct path *path)
1069{
1070	struct smk_audit_info ad;
1071	struct inode *inode = d_backing_inode(path->dentry);
1072	int rc;
1073
1074	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1075	smk_ad_setfield_u_fs_path(&ad, *path);
1076	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1077	rc = smk_bu_inode(inode, MAY_READ, rc);
1078	return rc;
1079}
1080
1081/**
1082 * smack_inode_setxattr - Smack check for setting xattrs
1083 * @dentry: the object
1084 * @name: name of the attribute
1085 * @value: value of the attribute
1086 * @size: size of the value
1087 * @flags: unused
1088 *
1089 * This protects the Smack attribute explicitly.
1090 *
1091 * Returns 0 if access is permitted, an error code otherwise
1092 */
1093static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1094				const void *value, size_t size, int flags)
1095{
1096	struct smk_audit_info ad;
1097	struct smack_known *skp;
1098	int check_priv = 0;
1099	int check_import = 0;
1100	int check_star = 0;
1101	int rc = 0;
1102
1103	/*
1104	 * Check label validity here so import won't fail in post_setxattr
1105	 */
1106	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1107	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1108	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1109		check_priv = 1;
1110		check_import = 1;
1111	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1112		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1113		check_priv = 1;
1114		check_import = 1;
1115		check_star = 1;
1116	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1117		check_priv = 1;
1118		if (size != TRANS_TRUE_SIZE ||
1119		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1120			rc = -EINVAL;
1121	} else
1122		rc = cap_inode_setxattr(dentry, name, value, size, flags);
1123
1124	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1125		rc = -EPERM;
1126
1127	if (rc == 0 && check_import) {
1128		skp = size ? smk_import_entry(value, size) : NULL;
1129		if (IS_ERR(skp))
1130			rc = PTR_ERR(skp);
1131		else if (skp == NULL || (check_star &&
1132		    (skp == &smack_known_star || skp == &smack_known_web)))
1133			rc = -EINVAL;
1134	}
1135
1136	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1137	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1138
1139	if (rc == 0) {
1140		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1141		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1142	}
1143
1144	return rc;
1145}
1146
1147/**
1148 * smack_inode_post_setxattr - Apply the Smack update approved above
1149 * @dentry: object
1150 * @name: attribute name
1151 * @value: attribute value
1152 * @size: attribute size
1153 * @flags: unused
1154 *
1155 * Set the pointer in the inode blob to the entry found
1156 * in the master label list.
1157 */
1158static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1159				      const void *value, size_t size, int flags)
1160{
1161	struct smack_known *skp;
1162	struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1163
1164	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1165		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1166		return;
1167	}
1168
1169	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1170		skp = smk_import_entry(value, size);
1171		if (!IS_ERR(skp))
1172			isp->smk_inode = skp;
1173		else
1174			isp->smk_inode = &smack_known_invalid;
1175	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1176		skp = smk_import_entry(value, size);
1177		if (!IS_ERR(skp))
1178			isp->smk_task = skp;
1179		else
1180			isp->smk_task = &smack_known_invalid;
1181	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1182		skp = smk_import_entry(value, size);
1183		if (!IS_ERR(skp))
1184			isp->smk_mmap = skp;
1185		else
1186			isp->smk_mmap = &smack_known_invalid;
1187	}
1188
1189	return;
1190}
1191
1192/**
1193 * smack_inode_getxattr - Smack check on getxattr
1194 * @dentry: the object
1195 * @name: unused
1196 *
1197 * Returns 0 if access is permitted, an error code otherwise
1198 */
1199static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1200{
1201	struct smk_audit_info ad;
1202	int rc;
1203
1204	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1205	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1206
1207	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1208	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1209	return rc;
1210}
1211
1212/**
1213 * smack_inode_removexattr - Smack check on removexattr
1214 * @dentry: the object
1215 * @name: name of the attribute
1216 *
1217 * Removing the Smack attribute requires CAP_MAC_ADMIN
1218 *
1219 * Returns 0 if access is permitted, an error code otherwise
1220 */
1221static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1222{
1223	struct inode_smack *isp;
1224	struct smk_audit_info ad;
1225	int rc = 0;
1226
1227	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1228	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1229	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1230	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1231	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1232	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1233		if (!smack_privileged(CAP_MAC_ADMIN))
1234			rc = -EPERM;
1235	} else
1236		rc = cap_inode_removexattr(dentry, name);
1237
1238	if (rc != 0)
1239		return rc;
1240
1241	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1242	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1243
1244	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1245	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1246	if (rc != 0)
1247		return rc;
1248
1249	isp = d_backing_inode(dentry)->i_security;
1250	/*
1251	 * Don't do anything special for these.
1252	 *	XATTR_NAME_SMACKIPIN
1253	 *	XATTR_NAME_SMACKIPOUT
1254	 *	XATTR_NAME_SMACKEXEC
1255	 */
1256	if (strcmp(name, XATTR_NAME_SMACK) == 0)
1257		isp->smk_task = NULL;
1258	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1259		isp->smk_mmap = NULL;
1260	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1261		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1262
1263	return 0;
1264}
1265
1266/**
1267 * smack_inode_getsecurity - get smack xattrs
1268 * @inode: the object
1269 * @name: attribute name
1270 * @buffer: where to put the result
1271 * @alloc: unused
1272 *
1273 * Returns the size of the attribute or an error code
1274 */
1275static int smack_inode_getsecurity(const struct inode *inode,
1276				   const char *name, void **buffer,
1277				   bool alloc)
1278{
1279	struct socket_smack *ssp;
1280	struct socket *sock;
1281	struct super_block *sbp;
1282	struct inode *ip = (struct inode *)inode;
1283	struct smack_known *isp;
1284	int ilen;
1285	int rc = 0;
1286
1287	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1288		isp = smk_of_inode(inode);
1289		ilen = strlen(isp->smk_known);
1290		*buffer = isp->smk_known;
1291		return ilen;
1292	}
1293
1294	/*
1295	 * The rest of the Smack xattrs are only on sockets.
1296	 */
1297	sbp = ip->i_sb;
1298	if (sbp->s_magic != SOCKFS_MAGIC)
1299		return -EOPNOTSUPP;
1300
1301	sock = SOCKET_I(ip);
1302	if (sock == NULL || sock->sk == NULL)
1303		return -EOPNOTSUPP;
1304
1305	ssp = sock->sk->sk_security;
1306
1307	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1308		isp = ssp->smk_in;
1309	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1310		isp = ssp->smk_out;
1311	else
1312		return -EOPNOTSUPP;
1313
1314	ilen = strlen(isp->smk_known);
1315	if (rc == 0) {
1316		*buffer = isp->smk_known;
1317		rc = ilen;
1318	}
1319
1320	return rc;
1321}
1322
1323
1324/**
1325 * smack_inode_listsecurity - list the Smack attributes
1326 * @inode: the object
1327 * @buffer: where they go
1328 * @buffer_size: size of buffer
1329 *
1330 * Returns 0 on success, -EINVAL otherwise
1331 */
1332static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1333				    size_t buffer_size)
1334{
1335	int len = sizeof(XATTR_NAME_SMACK);
1336
1337	if (buffer != NULL && len <= buffer_size)
1338		memcpy(buffer, XATTR_NAME_SMACK, len);
1339
1340	return len;
1341}
1342
1343/**
1344 * smack_inode_getsecid - Extract inode's security id
1345 * @inode: inode to extract the info from
1346 * @secid: where result will be saved
1347 */
1348static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1349{
1350	struct inode_smack *isp = inode->i_security;
1351
1352	*secid = isp->smk_inode->smk_secid;
1353}
1354
1355/*
1356 * File Hooks
1357 */
1358
1359/**
1360 * smack_file_permission - Smack check on file operations
1361 * @file: unused
1362 * @mask: unused
1363 *
1364 * Returns 0
1365 *
1366 * Should access checks be done on each read or write?
1367 * UNICOS and SELinux say yes.
1368 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1369 *
1370 * I'll say no for now. Smack does not do the frequent
1371 * label changing that SELinux does.
1372 */
1373static int smack_file_permission(struct file *file, int mask)
1374{
1375	return 0;
1376}
1377
1378/**
1379 * smack_file_alloc_security - assign a file security blob
1380 * @file: the object
1381 *
1382 * The security blob for a file is a pointer to the master
1383 * label list, so no allocation is done.
1384 *
1385 * f_security is the owner security information. It
1386 * isn't used on file access checks, it's for send_sigio.
1387 *
1388 * Returns 0
1389 */
1390static int smack_file_alloc_security(struct file *file)
1391{
1392	struct smack_known *skp = smk_of_current();
1393
1394	file->f_security = skp;
1395	return 0;
1396}
1397
1398/**
1399 * smack_file_free_security - clear a file security blob
1400 * @file: the object
1401 *
1402 * The security blob for a file is a pointer to the master
1403 * label list, so no memory is freed.
1404 */
1405static void smack_file_free_security(struct file *file)
1406{
1407	file->f_security = NULL;
1408}
1409
1410/**
1411 * smack_file_ioctl - Smack check on ioctls
1412 * @file: the object
1413 * @cmd: what to do
1414 * @arg: unused
1415 *
1416 * Relies heavily on the correct use of the ioctl command conventions.
1417 *
1418 * Returns 0 if allowed, error code otherwise
1419 */
1420static int smack_file_ioctl(struct file *file, unsigned int cmd,
1421			    unsigned long arg)
1422{
1423	int rc = 0;
1424	struct smk_audit_info ad;
1425	struct inode *inode = file_inode(file);
1426
1427	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1428	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1429
1430	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1431		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1432		rc = smk_bu_file(file, MAY_WRITE, rc);
1433	}
1434
1435	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1436		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1437		rc = smk_bu_file(file, MAY_READ, rc);
1438	}
1439
1440	return rc;
1441}
1442
1443/**
1444 * smack_file_lock - Smack check on file locking
1445 * @file: the object
1446 * @cmd: unused
1447 *
1448 * Returns 0 if current has lock access, error code otherwise
1449 */
1450static int smack_file_lock(struct file *file, unsigned int cmd)
1451{
1452	struct smk_audit_info ad;
1453	int rc;
1454	struct inode *inode = file_inode(file);
1455
1456	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1457	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1458	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1459	rc = smk_bu_file(file, MAY_LOCK, rc);
1460	return rc;
1461}
1462
1463/**
1464 * smack_file_fcntl - Smack check on fcntl
1465 * @file: the object
1466 * @cmd: what action to check
1467 * @arg: unused
1468 *
1469 * Generally these operations are harmless.
1470 * File locking operations present an obvious mechanism
1471 * for passing information, so they require write access.
1472 *
1473 * Returns 0 if current has access, error code otherwise
1474 */
1475static int smack_file_fcntl(struct file *file, unsigned int cmd,
1476			    unsigned long arg)
1477{
1478	struct smk_audit_info ad;
1479	int rc = 0;
1480	struct inode *inode = file_inode(file);
1481
1482	switch (cmd) {
1483	case F_GETLK:
1484		break;
1485	case F_SETLK:
1486	case F_SETLKW:
1487		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1488		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1489		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1490		rc = smk_bu_file(file, MAY_LOCK, rc);
1491		break;
1492	case F_SETOWN:
1493	case F_SETSIG:
1494		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1495		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1496		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1497		rc = smk_bu_file(file, MAY_WRITE, rc);
1498		break;
1499	default:
1500		break;
1501	}
1502
1503	return rc;
1504}
1505
1506/**
1507 * smack_mmap_file :
1508 * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1509 * if mapping anonymous memory.
1510 * @file contains the file structure for file to map (may be NULL).
1511 * @reqprot contains the protection requested by the application.
1512 * @prot contains the protection that will be applied by the kernel.
1513 * @flags contains the operational flags.
1514 * Return 0 if permission is granted.
1515 */
1516static int smack_mmap_file(struct file *file,
1517			   unsigned long reqprot, unsigned long prot,
1518			   unsigned long flags)
1519{
1520	struct smack_known *skp;
1521	struct smack_known *mkp;
1522	struct smack_rule *srp;
1523	struct task_smack *tsp;
1524	struct smack_known *okp;
1525	struct inode_smack *isp;
1526	int may;
1527	int mmay;
1528	int tmay;
1529	int rc;
1530
1531	if (file == NULL)
1532		return 0;
1533
1534	isp = file_inode(file)->i_security;
1535	if (isp->smk_mmap == NULL)
1536		return 0;
1537	mkp = isp->smk_mmap;
1538
1539	tsp = current_security();
1540	skp = smk_of_current();
1541	rc = 0;
1542
1543	rcu_read_lock();
1544	/*
1545	 * For each Smack rule associated with the subject
1546	 * label verify that the SMACK64MMAP also has access
1547	 * to that rule's object label.
1548	 */
1549	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1550		okp = srp->smk_object;
1551		/*
1552		 * Matching labels always allows access.
1553		 */
1554		if (mkp->smk_known == okp->smk_known)
1555			continue;
1556		/*
1557		 * If there is a matching local rule take
1558		 * that into account as well.
1559		 */
1560		may = smk_access_entry(srp->smk_subject->smk_known,
1561				       okp->smk_known,
1562				       &tsp->smk_rules);
1563		if (may == -ENOENT)
1564			may = srp->smk_access;
1565		else
1566			may &= srp->smk_access;
1567		/*
1568		 * If may is zero the SMACK64MMAP subject can't
1569		 * possibly have less access.
1570		 */
1571		if (may == 0)
1572			continue;
1573
1574		/*
1575		 * Fetch the global list entry.
1576		 * If there isn't one a SMACK64MMAP subject
1577		 * can't have as much access as current.
1578		 */
1579		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1580					&mkp->smk_rules);
1581		if (mmay == -ENOENT) {
1582			rc = -EACCES;
1583			break;
1584		}
1585		/*
1586		 * If there is a local entry it modifies the
1587		 * potential access, too.
1588		 */
1589		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1590					&tsp->smk_rules);
1591		if (tmay != -ENOENT)
1592			mmay &= tmay;
1593
1594		/*
1595		 * If there is any access available to current that is
1596		 * not available to a SMACK64MMAP subject
1597		 * deny access.
1598		 */
1599		if ((may | mmay) != mmay) {
1600			rc = -EACCES;
1601			break;
1602		}
1603	}
1604
1605	rcu_read_unlock();
1606
1607	return rc;
1608}
1609
1610/**
1611 * smack_file_set_fowner - set the file security blob value
1612 * @file: object in question
1613 *
1614 */
1615static void smack_file_set_fowner(struct file *file)
1616{
1617	file->f_security = smk_of_current();
1618}
1619
1620/**
1621 * smack_file_send_sigiotask - Smack on sigio
1622 * @tsk: The target task
1623 * @fown: the object the signal come from
1624 * @signum: unused
1625 *
1626 * Allow a privileged task to get signals even if it shouldn't
1627 *
1628 * Returns 0 if a subject with the object's smack could
1629 * write to the task, an error code otherwise.
1630 */
1631static int smack_file_send_sigiotask(struct task_struct *tsk,
1632				     struct fown_struct *fown, int signum)
1633{
1634	struct smack_known *skp;
1635	struct smack_known *tkp = smk_of_task(tsk->cred->security);
1636	struct file *file;
1637	int rc;
1638	struct smk_audit_info ad;
1639
1640	/*
1641	 * struct fown_struct is never outside the context of a struct file
1642	 */
1643	file = container_of(fown, struct file, f_owner);
1644
1645	/* we don't log here as rc can be overriden */
1646	skp = file->f_security;
1647	rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1648	rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
1649	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1650		rc = 0;
1651
1652	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1653	smk_ad_setfield_u_tsk(&ad, tsk);
1654	smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
1655	return rc;
1656}
1657
1658/**
1659 * smack_file_receive - Smack file receive check
1660 * @file: the object
1661 *
1662 * Returns 0 if current has access, error code otherwise
1663 */
1664static int smack_file_receive(struct file *file)
1665{
1666	int rc;
1667	int may = 0;
1668	struct smk_audit_info ad;
1669	struct inode *inode = file_inode(file);
1670
1671	if (unlikely(IS_PRIVATE(inode)))
1672		return 0;
1673
1674	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1675	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1676	/*
1677	 * This code relies on bitmasks.
1678	 */
1679	if (file->f_mode & FMODE_READ)
1680		may = MAY_READ;
1681	if (file->f_mode & FMODE_WRITE)
1682		may |= MAY_WRITE;
1683
1684	rc = smk_curacc(smk_of_inode(inode), may, &ad);
1685	rc = smk_bu_file(file, may, rc);
1686	return rc;
1687}
1688
1689/**
1690 * smack_file_open - Smack dentry open processing
1691 * @file: the object
1692 * @cred: task credential
1693 *
1694 * Set the security blob in the file structure.
1695 * Allow the open only if the task has read access. There are
1696 * many read operations (e.g. fstat) that you can do with an
1697 * fd even if you have the file open write-only.
1698 *
1699 * Returns 0
1700 */
1701static int smack_file_open(struct file *file, const struct cred *cred)
1702{
1703	struct task_smack *tsp = cred->security;
1704	struct inode *inode = file_inode(file);
1705	struct smk_audit_info ad;
1706	int rc;
1707
1708	if (smack_privileged(CAP_MAC_OVERRIDE))
1709		return 0;
1710
1711	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1712	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1713	rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
1714	rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1715
1716	return rc;
1717}
1718
1719/*
1720 * Task hooks
1721 */
1722
1723/**
1724 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1725 * @new: the new credentials
1726 * @gfp: the atomicity of any memory allocations
1727 *
1728 * Prepare a blank set of credentials for modification.  This must allocate all
1729 * the memory the LSM module might require such that cred_transfer() can
1730 * complete without error.
1731 */
1732static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1733{
1734	struct task_smack *tsp;
1735
1736	tsp = new_task_smack(NULL, NULL, gfp);
1737	if (tsp == NULL)
1738		return -ENOMEM;
1739
1740	cred->security = tsp;
1741
1742	return 0;
1743}
1744
1745
1746/**
1747 * smack_cred_free - "free" task-level security credentials
1748 * @cred: the credentials in question
1749 *
1750 */
1751static void smack_cred_free(struct cred *cred)
1752{
1753	struct task_smack *tsp = cred->security;
1754	struct smack_rule *rp;
1755	struct list_head *l;
1756	struct list_head *n;
1757
1758	if (tsp == NULL)
1759		return;
1760	cred->security = NULL;
1761
1762	list_for_each_safe(l, n, &tsp->smk_rules) {
1763		rp = list_entry(l, struct smack_rule, list);
1764		list_del(&rp->list);
1765		kfree(rp);
1766	}
1767	kfree(tsp);
1768}
1769
1770/**
1771 * smack_cred_prepare - prepare new set of credentials for modification
1772 * @new: the new credentials
1773 * @old: the original credentials
1774 * @gfp: the atomicity of any memory allocations
1775 *
1776 * Prepare a new set of credentials for modification.
1777 */
1778static int smack_cred_prepare(struct cred *new, const struct cred *old,
1779			      gfp_t gfp)
1780{
1781	struct task_smack *old_tsp = old->security;
1782	struct task_smack *new_tsp;
1783	int rc;
1784
1785	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1786	if (new_tsp == NULL)
1787		return -ENOMEM;
1788
1789	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1790	if (rc != 0)
1791		return rc;
1792
1793	new->security = new_tsp;
1794	return 0;
1795}
1796
1797/**
1798 * smack_cred_transfer - Transfer the old credentials to the new credentials
1799 * @new: the new credentials
1800 * @old: the original credentials
1801 *
1802 * Fill in a set of blank credentials from another set of credentials.
1803 */
1804static void smack_cred_transfer(struct cred *new, const struct cred *old)
1805{
1806	struct task_smack *old_tsp = old->security;
1807	struct task_smack *new_tsp = new->security;
1808
1809	new_tsp->smk_task = old_tsp->smk_task;
1810	new_tsp->smk_forked = old_tsp->smk_task;
1811	mutex_init(&new_tsp->smk_rules_lock);
1812	INIT_LIST_HEAD(&new_tsp->smk_rules);
1813
1814
1815	/* cbs copy rule list */
1816}
1817
1818/**
1819 * smack_kernel_act_as - Set the subjective context in a set of credentials
1820 * @new: points to the set of credentials to be modified.
1821 * @secid: specifies the security ID to be set
1822 *
1823 * Set the security data for a kernel service.
1824 */
1825static int smack_kernel_act_as(struct cred *new, u32 secid)
1826{
1827	struct task_smack *new_tsp = new->security;
1828	struct smack_known *skp = smack_from_secid(secid);
1829
1830	if (skp == NULL)
1831		return -EINVAL;
1832
1833	new_tsp->smk_task = skp;
1834	return 0;
1835}
1836
1837/**
1838 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1839 * @new: points to the set of credentials to be modified
1840 * @inode: points to the inode to use as a reference
1841 *
1842 * Set the file creation context in a set of credentials to the same
1843 * as the objective context of the specified inode
1844 */
1845static int smack_kernel_create_files_as(struct cred *new,
1846					struct inode *inode)
1847{
1848	struct inode_smack *isp = inode->i_security;
1849	struct task_smack *tsp = new->security;
1850
1851	tsp->smk_forked = isp->smk_inode;
1852	tsp->smk_task = tsp->smk_forked;
1853	return 0;
1854}
1855
1856/**
1857 * smk_curacc_on_task - helper to log task related access
1858 * @p: the task object
1859 * @access: the access requested
1860 * @caller: name of the calling function for audit
1861 *
1862 * Return 0 if access is permitted
1863 */
1864static int smk_curacc_on_task(struct task_struct *p, int access,
1865				const char *caller)
1866{
1867	struct smk_audit_info ad;
1868	struct smack_known *skp = smk_of_task_struct(p);
1869	int rc;
1870
1871	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1872	smk_ad_setfield_u_tsk(&ad, p);
1873	rc = smk_curacc(skp, access, &ad);
1874	rc = smk_bu_task(p, access, rc);
1875	return rc;
1876}
1877
1878/**
1879 * smack_task_setpgid - Smack check on setting pgid
1880 * @p: the task object
1881 * @pgid: unused
1882 *
1883 * Return 0 if write access is permitted
1884 */
1885static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1886{
1887	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1888}
1889
1890/**
1891 * smack_task_getpgid - Smack access check for getpgid
1892 * @p: the object task
1893 *
1894 * Returns 0 if current can read the object task, error code otherwise
1895 */
1896static int smack_task_getpgid(struct task_struct *p)
1897{
1898	return smk_curacc_on_task(p, MAY_READ, __func__);
1899}
1900
1901/**
1902 * smack_task_getsid - Smack access check for getsid
1903 * @p: the object task
1904 *
1905 * Returns 0 if current can read the object task, error code otherwise
1906 */
1907static int smack_task_getsid(struct task_struct *p)
1908{
1909	return smk_curacc_on_task(p, MAY_READ, __func__);
1910}
1911
1912/**
1913 * smack_task_getsecid - get the secid of the task
1914 * @p: the object task
1915 * @secid: where to put the result
1916 *
1917 * Sets the secid to contain a u32 version of the smack label.
1918 */
1919static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1920{
1921	struct smack_known *skp = smk_of_task_struct(p);
1922
1923	*secid = skp->smk_secid;
1924}
1925
1926/**
1927 * smack_task_setnice - Smack check on setting nice
1928 * @p: the task object
1929 * @nice: unused
1930 *
1931 * Return 0 if write access is permitted
1932 */
1933static int smack_task_setnice(struct task_struct *p, int nice)
1934{
1935	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1936}
1937
1938/**
1939 * smack_task_setioprio - Smack check on setting ioprio
1940 * @p: the task object
1941 * @ioprio: unused
1942 *
1943 * Return 0 if write access is permitted
1944 */
1945static int smack_task_setioprio(struct task_struct *p, int ioprio)
1946{
1947	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1948}
1949
1950/**
1951 * smack_task_getioprio - Smack check on reading ioprio
1952 * @p: the task object
1953 *
1954 * Return 0 if read access is permitted
1955 */
1956static int smack_task_getioprio(struct task_struct *p)
1957{
1958	return smk_curacc_on_task(p, MAY_READ, __func__);
1959}
1960
1961/**
1962 * smack_task_setscheduler - Smack check on setting scheduler
1963 * @p: the task object
1964 * @policy: unused
1965 * @lp: unused
1966 *
1967 * Return 0 if read access is permitted
1968 */
1969static int smack_task_setscheduler(struct task_struct *p)
1970{
1971	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1972}
1973
1974/**
1975 * smack_task_getscheduler - Smack check on reading scheduler
1976 * @p: the task object
1977 *
1978 * Return 0 if read access is permitted
1979 */
1980static int smack_task_getscheduler(struct task_struct *p)
1981{
1982	return smk_curacc_on_task(p, MAY_READ, __func__);
1983}
1984
1985/**
1986 * smack_task_movememory - Smack check on moving memory
1987 * @p: the task object
1988 *
1989 * Return 0 if write access is permitted
1990 */
1991static int smack_task_movememory(struct task_struct *p)
1992{
1993	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1994}
1995
1996/**
1997 * smack_task_kill - Smack check on signal delivery
1998 * @p: the task object
1999 * @info: unused
2000 * @sig: unused
2001 * @secid: identifies the smack to use in lieu of current's
2002 *
2003 * Return 0 if write access is permitted
2004 *
2005 * The secid behavior is an artifact of an SELinux hack
2006 * in the USB code. Someday it may go away.
2007 */
2008static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2009			   int sig, u32 secid)
2010{
2011	struct smk_audit_info ad;
2012	struct smack_known *skp;
2013	struct smack_known *tkp = smk_of_task_struct(p);
2014	int rc;
2015
2016	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2017	smk_ad_setfield_u_tsk(&ad, p);
2018	/*
2019	 * Sending a signal requires that the sender
2020	 * can write the receiver.
2021	 */
2022	if (secid == 0) {
2023		rc = smk_curacc(tkp, MAY_WRITE, &ad);
2024		rc = smk_bu_task(p, MAY_WRITE, rc);
2025		return rc;
2026	}
2027	/*
2028	 * If the secid isn't 0 we're dealing with some USB IO
2029	 * specific behavior. This is not clean. For one thing
2030	 * we can't take privilege into account.
2031	 */
2032	skp = smack_from_secid(secid);
2033	rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2034	rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
2035	return rc;
2036}
2037
2038/**
2039 * smack_task_wait - Smack access check for waiting
2040 * @p: task to wait for
2041 *
2042 * Returns 0
2043 */
2044static int smack_task_wait(struct task_struct *p)
2045{
2046	/*
2047	 * Allow the operation to succeed.
2048	 * Zombies are bad.
2049	 * In userless environments (e.g. phones) programs
2050	 * get marked with SMACK64EXEC and even if the parent
2051	 * and child shouldn't be talking the parent still
2052	 * may expect to know when the child exits.
2053	 */
2054	return 0;
2055}
2056
2057/**
2058 * smack_task_to_inode - copy task smack into the inode blob
2059 * @p: task to copy from
2060 * @inode: inode to copy to
2061 *
2062 * Sets the smack pointer in the inode security blob
2063 */
2064static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2065{
2066	struct inode_smack *isp = inode->i_security;
2067	struct smack_known *skp = smk_of_task_struct(p);
2068
2069	isp->smk_inode = skp;
2070}
2071
2072/*
2073 * Socket hooks.
2074 */
2075
2076/**
2077 * smack_sk_alloc_security - Allocate a socket blob
2078 * @sk: the socket
2079 * @family: unused
2080 * @gfp_flags: memory allocation flags
2081 *
2082 * Assign Smack pointers to current
2083 *
2084 * Returns 0 on success, -ENOMEM is there's no memory
2085 */
2086static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2087{
2088	struct smack_known *skp = smk_of_current();
2089	struct socket_smack *ssp;
2090
2091	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2092	if (ssp == NULL)
2093		return -ENOMEM;
2094
2095	ssp->smk_in = skp;
2096	ssp->smk_out = skp;
2097	ssp->smk_packet = NULL;
2098
2099	sk->sk_security = ssp;
2100
2101	return 0;
2102}
2103
2104/**
2105 * smack_sk_free_security - Free a socket blob
2106 * @sk: the socket
2107 *
2108 * Clears the blob pointer
2109 */
2110static void smack_sk_free_security(struct sock *sk)
2111{
2112	kfree(sk->sk_security);
2113}
2114
2115/**
2116* smack_host_label - check host based restrictions
2117* @sip: the object end
2118*
2119* looks for host based access restrictions
2120*
2121* This version will only be appropriate for really small sets of single label
2122* hosts.  The caller is responsible for ensuring that the RCU read lock is
2123* taken before calling this function.
2124*
2125* Returns the label of the far end or NULL if it's not special.
2126*/
2127static struct smack_known *smack_host_label(struct sockaddr_in *sip)
2128{
2129	struct smk_netlbladdr *snp;
2130	struct in_addr *siap = &sip->sin_addr;
2131
2132	if (siap->s_addr == 0)
2133		return NULL;
2134
2135	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2136		/*
2137		* we break after finding the first match because
2138		* the list is sorted from longest to shortest mask
2139		* so we have found the most specific match
2140		*/
2141		if ((&snp->smk_host.sin_addr)->s_addr ==
2142		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2143			/* we have found the special CIPSO option */
2144			if (snp->smk_label == &smack_cipso_option)
2145				return NULL;
2146			return snp->smk_label;
2147		}
2148
2149	return NULL;
2150}
2151
2152/**
2153 * smack_netlabel - Set the secattr on a socket
2154 * @sk: the socket
2155 * @labeled: socket label scheme
2156 *
2157 * Convert the outbound smack value (smk_out) to a
2158 * secattr and attach it to the socket.
2159 *
2160 * Returns 0 on success or an error code
2161 */
2162static int smack_netlabel(struct sock *sk, int labeled)
2163{
2164	struct smack_known *skp;
2165	struct socket_smack *ssp = sk->sk_security;
2166	int rc = 0;
2167
2168	/*
2169	 * Usually the netlabel code will handle changing the
2170	 * packet labeling based on the label.
2171	 * The case of a single label host is different, because
2172	 * a single label host should never get a labeled packet
2173	 * even though the label is usually associated with a packet
2174	 * label.
2175	 */
2176	local_bh_disable();
2177	bh_lock_sock_nested(sk);
2178
2179	if (ssp->smk_out == smack_net_ambient ||
2180	    labeled == SMACK_UNLABELED_SOCKET)
2181		netlbl_sock_delattr(sk);
2182	else {
2183		skp = ssp->smk_out;
2184		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2185	}
2186
2187	bh_unlock_sock(sk);
2188	local_bh_enable();
2189
2190	return rc;
2191}
2192
2193/**
2194 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2195 * @sk: the socket
2196 * @sap: the destination address
2197 *
2198 * Set the correct secattr for the given socket based on the destination
2199 * address and perform any outbound access checks needed.
2200 *
2201 * Returns 0 on success or an error code.
2202 *
2203 */
2204static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2205{
2206	struct smack_known *skp;
2207	int rc;
2208	int sk_lbl;
2209	struct smack_known *hkp;
2210	struct socket_smack *ssp = sk->sk_security;
2211	struct smk_audit_info ad;
2212
2213	rcu_read_lock();
2214	hkp = smack_host_label(sap);
2215	if (hkp != NULL) {
2216#ifdef CONFIG_AUDIT
2217		struct lsm_network_audit net;
2218
2219		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2220		ad.a.u.net->family = sap->sin_family;
2221		ad.a.u.net->dport = sap->sin_port;
2222		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2223#endif
2224		sk_lbl = SMACK_UNLABELED_SOCKET;
2225		skp = ssp->smk_out;
2226		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2227		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2228	} else {
2229		sk_lbl = SMACK_CIPSO_SOCKET;
2230		rc = 0;
2231	}
2232	rcu_read_unlock();
2233	if (rc != 0)
2234		return rc;
2235
2236	return smack_netlabel(sk, sk_lbl);
2237}
2238
2239#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2240/**
2241 * smk_ipv6_port_label - Smack port access table management
2242 * @sock: socket
2243 * @address: address
2244 *
2245 * Create or update the port list entry
2246 */
2247static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2248{
2249	struct sock *sk = sock->sk;
2250	struct sockaddr_in6 *addr6;
2251	struct socket_smack *ssp = sock->sk->sk_security;
2252	struct smk_port_label *spp;
2253	unsigned short port = 0;
2254
2255	if (address == NULL) {
2256		/*
2257		 * This operation is changing the Smack information
2258		 * on the bound socket. Take the changes to the port
2259		 * as well.
2260		 */
2261		list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2262			if (sk != spp->smk_sock)
2263				continue;
2264			spp->smk_in = ssp->smk_in;
2265			spp->smk_out = ssp->smk_out;
2266			return;
2267		}
2268		/*
2269		 * A NULL address is only used for updating existing
2270		 * bound entries. If there isn't one, it's OK.
2271		 */
2272		return;
2273	}
2274
2275	addr6 = (struct sockaddr_in6 *)address;
2276	port = ntohs(addr6->sin6_port);
2277	/*
2278	 * This is a special case that is safely ignored.
2279	 */
2280	if (port == 0)
2281		return;
2282
2283	/*
2284	 * Look for an existing port list entry.
2285	 * This is an indication that a port is getting reused.
2286	 */
2287	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2288		if (spp->smk_port != port)
2289			continue;
2290		spp->smk_port = port;
2291		spp->smk_sock = sk;
2292		spp->smk_in = ssp->smk_in;
2293		spp->smk_out = ssp->smk_out;
2294		return;
2295	}
2296
2297	/*
2298	 * A new port entry is required.
2299	 */
2300	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2301	if (spp == NULL)
2302		return;
2303
2304	spp->smk_port = port;
2305	spp->smk_sock = sk;
2306	spp->smk_in = ssp->smk_in;
2307	spp->smk_out = ssp->smk_out;
2308
2309	list_add(&spp->list, &smk_ipv6_port_list);
2310	return;
2311}
2312
2313/**
2314 * smk_ipv6_port_check - check Smack port access
2315 * @sock: socket
2316 * @address: address
2317 *
2318 * Create or update the port list entry
2319 */
2320static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2321				int act)
2322{
2323	__be16 *bep;
2324	__be32 *be32p;
2325	struct smk_port_label *spp;
2326	struct socket_smack *ssp = sk->sk_security;
2327	struct smack_known *skp;
2328	unsigned short port = 0;
2329	struct smack_known *object;
2330	struct smk_audit_info ad;
2331	int rc;
2332#ifdef CONFIG_AUDIT
2333	struct lsm_network_audit net;
2334#endif
2335
2336	if (act == SMK_RECEIVING) {
2337		skp = smack_net_ambient;
2338		object = ssp->smk_in;
2339	} else {
2340		skp = ssp->smk_out;
2341		object = smack_net_ambient;
2342	}
2343
2344	/*
2345	 * Get the IP address and port from the address.
2346	 */
2347	port = ntohs(address->sin6_port);
2348	bep = (__be16 *)(&address->sin6_addr);
2349	be32p = (__be32 *)(&address->sin6_addr);
2350
2351	/*
2352	 * It's remote, so port lookup does no good.
2353	 */
2354	if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2355		goto auditout;
2356
2357	/*
2358	 * It's local so the send check has to have passed.
2359	 */
2360	if (act == SMK_RECEIVING) {
2361		skp = &smack_known_web;
2362		goto auditout;
2363	}
2364
2365	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2366		if (spp->smk_port != port)
2367			continue;
2368		object = spp->smk_in;
2369		if (act == SMK_CONNECTING)
2370			ssp->smk_packet = spp->smk_out;
2371		break;
2372	}
2373
2374auditout:
2375
2376#ifdef CONFIG_AUDIT
2377	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2378	ad.a.u.net->family = sk->sk_family;
2379	ad.a.u.net->dport = port;
2380	if (act == SMK_RECEIVING)
2381		ad.a.u.net->v6info.saddr = address->sin6_addr;
2382	else
2383		ad.a.u.net->v6info.daddr = address->sin6_addr;
2384#endif
2385	rc = smk_access(skp, object, MAY_WRITE, &ad);
2386	rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2387	return rc;
2388}
2389#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2390
2391/**
2392 * smack_inode_setsecurity - set smack xattrs
2393 * @inode: the object
2394 * @name: attribute name
2395 * @value: attribute value
2396 * @size: size of the attribute
2397 * @flags: unused
2398 *
2399 * Sets the named attribute in the appropriate blob
2400 *
2401 * Returns 0 on success, or an error code
2402 */
2403static int smack_inode_setsecurity(struct inode *inode, const char *name,
2404				   const void *value, size_t size, int flags)
2405{
2406	struct smack_known *skp;
2407	struct inode_smack *nsp = inode->i_security;
2408	struct socket_smack *ssp;
2409	struct socket *sock;
2410	int rc = 0;
2411
2412	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2413		return -EINVAL;
2414
2415	skp = smk_import_entry(value, size);
2416	if (IS_ERR(skp))
2417		return PTR_ERR(skp);
2418
2419	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2420		nsp->smk_inode = skp;
2421		nsp->smk_flags |= SMK_INODE_INSTANT;
2422		return 0;
2423	}
2424	/*
2425	 * The rest of the Smack xattrs are only on sockets.
2426	 */
2427	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2428		return -EOPNOTSUPP;
2429
2430	sock = SOCKET_I(inode);
2431	if (sock == NULL || sock->sk == NULL)
2432		return -EOPNOTSUPP;
2433
2434	ssp = sock->sk->sk_security;
2435
2436	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2437		ssp->smk_in = skp;
2438	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2439		ssp->smk_out = skp;
2440		if (sock->sk->sk_family == PF_INET) {
2441			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2442			if (rc != 0)
2443				printk(KERN_WARNING
2444					"Smack: \"%s\" netlbl error %d.\n",
2445					__func__, -rc);
2446		}
2447	} else
2448		return -EOPNOTSUPP;
2449
2450#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2451	if (sock->sk->sk_family == PF_INET6)
2452		smk_ipv6_port_label(sock, NULL);
2453#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2454
2455	return 0;
2456}
2457
2458/**
2459 * smack_socket_post_create - finish socket setup
2460 * @sock: the socket
2461 * @family: protocol family
2462 * @type: unused
2463 * @protocol: unused
2464 * @kern: unused
2465 *
2466 * Sets the netlabel information on the socket
2467 *
2468 * Returns 0 on success, and error code otherwise
2469 */
2470static int smack_socket_post_create(struct socket *sock, int family,
2471				    int type, int protocol, int kern)
2472{
2473	struct socket_smack *ssp;
2474
2475	if (sock->sk == NULL)
2476		return 0;
2477
2478	/*
2479	 * Sockets created by kernel threads receive web label.
2480	 */
2481	if (unlikely(current->flags & PF_KTHREAD)) {
2482		ssp = sock->sk->sk_security;
2483		ssp->smk_in = &smack_known_web;
2484		ssp->smk_out = &smack_known_web;
2485	}
2486
2487	if (family != PF_INET)
2488		return 0;
2489	/*
2490	 * Set the outbound netlbl.
2491	 */
2492	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2493}
2494
2495#ifndef CONFIG_SECURITY_SMACK_NETFILTER
2496/**
2497 * smack_socket_bind - record port binding information.
2498 * @sock: the socket
2499 * @address: the port address
2500 * @addrlen: size of the address
2501 *
2502 * Records the label bound to a port.
2503 *
2504 * Returns 0
2505 */
2506static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2507				int addrlen)
2508{
2509#if IS_ENABLED(CONFIG_IPV6)
2510	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2511		smk_ipv6_port_label(sock, address);
2512#endif
2513
2514	return 0;
2515}
2516#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */
2517
2518/**
2519 * smack_socket_connect - connect access check
2520 * @sock: the socket
2521 * @sap: the other end
2522 * @addrlen: size of sap
2523 *
2524 * Verifies that a connection may be possible
2525 *
2526 * Returns 0 on success, and error code otherwise
2527 */
2528static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2529				int addrlen)
2530{
2531	int rc = 0;
2532
2533	if (sock->sk == NULL)
2534		return 0;
2535
2536	switch (sock->sk->sk_family) {
2537	case PF_INET:
2538		if (addrlen < sizeof(struct sockaddr_in))
2539			return -EINVAL;
2540		rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2541		break;
2542	case PF_INET6:
2543		if (addrlen < sizeof(struct sockaddr_in6))
2544			return -EINVAL;
2545#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
2546		rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2547						SMK_CONNECTING);
2548#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
2549		break;
2550	}
2551	return rc;
2552}
2553
2554/**
2555 * smack_flags_to_may - convert S_ to MAY_ values
2556 * @flags: the S_ value
2557 *
2558 * Returns the equivalent MAY_ value
2559 */
2560static int smack_flags_to_may(int flags)
2561{
2562	int may = 0;
2563
2564	if (flags & S_IRUGO)
2565		may |= MAY_READ;
2566	if (flags & S_IWUGO)
2567		may |= MAY_WRITE;
2568	if (flags & S_IXUGO)
2569		may |= MAY_EXEC;
2570
2571	return may;
2572}
2573
2574/**
2575 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2576 * @msg: the object
2577 *
2578 * Returns 0
2579 */
2580static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2581{
2582	struct smack_known *skp = smk_of_current();
2583
2584	msg->security = skp;
2585	return 0;
2586}
2587
2588/**
2589 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2590 * @msg: the object
2591 *
2592 * Clears the blob pointer
2593 */
2594static void smack_msg_msg_free_security(struct msg_msg *msg)
2595{
2596	msg->security = NULL;
2597}
2598
2599/**
2600 * smack_of_shm - the smack pointer for the shm
2601 * @shp: the object
2602 *
2603 * Returns a pointer to the smack value
2604 */
2605static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2606{
2607	return (struct smack_known *)shp->shm_perm.security;
2608}
2609
2610/**
2611 * smack_shm_alloc_security - Set the security blob for shm
2612 * @shp: the object
2613 *
2614 * Returns 0
2615 */
2616static int smack_shm_alloc_security(struct shmid_kernel *shp)
2617{
2618	struct kern_ipc_perm *isp = &shp->shm_perm;
2619	struct smack_known *skp = smk_of_current();
2620
2621	isp->security = skp;
2622	return 0;
2623}
2624
2625/**
2626 * smack_shm_free_security - Clear the security blob for shm
2627 * @shp: the object
2628 *
2629 * Clears the blob pointer
2630 */
2631static void smack_shm_free_security(struct shmid_kernel *shp)
2632{
2633	struct kern_ipc_perm *isp = &shp->shm_perm;
2634
2635	isp->security = NULL;
2636}
2637
2638/**
2639 * smk_curacc_shm : check if current has access on shm
2640 * @shp : the object
2641 * @access : access requested
2642 *
2643 * Returns 0 if current has the requested access, error code otherwise
2644 */
2645static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2646{
2647	struct smack_known *ssp = smack_of_shm(shp);
2648	struct smk_audit_info ad;
2649	int rc;
2650
2651#ifdef CONFIG_AUDIT
2652	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2653	ad.a.u.ipc_id = shp->shm_perm.id;
2654#endif
2655	rc = smk_curacc(ssp, access, &ad);
2656	rc = smk_bu_current("shm", ssp, access, rc);
2657	return rc;
2658}
2659
2660/**
2661 * smack_shm_associate - Smack access check for shm
2662 * @shp: the object
2663 * @shmflg: access requested
2664 *
2665 * Returns 0 if current has the requested access, error code otherwise
2666 */
2667static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2668{
2669	int may;
2670
2671	may = smack_flags_to_may(shmflg);
2672	return smk_curacc_shm(shp, may);
2673}
2674
2675/**
2676 * smack_shm_shmctl - Smack access check for shm
2677 * @shp: the object
2678 * @cmd: what it wants to do
2679 *
2680 * Returns 0 if current has the requested access, error code otherwise
2681 */
2682static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2683{
2684	int may;
2685
2686	switch (cmd) {
2687	case IPC_STAT:
2688	case SHM_STAT:
2689		may = MAY_READ;
2690		break;
2691	case IPC_SET:
2692	case SHM_LOCK:
2693	case SHM_UNLOCK:
2694	case IPC_RMID:
2695		may = MAY_READWRITE;
2696		break;
2697	case IPC_INFO:
2698	case SHM_INFO:
2699		/*
2700		 * System level information.
2701		 */
2702		return 0;
2703	default:
2704		return -EINVAL;
2705	}
2706	return smk_curacc_shm(shp, may);
2707}
2708
2709/**
2710 * smack_shm_shmat - Smack access for shmat
2711 * @shp: the object
2712 * @shmaddr: unused
2713 * @shmflg: access requested
2714 *
2715 * Returns 0 if current has the requested access, error code otherwise
2716 */
2717static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2718			   int shmflg)
2719{
2720	int may;
2721
2722	may = smack_flags_to_may(shmflg);
2723	return smk_curacc_shm(shp, may);
2724}
2725
2726/**
2727 * smack_of_sem - the smack pointer for the sem
2728 * @sma: the object
2729 *
2730 * Returns a pointer to the smack value
2731 */
2732static struct smack_known *smack_of_sem(struct sem_array *sma)
2733{
2734	return (struct smack_known *)sma->sem_perm.security;
2735}
2736
2737/**
2738 * smack_sem_alloc_security - Set the security blob for sem
2739 * @sma: the object
2740 *
2741 * Returns 0
2742 */
2743static int smack_sem_alloc_security(struct sem_array *sma)
2744{
2745	struct kern_ipc_perm *isp = &sma->sem_perm;
2746	struct smack_known *skp = smk_of_current();
2747
2748	isp->security = skp;
2749	return 0;
2750}
2751
2752/**
2753 * smack_sem_free_security - Clear the security blob for sem
2754 * @sma: the object
2755 *
2756 * Clears the blob pointer
2757 */
2758static void smack_sem_free_security(struct sem_array *sma)
2759{
2760	struct kern_ipc_perm *isp = &sma->sem_perm;
2761
2762	isp->security = NULL;
2763}
2764
2765/**
2766 * smk_curacc_sem : check if current has access on sem
2767 * @sma : the object
2768 * @access : access requested
2769 *
2770 * Returns 0 if current has the requested access, error code otherwise
2771 */
2772static int smk_curacc_sem(struct sem_array *sma, int access)
2773{
2774	struct smack_known *ssp = smack_of_sem(sma);
2775	struct smk_audit_info ad;
2776	int rc;
2777
2778#ifdef CONFIG_AUDIT
2779	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2780	ad.a.u.ipc_id = sma->sem_perm.id;
2781#endif
2782	rc = smk_curacc(ssp, access, &ad);
2783	rc = smk_bu_current("sem", ssp, access, rc);
2784	return rc;
2785}
2786
2787/**
2788 * smack_sem_associate - Smack access check for sem
2789 * @sma: the object
2790 * @semflg: access requested
2791 *
2792 * Returns 0 if current has the requested access, error code otherwise
2793 */
2794static int smack_sem_associate(struct sem_array *sma, int semflg)
2795{
2796	int may;
2797
2798	may = smack_flags_to_may(semflg);
2799	return smk_curacc_sem(sma, may);
2800}
2801
2802/**
2803 * smack_sem_shmctl - Smack access check for sem
2804 * @sma: the object
2805 * @cmd: what it wants to do
2806 *
2807 * Returns 0 if current has the requested access, error code otherwise
2808 */
2809static int smack_sem_semctl(struct sem_array *sma, int cmd)
2810{
2811	int may;
2812
2813	switch (cmd) {
2814	case GETPID:
2815	case GETNCNT:
2816	case GETZCNT:
2817	case GETVAL:
2818	case GETALL:
2819	case IPC_STAT:
2820	case SEM_STAT:
2821		may = MAY_READ;
2822		break;
2823	case SETVAL:
2824	case SETALL:
2825	case IPC_RMID:
2826	case IPC_SET:
2827		may = MAY_READWRITE;
2828		break;
2829	case IPC_INFO:
2830	case SEM_INFO:
2831		/*
2832		 * System level information
2833		 */
2834		return 0;
2835	default:
2836		return -EINVAL;
2837	}
2838
2839	return smk_curacc_sem(sma, may);
2840}
2841
2842/**
2843 * smack_sem_semop - Smack checks of semaphore operations
2844 * @sma: the object
2845 * @sops: unused
2846 * @nsops: unused
2847 * @alter: unused
2848 *
2849 * Treated as read and write in all cases.
2850 *
2851 * Returns 0 if access is allowed, error code otherwise
2852 */
2853static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2854			   unsigned nsops, int alter)
2855{
2856	return smk_curacc_sem(sma, MAY_READWRITE);
2857}
2858
2859/**
2860 * smack_msg_alloc_security - Set the security blob for msg
2861 * @msq: the object
2862 *
2863 * Returns 0
2864 */
2865static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2866{
2867	struct kern_ipc_perm *kisp = &msq->q_perm;
2868	struct smack_known *skp = smk_of_current();
2869
2870	kisp->security = skp;
2871	return 0;
2872}
2873
2874/**
2875 * smack_msg_free_security - Clear the security blob for msg
2876 * @msq: the object
2877 *
2878 * Clears the blob pointer
2879 */
2880static void smack_msg_queue_free_security(struct msg_queue *msq)
2881{
2882	struct kern_ipc_perm *kisp = &msq->q_perm;
2883
2884	kisp->security = NULL;
2885}
2886
2887/**
2888 * smack_of_msq - the smack pointer for the msq
2889 * @msq: the object
2890 *
2891 * Returns a pointer to the smack label entry
2892 */
2893static struct smack_known *smack_of_msq(struct msg_queue *msq)
2894{
2895	return (struct smack_known *)msq->q_perm.security;
2896}
2897
2898/**
2899 * smk_curacc_msq : helper to check if current has access on msq
2900 * @msq : the msq
2901 * @access : access requested
2902 *
2903 * return 0 if current has access, error otherwise
2904 */
2905static int smk_curacc_msq(struct msg_queue *msq, int access)
2906{
2907	struct smack_known *msp = smack_of_msq(msq);
2908	struct smk_audit_info ad;
2909	int rc;
2910
2911#ifdef CONFIG_AUDIT
2912	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2913	ad.a.u.ipc_id = msq->q_perm.id;
2914#endif
2915	rc = smk_curacc(msp, access, &ad);
2916	rc = smk_bu_current("msq", msp, access, rc);
2917	return rc;
2918}
2919
2920/**
2921 * smack_msg_queue_associate - Smack access check for msg_queue
2922 * @msq: the object
2923 * @msqflg: access requested
2924 *
2925 * Returns 0 if current has the requested access, error code otherwise
2926 */
2927static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2928{
2929	int may;
2930
2931	may = smack_flags_to_may(msqflg);
2932	return smk_curacc_msq(msq, may);
2933}
2934
2935/**
2936 * smack_msg_queue_msgctl - Smack access check for msg_queue
2937 * @msq: the object
2938 * @cmd: what it wants to do
2939 *
2940 * Returns 0 if current has the requested access, error code otherwise
2941 */
2942static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2943{
2944	int may;
2945
2946	switch (cmd) {
2947	case IPC_STAT:
2948	case MSG_STAT:
2949		may = MAY_READ;
2950		break;
2951	case IPC_SET:
2952	case IPC_RMID:
2953		may = MAY_READWRITE;
2954		break;
2955	case IPC_INFO:
2956	case MSG_INFO:
2957		/*
2958		 * System level information
2959		 */
2960		return 0;
2961	default:
2962		return -EINVAL;
2963	}
2964
2965	return smk_curacc_msq(msq, may);
2966}
2967
2968/**
2969 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2970 * @msq: the object
2971 * @msg: unused
2972 * @msqflg: access requested
2973 *
2974 * Returns 0 if current has the requested access, error code otherwise
2975 */
2976static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2977				  int msqflg)
2978{
2979	int may;
2980
2981	may = smack_flags_to_may(msqflg);
2982	return smk_curacc_msq(msq, may);
2983}
2984
2985/**
2986 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2987 * @msq: the object
2988 * @msg: unused
2989 * @target: unused
2990 * @type: unused
2991 * @mode: unused
2992 *
2993 * Returns 0 if current has read and write access, error code otherwise
2994 */
2995static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2996			struct task_struct *target, long type, int mode)
2997{
2998	return smk_curacc_msq(msq, MAY_READWRITE);
2999}
3000
3001/**
3002 * smack_ipc_permission - Smack access for ipc_permission()
3003 * @ipp: the object permissions
3004 * @flag: access requested
3005 *
3006 * Returns 0 if current has read and write access, error code otherwise
3007 */
3008static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3009{
3010	struct smack_known *iskp = ipp->security;
3011	int may = smack_flags_to_may(flag);
3012	struct smk_audit_info ad;
3013	int rc;
3014
3015#ifdef CONFIG_AUDIT
3016	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3017	ad.a.u.ipc_id = ipp->id;
3018#endif
3019	rc = smk_curacc(iskp, may, &ad);
3020	rc = smk_bu_current("svipc", iskp, may, rc);
3021	return rc;
3022}
3023
3024/**
3025 * smack_ipc_getsecid - Extract smack security id
3026 * @ipp: the object permissions
3027 * @secid: where result will be saved
3028 */
3029static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3030{
3031	struct smack_known *iskp = ipp->security;
3032
3033	*secid = iskp->smk_secid;
3034}
3035
3036/**
3037 * smack_d_instantiate - Make sure the blob is correct on an inode
3038 * @opt_dentry: dentry where inode will be attached
3039 * @inode: the object
3040 *
3041 * Set the inode's security blob if it hasn't been done already.
3042 */
3043static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3044{
3045	struct super_block *sbp;
3046	struct superblock_smack *sbsp;
3047	struct inode_smack *isp;
3048	struct smack_known *skp;
3049	struct smack_known *ckp = smk_of_current();
3050	struct smack_known *final;
3051	char trattr[TRANS_TRUE_SIZE];
3052	int transflag = 0;
3053	int rc;
3054	struct dentry *dp;
3055
3056	if (inode == NULL)
3057		return;
3058
3059	isp = inode->i_security;
3060
3061	mutex_lock(&isp->smk_lock);
3062	/*
3063	 * If the inode is already instantiated
3064	 * take the quick way out
3065	 */
3066	if (isp->smk_flags & SMK_INODE_INSTANT)
3067		goto unlockandout;
3068
3069	sbp = inode->i_sb;
3070	sbsp = sbp->s_security;
3071	/*
3072	 * We're going to use the superblock default label
3073	 * if there's no label on the file.
3074	 */
3075	final = sbsp->smk_default;
3076
3077	/*
3078	 * If this is the root inode the superblock
3079	 * may be in the process of initialization.
3080	 * If that is the case use the root value out
3081	 * of the superblock.
3082	 */
3083	if (opt_dentry->d_parent == opt_dentry) {
3084		switch (sbp->s_magic) {
3085		case CGROUP_SUPER_MAGIC:
3086			/*
3087			 * The cgroup filesystem is never mounted,
3088			 * so there's no opportunity to set the mount
3089			 * options.
3090			 */
3091			sbsp->smk_root = &smack_known_star;
3092			sbsp->smk_default = &smack_known_star;
3093			isp->smk_inode = sbsp->smk_root;
3094			break;
3095		case TMPFS_MAGIC:
3096			/*
3097			 * What about shmem/tmpfs anonymous files with dentry
3098			 * obtained from d_alloc_pseudo()?
3099			 */
3100			isp->smk_inode = smk_of_current();
3101			break;
3102		default:
3103			isp->smk_inode = sbsp->smk_root;
3104			break;
3105		}
3106		isp->smk_flags |= SMK_INODE_INSTANT;
3107		goto unlockandout;
3108	}
3109
3110	/*
3111	 * This is pretty hackish.
3112	 * Casey says that we shouldn't have to do
3113	 * file system specific code, but it does help
3114	 * with keeping it simple.
3115	 */
3116	switch (sbp->s_magic) {
3117	case SMACK_MAGIC:
3118	case PIPEFS_MAGIC:
3119	case SOCKFS_MAGIC:
3120	case CGROUP_SUPER_MAGIC:
3121		/*
3122		 * Casey says that it's a little embarrassing
3123		 * that the smack file system doesn't do
3124		 * extended attributes.
3125		 *
3126		 * Casey says pipes are easy (?)
3127		 *
3128		 * Socket access is controlled by the socket
3129		 * structures associated with the task involved.
3130		 *
3131		 * Cgroupfs is special
3132		 */
3133		final = &smack_known_star;
3134		break;
3135	case DEVPTS_SUPER_MAGIC:
3136		/*
3137		 * devpts seems content with the label of the task.
3138		 * Programs that change smack have to treat the
3139		 * pty with respect.
3140		 */
3141		final = ckp;
3142		break;
3143	case PROC_SUPER_MAGIC:
3144		/*
3145		 * Casey says procfs appears not to care.
3146		 * The superblock default suffices.
3147		 */
3148		break;
3149	case TMPFS_MAGIC:
3150		/*
3151		 * Device labels should come from the filesystem,
3152		 * but watch out, because they're volitile,
3153		 * getting recreated on every reboot.
3154		 */
3155		final = &smack_known_star;
3156		/*
3157		 * No break.
3158		 *
3159		 * If a smack value has been set we want to use it,
3160		 * but since tmpfs isn't giving us the opportunity
3161		 * to set mount options simulate setting the
3162		 * superblock default.
3163		 */
3164	default:
3165		/*
3166		 * This isn't an understood special case.
3167		 * Get the value from the xattr.
3168		 */
3169
3170		/*
3171		 * UNIX domain sockets use lower level socket data.
3172		 */
3173		if (S_ISSOCK(inode->i_mode)) {
3174			final = &smack_known_star;
3175			break;
3176		}
3177		/*
3178		 * No xattr support means, alas, no SMACK label.
3179		 * Use the aforeapplied default.
3180		 * It would be curious if the label of the task
3181		 * does not match that assigned.
3182		 */
3183		if (inode->i_op->getxattr == NULL)
3184			break;
3185		/*
3186		 * Get the dentry for xattr.
3187		 */
3188		dp = dget(opt_dentry);
3189		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3190		if (!IS_ERR_OR_NULL(skp))
3191			final = skp;
3192
3193		/*
3194		 * Transmuting directory
3195		 */
3196		if (S_ISDIR(inode->i_mode)) {
3197			/*
3198			 * If this is a new directory and the label was
3199			 * transmuted when the inode was initialized
3200			 * set the transmute attribute on the directory
3201			 * and mark the inode.
3202			 *
3203			 * If there is a transmute attribute on the
3204			 * directory mark the inode.
3205			 */
3206			if (isp->smk_flags & SMK_INODE_CHANGED) {
3207				isp->smk_flags &= ~SMK_INODE_CHANGED;
3208				rc = inode->i_op->setxattr(dp,
3209					XATTR_NAME_SMACKTRANSMUTE,
3210					TRANS_TRUE, TRANS_TRUE_SIZE,
3211					0);
3212			} else {
3213				rc = inode->i_op->getxattr(dp,
3214					XATTR_NAME_SMACKTRANSMUTE, trattr,
3215					TRANS_TRUE_SIZE);
3216				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3217						       TRANS_TRUE_SIZE) != 0)
3218					rc = -EINVAL;
3219			}
3220			if (rc >= 0)
3221				transflag = SMK_INODE_TRANSMUTE;
3222		}
3223		/*
3224		 * Don't let the exec or mmap label be "*" or "@".
3225		 */
3226		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3227		if (IS_ERR(skp) || skp == &smack_known_star ||
3228		    skp == &smack_known_web)
3229			skp = NULL;
3230		isp->smk_task = skp;
3231
3232		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3233		if (IS_ERR(skp) || skp == &smack_known_star ||
3234		    skp == &smack_known_web)
3235			skp = NULL;
3236		isp->smk_mmap = skp;
3237
3238		dput(dp);
3239		break;
3240	}
3241
3242	if (final == NULL)
3243		isp->smk_inode = ckp;
3244	else
3245		isp->smk_inode = final;
3246
3247	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3248
3249unlockandout:
3250	mutex_unlock(&isp->smk_lock);
3251	return;
3252}
3253
3254/**
3255 * smack_getprocattr - Smack process attribute access
3256 * @p: the object task
3257 * @name: the name of the attribute in /proc/.../attr
3258 * @value: where to put the result
3259 *
3260 * Places a copy of the task Smack into value
3261 *
3262 * Returns the length of the smack label or an error code
3263 */
3264static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3265{
3266	struct smack_known *skp = smk_of_task_struct(p);
3267	char *cp;
3268	int slen;
3269
3270	if (strcmp(name, "current") != 0)
3271		return -EINVAL;
3272
3273	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3274	if (cp == NULL)
3275		return -ENOMEM;
3276
3277	slen = strlen(cp);
3278	*value = cp;
3279	return slen;
3280}
3281
3282/**
3283 * smack_setprocattr - Smack process attribute setting
3284 * @p: the object task
3285 * @name: the name of the attribute in /proc/.../attr
3286 * @value: the value to set
3287 * @size: the size of the value
3288 *
3289 * Sets the Smack value of the task. Only setting self
3290 * is permitted and only with privilege
3291 *
3292 * Returns the length of the smack label or an error code
3293 */
3294static int smack_setprocattr(struct task_struct *p, char *name,
3295			     void *value, size_t size)
3296{
3297	struct task_smack *tsp;
3298	struct cred *new;
3299	struct smack_known *skp;
3300
3301	/*
3302	 * Changing another process' Smack value is too dangerous
3303	 * and supports no sane use case.
3304	 */
3305	if (p != current)
3306		return -EPERM;
3307
3308	if (!smack_privileged(CAP_MAC_ADMIN))
3309		return -EPERM;
3310
3311	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3312		return -EINVAL;
3313
3314	if (strcmp(name, "current") != 0)
3315		return -EINVAL;
3316
3317	skp = smk_import_entry(value, size);
3318	if (IS_ERR(skp))
3319		return PTR_ERR(skp);
3320
3321	/*
3322	 * No process is ever allowed the web ("@") label.
3323	 */
3324	if (skp == &smack_known_web)
3325		return -EPERM;
3326
3327	new = prepare_creds();
3328	if (new == NULL)
3329		return -ENOMEM;
3330
3331	tsp = new->security;
3332	tsp->smk_task = skp;
3333
3334	commit_creds(new);
3335	return size;
3336}
3337
3338/**
3339 * smack_unix_stream_connect - Smack access on UDS
3340 * @sock: one sock
3341 * @other: the other sock
3342 * @newsk: unused
3343 *
3344 * Return 0 if a subject with the smack of sock could access
3345 * an object with the smack of other, otherwise an error code
3346 */
3347static int smack_unix_stream_connect(struct sock *sock,
3348				     struct sock *other, struct sock *newsk)
3349{
3350	struct smack_known *skp;
3351	struct smack_known *okp;
3352	struct socket_smack *ssp = sock->sk_security;
3353	struct socket_smack *osp = other->sk_security;
3354	struct socket_smack *nsp = newsk->sk_security;
3355	struct smk_audit_info ad;
3356	int rc = 0;
3357#ifdef CONFIG_AUDIT
3358	struct lsm_network_audit net;
3359#endif
3360
3361	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3362		skp = ssp->smk_out;
3363		okp = osp->smk_in;
3364#ifdef CONFIG_AUDIT
3365		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3366		smk_ad_setfield_u_net_sk(&ad, other);
3367#endif
3368		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3369		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3370		if (rc == 0) {
3371			okp = osp->smk_out;
3372			skp = ssp->smk_in;
3373			rc = smk_access(okp, skp, MAY_WRITE, &ad);
3374			rc = smk_bu_note("UDS connect", okp, skp,
3375						MAY_WRITE, rc);
3376		}
3377	}
3378
3379	/*
3380	 * Cross reference the peer labels for SO_PEERSEC.
3381	 */
3382	if (rc == 0) {
3383		nsp->smk_packet = ssp->smk_out;
3384		ssp->smk_packet = osp->smk_out;
3385	}
3386
3387	return rc;
3388}
3389
3390/**
3391 * smack_unix_may_send - Smack access on UDS
3392 * @sock: one socket
3393 * @other: the other socket
3394 *
3395 * Return 0 if a subject with the smack of sock could access
3396 * an object with the smack of other, otherwise an error code
3397 */
3398static int smack_unix_may_send(struct socket *sock, struct socket *other)
3399{
3400	struct socket_smack *ssp = sock->sk->sk_security;
3401	struct socket_smack *osp = other->sk->sk_security;
3402	struct smk_audit_info ad;
3403	int rc;
3404
3405#ifdef CONFIG_AUDIT
3406	struct lsm_network_audit net;
3407
3408	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3409	smk_ad_setfield_u_net_sk(&ad, other->sk);
3410#endif
3411
3412	if (smack_privileged(CAP_MAC_OVERRIDE))
3413		return 0;
3414
3415	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3416	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3417	return rc;
3418}
3419
3420/**
3421 * smack_socket_sendmsg - Smack check based on destination host
3422 * @sock: the socket
3423 * @msg: the message
3424 * @size: the size of the message
3425 *
3426 * Return 0 if the current subject can write to the destination host.
3427 * For IPv4 this is only a question if the destination is a single label host.
3428 * For IPv6 this is a check against the label of the port.
3429 */
3430static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3431				int size)
3432{
3433	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3434#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
3435	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3436#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
3437	int rc = 0;
3438
3439	/*
3440	 * Perfectly reasonable for this to be NULL
3441	 */
3442	if (sip == NULL)
3443		return 0;
3444
3445	switch (sip->sin_family) {
3446	case AF_INET:
3447		rc = smack_netlabel_send(sock->sk, sip);
3448		break;
3449	case AF_INET6:
3450#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
3451		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3452#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
3453		break;
3454	}
3455	return rc;
3456}
3457
3458/**
3459 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3460 * @sap: netlabel secattr
3461 * @ssp: socket security information
3462 *
3463 * Returns a pointer to a Smack label entry found on the label list.
3464 */
3465static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3466						struct socket_smack *ssp)
3467{
3468	struct smack_known *skp;
3469	int found = 0;
3470	int acat;
3471	int kcat;
3472
3473	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3474		/*
3475		 * Looks like a CIPSO packet.
3476		 * If there are flags but no level netlabel isn't
3477		 * behaving the way we expect it to.
3478		 *
3479		 * Look it up in the label table
3480		 * Without guidance regarding the smack value
3481		 * for the packet fall back on the network
3482		 * ambient value.
3483		 */
3484		rcu_read_lock();
3485		list_for_each_entry(skp, &smack_known_list, list) {
3486			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3487				continue;
3488			/*
3489			 * Compare the catsets. Use the netlbl APIs.
3490			 */
3491			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3492				if ((skp->smk_netlabel.flags &
3493				     NETLBL_SECATTR_MLS_CAT) == 0)
3494					found = 1;
3495				break;
3496			}
3497			for (acat = -1, kcat = -1; acat == kcat; ) {
3498				acat = netlbl_catmap_walk(sap->attr.mls.cat,
3499							  acat + 1);
3500				kcat = netlbl_catmap_walk(
3501					skp->smk_netlabel.attr.mls.cat,
3502					kcat + 1);
3503				if (acat < 0 || kcat < 0)
3504					break;
3505			}
3506			if (acat == kcat) {
3507				found = 1;
3508				break;
3509			}
3510		}
3511		rcu_read_unlock();
3512
3513		if (found)
3514			return skp;
3515
3516		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3517			return &smack_known_web;
3518		return &smack_known_star;
3519	}
3520	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3521		/*
3522		 * Looks like a fallback, which gives us a secid.
3523		 */
3524		skp = smack_from_secid(sap->attr.secid);
3525		/*
3526		 * This has got to be a bug because it is
3527		 * impossible to specify a fallback without
3528		 * specifying the label, which will ensure
3529		 * it has a secid, and the only way to get a
3530		 * secid is from a fallback.
3531		 */
3532		BUG_ON(skp == NULL);
3533		return skp;
3534	}
3535	/*
3536	 * Without guidance regarding the smack value
3537	 * for the packet fall back on the network
3538	 * ambient value.
3539	 */
3540	return smack_net_ambient;
3541}
3542
3543#if IS_ENABLED(CONFIG_IPV6)
3544static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3545{
3546	u8 nexthdr;
3547	int offset;
3548	int proto = -EINVAL;
3549	struct ipv6hdr _ipv6h;
3550	struct ipv6hdr *ip6;
3551	__be16 frag_off;
3552	struct tcphdr _tcph, *th;
3553	struct udphdr _udph, *uh;
3554	struct dccp_hdr _dccph, *dh;
3555
3556	sip->sin6_port = 0;
3557
3558	offset = skb_network_offset(skb);
3559	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3560	if (ip6 == NULL)
3561		return -EINVAL;
3562	sip->sin6_addr = ip6->saddr;
3563
3564	nexthdr = ip6->nexthdr;
3565	offset += sizeof(_ipv6h);
3566	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3567	if (offset < 0)
3568		return -EINVAL;
3569
3570	proto = nexthdr;
3571	switch (proto) {
3572	case IPPROTO_TCP:
3573		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3574		if (th != NULL)
3575			sip->sin6_port = th->source;
3576		break;
3577	case IPPROTO_UDP:
3578		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3579		if (uh != NULL)
3580			sip->sin6_port = uh->source;
3581		break;
3582	case IPPROTO_DCCP:
3583		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3584		if (dh != NULL)
3585			sip->sin6_port = dh->dccph_sport;
3586		break;
3587	}
3588	return proto;
3589}
3590#endif /* CONFIG_IPV6 */
3591
3592/**
3593 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3594 * @sk: socket
3595 * @skb: packet
3596 *
3597 * Returns 0 if the packet should be delivered, an error code otherwise
3598 */
3599static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3600{
3601	struct netlbl_lsm_secattr secattr;
3602	struct socket_smack *ssp = sk->sk_security;
3603	struct smack_known *skp = NULL;
3604	int rc = 0;
3605	struct smk_audit_info ad;
3606#ifdef CONFIG_AUDIT
3607	struct lsm_network_audit net;
3608#endif
3609#if IS_ENABLED(CONFIG_IPV6)
3610	struct sockaddr_in6 sadd;
3611	int proto;
3612#endif /* CONFIG_IPV6 */
3613
3614	switch (sk->sk_family) {
3615	case PF_INET:
3616#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3617		/*
3618		 * If there is a secmark use it rather than the CIPSO label.
3619		 * If there is no secmark fall back to CIPSO.
3620		 * The secmark is assumed to reflect policy better.
3621		 */
3622		if (skb && skb->secmark != 0) {
3623			skp = smack_from_secid(skb->secmark);
3624			goto access_check;
3625		}
3626#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3627		/*
3628		 * Translate what netlabel gave us.
3629		 */
3630		netlbl_secattr_init(&secattr);
3631
3632		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3633		if (rc == 0)
3634			skp = smack_from_secattr(&secattr, ssp);
3635		else
3636			skp = smack_net_ambient;
3637
3638		netlbl_secattr_destroy(&secattr);
3639
3640#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3641access_check:
3642#endif
3643#ifdef CONFIG_AUDIT
3644		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3645		ad.a.u.net->family = sk->sk_family;
3646		ad.a.u.net->netif = skb->skb_iif;
3647		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3648#endif
3649		/*
3650		 * Receiving a packet requires that the other end
3651		 * be able to write here. Read access is not required.
3652		 * This is the simplist possible security model
3653		 * for networking.
3654		 */
3655		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3656		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
3657					MAY_WRITE, rc);
3658		if (rc != 0)
3659			netlbl_skbuff_err(skb, rc, 0);
3660		break;
3661#if IS_ENABLED(CONFIG_IPV6)
3662	case PF_INET6:
3663		proto = smk_skb_to_addr_ipv6(skb, &sadd);
3664		if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
3665			break;
3666#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3667		if (skb && skb->secmark != 0)
3668			skp = smack_from_secid(skb->secmark);
3669		else
3670			skp = smack_net_ambient;
3671#ifdef CONFIG_AUDIT
3672		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3673		ad.a.u.net->family = sk->sk_family;
3674		ad.a.u.net->netif = skb->skb_iif;
3675		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3676#endif /* CONFIG_AUDIT */
3677		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3678		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3679					MAY_WRITE, rc);
3680#else /* CONFIG_SECURITY_SMACK_NETFILTER */
3681		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3682#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3683		break;
3684#endif /* CONFIG_IPV6 */
3685	}
3686
3687	return rc;
3688}
3689
3690/**
3691 * smack_socket_getpeersec_stream - pull in packet label
3692 * @sock: the socket
3693 * @optval: user's destination
3694 * @optlen: size thereof
3695 * @len: max thereof
3696 *
3697 * returns zero on success, an error code otherwise
3698 */
3699static int smack_socket_getpeersec_stream(struct socket *sock,
3700					  char __user *optval,
3701					  int __user *optlen, unsigned len)
3702{
3703	struct socket_smack *ssp;
3704	char *rcp = "";
3705	int slen = 1;
3706	int rc = 0;
3707
3708	ssp = sock->sk->sk_security;
3709	if (ssp->smk_packet != NULL) {
3710		rcp = ssp->smk_packet->smk_known;
3711		slen = strlen(rcp) + 1;
3712	}
3713
3714	if (slen > len)
3715		rc = -ERANGE;
3716	else if (copy_to_user(optval, rcp, slen) != 0)
3717		rc = -EFAULT;
3718
3719	if (put_user(slen, optlen) != 0)
3720		rc = -EFAULT;
3721
3722	return rc;
3723}
3724
3725
3726/**
3727 * smack_socket_getpeersec_dgram - pull in packet label
3728 * @sock: the peer socket
3729 * @skb: packet data
3730 * @secid: pointer to where to put the secid of the packet
3731 *
3732 * Sets the netlabel socket state on sk from parent
3733 */
3734static int smack_socket_getpeersec_dgram(struct socket *sock,
3735					 struct sk_buff *skb, u32 *secid)
3736
3737{
3738	struct netlbl_lsm_secattr secattr;
3739	struct socket_smack *ssp = NULL;
3740	struct smack_known *skp;
3741	int family = PF_UNSPEC;
3742	u32 s = 0;	/* 0 is the invalid secid */
3743	int rc;
3744
3745	if (skb != NULL) {
3746		if (skb->protocol == htons(ETH_P_IP))
3747			family = PF_INET;
3748#if IS_ENABLED(CONFIG_IPV6)
3749		else if (skb->protocol == htons(ETH_P_IPV6))
3750			family = PF_INET6;
3751#endif /* CONFIG_IPV6 */
3752	}
3753	if (family == PF_UNSPEC && sock != NULL)
3754		family = sock->sk->sk_family;
3755
3756	switch (family) {
3757	case PF_UNIX:
3758		ssp = sock->sk->sk_security;
3759		s = ssp->smk_out->smk_secid;
3760		break;
3761	case PF_INET:
3762#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3763		s = skb->secmark;
3764		if (s != 0)
3765			break;
3766#endif
3767		/*
3768		 * Translate what netlabel gave us.
3769		 */
3770		if (sock != NULL && sock->sk != NULL)
3771			ssp = sock->sk->sk_security;
3772		netlbl_secattr_init(&secattr);
3773		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3774		if (rc == 0) {
3775			skp = smack_from_secattr(&secattr, ssp);
3776			s = skp->smk_secid;
3777		}
3778		netlbl_secattr_destroy(&secattr);
3779		break;
3780#if IS_ENABLED(CONFIG_IPV6)
3781	case PF_INET6:
3782#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3783		s = skb->secmark;
3784#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3785		break;
3786#endif /* CONFIG_IPV6 */
3787	}
3788	*secid = s;
3789	if (s == 0)
3790		return -EINVAL;
3791	return 0;
3792}
3793
3794/**
3795 * smack_sock_graft - Initialize a newly created socket with an existing sock
3796 * @sk: child sock
3797 * @parent: parent socket
3798 *
3799 * Set the smk_{in,out} state of an existing sock based on the process that
3800 * is creating the new socket.
3801 */
3802static void smack_sock_graft(struct sock *sk, struct socket *parent)
3803{
3804	struct socket_smack *ssp;
3805	struct smack_known *skp = smk_of_current();
3806
3807	if (sk == NULL ||
3808	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3809		return;
3810
3811	ssp = sk->sk_security;
3812	ssp->smk_in = skp;
3813	ssp->smk_out = skp;
3814	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
3815}
3816
3817/**
3818 * smack_inet_conn_request - Smack access check on connect
3819 * @sk: socket involved
3820 * @skb: packet
3821 * @req: unused
3822 *
3823 * Returns 0 if a task with the packet label could write to
3824 * the socket, otherwise an error code
3825 */
3826static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3827				   struct request_sock *req)
3828{
3829	u16 family = sk->sk_family;
3830	struct smack_known *skp;
3831	struct socket_smack *ssp = sk->sk_security;
3832	struct netlbl_lsm_secattr secattr;
3833	struct sockaddr_in addr;
3834	struct iphdr *hdr;
3835	struct smack_known *hskp;
3836	int rc;
3837	struct smk_audit_info ad;
3838#ifdef CONFIG_AUDIT
3839	struct lsm_network_audit net;
3840#endif
3841
3842#if IS_ENABLED(CONFIG_IPV6)
3843	if (family == PF_INET6) {
3844		/*
3845		 * Handle mapped IPv4 packets arriving
3846		 * via IPv6 sockets. Don't set up netlabel
3847		 * processing on IPv6.
3848		 */
3849		if (skb->protocol == htons(ETH_P_IP))
3850			family = PF_INET;
3851		else
3852			return 0;
3853	}
3854#endif /* CONFIG_IPV6 */
3855
3856#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3857	/*
3858	 * If there is a secmark use it rather than the CIPSO label.
3859	 * If there is no secmark fall back to CIPSO.
3860	 * The secmark is assumed to reflect policy better.
3861	 */
3862	if (skb && skb->secmark != 0) {
3863		skp = smack_from_secid(skb->secmark);
3864		goto access_check;
3865	}
3866#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3867
3868	netlbl_secattr_init(&secattr);
3869	rc = netlbl_skbuff_getattr(skb, family, &secattr);
3870	if (rc == 0)
3871		skp = smack_from_secattr(&secattr, ssp);
3872	else
3873		skp = &smack_known_huh;
3874	netlbl_secattr_destroy(&secattr);
3875
3876#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3877access_check:
3878#endif
3879
3880#ifdef CONFIG_AUDIT
3881	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3882	ad.a.u.net->family = family;
3883	ad.a.u.net->netif = skb->skb_iif;
3884	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3885#endif
3886	/*
3887	 * Receiving a packet requires that the other end be able to write
3888	 * here. Read access is not required.
3889	 */
3890	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3891	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
3892	if (rc != 0)
3893		return rc;
3894
3895	/*
3896	 * Save the peer's label in the request_sock so we can later setup
3897	 * smk_packet in the child socket so that SO_PEERCRED can report it.
3898	 */
3899	req->peer_secid = skp->smk_secid;
3900
3901	/*
3902	 * We need to decide if we want to label the incoming connection here
3903	 * if we do we only need to label the request_sock and the stack will
3904	 * propagate the wire-label to the sock when it is created.
3905	 */
3906	hdr = ip_hdr(skb);
3907	addr.sin_addr.s_addr = hdr->saddr;
3908	rcu_read_lock();
3909	hskp = smack_host_label(&addr);
3910	rcu_read_unlock();
3911
3912	if (hskp == NULL)
3913		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3914	else
3915		netlbl_req_delattr(req);
3916
3917	return rc;
3918}
3919
3920/**
3921 * smack_inet_csk_clone - Copy the connection information to the new socket
3922 * @sk: the new socket
3923 * @req: the connection's request_sock
3924 *
3925 * Transfer the connection's peer label to the newly created socket.
3926 */
3927static void smack_inet_csk_clone(struct sock *sk,
3928				 const struct request_sock *req)
3929{
3930	struct socket_smack *ssp = sk->sk_security;
3931	struct smack_known *skp;
3932
3933	if (req->peer_secid != 0) {
3934		skp = smack_from_secid(req->peer_secid);
3935		ssp->smk_packet = skp;
3936	} else
3937		ssp->smk_packet = NULL;
3938}
3939
3940/*
3941 * Key management security hooks
3942 *
3943 * Casey has not tested key support very heavily.
3944 * The permission check is most likely too restrictive.
3945 * If you care about keys please have a look.
3946 */
3947#ifdef CONFIG_KEYS
3948
3949/**
3950 * smack_key_alloc - Set the key security blob
3951 * @key: object
3952 * @cred: the credentials to use
3953 * @flags: unused
3954 *
3955 * No allocation required
3956 *
3957 * Returns 0
3958 */
3959static int smack_key_alloc(struct key *key, const struct cred *cred,
3960			   unsigned long flags)
3961{
3962	struct smack_known *skp = smk_of_task(cred->security);
3963
3964	key->security = skp;
3965	return 0;
3966}
3967
3968/**
3969 * smack_key_free - Clear the key security blob
3970 * @key: the object
3971 *
3972 * Clear the blob pointer
3973 */
3974static void smack_key_free(struct key *key)
3975{
3976	key->security = NULL;
3977}
3978
3979/**
3980 * smack_key_permission - Smack access on a key
3981 * @key_ref: gets to the object
3982 * @cred: the credentials to use
3983 * @perm: requested key permissions
3984 *
3985 * Return 0 if the task has read and write to the object,
3986 * an error code otherwise
3987 */
3988static int smack_key_permission(key_ref_t key_ref,
3989				const struct cred *cred, unsigned perm)
3990{
3991	struct key *keyp;
3992	struct smk_audit_info ad;
3993	struct smack_known *tkp = smk_of_task(cred->security);
3994	int request = 0;
3995	int rc;
3996
3997	keyp = key_ref_to_ptr(key_ref);
3998	if (keyp == NULL)
3999		return -EINVAL;
4000	/*
4001	 * If the key hasn't been initialized give it access so that
4002	 * it may do so.
4003	 */
4004	if (keyp->security == NULL)
4005		return 0;
4006	/*
4007	 * This should not occur
4008	 */
4009	if (tkp == NULL)
4010		return -EACCES;
4011#ifdef CONFIG_AUDIT
4012	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4013	ad.a.u.key_struct.key = keyp->serial;
4014	ad.a.u.key_struct.key_desc = keyp->description;
4015#endif
4016	if (perm & KEY_NEED_READ)
4017		request = MAY_READ;
4018	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4019		request = MAY_WRITE;
4020	rc = smk_access(tkp, keyp->security, request, &ad);
4021	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4022	return rc;
4023}
4024
4025/*
4026 * smack_key_getsecurity - Smack label tagging the key
4027 * @key points to the key to be queried
4028 * @_buffer points to a pointer that should be set to point to the
4029 * resulting string (if no label or an error occurs).
4030 * Return the length of the string (including terminating NUL) or -ve if
4031 * an error.
4032 * May also return 0 (and a NULL buffer pointer) if there is no label.
4033 */
4034static int smack_key_getsecurity(struct key *key, char **_buffer)
4035{
4036	struct smack_known *skp = key->security;
4037	size_t length;
4038	char *copy;
4039
4040	if (key->security == NULL) {
4041		*_buffer = NULL;
4042		return 0;
4043	}
4044
4045	copy = kstrdup(skp->smk_known, GFP_KERNEL);
4046	if (copy == NULL)
4047		return -ENOMEM;
4048	length = strlen(copy) + 1;
4049
4050	*_buffer = copy;
4051	return length;
4052}
4053
4054#endif /* CONFIG_KEYS */
4055
4056/*
4057 * Smack Audit hooks
4058 *
4059 * Audit requires a unique representation of each Smack specific
4060 * rule. This unique representation is used to distinguish the
4061 * object to be audited from remaining kernel objects and also
4062 * works as a glue between the audit hooks.
4063 *
4064 * Since repository entries are added but never deleted, we'll use
4065 * the smack_known label address related to the given audit rule as
4066 * the needed unique representation. This also better fits the smack
4067 * model where nearly everything is a label.
4068 */
4069#ifdef CONFIG_AUDIT
4070
4071/**
4072 * smack_audit_rule_init - Initialize a smack audit rule
4073 * @field: audit rule fields given from user-space (audit.h)
4074 * @op: required testing operator (=, !=, >, <, ...)
4075 * @rulestr: smack label to be audited
4076 * @vrule: pointer to save our own audit rule representation
4077 *
4078 * Prepare to audit cases where (@field @op @rulestr) is true.
4079 * The label to be audited is created if necessay.
4080 */
4081static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4082{
4083	struct smack_known *skp;
4084	char **rule = (char **)vrule;
4085	*rule = NULL;
4086
4087	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4088		return -EINVAL;
4089
4090	if (op != Audit_equal && op != Audit_not_equal)
4091		return -EINVAL;
4092
4093	skp = smk_import_entry(rulestr, 0);
4094	if (IS_ERR(skp))
4095		return PTR_ERR(skp);
4096
4097	*rule = skp->smk_known;
4098
4099	return 0;
4100}
4101
4102/**
4103 * smack_audit_rule_known - Distinguish Smack audit rules
4104 * @krule: rule of interest, in Audit kernel representation format
4105 *
4106 * This is used to filter Smack rules from remaining Audit ones.
4107 * If it's proved that this rule belongs to us, the
4108 * audit_rule_match hook will be called to do the final judgement.
4109 */
4110static int smack_audit_rule_known(struct audit_krule *krule)
4111{
4112	struct audit_field *f;
4113	int i;
4114
4115	for (i = 0; i < krule->field_count; i++) {
4116		f = &krule->fields[i];
4117
4118		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4119			return 1;
4120	}
4121
4122	return 0;
4123}
4124
4125/**
4126 * smack_audit_rule_match - Audit given object ?
4127 * @secid: security id for identifying the object to test
4128 * @field: audit rule flags given from user-space
4129 * @op: required testing operator
4130 * @vrule: smack internal rule presentation
4131 * @actx: audit context associated with the check
4132 *
4133 * The core Audit hook. It's used to take the decision of
4134 * whether to audit or not to audit a given object.
4135 */
4136static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4137				  struct audit_context *actx)
4138{
4139	struct smack_known *skp;
4140	char *rule = vrule;
4141
4142	if (unlikely(!rule)) {
4143		WARN_ONCE(1, "Smack: missing rule\n");
4144		return -ENOENT;
4145	}
4146
4147	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4148		return 0;
4149
4150	skp = smack_from_secid(secid);
4151
4152	/*
4153	 * No need to do string comparisons. If a match occurs,
4154	 * both pointers will point to the same smack_known
4155	 * label.
4156	 */
4157	if (op == Audit_equal)
4158		return (rule == skp->smk_known);
4159	if (op == Audit_not_equal)
4160		return (rule != skp->smk_known);
4161
4162	return 0;
4163}
4164
4165/**
4166 * smack_audit_rule_free - free smack rule representation
4167 * @vrule: rule to be freed.
4168 *
4169 * No memory was allocated.
4170 */
4171static void smack_audit_rule_free(void *vrule)
4172{
4173	/* No-op */
4174}
4175
4176#endif /* CONFIG_AUDIT */
4177
4178/**
4179 * smack_ismaclabel - check if xattr @name references a smack MAC label
4180 * @name: Full xattr name to check.
4181 */
4182static int smack_ismaclabel(const char *name)
4183{
4184	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4185}
4186
4187
4188/**
4189 * smack_secid_to_secctx - return the smack label for a secid
4190 * @secid: incoming integer
4191 * @secdata: destination
4192 * @seclen: how long it is
4193 *
4194 * Exists for networking code.
4195 */
4196static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4197{
4198	struct smack_known *skp = smack_from_secid(secid);
4199
4200	if (secdata)
4201		*secdata = skp->smk_known;
4202	*seclen = strlen(skp->smk_known);
4203	return 0;
4204}
4205
4206/**
4207 * smack_secctx_to_secid - return the secid for a smack label
4208 * @secdata: smack label
4209 * @seclen: how long result is
4210 * @secid: outgoing integer
4211 *
4212 * Exists for audit and networking code.
4213 */
4214static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4215{
4216	struct smack_known *skp = smk_find_entry(secdata);
4217
4218	if (skp)
4219		*secid = skp->smk_secid;
4220	else
4221		*secid = 0;
4222	return 0;
4223}
4224
4225/**
4226 * smack_release_secctx - don't do anything.
4227 * @secdata: unused
4228 * @seclen: unused
4229 *
4230 * Exists to make sure nothing gets done, and properly
4231 */
4232static void smack_release_secctx(char *secdata, u32 seclen)
4233{
4234}
4235
4236static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4237{
4238	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4239}
4240
4241static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4242{
4243	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4244}
4245
4246static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4247{
4248	int len = 0;
4249	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4250
4251	if (len < 0)
4252		return len;
4253	*ctxlen = len;
4254	return 0;
4255}
4256
4257struct security_hook_list smack_hooks[] = {
4258	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4259	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4260	LSM_HOOK_INIT(syslog, smack_syslog),
4261
4262	LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4263	LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4264	LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4265	LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4266	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4267
4268	LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4269	LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
4270	LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
4271
4272	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4273	LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4274	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4275	LSM_HOOK_INIT(inode_link, smack_inode_link),
4276	LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4277	LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4278	LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4279	LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4280	LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4281	LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4282	LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4283	LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4284	LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4285	LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4286	LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4287	LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4288	LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4289	LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4290
4291	LSM_HOOK_INIT(file_permission, smack_file_permission),
4292	LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4293	LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4294	LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4295	LSM_HOOK_INIT(file_lock, smack_file_lock),
4296	LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4297	LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4298	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4299	LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4300	LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4301	LSM_HOOK_INIT(file_receive, smack_file_receive),
4302
4303	LSM_HOOK_INIT(file_open, smack_file_open),
4304
4305	LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4306	LSM_HOOK_INIT(cred_free, smack_cred_free),
4307	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4308	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4309	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4310	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4311	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4312	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4313	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4314	LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4315	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4316	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4317	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4318	LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4319	LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4320	LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4321	LSM_HOOK_INIT(task_kill, smack_task_kill),
4322	LSM_HOOK_INIT(task_wait, smack_task_wait),
4323	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4324
4325	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4326	LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4327
4328	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4329	LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4330
4331	LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
4332	LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
4333	LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4334	LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4335	LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4336	LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4337
4338	LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
4339	LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
4340	LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4341	LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4342	LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4343
4344	LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
4345	LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
4346	LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4347	LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4348	LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4349
4350	LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4351
4352	LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4353	LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4354
4355	LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4356	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4357
4358	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4359#ifndef CONFIG_SECURITY_SMACK_NETFILTER
4360	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4361#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4362	LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4363	LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4364	LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4365	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4366	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4367	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4368	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4369	LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4370	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4371	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4372
4373 /* key management security hooks */
4374#ifdef CONFIG_KEYS
4375	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4376	LSM_HOOK_INIT(key_free, smack_key_free),
4377	LSM_HOOK_INIT(key_permission, smack_key_permission),
4378	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4379#endif /* CONFIG_KEYS */
4380
4381 /* Audit hooks */
4382#ifdef CONFIG_AUDIT
4383	LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4384	LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4385	LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4386	LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
4387#endif /* CONFIG_AUDIT */
4388
4389	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4390	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4391	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4392	LSM_HOOK_INIT(release_secctx, smack_release_secctx),
4393	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4394	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4395	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4396};
4397
4398
4399static __init void init_smack_known_list(void)
4400{
4401	/*
4402	 * Initialize rule list locks
4403	 */
4404	mutex_init(&smack_known_huh.smk_rules_lock);
4405	mutex_init(&smack_known_hat.smk_rules_lock);
4406	mutex_init(&smack_known_floor.smk_rules_lock);
4407	mutex_init(&smack_known_star.smk_rules_lock);
4408	mutex_init(&smack_known_invalid.smk_rules_lock);
4409	mutex_init(&smack_known_web.smk_rules_lock);
4410	/*
4411	 * Initialize rule lists
4412	 */
4413	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4414	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4415	INIT_LIST_HEAD(&smack_known_star.smk_rules);
4416	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4417	INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4418	INIT_LIST_HEAD(&smack_known_web.smk_rules);
4419	/*
4420	 * Create the known labels list
4421	 */
4422	smk_insert_entry(&smack_known_huh);
4423	smk_insert_entry(&smack_known_hat);
4424	smk_insert_entry(&smack_known_star);
4425	smk_insert_entry(&smack_known_floor);
4426	smk_insert_entry(&smack_known_invalid);
4427	smk_insert_entry(&smack_known_web);
4428}
4429
4430/**
4431 * smack_init - initialize the smack system
4432 *
4433 * Returns 0
4434 */
4435static __init int smack_init(void)
4436{
4437	struct cred *cred;
4438	struct task_smack *tsp;
4439
4440	if (!security_module_enable("smack"))
4441		return 0;
4442
4443	smack_enabled = 1;
4444
4445	smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4446	if (!smack_inode_cache)
4447		return -ENOMEM;
4448
4449	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4450				GFP_KERNEL);
4451	if (tsp == NULL) {
4452		kmem_cache_destroy(smack_inode_cache);
4453		return -ENOMEM;
4454	}
4455
4456	printk(KERN_INFO "Smack:  Initializing.\n");
4457
4458	/*
4459	 * Set the security state for the initial task.
4460	 */
4461	cred = (struct cred *) current->cred;
4462	cred->security = tsp;
4463
4464	/* initialize the smack_known_list */
4465	init_smack_known_list();
4466
4467	/*
4468	 * Register with LSM
4469	 */
4470	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks));
4471
4472	return 0;
4473}
4474
4475/*
4476 * Smack requires early initialization in order to label
4477 * all processes and objects when they are created.
4478 */
4479security_initcall(smack_init);
Configure Feed

Configure Feed
