]> git.ipfire.org Git - thirdparty/kernel/linux.git/blame - security/smack/smack_lsm.c
projects / thirdparty / kernel / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar...
[thirdparty/kernel/linux.git] / security / smack / smack_lsm.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
e114e473
CS		 2/*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
5c6d1125 7 * Authors:
e114e473 8 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 10 *
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 13 * Paul Moore <paul@paul-moore.com>
5c6d1125 14 * Copyright (C) 2010 Nokia Corporation
84088ba2 15 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 16 */
17
18#include <linux/xattr.h>
19#include <linux/pagemap.h>
20#include <linux/mount.h>
21#include <linux/stat.h>
e114e473
CS		 22#include <linux/kd.h>
23#include <asm/ioctls.h>
07feee8f 24#include <linux/ip.h>
e114e473
CS		 25#include <linux/tcp.h>
26#include <linux/udp.h>
c6739443 27#include <linux/dccp.h>
d66a8acb 28#include <linux/icmpv6.h>
5a0e3ad6 29#include <linux/slab.h>
e114e473 30#include <linux/mutex.h>
e114e473 31#include <net/cipso_ipv4.h>
c6739443
CS		 32#include <net/ip.h>
33#include <net/ipv6.h>
d20bdda6 34#include <linux/audit.h>
1fd7317d 35#include <linux/magic.h>
2a7dba39 36#include <linux/dcache.h>
16014d87 37#include <linux/personality.h>
40401530
AV		 38#include <linux/msg.h>
39#include <linux/shm.h>
bc46ef3c 40#include <uapi/linux/shm.h>
40401530 41#include <linux/binfmts.h>
3bf2789c 42#include <linux/parser.h>
2febd254
DH		 43#include <linux/fs_context.h>
44#include <linux/fs_parser.h>
a8478a60 45#include <linux/watch_queue.h>
b66509b8 46#include <linux/io_uring/cmd.h>
f3b8788c 47#include <uapi/linux/lsm.h>
e114e473
CS		 48#include "smack.h"
49
5c6d1125
JS		 50#define TRANS_TRUE "TRUE"
51#define TRANS_TRUE_SIZE 4
52
c6739443
CS		 53#define SMK_CONNECTING 0
54#define SMK_RECEIVING 1
55#define SMK_SENDING 2
56
baed456a
RS		 57/*
58 * Smack uses multiple xattrs.
59 * SMACK64 - for access control,
60 * SMACK64TRANSMUTE - label initialization,
61 * Not saved on files - SMACK64IPIN and SMACK64IPOUT,
62 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
63 */
64#define SMACK_INODE_INIT_XATTRS 2
6bcdfd2c 65
222a96b3 66#ifdef SMACK_IPV6_PORT_LABELING
00720f0e 67static DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 68static LIST_HEAD(smk_ipv6_port_list);
222a96b3 69#endif
4e328b08 70struct kmem_cache *smack_rule_cache;
bfc3cac0 71int smack_enabled __initdata;
c6739443 72
c3300aaf
AV		 73#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
74static struct {
75 const char *name;
76 int len;
77 int opt;
78} smk_mount_opts[] = {
6e7739fc 79 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
c3300aaf 80 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
3bf2789c 81};
c3300aaf
AV		 82#undef A
83
84static int match_opt_prefix(char *s, int l, char **arg)
85{
86 int i;
87
88 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
89 size_t len = smk_mount_opts[i].len;
90 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
91 continue;
92 if (len == l || s[len] != '=')
93 continue;
94 *arg = s + len + 1;
95 return smk_mount_opts[i].opt;
96 }
97 return Opt_error;
98}
3bf2789c 99
3d04c924
CS		 100#ifdef CONFIG_SECURITY_SMACK_BRINGUP
101static char *smk_bu_mess[] = {
102 "Bringup Error", /* Unused */
103 "Bringup", /* SMACK_BRINGUP_ALLOW */
104 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
105 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
106};
107
d166c802
CS		 108static void smk_bu_mode(int mode, char *s)
109{
110 int i = 0;
111
112 if (mode & MAY_READ)
113 s[i++] = 'r';
114 if (mode & MAY_WRITE)
115 s[i++] = 'w';
116 if (mode & MAY_EXEC)
117 s[i++] = 'x';
118 if (mode & MAY_APPEND)
119 s[i++] = 'a';
120 if (mode & MAY_TRANSMUTE)
121 s[i++] = 't';
122 if (mode & MAY_LOCK)
123 s[i++] = 'l';
124 if (i == 0)
125 s[i++] = '-';
126 s[i] = '\0';
127}
128#endif
129
130#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 131static int smk_bu_note(char *note, struct smack_known *sskp,
132 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 133{
134 char acc[SMK_NUM_ACCESS_TYPE + 1];
135
136 if (rc <= 0)
137 return rc;
bf4b2fee
CS		 138 if (rc > SMACK_UNCONFINED_OBJECT)
139 rc = 0;
d166c802
CS		 140
141 smk_bu_mode(mode, acc);
bf4b2fee 142 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 143 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 144 return 0;
145}
146#else
21c7eae2 147#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 148#endif
149
150#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 151static int smk_bu_current(char *note, struct smack_known *oskp,
152 int mode, int rc)
d166c802 153{
b17103a8 154 struct task_smack *tsp = smack_cred(current_cred());
d166c802
CS		 155 char acc[SMK_NUM_ACCESS_TYPE + 1];
156
157 if (rc <= 0)
158 return rc;
bf4b2fee
CS		 159 if (rc > SMACK_UNCONFINED_OBJECT)
160 rc = 0;
d166c802
CS		 161
162 smk_bu_mode(mode, acc);
bf4b2fee 163 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 164 tsp->smk_task->smk_known, oskp->smk_known,
165 acc, current->comm, note);
d166c802
CS		 166 return 0;
167}
168#else
21c7eae2 169#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 170#endif
171
172#ifdef CONFIG_SECURITY_SMACK_BRINGUP
173static int smk_bu_task(struct task_struct *otp, int mode, int rc)
174{
b17103a8 175 struct task_smack *tsp = smack_cred(current_cred());
1fb057dc 176 struct smack_known *smk_task = smk_of_task_struct_obj(otp);
d166c802
CS		 177 char acc[SMK_NUM_ACCESS_TYPE + 1];
178
179 if (rc <= 0)
180 return rc;
bf4b2fee
CS		 181 if (rc > SMACK_UNCONFINED_OBJECT)
182 rc = 0;
d166c802
CS		 183
184 smk_bu_mode(mode, acc);
bf4b2fee 185 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 186 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 187 current->comm, otp->comm);
188 return 0;
189}
190#else
191#define smk_bu_task(otp, mode, RC) (RC)
192#endif
193
194#ifdef CONFIG_SECURITY_SMACK_BRINGUP
195static int smk_bu_inode(struct inode *inode, int mode, int rc)
196{
b17103a8 197 struct task_smack *tsp = smack_cred(current_cred());
fb4021b6 198 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 199 char acc[SMK_NUM_ACCESS_TYPE + 1];
200
bf4b2fee
CS		 201 if (isp->smk_flags & SMK_INODE_IMPURE)
202 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
203 inode->i_sb->s_id, inode->i_ino, current->comm);
204
d166c802
CS		 205 if (rc <= 0)
206 return rc;
bf4b2fee
CS		 207 if (rc > SMACK_UNCONFINED_OBJECT)
208 rc = 0;
209 if (rc == SMACK_UNCONFINED_SUBJECT &&
210 (mode & (MAY_WRITE | MAY_APPEND)))
211 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 212
213 smk_bu_mode(mode, acc);
bf4b2fee
CS		 214
215 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
216 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 217 inode->i_sb->s_id, inode->i_ino, current->comm);
218 return 0;
219}
220#else
221#define smk_bu_inode(inode, mode, RC) (RC)
222#endif
223
224#ifdef CONFIG_SECURITY_SMACK_BRINGUP
225static int smk_bu_file(struct file *file, int mode, int rc)
226{
b17103a8 227 struct task_smack *tsp = smack_cred(current_cred());
d166c802 228 struct smack_known *sskp = tsp->smk_task;
5e7270a6 229 struct inode *inode = file_inode(file);
fb4021b6 230 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 231 char acc[SMK_NUM_ACCESS_TYPE + 1];
232
bf4b2fee
CS		 233 if (isp->smk_flags & SMK_INODE_IMPURE)
234 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
235 inode->i_sb->s_id, inode->i_ino, current->comm);
236
d166c802
CS		 237 if (rc <= 0)
238 return rc;
bf4b2fee
CS		 239 if (rc > SMACK_UNCONFINED_OBJECT)
240 rc = 0;
d166c802
CS		 241
242 smk_bu_mode(mode, acc);
bf4b2fee 243 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 244 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 245 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 246 current->comm);
247 return 0;
248}
249#else
250#define smk_bu_file(file, mode, RC) (RC)
251#endif
252
253#ifdef CONFIG_SECURITY_SMACK_BRINGUP
254static int smk_bu_credfile(const struct cred *cred, struct file *file,
255 int mode, int rc)
256{
b17103a8 257 struct task_smack *tsp = smack_cred(cred);
d166c802 258 struct smack_known *sskp = tsp->smk_task;
45063097 259 struct inode *inode = file_inode(file);
fb4021b6 260 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 261 char acc[SMK_NUM_ACCESS_TYPE + 1];
262
bf4b2fee
CS		 263 if (isp->smk_flags & SMK_INODE_IMPURE)
264 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
265 inode->i_sb->s_id, inode->i_ino, current->comm);
266
d166c802
CS		 267 if (rc <= 0)
268 return rc;
bf4b2fee
CS		 269 if (rc > SMACK_UNCONFINED_OBJECT)
270 rc = 0;
d166c802
CS		 271
272 smk_bu_mode(mode, acc);
bf4b2fee 273 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 274 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 275 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 276 current->comm);
277 return 0;
278}
279#else
280#define smk_bu_credfile(cred, file, mode, RC) (RC)
281#endif
282
e114e473
CS		 283/**
284 * smk_fetch - Fetch the smack label from a file.
1a28979b 285 * @name: type of the label (attribute)
e114e473
CS		 286 * @ip: a pointer to the inode
287 * @dp: a pointer to the dentry
288 *
e774ad68
LP		 289 * Returns a pointer to the master list entry for the Smack label,
290 * NULL if there was no label to fetch, or an error code.
e114e473 291 */
2f823ff8
CS		 292static struct smack_known *smk_fetch(const char *name, struct inode *ip,
293 struct dentry *dp)
e114e473
CS		 294{
295 int rc;
f7112e6c 296 char *buffer;
2f823ff8 297 struct smack_known *skp = NULL;
e114e473 298
5d6c3191 299 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 300 return ERR_PTR(-EOPNOTSUPP);
e114e473 301
e5bfad3d 302 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
f7112e6c 303 if (buffer == NULL)
e774ad68 304 return ERR_PTR(-ENOMEM);
e114e473 305
5d6c3191 306 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 307 if (rc < 0)
308 skp = ERR_PTR(rc);
309 else if (rc == 0)
310 skp = NULL;
311 else
2f823ff8 312 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 313
314 kfree(buffer);
315
2f823ff8 316 return skp;
e114e473
CS		 317}
318
319/**
afb1cbe3 320 * init_inode_smack - initialize an inode security blob
a1a07f22 321 * @inode: inode to extract the info from
21c7eae2 322 * @skp: a pointer to the Smack label entry to use in the blob
e114e473 323 *
e114e473 324 */
afb1cbe3 325static void init_inode_smack(struct inode *inode, struct smack_known *skp)
e114e473 326{
afb1cbe3 327 struct inode_smack *isp = smack_inode(inode);
e114e473 328
21c7eae2 329 isp->smk_inode = skp;
e114e473 330 isp->smk_flags = 0;
e114e473
CS		 331}
332
7898e1f8 333/**
bbd3662a
CS		 334 * init_task_smack - initialize a task security blob
335 * @tsp: blob to initialize
1a28979b
LP		 336 * @task: a pointer to the Smack label for the running task
337 * @forked: a pointer to the Smack label for the forked task
7898e1f8 338 *
7898e1f8 339 */
bbd3662a
CS		 340static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
341 struct smack_known *forked)
7898e1f8 342{
7898e1f8
CS		 343 tsp->smk_task = task;
344 tsp->smk_forked = forked;
345 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 346 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8 347 mutex_init(&tsp->smk_rules_lock);
7898e1f8
CS		 348}
349
350/**
351 * smk_copy_rules - copy a rule set
1a28979b
LP		 352 * @nhead: new rules header pointer
353 * @ohead: old rules header pointer
354 * @gfp: type of the memory for the allocation
7898e1f8
CS		 355 *
356 * Returns 0 on success, -ENOMEM on error
357 */
358static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
359 gfp_t gfp)
360{
361 struct smack_rule *nrp;
362 struct smack_rule *orp;
363 int rc = 0;
364
7898e1f8 365 list_for_each_entry_rcu(orp, ohead, list) {
4e328b08 366 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
7898e1f8
CS		 367 if (nrp == NULL) {
368 rc = -ENOMEM;
369 break;
370 }
371 *nrp = *orp;
372 list_add_rcu(&nrp->list, nhead);
373 }
374 return rc;
375}
376
38416e53
ZJ		 377/**
378 * smk_copy_relabel - copy smk_relabel labels list
379 * @nhead: new rules header pointer
380 * @ohead: old rules header pointer
381 * @gfp: type of the memory for the allocation
382 *
383 * Returns 0 on success, -ENOMEM on error
384 */
385static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
386 gfp_t gfp)
387{
388 struct smack_known_list_elem *nklep;
389 struct smack_known_list_elem *oklep;
390
38416e53
ZJ		 391 list_for_each_entry(oklep, ohead, list) {
392 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
393 if (nklep == NULL) {
394 smk_destroy_label_list(nhead);
395 return -ENOMEM;
396 }
397 nklep->smk_label = oklep->smk_label;
398 list_add(&nklep->list, nhead);
399 }
400
401 return 0;
402}
403
5663884c
LP		 404/**
405 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
b57d0209 406 * @mode: input mode in form of PTRACE_MODE_*
5663884c
LP		 407 *
408 * Returns a converted MAY_* mode usable by smack rules
409 */
410static inline unsigned int smk_ptrace_mode(unsigned int mode)
411{
3dfb7d8c 412 if (mode & PTRACE_MODE_ATTACH)
5663884c 413 return MAY_READWRITE;
3dfb7d8c
JH		 414 if (mode & PTRACE_MODE_READ)
415 return MAY_READ;
5663884c
LP		 416
417 return 0;
418}
419
420/**
421 * smk_ptrace_rule_check - helper for ptrace access
422 * @tracer: tracer process
21c7eae2 423 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 424 * @mode: ptrace attachment mode (PTRACE_MODE_*)
425 * @func: name of the function that called us, used for audit
426 *
427 * Returns 0 on access granted, -error on error
428 */
21c7eae2
LP		 429static int smk_ptrace_rule_check(struct task_struct *tracer,
430 struct smack_known *tracee_known,
5663884c
LP		 431 unsigned int mode, const char *func)
432{
433 int rc;
434 struct smk_audit_info ad, *saip = NULL;
435 struct task_smack *tsp;
21c7eae2 436 struct smack_known *tracer_known;
dcb569cf 437 const struct cred *tracercred;
5663884c
LP		 438
439 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
440 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
441 smk_ad_setfield_u_tsk(&ad, tracer);
442 saip = &ad;
443 }
444
6d1cff2a 445 rcu_read_lock();
dcb569cf 446 tracercred = __task_cred(tracer);
b17103a8 447 tsp = smack_cred(tracercred);
21c7eae2 448 tracer_known = smk_of_task(tsp);
5663884c 449
66867818
LP		 450 if ((mode & PTRACE_MODE_ATTACH) &&
451 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
452 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 453 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 454 rc = 0;
455 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
456 rc = -EACCES;
dcb569cf 457 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 458 rc = 0;
459 else
460 rc = -EACCES;
461
462 if (saip)
21c7eae2
LP		 463 smack_log(tracer_known->smk_known,
464 tracee_known->smk_known,
465 0, rc, saip);
66867818 466
6d1cff2a 467 rcu_read_unlock();
66867818
LP		 468 return rc;
469 }
470
471 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 472 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 473
474 rcu_read_unlock();
5663884c
LP		 475 return rc;
476}
477
e114e473
CS		 478/*
479 * LSM hooks.
480 * We he, that is fun!
481 */
482
483/**
9e48858f 484 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 485 * @ctp: child task pointer
5663884c 486 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 487 *
488 * Returns 0 if access is OK, an error code otherwise
489 *
5663884c 490 * Do the capability checks.
e114e473 491 */
9e48858f 492static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 493{
2f823ff8 494 struct smack_known *skp;
e114e473 495
1fb057dc 496 skp = smk_of_task_struct_obj(ctp);
ecfcc53f 497
b1d9e6b0 498 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 499}
500
501/**
502 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
503 * @ptp: parent task pointer
504 *
505 * Returns 0 if access is OK, an error code otherwise
506 *
5663884c 507 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 508 */
509static int smack_ptrace_traceme(struct task_struct *ptp)
510{
2f823ff8 511 struct smack_known *skp;
5cd9c58f 512
b17103a8 513 skp = smk_of_task(smack_cred(current_cred()));
ecfcc53f 514
d3f84f5c 515 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 516}
517
518/**
519 * smack_syslog - Smack approval on syslog
a1a07f22 520 * @typefrom_file: unused
e114e473 521 *
e114e473
CS		 522 * Returns 0 on success, error code otherwise.
523 */
12b3052c 524static int smack_syslog(int typefrom_file)
e114e473 525{
12b3052c 526 int rc = 0;
2f823ff8 527 struct smack_known *skp = smk_of_current();
e114e473 528
1880eff7 529 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 530 return 0;
531
24ea1b6e 532 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 533 rc = -EACCES;
534
535 return rc;
536}
537
e114e473
CS		 538/*
539 * Superblock Hooks.
540 */
541
542/**
543 * smack_sb_alloc_security - allocate a superblock blob
544 * @sb: the superblock getting the blob
545 *
546 * Returns 0 on success or -ENOMEM on error.
547 */
548static int smack_sb_alloc_security(struct super_block *sb)
549{
1aea7808 550 struct superblock_smack *sbsp = smack_superblock(sb);
e114e473 551
21c7eae2
LP		 552 sbsp->smk_root = &smack_known_floor;
553 sbsp->smk_default = &smack_known_floor;
554 sbsp->smk_floor = &smack_known_floor;
555 sbsp->smk_hat = &smack_known_hat;
e830b394 556 /*
9f50eda2 557 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 558 */
e114e473
CS		 559
560 return 0;
561}
562
12085b14 563struct smack_mnt_opts {
de93e515
CS		 564 const char *fsdefault;
565 const char *fsfloor;
566 const char *fshat;
567 const char *fsroot;
568 const char *fstransmute;
12085b14 569};
e114e473 570
204cc0cc
AV		 571static void smack_free_mnt_opts(void *mnt_opts)
572{
de93e515 573 kfree(mnt_opts);
204cc0cc 574}
e114e473 575
55c0e5bd
AV		 576static int smack_add_opt(int token, const char *s, void **mnt_opts)
577{
578 struct smack_mnt_opts *opts = *mnt_opts;
de93e515 579 struct smack_known *skp;
e114e473 580
55c0e5bd
AV		 581 if (!opts) {
582 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
583 if (!opts)
584 return -ENOMEM;
585 *mnt_opts = opts;
e114e473 586 }
55c0e5bd
AV		 587 if (!s)
588 return -ENOMEM;
e114e473 589
de93e515
CS		 590 skp = smk_import_entry(s, 0);
591 if (IS_ERR(skp))
592 return PTR_ERR(skp);
593
55c0e5bd
AV		 594 switch (token) {
595 case Opt_fsdefault:
596 if (opts->fsdefault)
597 goto out_opt_err;
de93e515 598 opts->fsdefault = skp->smk_known;
55c0e5bd
AV		 599 break;
600 case Opt_fsfloor:
601 if (opts->fsfloor)
602 goto out_opt_err;
de93e515 603 opts->fsfloor = skp->smk_known;
55c0e5bd
AV		 604 break;
605 case Opt_fshat:
606 if (opts->fshat)
607 goto out_opt_err;
de93e515 608 opts->fshat = skp->smk_known;
55c0e5bd
AV		 609 break;
610 case Opt_fsroot:
611 if (opts->fsroot)
612 goto out_opt_err;
de93e515 613 opts->fsroot = skp->smk_known;
55c0e5bd
AV		 614 break;
615 case Opt_fstransmute:
616 if (opts->fstransmute)
617 goto out_opt_err;
de93e515 618 opts->fstransmute = skp->smk_known;
55c0e5bd
AV		 619 break;
620 }
e114e473 621 return 0;
55c0e5bd
AV		 622
623out_opt_err:
624 pr_warn("Smack: duplicate mount options\n");
625 return -EINVAL;
e114e473
CS		 626}
627
d80a8f1b
DH		 628/**
629 * smack_fs_context_submount - Initialise security data for a filesystem context
630 * @fc: The filesystem context.
631 * @reference: reference superblock
632 *
633 * Returns 0 on success or -ENOMEM on error.
634 */
635static int smack_fs_context_submount(struct fs_context *fc,
636 struct super_block *reference)
637{
638 struct superblock_smack *sbsp;
639 struct smack_mnt_opts *ctx;
640 struct inode_smack *isp;
641
642 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
643 if (!ctx)
644 return -ENOMEM;
645 fc->security = ctx;
646
647 sbsp = smack_superblock(reference);
648 isp = smack_inode(reference->s_root->d_inode);
649
650 if (sbsp->smk_default) {
651 ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL);
652 if (!ctx->fsdefault)
653 return -ENOMEM;
654 }
655
656 if (sbsp->smk_floor) {
657 ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL);
658 if (!ctx->fsfloor)
659 return -ENOMEM;
660 }
661
662 if (sbsp->smk_hat) {
663 ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL);
664 if (!ctx->fshat)
665 return -ENOMEM;
666 }
667
668 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
669 if (sbsp->smk_root) {
670 ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL);
671 if (!ctx->fstransmute)
672 return -ENOMEM;
673 }
674 }
675 return 0;
676}
677
0b52075e
AV		 678/**
679 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
680 * @fc: The new filesystem context.
681 * @src_fc: The source filesystem context being duplicated.
682 *
683 * Returns 0 on success or -ENOMEM on error.
684 */
685static int smack_fs_context_dup(struct fs_context *fc,
686 struct fs_context *src_fc)
687{
688 struct smack_mnt_opts *dst, *src = src_fc->security;
689
690 if (!src)
691 return 0;
692
693 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
694 if (!fc->security)
695 return -ENOMEM;
de93e515 696
0b52075e 697 dst = fc->security;
de93e515
CS		 698 dst->fsdefault = src->fsdefault;
699 dst->fsfloor = src->fsfloor;
700 dst->fshat = src->fshat;
701 dst->fsroot = src->fsroot;
702 dst->fstransmute = src->fstransmute;
0b52075e 703
0b52075e
AV		 704 return 0;
705}
706
d7167b14 707static const struct fs_parameter_spec smack_fs_parameters[] = {
6e7739fc
CS		 708 fsparam_string("smackfsdef", Opt_fsdefault),
709 fsparam_string("smackfsdefault", Opt_fsdefault),
710 fsparam_string("smackfsfloor", Opt_fsfloor),
711 fsparam_string("smackfshat", Opt_fshat),
712 fsparam_string("smackfsroot", Opt_fsroot),
713 fsparam_string("smackfstransmute", Opt_fstransmute),
2febd254
DH		 714 {}
715};
716
2febd254
DH		 717/**
718 * smack_fs_context_parse_param - Parse a single mount parameter
719 * @fc: The new filesystem context being constructed.
720 * @param: The parameter.
721 *
722 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
723 * error.
724 */
725static int smack_fs_context_parse_param(struct fs_context *fc,
726 struct fs_parameter *param)
727{
728 struct fs_parse_result result;
729 int opt, rc;
730
d7167b14 731 opt = fs_parse(fc, smack_fs_parameters, param, &result);
2febd254
DH		 732 if (opt < 0)
733 return opt;
734
735 rc = smack_add_opt(opt, param->string, &fc->security);
736 if (!rc)
737 param->string = NULL;
738 return rc;
739}
740
d2497e12 741static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
3bf2789c 742{
d2497e12
AV		 743 char *from = options, *to = options;
744 bool first = true;
3bf2789c 745
c3300aaf
AV		 746 while (1) {
747 char *next = strchr(from, ',');
748 int token, len, rc;
749 char *arg = NULL;
3bf2789c 750
c3300aaf
AV		 751 if (next)
752 len = next - from;
753 else
754 len = strlen(from);
3bf2789c 755
c3300aaf 756 token = match_opt_prefix(from, len, &arg);
d2497e12
AV		 757 if (token != Opt_error) {
758 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
759 rc = smack_add_opt(token, arg, mnt_opts);
de93e515 760 kfree(arg);
d2497e12 761 if (unlikely(rc)) {
d2497e12
AV		 762 if (*mnt_opts)
763 smack_free_mnt_opts(*mnt_opts);
764 *mnt_opts = NULL;
765 return rc;
766 }
767 } else {
768 if (!first) { // copy with preceding comma
769 from--;
770 len++;
771 }
772 if (to != from)
773 memmove(to, from, len);
774 to += len;
775 first = false;
3bf2789c 776 }
c3300aaf
AV		 777 if (!from[len])
778 break;
779 from += len + 1;
3bf2789c 780 }
d2497e12 781 *to = '\0';
3bf2789c 782 return 0;
3bf2789c
VT		 783}
784
785/**
786 * smack_set_mnt_opts - set Smack specific mount options
e114e473 787 * @sb: the file system superblock
a1a07f22 788 * @mnt_opts: Smack mount options
3bf2789c
VT		 789 * @kern_flags: mount option from kernel space or user space
790 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 791 *
792 * Returns 0 on success, an error code on failure
3bf2789c
VT		 793 *
794 * Allow filesystems with binary mount data to explicitly set Smack mount
795 * labels.
e114e473 796 */
3bf2789c 797static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 798 void *mnt_opts,
3bf2789c
VT		 799 unsigned long kern_flags,
800 unsigned long *set_kern_flags)
e114e473
CS		 801{
802 struct dentry *root = sb->s_root;
c6f493d6 803 struct inode *inode = d_backing_inode(root);
1aea7808 804 struct superblock_smack *sp = smack_superblock(sb);
e114e473 805 struct inode_smack *isp;
24ea1b6e 806 struct smack_known *skp;
12085b14
AV		 807 struct smack_mnt_opts *opts = mnt_opts;
808 bool transmute = false;
e114e473 809
9f50eda2 810 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 811 return 0;
eb982cb4 812
2097f599
HS		 813 if (!smack_privileged(CAP_MAC_ADMIN)) {
814 /*
815 * Unprivileged mounts don't get to specify Smack values.
816 */
12085b14 817 if (opts)
2097f599
HS		 818 return -EPERM;
819 /*
820 * Unprivileged mounts get root and default from the caller.
821 */
822 skp = smk_of_current();
823 sp->smk_root = skp;
824 sp->smk_default = skp;
825 /*
826 * For a handful of fs types with no user-controlled
827 * backing store it's okay to trust security labels
828 * in the filesystem. The rest are untrusted.
829 */
830 if (sb->s_user_ns != &init_user_ns &&
831 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
832 sb->s_magic != RAMFS_MAGIC) {
12085b14 833 transmute = true;
2097f599
HS		 834 sp->smk_flags |= SMK_SB_UNTRUSTED;
835 }
836 }
837
9f50eda2 838 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 839
12085b14
AV		 840 if (opts) {
841 if (opts->fsdefault) {
842 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 843 if (IS_ERR(skp))
844 return PTR_ERR(skp);
3bf2789c 845 sp->smk_default = skp;
12085b14
AV		 846 }
847 if (opts->fsfloor) {
848 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 849 if (IS_ERR(skp))
850 return PTR_ERR(skp);
851 sp->smk_floor = skp;
12085b14
AV		 852 }
853 if (opts->fshat) {
854 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 855 if (IS_ERR(skp))
856 return PTR_ERR(skp);
3bf2789c 857 sp->smk_hat = skp;
12085b14
AV		 858 }
859 if (opts->fsroot) {
860 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 861 if (IS_ERR(skp))
862 return PTR_ERR(skp);
863 sp->smk_root = skp;
12085b14
AV		 864 }
865 if (opts->fstransmute) {
866 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 867 if (IS_ERR(skp))
868 return PTR_ERR(skp);
869 sp->smk_root = skp;
12085b14 870 transmute = true;
e114e473
CS		 871 }
872 }
873
874 /*
875 * Initialize the root inode.
876 */
afb1cbe3 877 init_inode_smack(inode, sp->smk_root);
e114e473 878
afb1cbe3
CS		 879 if (transmute) {
880 isp = smack_inode(inode);
e830b394 881 isp->smk_flags |= SMK_INODE_TRANSMUTE;
afb1cbe3 882 }
e830b394 883
e114e473
CS		 884 return 0;
885}
886
887/**
888 * smack_sb_statfs - Smack check on statfs
889 * @dentry: identifies the file system in question
890 *
891 * Returns 0 if current can read the floor of the filesystem,
892 * and error code otherwise
893 */
894static int smack_sb_statfs(struct dentry *dentry)
895{
1aea7808 896 struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
ecfcc53f
EB		 897 int rc;
898 struct smk_audit_info ad;
899
a269434d 900 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 901 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 902
ecfcc53f 903 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 904 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 905 return rc;
e114e473
CS		 906}
907
676dac4b
CS		 908/*
909 * BPRM hooks
910 */
911
ce8a4321 912/**
b8bff599 913 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
ce8a4321
CS		 914 * @bprm: the exec information
915 *
5663884c 916 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 917 */
b8bff599 918static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
676dac4b 919{
496ad9aa 920 struct inode *inode = file_inode(bprm->file);
b17103a8 921 struct task_smack *bsp = smack_cred(bprm->cred);
676dac4b 922 struct inode_smack *isp;
809c02e0 923 struct superblock_smack *sbsp;
676dac4b
CS		 924 int rc;
925
fb4021b6 926 isp = smack_inode(inode);
84088ba2 927 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 928 return 0;
929
1aea7808 930 sbsp = smack_superblock(inode->i_sb);
809c02e0
SF		 931 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
932 isp->smk_task != sbsp->smk_root)
933 return 0;
934
9227dd2a 935 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 936 struct task_struct *tracer;
937 rc = 0;
938
939 rcu_read_lock();
940 tracer = ptrace_parent(current);
941 if (likely(tracer != NULL))
942 rc = smk_ptrace_rule_check(tracer,
21c7eae2 943 isp->smk_task,
5663884c
LP		 944 PTRACE_MODE_ATTACH,
945 __func__);
946 rcu_read_unlock();
947
948 if (rc != 0)
949 return rc;
3675f052
JH		 950 }
951 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
84088ba2 952 return -EPERM;
676dac4b 953
84088ba2
JS		 954 bsp->smk_task = isp->smk_task;
955 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 956
ccbb6e10
KC		 957 /* Decide if this is a secure exec. */
958 if (bsp->smk_task != bsp->smk_forked)
959 bprm->secureexec = 1;
960
84088ba2
JS		 961 return 0;
962}
676dac4b 963
e114e473
CS		 964/*
965 * Inode hooks
966 */
967
968/**
969 * smack_inode_alloc_security - allocate an inode blob
251a2a95 970 * @inode: the inode in need of a blob
e114e473 971 *
a1a07f22 972 * Returns 0
e114e473
CS		 973 */
974static int smack_inode_alloc_security(struct inode *inode)
975{
2f823ff8
CS		 976 struct smack_known *skp = smk_of_current();
977
afb1cbe3 978 init_inode_smack(inode, skp);
e114e473
CS		 979 return 0;
980}
981
e114e473
CS		 982/**
983 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 984 * @inode: the newly created inode
985 * @dir: containing directory object
2a7dba39 986 * @qstr: unused
6bcdfd2c
RS		 987 * @xattrs: where to put the attributes
988 * @xattr_count: current number of LSM-provided xattrs (updated)
e114e473
CS		 989 *
990 * Returns 0 if it all works out, -ENOMEM if there's no memory
991 */
992static int smack_inode_init_security(struct inode *inode, struct inode *dir,
6bcdfd2c
RS		 993 const struct qstr *qstr,
994 struct xattr *xattrs, int *xattr_count)
e114e473 995{
2c085f3a 996 struct task_smack *tsp = smack_cred(current_cred());
e63d86b8 997 struct inode_smack *issp = smack_inode(inode);
2c085f3a 998 struct smack_known *skp = smk_of_task(tsp);
21c7eae2
LP		 999 struct smack_known *isp = smk_of_inode(inode);
1000 struct smack_known *dsp = smk_of_inode(dir);
6bcdfd2c 1001 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
7898e1f8 1002 int may;
e114e473 1003
51b15e79
RS		 1004 /*
1005 * If equal, transmuting already occurred in
1006 * smack_dentry_create_files_as(). No need to check again.
1007 */
1008 if (tsp->smk_task != tsp->smk_transmuted) {
1009 rcu_read_lock();
1010 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1011 &skp->smk_rules);
1012 rcu_read_unlock();
1013 }
1014
1015 /*
1016 * In addition to having smk_task equal to smk_transmuted,
1017 * if the access rule allows transmutation and the directory
1018 * requests transmutation then by all means transmute.
1019 * Mark the inode as changed.
1020 */
1021 if ((tsp->smk_task == tsp->smk_transmuted) ||
1022 (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1023 smk_inode_transmutable(dir))) {
1024 struct xattr *xattr_transmute;
5c6d1125
JS		 1025
1026 /*
51b15e79
RS		 1027 * The caller of smack_dentry_create_files_as()
1028 * should have overridden the current cred, so the
1029 * inode label was already set correctly in
1030 * smack_inode_alloc_security().
5c6d1125 1031 */
51b15e79 1032 if (tsp->smk_task != tsp->smk_transmuted)
e63d86b8
RS		 1033 isp = issp->smk_inode = dsp;
1034
1035 issp->smk_flags |= SMK_INODE_TRANSMUTE;
51b15e79
RS		 1036 xattr_transmute = lsm_get_xattr_slot(xattrs,
1037 xattr_count);
1038 if (xattr_transmute) {
1039 xattr_transmute->value = kmemdup(TRANS_TRUE,
1040 TRANS_TRUE_SIZE,
1041 GFP_NOFS);
1042 if (!xattr_transmute->value)
1043 return -ENOMEM;
1044
1045 xattr_transmute->value_len = TRANS_TRUE_SIZE;
1046 xattr_transmute->name = XATTR_SMACK_TRANSMUTE;
2267b13a 1047 }
51b15e79 1048 }
5c6d1125 1049
e63d86b8
RS		 1050 issp->smk_flags |= SMK_INODE_INSTANT;
1051
51b15e79 1052 if (xattr) {
6bcdfd2c
RS		 1053 xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
1054 if (!xattr->value)
e114e473 1055 return -ENOMEM;
e114e473 1056
6bcdfd2c
RS		 1057 xattr->value_len = strlen(isp->smk_known);
1058 xattr->name = XATTR_SMACK_SUFFIX;
68390ccf 1059 }
e114e473
CS		 1060
1061 return 0;
1062}
1063
1064/**
1065 * smack_inode_link - Smack check on link
1066 * @old_dentry: the existing object
1067 * @dir: unused
1068 * @new_dentry: the new object
1069 *
1070 * Returns 0 if access is permitted, an error code otherwise
1071 */
1072static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1073 struct dentry *new_dentry)
1074{
21c7eae2 1075 struct smack_known *isp;
ecfcc53f
EB		 1076 struct smk_audit_info ad;
1077 int rc;
1078
a269434d 1079 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1080 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1081
c6f493d6 1082 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1083 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1084 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1085
8802565b 1086 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1087 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1088 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1089 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1090 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1091 }
1092
1093 return rc;
1094}
1095
1096/**
1097 * smack_inode_unlink - Smack check on inode deletion
1098 * @dir: containing directory object
1099 * @dentry: file to unlink
1100 *
1101 * Returns 0 if current can write the containing directory
1102 * and the object, error code otherwise
1103 */
1104static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1105{
c6f493d6 1106 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1107 struct smk_audit_info ad;
e114e473
CS		 1108 int rc;
1109
a269434d 1110 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1111 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1112
e114e473
CS		 1113 /*
1114 * You need write access to the thing you're unlinking
1115 */
ecfcc53f 1116 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1117 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1118 if (rc == 0) {
e114e473
CS		 1119 /*
1120 * You also need write access to the containing directory
1121 */
cdb56b60 1122 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1123 smk_ad_setfield_u_fs_inode(&ad, dir);
1124 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1125 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1126 }
e114e473
CS		 1127 return rc;
1128}
1129
1130/**
1131 * smack_inode_rmdir - Smack check on directory deletion
1132 * @dir: containing directory object
1133 * @dentry: directory to unlink
1134 *
1135 * Returns 0 if current can write the containing directory
1136 * and the directory, error code otherwise
1137 */
1138static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1139{
ecfcc53f 1140 struct smk_audit_info ad;
e114e473
CS		 1141 int rc;
1142
a269434d 1143 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1144 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1145
e114e473
CS		 1146 /*
1147 * You need write access to the thing you're removing
1148 */
c6f493d6
DH		 1149 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1150 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1151 if (rc == 0) {
e114e473
CS		 1152 /*
1153 * You also need write access to the containing directory
1154 */
cdb56b60 1155 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1156 smk_ad_setfield_u_fs_inode(&ad, dir);
1157 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1158 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1159 }
e114e473
CS		 1160
1161 return rc;
1162}
1163
1164/**
1165 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1166 * @old_inode: unused
1167 * @old_dentry: the old object
1168 * @new_inode: unused
1169 * @new_dentry: the new object
e114e473
CS		 1170 *
1171 * Read and write access is required on both the old and
1172 * new directories.
1173 *
1174 * Returns 0 if access is permitted, an error code otherwise
1175 */
1176static int smack_inode_rename(struct inode *old_inode,
1177 struct dentry *old_dentry,
1178 struct inode *new_inode,
1179 struct dentry *new_dentry)
1180{
1181 int rc;
21c7eae2 1182 struct smack_known *isp;
ecfcc53f
EB		 1183 struct smk_audit_info ad;
1184
a269434d 1185 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1186 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1187
c6f493d6 1188 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1189 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1190 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1191
8802565b 1192 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1193 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1194 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1195 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1196 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1197 }
e114e473
CS		 1198 return rc;
1199}
1200
1201/**
1202 * smack_inode_permission - Smack version of permission()
1203 * @inode: the inode in question
1204 * @mask: the access requested
e114e473
CS		 1205 *
1206 * This is the important Smack hook.
1207 *
a1a07f22 1208 * Returns 0 if access is permitted, an error code otherwise
e114e473 1209 */
e74f71eb 1210static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1211{
1aea7808 1212 struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
ecfcc53f 1213 struct smk_audit_info ad;
e74f71eb 1214 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1215 int rc;
d09ca739
EP		 1216
1217 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1218 /*
1219 * No permission to check. Existence test. Yup, it's there.
1220 */
1221 if (mask == 0)
1222 return 0;
8c9e80ed 1223
9f50eda2
SF		 1224 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1225 if (smk_of_inode(inode) != sbsp->smk_root)
1226 return -EACCES;
1227 }
1228
8c9e80ed 1229 /* May be droppable after audit */
e74f71eb 1230 if (no_block)
8c9e80ed 1231 return -ECHILD;
f48b7399 1232 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1233 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1234 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1235 rc = smk_bu_inode(inode, mask, rc);
1236 return rc;
e114e473
CS		 1237}
1238
1239/**
1240 * smack_inode_setattr - Smack check for setting attributes
314a8dc7 1241 * @idmap: idmap of the mount
e114e473
CS		 1242 * @dentry: the object
1243 * @iattr: for the force flag
1244 *
1245 * Returns 0 if access is permitted, an error code otherwise
1246 */
314a8dc7
RS		 1247static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1248 struct iattr *iattr)
e114e473 1249{
ecfcc53f 1250 struct smk_audit_info ad;
d166c802
CS		 1251 int rc;
1252
e114e473
CS		 1253 /*
1254 * Need to allow for clearing the setuid bit.
1255 */
1256 if (iattr->ia_valid & ATTR_FORCE)
1257 return 0;
a269434d 1258 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1259 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1260
c6f493d6
DH		 1261 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1262 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1263 return rc;
e114e473
CS		 1264}
1265
1266/**
1267 * smack_inode_getattr - Smack check for getting attributes
a1a07f22 1268 * @path: path to extract the info from
e114e473
CS		 1269 *
1270 * Returns 0 if access is permitted, an error code otherwise
1271 */
3f7036a0 1272static int smack_inode_getattr(const struct path *path)
e114e473 1273{
ecfcc53f 1274 struct smk_audit_info ad;
c6f493d6 1275 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1276 int rc;
ecfcc53f 1277
f48b7399 1278 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1279 smk_ad_setfield_u_fs_path(&ad, *path);
1280 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1281 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1282 return rc;
e114e473
CS		 1283}
1284
1285/**
1286 * smack_inode_setxattr - Smack check for setting xattrs
39f60c1c 1287 * @idmap: idmap of the mount
e114e473
CS		 1288 * @dentry: the object
1289 * @name: name of the attribute
e95ef49b
LP		 1290 * @value: value of the attribute
1291 * @size: size of the value
e114e473
CS		 1292 * @flags: unused
1293 *
1294 * This protects the Smack attribute explicitly.
1295 *
1296 * Returns 0 if access is permitted, an error code otherwise
1297 */
39f60c1c 1298static int smack_inode_setxattr(struct mnt_idmap *idmap,
71bc356f 1299 struct dentry *dentry, const char *name,
8f0cfa52 1300 const void *value, size_t size, int flags)
e114e473 1301{
ecfcc53f 1302 struct smk_audit_info ad;
19760ad0
CS		 1303 struct smack_known *skp;
1304 int check_priv = 0;
1305 int check_import = 0;
1306 int check_star = 0;
bcdca225 1307 int rc = 0;
e114e473 1308
19760ad0
CS		 1309 /*
1310 * Check label validity here so import won't fail in post_setxattr
1311 */
bcdca225
CS		 1312 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1313 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1314 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1315 check_priv = 1;
1316 check_import = 1;
1317 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1318 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1319 check_priv = 1;
1320 check_import = 1;
1321 check_star = 1;
5c6d1125 1322 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1323 check_priv = 1;
9c821692
RS		 1324 if (!S_ISDIR(d_backing_inode(dentry)->i_mode) ||
1325 size != TRANS_TRUE_SIZE ||
5c6d1125
JS		 1326 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1327 rc = -EINVAL;
bcdca225
CS		 1328 } else
1329 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1330
19760ad0
CS		 1331 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1332 rc = -EPERM;
1333
1334 if (rc == 0 && check_import) {
b862e561 1335 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1336 if (IS_ERR(skp))
1337 rc = PTR_ERR(skp);
1338 else if (skp == NULL || (check_star &&
19760ad0
CS		 1339 (skp == &smack_known_star || skp == &smack_known_web)))
1340 rc = -EINVAL;
1341 }
1342
a269434d 1343 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1344 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1345
d166c802 1346 if (rc == 0) {
c6f493d6
DH		 1347 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1348 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1349 }
bcdca225
CS		 1350
1351 return rc;
e114e473
CS		 1352}
1353
1354/**
1355 * smack_inode_post_setxattr - Apply the Smack update approved above
1356 * @dentry: object
1357 * @name: attribute name
1358 * @value: attribute value
1359 * @size: attribute size
1360 * @flags: unused
1361 *
1362 * Set the pointer in the inode blob to the entry found
1363 * in the master label list.
1364 */
8f0cfa52
DH		 1365static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1366 const void *value, size_t size, int flags)
e114e473 1367{
2f823ff8 1368 struct smack_known *skp;
fb4021b6 1369 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
676dac4b 1370
2f823ff8
CS		 1371 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1372 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1373 return;
1374 }
1375
676dac4b 1376 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1377 skp = smk_import_entry(value, size);
e774ad68 1378 if (!IS_ERR(skp))
21c7eae2 1379 isp->smk_inode = skp;
5c6d1125 1380 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1381 skp = smk_import_entry(value, size);
e774ad68 1382 if (!IS_ERR(skp))
2f823ff8 1383 isp->smk_task = skp;
7898e1f8 1384 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1385 skp = smk_import_entry(value, size);
e774ad68 1386 if (!IS_ERR(skp))
2f823ff8 1387 isp->smk_mmap = skp;
2f823ff8 1388 }
e114e473
CS		 1389
1390 return;
1391}
1392
ce8a4321 1393/**
e114e473
CS		 1394 * smack_inode_getxattr - Smack check on getxattr
1395 * @dentry: the object
1396 * @name: unused
1397 *
1398 * Returns 0 if access is permitted, an error code otherwise
1399 */
8f0cfa52 1400static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1401{
ecfcc53f 1402 struct smk_audit_info ad;
d166c802 1403 int rc;
ecfcc53f 1404
a269434d 1405 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1406 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1407
c6f493d6
DH		 1408 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1409 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1410 return rc;
e114e473
CS		 1411}
1412
ce8a4321 1413/**
e114e473 1414 * smack_inode_removexattr - Smack check on removexattr
39f60c1c 1415 * @idmap: idmap of the mount
e114e473
CS		 1416 * @dentry: the object
1417 * @name: name of the attribute
1418 *
1419 * Removing the Smack attribute requires CAP_MAC_ADMIN
1420 *
1421 * Returns 0 if access is permitted, an error code otherwise
1422 */
39f60c1c 1423static int smack_inode_removexattr(struct mnt_idmap *idmap,
71bc356f 1424 struct dentry *dentry, const char *name)
e114e473 1425{
676dac4b 1426 struct inode_smack *isp;
ecfcc53f 1427 struct smk_audit_info ad;
bcdca225 1428 int rc = 0;
e114e473 1429
bcdca225
CS		 1430 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1431 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1432 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1433 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1434 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1435 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1436 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1437 rc = -EPERM;
1438 } else
39f60c1c 1439 rc = cap_inode_removexattr(idmap, dentry, name);
bcdca225 1440
f59bdfba
CS		 1441 if (rc != 0)
1442 return rc;
1443
a269434d 1444 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1445 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1446
c6f493d6
DH		 1447 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1448 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1449 if (rc != 0)
1450 return rc;
1451
fb4021b6 1452 isp = smack_inode(d_backing_inode(dentry));
f59bdfba
CS		 1453 /*
1454 * Don't do anything special for these.
1455 * XATTR_NAME_SMACKIPIN
1456 * XATTR_NAME_SMACKIPOUT
f59bdfba 1457 */
8012495e 1458 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1459 struct super_block *sbp = dentry->d_sb;
1aea7808 1460 struct superblock_smack *sbsp = smack_superblock(sbp);
8012495e
JB		 1461
1462 isp->smk_inode = sbsp->smk_default;
1463 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1464 isp->smk_task = NULL;
f59bdfba 1465 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1466 isp->smk_mmap = NULL;
f59bdfba
CS		 1467 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1468 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1469
f59bdfba 1470 return 0;
e114e473
CS		 1471}
1472
44faac01
CB		 1473/**
1474 * smack_inode_set_acl - Smack check for setting posix acls
700b7940 1475 * @idmap: idmap of the mnt this request came from
44faac01
CB		 1476 * @dentry: the object
1477 * @acl_name: name of the posix acl
1478 * @kacl: the posix acls
1479 *
1480 * Returns 0 if access is permitted, an error code otherwise
1481 */
700b7940 1482static int smack_inode_set_acl(struct mnt_idmap *idmap,
44faac01
CB		 1483 struct dentry *dentry, const char *acl_name,
1484 struct posix_acl *kacl)
1485{
1486 struct smk_audit_info ad;
1487 int rc;
1488
1489 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1490 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1491
1492 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1493 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1494 return rc;
1495}
1496
1497/**
1498 * smack_inode_get_acl - Smack check for getting posix acls
700b7940 1499 * @idmap: idmap of the mnt this request came from
44faac01
CB		 1500 * @dentry: the object
1501 * @acl_name: name of the posix acl
1502 *
1503 * Returns 0 if access is permitted, an error code otherwise
1504 */
700b7940 1505static int smack_inode_get_acl(struct mnt_idmap *idmap,
44faac01
CB		 1506 struct dentry *dentry, const char *acl_name)
1507{
1508 struct smk_audit_info ad;
1509 int rc;
1510
1511 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1512 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1513
1514 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1515 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1516 return rc;
1517}
1518
1519/**
1520 * smack_inode_remove_acl - Smack check for getting posix acls
700b7940 1521 * @idmap: idmap of the mnt this request came from
44faac01
CB		 1522 * @dentry: the object
1523 * @acl_name: name of the posix acl
1524 *
1525 * Returns 0 if access is permitted, an error code otherwise
1526 */
700b7940 1527static int smack_inode_remove_acl(struct mnt_idmap *idmap,
44faac01
CB		 1528 struct dentry *dentry, const char *acl_name)
1529{
1530 struct smk_audit_info ad;
1531 int rc;
1532
1533 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1534 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1535
1536 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1537 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1538 return rc;
1539}
1540
e114e473
CS		 1541/**
1542 * smack_inode_getsecurity - get smack xattrs
4609e1f1 1543 * @idmap: idmap of the mount
e114e473
CS		 1544 * @inode: the object
1545 * @name: attribute name
1546 * @buffer: where to put the result
57e7ba04 1547 * @alloc: duplicate memory
e114e473
CS		 1548 *
1549 * Returns the size of the attribute or an error code
1550 */
4609e1f1 1551static int smack_inode_getsecurity(struct mnt_idmap *idmap,
71bc356f
CB		 1552 struct inode *inode, const char *name,
1553 void **buffer, bool alloc)
e114e473
CS		 1554{
1555 struct socket_smack *ssp;
1556 struct socket *sock;
1557 struct super_block *sbp;
502a29b0 1558 struct inode *ip = inode;
21c7eae2 1559 struct smack_known *isp;
3a3d8fce
RS		 1560 struct inode_smack *ispp;
1561 size_t label_len;
1562 char *label = NULL;
e114e473 1563
3a3d8fce 1564 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
e114e473 1565 isp = smk_of_inode(inode);
3a3d8fce
RS		 1566 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
1567 ispp = smack_inode(inode);
1568 if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
1569 label = TRANS_TRUE;
1570 else
1571 label = "";
1572 } else {
57e7ba04
CS		 1573 /*
1574 * The rest of the Smack xattrs are only on sockets.
1575 */
1576 sbp = ip->i_sb;
1577 if (sbp->s_magic != SOCKFS_MAGIC)
1578 return -EOPNOTSUPP;
e114e473 1579
57e7ba04
CS		 1580 sock = SOCKET_I(ip);
1581 if (sock == NULL || sock->sk == NULL)
1582 return -EOPNOTSUPP;
e114e473 1583
57e7ba04 1584 ssp = sock->sk->sk_security;
e114e473 1585
57e7ba04
CS		 1586 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1587 isp = ssp->smk_in;
1588 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1589 isp = ssp->smk_out;
1590 else
1591 return -EOPNOTSUPP;
1592 }
e114e473 1593
3a3d8fce
RS		 1594 if (!label)
1595 label = isp->smk_known;
1596
1597 label_len = strlen(label);
1598
57e7ba04 1599 if (alloc) {
3a3d8fce 1600 *buffer = kstrdup(label, GFP_KERNEL);
57e7ba04
CS		 1601 if (*buffer == NULL)
1602 return -ENOMEM;
e114e473
CS		 1603 }
1604
3a3d8fce 1605 return label_len;
e114e473
CS		 1606}
1607
1608
1609/**
1610 * smack_inode_listsecurity - list the Smack attributes
1611 * @inode: the object
1612 * @buffer: where they go
1613 * @buffer_size: size of buffer
e114e473
CS		 1614 */
1615static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1616 size_t buffer_size)
1617{
fd5c9d23 1618 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1619
fd5c9d23 1620 if (buffer != NULL && len <= buffer_size)
e114e473 1621 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1622
1623 return len;
e114e473
CS		 1624}
1625
d20bdda6
AD		 1626/**
1627 * smack_inode_getsecid - Extract inode's security id
1628 * @inode: inode to extract the info from
1629 * @secid: where result will be saved
1630 */
d6335d77 1631static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1632{
0f8983cf 1633 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1634
0f8983cf 1635 *secid = skp->smk_secid;
d20bdda6
AD		 1636}
1637
e114e473
CS		 1638/*
1639 * File Hooks
1640 */
1641
491a0b08
CS		 1642/*
1643 * There is no smack_file_permission hook
e114e473
CS		 1644 *
1645 * Should access checks be done on each read or write?
1646 * UNICOS and SELinux say yes.
1647 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1648 *
1649 * I'll say no for now. Smack does not do the frequent
1650 * label changing that SELinux does.
1651 */
e114e473
CS		 1652
1653/**
1654 * smack_file_alloc_security - assign a file security blob
1655 * @file: the object
1656 *
1657 * The security blob for a file is a pointer to the master
1658 * label list, so no allocation is done.
1659 *
5e7270a6
CS		 1660 * f_security is the owner security information. It
1661 * isn't used on file access checks, it's for send_sigio.
1662 *
e114e473
CS		 1663 * Returns 0
1664 */
1665static int smack_file_alloc_security(struct file *file)
1666{
f28952ac 1667 struct smack_known **blob = smack_file(file);
2f823ff8 1668
f28952ac 1669 *blob = smk_of_current();
e114e473
CS		 1670 return 0;
1671}
1672
e114e473
CS		 1673/**
1674 * smack_file_ioctl - Smack check on ioctls
1675 * @file: the object
1676 * @cmd: what to do
1677 * @arg: unused
1678 *
1679 * Relies heavily on the correct use of the ioctl command conventions.
1680 *
1681 * Returns 0 if allowed, error code otherwise
1682 */
1683static int smack_file_ioctl(struct file *file, unsigned int cmd,
1684 unsigned long arg)
1685{
1686 int rc = 0;
ecfcc53f 1687 struct smk_audit_info ad;
5e7270a6 1688 struct inode *inode = file_inode(file);
ecfcc53f 1689
83a1e53f
SWK		 1690 if (unlikely(IS_PRIVATE(inode)))
1691 return 0;
1692
f48b7399 1693 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1694 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1695
d166c802 1696 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1697 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1698 rc = smk_bu_file(file, MAY_WRITE, rc);
1699 }
e114e473 1700
d166c802 1701 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1702 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1703 rc = smk_bu_file(file, MAY_READ, rc);
1704 }
e114e473
CS		 1705
1706 return rc;
1707}
1708
1709/**
1710 * smack_file_lock - Smack check on file locking
1711 * @file: the object
251a2a95 1712 * @cmd: unused
e114e473 1713 *
c0ab6e56 1714 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1715 */
1716static int smack_file_lock(struct file *file, unsigned int cmd)
1717{
ecfcc53f 1718 struct smk_audit_info ad;
d166c802 1719 int rc;
5e7270a6 1720 struct inode *inode = file_inode(file);
ecfcc53f 1721
83a1e53f
SWK		 1722 if (unlikely(IS_PRIVATE(inode)))
1723 return 0;
1724
92f42509
EP		 1725 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1726 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1727 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1728 rc = smk_bu_file(file, MAY_LOCK, rc);
1729 return rc;
e114e473
CS		 1730}
1731
1732/**
1733 * smack_file_fcntl - Smack check on fcntl
1734 * @file: the object
1735 * @cmd: what action to check
1736 * @arg: unused
1737 *
531f1d45
CS		 1738 * Generally these operations are harmless.
1739 * File locking operations present an obvious mechanism
1740 * for passing information, so they require write access.
1741 *
e114e473
CS		 1742 * Returns 0 if current has access, error code otherwise
1743 */
1744static int smack_file_fcntl(struct file *file, unsigned int cmd,
1745 unsigned long arg)
1746{
ecfcc53f 1747 struct smk_audit_info ad;
531f1d45 1748 int rc = 0;
5e7270a6 1749 struct inode *inode = file_inode(file);
ecfcc53f 1750
83a1e53f
SWK		 1751 if (unlikely(IS_PRIVATE(inode)))
1752 return 0;
1753
e114e473 1754 switch (cmd) {
e114e473 1755 case F_GETLK:
c0ab6e56 1756 break;
e114e473
CS		 1757 case F_SETLK:
1758 case F_SETLKW:
c0ab6e56
CS		 1759 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1760 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1761 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1762 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1763 break;
e114e473
CS		 1764 case F_SETOWN:
1765 case F_SETSIG:
531f1d45
CS		 1766 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1767 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1768 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1769 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1770 break;
1771 default:
531f1d45 1772 break;
e114e473
CS		 1773 }
1774
1775 return rc;
1776}
1777
7898e1f8 1778/**
b57d0209
CS		 1779 * smack_mmap_file - Check permissions for a mmap operation.
1780 * @file: contains the file structure for file to map (may be NULL).
1781 * @reqprot: contains the protection requested by the application.
1782 * @prot: contains the protection that will be applied by the kernel.
1783 * @flags: contains the operational flags.
1784 *
1785 * The @file may be NULL, e.g. if mapping anonymous memory.
1786 *
7898e1f8
CS		 1787 * Return 0 if permission is granted.
1788 */
e5467859 1789static int smack_mmap_file(struct file *file,
7898e1f8 1790 unsigned long reqprot, unsigned long prot,
e5467859 1791 unsigned long flags)
7898e1f8 1792{
272cd7a8 1793 struct smack_known *skp;
2f823ff8 1794 struct smack_known *mkp;
7898e1f8
CS		 1795 struct smack_rule *srp;
1796 struct task_smack *tsp;
21c7eae2 1797 struct smack_known *okp;
7898e1f8 1798 struct inode_smack *isp;
809c02e0 1799 struct superblock_smack *sbsp;
0e0a070d
CS		 1800 int may;
1801 int mmay;
1802 int tmay;
7898e1f8
CS		 1803 int rc;
1804
496ad9aa 1805 if (file == NULL)
7898e1f8
CS		 1806 return 0;
1807
83a1e53f
SWK		 1808 if (unlikely(IS_PRIVATE(file_inode(file))))
1809 return 0;
1810
fb4021b6 1811 isp = smack_inode(file_inode(file));
7898e1f8
CS		 1812 if (isp->smk_mmap == NULL)
1813 return 0;
1aea7808 1814 sbsp = smack_superblock(file_inode(file)->i_sb);
809c02e0
SF		 1815 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1816 isp->smk_mmap != sbsp->smk_root)
1817 return -EACCES;
2f823ff8 1818 mkp = isp->smk_mmap;
7898e1f8 1819
b17103a8 1820 tsp = smack_cred(current_cred());
2f823ff8 1821 skp = smk_of_current();
7898e1f8
CS		 1822 rc = 0;
1823
1824 rcu_read_lock();
1825 /*
1826 * For each Smack rule associated with the subject
1827 * label verify that the SMACK64MMAP also has access
1828 * to that rule's object label.
7898e1f8 1829 */
272cd7a8 1830 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1831 okp = srp->smk_object;
7898e1f8
CS		 1832 /*
1833 * Matching labels always allows access.
1834 */
21c7eae2 1835 if (mkp->smk_known == okp->smk_known)
7898e1f8 1836 continue;
0e0a070d
CS		 1837 /*
1838 * If there is a matching local rule take
1839 * that into account as well.
1840 */
21c7eae2
LP		 1841 may = smk_access_entry(srp->smk_subject->smk_known,
1842 okp->smk_known,
1843 &tsp->smk_rules);
0e0a070d
CS		 1844 if (may == -ENOENT)
1845 may = srp->smk_access;
1846 else
1847 may &= srp->smk_access;
1848 /*
1849 * If may is zero the SMACK64MMAP subject can't
1850 * possibly have less access.
1851 */
1852 if (may == 0)
1853 continue;
1854
1855 /*
1856 * Fetch the global list entry.
1857 * If there isn't one a SMACK64MMAP subject
1858 * can't have as much access as current.
1859 */
21c7eae2
LP		 1860 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1861 &mkp->smk_rules);
0e0a070d
CS		 1862 if (mmay == -ENOENT) {
1863 rc = -EACCES;
1864 break;
1865 }
1866 /*
1867 * If there is a local entry it modifies the
1868 * potential access, too.
1869 */
21c7eae2
LP		 1870 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1871 &tsp->smk_rules);
0e0a070d
CS		 1872 if (tmay != -ENOENT)
1873 mmay &= tmay;
7898e1f8 1874
0e0a070d
CS		 1875 /*
1876 * If there is any access available to current that is
1877 * not available to a SMACK64MMAP subject
1878 * deny access.
1879 */
75a25637 1880 if ((may | mmay) != mmay) {
0e0a070d 1881 rc = -EACCES;
7898e1f8 1882 break;
0e0a070d 1883 }
7898e1f8
CS		 1884 }
1885
1886 rcu_read_unlock();
1887
1888 return rc;
1889}
1890
e114e473
CS		 1891/**
1892 * smack_file_set_fowner - set the file security blob value
1893 * @file: object in question
1894 *
e114e473 1895 */
e0b93edd 1896static void smack_file_set_fowner(struct file *file)
e114e473 1897{
f28952ac
CS		 1898 struct smack_known **blob = smack_file(file);
1899
1900 *blob = smk_of_current();
e114e473
CS		 1901}
1902
1903/**
1904 * smack_file_send_sigiotask - Smack on sigio
1905 * @tsk: The target task
1906 * @fown: the object the signal come from
1907 * @signum: unused
1908 *
1909 * Allow a privileged task to get signals even if it shouldn't
1910 *
1911 * Returns 0 if a subject with the object's smack could
1912 * write to the task, an error code otherwise.
1913 */
1914static int smack_file_send_sigiotask(struct task_struct *tsk,
1915 struct fown_struct *fown, int signum)
1916{
f28952ac 1917 struct smack_known **blob;
2f823ff8 1918 struct smack_known *skp;
b17103a8 1919 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
dcb569cf 1920 const struct cred *tcred;
e114e473
CS		 1921 struct file *file;
1922 int rc;
ecfcc53f 1923 struct smk_audit_info ad;
e114e473
CS		 1924
1925 /*
1926 * struct fown_struct is never outside the context of a struct file
1927 */
1928 file = container_of(fown, struct file, f_owner);
7898e1f8 1929
ecfcc53f 1930 /* we don't log here as rc can be overriden */
f28952ac
CS		 1931 blob = smack_file(file);
1932 skp = *blob;
c60b9066
CS		 1933 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1934 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1935
1936 rcu_read_lock();
1937 tcred = __task_cred(tsk);
1938 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1939 rc = 0;
dcb569cf 1940 rcu_read_unlock();
ecfcc53f
EB		 1941
1942 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1943 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1944 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1945 return rc;
1946}
1947
1948/**
1949 * smack_file_receive - Smack file receive check
1950 * @file: the object
1951 *
1952 * Returns 0 if current has access, error code otherwise
1953 */
1954static int smack_file_receive(struct file *file)
1955{
d166c802 1956 int rc;
e114e473 1957 int may = 0;
ecfcc53f 1958 struct smk_audit_info ad;
5e7270a6 1959 struct inode *inode = file_inode(file);
79be0935
CS		 1960 struct socket *sock;
1961 struct task_smack *tsp;
1962 struct socket_smack *ssp;
e114e473 1963
9777582e
SWK		 1964 if (unlikely(IS_PRIVATE(inode)))
1965 return 0;
1966
4482a44f 1967 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1968 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1969
51d59af2 1970 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935
CS		 1971 sock = SOCKET_I(inode);
1972 ssp = sock->sk->sk_security;
b17103a8 1973 tsp = smack_cred(current_cred());
79be0935
CS		 1974 /*
1975 * If the receiving process can't write to the
1976 * passed socket or if the passed socket can't
1977 * write to the receiving process don't accept
1978 * the passed socket.
1979 */
1980 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1981 rc = smk_bu_file(file, may, rc);
1982 if (rc < 0)
1983 return rc;
1984 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1985 rc = smk_bu_file(file, may, rc);
1986 return rc;
1987 }
e114e473
CS		 1988 /*
1989 * This code relies on bitmasks.
1990 */
1991 if (file->f_mode & FMODE_READ)
1992 may = MAY_READ;
1993 if (file->f_mode & FMODE_WRITE)
1994 may |= MAY_WRITE;
1995
5e7270a6 1996 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1997 rc = smk_bu_file(file, may, rc);
1998 return rc;
e114e473
CS		 1999}
2000
531f1d45 2001/**
83d49856 2002 * smack_file_open - Smack dentry open processing
531f1d45 2003 * @file: the object
531f1d45
CS		 2004 *
2005 * Set the security blob in the file structure.
a6834c0b
CS		 2006 * Allow the open only if the task has read access. There are
2007 * many read operations (e.g. fstat) that you can do with an
2008 * fd even if you have the file open write-only.
531f1d45 2009 *
a1a07f22 2010 * Returns 0 if current has access, error code otherwise
531f1d45 2011 */
94817692 2012static int smack_file_open(struct file *file)
531f1d45 2013{
b17103a8 2014 struct task_smack *tsp = smack_cred(file->f_cred);
5e7270a6 2015 struct inode *inode = file_inode(file);
a6834c0b
CS		 2016 struct smk_audit_info ad;
2017 int rc;
531f1d45 2018
a6834c0b
CS		 2019 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
2020 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 2021 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 2022 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 2023
2024 return rc;
531f1d45
CS		 2025}
2026
e114e473
CS		 2027/*
2028 * Task hooks
2029 */
2030
ee18d64c
DH		 2031/**
2032 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
a1a07f22 2033 * @cred: the new credentials
ee18d64c
DH		 2034 * @gfp: the atomicity of any memory allocations
2035 *
2036 * Prepare a blank set of credentials for modification. This must allocate all
2037 * the memory the LSM module might require such that cred_transfer() can
2038 * complete without error.
2039 */
2040static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2041{
bbd3662a 2042 init_task_smack(smack_cred(cred), NULL, NULL);
ee18d64c
DH		 2043 return 0;
2044}
2045
2046
e114e473 2047/**
f1752eec
DH		 2048 * smack_cred_free - "free" task-level security credentials
2049 * @cred: the credentials in question
e114e473 2050 *
e114e473 2051 */
f1752eec 2052static void smack_cred_free(struct cred *cred)
e114e473 2053{
b17103a8 2054 struct task_smack *tsp = smack_cred(cred);
7898e1f8
CS		 2055 struct smack_rule *rp;
2056 struct list_head *l;
2057 struct list_head *n;
2058
38416e53
ZJ		 2059 smk_destroy_label_list(&tsp->smk_relabel);
2060
7898e1f8
CS		 2061 list_for_each_safe(l, n, &tsp->smk_rules) {
2062 rp = list_entry(l, struct smack_rule, list);
2063 list_del(&rp->list);
4e328b08 2064 kmem_cache_free(smack_rule_cache, rp);
7898e1f8 2065 }
e114e473
CS		 2066}
2067
d84f4f99
DH		 2068/**
2069 * smack_cred_prepare - prepare new set of credentials for modification
2070 * @new: the new credentials
2071 * @old: the original credentials
2072 * @gfp: the atomicity of any memory allocations
2073 *
2074 * Prepare a new set of credentials for modification.
2075 */
2076static int smack_cred_prepare(struct cred *new, const struct cred *old,
2077 gfp_t gfp)
2078{
b17103a8 2079 struct task_smack *old_tsp = smack_cred(old);
bbd3662a 2080 struct task_smack *new_tsp = smack_cred(new);
7898e1f8 2081 int rc;
676dac4b 2082
bbd3662a 2083 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
b437aba8 2084
7898e1f8
CS		 2085 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2086 if (rc != 0)
2087 return rc;
2088
38416e53
ZJ		 2089 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2090 gfp);
bbd3662a 2091 return rc;
d84f4f99
DH		 2092}
2093
ee18d64c
DH		 2094/**
2095 * smack_cred_transfer - Transfer the old credentials to the new credentials
2096 * @new: the new credentials
2097 * @old: the original credentials
2098 *
2099 * Fill in a set of blank credentials from another set of credentials.
2100 */
2101static void smack_cred_transfer(struct cred *new, const struct cred *old)
2102{
b17103a8
CS		 2103 struct task_smack *old_tsp = smack_cred(old);
2104 struct task_smack *new_tsp = smack_cred(new);
676dac4b 2105
69b6d710 2106 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
ee18d64c
DH		 2107}
2108
3ec30113
MG		 2109/**
2110 * smack_cred_getsecid - get the secid corresponding to a creds structure
a1a07f22 2111 * @cred: the object creds
3ec30113
MG		 2112 * @secid: where to put the result
2113 *
2114 * Sets the secid to contain a u32 version of the smack label.
2115 */
b17103a8 2116static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
3ec30113
MG		 2117{
2118 struct smack_known *skp;
2119
2120 rcu_read_lock();
b17103a8 2121 skp = smk_of_task(smack_cred(cred));
3ec30113
MG		 2122 *secid = skp->smk_secid;
2123 rcu_read_unlock();
2124}
2125
3a3b7ce9
DH		 2126/**
2127 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2128 * @new: points to the set of credentials to be modified.
2129 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2130 *
2131 * Set the security data for a kernel service.
2132 */
2133static int smack_kernel_act_as(struct cred *new, u32 secid)
2134{
b17103a8 2135 struct task_smack *new_tsp = smack_cred(new);
3a3b7ce9 2136
152f91d4 2137 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2138 return 0;
2139}
2140
2141/**
2142 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2143 * @new: points to the set of credentials to be modified
2144 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2145 *
2146 * Set the file creation context in a set of credentials to the same
2147 * as the objective context of the specified inode
2148 */
2149static int smack_kernel_create_files_as(struct cred *new,
2150 struct inode *inode)
2151{
fb4021b6 2152 struct inode_smack *isp = smack_inode(inode);
b17103a8 2153 struct task_smack *tsp = smack_cred(new);
3a3b7ce9 2154
21c7eae2 2155 tsp->smk_forked = isp->smk_inode;
2f823ff8 2156 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2157 return 0;
2158}
2159
ecfcc53f
EB		 2160/**
2161 * smk_curacc_on_task - helper to log task related access
2162 * @p: the task object
531f1d45
CS		 2163 * @access: the access requested
2164 * @caller: name of the calling function for audit
ecfcc53f
EB		 2165 *
2166 * Return 0 if access is permitted
2167 */
531f1d45
CS		 2168static int smk_curacc_on_task(struct task_struct *p, int access,
2169 const char *caller)
ecfcc53f
EB		 2170{
2171 struct smk_audit_info ad;
a3727a8b 2172 struct smack_known *skp = smk_of_task_struct_obj(p);
d166c802 2173 int rc;
ecfcc53f 2174
531f1d45 2175 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2176 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2177 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2178 rc = smk_bu_task(p, access, rc);
2179 return rc;
ecfcc53f
EB		 2180}
2181
e114e473
CS		 2182/**
2183 * smack_task_setpgid - Smack check on setting pgid
2184 * @p: the task object
2185 * @pgid: unused
2186 *
2187 * Return 0 if write access is permitted
2188 */
2189static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2190{
531f1d45 2191 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2192}
2193
2194/**
2195 * smack_task_getpgid - Smack access check for getpgid
2196 * @p: the object task
2197 *
2198 * Returns 0 if current can read the object task, error code otherwise
2199 */
2200static int smack_task_getpgid(struct task_struct *p)
2201{
531f1d45 2202 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2203}
2204
2205/**
2206 * smack_task_getsid - Smack access check for getsid
2207 * @p: the object task
2208 *
2209 * Returns 0 if current can read the object task, error code otherwise
2210 */
2211static int smack_task_getsid(struct task_struct *p)
2212{
531f1d45 2213 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2214}
2215
2216/**
6326948f 2217 * smack_current_getsecid_subj - get the subjective secid of the current task
e114e473
CS		 2218 * @secid: where to put the result
2219 *
1fb057dc
PM		 2220 * Sets the secid to contain a u32 version of the task's subjective smack label.
2221 */
6326948f 2222static void smack_current_getsecid_subj(u32 *secid)
1fb057dc 2223{
6326948f 2224 struct smack_known *skp = smk_of_current();
1fb057dc
PM		 2225
2226 *secid = skp->smk_secid;
2227}
2228
2229/**
2230 * smack_task_getsecid_obj - get the objective secid of the task
2231 * @p: the task
2232 * @secid: where to put the result
2233 *
2234 * Sets the secid to contain a u32 version of the task's objective smack label.
e114e473 2235 */
1fb057dc 2236static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
e114e473 2237{
1fb057dc 2238 struct smack_known *skp = smk_of_task_struct_obj(p);
2f823ff8
CS		 2239
2240 *secid = skp->smk_secid;
e114e473
CS		 2241}
2242
2243/**
2244 * smack_task_setnice - Smack check on setting nice
2245 * @p: the task object
2246 * @nice: unused
2247 *
2248 * Return 0 if write access is permitted
2249 */
2250static int smack_task_setnice(struct task_struct *p, int nice)
2251{
b1d9e6b0 2252 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2253}
2254
2255/**
2256 * smack_task_setioprio - Smack check on setting ioprio
2257 * @p: the task object
2258 * @ioprio: unused
2259 *
2260 * Return 0 if write access is permitted
2261 */
2262static int smack_task_setioprio(struct task_struct *p, int ioprio)
2263{
b1d9e6b0 2264 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2265}
2266
2267/**
2268 * smack_task_getioprio - Smack check on reading ioprio
2269 * @p: the task object
2270 *
2271 * Return 0 if read access is permitted
2272 */
2273static int smack_task_getioprio(struct task_struct *p)
2274{
531f1d45 2275 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2276}
2277
2278/**
2279 * smack_task_setscheduler - Smack check on setting scheduler
2280 * @p: the task object
e114e473
CS		 2281 *
2282 * Return 0 if read access is permitted
2283 */
b0ae1981 2284static int smack_task_setscheduler(struct task_struct *p)
e114e473 2285{
b1d9e6b0 2286 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2287}
2288
2289/**
2290 * smack_task_getscheduler - Smack check on reading scheduler
2291 * @p: the task object
2292 *
2293 * Return 0 if read access is permitted
2294 */
2295static int smack_task_getscheduler(struct task_struct *p)
2296{
531f1d45 2297 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2298}
2299
2300/**
2301 * smack_task_movememory - Smack check on moving memory
2302 * @p: the task object
2303 *
2304 * Return 0 if write access is permitted
2305 */
2306static int smack_task_movememory(struct task_struct *p)
2307{
531f1d45 2308 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2309}
2310
2311/**
2312 * smack_task_kill - Smack check on signal delivery
2313 * @p: the task object
2314 * @info: unused
2315 * @sig: unused
6b4f3d01 2316 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2317 *
2318 * Return 0 if write access is permitted
2319 *
e114e473 2320 */
ae7795bc 2321static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2322 int sig, const struct cred *cred)
e114e473 2323{
ecfcc53f 2324 struct smk_audit_info ad;
2f823ff8 2325 struct smack_known *skp;
1fb057dc 2326 struct smack_known *tkp = smk_of_task_struct_obj(p);
d166c802 2327 int rc;
ecfcc53f 2328
18d872f7
RK		 2329 if (!sig)
2330 return 0; /* null signal; existence test */
2331
ecfcc53f
EB		 2332 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2333 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2334 /*
2335 * Sending a signal requires that the sender
2336 * can write the receiver.
2337 */
6b4f3d01 2338 if (cred == NULL) {
c60b9066
CS		 2339 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2340 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2341 return rc;
2342 }
e114e473 2343 /*
6b4f3d01 2344 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2345 * specific behavior. This is not clean. For one thing
2346 * we can't take privilege into account.
2347 */
b17103a8 2348 skp = smk_of_task(smack_cred(cred));
c60b9066
CS		 2349 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2350 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2351 return rc;
e114e473
CS		 2352}
2353
e114e473
CS		 2354/**
2355 * smack_task_to_inode - copy task smack into the inode blob
2356 * @p: task to copy from
251a2a95 2357 * @inode: inode to copy to
e114e473
CS		 2358 *
2359 * Sets the smack pointer in the inode security blob
2360 */
2361static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2362{
fb4021b6 2363 struct inode_smack *isp = smack_inode(inode);
1fb057dc 2364 struct smack_known *skp = smk_of_task_struct_obj(p);
2f823ff8 2365
21c7eae2 2366 isp->smk_inode = skp;
7b4e8843 2367 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2368}
2369
2370/*
2371 * Socket hooks.
2372 */
2373
2374/**
2375 * smack_sk_alloc_security - Allocate a socket blob
2376 * @sk: the socket
2377 * @family: unused
251a2a95 2378 * @gfp_flags: memory allocation flags
e114e473
CS		 2379 *
2380 * Assign Smack pointers to current
2381 *
2382 * Returns 0 on success, -ENOMEM is there's no memory
2383 */
2384static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2385{
2f823ff8 2386 struct smack_known *skp = smk_of_current();
e114e473
CS		 2387 struct socket_smack *ssp;
2388
2389 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2390 if (ssp == NULL)
2391 return -ENOMEM;
2392
08382c9f 2393 /*
2394 * Sockets created by kernel threads receive web label.
2395 */
2396 if (unlikely(current->flags & PF_KTHREAD)) {
2397 ssp->smk_in = &smack_known_web;
2398 ssp->smk_out = &smack_known_web;
2399 } else {
2400 ssp->smk_in = skp;
2401 ssp->smk_out = skp;
2402 }
272cd7a8 2403 ssp->smk_packet = NULL;
e114e473
CS		 2404
2405 sk->sk_security = ssp;
2406
2407 return 0;
2408}
2409
2410/**
2411 * smack_sk_free_security - Free a socket blob
2412 * @sk: the socket
2413 *
2414 * Clears the blob pointer
2415 */
2416static void smack_sk_free_security(struct sock *sk)
2417{
0c96d1f5
VG		 2418#ifdef SMACK_IPV6_PORT_LABELING
2419 struct smk_port_label *spp;
2420
2421 if (sk->sk_family == PF_INET6) {
2422 rcu_read_lock();
2423 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2424 if (spp->smk_sock != sk)
2425 continue;
2426 spp->smk_can_reuse = 1;
2427 break;
2428 }
2429 rcu_read_unlock();
2430 }
2431#endif
e114e473
CS		 2432 kfree(sk->sk_security);
2433}
2434
4ca165fc
LM		 2435/**
2436 * smack_sk_clone_security - Copy security context
2437 * @sk: the old socket
2438 * @newsk: the new socket
2439 *
2440 * Copy the security context of the old socket pointer to the cloned
2441 */
2442static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
2443{
2444 struct socket_smack *ssp_old = sk->sk_security;
2445 struct socket_smack *ssp_new = newsk->sk_security;
2446
2447 *ssp_new = *ssp_old;
2448}
2449
07feee8f 2450/**
21abb1ec 2451* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2452* @sip: the object end
2453*
2454* looks for host based access restrictions
2455*
2456* This version will only be appropriate for really small sets of single label
2457* hosts. The caller is responsible for ensuring that the RCU read lock is
2458* taken before calling this function.
2459*
2460* Returns the label of the far end or NULL if it's not special.
2461*/
21abb1ec 2462static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2463{
21abb1ec 2464 struct smk_net4addr *snp;
07feee8f
PM		 2465 struct in_addr *siap = &sip->sin_addr;
2466
2467 if (siap->s_addr == 0)
2468 return NULL;
2469
21abb1ec
CS		 2470 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2471 /*
2472 * we break after finding the first match because
2473 * the list is sorted from longest to shortest mask
2474 * so we have found the most specific match
2475 */
2476 if (snp->smk_host.s_addr ==
2477 (siap->s_addr & snp->smk_mask.s_addr))
2478 return snp->smk_label;
2479
2480 return NULL;
2481}
2482
21abb1ec
CS		 2483/*
2484 * smk_ipv6_localhost - Check for local ipv6 host address
2485 * @sip: the address
2486 *
2487 * Returns boolean true if this is the localhost address
2488 */
2489static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2490{
2491 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2492 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2493
2494 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2495 ntohs(be16p[7]) == 1)
2496 return true;
2497 return false;
2498}
2499
2500/**
2501* smack_ipv6host_label - check host based restrictions
2502* @sip: the object end
2503*
2504* looks for host based access restrictions
2505*
2506* This version will only be appropriate for really small sets of single label
2507* hosts. The caller is responsible for ensuring that the RCU read lock is
2508* taken before calling this function.
2509*
2510* Returns the label of the far end or NULL if it's not special.
2511*/
2512static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2513{
2514 struct smk_net6addr *snp;
2515 struct in6_addr *sap = &sip->sin6_addr;
2516 int i;
2517 int found = 0;
2518
2519 /*
2520 * It's local. Don't look for a host label.
2521 */
2522 if (smk_ipv6_localhost(sip))
2523 return NULL;
2524
2525 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2526 /*
2527 * If the label is NULL the entry has
2528 * been renounced. Ignore it.
2529 */
2530 if (snp->smk_label == NULL)
2531 continue;
07feee8f
PM		 2532 /*
2533 * we break after finding the first match because
2534 * the list is sorted from longest to shortest mask
2535 * so we have found the most specific match
2536 */
21abb1ec 2537 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2538 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2539 snp->smk_host.s6_addr16[i]) {
2540 found = 0;
2541 break;
2542 }
4303154e 2543 }
21abb1ec
CS		 2544 if (found)
2545 return snp->smk_label;
2546 }
07feee8f
PM		 2547
2548 return NULL;
2549}
2550
e114e473 2551/**
a2af0318 2552 * smack_netlbl_add - Set the secattr on a socket
e114e473
CS		 2553 * @sk: the socket
2554 *
a2af0318 2555 * Attach the outbound smack value (smk_out) to the socket.
e114e473
CS		 2556 *
2557 * Returns 0 on success or an error code
2558 */
a2af0318 2559static int smack_netlbl_add(struct sock *sk)
e114e473 2560{
07feee8f 2561 struct socket_smack *ssp = sk->sk_security;
a2af0318
CS		 2562 struct smack_known *skp = ssp->smk_out;
2563 int rc;
e114e473 2564
6d3dc07c
CS		 2565 local_bh_disable();
2566 bh_lock_sock_nested(sk);
2567
8ec9897e
DC		 2568 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel,
2569 netlbl_sk_lock_check(sk));
a2af0318
CS		 2570 switch (rc) {
2571 case 0:
2572 ssp->smk_state = SMK_NETLBL_LABELED;
2573 break;
2574 case -EDESTADDRREQ:
2575 ssp->smk_state = SMK_NETLBL_REQSKB;
2576 rc = 0;
2577 break;
6d3dc07c
CS		 2578 }
2579
2580 bh_unlock_sock(sk);
2581 local_bh_enable();
4bc87e62 2582
e114e473
CS		 2583 return rc;
2584}
2585
07feee8f 2586/**
a2af0318
CS		 2587 * smack_netlbl_delete - Remove the secattr from a socket
2588 * @sk: the socket
2589 *
2590 * Remove the outbound smack value from a socket
2591 */
2592static void smack_netlbl_delete(struct sock *sk)
2593{
2594 struct socket_smack *ssp = sk->sk_security;
2595
2596 /*
2597 * Take the label off the socket if one is set.
2598 */
2599 if (ssp->smk_state != SMK_NETLBL_LABELED)
2600 return;
2601
2602 local_bh_disable();
2603 bh_lock_sock_nested(sk);
2604 netlbl_sock_delattr(sk);
2605 bh_unlock_sock(sk);
2606 local_bh_enable();
2607 ssp->smk_state = SMK_NETLBL_UNLABELED;
2608}
2609
2610/**
2611 * smk_ipv4_check - Perform IPv4 host access checks
07feee8f
PM		 2612 * @sk: the socket
2613 * @sap: the destination address
2614 *
2615 * Set the correct secattr for the given socket based on the destination
2616 * address and perform any outbound access checks needed.
2617 *
2618 * Returns 0 on success or an error code.
2619 *
2620 */
a2af0318 2621static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
07feee8f 2622{
2f823ff8 2623 struct smack_known *skp;
a2af0318 2624 int rc = 0;
21c7eae2 2625 struct smack_known *hkp;
07feee8f 2626 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2627 struct smk_audit_info ad;
07feee8f
PM		 2628
2629 rcu_read_lock();
21abb1ec 2630 hkp = smack_ipv4host_label(sap);
21c7eae2 2631 if (hkp != NULL) {
ecfcc53f 2632#ifdef CONFIG_AUDIT
923e9a13
KC		 2633 struct lsm_network_audit net;
2634
48c62af6
EP		 2635 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2636 ad.a.u.net->family = sap->sin_family;
2637 ad.a.u.net->dport = sap->sin_port;
2638 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2639#endif
2f823ff8 2640 skp = ssp->smk_out;
21c7eae2
LP		 2641 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2642 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
a2af0318
CS		 2643 /*
2644 * Clear the socket netlabel if it's set.
2645 */
2646 if (!rc)
2647 smack_netlbl_delete(sk);
07feee8f
PM		 2648 }
2649 rcu_read_unlock();
07feee8f 2650
a2af0318 2651 return rc;
07feee8f
PM		 2652}
2653
21abb1ec
CS		 2654/**
2655 * smk_ipv6_check - check Smack access
2656 * @subject: subject Smack label
2657 * @object: object Smack label
2658 * @address: address
2659 * @act: the action being taken
2660 *
2661 * Check an IPv6 access
2662 */
2663static int smk_ipv6_check(struct smack_known *subject,
2664 struct smack_known *object,
2665 struct sockaddr_in6 *address, int act)
2666{
2667#ifdef CONFIG_AUDIT
2668 struct lsm_network_audit net;
2669#endif
2670 struct smk_audit_info ad;
2671 int rc;
2672
2673#ifdef CONFIG_AUDIT
2674 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2675 ad.a.u.net->family = PF_INET6;
a5cd1ab7 2676 ad.a.u.net->dport = address->sin6_port;
21abb1ec
CS		 2677 if (act == SMK_RECEIVING)
2678 ad.a.u.net->v6info.saddr = address->sin6_addr;
2679 else
2680 ad.a.u.net->v6info.daddr = address->sin6_addr;
2681#endif
2682 rc = smk_access(subject, object, MAY_WRITE, &ad);
2683 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2684 return rc;
2685}
21abb1ec
CS		 2686
2687#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2688/**
2689 * smk_ipv6_port_label - Smack port access table management
2690 * @sock: socket
2691 * @address: address
2692 *
2693 * Create or update the port list entry
2694 */
2695static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2696{
2697 struct sock *sk = sock->sk;
2698 struct sockaddr_in6 *addr6;
2699 struct socket_smack *ssp = sock->sk->sk_security;
2700 struct smk_port_label *spp;
2701 unsigned short port = 0;
2702
2703 if (address == NULL) {
2704 /*
2705 * This operation is changing the Smack information
2706 * on the bound socket. Take the changes to the port
2707 * as well.
2708 */
3c7ce342
VG		 2709 rcu_read_lock();
2710 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2711 if (sk != spp->smk_sock)
2712 continue;
2713 spp->smk_in = ssp->smk_in;
2714 spp->smk_out = ssp->smk_out;
3c7ce342 2715 rcu_read_unlock();
c6739443
CS		 2716 return;
2717 }
2718 /*
2719 * A NULL address is only used for updating existing
2720 * bound entries. If there isn't one, it's OK.
2721 */
3c7ce342 2722 rcu_read_unlock();
c6739443
CS		 2723 return;
2724 }
2725
2726 addr6 = (struct sockaddr_in6 *)address;
2727 port = ntohs(addr6->sin6_port);
2728 /*
2729 * This is a special case that is safely ignored.
2730 */
2731 if (port == 0)
2732 return;
2733
2734 /*
2735 * Look for an existing port list entry.
2736 * This is an indication that a port is getting reused.
2737 */
3c7ce342
VG		 2738 rcu_read_lock();
2739 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2740 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2741 continue;
0c96d1f5
VG		 2742 if (spp->smk_can_reuse != 1) {
2743 rcu_read_unlock();
2744 return;
2745 }
c6739443
CS		 2746 spp->smk_port = port;
2747 spp->smk_sock = sk;
2748 spp->smk_in = ssp->smk_in;
2749 spp->smk_out = ssp->smk_out;
0c96d1f5 2750 spp->smk_can_reuse = 0;
3c7ce342 2751 rcu_read_unlock();
c6739443
CS		 2752 return;
2753 }
3c7ce342 2754 rcu_read_unlock();
c6739443
CS		 2755 /*
2756 * A new port entry is required.
2757 */
2758 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2759 if (spp == NULL)
2760 return;
2761
2762 spp->smk_port = port;
2763 spp->smk_sock = sk;
2764 spp->smk_in = ssp->smk_in;
2765 spp->smk_out = ssp->smk_out;
9d44c973 2766 spp->smk_sock_type = sock->type;
0c96d1f5 2767 spp->smk_can_reuse = 0;
c6739443 2768
3c7ce342
VG		 2769 mutex_lock(&smack_ipv6_lock);
2770 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2771 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2772 return;
2773}
2774
2775/**
2776 * smk_ipv6_port_check - check Smack port access
a1a07f22 2777 * @sk: socket
c6739443 2778 * @address: address
a1a07f22 2779 * @act: the action being taken
c6739443
CS		 2780 *
2781 * Create or update the port list entry
2782 */
6ea06247 2783static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2784 int act)
2785{
c6739443
CS		 2786 struct smk_port_label *spp;
2787 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2788 struct smack_known *skp = NULL;
2789 unsigned short port;
21c7eae2 2790 struct smack_known *object;
c6739443
CS		 2791
2792 if (act == SMK_RECEIVING) {
21abb1ec 2793 skp = smack_ipv6host_label(address);
21c7eae2 2794 object = ssp->smk_in;
c6739443 2795 } else {
2f823ff8 2796 skp = ssp->smk_out;
21abb1ec 2797 object = smack_ipv6host_label(address);
c6739443
CS		 2798 }
2799
2800 /*
21abb1ec 2801 * The other end is a single label host.
c6739443 2802 */
21abb1ec
CS		 2803 if (skp != NULL && object != NULL)
2804 return smk_ipv6_check(skp, object, address, act);
2805 if (skp == NULL)
2806 skp = smack_net_ambient;
2807 if (object == NULL)
2808 object = smack_net_ambient;
c6739443
CS		 2809
2810 /*
2811 * It's remote, so port lookup does no good.
2812 */
21abb1ec
CS		 2813 if (!smk_ipv6_localhost(address))
2814 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2815
2816 /*
2817 * It's local so the send check has to have passed.
2818 */
21abb1ec
CS		 2819 if (act == SMK_RECEIVING)
2820 return 0;
c6739443 2821
21abb1ec 2822 port = ntohs(address->sin6_port);
3c7ce342
VG		 2823 rcu_read_lock();
2824 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2825 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2826 continue;
21c7eae2 2827 object = spp->smk_in;
c6739443 2828 if (act == SMK_CONNECTING)
54e70ec5 2829 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2830 break;
2831 }
3c7ce342 2832 rcu_read_unlock();
c6739443 2833
21abb1ec 2834 return smk_ipv6_check(skp, object, address, act);
c6739443 2835}
222a96b3 2836#endif
c6739443 2837
e114e473
CS		 2838/**
2839 * smack_inode_setsecurity - set smack xattrs
2840 * @inode: the object
2841 * @name: attribute name
2842 * @value: attribute value
2843 * @size: size of the attribute
2844 * @flags: unused
2845 *
2846 * Sets the named attribute in the appropriate blob
2847 *
2848 * Returns 0 on success, or an error code
2849 */
2850static int smack_inode_setsecurity(struct inode *inode, const char *name,
2851 const void *value, size_t size, int flags)
2852{
2f823ff8 2853 struct smack_known *skp;
fb4021b6 2854 struct inode_smack *nsp = smack_inode(inode);
e114e473
CS		 2855 struct socket_smack *ssp;
2856 struct socket *sock;
4bc87e62 2857 int rc = 0;
e114e473 2858
f7112e6c 2859 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2860 return -EINVAL;
e114e473 2861
ac02f007
RS		 2862 if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
2863 if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE ||
2864 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
2865 return -EINVAL;
2866
2867 nsp->smk_flags |= SMK_INODE_TRANSMUTE;
2868 return 0;
2869 }
2870
2f823ff8 2871 skp = smk_import_entry(value, size);
e774ad68
LP		 2872 if (IS_ERR(skp))
2873 return PTR_ERR(skp);
e114e473
CS		 2874
2875 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2876 nsp->smk_inode = skp;
ddd29ec6 2877 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2878 return 0;
2879 }
2880 /*
2881 * The rest of the Smack xattrs are only on sockets.
2882 */
2883 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2884 return -EOPNOTSUPP;
2885
2886 sock = SOCKET_I(inode);
2e1d146a 2887 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2888 return -EOPNOTSUPP;
2889
2890 ssp = sock->sk->sk_security;
2891
2892 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2893 ssp->smk_in = skp;
e114e473 2894 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2895 ssp->smk_out = skp;
c6739443 2896 if (sock->sk->sk_family == PF_INET) {
a2af0318 2897 rc = smack_netlbl_add(sock->sk);
b4e0d5f0
CS		 2898 if (rc != 0)
2899 printk(KERN_WARNING
2900 "Smack: \"%s\" netlbl error %d.\n",
2901 __func__, -rc);
2902 }
e114e473
CS		 2903 } else
2904 return -EOPNOTSUPP;
2905
21abb1ec 2906#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2907 if (sock->sk->sk_family == PF_INET6)
2908 smk_ipv6_port_label(sock, NULL);
21abb1ec 2909#endif
c6739443 2910
e114e473
CS		 2911 return 0;
2912}
2913
2914/**
2915 * smack_socket_post_create - finish socket setup
2916 * @sock: the socket
2917 * @family: protocol family
2918 * @type: unused
2919 * @protocol: unused
2920 * @kern: unused
2921 *
2922 * Sets the netlabel information on the socket
2923 *
2924 * Returns 0 on success, and error code otherwise
2925 */
2926static int smack_socket_post_create(struct socket *sock, int family,
2927 int type, int protocol, int kern)
2928{
7412301b
ML		 2929 struct socket_smack *ssp;
2930
2931 if (sock->sk == NULL)
2932 return 0;
2933
2934 /*
2935 * Sockets created by kernel threads receive web label.
2936 */
2937 if (unlikely(current->flags & PF_KTHREAD)) {
2938 ssp = sock->sk->sk_security;
2939 ssp->smk_in = &smack_known_web;
2940 ssp->smk_out = &smack_known_web;
2941 }
2942
2943 if (family != PF_INET)
e114e473
CS		 2944 return 0;
2945 /*
2946 * Set the outbound netlbl.
2947 */
a2af0318 2948 return smack_netlbl_add(sock->sk);
6d3dc07c
CS		 2949}
2950
5859cdf5
TG		 2951/**
2952 * smack_socket_socketpair - create socket pair
2953 * @socka: one socket
2954 * @sockb: another socket
2955 *
2956 * Cross reference the peer labels for SO_PEERSEC
2957 *
a1a07f22 2958 * Returns 0
5859cdf5
TG		 2959 */
2960static int smack_socket_socketpair(struct socket *socka,
2961 struct socket *sockb)
2962{
2963 struct socket_smack *asp = socka->sk->sk_security;
2964 struct socket_smack *bsp = sockb->sk->sk_security;
2965
2966 asp->smk_packet = bsp->smk_out;
2967 bsp->smk_packet = asp->smk_out;
2968
2969 return 0;
2970}
2971
21abb1ec 2972#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2973/**
2974 * smack_socket_bind - record port binding information.
2975 * @sock: the socket
2976 * @address: the port address
2977 * @addrlen: size of the address
2978 *
2979 * Records the label bound to a port.
2980 *
b9ef5513 2981 * Returns 0 on success, and error code otherwise
c6739443
CS		 2982 */
2983static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2984 int addrlen)
2985{
b9ef5513
TH		 2986 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2987 if (addrlen < SIN6_LEN_RFC2133 ||
2988 address->sa_family != AF_INET6)
2989 return -EINVAL;
c6739443 2990 smk_ipv6_port_label(sock, address);
b9ef5513 2991 }
c6739443
CS		 2992 return 0;
2993}
21abb1ec 2994#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2995
6d3dc07c
CS		 2996/**
2997 * smack_socket_connect - connect access check
2998 * @sock: the socket
2999 * @sap: the other end
3000 * @addrlen: size of sap
3001 *
3002 * Verifies that a connection may be possible
3003 *
3004 * Returns 0 on success, and error code otherwise
3005 */
3006static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
3007 int addrlen)
3008{
c6739443
CS		 3009 int rc = 0;
3010
3011 if (sock->sk == NULL)
6d3dc07c 3012 return 0;
87fbfffc
CS		 3013 if (sock->sk->sk_family != PF_INET &&
3014 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
3015 return 0;
3016 if (addrlen < offsetofend(struct sockaddr, sa_family))
3017 return 0;
3018 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
3019 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
00720f0e 3020 struct smack_known *rsp = NULL;
da49b5da 3021
87fbfffc
CS		 3022 if (addrlen < SIN6_LEN_RFC2133)
3023 return 0;
00720f0e
AB		 3024 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
3025 rsp = smack_ipv6host_label(sip);
87fbfffc
CS		 3026 if (rsp != NULL) {
3027 struct socket_smack *ssp = sock->sk->sk_security;
3028
21abb1ec 3029 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
87fbfffc
CS		 3030 SMK_CONNECTING);
3031 }
222a96b3
SAS		 3032#ifdef SMACK_IPV6_PORT_LABELING
3033 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
3034#endif
00720f0e 3035
87fbfffc 3036 return rc;
c6739443 3037 }
87fbfffc
CS		 3038 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
3039 return 0;
a2af0318 3040 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
c6739443 3041 return rc;
e114e473
CS		 3042}
3043
3044/**
3045 * smack_flags_to_may - convert S_ to MAY_ values
3046 * @flags: the S_ value
3047 *
3048 * Returns the equivalent MAY_ value
3049 */
3050static int smack_flags_to_may(int flags)
3051{
3052 int may = 0;
3053
3054 if (flags & S_IRUGO)
3055 may |= MAY_READ;
3056 if (flags & S_IWUGO)
3057 may |= MAY_WRITE;
3058 if (flags & S_IXUGO)
3059 may |= MAY_EXEC;
3060
3061 return may;
3062}
3063
3064/**
3065 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
3066 * @msg: the object
3067 *
3068 * Returns 0
3069 */
3070static int smack_msg_msg_alloc_security(struct msg_msg *msg)
3071{
ecd5f82e 3072 struct smack_known **blob = smack_msg_msg(msg);
2f823ff8 3073
ecd5f82e 3074 *blob = smk_of_current();
e114e473
CS		 3075 return 0;
3076}
3077
e114e473 3078/**
0d79cbf8
EB		 3079 * smack_of_ipc - the smack pointer for the ipc
3080 * @isp: the object
e114e473
CS		 3081 *
3082 * Returns a pointer to the smack value
3083 */
0d79cbf8 3084static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 3085{
019bcca4
CS		 3086 struct smack_known **blob = smack_ipc(isp);
3087
3088 return *blob;
e114e473
CS		 3089}
3090
3091/**
0d79cbf8
EB		 3092 * smack_ipc_alloc_security - Set the security blob for ipc
3093 * @isp: the object
e114e473
CS		 3094 *
3095 * Returns 0
3096 */
0d79cbf8 3097static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 3098{
019bcca4 3099 struct smack_known **blob = smack_ipc(isp);
e114e473 3100
019bcca4 3101 *blob = smk_of_current();
e114e473
CS		 3102 return 0;
3103}
3104
ecfcc53f
EB		 3105/**
3106 * smk_curacc_shm : check if current has access on shm
0d79cbf8 3107 * @isp : the object
ecfcc53f
EB		 3108 * @access : access requested
3109 *
3110 * Returns 0 if current has the requested access, error code otherwise
3111 */
0d79cbf8 3112static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 3113{
0d79cbf8 3114 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3115 struct smk_audit_info ad;
d166c802 3116 int rc;
ecfcc53f
EB		 3117
3118#ifdef CONFIG_AUDIT
3119 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3120 ad.a.u.ipc_id = isp->id;
ecfcc53f 3121#endif
d166c802
CS		 3122 rc = smk_curacc(ssp, access, &ad);
3123 rc = smk_bu_current("shm", ssp, access, rc);
3124 return rc;
ecfcc53f
EB		 3125}
3126
e114e473
CS		 3127/**
3128 * smack_shm_associate - Smack access check for shm
0d79cbf8 3129 * @isp: the object
e114e473
CS		 3130 * @shmflg: access requested
3131 *
3132 * Returns 0 if current has the requested access, error code otherwise
3133 */
0d79cbf8 3134static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 3135{
e114e473
CS		 3136 int may;
3137
3138 may = smack_flags_to_may(shmflg);
0d79cbf8 3139 return smk_curacc_shm(isp, may);
e114e473
CS		 3140}
3141
3142/**
3143 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 3144 * @isp: the object
e114e473
CS		 3145 * @cmd: what it wants to do
3146 *
3147 * Returns 0 if current has the requested access, error code otherwise
3148 */
0d79cbf8 3149static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3150{
e114e473
CS		 3151 int may;
3152
3153 switch (cmd) {
3154 case IPC_STAT:
3155 case SHM_STAT:
c21a6970 3156 case SHM_STAT_ANY:
e114e473
CS		 3157 may = MAY_READ;
3158 break;
3159 case IPC_SET:
3160 case SHM_LOCK:
3161 case SHM_UNLOCK:
3162 case IPC_RMID:
3163 may = MAY_READWRITE;
3164 break;
3165 case IPC_INFO:
3166 case SHM_INFO:
3167 /*
3168 * System level information.
3169 */
3170 return 0;
3171 default:
3172 return -EINVAL;
3173 }
0d79cbf8 3174 return smk_curacc_shm(isp, may);
e114e473
CS		 3175}
3176
3177/**
3178 * smack_shm_shmat - Smack access for shmat
0d79cbf8 3179 * @isp: the object
e114e473
CS		 3180 * @shmaddr: unused
3181 * @shmflg: access requested
3182 *
3183 * Returns 0 if current has the requested access, error code otherwise
3184 */
a1a07f22 3185static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
e114e473
CS		 3186 int shmflg)
3187{
e114e473
CS		 3188 int may;
3189
3190 may = smack_flags_to_may(shmflg);
a1a07f22 3191 return smk_curacc_shm(isp, may);
e114e473
CS		 3192}
3193
ecfcc53f
EB		 3194/**
3195 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3196 * @isp : the object
ecfcc53f
EB		 3197 * @access : access requested
3198 *
3199 * Returns 0 if current has the requested access, error code otherwise
3200 */
0d79cbf8 3201static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3202{
0d79cbf8 3203 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3204 struct smk_audit_info ad;
d166c802 3205 int rc;
ecfcc53f
EB		 3206
3207#ifdef CONFIG_AUDIT
3208 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3209 ad.a.u.ipc_id = isp->id;
ecfcc53f 3210#endif
d166c802
CS		 3211 rc = smk_curacc(ssp, access, &ad);
3212 rc = smk_bu_current("sem", ssp, access, rc);
3213 return rc;
ecfcc53f
EB		 3214}
3215
e114e473
CS		 3216/**
3217 * smack_sem_associate - Smack access check for sem
0d79cbf8 3218 * @isp: the object
e114e473
CS		 3219 * @semflg: access requested
3220 *
3221 * Returns 0 if current has the requested access, error code otherwise
3222 */
0d79cbf8 3223static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3224{
e114e473
CS		 3225 int may;
3226
3227 may = smack_flags_to_may(semflg);
0d79cbf8 3228 return smk_curacc_sem(isp, may);
e114e473
CS		 3229}
3230
3231/**
b57d0209 3232 * smack_sem_semctl - Smack access check for sem
0d79cbf8 3233 * @isp: the object
e114e473
CS		 3234 * @cmd: what it wants to do
3235 *
3236 * Returns 0 if current has the requested access, error code otherwise
3237 */
0d79cbf8 3238static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3239{
e114e473
CS		 3240 int may;
3241
3242 switch (cmd) {
3243 case GETPID:
3244 case GETNCNT:
3245 case GETZCNT:
3246 case GETVAL:
3247 case GETALL:
3248 case IPC_STAT:
3249 case SEM_STAT:
a280d6dc 3250 case SEM_STAT_ANY:
e114e473
CS		 3251 may = MAY_READ;
3252 break;
3253 case SETVAL:
3254 case SETALL:
3255 case IPC_RMID:
3256 case IPC_SET:
3257 may = MAY_READWRITE;
3258 break;
3259 case IPC_INFO:
3260 case SEM_INFO:
3261 /*
3262 * System level information
3263 */
3264 return 0;
3265 default:
3266 return -EINVAL;
3267 }
3268
0d79cbf8 3269 return smk_curacc_sem(isp, may);
e114e473
CS		 3270}
3271
3272/**
3273 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3274 * @isp: the object
e114e473
CS		 3275 * @sops: unused
3276 * @nsops: unused
3277 * @alter: unused
3278 *
3279 * Treated as read and write in all cases.
3280 *
3281 * Returns 0 if access is allowed, error code otherwise
3282 */
0d79cbf8 3283static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3284 unsigned nsops, int alter)
3285{
0d79cbf8 3286 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3287}
3288
ecfcc53f
EB		 3289/**
3290 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3291 * @isp : the msq
ecfcc53f
EB		 3292 * @access : access requested
3293 *
3294 * return 0 if current has access, error otherwise
3295 */
0d79cbf8 3296static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3297{
0d79cbf8 3298 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3299 struct smk_audit_info ad;
d166c802 3300 int rc;
ecfcc53f
EB		 3301
3302#ifdef CONFIG_AUDIT
3303 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3304 ad.a.u.ipc_id = isp->id;
ecfcc53f 3305#endif
d166c802
CS		 3306 rc = smk_curacc(msp, access, &ad);
3307 rc = smk_bu_current("msq", msp, access, rc);
3308 return rc;
ecfcc53f
EB		 3309}
3310
e114e473
CS		 3311/**
3312 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3313 * @isp: the object
e114e473
CS		 3314 * @msqflg: access requested
3315 *
3316 * Returns 0 if current has the requested access, error code otherwise
3317 */
0d79cbf8 3318static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3319{
e114e473
CS		 3320 int may;
3321
3322 may = smack_flags_to_may(msqflg);
0d79cbf8 3323 return smk_curacc_msq(isp, may);
e114e473
CS		 3324}
3325
3326/**
3327 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3328 * @isp: the object
e114e473
CS		 3329 * @cmd: what it wants to do
3330 *
3331 * Returns 0 if current has the requested access, error code otherwise
3332 */
0d79cbf8 3333static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3334{
e114e473
CS		 3335 int may;
3336
3337 switch (cmd) {
3338 case IPC_STAT:
3339 case MSG_STAT:
23c8cec8 3340 case MSG_STAT_ANY:
e114e473
CS		 3341 may = MAY_READ;
3342 break;
3343 case IPC_SET:
3344 case IPC_RMID:
3345 may = MAY_READWRITE;
3346 break;
3347 case IPC_INFO:
3348 case MSG_INFO:
3349 /*
3350 * System level information
3351 */
3352 return 0;
3353 default:
3354 return -EINVAL;
3355 }
3356
0d79cbf8 3357 return smk_curacc_msq(isp, may);
e114e473
CS		 3358}
3359
3360/**
3361 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3362 * @isp: the object
e114e473
CS		 3363 * @msg: unused
3364 * @msqflg: access requested
3365 *
3366 * Returns 0 if current has the requested access, error code otherwise
3367 */
0d79cbf8 3368static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3369 int msqflg)
3370{
ecfcc53f 3371 int may;
e114e473 3372
ecfcc53f 3373 may = smack_flags_to_may(msqflg);
0d79cbf8 3374 return smk_curacc_msq(isp, may);
e114e473
CS		 3375}
3376
3377/**
b57d0209 3378 * smack_msg_queue_msgrcv - Smack access check for msg_queue
0d79cbf8 3379 * @isp: the object
e114e473
CS		 3380 * @msg: unused
3381 * @target: unused
3382 * @type: unused
3383 * @mode: unused
3384 *
3385 * Returns 0 if current has read and write access, error code otherwise
3386 */
b57d0209
CS		 3387static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3388 struct msg_msg *msg,
3389 struct task_struct *target, long type,
3390 int mode)
e114e473 3391{
0d79cbf8 3392 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3393}
3394
3395/**
3396 * smack_ipc_permission - Smack access for ipc_permission()
3397 * @ipp: the object permissions
3398 * @flag: access requested
3399 *
3400 * Returns 0 if current has read and write access, error code otherwise
3401 */
3402static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3403{
019bcca4
CS		 3404 struct smack_known **blob = smack_ipc(ipp);
3405 struct smack_known *iskp = *blob;
ecfcc53f
EB		 3406 int may = smack_flags_to_may(flag);
3407 struct smk_audit_info ad;
d166c802 3408 int rc;
e114e473 3409
ecfcc53f
EB		 3410#ifdef CONFIG_AUDIT
3411 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3412 ad.a.u.ipc_id = ipp->id;
3413#endif
21c7eae2
LP		 3414 rc = smk_curacc(iskp, may, &ad);
3415 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3416 return rc;
e114e473
CS		 3417}
3418
d20bdda6
AD		 3419/**
3420 * smack_ipc_getsecid - Extract smack security id
251a2a95 3421 * @ipp: the object permissions
d20bdda6
AD		 3422 * @secid: where result will be saved
3423 */
3424static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3425{
019bcca4
CS		 3426 struct smack_known **blob = smack_ipc(ipp);
3427 struct smack_known *iskp = *blob;
d20bdda6 3428
21c7eae2 3429 *secid = iskp->smk_secid;
d20bdda6
AD		 3430}
3431
e114e473
CS		 3432/**
3433 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3434 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3435 * @inode: the object
3436 *
3437 * Set the inode's security blob if it hasn't been done already.
3438 */
3439static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3440{
3441 struct super_block *sbp;
3442 struct superblock_smack *sbsp;
3443 struct inode_smack *isp;
2f823ff8
CS		 3444 struct smack_known *skp;
3445 struct smack_known *ckp = smk_of_current();
21c7eae2 3446 struct smack_known *final;
5c6d1125
JS		 3447 char trattr[TRANS_TRUE_SIZE];
3448 int transflag = 0;
2267b13a 3449 int rc;
e114e473
CS		 3450 struct dentry *dp;
3451
3452 if (inode == NULL)
3453 return;
3454
fb4021b6 3455 isp = smack_inode(inode);
e114e473 3456
e114e473
CS		 3457 /*
3458 * If the inode is already instantiated
3459 * take the quick way out
3460 */
3461 if (isp->smk_flags & SMK_INODE_INSTANT)
921bb1cb 3462 return;
e114e473
CS		 3463
3464 sbp = inode->i_sb;
1aea7808 3465 sbsp = smack_superblock(sbp);
e114e473
CS		 3466 /*
3467 * We're going to use the superblock default label
3468 * if there's no label on the file.
3469 */
3470 final = sbsp->smk_default;
3471
e97dcb0e
CS		 3472 /*
3473 * If this is the root inode the superblock
3474 * may be in the process of initialization.
3475 * If that is the case use the root value out
3476 * of the superblock.
3477 */
3478 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3479 switch (sbp->s_magic) {
3480 case CGROUP_SUPER_MAGIC:
58c442f3 3481 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3482 /*
3483 * The cgroup filesystem is never mounted,
3484 * so there's no opportunity to set the mount
3485 * options.
3486 */
21c7eae2
LP		 3487 sbsp->smk_root = &smack_known_star;
3488 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3489 isp->smk_inode = sbsp->smk_root;
3490 break;
3491 case TMPFS_MAGIC:
3492 /*
3493 * What about shmem/tmpfs anonymous files with dentry
3494 * obtained from d_alloc_pseudo()?
3495 */
3496 isp->smk_inode = smk_of_current();
3497 break;
8da4aba5
RK		 3498 case PIPEFS_MAGIC:
3499 isp->smk_inode = smk_of_current();
3500 break;
805b65a8
RK		 3501 case SOCKFS_MAGIC:
3502 /*
3503 * Socket access is controlled by the socket
3504 * structures associated with the task involved.
3505 */
3506 isp->smk_inode = &smack_known_star;
3507 break;
1d8c2326
ŁS		 3508 default:
3509 isp->smk_inode = sbsp->smk_root;
3510 break;
36ea735b 3511 }
e97dcb0e 3512 isp->smk_flags |= SMK_INODE_INSTANT;
921bb1cb 3513 return;
e97dcb0e
CS		 3514 }
3515
e114e473
CS		 3516 /*
3517 * This is pretty hackish.
3518 * Casey says that we shouldn't have to do
3519 * file system specific code, but it does help
3520 * with keeping it simple.
3521 */
3522 switch (sbp->s_magic) {
3523 case SMACK_MAGIC:
36ea735b 3524 case CGROUP_SUPER_MAGIC:
58c442f3 3525 case CGROUP2_SUPER_MAGIC:
e114e473 3526 /*
25985edc 3527 * Casey says that it's a little embarrassing
e114e473
CS		 3528 * that the smack file system doesn't do
3529 * extended attributes.
36ea735b 3530 *
36ea735b 3531 * Cgroupfs is special
e114e473 3532 */
21c7eae2 3533 final = &smack_known_star;
e114e473
CS		 3534 break;
3535 case DEVPTS_SUPER_MAGIC:
3536 /*
3537 * devpts seems content with the label of the task.
3538 * Programs that change smack have to treat the
3539 * pty with respect.
3540 */
21c7eae2 3541 final = ckp;
e114e473 3542 break;
e114e473
CS		 3543 case PROC_SUPER_MAGIC:
3544 /*
3545 * Casey says procfs appears not to care.
3546 * The superblock default suffices.
3547 */
3548 break;
3549 case TMPFS_MAGIC:
3550 /*
3551 * Device labels should come from the filesystem,
3552 * but watch out, because they're volitile,
3553 * getting recreated on every reboot.
3554 */
21c7eae2 3555 final = &smack_known_star;
e114e473 3556 /*
e114e473
CS		 3557 * If a smack value has been set we want to use it,
3558 * but since tmpfs isn't giving us the opportunity
3559 * to set mount options simulate setting the
3560 * superblock default.
3561 */
df561f66 3562 fallthrough;
e114e473
CS		 3563 default:
3564 /*
3565 * This isn't an understood special case.
3566 * Get the value from the xattr.
b4e0d5f0
CS		 3567 */
3568
3569 /*
3570 * UNIX domain sockets use lower level socket data.
3571 */
3572 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3573 final = &smack_known_star;
b4e0d5f0
CS		 3574 break;
3575 }
3576 /*
e114e473
CS		 3577 * No xattr support means, alas, no SMACK label.
3578 * Use the aforeapplied default.
3579 * It would be curious if the label of the task
3580 * does not match that assigned.
3581 */
5d6c3191
AG		 3582 if (!(inode->i_opflags & IOP_XATTR))
3583 break;
e114e473
CS		 3584 /*
3585 * Get the dentry for xattr.
3586 */
3e62cbb8 3587 dp = dget(opt_dentry);
2f823ff8 3588 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3589 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3590 final = skp;
2267b13a
CS		 3591
3592 /*
3593 * Transmuting directory
3594 */
3595 if (S_ISDIR(inode->i_mode)) {
3596 /*
3597 * If this is a new directory and the label was
3598 * transmuted when the inode was initialized
3599 * set the transmute attribute on the directory
3600 * and mark the inode.
3601 *
3602 * If there is a transmute attribute on the
3603 * directory mark the inode.
3604 */
baed456a
RS		 3605 rc = __vfs_getxattr(dp, inode,
3606 XATTR_NAME_SMACKTRANSMUTE, trattr,
3607 TRANS_TRUE_SIZE);
3608 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3609 TRANS_TRUE_SIZE) != 0)
3610 rc = -EINVAL;
2267b13a
CS		 3611 if (rc >= 0)
3612 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3613 }
809c02e0
SF		 3614 /*
3615 * Don't let the exec or mmap label be "*" or "@".
3616 */
3617 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3618 if (IS_ERR(skp) || skp == &smack_known_star ||
3619 skp == &smack_known_web)
3620 skp = NULL;
3621 isp->smk_task = skp;
e774ad68 3622
19760ad0 3623 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3624 if (IS_ERR(skp) || skp == &smack_known_star ||
3625 skp == &smack_known_web)
19760ad0
CS		 3626 skp = NULL;
3627 isp->smk_mmap = skp;
676dac4b 3628
e114e473
CS		 3629 dput(dp);
3630 break;
3631 }
3632
3633 if (final == NULL)
21c7eae2 3634 isp->smk_inode = ckp;
e114e473
CS		 3635 else
3636 isp->smk_inode = final;
3637
5c6d1125 3638 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473 3639
e114e473
CS		 3640 return;
3641}
3642
38b323e5
CS		 3643/**
3644 * smack_getselfattr - Smack current process attribute
3645 * @attr: which attribute to fetch
3646 * @ctx: buffer to receive the result
3647 * @size: available size in, actual size out
3648 * @flags: unused
3649 *
3650 * Fill the passed user space @ctx with the details of the requested
3651 * attribute.
3652 *
3653 * Returns the number of attributes on success, an error code otherwise.
3654 * There will only ever be one attribute.
3655 */
3656static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
a5a858f6 3657 u32 *size, u32 flags)
38b323e5 3658{
38b323e5 3659 int rc;
d7cf3412 3660 struct smack_known *skp;
38b323e5
CS		 3661
3662 if (attr != LSM_ATTR_CURRENT)
3663 return -EOPNOTSUPP;
3664
d7cf3412
PM		 3665 skp = smk_of_current();
3666 rc = lsm_fill_user_ctx(ctx, size,
3667 skp->smk_known, strlen(skp->smk_known) + 1,
3668 LSM_ID_SMACK, 0);
3669 return (!rc ? 1 : rc);
38b323e5
CS		 3670}
3671
e114e473
CS		 3672/**
3673 * smack_getprocattr - Smack process attribute access
3674 * @p: the object task
3675 * @name: the name of the attribute in /proc/.../attr
3676 * @value: where to put the result
3677 *
3678 * Places a copy of the task Smack into value
3679 *
3680 * Returns the length of the smack label or an error code
3681 */
c8e477c6 3682static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
e114e473 3683{
a3727a8b 3684 struct smack_known *skp = smk_of_task_struct_obj(p);
e114e473
CS		 3685 char *cp;
3686 int slen;
3687
3688 if (strcmp(name, "current") != 0)
3689 return -EINVAL;
3690
2f823ff8 3691 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3692 if (cp == NULL)
3693 return -ENOMEM;
3694
3695 slen = strlen(cp);
3696 *value = cp;
3697 return slen;
3698}
3699
3700/**
38b323e5
CS		 3701 * do_setattr - Smack process attribute setting
3702 * @attr: the ID of the attribute
e114e473
CS		 3703 * @value: the value to set
3704 * @size: the size of the value
3705 *
3706 * Sets the Smack value of the task. Only setting self
3707 * is permitted and only with privilege
3708 *
3709 * Returns the length of the smack label or an error code
3710 */
38b323e5 3711static int do_setattr(u64 attr, void *value, size_t size)
e114e473 3712{
b17103a8 3713 struct task_smack *tsp = smack_cred(current_cred());
d84f4f99 3714 struct cred *new;
2f823ff8 3715 struct smack_known *skp;
38416e53
ZJ		 3716 struct smack_known_list_elem *sklep;
3717 int rc;
e114e473 3718
38416e53 3719 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3720 return -EPERM;
3721
f7112e6c 3722 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3723 return -EINVAL;
3724
38b323e5
CS		 3725 if (attr != LSM_ATTR_CURRENT)
3726 return -EOPNOTSUPP;
e114e473 3727
2f823ff8 3728 skp = smk_import_entry(value, size);
e774ad68
LP		 3729 if (IS_ERR(skp))
3730 return PTR_ERR(skp);
e114e473 3731
6d3dc07c 3732 /*
7128ea15
HS		 3733 * No process is ever allowed the web ("@") label
3734 * and the star ("*") label.
6d3dc07c 3735 */
7128ea15
HS		 3736 if (skp == &smack_known_web || skp == &smack_known_star)
3737 return -EINVAL;
6d3dc07c 3738
38416e53
ZJ		 3739 if (!smack_privileged(CAP_MAC_ADMIN)) {
3740 rc = -EPERM;
3741 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3742 if (sklep->smk_label == skp) {
3743 rc = 0;
3744 break;
3745 }
3746 if (rc)
3747 return rc;
3748 }
3749
d84f4f99 3750 new = prepare_creds();
6d3dc07c 3751 if (new == NULL)
d84f4f99 3752 return -ENOMEM;
7898e1f8 3753
b17103a8 3754 tsp = smack_cred(new);
2f823ff8 3755 tsp->smk_task = skp;
38416e53
ZJ		 3756 /*
3757 * process can change its label only once
3758 */
3759 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3760
d84f4f99 3761 commit_creds(new);
e114e473
CS		 3762 return size;
3763}
3764
38b323e5
CS		 3765/**
3766 * smack_setselfattr - Set a Smack process attribute
3767 * @attr: which attribute to set
3768 * @ctx: buffer containing the data
3769 * @size: size of @ctx
3770 * @flags: unused
3771 *
3772 * Fill the passed user space @ctx with the details of the requested
3773 * attribute.
3774 *
3775 * Returns 0 on success, an error code otherwise.
3776 */
3777static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx,
a5a858f6 3778 u32 size, u32 flags)
38b323e5
CS		 3779{
3780 int rc;
3781
3782 rc = do_setattr(attr, ctx->ctx, ctx->ctx_len);
3783 if (rc > 0)
3784 return 0;
3785 return rc;
3786}
3787
3788/**
3789 * smack_setprocattr - Smack process attribute setting
3790 * @name: the name of the attribute in /proc/.../attr
3791 * @value: the value to set
3792 * @size: the size of the value
3793 *
3794 * Sets the Smack value of the task. Only setting self
3795 * is permitted and only with privilege
3796 *
3797 * Returns the length of the smack label or an error code
3798 */
3799static int smack_setprocattr(const char *name, void *value, size_t size)
3800{
3801 int attr = lsm_name_to_attr(name);
3802
3803 if (attr != LSM_ATTR_UNDEF)
3804 return do_setattr(attr, value, size);
3805 return -EINVAL;
3806}
3807
e114e473
CS		 3808/**
3809 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3810 * @sock: one sock
3811 * @other: the other sock
e114e473
CS		 3812 * @newsk: unused
3813 *
3814 * Return 0 if a subject with the smack of sock could access
3815 * an object with the smack of other, otherwise an error code
3816 */
3610cda5
DM		 3817static int smack_unix_stream_connect(struct sock *sock,
3818 struct sock *other, struct sock *newsk)
e114e473 3819{
2f823ff8 3820 struct smack_known *skp;
54e70ec5 3821 struct smack_known *okp;
d2e7ad19
JM		 3822 struct socket_smack *ssp = sock->sk_security;
3823 struct socket_smack *osp = other->sk_security;
975d5e55 3824 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3825 struct smk_audit_info ad;
b4e0d5f0 3826 int rc = 0;
923e9a13
KC		 3827#ifdef CONFIG_AUDIT
3828 struct lsm_network_audit net;
923e9a13 3829#endif
b4e0d5f0 3830
2f823ff8
CS		 3831 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3832 skp = ssp->smk_out;
96be7b54 3833 okp = osp->smk_in;
54e70ec5
CS		 3834#ifdef CONFIG_AUDIT
3835 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3836 smk_ad_setfield_u_net_sk(&ad, other);
3837#endif
21c7eae2
LP		 3838 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3839 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3840 if (rc == 0) {
96be7b54
ZJ		 3841 okp = osp->smk_out;
3842 skp = ssp->smk_in;
138a868f 3843 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3844 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3845 MAY_WRITE, rc);
3846 }
2f823ff8 3847 }
b4e0d5f0 3848
975d5e55
CS		 3849 /*
3850 * Cross reference the peer labels for SO_PEERSEC.
3851 */
3852 if (rc == 0) {
54e70ec5
CS		 3853 nsp->smk_packet = ssp->smk_out;
3854 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3855 }
3856
b4e0d5f0 3857 return rc;
e114e473
CS		 3858}
3859
3860/**
3861 * smack_unix_may_send - Smack access on UDS
3862 * @sock: one socket
3863 * @other: the other socket
3864 *
3865 * Return 0 if a subject with the smack of sock could access
3866 * an object with the smack of other, otherwise an error code
3867 */
3868static int smack_unix_may_send(struct socket *sock, struct socket *other)
3869{
b4e0d5f0
CS		 3870 struct socket_smack *ssp = sock->sk->sk_security;
3871 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3872 struct smk_audit_info ad;
d166c802 3873 int rc;
e114e473 3874
923e9a13
KC		 3875#ifdef CONFIG_AUDIT
3876 struct lsm_network_audit net;
3877
48c62af6 3878 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3879 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3880#endif
b4e0d5f0 3881
2f823ff8
CS		 3882 if (smack_privileged(CAP_MAC_OVERRIDE))
3883 return 0;
b4e0d5f0 3884
21c7eae2
LP		 3885 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3886 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3887 return rc;
e114e473
CS		 3888}
3889
6d3dc07c
CS		 3890/**
3891 * smack_socket_sendmsg - Smack check based on destination host
3892 * @sock: the socket
251a2a95 3893 * @msg: the message
6d3dc07c
CS		 3894 * @size: the size of the message
3895 *
c6739443
CS		 3896 * Return 0 if the current subject can write to the destination host.
3897 * For IPv4 this is only a question if the destination is a single label host.
3898 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3899 */
3900static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3901 int size)
3902{
3903 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3904#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3905 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3906#endif
3907#ifdef SMACK_IPV6_SECMARK_LABELING
3908 struct socket_smack *ssp = sock->sk->sk_security;
3909 struct smack_known *rsp;
3910#endif
c6739443 3911 int rc = 0;
6d3dc07c
CS		 3912
3913 /*
3914 * Perfectly reasonable for this to be NULL
3915 */
c6739443 3916 if (sip == NULL)
6d3dc07c
CS		 3917 return 0;
3918
81bd0d56 3919 switch (sock->sk->sk_family) {
c6739443 3920 case AF_INET:
b9ef5513
TH		 3921 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3922 sip->sin_family != AF_INET)
3923 return -EINVAL;
a2af0318 3924 rc = smk_ipv4_check(sock->sk, sip);
c6739443 3925 break;
619ae03e 3926#if IS_ENABLED(CONFIG_IPV6)
c6739443 3927 case AF_INET6:
b9ef5513
TH		 3928 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3929 sap->sin6_family != AF_INET6)
3930 return -EINVAL;
21abb1ec
CS		 3931#ifdef SMACK_IPV6_SECMARK_LABELING
3932 rsp = smack_ipv6host_label(sap);
3933 if (rsp != NULL)
3934 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3935 SMK_CONNECTING);
3936#endif
3937#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3938 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3939#endif
619ae03e 3940#endif /* IS_ENABLED(CONFIG_IPV6) */
c6739443
CS		 3941 break;
3942 }
3943 return rc;
6d3dc07c
CS		 3944}
3945
e114e473 3946/**
251a2a95 3947 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3948 * @sap: netlabel secattr
272cd7a8 3949 * @ssp: socket security information
e114e473 3950 *
2f823ff8 3951 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3952 */
2f823ff8
CS		 3953static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3954 struct socket_smack *ssp)
e114e473 3955{
2f823ff8 3956 struct smack_known *skp;
f7112e6c 3957 int found = 0;
677264e8
CS		 3958 int acat;
3959 int kcat;
e114e473 3960
322dd63c
CS		 3961 /*
3962 * Netlabel found it in the cache.
3963 */
3964 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3965 return (struct smack_known *)sap->cache->data;
3966
3967 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3968 /*
3969 * Looks like a fallback, which gives us a secid.
3970 */
3971 return smack_from_secid(sap->attr.secid);
3972
6d3dc07c 3973 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3974 /*
6d3dc07c 3975 * Looks like a CIPSO packet.
e114e473
CS		 3976 * If there are flags but no level netlabel isn't
3977 * behaving the way we expect it to.
3978 *
f7112e6c 3979 * Look it up in the label table
e114e473
CS		 3980 * Without guidance regarding the smack value
3981 * for the packet fall back on the network
3982 * ambient value.
3983 */
f7112e6c 3984 rcu_read_lock();
348dc288 3985 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3986 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3987 continue;
677264e8
CS		 3988 /*
3989 * Compare the catsets. Use the netlbl APIs.
3990 */
3991 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3992 if ((skp->smk_netlabel.flags &
3993 NETLBL_SECATTR_MLS_CAT) == 0)
3994 found = 1;
3995 break;
3996 }
3997 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3998 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3999 acat + 1);
4000 kcat = netlbl_catmap_walk(
677264e8
CS		 4001 skp->smk_netlabel.attr.mls.cat,
4002 kcat + 1);
4003 if (acat < 0 || kcat < 0)
4004 break;
4005 }
4006 if (acat == kcat) {
4007 found = 1;
4008 break;
4009 }
6d3dc07c 4010 }
f7112e6c
CS		 4011 rcu_read_unlock();
4012
4013 if (found)
2f823ff8 4014 return skp;
f7112e6c 4015
54e70ec5 4016 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 4017 return &smack_known_web;
4018 return &smack_known_star;
e114e473 4019 }
e114e473 4020 /*
6d3dc07c
CS		 4021 * Without guidance regarding the smack value
4022 * for the packet fall back on the network
4023 * ambient value.
e114e473 4024 */
272cd7a8 4025 return smack_net_ambient;
e114e473
CS		 4026}
4027
69f287ae 4028#if IS_ENABLED(CONFIG_IPV6)
6ea06247 4029static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 4030{
c6739443
CS		 4031 u8 nexthdr;
4032 int offset;
4033 int proto = -EINVAL;
4034 struct ipv6hdr _ipv6h;
4035 struct ipv6hdr *ip6;
4036 __be16 frag_off;
4037 struct tcphdr _tcph, *th;
4038 struct udphdr _udph, *uh;
4039 struct dccp_hdr _dccph, *dh;
4040
4041 sip->sin6_port = 0;
4042
4043 offset = skb_network_offset(skb);
4044 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4045 if (ip6 == NULL)
4046 return -EINVAL;
4047 sip->sin6_addr = ip6->saddr;
4048
4049 nexthdr = ip6->nexthdr;
4050 offset += sizeof(_ipv6h);
4051 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4052 if (offset < 0)
4053 return -EINVAL;
4054
4055 proto = nexthdr;
4056 switch (proto) {
4057 case IPPROTO_TCP:
4058 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4059 if (th != NULL)
4060 sip->sin6_port = th->source;
4061 break;
4062 case IPPROTO_UDP:
a07ef951 4063 case IPPROTO_UDPLITE:
c6739443
CS		 4064 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4065 if (uh != NULL)
4066 sip->sin6_port = uh->source;
4067 break;
4068 case IPPROTO_DCCP:
4069 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4070 if (dh != NULL)
4071 sip->sin6_port = dh->dccph_sport;
4072 break;
4073 }
4074 return proto;
4075}
69f287ae 4076#endif /* CONFIG_IPV6 */
c6739443 4077
36be8129
CS		 4078/**
4079 * smack_from_skb - Smack data from the secmark in an skb
4080 * @skb: packet
4081 *
4082 * Returns smack_known of the secmark or NULL if that won't work.
4083 */
bf0afe67 4084#ifdef CONFIG_NETWORK_SECMARK
36be8129
CS		 4085static struct smack_known *smack_from_skb(struct sk_buff *skb)
4086{
4087 if (skb == NULL || skb->secmark == 0)
4088 return NULL;
4089
4090 return smack_from_secid(skb->secmark);
4091}
bf0afe67
CS		 4092#else
4093static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
4094{
4095 return NULL;
4096}
4097#endif
36be8129 4098
a2af0318
CS		 4099/**
4100 * smack_from_netlbl - Smack data from the IP options in an skb
4101 * @sk: socket data came in on
4102 * @family: address family
4103 * @skb: packet
4104 *
322dd63c
CS		 4105 * Find the Smack label in the IP options. If it hasn't been
4106 * added to the netlabel cache, add it here.
4107 *
a2af0318
CS		 4108 * Returns smack_known of the IP options or NULL if that won't work.
4109 */
41dd9596 4110static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
a2af0318
CS		 4111 struct sk_buff *skb)
4112{
4113 struct netlbl_lsm_secattr secattr;
4114 struct socket_smack *ssp = NULL;
4115 struct smack_known *skp = NULL;
4116
4117 netlbl_secattr_init(&secattr);
4118
4119 if (sk)
4120 ssp = sk->sk_security;
322dd63c
CS		 4121
4122 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
a2af0318 4123 skp = smack_from_secattr(&secattr, ssp);
322dd63c 4124 if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
9b0072e2 4125 netlbl_cache_add(skb, family, &skp->smk_netlabel);
322dd63c 4126 }
a2af0318
CS		 4127
4128 netlbl_secattr_destroy(&secattr);
4129
4130 return skp;
4131}
4132
e114e473
CS		 4133/**
4134 * smack_socket_sock_rcv_skb - Smack packet delivery access check
4135 * @sk: socket
4136 * @skb: packet
4137 *
4138 * Returns 0 if the packet should be delivered, an error code otherwise
4139 */
4140static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4141{
e114e473 4142 struct socket_smack *ssp = sk->sk_security;
69f287ae 4143 struct smack_known *skp = NULL;
c6739443 4144 int rc = 0;
ecfcc53f 4145 struct smk_audit_info ad;
129a9989 4146 u16 family = sk->sk_family;
923e9a13 4147#ifdef CONFIG_AUDIT
48c62af6 4148 struct lsm_network_audit net;
923e9a13 4149#endif
69f287ae
CS		 4150#if IS_ENABLED(CONFIG_IPV6)
4151 struct sockaddr_in6 sadd;
4152 int proto;
129a9989
PS		 4153
4154 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4155 family = PF_INET;
69f287ae
CS		 4156#endif /* CONFIG_IPV6 */
4157
129a9989 4158 switch (family) {
c6739443 4159 case PF_INET:
69f287ae
CS		 4160 /*
4161 * If there is a secmark use it rather than the CIPSO label.
4162 * If there is no secmark fall back to CIPSO.
4163 * The secmark is assumed to reflect policy better.
4164 */
36be8129 4165 skp = smack_from_skb(skb);
a2af0318
CS		 4166 if (skp == NULL) {
4167 skp = smack_from_netlbl(sk, family, skb);
4168 if (skp == NULL)
4169 skp = smack_net_ambient;
69f287ae 4170 }
6d3dc07c 4171
ecfcc53f 4172#ifdef CONFIG_AUDIT
c6739443 4173 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 4174 ad.a.u.net->family = family;
c6739443
CS		 4175 ad.a.u.net->netif = skb->skb_iif;
4176 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 4177#endif
c6739443
CS		 4178 /*
4179 * Receiving a packet requires that the other end
4180 * be able to write here. Read access is not required.
4181 * This is the simplist possible security model
4182 * for networking.
4183 */
21c7eae2
LP		 4184 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4185 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 4186 MAY_WRITE, rc);
c6739443 4187 if (rc != 0)
129a9989 4188 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 4189 break;
69f287ae 4190#if IS_ENABLED(CONFIG_IPV6)
c6739443 4191 case PF_INET6:
69f287ae 4192 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 4193 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4194 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 4195 break;
21abb1ec 4196#ifdef SMACK_IPV6_SECMARK_LABELING
36be8129
CS		 4197 skp = smack_from_skb(skb);
4198 if (skp == NULL) {
4199 if (smk_ipv6_localhost(&sadd))
4200 break;
21abb1ec 4201 skp = smack_ipv6host_label(&sadd);
36be8129
CS		 4202 if (skp == NULL)
4203 skp = smack_net_ambient;
4204 }
69f287ae
CS		 4205#ifdef CONFIG_AUDIT
4206 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 4207 ad.a.u.net->family = family;
69f287ae
CS		 4208 ad.a.u.net->netif = skb->skb_iif;
4209 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4210#endif /* CONFIG_AUDIT */
4211 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4212 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4213 MAY_WRITE, rc);
21abb1ec
CS		 4214#endif /* SMACK_IPV6_SECMARK_LABELING */
4215#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 4216 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 4217#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 4218 if (rc != 0)
4219 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4220 ICMPV6_ADM_PROHIBITED, 0);
c6739443 4221 break;
69f287ae 4222#endif /* CONFIG_IPV6 */
c6739443 4223 }
69f287ae 4224
a8134296 4225 return rc;
e114e473
CS		 4226}
4227
4228/**
4229 * smack_socket_getpeersec_stream - pull in packet label
4230 * @sock: the socket
4231 * @optval: user's destination
4232 * @optlen: size thereof
251a2a95 4233 * @len: max thereof
e114e473
CS		 4234 *
4235 * returns zero on success, an error code otherwise
4236 */
4237static int smack_socket_getpeersec_stream(struct socket *sock,
b10b9c34
PM		 4238 sockptr_t optval, sockptr_t optlen,
4239 unsigned int len)
e114e473
CS		 4240{
4241 struct socket_smack *ssp;
272cd7a8 4242 char *rcp = "";
b10b9c34 4243 u32 slen = 1;
e114e473
CS		 4244 int rc = 0;
4245
4246 ssp = sock->sk->sk_security;
272cd7a8 4247 if (ssp->smk_packet != NULL) {
54e70ec5 4248 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4249 slen = strlen(rcp) + 1;
4250 }
b10b9c34 4251 if (slen > len) {
e114e473 4252 rc = -ERANGE;
b10b9c34
PM		 4253 goto out_len;
4254 }
e114e473 4255
b10b9c34
PM		 4256 if (copy_to_sockptr(optval, rcp, slen))
4257 rc = -EFAULT;
4258out_len:
4259 if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
e114e473 4260 rc = -EFAULT;
e114e473
CS		 4261 return rc;
4262}
4263
4264
4265/**
4266 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4267 * @sock: the peer socket
e114e473
CS		 4268 * @skb: packet data
4269 * @secid: pointer to where to put the secid of the packet
4270 *
4271 * Sets the netlabel socket state on sk from parent
4272 */
4273static int smack_socket_getpeersec_dgram(struct socket *sock,
4274 struct sk_buff *skb, u32 *secid)
4275
4276{
272cd7a8 4277 struct socket_smack *ssp = NULL;
2f823ff8 4278 struct smack_known *skp;
a2af0318 4279 struct sock *sk = NULL;
b4e0d5f0
CS		 4280 int family = PF_UNSPEC;
4281 u32 s = 0; /* 0 is the invalid secid */
e114e473 4282
b4e0d5f0
CS		 4283 if (skb != NULL) {
4284 if (skb->protocol == htons(ETH_P_IP))
4285 family = PF_INET;
69f287ae 4286#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4287 else if (skb->protocol == htons(ETH_P_IPV6))
4288 family = PF_INET6;
69f287ae 4289#endif /* CONFIG_IPV6 */
e114e473 4290 }
b4e0d5f0
CS		 4291 if (family == PF_UNSPEC && sock != NULL)
4292 family = sock->sk->sk_family;
e114e473 4293
69f287ae
CS		 4294 switch (family) {
4295 case PF_UNIX:
272cd7a8 4296 ssp = sock->sk->sk_security;
2f823ff8 4297 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4298 break;
4299 case PF_INET:
36be8129
CS		 4300 skp = smack_from_skb(skb);
4301 if (skp) {
4302 s = skp->smk_secid;
69f287ae 4303 break;
36be8129 4304 }
b4e0d5f0
CS		 4305 /*
4306 * Translate what netlabel gave us.
4307 */
a2af0318
CS		 4308 if (sock != NULL)
4309 sk = sock->sk;
4310 skp = smack_from_netlbl(sk, family, skb);
4311 if (skp != NULL)
2f823ff8 4312 s = skp->smk_secid;
69f287ae 4313 break;
69f287ae 4314 case PF_INET6:
21abb1ec 4315#ifdef SMACK_IPV6_SECMARK_LABELING
36be8129
CS		 4316 skp = smack_from_skb(skb);
4317 if (skp)
4318 s = skp->smk_secid;
21abb1ec 4319#endif
69f287ae 4320 break;
b4e0d5f0
CS		 4321 }
4322 *secid = s;
e114e473
CS		 4323 if (s == 0)
4324 return -EINVAL;
e114e473
CS		 4325 return 0;
4326}
4327
4328/**
07feee8f
PM		 4329 * smack_sock_graft - Initialize a newly created socket with an existing sock
4330 * @sk: child sock
4331 * @parent: parent socket
e114e473 4332 *
07feee8f
PM		 4333 * Set the smk_{in,out} state of an existing sock based on the process that
4334 * is creating the new socket.
e114e473
CS		 4335 */
4336static void smack_sock_graft(struct sock *sk, struct socket *parent)
4337{
4338 struct socket_smack *ssp;
2f823ff8 4339 struct smack_known *skp = smk_of_current();
e114e473 4340
07feee8f
PM		 4341 if (sk == NULL ||
4342 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4343 return;
4344
4345 ssp = sk->sk_security;
54e70ec5 4346 ssp->smk_in = skp;
2f823ff8 4347 ssp->smk_out = skp;
07feee8f 4348 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4349}
4350
4351/**
4352 * smack_inet_conn_request - Smack access check on connect
4353 * @sk: socket involved
4354 * @skb: packet
4355 * @req: unused
4356 *
4357 * Returns 0 if a task with the packet label could write to
4358 * the socket, otherwise an error code
4359 */
41dd9596 4360static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
e114e473
CS		 4361 struct request_sock *req)
4362{
07feee8f 4363 u16 family = sk->sk_family;
f7112e6c 4364 struct smack_known *skp;
e114e473 4365 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4366 struct sockaddr_in addr;
4367 struct iphdr *hdr;
21c7eae2 4368 struct smack_known *hskp;
e114e473 4369 int rc;
ecfcc53f 4370 struct smk_audit_info ad;
923e9a13 4371#ifdef CONFIG_AUDIT
48c62af6 4372 struct lsm_network_audit net;
923e9a13 4373#endif
e114e473 4374
69f287ae 4375#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4376 if (family == PF_INET6) {
4377 /*
4378 * Handle mapped IPv4 packets arriving
4379 * via IPv6 sockets. Don't set up netlabel
4380 * processing on IPv6.
4381 */
4382 if (skb->protocol == htons(ETH_P_IP))
4383 family = PF_INET;
4384 else
4385 return 0;
4386 }
69f287ae 4387#endif /* CONFIG_IPV6 */
e114e473 4388
7f368ad3
CS		 4389 /*
4390 * If there is a secmark use it rather than the CIPSO label.
4391 * If there is no secmark fall back to CIPSO.
4392 * The secmark is assumed to reflect policy better.
4393 */
36be8129 4394 skp = smack_from_skb(skb);
a2af0318
CS		 4395 if (skp == NULL) {
4396 skp = smack_from_netlbl(sk, family, skb);
4397 if (skp == NULL)
4398 skp = &smack_known_huh;
7f368ad3 4399 }
7f368ad3 4400
ecfcc53f 4401#ifdef CONFIG_AUDIT
48c62af6
EP		 4402 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4403 ad.a.u.net->family = family;
4404 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4405 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4406#endif
e114e473 4407 /*
07feee8f
PM		 4408 * Receiving a packet requires that the other end be able to write
4409 * here. Read access is not required.
e114e473 4410 */
21c7eae2
LP		 4411 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4412 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4413 if (rc != 0)
4414 return rc;
4415
4416 /*
4417 * Save the peer's label in the request_sock so we can later setup
4418 * smk_packet in the child socket so that SO_PEERCRED can report it.
4419 */
2f823ff8 4420 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4421
4422 /*
4423 * We need to decide if we want to label the incoming connection here
4424 * if we do we only need to label the request_sock and the stack will
25985edc 4425 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4426 */
4427 hdr = ip_hdr(skb);
4428 addr.sin_addr.s_addr = hdr->saddr;
4429 rcu_read_lock();
21abb1ec 4430 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4431 rcu_read_unlock();
4432
21c7eae2 4433 if (hskp == NULL)
f7112e6c 4434 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4435 else
07feee8f 4436 netlbl_req_delattr(req);
e114e473
CS		 4437
4438 return rc;
4439}
4440
07feee8f
PM		 4441/**
4442 * smack_inet_csk_clone - Copy the connection information to the new socket
4443 * @sk: the new socket
4444 * @req: the connection's request_sock
4445 *
4446 * Transfer the connection's peer label to the newly created socket.
4447 */
4448static void smack_inet_csk_clone(struct sock *sk,
4449 const struct request_sock *req)
4450{
4451 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4452 struct smack_known *skp;
07feee8f 4453
2f823ff8
CS		 4454 if (req->peer_secid != 0) {
4455 skp = smack_from_secid(req->peer_secid);
54e70ec5 4456 ssp->smk_packet = skp;
2f823ff8 4457 } else
272cd7a8 4458 ssp->smk_packet = NULL;
07feee8f
PM		 4459}
4460
e114e473
CS		 4461/*
4462 * Key management security hooks
4463 *
4464 * Casey has not tested key support very heavily.
4465 * The permission check is most likely too restrictive.
4466 * If you care about keys please have a look.
4467 */
4468#ifdef CONFIG_KEYS
4469
4470/**
4471 * smack_key_alloc - Set the key security blob
4472 * @key: object
d84f4f99 4473 * @cred: the credentials to use
e114e473
CS		 4474 * @flags: unused
4475 *
4476 * No allocation required
4477 *
4478 * Returns 0
4479 */
d84f4f99 4480static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4481 unsigned long flags)
4482{
b17103a8 4483 struct smack_known *skp = smk_of_task(smack_cred(cred));
2f823ff8 4484
21c7eae2 4485 key->security = skp;
e114e473
CS		 4486 return 0;
4487}
4488
4489/**
4490 * smack_key_free - Clear the key security blob
4491 * @key: the object
4492 *
4493 * Clear the blob pointer
4494 */
4495static void smack_key_free(struct key *key)
4496{
4497 key->security = NULL;
4498}
4499
1a28979b 4500/**
e114e473
CS		 4501 * smack_key_permission - Smack access on a key
4502 * @key_ref: gets to the object
d84f4f99 4503 * @cred: the credentials to use
8c0637e9 4504 * @need_perm: requested key permission
e114e473
CS		 4505 *
4506 * Return 0 if the task has read and write to the object,
4507 * an error code otherwise
4508 */
4509static int smack_key_permission(key_ref_t key_ref,
8c0637e9
DH		 4510 const struct cred *cred,
4511 enum key_need_perm need_perm)
e114e473
CS		 4512{
4513 struct key *keyp;
ecfcc53f 4514 struct smk_audit_info ad;
b17103a8 4515 struct smack_known *tkp = smk_of_task(smack_cred(cred));
fffea214 4516 int request = 0;
d166c802 4517 int rc;
e114e473 4518
5b841bfa
ZM		 4519 /*
4520 * Validate requested permissions
4521 */
8c0637e9
DH		 4522 switch (need_perm) {
4523 case KEY_NEED_READ:
4524 case KEY_NEED_SEARCH:
4525 case KEY_NEED_VIEW:
4526 request |= MAY_READ;
4527 break;
4528 case KEY_NEED_WRITE:
4529 case KEY_NEED_LINK:
4530 case KEY_NEED_SETATTR:
4531 request |= MAY_WRITE;
4532 break;
4533 case KEY_NEED_UNSPECIFIED:
4534 case KEY_NEED_UNLINK:
4535 case KEY_SYSADMIN_OVERRIDE:
4536 case KEY_AUTHTOKEN_OVERRIDE:
4537 case KEY_DEFER_PERM_CHECK:
4538 return 0;
4539 default:
5b841bfa 4540 return -EINVAL;
8c0637e9 4541 }
5b841bfa 4542
e114e473
CS		 4543 keyp = key_ref_to_ptr(key_ref);
4544 if (keyp == NULL)
4545 return -EINVAL;
4546 /*
4547 * If the key hasn't been initialized give it access so that
4548 * it may do so.
4549 */
4550 if (keyp->security == NULL)
4551 return 0;
4552 /*
4553 * This should not occur
4554 */
2f823ff8 4555 if (tkp == NULL)
e114e473 4556 return -EACCES;
d19dfe58 4557
a8478a60 4558 if (smack_privileged(CAP_MAC_OVERRIDE))
d19dfe58
CS		 4559 return 0;
4560
ecfcc53f
EB		 4561#ifdef CONFIG_AUDIT
4562 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4563 ad.a.u.key_struct.key = keyp->serial;
4564 ad.a.u.key_struct.key_desc = keyp->description;
4565#endif
d166c802
CS		 4566 rc = smk_access(tkp, keyp->security, request, &ad);
4567 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4568 return rc;
e114e473 4569}
7fc5f36e
JB		 4570
4571/*
4572 * smack_key_getsecurity - Smack label tagging the key
4573 * @key points to the key to be queried
4574 * @_buffer points to a pointer that should be set to point to the
4575 * resulting string (if no label or an error occurs).
4576 * Return the length of the string (including terminating NUL) or -ve if
4577 * an error.
4578 * May also return 0 (and a NULL buffer pointer) if there is no label.
4579 */
4580static int smack_key_getsecurity(struct key *key, char **_buffer)
4581{
4582 struct smack_known *skp = key->security;
4583 size_t length;
4584 char *copy;
4585
4586 if (key->security == NULL) {
4587 *_buffer = NULL;
4588 return 0;
4589 }
4590
4591 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4592 if (copy == NULL)
4593 return -ENOMEM;
4594 length = strlen(copy) + 1;
4595
4596 *_buffer = copy;
4597 return length;
4598}
4599
a8478a60
DH		 4600
4601#ifdef CONFIG_KEY_NOTIFICATIONS
4602/**
4603 * smack_watch_key - Smack access to watch a key for notifications.
4604 * @key: The key to be watched
4605 *
4606 * Return 0 if the @watch->cred has permission to read from the key object and
4607 * an error otherwise.
4608 */
4609static int smack_watch_key(struct key *key)
4610{
4611 struct smk_audit_info ad;
4612 struct smack_known *tkp = smk_of_current();
4613 int rc;
4614
4615 if (key == NULL)
4616 return -EINVAL;
4617 /*
4618 * If the key hasn't been initialized give it access so that
4619 * it may do so.
4620 */
4621 if (key->security == NULL)
4622 return 0;
4623 /*
4624 * This should not occur
4625 */
4626 if (tkp == NULL)
4627 return -EACCES;
4628
4629 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4630 return 0;
4631
4632#ifdef CONFIG_AUDIT
4633 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4634 ad.a.u.key_struct.key = key->serial;
4635 ad.a.u.key_struct.key_desc = key->description;
4636#endif
4637 rc = smk_access(tkp, key->security, MAY_READ, &ad);
4638 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4639 return rc;
4640}
4641#endif /* CONFIG_KEY_NOTIFICATIONS */
e114e473
CS		 4642#endif /* CONFIG_KEYS */
4643
a8478a60
DH		 4644#ifdef CONFIG_WATCH_QUEUE
4645/**
4646 * smack_post_notification - Smack access to post a notification to a queue
4647 * @w_cred: The credentials of the watcher.
4648 * @cred: The credentials of the event source (may be NULL).
4649 * @n: The notification message to be posted.
4650 */
4651static int smack_post_notification(const struct cred *w_cred,
4652 const struct cred *cred,
4653 struct watch_notification *n)
4654{
4655 struct smk_audit_info ad;
4656 struct smack_known *subj, *obj;
4657 int rc;
4658
4659 /* Always let maintenance notifications through. */
4660 if (n->type == WATCH_TYPE_META)
4661 return 0;
4662
4663 if (!cred)
4664 return 0;
4665 subj = smk_of_task(smack_cred(cred));
4666 obj = smk_of_task(smack_cred(w_cred));
4667
4668 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4669 rc = smk_access(subj, obj, MAY_WRITE, &ad);
4670 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4671 return rc;
4672}
4673#endif /* CONFIG_WATCH_QUEUE */
4674
d20bdda6
AD		 4675/*
4676 * Smack Audit hooks
4677 *
4678 * Audit requires a unique representation of each Smack specific
4679 * rule. This unique representation is used to distinguish the
4680 * object to be audited from remaining kernel objects and also
4681 * works as a glue between the audit hooks.
4682 *
4683 * Since repository entries are added but never deleted, we'll use
4684 * the smack_known label address related to the given audit rule as
4685 * the needed unique representation. This also better fits the smack
4686 * model where nearly everything is a label.
4687 */
4688#ifdef CONFIG_AUDIT
4689
4690/**
4691 * smack_audit_rule_init - Initialize a smack audit rule
4692 * @field: audit rule fields given from user-space (audit.h)
4693 * @op: required testing operator (=, !=, >, <, ...)
4694 * @rulestr: smack label to be audited
4695 * @vrule: pointer to save our own audit rule representation
4696 *
4697 * Prepare to audit cases where (@field @op @rulestr) is true.
4698 * The label to be audited is created if necessay.
4699 */
4700static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4701{
21c7eae2 4702 struct smack_known *skp;
d20bdda6
AD		 4703 char **rule = (char **)vrule;
4704 *rule = NULL;
4705
4706 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4707 return -EINVAL;
4708
5af75d8d 4709 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4710 return -EINVAL;
4711
21c7eae2 4712 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4713 if (IS_ERR(skp))
4714 return PTR_ERR(skp);
4715
4716 *rule = skp->smk_known;
d20bdda6
AD		 4717
4718 return 0;
4719}
4720
4721/**
4722 * smack_audit_rule_known - Distinguish Smack audit rules
4723 * @krule: rule of interest, in Audit kernel representation format
4724 *
4725 * This is used to filter Smack rules from remaining Audit ones.
4726 * If it's proved that this rule belongs to us, the
4727 * audit_rule_match hook will be called to do the final judgement.
4728 */
4729static int smack_audit_rule_known(struct audit_krule *krule)
4730{
4731 struct audit_field *f;
4732 int i;
4733
4734 for (i = 0; i < krule->field_count; i++) {
4735 f = &krule->fields[i];
4736
4737 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4738 return 1;
4739 }
4740
4741 return 0;
4742}
4743
4744/**
4745 * smack_audit_rule_match - Audit given object ?
4746 * @secid: security id for identifying the object to test
4747 * @field: audit rule flags given from user-space
4748 * @op: required testing operator
4749 * @vrule: smack internal rule presentation
d20bdda6
AD		 4750 *
4751 * The core Audit hook. It's used to take the decision of
4752 * whether to audit or not to audit a given object.
4753 */
90462a5b 4754static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
d20bdda6 4755{
2f823ff8 4756 struct smack_known *skp;
d20bdda6
AD		 4757 char *rule = vrule;
4758
4eb0f4ab
RGB		 4759 if (unlikely(!rule)) {
4760 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4761 return -ENOENT;
4762 }
4763
4764 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4765 return 0;
4766
2f823ff8 4767 skp = smack_from_secid(secid);
d20bdda6
AD		 4768
4769 /*
4770 * No need to do string comparisons. If a match occurs,
4771 * both pointers will point to the same smack_known
4772 * label.
4773 */
5af75d8d 4774 if (op == Audit_equal)
2f823ff8 4775 return (rule == skp->smk_known);
5af75d8d 4776 if (op == Audit_not_equal)
2f823ff8 4777 return (rule != skp->smk_known);
d20bdda6
AD		 4778
4779 return 0;
4780}
4781
491a0b08
CS		 4782/*
4783 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4784 * No memory was allocated.
4785 */
d20bdda6
AD		 4786
4787#endif /* CONFIG_AUDIT */
4788
746df9b5
DQ		 4789/**
4790 * smack_ismaclabel - check if xattr @name references a smack MAC label
4791 * @name: Full xattr name to check.
4792 */
4793static int smack_ismaclabel(const char *name)
4794{
4795 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4796}
4797
4798
251a2a95 4799/**
e114e473
CS		 4800 * smack_secid_to_secctx - return the smack label for a secid
4801 * @secid: incoming integer
4802 * @secdata: destination
4803 * @seclen: how long it is
4804 *
4805 * Exists for networking code.
4806 */
4807static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4808{
2f823ff8 4809 struct smack_known *skp = smack_from_secid(secid);
e114e473 4810
d5630b9d 4811 if (secdata)
2f823ff8
CS		 4812 *secdata = skp->smk_known;
4813 *seclen = strlen(skp->smk_known);
e114e473
CS		 4814 return 0;
4815}
4816
251a2a95 4817/**
4bc87e62
CS		 4818 * smack_secctx_to_secid - return the secid for a smack label
4819 * @secdata: smack label
4820 * @seclen: how long result is
4821 * @secid: outgoing integer
4822 *
4823 * Exists for audit and networking code.
4824 */
e52c1764 4825static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4826{
21c7eae2
LP		 4827 struct smack_known *skp = smk_find_entry(secdata);
4828
4829 if (skp)
4830 *secid = skp->smk_secid;
4831 else
4832 *secid = 0;
4bc87e62
CS		 4833 return 0;
4834}
4835
491a0b08
CS		 4836/*
4837 * There used to be a smack_release_secctx hook
4838 * that did nothing back when hooks were in a vector.
4839 * Now that there's a list such a hook adds cost.
e114e473 4840 */
e114e473 4841
1ee65e37
DQ		 4842static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4843{
c7c7a1a1
TA		 4844 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4845 ctxlen, 0);
1ee65e37
DQ		 4846}
4847
4848static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4849{
39f60c1c 4850 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
c7c7a1a1 4851 ctx, ctxlen, 0);
1ee65e37
DQ		 4852}
4853
4854static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4855{
0f8983cf 4856 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4857
0f8983cf
CS		 4858 *ctx = skp->smk_known;
4859 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4860 return 0;
4861}
4862
d6d80cb5
CS		 4863static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4864{
4865
4866 struct task_smack *tsp;
4867 struct smack_known *skp;
4868 struct inode_smack *isp;
4869 struct cred *new_creds = *new;
4870
4871 if (new_creds == NULL) {
4872 new_creds = prepare_creds();
4873 if (new_creds == NULL)
4874 return -ENOMEM;
4875 }
4876
b17103a8 4877 tsp = smack_cred(new_creds);
d6d80cb5
CS		 4878
4879 /*
4880 * Get label from overlay inode and set it in create_sid
4881 */
387ef964 4882 isp = smack_inode(d_inode(dentry));
d6d80cb5
CS		 4883 skp = isp->smk_inode;
4884 tsp->smk_task = skp;
4885 *new = new_creds;
4886 return 0;
4887}
4888
32538047 4889static int smack_inode_copy_up_xattr(struct dentry *src, const char *name)
d6d80cb5
CS		 4890{
4891 /*
4892 * Return 1 if this is the smack access Smack attribute.
4893 */
4894 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4895 return 1;
4896
4897 return -EOPNOTSUPP;
4898}
4899
4900static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4901 struct qstr *name,
4902 const struct cred *old,
4903 struct cred *new)
4904{
b17103a8
CS		 4905 struct task_smack *otsp = smack_cred(old);
4906 struct task_smack *ntsp = smack_cred(new);
d6d80cb5
CS		 4907 struct inode_smack *isp;
4908 int may;
4909
4910 /*
4911 * Use the process credential unless all of
4912 * the transmuting criteria are met
4913 */
4914 ntsp->smk_task = otsp->smk_task;
4915
4916 /*
4917 * the attribute of the containing directory
4918 */
fb4021b6 4919 isp = smack_inode(d_inode(dentry->d_parent));
d6d80cb5
CS		 4920
4921 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4922 rcu_read_lock();
4923 may = smk_access_entry(otsp->smk_task->smk_known,
4924 isp->smk_inode->smk_known,
4925 &otsp->smk_task->smk_rules);
4926 rcu_read_unlock();
4927
4928 /*
4929 * If the directory is transmuting and the rule
4930 * providing access is transmuting use the containing
4931 * directory label instead of the process label.
4932 */
2c085f3a 4933 if (may > 0 && (may & MAY_TRANSMUTE)) {
d6d80cb5 4934 ntsp->smk_task = isp->smk_inode;
2c085f3a
RS		 4935 ntsp->smk_transmuted = ntsp->smk_task;
4936 }
d6d80cb5
CS		 4937 }
4938 return 0;
4939}
4940
d9d8c939
CS		 4941#ifdef CONFIG_IO_URING
4942/**
4943 * smack_uring_override_creds - Is io_uring cred override allowed?
4944 * @new: the target creds
4945 *
4946 * Check to see if the current task is allowed to override it's credentials
4947 * to service an io_uring operation.
4948 */
4949static int smack_uring_override_creds(const struct cred *new)
4950{
4951 struct task_smack *tsp = smack_cred(current_cred());
4952 struct task_smack *nsp = smack_cred(new);
4953
4954 /*
4955 * Allow the degenerate case where the new Smack value is
4956 * the same as the current Smack value.
4957 */
4958 if (tsp->smk_task == nsp->smk_task)
4959 return 0;
4960
4961 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4962 return 0;
4963
4964 return -EPERM;
4965}
4966
4967/**
4968 * smack_uring_sqpoll - check if a io_uring polling thread can be created
4969 *
4970 * Check to see if the current task is allowed to create a new io_uring
4971 * kernel polling thread.
4972 */
4973static int smack_uring_sqpoll(void)
4974{
4975 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4976 return 0;
4977
4978 return -EPERM;
4979}
4980
dd937340
CS		 4981/**
4982 * smack_uring_cmd - check on file operations for io_uring
4983 * @ioucmd: the command in question
4984 *
4985 * Make a best guess about whether a io_uring "command" should
4986 * be allowed. Use the same logic used for determining if the
4987 * file could be opened for read in the absence of better criteria.
4988 */
4989static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
4990{
4991 struct file *file = ioucmd->file;
4992 struct smk_audit_info ad;
4993 struct task_smack *tsp;
4994 struct inode *inode;
4995 int rc;
4996
4997 if (!file)
4998 return -EINVAL;
4999
5000 tsp = smack_cred(file->f_cred);
5001 inode = file_inode(file);
5002
5003 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
5004 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5005 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
5006 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
5007
5008 return rc;
5009}
5010
d9d8c939
CS		 5011#endif /* CONFIG_IO_URING */
5012
f22f9aaf 5013struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
bbd3662a 5014 .lbs_cred = sizeof(struct task_smack),
33bf60ca 5015 .lbs_file = sizeof(struct smack_known *),
afb1cbe3 5016 .lbs_inode = sizeof(struct inode_smack),
ecd5f82e
CS		 5017 .lbs_ipc = sizeof(struct smack_known *),
5018 .lbs_msg_msg = sizeof(struct smack_known *),
1aea7808 5019 .lbs_superblock = sizeof(struct superblock_smack),
6bcdfd2c 5020 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
bbd3662a
CS		 5021};
5022
b1a867ee 5023static const struct lsm_id smack_lsmid = {
f3b8788c
CS		 5024 .name = "smack",
5025 .id = LSM_ID_SMACK,
5026};
5027
f22f9aaf 5028static struct security_hook_list smack_hooks[] __ro_after_init = {
e20b043a
CS		 5029 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
5030 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
5031 LSM_HOOK_INIT(syslog, smack_syslog),
5032
d80a8f1b 5033 LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount),
0b52075e 5034 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
2febd254
DH		 5035 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
5036
e20b043a 5037 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
204cc0cc 5038 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 5039 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 5040 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 5041 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a 5042
b8bff599 5043 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
e20b043a
CS		 5044
5045 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
e20b043a
CS		 5046 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
5047 LSM_HOOK_INIT(inode_link, smack_inode_link),
5048 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
5049 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
5050 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
5051 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
5052 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
5053 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
5054 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
5055 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
5056 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
5057 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
44faac01
CB		 5058 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
5059 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
5060 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
e20b043a
CS		 5061 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
5062 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
5063 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
5064 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
5065
e20b043a 5066 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
e20b043a 5067 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
f1bb47a3 5068 LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl),
e20b043a
CS		 5069 LSM_HOOK_INIT(file_lock, smack_file_lock),
5070 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
5071 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
5072 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
5073 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
5074 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
5075 LSM_HOOK_INIT(file_receive, smack_file_receive),
5076
5077 LSM_HOOK_INIT(file_open, smack_file_open),
5078
5079 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
5080 LSM_HOOK_INIT(cred_free, smack_cred_free),
5081 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
5082 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 5083 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 5084 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
5085 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
5086 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
5087 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
5088 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
6326948f 5089 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
1fb057dc 5090 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
e20b043a
CS		 5091 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
5092 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
5093 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
5094 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
5095 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
5096 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
5097 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 5098 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
5099
5100 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
5101 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
5102
5103 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
e20b043a 5104
0d79cbf8 5105 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 5106 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
5107 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
5108 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
5109 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
5110
0d79cbf8 5111 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 5112 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
5113 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
5114 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
5115
0d79cbf8 5116 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 5117 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
5118 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
5119 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
5120
5121 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
5122
38b323e5
CS		 5123 LSM_HOOK_INIT(getselfattr, smack_getselfattr),
5124 LSM_HOOK_INIT(setselfattr, smack_setselfattr),
e20b043a
CS		 5125 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
5126 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
5127
5128 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
5129 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
5130
5131 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 5132 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 5133#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 5134 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 5135#endif
e20b043a
CS		 5136 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
5137 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
5138 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
5139 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
5140 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
5141 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
5142 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4ca165fc 5143 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
e20b043a
CS		 5144 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
5145 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
5146 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 5147
e114e473
CS		 5148 /* key management security hooks */
5149#ifdef CONFIG_KEYS
e20b043a
CS		 5150 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
5151 LSM_HOOK_INIT(key_free, smack_key_free),
5152 LSM_HOOK_INIT(key_permission, smack_key_permission),
5153 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
a8478a60
DH		 5154#ifdef CONFIG_KEY_NOTIFICATIONS
5155 LSM_HOOK_INIT(watch_key, smack_watch_key),
5156#endif
e114e473 5157#endif /* CONFIG_KEYS */
d20bdda6 5158
a8478a60
DH		 5159#ifdef CONFIG_WATCH_QUEUE
5160 LSM_HOOK_INIT(post_notification, smack_post_notification),
5161#endif
5162
d20bdda6
AD		 5163 /* Audit hooks */
5164#ifdef CONFIG_AUDIT
e20b043a
CS		 5165 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
5166 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
5167 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 5168#endif /* CONFIG_AUDIT */
5169
e20b043a
CS		 5170 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
5171 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
5172 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 5173 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
5174 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
5175 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 5176 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
5177 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
5178 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
d9d8c939
CS		 5179#ifdef CONFIG_IO_URING
5180 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
5181 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
dd937340 5182 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
d9d8c939 5183#endif
e114e473
CS		 5184};
5185
7198e2ee 5186
86812bb0 5187static __init void init_smack_known_list(void)
7198e2ee 5188{
86812bb0
CS		 5189 /*
5190 * Initialize rule list locks
5191 */
5192 mutex_init(&smack_known_huh.smk_rules_lock);
5193 mutex_init(&smack_known_hat.smk_rules_lock);
5194 mutex_init(&smack_known_floor.smk_rules_lock);
5195 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 5196 mutex_init(&smack_known_web.smk_rules_lock);
5197 /*
5198 * Initialize rule lists
5199 */
5200 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
5201 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
5202 INIT_LIST_HEAD(&smack_known_star.smk_rules);
5203 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 5204 INIT_LIST_HEAD(&smack_known_web.smk_rules);
5205 /*
5206 * Create the known labels list
5207 */
4d7cf4a1
TS		 5208 smk_insert_entry(&smack_known_huh);
5209 smk_insert_entry(&smack_known_hat);
5210 smk_insert_entry(&smack_known_star);
5211 smk_insert_entry(&smack_known_floor);
4d7cf4a1 5212 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 5213}
5214
e114e473
CS		 5215/**
5216 * smack_init - initialize the smack system
5217 *
a1a07f22 5218 * Returns 0 on success, -ENOMEM is there's no memory
e114e473
CS		 5219 */
5220static __init int smack_init(void)
5221{
bbd3662a 5222 struct cred *cred = (struct cred *) current->cred;
676dac4b 5223 struct task_smack *tsp;
d84f4f99 5224
4e328b08 5225 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4ca75287 5226 if (!smack_rule_cache)
4e328b08 5227 return -ENOMEM;
4e328b08 5228
bbd3662a
CS		 5229 /*
5230 * Set the security state for the initial task.
5231 */
5232 tsp = smack_cred(cred);
5233 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
5234
5235 /*
5236 * Register with LSM
5237 */
f3b8788c 5238 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
d21b7b04
JB		 5239 smack_enabled = 1;
5240
21abb1ec
CS		 5241 pr_info("Smack: Initializing.\n");
5242#ifdef CONFIG_SECURITY_SMACK_NETFILTER
5243 pr_info("Smack: Netfilter enabled.\n");
5244#endif
5245#ifdef SMACK_IPV6_PORT_LABELING
5246 pr_info("Smack: IPv6 port labeling enabled.\n");
5247#endif
5248#ifdef SMACK_IPV6_SECMARK_LABELING
5249 pr_info("Smack: IPv6 Netfilter enabled.\n");
5250#endif
e114e473 5251
86812bb0
CS		 5252 /* initialize the smack_known_list */
5253 init_smack_known_list();
e114e473 5254
e114e473
CS		 5255 return 0;
5256}
5257
5258/*
5259 * Smack requires early initialization in order to label
5260 * all processes and objects when they are created.
5261 */
3d6e5f6d 5262DEFINE_LSM(smack) = {
07aed2f2 5263 .name = "smack",
14bd99c8 5264 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
bbd3662a 5265 .blobs = &smack_blob_sizes,
3d6e5f6d
KC		 5266 .init = smack_init,
5267};
A mirror of Linus' kernel repository