]> git.ipfire.org Git - thirdparty/linux.git/blame - security/smack/smack_lsm.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
smack: Fix a bidirectional UDS connect check typo
[thirdparty/linux.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
5a0e3ad6 31#include <linux/slab.h>
e114e473
CS		 32#include <linux/mutex.h>
33#include <linux/pipe_fs_i.h>
e114e473 34#include <net/cipso_ipv4.h>
c6739443
CS		 35#include <net/ip.h>
36#include <net/ipv6.h>
d20bdda6 37#include <linux/audit.h>
1fd7317d 38#include <linux/magic.h>
2a7dba39 39#include <linux/dcache.h>
16014d87 40#include <linux/personality.h>
40401530
AV		 41#include <linux/msg.h>
42#include <linux/shm.h>
43#include <linux/binfmts.h>
e114e473
CS		 44#include "smack.h"
45
c69e8d9c
DH		 46#define task_security(task) (task_cred_xxx((task), security))
47
5c6d1125
JS		 48#define TRANS_TRUE "TRUE"
49#define TRANS_TRUE_SIZE 4
50
c6739443
CS		 51#define SMK_CONNECTING 0
52#define SMK_RECEIVING 1
53#define SMK_SENDING 2
54
55LIST_HEAD(smk_ipv6_port_list);
1a5b472b 56static struct kmem_cache *smack_inode_cache;
c6739443 57
d166c802
CS		 58#ifdef CONFIG_SECURITY_SMACK_BRINGUP
59static void smk_bu_mode(int mode, char *s)
60{
61 int i = 0;
62
63 if (mode & MAY_READ)
64 s[i++] = 'r';
65 if (mode & MAY_WRITE)
66 s[i++] = 'w';
67 if (mode & MAY_EXEC)
68 s[i++] = 'x';
69 if (mode & MAY_APPEND)
70 s[i++] = 'a';
71 if (mode & MAY_TRANSMUTE)
72 s[i++] = 't';
73 if (mode & MAY_LOCK)
74 s[i++] = 'l';
75 if (i == 0)
76 s[i++] = '-';
77 s[i] = '\0';
78}
79#endif
80
81#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 82static int smk_bu_note(char *note, struct smack_known *sskp,
83 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 84{
85 char acc[SMK_NUM_ACCESS_TYPE + 1];
86
87 if (rc <= 0)
88 return rc;
89
90 smk_bu_mode(mode, acc);
91 pr_info("Smack Bringup: (%s %s %s) %s\n",
21c7eae2 92 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 93 return 0;
94}
95#else
21c7eae2 96#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 97#endif
98
99#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 100static int smk_bu_current(char *note, struct smack_known *oskp,
101 int mode, int rc)
d166c802
CS		 102{
103 struct task_smack *tsp = current_security();
104 char acc[SMK_NUM_ACCESS_TYPE + 1];
105
106 if (rc <= 0)
107 return rc;
108
109 smk_bu_mode(mode, acc);
110 pr_info("Smack Bringup: (%s %s %s) %s %s\n",
21c7eae2
LP		 111 tsp->smk_task->smk_known, oskp->smk_known,
112 acc, current->comm, note);
d166c802
CS		 113 return 0;
114}
115#else
21c7eae2 116#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 117#endif
118
119#ifdef CONFIG_SECURITY_SMACK_BRINGUP
120static int smk_bu_task(struct task_struct *otp, int mode, int rc)
121{
122 struct task_smack *tsp = current_security();
123 struct task_smack *otsp = task_security(otp);
124 char acc[SMK_NUM_ACCESS_TYPE + 1];
125
126 if (rc <= 0)
127 return rc;
128
129 smk_bu_mode(mode, acc);
130 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
131 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
132 current->comm, otp->comm);
133 return 0;
134}
135#else
136#define smk_bu_task(otp, mode, RC) (RC)
137#endif
138
139#ifdef CONFIG_SECURITY_SMACK_BRINGUP
140static int smk_bu_inode(struct inode *inode, int mode, int rc)
141{
142 struct task_smack *tsp = current_security();
143 char acc[SMK_NUM_ACCESS_TYPE + 1];
144
145 if (rc <= 0)
146 return rc;
147
148 smk_bu_mode(mode, acc);
149 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
21c7eae2 150 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
d166c802
CS		 151 inode->i_sb->s_id, inode->i_ino, current->comm);
152 return 0;
153}
154#else
155#define smk_bu_inode(inode, mode, RC) (RC)
156#endif
157
158#ifdef CONFIG_SECURITY_SMACK_BRINGUP
159static int smk_bu_file(struct file *file, int mode, int rc)
160{
161 struct task_smack *tsp = current_security();
162 struct smack_known *sskp = tsp->smk_task;
163 struct inode *inode = file->f_inode;
164 char acc[SMK_NUM_ACCESS_TYPE + 1];
165
166 if (rc <= 0)
167 return rc;
168
169 smk_bu_mode(mode, acc);
a455589f 170 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
d166c802 171 sskp->smk_known, (char *)file->f_security, acc,
a455589f 172 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 173 current->comm);
174 return 0;
175}
176#else
177#define smk_bu_file(file, mode, RC) (RC)
178#endif
179
180#ifdef CONFIG_SECURITY_SMACK_BRINGUP
181static int smk_bu_credfile(const struct cred *cred, struct file *file,
182 int mode, int rc)
183{
184 struct task_smack *tsp = cred->security;
185 struct smack_known *sskp = tsp->smk_task;
186 struct inode *inode = file->f_inode;
187 char acc[SMK_NUM_ACCESS_TYPE + 1];
188
189 if (rc <= 0)
190 return rc;
191
192 smk_bu_mode(mode, acc);
a455589f 193 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
21c7eae2 194 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 195 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 196 current->comm);
197 return 0;
198}
199#else
200#define smk_bu_credfile(cred, file, mode, RC) (RC)
201#endif
202
e114e473
CS		 203/**
204 * smk_fetch - Fetch the smack label from a file.
1a28979b 205 * @name: type of the label (attribute)
e114e473
CS		 206 * @ip: a pointer to the inode
207 * @dp: a pointer to the dentry
208 *
209 * Returns a pointer to the master list entry for the Smack label
210 * or NULL if there was no label to fetch.
211 */
2f823ff8
CS		 212static struct smack_known *smk_fetch(const char *name, struct inode *ip,
213 struct dentry *dp)
e114e473
CS		 214{
215 int rc;
f7112e6c 216 char *buffer;
2f823ff8 217 struct smack_known *skp = NULL;
e114e473
CS		 218
219 if (ip->i_op->getxattr == NULL)
220 return NULL;
221
f7112e6c
CS		 222 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
223 if (buffer == NULL)
e114e473
CS		 224 return NULL;
225
f7112e6c
CS		 226 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
227 if (rc > 0)
2f823ff8 228 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 229
230 kfree(buffer);
231
2f823ff8 232 return skp;
e114e473
CS		 233}
234
235/**
236 * new_inode_smack - allocate an inode security blob
21c7eae2 237 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 238 *
239 * Returns the new blob or NULL if there's no memory available
240 */
21c7eae2 241struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 242{
243 struct inode_smack *isp;
244
1a5b472b 245 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 246 if (isp == NULL)
247 return NULL;
248
21c7eae2 249 isp->smk_inode = skp;
e114e473
CS		 250 isp->smk_flags = 0;
251 mutex_init(&isp->smk_lock);
252
253 return isp;
254}
255
7898e1f8
CS		 256/**
257 * new_task_smack - allocate a task security blob
1a28979b
LP		 258 * @task: a pointer to the Smack label for the running task
259 * @forked: a pointer to the Smack label for the forked task
260 * @gfp: type of the memory for the allocation
7898e1f8
CS		 261 *
262 * Returns the new blob or NULL if there's no memory available
263 */
2f823ff8
CS		 264static struct task_smack *new_task_smack(struct smack_known *task,
265 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 266{
267 struct task_smack *tsp;
268
269 tsp = kzalloc(sizeof(struct task_smack), gfp);
270 if (tsp == NULL)
271 return NULL;
272
273 tsp->smk_task = task;
274 tsp->smk_forked = forked;
275 INIT_LIST_HEAD(&tsp->smk_rules);
276 mutex_init(&tsp->smk_rules_lock);
277
278 return tsp;
279}
280
281/**
282 * smk_copy_rules - copy a rule set
1a28979b
LP		 283 * @nhead: new rules header pointer
284 * @ohead: old rules header pointer
285 * @gfp: type of the memory for the allocation
7898e1f8
CS		 286 *
287 * Returns 0 on success, -ENOMEM on error
288 */
289static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
290 gfp_t gfp)
291{
292 struct smack_rule *nrp;
293 struct smack_rule *orp;
294 int rc = 0;
295
296 INIT_LIST_HEAD(nhead);
297
298 list_for_each_entry_rcu(orp, ohead, list) {
299 nrp = kzalloc(sizeof(struct smack_rule), gfp);
300 if (nrp == NULL) {
301 rc = -ENOMEM;
302 break;
303 }
304 *nrp = *orp;
305 list_add_rcu(&nrp->list, nhead);
306 }
307 return rc;
308}
309
5663884c
LP		 310/**
311 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
312 * @mode - input mode in form of PTRACE_MODE_*
313 *
314 * Returns a converted MAY_* mode usable by smack rules
315 */
316static inline unsigned int smk_ptrace_mode(unsigned int mode)
317{
318 switch (mode) {
319 case PTRACE_MODE_READ:
320 return MAY_READ;
321 case PTRACE_MODE_ATTACH:
322 return MAY_READWRITE;
323 }
324
325 return 0;
326}
327
328/**
329 * smk_ptrace_rule_check - helper for ptrace access
330 * @tracer: tracer process
21c7eae2 331 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 332 * @mode: ptrace attachment mode (PTRACE_MODE_*)
333 * @func: name of the function that called us, used for audit
334 *
335 * Returns 0 on access granted, -error on error
336 */
21c7eae2
LP		 337static int smk_ptrace_rule_check(struct task_struct *tracer,
338 struct smack_known *tracee_known,
5663884c
LP		 339 unsigned int mode, const char *func)
340{
341 int rc;
342 struct smk_audit_info ad, *saip = NULL;
343 struct task_smack *tsp;
21c7eae2 344 struct smack_known *tracer_known;
5663884c
LP		 345
346 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
347 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
348 smk_ad_setfield_u_tsk(&ad, tracer);
349 saip = &ad;
350 }
351
352 tsp = task_security(tracer);
21c7eae2 353 tracer_known = smk_of_task(tsp);
5663884c 354
66867818
LP		 355 if ((mode & PTRACE_MODE_ATTACH) &&
356 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
357 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 358 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 359 rc = 0;
360 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
361 rc = -EACCES;
362 else if (capable(CAP_SYS_PTRACE))
363 rc = 0;
364 else
365 rc = -EACCES;
366
367 if (saip)
21c7eae2
LP		 368 smack_log(tracer_known->smk_known,
369 tracee_known->smk_known,
370 0, rc, saip);
66867818
LP		 371
372 return rc;
373 }
374
375 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 376 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
5663884c
LP		 377 return rc;
378}
379
e114e473
CS		 380/*
381 * LSM hooks.
382 * We he, that is fun!
383 */
384
385/**
9e48858f 386 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 387 * @ctp: child task pointer
5663884c 388 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 389 *
390 * Returns 0 if access is OK, an error code otherwise
391 *
5663884c 392 * Do the capability checks.
e114e473 393 */
9e48858f 394static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473
CS		 395{
396 int rc;
2f823ff8 397 struct smack_known *skp;
e114e473 398
9e48858f 399 rc = cap_ptrace_access_check(ctp, mode);
e114e473
CS		 400 if (rc != 0)
401 return rc;
402
2f823ff8 403 skp = smk_of_task(task_security(ctp));
ecfcc53f 404
21c7eae2 405 rc = smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 406 return rc;
407}
408
409/**
410 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
411 * @ptp: parent task pointer
412 *
413 * Returns 0 if access is OK, an error code otherwise
414 *
5663884c 415 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 416 */
417static int smack_ptrace_traceme(struct task_struct *ptp)
418{
419 int rc;
2f823ff8 420 struct smack_known *skp;
5cd9c58f
DH		 421
422 rc = cap_ptrace_traceme(ptp);
423 if (rc != 0)
424 return rc;
e114e473 425
959e6c7f 426 skp = smk_of_task(current_security());
ecfcc53f 427
21c7eae2 428 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 429 return rc;
430}
431
432/**
433 * smack_syslog - Smack approval on syslog
434 * @type: message type
435 *
e114e473
CS		 436 * Returns 0 on success, error code otherwise.
437 */
12b3052c 438static int smack_syslog(int typefrom_file)
e114e473 439{
12b3052c 440 int rc = 0;
2f823ff8 441 struct smack_known *skp = smk_of_current();
e114e473 442
1880eff7 443 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 444 return 0;
445
24ea1b6e 446 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 447 rc = -EACCES;
448
449 return rc;
450}
451
452
453/*
454 * Superblock Hooks.
455 */
456
457/**
458 * smack_sb_alloc_security - allocate a superblock blob
459 * @sb: the superblock getting the blob
460 *
461 * Returns 0 on success or -ENOMEM on error.
462 */
463static int smack_sb_alloc_security(struct super_block *sb)
464{
465 struct superblock_smack *sbsp;
466
467 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
468
469 if (sbsp == NULL)
470 return -ENOMEM;
471
21c7eae2
LP		 472 sbsp->smk_root = &smack_known_floor;
473 sbsp->smk_default = &smack_known_floor;
474 sbsp->smk_floor = &smack_known_floor;
475 sbsp->smk_hat = &smack_known_hat;
e830b394
CS		 476 /*
477 * smk_initialized will be zero from kzalloc.
478 */
e114e473
CS		 479 sb->s_security = sbsp;
480
481 return 0;
482}
483
484/**
485 * smack_sb_free_security - free a superblock blob
486 * @sb: the superblock getting the blob
487 *
488 */
489static void smack_sb_free_security(struct super_block *sb)
490{
491 kfree(sb->s_security);
492 sb->s_security = NULL;
493}
494
495/**
496 * smack_sb_copy_data - copy mount options data for processing
e114e473 497 * @orig: where to start
251a2a95 498 * @smackopts: mount options string
e114e473
CS		 499 *
500 * Returns 0 on success or -ENOMEM on error.
501 *
502 * Copy the Smack specific mount options out of the mount
503 * options list.
504 */
e0007529 505static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 506{
507 char *cp, *commap, *otheropts, *dp;
508
e114e473
CS		 509 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
510 if (otheropts == NULL)
511 return -ENOMEM;
512
513 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
514 if (strstr(cp, SMK_FSDEFAULT) == cp)
515 dp = smackopts;
516 else if (strstr(cp, SMK_FSFLOOR) == cp)
517 dp = smackopts;
518 else if (strstr(cp, SMK_FSHAT) == cp)
519 dp = smackopts;
520 else if (strstr(cp, SMK_FSROOT) == cp)
521 dp = smackopts;
e830b394
CS		 522 else if (strstr(cp, SMK_FSTRANS) == cp)
523 dp = smackopts;
e114e473
CS		 524 else
525 dp = otheropts;
526
527 commap = strchr(cp, ',');
528 if (commap != NULL)
529 *commap = '\0';
530
531 if (*dp != '\0')
532 strcat(dp, ",");
533 strcat(dp, cp);
534 }
535
536 strcpy(orig, otheropts);
537 free_page((unsigned long)otheropts);
538
539 return 0;
540}
541
542/**
543 * smack_sb_kern_mount - Smack specific mount processing
544 * @sb: the file system superblock
12204e24 545 * @flags: the mount flags
e114e473
CS		 546 * @data: the smack mount options
547 *
548 * Returns 0 on success, an error code on failure
549 */
12204e24 550static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
e114e473
CS		 551{
552 struct dentry *root = sb->s_root;
553 struct inode *inode = root->d_inode;
554 struct superblock_smack *sp = sb->s_security;
555 struct inode_smack *isp;
24ea1b6e 556 struct smack_known *skp;
e114e473
CS		 557 char *op;
558 char *commap;
e830b394 559 int transmute = 0;
24ea1b6e 560 int specified = 0;
e114e473 561
e830b394 562 if (sp->smk_initialized)
e114e473 563 return 0;
eb982cb4 564
e114e473 565 sp->smk_initialized = 1;
e114e473
CS		 566
567 for (op = data; op != NULL; op = commap) {
568 commap = strchr(op, ',');
569 if (commap != NULL)
570 *commap++ = '\0';
571
572 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
573 op += strlen(SMK_FSHAT);
21c7eae2
LP		 574 skp = smk_import_entry(op, 0);
575 if (skp != NULL) {
576 sp->smk_hat = skp;
24ea1b6e
CS		 577 specified = 1;
578 }
e114e473
CS		 579 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
580 op += strlen(SMK_FSFLOOR);
21c7eae2
LP		 581 skp = smk_import_entry(op, 0);
582 if (skp != NULL) {
583 sp->smk_floor = skp;
24ea1b6e
CS		 584 specified = 1;
585 }
e114e473
CS		 586 } else if (strncmp(op, SMK_FSDEFAULT,
587 strlen(SMK_FSDEFAULT)) == 0) {
588 op += strlen(SMK_FSDEFAULT);
21c7eae2
LP		 589 skp = smk_import_entry(op, 0);
590 if (skp != NULL) {
591 sp->smk_default = skp;
24ea1b6e
CS		 592 specified = 1;
593 }
e114e473
CS		 594 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
595 op += strlen(SMK_FSROOT);
21c7eae2
LP		 596 skp = smk_import_entry(op, 0);
597 if (skp != NULL) {
598 sp->smk_root = skp;
24ea1b6e
CS		 599 specified = 1;
600 }
e830b394
CS		 601 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
602 op += strlen(SMK_FSTRANS);
21c7eae2
LP		 603 skp = smk_import_entry(op, 0);
604 if (skp != NULL) {
605 sp->smk_root = skp;
e830b394 606 transmute = 1;
24ea1b6e 607 specified = 1;
e830b394 608 }
e114e473
CS		 609 }
610 }
611
24ea1b6e
CS		 612 if (!smack_privileged(CAP_MAC_ADMIN)) {
613 /*
614 * Unprivileged mounts don't get to specify Smack values.
615 */
616 if (specified)
617 return -EPERM;
618 /*
619 * Unprivileged mounts get root and default from the caller.
620 */
621 skp = smk_of_current();
21c7eae2
LP		 622 sp->smk_root = skp;
623 sp->smk_default = skp;
24ea1b6e 624 }
e114e473
CS		 625 /*
626 * Initialize the root inode.
627 */
628 isp = inode->i_security;
55dfc5da
JB		 629 if (isp == NULL) {
630 isp = new_inode_smack(sp->smk_root);
631 if (isp == NULL)
632 return -ENOMEM;
633 inode->i_security = isp;
e830b394 634 } else
e114e473
CS		 635 isp->smk_inode = sp->smk_root;
636
e830b394
CS		 637 if (transmute)
638 isp->smk_flags |= SMK_INODE_TRANSMUTE;
639
e114e473
CS		 640 return 0;
641}
642
643/**
644 * smack_sb_statfs - Smack check on statfs
645 * @dentry: identifies the file system in question
646 *
647 * Returns 0 if current can read the floor of the filesystem,
648 * and error code otherwise
649 */
650static int smack_sb_statfs(struct dentry *dentry)
651{
652 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 653 int rc;
654 struct smk_audit_info ad;
655
a269434d 656 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 657 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 658
ecfcc53f 659 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 660 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 661 return rc;
e114e473
CS		 662}
663
676dac4b
CS		 664/*
665 * BPRM hooks
666 */
667
ce8a4321
CS		 668/**
669 * smack_bprm_set_creds - set creds for exec
670 * @bprm: the exec information
671 *
5663884c 672 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 673 */
676dac4b
CS		 674static int smack_bprm_set_creds(struct linux_binprm *bprm)
675{
496ad9aa 676 struct inode *inode = file_inode(bprm->file);
84088ba2 677 struct task_smack *bsp = bprm->cred->security;
676dac4b 678 struct inode_smack *isp;
676dac4b
CS		 679 int rc;
680
681 rc = cap_bprm_set_creds(bprm);
682 if (rc != 0)
683 return rc;
684
685 if (bprm->cred_prepared)
686 return 0;
687
84088ba2
JS		 688 isp = inode->i_security;
689 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 690 return 0;
691
5663884c
LP		 692 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
693 struct task_struct *tracer;
694 rc = 0;
695
696 rcu_read_lock();
697 tracer = ptrace_parent(current);
698 if (likely(tracer != NULL))
699 rc = smk_ptrace_rule_check(tracer,
21c7eae2 700 isp->smk_task,
5663884c
LP		 701 PTRACE_MODE_ATTACH,
702 __func__);
703 rcu_read_unlock();
704
705 if (rc != 0)
706 return rc;
707 } else if (bprm->unsafe)
84088ba2 708 return -EPERM;
676dac4b 709
84088ba2
JS		 710 bsp->smk_task = isp->smk_task;
711 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 712
84088ba2
JS		 713 return 0;
714}
676dac4b 715
84088ba2
JS		 716/**
717 * smack_bprm_committing_creds - Prepare to install the new credentials
718 * from bprm.
719 *
720 * @bprm: binprm for exec
721 */
722static void smack_bprm_committing_creds(struct linux_binprm *bprm)
723{
724 struct task_smack *bsp = bprm->cred->security;
676dac4b 725
84088ba2
JS		 726 if (bsp->smk_task != bsp->smk_forked)
727 current->pdeath_signal = 0;
728}
729
730/**
731 * smack_bprm_secureexec - Return the decision to use secureexec.
732 * @bprm: binprm for exec
733 *
734 * Returns 0 on success.
735 */
736static int smack_bprm_secureexec(struct linux_binprm *bprm)
737{
738 struct task_smack *tsp = current_security();
739 int ret = cap_bprm_secureexec(bprm);
740
741 if (!ret && (tsp->smk_task != tsp->smk_forked))
742 ret = 1;
743
744 return ret;
676dac4b
CS		 745}
746
e114e473
CS		 747/*
748 * Inode hooks
749 */
750
751/**
752 * smack_inode_alloc_security - allocate an inode blob
251a2a95 753 * @inode: the inode in need of a blob
e114e473
CS		 754 *
755 * Returns 0 if it gets a blob, -ENOMEM otherwise
756 */
757static int smack_inode_alloc_security(struct inode *inode)
758{
2f823ff8
CS		 759 struct smack_known *skp = smk_of_current();
760
21c7eae2 761 inode->i_security = new_inode_smack(skp);
e114e473
CS		 762 if (inode->i_security == NULL)
763 return -ENOMEM;
764 return 0;
765}
766
767/**
768 * smack_inode_free_security - free an inode blob
251a2a95 769 * @inode: the inode with a blob
e114e473
CS		 770 *
771 * Clears the blob pointer in inode
772 */
773static void smack_inode_free_security(struct inode *inode)
774{
1a5b472b 775 kmem_cache_free(smack_inode_cache, inode->i_security);
e114e473
CS		 776 inode->i_security = NULL;
777}
778
779/**
780 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 781 * @inode: the newly created inode
782 * @dir: containing directory object
2a7dba39 783 * @qstr: unused
e114e473
CS		 784 * @name: where to put the attribute name
785 * @value: where to put the attribute value
786 * @len: where to put the length of the attribute
787 *
788 * Returns 0 if it all works out, -ENOMEM if there's no memory
789 */
790static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 791 const struct qstr *qstr, const char **name,
2a7dba39 792 void **value, size_t *len)
e114e473 793{
2267b13a 794 struct inode_smack *issp = inode->i_security;
2f823ff8 795 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 796 struct smack_known *isp = smk_of_inode(inode);
797 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 798 int may;
e114e473 799
9548906b
TH		 800 if (name)
801 *name = XATTR_SMACK_SUFFIX;
e114e473 802
68390ccf 803 if (value && len) {
7898e1f8 804 rcu_read_lock();
21c7eae2
LP		 805 may = smk_access_entry(skp->smk_known, dsp->smk_known,
806 &skp->smk_rules);
7898e1f8 807 rcu_read_unlock();
5c6d1125
JS		 808
809 /*
810 * If the access rule allows transmutation and
811 * the directory requests transmutation then
812 * by all means transmute.
2267b13a 813 * Mark the inode as changed.
5c6d1125 814 */
7898e1f8 815 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 816 smk_inode_transmutable(dir)) {
5c6d1125 817 isp = dsp;
2267b13a
CS		 818 issp->smk_flags |= SMK_INODE_CHANGED;
819 }
5c6d1125 820
21c7eae2 821 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 822 if (*value == NULL)
823 return -ENOMEM;
e114e473 824
21c7eae2 825 *len = strlen(isp->smk_known);
68390ccf 826 }
e114e473
CS		 827
828 return 0;
829}
830
831/**
832 * smack_inode_link - Smack check on link
833 * @old_dentry: the existing object
834 * @dir: unused
835 * @new_dentry: the new object
836 *
837 * Returns 0 if access is permitted, an error code otherwise
838 */
839static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
840 struct dentry *new_dentry)
841{
21c7eae2 842 struct smack_known *isp;
ecfcc53f
EB		 843 struct smk_audit_info ad;
844 int rc;
845
a269434d 846 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 847 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 848
849 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 850 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 851 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
e114e473
CS		 852
853 if (rc == 0 && new_dentry->d_inode != NULL) {
854 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 855 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
856 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 857 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
e114e473
CS		 858 }
859
860 return rc;
861}
862
863/**
864 * smack_inode_unlink - Smack check on inode deletion
865 * @dir: containing directory object
866 * @dentry: file to unlink
867 *
868 * Returns 0 if current can write the containing directory
869 * and the object, error code otherwise
870 */
871static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
872{
873 struct inode *ip = dentry->d_inode;
ecfcc53f 874 struct smk_audit_info ad;
e114e473
CS		 875 int rc;
876
a269434d 877 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 878 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
879
e114e473
CS		 880 /*
881 * You need write access to the thing you're unlinking
882 */
ecfcc53f 883 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 884 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 885 if (rc == 0) {
e114e473
CS		 886 /*
887 * You also need write access to the containing directory
888 */
cdb56b60 889 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 890 smk_ad_setfield_u_fs_inode(&ad, dir);
891 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 892 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 893 }
e114e473
CS		 894 return rc;
895}
896
897/**
898 * smack_inode_rmdir - Smack check on directory deletion
899 * @dir: containing directory object
900 * @dentry: directory to unlink
901 *
902 * Returns 0 if current can write the containing directory
903 * and the directory, error code otherwise
904 */
905static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
906{
ecfcc53f 907 struct smk_audit_info ad;
e114e473
CS		 908 int rc;
909
a269434d 910 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 911 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
912
e114e473
CS		 913 /*
914 * You need write access to the thing you're removing
915 */
ecfcc53f 916 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 917 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
ecfcc53f 918 if (rc == 0) {
e114e473
CS		 919 /*
920 * You also need write access to the containing directory
921 */
cdb56b60 922 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 923 smk_ad_setfield_u_fs_inode(&ad, dir);
924 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 925 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 926 }
e114e473
CS		 927
928 return rc;
929}
930
931/**
932 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 933 * @old_inode: unused
934 * @old_dentry: the old object
935 * @new_inode: unused
936 * @new_dentry: the new object
e114e473
CS		 937 *
938 * Read and write access is required on both the old and
939 * new directories.
940 *
941 * Returns 0 if access is permitted, an error code otherwise
942 */
943static int smack_inode_rename(struct inode *old_inode,
944 struct dentry *old_dentry,
945 struct inode *new_inode,
946 struct dentry *new_dentry)
947{
948 int rc;
21c7eae2 949 struct smack_known *isp;
ecfcc53f
EB		 950 struct smk_audit_info ad;
951
a269434d 952 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 953 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 954
955 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 956 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 957 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
e114e473
CS		 958
959 if (rc == 0 && new_dentry->d_inode != NULL) {
960 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 961 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
962 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 963 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
e114e473 964 }
e114e473
CS		 965 return rc;
966}
967
968/**
969 * smack_inode_permission - Smack version of permission()
970 * @inode: the inode in question
971 * @mask: the access requested
e114e473
CS		 972 *
973 * This is the important Smack hook.
974 *
975 * Returns 0 if access is permitted, -EACCES otherwise
976 */
e74f71eb 977static int smack_inode_permission(struct inode *inode, int mask)
e114e473 978{
ecfcc53f 979 struct smk_audit_info ad;
e74f71eb 980 int no_block = mask & MAY_NOT_BLOCK;
d166c802 981 int rc;
d09ca739
EP		 982
983 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 984 /*
985 * No permission to check. Existence test. Yup, it's there.
986 */
987 if (mask == 0)
988 return 0;
8c9e80ed
AK		 989
990 /* May be droppable after audit */
e74f71eb 991 if (no_block)
8c9e80ed 992 return -ECHILD;
f48b7399 993 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 994 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 995 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
996 rc = smk_bu_inode(inode, mask, rc);
997 return rc;
e114e473
CS		 998}
999
1000/**
1001 * smack_inode_setattr - Smack check for setting attributes
1002 * @dentry: the object
1003 * @iattr: for the force flag
1004 *
1005 * Returns 0 if access is permitted, an error code otherwise
1006 */
1007static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1008{
ecfcc53f 1009 struct smk_audit_info ad;
d166c802
CS		 1010 int rc;
1011
e114e473
CS		 1012 /*
1013 * Need to allow for clearing the setuid bit.
1014 */
1015 if (iattr->ia_valid & ATTR_FORCE)
1016 return 0;
a269434d 1017 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1018 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1019
d166c802
CS		 1020 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1021 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1022 return rc;
e114e473
CS		 1023}
1024
1025/**
1026 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1027 * @mnt: vfsmount of the object
e114e473
CS		 1028 * @dentry: the object
1029 *
1030 * Returns 0 if access is permitted, an error code otherwise
1031 */
1032static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1033{
ecfcc53f 1034 struct smk_audit_info ad;
a269434d 1035 struct path path;
d166c802 1036 int rc;
ecfcc53f 1037
a269434d
EP		 1038 path.dentry = dentry;
1039 path.mnt = mnt;
ecfcc53f 1040
f48b7399 1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
a269434d 1042 smk_ad_setfield_u_fs_path(&ad, path);
d166c802
CS		 1043 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1044 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1045 return rc;
e114e473
CS		 1046}
1047
1048/**
1049 * smack_inode_setxattr - Smack check for setting xattrs
1050 * @dentry: the object
1051 * @name: name of the attribute
e95ef49b
LP		 1052 * @value: value of the attribute
1053 * @size: size of the value
e114e473
CS		 1054 * @flags: unused
1055 *
1056 * This protects the Smack attribute explicitly.
1057 *
1058 * Returns 0 if access is permitted, an error code otherwise
1059 */
8f0cfa52
DH		 1060static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1061 const void *value, size_t size, int flags)
e114e473 1062{
ecfcc53f 1063 struct smk_audit_info ad;
19760ad0
CS		 1064 struct smack_known *skp;
1065 int check_priv = 0;
1066 int check_import = 0;
1067 int check_star = 0;
bcdca225 1068 int rc = 0;
e114e473 1069
19760ad0
CS		 1070 /*
1071 * Check label validity here so import won't fail in post_setxattr
1072 */
bcdca225
CS		 1073 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1074 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1075 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1076 check_priv = 1;
1077 check_import = 1;
1078 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1079 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1080 check_priv = 1;
1081 check_import = 1;
1082 check_star = 1;
5c6d1125 1083 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1084 check_priv = 1;
5c6d1125
JS		 1085 if (size != TRANS_TRUE_SIZE ||
1086 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1087 rc = -EINVAL;
bcdca225
CS		 1088 } else
1089 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1090
19760ad0
CS		 1091 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1092 rc = -EPERM;
1093
1094 if (rc == 0 && check_import) {
b862e561 1095 skp = size ? smk_import_entry(value, size) : NULL;
19760ad0
CS		 1096 if (skp == NULL || (check_star &&
1097 (skp == &smack_known_star || skp == &smack_known_web)))
1098 rc = -EINVAL;
1099 }
1100
a269434d 1101 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1102 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1103
d166c802 1104 if (rc == 0) {
ecfcc53f 1105 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802
CS		 1106 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1107 }
bcdca225
CS		 1108
1109 return rc;
e114e473
CS		 1110}
1111
1112/**
1113 * smack_inode_post_setxattr - Apply the Smack update approved above
1114 * @dentry: object
1115 * @name: attribute name
1116 * @value: attribute value
1117 * @size: attribute size
1118 * @flags: unused
1119 *
1120 * Set the pointer in the inode blob to the entry found
1121 * in the master label list.
1122 */
8f0cfa52
DH		 1123static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1124 const void *value, size_t size, int flags)
e114e473 1125{
2f823ff8 1126 struct smack_known *skp;
5c6d1125 1127 struct inode_smack *isp = dentry->d_inode->i_security;
676dac4b 1128
2f823ff8
CS		 1129 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1130 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1131 return;
1132 }
1133
676dac4b 1134 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1135 skp = smk_import_entry(value, size);
2f823ff8 1136 if (skp != NULL)
21c7eae2 1137 isp->smk_inode = skp;
676dac4b 1138 else
21c7eae2 1139 isp->smk_inode = &smack_known_invalid;
5c6d1125 1140 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1141 skp = smk_import_entry(value, size);
2f823ff8
CS		 1142 if (skp != NULL)
1143 isp->smk_task = skp;
676dac4b 1144 else
2f823ff8 1145 isp->smk_task = &smack_known_invalid;
7898e1f8 1146 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1147 skp = smk_import_entry(value, size);
2f823ff8
CS		 1148 if (skp != NULL)
1149 isp->smk_mmap = skp;
7898e1f8 1150 else
2f823ff8
CS		 1151 isp->smk_mmap = &smack_known_invalid;
1152 }
e114e473
CS		 1153
1154 return;
1155}
1156
ce8a4321 1157/**
e114e473
CS		 1158 * smack_inode_getxattr - Smack check on getxattr
1159 * @dentry: the object
1160 * @name: unused
1161 *
1162 * Returns 0 if access is permitted, an error code otherwise
1163 */
8f0cfa52 1164static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1165{
ecfcc53f 1166 struct smk_audit_info ad;
d166c802 1167 int rc;
ecfcc53f 1168
a269434d 1169 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1170 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1171
d166c802
CS		 1172 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1173 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1174 return rc;
e114e473
CS		 1175}
1176
ce8a4321 1177/**
e114e473
CS		 1178 * smack_inode_removexattr - Smack check on removexattr
1179 * @dentry: the object
1180 * @name: name of the attribute
1181 *
1182 * Removing the Smack attribute requires CAP_MAC_ADMIN
1183 *
1184 * Returns 0 if access is permitted, an error code otherwise
1185 */
8f0cfa52 1186static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1187{
676dac4b 1188 struct inode_smack *isp;
ecfcc53f 1189 struct smk_audit_info ad;
bcdca225 1190 int rc = 0;
e114e473 1191
bcdca225
CS		 1192 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1193 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1194 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1195 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1196 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1197 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1198 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1199 rc = -EPERM;
1200 } else
1201 rc = cap_inode_removexattr(dentry, name);
1202
f59bdfba
CS		 1203 if (rc != 0)
1204 return rc;
1205
a269434d 1206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1207 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1208
f59bdfba 1209 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 1210 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
f59bdfba
CS		 1211 if (rc != 0)
1212 return rc;
1213
1214 isp = dentry->d_inode->i_security;
1215 /*
1216 * Don't do anything special for these.
1217 * XATTR_NAME_SMACKIPIN
1218 * XATTR_NAME_SMACKIPOUT
1219 * XATTR_NAME_SMACKEXEC
1220 */
1221 if (strcmp(name, XATTR_NAME_SMACK) == 0)
676dac4b 1222 isp->smk_task = NULL;
f59bdfba 1223 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1224 isp->smk_mmap = NULL;
f59bdfba
CS		 1225 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1226 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1227
f59bdfba 1228 return 0;
e114e473
CS		 1229}
1230
1231/**
1232 * smack_inode_getsecurity - get smack xattrs
1233 * @inode: the object
1234 * @name: attribute name
1235 * @buffer: where to put the result
251a2a95 1236 * @alloc: unused
e114e473
CS		 1237 *
1238 * Returns the size of the attribute or an error code
1239 */
1240static int smack_inode_getsecurity(const struct inode *inode,
1241 const char *name, void **buffer,
1242 bool alloc)
1243{
1244 struct socket_smack *ssp;
1245 struct socket *sock;
1246 struct super_block *sbp;
1247 struct inode *ip = (struct inode *)inode;
21c7eae2 1248 struct smack_known *isp;
e114e473
CS		 1249 int ilen;
1250 int rc = 0;
1251
1252 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1253 isp = smk_of_inode(inode);
21c7eae2
LP		 1254 ilen = strlen(isp->smk_known);
1255 *buffer = isp->smk_known;
e114e473
CS		 1256 return ilen;
1257 }
1258
1259 /*
1260 * The rest of the Smack xattrs are only on sockets.
1261 */
1262 sbp = ip->i_sb;
1263 if (sbp->s_magic != SOCKFS_MAGIC)
1264 return -EOPNOTSUPP;
1265
1266 sock = SOCKET_I(ip);
2e1d146a 1267 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 1268 return -EOPNOTSUPP;
1269
1270 ssp = sock->sk->sk_security;
1271
1272 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
21c7eae2 1273 isp = ssp->smk_in;
e114e473 1274 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
21c7eae2 1275 isp = ssp->smk_out;
e114e473
CS		 1276 else
1277 return -EOPNOTSUPP;
1278
21c7eae2 1279 ilen = strlen(isp->smk_known);
e114e473 1280 if (rc == 0) {
21c7eae2 1281 *buffer = isp->smk_known;
e114e473
CS		 1282 rc = ilen;
1283 }
1284
1285 return rc;
1286}
1287
1288
1289/**
1290 * smack_inode_listsecurity - list the Smack attributes
1291 * @inode: the object
1292 * @buffer: where they go
1293 * @buffer_size: size of buffer
1294 *
1295 * Returns 0 on success, -EINVAL otherwise
1296 */
1297static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1298 size_t buffer_size)
1299{
fd5c9d23 1300 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1301
fd5c9d23 1302 if (buffer != NULL && len <= buffer_size)
e114e473 1303 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1304
1305 return len;
e114e473
CS		 1306}
1307
d20bdda6
AD		 1308/**
1309 * smack_inode_getsecid - Extract inode's security id
1310 * @inode: inode to extract the info from
1311 * @secid: where result will be saved
1312 */
1313static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1314{
1315 struct inode_smack *isp = inode->i_security;
1316
21c7eae2 1317 *secid = isp->smk_inode->smk_secid;
d20bdda6
AD		 1318}
1319
e114e473
CS		 1320/*
1321 * File Hooks
1322 */
1323
1324/**
1325 * smack_file_permission - Smack check on file operations
1326 * @file: unused
1327 * @mask: unused
1328 *
1329 * Returns 0
1330 *
1331 * Should access checks be done on each read or write?
1332 * UNICOS and SELinux say yes.
1333 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1334 *
1335 * I'll say no for now. Smack does not do the frequent
1336 * label changing that SELinux does.
1337 */
1338static int smack_file_permission(struct file *file, int mask)
1339{
1340 return 0;
1341}
1342
1343/**
1344 * smack_file_alloc_security - assign a file security blob
1345 * @file: the object
1346 *
1347 * The security blob for a file is a pointer to the master
1348 * label list, so no allocation is done.
1349 *
1350 * Returns 0
1351 */
1352static int smack_file_alloc_security(struct file *file)
1353{
2f823ff8
CS		 1354 struct smack_known *skp = smk_of_current();
1355
21c7eae2 1356 file->f_security = skp;
e114e473
CS		 1357 return 0;
1358}
1359
1360/**
1361 * smack_file_free_security - clear a file security blob
1362 * @file: the object
1363 *
1364 * The security blob for a file is a pointer to the master
1365 * label list, so no memory is freed.
1366 */
1367static void smack_file_free_security(struct file *file)
1368{
1369 file->f_security = NULL;
1370}
1371
1372/**
1373 * smack_file_ioctl - Smack check on ioctls
1374 * @file: the object
1375 * @cmd: what to do
1376 * @arg: unused
1377 *
1378 * Relies heavily on the correct use of the ioctl command conventions.
1379 *
1380 * Returns 0 if allowed, error code otherwise
1381 */
1382static int smack_file_ioctl(struct file *file, unsigned int cmd,
1383 unsigned long arg)
1384{
1385 int rc = 0;
ecfcc53f
EB		 1386 struct smk_audit_info ad;
1387
f48b7399 1388 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1389 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1390
d166c802 1391 if (_IOC_DIR(cmd) & _IOC_WRITE) {
ecfcc53f 1392 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
d166c802
CS		 1393 rc = smk_bu_file(file, MAY_WRITE, rc);
1394 }
e114e473 1395
d166c802 1396 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
ecfcc53f 1397 rc = smk_curacc(file->f_security, MAY_READ, &ad);
d166c802
CS		 1398 rc = smk_bu_file(file, MAY_READ, rc);
1399 }
e114e473
CS		 1400
1401 return rc;
1402}
1403
1404/**
1405 * smack_file_lock - Smack check on file locking
1406 * @file: the object
251a2a95 1407 * @cmd: unused
e114e473 1408 *
c0ab6e56 1409 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1410 */
1411static int smack_file_lock(struct file *file, unsigned int cmd)
1412{
ecfcc53f 1413 struct smk_audit_info ad;
d166c802 1414 int rc;
ecfcc53f 1415
92f42509
EP		 1416 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1417 smk_ad_setfield_u_fs_path(&ad, file->f_path);
d166c802
CS		 1418 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1419 rc = smk_bu_file(file, MAY_LOCK, rc);
1420 return rc;
e114e473
CS		 1421}
1422
1423/**
1424 * smack_file_fcntl - Smack check on fcntl
1425 * @file: the object
1426 * @cmd: what action to check
1427 * @arg: unused
1428 *
531f1d45
CS		 1429 * Generally these operations are harmless.
1430 * File locking operations present an obvious mechanism
1431 * for passing information, so they require write access.
1432 *
e114e473
CS		 1433 * Returns 0 if current has access, error code otherwise
1434 */
1435static int smack_file_fcntl(struct file *file, unsigned int cmd,
1436 unsigned long arg)
1437{
ecfcc53f 1438 struct smk_audit_info ad;
531f1d45 1439 int rc = 0;
e114e473 1440
ecfcc53f 1441
e114e473 1442 switch (cmd) {
e114e473 1443 case F_GETLK:
c0ab6e56 1444 break;
e114e473
CS		 1445 case F_SETLK:
1446 case F_SETLKW:
c0ab6e56
CS		 1447 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1448 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1449 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
d166c802 1450 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1451 break;
e114e473
CS		 1452 case F_SETOWN:
1453 case F_SETSIG:
531f1d45
CS		 1454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1455 smk_ad_setfield_u_fs_path(&ad, file->f_path);
ecfcc53f 1456 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
d166c802 1457 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1458 break;
1459 default:
531f1d45 1460 break;
e114e473
CS		 1461 }
1462
1463 return rc;
1464}
1465
7898e1f8 1466/**
e5467859 1467 * smack_mmap_file :
7898e1f8
CS		 1468 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1469 * if mapping anonymous memory.
1470 * @file contains the file structure for file to map (may be NULL).
1471 * @reqprot contains the protection requested by the application.
1472 * @prot contains the protection that will be applied by the kernel.
1473 * @flags contains the operational flags.
1474 * Return 0 if permission is granted.
1475 */
e5467859 1476static int smack_mmap_file(struct file *file,
7898e1f8 1477 unsigned long reqprot, unsigned long prot,
e5467859 1478 unsigned long flags)
7898e1f8 1479{
272cd7a8 1480 struct smack_known *skp;
2f823ff8 1481 struct smack_known *mkp;
7898e1f8
CS		 1482 struct smack_rule *srp;
1483 struct task_smack *tsp;
21c7eae2 1484 struct smack_known *okp;
7898e1f8 1485 struct inode_smack *isp;
0e0a070d
CS		 1486 int may;
1487 int mmay;
1488 int tmay;
7898e1f8
CS		 1489 int rc;
1490
496ad9aa 1491 if (file == NULL)
7898e1f8
CS		 1492 return 0;
1493
496ad9aa 1494 isp = file_inode(file)->i_security;
7898e1f8
CS		 1495 if (isp->smk_mmap == NULL)
1496 return 0;
2f823ff8 1497 mkp = isp->smk_mmap;
7898e1f8
CS		 1498
1499 tsp = current_security();
2f823ff8 1500 skp = smk_of_current();
7898e1f8
CS		 1501 rc = 0;
1502
1503 rcu_read_lock();
1504 /*
1505 * For each Smack rule associated with the subject
1506 * label verify that the SMACK64MMAP also has access
1507 * to that rule's object label.
7898e1f8 1508 */
272cd7a8 1509 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1510 okp = srp->smk_object;
7898e1f8
CS		 1511 /*
1512 * Matching labels always allows access.
1513 */
21c7eae2 1514 if (mkp->smk_known == okp->smk_known)
7898e1f8 1515 continue;
0e0a070d
CS		 1516 /*
1517 * If there is a matching local rule take
1518 * that into account as well.
1519 */
21c7eae2
LP		 1520 may = smk_access_entry(srp->smk_subject->smk_known,
1521 okp->smk_known,
1522 &tsp->smk_rules);
0e0a070d
CS		 1523 if (may == -ENOENT)
1524 may = srp->smk_access;
1525 else
1526 may &= srp->smk_access;
1527 /*
1528 * If may is zero the SMACK64MMAP subject can't
1529 * possibly have less access.
1530 */
1531 if (may == 0)
1532 continue;
1533
1534 /*
1535 * Fetch the global list entry.
1536 * If there isn't one a SMACK64MMAP subject
1537 * can't have as much access as current.
1538 */
21c7eae2
LP		 1539 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1540 &mkp->smk_rules);
0e0a070d
CS		 1541 if (mmay == -ENOENT) {
1542 rc = -EACCES;
1543 break;
1544 }
1545 /*
1546 * If there is a local entry it modifies the
1547 * potential access, too.
1548 */
21c7eae2
LP		 1549 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1550 &tsp->smk_rules);
0e0a070d
CS		 1551 if (tmay != -ENOENT)
1552 mmay &= tmay;
7898e1f8 1553
0e0a070d
CS		 1554 /*
1555 * If there is any access available to current that is
1556 * not available to a SMACK64MMAP subject
1557 * deny access.
1558 */
75a25637 1559 if ((may | mmay) != mmay) {
0e0a070d 1560 rc = -EACCES;
7898e1f8 1561 break;
0e0a070d 1562 }
7898e1f8
CS		 1563 }
1564
1565 rcu_read_unlock();
1566
1567 return rc;
1568}
1569
e114e473
CS		 1570/**
1571 * smack_file_set_fowner - set the file security blob value
1572 * @file: object in question
1573 *
1574 * Returns 0
1575 * Further research may be required on this one.
1576 */
e0b93edd 1577static void smack_file_set_fowner(struct file *file)
e114e473 1578{
2f823ff8
CS		 1579 struct smack_known *skp = smk_of_current();
1580
21c7eae2 1581 file->f_security = skp;
e114e473
CS		 1582}
1583
1584/**
1585 * smack_file_send_sigiotask - Smack on sigio
1586 * @tsk: The target task
1587 * @fown: the object the signal come from
1588 * @signum: unused
1589 *
1590 * Allow a privileged task to get signals even if it shouldn't
1591 *
1592 * Returns 0 if a subject with the object's smack could
1593 * write to the task, an error code otherwise.
1594 */
1595static int smack_file_send_sigiotask(struct task_struct *tsk,
1596 struct fown_struct *fown, int signum)
1597{
2f823ff8
CS		 1598 struct smack_known *skp;
1599 struct smack_known *tkp = smk_of_task(tsk->cred->security);
e114e473
CS		 1600 struct file *file;
1601 int rc;
ecfcc53f 1602 struct smk_audit_info ad;
e114e473
CS		 1603
1604 /*
1605 * struct fown_struct is never outside the context of a struct file
1606 */
1607 file = container_of(fown, struct file, f_owner);
7898e1f8 1608
ecfcc53f 1609 /* we don't log here as rc can be overriden */
21c7eae2
LP		 1610 skp = file->f_security;
1611 rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1612 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
5cd9c58f 1613 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1614 rc = 0;
1615
1616 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1617 smk_ad_setfield_u_tsk(&ad, tsk);
21c7eae2 1618 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
e114e473
CS		 1619 return rc;
1620}
1621
1622/**
1623 * smack_file_receive - Smack file receive check
1624 * @file: the object
1625 *
1626 * Returns 0 if current has access, error code otherwise
1627 */
1628static int smack_file_receive(struct file *file)
1629{
d166c802 1630 int rc;
e114e473 1631 int may = 0;
ecfcc53f 1632 struct smk_audit_info ad;
e114e473 1633
4482a44f 1634 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1635 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473
CS		 1636 /*
1637 * This code relies on bitmasks.
1638 */
1639 if (file->f_mode & FMODE_READ)
1640 may = MAY_READ;
1641 if (file->f_mode & FMODE_WRITE)
1642 may |= MAY_WRITE;
1643
d166c802
CS		 1644 rc = smk_curacc(file->f_security, may, &ad);
1645 rc = smk_bu_file(file, may, rc);
1646 return rc;
e114e473
CS		 1647}
1648
531f1d45 1649/**
83d49856 1650 * smack_file_open - Smack dentry open processing
531f1d45 1651 * @file: the object
a6834c0b 1652 * @cred: task credential
531f1d45
CS		 1653 *
1654 * Set the security blob in the file structure.
a6834c0b
CS		 1655 * Allow the open only if the task has read access. There are
1656 * many read operations (e.g. fstat) that you can do with an
1657 * fd even if you have the file open write-only.
531f1d45
CS		 1658 *
1659 * Returns 0
1660 */
83d49856 1661static int smack_file_open(struct file *file, const struct cred *cred)
531f1d45 1662{
a6834c0b 1663 struct task_smack *tsp = cred->security;
496ad9aa 1664 struct inode_smack *isp = file_inode(file)->i_security;
a6834c0b
CS		 1665 struct smk_audit_info ad;
1666 int rc;
531f1d45 1667
d83d2c26
MN		 1668 if (smack_privileged(CAP_MAC_OVERRIDE)) {
1669 file->f_security = isp->smk_inode;
a6834c0b 1670 return 0;
d83d2c26 1671 }
531f1d45 1672
a6834c0b
CS		 1673 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1674 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1675 rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
d166c802 1676 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
a6834c0b
CS		 1677 if (rc == 0)
1678 file->f_security = isp->smk_inode;
1679
1680 return rc;
531f1d45
CS		 1681}
1682
e114e473
CS		 1683/*
1684 * Task hooks
1685 */
1686
ee18d64c
DH		 1687/**
1688 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1689 * @new: the new credentials
1690 * @gfp: the atomicity of any memory allocations
1691 *
1692 * Prepare a blank set of credentials for modification. This must allocate all
1693 * the memory the LSM module might require such that cred_transfer() can
1694 * complete without error.
1695 */
1696static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1697{
7898e1f8
CS		 1698 struct task_smack *tsp;
1699
1700 tsp = new_task_smack(NULL, NULL, gfp);
1701 if (tsp == NULL)
676dac4b 1702 return -ENOMEM;
7898e1f8
CS		 1703
1704 cred->security = tsp;
1705
ee18d64c
DH		 1706 return 0;
1707}
1708
1709
e114e473 1710/**
f1752eec
DH		 1711 * smack_cred_free - "free" task-level security credentials
1712 * @cred: the credentials in question
e114e473 1713 *
e114e473 1714 */
f1752eec 1715static void smack_cred_free(struct cred *cred)
e114e473 1716{
7898e1f8
CS		 1717 struct task_smack *tsp = cred->security;
1718 struct smack_rule *rp;
1719 struct list_head *l;
1720 struct list_head *n;
1721
1722 if (tsp == NULL)
1723 return;
1724 cred->security = NULL;
1725
1726 list_for_each_safe(l, n, &tsp->smk_rules) {
1727 rp = list_entry(l, struct smack_rule, list);
1728 list_del(&rp->list);
1729 kfree(rp);
1730 }
1731 kfree(tsp);
e114e473
CS		 1732}
1733
d84f4f99
DH		 1734/**
1735 * smack_cred_prepare - prepare new set of credentials for modification
1736 * @new: the new credentials
1737 * @old: the original credentials
1738 * @gfp: the atomicity of any memory allocations
1739 *
1740 * Prepare a new set of credentials for modification.
1741 */
1742static int smack_cred_prepare(struct cred *new, const struct cred *old,
1743 gfp_t gfp)
1744{
676dac4b
CS		 1745 struct task_smack *old_tsp = old->security;
1746 struct task_smack *new_tsp;
7898e1f8 1747 int rc;
676dac4b 1748
7898e1f8 1749 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1750 if (new_tsp == NULL)
1751 return -ENOMEM;
1752
7898e1f8
CS		 1753 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1754 if (rc != 0)
1755 return rc;
1756
676dac4b 1757 new->security = new_tsp;
d84f4f99
DH		 1758 return 0;
1759}
1760
ee18d64c
DH		 1761/**
1762 * smack_cred_transfer - Transfer the old credentials to the new credentials
1763 * @new: the new credentials
1764 * @old: the original credentials
1765 *
1766 * Fill in a set of blank credentials from another set of credentials.
1767 */
1768static void smack_cred_transfer(struct cred *new, const struct cred *old)
1769{
676dac4b
CS		 1770 struct task_smack *old_tsp = old->security;
1771 struct task_smack *new_tsp = new->security;
1772
1773 new_tsp->smk_task = old_tsp->smk_task;
1774 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1775 mutex_init(&new_tsp->smk_rules_lock);
1776 INIT_LIST_HEAD(&new_tsp->smk_rules);
1777
1778
1779 /* cbs copy rule list */
ee18d64c
DH		 1780}
1781
3a3b7ce9
DH		 1782/**
1783 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 1784 * @new: points to the set of credentials to be modified.
1785 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 1786 *
1787 * Set the security data for a kernel service.
1788 */
1789static int smack_kernel_act_as(struct cred *new, u32 secid)
1790{
676dac4b 1791 struct task_smack *new_tsp = new->security;
2f823ff8 1792 struct smack_known *skp = smack_from_secid(secid);
3a3b7ce9 1793
2f823ff8 1794 if (skp == NULL)
3a3b7ce9
DH		 1795 return -EINVAL;
1796
2f823ff8 1797 new_tsp->smk_task = skp;
3a3b7ce9
DH		 1798 return 0;
1799}
1800
1801/**
1802 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 1803 * @new: points to the set of credentials to be modified
1804 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 1805 *
1806 * Set the file creation context in a set of credentials to the same
1807 * as the objective context of the specified inode
1808 */
1809static int smack_kernel_create_files_as(struct cred *new,
1810 struct inode *inode)
1811{
1812 struct inode_smack *isp = inode->i_security;
676dac4b 1813 struct task_smack *tsp = new->security;
3a3b7ce9 1814
21c7eae2 1815 tsp->smk_forked = isp->smk_inode;
2f823ff8 1816 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 1817 return 0;
1818}
1819
ecfcc53f
EB		 1820/**
1821 * smk_curacc_on_task - helper to log task related access
1822 * @p: the task object
531f1d45
CS		 1823 * @access: the access requested
1824 * @caller: name of the calling function for audit
ecfcc53f
EB		 1825 *
1826 * Return 0 if access is permitted
1827 */
531f1d45
CS		 1828static int smk_curacc_on_task(struct task_struct *p, int access,
1829 const char *caller)
ecfcc53f
EB		 1830{
1831 struct smk_audit_info ad;
2f823ff8 1832 struct smack_known *skp = smk_of_task(task_security(p));
d166c802 1833 int rc;
ecfcc53f 1834
531f1d45 1835 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 1836 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 1837 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 1838 rc = smk_bu_task(p, access, rc);
1839 return rc;
ecfcc53f
EB		 1840}
1841
e114e473
CS		 1842/**
1843 * smack_task_setpgid - Smack check on setting pgid
1844 * @p: the task object
1845 * @pgid: unused
1846 *
1847 * Return 0 if write access is permitted
1848 */
1849static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1850{
531f1d45 1851 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1852}
1853
1854/**
1855 * smack_task_getpgid - Smack access check for getpgid
1856 * @p: the object task
1857 *
1858 * Returns 0 if current can read the object task, error code otherwise
1859 */
1860static int smack_task_getpgid(struct task_struct *p)
1861{
531f1d45 1862 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1863}
1864
1865/**
1866 * smack_task_getsid - Smack access check for getsid
1867 * @p: the object task
1868 *
1869 * Returns 0 if current can read the object task, error code otherwise
1870 */
1871static int smack_task_getsid(struct task_struct *p)
1872{
531f1d45 1873 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1874}
1875
1876/**
1877 * smack_task_getsecid - get the secid of the task
1878 * @p: the object task
1879 * @secid: where to put the result
1880 *
1881 * Sets the secid to contain a u32 version of the smack label.
1882 */
1883static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1884{
2f823ff8
CS		 1885 struct smack_known *skp = smk_of_task(task_security(p));
1886
1887 *secid = skp->smk_secid;
e114e473
CS		 1888}
1889
1890/**
1891 * smack_task_setnice - Smack check on setting nice
1892 * @p: the task object
1893 * @nice: unused
1894 *
1895 * Return 0 if write access is permitted
1896 */
1897static int smack_task_setnice(struct task_struct *p, int nice)
1898{
bcdca225
CS		 1899 int rc;
1900
1901 rc = cap_task_setnice(p, nice);
1902 if (rc == 0)
531f1d45 1903 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1904 return rc;
e114e473
CS		 1905}
1906
1907/**
1908 * smack_task_setioprio - Smack check on setting ioprio
1909 * @p: the task object
1910 * @ioprio: unused
1911 *
1912 * Return 0 if write access is permitted
1913 */
1914static int smack_task_setioprio(struct task_struct *p, int ioprio)
1915{
bcdca225
CS		 1916 int rc;
1917
1918 rc = cap_task_setioprio(p, ioprio);
1919 if (rc == 0)
531f1d45 1920 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1921 return rc;
e114e473
CS		 1922}
1923
1924/**
1925 * smack_task_getioprio - Smack check on reading ioprio
1926 * @p: the task object
1927 *
1928 * Return 0 if read access is permitted
1929 */
1930static int smack_task_getioprio(struct task_struct *p)
1931{
531f1d45 1932 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1933}
1934
1935/**
1936 * smack_task_setscheduler - Smack check on setting scheduler
1937 * @p: the task object
1938 * @policy: unused
1939 * @lp: unused
1940 *
1941 * Return 0 if read access is permitted
1942 */
b0ae1981 1943static int smack_task_setscheduler(struct task_struct *p)
e114e473 1944{
bcdca225
CS		 1945 int rc;
1946
b0ae1981 1947 rc = cap_task_setscheduler(p);
bcdca225 1948 if (rc == 0)
531f1d45 1949 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1950 return rc;
e114e473
CS		 1951}
1952
1953/**
1954 * smack_task_getscheduler - Smack check on reading scheduler
1955 * @p: the task object
1956 *
1957 * Return 0 if read access is permitted
1958 */
1959static int smack_task_getscheduler(struct task_struct *p)
1960{
531f1d45 1961 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1962}
1963
1964/**
1965 * smack_task_movememory - Smack check on moving memory
1966 * @p: the task object
1967 *
1968 * Return 0 if write access is permitted
1969 */
1970static int smack_task_movememory(struct task_struct *p)
1971{
531f1d45 1972 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1973}
1974
1975/**
1976 * smack_task_kill - Smack check on signal delivery
1977 * @p: the task object
1978 * @info: unused
1979 * @sig: unused
1980 * @secid: identifies the smack to use in lieu of current's
1981 *
1982 * Return 0 if write access is permitted
1983 *
1984 * The secid behavior is an artifact of an SELinux hack
1985 * in the USB code. Someday it may go away.
1986 */
1987static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1988 int sig, u32 secid)
1989{
ecfcc53f 1990 struct smk_audit_info ad;
2f823ff8
CS		 1991 struct smack_known *skp;
1992 struct smack_known *tkp = smk_of_task(task_security(p));
d166c802 1993 int rc;
ecfcc53f
EB		 1994
1995 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1996 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 1997 /*
1998 * Sending a signal requires that the sender
1999 * can write the receiver.
2000 */
d166c802 2001 if (secid == 0) {
21c7eae2 2002 rc = smk_curacc(tkp, MAY_WRITE, &ad);
d166c802
CS		 2003 rc = smk_bu_task(p, MAY_WRITE, rc);
2004 return rc;
2005 }
e114e473
CS		 2006 /*
2007 * If the secid isn't 0 we're dealing with some USB IO
2008 * specific behavior. This is not clean. For one thing
2009 * we can't take privilege into account.
2010 */
2f823ff8 2011 skp = smack_from_secid(secid);
21c7eae2
LP		 2012 rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2013 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
d166c802 2014 return rc;
e114e473
CS		 2015}
2016
2017/**
2018 * smack_task_wait - Smack access check for waiting
2019 * @p: task to wait for
2020 *
c00bedb3 2021 * Returns 0
e114e473
CS		 2022 */
2023static int smack_task_wait(struct task_struct *p)
2024{
e114e473 2025 /*
c00bedb3
CS		 2026 * Allow the operation to succeed.
2027 * Zombies are bad.
2028 * In userless environments (e.g. phones) programs
2029 * get marked with SMACK64EXEC and even if the parent
2030 * and child shouldn't be talking the parent still
2031 * may expect to know when the child exits.
e114e473 2032 */
c00bedb3 2033 return 0;
e114e473
CS		 2034}
2035
2036/**
2037 * smack_task_to_inode - copy task smack into the inode blob
2038 * @p: task to copy from
251a2a95 2039 * @inode: inode to copy to
e114e473
CS		 2040 *
2041 * Sets the smack pointer in the inode security blob
2042 */
2043static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2044{
2045 struct inode_smack *isp = inode->i_security;
2f823ff8
CS		 2046 struct smack_known *skp = smk_of_task(task_security(p));
2047
21c7eae2 2048 isp->smk_inode = skp;
e114e473
CS		 2049}
2050
2051/*
2052 * Socket hooks.
2053 */
2054
2055/**
2056 * smack_sk_alloc_security - Allocate a socket blob
2057 * @sk: the socket
2058 * @family: unused
251a2a95 2059 * @gfp_flags: memory allocation flags
e114e473
CS		 2060 *
2061 * Assign Smack pointers to current
2062 *
2063 * Returns 0 on success, -ENOMEM is there's no memory
2064 */
2065static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2066{
2f823ff8 2067 struct smack_known *skp = smk_of_current();
e114e473
CS		 2068 struct socket_smack *ssp;
2069
2070 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2071 if (ssp == NULL)
2072 return -ENOMEM;
2073
54e70ec5 2074 ssp->smk_in = skp;
2f823ff8 2075 ssp->smk_out = skp;
272cd7a8 2076 ssp->smk_packet = NULL;
e114e473
CS		 2077
2078 sk->sk_security = ssp;
2079
2080 return 0;
2081}
2082
2083/**
2084 * smack_sk_free_security - Free a socket blob
2085 * @sk: the socket
2086 *
2087 * Clears the blob pointer
2088 */
2089static void smack_sk_free_security(struct sock *sk)
2090{
2091 kfree(sk->sk_security);
2092}
2093
07feee8f
PM		 2094/**
2095* smack_host_label - check host based restrictions
2096* @sip: the object end
2097*
2098* looks for host based access restrictions
2099*
2100* This version will only be appropriate for really small sets of single label
2101* hosts. The caller is responsible for ensuring that the RCU read lock is
2102* taken before calling this function.
2103*
2104* Returns the label of the far end or NULL if it's not special.
2105*/
21c7eae2 2106static struct smack_known *smack_host_label(struct sockaddr_in *sip)
07feee8f
PM		 2107{
2108 struct smk_netlbladdr *snp;
2109 struct in_addr *siap = &sip->sin_addr;
2110
2111 if (siap->s_addr == 0)
2112 return NULL;
2113
2114 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2115 /*
2116 * we break after finding the first match because
2117 * the list is sorted from longest to shortest mask
2118 * so we have found the most specific match
2119 */
2120 if ((&snp->smk_host.sin_addr)->s_addr ==
4303154e
EB		 2121 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2122 /* we have found the special CIPSO option */
21c7eae2 2123 if (snp->smk_label == &smack_cipso_option)
4303154e 2124 return NULL;
07feee8f 2125 return snp->smk_label;
4303154e 2126 }
07feee8f
PM		 2127
2128 return NULL;
2129}
2130
e114e473
CS		 2131/**
2132 * smack_netlabel - Set the secattr on a socket
2133 * @sk: the socket
6d3dc07c 2134 * @labeled: socket label scheme
e114e473
CS		 2135 *
2136 * Convert the outbound smack value (smk_out) to a
2137 * secattr and attach it to the socket.
2138 *
2139 * Returns 0 on success or an error code
2140 */
6d3dc07c 2141static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2142{
f7112e6c 2143 struct smack_known *skp;
07feee8f 2144 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2145 int rc = 0;
e114e473 2146
6d3dc07c
CS		 2147 /*
2148 * Usually the netlabel code will handle changing the
2149 * packet labeling based on the label.
2150 * The case of a single label host is different, because
2151 * a single label host should never get a labeled packet
2152 * even though the label is usually associated with a packet
2153 * label.
2154 */
2155 local_bh_disable();
2156 bh_lock_sock_nested(sk);
2157
2158 if (ssp->smk_out == smack_net_ambient ||
2159 labeled == SMACK_UNLABELED_SOCKET)
2160 netlbl_sock_delattr(sk);
2161 else {
2f823ff8 2162 skp = ssp->smk_out;
f7112e6c 2163 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2164 }
2165
2166 bh_unlock_sock(sk);
2167 local_bh_enable();
4bc87e62 2168
e114e473
CS		 2169 return rc;
2170}
2171
07feee8f
PM		 2172/**
2173 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2174 * @sk: the socket
2175 * @sap: the destination address
2176 *
2177 * Set the correct secattr for the given socket based on the destination
2178 * address and perform any outbound access checks needed.
2179 *
2180 * Returns 0 on success or an error code.
2181 *
2182 */
2183static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2184{
2f823ff8 2185 struct smack_known *skp;
07feee8f
PM		 2186 int rc;
2187 int sk_lbl;
21c7eae2 2188 struct smack_known *hkp;
07feee8f 2189 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2190 struct smk_audit_info ad;
07feee8f
PM		 2191
2192 rcu_read_lock();
21c7eae2
LP		 2193 hkp = smack_host_label(sap);
2194 if (hkp != NULL) {
ecfcc53f 2195#ifdef CONFIG_AUDIT
923e9a13
KC		 2196 struct lsm_network_audit net;
2197
48c62af6
EP		 2198 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2199 ad.a.u.net->family = sap->sin_family;
2200 ad.a.u.net->dport = sap->sin_port;
2201 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2202#endif
923e9a13 2203 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2204 skp = ssp->smk_out;
21c7eae2
LP		 2205 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2206 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2207 } else {
2208 sk_lbl = SMACK_CIPSO_SOCKET;
2209 rc = 0;
2210 }
2211 rcu_read_unlock();
2212 if (rc != 0)
2213 return rc;
2214
2215 return smack_netlabel(sk, sk_lbl);
2216}
2217
c6739443
CS		 2218/**
2219 * smk_ipv6_port_label - Smack port access table management
2220 * @sock: socket
2221 * @address: address
2222 *
2223 * Create or update the port list entry
2224 */
2225static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2226{
2227 struct sock *sk = sock->sk;
2228 struct sockaddr_in6 *addr6;
2229 struct socket_smack *ssp = sock->sk->sk_security;
2230 struct smk_port_label *spp;
2231 unsigned short port = 0;
2232
2233 if (address == NULL) {
2234 /*
2235 * This operation is changing the Smack information
2236 * on the bound socket. Take the changes to the port
2237 * as well.
2238 */
2239 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2240 if (sk != spp->smk_sock)
2241 continue;
2242 spp->smk_in = ssp->smk_in;
2243 spp->smk_out = ssp->smk_out;
2244 return;
2245 }
2246 /*
2247 * A NULL address is only used for updating existing
2248 * bound entries. If there isn't one, it's OK.
2249 */
2250 return;
2251 }
2252
2253 addr6 = (struct sockaddr_in6 *)address;
2254 port = ntohs(addr6->sin6_port);
2255 /*
2256 * This is a special case that is safely ignored.
2257 */
2258 if (port == 0)
2259 return;
2260
2261 /*
2262 * Look for an existing port list entry.
2263 * This is an indication that a port is getting reused.
2264 */
2265 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2266 if (spp->smk_port != port)
2267 continue;
2268 spp->smk_port = port;
2269 spp->smk_sock = sk;
2270 spp->smk_in = ssp->smk_in;
2271 spp->smk_out = ssp->smk_out;
2272 return;
2273 }
2274
2275 /*
2276 * A new port entry is required.
2277 */
2278 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2279 if (spp == NULL)
2280 return;
2281
2282 spp->smk_port = port;
2283 spp->smk_sock = sk;
2284 spp->smk_in = ssp->smk_in;
2285 spp->smk_out = ssp->smk_out;
2286
2287 list_add(&spp->list, &smk_ipv6_port_list);
2288 return;
2289}
2290
2291/**
2292 * smk_ipv6_port_check - check Smack port access
2293 * @sock: socket
2294 * @address: address
2295 *
2296 * Create or update the port list entry
2297 */
6ea06247 2298static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2299 int act)
2300{
2301 __be16 *bep;
2302 __be32 *be32p;
c6739443
CS		 2303 struct smk_port_label *spp;
2304 struct socket_smack *ssp = sk->sk_security;
2f823ff8 2305 struct smack_known *skp;
c6739443 2306 unsigned short port = 0;
21c7eae2 2307 struct smack_known *object;
c6739443 2308 struct smk_audit_info ad;
d166c802 2309 int rc;
c6739443
CS		 2310#ifdef CONFIG_AUDIT
2311 struct lsm_network_audit net;
2312#endif
2313
2314 if (act == SMK_RECEIVING) {
2f823ff8 2315 skp = smack_net_ambient;
21c7eae2 2316 object = ssp->smk_in;
c6739443 2317 } else {
2f823ff8 2318 skp = ssp->smk_out;
21c7eae2 2319 object = smack_net_ambient;
c6739443
CS		 2320 }
2321
2322 /*
2323 * Get the IP address and port from the address.
2324 */
6ea06247
CS		 2325 port = ntohs(address->sin6_port);
2326 bep = (__be16 *)(&address->sin6_addr);
2327 be32p = (__be32 *)(&address->sin6_addr);
c6739443
CS		 2328
2329 /*
2330 * It's remote, so port lookup does no good.
2331 */
2332 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2333 goto auditout;
2334
2335 /*
2336 * It's local so the send check has to have passed.
2337 */
2338 if (act == SMK_RECEIVING) {
2f823ff8 2339 skp = &smack_known_web;
c6739443
CS		 2340 goto auditout;
2341 }
2342
2343 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2344 if (spp->smk_port != port)
2345 continue;
21c7eae2 2346 object = spp->smk_in;
c6739443 2347 if (act == SMK_CONNECTING)
54e70ec5 2348 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2349 break;
2350 }
2351
2352auditout:
2353
2354#ifdef CONFIG_AUDIT
2355 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2356 ad.a.u.net->family = sk->sk_family;
2357 ad.a.u.net->dport = port;
2358 if (act == SMK_RECEIVING)
6ea06247 2359 ad.a.u.net->v6info.saddr = address->sin6_addr;
c6739443 2360 else
6ea06247 2361 ad.a.u.net->v6info.daddr = address->sin6_addr;
c6739443 2362#endif
d166c802
CS		 2363 rc = smk_access(skp, object, MAY_WRITE, &ad);
2364 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2365 return rc;
c6739443
CS		 2366}
2367
e114e473
CS		 2368/**
2369 * smack_inode_setsecurity - set smack xattrs
2370 * @inode: the object
2371 * @name: attribute name
2372 * @value: attribute value
2373 * @size: size of the attribute
2374 * @flags: unused
2375 *
2376 * Sets the named attribute in the appropriate blob
2377 *
2378 * Returns 0 on success, or an error code
2379 */
2380static int smack_inode_setsecurity(struct inode *inode, const char *name,
2381 const void *value, size_t size, int flags)
2382{
2f823ff8 2383 struct smack_known *skp;
e114e473
CS		 2384 struct inode_smack *nsp = inode->i_security;
2385 struct socket_smack *ssp;
2386 struct socket *sock;
4bc87e62 2387 int rc = 0;
e114e473 2388
f7112e6c 2389 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2390 return -EINVAL;
e114e473 2391
2f823ff8
CS		 2392 skp = smk_import_entry(value, size);
2393 if (skp == NULL)
e114e473
CS		 2394 return -EINVAL;
2395
2396 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2397 nsp->smk_inode = skp;
ddd29ec6 2398 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2399 return 0;
2400 }
2401 /*
2402 * The rest of the Smack xattrs are only on sockets.
2403 */
2404 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2405 return -EOPNOTSUPP;
2406
2407 sock = SOCKET_I(inode);
2e1d146a 2408 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2409 return -EOPNOTSUPP;
2410
2411 ssp = sock->sk->sk_security;
2412
2413 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2414 ssp->smk_in = skp;
e114e473 2415 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2416 ssp->smk_out = skp;
c6739443 2417 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2418 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2419 if (rc != 0)
2420 printk(KERN_WARNING
2421 "Smack: \"%s\" netlbl error %d.\n",
2422 __func__, -rc);
2423 }
e114e473
CS		 2424 } else
2425 return -EOPNOTSUPP;
2426
c6739443
CS		 2427 if (sock->sk->sk_family == PF_INET6)
2428 smk_ipv6_port_label(sock, NULL);
2429
e114e473
CS		 2430 return 0;
2431}
2432
2433/**
2434 * smack_socket_post_create - finish socket setup
2435 * @sock: the socket
2436 * @family: protocol family
2437 * @type: unused
2438 * @protocol: unused
2439 * @kern: unused
2440 *
2441 * Sets the netlabel information on the socket
2442 *
2443 * Returns 0 on success, and error code otherwise
2444 */
2445static int smack_socket_post_create(struct socket *sock, int family,
2446 int type, int protocol, int kern)
2447{
2e1d146a 2448 if (family != PF_INET || sock->sk == NULL)
e114e473
CS		 2449 return 0;
2450 /*
2451 * Set the outbound netlbl.
2452 */
6d3dc07c
CS		 2453 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2454}
2455
c6739443
CS		 2456/**
2457 * smack_socket_bind - record port binding information.
2458 * @sock: the socket
2459 * @address: the port address
2460 * @addrlen: size of the address
2461 *
2462 * Records the label bound to a port.
2463 *
2464 * Returns 0
2465 */
2466static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2467 int addrlen)
2468{
2469 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2470 smk_ipv6_port_label(sock, address);
2471
2472 return 0;
2473}
2474
6d3dc07c
CS		 2475/**
2476 * smack_socket_connect - connect access check
2477 * @sock: the socket
2478 * @sap: the other end
2479 * @addrlen: size of sap
2480 *
2481 * Verifies that a connection may be possible
2482 *
2483 * Returns 0 on success, and error code otherwise
2484 */
2485static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2486 int addrlen)
2487{
c6739443
CS		 2488 int rc = 0;
2489
2490 if (sock->sk == NULL)
6d3dc07c 2491 return 0;
6d3dc07c 2492
c6739443
CS		 2493 switch (sock->sk->sk_family) {
2494 case PF_INET:
2495 if (addrlen < sizeof(struct sockaddr_in))
2496 return -EINVAL;
2497 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2498 break;
2499 case PF_INET6:
2500 if (addrlen < sizeof(struct sockaddr_in6))
2501 return -EINVAL;
6ea06247
CS		 2502 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2503 SMK_CONNECTING);
c6739443
CS		 2504 break;
2505 }
2506 return rc;
e114e473
CS		 2507}
2508
2509/**
2510 * smack_flags_to_may - convert S_ to MAY_ values
2511 * @flags: the S_ value
2512 *
2513 * Returns the equivalent MAY_ value
2514 */
2515static int smack_flags_to_may(int flags)
2516{
2517 int may = 0;
2518
2519 if (flags & S_IRUGO)
2520 may |= MAY_READ;
2521 if (flags & S_IWUGO)
2522 may |= MAY_WRITE;
2523 if (flags & S_IXUGO)
2524 may |= MAY_EXEC;
2525
2526 return may;
2527}
2528
2529/**
2530 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2531 * @msg: the object
2532 *
2533 * Returns 0
2534 */
2535static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2536{
2f823ff8
CS		 2537 struct smack_known *skp = smk_of_current();
2538
21c7eae2 2539 msg->security = skp;
e114e473
CS		 2540 return 0;
2541}
2542
2543/**
2544 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2545 * @msg: the object
2546 *
2547 * Clears the blob pointer
2548 */
2549static void smack_msg_msg_free_security(struct msg_msg *msg)
2550{
2551 msg->security = NULL;
2552}
2553
2554/**
2555 * smack_of_shm - the smack pointer for the shm
2556 * @shp: the object
2557 *
2558 * Returns a pointer to the smack value
2559 */
21c7eae2 2560static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
e114e473 2561{
21c7eae2 2562 return (struct smack_known *)shp->shm_perm.security;
e114e473
CS		 2563}
2564
2565/**
2566 * smack_shm_alloc_security - Set the security blob for shm
2567 * @shp: the object
2568 *
2569 * Returns 0
2570 */
2571static int smack_shm_alloc_security(struct shmid_kernel *shp)
2572{
2573 struct kern_ipc_perm *isp = &shp->shm_perm;
2f823ff8 2574 struct smack_known *skp = smk_of_current();
e114e473 2575
21c7eae2 2576 isp->security = skp;
e114e473
CS		 2577 return 0;
2578}
2579
2580/**
2581 * smack_shm_free_security - Clear the security blob for shm
2582 * @shp: the object
2583 *
2584 * Clears the blob pointer
2585 */
2586static void smack_shm_free_security(struct shmid_kernel *shp)
2587{
2588 struct kern_ipc_perm *isp = &shp->shm_perm;
2589
2590 isp->security = NULL;
2591}
2592
ecfcc53f
EB		 2593/**
2594 * smk_curacc_shm : check if current has access on shm
2595 * @shp : the object
2596 * @access : access requested
2597 *
2598 * Returns 0 if current has the requested access, error code otherwise
2599 */
2600static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2601{
21c7eae2 2602 struct smack_known *ssp = smack_of_shm(shp);
ecfcc53f 2603 struct smk_audit_info ad;
d166c802 2604 int rc;
ecfcc53f
EB		 2605
2606#ifdef CONFIG_AUDIT
2607 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2608 ad.a.u.ipc_id = shp->shm_perm.id;
2609#endif
d166c802
CS		 2610 rc = smk_curacc(ssp, access, &ad);
2611 rc = smk_bu_current("shm", ssp, access, rc);
2612 return rc;
ecfcc53f
EB		 2613}
2614
e114e473
CS		 2615/**
2616 * smack_shm_associate - Smack access check for shm
2617 * @shp: the object
2618 * @shmflg: access requested
2619 *
2620 * Returns 0 if current has the requested access, error code otherwise
2621 */
2622static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2623{
e114e473
CS		 2624 int may;
2625
2626 may = smack_flags_to_may(shmflg);
ecfcc53f 2627 return smk_curacc_shm(shp, may);
e114e473
CS		 2628}
2629
2630/**
2631 * smack_shm_shmctl - Smack access check for shm
2632 * @shp: the object
2633 * @cmd: what it wants to do
2634 *
2635 * Returns 0 if current has the requested access, error code otherwise
2636 */
2637static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2638{
e114e473
CS		 2639 int may;
2640
2641 switch (cmd) {
2642 case IPC_STAT:
2643 case SHM_STAT:
2644 may = MAY_READ;
2645 break;
2646 case IPC_SET:
2647 case SHM_LOCK:
2648 case SHM_UNLOCK:
2649 case IPC_RMID:
2650 may = MAY_READWRITE;
2651 break;
2652 case IPC_INFO:
2653 case SHM_INFO:
2654 /*
2655 * System level information.
2656 */
2657 return 0;
2658 default:
2659 return -EINVAL;
2660 }
ecfcc53f 2661 return smk_curacc_shm(shp, may);
e114e473
CS		 2662}
2663
2664/**
2665 * smack_shm_shmat - Smack access for shmat
2666 * @shp: the object
2667 * @shmaddr: unused
2668 * @shmflg: access requested
2669 *
2670 * Returns 0 if current has the requested access, error code otherwise
2671 */
2672static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2673 int shmflg)
2674{
e114e473
CS		 2675 int may;
2676
2677 may = smack_flags_to_may(shmflg);
ecfcc53f 2678 return smk_curacc_shm(shp, may);
e114e473
CS		 2679}
2680
2681/**
2682 * smack_of_sem - the smack pointer for the sem
2683 * @sma: the object
2684 *
2685 * Returns a pointer to the smack value
2686 */
21c7eae2 2687static struct smack_known *smack_of_sem(struct sem_array *sma)
e114e473 2688{
21c7eae2 2689 return (struct smack_known *)sma->sem_perm.security;
e114e473
CS		 2690}
2691
2692/**
2693 * smack_sem_alloc_security - Set the security blob for sem
2694 * @sma: the object
2695 *
2696 * Returns 0
2697 */
2698static int smack_sem_alloc_security(struct sem_array *sma)
2699{
2700 struct kern_ipc_perm *isp = &sma->sem_perm;
2f823ff8 2701 struct smack_known *skp = smk_of_current();
e114e473 2702
21c7eae2 2703 isp->security = skp;
e114e473
CS		 2704 return 0;
2705}
2706
2707/**
2708 * smack_sem_free_security - Clear the security blob for sem
2709 * @sma: the object
2710 *
2711 * Clears the blob pointer
2712 */
2713static void smack_sem_free_security(struct sem_array *sma)
2714{
2715 struct kern_ipc_perm *isp = &sma->sem_perm;
2716
2717 isp->security = NULL;
2718}
2719
ecfcc53f
EB		 2720/**
2721 * smk_curacc_sem : check if current has access on sem
2722 * @sma : the object
2723 * @access : access requested
2724 *
2725 * Returns 0 if current has the requested access, error code otherwise
2726 */
2727static int smk_curacc_sem(struct sem_array *sma, int access)
2728{
21c7eae2 2729 struct smack_known *ssp = smack_of_sem(sma);
ecfcc53f 2730 struct smk_audit_info ad;
d166c802 2731 int rc;
ecfcc53f
EB		 2732
2733#ifdef CONFIG_AUDIT
2734 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2735 ad.a.u.ipc_id = sma->sem_perm.id;
2736#endif
d166c802
CS		 2737 rc = smk_curacc(ssp, access, &ad);
2738 rc = smk_bu_current("sem", ssp, access, rc);
2739 return rc;
ecfcc53f
EB		 2740}
2741
e114e473
CS		 2742/**
2743 * smack_sem_associate - Smack access check for sem
2744 * @sma: the object
2745 * @semflg: access requested
2746 *
2747 * Returns 0 if current has the requested access, error code otherwise
2748 */
2749static int smack_sem_associate(struct sem_array *sma, int semflg)
2750{
e114e473
CS		 2751 int may;
2752
2753 may = smack_flags_to_may(semflg);
ecfcc53f 2754 return smk_curacc_sem(sma, may);
e114e473
CS		 2755}
2756
2757/**
2758 * smack_sem_shmctl - Smack access check for sem
2759 * @sma: the object
2760 * @cmd: what it wants to do
2761 *
2762 * Returns 0 if current has the requested access, error code otherwise
2763 */
2764static int smack_sem_semctl(struct sem_array *sma, int cmd)
2765{
e114e473
CS		 2766 int may;
2767
2768 switch (cmd) {
2769 case GETPID:
2770 case GETNCNT:
2771 case GETZCNT:
2772 case GETVAL:
2773 case GETALL:
2774 case IPC_STAT:
2775 case SEM_STAT:
2776 may = MAY_READ;
2777 break;
2778 case SETVAL:
2779 case SETALL:
2780 case IPC_RMID:
2781 case IPC_SET:
2782 may = MAY_READWRITE;
2783 break;
2784 case IPC_INFO:
2785 case SEM_INFO:
2786 /*
2787 * System level information
2788 */
2789 return 0;
2790 default:
2791 return -EINVAL;
2792 }
2793
ecfcc53f 2794 return smk_curacc_sem(sma, may);
e114e473
CS		 2795}
2796
2797/**
2798 * smack_sem_semop - Smack checks of semaphore operations
2799 * @sma: the object
2800 * @sops: unused
2801 * @nsops: unused
2802 * @alter: unused
2803 *
2804 * Treated as read and write in all cases.
2805 *
2806 * Returns 0 if access is allowed, error code otherwise
2807 */
2808static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2809 unsigned nsops, int alter)
2810{
ecfcc53f 2811 return smk_curacc_sem(sma, MAY_READWRITE);
e114e473
CS		 2812}
2813
2814/**
2815 * smack_msg_alloc_security - Set the security blob for msg
2816 * @msq: the object
2817 *
2818 * Returns 0
2819 */
2820static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2821{
2822 struct kern_ipc_perm *kisp = &msq->q_perm;
2f823ff8 2823 struct smack_known *skp = smk_of_current();
e114e473 2824
21c7eae2 2825 kisp->security = skp;
e114e473
CS		 2826 return 0;
2827}
2828
2829/**
2830 * smack_msg_free_security - Clear the security blob for msg
2831 * @msq: the object
2832 *
2833 * Clears the blob pointer
2834 */
2835static void smack_msg_queue_free_security(struct msg_queue *msq)
2836{
2837 struct kern_ipc_perm *kisp = &msq->q_perm;
2838
2839 kisp->security = NULL;
2840}
2841
2842/**
2843 * smack_of_msq - the smack pointer for the msq
2844 * @msq: the object
2845 *
21c7eae2 2846 * Returns a pointer to the smack label entry
e114e473 2847 */
21c7eae2 2848static struct smack_known *smack_of_msq(struct msg_queue *msq)
e114e473 2849{
21c7eae2 2850 return (struct smack_known *)msq->q_perm.security;
e114e473
CS		 2851}
2852
ecfcc53f
EB		 2853/**
2854 * smk_curacc_msq : helper to check if current has access on msq
2855 * @msq : the msq
2856 * @access : access requested
2857 *
2858 * return 0 if current has access, error otherwise
2859 */
2860static int smk_curacc_msq(struct msg_queue *msq, int access)
2861{
21c7eae2 2862 struct smack_known *msp = smack_of_msq(msq);
ecfcc53f 2863 struct smk_audit_info ad;
d166c802 2864 int rc;
ecfcc53f
EB		 2865
2866#ifdef CONFIG_AUDIT
2867 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2868 ad.a.u.ipc_id = msq->q_perm.id;
2869#endif
d166c802
CS		 2870 rc = smk_curacc(msp, access, &ad);
2871 rc = smk_bu_current("msq", msp, access, rc);
2872 return rc;
ecfcc53f
EB		 2873}
2874
e114e473
CS		 2875/**
2876 * smack_msg_queue_associate - Smack access check for msg_queue
2877 * @msq: the object
2878 * @msqflg: access requested
2879 *
2880 * Returns 0 if current has the requested access, error code otherwise
2881 */
2882static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2883{
e114e473
CS		 2884 int may;
2885
2886 may = smack_flags_to_may(msqflg);
ecfcc53f 2887 return smk_curacc_msq(msq, may);
e114e473
CS		 2888}
2889
2890/**
2891 * smack_msg_queue_msgctl - Smack access check for msg_queue
2892 * @msq: the object
2893 * @cmd: what it wants to do
2894 *
2895 * Returns 0 if current has the requested access, error code otherwise
2896 */
2897static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2898{
e114e473
CS		 2899 int may;
2900
2901 switch (cmd) {
2902 case IPC_STAT:
2903 case MSG_STAT:
2904 may = MAY_READ;
2905 break;
2906 case IPC_SET:
2907 case IPC_RMID:
2908 may = MAY_READWRITE;
2909 break;
2910 case IPC_INFO:
2911 case MSG_INFO:
2912 /*
2913 * System level information
2914 */
2915 return 0;
2916 default:
2917 return -EINVAL;
2918 }
2919
ecfcc53f 2920 return smk_curacc_msq(msq, may);
e114e473
CS		 2921}
2922
2923/**
2924 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2925 * @msq: the object
2926 * @msg: unused
2927 * @msqflg: access requested
2928 *
2929 * Returns 0 if current has the requested access, error code otherwise
2930 */
2931static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2932 int msqflg)
2933{
ecfcc53f 2934 int may;
e114e473 2935
ecfcc53f
EB		 2936 may = smack_flags_to_may(msqflg);
2937 return smk_curacc_msq(msq, may);
e114e473
CS		 2938}
2939
2940/**
2941 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2942 * @msq: the object
2943 * @msg: unused
2944 * @target: unused
2945 * @type: unused
2946 * @mode: unused
2947 *
2948 * Returns 0 if current has read and write access, error code otherwise
2949 */
2950static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2951 struct task_struct *target, long type, int mode)
2952{
ecfcc53f 2953 return smk_curacc_msq(msq, MAY_READWRITE);
e114e473
CS		 2954}
2955
2956/**
2957 * smack_ipc_permission - Smack access for ipc_permission()
2958 * @ipp: the object permissions
2959 * @flag: access requested
2960 *
2961 * Returns 0 if current has read and write access, error code otherwise
2962 */
2963static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2964{
21c7eae2 2965 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 2966 int may = smack_flags_to_may(flag);
2967 struct smk_audit_info ad;
d166c802 2968 int rc;
e114e473 2969
ecfcc53f
EB		 2970#ifdef CONFIG_AUDIT
2971 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2972 ad.a.u.ipc_id = ipp->id;
2973#endif
21c7eae2
LP		 2974 rc = smk_curacc(iskp, may, &ad);
2975 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 2976 return rc;
e114e473
CS		 2977}
2978
d20bdda6
AD		 2979/**
2980 * smack_ipc_getsecid - Extract smack security id
251a2a95 2981 * @ipp: the object permissions
d20bdda6
AD		 2982 * @secid: where result will be saved
2983 */
2984static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2985{
21c7eae2 2986 struct smack_known *iskp = ipp->security;
d20bdda6 2987
21c7eae2 2988 *secid = iskp->smk_secid;
d20bdda6
AD		 2989}
2990
e114e473
CS		 2991/**
2992 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 2993 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 2994 * @inode: the object
2995 *
2996 * Set the inode's security blob if it hasn't been done already.
2997 */
2998static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2999{
3000 struct super_block *sbp;
3001 struct superblock_smack *sbsp;
3002 struct inode_smack *isp;
2f823ff8
CS		 3003 struct smack_known *skp;
3004 struct smack_known *ckp = smk_of_current();
21c7eae2 3005 struct smack_known *final;
5c6d1125
JS		 3006 char trattr[TRANS_TRUE_SIZE];
3007 int transflag = 0;
2267b13a 3008 int rc;
e114e473
CS		 3009 struct dentry *dp;
3010
3011 if (inode == NULL)
3012 return;
3013
3014 isp = inode->i_security;
3015
3016 mutex_lock(&isp->smk_lock);
3017 /*
3018 * If the inode is already instantiated
3019 * take the quick way out
3020 */
3021 if (isp->smk_flags & SMK_INODE_INSTANT)
3022 goto unlockandout;
3023
3024 sbp = inode->i_sb;
3025 sbsp = sbp->s_security;
3026 /*
3027 * We're going to use the superblock default label
3028 * if there's no label on the file.
3029 */
3030 final = sbsp->smk_default;
3031
e97dcb0e
CS		 3032 /*
3033 * If this is the root inode the superblock
3034 * may be in the process of initialization.
3035 * If that is the case use the root value out
3036 * of the superblock.
3037 */
3038 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3039 switch (sbp->s_magic) {
3040 case CGROUP_SUPER_MAGIC:
36ea735b
CS		 3041 /*
3042 * The cgroup filesystem is never mounted,
3043 * so there's no opportunity to set the mount
3044 * options.
3045 */
21c7eae2
LP		 3046 sbsp->smk_root = &smack_known_star;
3047 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3048 isp->smk_inode = sbsp->smk_root;
3049 break;
3050 case TMPFS_MAGIC:
3051 /*
3052 * What about shmem/tmpfs anonymous files with dentry
3053 * obtained from d_alloc_pseudo()?
3054 */
3055 isp->smk_inode = smk_of_current();
3056 break;
3057 default:
3058 isp->smk_inode = sbsp->smk_root;
3059 break;
36ea735b 3060 }
e97dcb0e
CS		 3061 isp->smk_flags |= SMK_INODE_INSTANT;
3062 goto unlockandout;
3063 }
3064
e114e473
CS		 3065 /*
3066 * This is pretty hackish.
3067 * Casey says that we shouldn't have to do
3068 * file system specific code, but it does help
3069 * with keeping it simple.
3070 */
3071 switch (sbp->s_magic) {
3072 case SMACK_MAGIC:
36ea735b
CS		 3073 case PIPEFS_MAGIC:
3074 case SOCKFS_MAGIC:
3075 case CGROUP_SUPER_MAGIC:
e114e473 3076 /*
25985edc 3077 * Casey says that it's a little embarrassing
e114e473
CS		 3078 * that the smack file system doesn't do
3079 * extended attributes.
36ea735b 3080 *
e114e473 3081 * Casey says pipes are easy (?)
36ea735b
CS		 3082 *
3083 * Socket access is controlled by the socket
3084 * structures associated with the task involved.
3085 *
3086 * Cgroupfs is special
e114e473 3087 */
21c7eae2 3088 final = &smack_known_star;
e114e473
CS		 3089 break;
3090 case DEVPTS_SUPER_MAGIC:
3091 /*
3092 * devpts seems content with the label of the task.
3093 * Programs that change smack have to treat the
3094 * pty with respect.
3095 */
21c7eae2 3096 final = ckp;
e114e473 3097 break;
e114e473
CS		 3098 case PROC_SUPER_MAGIC:
3099 /*
3100 * Casey says procfs appears not to care.
3101 * The superblock default suffices.
3102 */
3103 break;
3104 case TMPFS_MAGIC:
3105 /*
3106 * Device labels should come from the filesystem,
3107 * but watch out, because they're volitile,
3108 * getting recreated on every reboot.
3109 */
21c7eae2 3110 final = &smack_known_star;
e114e473
CS		 3111 /*
3112 * No break.
3113 *
3114 * If a smack value has been set we want to use it,
3115 * but since tmpfs isn't giving us the opportunity
3116 * to set mount options simulate setting the
3117 * superblock default.
3118 */
3119 default:
3120 /*
3121 * This isn't an understood special case.
3122 * Get the value from the xattr.
b4e0d5f0
CS		 3123 */
3124
3125 /*
3126 * UNIX domain sockets use lower level socket data.
3127 */
3128 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3129 final = &smack_known_star;
b4e0d5f0
CS		 3130 break;
3131 }
3132 /*
e114e473
CS		 3133 * No xattr support means, alas, no SMACK label.
3134 * Use the aforeapplied default.
3135 * It would be curious if the label of the task
3136 * does not match that assigned.
3137 */
3138 if (inode->i_op->getxattr == NULL)
3139 break;
3140 /*
3141 * Get the dentry for xattr.
3142 */
3e62cbb8 3143 dp = dget(opt_dentry);
2f823ff8
CS		 3144 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3145 if (skp != NULL)
21c7eae2 3146 final = skp;
2267b13a
CS		 3147
3148 /*
3149 * Transmuting directory
3150 */
3151 if (S_ISDIR(inode->i_mode)) {
3152 /*
3153 * If this is a new directory and the label was
3154 * transmuted when the inode was initialized
3155 * set the transmute attribute on the directory
3156 * and mark the inode.
3157 *
3158 * If there is a transmute attribute on the
3159 * directory mark the inode.
3160 */
3161 if (isp->smk_flags & SMK_INODE_CHANGED) {
3162 isp->smk_flags &= ~SMK_INODE_CHANGED;
3163 rc = inode->i_op->setxattr(dp,
5c6d1125 3164 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3165 TRANS_TRUE, TRANS_TRUE_SIZE,
3166 0);
3167 } else {
3168 rc = inode->i_op->getxattr(dp,
3169 XATTR_NAME_SMACKTRANSMUTE, trattr,
3170 TRANS_TRUE_SIZE);
3171 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3172 TRANS_TRUE_SIZE) != 0)
3173 rc = -EINVAL;
5c6d1125 3174 }
2267b13a
CS		 3175 if (rc >= 0)
3176 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3177 }
19760ad0
CS		 3178 /*
3179 * Don't let the exec or mmap label be "*" or "@".
3180 */
3181 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3182 if (skp == &smack_known_star || skp == &smack_known_web)
3183 skp = NULL;
3184 isp->smk_task = skp;
3185 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3186 if (skp == &smack_known_star || skp == &smack_known_web)
3187 skp = NULL;
3188 isp->smk_mmap = skp;
676dac4b 3189
e114e473
CS		 3190 dput(dp);
3191 break;
3192 }
3193
3194 if (final == NULL)
21c7eae2 3195 isp->smk_inode = ckp;
e114e473
CS		 3196 else
3197 isp->smk_inode = final;
3198
5c6d1125 3199 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3200
3201unlockandout:
3202 mutex_unlock(&isp->smk_lock);
3203 return;
3204}
3205
3206/**
3207 * smack_getprocattr - Smack process attribute access
3208 * @p: the object task
3209 * @name: the name of the attribute in /proc/.../attr
3210 * @value: where to put the result
3211 *
3212 * Places a copy of the task Smack into value
3213 *
3214 * Returns the length of the smack label or an error code
3215 */
3216static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3217{
2f823ff8 3218 struct smack_known *skp = smk_of_task(task_security(p));
e114e473
CS		 3219 char *cp;
3220 int slen;
3221
3222 if (strcmp(name, "current") != 0)
3223 return -EINVAL;
3224
2f823ff8 3225 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3226 if (cp == NULL)
3227 return -ENOMEM;
3228
3229 slen = strlen(cp);
3230 *value = cp;
3231 return slen;
3232}
3233
3234/**
3235 * smack_setprocattr - Smack process attribute setting
3236 * @p: the object task
3237 * @name: the name of the attribute in /proc/.../attr
3238 * @value: the value to set
3239 * @size: the size of the value
3240 *
3241 * Sets the Smack value of the task. Only setting self
3242 * is permitted and only with privilege
3243 *
3244 * Returns the length of the smack label or an error code
3245 */
3246static int smack_setprocattr(struct task_struct *p, char *name,
3247 void *value, size_t size)
3248{
676dac4b 3249 struct task_smack *tsp;
d84f4f99 3250 struct cred *new;
2f823ff8 3251 struct smack_known *skp;
e114e473 3252
e114e473
CS		 3253 /*
3254 * Changing another process' Smack value is too dangerous
3255 * and supports no sane use case.
3256 */
3257 if (p != current)
3258 return -EPERM;
3259
1880eff7 3260 if (!smack_privileged(CAP_MAC_ADMIN))
5cd9c58f
DH		 3261 return -EPERM;
3262
f7112e6c 3263 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3264 return -EINVAL;
3265
3266 if (strcmp(name, "current") != 0)
3267 return -EINVAL;
3268
2f823ff8
CS		 3269 skp = smk_import_entry(value, size);
3270 if (skp == NULL)
e114e473
CS		 3271 return -EINVAL;
3272
6d3dc07c
CS		 3273 /*
3274 * No process is ever allowed the web ("@") label.
3275 */
2f823ff8 3276 if (skp == &smack_known_web)
6d3dc07c
CS		 3277 return -EPERM;
3278
d84f4f99 3279 new = prepare_creds();
6d3dc07c 3280 if (new == NULL)
d84f4f99 3281 return -ENOMEM;
7898e1f8 3282
46a2f3b9 3283 tsp = new->security;
2f823ff8 3284 tsp->smk_task = skp;
7898e1f8 3285
d84f4f99 3286 commit_creds(new);
e114e473
CS		 3287 return size;
3288}
3289
3290/**
3291 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3292 * @sock: one sock
3293 * @other: the other sock
e114e473
CS		 3294 * @newsk: unused
3295 *
3296 * Return 0 if a subject with the smack of sock could access
3297 * an object with the smack of other, otherwise an error code
3298 */
3610cda5
DM		 3299static int smack_unix_stream_connect(struct sock *sock,
3300 struct sock *other, struct sock *newsk)
e114e473 3301{
2f823ff8 3302 struct smack_known *skp;
54e70ec5 3303 struct smack_known *okp;
d2e7ad19
JM		 3304 struct socket_smack *ssp = sock->sk_security;
3305 struct socket_smack *osp = other->sk_security;
975d5e55 3306 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3307 struct smk_audit_info ad;
b4e0d5f0 3308 int rc = 0;
923e9a13
KC		 3309#ifdef CONFIG_AUDIT
3310 struct lsm_network_audit net;
923e9a13 3311#endif
b4e0d5f0 3312
2f823ff8
CS		 3313 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3314 skp = ssp->smk_out;
96be7b54 3315 okp = osp->smk_in;
54e70ec5
CS		 3316#ifdef CONFIG_AUDIT
3317 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3318 smk_ad_setfield_u_net_sk(&ad, other);
3319#endif
21c7eae2
LP		 3320 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3321 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3322 if (rc == 0) {
96be7b54
ZJ		 3323 okp = osp->smk_out;
3324 skp = ssp->smk_in;
21c7eae2
LP		 3325 rc = smk_access(okp, skp, MAY_WRITE, NULL);
3326 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3327 MAY_WRITE, rc);
3328 }
2f823ff8 3329 }
b4e0d5f0 3330
975d5e55
CS		 3331 /*
3332 * Cross reference the peer labels for SO_PEERSEC.
3333 */
3334 if (rc == 0) {
54e70ec5
CS		 3335 nsp->smk_packet = ssp->smk_out;
3336 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3337 }
3338
b4e0d5f0 3339 return rc;
e114e473
CS		 3340}
3341
3342/**
3343 * smack_unix_may_send - Smack access on UDS
3344 * @sock: one socket
3345 * @other: the other socket
3346 *
3347 * Return 0 if a subject with the smack of sock could access
3348 * an object with the smack of other, otherwise an error code
3349 */
3350static int smack_unix_may_send(struct socket *sock, struct socket *other)
3351{
b4e0d5f0
CS		 3352 struct socket_smack *ssp = sock->sk->sk_security;
3353 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3354 struct smk_audit_info ad;
d166c802 3355 int rc;
e114e473 3356
923e9a13
KC		 3357#ifdef CONFIG_AUDIT
3358 struct lsm_network_audit net;
3359
48c62af6 3360 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3361 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3362#endif
b4e0d5f0 3363
2f823ff8
CS		 3364 if (smack_privileged(CAP_MAC_OVERRIDE))
3365 return 0;
b4e0d5f0 3366
21c7eae2
LP		 3367 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3368 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3369 return rc;
e114e473
CS		 3370}
3371
6d3dc07c
CS		 3372/**
3373 * smack_socket_sendmsg - Smack check based on destination host
3374 * @sock: the socket
251a2a95 3375 * @msg: the message
6d3dc07c
CS		 3376 * @size: the size of the message
3377 *
c6739443
CS		 3378 * Return 0 if the current subject can write to the destination host.
3379 * For IPv4 this is only a question if the destination is a single label host.
3380 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3381 */
3382static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3383 int size)
3384{
3385 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
6ea06247 3386 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
c6739443 3387 int rc = 0;
6d3dc07c
CS		 3388
3389 /*
3390 * Perfectly reasonable for this to be NULL
3391 */
c6739443 3392 if (sip == NULL)
6d3dc07c
CS		 3393 return 0;
3394
c6739443
CS		 3395 switch (sip->sin_family) {
3396 case AF_INET:
3397 rc = smack_netlabel_send(sock->sk, sip);
3398 break;
3399 case AF_INET6:
3400 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3401 break;
3402 }
3403 return rc;
6d3dc07c
CS		 3404}
3405
e114e473 3406/**
251a2a95 3407 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3408 * @sap: netlabel secattr
272cd7a8 3409 * @ssp: socket security information
e114e473 3410 *
2f823ff8 3411 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3412 */
2f823ff8
CS		 3413static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3414 struct socket_smack *ssp)
e114e473 3415{
2f823ff8 3416 struct smack_known *skp;
f7112e6c 3417 int found = 0;
677264e8
CS		 3418 int acat;
3419 int kcat;
e114e473 3420
6d3dc07c 3421 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3422 /*
6d3dc07c 3423 * Looks like a CIPSO packet.
e114e473
CS		 3424 * If there are flags but no level netlabel isn't
3425 * behaving the way we expect it to.
3426 *
f7112e6c 3427 * Look it up in the label table
e114e473
CS		 3428 * Without guidance regarding the smack value
3429 * for the packet fall back on the network
3430 * ambient value.
3431 */
f7112e6c 3432 rcu_read_lock();
2f823ff8
CS		 3433 list_for_each_entry(skp, &smack_known_list, list) {
3434 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3435 continue;
677264e8
CS		 3436 /*
3437 * Compare the catsets. Use the netlbl APIs.
3438 */
3439 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3440 if ((skp->smk_netlabel.flags &
3441 NETLBL_SECATTR_MLS_CAT) == 0)
3442 found = 1;
3443 break;
3444 }
3445 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3446 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3447 acat + 1);
3448 kcat = netlbl_catmap_walk(
677264e8
CS		 3449 skp->smk_netlabel.attr.mls.cat,
3450 kcat + 1);
3451 if (acat < 0 || kcat < 0)
3452 break;
3453 }
3454 if (acat == kcat) {
3455 found = 1;
3456 break;
3457 }
6d3dc07c 3458 }
f7112e6c
CS		 3459 rcu_read_unlock();
3460
3461 if (found)
2f823ff8 3462 return skp;
f7112e6c 3463
54e70ec5 3464 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3465 return &smack_known_web;
3466 return &smack_known_star;
e114e473 3467 }
6d3dc07c
CS		 3468 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3469 /*
3470 * Looks like a fallback, which gives us a secid.
3471 */
2f823ff8 3472 skp = smack_from_secid(sap->attr.secid);
6d3dc07c
CS		 3473 /*
3474 * This has got to be a bug because it is
3475 * impossible to specify a fallback without
3476 * specifying the label, which will ensure
3477 * it has a secid, and the only way to get a
3478 * secid is from a fallback.
3479 */
2f823ff8
CS		 3480 BUG_ON(skp == NULL);
3481 return skp;
e114e473
CS		 3482 }
3483 /*
6d3dc07c
CS		 3484 * Without guidance regarding the smack value
3485 * for the packet fall back on the network
3486 * ambient value.
e114e473 3487 */
272cd7a8 3488 return smack_net_ambient;
e114e473
CS		 3489}
3490
6ea06247 3491static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3492{
c6739443
CS		 3493 u8 nexthdr;
3494 int offset;
3495 int proto = -EINVAL;
3496 struct ipv6hdr _ipv6h;
3497 struct ipv6hdr *ip6;
3498 __be16 frag_off;
3499 struct tcphdr _tcph, *th;
3500 struct udphdr _udph, *uh;
3501 struct dccp_hdr _dccph, *dh;
3502
3503 sip->sin6_port = 0;
3504
3505 offset = skb_network_offset(skb);
3506 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3507 if (ip6 == NULL)
3508 return -EINVAL;
3509 sip->sin6_addr = ip6->saddr;
3510
3511 nexthdr = ip6->nexthdr;
3512 offset += sizeof(_ipv6h);
3513 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3514 if (offset < 0)
3515 return -EINVAL;
3516
3517 proto = nexthdr;
3518 switch (proto) {
3519 case IPPROTO_TCP:
3520 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3521 if (th != NULL)
3522 sip->sin6_port = th->source;
3523 break;
3524 case IPPROTO_UDP:
3525 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3526 if (uh != NULL)
3527 sip->sin6_port = uh->source;
3528 break;
3529 case IPPROTO_DCCP:
3530 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3531 if (dh != NULL)
3532 sip->sin6_port = dh->dccph_sport;
3533 break;
3534 }
3535 return proto;
3536}
3537
e114e473
CS		 3538/**
3539 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3540 * @sk: socket
3541 * @skb: packet
3542 *
3543 * Returns 0 if the packet should be delivered, an error code otherwise
3544 */
3545static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3546{
3547 struct netlbl_lsm_secattr secattr;
3548 struct socket_smack *ssp = sk->sk_security;
2f823ff8 3549 struct smack_known *skp;
6ea06247 3550 struct sockaddr_in6 sadd;
c6739443 3551 int rc = 0;
ecfcc53f 3552 struct smk_audit_info ad;
923e9a13 3553#ifdef CONFIG_AUDIT
48c62af6 3554 struct lsm_network_audit net;
923e9a13 3555#endif
c6739443
CS		 3556 switch (sk->sk_family) {
3557 case PF_INET:
3558 /*
3559 * Translate what netlabel gave us.
3560 */
3561 netlbl_secattr_init(&secattr);
6d3dc07c 3562
c6739443
CS		 3563 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3564 if (rc == 0)
2f823ff8 3565 skp = smack_from_secattr(&secattr, ssp);
c6739443 3566 else
2f823ff8 3567 skp = smack_net_ambient;
6d3dc07c 3568
c6739443 3569 netlbl_secattr_destroy(&secattr);
6d3dc07c 3570
ecfcc53f 3571#ifdef CONFIG_AUDIT
c6739443
CS		 3572 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3573 ad.a.u.net->family = sk->sk_family;
3574 ad.a.u.net->netif = skb->skb_iif;
3575 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3576#endif
c6739443
CS		 3577 /*
3578 * Receiving a packet requires that the other end
3579 * be able to write here. Read access is not required.
3580 * This is the simplist possible security model
3581 * for networking.
3582 */
21c7eae2
LP		 3583 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3584 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3585 MAY_WRITE, rc);
c6739443
CS		 3586 if (rc != 0)
3587 netlbl_skbuff_err(skb, rc, 0);
3588 break;
3589 case PF_INET6:
3590 rc = smk_skb_to_addr_ipv6(skb, &sadd);
3591 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3592 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3593 else
3594 rc = 0;
3595 break;
3596 }
a8134296 3597 return rc;
e114e473
CS		 3598}
3599
3600/**
3601 * smack_socket_getpeersec_stream - pull in packet label
3602 * @sock: the socket
3603 * @optval: user's destination
3604 * @optlen: size thereof
251a2a95 3605 * @len: max thereof
e114e473
CS		 3606 *
3607 * returns zero on success, an error code otherwise
3608 */
3609static int smack_socket_getpeersec_stream(struct socket *sock,
3610 char __user *optval,
3611 int __user *optlen, unsigned len)
3612{
3613 struct socket_smack *ssp;
272cd7a8
CS		 3614 char *rcp = "";
3615 int slen = 1;
e114e473
CS		 3616 int rc = 0;
3617
3618 ssp = sock->sk->sk_security;
272cd7a8 3619 if (ssp->smk_packet != NULL) {
54e70ec5 3620 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 3621 slen = strlen(rcp) + 1;
3622 }
e114e473
CS		 3623
3624 if (slen > len)
3625 rc = -ERANGE;
272cd7a8 3626 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 3627 rc = -EFAULT;
3628
3629 if (put_user(slen, optlen) != 0)
3630 rc = -EFAULT;
3631
3632 return rc;
3633}
3634
3635
3636/**
3637 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 3638 * @sock: the peer socket
e114e473
CS		 3639 * @skb: packet data
3640 * @secid: pointer to where to put the secid of the packet
3641 *
3642 * Sets the netlabel socket state on sk from parent
3643 */
3644static int smack_socket_getpeersec_dgram(struct socket *sock,
3645 struct sk_buff *skb, u32 *secid)
3646
3647{
3648 struct netlbl_lsm_secattr secattr;
272cd7a8 3649 struct socket_smack *ssp = NULL;
2f823ff8 3650 struct smack_known *skp;
b4e0d5f0
CS		 3651 int family = PF_UNSPEC;
3652 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 3653 int rc;
3654
b4e0d5f0
CS		 3655 if (skb != NULL) {
3656 if (skb->protocol == htons(ETH_P_IP))
3657 family = PF_INET;
3658 else if (skb->protocol == htons(ETH_P_IPV6))
3659 family = PF_INET6;
e114e473 3660 }
b4e0d5f0
CS		 3661 if (family == PF_UNSPEC && sock != NULL)
3662 family = sock->sk->sk_family;
e114e473 3663
b4e0d5f0 3664 if (family == PF_UNIX) {
272cd7a8 3665 ssp = sock->sk->sk_security;
2f823ff8 3666 s = ssp->smk_out->smk_secid;
b4e0d5f0
CS		 3667 } else if (family == PF_INET || family == PF_INET6) {
3668 /*
3669 * Translate what netlabel gave us.
3670 */
272cd7a8
CS		 3671 if (sock != NULL && sock->sk != NULL)
3672 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 3673 netlbl_secattr_init(&secattr);
3674 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3675 if (rc == 0) {
2f823ff8
CS		 3676 skp = smack_from_secattr(&secattr, ssp);
3677 s = skp->smk_secid;
b4e0d5f0
CS		 3678 }
3679 netlbl_secattr_destroy(&secattr);
3680 }
3681 *secid = s;
e114e473
CS		 3682 if (s == 0)
3683 return -EINVAL;
e114e473
CS		 3684 return 0;
3685}
3686
3687/**
07feee8f
PM		 3688 * smack_sock_graft - Initialize a newly created socket with an existing sock
3689 * @sk: child sock
3690 * @parent: parent socket
e114e473 3691 *
07feee8f
PM		 3692 * Set the smk_{in,out} state of an existing sock based on the process that
3693 * is creating the new socket.
e114e473
CS		 3694 */
3695static void smack_sock_graft(struct sock *sk, struct socket *parent)
3696{
3697 struct socket_smack *ssp;
2f823ff8 3698 struct smack_known *skp = smk_of_current();
e114e473 3699
07feee8f
PM		 3700 if (sk == NULL ||
3701 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 3702 return;
3703
3704 ssp = sk->sk_security;
54e70ec5 3705 ssp->smk_in = skp;
2f823ff8 3706 ssp->smk_out = skp;
07feee8f 3707 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 3708}
3709
3710/**
3711 * smack_inet_conn_request - Smack access check on connect
3712 * @sk: socket involved
3713 * @skb: packet
3714 * @req: unused
3715 *
3716 * Returns 0 if a task with the packet label could write to
3717 * the socket, otherwise an error code
3718 */
3719static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3720 struct request_sock *req)
3721{
07feee8f 3722 u16 family = sk->sk_family;
f7112e6c 3723 struct smack_known *skp;
e114e473 3724 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 3725 struct netlbl_lsm_secattr secattr;
3726 struct sockaddr_in addr;
3727 struct iphdr *hdr;
21c7eae2 3728 struct smack_known *hskp;
e114e473 3729 int rc;
ecfcc53f 3730 struct smk_audit_info ad;
923e9a13 3731#ifdef CONFIG_AUDIT
48c62af6 3732 struct lsm_network_audit net;
923e9a13 3733#endif
e114e473 3734
c6739443
CS		 3735 if (family == PF_INET6) {
3736 /*
3737 * Handle mapped IPv4 packets arriving
3738 * via IPv6 sockets. Don't set up netlabel
3739 * processing on IPv6.
3740 */
3741 if (skb->protocol == htons(ETH_P_IP))
3742 family = PF_INET;
3743 else
3744 return 0;
3745 }
e114e473 3746
07feee8f
PM		 3747 netlbl_secattr_init(&secattr);
3748 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 3749 if (rc == 0)
2f823ff8 3750 skp = smack_from_secattr(&secattr, ssp);
e114e473 3751 else
2f823ff8 3752 skp = &smack_known_huh;
07feee8f
PM		 3753 netlbl_secattr_destroy(&secattr);
3754
ecfcc53f 3755#ifdef CONFIG_AUDIT
48c62af6
EP		 3756 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3757 ad.a.u.net->family = family;
3758 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 3759 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3760#endif
e114e473 3761 /*
07feee8f
PM		 3762 * Receiving a packet requires that the other end be able to write
3763 * here. Read access is not required.
e114e473 3764 */
21c7eae2
LP		 3765 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3766 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 3767 if (rc != 0)
3768 return rc;
3769
3770 /*
3771 * Save the peer's label in the request_sock so we can later setup
3772 * smk_packet in the child socket so that SO_PEERCRED can report it.
3773 */
2f823ff8 3774 req->peer_secid = skp->smk_secid;
07feee8f
PM		 3775
3776 /*
3777 * We need to decide if we want to label the incoming connection here
3778 * if we do we only need to label the request_sock and the stack will
25985edc 3779 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 3780 */
3781 hdr = ip_hdr(skb);
3782 addr.sin_addr.s_addr = hdr->saddr;
3783 rcu_read_lock();
21c7eae2 3784 hskp = smack_host_label(&addr);
f7112e6c
CS		 3785 rcu_read_unlock();
3786
21c7eae2 3787 if (hskp == NULL)
f7112e6c 3788 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 3789 else
07feee8f 3790 netlbl_req_delattr(req);
e114e473
CS		 3791
3792 return rc;
3793}
3794
07feee8f
PM		 3795/**
3796 * smack_inet_csk_clone - Copy the connection information to the new socket
3797 * @sk: the new socket
3798 * @req: the connection's request_sock
3799 *
3800 * Transfer the connection's peer label to the newly created socket.
3801 */
3802static void smack_inet_csk_clone(struct sock *sk,
3803 const struct request_sock *req)
3804{
3805 struct socket_smack *ssp = sk->sk_security;
2f823ff8 3806 struct smack_known *skp;
07feee8f 3807
2f823ff8
CS		 3808 if (req->peer_secid != 0) {
3809 skp = smack_from_secid(req->peer_secid);
54e70ec5 3810 ssp->smk_packet = skp;
2f823ff8 3811 } else
272cd7a8 3812 ssp->smk_packet = NULL;
07feee8f
PM		 3813}
3814
e114e473
CS		 3815/*
3816 * Key management security hooks
3817 *
3818 * Casey has not tested key support very heavily.
3819 * The permission check is most likely too restrictive.
3820 * If you care about keys please have a look.
3821 */
3822#ifdef CONFIG_KEYS
3823
3824/**
3825 * smack_key_alloc - Set the key security blob
3826 * @key: object
d84f4f99 3827 * @cred: the credentials to use
e114e473
CS		 3828 * @flags: unused
3829 *
3830 * No allocation required
3831 *
3832 * Returns 0
3833 */
d84f4f99 3834static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 3835 unsigned long flags)
3836{
2f823ff8
CS		 3837 struct smack_known *skp = smk_of_task(cred->security);
3838
21c7eae2 3839 key->security = skp;
e114e473
CS		 3840 return 0;
3841}
3842
3843/**
3844 * smack_key_free - Clear the key security blob
3845 * @key: the object
3846 *
3847 * Clear the blob pointer
3848 */
3849static void smack_key_free(struct key *key)
3850{
3851 key->security = NULL;
3852}
3853
1a28979b 3854/**
e114e473
CS		 3855 * smack_key_permission - Smack access on a key
3856 * @key_ref: gets to the object
d84f4f99 3857 * @cred: the credentials to use
1a28979b 3858 * @perm: requested key permissions
e114e473
CS		 3859 *
3860 * Return 0 if the task has read and write to the object,
3861 * an error code otherwise
3862 */
3863static int smack_key_permission(key_ref_t key_ref,
f5895943 3864 const struct cred *cred, unsigned perm)
e114e473
CS		 3865{
3866 struct key *keyp;
ecfcc53f 3867 struct smk_audit_info ad;
2f823ff8 3868 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 3869 int request = 0;
d166c802 3870 int rc;
e114e473
CS		 3871
3872 keyp = key_ref_to_ptr(key_ref);
3873 if (keyp == NULL)
3874 return -EINVAL;
3875 /*
3876 * If the key hasn't been initialized give it access so that
3877 * it may do so.
3878 */
3879 if (keyp->security == NULL)
3880 return 0;
3881 /*
3882 * This should not occur
3883 */
2f823ff8 3884 if (tkp == NULL)
e114e473 3885 return -EACCES;
ecfcc53f
EB		 3886#ifdef CONFIG_AUDIT
3887 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3888 ad.a.u.key_struct.key = keyp->serial;
3889 ad.a.u.key_struct.key_desc = keyp->description;
3890#endif
fffea214
DK		 3891 if (perm & KEY_NEED_READ)
3892 request = MAY_READ;
3893 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3894 request = MAY_WRITE;
d166c802
CS		 3895 rc = smk_access(tkp, keyp->security, request, &ad);
3896 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3897 return rc;
e114e473
CS		 3898}
3899#endif /* CONFIG_KEYS */
3900
d20bdda6
AD		 3901/*
3902 * Smack Audit hooks
3903 *
3904 * Audit requires a unique representation of each Smack specific
3905 * rule. This unique representation is used to distinguish the
3906 * object to be audited from remaining kernel objects and also
3907 * works as a glue between the audit hooks.
3908 *
3909 * Since repository entries are added but never deleted, we'll use
3910 * the smack_known label address related to the given audit rule as
3911 * the needed unique representation. This also better fits the smack
3912 * model where nearly everything is a label.
3913 */
3914#ifdef CONFIG_AUDIT
3915
3916/**
3917 * smack_audit_rule_init - Initialize a smack audit rule
3918 * @field: audit rule fields given from user-space (audit.h)
3919 * @op: required testing operator (=, !=, >, <, ...)
3920 * @rulestr: smack label to be audited
3921 * @vrule: pointer to save our own audit rule representation
3922 *
3923 * Prepare to audit cases where (@field @op @rulestr) is true.
3924 * The label to be audited is created if necessay.
3925 */
3926static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3927{
21c7eae2 3928 struct smack_known *skp;
d20bdda6
AD		 3929 char **rule = (char **)vrule;
3930 *rule = NULL;
3931
3932 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3933 return -EINVAL;
3934
5af75d8d 3935 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 3936 return -EINVAL;
3937
21c7eae2
LP		 3938 skp = smk_import_entry(rulestr, 0);
3939 if (skp)
3940 *rule = skp->smk_known;
d20bdda6
AD		 3941
3942 return 0;
3943}
3944
3945/**
3946 * smack_audit_rule_known - Distinguish Smack audit rules
3947 * @krule: rule of interest, in Audit kernel representation format
3948 *
3949 * This is used to filter Smack rules from remaining Audit ones.
3950 * If it's proved that this rule belongs to us, the
3951 * audit_rule_match hook will be called to do the final judgement.
3952 */
3953static int smack_audit_rule_known(struct audit_krule *krule)
3954{
3955 struct audit_field *f;
3956 int i;
3957
3958 for (i = 0; i < krule->field_count; i++) {
3959 f = &krule->fields[i];
3960
3961 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3962 return 1;
3963 }
3964
3965 return 0;
3966}
3967
3968/**
3969 * smack_audit_rule_match - Audit given object ?
3970 * @secid: security id for identifying the object to test
3971 * @field: audit rule flags given from user-space
3972 * @op: required testing operator
3973 * @vrule: smack internal rule presentation
3974 * @actx: audit context associated with the check
3975 *
3976 * The core Audit hook. It's used to take the decision of
3977 * whether to audit or not to audit a given object.
3978 */
3979static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3980 struct audit_context *actx)
3981{
2f823ff8 3982 struct smack_known *skp;
d20bdda6
AD		 3983 char *rule = vrule;
3984
4eb0f4ab
RGB		 3985 if (unlikely(!rule)) {
3986 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 3987 return -ENOENT;
3988 }
3989
3990 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3991 return 0;
3992
2f823ff8 3993 skp = smack_from_secid(secid);
d20bdda6
AD		 3994
3995 /*
3996 * No need to do string comparisons. If a match occurs,
3997 * both pointers will point to the same smack_known
3998 * label.
3999 */
5af75d8d 4000 if (op == Audit_equal)
2f823ff8 4001 return (rule == skp->smk_known);
5af75d8d 4002 if (op == Audit_not_equal)
2f823ff8 4003 return (rule != skp->smk_known);
d20bdda6
AD		 4004
4005 return 0;
4006}
4007
4008/**
4009 * smack_audit_rule_free - free smack rule representation
4010 * @vrule: rule to be freed.
4011 *
4012 * No memory was allocated.
4013 */
4014static void smack_audit_rule_free(void *vrule)
4015{
4016 /* No-op */
4017}
4018
4019#endif /* CONFIG_AUDIT */
4020
746df9b5
DQ		 4021/**
4022 * smack_ismaclabel - check if xattr @name references a smack MAC label
4023 * @name: Full xattr name to check.
4024 */
4025static int smack_ismaclabel(const char *name)
4026{
4027 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4028}
4029
4030
251a2a95 4031/**
e114e473
CS		 4032 * smack_secid_to_secctx - return the smack label for a secid
4033 * @secid: incoming integer
4034 * @secdata: destination
4035 * @seclen: how long it is
4036 *
4037 * Exists for networking code.
4038 */
4039static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4040{
2f823ff8 4041 struct smack_known *skp = smack_from_secid(secid);
e114e473 4042
d5630b9d 4043 if (secdata)
2f823ff8
CS		 4044 *secdata = skp->smk_known;
4045 *seclen = strlen(skp->smk_known);
e114e473
CS		 4046 return 0;
4047}
4048
251a2a95 4049/**
4bc87e62
CS		 4050 * smack_secctx_to_secid - return the secid for a smack label
4051 * @secdata: smack label
4052 * @seclen: how long result is
4053 * @secid: outgoing integer
4054 *
4055 * Exists for audit and networking code.
4056 */
e52c1764 4057static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4058{
21c7eae2
LP		 4059 struct smack_known *skp = smk_find_entry(secdata);
4060
4061 if (skp)
4062 *secid = skp->smk_secid;
4063 else
4064 *secid = 0;
4bc87e62
CS		 4065 return 0;
4066}
4067
251a2a95 4068/**
e114e473 4069 * smack_release_secctx - don't do anything.
251a2a95
RD		 4070 * @secdata: unused
4071 * @seclen: unused
e114e473
CS		 4072 *
4073 * Exists to make sure nothing gets done, and properly
4074 */
4075static void smack_release_secctx(char *secdata, u32 seclen)
4076{
4077}
4078
1ee65e37
DQ		 4079static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4080{
4081 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4082}
4083
4084static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4085{
4086 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4087}
4088
4089static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4090{
4091 int len = 0;
4092 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4093
4094 if (len < 0)
4095 return len;
4096 *ctxlen = len;
4097 return 0;
4098}
4099
076c54c5
AD		 4100struct security_operations smack_ops = {
4101 .name = "smack",
4102
9e48858f 4103 .ptrace_access_check = smack_ptrace_access_check,
5cd9c58f 4104 .ptrace_traceme = smack_ptrace_traceme,
e114e473 4105 .syslog = smack_syslog,
e114e473
CS		 4106
4107 .sb_alloc_security = smack_sb_alloc_security,
4108 .sb_free_security = smack_sb_free_security,
4109 .sb_copy_data = smack_sb_copy_data,
4110 .sb_kern_mount = smack_sb_kern_mount,
4111 .sb_statfs = smack_sb_statfs,
e114e473 4112
676dac4b 4113 .bprm_set_creds = smack_bprm_set_creds,
84088ba2
JS		 4114 .bprm_committing_creds = smack_bprm_committing_creds,
4115 .bprm_secureexec = smack_bprm_secureexec,
676dac4b 4116
e114e473
CS		 4117 .inode_alloc_security = smack_inode_alloc_security,
4118 .inode_free_security = smack_inode_free_security,
4119 .inode_init_security = smack_inode_init_security,
4120 .inode_link = smack_inode_link,
4121 .inode_unlink = smack_inode_unlink,
4122 .inode_rmdir = smack_inode_rmdir,
4123 .inode_rename = smack_inode_rename,
4124 .inode_permission = smack_inode_permission,
4125 .inode_setattr = smack_inode_setattr,
4126 .inode_getattr = smack_inode_getattr,
4127 .inode_setxattr = smack_inode_setxattr,
4128 .inode_post_setxattr = smack_inode_post_setxattr,
4129 .inode_getxattr = smack_inode_getxattr,
4130 .inode_removexattr = smack_inode_removexattr,
4131 .inode_getsecurity = smack_inode_getsecurity,
4132 .inode_setsecurity = smack_inode_setsecurity,
4133 .inode_listsecurity = smack_inode_listsecurity,
d20bdda6 4134 .inode_getsecid = smack_inode_getsecid,
e114e473
CS		 4135
4136 .file_permission = smack_file_permission,
4137 .file_alloc_security = smack_file_alloc_security,
4138 .file_free_security = smack_file_free_security,
4139 .file_ioctl = smack_file_ioctl,
4140 .file_lock = smack_file_lock,
4141 .file_fcntl = smack_file_fcntl,
e5467859
AV		 4142 .mmap_file = smack_mmap_file,
4143 .mmap_addr = cap_mmap_addr,
e114e473
CS		 4144 .file_set_fowner = smack_file_set_fowner,
4145 .file_send_sigiotask = smack_file_send_sigiotask,
4146 .file_receive = smack_file_receive,
4147
83d49856 4148 .file_open = smack_file_open,
531f1d45 4149
ee18d64c 4150 .cred_alloc_blank = smack_cred_alloc_blank,
f1752eec 4151 .cred_free = smack_cred_free,
d84f4f99 4152 .cred_prepare = smack_cred_prepare,
ee18d64c 4153 .cred_transfer = smack_cred_transfer,
3a3b7ce9
DH		 4154 .kernel_act_as = smack_kernel_act_as,
4155 .kernel_create_files_as = smack_kernel_create_files_as,
e114e473
CS		 4156 .task_setpgid = smack_task_setpgid,
4157 .task_getpgid = smack_task_getpgid,
4158 .task_getsid = smack_task_getsid,
4159 .task_getsecid = smack_task_getsecid,
4160 .task_setnice = smack_task_setnice,
4161 .task_setioprio = smack_task_setioprio,
4162 .task_getioprio = smack_task_getioprio,
4163 .task_setscheduler = smack_task_setscheduler,
4164 .task_getscheduler = smack_task_getscheduler,
4165 .task_movememory = smack_task_movememory,
4166 .task_kill = smack_task_kill,
4167 .task_wait = smack_task_wait,
e114e473
CS		 4168 .task_to_inode = smack_task_to_inode,
4169
4170 .ipc_permission = smack_ipc_permission,
d20bdda6 4171 .ipc_getsecid = smack_ipc_getsecid,
e114e473
CS		 4172
4173 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
4174 .msg_msg_free_security = smack_msg_msg_free_security,
4175
4176 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
4177 .msg_queue_free_security = smack_msg_queue_free_security,
4178 .msg_queue_associate = smack_msg_queue_associate,
4179 .msg_queue_msgctl = smack_msg_queue_msgctl,
4180 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
4181 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
4182
4183 .shm_alloc_security = smack_shm_alloc_security,
4184 .shm_free_security = smack_shm_free_security,
4185 .shm_associate = smack_shm_associate,
4186 .shm_shmctl = smack_shm_shmctl,
4187 .shm_shmat = smack_shm_shmat,
4188
4189 .sem_alloc_security = smack_sem_alloc_security,
4190 .sem_free_security = smack_sem_free_security,
4191 .sem_associate = smack_sem_associate,
4192 .sem_semctl = smack_sem_semctl,
4193 .sem_semop = smack_sem_semop,
4194
e114e473
CS		 4195 .d_instantiate = smack_d_instantiate,
4196
4197 .getprocattr = smack_getprocattr,
4198 .setprocattr = smack_setprocattr,
4199
4200 .unix_stream_connect = smack_unix_stream_connect,
4201 .unix_may_send = smack_unix_may_send,
4202
4203 .socket_post_create = smack_socket_post_create,
c6739443 4204 .socket_bind = smack_socket_bind,
6d3dc07c
CS		 4205 .socket_connect = smack_socket_connect,
4206 .socket_sendmsg = smack_socket_sendmsg,
e114e473
CS		 4207 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
4208 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
4209 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
4210 .sk_alloc_security = smack_sk_alloc_security,
4211 .sk_free_security = smack_sk_free_security,
4212 .sock_graft = smack_sock_graft,
4213 .inet_conn_request = smack_inet_conn_request,
07feee8f 4214 .inet_csk_clone = smack_inet_csk_clone,
d20bdda6 4215
e114e473
CS		 4216 /* key management security hooks */
4217#ifdef CONFIG_KEYS
4218 .key_alloc = smack_key_alloc,
4219 .key_free = smack_key_free,
4220 .key_permission = smack_key_permission,
4221#endif /* CONFIG_KEYS */
d20bdda6
AD		 4222
4223 /* Audit hooks */
4224#ifdef CONFIG_AUDIT
4225 .audit_rule_init = smack_audit_rule_init,
4226 .audit_rule_known = smack_audit_rule_known,
4227 .audit_rule_match = smack_audit_rule_match,
4228 .audit_rule_free = smack_audit_rule_free,
4229#endif /* CONFIG_AUDIT */
4230
746df9b5 4231 .ismaclabel = smack_ismaclabel,
e114e473 4232 .secid_to_secctx = smack_secid_to_secctx,
4bc87e62 4233 .secctx_to_secid = smack_secctx_to_secid,
e114e473 4234 .release_secctx = smack_release_secctx,
1ee65e37
DQ		 4235 .inode_notifysecctx = smack_inode_notifysecctx,
4236 .inode_setsecctx = smack_inode_setsecctx,
4237 .inode_getsecctx = smack_inode_getsecctx,
e114e473
CS		 4238};
4239
7198e2ee 4240
86812bb0 4241static __init void init_smack_known_list(void)
7198e2ee 4242{
86812bb0
CS		 4243 /*
4244 * Initialize rule list locks
4245 */
4246 mutex_init(&smack_known_huh.smk_rules_lock);
4247 mutex_init(&smack_known_hat.smk_rules_lock);
4248 mutex_init(&smack_known_floor.smk_rules_lock);
4249 mutex_init(&smack_known_star.smk_rules_lock);
4250 mutex_init(&smack_known_invalid.smk_rules_lock);
4251 mutex_init(&smack_known_web.smk_rules_lock);
4252 /*
4253 * Initialize rule lists
4254 */
4255 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4256 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4257 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4258 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4259 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4260 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4261 /*
4262 * Create the known labels list
4263 */
4d7cf4a1
TS		 4264 smk_insert_entry(&smack_known_huh);
4265 smk_insert_entry(&smack_known_hat);
4266 smk_insert_entry(&smack_known_star);
4267 smk_insert_entry(&smack_known_floor);
4268 smk_insert_entry(&smack_known_invalid);
4269 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4270}
4271
e114e473
CS		 4272/**
4273 * smack_init - initialize the smack system
4274 *
4275 * Returns 0
4276 */
4277static __init int smack_init(void)
4278{
d84f4f99 4279 struct cred *cred;
676dac4b 4280 struct task_smack *tsp;
d84f4f99 4281
7898e1f8
CS		 4282 if (!security_module_enable(&smack_ops))
4283 return 0;
4284
1a5b472b
R		 4285 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4286 if (!smack_inode_cache)
4287 return -ENOMEM;
4288
2f823ff8
CS		 4289 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4290 GFP_KERNEL);
1a5b472b
R		 4291 if (tsp == NULL) {
4292 kmem_cache_destroy(smack_inode_cache);
676dac4b 4293 return -ENOMEM;
1a5b472b 4294 }
676dac4b 4295
e114e473
CS		 4296 printk(KERN_INFO "Smack: Initializing.\n");
4297
4298 /*
4299 * Set the security state for the initial task.
4300 */
d84f4f99 4301 cred = (struct cred *) current->cred;
676dac4b 4302 cred->security = tsp;
e114e473 4303
86812bb0
CS		 4304 /* initialize the smack_known_list */
4305 init_smack_known_list();
e114e473
CS		 4306
4307 /*
4308 * Register with LSM
4309 */
4310 if (register_security(&smack_ops))
4311 panic("smack: Unable to register with kernel.\n");
4312
4313 return 0;
4314}
4315
4316/*
4317 * Smack requires early initialization in order to label
4318 * all processes and objects when they are created.
4319 */
4320security_initcall(smack_init);
A mirror of Linus' kernel repository