]> git.ipfire.org Git - thirdparty/linux.git/blame - security/smack/smack_lsm.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gfp flags for security_inode_alloc()?
[thirdparty/linux.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
5a0e3ad6 30#include <linux/slab.h>
e114e473
CS		 31#include <linux/mutex.h>
32#include <linux/pipe_fs_i.h>
33#include <net/netlabel.h>
34#include <net/cipso_ipv4.h>
d20bdda6 35#include <linux/audit.h>
1fd7317d 36#include <linux/magic.h>
2a7dba39 37#include <linux/dcache.h>
16014d87 38#include <linux/personality.h>
40401530
AV		 39#include <linux/msg.h>
40#include <linux/shm.h>
41#include <linux/binfmts.h>
e114e473
CS		 42#include "smack.h"
43
c69e8d9c
DH		 44#define task_security(task) (task_cred_xxx((task), security))
45
5c6d1125
JS		 46#define TRANS_TRUE "TRUE"
47#define TRANS_TRUE_SIZE 4
48
e114e473
CS		 49/**
50 * smk_fetch - Fetch the smack label from a file.
51 * @ip: a pointer to the inode
52 * @dp: a pointer to the dentry
53 *
54 * Returns a pointer to the master list entry for the Smack label
55 * or NULL if there was no label to fetch.
56 */
676dac4b 57static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
e114e473
CS		 58{
59 int rc;
60 char in[SMK_LABELLEN];
61
62 if (ip->i_op->getxattr == NULL)
63 return NULL;
64
676dac4b 65 rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN);
e114e473
CS		 66 if (rc < 0)
67 return NULL;
68
69 return smk_import(in, rc);
70}
71
72/**
73 * new_inode_smack - allocate an inode security blob
74 * @smack: a pointer to the Smack label to use in the blob
75 *
76 * Returns the new blob or NULL if there's no memory available
77 */
78struct inode_smack *new_inode_smack(char *smack)
79{
80 struct inode_smack *isp;
81
ceffec55 82 isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
e114e473
CS		 83 if (isp == NULL)
84 return NULL;
85
86 isp->smk_inode = smack;
87 isp->smk_flags = 0;
88 mutex_init(&isp->smk_lock);
89
90 return isp;
91}
92
7898e1f8
CS		 93/**
94 * new_task_smack - allocate a task security blob
95 * @smack: a pointer to the Smack label to use in the blob
96 *
97 * Returns the new blob or NULL if there's no memory available
98 */
99static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
100{
101 struct task_smack *tsp;
102
103 tsp = kzalloc(sizeof(struct task_smack), gfp);
104 if (tsp == NULL)
105 return NULL;
106
107 tsp->smk_task = task;
108 tsp->smk_forked = forked;
109 INIT_LIST_HEAD(&tsp->smk_rules);
110 mutex_init(&tsp->smk_rules_lock);
111
112 return tsp;
113}
114
115/**
116 * smk_copy_rules - copy a rule set
117 * @nhead - new rules header pointer
118 * @ohead - old rules header pointer
119 *
120 * Returns 0 on success, -ENOMEM on error
121 */
122static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
123 gfp_t gfp)
124{
125 struct smack_rule *nrp;
126 struct smack_rule *orp;
127 int rc = 0;
128
129 INIT_LIST_HEAD(nhead);
130
131 list_for_each_entry_rcu(orp, ohead, list) {
132 nrp = kzalloc(sizeof(struct smack_rule), gfp);
133 if (nrp == NULL) {
134 rc = -ENOMEM;
135 break;
136 }
137 *nrp = *orp;
138 list_add_rcu(&nrp->list, nhead);
139 }
140 return rc;
141}
142
e114e473
CS		 143/*
144 * LSM hooks.
145 * We he, that is fun!
146 */
147
148/**
9e48858f 149 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 150 * @ctp: child task pointer
251a2a95 151 * @mode: ptrace attachment mode
e114e473
CS		 152 *
153 * Returns 0 if access is OK, an error code otherwise
154 *
155 * Do the capability checks, and require read and write.
156 */
9e48858f 157static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473
CS		 158{
159 int rc;
ecfcc53f 160 struct smk_audit_info ad;
7898e1f8 161 char *tsp;
e114e473 162
9e48858f 163 rc = cap_ptrace_access_check(ctp, mode);
e114e473
CS		 164 if (rc != 0)
165 return rc;
166
676dac4b 167 tsp = smk_of_task(task_security(ctp));
ecfcc53f
EB		 168 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
169 smk_ad_setfield_u_tsk(&ad, ctp);
170
7898e1f8 171 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
5cd9c58f
DH		 172 return rc;
173}
174
175/**
176 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
177 * @ptp: parent task pointer
178 *
179 * Returns 0 if access is OK, an error code otherwise
180 *
181 * Do the capability checks, and require read and write.
182 */
183static int smack_ptrace_traceme(struct task_struct *ptp)
184{
185 int rc;
ecfcc53f 186 struct smk_audit_info ad;
7898e1f8 187 char *tsp;
5cd9c58f
DH		 188
189 rc = cap_ptrace_traceme(ptp);
190 if (rc != 0)
191 return rc;
e114e473 192
7898e1f8 193 tsp = smk_of_task(task_security(ptp));
ecfcc53f
EB		 194 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
195 smk_ad_setfield_u_tsk(&ad, ptp);
196
7898e1f8 197 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
e114e473
CS		 198 return rc;
199}
200
201/**
202 * smack_syslog - Smack approval on syslog
203 * @type: message type
204 *
205 * Require that the task has the floor label
206 *
207 * Returns 0 on success, error code otherwise.
208 */
12b3052c 209static int smack_syslog(int typefrom_file)
e114e473 210{
12b3052c 211 int rc = 0;
676dac4b 212 char *sp = smk_of_current();
e114e473 213
e114e473
CS		 214 if (capable(CAP_MAC_OVERRIDE))
215 return 0;
216
217 if (sp != smack_known_floor.smk_known)
218 rc = -EACCES;
219
220 return rc;
221}
222
223
224/*
225 * Superblock Hooks.
226 */
227
228/**
229 * smack_sb_alloc_security - allocate a superblock blob
230 * @sb: the superblock getting the blob
231 *
232 * Returns 0 on success or -ENOMEM on error.
233 */
234static int smack_sb_alloc_security(struct super_block *sb)
235{
236 struct superblock_smack *sbsp;
237
238 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
239
240 if (sbsp == NULL)
241 return -ENOMEM;
242
243 sbsp->smk_root = smack_known_floor.smk_known;
244 sbsp->smk_default = smack_known_floor.smk_known;
245 sbsp->smk_floor = smack_known_floor.smk_known;
246 sbsp->smk_hat = smack_known_hat.smk_known;
247 sbsp->smk_initialized = 0;
248 spin_lock_init(&sbsp->smk_sblock);
249
250 sb->s_security = sbsp;
251
252 return 0;
253}
254
255/**
256 * smack_sb_free_security - free a superblock blob
257 * @sb: the superblock getting the blob
258 *
259 */
260static void smack_sb_free_security(struct super_block *sb)
261{
262 kfree(sb->s_security);
263 sb->s_security = NULL;
264}
265
266/**
267 * smack_sb_copy_data - copy mount options data for processing
e114e473 268 * @orig: where to start
251a2a95 269 * @smackopts: mount options string
e114e473
CS		 270 *
271 * Returns 0 on success or -ENOMEM on error.
272 *
273 * Copy the Smack specific mount options out of the mount
274 * options list.
275 */
e0007529 276static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 277{
278 char *cp, *commap, *otheropts, *dp;
279
e114e473
CS		 280 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
281 if (otheropts == NULL)
282 return -ENOMEM;
283
284 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
285 if (strstr(cp, SMK_FSDEFAULT) == cp)
286 dp = smackopts;
287 else if (strstr(cp, SMK_FSFLOOR) == cp)
288 dp = smackopts;
289 else if (strstr(cp, SMK_FSHAT) == cp)
290 dp = smackopts;
291 else if (strstr(cp, SMK_FSROOT) == cp)
292 dp = smackopts;
293 else
294 dp = otheropts;
295
296 commap = strchr(cp, ',');
297 if (commap != NULL)
298 *commap = '\0';
299
300 if (*dp != '\0')
301 strcat(dp, ",");
302 strcat(dp, cp);
303 }
304
305 strcpy(orig, otheropts);
306 free_page((unsigned long)otheropts);
307
308 return 0;
309}
310
311/**
312 * smack_sb_kern_mount - Smack specific mount processing
313 * @sb: the file system superblock
12204e24 314 * @flags: the mount flags
e114e473
CS		 315 * @data: the smack mount options
316 *
317 * Returns 0 on success, an error code on failure
318 */
12204e24 319static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
e114e473
CS		 320{
321 struct dentry *root = sb->s_root;
322 struct inode *inode = root->d_inode;
323 struct superblock_smack *sp = sb->s_security;
324 struct inode_smack *isp;
325 char *op;
326 char *commap;
327 char *nsp;
328
329 spin_lock(&sp->smk_sblock);
330 if (sp->smk_initialized != 0) {
331 spin_unlock(&sp->smk_sblock);
332 return 0;
333 }
334 sp->smk_initialized = 1;
335 spin_unlock(&sp->smk_sblock);
336
337 for (op = data; op != NULL; op = commap) {
338 commap = strchr(op, ',');
339 if (commap != NULL)
340 *commap++ = '\0';
341
342 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
343 op += strlen(SMK_FSHAT);
344 nsp = smk_import(op, 0);
345 if (nsp != NULL)
346 sp->smk_hat = nsp;
347 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
348 op += strlen(SMK_FSFLOOR);
349 nsp = smk_import(op, 0);
350 if (nsp != NULL)
351 sp->smk_floor = nsp;
352 } else if (strncmp(op, SMK_FSDEFAULT,
353 strlen(SMK_FSDEFAULT)) == 0) {
354 op += strlen(SMK_FSDEFAULT);
355 nsp = smk_import(op, 0);
356 if (nsp != NULL)
357 sp->smk_default = nsp;
358 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
359 op += strlen(SMK_FSROOT);
360 nsp = smk_import(op, 0);
361 if (nsp != NULL)
362 sp->smk_root = nsp;
363 }
364 }
365
366 /*
367 * Initialize the root inode.
368 */
369 isp = inode->i_security;
370 if (isp == NULL)
371 inode->i_security = new_inode_smack(sp->smk_root);
372 else
373 isp->smk_inode = sp->smk_root;
374
375 return 0;
376}
377
378/**
379 * smack_sb_statfs - Smack check on statfs
380 * @dentry: identifies the file system in question
381 *
382 * Returns 0 if current can read the floor of the filesystem,
383 * and error code otherwise
384 */
385static int smack_sb_statfs(struct dentry *dentry)
386{
387 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 388 int rc;
389 struct smk_audit_info ad;
390
a269434d 391 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 392 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 393
ecfcc53f
EB		 394 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
395 return rc;
e114e473
CS		 396}
397
398/**
399 * smack_sb_mount - Smack check for mounting
400 * @dev_name: unused
251a2a95 401 * @path: mount point
e114e473
CS		 402 * @type: unused
403 * @flags: unused
404 * @data: unused
405 *
406 * Returns 0 if current can write the floor of the filesystem
407 * being mounted on, an error code otherwise.
408 */
b5266eb4 409static int smack_sb_mount(char *dev_name, struct path *path,
e114e473
CS		 410 char *type, unsigned long flags, void *data)
411{
d8c9584e 412 struct superblock_smack *sbp = path->dentry->d_sb->s_security;
ecfcc53f 413 struct smk_audit_info ad;
e114e473 414
f48b7399 415 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f
EB		 416 smk_ad_setfield_u_fs_path(&ad, *path);
417
418 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
e114e473
CS		 419}
420
421/**
422 * smack_sb_umount - Smack check for unmounting
423 * @mnt: file system to unmount
424 * @flags: unused
425 *
426 * Returns 0 if current can write the floor of the filesystem
427 * being unmounted, an error code otherwise.
428 */
429static int smack_sb_umount(struct vfsmount *mnt, int flags)
430{
431 struct superblock_smack *sbp;
ecfcc53f 432 struct smk_audit_info ad;
a269434d 433 struct path path;
e114e473 434
a269434d
EP		 435 path.dentry = mnt->mnt_root;
436 path.mnt = mnt;
e114e473 437
f48b7399 438 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
a269434d 439 smk_ad_setfield_u_fs_path(&ad, path);
e114e473 440
d8c9584e 441 sbp = path.dentry->d_sb->s_security;
ecfcc53f 442 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
e114e473
CS		 443}
444
676dac4b
CS		 445/*
446 * BPRM hooks
447 */
448
ce8a4321
CS		 449/**
450 * smack_bprm_set_creds - set creds for exec
451 * @bprm: the exec information
452 *
453 * Returns 0 if it gets a blob, -ENOMEM otherwise
454 */
676dac4b
CS		 455static int smack_bprm_set_creds(struct linux_binprm *bprm)
456{
84088ba2
JS		 457 struct inode *inode = bprm->file->f_path.dentry->d_inode;
458 struct task_smack *bsp = bprm->cred->security;
676dac4b 459 struct inode_smack *isp;
676dac4b
CS		 460 int rc;
461
462 rc = cap_bprm_set_creds(bprm);
463 if (rc != 0)
464 return rc;
465
466 if (bprm->cred_prepared)
467 return 0;
468
84088ba2
JS		 469 isp = inode->i_security;
470 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 471 return 0;
472
84088ba2
JS		 473 if (bprm->unsafe)
474 return -EPERM;
676dac4b 475
84088ba2
JS		 476 bsp->smk_task = isp->smk_task;
477 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 478
84088ba2
JS		 479 return 0;
480}
676dac4b 481
84088ba2
JS		 482/**
483 * smack_bprm_committing_creds - Prepare to install the new credentials
484 * from bprm.
485 *
486 * @bprm: binprm for exec
487 */
488static void smack_bprm_committing_creds(struct linux_binprm *bprm)
489{
490 struct task_smack *bsp = bprm->cred->security;
676dac4b 491
84088ba2
JS		 492 if (bsp->smk_task != bsp->smk_forked)
493 current->pdeath_signal = 0;
494}
495
496/**
497 * smack_bprm_secureexec - Return the decision to use secureexec.
498 * @bprm: binprm for exec
499 *
500 * Returns 0 on success.
501 */
502static int smack_bprm_secureexec(struct linux_binprm *bprm)
503{
504 struct task_smack *tsp = current_security();
505 int ret = cap_bprm_secureexec(bprm);
506
507 if (!ret && (tsp->smk_task != tsp->smk_forked))
508 ret = 1;
509
510 return ret;
676dac4b
CS		 511}
512
e114e473
CS		 513/*
514 * Inode hooks
515 */
516
517/**
518 * smack_inode_alloc_security - allocate an inode blob
251a2a95 519 * @inode: the inode in need of a blob
e114e473
CS		 520 *
521 * Returns 0 if it gets a blob, -ENOMEM otherwise
522 */
523static int smack_inode_alloc_security(struct inode *inode)
524{
676dac4b 525 inode->i_security = new_inode_smack(smk_of_current());
e114e473
CS		 526 if (inode->i_security == NULL)
527 return -ENOMEM;
528 return 0;
529}
530
531/**
532 * smack_inode_free_security - free an inode blob
251a2a95 533 * @inode: the inode with a blob
e114e473
CS		 534 *
535 * Clears the blob pointer in inode
536 */
537static void smack_inode_free_security(struct inode *inode)
538{
539 kfree(inode->i_security);
540 inode->i_security = NULL;
541}
542
543/**
544 * smack_inode_init_security - copy out the smack from an inode
545 * @inode: the inode
546 * @dir: unused
2a7dba39 547 * @qstr: unused
e114e473
CS		 548 * @name: where to put the attribute name
549 * @value: where to put the attribute value
550 * @len: where to put the length of the attribute
551 *
552 * Returns 0 if it all works out, -ENOMEM if there's no memory
553 */
554static int smack_inode_init_security(struct inode *inode, struct inode *dir,
2a7dba39
EP		 555 const struct qstr *qstr, char **name,
556 void **value, size_t *len)
e114e473 557{
272cd7a8 558 struct smack_known *skp;
2267b13a 559 struct inode_smack *issp = inode->i_security;
272cd7a8 560 char *csp = smk_of_current();
e114e473 561 char *isp = smk_of_inode(inode);
5c6d1125 562 char *dsp = smk_of_inode(dir);
7898e1f8 563 int may;
e114e473
CS		 564
565 if (name) {
ceffec55 566 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
e114e473
CS		 567 if (*name == NULL)
568 return -ENOMEM;
569 }
570
571 if (value) {
272cd7a8 572 skp = smk_find_entry(csp);
7898e1f8 573 rcu_read_lock();
272cd7a8 574 may = smk_access_entry(csp, dsp, &skp->smk_rules);
7898e1f8 575 rcu_read_unlock();
5c6d1125
JS		 576
577 /*
578 * If the access rule allows transmutation and
579 * the directory requests transmutation then
580 * by all means transmute.
2267b13a 581 * Mark the inode as changed.
5c6d1125 582 */
7898e1f8 583 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 584 smk_inode_transmutable(dir)) {
5c6d1125 585 isp = dsp;
2267b13a
CS		 586 issp->smk_flags |= SMK_INODE_CHANGED;
587 }
5c6d1125 588
ceffec55 589 *value = kstrdup(isp, GFP_NOFS);
e114e473
CS		 590 if (*value == NULL)
591 return -ENOMEM;
592 }
593
594 if (len)
595 *len = strlen(isp) + 1;
596
597 return 0;
598}
599
600/**
601 * smack_inode_link - Smack check on link
602 * @old_dentry: the existing object
603 * @dir: unused
604 * @new_dentry: the new object
605 *
606 * Returns 0 if access is permitted, an error code otherwise
607 */
608static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
609 struct dentry *new_dentry)
610{
e114e473 611 char *isp;
ecfcc53f
EB		 612 struct smk_audit_info ad;
613 int rc;
614
a269434d 615 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 616 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 617
618 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 619 rc = smk_curacc(isp, MAY_WRITE, &ad);
e114e473
CS		 620
621 if (rc == 0 && new_dentry->d_inode != NULL) {
622 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 623 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
624 rc = smk_curacc(isp, MAY_WRITE, &ad);
e114e473
CS		 625 }
626
627 return rc;
628}
629
630/**
631 * smack_inode_unlink - Smack check on inode deletion
632 * @dir: containing directory object
633 * @dentry: file to unlink
634 *
635 * Returns 0 if current can write the containing directory
636 * and the object, error code otherwise
637 */
638static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
639{
640 struct inode *ip = dentry->d_inode;
ecfcc53f 641 struct smk_audit_info ad;
e114e473
CS		 642 int rc;
643
a269434d 644 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 645 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
646
e114e473
CS		 647 /*
648 * You need write access to the thing you're unlinking
649 */
ecfcc53f
EB		 650 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
651 if (rc == 0) {
e114e473
CS		 652 /*
653 * You also need write access to the containing directory
654 */
ecfcc53f
EB		 655 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
656 smk_ad_setfield_u_fs_inode(&ad, dir);
657 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
658 }
e114e473
CS		 659 return rc;
660}
661
662/**
663 * smack_inode_rmdir - Smack check on directory deletion
664 * @dir: containing directory object
665 * @dentry: directory to unlink
666 *
667 * Returns 0 if current can write the containing directory
668 * and the directory, error code otherwise
669 */
670static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
671{
ecfcc53f 672 struct smk_audit_info ad;
e114e473
CS		 673 int rc;
674
a269434d 675 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 676 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
677
e114e473
CS		 678 /*
679 * You need write access to the thing you're removing
680 */
ecfcc53f
EB		 681 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
682 if (rc == 0) {
e114e473
CS		 683 /*
684 * You also need write access to the containing directory
685 */
ecfcc53f
EB		 686 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
687 smk_ad_setfield_u_fs_inode(&ad, dir);
688 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
689 }
e114e473
CS		 690
691 return rc;
692}
693
694/**
695 * smack_inode_rename - Smack check on rename
696 * @old_inode: the old directory
697 * @old_dentry: unused
698 * @new_inode: the new directory
699 * @new_dentry: unused
700 *
701 * Read and write access is required on both the old and
702 * new directories.
703 *
704 * Returns 0 if access is permitted, an error code otherwise
705 */
706static int smack_inode_rename(struct inode *old_inode,
707 struct dentry *old_dentry,
708 struct inode *new_inode,
709 struct dentry *new_dentry)
710{
711 int rc;
712 char *isp;
ecfcc53f
EB		 713 struct smk_audit_info ad;
714
a269434d 715 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 716 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 717
718 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 719 rc = smk_curacc(isp, MAY_READWRITE, &ad);
e114e473
CS		 720
721 if (rc == 0 && new_dentry->d_inode != NULL) {
722 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 723 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
724 rc = smk_curacc(isp, MAY_READWRITE, &ad);
e114e473 725 }
e114e473
CS		 726 return rc;
727}
728
729/**
730 * smack_inode_permission - Smack version of permission()
731 * @inode: the inode in question
732 * @mask: the access requested
e114e473
CS		 733 *
734 * This is the important Smack hook.
735 *
736 * Returns 0 if access is permitted, -EACCES otherwise
737 */
e74f71eb 738static int smack_inode_permission(struct inode *inode, int mask)
e114e473 739{
ecfcc53f 740 struct smk_audit_info ad;
e74f71eb 741 int no_block = mask & MAY_NOT_BLOCK;
d09ca739
EP		 742
743 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 744 /*
745 * No permission to check. Existence test. Yup, it's there.
746 */
747 if (mask == 0)
748 return 0;
8c9e80ed
AK		 749
750 /* May be droppable after audit */
e74f71eb 751 if (no_block)
8c9e80ed 752 return -ECHILD;
f48b7399 753 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 754 smk_ad_setfield_u_fs_inode(&ad, inode);
755 return smk_curacc(smk_of_inode(inode), mask, &ad);
e114e473
CS		 756}
757
758/**
759 * smack_inode_setattr - Smack check for setting attributes
760 * @dentry: the object
761 * @iattr: for the force flag
762 *
763 * Returns 0 if access is permitted, an error code otherwise
764 */
765static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
766{
ecfcc53f 767 struct smk_audit_info ad;
e114e473
CS		 768 /*
769 * Need to allow for clearing the setuid bit.
770 */
771 if (iattr->ia_valid & ATTR_FORCE)
772 return 0;
a269434d 773 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 774 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 775
ecfcc53f 776 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
e114e473
CS		 777}
778
779/**
780 * smack_inode_getattr - Smack check for getting attributes
781 * @mnt: unused
782 * @dentry: the object
783 *
784 * Returns 0 if access is permitted, an error code otherwise
785 */
786static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
787{
ecfcc53f 788 struct smk_audit_info ad;
a269434d 789 struct path path;
ecfcc53f 790
a269434d
EP		 791 path.dentry = dentry;
792 path.mnt = mnt;
ecfcc53f 793
f48b7399 794 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
a269434d 795 smk_ad_setfield_u_fs_path(&ad, path);
ecfcc53f 796 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
e114e473
CS		 797}
798
799/**
800 * smack_inode_setxattr - Smack check for setting xattrs
801 * @dentry: the object
802 * @name: name of the attribute
803 * @value: unused
804 * @size: unused
805 * @flags: unused
806 *
807 * This protects the Smack attribute explicitly.
808 *
809 * Returns 0 if access is permitted, an error code otherwise
810 */
8f0cfa52
DH		 811static int smack_inode_setxattr(struct dentry *dentry, const char *name,
812 const void *value, size_t size, int flags)
e114e473 813{
ecfcc53f 814 struct smk_audit_info ad;
bcdca225 815 int rc = 0;
e114e473 816
bcdca225
CS		 817 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
818 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 819 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
7898e1f8
CS		 820 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
821 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
bcdca225
CS		 822 if (!capable(CAP_MAC_ADMIN))
823 rc = -EPERM;
defc433b
EB		 824 /*
825 * check label validity here so import wont fail on
826 * post_setxattr
827 */
828 if (size == 0 || size >= SMK_LABELLEN ||
829 smk_import(value, size) == NULL)
4303154e 830 rc = -EINVAL;
5c6d1125
JS		 831 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
832 if (!capable(CAP_MAC_ADMIN))
833 rc = -EPERM;
834 if (size != TRANS_TRUE_SIZE ||
835 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
836 rc = -EINVAL;
bcdca225
CS		 837 } else
838 rc = cap_inode_setxattr(dentry, name, value, size, flags);
839
a269434d 840 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 841 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
842
bcdca225 843 if (rc == 0)
ecfcc53f 844 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
bcdca225
CS		 845
846 return rc;
e114e473
CS		 847}
848
849/**
850 * smack_inode_post_setxattr - Apply the Smack update approved above
851 * @dentry: object
852 * @name: attribute name
853 * @value: attribute value
854 * @size: attribute size
855 * @flags: unused
856 *
857 * Set the pointer in the inode blob to the entry found
858 * in the master label list.
859 */
8f0cfa52
DH		 860static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
861 const void *value, size_t size, int flags)
e114e473 862{
e114e473 863 char *nsp;
5c6d1125 864 struct inode_smack *isp = dentry->d_inode->i_security;
676dac4b
CS		 865
866 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
5c6d1125 867 nsp = smk_import(value, size);
676dac4b
CS		 868 if (nsp != NULL)
869 isp->smk_inode = nsp;
870 else
871 isp->smk_inode = smack_known_invalid.smk_known;
5c6d1125
JS		 872 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
873 nsp = smk_import(value, size);
676dac4b
CS		 874 if (nsp != NULL)
875 isp->smk_task = nsp;
876 else
877 isp->smk_task = smack_known_invalid.smk_known;
7898e1f8
CS		 878 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
879 nsp = smk_import(value, size);
880 if (nsp != NULL)
881 isp->smk_mmap = nsp;
882 else
883 isp->smk_mmap = smack_known_invalid.smk_known;
5c6d1125
JS		 884 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
885 isp->smk_flags |= SMK_INODE_TRANSMUTE;
e114e473
CS		 886
887 return;
888}
889
ce8a4321 890/**
e114e473
CS		 891 * smack_inode_getxattr - Smack check on getxattr
892 * @dentry: the object
893 * @name: unused
894 *
895 * Returns 0 if access is permitted, an error code otherwise
896 */
8f0cfa52 897static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 898{
ecfcc53f
EB		 899 struct smk_audit_info ad;
900
a269434d 901 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 902 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
903
904 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
e114e473
CS		 905}
906
ce8a4321 907/**
e114e473
CS		 908 * smack_inode_removexattr - Smack check on removexattr
909 * @dentry: the object
910 * @name: name of the attribute
911 *
912 * Removing the Smack attribute requires CAP_MAC_ADMIN
913 *
914 * Returns 0 if access is permitted, an error code otherwise
915 */
8f0cfa52 916static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 917{
676dac4b 918 struct inode_smack *isp;
ecfcc53f 919 struct smk_audit_info ad;
bcdca225 920 int rc = 0;
e114e473 921
bcdca225
CS		 922 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
923 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 924 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 925 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8
CS		 926 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
927 strcmp(name, XATTR_NAME_SMACKMMAP)) {
bcdca225
CS		 928 if (!capable(CAP_MAC_ADMIN))
929 rc = -EPERM;
930 } else
931 rc = cap_inode_removexattr(dentry, name);
932
a269434d 933 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 934 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 935 if (rc == 0)
ecfcc53f 936 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
bcdca225 937
676dac4b
CS		 938 if (rc == 0) {
939 isp = dentry->d_inode->i_security;
940 isp->smk_task = NULL;
7898e1f8 941 isp->smk_mmap = NULL;
676dac4b
CS		 942 }
943
bcdca225 944 return rc;
e114e473
CS		 945}
946
947/**
948 * smack_inode_getsecurity - get smack xattrs
949 * @inode: the object
950 * @name: attribute name
951 * @buffer: where to put the result
251a2a95 952 * @alloc: unused
e114e473
CS		 953 *
954 * Returns the size of the attribute or an error code
955 */
956static int smack_inode_getsecurity(const struct inode *inode,
957 const char *name, void **buffer,
958 bool alloc)
959{
960 struct socket_smack *ssp;
961 struct socket *sock;
962 struct super_block *sbp;
963 struct inode *ip = (struct inode *)inode;
964 char *isp;
965 int ilen;
966 int rc = 0;
967
968 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
969 isp = smk_of_inode(inode);
970 ilen = strlen(isp) + 1;
971 *buffer = isp;
972 return ilen;
973 }
974
975 /*
976 * The rest of the Smack xattrs are only on sockets.
977 */
978 sbp = ip->i_sb;
979 if (sbp->s_magic != SOCKFS_MAGIC)
980 return -EOPNOTSUPP;
981
982 sock = SOCKET_I(ip);
2e1d146a 983 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 984 return -EOPNOTSUPP;
985
986 ssp = sock->sk->sk_security;
987
988 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
989 isp = ssp->smk_in;
990 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
991 isp = ssp->smk_out;
992 else
993 return -EOPNOTSUPP;
994
995 ilen = strlen(isp) + 1;
996 if (rc == 0) {
997 *buffer = isp;
998 rc = ilen;
999 }
1000
1001 return rc;
1002}
1003
1004
1005/**
1006 * smack_inode_listsecurity - list the Smack attributes
1007 * @inode: the object
1008 * @buffer: where they go
1009 * @buffer_size: size of buffer
1010 *
1011 * Returns 0 on success, -EINVAL otherwise
1012 */
1013static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1014 size_t buffer_size)
1015{
1016 int len = strlen(XATTR_NAME_SMACK);
1017
1018 if (buffer != NULL && len <= buffer_size) {
1019 memcpy(buffer, XATTR_NAME_SMACK, len);
1020 return len;
1021 }
1022 return -EINVAL;
1023}
1024
d20bdda6
AD		 1025/**
1026 * smack_inode_getsecid - Extract inode's security id
1027 * @inode: inode to extract the info from
1028 * @secid: where result will be saved
1029 */
1030static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1031{
1032 struct inode_smack *isp = inode->i_security;
1033
1034 *secid = smack_to_secid(isp->smk_inode);
1035}
1036
e114e473
CS		 1037/*
1038 * File Hooks
1039 */
1040
1041/**
1042 * smack_file_permission - Smack check on file operations
1043 * @file: unused
1044 * @mask: unused
1045 *
1046 * Returns 0
1047 *
1048 * Should access checks be done on each read or write?
1049 * UNICOS and SELinux say yes.
1050 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1051 *
1052 * I'll say no for now. Smack does not do the frequent
1053 * label changing that SELinux does.
1054 */
1055static int smack_file_permission(struct file *file, int mask)
1056{
1057 return 0;
1058}
1059
1060/**
1061 * smack_file_alloc_security - assign a file security blob
1062 * @file: the object
1063 *
1064 * The security blob for a file is a pointer to the master
1065 * label list, so no allocation is done.
1066 *
1067 * Returns 0
1068 */
1069static int smack_file_alloc_security(struct file *file)
1070{
676dac4b 1071 file->f_security = smk_of_current();
e114e473
CS		 1072 return 0;
1073}
1074
1075/**
1076 * smack_file_free_security - clear a file security blob
1077 * @file: the object
1078 *
1079 * The security blob for a file is a pointer to the master
1080 * label list, so no memory is freed.
1081 */
1082static void smack_file_free_security(struct file *file)
1083{
1084 file->f_security = NULL;
1085}
1086
1087/**
1088 * smack_file_ioctl - Smack check on ioctls
1089 * @file: the object
1090 * @cmd: what to do
1091 * @arg: unused
1092 *
1093 * Relies heavily on the correct use of the ioctl command conventions.
1094 *
1095 * Returns 0 if allowed, error code otherwise
1096 */
1097static int smack_file_ioctl(struct file *file, unsigned int cmd,
1098 unsigned long arg)
1099{
1100 int rc = 0;
ecfcc53f
EB		 1101 struct smk_audit_info ad;
1102
f48b7399 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1104 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473
CS		 1105
1106 if (_IOC_DIR(cmd) & _IOC_WRITE)
ecfcc53f 1107 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
e114e473
CS		 1108
1109 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
ecfcc53f 1110 rc = smk_curacc(file->f_security, MAY_READ, &ad);
e114e473
CS		 1111
1112 return rc;
1113}
1114
1115/**
1116 * smack_file_lock - Smack check on file locking
1117 * @file: the object
251a2a95 1118 * @cmd: unused
e114e473
CS		 1119 *
1120 * Returns 0 if current has write access, error code otherwise
1121 */
1122static int smack_file_lock(struct file *file, unsigned int cmd)
1123{
ecfcc53f
EB		 1124 struct smk_audit_info ad;
1125
92f42509
EP		 1126 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1127 smk_ad_setfield_u_fs_path(&ad, file->f_path);
ecfcc53f 1128 return smk_curacc(file->f_security, MAY_WRITE, &ad);
e114e473
CS		 1129}
1130
1131/**
1132 * smack_file_fcntl - Smack check on fcntl
1133 * @file: the object
1134 * @cmd: what action to check
1135 * @arg: unused
1136 *
531f1d45
CS		 1137 * Generally these operations are harmless.
1138 * File locking operations present an obvious mechanism
1139 * for passing information, so they require write access.
1140 *
e114e473
CS		 1141 * Returns 0 if current has access, error code otherwise
1142 */
1143static int smack_file_fcntl(struct file *file, unsigned int cmd,
1144 unsigned long arg)
1145{
ecfcc53f 1146 struct smk_audit_info ad;
531f1d45 1147 int rc = 0;
e114e473 1148
ecfcc53f 1149
e114e473 1150 switch (cmd) {
e114e473 1151 case F_GETLK:
e114e473
CS		 1152 case F_SETLK:
1153 case F_SETLKW:
1154 case F_SETOWN:
1155 case F_SETSIG:
531f1d45
CS		 1156 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1157 smk_ad_setfield_u_fs_path(&ad, file->f_path);
ecfcc53f 1158 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
e114e473
CS		 1159 break;
1160 default:
531f1d45 1161 break;
e114e473
CS		 1162 }
1163
1164 return rc;
1165}
1166
7898e1f8
CS		 1167/**
1168 * smack_file_mmap :
1169 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1170 * if mapping anonymous memory.
1171 * @file contains the file structure for file to map (may be NULL).
1172 * @reqprot contains the protection requested by the application.
1173 * @prot contains the protection that will be applied by the kernel.
1174 * @flags contains the operational flags.
1175 * Return 0 if permission is granted.
1176 */
1177static int smack_file_mmap(struct file *file,
1178 unsigned long reqprot, unsigned long prot,
1179 unsigned long flags, unsigned long addr,
1180 unsigned long addr_only)
1181{
272cd7a8 1182 struct smack_known *skp;
7898e1f8
CS		 1183 struct smack_rule *srp;
1184 struct task_smack *tsp;
1185 char *sp;
1186 char *msmack;
0e0a070d 1187 char *osmack;
7898e1f8
CS		 1188 struct inode_smack *isp;
1189 struct dentry *dp;
0e0a070d
CS		 1190 int may;
1191 int mmay;
1192 int tmay;
7898e1f8
CS		 1193 int rc;
1194
1195 /* do DAC check on address space usage */
1196 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
1197 if (rc || addr_only)
1198 return rc;
1199
1200 if (file == NULL || file->f_dentry == NULL)
1201 return 0;
1202
1203 dp = file->f_dentry;
1204
1205 if (dp->d_inode == NULL)
1206 return 0;
1207
1208 isp = dp->d_inode->i_security;
1209 if (isp->smk_mmap == NULL)
1210 return 0;
1211 msmack = isp->smk_mmap;
1212
1213 tsp = current_security();
1214 sp = smk_of_current();
272cd7a8 1215 skp = smk_find_entry(sp);
7898e1f8
CS		 1216 rc = 0;
1217
1218 rcu_read_lock();
1219 /*
1220 * For each Smack rule associated with the subject
1221 * label verify that the SMACK64MMAP also has access
1222 * to that rule's object label.
7898e1f8 1223 */
272cd7a8 1224 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
0e0a070d 1225 osmack = srp->smk_object;
7898e1f8
CS		 1226 /*
1227 * Matching labels always allows access.
1228 */
0e0a070d 1229 if (msmack == osmack)
7898e1f8 1230 continue;
0e0a070d
CS		 1231 /*
1232 * If there is a matching local rule take
1233 * that into account as well.
1234 */
1235 may = smk_access_entry(srp->smk_subject, osmack,
1236 &tsp->smk_rules);
1237 if (may == -ENOENT)
1238 may = srp->smk_access;
1239 else
1240 may &= srp->smk_access;
1241 /*
1242 * If may is zero the SMACK64MMAP subject can't
1243 * possibly have less access.
1244 */
1245 if (may == 0)
1246 continue;
1247
1248 /*
1249 * Fetch the global list entry.
1250 * If there isn't one a SMACK64MMAP subject
1251 * can't have as much access as current.
1252 */
272cd7a8
CS		 1253 skp = smk_find_entry(msmack);
1254 mmay = smk_access_entry(msmack, osmack, &skp->smk_rules);
0e0a070d
CS		 1255 if (mmay == -ENOENT) {
1256 rc = -EACCES;
1257 break;
1258 }
1259 /*
1260 * If there is a local entry it modifies the
1261 * potential access, too.
1262 */
1263 tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1264 if (tmay != -ENOENT)
1265 mmay &= tmay;
7898e1f8 1266
0e0a070d
CS		 1267 /*
1268 * If there is any access available to current that is
1269 * not available to a SMACK64MMAP subject
1270 * deny access.
1271 */
75a25637 1272 if ((may | mmay) != mmay) {
0e0a070d 1273 rc = -EACCES;
7898e1f8 1274 break;
0e0a070d 1275 }
7898e1f8
CS		 1276 }
1277
1278 rcu_read_unlock();
1279
1280 return rc;
1281}
1282
e114e473
CS		 1283/**
1284 * smack_file_set_fowner - set the file security blob value
1285 * @file: object in question
1286 *
1287 * Returns 0
1288 * Further research may be required on this one.
1289 */
1290static int smack_file_set_fowner(struct file *file)
1291{
676dac4b 1292 file->f_security = smk_of_current();
e114e473
CS		 1293 return 0;
1294}
1295
1296/**
1297 * smack_file_send_sigiotask - Smack on sigio
1298 * @tsk: The target task
1299 * @fown: the object the signal come from
1300 * @signum: unused
1301 *
1302 * Allow a privileged task to get signals even if it shouldn't
1303 *
1304 * Returns 0 if a subject with the object's smack could
1305 * write to the task, an error code otherwise.
1306 */
1307static int smack_file_send_sigiotask(struct task_struct *tsk,
1308 struct fown_struct *fown, int signum)
1309{
1310 struct file *file;
1311 int rc;
676dac4b 1312 char *tsp = smk_of_task(tsk->cred->security);
ecfcc53f 1313 struct smk_audit_info ad;
e114e473
CS		 1314
1315 /*
1316 * struct fown_struct is never outside the context of a struct file
1317 */
1318 file = container_of(fown, struct file, f_owner);
7898e1f8 1319
ecfcc53f
EB		 1320 /* we don't log here as rc can be overriden */
1321 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
5cd9c58f 1322 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1323 rc = 0;
1324
1325 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1326 smk_ad_setfield_u_tsk(&ad, tsk);
1327 smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
e114e473
CS		 1328 return rc;
1329}
1330
1331/**
1332 * smack_file_receive - Smack file receive check
1333 * @file: the object
1334 *
1335 * Returns 0 if current has access, error code otherwise
1336 */
1337static int smack_file_receive(struct file *file)
1338{
1339 int may = 0;
ecfcc53f 1340 struct smk_audit_info ad;
e114e473 1341
ecfcc53f
EB		 1342 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1343 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473
CS		 1344 /*
1345 * This code relies on bitmasks.
1346 */
1347 if (file->f_mode & FMODE_READ)
1348 may = MAY_READ;
1349 if (file->f_mode & FMODE_WRITE)
1350 may |= MAY_WRITE;
1351
ecfcc53f 1352 return smk_curacc(file->f_security, may, &ad);
e114e473
CS		 1353}
1354
531f1d45
CS		 1355/**
1356 * smack_dentry_open - Smack dentry open processing
1357 * @file: the object
1358 * @cred: unused
1359 *
1360 * Set the security blob in the file structure.
1361 *
1362 * Returns 0
1363 */
1364static int smack_dentry_open(struct file *file, const struct cred *cred)
1365{
1366 struct inode_smack *isp = file->f_path.dentry->d_inode->i_security;
1367
1368 file->f_security = isp->smk_inode;
1369
1370 return 0;
1371}
1372
e114e473
CS		 1373/*
1374 * Task hooks
1375 */
1376
ee18d64c
DH		 1377/**
1378 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1379 * @new: the new credentials
1380 * @gfp: the atomicity of any memory allocations
1381 *
1382 * Prepare a blank set of credentials for modification. This must allocate all
1383 * the memory the LSM module might require such that cred_transfer() can
1384 * complete without error.
1385 */
1386static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1387{
7898e1f8
CS		 1388 struct task_smack *tsp;
1389
1390 tsp = new_task_smack(NULL, NULL, gfp);
1391 if (tsp == NULL)
676dac4b 1392 return -ENOMEM;
7898e1f8
CS		 1393
1394 cred->security = tsp;
1395
ee18d64c
DH		 1396 return 0;
1397}
1398
1399
e114e473 1400/**
f1752eec
DH		 1401 * smack_cred_free - "free" task-level security credentials
1402 * @cred: the credentials in question
e114e473 1403 *
e114e473 1404 */
f1752eec 1405static void smack_cred_free(struct cred *cred)
e114e473 1406{
7898e1f8
CS		 1407 struct task_smack *tsp = cred->security;
1408 struct smack_rule *rp;
1409 struct list_head *l;
1410 struct list_head *n;
1411
1412 if (tsp == NULL)
1413 return;
1414 cred->security = NULL;
1415
1416 list_for_each_safe(l, n, &tsp->smk_rules) {
1417 rp = list_entry(l, struct smack_rule, list);
1418 list_del(&rp->list);
1419 kfree(rp);
1420 }
1421 kfree(tsp);
e114e473
CS		 1422}
1423
d84f4f99
DH		 1424/**
1425 * smack_cred_prepare - prepare new set of credentials for modification
1426 * @new: the new credentials
1427 * @old: the original credentials
1428 * @gfp: the atomicity of any memory allocations
1429 *
1430 * Prepare a new set of credentials for modification.
1431 */
1432static int smack_cred_prepare(struct cred *new, const struct cred *old,
1433 gfp_t gfp)
1434{
676dac4b
CS		 1435 struct task_smack *old_tsp = old->security;
1436 struct task_smack *new_tsp;
7898e1f8 1437 int rc;
676dac4b 1438
7898e1f8 1439 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1440 if (new_tsp == NULL)
1441 return -ENOMEM;
1442
7898e1f8
CS		 1443 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1444 if (rc != 0)
1445 return rc;
1446
676dac4b 1447 new->security = new_tsp;
d84f4f99
DH		 1448 return 0;
1449}
1450
ee18d64c
DH		 1451/**
1452 * smack_cred_transfer - Transfer the old credentials to the new credentials
1453 * @new: the new credentials
1454 * @old: the original credentials
1455 *
1456 * Fill in a set of blank credentials from another set of credentials.
1457 */
1458static void smack_cred_transfer(struct cred *new, const struct cred *old)
1459{
676dac4b
CS		 1460 struct task_smack *old_tsp = old->security;
1461 struct task_smack *new_tsp = new->security;
1462
1463 new_tsp->smk_task = old_tsp->smk_task;
1464 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1465 mutex_init(&new_tsp->smk_rules_lock);
1466 INIT_LIST_HEAD(&new_tsp->smk_rules);
1467
1468
1469 /* cbs copy rule list */
ee18d64c
DH		 1470}
1471
3a3b7ce9
DH		 1472/**
1473 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 1474 * @new: points to the set of credentials to be modified.
1475 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 1476 *
1477 * Set the security data for a kernel service.
1478 */
1479static int smack_kernel_act_as(struct cred *new, u32 secid)
1480{
676dac4b 1481 struct task_smack *new_tsp = new->security;
3a3b7ce9
DH		 1482 char *smack = smack_from_secid(secid);
1483
1484 if (smack == NULL)
1485 return -EINVAL;
1486
676dac4b 1487 new_tsp->smk_task = smack;
3a3b7ce9
DH		 1488 return 0;
1489}
1490
1491/**
1492 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 1493 * @new: points to the set of credentials to be modified
1494 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 1495 *
1496 * Set the file creation context in a set of credentials to the same
1497 * as the objective context of the specified inode
1498 */
1499static int smack_kernel_create_files_as(struct cred *new,
1500 struct inode *inode)
1501{
1502 struct inode_smack *isp = inode->i_security;
676dac4b 1503 struct task_smack *tsp = new->security;
3a3b7ce9 1504
676dac4b
CS		 1505 tsp->smk_forked = isp->smk_inode;
1506 tsp->smk_task = isp->smk_inode;
3a3b7ce9
DH		 1507 return 0;
1508}
1509
ecfcc53f
EB		 1510/**
1511 * smk_curacc_on_task - helper to log task related access
1512 * @p: the task object
531f1d45
CS		 1513 * @access: the access requested
1514 * @caller: name of the calling function for audit
ecfcc53f
EB		 1515 *
1516 * Return 0 if access is permitted
1517 */
531f1d45
CS		 1518static int smk_curacc_on_task(struct task_struct *p, int access,
1519 const char *caller)
ecfcc53f
EB		 1520{
1521 struct smk_audit_info ad;
1522
531f1d45 1523 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 1524 smk_ad_setfield_u_tsk(&ad, p);
676dac4b 1525 return smk_curacc(smk_of_task(task_security(p)), access, &ad);
ecfcc53f
EB		 1526}
1527
e114e473
CS		 1528/**
1529 * smack_task_setpgid - Smack check on setting pgid
1530 * @p: the task object
1531 * @pgid: unused
1532 *
1533 * Return 0 if write access is permitted
1534 */
1535static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1536{
531f1d45 1537 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1538}
1539
1540/**
1541 * smack_task_getpgid - Smack access check for getpgid
1542 * @p: the object task
1543 *
1544 * Returns 0 if current can read the object task, error code otherwise
1545 */
1546static int smack_task_getpgid(struct task_struct *p)
1547{
531f1d45 1548 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1549}
1550
1551/**
1552 * smack_task_getsid - Smack access check for getsid
1553 * @p: the object task
1554 *
1555 * Returns 0 if current can read the object task, error code otherwise
1556 */
1557static int smack_task_getsid(struct task_struct *p)
1558{
531f1d45 1559 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1560}
1561
1562/**
1563 * smack_task_getsecid - get the secid of the task
1564 * @p: the object task
1565 * @secid: where to put the result
1566 *
1567 * Sets the secid to contain a u32 version of the smack label.
1568 */
1569static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1570{
676dac4b 1571 *secid = smack_to_secid(smk_of_task(task_security(p)));
e114e473
CS		 1572}
1573
1574/**
1575 * smack_task_setnice - Smack check on setting nice
1576 * @p: the task object
1577 * @nice: unused
1578 *
1579 * Return 0 if write access is permitted
1580 */
1581static int smack_task_setnice(struct task_struct *p, int nice)
1582{
bcdca225
CS		 1583 int rc;
1584
1585 rc = cap_task_setnice(p, nice);
1586 if (rc == 0)
531f1d45 1587 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1588 return rc;
e114e473
CS		 1589}
1590
1591/**
1592 * smack_task_setioprio - Smack check on setting ioprio
1593 * @p: the task object
1594 * @ioprio: unused
1595 *
1596 * Return 0 if write access is permitted
1597 */
1598static int smack_task_setioprio(struct task_struct *p, int ioprio)
1599{
bcdca225
CS		 1600 int rc;
1601
1602 rc = cap_task_setioprio(p, ioprio);
1603 if (rc == 0)
531f1d45 1604 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1605 return rc;
e114e473
CS		 1606}
1607
1608/**
1609 * smack_task_getioprio - Smack check on reading ioprio
1610 * @p: the task object
1611 *
1612 * Return 0 if read access is permitted
1613 */
1614static int smack_task_getioprio(struct task_struct *p)
1615{
531f1d45 1616 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1617}
1618
1619/**
1620 * smack_task_setscheduler - Smack check on setting scheduler
1621 * @p: the task object
1622 * @policy: unused
1623 * @lp: unused
1624 *
1625 * Return 0 if read access is permitted
1626 */
b0ae1981 1627static int smack_task_setscheduler(struct task_struct *p)
e114e473 1628{
bcdca225
CS		 1629 int rc;
1630
b0ae1981 1631 rc = cap_task_setscheduler(p);
bcdca225 1632 if (rc == 0)
531f1d45 1633 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1634 return rc;
e114e473
CS		 1635}
1636
1637/**
1638 * smack_task_getscheduler - Smack check on reading scheduler
1639 * @p: the task object
1640 *
1641 * Return 0 if read access is permitted
1642 */
1643static int smack_task_getscheduler(struct task_struct *p)
1644{
531f1d45 1645 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1646}
1647
1648/**
1649 * smack_task_movememory - Smack check on moving memory
1650 * @p: the task object
1651 *
1652 * Return 0 if write access is permitted
1653 */
1654static int smack_task_movememory(struct task_struct *p)
1655{
531f1d45 1656 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1657}
1658
1659/**
1660 * smack_task_kill - Smack check on signal delivery
1661 * @p: the task object
1662 * @info: unused
1663 * @sig: unused
1664 * @secid: identifies the smack to use in lieu of current's
1665 *
1666 * Return 0 if write access is permitted
1667 *
1668 * The secid behavior is an artifact of an SELinux hack
1669 * in the USB code. Someday it may go away.
1670 */
1671static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1672 int sig, u32 secid)
1673{
ecfcc53f
EB		 1674 struct smk_audit_info ad;
1675
1676 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1677 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 1678 /*
1679 * Sending a signal requires that the sender
1680 * can write the receiver.
1681 */
1682 if (secid == 0)
676dac4b
CS		 1683 return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE,
1684 &ad);
e114e473
CS		 1685 /*
1686 * If the secid isn't 0 we're dealing with some USB IO
1687 * specific behavior. This is not clean. For one thing
1688 * we can't take privilege into account.
1689 */
676dac4b
CS		 1690 return smk_access(smack_from_secid(secid),
1691 smk_of_task(task_security(p)), MAY_WRITE, &ad);
e114e473
CS		 1692}
1693
1694/**
1695 * smack_task_wait - Smack access check for waiting
1696 * @p: task to wait for
1697 *
1698 * Returns 0 if current can wait for p, error code otherwise
1699 */
1700static int smack_task_wait(struct task_struct *p)
1701{
ecfcc53f 1702 struct smk_audit_info ad;
676dac4b
CS		 1703 char *sp = smk_of_current();
1704 char *tsp = smk_of_forked(task_security(p));
e114e473
CS		 1705 int rc;
1706
ecfcc53f 1707 /* we don't log here, we can be overriden */
676dac4b 1708 rc = smk_access(tsp, sp, MAY_WRITE, NULL);
e114e473 1709 if (rc == 0)
ecfcc53f 1710 goto out_log;
e114e473
CS		 1711
1712 /*
1713 * Allow the operation to succeed if either task
1714 * has privilege to perform operations that might
1715 * account for the smack labels having gotten to
1716 * be different in the first place.
1717 *
5cd9c58f 1718 * This breaks the strict subject/object access
e114e473
CS		 1719 * control ideal, taking the object's privilege
1720 * state into account in the decision as well as
1721 * the smack value.
1722 */
5cd9c58f 1723 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1724 rc = 0;
1725 /* we log only if we didn't get overriden */
1726 out_log:
1727 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1728 smk_ad_setfield_u_tsk(&ad, p);
676dac4b 1729 smack_log(tsp, sp, MAY_WRITE, rc, &ad);
e114e473
CS		 1730 return rc;
1731}
1732
1733/**
1734 * smack_task_to_inode - copy task smack into the inode blob
1735 * @p: task to copy from
251a2a95 1736 * @inode: inode to copy to
e114e473
CS		 1737 *
1738 * Sets the smack pointer in the inode security blob
1739 */
1740static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1741{
1742 struct inode_smack *isp = inode->i_security;
676dac4b 1743 isp->smk_inode = smk_of_task(task_security(p));
e114e473
CS		 1744}
1745
1746/*
1747 * Socket hooks.
1748 */
1749
1750/**
1751 * smack_sk_alloc_security - Allocate a socket blob
1752 * @sk: the socket
1753 * @family: unused
251a2a95 1754 * @gfp_flags: memory allocation flags
e114e473
CS		 1755 *
1756 * Assign Smack pointers to current
1757 *
1758 * Returns 0 on success, -ENOMEM is there's no memory
1759 */
1760static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1761{
676dac4b 1762 char *csp = smk_of_current();
e114e473
CS		 1763 struct socket_smack *ssp;
1764
1765 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1766 if (ssp == NULL)
1767 return -ENOMEM;
1768
1769 ssp->smk_in = csp;
1770 ssp->smk_out = csp;
272cd7a8 1771 ssp->smk_packet = NULL;
e114e473
CS		 1772
1773 sk->sk_security = ssp;
1774
1775 return 0;
1776}
1777
1778/**
1779 * smack_sk_free_security - Free a socket blob
1780 * @sk: the socket
1781 *
1782 * Clears the blob pointer
1783 */
1784static void smack_sk_free_security(struct sock *sk)
1785{
1786 kfree(sk->sk_security);
1787}
1788
07feee8f
PM		 1789/**
1790* smack_host_label - check host based restrictions
1791* @sip: the object end
1792*
1793* looks for host based access restrictions
1794*
1795* This version will only be appropriate for really small sets of single label
1796* hosts. The caller is responsible for ensuring that the RCU read lock is
1797* taken before calling this function.
1798*
1799* Returns the label of the far end or NULL if it's not special.
1800*/
1801static char *smack_host_label(struct sockaddr_in *sip)
1802{
1803 struct smk_netlbladdr *snp;
1804 struct in_addr *siap = &sip->sin_addr;
1805
1806 if (siap->s_addr == 0)
1807 return NULL;
1808
1809 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1810 /*
1811 * we break after finding the first match because
1812 * the list is sorted from longest to shortest mask
1813 * so we have found the most specific match
1814 */
1815 if ((&snp->smk_host.sin_addr)->s_addr ==
4303154e
EB		 1816 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1817 /* we have found the special CIPSO option */
1818 if (snp->smk_label == smack_cipso_option)
1819 return NULL;
07feee8f 1820 return snp->smk_label;
4303154e 1821 }
07feee8f
PM		 1822
1823 return NULL;
1824}
1825
e114e473
CS		 1826/**
1827 * smack_set_catset - convert a capset to netlabel mls categories
1828 * @catset: the Smack categories
1829 * @sap: where to put the netlabel categories
1830 *
1831 * Allocates and fills attr.mls.cat
1832 */
1833static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1834{
1835 unsigned char *cp;
1836 unsigned char m;
1837 int cat;
1838 int rc;
1839 int byte;
1840
c60264c4 1841 if (!catset)
e114e473
CS		 1842 return;
1843
1844 sap->flags |= NETLBL_SECATTR_MLS_CAT;
1845 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1846 sap->attr.mls.cat->startbit = 0;
1847
1848 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1849 for (m = 0x80; m != 0; m >>= 1, cat++) {
1850 if ((m & *cp) == 0)
1851 continue;
1852 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1853 cat, GFP_ATOMIC);
1854 }
1855}
1856
1857/**
1858 * smack_to_secattr - fill a secattr from a smack value
1859 * @smack: the smack value
1860 * @nlsp: where the result goes
1861 *
1862 * Casey says that CIPSO is good enough for now.
1863 * It can be used to effect.
1864 * It can also be abused to effect when necessary.
25985edc 1865 * Apologies to the TSIG group in general and GW in particular.
e114e473
CS		 1866 */
1867static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1868{
1869 struct smack_cipso cipso;
1870 int rc;
1871
6d3dc07c
CS		 1872 nlsp->domain = smack;
1873 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
e114e473 1874
6d3dc07c
CS		 1875 rc = smack_to_cipso(smack, &cipso);
1876 if (rc == 0) {
1877 nlsp->attr.mls.lvl = cipso.smk_level;
1878 smack_set_catset(cipso.smk_catset, nlsp);
1879 } else {
1880 nlsp->attr.mls.lvl = smack_cipso_direct;
1881 smack_set_catset(smack, nlsp);
e114e473
CS		 1882 }
1883}
1884
1885/**
1886 * smack_netlabel - Set the secattr on a socket
1887 * @sk: the socket
6d3dc07c 1888 * @labeled: socket label scheme
e114e473
CS		 1889 *
1890 * Convert the outbound smack value (smk_out) to a
1891 * secattr and attach it to the socket.
1892 *
1893 * Returns 0 on success or an error code
1894 */
6d3dc07c 1895static int smack_netlabel(struct sock *sk, int labeled)
e114e473 1896{
07feee8f 1897 struct socket_smack *ssp = sk->sk_security;
e114e473 1898 struct netlbl_lsm_secattr secattr;
6d3dc07c 1899 int rc = 0;
e114e473 1900
6d3dc07c
CS		 1901 /*
1902 * Usually the netlabel code will handle changing the
1903 * packet labeling based on the label.
1904 * The case of a single label host is different, because
1905 * a single label host should never get a labeled packet
1906 * even though the label is usually associated with a packet
1907 * label.
1908 */
1909 local_bh_disable();
1910 bh_lock_sock_nested(sk);
1911
1912 if (ssp->smk_out == smack_net_ambient ||
1913 labeled == SMACK_UNLABELED_SOCKET)
1914 netlbl_sock_delattr(sk);
1915 else {
1916 netlbl_secattr_init(&secattr);
1917 smack_to_secattr(ssp->smk_out, &secattr);
389fb800 1918 rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);
6d3dc07c
CS		 1919 netlbl_secattr_destroy(&secattr);
1920 }
1921
1922 bh_unlock_sock(sk);
1923 local_bh_enable();
4bc87e62 1924
e114e473
CS		 1925 return rc;
1926}
1927
07feee8f
PM		 1928/**
1929 * smack_netlbel_send - Set the secattr on a socket and perform access checks
1930 * @sk: the socket
1931 * @sap: the destination address
1932 *
1933 * Set the correct secattr for the given socket based on the destination
1934 * address and perform any outbound access checks needed.
1935 *
1936 * Returns 0 on success or an error code.
1937 *
1938 */
1939static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1940{
1941 int rc;
1942 int sk_lbl;
1943 char *hostsp;
1944 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 1945 struct smk_audit_info ad;
07feee8f
PM		 1946
1947 rcu_read_lock();
1948 hostsp = smack_host_label(sap);
1949 if (hostsp != NULL) {
ecfcc53f 1950#ifdef CONFIG_AUDIT
923e9a13
KC		 1951 struct lsm_network_audit net;
1952
48c62af6
EP		 1953 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
1954 ad.a.u.net->family = sap->sin_family;
1955 ad.a.u.net->dport = sap->sin_port;
1956 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 1957#endif
923e9a13 1958 sk_lbl = SMACK_UNLABELED_SOCKET;
ecfcc53f 1959 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
07feee8f
PM		 1960 } else {
1961 sk_lbl = SMACK_CIPSO_SOCKET;
1962 rc = 0;
1963 }
1964 rcu_read_unlock();
1965 if (rc != 0)
1966 return rc;
1967
1968 return smack_netlabel(sk, sk_lbl);
1969}
1970
e114e473
CS		 1971/**
1972 * smack_inode_setsecurity - set smack xattrs
1973 * @inode: the object
1974 * @name: attribute name
1975 * @value: attribute value
1976 * @size: size of the attribute
1977 * @flags: unused
1978 *
1979 * Sets the named attribute in the appropriate blob
1980 *
1981 * Returns 0 on success, or an error code
1982 */
1983static int smack_inode_setsecurity(struct inode *inode, const char *name,
1984 const void *value, size_t size, int flags)
1985{
1986 char *sp;
1987 struct inode_smack *nsp = inode->i_security;
1988 struct socket_smack *ssp;
1989 struct socket *sock;
4bc87e62 1990 int rc = 0;
e114e473 1991
4303154e 1992 if (value == NULL || size > SMK_LABELLEN || size == 0)
e114e473
CS		 1993 return -EACCES;
1994
1995 sp = smk_import(value, size);
1996 if (sp == NULL)
1997 return -EINVAL;
1998
1999 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2000 nsp->smk_inode = sp;
ddd29ec6 2001 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2002 return 0;
2003 }
2004 /*
2005 * The rest of the Smack xattrs are only on sockets.
2006 */
2007 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2008 return -EOPNOTSUPP;
2009
2010 sock = SOCKET_I(inode);
2e1d146a 2011 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2012 return -EOPNOTSUPP;
2013
2014 ssp = sock->sk->sk_security;
2015
2016 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2017 ssp->smk_in = sp;
2018 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2019 ssp->smk_out = sp;
b4e0d5f0
CS		 2020 if (sock->sk->sk_family != PF_UNIX) {
2021 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2022 if (rc != 0)
2023 printk(KERN_WARNING
2024 "Smack: \"%s\" netlbl error %d.\n",
2025 __func__, -rc);
2026 }
e114e473
CS		 2027 } else
2028 return -EOPNOTSUPP;
2029
2030 return 0;
2031}
2032
2033/**
2034 * smack_socket_post_create - finish socket setup
2035 * @sock: the socket
2036 * @family: protocol family
2037 * @type: unused
2038 * @protocol: unused
2039 * @kern: unused
2040 *
2041 * Sets the netlabel information on the socket
2042 *
2043 * Returns 0 on success, and error code otherwise
2044 */
2045static int smack_socket_post_create(struct socket *sock, int family,
2046 int type, int protocol, int kern)
2047{
2e1d146a 2048 if (family != PF_INET || sock->sk == NULL)
e114e473
CS		 2049 return 0;
2050 /*
2051 * Set the outbound netlbl.
2052 */
6d3dc07c
CS		 2053 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2054}
2055
6d3dc07c
CS		 2056/**
2057 * smack_socket_connect - connect access check
2058 * @sock: the socket
2059 * @sap: the other end
2060 * @addrlen: size of sap
2061 *
2062 * Verifies that a connection may be possible
2063 *
2064 * Returns 0 on success, and error code otherwise
2065 */
2066static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2067 int addrlen)
2068{
6d3dc07c
CS		 2069 if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
2070 return 0;
6d3dc07c
CS		 2071 if (addrlen < sizeof(struct sockaddr_in))
2072 return -EINVAL;
2073
07feee8f 2074 return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
e114e473
CS		 2075}
2076
2077/**
2078 * smack_flags_to_may - convert S_ to MAY_ values
2079 * @flags: the S_ value
2080 *
2081 * Returns the equivalent MAY_ value
2082 */
2083static int smack_flags_to_may(int flags)
2084{
2085 int may = 0;
2086
2087 if (flags & S_IRUGO)
2088 may |= MAY_READ;
2089 if (flags & S_IWUGO)
2090 may |= MAY_WRITE;
2091 if (flags & S_IXUGO)
2092 may |= MAY_EXEC;
2093
2094 return may;
2095}
2096
2097/**
2098 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2099 * @msg: the object
2100 *
2101 * Returns 0
2102 */
2103static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2104{
676dac4b 2105 msg->security = smk_of_current();
e114e473
CS		 2106 return 0;
2107}
2108
2109/**
2110 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2111 * @msg: the object
2112 *
2113 * Clears the blob pointer
2114 */
2115static void smack_msg_msg_free_security(struct msg_msg *msg)
2116{
2117 msg->security = NULL;
2118}
2119
2120/**
2121 * smack_of_shm - the smack pointer for the shm
2122 * @shp: the object
2123 *
2124 * Returns a pointer to the smack value
2125 */
2126static char *smack_of_shm(struct shmid_kernel *shp)
2127{
2128 return (char *)shp->shm_perm.security;
2129}
2130
2131/**
2132 * smack_shm_alloc_security - Set the security blob for shm
2133 * @shp: the object
2134 *
2135 * Returns 0
2136 */
2137static int smack_shm_alloc_security(struct shmid_kernel *shp)
2138{
2139 struct kern_ipc_perm *isp = &shp->shm_perm;
2140
676dac4b 2141 isp->security = smk_of_current();
e114e473
CS		 2142 return 0;
2143}
2144
2145/**
2146 * smack_shm_free_security - Clear the security blob for shm
2147 * @shp: the object
2148 *
2149 * Clears the blob pointer
2150 */
2151static void smack_shm_free_security(struct shmid_kernel *shp)
2152{
2153 struct kern_ipc_perm *isp = &shp->shm_perm;
2154
2155 isp->security = NULL;
2156}
2157
ecfcc53f
EB		 2158/**
2159 * smk_curacc_shm : check if current has access on shm
2160 * @shp : the object
2161 * @access : access requested
2162 *
2163 * Returns 0 if current has the requested access, error code otherwise
2164 */
2165static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2166{
2167 char *ssp = smack_of_shm(shp);
2168 struct smk_audit_info ad;
2169
2170#ifdef CONFIG_AUDIT
2171 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2172 ad.a.u.ipc_id = shp->shm_perm.id;
2173#endif
2174 return smk_curacc(ssp, access, &ad);
2175}
2176
e114e473
CS		 2177/**
2178 * smack_shm_associate - Smack access check for shm
2179 * @shp: the object
2180 * @shmflg: access requested
2181 *
2182 * Returns 0 if current has the requested access, error code otherwise
2183 */
2184static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2185{
e114e473
CS		 2186 int may;
2187
2188 may = smack_flags_to_may(shmflg);
ecfcc53f 2189 return smk_curacc_shm(shp, may);
e114e473
CS		 2190}
2191
2192/**
2193 * smack_shm_shmctl - Smack access check for shm
2194 * @shp: the object
2195 * @cmd: what it wants to do
2196 *
2197 * Returns 0 if current has the requested access, error code otherwise
2198 */
2199static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2200{
e114e473
CS		 2201 int may;
2202
2203 switch (cmd) {
2204 case IPC_STAT:
2205 case SHM_STAT:
2206 may = MAY_READ;
2207 break;
2208 case IPC_SET:
2209 case SHM_LOCK:
2210 case SHM_UNLOCK:
2211 case IPC_RMID:
2212 may = MAY_READWRITE;
2213 break;
2214 case IPC_INFO:
2215 case SHM_INFO:
2216 /*
2217 * System level information.
2218 */
2219 return 0;
2220 default:
2221 return -EINVAL;
2222 }
ecfcc53f 2223 return smk_curacc_shm(shp, may);
e114e473
CS		 2224}
2225
2226/**
2227 * smack_shm_shmat - Smack access for shmat
2228 * @shp: the object
2229 * @shmaddr: unused
2230 * @shmflg: access requested
2231 *
2232 * Returns 0 if current has the requested access, error code otherwise
2233 */
2234static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2235 int shmflg)
2236{
e114e473
CS		 2237 int may;
2238
2239 may = smack_flags_to_may(shmflg);
ecfcc53f 2240 return smk_curacc_shm(shp, may);
e114e473
CS		 2241}
2242
2243/**
2244 * smack_of_sem - the smack pointer for the sem
2245 * @sma: the object
2246 *
2247 * Returns a pointer to the smack value
2248 */
2249static char *smack_of_sem(struct sem_array *sma)
2250{
2251 return (char *)sma->sem_perm.security;
2252}
2253
2254/**
2255 * smack_sem_alloc_security - Set the security blob for sem
2256 * @sma: the object
2257 *
2258 * Returns 0
2259 */
2260static int smack_sem_alloc_security(struct sem_array *sma)
2261{
2262 struct kern_ipc_perm *isp = &sma->sem_perm;
2263
676dac4b 2264 isp->security = smk_of_current();
e114e473
CS		 2265 return 0;
2266}
2267
2268/**
2269 * smack_sem_free_security - Clear the security blob for sem
2270 * @sma: the object
2271 *
2272 * Clears the blob pointer
2273 */
2274static void smack_sem_free_security(struct sem_array *sma)
2275{
2276 struct kern_ipc_perm *isp = &sma->sem_perm;
2277
2278 isp->security = NULL;
2279}
2280
ecfcc53f
EB		 2281/**
2282 * smk_curacc_sem : check if current has access on sem
2283 * @sma : the object
2284 * @access : access requested
2285 *
2286 * Returns 0 if current has the requested access, error code otherwise
2287 */
2288static int smk_curacc_sem(struct sem_array *sma, int access)
2289{
2290 char *ssp = smack_of_sem(sma);
2291 struct smk_audit_info ad;
2292
2293#ifdef CONFIG_AUDIT
2294 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2295 ad.a.u.ipc_id = sma->sem_perm.id;
2296#endif
2297 return smk_curacc(ssp, access, &ad);
2298}
2299
e114e473
CS		 2300/**
2301 * smack_sem_associate - Smack access check for sem
2302 * @sma: the object
2303 * @semflg: access requested
2304 *
2305 * Returns 0 if current has the requested access, error code otherwise
2306 */
2307static int smack_sem_associate(struct sem_array *sma, int semflg)
2308{
e114e473
CS		 2309 int may;
2310
2311 may = smack_flags_to_may(semflg);
ecfcc53f 2312 return smk_curacc_sem(sma, may);
e114e473
CS		 2313}
2314
2315/**
2316 * smack_sem_shmctl - Smack access check for sem
2317 * @sma: the object
2318 * @cmd: what it wants to do
2319 *
2320 * Returns 0 if current has the requested access, error code otherwise
2321 */
2322static int smack_sem_semctl(struct sem_array *sma, int cmd)
2323{
e114e473
CS		 2324 int may;
2325
2326 switch (cmd) {
2327 case GETPID:
2328 case GETNCNT:
2329 case GETZCNT:
2330 case GETVAL:
2331 case GETALL:
2332 case IPC_STAT:
2333 case SEM_STAT:
2334 may = MAY_READ;
2335 break;
2336 case SETVAL:
2337 case SETALL:
2338 case IPC_RMID:
2339 case IPC_SET:
2340 may = MAY_READWRITE;
2341 break;
2342 case IPC_INFO:
2343 case SEM_INFO:
2344 /*
2345 * System level information
2346 */
2347 return 0;
2348 default:
2349 return -EINVAL;
2350 }
2351
ecfcc53f 2352 return smk_curacc_sem(sma, may);
e114e473
CS		 2353}
2354
2355/**
2356 * smack_sem_semop - Smack checks of semaphore operations
2357 * @sma: the object
2358 * @sops: unused
2359 * @nsops: unused
2360 * @alter: unused
2361 *
2362 * Treated as read and write in all cases.
2363 *
2364 * Returns 0 if access is allowed, error code otherwise
2365 */
2366static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2367 unsigned nsops, int alter)
2368{
ecfcc53f 2369 return smk_curacc_sem(sma, MAY_READWRITE);
e114e473
CS		 2370}
2371
2372/**
2373 * smack_msg_alloc_security - Set the security blob for msg
2374 * @msq: the object
2375 *
2376 * Returns 0
2377 */
2378static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2379{
2380 struct kern_ipc_perm *kisp = &msq->q_perm;
2381
676dac4b 2382 kisp->security = smk_of_current();
e114e473
CS		 2383 return 0;
2384}
2385
2386/**
2387 * smack_msg_free_security - Clear the security blob for msg
2388 * @msq: the object
2389 *
2390 * Clears the blob pointer
2391 */
2392static void smack_msg_queue_free_security(struct msg_queue *msq)
2393{
2394 struct kern_ipc_perm *kisp = &msq->q_perm;
2395
2396 kisp->security = NULL;
2397}
2398
2399/**
2400 * smack_of_msq - the smack pointer for the msq
2401 * @msq: the object
2402 *
2403 * Returns a pointer to the smack value
2404 */
2405static char *smack_of_msq(struct msg_queue *msq)
2406{
2407 return (char *)msq->q_perm.security;
2408}
2409
ecfcc53f
EB		 2410/**
2411 * smk_curacc_msq : helper to check if current has access on msq
2412 * @msq : the msq
2413 * @access : access requested
2414 *
2415 * return 0 if current has access, error otherwise
2416 */
2417static int smk_curacc_msq(struct msg_queue *msq, int access)
2418{
2419 char *msp = smack_of_msq(msq);
2420 struct smk_audit_info ad;
2421
2422#ifdef CONFIG_AUDIT
2423 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2424 ad.a.u.ipc_id = msq->q_perm.id;
2425#endif
2426 return smk_curacc(msp, access, &ad);
2427}
2428
e114e473
CS		 2429/**
2430 * smack_msg_queue_associate - Smack access check for msg_queue
2431 * @msq: the object
2432 * @msqflg: access requested
2433 *
2434 * Returns 0 if current has the requested access, error code otherwise
2435 */
2436static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2437{
e114e473
CS		 2438 int may;
2439
2440 may = smack_flags_to_may(msqflg);
ecfcc53f 2441 return smk_curacc_msq(msq, may);
e114e473
CS		 2442}
2443
2444/**
2445 * smack_msg_queue_msgctl - Smack access check for msg_queue
2446 * @msq: the object
2447 * @cmd: what it wants to do
2448 *
2449 * Returns 0 if current has the requested access, error code otherwise
2450 */
2451static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2452{
e114e473
CS		 2453 int may;
2454
2455 switch (cmd) {
2456 case IPC_STAT:
2457 case MSG_STAT:
2458 may = MAY_READ;
2459 break;
2460 case IPC_SET:
2461 case IPC_RMID:
2462 may = MAY_READWRITE;
2463 break;
2464 case IPC_INFO:
2465 case MSG_INFO:
2466 /*
2467 * System level information
2468 */
2469 return 0;
2470 default:
2471 return -EINVAL;
2472 }
2473
ecfcc53f 2474 return smk_curacc_msq(msq, may);
e114e473
CS		 2475}
2476
2477/**
2478 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2479 * @msq: the object
2480 * @msg: unused
2481 * @msqflg: access requested
2482 *
2483 * Returns 0 if current has the requested access, error code otherwise
2484 */
2485static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2486 int msqflg)
2487{
ecfcc53f 2488 int may;
e114e473 2489
ecfcc53f
EB		 2490 may = smack_flags_to_may(msqflg);
2491 return smk_curacc_msq(msq, may);
e114e473
CS		 2492}
2493
2494/**
2495 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2496 * @msq: the object
2497 * @msg: unused
2498 * @target: unused
2499 * @type: unused
2500 * @mode: unused
2501 *
2502 * Returns 0 if current has read and write access, error code otherwise
2503 */
2504static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2505 struct task_struct *target, long type, int mode)
2506{
ecfcc53f 2507 return smk_curacc_msq(msq, MAY_READWRITE);
e114e473
CS		 2508}
2509
2510/**
2511 * smack_ipc_permission - Smack access for ipc_permission()
2512 * @ipp: the object permissions
2513 * @flag: access requested
2514 *
2515 * Returns 0 if current has read and write access, error code otherwise
2516 */
2517static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2518{
2519 char *isp = ipp->security;
ecfcc53f
EB		 2520 int may = smack_flags_to_may(flag);
2521 struct smk_audit_info ad;
e114e473 2522
ecfcc53f
EB		 2523#ifdef CONFIG_AUDIT
2524 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2525 ad.a.u.ipc_id = ipp->id;
2526#endif
2527 return smk_curacc(isp, may, &ad);
e114e473
CS		 2528}
2529
d20bdda6
AD		 2530/**
2531 * smack_ipc_getsecid - Extract smack security id
251a2a95 2532 * @ipp: the object permissions
d20bdda6
AD		 2533 * @secid: where result will be saved
2534 */
2535static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2536{
2537 char *smack = ipp->security;
2538
2539 *secid = smack_to_secid(smack);
2540}
2541
e114e473
CS		 2542/**
2543 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 2544 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 2545 * @inode: the object
2546 *
2547 * Set the inode's security blob if it hasn't been done already.
2548 */
2549static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2550{
2551 struct super_block *sbp;
2552 struct superblock_smack *sbsp;
2553 struct inode_smack *isp;
676dac4b 2554 char *csp = smk_of_current();
e114e473
CS		 2555 char *fetched;
2556 char *final;
5c6d1125
JS		 2557 char trattr[TRANS_TRUE_SIZE];
2558 int transflag = 0;
2267b13a 2559 int rc;
e114e473
CS		 2560 struct dentry *dp;
2561
2562 if (inode == NULL)
2563 return;
2564
2565 isp = inode->i_security;
2566
2567 mutex_lock(&isp->smk_lock);
2568 /*
2569 * If the inode is already instantiated
2570 * take the quick way out
2571 */
2572 if (isp->smk_flags & SMK_INODE_INSTANT)
2573 goto unlockandout;
2574
2575 sbp = inode->i_sb;
2576 sbsp = sbp->s_security;
2577 /*
2578 * We're going to use the superblock default label
2579 * if there's no label on the file.
2580 */
2581 final = sbsp->smk_default;
2582
e97dcb0e
CS		 2583 /*
2584 * If this is the root inode the superblock
2585 * may be in the process of initialization.
2586 * If that is the case use the root value out
2587 * of the superblock.
2588 */
2589 if (opt_dentry->d_parent == opt_dentry) {
2590 isp->smk_inode = sbsp->smk_root;
2591 isp->smk_flags |= SMK_INODE_INSTANT;
2592 goto unlockandout;
2593 }
2594
e114e473
CS		 2595 /*
2596 * This is pretty hackish.
2597 * Casey says that we shouldn't have to do
2598 * file system specific code, but it does help
2599 * with keeping it simple.
2600 */
2601 switch (sbp->s_magic) {
2602 case SMACK_MAGIC:
2603 /*
25985edc 2604 * Casey says that it's a little embarrassing
e114e473
CS		 2605 * that the smack file system doesn't do
2606 * extended attributes.
2607 */
2608 final = smack_known_star.smk_known;
2609 break;
2610 case PIPEFS_MAGIC:
2611 /*
2612 * Casey says pipes are easy (?)
2613 */
2614 final = smack_known_star.smk_known;
2615 break;
2616 case DEVPTS_SUPER_MAGIC:
2617 /*
2618 * devpts seems content with the label of the task.
2619 * Programs that change smack have to treat the
2620 * pty with respect.
2621 */
2622 final = csp;
2623 break;
2624 case SOCKFS_MAGIC:
2625 /*
b4e0d5f0
CS		 2626 * Socket access is controlled by the socket
2627 * structures associated with the task involved.
e114e473 2628 */
b4e0d5f0 2629 final = smack_known_star.smk_known;
e114e473
CS		 2630 break;
2631 case PROC_SUPER_MAGIC:
2632 /*
2633 * Casey says procfs appears not to care.
2634 * The superblock default suffices.
2635 */
2636 break;
2637 case TMPFS_MAGIC:
2638 /*
2639 * Device labels should come from the filesystem,
2640 * but watch out, because they're volitile,
2641 * getting recreated on every reboot.
2642 */
2643 final = smack_known_star.smk_known;
2644 /*
2645 * No break.
2646 *
2647 * If a smack value has been set we want to use it,
2648 * but since tmpfs isn't giving us the opportunity
2649 * to set mount options simulate setting the
2650 * superblock default.
2651 */
2652 default:
2653 /*
2654 * This isn't an understood special case.
2655 * Get the value from the xattr.
b4e0d5f0
CS		 2656 */
2657
2658 /*
2659 * UNIX domain sockets use lower level socket data.
2660 */
2661 if (S_ISSOCK(inode->i_mode)) {
2662 final = smack_known_star.smk_known;
2663 break;
2664 }
2665 /*
e114e473
CS		 2666 * No xattr support means, alas, no SMACK label.
2667 * Use the aforeapplied default.
2668 * It would be curious if the label of the task
2669 * does not match that assigned.
2670 */
2671 if (inode->i_op->getxattr == NULL)
2672 break;
2673 /*
2674 * Get the dentry for xattr.
2675 */
3e62cbb8 2676 dp = dget(opt_dentry);
676dac4b 2677 fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2267b13a 2678 if (fetched != NULL)
e114e473 2679 final = fetched;
2267b13a
CS		 2680
2681 /*
2682 * Transmuting directory
2683 */
2684 if (S_ISDIR(inode->i_mode)) {
2685 /*
2686 * If this is a new directory and the label was
2687 * transmuted when the inode was initialized
2688 * set the transmute attribute on the directory
2689 * and mark the inode.
2690 *
2691 * If there is a transmute attribute on the
2692 * directory mark the inode.
2693 */
2694 if (isp->smk_flags & SMK_INODE_CHANGED) {
2695 isp->smk_flags &= ~SMK_INODE_CHANGED;
2696 rc = inode->i_op->setxattr(dp,
5c6d1125 2697 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 2698 TRANS_TRUE, TRANS_TRUE_SIZE,
2699 0);
2700 } else {
2701 rc = inode->i_op->getxattr(dp,
2702 XATTR_NAME_SMACKTRANSMUTE, trattr,
2703 TRANS_TRUE_SIZE);
2704 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
2705 TRANS_TRUE_SIZE) != 0)
2706 rc = -EINVAL;
5c6d1125 2707 }
2267b13a
CS		 2708 if (rc >= 0)
2709 transflag = SMK_INODE_TRANSMUTE;
5c6d1125
JS		 2710 }
2711 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
7898e1f8 2712 isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
676dac4b 2713
e114e473
CS		 2714 dput(dp);
2715 break;
2716 }
2717
2718 if (final == NULL)
2719 isp->smk_inode = csp;
2720 else
2721 isp->smk_inode = final;
2722
5c6d1125 2723 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 2724
2725unlockandout:
2726 mutex_unlock(&isp->smk_lock);
2727 return;
2728}
2729
2730/**
2731 * smack_getprocattr - Smack process attribute access
2732 * @p: the object task
2733 * @name: the name of the attribute in /proc/.../attr
2734 * @value: where to put the result
2735 *
2736 * Places a copy of the task Smack into value
2737 *
2738 * Returns the length of the smack label or an error code
2739 */
2740static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2741{
2742 char *cp;
2743 int slen;
2744
2745 if (strcmp(name, "current") != 0)
2746 return -EINVAL;
2747
676dac4b 2748 cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL);
e114e473
CS		 2749 if (cp == NULL)
2750 return -ENOMEM;
2751
2752 slen = strlen(cp);
2753 *value = cp;
2754 return slen;
2755}
2756
2757/**
2758 * smack_setprocattr - Smack process attribute setting
2759 * @p: the object task
2760 * @name: the name of the attribute in /proc/.../attr
2761 * @value: the value to set
2762 * @size: the size of the value
2763 *
2764 * Sets the Smack value of the task. Only setting self
2765 * is permitted and only with privilege
2766 *
2767 * Returns the length of the smack label or an error code
2768 */
2769static int smack_setprocattr(struct task_struct *p, char *name,
2770 void *value, size_t size)
2771{
7898e1f8 2772 int rc;
676dac4b 2773 struct task_smack *tsp;
5c6d1125 2774 struct task_smack *oldtsp;
d84f4f99 2775 struct cred *new;
e114e473
CS		 2776 char *newsmack;
2777
e114e473
CS		 2778 /*
2779 * Changing another process' Smack value is too dangerous
2780 * and supports no sane use case.
2781 */
2782 if (p != current)
2783 return -EPERM;
2784
5cd9c58f
DH		 2785 if (!capable(CAP_MAC_ADMIN))
2786 return -EPERM;
2787
e114e473
CS		 2788 if (value == NULL || size == 0 || size >= SMK_LABELLEN)
2789 return -EINVAL;
2790
2791 if (strcmp(name, "current") != 0)
2792 return -EINVAL;
2793
2794 newsmack = smk_import(value, size);
2795 if (newsmack == NULL)
2796 return -EINVAL;
2797
6d3dc07c
CS		 2798 /*
2799 * No process is ever allowed the web ("@") label.
2800 */
2801 if (newsmack == smack_known_web.smk_known)
2802 return -EPERM;
2803
5c6d1125 2804 oldtsp = p->cred->security;
d84f4f99 2805 new = prepare_creds();
6d3dc07c 2806 if (new == NULL)
d84f4f99 2807 return -ENOMEM;
7898e1f8
CS		 2808
2809 tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL);
676dac4b
CS		 2810 if (tsp == NULL) {
2811 kfree(new);
2812 return -ENOMEM;
2813 }
7898e1f8
CS		 2814 rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL);
2815 if (rc != 0)
2816 return rc;
2817
676dac4b 2818 new->security = tsp;
d84f4f99 2819 commit_creds(new);
e114e473
CS		 2820 return size;
2821}
2822
2823/**
2824 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 2825 * @sock: one sock
2826 * @other: the other sock
e114e473
CS		 2827 * @newsk: unused
2828 *
2829 * Return 0 if a subject with the smack of sock could access
2830 * an object with the smack of other, otherwise an error code
2831 */
3610cda5
DM		 2832static int smack_unix_stream_connect(struct sock *sock,
2833 struct sock *other, struct sock *newsk)
e114e473 2834{
d2e7ad19
JM		 2835 struct socket_smack *ssp = sock->sk_security;
2836 struct socket_smack *osp = other->sk_security;
975d5e55 2837 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 2838 struct smk_audit_info ad;
b4e0d5f0 2839 int rc = 0;
e114e473 2840
923e9a13
KC		 2841#ifdef CONFIG_AUDIT
2842 struct lsm_network_audit net;
2843
48c62af6 2844 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3610cda5 2845 smk_ad_setfield_u_net_sk(&ad, other);
923e9a13 2846#endif
b4e0d5f0
CS		 2847
2848 if (!capable(CAP_MAC_OVERRIDE))
2849 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2850
975d5e55
CS		 2851 /*
2852 * Cross reference the peer labels for SO_PEERSEC.
2853 */
2854 if (rc == 0) {
2855 nsp->smk_packet = ssp->smk_out;
2856 ssp->smk_packet = osp->smk_out;
2857 }
2858
b4e0d5f0 2859 return rc;
e114e473
CS		 2860}
2861
2862/**
2863 * smack_unix_may_send - Smack access on UDS
2864 * @sock: one socket
2865 * @other: the other socket
2866 *
2867 * Return 0 if a subject with the smack of sock could access
2868 * an object with the smack of other, otherwise an error code
2869 */
2870static int smack_unix_may_send(struct socket *sock, struct socket *other)
2871{
b4e0d5f0
CS		 2872 struct socket_smack *ssp = sock->sk->sk_security;
2873 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 2874 struct smk_audit_info ad;
b4e0d5f0 2875 int rc = 0;
e114e473 2876
923e9a13
KC		 2877#ifdef CONFIG_AUDIT
2878 struct lsm_network_audit net;
2879
48c62af6 2880 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 2881 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 2882#endif
b4e0d5f0
CS		 2883
2884 if (!capable(CAP_MAC_OVERRIDE))
2885 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2886
2887 return rc;
e114e473
CS		 2888}
2889
6d3dc07c
CS		 2890/**
2891 * smack_socket_sendmsg - Smack check based on destination host
2892 * @sock: the socket
251a2a95 2893 * @msg: the message
6d3dc07c
CS		 2894 * @size: the size of the message
2895 *
2896 * Return 0 if the current subject can write to the destination
2897 * host. This is only a question if the destination is a single
2898 * label host.
2899 */
2900static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2901 int size)
2902{
2903 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
6d3dc07c
CS		 2904
2905 /*
2906 * Perfectly reasonable for this to be NULL
2907 */
da34d424 2908 if (sip == NULL || sip->sin_family != AF_INET)
6d3dc07c
CS		 2909 return 0;
2910
07feee8f 2911 return smack_netlabel_send(sock->sk, sip);
6d3dc07c
CS		 2912}
2913
e114e473 2914/**
251a2a95 2915 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 2916 * @sap: netlabel secattr
272cd7a8 2917 * @ssp: socket security information
e114e473 2918 *
272cd7a8 2919 * Returns a pointer to a Smack label found on the label list.
e114e473 2920 */
272cd7a8
CS		 2921static char *smack_from_secattr(struct netlbl_lsm_secattr *sap,
2922 struct socket_smack *ssp)
e114e473 2923{
272cd7a8 2924 struct smack_known *skp;
e114e473 2925 char smack[SMK_LABELLEN];
6d3dc07c 2926 char *sp;
e114e473
CS		 2927 int pcat;
2928
6d3dc07c 2929 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 2930 /*
6d3dc07c 2931 * Looks like a CIPSO packet.
e114e473
CS		 2932 * If there are flags but no level netlabel isn't
2933 * behaving the way we expect it to.
2934 *
6d3dc07c 2935 * Get the categories, if any
e114e473
CS		 2936 * Without guidance regarding the smack value
2937 * for the packet fall back on the network
2938 * ambient value.
2939 */
6d3dc07c
CS		 2940 memset(smack, '\0', SMK_LABELLEN);
2941 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2942 for (pcat = -1;;) {
2943 pcat = netlbl_secattr_catmap_walk(
2944 sap->attr.mls.cat, pcat + 1);
2945 if (pcat < 0)
2946 break;
2947 smack_catset_bit(pcat, smack);
2948 }
2949 /*
2950 * If it is CIPSO using smack direct mapping
2951 * we are already done. WeeHee.
2952 */
2953 if (sap->attr.mls.lvl == smack_cipso_direct) {
272cd7a8
CS		 2954 /*
2955 * The label sent is usually on the label list.
2956 *
2957 * If it is not we may still want to allow the
2958 * delivery.
2959 *
2960 * If the recipient is accepting all packets
2961 * because it is using the star ("*") label
2962 * for SMACK64IPIN provide the web ("@") label
2963 * so that a directed response will succeed.
2964 * This is not very correct from a MAC point
2965 * of view, but gets around the problem that
2966 * locking prevents adding the newly discovered
2967 * label to the list.
2968 * The case where the recipient is not using
2969 * the star label should obviously fail.
2970 * The easy way to do this is to provide the
2971 * star label as the subject label.
2972 */
2973 skp = smk_find_entry(smack);
2974 if (skp != NULL)
2975 return skp->smk_known;
2976 if (ssp != NULL &&
2977 ssp->smk_in == smack_known_star.smk_known)
2978 return smack_known_web.smk_known;
2979 return smack_known_star.smk_known;
6d3dc07c
CS		 2980 }
2981 /*
2982 * Look it up in the supplied table if it is not
2983 * a direct mapping.
2984 */
272cd7a8
CS		 2985 sp = smack_from_cipso(sap->attr.mls.lvl, smack);
2986 if (sp != NULL)
2987 return sp;
2988 if (ssp != NULL && ssp->smk_in == smack_known_star.smk_known)
2989 return smack_known_web.smk_known;
2990 return smack_known_star.smk_known;
e114e473 2991 }
6d3dc07c
CS		 2992 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2993 /*
2994 * Looks like a fallback, which gives us a secid.
2995 */
2996 sp = smack_from_secid(sap->attr.secid);
2997 /*
2998 * This has got to be a bug because it is
2999 * impossible to specify a fallback without
3000 * specifying the label, which will ensure
3001 * it has a secid, and the only way to get a
3002 * secid is from a fallback.
3003 */
3004 BUG_ON(sp == NULL);
272cd7a8 3005 return sp;
e114e473
CS		 3006 }
3007 /*
6d3dc07c
CS		 3008 * Without guidance regarding the smack value
3009 * for the packet fall back on the network
3010 * ambient value.
e114e473 3011 */
272cd7a8 3012 return smack_net_ambient;
e114e473
CS		 3013}
3014
3015/**
3016 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3017 * @sk: socket
3018 * @skb: packet
3019 *
3020 * Returns 0 if the packet should be delivered, an error code otherwise
3021 */
3022static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3023{
3024 struct netlbl_lsm_secattr secattr;
3025 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 3026 char *csp;
e114e473 3027 int rc;
ecfcc53f 3028 struct smk_audit_info ad;
923e9a13 3029#ifdef CONFIG_AUDIT
48c62af6 3030 struct lsm_network_audit net;
923e9a13 3031#endif
e114e473
CS		 3032 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
3033 return 0;
3034
3035 /*
3036 * Translate what netlabel gave us.
3037 */
e114e473 3038 netlbl_secattr_init(&secattr);
6d3dc07c 3039
e114e473 3040 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
272cd7a8
CS		 3041 if (rc == 0)
3042 csp = smack_from_secattr(&secattr, ssp);
3043 else
6d3dc07c
CS		 3044 csp = smack_net_ambient;
3045
e114e473 3046 netlbl_secattr_destroy(&secattr);
6d3dc07c 3047
ecfcc53f 3048#ifdef CONFIG_AUDIT
48c62af6
EP		 3049 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3050 ad.a.u.net->family = sk->sk_family;
3051 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 3052 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3053#endif
e114e473
CS		 3054 /*
3055 * Receiving a packet requires that the other end
3056 * be able to write here. Read access is not required.
3057 * This is the simplist possible security model
3058 * for networking.
3059 */
ecfcc53f 3060 rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
a8134296
PM		 3061 if (rc != 0)
3062 netlbl_skbuff_err(skb, rc, 0);
3063 return rc;
e114e473
CS		 3064}
3065
3066/**
3067 * smack_socket_getpeersec_stream - pull in packet label
3068 * @sock: the socket
3069 * @optval: user's destination
3070 * @optlen: size thereof
251a2a95 3071 * @len: max thereof
e114e473
CS		 3072 *
3073 * returns zero on success, an error code otherwise
3074 */
3075static int smack_socket_getpeersec_stream(struct socket *sock,
3076 char __user *optval,
3077 int __user *optlen, unsigned len)
3078{
3079 struct socket_smack *ssp;
272cd7a8
CS		 3080 char *rcp = "";
3081 int slen = 1;
e114e473
CS		 3082 int rc = 0;
3083
3084 ssp = sock->sk->sk_security;
272cd7a8
CS		 3085 if (ssp->smk_packet != NULL) {
3086 rcp = ssp->smk_packet;
3087 slen = strlen(rcp) + 1;
3088 }
e114e473
CS		 3089
3090 if (slen > len)
3091 rc = -ERANGE;
272cd7a8 3092 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 3093 rc = -EFAULT;
3094
3095 if (put_user(slen, optlen) != 0)
3096 rc = -EFAULT;
3097
3098 return rc;
3099}
3100
3101
3102/**
3103 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 3104 * @sock: the peer socket
e114e473
CS		 3105 * @skb: packet data
3106 * @secid: pointer to where to put the secid of the packet
3107 *
3108 * Sets the netlabel socket state on sk from parent
3109 */
3110static int smack_socket_getpeersec_dgram(struct socket *sock,
3111 struct sk_buff *skb, u32 *secid)
3112
3113{
3114 struct netlbl_lsm_secattr secattr;
272cd7a8
CS		 3115 struct socket_smack *ssp = NULL;
3116 char *sp;
b4e0d5f0
CS		 3117 int family = PF_UNSPEC;
3118 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 3119 int rc;
3120
b4e0d5f0
CS		 3121 if (skb != NULL) {
3122 if (skb->protocol == htons(ETH_P_IP))
3123 family = PF_INET;
3124 else if (skb->protocol == htons(ETH_P_IPV6))
3125 family = PF_INET6;
e114e473 3126 }
b4e0d5f0
CS		 3127 if (family == PF_UNSPEC && sock != NULL)
3128 family = sock->sk->sk_family;
e114e473 3129
b4e0d5f0 3130 if (family == PF_UNIX) {
272cd7a8
CS		 3131 ssp = sock->sk->sk_security;
3132 s = smack_to_secid(ssp->smk_out);
b4e0d5f0
CS		 3133 } else if (family == PF_INET || family == PF_INET6) {
3134 /*
3135 * Translate what netlabel gave us.
3136 */
272cd7a8
CS		 3137 if (sock != NULL && sock->sk != NULL)
3138 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 3139 netlbl_secattr_init(&secattr);
3140 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3141 if (rc == 0) {
272cd7a8
CS		 3142 sp = smack_from_secattr(&secattr, ssp);
3143 s = smack_to_secid(sp);
b4e0d5f0
CS		 3144 }
3145 netlbl_secattr_destroy(&secattr);
3146 }
3147 *secid = s;
e114e473
CS		 3148 if (s == 0)
3149 return -EINVAL;
e114e473
CS		 3150 return 0;
3151}
3152
3153/**
07feee8f
PM		 3154 * smack_sock_graft - Initialize a newly created socket with an existing sock
3155 * @sk: child sock
3156 * @parent: parent socket
e114e473 3157 *
07feee8f
PM		 3158 * Set the smk_{in,out} state of an existing sock based on the process that
3159 * is creating the new socket.
e114e473
CS		 3160 */
3161static void smack_sock_graft(struct sock *sk, struct socket *parent)
3162{
3163 struct socket_smack *ssp;
e114e473 3164
07feee8f
PM		 3165 if (sk == NULL ||
3166 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 3167 return;
3168
3169 ssp = sk->sk_security;
676dac4b 3170 ssp->smk_in = ssp->smk_out = smk_of_current();
07feee8f 3171 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 3172}
3173
3174/**
3175 * smack_inet_conn_request - Smack access check on connect
3176 * @sk: socket involved
3177 * @skb: packet
3178 * @req: unused
3179 *
3180 * Returns 0 if a task with the packet label could write to
3181 * the socket, otherwise an error code
3182 */
3183static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3184 struct request_sock *req)
3185{
07feee8f 3186 u16 family = sk->sk_family;
e114e473 3187 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 3188 struct netlbl_lsm_secattr secattr;
3189 struct sockaddr_in addr;
3190 struct iphdr *hdr;
272cd7a8 3191 char *sp;
e114e473 3192 int rc;
ecfcc53f 3193 struct smk_audit_info ad;
923e9a13 3194#ifdef CONFIG_AUDIT
48c62af6 3195 struct lsm_network_audit net;
923e9a13 3196#endif
e114e473 3197
07feee8f
PM		 3198 /* handle mapped IPv4 packets arriving via IPv6 sockets */
3199 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3200 family = PF_INET;
e114e473 3201
07feee8f
PM		 3202 netlbl_secattr_init(&secattr);
3203 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 3204 if (rc == 0)
272cd7a8 3205 sp = smack_from_secattr(&secattr, ssp);
e114e473 3206 else
272cd7a8 3207 sp = smack_known_huh.smk_known;
07feee8f
PM		 3208 netlbl_secattr_destroy(&secattr);
3209
ecfcc53f 3210#ifdef CONFIG_AUDIT
48c62af6
EP		 3211 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3212 ad.a.u.net->family = family;
3213 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 3214 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3215#endif
e114e473 3216 /*
07feee8f
PM		 3217 * Receiving a packet requires that the other end be able to write
3218 * here. Read access is not required.
e114e473 3219 */
272cd7a8 3220 rc = smk_access(sp, ssp->smk_in, MAY_WRITE, &ad);
07feee8f
PM		 3221 if (rc != 0)
3222 return rc;
3223
3224 /*
3225 * Save the peer's label in the request_sock so we can later setup
3226 * smk_packet in the child socket so that SO_PEERCRED can report it.
3227 */
272cd7a8 3228 req->peer_secid = smack_to_secid(sp);
07feee8f
PM		 3229
3230 /*
3231 * We need to decide if we want to label the incoming connection here
3232 * if we do we only need to label the request_sock and the stack will
25985edc 3233 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 3234 */
3235 hdr = ip_hdr(skb);
3236 addr.sin_addr.s_addr = hdr->saddr;
3237 rcu_read_lock();
3238 if (smack_host_label(&addr) == NULL) {
3239 rcu_read_unlock();
3240 netlbl_secattr_init(&secattr);
272cd7a8 3241 smack_to_secattr(sp, &secattr);
07feee8f
PM		 3242 rc = netlbl_req_setattr(req, &secattr);
3243 netlbl_secattr_destroy(&secattr);
3244 } else {
3245 rcu_read_unlock();
3246 netlbl_req_delattr(req);
3247 }
e114e473
CS		 3248
3249 return rc;
3250}
3251
07feee8f
PM		 3252/**
3253 * smack_inet_csk_clone - Copy the connection information to the new socket
3254 * @sk: the new socket
3255 * @req: the connection's request_sock
3256 *
3257 * Transfer the connection's peer label to the newly created socket.
3258 */
3259static void smack_inet_csk_clone(struct sock *sk,
3260 const struct request_sock *req)
3261{
3262 struct socket_smack *ssp = sk->sk_security;
07feee8f 3263
272cd7a8
CS		 3264 if (req->peer_secid != 0)
3265 ssp->smk_packet = smack_from_secid(req->peer_secid);
3266 else
3267 ssp->smk_packet = NULL;
07feee8f
PM		 3268}
3269
e114e473
CS		 3270/*
3271 * Key management security hooks
3272 *
3273 * Casey has not tested key support very heavily.
3274 * The permission check is most likely too restrictive.
3275 * If you care about keys please have a look.
3276 */
3277#ifdef CONFIG_KEYS
3278
3279/**
3280 * smack_key_alloc - Set the key security blob
3281 * @key: object
d84f4f99 3282 * @cred: the credentials to use
e114e473
CS		 3283 * @flags: unused
3284 *
3285 * No allocation required
3286 *
3287 * Returns 0
3288 */
d84f4f99 3289static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 3290 unsigned long flags)
3291{
676dac4b 3292 key->security = smk_of_task(cred->security);
e114e473
CS		 3293 return 0;
3294}
3295
3296/**
3297 * smack_key_free - Clear the key security blob
3298 * @key: the object
3299 *
3300 * Clear the blob pointer
3301 */
3302static void smack_key_free(struct key *key)
3303{
3304 key->security = NULL;
3305}
3306
3307/*
3308 * smack_key_permission - Smack access on a key
3309 * @key_ref: gets to the object
d84f4f99 3310 * @cred: the credentials to use
e114e473
CS		 3311 * @perm: unused
3312 *
3313 * Return 0 if the task has read and write to the object,
3314 * an error code otherwise
3315 */
3316static int smack_key_permission(key_ref_t key_ref,
d84f4f99 3317 const struct cred *cred, key_perm_t perm)
e114e473
CS		 3318{
3319 struct key *keyp;
ecfcc53f 3320 struct smk_audit_info ad;
676dac4b 3321 char *tsp = smk_of_task(cred->security);
e114e473
CS		 3322
3323 keyp = key_ref_to_ptr(key_ref);
3324 if (keyp == NULL)
3325 return -EINVAL;
3326 /*
3327 * If the key hasn't been initialized give it access so that
3328 * it may do so.
3329 */
3330 if (keyp->security == NULL)
3331 return 0;
3332 /*
3333 * This should not occur
3334 */
676dac4b 3335 if (tsp == NULL)
e114e473 3336 return -EACCES;
ecfcc53f
EB		 3337#ifdef CONFIG_AUDIT
3338 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3339 ad.a.u.key_struct.key = keyp->serial;
3340 ad.a.u.key_struct.key_desc = keyp->description;
3341#endif
676dac4b 3342 return smk_access(tsp, keyp->security,
ecfcc53f 3343 MAY_READWRITE, &ad);
e114e473
CS		 3344}
3345#endif /* CONFIG_KEYS */
3346
d20bdda6
AD		 3347/*
3348 * Smack Audit hooks
3349 *
3350 * Audit requires a unique representation of each Smack specific
3351 * rule. This unique representation is used to distinguish the
3352 * object to be audited from remaining kernel objects and also
3353 * works as a glue between the audit hooks.
3354 *
3355 * Since repository entries are added but never deleted, we'll use
3356 * the smack_known label address related to the given audit rule as
3357 * the needed unique representation. This also better fits the smack
3358 * model where nearly everything is a label.
3359 */
3360#ifdef CONFIG_AUDIT
3361
3362/**
3363 * smack_audit_rule_init - Initialize a smack audit rule
3364 * @field: audit rule fields given from user-space (audit.h)
3365 * @op: required testing operator (=, !=, >, <, ...)
3366 * @rulestr: smack label to be audited
3367 * @vrule: pointer to save our own audit rule representation
3368 *
3369 * Prepare to audit cases where (@field @op @rulestr) is true.
3370 * The label to be audited is created if necessay.
3371 */
3372static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3373{
3374 char **rule = (char **)vrule;
3375 *rule = NULL;
3376
3377 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3378 return -EINVAL;
3379
5af75d8d 3380 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 3381 return -EINVAL;
3382
3383 *rule = smk_import(rulestr, 0);
3384
3385 return 0;
3386}
3387
3388/**
3389 * smack_audit_rule_known - Distinguish Smack audit rules
3390 * @krule: rule of interest, in Audit kernel representation format
3391 *
3392 * This is used to filter Smack rules from remaining Audit ones.
3393 * If it's proved that this rule belongs to us, the
3394 * audit_rule_match hook will be called to do the final judgement.
3395 */
3396static int smack_audit_rule_known(struct audit_krule *krule)
3397{
3398 struct audit_field *f;
3399 int i;
3400
3401 for (i = 0; i < krule->field_count; i++) {
3402 f = &krule->fields[i];
3403
3404 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3405 return 1;
3406 }
3407
3408 return 0;
3409}
3410
3411/**
3412 * smack_audit_rule_match - Audit given object ?
3413 * @secid: security id for identifying the object to test
3414 * @field: audit rule flags given from user-space
3415 * @op: required testing operator
3416 * @vrule: smack internal rule presentation
3417 * @actx: audit context associated with the check
3418 *
3419 * The core Audit hook. It's used to take the decision of
3420 * whether to audit or not to audit a given object.
3421 */
3422static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3423 struct audit_context *actx)
3424{
3425 char *smack;
3426 char *rule = vrule;
3427
3428 if (!rule) {
ceffec55 3429 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
d20bdda6
AD		 3430 "Smack: missing rule\n");
3431 return -ENOENT;
3432 }
3433
3434 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3435 return 0;
3436
3437 smack = smack_from_secid(secid);
3438
3439 /*
3440 * No need to do string comparisons. If a match occurs,
3441 * both pointers will point to the same smack_known
3442 * label.
3443 */
5af75d8d 3444 if (op == Audit_equal)
d20bdda6 3445 return (rule == smack);
5af75d8d 3446 if (op == Audit_not_equal)
d20bdda6
AD		 3447 return (rule != smack);
3448
3449 return 0;
3450}
3451
3452/**
3453 * smack_audit_rule_free - free smack rule representation
3454 * @vrule: rule to be freed.
3455 *
3456 * No memory was allocated.
3457 */
3458static void smack_audit_rule_free(void *vrule)
3459{
3460 /* No-op */
3461}
3462
3463#endif /* CONFIG_AUDIT */
3464
251a2a95 3465/**
e114e473
CS		 3466 * smack_secid_to_secctx - return the smack label for a secid
3467 * @secid: incoming integer
3468 * @secdata: destination
3469 * @seclen: how long it is
3470 *
3471 * Exists for networking code.
3472 */
3473static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3474{
3475 char *sp = smack_from_secid(secid);
3476
d5630b9d
EP		 3477 if (secdata)
3478 *secdata = sp;
e114e473
CS		 3479 *seclen = strlen(sp);
3480 return 0;
3481}
3482
251a2a95 3483/**
4bc87e62
CS		 3484 * smack_secctx_to_secid - return the secid for a smack label
3485 * @secdata: smack label
3486 * @seclen: how long result is
3487 * @secid: outgoing integer
3488 *
3489 * Exists for audit and networking code.
3490 */
e52c1764 3491static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62
CS		 3492{
3493 *secid = smack_to_secid(secdata);
3494 return 0;
3495}
3496
251a2a95 3497/**
e114e473 3498 * smack_release_secctx - don't do anything.
251a2a95
RD		 3499 * @secdata: unused
3500 * @seclen: unused
e114e473
CS		 3501 *
3502 * Exists to make sure nothing gets done, and properly
3503 */
3504static void smack_release_secctx(char *secdata, u32 seclen)
3505{
3506}
3507
1ee65e37
DQ		 3508static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3509{
3510 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3511}
3512
3513static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3514{
3515 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3516}
3517
3518static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3519{
3520 int len = 0;
3521 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3522
3523 if (len < 0)
3524 return len;
3525 *ctxlen = len;
3526 return 0;
3527}
3528
076c54c5
AD		 3529struct security_operations smack_ops = {
3530 .name = "smack",
3531
9e48858f 3532 .ptrace_access_check = smack_ptrace_access_check,
5cd9c58f 3533 .ptrace_traceme = smack_ptrace_traceme,
e114e473 3534 .syslog = smack_syslog,
e114e473
CS		 3535
3536 .sb_alloc_security = smack_sb_alloc_security,
3537 .sb_free_security = smack_sb_free_security,
3538 .sb_copy_data = smack_sb_copy_data,
3539 .sb_kern_mount = smack_sb_kern_mount,
3540 .sb_statfs = smack_sb_statfs,
3541 .sb_mount = smack_sb_mount,
3542 .sb_umount = smack_sb_umount,
3543
676dac4b 3544 .bprm_set_creds = smack_bprm_set_creds,
84088ba2
JS		 3545 .bprm_committing_creds = smack_bprm_committing_creds,
3546 .bprm_secureexec = smack_bprm_secureexec,
676dac4b 3547
e114e473
CS		 3548 .inode_alloc_security = smack_inode_alloc_security,
3549 .inode_free_security = smack_inode_free_security,
3550 .inode_init_security = smack_inode_init_security,
3551 .inode_link = smack_inode_link,
3552 .inode_unlink = smack_inode_unlink,
3553 .inode_rmdir = smack_inode_rmdir,
3554 .inode_rename = smack_inode_rename,
3555 .inode_permission = smack_inode_permission,
3556 .inode_setattr = smack_inode_setattr,
3557 .inode_getattr = smack_inode_getattr,
3558 .inode_setxattr = smack_inode_setxattr,
3559 .inode_post_setxattr = smack_inode_post_setxattr,
3560 .inode_getxattr = smack_inode_getxattr,
3561 .inode_removexattr = smack_inode_removexattr,
3562 .inode_getsecurity = smack_inode_getsecurity,
3563 .inode_setsecurity = smack_inode_setsecurity,
3564 .inode_listsecurity = smack_inode_listsecurity,
d20bdda6 3565 .inode_getsecid = smack_inode_getsecid,
e114e473
CS		 3566
3567 .file_permission = smack_file_permission,
3568 .file_alloc_security = smack_file_alloc_security,
3569 .file_free_security = smack_file_free_security,
3570 .file_ioctl = smack_file_ioctl,
3571 .file_lock = smack_file_lock,
3572 .file_fcntl = smack_file_fcntl,
7898e1f8 3573 .file_mmap = smack_file_mmap,
e114e473
CS		 3574 .file_set_fowner = smack_file_set_fowner,
3575 .file_send_sigiotask = smack_file_send_sigiotask,
3576 .file_receive = smack_file_receive,
3577
531f1d45
CS		 3578 .dentry_open = smack_dentry_open,
3579
ee18d64c 3580 .cred_alloc_blank = smack_cred_alloc_blank,
f1752eec 3581 .cred_free = smack_cred_free,
d84f4f99 3582 .cred_prepare = smack_cred_prepare,
ee18d64c 3583 .cred_transfer = smack_cred_transfer,
3a3b7ce9
DH		 3584 .kernel_act_as = smack_kernel_act_as,
3585 .kernel_create_files_as = smack_kernel_create_files_as,
e114e473
CS		 3586 .task_setpgid = smack_task_setpgid,
3587 .task_getpgid = smack_task_getpgid,
3588 .task_getsid = smack_task_getsid,
3589 .task_getsecid = smack_task_getsecid,
3590 .task_setnice = smack_task_setnice,
3591 .task_setioprio = smack_task_setioprio,
3592 .task_getioprio = smack_task_getioprio,
3593 .task_setscheduler = smack_task_setscheduler,
3594 .task_getscheduler = smack_task_getscheduler,
3595 .task_movememory = smack_task_movememory,
3596 .task_kill = smack_task_kill,
3597 .task_wait = smack_task_wait,
e114e473
CS		 3598 .task_to_inode = smack_task_to_inode,
3599
3600 .ipc_permission = smack_ipc_permission,
d20bdda6 3601 .ipc_getsecid = smack_ipc_getsecid,
e114e473
CS		 3602
3603 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
3604 .msg_msg_free_security = smack_msg_msg_free_security,
3605
3606 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
3607 .msg_queue_free_security = smack_msg_queue_free_security,
3608 .msg_queue_associate = smack_msg_queue_associate,
3609 .msg_queue_msgctl = smack_msg_queue_msgctl,
3610 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
3611 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
3612
3613 .shm_alloc_security = smack_shm_alloc_security,
3614 .shm_free_security = smack_shm_free_security,
3615 .shm_associate = smack_shm_associate,
3616 .shm_shmctl = smack_shm_shmctl,
3617 .shm_shmat = smack_shm_shmat,
3618
3619 .sem_alloc_security = smack_sem_alloc_security,
3620 .sem_free_security = smack_sem_free_security,
3621 .sem_associate = smack_sem_associate,
3622 .sem_semctl = smack_sem_semctl,
3623 .sem_semop = smack_sem_semop,
3624
e114e473
CS		 3625 .d_instantiate = smack_d_instantiate,
3626
3627 .getprocattr = smack_getprocattr,
3628 .setprocattr = smack_setprocattr,
3629
3630 .unix_stream_connect = smack_unix_stream_connect,
3631 .unix_may_send = smack_unix_may_send,
3632
3633 .socket_post_create = smack_socket_post_create,
6d3dc07c
CS		 3634 .socket_connect = smack_socket_connect,
3635 .socket_sendmsg = smack_socket_sendmsg,
e114e473
CS		 3636 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
3637 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
3638 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
3639 .sk_alloc_security = smack_sk_alloc_security,
3640 .sk_free_security = smack_sk_free_security,
3641 .sock_graft = smack_sock_graft,
3642 .inet_conn_request = smack_inet_conn_request,
07feee8f 3643 .inet_csk_clone = smack_inet_csk_clone,
d20bdda6 3644
e114e473
CS		 3645 /* key management security hooks */
3646#ifdef CONFIG_KEYS
3647 .key_alloc = smack_key_alloc,
3648 .key_free = smack_key_free,
3649 .key_permission = smack_key_permission,
3650#endif /* CONFIG_KEYS */
d20bdda6
AD		 3651
3652 /* Audit hooks */
3653#ifdef CONFIG_AUDIT
3654 .audit_rule_init = smack_audit_rule_init,
3655 .audit_rule_known = smack_audit_rule_known,
3656 .audit_rule_match = smack_audit_rule_match,
3657 .audit_rule_free = smack_audit_rule_free,
3658#endif /* CONFIG_AUDIT */
3659
e114e473 3660 .secid_to_secctx = smack_secid_to_secctx,
4bc87e62 3661 .secctx_to_secid = smack_secctx_to_secid,
e114e473 3662 .release_secctx = smack_release_secctx,
1ee65e37
DQ		 3663 .inode_notifysecctx = smack_inode_notifysecctx,
3664 .inode_setsecctx = smack_inode_setsecctx,
3665 .inode_getsecctx = smack_inode_getsecctx,
e114e473
CS		 3666};
3667
7198e2ee 3668
86812bb0 3669static __init void init_smack_known_list(void)
7198e2ee 3670{
86812bb0
CS		 3671 /*
3672 * Initialize CIPSO locks
3673 */
3674 spin_lock_init(&smack_known_huh.smk_cipsolock);
3675 spin_lock_init(&smack_known_hat.smk_cipsolock);
3676 spin_lock_init(&smack_known_star.smk_cipsolock);
3677 spin_lock_init(&smack_known_floor.smk_cipsolock);
3678 spin_lock_init(&smack_known_invalid.smk_cipsolock);
3679 spin_lock_init(&smack_known_web.smk_cipsolock);
3680 /*
3681 * Initialize rule list locks
3682 */
3683 mutex_init(&smack_known_huh.smk_rules_lock);
3684 mutex_init(&smack_known_hat.smk_rules_lock);
3685 mutex_init(&smack_known_floor.smk_rules_lock);
3686 mutex_init(&smack_known_star.smk_rules_lock);
3687 mutex_init(&smack_known_invalid.smk_rules_lock);
3688 mutex_init(&smack_known_web.smk_rules_lock);
3689 /*
3690 * Initialize rule lists
3691 */
3692 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
3693 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
3694 INIT_LIST_HEAD(&smack_known_star.smk_rules);
3695 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
3696 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
3697 INIT_LIST_HEAD(&smack_known_web.smk_rules);
3698 /*
3699 * Create the known labels list
3700 */
7198e2ee
EB		 3701 list_add(&smack_known_huh.list, &smack_known_list);
3702 list_add(&smack_known_hat.list, &smack_known_list);
3703 list_add(&smack_known_star.list, &smack_known_list);
3704 list_add(&smack_known_floor.list, &smack_known_list);
3705 list_add(&smack_known_invalid.list, &smack_known_list);
3706 list_add(&smack_known_web.list, &smack_known_list);
3707}
3708
e114e473
CS		 3709/**
3710 * smack_init - initialize the smack system
3711 *
3712 * Returns 0
3713 */
3714static __init int smack_init(void)
3715{
d84f4f99 3716 struct cred *cred;
676dac4b 3717 struct task_smack *tsp;
d84f4f99 3718
7898e1f8
CS		 3719 if (!security_module_enable(&smack_ops))
3720 return 0;
3721
3722 tsp = new_task_smack(smack_known_floor.smk_known,
3723 smack_known_floor.smk_known, GFP_KERNEL);
676dac4b
CS		 3724 if (tsp == NULL)
3725 return -ENOMEM;
3726
e114e473
CS		 3727 printk(KERN_INFO "Smack: Initializing.\n");
3728
3729 /*
3730 * Set the security state for the initial task.
3731 */
d84f4f99 3732 cred = (struct cred *) current->cred;
676dac4b 3733 cred->security = tsp;
e114e473 3734
86812bb0
CS		 3735 /* initialize the smack_known_list */
3736 init_smack_known_list();
e114e473
CS		 3737
3738 /*
3739 * Register with LSM
3740 */
3741 if (register_security(&smack_ops))
3742 panic("smack: Unable to register with kernel.\n");
3743
3744 return 0;
3745}
3746
3747/*
3748 * Smack requires early initialization in order to label
3749 * all processes and objects when they are created.
3750 */
3751security_initcall(smack_init);
A mirror of Linus' kernel repository