]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - security/smack/smack_lsm.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: SAUCE: LSM: Specify which LSM to display
[mirror_ubuntu-jammy-kernel.git] / security / smack / smack_lsm.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
e114e473
CS		 2/*
3 * Simplified MAC Kernel (smack) security module
4 *
5 * This file contains the smack hook function implementations.
6 *
5c6d1125 7 * Authors:
e114e473 8 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 10 *
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 13 * Paul Moore <paul@paul-moore.com>
5c6d1125 14 * Copyright (C) 2010 Nokia Corporation
84088ba2 15 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 16 */
17
18#include <linux/xattr.h>
19#include <linux/pagemap.h>
20#include <linux/mount.h>
21#include <linux/stat.h>
e114e473
CS		 22#include <linux/kd.h>
23#include <asm/ioctls.h>
07feee8f 24#include <linux/ip.h>
e114e473
CS		 25#include <linux/tcp.h>
26#include <linux/udp.h>
c6739443 27#include <linux/dccp.h>
d66a8acb 28#include <linux/icmpv6.h>
5a0e3ad6 29#include <linux/slab.h>
e114e473 30#include <linux/mutex.h>
e114e473 31#include <net/cipso_ipv4.h>
c6739443
CS		 32#include <net/ip.h>
33#include <net/ipv6.h>
d20bdda6 34#include <linux/audit.h>
1fd7317d 35#include <linux/magic.h>
2a7dba39 36#include <linux/dcache.h>
16014d87 37#include <linux/personality.h>
40401530
AV		 38#include <linux/msg.h>
39#include <linux/shm.h>
40#include <linux/binfmts.h>
3bf2789c 41#include <linux/parser.h>
2febd254
DH		 42#include <linux/fs_context.h>
43#include <linux/fs_parser.h>
a8478a60 44#include <linux/watch_queue.h>
e114e473
CS		 45#include "smack.h"
46
5c6d1125
JS		 47#define TRANS_TRUE "TRUE"
48#define TRANS_TRUE_SIZE 4
49
c6739443
CS		 50#define SMK_CONNECTING 0
51#define SMK_RECEIVING 1
52#define SMK_SENDING 2
53
00720f0e 54static DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 55static LIST_HEAD(smk_ipv6_port_list);
4e328b08 56struct kmem_cache *smack_rule_cache;
bfc3cac0 57int smack_enabled __initdata;
c6739443 58
c3300aaf
AV		 59#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
60static struct {
61 const char *name;
62 int len;
63 int opt;
64} smk_mount_opts[] = {
6e7739fc 65 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
c3300aaf 66 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
3bf2789c 67};
c3300aaf
AV		 68#undef A
69
70static int match_opt_prefix(char *s, int l, char **arg)
71{
72 int i;
73
74 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
75 size_t len = smk_mount_opts[i].len;
76 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
77 continue;
78 if (len == l || s[len] != '=')
79 continue;
80 *arg = s + len + 1;
81 return smk_mount_opts[i].opt;
82 }
83 return Opt_error;
84}
3bf2789c 85
3d04c924
CS		 86#ifdef CONFIG_SECURITY_SMACK_BRINGUP
87static char *smk_bu_mess[] = {
88 "Bringup Error", /* Unused */
89 "Bringup", /* SMACK_BRINGUP_ALLOW */
90 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
91 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
92};
93
d166c802
CS		 94static void smk_bu_mode(int mode, char *s)
95{
96 int i = 0;
97
98 if (mode & MAY_READ)
99 s[i++] = 'r';
100 if (mode & MAY_WRITE)
101 s[i++] = 'w';
102 if (mode & MAY_EXEC)
103 s[i++] = 'x';
104 if (mode & MAY_APPEND)
105 s[i++] = 'a';
106 if (mode & MAY_TRANSMUTE)
107 s[i++] = 't';
108 if (mode & MAY_LOCK)
109 s[i++] = 'l';
110 if (i == 0)
111 s[i++] = '-';
112 s[i] = '\0';
113}
114#endif
115
116#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 117static int smk_bu_note(char *note, struct smack_known *sskp,
118 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 119{
120 char acc[SMK_NUM_ACCESS_TYPE + 1];
121
122 if (rc <= 0)
123 return rc;
bf4b2fee
CS		 124 if (rc > SMACK_UNCONFINED_OBJECT)
125 rc = 0;
d166c802
CS		 126
127 smk_bu_mode(mode, acc);
bf4b2fee 128 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 129 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 130 return 0;
131}
132#else
21c7eae2 133#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 134#endif
135
136#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 137static int smk_bu_current(char *note, struct smack_known *oskp,
138 int mode, int rc)
d166c802 139{
b17103a8 140 struct task_smack *tsp = smack_cred(current_cred());
d166c802
CS		 141 char acc[SMK_NUM_ACCESS_TYPE + 1];
142
143 if (rc <= 0)
144 return rc;
bf4b2fee
CS		 145 if (rc > SMACK_UNCONFINED_OBJECT)
146 rc = 0;
d166c802
CS		 147
148 smk_bu_mode(mode, acc);
bf4b2fee 149 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 150 tsp->smk_task->smk_known, oskp->smk_known,
151 acc, current->comm, note);
d166c802
CS		 152 return 0;
153}
154#else
21c7eae2 155#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 156#endif
157
158#ifdef CONFIG_SECURITY_SMACK_BRINGUP
159static int smk_bu_task(struct task_struct *otp, int mode, int rc)
160{
b17103a8 161 struct task_smack *tsp = smack_cred(current_cred());
1fb057dc 162 struct smack_known *smk_task = smk_of_task_struct_obj(otp);
d166c802
CS		 163 char acc[SMK_NUM_ACCESS_TYPE + 1];
164
165 if (rc <= 0)
166 return rc;
bf4b2fee
CS		 167 if (rc > SMACK_UNCONFINED_OBJECT)
168 rc = 0;
d166c802
CS		 169
170 smk_bu_mode(mode, acc);
bf4b2fee 171 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 172 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 173 current->comm, otp->comm);
174 return 0;
175}
176#else
177#define smk_bu_task(otp, mode, RC) (RC)
178#endif
179
180#ifdef CONFIG_SECURITY_SMACK_BRINGUP
181static int smk_bu_inode(struct inode *inode, int mode, int rc)
182{
b17103a8 183 struct task_smack *tsp = smack_cred(current_cred());
fb4021b6 184 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 185 char acc[SMK_NUM_ACCESS_TYPE + 1];
186
bf4b2fee
CS		 187 if (isp->smk_flags & SMK_INODE_IMPURE)
188 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
189 inode->i_sb->s_id, inode->i_ino, current->comm);
190
d166c802
CS		 191 if (rc <= 0)
192 return rc;
bf4b2fee
CS		 193 if (rc > SMACK_UNCONFINED_OBJECT)
194 rc = 0;
195 if (rc == SMACK_UNCONFINED_SUBJECT &&
196 (mode & (MAY_WRITE | MAY_APPEND)))
197 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 198
199 smk_bu_mode(mode, acc);
bf4b2fee
CS		 200
201 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
202 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 203 inode->i_sb->s_id, inode->i_ino, current->comm);
204 return 0;
205}
206#else
207#define smk_bu_inode(inode, mode, RC) (RC)
208#endif
209
210#ifdef CONFIG_SECURITY_SMACK_BRINGUP
211static int smk_bu_file(struct file *file, int mode, int rc)
212{
b17103a8 213 struct task_smack *tsp = smack_cred(current_cred());
d166c802 214 struct smack_known *sskp = tsp->smk_task;
5e7270a6 215 struct inode *inode = file_inode(file);
fb4021b6 216 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 217 char acc[SMK_NUM_ACCESS_TYPE + 1];
218
bf4b2fee
CS		 219 if (isp->smk_flags & SMK_INODE_IMPURE)
220 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
221 inode->i_sb->s_id, inode->i_ino, current->comm);
222
d166c802
CS		 223 if (rc <= 0)
224 return rc;
bf4b2fee
CS		 225 if (rc > SMACK_UNCONFINED_OBJECT)
226 rc = 0;
d166c802
CS		 227
228 smk_bu_mode(mode, acc);
bf4b2fee 229 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 230 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 231 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 232 current->comm);
233 return 0;
234}
235#else
236#define smk_bu_file(file, mode, RC) (RC)
237#endif
238
239#ifdef CONFIG_SECURITY_SMACK_BRINGUP
240static int smk_bu_credfile(const struct cred *cred, struct file *file,
241 int mode, int rc)
242{
b17103a8 243 struct task_smack *tsp = smack_cred(cred);
d166c802 244 struct smack_known *sskp = tsp->smk_task;
45063097 245 struct inode *inode = file_inode(file);
fb4021b6 246 struct inode_smack *isp = smack_inode(inode);
d166c802
CS		 247 char acc[SMK_NUM_ACCESS_TYPE + 1];
248
bf4b2fee
CS		 249 if (isp->smk_flags & SMK_INODE_IMPURE)
250 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
251 inode->i_sb->s_id, inode->i_ino, current->comm);
252
d166c802
CS		 253 if (rc <= 0)
254 return rc;
bf4b2fee
CS		 255 if (rc > SMACK_UNCONFINED_OBJECT)
256 rc = 0;
d166c802
CS		 257
258 smk_bu_mode(mode, acc);
bf4b2fee 259 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 260 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 261 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 262 current->comm);
263 return 0;
264}
265#else
266#define smk_bu_credfile(cred, file, mode, RC) (RC)
267#endif
268
e114e473
CS		 269/**
270 * smk_fetch - Fetch the smack label from a file.
1a28979b 271 * @name: type of the label (attribute)
e114e473
CS		 272 * @ip: a pointer to the inode
273 * @dp: a pointer to the dentry
274 *
e774ad68
LP		 275 * Returns a pointer to the master list entry for the Smack label,
276 * NULL if there was no label to fetch, or an error code.
e114e473 277 */
2f823ff8
CS		 278static struct smack_known *smk_fetch(const char *name, struct inode *ip,
279 struct dentry *dp)
e114e473
CS		 280{
281 int rc;
f7112e6c 282 char *buffer;
2f823ff8 283 struct smack_known *skp = NULL;
e114e473 284
5d6c3191 285 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 286 return ERR_PTR(-EOPNOTSUPP);
e114e473 287
e5bfad3d 288 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
f7112e6c 289 if (buffer == NULL)
e774ad68 290 return ERR_PTR(-ENOMEM);
e114e473 291
5d6c3191 292 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 293 if (rc < 0)
294 skp = ERR_PTR(rc);
295 else if (rc == 0)
296 skp = NULL;
297 else
2f823ff8 298 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 299
300 kfree(buffer);
301
2f823ff8 302 return skp;
e114e473
CS		 303}
304
305/**
afb1cbe3 306 * init_inode_smack - initialize an inode security blob
a1a07f22 307 * @inode: inode to extract the info from
21c7eae2 308 * @skp: a pointer to the Smack label entry to use in the blob
e114e473 309 *
e114e473 310 */
afb1cbe3 311static void init_inode_smack(struct inode *inode, struct smack_known *skp)
e114e473 312{
afb1cbe3 313 struct inode_smack *isp = smack_inode(inode);
e114e473 314
21c7eae2 315 isp->smk_inode = skp;
e114e473 316 isp->smk_flags = 0;
e114e473
CS		 317}
318
7898e1f8 319/**
bbd3662a
CS		 320 * init_task_smack - initialize a task security blob
321 * @tsp: blob to initialize
1a28979b
LP		 322 * @task: a pointer to the Smack label for the running task
323 * @forked: a pointer to the Smack label for the forked task
7898e1f8 324 *
7898e1f8 325 */
bbd3662a
CS		 326static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
327 struct smack_known *forked)
7898e1f8 328{
7898e1f8
CS		 329 tsp->smk_task = task;
330 tsp->smk_forked = forked;
331 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 332 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8 333 mutex_init(&tsp->smk_rules_lock);
7898e1f8
CS		 334}
335
336/**
337 * smk_copy_rules - copy a rule set
1a28979b
LP		 338 * @nhead: new rules header pointer
339 * @ohead: old rules header pointer
340 * @gfp: type of the memory for the allocation
7898e1f8
CS		 341 *
342 * Returns 0 on success, -ENOMEM on error
343 */
344static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
345 gfp_t gfp)
346{
347 struct smack_rule *nrp;
348 struct smack_rule *orp;
349 int rc = 0;
350
7898e1f8 351 list_for_each_entry_rcu(orp, ohead, list) {
4e328b08 352 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
7898e1f8
CS		 353 if (nrp == NULL) {
354 rc = -ENOMEM;
355 break;
356 }
357 *nrp = *orp;
358 list_add_rcu(&nrp->list, nhead);
359 }
360 return rc;
361}
362
38416e53
ZJ		 363/**
364 * smk_copy_relabel - copy smk_relabel labels list
365 * @nhead: new rules header pointer
366 * @ohead: old rules header pointer
367 * @gfp: type of the memory for the allocation
368 *
369 * Returns 0 on success, -ENOMEM on error
370 */
371static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
372 gfp_t gfp)
373{
374 struct smack_known_list_elem *nklep;
375 struct smack_known_list_elem *oklep;
376
38416e53
ZJ		 377 list_for_each_entry(oklep, ohead, list) {
378 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
379 if (nklep == NULL) {
380 smk_destroy_label_list(nhead);
381 return -ENOMEM;
382 }
383 nklep->smk_label = oklep->smk_label;
384 list_add(&nklep->list, nhead);
385 }
386
387 return 0;
388}
389
5663884c
LP		 390/**
391 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
392 * @mode - input mode in form of PTRACE_MODE_*
393 *
394 * Returns a converted MAY_* mode usable by smack rules
395 */
396static inline unsigned int smk_ptrace_mode(unsigned int mode)
397{
3dfb7d8c 398 if (mode & PTRACE_MODE_ATTACH)
5663884c 399 return MAY_READWRITE;
3dfb7d8c
JH		 400 if (mode & PTRACE_MODE_READ)
401 return MAY_READ;
5663884c
LP		 402
403 return 0;
404}
405
406/**
407 * smk_ptrace_rule_check - helper for ptrace access
408 * @tracer: tracer process
21c7eae2 409 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 410 * @mode: ptrace attachment mode (PTRACE_MODE_*)
411 * @func: name of the function that called us, used for audit
412 *
413 * Returns 0 on access granted, -error on error
414 */
21c7eae2
LP		 415static int smk_ptrace_rule_check(struct task_struct *tracer,
416 struct smack_known *tracee_known,
5663884c
LP		 417 unsigned int mode, const char *func)
418{
419 int rc;
420 struct smk_audit_info ad, *saip = NULL;
421 struct task_smack *tsp;
21c7eae2 422 struct smack_known *tracer_known;
dcb569cf 423 const struct cred *tracercred;
5663884c
LP		 424
425 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
426 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
427 smk_ad_setfield_u_tsk(&ad, tracer);
428 saip = &ad;
429 }
430
6d1cff2a 431 rcu_read_lock();
dcb569cf 432 tracercred = __task_cred(tracer);
b17103a8 433 tsp = smack_cred(tracercred);
21c7eae2 434 tracer_known = smk_of_task(tsp);
5663884c 435
66867818
LP		 436 if ((mode & PTRACE_MODE_ATTACH) &&
437 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
438 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 439 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 440 rc = 0;
441 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
442 rc = -EACCES;
dcb569cf 443 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 444 rc = 0;
445 else
446 rc = -EACCES;
447
448 if (saip)
21c7eae2
LP		 449 smack_log(tracer_known->smk_known,
450 tracee_known->smk_known,
451 0, rc, saip);
66867818 452
6d1cff2a 453 rcu_read_unlock();
66867818
LP		 454 return rc;
455 }
456
457 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 458 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 459
460 rcu_read_unlock();
5663884c
LP		 461 return rc;
462}
463
e114e473
CS		 464/*
465 * LSM hooks.
466 * We he, that is fun!
467 */
468
469/**
9e48858f 470 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 471 * @ctp: child task pointer
5663884c 472 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 473 *
474 * Returns 0 if access is OK, an error code otherwise
475 *
5663884c 476 * Do the capability checks.
e114e473 477 */
9e48858f 478static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 479{
2f823ff8 480 struct smack_known *skp;
e114e473 481
1fb057dc 482 skp = smk_of_task_struct_obj(ctp);
ecfcc53f 483
b1d9e6b0 484 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 485}
486
487/**
488 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
489 * @ptp: parent task pointer
490 *
491 * Returns 0 if access is OK, an error code otherwise
492 *
5663884c 493 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 494 */
495static int smack_ptrace_traceme(struct task_struct *ptp)
496{
497 int rc;
2f823ff8 498 struct smack_known *skp;
5cd9c58f 499
b17103a8 500 skp = smk_of_task(smack_cred(current_cred()));
ecfcc53f 501
21c7eae2 502 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 503 return rc;
504}
505
506/**
507 * smack_syslog - Smack approval on syslog
a1a07f22 508 * @typefrom_file: unused
e114e473 509 *
e114e473
CS		 510 * Returns 0 on success, error code otherwise.
511 */
12b3052c 512static int smack_syslog(int typefrom_file)
e114e473 513{
12b3052c 514 int rc = 0;
2f823ff8 515 struct smack_known *skp = smk_of_current();
e114e473 516
1880eff7 517 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 518 return 0;
519
24ea1b6e 520 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 521 rc = -EACCES;
522
523 return rc;
524}
525
e114e473
CS		 526/*
527 * Superblock Hooks.
528 */
529
530/**
531 * smack_sb_alloc_security - allocate a superblock blob
532 * @sb: the superblock getting the blob
533 *
534 * Returns 0 on success or -ENOMEM on error.
535 */
536static int smack_sb_alloc_security(struct super_block *sb)
537{
1aea7808 538 struct superblock_smack *sbsp = smack_superblock(sb);
e114e473 539
21c7eae2
LP		 540 sbsp->smk_root = &smack_known_floor;
541 sbsp->smk_default = &smack_known_floor;
542 sbsp->smk_floor = &smack_known_floor;
543 sbsp->smk_hat = &smack_known_hat;
e830b394 544 /*
9f50eda2 545 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 546 */
e114e473
CS		 547
548 return 0;
549}
550
12085b14
AV		 551struct smack_mnt_opts {
552 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
553};
e114e473 554
204cc0cc
AV		 555static void smack_free_mnt_opts(void *mnt_opts)
556{
12085b14
AV		 557 struct smack_mnt_opts *opts = mnt_opts;
558 kfree(opts->fsdefault);
559 kfree(opts->fsfloor);
560 kfree(opts->fshat);
561 kfree(opts->fsroot);
562 kfree(opts->fstransmute);
204cc0cc
AV		 563 kfree(opts);
564}
e114e473 565
55c0e5bd
AV		 566static int smack_add_opt(int token, const char *s, void **mnt_opts)
567{
568 struct smack_mnt_opts *opts = *mnt_opts;
e114e473 569
55c0e5bd
AV		 570 if (!opts) {
571 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
572 if (!opts)
573 return -ENOMEM;
574 *mnt_opts = opts;
e114e473 575 }
55c0e5bd
AV		 576 if (!s)
577 return -ENOMEM;
e114e473 578
55c0e5bd
AV		 579 switch (token) {
580 case Opt_fsdefault:
581 if (opts->fsdefault)
582 goto out_opt_err;
583 opts->fsdefault = s;
584 break;
585 case Opt_fsfloor:
586 if (opts->fsfloor)
587 goto out_opt_err;
588 opts->fsfloor = s;
589 break;
590 case Opt_fshat:
591 if (opts->fshat)
592 goto out_opt_err;
593 opts->fshat = s;
594 break;
595 case Opt_fsroot:
596 if (opts->fsroot)
597 goto out_opt_err;
598 opts->fsroot = s;
599 break;
600 case Opt_fstransmute:
601 if (opts->fstransmute)
602 goto out_opt_err;
603 opts->fstransmute = s;
604 break;
605 }
e114e473 606 return 0;
55c0e5bd
AV		 607
608out_opt_err:
609 pr_warn("Smack: duplicate mount options\n");
610 return -EINVAL;
e114e473
CS		 611}
612
0b52075e
AV		 613/**
614 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
615 * @fc: The new filesystem context.
616 * @src_fc: The source filesystem context being duplicated.
617 *
618 * Returns 0 on success or -ENOMEM on error.
619 */
620static int smack_fs_context_dup(struct fs_context *fc,
621 struct fs_context *src_fc)
622{
623 struct smack_mnt_opts *dst, *src = src_fc->security;
624
625 if (!src)
626 return 0;
627
628 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
629 if (!fc->security)
630 return -ENOMEM;
631 dst = fc->security;
632
633 if (src->fsdefault) {
634 dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
635 if (!dst->fsdefault)
636 return -ENOMEM;
637 }
638 if (src->fsfloor) {
639 dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
640 if (!dst->fsfloor)
641 return -ENOMEM;
642 }
643 if (src->fshat) {
644 dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
645 if (!dst->fshat)
646 return -ENOMEM;
647 }
648 if (src->fsroot) {
649 dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
650 if (!dst->fsroot)
651 return -ENOMEM;
652 }
653 if (src->fstransmute) {
654 dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
655 if (!dst->fstransmute)
656 return -ENOMEM;
657 }
658 return 0;
659}
660
d7167b14 661static const struct fs_parameter_spec smack_fs_parameters[] = {
6e7739fc
CS		 662 fsparam_string("smackfsdef", Opt_fsdefault),
663 fsparam_string("smackfsdefault", Opt_fsdefault),
664 fsparam_string("smackfsfloor", Opt_fsfloor),
665 fsparam_string("smackfshat", Opt_fshat),
666 fsparam_string("smackfsroot", Opt_fsroot),
667 fsparam_string("smackfstransmute", Opt_fstransmute),
2febd254
DH		 668 {}
669};
670
2febd254
DH		 671/**
672 * smack_fs_context_parse_param - Parse a single mount parameter
673 * @fc: The new filesystem context being constructed.
674 * @param: The parameter.
675 *
676 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
677 * error.
678 */
679static int smack_fs_context_parse_param(struct fs_context *fc,
680 struct fs_parameter *param)
681{
682 struct fs_parse_result result;
683 int opt, rc;
684
d7167b14 685 opt = fs_parse(fc, smack_fs_parameters, param, &result);
2febd254
DH		 686 if (opt < 0)
687 return opt;
688
689 rc = smack_add_opt(opt, param->string, &fc->security);
690 if (!rc)
691 param->string = NULL;
692 return rc;
693}
694
d2497e12 695static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
3bf2789c 696{
d2497e12
AV		 697 char *from = options, *to = options;
698 bool first = true;
3bf2789c 699
c3300aaf
AV		 700 while (1) {
701 char *next = strchr(from, ',');
702 int token, len, rc;
703 char *arg = NULL;
3bf2789c 704
c3300aaf
AV		 705 if (next)
706 len = next - from;
707 else
708 len = strlen(from);
3bf2789c 709
c3300aaf 710 token = match_opt_prefix(from, len, &arg);
d2497e12
AV		 711 if (token != Opt_error) {
712 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
713 rc = smack_add_opt(token, arg, mnt_opts);
714 if (unlikely(rc)) {
715 kfree(arg);
716 if (*mnt_opts)
717 smack_free_mnt_opts(*mnt_opts);
718 *mnt_opts = NULL;
719 return rc;
720 }
721 } else {
722 if (!first) { // copy with preceding comma
723 from--;
724 len++;
725 }
726 if (to != from)
727 memmove(to, from, len);
728 to += len;
729 first = false;
3bf2789c 730 }
c3300aaf
AV		 731 if (!from[len])
732 break;
733 from += len + 1;
3bf2789c 734 }
d2497e12 735 *to = '\0';
3bf2789c 736 return 0;
3bf2789c
VT		 737}
738
739/**
740 * smack_set_mnt_opts - set Smack specific mount options
e114e473 741 * @sb: the file system superblock
a1a07f22 742 * @mnt_opts: Smack mount options
3bf2789c
VT		 743 * @kern_flags: mount option from kernel space or user space
744 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 745 *
746 * Returns 0 on success, an error code on failure
3bf2789c
VT		 747 *
748 * Allow filesystems with binary mount data to explicitly set Smack mount
749 * labels.
e114e473 750 */
3bf2789c 751static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 752 void *mnt_opts,
3bf2789c
VT		 753 unsigned long kern_flags,
754 unsigned long *set_kern_flags)
e114e473
CS		 755{
756 struct dentry *root = sb->s_root;
c6f493d6 757 struct inode *inode = d_backing_inode(root);
1aea7808 758 struct superblock_smack *sp = smack_superblock(sb);
e114e473 759 struct inode_smack *isp;
24ea1b6e 760 struct smack_known *skp;
12085b14
AV		 761 struct smack_mnt_opts *opts = mnt_opts;
762 bool transmute = false;
e114e473 763
9f50eda2 764 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 765 return 0;
eb982cb4 766
afb1cbe3
CS		 767 if (inode->i_security == NULL) {
768 int rc = lsm_inode_alloc(inode);
769
770 if (rc)
771 return rc;
772 }
773
2097f599
HS		 774 if (!smack_privileged(CAP_MAC_ADMIN)) {
775 /*
776 * Unprivileged mounts don't get to specify Smack values.
777 */
12085b14 778 if (opts)
2097f599
HS		 779 return -EPERM;
780 /*
781 * Unprivileged mounts get root and default from the caller.
782 */
783 skp = smk_of_current();
784 sp->smk_root = skp;
785 sp->smk_default = skp;
786 /*
787 * For a handful of fs types with no user-controlled
788 * backing store it's okay to trust security labels
789 * in the filesystem. The rest are untrusted.
790 */
791 if (sb->s_user_ns != &init_user_ns &&
792 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
793 sb->s_magic != RAMFS_MAGIC) {
12085b14 794 transmute = true;
2097f599
HS		 795 sp->smk_flags |= SMK_SB_UNTRUSTED;
796 }
797 }
798
9f50eda2 799 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 800
12085b14
AV		 801 if (opts) {
802 if (opts->fsdefault) {
803 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 804 if (IS_ERR(skp))
805 return PTR_ERR(skp);
3bf2789c 806 sp->smk_default = skp;
12085b14
AV		 807 }
808 if (opts->fsfloor) {
809 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 810 if (IS_ERR(skp))
811 return PTR_ERR(skp);
812 sp->smk_floor = skp;
12085b14
AV		 813 }
814 if (opts->fshat) {
815 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 816 if (IS_ERR(skp))
817 return PTR_ERR(skp);
3bf2789c 818 sp->smk_hat = skp;
12085b14
AV		 819 }
820 if (opts->fsroot) {
821 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 822 if (IS_ERR(skp))
823 return PTR_ERR(skp);
824 sp->smk_root = skp;
12085b14
AV		 825 }
826 if (opts->fstransmute) {
827 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 828 if (IS_ERR(skp))
829 return PTR_ERR(skp);
830 sp->smk_root = skp;
12085b14 831 transmute = true;
e114e473
CS		 832 }
833 }
834
835 /*
836 * Initialize the root inode.
837 */
afb1cbe3 838 init_inode_smack(inode, sp->smk_root);
e114e473 839
afb1cbe3
CS		 840 if (transmute) {
841 isp = smack_inode(inode);
e830b394 842 isp->smk_flags |= SMK_INODE_TRANSMUTE;
afb1cbe3 843 }
e830b394 844
e114e473
CS		 845 return 0;
846}
847
848/**
849 * smack_sb_statfs - Smack check on statfs
850 * @dentry: identifies the file system in question
851 *
852 * Returns 0 if current can read the floor of the filesystem,
853 * and error code otherwise
854 */
855static int smack_sb_statfs(struct dentry *dentry)
856{
1aea7808 857 struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
ecfcc53f
EB		 858 int rc;
859 struct smk_audit_info ad;
860
a269434d 861 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 862 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 863
ecfcc53f 864 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 865 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 866 return rc;
e114e473
CS		 867}
868
676dac4b
CS		 869/*
870 * BPRM hooks
871 */
872
ce8a4321 873/**
b8bff599 874 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
ce8a4321
CS		 875 * @bprm: the exec information
876 *
5663884c 877 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 878 */
b8bff599 879static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
676dac4b 880{
496ad9aa 881 struct inode *inode = file_inode(bprm->file);
b17103a8 882 struct task_smack *bsp = smack_cred(bprm->cred);
676dac4b 883 struct inode_smack *isp;
809c02e0 884 struct superblock_smack *sbsp;
676dac4b
CS		 885 int rc;
886
fb4021b6 887 isp = smack_inode(inode);
84088ba2 888 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 889 return 0;
890
1aea7808 891 sbsp = smack_superblock(inode->i_sb);
809c02e0
SF		 892 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
893 isp->smk_task != sbsp->smk_root)
894 return 0;
895
9227dd2a 896 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 897 struct task_struct *tracer;
898 rc = 0;
899
900 rcu_read_lock();
901 tracer = ptrace_parent(current);
902 if (likely(tracer != NULL))
903 rc = smk_ptrace_rule_check(tracer,
21c7eae2 904 isp->smk_task,
5663884c
LP		 905 PTRACE_MODE_ATTACH,
906 __func__);
907 rcu_read_unlock();
908
909 if (rc != 0)
910 return rc;
3675f052
JH		 911 }
912 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
84088ba2 913 return -EPERM;
676dac4b 914
84088ba2
JS		 915 bsp->smk_task = isp->smk_task;
916 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 917
ccbb6e10
KC		 918 /* Decide if this is a secure exec. */
919 if (bsp->smk_task != bsp->smk_forked)
920 bprm->secureexec = 1;
921
84088ba2
JS		 922 return 0;
923}
676dac4b 924
e114e473
CS		 925/*
926 * Inode hooks
927 */
928
929/**
930 * smack_inode_alloc_security - allocate an inode blob
251a2a95 931 * @inode: the inode in need of a blob
e114e473 932 *
a1a07f22 933 * Returns 0
e114e473
CS		 934 */
935static int smack_inode_alloc_security(struct inode *inode)
936{
2f823ff8
CS		 937 struct smack_known *skp = smk_of_current();
938
afb1cbe3 939 init_inode_smack(inode, skp);
e114e473
CS		 940 return 0;
941}
942
e114e473
CS		 943/**
944 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 945 * @inode: the newly created inode
946 * @dir: containing directory object
2a7dba39 947 * @qstr: unused
e114e473
CS		 948 * @name: where to put the attribute name
949 * @value: where to put the attribute value
950 * @len: where to put the length of the attribute
951 *
952 * Returns 0 if it all works out, -ENOMEM if there's no memory
953 */
954static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 955 const struct qstr *qstr, const char **name,
2a7dba39 956 void **value, size_t *len)
e114e473 957{
fb4021b6 958 struct inode_smack *issp = smack_inode(inode);
2f823ff8 959 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 960 struct smack_known *isp = smk_of_inode(inode);
961 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 962 int may;
e114e473 963
9548906b
TH		 964 if (name)
965 *name = XATTR_SMACK_SUFFIX;
e114e473 966
68390ccf 967 if (value && len) {
7898e1f8 968 rcu_read_lock();
21c7eae2
LP		 969 may = smk_access_entry(skp->smk_known, dsp->smk_known,
970 &skp->smk_rules);
7898e1f8 971 rcu_read_unlock();
5c6d1125
JS		 972
973 /*
974 * If the access rule allows transmutation and
975 * the directory requests transmutation then
976 * by all means transmute.
2267b13a 977 * Mark the inode as changed.
5c6d1125 978 */
7898e1f8 979 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 980 smk_inode_transmutable(dir)) {
5c6d1125 981 isp = dsp;
2267b13a
CS		 982 issp->smk_flags |= SMK_INODE_CHANGED;
983 }
5c6d1125 984
21c7eae2 985 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 986 if (*value == NULL)
987 return -ENOMEM;
e114e473 988
21c7eae2 989 *len = strlen(isp->smk_known);
68390ccf 990 }
e114e473
CS		 991
992 return 0;
993}
994
995/**
996 * smack_inode_link - Smack check on link
997 * @old_dentry: the existing object
998 * @dir: unused
999 * @new_dentry: the new object
1000 *
1001 * Returns 0 if access is permitted, an error code otherwise
1002 */
1003static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1004 struct dentry *new_dentry)
1005{
21c7eae2 1006 struct smack_known *isp;
ecfcc53f
EB		 1007 struct smk_audit_info ad;
1008 int rc;
1009
a269434d 1010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1011 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1012
c6f493d6 1013 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1014 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1015 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1016
8802565b 1017 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1018 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1019 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1020 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1021 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1022 }
1023
1024 return rc;
1025}
1026
1027/**
1028 * smack_inode_unlink - Smack check on inode deletion
1029 * @dir: containing directory object
1030 * @dentry: file to unlink
1031 *
1032 * Returns 0 if current can write the containing directory
1033 * and the object, error code otherwise
1034 */
1035static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1036{
c6f493d6 1037 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1038 struct smk_audit_info ad;
e114e473
CS		 1039 int rc;
1040
a269434d 1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1042 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1043
e114e473
CS		 1044 /*
1045 * You need write access to the thing you're unlinking
1046 */
ecfcc53f 1047 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1048 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1049 if (rc == 0) {
e114e473
CS		 1050 /*
1051 * You also need write access to the containing directory
1052 */
cdb56b60 1053 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1054 smk_ad_setfield_u_fs_inode(&ad, dir);
1055 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1056 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1057 }
e114e473
CS		 1058 return rc;
1059}
1060
1061/**
1062 * smack_inode_rmdir - Smack check on directory deletion
1063 * @dir: containing directory object
1064 * @dentry: directory to unlink
1065 *
1066 * Returns 0 if current can write the containing directory
1067 * and the directory, error code otherwise
1068 */
1069static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1070{
ecfcc53f 1071 struct smk_audit_info ad;
e114e473
CS		 1072 int rc;
1073
a269434d 1074 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1075 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1076
e114e473
CS		 1077 /*
1078 * You need write access to the thing you're removing
1079 */
c6f493d6
DH		 1080 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1081 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1082 if (rc == 0) {
e114e473
CS		 1083 /*
1084 * You also need write access to the containing directory
1085 */
cdb56b60 1086 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1087 smk_ad_setfield_u_fs_inode(&ad, dir);
1088 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1089 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1090 }
e114e473
CS		 1091
1092 return rc;
1093}
1094
1095/**
1096 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1097 * @old_inode: unused
1098 * @old_dentry: the old object
1099 * @new_inode: unused
1100 * @new_dentry: the new object
e114e473
CS		 1101 *
1102 * Read and write access is required on both the old and
1103 * new directories.
1104 *
1105 * Returns 0 if access is permitted, an error code otherwise
1106 */
1107static int smack_inode_rename(struct inode *old_inode,
1108 struct dentry *old_dentry,
1109 struct inode *new_inode,
1110 struct dentry *new_dentry)
1111{
1112 int rc;
21c7eae2 1113 struct smack_known *isp;
ecfcc53f
EB		 1114 struct smk_audit_info ad;
1115
a269434d 1116 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1117 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1118
c6f493d6 1119 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1120 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1121 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1122
8802565b 1123 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1124 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1125 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1126 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1127 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1128 }
e114e473
CS		 1129 return rc;
1130}
1131
1132/**
1133 * smack_inode_permission - Smack version of permission()
1134 * @inode: the inode in question
1135 * @mask: the access requested
e114e473
CS		 1136 *
1137 * This is the important Smack hook.
1138 *
a1a07f22 1139 * Returns 0 if access is permitted, an error code otherwise
e114e473 1140 */
e74f71eb 1141static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1142{
1aea7808 1143 struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
ecfcc53f 1144 struct smk_audit_info ad;
e74f71eb 1145 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1146 int rc;
d09ca739
EP		 1147
1148 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1149 /*
1150 * No permission to check. Existence test. Yup, it's there.
1151 */
1152 if (mask == 0)
1153 return 0;
8c9e80ed 1154
9f50eda2
SF		 1155 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1156 if (smk_of_inode(inode) != sbsp->smk_root)
1157 return -EACCES;
1158 }
1159
8c9e80ed 1160 /* May be droppable after audit */
e74f71eb 1161 if (no_block)
8c9e80ed 1162 return -ECHILD;
f48b7399 1163 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1164 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1165 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1166 rc = smk_bu_inode(inode, mask, rc);
1167 return rc;
e114e473
CS		 1168}
1169
1170/**
1171 * smack_inode_setattr - Smack check for setting attributes
1172 * @dentry: the object
1173 * @iattr: for the force flag
1174 *
1175 * Returns 0 if access is permitted, an error code otherwise
1176 */
1177static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1178{
ecfcc53f 1179 struct smk_audit_info ad;
d166c802
CS		 1180 int rc;
1181
e114e473
CS		 1182 /*
1183 * Need to allow for clearing the setuid bit.
1184 */
1185 if (iattr->ia_valid & ATTR_FORCE)
1186 return 0;
a269434d 1187 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1188 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1189
c6f493d6
DH		 1190 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1191 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1192 return rc;
e114e473
CS		 1193}
1194
1195/**
1196 * smack_inode_getattr - Smack check for getting attributes
a1a07f22 1197 * @path: path to extract the info from
e114e473
CS		 1198 *
1199 * Returns 0 if access is permitted, an error code otherwise
1200 */
3f7036a0 1201static int smack_inode_getattr(const struct path *path)
e114e473 1202{
ecfcc53f 1203 struct smk_audit_info ad;
c6f493d6 1204 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1205 int rc;
ecfcc53f 1206
f48b7399 1207 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1208 smk_ad_setfield_u_fs_path(&ad, *path);
1209 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1210 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1211 return rc;
e114e473
CS		 1212}
1213
1214/**
1215 * smack_inode_setxattr - Smack check for setting xattrs
1216 * @dentry: the object
1217 * @name: name of the attribute
e95ef49b
LP		 1218 * @value: value of the attribute
1219 * @size: size of the value
e114e473
CS		 1220 * @flags: unused
1221 *
1222 * This protects the Smack attribute explicitly.
1223 *
1224 * Returns 0 if access is permitted, an error code otherwise
1225 */
71bc356f
CB		 1226static int smack_inode_setxattr(struct user_namespace *mnt_userns,
1227 struct dentry *dentry, const char *name,
8f0cfa52 1228 const void *value, size_t size, int flags)
e114e473 1229{
ecfcc53f 1230 struct smk_audit_info ad;
19760ad0
CS		 1231 struct smack_known *skp;
1232 int check_priv = 0;
1233 int check_import = 0;
1234 int check_star = 0;
bcdca225 1235 int rc = 0;
e114e473 1236
19760ad0
CS		 1237 /*
1238 * Check label validity here so import won't fail in post_setxattr
1239 */
bcdca225
CS		 1240 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1241 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1242 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1243 check_priv = 1;
1244 check_import = 1;
1245 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1246 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1247 check_priv = 1;
1248 check_import = 1;
1249 check_star = 1;
5c6d1125 1250 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1251 check_priv = 1;
5c6d1125
JS		 1252 if (size != TRANS_TRUE_SIZE ||
1253 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1254 rc = -EINVAL;
bcdca225
CS		 1255 } else
1256 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1257
19760ad0
CS		 1258 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1259 rc = -EPERM;
1260
1261 if (rc == 0 && check_import) {
b862e561 1262 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1263 if (IS_ERR(skp))
1264 rc = PTR_ERR(skp);
1265 else if (skp == NULL || (check_star &&
19760ad0
CS		 1266 (skp == &smack_known_star || skp == &smack_known_web)))
1267 rc = -EINVAL;
1268 }
1269
a269434d 1270 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1271 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1272
d166c802 1273 if (rc == 0) {
c6f493d6
DH		 1274 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1275 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1276 }
bcdca225
CS		 1277
1278 return rc;
e114e473
CS		 1279}
1280
1281/**
1282 * smack_inode_post_setxattr - Apply the Smack update approved above
1283 * @dentry: object
1284 * @name: attribute name
1285 * @value: attribute value
1286 * @size: attribute size
1287 * @flags: unused
1288 *
1289 * Set the pointer in the inode blob to the entry found
1290 * in the master label list.
1291 */
8f0cfa52
DH		 1292static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1293 const void *value, size_t size, int flags)
e114e473 1294{
2f823ff8 1295 struct smack_known *skp;
fb4021b6 1296 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
676dac4b 1297
2f823ff8
CS		 1298 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1299 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1300 return;
1301 }
1302
676dac4b 1303 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1304 skp = smk_import_entry(value, size);
e774ad68 1305 if (!IS_ERR(skp))
21c7eae2 1306 isp->smk_inode = skp;
5c6d1125 1307 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1308 skp = smk_import_entry(value, size);
e774ad68 1309 if (!IS_ERR(skp))
2f823ff8 1310 isp->smk_task = skp;
7898e1f8 1311 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1312 skp = smk_import_entry(value, size);
e774ad68 1313 if (!IS_ERR(skp))
2f823ff8 1314 isp->smk_mmap = skp;
2f823ff8 1315 }
e114e473
CS		 1316
1317 return;
1318}
1319
ce8a4321 1320/**
e114e473
CS		 1321 * smack_inode_getxattr - Smack check on getxattr
1322 * @dentry: the object
1323 * @name: unused
1324 *
1325 * Returns 0 if access is permitted, an error code otherwise
1326 */
8f0cfa52 1327static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1328{
ecfcc53f 1329 struct smk_audit_info ad;
d166c802 1330 int rc;
ecfcc53f 1331
a269434d 1332 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1333 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1334
c6f493d6
DH		 1335 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1336 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1337 return rc;
e114e473
CS		 1338}
1339
ce8a4321 1340/**
e114e473
CS		 1341 * smack_inode_removexattr - Smack check on removexattr
1342 * @dentry: the object
1343 * @name: name of the attribute
1344 *
1345 * Removing the Smack attribute requires CAP_MAC_ADMIN
1346 *
1347 * Returns 0 if access is permitted, an error code otherwise
1348 */
71bc356f
CB		 1349static int smack_inode_removexattr(struct user_namespace *mnt_userns,
1350 struct dentry *dentry, const char *name)
e114e473 1351{
676dac4b 1352 struct inode_smack *isp;
ecfcc53f 1353 struct smk_audit_info ad;
bcdca225 1354 int rc = 0;
e114e473 1355
bcdca225
CS		 1356 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1357 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1358 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1359 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1360 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1361 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1362 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1363 rc = -EPERM;
1364 } else
71bc356f 1365 rc = cap_inode_removexattr(mnt_userns, dentry, name);
bcdca225 1366
f59bdfba
CS		 1367 if (rc != 0)
1368 return rc;
1369
a269434d 1370 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1371 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1372
c6f493d6
DH		 1373 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1374 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1375 if (rc != 0)
1376 return rc;
1377
fb4021b6 1378 isp = smack_inode(d_backing_inode(dentry));
f59bdfba
CS		 1379 /*
1380 * Don't do anything special for these.
1381 * XATTR_NAME_SMACKIPIN
1382 * XATTR_NAME_SMACKIPOUT
f59bdfba 1383 */
8012495e 1384 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1385 struct super_block *sbp = dentry->d_sb;
1aea7808 1386 struct superblock_smack *sbsp = smack_superblock(sbp);
8012495e
JB		 1387
1388 isp->smk_inode = sbsp->smk_default;
1389 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1390 isp->smk_task = NULL;
f59bdfba 1391 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1392 isp->smk_mmap = NULL;
f59bdfba
CS		 1393 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1394 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1395
f59bdfba 1396 return 0;
e114e473
CS		 1397}
1398
1399/**
1400 * smack_inode_getsecurity - get smack xattrs
1401 * @inode: the object
1402 * @name: attribute name
1403 * @buffer: where to put the result
57e7ba04 1404 * @alloc: duplicate memory
e114e473
CS		 1405 *
1406 * Returns the size of the attribute or an error code
1407 */
71bc356f
CB		 1408static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
1409 struct inode *inode, const char *name,
1410 void **buffer, bool alloc)
e114e473
CS		 1411{
1412 struct socket_smack *ssp;
1413 struct socket *sock;
1414 struct super_block *sbp;
1415 struct inode *ip = (struct inode *)inode;
21c7eae2 1416 struct smack_known *isp;
e114e473 1417
57e7ba04 1418 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1419 isp = smk_of_inode(inode);
57e7ba04
CS		 1420 else {
1421 /*
1422 * The rest of the Smack xattrs are only on sockets.
1423 */
1424 sbp = ip->i_sb;
1425 if (sbp->s_magic != SOCKFS_MAGIC)
1426 return -EOPNOTSUPP;
e114e473 1427
57e7ba04
CS		 1428 sock = SOCKET_I(ip);
1429 if (sock == NULL || sock->sk == NULL)
1430 return -EOPNOTSUPP;
e114e473 1431
12ddb08a 1432 ssp = smack_sock(sock->sk);
e114e473 1433
57e7ba04
CS		 1434 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1435 isp = ssp->smk_in;
1436 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1437 isp = ssp->smk_out;
1438 else
1439 return -EOPNOTSUPP;
1440 }
e114e473 1441
57e7ba04
CS		 1442 if (alloc) {
1443 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1444 if (*buffer == NULL)
1445 return -ENOMEM;
e114e473
CS		 1446 }
1447
57e7ba04 1448 return strlen(isp->smk_known);
e114e473
CS		 1449}
1450
1451
1452/**
1453 * smack_inode_listsecurity - list the Smack attributes
1454 * @inode: the object
1455 * @buffer: where they go
1456 * @buffer_size: size of buffer
e114e473
CS		 1457 */
1458static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1459 size_t buffer_size)
1460{
fd5c9d23 1461 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1462
fd5c9d23 1463 if (buffer != NULL && len <= buffer_size)
e114e473 1464 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1465
1466 return len;
e114e473
CS		 1467}
1468
d20bdda6
AD		 1469/**
1470 * smack_inode_getsecid - Extract inode's security id
1471 * @inode: inode to extract the info from
1472 * @secid: where result will be saved
1473 */
d6335d77 1474static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1475{
0f8983cf 1476 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1477
0f8983cf 1478 *secid = skp->smk_secid;
d20bdda6
AD		 1479}
1480
e114e473
CS		 1481/*
1482 * File Hooks
1483 */
1484
491a0b08
CS		 1485/*
1486 * There is no smack_file_permission hook
e114e473
CS		 1487 *
1488 * Should access checks be done on each read or write?
1489 * UNICOS and SELinux say yes.
1490 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1491 *
1492 * I'll say no for now. Smack does not do the frequent
1493 * label changing that SELinux does.
1494 */
e114e473
CS		 1495
1496/**
1497 * smack_file_alloc_security - assign a file security blob
1498 * @file: the object
1499 *
1500 * The security blob for a file is a pointer to the master
1501 * label list, so no allocation is done.
1502 *
5e7270a6
CS		 1503 * f_security is the owner security information. It
1504 * isn't used on file access checks, it's for send_sigio.
1505 *
e114e473
CS		 1506 * Returns 0
1507 */
1508static int smack_file_alloc_security(struct file *file)
1509{
f28952ac 1510 struct smack_known **blob = smack_file(file);
2f823ff8 1511
f28952ac 1512 *blob = smk_of_current();
e114e473
CS		 1513 return 0;
1514}
1515
e114e473
CS		 1516/**
1517 * smack_file_ioctl - Smack check on ioctls
1518 * @file: the object
1519 * @cmd: what to do
1520 * @arg: unused
1521 *
1522 * Relies heavily on the correct use of the ioctl command conventions.
1523 *
1524 * Returns 0 if allowed, error code otherwise
1525 */
1526static int smack_file_ioctl(struct file *file, unsigned int cmd,
1527 unsigned long arg)
1528{
1529 int rc = 0;
ecfcc53f 1530 struct smk_audit_info ad;
5e7270a6 1531 struct inode *inode = file_inode(file);
ecfcc53f 1532
83a1e53f
SWK		 1533 if (unlikely(IS_PRIVATE(inode)))
1534 return 0;
1535
f48b7399 1536 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1537 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1538
d166c802 1539 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1540 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1541 rc = smk_bu_file(file, MAY_WRITE, rc);
1542 }
e114e473 1543
d166c802 1544 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1545 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1546 rc = smk_bu_file(file, MAY_READ, rc);
1547 }
e114e473
CS		 1548
1549 return rc;
1550}
1551
1552/**
1553 * smack_file_lock - Smack check on file locking
1554 * @file: the object
251a2a95 1555 * @cmd: unused
e114e473 1556 *
c0ab6e56 1557 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1558 */
1559static int smack_file_lock(struct file *file, unsigned int cmd)
1560{
ecfcc53f 1561 struct smk_audit_info ad;
d166c802 1562 int rc;
5e7270a6 1563 struct inode *inode = file_inode(file);
ecfcc53f 1564
83a1e53f
SWK		 1565 if (unlikely(IS_PRIVATE(inode)))
1566 return 0;
1567
92f42509
EP		 1568 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1569 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1570 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1571 rc = smk_bu_file(file, MAY_LOCK, rc);
1572 return rc;
e114e473
CS		 1573}
1574
1575/**
1576 * smack_file_fcntl - Smack check on fcntl
1577 * @file: the object
1578 * @cmd: what action to check
1579 * @arg: unused
1580 *
531f1d45
CS		 1581 * Generally these operations are harmless.
1582 * File locking operations present an obvious mechanism
1583 * for passing information, so they require write access.
1584 *
e114e473
CS		 1585 * Returns 0 if current has access, error code otherwise
1586 */
1587static int smack_file_fcntl(struct file *file, unsigned int cmd,
1588 unsigned long arg)
1589{
ecfcc53f 1590 struct smk_audit_info ad;
531f1d45 1591 int rc = 0;
5e7270a6 1592 struct inode *inode = file_inode(file);
ecfcc53f 1593
83a1e53f
SWK		 1594 if (unlikely(IS_PRIVATE(inode)))
1595 return 0;
1596
e114e473 1597 switch (cmd) {
e114e473 1598 case F_GETLK:
c0ab6e56 1599 break;
e114e473
CS		 1600 case F_SETLK:
1601 case F_SETLKW:
c0ab6e56
CS		 1602 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1603 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1604 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1605 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1606 break;
e114e473
CS		 1607 case F_SETOWN:
1608 case F_SETSIG:
531f1d45
CS		 1609 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1610 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1611 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1612 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1613 break;
1614 default:
531f1d45 1615 break;
e114e473
CS		 1616 }
1617
1618 return rc;
1619}
1620
7898e1f8 1621/**
e5467859 1622 * smack_mmap_file :
7898e1f8
CS		 1623 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1624 * if mapping anonymous memory.
1625 * @file contains the file structure for file to map (may be NULL).
1626 * @reqprot contains the protection requested by the application.
1627 * @prot contains the protection that will be applied by the kernel.
1628 * @flags contains the operational flags.
1629 * Return 0 if permission is granted.
1630 */
e5467859 1631static int smack_mmap_file(struct file *file,
7898e1f8 1632 unsigned long reqprot, unsigned long prot,
e5467859 1633 unsigned long flags)
7898e1f8 1634{
272cd7a8 1635 struct smack_known *skp;
2f823ff8 1636 struct smack_known *mkp;
7898e1f8
CS		 1637 struct smack_rule *srp;
1638 struct task_smack *tsp;
21c7eae2 1639 struct smack_known *okp;
7898e1f8 1640 struct inode_smack *isp;
809c02e0 1641 struct superblock_smack *sbsp;
0e0a070d
CS		 1642 int may;
1643 int mmay;
1644 int tmay;
7898e1f8
CS		 1645 int rc;
1646
496ad9aa 1647 if (file == NULL)
7898e1f8
CS		 1648 return 0;
1649
83a1e53f
SWK		 1650 if (unlikely(IS_PRIVATE(file_inode(file))))
1651 return 0;
1652
fb4021b6 1653 isp = smack_inode(file_inode(file));
7898e1f8
CS		 1654 if (isp->smk_mmap == NULL)
1655 return 0;
1aea7808 1656 sbsp = smack_superblock(file_inode(file)->i_sb);
809c02e0
SF		 1657 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1658 isp->smk_mmap != sbsp->smk_root)
1659 return -EACCES;
2f823ff8 1660 mkp = isp->smk_mmap;
7898e1f8 1661
b17103a8 1662 tsp = smack_cred(current_cred());
2f823ff8 1663 skp = smk_of_current();
7898e1f8
CS		 1664 rc = 0;
1665
1666 rcu_read_lock();
1667 /*
1668 * For each Smack rule associated with the subject
1669 * label verify that the SMACK64MMAP also has access
1670 * to that rule's object label.
7898e1f8 1671 */
272cd7a8 1672 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1673 okp = srp->smk_object;
7898e1f8
CS		 1674 /*
1675 * Matching labels always allows access.
1676 */
21c7eae2 1677 if (mkp->smk_known == okp->smk_known)
7898e1f8 1678 continue;
0e0a070d
CS		 1679 /*
1680 * If there is a matching local rule take
1681 * that into account as well.
1682 */
21c7eae2
LP		 1683 may = smk_access_entry(srp->smk_subject->smk_known,
1684 okp->smk_known,
1685 &tsp->smk_rules);
0e0a070d
CS		 1686 if (may == -ENOENT)
1687 may = srp->smk_access;
1688 else
1689 may &= srp->smk_access;
1690 /*
1691 * If may is zero the SMACK64MMAP subject can't
1692 * possibly have less access.
1693 */
1694 if (may == 0)
1695 continue;
1696
1697 /*
1698 * Fetch the global list entry.
1699 * If there isn't one a SMACK64MMAP subject
1700 * can't have as much access as current.
1701 */
21c7eae2
LP		 1702 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1703 &mkp->smk_rules);
0e0a070d
CS		 1704 if (mmay == -ENOENT) {
1705 rc = -EACCES;
1706 break;
1707 }
1708 /*
1709 * If there is a local entry it modifies the
1710 * potential access, too.
1711 */
21c7eae2
LP		 1712 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1713 &tsp->smk_rules);
0e0a070d
CS		 1714 if (tmay != -ENOENT)
1715 mmay &= tmay;
7898e1f8 1716
0e0a070d
CS		 1717 /*
1718 * If there is any access available to current that is
1719 * not available to a SMACK64MMAP subject
1720 * deny access.
1721 */
75a25637 1722 if ((may | mmay) != mmay) {
0e0a070d 1723 rc = -EACCES;
7898e1f8 1724 break;
0e0a070d 1725 }
7898e1f8
CS		 1726 }
1727
1728 rcu_read_unlock();
1729
1730 return rc;
1731}
1732
e114e473
CS		 1733/**
1734 * smack_file_set_fowner - set the file security blob value
1735 * @file: object in question
1736 *
e114e473 1737 */
e0b93edd 1738static void smack_file_set_fowner(struct file *file)
e114e473 1739{
f28952ac
CS		 1740 struct smack_known **blob = smack_file(file);
1741
1742 *blob = smk_of_current();
e114e473
CS		 1743}
1744
1745/**
1746 * smack_file_send_sigiotask - Smack on sigio
1747 * @tsk: The target task
1748 * @fown: the object the signal come from
1749 * @signum: unused
1750 *
1751 * Allow a privileged task to get signals even if it shouldn't
1752 *
1753 * Returns 0 if a subject with the object's smack could
1754 * write to the task, an error code otherwise.
1755 */
1756static int smack_file_send_sigiotask(struct task_struct *tsk,
1757 struct fown_struct *fown, int signum)
1758{
f28952ac 1759 struct smack_known **blob;
2f823ff8 1760 struct smack_known *skp;
b17103a8 1761 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
dcb569cf 1762 const struct cred *tcred;
e114e473
CS		 1763 struct file *file;
1764 int rc;
ecfcc53f 1765 struct smk_audit_info ad;
e114e473
CS		 1766
1767 /*
1768 * struct fown_struct is never outside the context of a struct file
1769 */
1770 file = container_of(fown, struct file, f_owner);
7898e1f8 1771
ecfcc53f 1772 /* we don't log here as rc can be overriden */
f28952ac
CS		 1773 blob = smack_file(file);
1774 skp = *blob;
c60b9066
CS		 1775 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1776 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1777
1778 rcu_read_lock();
1779 tcred = __task_cred(tsk);
1780 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1781 rc = 0;
dcb569cf 1782 rcu_read_unlock();
ecfcc53f
EB		 1783
1784 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1785 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1786 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1787 return rc;
1788}
1789
1790/**
1791 * smack_file_receive - Smack file receive check
1792 * @file: the object
1793 *
1794 * Returns 0 if current has access, error code otherwise
1795 */
1796static int smack_file_receive(struct file *file)
1797{
d166c802 1798 int rc;
e114e473 1799 int may = 0;
ecfcc53f 1800 struct smk_audit_info ad;
5e7270a6 1801 struct inode *inode = file_inode(file);
79be0935
CS		 1802 struct socket *sock;
1803 struct task_smack *tsp;
1804 struct socket_smack *ssp;
e114e473 1805
9777582e
SWK		 1806 if (unlikely(IS_PRIVATE(inode)))
1807 return 0;
1808
4482a44f 1809 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1810 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1811
51d59af2 1812 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935 1813 sock = SOCKET_I(inode);
12ddb08a 1814 ssp = smack_sock(sock->sk);
b17103a8 1815 tsp = smack_cred(current_cred());
79be0935
CS		 1816 /*
1817 * If the receiving process can't write to the
1818 * passed socket or if the passed socket can't
1819 * write to the receiving process don't accept
1820 * the passed socket.
1821 */
1822 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1823 rc = smk_bu_file(file, may, rc);
1824 if (rc < 0)
1825 return rc;
1826 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1827 rc = smk_bu_file(file, may, rc);
1828 return rc;
1829 }
e114e473
CS		 1830 /*
1831 * This code relies on bitmasks.
1832 */
1833 if (file->f_mode & FMODE_READ)
1834 may = MAY_READ;
1835 if (file->f_mode & FMODE_WRITE)
1836 may |= MAY_WRITE;
1837
5e7270a6 1838 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1839 rc = smk_bu_file(file, may, rc);
1840 return rc;
e114e473
CS		 1841}
1842
531f1d45 1843/**
83d49856 1844 * smack_file_open - Smack dentry open processing
531f1d45 1845 * @file: the object
531f1d45
CS		 1846 *
1847 * Set the security blob in the file structure.
a6834c0b
CS		 1848 * Allow the open only if the task has read access. There are
1849 * many read operations (e.g. fstat) that you can do with an
1850 * fd even if you have the file open write-only.
531f1d45 1851 *
a1a07f22 1852 * Returns 0 if current has access, error code otherwise
531f1d45 1853 */
94817692 1854static int smack_file_open(struct file *file)
531f1d45 1855{
b17103a8 1856 struct task_smack *tsp = smack_cred(file->f_cred);
5e7270a6 1857 struct inode *inode = file_inode(file);
a6834c0b
CS		 1858 struct smk_audit_info ad;
1859 int rc;
531f1d45 1860
a6834c0b
CS		 1861 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1862 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1863 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 1864 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 1865
1866 return rc;
531f1d45
CS		 1867}
1868
e114e473
CS		 1869/*
1870 * Task hooks
1871 */
1872
ee18d64c
DH		 1873/**
1874 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
a1a07f22 1875 * @cred: the new credentials
ee18d64c
DH		 1876 * @gfp: the atomicity of any memory allocations
1877 *
1878 * Prepare a blank set of credentials for modification. This must allocate all
1879 * the memory the LSM module might require such that cred_transfer() can
1880 * complete without error.
1881 */
1882static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1883{
bbd3662a 1884 init_task_smack(smack_cred(cred), NULL, NULL);
ee18d64c
DH		 1885 return 0;
1886}
1887
1888
e114e473 1889/**
f1752eec
DH		 1890 * smack_cred_free - "free" task-level security credentials
1891 * @cred: the credentials in question
e114e473 1892 *
e114e473 1893 */
f1752eec 1894static void smack_cred_free(struct cred *cred)
e114e473 1895{
b17103a8 1896 struct task_smack *tsp = smack_cred(cred);
7898e1f8
CS		 1897 struct smack_rule *rp;
1898 struct list_head *l;
1899 struct list_head *n;
1900
38416e53
ZJ		 1901 smk_destroy_label_list(&tsp->smk_relabel);
1902
7898e1f8
CS		 1903 list_for_each_safe(l, n, &tsp->smk_rules) {
1904 rp = list_entry(l, struct smack_rule, list);
1905 list_del(&rp->list);
4e328b08 1906 kmem_cache_free(smack_rule_cache, rp);
7898e1f8 1907 }
e114e473
CS		 1908}
1909
d84f4f99
DH		 1910/**
1911 * smack_cred_prepare - prepare new set of credentials for modification
1912 * @new: the new credentials
1913 * @old: the original credentials
1914 * @gfp: the atomicity of any memory allocations
1915 *
1916 * Prepare a new set of credentials for modification.
1917 */
1918static int smack_cred_prepare(struct cred *new, const struct cred *old,
1919 gfp_t gfp)
1920{
b17103a8 1921 struct task_smack *old_tsp = smack_cred(old);
bbd3662a 1922 struct task_smack *new_tsp = smack_cred(new);
7898e1f8 1923 int rc;
676dac4b 1924
bbd3662a 1925 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
b437aba8 1926
7898e1f8
CS		 1927 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1928 if (rc != 0)
1929 return rc;
1930
38416e53
ZJ		 1931 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1932 gfp);
bbd3662a 1933 return rc;
d84f4f99
DH		 1934}
1935
ee18d64c
DH		 1936/**
1937 * smack_cred_transfer - Transfer the old credentials to the new credentials
1938 * @new: the new credentials
1939 * @old: the original credentials
1940 *
1941 * Fill in a set of blank credentials from another set of credentials.
1942 */
1943static void smack_cred_transfer(struct cred *new, const struct cred *old)
1944{
b17103a8
CS		 1945 struct task_smack *old_tsp = smack_cred(old);
1946 struct task_smack *new_tsp = smack_cred(new);
676dac4b
CS		 1947
1948 new_tsp->smk_task = old_tsp->smk_task;
1949 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1950 mutex_init(&new_tsp->smk_rules_lock);
1951 INIT_LIST_HEAD(&new_tsp->smk_rules);
1952
7898e1f8 1953 /* cbs copy rule list */
ee18d64c
DH		 1954}
1955
3ec30113
MG		 1956/**
1957 * smack_cred_getsecid - get the secid corresponding to a creds structure
a1a07f22 1958 * @cred: the object creds
3ec30113
MG		 1959 * @secid: where to put the result
1960 *
1961 * Sets the secid to contain a u32 version of the smack label.
1962 */
b17103a8 1963static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
3ec30113
MG		 1964{
1965 struct smack_known *skp;
1966
1967 rcu_read_lock();
b17103a8 1968 skp = smk_of_task(smack_cred(cred));
3ec30113
MG		 1969 *secid = skp->smk_secid;
1970 rcu_read_unlock();
1971}
1972
3a3b7ce9
DH		 1973/**
1974 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 1975 * @new: points to the set of credentials to be modified.
1976 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 1977 *
1978 * Set the security data for a kernel service.
1979 */
1980static int smack_kernel_act_as(struct cred *new, u32 secid)
1981{
b17103a8 1982 struct task_smack *new_tsp = smack_cred(new);
3a3b7ce9 1983
152f91d4 1984 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 1985 return 0;
1986}
1987
1988/**
1989 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 1990 * @new: points to the set of credentials to be modified
1991 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 1992 *
1993 * Set the file creation context in a set of credentials to the same
1994 * as the objective context of the specified inode
1995 */
1996static int smack_kernel_create_files_as(struct cred *new,
1997 struct inode *inode)
1998{
fb4021b6 1999 struct inode_smack *isp = smack_inode(inode);
b17103a8 2000 struct task_smack *tsp = smack_cred(new);
3a3b7ce9 2001
21c7eae2 2002 tsp->smk_forked = isp->smk_inode;
2f823ff8 2003 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2004 return 0;
2005}
2006
ecfcc53f
EB		 2007/**
2008 * smk_curacc_on_task - helper to log task related access
2009 * @p: the task object
531f1d45
CS		 2010 * @access: the access requested
2011 * @caller: name of the calling function for audit
ecfcc53f
EB		 2012 *
2013 * Return 0 if access is permitted
2014 */
531f1d45
CS		 2015static int smk_curacc_on_task(struct task_struct *p, int access,
2016 const char *caller)
ecfcc53f
EB		 2017{
2018 struct smk_audit_info ad;
a3727a8b 2019 struct smack_known *skp = smk_of_task_struct_obj(p);
d166c802 2020 int rc;
ecfcc53f 2021
531f1d45 2022 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2023 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2024 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2025 rc = smk_bu_task(p, access, rc);
2026 return rc;
ecfcc53f
EB		 2027}
2028
e114e473
CS		 2029/**
2030 * smack_task_setpgid - Smack check on setting pgid
2031 * @p: the task object
2032 * @pgid: unused
2033 *
2034 * Return 0 if write access is permitted
2035 */
2036static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2037{
531f1d45 2038 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2039}
2040
2041/**
2042 * smack_task_getpgid - Smack access check for getpgid
2043 * @p: the object task
2044 *
2045 * Returns 0 if current can read the object task, error code otherwise
2046 */
2047static int smack_task_getpgid(struct task_struct *p)
2048{
531f1d45 2049 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2050}
2051
2052/**
2053 * smack_task_getsid - Smack access check for getsid
2054 * @p: the object task
2055 *
2056 * Returns 0 if current can read the object task, error code otherwise
2057 */
2058static int smack_task_getsid(struct task_struct *p)
2059{
531f1d45 2060 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2061}
2062
2063/**
1fb057dc
PM		 2064 * smack_task_getsecid_subj - get the subjective secid of the task
2065 * @p: the task
e114e473
CS		 2066 * @secid: where to put the result
2067 *
1fb057dc
PM		 2068 * Sets the secid to contain a u32 version of the task's subjective smack label.
2069 */
2070static void smack_task_getsecid_subj(struct task_struct *p, u32 *secid)
2071{
2072 struct smack_known *skp = smk_of_task_struct_subj(p);
2073
2074 *secid = skp->smk_secid;
2075}
2076
2077/**
2078 * smack_task_getsecid_obj - get the objective secid of the task
2079 * @p: the task
2080 * @secid: where to put the result
2081 *
2082 * Sets the secid to contain a u32 version of the task's objective smack label.
e114e473 2083 */
1fb057dc 2084static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
e114e473 2085{
1fb057dc 2086 struct smack_known *skp = smk_of_task_struct_obj(p);
2f823ff8
CS		 2087
2088 *secid = skp->smk_secid;
e114e473
CS		 2089}
2090
2091/**
2092 * smack_task_setnice - Smack check on setting nice
2093 * @p: the task object
2094 * @nice: unused
2095 *
2096 * Return 0 if write access is permitted
2097 */
2098static int smack_task_setnice(struct task_struct *p, int nice)
2099{
b1d9e6b0 2100 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2101}
2102
2103/**
2104 * smack_task_setioprio - Smack check on setting ioprio
2105 * @p: the task object
2106 * @ioprio: unused
2107 *
2108 * Return 0 if write access is permitted
2109 */
2110static int smack_task_setioprio(struct task_struct *p, int ioprio)
2111{
b1d9e6b0 2112 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2113}
2114
2115/**
2116 * smack_task_getioprio - Smack check on reading ioprio
2117 * @p: the task object
2118 *
2119 * Return 0 if read access is permitted
2120 */
2121static int smack_task_getioprio(struct task_struct *p)
2122{
531f1d45 2123 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2124}
2125
2126/**
2127 * smack_task_setscheduler - Smack check on setting scheduler
2128 * @p: the task object
e114e473
CS		 2129 *
2130 * Return 0 if read access is permitted
2131 */
b0ae1981 2132static int smack_task_setscheduler(struct task_struct *p)
e114e473 2133{
b1d9e6b0 2134 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2135}
2136
2137/**
2138 * smack_task_getscheduler - Smack check on reading scheduler
2139 * @p: the task object
2140 *
2141 * Return 0 if read access is permitted
2142 */
2143static int smack_task_getscheduler(struct task_struct *p)
2144{
531f1d45 2145 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2146}
2147
2148/**
2149 * smack_task_movememory - Smack check on moving memory
2150 * @p: the task object
2151 *
2152 * Return 0 if write access is permitted
2153 */
2154static int smack_task_movememory(struct task_struct *p)
2155{
531f1d45 2156 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2157}
2158
2159/**
2160 * smack_task_kill - Smack check on signal delivery
2161 * @p: the task object
2162 * @info: unused
2163 * @sig: unused
6b4f3d01 2164 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2165 *
2166 * Return 0 if write access is permitted
2167 *
e114e473 2168 */
ae7795bc 2169static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2170 int sig, const struct cred *cred)
e114e473 2171{
ecfcc53f 2172 struct smk_audit_info ad;
2f823ff8 2173 struct smack_known *skp;
1fb057dc 2174 struct smack_known *tkp = smk_of_task_struct_obj(p);
d166c802 2175 int rc;
ecfcc53f 2176
18d872f7
RK		 2177 if (!sig)
2178 return 0; /* null signal; existence test */
2179
ecfcc53f
EB		 2180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2181 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2182 /*
2183 * Sending a signal requires that the sender
2184 * can write the receiver.
2185 */
6b4f3d01 2186 if (cred == NULL) {
c60b9066
CS		 2187 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2188 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2189 return rc;
2190 }
e114e473 2191 /*
6b4f3d01 2192 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2193 * specific behavior. This is not clean. For one thing
2194 * we can't take privilege into account.
2195 */
b17103a8 2196 skp = smk_of_task(smack_cred(cred));
c60b9066
CS		 2197 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2198 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2199 return rc;
e114e473
CS		 2200}
2201
e114e473
CS		 2202/**
2203 * smack_task_to_inode - copy task smack into the inode blob
2204 * @p: task to copy from
251a2a95 2205 * @inode: inode to copy to
e114e473
CS		 2206 *
2207 * Sets the smack pointer in the inode security blob
2208 */
2209static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2210{
fb4021b6 2211 struct inode_smack *isp = smack_inode(inode);
1fb057dc 2212 struct smack_known *skp = smk_of_task_struct_obj(p);
2f823ff8 2213
21c7eae2 2214 isp->smk_inode = skp;
7b4e8843 2215 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2216}
2217
2218/*
2219 * Socket hooks.
2220 */
2221
2222/**
2223 * smack_sk_alloc_security - Allocate a socket blob
2224 * @sk: the socket
2225 * @family: unused
251a2a95 2226 * @gfp_flags: memory allocation flags
e114e473
CS		 2227 *
2228 * Assign Smack pointers to current
2229 *
2230 * Returns 0 on success, -ENOMEM is there's no memory
2231 */
2232static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2233{
2f823ff8 2234 struct smack_known *skp = smk_of_current();
12ddb08a 2235 struct socket_smack *ssp = smack_sock(sk);
e114e473 2236
08382c9f 2237 /*
2238 * Sockets created by kernel threads receive web label.
2239 */
2240 if (unlikely(current->flags & PF_KTHREAD)) {
2241 ssp->smk_in = &smack_known_web;
2242 ssp->smk_out = &smack_known_web;
2243 } else {
2244 ssp->smk_in = skp;
2245 ssp->smk_out = skp;
2246 }
272cd7a8 2247 ssp->smk_packet = NULL;
e114e473 2248
e114e473
CS		 2249 return 0;
2250}
2251
12ddb08a 2252#ifdef SMACK_IPV6_PORT_LABELING
e114e473
CS		 2253/**
2254 * smack_sk_free_security - Free a socket blob
2255 * @sk: the socket
2256 *
2257 * Clears the blob pointer
2258 */
2259static void smack_sk_free_security(struct sock *sk)
2260{
0c96d1f5
VG		 2261 struct smk_port_label *spp;
2262
2263 if (sk->sk_family == PF_INET6) {
2264 rcu_read_lock();
2265 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2266 if (spp->smk_sock != sk)
2267 continue;
2268 spp->smk_can_reuse = 1;
2269 break;
2270 }
2271 rcu_read_unlock();
2272 }
e114e473 2273}
12ddb08a 2274#endif
e114e473 2275
07feee8f 2276/**
21abb1ec 2277* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2278* @sip: the object end
2279*
2280* looks for host based access restrictions
2281*
2282* This version will only be appropriate for really small sets of single label
2283* hosts. The caller is responsible for ensuring that the RCU read lock is
2284* taken before calling this function.
2285*
2286* Returns the label of the far end or NULL if it's not special.
2287*/
21abb1ec 2288static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2289{
21abb1ec 2290 struct smk_net4addr *snp;
07feee8f
PM		 2291 struct in_addr *siap = &sip->sin_addr;
2292
2293 if (siap->s_addr == 0)
2294 return NULL;
2295
21abb1ec
CS		 2296 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2297 /*
2298 * we break after finding the first match because
2299 * the list is sorted from longest to shortest mask
2300 * so we have found the most specific match
2301 */
2302 if (snp->smk_host.s_addr ==
2303 (siap->s_addr & snp->smk_mask.s_addr))
2304 return snp->smk_label;
2305
2306 return NULL;
2307}
2308
21abb1ec
CS		 2309/*
2310 * smk_ipv6_localhost - Check for local ipv6 host address
2311 * @sip: the address
2312 *
2313 * Returns boolean true if this is the localhost address
2314 */
2315static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2316{
2317 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2318 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2319
2320 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2321 ntohs(be16p[7]) == 1)
2322 return true;
2323 return false;
2324}
2325
2326/**
2327* smack_ipv6host_label - check host based restrictions
2328* @sip: the object end
2329*
2330* looks for host based access restrictions
2331*
2332* This version will only be appropriate for really small sets of single label
2333* hosts. The caller is responsible for ensuring that the RCU read lock is
2334* taken before calling this function.
2335*
2336* Returns the label of the far end or NULL if it's not special.
2337*/
2338static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2339{
2340 struct smk_net6addr *snp;
2341 struct in6_addr *sap = &sip->sin6_addr;
2342 int i;
2343 int found = 0;
2344
2345 /*
2346 * It's local. Don't look for a host label.
2347 */
2348 if (smk_ipv6_localhost(sip))
2349 return NULL;
2350
2351 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2352 /*
2353 * If the label is NULL the entry has
2354 * been renounced. Ignore it.
2355 */
2356 if (snp->smk_label == NULL)
2357 continue;
07feee8f
PM		 2358 /*
2359 * we break after finding the first match because
2360 * the list is sorted from longest to shortest mask
2361 * so we have found the most specific match
2362 */
21abb1ec 2363 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2364 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2365 snp->smk_host.s6_addr16[i]) {
2366 found = 0;
2367 break;
2368 }
4303154e 2369 }
21abb1ec
CS		 2370 if (found)
2371 return snp->smk_label;
2372 }
07feee8f
PM		 2373
2374 return NULL;
2375}
2376
e114e473 2377/**
a2af0318 2378 * smack_netlbl_add - Set the secattr on a socket
e114e473
CS		 2379 * @sk: the socket
2380 *
a2af0318 2381 * Attach the outbound smack value (smk_out) to the socket.
e114e473
CS		 2382 *
2383 * Returns 0 on success or an error code
2384 */
a2af0318 2385static int smack_netlbl_add(struct sock *sk)
e114e473 2386{
12ddb08a 2387 struct socket_smack *ssp = smack_sock(sk);
a2af0318
CS		 2388 struct smack_known *skp = ssp->smk_out;
2389 int rc;
e114e473 2390
6d3dc07c
CS		 2391 local_bh_disable();
2392 bh_lock_sock_nested(sk);
2393
a2af0318
CS		 2394 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2395 switch (rc) {
2396 case 0:
2397 ssp->smk_state = SMK_NETLBL_LABELED;
2398 break;
2399 case -EDESTADDRREQ:
2400 ssp->smk_state = SMK_NETLBL_REQSKB;
2401 rc = 0;
2402 break;
6d3dc07c
CS		 2403 }
2404
2405 bh_unlock_sock(sk);
2406 local_bh_enable();
4bc87e62 2407
e114e473
CS		 2408 return rc;
2409}
2410
07feee8f 2411/**
a2af0318
CS		 2412 * smack_netlbl_delete - Remove the secattr from a socket
2413 * @sk: the socket
2414 *
2415 * Remove the outbound smack value from a socket
2416 */
2417static void smack_netlbl_delete(struct sock *sk)
2418{
2419 struct socket_smack *ssp = sk->sk_security;
2420
2421 /*
2422 * Take the label off the socket if one is set.
2423 */
2424 if (ssp->smk_state != SMK_NETLBL_LABELED)
2425 return;
2426
2427 local_bh_disable();
2428 bh_lock_sock_nested(sk);
2429 netlbl_sock_delattr(sk);
2430 bh_unlock_sock(sk);
2431 local_bh_enable();
2432 ssp->smk_state = SMK_NETLBL_UNLABELED;
2433}
2434
2435/**
2436 * smk_ipv4_check - Perform IPv4 host access checks
07feee8f
PM		 2437 * @sk: the socket
2438 * @sap: the destination address
2439 *
2440 * Set the correct secattr for the given socket based on the destination
2441 * address and perform any outbound access checks needed.
2442 *
2443 * Returns 0 on success or an error code.
2444 *
2445 */
a2af0318 2446static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
07feee8f 2447{
2f823ff8 2448 struct smack_known *skp;
a2af0318 2449 int rc = 0;
21c7eae2 2450 struct smack_known *hkp;
12ddb08a 2451 struct socket_smack *ssp = smack_sock(sk);
ecfcc53f 2452 struct smk_audit_info ad;
07feee8f
PM		 2453
2454 rcu_read_lock();
21abb1ec 2455 hkp = smack_ipv4host_label(sap);
21c7eae2 2456 if (hkp != NULL) {
ecfcc53f 2457#ifdef CONFIG_AUDIT
923e9a13
KC		 2458 struct lsm_network_audit net;
2459
48c62af6
EP		 2460 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2461 ad.a.u.net->family = sap->sin_family;
2462 ad.a.u.net->dport = sap->sin_port;
2463 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2464#endif
2f823ff8 2465 skp = ssp->smk_out;
21c7eae2
LP		 2466 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2467 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
a2af0318
CS		 2468 /*
2469 * Clear the socket netlabel if it's set.
2470 */
2471 if (!rc)
2472 smack_netlbl_delete(sk);
07feee8f
PM		 2473 }
2474 rcu_read_unlock();
07feee8f 2475
a2af0318 2476 return rc;
07feee8f
PM		 2477}
2478
21abb1ec
CS		 2479/**
2480 * smk_ipv6_check - check Smack access
2481 * @subject: subject Smack label
2482 * @object: object Smack label
2483 * @address: address
2484 * @act: the action being taken
2485 *
2486 * Check an IPv6 access
2487 */
2488static int smk_ipv6_check(struct smack_known *subject,
2489 struct smack_known *object,
2490 struct sockaddr_in6 *address, int act)
2491{
2492#ifdef CONFIG_AUDIT
2493 struct lsm_network_audit net;
2494#endif
2495 struct smk_audit_info ad;
2496 int rc;
2497
2498#ifdef CONFIG_AUDIT
2499 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2500 ad.a.u.net->family = PF_INET6;
2501 ad.a.u.net->dport = ntohs(address->sin6_port);
2502 if (act == SMK_RECEIVING)
2503 ad.a.u.net->v6info.saddr = address->sin6_addr;
2504 else
2505 ad.a.u.net->v6info.daddr = address->sin6_addr;
2506#endif
2507 rc = smk_access(subject, object, MAY_WRITE, &ad);
2508 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2509 return rc;
2510}
21abb1ec
CS		 2511
2512#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2513/**
2514 * smk_ipv6_port_label - Smack port access table management
2515 * @sock: socket
2516 * @address: address
2517 *
2518 * Create or update the port list entry
2519 */
2520static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2521{
2522 struct sock *sk = sock->sk;
2523 struct sockaddr_in6 *addr6;
12ddb08a 2524 struct socket_smack *ssp = smack_sock(sock->sk);
c6739443
CS		 2525 struct smk_port_label *spp;
2526 unsigned short port = 0;
2527
2528 if (address == NULL) {
2529 /*
2530 * This operation is changing the Smack information
2531 * on the bound socket. Take the changes to the port
2532 * as well.
2533 */
3c7ce342
VG		 2534 rcu_read_lock();
2535 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2536 if (sk != spp->smk_sock)
2537 continue;
2538 spp->smk_in = ssp->smk_in;
2539 spp->smk_out = ssp->smk_out;
3c7ce342 2540 rcu_read_unlock();
c6739443
CS		 2541 return;
2542 }
2543 /*
2544 * A NULL address is only used for updating existing
2545 * bound entries. If there isn't one, it's OK.
2546 */
3c7ce342 2547 rcu_read_unlock();
c6739443
CS		 2548 return;
2549 }
2550
2551 addr6 = (struct sockaddr_in6 *)address;
2552 port = ntohs(addr6->sin6_port);
2553 /*
2554 * This is a special case that is safely ignored.
2555 */
2556 if (port == 0)
2557 return;
2558
2559 /*
2560 * Look for an existing port list entry.
2561 * This is an indication that a port is getting reused.
2562 */
3c7ce342
VG		 2563 rcu_read_lock();
2564 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2565 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2566 continue;
0c96d1f5
VG		 2567 if (spp->smk_can_reuse != 1) {
2568 rcu_read_unlock();
2569 return;
2570 }
c6739443
CS		 2571 spp->smk_port = port;
2572 spp->smk_sock = sk;
2573 spp->smk_in = ssp->smk_in;
2574 spp->smk_out = ssp->smk_out;
0c96d1f5 2575 spp->smk_can_reuse = 0;
3c7ce342 2576 rcu_read_unlock();
c6739443
CS		 2577 return;
2578 }
3c7ce342 2579 rcu_read_unlock();
c6739443
CS		 2580 /*
2581 * A new port entry is required.
2582 */
2583 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2584 if (spp == NULL)
2585 return;
2586
2587 spp->smk_port = port;
2588 spp->smk_sock = sk;
2589 spp->smk_in = ssp->smk_in;
2590 spp->smk_out = ssp->smk_out;
9d44c973 2591 spp->smk_sock_type = sock->type;
0c96d1f5 2592 spp->smk_can_reuse = 0;
c6739443 2593
3c7ce342
VG		 2594 mutex_lock(&smack_ipv6_lock);
2595 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2596 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2597 return;
2598}
00720f0e 2599#endif
c6739443
CS		 2600
2601/**
2602 * smk_ipv6_port_check - check Smack port access
a1a07f22 2603 * @sk: socket
c6739443 2604 * @address: address
a1a07f22 2605 * @act: the action being taken
c6739443
CS		 2606 *
2607 * Create or update the port list entry
2608 */
6ea06247 2609static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2610 int act)
2611{
c6739443 2612 struct smk_port_label *spp;
12ddb08a 2613 struct socket_smack *ssp = smack_sock(sk);
21abb1ec
CS		 2614 struct smack_known *skp = NULL;
2615 unsigned short port;
21c7eae2 2616 struct smack_known *object;
c6739443
CS		 2617
2618 if (act == SMK_RECEIVING) {
21abb1ec 2619 skp = smack_ipv6host_label(address);
21c7eae2 2620 object = ssp->smk_in;
c6739443 2621 } else {
2f823ff8 2622 skp = ssp->smk_out;
21abb1ec 2623 object = smack_ipv6host_label(address);
c6739443
CS		 2624 }
2625
2626 /*
21abb1ec 2627 * The other end is a single label host.
c6739443 2628 */
21abb1ec
CS		 2629 if (skp != NULL && object != NULL)
2630 return smk_ipv6_check(skp, object, address, act);
2631 if (skp == NULL)
2632 skp = smack_net_ambient;
2633 if (object == NULL)
2634 object = smack_net_ambient;
c6739443
CS		 2635
2636 /*
2637 * It's remote, so port lookup does no good.
2638 */
21abb1ec
CS		 2639 if (!smk_ipv6_localhost(address))
2640 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2641
2642 /*
2643 * It's local so the send check has to have passed.
2644 */
21abb1ec
CS		 2645 if (act == SMK_RECEIVING)
2646 return 0;
c6739443 2647
21abb1ec 2648 port = ntohs(address->sin6_port);
3c7ce342
VG		 2649 rcu_read_lock();
2650 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2651 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2652 continue;
21c7eae2 2653 object = spp->smk_in;
c6739443 2654 if (act == SMK_CONNECTING)
54e70ec5 2655 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2656 break;
2657 }
3c7ce342 2658 rcu_read_unlock();
c6739443 2659
21abb1ec 2660 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2661}
2662
e114e473
CS		 2663/**
2664 * smack_inode_setsecurity - set smack xattrs
2665 * @inode: the object
2666 * @name: attribute name
2667 * @value: attribute value
2668 * @size: size of the attribute
2669 * @flags: unused
2670 *
2671 * Sets the named attribute in the appropriate blob
2672 *
2673 * Returns 0 on success, or an error code
2674 */
2675static int smack_inode_setsecurity(struct inode *inode, const char *name,
2676 const void *value, size_t size, int flags)
2677{
2f823ff8 2678 struct smack_known *skp;
fb4021b6 2679 struct inode_smack *nsp = smack_inode(inode);
e114e473
CS		 2680 struct socket_smack *ssp;
2681 struct socket *sock;
4bc87e62 2682 int rc = 0;
e114e473 2683
f7112e6c 2684 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2685 return -EINVAL;
e114e473 2686
2f823ff8 2687 skp = smk_import_entry(value, size);
e774ad68
LP		 2688 if (IS_ERR(skp))
2689 return PTR_ERR(skp);
e114e473
CS		 2690
2691 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2692 nsp->smk_inode = skp;
ddd29ec6 2693 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2694 return 0;
2695 }
2696 /*
2697 * The rest of the Smack xattrs are only on sockets.
2698 */
2699 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2700 return -EOPNOTSUPP;
2701
2702 sock = SOCKET_I(inode);
2e1d146a 2703 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2704 return -EOPNOTSUPP;
2705
12ddb08a 2706 ssp = smack_sock(sock->sk);
e114e473
CS		 2707
2708 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2709 ssp->smk_in = skp;
e114e473 2710 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2711 ssp->smk_out = skp;
c6739443 2712 if (sock->sk->sk_family == PF_INET) {
a2af0318 2713 rc = smack_netlbl_add(sock->sk);
b4e0d5f0
CS		 2714 if (rc != 0)
2715 printk(KERN_WARNING
2716 "Smack: \"%s\" netlbl error %d.\n",
2717 __func__, -rc);
2718 }
e114e473
CS		 2719 } else
2720 return -EOPNOTSUPP;
2721
21abb1ec 2722#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2723 if (sock->sk->sk_family == PF_INET6)
2724 smk_ipv6_port_label(sock, NULL);
21abb1ec 2725#endif
c6739443 2726
e114e473
CS		 2727 return 0;
2728}
2729
2730/**
2731 * smack_socket_post_create - finish socket setup
2732 * @sock: the socket
2733 * @family: protocol family
2734 * @type: unused
2735 * @protocol: unused
2736 * @kern: unused
2737 *
2738 * Sets the netlabel information on the socket
2739 *
2740 * Returns 0 on success, and error code otherwise
2741 */
2742static int smack_socket_post_create(struct socket *sock, int family,
2743 int type, int protocol, int kern)
2744{
7412301b
ML		 2745 struct socket_smack *ssp;
2746
2747 if (sock->sk == NULL)
2748 return 0;
2749
2750 /*
2751 * Sockets created by kernel threads receive web label.
2752 */
2753 if (unlikely(current->flags & PF_KTHREAD)) {
12ddb08a 2754 ssp = smack_sock(sock->sk);
7412301b
ML		 2755 ssp->smk_in = &smack_known_web;
2756 ssp->smk_out = &smack_known_web;
2757 }
2758
2759 if (family != PF_INET)
e114e473
CS		 2760 return 0;
2761 /*
2762 * Set the outbound netlbl.
2763 */
a2af0318 2764 return smack_netlbl_add(sock->sk);
6d3dc07c
CS		 2765}
2766
5859cdf5
TG		 2767/**
2768 * smack_socket_socketpair - create socket pair
2769 * @socka: one socket
2770 * @sockb: another socket
2771 *
2772 * Cross reference the peer labels for SO_PEERSEC
2773 *
a1a07f22 2774 * Returns 0
5859cdf5
TG		 2775 */
2776static int smack_socket_socketpair(struct socket *socka,
2777 struct socket *sockb)
2778{
12ddb08a
CS		 2779 struct socket_smack *asp = smack_sock(socka->sk);
2780 struct socket_smack *bsp = smack_sock(sockb->sk);
5859cdf5
TG		 2781
2782 asp->smk_packet = bsp->smk_out;
2783 bsp->smk_packet = asp->smk_out;
2784
2785 return 0;
2786}
2787
21abb1ec 2788#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2789/**
2790 * smack_socket_bind - record port binding information.
2791 * @sock: the socket
2792 * @address: the port address
2793 * @addrlen: size of the address
2794 *
2795 * Records the label bound to a port.
2796 *
b9ef5513 2797 * Returns 0 on success, and error code otherwise
c6739443
CS		 2798 */
2799static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2800 int addrlen)
2801{
b9ef5513
TH		 2802 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2803 if (addrlen < SIN6_LEN_RFC2133 ||
2804 address->sa_family != AF_INET6)
2805 return -EINVAL;
c6739443 2806 smk_ipv6_port_label(sock, address);
b9ef5513 2807 }
c6739443
CS		 2808 return 0;
2809}
21abb1ec 2810#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2811
6d3dc07c
CS		 2812/**
2813 * smack_socket_connect - connect access check
2814 * @sock: the socket
2815 * @sap: the other end
2816 * @addrlen: size of sap
2817 *
2818 * Verifies that a connection may be possible
2819 *
2820 * Returns 0 on success, and error code otherwise
2821 */
2822static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2823 int addrlen)
2824{
c6739443
CS		 2825 int rc = 0;
2826
2827 if (sock->sk == NULL)
6d3dc07c 2828 return 0;
87fbfffc
CS		 2829 if (sock->sk->sk_family != PF_INET &&
2830 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2831 return 0;
2832 if (addrlen < offsetofend(struct sockaddr, sa_family))
2833 return 0;
2834 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2835 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
00720f0e 2836 struct smack_known *rsp = NULL;
da49b5da 2837
87fbfffc
CS		 2838 if (addrlen < SIN6_LEN_RFC2133)
2839 return 0;
00720f0e
AB		 2840 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2841 rsp = smack_ipv6host_label(sip);
87fbfffc 2842 if (rsp != NULL) {
12ddb08a 2843 struct socket_smack *ssp = smack_sock(sock->sk);
87fbfffc 2844
21abb1ec 2845 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
87fbfffc
CS		 2846 SMK_CONNECTING);
2847 }
00720f0e
AB		 2848 if (__is_defined(SMACK_IPV6_PORT_LABELING))
2849 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2850
87fbfffc 2851 return rc;
c6739443 2852 }
87fbfffc
CS		 2853 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2854 return 0;
a2af0318 2855 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
c6739443 2856 return rc;
e114e473
CS		 2857}
2858
2859/**
2860 * smack_flags_to_may - convert S_ to MAY_ values
2861 * @flags: the S_ value
2862 *
2863 * Returns the equivalent MAY_ value
2864 */
2865static int smack_flags_to_may(int flags)
2866{
2867 int may = 0;
2868
2869 if (flags & S_IRUGO)
2870 may |= MAY_READ;
2871 if (flags & S_IWUGO)
2872 may |= MAY_WRITE;
2873 if (flags & S_IXUGO)
2874 may |= MAY_EXEC;
2875
2876 return may;
2877}
2878
2879/**
2880 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2881 * @msg: the object
2882 *
2883 * Returns 0
2884 */
2885static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2886{
ecd5f82e 2887 struct smack_known **blob = smack_msg_msg(msg);
2f823ff8 2888
ecd5f82e 2889 *blob = smk_of_current();
e114e473
CS		 2890 return 0;
2891}
2892
e114e473 2893/**
0d79cbf8
EB		 2894 * smack_of_ipc - the smack pointer for the ipc
2895 * @isp: the object
e114e473
CS		 2896 *
2897 * Returns a pointer to the smack value
2898 */
0d79cbf8 2899static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 2900{
019bcca4
CS		 2901 struct smack_known **blob = smack_ipc(isp);
2902
2903 return *blob;
e114e473
CS		 2904}
2905
2906/**
0d79cbf8
EB		 2907 * smack_ipc_alloc_security - Set the security blob for ipc
2908 * @isp: the object
e114e473
CS		 2909 *
2910 * Returns 0
2911 */
0d79cbf8 2912static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 2913{
019bcca4 2914 struct smack_known **blob = smack_ipc(isp);
e114e473 2915
019bcca4 2916 *blob = smk_of_current();
e114e473
CS		 2917 return 0;
2918}
2919
ecfcc53f
EB		 2920/**
2921 * smk_curacc_shm : check if current has access on shm
0d79cbf8 2922 * @isp : the object
ecfcc53f
EB		 2923 * @access : access requested
2924 *
2925 * Returns 0 if current has the requested access, error code otherwise
2926 */
0d79cbf8 2927static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 2928{
0d79cbf8 2929 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 2930 struct smk_audit_info ad;
d166c802 2931 int rc;
ecfcc53f
EB		 2932
2933#ifdef CONFIG_AUDIT
2934 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 2935 ad.a.u.ipc_id = isp->id;
ecfcc53f 2936#endif
d166c802
CS		 2937 rc = smk_curacc(ssp, access, &ad);
2938 rc = smk_bu_current("shm", ssp, access, rc);
2939 return rc;
ecfcc53f
EB		 2940}
2941
e114e473
CS		 2942/**
2943 * smack_shm_associate - Smack access check for shm
0d79cbf8 2944 * @isp: the object
e114e473
CS		 2945 * @shmflg: access requested
2946 *
2947 * Returns 0 if current has the requested access, error code otherwise
2948 */
0d79cbf8 2949static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 2950{
e114e473
CS		 2951 int may;
2952
2953 may = smack_flags_to_may(shmflg);
0d79cbf8 2954 return smk_curacc_shm(isp, may);
e114e473
CS		 2955}
2956
2957/**
2958 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 2959 * @isp: the object
e114e473
CS		 2960 * @cmd: what it wants to do
2961 *
2962 * Returns 0 if current has the requested access, error code otherwise
2963 */
0d79cbf8 2964static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 2965{
e114e473
CS		 2966 int may;
2967
2968 switch (cmd) {
2969 case IPC_STAT:
2970 case SHM_STAT:
c21a6970 2971 case SHM_STAT_ANY:
e114e473
CS		 2972 may = MAY_READ;
2973 break;
2974 case IPC_SET:
2975 case SHM_LOCK:
2976 case SHM_UNLOCK:
2977 case IPC_RMID:
2978 may = MAY_READWRITE;
2979 break;
2980 case IPC_INFO:
2981 case SHM_INFO:
2982 /*
2983 * System level information.
2984 */
2985 return 0;
2986 default:
2987 return -EINVAL;
2988 }
0d79cbf8 2989 return smk_curacc_shm(isp, may);
e114e473
CS		 2990}
2991
2992/**
2993 * smack_shm_shmat - Smack access for shmat
0d79cbf8 2994 * @isp: the object
e114e473
CS		 2995 * @shmaddr: unused
2996 * @shmflg: access requested
2997 *
2998 * Returns 0 if current has the requested access, error code otherwise
2999 */
a1a07f22 3000static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
e114e473
CS		 3001 int shmflg)
3002{
e114e473
CS		 3003 int may;
3004
3005 may = smack_flags_to_may(shmflg);
a1a07f22 3006 return smk_curacc_shm(isp, may);
e114e473
CS		 3007}
3008
ecfcc53f
EB		 3009/**
3010 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3011 * @isp : the object
ecfcc53f
EB		 3012 * @access : access requested
3013 *
3014 * Returns 0 if current has the requested access, error code otherwise
3015 */
0d79cbf8 3016static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3017{
0d79cbf8 3018 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3019 struct smk_audit_info ad;
d166c802 3020 int rc;
ecfcc53f
EB		 3021
3022#ifdef CONFIG_AUDIT
3023 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3024 ad.a.u.ipc_id = isp->id;
ecfcc53f 3025#endif
d166c802
CS		 3026 rc = smk_curacc(ssp, access, &ad);
3027 rc = smk_bu_current("sem", ssp, access, rc);
3028 return rc;
ecfcc53f
EB		 3029}
3030
e114e473
CS		 3031/**
3032 * smack_sem_associate - Smack access check for sem
0d79cbf8 3033 * @isp: the object
e114e473
CS		 3034 * @semflg: access requested
3035 *
3036 * Returns 0 if current has the requested access, error code otherwise
3037 */
0d79cbf8 3038static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3039{
e114e473
CS		 3040 int may;
3041
3042 may = smack_flags_to_may(semflg);
0d79cbf8 3043 return smk_curacc_sem(isp, may);
e114e473
CS		 3044}
3045
3046/**
3047 * smack_sem_shmctl - Smack access check for sem
0d79cbf8 3048 * @isp: the object
e114e473
CS		 3049 * @cmd: what it wants to do
3050 *
3051 * Returns 0 if current has the requested access, error code otherwise
3052 */
0d79cbf8 3053static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3054{
e114e473
CS		 3055 int may;
3056
3057 switch (cmd) {
3058 case GETPID:
3059 case GETNCNT:
3060 case GETZCNT:
3061 case GETVAL:
3062 case GETALL:
3063 case IPC_STAT:
3064 case SEM_STAT:
a280d6dc 3065 case SEM_STAT_ANY:
e114e473
CS		 3066 may = MAY_READ;
3067 break;
3068 case SETVAL:
3069 case SETALL:
3070 case IPC_RMID:
3071 case IPC_SET:
3072 may = MAY_READWRITE;
3073 break;
3074 case IPC_INFO:
3075 case SEM_INFO:
3076 /*
3077 * System level information
3078 */
3079 return 0;
3080 default:
3081 return -EINVAL;
3082 }
3083
0d79cbf8 3084 return smk_curacc_sem(isp, may);
e114e473
CS		 3085}
3086
3087/**
3088 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3089 * @isp: the object
e114e473
CS		 3090 * @sops: unused
3091 * @nsops: unused
3092 * @alter: unused
3093 *
3094 * Treated as read and write in all cases.
3095 *
3096 * Returns 0 if access is allowed, error code otherwise
3097 */
0d79cbf8 3098static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3099 unsigned nsops, int alter)
3100{
0d79cbf8 3101 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3102}
3103
ecfcc53f
EB		 3104/**
3105 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3106 * @isp : the msq
ecfcc53f
EB		 3107 * @access : access requested
3108 *
3109 * return 0 if current has access, error otherwise
3110 */
0d79cbf8 3111static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3112{
0d79cbf8 3113 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3114 struct smk_audit_info ad;
d166c802 3115 int rc;
ecfcc53f
EB		 3116
3117#ifdef CONFIG_AUDIT
3118 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3119 ad.a.u.ipc_id = isp->id;
ecfcc53f 3120#endif
d166c802
CS		 3121 rc = smk_curacc(msp, access, &ad);
3122 rc = smk_bu_current("msq", msp, access, rc);
3123 return rc;
ecfcc53f
EB		 3124}
3125
e114e473
CS		 3126/**
3127 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3128 * @isp: the object
e114e473
CS		 3129 * @msqflg: access requested
3130 *
3131 * Returns 0 if current has the requested access, error code otherwise
3132 */
0d79cbf8 3133static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3134{
e114e473
CS		 3135 int may;
3136
3137 may = smack_flags_to_may(msqflg);
0d79cbf8 3138 return smk_curacc_msq(isp, may);
e114e473
CS		 3139}
3140
3141/**
3142 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3143 * @isp: the object
e114e473
CS		 3144 * @cmd: what it wants to do
3145 *
3146 * Returns 0 if current has the requested access, error code otherwise
3147 */
0d79cbf8 3148static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3149{
e114e473
CS		 3150 int may;
3151
3152 switch (cmd) {
3153 case IPC_STAT:
3154 case MSG_STAT:
23c8cec8 3155 case MSG_STAT_ANY:
e114e473
CS		 3156 may = MAY_READ;
3157 break;
3158 case IPC_SET:
3159 case IPC_RMID:
3160 may = MAY_READWRITE;
3161 break;
3162 case IPC_INFO:
3163 case MSG_INFO:
3164 /*
3165 * System level information
3166 */
3167 return 0;
3168 default:
3169 return -EINVAL;
3170 }
3171
0d79cbf8 3172 return smk_curacc_msq(isp, may);
e114e473
CS		 3173}
3174
3175/**
3176 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3177 * @isp: the object
e114e473
CS		 3178 * @msg: unused
3179 * @msqflg: access requested
3180 *
3181 * Returns 0 if current has the requested access, error code otherwise
3182 */
0d79cbf8 3183static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3184 int msqflg)
3185{
ecfcc53f 3186 int may;
e114e473 3187
ecfcc53f 3188 may = smack_flags_to_may(msqflg);
0d79cbf8 3189 return smk_curacc_msq(isp, may);
e114e473
CS		 3190}
3191
3192/**
3193 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3194 * @isp: the object
e114e473
CS		 3195 * @msg: unused
3196 * @target: unused
3197 * @type: unused
3198 * @mode: unused
3199 *
3200 * Returns 0 if current has read and write access, error code otherwise
3201 */
0d79cbf8 3202static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3203 struct task_struct *target, long type, int mode)
3204{
0d79cbf8 3205 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3206}
3207
3208/**
3209 * smack_ipc_permission - Smack access for ipc_permission()
3210 * @ipp: the object permissions
3211 * @flag: access requested
3212 *
3213 * Returns 0 if current has read and write access, error code otherwise
3214 */
3215static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3216{
019bcca4
CS		 3217 struct smack_known **blob = smack_ipc(ipp);
3218 struct smack_known *iskp = *blob;
ecfcc53f
EB		 3219 int may = smack_flags_to_may(flag);
3220 struct smk_audit_info ad;
d166c802 3221 int rc;
e114e473 3222
ecfcc53f
EB		 3223#ifdef CONFIG_AUDIT
3224 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3225 ad.a.u.ipc_id = ipp->id;
3226#endif
21c7eae2
LP		 3227 rc = smk_curacc(iskp, may, &ad);
3228 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3229 return rc;
e114e473
CS		 3230}
3231
d20bdda6
AD		 3232/**
3233 * smack_ipc_getsecid - Extract smack security id
251a2a95 3234 * @ipp: the object permissions
d20bdda6
AD		 3235 * @secid: where result will be saved
3236 */
3237static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3238{
019bcca4
CS		 3239 struct smack_known **blob = smack_ipc(ipp);
3240 struct smack_known *iskp = *blob;
d20bdda6 3241
21c7eae2 3242 *secid = iskp->smk_secid;
d20bdda6
AD		 3243}
3244
e114e473
CS		 3245/**
3246 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3247 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3248 * @inode: the object
3249 *
3250 * Set the inode's security blob if it hasn't been done already.
3251 */
3252static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3253{
3254 struct super_block *sbp;
3255 struct superblock_smack *sbsp;
3256 struct inode_smack *isp;
2f823ff8
CS		 3257 struct smack_known *skp;
3258 struct smack_known *ckp = smk_of_current();
21c7eae2 3259 struct smack_known *final;
5c6d1125
JS		 3260 char trattr[TRANS_TRUE_SIZE];
3261 int transflag = 0;
2267b13a 3262 int rc;
e114e473
CS		 3263 struct dentry *dp;
3264
3265 if (inode == NULL)
3266 return;
3267
fb4021b6 3268 isp = smack_inode(inode);
e114e473 3269
e114e473
CS		 3270 /*
3271 * If the inode is already instantiated
3272 * take the quick way out
3273 */
3274 if (isp->smk_flags & SMK_INODE_INSTANT)
921bb1cb 3275 return;
e114e473
CS		 3276
3277 sbp = inode->i_sb;
1aea7808 3278 sbsp = smack_superblock(sbp);
e114e473
CS		 3279 /*
3280 * We're going to use the superblock default label
3281 * if there's no label on the file.
3282 */
3283 final = sbsp->smk_default;
3284
e97dcb0e
CS		 3285 /*
3286 * If this is the root inode the superblock
3287 * may be in the process of initialization.
3288 * If that is the case use the root value out
3289 * of the superblock.
3290 */
3291 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3292 switch (sbp->s_magic) {
3293 case CGROUP_SUPER_MAGIC:
58c442f3 3294 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3295 /*
3296 * The cgroup filesystem is never mounted,
3297 * so there's no opportunity to set the mount
3298 * options.
3299 */
21c7eae2
LP		 3300 sbsp->smk_root = &smack_known_star;
3301 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3302 isp->smk_inode = sbsp->smk_root;
3303 break;
3304 case TMPFS_MAGIC:
3305 /*
3306 * What about shmem/tmpfs anonymous files with dentry
3307 * obtained from d_alloc_pseudo()?
3308 */
3309 isp->smk_inode = smk_of_current();
3310 break;
8da4aba5
RK		 3311 case PIPEFS_MAGIC:
3312 isp->smk_inode = smk_of_current();
3313 break;
805b65a8
RK		 3314 case SOCKFS_MAGIC:
3315 /*
3316 * Socket access is controlled by the socket
3317 * structures associated with the task involved.
3318 */
3319 isp->smk_inode = &smack_known_star;
3320 break;
1d8c2326
ŁS		 3321 default:
3322 isp->smk_inode = sbsp->smk_root;
3323 break;
36ea735b 3324 }
e97dcb0e 3325 isp->smk_flags |= SMK_INODE_INSTANT;
921bb1cb 3326 return;
e97dcb0e
CS		 3327 }
3328
e114e473
CS		 3329 /*
3330 * This is pretty hackish.
3331 * Casey says that we shouldn't have to do
3332 * file system specific code, but it does help
3333 * with keeping it simple.
3334 */
3335 switch (sbp->s_magic) {
3336 case SMACK_MAGIC:
36ea735b 3337 case CGROUP_SUPER_MAGIC:
58c442f3 3338 case CGROUP2_SUPER_MAGIC:
e114e473 3339 /*
25985edc 3340 * Casey says that it's a little embarrassing
e114e473
CS		 3341 * that the smack file system doesn't do
3342 * extended attributes.
36ea735b 3343 *
36ea735b 3344 * Cgroupfs is special
e114e473 3345 */
21c7eae2 3346 final = &smack_known_star;
e114e473
CS		 3347 break;
3348 case DEVPTS_SUPER_MAGIC:
3349 /*
3350 * devpts seems content with the label of the task.
3351 * Programs that change smack have to treat the
3352 * pty with respect.
3353 */
21c7eae2 3354 final = ckp;
e114e473 3355 break;
e114e473
CS		 3356 case PROC_SUPER_MAGIC:
3357 /*
3358 * Casey says procfs appears not to care.
3359 * The superblock default suffices.
3360 */
3361 break;
3362 case TMPFS_MAGIC:
3363 /*
3364 * Device labels should come from the filesystem,
3365 * but watch out, because they're volitile,
3366 * getting recreated on every reboot.
3367 */
21c7eae2 3368 final = &smack_known_star;
e114e473 3369 /*
e114e473
CS		 3370 * If a smack value has been set we want to use it,
3371 * but since tmpfs isn't giving us the opportunity
3372 * to set mount options simulate setting the
3373 * superblock default.
3374 */
df561f66 3375 fallthrough;
e114e473
CS		 3376 default:
3377 /*
3378 * This isn't an understood special case.
3379 * Get the value from the xattr.
b4e0d5f0
CS		 3380 */
3381
3382 /*
3383 * UNIX domain sockets use lower level socket data.
3384 */
3385 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3386 final = &smack_known_star;
b4e0d5f0
CS		 3387 break;
3388 }
3389 /*
e114e473
CS		 3390 * No xattr support means, alas, no SMACK label.
3391 * Use the aforeapplied default.
3392 * It would be curious if the label of the task
3393 * does not match that assigned.
3394 */
5d6c3191
AG		 3395 if (!(inode->i_opflags & IOP_XATTR))
3396 break;
e114e473
CS		 3397 /*
3398 * Get the dentry for xattr.
3399 */
3e62cbb8 3400 dp = dget(opt_dentry);
2f823ff8 3401 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3402 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3403 final = skp;
2267b13a
CS		 3404
3405 /*
3406 * Transmuting directory
3407 */
3408 if (S_ISDIR(inode->i_mode)) {
3409 /*
3410 * If this is a new directory and the label was
3411 * transmuted when the inode was initialized
3412 * set the transmute attribute on the directory
3413 * and mark the inode.
3414 *
3415 * If there is a transmute attribute on the
3416 * directory mark the inode.
3417 */
3418 if (isp->smk_flags & SMK_INODE_CHANGED) {
3419 isp->smk_flags &= ~SMK_INODE_CHANGED;
c7c7a1a1 3420 rc = __vfs_setxattr(&init_user_ns, dp, inode,
5c6d1125 3421 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3422 TRANS_TRUE, TRANS_TRUE_SIZE,
3423 0);
3424 } else {
5d6c3191 3425 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3426 XATTR_NAME_SMACKTRANSMUTE, trattr,
3427 TRANS_TRUE_SIZE);
3428 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3429 TRANS_TRUE_SIZE) != 0)
3430 rc = -EINVAL;
5c6d1125 3431 }
2267b13a
CS		 3432 if (rc >= 0)
3433 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3434 }
809c02e0
SF		 3435 /*
3436 * Don't let the exec or mmap label be "*" or "@".
3437 */
3438 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3439 if (IS_ERR(skp) || skp == &smack_known_star ||
3440 skp == &smack_known_web)
3441 skp = NULL;
3442 isp->smk_task = skp;
e774ad68 3443
19760ad0 3444 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3445 if (IS_ERR(skp) || skp == &smack_known_star ||
3446 skp == &smack_known_web)
19760ad0
CS		 3447 skp = NULL;
3448 isp->smk_mmap = skp;
676dac4b 3449
e114e473
CS		 3450 dput(dp);
3451 break;
3452 }
3453
3454 if (final == NULL)
21c7eae2 3455 isp->smk_inode = ckp;
e114e473
CS		 3456 else
3457 isp->smk_inode = final;
3458
5c6d1125 3459 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473 3460
e114e473
CS		 3461 return;
3462}
3463
3464/**
3465 * smack_getprocattr - Smack process attribute access
3466 * @p: the object task
3467 * @name: the name of the attribute in /proc/.../attr
3468 * @value: where to put the result
3469 *
3470 * Places a copy of the task Smack into value
3471 *
3472 * Returns the length of the smack label or an error code
3473 */
3474static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3475{
a3727a8b 3476 struct smack_known *skp = smk_of_task_struct_obj(p);
e114e473
CS		 3477 char *cp;
3478 int slen;
3479
3480 if (strcmp(name, "current") != 0)
3481 return -EINVAL;
3482
2f823ff8 3483 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3484 if (cp == NULL)
3485 return -ENOMEM;
3486
3487 slen = strlen(cp);
3488 *value = cp;
3489 return slen;
3490}
3491
3492/**
3493 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3494 * @name: the name of the attribute in /proc/.../attr
3495 * @value: the value to set
3496 * @size: the size of the value
3497 *
3498 * Sets the Smack value of the task. Only setting self
3499 * is permitted and only with privilege
3500 *
3501 * Returns the length of the smack label or an error code
3502 */
b21507e2 3503static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3504{
b17103a8 3505 struct task_smack *tsp = smack_cred(current_cred());
d84f4f99 3506 struct cred *new;
2f823ff8 3507 struct smack_known *skp;
38416e53
ZJ		 3508 struct smack_known_list_elem *sklep;
3509 int rc;
e114e473 3510
6afcff0a
CS		 3511 /*
3512 * Allow the /proc/.../attr/current and SO_PEERSEC "display"
3513 * to be reset at will.
3514 */
3515 if (strcmp(name, "display") == 0)
3516 return 0;
3517
38416e53 3518 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3519 return -EPERM;
3520
f7112e6c 3521 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3522 return -EINVAL;
3523
3524 if (strcmp(name, "current") != 0)
3525 return -EINVAL;
3526
2f823ff8 3527 skp = smk_import_entry(value, size);
e774ad68
LP		 3528 if (IS_ERR(skp))
3529 return PTR_ERR(skp);
e114e473 3530
6d3dc07c 3531 /*
7128ea15
HS		 3532 * No process is ever allowed the web ("@") label
3533 * and the star ("*") label.
6d3dc07c 3534 */
7128ea15
HS		 3535 if (skp == &smack_known_web || skp == &smack_known_star)
3536 return -EINVAL;
6d3dc07c 3537
38416e53
ZJ		 3538 if (!smack_privileged(CAP_MAC_ADMIN)) {
3539 rc = -EPERM;
3540 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3541 if (sklep->smk_label == skp) {
3542 rc = 0;
3543 break;
3544 }
3545 if (rc)
3546 return rc;
3547 }
3548
d84f4f99 3549 new = prepare_creds();
6d3dc07c 3550 if (new == NULL)
d84f4f99 3551 return -ENOMEM;
7898e1f8 3552
b17103a8 3553 tsp = smack_cred(new);
2f823ff8 3554 tsp->smk_task = skp;
38416e53
ZJ		 3555 /*
3556 * process can change its label only once
3557 */
3558 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3559
d84f4f99 3560 commit_creds(new);
e114e473
CS		 3561 return size;
3562}
3563
3564/**
3565 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3566 * @sock: one sock
3567 * @other: the other sock
e114e473
CS		 3568 * @newsk: unused
3569 *
3570 * Return 0 if a subject with the smack of sock could access
3571 * an object with the smack of other, otherwise an error code
3572 */
3610cda5
DM		 3573static int smack_unix_stream_connect(struct sock *sock,
3574 struct sock *other, struct sock *newsk)
e114e473 3575{
2f823ff8 3576 struct smack_known *skp;
54e70ec5 3577 struct smack_known *okp;
12ddb08a
CS		 3578 struct socket_smack *ssp = smack_sock(sock);
3579 struct socket_smack *osp = smack_sock(other);
3580 struct socket_smack *nsp = smack_sock(newsk);
ecfcc53f 3581 struct smk_audit_info ad;
b4e0d5f0 3582 int rc = 0;
923e9a13
KC		 3583#ifdef CONFIG_AUDIT
3584 struct lsm_network_audit net;
923e9a13 3585#endif
b4e0d5f0 3586
2f823ff8
CS		 3587 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3588 skp = ssp->smk_out;
96be7b54 3589 okp = osp->smk_in;
54e70ec5
CS		 3590#ifdef CONFIG_AUDIT
3591 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3592 smk_ad_setfield_u_net_sk(&ad, other);
3593#endif
21c7eae2
LP		 3594 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3595 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3596 if (rc == 0) {
96be7b54
ZJ		 3597 okp = osp->smk_out;
3598 skp = ssp->smk_in;
138a868f 3599 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3600 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3601 MAY_WRITE, rc);
3602 }
2f823ff8 3603 }
b4e0d5f0 3604
975d5e55
CS		 3605 /*
3606 * Cross reference the peer labels for SO_PEERSEC.
3607 */
3608 if (rc == 0) {
54e70ec5
CS		 3609 nsp->smk_packet = ssp->smk_out;
3610 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3611 }
3612
b4e0d5f0 3613 return rc;
e114e473
CS		 3614}
3615
3616/**
3617 * smack_unix_may_send - Smack access on UDS
3618 * @sock: one socket
3619 * @other: the other socket
3620 *
3621 * Return 0 if a subject with the smack of sock could access
3622 * an object with the smack of other, otherwise an error code
3623 */
3624static int smack_unix_may_send(struct socket *sock, struct socket *other)
3625{
12ddb08a
CS		 3626 struct socket_smack *ssp = smack_sock(sock->sk);
3627 struct socket_smack *osp = smack_sock(other->sk);
ecfcc53f 3628 struct smk_audit_info ad;
d166c802 3629 int rc;
e114e473 3630
923e9a13
KC		 3631#ifdef CONFIG_AUDIT
3632 struct lsm_network_audit net;
3633
48c62af6 3634 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3635 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3636#endif
b4e0d5f0 3637
2f823ff8
CS		 3638 if (smack_privileged(CAP_MAC_OVERRIDE))
3639 return 0;
b4e0d5f0 3640
21c7eae2
LP		 3641 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3642 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3643 return rc;
e114e473
CS		 3644}
3645
6d3dc07c
CS		 3646/**
3647 * smack_socket_sendmsg - Smack check based on destination host
3648 * @sock: the socket
251a2a95 3649 * @msg: the message
6d3dc07c
CS		 3650 * @size: the size of the message
3651 *
c6739443
CS		 3652 * Return 0 if the current subject can write to the destination host.
3653 * For IPv4 this is only a question if the destination is a single label host.
3654 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3655 */
3656static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3657 int size)
3658{
3659 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3660#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3661 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3662#endif
3663#ifdef SMACK_IPV6_SECMARK_LABELING
12ddb08a 3664 struct socket_smack *ssp = smack_sock(sock->sk);
21abb1ec
CS		 3665 struct smack_known *rsp;
3666#endif
c6739443 3667 int rc = 0;
6d3dc07c
CS		 3668
3669 /*
3670 * Perfectly reasonable for this to be NULL
3671 */
c6739443 3672 if (sip == NULL)
6d3dc07c
CS		 3673 return 0;
3674
81bd0d56 3675 switch (sock->sk->sk_family) {
c6739443 3676 case AF_INET:
b9ef5513
TH		 3677 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3678 sip->sin_family != AF_INET)
3679 return -EINVAL;
a2af0318 3680 rc = smk_ipv4_check(sock->sk, sip);
c6739443 3681 break;
619ae03e 3682#if IS_ENABLED(CONFIG_IPV6)
c6739443 3683 case AF_INET6:
b9ef5513
TH		 3684 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3685 sap->sin6_family != AF_INET6)
3686 return -EINVAL;
21abb1ec
CS		 3687#ifdef SMACK_IPV6_SECMARK_LABELING
3688 rsp = smack_ipv6host_label(sap);
3689 if (rsp != NULL)
3690 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3691 SMK_CONNECTING);
3692#endif
3693#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3694 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3695#endif
619ae03e 3696#endif /* IS_ENABLED(CONFIG_IPV6) */
c6739443
CS		 3697 break;
3698 }
3699 return rc;
6d3dc07c
CS		 3700}
3701
e114e473 3702/**
251a2a95 3703 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3704 * @sap: netlabel secattr
272cd7a8 3705 * @ssp: socket security information
e114e473 3706 *
2f823ff8 3707 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3708 */
2f823ff8
CS		 3709static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3710 struct socket_smack *ssp)
e114e473 3711{
2f823ff8 3712 struct smack_known *skp;
f7112e6c 3713 int found = 0;
677264e8
CS		 3714 int acat;
3715 int kcat;
e114e473 3716
322dd63c
CS		 3717 /*
3718 * Netlabel found it in the cache.
3719 */
3720 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3721 return (struct smack_known *)sap->cache->data;
3722
3723 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3724 /*
3725 * Looks like a fallback, which gives us a secid.
3726 */
3727 return smack_from_secid(sap->attr.secid);
3728
6d3dc07c 3729 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3730 /*
6d3dc07c 3731 * Looks like a CIPSO packet.
e114e473
CS		 3732 * If there are flags but no level netlabel isn't
3733 * behaving the way we expect it to.
3734 *
f7112e6c 3735 * Look it up in the label table
e114e473
CS		 3736 * Without guidance regarding the smack value
3737 * for the packet fall back on the network
3738 * ambient value.
3739 */
f7112e6c 3740 rcu_read_lock();
348dc288 3741 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3742 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3743 continue;
677264e8
CS		 3744 /*
3745 * Compare the catsets. Use the netlbl APIs.
3746 */
3747 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3748 if ((skp->smk_netlabel.flags &
3749 NETLBL_SECATTR_MLS_CAT) == 0)
3750 found = 1;
3751 break;
3752 }
3753 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3754 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3755 acat + 1);
3756 kcat = netlbl_catmap_walk(
677264e8
CS		 3757 skp->smk_netlabel.attr.mls.cat,
3758 kcat + 1);
3759 if (acat < 0 || kcat < 0)
3760 break;
3761 }
3762 if (acat == kcat) {
3763 found = 1;
3764 break;
3765 }
6d3dc07c 3766 }
f7112e6c
CS		 3767 rcu_read_unlock();
3768
3769 if (found)
2f823ff8 3770 return skp;
f7112e6c 3771
54e70ec5 3772 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3773 return &smack_known_web;
3774 return &smack_known_star;
e114e473 3775 }
e114e473 3776 /*
6d3dc07c
CS		 3777 * Without guidance regarding the smack value
3778 * for the packet fall back on the network
3779 * ambient value.
e114e473 3780 */
272cd7a8 3781 return smack_net_ambient;
e114e473
CS		 3782}
3783
69f287ae 3784#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3785static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3786{
c6739443
CS		 3787 u8 nexthdr;
3788 int offset;
3789 int proto = -EINVAL;
3790 struct ipv6hdr _ipv6h;
3791 struct ipv6hdr *ip6;
3792 __be16 frag_off;
3793 struct tcphdr _tcph, *th;
3794 struct udphdr _udph, *uh;
3795 struct dccp_hdr _dccph, *dh;
3796
3797 sip->sin6_port = 0;
3798
3799 offset = skb_network_offset(skb);
3800 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3801 if (ip6 == NULL)
3802 return -EINVAL;
3803 sip->sin6_addr = ip6->saddr;
3804
3805 nexthdr = ip6->nexthdr;
3806 offset += sizeof(_ipv6h);
3807 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3808 if (offset < 0)
3809 return -EINVAL;
3810
3811 proto = nexthdr;
3812 switch (proto) {
3813 case IPPROTO_TCP:
3814 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3815 if (th != NULL)
3816 sip->sin6_port = th->source;
3817 break;
3818 case IPPROTO_UDP:
a07ef951 3819 case IPPROTO_UDPLITE:
c6739443
CS		 3820 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3821 if (uh != NULL)
3822 sip->sin6_port = uh->source;
3823 break;
3824 case IPPROTO_DCCP:
3825 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3826 if (dh != NULL)
3827 sip->sin6_port = dh->dccph_sport;
3828 break;
3829 }
3830 return proto;
3831}
69f287ae 3832#endif /* CONFIG_IPV6 */
c6739443 3833
36be8129
CS		 3834/**
3835 * smack_from_skb - Smack data from the secmark in an skb
3836 * @skb: packet
3837 *
3838 * Returns smack_known of the secmark or NULL if that won't work.
3839 */
bf0afe67 3840#ifdef CONFIG_NETWORK_SECMARK
36be8129
CS		 3841static struct smack_known *smack_from_skb(struct sk_buff *skb)
3842{
3843 if (skb == NULL || skb->secmark == 0)
3844 return NULL;
3845
3846 return smack_from_secid(skb->secmark);
3847}
bf0afe67
CS		 3848#else
3849static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3850{
3851 return NULL;
3852}
3853#endif
36be8129 3854
a2af0318
CS		 3855/**
3856 * smack_from_netlbl - Smack data from the IP options in an skb
3857 * @sk: socket data came in on
3858 * @family: address family
3859 * @skb: packet
3860 *
322dd63c
CS		 3861 * Find the Smack label in the IP options. If it hasn't been
3862 * added to the netlabel cache, add it here.
3863 *
a2af0318
CS		 3864 * Returns smack_known of the IP options or NULL if that won't work.
3865 */
41dd9596 3866static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
a2af0318
CS		 3867 struct sk_buff *skb)
3868{
3869 struct netlbl_lsm_secattr secattr;
3870 struct socket_smack *ssp = NULL;
3871 struct smack_known *skp = NULL;
3872
3873 netlbl_secattr_init(&secattr);
3874
3875 if (sk)
3876 ssp = sk->sk_security;
322dd63c
CS		 3877
3878 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
a2af0318 3879 skp = smack_from_secattr(&secattr, ssp);
322dd63c 3880 if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
9b0072e2 3881 netlbl_cache_add(skb, family, &skp->smk_netlabel);
322dd63c 3882 }
a2af0318
CS		 3883
3884 netlbl_secattr_destroy(&secattr);
3885
3886 return skp;
3887}
3888
e114e473
CS		 3889/**
3890 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3891 * @sk: socket
3892 * @skb: packet
3893 *
3894 * Returns 0 if the packet should be delivered, an error code otherwise
3895 */
3896static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3897{
12ddb08a 3898 struct socket_smack *ssp = smack_sock(sk);
69f287ae 3899 struct smack_known *skp = NULL;
c6739443 3900 int rc = 0;
ecfcc53f 3901 struct smk_audit_info ad;
129a9989 3902 u16 family = sk->sk_family;
923e9a13 3903#ifdef CONFIG_AUDIT
48c62af6 3904 struct lsm_network_audit net;
923e9a13 3905#endif
69f287ae
CS		 3906#if IS_ENABLED(CONFIG_IPV6)
3907 struct sockaddr_in6 sadd;
3908 int proto;
129a9989
PS		 3909
3910 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3911 family = PF_INET;
69f287ae
CS		 3912#endif /* CONFIG_IPV6 */
3913
129a9989 3914 switch (family) {
c6739443 3915 case PF_INET:
69f287ae
CS		 3916 /*
3917 * If there is a secmark use it rather than the CIPSO label.
3918 * If there is no secmark fall back to CIPSO.
3919 * The secmark is assumed to reflect policy better.
3920 */
36be8129 3921 skp = smack_from_skb(skb);
a2af0318
CS		 3922 if (skp == NULL) {
3923 skp = smack_from_netlbl(sk, family, skb);
3924 if (skp == NULL)
3925 skp = smack_net_ambient;
69f287ae 3926 }
6d3dc07c 3927
ecfcc53f 3928#ifdef CONFIG_AUDIT
c6739443 3929 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3930 ad.a.u.net->family = family;
c6739443
CS		 3931 ad.a.u.net->netif = skb->skb_iif;
3932 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3933#endif
c6739443
CS		 3934 /*
3935 * Receiving a packet requires that the other end
3936 * be able to write here. Read access is not required.
3937 * This is the simplist possible security model
3938 * for networking.
3939 */
21c7eae2
LP		 3940 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3941 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3942 MAY_WRITE, rc);
c6739443 3943 if (rc != 0)
129a9989 3944 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 3945 break;
69f287ae 3946#if IS_ENABLED(CONFIG_IPV6)
c6739443 3947 case PF_INET6:
69f287ae 3948 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 3949 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3950 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 3951 break;
21abb1ec 3952#ifdef SMACK_IPV6_SECMARK_LABELING
36be8129
CS		 3953 skp = smack_from_skb(skb);
3954 if (skp == NULL) {
3955 if (smk_ipv6_localhost(&sadd))
3956 break;
21abb1ec 3957 skp = smack_ipv6host_label(&sadd);
36be8129
CS		 3958 if (skp == NULL)
3959 skp = smack_net_ambient;
3960 }
69f287ae
CS		 3961#ifdef CONFIG_AUDIT
3962 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3963 ad.a.u.net->family = family;
69f287ae
CS		 3964 ad.a.u.net->netif = skb->skb_iif;
3965 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3966#endif /* CONFIG_AUDIT */
3967 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3968 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3969 MAY_WRITE, rc);
21abb1ec
CS		 3970#endif /* SMACK_IPV6_SECMARK_LABELING */
3971#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 3972 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 3973#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 3974 if (rc != 0)
3975 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3976 ICMPV6_ADM_PROHIBITED, 0);
c6739443 3977 break;
69f287ae 3978#endif /* CONFIG_IPV6 */
c6739443 3979 }
69f287ae 3980
a8134296 3981 return rc;
e114e473
CS		 3982}
3983
3984/**
3985 * smack_socket_getpeersec_stream - pull in packet label
3986 * @sock: the socket
3987 * @optval: user's destination
3988 * @optlen: size thereof
251a2a95 3989 * @len: max thereof
e114e473
CS		 3990 *
3991 * returns zero on success, an error code otherwise
3992 */
3993static int smack_socket_getpeersec_stream(struct socket *sock,
3994 char __user *optval,
3995 int __user *optlen, unsigned len)
3996{
3997 struct socket_smack *ssp;
272cd7a8
CS		 3998 char *rcp = "";
3999 int slen = 1;
e114e473
CS		 4000 int rc = 0;
4001
12ddb08a 4002 ssp = smack_sock(sock->sk);
272cd7a8 4003 if (ssp->smk_packet != NULL) {
54e70ec5 4004 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4005 slen = strlen(rcp) + 1;
4006 }
e114e473
CS		 4007
4008 if (slen > len)
4009 rc = -ERANGE;
272cd7a8 4010 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 4011 rc = -EFAULT;
4012
4013 if (put_user(slen, optlen) != 0)
4014 rc = -EFAULT;
4015
4016 return rc;
4017}
4018
4019
4020/**
4021 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4022 * @sock: the peer socket
e114e473
CS		 4023 * @skb: packet data
4024 * @secid: pointer to where to put the secid of the packet
4025 *
4026 * Sets the netlabel socket state on sk from parent
4027 */
4028static int smack_socket_getpeersec_dgram(struct socket *sock,
4029 struct sk_buff *skb, u32 *secid)
4030
4031{
272cd7a8 4032 struct socket_smack *ssp = NULL;
2f823ff8 4033 struct smack_known *skp;
a2af0318 4034 struct sock *sk = NULL;
b4e0d5f0
CS		 4035 int family = PF_UNSPEC;
4036 u32 s = 0; /* 0 is the invalid secid */
e114e473 4037
b4e0d5f0
CS		 4038 if (skb != NULL) {
4039 if (skb->protocol == htons(ETH_P_IP))
4040 family = PF_INET;
69f287ae 4041#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4042 else if (skb->protocol == htons(ETH_P_IPV6))
4043 family = PF_INET6;
69f287ae 4044#endif /* CONFIG_IPV6 */
e114e473 4045 }
b4e0d5f0
CS		 4046 if (family == PF_UNSPEC && sock != NULL)
4047 family = sock->sk->sk_family;
e114e473 4048
69f287ae
CS		 4049 switch (family) {
4050 case PF_UNIX:
12ddb08a 4051 ssp = smack_sock(sock->sk);
2f823ff8 4052 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4053 break;
4054 case PF_INET:
36be8129
CS		 4055 skp = smack_from_skb(skb);
4056 if (skp) {
4057 s = skp->smk_secid;
69f287ae 4058 break;
36be8129 4059 }
b4e0d5f0
CS		 4060 /*
4061 * Translate what netlabel gave us.
4062 */
a2af0318
CS		 4063 if (sock != NULL)
4064 sk = sock->sk;
4065 skp = smack_from_netlbl(sk, family, skb);
4066 if (skp != NULL)
2f823ff8 4067 s = skp->smk_secid;
69f287ae 4068 break;
69f287ae 4069 case PF_INET6:
21abb1ec 4070#ifdef SMACK_IPV6_SECMARK_LABELING
36be8129
CS		 4071 skp = smack_from_skb(skb);
4072 if (skp)
4073 s = skp->smk_secid;
21abb1ec 4074#endif
69f287ae 4075 break;
b4e0d5f0
CS		 4076 }
4077 *secid = s;
e114e473
CS		 4078 if (s == 0)
4079 return -EINVAL;
e114e473
CS		 4080 return 0;
4081}
4082
4083/**
07feee8f
PM		 4084 * smack_sock_graft - Initialize a newly created socket with an existing sock
4085 * @sk: child sock
4086 * @parent: parent socket
e114e473 4087 *
07feee8f
PM		 4088 * Set the smk_{in,out} state of an existing sock based on the process that
4089 * is creating the new socket.
e114e473
CS		 4090 */
4091static void smack_sock_graft(struct sock *sk, struct socket *parent)
4092{
4093 struct socket_smack *ssp;
2f823ff8 4094 struct smack_known *skp = smk_of_current();
e114e473 4095
07feee8f
PM		 4096 if (sk == NULL ||
4097 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4098 return;
4099
12ddb08a 4100 ssp = smack_sock(sk);
54e70ec5 4101 ssp->smk_in = skp;
2f823ff8 4102 ssp->smk_out = skp;
07feee8f 4103 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4104}
4105
4106/**
4107 * smack_inet_conn_request - Smack access check on connect
4108 * @sk: socket involved
4109 * @skb: packet
4110 * @req: unused
4111 *
4112 * Returns 0 if a task with the packet label could write to
4113 * the socket, otherwise an error code
4114 */
41dd9596 4115static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
e114e473
CS		 4116 struct request_sock *req)
4117{
07feee8f 4118 u16 family = sk->sk_family;
f7112e6c 4119 struct smack_known *skp;
12ddb08a 4120 struct socket_smack *ssp = smack_sock(sk);
07feee8f
PM		 4121 struct sockaddr_in addr;
4122 struct iphdr *hdr;
21c7eae2 4123 struct smack_known *hskp;
e114e473 4124 int rc;
ecfcc53f 4125 struct smk_audit_info ad;
923e9a13 4126#ifdef CONFIG_AUDIT
48c62af6 4127 struct lsm_network_audit net;
923e9a13 4128#endif
e114e473 4129
69f287ae 4130#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4131 if (family == PF_INET6) {
4132 /*
4133 * Handle mapped IPv4 packets arriving
4134 * via IPv6 sockets. Don't set up netlabel
4135 * processing on IPv6.
4136 */
4137 if (skb->protocol == htons(ETH_P_IP))
4138 family = PF_INET;
4139 else
4140 return 0;
4141 }
69f287ae 4142#endif /* CONFIG_IPV6 */
e114e473 4143
7f368ad3
CS		 4144 /*
4145 * If there is a secmark use it rather than the CIPSO label.
4146 * If there is no secmark fall back to CIPSO.
4147 * The secmark is assumed to reflect policy better.
4148 */
36be8129 4149 skp = smack_from_skb(skb);
a2af0318
CS		 4150 if (skp == NULL) {
4151 skp = smack_from_netlbl(sk, family, skb);
4152 if (skp == NULL)
4153 skp = &smack_known_huh;
7f368ad3 4154 }
7f368ad3 4155
ecfcc53f 4156#ifdef CONFIG_AUDIT
48c62af6
EP		 4157 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4158 ad.a.u.net->family = family;
4159 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4160 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4161#endif
e114e473 4162 /*
07feee8f
PM		 4163 * Receiving a packet requires that the other end be able to write
4164 * here. Read access is not required.
e114e473 4165 */
21c7eae2
LP		 4166 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4167 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4168 if (rc != 0)
4169 return rc;
4170
4171 /*
4172 * Save the peer's label in the request_sock so we can later setup
4173 * smk_packet in the child socket so that SO_PEERCRED can report it.
4174 */
2f823ff8 4175 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4176
4177 /*
4178 * We need to decide if we want to label the incoming connection here
4179 * if we do we only need to label the request_sock and the stack will
25985edc 4180 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4181 */
4182 hdr = ip_hdr(skb);
4183 addr.sin_addr.s_addr = hdr->saddr;
4184 rcu_read_lock();
21abb1ec 4185 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4186 rcu_read_unlock();
4187
21c7eae2 4188 if (hskp == NULL)
f7112e6c 4189 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4190 else
07feee8f 4191 netlbl_req_delattr(req);
e114e473
CS		 4192
4193 return rc;
4194}
4195
07feee8f
PM		 4196/**
4197 * smack_inet_csk_clone - Copy the connection information to the new socket
4198 * @sk: the new socket
4199 * @req: the connection's request_sock
4200 *
4201 * Transfer the connection's peer label to the newly created socket.
4202 */
4203static void smack_inet_csk_clone(struct sock *sk,
4204 const struct request_sock *req)
4205{
12ddb08a 4206 struct socket_smack *ssp = smack_sock(sk);
2f823ff8 4207 struct smack_known *skp;
07feee8f 4208
2f823ff8
CS		 4209 if (req->peer_secid != 0) {
4210 skp = smack_from_secid(req->peer_secid);
54e70ec5 4211 ssp->smk_packet = skp;
2f823ff8 4212 } else
272cd7a8 4213 ssp->smk_packet = NULL;
07feee8f
PM		 4214}
4215
e114e473
CS		 4216/*
4217 * Key management security hooks
4218 *
4219 * Casey has not tested key support very heavily.
4220 * The permission check is most likely too restrictive.
4221 * If you care about keys please have a look.
4222 */
4223#ifdef CONFIG_KEYS
4224
4225/**
4226 * smack_key_alloc - Set the key security blob
4227 * @key: object
d84f4f99 4228 * @cred: the credentials to use
e114e473
CS		 4229 * @flags: unused
4230 *
4231 * No allocation required
4232 *
4233 * Returns 0
4234 */
d84f4f99 4235static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4236 unsigned long flags)
4237{
b17103a8 4238 struct smack_known *skp = smk_of_task(smack_cred(cred));
2f823ff8 4239
21c7eae2 4240 key->security = skp;
e114e473
CS		 4241 return 0;
4242}
4243
4244/**
4245 * smack_key_free - Clear the key security blob
4246 * @key: the object
4247 *
4248 * Clear the blob pointer
4249 */
4250static void smack_key_free(struct key *key)
4251{
4252 key->security = NULL;
4253}
4254
1a28979b 4255/**
e114e473
CS		 4256 * smack_key_permission - Smack access on a key
4257 * @key_ref: gets to the object
d84f4f99 4258 * @cred: the credentials to use
8c0637e9 4259 * @need_perm: requested key permission
e114e473
CS		 4260 *
4261 * Return 0 if the task has read and write to the object,
4262 * an error code otherwise
4263 */
4264static int smack_key_permission(key_ref_t key_ref,
8c0637e9
DH		 4265 const struct cred *cred,
4266 enum key_need_perm need_perm)
e114e473
CS		 4267{
4268 struct key *keyp;
ecfcc53f 4269 struct smk_audit_info ad;
b17103a8 4270 struct smack_known *tkp = smk_of_task(smack_cred(cred));
fffea214 4271 int request = 0;
d166c802 4272 int rc;
e114e473 4273
5b841bfa
ZM		 4274 /*
4275 * Validate requested permissions
4276 */
8c0637e9
DH		 4277 switch (need_perm) {
4278 case KEY_NEED_READ:
4279 case KEY_NEED_SEARCH:
4280 case KEY_NEED_VIEW:
4281 request |= MAY_READ;
4282 break;
4283 case KEY_NEED_WRITE:
4284 case KEY_NEED_LINK:
4285 case KEY_NEED_SETATTR:
4286 request |= MAY_WRITE;
4287 break;
4288 case KEY_NEED_UNSPECIFIED:
4289 case KEY_NEED_UNLINK:
4290 case KEY_SYSADMIN_OVERRIDE:
4291 case KEY_AUTHTOKEN_OVERRIDE:
4292 case KEY_DEFER_PERM_CHECK:
4293 return 0;
4294 default:
5b841bfa 4295 return -EINVAL;
8c0637e9 4296 }
5b841bfa 4297
e114e473
CS		 4298 keyp = key_ref_to_ptr(key_ref);
4299 if (keyp == NULL)
4300 return -EINVAL;
4301 /*
4302 * If the key hasn't been initialized give it access so that
4303 * it may do so.
4304 */
4305 if (keyp->security == NULL)
4306 return 0;
4307 /*
4308 * This should not occur
4309 */
2f823ff8 4310 if (tkp == NULL)
e114e473 4311 return -EACCES;
d19dfe58 4312
a8478a60 4313 if (smack_privileged(CAP_MAC_OVERRIDE))
d19dfe58
CS		 4314 return 0;
4315
ecfcc53f
EB		 4316#ifdef CONFIG_AUDIT
4317 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4318 ad.a.u.key_struct.key = keyp->serial;
4319 ad.a.u.key_struct.key_desc = keyp->description;
4320#endif
d166c802
CS		 4321 rc = smk_access(tkp, keyp->security, request, &ad);
4322 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4323 return rc;
e114e473 4324}
7fc5f36e
JB		 4325
4326/*
4327 * smack_key_getsecurity - Smack label tagging the key
4328 * @key points to the key to be queried
4329 * @_buffer points to a pointer that should be set to point to the
4330 * resulting string (if no label or an error occurs).
4331 * Return the length of the string (including terminating NUL) or -ve if
4332 * an error.
4333 * May also return 0 (and a NULL buffer pointer) if there is no label.
4334 */
4335static int smack_key_getsecurity(struct key *key, char **_buffer)
4336{
4337 struct smack_known *skp = key->security;
4338 size_t length;
4339 char *copy;
4340
4341 if (key->security == NULL) {
4342 *_buffer = NULL;
4343 return 0;
4344 }
4345
4346 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4347 if (copy == NULL)
4348 return -ENOMEM;
4349 length = strlen(copy) + 1;
4350
4351 *_buffer = copy;
4352 return length;
4353}
4354
a8478a60
DH		 4355
4356#ifdef CONFIG_KEY_NOTIFICATIONS
4357/**
4358 * smack_watch_key - Smack access to watch a key for notifications.
4359 * @key: The key to be watched
4360 *
4361 * Return 0 if the @watch->cred has permission to read from the key object and
4362 * an error otherwise.
4363 */
4364static int smack_watch_key(struct key *key)
4365{
4366 struct smk_audit_info ad;
4367 struct smack_known *tkp = smk_of_current();
4368 int rc;
4369
4370 if (key == NULL)
4371 return -EINVAL;
4372 /*
4373 * If the key hasn't been initialized give it access so that
4374 * it may do so.
4375 */
4376 if (key->security == NULL)
4377 return 0;
4378 /*
4379 * This should not occur
4380 */
4381 if (tkp == NULL)
4382 return -EACCES;
4383
4384 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4385 return 0;
4386
4387#ifdef CONFIG_AUDIT
4388 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4389 ad.a.u.key_struct.key = key->serial;
4390 ad.a.u.key_struct.key_desc = key->description;
4391#endif
4392 rc = smk_access(tkp, key->security, MAY_READ, &ad);
4393 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4394 return rc;
4395}
4396#endif /* CONFIG_KEY_NOTIFICATIONS */
e114e473
CS		 4397#endif /* CONFIG_KEYS */
4398
a8478a60
DH		 4399#ifdef CONFIG_WATCH_QUEUE
4400/**
4401 * smack_post_notification - Smack access to post a notification to a queue
4402 * @w_cred: The credentials of the watcher.
4403 * @cred: The credentials of the event source (may be NULL).
4404 * @n: The notification message to be posted.
4405 */
4406static int smack_post_notification(const struct cred *w_cred,
4407 const struct cred *cred,
4408 struct watch_notification *n)
4409{
4410 struct smk_audit_info ad;
4411 struct smack_known *subj, *obj;
4412 int rc;
4413
4414 /* Always let maintenance notifications through. */
4415 if (n->type == WATCH_TYPE_META)
4416 return 0;
4417
4418 if (!cred)
4419 return 0;
4420 subj = smk_of_task(smack_cred(cred));
4421 obj = smk_of_task(smack_cred(w_cred));
4422
4423 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4424 rc = smk_access(subj, obj, MAY_WRITE, &ad);
4425 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4426 return rc;
4427}
4428#endif /* CONFIG_WATCH_QUEUE */
4429
d20bdda6
AD		 4430/*
4431 * Smack Audit hooks
4432 *
4433 * Audit requires a unique representation of each Smack specific
4434 * rule. This unique representation is used to distinguish the
4435 * object to be audited from remaining kernel objects and also
4436 * works as a glue between the audit hooks.
4437 *
4438 * Since repository entries are added but never deleted, we'll use
4439 * the smack_known label address related to the given audit rule as
4440 * the needed unique representation. This also better fits the smack
4441 * model where nearly everything is a label.
4442 */
4443#ifdef CONFIG_AUDIT
4444
4445/**
4446 * smack_audit_rule_init - Initialize a smack audit rule
4447 * @field: audit rule fields given from user-space (audit.h)
4448 * @op: required testing operator (=, !=, >, <, ...)
4449 * @rulestr: smack label to be audited
4450 * @vrule: pointer to save our own audit rule representation
4451 *
4452 * Prepare to audit cases where (@field @op @rulestr) is true.
4453 * The label to be audited is created if necessay.
4454 */
4455static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4456{
21c7eae2 4457 struct smack_known *skp;
d20bdda6
AD		 4458 char **rule = (char **)vrule;
4459 *rule = NULL;
4460
4461 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4462 return -EINVAL;
4463
5af75d8d 4464 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4465 return -EINVAL;
4466
21c7eae2 4467 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4468 if (IS_ERR(skp))
4469 return PTR_ERR(skp);
4470
4471 *rule = skp->smk_known;
d20bdda6
AD		 4472
4473 return 0;
4474}
4475
4476/**
4477 * smack_audit_rule_known - Distinguish Smack audit rules
4478 * @krule: rule of interest, in Audit kernel representation format
4479 *
4480 * This is used to filter Smack rules from remaining Audit ones.
4481 * If it's proved that this rule belongs to us, the
4482 * audit_rule_match hook will be called to do the final judgement.
4483 */
4484static int smack_audit_rule_known(struct audit_krule *krule)
4485{
4486 struct audit_field *f;
4487 int i;
4488
4489 for (i = 0; i < krule->field_count; i++) {
4490 f = &krule->fields[i];
4491
4492 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4493 return 1;
4494 }
4495
4496 return 0;
4497}
4498
4499/**
4500 * smack_audit_rule_match - Audit given object ?
4501 * @secid: security id for identifying the object to test
4502 * @field: audit rule flags given from user-space
4503 * @op: required testing operator
4504 * @vrule: smack internal rule presentation
d20bdda6
AD		 4505 *
4506 * The core Audit hook. It's used to take the decision of
4507 * whether to audit or not to audit a given object.
4508 */
90462a5b 4509static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
d20bdda6 4510{
2f823ff8 4511 struct smack_known *skp;
d20bdda6
AD		 4512 char *rule = vrule;
4513
4eb0f4ab
RGB		 4514 if (unlikely(!rule)) {
4515 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4516 return -ENOENT;
4517 }
4518
4519 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4520 return 0;
4521
2f823ff8 4522 skp = smack_from_secid(secid);
d20bdda6
AD		 4523
4524 /*
4525 * No need to do string comparisons. If a match occurs,
4526 * both pointers will point to the same smack_known
4527 * label.
4528 */
5af75d8d 4529 if (op == Audit_equal)
2f823ff8 4530 return (rule == skp->smk_known);
5af75d8d 4531 if (op == Audit_not_equal)
2f823ff8 4532 return (rule != skp->smk_known);
d20bdda6
AD		 4533
4534 return 0;
4535}
4536
491a0b08
CS		 4537/*
4538 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4539 * No memory was allocated.
4540 */
d20bdda6
AD		 4541
4542#endif /* CONFIG_AUDIT */
4543
746df9b5
DQ		 4544/**
4545 * smack_ismaclabel - check if xattr @name references a smack MAC label
4546 * @name: Full xattr name to check.
4547 */
4548static int smack_ismaclabel(const char *name)
4549{
4550 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4551}
4552
4553
251a2a95 4554/**
e114e473
CS		 4555 * smack_secid_to_secctx - return the smack label for a secid
4556 * @secid: incoming integer
4557 * @secdata: destination
4558 * @seclen: how long it is
4559 *
4560 * Exists for networking code.
4561 */
4562static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4563{
2f823ff8 4564 struct smack_known *skp = smack_from_secid(secid);
e114e473 4565
d5630b9d 4566 if (secdata)
2f823ff8
CS		 4567 *secdata = skp->smk_known;
4568 *seclen = strlen(skp->smk_known);
e114e473
CS		 4569 return 0;
4570}
4571
251a2a95 4572/**
4bc87e62
CS		 4573 * smack_secctx_to_secid - return the secid for a smack label
4574 * @secdata: smack label
4575 * @seclen: how long result is
4576 * @secid: outgoing integer
4577 *
4578 * Exists for audit and networking code.
4579 */
e52c1764 4580static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4581{
21c7eae2
LP		 4582 struct smack_known *skp = smk_find_entry(secdata);
4583
4584 if (skp)
4585 *secid = skp->smk_secid;
4586 else
4587 *secid = 0;
4bc87e62
CS		 4588 return 0;
4589}
4590
491a0b08
CS		 4591/*
4592 * There used to be a smack_release_secctx hook
4593 * that did nothing back when hooks were in a vector.
4594 * Now that there's a list such a hook adds cost.
e114e473 4595 */
e114e473 4596
1ee65e37
DQ		 4597static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4598{
c7c7a1a1
TA		 4599 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4600 ctxlen, 0);
1ee65e37
DQ		 4601}
4602
4603static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4604{
c7c7a1a1
TA		 4605 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
4606 ctx, ctxlen, 0);
1ee65e37
DQ		 4607}
4608
4609static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4610{
0f8983cf 4611 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4612
0f8983cf
CS		 4613 *ctx = skp->smk_known;
4614 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4615 return 0;
4616}
4617
d6d80cb5
CS		 4618static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4619{
4620
4621 struct task_smack *tsp;
4622 struct smack_known *skp;
4623 struct inode_smack *isp;
4624 struct cred *new_creds = *new;
4625
4626 if (new_creds == NULL) {
4627 new_creds = prepare_creds();
4628 if (new_creds == NULL)
4629 return -ENOMEM;
4630 }
4631
b17103a8 4632 tsp = smack_cred(new_creds);
d6d80cb5
CS		 4633
4634 /*
4635 * Get label from overlay inode and set it in create_sid
4636 */
fb4021b6 4637 isp = smack_inode(d_inode(dentry->d_parent));
d6d80cb5
CS		 4638 skp = isp->smk_inode;
4639 tsp->smk_task = skp;
4640 *new = new_creds;
4641 return 0;
4642}
4643
4644static int smack_inode_copy_up_xattr(const char *name)
4645{
4646 /*
4647 * Return 1 if this is the smack access Smack attribute.
4648 */
4649 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4650 return 1;
4651
4652 return -EOPNOTSUPP;
4653}
4654
4655static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4656 struct qstr *name,
4657 const struct cred *old,
4658 struct cred *new)
4659{
b17103a8
CS		 4660 struct task_smack *otsp = smack_cred(old);
4661 struct task_smack *ntsp = smack_cred(new);
d6d80cb5
CS		 4662 struct inode_smack *isp;
4663 int may;
4664
4665 /*
4666 * Use the process credential unless all of
4667 * the transmuting criteria are met
4668 */
4669 ntsp->smk_task = otsp->smk_task;
4670
4671 /*
4672 * the attribute of the containing directory
4673 */
fb4021b6 4674 isp = smack_inode(d_inode(dentry->d_parent));
d6d80cb5
CS		 4675
4676 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4677 rcu_read_lock();
4678 may = smk_access_entry(otsp->smk_task->smk_known,
4679 isp->smk_inode->smk_known,
4680 &otsp->smk_task->smk_rules);
4681 rcu_read_unlock();
4682
4683 /*
4684 * If the directory is transmuting and the rule
4685 * providing access is transmuting use the containing
4686 * directory label instead of the process label.
4687 */
4688 if (may > 0 && (may & MAY_TRANSMUTE))
4689 ntsp->smk_task = isp->smk_inode;
4690 }
4691 return 0;
4692}
4693
bbd3662a
CS		 4694struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
4695 .lbs_cred = sizeof(struct task_smack),
33bf60ca 4696 .lbs_file = sizeof(struct smack_known *),
afb1cbe3 4697 .lbs_inode = sizeof(struct inode_smack),
ecd5f82e
CS		 4698 .lbs_ipc = sizeof(struct smack_known *),
4699 .lbs_msg_msg = sizeof(struct smack_known *),
1aea7808 4700 .lbs_superblock = sizeof(struct superblock_smack),
12ddb08a 4701 .lbs_sock = sizeof(struct socket_smack),
bbd3662a
CS		 4702};
4703
f17b27a2
CS		 4704static struct lsm_id smack_lsmid __lsm_ro_after_init = {
4705 .lsm = "smack",
4706 .slot = LSMBLOB_NEEDED
4707};
4708
ca97d939 4709static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4710 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4711 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4712 LSM_HOOK_INIT(syslog, smack_syslog),
4713
0b52075e 4714 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
2febd254
DH		 4715 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4716
e20b043a 4717 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
204cc0cc 4718 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 4719 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 4720 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 4721 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a 4722
b8bff599 4723 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
e20b043a
CS		 4724
4725 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
e20b043a
CS		 4726 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4727 LSM_HOOK_INIT(inode_link, smack_inode_link),
4728 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4729 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4730 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4731 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4732 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4733 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4734 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4735 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4736 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4737 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4738 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4739 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4740 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4741 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4742
e20b043a 4743 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
e20b043a
CS		 4744 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4745 LSM_HOOK_INIT(file_lock, smack_file_lock),
4746 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4747 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4748 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4749 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4750 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4751 LSM_HOOK_INIT(file_receive, smack_file_receive),
4752
4753 LSM_HOOK_INIT(file_open, smack_file_open),
4754
4755 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4756 LSM_HOOK_INIT(cred_free, smack_cred_free),
4757 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4758 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 4759 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 4760 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4761 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4762 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4763 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4764 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
1fb057dc
PM		 4765 LSM_HOOK_INIT(task_getsecid_subj, smack_task_getsecid_subj),
4766 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
e20b043a
CS		 4767 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4768 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4769 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4770 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4771 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4772 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4773 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4774 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4775
4776 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4777 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4778
4779 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
e20b043a 4780
0d79cbf8 4781 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4782 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4783 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4784 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4785 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4786
0d79cbf8 4787 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4788 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4789 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4790 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4791
0d79cbf8 4792 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
e20b043a
CS		 4793 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4794 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4795 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4796
4797 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4798
4799 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4800 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4801
4802 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4803 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4804
4805 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 4806 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 4807#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4808 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4809#endif
e20b043a
CS		 4810 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4811 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4812 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4813 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4814 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4815 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
12ddb08a 4816#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4817 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
12ddb08a 4818#endif
e20b043a
CS		 4819 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4820 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4821 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4822
e114e473
CS		 4823 /* key management security hooks */
4824#ifdef CONFIG_KEYS
e20b043a
CS		 4825 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4826 LSM_HOOK_INIT(key_free, smack_key_free),
4827 LSM_HOOK_INIT(key_permission, smack_key_permission),
4828 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
a8478a60
DH		 4829#ifdef CONFIG_KEY_NOTIFICATIONS
4830 LSM_HOOK_INIT(watch_key, smack_watch_key),
4831#endif
e114e473 4832#endif /* CONFIG_KEYS */
d20bdda6 4833
a8478a60
DH		 4834#ifdef CONFIG_WATCH_QUEUE
4835 LSM_HOOK_INIT(post_notification, smack_post_notification),
4836#endif
4837
d20bdda6
AD		 4838 /* Audit hooks */
4839#ifdef CONFIG_AUDIT
e20b043a
CS		 4840 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4841 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4842 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4843#endif /* CONFIG_AUDIT */
4844
e20b043a
CS		 4845 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4846 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4847 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4848 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4849 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4850 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 4851 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4852 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4853 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
e114e473
CS		 4854};
4855
7198e2ee 4856
86812bb0 4857static __init void init_smack_known_list(void)
7198e2ee 4858{
86812bb0
CS		 4859 /*
4860 * Initialize rule list locks
4861 */
4862 mutex_init(&smack_known_huh.smk_rules_lock);
4863 mutex_init(&smack_known_hat.smk_rules_lock);
4864 mutex_init(&smack_known_floor.smk_rules_lock);
4865 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4866 mutex_init(&smack_known_web.smk_rules_lock);
4867 /*
4868 * Initialize rule lists
4869 */
4870 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4871 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4872 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4873 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4874 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4875 /*
4876 * Create the known labels list
4877 */
4d7cf4a1
TS		 4878 smk_insert_entry(&smack_known_huh);
4879 smk_insert_entry(&smack_known_hat);
4880 smk_insert_entry(&smack_known_star);
4881 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4882 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4883}
4884
e114e473
CS		 4885/**
4886 * smack_init - initialize the smack system
4887 *
a1a07f22 4888 * Returns 0 on success, -ENOMEM is there's no memory
e114e473
CS		 4889 */
4890static __init int smack_init(void)
4891{
bbd3662a 4892 struct cred *cred = (struct cred *) current->cred;
676dac4b 4893 struct task_smack *tsp;
d84f4f99 4894
4e328b08 4895 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4ca75287 4896 if (!smack_rule_cache)
4e328b08 4897 return -ENOMEM;
4e328b08 4898
bbd3662a
CS		 4899 /*
4900 * Set the security state for the initial task.
4901 */
4902 tsp = smack_cred(cred);
4903 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4904
4905 /*
4906 * Register with LSM
4907 */
f17b27a2 4908 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
d21b7b04
JB		 4909 smack_enabled = 1;
4910
21abb1ec
CS		 4911 pr_info("Smack: Initializing.\n");
4912#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4913 pr_info("Smack: Netfilter enabled.\n");
4914#endif
4915#ifdef SMACK_IPV6_PORT_LABELING
4916 pr_info("Smack: IPv6 port labeling enabled.\n");
4917#endif
4918#ifdef SMACK_IPV6_SECMARK_LABELING
4919 pr_info("Smack: IPv6 Netfilter enabled.\n");
4920#endif
e114e473 4921
86812bb0
CS		 4922 /* initialize the smack_known_list */
4923 init_smack_known_list();
e114e473 4924
e114e473
CS		 4925 return 0;
4926}
4927
4928/*
4929 * Smack requires early initialization in order to label
4930 * all processes and objects when they are created.
4931 */
3d6e5f6d 4932DEFINE_LSM(smack) = {
07aed2f2 4933 .name = "smack",
14bd99c8 4934 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
bbd3662a 4935 .blobs = &smack_blob_sizes,
3d6e5f6d
KC		 4936 .init = smack_init,
4937};
Ubuntu Jammy Linux kernel mirror