]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - security/smack/smack_lsm.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
LSM: new method: ->sb_add_mnt_opt()
[mirror_ubuntu-jammy-kernel.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
d66a8acb 31#include <linux/icmpv6.h>
5a0e3ad6 32#include <linux/slab.h>
e114e473
CS		 33#include <linux/mutex.h>
34#include <linux/pipe_fs_i.h>
e114e473 35#include <net/cipso_ipv4.h>
c6739443
CS		 36#include <net/ip.h>
37#include <net/ipv6.h>
d20bdda6 38#include <linux/audit.h>
1fd7317d 39#include <linux/magic.h>
2a7dba39 40#include <linux/dcache.h>
16014d87 41#include <linux/personality.h>
40401530
AV		 42#include <linux/msg.h>
43#include <linux/shm.h>
44#include <linux/binfmts.h>
3bf2789c 45#include <linux/parser.h>
e114e473
CS		 46#include "smack.h"
47
5c6d1125
JS		 48#define TRANS_TRUE "TRUE"
49#define TRANS_TRUE_SIZE 4
50
c6739443
CS		 51#define SMK_CONNECTING 0
52#define SMK_RECEIVING 1
53#define SMK_SENDING 2
54
21abb1ec 55#ifdef SMACK_IPV6_PORT_LABELING
3c7ce342 56DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 57static LIST_HEAD(smk_ipv6_port_list);
21abb1ec 58#endif
1a5b472b 59static struct kmem_cache *smack_inode_cache;
69f287ae 60int smack_enabled;
c6739443 61
3d04c924 62static const match_table_t smk_mount_tokens = {
3bf2789c
VT		 63 {Opt_fsdefault, SMK_FSDEFAULT "%s"},
64 {Opt_fsfloor, SMK_FSFLOOR "%s"},
65 {Opt_fshat, SMK_FSHAT "%s"},
66 {Opt_fsroot, SMK_FSROOT "%s"},
67 {Opt_fstransmute, SMK_FSTRANS "%s"},
68 {Opt_error, NULL},
69};
70
3d04c924
CS		 71#ifdef CONFIG_SECURITY_SMACK_BRINGUP
72static char *smk_bu_mess[] = {
73 "Bringup Error", /* Unused */
74 "Bringup", /* SMACK_BRINGUP_ALLOW */
75 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
76 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
77};
78
d166c802
CS		 79static void smk_bu_mode(int mode, char *s)
80{
81 int i = 0;
82
83 if (mode & MAY_READ)
84 s[i++] = 'r';
85 if (mode & MAY_WRITE)
86 s[i++] = 'w';
87 if (mode & MAY_EXEC)
88 s[i++] = 'x';
89 if (mode & MAY_APPEND)
90 s[i++] = 'a';
91 if (mode & MAY_TRANSMUTE)
92 s[i++] = 't';
93 if (mode & MAY_LOCK)
94 s[i++] = 'l';
95 if (i == 0)
96 s[i++] = '-';
97 s[i] = '\0';
98}
99#endif
100
101#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 102static int smk_bu_note(char *note, struct smack_known *sskp,
103 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 104{
105 char acc[SMK_NUM_ACCESS_TYPE + 1];
106
107 if (rc <= 0)
108 return rc;
bf4b2fee
CS		 109 if (rc > SMACK_UNCONFINED_OBJECT)
110 rc = 0;
d166c802
CS		 111
112 smk_bu_mode(mode, acc);
bf4b2fee 113 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 114 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 115 return 0;
116}
117#else
21c7eae2 118#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 119#endif
120
121#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 122static int smk_bu_current(char *note, struct smack_known *oskp,
123 int mode, int rc)
d166c802
CS		 124{
125 struct task_smack *tsp = current_security();
126 char acc[SMK_NUM_ACCESS_TYPE + 1];
127
128 if (rc <= 0)
129 return rc;
bf4b2fee
CS		 130 if (rc > SMACK_UNCONFINED_OBJECT)
131 rc = 0;
d166c802
CS		 132
133 smk_bu_mode(mode, acc);
bf4b2fee 134 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 135 tsp->smk_task->smk_known, oskp->smk_known,
136 acc, current->comm, note);
d166c802
CS		 137 return 0;
138}
139#else
21c7eae2 140#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 141#endif
142
143#ifdef CONFIG_SECURITY_SMACK_BRINGUP
144static int smk_bu_task(struct task_struct *otp, int mode, int rc)
145{
146 struct task_smack *tsp = current_security();
6d1cff2a 147 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 148 char acc[SMK_NUM_ACCESS_TYPE + 1];
149
150 if (rc <= 0)
151 return rc;
bf4b2fee
CS		 152 if (rc > SMACK_UNCONFINED_OBJECT)
153 rc = 0;
d166c802
CS		 154
155 smk_bu_mode(mode, acc);
bf4b2fee 156 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 157 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 158 current->comm, otp->comm);
159 return 0;
160}
161#else
162#define smk_bu_task(otp, mode, RC) (RC)
163#endif
164
165#ifdef CONFIG_SECURITY_SMACK_BRINGUP
166static int smk_bu_inode(struct inode *inode, int mode, int rc)
167{
168 struct task_smack *tsp = current_security();
bf4b2fee 169 struct inode_smack *isp = inode->i_security;
d166c802
CS		 170 char acc[SMK_NUM_ACCESS_TYPE + 1];
171
bf4b2fee
CS		 172 if (isp->smk_flags & SMK_INODE_IMPURE)
173 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
174 inode->i_sb->s_id, inode->i_ino, current->comm);
175
d166c802
CS		 176 if (rc <= 0)
177 return rc;
bf4b2fee
CS		 178 if (rc > SMACK_UNCONFINED_OBJECT)
179 rc = 0;
180 if (rc == SMACK_UNCONFINED_SUBJECT &&
181 (mode & (MAY_WRITE | MAY_APPEND)))
182 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 183
184 smk_bu_mode(mode, acc);
bf4b2fee
CS		 185
186 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
187 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 188 inode->i_sb->s_id, inode->i_ino, current->comm);
189 return 0;
190}
191#else
192#define smk_bu_inode(inode, mode, RC) (RC)
193#endif
194
195#ifdef CONFIG_SECURITY_SMACK_BRINGUP
196static int smk_bu_file(struct file *file, int mode, int rc)
197{
198 struct task_smack *tsp = current_security();
199 struct smack_known *sskp = tsp->smk_task;
5e7270a6 200 struct inode *inode = file_inode(file);
bf4b2fee 201 struct inode_smack *isp = inode->i_security;
d166c802
CS		 202 char acc[SMK_NUM_ACCESS_TYPE + 1];
203
bf4b2fee
CS		 204 if (isp->smk_flags & SMK_INODE_IMPURE)
205 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
206 inode->i_sb->s_id, inode->i_ino, current->comm);
207
d166c802
CS		 208 if (rc <= 0)
209 return rc;
bf4b2fee
CS		 210 if (rc > SMACK_UNCONFINED_OBJECT)
211 rc = 0;
d166c802
CS		 212
213 smk_bu_mode(mode, acc);
bf4b2fee 214 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 215 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 216 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 217 current->comm);
218 return 0;
219}
220#else
221#define smk_bu_file(file, mode, RC) (RC)
222#endif
223
224#ifdef CONFIG_SECURITY_SMACK_BRINGUP
225static int smk_bu_credfile(const struct cred *cred, struct file *file,
226 int mode, int rc)
227{
228 struct task_smack *tsp = cred->security;
229 struct smack_known *sskp = tsp->smk_task;
45063097 230 struct inode *inode = file_inode(file);
bf4b2fee 231 struct inode_smack *isp = inode->i_security;
d166c802
CS		 232 char acc[SMK_NUM_ACCESS_TYPE + 1];
233
bf4b2fee
CS		 234 if (isp->smk_flags & SMK_INODE_IMPURE)
235 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
236 inode->i_sb->s_id, inode->i_ino, current->comm);
237
d166c802
CS		 238 if (rc <= 0)
239 return rc;
bf4b2fee
CS		 240 if (rc > SMACK_UNCONFINED_OBJECT)
241 rc = 0;
d166c802
CS		 242
243 smk_bu_mode(mode, acc);
bf4b2fee 244 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 245 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 246 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 247 current->comm);
248 return 0;
249}
250#else
251#define smk_bu_credfile(cred, file, mode, RC) (RC)
252#endif
253
e114e473
CS		 254/**
255 * smk_fetch - Fetch the smack label from a file.
1a28979b 256 * @name: type of the label (attribute)
e114e473
CS		 257 * @ip: a pointer to the inode
258 * @dp: a pointer to the dentry
259 *
e774ad68
LP		 260 * Returns a pointer to the master list entry for the Smack label,
261 * NULL if there was no label to fetch, or an error code.
e114e473 262 */
2f823ff8
CS		 263static struct smack_known *smk_fetch(const char *name, struct inode *ip,
264 struct dentry *dp)
e114e473
CS		 265{
266 int rc;
f7112e6c 267 char *buffer;
2f823ff8 268 struct smack_known *skp = NULL;
e114e473 269
5d6c3191 270 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 271 return ERR_PTR(-EOPNOTSUPP);
e114e473 272
f7112e6c
CS		 273 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
274 if (buffer == NULL)
e774ad68 275 return ERR_PTR(-ENOMEM);
e114e473 276
5d6c3191 277 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 278 if (rc < 0)
279 skp = ERR_PTR(rc);
280 else if (rc == 0)
281 skp = NULL;
282 else
2f823ff8 283 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 284
285 kfree(buffer);
286
2f823ff8 287 return skp;
e114e473
CS		 288}
289
290/**
291 * new_inode_smack - allocate an inode security blob
21c7eae2 292 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 293 *
294 * Returns the new blob or NULL if there's no memory available
295 */
1eddfe8e 296static struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 297{
298 struct inode_smack *isp;
299
1a5b472b 300 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 301 if (isp == NULL)
302 return NULL;
303
21c7eae2 304 isp->smk_inode = skp;
e114e473
CS		 305 isp->smk_flags = 0;
306 mutex_init(&isp->smk_lock);
307
308 return isp;
309}
310
7898e1f8
CS		 311/**
312 * new_task_smack - allocate a task security blob
1a28979b
LP		 313 * @task: a pointer to the Smack label for the running task
314 * @forked: a pointer to the Smack label for the forked task
315 * @gfp: type of the memory for the allocation
7898e1f8
CS		 316 *
317 * Returns the new blob or NULL if there's no memory available
318 */
2f823ff8
CS		 319static struct task_smack *new_task_smack(struct smack_known *task,
320 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 321{
322 struct task_smack *tsp;
323
324 tsp = kzalloc(sizeof(struct task_smack), gfp);
325 if (tsp == NULL)
326 return NULL;
327
328 tsp->smk_task = task;
329 tsp->smk_forked = forked;
330 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 331 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8
CS		 332 mutex_init(&tsp->smk_rules_lock);
333
334 return tsp;
335}
336
337/**
338 * smk_copy_rules - copy a rule set
1a28979b
LP		 339 * @nhead: new rules header pointer
340 * @ohead: old rules header pointer
341 * @gfp: type of the memory for the allocation
7898e1f8
CS		 342 *
343 * Returns 0 on success, -ENOMEM on error
344 */
345static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
346 gfp_t gfp)
347{
348 struct smack_rule *nrp;
349 struct smack_rule *orp;
350 int rc = 0;
351
7898e1f8
CS		 352 list_for_each_entry_rcu(orp, ohead, list) {
353 nrp = kzalloc(sizeof(struct smack_rule), gfp);
354 if (nrp == NULL) {
355 rc = -ENOMEM;
356 break;
357 }
358 *nrp = *orp;
359 list_add_rcu(&nrp->list, nhead);
360 }
361 return rc;
362}
363
38416e53
ZJ		 364/**
365 * smk_copy_relabel - copy smk_relabel labels list
366 * @nhead: new rules header pointer
367 * @ohead: old rules header pointer
368 * @gfp: type of the memory for the allocation
369 *
370 * Returns 0 on success, -ENOMEM on error
371 */
372static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
373 gfp_t gfp)
374{
375 struct smack_known_list_elem *nklep;
376 struct smack_known_list_elem *oklep;
377
38416e53
ZJ		 378 list_for_each_entry(oklep, ohead, list) {
379 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
380 if (nklep == NULL) {
381 smk_destroy_label_list(nhead);
382 return -ENOMEM;
383 }
384 nklep->smk_label = oklep->smk_label;
385 list_add(&nklep->list, nhead);
386 }
387
388 return 0;
389}
390
5663884c
LP		 391/**
392 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
393 * @mode - input mode in form of PTRACE_MODE_*
394 *
395 * Returns a converted MAY_* mode usable by smack rules
396 */
397static inline unsigned int smk_ptrace_mode(unsigned int mode)
398{
3dfb7d8c 399 if (mode & PTRACE_MODE_ATTACH)
5663884c 400 return MAY_READWRITE;
3dfb7d8c
JH		 401 if (mode & PTRACE_MODE_READ)
402 return MAY_READ;
5663884c
LP		 403
404 return 0;
405}
406
407/**
408 * smk_ptrace_rule_check - helper for ptrace access
409 * @tracer: tracer process
21c7eae2 410 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 411 * @mode: ptrace attachment mode (PTRACE_MODE_*)
412 * @func: name of the function that called us, used for audit
413 *
414 * Returns 0 on access granted, -error on error
415 */
21c7eae2
LP		 416static int smk_ptrace_rule_check(struct task_struct *tracer,
417 struct smack_known *tracee_known,
5663884c
LP		 418 unsigned int mode, const char *func)
419{
420 int rc;
421 struct smk_audit_info ad, *saip = NULL;
422 struct task_smack *tsp;
21c7eae2 423 struct smack_known *tracer_known;
dcb569cf 424 const struct cred *tracercred;
5663884c
LP		 425
426 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
427 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
428 smk_ad_setfield_u_tsk(&ad, tracer);
429 saip = &ad;
430 }
431
6d1cff2a 432 rcu_read_lock();
dcb569cf
CS		 433 tracercred = __task_cred(tracer);
434 tsp = tracercred->security;
21c7eae2 435 tracer_known = smk_of_task(tsp);
5663884c 436
66867818
LP		 437 if ((mode & PTRACE_MODE_ATTACH) &&
438 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
439 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 440 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 441 rc = 0;
442 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
443 rc = -EACCES;
dcb569cf 444 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 445 rc = 0;
446 else
447 rc = -EACCES;
448
449 if (saip)
21c7eae2
LP		 450 smack_log(tracer_known->smk_known,
451 tracee_known->smk_known,
452 0, rc, saip);
66867818 453
6d1cff2a 454 rcu_read_unlock();
66867818
LP		 455 return rc;
456 }
457
458 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 459 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 460
461 rcu_read_unlock();
5663884c
LP		 462 return rc;
463}
464
e114e473
CS		 465/*
466 * LSM hooks.
467 * We he, that is fun!
468 */
469
470/**
9e48858f 471 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 472 * @ctp: child task pointer
5663884c 473 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 474 *
475 * Returns 0 if access is OK, an error code otherwise
476 *
5663884c 477 * Do the capability checks.
e114e473 478 */
9e48858f 479static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 480{
2f823ff8 481 struct smack_known *skp;
e114e473 482
6d1cff2a 483 skp = smk_of_task_struct(ctp);
ecfcc53f 484
b1d9e6b0 485 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 486}
487
488/**
489 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
490 * @ptp: parent task pointer
491 *
492 * Returns 0 if access is OK, an error code otherwise
493 *
5663884c 494 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 495 */
496static int smack_ptrace_traceme(struct task_struct *ptp)
497{
498 int rc;
2f823ff8 499 struct smack_known *skp;
5cd9c58f 500
959e6c7f 501 skp = smk_of_task(current_security());
ecfcc53f 502
21c7eae2 503 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 504 return rc;
505}
506
507/**
508 * smack_syslog - Smack approval on syslog
509 * @type: message type
510 *
e114e473
CS		 511 * Returns 0 on success, error code otherwise.
512 */
12b3052c 513static int smack_syslog(int typefrom_file)
e114e473 514{
12b3052c 515 int rc = 0;
2f823ff8 516 struct smack_known *skp = smk_of_current();
e114e473 517
1880eff7 518 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 519 return 0;
520
24ea1b6e 521 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 522 rc = -EACCES;
523
524 return rc;
525}
526
527
528/*
529 * Superblock Hooks.
530 */
531
532/**
533 * smack_sb_alloc_security - allocate a superblock blob
534 * @sb: the superblock getting the blob
535 *
536 * Returns 0 on success or -ENOMEM on error.
537 */
538static int smack_sb_alloc_security(struct super_block *sb)
539{
540 struct superblock_smack *sbsp;
541
542 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
543
544 if (sbsp == NULL)
545 return -ENOMEM;
546
21c7eae2
LP		 547 sbsp->smk_root = &smack_known_floor;
548 sbsp->smk_default = &smack_known_floor;
549 sbsp->smk_floor = &smack_known_floor;
550 sbsp->smk_hat = &smack_known_hat;
e830b394 551 /*
9f50eda2 552 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 553 */
e114e473
CS		 554 sb->s_security = sbsp;
555
556 return 0;
557}
558
559/**
560 * smack_sb_free_security - free a superblock blob
561 * @sb: the superblock getting the blob
562 *
563 */
564static void smack_sb_free_security(struct super_block *sb)
565{
566 kfree(sb->s_security);
567 sb->s_security = NULL;
568}
569
12085b14
AV		 570struct smack_mnt_opts {
571 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
572};
573
204cc0cc
AV		 574static void smack_free_mnt_opts(void *mnt_opts)
575{
12085b14
AV		 576 struct smack_mnt_opts *opts = mnt_opts;
577 kfree(opts->fsdefault);
578 kfree(opts->fsfloor);
579 kfree(opts->fshat);
580 kfree(opts->fsroot);
581 kfree(opts->fstransmute);
204cc0cc
AV		 582 kfree(opts);
583}
584
e114e473
CS		 585/**
586 * smack_sb_copy_data - copy mount options data for processing
e114e473 587 * @orig: where to start
251a2a95 588 * @smackopts: mount options string
e114e473
CS		 589 *
590 * Returns 0 on success or -ENOMEM on error.
591 *
592 * Copy the Smack specific mount options out of the mount
593 * options list.
594 */
e0007529 595static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 596{
597 char *cp, *commap, *otheropts, *dp;
598
e114e473
CS		 599 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
600 if (otheropts == NULL)
601 return -ENOMEM;
602
603 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
604 if (strstr(cp, SMK_FSDEFAULT) == cp)
605 dp = smackopts;
606 else if (strstr(cp, SMK_FSFLOOR) == cp)
607 dp = smackopts;
608 else if (strstr(cp, SMK_FSHAT) == cp)
609 dp = smackopts;
610 else if (strstr(cp, SMK_FSROOT) == cp)
611 dp = smackopts;
e830b394
CS		 612 else if (strstr(cp, SMK_FSTRANS) == cp)
613 dp = smackopts;
e114e473
CS		 614 else
615 dp = otheropts;
616
617 commap = strchr(cp, ',');
618 if (commap != NULL)
619 *commap = '\0';
620
621 if (*dp != '\0')
622 strcat(dp, ",");
623 strcat(dp, cp);
624 }
625
626 strcpy(orig, otheropts);
627 free_page((unsigned long)otheropts);
628
629 return 0;
630}
631
632/**
3bf2789c
VT		 633 * smack_parse_opts_str - parse Smack specific mount options
634 * @options: mount options string
635 * @opts: where to store converted mount opts
636 *
637 * Returns 0 on success or -ENOMEM on error.
638 *
639 * converts Smack specific mount options to generic security option format
640 */
641static int smack_parse_opts_str(char *options,
204cc0cc 642 void **mnt_opts)
3bf2789c 643{
12085b14 644 struct smack_mnt_opts *opts = *mnt_opts;
3bf2789c 645 char *p;
3d04c924 646 int rc = -ENOMEM;
3d04c924 647 int token;
3bf2789c 648
3bf2789c
VT		 649 if (!options)
650 return 0;
651
652 while ((p = strsep(&options, ",")) != NULL) {
3bf2789c
VT		 653 substring_t args[MAX_OPT_ARGS];
654
655 if (!*p)
656 continue;
657
3d04c924 658 token = match_token(p, smk_mount_tokens, args);
3bf2789c 659
12085b14
AV		 660 if (!opts) {
661 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
662 if (!opts)
663 return -ENOMEM;
664 }
665
3bf2789c
VT		 666 switch (token) {
667 case Opt_fsdefault:
12085b14 668 if (opts->fsdefault)
3bf2789c 669 goto out_opt_err;
12085b14
AV		 670 opts->fsdefault = match_strdup(&args[0]);
671 if (!opts->fsdefault)
3bf2789c
VT		 672 goto out_err;
673 break;
674 case Opt_fsfloor:
12085b14 675 if (opts->fsfloor)
3bf2789c 676 goto out_opt_err;
12085b14
AV		 677 opts->fsfloor = match_strdup(&args[0]);
678 if (!opts->fsfloor)
3bf2789c
VT		 679 goto out_err;
680 break;
681 case Opt_fshat:
12085b14 682 if (opts->fshat)
3bf2789c 683 goto out_opt_err;
12085b14
AV		 684 opts->fshat = match_strdup(&args[0]);
685 if (!opts->fshat)
3bf2789c
VT		 686 goto out_err;
687 break;
688 case Opt_fsroot:
12085b14 689 if (opts->fsroot)
3bf2789c 690 goto out_opt_err;
12085b14
AV		 691 opts->fsroot = match_strdup(&args[0]);
692 if (!opts->fsroot)
3bf2789c
VT		 693 goto out_err;
694 break;
695 case Opt_fstransmute:
12085b14 696 if (opts->fstransmute)
3bf2789c 697 goto out_opt_err;
12085b14
AV		 698 opts->fstransmute = match_strdup(&args[0]);
699 if (!opts->fstransmute)
3bf2789c
VT		 700 goto out_err;
701 break;
702 default:
703 rc = -EINVAL;
704 pr_warn("Smack: unknown mount option\n");
705 goto out_err;
706 }
707 }
12085b14 708 *mnt_opts = opts;
3bf2789c
VT		 709 return 0;
710
711out_opt_err:
712 rc = -EINVAL;
713 pr_warn("Smack: duplicate mount options\n");
714
715out_err:
12085b14
AV		 716 if (opts)
717 smack_free_mnt_opts(opts);
3bf2789c
VT		 718 return rc;
719}
720
204cc0cc 721static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
5b400239
AV		 722{
723 char *s = (char *)get_zeroed_page(GFP_KERNEL);
724 int err;
725
726 if (!s)
727 return -ENOMEM;
728 err = smack_sb_copy_data(options, s);
729 if (!err)
204cc0cc 730 err = smack_parse_opts_str(s, mnt_opts);
5b400239
AV		 731 free_page((unsigned long)s);
732 return err;
733}
734
3bf2789c
VT		 735/**
736 * smack_set_mnt_opts - set Smack specific mount options
e114e473 737 * @sb: the file system superblock
3bf2789c
VT		 738 * @opts: Smack mount options
739 * @kern_flags: mount option from kernel space or user space
740 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 741 *
742 * Returns 0 on success, an error code on failure
3bf2789c
VT		 743 *
744 * Allow filesystems with binary mount data to explicitly set Smack mount
745 * labels.
e114e473 746 */
3bf2789c 747static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 748 void *mnt_opts,
3bf2789c
VT		 749 unsigned long kern_flags,
750 unsigned long *set_kern_flags)
e114e473
CS		 751{
752 struct dentry *root = sb->s_root;
c6f493d6 753 struct inode *inode = d_backing_inode(root);
e114e473
CS		 754 struct superblock_smack *sp = sb->s_security;
755 struct inode_smack *isp;
24ea1b6e 756 struct smack_known *skp;
12085b14
AV		 757 struct smack_mnt_opts *opts = mnt_opts;
758 bool transmute = false;
e114e473 759
9f50eda2 760 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 761 return 0;
eb982cb4 762
2097f599
HS		 763 if (!smack_privileged(CAP_MAC_ADMIN)) {
764 /*
765 * Unprivileged mounts don't get to specify Smack values.
766 */
12085b14 767 if (opts)
2097f599
HS		 768 return -EPERM;
769 /*
770 * Unprivileged mounts get root and default from the caller.
771 */
772 skp = smk_of_current();
773 sp->smk_root = skp;
774 sp->smk_default = skp;
775 /*
776 * For a handful of fs types with no user-controlled
777 * backing store it's okay to trust security labels
778 * in the filesystem. The rest are untrusted.
779 */
780 if (sb->s_user_ns != &init_user_ns &&
781 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
782 sb->s_magic != RAMFS_MAGIC) {
12085b14 783 transmute = true;
2097f599
HS		 784 sp->smk_flags |= SMK_SB_UNTRUSTED;
785 }
786 }
787
9f50eda2 788 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 789
12085b14
AV		 790 if (opts) {
791 if (opts->fsdefault) {
792 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 793 if (IS_ERR(skp))
794 return PTR_ERR(skp);
3bf2789c 795 sp->smk_default = skp;
12085b14
AV		 796 }
797 if (opts->fsfloor) {
798 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 799 if (IS_ERR(skp))
800 return PTR_ERR(skp);
801 sp->smk_floor = skp;
12085b14
AV		 802 }
803 if (opts->fshat) {
804 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 805 if (IS_ERR(skp))
806 return PTR_ERR(skp);
3bf2789c 807 sp->smk_hat = skp;
12085b14
AV		 808 }
809 if (opts->fsroot) {
810 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 811 if (IS_ERR(skp))
812 return PTR_ERR(skp);
813 sp->smk_root = skp;
12085b14
AV		 814 }
815 if (opts->fstransmute) {
816 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 817 if (IS_ERR(skp))
818 return PTR_ERR(skp);
819 sp->smk_root = skp;
12085b14 820 transmute = true;
e114e473
CS		 821 }
822 }
823
824 /*
825 * Initialize the root inode.
826 */
827 isp = inode->i_security;
55dfc5da
JB		 828 if (isp == NULL) {
829 isp = new_inode_smack(sp->smk_root);
830 if (isp == NULL)
831 return -ENOMEM;
832 inode->i_security = isp;
e830b394 833 } else
e114e473
CS		 834 isp->smk_inode = sp->smk_root;
835
e830b394
CS		 836 if (transmute)
837 isp->smk_flags |= SMK_INODE_TRANSMUTE;
838
e114e473
CS		 839 return 0;
840}
841
842/**
843 * smack_sb_statfs - Smack check on statfs
844 * @dentry: identifies the file system in question
845 *
846 * Returns 0 if current can read the floor of the filesystem,
847 * and error code otherwise
848 */
849static int smack_sb_statfs(struct dentry *dentry)
850{
851 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 852 int rc;
853 struct smk_audit_info ad;
854
a269434d 855 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 856 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 857
ecfcc53f 858 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 859 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 860 return rc;
e114e473
CS		 861}
862
676dac4b
CS		 863/*
864 * BPRM hooks
865 */
866
ce8a4321
CS		 867/**
868 * smack_bprm_set_creds - set creds for exec
869 * @bprm: the exec information
870 *
5663884c 871 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 872 */
676dac4b
CS		 873static int smack_bprm_set_creds(struct linux_binprm *bprm)
874{
496ad9aa 875 struct inode *inode = file_inode(bprm->file);
84088ba2 876 struct task_smack *bsp = bprm->cred->security;
676dac4b 877 struct inode_smack *isp;
809c02e0 878 struct superblock_smack *sbsp;
676dac4b
CS		 879 int rc;
880
ddb4a144 881 if (bprm->called_set_creds)
676dac4b
CS		 882 return 0;
883
84088ba2
JS		 884 isp = inode->i_security;
885 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 886 return 0;
887
809c02e0
SF		 888 sbsp = inode->i_sb->s_security;
889 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
890 isp->smk_task != sbsp->smk_root)
891 return 0;
892
9227dd2a 893 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 894 struct task_struct *tracer;
895 rc = 0;
896
897 rcu_read_lock();
898 tracer = ptrace_parent(current);
899 if (likely(tracer != NULL))
900 rc = smk_ptrace_rule_check(tracer,
21c7eae2 901 isp->smk_task,
5663884c
LP		 902 PTRACE_MODE_ATTACH,
903 __func__);
904 rcu_read_unlock();
905
906 if (rc != 0)
907 return rc;
908 } else if (bprm->unsafe)
84088ba2 909 return -EPERM;
676dac4b 910
84088ba2
JS		 911 bsp->smk_task = isp->smk_task;
912 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 913
ccbb6e10
KC		 914 /* Decide if this is a secure exec. */
915 if (bsp->smk_task != bsp->smk_forked)
916 bprm->secureexec = 1;
917
84088ba2
JS		 918 return 0;
919}
676dac4b 920
e114e473
CS		 921/*
922 * Inode hooks
923 */
924
925/**
926 * smack_inode_alloc_security - allocate an inode blob
251a2a95 927 * @inode: the inode in need of a blob
e114e473
CS		 928 *
929 * Returns 0 if it gets a blob, -ENOMEM otherwise
930 */
931static int smack_inode_alloc_security(struct inode *inode)
932{
2f823ff8
CS		 933 struct smack_known *skp = smk_of_current();
934
21c7eae2 935 inode->i_security = new_inode_smack(skp);
e114e473
CS		 936 if (inode->i_security == NULL)
937 return -ENOMEM;
938 return 0;
939}
940
941/**
3d4f673a
HS		 942 * smack_inode_free_rcu - Free inode_smack blob from cache
943 * @head: the rcu_head for getting inode_smack pointer
944 *
945 * Call back function called from call_rcu() to free
946 * the i_security blob pointer in inode
947 */
948static void smack_inode_free_rcu(struct rcu_head *head)
949{
950 struct inode_smack *issp;
951
952 issp = container_of(head, struct inode_smack, smk_rcu);
953 kmem_cache_free(smack_inode_cache, issp);
954}
955
956/**
957 * smack_inode_free_security - free an inode blob using call_rcu()
251a2a95 958 * @inode: the inode with a blob
e114e473 959 *
3d4f673a 960 * Clears the blob pointer in inode using RCU
e114e473
CS		 961 */
962static void smack_inode_free_security(struct inode *inode)
963{
3d4f673a
HS		 964 struct inode_smack *issp = inode->i_security;
965
966 /*
967 * The inode may still be referenced in a path walk and
968 * a call to smack_inode_permission() can be made
969 * after smack_inode_free_security() is called.
970 * To avoid race condition free the i_security via RCU
971 * and leave the current inode->i_security pointer intact.
972 * The inode will be freed after the RCU grace period too.
973 */
974 call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
e114e473
CS		 975}
976
977/**
978 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 979 * @inode: the newly created inode
980 * @dir: containing directory object
2a7dba39 981 * @qstr: unused
e114e473
CS		 982 * @name: where to put the attribute name
983 * @value: where to put the attribute value
984 * @len: where to put the length of the attribute
985 *
986 * Returns 0 if it all works out, -ENOMEM if there's no memory
987 */
988static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 989 const struct qstr *qstr, const char **name,
2a7dba39 990 void **value, size_t *len)
e114e473 991{
2267b13a 992 struct inode_smack *issp = inode->i_security;
2f823ff8 993 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 994 struct smack_known *isp = smk_of_inode(inode);
995 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 996 int may;
e114e473 997
9548906b
TH		 998 if (name)
999 *name = XATTR_SMACK_SUFFIX;
e114e473 1000
68390ccf 1001 if (value && len) {
7898e1f8 1002 rcu_read_lock();
21c7eae2
LP		 1003 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1004 &skp->smk_rules);
7898e1f8 1005 rcu_read_unlock();
5c6d1125
JS		 1006
1007 /*
1008 * If the access rule allows transmutation and
1009 * the directory requests transmutation then
1010 * by all means transmute.
2267b13a 1011 * Mark the inode as changed.
5c6d1125 1012 */
7898e1f8 1013 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 1014 smk_inode_transmutable(dir)) {
5c6d1125 1015 isp = dsp;
2267b13a
CS		 1016 issp->smk_flags |= SMK_INODE_CHANGED;
1017 }
5c6d1125 1018
21c7eae2 1019 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 1020 if (*value == NULL)
1021 return -ENOMEM;
e114e473 1022
21c7eae2 1023 *len = strlen(isp->smk_known);
68390ccf 1024 }
e114e473
CS		 1025
1026 return 0;
1027}
1028
1029/**
1030 * smack_inode_link - Smack check on link
1031 * @old_dentry: the existing object
1032 * @dir: unused
1033 * @new_dentry: the new object
1034 *
1035 * Returns 0 if access is permitted, an error code otherwise
1036 */
1037static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1038 struct dentry *new_dentry)
1039{
21c7eae2 1040 struct smack_known *isp;
ecfcc53f
EB		 1041 struct smk_audit_info ad;
1042 int rc;
1043
a269434d 1044 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1045 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1046
c6f493d6 1047 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1048 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1049 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1050
8802565b 1051 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1052 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1053 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1054 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1055 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1056 }
1057
1058 return rc;
1059}
1060
1061/**
1062 * smack_inode_unlink - Smack check on inode deletion
1063 * @dir: containing directory object
1064 * @dentry: file to unlink
1065 *
1066 * Returns 0 if current can write the containing directory
1067 * and the object, error code otherwise
1068 */
1069static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1070{
c6f493d6 1071 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1072 struct smk_audit_info ad;
e114e473
CS		 1073 int rc;
1074
a269434d 1075 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1076 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1077
e114e473
CS		 1078 /*
1079 * You need write access to the thing you're unlinking
1080 */
ecfcc53f 1081 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1082 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1083 if (rc == 0) {
e114e473
CS		 1084 /*
1085 * You also need write access to the containing directory
1086 */
cdb56b60 1087 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1088 smk_ad_setfield_u_fs_inode(&ad, dir);
1089 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1090 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1091 }
e114e473
CS		 1092 return rc;
1093}
1094
1095/**
1096 * smack_inode_rmdir - Smack check on directory deletion
1097 * @dir: containing directory object
1098 * @dentry: directory to unlink
1099 *
1100 * Returns 0 if current can write the containing directory
1101 * and the directory, error code otherwise
1102 */
1103static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1104{
ecfcc53f 1105 struct smk_audit_info ad;
e114e473
CS		 1106 int rc;
1107
a269434d 1108 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1109 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1110
e114e473
CS		 1111 /*
1112 * You need write access to the thing you're removing
1113 */
c6f493d6
DH		 1114 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1115 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1116 if (rc == 0) {
e114e473
CS		 1117 /*
1118 * You also need write access to the containing directory
1119 */
cdb56b60 1120 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1121 smk_ad_setfield_u_fs_inode(&ad, dir);
1122 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1123 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1124 }
e114e473
CS		 1125
1126 return rc;
1127}
1128
1129/**
1130 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1131 * @old_inode: unused
1132 * @old_dentry: the old object
1133 * @new_inode: unused
1134 * @new_dentry: the new object
e114e473
CS		 1135 *
1136 * Read and write access is required on both the old and
1137 * new directories.
1138 *
1139 * Returns 0 if access is permitted, an error code otherwise
1140 */
1141static int smack_inode_rename(struct inode *old_inode,
1142 struct dentry *old_dentry,
1143 struct inode *new_inode,
1144 struct dentry *new_dentry)
1145{
1146 int rc;
21c7eae2 1147 struct smack_known *isp;
ecfcc53f
EB		 1148 struct smk_audit_info ad;
1149
a269434d 1150 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1151 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1152
c6f493d6 1153 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1154 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1155 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1156
8802565b 1157 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1158 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1159 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1160 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1161 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1162 }
e114e473
CS		 1163 return rc;
1164}
1165
1166/**
1167 * smack_inode_permission - Smack version of permission()
1168 * @inode: the inode in question
1169 * @mask: the access requested
e114e473
CS		 1170 *
1171 * This is the important Smack hook.
1172 *
1173 * Returns 0 if access is permitted, -EACCES otherwise
1174 */
e74f71eb 1175static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1176{
9f50eda2 1177 struct superblock_smack *sbsp = inode->i_sb->s_security;
ecfcc53f 1178 struct smk_audit_info ad;
e74f71eb 1179 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1180 int rc;
d09ca739
EP		 1181
1182 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1183 /*
1184 * No permission to check. Existence test. Yup, it's there.
1185 */
1186 if (mask == 0)
1187 return 0;
8c9e80ed 1188
9f50eda2
SF		 1189 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1190 if (smk_of_inode(inode) != sbsp->smk_root)
1191 return -EACCES;
1192 }
1193
8c9e80ed 1194 /* May be droppable after audit */
e74f71eb 1195 if (no_block)
8c9e80ed 1196 return -ECHILD;
f48b7399 1197 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1198 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1199 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1200 rc = smk_bu_inode(inode, mask, rc);
1201 return rc;
e114e473
CS		 1202}
1203
1204/**
1205 * smack_inode_setattr - Smack check for setting attributes
1206 * @dentry: the object
1207 * @iattr: for the force flag
1208 *
1209 * Returns 0 if access is permitted, an error code otherwise
1210 */
1211static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1212{
ecfcc53f 1213 struct smk_audit_info ad;
d166c802
CS		 1214 int rc;
1215
e114e473
CS		 1216 /*
1217 * Need to allow for clearing the setuid bit.
1218 */
1219 if (iattr->ia_valid & ATTR_FORCE)
1220 return 0;
a269434d 1221 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1222 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1223
c6f493d6
DH		 1224 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1225 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1226 return rc;
e114e473
CS		 1227}
1228
1229/**
1230 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1231 * @mnt: vfsmount of the object
e114e473
CS		 1232 * @dentry: the object
1233 *
1234 * Returns 0 if access is permitted, an error code otherwise
1235 */
3f7036a0 1236static int smack_inode_getattr(const struct path *path)
e114e473 1237{
ecfcc53f 1238 struct smk_audit_info ad;
c6f493d6 1239 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1240 int rc;
ecfcc53f 1241
f48b7399 1242 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1243 smk_ad_setfield_u_fs_path(&ad, *path);
1244 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1245 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1246 return rc;
e114e473
CS		 1247}
1248
1249/**
1250 * smack_inode_setxattr - Smack check for setting xattrs
1251 * @dentry: the object
1252 * @name: name of the attribute
e95ef49b
LP		 1253 * @value: value of the attribute
1254 * @size: size of the value
e114e473
CS		 1255 * @flags: unused
1256 *
1257 * This protects the Smack attribute explicitly.
1258 *
1259 * Returns 0 if access is permitted, an error code otherwise
1260 */
8f0cfa52
DH		 1261static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1262 const void *value, size_t size, int flags)
e114e473 1263{
ecfcc53f 1264 struct smk_audit_info ad;
19760ad0
CS		 1265 struct smack_known *skp;
1266 int check_priv = 0;
1267 int check_import = 0;
1268 int check_star = 0;
bcdca225 1269 int rc = 0;
e114e473 1270
19760ad0
CS		 1271 /*
1272 * Check label validity here so import won't fail in post_setxattr
1273 */
bcdca225
CS		 1274 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1275 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1276 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1277 check_priv = 1;
1278 check_import = 1;
1279 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1280 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1281 check_priv = 1;
1282 check_import = 1;
1283 check_star = 1;
5c6d1125 1284 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1285 check_priv = 1;
5c6d1125
JS		 1286 if (size != TRANS_TRUE_SIZE ||
1287 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1288 rc = -EINVAL;
bcdca225
CS		 1289 } else
1290 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1291
19760ad0
CS		 1292 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1293 rc = -EPERM;
1294
1295 if (rc == 0 && check_import) {
b862e561 1296 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1297 if (IS_ERR(skp))
1298 rc = PTR_ERR(skp);
1299 else if (skp == NULL || (check_star &&
19760ad0
CS		 1300 (skp == &smack_known_star || skp == &smack_known_web)))
1301 rc = -EINVAL;
1302 }
1303
a269434d 1304 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1305 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1306
d166c802 1307 if (rc == 0) {
c6f493d6
DH		 1308 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1309 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1310 }
bcdca225
CS		 1311
1312 return rc;
e114e473
CS		 1313}
1314
1315/**
1316 * smack_inode_post_setxattr - Apply the Smack update approved above
1317 * @dentry: object
1318 * @name: attribute name
1319 * @value: attribute value
1320 * @size: attribute size
1321 * @flags: unused
1322 *
1323 * Set the pointer in the inode blob to the entry found
1324 * in the master label list.
1325 */
8f0cfa52
DH		 1326static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1327 const void *value, size_t size, int flags)
e114e473 1328{
2f823ff8 1329 struct smack_known *skp;
c6f493d6 1330 struct inode_smack *isp = d_backing_inode(dentry)->i_security;
676dac4b 1331
2f823ff8
CS		 1332 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1333 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1334 return;
1335 }
1336
676dac4b 1337 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1338 skp = smk_import_entry(value, size);
e774ad68 1339 if (!IS_ERR(skp))
21c7eae2 1340 isp->smk_inode = skp;
5c6d1125 1341 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1342 skp = smk_import_entry(value, size);
e774ad68 1343 if (!IS_ERR(skp))
2f823ff8 1344 isp->smk_task = skp;
7898e1f8 1345 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1346 skp = smk_import_entry(value, size);
e774ad68 1347 if (!IS_ERR(skp))
2f823ff8 1348 isp->smk_mmap = skp;
2f823ff8 1349 }
e114e473
CS		 1350
1351 return;
1352}
1353
ce8a4321 1354/**
e114e473
CS		 1355 * smack_inode_getxattr - Smack check on getxattr
1356 * @dentry: the object
1357 * @name: unused
1358 *
1359 * Returns 0 if access is permitted, an error code otherwise
1360 */
8f0cfa52 1361static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1362{
ecfcc53f 1363 struct smk_audit_info ad;
d166c802 1364 int rc;
ecfcc53f 1365
a269434d 1366 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1367 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1368
c6f493d6
DH		 1369 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1370 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1371 return rc;
e114e473
CS		 1372}
1373
ce8a4321 1374/**
e114e473
CS		 1375 * smack_inode_removexattr - Smack check on removexattr
1376 * @dentry: the object
1377 * @name: name of the attribute
1378 *
1379 * Removing the Smack attribute requires CAP_MAC_ADMIN
1380 *
1381 * Returns 0 if access is permitted, an error code otherwise
1382 */
8f0cfa52 1383static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1384{
676dac4b 1385 struct inode_smack *isp;
ecfcc53f 1386 struct smk_audit_info ad;
bcdca225 1387 int rc = 0;
e114e473 1388
bcdca225
CS		 1389 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1390 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1391 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1392 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1393 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1394 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1395 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1396 rc = -EPERM;
1397 } else
1398 rc = cap_inode_removexattr(dentry, name);
1399
f59bdfba
CS		 1400 if (rc != 0)
1401 return rc;
1402
a269434d 1403 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1404 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1405
c6f493d6
DH		 1406 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1407 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1408 if (rc != 0)
1409 return rc;
1410
c6f493d6 1411 isp = d_backing_inode(dentry)->i_security;
f59bdfba
CS		 1412 /*
1413 * Don't do anything special for these.
1414 * XATTR_NAME_SMACKIPIN
1415 * XATTR_NAME_SMACKIPOUT
f59bdfba 1416 */
8012495e 1417 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1418 struct super_block *sbp = dentry->d_sb;
8012495e
JB		 1419 struct superblock_smack *sbsp = sbp->s_security;
1420
1421 isp->smk_inode = sbsp->smk_default;
1422 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1423 isp->smk_task = NULL;
f59bdfba 1424 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1425 isp->smk_mmap = NULL;
f59bdfba
CS		 1426 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1427 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1428
f59bdfba 1429 return 0;
e114e473
CS		 1430}
1431
1432/**
1433 * smack_inode_getsecurity - get smack xattrs
1434 * @inode: the object
1435 * @name: attribute name
1436 * @buffer: where to put the result
57e7ba04 1437 * @alloc: duplicate memory
e114e473
CS		 1438 *
1439 * Returns the size of the attribute or an error code
1440 */
ea861dfd 1441static int smack_inode_getsecurity(struct inode *inode,
e114e473
CS		 1442 const char *name, void **buffer,
1443 bool alloc)
1444{
1445 struct socket_smack *ssp;
1446 struct socket *sock;
1447 struct super_block *sbp;
1448 struct inode *ip = (struct inode *)inode;
21c7eae2 1449 struct smack_known *isp;
e114e473 1450
57e7ba04 1451 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1452 isp = smk_of_inode(inode);
57e7ba04
CS		 1453 else {
1454 /*
1455 * The rest of the Smack xattrs are only on sockets.
1456 */
1457 sbp = ip->i_sb;
1458 if (sbp->s_magic != SOCKFS_MAGIC)
1459 return -EOPNOTSUPP;
e114e473 1460
57e7ba04
CS		 1461 sock = SOCKET_I(ip);
1462 if (sock == NULL || sock->sk == NULL)
1463 return -EOPNOTSUPP;
e114e473 1464
57e7ba04 1465 ssp = sock->sk->sk_security;
e114e473 1466
57e7ba04
CS		 1467 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1468 isp = ssp->smk_in;
1469 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1470 isp = ssp->smk_out;
1471 else
1472 return -EOPNOTSUPP;
1473 }
e114e473 1474
57e7ba04
CS		 1475 if (alloc) {
1476 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1477 if (*buffer == NULL)
1478 return -ENOMEM;
e114e473
CS		 1479 }
1480
57e7ba04 1481 return strlen(isp->smk_known);
e114e473
CS		 1482}
1483
1484
1485/**
1486 * smack_inode_listsecurity - list the Smack attributes
1487 * @inode: the object
1488 * @buffer: where they go
1489 * @buffer_size: size of buffer
e114e473
CS		 1490 */
1491static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1492 size_t buffer_size)
1493{
fd5c9d23 1494 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1495
fd5c9d23 1496 if (buffer != NULL && len <= buffer_size)
e114e473 1497 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1498
1499 return len;
e114e473
CS		 1500}
1501
d20bdda6
AD		 1502/**
1503 * smack_inode_getsecid - Extract inode's security id
1504 * @inode: inode to extract the info from
1505 * @secid: where result will be saved
1506 */
d6335d77 1507static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1508{
0f8983cf 1509 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1510
0f8983cf 1511 *secid = skp->smk_secid;
d20bdda6
AD		 1512}
1513
e114e473
CS		 1514/*
1515 * File Hooks
1516 */
1517
491a0b08
CS		 1518/*
1519 * There is no smack_file_permission hook
e114e473
CS		 1520 *
1521 * Should access checks be done on each read or write?
1522 * UNICOS and SELinux say yes.
1523 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1524 *
1525 * I'll say no for now. Smack does not do the frequent
1526 * label changing that SELinux does.
1527 */
e114e473
CS		 1528
1529/**
1530 * smack_file_alloc_security - assign a file security blob
1531 * @file: the object
1532 *
1533 * The security blob for a file is a pointer to the master
1534 * label list, so no allocation is done.
1535 *
5e7270a6
CS		 1536 * f_security is the owner security information. It
1537 * isn't used on file access checks, it's for send_sigio.
1538 *
e114e473
CS		 1539 * Returns 0
1540 */
1541static int smack_file_alloc_security(struct file *file)
1542{
2f823ff8
CS		 1543 struct smack_known *skp = smk_of_current();
1544
21c7eae2 1545 file->f_security = skp;
e114e473
CS		 1546 return 0;
1547}
1548
1549/**
1550 * smack_file_free_security - clear a file security blob
1551 * @file: the object
1552 *
1553 * The security blob for a file is a pointer to the master
1554 * label list, so no memory is freed.
1555 */
1556static void smack_file_free_security(struct file *file)
1557{
1558 file->f_security = NULL;
1559}
1560
1561/**
1562 * smack_file_ioctl - Smack check on ioctls
1563 * @file: the object
1564 * @cmd: what to do
1565 * @arg: unused
1566 *
1567 * Relies heavily on the correct use of the ioctl command conventions.
1568 *
1569 * Returns 0 if allowed, error code otherwise
1570 */
1571static int smack_file_ioctl(struct file *file, unsigned int cmd,
1572 unsigned long arg)
1573{
1574 int rc = 0;
ecfcc53f 1575 struct smk_audit_info ad;
5e7270a6 1576 struct inode *inode = file_inode(file);
ecfcc53f 1577
83a1e53f
SWK		 1578 if (unlikely(IS_PRIVATE(inode)))
1579 return 0;
1580
f48b7399 1581 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1582 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1583
d166c802 1584 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1585 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1586 rc = smk_bu_file(file, MAY_WRITE, rc);
1587 }
e114e473 1588
d166c802 1589 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1590 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1591 rc = smk_bu_file(file, MAY_READ, rc);
1592 }
e114e473
CS		 1593
1594 return rc;
1595}
1596
1597/**
1598 * smack_file_lock - Smack check on file locking
1599 * @file: the object
251a2a95 1600 * @cmd: unused
e114e473 1601 *
c0ab6e56 1602 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1603 */
1604static int smack_file_lock(struct file *file, unsigned int cmd)
1605{
ecfcc53f 1606 struct smk_audit_info ad;
d166c802 1607 int rc;
5e7270a6 1608 struct inode *inode = file_inode(file);
ecfcc53f 1609
83a1e53f
SWK		 1610 if (unlikely(IS_PRIVATE(inode)))
1611 return 0;
1612
92f42509
EP		 1613 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1614 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1615 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1616 rc = smk_bu_file(file, MAY_LOCK, rc);
1617 return rc;
e114e473
CS		 1618}
1619
1620/**
1621 * smack_file_fcntl - Smack check on fcntl
1622 * @file: the object
1623 * @cmd: what action to check
1624 * @arg: unused
1625 *
531f1d45
CS		 1626 * Generally these operations are harmless.
1627 * File locking operations present an obvious mechanism
1628 * for passing information, so they require write access.
1629 *
e114e473
CS		 1630 * Returns 0 if current has access, error code otherwise
1631 */
1632static int smack_file_fcntl(struct file *file, unsigned int cmd,
1633 unsigned long arg)
1634{
ecfcc53f 1635 struct smk_audit_info ad;
531f1d45 1636 int rc = 0;
5e7270a6 1637 struct inode *inode = file_inode(file);
ecfcc53f 1638
83a1e53f
SWK		 1639 if (unlikely(IS_PRIVATE(inode)))
1640 return 0;
1641
e114e473 1642 switch (cmd) {
e114e473 1643 case F_GETLK:
c0ab6e56 1644 break;
e114e473
CS		 1645 case F_SETLK:
1646 case F_SETLKW:
c0ab6e56
CS		 1647 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1648 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1649 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1650 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1651 break;
e114e473
CS		 1652 case F_SETOWN:
1653 case F_SETSIG:
531f1d45
CS		 1654 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1655 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1656 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1657 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1658 break;
1659 default:
531f1d45 1660 break;
e114e473
CS		 1661 }
1662
1663 return rc;
1664}
1665
7898e1f8 1666/**
e5467859 1667 * smack_mmap_file :
7898e1f8
CS		 1668 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1669 * if mapping anonymous memory.
1670 * @file contains the file structure for file to map (may be NULL).
1671 * @reqprot contains the protection requested by the application.
1672 * @prot contains the protection that will be applied by the kernel.
1673 * @flags contains the operational flags.
1674 * Return 0 if permission is granted.
1675 */
e5467859 1676static int smack_mmap_file(struct file *file,
7898e1f8 1677 unsigned long reqprot, unsigned long prot,
e5467859 1678 unsigned long flags)
7898e1f8 1679{
272cd7a8 1680 struct smack_known *skp;
2f823ff8 1681 struct smack_known *mkp;
7898e1f8
CS		 1682 struct smack_rule *srp;
1683 struct task_smack *tsp;
21c7eae2 1684 struct smack_known *okp;
7898e1f8 1685 struct inode_smack *isp;
809c02e0 1686 struct superblock_smack *sbsp;
0e0a070d
CS		 1687 int may;
1688 int mmay;
1689 int tmay;
7898e1f8
CS		 1690 int rc;
1691
496ad9aa 1692 if (file == NULL)
7898e1f8
CS		 1693 return 0;
1694
83a1e53f
SWK		 1695 if (unlikely(IS_PRIVATE(file_inode(file))))
1696 return 0;
1697
496ad9aa 1698 isp = file_inode(file)->i_security;
7898e1f8
CS		 1699 if (isp->smk_mmap == NULL)
1700 return 0;
809c02e0
SF		 1701 sbsp = file_inode(file)->i_sb->s_security;
1702 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1703 isp->smk_mmap != sbsp->smk_root)
1704 return -EACCES;
2f823ff8 1705 mkp = isp->smk_mmap;
7898e1f8
CS		 1706
1707 tsp = current_security();
2f823ff8 1708 skp = smk_of_current();
7898e1f8
CS		 1709 rc = 0;
1710
1711 rcu_read_lock();
1712 /*
1713 * For each Smack rule associated with the subject
1714 * label verify that the SMACK64MMAP also has access
1715 * to that rule's object label.
7898e1f8 1716 */
272cd7a8 1717 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1718 okp = srp->smk_object;
7898e1f8
CS		 1719 /*
1720 * Matching labels always allows access.
1721 */
21c7eae2 1722 if (mkp->smk_known == okp->smk_known)
7898e1f8 1723 continue;
0e0a070d
CS		 1724 /*
1725 * If there is a matching local rule take
1726 * that into account as well.
1727 */
21c7eae2
LP		 1728 may = smk_access_entry(srp->smk_subject->smk_known,
1729 okp->smk_known,
1730 &tsp->smk_rules);
0e0a070d
CS		 1731 if (may == -ENOENT)
1732 may = srp->smk_access;
1733 else
1734 may &= srp->smk_access;
1735 /*
1736 * If may is zero the SMACK64MMAP subject can't
1737 * possibly have less access.
1738 */
1739 if (may == 0)
1740 continue;
1741
1742 /*
1743 * Fetch the global list entry.
1744 * If there isn't one a SMACK64MMAP subject
1745 * can't have as much access as current.
1746 */
21c7eae2
LP		 1747 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1748 &mkp->smk_rules);
0e0a070d
CS		 1749 if (mmay == -ENOENT) {
1750 rc = -EACCES;
1751 break;
1752 }
1753 /*
1754 * If there is a local entry it modifies the
1755 * potential access, too.
1756 */
21c7eae2
LP		 1757 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1758 &tsp->smk_rules);
0e0a070d
CS		 1759 if (tmay != -ENOENT)
1760 mmay &= tmay;
7898e1f8 1761
0e0a070d
CS		 1762 /*
1763 * If there is any access available to current that is
1764 * not available to a SMACK64MMAP subject
1765 * deny access.
1766 */
75a25637 1767 if ((may | mmay) != mmay) {
0e0a070d 1768 rc = -EACCES;
7898e1f8 1769 break;
0e0a070d 1770 }
7898e1f8
CS		 1771 }
1772
1773 rcu_read_unlock();
1774
1775 return rc;
1776}
1777
e114e473
CS		 1778/**
1779 * smack_file_set_fowner - set the file security blob value
1780 * @file: object in question
1781 *
e114e473 1782 */
e0b93edd 1783static void smack_file_set_fowner(struct file *file)
e114e473 1784{
5e7270a6 1785 file->f_security = smk_of_current();
e114e473
CS		 1786}
1787
1788/**
1789 * smack_file_send_sigiotask - Smack on sigio
1790 * @tsk: The target task
1791 * @fown: the object the signal come from
1792 * @signum: unused
1793 *
1794 * Allow a privileged task to get signals even if it shouldn't
1795 *
1796 * Returns 0 if a subject with the object's smack could
1797 * write to the task, an error code otherwise.
1798 */
1799static int smack_file_send_sigiotask(struct task_struct *tsk,
1800 struct fown_struct *fown, int signum)
1801{
2f823ff8
CS		 1802 struct smack_known *skp;
1803 struct smack_known *tkp = smk_of_task(tsk->cred->security);
dcb569cf 1804 const struct cred *tcred;
e114e473
CS		 1805 struct file *file;
1806 int rc;
ecfcc53f 1807 struct smk_audit_info ad;
e114e473
CS		 1808
1809 /*
1810 * struct fown_struct is never outside the context of a struct file
1811 */
1812 file = container_of(fown, struct file, f_owner);
7898e1f8 1813
ecfcc53f 1814 /* we don't log here as rc can be overriden */
21c7eae2 1815 skp = file->f_security;
c60b9066
CS		 1816 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1817 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1818
1819 rcu_read_lock();
1820 tcred = __task_cred(tsk);
1821 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1822 rc = 0;
dcb569cf 1823 rcu_read_unlock();
ecfcc53f
EB		 1824
1825 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1826 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1827 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1828 return rc;
1829}
1830
1831/**
1832 * smack_file_receive - Smack file receive check
1833 * @file: the object
1834 *
1835 * Returns 0 if current has access, error code otherwise
1836 */
1837static int smack_file_receive(struct file *file)
1838{
d166c802 1839 int rc;
e114e473 1840 int may = 0;
ecfcc53f 1841 struct smk_audit_info ad;
5e7270a6 1842 struct inode *inode = file_inode(file);
79be0935
CS		 1843 struct socket *sock;
1844 struct task_smack *tsp;
1845 struct socket_smack *ssp;
e114e473 1846
9777582e
SWK		 1847 if (unlikely(IS_PRIVATE(inode)))
1848 return 0;
1849
4482a44f 1850 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1851 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1852
51d59af2 1853 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935
CS		 1854 sock = SOCKET_I(inode);
1855 ssp = sock->sk->sk_security;
1856 tsp = current_security();
1857 /*
1858 * If the receiving process can't write to the
1859 * passed socket or if the passed socket can't
1860 * write to the receiving process don't accept
1861 * the passed socket.
1862 */
1863 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1864 rc = smk_bu_file(file, may, rc);
1865 if (rc < 0)
1866 return rc;
1867 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1868 rc = smk_bu_file(file, may, rc);
1869 return rc;
1870 }
e114e473
CS		 1871 /*
1872 * This code relies on bitmasks.
1873 */
1874 if (file->f_mode & FMODE_READ)
1875 may = MAY_READ;
1876 if (file->f_mode & FMODE_WRITE)
1877 may |= MAY_WRITE;
1878
5e7270a6 1879 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1880 rc = smk_bu_file(file, may, rc);
1881 return rc;
e114e473
CS		 1882}
1883
531f1d45 1884/**
83d49856 1885 * smack_file_open - Smack dentry open processing
531f1d45 1886 * @file: the object
a6834c0b 1887 * @cred: task credential
531f1d45
CS		 1888 *
1889 * Set the security blob in the file structure.
a6834c0b
CS		 1890 * Allow the open only if the task has read access. There are
1891 * many read operations (e.g. fstat) that you can do with an
1892 * fd even if you have the file open write-only.
531f1d45
CS		 1893 *
1894 * Returns 0
1895 */
94817692 1896static int smack_file_open(struct file *file)
531f1d45 1897{
94817692 1898 struct task_smack *tsp = file->f_cred->security;
5e7270a6 1899 struct inode *inode = file_inode(file);
a6834c0b
CS		 1900 struct smk_audit_info ad;
1901 int rc;
531f1d45 1902
a6834c0b
CS		 1903 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1904 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1905 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 1906 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 1907
1908 return rc;
531f1d45
CS		 1909}
1910
e114e473
CS		 1911/*
1912 * Task hooks
1913 */
1914
ee18d64c
DH		 1915/**
1916 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1917 * @new: the new credentials
1918 * @gfp: the atomicity of any memory allocations
1919 *
1920 * Prepare a blank set of credentials for modification. This must allocate all
1921 * the memory the LSM module might require such that cred_transfer() can
1922 * complete without error.
1923 */
1924static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1925{
7898e1f8
CS		 1926 struct task_smack *tsp;
1927
1928 tsp = new_task_smack(NULL, NULL, gfp);
1929 if (tsp == NULL)
676dac4b 1930 return -ENOMEM;
7898e1f8
CS		 1931
1932 cred->security = tsp;
1933
ee18d64c
DH		 1934 return 0;
1935}
1936
1937
e114e473 1938/**
f1752eec
DH		 1939 * smack_cred_free - "free" task-level security credentials
1940 * @cred: the credentials in question
e114e473 1941 *
e114e473 1942 */
f1752eec 1943static void smack_cred_free(struct cred *cred)
e114e473 1944{
7898e1f8
CS		 1945 struct task_smack *tsp = cred->security;
1946 struct smack_rule *rp;
1947 struct list_head *l;
1948 struct list_head *n;
1949
1950 if (tsp == NULL)
1951 return;
1952 cred->security = NULL;
1953
38416e53
ZJ		 1954 smk_destroy_label_list(&tsp->smk_relabel);
1955
7898e1f8
CS		 1956 list_for_each_safe(l, n, &tsp->smk_rules) {
1957 rp = list_entry(l, struct smack_rule, list);
1958 list_del(&rp->list);
1959 kfree(rp);
1960 }
1961 kfree(tsp);
e114e473
CS		 1962}
1963
d84f4f99
DH		 1964/**
1965 * smack_cred_prepare - prepare new set of credentials for modification
1966 * @new: the new credentials
1967 * @old: the original credentials
1968 * @gfp: the atomicity of any memory allocations
1969 *
1970 * Prepare a new set of credentials for modification.
1971 */
1972static int smack_cred_prepare(struct cred *new, const struct cred *old,
1973 gfp_t gfp)
1974{
676dac4b
CS		 1975 struct task_smack *old_tsp = old->security;
1976 struct task_smack *new_tsp;
7898e1f8 1977 int rc;
676dac4b 1978
7898e1f8 1979 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1980 if (new_tsp == NULL)
1981 return -ENOMEM;
1982
b437aba8
HS		 1983 new->security = new_tsp;
1984
7898e1f8
CS		 1985 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1986 if (rc != 0)
1987 return rc;
1988
38416e53
ZJ		 1989 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1990 gfp);
1991 if (rc != 0)
1992 return rc;
1993
d84f4f99
DH		 1994 return 0;
1995}
1996
ee18d64c
DH		 1997/**
1998 * smack_cred_transfer - Transfer the old credentials to the new credentials
1999 * @new: the new credentials
2000 * @old: the original credentials
2001 *
2002 * Fill in a set of blank credentials from another set of credentials.
2003 */
2004static void smack_cred_transfer(struct cred *new, const struct cred *old)
2005{
676dac4b
CS		 2006 struct task_smack *old_tsp = old->security;
2007 struct task_smack *new_tsp = new->security;
2008
2009 new_tsp->smk_task = old_tsp->smk_task;
2010 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 2011 mutex_init(&new_tsp->smk_rules_lock);
2012 INIT_LIST_HEAD(&new_tsp->smk_rules);
2013
2014
2015 /* cbs copy rule list */
ee18d64c
DH		 2016}
2017
3ec30113
MG		 2018/**
2019 * smack_cred_getsecid - get the secid corresponding to a creds structure
2020 * @c: the object creds
2021 * @secid: where to put the result
2022 *
2023 * Sets the secid to contain a u32 version of the smack label.
2024 */
2025static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2026{
2027 struct smack_known *skp;
2028
2029 rcu_read_lock();
2030 skp = smk_of_task(c->security);
2031 *secid = skp->smk_secid;
2032 rcu_read_unlock();
2033}
2034
3a3b7ce9
DH		 2035/**
2036 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2037 * @new: points to the set of credentials to be modified.
2038 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2039 *
2040 * Set the security data for a kernel service.
2041 */
2042static int smack_kernel_act_as(struct cred *new, u32 secid)
2043{
676dac4b 2044 struct task_smack *new_tsp = new->security;
3a3b7ce9 2045
152f91d4 2046 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2047 return 0;
2048}
2049
2050/**
2051 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2052 * @new: points to the set of credentials to be modified
2053 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2054 *
2055 * Set the file creation context in a set of credentials to the same
2056 * as the objective context of the specified inode
2057 */
2058static int smack_kernel_create_files_as(struct cred *new,
2059 struct inode *inode)
2060{
2061 struct inode_smack *isp = inode->i_security;
676dac4b 2062 struct task_smack *tsp = new->security;
3a3b7ce9 2063
21c7eae2 2064 tsp->smk_forked = isp->smk_inode;
2f823ff8 2065 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2066 return 0;
2067}
2068
ecfcc53f
EB		 2069/**
2070 * smk_curacc_on_task - helper to log task related access
2071 * @p: the task object
531f1d45
CS		 2072 * @access: the access requested
2073 * @caller: name of the calling function for audit
ecfcc53f
EB		 2074 *
2075 * Return 0 if access is permitted
2076 */
531f1d45
CS		 2077static int smk_curacc_on_task(struct task_struct *p, int access,
2078 const char *caller)
ecfcc53f
EB		 2079{
2080 struct smk_audit_info ad;
6d1cff2a 2081 struct smack_known *skp = smk_of_task_struct(p);
d166c802 2082 int rc;
ecfcc53f 2083
531f1d45 2084 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2085 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2086 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2087 rc = smk_bu_task(p, access, rc);
2088 return rc;
ecfcc53f
EB		 2089}
2090
e114e473
CS		 2091/**
2092 * smack_task_setpgid - Smack check on setting pgid
2093 * @p: the task object
2094 * @pgid: unused
2095 *
2096 * Return 0 if write access is permitted
2097 */
2098static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2099{
531f1d45 2100 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2101}
2102
2103/**
2104 * smack_task_getpgid - Smack access check for getpgid
2105 * @p: the object task
2106 *
2107 * Returns 0 if current can read the object task, error code otherwise
2108 */
2109static int smack_task_getpgid(struct task_struct *p)
2110{
531f1d45 2111 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2112}
2113
2114/**
2115 * smack_task_getsid - Smack access check for getsid
2116 * @p: the object task
2117 *
2118 * Returns 0 if current can read the object task, error code otherwise
2119 */
2120static int smack_task_getsid(struct task_struct *p)
2121{
531f1d45 2122 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2123}
2124
2125/**
2126 * smack_task_getsecid - get the secid of the task
2127 * @p: the object task
2128 * @secid: where to put the result
2129 *
2130 * Sets the secid to contain a u32 version of the smack label.
2131 */
2132static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2133{
6d1cff2a 2134 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 2135
2136 *secid = skp->smk_secid;
e114e473
CS		 2137}
2138
2139/**
2140 * smack_task_setnice - Smack check on setting nice
2141 * @p: the task object
2142 * @nice: unused
2143 *
2144 * Return 0 if write access is permitted
2145 */
2146static int smack_task_setnice(struct task_struct *p, int nice)
2147{
b1d9e6b0 2148 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2149}
2150
2151/**
2152 * smack_task_setioprio - Smack check on setting ioprio
2153 * @p: the task object
2154 * @ioprio: unused
2155 *
2156 * Return 0 if write access is permitted
2157 */
2158static int smack_task_setioprio(struct task_struct *p, int ioprio)
2159{
b1d9e6b0 2160 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2161}
2162
2163/**
2164 * smack_task_getioprio - Smack check on reading ioprio
2165 * @p: the task object
2166 *
2167 * Return 0 if read access is permitted
2168 */
2169static int smack_task_getioprio(struct task_struct *p)
2170{
531f1d45 2171 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2172}
2173
2174/**
2175 * smack_task_setscheduler - Smack check on setting scheduler
2176 * @p: the task object
2177 * @policy: unused
2178 * @lp: unused
2179 *
2180 * Return 0 if read access is permitted
2181 */
b0ae1981 2182static int smack_task_setscheduler(struct task_struct *p)
e114e473 2183{
b1d9e6b0 2184 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2185}
2186
2187/**
2188 * smack_task_getscheduler - Smack check on reading scheduler
2189 * @p: the task object
2190 *
2191 * Return 0 if read access is permitted
2192 */
2193static int smack_task_getscheduler(struct task_struct *p)
2194{
531f1d45 2195 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2196}
2197
2198/**
2199 * smack_task_movememory - Smack check on moving memory
2200 * @p: the task object
2201 *
2202 * Return 0 if write access is permitted
2203 */
2204static int smack_task_movememory(struct task_struct *p)
2205{
531f1d45 2206 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2207}
2208
2209/**
2210 * smack_task_kill - Smack check on signal delivery
2211 * @p: the task object
2212 * @info: unused
2213 * @sig: unused
6b4f3d01 2214 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2215 *
2216 * Return 0 if write access is permitted
2217 *
e114e473 2218 */
ae7795bc 2219static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2220 int sig, const struct cred *cred)
e114e473 2221{
ecfcc53f 2222 struct smk_audit_info ad;
2f823ff8 2223 struct smack_known *skp;
6d1cff2a 2224 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 2225 int rc;
ecfcc53f 2226
18d872f7
RK		 2227 if (!sig)
2228 return 0; /* null signal; existence test */
2229
ecfcc53f
EB		 2230 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2231 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2232 /*
2233 * Sending a signal requires that the sender
2234 * can write the receiver.
2235 */
6b4f3d01 2236 if (cred == NULL) {
c60b9066
CS		 2237 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2238 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2239 return rc;
2240 }
e114e473 2241 /*
6b4f3d01 2242 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2243 * specific behavior. This is not clean. For one thing
2244 * we can't take privilege into account.
2245 */
6b4f3d01 2246 skp = smk_of_task(cred->security);
c60b9066
CS		 2247 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2248 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2249 return rc;
e114e473
CS		 2250}
2251
e114e473
CS		 2252/**
2253 * smack_task_to_inode - copy task smack into the inode blob
2254 * @p: task to copy from
251a2a95 2255 * @inode: inode to copy to
e114e473
CS		 2256 *
2257 * Sets the smack pointer in the inode security blob
2258 */
2259static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2260{
2261 struct inode_smack *isp = inode->i_security;
6d1cff2a 2262 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2263
21c7eae2 2264 isp->smk_inode = skp;
7b4e8843 2265 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2266}
2267
2268/*
2269 * Socket hooks.
2270 */
2271
2272/**
2273 * smack_sk_alloc_security - Allocate a socket blob
2274 * @sk: the socket
2275 * @family: unused
251a2a95 2276 * @gfp_flags: memory allocation flags
e114e473
CS		 2277 *
2278 * Assign Smack pointers to current
2279 *
2280 * Returns 0 on success, -ENOMEM is there's no memory
2281 */
2282static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2283{
2f823ff8 2284 struct smack_known *skp = smk_of_current();
e114e473
CS		 2285 struct socket_smack *ssp;
2286
2287 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2288 if (ssp == NULL)
2289 return -ENOMEM;
2290
08382c9f 2291 /*
2292 * Sockets created by kernel threads receive web label.
2293 */
2294 if (unlikely(current->flags & PF_KTHREAD)) {
2295 ssp->smk_in = &smack_known_web;
2296 ssp->smk_out = &smack_known_web;
2297 } else {
2298 ssp->smk_in = skp;
2299 ssp->smk_out = skp;
2300 }
272cd7a8 2301 ssp->smk_packet = NULL;
e114e473
CS		 2302
2303 sk->sk_security = ssp;
2304
2305 return 0;
2306}
2307
2308/**
2309 * smack_sk_free_security - Free a socket blob
2310 * @sk: the socket
2311 *
2312 * Clears the blob pointer
2313 */
2314static void smack_sk_free_security(struct sock *sk)
2315{
0c96d1f5
VG		 2316#ifdef SMACK_IPV6_PORT_LABELING
2317 struct smk_port_label *spp;
2318
2319 if (sk->sk_family == PF_INET6) {
2320 rcu_read_lock();
2321 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2322 if (spp->smk_sock != sk)
2323 continue;
2324 spp->smk_can_reuse = 1;
2325 break;
2326 }
2327 rcu_read_unlock();
2328 }
2329#endif
e114e473
CS		 2330 kfree(sk->sk_security);
2331}
2332
07feee8f 2333/**
21abb1ec 2334* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2335* @sip: the object end
2336*
2337* looks for host based access restrictions
2338*
2339* This version will only be appropriate for really small sets of single label
2340* hosts. The caller is responsible for ensuring that the RCU read lock is
2341* taken before calling this function.
2342*
2343* Returns the label of the far end or NULL if it's not special.
2344*/
21abb1ec 2345static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2346{
21abb1ec 2347 struct smk_net4addr *snp;
07feee8f
PM		 2348 struct in_addr *siap = &sip->sin_addr;
2349
2350 if (siap->s_addr == 0)
2351 return NULL;
2352
21abb1ec
CS		 2353 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2354 /*
2355 * we break after finding the first match because
2356 * the list is sorted from longest to shortest mask
2357 * so we have found the most specific match
2358 */
2359 if (snp->smk_host.s_addr ==
2360 (siap->s_addr & snp->smk_mask.s_addr))
2361 return snp->smk_label;
2362
2363 return NULL;
2364}
2365
2366#if IS_ENABLED(CONFIG_IPV6)
2367/*
2368 * smk_ipv6_localhost - Check for local ipv6 host address
2369 * @sip: the address
2370 *
2371 * Returns boolean true if this is the localhost address
2372 */
2373static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2374{
2375 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2376 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2377
2378 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2379 ntohs(be16p[7]) == 1)
2380 return true;
2381 return false;
2382}
2383
2384/**
2385* smack_ipv6host_label - check host based restrictions
2386* @sip: the object end
2387*
2388* looks for host based access restrictions
2389*
2390* This version will only be appropriate for really small sets of single label
2391* hosts. The caller is responsible for ensuring that the RCU read lock is
2392* taken before calling this function.
2393*
2394* Returns the label of the far end or NULL if it's not special.
2395*/
2396static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2397{
2398 struct smk_net6addr *snp;
2399 struct in6_addr *sap = &sip->sin6_addr;
2400 int i;
2401 int found = 0;
2402
2403 /*
2404 * It's local. Don't look for a host label.
2405 */
2406 if (smk_ipv6_localhost(sip))
2407 return NULL;
2408
2409 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2410 /*
2411 * If the label is NULL the entry has
2412 * been renounced. Ignore it.
2413 */
2414 if (snp->smk_label == NULL)
2415 continue;
07feee8f
PM		 2416 /*
2417 * we break after finding the first match because
2418 * the list is sorted from longest to shortest mask
2419 * so we have found the most specific match
2420 */
21abb1ec 2421 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2422 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2423 snp->smk_host.s6_addr16[i]) {
2424 found = 0;
2425 break;
2426 }
4303154e 2427 }
21abb1ec
CS		 2428 if (found)
2429 return snp->smk_label;
2430 }
07feee8f
PM		 2431
2432 return NULL;
2433}
21abb1ec 2434#endif /* CONFIG_IPV6 */
07feee8f 2435
e114e473
CS		 2436/**
2437 * smack_netlabel - Set the secattr on a socket
2438 * @sk: the socket
6d3dc07c 2439 * @labeled: socket label scheme
e114e473
CS		 2440 *
2441 * Convert the outbound smack value (smk_out) to a
2442 * secattr and attach it to the socket.
2443 *
2444 * Returns 0 on success or an error code
2445 */
6d3dc07c 2446static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2447{
f7112e6c 2448 struct smack_known *skp;
07feee8f 2449 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2450 int rc = 0;
e114e473 2451
6d3dc07c
CS		 2452 /*
2453 * Usually the netlabel code will handle changing the
2454 * packet labeling based on the label.
2455 * The case of a single label host is different, because
2456 * a single label host should never get a labeled packet
2457 * even though the label is usually associated with a packet
2458 * label.
2459 */
2460 local_bh_disable();
2461 bh_lock_sock_nested(sk);
2462
2463 if (ssp->smk_out == smack_net_ambient ||
2464 labeled == SMACK_UNLABELED_SOCKET)
2465 netlbl_sock_delattr(sk);
2466 else {
2f823ff8 2467 skp = ssp->smk_out;
f7112e6c 2468 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2469 }
2470
2471 bh_unlock_sock(sk);
2472 local_bh_enable();
4bc87e62 2473
e114e473
CS		 2474 return rc;
2475}
2476
07feee8f
PM		 2477/**
2478 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2479 * @sk: the socket
2480 * @sap: the destination address
2481 *
2482 * Set the correct secattr for the given socket based on the destination
2483 * address and perform any outbound access checks needed.
2484 *
2485 * Returns 0 on success or an error code.
2486 *
2487 */
2488static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2489{
2f823ff8 2490 struct smack_known *skp;
07feee8f
PM		 2491 int rc;
2492 int sk_lbl;
21c7eae2 2493 struct smack_known *hkp;
07feee8f 2494 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2495 struct smk_audit_info ad;
07feee8f
PM		 2496
2497 rcu_read_lock();
21abb1ec 2498 hkp = smack_ipv4host_label(sap);
21c7eae2 2499 if (hkp != NULL) {
ecfcc53f 2500#ifdef CONFIG_AUDIT
923e9a13
KC		 2501 struct lsm_network_audit net;
2502
48c62af6
EP		 2503 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2504 ad.a.u.net->family = sap->sin_family;
2505 ad.a.u.net->dport = sap->sin_port;
2506 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2507#endif
923e9a13 2508 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2509 skp = ssp->smk_out;
21c7eae2
LP		 2510 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2511 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2512 } else {
2513 sk_lbl = SMACK_CIPSO_SOCKET;
2514 rc = 0;
2515 }
2516 rcu_read_unlock();
2517 if (rc != 0)
2518 return rc;
2519
2520 return smack_netlabel(sk, sk_lbl);
2521}
2522
21abb1ec
CS		 2523#if IS_ENABLED(CONFIG_IPV6)
2524/**
2525 * smk_ipv6_check - check Smack access
2526 * @subject: subject Smack label
2527 * @object: object Smack label
2528 * @address: address
2529 * @act: the action being taken
2530 *
2531 * Check an IPv6 access
2532 */
2533static int smk_ipv6_check(struct smack_known *subject,
2534 struct smack_known *object,
2535 struct sockaddr_in6 *address, int act)
2536{
2537#ifdef CONFIG_AUDIT
2538 struct lsm_network_audit net;
2539#endif
2540 struct smk_audit_info ad;
2541 int rc;
2542
2543#ifdef CONFIG_AUDIT
2544 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2545 ad.a.u.net->family = PF_INET6;
2546 ad.a.u.net->dport = ntohs(address->sin6_port);
2547 if (act == SMK_RECEIVING)
2548 ad.a.u.net->v6info.saddr = address->sin6_addr;
2549 else
2550 ad.a.u.net->v6info.daddr = address->sin6_addr;
2551#endif
2552 rc = smk_access(subject, object, MAY_WRITE, &ad);
2553 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2554 return rc;
2555}
2556#endif /* CONFIG_IPV6 */
2557
2558#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2559/**
2560 * smk_ipv6_port_label - Smack port access table management
2561 * @sock: socket
2562 * @address: address
2563 *
2564 * Create or update the port list entry
2565 */
2566static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2567{
2568 struct sock *sk = sock->sk;
2569 struct sockaddr_in6 *addr6;
2570 struct socket_smack *ssp = sock->sk->sk_security;
2571 struct smk_port_label *spp;
2572 unsigned short port = 0;
2573
2574 if (address == NULL) {
2575 /*
2576 * This operation is changing the Smack information
2577 * on the bound socket. Take the changes to the port
2578 * as well.
2579 */
3c7ce342
VG		 2580 rcu_read_lock();
2581 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2582 if (sk != spp->smk_sock)
2583 continue;
2584 spp->smk_in = ssp->smk_in;
2585 spp->smk_out = ssp->smk_out;
3c7ce342 2586 rcu_read_unlock();
c6739443
CS		 2587 return;
2588 }
2589 /*
2590 * A NULL address is only used for updating existing
2591 * bound entries. If there isn't one, it's OK.
2592 */
3c7ce342 2593 rcu_read_unlock();
c6739443
CS		 2594 return;
2595 }
2596
2597 addr6 = (struct sockaddr_in6 *)address;
2598 port = ntohs(addr6->sin6_port);
2599 /*
2600 * This is a special case that is safely ignored.
2601 */
2602 if (port == 0)
2603 return;
2604
2605 /*
2606 * Look for an existing port list entry.
2607 * This is an indication that a port is getting reused.
2608 */
3c7ce342
VG		 2609 rcu_read_lock();
2610 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2611 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2612 continue;
0c96d1f5
VG		 2613 if (spp->smk_can_reuse != 1) {
2614 rcu_read_unlock();
2615 return;
2616 }
c6739443
CS		 2617 spp->smk_port = port;
2618 spp->smk_sock = sk;
2619 spp->smk_in = ssp->smk_in;
2620 spp->smk_out = ssp->smk_out;
0c96d1f5 2621 spp->smk_can_reuse = 0;
3c7ce342 2622 rcu_read_unlock();
c6739443
CS		 2623 return;
2624 }
3c7ce342 2625 rcu_read_unlock();
c6739443
CS		 2626 /*
2627 * A new port entry is required.
2628 */
2629 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2630 if (spp == NULL)
2631 return;
2632
2633 spp->smk_port = port;
2634 spp->smk_sock = sk;
2635 spp->smk_in = ssp->smk_in;
2636 spp->smk_out = ssp->smk_out;
9d44c973 2637 spp->smk_sock_type = sock->type;
0c96d1f5 2638 spp->smk_can_reuse = 0;
c6739443 2639
3c7ce342
VG		 2640 mutex_lock(&smack_ipv6_lock);
2641 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2642 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2643 return;
2644}
2645
2646/**
2647 * smk_ipv6_port_check - check Smack port access
2648 * @sock: socket
2649 * @address: address
2650 *
2651 * Create or update the port list entry
2652 */
6ea06247 2653static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2654 int act)
2655{
c6739443
CS		 2656 struct smk_port_label *spp;
2657 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2658 struct smack_known *skp = NULL;
2659 unsigned short port;
21c7eae2 2660 struct smack_known *object;
c6739443
CS		 2661
2662 if (act == SMK_RECEIVING) {
21abb1ec 2663 skp = smack_ipv6host_label(address);
21c7eae2 2664 object = ssp->smk_in;
c6739443 2665 } else {
2f823ff8 2666 skp = ssp->smk_out;
21abb1ec 2667 object = smack_ipv6host_label(address);
c6739443
CS		 2668 }
2669
2670 /*
21abb1ec 2671 * The other end is a single label host.
c6739443 2672 */
21abb1ec
CS		 2673 if (skp != NULL && object != NULL)
2674 return smk_ipv6_check(skp, object, address, act);
2675 if (skp == NULL)
2676 skp = smack_net_ambient;
2677 if (object == NULL)
2678 object = smack_net_ambient;
c6739443
CS		 2679
2680 /*
2681 * It's remote, so port lookup does no good.
2682 */
21abb1ec
CS		 2683 if (!smk_ipv6_localhost(address))
2684 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2685
2686 /*
2687 * It's local so the send check has to have passed.
2688 */
21abb1ec
CS		 2689 if (act == SMK_RECEIVING)
2690 return 0;
c6739443 2691
21abb1ec 2692 port = ntohs(address->sin6_port);
3c7ce342
VG		 2693 rcu_read_lock();
2694 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2695 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2696 continue;
21c7eae2 2697 object = spp->smk_in;
c6739443 2698 if (act == SMK_CONNECTING)
54e70ec5 2699 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2700 break;
2701 }
3c7ce342 2702 rcu_read_unlock();
c6739443 2703
21abb1ec 2704 return smk_ipv6_check(skp, object, address, act);
c6739443 2705}
21abb1ec 2706#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2707
e114e473
CS		 2708/**
2709 * smack_inode_setsecurity - set smack xattrs
2710 * @inode: the object
2711 * @name: attribute name
2712 * @value: attribute value
2713 * @size: size of the attribute
2714 * @flags: unused
2715 *
2716 * Sets the named attribute in the appropriate blob
2717 *
2718 * Returns 0 on success, or an error code
2719 */
2720static int smack_inode_setsecurity(struct inode *inode, const char *name,
2721 const void *value, size_t size, int flags)
2722{
2f823ff8 2723 struct smack_known *skp;
e114e473
CS		 2724 struct inode_smack *nsp = inode->i_security;
2725 struct socket_smack *ssp;
2726 struct socket *sock;
4bc87e62 2727 int rc = 0;
e114e473 2728
f7112e6c 2729 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2730 return -EINVAL;
e114e473 2731
2f823ff8 2732 skp = smk_import_entry(value, size);
e774ad68
LP		 2733 if (IS_ERR(skp))
2734 return PTR_ERR(skp);
e114e473
CS		 2735
2736 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2737 nsp->smk_inode = skp;
ddd29ec6 2738 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2739 return 0;
2740 }
2741 /*
2742 * The rest of the Smack xattrs are only on sockets.
2743 */
2744 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2745 return -EOPNOTSUPP;
2746
2747 sock = SOCKET_I(inode);
2e1d146a 2748 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2749 return -EOPNOTSUPP;
2750
2751 ssp = sock->sk->sk_security;
2752
2753 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2754 ssp->smk_in = skp;
e114e473 2755 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2756 ssp->smk_out = skp;
c6739443 2757 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2758 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2759 if (rc != 0)
2760 printk(KERN_WARNING
2761 "Smack: \"%s\" netlbl error %d.\n",
2762 __func__, -rc);
2763 }
e114e473
CS		 2764 } else
2765 return -EOPNOTSUPP;
2766
21abb1ec 2767#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2768 if (sock->sk->sk_family == PF_INET6)
2769 smk_ipv6_port_label(sock, NULL);
21abb1ec 2770#endif
c6739443 2771
e114e473
CS		 2772 return 0;
2773}
2774
2775/**
2776 * smack_socket_post_create - finish socket setup
2777 * @sock: the socket
2778 * @family: protocol family
2779 * @type: unused
2780 * @protocol: unused
2781 * @kern: unused
2782 *
2783 * Sets the netlabel information on the socket
2784 *
2785 * Returns 0 on success, and error code otherwise
2786 */
2787static int smack_socket_post_create(struct socket *sock, int family,
2788 int type, int protocol, int kern)
2789{
7412301b
ML		 2790 struct socket_smack *ssp;
2791
2792 if (sock->sk == NULL)
2793 return 0;
2794
2795 /*
2796 * Sockets created by kernel threads receive web label.
2797 */
2798 if (unlikely(current->flags & PF_KTHREAD)) {
2799 ssp = sock->sk->sk_security;
2800 ssp->smk_in = &smack_known_web;
2801 ssp->smk_out = &smack_known_web;
2802 }
2803
2804 if (family != PF_INET)
e114e473
CS		 2805 return 0;
2806 /*
2807 * Set the outbound netlbl.
2808 */
6d3dc07c
CS		 2809 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2810}
2811
5859cdf5
TG		 2812/**
2813 * smack_socket_socketpair - create socket pair
2814 * @socka: one socket
2815 * @sockb: another socket
2816 *
2817 * Cross reference the peer labels for SO_PEERSEC
2818 *
2819 * Returns 0 on success, and error code otherwise
2820 */
2821static int smack_socket_socketpair(struct socket *socka,
2822 struct socket *sockb)
2823{
2824 struct socket_smack *asp = socka->sk->sk_security;
2825 struct socket_smack *bsp = sockb->sk->sk_security;
2826
2827 asp->smk_packet = bsp->smk_out;
2828 bsp->smk_packet = asp->smk_out;
2829
2830 return 0;
2831}
2832
21abb1ec 2833#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2834/**
2835 * smack_socket_bind - record port binding information.
2836 * @sock: the socket
2837 * @address: the port address
2838 * @addrlen: size of the address
2839 *
2840 * Records the label bound to a port.
2841 *
2842 * Returns 0
2843 */
2844static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2845 int addrlen)
2846{
2847 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2848 smk_ipv6_port_label(sock, address);
c6739443
CS		 2849 return 0;
2850}
21abb1ec 2851#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2852
6d3dc07c
CS		 2853/**
2854 * smack_socket_connect - connect access check
2855 * @sock: the socket
2856 * @sap: the other end
2857 * @addrlen: size of sap
2858 *
2859 * Verifies that a connection may be possible
2860 *
2861 * Returns 0 on success, and error code otherwise
2862 */
2863static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2864 int addrlen)
2865{
c6739443 2866 int rc = 0;
21abb1ec
CS		 2867#if IS_ENABLED(CONFIG_IPV6)
2868 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2869#endif
2870#ifdef SMACK_IPV6_SECMARK_LABELING
2871 struct smack_known *rsp;
da49b5da 2872 struct socket_smack *ssp;
21abb1ec 2873#endif
c6739443
CS		 2874
2875 if (sock->sk == NULL)
6d3dc07c 2876 return 0;
6d3dc07c 2877
da49b5da
VG		 2878#ifdef SMACK_IPV6_SECMARK_LABELING
2879 ssp = sock->sk->sk_security;
2880#endif
2881
c6739443
CS		 2882 switch (sock->sk->sk_family) {
2883 case PF_INET:
2884 if (addrlen < sizeof(struct sockaddr_in))
2885 return -EINVAL;
2886 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2887 break;
2888 case PF_INET6:
2889 if (addrlen < sizeof(struct sockaddr_in6))
2890 return -EINVAL;
21abb1ec
CS		 2891#ifdef SMACK_IPV6_SECMARK_LABELING
2892 rsp = smack_ipv6host_label(sip);
2893 if (rsp != NULL)
2894 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
6ea06247 2895 SMK_CONNECTING);
21abb1ec
CS		 2896#endif
2897#ifdef SMACK_IPV6_PORT_LABELING
2898 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2899#endif
c6739443
CS		 2900 break;
2901 }
2902 return rc;
e114e473
CS		 2903}
2904
2905/**
2906 * smack_flags_to_may - convert S_ to MAY_ values
2907 * @flags: the S_ value
2908 *
2909 * Returns the equivalent MAY_ value
2910 */
2911static int smack_flags_to_may(int flags)
2912{
2913 int may = 0;
2914
2915 if (flags & S_IRUGO)
2916 may |= MAY_READ;
2917 if (flags & S_IWUGO)
2918 may |= MAY_WRITE;
2919 if (flags & S_IXUGO)
2920 may |= MAY_EXEC;
2921
2922 return may;
2923}
2924
2925/**
2926 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2927 * @msg: the object
2928 *
2929 * Returns 0
2930 */
2931static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2932{
2f823ff8
CS		 2933 struct smack_known *skp = smk_of_current();
2934
21c7eae2 2935 msg->security = skp;
e114e473
CS		 2936 return 0;
2937}
2938
2939/**
2940 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2941 * @msg: the object
2942 *
2943 * Clears the blob pointer
2944 */
2945static void smack_msg_msg_free_security(struct msg_msg *msg)
2946{
2947 msg->security = NULL;
2948}
2949
2950/**
0d79cbf8
EB		 2951 * smack_of_ipc - the smack pointer for the ipc
2952 * @isp: the object
e114e473
CS		 2953 *
2954 * Returns a pointer to the smack value
2955 */
0d79cbf8 2956static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 2957{
0d79cbf8 2958 return (struct smack_known *)isp->security;
e114e473
CS		 2959}
2960
2961/**
0d79cbf8
EB		 2962 * smack_ipc_alloc_security - Set the security blob for ipc
2963 * @isp: the object
e114e473
CS		 2964 *
2965 * Returns 0
2966 */
0d79cbf8 2967static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 2968{
2f823ff8 2969 struct smack_known *skp = smk_of_current();
e114e473 2970
21c7eae2 2971 isp->security = skp;
e114e473
CS		 2972 return 0;
2973}
2974
2975/**
0d79cbf8
EB		 2976 * smack_ipc_free_security - Clear the security blob for ipc
2977 * @isp: the object
e114e473
CS		 2978 *
2979 * Clears the blob pointer
2980 */
0d79cbf8 2981static void smack_ipc_free_security(struct kern_ipc_perm *isp)
e114e473 2982{
e114e473
CS		 2983 isp->security = NULL;
2984}
2985
ecfcc53f
EB		 2986/**
2987 * smk_curacc_shm : check if current has access on shm
0d79cbf8 2988 * @isp : the object
ecfcc53f
EB		 2989 * @access : access requested
2990 *
2991 * Returns 0 if current has the requested access, error code otherwise
2992 */
0d79cbf8 2993static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 2994{
0d79cbf8 2995 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 2996 struct smk_audit_info ad;
d166c802 2997 int rc;
ecfcc53f
EB		 2998
2999#ifdef CONFIG_AUDIT
3000 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3001 ad.a.u.ipc_id = isp->id;
ecfcc53f 3002#endif
d166c802
CS		 3003 rc = smk_curacc(ssp, access, &ad);
3004 rc = smk_bu_current("shm", ssp, access, rc);
3005 return rc;
ecfcc53f
EB		 3006}
3007
e114e473
CS		 3008/**
3009 * smack_shm_associate - Smack access check for shm
0d79cbf8 3010 * @isp: the object
e114e473
CS		 3011 * @shmflg: access requested
3012 *
3013 * Returns 0 if current has the requested access, error code otherwise
3014 */
0d79cbf8 3015static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 3016{
e114e473
CS		 3017 int may;
3018
3019 may = smack_flags_to_may(shmflg);
0d79cbf8 3020 return smk_curacc_shm(isp, may);
e114e473
CS		 3021}
3022
3023/**
3024 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 3025 * @isp: the object
e114e473
CS		 3026 * @cmd: what it wants to do
3027 *
3028 * Returns 0 if current has the requested access, error code otherwise
3029 */
0d79cbf8 3030static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3031{
e114e473
CS		 3032 int may;
3033
3034 switch (cmd) {
3035 case IPC_STAT:
3036 case SHM_STAT:
c21a6970 3037 case SHM_STAT_ANY:
e114e473
CS		 3038 may = MAY_READ;
3039 break;
3040 case IPC_SET:
3041 case SHM_LOCK:
3042 case SHM_UNLOCK:
3043 case IPC_RMID:
3044 may = MAY_READWRITE;
3045 break;
3046 case IPC_INFO:
3047 case SHM_INFO:
3048 /*
3049 * System level information.
3050 */
3051 return 0;
3052 default:
3053 return -EINVAL;
3054 }
0d79cbf8 3055 return smk_curacc_shm(isp, may);
e114e473
CS		 3056}
3057
3058/**
3059 * smack_shm_shmat - Smack access for shmat
0d79cbf8 3060 * @isp: the object
e114e473
CS		 3061 * @shmaddr: unused
3062 * @shmflg: access requested
3063 *
3064 * Returns 0 if current has the requested access, error code otherwise
3065 */
0d79cbf8 3066static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
e114e473
CS		 3067 int shmflg)
3068{
e114e473
CS		 3069 int may;
3070
3071 may = smack_flags_to_may(shmflg);
0d79cbf8 3072 return smk_curacc_shm(ipc, may);
e114e473
CS		 3073}
3074
ecfcc53f
EB		 3075/**
3076 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3077 * @isp : the object
ecfcc53f
EB		 3078 * @access : access requested
3079 *
3080 * Returns 0 if current has the requested access, error code otherwise
3081 */
0d79cbf8 3082static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3083{
0d79cbf8 3084 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3085 struct smk_audit_info ad;
d166c802 3086 int rc;
ecfcc53f
EB		 3087
3088#ifdef CONFIG_AUDIT
3089 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3090 ad.a.u.ipc_id = isp->id;
ecfcc53f 3091#endif
d166c802
CS		 3092 rc = smk_curacc(ssp, access, &ad);
3093 rc = smk_bu_current("sem", ssp, access, rc);
3094 return rc;
ecfcc53f
EB		 3095}
3096
e114e473
CS		 3097/**
3098 * smack_sem_associate - Smack access check for sem
0d79cbf8 3099 * @isp: the object
e114e473
CS		 3100 * @semflg: access requested
3101 *
3102 * Returns 0 if current has the requested access, error code otherwise
3103 */
0d79cbf8 3104static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3105{
e114e473
CS		 3106 int may;
3107
3108 may = smack_flags_to_may(semflg);
0d79cbf8 3109 return smk_curacc_sem(isp, may);
e114e473
CS		 3110}
3111
3112/**
3113 * smack_sem_shmctl - Smack access check for sem
0d79cbf8 3114 * @isp: the object
e114e473
CS		 3115 * @cmd: what it wants to do
3116 *
3117 * Returns 0 if current has the requested access, error code otherwise
3118 */
0d79cbf8 3119static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3120{
e114e473
CS		 3121 int may;
3122
3123 switch (cmd) {
3124 case GETPID:
3125 case GETNCNT:
3126 case GETZCNT:
3127 case GETVAL:
3128 case GETALL:
3129 case IPC_STAT:
3130 case SEM_STAT:
a280d6dc 3131 case SEM_STAT_ANY:
e114e473
CS		 3132 may = MAY_READ;
3133 break;
3134 case SETVAL:
3135 case SETALL:
3136 case IPC_RMID:
3137 case IPC_SET:
3138 may = MAY_READWRITE;
3139 break;
3140 case IPC_INFO:
3141 case SEM_INFO:
3142 /*
3143 * System level information
3144 */
3145 return 0;
3146 default:
3147 return -EINVAL;
3148 }
3149
0d79cbf8 3150 return smk_curacc_sem(isp, may);
e114e473
CS		 3151}
3152
3153/**
3154 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3155 * @isp: the object
e114e473
CS		 3156 * @sops: unused
3157 * @nsops: unused
3158 * @alter: unused
3159 *
3160 * Treated as read and write in all cases.
3161 *
3162 * Returns 0 if access is allowed, error code otherwise
3163 */
0d79cbf8 3164static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3165 unsigned nsops, int alter)
3166{
0d79cbf8 3167 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3168}
3169
ecfcc53f
EB		 3170/**
3171 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3172 * @isp : the msq
ecfcc53f
EB		 3173 * @access : access requested
3174 *
3175 * return 0 if current has access, error otherwise
3176 */
0d79cbf8 3177static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3178{
0d79cbf8 3179 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3180 struct smk_audit_info ad;
d166c802 3181 int rc;
ecfcc53f
EB		 3182
3183#ifdef CONFIG_AUDIT
3184 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3185 ad.a.u.ipc_id = isp->id;
ecfcc53f 3186#endif
d166c802
CS		 3187 rc = smk_curacc(msp, access, &ad);
3188 rc = smk_bu_current("msq", msp, access, rc);
3189 return rc;
ecfcc53f
EB		 3190}
3191
e114e473
CS		 3192/**
3193 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3194 * @isp: the object
e114e473
CS		 3195 * @msqflg: access requested
3196 *
3197 * Returns 0 if current has the requested access, error code otherwise
3198 */
0d79cbf8 3199static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3200{
e114e473
CS		 3201 int may;
3202
3203 may = smack_flags_to_may(msqflg);
0d79cbf8 3204 return smk_curacc_msq(isp, may);
e114e473
CS		 3205}
3206
3207/**
3208 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3209 * @isp: the object
e114e473
CS		 3210 * @cmd: what it wants to do
3211 *
3212 * Returns 0 if current has the requested access, error code otherwise
3213 */
0d79cbf8 3214static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3215{
e114e473
CS		 3216 int may;
3217
3218 switch (cmd) {
3219 case IPC_STAT:
3220 case MSG_STAT:
23c8cec8 3221 case MSG_STAT_ANY:
e114e473
CS		 3222 may = MAY_READ;
3223 break;
3224 case IPC_SET:
3225 case IPC_RMID:
3226 may = MAY_READWRITE;
3227 break;
3228 case IPC_INFO:
3229 case MSG_INFO:
3230 /*
3231 * System level information
3232 */
3233 return 0;
3234 default:
3235 return -EINVAL;
3236 }
3237
0d79cbf8 3238 return smk_curacc_msq(isp, may);
e114e473
CS		 3239}
3240
3241/**
3242 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3243 * @isp: the object
e114e473
CS		 3244 * @msg: unused
3245 * @msqflg: access requested
3246 *
3247 * Returns 0 if current has the requested access, error code otherwise
3248 */
0d79cbf8 3249static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3250 int msqflg)
3251{
ecfcc53f 3252 int may;
e114e473 3253
ecfcc53f 3254 may = smack_flags_to_may(msqflg);
0d79cbf8 3255 return smk_curacc_msq(isp, may);
e114e473
CS		 3256}
3257
3258/**
3259 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3260 * @isp: the object
e114e473
CS		 3261 * @msg: unused
3262 * @target: unused
3263 * @type: unused
3264 * @mode: unused
3265 *
3266 * Returns 0 if current has read and write access, error code otherwise
3267 */
0d79cbf8 3268static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3269 struct task_struct *target, long type, int mode)
3270{
0d79cbf8 3271 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3272}
3273
3274/**
3275 * smack_ipc_permission - Smack access for ipc_permission()
3276 * @ipp: the object permissions
3277 * @flag: access requested
3278 *
3279 * Returns 0 if current has read and write access, error code otherwise
3280 */
3281static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3282{
21c7eae2 3283 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 3284 int may = smack_flags_to_may(flag);
3285 struct smk_audit_info ad;
d166c802 3286 int rc;
e114e473 3287
ecfcc53f
EB		 3288#ifdef CONFIG_AUDIT
3289 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3290 ad.a.u.ipc_id = ipp->id;
3291#endif
21c7eae2
LP		 3292 rc = smk_curacc(iskp, may, &ad);
3293 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3294 return rc;
e114e473
CS		 3295}
3296
d20bdda6
AD		 3297/**
3298 * smack_ipc_getsecid - Extract smack security id
251a2a95 3299 * @ipp: the object permissions
d20bdda6
AD		 3300 * @secid: where result will be saved
3301 */
3302static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3303{
21c7eae2 3304 struct smack_known *iskp = ipp->security;
d20bdda6 3305
21c7eae2 3306 *secid = iskp->smk_secid;
d20bdda6
AD		 3307}
3308
e114e473
CS		 3309/**
3310 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3311 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3312 * @inode: the object
3313 *
3314 * Set the inode's security blob if it hasn't been done already.
3315 */
3316static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3317{
3318 struct super_block *sbp;
3319 struct superblock_smack *sbsp;
3320 struct inode_smack *isp;
2f823ff8
CS		 3321 struct smack_known *skp;
3322 struct smack_known *ckp = smk_of_current();
21c7eae2 3323 struct smack_known *final;
5c6d1125
JS		 3324 char trattr[TRANS_TRUE_SIZE];
3325 int transflag = 0;
2267b13a 3326 int rc;
e114e473
CS		 3327 struct dentry *dp;
3328
3329 if (inode == NULL)
3330 return;
3331
3332 isp = inode->i_security;
3333
3334 mutex_lock(&isp->smk_lock);
3335 /*
3336 * If the inode is already instantiated
3337 * take the quick way out
3338 */
3339 if (isp->smk_flags & SMK_INODE_INSTANT)
3340 goto unlockandout;
3341
3342 sbp = inode->i_sb;
3343 sbsp = sbp->s_security;
3344 /*
3345 * We're going to use the superblock default label
3346 * if there's no label on the file.
3347 */
3348 final = sbsp->smk_default;
3349
e97dcb0e
CS		 3350 /*
3351 * If this is the root inode the superblock
3352 * may be in the process of initialization.
3353 * If that is the case use the root value out
3354 * of the superblock.
3355 */
3356 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3357 switch (sbp->s_magic) {
3358 case CGROUP_SUPER_MAGIC:
58c442f3 3359 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3360 /*
3361 * The cgroup filesystem is never mounted,
3362 * so there's no opportunity to set the mount
3363 * options.
3364 */
21c7eae2
LP		 3365 sbsp->smk_root = &smack_known_star;
3366 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3367 isp->smk_inode = sbsp->smk_root;
3368 break;
3369 case TMPFS_MAGIC:
3370 /*
3371 * What about shmem/tmpfs anonymous files with dentry
3372 * obtained from d_alloc_pseudo()?
3373 */
3374 isp->smk_inode = smk_of_current();
3375 break;
8da4aba5
RK		 3376 case PIPEFS_MAGIC:
3377 isp->smk_inode = smk_of_current();
3378 break;
805b65a8
RK		 3379 case SOCKFS_MAGIC:
3380 /*
3381 * Socket access is controlled by the socket
3382 * structures associated with the task involved.
3383 */
3384 isp->smk_inode = &smack_known_star;
3385 break;
1d8c2326
ŁS		 3386 default:
3387 isp->smk_inode = sbsp->smk_root;
3388 break;
36ea735b 3389 }
e97dcb0e
CS		 3390 isp->smk_flags |= SMK_INODE_INSTANT;
3391 goto unlockandout;
3392 }
3393
e114e473
CS		 3394 /*
3395 * This is pretty hackish.
3396 * Casey says that we shouldn't have to do
3397 * file system specific code, but it does help
3398 * with keeping it simple.
3399 */
3400 switch (sbp->s_magic) {
3401 case SMACK_MAGIC:
36ea735b 3402 case CGROUP_SUPER_MAGIC:
58c442f3 3403 case CGROUP2_SUPER_MAGIC:
e114e473 3404 /*
25985edc 3405 * Casey says that it's a little embarrassing
e114e473
CS		 3406 * that the smack file system doesn't do
3407 * extended attributes.
36ea735b 3408 *
36ea735b 3409 * Cgroupfs is special
e114e473 3410 */
21c7eae2 3411 final = &smack_known_star;
e114e473
CS		 3412 break;
3413 case DEVPTS_SUPER_MAGIC:
3414 /*
3415 * devpts seems content with the label of the task.
3416 * Programs that change smack have to treat the
3417 * pty with respect.
3418 */
21c7eae2 3419 final = ckp;
e114e473 3420 break;
e114e473
CS		 3421 case PROC_SUPER_MAGIC:
3422 /*
3423 * Casey says procfs appears not to care.
3424 * The superblock default suffices.
3425 */
3426 break;
3427 case TMPFS_MAGIC:
3428 /*
3429 * Device labels should come from the filesystem,
3430 * but watch out, because they're volitile,
3431 * getting recreated on every reboot.
3432 */
21c7eae2 3433 final = &smack_known_star;
e114e473 3434 /*
b1fed3ed 3435 * Fall through.
e114e473
CS		 3436 *
3437 * If a smack value has been set we want to use it,
3438 * but since tmpfs isn't giving us the opportunity
3439 * to set mount options simulate setting the
3440 * superblock default.
3441 */
3442 default:
3443 /*
3444 * This isn't an understood special case.
3445 * Get the value from the xattr.
b4e0d5f0
CS		 3446 */
3447
3448 /*
3449 * UNIX domain sockets use lower level socket data.
3450 */
3451 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3452 final = &smack_known_star;
b4e0d5f0
CS		 3453 break;
3454 }
3455 /*
e114e473
CS		 3456 * No xattr support means, alas, no SMACK label.
3457 * Use the aforeapplied default.
3458 * It would be curious if the label of the task
3459 * does not match that assigned.
3460 */
5d6c3191
AG		 3461 if (!(inode->i_opflags & IOP_XATTR))
3462 break;
e114e473
CS		 3463 /*
3464 * Get the dentry for xattr.
3465 */
3e62cbb8 3466 dp = dget(opt_dentry);
2f823ff8 3467 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3468 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3469 final = skp;
2267b13a
CS		 3470
3471 /*
3472 * Transmuting directory
3473 */
3474 if (S_ISDIR(inode->i_mode)) {
3475 /*
3476 * If this is a new directory and the label was
3477 * transmuted when the inode was initialized
3478 * set the transmute attribute on the directory
3479 * and mark the inode.
3480 *
3481 * If there is a transmute attribute on the
3482 * directory mark the inode.
3483 */
3484 if (isp->smk_flags & SMK_INODE_CHANGED) {
3485 isp->smk_flags &= ~SMK_INODE_CHANGED;
5d6c3191 3486 rc = __vfs_setxattr(dp, inode,
5c6d1125 3487 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3488 TRANS_TRUE, TRANS_TRUE_SIZE,
3489 0);
3490 } else {
5d6c3191 3491 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3492 XATTR_NAME_SMACKTRANSMUTE, trattr,
3493 TRANS_TRUE_SIZE);
3494 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3495 TRANS_TRUE_SIZE) != 0)
3496 rc = -EINVAL;
5c6d1125 3497 }
2267b13a
CS		 3498 if (rc >= 0)
3499 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3500 }
809c02e0
SF		 3501 /*
3502 * Don't let the exec or mmap label be "*" or "@".
3503 */
3504 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3505 if (IS_ERR(skp) || skp == &smack_known_star ||
3506 skp == &smack_known_web)
3507 skp = NULL;
3508 isp->smk_task = skp;
e774ad68 3509
19760ad0 3510 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3511 if (IS_ERR(skp) || skp == &smack_known_star ||
3512 skp == &smack_known_web)
19760ad0
CS		 3513 skp = NULL;
3514 isp->smk_mmap = skp;
676dac4b 3515
e114e473
CS		 3516 dput(dp);
3517 break;
3518 }
3519
3520 if (final == NULL)
21c7eae2 3521 isp->smk_inode = ckp;
e114e473
CS		 3522 else
3523 isp->smk_inode = final;
3524
5c6d1125 3525 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3526
3527unlockandout:
3528 mutex_unlock(&isp->smk_lock);
3529 return;
3530}
3531
3532/**
3533 * smack_getprocattr - Smack process attribute access
3534 * @p: the object task
3535 * @name: the name of the attribute in /proc/.../attr
3536 * @value: where to put the result
3537 *
3538 * Places a copy of the task Smack into value
3539 *
3540 * Returns the length of the smack label or an error code
3541 */
3542static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3543{
6d1cff2a 3544 struct smack_known *skp = smk_of_task_struct(p);
e114e473
CS		 3545 char *cp;
3546 int slen;
3547
3548 if (strcmp(name, "current") != 0)
3549 return -EINVAL;
3550
2f823ff8 3551 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3552 if (cp == NULL)
3553 return -ENOMEM;
3554
3555 slen = strlen(cp);
3556 *value = cp;
3557 return slen;
3558}
3559
3560/**
3561 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3562 * @name: the name of the attribute in /proc/.../attr
3563 * @value: the value to set
3564 * @size: the size of the value
3565 *
3566 * Sets the Smack value of the task. Only setting self
3567 * is permitted and only with privilege
3568 *
3569 * Returns the length of the smack label or an error code
3570 */
b21507e2 3571static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3572{
38416e53 3573 struct task_smack *tsp = current_security();
d84f4f99 3574 struct cred *new;
2f823ff8 3575 struct smack_known *skp;
38416e53
ZJ		 3576 struct smack_known_list_elem *sklep;
3577 int rc;
e114e473 3578
38416e53 3579 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3580 return -EPERM;
3581
f7112e6c 3582 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3583 return -EINVAL;
3584
3585 if (strcmp(name, "current") != 0)
3586 return -EINVAL;
3587
2f823ff8 3588 skp = smk_import_entry(value, size);
e774ad68
LP		 3589 if (IS_ERR(skp))
3590 return PTR_ERR(skp);
e114e473 3591
6d3dc07c 3592 /*
7128ea15
HS		 3593 * No process is ever allowed the web ("@") label
3594 * and the star ("*") label.
6d3dc07c 3595 */
7128ea15
HS		 3596 if (skp == &smack_known_web || skp == &smack_known_star)
3597 return -EINVAL;
6d3dc07c 3598
38416e53
ZJ		 3599 if (!smack_privileged(CAP_MAC_ADMIN)) {
3600 rc = -EPERM;
3601 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3602 if (sklep->smk_label == skp) {
3603 rc = 0;
3604 break;
3605 }
3606 if (rc)
3607 return rc;
3608 }
3609
d84f4f99 3610 new = prepare_creds();
6d3dc07c 3611 if (new == NULL)
d84f4f99 3612 return -ENOMEM;
7898e1f8 3613
46a2f3b9 3614 tsp = new->security;
2f823ff8 3615 tsp->smk_task = skp;
38416e53
ZJ		 3616 /*
3617 * process can change its label only once
3618 */
3619 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3620
d84f4f99 3621 commit_creds(new);
e114e473
CS		 3622 return size;
3623}
3624
3625/**
3626 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3627 * @sock: one sock
3628 * @other: the other sock
e114e473
CS		 3629 * @newsk: unused
3630 *
3631 * Return 0 if a subject with the smack of sock could access
3632 * an object with the smack of other, otherwise an error code
3633 */
3610cda5
DM		 3634static int smack_unix_stream_connect(struct sock *sock,
3635 struct sock *other, struct sock *newsk)
e114e473 3636{
2f823ff8 3637 struct smack_known *skp;
54e70ec5 3638 struct smack_known *okp;
d2e7ad19
JM		 3639 struct socket_smack *ssp = sock->sk_security;
3640 struct socket_smack *osp = other->sk_security;
975d5e55 3641 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3642 struct smk_audit_info ad;
b4e0d5f0 3643 int rc = 0;
923e9a13
KC		 3644#ifdef CONFIG_AUDIT
3645 struct lsm_network_audit net;
923e9a13 3646#endif
b4e0d5f0 3647
2f823ff8
CS		 3648 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3649 skp = ssp->smk_out;
96be7b54 3650 okp = osp->smk_in;
54e70ec5
CS		 3651#ifdef CONFIG_AUDIT
3652 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3653 smk_ad_setfield_u_net_sk(&ad, other);
3654#endif
21c7eae2
LP		 3655 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3656 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3657 if (rc == 0) {
96be7b54
ZJ		 3658 okp = osp->smk_out;
3659 skp = ssp->smk_in;
138a868f 3660 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3661 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3662 MAY_WRITE, rc);
3663 }
2f823ff8 3664 }
b4e0d5f0 3665
975d5e55
CS		 3666 /*
3667 * Cross reference the peer labels for SO_PEERSEC.
3668 */
3669 if (rc == 0) {
54e70ec5
CS		 3670 nsp->smk_packet = ssp->smk_out;
3671 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3672 }
3673
b4e0d5f0 3674 return rc;
e114e473
CS		 3675}
3676
3677/**
3678 * smack_unix_may_send - Smack access on UDS
3679 * @sock: one socket
3680 * @other: the other socket
3681 *
3682 * Return 0 if a subject with the smack of sock could access
3683 * an object with the smack of other, otherwise an error code
3684 */
3685static int smack_unix_may_send(struct socket *sock, struct socket *other)
3686{
b4e0d5f0
CS		 3687 struct socket_smack *ssp = sock->sk->sk_security;
3688 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3689 struct smk_audit_info ad;
d166c802 3690 int rc;
e114e473 3691
923e9a13
KC		 3692#ifdef CONFIG_AUDIT
3693 struct lsm_network_audit net;
3694
48c62af6 3695 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3696 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3697#endif
b4e0d5f0 3698
2f823ff8
CS		 3699 if (smack_privileged(CAP_MAC_OVERRIDE))
3700 return 0;
b4e0d5f0 3701
21c7eae2
LP		 3702 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3703 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3704 return rc;
e114e473
CS		 3705}
3706
6d3dc07c
CS		 3707/**
3708 * smack_socket_sendmsg - Smack check based on destination host
3709 * @sock: the socket
251a2a95 3710 * @msg: the message
6d3dc07c
CS		 3711 * @size: the size of the message
3712 *
c6739443
CS		 3713 * Return 0 if the current subject can write to the destination host.
3714 * For IPv4 this is only a question if the destination is a single label host.
3715 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3716 */
3717static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3718 int size)
3719{
3720 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3721#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3722 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3723#endif
3724#ifdef SMACK_IPV6_SECMARK_LABELING
3725 struct socket_smack *ssp = sock->sk->sk_security;
3726 struct smack_known *rsp;
3727#endif
c6739443 3728 int rc = 0;
6d3dc07c
CS		 3729
3730 /*
3731 * Perfectly reasonable for this to be NULL
3732 */
c6739443 3733 if (sip == NULL)
6d3dc07c
CS		 3734 return 0;
3735
81bd0d56 3736 switch (sock->sk->sk_family) {
c6739443
CS		 3737 case AF_INET:
3738 rc = smack_netlabel_send(sock->sk, sip);
3739 break;
3740 case AF_INET6:
21abb1ec
CS		 3741#ifdef SMACK_IPV6_SECMARK_LABELING
3742 rsp = smack_ipv6host_label(sap);
3743 if (rsp != NULL)
3744 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3745 SMK_CONNECTING);
3746#endif
3747#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3748 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3749#endif
c6739443
CS		 3750 break;
3751 }
3752 return rc;
6d3dc07c
CS		 3753}
3754
e114e473 3755/**
251a2a95 3756 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3757 * @sap: netlabel secattr
272cd7a8 3758 * @ssp: socket security information
e114e473 3759 *
2f823ff8 3760 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3761 */
2f823ff8
CS		 3762static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3763 struct socket_smack *ssp)
e114e473 3764{
2f823ff8 3765 struct smack_known *skp;
f7112e6c 3766 int found = 0;
677264e8
CS		 3767 int acat;
3768 int kcat;
e114e473 3769
6d3dc07c 3770 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3771 /*
6d3dc07c 3772 * Looks like a CIPSO packet.
e114e473
CS		 3773 * If there are flags but no level netlabel isn't
3774 * behaving the way we expect it to.
3775 *
f7112e6c 3776 * Look it up in the label table
e114e473
CS		 3777 * Without guidance regarding the smack value
3778 * for the packet fall back on the network
3779 * ambient value.
3780 */
f7112e6c 3781 rcu_read_lock();
348dc288 3782 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3783 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3784 continue;
677264e8
CS		 3785 /*
3786 * Compare the catsets. Use the netlbl APIs.
3787 */
3788 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3789 if ((skp->smk_netlabel.flags &
3790 NETLBL_SECATTR_MLS_CAT) == 0)
3791 found = 1;
3792 break;
3793 }
3794 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3795 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3796 acat + 1);
3797 kcat = netlbl_catmap_walk(
677264e8
CS		 3798 skp->smk_netlabel.attr.mls.cat,
3799 kcat + 1);
3800 if (acat < 0 || kcat < 0)
3801 break;
3802 }
3803 if (acat == kcat) {
3804 found = 1;
3805 break;
3806 }
6d3dc07c 3807 }
f7112e6c
CS		 3808 rcu_read_unlock();
3809
3810 if (found)
2f823ff8 3811 return skp;
f7112e6c 3812
54e70ec5 3813 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3814 return &smack_known_web;
3815 return &smack_known_star;
e114e473 3816 }
152f91d4 3817 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
6d3dc07c
CS		 3818 /*
3819 * Looks like a fallback, which gives us a secid.
3820 */
152f91d4 3821 return smack_from_secid(sap->attr.secid);
e114e473 3822 /*
6d3dc07c
CS		 3823 * Without guidance regarding the smack value
3824 * for the packet fall back on the network
3825 * ambient value.
e114e473 3826 */
272cd7a8 3827 return smack_net_ambient;
e114e473
CS		 3828}
3829
69f287ae 3830#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3831static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3832{
c6739443
CS		 3833 u8 nexthdr;
3834 int offset;
3835 int proto = -EINVAL;
3836 struct ipv6hdr _ipv6h;
3837 struct ipv6hdr *ip6;
3838 __be16 frag_off;
3839 struct tcphdr _tcph, *th;
3840 struct udphdr _udph, *uh;
3841 struct dccp_hdr _dccph, *dh;
3842
3843 sip->sin6_port = 0;
3844
3845 offset = skb_network_offset(skb);
3846 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3847 if (ip6 == NULL)
3848 return -EINVAL;
3849 sip->sin6_addr = ip6->saddr;
3850
3851 nexthdr = ip6->nexthdr;
3852 offset += sizeof(_ipv6h);
3853 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3854 if (offset < 0)
3855 return -EINVAL;
3856
3857 proto = nexthdr;
3858 switch (proto) {
3859 case IPPROTO_TCP:
3860 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3861 if (th != NULL)
3862 sip->sin6_port = th->source;
3863 break;
3864 case IPPROTO_UDP:
a07ef951 3865 case IPPROTO_UDPLITE:
c6739443
CS		 3866 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3867 if (uh != NULL)
3868 sip->sin6_port = uh->source;
3869 break;
3870 case IPPROTO_DCCP:
3871 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3872 if (dh != NULL)
3873 sip->sin6_port = dh->dccph_sport;
3874 break;
3875 }
3876 return proto;
3877}
69f287ae 3878#endif /* CONFIG_IPV6 */
c6739443 3879
e114e473
CS		 3880/**
3881 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3882 * @sk: socket
3883 * @skb: packet
3884 *
3885 * Returns 0 if the packet should be delivered, an error code otherwise
3886 */
3887static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3888{
3889 struct netlbl_lsm_secattr secattr;
3890 struct socket_smack *ssp = sk->sk_security;
69f287ae 3891 struct smack_known *skp = NULL;
c6739443 3892 int rc = 0;
ecfcc53f 3893 struct smk_audit_info ad;
129a9989 3894 u16 family = sk->sk_family;
923e9a13 3895#ifdef CONFIG_AUDIT
48c62af6 3896 struct lsm_network_audit net;
923e9a13 3897#endif
69f287ae
CS		 3898#if IS_ENABLED(CONFIG_IPV6)
3899 struct sockaddr_in6 sadd;
3900 int proto;
129a9989
PS		 3901
3902 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3903 family = PF_INET;
69f287ae
CS		 3904#endif /* CONFIG_IPV6 */
3905
129a9989 3906 switch (family) {
c6739443 3907 case PF_INET:
69f287ae
CS		 3908#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3909 /*
3910 * If there is a secmark use it rather than the CIPSO label.
3911 * If there is no secmark fall back to CIPSO.
3912 * The secmark is assumed to reflect policy better.
3913 */
3914 if (skb && skb->secmark != 0) {
3915 skp = smack_from_secid(skb->secmark);
3916 goto access_check;
3917 }
3918#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3919 /*
3920 * Translate what netlabel gave us.
3921 */
3922 netlbl_secattr_init(&secattr);
6d3dc07c 3923
129a9989 3924 rc = netlbl_skbuff_getattr(skb, family, &secattr);
c6739443 3925 if (rc == 0)
2f823ff8 3926 skp = smack_from_secattr(&secattr, ssp);
c6739443 3927 else
2f823ff8 3928 skp = smack_net_ambient;
6d3dc07c 3929
c6739443 3930 netlbl_secattr_destroy(&secattr);
6d3dc07c 3931
69f287ae
CS		 3932#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3933access_check:
3934#endif
ecfcc53f 3935#ifdef CONFIG_AUDIT
c6739443 3936 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3937 ad.a.u.net->family = family;
c6739443
CS		 3938 ad.a.u.net->netif = skb->skb_iif;
3939 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3940#endif
c6739443
CS		 3941 /*
3942 * Receiving a packet requires that the other end
3943 * be able to write here. Read access is not required.
3944 * This is the simplist possible security model
3945 * for networking.
3946 */
21c7eae2
LP		 3947 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3948 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3949 MAY_WRITE, rc);
c6739443 3950 if (rc != 0)
129a9989 3951 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 3952 break;
69f287ae 3953#if IS_ENABLED(CONFIG_IPV6)
c6739443 3954 case PF_INET6:
69f287ae 3955 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 3956 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3957 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 3958 break;
21abb1ec 3959#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae
CS		 3960 if (skb && skb->secmark != 0)
3961 skp = smack_from_secid(skb->secmark);
c6739443 3962 else
21abb1ec
CS		 3963 skp = smack_ipv6host_label(&sadd);
3964 if (skp == NULL)
69f287ae
CS		 3965 skp = smack_net_ambient;
3966#ifdef CONFIG_AUDIT
3967 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3968 ad.a.u.net->family = family;
69f287ae
CS		 3969 ad.a.u.net->netif = skb->skb_iif;
3970 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3971#endif /* CONFIG_AUDIT */
3972 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3973 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3974 MAY_WRITE, rc);
21abb1ec
CS		 3975#endif /* SMACK_IPV6_SECMARK_LABELING */
3976#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 3977 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 3978#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 3979 if (rc != 0)
3980 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3981 ICMPV6_ADM_PROHIBITED, 0);
c6739443 3982 break;
69f287ae 3983#endif /* CONFIG_IPV6 */
c6739443 3984 }
69f287ae 3985
a8134296 3986 return rc;
e114e473
CS		 3987}
3988
3989/**
3990 * smack_socket_getpeersec_stream - pull in packet label
3991 * @sock: the socket
3992 * @optval: user's destination
3993 * @optlen: size thereof
251a2a95 3994 * @len: max thereof
e114e473
CS		 3995 *
3996 * returns zero on success, an error code otherwise
3997 */
3998static int smack_socket_getpeersec_stream(struct socket *sock,
3999 char __user *optval,
4000 int __user *optlen, unsigned len)
4001{
4002 struct socket_smack *ssp;
272cd7a8
CS		 4003 char *rcp = "";
4004 int slen = 1;
e114e473
CS		 4005 int rc = 0;
4006
4007 ssp = sock->sk->sk_security;
272cd7a8 4008 if (ssp->smk_packet != NULL) {
54e70ec5 4009 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4010 slen = strlen(rcp) + 1;
4011 }
e114e473
CS		 4012
4013 if (slen > len)
4014 rc = -ERANGE;
272cd7a8 4015 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 4016 rc = -EFAULT;
4017
4018 if (put_user(slen, optlen) != 0)
4019 rc = -EFAULT;
4020
4021 return rc;
4022}
4023
4024
4025/**
4026 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4027 * @sock: the peer socket
e114e473
CS		 4028 * @skb: packet data
4029 * @secid: pointer to where to put the secid of the packet
4030 *
4031 * Sets the netlabel socket state on sk from parent
4032 */
4033static int smack_socket_getpeersec_dgram(struct socket *sock,
4034 struct sk_buff *skb, u32 *secid)
4035
4036{
4037 struct netlbl_lsm_secattr secattr;
272cd7a8 4038 struct socket_smack *ssp = NULL;
2f823ff8 4039 struct smack_known *skp;
b4e0d5f0
CS		 4040 int family = PF_UNSPEC;
4041 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 4042 int rc;
4043
b4e0d5f0
CS		 4044 if (skb != NULL) {
4045 if (skb->protocol == htons(ETH_P_IP))
4046 family = PF_INET;
69f287ae 4047#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4048 else if (skb->protocol == htons(ETH_P_IPV6))
4049 family = PF_INET6;
69f287ae 4050#endif /* CONFIG_IPV6 */
e114e473 4051 }
b4e0d5f0
CS		 4052 if (family == PF_UNSPEC && sock != NULL)
4053 family = sock->sk->sk_family;
e114e473 4054
69f287ae
CS		 4055 switch (family) {
4056 case PF_UNIX:
272cd7a8 4057 ssp = sock->sk->sk_security;
2f823ff8 4058 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4059 break;
4060 case PF_INET:
4061#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4062 s = skb->secmark;
4063 if (s != 0)
4064 break;
4065#endif
b4e0d5f0
CS		 4066 /*
4067 * Translate what netlabel gave us.
4068 */
272cd7a8
CS		 4069 if (sock != NULL && sock->sk != NULL)
4070 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 4071 netlbl_secattr_init(&secattr);
4072 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4073 if (rc == 0) {
2f823ff8
CS		 4074 skp = smack_from_secattr(&secattr, ssp);
4075 s = skp->smk_secid;
b4e0d5f0
CS		 4076 }
4077 netlbl_secattr_destroy(&secattr);
69f287ae 4078 break;
69f287ae 4079 case PF_INET6:
21abb1ec 4080#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae 4081 s = skb->secmark;
21abb1ec 4082#endif
69f287ae 4083 break;
b4e0d5f0
CS		 4084 }
4085 *secid = s;
e114e473
CS		 4086 if (s == 0)
4087 return -EINVAL;
e114e473
CS		 4088 return 0;
4089}
4090
4091/**
07feee8f
PM		 4092 * smack_sock_graft - Initialize a newly created socket with an existing sock
4093 * @sk: child sock
4094 * @parent: parent socket
e114e473 4095 *
07feee8f
PM		 4096 * Set the smk_{in,out} state of an existing sock based on the process that
4097 * is creating the new socket.
e114e473
CS		 4098 */
4099static void smack_sock_graft(struct sock *sk, struct socket *parent)
4100{
4101 struct socket_smack *ssp;
2f823ff8 4102 struct smack_known *skp = smk_of_current();
e114e473 4103
07feee8f
PM		 4104 if (sk == NULL ||
4105 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4106 return;
4107
4108 ssp = sk->sk_security;
54e70ec5 4109 ssp->smk_in = skp;
2f823ff8 4110 ssp->smk_out = skp;
07feee8f 4111 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4112}
4113
4114/**
4115 * smack_inet_conn_request - Smack access check on connect
4116 * @sk: socket involved
4117 * @skb: packet
4118 * @req: unused
4119 *
4120 * Returns 0 if a task with the packet label could write to
4121 * the socket, otherwise an error code
4122 */
4123static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4124 struct request_sock *req)
4125{
07feee8f 4126 u16 family = sk->sk_family;
f7112e6c 4127 struct smack_known *skp;
e114e473 4128 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4129 struct netlbl_lsm_secattr secattr;
4130 struct sockaddr_in addr;
4131 struct iphdr *hdr;
21c7eae2 4132 struct smack_known *hskp;
e114e473 4133 int rc;
ecfcc53f 4134 struct smk_audit_info ad;
923e9a13 4135#ifdef CONFIG_AUDIT
48c62af6 4136 struct lsm_network_audit net;
923e9a13 4137#endif
e114e473 4138
69f287ae 4139#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4140 if (family == PF_INET6) {
4141 /*
4142 * Handle mapped IPv4 packets arriving
4143 * via IPv6 sockets. Don't set up netlabel
4144 * processing on IPv6.
4145 */
4146 if (skb->protocol == htons(ETH_P_IP))
4147 family = PF_INET;
4148 else
4149 return 0;
4150 }
69f287ae 4151#endif /* CONFIG_IPV6 */
e114e473 4152
7f368ad3
CS		 4153#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4154 /*
4155 * If there is a secmark use it rather than the CIPSO label.
4156 * If there is no secmark fall back to CIPSO.
4157 * The secmark is assumed to reflect policy better.
4158 */
4159 if (skb && skb->secmark != 0) {
4160 skp = smack_from_secid(skb->secmark);
4161 goto access_check;
4162 }
4163#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4164
07feee8f
PM		 4165 netlbl_secattr_init(&secattr);
4166 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 4167 if (rc == 0)
2f823ff8 4168 skp = smack_from_secattr(&secattr, ssp);
e114e473 4169 else
2f823ff8 4170 skp = &smack_known_huh;
07feee8f
PM		 4171 netlbl_secattr_destroy(&secattr);
4172
7f368ad3
CS		 4173#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4174access_check:
4175#endif
4176
ecfcc53f 4177#ifdef CONFIG_AUDIT
48c62af6
EP		 4178 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4179 ad.a.u.net->family = family;
4180 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4181 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4182#endif
e114e473 4183 /*
07feee8f
PM		 4184 * Receiving a packet requires that the other end be able to write
4185 * here. Read access is not required.
e114e473 4186 */
21c7eae2
LP		 4187 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4188 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4189 if (rc != 0)
4190 return rc;
4191
4192 /*
4193 * Save the peer's label in the request_sock so we can later setup
4194 * smk_packet in the child socket so that SO_PEERCRED can report it.
4195 */
2f823ff8 4196 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4197
4198 /*
4199 * We need to decide if we want to label the incoming connection here
4200 * if we do we only need to label the request_sock and the stack will
25985edc 4201 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4202 */
4203 hdr = ip_hdr(skb);
4204 addr.sin_addr.s_addr = hdr->saddr;
4205 rcu_read_lock();
21abb1ec 4206 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4207 rcu_read_unlock();
4208
21c7eae2 4209 if (hskp == NULL)
f7112e6c 4210 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4211 else
07feee8f 4212 netlbl_req_delattr(req);
e114e473
CS		 4213
4214 return rc;
4215}
4216
07feee8f
PM		 4217/**
4218 * smack_inet_csk_clone - Copy the connection information to the new socket
4219 * @sk: the new socket
4220 * @req: the connection's request_sock
4221 *
4222 * Transfer the connection's peer label to the newly created socket.
4223 */
4224static void smack_inet_csk_clone(struct sock *sk,
4225 const struct request_sock *req)
4226{
4227 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4228 struct smack_known *skp;
07feee8f 4229
2f823ff8
CS		 4230 if (req->peer_secid != 0) {
4231 skp = smack_from_secid(req->peer_secid);
54e70ec5 4232 ssp->smk_packet = skp;
2f823ff8 4233 } else
272cd7a8 4234 ssp->smk_packet = NULL;
07feee8f
PM		 4235}
4236
e114e473
CS		 4237/*
4238 * Key management security hooks
4239 *
4240 * Casey has not tested key support very heavily.
4241 * The permission check is most likely too restrictive.
4242 * If you care about keys please have a look.
4243 */
4244#ifdef CONFIG_KEYS
4245
4246/**
4247 * smack_key_alloc - Set the key security blob
4248 * @key: object
d84f4f99 4249 * @cred: the credentials to use
e114e473
CS		 4250 * @flags: unused
4251 *
4252 * No allocation required
4253 *
4254 * Returns 0
4255 */
d84f4f99 4256static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4257 unsigned long flags)
4258{
2f823ff8
CS		 4259 struct smack_known *skp = smk_of_task(cred->security);
4260
21c7eae2 4261 key->security = skp;
e114e473
CS		 4262 return 0;
4263}
4264
4265/**
4266 * smack_key_free - Clear the key security blob
4267 * @key: the object
4268 *
4269 * Clear the blob pointer
4270 */
4271static void smack_key_free(struct key *key)
4272{
4273 key->security = NULL;
4274}
4275
1a28979b 4276/**
e114e473
CS		 4277 * smack_key_permission - Smack access on a key
4278 * @key_ref: gets to the object
d84f4f99 4279 * @cred: the credentials to use
1a28979b 4280 * @perm: requested key permissions
e114e473
CS		 4281 *
4282 * Return 0 if the task has read and write to the object,
4283 * an error code otherwise
4284 */
4285static int smack_key_permission(key_ref_t key_ref,
f5895943 4286 const struct cred *cred, unsigned perm)
e114e473
CS		 4287{
4288 struct key *keyp;
ecfcc53f 4289 struct smk_audit_info ad;
2f823ff8 4290 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 4291 int request = 0;
d166c802 4292 int rc;
e114e473
CS		 4293
4294 keyp = key_ref_to_ptr(key_ref);
4295 if (keyp == NULL)
4296 return -EINVAL;
4297 /*
4298 * If the key hasn't been initialized give it access so that
4299 * it may do so.
4300 */
4301 if (keyp->security == NULL)
4302 return 0;
4303 /*
4304 * This should not occur
4305 */
2f823ff8 4306 if (tkp == NULL)
e114e473 4307 return -EACCES;
d19dfe58
CS		 4308
4309 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4310 return 0;
4311
ecfcc53f
EB		 4312#ifdef CONFIG_AUDIT
4313 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4314 ad.a.u.key_struct.key = keyp->serial;
4315 ad.a.u.key_struct.key_desc = keyp->description;
4316#endif
fffea214
DK		 4317 if (perm & KEY_NEED_READ)
4318 request = MAY_READ;
4319 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4320 request = MAY_WRITE;
d166c802
CS		 4321 rc = smk_access(tkp, keyp->security, request, &ad);
4322 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4323 return rc;
e114e473 4324}
7fc5f36e
JB		 4325
4326/*
4327 * smack_key_getsecurity - Smack label tagging the key
4328 * @key points to the key to be queried
4329 * @_buffer points to a pointer that should be set to point to the
4330 * resulting string (if no label or an error occurs).
4331 * Return the length of the string (including terminating NUL) or -ve if
4332 * an error.
4333 * May also return 0 (and a NULL buffer pointer) if there is no label.
4334 */
4335static int smack_key_getsecurity(struct key *key, char **_buffer)
4336{
4337 struct smack_known *skp = key->security;
4338 size_t length;
4339 char *copy;
4340
4341 if (key->security == NULL) {
4342 *_buffer = NULL;
4343 return 0;
4344 }
4345
4346 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4347 if (copy == NULL)
4348 return -ENOMEM;
4349 length = strlen(copy) + 1;
4350
4351 *_buffer = copy;
4352 return length;
4353}
4354
e114e473
CS		 4355#endif /* CONFIG_KEYS */
4356
d20bdda6
AD		 4357/*
4358 * Smack Audit hooks
4359 *
4360 * Audit requires a unique representation of each Smack specific
4361 * rule. This unique representation is used to distinguish the
4362 * object to be audited from remaining kernel objects and also
4363 * works as a glue between the audit hooks.
4364 *
4365 * Since repository entries are added but never deleted, we'll use
4366 * the smack_known label address related to the given audit rule as
4367 * the needed unique representation. This also better fits the smack
4368 * model where nearly everything is a label.
4369 */
4370#ifdef CONFIG_AUDIT
4371
4372/**
4373 * smack_audit_rule_init - Initialize a smack audit rule
4374 * @field: audit rule fields given from user-space (audit.h)
4375 * @op: required testing operator (=, !=, >, <, ...)
4376 * @rulestr: smack label to be audited
4377 * @vrule: pointer to save our own audit rule representation
4378 *
4379 * Prepare to audit cases where (@field @op @rulestr) is true.
4380 * The label to be audited is created if necessay.
4381 */
4382static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4383{
21c7eae2 4384 struct smack_known *skp;
d20bdda6
AD		 4385 char **rule = (char **)vrule;
4386 *rule = NULL;
4387
4388 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4389 return -EINVAL;
4390
5af75d8d 4391 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4392 return -EINVAL;
4393
21c7eae2 4394 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4395 if (IS_ERR(skp))
4396 return PTR_ERR(skp);
4397
4398 *rule = skp->smk_known;
d20bdda6
AD		 4399
4400 return 0;
4401}
4402
4403/**
4404 * smack_audit_rule_known - Distinguish Smack audit rules
4405 * @krule: rule of interest, in Audit kernel representation format
4406 *
4407 * This is used to filter Smack rules from remaining Audit ones.
4408 * If it's proved that this rule belongs to us, the
4409 * audit_rule_match hook will be called to do the final judgement.
4410 */
4411static int smack_audit_rule_known(struct audit_krule *krule)
4412{
4413 struct audit_field *f;
4414 int i;
4415
4416 for (i = 0; i < krule->field_count; i++) {
4417 f = &krule->fields[i];
4418
4419 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4420 return 1;
4421 }
4422
4423 return 0;
4424}
4425
4426/**
4427 * smack_audit_rule_match - Audit given object ?
4428 * @secid: security id for identifying the object to test
4429 * @field: audit rule flags given from user-space
4430 * @op: required testing operator
4431 * @vrule: smack internal rule presentation
4432 * @actx: audit context associated with the check
4433 *
4434 * The core Audit hook. It's used to take the decision of
4435 * whether to audit or not to audit a given object.
4436 */
4437static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4438 struct audit_context *actx)
4439{
2f823ff8 4440 struct smack_known *skp;
d20bdda6
AD		 4441 char *rule = vrule;
4442
4eb0f4ab
RGB		 4443 if (unlikely(!rule)) {
4444 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4445 return -ENOENT;
4446 }
4447
4448 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4449 return 0;
4450
2f823ff8 4451 skp = smack_from_secid(secid);
d20bdda6
AD		 4452
4453 /*
4454 * No need to do string comparisons. If a match occurs,
4455 * both pointers will point to the same smack_known
4456 * label.
4457 */
5af75d8d 4458 if (op == Audit_equal)
2f823ff8 4459 return (rule == skp->smk_known);
5af75d8d 4460 if (op == Audit_not_equal)
2f823ff8 4461 return (rule != skp->smk_known);
d20bdda6
AD		 4462
4463 return 0;
4464}
4465
491a0b08
CS		 4466/*
4467 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4468 * No memory was allocated.
4469 */
d20bdda6
AD		 4470
4471#endif /* CONFIG_AUDIT */
4472
746df9b5
DQ		 4473/**
4474 * smack_ismaclabel - check if xattr @name references a smack MAC label
4475 * @name: Full xattr name to check.
4476 */
4477static int smack_ismaclabel(const char *name)
4478{
4479 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4480}
4481
4482
251a2a95 4483/**
e114e473
CS		 4484 * smack_secid_to_secctx - return the smack label for a secid
4485 * @secid: incoming integer
4486 * @secdata: destination
4487 * @seclen: how long it is
4488 *
4489 * Exists for networking code.
4490 */
4491static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4492{
2f823ff8 4493 struct smack_known *skp = smack_from_secid(secid);
e114e473 4494
d5630b9d 4495 if (secdata)
2f823ff8
CS		 4496 *secdata = skp->smk_known;
4497 *seclen = strlen(skp->smk_known);
e114e473
CS		 4498 return 0;
4499}
4500
251a2a95 4501/**
4bc87e62
CS		 4502 * smack_secctx_to_secid - return the secid for a smack label
4503 * @secdata: smack label
4504 * @seclen: how long result is
4505 * @secid: outgoing integer
4506 *
4507 * Exists for audit and networking code.
4508 */
e52c1764 4509static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4510{
21c7eae2
LP		 4511 struct smack_known *skp = smk_find_entry(secdata);
4512
4513 if (skp)
4514 *secid = skp->smk_secid;
4515 else
4516 *secid = 0;
4bc87e62
CS		 4517 return 0;
4518}
4519
491a0b08
CS		 4520/*
4521 * There used to be a smack_release_secctx hook
4522 * that did nothing back when hooks were in a vector.
4523 * Now that there's a list such a hook adds cost.
e114e473 4524 */
e114e473 4525
1ee65e37
DQ		 4526static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4527{
4528 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4529}
4530
4531static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4532{
4533 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4534}
4535
4536static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4537{
0f8983cf 4538 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4539
0f8983cf
CS		 4540 *ctx = skp->smk_known;
4541 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4542 return 0;
4543}
4544
d6d80cb5
CS		 4545static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4546{
4547
4548 struct task_smack *tsp;
4549 struct smack_known *skp;
4550 struct inode_smack *isp;
4551 struct cred *new_creds = *new;
4552
4553 if (new_creds == NULL) {
4554 new_creds = prepare_creds();
4555 if (new_creds == NULL)
4556 return -ENOMEM;
4557 }
4558
4559 tsp = new_creds->security;
4560
4561 /*
4562 * Get label from overlay inode and set it in create_sid
4563 */
4564 isp = d_inode(dentry->d_parent)->i_security;
4565 skp = isp->smk_inode;
4566 tsp->smk_task = skp;
4567 *new = new_creds;
4568 return 0;
4569}
4570
4571static int smack_inode_copy_up_xattr(const char *name)
4572{
4573 /*
4574 * Return 1 if this is the smack access Smack attribute.
4575 */
4576 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4577 return 1;
4578
4579 return -EOPNOTSUPP;
4580}
4581
4582static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4583 struct qstr *name,
4584 const struct cred *old,
4585 struct cred *new)
4586{
4587 struct task_smack *otsp = old->security;
4588 struct task_smack *ntsp = new->security;
4589 struct inode_smack *isp;
4590 int may;
4591
4592 /*
4593 * Use the process credential unless all of
4594 * the transmuting criteria are met
4595 */
4596 ntsp->smk_task = otsp->smk_task;
4597
4598 /*
4599 * the attribute of the containing directory
4600 */
4601 isp = d_inode(dentry->d_parent)->i_security;
4602
4603 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4604 rcu_read_lock();
4605 may = smk_access_entry(otsp->smk_task->smk_known,
4606 isp->smk_inode->smk_known,
4607 &otsp->smk_task->smk_rules);
4608 rcu_read_unlock();
4609
4610 /*
4611 * If the directory is transmuting and the rule
4612 * providing access is transmuting use the containing
4613 * directory label instead of the process label.
4614 */
4615 if (may > 0 && (may & MAY_TRANSMUTE))
4616 ntsp->smk_task = isp->smk_inode;
4617 }
4618 return 0;
4619}
4620
ca97d939 4621static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4622 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4623 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4624 LSM_HOOK_INIT(syslog, smack_syslog),
4625
4626 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4627 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
204cc0cc 4628 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 4629 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 4630 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 4631 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a
CS		 4632
4633 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
e20b043a
CS		 4634
4635 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4636 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4637 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4638 LSM_HOOK_INIT(inode_link, smack_inode_link),
4639 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4640 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4641 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4642 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4643 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4644 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4645 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4646 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4647 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4648 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4649 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4650 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4651 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4652 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4653
e20b043a
CS		 4654 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4655 LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4656 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4657 LSM_HOOK_INIT(file_lock, smack_file_lock),
4658 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4659 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4660 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4661 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4662 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4663 LSM_HOOK_INIT(file_receive, smack_file_receive),
4664
4665 LSM_HOOK_INIT(file_open, smack_file_open),
4666
4667 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4668 LSM_HOOK_INIT(cred_free, smack_cred_free),
4669 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4670 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 4671 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 4672 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4673 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4674 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4675 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4676 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4677 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4678 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4679 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4680 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4681 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4682 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4683 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4684 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4685 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4686
4687 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4688 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4689
4690 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4691 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4692
0d79cbf8
EB		 4693 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4694 LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
e20b043a
CS		 4695 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4696 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4697 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4698 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4699
0d79cbf8
EB		 4700 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4701 LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
e20b043a
CS		 4702 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4703 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4704 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4705
0d79cbf8
EB		 4706 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4707 LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
e20b043a
CS		 4708 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4709 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4710 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4711
4712 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4713
4714 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4715 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4716
4717 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4718 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4719
4720 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 4721 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 4722#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4723 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4724#endif
e20b043a
CS		 4725 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4726 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4727 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4728 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4729 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4730 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4731 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4732 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4733 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4734 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4735
e114e473
CS		 4736 /* key management security hooks */
4737#ifdef CONFIG_KEYS
e20b043a
CS		 4738 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4739 LSM_HOOK_INIT(key_free, smack_key_free),
4740 LSM_HOOK_INIT(key_permission, smack_key_permission),
4741 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
e114e473 4742#endif /* CONFIG_KEYS */
d20bdda6
AD		 4743
4744 /* Audit hooks */
4745#ifdef CONFIG_AUDIT
e20b043a
CS		 4746 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4747 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4748 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4749#endif /* CONFIG_AUDIT */
4750
e20b043a
CS		 4751 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4752 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4753 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4754 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4755 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4756 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 4757 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4758 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4759 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
e114e473
CS		 4760};
4761
7198e2ee 4762
86812bb0 4763static __init void init_smack_known_list(void)
7198e2ee 4764{
86812bb0
CS		 4765 /*
4766 * Initialize rule list locks
4767 */
4768 mutex_init(&smack_known_huh.smk_rules_lock);
4769 mutex_init(&smack_known_hat.smk_rules_lock);
4770 mutex_init(&smack_known_floor.smk_rules_lock);
4771 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4772 mutex_init(&smack_known_web.smk_rules_lock);
4773 /*
4774 * Initialize rule lists
4775 */
4776 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4777 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4778 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4779 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4780 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4781 /*
4782 * Create the known labels list
4783 */
4d7cf4a1
TS		 4784 smk_insert_entry(&smack_known_huh);
4785 smk_insert_entry(&smack_known_hat);
4786 smk_insert_entry(&smack_known_star);
4787 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4788 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4789}
4790
e114e473
CS		 4791/**
4792 * smack_init - initialize the smack system
4793 *
4794 * Returns 0
4795 */
4796static __init int smack_init(void)
4797{
d84f4f99 4798 struct cred *cred;
676dac4b 4799 struct task_smack *tsp;
d84f4f99 4800
b1d9e6b0 4801 if (!security_module_enable("smack"))
7898e1f8
CS		 4802 return 0;
4803
1a5b472b
R		 4804 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4805 if (!smack_inode_cache)
4806 return -ENOMEM;
4807
2f823ff8
CS		 4808 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4809 GFP_KERNEL);
1a5b472b
R		 4810 if (tsp == NULL) {
4811 kmem_cache_destroy(smack_inode_cache);
676dac4b 4812 return -ENOMEM;
1a5b472b 4813 }
676dac4b 4814
d21b7b04
JB		 4815 smack_enabled = 1;
4816
21abb1ec
CS		 4817 pr_info("Smack: Initializing.\n");
4818#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4819 pr_info("Smack: Netfilter enabled.\n");
4820#endif
4821#ifdef SMACK_IPV6_PORT_LABELING
4822 pr_info("Smack: IPv6 port labeling enabled.\n");
4823#endif
4824#ifdef SMACK_IPV6_SECMARK_LABELING
4825 pr_info("Smack: IPv6 Netfilter enabled.\n");
4826#endif
e114e473
CS		 4827
4828 /*
4829 * Set the security state for the initial task.
4830 */
d84f4f99 4831 cred = (struct cred *) current->cred;
676dac4b 4832 cred->security = tsp;
e114e473 4833
86812bb0
CS		 4834 /* initialize the smack_known_list */
4835 init_smack_known_list();
e114e473
CS		 4836
4837 /*
4838 * Register with LSM
4839 */
d69dece5 4840 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
e114e473
CS		 4841
4842 return 0;
4843}
4844
4845/*
4846 * Smack requires early initialization in order to label
4847 * all processes and objects when they are created.
4848 */
3d6e5f6d 4849DEFINE_LSM(smack) = {
07aed2f2 4850 .name = "smack",
3d6e5f6d
KC		 4851 .init = smack_init,
4852};
Ubuntu Jammy Linux kernel mirror