]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - security/smack/smack_lsm.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
VFS: net/: d_inode() annotations
[mirror_ubuntu-bionic-kernel.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
5a0e3ad6 31#include <linux/slab.h>
e114e473
CS		 32#include <linux/mutex.h>
33#include <linux/pipe_fs_i.h>
e114e473 34#include <net/cipso_ipv4.h>
c6739443
CS		 35#include <net/ip.h>
36#include <net/ipv6.h>
d20bdda6 37#include <linux/audit.h>
1fd7317d 38#include <linux/magic.h>
2a7dba39 39#include <linux/dcache.h>
16014d87 40#include <linux/personality.h>
40401530
AV		 41#include <linux/msg.h>
42#include <linux/shm.h>
43#include <linux/binfmts.h>
e114e473
CS		 44#include "smack.h"
45
5c6d1125
JS		 46#define TRANS_TRUE "TRUE"
47#define TRANS_TRUE_SIZE 4
48
c6739443
CS		 49#define SMK_CONNECTING 0
50#define SMK_RECEIVING 1
51#define SMK_SENDING 2
52
69f287ae 53#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
c6739443 54LIST_HEAD(smk_ipv6_port_list);
69f287ae 55#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
1a5b472b 56static struct kmem_cache *smack_inode_cache;
69f287ae 57int smack_enabled;
c6739443 58
d166c802
CS		 59#ifdef CONFIG_SECURITY_SMACK_BRINGUP
60static void smk_bu_mode(int mode, char *s)
61{
62 int i = 0;
63
64 if (mode & MAY_READ)
65 s[i++] = 'r';
66 if (mode & MAY_WRITE)
67 s[i++] = 'w';
68 if (mode & MAY_EXEC)
69 s[i++] = 'x';
70 if (mode & MAY_APPEND)
71 s[i++] = 'a';
72 if (mode & MAY_TRANSMUTE)
73 s[i++] = 't';
74 if (mode & MAY_LOCK)
75 s[i++] = 'l';
76 if (i == 0)
77 s[i++] = '-';
78 s[i] = '\0';
79}
80#endif
81
82#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 83static int smk_bu_note(char *note, struct smack_known *sskp,
84 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 85{
86 char acc[SMK_NUM_ACCESS_TYPE + 1];
87
88 if (rc <= 0)
89 return rc;
90
91 smk_bu_mode(mode, acc);
92 pr_info("Smack Bringup: (%s %s %s) %s\n",
21c7eae2 93 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 94 return 0;
95}
96#else
21c7eae2 97#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 98#endif
99
100#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 101static int smk_bu_current(char *note, struct smack_known *oskp,
102 int mode, int rc)
d166c802
CS		 103{
104 struct task_smack *tsp = current_security();
105 char acc[SMK_NUM_ACCESS_TYPE + 1];
106
107 if (rc <= 0)
108 return rc;
109
110 smk_bu_mode(mode, acc);
111 pr_info("Smack Bringup: (%s %s %s) %s %s\n",
21c7eae2
LP		 112 tsp->smk_task->smk_known, oskp->smk_known,
113 acc, current->comm, note);
d166c802
CS		 114 return 0;
115}
116#else
21c7eae2 117#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 118#endif
119
120#ifdef CONFIG_SECURITY_SMACK_BRINGUP
121static int smk_bu_task(struct task_struct *otp, int mode, int rc)
122{
123 struct task_smack *tsp = current_security();
6d1cff2a 124 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 125 char acc[SMK_NUM_ACCESS_TYPE + 1];
126
127 if (rc <= 0)
128 return rc;
129
130 smk_bu_mode(mode, acc);
131 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
6d1cff2a 132 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 133 current->comm, otp->comm);
134 return 0;
135}
136#else
137#define smk_bu_task(otp, mode, RC) (RC)
138#endif
139
140#ifdef CONFIG_SECURITY_SMACK_BRINGUP
141static int smk_bu_inode(struct inode *inode, int mode, int rc)
142{
143 struct task_smack *tsp = current_security();
144 char acc[SMK_NUM_ACCESS_TYPE + 1];
145
146 if (rc <= 0)
147 return rc;
148
149 smk_bu_mode(mode, acc);
150 pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n",
21c7eae2 151 tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc,
d166c802
CS		 152 inode->i_sb->s_id, inode->i_ino, current->comm);
153 return 0;
154}
155#else
156#define smk_bu_inode(inode, mode, RC) (RC)
157#endif
158
159#ifdef CONFIG_SECURITY_SMACK_BRINGUP
160static int smk_bu_file(struct file *file, int mode, int rc)
161{
162 struct task_smack *tsp = current_security();
163 struct smack_known *sskp = tsp->smk_task;
5e7270a6 164 struct inode *inode = file_inode(file);
d166c802
CS		 165 char acc[SMK_NUM_ACCESS_TYPE + 1];
166
167 if (rc <= 0)
168 return rc;
169
170 smk_bu_mode(mode, acc);
a455589f 171 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
5e7270a6 172 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 173 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 174 current->comm);
175 return 0;
176}
177#else
178#define smk_bu_file(file, mode, RC) (RC)
179#endif
180
181#ifdef CONFIG_SECURITY_SMACK_BRINGUP
182static int smk_bu_credfile(const struct cred *cred, struct file *file,
183 int mode, int rc)
184{
185 struct task_smack *tsp = cred->security;
186 struct smack_known *sskp = tsp->smk_task;
187 struct inode *inode = file->f_inode;
188 char acc[SMK_NUM_ACCESS_TYPE + 1];
189
190 if (rc <= 0)
191 return rc;
192
193 smk_bu_mode(mode, acc);
a455589f 194 pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
21c7eae2 195 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 196 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 197 current->comm);
198 return 0;
199}
200#else
201#define smk_bu_credfile(cred, file, mode, RC) (RC)
202#endif
203
e114e473
CS		 204/**
205 * smk_fetch - Fetch the smack label from a file.
1a28979b 206 * @name: type of the label (attribute)
e114e473
CS		 207 * @ip: a pointer to the inode
208 * @dp: a pointer to the dentry
209 *
210 * Returns a pointer to the master list entry for the Smack label
211 * or NULL if there was no label to fetch.
212 */
2f823ff8
CS		 213static struct smack_known *smk_fetch(const char *name, struct inode *ip,
214 struct dentry *dp)
e114e473
CS		 215{
216 int rc;
f7112e6c 217 char *buffer;
2f823ff8 218 struct smack_known *skp = NULL;
e114e473
CS		 219
220 if (ip->i_op->getxattr == NULL)
221 return NULL;
222
f7112e6c
CS		 223 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
224 if (buffer == NULL)
e114e473
CS		 225 return NULL;
226
f7112e6c
CS		 227 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
228 if (rc > 0)
2f823ff8 229 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 230
231 kfree(buffer);
232
2f823ff8 233 return skp;
e114e473
CS		 234}
235
236/**
237 * new_inode_smack - allocate an inode security blob
21c7eae2 238 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 239 *
240 * Returns the new blob or NULL if there's no memory available
241 */
21c7eae2 242struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 243{
244 struct inode_smack *isp;
245
1a5b472b 246 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 247 if (isp == NULL)
248 return NULL;
249
21c7eae2 250 isp->smk_inode = skp;
e114e473
CS		 251 isp->smk_flags = 0;
252 mutex_init(&isp->smk_lock);
253
254 return isp;
255}
256
7898e1f8
CS		 257/**
258 * new_task_smack - allocate a task security blob
1a28979b
LP		 259 * @task: a pointer to the Smack label for the running task
260 * @forked: a pointer to the Smack label for the forked task
261 * @gfp: type of the memory for the allocation
7898e1f8
CS		 262 *
263 * Returns the new blob or NULL if there's no memory available
264 */
2f823ff8
CS		 265static struct task_smack *new_task_smack(struct smack_known *task,
266 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 267{
268 struct task_smack *tsp;
269
270 tsp = kzalloc(sizeof(struct task_smack), gfp);
271 if (tsp == NULL)
272 return NULL;
273
274 tsp->smk_task = task;
275 tsp->smk_forked = forked;
276 INIT_LIST_HEAD(&tsp->smk_rules);
277 mutex_init(&tsp->smk_rules_lock);
278
279 return tsp;
280}
281
282/**
283 * smk_copy_rules - copy a rule set
1a28979b
LP		 284 * @nhead: new rules header pointer
285 * @ohead: old rules header pointer
286 * @gfp: type of the memory for the allocation
7898e1f8
CS		 287 *
288 * Returns 0 on success, -ENOMEM on error
289 */
290static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
291 gfp_t gfp)
292{
293 struct smack_rule *nrp;
294 struct smack_rule *orp;
295 int rc = 0;
296
297 INIT_LIST_HEAD(nhead);
298
299 list_for_each_entry_rcu(orp, ohead, list) {
300 nrp = kzalloc(sizeof(struct smack_rule), gfp);
301 if (nrp == NULL) {
302 rc = -ENOMEM;
303 break;
304 }
305 *nrp = *orp;
306 list_add_rcu(&nrp->list, nhead);
307 }
308 return rc;
309}
310
5663884c
LP		 311/**
312 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
313 * @mode - input mode in form of PTRACE_MODE_*
314 *
315 * Returns a converted MAY_* mode usable by smack rules
316 */
317static inline unsigned int smk_ptrace_mode(unsigned int mode)
318{
319 switch (mode) {
320 case PTRACE_MODE_READ:
321 return MAY_READ;
322 case PTRACE_MODE_ATTACH:
323 return MAY_READWRITE;
324 }
325
326 return 0;
327}
328
329/**
330 * smk_ptrace_rule_check - helper for ptrace access
331 * @tracer: tracer process
21c7eae2 332 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 333 * @mode: ptrace attachment mode (PTRACE_MODE_*)
334 * @func: name of the function that called us, used for audit
335 *
336 * Returns 0 on access granted, -error on error
337 */
21c7eae2
LP		 338static int smk_ptrace_rule_check(struct task_struct *tracer,
339 struct smack_known *tracee_known,
5663884c
LP		 340 unsigned int mode, const char *func)
341{
342 int rc;
343 struct smk_audit_info ad, *saip = NULL;
344 struct task_smack *tsp;
21c7eae2 345 struct smack_known *tracer_known;
5663884c
LP		 346
347 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
348 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
349 smk_ad_setfield_u_tsk(&ad, tracer);
350 saip = &ad;
351 }
352
6d1cff2a
AR		 353 rcu_read_lock();
354 tsp = __task_cred(tracer)->security;
21c7eae2 355 tracer_known = smk_of_task(tsp);
5663884c 356
66867818
LP		 357 if ((mode & PTRACE_MODE_ATTACH) &&
358 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
359 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 360 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 361 rc = 0;
362 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
363 rc = -EACCES;
364 else if (capable(CAP_SYS_PTRACE))
365 rc = 0;
366 else
367 rc = -EACCES;
368
369 if (saip)
21c7eae2
LP		 370 smack_log(tracer_known->smk_known,
371 tracee_known->smk_known,
372 0, rc, saip);
66867818 373
6d1cff2a 374 rcu_read_unlock();
66867818
LP		 375 return rc;
376 }
377
378 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 379 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 380
381 rcu_read_unlock();
5663884c
LP		 382 return rc;
383}
384
e114e473
CS		 385/*
386 * LSM hooks.
387 * We he, that is fun!
388 */
389
390/**
9e48858f 391 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 392 * @ctp: child task pointer
5663884c 393 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 394 *
395 * Returns 0 if access is OK, an error code otherwise
396 *
5663884c 397 * Do the capability checks.
e114e473 398 */
9e48858f 399static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473
CS		 400{
401 int rc;
2f823ff8 402 struct smack_known *skp;
e114e473 403
9e48858f 404 rc = cap_ptrace_access_check(ctp, mode);
e114e473
CS		 405 if (rc != 0)
406 return rc;
407
6d1cff2a 408 skp = smk_of_task_struct(ctp);
ecfcc53f 409
21c7eae2 410 rc = smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 411 return rc;
412}
413
414/**
415 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
416 * @ptp: parent task pointer
417 *
418 * Returns 0 if access is OK, an error code otherwise
419 *
5663884c 420 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 421 */
422static int smack_ptrace_traceme(struct task_struct *ptp)
423{
424 int rc;
2f823ff8 425 struct smack_known *skp;
5cd9c58f
DH		 426
427 rc = cap_ptrace_traceme(ptp);
428 if (rc != 0)
429 return rc;
e114e473 430
959e6c7f 431 skp = smk_of_task(current_security());
ecfcc53f 432
21c7eae2 433 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 434 return rc;
435}
436
437/**
438 * smack_syslog - Smack approval on syslog
439 * @type: message type
440 *
e114e473
CS		 441 * Returns 0 on success, error code otherwise.
442 */
12b3052c 443static int smack_syslog(int typefrom_file)
e114e473 444{
12b3052c 445 int rc = 0;
2f823ff8 446 struct smack_known *skp = smk_of_current();
e114e473 447
1880eff7 448 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 449 return 0;
450
24ea1b6e 451 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 452 rc = -EACCES;
453
454 return rc;
455}
456
457
458/*
459 * Superblock Hooks.
460 */
461
462/**
463 * smack_sb_alloc_security - allocate a superblock blob
464 * @sb: the superblock getting the blob
465 *
466 * Returns 0 on success or -ENOMEM on error.
467 */
468static int smack_sb_alloc_security(struct super_block *sb)
469{
470 struct superblock_smack *sbsp;
471
472 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
473
474 if (sbsp == NULL)
475 return -ENOMEM;
476
21c7eae2
LP		 477 sbsp->smk_root = &smack_known_floor;
478 sbsp->smk_default = &smack_known_floor;
479 sbsp->smk_floor = &smack_known_floor;
480 sbsp->smk_hat = &smack_known_hat;
e830b394
CS		 481 /*
482 * smk_initialized will be zero from kzalloc.
483 */
e114e473
CS		 484 sb->s_security = sbsp;
485
486 return 0;
487}
488
489/**
490 * smack_sb_free_security - free a superblock blob
491 * @sb: the superblock getting the blob
492 *
493 */
494static void smack_sb_free_security(struct super_block *sb)
495{
496 kfree(sb->s_security);
497 sb->s_security = NULL;
498}
499
500/**
501 * smack_sb_copy_data - copy mount options data for processing
e114e473 502 * @orig: where to start
251a2a95 503 * @smackopts: mount options string
e114e473
CS		 504 *
505 * Returns 0 on success or -ENOMEM on error.
506 *
507 * Copy the Smack specific mount options out of the mount
508 * options list.
509 */
e0007529 510static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 511{
512 char *cp, *commap, *otheropts, *dp;
513
e114e473
CS		 514 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
515 if (otheropts == NULL)
516 return -ENOMEM;
517
518 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
519 if (strstr(cp, SMK_FSDEFAULT) == cp)
520 dp = smackopts;
521 else if (strstr(cp, SMK_FSFLOOR) == cp)
522 dp = smackopts;
523 else if (strstr(cp, SMK_FSHAT) == cp)
524 dp = smackopts;
525 else if (strstr(cp, SMK_FSROOT) == cp)
526 dp = smackopts;
e830b394
CS		 527 else if (strstr(cp, SMK_FSTRANS) == cp)
528 dp = smackopts;
e114e473
CS		 529 else
530 dp = otheropts;
531
532 commap = strchr(cp, ',');
533 if (commap != NULL)
534 *commap = '\0';
535
536 if (*dp != '\0')
537 strcat(dp, ",");
538 strcat(dp, cp);
539 }
540
541 strcpy(orig, otheropts);
542 free_page((unsigned long)otheropts);
543
544 return 0;
545}
546
547/**
548 * smack_sb_kern_mount - Smack specific mount processing
549 * @sb: the file system superblock
12204e24 550 * @flags: the mount flags
e114e473
CS		 551 * @data: the smack mount options
552 *
553 * Returns 0 on success, an error code on failure
554 */
12204e24 555static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
e114e473
CS		 556{
557 struct dentry *root = sb->s_root;
558 struct inode *inode = root->d_inode;
559 struct superblock_smack *sp = sb->s_security;
560 struct inode_smack *isp;
24ea1b6e 561 struct smack_known *skp;
e114e473
CS		 562 char *op;
563 char *commap;
e830b394 564 int transmute = 0;
24ea1b6e 565 int specified = 0;
e114e473 566
e830b394 567 if (sp->smk_initialized)
e114e473 568 return 0;
eb982cb4 569
e114e473 570 sp->smk_initialized = 1;
e114e473
CS		 571
572 for (op = data; op != NULL; op = commap) {
573 commap = strchr(op, ',');
574 if (commap != NULL)
575 *commap++ = '\0';
576
577 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
578 op += strlen(SMK_FSHAT);
21c7eae2
LP		 579 skp = smk_import_entry(op, 0);
580 if (skp != NULL) {
581 sp->smk_hat = skp;
24ea1b6e
CS		 582 specified = 1;
583 }
e114e473
CS		 584 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
585 op += strlen(SMK_FSFLOOR);
21c7eae2
LP		 586 skp = smk_import_entry(op, 0);
587 if (skp != NULL) {
588 sp->smk_floor = skp;
24ea1b6e
CS		 589 specified = 1;
590 }
e114e473
CS		 591 } else if (strncmp(op, SMK_FSDEFAULT,
592 strlen(SMK_FSDEFAULT)) == 0) {
593 op += strlen(SMK_FSDEFAULT);
21c7eae2
LP		 594 skp = smk_import_entry(op, 0);
595 if (skp != NULL) {
596 sp->smk_default = skp;
24ea1b6e
CS		 597 specified = 1;
598 }
e114e473
CS		 599 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
600 op += strlen(SMK_FSROOT);
21c7eae2
LP		 601 skp = smk_import_entry(op, 0);
602 if (skp != NULL) {
603 sp->smk_root = skp;
24ea1b6e
CS		 604 specified = 1;
605 }
e830b394
CS		 606 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
607 op += strlen(SMK_FSTRANS);
21c7eae2
LP		 608 skp = smk_import_entry(op, 0);
609 if (skp != NULL) {
610 sp->smk_root = skp;
e830b394 611 transmute = 1;
24ea1b6e 612 specified = 1;
e830b394 613 }
e114e473
CS		 614 }
615 }
616
24ea1b6e
CS		 617 if (!smack_privileged(CAP_MAC_ADMIN)) {
618 /*
619 * Unprivileged mounts don't get to specify Smack values.
620 */
621 if (specified)
622 return -EPERM;
623 /*
624 * Unprivileged mounts get root and default from the caller.
625 */
626 skp = smk_of_current();
21c7eae2
LP		 627 sp->smk_root = skp;
628 sp->smk_default = skp;
24ea1b6e 629 }
e114e473
CS		 630 /*
631 * Initialize the root inode.
632 */
633 isp = inode->i_security;
55dfc5da
JB		 634 if (isp == NULL) {
635 isp = new_inode_smack(sp->smk_root);
636 if (isp == NULL)
637 return -ENOMEM;
638 inode->i_security = isp;
e830b394 639 } else
e114e473
CS		 640 isp->smk_inode = sp->smk_root;
641
e830b394
CS		 642 if (transmute)
643 isp->smk_flags |= SMK_INODE_TRANSMUTE;
644
e114e473
CS		 645 return 0;
646}
647
648/**
649 * smack_sb_statfs - Smack check on statfs
650 * @dentry: identifies the file system in question
651 *
652 * Returns 0 if current can read the floor of the filesystem,
653 * and error code otherwise
654 */
655static int smack_sb_statfs(struct dentry *dentry)
656{
657 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 658 int rc;
659 struct smk_audit_info ad;
660
a269434d 661 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 662 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 663
ecfcc53f 664 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 665 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 666 return rc;
e114e473
CS		 667}
668
676dac4b
CS		 669/*
670 * BPRM hooks
671 */
672
ce8a4321
CS		 673/**
674 * smack_bprm_set_creds - set creds for exec
675 * @bprm: the exec information
676 *
5663884c 677 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 678 */
676dac4b
CS		 679static int smack_bprm_set_creds(struct linux_binprm *bprm)
680{
496ad9aa 681 struct inode *inode = file_inode(bprm->file);
84088ba2 682 struct task_smack *bsp = bprm->cred->security;
676dac4b 683 struct inode_smack *isp;
676dac4b
CS		 684 int rc;
685
686 rc = cap_bprm_set_creds(bprm);
687 if (rc != 0)
688 return rc;
689
690 if (bprm->cred_prepared)
691 return 0;
692
84088ba2
JS		 693 isp = inode->i_security;
694 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 695 return 0;
696
5663884c
LP		 697 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
698 struct task_struct *tracer;
699 rc = 0;
700
701 rcu_read_lock();
702 tracer = ptrace_parent(current);
703 if (likely(tracer != NULL))
704 rc = smk_ptrace_rule_check(tracer,
21c7eae2 705 isp->smk_task,
5663884c
LP		 706 PTRACE_MODE_ATTACH,
707 __func__);
708 rcu_read_unlock();
709
710 if (rc != 0)
711 return rc;
712 } else if (bprm->unsafe)
84088ba2 713 return -EPERM;
676dac4b 714
84088ba2
JS		 715 bsp->smk_task = isp->smk_task;
716 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 717
84088ba2
JS		 718 return 0;
719}
676dac4b 720
84088ba2
JS		 721/**
722 * smack_bprm_committing_creds - Prepare to install the new credentials
723 * from bprm.
724 *
725 * @bprm: binprm for exec
726 */
727static void smack_bprm_committing_creds(struct linux_binprm *bprm)
728{
729 struct task_smack *bsp = bprm->cred->security;
676dac4b 730
84088ba2
JS		 731 if (bsp->smk_task != bsp->smk_forked)
732 current->pdeath_signal = 0;
733}
734
735/**
736 * smack_bprm_secureexec - Return the decision to use secureexec.
737 * @bprm: binprm for exec
738 *
739 * Returns 0 on success.
740 */
741static int smack_bprm_secureexec(struct linux_binprm *bprm)
742{
743 struct task_smack *tsp = current_security();
744 int ret = cap_bprm_secureexec(bprm);
745
746 if (!ret && (tsp->smk_task != tsp->smk_forked))
747 ret = 1;
748
749 return ret;
676dac4b
CS		 750}
751
e114e473
CS		 752/*
753 * Inode hooks
754 */
755
756/**
757 * smack_inode_alloc_security - allocate an inode blob
251a2a95 758 * @inode: the inode in need of a blob
e114e473
CS		 759 *
760 * Returns 0 if it gets a blob, -ENOMEM otherwise
761 */
762static int smack_inode_alloc_security(struct inode *inode)
763{
2f823ff8
CS		 764 struct smack_known *skp = smk_of_current();
765
21c7eae2 766 inode->i_security = new_inode_smack(skp);
e114e473
CS		 767 if (inode->i_security == NULL)
768 return -ENOMEM;
769 return 0;
770}
771
772/**
773 * smack_inode_free_security - free an inode blob
251a2a95 774 * @inode: the inode with a blob
e114e473
CS		 775 *
776 * Clears the blob pointer in inode
777 */
778static void smack_inode_free_security(struct inode *inode)
779{
1a5b472b 780 kmem_cache_free(smack_inode_cache, inode->i_security);
e114e473
CS		 781 inode->i_security = NULL;
782}
783
784/**
785 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 786 * @inode: the newly created inode
787 * @dir: containing directory object
2a7dba39 788 * @qstr: unused
e114e473
CS		 789 * @name: where to put the attribute name
790 * @value: where to put the attribute value
791 * @len: where to put the length of the attribute
792 *
793 * Returns 0 if it all works out, -ENOMEM if there's no memory
794 */
795static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 796 const struct qstr *qstr, const char **name,
2a7dba39 797 void **value, size_t *len)
e114e473 798{
2267b13a 799 struct inode_smack *issp = inode->i_security;
2f823ff8 800 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 801 struct smack_known *isp = smk_of_inode(inode);
802 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 803 int may;
e114e473 804
9548906b
TH		 805 if (name)
806 *name = XATTR_SMACK_SUFFIX;
e114e473 807
68390ccf 808 if (value && len) {
7898e1f8 809 rcu_read_lock();
21c7eae2
LP		 810 may = smk_access_entry(skp->smk_known, dsp->smk_known,
811 &skp->smk_rules);
7898e1f8 812 rcu_read_unlock();
5c6d1125
JS		 813
814 /*
815 * If the access rule allows transmutation and
816 * the directory requests transmutation then
817 * by all means transmute.
2267b13a 818 * Mark the inode as changed.
5c6d1125 819 */
7898e1f8 820 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 821 smk_inode_transmutable(dir)) {
5c6d1125 822 isp = dsp;
2267b13a
CS		 823 issp->smk_flags |= SMK_INODE_CHANGED;
824 }
5c6d1125 825
21c7eae2 826 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 827 if (*value == NULL)
828 return -ENOMEM;
e114e473 829
21c7eae2 830 *len = strlen(isp->smk_known);
68390ccf 831 }
e114e473
CS		 832
833 return 0;
834}
835
836/**
837 * smack_inode_link - Smack check on link
838 * @old_dentry: the existing object
839 * @dir: unused
840 * @new_dentry: the new object
841 *
842 * Returns 0 if access is permitted, an error code otherwise
843 */
844static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
845 struct dentry *new_dentry)
846{
21c7eae2 847 struct smack_known *isp;
ecfcc53f
EB		 848 struct smk_audit_info ad;
849 int rc;
850
a269434d 851 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 852 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 853
854 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 855 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 856 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
e114e473 857
8802565b 858 if (rc == 0 && d_is_positive(new_dentry)) {
e114e473 859 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 860 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
861 rc = smk_curacc(isp, MAY_WRITE, &ad);
d166c802 862 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
e114e473
CS		 863 }
864
865 return rc;
866}
867
868/**
869 * smack_inode_unlink - Smack check on inode deletion
870 * @dir: containing directory object
871 * @dentry: file to unlink
872 *
873 * Returns 0 if current can write the containing directory
874 * and the object, error code otherwise
875 */
876static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
877{
878 struct inode *ip = dentry->d_inode;
ecfcc53f 879 struct smk_audit_info ad;
e114e473
CS		 880 int rc;
881
a269434d 882 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 883 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
884
e114e473
CS		 885 /*
886 * You need write access to the thing you're unlinking
887 */
ecfcc53f 888 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 889 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 890 if (rc == 0) {
e114e473
CS		 891 /*
892 * You also need write access to the containing directory
893 */
cdb56b60 894 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 895 smk_ad_setfield_u_fs_inode(&ad, dir);
896 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 897 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 898 }
e114e473
CS		 899 return rc;
900}
901
902/**
903 * smack_inode_rmdir - Smack check on directory deletion
904 * @dir: containing directory object
905 * @dentry: directory to unlink
906 *
907 * Returns 0 if current can write the containing directory
908 * and the directory, error code otherwise
909 */
910static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
911{
ecfcc53f 912 struct smk_audit_info ad;
e114e473
CS		 913 int rc;
914
a269434d 915 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 916 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
917
e114e473
CS		 918 /*
919 * You need write access to the thing you're removing
920 */
ecfcc53f 921 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 922 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
ecfcc53f 923 if (rc == 0) {
e114e473
CS		 924 /*
925 * You also need write access to the containing directory
926 */
cdb56b60 927 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 928 smk_ad_setfield_u_fs_inode(&ad, dir);
929 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 930 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 931 }
e114e473
CS		 932
933 return rc;
934}
935
936/**
937 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 938 * @old_inode: unused
939 * @old_dentry: the old object
940 * @new_inode: unused
941 * @new_dentry: the new object
e114e473
CS		 942 *
943 * Read and write access is required on both the old and
944 * new directories.
945 *
946 * Returns 0 if access is permitted, an error code otherwise
947 */
948static int smack_inode_rename(struct inode *old_inode,
949 struct dentry *old_dentry,
950 struct inode *new_inode,
951 struct dentry *new_dentry)
952{
953 int rc;
21c7eae2 954 struct smack_known *isp;
ecfcc53f
EB		 955 struct smk_audit_info ad;
956
a269434d 957 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 958 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473
CS		 959
960 isp = smk_of_inode(old_dentry->d_inode);
ecfcc53f 961 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 962 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
e114e473 963
8802565b 964 if (rc == 0 && d_is_positive(new_dentry)) {
e114e473 965 isp = smk_of_inode(new_dentry->d_inode);
ecfcc53f
EB		 966 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
967 rc = smk_curacc(isp, MAY_READWRITE, &ad);
d166c802 968 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
e114e473 969 }
e114e473
CS		 970 return rc;
971}
972
973/**
974 * smack_inode_permission - Smack version of permission()
975 * @inode: the inode in question
976 * @mask: the access requested
e114e473
CS		 977 *
978 * This is the important Smack hook.
979 *
980 * Returns 0 if access is permitted, -EACCES otherwise
981 */
e74f71eb 982static int smack_inode_permission(struct inode *inode, int mask)
e114e473 983{
ecfcc53f 984 struct smk_audit_info ad;
e74f71eb 985 int no_block = mask & MAY_NOT_BLOCK;
d166c802 986 int rc;
d09ca739
EP		 987
988 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 989 /*
990 * No permission to check. Existence test. Yup, it's there.
991 */
992 if (mask == 0)
993 return 0;
8c9e80ed
AK		 994
995 /* May be droppable after audit */
e74f71eb 996 if (no_block)
8c9e80ed 997 return -ECHILD;
f48b7399 998 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 999 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1000 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1001 rc = smk_bu_inode(inode, mask, rc);
1002 return rc;
e114e473
CS		 1003}
1004
1005/**
1006 * smack_inode_setattr - Smack check for setting attributes
1007 * @dentry: the object
1008 * @iattr: for the force flag
1009 *
1010 * Returns 0 if access is permitted, an error code otherwise
1011 */
1012static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1013{
ecfcc53f 1014 struct smk_audit_info ad;
d166c802
CS		 1015 int rc;
1016
e114e473
CS		 1017 /*
1018 * Need to allow for clearing the setuid bit.
1019 */
1020 if (iattr->ia_valid & ATTR_FORCE)
1021 return 0;
a269434d 1022 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1023 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1024
d166c802
CS		 1025 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1026 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1027 return rc;
e114e473
CS		 1028}
1029
1030/**
1031 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1032 * @mnt: vfsmount of the object
e114e473
CS		 1033 * @dentry: the object
1034 *
1035 * Returns 0 if access is permitted, an error code otherwise
1036 */
3f7036a0 1037static int smack_inode_getattr(const struct path *path)
e114e473 1038{
ecfcc53f 1039 struct smk_audit_info ad;
3f7036a0 1040 struct inode *inode = path->dentry->d_inode;
d166c802 1041 int rc;
ecfcc53f 1042
f48b7399 1043 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1044 smk_ad_setfield_u_fs_path(&ad, *path);
1045 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1046 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1047 return rc;
e114e473
CS		 1048}
1049
1050/**
1051 * smack_inode_setxattr - Smack check for setting xattrs
1052 * @dentry: the object
1053 * @name: name of the attribute
e95ef49b
LP		 1054 * @value: value of the attribute
1055 * @size: size of the value
e114e473
CS		 1056 * @flags: unused
1057 *
1058 * This protects the Smack attribute explicitly.
1059 *
1060 * Returns 0 if access is permitted, an error code otherwise
1061 */
8f0cfa52
DH		 1062static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1063 const void *value, size_t size, int flags)
e114e473 1064{
ecfcc53f 1065 struct smk_audit_info ad;
19760ad0
CS		 1066 struct smack_known *skp;
1067 int check_priv = 0;
1068 int check_import = 0;
1069 int check_star = 0;
bcdca225 1070 int rc = 0;
e114e473 1071
19760ad0
CS		 1072 /*
1073 * Check label validity here so import won't fail in post_setxattr
1074 */
bcdca225
CS		 1075 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1076 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1077 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1078 check_priv = 1;
1079 check_import = 1;
1080 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1081 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1082 check_priv = 1;
1083 check_import = 1;
1084 check_star = 1;
5c6d1125 1085 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1086 check_priv = 1;
5c6d1125
JS		 1087 if (size != TRANS_TRUE_SIZE ||
1088 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1089 rc = -EINVAL;
bcdca225
CS		 1090 } else
1091 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1092
19760ad0
CS		 1093 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1094 rc = -EPERM;
1095
1096 if (rc == 0 && check_import) {
b862e561 1097 skp = size ? smk_import_entry(value, size) : NULL;
19760ad0
CS		 1098 if (skp == NULL || (check_star &&
1099 (skp == &smack_known_star || skp == &smack_known_web)))
1100 rc = -EINVAL;
1101 }
1102
a269434d 1103 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1104 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1105
d166c802 1106 if (rc == 0) {
ecfcc53f 1107 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802
CS		 1108 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1109 }
bcdca225
CS		 1110
1111 return rc;
e114e473
CS		 1112}
1113
1114/**
1115 * smack_inode_post_setxattr - Apply the Smack update approved above
1116 * @dentry: object
1117 * @name: attribute name
1118 * @value: attribute value
1119 * @size: attribute size
1120 * @flags: unused
1121 *
1122 * Set the pointer in the inode blob to the entry found
1123 * in the master label list.
1124 */
8f0cfa52
DH		 1125static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1126 const void *value, size_t size, int flags)
e114e473 1127{
2f823ff8 1128 struct smack_known *skp;
5c6d1125 1129 struct inode_smack *isp = dentry->d_inode->i_security;
676dac4b 1130
2f823ff8
CS		 1131 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1132 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1133 return;
1134 }
1135
676dac4b 1136 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1137 skp = smk_import_entry(value, size);
2f823ff8 1138 if (skp != NULL)
21c7eae2 1139 isp->smk_inode = skp;
676dac4b 1140 else
21c7eae2 1141 isp->smk_inode = &smack_known_invalid;
5c6d1125 1142 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1143 skp = smk_import_entry(value, size);
2f823ff8
CS		 1144 if (skp != NULL)
1145 isp->smk_task = skp;
676dac4b 1146 else
2f823ff8 1147 isp->smk_task = &smack_known_invalid;
7898e1f8 1148 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1149 skp = smk_import_entry(value, size);
2f823ff8
CS		 1150 if (skp != NULL)
1151 isp->smk_mmap = skp;
7898e1f8 1152 else
2f823ff8
CS		 1153 isp->smk_mmap = &smack_known_invalid;
1154 }
e114e473
CS		 1155
1156 return;
1157}
1158
ce8a4321 1159/**
e114e473
CS		 1160 * smack_inode_getxattr - Smack check on getxattr
1161 * @dentry: the object
1162 * @name: unused
1163 *
1164 * Returns 0 if access is permitted, an error code otherwise
1165 */
8f0cfa52 1166static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1167{
ecfcc53f 1168 struct smk_audit_info ad;
d166c802 1169 int rc;
ecfcc53f 1170
a269434d 1171 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1172 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1173
d166c802
CS		 1174 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1175 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1176 return rc;
e114e473
CS		 1177}
1178
ce8a4321 1179/**
e114e473
CS		 1180 * smack_inode_removexattr - Smack check on removexattr
1181 * @dentry: the object
1182 * @name: name of the attribute
1183 *
1184 * Removing the Smack attribute requires CAP_MAC_ADMIN
1185 *
1186 * Returns 0 if access is permitted, an error code otherwise
1187 */
8f0cfa52 1188static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1189{
676dac4b 1190 struct inode_smack *isp;
ecfcc53f 1191 struct smk_audit_info ad;
bcdca225 1192 int rc = 0;
e114e473 1193
bcdca225
CS		 1194 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1195 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1196 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1197 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1198 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1199 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1200 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1201 rc = -EPERM;
1202 } else
1203 rc = cap_inode_removexattr(dentry, name);
1204
f59bdfba
CS		 1205 if (rc != 0)
1206 return rc;
1207
a269434d 1208 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1209 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1210
f59bdfba 1211 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
d166c802 1212 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
f59bdfba
CS		 1213 if (rc != 0)
1214 return rc;
1215
1216 isp = dentry->d_inode->i_security;
1217 /*
1218 * Don't do anything special for these.
1219 * XATTR_NAME_SMACKIPIN
1220 * XATTR_NAME_SMACKIPOUT
1221 * XATTR_NAME_SMACKEXEC
1222 */
1223 if (strcmp(name, XATTR_NAME_SMACK) == 0)
676dac4b 1224 isp->smk_task = NULL;
f59bdfba 1225 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1226 isp->smk_mmap = NULL;
f59bdfba
CS		 1227 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1228 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1229
f59bdfba 1230 return 0;
e114e473
CS		 1231}
1232
1233/**
1234 * smack_inode_getsecurity - get smack xattrs
1235 * @inode: the object
1236 * @name: attribute name
1237 * @buffer: where to put the result
251a2a95 1238 * @alloc: unused
e114e473
CS		 1239 *
1240 * Returns the size of the attribute or an error code
1241 */
1242static int smack_inode_getsecurity(const struct inode *inode,
1243 const char *name, void **buffer,
1244 bool alloc)
1245{
1246 struct socket_smack *ssp;
1247 struct socket *sock;
1248 struct super_block *sbp;
1249 struct inode *ip = (struct inode *)inode;
21c7eae2 1250 struct smack_known *isp;
e114e473
CS		 1251 int ilen;
1252 int rc = 0;
1253
1254 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1255 isp = smk_of_inode(inode);
21c7eae2
LP		 1256 ilen = strlen(isp->smk_known);
1257 *buffer = isp->smk_known;
e114e473
CS		 1258 return ilen;
1259 }
1260
1261 /*
1262 * The rest of the Smack xattrs are only on sockets.
1263 */
1264 sbp = ip->i_sb;
1265 if (sbp->s_magic != SOCKFS_MAGIC)
1266 return -EOPNOTSUPP;
1267
1268 sock = SOCKET_I(ip);
2e1d146a 1269 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 1270 return -EOPNOTSUPP;
1271
1272 ssp = sock->sk->sk_security;
1273
1274 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
21c7eae2 1275 isp = ssp->smk_in;
e114e473 1276 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
21c7eae2 1277 isp = ssp->smk_out;
e114e473
CS		 1278 else
1279 return -EOPNOTSUPP;
1280
21c7eae2 1281 ilen = strlen(isp->smk_known);
e114e473 1282 if (rc == 0) {
21c7eae2 1283 *buffer = isp->smk_known;
e114e473
CS		 1284 rc = ilen;
1285 }
1286
1287 return rc;
1288}
1289
1290
1291/**
1292 * smack_inode_listsecurity - list the Smack attributes
1293 * @inode: the object
1294 * @buffer: where they go
1295 * @buffer_size: size of buffer
1296 *
1297 * Returns 0 on success, -EINVAL otherwise
1298 */
1299static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1300 size_t buffer_size)
1301{
fd5c9d23 1302 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1303
fd5c9d23 1304 if (buffer != NULL && len <= buffer_size)
e114e473 1305 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1306
1307 return len;
e114e473
CS		 1308}
1309
d20bdda6
AD		 1310/**
1311 * smack_inode_getsecid - Extract inode's security id
1312 * @inode: inode to extract the info from
1313 * @secid: where result will be saved
1314 */
1315static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1316{
1317 struct inode_smack *isp = inode->i_security;
1318
21c7eae2 1319 *secid = isp->smk_inode->smk_secid;
d20bdda6
AD		 1320}
1321
e114e473
CS		 1322/*
1323 * File Hooks
1324 */
1325
1326/**
1327 * smack_file_permission - Smack check on file operations
1328 * @file: unused
1329 * @mask: unused
1330 *
1331 * Returns 0
1332 *
1333 * Should access checks be done on each read or write?
1334 * UNICOS and SELinux say yes.
1335 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1336 *
1337 * I'll say no for now. Smack does not do the frequent
1338 * label changing that SELinux does.
1339 */
1340static int smack_file_permission(struct file *file, int mask)
1341{
1342 return 0;
1343}
1344
1345/**
1346 * smack_file_alloc_security - assign a file security blob
1347 * @file: the object
1348 *
1349 * The security blob for a file is a pointer to the master
1350 * label list, so no allocation is done.
1351 *
5e7270a6
CS		 1352 * f_security is the owner security information. It
1353 * isn't used on file access checks, it's for send_sigio.
1354 *
e114e473
CS		 1355 * Returns 0
1356 */
1357static int smack_file_alloc_security(struct file *file)
1358{
2f823ff8
CS		 1359 struct smack_known *skp = smk_of_current();
1360
21c7eae2 1361 file->f_security = skp;
e114e473
CS		 1362 return 0;
1363}
1364
1365/**
1366 * smack_file_free_security - clear a file security blob
1367 * @file: the object
1368 *
1369 * The security blob for a file is a pointer to the master
1370 * label list, so no memory is freed.
1371 */
1372static void smack_file_free_security(struct file *file)
1373{
1374 file->f_security = NULL;
1375}
1376
1377/**
1378 * smack_file_ioctl - Smack check on ioctls
1379 * @file: the object
1380 * @cmd: what to do
1381 * @arg: unused
1382 *
1383 * Relies heavily on the correct use of the ioctl command conventions.
1384 *
1385 * Returns 0 if allowed, error code otherwise
1386 */
1387static int smack_file_ioctl(struct file *file, unsigned int cmd,
1388 unsigned long arg)
1389{
1390 int rc = 0;
ecfcc53f 1391 struct smk_audit_info ad;
5e7270a6 1392 struct inode *inode = file_inode(file);
ecfcc53f 1393
f48b7399 1394 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1395 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1396
d166c802 1397 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1398 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1399 rc = smk_bu_file(file, MAY_WRITE, rc);
1400 }
e114e473 1401
d166c802 1402 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1403 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1404 rc = smk_bu_file(file, MAY_READ, rc);
1405 }
e114e473
CS		 1406
1407 return rc;
1408}
1409
1410/**
1411 * smack_file_lock - Smack check on file locking
1412 * @file: the object
251a2a95 1413 * @cmd: unused
e114e473 1414 *
c0ab6e56 1415 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1416 */
1417static int smack_file_lock(struct file *file, unsigned int cmd)
1418{
ecfcc53f 1419 struct smk_audit_info ad;
d166c802 1420 int rc;
5e7270a6 1421 struct inode *inode = file_inode(file);
ecfcc53f 1422
92f42509
EP		 1423 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1424 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1425 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1426 rc = smk_bu_file(file, MAY_LOCK, rc);
1427 return rc;
e114e473
CS		 1428}
1429
1430/**
1431 * smack_file_fcntl - Smack check on fcntl
1432 * @file: the object
1433 * @cmd: what action to check
1434 * @arg: unused
1435 *
531f1d45
CS		 1436 * Generally these operations are harmless.
1437 * File locking operations present an obvious mechanism
1438 * for passing information, so they require write access.
1439 *
e114e473
CS		 1440 * Returns 0 if current has access, error code otherwise
1441 */
1442static int smack_file_fcntl(struct file *file, unsigned int cmd,
1443 unsigned long arg)
1444{
ecfcc53f 1445 struct smk_audit_info ad;
531f1d45 1446 int rc = 0;
5e7270a6 1447 struct inode *inode = file_inode(file);
ecfcc53f 1448
e114e473 1449 switch (cmd) {
e114e473 1450 case F_GETLK:
c0ab6e56 1451 break;
e114e473
CS		 1452 case F_SETLK:
1453 case F_SETLKW:
c0ab6e56
CS		 1454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1455 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1456 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1457 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1458 break;
e114e473
CS		 1459 case F_SETOWN:
1460 case F_SETSIG:
531f1d45
CS		 1461 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1462 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1463 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1464 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1465 break;
1466 default:
531f1d45 1467 break;
e114e473
CS		 1468 }
1469
1470 return rc;
1471}
1472
7898e1f8 1473/**
e5467859 1474 * smack_mmap_file :
7898e1f8
CS		 1475 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1476 * if mapping anonymous memory.
1477 * @file contains the file structure for file to map (may be NULL).
1478 * @reqprot contains the protection requested by the application.
1479 * @prot contains the protection that will be applied by the kernel.
1480 * @flags contains the operational flags.
1481 * Return 0 if permission is granted.
1482 */
e5467859 1483static int smack_mmap_file(struct file *file,
7898e1f8 1484 unsigned long reqprot, unsigned long prot,
e5467859 1485 unsigned long flags)
7898e1f8 1486{
272cd7a8 1487 struct smack_known *skp;
2f823ff8 1488 struct smack_known *mkp;
7898e1f8
CS		 1489 struct smack_rule *srp;
1490 struct task_smack *tsp;
21c7eae2 1491 struct smack_known *okp;
7898e1f8 1492 struct inode_smack *isp;
0e0a070d
CS		 1493 int may;
1494 int mmay;
1495 int tmay;
7898e1f8
CS		 1496 int rc;
1497
496ad9aa 1498 if (file == NULL)
7898e1f8
CS		 1499 return 0;
1500
496ad9aa 1501 isp = file_inode(file)->i_security;
7898e1f8
CS		 1502 if (isp->smk_mmap == NULL)
1503 return 0;
2f823ff8 1504 mkp = isp->smk_mmap;
7898e1f8
CS		 1505
1506 tsp = current_security();
2f823ff8 1507 skp = smk_of_current();
7898e1f8
CS		 1508 rc = 0;
1509
1510 rcu_read_lock();
1511 /*
1512 * For each Smack rule associated with the subject
1513 * label verify that the SMACK64MMAP also has access
1514 * to that rule's object label.
7898e1f8 1515 */
272cd7a8 1516 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1517 okp = srp->smk_object;
7898e1f8
CS		 1518 /*
1519 * Matching labels always allows access.
1520 */
21c7eae2 1521 if (mkp->smk_known == okp->smk_known)
7898e1f8 1522 continue;
0e0a070d
CS		 1523 /*
1524 * If there is a matching local rule take
1525 * that into account as well.
1526 */
21c7eae2
LP		 1527 may = smk_access_entry(srp->smk_subject->smk_known,
1528 okp->smk_known,
1529 &tsp->smk_rules);
0e0a070d
CS		 1530 if (may == -ENOENT)
1531 may = srp->smk_access;
1532 else
1533 may &= srp->smk_access;
1534 /*
1535 * If may is zero the SMACK64MMAP subject can't
1536 * possibly have less access.
1537 */
1538 if (may == 0)
1539 continue;
1540
1541 /*
1542 * Fetch the global list entry.
1543 * If there isn't one a SMACK64MMAP subject
1544 * can't have as much access as current.
1545 */
21c7eae2
LP		 1546 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1547 &mkp->smk_rules);
0e0a070d
CS		 1548 if (mmay == -ENOENT) {
1549 rc = -EACCES;
1550 break;
1551 }
1552 /*
1553 * If there is a local entry it modifies the
1554 * potential access, too.
1555 */
21c7eae2
LP		 1556 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1557 &tsp->smk_rules);
0e0a070d
CS		 1558 if (tmay != -ENOENT)
1559 mmay &= tmay;
7898e1f8 1560
0e0a070d
CS		 1561 /*
1562 * If there is any access available to current that is
1563 * not available to a SMACK64MMAP subject
1564 * deny access.
1565 */
75a25637 1566 if ((may | mmay) != mmay) {
0e0a070d 1567 rc = -EACCES;
7898e1f8 1568 break;
0e0a070d 1569 }
7898e1f8
CS		 1570 }
1571
1572 rcu_read_unlock();
1573
1574 return rc;
1575}
1576
e114e473
CS		 1577/**
1578 * smack_file_set_fowner - set the file security blob value
1579 * @file: object in question
1580 *
e114e473 1581 */
e0b93edd 1582static void smack_file_set_fowner(struct file *file)
e114e473 1583{
5e7270a6 1584 file->f_security = smk_of_current();
e114e473
CS		 1585}
1586
1587/**
1588 * smack_file_send_sigiotask - Smack on sigio
1589 * @tsk: The target task
1590 * @fown: the object the signal come from
1591 * @signum: unused
1592 *
1593 * Allow a privileged task to get signals even if it shouldn't
1594 *
1595 * Returns 0 if a subject with the object's smack could
1596 * write to the task, an error code otherwise.
1597 */
1598static int smack_file_send_sigiotask(struct task_struct *tsk,
1599 struct fown_struct *fown, int signum)
1600{
2f823ff8
CS		 1601 struct smack_known *skp;
1602 struct smack_known *tkp = smk_of_task(tsk->cred->security);
e114e473
CS		 1603 struct file *file;
1604 int rc;
ecfcc53f 1605 struct smk_audit_info ad;
e114e473
CS		 1606
1607 /*
1608 * struct fown_struct is never outside the context of a struct file
1609 */
1610 file = container_of(fown, struct file, f_owner);
7898e1f8 1611
ecfcc53f 1612 /* we don't log here as rc can be overriden */
21c7eae2
LP		 1613 skp = file->f_security;
1614 rc = smk_access(skp, tkp, MAY_WRITE, NULL);
1615 rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
5cd9c58f 1616 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1617 rc = 0;
1618
1619 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1620 smk_ad_setfield_u_tsk(&ad, tsk);
21c7eae2 1621 smack_log(skp->smk_known, tkp->smk_known, MAY_WRITE, rc, &ad);
e114e473
CS		 1622 return rc;
1623}
1624
1625/**
1626 * smack_file_receive - Smack file receive check
1627 * @file: the object
1628 *
1629 * Returns 0 if current has access, error code otherwise
1630 */
1631static int smack_file_receive(struct file *file)
1632{
d166c802 1633 int rc;
e114e473 1634 int may = 0;
ecfcc53f 1635 struct smk_audit_info ad;
5e7270a6 1636 struct inode *inode = file_inode(file);
e114e473 1637
4482a44f 1638 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1639 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473
CS		 1640 /*
1641 * This code relies on bitmasks.
1642 */
1643 if (file->f_mode & FMODE_READ)
1644 may = MAY_READ;
1645 if (file->f_mode & FMODE_WRITE)
1646 may |= MAY_WRITE;
1647
5e7270a6 1648 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1649 rc = smk_bu_file(file, may, rc);
1650 return rc;
e114e473
CS		 1651}
1652
531f1d45 1653/**
83d49856 1654 * smack_file_open - Smack dentry open processing
531f1d45 1655 * @file: the object
a6834c0b 1656 * @cred: task credential
531f1d45
CS		 1657 *
1658 * Set the security blob in the file structure.
a6834c0b
CS		 1659 * Allow the open only if the task has read access. There are
1660 * many read operations (e.g. fstat) that you can do with an
1661 * fd even if you have the file open write-only.
531f1d45
CS		 1662 *
1663 * Returns 0
1664 */
83d49856 1665static int smack_file_open(struct file *file, const struct cred *cred)
531f1d45 1666{
a6834c0b 1667 struct task_smack *tsp = cred->security;
5e7270a6 1668 struct inode *inode = file_inode(file);
a6834c0b
CS		 1669 struct smk_audit_info ad;
1670 int rc;
531f1d45 1671
5e7270a6 1672 if (smack_privileged(CAP_MAC_OVERRIDE))
a6834c0b 1673 return 0;
531f1d45 1674
a6834c0b
CS		 1675 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1676 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1677 rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
d166c802 1678 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
a6834c0b
CS		 1679
1680 return rc;
531f1d45
CS		 1681}
1682
e114e473
CS		 1683/*
1684 * Task hooks
1685 */
1686
ee18d64c
DH		 1687/**
1688 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1689 * @new: the new credentials
1690 * @gfp: the atomicity of any memory allocations
1691 *
1692 * Prepare a blank set of credentials for modification. This must allocate all
1693 * the memory the LSM module might require such that cred_transfer() can
1694 * complete without error.
1695 */
1696static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1697{
7898e1f8
CS		 1698 struct task_smack *tsp;
1699
1700 tsp = new_task_smack(NULL, NULL, gfp);
1701 if (tsp == NULL)
676dac4b 1702 return -ENOMEM;
7898e1f8
CS		 1703
1704 cred->security = tsp;
1705
ee18d64c
DH		 1706 return 0;
1707}
1708
1709
e114e473 1710/**
f1752eec
DH		 1711 * smack_cred_free - "free" task-level security credentials
1712 * @cred: the credentials in question
e114e473 1713 *
e114e473 1714 */
f1752eec 1715static void smack_cred_free(struct cred *cred)
e114e473 1716{
7898e1f8
CS		 1717 struct task_smack *tsp = cred->security;
1718 struct smack_rule *rp;
1719 struct list_head *l;
1720 struct list_head *n;
1721
1722 if (tsp == NULL)
1723 return;
1724 cred->security = NULL;
1725
1726 list_for_each_safe(l, n, &tsp->smk_rules) {
1727 rp = list_entry(l, struct smack_rule, list);
1728 list_del(&rp->list);
1729 kfree(rp);
1730 }
1731 kfree(tsp);
e114e473
CS		 1732}
1733
d84f4f99
DH		 1734/**
1735 * smack_cred_prepare - prepare new set of credentials for modification
1736 * @new: the new credentials
1737 * @old: the original credentials
1738 * @gfp: the atomicity of any memory allocations
1739 *
1740 * Prepare a new set of credentials for modification.
1741 */
1742static int smack_cred_prepare(struct cred *new, const struct cred *old,
1743 gfp_t gfp)
1744{
676dac4b
CS		 1745 struct task_smack *old_tsp = old->security;
1746 struct task_smack *new_tsp;
7898e1f8 1747 int rc;
676dac4b 1748
7898e1f8 1749 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1750 if (new_tsp == NULL)
1751 return -ENOMEM;
1752
7898e1f8
CS		 1753 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1754 if (rc != 0)
1755 return rc;
1756
676dac4b 1757 new->security = new_tsp;
d84f4f99
DH		 1758 return 0;
1759}
1760
ee18d64c
DH		 1761/**
1762 * smack_cred_transfer - Transfer the old credentials to the new credentials
1763 * @new: the new credentials
1764 * @old: the original credentials
1765 *
1766 * Fill in a set of blank credentials from another set of credentials.
1767 */
1768static void smack_cred_transfer(struct cred *new, const struct cred *old)
1769{
676dac4b
CS		 1770 struct task_smack *old_tsp = old->security;
1771 struct task_smack *new_tsp = new->security;
1772
1773 new_tsp->smk_task = old_tsp->smk_task;
1774 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 1775 mutex_init(&new_tsp->smk_rules_lock);
1776 INIT_LIST_HEAD(&new_tsp->smk_rules);
1777
1778
1779 /* cbs copy rule list */
ee18d64c
DH		 1780}
1781
3a3b7ce9
DH		 1782/**
1783 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 1784 * @new: points to the set of credentials to be modified.
1785 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 1786 *
1787 * Set the security data for a kernel service.
1788 */
1789static int smack_kernel_act_as(struct cred *new, u32 secid)
1790{
676dac4b 1791 struct task_smack *new_tsp = new->security;
2f823ff8 1792 struct smack_known *skp = smack_from_secid(secid);
3a3b7ce9 1793
2f823ff8 1794 if (skp == NULL)
3a3b7ce9
DH		 1795 return -EINVAL;
1796
2f823ff8 1797 new_tsp->smk_task = skp;
3a3b7ce9
DH		 1798 return 0;
1799}
1800
1801/**
1802 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 1803 * @new: points to the set of credentials to be modified
1804 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 1805 *
1806 * Set the file creation context in a set of credentials to the same
1807 * as the objective context of the specified inode
1808 */
1809static int smack_kernel_create_files_as(struct cred *new,
1810 struct inode *inode)
1811{
1812 struct inode_smack *isp = inode->i_security;
676dac4b 1813 struct task_smack *tsp = new->security;
3a3b7ce9 1814
21c7eae2 1815 tsp->smk_forked = isp->smk_inode;
2f823ff8 1816 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 1817 return 0;
1818}
1819
ecfcc53f
EB		 1820/**
1821 * smk_curacc_on_task - helper to log task related access
1822 * @p: the task object
531f1d45
CS		 1823 * @access: the access requested
1824 * @caller: name of the calling function for audit
ecfcc53f
EB		 1825 *
1826 * Return 0 if access is permitted
1827 */
531f1d45
CS		 1828static int smk_curacc_on_task(struct task_struct *p, int access,
1829 const char *caller)
ecfcc53f
EB		 1830{
1831 struct smk_audit_info ad;
6d1cff2a 1832 struct smack_known *skp = smk_of_task_struct(p);
d166c802 1833 int rc;
ecfcc53f 1834
531f1d45 1835 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 1836 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 1837 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 1838 rc = smk_bu_task(p, access, rc);
1839 return rc;
ecfcc53f
EB		 1840}
1841
e114e473
CS		 1842/**
1843 * smack_task_setpgid - Smack check on setting pgid
1844 * @p: the task object
1845 * @pgid: unused
1846 *
1847 * Return 0 if write access is permitted
1848 */
1849static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1850{
531f1d45 1851 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1852}
1853
1854/**
1855 * smack_task_getpgid - Smack access check for getpgid
1856 * @p: the object task
1857 *
1858 * Returns 0 if current can read the object task, error code otherwise
1859 */
1860static int smack_task_getpgid(struct task_struct *p)
1861{
531f1d45 1862 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1863}
1864
1865/**
1866 * smack_task_getsid - Smack access check for getsid
1867 * @p: the object task
1868 *
1869 * Returns 0 if current can read the object task, error code otherwise
1870 */
1871static int smack_task_getsid(struct task_struct *p)
1872{
531f1d45 1873 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1874}
1875
1876/**
1877 * smack_task_getsecid - get the secid of the task
1878 * @p: the object task
1879 * @secid: where to put the result
1880 *
1881 * Sets the secid to contain a u32 version of the smack label.
1882 */
1883static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1884{
6d1cff2a 1885 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 1886
1887 *secid = skp->smk_secid;
e114e473
CS		 1888}
1889
1890/**
1891 * smack_task_setnice - Smack check on setting nice
1892 * @p: the task object
1893 * @nice: unused
1894 *
1895 * Return 0 if write access is permitted
1896 */
1897static int smack_task_setnice(struct task_struct *p, int nice)
1898{
bcdca225
CS		 1899 int rc;
1900
1901 rc = cap_task_setnice(p, nice);
1902 if (rc == 0)
531f1d45 1903 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1904 return rc;
e114e473
CS		 1905}
1906
1907/**
1908 * smack_task_setioprio - Smack check on setting ioprio
1909 * @p: the task object
1910 * @ioprio: unused
1911 *
1912 * Return 0 if write access is permitted
1913 */
1914static int smack_task_setioprio(struct task_struct *p, int ioprio)
1915{
bcdca225
CS		 1916 int rc;
1917
1918 rc = cap_task_setioprio(p, ioprio);
1919 if (rc == 0)
531f1d45 1920 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1921 return rc;
e114e473
CS		 1922}
1923
1924/**
1925 * smack_task_getioprio - Smack check on reading ioprio
1926 * @p: the task object
1927 *
1928 * Return 0 if read access is permitted
1929 */
1930static int smack_task_getioprio(struct task_struct *p)
1931{
531f1d45 1932 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1933}
1934
1935/**
1936 * smack_task_setscheduler - Smack check on setting scheduler
1937 * @p: the task object
1938 * @policy: unused
1939 * @lp: unused
1940 *
1941 * Return 0 if read access is permitted
1942 */
b0ae1981 1943static int smack_task_setscheduler(struct task_struct *p)
e114e473 1944{
bcdca225
CS		 1945 int rc;
1946
b0ae1981 1947 rc = cap_task_setscheduler(p);
bcdca225 1948 if (rc == 0)
531f1d45 1949 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
bcdca225 1950 return rc;
e114e473
CS		 1951}
1952
1953/**
1954 * smack_task_getscheduler - Smack check on reading scheduler
1955 * @p: the task object
1956 *
1957 * Return 0 if read access is permitted
1958 */
1959static int smack_task_getscheduler(struct task_struct *p)
1960{
531f1d45 1961 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 1962}
1963
1964/**
1965 * smack_task_movememory - Smack check on moving memory
1966 * @p: the task object
1967 *
1968 * Return 0 if write access is permitted
1969 */
1970static int smack_task_movememory(struct task_struct *p)
1971{
531f1d45 1972 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 1973}
1974
1975/**
1976 * smack_task_kill - Smack check on signal delivery
1977 * @p: the task object
1978 * @info: unused
1979 * @sig: unused
1980 * @secid: identifies the smack to use in lieu of current's
1981 *
1982 * Return 0 if write access is permitted
1983 *
1984 * The secid behavior is an artifact of an SELinux hack
1985 * in the USB code. Someday it may go away.
1986 */
1987static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1988 int sig, u32 secid)
1989{
ecfcc53f 1990 struct smk_audit_info ad;
2f823ff8 1991 struct smack_known *skp;
6d1cff2a 1992 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 1993 int rc;
ecfcc53f
EB		 1994
1995 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1996 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 1997 /*
1998 * Sending a signal requires that the sender
1999 * can write the receiver.
2000 */
d166c802 2001 if (secid == 0) {
21c7eae2 2002 rc = smk_curacc(tkp, MAY_WRITE, &ad);
d166c802
CS		 2003 rc = smk_bu_task(p, MAY_WRITE, rc);
2004 return rc;
2005 }
e114e473
CS		 2006 /*
2007 * If the secid isn't 0 we're dealing with some USB IO
2008 * specific behavior. This is not clean. For one thing
2009 * we can't take privilege into account.
2010 */
2f823ff8 2011 skp = smack_from_secid(secid);
21c7eae2
LP		 2012 rc = smk_access(skp, tkp, MAY_WRITE, &ad);
2013 rc = smk_bu_note("USB signal", skp, tkp, MAY_WRITE, rc);
d166c802 2014 return rc;
e114e473
CS		 2015}
2016
2017/**
2018 * smack_task_wait - Smack access check for waiting
2019 * @p: task to wait for
2020 *
c00bedb3 2021 * Returns 0
e114e473
CS		 2022 */
2023static int smack_task_wait(struct task_struct *p)
2024{
e114e473 2025 /*
c00bedb3
CS		 2026 * Allow the operation to succeed.
2027 * Zombies are bad.
2028 * In userless environments (e.g. phones) programs
2029 * get marked with SMACK64EXEC and even if the parent
2030 * and child shouldn't be talking the parent still
2031 * may expect to know when the child exits.
e114e473 2032 */
c00bedb3 2033 return 0;
e114e473
CS		 2034}
2035
2036/**
2037 * smack_task_to_inode - copy task smack into the inode blob
2038 * @p: task to copy from
251a2a95 2039 * @inode: inode to copy to
e114e473
CS		 2040 *
2041 * Sets the smack pointer in the inode security blob
2042 */
2043static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2044{
2045 struct inode_smack *isp = inode->i_security;
6d1cff2a 2046 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2047
21c7eae2 2048 isp->smk_inode = skp;
e114e473
CS		 2049}
2050
2051/*
2052 * Socket hooks.
2053 */
2054
2055/**
2056 * smack_sk_alloc_security - Allocate a socket blob
2057 * @sk: the socket
2058 * @family: unused
251a2a95 2059 * @gfp_flags: memory allocation flags
e114e473
CS		 2060 *
2061 * Assign Smack pointers to current
2062 *
2063 * Returns 0 on success, -ENOMEM is there's no memory
2064 */
2065static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2066{
2f823ff8 2067 struct smack_known *skp = smk_of_current();
e114e473
CS		 2068 struct socket_smack *ssp;
2069
2070 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2071 if (ssp == NULL)
2072 return -ENOMEM;
2073
54e70ec5 2074 ssp->smk_in = skp;
2f823ff8 2075 ssp->smk_out = skp;
272cd7a8 2076 ssp->smk_packet = NULL;
e114e473
CS		 2077
2078 sk->sk_security = ssp;
2079
2080 return 0;
2081}
2082
2083/**
2084 * smack_sk_free_security - Free a socket blob
2085 * @sk: the socket
2086 *
2087 * Clears the blob pointer
2088 */
2089static void smack_sk_free_security(struct sock *sk)
2090{
2091 kfree(sk->sk_security);
2092}
2093
07feee8f
PM		 2094/**
2095* smack_host_label - check host based restrictions
2096* @sip: the object end
2097*
2098* looks for host based access restrictions
2099*
2100* This version will only be appropriate for really small sets of single label
2101* hosts. The caller is responsible for ensuring that the RCU read lock is
2102* taken before calling this function.
2103*
2104* Returns the label of the far end or NULL if it's not special.
2105*/
21c7eae2 2106static struct smack_known *smack_host_label(struct sockaddr_in *sip)
07feee8f
PM		 2107{
2108 struct smk_netlbladdr *snp;
2109 struct in_addr *siap = &sip->sin_addr;
2110
2111 if (siap->s_addr == 0)
2112 return NULL;
2113
2114 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2115 /*
2116 * we break after finding the first match because
2117 * the list is sorted from longest to shortest mask
2118 * so we have found the most specific match
2119 */
2120 if ((&snp->smk_host.sin_addr)->s_addr ==
4303154e
EB		 2121 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2122 /* we have found the special CIPSO option */
21c7eae2 2123 if (snp->smk_label == &smack_cipso_option)
4303154e 2124 return NULL;
07feee8f 2125 return snp->smk_label;
4303154e 2126 }
07feee8f
PM		 2127
2128 return NULL;
2129}
2130
e114e473
CS		 2131/**
2132 * smack_netlabel - Set the secattr on a socket
2133 * @sk: the socket
6d3dc07c 2134 * @labeled: socket label scheme
e114e473
CS		 2135 *
2136 * Convert the outbound smack value (smk_out) to a
2137 * secattr and attach it to the socket.
2138 *
2139 * Returns 0 on success or an error code
2140 */
6d3dc07c 2141static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2142{
f7112e6c 2143 struct smack_known *skp;
07feee8f 2144 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2145 int rc = 0;
e114e473 2146
6d3dc07c
CS		 2147 /*
2148 * Usually the netlabel code will handle changing the
2149 * packet labeling based on the label.
2150 * The case of a single label host is different, because
2151 * a single label host should never get a labeled packet
2152 * even though the label is usually associated with a packet
2153 * label.
2154 */
2155 local_bh_disable();
2156 bh_lock_sock_nested(sk);
2157
2158 if (ssp->smk_out == smack_net_ambient ||
2159 labeled == SMACK_UNLABELED_SOCKET)
2160 netlbl_sock_delattr(sk);
2161 else {
2f823ff8 2162 skp = ssp->smk_out;
f7112e6c 2163 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2164 }
2165
2166 bh_unlock_sock(sk);
2167 local_bh_enable();
4bc87e62 2168
e114e473
CS		 2169 return rc;
2170}
2171
07feee8f
PM		 2172/**
2173 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2174 * @sk: the socket
2175 * @sap: the destination address
2176 *
2177 * Set the correct secattr for the given socket based on the destination
2178 * address and perform any outbound access checks needed.
2179 *
2180 * Returns 0 on success or an error code.
2181 *
2182 */
2183static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2184{
2f823ff8 2185 struct smack_known *skp;
07feee8f
PM		 2186 int rc;
2187 int sk_lbl;
21c7eae2 2188 struct smack_known *hkp;
07feee8f 2189 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2190 struct smk_audit_info ad;
07feee8f
PM		 2191
2192 rcu_read_lock();
21c7eae2
LP		 2193 hkp = smack_host_label(sap);
2194 if (hkp != NULL) {
ecfcc53f 2195#ifdef CONFIG_AUDIT
923e9a13
KC		 2196 struct lsm_network_audit net;
2197
48c62af6
EP		 2198 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2199 ad.a.u.net->family = sap->sin_family;
2200 ad.a.u.net->dport = sap->sin_port;
2201 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2202#endif
923e9a13 2203 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2204 skp = ssp->smk_out;
21c7eae2
LP		 2205 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2206 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2207 } else {
2208 sk_lbl = SMACK_CIPSO_SOCKET;
2209 rc = 0;
2210 }
2211 rcu_read_unlock();
2212 if (rc != 0)
2213 return rc;
2214
2215 return smack_netlabel(sk, sk_lbl);
2216}
2217
69f287ae 2218#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
c6739443
CS		 2219/**
2220 * smk_ipv6_port_label - Smack port access table management
2221 * @sock: socket
2222 * @address: address
2223 *
2224 * Create or update the port list entry
2225 */
2226static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2227{
2228 struct sock *sk = sock->sk;
2229 struct sockaddr_in6 *addr6;
2230 struct socket_smack *ssp = sock->sk->sk_security;
2231 struct smk_port_label *spp;
2232 unsigned short port = 0;
2233
2234 if (address == NULL) {
2235 /*
2236 * This operation is changing the Smack information
2237 * on the bound socket. Take the changes to the port
2238 * as well.
2239 */
2240 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2241 if (sk != spp->smk_sock)
2242 continue;
2243 spp->smk_in = ssp->smk_in;
2244 spp->smk_out = ssp->smk_out;
2245 return;
2246 }
2247 /*
2248 * A NULL address is only used for updating existing
2249 * bound entries. If there isn't one, it's OK.
2250 */
2251 return;
2252 }
2253
2254 addr6 = (struct sockaddr_in6 *)address;
2255 port = ntohs(addr6->sin6_port);
2256 /*
2257 * This is a special case that is safely ignored.
2258 */
2259 if (port == 0)
2260 return;
2261
2262 /*
2263 * Look for an existing port list entry.
2264 * This is an indication that a port is getting reused.
2265 */
2266 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2267 if (spp->smk_port != port)
2268 continue;
2269 spp->smk_port = port;
2270 spp->smk_sock = sk;
2271 spp->smk_in = ssp->smk_in;
2272 spp->smk_out = ssp->smk_out;
2273 return;
2274 }
2275
2276 /*
2277 * A new port entry is required.
2278 */
2279 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2280 if (spp == NULL)
2281 return;
2282
2283 spp->smk_port = port;
2284 spp->smk_sock = sk;
2285 spp->smk_in = ssp->smk_in;
2286 spp->smk_out = ssp->smk_out;
2287
2288 list_add(&spp->list, &smk_ipv6_port_list);
2289 return;
2290}
2291
2292/**
2293 * smk_ipv6_port_check - check Smack port access
2294 * @sock: socket
2295 * @address: address
2296 *
2297 * Create or update the port list entry
2298 */
6ea06247 2299static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2300 int act)
2301{
2302 __be16 *bep;
2303 __be32 *be32p;
c6739443
CS		 2304 struct smk_port_label *spp;
2305 struct socket_smack *ssp = sk->sk_security;
2f823ff8 2306 struct smack_known *skp;
c6739443 2307 unsigned short port = 0;
21c7eae2 2308 struct smack_known *object;
c6739443 2309 struct smk_audit_info ad;
d166c802 2310 int rc;
c6739443
CS		 2311#ifdef CONFIG_AUDIT
2312 struct lsm_network_audit net;
2313#endif
2314
2315 if (act == SMK_RECEIVING) {
2f823ff8 2316 skp = smack_net_ambient;
21c7eae2 2317 object = ssp->smk_in;
c6739443 2318 } else {
2f823ff8 2319 skp = ssp->smk_out;
21c7eae2 2320 object = smack_net_ambient;
c6739443
CS		 2321 }
2322
2323 /*
2324 * Get the IP address and port from the address.
2325 */
6ea06247
CS		 2326 port = ntohs(address->sin6_port);
2327 bep = (__be16 *)(&address->sin6_addr);
2328 be32p = (__be32 *)(&address->sin6_addr);
c6739443
CS		 2329
2330 /*
2331 * It's remote, so port lookup does no good.
2332 */
2333 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2334 goto auditout;
2335
2336 /*
2337 * It's local so the send check has to have passed.
2338 */
2339 if (act == SMK_RECEIVING) {
2f823ff8 2340 skp = &smack_known_web;
c6739443
CS		 2341 goto auditout;
2342 }
2343
2344 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2345 if (spp->smk_port != port)
2346 continue;
21c7eae2 2347 object = spp->smk_in;
c6739443 2348 if (act == SMK_CONNECTING)
54e70ec5 2349 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2350 break;
2351 }
2352
2353auditout:
2354
2355#ifdef CONFIG_AUDIT
2356 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2357 ad.a.u.net->family = sk->sk_family;
2358 ad.a.u.net->dport = port;
2359 if (act == SMK_RECEIVING)
6ea06247 2360 ad.a.u.net->v6info.saddr = address->sin6_addr;
c6739443 2361 else
6ea06247 2362 ad.a.u.net->v6info.daddr = address->sin6_addr;
c6739443 2363#endif
d166c802
CS		 2364 rc = smk_access(skp, object, MAY_WRITE, &ad);
2365 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2366 return rc;
c6739443 2367}
69f287ae 2368#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443 2369
e114e473
CS		 2370/**
2371 * smack_inode_setsecurity - set smack xattrs
2372 * @inode: the object
2373 * @name: attribute name
2374 * @value: attribute value
2375 * @size: size of the attribute
2376 * @flags: unused
2377 *
2378 * Sets the named attribute in the appropriate blob
2379 *
2380 * Returns 0 on success, or an error code
2381 */
2382static int smack_inode_setsecurity(struct inode *inode, const char *name,
2383 const void *value, size_t size, int flags)
2384{
2f823ff8 2385 struct smack_known *skp;
e114e473
CS		 2386 struct inode_smack *nsp = inode->i_security;
2387 struct socket_smack *ssp;
2388 struct socket *sock;
4bc87e62 2389 int rc = 0;
e114e473 2390
f7112e6c 2391 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2392 return -EINVAL;
e114e473 2393
2f823ff8
CS		 2394 skp = smk_import_entry(value, size);
2395 if (skp == NULL)
e114e473
CS		 2396 return -EINVAL;
2397
2398 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2399 nsp->smk_inode = skp;
ddd29ec6 2400 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2401 return 0;
2402 }
2403 /*
2404 * The rest of the Smack xattrs are only on sockets.
2405 */
2406 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2407 return -EOPNOTSUPP;
2408
2409 sock = SOCKET_I(inode);
2e1d146a 2410 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2411 return -EOPNOTSUPP;
2412
2413 ssp = sock->sk->sk_security;
2414
2415 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2416 ssp->smk_in = skp;
e114e473 2417 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2418 ssp->smk_out = skp;
c6739443 2419 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2420 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2421 if (rc != 0)
2422 printk(KERN_WARNING
2423 "Smack: \"%s\" netlbl error %d.\n",
2424 __func__, -rc);
2425 }
e114e473
CS		 2426 } else
2427 return -EOPNOTSUPP;
2428
69f287ae 2429#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
c6739443
CS		 2430 if (sock->sk->sk_family == PF_INET6)
2431 smk_ipv6_port_label(sock, NULL);
69f287ae 2432#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443 2433
e114e473
CS		 2434 return 0;
2435}
2436
2437/**
2438 * smack_socket_post_create - finish socket setup
2439 * @sock: the socket
2440 * @family: protocol family
2441 * @type: unused
2442 * @protocol: unused
2443 * @kern: unused
2444 *
2445 * Sets the netlabel information on the socket
2446 *
2447 * Returns 0 on success, and error code otherwise
2448 */
2449static int smack_socket_post_create(struct socket *sock, int family,
2450 int type, int protocol, int kern)
2451{
2e1d146a 2452 if (family != PF_INET || sock->sk == NULL)
e114e473
CS		 2453 return 0;
2454 /*
2455 * Set the outbound netlbl.
2456 */
6d3dc07c
CS		 2457 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2458}
2459
69f287ae 2460#ifndef CONFIG_SECURITY_SMACK_NETFILTER
c6739443
CS		 2461/**
2462 * smack_socket_bind - record port binding information.
2463 * @sock: the socket
2464 * @address: the port address
2465 * @addrlen: size of the address
2466 *
2467 * Records the label bound to a port.
2468 *
2469 * Returns 0
2470 */
2471static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2472 int addrlen)
2473{
69f287ae 2474#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 2475 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2476 smk_ipv6_port_label(sock, address);
69f287ae 2477#endif
c6739443
CS		 2478
2479 return 0;
2480}
69f287ae 2481#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443 2482
6d3dc07c
CS		 2483/**
2484 * smack_socket_connect - connect access check
2485 * @sock: the socket
2486 * @sap: the other end
2487 * @addrlen: size of sap
2488 *
2489 * Verifies that a connection may be possible
2490 *
2491 * Returns 0 on success, and error code otherwise
2492 */
2493static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2494 int addrlen)
2495{
c6739443
CS		 2496 int rc = 0;
2497
2498 if (sock->sk == NULL)
6d3dc07c 2499 return 0;
6d3dc07c 2500
c6739443
CS		 2501 switch (sock->sk->sk_family) {
2502 case PF_INET:
2503 if (addrlen < sizeof(struct sockaddr_in))
2504 return -EINVAL;
2505 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2506 break;
2507 case PF_INET6:
2508 if (addrlen < sizeof(struct sockaddr_in6))
2509 return -EINVAL;
69f287ae 2510#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
6ea06247
CS		 2511 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2512 SMK_CONNECTING);
69f287ae 2513#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 2514 break;
2515 }
2516 return rc;
e114e473
CS		 2517}
2518
2519/**
2520 * smack_flags_to_may - convert S_ to MAY_ values
2521 * @flags: the S_ value
2522 *
2523 * Returns the equivalent MAY_ value
2524 */
2525static int smack_flags_to_may(int flags)
2526{
2527 int may = 0;
2528
2529 if (flags & S_IRUGO)
2530 may |= MAY_READ;
2531 if (flags & S_IWUGO)
2532 may |= MAY_WRITE;
2533 if (flags & S_IXUGO)
2534 may |= MAY_EXEC;
2535
2536 return may;
2537}
2538
2539/**
2540 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2541 * @msg: the object
2542 *
2543 * Returns 0
2544 */
2545static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2546{
2f823ff8
CS		 2547 struct smack_known *skp = smk_of_current();
2548
21c7eae2 2549 msg->security = skp;
e114e473
CS		 2550 return 0;
2551}
2552
2553/**
2554 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2555 * @msg: the object
2556 *
2557 * Clears the blob pointer
2558 */
2559static void smack_msg_msg_free_security(struct msg_msg *msg)
2560{
2561 msg->security = NULL;
2562}
2563
2564/**
2565 * smack_of_shm - the smack pointer for the shm
2566 * @shp: the object
2567 *
2568 * Returns a pointer to the smack value
2569 */
21c7eae2 2570static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
e114e473 2571{
21c7eae2 2572 return (struct smack_known *)shp->shm_perm.security;
e114e473
CS		 2573}
2574
2575/**
2576 * smack_shm_alloc_security - Set the security blob for shm
2577 * @shp: the object
2578 *
2579 * Returns 0
2580 */
2581static int smack_shm_alloc_security(struct shmid_kernel *shp)
2582{
2583 struct kern_ipc_perm *isp = &shp->shm_perm;
2f823ff8 2584 struct smack_known *skp = smk_of_current();
e114e473 2585
21c7eae2 2586 isp->security = skp;
e114e473
CS		 2587 return 0;
2588}
2589
2590/**
2591 * smack_shm_free_security - Clear the security blob for shm
2592 * @shp: the object
2593 *
2594 * Clears the blob pointer
2595 */
2596static void smack_shm_free_security(struct shmid_kernel *shp)
2597{
2598 struct kern_ipc_perm *isp = &shp->shm_perm;
2599
2600 isp->security = NULL;
2601}
2602
ecfcc53f
EB		 2603/**
2604 * smk_curacc_shm : check if current has access on shm
2605 * @shp : the object
2606 * @access : access requested
2607 *
2608 * Returns 0 if current has the requested access, error code otherwise
2609 */
2610static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2611{
21c7eae2 2612 struct smack_known *ssp = smack_of_shm(shp);
ecfcc53f 2613 struct smk_audit_info ad;
d166c802 2614 int rc;
ecfcc53f
EB		 2615
2616#ifdef CONFIG_AUDIT
2617 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2618 ad.a.u.ipc_id = shp->shm_perm.id;
2619#endif
d166c802
CS		 2620 rc = smk_curacc(ssp, access, &ad);
2621 rc = smk_bu_current("shm", ssp, access, rc);
2622 return rc;
ecfcc53f
EB		 2623}
2624
e114e473
CS		 2625/**
2626 * smack_shm_associate - Smack access check for shm
2627 * @shp: the object
2628 * @shmflg: access requested
2629 *
2630 * Returns 0 if current has the requested access, error code otherwise
2631 */
2632static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2633{
e114e473
CS		 2634 int may;
2635
2636 may = smack_flags_to_may(shmflg);
ecfcc53f 2637 return smk_curacc_shm(shp, may);
e114e473
CS		 2638}
2639
2640/**
2641 * smack_shm_shmctl - Smack access check for shm
2642 * @shp: the object
2643 * @cmd: what it wants to do
2644 *
2645 * Returns 0 if current has the requested access, error code otherwise
2646 */
2647static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2648{
e114e473
CS		 2649 int may;
2650
2651 switch (cmd) {
2652 case IPC_STAT:
2653 case SHM_STAT:
2654 may = MAY_READ;
2655 break;
2656 case IPC_SET:
2657 case SHM_LOCK:
2658 case SHM_UNLOCK:
2659 case IPC_RMID:
2660 may = MAY_READWRITE;
2661 break;
2662 case IPC_INFO:
2663 case SHM_INFO:
2664 /*
2665 * System level information.
2666 */
2667 return 0;
2668 default:
2669 return -EINVAL;
2670 }
ecfcc53f 2671 return smk_curacc_shm(shp, may);
e114e473
CS		 2672}
2673
2674/**
2675 * smack_shm_shmat - Smack access for shmat
2676 * @shp: the object
2677 * @shmaddr: unused
2678 * @shmflg: access requested
2679 *
2680 * Returns 0 if current has the requested access, error code otherwise
2681 */
2682static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2683 int shmflg)
2684{
e114e473
CS		 2685 int may;
2686
2687 may = smack_flags_to_may(shmflg);
ecfcc53f 2688 return smk_curacc_shm(shp, may);
e114e473
CS		 2689}
2690
2691/**
2692 * smack_of_sem - the smack pointer for the sem
2693 * @sma: the object
2694 *
2695 * Returns a pointer to the smack value
2696 */
21c7eae2 2697static struct smack_known *smack_of_sem(struct sem_array *sma)
e114e473 2698{
21c7eae2 2699 return (struct smack_known *)sma->sem_perm.security;
e114e473
CS		 2700}
2701
2702/**
2703 * smack_sem_alloc_security - Set the security blob for sem
2704 * @sma: the object
2705 *
2706 * Returns 0
2707 */
2708static int smack_sem_alloc_security(struct sem_array *sma)
2709{
2710 struct kern_ipc_perm *isp = &sma->sem_perm;
2f823ff8 2711 struct smack_known *skp = smk_of_current();
e114e473 2712
21c7eae2 2713 isp->security = skp;
e114e473
CS		 2714 return 0;
2715}
2716
2717/**
2718 * smack_sem_free_security - Clear the security blob for sem
2719 * @sma: the object
2720 *
2721 * Clears the blob pointer
2722 */
2723static void smack_sem_free_security(struct sem_array *sma)
2724{
2725 struct kern_ipc_perm *isp = &sma->sem_perm;
2726
2727 isp->security = NULL;
2728}
2729
ecfcc53f
EB		 2730/**
2731 * smk_curacc_sem : check if current has access on sem
2732 * @sma : the object
2733 * @access : access requested
2734 *
2735 * Returns 0 if current has the requested access, error code otherwise
2736 */
2737static int smk_curacc_sem(struct sem_array *sma, int access)
2738{
21c7eae2 2739 struct smack_known *ssp = smack_of_sem(sma);
ecfcc53f 2740 struct smk_audit_info ad;
d166c802 2741 int rc;
ecfcc53f
EB		 2742
2743#ifdef CONFIG_AUDIT
2744 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2745 ad.a.u.ipc_id = sma->sem_perm.id;
2746#endif
d166c802
CS		 2747 rc = smk_curacc(ssp, access, &ad);
2748 rc = smk_bu_current("sem", ssp, access, rc);
2749 return rc;
ecfcc53f
EB		 2750}
2751
e114e473
CS		 2752/**
2753 * smack_sem_associate - Smack access check for sem
2754 * @sma: the object
2755 * @semflg: access requested
2756 *
2757 * Returns 0 if current has the requested access, error code otherwise
2758 */
2759static int smack_sem_associate(struct sem_array *sma, int semflg)
2760{
e114e473
CS		 2761 int may;
2762
2763 may = smack_flags_to_may(semflg);
ecfcc53f 2764 return smk_curacc_sem(sma, may);
e114e473
CS		 2765}
2766
2767/**
2768 * smack_sem_shmctl - Smack access check for sem
2769 * @sma: the object
2770 * @cmd: what it wants to do
2771 *
2772 * Returns 0 if current has the requested access, error code otherwise
2773 */
2774static int smack_sem_semctl(struct sem_array *sma, int cmd)
2775{
e114e473
CS		 2776 int may;
2777
2778 switch (cmd) {
2779 case GETPID:
2780 case GETNCNT:
2781 case GETZCNT:
2782 case GETVAL:
2783 case GETALL:
2784 case IPC_STAT:
2785 case SEM_STAT:
2786 may = MAY_READ;
2787 break;
2788 case SETVAL:
2789 case SETALL:
2790 case IPC_RMID:
2791 case IPC_SET:
2792 may = MAY_READWRITE;
2793 break;
2794 case IPC_INFO:
2795 case SEM_INFO:
2796 /*
2797 * System level information
2798 */
2799 return 0;
2800 default:
2801 return -EINVAL;
2802 }
2803
ecfcc53f 2804 return smk_curacc_sem(sma, may);
e114e473
CS		 2805}
2806
2807/**
2808 * smack_sem_semop - Smack checks of semaphore operations
2809 * @sma: the object
2810 * @sops: unused
2811 * @nsops: unused
2812 * @alter: unused
2813 *
2814 * Treated as read and write in all cases.
2815 *
2816 * Returns 0 if access is allowed, error code otherwise
2817 */
2818static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2819 unsigned nsops, int alter)
2820{
ecfcc53f 2821 return smk_curacc_sem(sma, MAY_READWRITE);
e114e473
CS		 2822}
2823
2824/**
2825 * smack_msg_alloc_security - Set the security blob for msg
2826 * @msq: the object
2827 *
2828 * Returns 0
2829 */
2830static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2831{
2832 struct kern_ipc_perm *kisp = &msq->q_perm;
2f823ff8 2833 struct smack_known *skp = smk_of_current();
e114e473 2834
21c7eae2 2835 kisp->security = skp;
e114e473
CS		 2836 return 0;
2837}
2838
2839/**
2840 * smack_msg_free_security - Clear the security blob for msg
2841 * @msq: the object
2842 *
2843 * Clears the blob pointer
2844 */
2845static void smack_msg_queue_free_security(struct msg_queue *msq)
2846{
2847 struct kern_ipc_perm *kisp = &msq->q_perm;
2848
2849 kisp->security = NULL;
2850}
2851
2852/**
2853 * smack_of_msq - the smack pointer for the msq
2854 * @msq: the object
2855 *
21c7eae2 2856 * Returns a pointer to the smack label entry
e114e473 2857 */
21c7eae2 2858static struct smack_known *smack_of_msq(struct msg_queue *msq)
e114e473 2859{
21c7eae2 2860 return (struct smack_known *)msq->q_perm.security;
e114e473
CS		 2861}
2862
ecfcc53f
EB		 2863/**
2864 * smk_curacc_msq : helper to check if current has access on msq
2865 * @msq : the msq
2866 * @access : access requested
2867 *
2868 * return 0 if current has access, error otherwise
2869 */
2870static int smk_curacc_msq(struct msg_queue *msq, int access)
2871{
21c7eae2 2872 struct smack_known *msp = smack_of_msq(msq);
ecfcc53f 2873 struct smk_audit_info ad;
d166c802 2874 int rc;
ecfcc53f
EB		 2875
2876#ifdef CONFIG_AUDIT
2877 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2878 ad.a.u.ipc_id = msq->q_perm.id;
2879#endif
d166c802
CS		 2880 rc = smk_curacc(msp, access, &ad);
2881 rc = smk_bu_current("msq", msp, access, rc);
2882 return rc;
ecfcc53f
EB		 2883}
2884
e114e473
CS		 2885/**
2886 * smack_msg_queue_associate - Smack access check for msg_queue
2887 * @msq: the object
2888 * @msqflg: access requested
2889 *
2890 * Returns 0 if current has the requested access, error code otherwise
2891 */
2892static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2893{
e114e473
CS		 2894 int may;
2895
2896 may = smack_flags_to_may(msqflg);
ecfcc53f 2897 return smk_curacc_msq(msq, may);
e114e473
CS		 2898}
2899
2900/**
2901 * smack_msg_queue_msgctl - Smack access check for msg_queue
2902 * @msq: the object
2903 * @cmd: what it wants to do
2904 *
2905 * Returns 0 if current has the requested access, error code otherwise
2906 */
2907static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2908{
e114e473
CS		 2909 int may;
2910
2911 switch (cmd) {
2912 case IPC_STAT:
2913 case MSG_STAT:
2914 may = MAY_READ;
2915 break;
2916 case IPC_SET:
2917 case IPC_RMID:
2918 may = MAY_READWRITE;
2919 break;
2920 case IPC_INFO:
2921 case MSG_INFO:
2922 /*
2923 * System level information
2924 */
2925 return 0;
2926 default:
2927 return -EINVAL;
2928 }
2929
ecfcc53f 2930 return smk_curacc_msq(msq, may);
e114e473
CS		 2931}
2932
2933/**
2934 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2935 * @msq: the object
2936 * @msg: unused
2937 * @msqflg: access requested
2938 *
2939 * Returns 0 if current has the requested access, error code otherwise
2940 */
2941static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2942 int msqflg)
2943{
ecfcc53f 2944 int may;
e114e473 2945
ecfcc53f
EB		 2946 may = smack_flags_to_may(msqflg);
2947 return smk_curacc_msq(msq, may);
e114e473
CS		 2948}
2949
2950/**
2951 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2952 * @msq: the object
2953 * @msg: unused
2954 * @target: unused
2955 * @type: unused
2956 * @mode: unused
2957 *
2958 * Returns 0 if current has read and write access, error code otherwise
2959 */
2960static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2961 struct task_struct *target, long type, int mode)
2962{
ecfcc53f 2963 return smk_curacc_msq(msq, MAY_READWRITE);
e114e473
CS		 2964}
2965
2966/**
2967 * smack_ipc_permission - Smack access for ipc_permission()
2968 * @ipp: the object permissions
2969 * @flag: access requested
2970 *
2971 * Returns 0 if current has read and write access, error code otherwise
2972 */
2973static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2974{
21c7eae2 2975 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 2976 int may = smack_flags_to_may(flag);
2977 struct smk_audit_info ad;
d166c802 2978 int rc;
e114e473 2979
ecfcc53f
EB		 2980#ifdef CONFIG_AUDIT
2981 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2982 ad.a.u.ipc_id = ipp->id;
2983#endif
21c7eae2
LP		 2984 rc = smk_curacc(iskp, may, &ad);
2985 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 2986 return rc;
e114e473
CS		 2987}
2988
d20bdda6
AD		 2989/**
2990 * smack_ipc_getsecid - Extract smack security id
251a2a95 2991 * @ipp: the object permissions
d20bdda6
AD		 2992 * @secid: where result will be saved
2993 */
2994static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2995{
21c7eae2 2996 struct smack_known *iskp = ipp->security;
d20bdda6 2997
21c7eae2 2998 *secid = iskp->smk_secid;
d20bdda6
AD		 2999}
3000
e114e473
CS		 3001/**
3002 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3003 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3004 * @inode: the object
3005 *
3006 * Set the inode's security blob if it hasn't been done already.
3007 */
3008static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3009{
3010 struct super_block *sbp;
3011 struct superblock_smack *sbsp;
3012 struct inode_smack *isp;
2f823ff8
CS		 3013 struct smack_known *skp;
3014 struct smack_known *ckp = smk_of_current();
21c7eae2 3015 struct smack_known *final;
5c6d1125
JS		 3016 char trattr[TRANS_TRUE_SIZE];
3017 int transflag = 0;
2267b13a 3018 int rc;
e114e473
CS		 3019 struct dentry *dp;
3020
3021 if (inode == NULL)
3022 return;
3023
3024 isp = inode->i_security;
3025
3026 mutex_lock(&isp->smk_lock);
3027 /*
3028 * If the inode is already instantiated
3029 * take the quick way out
3030 */
3031 if (isp->smk_flags & SMK_INODE_INSTANT)
3032 goto unlockandout;
3033
3034 sbp = inode->i_sb;
3035 sbsp = sbp->s_security;
3036 /*
3037 * We're going to use the superblock default label
3038 * if there's no label on the file.
3039 */
3040 final = sbsp->smk_default;
3041
e97dcb0e
CS		 3042 /*
3043 * If this is the root inode the superblock
3044 * may be in the process of initialization.
3045 * If that is the case use the root value out
3046 * of the superblock.
3047 */
3048 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3049 switch (sbp->s_magic) {
3050 case CGROUP_SUPER_MAGIC:
36ea735b
CS		 3051 /*
3052 * The cgroup filesystem is never mounted,
3053 * so there's no opportunity to set the mount
3054 * options.
3055 */
21c7eae2
LP		 3056 sbsp->smk_root = &smack_known_star;
3057 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3058 isp->smk_inode = sbsp->smk_root;
3059 break;
3060 case TMPFS_MAGIC:
3061 /*
3062 * What about shmem/tmpfs anonymous files with dentry
3063 * obtained from d_alloc_pseudo()?
3064 */
3065 isp->smk_inode = smk_of_current();
3066 break;
3067 default:
3068 isp->smk_inode = sbsp->smk_root;
3069 break;
36ea735b 3070 }
e97dcb0e
CS		 3071 isp->smk_flags |= SMK_INODE_INSTANT;
3072 goto unlockandout;
3073 }
3074
e114e473
CS		 3075 /*
3076 * This is pretty hackish.
3077 * Casey says that we shouldn't have to do
3078 * file system specific code, but it does help
3079 * with keeping it simple.
3080 */
3081 switch (sbp->s_magic) {
3082 case SMACK_MAGIC:
36ea735b
CS		 3083 case PIPEFS_MAGIC:
3084 case SOCKFS_MAGIC:
3085 case CGROUP_SUPER_MAGIC:
e114e473 3086 /*
25985edc 3087 * Casey says that it's a little embarrassing
e114e473
CS		 3088 * that the smack file system doesn't do
3089 * extended attributes.
36ea735b 3090 *
e114e473 3091 * Casey says pipes are easy (?)
36ea735b
CS		 3092 *
3093 * Socket access is controlled by the socket
3094 * structures associated with the task involved.
3095 *
3096 * Cgroupfs is special
e114e473 3097 */
21c7eae2 3098 final = &smack_known_star;
e114e473
CS		 3099 break;
3100 case DEVPTS_SUPER_MAGIC:
3101 /*
3102 * devpts seems content with the label of the task.
3103 * Programs that change smack have to treat the
3104 * pty with respect.
3105 */
21c7eae2 3106 final = ckp;
e114e473 3107 break;
e114e473
CS		 3108 case PROC_SUPER_MAGIC:
3109 /*
3110 * Casey says procfs appears not to care.
3111 * The superblock default suffices.
3112 */
3113 break;
3114 case TMPFS_MAGIC:
3115 /*
3116 * Device labels should come from the filesystem,
3117 * but watch out, because they're volitile,
3118 * getting recreated on every reboot.
3119 */
21c7eae2 3120 final = &smack_known_star;
e114e473
CS		 3121 /*
3122 * No break.
3123 *
3124 * If a smack value has been set we want to use it,
3125 * but since tmpfs isn't giving us the opportunity
3126 * to set mount options simulate setting the
3127 * superblock default.
3128 */
3129 default:
3130 /*
3131 * This isn't an understood special case.
3132 * Get the value from the xattr.
b4e0d5f0
CS		 3133 */
3134
3135 /*
3136 * UNIX domain sockets use lower level socket data.
3137 */
3138 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3139 final = &smack_known_star;
b4e0d5f0
CS		 3140 break;
3141 }
3142 /*
e114e473
CS		 3143 * No xattr support means, alas, no SMACK label.
3144 * Use the aforeapplied default.
3145 * It would be curious if the label of the task
3146 * does not match that assigned.
3147 */
3148 if (inode->i_op->getxattr == NULL)
3149 break;
3150 /*
3151 * Get the dentry for xattr.
3152 */
3e62cbb8 3153 dp = dget(opt_dentry);
2f823ff8
CS		 3154 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3155 if (skp != NULL)
21c7eae2 3156 final = skp;
2267b13a
CS		 3157
3158 /*
3159 * Transmuting directory
3160 */
3161 if (S_ISDIR(inode->i_mode)) {
3162 /*
3163 * If this is a new directory and the label was
3164 * transmuted when the inode was initialized
3165 * set the transmute attribute on the directory
3166 * and mark the inode.
3167 *
3168 * If there is a transmute attribute on the
3169 * directory mark the inode.
3170 */
3171 if (isp->smk_flags & SMK_INODE_CHANGED) {
3172 isp->smk_flags &= ~SMK_INODE_CHANGED;
3173 rc = inode->i_op->setxattr(dp,
5c6d1125 3174 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3175 TRANS_TRUE, TRANS_TRUE_SIZE,
3176 0);
3177 } else {
3178 rc = inode->i_op->getxattr(dp,
3179 XATTR_NAME_SMACKTRANSMUTE, trattr,
3180 TRANS_TRUE_SIZE);
3181 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3182 TRANS_TRUE_SIZE) != 0)
3183 rc = -EINVAL;
5c6d1125 3184 }
2267b13a
CS		 3185 if (rc >= 0)
3186 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3187 }
19760ad0
CS		 3188 /*
3189 * Don't let the exec or mmap label be "*" or "@".
3190 */
3191 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3192 if (skp == &smack_known_star || skp == &smack_known_web)
3193 skp = NULL;
3194 isp->smk_task = skp;
3195 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3196 if (skp == &smack_known_star || skp == &smack_known_web)
3197 skp = NULL;
3198 isp->smk_mmap = skp;
676dac4b 3199
e114e473
CS		 3200 dput(dp);
3201 break;
3202 }
3203
3204 if (final == NULL)
21c7eae2 3205 isp->smk_inode = ckp;
e114e473
CS		 3206 else
3207 isp->smk_inode = final;
3208
5c6d1125 3209 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3210
3211unlockandout:
3212 mutex_unlock(&isp->smk_lock);
3213 return;
3214}
3215
3216/**
3217 * smack_getprocattr - Smack process attribute access
3218 * @p: the object task
3219 * @name: the name of the attribute in /proc/.../attr
3220 * @value: where to put the result
3221 *
3222 * Places a copy of the task Smack into value
3223 *
3224 * Returns the length of the smack label or an error code
3225 */
3226static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3227{
6d1cff2a 3228 struct smack_known *skp = smk_of_task_struct(p);
e114e473
CS		 3229 char *cp;
3230 int slen;
3231
3232 if (strcmp(name, "current") != 0)
3233 return -EINVAL;
3234
2f823ff8 3235 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3236 if (cp == NULL)
3237 return -ENOMEM;
3238
3239 slen = strlen(cp);
3240 *value = cp;
3241 return slen;
3242}
3243
3244/**
3245 * smack_setprocattr - Smack process attribute setting
3246 * @p: the object task
3247 * @name: the name of the attribute in /proc/.../attr
3248 * @value: the value to set
3249 * @size: the size of the value
3250 *
3251 * Sets the Smack value of the task. Only setting self
3252 * is permitted and only with privilege
3253 *
3254 * Returns the length of the smack label or an error code
3255 */
3256static int smack_setprocattr(struct task_struct *p, char *name,
3257 void *value, size_t size)
3258{
676dac4b 3259 struct task_smack *tsp;
d84f4f99 3260 struct cred *new;
2f823ff8 3261 struct smack_known *skp;
e114e473 3262
e114e473
CS		 3263 /*
3264 * Changing another process' Smack value is too dangerous
3265 * and supports no sane use case.
3266 */
3267 if (p != current)
3268 return -EPERM;
3269
1880eff7 3270 if (!smack_privileged(CAP_MAC_ADMIN))
5cd9c58f
DH		 3271 return -EPERM;
3272
f7112e6c 3273 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3274 return -EINVAL;
3275
3276 if (strcmp(name, "current") != 0)
3277 return -EINVAL;
3278
2f823ff8
CS		 3279 skp = smk_import_entry(value, size);
3280 if (skp == NULL)
e114e473
CS		 3281 return -EINVAL;
3282
6d3dc07c
CS		 3283 /*
3284 * No process is ever allowed the web ("@") label.
3285 */
2f823ff8 3286 if (skp == &smack_known_web)
6d3dc07c
CS		 3287 return -EPERM;
3288
d84f4f99 3289 new = prepare_creds();
6d3dc07c 3290 if (new == NULL)
d84f4f99 3291 return -ENOMEM;
7898e1f8 3292
46a2f3b9 3293 tsp = new->security;
2f823ff8 3294 tsp->smk_task = skp;
7898e1f8 3295
d84f4f99 3296 commit_creds(new);
e114e473
CS		 3297 return size;
3298}
3299
3300/**
3301 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3302 * @sock: one sock
3303 * @other: the other sock
e114e473
CS		 3304 * @newsk: unused
3305 *
3306 * Return 0 if a subject with the smack of sock could access
3307 * an object with the smack of other, otherwise an error code
3308 */
3610cda5
DM		 3309static int smack_unix_stream_connect(struct sock *sock,
3310 struct sock *other, struct sock *newsk)
e114e473 3311{
2f823ff8 3312 struct smack_known *skp;
54e70ec5 3313 struct smack_known *okp;
d2e7ad19
JM		 3314 struct socket_smack *ssp = sock->sk_security;
3315 struct socket_smack *osp = other->sk_security;
975d5e55 3316 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3317 struct smk_audit_info ad;
b4e0d5f0 3318 int rc = 0;
923e9a13
KC		 3319#ifdef CONFIG_AUDIT
3320 struct lsm_network_audit net;
923e9a13 3321#endif
b4e0d5f0 3322
2f823ff8
CS		 3323 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3324 skp = ssp->smk_out;
96be7b54 3325 okp = osp->smk_in;
54e70ec5
CS		 3326#ifdef CONFIG_AUDIT
3327 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3328 smk_ad_setfield_u_net_sk(&ad, other);
3329#endif
21c7eae2
LP		 3330 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3331 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3332 if (rc == 0) {
96be7b54
ZJ		 3333 okp = osp->smk_out;
3334 skp = ssp->smk_in;
138a868f 3335 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3336 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3337 MAY_WRITE, rc);
3338 }
2f823ff8 3339 }
b4e0d5f0 3340
975d5e55
CS		 3341 /*
3342 * Cross reference the peer labels for SO_PEERSEC.
3343 */
3344 if (rc == 0) {
54e70ec5
CS		 3345 nsp->smk_packet = ssp->smk_out;
3346 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3347 }
3348
b4e0d5f0 3349 return rc;
e114e473
CS		 3350}
3351
3352/**
3353 * smack_unix_may_send - Smack access on UDS
3354 * @sock: one socket
3355 * @other: the other socket
3356 *
3357 * Return 0 if a subject with the smack of sock could access
3358 * an object with the smack of other, otherwise an error code
3359 */
3360static int smack_unix_may_send(struct socket *sock, struct socket *other)
3361{
b4e0d5f0
CS		 3362 struct socket_smack *ssp = sock->sk->sk_security;
3363 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3364 struct smk_audit_info ad;
d166c802 3365 int rc;
e114e473 3366
923e9a13
KC		 3367#ifdef CONFIG_AUDIT
3368 struct lsm_network_audit net;
3369
48c62af6 3370 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3371 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3372#endif
b4e0d5f0 3373
2f823ff8
CS		 3374 if (smack_privileged(CAP_MAC_OVERRIDE))
3375 return 0;
b4e0d5f0 3376
21c7eae2
LP		 3377 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3378 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3379 return rc;
e114e473
CS		 3380}
3381
6d3dc07c
CS		 3382/**
3383 * smack_socket_sendmsg - Smack check based on destination host
3384 * @sock: the socket
251a2a95 3385 * @msg: the message
6d3dc07c
CS		 3386 * @size: the size of the message
3387 *
c6739443
CS		 3388 * Return 0 if the current subject can write to the destination host.
3389 * For IPv4 this is only a question if the destination is a single label host.
3390 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3391 */
3392static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3393 int size)
3394{
3395 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
69f287ae 3396#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
6ea06247 3397 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
69f287ae 3398#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443 3399 int rc = 0;
6d3dc07c
CS		 3400
3401 /*
3402 * Perfectly reasonable for this to be NULL
3403 */
c6739443 3404 if (sip == NULL)
6d3dc07c
CS		 3405 return 0;
3406
c6739443
CS		 3407 switch (sip->sin_family) {
3408 case AF_INET:
3409 rc = smack_netlabel_send(sock->sk, sip);
3410 break;
3411 case AF_INET6:
69f287ae 3412#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER)
c6739443 3413 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
69f287ae 3414#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3415 break;
3416 }
3417 return rc;
6d3dc07c
CS		 3418}
3419
e114e473 3420/**
251a2a95 3421 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3422 * @sap: netlabel secattr
272cd7a8 3423 * @ssp: socket security information
e114e473 3424 *
2f823ff8 3425 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3426 */
2f823ff8
CS		 3427static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3428 struct socket_smack *ssp)
e114e473 3429{
2f823ff8 3430 struct smack_known *skp;
f7112e6c 3431 int found = 0;
677264e8
CS		 3432 int acat;
3433 int kcat;
e114e473 3434
6d3dc07c 3435 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3436 /*
6d3dc07c 3437 * Looks like a CIPSO packet.
e114e473
CS		 3438 * If there are flags but no level netlabel isn't
3439 * behaving the way we expect it to.
3440 *
f7112e6c 3441 * Look it up in the label table
e114e473
CS		 3442 * Without guidance regarding the smack value
3443 * for the packet fall back on the network
3444 * ambient value.
3445 */
f7112e6c 3446 rcu_read_lock();
2f823ff8
CS		 3447 list_for_each_entry(skp, &smack_known_list, list) {
3448 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3449 continue;
677264e8
CS		 3450 /*
3451 * Compare the catsets. Use the netlbl APIs.
3452 */
3453 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3454 if ((skp->smk_netlabel.flags &
3455 NETLBL_SECATTR_MLS_CAT) == 0)
3456 found = 1;
3457 break;
3458 }
3459 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3460 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3461 acat + 1);
3462 kcat = netlbl_catmap_walk(
677264e8
CS		 3463 skp->smk_netlabel.attr.mls.cat,
3464 kcat + 1);
3465 if (acat < 0 || kcat < 0)
3466 break;
3467 }
3468 if (acat == kcat) {
3469 found = 1;
3470 break;
3471 }
6d3dc07c 3472 }
f7112e6c
CS		 3473 rcu_read_unlock();
3474
3475 if (found)
2f823ff8 3476 return skp;
f7112e6c 3477
54e70ec5 3478 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3479 return &smack_known_web;
3480 return &smack_known_star;
e114e473 3481 }
6d3dc07c
CS		 3482 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3483 /*
3484 * Looks like a fallback, which gives us a secid.
3485 */
2f823ff8 3486 skp = smack_from_secid(sap->attr.secid);
6d3dc07c
CS		 3487 /*
3488 * This has got to be a bug because it is
3489 * impossible to specify a fallback without
3490 * specifying the label, which will ensure
3491 * it has a secid, and the only way to get a
3492 * secid is from a fallback.
3493 */
2f823ff8
CS		 3494 BUG_ON(skp == NULL);
3495 return skp;
e114e473
CS		 3496 }
3497 /*
6d3dc07c
CS		 3498 * Without guidance regarding the smack value
3499 * for the packet fall back on the network
3500 * ambient value.
e114e473 3501 */
272cd7a8 3502 return smack_net_ambient;
e114e473
CS		 3503}
3504
69f287ae 3505#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3506static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3507{
c6739443
CS		 3508 u8 nexthdr;
3509 int offset;
3510 int proto = -EINVAL;
3511 struct ipv6hdr _ipv6h;
3512 struct ipv6hdr *ip6;
3513 __be16 frag_off;
3514 struct tcphdr _tcph, *th;
3515 struct udphdr _udph, *uh;
3516 struct dccp_hdr _dccph, *dh;
3517
3518 sip->sin6_port = 0;
3519
3520 offset = skb_network_offset(skb);
3521 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3522 if (ip6 == NULL)
3523 return -EINVAL;
3524 sip->sin6_addr = ip6->saddr;
3525
3526 nexthdr = ip6->nexthdr;
3527 offset += sizeof(_ipv6h);
3528 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3529 if (offset < 0)
3530 return -EINVAL;
3531
3532 proto = nexthdr;
3533 switch (proto) {
3534 case IPPROTO_TCP:
3535 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3536 if (th != NULL)
3537 sip->sin6_port = th->source;
3538 break;
3539 case IPPROTO_UDP:
3540 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3541 if (uh != NULL)
3542 sip->sin6_port = uh->source;
3543 break;
3544 case IPPROTO_DCCP:
3545 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3546 if (dh != NULL)
3547 sip->sin6_port = dh->dccph_sport;
3548 break;
3549 }
3550 return proto;
3551}
69f287ae 3552#endif /* CONFIG_IPV6 */
c6739443 3553
e114e473
CS		 3554/**
3555 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3556 * @sk: socket
3557 * @skb: packet
3558 *
3559 * Returns 0 if the packet should be delivered, an error code otherwise
3560 */
3561static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3562{
3563 struct netlbl_lsm_secattr secattr;
3564 struct socket_smack *ssp = sk->sk_security;
69f287ae 3565 struct smack_known *skp = NULL;
c6739443 3566 int rc = 0;
ecfcc53f 3567 struct smk_audit_info ad;
923e9a13 3568#ifdef CONFIG_AUDIT
48c62af6 3569 struct lsm_network_audit net;
923e9a13 3570#endif
69f287ae
CS		 3571#if IS_ENABLED(CONFIG_IPV6)
3572 struct sockaddr_in6 sadd;
3573 int proto;
3574#endif /* CONFIG_IPV6 */
3575
c6739443
CS		 3576 switch (sk->sk_family) {
3577 case PF_INET:
69f287ae
CS		 3578#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3579 /*
3580 * If there is a secmark use it rather than the CIPSO label.
3581 * If there is no secmark fall back to CIPSO.
3582 * The secmark is assumed to reflect policy better.
3583 */
3584 if (skb && skb->secmark != 0) {
3585 skp = smack_from_secid(skb->secmark);
3586 goto access_check;
3587 }
3588#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3589 /*
3590 * Translate what netlabel gave us.
3591 */
3592 netlbl_secattr_init(&secattr);
6d3dc07c 3593
c6739443
CS		 3594 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3595 if (rc == 0)
2f823ff8 3596 skp = smack_from_secattr(&secattr, ssp);
c6739443 3597 else
2f823ff8 3598 skp = smack_net_ambient;
6d3dc07c 3599
c6739443 3600 netlbl_secattr_destroy(&secattr);
6d3dc07c 3601
69f287ae
CS		 3602#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3603access_check:
3604#endif
ecfcc53f 3605#ifdef CONFIG_AUDIT
c6739443
CS		 3606 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3607 ad.a.u.net->family = sk->sk_family;
3608 ad.a.u.net->netif = skb->skb_iif;
3609 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3610#endif
c6739443
CS		 3611 /*
3612 * Receiving a packet requires that the other end
3613 * be able to write here. Read access is not required.
3614 * This is the simplist possible security model
3615 * for networking.
3616 */
21c7eae2
LP		 3617 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3618 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3619 MAY_WRITE, rc);
c6739443
CS		 3620 if (rc != 0)
3621 netlbl_skbuff_err(skb, rc, 0);
3622 break;
69f287ae 3623#if IS_ENABLED(CONFIG_IPV6)
c6739443 3624 case PF_INET6:
69f287ae
CS		 3625 proto = smk_skb_to_addr_ipv6(skb, &sadd);
3626 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
3627 break;
3628#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3629 if (skb && skb->secmark != 0)
3630 skp = smack_from_secid(skb->secmark);
c6739443 3631 else
69f287ae
CS		 3632 skp = smack_net_ambient;
3633#ifdef CONFIG_AUDIT
3634 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3635 ad.a.u.net->family = sk->sk_family;
3636 ad.a.u.net->netif = skb->skb_iif;
3637 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3638#endif /* CONFIG_AUDIT */
3639 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3640 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3641 MAY_WRITE, rc);
3642#else /* CONFIG_SECURITY_SMACK_NETFILTER */
3643 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3644#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443 3645 break;
69f287ae 3646#endif /* CONFIG_IPV6 */
c6739443 3647 }
69f287ae 3648
a8134296 3649 return rc;
e114e473
CS		 3650}
3651
3652/**
3653 * smack_socket_getpeersec_stream - pull in packet label
3654 * @sock: the socket
3655 * @optval: user's destination
3656 * @optlen: size thereof
251a2a95 3657 * @len: max thereof
e114e473
CS		 3658 *
3659 * returns zero on success, an error code otherwise
3660 */
3661static int smack_socket_getpeersec_stream(struct socket *sock,
3662 char __user *optval,
3663 int __user *optlen, unsigned len)
3664{
3665 struct socket_smack *ssp;
272cd7a8
CS		 3666 char *rcp = "";
3667 int slen = 1;
e114e473
CS		 3668 int rc = 0;
3669
3670 ssp = sock->sk->sk_security;
272cd7a8 3671 if (ssp->smk_packet != NULL) {
54e70ec5 3672 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 3673 slen = strlen(rcp) + 1;
3674 }
e114e473
CS		 3675
3676 if (slen > len)
3677 rc = -ERANGE;
272cd7a8 3678 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 3679 rc = -EFAULT;
3680
3681 if (put_user(slen, optlen) != 0)
3682 rc = -EFAULT;
3683
3684 return rc;
3685}
3686
3687
3688/**
3689 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 3690 * @sock: the peer socket
e114e473
CS		 3691 * @skb: packet data
3692 * @secid: pointer to where to put the secid of the packet
3693 *
3694 * Sets the netlabel socket state on sk from parent
3695 */
3696static int smack_socket_getpeersec_dgram(struct socket *sock,
3697 struct sk_buff *skb, u32 *secid)
3698
3699{
3700 struct netlbl_lsm_secattr secattr;
272cd7a8 3701 struct socket_smack *ssp = NULL;
2f823ff8 3702 struct smack_known *skp;
b4e0d5f0
CS		 3703 int family = PF_UNSPEC;
3704 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 3705 int rc;
3706
b4e0d5f0
CS		 3707 if (skb != NULL) {
3708 if (skb->protocol == htons(ETH_P_IP))
3709 family = PF_INET;
69f287ae 3710#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 3711 else if (skb->protocol == htons(ETH_P_IPV6))
3712 family = PF_INET6;
69f287ae 3713#endif /* CONFIG_IPV6 */
e114e473 3714 }
b4e0d5f0
CS		 3715 if (family == PF_UNSPEC && sock != NULL)
3716 family = sock->sk->sk_family;
e114e473 3717
69f287ae
CS		 3718 switch (family) {
3719 case PF_UNIX:
272cd7a8 3720 ssp = sock->sk->sk_security;
2f823ff8 3721 s = ssp->smk_out->smk_secid;
69f287ae
CS		 3722 break;
3723 case PF_INET:
3724#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3725 s = skb->secmark;
3726 if (s != 0)
3727 break;
3728#endif
b4e0d5f0
CS		 3729 /*
3730 * Translate what netlabel gave us.
3731 */
272cd7a8
CS		 3732 if (sock != NULL && sock->sk != NULL)
3733 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 3734 netlbl_secattr_init(&secattr);
3735 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3736 if (rc == 0) {
2f823ff8
CS		 3737 skp = smack_from_secattr(&secattr, ssp);
3738 s = skp->smk_secid;
b4e0d5f0
CS		 3739 }
3740 netlbl_secattr_destroy(&secattr);
69f287ae
CS		 3741 break;
3742#if IS_ENABLED(CONFIG_IPV6)
3743 case PF_INET6:
3744#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3745 s = skb->secmark;
3746#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3747 break;
3748#endif /* CONFIG_IPV6 */
b4e0d5f0
CS		 3749 }
3750 *secid = s;
e114e473
CS		 3751 if (s == 0)
3752 return -EINVAL;
e114e473
CS		 3753 return 0;
3754}
3755
3756/**
07feee8f
PM		 3757 * smack_sock_graft - Initialize a newly created socket with an existing sock
3758 * @sk: child sock
3759 * @parent: parent socket
e114e473 3760 *
07feee8f
PM		 3761 * Set the smk_{in,out} state of an existing sock based on the process that
3762 * is creating the new socket.
e114e473
CS		 3763 */
3764static void smack_sock_graft(struct sock *sk, struct socket *parent)
3765{
3766 struct socket_smack *ssp;
2f823ff8 3767 struct smack_known *skp = smk_of_current();
e114e473 3768
07feee8f
PM		 3769 if (sk == NULL ||
3770 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 3771 return;
3772
3773 ssp = sk->sk_security;
54e70ec5 3774 ssp->smk_in = skp;
2f823ff8 3775 ssp->smk_out = skp;
07feee8f 3776 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 3777}
3778
3779/**
3780 * smack_inet_conn_request - Smack access check on connect
3781 * @sk: socket involved
3782 * @skb: packet
3783 * @req: unused
3784 *
3785 * Returns 0 if a task with the packet label could write to
3786 * the socket, otherwise an error code
3787 */
3788static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3789 struct request_sock *req)
3790{
07feee8f 3791 u16 family = sk->sk_family;
f7112e6c 3792 struct smack_known *skp;
e114e473 3793 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 3794 struct netlbl_lsm_secattr secattr;
3795 struct sockaddr_in addr;
3796 struct iphdr *hdr;
21c7eae2 3797 struct smack_known *hskp;
e114e473 3798 int rc;
ecfcc53f 3799 struct smk_audit_info ad;
923e9a13 3800#ifdef CONFIG_AUDIT
48c62af6 3801 struct lsm_network_audit net;
923e9a13 3802#endif
e114e473 3803
69f287ae 3804#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 3805 if (family == PF_INET6) {
3806 /*
3807 * Handle mapped IPv4 packets arriving
3808 * via IPv6 sockets. Don't set up netlabel
3809 * processing on IPv6.
3810 */
3811 if (skb->protocol == htons(ETH_P_IP))
3812 family = PF_INET;
3813 else
3814 return 0;
3815 }
69f287ae 3816#endif /* CONFIG_IPV6 */
e114e473 3817
7f368ad3
CS		 3818#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3819 /*
3820 * If there is a secmark use it rather than the CIPSO label.
3821 * If there is no secmark fall back to CIPSO.
3822 * The secmark is assumed to reflect policy better.
3823 */
3824 if (skb && skb->secmark != 0) {
3825 skp = smack_from_secid(skb->secmark);
3826 goto access_check;
3827 }
3828#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
3829
07feee8f
PM		 3830 netlbl_secattr_init(&secattr);
3831 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 3832 if (rc == 0)
2f823ff8 3833 skp = smack_from_secattr(&secattr, ssp);
e114e473 3834 else
2f823ff8 3835 skp = &smack_known_huh;
07feee8f
PM		 3836 netlbl_secattr_destroy(&secattr);
3837
7f368ad3
CS		 3838#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3839access_check:
3840#endif
3841
ecfcc53f 3842#ifdef CONFIG_AUDIT
48c62af6
EP		 3843 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3844 ad.a.u.net->family = family;
3845 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 3846 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3847#endif
e114e473 3848 /*
07feee8f
PM		 3849 * Receiving a packet requires that the other end be able to write
3850 * here. Read access is not required.
e114e473 3851 */
21c7eae2
LP		 3852 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3853 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 3854 if (rc != 0)
3855 return rc;
3856
3857 /*
3858 * Save the peer's label in the request_sock so we can later setup
3859 * smk_packet in the child socket so that SO_PEERCRED can report it.
3860 */
2f823ff8 3861 req->peer_secid = skp->smk_secid;
07feee8f
PM		 3862
3863 /*
3864 * We need to decide if we want to label the incoming connection here
3865 * if we do we only need to label the request_sock and the stack will
25985edc 3866 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 3867 */
3868 hdr = ip_hdr(skb);
3869 addr.sin_addr.s_addr = hdr->saddr;
3870 rcu_read_lock();
21c7eae2 3871 hskp = smack_host_label(&addr);
f7112e6c
CS		 3872 rcu_read_unlock();
3873
21c7eae2 3874 if (hskp == NULL)
f7112e6c 3875 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 3876 else
07feee8f 3877 netlbl_req_delattr(req);
e114e473
CS		 3878
3879 return rc;
3880}
3881
07feee8f
PM		 3882/**
3883 * smack_inet_csk_clone - Copy the connection information to the new socket
3884 * @sk: the new socket
3885 * @req: the connection's request_sock
3886 *
3887 * Transfer the connection's peer label to the newly created socket.
3888 */
3889static void smack_inet_csk_clone(struct sock *sk,
3890 const struct request_sock *req)
3891{
3892 struct socket_smack *ssp = sk->sk_security;
2f823ff8 3893 struct smack_known *skp;
07feee8f 3894
2f823ff8
CS		 3895 if (req->peer_secid != 0) {
3896 skp = smack_from_secid(req->peer_secid);
54e70ec5 3897 ssp->smk_packet = skp;
2f823ff8 3898 } else
272cd7a8 3899 ssp->smk_packet = NULL;
07feee8f
PM		 3900}
3901
e114e473
CS		 3902/*
3903 * Key management security hooks
3904 *
3905 * Casey has not tested key support very heavily.
3906 * The permission check is most likely too restrictive.
3907 * If you care about keys please have a look.
3908 */
3909#ifdef CONFIG_KEYS
3910
3911/**
3912 * smack_key_alloc - Set the key security blob
3913 * @key: object
d84f4f99 3914 * @cred: the credentials to use
e114e473
CS		 3915 * @flags: unused
3916 *
3917 * No allocation required
3918 *
3919 * Returns 0
3920 */
d84f4f99 3921static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 3922 unsigned long flags)
3923{
2f823ff8
CS		 3924 struct smack_known *skp = smk_of_task(cred->security);
3925
21c7eae2 3926 key->security = skp;
e114e473
CS		 3927 return 0;
3928}
3929
3930/**
3931 * smack_key_free - Clear the key security blob
3932 * @key: the object
3933 *
3934 * Clear the blob pointer
3935 */
3936static void smack_key_free(struct key *key)
3937{
3938 key->security = NULL;
3939}
3940
1a28979b 3941/**
e114e473
CS		 3942 * smack_key_permission - Smack access on a key
3943 * @key_ref: gets to the object
d84f4f99 3944 * @cred: the credentials to use
1a28979b 3945 * @perm: requested key permissions
e114e473
CS		 3946 *
3947 * Return 0 if the task has read and write to the object,
3948 * an error code otherwise
3949 */
3950static int smack_key_permission(key_ref_t key_ref,
f5895943 3951 const struct cred *cred, unsigned perm)
e114e473
CS		 3952{
3953 struct key *keyp;
ecfcc53f 3954 struct smk_audit_info ad;
2f823ff8 3955 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 3956 int request = 0;
d166c802 3957 int rc;
e114e473
CS		 3958
3959 keyp = key_ref_to_ptr(key_ref);
3960 if (keyp == NULL)
3961 return -EINVAL;
3962 /*
3963 * If the key hasn't been initialized give it access so that
3964 * it may do so.
3965 */
3966 if (keyp->security == NULL)
3967 return 0;
3968 /*
3969 * This should not occur
3970 */
2f823ff8 3971 if (tkp == NULL)
e114e473 3972 return -EACCES;
ecfcc53f
EB		 3973#ifdef CONFIG_AUDIT
3974 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3975 ad.a.u.key_struct.key = keyp->serial;
3976 ad.a.u.key_struct.key_desc = keyp->description;
3977#endif
fffea214
DK		 3978 if (perm & KEY_NEED_READ)
3979 request = MAY_READ;
3980 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3981 request = MAY_WRITE;
d166c802
CS		 3982 rc = smk_access(tkp, keyp->security, request, &ad);
3983 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
3984 return rc;
e114e473
CS		 3985}
3986#endif /* CONFIG_KEYS */
3987
d20bdda6
AD		 3988/*
3989 * Smack Audit hooks
3990 *
3991 * Audit requires a unique representation of each Smack specific
3992 * rule. This unique representation is used to distinguish the
3993 * object to be audited from remaining kernel objects and also
3994 * works as a glue between the audit hooks.
3995 *
3996 * Since repository entries are added but never deleted, we'll use
3997 * the smack_known label address related to the given audit rule as
3998 * the needed unique representation. This also better fits the smack
3999 * model where nearly everything is a label.
4000 */
4001#ifdef CONFIG_AUDIT
4002
4003/**
4004 * smack_audit_rule_init - Initialize a smack audit rule
4005 * @field: audit rule fields given from user-space (audit.h)
4006 * @op: required testing operator (=, !=, >, <, ...)
4007 * @rulestr: smack label to be audited
4008 * @vrule: pointer to save our own audit rule representation
4009 *
4010 * Prepare to audit cases where (@field @op @rulestr) is true.
4011 * The label to be audited is created if necessay.
4012 */
4013static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4014{
21c7eae2 4015 struct smack_known *skp;
d20bdda6
AD		 4016 char **rule = (char **)vrule;
4017 *rule = NULL;
4018
4019 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4020 return -EINVAL;
4021
5af75d8d 4022 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4023 return -EINVAL;
4024
21c7eae2
LP		 4025 skp = smk_import_entry(rulestr, 0);
4026 if (skp)
4027 *rule = skp->smk_known;
d20bdda6
AD		 4028
4029 return 0;
4030}
4031
4032/**
4033 * smack_audit_rule_known - Distinguish Smack audit rules
4034 * @krule: rule of interest, in Audit kernel representation format
4035 *
4036 * This is used to filter Smack rules from remaining Audit ones.
4037 * If it's proved that this rule belongs to us, the
4038 * audit_rule_match hook will be called to do the final judgement.
4039 */
4040static int smack_audit_rule_known(struct audit_krule *krule)
4041{
4042 struct audit_field *f;
4043 int i;
4044
4045 for (i = 0; i < krule->field_count; i++) {
4046 f = &krule->fields[i];
4047
4048 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4049 return 1;
4050 }
4051
4052 return 0;
4053}
4054
4055/**
4056 * smack_audit_rule_match - Audit given object ?
4057 * @secid: security id for identifying the object to test
4058 * @field: audit rule flags given from user-space
4059 * @op: required testing operator
4060 * @vrule: smack internal rule presentation
4061 * @actx: audit context associated with the check
4062 *
4063 * The core Audit hook. It's used to take the decision of
4064 * whether to audit or not to audit a given object.
4065 */
4066static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4067 struct audit_context *actx)
4068{
2f823ff8 4069 struct smack_known *skp;
d20bdda6
AD		 4070 char *rule = vrule;
4071
4eb0f4ab
RGB		 4072 if (unlikely(!rule)) {
4073 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4074 return -ENOENT;
4075 }
4076
4077 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4078 return 0;
4079
2f823ff8 4080 skp = smack_from_secid(secid);
d20bdda6
AD		 4081
4082 /*
4083 * No need to do string comparisons. If a match occurs,
4084 * both pointers will point to the same smack_known
4085 * label.
4086 */
5af75d8d 4087 if (op == Audit_equal)
2f823ff8 4088 return (rule == skp->smk_known);
5af75d8d 4089 if (op == Audit_not_equal)
2f823ff8 4090 return (rule != skp->smk_known);
d20bdda6
AD		 4091
4092 return 0;
4093}
4094
4095/**
4096 * smack_audit_rule_free - free smack rule representation
4097 * @vrule: rule to be freed.
4098 *
4099 * No memory was allocated.
4100 */
4101static void smack_audit_rule_free(void *vrule)
4102{
4103 /* No-op */
4104}
4105
4106#endif /* CONFIG_AUDIT */
4107
746df9b5
DQ		 4108/**
4109 * smack_ismaclabel - check if xattr @name references a smack MAC label
4110 * @name: Full xattr name to check.
4111 */
4112static int smack_ismaclabel(const char *name)
4113{
4114 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4115}
4116
4117
251a2a95 4118/**
e114e473
CS		 4119 * smack_secid_to_secctx - return the smack label for a secid
4120 * @secid: incoming integer
4121 * @secdata: destination
4122 * @seclen: how long it is
4123 *
4124 * Exists for networking code.
4125 */
4126static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4127{
2f823ff8 4128 struct smack_known *skp = smack_from_secid(secid);
e114e473 4129
d5630b9d 4130 if (secdata)
2f823ff8
CS		 4131 *secdata = skp->smk_known;
4132 *seclen = strlen(skp->smk_known);
e114e473
CS		 4133 return 0;
4134}
4135
251a2a95 4136/**
4bc87e62
CS		 4137 * smack_secctx_to_secid - return the secid for a smack label
4138 * @secdata: smack label
4139 * @seclen: how long result is
4140 * @secid: outgoing integer
4141 *
4142 * Exists for audit and networking code.
4143 */
e52c1764 4144static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4145{
21c7eae2
LP		 4146 struct smack_known *skp = smk_find_entry(secdata);
4147
4148 if (skp)
4149 *secid = skp->smk_secid;
4150 else
4151 *secid = 0;
4bc87e62
CS		 4152 return 0;
4153}
4154
251a2a95 4155/**
e114e473 4156 * smack_release_secctx - don't do anything.
251a2a95
RD		 4157 * @secdata: unused
4158 * @seclen: unused
e114e473
CS		 4159 *
4160 * Exists to make sure nothing gets done, and properly
4161 */
4162static void smack_release_secctx(char *secdata, u32 seclen)
4163{
4164}
4165
1ee65e37
DQ		 4166static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4167{
4168 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4169}
4170
4171static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4172{
4173 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4174}
4175
4176static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4177{
4178 int len = 0;
4179 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4180
4181 if (len < 0)
4182 return len;
4183 *ctxlen = len;
4184 return 0;
4185}
4186
076c54c5
AD		 4187struct security_operations smack_ops = {
4188 .name = "smack",
4189
9e48858f 4190 .ptrace_access_check = smack_ptrace_access_check,
5cd9c58f 4191 .ptrace_traceme = smack_ptrace_traceme,
e114e473 4192 .syslog = smack_syslog,
e114e473
CS		 4193
4194 .sb_alloc_security = smack_sb_alloc_security,
4195 .sb_free_security = smack_sb_free_security,
4196 .sb_copy_data = smack_sb_copy_data,
4197 .sb_kern_mount = smack_sb_kern_mount,
4198 .sb_statfs = smack_sb_statfs,
e114e473 4199
676dac4b 4200 .bprm_set_creds = smack_bprm_set_creds,
84088ba2
JS		 4201 .bprm_committing_creds = smack_bprm_committing_creds,
4202 .bprm_secureexec = smack_bprm_secureexec,
676dac4b 4203
e114e473
CS		 4204 .inode_alloc_security = smack_inode_alloc_security,
4205 .inode_free_security = smack_inode_free_security,
4206 .inode_init_security = smack_inode_init_security,
4207 .inode_link = smack_inode_link,
4208 .inode_unlink = smack_inode_unlink,
4209 .inode_rmdir = smack_inode_rmdir,
4210 .inode_rename = smack_inode_rename,
4211 .inode_permission = smack_inode_permission,
4212 .inode_setattr = smack_inode_setattr,
4213 .inode_getattr = smack_inode_getattr,
4214 .inode_setxattr = smack_inode_setxattr,
4215 .inode_post_setxattr = smack_inode_post_setxattr,
4216 .inode_getxattr = smack_inode_getxattr,
4217 .inode_removexattr = smack_inode_removexattr,
4218 .inode_getsecurity = smack_inode_getsecurity,
4219 .inode_setsecurity = smack_inode_setsecurity,
4220 .inode_listsecurity = smack_inode_listsecurity,
d20bdda6 4221 .inode_getsecid = smack_inode_getsecid,
e114e473
CS		 4222
4223 .file_permission = smack_file_permission,
4224 .file_alloc_security = smack_file_alloc_security,
4225 .file_free_security = smack_file_free_security,
4226 .file_ioctl = smack_file_ioctl,
4227 .file_lock = smack_file_lock,
4228 .file_fcntl = smack_file_fcntl,
e5467859
AV		 4229 .mmap_file = smack_mmap_file,
4230 .mmap_addr = cap_mmap_addr,
e114e473
CS		 4231 .file_set_fowner = smack_file_set_fowner,
4232 .file_send_sigiotask = smack_file_send_sigiotask,
4233 .file_receive = smack_file_receive,
4234
83d49856 4235 .file_open = smack_file_open,
531f1d45 4236
ee18d64c 4237 .cred_alloc_blank = smack_cred_alloc_blank,
f1752eec 4238 .cred_free = smack_cred_free,
d84f4f99 4239 .cred_prepare = smack_cred_prepare,
ee18d64c 4240 .cred_transfer = smack_cred_transfer,
3a3b7ce9
DH		 4241 .kernel_act_as = smack_kernel_act_as,
4242 .kernel_create_files_as = smack_kernel_create_files_as,
e114e473
CS		 4243 .task_setpgid = smack_task_setpgid,
4244 .task_getpgid = smack_task_getpgid,
4245 .task_getsid = smack_task_getsid,
4246 .task_getsecid = smack_task_getsecid,
4247 .task_setnice = smack_task_setnice,
4248 .task_setioprio = smack_task_setioprio,
4249 .task_getioprio = smack_task_getioprio,
4250 .task_setscheduler = smack_task_setscheduler,
4251 .task_getscheduler = smack_task_getscheduler,
4252 .task_movememory = smack_task_movememory,
4253 .task_kill = smack_task_kill,
4254 .task_wait = smack_task_wait,
e114e473
CS		 4255 .task_to_inode = smack_task_to_inode,
4256
4257 .ipc_permission = smack_ipc_permission,
d20bdda6 4258 .ipc_getsecid = smack_ipc_getsecid,
e114e473
CS		 4259
4260 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
4261 .msg_msg_free_security = smack_msg_msg_free_security,
4262
4263 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
4264 .msg_queue_free_security = smack_msg_queue_free_security,
4265 .msg_queue_associate = smack_msg_queue_associate,
4266 .msg_queue_msgctl = smack_msg_queue_msgctl,
4267 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
4268 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
4269
4270 .shm_alloc_security = smack_shm_alloc_security,
4271 .shm_free_security = smack_shm_free_security,
4272 .shm_associate = smack_shm_associate,
4273 .shm_shmctl = smack_shm_shmctl,
4274 .shm_shmat = smack_shm_shmat,
4275
4276 .sem_alloc_security = smack_sem_alloc_security,
4277 .sem_free_security = smack_sem_free_security,
4278 .sem_associate = smack_sem_associate,
4279 .sem_semctl = smack_sem_semctl,
4280 .sem_semop = smack_sem_semop,
4281
e114e473
CS		 4282 .d_instantiate = smack_d_instantiate,
4283
4284 .getprocattr = smack_getprocattr,
4285 .setprocattr = smack_setprocattr,
4286
4287 .unix_stream_connect = smack_unix_stream_connect,
4288 .unix_may_send = smack_unix_may_send,
4289
4290 .socket_post_create = smack_socket_post_create,
69f287ae 4291#ifndef CONFIG_SECURITY_SMACK_NETFILTER
c6739443 4292 .socket_bind = smack_socket_bind,
69f287ae 4293#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
6d3dc07c
CS		 4294 .socket_connect = smack_socket_connect,
4295 .socket_sendmsg = smack_socket_sendmsg,
e114e473
CS		 4296 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
4297 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
4298 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
4299 .sk_alloc_security = smack_sk_alloc_security,
4300 .sk_free_security = smack_sk_free_security,
4301 .sock_graft = smack_sock_graft,
4302 .inet_conn_request = smack_inet_conn_request,
07feee8f 4303 .inet_csk_clone = smack_inet_csk_clone,
d20bdda6 4304
e114e473
CS		 4305 /* key management security hooks */
4306#ifdef CONFIG_KEYS
4307 .key_alloc = smack_key_alloc,
4308 .key_free = smack_key_free,
4309 .key_permission = smack_key_permission,
4310#endif /* CONFIG_KEYS */
d20bdda6
AD		 4311
4312 /* Audit hooks */
4313#ifdef CONFIG_AUDIT
4314 .audit_rule_init = smack_audit_rule_init,
4315 .audit_rule_known = smack_audit_rule_known,
4316 .audit_rule_match = smack_audit_rule_match,
4317 .audit_rule_free = smack_audit_rule_free,
4318#endif /* CONFIG_AUDIT */
4319
746df9b5 4320 .ismaclabel = smack_ismaclabel,
e114e473 4321 .secid_to_secctx = smack_secid_to_secctx,
4bc87e62 4322 .secctx_to_secid = smack_secctx_to_secid,
e114e473 4323 .release_secctx = smack_release_secctx,
1ee65e37
DQ		 4324 .inode_notifysecctx = smack_inode_notifysecctx,
4325 .inode_setsecctx = smack_inode_setsecctx,
4326 .inode_getsecctx = smack_inode_getsecctx,
e114e473
CS		 4327};
4328
7198e2ee 4329
86812bb0 4330static __init void init_smack_known_list(void)
7198e2ee 4331{
86812bb0
CS		 4332 /*
4333 * Initialize rule list locks
4334 */
4335 mutex_init(&smack_known_huh.smk_rules_lock);
4336 mutex_init(&smack_known_hat.smk_rules_lock);
4337 mutex_init(&smack_known_floor.smk_rules_lock);
4338 mutex_init(&smack_known_star.smk_rules_lock);
4339 mutex_init(&smack_known_invalid.smk_rules_lock);
4340 mutex_init(&smack_known_web.smk_rules_lock);
4341 /*
4342 * Initialize rule lists
4343 */
4344 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4345 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4346 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4347 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4348 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4349 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4350 /*
4351 * Create the known labels list
4352 */
4d7cf4a1
TS		 4353 smk_insert_entry(&smack_known_huh);
4354 smk_insert_entry(&smack_known_hat);
4355 smk_insert_entry(&smack_known_star);
4356 smk_insert_entry(&smack_known_floor);
4357 smk_insert_entry(&smack_known_invalid);
4358 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4359}
4360
e114e473
CS		 4361/**
4362 * smack_init - initialize the smack system
4363 *
4364 * Returns 0
4365 */
4366static __init int smack_init(void)
4367{
d84f4f99 4368 struct cred *cred;
676dac4b 4369 struct task_smack *tsp;
d84f4f99 4370
7898e1f8
CS		 4371 if (!security_module_enable(&smack_ops))
4372 return 0;
4373
69f287ae
CS		 4374 smack_enabled = 1;
4375
1a5b472b
R		 4376 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4377 if (!smack_inode_cache)
4378 return -ENOMEM;
4379
2f823ff8
CS		 4380 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4381 GFP_KERNEL);
1a5b472b
R		 4382 if (tsp == NULL) {
4383 kmem_cache_destroy(smack_inode_cache);
676dac4b 4384 return -ENOMEM;
1a5b472b 4385 }
676dac4b 4386
e114e473
CS		 4387 printk(KERN_INFO "Smack: Initializing.\n");
4388
4389 /*
4390 * Set the security state for the initial task.
4391 */
d84f4f99 4392 cred = (struct cred *) current->cred;
676dac4b 4393 cred->security = tsp;
e114e473 4394
86812bb0
CS		 4395 /* initialize the smack_known_list */
4396 init_smack_known_list();
e114e473
CS		 4397
4398 /*
4399 * Register with LSM
4400 */
4401 if (register_security(&smack_ops))
4402 panic("smack: Unable to register with kernel.\n");
4403
4404 return 0;
4405}
4406
4407/*
4408 * Smack requires early initialization in order to label
4409 * all processes and objects when they are created.
4410 */
4411security_initcall(smack_init);
ubuntu-bionic-kernel mirror