]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - security/smack/smack_lsm.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
convenience helpers: vfs_get_super() and sget_fc()
[mirror_ubuntu-hirsute-kernel.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
d66a8acb 31#include <linux/icmpv6.h>
5a0e3ad6 32#include <linux/slab.h>
e114e473
CS		 33#include <linux/mutex.h>
34#include <linux/pipe_fs_i.h>
e114e473 35#include <net/cipso_ipv4.h>
c6739443
CS		 36#include <net/ip.h>
37#include <net/ipv6.h>
d20bdda6 38#include <linux/audit.h>
1fd7317d 39#include <linux/magic.h>
2a7dba39 40#include <linux/dcache.h>
16014d87 41#include <linux/personality.h>
40401530
AV		 42#include <linux/msg.h>
43#include <linux/shm.h>
44#include <linux/binfmts.h>
3bf2789c 45#include <linux/parser.h>
2febd254
DH		 46#include <linux/fs_context.h>
47#include <linux/fs_parser.h>
e114e473
CS		 48#include "smack.h"
49
5c6d1125
JS		 50#define TRANS_TRUE "TRUE"
51#define TRANS_TRUE_SIZE 4
52
c6739443
CS		 53#define SMK_CONNECTING 0
54#define SMK_RECEIVING 1
55#define SMK_SENDING 2
56
21abb1ec 57#ifdef SMACK_IPV6_PORT_LABELING
3c7ce342 58DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 59static LIST_HEAD(smk_ipv6_port_list);
21abb1ec 60#endif
1a5b472b 61static struct kmem_cache *smack_inode_cache;
69f287ae 62int smack_enabled;
c6739443 63
c3300aaf
AV		 64#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
65static struct {
66 const char *name;
67 int len;
68 int opt;
69} smk_mount_opts[] = {
70 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
3bf2789c 71};
c3300aaf
AV		 72#undef A
73
74static int match_opt_prefix(char *s, int l, char **arg)
75{
76 int i;
77
78 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
79 size_t len = smk_mount_opts[i].len;
80 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
81 continue;
82 if (len == l || s[len] != '=')
83 continue;
84 *arg = s + len + 1;
85 return smk_mount_opts[i].opt;
86 }
87 return Opt_error;
88}
3bf2789c 89
3d04c924
CS		 90#ifdef CONFIG_SECURITY_SMACK_BRINGUP
91static char *smk_bu_mess[] = {
92 "Bringup Error", /* Unused */
93 "Bringup", /* SMACK_BRINGUP_ALLOW */
94 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
95 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
96};
97
d166c802
CS		 98static void smk_bu_mode(int mode, char *s)
99{
100 int i = 0;
101
102 if (mode & MAY_READ)
103 s[i++] = 'r';
104 if (mode & MAY_WRITE)
105 s[i++] = 'w';
106 if (mode & MAY_EXEC)
107 s[i++] = 'x';
108 if (mode & MAY_APPEND)
109 s[i++] = 'a';
110 if (mode & MAY_TRANSMUTE)
111 s[i++] = 't';
112 if (mode & MAY_LOCK)
113 s[i++] = 'l';
114 if (i == 0)
115 s[i++] = '-';
116 s[i] = '\0';
117}
118#endif
119
120#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 121static int smk_bu_note(char *note, struct smack_known *sskp,
122 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 123{
124 char acc[SMK_NUM_ACCESS_TYPE + 1];
125
126 if (rc <= 0)
127 return rc;
bf4b2fee
CS		 128 if (rc > SMACK_UNCONFINED_OBJECT)
129 rc = 0;
d166c802
CS		 130
131 smk_bu_mode(mode, acc);
bf4b2fee 132 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 133 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 134 return 0;
135}
136#else
21c7eae2 137#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 138#endif
139
140#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 141static int smk_bu_current(char *note, struct smack_known *oskp,
142 int mode, int rc)
d166c802
CS		 143{
144 struct task_smack *tsp = current_security();
145 char acc[SMK_NUM_ACCESS_TYPE + 1];
146
147 if (rc <= 0)
148 return rc;
bf4b2fee
CS		 149 if (rc > SMACK_UNCONFINED_OBJECT)
150 rc = 0;
d166c802
CS		 151
152 smk_bu_mode(mode, acc);
bf4b2fee 153 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 154 tsp->smk_task->smk_known, oskp->smk_known,
155 acc, current->comm, note);
d166c802
CS		 156 return 0;
157}
158#else
21c7eae2 159#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 160#endif
161
162#ifdef CONFIG_SECURITY_SMACK_BRINGUP
163static int smk_bu_task(struct task_struct *otp, int mode, int rc)
164{
165 struct task_smack *tsp = current_security();
6d1cff2a 166 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 167 char acc[SMK_NUM_ACCESS_TYPE + 1];
168
169 if (rc <= 0)
170 return rc;
bf4b2fee
CS		 171 if (rc > SMACK_UNCONFINED_OBJECT)
172 rc = 0;
d166c802
CS		 173
174 smk_bu_mode(mode, acc);
bf4b2fee 175 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 176 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 177 current->comm, otp->comm);
178 return 0;
179}
180#else
181#define smk_bu_task(otp, mode, RC) (RC)
182#endif
183
184#ifdef CONFIG_SECURITY_SMACK_BRINGUP
185static int smk_bu_inode(struct inode *inode, int mode, int rc)
186{
187 struct task_smack *tsp = current_security();
bf4b2fee 188 struct inode_smack *isp = inode->i_security;
d166c802
CS		 189 char acc[SMK_NUM_ACCESS_TYPE + 1];
190
bf4b2fee
CS		 191 if (isp->smk_flags & SMK_INODE_IMPURE)
192 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
193 inode->i_sb->s_id, inode->i_ino, current->comm);
194
d166c802
CS		 195 if (rc <= 0)
196 return rc;
bf4b2fee
CS		 197 if (rc > SMACK_UNCONFINED_OBJECT)
198 rc = 0;
199 if (rc == SMACK_UNCONFINED_SUBJECT &&
200 (mode & (MAY_WRITE | MAY_APPEND)))
201 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 202
203 smk_bu_mode(mode, acc);
bf4b2fee
CS		 204
205 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
206 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 207 inode->i_sb->s_id, inode->i_ino, current->comm);
208 return 0;
209}
210#else
211#define smk_bu_inode(inode, mode, RC) (RC)
212#endif
213
214#ifdef CONFIG_SECURITY_SMACK_BRINGUP
215static int smk_bu_file(struct file *file, int mode, int rc)
216{
217 struct task_smack *tsp = current_security();
218 struct smack_known *sskp = tsp->smk_task;
5e7270a6 219 struct inode *inode = file_inode(file);
bf4b2fee 220 struct inode_smack *isp = inode->i_security;
d166c802
CS		 221 char acc[SMK_NUM_ACCESS_TYPE + 1];
222
bf4b2fee
CS		 223 if (isp->smk_flags & SMK_INODE_IMPURE)
224 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
225 inode->i_sb->s_id, inode->i_ino, current->comm);
226
d166c802
CS		 227 if (rc <= 0)
228 return rc;
bf4b2fee
CS		 229 if (rc > SMACK_UNCONFINED_OBJECT)
230 rc = 0;
d166c802
CS		 231
232 smk_bu_mode(mode, acc);
bf4b2fee 233 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 234 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 235 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 236 current->comm);
237 return 0;
238}
239#else
240#define smk_bu_file(file, mode, RC) (RC)
241#endif
242
243#ifdef CONFIG_SECURITY_SMACK_BRINGUP
244static int smk_bu_credfile(const struct cred *cred, struct file *file,
245 int mode, int rc)
246{
247 struct task_smack *tsp = cred->security;
248 struct smack_known *sskp = tsp->smk_task;
45063097 249 struct inode *inode = file_inode(file);
bf4b2fee 250 struct inode_smack *isp = inode->i_security;
d166c802
CS		 251 char acc[SMK_NUM_ACCESS_TYPE + 1];
252
bf4b2fee
CS		 253 if (isp->smk_flags & SMK_INODE_IMPURE)
254 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
255 inode->i_sb->s_id, inode->i_ino, current->comm);
256
d166c802
CS		 257 if (rc <= 0)
258 return rc;
bf4b2fee
CS		 259 if (rc > SMACK_UNCONFINED_OBJECT)
260 rc = 0;
d166c802
CS		 261
262 smk_bu_mode(mode, acc);
bf4b2fee 263 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 264 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 265 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 266 current->comm);
267 return 0;
268}
269#else
270#define smk_bu_credfile(cred, file, mode, RC) (RC)
271#endif
272
e114e473
CS		 273/**
274 * smk_fetch - Fetch the smack label from a file.
1a28979b 275 * @name: type of the label (attribute)
e114e473
CS		 276 * @ip: a pointer to the inode
277 * @dp: a pointer to the dentry
278 *
e774ad68
LP		 279 * Returns a pointer to the master list entry for the Smack label,
280 * NULL if there was no label to fetch, or an error code.
e114e473 281 */
2f823ff8
CS		 282static struct smack_known *smk_fetch(const char *name, struct inode *ip,
283 struct dentry *dp)
e114e473
CS		 284{
285 int rc;
f7112e6c 286 char *buffer;
2f823ff8 287 struct smack_known *skp = NULL;
e114e473 288
5d6c3191 289 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 290 return ERR_PTR(-EOPNOTSUPP);
e114e473 291
f7112e6c
CS		 292 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
293 if (buffer == NULL)
e774ad68 294 return ERR_PTR(-ENOMEM);
e114e473 295
5d6c3191 296 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 297 if (rc < 0)
298 skp = ERR_PTR(rc);
299 else if (rc == 0)
300 skp = NULL;
301 else
2f823ff8 302 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 303
304 kfree(buffer);
305
2f823ff8 306 return skp;
e114e473
CS		 307}
308
309/**
310 * new_inode_smack - allocate an inode security blob
21c7eae2 311 * @skp: a pointer to the Smack label entry to use in the blob
e114e473
CS		 312 *
313 * Returns the new blob or NULL if there's no memory available
314 */
1eddfe8e 315static struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473
CS		 316{
317 struct inode_smack *isp;
318
1a5b472b 319 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
e114e473
CS		 320 if (isp == NULL)
321 return NULL;
322
21c7eae2 323 isp->smk_inode = skp;
e114e473
CS		 324 isp->smk_flags = 0;
325 mutex_init(&isp->smk_lock);
326
327 return isp;
328}
329
7898e1f8
CS		 330/**
331 * new_task_smack - allocate a task security blob
1a28979b
LP		 332 * @task: a pointer to the Smack label for the running task
333 * @forked: a pointer to the Smack label for the forked task
334 * @gfp: type of the memory for the allocation
7898e1f8
CS		 335 *
336 * Returns the new blob or NULL if there's no memory available
337 */
2f823ff8
CS		 338static struct task_smack *new_task_smack(struct smack_known *task,
339 struct smack_known *forked, gfp_t gfp)
7898e1f8
CS		 340{
341 struct task_smack *tsp;
342
343 tsp = kzalloc(sizeof(struct task_smack), gfp);
344 if (tsp == NULL)
345 return NULL;
346
347 tsp->smk_task = task;
348 tsp->smk_forked = forked;
349 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 350 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8
CS		 351 mutex_init(&tsp->smk_rules_lock);
352
353 return tsp;
354}
355
356/**
357 * smk_copy_rules - copy a rule set
1a28979b
LP		 358 * @nhead: new rules header pointer
359 * @ohead: old rules header pointer
360 * @gfp: type of the memory for the allocation
7898e1f8
CS		 361 *
362 * Returns 0 on success, -ENOMEM on error
363 */
364static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
365 gfp_t gfp)
366{
367 struct smack_rule *nrp;
368 struct smack_rule *orp;
369 int rc = 0;
370
7898e1f8
CS		 371 list_for_each_entry_rcu(orp, ohead, list) {
372 nrp = kzalloc(sizeof(struct smack_rule), gfp);
373 if (nrp == NULL) {
374 rc = -ENOMEM;
375 break;
376 }
377 *nrp = *orp;
378 list_add_rcu(&nrp->list, nhead);
379 }
380 return rc;
381}
382
38416e53
ZJ		 383/**
384 * smk_copy_relabel - copy smk_relabel labels list
385 * @nhead: new rules header pointer
386 * @ohead: old rules header pointer
387 * @gfp: type of the memory for the allocation
388 *
389 * Returns 0 on success, -ENOMEM on error
390 */
391static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
392 gfp_t gfp)
393{
394 struct smack_known_list_elem *nklep;
395 struct smack_known_list_elem *oklep;
396
38416e53
ZJ		 397 list_for_each_entry(oklep, ohead, list) {
398 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
399 if (nklep == NULL) {
400 smk_destroy_label_list(nhead);
401 return -ENOMEM;
402 }
403 nklep->smk_label = oklep->smk_label;
404 list_add(&nklep->list, nhead);
405 }
406
407 return 0;
408}
409
5663884c
LP		 410/**
411 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
412 * @mode - input mode in form of PTRACE_MODE_*
413 *
414 * Returns a converted MAY_* mode usable by smack rules
415 */
416static inline unsigned int smk_ptrace_mode(unsigned int mode)
417{
3dfb7d8c 418 if (mode & PTRACE_MODE_ATTACH)
5663884c 419 return MAY_READWRITE;
3dfb7d8c
JH		 420 if (mode & PTRACE_MODE_READ)
421 return MAY_READ;
5663884c
LP		 422
423 return 0;
424}
425
426/**
427 * smk_ptrace_rule_check - helper for ptrace access
428 * @tracer: tracer process
21c7eae2 429 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 430 * @mode: ptrace attachment mode (PTRACE_MODE_*)
431 * @func: name of the function that called us, used for audit
432 *
433 * Returns 0 on access granted, -error on error
434 */
21c7eae2
LP		 435static int smk_ptrace_rule_check(struct task_struct *tracer,
436 struct smack_known *tracee_known,
5663884c
LP		 437 unsigned int mode, const char *func)
438{
439 int rc;
440 struct smk_audit_info ad, *saip = NULL;
441 struct task_smack *tsp;
21c7eae2 442 struct smack_known *tracer_known;
dcb569cf 443 const struct cred *tracercred;
5663884c
LP		 444
445 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
446 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
447 smk_ad_setfield_u_tsk(&ad, tracer);
448 saip = &ad;
449 }
450
6d1cff2a 451 rcu_read_lock();
dcb569cf
CS		 452 tracercred = __task_cred(tracer);
453 tsp = tracercred->security;
21c7eae2 454 tracer_known = smk_of_task(tsp);
5663884c 455
66867818
LP		 456 if ((mode & PTRACE_MODE_ATTACH) &&
457 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
458 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 459 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 460 rc = 0;
461 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
462 rc = -EACCES;
dcb569cf 463 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
66867818
LP		 464 rc = 0;
465 else
466 rc = -EACCES;
467
468 if (saip)
21c7eae2
LP		 469 smack_log(tracer_known->smk_known,
470 tracee_known->smk_known,
471 0, rc, saip);
66867818 472
6d1cff2a 473 rcu_read_unlock();
66867818
LP		 474 return rc;
475 }
476
477 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 478 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 479
480 rcu_read_unlock();
5663884c
LP		 481 return rc;
482}
483
e114e473
CS		 484/*
485 * LSM hooks.
486 * We he, that is fun!
487 */
488
489/**
9e48858f 490 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 491 * @ctp: child task pointer
5663884c 492 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 493 *
494 * Returns 0 if access is OK, an error code otherwise
495 *
5663884c 496 * Do the capability checks.
e114e473 497 */
9e48858f 498static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 499{
2f823ff8 500 struct smack_known *skp;
e114e473 501
6d1cff2a 502 skp = smk_of_task_struct(ctp);
ecfcc53f 503
b1d9e6b0 504 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 505}
506
507/**
508 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
509 * @ptp: parent task pointer
510 *
511 * Returns 0 if access is OK, an error code otherwise
512 *
5663884c 513 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 514 */
515static int smack_ptrace_traceme(struct task_struct *ptp)
516{
517 int rc;
2f823ff8 518 struct smack_known *skp;
5cd9c58f 519
959e6c7f 520 skp = smk_of_task(current_security());
ecfcc53f 521
21c7eae2 522 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 523 return rc;
524}
525
526/**
527 * smack_syslog - Smack approval on syslog
528 * @type: message type
529 *
e114e473
CS		 530 * Returns 0 on success, error code otherwise.
531 */
12b3052c 532static int smack_syslog(int typefrom_file)
e114e473 533{
12b3052c 534 int rc = 0;
2f823ff8 535 struct smack_known *skp = smk_of_current();
e114e473 536
1880eff7 537 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 538 return 0;
539
24ea1b6e 540 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 541 rc = -EACCES;
542
543 return rc;
544}
545
e114e473
CS		 546/*
547 * Superblock Hooks.
548 */
549
550/**
551 * smack_sb_alloc_security - allocate a superblock blob
552 * @sb: the superblock getting the blob
553 *
554 * Returns 0 on success or -ENOMEM on error.
555 */
556static int smack_sb_alloc_security(struct super_block *sb)
557{
558 struct superblock_smack *sbsp;
559
560 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
561
562 if (sbsp == NULL)
563 return -ENOMEM;
564
21c7eae2
LP		 565 sbsp->smk_root = &smack_known_floor;
566 sbsp->smk_default = &smack_known_floor;
567 sbsp->smk_floor = &smack_known_floor;
568 sbsp->smk_hat = &smack_known_hat;
e830b394 569 /*
9f50eda2 570 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 571 */
e114e473
CS		 572 sb->s_security = sbsp;
573
574 return 0;
575}
576
577/**
578 * smack_sb_free_security - free a superblock blob
579 * @sb: the superblock getting the blob
580 *
581 */
582static void smack_sb_free_security(struct super_block *sb)
583{
584 kfree(sb->s_security);
585 sb->s_security = NULL;
586}
587
12085b14
AV		 588struct smack_mnt_opts {
589 const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
590};
e114e473 591
204cc0cc
AV		 592static void smack_free_mnt_opts(void *mnt_opts)
593{
12085b14
AV		 594 struct smack_mnt_opts *opts = mnt_opts;
595 kfree(opts->fsdefault);
596 kfree(opts->fsfloor);
597 kfree(opts->fshat);
598 kfree(opts->fsroot);
599 kfree(opts->fstransmute);
204cc0cc
AV		 600 kfree(opts);
601}
e114e473 602
55c0e5bd
AV		 603static int smack_add_opt(int token, const char *s, void **mnt_opts)
604{
605 struct smack_mnt_opts *opts = *mnt_opts;
e114e473 606
55c0e5bd
AV		 607 if (!opts) {
608 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
609 if (!opts)
610 return -ENOMEM;
611 *mnt_opts = opts;
e114e473 612 }
55c0e5bd
AV		 613 if (!s)
614 return -ENOMEM;
e114e473 615
55c0e5bd
AV		 616 switch (token) {
617 case Opt_fsdefault:
618 if (opts->fsdefault)
619 goto out_opt_err;
620 opts->fsdefault = s;
621 break;
622 case Opt_fsfloor:
623 if (opts->fsfloor)
624 goto out_opt_err;
625 opts->fsfloor = s;
626 break;
627 case Opt_fshat:
628 if (opts->fshat)
629 goto out_opt_err;
630 opts->fshat = s;
631 break;
632 case Opt_fsroot:
633 if (opts->fsroot)
634 goto out_opt_err;
635 opts->fsroot = s;
636 break;
637 case Opt_fstransmute:
638 if (opts->fstransmute)
639 goto out_opt_err;
640 opts->fstransmute = s;
641 break;
642 }
e114e473 643 return 0;
55c0e5bd
AV		 644
645out_opt_err:
646 pr_warn("Smack: duplicate mount options\n");
647 return -EINVAL;
e114e473
CS		 648}
649
2febd254
DH		 650static const struct fs_parameter_spec smack_param_specs[] = {
651 fsparam_string("fsdefault", Opt_fsdefault),
652 fsparam_string("fsfloor", Opt_fsfloor),
653 fsparam_string("fshat", Opt_fshat),
654 fsparam_string("fsroot", Opt_fsroot),
655 fsparam_string("fstransmute", Opt_fstransmute),
656 {}
657};
658
659static const struct fs_parameter_description smack_fs_parameters = {
660 .name = "smack",
661 .specs = smack_param_specs,
662};
663
664/**
665 * smack_fs_context_parse_param - Parse a single mount parameter
666 * @fc: The new filesystem context being constructed.
667 * @param: The parameter.
668 *
669 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
670 * error.
671 */
672static int smack_fs_context_parse_param(struct fs_context *fc,
673 struct fs_parameter *param)
674{
675 struct fs_parse_result result;
676 int opt, rc;
677
678 opt = fs_parse(fc, &smack_fs_parameters, param, &result);
679 if (opt < 0)
680 return opt;
681
682 rc = smack_add_opt(opt, param->string, &fc->security);
683 if (!rc)
684 param->string = NULL;
685 return rc;
686}
687
d2497e12 688static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
3bf2789c 689{
d2497e12
AV		 690 char *from = options, *to = options;
691 bool first = true;
3bf2789c 692
c3300aaf
AV		 693 while (1) {
694 char *next = strchr(from, ',');
695 int token, len, rc;
696 char *arg = NULL;
3bf2789c 697
c3300aaf
AV		 698 if (next)
699 len = next - from;
700 else
701 len = strlen(from);
3bf2789c 702
c3300aaf 703 token = match_opt_prefix(from, len, &arg);
d2497e12
AV		 704 if (token != Opt_error) {
705 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
706 rc = smack_add_opt(token, arg, mnt_opts);
707 if (unlikely(rc)) {
708 kfree(arg);
709 if (*mnt_opts)
710 smack_free_mnt_opts(*mnt_opts);
711 *mnt_opts = NULL;
712 return rc;
713 }
714 } else {
715 if (!first) { // copy with preceding comma
716 from--;
717 len++;
718 }
719 if (to != from)
720 memmove(to, from, len);
721 to += len;
722 first = false;
3bf2789c 723 }
c3300aaf
AV		 724 if (!from[len])
725 break;
726 from += len + 1;
3bf2789c 727 }
d2497e12 728 *to = '\0';
3bf2789c 729 return 0;
3bf2789c
VT		 730}
731
732/**
733 * smack_set_mnt_opts - set Smack specific mount options
e114e473 734 * @sb: the file system superblock
3bf2789c
VT		 735 * @opts: Smack mount options
736 * @kern_flags: mount option from kernel space or user space
737 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 738 *
739 * Returns 0 on success, an error code on failure
3bf2789c
VT		 740 *
741 * Allow filesystems with binary mount data to explicitly set Smack mount
742 * labels.
e114e473 743 */
3bf2789c 744static int smack_set_mnt_opts(struct super_block *sb,
204cc0cc 745 void *mnt_opts,
3bf2789c
VT		 746 unsigned long kern_flags,
747 unsigned long *set_kern_flags)
e114e473
CS		 748{
749 struct dentry *root = sb->s_root;
c6f493d6 750 struct inode *inode = d_backing_inode(root);
e114e473
CS		 751 struct superblock_smack *sp = sb->s_security;
752 struct inode_smack *isp;
24ea1b6e 753 struct smack_known *skp;
12085b14
AV		 754 struct smack_mnt_opts *opts = mnt_opts;
755 bool transmute = false;
e114e473 756
9f50eda2 757 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 758 return 0;
eb982cb4 759
2097f599
HS		 760 if (!smack_privileged(CAP_MAC_ADMIN)) {
761 /*
762 * Unprivileged mounts don't get to specify Smack values.
763 */
12085b14 764 if (opts)
2097f599
HS		 765 return -EPERM;
766 /*
767 * Unprivileged mounts get root and default from the caller.
768 */
769 skp = smk_of_current();
770 sp->smk_root = skp;
771 sp->smk_default = skp;
772 /*
773 * For a handful of fs types with no user-controlled
774 * backing store it's okay to trust security labels
775 * in the filesystem. The rest are untrusted.
776 */
777 if (sb->s_user_ns != &init_user_ns &&
778 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
779 sb->s_magic != RAMFS_MAGIC) {
12085b14 780 transmute = true;
2097f599
HS		 781 sp->smk_flags |= SMK_SB_UNTRUSTED;
782 }
783 }
784
9f50eda2 785 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 786
12085b14
AV		 787 if (opts) {
788 if (opts->fsdefault) {
789 skp = smk_import_entry(opts->fsdefault, 0);
e774ad68
LP		 790 if (IS_ERR(skp))
791 return PTR_ERR(skp);
3bf2789c 792 sp->smk_default = skp;
12085b14
AV		 793 }
794 if (opts->fsfloor) {
795 skp = smk_import_entry(opts->fsfloor, 0);
e774ad68
LP		 796 if (IS_ERR(skp))
797 return PTR_ERR(skp);
798 sp->smk_floor = skp;
12085b14
AV		 799 }
800 if (opts->fshat) {
801 skp = smk_import_entry(opts->fshat, 0);
e774ad68
LP		 802 if (IS_ERR(skp))
803 return PTR_ERR(skp);
3bf2789c 804 sp->smk_hat = skp;
12085b14
AV		 805 }
806 if (opts->fsroot) {
807 skp = smk_import_entry(opts->fsroot, 0);
e774ad68
LP		 808 if (IS_ERR(skp))
809 return PTR_ERR(skp);
810 sp->smk_root = skp;
12085b14
AV		 811 }
812 if (opts->fstransmute) {
813 skp = smk_import_entry(opts->fstransmute, 0);
e774ad68
LP		 814 if (IS_ERR(skp))
815 return PTR_ERR(skp);
816 sp->smk_root = skp;
12085b14 817 transmute = true;
e114e473
CS		 818 }
819 }
820
821 /*
822 * Initialize the root inode.
823 */
824 isp = inode->i_security;
55dfc5da
JB		 825 if (isp == NULL) {
826 isp = new_inode_smack(sp->smk_root);
827 if (isp == NULL)
828 return -ENOMEM;
829 inode->i_security = isp;
e830b394 830 } else
e114e473
CS		 831 isp->smk_inode = sp->smk_root;
832
e830b394
CS		 833 if (transmute)
834 isp->smk_flags |= SMK_INODE_TRANSMUTE;
835
e114e473
CS		 836 return 0;
837}
838
839/**
840 * smack_sb_statfs - Smack check on statfs
841 * @dentry: identifies the file system in question
842 *
843 * Returns 0 if current can read the floor of the filesystem,
844 * and error code otherwise
845 */
846static int smack_sb_statfs(struct dentry *dentry)
847{
848 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 849 int rc;
850 struct smk_audit_info ad;
851
a269434d 852 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 853 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 854
ecfcc53f 855 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 856 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 857 return rc;
e114e473
CS		 858}
859
676dac4b
CS		 860/*
861 * BPRM hooks
862 */
863
ce8a4321
CS		 864/**
865 * smack_bprm_set_creds - set creds for exec
866 * @bprm: the exec information
867 *
5663884c 868 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 869 */
676dac4b
CS		 870static int smack_bprm_set_creds(struct linux_binprm *bprm)
871{
496ad9aa 872 struct inode *inode = file_inode(bprm->file);
84088ba2 873 struct task_smack *bsp = bprm->cred->security;
676dac4b 874 struct inode_smack *isp;
809c02e0 875 struct superblock_smack *sbsp;
676dac4b
CS		 876 int rc;
877
ddb4a144 878 if (bprm->called_set_creds)
676dac4b
CS		 879 return 0;
880
84088ba2
JS		 881 isp = inode->i_security;
882 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 883 return 0;
884
809c02e0
SF		 885 sbsp = inode->i_sb->s_security;
886 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
887 isp->smk_task != sbsp->smk_root)
888 return 0;
889
9227dd2a 890 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 891 struct task_struct *tracer;
892 rc = 0;
893
894 rcu_read_lock();
895 tracer = ptrace_parent(current);
896 if (likely(tracer != NULL))
897 rc = smk_ptrace_rule_check(tracer,
21c7eae2 898 isp->smk_task,
5663884c
LP		 899 PTRACE_MODE_ATTACH,
900 __func__);
901 rcu_read_unlock();
902
903 if (rc != 0)
904 return rc;
905 } else if (bprm->unsafe)
84088ba2 906 return -EPERM;
676dac4b 907
84088ba2
JS		 908 bsp->smk_task = isp->smk_task;
909 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 910
ccbb6e10
KC		 911 /* Decide if this is a secure exec. */
912 if (bsp->smk_task != bsp->smk_forked)
913 bprm->secureexec = 1;
914
84088ba2
JS		 915 return 0;
916}
676dac4b 917
e114e473
CS		 918/*
919 * Inode hooks
920 */
921
922/**
923 * smack_inode_alloc_security - allocate an inode blob
251a2a95 924 * @inode: the inode in need of a blob
e114e473
CS		 925 *
926 * Returns 0 if it gets a blob, -ENOMEM otherwise
927 */
928static int smack_inode_alloc_security(struct inode *inode)
929{
2f823ff8
CS		 930 struct smack_known *skp = smk_of_current();
931
21c7eae2 932 inode->i_security = new_inode_smack(skp);
e114e473
CS		 933 if (inode->i_security == NULL)
934 return -ENOMEM;
935 return 0;
936}
937
938/**
3d4f673a
HS		 939 * smack_inode_free_rcu - Free inode_smack blob from cache
940 * @head: the rcu_head for getting inode_smack pointer
941 *
942 * Call back function called from call_rcu() to free
943 * the i_security blob pointer in inode
944 */
945static void smack_inode_free_rcu(struct rcu_head *head)
946{
947 struct inode_smack *issp;
948
949 issp = container_of(head, struct inode_smack, smk_rcu);
950 kmem_cache_free(smack_inode_cache, issp);
951}
952
953/**
954 * smack_inode_free_security - free an inode blob using call_rcu()
251a2a95 955 * @inode: the inode with a blob
e114e473 956 *
3d4f673a 957 * Clears the blob pointer in inode using RCU
e114e473
CS		 958 */
959static void smack_inode_free_security(struct inode *inode)
960{
3d4f673a
HS		 961 struct inode_smack *issp = inode->i_security;
962
963 /*
964 * The inode may still be referenced in a path walk and
965 * a call to smack_inode_permission() can be made
966 * after smack_inode_free_security() is called.
967 * To avoid race condition free the i_security via RCU
968 * and leave the current inode->i_security pointer intact.
969 * The inode will be freed after the RCU grace period too.
970 */
971 call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
e114e473
CS		 972}
973
974/**
975 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 976 * @inode: the newly created inode
977 * @dir: containing directory object
2a7dba39 978 * @qstr: unused
e114e473
CS		 979 * @name: where to put the attribute name
980 * @value: where to put the attribute value
981 * @len: where to put the length of the attribute
982 *
983 * Returns 0 if it all works out, -ENOMEM if there's no memory
984 */
985static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 986 const struct qstr *qstr, const char **name,
2a7dba39 987 void **value, size_t *len)
e114e473 988{
2267b13a 989 struct inode_smack *issp = inode->i_security;
2f823ff8 990 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 991 struct smack_known *isp = smk_of_inode(inode);
992 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 993 int may;
e114e473 994
9548906b
TH		 995 if (name)
996 *name = XATTR_SMACK_SUFFIX;
e114e473 997
68390ccf 998 if (value && len) {
7898e1f8 999 rcu_read_lock();
21c7eae2
LP		 1000 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1001 &skp->smk_rules);
7898e1f8 1002 rcu_read_unlock();
5c6d1125
JS		 1003
1004 /*
1005 * If the access rule allows transmutation and
1006 * the directory requests transmutation then
1007 * by all means transmute.
2267b13a 1008 * Mark the inode as changed.
5c6d1125 1009 */
7898e1f8 1010 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 1011 smk_inode_transmutable(dir)) {
5c6d1125 1012 isp = dsp;
2267b13a
CS		 1013 issp->smk_flags |= SMK_INODE_CHANGED;
1014 }
5c6d1125 1015
21c7eae2 1016 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 1017 if (*value == NULL)
1018 return -ENOMEM;
e114e473 1019
21c7eae2 1020 *len = strlen(isp->smk_known);
68390ccf 1021 }
e114e473
CS		 1022
1023 return 0;
1024}
1025
1026/**
1027 * smack_inode_link - Smack check on link
1028 * @old_dentry: the existing object
1029 * @dir: unused
1030 * @new_dentry: the new object
1031 *
1032 * Returns 0 if access is permitted, an error code otherwise
1033 */
1034static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1035 struct dentry *new_dentry)
1036{
21c7eae2 1037 struct smack_known *isp;
ecfcc53f
EB		 1038 struct smk_audit_info ad;
1039 int rc;
1040
a269434d 1041 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1042 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1043
c6f493d6 1044 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1045 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1046 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1047
8802565b 1048 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1049 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1050 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1051 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1052 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1053 }
1054
1055 return rc;
1056}
1057
1058/**
1059 * smack_inode_unlink - Smack check on inode deletion
1060 * @dir: containing directory object
1061 * @dentry: file to unlink
1062 *
1063 * Returns 0 if current can write the containing directory
1064 * and the object, error code otherwise
1065 */
1066static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1067{
c6f493d6 1068 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1069 struct smk_audit_info ad;
e114e473
CS		 1070 int rc;
1071
a269434d 1072 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1073 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1074
e114e473
CS		 1075 /*
1076 * You need write access to the thing you're unlinking
1077 */
ecfcc53f 1078 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1079 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1080 if (rc == 0) {
e114e473
CS		 1081 /*
1082 * You also need write access to the containing directory
1083 */
cdb56b60 1084 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1085 smk_ad_setfield_u_fs_inode(&ad, dir);
1086 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1087 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1088 }
e114e473
CS		 1089 return rc;
1090}
1091
1092/**
1093 * smack_inode_rmdir - Smack check on directory deletion
1094 * @dir: containing directory object
1095 * @dentry: directory to unlink
1096 *
1097 * Returns 0 if current can write the containing directory
1098 * and the directory, error code otherwise
1099 */
1100static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1101{
ecfcc53f 1102 struct smk_audit_info ad;
e114e473
CS		 1103 int rc;
1104
a269434d 1105 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1106 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1107
e114e473
CS		 1108 /*
1109 * You need write access to the thing you're removing
1110 */
c6f493d6
DH		 1111 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1112 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1113 if (rc == 0) {
e114e473
CS		 1114 /*
1115 * You also need write access to the containing directory
1116 */
cdb56b60 1117 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1118 smk_ad_setfield_u_fs_inode(&ad, dir);
1119 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1120 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1121 }
e114e473
CS		 1122
1123 return rc;
1124}
1125
1126/**
1127 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1128 * @old_inode: unused
1129 * @old_dentry: the old object
1130 * @new_inode: unused
1131 * @new_dentry: the new object
e114e473
CS		 1132 *
1133 * Read and write access is required on both the old and
1134 * new directories.
1135 *
1136 * Returns 0 if access is permitted, an error code otherwise
1137 */
1138static int smack_inode_rename(struct inode *old_inode,
1139 struct dentry *old_dentry,
1140 struct inode *new_inode,
1141 struct dentry *new_dentry)
1142{
1143 int rc;
21c7eae2 1144 struct smack_known *isp;
ecfcc53f
EB		 1145 struct smk_audit_info ad;
1146
a269434d 1147 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1148 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1149
c6f493d6 1150 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1151 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1152 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1153
8802565b 1154 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1155 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1156 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1157 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1158 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1159 }
e114e473
CS		 1160 return rc;
1161}
1162
1163/**
1164 * smack_inode_permission - Smack version of permission()
1165 * @inode: the inode in question
1166 * @mask: the access requested
e114e473
CS		 1167 *
1168 * This is the important Smack hook.
1169 *
1170 * Returns 0 if access is permitted, -EACCES otherwise
1171 */
e74f71eb 1172static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1173{
9f50eda2 1174 struct superblock_smack *sbsp = inode->i_sb->s_security;
ecfcc53f 1175 struct smk_audit_info ad;
e74f71eb 1176 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1177 int rc;
d09ca739
EP		 1178
1179 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1180 /*
1181 * No permission to check. Existence test. Yup, it's there.
1182 */
1183 if (mask == 0)
1184 return 0;
8c9e80ed 1185
9f50eda2
SF		 1186 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1187 if (smk_of_inode(inode) != sbsp->smk_root)
1188 return -EACCES;
1189 }
1190
8c9e80ed 1191 /* May be droppable after audit */
e74f71eb 1192 if (no_block)
8c9e80ed 1193 return -ECHILD;
f48b7399 1194 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1195 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1196 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1197 rc = smk_bu_inode(inode, mask, rc);
1198 return rc;
e114e473
CS		 1199}
1200
1201/**
1202 * smack_inode_setattr - Smack check for setting attributes
1203 * @dentry: the object
1204 * @iattr: for the force flag
1205 *
1206 * Returns 0 if access is permitted, an error code otherwise
1207 */
1208static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1209{
ecfcc53f 1210 struct smk_audit_info ad;
d166c802
CS		 1211 int rc;
1212
e114e473
CS		 1213 /*
1214 * Need to allow for clearing the setuid bit.
1215 */
1216 if (iattr->ia_valid & ATTR_FORCE)
1217 return 0;
a269434d 1218 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1219 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1220
c6f493d6
DH		 1221 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1222 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1223 return rc;
e114e473
CS		 1224}
1225
1226/**
1227 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1228 * @mnt: vfsmount of the object
e114e473
CS		 1229 * @dentry: the object
1230 *
1231 * Returns 0 if access is permitted, an error code otherwise
1232 */
3f7036a0 1233static int smack_inode_getattr(const struct path *path)
e114e473 1234{
ecfcc53f 1235 struct smk_audit_info ad;
c6f493d6 1236 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1237 int rc;
ecfcc53f 1238
f48b7399 1239 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1240 smk_ad_setfield_u_fs_path(&ad, *path);
1241 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1242 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1243 return rc;
e114e473
CS		 1244}
1245
1246/**
1247 * smack_inode_setxattr - Smack check for setting xattrs
1248 * @dentry: the object
1249 * @name: name of the attribute
e95ef49b
LP		 1250 * @value: value of the attribute
1251 * @size: size of the value
e114e473
CS		 1252 * @flags: unused
1253 *
1254 * This protects the Smack attribute explicitly.
1255 *
1256 * Returns 0 if access is permitted, an error code otherwise
1257 */
8f0cfa52
DH		 1258static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1259 const void *value, size_t size, int flags)
e114e473 1260{
ecfcc53f 1261 struct smk_audit_info ad;
19760ad0
CS		 1262 struct smack_known *skp;
1263 int check_priv = 0;
1264 int check_import = 0;
1265 int check_star = 0;
bcdca225 1266 int rc = 0;
e114e473 1267
19760ad0
CS		 1268 /*
1269 * Check label validity here so import won't fail in post_setxattr
1270 */
bcdca225
CS		 1271 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1272 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1273 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1274 check_priv = 1;
1275 check_import = 1;
1276 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1277 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1278 check_priv = 1;
1279 check_import = 1;
1280 check_star = 1;
5c6d1125 1281 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1282 check_priv = 1;
5c6d1125
JS		 1283 if (size != TRANS_TRUE_SIZE ||
1284 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1285 rc = -EINVAL;
bcdca225
CS		 1286 } else
1287 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1288
19760ad0
CS		 1289 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1290 rc = -EPERM;
1291
1292 if (rc == 0 && check_import) {
b862e561 1293 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1294 if (IS_ERR(skp))
1295 rc = PTR_ERR(skp);
1296 else if (skp == NULL || (check_star &&
19760ad0
CS		 1297 (skp == &smack_known_star || skp == &smack_known_web)))
1298 rc = -EINVAL;
1299 }
1300
a269434d 1301 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1302 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1303
d166c802 1304 if (rc == 0) {
c6f493d6
DH		 1305 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1306 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1307 }
bcdca225
CS		 1308
1309 return rc;
e114e473
CS		 1310}
1311
1312/**
1313 * smack_inode_post_setxattr - Apply the Smack update approved above
1314 * @dentry: object
1315 * @name: attribute name
1316 * @value: attribute value
1317 * @size: attribute size
1318 * @flags: unused
1319 *
1320 * Set the pointer in the inode blob to the entry found
1321 * in the master label list.
1322 */
8f0cfa52
DH		 1323static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1324 const void *value, size_t size, int flags)
e114e473 1325{
2f823ff8 1326 struct smack_known *skp;
c6f493d6 1327 struct inode_smack *isp = d_backing_inode(dentry)->i_security;
676dac4b 1328
2f823ff8
CS		 1329 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1330 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1331 return;
1332 }
1333
676dac4b 1334 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1335 skp = smk_import_entry(value, size);
e774ad68 1336 if (!IS_ERR(skp))
21c7eae2 1337 isp->smk_inode = skp;
5c6d1125 1338 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1339 skp = smk_import_entry(value, size);
e774ad68 1340 if (!IS_ERR(skp))
2f823ff8 1341 isp->smk_task = skp;
7898e1f8 1342 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1343 skp = smk_import_entry(value, size);
e774ad68 1344 if (!IS_ERR(skp))
2f823ff8 1345 isp->smk_mmap = skp;
2f823ff8 1346 }
e114e473
CS		 1347
1348 return;
1349}
1350
ce8a4321 1351/**
e114e473
CS		 1352 * smack_inode_getxattr - Smack check on getxattr
1353 * @dentry: the object
1354 * @name: unused
1355 *
1356 * Returns 0 if access is permitted, an error code otherwise
1357 */
8f0cfa52 1358static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1359{
ecfcc53f 1360 struct smk_audit_info ad;
d166c802 1361 int rc;
ecfcc53f 1362
a269434d 1363 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1364 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1365
c6f493d6
DH		 1366 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1367 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1368 return rc;
e114e473
CS		 1369}
1370
ce8a4321 1371/**
e114e473
CS		 1372 * smack_inode_removexattr - Smack check on removexattr
1373 * @dentry: the object
1374 * @name: name of the attribute
1375 *
1376 * Removing the Smack attribute requires CAP_MAC_ADMIN
1377 *
1378 * Returns 0 if access is permitted, an error code otherwise
1379 */
8f0cfa52 1380static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1381{
676dac4b 1382 struct inode_smack *isp;
ecfcc53f 1383 struct smk_audit_info ad;
bcdca225 1384 int rc = 0;
e114e473 1385
bcdca225
CS		 1386 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1387 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1388 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1389 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1390 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1391 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1392 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1393 rc = -EPERM;
1394 } else
1395 rc = cap_inode_removexattr(dentry, name);
1396
f59bdfba
CS		 1397 if (rc != 0)
1398 return rc;
1399
a269434d 1400 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1401 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1402
c6f493d6
DH		 1403 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1404 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1405 if (rc != 0)
1406 return rc;
1407
c6f493d6 1408 isp = d_backing_inode(dentry)->i_security;
f59bdfba
CS		 1409 /*
1410 * Don't do anything special for these.
1411 * XATTR_NAME_SMACKIPIN
1412 * XATTR_NAME_SMACKIPOUT
f59bdfba 1413 */
8012495e 1414 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1415 struct super_block *sbp = dentry->d_sb;
8012495e
JB		 1416 struct superblock_smack *sbsp = sbp->s_security;
1417
1418 isp->smk_inode = sbsp->smk_default;
1419 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1420 isp->smk_task = NULL;
f59bdfba 1421 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1422 isp->smk_mmap = NULL;
f59bdfba
CS		 1423 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1424 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1425
f59bdfba 1426 return 0;
e114e473
CS		 1427}
1428
1429/**
1430 * smack_inode_getsecurity - get smack xattrs
1431 * @inode: the object
1432 * @name: attribute name
1433 * @buffer: where to put the result
57e7ba04 1434 * @alloc: duplicate memory
e114e473
CS		 1435 *
1436 * Returns the size of the attribute or an error code
1437 */
ea861dfd 1438static int smack_inode_getsecurity(struct inode *inode,
e114e473
CS		 1439 const char *name, void **buffer,
1440 bool alloc)
1441{
1442 struct socket_smack *ssp;
1443 struct socket *sock;
1444 struct super_block *sbp;
1445 struct inode *ip = (struct inode *)inode;
21c7eae2 1446 struct smack_known *isp;
e114e473 1447
57e7ba04 1448 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1449 isp = smk_of_inode(inode);
57e7ba04
CS		 1450 else {
1451 /*
1452 * The rest of the Smack xattrs are only on sockets.
1453 */
1454 sbp = ip->i_sb;
1455 if (sbp->s_magic != SOCKFS_MAGIC)
1456 return -EOPNOTSUPP;
e114e473 1457
57e7ba04
CS		 1458 sock = SOCKET_I(ip);
1459 if (sock == NULL || sock->sk == NULL)
1460 return -EOPNOTSUPP;
e114e473 1461
57e7ba04 1462 ssp = sock->sk->sk_security;
e114e473 1463
57e7ba04
CS		 1464 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1465 isp = ssp->smk_in;
1466 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1467 isp = ssp->smk_out;
1468 else
1469 return -EOPNOTSUPP;
1470 }
e114e473 1471
57e7ba04
CS		 1472 if (alloc) {
1473 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1474 if (*buffer == NULL)
1475 return -ENOMEM;
e114e473
CS		 1476 }
1477
57e7ba04 1478 return strlen(isp->smk_known);
e114e473
CS		 1479}
1480
1481
1482/**
1483 * smack_inode_listsecurity - list the Smack attributes
1484 * @inode: the object
1485 * @buffer: where they go
1486 * @buffer_size: size of buffer
e114e473
CS		 1487 */
1488static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1489 size_t buffer_size)
1490{
fd5c9d23 1491 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1492
fd5c9d23 1493 if (buffer != NULL && len <= buffer_size)
e114e473 1494 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1495
1496 return len;
e114e473
CS		 1497}
1498
d20bdda6
AD		 1499/**
1500 * smack_inode_getsecid - Extract inode's security id
1501 * @inode: inode to extract the info from
1502 * @secid: where result will be saved
1503 */
d6335d77 1504static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1505{
0f8983cf 1506 struct smack_known *skp = smk_of_inode(inode);
d20bdda6 1507
0f8983cf 1508 *secid = skp->smk_secid;
d20bdda6
AD		 1509}
1510
e114e473
CS		 1511/*
1512 * File Hooks
1513 */
1514
491a0b08
CS		 1515/*
1516 * There is no smack_file_permission hook
e114e473
CS		 1517 *
1518 * Should access checks be done on each read or write?
1519 * UNICOS and SELinux say yes.
1520 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1521 *
1522 * I'll say no for now. Smack does not do the frequent
1523 * label changing that SELinux does.
1524 */
e114e473
CS		 1525
1526/**
1527 * smack_file_alloc_security - assign a file security blob
1528 * @file: the object
1529 *
1530 * The security blob for a file is a pointer to the master
1531 * label list, so no allocation is done.
1532 *
5e7270a6
CS		 1533 * f_security is the owner security information. It
1534 * isn't used on file access checks, it's for send_sigio.
1535 *
e114e473
CS		 1536 * Returns 0
1537 */
1538static int smack_file_alloc_security(struct file *file)
1539{
2f823ff8
CS		 1540 struct smack_known *skp = smk_of_current();
1541
21c7eae2 1542 file->f_security = skp;
e114e473
CS		 1543 return 0;
1544}
1545
1546/**
1547 * smack_file_free_security - clear a file security blob
1548 * @file: the object
1549 *
1550 * The security blob for a file is a pointer to the master
1551 * label list, so no memory is freed.
1552 */
1553static void smack_file_free_security(struct file *file)
1554{
1555 file->f_security = NULL;
1556}
1557
1558/**
1559 * smack_file_ioctl - Smack check on ioctls
1560 * @file: the object
1561 * @cmd: what to do
1562 * @arg: unused
1563 *
1564 * Relies heavily on the correct use of the ioctl command conventions.
1565 *
1566 * Returns 0 if allowed, error code otherwise
1567 */
1568static int smack_file_ioctl(struct file *file, unsigned int cmd,
1569 unsigned long arg)
1570{
1571 int rc = 0;
ecfcc53f 1572 struct smk_audit_info ad;
5e7270a6 1573 struct inode *inode = file_inode(file);
ecfcc53f 1574
83a1e53f
SWK		 1575 if (unlikely(IS_PRIVATE(inode)))
1576 return 0;
1577
f48b7399 1578 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1579 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1580
d166c802 1581 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1582 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1583 rc = smk_bu_file(file, MAY_WRITE, rc);
1584 }
e114e473 1585
d166c802 1586 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1587 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1588 rc = smk_bu_file(file, MAY_READ, rc);
1589 }
e114e473
CS		 1590
1591 return rc;
1592}
1593
1594/**
1595 * smack_file_lock - Smack check on file locking
1596 * @file: the object
251a2a95 1597 * @cmd: unused
e114e473 1598 *
c0ab6e56 1599 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1600 */
1601static int smack_file_lock(struct file *file, unsigned int cmd)
1602{
ecfcc53f 1603 struct smk_audit_info ad;
d166c802 1604 int rc;
5e7270a6 1605 struct inode *inode = file_inode(file);
ecfcc53f 1606
83a1e53f
SWK		 1607 if (unlikely(IS_PRIVATE(inode)))
1608 return 0;
1609
92f42509
EP		 1610 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1611 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1612 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1613 rc = smk_bu_file(file, MAY_LOCK, rc);
1614 return rc;
e114e473
CS		 1615}
1616
1617/**
1618 * smack_file_fcntl - Smack check on fcntl
1619 * @file: the object
1620 * @cmd: what action to check
1621 * @arg: unused
1622 *
531f1d45
CS		 1623 * Generally these operations are harmless.
1624 * File locking operations present an obvious mechanism
1625 * for passing information, so they require write access.
1626 *
e114e473
CS		 1627 * Returns 0 if current has access, error code otherwise
1628 */
1629static int smack_file_fcntl(struct file *file, unsigned int cmd,
1630 unsigned long arg)
1631{
ecfcc53f 1632 struct smk_audit_info ad;
531f1d45 1633 int rc = 0;
5e7270a6 1634 struct inode *inode = file_inode(file);
ecfcc53f 1635
83a1e53f
SWK		 1636 if (unlikely(IS_PRIVATE(inode)))
1637 return 0;
1638
e114e473 1639 switch (cmd) {
e114e473 1640 case F_GETLK:
c0ab6e56 1641 break;
e114e473
CS		 1642 case F_SETLK:
1643 case F_SETLKW:
c0ab6e56
CS		 1644 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1645 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1646 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1647 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1648 break;
e114e473
CS		 1649 case F_SETOWN:
1650 case F_SETSIG:
531f1d45
CS		 1651 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1652 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1653 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1654 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1655 break;
1656 default:
531f1d45 1657 break;
e114e473
CS		 1658 }
1659
1660 return rc;
1661}
1662
7898e1f8 1663/**
e5467859 1664 * smack_mmap_file :
7898e1f8
CS		 1665 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1666 * if mapping anonymous memory.
1667 * @file contains the file structure for file to map (may be NULL).
1668 * @reqprot contains the protection requested by the application.
1669 * @prot contains the protection that will be applied by the kernel.
1670 * @flags contains the operational flags.
1671 * Return 0 if permission is granted.
1672 */
e5467859 1673static int smack_mmap_file(struct file *file,
7898e1f8 1674 unsigned long reqprot, unsigned long prot,
e5467859 1675 unsigned long flags)
7898e1f8 1676{
272cd7a8 1677 struct smack_known *skp;
2f823ff8 1678 struct smack_known *mkp;
7898e1f8
CS		 1679 struct smack_rule *srp;
1680 struct task_smack *tsp;
21c7eae2 1681 struct smack_known *okp;
7898e1f8 1682 struct inode_smack *isp;
809c02e0 1683 struct superblock_smack *sbsp;
0e0a070d
CS		 1684 int may;
1685 int mmay;
1686 int tmay;
7898e1f8
CS		 1687 int rc;
1688
496ad9aa 1689 if (file == NULL)
7898e1f8
CS		 1690 return 0;
1691
83a1e53f
SWK		 1692 if (unlikely(IS_PRIVATE(file_inode(file))))
1693 return 0;
1694
496ad9aa 1695 isp = file_inode(file)->i_security;
7898e1f8
CS		 1696 if (isp->smk_mmap == NULL)
1697 return 0;
809c02e0
SF		 1698 sbsp = file_inode(file)->i_sb->s_security;
1699 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1700 isp->smk_mmap != sbsp->smk_root)
1701 return -EACCES;
2f823ff8 1702 mkp = isp->smk_mmap;
7898e1f8
CS		 1703
1704 tsp = current_security();
2f823ff8 1705 skp = smk_of_current();
7898e1f8
CS		 1706 rc = 0;
1707
1708 rcu_read_lock();
1709 /*
1710 * For each Smack rule associated with the subject
1711 * label verify that the SMACK64MMAP also has access
1712 * to that rule's object label.
7898e1f8 1713 */
272cd7a8 1714 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1715 okp = srp->smk_object;
7898e1f8
CS		 1716 /*
1717 * Matching labels always allows access.
1718 */
21c7eae2 1719 if (mkp->smk_known == okp->smk_known)
7898e1f8 1720 continue;
0e0a070d
CS		 1721 /*
1722 * If there is a matching local rule take
1723 * that into account as well.
1724 */
21c7eae2
LP		 1725 may = smk_access_entry(srp->smk_subject->smk_known,
1726 okp->smk_known,
1727 &tsp->smk_rules);
0e0a070d
CS		 1728 if (may == -ENOENT)
1729 may = srp->smk_access;
1730 else
1731 may &= srp->smk_access;
1732 /*
1733 * If may is zero the SMACK64MMAP subject can't
1734 * possibly have less access.
1735 */
1736 if (may == 0)
1737 continue;
1738
1739 /*
1740 * Fetch the global list entry.
1741 * If there isn't one a SMACK64MMAP subject
1742 * can't have as much access as current.
1743 */
21c7eae2
LP		 1744 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1745 &mkp->smk_rules);
0e0a070d
CS		 1746 if (mmay == -ENOENT) {
1747 rc = -EACCES;
1748 break;
1749 }
1750 /*
1751 * If there is a local entry it modifies the
1752 * potential access, too.
1753 */
21c7eae2
LP		 1754 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1755 &tsp->smk_rules);
0e0a070d
CS		 1756 if (tmay != -ENOENT)
1757 mmay &= tmay;
7898e1f8 1758
0e0a070d
CS		 1759 /*
1760 * If there is any access available to current that is
1761 * not available to a SMACK64MMAP subject
1762 * deny access.
1763 */
75a25637 1764 if ((may | mmay) != mmay) {
0e0a070d 1765 rc = -EACCES;
7898e1f8 1766 break;
0e0a070d 1767 }
7898e1f8
CS		 1768 }
1769
1770 rcu_read_unlock();
1771
1772 return rc;
1773}
1774
e114e473
CS		 1775/**
1776 * smack_file_set_fowner - set the file security blob value
1777 * @file: object in question
1778 *
e114e473 1779 */
e0b93edd 1780static void smack_file_set_fowner(struct file *file)
e114e473 1781{
5e7270a6 1782 file->f_security = smk_of_current();
e114e473
CS		 1783}
1784
1785/**
1786 * smack_file_send_sigiotask - Smack on sigio
1787 * @tsk: The target task
1788 * @fown: the object the signal come from
1789 * @signum: unused
1790 *
1791 * Allow a privileged task to get signals even if it shouldn't
1792 *
1793 * Returns 0 if a subject with the object's smack could
1794 * write to the task, an error code otherwise.
1795 */
1796static int smack_file_send_sigiotask(struct task_struct *tsk,
1797 struct fown_struct *fown, int signum)
1798{
2f823ff8
CS		 1799 struct smack_known *skp;
1800 struct smack_known *tkp = smk_of_task(tsk->cred->security);
dcb569cf 1801 const struct cred *tcred;
e114e473
CS		 1802 struct file *file;
1803 int rc;
ecfcc53f 1804 struct smk_audit_info ad;
e114e473
CS		 1805
1806 /*
1807 * struct fown_struct is never outside the context of a struct file
1808 */
1809 file = container_of(fown, struct file, f_owner);
7898e1f8 1810
ecfcc53f 1811 /* we don't log here as rc can be overriden */
21c7eae2 1812 skp = file->f_security;
c60b9066
CS		 1813 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1814 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
dcb569cf
CS		 1815
1816 rcu_read_lock();
1817 tcred = __task_cred(tsk);
1818 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
ecfcc53f 1819 rc = 0;
dcb569cf 1820 rcu_read_unlock();
ecfcc53f
EB		 1821
1822 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1823 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1824 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1825 return rc;
1826}
1827
1828/**
1829 * smack_file_receive - Smack file receive check
1830 * @file: the object
1831 *
1832 * Returns 0 if current has access, error code otherwise
1833 */
1834static int smack_file_receive(struct file *file)
1835{
d166c802 1836 int rc;
e114e473 1837 int may = 0;
ecfcc53f 1838 struct smk_audit_info ad;
5e7270a6 1839 struct inode *inode = file_inode(file);
79be0935
CS		 1840 struct socket *sock;
1841 struct task_smack *tsp;
1842 struct socket_smack *ssp;
e114e473 1843
9777582e
SWK		 1844 if (unlikely(IS_PRIVATE(inode)))
1845 return 0;
1846
4482a44f 1847 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1848 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1849
51d59af2 1850 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935
CS		 1851 sock = SOCKET_I(inode);
1852 ssp = sock->sk->sk_security;
1853 tsp = current_security();
1854 /*
1855 * If the receiving process can't write to the
1856 * passed socket or if the passed socket can't
1857 * write to the receiving process don't accept
1858 * the passed socket.
1859 */
1860 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1861 rc = smk_bu_file(file, may, rc);
1862 if (rc < 0)
1863 return rc;
1864 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1865 rc = smk_bu_file(file, may, rc);
1866 return rc;
1867 }
e114e473
CS		 1868 /*
1869 * This code relies on bitmasks.
1870 */
1871 if (file->f_mode & FMODE_READ)
1872 may = MAY_READ;
1873 if (file->f_mode & FMODE_WRITE)
1874 may |= MAY_WRITE;
1875
5e7270a6 1876 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1877 rc = smk_bu_file(file, may, rc);
1878 return rc;
e114e473
CS		 1879}
1880
531f1d45 1881/**
83d49856 1882 * smack_file_open - Smack dentry open processing
531f1d45 1883 * @file: the object
a6834c0b 1884 * @cred: task credential
531f1d45
CS		 1885 *
1886 * Set the security blob in the file structure.
a6834c0b
CS		 1887 * Allow the open only if the task has read access. There are
1888 * many read operations (e.g. fstat) that you can do with an
1889 * fd even if you have the file open write-only.
531f1d45
CS		 1890 *
1891 * Returns 0
1892 */
94817692 1893static int smack_file_open(struct file *file)
531f1d45 1894{
94817692 1895 struct task_smack *tsp = file->f_cred->security;
5e7270a6 1896 struct inode *inode = file_inode(file);
a6834c0b
CS		 1897 struct smk_audit_info ad;
1898 int rc;
531f1d45 1899
a6834c0b
CS		 1900 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1901 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1902 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
94817692 1903 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
a6834c0b
CS		 1904
1905 return rc;
531f1d45
CS		 1906}
1907
e114e473
CS		 1908/*
1909 * Task hooks
1910 */
1911
ee18d64c
DH		 1912/**
1913 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1914 * @new: the new credentials
1915 * @gfp: the atomicity of any memory allocations
1916 *
1917 * Prepare a blank set of credentials for modification. This must allocate all
1918 * the memory the LSM module might require such that cred_transfer() can
1919 * complete without error.
1920 */
1921static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1922{
7898e1f8
CS		 1923 struct task_smack *tsp;
1924
1925 tsp = new_task_smack(NULL, NULL, gfp);
1926 if (tsp == NULL)
676dac4b 1927 return -ENOMEM;
7898e1f8
CS		 1928
1929 cred->security = tsp;
1930
ee18d64c
DH		 1931 return 0;
1932}
1933
1934
e114e473 1935/**
f1752eec
DH		 1936 * smack_cred_free - "free" task-level security credentials
1937 * @cred: the credentials in question
e114e473 1938 *
e114e473 1939 */
f1752eec 1940static void smack_cred_free(struct cred *cred)
e114e473 1941{
7898e1f8
CS		 1942 struct task_smack *tsp = cred->security;
1943 struct smack_rule *rp;
1944 struct list_head *l;
1945 struct list_head *n;
1946
1947 if (tsp == NULL)
1948 return;
1949 cred->security = NULL;
1950
38416e53
ZJ		 1951 smk_destroy_label_list(&tsp->smk_relabel);
1952
7898e1f8
CS		 1953 list_for_each_safe(l, n, &tsp->smk_rules) {
1954 rp = list_entry(l, struct smack_rule, list);
1955 list_del(&rp->list);
1956 kfree(rp);
1957 }
1958 kfree(tsp);
e114e473
CS		 1959}
1960
d84f4f99
DH		 1961/**
1962 * smack_cred_prepare - prepare new set of credentials for modification
1963 * @new: the new credentials
1964 * @old: the original credentials
1965 * @gfp: the atomicity of any memory allocations
1966 *
1967 * Prepare a new set of credentials for modification.
1968 */
1969static int smack_cred_prepare(struct cred *new, const struct cred *old,
1970 gfp_t gfp)
1971{
676dac4b
CS		 1972 struct task_smack *old_tsp = old->security;
1973 struct task_smack *new_tsp;
7898e1f8 1974 int rc;
676dac4b 1975
7898e1f8 1976 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
676dac4b
CS		 1977 if (new_tsp == NULL)
1978 return -ENOMEM;
1979
b437aba8
HS		 1980 new->security = new_tsp;
1981
7898e1f8
CS		 1982 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1983 if (rc != 0)
1984 return rc;
1985
38416e53
ZJ		 1986 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
1987 gfp);
1988 if (rc != 0)
1989 return rc;
1990
d84f4f99
DH		 1991 return 0;
1992}
1993
ee18d64c
DH		 1994/**
1995 * smack_cred_transfer - Transfer the old credentials to the new credentials
1996 * @new: the new credentials
1997 * @old: the original credentials
1998 *
1999 * Fill in a set of blank credentials from another set of credentials.
2000 */
2001static void smack_cred_transfer(struct cred *new, const struct cred *old)
2002{
676dac4b
CS		 2003 struct task_smack *old_tsp = old->security;
2004 struct task_smack *new_tsp = new->security;
2005
2006 new_tsp->smk_task = old_tsp->smk_task;
2007 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 2008 mutex_init(&new_tsp->smk_rules_lock);
2009 INIT_LIST_HEAD(&new_tsp->smk_rules);
2010
2011
2012 /* cbs copy rule list */
ee18d64c
DH		 2013}
2014
3ec30113
MG		 2015/**
2016 * smack_cred_getsecid - get the secid corresponding to a creds structure
2017 * @c: the object creds
2018 * @secid: where to put the result
2019 *
2020 * Sets the secid to contain a u32 version of the smack label.
2021 */
2022static void smack_cred_getsecid(const struct cred *c, u32 *secid)
2023{
2024 struct smack_known *skp;
2025
2026 rcu_read_lock();
2027 skp = smk_of_task(c->security);
2028 *secid = skp->smk_secid;
2029 rcu_read_unlock();
2030}
2031
3a3b7ce9
DH		 2032/**
2033 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2034 * @new: points to the set of credentials to be modified.
2035 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2036 *
2037 * Set the security data for a kernel service.
2038 */
2039static int smack_kernel_act_as(struct cred *new, u32 secid)
2040{
676dac4b 2041 struct task_smack *new_tsp = new->security;
3a3b7ce9 2042
152f91d4 2043 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2044 return 0;
2045}
2046
2047/**
2048 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2049 * @new: points to the set of credentials to be modified
2050 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2051 *
2052 * Set the file creation context in a set of credentials to the same
2053 * as the objective context of the specified inode
2054 */
2055static int smack_kernel_create_files_as(struct cred *new,
2056 struct inode *inode)
2057{
2058 struct inode_smack *isp = inode->i_security;
676dac4b 2059 struct task_smack *tsp = new->security;
3a3b7ce9 2060
21c7eae2 2061 tsp->smk_forked = isp->smk_inode;
2f823ff8 2062 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2063 return 0;
2064}
2065
ecfcc53f
EB		 2066/**
2067 * smk_curacc_on_task - helper to log task related access
2068 * @p: the task object
531f1d45
CS		 2069 * @access: the access requested
2070 * @caller: name of the calling function for audit
ecfcc53f
EB		 2071 *
2072 * Return 0 if access is permitted
2073 */
531f1d45
CS		 2074static int smk_curacc_on_task(struct task_struct *p, int access,
2075 const char *caller)
ecfcc53f
EB		 2076{
2077 struct smk_audit_info ad;
6d1cff2a 2078 struct smack_known *skp = smk_of_task_struct(p);
d166c802 2079 int rc;
ecfcc53f 2080
531f1d45 2081 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2082 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2083 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2084 rc = smk_bu_task(p, access, rc);
2085 return rc;
ecfcc53f
EB		 2086}
2087
e114e473
CS		 2088/**
2089 * smack_task_setpgid - Smack check on setting pgid
2090 * @p: the task object
2091 * @pgid: unused
2092 *
2093 * Return 0 if write access is permitted
2094 */
2095static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2096{
531f1d45 2097 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2098}
2099
2100/**
2101 * smack_task_getpgid - Smack access check for getpgid
2102 * @p: the object task
2103 *
2104 * Returns 0 if current can read the object task, error code otherwise
2105 */
2106static int smack_task_getpgid(struct task_struct *p)
2107{
531f1d45 2108 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2109}
2110
2111/**
2112 * smack_task_getsid - Smack access check for getsid
2113 * @p: the object task
2114 *
2115 * Returns 0 if current can read the object task, error code otherwise
2116 */
2117static int smack_task_getsid(struct task_struct *p)
2118{
531f1d45 2119 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2120}
2121
2122/**
2123 * smack_task_getsecid - get the secid of the task
2124 * @p: the object task
2125 * @secid: where to put the result
2126 *
2127 * Sets the secid to contain a u32 version of the smack label.
2128 */
2129static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2130{
6d1cff2a 2131 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 2132
2133 *secid = skp->smk_secid;
e114e473
CS		 2134}
2135
2136/**
2137 * smack_task_setnice - Smack check on setting nice
2138 * @p: the task object
2139 * @nice: unused
2140 *
2141 * Return 0 if write access is permitted
2142 */
2143static int smack_task_setnice(struct task_struct *p, int nice)
2144{
b1d9e6b0 2145 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2146}
2147
2148/**
2149 * smack_task_setioprio - Smack check on setting ioprio
2150 * @p: the task object
2151 * @ioprio: unused
2152 *
2153 * Return 0 if write access is permitted
2154 */
2155static int smack_task_setioprio(struct task_struct *p, int ioprio)
2156{
b1d9e6b0 2157 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2158}
2159
2160/**
2161 * smack_task_getioprio - Smack check on reading ioprio
2162 * @p: the task object
2163 *
2164 * Return 0 if read access is permitted
2165 */
2166static int smack_task_getioprio(struct task_struct *p)
2167{
531f1d45 2168 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2169}
2170
2171/**
2172 * smack_task_setscheduler - Smack check on setting scheduler
2173 * @p: the task object
2174 * @policy: unused
2175 * @lp: unused
2176 *
2177 * Return 0 if read access is permitted
2178 */
b0ae1981 2179static int smack_task_setscheduler(struct task_struct *p)
e114e473 2180{
b1d9e6b0 2181 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2182}
2183
2184/**
2185 * smack_task_getscheduler - Smack check on reading scheduler
2186 * @p: the task object
2187 *
2188 * Return 0 if read access is permitted
2189 */
2190static int smack_task_getscheduler(struct task_struct *p)
2191{
531f1d45 2192 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2193}
2194
2195/**
2196 * smack_task_movememory - Smack check on moving memory
2197 * @p: the task object
2198 *
2199 * Return 0 if write access is permitted
2200 */
2201static int smack_task_movememory(struct task_struct *p)
2202{
531f1d45 2203 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2204}
2205
2206/**
2207 * smack_task_kill - Smack check on signal delivery
2208 * @p: the task object
2209 * @info: unused
2210 * @sig: unused
6b4f3d01 2211 * @cred: identifies the cred to use in lieu of current's
e114e473
CS		 2212 *
2213 * Return 0 if write access is permitted
2214 *
e114e473 2215 */
ae7795bc 2216static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 2217 int sig, const struct cred *cred)
e114e473 2218{
ecfcc53f 2219 struct smk_audit_info ad;
2f823ff8 2220 struct smack_known *skp;
6d1cff2a 2221 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 2222 int rc;
ecfcc53f 2223
18d872f7
RK		 2224 if (!sig)
2225 return 0; /* null signal; existence test */
2226
ecfcc53f
EB		 2227 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2228 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2229 /*
2230 * Sending a signal requires that the sender
2231 * can write the receiver.
2232 */
6b4f3d01 2233 if (cred == NULL) {
c60b9066
CS		 2234 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2235 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2236 return rc;
2237 }
e114e473 2238 /*
6b4f3d01 2239 * If the cred isn't NULL we're dealing with some USB IO
e114e473
CS		 2240 * specific behavior. This is not clean. For one thing
2241 * we can't take privilege into account.
2242 */
6b4f3d01 2243 skp = smk_of_task(cred->security);
c60b9066
CS		 2244 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2245 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2246 return rc;
e114e473
CS		 2247}
2248
e114e473
CS		 2249/**
2250 * smack_task_to_inode - copy task smack into the inode blob
2251 * @p: task to copy from
251a2a95 2252 * @inode: inode to copy to
e114e473
CS		 2253 *
2254 * Sets the smack pointer in the inode security blob
2255 */
2256static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2257{
2258 struct inode_smack *isp = inode->i_security;
6d1cff2a 2259 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2260
21c7eae2 2261 isp->smk_inode = skp;
7b4e8843 2262 isp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2263}
2264
2265/*
2266 * Socket hooks.
2267 */
2268
2269/**
2270 * smack_sk_alloc_security - Allocate a socket blob
2271 * @sk: the socket
2272 * @family: unused
251a2a95 2273 * @gfp_flags: memory allocation flags
e114e473
CS		 2274 *
2275 * Assign Smack pointers to current
2276 *
2277 * Returns 0 on success, -ENOMEM is there's no memory
2278 */
2279static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2280{
2f823ff8 2281 struct smack_known *skp = smk_of_current();
e114e473
CS		 2282 struct socket_smack *ssp;
2283
2284 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2285 if (ssp == NULL)
2286 return -ENOMEM;
2287
08382c9f 2288 /*
2289 * Sockets created by kernel threads receive web label.
2290 */
2291 if (unlikely(current->flags & PF_KTHREAD)) {
2292 ssp->smk_in = &smack_known_web;
2293 ssp->smk_out = &smack_known_web;
2294 } else {
2295 ssp->smk_in = skp;
2296 ssp->smk_out = skp;
2297 }
272cd7a8 2298 ssp->smk_packet = NULL;
e114e473
CS		 2299
2300 sk->sk_security = ssp;
2301
2302 return 0;
2303}
2304
2305/**
2306 * smack_sk_free_security - Free a socket blob
2307 * @sk: the socket
2308 *
2309 * Clears the blob pointer
2310 */
2311static void smack_sk_free_security(struct sock *sk)
2312{
0c96d1f5
VG		 2313#ifdef SMACK_IPV6_PORT_LABELING
2314 struct smk_port_label *spp;
2315
2316 if (sk->sk_family == PF_INET6) {
2317 rcu_read_lock();
2318 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2319 if (spp->smk_sock != sk)
2320 continue;
2321 spp->smk_can_reuse = 1;
2322 break;
2323 }
2324 rcu_read_unlock();
2325 }
2326#endif
e114e473
CS		 2327 kfree(sk->sk_security);
2328}
2329
07feee8f 2330/**
21abb1ec 2331* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2332* @sip: the object end
2333*
2334* looks for host based access restrictions
2335*
2336* This version will only be appropriate for really small sets of single label
2337* hosts. The caller is responsible for ensuring that the RCU read lock is
2338* taken before calling this function.
2339*
2340* Returns the label of the far end or NULL if it's not special.
2341*/
21abb1ec 2342static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2343{
21abb1ec 2344 struct smk_net4addr *snp;
07feee8f
PM		 2345 struct in_addr *siap = &sip->sin_addr;
2346
2347 if (siap->s_addr == 0)
2348 return NULL;
2349
21abb1ec
CS		 2350 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2351 /*
2352 * we break after finding the first match because
2353 * the list is sorted from longest to shortest mask
2354 * so we have found the most specific match
2355 */
2356 if (snp->smk_host.s_addr ==
2357 (siap->s_addr & snp->smk_mask.s_addr))
2358 return snp->smk_label;
2359
2360 return NULL;
2361}
2362
2363#if IS_ENABLED(CONFIG_IPV6)
2364/*
2365 * smk_ipv6_localhost - Check for local ipv6 host address
2366 * @sip: the address
2367 *
2368 * Returns boolean true if this is the localhost address
2369 */
2370static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2371{
2372 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2373 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2374
2375 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2376 ntohs(be16p[7]) == 1)
2377 return true;
2378 return false;
2379}
2380
2381/**
2382* smack_ipv6host_label - check host based restrictions
2383* @sip: the object end
2384*
2385* looks for host based access restrictions
2386*
2387* This version will only be appropriate for really small sets of single label
2388* hosts. The caller is responsible for ensuring that the RCU read lock is
2389* taken before calling this function.
2390*
2391* Returns the label of the far end or NULL if it's not special.
2392*/
2393static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2394{
2395 struct smk_net6addr *snp;
2396 struct in6_addr *sap = &sip->sin6_addr;
2397 int i;
2398 int found = 0;
2399
2400 /*
2401 * It's local. Don't look for a host label.
2402 */
2403 if (smk_ipv6_localhost(sip))
2404 return NULL;
2405
2406 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2407 /*
2408 * If the label is NULL the entry has
2409 * been renounced. Ignore it.
2410 */
2411 if (snp->smk_label == NULL)
2412 continue;
07feee8f
PM		 2413 /*
2414 * we break after finding the first match because
2415 * the list is sorted from longest to shortest mask
2416 * so we have found the most specific match
2417 */
21abb1ec 2418 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2419 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2420 snp->smk_host.s6_addr16[i]) {
2421 found = 0;
2422 break;
2423 }
4303154e 2424 }
21abb1ec
CS		 2425 if (found)
2426 return snp->smk_label;
2427 }
07feee8f
PM		 2428
2429 return NULL;
2430}
21abb1ec 2431#endif /* CONFIG_IPV6 */
07feee8f 2432
e114e473
CS		 2433/**
2434 * smack_netlabel - Set the secattr on a socket
2435 * @sk: the socket
6d3dc07c 2436 * @labeled: socket label scheme
e114e473
CS		 2437 *
2438 * Convert the outbound smack value (smk_out) to a
2439 * secattr and attach it to the socket.
2440 *
2441 * Returns 0 on success or an error code
2442 */
6d3dc07c 2443static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2444{
f7112e6c 2445 struct smack_known *skp;
07feee8f 2446 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2447 int rc = 0;
e114e473 2448
6d3dc07c
CS		 2449 /*
2450 * Usually the netlabel code will handle changing the
2451 * packet labeling based on the label.
2452 * The case of a single label host is different, because
2453 * a single label host should never get a labeled packet
2454 * even though the label is usually associated with a packet
2455 * label.
2456 */
2457 local_bh_disable();
2458 bh_lock_sock_nested(sk);
2459
2460 if (ssp->smk_out == smack_net_ambient ||
2461 labeled == SMACK_UNLABELED_SOCKET)
2462 netlbl_sock_delattr(sk);
2463 else {
2f823ff8 2464 skp = ssp->smk_out;
f7112e6c 2465 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2466 }
2467
2468 bh_unlock_sock(sk);
2469 local_bh_enable();
4bc87e62 2470
e114e473
CS		 2471 return rc;
2472}
2473
07feee8f
PM		 2474/**
2475 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2476 * @sk: the socket
2477 * @sap: the destination address
2478 *
2479 * Set the correct secattr for the given socket based on the destination
2480 * address and perform any outbound access checks needed.
2481 *
2482 * Returns 0 on success or an error code.
2483 *
2484 */
2485static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2486{
2f823ff8 2487 struct smack_known *skp;
07feee8f
PM		 2488 int rc;
2489 int sk_lbl;
21c7eae2 2490 struct smack_known *hkp;
07feee8f 2491 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2492 struct smk_audit_info ad;
07feee8f
PM		 2493
2494 rcu_read_lock();
21abb1ec 2495 hkp = smack_ipv4host_label(sap);
21c7eae2 2496 if (hkp != NULL) {
ecfcc53f 2497#ifdef CONFIG_AUDIT
923e9a13
KC		 2498 struct lsm_network_audit net;
2499
48c62af6
EP		 2500 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2501 ad.a.u.net->family = sap->sin_family;
2502 ad.a.u.net->dport = sap->sin_port;
2503 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2504#endif
923e9a13 2505 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2506 skp = ssp->smk_out;
21c7eae2
LP		 2507 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2508 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2509 } else {
2510 sk_lbl = SMACK_CIPSO_SOCKET;
2511 rc = 0;
2512 }
2513 rcu_read_unlock();
2514 if (rc != 0)
2515 return rc;
2516
2517 return smack_netlabel(sk, sk_lbl);
2518}
2519
21abb1ec
CS		 2520#if IS_ENABLED(CONFIG_IPV6)
2521/**
2522 * smk_ipv6_check - check Smack access
2523 * @subject: subject Smack label
2524 * @object: object Smack label
2525 * @address: address
2526 * @act: the action being taken
2527 *
2528 * Check an IPv6 access
2529 */
2530static int smk_ipv6_check(struct smack_known *subject,
2531 struct smack_known *object,
2532 struct sockaddr_in6 *address, int act)
2533{
2534#ifdef CONFIG_AUDIT
2535 struct lsm_network_audit net;
2536#endif
2537 struct smk_audit_info ad;
2538 int rc;
2539
2540#ifdef CONFIG_AUDIT
2541 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2542 ad.a.u.net->family = PF_INET6;
2543 ad.a.u.net->dport = ntohs(address->sin6_port);
2544 if (act == SMK_RECEIVING)
2545 ad.a.u.net->v6info.saddr = address->sin6_addr;
2546 else
2547 ad.a.u.net->v6info.daddr = address->sin6_addr;
2548#endif
2549 rc = smk_access(subject, object, MAY_WRITE, &ad);
2550 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2551 return rc;
2552}
2553#endif /* CONFIG_IPV6 */
2554
2555#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2556/**
2557 * smk_ipv6_port_label - Smack port access table management
2558 * @sock: socket
2559 * @address: address
2560 *
2561 * Create or update the port list entry
2562 */
2563static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2564{
2565 struct sock *sk = sock->sk;
2566 struct sockaddr_in6 *addr6;
2567 struct socket_smack *ssp = sock->sk->sk_security;
2568 struct smk_port_label *spp;
2569 unsigned short port = 0;
2570
2571 if (address == NULL) {
2572 /*
2573 * This operation is changing the Smack information
2574 * on the bound socket. Take the changes to the port
2575 * as well.
2576 */
3c7ce342
VG		 2577 rcu_read_lock();
2578 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2579 if (sk != spp->smk_sock)
2580 continue;
2581 spp->smk_in = ssp->smk_in;
2582 spp->smk_out = ssp->smk_out;
3c7ce342 2583 rcu_read_unlock();
c6739443
CS		 2584 return;
2585 }
2586 /*
2587 * A NULL address is only used for updating existing
2588 * bound entries. If there isn't one, it's OK.
2589 */
3c7ce342 2590 rcu_read_unlock();
c6739443
CS		 2591 return;
2592 }
2593
2594 addr6 = (struct sockaddr_in6 *)address;
2595 port = ntohs(addr6->sin6_port);
2596 /*
2597 * This is a special case that is safely ignored.
2598 */
2599 if (port == 0)
2600 return;
2601
2602 /*
2603 * Look for an existing port list entry.
2604 * This is an indication that a port is getting reused.
2605 */
3c7ce342
VG		 2606 rcu_read_lock();
2607 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2608 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2609 continue;
0c96d1f5
VG		 2610 if (spp->smk_can_reuse != 1) {
2611 rcu_read_unlock();
2612 return;
2613 }
c6739443
CS		 2614 spp->smk_port = port;
2615 spp->smk_sock = sk;
2616 spp->smk_in = ssp->smk_in;
2617 spp->smk_out = ssp->smk_out;
0c96d1f5 2618 spp->smk_can_reuse = 0;
3c7ce342 2619 rcu_read_unlock();
c6739443
CS		 2620 return;
2621 }
3c7ce342 2622 rcu_read_unlock();
c6739443
CS		 2623 /*
2624 * A new port entry is required.
2625 */
2626 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2627 if (spp == NULL)
2628 return;
2629
2630 spp->smk_port = port;
2631 spp->smk_sock = sk;
2632 spp->smk_in = ssp->smk_in;
2633 spp->smk_out = ssp->smk_out;
9d44c973 2634 spp->smk_sock_type = sock->type;
0c96d1f5 2635 spp->smk_can_reuse = 0;
c6739443 2636
3c7ce342
VG		 2637 mutex_lock(&smack_ipv6_lock);
2638 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2639 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2640 return;
2641}
2642
2643/**
2644 * smk_ipv6_port_check - check Smack port access
2645 * @sock: socket
2646 * @address: address
2647 *
2648 * Create or update the port list entry
2649 */
6ea06247 2650static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2651 int act)
2652{
c6739443
CS		 2653 struct smk_port_label *spp;
2654 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2655 struct smack_known *skp = NULL;
2656 unsigned short port;
21c7eae2 2657 struct smack_known *object;
c6739443
CS		 2658
2659 if (act == SMK_RECEIVING) {
21abb1ec 2660 skp = smack_ipv6host_label(address);
21c7eae2 2661 object = ssp->smk_in;
c6739443 2662 } else {
2f823ff8 2663 skp = ssp->smk_out;
21abb1ec 2664 object = smack_ipv6host_label(address);
c6739443
CS		 2665 }
2666
2667 /*
21abb1ec 2668 * The other end is a single label host.
c6739443 2669 */
21abb1ec
CS		 2670 if (skp != NULL && object != NULL)
2671 return smk_ipv6_check(skp, object, address, act);
2672 if (skp == NULL)
2673 skp = smack_net_ambient;
2674 if (object == NULL)
2675 object = smack_net_ambient;
c6739443
CS		 2676
2677 /*
2678 * It's remote, so port lookup does no good.
2679 */
21abb1ec
CS		 2680 if (!smk_ipv6_localhost(address))
2681 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2682
2683 /*
2684 * It's local so the send check has to have passed.
2685 */
21abb1ec
CS		 2686 if (act == SMK_RECEIVING)
2687 return 0;
c6739443 2688
21abb1ec 2689 port = ntohs(address->sin6_port);
3c7ce342
VG		 2690 rcu_read_lock();
2691 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2692 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2693 continue;
21c7eae2 2694 object = spp->smk_in;
c6739443 2695 if (act == SMK_CONNECTING)
54e70ec5 2696 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2697 break;
2698 }
3c7ce342 2699 rcu_read_unlock();
c6739443 2700
21abb1ec 2701 return smk_ipv6_check(skp, object, address, act);
c6739443 2702}
21abb1ec 2703#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2704
e114e473
CS		 2705/**
2706 * smack_inode_setsecurity - set smack xattrs
2707 * @inode: the object
2708 * @name: attribute name
2709 * @value: attribute value
2710 * @size: size of the attribute
2711 * @flags: unused
2712 *
2713 * Sets the named attribute in the appropriate blob
2714 *
2715 * Returns 0 on success, or an error code
2716 */
2717static int smack_inode_setsecurity(struct inode *inode, const char *name,
2718 const void *value, size_t size, int flags)
2719{
2f823ff8 2720 struct smack_known *skp;
e114e473
CS		 2721 struct inode_smack *nsp = inode->i_security;
2722 struct socket_smack *ssp;
2723 struct socket *sock;
4bc87e62 2724 int rc = 0;
e114e473 2725
f7112e6c 2726 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2727 return -EINVAL;
e114e473 2728
2f823ff8 2729 skp = smk_import_entry(value, size);
e774ad68
LP		 2730 if (IS_ERR(skp))
2731 return PTR_ERR(skp);
e114e473
CS		 2732
2733 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2734 nsp->smk_inode = skp;
ddd29ec6 2735 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2736 return 0;
2737 }
2738 /*
2739 * The rest of the Smack xattrs are only on sockets.
2740 */
2741 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2742 return -EOPNOTSUPP;
2743
2744 sock = SOCKET_I(inode);
2e1d146a 2745 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2746 return -EOPNOTSUPP;
2747
2748 ssp = sock->sk->sk_security;
2749
2750 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2751 ssp->smk_in = skp;
e114e473 2752 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2753 ssp->smk_out = skp;
c6739443 2754 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2755 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2756 if (rc != 0)
2757 printk(KERN_WARNING
2758 "Smack: \"%s\" netlbl error %d.\n",
2759 __func__, -rc);
2760 }
e114e473
CS		 2761 } else
2762 return -EOPNOTSUPP;
2763
21abb1ec 2764#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2765 if (sock->sk->sk_family == PF_INET6)
2766 smk_ipv6_port_label(sock, NULL);
21abb1ec 2767#endif
c6739443 2768
e114e473
CS		 2769 return 0;
2770}
2771
2772/**
2773 * smack_socket_post_create - finish socket setup
2774 * @sock: the socket
2775 * @family: protocol family
2776 * @type: unused
2777 * @protocol: unused
2778 * @kern: unused
2779 *
2780 * Sets the netlabel information on the socket
2781 *
2782 * Returns 0 on success, and error code otherwise
2783 */
2784static int smack_socket_post_create(struct socket *sock, int family,
2785 int type, int protocol, int kern)
2786{
7412301b
ML		 2787 struct socket_smack *ssp;
2788
2789 if (sock->sk == NULL)
2790 return 0;
2791
2792 /*
2793 * Sockets created by kernel threads receive web label.
2794 */
2795 if (unlikely(current->flags & PF_KTHREAD)) {
2796 ssp = sock->sk->sk_security;
2797 ssp->smk_in = &smack_known_web;
2798 ssp->smk_out = &smack_known_web;
2799 }
2800
2801 if (family != PF_INET)
e114e473
CS		 2802 return 0;
2803 /*
2804 * Set the outbound netlbl.
2805 */
6d3dc07c
CS		 2806 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2807}
2808
5859cdf5
TG		 2809/**
2810 * smack_socket_socketpair - create socket pair
2811 * @socka: one socket
2812 * @sockb: another socket
2813 *
2814 * Cross reference the peer labels for SO_PEERSEC
2815 *
2816 * Returns 0 on success, and error code otherwise
2817 */
2818static int smack_socket_socketpair(struct socket *socka,
2819 struct socket *sockb)
2820{
2821 struct socket_smack *asp = socka->sk->sk_security;
2822 struct socket_smack *bsp = sockb->sk->sk_security;
2823
2824 asp->smk_packet = bsp->smk_out;
2825 bsp->smk_packet = asp->smk_out;
2826
2827 return 0;
2828}
2829
21abb1ec 2830#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2831/**
2832 * smack_socket_bind - record port binding information.
2833 * @sock: the socket
2834 * @address: the port address
2835 * @addrlen: size of the address
2836 *
2837 * Records the label bound to a port.
2838 *
2839 * Returns 0
2840 */
2841static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2842 int addrlen)
2843{
2844 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2845 smk_ipv6_port_label(sock, address);
c6739443
CS		 2846 return 0;
2847}
21abb1ec 2848#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2849
6d3dc07c
CS		 2850/**
2851 * smack_socket_connect - connect access check
2852 * @sock: the socket
2853 * @sap: the other end
2854 * @addrlen: size of sap
2855 *
2856 * Verifies that a connection may be possible
2857 *
2858 * Returns 0 on success, and error code otherwise
2859 */
2860static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2861 int addrlen)
2862{
c6739443 2863 int rc = 0;
21abb1ec
CS		 2864#if IS_ENABLED(CONFIG_IPV6)
2865 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2866#endif
2867#ifdef SMACK_IPV6_SECMARK_LABELING
2868 struct smack_known *rsp;
da49b5da 2869 struct socket_smack *ssp;
21abb1ec 2870#endif
c6739443
CS		 2871
2872 if (sock->sk == NULL)
6d3dc07c 2873 return 0;
6d3dc07c 2874
da49b5da
VG		 2875#ifdef SMACK_IPV6_SECMARK_LABELING
2876 ssp = sock->sk->sk_security;
2877#endif
2878
c6739443
CS		 2879 switch (sock->sk->sk_family) {
2880 case PF_INET:
2881 if (addrlen < sizeof(struct sockaddr_in))
2882 return -EINVAL;
2883 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2884 break;
2885 case PF_INET6:
2886 if (addrlen < sizeof(struct sockaddr_in6))
2887 return -EINVAL;
21abb1ec
CS		 2888#ifdef SMACK_IPV6_SECMARK_LABELING
2889 rsp = smack_ipv6host_label(sip);
2890 if (rsp != NULL)
2891 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
6ea06247 2892 SMK_CONNECTING);
21abb1ec
CS		 2893#endif
2894#ifdef SMACK_IPV6_PORT_LABELING
2895 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2896#endif
c6739443
CS		 2897 break;
2898 }
2899 return rc;
e114e473
CS		 2900}
2901
2902/**
2903 * smack_flags_to_may - convert S_ to MAY_ values
2904 * @flags: the S_ value
2905 *
2906 * Returns the equivalent MAY_ value
2907 */
2908static int smack_flags_to_may(int flags)
2909{
2910 int may = 0;
2911
2912 if (flags & S_IRUGO)
2913 may |= MAY_READ;
2914 if (flags & S_IWUGO)
2915 may |= MAY_WRITE;
2916 if (flags & S_IXUGO)
2917 may |= MAY_EXEC;
2918
2919 return may;
2920}
2921
2922/**
2923 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2924 * @msg: the object
2925 *
2926 * Returns 0
2927 */
2928static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2929{
2f823ff8
CS		 2930 struct smack_known *skp = smk_of_current();
2931
21c7eae2 2932 msg->security = skp;
e114e473
CS		 2933 return 0;
2934}
2935
2936/**
2937 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2938 * @msg: the object
2939 *
2940 * Clears the blob pointer
2941 */
2942static void smack_msg_msg_free_security(struct msg_msg *msg)
2943{
2944 msg->security = NULL;
2945}
2946
2947/**
0d79cbf8
EB		 2948 * smack_of_ipc - the smack pointer for the ipc
2949 * @isp: the object
e114e473
CS		 2950 *
2951 * Returns a pointer to the smack value
2952 */
0d79cbf8 2953static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
e114e473 2954{
0d79cbf8 2955 return (struct smack_known *)isp->security;
e114e473
CS		 2956}
2957
2958/**
0d79cbf8
EB		 2959 * smack_ipc_alloc_security - Set the security blob for ipc
2960 * @isp: the object
e114e473
CS		 2961 *
2962 * Returns 0
2963 */
0d79cbf8 2964static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
e114e473 2965{
2f823ff8 2966 struct smack_known *skp = smk_of_current();
e114e473 2967
21c7eae2 2968 isp->security = skp;
e114e473
CS		 2969 return 0;
2970}
2971
2972/**
0d79cbf8
EB		 2973 * smack_ipc_free_security - Clear the security blob for ipc
2974 * @isp: the object
e114e473
CS		 2975 *
2976 * Clears the blob pointer
2977 */
0d79cbf8 2978static void smack_ipc_free_security(struct kern_ipc_perm *isp)
e114e473 2979{
e114e473
CS		 2980 isp->security = NULL;
2981}
2982
ecfcc53f
EB		 2983/**
2984 * smk_curacc_shm : check if current has access on shm
0d79cbf8 2985 * @isp : the object
ecfcc53f
EB		 2986 * @access : access requested
2987 *
2988 * Returns 0 if current has the requested access, error code otherwise
2989 */
0d79cbf8 2990static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
ecfcc53f 2991{
0d79cbf8 2992 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 2993 struct smk_audit_info ad;
d166c802 2994 int rc;
ecfcc53f
EB		 2995
2996#ifdef CONFIG_AUDIT
2997 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 2998 ad.a.u.ipc_id = isp->id;
ecfcc53f 2999#endif
d166c802
CS		 3000 rc = smk_curacc(ssp, access, &ad);
3001 rc = smk_bu_current("shm", ssp, access, rc);
3002 return rc;
ecfcc53f
EB		 3003}
3004
e114e473
CS		 3005/**
3006 * smack_shm_associate - Smack access check for shm
0d79cbf8 3007 * @isp: the object
e114e473
CS		 3008 * @shmflg: access requested
3009 *
3010 * Returns 0 if current has the requested access, error code otherwise
3011 */
0d79cbf8 3012static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
e114e473 3013{
e114e473
CS		 3014 int may;
3015
3016 may = smack_flags_to_may(shmflg);
0d79cbf8 3017 return smk_curacc_shm(isp, may);
e114e473
CS		 3018}
3019
3020/**
3021 * smack_shm_shmctl - Smack access check for shm
0d79cbf8 3022 * @isp: the object
e114e473
CS		 3023 * @cmd: what it wants to do
3024 *
3025 * Returns 0 if current has the requested access, error code otherwise
3026 */
0d79cbf8 3027static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3028{
e114e473
CS		 3029 int may;
3030
3031 switch (cmd) {
3032 case IPC_STAT:
3033 case SHM_STAT:
c21a6970 3034 case SHM_STAT_ANY:
e114e473
CS		 3035 may = MAY_READ;
3036 break;
3037 case IPC_SET:
3038 case SHM_LOCK:
3039 case SHM_UNLOCK:
3040 case IPC_RMID:
3041 may = MAY_READWRITE;
3042 break;
3043 case IPC_INFO:
3044 case SHM_INFO:
3045 /*
3046 * System level information.
3047 */
3048 return 0;
3049 default:
3050 return -EINVAL;
3051 }
0d79cbf8 3052 return smk_curacc_shm(isp, may);
e114e473
CS		 3053}
3054
3055/**
3056 * smack_shm_shmat - Smack access for shmat
0d79cbf8 3057 * @isp: the object
e114e473
CS		 3058 * @shmaddr: unused
3059 * @shmflg: access requested
3060 *
3061 * Returns 0 if current has the requested access, error code otherwise
3062 */
0d79cbf8 3063static int smack_shm_shmat(struct kern_ipc_perm *ipc, char __user *shmaddr,
e114e473
CS		 3064 int shmflg)
3065{
e114e473
CS		 3066 int may;
3067
3068 may = smack_flags_to_may(shmflg);
0d79cbf8 3069 return smk_curacc_shm(ipc, may);
e114e473
CS		 3070}
3071
ecfcc53f
EB		 3072/**
3073 * smk_curacc_sem : check if current has access on sem
0d79cbf8 3074 * @isp : the object
ecfcc53f
EB		 3075 * @access : access requested
3076 *
3077 * Returns 0 if current has the requested access, error code otherwise
3078 */
0d79cbf8 3079static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
ecfcc53f 3080{
0d79cbf8 3081 struct smack_known *ssp = smack_of_ipc(isp);
ecfcc53f 3082 struct smk_audit_info ad;
d166c802 3083 int rc;
ecfcc53f
EB		 3084
3085#ifdef CONFIG_AUDIT
3086 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3087 ad.a.u.ipc_id = isp->id;
ecfcc53f 3088#endif
d166c802
CS		 3089 rc = smk_curacc(ssp, access, &ad);
3090 rc = smk_bu_current("sem", ssp, access, rc);
3091 return rc;
ecfcc53f
EB		 3092}
3093
e114e473
CS		 3094/**
3095 * smack_sem_associate - Smack access check for sem
0d79cbf8 3096 * @isp: the object
e114e473
CS		 3097 * @semflg: access requested
3098 *
3099 * Returns 0 if current has the requested access, error code otherwise
3100 */
0d79cbf8 3101static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
e114e473 3102{
e114e473
CS		 3103 int may;
3104
3105 may = smack_flags_to_may(semflg);
0d79cbf8 3106 return smk_curacc_sem(isp, may);
e114e473
CS		 3107}
3108
3109/**
3110 * smack_sem_shmctl - Smack access check for sem
0d79cbf8 3111 * @isp: the object
e114e473
CS		 3112 * @cmd: what it wants to do
3113 *
3114 * Returns 0 if current has the requested access, error code otherwise
3115 */
0d79cbf8 3116static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3117{
e114e473
CS		 3118 int may;
3119
3120 switch (cmd) {
3121 case GETPID:
3122 case GETNCNT:
3123 case GETZCNT:
3124 case GETVAL:
3125 case GETALL:
3126 case IPC_STAT:
3127 case SEM_STAT:
a280d6dc 3128 case SEM_STAT_ANY:
e114e473
CS		 3129 may = MAY_READ;
3130 break;
3131 case SETVAL:
3132 case SETALL:
3133 case IPC_RMID:
3134 case IPC_SET:
3135 may = MAY_READWRITE;
3136 break;
3137 case IPC_INFO:
3138 case SEM_INFO:
3139 /*
3140 * System level information
3141 */
3142 return 0;
3143 default:
3144 return -EINVAL;
3145 }
3146
0d79cbf8 3147 return smk_curacc_sem(isp, may);
e114e473
CS		 3148}
3149
3150/**
3151 * smack_sem_semop - Smack checks of semaphore operations
0d79cbf8 3152 * @isp: the object
e114e473
CS		 3153 * @sops: unused
3154 * @nsops: unused
3155 * @alter: unused
3156 *
3157 * Treated as read and write in all cases.
3158 *
3159 * Returns 0 if access is allowed, error code otherwise
3160 */
0d79cbf8 3161static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
e114e473
CS		 3162 unsigned nsops, int alter)
3163{
0d79cbf8 3164 return smk_curacc_sem(isp, MAY_READWRITE);
e114e473
CS		 3165}
3166
ecfcc53f
EB		 3167/**
3168 * smk_curacc_msq : helper to check if current has access on msq
0d79cbf8 3169 * @isp : the msq
ecfcc53f
EB		 3170 * @access : access requested
3171 *
3172 * return 0 if current has access, error otherwise
3173 */
0d79cbf8 3174static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
ecfcc53f 3175{
0d79cbf8 3176 struct smack_known *msp = smack_of_ipc(isp);
ecfcc53f 3177 struct smk_audit_info ad;
d166c802 3178 int rc;
ecfcc53f
EB		 3179
3180#ifdef CONFIG_AUDIT
3181 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
0d79cbf8 3182 ad.a.u.ipc_id = isp->id;
ecfcc53f 3183#endif
d166c802
CS		 3184 rc = smk_curacc(msp, access, &ad);
3185 rc = smk_bu_current("msq", msp, access, rc);
3186 return rc;
ecfcc53f
EB		 3187}
3188
e114e473
CS		 3189/**
3190 * smack_msg_queue_associate - Smack access check for msg_queue
0d79cbf8 3191 * @isp: the object
e114e473
CS		 3192 * @msqflg: access requested
3193 *
3194 * Returns 0 if current has the requested access, error code otherwise
3195 */
0d79cbf8 3196static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
e114e473 3197{
e114e473
CS		 3198 int may;
3199
3200 may = smack_flags_to_may(msqflg);
0d79cbf8 3201 return smk_curacc_msq(isp, may);
e114e473
CS		 3202}
3203
3204/**
3205 * smack_msg_queue_msgctl - Smack access check for msg_queue
0d79cbf8 3206 * @isp: the object
e114e473
CS		 3207 * @cmd: what it wants to do
3208 *
3209 * Returns 0 if current has the requested access, error code otherwise
3210 */
0d79cbf8 3211static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
e114e473 3212{
e114e473
CS		 3213 int may;
3214
3215 switch (cmd) {
3216 case IPC_STAT:
3217 case MSG_STAT:
23c8cec8 3218 case MSG_STAT_ANY:
e114e473
CS		 3219 may = MAY_READ;
3220 break;
3221 case IPC_SET:
3222 case IPC_RMID:
3223 may = MAY_READWRITE;
3224 break;
3225 case IPC_INFO:
3226 case MSG_INFO:
3227 /*
3228 * System level information
3229 */
3230 return 0;
3231 default:
3232 return -EINVAL;
3233 }
3234
0d79cbf8 3235 return smk_curacc_msq(isp, may);
e114e473
CS		 3236}
3237
3238/**
3239 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3240 * @isp: the object
e114e473
CS		 3241 * @msg: unused
3242 * @msqflg: access requested
3243 *
3244 * Returns 0 if current has the requested access, error code otherwise
3245 */
0d79cbf8 3246static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3247 int msqflg)
3248{
ecfcc53f 3249 int may;
e114e473 3250
ecfcc53f 3251 may = smack_flags_to_may(msqflg);
0d79cbf8 3252 return smk_curacc_msq(isp, may);
e114e473
CS		 3253}
3254
3255/**
3256 * smack_msg_queue_msgsnd - Smack access check for msg_queue
0d79cbf8 3257 * @isp: the object
e114e473
CS		 3258 * @msg: unused
3259 * @target: unused
3260 * @type: unused
3261 * @mode: unused
3262 *
3263 * Returns 0 if current has read and write access, error code otherwise
3264 */
0d79cbf8 3265static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp, struct msg_msg *msg,
e114e473
CS		 3266 struct task_struct *target, long type, int mode)
3267{
0d79cbf8 3268 return smk_curacc_msq(isp, MAY_READWRITE);
e114e473
CS		 3269}
3270
3271/**
3272 * smack_ipc_permission - Smack access for ipc_permission()
3273 * @ipp: the object permissions
3274 * @flag: access requested
3275 *
3276 * Returns 0 if current has read and write access, error code otherwise
3277 */
3278static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3279{
21c7eae2 3280 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 3281 int may = smack_flags_to_may(flag);
3282 struct smk_audit_info ad;
d166c802 3283 int rc;
e114e473 3284
ecfcc53f
EB		 3285#ifdef CONFIG_AUDIT
3286 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3287 ad.a.u.ipc_id = ipp->id;
3288#endif
21c7eae2
LP		 3289 rc = smk_curacc(iskp, may, &ad);
3290 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3291 return rc;
e114e473
CS		 3292}
3293
d20bdda6
AD		 3294/**
3295 * smack_ipc_getsecid - Extract smack security id
251a2a95 3296 * @ipp: the object permissions
d20bdda6
AD		 3297 * @secid: where result will be saved
3298 */
3299static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3300{
21c7eae2 3301 struct smack_known *iskp = ipp->security;
d20bdda6 3302
21c7eae2 3303 *secid = iskp->smk_secid;
d20bdda6
AD		 3304}
3305
e114e473
CS		 3306/**
3307 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3308 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3309 * @inode: the object
3310 *
3311 * Set the inode's security blob if it hasn't been done already.
3312 */
3313static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3314{
3315 struct super_block *sbp;
3316 struct superblock_smack *sbsp;
3317 struct inode_smack *isp;
2f823ff8
CS		 3318 struct smack_known *skp;
3319 struct smack_known *ckp = smk_of_current();
21c7eae2 3320 struct smack_known *final;
5c6d1125
JS		 3321 char trattr[TRANS_TRUE_SIZE];
3322 int transflag = 0;
2267b13a 3323 int rc;
e114e473
CS		 3324 struct dentry *dp;
3325
3326 if (inode == NULL)
3327 return;
3328
3329 isp = inode->i_security;
3330
3331 mutex_lock(&isp->smk_lock);
3332 /*
3333 * If the inode is already instantiated
3334 * take the quick way out
3335 */
3336 if (isp->smk_flags & SMK_INODE_INSTANT)
3337 goto unlockandout;
3338
3339 sbp = inode->i_sb;
3340 sbsp = sbp->s_security;
3341 /*
3342 * We're going to use the superblock default label
3343 * if there's no label on the file.
3344 */
3345 final = sbsp->smk_default;
3346
e97dcb0e
CS		 3347 /*
3348 * If this is the root inode the superblock
3349 * may be in the process of initialization.
3350 * If that is the case use the root value out
3351 * of the superblock.
3352 */
3353 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3354 switch (sbp->s_magic) {
3355 case CGROUP_SUPER_MAGIC:
58c442f3 3356 case CGROUP2_SUPER_MAGIC:
36ea735b
CS		 3357 /*
3358 * The cgroup filesystem is never mounted,
3359 * so there's no opportunity to set the mount
3360 * options.
3361 */
21c7eae2
LP		 3362 sbsp->smk_root = &smack_known_star;
3363 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3364 isp->smk_inode = sbsp->smk_root;
3365 break;
3366 case TMPFS_MAGIC:
3367 /*
3368 * What about shmem/tmpfs anonymous files with dentry
3369 * obtained from d_alloc_pseudo()?
3370 */
3371 isp->smk_inode = smk_of_current();
3372 break;
8da4aba5
RK		 3373 case PIPEFS_MAGIC:
3374 isp->smk_inode = smk_of_current();
3375 break;
805b65a8
RK		 3376 case SOCKFS_MAGIC:
3377 /*
3378 * Socket access is controlled by the socket
3379 * structures associated with the task involved.
3380 */
3381 isp->smk_inode = &smack_known_star;
3382 break;
1d8c2326
ŁS		 3383 default:
3384 isp->smk_inode = sbsp->smk_root;
3385 break;
36ea735b 3386 }
e97dcb0e
CS		 3387 isp->smk_flags |= SMK_INODE_INSTANT;
3388 goto unlockandout;
3389 }
3390
e114e473
CS		 3391 /*
3392 * This is pretty hackish.
3393 * Casey says that we shouldn't have to do
3394 * file system specific code, but it does help
3395 * with keeping it simple.
3396 */
3397 switch (sbp->s_magic) {
3398 case SMACK_MAGIC:
36ea735b 3399 case CGROUP_SUPER_MAGIC:
58c442f3 3400 case CGROUP2_SUPER_MAGIC:
e114e473 3401 /*
25985edc 3402 * Casey says that it's a little embarrassing
e114e473
CS		 3403 * that the smack file system doesn't do
3404 * extended attributes.
36ea735b 3405 *
36ea735b 3406 * Cgroupfs is special
e114e473 3407 */
21c7eae2 3408 final = &smack_known_star;
e114e473
CS		 3409 break;
3410 case DEVPTS_SUPER_MAGIC:
3411 /*
3412 * devpts seems content with the label of the task.
3413 * Programs that change smack have to treat the
3414 * pty with respect.
3415 */
21c7eae2 3416 final = ckp;
e114e473 3417 break;
e114e473
CS		 3418 case PROC_SUPER_MAGIC:
3419 /*
3420 * Casey says procfs appears not to care.
3421 * The superblock default suffices.
3422 */
3423 break;
3424 case TMPFS_MAGIC:
3425 /*
3426 * Device labels should come from the filesystem,
3427 * but watch out, because they're volitile,
3428 * getting recreated on every reboot.
3429 */
21c7eae2 3430 final = &smack_known_star;
e114e473 3431 /*
b1fed3ed 3432 * Fall through.
e114e473
CS		 3433 *
3434 * If a smack value has been set we want to use it,
3435 * but since tmpfs isn't giving us the opportunity
3436 * to set mount options simulate setting the
3437 * superblock default.
3438 */
3439 default:
3440 /*
3441 * This isn't an understood special case.
3442 * Get the value from the xattr.
b4e0d5f0
CS		 3443 */
3444
3445 /*
3446 * UNIX domain sockets use lower level socket data.
3447 */
3448 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3449 final = &smack_known_star;
b4e0d5f0
CS		 3450 break;
3451 }
3452 /*
e114e473
CS		 3453 * No xattr support means, alas, no SMACK label.
3454 * Use the aforeapplied default.
3455 * It would be curious if the label of the task
3456 * does not match that assigned.
3457 */
5d6c3191
AG		 3458 if (!(inode->i_opflags & IOP_XATTR))
3459 break;
e114e473
CS		 3460 /*
3461 * Get the dentry for xattr.
3462 */
3e62cbb8 3463 dp = dget(opt_dentry);
2f823ff8 3464 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3465 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3466 final = skp;
2267b13a
CS		 3467
3468 /*
3469 * Transmuting directory
3470 */
3471 if (S_ISDIR(inode->i_mode)) {
3472 /*
3473 * If this is a new directory and the label was
3474 * transmuted when the inode was initialized
3475 * set the transmute attribute on the directory
3476 * and mark the inode.
3477 *
3478 * If there is a transmute attribute on the
3479 * directory mark the inode.
3480 */
3481 if (isp->smk_flags & SMK_INODE_CHANGED) {
3482 isp->smk_flags &= ~SMK_INODE_CHANGED;
5d6c3191 3483 rc = __vfs_setxattr(dp, inode,
5c6d1125 3484 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3485 TRANS_TRUE, TRANS_TRUE_SIZE,
3486 0);
3487 } else {
5d6c3191 3488 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3489 XATTR_NAME_SMACKTRANSMUTE, trattr,
3490 TRANS_TRUE_SIZE);
3491 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3492 TRANS_TRUE_SIZE) != 0)
3493 rc = -EINVAL;
5c6d1125 3494 }
2267b13a
CS		 3495 if (rc >= 0)
3496 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3497 }
809c02e0
SF		 3498 /*
3499 * Don't let the exec or mmap label be "*" or "@".
3500 */
3501 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3502 if (IS_ERR(skp) || skp == &smack_known_star ||
3503 skp == &smack_known_web)
3504 skp = NULL;
3505 isp->smk_task = skp;
e774ad68 3506
19760ad0 3507 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3508 if (IS_ERR(skp) || skp == &smack_known_star ||
3509 skp == &smack_known_web)
19760ad0
CS		 3510 skp = NULL;
3511 isp->smk_mmap = skp;
676dac4b 3512
e114e473
CS		 3513 dput(dp);
3514 break;
3515 }
3516
3517 if (final == NULL)
21c7eae2 3518 isp->smk_inode = ckp;
e114e473
CS		 3519 else
3520 isp->smk_inode = final;
3521
5c6d1125 3522 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3523
3524unlockandout:
3525 mutex_unlock(&isp->smk_lock);
3526 return;
3527}
3528
3529/**
3530 * smack_getprocattr - Smack process attribute access
3531 * @p: the object task
3532 * @name: the name of the attribute in /proc/.../attr
3533 * @value: where to put the result
3534 *
3535 * Places a copy of the task Smack into value
3536 *
3537 * Returns the length of the smack label or an error code
3538 */
3539static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3540{
6d1cff2a 3541 struct smack_known *skp = smk_of_task_struct(p);
e114e473
CS		 3542 char *cp;
3543 int slen;
3544
3545 if (strcmp(name, "current") != 0)
3546 return -EINVAL;
3547
2f823ff8 3548 cp = kstrdup(skp->smk_known, GFP_KERNEL);
e114e473
CS		 3549 if (cp == NULL)
3550 return -ENOMEM;
3551
3552 slen = strlen(cp);
3553 *value = cp;
3554 return slen;
3555}
3556
3557/**
3558 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3559 * @name: the name of the attribute in /proc/.../attr
3560 * @value: the value to set
3561 * @size: the size of the value
3562 *
3563 * Sets the Smack value of the task. Only setting self
3564 * is permitted and only with privilege
3565 *
3566 * Returns the length of the smack label or an error code
3567 */
b21507e2 3568static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3569{
38416e53 3570 struct task_smack *tsp = current_security();
d84f4f99 3571 struct cred *new;
2f823ff8 3572 struct smack_known *skp;
38416e53
ZJ		 3573 struct smack_known_list_elem *sklep;
3574 int rc;
e114e473 3575
38416e53 3576 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3577 return -EPERM;
3578
f7112e6c 3579 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3580 return -EINVAL;
3581
3582 if (strcmp(name, "current") != 0)
3583 return -EINVAL;
3584
2f823ff8 3585 skp = smk_import_entry(value, size);
e774ad68
LP		 3586 if (IS_ERR(skp))
3587 return PTR_ERR(skp);
e114e473 3588
6d3dc07c 3589 /*
7128ea15
HS		 3590 * No process is ever allowed the web ("@") label
3591 * and the star ("*") label.
6d3dc07c 3592 */
7128ea15
HS		 3593 if (skp == &smack_known_web || skp == &smack_known_star)
3594 return -EINVAL;
6d3dc07c 3595
38416e53
ZJ		 3596 if (!smack_privileged(CAP_MAC_ADMIN)) {
3597 rc = -EPERM;
3598 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3599 if (sklep->smk_label == skp) {
3600 rc = 0;
3601 break;
3602 }
3603 if (rc)
3604 return rc;
3605 }
3606
d84f4f99 3607 new = prepare_creds();
6d3dc07c 3608 if (new == NULL)
d84f4f99 3609 return -ENOMEM;
7898e1f8 3610
46a2f3b9 3611 tsp = new->security;
2f823ff8 3612 tsp->smk_task = skp;
38416e53
ZJ		 3613 /*
3614 * process can change its label only once
3615 */
3616 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3617
d84f4f99 3618 commit_creds(new);
e114e473
CS		 3619 return size;
3620}
3621
3622/**
3623 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3624 * @sock: one sock
3625 * @other: the other sock
e114e473
CS		 3626 * @newsk: unused
3627 *
3628 * Return 0 if a subject with the smack of sock could access
3629 * an object with the smack of other, otherwise an error code
3630 */
3610cda5
DM		 3631static int smack_unix_stream_connect(struct sock *sock,
3632 struct sock *other, struct sock *newsk)
e114e473 3633{
2f823ff8 3634 struct smack_known *skp;
54e70ec5 3635 struct smack_known *okp;
d2e7ad19
JM		 3636 struct socket_smack *ssp = sock->sk_security;
3637 struct socket_smack *osp = other->sk_security;
975d5e55 3638 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3639 struct smk_audit_info ad;
b4e0d5f0 3640 int rc = 0;
923e9a13
KC		 3641#ifdef CONFIG_AUDIT
3642 struct lsm_network_audit net;
923e9a13 3643#endif
b4e0d5f0 3644
2f823ff8
CS		 3645 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3646 skp = ssp->smk_out;
96be7b54 3647 okp = osp->smk_in;
54e70ec5
CS		 3648#ifdef CONFIG_AUDIT
3649 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3650 smk_ad_setfield_u_net_sk(&ad, other);
3651#endif
21c7eae2
LP		 3652 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3653 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3654 if (rc == 0) {
96be7b54
ZJ		 3655 okp = osp->smk_out;
3656 skp = ssp->smk_in;
138a868f 3657 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3658 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3659 MAY_WRITE, rc);
3660 }
2f823ff8 3661 }
b4e0d5f0 3662
975d5e55
CS		 3663 /*
3664 * Cross reference the peer labels for SO_PEERSEC.
3665 */
3666 if (rc == 0) {
54e70ec5
CS		 3667 nsp->smk_packet = ssp->smk_out;
3668 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3669 }
3670
b4e0d5f0 3671 return rc;
e114e473
CS		 3672}
3673
3674/**
3675 * smack_unix_may_send - Smack access on UDS
3676 * @sock: one socket
3677 * @other: the other socket
3678 *
3679 * Return 0 if a subject with the smack of sock could access
3680 * an object with the smack of other, otherwise an error code
3681 */
3682static int smack_unix_may_send(struct socket *sock, struct socket *other)
3683{
b4e0d5f0
CS		 3684 struct socket_smack *ssp = sock->sk->sk_security;
3685 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3686 struct smk_audit_info ad;
d166c802 3687 int rc;
e114e473 3688
923e9a13
KC		 3689#ifdef CONFIG_AUDIT
3690 struct lsm_network_audit net;
3691
48c62af6 3692 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3693 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3694#endif
b4e0d5f0 3695
2f823ff8
CS		 3696 if (smack_privileged(CAP_MAC_OVERRIDE))
3697 return 0;
b4e0d5f0 3698
21c7eae2
LP		 3699 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3700 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3701 return rc;
e114e473
CS		 3702}
3703
6d3dc07c
CS		 3704/**
3705 * smack_socket_sendmsg - Smack check based on destination host
3706 * @sock: the socket
251a2a95 3707 * @msg: the message
6d3dc07c
CS		 3708 * @size: the size of the message
3709 *
c6739443
CS		 3710 * Return 0 if the current subject can write to the destination host.
3711 * For IPv4 this is only a question if the destination is a single label host.
3712 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3713 */
3714static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3715 int size)
3716{
3717 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3718#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3719 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3720#endif
3721#ifdef SMACK_IPV6_SECMARK_LABELING
3722 struct socket_smack *ssp = sock->sk->sk_security;
3723 struct smack_known *rsp;
3724#endif
c6739443 3725 int rc = 0;
6d3dc07c
CS		 3726
3727 /*
3728 * Perfectly reasonable for this to be NULL
3729 */
c6739443 3730 if (sip == NULL)
6d3dc07c
CS		 3731 return 0;
3732
81bd0d56 3733 switch (sock->sk->sk_family) {
c6739443
CS		 3734 case AF_INET:
3735 rc = smack_netlabel_send(sock->sk, sip);
3736 break;
3737 case AF_INET6:
21abb1ec
CS		 3738#ifdef SMACK_IPV6_SECMARK_LABELING
3739 rsp = smack_ipv6host_label(sap);
3740 if (rsp != NULL)
3741 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3742 SMK_CONNECTING);
3743#endif
3744#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3745 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3746#endif
c6739443
CS		 3747 break;
3748 }
3749 return rc;
6d3dc07c
CS		 3750}
3751
e114e473 3752/**
251a2a95 3753 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3754 * @sap: netlabel secattr
272cd7a8 3755 * @ssp: socket security information
e114e473 3756 *
2f823ff8 3757 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3758 */
2f823ff8
CS		 3759static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3760 struct socket_smack *ssp)
e114e473 3761{
2f823ff8 3762 struct smack_known *skp;
f7112e6c 3763 int found = 0;
677264e8
CS		 3764 int acat;
3765 int kcat;
e114e473 3766
6d3dc07c 3767 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3768 /*
6d3dc07c 3769 * Looks like a CIPSO packet.
e114e473
CS		 3770 * If there are flags but no level netlabel isn't
3771 * behaving the way we expect it to.
3772 *
f7112e6c 3773 * Look it up in the label table
e114e473
CS		 3774 * Without guidance regarding the smack value
3775 * for the packet fall back on the network
3776 * ambient value.
3777 */
f7112e6c 3778 rcu_read_lock();
348dc288 3779 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3780 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3781 continue;
677264e8
CS		 3782 /*
3783 * Compare the catsets. Use the netlbl APIs.
3784 */
3785 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3786 if ((skp->smk_netlabel.flags &
3787 NETLBL_SECATTR_MLS_CAT) == 0)
3788 found = 1;
3789 break;
3790 }
3791 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3792 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3793 acat + 1);
3794 kcat = netlbl_catmap_walk(
677264e8
CS		 3795 skp->smk_netlabel.attr.mls.cat,
3796 kcat + 1);
3797 if (acat < 0 || kcat < 0)
3798 break;
3799 }
3800 if (acat == kcat) {
3801 found = 1;
3802 break;
3803 }
6d3dc07c 3804 }
f7112e6c
CS		 3805 rcu_read_unlock();
3806
3807 if (found)
2f823ff8 3808 return skp;
f7112e6c 3809
54e70ec5 3810 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3811 return &smack_known_web;
3812 return &smack_known_star;
e114e473 3813 }
152f91d4 3814 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
6d3dc07c
CS		 3815 /*
3816 * Looks like a fallback, which gives us a secid.
3817 */
152f91d4 3818 return smack_from_secid(sap->attr.secid);
e114e473 3819 /*
6d3dc07c
CS		 3820 * Without guidance regarding the smack value
3821 * for the packet fall back on the network
3822 * ambient value.
e114e473 3823 */
272cd7a8 3824 return smack_net_ambient;
e114e473
CS		 3825}
3826
69f287ae 3827#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3828static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3829{
c6739443
CS		 3830 u8 nexthdr;
3831 int offset;
3832 int proto = -EINVAL;
3833 struct ipv6hdr _ipv6h;
3834 struct ipv6hdr *ip6;
3835 __be16 frag_off;
3836 struct tcphdr _tcph, *th;
3837 struct udphdr _udph, *uh;
3838 struct dccp_hdr _dccph, *dh;
3839
3840 sip->sin6_port = 0;
3841
3842 offset = skb_network_offset(skb);
3843 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3844 if (ip6 == NULL)
3845 return -EINVAL;
3846 sip->sin6_addr = ip6->saddr;
3847
3848 nexthdr = ip6->nexthdr;
3849 offset += sizeof(_ipv6h);
3850 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3851 if (offset < 0)
3852 return -EINVAL;
3853
3854 proto = nexthdr;
3855 switch (proto) {
3856 case IPPROTO_TCP:
3857 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3858 if (th != NULL)
3859 sip->sin6_port = th->source;
3860 break;
3861 case IPPROTO_UDP:
a07ef951 3862 case IPPROTO_UDPLITE:
c6739443
CS		 3863 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3864 if (uh != NULL)
3865 sip->sin6_port = uh->source;
3866 break;
3867 case IPPROTO_DCCP:
3868 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3869 if (dh != NULL)
3870 sip->sin6_port = dh->dccph_sport;
3871 break;
3872 }
3873 return proto;
3874}
69f287ae 3875#endif /* CONFIG_IPV6 */
c6739443 3876
e114e473
CS		 3877/**
3878 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3879 * @sk: socket
3880 * @skb: packet
3881 *
3882 * Returns 0 if the packet should be delivered, an error code otherwise
3883 */
3884static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3885{
3886 struct netlbl_lsm_secattr secattr;
3887 struct socket_smack *ssp = sk->sk_security;
69f287ae 3888 struct smack_known *skp = NULL;
c6739443 3889 int rc = 0;
ecfcc53f 3890 struct smk_audit_info ad;
129a9989 3891 u16 family = sk->sk_family;
923e9a13 3892#ifdef CONFIG_AUDIT
48c62af6 3893 struct lsm_network_audit net;
923e9a13 3894#endif
69f287ae
CS		 3895#if IS_ENABLED(CONFIG_IPV6)
3896 struct sockaddr_in6 sadd;
3897 int proto;
129a9989
PS		 3898
3899 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3900 family = PF_INET;
69f287ae
CS		 3901#endif /* CONFIG_IPV6 */
3902
129a9989 3903 switch (family) {
c6739443 3904 case PF_INET:
69f287ae
CS		 3905#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3906 /*
3907 * If there is a secmark use it rather than the CIPSO label.
3908 * If there is no secmark fall back to CIPSO.
3909 * The secmark is assumed to reflect policy better.
3910 */
3911 if (skb && skb->secmark != 0) {
3912 skp = smack_from_secid(skb->secmark);
3913 goto access_check;
3914 }
3915#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3916 /*
3917 * Translate what netlabel gave us.
3918 */
3919 netlbl_secattr_init(&secattr);
6d3dc07c 3920
129a9989 3921 rc = netlbl_skbuff_getattr(skb, family, &secattr);
c6739443 3922 if (rc == 0)
2f823ff8 3923 skp = smack_from_secattr(&secattr, ssp);
c6739443 3924 else
2f823ff8 3925 skp = smack_net_ambient;
6d3dc07c 3926
c6739443 3927 netlbl_secattr_destroy(&secattr);
6d3dc07c 3928
69f287ae
CS		 3929#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3930access_check:
3931#endif
ecfcc53f 3932#ifdef CONFIG_AUDIT
c6739443 3933 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3934 ad.a.u.net->family = family;
c6739443
CS		 3935 ad.a.u.net->netif = skb->skb_iif;
3936 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3937#endif
c6739443
CS		 3938 /*
3939 * Receiving a packet requires that the other end
3940 * be able to write here. Read access is not required.
3941 * This is the simplist possible security model
3942 * for networking.
3943 */
21c7eae2
LP		 3944 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3945 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 3946 MAY_WRITE, rc);
c6739443 3947 if (rc != 0)
129a9989 3948 netlbl_skbuff_err(skb, family, rc, 0);
c6739443 3949 break;
69f287ae 3950#if IS_ENABLED(CONFIG_IPV6)
c6739443 3951 case PF_INET6:
69f287ae 3952 proto = smk_skb_to_addr_ipv6(skb, &sadd);
a07ef951
PS		 3953 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
3954 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
69f287ae 3955 break;
21abb1ec 3956#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae
CS		 3957 if (skb && skb->secmark != 0)
3958 skp = smack_from_secid(skb->secmark);
c6739443 3959 else
21abb1ec
CS		 3960 skp = smack_ipv6host_label(&sadd);
3961 if (skp == NULL)
69f287ae
CS		 3962 skp = smack_net_ambient;
3963#ifdef CONFIG_AUDIT
3964 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
129a9989 3965 ad.a.u.net->family = family;
69f287ae
CS		 3966 ad.a.u.net->netif = skb->skb_iif;
3967 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
3968#endif /* CONFIG_AUDIT */
3969 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
3970 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
3971 MAY_WRITE, rc);
21abb1ec
CS		 3972#endif /* SMACK_IPV6_SECMARK_LABELING */
3973#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 3974 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 3975#endif /* SMACK_IPV6_PORT_LABELING */
d66a8acb
PS		 3976 if (rc != 0)
3977 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3978 ICMPV6_ADM_PROHIBITED, 0);
c6739443 3979 break;
69f287ae 3980#endif /* CONFIG_IPV6 */
c6739443 3981 }
69f287ae 3982
a8134296 3983 return rc;
e114e473
CS		 3984}
3985
3986/**
3987 * smack_socket_getpeersec_stream - pull in packet label
3988 * @sock: the socket
3989 * @optval: user's destination
3990 * @optlen: size thereof
251a2a95 3991 * @len: max thereof
e114e473
CS		 3992 *
3993 * returns zero on success, an error code otherwise
3994 */
3995static int smack_socket_getpeersec_stream(struct socket *sock,
3996 char __user *optval,
3997 int __user *optlen, unsigned len)
3998{
3999 struct socket_smack *ssp;
272cd7a8
CS		 4000 char *rcp = "";
4001 int slen = 1;
e114e473
CS		 4002 int rc = 0;
4003
4004 ssp = sock->sk->sk_security;
272cd7a8 4005 if (ssp->smk_packet != NULL) {
54e70ec5 4006 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4007 slen = strlen(rcp) + 1;
4008 }
e114e473
CS		 4009
4010 if (slen > len)
4011 rc = -ERANGE;
272cd7a8 4012 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 4013 rc = -EFAULT;
4014
4015 if (put_user(slen, optlen) != 0)
4016 rc = -EFAULT;
4017
4018 return rc;
4019}
4020
4021
4022/**
4023 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4024 * @sock: the peer socket
e114e473
CS		 4025 * @skb: packet data
4026 * @secid: pointer to where to put the secid of the packet
4027 *
4028 * Sets the netlabel socket state on sk from parent
4029 */
4030static int smack_socket_getpeersec_dgram(struct socket *sock,
4031 struct sk_buff *skb, u32 *secid)
4032
4033{
4034 struct netlbl_lsm_secattr secattr;
272cd7a8 4035 struct socket_smack *ssp = NULL;
2f823ff8 4036 struct smack_known *skp;
b4e0d5f0
CS		 4037 int family = PF_UNSPEC;
4038 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 4039 int rc;
4040
b4e0d5f0
CS		 4041 if (skb != NULL) {
4042 if (skb->protocol == htons(ETH_P_IP))
4043 family = PF_INET;
69f287ae 4044#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4045 else if (skb->protocol == htons(ETH_P_IPV6))
4046 family = PF_INET6;
69f287ae 4047#endif /* CONFIG_IPV6 */
e114e473 4048 }
b4e0d5f0
CS		 4049 if (family == PF_UNSPEC && sock != NULL)
4050 family = sock->sk->sk_family;
e114e473 4051
69f287ae
CS		 4052 switch (family) {
4053 case PF_UNIX:
272cd7a8 4054 ssp = sock->sk->sk_security;
2f823ff8 4055 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4056 break;
4057 case PF_INET:
4058#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4059 s = skb->secmark;
4060 if (s != 0)
4061 break;
4062#endif
b4e0d5f0
CS		 4063 /*
4064 * Translate what netlabel gave us.
4065 */
272cd7a8
CS		 4066 if (sock != NULL && sock->sk != NULL)
4067 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 4068 netlbl_secattr_init(&secattr);
4069 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4070 if (rc == 0) {
2f823ff8
CS		 4071 skp = smack_from_secattr(&secattr, ssp);
4072 s = skp->smk_secid;
b4e0d5f0
CS		 4073 }
4074 netlbl_secattr_destroy(&secattr);
69f287ae 4075 break;
69f287ae 4076 case PF_INET6:
21abb1ec 4077#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae 4078 s = skb->secmark;
21abb1ec 4079#endif
69f287ae 4080 break;
b4e0d5f0
CS		 4081 }
4082 *secid = s;
e114e473
CS		 4083 if (s == 0)
4084 return -EINVAL;
e114e473
CS		 4085 return 0;
4086}
4087
4088/**
07feee8f
PM		 4089 * smack_sock_graft - Initialize a newly created socket with an existing sock
4090 * @sk: child sock
4091 * @parent: parent socket
e114e473 4092 *
07feee8f
PM		 4093 * Set the smk_{in,out} state of an existing sock based on the process that
4094 * is creating the new socket.
e114e473
CS		 4095 */
4096static void smack_sock_graft(struct sock *sk, struct socket *parent)
4097{
4098 struct socket_smack *ssp;
2f823ff8 4099 struct smack_known *skp = smk_of_current();
e114e473 4100
07feee8f
PM		 4101 if (sk == NULL ||
4102 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4103 return;
4104
4105 ssp = sk->sk_security;
54e70ec5 4106 ssp->smk_in = skp;
2f823ff8 4107 ssp->smk_out = skp;
07feee8f 4108 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4109}
4110
4111/**
4112 * smack_inet_conn_request - Smack access check on connect
4113 * @sk: socket involved
4114 * @skb: packet
4115 * @req: unused
4116 *
4117 * Returns 0 if a task with the packet label could write to
4118 * the socket, otherwise an error code
4119 */
4120static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4121 struct request_sock *req)
4122{
07feee8f 4123 u16 family = sk->sk_family;
f7112e6c 4124 struct smack_known *skp;
e114e473 4125 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4126 struct netlbl_lsm_secattr secattr;
4127 struct sockaddr_in addr;
4128 struct iphdr *hdr;
21c7eae2 4129 struct smack_known *hskp;
e114e473 4130 int rc;
ecfcc53f 4131 struct smk_audit_info ad;
923e9a13 4132#ifdef CONFIG_AUDIT
48c62af6 4133 struct lsm_network_audit net;
923e9a13 4134#endif
e114e473 4135
69f287ae 4136#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4137 if (family == PF_INET6) {
4138 /*
4139 * Handle mapped IPv4 packets arriving
4140 * via IPv6 sockets. Don't set up netlabel
4141 * processing on IPv6.
4142 */
4143 if (skb->protocol == htons(ETH_P_IP))
4144 family = PF_INET;
4145 else
4146 return 0;
4147 }
69f287ae 4148#endif /* CONFIG_IPV6 */
e114e473 4149
7f368ad3
CS		 4150#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4151 /*
4152 * If there is a secmark use it rather than the CIPSO label.
4153 * If there is no secmark fall back to CIPSO.
4154 * The secmark is assumed to reflect policy better.
4155 */
4156 if (skb && skb->secmark != 0) {
4157 skp = smack_from_secid(skb->secmark);
4158 goto access_check;
4159 }
4160#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4161
07feee8f
PM		 4162 netlbl_secattr_init(&secattr);
4163 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 4164 if (rc == 0)
2f823ff8 4165 skp = smack_from_secattr(&secattr, ssp);
e114e473 4166 else
2f823ff8 4167 skp = &smack_known_huh;
07feee8f
PM		 4168 netlbl_secattr_destroy(&secattr);
4169
7f368ad3
CS		 4170#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4171access_check:
4172#endif
4173
ecfcc53f 4174#ifdef CONFIG_AUDIT
48c62af6
EP		 4175 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4176 ad.a.u.net->family = family;
4177 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4178 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4179#endif
e114e473 4180 /*
07feee8f
PM		 4181 * Receiving a packet requires that the other end be able to write
4182 * here. Read access is not required.
e114e473 4183 */
21c7eae2
LP		 4184 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4185 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4186 if (rc != 0)
4187 return rc;
4188
4189 /*
4190 * Save the peer's label in the request_sock so we can later setup
4191 * smk_packet in the child socket so that SO_PEERCRED can report it.
4192 */
2f823ff8 4193 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4194
4195 /*
4196 * We need to decide if we want to label the incoming connection here
4197 * if we do we only need to label the request_sock and the stack will
25985edc 4198 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4199 */
4200 hdr = ip_hdr(skb);
4201 addr.sin_addr.s_addr = hdr->saddr;
4202 rcu_read_lock();
21abb1ec 4203 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4204 rcu_read_unlock();
4205
21c7eae2 4206 if (hskp == NULL)
f7112e6c 4207 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4208 else
07feee8f 4209 netlbl_req_delattr(req);
e114e473
CS		 4210
4211 return rc;
4212}
4213
07feee8f
PM		 4214/**
4215 * smack_inet_csk_clone - Copy the connection information to the new socket
4216 * @sk: the new socket
4217 * @req: the connection's request_sock
4218 *
4219 * Transfer the connection's peer label to the newly created socket.
4220 */
4221static void smack_inet_csk_clone(struct sock *sk,
4222 const struct request_sock *req)
4223{
4224 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4225 struct smack_known *skp;
07feee8f 4226
2f823ff8
CS		 4227 if (req->peer_secid != 0) {
4228 skp = smack_from_secid(req->peer_secid);
54e70ec5 4229 ssp->smk_packet = skp;
2f823ff8 4230 } else
272cd7a8 4231 ssp->smk_packet = NULL;
07feee8f
PM		 4232}
4233
e114e473
CS		 4234/*
4235 * Key management security hooks
4236 *
4237 * Casey has not tested key support very heavily.
4238 * The permission check is most likely too restrictive.
4239 * If you care about keys please have a look.
4240 */
4241#ifdef CONFIG_KEYS
4242
4243/**
4244 * smack_key_alloc - Set the key security blob
4245 * @key: object
d84f4f99 4246 * @cred: the credentials to use
e114e473
CS		 4247 * @flags: unused
4248 *
4249 * No allocation required
4250 *
4251 * Returns 0
4252 */
d84f4f99 4253static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4254 unsigned long flags)
4255{
2f823ff8
CS		 4256 struct smack_known *skp = smk_of_task(cred->security);
4257
21c7eae2 4258 key->security = skp;
e114e473
CS		 4259 return 0;
4260}
4261
4262/**
4263 * smack_key_free - Clear the key security blob
4264 * @key: the object
4265 *
4266 * Clear the blob pointer
4267 */
4268static void smack_key_free(struct key *key)
4269{
4270 key->security = NULL;
4271}
4272
1a28979b 4273/**
e114e473
CS		 4274 * smack_key_permission - Smack access on a key
4275 * @key_ref: gets to the object
d84f4f99 4276 * @cred: the credentials to use
1a28979b 4277 * @perm: requested key permissions
e114e473
CS		 4278 *
4279 * Return 0 if the task has read and write to the object,
4280 * an error code otherwise
4281 */
4282static int smack_key_permission(key_ref_t key_ref,
f5895943 4283 const struct cred *cred, unsigned perm)
e114e473
CS		 4284{
4285 struct key *keyp;
ecfcc53f 4286 struct smk_audit_info ad;
2f823ff8 4287 struct smack_known *tkp = smk_of_task(cred->security);
fffea214 4288 int request = 0;
d166c802 4289 int rc;
e114e473 4290
5b841bfa
ZM		 4291 /*
4292 * Validate requested permissions
4293 */
4294 if (perm & ~KEY_NEED_ALL)
4295 return -EINVAL;
4296
e114e473
CS		 4297 keyp = key_ref_to_ptr(key_ref);
4298 if (keyp == NULL)
4299 return -EINVAL;
4300 /*
4301 * If the key hasn't been initialized give it access so that
4302 * it may do so.
4303 */
4304 if (keyp->security == NULL)
4305 return 0;
4306 /*
4307 * This should not occur
4308 */
2f823ff8 4309 if (tkp == NULL)
e114e473 4310 return -EACCES;
d19dfe58
CS		 4311
4312 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4313 return 0;
4314
ecfcc53f
EB		 4315#ifdef CONFIG_AUDIT
4316 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4317 ad.a.u.key_struct.key = keyp->serial;
4318 ad.a.u.key_struct.key_desc = keyp->description;
4319#endif
5b841bfa
ZM		 4320 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4321 request |= MAY_READ;
fffea214 4322 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
5b841bfa 4323 request |= MAY_WRITE;
d166c802
CS		 4324 rc = smk_access(tkp, keyp->security, request, &ad);
4325 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4326 return rc;
e114e473 4327}
7fc5f36e
JB		 4328
4329/*
4330 * smack_key_getsecurity - Smack label tagging the key
4331 * @key points to the key to be queried
4332 * @_buffer points to a pointer that should be set to point to the
4333 * resulting string (if no label or an error occurs).
4334 * Return the length of the string (including terminating NUL) or -ve if
4335 * an error.
4336 * May also return 0 (and a NULL buffer pointer) if there is no label.
4337 */
4338static int smack_key_getsecurity(struct key *key, char **_buffer)
4339{
4340 struct smack_known *skp = key->security;
4341 size_t length;
4342 char *copy;
4343
4344 if (key->security == NULL) {
4345 *_buffer = NULL;
4346 return 0;
4347 }
4348
4349 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4350 if (copy == NULL)
4351 return -ENOMEM;
4352 length = strlen(copy) + 1;
4353
4354 *_buffer = copy;
4355 return length;
4356}
4357
e114e473
CS		 4358#endif /* CONFIG_KEYS */
4359
d20bdda6
AD		 4360/*
4361 * Smack Audit hooks
4362 *
4363 * Audit requires a unique representation of each Smack specific
4364 * rule. This unique representation is used to distinguish the
4365 * object to be audited from remaining kernel objects and also
4366 * works as a glue between the audit hooks.
4367 *
4368 * Since repository entries are added but never deleted, we'll use
4369 * the smack_known label address related to the given audit rule as
4370 * the needed unique representation. This also better fits the smack
4371 * model where nearly everything is a label.
4372 */
4373#ifdef CONFIG_AUDIT
4374
4375/**
4376 * smack_audit_rule_init - Initialize a smack audit rule
4377 * @field: audit rule fields given from user-space (audit.h)
4378 * @op: required testing operator (=, !=, >, <, ...)
4379 * @rulestr: smack label to be audited
4380 * @vrule: pointer to save our own audit rule representation
4381 *
4382 * Prepare to audit cases where (@field @op @rulestr) is true.
4383 * The label to be audited is created if necessay.
4384 */
4385static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4386{
21c7eae2 4387 struct smack_known *skp;
d20bdda6
AD		 4388 char **rule = (char **)vrule;
4389 *rule = NULL;
4390
4391 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4392 return -EINVAL;
4393
5af75d8d 4394 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4395 return -EINVAL;
4396
21c7eae2 4397 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4398 if (IS_ERR(skp))
4399 return PTR_ERR(skp);
4400
4401 *rule = skp->smk_known;
d20bdda6
AD		 4402
4403 return 0;
4404}
4405
4406/**
4407 * smack_audit_rule_known - Distinguish Smack audit rules
4408 * @krule: rule of interest, in Audit kernel representation format
4409 *
4410 * This is used to filter Smack rules from remaining Audit ones.
4411 * If it's proved that this rule belongs to us, the
4412 * audit_rule_match hook will be called to do the final judgement.
4413 */
4414static int smack_audit_rule_known(struct audit_krule *krule)
4415{
4416 struct audit_field *f;
4417 int i;
4418
4419 for (i = 0; i < krule->field_count; i++) {
4420 f = &krule->fields[i];
4421
4422 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4423 return 1;
4424 }
4425
4426 return 0;
4427}
4428
4429/**
4430 * smack_audit_rule_match - Audit given object ?
4431 * @secid: security id for identifying the object to test
4432 * @field: audit rule flags given from user-space
4433 * @op: required testing operator
4434 * @vrule: smack internal rule presentation
4435 * @actx: audit context associated with the check
4436 *
4437 * The core Audit hook. It's used to take the decision of
4438 * whether to audit or not to audit a given object.
4439 */
4440static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4441 struct audit_context *actx)
4442{
2f823ff8 4443 struct smack_known *skp;
d20bdda6
AD		 4444 char *rule = vrule;
4445
4eb0f4ab
RGB		 4446 if (unlikely(!rule)) {
4447 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4448 return -ENOENT;
4449 }
4450
4451 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4452 return 0;
4453
2f823ff8 4454 skp = smack_from_secid(secid);
d20bdda6
AD		 4455
4456 /*
4457 * No need to do string comparisons. If a match occurs,
4458 * both pointers will point to the same smack_known
4459 * label.
4460 */
5af75d8d 4461 if (op == Audit_equal)
2f823ff8 4462 return (rule == skp->smk_known);
5af75d8d 4463 if (op == Audit_not_equal)
2f823ff8 4464 return (rule != skp->smk_known);
d20bdda6
AD		 4465
4466 return 0;
4467}
4468
491a0b08
CS		 4469/*
4470 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4471 * No memory was allocated.
4472 */
d20bdda6
AD		 4473
4474#endif /* CONFIG_AUDIT */
4475
746df9b5
DQ		 4476/**
4477 * smack_ismaclabel - check if xattr @name references a smack MAC label
4478 * @name: Full xattr name to check.
4479 */
4480static int smack_ismaclabel(const char *name)
4481{
4482 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4483}
4484
4485
251a2a95 4486/**
e114e473
CS		 4487 * smack_secid_to_secctx - return the smack label for a secid
4488 * @secid: incoming integer
4489 * @secdata: destination
4490 * @seclen: how long it is
4491 *
4492 * Exists for networking code.
4493 */
4494static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4495{
2f823ff8 4496 struct smack_known *skp = smack_from_secid(secid);
e114e473 4497
d5630b9d 4498 if (secdata)
2f823ff8
CS		 4499 *secdata = skp->smk_known;
4500 *seclen = strlen(skp->smk_known);
e114e473
CS		 4501 return 0;
4502}
4503
251a2a95 4504/**
4bc87e62
CS		 4505 * smack_secctx_to_secid - return the secid for a smack label
4506 * @secdata: smack label
4507 * @seclen: how long result is
4508 * @secid: outgoing integer
4509 *
4510 * Exists for audit and networking code.
4511 */
e52c1764 4512static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4513{
21c7eae2
LP		 4514 struct smack_known *skp = smk_find_entry(secdata);
4515
4516 if (skp)
4517 *secid = skp->smk_secid;
4518 else
4519 *secid = 0;
4bc87e62
CS		 4520 return 0;
4521}
4522
491a0b08
CS		 4523/*
4524 * There used to be a smack_release_secctx hook
4525 * that did nothing back when hooks were in a vector.
4526 * Now that there's a list such a hook adds cost.
e114e473 4527 */
e114e473 4528
1ee65e37
DQ		 4529static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4530{
4531 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4532}
4533
4534static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4535{
4536 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4537}
4538
4539static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4540{
0f8983cf 4541 struct smack_known *skp = smk_of_inode(inode);
1ee65e37 4542
0f8983cf
CS		 4543 *ctx = skp->smk_known;
4544 *ctxlen = strlen(skp->smk_known);
1ee65e37
DQ		 4545 return 0;
4546}
4547
d6d80cb5
CS		 4548static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4549{
4550
4551 struct task_smack *tsp;
4552 struct smack_known *skp;
4553 struct inode_smack *isp;
4554 struct cred *new_creds = *new;
4555
4556 if (new_creds == NULL) {
4557 new_creds = prepare_creds();
4558 if (new_creds == NULL)
4559 return -ENOMEM;
4560 }
4561
4562 tsp = new_creds->security;
4563
4564 /*
4565 * Get label from overlay inode and set it in create_sid
4566 */
4567 isp = d_inode(dentry->d_parent)->i_security;
4568 skp = isp->smk_inode;
4569 tsp->smk_task = skp;
4570 *new = new_creds;
4571 return 0;
4572}
4573
4574static int smack_inode_copy_up_xattr(const char *name)
4575{
4576 /*
4577 * Return 1 if this is the smack access Smack attribute.
4578 */
4579 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4580 return 1;
4581
4582 return -EOPNOTSUPP;
4583}
4584
4585static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4586 struct qstr *name,
4587 const struct cred *old,
4588 struct cred *new)
4589{
4590 struct task_smack *otsp = old->security;
4591 struct task_smack *ntsp = new->security;
4592 struct inode_smack *isp;
4593 int may;
4594
4595 /*
4596 * Use the process credential unless all of
4597 * the transmuting criteria are met
4598 */
4599 ntsp->smk_task = otsp->smk_task;
4600
4601 /*
4602 * the attribute of the containing directory
4603 */
4604 isp = d_inode(dentry->d_parent)->i_security;
4605
4606 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4607 rcu_read_lock();
4608 may = smk_access_entry(otsp->smk_task->smk_known,
4609 isp->smk_inode->smk_known,
4610 &otsp->smk_task->smk_rules);
4611 rcu_read_unlock();
4612
4613 /*
4614 * If the directory is transmuting and the rule
4615 * providing access is transmuting use the containing
4616 * directory label instead of the process label.
4617 */
4618 if (may > 0 && (may & MAY_TRANSMUTE))
4619 ntsp->smk_task = isp->smk_inode;
4620 }
4621 return 0;
4622}
4623
ca97d939 4624static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4625 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4626 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4627 LSM_HOOK_INIT(syslog, smack_syslog),
4628
2febd254
DH		 4629 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4630
e20b043a
CS		 4631 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4632 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
204cc0cc 4633 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5b400239 4634 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
e20b043a 4635 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c 4636 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
e20b043a
CS		 4637
4638 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
e20b043a
CS		 4639
4640 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4641 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4642 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4643 LSM_HOOK_INIT(inode_link, smack_inode_link),
4644 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4645 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4646 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4647 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4648 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4649 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4650 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4651 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4652 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4653 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4654 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4655 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4656 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4657 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4658
e20b043a
CS		 4659 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4660 LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4661 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4662 LSM_HOOK_INIT(file_lock, smack_file_lock),
4663 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4664 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4665 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4666 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4667 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4668 LSM_HOOK_INIT(file_receive, smack_file_receive),
4669
4670 LSM_HOOK_INIT(file_open, smack_file_open),
4671
4672 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4673 LSM_HOOK_INIT(cred_free, smack_cred_free),
4674 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4675 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
3ec30113 4676 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
e20b043a
CS		 4677 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4678 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4679 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4680 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4681 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4682 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4683 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4684 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4685 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4686 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4687 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4688 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4689 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4690 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4691
4692 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4693 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4694
4695 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4696 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4697
0d79cbf8
EB		 4698 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4699 LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security),
e20b043a
CS		 4700 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4701 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4702 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4703 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4704
0d79cbf8
EB		 4705 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4706 LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security),
e20b043a
CS		 4707 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4708 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4709 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4710
0d79cbf8
EB		 4711 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4712 LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security),
e20b043a
CS		 4713 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4714 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4715 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4716
4717 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4718
4719 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4720 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4721
4722 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4723 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4724
4725 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5859cdf5 4726 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
21abb1ec 4727#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4728 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4729#endif
e20b043a
CS		 4730 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4731 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4732 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4733 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4734 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4735 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4736 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4737 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4738 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4739 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4740
e114e473
CS		 4741 /* key management security hooks */
4742#ifdef CONFIG_KEYS
e20b043a
CS		 4743 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4744 LSM_HOOK_INIT(key_free, smack_key_free),
4745 LSM_HOOK_INIT(key_permission, smack_key_permission),
4746 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
e114e473 4747#endif /* CONFIG_KEYS */
d20bdda6
AD		 4748
4749 /* Audit hooks */
4750#ifdef CONFIG_AUDIT
e20b043a
CS		 4751 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4752 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4753 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4754#endif /* CONFIG_AUDIT */
4755
e20b043a
CS		 4756 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4757 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4758 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4759 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4760 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4761 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
d6d80cb5
CS		 4762 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
4763 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
4764 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
e114e473
CS		 4765};
4766
7198e2ee 4767
86812bb0 4768static __init void init_smack_known_list(void)
7198e2ee 4769{
86812bb0
CS		 4770 /*
4771 * Initialize rule list locks
4772 */
4773 mutex_init(&smack_known_huh.smk_rules_lock);
4774 mutex_init(&smack_known_hat.smk_rules_lock);
4775 mutex_init(&smack_known_floor.smk_rules_lock);
4776 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4777 mutex_init(&smack_known_web.smk_rules_lock);
4778 /*
4779 * Initialize rule lists
4780 */
4781 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4782 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4783 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4784 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4785 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4786 /*
4787 * Create the known labels list
4788 */
4d7cf4a1
TS		 4789 smk_insert_entry(&smack_known_huh);
4790 smk_insert_entry(&smack_known_hat);
4791 smk_insert_entry(&smack_known_star);
4792 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4793 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4794}
4795
e114e473
CS		 4796/**
4797 * smack_init - initialize the smack system
4798 *
4799 * Returns 0
4800 */
4801static __init int smack_init(void)
4802{
d84f4f99 4803 struct cred *cred;
676dac4b 4804 struct task_smack *tsp;
d84f4f99 4805
b1d9e6b0 4806 if (!security_module_enable("smack"))
7898e1f8
CS		 4807 return 0;
4808
1a5b472b
R		 4809 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4810 if (!smack_inode_cache)
4811 return -ENOMEM;
4812
2f823ff8
CS		 4813 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4814 GFP_KERNEL);
1a5b472b
R		 4815 if (tsp == NULL) {
4816 kmem_cache_destroy(smack_inode_cache);
676dac4b 4817 return -ENOMEM;
1a5b472b 4818 }
676dac4b 4819
d21b7b04
JB		 4820 smack_enabled = 1;
4821
21abb1ec
CS		 4822 pr_info("Smack: Initializing.\n");
4823#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4824 pr_info("Smack: Netfilter enabled.\n");
4825#endif
4826#ifdef SMACK_IPV6_PORT_LABELING
4827 pr_info("Smack: IPv6 port labeling enabled.\n");
4828#endif
4829#ifdef SMACK_IPV6_SECMARK_LABELING
4830 pr_info("Smack: IPv6 Netfilter enabled.\n");
4831#endif
e114e473
CS		 4832
4833 /*
4834 * Set the security state for the initial task.
4835 */
d84f4f99 4836 cred = (struct cred *) current->cred;
676dac4b 4837 cred->security = tsp;
e114e473 4838
86812bb0
CS		 4839 /* initialize the smack_known_list */
4840 init_smack_known_list();
e114e473
CS		 4841
4842 /*
4843 * Register with LSM
4844 */
d69dece5 4845 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
e114e473
CS		 4846
4847 return 0;
4848}
4849
4850/*
4851 * Smack requires early initialization in order to label
4852 * all processes and objects when they are created.
4853 */
3d6e5f6d 4854DEFINE_LSM(smack) = {
07aed2f2 4855 .name = "smack",
3d6e5f6d
KC		 4856 .init = smack_init,
4857};
Ubuntu Hirsute Linux kernel mirror