1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 *  Simplified MAC Kernel (smack) security module
4
 *
5
 *  This file contains the smack hook function implementations.
6
 *
7
 *  Authors:
8
 *	Casey Schaufler <[email protected]>
9
 *	Jarkko Sakkinen <[email protected]>
10
 *
11
 *  Copyright (C) 2007 Casey Schaufler <[email protected]>
12
 *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13
 *                Paul Moore <[email protected]>
14
 *  Copyright (C) 2010 Nokia Corporation
15
 *  Copyright (C) 2011 Intel Corporation.
16
 */
17

18
#include <linux/xattr.h>
19
#include <linux/pagemap.h>
20
#include <linux/mount.h>
21
#include <linux/stat.h>
22
#include <linux/kd.h>
23
#include <asm/ioctls.h>
24
#include <linux/ip.h>
25
#include <linux/tcp.h>
26
#include <linux/udp.h>
27
#include <linux/icmpv6.h>
28
#include <linux/slab.h>
29
#include <linux/mutex.h>
30
#include <net/cipso_ipv4.h>
31
#include <net/ip.h>
32
#include <net/ipv6.h>
33
#include <linux/audit.h>
34
#include <linux/magic.h>
35
#include <linux/dcache.h>
36
#include <linux/personality.h>
37
#include <linux/msg.h>
38
#include <linux/shm.h>
39
#include <uapi/linux/shm.h>
40
#include <linux/binfmts.h>
41
#include <linux/parser.h>
42
#include <linux/fs_context.h>
43
#include <linux/fs_parser.h>
44
#include <linux/watch_queue.h>
45
#include <linux/io_uring/cmd.h>
46
#include <uapi/linux/lsm.h>
47
#include "smack.h"
48

49
#define TRANS_TRUE	"TRUE"
50
#define TRANS_TRUE_SIZE	4
51

52
#define SMK_CONNECTING	0
53
#define SMK_RECEIVING	1
54
#define SMK_SENDING	2
55

56
/*
57
 * Smack uses multiple xattrs.
58
 * SMACK64 - for access control,
59
 * SMACK64TRANSMUTE - label initialization,
60
 * Not saved on files - SMACK64IPIN and SMACK64IPOUT,
61
 * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
62
 */
63
#define SMACK_INODE_INIT_XATTRS 2
64

65
#ifdef SMACK_IPV6_PORT_LABELING
66
static DEFINE_MUTEX(smack_ipv6_lock);
67
static LIST_HEAD(smk_ipv6_port_list);
68
#endif
69
struct kmem_cache *smack_rule_cache;
70
int smack_enabled __initdata;
71

72
#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
73
static struct {
74
	const char *name;
75
	int len;
76
	int opt;
77
} smk_mount_opts[] = {
78
	{"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
79
	A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
80
};
81
#undef A
82

83
static int match_opt_prefix(char *s, int l, char **arg)
84
{
85
	int i;
86

87
	for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
88
		size_t len = smk_mount_opts[i].len;
89
		if (len > l || memcmp(s, smk_mount_opts[i].name, len))
90
			continue;
91
		if (len == l || s[len] != '=')
92
			continue;
93
		*arg = s + len + 1;
94
		return smk_mount_opts[i].opt;
95
	}
96
	return Opt_error;
97
}
98

99
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
100
static char *smk_bu_mess[] = {
101
	"Bringup Error",	/* Unused */
102
	"Bringup",		/* SMACK_BRINGUP_ALLOW */
103
	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
104
	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
105
};
106

107
static void smk_bu_mode(int mode, char *s)
108
{
109
	smack_str_from_perm(s, mode);
110
}
111
#endif
112

113
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
114
static int smk_bu_note(char *note, struct smack_known *sskp,
115
		       struct smack_known *oskp, int mode, int rc)
116
{
117
	char acc[SMK_NUM_ACCESS_TYPE + 1];
118

119
	if (rc <= 0)
120
		return rc;
121
	if (rc > SMACK_UNCONFINED_OBJECT)
122
		rc = 0;
123

124
	smk_bu_mode(mode, acc);
125
	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
126
		sskp->smk_known, oskp->smk_known, acc, note);
127
	return 0;
128
}
129
#else
130
#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
131
#endif
132

133
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
134
static int smk_bu_current(char *note, struct smack_known *oskp,
135
			  int mode, int rc)
136
{
137
	struct task_smack *tsp = smack_cred(current_cred());
138
	char acc[SMK_NUM_ACCESS_TYPE + 1];
139

140
	if (rc <= 0)
141
		return rc;
142
	if (rc > SMACK_UNCONFINED_OBJECT)
143
		rc = 0;
144

145
	smk_bu_mode(mode, acc);
146
	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
147
		tsp->smk_task->smk_known, oskp->smk_known,
148
		acc, current->comm, note);
149
	return 0;
150
}
151
#else
152
#define smk_bu_current(note, oskp, mode, RC) (RC)
153
#endif
154

155
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
156
static int smk_bu_task(struct task_struct *otp, int mode, int rc)
157
{
158
	struct task_smack *tsp = smack_cred(current_cred());
159
	struct smack_known *smk_task = smk_of_task_struct_obj(otp);
160
	char acc[SMK_NUM_ACCESS_TYPE + 1];
161

162
	if (rc <= 0)
163
		return rc;
164
	if (rc > SMACK_UNCONFINED_OBJECT)
165
		rc = 0;
166

167
	smk_bu_mode(mode, acc);
168
	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
169
		tsp->smk_task->smk_known, smk_task->smk_known, acc,
170
		current->comm, otp->comm);
171
	return 0;
172
}
173
#else
174
#define smk_bu_task(otp, mode, RC) (RC)
175
#endif
176

177
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
178
static int smk_bu_inode(struct inode *inode, int mode, int rc)
179
{
180
	struct task_smack *tsp = smack_cred(current_cred());
181
	struct inode_smack *isp = smack_inode(inode);
182
	char acc[SMK_NUM_ACCESS_TYPE + 1];
183

184
	if (isp->smk_flags & SMK_INODE_IMPURE)
185
		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
186
			inode->i_sb->s_id, inode->i_ino, current->comm);
187

188
	if (rc <= 0)
189
		return rc;
190
	if (rc > SMACK_UNCONFINED_OBJECT)
191
		rc = 0;
192
	if (rc == SMACK_UNCONFINED_SUBJECT &&
193
	    (mode & (MAY_WRITE | MAY_APPEND)))
194
		isp->smk_flags |= SMK_INODE_IMPURE;
195

196
	smk_bu_mode(mode, acc);
197

198
	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
199
		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
200
		inode->i_sb->s_id, inode->i_ino, current->comm);
201
	return 0;
202
}
203
#else
204
#define smk_bu_inode(inode, mode, RC) (RC)
205
#endif
206

207
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
208
static int smk_bu_file(struct file *file, int mode, int rc)
209
{
210
	struct task_smack *tsp = smack_cred(current_cred());
211
	struct smack_known *sskp = tsp->smk_task;
212
	struct inode *inode = file_inode(file);
213
	struct inode_smack *isp = smack_inode(inode);
214
	char acc[SMK_NUM_ACCESS_TYPE + 1];
215

216
	if (isp->smk_flags & SMK_INODE_IMPURE)
217
		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
218
			inode->i_sb->s_id, inode->i_ino, current->comm);
219

220
	if (rc <= 0)
221
		return rc;
222
	if (rc > SMACK_UNCONFINED_OBJECT)
223
		rc = 0;
224

225
	smk_bu_mode(mode, acc);
226
	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
227
		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
228
		inode->i_sb->s_id, inode->i_ino, file,
229
		current->comm);
230
	return 0;
231
}
232
#else
233
#define smk_bu_file(file, mode, RC) (RC)
234
#endif
235

236
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
237
static int smk_bu_credfile(const struct cred *cred, struct file *file,
238
				int mode, int rc)
239
{
240
	struct task_smack *tsp = smack_cred(cred);
241
	struct smack_known *sskp = tsp->smk_task;
242
	struct inode *inode = file_inode(file);
243
	struct inode_smack *isp = smack_inode(inode);
244
	char acc[SMK_NUM_ACCESS_TYPE + 1];
245

246
	if (isp->smk_flags & SMK_INODE_IMPURE)
247
		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
248
			inode->i_sb->s_id, inode->i_ino, current->comm);
249

250
	if (rc <= 0)
251
		return rc;
252
	if (rc > SMACK_UNCONFINED_OBJECT)
253
		rc = 0;
254

255
	smk_bu_mode(mode, acc);
256
	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
257
		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
258
		inode->i_sb->s_id, inode->i_ino, file,
259
		current->comm);
260
	return 0;
261
}
262
#else
263
#define smk_bu_credfile(cred, file, mode, RC) (RC)
264
#endif
265

266
/**
267
 * smk_fetch - Fetch the smack label from a file.
268
 * @name: type of the label (attribute)
269
 * @ip: a pointer to the inode
270
 * @dp: a pointer to the dentry
271
 *
272
 * Returns a pointer to the master list entry for the Smack label,
273
 * NULL if there was no label to fetch, or an error code.
274
 */
275
static struct smack_known *smk_fetch(const char *name, struct inode *ip,
276
					struct dentry *dp)
277
{
278
	int rc;
279
	char *buffer;
280
	struct smack_known *skp = NULL;
281

282
	if (!(ip->i_opflags & IOP_XATTR))
283
		return ERR_PTR(-EOPNOTSUPP);
284

285
	buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
286
	if (buffer == NULL)
287
		return ERR_PTR(-ENOMEM);
288

289
	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
290
	if (rc < 0)
291
		skp = ERR_PTR(rc);
292
	else if (rc == 0)
293
		skp = NULL;
294
	else
295
		skp = smk_import_entry(buffer, rc);
296

297
	kfree(buffer);
298

299
	return skp;
300
}
301

302
/**
303
 * init_inode_smack - initialize an inode security blob
304
 * @inode: inode to extract the info from
305
 * @skp: a pointer to the Smack label entry to use in the blob
306
 *
307
 */
308
static void init_inode_smack(struct inode *inode, struct smack_known *skp)
309
{
310
	struct inode_smack *isp = smack_inode(inode);
311

312
	isp->smk_inode = skp;
313
	isp->smk_flags = 0;
314
}
315

316
/**
317
 * init_task_smack - initialize a task security blob
318
 * @tsp: blob to initialize
319
 * @task: a pointer to the Smack label for the running task
320
 * @forked: a pointer to the Smack label for the forked task
321
 *
322
 */
323
static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
324
					struct smack_known *forked)
325
{
326
	tsp->smk_task = task;
327
	tsp->smk_forked = forked;
328
	INIT_LIST_HEAD(&tsp->smk_rules);
329
	INIT_LIST_HEAD(&tsp->smk_relabel);
330
	mutex_init(&tsp->smk_rules_lock);
331
}
332

333
/**
334
 * smk_copy_rules - copy a rule set
335
 * @nhead: new rules header pointer
336
 * @ohead: old rules header pointer
337
 * @gfp: type of the memory for the allocation
338
 *
339
 * Returns 0 on success, -ENOMEM on error
340
 */
341
static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
342
				gfp_t gfp)
343
{
344
	struct smack_rule *nrp;
345
	struct smack_rule *orp;
346
	int rc = 0;
347

348
	list_for_each_entry_rcu(orp, ohead, list) {
349
		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
350
		if (nrp == NULL) {
351
			rc = -ENOMEM;
352
			break;
353
		}
354
		*nrp = *orp;
355
		list_add_rcu(&nrp->list, nhead);
356
	}
357
	return rc;
358
}
359

360
/**
361
 * smk_copy_relabel - copy smk_relabel labels list
362
 * @nhead: new rules header pointer
363
 * @ohead: old rules header pointer
364
 * @gfp: type of the memory for the allocation
365
 *
366
 * Returns 0 on success, -ENOMEM on error
367
 */
368
static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
369
				gfp_t gfp)
370
{
371
	struct smack_known_list_elem *nklep;
372
	struct smack_known_list_elem *oklep;
373

374
	list_for_each_entry(oklep, ohead, list) {
375
		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
376
		if (nklep == NULL) {
377
			smk_destroy_label_list(nhead);
378
			return -ENOMEM;
379
		}
380
		nklep->smk_label = oklep->smk_label;
381
		list_add(&nklep->list, nhead);
382
	}
383

384
	return 0;
385
}
386

387
/**
388
 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
389
 * @mode: input mode in form of PTRACE_MODE_*
390
 *
391
 * Returns a converted MAY_* mode usable by smack rules
392
 */
393
static inline unsigned int smk_ptrace_mode(unsigned int mode)
394
{
395
	if (mode & PTRACE_MODE_ATTACH)
396
		return MAY_READWRITE;
397
	if (mode & PTRACE_MODE_READ)
398
		return MAY_READ;
399

400
	return 0;
401
}
402

403
/**
404
 * smk_ptrace_rule_check - helper for ptrace access
405
 * @tracer: tracer process
406
 * @tracee_known: label entry of the process that's about to be traced
407
 * @mode: ptrace attachment mode (PTRACE_MODE_*)
408
 * @func: name of the function that called us, used for audit
409
 *
410
 * Returns 0 on access granted, -error on error
411
 */
412
static int smk_ptrace_rule_check(struct task_struct *tracer,
413
				 struct smack_known *tracee_known,
414
				 unsigned int mode, const char *func)
415
{
416
	int rc;
417
	struct smk_audit_info ad, *saip = NULL;
418
	struct task_smack *tsp;
419
	struct smack_known *tracer_known;
420
	const struct cred *tracercred;
421

422
	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
423
		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
424
		smk_ad_setfield_u_tsk(&ad, tracer);
425
		saip = &ad;
426
	}
427

428
	rcu_read_lock();
429
	tracercred = __task_cred(tracer);
430
	tsp = smack_cred(tracercred);
431
	tracer_known = smk_of_task(tsp);
432

433
	if ((mode & PTRACE_MODE_ATTACH) &&
434
	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
435
	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
436
		if (tracer_known->smk_known == tracee_known->smk_known)
437
			rc = 0;
438
		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
439
			rc = -EACCES;
440
		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
441
			rc = 0;
442
		else
443
			rc = -EACCES;
444

445
		if (saip)
446
			smack_log(tracer_known->smk_known,
447
				  tracee_known->smk_known,
448
				  0, rc, saip);
449

450
		rcu_read_unlock();
451
		return rc;
452
	}
453

454
	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
455
	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
456

457
	rcu_read_unlock();
458
	return rc;
459
}
460

461
/*
462
 * LSM hooks.
463
 * We he, that is fun!
464
 */
465

466
/**
467
 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
468
 * @ctp: child task pointer
469
 * @mode: ptrace attachment mode (PTRACE_MODE_*)
470
 *
471
 * Returns 0 if access is OK, an error code otherwise
472
 *
473
 * Do the capability checks.
474
 */
475
static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
476
{
477
	struct smack_known *skp;
478

479
	skp = smk_of_task_struct_obj(ctp);
480

481
	return smk_ptrace_rule_check(current, skp, mode, __func__);
482
}
483

484
/**
485
 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
486
 * @ptp: parent task pointer
487
 *
488
 * Returns 0 if access is OK, an error code otherwise
489
 *
490
 * Do the capability checks, and require PTRACE_MODE_ATTACH.
491
 */
492
static int smack_ptrace_traceme(struct task_struct *ptp)
493
{
494
	struct smack_known *skp;
495

496
	skp = smk_of_task(smack_cred(current_cred()));
497

498
	return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
499
}
500

501
/**
502
 * smack_syslog - Smack approval on syslog
503
 * @typefrom_file: unused
504
 *
505
 * Returns 0 on success, error code otherwise.
506
 */
507
static int smack_syslog(int typefrom_file)
508
{
509
	int rc = 0;
510
	struct smack_known *skp = smk_of_current();
511

512
	if (smack_privileged(CAP_MAC_OVERRIDE))
513
		return 0;
514

515
	if (smack_syslog_label != NULL && smack_syslog_label != skp)
516
		rc = -EACCES;
517

518
	return rc;
519
}
520

521
/*
522
 * Superblock Hooks.
523
 */
524

525
/**
526
 * smack_sb_alloc_security - allocate a superblock blob
527
 * @sb: the superblock getting the blob
528
 *
529
 * Returns 0 on success or -ENOMEM on error.
530
 */
531
static int smack_sb_alloc_security(struct super_block *sb)
532
{
533
	struct superblock_smack *sbsp = smack_superblock(sb);
534

535
	sbsp->smk_root = &smack_known_floor;
536
	sbsp->smk_default = &smack_known_floor;
537
	sbsp->smk_floor = &smack_known_floor;
538
	sbsp->smk_hat = &smack_known_hat;
539
	/*
540
	 * SMK_SB_INITIALIZED will be zero from kzalloc.
541
	 */
542

543
	return 0;
544
}
545

546
struct smack_mnt_opts {
547
	const char *fsdefault;
548
	const char *fsfloor;
549
	const char *fshat;
550
	const char *fsroot;
551
	const char *fstransmute;
552
};
553

554
static void smack_free_mnt_opts(void *mnt_opts)
555
{
556
	kfree(mnt_opts);
557
}
558

559
static int smack_add_opt(int token, const char *s, void **mnt_opts)
560
{
561
	struct smack_mnt_opts *opts = *mnt_opts;
562
	struct smack_known *skp;
563

564
	if (!opts) {
565
		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
566
		if (!opts)
567
			return -ENOMEM;
568
		*mnt_opts = opts;
569
	}
570
	if (!s)
571
		return -ENOMEM;
572

573
	skp = smk_import_entry(s, 0);
574
	if (IS_ERR(skp))
575
		return PTR_ERR(skp);
576

577
	switch (token) {
578
	case Opt_fsdefault:
579
		if (opts->fsdefault)
580
			goto out_opt_err;
581
		opts->fsdefault = skp->smk_known;
582
		break;
583
	case Opt_fsfloor:
584
		if (opts->fsfloor)
585
			goto out_opt_err;
586
		opts->fsfloor = skp->smk_known;
587
		break;
588
	case Opt_fshat:
589
		if (opts->fshat)
590
			goto out_opt_err;
591
		opts->fshat = skp->smk_known;
592
		break;
593
	case Opt_fsroot:
594
		if (opts->fsroot)
595
			goto out_opt_err;
596
		opts->fsroot = skp->smk_known;
597
		break;
598
	case Opt_fstransmute:
599
		if (opts->fstransmute)
600
			goto out_opt_err;
601
		opts->fstransmute = skp->smk_known;
602
		break;
603
	}
604
	return 0;
605

606
out_opt_err:
607
	pr_warn("Smack: duplicate mount options\n");
608
	return -EINVAL;
609
}
610

611
/**
612
 * smack_fs_context_submount - Initialise security data for a filesystem context
613
 * @fc: The filesystem context.
614
 * @reference: reference superblock
615
 *
616
 * Returns 0 on success or -ENOMEM on error.
617
 */
618
static int smack_fs_context_submount(struct fs_context *fc,
619
				 struct super_block *reference)
620
{
621
	struct superblock_smack *sbsp;
622
	struct smack_mnt_opts *ctx;
623
	struct inode_smack *isp;
624

625
	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
626
	if (!ctx)
627
		return -ENOMEM;
628
	fc->security = ctx;
629

630
	sbsp = smack_superblock(reference);
631
	isp = smack_inode(reference->s_root->d_inode);
632

633
	if (sbsp->smk_default) {
634
		ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL);
635
		if (!ctx->fsdefault)
636
			return -ENOMEM;
637
	}
638

639
	if (sbsp->smk_floor) {
640
		ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL);
641
		if (!ctx->fsfloor)
642
			return -ENOMEM;
643
	}
644

645
	if (sbsp->smk_hat) {
646
		ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL);
647
		if (!ctx->fshat)
648
			return -ENOMEM;
649
	}
650

651
	if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
652
		if (sbsp->smk_root) {
653
			ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL);
654
			if (!ctx->fstransmute)
655
				return -ENOMEM;
656
		}
657
	}
658
	return 0;
659
}
660

661
/**
662
 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
663
 * @fc: The new filesystem context.
664
 * @src_fc: The source filesystem context being duplicated.
665
 *
666
 * Returns 0 on success or -ENOMEM on error.
667
 */
668
static int smack_fs_context_dup(struct fs_context *fc,
669
				struct fs_context *src_fc)
670
{
671
	struct smack_mnt_opts *dst, *src = src_fc->security;
672

673
	if (!src)
674
		return 0;
675

676
	fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
677
	if (!fc->security)
678
		return -ENOMEM;
679

680
	dst = fc->security;
681
	dst->fsdefault = src->fsdefault;
682
	dst->fsfloor = src->fsfloor;
683
	dst->fshat = src->fshat;
684
	dst->fsroot = src->fsroot;
685
	dst->fstransmute = src->fstransmute;
686

687
	return 0;
688
}
689

690
static const struct fs_parameter_spec smack_fs_parameters[] = {
691
	fsparam_string("smackfsdef",		Opt_fsdefault),
692
	fsparam_string("smackfsdefault",	Opt_fsdefault),
693
	fsparam_string("smackfsfloor",		Opt_fsfloor),
694
	fsparam_string("smackfshat",		Opt_fshat),
695
	fsparam_string("smackfsroot",		Opt_fsroot),
696
	fsparam_string("smackfstransmute",	Opt_fstransmute),
697
	{}
698
};
699

700
/**
701
 * smack_fs_context_parse_param - Parse a single mount parameter
702
 * @fc: The new filesystem context being constructed.
703
 * @param: The parameter.
704
 *
705
 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
706
 * error.
707
 */
708
static int smack_fs_context_parse_param(struct fs_context *fc,
709
					struct fs_parameter *param)
710
{
711
	struct fs_parse_result result;
712
	int opt, rc;
713

714
	opt = fs_parse(fc, smack_fs_parameters, param, &result);
715
	if (opt < 0)
716
		return opt;
717

718
	rc = smack_add_opt(opt, param->string, &fc->security);
719
	if (!rc)
720
		param->string = NULL;
721
	return rc;
722
}
723

724
static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
725
{
726
	char *from = options, *to = options;
727
	bool first = true;
728

729
	while (1) {
730
		char *next = strchr(from, ',');
731
		int token, len, rc;
732
		char *arg = NULL;
733

734
		if (next)
735
			len = next - from;
736
		else
737
			len = strlen(from);
738

739
		token = match_opt_prefix(from, len, &arg);
740
		if (token != Opt_error) {
741
			arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
742
			rc = smack_add_opt(token, arg, mnt_opts);
743
			kfree(arg);
744
			if (unlikely(rc)) {
745
				if (*mnt_opts)
746
					smack_free_mnt_opts(*mnt_opts);
747
				*mnt_opts = NULL;
748
				return rc;
749
			}
750
		} else {
751
			if (!first) {	// copy with preceding comma
752
				from--;
753
				len++;
754
			}
755
			if (to != from)
756
				memmove(to, from, len);
757
			to += len;
758
			first = false;
759
		}
760
		if (!from[len])
761
			break;
762
		from += len + 1;
763
	}
764
	*to = '\0';
765
	return 0;
766
}
767

768
/**
769
 * smack_set_mnt_opts - set Smack specific mount options
770
 * @sb: the file system superblock
771
 * @mnt_opts: Smack mount options
772
 * @kern_flags: mount option from kernel space or user space
773
 * @set_kern_flags: where to store converted mount opts
774
 *
775
 * Returns 0 on success, an error code on failure
776
 *
777
 * Allow filesystems with binary mount data to explicitly set Smack mount
778
 * labels.
779
 */
780
static int smack_set_mnt_opts(struct super_block *sb,
781
		void *mnt_opts,
782
		unsigned long kern_flags,
783
		unsigned long *set_kern_flags)
784
{
785
	struct dentry *root = sb->s_root;
786
	struct inode *inode = d_backing_inode(root);
787
	struct superblock_smack *sp = smack_superblock(sb);
788
	struct inode_smack *isp;
789
	struct smack_known *skp;
790
	struct smack_mnt_opts *opts = mnt_opts;
791
	bool transmute = false;
792

793
	if (sp->smk_flags & SMK_SB_INITIALIZED)
794
		return 0;
795

796
	if (!smack_privileged(CAP_MAC_ADMIN)) {
797
		/*
798
		 * Unprivileged mounts don't get to specify Smack values.
799
		 */
800
		if (opts)
801
			return -EPERM;
802
		/*
803
		 * Unprivileged mounts get root and default from the caller.
804
		 */
805
		skp = smk_of_current();
806
		sp->smk_root = skp;
807
		sp->smk_default = skp;
808
		/*
809
		 * For a handful of fs types with no user-controlled
810
		 * backing store it's okay to trust security labels
811
		 * in the filesystem. The rest are untrusted.
812
		 */
813
		if (sb->s_user_ns != &init_user_ns &&
814
		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
815
		    sb->s_magic != RAMFS_MAGIC) {
816
			transmute = true;
817
			sp->smk_flags |= SMK_SB_UNTRUSTED;
818
		}
819
	}
820

821
	sp->smk_flags |= SMK_SB_INITIALIZED;
822

823
	if (opts) {
824
		if (opts->fsdefault) {
825
			skp = smk_import_entry(opts->fsdefault, 0);
826
			if (IS_ERR(skp))
827
				return PTR_ERR(skp);
828
			sp->smk_default = skp;
829
		}
830
		if (opts->fsfloor) {
831
			skp = smk_import_entry(opts->fsfloor, 0);
832
			if (IS_ERR(skp))
833
				return PTR_ERR(skp);
834
			sp->smk_floor = skp;
835
		}
836
		if (opts->fshat) {
837
			skp = smk_import_entry(opts->fshat, 0);
838
			if (IS_ERR(skp))
839
				return PTR_ERR(skp);
840
			sp->smk_hat = skp;
841
		}
842
		if (opts->fsroot) {
843
			skp = smk_import_entry(opts->fsroot, 0);
844
			if (IS_ERR(skp))
845
				return PTR_ERR(skp);
846
			sp->smk_root = skp;
847
		}
848
		if (opts->fstransmute) {
849
			skp = smk_import_entry(opts->fstransmute, 0);
850
			if (IS_ERR(skp))
851
				return PTR_ERR(skp);
852
			sp->smk_root = skp;
853
			transmute = true;
854
		}
855
	}
856

857
	/*
858
	 * Initialize the root inode.
859
	 */
860
	init_inode_smack(inode, sp->smk_root);
861

862
	if (transmute) {
863
		isp = smack_inode(inode);
864
		isp->smk_flags |= SMK_INODE_TRANSMUTE;
865
	}
866

867
	return 0;
868
}
869

870
/**
871
 * smack_sb_statfs - Smack check on statfs
872
 * @dentry: identifies the file system in question
873
 *
874
 * Returns 0 if current can read the floor of the filesystem,
875
 * and error code otherwise
876
 */
877
static int smack_sb_statfs(struct dentry *dentry)
878
{
879
	struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
880
	int rc;
881
	struct smk_audit_info ad;
882

883
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
884
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
885

886
	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
887
	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
888
	return rc;
889
}
890

891
/*
892
 * BPRM hooks
893
 */
894

895
/**
896
 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
897
 * @bprm: the exec information
898
 *
899
 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
900
 */
901
static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
902
{
903
	struct inode *inode = file_inode(bprm->file);
904
	struct task_smack *bsp = smack_cred(bprm->cred);
905
	struct inode_smack *isp;
906
	struct superblock_smack *sbsp;
907
	int rc;
908

909
	isp = smack_inode(inode);
910
	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
911
		return 0;
912

913
	sbsp = smack_superblock(inode->i_sb);
914
	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
915
	    isp->smk_task != sbsp->smk_root)
916
		return 0;
917

918
	if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
919
		struct task_struct *tracer;
920
		rc = 0;
921

922
		rcu_read_lock();
923
		tracer = ptrace_parent(current);
924
		if (likely(tracer != NULL))
925
			rc = smk_ptrace_rule_check(tracer,
926
						   isp->smk_task,
927
						   PTRACE_MODE_ATTACH,
928
						   __func__);
929
		rcu_read_unlock();
930

931
		if (rc != 0)
932
			return rc;
933
	}
934
	if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
935
		return -EPERM;
936

937
	bsp->smk_task = isp->smk_task;
938
	bprm->per_clear |= PER_CLEAR_ON_SETID;
939

940
	/* Decide if this is a secure exec. */
941
	if (bsp->smk_task != bsp->smk_forked)
942
		bprm->secureexec = 1;
943

944
	return 0;
945
}
946

947
/*
948
 * Inode hooks
949
 */
950

951
/**
952
 * smack_inode_alloc_security - allocate an inode blob
953
 * @inode: the inode in need of a blob
954
 *
955
 * Returns 0
956
 */
957
static int smack_inode_alloc_security(struct inode *inode)
958
{
959
	struct smack_known *skp = smk_of_current();
960

961
	init_inode_smack(inode, skp);
962
	return 0;
963
}
964

965
/**
966
 * smack_inode_init_security - copy out the smack from an inode
967
 * @inode: the newly created inode
968
 * @dir: containing directory object
969
 * @qstr: unused
970
 * @xattrs: where to put the attributes
971
 * @xattr_count: current number of LSM-provided xattrs (updated)
972
 *
973
 * Returns 0 if it all works out, -ENOMEM if there's no memory
974
 */
975
static int smack_inode_init_security(struct inode *inode, struct inode *dir,
976
				     const struct qstr *qstr,
977
				     struct xattr *xattrs, int *xattr_count)
978
{
979
	struct task_smack *tsp = smack_cred(current_cred());
980
	struct inode_smack *issp = smack_inode(inode);
981
	struct smack_known *skp = smk_of_task(tsp);
982
	struct smack_known *isp = smk_of_inode(inode);
983
	struct smack_known *dsp = smk_of_inode(dir);
984
	struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
985
	int may;
986

987
	/*
988
	 * If equal, transmuting already occurred in
989
	 * smack_dentry_create_files_as(). No need to check again.
990
	 */
991
	if (tsp->smk_task != tsp->smk_transmuted) {
992
		rcu_read_lock();
993
		may = smk_access_entry(skp->smk_known, dsp->smk_known,
994
				       &skp->smk_rules);
995
		rcu_read_unlock();
996
	}
997

998
	/*
999
	 * In addition to having smk_task equal to smk_transmuted,
1000
	 * if the access rule allows transmutation and the directory
1001
	 * requests transmutation then by all means transmute.
1002
	 * Mark the inode as changed.
1003
	 */
1004
	if ((tsp->smk_task == tsp->smk_transmuted) ||
1005
	    (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1006
	     smk_inode_transmutable(dir))) {
1007
		struct xattr *xattr_transmute;
1008

1009
		/*
1010
		 * The caller of smack_dentry_create_files_as()
1011
		 * should have overridden the current cred, so the
1012
		 * inode label was already set correctly in
1013
		 * smack_inode_alloc_security().
1014
		 */
1015
		if (tsp->smk_task != tsp->smk_transmuted)
1016
			isp = issp->smk_inode = dsp;
1017

1018
		issp->smk_flags |= SMK_INODE_TRANSMUTE;
1019
		xattr_transmute = lsm_get_xattr_slot(xattrs,
1020
						     xattr_count);
1021
		if (xattr_transmute) {
1022
			xattr_transmute->value = kmemdup(TRANS_TRUE,
1023
							 TRANS_TRUE_SIZE,
1024
							 GFP_NOFS);
1025
			if (!xattr_transmute->value)
1026
				return -ENOMEM;
1027

1028
			xattr_transmute->value_len = TRANS_TRUE_SIZE;
1029
			xattr_transmute->name = XATTR_SMACK_TRANSMUTE;
1030
		}
1031
	}
1032

1033
	issp->smk_flags |= SMK_INODE_INSTANT;
1034

1035
	if (xattr) {
1036
		xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
1037
		if (!xattr->value)
1038
			return -ENOMEM;
1039

1040
		xattr->value_len = strlen(isp->smk_known);
1041
		xattr->name = XATTR_SMACK_SUFFIX;
1042
	}
1043

1044
	return 0;
1045
}
1046

1047
/**
1048
 * smack_inode_link - Smack check on link
1049
 * @old_dentry: the existing object
1050
 * @dir: unused
1051
 * @new_dentry: the new object
1052
 *
1053
 * Returns 0 if access is permitted, an error code otherwise
1054
 */
1055
static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1056
			    struct dentry *new_dentry)
1057
{
1058
	struct smack_known *isp;
1059
	struct smk_audit_info ad;
1060
	int rc;
1061

1062
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1063
	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1064

1065
	isp = smk_of_inode(d_backing_inode(old_dentry));
1066
	rc = smk_curacc(isp, MAY_WRITE, &ad);
1067
	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1068

1069
	if (rc == 0 && d_is_positive(new_dentry)) {
1070
		isp = smk_of_inode(d_backing_inode(new_dentry));
1071
		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1072
		rc = smk_curacc(isp, MAY_WRITE, &ad);
1073
		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1074
	}
1075

1076
	return rc;
1077
}
1078

1079
/**
1080
 * smack_inode_unlink - Smack check on inode deletion
1081
 * @dir: containing directory object
1082
 * @dentry: file to unlink
1083
 *
1084
 * Returns 0 if current can write the containing directory
1085
 * and the object, error code otherwise
1086
 */
1087
static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1088
{
1089
	struct inode *ip = d_backing_inode(dentry);
1090
	struct smk_audit_info ad;
1091
	int rc;
1092

1093
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1094
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1095

1096
	/*
1097
	 * You need write access to the thing you're unlinking
1098
	 */
1099
	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1100
	rc = smk_bu_inode(ip, MAY_WRITE, rc);
1101
	if (rc == 0) {
1102
		/*
1103
		 * You also need write access to the containing directory
1104
		 */
1105
		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1106
		smk_ad_setfield_u_fs_inode(&ad, dir);
1107
		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1108
		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1109
	}
1110
	return rc;
1111
}
1112

1113
/**
1114
 * smack_inode_rmdir - Smack check on directory deletion
1115
 * @dir: containing directory object
1116
 * @dentry: directory to unlink
1117
 *
1118
 * Returns 0 if current can write the containing directory
1119
 * and the directory, error code otherwise
1120
 */
1121
static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1122
{
1123
	struct smk_audit_info ad;
1124
	int rc;
1125

1126
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1127
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1128

1129
	/*
1130
	 * You need write access to the thing you're removing
1131
	 */
1132
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1133
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1134
	if (rc == 0) {
1135
		/*
1136
		 * You also need write access to the containing directory
1137
		 */
1138
		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1139
		smk_ad_setfield_u_fs_inode(&ad, dir);
1140
		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1141
		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1142
	}
1143

1144
	return rc;
1145
}
1146

1147
/**
1148
 * smack_inode_rename - Smack check on rename
1149
 * @old_inode: unused
1150
 * @old_dentry: the old object
1151
 * @new_inode: unused
1152
 * @new_dentry: the new object
1153
 *
1154
 * Read and write access is required on both the old and
1155
 * new directories.
1156
 *
1157
 * Returns 0 if access is permitted, an error code otherwise
1158
 */
1159
static int smack_inode_rename(struct inode *old_inode,
1160
			      struct dentry *old_dentry,
1161
			      struct inode *new_inode,
1162
			      struct dentry *new_dentry)
1163
{
1164
	int rc;
1165
	struct smack_known *isp;
1166
	struct smk_audit_info ad;
1167

1168
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1169
	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1170

1171
	isp = smk_of_inode(d_backing_inode(old_dentry));
1172
	rc = smk_curacc(isp, MAY_READWRITE, &ad);
1173
	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1174

1175
	if (rc == 0 && d_is_positive(new_dentry)) {
1176
		isp = smk_of_inode(d_backing_inode(new_dentry));
1177
		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1178
		rc = smk_curacc(isp, MAY_READWRITE, &ad);
1179
		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1180
	}
1181
	return rc;
1182
}
1183

1184
/**
1185
 * smack_inode_permission - Smack version of permission()
1186
 * @inode: the inode in question
1187
 * @mask: the access requested
1188
 *
1189
 * This is the important Smack hook.
1190
 *
1191
 * Returns 0 if access is permitted, an error code otherwise
1192
 */
1193
static int smack_inode_permission(struct inode *inode, int mask)
1194
{
1195
	struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1196
	struct smk_audit_info ad;
1197
	int no_block = mask & MAY_NOT_BLOCK;
1198
	int rc;
1199

1200
	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1201
	/*
1202
	 * No permission to check. Existence test. Yup, it's there.
1203
	 */
1204
	if (mask == 0)
1205
		return 0;
1206

1207
	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1208
		if (smk_of_inode(inode) != sbsp->smk_root)
1209
			return -EACCES;
1210
	}
1211

1212
	/* May be droppable after audit */
1213
	if (no_block)
1214
		return -ECHILD;
1215
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1216
	smk_ad_setfield_u_fs_inode(&ad, inode);
1217
	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1218
	rc = smk_bu_inode(inode, mask, rc);
1219
	return rc;
1220
}
1221

1222
/**
1223
 * smack_inode_setattr - Smack check for setting attributes
1224
 * @idmap: idmap of the mount
1225
 * @dentry: the object
1226
 * @iattr: for the force flag
1227
 *
1228
 * Returns 0 if access is permitted, an error code otherwise
1229
 */
1230
static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1231
			       struct iattr *iattr)
1232
{
1233
	struct smk_audit_info ad;
1234
	int rc;
1235

1236
	/*
1237
	 * Need to allow for clearing the setuid bit.
1238
	 */
1239
	if (iattr->ia_valid & ATTR_FORCE)
1240
		return 0;
1241
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1242
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1243

1244
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1245
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1246
	return rc;
1247
}
1248

1249
/**
1250
 * smack_inode_getattr - Smack check for getting attributes
1251
 * @path: path to extract the info from
1252
 *
1253
 * Returns 0 if access is permitted, an error code otherwise
1254
 */
1255
static int smack_inode_getattr(const struct path *path)
1256
{
1257
	struct smk_audit_info ad;
1258
	struct inode *inode = d_backing_inode(path->dentry);
1259
	int rc;
1260

1261
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1262
	smk_ad_setfield_u_fs_path(&ad, *path);
1263
	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1264
	rc = smk_bu_inode(inode, MAY_READ, rc);
1265
	return rc;
1266
}
1267

1268
/**
1269
 * smack_inode_xattr_skipcap - Skip the xattr capability checks?
1270
 * @name: name of the xattr
1271
 *
1272
 * Returns 1 to indicate that Smack "owns" the access control rights to xattrs
1273
 * named @name; the LSM layer should avoid enforcing any traditional
1274
 * capability based access controls on this xattr.  Returns 0 to indicate that
1275
 * Smack does not "own" the access control rights to xattrs named @name and is
1276
 * deferring to the LSM layer for further access controls, including capability
1277
 * based controls.
1278
 */
1279
static int smack_inode_xattr_skipcap(const char *name)
1280
{
1281
	if (strncmp(name, XATTR_SMACK_SUFFIX, strlen(XATTR_SMACK_SUFFIX)))
1282
		return 0;
1283

1284
	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1285
	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1286
	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1287
	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1288
	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0 ||
1289
	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1290
		return 1;
1291

1292
	return 0;
1293
}
1294

1295
/**
1296
 * smack_inode_setxattr - Smack check for setting xattrs
1297
 * @idmap: idmap of the mount
1298
 * @dentry: the object
1299
 * @name: name of the attribute
1300
 * @value: value of the attribute
1301
 * @size: size of the value
1302
 * @flags: unused
1303
 *
1304
 * This protects the Smack attribute explicitly.
1305
 *
1306
 * Returns 0 if access is permitted, an error code otherwise
1307
 */
1308
static int smack_inode_setxattr(struct mnt_idmap *idmap,
1309
				struct dentry *dentry, const char *name,
1310
				const void *value, size_t size, int flags)
1311
{
1312
	struct smk_audit_info ad;
1313
	struct smack_known *skp;
1314
	int check_priv = 0;
1315
	int check_import = 0;
1316
	int check_star = 0;
1317
	int rc = 0;
1318

1319
	/*
1320
	 * Check label validity here so import won't fail in post_setxattr
1321
	 */
1322
	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1323
	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1324
	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1325
		check_priv = 1;
1326
		check_import = 1;
1327
	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1328
		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1329
		check_priv = 1;
1330
		check_import = 1;
1331
		check_star = 1;
1332
	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1333
		check_priv = 1;
1334
		if (!S_ISDIR(d_backing_inode(dentry)->i_mode) ||
1335
		    size != TRANS_TRUE_SIZE ||
1336
		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1337
			rc = -EINVAL;
1338
	}
1339

1340
	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1341
		rc = -EPERM;
1342

1343
	if (rc == 0 && check_import) {
1344
		skp = size ? smk_import_entry(value, size) : NULL;
1345
		if (IS_ERR(skp))
1346
			rc = PTR_ERR(skp);
1347
		else if (skp == NULL || (check_star &&
1348
		    (skp == &smack_known_star || skp == &smack_known_web)))
1349
			rc = -EINVAL;
1350
	}
1351

1352
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1353
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1354

1355
	if (rc == 0) {
1356
		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1357
		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1358
	}
1359

1360
	return rc;
1361
}
1362

1363
/**
1364
 * smack_inode_post_setxattr - Apply the Smack update approved above
1365
 * @dentry: object
1366
 * @name: attribute name
1367
 * @value: attribute value
1368
 * @size: attribute size
1369
 * @flags: unused
1370
 *
1371
 * Set the pointer in the inode blob to the entry found
1372
 * in the master label list.
1373
 */
1374
static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1375
				      const void *value, size_t size, int flags)
1376
{
1377
	struct smack_known *skp;
1378
	struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1379

1380
	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1381
		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1382
		return;
1383
	}
1384

1385
	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1386
		skp = smk_import_entry(value, size);
1387
		if (!IS_ERR(skp))
1388
			isp->smk_inode = skp;
1389
	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1390
		skp = smk_import_entry(value, size);
1391
		if (!IS_ERR(skp))
1392
			isp->smk_task = skp;
1393
	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1394
		skp = smk_import_entry(value, size);
1395
		if (!IS_ERR(skp))
1396
			isp->smk_mmap = skp;
1397
	}
1398

1399
	return;
1400
}
1401

1402
/**
1403
 * smack_inode_getxattr - Smack check on getxattr
1404
 * @dentry: the object
1405
 * @name: unused
1406
 *
1407
 * Returns 0 if access is permitted, an error code otherwise
1408
 */
1409
static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1410
{
1411
	struct smk_audit_info ad;
1412
	int rc;
1413

1414
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1415
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1416

1417
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1418
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1419
	return rc;
1420
}
1421

1422
/**
1423
 * smack_inode_removexattr - Smack check on removexattr
1424
 * @idmap: idmap of the mount
1425
 * @dentry: the object
1426
 * @name: name of the attribute
1427
 *
1428
 * Removing the Smack attribute requires CAP_MAC_ADMIN
1429
 *
1430
 * Returns 0 if access is permitted, an error code otherwise
1431
 */
1432
static int smack_inode_removexattr(struct mnt_idmap *idmap,
1433
				   struct dentry *dentry, const char *name)
1434
{
1435
	struct inode_smack *isp;
1436
	struct smk_audit_info ad;
1437
	int rc = 0;
1438

1439
	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1440
	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1441
	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1442
	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1443
	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1444
	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1445
		if (!smack_privileged(CAP_MAC_ADMIN))
1446
			rc = -EPERM;
1447
	}
1448

1449
	if (rc != 0)
1450
		return rc;
1451

1452
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1453
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1454

1455
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1456
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1457
	if (rc != 0)
1458
		return rc;
1459

1460
	isp = smack_inode(d_backing_inode(dentry));
1461
	/*
1462
	 * Don't do anything special for these.
1463
	 *	XATTR_NAME_SMACKIPIN
1464
	 *	XATTR_NAME_SMACKIPOUT
1465
	 */
1466
	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1467
		struct super_block *sbp = dentry->d_sb;
1468
		struct superblock_smack *sbsp = smack_superblock(sbp);
1469

1470
		isp->smk_inode = sbsp->smk_default;
1471
	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1472
		isp->smk_task = NULL;
1473
	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1474
		isp->smk_mmap = NULL;
1475
	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1476
		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1477

1478
	return 0;
1479
}
1480

1481
/**
1482
 * smack_inode_set_acl - Smack check for setting posix acls
1483
 * @idmap: idmap of the mnt this request came from
1484
 * @dentry: the object
1485
 * @acl_name: name of the posix acl
1486
 * @kacl: the posix acls
1487
 *
1488
 * Returns 0 if access is permitted, an error code otherwise
1489
 */
1490
static int smack_inode_set_acl(struct mnt_idmap *idmap,
1491
			       struct dentry *dentry, const char *acl_name,
1492
			       struct posix_acl *kacl)
1493
{
1494
	struct smk_audit_info ad;
1495
	int rc;
1496

1497
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1498
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1499

1500
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1501
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1502
	return rc;
1503
}
1504

1505
/**
1506
 * smack_inode_get_acl - Smack check for getting posix acls
1507
 * @idmap: idmap of the mnt this request came from
1508
 * @dentry: the object
1509
 * @acl_name: name of the posix acl
1510
 *
1511
 * Returns 0 if access is permitted, an error code otherwise
1512
 */
1513
static int smack_inode_get_acl(struct mnt_idmap *idmap,
1514
			       struct dentry *dentry, const char *acl_name)
1515
{
1516
	struct smk_audit_info ad;
1517
	int rc;
1518

1519
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1520
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1521

1522
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1523
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1524
	return rc;
1525
}
1526

1527
/**
1528
 * smack_inode_remove_acl - Smack check for getting posix acls
1529
 * @idmap: idmap of the mnt this request came from
1530
 * @dentry: the object
1531
 * @acl_name: name of the posix acl
1532
 *
1533
 * Returns 0 if access is permitted, an error code otherwise
1534
 */
1535
static int smack_inode_remove_acl(struct mnt_idmap *idmap,
1536
				  struct dentry *dentry, const char *acl_name)
1537
{
1538
	struct smk_audit_info ad;
1539
	int rc;
1540

1541
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1542
	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1543

1544
	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1545
	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1546
	return rc;
1547
}
1548

1549
/**
1550
 * smack_inode_getsecurity - get smack xattrs
1551
 * @idmap: idmap of the mount
1552
 * @inode: the object
1553
 * @name: attribute name
1554
 * @buffer: where to put the result
1555
 * @alloc: duplicate memory
1556
 *
1557
 * Returns the size of the attribute or an error code
1558
 */
1559
static int smack_inode_getsecurity(struct mnt_idmap *idmap,
1560
				   struct inode *inode, const char *name,
1561
				   void **buffer, bool alloc)
1562
{
1563
	struct socket_smack *ssp;
1564
	struct socket *sock;
1565
	struct super_block *sbp;
1566
	struct inode *ip = inode;
1567
	struct smack_known *isp;
1568
	struct inode_smack *ispp;
1569
	size_t label_len;
1570
	char *label = NULL;
1571

1572
	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1573
		isp = smk_of_inode(inode);
1574
	} else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
1575
		ispp = smack_inode(inode);
1576
		if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
1577
			label = TRANS_TRUE;
1578
		else
1579
			label = "";
1580
	} else {
1581
		/*
1582
		 * The rest of the Smack xattrs are only on sockets.
1583
		 */
1584
		sbp = ip->i_sb;
1585
		if (sbp->s_magic != SOCKFS_MAGIC)
1586
			return -EOPNOTSUPP;
1587

1588
		sock = SOCKET_I(ip);
1589
		if (sock == NULL || sock->sk == NULL)
1590
			return -EOPNOTSUPP;
1591

1592
		ssp = smack_sock(sock->sk);
1593

1594
		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1595
			isp = ssp->smk_in;
1596
		else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1597
			isp = ssp->smk_out;
1598
		else
1599
			return -EOPNOTSUPP;
1600
	}
1601

1602
	if (!label)
1603
		label = isp->smk_known;
1604

1605
	label_len = strlen(label);
1606

1607
	if (alloc) {
1608
		*buffer = kstrdup(label, GFP_KERNEL);
1609
		if (*buffer == NULL)
1610
			return -ENOMEM;
1611
	}
1612

1613
	return label_len;
1614
}
1615

1616

1617
/**
1618
 * smack_inode_listsecurity - list the Smack attributes
1619
 * @inode: the object
1620
 * @buffer: where they go
1621
 * @buffer_size: size of buffer
1622
 */
1623
static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1624
				    size_t buffer_size)
1625
{
1626
	int len = sizeof(XATTR_NAME_SMACK);
1627

1628
	if (buffer != NULL && len <= buffer_size)
1629
		memcpy(buffer, XATTR_NAME_SMACK, len);
1630

1631
	return len;
1632
}
1633

1634
/**
1635
 * smack_inode_getlsmprop - Extract inode's security id
1636
 * @inode: inode to extract the info from
1637
 * @prop: where result will be saved
1638
 */
1639
static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
1640
{
1641
	prop->smack.skp = smk_of_inode(inode);
1642
}
1643

1644
/*
1645
 * File Hooks
1646
 */
1647

1648
/*
1649
 * There is no smack_file_permission hook
1650
 *
1651
 * Should access checks be done on each read or write?
1652
 * UNICOS and SELinux say yes.
1653
 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1654
 *
1655
 * I'll say no for now. Smack does not do the frequent
1656
 * label changing that SELinux does.
1657
 */
1658

1659
/**
1660
 * smack_file_alloc_security - assign a file security blob
1661
 * @file: the object
1662
 *
1663
 * The security blob for a file is a pointer to the master
1664
 * label list, so no allocation is done.
1665
 *
1666
 * f_security is the owner security information. It
1667
 * isn't used on file access checks, it's for send_sigio.
1668
 *
1669
 * Returns 0
1670
 */
1671
static int smack_file_alloc_security(struct file *file)
1672
{
1673
	struct smack_known **blob = smack_file(file);
1674

1675
	*blob = smk_of_current();
1676
	return 0;
1677
}
1678

1679
/**
1680
 * smack_file_ioctl - Smack check on ioctls
1681
 * @file: the object
1682
 * @cmd: what to do
1683
 * @arg: unused
1684
 *
1685
 * Relies heavily on the correct use of the ioctl command conventions.
1686
 *
1687
 * Returns 0 if allowed, error code otherwise
1688
 */
1689
static int smack_file_ioctl(struct file *file, unsigned int cmd,
1690
			    unsigned long arg)
1691
{
1692
	int rc = 0;
1693
	struct smk_audit_info ad;
1694
	struct inode *inode = file_inode(file);
1695

1696
	if (unlikely(IS_PRIVATE(inode)))
1697
		return 0;
1698

1699
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1700
	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1701

1702
	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1703
		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1704
		rc = smk_bu_file(file, MAY_WRITE, rc);
1705
	}
1706

1707
	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1708
		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1709
		rc = smk_bu_file(file, MAY_READ, rc);
1710
	}
1711

1712
	return rc;
1713
}
1714

1715
/**
1716
 * smack_file_lock - Smack check on file locking
1717
 * @file: the object
1718
 * @cmd: unused
1719
 *
1720
 * Returns 0 if current has lock access, error code otherwise
1721
 */
1722
static int smack_file_lock(struct file *file, unsigned int cmd)
1723
{
1724
	struct smk_audit_info ad;
1725
	int rc;
1726
	struct inode *inode = file_inode(file);
1727

1728
	if (unlikely(IS_PRIVATE(inode)))
1729
		return 0;
1730

1731
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1732
	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1733
	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1734
	rc = smk_bu_file(file, MAY_LOCK, rc);
1735
	return rc;
1736
}
1737

1738
/**
1739
 * smack_file_fcntl - Smack check on fcntl
1740
 * @file: the object
1741
 * @cmd: what action to check
1742
 * @arg: unused
1743
 *
1744
 * Generally these operations are harmless.
1745
 * File locking operations present an obvious mechanism
1746
 * for passing information, so they require write access.
1747
 *
1748
 * Returns 0 if current has access, error code otherwise
1749
 */
1750
static int smack_file_fcntl(struct file *file, unsigned int cmd,
1751
			    unsigned long arg)
1752
{
1753
	struct smk_audit_info ad;
1754
	int rc = 0;
1755
	struct inode *inode = file_inode(file);
1756

1757
	if (unlikely(IS_PRIVATE(inode)))
1758
		return 0;
1759

1760
	switch (cmd) {
1761
	case F_GETLK:
1762
		break;
1763
	case F_SETLK:
1764
	case F_SETLKW:
1765
		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1766
		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1767
		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1768
		rc = smk_bu_file(file, MAY_LOCK, rc);
1769
		break;
1770
	case F_SETOWN:
1771
	case F_SETSIG:
1772
		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1773
		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1774
		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1775
		rc = smk_bu_file(file, MAY_WRITE, rc);
1776
		break;
1777
	default:
1778
		break;
1779
	}
1780

1781
	return rc;
1782
}
1783

1784
/**
1785
 * smack_mmap_file - Check permissions for a mmap operation.
1786
 * @file: contains the file structure for file to map (may be NULL).
1787
 * @reqprot: contains the protection requested by the application.
1788
 * @prot: contains the protection that will be applied by the kernel.
1789
 * @flags: contains the operational flags.
1790
 *
1791
 * The @file may be NULL, e.g. if mapping anonymous memory.
1792
 *
1793
 * Return 0 if permission is granted.
1794
 */
1795
static int smack_mmap_file(struct file *file,
1796
			   unsigned long reqprot, unsigned long prot,
1797
			   unsigned long flags)
1798
{
1799
	struct smack_known *skp;
1800
	struct smack_known *mkp;
1801
	struct smack_rule *srp;
1802
	struct task_smack *tsp;
1803
	struct smack_known *okp;
1804
	struct inode_smack *isp;
1805
	struct superblock_smack *sbsp;
1806
	int may;
1807
	int mmay;
1808
	int tmay;
1809
	int rc;
1810

1811
	if (file == NULL)
1812
		return 0;
1813

1814
	if (unlikely(IS_PRIVATE(file_inode(file))))
1815
		return 0;
1816

1817
	isp = smack_inode(file_inode(file));
1818
	if (isp->smk_mmap == NULL)
1819
		return 0;
1820
	sbsp = smack_superblock(file_inode(file)->i_sb);
1821
	if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1822
	    isp->smk_mmap != sbsp->smk_root)
1823
		return -EACCES;
1824
	mkp = isp->smk_mmap;
1825

1826
	tsp = smack_cred(current_cred());
1827
	skp = smk_of_current();
1828
	rc = 0;
1829

1830
	rcu_read_lock();
1831
	/*
1832
	 * For each Smack rule associated with the subject
1833
	 * label verify that the SMACK64MMAP also has access
1834
	 * to that rule's object label.
1835
	 */
1836
	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1837
		okp = srp->smk_object;
1838
		/*
1839
		 * Matching labels always allows access.
1840
		 */
1841
		if (mkp->smk_known == okp->smk_known)
1842
			continue;
1843
		/*
1844
		 * If there is a matching local rule take
1845
		 * that into account as well.
1846
		 */
1847
		may = smk_access_entry(srp->smk_subject->smk_known,
1848
				       okp->smk_known,
1849
				       &tsp->smk_rules);
1850
		if (may == -ENOENT)
1851
			may = srp->smk_access;
1852
		else
1853
			may &= srp->smk_access;
1854
		/*
1855
		 * If may is zero the SMACK64MMAP subject can't
1856
		 * possibly have less access.
1857
		 */
1858
		if (may == 0)
1859
			continue;
1860

1861
		/*
1862
		 * Fetch the global list entry.
1863
		 * If there isn't one a SMACK64MMAP subject
1864
		 * can't have as much access as current.
1865
		 */
1866
		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1867
					&mkp->smk_rules);
1868
		if (mmay == -ENOENT) {
1869
			rc = -EACCES;
1870
			break;
1871
		}
1872
		/*
1873
		 * If there is a local entry it modifies the
1874
		 * potential access, too.
1875
		 */
1876
		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1877
					&tsp->smk_rules);
1878
		if (tmay != -ENOENT)
1879
			mmay &= tmay;
1880

1881
		/*
1882
		 * If there is any access available to current that is
1883
		 * not available to a SMACK64MMAP subject
1884
		 * deny access.
1885
		 */
1886
		if ((may | mmay) != mmay) {
1887
			rc = -EACCES;
1888
			break;
1889
		}
1890
	}
1891

1892
	rcu_read_unlock();
1893

1894
	return rc;
1895
}
1896

1897
/**
1898
 * smack_file_set_fowner - set the file security blob value
1899
 * @file: object in question
1900
 *
1901
 */
1902
static void smack_file_set_fowner(struct file *file)
1903
{
1904
	struct smack_known **blob = smack_file(file);
1905

1906
	*blob = smk_of_current();
1907
}
1908

1909
/**
1910
 * smack_file_send_sigiotask - Smack on sigio
1911
 * @tsk: The target task
1912
 * @fown: the object the signal come from
1913
 * @signum: unused
1914
 *
1915
 * Allow a privileged task to get signals even if it shouldn't
1916
 *
1917
 * Returns 0 if a subject with the object's smack could
1918
 * write to the task, an error code otherwise.
1919
 */
1920
static int smack_file_send_sigiotask(struct task_struct *tsk,
1921
				     struct fown_struct *fown, int signum)
1922
{
1923
	struct smack_known **blob;
1924
	struct smack_known *skp;
1925
	struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1926
	const struct cred *tcred;
1927
	struct file *file;
1928
	int rc;
1929
	struct smk_audit_info ad;
1930

1931
	/*
1932
	 * struct fown_struct is never outside the context of a struct file
1933
	 */
1934
	file = fown->file;
1935

1936
	/* we don't log here as rc can be overridden */
1937
	blob = smack_file(file);
1938
	skp = *blob;
1939
	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1940
	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1941

1942
	rcu_read_lock();
1943
	tcred = __task_cred(tsk);
1944
	if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1945
		rc = 0;
1946
	rcu_read_unlock();
1947

1948
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1949
	smk_ad_setfield_u_tsk(&ad, tsk);
1950
	smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1951
	return rc;
1952
}
1953

1954
/**
1955
 * smack_file_receive - Smack file receive check
1956
 * @file: the object
1957
 *
1958
 * Returns 0 if current has access, error code otherwise
1959
 */
1960
static int smack_file_receive(struct file *file)
1961
{
1962
	int rc;
1963
	int may = 0;
1964
	struct smk_audit_info ad;
1965
	struct inode *inode = file_inode(file);
1966
	struct socket *sock;
1967
	struct task_smack *tsp;
1968
	struct socket_smack *ssp;
1969

1970
	if (unlikely(IS_PRIVATE(inode)))
1971
		return 0;
1972

1973
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1974
	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1975

1976
	if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1977
		sock = SOCKET_I(inode);
1978
		ssp = smack_sock(sock->sk);
1979
		tsp = smack_cred(current_cred());
1980
		/*
1981
		 * If the receiving process can't write to the
1982
		 * passed socket or if the passed socket can't
1983
		 * write to the receiving process don't accept
1984
		 * the passed socket.
1985
		 */
1986
		rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1987
		rc = smk_bu_file(file, may, rc);
1988
		if (rc < 0)
1989
			return rc;
1990
		rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1991
		rc = smk_bu_file(file, may, rc);
1992
		return rc;
1993
	}
1994
	/*
1995
	 * This code relies on bitmasks.
1996
	 */
1997
	if (file->f_mode & FMODE_READ)
1998
		may = MAY_READ;
1999
	if (file->f_mode & FMODE_WRITE)
2000
		may |= MAY_WRITE;
2001

2002
	rc = smk_curacc(smk_of_inode(inode), may, &ad);
2003
	rc = smk_bu_file(file, may, rc);
2004
	return rc;
2005
}
2006

2007
/**
2008
 * smack_file_open - Smack dentry open processing
2009
 * @file: the object
2010
 *
2011
 * Set the security blob in the file structure.
2012
 * Allow the open only if the task has read access. There are
2013
 * many read operations (e.g. fstat) that you can do with an
2014
 * fd even if you have the file open write-only.
2015
 *
2016
 * Returns 0 if current has access, error code otherwise
2017
 */
2018
static int smack_file_open(struct file *file)
2019
{
2020
	struct task_smack *tsp = smack_cred(file->f_cred);
2021
	struct inode *inode = file_inode(file);
2022
	struct smk_audit_info ad;
2023
	int rc;
2024

2025
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
2026
	smk_ad_setfield_u_fs_path(&ad, file->f_path);
2027
	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
2028
	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
2029

2030
	return rc;
2031
}
2032

2033
/*
2034
 * Task hooks
2035
 */
2036

2037
/**
2038
 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
2039
 * @cred: the new credentials
2040
 * @gfp: the atomicity of any memory allocations
2041
 *
2042
 * Prepare a blank set of credentials for modification.  This must allocate all
2043
 * the memory the LSM module might require such that cred_transfer() can
2044
 * complete without error.
2045
 */
2046
static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2047
{
2048
	init_task_smack(smack_cred(cred), NULL, NULL);
2049
	return 0;
2050
}
2051

2052

2053
/**
2054
 * smack_cred_free - "free" task-level security credentials
2055
 * @cred: the credentials in question
2056
 *
2057
 */
2058
static void smack_cred_free(struct cred *cred)
2059
{
2060
	struct task_smack *tsp = smack_cred(cred);
2061
	struct smack_rule *rp;
2062
	struct list_head *l;
2063
	struct list_head *n;
2064

2065
	smk_destroy_label_list(&tsp->smk_relabel);
2066

2067
	list_for_each_safe(l, n, &tsp->smk_rules) {
2068
		rp = list_entry(l, struct smack_rule, list);
2069
		list_del(&rp->list);
2070
		kmem_cache_free(smack_rule_cache, rp);
2071
	}
2072
}
2073

2074
/**
2075
 * smack_cred_prepare - prepare new set of credentials for modification
2076
 * @new: the new credentials
2077
 * @old: the original credentials
2078
 * @gfp: the atomicity of any memory allocations
2079
 *
2080
 * Prepare a new set of credentials for modification.
2081
 */
2082
static int smack_cred_prepare(struct cred *new, const struct cred *old,
2083
			      gfp_t gfp)
2084
{
2085
	struct task_smack *old_tsp = smack_cred(old);
2086
	struct task_smack *new_tsp = smack_cred(new);
2087
	int rc;
2088

2089
	init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
2090

2091
	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2092
	if (rc != 0)
2093
		return rc;
2094

2095
	rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2096
				gfp);
2097
	return rc;
2098
}
2099

2100
/**
2101
 * smack_cred_transfer - Transfer the old credentials to the new credentials
2102
 * @new: the new credentials
2103
 * @old: the original credentials
2104
 *
2105
 * Fill in a set of blank credentials from another set of credentials.
2106
 */
2107
static void smack_cred_transfer(struct cred *new, const struct cred *old)
2108
{
2109
	struct task_smack *old_tsp = smack_cred(old);
2110
	struct task_smack *new_tsp = smack_cred(new);
2111

2112
	init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
2113
}
2114

2115
/**
2116
 * smack_cred_getsecid - get the secid corresponding to a creds structure
2117
 * @cred: the object creds
2118
 * @secid: where to put the result
2119
 *
2120
 * Sets the secid to contain a u32 version of the smack label.
2121
 */
2122
static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
2123
{
2124
	struct smack_known *skp;
2125

2126
	rcu_read_lock();
2127
	skp = smk_of_task(smack_cred(cred));
2128
	*secid = skp->smk_secid;
2129
	rcu_read_unlock();
2130
}
2131

2132
/**
2133
 * smack_cred_getlsmprop - get the Smack label for a creds structure
2134
 * @cred: the object creds
2135
 * @prop: where to put the data
2136
 *
2137
 * Sets the Smack part of the ref
2138
 */
2139
static void smack_cred_getlsmprop(const struct cred *cred,
2140
				  struct lsm_prop *prop)
2141
{
2142
	rcu_read_lock();
2143
	prop->smack.skp = smk_of_task(smack_cred(cred));
2144
	rcu_read_unlock();
2145
}
2146

2147
/**
2148
 * smack_kernel_act_as - Set the subjective context in a set of credentials
2149
 * @new: points to the set of credentials to be modified.
2150
 * @secid: specifies the security ID to be set
2151
 *
2152
 * Set the security data for a kernel service.
2153
 */
2154
static int smack_kernel_act_as(struct cred *new, u32 secid)
2155
{
2156
	struct task_smack *new_tsp = smack_cred(new);
2157

2158
	new_tsp->smk_task = smack_from_secid(secid);
2159
	return 0;
2160
}
2161

2162
/**
2163
 * smack_kernel_create_files_as - Set the file creation label in a set of creds
2164
 * @new: points to the set of credentials to be modified
2165
 * @inode: points to the inode to use as a reference
2166
 *
2167
 * Set the file creation context in a set of credentials to the same
2168
 * as the objective context of the specified inode
2169
 */
2170
static int smack_kernel_create_files_as(struct cred *new,
2171
					struct inode *inode)
2172
{
2173
	struct inode_smack *isp = smack_inode(inode);
2174
	struct task_smack *tsp = smack_cred(new);
2175

2176
	tsp->smk_forked = isp->smk_inode;
2177
	tsp->smk_task = tsp->smk_forked;
2178
	return 0;
2179
}
2180

2181
/**
2182
 * smk_curacc_on_task - helper to log task related access
2183
 * @p: the task object
2184
 * @access: the access requested
2185
 * @caller: name of the calling function for audit
2186
 *
2187
 * Return 0 if access is permitted
2188
 */
2189
static int smk_curacc_on_task(struct task_struct *p, int access,
2190
				const char *caller)
2191
{
2192
	struct smk_audit_info ad;
2193
	struct smack_known *skp = smk_of_task_struct_obj(p);
2194
	int rc;
2195

2196
	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2197
	smk_ad_setfield_u_tsk(&ad, p);
2198
	rc = smk_curacc(skp, access, &ad);
2199
	rc = smk_bu_task(p, access, rc);
2200
	return rc;
2201
}
2202

2203
/**
2204
 * smack_task_setpgid - Smack check on setting pgid
2205
 * @p: the task object
2206
 * @pgid: unused
2207
 *
2208
 * Return 0 if write access is permitted
2209
 */
2210
static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2211
{
2212
	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2213
}
2214

2215
/**
2216
 * smack_task_getpgid - Smack access check for getpgid
2217
 * @p: the object task
2218
 *
2219
 * Returns 0 if current can read the object task, error code otherwise
2220
 */
2221
static int smack_task_getpgid(struct task_struct *p)
2222
{
2223
	return smk_curacc_on_task(p, MAY_READ, __func__);
2224
}
2225

2226
/**
2227
 * smack_task_getsid - Smack access check for getsid
2228
 * @p: the object task
2229
 *
2230
 * Returns 0 if current can read the object task, error code otherwise
2231
 */
2232
static int smack_task_getsid(struct task_struct *p)
2233
{
2234
	return smk_curacc_on_task(p, MAY_READ, __func__);
2235
}
2236

2237
/**
2238
 * smack_current_getlsmprop_subj - get the subjective secid of the current task
2239
 * @prop: where to put the result
2240
 *
2241
 * Sets the secid to contain a u32 version of the task's subjective smack label.
2242
 */
2243
static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
2244
{
2245
	prop->smack.skp = smk_of_current();
2246
}
2247

2248
/**
2249
 * smack_task_getlsmprop_obj - get the objective data of the task
2250
 * @p: the task
2251
 * @prop: where to put the result
2252
 *
2253
 * Sets the secid to contain a u32 version of the task's objective smack label.
2254
 */
2255
static void smack_task_getlsmprop_obj(struct task_struct *p,
2256
				      struct lsm_prop *prop)
2257
{
2258
	prop->smack.skp = smk_of_task_struct_obj(p);
2259
}
2260

2261
/**
2262
 * smack_task_setnice - Smack check on setting nice
2263
 * @p: the task object
2264
 * @nice: unused
2265
 *
2266
 * Return 0 if write access is permitted
2267
 */
2268
static int smack_task_setnice(struct task_struct *p, int nice)
2269
{
2270
	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2271
}
2272

2273
/**
2274
 * smack_task_setioprio - Smack check on setting ioprio
2275
 * @p: the task object
2276
 * @ioprio: unused
2277
 *
2278
 * Return 0 if write access is permitted
2279
 */
2280
static int smack_task_setioprio(struct task_struct *p, int ioprio)
2281
{
2282
	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2283
}
2284

2285
/**
2286
 * smack_task_getioprio - Smack check on reading ioprio
2287
 * @p: the task object
2288
 *
2289
 * Return 0 if read access is permitted
2290
 */
2291
static int smack_task_getioprio(struct task_struct *p)
2292
{
2293
	return smk_curacc_on_task(p, MAY_READ, __func__);
2294
}
2295

2296
/**
2297
 * smack_task_setscheduler - Smack check on setting scheduler
2298
 * @p: the task object
2299
 *
2300
 * Return 0 if read access is permitted
2301
 */
2302
static int smack_task_setscheduler(struct task_struct *p)
2303
{
2304
	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2305
}
2306

2307
/**
2308
 * smack_task_getscheduler - Smack check on reading scheduler
2309
 * @p: the task object
2310
 *
2311
 * Return 0 if read access is permitted
2312
 */
2313
static int smack_task_getscheduler(struct task_struct *p)
2314
{
2315
	return smk_curacc_on_task(p, MAY_READ, __func__);
2316
}
2317

2318
/**
2319
 * smack_task_movememory - Smack check on moving memory
2320
 * @p: the task object
2321
 *
2322
 * Return 0 if write access is permitted
2323
 */
2324
static int smack_task_movememory(struct task_struct *p)
2325
{
2326
	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2327
}
2328

2329
/**
2330
 * smack_task_kill - Smack check on signal delivery
2331
 * @p: the task object
2332
 * @info: unused
2333
 * @sig: unused
2334
 * @cred: identifies the cred to use in lieu of current's
2335
 *
2336
 * Return 0 if write access is permitted
2337
 *
2338
 */
2339
static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2340
			   int sig, const struct cred *cred)
2341
{
2342
	struct smk_audit_info ad;
2343
	struct smack_known *skp;
2344
	struct smack_known *tkp = smk_of_task_struct_obj(p);
2345
	int rc;
2346

2347
	if (!sig)
2348
		return 0; /* null signal; existence test */
2349

2350
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2351
	smk_ad_setfield_u_tsk(&ad, p);
2352
	/*
2353
	 * Sending a signal requires that the sender
2354
	 * can write the receiver.
2355
	 */
2356
	if (cred == NULL) {
2357
		rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2358
		rc = smk_bu_task(p, MAY_DELIVER, rc);
2359
		return rc;
2360
	}
2361
	/*
2362
	 * If the cred isn't NULL we're dealing with some USB IO
2363
	 * specific behavior. This is not clean. For one thing
2364
	 * we can't take privilege into account.
2365
	 */
2366
	skp = smk_of_task(smack_cred(cred));
2367
	rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2368
	rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2369
	return rc;
2370
}
2371

2372
/**
2373
 * smack_task_to_inode - copy task smack into the inode blob
2374
 * @p: task to copy from
2375
 * @inode: inode to copy to
2376
 *
2377
 * Sets the smack pointer in the inode security blob
2378
 */
2379
static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2380
{
2381
	struct inode_smack *isp = smack_inode(inode);
2382
	struct smack_known *skp = smk_of_task_struct_obj(p);
2383

2384
	isp->smk_inode = skp;
2385
	isp->smk_flags |= SMK_INODE_INSTANT;
2386
}
2387

2388
/*
2389
 * Socket hooks.
2390
 */
2391

2392
/**
2393
 * smack_sk_alloc_security - Allocate a socket blob
2394
 * @sk: the socket
2395
 * @family: unused
2396
 * @gfp_flags: memory allocation flags
2397
 *
2398
 * Assign Smack pointers to current
2399
 *
2400
 * Returns 0 on success, -ENOMEM is there's no memory
2401
 */
2402
static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2403
{
2404
	struct smack_known *skp = smk_of_current();
2405
	struct socket_smack *ssp = smack_sock(sk);
2406

2407
	/*
2408
	 * Sockets created by kernel threads receive web label.
2409
	 */
2410
	if (unlikely(current->flags & PF_KTHREAD)) {
2411
		ssp->smk_in = &smack_known_web;
2412
		ssp->smk_out = &smack_known_web;
2413
	} else {
2414
		ssp->smk_in = skp;
2415
		ssp->smk_out = skp;
2416
	}
2417
	ssp->smk_packet = NULL;
2418

2419
	return 0;
2420
}
2421

2422
#ifdef SMACK_IPV6_PORT_LABELING
2423
/**
2424
 * smack_sk_free_security - Free a socket blob
2425
 * @sk: the socket
2426
 *
2427
 * Clears the blob pointer
2428
 */
2429
static void smack_sk_free_security(struct sock *sk)
2430
{
2431
	struct smk_port_label *spp;
2432

2433
	if (sk->sk_family == PF_INET6) {
2434
		rcu_read_lock();
2435
		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2436
			if (spp->smk_sock != sk)
2437
				continue;
2438
			spp->smk_can_reuse = 1;
2439
			break;
2440
		}
2441
		rcu_read_unlock();
2442
	}
2443
}
2444
#endif
2445

2446
/**
2447
 * smack_sk_clone_security - Copy security context
2448
 * @sk: the old socket
2449
 * @newsk: the new socket
2450
 *
2451
 * Copy the security context of the old socket pointer to the cloned
2452
 */
2453
static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
2454
{
2455
	struct socket_smack *ssp_old = smack_sock(sk);
2456
	struct socket_smack *ssp_new = smack_sock(newsk);
2457

2458
	*ssp_new = *ssp_old;
2459
}
2460

2461
/**
2462
* smack_ipv4host_label - check host based restrictions
2463
* @sip: the object end
2464
*
2465
* looks for host based access restrictions
2466
*
2467
* This version will only be appropriate for really small sets of single label
2468
* hosts.  The caller is responsible for ensuring that the RCU read lock is
2469
* taken before calling this function.
2470
*
2471
* Returns the label of the far end or NULL if it's not special.
2472
*/
2473
static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2474
{
2475
	struct smk_net4addr *snp;
2476
	struct in_addr *siap = &sip->sin_addr;
2477

2478
	if (siap->s_addr == 0)
2479
		return NULL;
2480

2481
	list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2482
		/*
2483
		 * we break after finding the first match because
2484
		 * the list is sorted from longest to shortest mask
2485
		 * so we have found the most specific match
2486
		 */
2487
		if (snp->smk_host.s_addr ==
2488
		    (siap->s_addr & snp->smk_mask.s_addr))
2489
			return snp->smk_label;
2490

2491
	return NULL;
2492
}
2493

2494
#if IS_ENABLED(CONFIG_IPV6)
2495
/*
2496
 * smk_ipv6_localhost - Check for local ipv6 host address
2497
 * @sip: the address
2498
 *
2499
 * Returns boolean true if this is the localhost address
2500
 */
2501
static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2502
{
2503
	__be16 *be16p = (__be16 *)&sip->sin6_addr;
2504
	__be32 *be32p = (__be32 *)&sip->sin6_addr;
2505

2506
	if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2507
	    ntohs(be16p[7]) == 1)
2508
		return true;
2509
	return false;
2510
}
2511

2512
/**
2513
* smack_ipv6host_label - check host based restrictions
2514
* @sip: the object end
2515
*
2516
* looks for host based access restrictions
2517
*
2518
* This version will only be appropriate for really small sets of single label
2519
* hosts.  The caller is responsible for ensuring that the RCU read lock is
2520
* taken before calling this function.
2521
*
2522
* Returns the label of the far end or NULL if it's not special.
2523
*/
2524
static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2525
{
2526
	struct smk_net6addr *snp;
2527
	struct in6_addr *sap = &sip->sin6_addr;
2528
	int i;
2529
	int found = 0;
2530

2531
	/*
2532
	 * It's local. Don't look for a host label.
2533
	 */
2534
	if (smk_ipv6_localhost(sip))
2535
		return NULL;
2536

2537
	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2538
		/*
2539
		 * If the label is NULL the entry has
2540
		 * been renounced. Ignore it.
2541
		 */
2542
		if (snp->smk_label == NULL)
2543
			continue;
2544
		/*
2545
		* we break after finding the first match because
2546
		* the list is sorted from longest to shortest mask
2547
		* so we have found the most specific match
2548
		*/
2549
		for (found = 1, i = 0; i < 8; i++) {
2550
			if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2551
			    snp->smk_host.s6_addr16[i]) {
2552
				found = 0;
2553
				break;
2554
			}
2555
		}
2556
		if (found)
2557
			return snp->smk_label;
2558
	}
2559

2560
	return NULL;
2561
}
2562
#endif /* CONFIG_IPV6 */
2563

2564
/**
2565
 * smack_netlbl_add - Set the secattr on a socket
2566
 * @sk: the socket
2567
 *
2568
 * Attach the outbound smack value (smk_out) to the socket.
2569
 *
2570
 * Returns 0 on success or an error code
2571
 */
2572
static int smack_netlbl_add(struct sock *sk)
2573
{
2574
	struct socket_smack *ssp = smack_sock(sk);
2575
	struct smack_known *skp = ssp->smk_out;
2576
	int rc;
2577

2578
	local_bh_disable();
2579
	bh_lock_sock_nested(sk);
2580

2581
	rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel,
2582
				 netlbl_sk_lock_check(sk));
2583
	switch (rc) {
2584
	case 0:
2585
		ssp->smk_state = SMK_NETLBL_LABELED;
2586
		break;
2587
	case -EDESTADDRREQ:
2588
		ssp->smk_state = SMK_NETLBL_REQSKB;
2589
		rc = 0;
2590
		break;
2591
	}
2592

2593
	bh_unlock_sock(sk);
2594
	local_bh_enable();
2595

2596
	return rc;
2597
}
2598

2599
/**
2600
 * smack_netlbl_delete - Remove the secattr from a socket
2601
 * @sk: the socket
2602
 *
2603
 * Remove the outbound smack value from a socket
2604
 */
2605
static void smack_netlbl_delete(struct sock *sk)
2606
{
2607
	struct socket_smack *ssp = smack_sock(sk);
2608

2609
	/*
2610
	 * Take the label off the socket if one is set.
2611
	 */
2612
	if (ssp->smk_state != SMK_NETLBL_LABELED)
2613
		return;
2614

2615
	local_bh_disable();
2616
	bh_lock_sock_nested(sk);
2617
	netlbl_sock_delattr(sk);
2618
	bh_unlock_sock(sk);
2619
	local_bh_enable();
2620
	ssp->smk_state = SMK_NETLBL_UNLABELED;
2621
}
2622

2623
/**
2624
 * smk_ipv4_check - Perform IPv4 host access checks
2625
 * @sk: the socket
2626
 * @sap: the destination address
2627
 *
2628
 * Set the correct secattr for the given socket based on the destination
2629
 * address and perform any outbound access checks needed.
2630
 *
2631
 * Returns 0 on success or an error code.
2632
 *
2633
 */
2634
static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2635
{
2636
	struct smack_known *skp;
2637
	int rc = 0;
2638
	struct smack_known *hkp;
2639
	struct socket_smack *ssp = smack_sock(sk);
2640
	struct smk_audit_info ad;
2641

2642
	rcu_read_lock();
2643
	hkp = smack_ipv4host_label(sap);
2644
	if (hkp != NULL) {
2645
#ifdef CONFIG_AUDIT
2646
		struct lsm_network_audit net;
2647

2648
		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2649
		ad.a.u.net->family = sap->sin_family;
2650
		ad.a.u.net->dport = sap->sin_port;
2651
		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2652
#endif
2653
		skp = ssp->smk_out;
2654
		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2655
		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2656
		/*
2657
		 * Clear the socket netlabel if it's set.
2658
		 */
2659
		if (!rc)
2660
			smack_netlbl_delete(sk);
2661
	}
2662
	rcu_read_unlock();
2663

2664
	return rc;
2665
}
2666

2667
#if IS_ENABLED(CONFIG_IPV6)
2668
/**
2669
 * smk_ipv6_check - check Smack access
2670
 * @subject: subject Smack label
2671
 * @object: object Smack label
2672
 * @address: address
2673
 * @act: the action being taken
2674
 *
2675
 * Check an IPv6 access
2676
 */
2677
static int smk_ipv6_check(struct smack_known *subject,
2678
				struct smack_known *object,
2679
				struct sockaddr_in6 *address, int act)
2680
{
2681
#ifdef CONFIG_AUDIT
2682
	struct lsm_network_audit net;
2683
#endif
2684
	struct smk_audit_info ad;
2685
	int rc;
2686

2687
#ifdef CONFIG_AUDIT
2688
	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2689
	ad.a.u.net->family = PF_INET6;
2690
	ad.a.u.net->dport = address->sin6_port;
2691
	if (act == SMK_RECEIVING)
2692
		ad.a.u.net->v6info.saddr = address->sin6_addr;
2693
	else
2694
		ad.a.u.net->v6info.daddr = address->sin6_addr;
2695
#endif
2696
	rc = smk_access(subject, object, MAY_WRITE, &ad);
2697
	rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2698
	return rc;
2699
}
2700
#endif /* CONFIG_IPV6 */
2701

2702
#ifdef SMACK_IPV6_PORT_LABELING
2703
/**
2704
 * smk_ipv6_port_label - Smack port access table management
2705
 * @sock: socket
2706
 * @address: address
2707
 *
2708
 * Create or update the port list entry
2709
 */
2710
static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2711
{
2712
	struct sock *sk = sock->sk;
2713
	struct sockaddr_in6 *addr6;
2714
	struct socket_smack *ssp = smack_sock(sock->sk);
2715
	struct smk_port_label *spp;
2716
	unsigned short port = 0;
2717

2718
	if (address == NULL) {
2719
		/*
2720
		 * This operation is changing the Smack information
2721
		 * on the bound socket. Take the changes to the port
2722
		 * as well.
2723
		 */
2724
		rcu_read_lock();
2725
		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2726
			if (sk != spp->smk_sock)
2727
				continue;
2728
			spp->smk_in = ssp->smk_in;
2729
			spp->smk_out = ssp->smk_out;
2730
			rcu_read_unlock();
2731
			return;
2732
		}
2733
		/*
2734
		 * A NULL address is only used for updating existing
2735
		 * bound entries. If there isn't one, it's OK.
2736
		 */
2737
		rcu_read_unlock();
2738
		return;
2739
	}
2740

2741
	addr6 = (struct sockaddr_in6 *)address;
2742
	port = ntohs(addr6->sin6_port);
2743
	/*
2744
	 * This is a special case that is safely ignored.
2745
	 */
2746
	if (port == 0)
2747
		return;
2748

2749
	/*
2750
	 * Look for an existing port list entry.
2751
	 * This is an indication that a port is getting reused.
2752
	 */
2753
	rcu_read_lock();
2754
	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2755
		if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2756
			continue;
2757
		if (spp->smk_can_reuse != 1) {
2758
			rcu_read_unlock();
2759
			return;
2760
		}
2761
		spp->smk_port = port;
2762
		spp->smk_sock = sk;
2763
		spp->smk_in = ssp->smk_in;
2764
		spp->smk_out = ssp->smk_out;
2765
		spp->smk_can_reuse = 0;
2766
		rcu_read_unlock();
2767
		return;
2768
	}
2769
	rcu_read_unlock();
2770
	/*
2771
	 * A new port entry is required.
2772
	 */
2773
	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2774
	if (spp == NULL)
2775
		return;
2776

2777
	spp->smk_port = port;
2778
	spp->smk_sock = sk;
2779
	spp->smk_in = ssp->smk_in;
2780
	spp->smk_out = ssp->smk_out;
2781
	spp->smk_sock_type = sock->type;
2782
	spp->smk_can_reuse = 0;
2783

2784
	mutex_lock(&smack_ipv6_lock);
2785
	list_add_rcu(&spp->list, &smk_ipv6_port_list);
2786
	mutex_unlock(&smack_ipv6_lock);
2787
	return;
2788
}
2789

2790
/**
2791
 * smk_ipv6_port_check - check Smack port access
2792
 * @sk: socket
2793
 * @address: address
2794
 * @act: the action being taken
2795
 *
2796
 * Create or update the port list entry
2797
 */
2798
static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2799
				int act)
2800
{
2801
	struct smk_port_label *spp;
2802
	struct socket_smack *ssp = smack_sock(sk);
2803
	struct smack_known *skp = NULL;
2804
	unsigned short port;
2805
	struct smack_known *object;
2806

2807
	if (act == SMK_RECEIVING) {
2808
		skp = smack_ipv6host_label(address);
2809
		object = ssp->smk_in;
2810
	} else {
2811
		skp = ssp->smk_out;
2812
		object = smack_ipv6host_label(address);
2813
	}
2814

2815
	/*
2816
	 * The other end is a single label host.
2817
	 */
2818
	if (skp != NULL && object != NULL)
2819
		return smk_ipv6_check(skp, object, address, act);
2820
	if (skp == NULL)
2821
		skp = smack_net_ambient;
2822
	if (object == NULL)
2823
		object = smack_net_ambient;
2824

2825
	/*
2826
	 * It's remote, so port lookup does no good.
2827
	 */
2828
	if (!smk_ipv6_localhost(address))
2829
		return smk_ipv6_check(skp, object, address, act);
2830

2831
	/*
2832
	 * It's local so the send check has to have passed.
2833
	 */
2834
	if (act == SMK_RECEIVING)
2835
		return 0;
2836

2837
	port = ntohs(address->sin6_port);
2838
	rcu_read_lock();
2839
	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2840
		if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2841
			continue;
2842
		object = spp->smk_in;
2843
		if (act == SMK_CONNECTING)
2844
			ssp->smk_packet = spp->smk_out;
2845
		break;
2846
	}
2847
	rcu_read_unlock();
2848

2849
	return smk_ipv6_check(skp, object, address, act);
2850
}
2851
#endif
2852

2853
/**
2854
 * smack_inode_setsecurity - set smack xattrs
2855
 * @inode: the object
2856
 * @name: attribute name
2857
 * @value: attribute value
2858
 * @size: size of the attribute
2859
 * @flags: unused
2860
 *
2861
 * Sets the named attribute in the appropriate blob
2862
 *
2863
 * Returns 0 on success, or an error code
2864
 */
2865
static int smack_inode_setsecurity(struct inode *inode, const char *name,
2866
				   const void *value, size_t size, int flags)
2867
{
2868
	struct smack_known *skp;
2869
	struct inode_smack *nsp = smack_inode(inode);
2870
	struct socket_smack *ssp;
2871
	struct socket *sock;
2872
	int rc = 0;
2873

2874
	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2875
		return -EINVAL;
2876

2877
	if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
2878
		if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE ||
2879
		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
2880
			return -EINVAL;
2881

2882
		nsp->smk_flags |= SMK_INODE_TRANSMUTE;
2883
		return 0;
2884
	}
2885

2886
	skp = smk_import_entry(value, size);
2887
	if (IS_ERR(skp))
2888
		return PTR_ERR(skp);
2889

2890
	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2891
		nsp->smk_inode = skp;
2892
		nsp->smk_flags |= SMK_INODE_INSTANT;
2893
		return 0;
2894
	}
2895
	/*
2896
	 * The rest of the Smack xattrs are only on sockets.
2897
	 */
2898
	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2899
		return -EOPNOTSUPP;
2900

2901
	sock = SOCKET_I(inode);
2902
	if (sock == NULL || sock->sk == NULL)
2903
		return -EOPNOTSUPP;
2904

2905
	ssp = smack_sock(sock->sk);
2906

2907
	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2908
		ssp->smk_in = skp;
2909
	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2910
		ssp->smk_out = skp;
2911
		if (sock->sk->sk_family == PF_INET) {
2912
			rc = smack_netlbl_add(sock->sk);
2913
			if (rc != 0)
2914
				printk(KERN_WARNING
2915
					"Smack: \"%s\" netlbl error %d.\n",
2916
					__func__, -rc);
2917
		}
2918
	} else
2919
		return -EOPNOTSUPP;
2920

2921
#ifdef SMACK_IPV6_PORT_LABELING
2922
	if (sock->sk->sk_family == PF_INET6)
2923
		smk_ipv6_port_label(sock, NULL);
2924
#endif
2925

2926
	return 0;
2927
}
2928

2929
/**
2930
 * smack_socket_post_create - finish socket setup
2931
 * @sock: the socket
2932
 * @family: protocol family
2933
 * @type: unused
2934
 * @protocol: unused
2935
 * @kern: unused
2936
 *
2937
 * Sets the netlabel information on the socket
2938
 *
2939
 * Returns 0 on success, and error code otherwise
2940
 */
2941
static int smack_socket_post_create(struct socket *sock, int family,
2942
				    int type, int protocol, int kern)
2943
{
2944
	struct socket_smack *ssp;
2945

2946
	if (sock->sk == NULL)
2947
		return 0;
2948

2949
	/*
2950
	 * Sockets created by kernel threads receive web label.
2951
	 */
2952
	if (unlikely(current->flags & PF_KTHREAD)) {
2953
		ssp = smack_sock(sock->sk);
2954
		ssp->smk_in = &smack_known_web;
2955
		ssp->smk_out = &smack_known_web;
2956
	}
2957

2958
	if (family != PF_INET)
2959
		return 0;
2960
	/*
2961
	 * Set the outbound netlbl.
2962
	 */
2963
	return smack_netlbl_add(sock->sk);
2964
}
2965

2966
/**
2967
 * smack_socket_socketpair - create socket pair
2968
 * @socka: one socket
2969
 * @sockb: another socket
2970
 *
2971
 * Cross reference the peer labels for SO_PEERSEC
2972
 *
2973
 * Returns 0
2974
 */
2975
static int smack_socket_socketpair(struct socket *socka,
2976
		                   struct socket *sockb)
2977
{
2978
	struct socket_smack *asp = smack_sock(socka->sk);
2979
	struct socket_smack *bsp = smack_sock(sockb->sk);
2980

2981
	asp->smk_packet = bsp->smk_out;
2982
	bsp->smk_packet = asp->smk_out;
2983

2984
	return 0;
2985
}
2986

2987
#ifdef SMACK_IPV6_PORT_LABELING
2988
/**
2989
 * smack_socket_bind - record port binding information.
2990
 * @sock: the socket
2991
 * @address: the port address
2992
 * @addrlen: size of the address
2993
 *
2994
 * Records the label bound to a port.
2995
 *
2996
 * Returns 0 on success, and error code otherwise
2997
 */
2998
static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2999
				int addrlen)
3000
{
3001
	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
3002
		if (addrlen < SIN6_LEN_RFC2133 ||
3003
		    address->sa_family != AF_INET6)
3004
			return -EINVAL;
3005
		smk_ipv6_port_label(sock, address);
3006
	}
3007
	return 0;
3008
}
3009
#endif /* SMACK_IPV6_PORT_LABELING */
3010

3011
/**
3012
 * smack_socket_connect - connect access check
3013
 * @sock: the socket
3014
 * @sap: the other end
3015
 * @addrlen: size of sap
3016
 *
3017
 * Verifies that a connection may be possible
3018
 *
3019
 * Returns 0 on success, and error code otherwise
3020
 */
3021
static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
3022
				int addrlen)
3023
{
3024
	int rc = 0;
3025

3026
	if (sock->sk == NULL)
3027
		return 0;
3028
	if (sock->sk->sk_family != PF_INET &&
3029
	    (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
3030
		return 0;
3031
	if (addrlen < offsetofend(struct sockaddr, sa_family))
3032
		return 0;
3033

3034
#if IS_ENABLED(CONFIG_IPV6)
3035
	if (sap->sa_family == AF_INET6) {
3036
		struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
3037
		struct smack_known *rsp = NULL;
3038

3039
		if (addrlen < SIN6_LEN_RFC2133)
3040
			return 0;
3041
		if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
3042
			rsp = smack_ipv6host_label(sip);
3043
		if (rsp != NULL) {
3044
			struct socket_smack *ssp = smack_sock(sock->sk);
3045

3046
			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
3047
					    SMK_CONNECTING);
3048
		}
3049
#ifdef SMACK_IPV6_PORT_LABELING
3050
		rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
3051
#endif
3052

3053
		return rc;
3054
	}
3055
#endif /* CONFIG_IPV6 */
3056

3057
	if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
3058
		return 0;
3059
	rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
3060
	return rc;
3061
}
3062

3063
/**
3064
 * smack_flags_to_may - convert S_ to MAY_ values
3065
 * @flags: the S_ value
3066
 *
3067
 * Returns the equivalent MAY_ value
3068
 */
3069
static int smack_flags_to_may(int flags)
3070
{
3071
	int may = 0;
3072

3073
	if (flags & S_IRUGO)
3074
		may |= MAY_READ;
3075
	if (flags & S_IWUGO)
3076
		may |= MAY_WRITE;
3077
	if (flags & S_IXUGO)
3078
		may |= MAY_EXEC;
3079

3080
	return may;
3081
}
3082

3083
/**
3084
 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
3085
 * @msg: the object
3086
 *
3087
 * Returns 0
3088
 */
3089
static int smack_msg_msg_alloc_security(struct msg_msg *msg)
3090
{
3091
	struct smack_known **blob = smack_msg_msg(msg);
3092

3093
	*blob = smk_of_current();
3094
	return 0;
3095
}
3096

3097
/**
3098
 * smack_of_ipc - the smack pointer for the ipc
3099
 * @isp: the object
3100
 *
3101
 * Returns a pointer to the smack value
3102
 */
3103
static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
3104
{
3105
	struct smack_known **blob = smack_ipc(isp);
3106

3107
	return *blob;
3108
}
3109

3110
/**
3111
 * smack_ipc_alloc_security - Set the security blob for ipc
3112
 * @isp: the object
3113
 *
3114
 * Returns 0
3115
 */
3116
static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3117
{
3118
	struct smack_known **blob = smack_ipc(isp);
3119

3120
	*blob = smk_of_current();
3121
	return 0;
3122
}
3123

3124
/**
3125
 * smk_curacc_shm : check if current has access on shm
3126
 * @isp : the object
3127
 * @access : access requested
3128
 *
3129
 * Returns 0 if current has the requested access, error code otherwise
3130
 */
3131
static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3132
{
3133
	struct smack_known *ssp = smack_of_ipc(isp);
3134
	struct smk_audit_info ad;
3135
	int rc;
3136

3137
#ifdef CONFIG_AUDIT
3138
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3139
	ad.a.u.ipc_id = isp->id;
3140
#endif
3141
	rc = smk_curacc(ssp, access, &ad);
3142
	rc = smk_bu_current("shm", ssp, access, rc);
3143
	return rc;
3144
}
3145

3146
/**
3147
 * smack_shm_associate - Smack access check for shm
3148
 * @isp: the object
3149
 * @shmflg: access requested
3150
 *
3151
 * Returns 0 if current has the requested access, error code otherwise
3152
 */
3153
static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3154
{
3155
	int may;
3156

3157
	may = smack_flags_to_may(shmflg);
3158
	return smk_curacc_shm(isp, may);
3159
}
3160

3161
/**
3162
 * smack_shm_shmctl - Smack access check for shm
3163
 * @isp: the object
3164
 * @cmd: what it wants to do
3165
 *
3166
 * Returns 0 if current has the requested access, error code otherwise
3167
 */
3168
static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3169
{
3170
	int may;
3171

3172
	switch (cmd) {
3173
	case IPC_STAT:
3174
	case SHM_STAT:
3175
	case SHM_STAT_ANY:
3176
		may = MAY_READ;
3177
		break;
3178
	case IPC_SET:
3179
	case SHM_LOCK:
3180
	case SHM_UNLOCK:
3181
	case IPC_RMID:
3182
		may = MAY_READWRITE;
3183
		break;
3184
	case IPC_INFO:
3185
	case SHM_INFO:
3186
		/*
3187
		 * System level information.
3188
		 */
3189
		return 0;
3190
	default:
3191
		return -EINVAL;
3192
	}
3193
	return smk_curacc_shm(isp, may);
3194
}
3195

3196
/**
3197
 * smack_shm_shmat - Smack access for shmat
3198
 * @isp: the object
3199
 * @shmaddr: unused
3200
 * @shmflg: access requested
3201
 *
3202
 * Returns 0 if current has the requested access, error code otherwise
3203
 */
3204
static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3205
			   int shmflg)
3206
{
3207
	int may;
3208

3209
	may = smack_flags_to_may(shmflg);
3210
	return smk_curacc_shm(isp, may);
3211
}
3212

3213
/**
3214
 * smk_curacc_sem : check if current has access on sem
3215
 * @isp : the object
3216
 * @access : access requested
3217
 *
3218
 * Returns 0 if current has the requested access, error code otherwise
3219
 */
3220
static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3221
{
3222
	struct smack_known *ssp = smack_of_ipc(isp);
3223
	struct smk_audit_info ad;
3224
	int rc;
3225

3226
#ifdef CONFIG_AUDIT
3227
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3228
	ad.a.u.ipc_id = isp->id;
3229
#endif
3230
	rc = smk_curacc(ssp, access, &ad);
3231
	rc = smk_bu_current("sem", ssp, access, rc);
3232
	return rc;
3233
}
3234

3235
/**
3236
 * smack_sem_associate - Smack access check for sem
3237
 * @isp: the object
3238
 * @semflg: access requested
3239
 *
3240
 * Returns 0 if current has the requested access, error code otherwise
3241
 */
3242
static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3243
{
3244
	int may;
3245

3246
	may = smack_flags_to_may(semflg);
3247
	return smk_curacc_sem(isp, may);
3248
}
3249

3250
/**
3251
 * smack_sem_semctl - Smack access check for sem
3252
 * @isp: the object
3253
 * @cmd: what it wants to do
3254
 *
3255
 * Returns 0 if current has the requested access, error code otherwise
3256
 */
3257
static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3258
{
3259
	int may;
3260

3261
	switch (cmd) {
3262
	case GETPID:
3263
	case GETNCNT:
3264
	case GETZCNT:
3265
	case GETVAL:
3266
	case GETALL:
3267
	case IPC_STAT:
3268
	case SEM_STAT:
3269
	case SEM_STAT_ANY:
3270
		may = MAY_READ;
3271
		break;
3272
	case SETVAL:
3273
	case SETALL:
3274
	case IPC_RMID:
3275
	case IPC_SET:
3276
		may = MAY_READWRITE;
3277
		break;
3278
	case IPC_INFO:
3279
	case SEM_INFO:
3280
		/*
3281
		 * System level information
3282
		 */
3283
		return 0;
3284
	default:
3285
		return -EINVAL;
3286
	}
3287

3288
	return smk_curacc_sem(isp, may);
3289
}
3290

3291
/**
3292
 * smack_sem_semop - Smack checks of semaphore operations
3293
 * @isp: the object
3294
 * @sops: unused
3295
 * @nsops: unused
3296
 * @alter: unused
3297
 *
3298
 * Treated as read and write in all cases.
3299
 *
3300
 * Returns 0 if access is allowed, error code otherwise
3301
 */
3302
static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3303
			   unsigned nsops, int alter)
3304
{
3305
	return smk_curacc_sem(isp, MAY_READWRITE);
3306
}
3307

3308
/**
3309
 * smk_curacc_msq : helper to check if current has access on msq
3310
 * @isp : the msq
3311
 * @access : access requested
3312
 *
3313
 * return 0 if current has access, error otherwise
3314
 */
3315
static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3316
{
3317
	struct smack_known *msp = smack_of_ipc(isp);
3318
	struct smk_audit_info ad;
3319
	int rc;
3320

3321
#ifdef CONFIG_AUDIT
3322
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3323
	ad.a.u.ipc_id = isp->id;
3324
#endif
3325
	rc = smk_curacc(msp, access, &ad);
3326
	rc = smk_bu_current("msq", msp, access, rc);
3327
	return rc;
3328
}
3329

3330
/**
3331
 * smack_msg_queue_associate - Smack access check for msg_queue
3332
 * @isp: the object
3333
 * @msqflg: access requested
3334
 *
3335
 * Returns 0 if current has the requested access, error code otherwise
3336
 */
3337
static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3338
{
3339
	int may;
3340

3341
	may = smack_flags_to_may(msqflg);
3342
	return smk_curacc_msq(isp, may);
3343
}
3344

3345
/**
3346
 * smack_msg_queue_msgctl - Smack access check for msg_queue
3347
 * @isp: the object
3348
 * @cmd: what it wants to do
3349
 *
3350
 * Returns 0 if current has the requested access, error code otherwise
3351
 */
3352
static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3353
{
3354
	int may;
3355

3356
	switch (cmd) {
3357
	case IPC_STAT:
3358
	case MSG_STAT:
3359
	case MSG_STAT_ANY:
3360
		may = MAY_READ;
3361
		break;
3362
	case IPC_SET:
3363
	case IPC_RMID:
3364
		may = MAY_READWRITE;
3365
		break;
3366
	case IPC_INFO:
3367
	case MSG_INFO:
3368
		/*
3369
		 * System level information
3370
		 */
3371
		return 0;
3372
	default:
3373
		return -EINVAL;
3374
	}
3375

3376
	return smk_curacc_msq(isp, may);
3377
}
3378

3379
/**
3380
 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3381
 * @isp: the object
3382
 * @msg: unused
3383
 * @msqflg: access requested
3384
 *
3385
 * Returns 0 if current has the requested access, error code otherwise
3386
 */
3387
static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3388
				  int msqflg)
3389
{
3390
	int may;
3391

3392
	may = smack_flags_to_may(msqflg);
3393
	return smk_curacc_msq(isp, may);
3394
}
3395

3396
/**
3397
 * smack_msg_queue_msgrcv - Smack access check for msg_queue
3398
 * @isp: the object
3399
 * @msg: unused
3400
 * @target: unused
3401
 * @type: unused
3402
 * @mode: unused
3403
 *
3404
 * Returns 0 if current has read and write access, error code otherwise
3405
 */
3406
static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3407
				  struct msg_msg *msg,
3408
				  struct task_struct *target, long type,
3409
				  int mode)
3410
{
3411
	return smk_curacc_msq(isp, MAY_READWRITE);
3412
}
3413

3414
/**
3415
 * smack_ipc_permission - Smack access for ipc_permission()
3416
 * @ipp: the object permissions
3417
 * @flag: access requested
3418
 *
3419
 * Returns 0 if current has read and write access, error code otherwise
3420
 */
3421
static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3422
{
3423
	struct smack_known **blob = smack_ipc(ipp);
3424
	struct smack_known *iskp = *blob;
3425
	int may = smack_flags_to_may(flag);
3426
	struct smk_audit_info ad;
3427
	int rc;
3428

3429
#ifdef CONFIG_AUDIT
3430
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3431
	ad.a.u.ipc_id = ipp->id;
3432
#endif
3433
	rc = smk_curacc(iskp, may, &ad);
3434
	rc = smk_bu_current("svipc", iskp, may, rc);
3435
	return rc;
3436
}
3437

3438
/**
3439
 * smack_ipc_getlsmprop - Extract smack security data
3440
 * @ipp: the object permissions
3441
 * @prop: where result will be saved
3442
 */
3443
static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
3444
{
3445
	struct smack_known **iskpp = smack_ipc(ipp);
3446

3447
	prop->smack.skp = *iskpp;
3448
}
3449

3450
/**
3451
 * smack_d_instantiate - Make sure the blob is correct on an inode
3452
 * @opt_dentry: dentry where inode will be attached
3453
 * @inode: the object
3454
 *
3455
 * Set the inode's security blob if it hasn't been done already.
3456
 */
3457
static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3458
{
3459
	struct super_block *sbp;
3460
	struct superblock_smack *sbsp;
3461
	struct inode_smack *isp;
3462
	struct smack_known *skp;
3463
	struct smack_known *ckp = smk_of_current();
3464
	struct smack_known *final;
3465
	char trattr[TRANS_TRUE_SIZE];
3466
	int transflag = 0;
3467
	int rc;
3468
	struct dentry *dp;
3469

3470
	if (inode == NULL)
3471
		return;
3472

3473
	isp = smack_inode(inode);
3474

3475
	/*
3476
	 * If the inode is already instantiated
3477
	 * take the quick way out
3478
	 */
3479
	if (isp->smk_flags & SMK_INODE_INSTANT)
3480
		return;
3481

3482
	sbp = inode->i_sb;
3483
	sbsp = smack_superblock(sbp);
3484
	/*
3485
	 * We're going to use the superblock default label
3486
	 * if there's no label on the file.
3487
	 */
3488
	final = sbsp->smk_default;
3489

3490
	/*
3491
	 * If this is the root inode the superblock
3492
	 * may be in the process of initialization.
3493
	 * If that is the case use the root value out
3494
	 * of the superblock.
3495
	 */
3496
	if (opt_dentry->d_parent == opt_dentry) {
3497
		switch (sbp->s_magic) {
3498
		case CGROUP_SUPER_MAGIC:
3499
		case CGROUP2_SUPER_MAGIC:
3500
			/*
3501
			 * The cgroup filesystem is never mounted,
3502
			 * so there's no opportunity to set the mount
3503
			 * options.
3504
			 */
3505
			sbsp->smk_root = &smack_known_star;
3506
			sbsp->smk_default = &smack_known_star;
3507
			isp->smk_inode = sbsp->smk_root;
3508
			break;
3509
		case TMPFS_MAGIC:
3510
			/*
3511
			 * What about shmem/tmpfs anonymous files with dentry
3512
			 * obtained from d_alloc_pseudo()?
3513
			 */
3514
			isp->smk_inode = smk_of_current();
3515
			break;
3516
		case PIPEFS_MAGIC:
3517
			isp->smk_inode = smk_of_current();
3518
			break;
3519
		case SOCKFS_MAGIC:
3520
			/*
3521
			 * Socket access is controlled by the socket
3522
			 * structures associated with the task involved.
3523
			 */
3524
			isp->smk_inode = &smack_known_star;
3525
			break;
3526
		default:
3527
			isp->smk_inode = sbsp->smk_root;
3528
			break;
3529
		}
3530
		isp->smk_flags |= SMK_INODE_INSTANT;
3531
		return;
3532
	}
3533

3534
	/*
3535
	 * This is pretty hackish.
3536
	 * Casey says that we shouldn't have to do
3537
	 * file system specific code, but it does help
3538
	 * with keeping it simple.
3539
	 */
3540
	switch (sbp->s_magic) {
3541
	case SMACK_MAGIC:
3542
	case CGROUP_SUPER_MAGIC:
3543
	case CGROUP2_SUPER_MAGIC:
3544
		/*
3545
		 * Casey says that it's a little embarrassing
3546
		 * that the smack file system doesn't do
3547
		 * extended attributes.
3548
		 *
3549
		 * Cgroupfs is special
3550
		 */
3551
		final = &smack_known_star;
3552
		break;
3553
	case DEVPTS_SUPER_MAGIC:
3554
		/*
3555
		 * devpts seems content with the label of the task.
3556
		 * Programs that change smack have to treat the
3557
		 * pty with respect.
3558
		 */
3559
		final = ckp;
3560
		break;
3561
	case PROC_SUPER_MAGIC:
3562
		/*
3563
		 * Casey says procfs appears not to care.
3564
		 * The superblock default suffices.
3565
		 */
3566
		break;
3567
	case TMPFS_MAGIC:
3568
		/*
3569
		 * Device labels should come from the filesystem,
3570
		 * but watch out, because they're volitile,
3571
		 * getting recreated on every reboot.
3572
		 */
3573
		final = &smack_known_star;
3574
		/*
3575
		 * If a smack value has been set we want to use it,
3576
		 * but since tmpfs isn't giving us the opportunity
3577
		 * to set mount options simulate setting the
3578
		 * superblock default.
3579
		 */
3580
		fallthrough;
3581
	default:
3582
		/*
3583
		 * This isn't an understood special case.
3584
		 * Get the value from the xattr.
3585
		 */
3586

3587
		/*
3588
		 * UNIX domain sockets use lower level socket data.
3589
		 */
3590
		if (S_ISSOCK(inode->i_mode)) {
3591
			final = &smack_known_star;
3592
			break;
3593
		}
3594
		/*
3595
		 * No xattr support means, alas, no SMACK label.
3596
		 * Use the aforeapplied default.
3597
		 * It would be curious if the label of the task
3598
		 * does not match that assigned.
3599
		 */
3600
		if (!(inode->i_opflags & IOP_XATTR))
3601
		        break;
3602
		/*
3603
		 * Get the dentry for xattr.
3604
		 */
3605
		dp = dget(opt_dentry);
3606
		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3607
		if (!IS_ERR_OR_NULL(skp))
3608
			final = skp;
3609

3610
		/*
3611
		 * Transmuting directory
3612
		 */
3613
		if (S_ISDIR(inode->i_mode)) {
3614
			/*
3615
			 * If this is a new directory and the label was
3616
			 * transmuted when the inode was initialized
3617
			 * set the transmute attribute on the directory
3618
			 * and mark the inode.
3619
			 *
3620
			 * If there is a transmute attribute on the
3621
			 * directory mark the inode.
3622
			 */
3623
			rc = __vfs_getxattr(dp, inode,
3624
					    XATTR_NAME_SMACKTRANSMUTE, trattr,
3625
					    TRANS_TRUE_SIZE);
3626
			if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3627
					       TRANS_TRUE_SIZE) != 0)
3628
				rc = -EINVAL;
3629
			if (rc >= 0)
3630
				transflag = SMK_INODE_TRANSMUTE;
3631
		}
3632
		/*
3633
		 * Don't let the exec or mmap label be "*" or "@".
3634
		 */
3635
		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3636
		if (IS_ERR(skp) || skp == &smack_known_star ||
3637
		    skp == &smack_known_web)
3638
			skp = NULL;
3639
		isp->smk_task = skp;
3640

3641
		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3642
		if (IS_ERR(skp) || skp == &smack_known_star ||
3643
		    skp == &smack_known_web)
3644
			skp = NULL;
3645
		isp->smk_mmap = skp;
3646

3647
		dput(dp);
3648
		break;
3649
	}
3650

3651
	if (final == NULL)
3652
		isp->smk_inode = ckp;
3653
	else
3654
		isp->smk_inode = final;
3655

3656
	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3657

3658
	return;
3659
}
3660

3661
/**
3662
 * smack_getselfattr - Smack current process attribute
3663
 * @attr: which attribute to fetch
3664
 * @ctx: buffer to receive the result
3665
 * @size: available size in, actual size out
3666
 * @flags: unused
3667
 *
3668
 * Fill the passed user space @ctx with the details of the requested
3669
 * attribute.
3670
 *
3671
 * Returns the number of attributes on success, an error code otherwise.
3672
 * There will only ever be one attribute.
3673
 */
3674
static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
3675
			     u32 *size, u32 flags)
3676
{
3677
	int rc;
3678
	struct smack_known *skp;
3679

3680
	if (attr != LSM_ATTR_CURRENT)
3681
		return -EOPNOTSUPP;
3682

3683
	skp = smk_of_current();
3684
	rc = lsm_fill_user_ctx(ctx, size,
3685
			       skp->smk_known, strlen(skp->smk_known) + 1,
3686
			       LSM_ID_SMACK, 0);
3687
	return (!rc ? 1 : rc);
3688
}
3689

3690
/**
3691
 * smack_getprocattr - Smack process attribute access
3692
 * @p: the object task
3693
 * @name: the name of the attribute in /proc/.../attr
3694
 * @value: where to put the result
3695
 *
3696
 * Places a copy of the task Smack into value
3697
 *
3698
 * Returns the length of the smack label or an error code
3699
 */
3700
static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
3701
{
3702
	struct smack_known *skp = smk_of_task_struct_obj(p);
3703
	char *cp;
3704
	int slen;
3705

3706
	if (strcmp(name, "current") != 0)
3707
		return -EINVAL;
3708

3709
	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3710
	if (cp == NULL)
3711
		return -ENOMEM;
3712

3713
	slen = strlen(cp);
3714
	*value = cp;
3715
	return slen;
3716
}
3717

3718
/**
3719
 * do_setattr - Smack process attribute setting
3720
 * @attr: the ID of the attribute
3721
 * @value: the value to set
3722
 * @size: the size of the value
3723
 *
3724
 * Sets the Smack value of the task. Only setting self
3725
 * is permitted and only with privilege
3726
 *
3727
 * Returns the length of the smack label or an error code
3728
 */
3729
static int do_setattr(u64 attr, void *value, size_t size)
3730
{
3731
	struct task_smack *tsp = smack_cred(current_cred());
3732
	struct cred *new;
3733
	struct smack_known *skp;
3734
	struct smack_known_list_elem *sklep;
3735
	int rc;
3736

3737
	if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3738
		return -EPERM;
3739

3740
	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3741
		return -EINVAL;
3742

3743
	if (attr != LSM_ATTR_CURRENT)
3744
		return -EOPNOTSUPP;
3745

3746
	skp = smk_import_entry(value, size);
3747
	if (IS_ERR(skp))
3748
		return PTR_ERR(skp);
3749

3750
	/*
3751
	 * No process is ever allowed the web ("@") label
3752
	 * and the star ("*") label.
3753
	 */
3754
	if (skp == &smack_known_web || skp == &smack_known_star)
3755
		return -EINVAL;
3756

3757
	if (!smack_privileged(CAP_MAC_ADMIN)) {
3758
		rc = -EPERM;
3759
		list_for_each_entry(sklep, &tsp->smk_relabel, list)
3760
			if (sklep->smk_label == skp) {
3761
				rc = 0;
3762
				break;
3763
			}
3764
		if (rc)
3765
			return rc;
3766
	}
3767

3768
	new = prepare_creds();
3769
	if (new == NULL)
3770
		return -ENOMEM;
3771

3772
	tsp = smack_cred(new);
3773
	tsp->smk_task = skp;
3774
	/*
3775
	 * process can change its label only once
3776
	 */
3777
	smk_destroy_label_list(&tsp->smk_relabel);
3778

3779
	commit_creds(new);
3780
	return size;
3781
}
3782

3783
/**
3784
 * smack_setselfattr - Set a Smack process attribute
3785
 * @attr: which attribute to set
3786
 * @ctx: buffer containing the data
3787
 * @size: size of @ctx
3788
 * @flags: unused
3789
 *
3790
 * Fill the passed user space @ctx with the details of the requested
3791
 * attribute.
3792
 *
3793
 * Returns 0 on success, an error code otherwise.
3794
 */
3795
static int smack_setselfattr(unsigned int attr, struct lsm_ctx *ctx,
3796
			     u32 size, u32 flags)
3797
{
3798
	int rc;
3799

3800
	rc = do_setattr(attr, ctx->ctx, ctx->ctx_len);
3801
	if (rc > 0)
3802
		return 0;
3803
	return rc;
3804
}
3805

3806
/**
3807
 * smack_setprocattr - Smack process attribute setting
3808
 * @name: the name of the attribute in /proc/.../attr
3809
 * @value: the value to set
3810
 * @size: the size of the value
3811
 *
3812
 * Sets the Smack value of the task. Only setting self
3813
 * is permitted and only with privilege
3814
 *
3815
 * Returns the length of the smack label or an error code
3816
 */
3817
static int smack_setprocattr(const char *name, void *value, size_t size)
3818
{
3819
	int attr = lsm_name_to_attr(name);
3820

3821
	if (attr != LSM_ATTR_UNDEF)
3822
		return do_setattr(attr, value, size);
3823
	return -EINVAL;
3824
}
3825

3826
/**
3827
 * smack_unix_stream_connect - Smack access on UDS
3828
 * @sock: one sock
3829
 * @other: the other sock
3830
 * @newsk: unused
3831
 *
3832
 * Return 0 if a subject with the smack of sock could access
3833
 * an object with the smack of other, otherwise an error code
3834
 */
3835
static int smack_unix_stream_connect(struct sock *sock,
3836
				     struct sock *other, struct sock *newsk)
3837
{
3838
	struct smack_known *skp;
3839
	struct smack_known *okp;
3840
	struct socket_smack *ssp = smack_sock(sock);
3841
	struct socket_smack *osp = smack_sock(other);
3842
	struct socket_smack *nsp = smack_sock(newsk);
3843
	struct smk_audit_info ad;
3844
	int rc = 0;
3845
#ifdef CONFIG_AUDIT
3846
	struct lsm_network_audit net;
3847
#endif
3848

3849
	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3850
		skp = ssp->smk_out;
3851
		okp = osp->smk_in;
3852
#ifdef CONFIG_AUDIT
3853
		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3854
		smk_ad_setfield_u_net_sk(&ad, other);
3855
#endif
3856
		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3857
		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3858
		if (rc == 0) {
3859
			okp = osp->smk_out;
3860
			skp = ssp->smk_in;
3861
			rc = smk_access(okp, skp, MAY_WRITE, &ad);
3862
			rc = smk_bu_note("UDS connect", okp, skp,
3863
						MAY_WRITE, rc);
3864
		}
3865
	}
3866

3867
	if (rc == 0) {
3868
		/*
3869
		 * Cross reference the peer labels for SO_PEERSEC.
3870
		 */
3871
		nsp->smk_packet = ssp->smk_out;
3872
		ssp->smk_packet = osp->smk_out;
3873

3874
		/*
3875
		 * new/child/established socket must inherit listening socket labels
3876
		 */
3877
		nsp->smk_out = osp->smk_out;
3878
		nsp->smk_in  = osp->smk_in;
3879
	}
3880

3881
	return rc;
3882
}
3883

3884
/**
3885
 * smack_unix_may_send - Smack access on UDS
3886
 * @sock: one socket
3887
 * @other: the other socket
3888
 *
3889
 * Return 0 if a subject with the smack of sock could access
3890
 * an object with the smack of other, otherwise an error code
3891
 */
3892
static int smack_unix_may_send(struct socket *sock, struct socket *other)
3893
{
3894
	struct socket_smack *ssp = smack_sock(sock->sk);
3895
	struct socket_smack *osp = smack_sock(other->sk);
3896
	struct smk_audit_info ad;
3897
	int rc;
3898

3899
#ifdef CONFIG_AUDIT
3900
	struct lsm_network_audit net;
3901

3902
	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3903
	smk_ad_setfield_u_net_sk(&ad, other->sk);
3904
#endif
3905

3906
	if (smack_privileged(CAP_MAC_OVERRIDE))
3907
		return 0;
3908

3909
	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3910
	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3911
	return rc;
3912
}
3913

3914
/**
3915
 * smack_socket_sendmsg - Smack check based on destination host
3916
 * @sock: the socket
3917
 * @msg: the message
3918
 * @size: the size of the message
3919
 *
3920
 * Return 0 if the current subject can write to the destination host.
3921
 * For IPv4 this is only a question if the destination is a single label host.
3922
 * For IPv6 this is a check against the label of the port.
3923
 */
3924
static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3925
				int size)
3926
{
3927
	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3928
#if IS_ENABLED(CONFIG_IPV6)
3929
	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3930
#endif
3931
#ifdef SMACK_IPV6_SECMARK_LABELING
3932
	struct socket_smack *ssp = smack_sock(sock->sk);
3933
	struct smack_known *rsp;
3934
#endif
3935
	int rc = 0;
3936

3937
	/*
3938
	 * Perfectly reasonable for this to be NULL
3939
	 */
3940
	if (sip == NULL)
3941
		return 0;
3942

3943
	switch (sock->sk->sk_family) {
3944
	case AF_INET:
3945
		if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3946
		    sip->sin_family != AF_INET)
3947
			return -EINVAL;
3948
		rc = smk_ipv4_check(sock->sk, sip);
3949
		break;
3950
#if IS_ENABLED(CONFIG_IPV6)
3951
	case AF_INET6:
3952
		if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3953
		    sap->sin6_family != AF_INET6)
3954
			return -EINVAL;
3955
#ifdef SMACK_IPV6_SECMARK_LABELING
3956
		rsp = smack_ipv6host_label(sap);
3957
		if (rsp != NULL)
3958
			rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3959
						SMK_CONNECTING);
3960
#endif
3961
#ifdef SMACK_IPV6_PORT_LABELING
3962
		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3963
#endif
3964
#endif /* IS_ENABLED(CONFIG_IPV6) */
3965
		break;
3966
	}
3967
	return rc;
3968
}
3969

3970
/**
3971
 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3972
 * @sap: netlabel secattr
3973
 * @ssp: socket security information
3974
 *
3975
 * Returns a pointer to a Smack label entry found on the label list.
3976
 */
3977
static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3978
						struct socket_smack *ssp)
3979
{
3980
	struct smack_known *skp;
3981
	int found = 0;
3982
	int acat;
3983
	int kcat;
3984

3985
	/*
3986
	 * Netlabel found it in the cache.
3987
	 */
3988
	if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3989
		return (struct smack_known *)sap->cache->data;
3990

3991
	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3992
		/*
3993
		 * Looks like a fallback, which gives us a secid.
3994
		 */
3995
		return smack_from_secid(sap->attr.secid);
3996

3997
	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3998
		/*
3999
		 * Looks like a CIPSO packet.
4000
		 * If there are flags but no level netlabel isn't
4001
		 * behaving the way we expect it to.
4002
		 *
4003
		 * Look it up in the label table
4004
		 * Without guidance regarding the smack value
4005
		 * for the packet fall back on the network
4006
		 * ambient value.
4007
		 */
4008
		rcu_read_lock();
4009
		list_for_each_entry_rcu(skp, &smack_known_list, list) {
4010
			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
4011
				continue;
4012
			/*
4013
			 * Compare the catsets. Use the netlbl APIs.
4014
			 */
4015
			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
4016
				if ((skp->smk_netlabel.flags &
4017
				     NETLBL_SECATTR_MLS_CAT) == 0)
4018
					found = 1;
4019
				break;
4020
			}
4021
			for (acat = -1, kcat = -1; acat == kcat; ) {
4022
				acat = netlbl_catmap_walk(sap->attr.mls.cat,
4023
							  acat + 1);
4024
				kcat = netlbl_catmap_walk(
4025
					skp->smk_netlabel.attr.mls.cat,
4026
					kcat + 1);
4027
				if (acat < 0 || kcat < 0)
4028
					break;
4029
			}
4030
			if (acat == kcat) {
4031
				found = 1;
4032
				break;
4033
			}
4034
		}
4035
		rcu_read_unlock();
4036

4037
		if (found)
4038
			return skp;
4039

4040
		if (ssp != NULL && ssp->smk_in == &smack_known_star)
4041
			return &smack_known_web;
4042
		return &smack_known_star;
4043
	}
4044
	/*
4045
	 * Without guidance regarding the smack value
4046
	 * for the packet fall back on the network
4047
	 * ambient value.
4048
	 */
4049
	return smack_net_ambient;
4050
}
4051

4052
#if IS_ENABLED(CONFIG_IPV6)
4053
static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
4054
{
4055
	u8 nexthdr;
4056
	int offset;
4057
	int proto = -EINVAL;
4058
	struct ipv6hdr _ipv6h;
4059
	struct ipv6hdr *ip6;
4060
	__be16 frag_off;
4061
	struct tcphdr _tcph, *th;
4062
	struct udphdr _udph, *uh;
4063

4064
	sip->sin6_port = 0;
4065

4066
	offset = skb_network_offset(skb);
4067
	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4068
	if (ip6 == NULL)
4069
		return -EINVAL;
4070
	sip->sin6_addr = ip6->saddr;
4071

4072
	nexthdr = ip6->nexthdr;
4073
	offset += sizeof(_ipv6h);
4074
	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4075
	if (offset < 0)
4076
		return -EINVAL;
4077

4078
	proto = nexthdr;
4079
	switch (proto) {
4080
	case IPPROTO_TCP:
4081
		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4082
		if (th != NULL)
4083
			sip->sin6_port = th->source;
4084
		break;
4085
	case IPPROTO_UDP:
4086
	case IPPROTO_UDPLITE:
4087
		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4088
		if (uh != NULL)
4089
			sip->sin6_port = uh->source;
4090
		break;
4091
	}
4092
	return proto;
4093
}
4094
#endif /* CONFIG_IPV6 */
4095

4096
/**
4097
 * smack_from_skb - Smack data from the secmark in an skb
4098
 * @skb: packet
4099
 *
4100
 * Returns smack_known of the secmark or NULL if that won't work.
4101
 */
4102
#ifdef CONFIG_NETWORK_SECMARK
4103
static struct smack_known *smack_from_skb(struct sk_buff *skb)
4104
{
4105
	if (skb == NULL || skb->secmark == 0)
4106
		return NULL;
4107

4108
	return smack_from_secid(skb->secmark);
4109
}
4110
#else
4111
static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
4112
{
4113
	return NULL;
4114
}
4115
#endif
4116

4117
/**
4118
 * smack_from_netlbl - Smack data from the IP options in an skb
4119
 * @sk: socket data came in on
4120
 * @family: address family
4121
 * @skb: packet
4122
 *
4123
 * Find the Smack label in the IP options. If it hasn't been
4124
 * added to the netlabel cache, add it here.
4125
 *
4126
 * Returns smack_known of the IP options or NULL if that won't work.
4127
 */
4128
static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
4129
					     struct sk_buff *skb)
4130
{
4131
	struct netlbl_lsm_secattr secattr;
4132
	struct socket_smack *ssp = NULL;
4133
	struct smack_known *skp = NULL;
4134

4135
	netlbl_secattr_init(&secattr);
4136

4137
	if (sk)
4138
		ssp = smack_sock(sk);
4139

4140
	if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
4141
		skp = smack_from_secattr(&secattr, ssp);
4142
		if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
4143
			netlbl_cache_add(skb, family, &skp->smk_netlabel);
4144
	}
4145

4146
	netlbl_secattr_destroy(&secattr);
4147

4148
	return skp;
4149
}
4150

4151
/**
4152
 * smack_socket_sock_rcv_skb - Smack packet delivery access check
4153
 * @sk: socket
4154
 * @skb: packet
4155
 *
4156
 * Returns 0 if the packet should be delivered, an error code otherwise
4157
 */
4158
static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4159
{
4160
	struct socket_smack *ssp = smack_sock(sk);
4161
	struct smack_known *skp = NULL;
4162
	int rc = 0;
4163
	struct smk_audit_info ad;
4164
	u16 family = sk->sk_family;
4165
#ifdef CONFIG_AUDIT
4166
	struct lsm_network_audit net;
4167
#endif
4168
#if IS_ENABLED(CONFIG_IPV6)
4169
	struct sockaddr_in6 sadd;
4170
	int proto;
4171

4172
	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4173
		family = PF_INET;
4174
#endif /* CONFIG_IPV6 */
4175

4176
	switch (family) {
4177
	case PF_INET:
4178
		/*
4179
		 * If there is a secmark use it rather than the CIPSO label.
4180
		 * If there is no secmark fall back to CIPSO.
4181
		 * The secmark is assumed to reflect policy better.
4182
		 */
4183
		skp = smack_from_skb(skb);
4184
		if (skp == NULL) {
4185
			skp = smack_from_netlbl(sk, family, skb);
4186
			if (skp == NULL)
4187
				skp = smack_net_ambient;
4188
		}
4189

4190
#ifdef CONFIG_AUDIT
4191
		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4192
		ad.a.u.net->family = family;
4193
		ad.a.u.net->netif = skb->skb_iif;
4194
		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4195
#endif
4196
		/*
4197
		 * Receiving a packet requires that the other end
4198
		 * be able to write here. Read access is not required.
4199
		 * This is the simplest possible security model
4200
		 * for networking.
4201
		 */
4202
		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4203
		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4204
					MAY_WRITE, rc);
4205
		if (rc != 0)
4206
			netlbl_skbuff_err(skb, family, rc, 0);
4207
		break;
4208
#if IS_ENABLED(CONFIG_IPV6)
4209
	case PF_INET6:
4210
		proto = smk_skb_to_addr_ipv6(skb, &sadd);
4211
		if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4212
		    proto != IPPROTO_TCP)
4213
			break;
4214
#ifdef SMACK_IPV6_SECMARK_LABELING
4215
		skp = smack_from_skb(skb);
4216
		if (skp == NULL) {
4217
			if (smk_ipv6_localhost(&sadd))
4218
				break;
4219
			skp = smack_ipv6host_label(&sadd);
4220
			if (skp == NULL)
4221
				skp = smack_net_ambient;
4222
		}
4223
#ifdef CONFIG_AUDIT
4224
		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4225
		ad.a.u.net->family = family;
4226
		ad.a.u.net->netif = skb->skb_iif;
4227
		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4228
#endif /* CONFIG_AUDIT */
4229
		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4230
		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4231
					MAY_WRITE, rc);
4232
#endif /* SMACK_IPV6_SECMARK_LABELING */
4233
#ifdef SMACK_IPV6_PORT_LABELING
4234
		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4235
#endif /* SMACK_IPV6_PORT_LABELING */
4236
		if (rc != 0)
4237
			icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4238
					ICMPV6_ADM_PROHIBITED, 0);
4239
		break;
4240
#endif /* CONFIG_IPV6 */
4241
	}
4242

4243
	return rc;
4244
}
4245

4246
/**
4247
 * smack_socket_getpeersec_stream - pull in packet label
4248
 * @sock: the socket
4249
 * @optval: user's destination
4250
 * @optlen: size thereof
4251
 * @len: max thereof
4252
 *
4253
 * returns zero on success, an error code otherwise
4254
 */
4255
static int smack_socket_getpeersec_stream(struct socket *sock,
4256
					  sockptr_t optval, sockptr_t optlen,
4257
					  unsigned int len)
4258
{
4259
	struct socket_smack *ssp;
4260
	char *rcp = "";
4261
	u32 slen = 1;
4262
	int rc = 0;
4263

4264
	ssp = smack_sock(sock->sk);
4265
	if (ssp->smk_packet != NULL) {
4266
		rcp = ssp->smk_packet->smk_known;
4267
		slen = strlen(rcp) + 1;
4268
	}
4269
	if (slen > len) {
4270
		rc = -ERANGE;
4271
		goto out_len;
4272
	}
4273

4274
	if (copy_to_sockptr(optval, rcp, slen))
4275
		rc = -EFAULT;
4276
out_len:
4277
	if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
4278
		rc = -EFAULT;
4279
	return rc;
4280
}
4281

4282

4283
/**
4284
 * smack_socket_getpeersec_dgram - pull in packet label
4285
 * @sock: the peer socket
4286
 * @skb: packet data
4287
 * @secid: pointer to where to put the secid of the packet
4288
 *
4289
 * Sets the netlabel socket state on sk from parent
4290
 */
4291
static int smack_socket_getpeersec_dgram(struct socket *sock,
4292
					 struct sk_buff *skb, u32 *secid)
4293

4294
{
4295
	struct socket_smack *ssp = NULL;
4296
	struct smack_known *skp;
4297
	struct sock *sk = NULL;
4298
	int family = PF_UNSPEC;
4299
	u32 s = 0;	/* 0 is the invalid secid */
4300

4301
	if (skb != NULL) {
4302
		if (skb->protocol == htons(ETH_P_IP))
4303
			family = PF_INET;
4304
#if IS_ENABLED(CONFIG_IPV6)
4305
		else if (skb->protocol == htons(ETH_P_IPV6))
4306
			family = PF_INET6;
4307
#endif /* CONFIG_IPV6 */
4308
	}
4309
	if (family == PF_UNSPEC && sock != NULL)
4310
		family = sock->sk->sk_family;
4311

4312
	switch (family) {
4313
	case PF_UNIX:
4314
		ssp = smack_sock(sock->sk);
4315
		s = ssp->smk_out->smk_secid;
4316
		break;
4317
	case PF_INET:
4318
		skp = smack_from_skb(skb);
4319
		if (skp) {
4320
			s = skp->smk_secid;
4321
			break;
4322
		}
4323
		/*
4324
		 * Translate what netlabel gave us.
4325
		 */
4326
		if (sock != NULL)
4327
			sk = sock->sk;
4328
		skp = smack_from_netlbl(sk, family, skb);
4329
		if (skp != NULL)
4330
			s = skp->smk_secid;
4331
		break;
4332
	case PF_INET6:
4333
#ifdef SMACK_IPV6_SECMARK_LABELING
4334
		skp = smack_from_skb(skb);
4335
		if (skp)
4336
			s = skp->smk_secid;
4337
#endif
4338
		break;
4339
	}
4340
	*secid = s;
4341
	if (s == 0)
4342
		return -EINVAL;
4343
	return 0;
4344
}
4345

4346
/**
4347
 * smack_inet_conn_request - Smack access check on connect
4348
 * @sk: socket involved
4349
 * @skb: packet
4350
 * @req: unused
4351
 *
4352
 * Returns 0 if a task with the packet label could write to
4353
 * the socket, otherwise an error code
4354
 */
4355
static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4356
				   struct request_sock *req)
4357
{
4358
	u16 family = sk->sk_family;
4359
	struct smack_known *skp;
4360
	struct socket_smack *ssp = smack_sock(sk);
4361
	struct sockaddr_in addr;
4362
	struct iphdr *hdr;
4363
	struct smack_known *hskp;
4364
	int rc;
4365
	struct smk_audit_info ad;
4366
#ifdef CONFIG_AUDIT
4367
	struct lsm_network_audit net;
4368
#endif
4369

4370
#if IS_ENABLED(CONFIG_IPV6)
4371
	if (family == PF_INET6) {
4372
		/*
4373
		 * Handle mapped IPv4 packets arriving
4374
		 * via IPv6 sockets. Don't set up netlabel
4375
		 * processing on IPv6.
4376
		 */
4377
		if (skb->protocol == htons(ETH_P_IP))
4378
			family = PF_INET;
4379
		else
4380
			return 0;
4381
	}
4382
#endif /* CONFIG_IPV6 */
4383

4384
	/*
4385
	 * If there is a secmark use it rather than the CIPSO label.
4386
	 * If there is no secmark fall back to CIPSO.
4387
	 * The secmark is assumed to reflect policy better.
4388
	 */
4389
	skp = smack_from_skb(skb);
4390
	if (skp == NULL) {
4391
		skp = smack_from_netlbl(sk, family, skb);
4392
		if (skp == NULL)
4393
			skp = &smack_known_huh;
4394
	}
4395

4396
#ifdef CONFIG_AUDIT
4397
	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4398
	ad.a.u.net->family = family;
4399
	ad.a.u.net->netif = skb->skb_iif;
4400
	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4401
#endif
4402
	/*
4403
	 * Receiving a packet requires that the other end be able to write
4404
	 * here. Read access is not required.
4405
	 */
4406
	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4407
	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4408
	if (rc != 0)
4409
		return rc;
4410

4411
	/*
4412
	 * Save the peer's label in the request_sock so we can later setup
4413
	 * smk_packet in the child socket so that SO_PEERCRED can report it.
4414
	 */
4415
	req->peer_secid = skp->smk_secid;
4416

4417
	/*
4418
	 * We need to decide if we want to label the incoming connection here
4419
	 * if we do we only need to label the request_sock and the stack will
4420
	 * propagate the wire-label to the sock when it is created.
4421
	 */
4422
	hdr = ip_hdr(skb);
4423
	addr.sin_addr.s_addr = hdr->saddr;
4424
	rcu_read_lock();
4425
	hskp = smack_ipv4host_label(&addr);
4426
	rcu_read_unlock();
4427

4428
	if (hskp == NULL)
4429
		rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel);
4430
	else
4431
		netlbl_req_delattr(req);
4432

4433
	return rc;
4434
}
4435

4436
/**
4437
 * smack_inet_csk_clone - Copy the connection information to the new socket
4438
 * @sk: the new socket
4439
 * @req: the connection's request_sock
4440
 *
4441
 * Transfer the connection's peer label to the newly created socket.
4442
 */
4443
static void smack_inet_csk_clone(struct sock *sk,
4444
				 const struct request_sock *req)
4445
{
4446
	struct socket_smack *ssp = smack_sock(sk);
4447
	struct smack_known *skp;
4448

4449
	if (req->peer_secid != 0) {
4450
		skp = smack_from_secid(req->peer_secid);
4451
		ssp->smk_packet = skp;
4452
	} else
4453
		ssp->smk_packet = NULL;
4454
}
4455

4456
/*
4457
 * Key management security hooks
4458
 *
4459
 * Casey has not tested key support very heavily.
4460
 * The permission check is most likely too restrictive.
4461
 * If you care about keys please have a look.
4462
 */
4463
#ifdef CONFIG_KEYS
4464

4465
/**
4466
 * smack_key_alloc - Set the key security blob
4467
 * @key: object
4468
 * @cred: the credentials to use
4469
 * @flags: unused
4470
 *
4471
 * No allocation required
4472
 *
4473
 * Returns 0
4474
 */
4475
static int smack_key_alloc(struct key *key, const struct cred *cred,
4476
			   unsigned long flags)
4477
{
4478
	struct smack_known **blob = smack_key(key);
4479
	struct smack_known *skp = smk_of_task(smack_cred(cred));
4480

4481
	*blob = skp;
4482
	return 0;
4483
}
4484

4485
/**
4486
 * smack_key_permission - Smack access on a key
4487
 * @key_ref: gets to the object
4488
 * @cred: the credentials to use
4489
 * @need_perm: requested key permission
4490
 *
4491
 * Return 0 if the task has read and write to the object,
4492
 * an error code otherwise
4493
 */
4494
static int smack_key_permission(key_ref_t key_ref,
4495
				const struct cred *cred,
4496
				enum key_need_perm need_perm)
4497
{
4498
	struct smack_known **blob;
4499
	struct smack_known *skp;
4500
	struct key *keyp;
4501
	struct smk_audit_info ad;
4502
	struct smack_known *tkp = smk_of_task(smack_cred(cred));
4503
	int request = 0;
4504
	int rc;
4505

4506
	/*
4507
	 * Validate requested permissions
4508
	 */
4509
	switch (need_perm) {
4510
	case KEY_NEED_READ:
4511
	case KEY_NEED_SEARCH:
4512
	case KEY_NEED_VIEW:
4513
		request |= MAY_READ;
4514
		break;
4515
	case KEY_NEED_WRITE:
4516
	case KEY_NEED_LINK:
4517
	case KEY_NEED_SETATTR:
4518
		request |= MAY_WRITE;
4519
		break;
4520
	case KEY_NEED_UNSPECIFIED:
4521
	case KEY_NEED_UNLINK:
4522
	case KEY_SYSADMIN_OVERRIDE:
4523
	case KEY_AUTHTOKEN_OVERRIDE:
4524
	case KEY_DEFER_PERM_CHECK:
4525
		return 0;
4526
	default:
4527
		return -EINVAL;
4528
	}
4529

4530
	keyp = key_ref_to_ptr(key_ref);
4531
	if (keyp == NULL)
4532
		return -EINVAL;
4533
	/*
4534
	 * If the key hasn't been initialized give it access so that
4535
	 * it may do so.
4536
	 */
4537
	blob = smack_key(keyp);
4538
	skp = *blob;
4539
	if (skp == NULL)
4540
		return 0;
4541
	/*
4542
	 * This should not occur
4543
	 */
4544
	if (tkp == NULL)
4545
		return -EACCES;
4546

4547
	if (smack_privileged(CAP_MAC_OVERRIDE))
4548
		return 0;
4549

4550
#ifdef CONFIG_AUDIT
4551
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4552
	ad.a.u.key_struct.key = keyp->serial;
4553
	ad.a.u.key_struct.key_desc = keyp->description;
4554
#endif
4555
	rc = smk_access(tkp, skp, request, &ad);
4556
	rc = smk_bu_note("key access", tkp, skp, request, rc);
4557
	return rc;
4558
}
4559

4560
/*
4561
 * smack_key_getsecurity - Smack label tagging the key
4562
 * @key points to the key to be queried
4563
 * @_buffer points to a pointer that should be set to point to the
4564
 * resulting string (if no label or an error occurs).
4565
 * Return the length of the string (including terminating NUL) or -ve if
4566
 * an error.
4567
 * May also return 0 (and a NULL buffer pointer) if there is no label.
4568
 */
4569
static int smack_key_getsecurity(struct key *key, char **_buffer)
4570
{
4571
	struct smack_known **blob = smack_key(key);
4572
	struct smack_known *skp = *blob;
4573
	size_t length;
4574
	char *copy;
4575

4576
	if (skp == NULL) {
4577
		*_buffer = NULL;
4578
		return 0;
4579
	}
4580

4581
	copy = kstrdup(skp->smk_known, GFP_KERNEL);
4582
	if (copy == NULL)
4583
		return -ENOMEM;
4584
	length = strlen(copy) + 1;
4585

4586
	*_buffer = copy;
4587
	return length;
4588
}
4589

4590

4591
#ifdef CONFIG_KEY_NOTIFICATIONS
4592
/**
4593
 * smack_watch_key - Smack access to watch a key for notifications.
4594
 * @key: The key to be watched
4595
 *
4596
 * Return 0 if the @watch->cred has permission to read from the key object and
4597
 * an error otherwise.
4598
 */
4599
static int smack_watch_key(struct key *key)
4600
{
4601
	struct smk_audit_info ad;
4602
	struct smack_known *tkp = smk_of_current();
4603
	struct smack_known **blob = smack_key(key);
4604
	int rc;
4605

4606
	/*
4607
	 * This should not occur
4608
	 */
4609
	if (tkp == NULL)
4610
		return -EACCES;
4611

4612
	if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4613
		return 0;
4614

4615
#ifdef CONFIG_AUDIT
4616
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4617
	ad.a.u.key_struct.key = key->serial;
4618
	ad.a.u.key_struct.key_desc = key->description;
4619
#endif
4620
	rc = smk_access(tkp, *blob, MAY_READ, &ad);
4621
	rc = smk_bu_note("key watch", tkp, *blob, MAY_READ, rc);
4622
	return rc;
4623
}
4624
#endif /* CONFIG_KEY_NOTIFICATIONS */
4625
#endif /* CONFIG_KEYS */
4626

4627
#ifdef CONFIG_WATCH_QUEUE
4628
/**
4629
 * smack_post_notification - Smack access to post a notification to a queue
4630
 * @w_cred: The credentials of the watcher.
4631
 * @cred: The credentials of the event source (may be NULL).
4632
 * @n: The notification message to be posted.
4633
 */
4634
static int smack_post_notification(const struct cred *w_cred,
4635
				   const struct cred *cred,
4636
				   struct watch_notification *n)
4637
{
4638
	struct smk_audit_info ad;
4639
	struct smack_known *subj, *obj;
4640
	int rc;
4641

4642
	/* Always let maintenance notifications through. */
4643
	if (n->type == WATCH_TYPE_META)
4644
		return 0;
4645

4646
	if (!cred)
4647
		return 0;
4648
	subj = smk_of_task(smack_cred(cred));
4649
	obj = smk_of_task(smack_cred(w_cred));
4650

4651
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4652
	rc = smk_access(subj, obj, MAY_WRITE, &ad);
4653
	rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4654
	return rc;
4655
}
4656
#endif /* CONFIG_WATCH_QUEUE */
4657

4658
/*
4659
 * Smack Audit hooks
4660
 *
4661
 * Audit requires a unique representation of each Smack specific
4662
 * rule. This unique representation is used to distinguish the
4663
 * object to be audited from remaining kernel objects and also
4664
 * works as a glue between the audit hooks.
4665
 *
4666
 * Since repository entries are added but never deleted, we'll use
4667
 * the smack_known label address related to the given audit rule as
4668
 * the needed unique representation. This also better fits the smack
4669
 * model where nearly everything is a label.
4670
 */
4671
#ifdef CONFIG_AUDIT
4672

4673
/**
4674
 * smack_audit_rule_init - Initialize a smack audit rule
4675
 * @field: audit rule fields given from user-space (audit.h)
4676
 * @op: required testing operator (=, !=, >, <, ...)
4677
 * @rulestr: smack label to be audited
4678
 * @vrule: pointer to save our own audit rule representation
4679
 * @gfp: type of the memory for the allocation
4680
 *
4681
 * Prepare to audit cases where (@field @op @rulestr) is true.
4682
 * The label to be audited is created if necessary.
4683
 */
4684
static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule,
4685
				 gfp_t gfp)
4686
{
4687
	struct smack_known *skp;
4688
	char **rule = (char **)vrule;
4689
	*rule = NULL;
4690

4691
	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4692
		return -EINVAL;
4693

4694
	if (op != Audit_equal && op != Audit_not_equal)
4695
		return -EINVAL;
4696

4697
	skp = smk_import_entry(rulestr, 0);
4698
	if (IS_ERR(skp))
4699
		return PTR_ERR(skp);
4700

4701
	*rule = skp->smk_known;
4702

4703
	return 0;
4704
}
4705

4706
/**
4707
 * smack_audit_rule_known - Distinguish Smack audit rules
4708
 * @krule: rule of interest, in Audit kernel representation format
4709
 *
4710
 * This is used to filter Smack rules from remaining Audit ones.
4711
 * If it's proved that this rule belongs to us, the
4712
 * audit_rule_match hook will be called to do the final judgement.
4713
 */
4714
static int smack_audit_rule_known(struct audit_krule *krule)
4715
{
4716
	struct audit_field *f;
4717
	int i;
4718

4719
	for (i = 0; i < krule->field_count; i++) {
4720
		f = &krule->fields[i];
4721

4722
		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4723
			return 1;
4724
	}
4725

4726
	return 0;
4727
}
4728

4729
/**
4730
 * smack_audit_rule_match - Audit given object ?
4731
 * @prop: security id for identifying the object to test
4732
 * @field: audit rule flags given from user-space
4733
 * @op: required testing operator
4734
 * @vrule: smack internal rule presentation
4735
 *
4736
 * The core Audit hook. It's used to take the decision of
4737
 * whether to audit or not to audit a given object.
4738
 */
4739
static int smack_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
4740
				  void *vrule)
4741
{
4742
	struct smack_known *skp = prop->smack.skp;
4743
	char *rule = vrule;
4744

4745
	if (unlikely(!rule)) {
4746
		WARN_ONCE(1, "Smack: missing rule\n");
4747
		return -ENOENT;
4748
	}
4749

4750
	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4751
		return 0;
4752

4753
	/*
4754
	 * No need to do string comparisons. If a match occurs,
4755
	 * both pointers will point to the same smack_known
4756
	 * label.
4757
	 */
4758
	if (op == Audit_equal)
4759
		return (rule == skp->smk_known);
4760
	if (op == Audit_not_equal)
4761
		return (rule != skp->smk_known);
4762

4763
	return 0;
4764
}
4765

4766
/*
4767
 * There is no need for a smack_audit_rule_free hook.
4768
 * No memory was allocated.
4769
 */
4770

4771
#endif /* CONFIG_AUDIT */
4772

4773
/**
4774
 * smack_ismaclabel - check if xattr @name references a smack MAC label
4775
 * @name: Full xattr name to check.
4776
 */
4777
static int smack_ismaclabel(const char *name)
4778
{
4779
	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4780
}
4781

4782
/**
4783
 * smack_to_secctx - fill a lsm_context
4784
 * @skp: Smack label
4785
 * @cp: destination
4786
 *
4787
 * Fill the passed @cp and return the length of the string
4788
 */
4789
static int smack_to_secctx(struct smack_known *skp, struct lsm_context *cp)
4790
{
4791
	int len = strlen(skp->smk_known);
4792

4793
	if (cp) {
4794
		cp->context = skp->smk_known;
4795
		cp->len = len;
4796
		cp->id = LSM_ID_SMACK;
4797
	}
4798
	return len;
4799
}
4800

4801
/**
4802
 * smack_secid_to_secctx - return the smack label for a secid
4803
 * @secid: incoming integer
4804
 * @cp: destination
4805
 *
4806
 * Exists for networking code.
4807
 */
4808
static int smack_secid_to_secctx(u32 secid, struct lsm_context *cp)
4809
{
4810
	return smack_to_secctx(smack_from_secid(secid), cp);
4811
}
4812

4813
/**
4814
 * smack_lsmprop_to_secctx - return the smack label
4815
 * @prop: includes incoming Smack data
4816
 * @cp: destination
4817
 *
4818
 * Exists for audit code.
4819
 */
4820
static int smack_lsmprop_to_secctx(struct lsm_prop *prop,
4821
				   struct lsm_context *cp)
4822
{
4823
	return smack_to_secctx(prop->smack.skp, cp);
4824
}
4825

4826
/**
4827
 * smack_secctx_to_secid - return the secid for a smack label
4828
 * @secdata: smack label
4829
 * @seclen: how long result is
4830
 * @secid: outgoing integer
4831
 *
4832
 * Exists for audit and networking code.
4833
 */
4834
static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4835
{
4836
	struct smack_known *skp = smk_find_entry(secdata);
4837

4838
	if (skp)
4839
		*secid = skp->smk_secid;
4840
	else
4841
		*secid = 0;
4842
	return 0;
4843
}
4844

4845
/*
4846
 * There used to be a smack_release_secctx hook
4847
 * that did nothing back when hooks were in a vector.
4848
 * Now that there's a list such a hook adds cost.
4849
 */
4850

4851
static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4852
{
4853
	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4854
				       ctxlen, 0);
4855
}
4856

4857
static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4858
{
4859
	return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
4860
				     ctx, ctxlen, 0, NULL);
4861
}
4862

4863
static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
4864
{
4865
	struct smack_known *skp = smk_of_inode(inode);
4866

4867
	cp->context = skp->smk_known;
4868
	cp->len = strlen(skp->smk_known);
4869
	cp->id = LSM_ID_SMACK;
4870
	return 0;
4871
}
4872

4873
static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4874
{
4875

4876
	struct task_smack *tsp;
4877
	struct smack_known *skp;
4878
	struct inode_smack *isp;
4879
	struct cred *new_creds = *new;
4880

4881
	if (new_creds == NULL) {
4882
		new_creds = prepare_creds();
4883
		if (new_creds == NULL)
4884
			return -ENOMEM;
4885
	}
4886

4887
	tsp = smack_cred(new_creds);
4888

4889
	/*
4890
	 * Get label from overlay inode and set it in create_sid
4891
	 */
4892
	isp = smack_inode(d_inode(dentry));
4893
	skp = isp->smk_inode;
4894
	tsp->smk_task = skp;
4895
	*new = new_creds;
4896
	return 0;
4897
}
4898

4899
static int smack_inode_copy_up_xattr(struct dentry *src, const char *name)
4900
{
4901
	/*
4902
	 * Return -ECANCELED if this is the smack access Smack attribute.
4903
	 */
4904
	if (!strcmp(name, XATTR_NAME_SMACK))
4905
		return -ECANCELED;
4906

4907
	return -EOPNOTSUPP;
4908
}
4909

4910
static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4911
					struct qstr *name,
4912
					const struct cred *old,
4913
					struct cred *new)
4914
{
4915
	struct task_smack *otsp = smack_cred(old);
4916
	struct task_smack *ntsp = smack_cred(new);
4917
	struct inode_smack *isp;
4918
	int may;
4919

4920
	/*
4921
	 * Use the process credential unless all of
4922
	 * the transmuting criteria are met
4923
	 */
4924
	ntsp->smk_task = otsp->smk_task;
4925

4926
	/*
4927
	 * the attribute of the containing directory
4928
	 */
4929
	isp = smack_inode(d_inode(dentry->d_parent));
4930

4931
	if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4932
		rcu_read_lock();
4933
		may = smk_access_entry(otsp->smk_task->smk_known,
4934
				       isp->smk_inode->smk_known,
4935
				       &otsp->smk_task->smk_rules);
4936
		rcu_read_unlock();
4937

4938
		/*
4939
		 * If the directory is transmuting and the rule
4940
		 * providing access is transmuting use the containing
4941
		 * directory label instead of the process label.
4942
		 */
4943
		if (may > 0 && (may & MAY_TRANSMUTE)) {
4944
			ntsp->smk_task = isp->smk_inode;
4945
			ntsp->smk_transmuted = ntsp->smk_task;
4946
		}
4947
	}
4948
	return 0;
4949
}
4950

4951
#ifdef CONFIG_IO_URING
4952
/**
4953
 * smack_uring_override_creds - Is io_uring cred override allowed?
4954
 * @new: the target creds
4955
 *
4956
 * Check to see if the current task is allowed to override it's credentials
4957
 * to service an io_uring operation.
4958
 */
4959
static int smack_uring_override_creds(const struct cred *new)
4960
{
4961
	struct task_smack *tsp = smack_cred(current_cred());
4962
	struct task_smack *nsp = smack_cred(new);
4963

4964
	/*
4965
	 * Allow the degenerate case where the new Smack value is
4966
	 * the same as the current Smack value.
4967
	 */
4968
	if (tsp->smk_task == nsp->smk_task)
4969
		return 0;
4970

4971
	if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4972
		return 0;
4973

4974
	return -EPERM;
4975
}
4976

4977
/**
4978
 * smack_uring_sqpoll - check if a io_uring polling thread can be created
4979
 *
4980
 * Check to see if the current task is allowed to create a new io_uring
4981
 * kernel polling thread.
4982
 */
4983
static int smack_uring_sqpoll(void)
4984
{
4985
	if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4986
		return 0;
4987

4988
	return -EPERM;
4989
}
4990

4991
/**
4992
 * smack_uring_cmd - check on file operations for io_uring
4993
 * @ioucmd: the command in question
4994
 *
4995
 * Make a best guess about whether a io_uring "command" should
4996
 * be allowed. Use the same logic used for determining if the
4997
 * file could be opened for read in the absence of better criteria.
4998
 */
4999
static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
5000
{
5001
	struct file *file = ioucmd->file;
5002
	struct smk_audit_info ad;
5003
	struct task_smack *tsp;
5004
	struct inode *inode;
5005
	int rc;
5006

5007
	if (!file)
5008
		return -EINVAL;
5009

5010
	tsp = smack_cred(file->f_cred);
5011
	inode = file_inode(file);
5012

5013
	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
5014
	smk_ad_setfield_u_fs_path(&ad, file->f_path);
5015
	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
5016
	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
5017

5018
	return rc;
5019
}
5020

5021
#endif /* CONFIG_IO_URING */
5022

5023
struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
5024
	.lbs_cred = sizeof(struct task_smack),
5025
	.lbs_file = sizeof(struct smack_known *),
5026
	.lbs_inode = sizeof(struct inode_smack),
5027
	.lbs_ipc = sizeof(struct smack_known *),
5028
	.lbs_key = sizeof(struct smack_known *),
5029
	.lbs_msg_msg = sizeof(struct smack_known *),
5030
	.lbs_sock = sizeof(struct socket_smack),
5031
	.lbs_superblock = sizeof(struct superblock_smack),
5032
	.lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
5033
};
5034

5035
static const struct lsm_id smack_lsmid = {
5036
	.name = "smack",
5037
	.id = LSM_ID_SMACK,
5038
};
5039

5040
static struct security_hook_list smack_hooks[] __ro_after_init = {
5041
	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
5042
	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
5043
	LSM_HOOK_INIT(syslog, smack_syslog),
5044

5045
	LSM_HOOK_INIT(fs_context_submount, smack_fs_context_submount),
5046
	LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
5047
	LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
5048

5049
	LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
5050
	LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
5051
	LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
5052
	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
5053
	LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
5054

5055
	LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
5056

5057
	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
5058
	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
5059
	LSM_HOOK_INIT(inode_link, smack_inode_link),
5060
	LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
5061
	LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
5062
	LSM_HOOK_INIT(inode_rename, smack_inode_rename),
5063
	LSM_HOOK_INIT(inode_permission, smack_inode_permission),
5064
	LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
5065
	LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
5066
	LSM_HOOK_INIT(inode_xattr_skipcap, smack_inode_xattr_skipcap),
5067
	LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
5068
	LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
5069
	LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
5070
	LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
5071
	LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
5072
	LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
5073
	LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
5074
	LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
5075
	LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
5076
	LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
5077
	LSM_HOOK_INIT(inode_getlsmprop, smack_inode_getlsmprop),
5078

5079
	LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
5080
	LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
5081
	LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl),
5082
	LSM_HOOK_INIT(file_lock, smack_file_lock),
5083
	LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
5084
	LSM_HOOK_INIT(mmap_file, smack_mmap_file),
5085
	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
5086
	LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
5087
	LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
5088
	LSM_HOOK_INIT(file_receive, smack_file_receive),
5089

5090
	LSM_HOOK_INIT(file_open, smack_file_open),
5091

5092
	LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
5093
	LSM_HOOK_INIT(cred_free, smack_cred_free),
5094
	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
5095
	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
5096
	LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
5097
	LSM_HOOK_INIT(cred_getlsmprop, smack_cred_getlsmprop),
5098
	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
5099
	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
5100
	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
5101
	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
5102
	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
5103
	LSM_HOOK_INIT(current_getlsmprop_subj, smack_current_getlsmprop_subj),
5104
	LSM_HOOK_INIT(task_getlsmprop_obj, smack_task_getlsmprop_obj),
5105
	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
5106
	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
5107
	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
5108
	LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
5109
	LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
5110
	LSM_HOOK_INIT(task_movememory, smack_task_movememory),
5111
	LSM_HOOK_INIT(task_kill, smack_task_kill),
5112
	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
5113

5114
	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
5115
	LSM_HOOK_INIT(ipc_getlsmprop, smack_ipc_getlsmprop),
5116

5117
	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
5118

5119
	LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
5120
	LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
5121
	LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
5122
	LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
5123
	LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
5124

5125
	LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
5126
	LSM_HOOK_INIT(shm_associate, smack_shm_associate),
5127
	LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
5128
	LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
5129

5130
	LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
5131
	LSM_HOOK_INIT(sem_associate, smack_sem_associate),
5132
	LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
5133
	LSM_HOOK_INIT(sem_semop, smack_sem_semop),
5134

5135
	LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
5136

5137
	LSM_HOOK_INIT(getselfattr, smack_getselfattr),
5138
	LSM_HOOK_INIT(setselfattr, smack_setselfattr),
5139
	LSM_HOOK_INIT(getprocattr, smack_getprocattr),
5140
	LSM_HOOK_INIT(setprocattr, smack_setprocattr),
5141

5142
	LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
5143
	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
5144

5145
	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
5146
	LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
5147
#ifdef SMACK_IPV6_PORT_LABELING
5148
	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
5149
#endif
5150
	LSM_HOOK_INIT(socket_connect, smack_socket_connect),
5151
	LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
5152
	LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
5153
	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
5154
	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
5155
	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
5156
#ifdef SMACK_IPV6_PORT_LABELING
5157
	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
5158
#endif
5159
	LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
5160
	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
5161
	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
5162

5163
 /* key management security hooks */
5164
#ifdef CONFIG_KEYS
5165
	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
5166
	LSM_HOOK_INIT(key_permission, smack_key_permission),
5167
	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
5168
#ifdef CONFIG_KEY_NOTIFICATIONS
5169
	LSM_HOOK_INIT(watch_key, smack_watch_key),
5170
#endif
5171
#endif /* CONFIG_KEYS */
5172

5173
#ifdef CONFIG_WATCH_QUEUE
5174
	LSM_HOOK_INIT(post_notification, smack_post_notification),
5175
#endif
5176

5177
 /* Audit hooks */
5178
#ifdef CONFIG_AUDIT
5179
	LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
5180
	LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
5181
	LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
5182
#endif /* CONFIG_AUDIT */
5183

5184
	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
5185
	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
5186
	LSM_HOOK_INIT(lsmprop_to_secctx, smack_lsmprop_to_secctx),
5187
	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
5188
	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
5189
	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
5190
	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
5191
	LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
5192
	LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
5193
	LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
5194
#ifdef CONFIG_IO_URING
5195
	LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
5196
	LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
5197
	LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
5198
#endif
5199
};
5200

5201

5202
static __init void init_smack_known_list(void)
5203
{
5204
	/*
5205
	 * Initialize rule list locks
5206
	 */
5207
	mutex_init(&smack_known_huh.smk_rules_lock);
5208
	mutex_init(&smack_known_hat.smk_rules_lock);
5209
	mutex_init(&smack_known_floor.smk_rules_lock);
5210
	mutex_init(&smack_known_star.smk_rules_lock);
5211
	mutex_init(&smack_known_web.smk_rules_lock);
5212
	/*
5213
	 * Initialize rule lists
5214
	 */
5215
	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
5216
	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
5217
	INIT_LIST_HEAD(&smack_known_star.smk_rules);
5218
	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
5219
	INIT_LIST_HEAD(&smack_known_web.smk_rules);
5220
	/*
5221
	 * Create the known labels list
5222
	 */
5223
	smk_insert_entry(&smack_known_huh);
5224
	smk_insert_entry(&smack_known_hat);
5225
	smk_insert_entry(&smack_known_star);
5226
	smk_insert_entry(&smack_known_floor);
5227
	smk_insert_entry(&smack_known_web);
5228
}
5229

5230
/**
5231
 * smack_init - initialize the smack system
5232
 *
5233
 * Returns 0 on success, -ENOMEM is there's no memory
5234
 */
5235
static __init int smack_init(void)
5236
{
5237
	struct cred *cred = (struct cred *) current->cred;
5238
	struct task_smack *tsp;
5239

5240
	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
5241
	if (!smack_rule_cache)
5242
		return -ENOMEM;
5243

5244
	/*
5245
	 * Set the security state for the initial task.
5246
	 */
5247
	tsp = smack_cred(cred);
5248
	init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
5249

5250
	/*
5251
	 * Register with LSM
5252
	 */
5253
	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid);
5254
	smack_enabled = 1;
5255

5256
	pr_info("Smack:  Initializing.\n");
5257
#ifdef CONFIG_SECURITY_SMACK_NETFILTER
5258
	pr_info("Smack:  Netfilter enabled.\n");
5259
#endif
5260
#ifdef SMACK_IPV6_PORT_LABELING
5261
	pr_info("Smack:  IPv6 port labeling enabled.\n");
5262
#endif
5263
#ifdef SMACK_IPV6_SECMARK_LABELING
5264
	pr_info("Smack:  IPv6 Netfilter enabled.\n");
5265
#endif
5266

5267
	/* initialize the smack_known_list */
5268
	init_smack_known_list();
5269

5270
	return 0;
5271
}
5272

5273
/*
5274
 * Smack requires early initialization in order to label
5275
 * all processes and objects when they are created.
5276
 */
5277
DEFINE_LSM(smack) = {
5278
	.name = "smack",
5279
	.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5280
	.blobs = &smack_blob_sizes,
5281
	.init = smack_init,
5282
};
5283

5284