2 * Simplified MAC Kernel (smack) security module
4 * This file contains the smack hook function implementations.
7 * Casey Schaufler <casey@schaufler-ca.com>
8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12 * Paul Moore <paul@paul-moore.com>
13 * Copyright (C) 2010 Nokia Corporation
14 * Copyright (C) 2011 Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
26 #include <asm/ioctls.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/slab.h>
32 #include <linux/mutex.h>
33 #include <linux/pipe_fs_i.h>
34 #include <net/cipso_ipv4.h>
37 #include <linux/audit.h>
38 #include <linux/magic.h>
39 #include <linux/dcache.h>
40 #include <linux/personality.h>
41 #include <linux/msg.h>
42 #include <linux/shm.h>
43 #include <linux/binfmts.h>
46 #define task_security(task) (task_cred_xxx((task), security))
48 #define TRANS_TRUE "TRUE"
49 #define TRANS_TRUE_SIZE 4
51 #define SMK_CONNECTING 0
52 #define SMK_RECEIVING 1
55 LIST_HEAD(smk_ipv6_port_list);
56 static struct kmem_cache *smack_inode_cache;
58 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
61 static char *smk_bu_mess[] = {
62 "Bringup Error", /* Unused */
63 "Bringup", /* SMACK_BRINGUP_ALLOW */
64 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
65 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
69 static void smk_bu_mode(int mode, char *s)
79 if (mode & MAY_APPEND)
81 if (mode & MAY_TRANSMUTE)
91 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
92 static int smk_bu_note(char *note, struct smack_known *sskp, char *osp,
95 char acc[SMK_NUM_ACCESS_TYPE + 1];
99 if (rc > SMACK_UNCONFINED_OBJECT)
102 smk_bu_mode(mode, acc);
104 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
105 sskp->smk_known, osp, acc, note);
110 #define smk_bu_note(note, sskp, osp, mode, RC) (RC)
113 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
114 static int smk_bu_current(char *note, char *osp, int mode, int rc)
117 struct task_smack *tsp = current_security();
119 char acc[SMK_NUM_ACCESS_TYPE + 1];
123 if (rc > SMACK_UNCONFINED_OBJECT)
126 smk_bu_mode(mode, acc);
128 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
129 tsp->smk_task->smk_known, osp, acc, current->comm, note);
134 #define smk_bu_current(note, osp, mode, RC) (RC)
137 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
138 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
141 struct task_smack *tsp = current_security();
142 struct task_smack *otsp = task_security(otp);
144 char acc[SMK_NUM_ACCESS_TYPE + 1];
148 if (rc > SMACK_UNCONFINED_OBJECT)
151 smk_bu_mode(mode, acc);
153 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
154 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
155 current->comm, otp->comm);
160 #define smk_bu_task(otp, mode, RC) (RC)
163 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
164 static int smk_bu_inode(struct inode *inode, int mode, int rc)
167 struct task_smack *tsp = current_security();
169 struct inode_smack *isp = inode->i_security;
170 char acc[SMK_NUM_ACCESS_TYPE + 1];
173 if (isp->smk_flags & SMK_INODE_IMPURE)
174 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
175 inode->i_sb->s_id, inode->i_ino, current->comm);
180 if (rc > SMACK_UNCONFINED_OBJECT)
182 if (rc == SMACK_UNCONFINED_SUBJECT &&
183 (mode & (MAY_WRITE | MAY_APPEND)))
184 isp->smk_flags |= SMK_INODE_IMPURE;
186 smk_bu_mode(mode, acc);
188 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
189 tsp->smk_task->smk_known, smk_of_inode(inode), acc,
190 inode->i_sb->s_id, inode->i_ino, current->comm);
195 #define smk_bu_inode(inode, mode, RC) (RC)
198 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
199 static int smk_bu_file(struct file *file, int mode, int rc)
202 struct task_smack *tsp = current_security();
203 struct smack_known *sskp = tsp->smk_task;
205 struct inode *inode = file->f_mapping->host;
206 struct inode_smack *isp = inode->i_security;
207 char acc[SMK_NUM_ACCESS_TYPE + 1];
209 if (isp->smk_flags & SMK_INODE_IMPURE)
210 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
211 inode->i_sb->s_id, inode->i_ino, current->comm);
215 if (rc > SMACK_UNCONFINED_OBJECT)
218 smk_bu_mode(mode, acc);
220 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
221 sskp->smk_known, (char *)file->f_security, acc,
222 inode->i_sb->s_id, inode->i_ino, file->f_dentry->d_name.name,
228 #define smk_bu_file(file, mode, RC) (RC)
231 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
232 #define smk_bu_credfile(cred, file, mode, RC) (RC)
236 * smk_fetch - Fetch the smack label from a file.
237 * @ip: a pointer to the inode
238 * @dp: a pointer to the dentry
240 * Returns a pointer to the master list entry for the Smack label
241 * or NULL if there was no label to fetch.
243 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
248 struct smack_known *skp = NULL;
250 if (ip->i_op->getxattr == NULL)
253 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
257 rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
259 skp = smk_import_entry(buffer, rc);
267 * new_inode_smack - allocate an inode security blob
268 * @smack: a pointer to the Smack label to use in the blob
270 * Returns the new blob or NULL if there's no memory available
272 struct inode_smack *new_inode_smack(char *smack)
274 struct inode_smack *isp;
276 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
280 isp->smk_inode = smack;
282 mutex_init(&isp->smk_lock);
288 * new_task_smack - allocate a task security blob
289 * @smack: a pointer to the Smack label to use in the blob
291 * Returns the new blob or NULL if there's no memory available
293 static struct task_smack *new_task_smack(struct smack_known *task,
294 struct smack_known *forked, gfp_t gfp)
296 struct task_smack *tsp;
298 tsp = kzalloc(sizeof(struct task_smack), gfp);
302 tsp->smk_task = task;
303 tsp->smk_forked = forked;
304 INIT_LIST_HEAD(&tsp->smk_rules);
305 mutex_init(&tsp->smk_rules_lock);
311 * smk_copy_rules - copy a rule set
312 * @nhead - new rules header pointer
313 * @ohead - old rules header pointer
315 * Returns 0 on success, -ENOMEM on error
317 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
320 struct smack_rule *nrp;
321 struct smack_rule *orp;
324 INIT_LIST_HEAD(nhead);
326 list_for_each_entry_rcu(orp, ohead, list) {
327 nrp = kzalloc(sizeof(struct smack_rule), gfp);
333 list_add_rcu(&nrp->list, nhead);
339 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
340 * @mode - input mode in form of PTRACE_MODE_*
342 * Returns a converted MAY_* mode usable by smack rules
344 static inline unsigned int smk_ptrace_mode(unsigned int mode)
347 case PTRACE_MODE_READ:
349 case PTRACE_MODE_ATTACH:
350 return MAY_READWRITE;
357 * smk_ptrace_rule_check - helper for ptrace access
358 * @tracer: tracer process
359 * @tracee_label: label of the process that's about to be traced,
360 * the pointer must originate from smack structures
361 * @mode: ptrace attachment mode (PTRACE_MODE_*)
362 * @func: name of the function that called us, used for audit
364 * Returns 0 on access granted, -error on error
366 static int smk_ptrace_rule_check(struct task_struct *tracer, char *tracee_label,
367 unsigned int mode, const char *func)
370 struct smk_audit_info ad, *saip = NULL;
371 struct task_smack *tsp;
372 struct smack_known *skp;
374 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
375 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
376 smk_ad_setfield_u_tsk(&ad, tracer);
380 tsp = task_security(tracer);
381 skp = smk_of_task(tsp);
383 if ((mode & PTRACE_MODE_ATTACH) &&
384 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
385 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
386 if (skp->smk_known == tracee_label)
388 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
390 else if (capable(CAP_SYS_PTRACE))
396 smack_log(skp->smk_known, tracee_label, 0, rc, saip);
401 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
402 rc = smk_tskacc(tsp, tracee_label, smk_ptrace_mode(mode), saip);
408 * We he, that is fun!
412 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
413 * @ctp: child task pointer
414 * @mode: ptrace attachment mode (PTRACE_MODE_*)
416 * Returns 0 if access is OK, an error code otherwise
418 * Do the capability checks.
420 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
423 struct smack_known *skp;
425 rc = cap_ptrace_access_check(ctp, mode);
429 skp = smk_of_task(task_security(ctp));
431 rc = smk_ptrace_rule_check(current, skp->smk_known, mode, __func__);
436 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
437 * @ptp: parent task pointer
439 * Returns 0 if access is OK, an error code otherwise
441 * Do the capability checks, and require PTRACE_MODE_ATTACH.
443 static int smack_ptrace_traceme(struct task_struct *ptp)
446 struct smack_known *skp;
448 rc = cap_ptrace_traceme(ptp);
452 skp = smk_of_task(current_security());
454 rc = smk_ptrace_rule_check(ptp, skp->smk_known,
455 PTRACE_MODE_ATTACH, __func__);
461 * smack_syslog - Smack approval on syslog
462 * @type: message type
464 * Require that the task has the floor label
466 * Returns 0 on success, error code otherwise.
468 static int smack_syslog(int typefrom_file)
471 struct smack_known *skp = smk_of_current();
473 if (smack_privileged(CAP_MAC_OVERRIDE))
476 if (skp != &smack_known_floor)
488 * smack_sb_alloc_security - allocate a superblock blob
489 * @sb: the superblock getting the blob
491 * Returns 0 on success or -ENOMEM on error.
493 static int smack_sb_alloc_security(struct super_block *sb)
495 struct superblock_smack *sbsp;
497 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
502 sbsp->smk_root = smack_known_floor.smk_known;
503 sbsp->smk_default = smack_known_floor.smk_known;
504 sbsp->smk_floor = smack_known_floor.smk_known;
505 sbsp->smk_hat = smack_known_hat.smk_known;
507 * smk_initialized will be zero from kzalloc.
509 sb->s_security = sbsp;
515 * smack_sb_free_security - free a superblock blob
516 * @sb: the superblock getting the blob
519 static void smack_sb_free_security(struct super_block *sb)
521 kfree(sb->s_security);
522 sb->s_security = NULL;
526 * smack_sb_copy_data - copy mount options data for processing
527 * @orig: where to start
528 * @smackopts: mount options string
530 * Returns 0 on success or -ENOMEM on error.
532 * Copy the Smack specific mount options out of the mount
535 static int smack_sb_copy_data(char *orig, char *smackopts)
537 char *cp, *commap, *otheropts, *dp;
539 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
540 if (otheropts == NULL)
543 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
544 if (strstr(cp, SMK_FSDEFAULT) == cp)
546 else if (strstr(cp, SMK_FSFLOOR) == cp)
548 else if (strstr(cp, SMK_FSHAT) == cp)
550 else if (strstr(cp, SMK_FSROOT) == cp)
552 else if (strstr(cp, SMK_FSTRANS) == cp)
557 commap = strchr(cp, ',');
566 strcpy(orig, otheropts);
567 free_page((unsigned long)otheropts);
573 * smack_sb_kern_mount - Smack specific mount processing
574 * @sb: the file system superblock
575 * @flags: the mount flags
576 * @data: the smack mount options
578 * Returns 0 on success, an error code on failure
580 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
582 struct dentry *root = sb->s_root;
583 struct inode *inode = root->d_inode;
584 struct superblock_smack *sp = sb->s_security;
585 struct inode_smack *isp;
586 struct smack_known *skp;
594 if (sp->smk_initialized)
597 sp->smk_initialized = 1;
599 for (op = data; op != NULL; op = commap) {
600 commap = strchr(op, ',');
604 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
605 op += strlen(SMK_FSHAT);
606 nsp = smk_import(op, 0);
611 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
612 op += strlen(SMK_FSFLOOR);
613 nsp = smk_import(op, 0);
618 } else if (strncmp(op, SMK_FSDEFAULT,
619 strlen(SMK_FSDEFAULT)) == 0) {
620 op += strlen(SMK_FSDEFAULT);
621 nsp = smk_import(op, 0);
623 sp->smk_default = nsp;
626 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
627 op += strlen(SMK_FSROOT);
628 nsp = smk_import(op, 0);
633 } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
634 op += strlen(SMK_FSTRANS);
635 nsp = smk_import(op, 0);
644 if (!smack_privileged(CAP_MAC_ADMIN)) {
646 * Unprivileged mounts don't get to specify Smack values.
651 * Unprivileged mounts get root and default from the caller.
653 skp = smk_of_current();
654 sp->smk_root = skp->smk_known;
655 sp->smk_default = skp->smk_known;
658 * Initialize the root inode.
660 isp = inode->i_security;
662 isp = new_inode_smack(sp->smk_root);
665 inode->i_security = isp;
667 isp->smk_inode = sp->smk_root;
670 if (inode->i_op && inode->i_op->setxattr) {
671 rc = inode->i_op->setxattr(root,
672 XATTR_NAME_SMACKTRANSMUTE, TRANS_TRUE,
675 isp->smk_flags |= SMK_INODE_TRANSMUTE;
683 * smack_sb_statfs - Smack check on statfs
684 * @dentry: identifies the file system in question
686 * Returns 0 if current can read the floor of the filesystem,
687 * and error code otherwise
689 static int smack_sb_statfs(struct dentry *dentry)
691 struct superblock_smack *sbp = dentry->d_sb->s_security;
693 struct smk_audit_info ad;
695 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
696 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
698 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
699 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
708 * smack_bprm_set_creds - set creds for exec
709 * @bprm: the exec information
711 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
713 static int smack_bprm_set_creds(struct linux_binprm *bprm)
715 struct inode *inode = file_inode(bprm->file);
716 struct task_smack *bsp = bprm->cred->security;
717 struct inode_smack *isp;
720 rc = cap_bprm_set_creds(bprm);
724 if (bprm->cred_prepared)
727 isp = inode->i_security;
728 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
731 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
732 struct task_struct *tracer;
736 tracer = ptrace_parent(current);
737 if (likely(tracer != NULL))
738 rc = smk_ptrace_rule_check(tracer,
739 isp->smk_task->smk_known,
746 } else if (bprm->unsafe)
749 bsp->smk_task = isp->smk_task;
750 bprm->per_clear |= PER_CLEAR_ON_SETID;
756 * smack_bprm_committing_creds - Prepare to install the new credentials
759 * @bprm: binprm for exec
761 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
763 struct task_smack *bsp = bprm->cred->security;
765 if (bsp->smk_task != bsp->smk_forked)
766 current->pdeath_signal = 0;
770 * smack_bprm_secureexec - Return the decision to use secureexec.
771 * @bprm: binprm for exec
773 * Returns 0 on success.
775 static int smack_bprm_secureexec(struct linux_binprm *bprm)
777 struct task_smack *tsp = current_security();
778 int ret = cap_bprm_secureexec(bprm);
780 if (!ret && (tsp->smk_task != tsp->smk_forked))
791 * smack_inode_alloc_security - allocate an inode blob
792 * @inode: the inode in need of a blob
794 * Returns 0 if it gets a blob, -ENOMEM otherwise
796 static int smack_inode_alloc_security(struct inode *inode)
798 struct smack_known *skp = smk_of_current();
800 inode->i_security = new_inode_smack(skp->smk_known);
801 if (inode->i_security == NULL)
807 * smack_inode_free_security - free an inode blob
808 * @inode: the inode with a blob
810 * Clears the blob pointer in inode
812 static void smack_inode_free_security(struct inode *inode)
814 kmem_cache_free(smack_inode_cache, inode->i_security);
815 inode->i_security = NULL;
819 * smack_inode_init_security - copy out the smack from an inode
823 * @name: where to put the attribute name
824 * @value: where to put the attribute value
825 * @len: where to put the length of the attribute
827 * Returns 0 if it all works out, -ENOMEM if there's no memory
829 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
830 const struct qstr *qstr, char **name,
831 void **value, size_t *len)
833 struct inode_smack *issp = inode->i_security;
834 struct smack_known *skp = smk_of_current();
835 char *isp = smk_of_inode(inode);
836 char *dsp = smk_of_inode(dir);
840 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
847 may = smk_access_entry(skp->smk_known, dsp, &skp->smk_rules);
851 * If the access rule allows transmutation and
852 * the directory requests transmutation then
853 * by all means transmute.
854 * Mark the inode as changed.
856 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
857 smk_inode_transmutable(dir)) {
859 issp->smk_flags |= SMK_INODE_CHANGED;
862 *value = kstrdup(isp, GFP_NOFS);
868 *len = strlen(isp) + 1;
874 * smack_inode_link - Smack check on link
875 * @old_dentry: the existing object
877 * @new_dentry: the new object
879 * Returns 0 if access is permitted, an error code otherwise
881 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
882 struct dentry *new_dentry)
885 struct smk_audit_info ad;
888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
889 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
891 isp = smk_of_inode(old_dentry->d_inode);
892 rc = smk_curacc(isp, MAY_WRITE, &ad);
893 rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
895 if (rc == 0 && new_dentry->d_inode != NULL) {
896 isp = smk_of_inode(new_dentry->d_inode);
897 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
898 rc = smk_curacc(isp, MAY_WRITE, &ad);
899 rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc);
906 * smack_inode_unlink - Smack check on inode deletion
907 * @dir: containing directory object
908 * @dentry: file to unlink
910 * Returns 0 if current can write the containing directory
911 * and the object, error code otherwise
913 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
915 struct inode *ip = dentry->d_inode;
916 struct smk_audit_info ad;
919 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
920 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
923 * You need write access to the thing you're unlinking
925 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
926 rc = smk_bu_inode(ip, MAY_WRITE, rc);
929 * You also need write access to the containing directory
931 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
932 smk_ad_setfield_u_fs_inode(&ad, dir);
933 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
934 rc = smk_bu_inode(dir, MAY_WRITE, rc);
940 * smack_inode_rmdir - Smack check on directory deletion
941 * @dir: containing directory object
942 * @dentry: directory to unlink
944 * Returns 0 if current can write the containing directory
945 * and the directory, error code otherwise
947 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
949 struct smk_audit_info ad;
952 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
953 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
956 * You need write access to the thing you're removing
958 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
959 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
962 * You also need write access to the containing directory
964 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
965 smk_ad_setfield_u_fs_inode(&ad, dir);
966 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
967 rc = smk_bu_inode(dir, MAY_WRITE, rc);
974 * smack_inode_rename - Smack check on rename
975 * @old_inode: the old directory
976 * @old_dentry: unused
977 * @new_inode: the new directory
978 * @new_dentry: unused
980 * Read and write access is required on both the old and
983 * Returns 0 if access is permitted, an error code otherwise
985 static int smack_inode_rename(struct inode *old_inode,
986 struct dentry *old_dentry,
987 struct inode *new_inode,
988 struct dentry *new_dentry)
992 struct smk_audit_info ad;
994 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
995 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
997 isp = smk_of_inode(old_dentry->d_inode);
998 rc = smk_curacc(isp, MAY_READWRITE, &ad);
999 rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
1001 if (rc == 0 && new_dentry->d_inode != NULL) {
1002 isp = smk_of_inode(new_dentry->d_inode);
1003 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1004 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1005 rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc);
1011 * smack_inode_permission - Smack version of permission()
1012 * @inode: the inode in question
1013 * @mask: the access requested
1015 * This is the important Smack hook.
1017 * Returns 0 if access is permitted, -EACCES otherwise
1019 static int smack_inode_permission(struct inode *inode, int mask)
1021 struct smk_audit_info ad;
1022 int no_block = mask & MAY_NOT_BLOCK;
1025 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1027 * No permission to check. Existence test. Yup, it's there.
1032 /* May be droppable after audit */
1035 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1036 smk_ad_setfield_u_fs_inode(&ad, inode);
1037 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1038 rc = smk_bu_inode(inode, mask, rc);
1043 * smack_inode_setattr - Smack check for setting attributes
1044 * @dentry: the object
1045 * @iattr: for the force flag
1047 * Returns 0 if access is permitted, an error code otherwise
1049 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1051 struct smk_audit_info ad;
1055 * Need to allow for clearing the setuid bit.
1057 if (iattr->ia_valid & ATTR_FORCE)
1059 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1060 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1062 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1063 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1068 * smack_inode_getattr - Smack check for getting attributes
1070 * @dentry: the object
1072 * Returns 0 if access is permitted, an error code otherwise
1074 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1076 struct smk_audit_info ad;
1080 path.dentry = dentry;
1083 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1084 smk_ad_setfield_u_fs_path(&ad, path);
1085 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1086 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1091 * smack_inode_setxattr - Smack check for setting xattrs
1092 * @dentry: the object
1093 * @name: name of the attribute
1098 * This protects the Smack attribute explicitly.
1100 * Returns 0 if access is permitted, an error code otherwise
1102 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1103 const void *value, size_t size, int flags)
1105 struct smk_audit_info ad;
1108 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1109 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1110 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1111 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1112 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1113 if (!smack_privileged(CAP_MAC_ADMIN))
1116 * check label validity here so import wont fail on
1119 if (size == 0 || size >= SMK_LONGLABEL ||
1120 smk_import(value, size) == NULL)
1122 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1123 if (!smack_privileged(CAP_MAC_ADMIN))
1125 if (size != TRANS_TRUE_SIZE ||
1126 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1129 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1131 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1132 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1135 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1136 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1143 * smack_inode_post_setxattr - Apply the Smack update approved above
1145 * @name: attribute name
1146 * @value: attribute value
1147 * @size: attribute size
1150 * Set the pointer in the inode blob to the entry found
1151 * in the master label list.
1153 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1154 const void *value, size_t size, int flags)
1156 struct smack_known *skp;
1157 struct inode_smack *isp = dentry->d_inode->i_security;
1159 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1160 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1164 skp = smk_import_entry(value, size);
1165 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1167 isp->smk_inode = skp->smk_known;
1169 isp->smk_inode = smack_known_invalid.smk_known;
1170 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1172 isp->smk_task = skp;
1174 isp->smk_task = &smack_known_invalid;
1175 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1177 isp->smk_mmap = skp;
1179 isp->smk_mmap = &smack_known_invalid;
1186 * smack_inode_getxattr - Smack check on getxattr
1187 * @dentry: the object
1190 * Returns 0 if access is permitted, an error code otherwise
1192 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1194 struct smk_audit_info ad;
1197 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1198 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1200 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
1201 rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc);
1206 * smack_inode_removexattr - Smack check on removexattr
1207 * @dentry: the object
1208 * @name: name of the attribute
1210 * Removing the Smack attribute requires CAP_MAC_ADMIN
1212 * Returns 0 if access is permitted, an error code otherwise
1214 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1216 struct inode_smack *isp;
1217 struct smk_audit_info ad;
1220 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1221 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1222 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1223 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1224 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1225 strcmp(name, XATTR_NAME_SMACKMMAP)) {
1226 if (!smack_privileged(CAP_MAC_ADMIN))
1229 rc = cap_inode_removexattr(dentry, name);
1234 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1235 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1237 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
1238 rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc);
1242 isp = dentry->d_inode->i_security;
1244 * Don't do anything special for these.
1245 * XATTR_NAME_SMACKIPIN
1246 * XATTR_NAME_SMACKIPOUT
1247 * XATTR_NAME_SMACKEXEC
1249 if (strcmp(name, XATTR_NAME_SMACK) == 0)
1250 isp->smk_task = NULL;
1251 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1252 isp->smk_mmap = NULL;
1253 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1254 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1260 * smack_inode_getsecurity - get smack xattrs
1261 * @inode: the object
1262 * @name: attribute name
1263 * @buffer: where to put the result
1266 * Returns the size of the attribute or an error code
1268 static int smack_inode_getsecurity(const struct inode *inode,
1269 const char *name, void **buffer,
1272 struct socket_smack *ssp;
1273 struct socket *sock;
1274 struct super_block *sbp;
1275 struct inode *ip = (struct inode *)inode;
1280 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1281 isp = smk_of_inode(inode);
1282 ilen = strlen(isp) + 1;
1288 * The rest of the Smack xattrs are only on sockets.
1291 if (sbp->s_magic != SOCKFS_MAGIC)
1294 sock = SOCKET_I(ip);
1295 if (sock == NULL || sock->sk == NULL)
1298 ssp = sock->sk->sk_security;
1300 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1301 isp = ssp->smk_in->smk_known;
1302 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1303 isp = ssp->smk_out->smk_known;
1307 ilen = strlen(isp) + 1;
1318 * smack_inode_listsecurity - list the Smack attributes
1319 * @inode: the object
1320 * @buffer: where they go
1321 * @buffer_size: size of buffer
1323 * Returns 0 on success, -EINVAL otherwise
1325 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1328 int len = strlen(XATTR_NAME_SMACK);
1330 if (buffer != NULL && len <= buffer_size) {
1331 memcpy(buffer, XATTR_NAME_SMACK, len);
1338 * smack_inode_getsecid - Extract inode's security id
1339 * @inode: inode to extract the info from
1340 * @secid: where result will be saved
1342 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1344 struct inode_smack *isp = inode->i_security;
1346 *secid = smack_to_secid(isp->smk_inode);
1354 * smack_file_permission - Smack check on file operations
1360 * Should access checks be done on each read or write?
1361 * UNICOS and SELinux say yes.
1362 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1364 * I'll say no for now. Smack does not do the frequent
1365 * label changing that SELinux does.
1367 static int smack_file_permission(struct file *file, int mask)
1373 * smack_file_alloc_security - assign a file security blob
1376 * The security blob for a file is a pointer to the master
1377 * label list, so no allocation is done.
1381 static int smack_file_alloc_security(struct file *file)
1383 struct smack_known *skp = smk_of_current();
1385 file->f_security = skp->smk_known;
1390 * smack_file_free_security - clear a file security blob
1393 * The security blob for a file is a pointer to the master
1394 * label list, so no memory is freed.
1396 static void smack_file_free_security(struct file *file)
1398 file->f_security = NULL;
1402 * smack_file_ioctl - Smack check on ioctls
1407 * Relies heavily on the correct use of the ioctl command conventions.
1409 * Returns 0 if allowed, error code otherwise
1411 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1415 struct smk_audit_info ad;
1417 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1418 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1420 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1421 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1422 rc = smk_bu_file(file, MAY_WRITE, rc);
1425 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1426 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1427 rc = smk_bu_file(file, MAY_READ, rc);
1434 * smack_file_lock - Smack check on file locking
1438 * Returns 0 if current has lock access, error code otherwise
1440 static int smack_file_lock(struct file *file, unsigned int cmd)
1442 struct smk_audit_info ad;
1445 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1446 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1447 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1448 rc = smk_bu_file(file, MAY_LOCK, rc);
1453 * smack_file_fcntl - Smack check on fcntl
1455 * @cmd: what action to check
1458 * Generally these operations are harmless.
1459 * File locking operations present an obvious mechanism
1460 * for passing information, so they require write access.
1462 * Returns 0 if current has access, error code otherwise
1464 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1467 struct smk_audit_info ad;
1476 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1477 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1478 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1479 rc = smk_bu_file(file, MAY_LOCK, rc);
1483 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1484 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1485 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1486 rc = smk_bu_file(file, MAY_WRITE, rc);
1497 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1498 * if mapping anonymous memory.
1499 * @file contains the file structure for file to map (may be NULL).
1500 * @reqprot contains the protection requested by the application.
1501 * @prot contains the protection that will be applied by the kernel.
1502 * @flags contains the operational flags.
1503 * Return 0 if permission is granted.
1505 static int smack_mmap_file(struct file *file,
1506 unsigned long reqprot, unsigned long prot,
1507 unsigned long flags)
1509 struct smack_known *skp;
1510 struct smack_known *mkp;
1511 struct smack_rule *srp;
1512 struct task_smack *tsp;
1514 struct inode_smack *isp;
1523 isp = file_inode(file)->i_security;
1524 if (isp->smk_mmap == NULL)
1526 mkp = isp->smk_mmap;
1528 tsp = current_security();
1529 skp = smk_of_current();
1534 * For each Smack rule associated with the subject
1535 * label verify that the SMACK64MMAP also has access
1536 * to that rule's object label.
1538 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1539 osmack = srp->smk_object;
1541 * Matching labels always allows access.
1543 if (mkp->smk_known == osmack)
1546 * If there is a matching local rule take
1547 * that into account as well.
1549 may = smk_access_entry(srp->smk_subject->smk_known, osmack,
1552 may = srp->smk_access;
1554 may &= srp->smk_access;
1556 * If may is zero the SMACK64MMAP subject can't
1557 * possibly have less access.
1563 * Fetch the global list entry.
1564 * If there isn't one a SMACK64MMAP subject
1565 * can't have as much access as current.
1567 mmay = smk_access_entry(mkp->smk_known, osmack,
1569 if (mmay == -ENOENT) {
1574 * If there is a local entry it modifies the
1575 * potential access, too.
1577 tmay = smk_access_entry(mkp->smk_known, osmack,
1579 if (tmay != -ENOENT)
1583 * If there is any access available to current that is
1584 * not available to a SMACK64MMAP subject
1587 if ((may | mmay) != mmay) {
1599 * smack_file_set_fowner - set the file security blob value
1600 * @file: object in question
1603 * Further research may be required on this one.
1605 static int smack_file_set_fowner(struct file *file)
1607 struct smack_known *skp = smk_of_current();
1609 file->f_security = skp->smk_known;
1614 * smack_file_send_sigiotask - Smack on sigio
1615 * @tsk: The target task
1616 * @fown: the object the signal come from
1619 * Allow a privileged task to get signals even if it shouldn't
1621 * Returns 0 if a subject with the object's smack could
1622 * write to the task, an error code otherwise.
1624 static int smack_file_send_sigiotask(struct task_struct *tsk,
1625 struct fown_struct *fown, int signum)
1627 struct smack_known *skp;
1628 struct smack_known *tkp = smk_of_task(tsk->cred->security);
1631 struct smk_audit_info ad;
1634 * struct fown_struct is never outside the context of a struct file
1636 file = container_of(fown, struct file, f_owner);
1638 /* we don't log here as rc can be overriden */
1639 skp = smk_find_entry(file->f_security);
1640 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, NULL);
1641 rc = smk_bu_note("sigiotask", skp, tkp->smk_known, MAY_WRITE, rc);
1642 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1645 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1646 smk_ad_setfield_u_tsk(&ad, tsk);
1647 smack_log(file->f_security, tkp->smk_known, MAY_WRITE, rc, &ad);
1652 * smack_file_receive - Smack file receive check
1655 * Returns 0 if current has access, error code otherwise
1657 static int smack_file_receive(struct file *file)
1661 struct smk_audit_info ad;
1662 struct inode *inode = file_inode(file);
1663 struct socket *sock;
1664 struct task_smack *tsp;
1665 struct socket_smack *ssp;
1667 if (unlikely(IS_PRIVATE(file_inode(file))))
1670 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1671 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1673 if (S_ISSOCK(inode->i_mode)) {
1674 sock = SOCKET_I(inode);
1675 ssp = sock->sk->sk_security;
1676 tsp = current_security();
1678 * If the receiving process can't write to the
1679 * passed socket or if the passed socket can't
1680 * write to the receiving process don't accept
1681 * the passed socket.
1683 rc = smk_access(tsp->smk_task, ssp->smk_out->smk_known, MAY_WRITE, &ad);
1686 rc = smk_access(ssp->smk_in, tsp->smk_task->smk_known, MAY_WRITE, &ad);
1690 * This code relies on bitmasks.
1692 if (file->f_mode & FMODE_READ)
1694 if (file->f_mode & FMODE_WRITE)
1697 rc = smk_curacc(file->f_security, may, &ad);
1698 rc = smk_bu_file(file, may, rc);
1703 * smack_file_open - Smack dentry open processing
1707 * Set the security blob in the file structure.
1711 static int smack_file_open(struct file *file, const struct cred *cred)
1713 struct inode_smack *isp = file_inode(file)->i_security;
1715 file->f_security = isp->smk_inode;
1725 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1726 * @new: the new credentials
1727 * @gfp: the atomicity of any memory allocations
1729 * Prepare a blank set of credentials for modification. This must allocate all
1730 * the memory the LSM module might require such that cred_transfer() can
1731 * complete without error.
1733 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1735 struct task_smack *tsp;
1737 tsp = new_task_smack(NULL, NULL, gfp);
1741 cred->security = tsp;
1748 * smack_cred_free - "free" task-level security credentials
1749 * @cred: the credentials in question
1752 static void smack_cred_free(struct cred *cred)
1754 struct task_smack *tsp = cred->security;
1755 struct smack_rule *rp;
1756 struct list_head *l;
1757 struct list_head *n;
1761 cred->security = NULL;
1763 list_for_each_safe(l, n, &tsp->smk_rules) {
1764 rp = list_entry(l, struct smack_rule, list);
1765 list_del(&rp->list);
1772 * smack_cred_prepare - prepare new set of credentials for modification
1773 * @new: the new credentials
1774 * @old: the original credentials
1775 * @gfp: the atomicity of any memory allocations
1777 * Prepare a new set of credentials for modification.
1779 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1782 struct task_smack *old_tsp = old->security;
1783 struct task_smack *new_tsp;
1786 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1787 if (new_tsp == NULL)
1790 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1794 new->security = new_tsp;
1799 * smack_cred_transfer - Transfer the old credentials to the new credentials
1800 * @new: the new credentials
1801 * @old: the original credentials
1803 * Fill in a set of blank credentials from another set of credentials.
1805 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1807 struct task_smack *old_tsp = old->security;
1808 struct task_smack *new_tsp = new->security;
1810 new_tsp->smk_task = old_tsp->smk_task;
1811 new_tsp->smk_forked = old_tsp->smk_task;
1812 mutex_init(&new_tsp->smk_rules_lock);
1813 INIT_LIST_HEAD(&new_tsp->smk_rules);
1816 /* cbs copy rule list */
1820 * smack_kernel_act_as - Set the subjective context in a set of credentials
1821 * @new: points to the set of credentials to be modified.
1822 * @secid: specifies the security ID to be set
1824 * Set the security data for a kernel service.
1826 static int smack_kernel_act_as(struct cred *new, u32 secid)
1828 struct task_smack *new_tsp = new->security;
1829 struct smack_known *skp = smack_from_secid(secid);
1834 new_tsp->smk_task = skp;
1839 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1840 * @new: points to the set of credentials to be modified
1841 * @inode: points to the inode to use as a reference
1843 * Set the file creation context in a set of credentials to the same
1844 * as the objective context of the specified inode
1846 static int smack_kernel_create_files_as(struct cred *new,
1847 struct inode *inode)
1849 struct inode_smack *isp = inode->i_security;
1850 struct task_smack *tsp = new->security;
1852 tsp->smk_forked = smk_find_entry(isp->smk_inode);
1853 tsp->smk_task = tsp->smk_forked;
1858 * smk_curacc_on_task - helper to log task related access
1859 * @p: the task object
1860 * @access: the access requested
1861 * @caller: name of the calling function for audit
1863 * Return 0 if access is permitted
1865 static int smk_curacc_on_task(struct task_struct *p, int access,
1868 struct smk_audit_info ad;
1869 struct smack_known *skp = smk_of_task(task_security(p));
1872 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1873 smk_ad_setfield_u_tsk(&ad, p);
1874 rc = smk_curacc(skp->smk_known, access, &ad);
1875 rc = smk_bu_task(p, access, rc);
1880 * smack_task_setpgid - Smack check on setting pgid
1881 * @p: the task object
1884 * Return 0 if write access is permitted
1886 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1888 return smk_curacc_on_task(p, MAY_WRITE, __func__);
1892 * smack_task_getpgid - Smack access check for getpgid
1893 * @p: the object task
1895 * Returns 0 if current can read the object task, error code otherwise
1897 static int smack_task_getpgid(struct task_struct *p)
1899 return smk_curacc_on_task(p, MAY_READ, __func__);
1903 * smack_task_getsid - Smack access check for getsid
1904 * @p: the object task
1906 * Returns 0 if current can read the object task, error code otherwise
1908 static int smack_task_getsid(struct task_struct *p)
1910 return smk_curacc_on_task(p, MAY_READ, __func__);
1914 * smack_task_getsecid - get the secid of the task
1915 * @p: the object task
1916 * @secid: where to put the result
1918 * Sets the secid to contain a u32 version of the smack label.
1920 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1922 struct smack_known *skp = smk_of_task(task_security(p));
1924 *secid = skp->smk_secid;
1928 * smack_task_setnice - Smack check on setting nice
1929 * @p: the task object
1932 * Return 0 if write access is permitted
1934 static int smack_task_setnice(struct task_struct *p, int nice)
1938 rc = cap_task_setnice(p, nice);
1940 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1945 * smack_task_setioprio - Smack check on setting ioprio
1946 * @p: the task object
1949 * Return 0 if write access is permitted
1951 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1955 rc = cap_task_setioprio(p, ioprio);
1957 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1962 * smack_task_getioprio - Smack check on reading ioprio
1963 * @p: the task object
1965 * Return 0 if read access is permitted
1967 static int smack_task_getioprio(struct task_struct *p)
1969 return smk_curacc_on_task(p, MAY_READ, __func__);
1973 * smack_task_setscheduler - Smack check on setting scheduler
1974 * @p: the task object
1978 * Return 0 if read access is permitted
1980 static int smack_task_setscheduler(struct task_struct *p)
1984 rc = cap_task_setscheduler(p);
1986 rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1991 * smack_task_getscheduler - Smack check on reading scheduler
1992 * @p: the task object
1994 * Return 0 if read access is permitted
1996 static int smack_task_getscheduler(struct task_struct *p)
1998 return smk_curacc_on_task(p, MAY_READ, __func__);
2002 * smack_task_movememory - Smack check on moving memory
2003 * @p: the task object
2005 * Return 0 if write access is permitted
2007 static int smack_task_movememory(struct task_struct *p)
2009 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2013 * smack_task_kill - Smack check on signal delivery
2014 * @p: the task object
2017 * @secid: identifies the smack to use in lieu of current's
2019 * Return 0 if write access is permitted
2021 * The secid behavior is an artifact of an SELinux hack
2022 * in the USB code. Someday it may go away.
2024 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2027 struct smk_audit_info ad;
2028 struct smack_known *skp;
2029 struct smack_known *tkp = smk_of_task(task_security(p));
2032 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2033 smk_ad_setfield_u_tsk(&ad, p);
2035 * Sending a signal requires that the sender
2036 * can write the receiver.
2039 rc = smk_curacc(tkp->smk_known, MAY_WRITE, &ad);
2040 rc = smk_bu_task(p, MAY_WRITE, rc);
2044 * If the secid isn't 0 we're dealing with some USB IO
2045 * specific behavior. This is not clean. For one thing
2046 * we can't take privilege into account.
2048 skp = smack_from_secid(secid);
2049 rc = smk_access(skp, tkp->smk_known, MAY_WRITE, &ad);
2050 rc = smk_bu_note("USB signal", skp, tkp->smk_known, MAY_WRITE, rc);
2055 * smack_task_wait - Smack access check for waiting
2056 * @p: task to wait for
2060 static int smack_task_wait(struct task_struct *p)
2063 * Allow the operation to succeed.
2065 * In userless environments (e.g. phones) programs
2066 * get marked with SMACK64EXEC and even if the parent
2067 * and child shouldn't be talking the parent still
2068 * may expect to know when the child exits.
2074 * smack_task_to_inode - copy task smack into the inode blob
2075 * @p: task to copy from
2076 * @inode: inode to copy to
2078 * Sets the smack pointer in the inode security blob
2080 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2082 struct inode_smack *isp = inode->i_security;
2083 struct smack_known *skp = smk_of_task(task_security(p));
2085 isp->smk_inode = skp->smk_known;
2093 * smack_sk_alloc_security - Allocate a socket blob
2096 * @gfp_flags: memory allocation flags
2098 * Assign Smack pointers to current
2100 * Returns 0 on success, -ENOMEM is there's no memory
2102 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2104 struct smack_known *skp = smk_of_current();
2105 struct socket_smack *ssp;
2107 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2113 ssp->smk_packet = NULL;
2115 sk->sk_security = ssp;
2121 * smack_sk_free_security - Free a socket blob
2124 * Clears the blob pointer
2126 static void smack_sk_free_security(struct sock *sk)
2128 kfree(sk->sk_security);
2132 * smack_host_label - check host based restrictions
2133 * @sip: the object end
2135 * looks for host based access restrictions
2137 * This version will only be appropriate for really small sets of single label
2138 * hosts. The caller is responsible for ensuring that the RCU read lock is
2139 * taken before calling this function.
2141 * Returns the label of the far end or NULL if it's not special.
2143 static char *smack_host_label(struct sockaddr_in *sip)
2145 struct smk_netlbladdr *snp;
2146 struct in_addr *siap = &sip->sin_addr;
2148 if (siap->s_addr == 0)
2151 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
2153 * we break after finding the first match because
2154 * the list is sorted from longest to shortest mask
2155 * so we have found the most specific match
2157 if ((&snp->smk_host.sin_addr)->s_addr ==
2158 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
2159 /* we have found the special CIPSO option */
2160 if (snp->smk_label == smack_cipso_option)
2162 return snp->smk_label;
2169 * smack_netlabel - Set the secattr on a socket
2171 * @labeled: socket label scheme
2173 * Convert the outbound smack value (smk_out) to a
2174 * secattr and attach it to the socket.
2176 * Returns 0 on success or an error code
2178 static int smack_netlabel(struct sock *sk, int labeled)
2180 struct smack_known *skp;
2181 struct socket_smack *ssp = sk->sk_security;
2185 * Usually the netlabel code will handle changing the
2186 * packet labeling based on the label.
2187 * The case of a single label host is different, because
2188 * a single label host should never get a labeled packet
2189 * even though the label is usually associated with a packet
2193 bh_lock_sock_nested(sk);
2195 if (ssp->smk_out == smack_net_ambient ||
2196 labeled == SMACK_UNLABELED_SOCKET)
2197 netlbl_sock_delattr(sk);
2200 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2210 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2212 * @sap: the destination address
2214 * Set the correct secattr for the given socket based on the destination
2215 * address and perform any outbound access checks needed.
2217 * Returns 0 on success or an error code.
2220 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2222 struct smack_known *skp;
2226 struct socket_smack *ssp = sk->sk_security;
2227 struct smk_audit_info ad;
2230 hostsp = smack_host_label(sap);
2231 if (hostsp != NULL) {
2233 struct lsm_network_audit net;
2235 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2236 ad.a.u.net->family = sap->sin_family;
2237 ad.a.u.net->dport = sap->sin_port;
2238 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2240 sk_lbl = SMACK_UNLABELED_SOCKET;
2242 rc = smk_access(skp, hostsp, MAY_WRITE, &ad);
2243 rc = smk_bu_note("IPv4 host check", skp, hostsp, MAY_WRITE, rc);
2245 sk_lbl = SMACK_CIPSO_SOCKET;
2252 return smack_netlabel(sk, sk_lbl);
2256 * smk_ipv6_port_label - Smack port access table management
2260 * Create or update the port list entry
2262 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2264 struct sock *sk = sock->sk;
2265 struct sockaddr_in6 *addr6;
2266 struct socket_smack *ssp = sock->sk->sk_security;
2267 struct smk_port_label *spp;
2268 unsigned short port = 0;
2270 if (address == NULL) {
2272 * This operation is changing the Smack information
2273 * on the bound socket. Take the changes to the port
2276 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2277 if (sk != spp->smk_sock)
2279 spp->smk_in = ssp->smk_in;
2280 spp->smk_out = ssp->smk_out;
2284 * A NULL address is only used for updating existing
2285 * bound entries. If there isn't one, it's OK.
2290 addr6 = (struct sockaddr_in6 *)address;
2291 port = ntohs(addr6->sin6_port);
2293 * This is a special case that is safely ignored.
2299 * Look for an existing port list entry.
2300 * This is an indication that a port is getting reused.
2302 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2303 if (spp->smk_port != port)
2305 spp->smk_port = port;
2307 spp->smk_in = ssp->smk_in;
2308 spp->smk_out = ssp->smk_out;
2313 * A new port entry is required.
2315 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2319 spp->smk_port = port;
2321 spp->smk_in = ssp->smk_in;
2322 spp->smk_out = ssp->smk_out;
2324 list_add(&spp->list, &smk_ipv6_port_list);
2329 * smk_ipv6_port_check - check Smack port access
2333 * Create or update the port list entry
2335 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2340 struct smk_port_label *spp;
2341 struct socket_smack *ssp = sk->sk_security;
2342 struct smack_known *skp;
2343 unsigned short port = 0;
2345 struct smk_audit_info ad;
2348 struct lsm_network_audit net;
2351 if (act == SMK_RECEIVING) {
2352 skp = smack_net_ambient;
2353 object = ssp->smk_in->smk_known;
2356 object = smack_net_ambient->smk_known;
2360 * Get the IP address and port from the address.
2362 port = ntohs(address->sin6_port);
2363 bep = (__be16 *)(&address->sin6_addr);
2364 be32p = (__be32 *)(&address->sin6_addr);
2367 * It's remote, so port lookup does no good.
2369 if (be32p[0] || be32p[1] || be32p[2] || bep[6] || ntohs(bep[7]) != 1)
2373 * It's local so the send check has to have passed.
2375 if (act == SMK_RECEIVING) {
2376 skp = &smack_known_web;
2380 list_for_each_entry(spp, &smk_ipv6_port_list, list) {
2381 if (spp->smk_port != port)
2383 object = spp->smk_in->smk_known;
2384 if (act == SMK_CONNECTING)
2385 ssp->smk_packet = spp->smk_out;
2392 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2393 ad.a.u.net->family = sk->sk_family;
2394 ad.a.u.net->dport = port;
2395 if (act == SMK_RECEIVING)
2396 ad.a.u.net->v6info.saddr = address->sin6_addr;
2398 ad.a.u.net->v6info.daddr = address->sin6_addr;
2400 rc = smk_access(skp, object, MAY_WRITE, &ad);
2401 rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc);
2406 * smack_inode_setsecurity - set smack xattrs
2407 * @inode: the object
2408 * @name: attribute name
2409 * @value: attribute value
2410 * @size: size of the attribute
2413 * Sets the named attribute in the appropriate blob
2415 * Returns 0 on success, or an error code
2417 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2418 const void *value, size_t size, int flags)
2420 struct smack_known *skp;
2421 struct inode_smack *nsp = inode->i_security;
2422 struct socket_smack *ssp;
2423 struct socket *sock;
2426 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2429 skp = smk_import_entry(value, size);
2433 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2434 nsp->smk_inode = skp->smk_known;
2435 nsp->smk_flags |= SMK_INODE_INSTANT;
2439 * The rest of the Smack xattrs are only on sockets.
2441 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2444 sock = SOCKET_I(inode);
2445 if (sock == NULL || sock->sk == NULL)
2448 ssp = sock->sk->sk_security;
2450 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2452 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2454 if (sock->sk->sk_family == PF_INET) {
2455 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2458 "Smack: \"%s\" netlbl error %d.\n",
2464 if (sock->sk->sk_family == PF_INET6)
2465 smk_ipv6_port_label(sock, NULL);
2471 * smack_socket_post_create - finish socket setup
2473 * @family: protocol family
2478 * Sets the netlabel information on the socket
2480 * Returns 0 on success, and error code otherwise
2482 static int smack_socket_post_create(struct socket *sock, int family,
2483 int type, int protocol, int kern)
2485 struct socket_smack *ssp;
2487 if (sock->sk == NULL)
2491 * Sockets created by kernel threads receive web label.
2493 if (unlikely(current->flags & PF_KTHREAD)) {
2494 ssp = sock->sk->sk_security;
2495 ssp->smk_in = &smack_known_web;
2497 if (family != PF_INET)
2500 * Set the outbound netlbl.
2502 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2506 * smack_socket_bind - record port binding information.
2508 * @address: the port address
2509 * @addrlen: size of the address
2511 * Records the label bound to a port.
2515 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2518 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2519 smk_ipv6_port_label(sock, address);
2525 * smack_socket_connect - connect access check
2527 * @sap: the other end
2528 * @addrlen: size of sap
2530 * Verifies that a connection may be possible
2532 * Returns 0 on success, and error code otherwise
2534 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2539 if (sock->sk == NULL)
2542 switch (sock->sk->sk_family) {
2544 if (addrlen < sizeof(struct sockaddr_in))
2546 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2549 if (addrlen < sizeof(struct sockaddr_in6))
2551 rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap,
2559 * smack_flags_to_may - convert S_ to MAY_ values
2560 * @flags: the S_ value
2562 * Returns the equivalent MAY_ value
2564 static int smack_flags_to_may(int flags)
2568 if (flags & S_IRUGO)
2570 if (flags & S_IWUGO)
2572 if (flags & S_IXUGO)
2579 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2584 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2586 struct smack_known *skp = smk_of_current();
2588 msg->security = skp->smk_known;
2593 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2596 * Clears the blob pointer
2598 static void smack_msg_msg_free_security(struct msg_msg *msg)
2600 msg->security = NULL;
2604 * smack_of_shm - the smack pointer for the shm
2607 * Returns a pointer to the smack value
2609 static char *smack_of_shm(struct shmid_kernel *shp)
2611 return (char *)shp->shm_perm.security;
2615 * smack_shm_alloc_security - Set the security blob for shm
2620 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2622 struct kern_ipc_perm *isp = &shp->shm_perm;
2623 struct smack_known *skp = smk_of_current();
2625 isp->security = skp->smk_known;
2630 * smack_shm_free_security - Clear the security blob for shm
2633 * Clears the blob pointer
2635 static void smack_shm_free_security(struct shmid_kernel *shp)
2637 struct kern_ipc_perm *isp = &shp->shm_perm;
2639 isp->security = NULL;
2643 * smk_curacc_shm : check if current has access on shm
2645 * @access : access requested
2647 * Returns 0 if current has the requested access, error code otherwise
2649 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2651 char *ssp = smack_of_shm(shp);
2652 struct smk_audit_info ad;
2656 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2657 ad.a.u.ipc_id = shp->shm_perm.id;
2659 rc = smk_curacc(ssp, access, &ad);
2660 rc = smk_bu_current("shm", ssp, access, rc);
2665 * smack_shm_associate - Smack access check for shm
2667 * @shmflg: access requested
2669 * Returns 0 if current has the requested access, error code otherwise
2671 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2675 may = smack_flags_to_may(shmflg);
2676 return smk_curacc_shm(shp, may);
2680 * smack_shm_shmctl - Smack access check for shm
2682 * @cmd: what it wants to do
2684 * Returns 0 if current has the requested access, error code otherwise
2686 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2699 may = MAY_READWRITE;
2704 * System level information.
2710 return smk_curacc_shm(shp, may);
2714 * smack_shm_shmat - Smack access for shmat
2717 * @shmflg: access requested
2719 * Returns 0 if current has the requested access, error code otherwise
2721 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2726 may = smack_flags_to_may(shmflg);
2727 return smk_curacc_shm(shp, may);
2731 * smack_of_sem - the smack pointer for the sem
2734 * Returns a pointer to the smack value
2736 static char *smack_of_sem(struct sem_array *sma)
2738 return (char *)sma->sem_perm.security;
2742 * smack_sem_alloc_security - Set the security blob for sem
2747 static int smack_sem_alloc_security(struct sem_array *sma)
2749 struct kern_ipc_perm *isp = &sma->sem_perm;
2750 struct smack_known *skp = smk_of_current();
2752 isp->security = skp->smk_known;
2757 * smack_sem_free_security - Clear the security blob for sem
2760 * Clears the blob pointer
2762 static void smack_sem_free_security(struct sem_array *sma)
2764 struct kern_ipc_perm *isp = &sma->sem_perm;
2766 isp->security = NULL;
2770 * smk_curacc_sem : check if current has access on sem
2772 * @access : access requested
2774 * Returns 0 if current has the requested access, error code otherwise
2776 static int smk_curacc_sem(struct sem_array *sma, int access)
2778 char *ssp = smack_of_sem(sma);
2779 struct smk_audit_info ad;
2783 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2784 ad.a.u.ipc_id = sma->sem_perm.id;
2786 rc = smk_curacc(ssp, access, &ad);
2787 rc = smk_bu_current("sem", ssp, access, rc);
2792 * smack_sem_associate - Smack access check for sem
2794 * @semflg: access requested
2796 * Returns 0 if current has the requested access, error code otherwise
2798 static int smack_sem_associate(struct sem_array *sma, int semflg)
2802 may = smack_flags_to_may(semflg);
2803 return smk_curacc_sem(sma, may);
2807 * smack_sem_shmctl - Smack access check for sem
2809 * @cmd: what it wants to do
2811 * Returns 0 if current has the requested access, error code otherwise
2813 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2831 may = MAY_READWRITE;
2836 * System level information
2843 return smk_curacc_sem(sma, may);
2847 * smack_sem_semop - Smack checks of semaphore operations
2853 * Treated as read and write in all cases.
2855 * Returns 0 if access is allowed, error code otherwise
2857 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2858 unsigned nsops, int alter)
2860 return smk_curacc_sem(sma, MAY_READWRITE);
2864 * smack_msg_alloc_security - Set the security blob for msg
2869 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2871 struct kern_ipc_perm *kisp = &msq->q_perm;
2872 struct smack_known *skp = smk_of_current();
2874 kisp->security = skp->smk_known;
2879 * smack_msg_free_security - Clear the security blob for msg
2882 * Clears the blob pointer
2884 static void smack_msg_queue_free_security(struct msg_queue *msq)
2886 struct kern_ipc_perm *kisp = &msq->q_perm;
2888 kisp->security = NULL;
2892 * smack_of_msq - the smack pointer for the msq
2895 * Returns a pointer to the smack value
2897 static char *smack_of_msq(struct msg_queue *msq)
2899 return (char *)msq->q_perm.security;
2903 * smk_curacc_msq : helper to check if current has access on msq
2905 * @access : access requested
2907 * return 0 if current has access, error otherwise
2909 static int smk_curacc_msq(struct msg_queue *msq, int access)
2911 char *msp = smack_of_msq(msq);
2912 struct smk_audit_info ad;
2916 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2917 ad.a.u.ipc_id = msq->q_perm.id;
2919 rc = smk_curacc(msp, access, &ad);
2920 rc = smk_bu_current("msq", msp, access, rc);
2925 * smack_msg_queue_associate - Smack access check for msg_queue
2927 * @msqflg: access requested
2929 * Returns 0 if current has the requested access, error code otherwise
2931 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2935 may = smack_flags_to_may(msqflg);
2936 return smk_curacc_msq(msq, may);
2940 * smack_msg_queue_msgctl - Smack access check for msg_queue
2942 * @cmd: what it wants to do
2944 * Returns 0 if current has the requested access, error code otherwise
2946 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2957 may = MAY_READWRITE;
2962 * System level information
2969 return smk_curacc_msq(msq, may);
2973 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2976 * @msqflg: access requested
2978 * Returns 0 if current has the requested access, error code otherwise
2980 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2985 may = smack_flags_to_may(msqflg);
2986 return smk_curacc_msq(msq, may);
2990 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2997 * Returns 0 if current has read and write access, error code otherwise
2999 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3000 struct task_struct *target, long type, int mode)
3002 return smk_curacc_msq(msq, MAY_READWRITE);
3006 * smack_ipc_permission - Smack access for ipc_permission()
3007 * @ipp: the object permissions
3008 * @flag: access requested
3010 * Returns 0 if current has read and write access, error code otherwise
3012 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3014 char *isp = ipp->security;
3015 int may = smack_flags_to_may(flag);
3016 struct smk_audit_info ad;
3020 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3021 ad.a.u.ipc_id = ipp->id;
3023 rc = smk_curacc(isp, may, &ad);
3024 rc = smk_bu_current("svipc", isp, may, rc);
3029 * smack_ipc_getsecid - Extract smack security id
3030 * @ipp: the object permissions
3031 * @secid: where result will be saved
3033 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3035 char *smack = ipp->security;
3037 *secid = smack_to_secid(smack);
3041 * smack_d_instantiate - Make sure the blob is correct on an inode
3042 * @opt_dentry: dentry where inode will be attached
3043 * @inode: the object
3045 * Set the inode's security blob if it hasn't been done already.
3047 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3049 struct super_block *sbp;
3050 struct superblock_smack *sbsp;
3051 struct inode_smack *isp;
3052 struct smack_known *skp;
3053 struct smack_known *ckp = smk_of_current();
3055 char trattr[TRANS_TRUE_SIZE];
3063 isp = inode->i_security;
3065 mutex_lock(&isp->smk_lock);
3067 * If the inode is already instantiated
3068 * take the quick way out
3070 if (isp->smk_flags & SMK_INODE_INSTANT)
3074 sbsp = sbp->s_security;
3076 * We're going to use the superblock default label
3077 * if there's no label on the file.
3079 final = sbsp->smk_default;
3082 * If this is the root inode the superblock
3083 * may be in the process of initialization.
3084 * If that is the case use the root value out
3085 * of the superblock.
3087 if (opt_dentry->d_parent == opt_dentry) {
3088 switch (sbp->s_magic) {
3089 case CGROUP_SUPER_MAGIC:
3091 * The cgroup filesystem is never mounted,
3092 * so there's no opportunity to set the mount
3095 sbsp->smk_root = smack_known_star.smk_known;
3096 sbsp->smk_default = smack_known_star.smk_known;
3097 isp->smk_inode = sbsp->smk_root;
3101 * What about shmem/tmpfs anonymous files with dentry
3102 * obtained from d_alloc_pseudo()?
3104 isp->smk_inode = smk_of_current()->smk_known;
3107 isp->smk_inode = smk_of_current()->smk_known;
3110 isp->smk_inode = sbsp->smk_root;
3113 isp->smk_flags |= SMK_INODE_INSTANT;
3118 * This is pretty hackish.
3119 * Casey says that we shouldn't have to do
3120 * file system specific code, but it does help
3121 * with keeping it simple.
3123 switch (sbp->s_magic) {
3127 case CGROUP_SUPER_MAGIC:
3129 * Casey says that it's a little embarrassing
3130 * that the smack file system doesn't do
3131 * extended attributes.
3133 * Casey says pipes are easy (?)
3135 * Socket access is controlled by the socket
3136 * structures associated with the task involved.
3138 * Cgroupfs is special
3140 final = smack_known_star.smk_known;
3142 case DEVPTS_SUPER_MAGIC:
3144 * devpts seems content with the label of the task.
3145 * Programs that change smack have to treat the
3148 final = ckp->smk_known;
3150 case PROC_SUPER_MAGIC:
3152 * Casey says procfs appears not to care.
3153 * The superblock default suffices.
3158 * Device labels should come from the filesystem,
3159 * but watch out, because they're volitile,
3160 * getting recreated on every reboot.
3162 final = smack_known_star.smk_known;
3166 * If a smack value has been set we want to use it,
3167 * but since tmpfs isn't giving us the opportunity
3168 * to set mount options simulate setting the
3169 * superblock default.
3173 * This isn't an understood special case.
3174 * Get the value from the xattr.
3178 * UNIX domain sockets use lower level socket data.
3180 if (S_ISSOCK(inode->i_mode)) {
3181 final = smack_known_star.smk_known;
3185 * No xattr support means, alas, no SMACK label.
3186 * Use the aforeapplied default.
3187 * It would be curious if the label of the task
3188 * does not match that assigned.
3190 if (inode->i_op->getxattr == NULL)
3193 * Get the dentry for xattr.
3195 dp = dget(opt_dentry);
3196 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3198 final = skp->smk_known;
3201 * Transmuting directory
3203 if (S_ISDIR(inode->i_mode)) {
3205 * If this is a new directory and the label was
3206 * transmuted when the inode was initialized
3207 * set the transmute attribute on the directory
3208 * and mark the inode.
3210 * If there is a transmute attribute on the
3211 * directory mark the inode.
3213 if (isp->smk_flags & SMK_INODE_CHANGED) {
3214 isp->smk_flags &= ~SMK_INODE_CHANGED;
3215 rc = inode->i_op->setxattr(dp,
3216 XATTR_NAME_SMACKTRANSMUTE,
3217 TRANS_TRUE, TRANS_TRUE_SIZE,
3220 rc = inode->i_op->getxattr(dp,
3221 XATTR_NAME_SMACKTRANSMUTE, trattr,
3223 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3224 TRANS_TRUE_SIZE) != 0)
3228 transflag = SMK_INODE_TRANSMUTE;
3230 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3231 isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3238 isp->smk_inode = ckp->smk_known;
3240 isp->smk_inode = final;
3242 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3245 mutex_unlock(&isp->smk_lock);
3250 * smack_getprocattr - Smack process attribute access
3251 * @p: the object task
3252 * @name: the name of the attribute in /proc/.../attr
3253 * @value: where to put the result
3255 * Places a copy of the task Smack into value
3257 * Returns the length of the smack label or an error code
3259 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3261 struct smack_known *skp = smk_of_task(task_security(p));
3265 if (strcmp(name, "current") != 0)
3268 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3278 * smack_setprocattr - Smack process attribute setting
3279 * @p: the object task
3280 * @name: the name of the attribute in /proc/.../attr
3281 * @value: the value to set
3282 * @size: the size of the value
3284 * Sets the Smack value of the task. Only setting self
3285 * is permitted and only with privilege
3287 * Returns the length of the smack label or an error code
3289 static int smack_setprocattr(struct task_struct *p, char *name,
3290 void *value, size_t size)
3292 struct task_smack *tsp;
3294 struct smack_known *skp;
3297 * Changing another process' Smack value is too dangerous
3298 * and supports no sane use case.
3303 if (!smack_privileged(CAP_MAC_ADMIN))
3306 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3309 if (strcmp(name, "current") != 0)
3312 skp = smk_import_entry(value, size);
3317 * No process is ever allowed the web ("@") label.
3319 if (skp == &smack_known_web)
3322 new = prepare_creds();
3326 tsp = new->security;
3327 tsp->smk_task = skp;
3334 * smack_unix_stream_connect - Smack access on UDS
3336 * @other: the other sock
3339 * Return 0 if a subject with the smack of sock could access
3340 * an object with the smack of other, otherwise an error code
3342 static int smack_unix_stream_connect(struct sock *sock,
3343 struct sock *other, struct sock *newsk)
3345 struct smack_known *skp;
3346 struct smack_known *okp;
3347 struct socket_smack *ssp = sock->sk_security;
3348 struct socket_smack *osp = other->sk_security;
3349 struct socket_smack *nsp = newsk->sk_security;
3350 struct smk_audit_info ad;
3353 struct lsm_network_audit net;
3356 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3360 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3361 smk_ad_setfield_u_net_sk(&ad, other);
3363 rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad);
3364 rc = smk_bu_note("UDS connect", skp, okp->smk_known,
3369 rc = smk_access(okp, skp->smk_known, MAY_WRITE, &ad);
3370 rc = smk_bu_note("UDS connect", okp, skp->smk_known,
3376 * Cross reference the peer labels for SO_PEERSEC.
3379 nsp->smk_packet = ssp->smk_out;
3380 ssp->smk_packet = osp->smk_out;
3387 * smack_unix_may_send - Smack access on UDS
3389 * @other: the other socket
3391 * Return 0 if a subject with the smack of sock could access
3392 * an object with the smack of other, otherwise an error code
3394 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3396 struct socket_smack *ssp = sock->sk->sk_security;
3397 struct socket_smack *osp = other->sk->sk_security;
3398 struct smack_known *skp;
3399 struct smk_audit_info ad;
3403 struct lsm_network_audit net;
3405 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3406 smk_ad_setfield_u_net_sk(&ad, other->sk);
3409 if (smack_privileged(CAP_MAC_OVERRIDE))
3414 rc = smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad);
3415 rc = smk_bu_note("UDS send", skp, osp->smk_in->smk_known,
3421 * smack_socket_sendmsg - Smack check based on destination host
3424 * @size: the size of the message
3426 * Return 0 if the current subject can write to the destination host.
3427 * For IPv4 this is only a question if the destination is a single label host.
3428 * For IPv6 this is a check against the label of the port.
3430 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3433 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3434 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3438 * Perfectly reasonable for this to be NULL
3443 switch (sock->sk->sk_family) {
3445 rc = smack_netlabel_send(sock->sk, sip);
3448 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3455 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3456 * @sap: netlabel secattr
3457 * @ssp: socket security information
3459 * Returns a pointer to a Smack label entry found on the label list.
3461 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3462 struct socket_smack *ssp)
3464 struct smack_known *skp;
3469 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3471 * Looks like a CIPSO packet.
3472 * If there are flags but no level netlabel isn't
3473 * behaving the way we expect it to.
3475 * Look it up in the label table
3476 * Without guidance regarding the smack value
3477 * for the packet fall back on the network
3481 list_for_each_entry(skp, &smack_known_list, list) {
3482 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3485 * Compare the catsets. Use the netlbl APIs.
3487 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3488 if ((skp->smk_netlabel.flags &
3489 NETLBL_SECATTR_MLS_CAT) == 0)
3493 for (acat = -1, kcat = -1; acat == kcat; ) {
3494 acat = netlbl_secattr_catmap_walk(
3495 sap->attr.mls.cat, acat + 1);
3496 kcat = netlbl_secattr_catmap_walk(
3497 skp->smk_netlabel.attr.mls.cat,
3499 if (acat < 0 || kcat < 0)
3512 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3513 return &smack_known_web;
3514 return &smack_known_star;
3516 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
3518 * Looks like a fallback, which gives us a secid.
3520 skp = smack_from_secid(sap->attr.secid);
3522 * This has got to be a bug because it is
3523 * impossible to specify a fallback without
3524 * specifying the label, which will ensure
3525 * it has a secid, and the only way to get a
3526 * secid is from a fallback.
3528 BUG_ON(skp == NULL);
3532 * Without guidance regarding the smack value
3533 * for the packet fall back on the network
3536 return smack_net_ambient;
3539 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3543 int proto = -EINVAL;
3544 struct ipv6hdr _ipv6h;
3545 struct ipv6hdr *ip6;
3547 struct tcphdr _tcph, *th;
3548 struct udphdr _udph, *uh;
3549 struct dccp_hdr _dccph, *dh;
3553 offset = skb_network_offset(skb);
3554 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3557 sip->sin6_addr = ip6->saddr;
3559 nexthdr = ip6->nexthdr;
3560 offset += sizeof(_ipv6h);
3561 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3568 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3570 sip->sin6_port = th->source;
3573 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3575 sip->sin6_port = uh->source;
3578 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3580 sip->sin6_port = dh->dccph_sport;
3587 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3591 * Returns 0 if the packet should be delivered, an error code otherwise
3593 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3595 struct netlbl_lsm_secattr secattr;
3596 struct socket_smack *ssp = sk->sk_security;
3597 struct smack_known *skp;
3598 struct sockaddr_in6 sadd;
3600 struct smk_audit_info ad;
3602 struct lsm_network_audit net;
3604 switch (sk->sk_family) {
3607 * Translate what netlabel gave us.
3609 netlbl_secattr_init(&secattr);
3611 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3613 skp = smack_from_secattr(&secattr, ssp);
3615 skp = smack_net_ambient;
3617 netlbl_secattr_destroy(&secattr);
3620 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3621 ad.a.u.net->family = sk->sk_family;
3622 ad.a.u.net->netif = skb->skb_iif;
3623 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3626 * Receiving a packet requires that the other end
3627 * be able to write here. Read access is not required.
3628 * This is the simplist possible security model
3632 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3633 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in->smk_known,
3637 netlbl_skbuff_err(skb, rc, 0);
3640 rc = smk_skb_to_addr_ipv6(skb, &sadd);
3641 if (rc == IPPROTO_UDP || rc == IPPROTO_TCP)
3642 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
3651 * smack_socket_getpeersec_stream - pull in packet label
3653 * @optval: user's destination
3654 * @optlen: size thereof
3657 * returns zero on success, an error code otherwise
3659 static int smack_socket_getpeersec_stream(struct socket *sock,
3660 char __user *optval,
3661 int __user *optlen, unsigned len)
3663 struct socket_smack *ssp;
3668 ssp = sock->sk->sk_security;
3669 if (ssp->smk_packet != NULL) {
3670 rcp = ssp->smk_packet->smk_known;
3671 slen = strlen(rcp) + 1;
3676 else if (copy_to_user(optval, rcp, slen) != 0)
3679 if (put_user(slen, optlen) != 0)
3687 * smack_socket_getpeersec_dgram - pull in packet label
3688 * @sock: the peer socket
3690 * @secid: pointer to where to put the secid of the packet
3692 * Sets the netlabel socket state on sk from parent
3694 static int smack_socket_getpeersec_dgram(struct socket *sock,
3695 struct sk_buff *skb, u32 *secid)
3698 struct netlbl_lsm_secattr secattr;
3699 struct socket_smack *ssp = NULL;
3700 struct smack_known *skp;
3701 int family = PF_UNSPEC;
3702 u32 s = 0; /* 0 is the invalid secid */
3706 if (skb->protocol == htons(ETH_P_IP))
3708 else if (skb->protocol == htons(ETH_P_IPV6))
3711 if (family == PF_UNSPEC && sock != NULL)
3712 family = sock->sk->sk_family;
3714 if (family == PF_UNIX) {
3715 ssp = sock->sk->sk_security;
3716 s = ssp->smk_out->smk_secid;
3717 } else if (family == PF_INET || family == PF_INET6) {
3719 * Translate what netlabel gave us.
3721 if (sock != NULL && sock->sk != NULL)
3722 ssp = sock->sk->sk_security;
3723 netlbl_secattr_init(&secattr);
3724 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3726 skp = smack_from_secattr(&secattr, ssp);
3729 netlbl_secattr_destroy(&secattr);
3738 * smack_sock_graft - Initialize a newly created socket with an existing sock
3740 * @parent: parent socket
3742 * Set the smk_{in,out} state of an existing sock based on the process that
3743 * is creating the new socket.
3745 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3747 struct socket_smack *ssp;
3748 struct smack_known *skp = smk_of_current();
3751 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3754 ssp = sk->sk_security;
3757 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3761 * smack_inet_conn_request - Smack access check on connect
3762 * @sk: socket involved
3766 * Returns 0 if a task with the packet label could write to
3767 * the socket, otherwise an error code
3769 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3770 struct request_sock *req)
3772 u16 family = sk->sk_family;
3773 struct smack_known *skp;
3774 struct socket_smack *ssp = sk->sk_security;
3775 struct netlbl_lsm_secattr secattr;
3776 struct sockaddr_in addr;
3780 struct smk_audit_info ad;
3782 struct lsm_network_audit net;
3785 if (family == PF_INET6) {
3787 * Handle mapped IPv4 packets arriving
3788 * via IPv6 sockets. Don't set up netlabel
3789 * processing on IPv6.
3791 if (skb->protocol == htons(ETH_P_IP))
3797 netlbl_secattr_init(&secattr);
3798 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3800 skp = smack_from_secattr(&secattr, ssp);
3802 skp = &smack_known_huh;
3803 netlbl_secattr_destroy(&secattr);
3806 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3807 ad.a.u.net->family = family;
3808 ad.a.u.net->netif = skb->skb_iif;
3809 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3812 * Receiving a packet requires that the other end be able to write
3813 * here. Read access is not required.
3816 rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
3817 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in->smk_known,
3823 * Save the peer's label in the request_sock so we can later setup
3824 * smk_packet in the child socket so that SO_PEERCRED can report it.
3826 req->peer_secid = skp->smk_secid;
3829 * We need to decide if we want to label the incoming connection here
3830 * if we do we only need to label the request_sock and the stack will
3831 * propagate the wire-label to the sock when it is created.
3834 addr.sin_addr.s_addr = hdr->saddr;
3836 hsp = smack_host_label(&addr);
3840 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3842 netlbl_req_delattr(req);
3848 * smack_inet_csk_clone - Copy the connection information to the new socket
3849 * @sk: the new socket
3850 * @req: the connection's request_sock
3852 * Transfer the connection's peer label to the newly created socket.
3854 static void smack_inet_csk_clone(struct sock *sk,
3855 const struct request_sock *req)
3857 struct socket_smack *ssp = sk->sk_security;
3858 struct smack_known *skp;
3860 if (req->peer_secid != 0) {
3861 skp = smack_from_secid(req->peer_secid);
3862 ssp->smk_packet = skp;
3864 ssp->smk_packet = NULL;
3868 * Key management security hooks
3870 * Casey has not tested key support very heavily.
3871 * The permission check is most likely too restrictive.
3872 * If you care about keys please have a look.
3877 * smack_key_alloc - Set the key security blob
3879 * @cred: the credentials to use
3882 * No allocation required
3886 static int smack_key_alloc(struct key *key, const struct cred *cred,
3887 unsigned long flags)
3889 struct smack_known *skp = smk_of_task(cred->security);
3891 key->security = skp->smk_known;
3896 * smack_key_free - Clear the key security blob
3899 * Clear the blob pointer
3901 static void smack_key_free(struct key *key)
3903 key->security = NULL;
3907 * smack_key_permission - Smack access on a key
3908 * @key_ref: gets to the object
3909 * @cred: the credentials to use
3912 * Return 0 if the task has read and write to the object,
3913 * an error code otherwise
3915 static int smack_key_permission(key_ref_t key_ref,
3916 const struct cred *cred, key_perm_t perm)
3919 struct smk_audit_info ad;
3920 struct smack_known *tkp = smk_of_task(cred->security);
3923 keyp = key_ref_to_ptr(key_ref);
3927 * If the key hasn't been initialized give it access so that
3930 if (keyp->security == NULL)
3933 * This should not occur
3938 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3939 ad.a.u.key_struct.key = keyp->serial;
3940 ad.a.u.key_struct.key_desc = keyp->description;
3942 rc = smk_access(tkp, keyp->security, MAY_READWRITE, &ad);
3943 rc = smk_bu_note("key access", tkp, keyp->security, MAY_READWRITE, rc);
3946 #endif /* CONFIG_KEYS */
3951 * Audit requires a unique representation of each Smack specific
3952 * rule. This unique representation is used to distinguish the
3953 * object to be audited from remaining kernel objects and also
3954 * works as a glue between the audit hooks.
3956 * Since repository entries are added but never deleted, we'll use
3957 * the smack_known label address related to the given audit rule as
3958 * the needed unique representation. This also better fits the smack
3959 * model where nearly everything is a label.
3964 * smack_audit_rule_init - Initialize a smack audit rule
3965 * @field: audit rule fields given from user-space (audit.h)
3966 * @op: required testing operator (=, !=, >, <, ...)
3967 * @rulestr: smack label to be audited
3968 * @vrule: pointer to save our own audit rule representation
3970 * Prepare to audit cases where (@field @op @rulestr) is true.
3971 * The label to be audited is created if necessay.
3973 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3975 char **rule = (char **)vrule;
3978 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3981 if (op != Audit_equal && op != Audit_not_equal)
3984 *rule = smk_import(rulestr, 0);
3990 * smack_audit_rule_known - Distinguish Smack audit rules
3991 * @krule: rule of interest, in Audit kernel representation format
3993 * This is used to filter Smack rules from remaining Audit ones.
3994 * If it's proved that this rule belongs to us, the
3995 * audit_rule_match hook will be called to do the final judgement.
3997 static int smack_audit_rule_known(struct audit_krule *krule)
3999 struct audit_field *f;
4002 for (i = 0; i < krule->field_count; i++) {
4003 f = &krule->fields[i];
4005 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4013 * smack_audit_rule_match - Audit given object ?
4014 * @secid: security id for identifying the object to test
4015 * @field: audit rule flags given from user-space
4016 * @op: required testing operator
4017 * @vrule: smack internal rule presentation
4018 * @actx: audit context associated with the check
4020 * The core Audit hook. It's used to take the decision of
4021 * whether to audit or not to audit a given object.
4023 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4024 struct audit_context *actx)
4026 struct smack_known *skp;
4030 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
4031 "Smack: missing rule\n");
4035 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4038 skp = smack_from_secid(secid);
4041 * No need to do string comparisons. If a match occurs,
4042 * both pointers will point to the same smack_known
4045 if (op == Audit_equal)
4046 return (rule == skp->smk_known);
4047 if (op == Audit_not_equal)
4048 return (rule != skp->smk_known);
4054 * smack_audit_rule_free - free smack rule representation
4055 * @vrule: rule to be freed.
4057 * No memory was allocated.
4059 static void smack_audit_rule_free(void *vrule)
4064 #endif /* CONFIG_AUDIT */
4067 * smack_secid_to_secctx - return the smack label for a secid
4068 * @secid: incoming integer
4069 * @secdata: destination
4070 * @seclen: how long it is
4072 * Exists for networking code.
4074 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4076 struct smack_known *skp = smack_from_secid(secid);
4079 *secdata = skp->smk_known;
4080 *seclen = strlen(skp->smk_known);
4085 * smack_secctx_to_secid - return the secid for a smack label
4086 * @secdata: smack label
4087 * @seclen: how long result is
4088 * @secid: outgoing integer
4090 * Exists for audit and networking code.
4092 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4094 *secid = smack_to_secid(secdata);
4099 * smack_release_secctx - don't do anything.
4103 * Exists to make sure nothing gets done, and properly
4105 static void smack_release_secctx(char *secdata, u32 seclen)
4109 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4111 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4114 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4116 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4119 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4122 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4130 struct security_operations smack_ops = {
4133 .ptrace_access_check = smack_ptrace_access_check,
4134 .ptrace_traceme = smack_ptrace_traceme,
4135 .syslog = smack_syslog,
4137 .sb_alloc_security = smack_sb_alloc_security,
4138 .sb_free_security = smack_sb_free_security,
4139 .sb_copy_data = smack_sb_copy_data,
4140 .sb_kern_mount = smack_sb_kern_mount,
4141 .sb_statfs = smack_sb_statfs,
4143 .bprm_set_creds = smack_bprm_set_creds,
4144 .bprm_committing_creds = smack_bprm_committing_creds,
4145 .bprm_secureexec = smack_bprm_secureexec,
4147 .inode_alloc_security = smack_inode_alloc_security,
4148 .inode_free_security = smack_inode_free_security,
4149 .inode_init_security = smack_inode_init_security,
4150 .inode_link = smack_inode_link,
4151 .inode_unlink = smack_inode_unlink,
4152 .inode_rmdir = smack_inode_rmdir,
4153 .inode_rename = smack_inode_rename,
4154 .inode_permission = smack_inode_permission,
4155 .inode_setattr = smack_inode_setattr,
4156 .inode_getattr = smack_inode_getattr,
4157 .inode_setxattr = smack_inode_setxattr,
4158 .inode_post_setxattr = smack_inode_post_setxattr,
4159 .inode_getxattr = smack_inode_getxattr,
4160 .inode_removexattr = smack_inode_removexattr,
4161 .inode_getsecurity = smack_inode_getsecurity,
4162 .inode_setsecurity = smack_inode_setsecurity,
4163 .inode_listsecurity = smack_inode_listsecurity,
4164 .inode_getsecid = smack_inode_getsecid,
4166 .file_permission = smack_file_permission,
4167 .file_alloc_security = smack_file_alloc_security,
4168 .file_free_security = smack_file_free_security,
4169 .file_ioctl = smack_file_ioctl,
4170 .file_lock = smack_file_lock,
4171 .file_fcntl = smack_file_fcntl,
4172 .mmap_file = smack_mmap_file,
4173 .mmap_addr = cap_mmap_addr,
4174 .file_set_fowner = smack_file_set_fowner,
4175 .file_send_sigiotask = smack_file_send_sigiotask,
4176 .file_receive = smack_file_receive,
4178 .file_open = smack_file_open,
4180 .cred_alloc_blank = smack_cred_alloc_blank,
4181 .cred_free = smack_cred_free,
4182 .cred_prepare = smack_cred_prepare,
4183 .cred_transfer = smack_cred_transfer,
4184 .kernel_act_as = smack_kernel_act_as,
4185 .kernel_create_files_as = smack_kernel_create_files_as,
4186 .task_setpgid = smack_task_setpgid,
4187 .task_getpgid = smack_task_getpgid,
4188 .task_getsid = smack_task_getsid,
4189 .task_getsecid = smack_task_getsecid,
4190 .task_setnice = smack_task_setnice,
4191 .task_setioprio = smack_task_setioprio,
4192 .task_getioprio = smack_task_getioprio,
4193 .task_setscheduler = smack_task_setscheduler,
4194 .task_getscheduler = smack_task_getscheduler,
4195 .task_movememory = smack_task_movememory,
4196 .task_kill = smack_task_kill,
4197 .task_wait = smack_task_wait,
4198 .task_to_inode = smack_task_to_inode,
4200 .ipc_permission = smack_ipc_permission,
4201 .ipc_getsecid = smack_ipc_getsecid,
4203 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
4204 .msg_msg_free_security = smack_msg_msg_free_security,
4206 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
4207 .msg_queue_free_security = smack_msg_queue_free_security,
4208 .msg_queue_associate = smack_msg_queue_associate,
4209 .msg_queue_msgctl = smack_msg_queue_msgctl,
4210 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
4211 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
4213 .shm_alloc_security = smack_shm_alloc_security,
4214 .shm_free_security = smack_shm_free_security,
4215 .shm_associate = smack_shm_associate,
4216 .shm_shmctl = smack_shm_shmctl,
4217 .shm_shmat = smack_shm_shmat,
4219 .sem_alloc_security = smack_sem_alloc_security,
4220 .sem_free_security = smack_sem_free_security,
4221 .sem_associate = smack_sem_associate,
4222 .sem_semctl = smack_sem_semctl,
4223 .sem_semop = smack_sem_semop,
4225 .d_instantiate = smack_d_instantiate,
4227 .getprocattr = smack_getprocattr,
4228 .setprocattr = smack_setprocattr,
4230 .unix_stream_connect = smack_unix_stream_connect,
4231 .unix_may_send = smack_unix_may_send,
4233 .socket_post_create = smack_socket_post_create,
4234 .socket_bind = smack_socket_bind,
4235 .socket_connect = smack_socket_connect,
4236 .socket_sendmsg = smack_socket_sendmsg,
4237 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
4238 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
4239 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
4240 .sk_alloc_security = smack_sk_alloc_security,
4241 .sk_free_security = smack_sk_free_security,
4242 .sock_graft = smack_sock_graft,
4243 .inet_conn_request = smack_inet_conn_request,
4244 .inet_csk_clone = smack_inet_csk_clone,
4246 /* key management security hooks */
4248 .key_alloc = smack_key_alloc,
4249 .key_free = smack_key_free,
4250 .key_permission = smack_key_permission,
4251 #endif /* CONFIG_KEYS */
4255 .audit_rule_init = smack_audit_rule_init,
4256 .audit_rule_known = smack_audit_rule_known,
4257 .audit_rule_match = smack_audit_rule_match,
4258 .audit_rule_free = smack_audit_rule_free,
4259 #endif /* CONFIG_AUDIT */
4261 .secid_to_secctx = smack_secid_to_secctx,
4262 .secctx_to_secid = smack_secctx_to_secid,
4263 .release_secctx = smack_release_secctx,
4264 .inode_notifysecctx = smack_inode_notifysecctx,
4265 .inode_setsecctx = smack_inode_setsecctx,
4266 .inode_getsecctx = smack_inode_getsecctx,
4270 static __init void init_smack_known_list(void)
4273 * Initialize rule list locks
4275 mutex_init(&smack_known_huh.smk_rules_lock);
4276 mutex_init(&smack_known_hat.smk_rules_lock);
4277 mutex_init(&smack_known_floor.smk_rules_lock);
4278 mutex_init(&smack_known_star.smk_rules_lock);
4279 mutex_init(&smack_known_invalid.smk_rules_lock);
4280 mutex_init(&smack_known_web.smk_rules_lock);
4282 * Initialize rule lists
4284 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4285 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4286 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4287 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4288 INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
4289 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4291 * Create the known labels list
4293 smk_insert_entry(&smack_known_huh);
4294 smk_insert_entry(&smack_known_hat);
4295 smk_insert_entry(&smack_known_star);
4296 smk_insert_entry(&smack_known_floor);
4297 smk_insert_entry(&smack_known_invalid);
4298 smk_insert_entry(&smack_known_web);
4301 /* KMEM caches for fast and thrifty allocations */
4302 struct kmem_cache *smack_rule_cache;
4303 struct kmem_cache *smack_master_list_cache;
4306 * smack_init - initialize the smack system
4310 static __init int smack_init(void)
4313 struct task_smack *tsp;
4315 if (!security_module_enable(&smack_ops))
4318 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
4319 if (!smack_rule_cache)
4322 smack_master_list_cache = KMEM_CACHE(smack_master_list, 0);
4323 if (!smack_master_list_cache) {
4324 kmem_cache_destroy(smack_rule_cache);
4328 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4329 if (!smack_inode_cache) {
4330 kmem_cache_destroy(smack_master_list_cache);
4331 kmem_cache_destroy(smack_rule_cache);
4335 tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4338 kmem_cache_destroy(smack_master_list_cache);
4339 kmem_cache_destroy(smack_rule_cache);
4340 kmem_cache_destroy(smack_inode_cache);
4344 printk(KERN_INFO "Smack: Initializing.\n");
4347 * Set the security state for the initial task.
4349 cred = (struct cred *) current->cred;
4350 cred->security = tsp;
4352 /* initialize the smack_known_list */
4353 init_smack_known_list();
4358 if (register_security(&smack_ops))
4359 panic("smack: Unable to register with kernel.\n");
4365 * Smack requires early initialization in order to label
4366 * all processes and objects when they are created.
4368 security_initcall(smack_init);
projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / blob