1 // SPDX-License-Identifier: GPL-2.0-only
3 * Simplified MAC Kernel (smack) security module
5 * This file contains the smack hook function implementations.
8 * Casey Schaufler <casey@schaufler-ca.com>
9 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
11 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
12 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
13 * Paul Moore <paul@paul-moore.com>
14 * Copyright (C) 2010 Nokia Corporation
15 * Copyright (C) 2011 Intel Corporation.
18 #include <linux/xattr.h>
19 #include <linux/pagemap.h>
20 #include <linux/mount.h>
21 #include <linux/stat.h>
23 #include <asm/ioctls.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/dccp.h>
28 #include <linux/icmpv6.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <net/cipso_ipv4.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
41 #include <linux/parser.h>
42 #include <linux/fs_context.h>
43 #include <linux/fs_parser.h>
44 #include <linux/watch_queue.h>
45 #include <linux/io_uring.h>
48 #define TRANS_TRUE "TRUE"
49 #define TRANS_TRUE_SIZE 4
51 #define SMK_CONNECTING 0
52 #define SMK_RECEIVING 1
55 #define SMACK_INODE_INIT_XATTRS 1
57 #ifdef SMACK_IPV6_PORT_LABELING
58 static DEFINE_MUTEX(smack_ipv6_lock);
59 static LIST_HEAD(smk_ipv6_port_list);
61 struct kmem_cache *smack_rule_cache;
62 int smack_enabled __initdata;
64 #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
69 } smk_mount_opts[] = {
70 {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
71 A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
75 static int match_opt_prefix(char *s, int l, char **arg)
79 for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
80 size_t len = smk_mount_opts[i].len;
81 if (len > l || memcmp(s, smk_mount_opts[i].name, len))
83 if (len == l || s[len] != '=')
86 return smk_mount_opts[i].opt;
91 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
92 static char *smk_bu_mess[] = {
93 "Bringup Error", /* Unused */
94 "Bringup", /* SMACK_BRINGUP_ALLOW */
95 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
96 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
99 static void smk_bu_mode(int mode, char *s)
105 if (mode & MAY_WRITE)
109 if (mode & MAY_APPEND)
111 if (mode & MAY_TRANSMUTE)
121 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
122 static int smk_bu_note(char *note, struct smack_known *sskp,
123 struct smack_known *oskp, int mode, int rc)
125 char acc[SMK_NUM_ACCESS_TYPE + 1];
129 if (rc > SMACK_UNCONFINED_OBJECT)
132 smk_bu_mode(mode, acc);
133 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
134 sskp->smk_known, oskp->smk_known, acc, note);
138 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
141 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
142 static int smk_bu_current(char *note, struct smack_known *oskp,
145 struct task_smack *tsp = smack_cred(current_cred());
146 char acc[SMK_NUM_ACCESS_TYPE + 1];
150 if (rc > SMACK_UNCONFINED_OBJECT)
153 smk_bu_mode(mode, acc);
154 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
155 tsp->smk_task->smk_known, oskp->smk_known,
156 acc, current->comm, note);
160 #define smk_bu_current(note, oskp, mode, RC) (RC)
163 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
164 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
166 struct task_smack *tsp = smack_cred(current_cred());
167 struct smack_known *smk_task = smk_of_task_struct_obj(otp);
168 char acc[SMK_NUM_ACCESS_TYPE + 1];
172 if (rc > SMACK_UNCONFINED_OBJECT)
175 smk_bu_mode(mode, acc);
176 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
177 tsp->smk_task->smk_known, smk_task->smk_known, acc,
178 current->comm, otp->comm);
182 #define smk_bu_task(otp, mode, RC) (RC)
185 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
186 static int smk_bu_inode(struct inode *inode, int mode, int rc)
188 struct task_smack *tsp = smack_cred(current_cred());
189 struct inode_smack *isp = smack_inode(inode);
190 char acc[SMK_NUM_ACCESS_TYPE + 1];
192 if (isp->smk_flags & SMK_INODE_IMPURE)
193 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
194 inode->i_sb->s_id, inode->i_ino, current->comm);
198 if (rc > SMACK_UNCONFINED_OBJECT)
200 if (rc == SMACK_UNCONFINED_SUBJECT &&
201 (mode & (MAY_WRITE | MAY_APPEND)))
202 isp->smk_flags |= SMK_INODE_IMPURE;
204 smk_bu_mode(mode, acc);
206 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
207 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
208 inode->i_sb->s_id, inode->i_ino, current->comm);
212 #define smk_bu_inode(inode, mode, RC) (RC)
215 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
216 static int smk_bu_file(struct file *file, int mode, int rc)
218 struct task_smack *tsp = smack_cred(current_cred());
219 struct smack_known *sskp = tsp->smk_task;
220 struct inode *inode = file_inode(file);
221 struct inode_smack *isp = smack_inode(inode);
222 char acc[SMK_NUM_ACCESS_TYPE + 1];
224 if (isp->smk_flags & SMK_INODE_IMPURE)
225 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
226 inode->i_sb->s_id, inode->i_ino, current->comm);
230 if (rc > SMACK_UNCONFINED_OBJECT)
233 smk_bu_mode(mode, acc);
234 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
235 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
236 inode->i_sb->s_id, inode->i_ino, file,
241 #define smk_bu_file(file, mode, RC) (RC)
244 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
245 static int smk_bu_credfile(const struct cred *cred, struct file *file,
248 struct task_smack *tsp = smack_cred(cred);
249 struct smack_known *sskp = tsp->smk_task;
250 struct inode *inode = file_inode(file);
251 struct inode_smack *isp = smack_inode(inode);
252 char acc[SMK_NUM_ACCESS_TYPE + 1];
254 if (isp->smk_flags & SMK_INODE_IMPURE)
255 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
256 inode->i_sb->s_id, inode->i_ino, current->comm);
260 if (rc > SMACK_UNCONFINED_OBJECT)
263 smk_bu_mode(mode, acc);
264 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
265 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
266 inode->i_sb->s_id, inode->i_ino, file,
271 #define smk_bu_credfile(cred, file, mode, RC) (RC)
275 * smk_fetch - Fetch the smack label from a file.
276 * @name: type of the label (attribute)
277 * @ip: a pointer to the inode
278 * @dp: a pointer to the dentry
280 * Returns a pointer to the master list entry for the Smack label,
281 * NULL if there was no label to fetch, or an error code.
283 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
288 struct smack_known *skp = NULL;
290 if (!(ip->i_opflags & IOP_XATTR))
291 return ERR_PTR(-EOPNOTSUPP);
293 buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
295 return ERR_PTR(-ENOMEM);
297 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
303 skp = smk_import_entry(buffer, rc);
311 * init_inode_smack - initialize an inode security blob
312 * @inode: inode to extract the info from
313 * @skp: a pointer to the Smack label entry to use in the blob
316 static void init_inode_smack(struct inode *inode, struct smack_known *skp)
318 struct inode_smack *isp = smack_inode(inode);
320 isp->smk_inode = skp;
325 * init_task_smack - initialize a task security blob
326 * @tsp: blob to initialize
327 * @task: a pointer to the Smack label for the running task
328 * @forked: a pointer to the Smack label for the forked task
331 static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
332 struct smack_known *forked)
334 tsp->smk_task = task;
335 tsp->smk_forked = forked;
336 INIT_LIST_HEAD(&tsp->smk_rules);
337 INIT_LIST_HEAD(&tsp->smk_relabel);
338 mutex_init(&tsp->smk_rules_lock);
342 * smk_copy_rules - copy a rule set
343 * @nhead: new rules header pointer
344 * @ohead: old rules header pointer
345 * @gfp: type of the memory for the allocation
347 * Returns 0 on success, -ENOMEM on error
349 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
352 struct smack_rule *nrp;
353 struct smack_rule *orp;
356 list_for_each_entry_rcu(orp, ohead, list) {
357 nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
363 list_add_rcu(&nrp->list, nhead);
369 * smk_copy_relabel - copy smk_relabel labels list
370 * @nhead: new rules header pointer
371 * @ohead: old rules header pointer
372 * @gfp: type of the memory for the allocation
374 * Returns 0 on success, -ENOMEM on error
376 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
379 struct smack_known_list_elem *nklep;
380 struct smack_known_list_elem *oklep;
382 list_for_each_entry(oklep, ohead, list) {
383 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
385 smk_destroy_label_list(nhead);
388 nklep->smk_label = oklep->smk_label;
389 list_add(&nklep->list, nhead);
396 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
397 * @mode: input mode in form of PTRACE_MODE_*
399 * Returns a converted MAY_* mode usable by smack rules
401 static inline unsigned int smk_ptrace_mode(unsigned int mode)
403 if (mode & PTRACE_MODE_ATTACH)
404 return MAY_READWRITE;
405 if (mode & PTRACE_MODE_READ)
412 * smk_ptrace_rule_check - helper for ptrace access
413 * @tracer: tracer process
414 * @tracee_known: label entry of the process that's about to be traced
415 * @mode: ptrace attachment mode (PTRACE_MODE_*)
416 * @func: name of the function that called us, used for audit
418 * Returns 0 on access granted, -error on error
420 static int smk_ptrace_rule_check(struct task_struct *tracer,
421 struct smack_known *tracee_known,
422 unsigned int mode, const char *func)
425 struct smk_audit_info ad, *saip = NULL;
426 struct task_smack *tsp;
427 struct smack_known *tracer_known;
428 const struct cred *tracercred;
430 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
431 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
432 smk_ad_setfield_u_tsk(&ad, tracer);
437 tracercred = __task_cred(tracer);
438 tsp = smack_cred(tracercred);
439 tracer_known = smk_of_task(tsp);
441 if ((mode & PTRACE_MODE_ATTACH) &&
442 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
443 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
444 if (tracer_known->smk_known == tracee_known->smk_known)
446 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
448 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
454 smack_log(tracer_known->smk_known,
455 tracee_known->smk_known,
462 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
463 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
471 * We he, that is fun!
475 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
476 * @ctp: child task pointer
477 * @mode: ptrace attachment mode (PTRACE_MODE_*)
479 * Returns 0 if access is OK, an error code otherwise
481 * Do the capability checks.
483 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
485 struct smack_known *skp;
487 skp = smk_of_task_struct_obj(ctp);
489 return smk_ptrace_rule_check(current, skp, mode, __func__);
493 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
494 * @ptp: parent task pointer
496 * Returns 0 if access is OK, an error code otherwise
498 * Do the capability checks, and require PTRACE_MODE_ATTACH.
500 static int smack_ptrace_traceme(struct task_struct *ptp)
502 struct smack_known *skp;
504 skp = smk_of_task(smack_cred(current_cred()));
506 return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
510 * smack_syslog - Smack approval on syslog
511 * @typefrom_file: unused
513 * Returns 0 on success, error code otherwise.
515 static int smack_syslog(int typefrom_file)
518 struct smack_known *skp = smk_of_current();
520 if (smack_privileged(CAP_MAC_OVERRIDE))
523 if (smack_syslog_label != NULL && smack_syslog_label != skp)
534 * smack_sb_alloc_security - allocate a superblock blob
535 * @sb: the superblock getting the blob
537 * Returns 0 on success or -ENOMEM on error.
539 static int smack_sb_alloc_security(struct super_block *sb)
541 struct superblock_smack *sbsp = smack_superblock(sb);
543 sbsp->smk_root = &smack_known_floor;
544 sbsp->smk_default = &smack_known_floor;
545 sbsp->smk_floor = &smack_known_floor;
546 sbsp->smk_hat = &smack_known_hat;
548 * SMK_SB_INITIALIZED will be zero from kzalloc.
554 struct smack_mnt_opts {
555 const char *fsdefault;
559 const char *fstransmute;
562 static void smack_free_mnt_opts(void *mnt_opts)
567 static int smack_add_opt(int token, const char *s, void **mnt_opts)
569 struct smack_mnt_opts *opts = *mnt_opts;
570 struct smack_known *skp;
573 opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
581 skp = smk_import_entry(s, 0);
589 opts->fsdefault = skp->smk_known;
594 opts->fsfloor = skp->smk_known;
599 opts->fshat = skp->smk_known;
604 opts->fsroot = skp->smk_known;
606 case Opt_fstransmute:
607 if (opts->fstransmute)
609 opts->fstransmute = skp->smk_known;
615 pr_warn("Smack: duplicate mount options\n");
620 * smack_fs_context_dup - Duplicate the security data on fs_context duplication
621 * @fc: The new filesystem context.
622 * @src_fc: The source filesystem context being duplicated.
624 * Returns 0 on success or -ENOMEM on error.
626 static int smack_fs_context_dup(struct fs_context *fc,
627 struct fs_context *src_fc)
629 struct smack_mnt_opts *dst, *src = src_fc->security;
634 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
639 dst->fsdefault = src->fsdefault;
640 dst->fsfloor = src->fsfloor;
641 dst->fshat = src->fshat;
642 dst->fsroot = src->fsroot;
643 dst->fstransmute = src->fstransmute;
648 static const struct fs_parameter_spec smack_fs_parameters[] = {
649 fsparam_string("smackfsdef", Opt_fsdefault),
650 fsparam_string("smackfsdefault", Opt_fsdefault),
651 fsparam_string("smackfsfloor", Opt_fsfloor),
652 fsparam_string("smackfshat", Opt_fshat),
653 fsparam_string("smackfsroot", Opt_fsroot),
654 fsparam_string("smackfstransmute", Opt_fstransmute),
659 * smack_fs_context_parse_param - Parse a single mount parameter
660 * @fc: The new filesystem context being constructed.
661 * @param: The parameter.
663 * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
666 static int smack_fs_context_parse_param(struct fs_context *fc,
667 struct fs_parameter *param)
669 struct fs_parse_result result;
672 opt = fs_parse(fc, smack_fs_parameters, param, &result);
676 rc = smack_add_opt(opt, param->string, &fc->security);
678 param->string = NULL;
682 static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
684 char *from = options, *to = options;
688 char *next = strchr(from, ',');
697 token = match_opt_prefix(from, len, &arg);
698 if (token != Opt_error) {
699 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
700 rc = smack_add_opt(token, arg, mnt_opts);
704 smack_free_mnt_opts(*mnt_opts);
709 if (!first) { // copy with preceding comma
714 memmove(to, from, len);
727 * smack_set_mnt_opts - set Smack specific mount options
728 * @sb: the file system superblock
729 * @mnt_opts: Smack mount options
730 * @kern_flags: mount option from kernel space or user space
731 * @set_kern_flags: where to store converted mount opts
733 * Returns 0 on success, an error code on failure
735 * Allow filesystems with binary mount data to explicitly set Smack mount
738 static int smack_set_mnt_opts(struct super_block *sb,
740 unsigned long kern_flags,
741 unsigned long *set_kern_flags)
743 struct dentry *root = sb->s_root;
744 struct inode *inode = d_backing_inode(root);
745 struct superblock_smack *sp = smack_superblock(sb);
746 struct inode_smack *isp;
747 struct smack_known *skp;
748 struct smack_mnt_opts *opts = mnt_opts;
749 bool transmute = false;
751 if (sp->smk_flags & SMK_SB_INITIALIZED)
754 if (!smack_privileged(CAP_MAC_ADMIN)) {
756 * Unprivileged mounts don't get to specify Smack values.
761 * Unprivileged mounts get root and default from the caller.
763 skp = smk_of_current();
765 sp->smk_default = skp;
767 * For a handful of fs types with no user-controlled
768 * backing store it's okay to trust security labels
769 * in the filesystem. The rest are untrusted.
771 if (sb->s_user_ns != &init_user_ns &&
772 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
773 sb->s_magic != RAMFS_MAGIC) {
775 sp->smk_flags |= SMK_SB_UNTRUSTED;
779 sp->smk_flags |= SMK_SB_INITIALIZED;
782 if (opts->fsdefault) {
783 skp = smk_import_entry(opts->fsdefault, 0);
786 sp->smk_default = skp;
789 skp = smk_import_entry(opts->fsfloor, 0);
795 skp = smk_import_entry(opts->fshat, 0);
801 skp = smk_import_entry(opts->fsroot, 0);
806 if (opts->fstransmute) {
807 skp = smk_import_entry(opts->fstransmute, 0);
816 * Initialize the root inode.
818 init_inode_smack(inode, sp->smk_root);
821 isp = smack_inode(inode);
822 isp->smk_flags |= SMK_INODE_TRANSMUTE;
829 * smack_sb_statfs - Smack check on statfs
830 * @dentry: identifies the file system in question
832 * Returns 0 if current can read the floor of the filesystem,
833 * and error code otherwise
835 static int smack_sb_statfs(struct dentry *dentry)
837 struct superblock_smack *sbp = smack_superblock(dentry->d_sb);
839 struct smk_audit_info ad;
841 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
842 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
844 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
845 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
854 * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec
855 * @bprm: the exec information
857 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
859 static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)
861 struct inode *inode = file_inode(bprm->file);
862 struct task_smack *bsp = smack_cred(bprm->cred);
863 struct inode_smack *isp;
864 struct superblock_smack *sbsp;
867 isp = smack_inode(inode);
868 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
871 sbsp = smack_superblock(inode->i_sb);
872 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
873 isp->smk_task != sbsp->smk_root)
876 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
877 struct task_struct *tracer;
881 tracer = ptrace_parent(current);
882 if (likely(tracer != NULL))
883 rc = smk_ptrace_rule_check(tracer,
892 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
895 bsp->smk_task = isp->smk_task;
896 bprm->per_clear |= PER_CLEAR_ON_SETID;
898 /* Decide if this is a secure exec. */
899 if (bsp->smk_task != bsp->smk_forked)
900 bprm->secureexec = 1;
910 * smack_inode_alloc_security - allocate an inode blob
911 * @inode: the inode in need of a blob
915 static int smack_inode_alloc_security(struct inode *inode)
917 struct smack_known *skp = smk_of_current();
919 init_inode_smack(inode, skp);
924 * smack_inode_init_security - copy out the smack from an inode
925 * @inode: the newly created inode
926 * @dir: containing directory object
928 * @xattrs: where to put the attributes
929 * @xattr_count: current number of LSM-provided xattrs (updated)
931 * Returns 0 if it all works out, -ENOMEM if there's no memory
933 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
934 const struct qstr *qstr,
935 struct xattr *xattrs, int *xattr_count)
937 struct task_smack *tsp = smack_cred(current_cred());
938 struct inode_smack *issp = smack_inode(inode);
939 struct smack_known *skp = smk_of_task(tsp);
940 struct smack_known *isp = smk_of_inode(inode);
941 struct smack_known *dsp = smk_of_inode(dir);
942 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
947 * If equal, transmuting already occurred in
948 * smack_dentry_create_files_as(). No need to check again.
950 if (tsp->smk_task != tsp->smk_transmuted) {
952 may = smk_access_entry(skp->smk_known, dsp->smk_known,
958 * In addition to having smk_task equal to smk_transmuted,
959 * if the access rule allows transmutation and the directory
960 * requests transmutation then by all means transmute.
961 * Mark the inode as changed.
963 if ((tsp->smk_task == tsp->smk_transmuted) ||
964 (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
965 smk_inode_transmutable(dir))) {
967 * The caller of smack_dentry_create_files_as()
968 * should have overridden the current cred, so the
969 * inode label was already set correctly in
970 * smack_inode_alloc_security().
972 if (tsp->smk_task != tsp->smk_transmuted)
974 issp->smk_flags |= SMK_INODE_CHANGED;
977 xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
981 xattr->value_len = strlen(isp->smk_known);
982 xattr->name = XATTR_SMACK_SUFFIX;
989 * smack_inode_link - Smack check on link
990 * @old_dentry: the existing object
992 * @new_dentry: the new object
994 * Returns 0 if access is permitted, an error code otherwise
996 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
997 struct dentry *new_dentry)
999 struct smack_known *isp;
1000 struct smk_audit_info ad;
1003 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1004 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1006 isp = smk_of_inode(d_backing_inode(old_dentry));
1007 rc = smk_curacc(isp, MAY_WRITE, &ad);
1008 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1010 if (rc == 0 && d_is_positive(new_dentry)) {
1011 isp = smk_of_inode(d_backing_inode(new_dentry));
1012 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1013 rc = smk_curacc(isp, MAY_WRITE, &ad);
1014 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1021 * smack_inode_unlink - Smack check on inode deletion
1022 * @dir: containing directory object
1023 * @dentry: file to unlink
1025 * Returns 0 if current can write the containing directory
1026 * and the object, error code otherwise
1028 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1030 struct inode *ip = d_backing_inode(dentry);
1031 struct smk_audit_info ad;
1034 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1035 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1038 * You need write access to the thing you're unlinking
1040 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1041 rc = smk_bu_inode(ip, MAY_WRITE, rc);
1044 * You also need write access to the containing directory
1046 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1047 smk_ad_setfield_u_fs_inode(&ad, dir);
1048 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1049 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1055 * smack_inode_rmdir - Smack check on directory deletion
1056 * @dir: containing directory object
1057 * @dentry: directory to unlink
1059 * Returns 0 if current can write the containing directory
1060 * and the directory, error code otherwise
1062 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1064 struct smk_audit_info ad;
1067 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1068 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1071 * You need write access to the thing you're removing
1073 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1074 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1077 * You also need write access to the containing directory
1079 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1080 smk_ad_setfield_u_fs_inode(&ad, dir);
1081 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1082 rc = smk_bu_inode(dir, MAY_WRITE, rc);
1089 * smack_inode_rename - Smack check on rename
1090 * @old_inode: unused
1091 * @old_dentry: the old object
1092 * @new_inode: unused
1093 * @new_dentry: the new object
1095 * Read and write access is required on both the old and
1098 * Returns 0 if access is permitted, an error code otherwise
1100 static int smack_inode_rename(struct inode *old_inode,
1101 struct dentry *old_dentry,
1102 struct inode *new_inode,
1103 struct dentry *new_dentry)
1106 struct smack_known *isp;
1107 struct smk_audit_info ad;
1109 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1110 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1112 isp = smk_of_inode(d_backing_inode(old_dentry));
1113 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1114 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1116 if (rc == 0 && d_is_positive(new_dentry)) {
1117 isp = smk_of_inode(d_backing_inode(new_dentry));
1118 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1119 rc = smk_curacc(isp, MAY_READWRITE, &ad);
1120 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1126 * smack_inode_permission - Smack version of permission()
1127 * @inode: the inode in question
1128 * @mask: the access requested
1130 * This is the important Smack hook.
1132 * Returns 0 if access is permitted, an error code otherwise
1134 static int smack_inode_permission(struct inode *inode, int mask)
1136 struct superblock_smack *sbsp = smack_superblock(inode->i_sb);
1137 struct smk_audit_info ad;
1138 int no_block = mask & MAY_NOT_BLOCK;
1141 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1143 * No permission to check. Existence test. Yup, it's there.
1148 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1149 if (smk_of_inode(inode) != sbsp->smk_root)
1153 /* May be droppable after audit */
1156 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1157 smk_ad_setfield_u_fs_inode(&ad, inode);
1158 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1159 rc = smk_bu_inode(inode, mask, rc);
1164 * smack_inode_setattr - Smack check for setting attributes
1165 * @dentry: the object
1166 * @iattr: for the force flag
1168 * Returns 0 if access is permitted, an error code otherwise
1170 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1172 struct smk_audit_info ad;
1176 * Need to allow for clearing the setuid bit.
1178 if (iattr->ia_valid & ATTR_FORCE)
1180 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1181 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1183 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1184 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1189 * smack_inode_getattr - Smack check for getting attributes
1190 * @path: path to extract the info from
1192 * Returns 0 if access is permitted, an error code otherwise
1194 static int smack_inode_getattr(const struct path *path)
1196 struct smk_audit_info ad;
1197 struct inode *inode = d_backing_inode(path->dentry);
1200 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1201 smk_ad_setfield_u_fs_path(&ad, *path);
1202 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1203 rc = smk_bu_inode(inode, MAY_READ, rc);
1208 * smack_inode_setxattr - Smack check for setting xattrs
1209 * @idmap: idmap of the mount
1210 * @dentry: the object
1211 * @name: name of the attribute
1212 * @value: value of the attribute
1213 * @size: size of the value
1216 * This protects the Smack attribute explicitly.
1218 * Returns 0 if access is permitted, an error code otherwise
1220 static int smack_inode_setxattr(struct mnt_idmap *idmap,
1221 struct dentry *dentry, const char *name,
1222 const void *value, size_t size, int flags)
1224 struct smk_audit_info ad;
1225 struct smack_known *skp;
1227 int check_import = 0;
1232 * Check label validity here so import won't fail in post_setxattr
1234 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1235 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1236 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1239 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1240 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1244 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1246 if (size != TRANS_TRUE_SIZE ||
1247 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1250 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1252 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1255 if (rc == 0 && check_import) {
1256 skp = size ? smk_import_entry(value, size) : NULL;
1259 else if (skp == NULL || (check_star &&
1260 (skp == &smack_known_star || skp == &smack_known_web)))
1264 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1265 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1268 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1269 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1276 * smack_inode_post_setxattr - Apply the Smack update approved above
1278 * @name: attribute name
1279 * @value: attribute value
1280 * @size: attribute size
1283 * Set the pointer in the inode blob to the entry found
1284 * in the master label list.
1286 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1287 const void *value, size_t size, int flags)
1289 struct smack_known *skp;
1290 struct inode_smack *isp = smack_inode(d_backing_inode(dentry));
1292 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1293 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1297 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1298 skp = smk_import_entry(value, size);
1300 isp->smk_inode = skp;
1301 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1302 skp = smk_import_entry(value, size);
1304 isp->smk_task = skp;
1305 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1306 skp = smk_import_entry(value, size);
1308 isp->smk_mmap = skp;
1315 * smack_inode_getxattr - Smack check on getxattr
1316 * @dentry: the object
1319 * Returns 0 if access is permitted, an error code otherwise
1321 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1323 struct smk_audit_info ad;
1326 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1327 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1329 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1330 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1335 * smack_inode_removexattr - Smack check on removexattr
1336 * @idmap: idmap of the mount
1337 * @dentry: the object
1338 * @name: name of the attribute
1340 * Removing the Smack attribute requires CAP_MAC_ADMIN
1342 * Returns 0 if access is permitted, an error code otherwise
1344 static int smack_inode_removexattr(struct mnt_idmap *idmap,
1345 struct dentry *dentry, const char *name)
1347 struct inode_smack *isp;
1348 struct smk_audit_info ad;
1351 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1352 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1353 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1354 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1355 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1356 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1357 if (!smack_privileged(CAP_MAC_ADMIN))
1360 rc = cap_inode_removexattr(idmap, dentry, name);
1365 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1366 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1368 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1369 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1373 isp = smack_inode(d_backing_inode(dentry));
1375 * Don't do anything special for these.
1376 * XATTR_NAME_SMACKIPIN
1377 * XATTR_NAME_SMACKIPOUT
1379 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1380 struct super_block *sbp = dentry->d_sb;
1381 struct superblock_smack *sbsp = smack_superblock(sbp);
1383 isp->smk_inode = sbsp->smk_default;
1384 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1385 isp->smk_task = NULL;
1386 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1387 isp->smk_mmap = NULL;
1388 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1389 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1395 * smack_inode_set_acl - Smack check for setting posix acls
1396 * @idmap: idmap of the mnt this request came from
1397 * @dentry: the object
1398 * @acl_name: name of the posix acl
1399 * @kacl: the posix acls
1401 * Returns 0 if access is permitted, an error code otherwise
1403 static int smack_inode_set_acl(struct mnt_idmap *idmap,
1404 struct dentry *dentry, const char *acl_name,
1405 struct posix_acl *kacl)
1407 struct smk_audit_info ad;
1410 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1411 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1413 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1414 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1419 * smack_inode_get_acl - Smack check for getting posix acls
1420 * @idmap: idmap of the mnt this request came from
1421 * @dentry: the object
1422 * @acl_name: name of the posix acl
1424 * Returns 0 if access is permitted, an error code otherwise
1426 static int smack_inode_get_acl(struct mnt_idmap *idmap,
1427 struct dentry *dentry, const char *acl_name)
1429 struct smk_audit_info ad;
1432 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1433 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1435 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1436 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1441 * smack_inode_remove_acl - Smack check for getting posix acls
1442 * @idmap: idmap of the mnt this request came from
1443 * @dentry: the object
1444 * @acl_name: name of the posix acl
1446 * Returns 0 if access is permitted, an error code otherwise
1448 static int smack_inode_remove_acl(struct mnt_idmap *idmap,
1449 struct dentry *dentry, const char *acl_name)
1451 struct smk_audit_info ad;
1454 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1455 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1457 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1458 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1463 * smack_inode_getsecurity - get smack xattrs
1464 * @idmap: idmap of the mount
1465 * @inode: the object
1466 * @name: attribute name
1467 * @buffer: where to put the result
1468 * @alloc: duplicate memory
1470 * Returns the size of the attribute or an error code
1472 static int smack_inode_getsecurity(struct mnt_idmap *idmap,
1473 struct inode *inode, const char *name,
1474 void **buffer, bool alloc)
1476 struct socket_smack *ssp;
1477 struct socket *sock;
1478 struct super_block *sbp;
1479 struct inode *ip = inode;
1480 struct smack_known *isp;
1481 struct inode_smack *ispp;
1485 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1486 isp = smk_of_inode(inode);
1487 } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
1488 ispp = smack_inode(inode);
1489 if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
1495 * The rest of the Smack xattrs are only on sockets.
1498 if (sbp->s_magic != SOCKFS_MAGIC)
1501 sock = SOCKET_I(ip);
1502 if (sock == NULL || sock->sk == NULL)
1505 ssp = sock->sk->sk_security;
1507 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1509 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1516 label = isp->smk_known;
1518 label_len = strlen(label);
1521 *buffer = kstrdup(label, GFP_KERNEL);
1522 if (*buffer == NULL)
1531 * smack_inode_listsecurity - list the Smack attributes
1532 * @inode: the object
1533 * @buffer: where they go
1534 * @buffer_size: size of buffer
1536 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1539 int len = sizeof(XATTR_NAME_SMACK);
1541 if (buffer != NULL && len <= buffer_size)
1542 memcpy(buffer, XATTR_NAME_SMACK, len);
1548 * smack_inode_getsecid - Extract inode's security id
1549 * @inode: inode to extract the info from
1550 * @secid: where result will be saved
1552 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1554 struct smack_known *skp = smk_of_inode(inode);
1556 *secid = skp->smk_secid;
1564 * There is no smack_file_permission hook
1566 * Should access checks be done on each read or write?
1567 * UNICOS and SELinux say yes.
1568 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1570 * I'll say no for now. Smack does not do the frequent
1571 * label changing that SELinux does.
1575 * smack_file_alloc_security - assign a file security blob
1578 * The security blob for a file is a pointer to the master
1579 * label list, so no allocation is done.
1581 * f_security is the owner security information. It
1582 * isn't used on file access checks, it's for send_sigio.
1586 static int smack_file_alloc_security(struct file *file)
1588 struct smack_known **blob = smack_file(file);
1590 *blob = smk_of_current();
1595 * smack_file_ioctl - Smack check on ioctls
1600 * Relies heavily on the correct use of the ioctl command conventions.
1602 * Returns 0 if allowed, error code otherwise
1604 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1608 struct smk_audit_info ad;
1609 struct inode *inode = file_inode(file);
1611 if (unlikely(IS_PRIVATE(inode)))
1614 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1615 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1617 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1618 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1619 rc = smk_bu_file(file, MAY_WRITE, rc);
1622 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1623 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1624 rc = smk_bu_file(file, MAY_READ, rc);
1631 * smack_file_lock - Smack check on file locking
1635 * Returns 0 if current has lock access, error code otherwise
1637 static int smack_file_lock(struct file *file, unsigned int cmd)
1639 struct smk_audit_info ad;
1641 struct inode *inode = file_inode(file);
1643 if (unlikely(IS_PRIVATE(inode)))
1646 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1647 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1648 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1649 rc = smk_bu_file(file, MAY_LOCK, rc);
1654 * smack_file_fcntl - Smack check on fcntl
1656 * @cmd: what action to check
1659 * Generally these operations are harmless.
1660 * File locking operations present an obvious mechanism
1661 * for passing information, so they require write access.
1663 * Returns 0 if current has access, error code otherwise
1665 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1668 struct smk_audit_info ad;
1670 struct inode *inode = file_inode(file);
1672 if (unlikely(IS_PRIVATE(inode)))
1680 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1681 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1682 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1683 rc = smk_bu_file(file, MAY_LOCK, rc);
1687 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1688 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1689 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1690 rc = smk_bu_file(file, MAY_WRITE, rc);
1700 * smack_mmap_file - Check permissions for a mmap operation.
1701 * @file: contains the file structure for file to map (may be NULL).
1702 * @reqprot: contains the protection requested by the application.
1703 * @prot: contains the protection that will be applied by the kernel.
1704 * @flags: contains the operational flags.
1706 * The @file may be NULL, e.g. if mapping anonymous memory.
1708 * Return 0 if permission is granted.
1710 static int smack_mmap_file(struct file *file,
1711 unsigned long reqprot, unsigned long prot,
1712 unsigned long flags)
1714 struct smack_known *skp;
1715 struct smack_known *mkp;
1716 struct smack_rule *srp;
1717 struct task_smack *tsp;
1718 struct smack_known *okp;
1719 struct inode_smack *isp;
1720 struct superblock_smack *sbsp;
1729 if (unlikely(IS_PRIVATE(file_inode(file))))
1732 isp = smack_inode(file_inode(file));
1733 if (isp->smk_mmap == NULL)
1735 sbsp = smack_superblock(file_inode(file)->i_sb);
1736 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1737 isp->smk_mmap != sbsp->smk_root)
1739 mkp = isp->smk_mmap;
1741 tsp = smack_cred(current_cred());
1742 skp = smk_of_current();
1747 * For each Smack rule associated with the subject
1748 * label verify that the SMACK64MMAP also has access
1749 * to that rule's object label.
1751 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1752 okp = srp->smk_object;
1754 * Matching labels always allows access.
1756 if (mkp->smk_known == okp->smk_known)
1759 * If there is a matching local rule take
1760 * that into account as well.
1762 may = smk_access_entry(srp->smk_subject->smk_known,
1766 may = srp->smk_access;
1768 may &= srp->smk_access;
1770 * If may is zero the SMACK64MMAP subject can't
1771 * possibly have less access.
1777 * Fetch the global list entry.
1778 * If there isn't one a SMACK64MMAP subject
1779 * can't have as much access as current.
1781 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1783 if (mmay == -ENOENT) {
1788 * If there is a local entry it modifies the
1789 * potential access, too.
1791 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1793 if (tmay != -ENOENT)
1797 * If there is any access available to current that is
1798 * not available to a SMACK64MMAP subject
1801 if ((may | mmay) != mmay) {
1813 * smack_file_set_fowner - set the file security blob value
1814 * @file: object in question
1817 static void smack_file_set_fowner(struct file *file)
1819 struct smack_known **blob = smack_file(file);
1821 *blob = smk_of_current();
1825 * smack_file_send_sigiotask - Smack on sigio
1826 * @tsk: The target task
1827 * @fown: the object the signal come from
1830 * Allow a privileged task to get signals even if it shouldn't
1832 * Returns 0 if a subject with the object's smack could
1833 * write to the task, an error code otherwise.
1835 static int smack_file_send_sigiotask(struct task_struct *tsk,
1836 struct fown_struct *fown, int signum)
1838 struct smack_known **blob;
1839 struct smack_known *skp;
1840 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
1841 const struct cred *tcred;
1844 struct smk_audit_info ad;
1847 * struct fown_struct is never outside the context of a struct file
1849 file = container_of(fown, struct file, f_owner);
1851 /* we don't log here as rc can be overriden */
1852 blob = smack_file(file);
1854 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1855 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1858 tcred = __task_cred(tsk);
1859 if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
1863 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1864 smk_ad_setfield_u_tsk(&ad, tsk);
1865 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1870 * smack_file_receive - Smack file receive check
1873 * Returns 0 if current has access, error code otherwise
1875 static int smack_file_receive(struct file *file)
1879 struct smk_audit_info ad;
1880 struct inode *inode = file_inode(file);
1881 struct socket *sock;
1882 struct task_smack *tsp;
1883 struct socket_smack *ssp;
1885 if (unlikely(IS_PRIVATE(inode)))
1888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1889 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1891 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
1892 sock = SOCKET_I(inode);
1893 ssp = sock->sk->sk_security;
1894 tsp = smack_cred(current_cred());
1896 * If the receiving process can't write to the
1897 * passed socket or if the passed socket can't
1898 * write to the receiving process don't accept
1899 * the passed socket.
1901 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1902 rc = smk_bu_file(file, may, rc);
1905 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1906 rc = smk_bu_file(file, may, rc);
1910 * This code relies on bitmasks.
1912 if (file->f_mode & FMODE_READ)
1914 if (file->f_mode & FMODE_WRITE)
1917 rc = smk_curacc(smk_of_inode(inode), may, &ad);
1918 rc = smk_bu_file(file, may, rc);
1923 * smack_file_open - Smack dentry open processing
1926 * Set the security blob in the file structure.
1927 * Allow the open only if the task has read access. There are
1928 * many read operations (e.g. fstat) that you can do with an
1929 * fd even if you have the file open write-only.
1931 * Returns 0 if current has access, error code otherwise
1933 static int smack_file_open(struct file *file)
1935 struct task_smack *tsp = smack_cred(file->f_cred);
1936 struct inode *inode = file_inode(file);
1937 struct smk_audit_info ad;
1940 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1941 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1942 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1943 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
1953 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1954 * @cred: the new credentials
1955 * @gfp: the atomicity of any memory allocations
1957 * Prepare a blank set of credentials for modification. This must allocate all
1958 * the memory the LSM module might require such that cred_transfer() can
1959 * complete without error.
1961 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1963 init_task_smack(smack_cred(cred), NULL, NULL);
1969 * smack_cred_free - "free" task-level security credentials
1970 * @cred: the credentials in question
1973 static void smack_cred_free(struct cred *cred)
1975 struct task_smack *tsp = smack_cred(cred);
1976 struct smack_rule *rp;
1977 struct list_head *l;
1978 struct list_head *n;
1980 smk_destroy_label_list(&tsp->smk_relabel);
1982 list_for_each_safe(l, n, &tsp->smk_rules) {
1983 rp = list_entry(l, struct smack_rule, list);
1984 list_del(&rp->list);
1985 kmem_cache_free(smack_rule_cache, rp);
1990 * smack_cred_prepare - prepare new set of credentials for modification
1991 * @new: the new credentials
1992 * @old: the original credentials
1993 * @gfp: the atomicity of any memory allocations
1995 * Prepare a new set of credentials for modification.
1997 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2000 struct task_smack *old_tsp = smack_cred(old);
2001 struct task_smack *new_tsp = smack_cred(new);
2004 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
2006 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2010 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2016 * smack_cred_transfer - Transfer the old credentials to the new credentials
2017 * @new: the new credentials
2018 * @old: the original credentials
2020 * Fill in a set of blank credentials from another set of credentials.
2022 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2024 struct task_smack *old_tsp = smack_cred(old);
2025 struct task_smack *new_tsp = smack_cred(new);
2027 new_tsp->smk_task = old_tsp->smk_task;
2028 new_tsp->smk_forked = old_tsp->smk_task;
2029 mutex_init(&new_tsp->smk_rules_lock);
2030 INIT_LIST_HEAD(&new_tsp->smk_rules);
2032 /* cbs copy rule list */
2036 * smack_cred_getsecid - get the secid corresponding to a creds structure
2037 * @cred: the object creds
2038 * @secid: where to put the result
2040 * Sets the secid to contain a u32 version of the smack label.
2042 static void smack_cred_getsecid(const struct cred *cred, u32 *secid)
2044 struct smack_known *skp;
2047 skp = smk_of_task(smack_cred(cred));
2048 *secid = skp->smk_secid;
2053 * smack_kernel_act_as - Set the subjective context in a set of credentials
2054 * @new: points to the set of credentials to be modified.
2055 * @secid: specifies the security ID to be set
2057 * Set the security data for a kernel service.
2059 static int smack_kernel_act_as(struct cred *new, u32 secid)
2061 struct task_smack *new_tsp = smack_cred(new);
2063 new_tsp->smk_task = smack_from_secid(secid);
2068 * smack_kernel_create_files_as - Set the file creation label in a set of creds
2069 * @new: points to the set of credentials to be modified
2070 * @inode: points to the inode to use as a reference
2072 * Set the file creation context in a set of credentials to the same
2073 * as the objective context of the specified inode
2075 static int smack_kernel_create_files_as(struct cred *new,
2076 struct inode *inode)
2078 struct inode_smack *isp = smack_inode(inode);
2079 struct task_smack *tsp = smack_cred(new);
2081 tsp->smk_forked = isp->smk_inode;
2082 tsp->smk_task = tsp->smk_forked;
2087 * smk_curacc_on_task - helper to log task related access
2088 * @p: the task object
2089 * @access: the access requested
2090 * @caller: name of the calling function for audit
2092 * Return 0 if access is permitted
2094 static int smk_curacc_on_task(struct task_struct *p, int access,
2097 struct smk_audit_info ad;
2098 struct smack_known *skp = smk_of_task_struct_obj(p);
2101 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2102 smk_ad_setfield_u_tsk(&ad, p);
2103 rc = smk_curacc(skp, access, &ad);
2104 rc = smk_bu_task(p, access, rc);
2109 * smack_task_setpgid - Smack check on setting pgid
2110 * @p: the task object
2113 * Return 0 if write access is permitted
2115 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2117 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2121 * smack_task_getpgid - Smack access check for getpgid
2122 * @p: the object task
2124 * Returns 0 if current can read the object task, error code otherwise
2126 static int smack_task_getpgid(struct task_struct *p)
2128 return smk_curacc_on_task(p, MAY_READ, __func__);
2132 * smack_task_getsid - Smack access check for getsid
2133 * @p: the object task
2135 * Returns 0 if current can read the object task, error code otherwise
2137 static int smack_task_getsid(struct task_struct *p)
2139 return smk_curacc_on_task(p, MAY_READ, __func__);
2143 * smack_current_getsecid_subj - get the subjective secid of the current task
2144 * @secid: where to put the result
2146 * Sets the secid to contain a u32 version of the task's subjective smack label.
2148 static void smack_current_getsecid_subj(u32 *secid)
2150 struct smack_known *skp = smk_of_current();
2152 *secid = skp->smk_secid;
2156 * smack_task_getsecid_obj - get the objective secid of the task
2158 * @secid: where to put the result
2160 * Sets the secid to contain a u32 version of the task's objective smack label.
2162 static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
2164 struct smack_known *skp = smk_of_task_struct_obj(p);
2166 *secid = skp->smk_secid;
2170 * smack_task_setnice - Smack check on setting nice
2171 * @p: the task object
2174 * Return 0 if write access is permitted
2176 static int smack_task_setnice(struct task_struct *p, int nice)
2178 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2182 * smack_task_setioprio - Smack check on setting ioprio
2183 * @p: the task object
2186 * Return 0 if write access is permitted
2188 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2190 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2194 * smack_task_getioprio - Smack check on reading ioprio
2195 * @p: the task object
2197 * Return 0 if read access is permitted
2199 static int smack_task_getioprio(struct task_struct *p)
2201 return smk_curacc_on_task(p, MAY_READ, __func__);
2205 * smack_task_setscheduler - Smack check on setting scheduler
2206 * @p: the task object
2208 * Return 0 if read access is permitted
2210 static int smack_task_setscheduler(struct task_struct *p)
2212 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2216 * smack_task_getscheduler - Smack check on reading scheduler
2217 * @p: the task object
2219 * Return 0 if read access is permitted
2221 static int smack_task_getscheduler(struct task_struct *p)
2223 return smk_curacc_on_task(p, MAY_READ, __func__);
2227 * smack_task_movememory - Smack check on moving memory
2228 * @p: the task object
2230 * Return 0 if write access is permitted
2232 static int smack_task_movememory(struct task_struct *p)
2234 return smk_curacc_on_task(p, MAY_WRITE, __func__);
2238 * smack_task_kill - Smack check on signal delivery
2239 * @p: the task object
2242 * @cred: identifies the cred to use in lieu of current's
2244 * Return 0 if write access is permitted
2247 static int smack_task_kill(struct task_struct *p, struct kernel_siginfo *info,
2248 int sig, const struct cred *cred)
2250 struct smk_audit_info ad;
2251 struct smack_known *skp;
2252 struct smack_known *tkp = smk_of_task_struct_obj(p);
2256 return 0; /* null signal; existence test */
2258 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2259 smk_ad_setfield_u_tsk(&ad, p);
2261 * Sending a signal requires that the sender
2262 * can write the receiver.
2265 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2266 rc = smk_bu_task(p, MAY_DELIVER, rc);
2270 * If the cred isn't NULL we're dealing with some USB IO
2271 * specific behavior. This is not clean. For one thing
2272 * we can't take privilege into account.
2274 skp = smk_of_task(smack_cred(cred));
2275 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2276 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2281 * smack_task_to_inode - copy task smack into the inode blob
2282 * @p: task to copy from
2283 * @inode: inode to copy to
2285 * Sets the smack pointer in the inode security blob
2287 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2289 struct inode_smack *isp = smack_inode(inode);
2290 struct smack_known *skp = smk_of_task_struct_obj(p);
2292 isp->smk_inode = skp;
2293 isp->smk_flags |= SMK_INODE_INSTANT;
2301 * smack_sk_alloc_security - Allocate a socket blob
2304 * @gfp_flags: memory allocation flags
2306 * Assign Smack pointers to current
2308 * Returns 0 on success, -ENOMEM is there's no memory
2310 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2312 struct smack_known *skp = smk_of_current();
2313 struct socket_smack *ssp;
2315 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2320 * Sockets created by kernel threads receive web label.
2322 if (unlikely(current->flags & PF_KTHREAD)) {
2323 ssp->smk_in = &smack_known_web;
2324 ssp->smk_out = &smack_known_web;
2329 ssp->smk_packet = NULL;
2331 sk->sk_security = ssp;
2337 * smack_sk_free_security - Free a socket blob
2340 * Clears the blob pointer
2342 static void smack_sk_free_security(struct sock *sk)
2344 #ifdef SMACK_IPV6_PORT_LABELING
2345 struct smk_port_label *spp;
2347 if (sk->sk_family == PF_INET6) {
2349 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2350 if (spp->smk_sock != sk)
2352 spp->smk_can_reuse = 1;
2358 kfree(sk->sk_security);
2362 * smack_sk_clone_security - Copy security context
2363 * @sk: the old socket
2364 * @newsk: the new socket
2366 * Copy the security context of the old socket pointer to the cloned
2368 static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)
2370 struct socket_smack *ssp_old = sk->sk_security;
2371 struct socket_smack *ssp_new = newsk->sk_security;
2373 *ssp_new = *ssp_old;
2377 * smack_ipv4host_label - check host based restrictions
2378 * @sip: the object end
2380 * looks for host based access restrictions
2382 * This version will only be appropriate for really small sets of single label
2383 * hosts. The caller is responsible for ensuring that the RCU read lock is
2384 * taken before calling this function.
2386 * Returns the label of the far end or NULL if it's not special.
2388 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2390 struct smk_net4addr *snp;
2391 struct in_addr *siap = &sip->sin_addr;
2393 if (siap->s_addr == 0)
2396 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2398 * we break after finding the first match because
2399 * the list is sorted from longest to shortest mask
2400 * so we have found the most specific match
2402 if (snp->smk_host.s_addr ==
2403 (siap->s_addr & snp->smk_mask.s_addr))
2404 return snp->smk_label;
2410 * smk_ipv6_localhost - Check for local ipv6 host address
2413 * Returns boolean true if this is the localhost address
2415 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2417 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2418 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2420 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2421 ntohs(be16p[7]) == 1)
2427 * smack_ipv6host_label - check host based restrictions
2428 * @sip: the object end
2430 * looks for host based access restrictions
2432 * This version will only be appropriate for really small sets of single label
2433 * hosts. The caller is responsible for ensuring that the RCU read lock is
2434 * taken before calling this function.
2436 * Returns the label of the far end or NULL if it's not special.
2438 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2440 struct smk_net6addr *snp;
2441 struct in6_addr *sap = &sip->sin6_addr;
2446 * It's local. Don't look for a host label.
2448 if (smk_ipv6_localhost(sip))
2451 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2453 * If the label is NULL the entry has
2454 * been renounced. Ignore it.
2456 if (snp->smk_label == NULL)
2459 * we break after finding the first match because
2460 * the list is sorted from longest to shortest mask
2461 * so we have found the most specific match
2463 for (found = 1, i = 0; i < 8; i++) {
2464 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2465 snp->smk_host.s6_addr16[i]) {
2471 return snp->smk_label;
2478 * smack_netlbl_add - Set the secattr on a socket
2481 * Attach the outbound smack value (smk_out) to the socket.
2483 * Returns 0 on success or an error code
2485 static int smack_netlbl_add(struct sock *sk)
2487 struct socket_smack *ssp = sk->sk_security;
2488 struct smack_known *skp = ssp->smk_out;
2492 bh_lock_sock_nested(sk);
2494 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2497 ssp->smk_state = SMK_NETLBL_LABELED;
2500 ssp->smk_state = SMK_NETLBL_REQSKB;
2512 * smack_netlbl_delete - Remove the secattr from a socket
2515 * Remove the outbound smack value from a socket
2517 static void smack_netlbl_delete(struct sock *sk)
2519 struct socket_smack *ssp = sk->sk_security;
2522 * Take the label off the socket if one is set.
2524 if (ssp->smk_state != SMK_NETLBL_LABELED)
2528 bh_lock_sock_nested(sk);
2529 netlbl_sock_delattr(sk);
2532 ssp->smk_state = SMK_NETLBL_UNLABELED;
2536 * smk_ipv4_check - Perform IPv4 host access checks
2538 * @sap: the destination address
2540 * Set the correct secattr for the given socket based on the destination
2541 * address and perform any outbound access checks needed.
2543 * Returns 0 on success or an error code.
2546 static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap)
2548 struct smack_known *skp;
2550 struct smack_known *hkp;
2551 struct socket_smack *ssp = sk->sk_security;
2552 struct smk_audit_info ad;
2555 hkp = smack_ipv4host_label(sap);
2558 struct lsm_network_audit net;
2560 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2561 ad.a.u.net->family = sap->sin_family;
2562 ad.a.u.net->dport = sap->sin_port;
2563 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2566 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2567 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2569 * Clear the socket netlabel if it's set.
2572 smack_netlbl_delete(sk);
2580 * smk_ipv6_check - check Smack access
2581 * @subject: subject Smack label
2582 * @object: object Smack label
2584 * @act: the action being taken
2586 * Check an IPv6 access
2588 static int smk_ipv6_check(struct smack_known *subject,
2589 struct smack_known *object,
2590 struct sockaddr_in6 *address, int act)
2593 struct lsm_network_audit net;
2595 struct smk_audit_info ad;
2599 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2600 ad.a.u.net->family = PF_INET6;
2601 ad.a.u.net->dport = address->sin6_port;
2602 if (act == SMK_RECEIVING)
2603 ad.a.u.net->v6info.saddr = address->sin6_addr;
2605 ad.a.u.net->v6info.daddr = address->sin6_addr;
2607 rc = smk_access(subject, object, MAY_WRITE, &ad);
2608 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2612 #ifdef SMACK_IPV6_PORT_LABELING
2614 * smk_ipv6_port_label - Smack port access table management
2618 * Create or update the port list entry
2620 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2622 struct sock *sk = sock->sk;
2623 struct sockaddr_in6 *addr6;
2624 struct socket_smack *ssp = sock->sk->sk_security;
2625 struct smk_port_label *spp;
2626 unsigned short port = 0;
2628 if (address == NULL) {
2630 * This operation is changing the Smack information
2631 * on the bound socket. Take the changes to the port
2635 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2636 if (sk != spp->smk_sock)
2638 spp->smk_in = ssp->smk_in;
2639 spp->smk_out = ssp->smk_out;
2644 * A NULL address is only used for updating existing
2645 * bound entries. If there isn't one, it's OK.
2651 addr6 = (struct sockaddr_in6 *)address;
2652 port = ntohs(addr6->sin6_port);
2654 * This is a special case that is safely ignored.
2660 * Look for an existing port list entry.
2661 * This is an indication that a port is getting reused.
2664 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2665 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2667 if (spp->smk_can_reuse != 1) {
2671 spp->smk_port = port;
2673 spp->smk_in = ssp->smk_in;
2674 spp->smk_out = ssp->smk_out;
2675 spp->smk_can_reuse = 0;
2681 * A new port entry is required.
2683 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2687 spp->smk_port = port;
2689 spp->smk_in = ssp->smk_in;
2690 spp->smk_out = ssp->smk_out;
2691 spp->smk_sock_type = sock->type;
2692 spp->smk_can_reuse = 0;
2694 mutex_lock(&smack_ipv6_lock);
2695 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2696 mutex_unlock(&smack_ipv6_lock);
2701 * smk_ipv6_port_check - check Smack port access
2704 * @act: the action being taken
2706 * Create or update the port list entry
2708 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2711 struct smk_port_label *spp;
2712 struct socket_smack *ssp = sk->sk_security;
2713 struct smack_known *skp = NULL;
2714 unsigned short port;
2715 struct smack_known *object;
2717 if (act == SMK_RECEIVING) {
2718 skp = smack_ipv6host_label(address);
2719 object = ssp->smk_in;
2722 object = smack_ipv6host_label(address);
2726 * The other end is a single label host.
2728 if (skp != NULL && object != NULL)
2729 return smk_ipv6_check(skp, object, address, act);
2731 skp = smack_net_ambient;
2733 object = smack_net_ambient;
2736 * It's remote, so port lookup does no good.
2738 if (!smk_ipv6_localhost(address))
2739 return smk_ipv6_check(skp, object, address, act);
2742 * It's local so the send check has to have passed.
2744 if (act == SMK_RECEIVING)
2747 port = ntohs(address->sin6_port);
2749 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2750 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2752 object = spp->smk_in;
2753 if (act == SMK_CONNECTING)
2754 ssp->smk_packet = spp->smk_out;
2759 return smk_ipv6_check(skp, object, address, act);
2764 * smack_inode_setsecurity - set smack xattrs
2765 * @inode: the object
2766 * @name: attribute name
2767 * @value: attribute value
2768 * @size: size of the attribute
2771 * Sets the named attribute in the appropriate blob
2773 * Returns 0 on success, or an error code
2775 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2776 const void *value, size_t size, int flags)
2778 struct smack_known *skp;
2779 struct inode_smack *nsp = smack_inode(inode);
2780 struct socket_smack *ssp;
2781 struct socket *sock;
2784 if (value == NULL || size > SMK_LONGLABEL || size == 0)
2787 skp = smk_import_entry(value, size);
2789 return PTR_ERR(skp);
2791 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2792 nsp->smk_inode = skp;
2793 nsp->smk_flags |= SMK_INODE_INSTANT;
2797 * The rest of the Smack xattrs are only on sockets.
2799 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2802 sock = SOCKET_I(inode);
2803 if (sock == NULL || sock->sk == NULL)
2806 ssp = sock->sk->sk_security;
2808 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2810 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2812 if (sock->sk->sk_family == PF_INET) {
2813 rc = smack_netlbl_add(sock->sk);
2816 "Smack: \"%s\" netlbl error %d.\n",
2822 #ifdef SMACK_IPV6_PORT_LABELING
2823 if (sock->sk->sk_family == PF_INET6)
2824 smk_ipv6_port_label(sock, NULL);
2831 * smack_socket_post_create - finish socket setup
2833 * @family: protocol family
2838 * Sets the netlabel information on the socket
2840 * Returns 0 on success, and error code otherwise
2842 static int smack_socket_post_create(struct socket *sock, int family,
2843 int type, int protocol, int kern)
2845 struct socket_smack *ssp;
2847 if (sock->sk == NULL)
2851 * Sockets created by kernel threads receive web label.
2853 if (unlikely(current->flags & PF_KTHREAD)) {
2854 ssp = sock->sk->sk_security;
2855 ssp->smk_in = &smack_known_web;
2856 ssp->smk_out = &smack_known_web;
2859 if (family != PF_INET)
2862 * Set the outbound netlbl.
2864 return smack_netlbl_add(sock->sk);
2868 * smack_socket_socketpair - create socket pair
2869 * @socka: one socket
2870 * @sockb: another socket
2872 * Cross reference the peer labels for SO_PEERSEC
2876 static int smack_socket_socketpair(struct socket *socka,
2877 struct socket *sockb)
2879 struct socket_smack *asp = socka->sk->sk_security;
2880 struct socket_smack *bsp = sockb->sk->sk_security;
2882 asp->smk_packet = bsp->smk_out;
2883 bsp->smk_packet = asp->smk_out;
2888 #ifdef SMACK_IPV6_PORT_LABELING
2890 * smack_socket_bind - record port binding information.
2892 * @address: the port address
2893 * @addrlen: size of the address
2895 * Records the label bound to a port.
2897 * Returns 0 on success, and error code otherwise
2899 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2902 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) {
2903 if (addrlen < SIN6_LEN_RFC2133 ||
2904 address->sa_family != AF_INET6)
2906 smk_ipv6_port_label(sock, address);
2910 #endif /* SMACK_IPV6_PORT_LABELING */
2913 * smack_socket_connect - connect access check
2915 * @sap: the other end
2916 * @addrlen: size of sap
2918 * Verifies that a connection may be possible
2920 * Returns 0 on success, and error code otherwise
2922 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2927 if (sock->sk == NULL)
2929 if (sock->sk->sk_family != PF_INET &&
2930 (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
2932 if (addrlen < offsetofend(struct sockaddr, sa_family))
2934 if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
2935 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2936 struct smack_known *rsp = NULL;
2938 if (addrlen < SIN6_LEN_RFC2133)
2940 if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
2941 rsp = smack_ipv6host_label(sip);
2943 struct socket_smack *ssp = sock->sk->sk_security;
2945 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2948 #ifdef SMACK_IPV6_PORT_LABELING
2949 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2954 if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
2956 rc = smk_ipv4_check(sock->sk, (struct sockaddr_in *)sap);
2961 * smack_flags_to_may - convert S_ to MAY_ values
2962 * @flags: the S_ value
2964 * Returns the equivalent MAY_ value
2966 static int smack_flags_to_may(int flags)
2970 if (flags & S_IRUGO)
2972 if (flags & S_IWUGO)
2974 if (flags & S_IXUGO)
2981 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2986 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2988 struct smack_known **blob = smack_msg_msg(msg);
2990 *blob = smk_of_current();
2995 * smack_of_ipc - the smack pointer for the ipc
2998 * Returns a pointer to the smack value
3000 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp)
3002 struct smack_known **blob = smack_ipc(isp);
3008 * smack_ipc_alloc_security - Set the security blob for ipc
3013 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp)
3015 struct smack_known **blob = smack_ipc(isp);
3017 *blob = smk_of_current();
3022 * smk_curacc_shm : check if current has access on shm
3024 * @access : access requested
3026 * Returns 0 if current has the requested access, error code otherwise
3028 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access)
3030 struct smack_known *ssp = smack_of_ipc(isp);
3031 struct smk_audit_info ad;
3035 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3036 ad.a.u.ipc_id = isp->id;
3038 rc = smk_curacc(ssp, access, &ad);
3039 rc = smk_bu_current("shm", ssp, access, rc);
3044 * smack_shm_associate - Smack access check for shm
3046 * @shmflg: access requested
3048 * Returns 0 if current has the requested access, error code otherwise
3050 static int smack_shm_associate(struct kern_ipc_perm *isp, int shmflg)
3054 may = smack_flags_to_may(shmflg);
3055 return smk_curacc_shm(isp, may);
3059 * smack_shm_shmctl - Smack access check for shm
3061 * @cmd: what it wants to do
3063 * Returns 0 if current has the requested access, error code otherwise
3065 static int smack_shm_shmctl(struct kern_ipc_perm *isp, int cmd)
3079 may = MAY_READWRITE;
3084 * System level information.
3090 return smk_curacc_shm(isp, may);
3094 * smack_shm_shmat - Smack access for shmat
3097 * @shmflg: access requested
3099 * Returns 0 if current has the requested access, error code otherwise
3101 static int smack_shm_shmat(struct kern_ipc_perm *isp, char __user *shmaddr,
3106 may = smack_flags_to_may(shmflg);
3107 return smk_curacc_shm(isp, may);
3111 * smk_curacc_sem : check if current has access on sem
3113 * @access : access requested
3115 * Returns 0 if current has the requested access, error code otherwise
3117 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access)
3119 struct smack_known *ssp = smack_of_ipc(isp);
3120 struct smk_audit_info ad;
3124 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3125 ad.a.u.ipc_id = isp->id;
3127 rc = smk_curacc(ssp, access, &ad);
3128 rc = smk_bu_current("sem", ssp, access, rc);
3133 * smack_sem_associate - Smack access check for sem
3135 * @semflg: access requested
3137 * Returns 0 if current has the requested access, error code otherwise
3139 static int smack_sem_associate(struct kern_ipc_perm *isp, int semflg)
3143 may = smack_flags_to_may(semflg);
3144 return smk_curacc_sem(isp, may);
3148 * smack_sem_semctl - Smack access check for sem
3150 * @cmd: what it wants to do
3152 * Returns 0 if current has the requested access, error code otherwise
3154 static int smack_sem_semctl(struct kern_ipc_perm *isp, int cmd)
3173 may = MAY_READWRITE;
3178 * System level information
3185 return smk_curacc_sem(isp, may);
3189 * smack_sem_semop - Smack checks of semaphore operations
3195 * Treated as read and write in all cases.
3197 * Returns 0 if access is allowed, error code otherwise
3199 static int smack_sem_semop(struct kern_ipc_perm *isp, struct sembuf *sops,
3200 unsigned nsops, int alter)
3202 return smk_curacc_sem(isp, MAY_READWRITE);
3206 * smk_curacc_msq : helper to check if current has access on msq
3208 * @access : access requested
3210 * return 0 if current has access, error otherwise
3212 static int smk_curacc_msq(struct kern_ipc_perm *isp, int access)
3214 struct smack_known *msp = smack_of_ipc(isp);
3215 struct smk_audit_info ad;
3219 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3220 ad.a.u.ipc_id = isp->id;
3222 rc = smk_curacc(msp, access, &ad);
3223 rc = smk_bu_current("msq", msp, access, rc);
3228 * smack_msg_queue_associate - Smack access check for msg_queue
3230 * @msqflg: access requested
3232 * Returns 0 if current has the requested access, error code otherwise
3234 static int smack_msg_queue_associate(struct kern_ipc_perm *isp, int msqflg)
3238 may = smack_flags_to_may(msqflg);
3239 return smk_curacc_msq(isp, may);
3243 * smack_msg_queue_msgctl - Smack access check for msg_queue
3245 * @cmd: what it wants to do
3247 * Returns 0 if current has the requested access, error code otherwise
3249 static int smack_msg_queue_msgctl(struct kern_ipc_perm *isp, int cmd)
3261 may = MAY_READWRITE;
3266 * System level information
3273 return smk_curacc_msq(isp, may);
3277 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3280 * @msqflg: access requested
3282 * Returns 0 if current has the requested access, error code otherwise
3284 static int smack_msg_queue_msgsnd(struct kern_ipc_perm *isp, struct msg_msg *msg,
3289 may = smack_flags_to_may(msqflg);
3290 return smk_curacc_msq(isp, may);
3294 * smack_msg_queue_msgrcv - Smack access check for msg_queue
3301 * Returns 0 if current has read and write access, error code otherwise
3303 static int smack_msg_queue_msgrcv(struct kern_ipc_perm *isp,
3304 struct msg_msg *msg,
3305 struct task_struct *target, long type,
3308 return smk_curacc_msq(isp, MAY_READWRITE);
3312 * smack_ipc_permission - Smack access for ipc_permission()
3313 * @ipp: the object permissions
3314 * @flag: access requested
3316 * Returns 0 if current has read and write access, error code otherwise
3318 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3320 struct smack_known **blob = smack_ipc(ipp);
3321 struct smack_known *iskp = *blob;
3322 int may = smack_flags_to_may(flag);
3323 struct smk_audit_info ad;
3327 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3328 ad.a.u.ipc_id = ipp->id;
3330 rc = smk_curacc(iskp, may, &ad);
3331 rc = smk_bu_current("svipc", iskp, may, rc);
3336 * smack_ipc_getsecid - Extract smack security id
3337 * @ipp: the object permissions
3338 * @secid: where result will be saved
3340 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3342 struct smack_known **blob = smack_ipc(ipp);
3343 struct smack_known *iskp = *blob;
3345 *secid = iskp->smk_secid;
3349 * smack_d_instantiate - Make sure the blob is correct on an inode
3350 * @opt_dentry: dentry where inode will be attached
3351 * @inode: the object
3353 * Set the inode's security blob if it hasn't been done already.
3355 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3357 struct super_block *sbp;
3358 struct superblock_smack *sbsp;
3359 struct inode_smack *isp;
3360 struct smack_known *skp;
3361 struct smack_known *ckp = smk_of_current();
3362 struct smack_known *final;
3363 char trattr[TRANS_TRUE_SIZE];
3371 isp = smack_inode(inode);
3374 * If the inode is already instantiated
3375 * take the quick way out
3377 if (isp->smk_flags & SMK_INODE_INSTANT)
3381 sbsp = smack_superblock(sbp);
3383 * We're going to use the superblock default label
3384 * if there's no label on the file.
3386 final = sbsp->smk_default;
3389 * If this is the root inode the superblock
3390 * may be in the process of initialization.
3391 * If that is the case use the root value out
3392 * of the superblock.
3394 if (opt_dentry->d_parent == opt_dentry) {
3395 switch (sbp->s_magic) {
3396 case CGROUP_SUPER_MAGIC:
3397 case CGROUP2_SUPER_MAGIC:
3399 * The cgroup filesystem is never mounted,
3400 * so there's no opportunity to set the mount
3403 sbsp->smk_root = &smack_known_star;
3404 sbsp->smk_default = &smack_known_star;
3405 isp->smk_inode = sbsp->smk_root;
3409 * What about shmem/tmpfs anonymous files with dentry
3410 * obtained from d_alloc_pseudo()?
3412 isp->smk_inode = smk_of_current();
3415 isp->smk_inode = smk_of_current();
3419 * Socket access is controlled by the socket
3420 * structures associated with the task involved.
3422 isp->smk_inode = &smack_known_star;
3425 isp->smk_inode = sbsp->smk_root;
3428 isp->smk_flags |= SMK_INODE_INSTANT;
3433 * This is pretty hackish.
3434 * Casey says that we shouldn't have to do
3435 * file system specific code, but it does help
3436 * with keeping it simple.
3438 switch (sbp->s_magic) {
3440 case CGROUP_SUPER_MAGIC:
3441 case CGROUP2_SUPER_MAGIC:
3443 * Casey says that it's a little embarrassing
3444 * that the smack file system doesn't do
3445 * extended attributes.
3447 * Cgroupfs is special
3449 final = &smack_known_star;
3451 case DEVPTS_SUPER_MAGIC:
3453 * devpts seems content with the label of the task.
3454 * Programs that change smack have to treat the
3459 case PROC_SUPER_MAGIC:
3461 * Casey says procfs appears not to care.
3462 * The superblock default suffices.
3467 * Device labels should come from the filesystem,
3468 * but watch out, because they're volitile,
3469 * getting recreated on every reboot.
3471 final = &smack_known_star;
3473 * If a smack value has been set we want to use it,
3474 * but since tmpfs isn't giving us the opportunity
3475 * to set mount options simulate setting the
3476 * superblock default.
3481 * This isn't an understood special case.
3482 * Get the value from the xattr.
3486 * UNIX domain sockets use lower level socket data.
3488 if (S_ISSOCK(inode->i_mode)) {
3489 final = &smack_known_star;
3493 * No xattr support means, alas, no SMACK label.
3494 * Use the aforeapplied default.
3495 * It would be curious if the label of the task
3496 * does not match that assigned.
3498 if (!(inode->i_opflags & IOP_XATTR))
3501 * Get the dentry for xattr.
3503 dp = dget(opt_dentry);
3504 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3505 if (!IS_ERR_OR_NULL(skp))
3509 * Transmuting directory
3511 if (S_ISDIR(inode->i_mode)) {
3513 * If this is a new directory and the label was
3514 * transmuted when the inode was initialized
3515 * set the transmute attribute on the directory
3516 * and mark the inode.
3518 * If there is a transmute attribute on the
3519 * directory mark the inode.
3521 if (isp->smk_flags & SMK_INODE_CHANGED) {
3522 isp->smk_flags &= ~SMK_INODE_CHANGED;
3523 rc = __vfs_setxattr(&nop_mnt_idmap, dp, inode,
3524 XATTR_NAME_SMACKTRANSMUTE,
3525 TRANS_TRUE, TRANS_TRUE_SIZE,
3528 rc = __vfs_getxattr(dp, inode,
3529 XATTR_NAME_SMACKTRANSMUTE, trattr,
3531 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3532 TRANS_TRUE_SIZE) != 0)
3536 transflag = SMK_INODE_TRANSMUTE;
3539 * Don't let the exec or mmap label be "*" or "@".
3541 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3542 if (IS_ERR(skp) || skp == &smack_known_star ||
3543 skp == &smack_known_web)
3545 isp->smk_task = skp;
3547 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3548 if (IS_ERR(skp) || skp == &smack_known_star ||
3549 skp == &smack_known_web)
3551 isp->smk_mmap = skp;
3558 isp->smk_inode = ckp;
3560 isp->smk_inode = final;
3562 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3568 * smack_getprocattr - Smack process attribute access
3569 * @p: the object task
3570 * @name: the name of the attribute in /proc/.../attr
3571 * @value: where to put the result
3573 * Places a copy of the task Smack into value
3575 * Returns the length of the smack label or an error code
3577 static int smack_getprocattr(struct task_struct *p, const char *name, char **value)
3579 struct smack_known *skp = smk_of_task_struct_obj(p);
3583 if (strcmp(name, "current") != 0)
3586 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3596 * smack_setprocattr - Smack process attribute setting
3597 * @name: the name of the attribute in /proc/.../attr
3598 * @value: the value to set
3599 * @size: the size of the value
3601 * Sets the Smack value of the task. Only setting self
3602 * is permitted and only with privilege
3604 * Returns the length of the smack label or an error code
3606 static int smack_setprocattr(const char *name, void *value, size_t size)
3608 struct task_smack *tsp = smack_cred(current_cred());
3610 struct smack_known *skp;
3611 struct smack_known_list_elem *sklep;
3614 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3617 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3620 if (strcmp(name, "current") != 0)
3623 skp = smk_import_entry(value, size);
3625 return PTR_ERR(skp);
3628 * No process is ever allowed the web ("@") label
3629 * and the star ("*") label.
3631 if (skp == &smack_known_web || skp == &smack_known_star)
3634 if (!smack_privileged(CAP_MAC_ADMIN)) {
3636 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3637 if (sklep->smk_label == skp) {
3645 new = prepare_creds();
3649 tsp = smack_cred(new);
3650 tsp->smk_task = skp;
3652 * process can change its label only once
3654 smk_destroy_label_list(&tsp->smk_relabel);
3661 * smack_unix_stream_connect - Smack access on UDS
3663 * @other: the other sock
3666 * Return 0 if a subject with the smack of sock could access
3667 * an object with the smack of other, otherwise an error code
3669 static int smack_unix_stream_connect(struct sock *sock,
3670 struct sock *other, struct sock *newsk)
3672 struct smack_known *skp;
3673 struct smack_known *okp;
3674 struct socket_smack *ssp = sock->sk_security;
3675 struct socket_smack *osp = other->sk_security;
3676 struct socket_smack *nsp = newsk->sk_security;
3677 struct smk_audit_info ad;
3680 struct lsm_network_audit net;
3683 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3687 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3688 smk_ad_setfield_u_net_sk(&ad, other);
3690 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3691 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3695 rc = smk_access(okp, skp, MAY_WRITE, &ad);
3696 rc = smk_bu_note("UDS connect", okp, skp,
3702 * Cross reference the peer labels for SO_PEERSEC.
3705 nsp->smk_packet = ssp->smk_out;
3706 ssp->smk_packet = osp->smk_out;
3713 * smack_unix_may_send - Smack access on UDS
3715 * @other: the other socket
3717 * Return 0 if a subject with the smack of sock could access
3718 * an object with the smack of other, otherwise an error code
3720 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3722 struct socket_smack *ssp = sock->sk->sk_security;
3723 struct socket_smack *osp = other->sk->sk_security;
3724 struct smk_audit_info ad;
3728 struct lsm_network_audit net;
3730 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3731 smk_ad_setfield_u_net_sk(&ad, other->sk);
3734 if (smack_privileged(CAP_MAC_OVERRIDE))
3737 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3738 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3743 * smack_socket_sendmsg - Smack check based on destination host
3746 * @size: the size of the message
3748 * Return 0 if the current subject can write to the destination host.
3749 * For IPv4 this is only a question if the destination is a single label host.
3750 * For IPv6 this is a check against the label of the port.
3752 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3755 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3756 #if IS_ENABLED(CONFIG_IPV6)
3757 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3759 #ifdef SMACK_IPV6_SECMARK_LABELING
3760 struct socket_smack *ssp = sock->sk->sk_security;
3761 struct smack_known *rsp;
3766 * Perfectly reasonable for this to be NULL
3771 switch (sock->sk->sk_family) {
3773 if (msg->msg_namelen < sizeof(struct sockaddr_in) ||
3774 sip->sin_family != AF_INET)
3776 rc = smk_ipv4_check(sock->sk, sip);
3778 #if IS_ENABLED(CONFIG_IPV6)
3780 if (msg->msg_namelen < SIN6_LEN_RFC2133 ||
3781 sap->sin6_family != AF_INET6)
3783 #ifdef SMACK_IPV6_SECMARK_LABELING
3784 rsp = smack_ipv6host_label(sap);
3786 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3789 #ifdef SMACK_IPV6_PORT_LABELING
3790 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3792 #endif /* IS_ENABLED(CONFIG_IPV6) */
3799 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3800 * @sap: netlabel secattr
3801 * @ssp: socket security information
3803 * Returns a pointer to a Smack label entry found on the label list.
3805 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3806 struct socket_smack *ssp)
3808 struct smack_known *skp;
3814 * Netlabel found it in the cache.
3816 if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)
3817 return (struct smack_known *)sap->cache->data;
3819 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3821 * Looks like a fallback, which gives us a secid.
3823 return smack_from_secid(sap->attr.secid);
3825 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3827 * Looks like a CIPSO packet.
3828 * If there are flags but no level netlabel isn't
3829 * behaving the way we expect it to.
3831 * Look it up in the label table
3832 * Without guidance regarding the smack value
3833 * for the packet fall back on the network
3837 list_for_each_entry_rcu(skp, &smack_known_list, list) {
3838 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3841 * Compare the catsets. Use the netlbl APIs.
3843 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3844 if ((skp->smk_netlabel.flags &
3845 NETLBL_SECATTR_MLS_CAT) == 0)
3849 for (acat = -1, kcat = -1; acat == kcat; ) {
3850 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3852 kcat = netlbl_catmap_walk(
3853 skp->smk_netlabel.attr.mls.cat,
3855 if (acat < 0 || kcat < 0)
3868 if (ssp != NULL && ssp->smk_in == &smack_known_star)
3869 return &smack_known_web;
3870 return &smack_known_star;
3873 * Without guidance regarding the smack value
3874 * for the packet fall back on the network
3877 return smack_net_ambient;
3880 #if IS_ENABLED(CONFIG_IPV6)
3881 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3885 int proto = -EINVAL;
3886 struct ipv6hdr _ipv6h;
3887 struct ipv6hdr *ip6;
3889 struct tcphdr _tcph, *th;
3890 struct udphdr _udph, *uh;
3891 struct dccp_hdr _dccph, *dh;
3895 offset = skb_network_offset(skb);
3896 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3899 sip->sin6_addr = ip6->saddr;
3901 nexthdr = ip6->nexthdr;
3902 offset += sizeof(_ipv6h);
3903 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3910 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3912 sip->sin6_port = th->source;
3915 case IPPROTO_UDPLITE:
3916 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3918 sip->sin6_port = uh->source;
3921 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3923 sip->sin6_port = dh->dccph_sport;
3928 #endif /* CONFIG_IPV6 */
3931 * smack_from_skb - Smack data from the secmark in an skb
3934 * Returns smack_known of the secmark or NULL if that won't work.
3936 #ifdef CONFIG_NETWORK_SECMARK
3937 static struct smack_known *smack_from_skb(struct sk_buff *skb)
3939 if (skb == NULL || skb->secmark == 0)
3942 return smack_from_secid(skb->secmark);
3945 static inline struct smack_known *smack_from_skb(struct sk_buff *skb)
3952 * smack_from_netlbl - Smack data from the IP options in an skb
3953 * @sk: socket data came in on
3954 * @family: address family
3957 * Find the Smack label in the IP options. If it hasn't been
3958 * added to the netlabel cache, add it here.
3960 * Returns smack_known of the IP options or NULL if that won't work.
3962 static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family,
3963 struct sk_buff *skb)
3965 struct netlbl_lsm_secattr secattr;
3966 struct socket_smack *ssp = NULL;
3967 struct smack_known *skp = NULL;
3969 netlbl_secattr_init(&secattr);
3972 ssp = sk->sk_security;
3974 if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
3975 skp = smack_from_secattr(&secattr, ssp);
3976 if (secattr.flags & NETLBL_SECATTR_CACHEABLE)
3977 netlbl_cache_add(skb, family, &skp->smk_netlabel);
3980 netlbl_secattr_destroy(&secattr);
3986 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3990 * Returns 0 if the packet should be delivered, an error code otherwise
3992 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3994 struct socket_smack *ssp = sk->sk_security;
3995 struct smack_known *skp = NULL;
3997 struct smk_audit_info ad;
3998 u16 family = sk->sk_family;
4000 struct lsm_network_audit net;
4002 #if IS_ENABLED(CONFIG_IPV6)
4003 struct sockaddr_in6 sadd;
4006 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4008 #endif /* CONFIG_IPV6 */
4013 * If there is a secmark use it rather than the CIPSO label.
4014 * If there is no secmark fall back to CIPSO.
4015 * The secmark is assumed to reflect policy better.
4017 skp = smack_from_skb(skb);
4019 skp = smack_from_netlbl(sk, family, skb);
4021 skp = smack_net_ambient;
4025 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4026 ad.a.u.net->family = family;
4027 ad.a.u.net->netif = skb->skb_iif;
4028 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4031 * Receiving a packet requires that the other end
4032 * be able to write here. Read access is not required.
4033 * This is the simplist possible security model
4036 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4037 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4040 netlbl_skbuff_err(skb, family, rc, 0);
4042 #if IS_ENABLED(CONFIG_IPV6)
4044 proto = smk_skb_to_addr_ipv6(skb, &sadd);
4045 if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
4046 proto != IPPROTO_TCP && proto != IPPROTO_DCCP)
4048 #ifdef SMACK_IPV6_SECMARK_LABELING
4049 skp = smack_from_skb(skb);
4051 if (smk_ipv6_localhost(&sadd))
4053 skp = smack_ipv6host_label(&sadd);
4055 skp = smack_net_ambient;
4058 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4059 ad.a.u.net->family = family;
4060 ad.a.u.net->netif = skb->skb_iif;
4061 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4062 #endif /* CONFIG_AUDIT */
4063 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4064 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4066 #endif /* SMACK_IPV6_SECMARK_LABELING */
4067 #ifdef SMACK_IPV6_PORT_LABELING
4068 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4069 #endif /* SMACK_IPV6_PORT_LABELING */
4071 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
4072 ICMPV6_ADM_PROHIBITED, 0);
4074 #endif /* CONFIG_IPV6 */
4081 * smack_socket_getpeersec_stream - pull in packet label
4083 * @optval: user's destination
4084 * @optlen: size thereof
4087 * returns zero on success, an error code otherwise
4089 static int smack_socket_getpeersec_stream(struct socket *sock,
4090 sockptr_t optval, sockptr_t optlen,
4093 struct socket_smack *ssp;
4098 ssp = sock->sk->sk_security;
4099 if (ssp->smk_packet != NULL) {
4100 rcp = ssp->smk_packet->smk_known;
4101 slen = strlen(rcp) + 1;
4108 if (copy_to_sockptr(optval, rcp, slen))
4111 if (copy_to_sockptr(optlen, &slen, sizeof(slen)))
4118 * smack_socket_getpeersec_dgram - pull in packet label
4119 * @sock: the peer socket
4121 * @secid: pointer to where to put the secid of the packet
4123 * Sets the netlabel socket state on sk from parent
4125 static int smack_socket_getpeersec_dgram(struct socket *sock,
4126 struct sk_buff *skb, u32 *secid)
4129 struct socket_smack *ssp = NULL;
4130 struct smack_known *skp;
4131 struct sock *sk = NULL;
4132 int family = PF_UNSPEC;
4133 u32 s = 0; /* 0 is the invalid secid */
4136 if (skb->protocol == htons(ETH_P_IP))
4138 #if IS_ENABLED(CONFIG_IPV6)
4139 else if (skb->protocol == htons(ETH_P_IPV6))
4141 #endif /* CONFIG_IPV6 */
4143 if (family == PF_UNSPEC && sock != NULL)
4144 family = sock->sk->sk_family;
4148 ssp = sock->sk->sk_security;
4149 s = ssp->smk_out->smk_secid;
4152 skp = smack_from_skb(skb);
4158 * Translate what netlabel gave us.
4162 skp = smack_from_netlbl(sk, family, skb);
4167 #ifdef SMACK_IPV6_SECMARK_LABELING
4168 skp = smack_from_skb(skb);
4181 * smack_sock_graft - Initialize a newly created socket with an existing sock
4183 * @parent: parent socket
4185 * Set the smk_{in,out} state of an existing sock based on the process that
4186 * is creating the new socket.
4188 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4190 struct socket_smack *ssp;
4191 struct smack_known *skp = smk_of_current();
4194 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4197 ssp = sk->sk_security;
4200 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
4204 * smack_inet_conn_request - Smack access check on connect
4205 * @sk: socket involved
4209 * Returns 0 if a task with the packet label could write to
4210 * the socket, otherwise an error code
4212 static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
4213 struct request_sock *req)
4215 u16 family = sk->sk_family;
4216 struct smack_known *skp;
4217 struct socket_smack *ssp = sk->sk_security;
4218 struct sockaddr_in addr;
4220 struct smack_known *hskp;
4222 struct smk_audit_info ad;
4224 struct lsm_network_audit net;
4227 #if IS_ENABLED(CONFIG_IPV6)
4228 if (family == PF_INET6) {
4230 * Handle mapped IPv4 packets arriving
4231 * via IPv6 sockets. Don't set up netlabel
4232 * processing on IPv6.
4234 if (skb->protocol == htons(ETH_P_IP))
4239 #endif /* CONFIG_IPV6 */
4242 * If there is a secmark use it rather than the CIPSO label.
4243 * If there is no secmark fall back to CIPSO.
4244 * The secmark is assumed to reflect policy better.
4246 skp = smack_from_skb(skb);
4248 skp = smack_from_netlbl(sk, family, skb);
4250 skp = &smack_known_huh;
4254 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4255 ad.a.u.net->family = family;
4256 ad.a.u.net->netif = skb->skb_iif;
4257 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4260 * Receiving a packet requires that the other end be able to write
4261 * here. Read access is not required.
4263 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4264 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4269 * Save the peer's label in the request_sock so we can later setup
4270 * smk_packet in the child socket so that SO_PEERCRED can report it.
4272 req->peer_secid = skp->smk_secid;
4275 * We need to decide if we want to label the incoming connection here
4276 * if we do we only need to label the request_sock and the stack will
4277 * propagate the wire-label to the sock when it is created.
4280 addr.sin_addr.s_addr = hdr->saddr;
4282 hskp = smack_ipv4host_label(&addr);
4286 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4288 netlbl_req_delattr(req);
4294 * smack_inet_csk_clone - Copy the connection information to the new socket
4295 * @sk: the new socket
4296 * @req: the connection's request_sock
4298 * Transfer the connection's peer label to the newly created socket.
4300 static void smack_inet_csk_clone(struct sock *sk,
4301 const struct request_sock *req)
4303 struct socket_smack *ssp = sk->sk_security;
4304 struct smack_known *skp;
4306 if (req->peer_secid != 0) {
4307 skp = smack_from_secid(req->peer_secid);
4308 ssp->smk_packet = skp;
4310 ssp->smk_packet = NULL;
4314 * Key management security hooks
4316 * Casey has not tested key support very heavily.
4317 * The permission check is most likely too restrictive.
4318 * If you care about keys please have a look.
4323 * smack_key_alloc - Set the key security blob
4325 * @cred: the credentials to use
4328 * No allocation required
4332 static int smack_key_alloc(struct key *key, const struct cred *cred,
4333 unsigned long flags)
4335 struct smack_known *skp = smk_of_task(smack_cred(cred));
4337 key->security = skp;
4342 * smack_key_free - Clear the key security blob
4345 * Clear the blob pointer
4347 static void smack_key_free(struct key *key)
4349 key->security = NULL;
4353 * smack_key_permission - Smack access on a key
4354 * @key_ref: gets to the object
4355 * @cred: the credentials to use
4356 * @need_perm: requested key permission
4358 * Return 0 if the task has read and write to the object,
4359 * an error code otherwise
4361 static int smack_key_permission(key_ref_t key_ref,
4362 const struct cred *cred,
4363 enum key_need_perm need_perm)
4366 struct smk_audit_info ad;
4367 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4372 * Validate requested permissions
4374 switch (need_perm) {
4376 case KEY_NEED_SEARCH:
4378 request |= MAY_READ;
4380 case KEY_NEED_WRITE:
4382 case KEY_NEED_SETATTR:
4383 request |= MAY_WRITE;
4385 case KEY_NEED_UNSPECIFIED:
4386 case KEY_NEED_UNLINK:
4387 case KEY_SYSADMIN_OVERRIDE:
4388 case KEY_AUTHTOKEN_OVERRIDE:
4389 case KEY_DEFER_PERM_CHECK:
4395 keyp = key_ref_to_ptr(key_ref);
4399 * If the key hasn't been initialized give it access so that
4402 if (keyp->security == NULL)
4405 * This should not occur
4410 if (smack_privileged(CAP_MAC_OVERRIDE))
4414 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4415 ad.a.u.key_struct.key = keyp->serial;
4416 ad.a.u.key_struct.key_desc = keyp->description;
4418 rc = smk_access(tkp, keyp->security, request, &ad);
4419 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4424 * smack_key_getsecurity - Smack label tagging the key
4425 * @key points to the key to be queried
4426 * @_buffer points to a pointer that should be set to point to the
4427 * resulting string (if no label or an error occurs).
4428 * Return the length of the string (including terminating NUL) or -ve if
4430 * May also return 0 (and a NULL buffer pointer) if there is no label.
4432 static int smack_key_getsecurity(struct key *key, char **_buffer)
4434 struct smack_known *skp = key->security;
4438 if (key->security == NULL) {
4443 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4446 length = strlen(copy) + 1;
4453 #ifdef CONFIG_KEY_NOTIFICATIONS
4455 * smack_watch_key - Smack access to watch a key for notifications.
4456 * @key: The key to be watched
4458 * Return 0 if the @watch->cred has permission to read from the key object and
4459 * an error otherwise.
4461 static int smack_watch_key(struct key *key)
4463 struct smk_audit_info ad;
4464 struct smack_known *tkp = smk_of_current();
4470 * If the key hasn't been initialized give it access so that
4473 if (key->security == NULL)
4476 * This should not occur
4481 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4485 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4486 ad.a.u.key_struct.key = key->serial;
4487 ad.a.u.key_struct.key_desc = key->description;
4489 rc = smk_access(tkp, key->security, MAY_READ, &ad);
4490 rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc);
4493 #endif /* CONFIG_KEY_NOTIFICATIONS */
4494 #endif /* CONFIG_KEYS */
4496 #ifdef CONFIG_WATCH_QUEUE
4498 * smack_post_notification - Smack access to post a notification to a queue
4499 * @w_cred: The credentials of the watcher.
4500 * @cred: The credentials of the event source (may be NULL).
4501 * @n: The notification message to be posted.
4503 static int smack_post_notification(const struct cred *w_cred,
4504 const struct cred *cred,
4505 struct watch_notification *n)
4507 struct smk_audit_info ad;
4508 struct smack_known *subj, *obj;
4511 /* Always let maintenance notifications through. */
4512 if (n->type == WATCH_TYPE_META)
4517 subj = smk_of_task(smack_cred(cred));
4518 obj = smk_of_task(smack_cred(w_cred));
4520 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NOTIFICATION);
4521 rc = smk_access(subj, obj, MAY_WRITE, &ad);
4522 rc = smk_bu_note("notification", subj, obj, MAY_WRITE, rc);
4525 #endif /* CONFIG_WATCH_QUEUE */
4530 * Audit requires a unique representation of each Smack specific
4531 * rule. This unique representation is used to distinguish the
4532 * object to be audited from remaining kernel objects and also
4533 * works as a glue between the audit hooks.
4535 * Since repository entries are added but never deleted, we'll use
4536 * the smack_known label address related to the given audit rule as
4537 * the needed unique representation. This also better fits the smack
4538 * model where nearly everything is a label.
4543 * smack_audit_rule_init - Initialize a smack audit rule
4544 * @field: audit rule fields given from user-space (audit.h)
4545 * @op: required testing operator (=, !=, >, <, ...)
4546 * @rulestr: smack label to be audited
4547 * @vrule: pointer to save our own audit rule representation
4549 * Prepare to audit cases where (@field @op @rulestr) is true.
4550 * The label to be audited is created if necessay.
4552 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4554 struct smack_known *skp;
4555 char **rule = (char **)vrule;
4558 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4561 if (op != Audit_equal && op != Audit_not_equal)
4564 skp = smk_import_entry(rulestr, 0);
4566 return PTR_ERR(skp);
4568 *rule = skp->smk_known;
4574 * smack_audit_rule_known - Distinguish Smack audit rules
4575 * @krule: rule of interest, in Audit kernel representation format
4577 * This is used to filter Smack rules from remaining Audit ones.
4578 * If it's proved that this rule belongs to us, the
4579 * audit_rule_match hook will be called to do the final judgement.
4581 static int smack_audit_rule_known(struct audit_krule *krule)
4583 struct audit_field *f;
4586 for (i = 0; i < krule->field_count; i++) {
4587 f = &krule->fields[i];
4589 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4597 * smack_audit_rule_match - Audit given object ?
4598 * @secid: security id for identifying the object to test
4599 * @field: audit rule flags given from user-space
4600 * @op: required testing operator
4601 * @vrule: smack internal rule presentation
4603 * The core Audit hook. It's used to take the decision of
4604 * whether to audit or not to audit a given object.
4606 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4608 struct smack_known *skp;
4611 if (unlikely(!rule)) {
4612 WARN_ONCE(1, "Smack: missing rule\n");
4616 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4619 skp = smack_from_secid(secid);
4622 * No need to do string comparisons. If a match occurs,
4623 * both pointers will point to the same smack_known
4626 if (op == Audit_equal)
4627 return (rule == skp->smk_known);
4628 if (op == Audit_not_equal)
4629 return (rule != skp->smk_known);
4635 * There is no need for a smack_audit_rule_free hook.
4636 * No memory was allocated.
4639 #endif /* CONFIG_AUDIT */
4642 * smack_ismaclabel - check if xattr @name references a smack MAC label
4643 * @name: Full xattr name to check.
4645 static int smack_ismaclabel(const char *name)
4647 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4652 * smack_secid_to_secctx - return the smack label for a secid
4653 * @secid: incoming integer
4654 * @secdata: destination
4655 * @seclen: how long it is
4657 * Exists for networking code.
4659 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4661 struct smack_known *skp = smack_from_secid(secid);
4664 *secdata = skp->smk_known;
4665 *seclen = strlen(skp->smk_known);
4670 * smack_secctx_to_secid - return the secid for a smack label
4671 * @secdata: smack label
4672 * @seclen: how long result is
4673 * @secid: outgoing integer
4675 * Exists for audit and networking code.
4677 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4679 struct smack_known *skp = smk_find_entry(secdata);
4682 *secid = skp->smk_secid;
4689 * There used to be a smack_release_secctx hook
4690 * that did nothing back when hooks were in a vector.
4691 * Now that there's a list such a hook adds cost.
4694 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4696 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4700 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4702 return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
4706 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4708 struct smack_known *skp = smk_of_inode(inode);
4710 *ctx = skp->smk_known;
4711 *ctxlen = strlen(skp->smk_known);
4715 static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
4718 struct task_smack *tsp;
4719 struct smack_known *skp;
4720 struct inode_smack *isp;
4721 struct cred *new_creds = *new;
4723 if (new_creds == NULL) {
4724 new_creds = prepare_creds();
4725 if (new_creds == NULL)
4729 tsp = smack_cred(new_creds);
4732 * Get label from overlay inode and set it in create_sid
4734 isp = smack_inode(d_inode(dentry));
4735 skp = isp->smk_inode;
4736 tsp->smk_task = skp;
4741 static int smack_inode_copy_up_xattr(const char *name)
4744 * Return 1 if this is the smack access Smack attribute.
4746 if (strcmp(name, XATTR_NAME_SMACK) == 0)
4752 static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
4754 const struct cred *old,
4757 struct task_smack *otsp = smack_cred(old);
4758 struct task_smack *ntsp = smack_cred(new);
4759 struct inode_smack *isp;
4763 * Use the process credential unless all of
4764 * the transmuting criteria are met
4766 ntsp->smk_task = otsp->smk_task;
4769 * the attribute of the containing directory
4771 isp = smack_inode(d_inode(dentry->d_parent));
4773 if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
4775 may = smk_access_entry(otsp->smk_task->smk_known,
4776 isp->smk_inode->smk_known,
4777 &otsp->smk_task->smk_rules);
4781 * If the directory is transmuting and the rule
4782 * providing access is transmuting use the containing
4783 * directory label instead of the process label.
4785 if (may > 0 && (may & MAY_TRANSMUTE)) {
4786 ntsp->smk_task = isp->smk_inode;
4787 ntsp->smk_transmuted = ntsp->smk_task;
4793 #ifdef CONFIG_IO_URING
4795 * smack_uring_override_creds - Is io_uring cred override allowed?
4796 * @new: the target creds
4798 * Check to see if the current task is allowed to override it's credentials
4799 * to service an io_uring operation.
4801 static int smack_uring_override_creds(const struct cred *new)
4803 struct task_smack *tsp = smack_cred(current_cred());
4804 struct task_smack *nsp = smack_cred(new);
4807 * Allow the degenerate case where the new Smack value is
4808 * the same as the current Smack value.
4810 if (tsp->smk_task == nsp->smk_task)
4813 if (smack_privileged_cred(CAP_MAC_OVERRIDE, current_cred()))
4820 * smack_uring_sqpoll - check if a io_uring polling thread can be created
4822 * Check to see if the current task is allowed to create a new io_uring
4823 * kernel polling thread.
4825 static int smack_uring_sqpoll(void)
4827 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred()))
4834 * smack_uring_cmd - check on file operations for io_uring
4835 * @ioucmd: the command in question
4837 * Make a best guess about whether a io_uring "command" should
4838 * be allowed. Use the same logic used for determining if the
4839 * file could be opened for read in the absence of better criteria.
4841 static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
4843 struct file *file = ioucmd->file;
4844 struct smk_audit_info ad;
4845 struct task_smack *tsp;
4846 struct inode *inode;
4852 tsp = smack_cred(file->f_cred);
4853 inode = file_inode(file);
4855 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
4856 smk_ad_setfield_u_fs_path(&ad, file->f_path);
4857 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
4858 rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
4863 #endif /* CONFIG_IO_URING */
4865 struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
4866 .lbs_cred = sizeof(struct task_smack),
4867 .lbs_file = sizeof(struct smack_known *),
4868 .lbs_inode = sizeof(struct inode_smack),
4869 .lbs_ipc = sizeof(struct smack_known *),
4870 .lbs_msg_msg = sizeof(struct smack_known *),
4871 .lbs_superblock = sizeof(struct superblock_smack),
4872 .lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
4875 static struct security_hook_list smack_hooks[] __ro_after_init = {
4876 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4877 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4878 LSM_HOOK_INIT(syslog, smack_syslog),
4880 LSM_HOOK_INIT(fs_context_dup, smack_fs_context_dup),
4881 LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param),
4883 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4884 LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
4885 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
4886 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4887 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4889 LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),
4891 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4892 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4893 LSM_HOOK_INIT(inode_link, smack_inode_link),
4894 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4895 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4896 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4897 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4898 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4899 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4900 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4901 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4902 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4903 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4904 LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl),
4905 LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl),
4906 LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl),
4907 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4908 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4909 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4910 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4912 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4913 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4914 LSM_HOOK_INIT(file_lock, smack_file_lock),
4915 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4916 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4917 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4918 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4919 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4920 LSM_HOOK_INIT(file_receive, smack_file_receive),
4922 LSM_HOOK_INIT(file_open, smack_file_open),
4924 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4925 LSM_HOOK_INIT(cred_free, smack_cred_free),
4926 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4927 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4928 LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid),
4929 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4930 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4931 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4932 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4933 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4934 LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
4935 LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
4936 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4937 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4938 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4939 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4940 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4941 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4942 LSM_HOOK_INIT(task_kill, smack_task_kill),
4943 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4945 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4946 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4948 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4950 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security),
4951 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4952 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4953 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4954 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4956 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security),
4957 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4958 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4959 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4961 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security),
4962 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4963 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4964 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4966 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4968 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4969 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4971 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4972 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4974 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4975 LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
4976 #ifdef SMACK_IPV6_PORT_LABELING
4977 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4979 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4980 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4981 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4982 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4983 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4984 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4985 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4986 LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
4987 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4988 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4989 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4991 /* key management security hooks */
4993 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4994 LSM_HOOK_INIT(key_free, smack_key_free),
4995 LSM_HOOK_INIT(key_permission, smack_key_permission),
4996 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4997 #ifdef CONFIG_KEY_NOTIFICATIONS
4998 LSM_HOOK_INIT(watch_key, smack_watch_key),
5000 #endif /* CONFIG_KEYS */
5002 #ifdef CONFIG_WATCH_QUEUE
5003 LSM_HOOK_INIT(post_notification, smack_post_notification),
5008 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
5009 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
5010 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
5011 #endif /* CONFIG_AUDIT */
5013 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
5014 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
5015 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
5016 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
5017 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
5018 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
5019 LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up),
5020 LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr),
5021 LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as),
5022 #ifdef CONFIG_IO_URING
5023 LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),
5024 LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),
5025 LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),
5030 static __init void init_smack_known_list(void)
5033 * Initialize rule list locks
5035 mutex_init(&smack_known_huh.smk_rules_lock);
5036 mutex_init(&smack_known_hat.smk_rules_lock);
5037 mutex_init(&smack_known_floor.smk_rules_lock);
5038 mutex_init(&smack_known_star.smk_rules_lock);
5039 mutex_init(&smack_known_web.smk_rules_lock);
5041 * Initialize rule lists
5043 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
5044 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
5045 INIT_LIST_HEAD(&smack_known_star.smk_rules);
5046 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
5047 INIT_LIST_HEAD(&smack_known_web.smk_rules);
5049 * Create the known labels list
5051 smk_insert_entry(&smack_known_huh);
5052 smk_insert_entry(&smack_known_hat);
5053 smk_insert_entry(&smack_known_star);
5054 smk_insert_entry(&smack_known_floor);
5055 smk_insert_entry(&smack_known_web);
5059 * smack_init - initialize the smack system
5061 * Returns 0 on success, -ENOMEM is there's no memory
5063 static __init int smack_init(void)
5065 struct cred *cred = (struct cred *) current->cred;
5066 struct task_smack *tsp;
5068 smack_rule_cache = KMEM_CACHE(smack_rule, 0);
5069 if (!smack_rule_cache)
5073 * Set the security state for the initial task.
5075 tsp = smack_cred(cred);
5076 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
5081 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
5084 pr_info("Smack: Initializing.\n");
5085 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
5086 pr_info("Smack: Netfilter enabled.\n");
5088 #ifdef SMACK_IPV6_PORT_LABELING
5089 pr_info("Smack: IPv6 port labeling enabled.\n");
5091 #ifdef SMACK_IPV6_SECMARK_LABELING
5092 pr_info("Smack: IPv6 Netfilter enabled.\n");
5095 /* initialize the smack_known_list */
5096 init_smack_known_list();
5102 * Smack requires early initialization in order to label
5103 * all processes and objects when they are created.
5105 DEFINE_LSM(smack) = {
5107 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5108 .blobs = &smack_blob_sizes,