xref: /linux/security/smack/smack_lsm.c (revision 26b0d14106954ae46d2f4f7eec3481828a210f7d)
1 /*
2  *  Simplified MAC Kernel (smack) security module
3  *
4  *  This file contains the smack hook function implementations.
5  *
6  *  Authors:
7  *	Casey Schaufler <casey@schaufler-ca.com>
8  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9  *
10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  *                Paul Moore <paul@paul-moore.com>
13  *  Copyright (C) 2010 Nokia Corporation
14  *  Copyright (C) 2011 Intel Corporation.
15  *
16  *	This program is free software; you can redistribute it and/or modify
17  *	it under the terms of the GNU General Public License version 2,
18  *      as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/slab.h>
31 #include <linux/mutex.h>
32 #include <linux/pipe_fs_i.h>
33 #include <net/cipso_ipv4.h>
34 #include <linux/audit.h>
35 #include <linux/magic.h>
36 #include <linux/dcache.h>
37 #include <linux/personality.h>
38 #include <linux/msg.h>
39 #include <linux/shm.h>
40 #include <linux/binfmts.h>
41 #include "smack.h"
42 
43 #define task_security(task)	(task_cred_xxx((task), security))
44 
45 #define TRANS_TRUE	"TRUE"
46 #define TRANS_TRUE_SIZE	4
47 
48 /**
49  * smk_fetch - Fetch the smack label from a file.
50  * @ip: a pointer to the inode
51  * @dp: a pointer to the dentry
52  *
53  * Returns a pointer to the master list entry for the Smack label
54  * or NULL if there was no label to fetch.
55  */
56 static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
57 {
58 	int rc;
59 	char *buffer;
60 	char *result = NULL;
61 
62 	if (ip->i_op->getxattr == NULL)
63 		return NULL;
64 
65 	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
66 	if (buffer == NULL)
67 		return NULL;
68 
69 	rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
70 	if (rc > 0)
71 		result = smk_import(buffer, rc);
72 
73 	kfree(buffer);
74 
75 	return result;
76 }
77 
78 /**
79  * new_inode_smack - allocate an inode security blob
80  * @smack: a pointer to the Smack label to use in the blob
81  *
82  * Returns the new blob or NULL if there's no memory available
83  */
84 struct inode_smack *new_inode_smack(char *smack)
85 {
86 	struct inode_smack *isp;
87 
88 	isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
89 	if (isp == NULL)
90 		return NULL;
91 
92 	isp->smk_inode = smack;
93 	isp->smk_flags = 0;
94 	mutex_init(&isp->smk_lock);
95 
96 	return isp;
97 }
98 
99 /**
100  * new_task_smack - allocate a task security blob
101  * @smack: a pointer to the Smack label to use in the blob
102  *
103  * Returns the new blob or NULL if there's no memory available
104  */
105 static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
106 {
107 	struct task_smack *tsp;
108 
109 	tsp = kzalloc(sizeof(struct task_smack), gfp);
110 	if (tsp == NULL)
111 		return NULL;
112 
113 	tsp->smk_task = task;
114 	tsp->smk_forked = forked;
115 	INIT_LIST_HEAD(&tsp->smk_rules);
116 	mutex_init(&tsp->smk_rules_lock);
117 
118 	return tsp;
119 }
120 
121 /**
122  * smk_copy_rules - copy a rule set
123  * @nhead - new rules header pointer
124  * @ohead - old rules header pointer
125  *
126  * Returns 0 on success, -ENOMEM on error
127  */
128 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
129 				gfp_t gfp)
130 {
131 	struct smack_rule *nrp;
132 	struct smack_rule *orp;
133 	int rc = 0;
134 
135 	INIT_LIST_HEAD(nhead);
136 
137 	list_for_each_entry_rcu(orp, ohead, list) {
138 		nrp = kzalloc(sizeof(struct smack_rule), gfp);
139 		if (nrp == NULL) {
140 			rc = -ENOMEM;
141 			break;
142 		}
143 		*nrp = *orp;
144 		list_add_rcu(&nrp->list, nhead);
145 	}
146 	return rc;
147 }
148 
149 /*
150  * LSM hooks.
151  * We he, that is fun!
152  */
153 
154 /**
155  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
156  * @ctp: child task pointer
157  * @mode: ptrace attachment mode
158  *
159  * Returns 0 if access is OK, an error code otherwise
160  *
161  * Do the capability checks, and require read and write.
162  */
163 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
164 {
165 	int rc;
166 	struct smk_audit_info ad;
167 	char *tsp;
168 
169 	rc = cap_ptrace_access_check(ctp, mode);
170 	if (rc != 0)
171 		return rc;
172 
173 	tsp = smk_of_task(task_security(ctp));
174 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
175 	smk_ad_setfield_u_tsk(&ad, ctp);
176 
177 	rc = smk_curacc(tsp, MAY_READWRITE, &ad);
178 	return rc;
179 }
180 
181 /**
182  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
183  * @ptp: parent task pointer
184  *
185  * Returns 0 if access is OK, an error code otherwise
186  *
187  * Do the capability checks, and require read and write.
188  */
189 static int smack_ptrace_traceme(struct task_struct *ptp)
190 {
191 	int rc;
192 	struct smk_audit_info ad;
193 	char *tsp;
194 
195 	rc = cap_ptrace_traceme(ptp);
196 	if (rc != 0)
197 		return rc;
198 
199 	tsp = smk_of_task(task_security(ptp));
200 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
201 	smk_ad_setfield_u_tsk(&ad, ptp);
202 
203 	rc = smk_curacc(tsp, MAY_READWRITE, &ad);
204 	return rc;
205 }
206 
207 /**
208  * smack_syslog - Smack approval on syslog
209  * @type: message type
210  *
211  * Require that the task has the floor label
212  *
213  * Returns 0 on success, error code otherwise.
214  */
215 static int smack_syslog(int typefrom_file)
216 {
217 	int rc = 0;
218 	char *sp = smk_of_current();
219 
220 	if (capable(CAP_MAC_OVERRIDE))
221 		return 0;
222 
223 	 if (sp != smack_known_floor.smk_known)
224 		rc = -EACCES;
225 
226 	return rc;
227 }
228 
229 
230 /*
231  * Superblock Hooks.
232  */
233 
234 /**
235  * smack_sb_alloc_security - allocate a superblock blob
236  * @sb: the superblock getting the blob
237  *
238  * Returns 0 on success or -ENOMEM on error.
239  */
240 static int smack_sb_alloc_security(struct super_block *sb)
241 {
242 	struct superblock_smack *sbsp;
243 
244 	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
245 
246 	if (sbsp == NULL)
247 		return -ENOMEM;
248 
249 	sbsp->smk_root = smack_known_floor.smk_known;
250 	sbsp->smk_default = smack_known_floor.smk_known;
251 	sbsp->smk_floor = smack_known_floor.smk_known;
252 	sbsp->smk_hat = smack_known_hat.smk_known;
253 	sbsp->smk_initialized = 0;
254 	spin_lock_init(&sbsp->smk_sblock);
255 
256 	sb->s_security = sbsp;
257 
258 	return 0;
259 }
260 
261 /**
262  * smack_sb_free_security - free a superblock blob
263  * @sb: the superblock getting the blob
264  *
265  */
266 static void smack_sb_free_security(struct super_block *sb)
267 {
268 	kfree(sb->s_security);
269 	sb->s_security = NULL;
270 }
271 
272 /**
273  * smack_sb_copy_data - copy mount options data for processing
274  * @orig: where to start
275  * @smackopts: mount options string
276  *
277  * Returns 0 on success or -ENOMEM on error.
278  *
279  * Copy the Smack specific mount options out of the mount
280  * options list.
281  */
282 static int smack_sb_copy_data(char *orig, char *smackopts)
283 {
284 	char *cp, *commap, *otheropts, *dp;
285 
286 	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
287 	if (otheropts == NULL)
288 		return -ENOMEM;
289 
290 	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
291 		if (strstr(cp, SMK_FSDEFAULT) == cp)
292 			dp = smackopts;
293 		else if (strstr(cp, SMK_FSFLOOR) == cp)
294 			dp = smackopts;
295 		else if (strstr(cp, SMK_FSHAT) == cp)
296 			dp = smackopts;
297 		else if (strstr(cp, SMK_FSROOT) == cp)
298 			dp = smackopts;
299 		else
300 			dp = otheropts;
301 
302 		commap = strchr(cp, ',');
303 		if (commap != NULL)
304 			*commap = '\0';
305 
306 		if (*dp != '\0')
307 			strcat(dp, ",");
308 		strcat(dp, cp);
309 	}
310 
311 	strcpy(orig, otheropts);
312 	free_page((unsigned long)otheropts);
313 
314 	return 0;
315 }
316 
317 /**
318  * smack_sb_kern_mount - Smack specific mount processing
319  * @sb: the file system superblock
320  * @flags: the mount flags
321  * @data: the smack mount options
322  *
323  * Returns 0 on success, an error code on failure
324  */
325 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
326 {
327 	struct dentry *root = sb->s_root;
328 	struct inode *inode = root->d_inode;
329 	struct superblock_smack *sp = sb->s_security;
330 	struct inode_smack *isp;
331 	char *op;
332 	char *commap;
333 	char *nsp;
334 
335 	spin_lock(&sp->smk_sblock);
336 	if (sp->smk_initialized != 0) {
337 		spin_unlock(&sp->smk_sblock);
338 		return 0;
339 	}
340 	sp->smk_initialized = 1;
341 	spin_unlock(&sp->smk_sblock);
342 
343 	for (op = data; op != NULL; op = commap) {
344 		commap = strchr(op, ',');
345 		if (commap != NULL)
346 			*commap++ = '\0';
347 
348 		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
349 			op += strlen(SMK_FSHAT);
350 			nsp = smk_import(op, 0);
351 			if (nsp != NULL)
352 				sp->smk_hat = nsp;
353 		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
354 			op += strlen(SMK_FSFLOOR);
355 			nsp = smk_import(op, 0);
356 			if (nsp != NULL)
357 				sp->smk_floor = nsp;
358 		} else if (strncmp(op, SMK_FSDEFAULT,
359 				   strlen(SMK_FSDEFAULT)) == 0) {
360 			op += strlen(SMK_FSDEFAULT);
361 			nsp = smk_import(op, 0);
362 			if (nsp != NULL)
363 				sp->smk_default = nsp;
364 		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
365 			op += strlen(SMK_FSROOT);
366 			nsp = smk_import(op, 0);
367 			if (nsp != NULL)
368 				sp->smk_root = nsp;
369 		}
370 	}
371 
372 	/*
373 	 * Initialize the root inode.
374 	 */
375 	isp = inode->i_security;
376 	if (isp == NULL)
377 		inode->i_security = new_inode_smack(sp->smk_root);
378 	else
379 		isp->smk_inode = sp->smk_root;
380 
381 	return 0;
382 }
383 
384 /**
385  * smack_sb_statfs - Smack check on statfs
386  * @dentry: identifies the file system in question
387  *
388  * Returns 0 if current can read the floor of the filesystem,
389  * and error code otherwise
390  */
391 static int smack_sb_statfs(struct dentry *dentry)
392 {
393 	struct superblock_smack *sbp = dentry->d_sb->s_security;
394 	int rc;
395 	struct smk_audit_info ad;
396 
397 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
398 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
399 
400 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
401 	return rc;
402 }
403 
404 /**
405  * smack_sb_mount - Smack check for mounting
406  * @dev_name: unused
407  * @path: mount point
408  * @type: unused
409  * @flags: unused
410  * @data: unused
411  *
412  * Returns 0 if current can write the floor of the filesystem
413  * being mounted on, an error code otherwise.
414  */
415 static int smack_sb_mount(char *dev_name, struct path *path,
416 			  char *type, unsigned long flags, void *data)
417 {
418 	struct superblock_smack *sbp = path->dentry->d_sb->s_security;
419 	struct smk_audit_info ad;
420 
421 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
422 	smk_ad_setfield_u_fs_path(&ad, *path);
423 
424 	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
425 }
426 
427 /**
428  * smack_sb_umount - Smack check for unmounting
429  * @mnt: file system to unmount
430  * @flags: unused
431  *
432  * Returns 0 if current can write the floor of the filesystem
433  * being unmounted, an error code otherwise.
434  */
435 static int smack_sb_umount(struct vfsmount *mnt, int flags)
436 {
437 	struct superblock_smack *sbp;
438 	struct smk_audit_info ad;
439 	struct path path;
440 
441 	path.dentry = mnt->mnt_root;
442 	path.mnt = mnt;
443 
444 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
445 	smk_ad_setfield_u_fs_path(&ad, path);
446 
447 	sbp = path.dentry->d_sb->s_security;
448 	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
449 }
450 
451 /*
452  * BPRM hooks
453  */
454 
455 /**
456  * smack_bprm_set_creds - set creds for exec
457  * @bprm: the exec information
458  *
459  * Returns 0 if it gets a blob, -ENOMEM otherwise
460  */
461 static int smack_bprm_set_creds(struct linux_binprm *bprm)
462 {
463 	struct inode *inode = bprm->file->f_path.dentry->d_inode;
464 	struct task_smack *bsp = bprm->cred->security;
465 	struct inode_smack *isp;
466 	int rc;
467 
468 	rc = cap_bprm_set_creds(bprm);
469 	if (rc != 0)
470 		return rc;
471 
472 	if (bprm->cred_prepared)
473 		return 0;
474 
475 	isp = inode->i_security;
476 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
477 		return 0;
478 
479 	if (bprm->unsafe)
480 		return -EPERM;
481 
482 	bsp->smk_task = isp->smk_task;
483 	bprm->per_clear |= PER_CLEAR_ON_SETID;
484 
485 	return 0;
486 }
487 
488 /**
489  * smack_bprm_committing_creds - Prepare to install the new credentials
490  * from bprm.
491  *
492  * @bprm: binprm for exec
493  */
494 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
495 {
496 	struct task_smack *bsp = bprm->cred->security;
497 
498 	if (bsp->smk_task != bsp->smk_forked)
499 		current->pdeath_signal = 0;
500 }
501 
502 /**
503  * smack_bprm_secureexec - Return the decision to use secureexec.
504  * @bprm: binprm for exec
505  *
506  * Returns 0 on success.
507  */
508 static int smack_bprm_secureexec(struct linux_binprm *bprm)
509 {
510 	struct task_smack *tsp = current_security();
511 	int ret = cap_bprm_secureexec(bprm);
512 
513 	if (!ret && (tsp->smk_task != tsp->smk_forked))
514 		ret = 1;
515 
516 	return ret;
517 }
518 
519 /*
520  * Inode hooks
521  */
522 
523 /**
524  * smack_inode_alloc_security - allocate an inode blob
525  * @inode: the inode in need of a blob
526  *
527  * Returns 0 if it gets a blob, -ENOMEM otherwise
528  */
529 static int smack_inode_alloc_security(struct inode *inode)
530 {
531 	inode->i_security = new_inode_smack(smk_of_current());
532 	if (inode->i_security == NULL)
533 		return -ENOMEM;
534 	return 0;
535 }
536 
537 /**
538  * smack_inode_free_security - free an inode blob
539  * @inode: the inode with a blob
540  *
541  * Clears the blob pointer in inode
542  */
543 static void smack_inode_free_security(struct inode *inode)
544 {
545 	kfree(inode->i_security);
546 	inode->i_security = NULL;
547 }
548 
549 /**
550  * smack_inode_init_security - copy out the smack from an inode
551  * @inode: the inode
552  * @dir: unused
553  * @qstr: unused
554  * @name: where to put the attribute name
555  * @value: where to put the attribute value
556  * @len: where to put the length of the attribute
557  *
558  * Returns 0 if it all works out, -ENOMEM if there's no memory
559  */
560 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
561 				     const struct qstr *qstr, char **name,
562 				     void **value, size_t *len)
563 {
564 	struct smack_known *skp;
565 	struct inode_smack *issp = inode->i_security;
566 	char *csp = smk_of_current();
567 	char *isp = smk_of_inode(inode);
568 	char *dsp = smk_of_inode(dir);
569 	int may;
570 
571 	if (name) {
572 		*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
573 		if (*name == NULL)
574 			return -ENOMEM;
575 	}
576 
577 	if (value) {
578 		skp = smk_find_entry(csp);
579 		rcu_read_lock();
580 		may = smk_access_entry(csp, dsp, &skp->smk_rules);
581 		rcu_read_unlock();
582 
583 		/*
584 		 * If the access rule allows transmutation and
585 		 * the directory requests transmutation then
586 		 * by all means transmute.
587 		 * Mark the inode as changed.
588 		 */
589 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
590 		    smk_inode_transmutable(dir)) {
591 			isp = dsp;
592 			issp->smk_flags |= SMK_INODE_CHANGED;
593 		}
594 
595 		*value = kstrdup(isp, GFP_NOFS);
596 		if (*value == NULL)
597 			return -ENOMEM;
598 	}
599 
600 	if (len)
601 		*len = strlen(isp) + 1;
602 
603 	return 0;
604 }
605 
606 /**
607  * smack_inode_link - Smack check on link
608  * @old_dentry: the existing object
609  * @dir: unused
610  * @new_dentry: the new object
611  *
612  * Returns 0 if access is permitted, an error code otherwise
613  */
614 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
615 			    struct dentry *new_dentry)
616 {
617 	char *isp;
618 	struct smk_audit_info ad;
619 	int rc;
620 
621 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
622 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
623 
624 	isp = smk_of_inode(old_dentry->d_inode);
625 	rc = smk_curacc(isp, MAY_WRITE, &ad);
626 
627 	if (rc == 0 && new_dentry->d_inode != NULL) {
628 		isp = smk_of_inode(new_dentry->d_inode);
629 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
630 		rc = smk_curacc(isp, MAY_WRITE, &ad);
631 	}
632 
633 	return rc;
634 }
635 
636 /**
637  * smack_inode_unlink - Smack check on inode deletion
638  * @dir: containing directory object
639  * @dentry: file to unlink
640  *
641  * Returns 0 if current can write the containing directory
642  * and the object, error code otherwise
643  */
644 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
645 {
646 	struct inode *ip = dentry->d_inode;
647 	struct smk_audit_info ad;
648 	int rc;
649 
650 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
651 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
652 
653 	/*
654 	 * You need write access to the thing you're unlinking
655 	 */
656 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
657 	if (rc == 0) {
658 		/*
659 		 * You also need write access to the containing directory
660 		 */
661 		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
662 		smk_ad_setfield_u_fs_inode(&ad, dir);
663 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
664 	}
665 	return rc;
666 }
667 
668 /**
669  * smack_inode_rmdir - Smack check on directory deletion
670  * @dir: containing directory object
671  * @dentry: directory to unlink
672  *
673  * Returns 0 if current can write the containing directory
674  * and the directory, error code otherwise
675  */
676 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
677 {
678 	struct smk_audit_info ad;
679 	int rc;
680 
681 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
682 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
683 
684 	/*
685 	 * You need write access to the thing you're removing
686 	 */
687 	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
688 	if (rc == 0) {
689 		/*
690 		 * You also need write access to the containing directory
691 		 */
692 		smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
693 		smk_ad_setfield_u_fs_inode(&ad, dir);
694 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
695 	}
696 
697 	return rc;
698 }
699 
700 /**
701  * smack_inode_rename - Smack check on rename
702  * @old_inode: the old directory
703  * @old_dentry: unused
704  * @new_inode: the new directory
705  * @new_dentry: unused
706  *
707  * Read and write access is required on both the old and
708  * new directories.
709  *
710  * Returns 0 if access is permitted, an error code otherwise
711  */
712 static int smack_inode_rename(struct inode *old_inode,
713 			      struct dentry *old_dentry,
714 			      struct inode *new_inode,
715 			      struct dentry *new_dentry)
716 {
717 	int rc;
718 	char *isp;
719 	struct smk_audit_info ad;
720 
721 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
722 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
723 
724 	isp = smk_of_inode(old_dentry->d_inode);
725 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
726 
727 	if (rc == 0 && new_dentry->d_inode != NULL) {
728 		isp = smk_of_inode(new_dentry->d_inode);
729 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
730 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
731 	}
732 	return rc;
733 }
734 
735 /**
736  * smack_inode_permission - Smack version of permission()
737  * @inode: the inode in question
738  * @mask: the access requested
739  *
740  * This is the important Smack hook.
741  *
742  * Returns 0 if access is permitted, -EACCES otherwise
743  */
744 static int smack_inode_permission(struct inode *inode, int mask)
745 {
746 	struct smk_audit_info ad;
747 	int no_block = mask & MAY_NOT_BLOCK;
748 
749 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
750 	/*
751 	 * No permission to check. Existence test. Yup, it's there.
752 	 */
753 	if (mask == 0)
754 		return 0;
755 
756 	/* May be droppable after audit */
757 	if (no_block)
758 		return -ECHILD;
759 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
760 	smk_ad_setfield_u_fs_inode(&ad, inode);
761 	return smk_curacc(smk_of_inode(inode), mask, &ad);
762 }
763 
764 /**
765  * smack_inode_setattr - Smack check for setting attributes
766  * @dentry: the object
767  * @iattr: for the force flag
768  *
769  * Returns 0 if access is permitted, an error code otherwise
770  */
771 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
772 {
773 	struct smk_audit_info ad;
774 	/*
775 	 * Need to allow for clearing the setuid bit.
776 	 */
777 	if (iattr->ia_valid & ATTR_FORCE)
778 		return 0;
779 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
780 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
781 
782 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
783 }
784 
785 /**
786  * smack_inode_getattr - Smack check for getting attributes
787  * @mnt: unused
788  * @dentry: the object
789  *
790  * Returns 0 if access is permitted, an error code otherwise
791  */
792 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
793 {
794 	struct smk_audit_info ad;
795 	struct path path;
796 
797 	path.dentry = dentry;
798 	path.mnt = mnt;
799 
800 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
801 	smk_ad_setfield_u_fs_path(&ad, path);
802 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
803 }
804 
805 /**
806  * smack_inode_setxattr - Smack check for setting xattrs
807  * @dentry: the object
808  * @name: name of the attribute
809  * @value: unused
810  * @size: unused
811  * @flags: unused
812  *
813  * This protects the Smack attribute explicitly.
814  *
815  * Returns 0 if access is permitted, an error code otherwise
816  */
817 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
818 				const void *value, size_t size, int flags)
819 {
820 	struct smk_audit_info ad;
821 	int rc = 0;
822 
823 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
824 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
825 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
826 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
827 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
828 		if (!capable(CAP_MAC_ADMIN))
829 			rc = -EPERM;
830 		/*
831 		 * check label validity here so import wont fail on
832 		 * post_setxattr
833 		 */
834 		if (size == 0 || size >= SMK_LONGLABEL ||
835 		    smk_import(value, size) == NULL)
836 			rc = -EINVAL;
837 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
838 		if (!capable(CAP_MAC_ADMIN))
839 			rc = -EPERM;
840 		if (size != TRANS_TRUE_SIZE ||
841 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
842 			rc = -EINVAL;
843 	} else
844 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
845 
846 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
847 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
848 
849 	if (rc == 0)
850 		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
851 
852 	return rc;
853 }
854 
855 /**
856  * smack_inode_post_setxattr - Apply the Smack update approved above
857  * @dentry: object
858  * @name: attribute name
859  * @value: attribute value
860  * @size: attribute size
861  * @flags: unused
862  *
863  * Set the pointer in the inode blob to the entry found
864  * in the master label list.
865  */
866 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
867 				      const void *value, size_t size, int flags)
868 {
869 	char *nsp;
870 	struct inode_smack *isp = dentry->d_inode->i_security;
871 
872 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
873 		nsp = smk_import(value, size);
874 		if (nsp != NULL)
875 			isp->smk_inode = nsp;
876 		else
877 			isp->smk_inode = smack_known_invalid.smk_known;
878 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
879 		nsp = smk_import(value, size);
880 		if (nsp != NULL)
881 			isp->smk_task = nsp;
882 		else
883 			isp->smk_task = smack_known_invalid.smk_known;
884 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
885 		nsp = smk_import(value, size);
886 		if (nsp != NULL)
887 			isp->smk_mmap = nsp;
888 		else
889 			isp->smk_mmap = smack_known_invalid.smk_known;
890 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
891 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
892 
893 	return;
894 }
895 
896 /**
897  * smack_inode_getxattr - Smack check on getxattr
898  * @dentry: the object
899  * @name: unused
900  *
901  * Returns 0 if access is permitted, an error code otherwise
902  */
903 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
904 {
905 	struct smk_audit_info ad;
906 
907 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
908 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
909 
910 	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
911 }
912 
913 /**
914  * smack_inode_removexattr - Smack check on removexattr
915  * @dentry: the object
916  * @name: name of the attribute
917  *
918  * Removing the Smack attribute requires CAP_MAC_ADMIN
919  *
920  * Returns 0 if access is permitted, an error code otherwise
921  */
922 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
923 {
924 	struct inode_smack *isp;
925 	struct smk_audit_info ad;
926 	int rc = 0;
927 
928 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
929 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
930 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
931 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
932 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
933 	    strcmp(name, XATTR_NAME_SMACKMMAP)) {
934 		if (!capable(CAP_MAC_ADMIN))
935 			rc = -EPERM;
936 	} else
937 		rc = cap_inode_removexattr(dentry, name);
938 
939 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
940 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
941 	if (rc == 0)
942 		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
943 
944 	if (rc == 0) {
945 		isp = dentry->d_inode->i_security;
946 		isp->smk_task = NULL;
947 		isp->smk_mmap = NULL;
948 	}
949 
950 	return rc;
951 }
952 
953 /**
954  * smack_inode_getsecurity - get smack xattrs
955  * @inode: the object
956  * @name: attribute name
957  * @buffer: where to put the result
958  * @alloc: unused
959  *
960  * Returns the size of the attribute or an error code
961  */
962 static int smack_inode_getsecurity(const struct inode *inode,
963 				   const char *name, void **buffer,
964 				   bool alloc)
965 {
966 	struct socket_smack *ssp;
967 	struct socket *sock;
968 	struct super_block *sbp;
969 	struct inode *ip = (struct inode *)inode;
970 	char *isp;
971 	int ilen;
972 	int rc = 0;
973 
974 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
975 		isp = smk_of_inode(inode);
976 		ilen = strlen(isp) + 1;
977 		*buffer = isp;
978 		return ilen;
979 	}
980 
981 	/*
982 	 * The rest of the Smack xattrs are only on sockets.
983 	 */
984 	sbp = ip->i_sb;
985 	if (sbp->s_magic != SOCKFS_MAGIC)
986 		return -EOPNOTSUPP;
987 
988 	sock = SOCKET_I(ip);
989 	if (sock == NULL || sock->sk == NULL)
990 		return -EOPNOTSUPP;
991 
992 	ssp = sock->sk->sk_security;
993 
994 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
995 		isp = ssp->smk_in;
996 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
997 		isp = ssp->smk_out;
998 	else
999 		return -EOPNOTSUPP;
1000 
1001 	ilen = strlen(isp) + 1;
1002 	if (rc == 0) {
1003 		*buffer = isp;
1004 		rc = ilen;
1005 	}
1006 
1007 	return rc;
1008 }
1009 
1010 
1011 /**
1012  * smack_inode_listsecurity - list the Smack attributes
1013  * @inode: the object
1014  * @buffer: where they go
1015  * @buffer_size: size of buffer
1016  *
1017  * Returns 0 on success, -EINVAL otherwise
1018  */
1019 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1020 				    size_t buffer_size)
1021 {
1022 	int len = strlen(XATTR_NAME_SMACK);
1023 
1024 	if (buffer != NULL && len <= buffer_size) {
1025 		memcpy(buffer, XATTR_NAME_SMACK, len);
1026 		return len;
1027 	}
1028 	return -EINVAL;
1029 }
1030 
1031 /**
1032  * smack_inode_getsecid - Extract inode's security id
1033  * @inode: inode to extract the info from
1034  * @secid: where result will be saved
1035  */
1036 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
1037 {
1038 	struct inode_smack *isp = inode->i_security;
1039 
1040 	*secid = smack_to_secid(isp->smk_inode);
1041 }
1042 
1043 /*
1044  * File Hooks
1045  */
1046 
1047 /**
1048  * smack_file_permission - Smack check on file operations
1049  * @file: unused
1050  * @mask: unused
1051  *
1052  * Returns 0
1053  *
1054  * Should access checks be done on each read or write?
1055  * UNICOS and SELinux say yes.
1056  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1057  *
1058  * I'll say no for now. Smack does not do the frequent
1059  * label changing that SELinux does.
1060  */
1061 static int smack_file_permission(struct file *file, int mask)
1062 {
1063 	return 0;
1064 }
1065 
1066 /**
1067  * smack_file_alloc_security - assign a file security blob
1068  * @file: the object
1069  *
1070  * The security blob for a file is a pointer to the master
1071  * label list, so no allocation is done.
1072  *
1073  * Returns 0
1074  */
1075 static int smack_file_alloc_security(struct file *file)
1076 {
1077 	file->f_security = smk_of_current();
1078 	return 0;
1079 }
1080 
1081 /**
1082  * smack_file_free_security - clear a file security blob
1083  * @file: the object
1084  *
1085  * The security blob for a file is a pointer to the master
1086  * label list, so no memory is freed.
1087  */
1088 static void smack_file_free_security(struct file *file)
1089 {
1090 	file->f_security = NULL;
1091 }
1092 
1093 /**
1094  * smack_file_ioctl - Smack check on ioctls
1095  * @file: the object
1096  * @cmd: what to do
1097  * @arg: unused
1098  *
1099  * Relies heavily on the correct use of the ioctl command conventions.
1100  *
1101  * Returns 0 if allowed, error code otherwise
1102  */
1103 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1104 			    unsigned long arg)
1105 {
1106 	int rc = 0;
1107 	struct smk_audit_info ad;
1108 
1109 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1110 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1111 
1112 	if (_IOC_DIR(cmd) & _IOC_WRITE)
1113 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1114 
1115 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
1116 		rc = smk_curacc(file->f_security, MAY_READ, &ad);
1117 
1118 	return rc;
1119 }
1120 
1121 /**
1122  * smack_file_lock - Smack check on file locking
1123  * @file: the object
1124  * @cmd: unused
1125  *
1126  * Returns 0 if current has write access, error code otherwise
1127  */
1128 static int smack_file_lock(struct file *file, unsigned int cmd)
1129 {
1130 	struct smk_audit_info ad;
1131 
1132 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1133 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1134 	return smk_curacc(file->f_security, MAY_WRITE, &ad);
1135 }
1136 
1137 /**
1138  * smack_file_fcntl - Smack check on fcntl
1139  * @file: the object
1140  * @cmd: what action to check
1141  * @arg: unused
1142  *
1143  * Generally these operations are harmless.
1144  * File locking operations present an obvious mechanism
1145  * for passing information, so they require write access.
1146  *
1147  * Returns 0 if current has access, error code otherwise
1148  */
1149 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1150 			    unsigned long arg)
1151 {
1152 	struct smk_audit_info ad;
1153 	int rc = 0;
1154 
1155 
1156 	switch (cmd) {
1157 	case F_GETLK:
1158 	case F_SETLK:
1159 	case F_SETLKW:
1160 	case F_SETOWN:
1161 	case F_SETSIG:
1162 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1163 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1164 		rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1165 		break;
1166 	default:
1167 		break;
1168 	}
1169 
1170 	return rc;
1171 }
1172 
1173 /**
1174  * smack_mmap_file :
1175  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1176  * if mapping anonymous memory.
1177  * @file contains the file structure for file to map (may be NULL).
1178  * @reqprot contains the protection requested by the application.
1179  * @prot contains the protection that will be applied by the kernel.
1180  * @flags contains the operational flags.
1181  * Return 0 if permission is granted.
1182  */
1183 static int smack_mmap_file(struct file *file,
1184 			   unsigned long reqprot, unsigned long prot,
1185 			   unsigned long flags)
1186 {
1187 	struct smack_known *skp;
1188 	struct smack_rule *srp;
1189 	struct task_smack *tsp;
1190 	char *sp;
1191 	char *msmack;
1192 	char *osmack;
1193 	struct inode_smack *isp;
1194 	struct dentry *dp;
1195 	int may;
1196 	int mmay;
1197 	int tmay;
1198 	int rc;
1199 
1200 	if (file == NULL || file->f_dentry == NULL)
1201 		return 0;
1202 
1203 	dp = file->f_dentry;
1204 
1205 	if (dp->d_inode == NULL)
1206 		return 0;
1207 
1208 	isp = dp->d_inode->i_security;
1209 	if (isp->smk_mmap == NULL)
1210 		return 0;
1211 	msmack = isp->smk_mmap;
1212 
1213 	tsp = current_security();
1214 	sp = smk_of_current();
1215 	skp = smk_find_entry(sp);
1216 	rc = 0;
1217 
1218 	rcu_read_lock();
1219 	/*
1220 	 * For each Smack rule associated with the subject
1221 	 * label verify that the SMACK64MMAP also has access
1222 	 * to that rule's object label.
1223 	 */
1224 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1225 		osmack = srp->smk_object;
1226 		/*
1227 		 * Matching labels always allows access.
1228 		 */
1229 		if (msmack == osmack)
1230 			continue;
1231 		/*
1232 		 * If there is a matching local rule take
1233 		 * that into account as well.
1234 		 */
1235 		may = smk_access_entry(srp->smk_subject, osmack,
1236 					&tsp->smk_rules);
1237 		if (may == -ENOENT)
1238 			may = srp->smk_access;
1239 		else
1240 			may &= srp->smk_access;
1241 		/*
1242 		 * If may is zero the SMACK64MMAP subject can't
1243 		 * possibly have less access.
1244 		 */
1245 		if (may == 0)
1246 			continue;
1247 
1248 		/*
1249 		 * Fetch the global list entry.
1250 		 * If there isn't one a SMACK64MMAP subject
1251 		 * can't have as much access as current.
1252 		 */
1253 		skp = smk_find_entry(msmack);
1254 		mmay = smk_access_entry(msmack, osmack, &skp->smk_rules);
1255 		if (mmay == -ENOENT) {
1256 			rc = -EACCES;
1257 			break;
1258 		}
1259 		/*
1260 		 * If there is a local entry it modifies the
1261 		 * potential access, too.
1262 		 */
1263 		tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1264 		if (tmay != -ENOENT)
1265 			mmay &= tmay;
1266 
1267 		/*
1268 		 * If there is any access available to current that is
1269 		 * not available to a SMACK64MMAP subject
1270 		 * deny access.
1271 		 */
1272 		if ((may | mmay) != mmay) {
1273 			rc = -EACCES;
1274 			break;
1275 		}
1276 	}
1277 
1278 	rcu_read_unlock();
1279 
1280 	return rc;
1281 }
1282 
1283 /**
1284  * smack_file_set_fowner - set the file security blob value
1285  * @file: object in question
1286  *
1287  * Returns 0
1288  * Further research may be required on this one.
1289  */
1290 static int smack_file_set_fowner(struct file *file)
1291 {
1292 	file->f_security = smk_of_current();
1293 	return 0;
1294 }
1295 
1296 /**
1297  * smack_file_send_sigiotask - Smack on sigio
1298  * @tsk: The target task
1299  * @fown: the object the signal come from
1300  * @signum: unused
1301  *
1302  * Allow a privileged task to get signals even if it shouldn't
1303  *
1304  * Returns 0 if a subject with the object's smack could
1305  * write to the task, an error code otherwise.
1306  */
1307 static int smack_file_send_sigiotask(struct task_struct *tsk,
1308 				     struct fown_struct *fown, int signum)
1309 {
1310 	struct file *file;
1311 	int rc;
1312 	char *tsp = smk_of_task(tsk->cred->security);
1313 	struct smk_audit_info ad;
1314 
1315 	/*
1316 	 * struct fown_struct is never outside the context of a struct file
1317 	 */
1318 	file = container_of(fown, struct file, f_owner);
1319 
1320 	/* we don't log here as rc can be overriden */
1321 	rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1322 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1323 		rc = 0;
1324 
1325 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1326 	smk_ad_setfield_u_tsk(&ad, tsk);
1327 	smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1328 	return rc;
1329 }
1330 
1331 /**
1332  * smack_file_receive - Smack file receive check
1333  * @file: the object
1334  *
1335  * Returns 0 if current has access, error code otherwise
1336  */
1337 static int smack_file_receive(struct file *file)
1338 {
1339 	int may = 0;
1340 	struct smk_audit_info ad;
1341 
1342 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1343 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1344 	/*
1345 	 * This code relies on bitmasks.
1346 	 */
1347 	if (file->f_mode & FMODE_READ)
1348 		may = MAY_READ;
1349 	if (file->f_mode & FMODE_WRITE)
1350 		may |= MAY_WRITE;
1351 
1352 	return smk_curacc(file->f_security, may, &ad);
1353 }
1354 
1355 /**
1356  * smack_file_open - Smack dentry open processing
1357  * @file: the object
1358  * @cred: unused
1359  *
1360  * Set the security blob in the file structure.
1361  *
1362  * Returns 0
1363  */
1364 static int smack_file_open(struct file *file, const struct cred *cred)
1365 {
1366 	struct inode_smack *isp = file->f_path.dentry->d_inode->i_security;
1367 
1368 	file->f_security = isp->smk_inode;
1369 
1370 	return 0;
1371 }
1372 
1373 /*
1374  * Task hooks
1375  */
1376 
1377 /**
1378  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1379  * @new: the new credentials
1380  * @gfp: the atomicity of any memory allocations
1381  *
1382  * Prepare a blank set of credentials for modification.  This must allocate all
1383  * the memory the LSM module might require such that cred_transfer() can
1384  * complete without error.
1385  */
1386 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1387 {
1388 	struct task_smack *tsp;
1389 
1390 	tsp = new_task_smack(NULL, NULL, gfp);
1391 	if (tsp == NULL)
1392 		return -ENOMEM;
1393 
1394 	cred->security = tsp;
1395 
1396 	return 0;
1397 }
1398 
1399 
1400 /**
1401  * smack_cred_free - "free" task-level security credentials
1402  * @cred: the credentials in question
1403  *
1404  */
1405 static void smack_cred_free(struct cred *cred)
1406 {
1407 	struct task_smack *tsp = cred->security;
1408 	struct smack_rule *rp;
1409 	struct list_head *l;
1410 	struct list_head *n;
1411 
1412 	if (tsp == NULL)
1413 		return;
1414 	cred->security = NULL;
1415 
1416 	list_for_each_safe(l, n, &tsp->smk_rules) {
1417 		rp = list_entry(l, struct smack_rule, list);
1418 		list_del(&rp->list);
1419 		kfree(rp);
1420 	}
1421 	kfree(tsp);
1422 }
1423 
1424 /**
1425  * smack_cred_prepare - prepare new set of credentials for modification
1426  * @new: the new credentials
1427  * @old: the original credentials
1428  * @gfp: the atomicity of any memory allocations
1429  *
1430  * Prepare a new set of credentials for modification.
1431  */
1432 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1433 			      gfp_t gfp)
1434 {
1435 	struct task_smack *old_tsp = old->security;
1436 	struct task_smack *new_tsp;
1437 	int rc;
1438 
1439 	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1440 	if (new_tsp == NULL)
1441 		return -ENOMEM;
1442 
1443 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1444 	if (rc != 0)
1445 		return rc;
1446 
1447 	new->security = new_tsp;
1448 	return 0;
1449 }
1450 
1451 /**
1452  * smack_cred_transfer - Transfer the old credentials to the new credentials
1453  * @new: the new credentials
1454  * @old: the original credentials
1455  *
1456  * Fill in a set of blank credentials from another set of credentials.
1457  */
1458 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1459 {
1460 	struct task_smack *old_tsp = old->security;
1461 	struct task_smack *new_tsp = new->security;
1462 
1463 	new_tsp->smk_task = old_tsp->smk_task;
1464 	new_tsp->smk_forked = old_tsp->smk_task;
1465 	mutex_init(&new_tsp->smk_rules_lock);
1466 	INIT_LIST_HEAD(&new_tsp->smk_rules);
1467 
1468 
1469 	/* cbs copy rule list */
1470 }
1471 
1472 /**
1473  * smack_kernel_act_as - Set the subjective context in a set of credentials
1474  * @new: points to the set of credentials to be modified.
1475  * @secid: specifies the security ID to be set
1476  *
1477  * Set the security data for a kernel service.
1478  */
1479 static int smack_kernel_act_as(struct cred *new, u32 secid)
1480 {
1481 	struct task_smack *new_tsp = new->security;
1482 	char *smack = smack_from_secid(secid);
1483 
1484 	if (smack == NULL)
1485 		return -EINVAL;
1486 
1487 	new_tsp->smk_task = smack;
1488 	return 0;
1489 }
1490 
1491 /**
1492  * smack_kernel_create_files_as - Set the file creation label in a set of creds
1493  * @new: points to the set of credentials to be modified
1494  * @inode: points to the inode to use as a reference
1495  *
1496  * Set the file creation context in a set of credentials to the same
1497  * as the objective context of the specified inode
1498  */
1499 static int smack_kernel_create_files_as(struct cred *new,
1500 					struct inode *inode)
1501 {
1502 	struct inode_smack *isp = inode->i_security;
1503 	struct task_smack *tsp = new->security;
1504 
1505 	tsp->smk_forked = isp->smk_inode;
1506 	tsp->smk_task = isp->smk_inode;
1507 	return 0;
1508 }
1509 
1510 /**
1511  * smk_curacc_on_task - helper to log task related access
1512  * @p: the task object
1513  * @access: the access requested
1514  * @caller: name of the calling function for audit
1515  *
1516  * Return 0 if access is permitted
1517  */
1518 static int smk_curacc_on_task(struct task_struct *p, int access,
1519 				const char *caller)
1520 {
1521 	struct smk_audit_info ad;
1522 
1523 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
1524 	smk_ad_setfield_u_tsk(&ad, p);
1525 	return smk_curacc(smk_of_task(task_security(p)), access, &ad);
1526 }
1527 
1528 /**
1529  * smack_task_setpgid - Smack check on setting pgid
1530  * @p: the task object
1531  * @pgid: unused
1532  *
1533  * Return 0 if write access is permitted
1534  */
1535 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1536 {
1537 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1538 }
1539 
1540 /**
1541  * smack_task_getpgid - Smack access check for getpgid
1542  * @p: the object task
1543  *
1544  * Returns 0 if current can read the object task, error code otherwise
1545  */
1546 static int smack_task_getpgid(struct task_struct *p)
1547 {
1548 	return smk_curacc_on_task(p, MAY_READ, __func__);
1549 }
1550 
1551 /**
1552  * smack_task_getsid - Smack access check for getsid
1553  * @p: the object task
1554  *
1555  * Returns 0 if current can read the object task, error code otherwise
1556  */
1557 static int smack_task_getsid(struct task_struct *p)
1558 {
1559 	return smk_curacc_on_task(p, MAY_READ, __func__);
1560 }
1561 
1562 /**
1563  * smack_task_getsecid - get the secid of the task
1564  * @p: the object task
1565  * @secid: where to put the result
1566  *
1567  * Sets the secid to contain a u32 version of the smack label.
1568  */
1569 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1570 {
1571 	*secid = smack_to_secid(smk_of_task(task_security(p)));
1572 }
1573 
1574 /**
1575  * smack_task_setnice - Smack check on setting nice
1576  * @p: the task object
1577  * @nice: unused
1578  *
1579  * Return 0 if write access is permitted
1580  */
1581 static int smack_task_setnice(struct task_struct *p, int nice)
1582 {
1583 	int rc;
1584 
1585 	rc = cap_task_setnice(p, nice);
1586 	if (rc == 0)
1587 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1588 	return rc;
1589 }
1590 
1591 /**
1592  * smack_task_setioprio - Smack check on setting ioprio
1593  * @p: the task object
1594  * @ioprio: unused
1595  *
1596  * Return 0 if write access is permitted
1597  */
1598 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1599 {
1600 	int rc;
1601 
1602 	rc = cap_task_setioprio(p, ioprio);
1603 	if (rc == 0)
1604 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1605 	return rc;
1606 }
1607 
1608 /**
1609  * smack_task_getioprio - Smack check on reading ioprio
1610  * @p: the task object
1611  *
1612  * Return 0 if read access is permitted
1613  */
1614 static int smack_task_getioprio(struct task_struct *p)
1615 {
1616 	return smk_curacc_on_task(p, MAY_READ, __func__);
1617 }
1618 
1619 /**
1620  * smack_task_setscheduler - Smack check on setting scheduler
1621  * @p: the task object
1622  * @policy: unused
1623  * @lp: unused
1624  *
1625  * Return 0 if read access is permitted
1626  */
1627 static int smack_task_setscheduler(struct task_struct *p)
1628 {
1629 	int rc;
1630 
1631 	rc = cap_task_setscheduler(p);
1632 	if (rc == 0)
1633 		rc = smk_curacc_on_task(p, MAY_WRITE, __func__);
1634 	return rc;
1635 }
1636 
1637 /**
1638  * smack_task_getscheduler - Smack check on reading scheduler
1639  * @p: the task object
1640  *
1641  * Return 0 if read access is permitted
1642  */
1643 static int smack_task_getscheduler(struct task_struct *p)
1644 {
1645 	return smk_curacc_on_task(p, MAY_READ, __func__);
1646 }
1647 
1648 /**
1649  * smack_task_movememory - Smack check on moving memory
1650  * @p: the task object
1651  *
1652  * Return 0 if write access is permitted
1653  */
1654 static int smack_task_movememory(struct task_struct *p)
1655 {
1656 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
1657 }
1658 
1659 /**
1660  * smack_task_kill - Smack check on signal delivery
1661  * @p: the task object
1662  * @info: unused
1663  * @sig: unused
1664  * @secid: identifies the smack to use in lieu of current's
1665  *
1666  * Return 0 if write access is permitted
1667  *
1668  * The secid behavior is an artifact of an SELinux hack
1669  * in the USB code. Someday it may go away.
1670  */
1671 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1672 			   int sig, u32 secid)
1673 {
1674 	struct smk_audit_info ad;
1675 
1676 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1677 	smk_ad_setfield_u_tsk(&ad, p);
1678 	/*
1679 	 * Sending a signal requires that the sender
1680 	 * can write the receiver.
1681 	 */
1682 	if (secid == 0)
1683 		return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE,
1684 				  &ad);
1685 	/*
1686 	 * If the secid isn't 0 we're dealing with some USB IO
1687 	 * specific behavior. This is not clean. For one thing
1688 	 * we can't take privilege into account.
1689 	 */
1690 	return smk_access(smack_from_secid(secid),
1691 			  smk_of_task(task_security(p)), MAY_WRITE, &ad);
1692 }
1693 
1694 /**
1695  * smack_task_wait - Smack access check for waiting
1696  * @p: task to wait for
1697  *
1698  * Returns 0 if current can wait for p, error code otherwise
1699  */
1700 static int smack_task_wait(struct task_struct *p)
1701 {
1702 	struct smk_audit_info ad;
1703 	char *sp = smk_of_current();
1704 	char *tsp = smk_of_forked(task_security(p));
1705 	int rc;
1706 
1707 	/* we don't log here, we can be overriden */
1708 	rc = smk_access(tsp, sp, MAY_WRITE, NULL);
1709 	if (rc == 0)
1710 		goto out_log;
1711 
1712 	/*
1713 	 * Allow the operation to succeed if either task
1714 	 * has privilege to perform operations that might
1715 	 * account for the smack labels having gotten to
1716 	 * be different in the first place.
1717 	 *
1718 	 * This breaks the strict subject/object access
1719 	 * control ideal, taking the object's privilege
1720 	 * state into account in the decision as well as
1721 	 * the smack value.
1722 	 */
1723 	if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
1724 		rc = 0;
1725 	/* we log only if we didn't get overriden */
1726  out_log:
1727 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1728 	smk_ad_setfield_u_tsk(&ad, p);
1729 	smack_log(tsp, sp, MAY_WRITE, rc, &ad);
1730 	return rc;
1731 }
1732 
1733 /**
1734  * smack_task_to_inode - copy task smack into the inode blob
1735  * @p: task to copy from
1736  * @inode: inode to copy to
1737  *
1738  * Sets the smack pointer in the inode security blob
1739  */
1740 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1741 {
1742 	struct inode_smack *isp = inode->i_security;
1743 	isp->smk_inode = smk_of_task(task_security(p));
1744 }
1745 
1746 /*
1747  * Socket hooks.
1748  */
1749 
1750 /**
1751  * smack_sk_alloc_security - Allocate a socket blob
1752  * @sk: the socket
1753  * @family: unused
1754  * @gfp_flags: memory allocation flags
1755  *
1756  * Assign Smack pointers to current
1757  *
1758  * Returns 0 on success, -ENOMEM is there's no memory
1759  */
1760 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1761 {
1762 	char *csp = smk_of_current();
1763 	struct socket_smack *ssp;
1764 
1765 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1766 	if (ssp == NULL)
1767 		return -ENOMEM;
1768 
1769 	ssp->smk_in = csp;
1770 	ssp->smk_out = csp;
1771 	ssp->smk_packet = NULL;
1772 
1773 	sk->sk_security = ssp;
1774 
1775 	return 0;
1776 }
1777 
1778 /**
1779  * smack_sk_free_security - Free a socket blob
1780  * @sk: the socket
1781  *
1782  * Clears the blob pointer
1783  */
1784 static void smack_sk_free_security(struct sock *sk)
1785 {
1786 	kfree(sk->sk_security);
1787 }
1788 
1789 /**
1790 * smack_host_label - check host based restrictions
1791 * @sip: the object end
1792 *
1793 * looks for host based access restrictions
1794 *
1795 * This version will only be appropriate for really small sets of single label
1796 * hosts.  The caller is responsible for ensuring that the RCU read lock is
1797 * taken before calling this function.
1798 *
1799 * Returns the label of the far end or NULL if it's not special.
1800 */
1801 static char *smack_host_label(struct sockaddr_in *sip)
1802 {
1803 	struct smk_netlbladdr *snp;
1804 	struct in_addr *siap = &sip->sin_addr;
1805 
1806 	if (siap->s_addr == 0)
1807 		return NULL;
1808 
1809 	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1810 		/*
1811 		* we break after finding the first match because
1812 		* the list is sorted from longest to shortest mask
1813 		* so we have found the most specific match
1814 		*/
1815 		if ((&snp->smk_host.sin_addr)->s_addr ==
1816 		    (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1817 			/* we have found the special CIPSO option */
1818 			if (snp->smk_label == smack_cipso_option)
1819 				return NULL;
1820 			return snp->smk_label;
1821 		}
1822 
1823 	return NULL;
1824 }
1825 
1826 /**
1827  * smack_netlabel - Set the secattr on a socket
1828  * @sk: the socket
1829  * @labeled: socket label scheme
1830  *
1831  * Convert the outbound smack value (smk_out) to a
1832  * secattr and attach it to the socket.
1833  *
1834  * Returns 0 on success or an error code
1835  */
1836 static int smack_netlabel(struct sock *sk, int labeled)
1837 {
1838 	struct smack_known *skp;
1839 	struct socket_smack *ssp = sk->sk_security;
1840 	int rc = 0;
1841 
1842 	/*
1843 	 * Usually the netlabel code will handle changing the
1844 	 * packet labeling based on the label.
1845 	 * The case of a single label host is different, because
1846 	 * a single label host should never get a labeled packet
1847 	 * even though the label is usually associated with a packet
1848 	 * label.
1849 	 */
1850 	local_bh_disable();
1851 	bh_lock_sock_nested(sk);
1852 
1853 	if (ssp->smk_out == smack_net_ambient ||
1854 	    labeled == SMACK_UNLABELED_SOCKET)
1855 		netlbl_sock_delattr(sk);
1856 	else {
1857 		skp = smk_find_entry(ssp->smk_out);
1858 		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
1859 	}
1860 
1861 	bh_unlock_sock(sk);
1862 	local_bh_enable();
1863 
1864 	return rc;
1865 }
1866 
1867 /**
1868  * smack_netlbel_send - Set the secattr on a socket and perform access checks
1869  * @sk: the socket
1870  * @sap: the destination address
1871  *
1872  * Set the correct secattr for the given socket based on the destination
1873  * address and perform any outbound access checks needed.
1874  *
1875  * Returns 0 on success or an error code.
1876  *
1877  */
1878 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1879 {
1880 	int rc;
1881 	int sk_lbl;
1882 	char *hostsp;
1883 	struct socket_smack *ssp = sk->sk_security;
1884 	struct smk_audit_info ad;
1885 
1886 	rcu_read_lock();
1887 	hostsp = smack_host_label(sap);
1888 	if (hostsp != NULL) {
1889 #ifdef CONFIG_AUDIT
1890 		struct lsm_network_audit net;
1891 
1892 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
1893 		ad.a.u.net->family = sap->sin_family;
1894 		ad.a.u.net->dport = sap->sin_port;
1895 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
1896 #endif
1897 		sk_lbl = SMACK_UNLABELED_SOCKET;
1898 		rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1899 	} else {
1900 		sk_lbl = SMACK_CIPSO_SOCKET;
1901 		rc = 0;
1902 	}
1903 	rcu_read_unlock();
1904 	if (rc != 0)
1905 		return rc;
1906 
1907 	return smack_netlabel(sk, sk_lbl);
1908 }
1909 
1910 /**
1911  * smack_inode_setsecurity - set smack xattrs
1912  * @inode: the object
1913  * @name: attribute name
1914  * @value: attribute value
1915  * @size: size of the attribute
1916  * @flags: unused
1917  *
1918  * Sets the named attribute in the appropriate blob
1919  *
1920  * Returns 0 on success, or an error code
1921  */
1922 static int smack_inode_setsecurity(struct inode *inode, const char *name,
1923 				   const void *value, size_t size, int flags)
1924 {
1925 	char *sp;
1926 	struct inode_smack *nsp = inode->i_security;
1927 	struct socket_smack *ssp;
1928 	struct socket *sock;
1929 	int rc = 0;
1930 
1931 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
1932 		return -EACCES;
1933 
1934 	sp = smk_import(value, size);
1935 	if (sp == NULL)
1936 		return -EINVAL;
1937 
1938 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1939 		nsp->smk_inode = sp;
1940 		nsp->smk_flags |= SMK_INODE_INSTANT;
1941 		return 0;
1942 	}
1943 	/*
1944 	 * The rest of the Smack xattrs are only on sockets.
1945 	 */
1946 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1947 		return -EOPNOTSUPP;
1948 
1949 	sock = SOCKET_I(inode);
1950 	if (sock == NULL || sock->sk == NULL)
1951 		return -EOPNOTSUPP;
1952 
1953 	ssp = sock->sk->sk_security;
1954 
1955 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1956 		ssp->smk_in = sp;
1957 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1958 		ssp->smk_out = sp;
1959 		if (sock->sk->sk_family != PF_UNIX) {
1960 			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1961 			if (rc != 0)
1962 				printk(KERN_WARNING
1963 					"Smack: \"%s\" netlbl error %d.\n",
1964 					__func__, -rc);
1965 		}
1966 	} else
1967 		return -EOPNOTSUPP;
1968 
1969 	return 0;
1970 }
1971 
1972 /**
1973  * smack_socket_post_create - finish socket setup
1974  * @sock: the socket
1975  * @family: protocol family
1976  * @type: unused
1977  * @protocol: unused
1978  * @kern: unused
1979  *
1980  * Sets the netlabel information on the socket
1981  *
1982  * Returns 0 on success, and error code otherwise
1983  */
1984 static int smack_socket_post_create(struct socket *sock, int family,
1985 				    int type, int protocol, int kern)
1986 {
1987 	if (family != PF_INET || sock->sk == NULL)
1988 		return 0;
1989 	/*
1990 	 * Set the outbound netlbl.
1991 	 */
1992 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1993 }
1994 
1995 /**
1996  * smack_socket_connect - connect access check
1997  * @sock: the socket
1998  * @sap: the other end
1999  * @addrlen: size of sap
2000  *
2001  * Verifies that a connection may be possible
2002  *
2003  * Returns 0 on success, and error code otherwise
2004  */
2005 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2006 				int addrlen)
2007 {
2008 	if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
2009 		return 0;
2010 	if (addrlen < sizeof(struct sockaddr_in))
2011 		return -EINVAL;
2012 
2013 	return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2014 }
2015 
2016 /**
2017  * smack_flags_to_may - convert S_ to MAY_ values
2018  * @flags: the S_ value
2019  *
2020  * Returns the equivalent MAY_ value
2021  */
2022 static int smack_flags_to_may(int flags)
2023 {
2024 	int may = 0;
2025 
2026 	if (flags & S_IRUGO)
2027 		may |= MAY_READ;
2028 	if (flags & S_IWUGO)
2029 		may |= MAY_WRITE;
2030 	if (flags & S_IXUGO)
2031 		may |= MAY_EXEC;
2032 
2033 	return may;
2034 }
2035 
2036 /**
2037  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2038  * @msg: the object
2039  *
2040  * Returns 0
2041  */
2042 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2043 {
2044 	msg->security = smk_of_current();
2045 	return 0;
2046 }
2047 
2048 /**
2049  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2050  * @msg: the object
2051  *
2052  * Clears the blob pointer
2053  */
2054 static void smack_msg_msg_free_security(struct msg_msg *msg)
2055 {
2056 	msg->security = NULL;
2057 }
2058 
2059 /**
2060  * smack_of_shm - the smack pointer for the shm
2061  * @shp: the object
2062  *
2063  * Returns a pointer to the smack value
2064  */
2065 static char *smack_of_shm(struct shmid_kernel *shp)
2066 {
2067 	return (char *)shp->shm_perm.security;
2068 }
2069 
2070 /**
2071  * smack_shm_alloc_security - Set the security blob for shm
2072  * @shp: the object
2073  *
2074  * Returns 0
2075  */
2076 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2077 {
2078 	struct kern_ipc_perm *isp = &shp->shm_perm;
2079 
2080 	isp->security = smk_of_current();
2081 	return 0;
2082 }
2083 
2084 /**
2085  * smack_shm_free_security - Clear the security blob for shm
2086  * @shp: the object
2087  *
2088  * Clears the blob pointer
2089  */
2090 static void smack_shm_free_security(struct shmid_kernel *shp)
2091 {
2092 	struct kern_ipc_perm *isp = &shp->shm_perm;
2093 
2094 	isp->security = NULL;
2095 }
2096 
2097 /**
2098  * smk_curacc_shm : check if current has access on shm
2099  * @shp : the object
2100  * @access : access requested
2101  *
2102  * Returns 0 if current has the requested access, error code otherwise
2103  */
2104 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2105 {
2106 	char *ssp = smack_of_shm(shp);
2107 	struct smk_audit_info ad;
2108 
2109 #ifdef CONFIG_AUDIT
2110 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2111 	ad.a.u.ipc_id = shp->shm_perm.id;
2112 #endif
2113 	return smk_curacc(ssp, access, &ad);
2114 }
2115 
2116 /**
2117  * smack_shm_associate - Smack access check for shm
2118  * @shp: the object
2119  * @shmflg: access requested
2120  *
2121  * Returns 0 if current has the requested access, error code otherwise
2122  */
2123 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2124 {
2125 	int may;
2126 
2127 	may = smack_flags_to_may(shmflg);
2128 	return smk_curacc_shm(shp, may);
2129 }
2130 
2131 /**
2132  * smack_shm_shmctl - Smack access check for shm
2133  * @shp: the object
2134  * @cmd: what it wants to do
2135  *
2136  * Returns 0 if current has the requested access, error code otherwise
2137  */
2138 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2139 {
2140 	int may;
2141 
2142 	switch (cmd) {
2143 	case IPC_STAT:
2144 	case SHM_STAT:
2145 		may = MAY_READ;
2146 		break;
2147 	case IPC_SET:
2148 	case SHM_LOCK:
2149 	case SHM_UNLOCK:
2150 	case IPC_RMID:
2151 		may = MAY_READWRITE;
2152 		break;
2153 	case IPC_INFO:
2154 	case SHM_INFO:
2155 		/*
2156 		 * System level information.
2157 		 */
2158 		return 0;
2159 	default:
2160 		return -EINVAL;
2161 	}
2162 	return smk_curacc_shm(shp, may);
2163 }
2164 
2165 /**
2166  * smack_shm_shmat - Smack access for shmat
2167  * @shp: the object
2168  * @shmaddr: unused
2169  * @shmflg: access requested
2170  *
2171  * Returns 0 if current has the requested access, error code otherwise
2172  */
2173 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2174 			   int shmflg)
2175 {
2176 	int may;
2177 
2178 	may = smack_flags_to_may(shmflg);
2179 	return smk_curacc_shm(shp, may);
2180 }
2181 
2182 /**
2183  * smack_of_sem - the smack pointer for the sem
2184  * @sma: the object
2185  *
2186  * Returns a pointer to the smack value
2187  */
2188 static char *smack_of_sem(struct sem_array *sma)
2189 {
2190 	return (char *)sma->sem_perm.security;
2191 }
2192 
2193 /**
2194  * smack_sem_alloc_security - Set the security blob for sem
2195  * @sma: the object
2196  *
2197  * Returns 0
2198  */
2199 static int smack_sem_alloc_security(struct sem_array *sma)
2200 {
2201 	struct kern_ipc_perm *isp = &sma->sem_perm;
2202 
2203 	isp->security = smk_of_current();
2204 	return 0;
2205 }
2206 
2207 /**
2208  * smack_sem_free_security - Clear the security blob for sem
2209  * @sma: the object
2210  *
2211  * Clears the blob pointer
2212  */
2213 static void smack_sem_free_security(struct sem_array *sma)
2214 {
2215 	struct kern_ipc_perm *isp = &sma->sem_perm;
2216 
2217 	isp->security = NULL;
2218 }
2219 
2220 /**
2221  * smk_curacc_sem : check if current has access on sem
2222  * @sma : the object
2223  * @access : access requested
2224  *
2225  * Returns 0 if current has the requested access, error code otherwise
2226  */
2227 static int smk_curacc_sem(struct sem_array *sma, int access)
2228 {
2229 	char *ssp = smack_of_sem(sma);
2230 	struct smk_audit_info ad;
2231 
2232 #ifdef CONFIG_AUDIT
2233 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2234 	ad.a.u.ipc_id = sma->sem_perm.id;
2235 #endif
2236 	return smk_curacc(ssp, access, &ad);
2237 }
2238 
2239 /**
2240  * smack_sem_associate - Smack access check for sem
2241  * @sma: the object
2242  * @semflg: access requested
2243  *
2244  * Returns 0 if current has the requested access, error code otherwise
2245  */
2246 static int smack_sem_associate(struct sem_array *sma, int semflg)
2247 {
2248 	int may;
2249 
2250 	may = smack_flags_to_may(semflg);
2251 	return smk_curacc_sem(sma, may);
2252 }
2253 
2254 /**
2255  * smack_sem_shmctl - Smack access check for sem
2256  * @sma: the object
2257  * @cmd: what it wants to do
2258  *
2259  * Returns 0 if current has the requested access, error code otherwise
2260  */
2261 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2262 {
2263 	int may;
2264 
2265 	switch (cmd) {
2266 	case GETPID:
2267 	case GETNCNT:
2268 	case GETZCNT:
2269 	case GETVAL:
2270 	case GETALL:
2271 	case IPC_STAT:
2272 	case SEM_STAT:
2273 		may = MAY_READ;
2274 		break;
2275 	case SETVAL:
2276 	case SETALL:
2277 	case IPC_RMID:
2278 	case IPC_SET:
2279 		may = MAY_READWRITE;
2280 		break;
2281 	case IPC_INFO:
2282 	case SEM_INFO:
2283 		/*
2284 		 * System level information
2285 		 */
2286 		return 0;
2287 	default:
2288 		return -EINVAL;
2289 	}
2290 
2291 	return smk_curacc_sem(sma, may);
2292 }
2293 
2294 /**
2295  * smack_sem_semop - Smack checks of semaphore operations
2296  * @sma: the object
2297  * @sops: unused
2298  * @nsops: unused
2299  * @alter: unused
2300  *
2301  * Treated as read and write in all cases.
2302  *
2303  * Returns 0 if access is allowed, error code otherwise
2304  */
2305 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2306 			   unsigned nsops, int alter)
2307 {
2308 	return smk_curacc_sem(sma, MAY_READWRITE);
2309 }
2310 
2311 /**
2312  * smack_msg_alloc_security - Set the security blob for msg
2313  * @msq: the object
2314  *
2315  * Returns 0
2316  */
2317 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2318 {
2319 	struct kern_ipc_perm *kisp = &msq->q_perm;
2320 
2321 	kisp->security = smk_of_current();
2322 	return 0;
2323 }
2324 
2325 /**
2326  * smack_msg_free_security - Clear the security blob for msg
2327  * @msq: the object
2328  *
2329  * Clears the blob pointer
2330  */
2331 static void smack_msg_queue_free_security(struct msg_queue *msq)
2332 {
2333 	struct kern_ipc_perm *kisp = &msq->q_perm;
2334 
2335 	kisp->security = NULL;
2336 }
2337 
2338 /**
2339  * smack_of_msq - the smack pointer for the msq
2340  * @msq: the object
2341  *
2342  * Returns a pointer to the smack value
2343  */
2344 static char *smack_of_msq(struct msg_queue *msq)
2345 {
2346 	return (char *)msq->q_perm.security;
2347 }
2348 
2349 /**
2350  * smk_curacc_msq : helper to check if current has access on msq
2351  * @msq : the msq
2352  * @access : access requested
2353  *
2354  * return 0 if current has access, error otherwise
2355  */
2356 static int smk_curacc_msq(struct msg_queue *msq, int access)
2357 {
2358 	char *msp = smack_of_msq(msq);
2359 	struct smk_audit_info ad;
2360 
2361 #ifdef CONFIG_AUDIT
2362 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2363 	ad.a.u.ipc_id = msq->q_perm.id;
2364 #endif
2365 	return smk_curacc(msp, access, &ad);
2366 }
2367 
2368 /**
2369  * smack_msg_queue_associate - Smack access check for msg_queue
2370  * @msq: the object
2371  * @msqflg: access requested
2372  *
2373  * Returns 0 if current has the requested access, error code otherwise
2374  */
2375 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2376 {
2377 	int may;
2378 
2379 	may = smack_flags_to_may(msqflg);
2380 	return smk_curacc_msq(msq, may);
2381 }
2382 
2383 /**
2384  * smack_msg_queue_msgctl - Smack access check for msg_queue
2385  * @msq: the object
2386  * @cmd: what it wants to do
2387  *
2388  * Returns 0 if current has the requested access, error code otherwise
2389  */
2390 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2391 {
2392 	int may;
2393 
2394 	switch (cmd) {
2395 	case IPC_STAT:
2396 	case MSG_STAT:
2397 		may = MAY_READ;
2398 		break;
2399 	case IPC_SET:
2400 	case IPC_RMID:
2401 		may = MAY_READWRITE;
2402 		break;
2403 	case IPC_INFO:
2404 	case MSG_INFO:
2405 		/*
2406 		 * System level information
2407 		 */
2408 		return 0;
2409 	default:
2410 		return -EINVAL;
2411 	}
2412 
2413 	return smk_curacc_msq(msq, may);
2414 }
2415 
2416 /**
2417  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2418  * @msq: the object
2419  * @msg: unused
2420  * @msqflg: access requested
2421  *
2422  * Returns 0 if current has the requested access, error code otherwise
2423  */
2424 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2425 				  int msqflg)
2426 {
2427 	int may;
2428 
2429 	may = smack_flags_to_may(msqflg);
2430 	return smk_curacc_msq(msq, may);
2431 }
2432 
2433 /**
2434  * smack_msg_queue_msgsnd - Smack access check for msg_queue
2435  * @msq: the object
2436  * @msg: unused
2437  * @target: unused
2438  * @type: unused
2439  * @mode: unused
2440  *
2441  * Returns 0 if current has read and write access, error code otherwise
2442  */
2443 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2444 			struct task_struct *target, long type, int mode)
2445 {
2446 	return smk_curacc_msq(msq, MAY_READWRITE);
2447 }
2448 
2449 /**
2450  * smack_ipc_permission - Smack access for ipc_permission()
2451  * @ipp: the object permissions
2452  * @flag: access requested
2453  *
2454  * Returns 0 if current has read and write access, error code otherwise
2455  */
2456 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2457 {
2458 	char *isp = ipp->security;
2459 	int may = smack_flags_to_may(flag);
2460 	struct smk_audit_info ad;
2461 
2462 #ifdef CONFIG_AUDIT
2463 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2464 	ad.a.u.ipc_id = ipp->id;
2465 #endif
2466 	return smk_curacc(isp, may, &ad);
2467 }
2468 
2469 /**
2470  * smack_ipc_getsecid - Extract smack security id
2471  * @ipp: the object permissions
2472  * @secid: where result will be saved
2473  */
2474 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2475 {
2476 	char *smack = ipp->security;
2477 
2478 	*secid = smack_to_secid(smack);
2479 }
2480 
2481 /**
2482  * smack_d_instantiate - Make sure the blob is correct on an inode
2483  * @opt_dentry: dentry where inode will be attached
2484  * @inode: the object
2485  *
2486  * Set the inode's security blob if it hasn't been done already.
2487  */
2488 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2489 {
2490 	struct super_block *sbp;
2491 	struct superblock_smack *sbsp;
2492 	struct inode_smack *isp;
2493 	char *csp = smk_of_current();
2494 	char *fetched;
2495 	char *final;
2496 	char trattr[TRANS_TRUE_SIZE];
2497 	int transflag = 0;
2498 	int rc;
2499 	struct dentry *dp;
2500 
2501 	if (inode == NULL)
2502 		return;
2503 
2504 	isp = inode->i_security;
2505 
2506 	mutex_lock(&isp->smk_lock);
2507 	/*
2508 	 * If the inode is already instantiated
2509 	 * take the quick way out
2510 	 */
2511 	if (isp->smk_flags & SMK_INODE_INSTANT)
2512 		goto unlockandout;
2513 
2514 	sbp = inode->i_sb;
2515 	sbsp = sbp->s_security;
2516 	/*
2517 	 * We're going to use the superblock default label
2518 	 * if there's no label on the file.
2519 	 */
2520 	final = sbsp->smk_default;
2521 
2522 	/*
2523 	 * If this is the root inode the superblock
2524 	 * may be in the process of initialization.
2525 	 * If that is the case use the root value out
2526 	 * of the superblock.
2527 	 */
2528 	if (opt_dentry->d_parent == opt_dentry) {
2529 		isp->smk_inode = sbsp->smk_root;
2530 		isp->smk_flags |= SMK_INODE_INSTANT;
2531 		goto unlockandout;
2532 	}
2533 
2534 	/*
2535 	 * This is pretty hackish.
2536 	 * Casey says that we shouldn't have to do
2537 	 * file system specific code, but it does help
2538 	 * with keeping it simple.
2539 	 */
2540 	switch (sbp->s_magic) {
2541 	case SMACK_MAGIC:
2542 		/*
2543 		 * Casey says that it's a little embarrassing
2544 		 * that the smack file system doesn't do
2545 		 * extended attributes.
2546 		 */
2547 		final = smack_known_star.smk_known;
2548 		break;
2549 	case PIPEFS_MAGIC:
2550 		/*
2551 		 * Casey says pipes are easy (?)
2552 		 */
2553 		final = smack_known_star.smk_known;
2554 		break;
2555 	case DEVPTS_SUPER_MAGIC:
2556 		/*
2557 		 * devpts seems content with the label of the task.
2558 		 * Programs that change smack have to treat the
2559 		 * pty with respect.
2560 		 */
2561 		final = csp;
2562 		break;
2563 	case SOCKFS_MAGIC:
2564 		/*
2565 		 * Socket access is controlled by the socket
2566 		 * structures associated with the task involved.
2567 		 */
2568 		final = smack_known_star.smk_known;
2569 		break;
2570 	case PROC_SUPER_MAGIC:
2571 		/*
2572 		 * Casey says procfs appears not to care.
2573 		 * The superblock default suffices.
2574 		 */
2575 		break;
2576 	case TMPFS_MAGIC:
2577 		/*
2578 		 * Device labels should come from the filesystem,
2579 		 * but watch out, because they're volitile,
2580 		 * getting recreated on every reboot.
2581 		 */
2582 		final = smack_known_star.smk_known;
2583 		/*
2584 		 * No break.
2585 		 *
2586 		 * If a smack value has been set we want to use it,
2587 		 * but since tmpfs isn't giving us the opportunity
2588 		 * to set mount options simulate setting the
2589 		 * superblock default.
2590 		 */
2591 	default:
2592 		/*
2593 		 * This isn't an understood special case.
2594 		 * Get the value from the xattr.
2595 		 */
2596 
2597 		/*
2598 		 * UNIX domain sockets use lower level socket data.
2599 		 */
2600 		if (S_ISSOCK(inode->i_mode)) {
2601 			final = smack_known_star.smk_known;
2602 			break;
2603 		}
2604 		/*
2605 		 * No xattr support means, alas, no SMACK label.
2606 		 * Use the aforeapplied default.
2607 		 * It would be curious if the label of the task
2608 		 * does not match that assigned.
2609 		 */
2610 		if (inode->i_op->getxattr == NULL)
2611 			break;
2612 		/*
2613 		 * Get the dentry for xattr.
2614 		 */
2615 		dp = dget(opt_dentry);
2616 		fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2617 		if (fetched != NULL)
2618 			final = fetched;
2619 
2620 		/*
2621 		 * Transmuting directory
2622 		 */
2623 		if (S_ISDIR(inode->i_mode)) {
2624 			/*
2625 			 * If this is a new directory and the label was
2626 			 * transmuted when the inode was initialized
2627 			 * set the transmute attribute on the directory
2628 			 * and mark the inode.
2629 			 *
2630 			 * If there is a transmute attribute on the
2631 			 * directory mark the inode.
2632 			 */
2633 			if (isp->smk_flags & SMK_INODE_CHANGED) {
2634 				isp->smk_flags &= ~SMK_INODE_CHANGED;
2635 				rc = inode->i_op->setxattr(dp,
2636 					XATTR_NAME_SMACKTRANSMUTE,
2637 					TRANS_TRUE, TRANS_TRUE_SIZE,
2638 					0);
2639 			} else {
2640 				rc = inode->i_op->getxattr(dp,
2641 					XATTR_NAME_SMACKTRANSMUTE, trattr,
2642 					TRANS_TRUE_SIZE);
2643 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
2644 						       TRANS_TRUE_SIZE) != 0)
2645 					rc = -EINVAL;
2646 			}
2647 			if (rc >= 0)
2648 				transflag = SMK_INODE_TRANSMUTE;
2649 		}
2650 		isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2651 		isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2652 
2653 		dput(dp);
2654 		break;
2655 	}
2656 
2657 	if (final == NULL)
2658 		isp->smk_inode = csp;
2659 	else
2660 		isp->smk_inode = final;
2661 
2662 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
2663 
2664 unlockandout:
2665 	mutex_unlock(&isp->smk_lock);
2666 	return;
2667 }
2668 
2669 /**
2670  * smack_getprocattr - Smack process attribute access
2671  * @p: the object task
2672  * @name: the name of the attribute in /proc/.../attr
2673  * @value: where to put the result
2674  *
2675  * Places a copy of the task Smack into value
2676  *
2677  * Returns the length of the smack label or an error code
2678  */
2679 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2680 {
2681 	char *cp;
2682 	int slen;
2683 
2684 	if (strcmp(name, "current") != 0)
2685 		return -EINVAL;
2686 
2687 	cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL);
2688 	if (cp == NULL)
2689 		return -ENOMEM;
2690 
2691 	slen = strlen(cp);
2692 	*value = cp;
2693 	return slen;
2694 }
2695 
2696 /**
2697  * smack_setprocattr - Smack process attribute setting
2698  * @p: the object task
2699  * @name: the name of the attribute in /proc/.../attr
2700  * @value: the value to set
2701  * @size: the size of the value
2702  *
2703  * Sets the Smack value of the task. Only setting self
2704  * is permitted and only with privilege
2705  *
2706  * Returns the length of the smack label or an error code
2707  */
2708 static int smack_setprocattr(struct task_struct *p, char *name,
2709 			     void *value, size_t size)
2710 {
2711 	int rc;
2712 	struct task_smack *tsp;
2713 	struct task_smack *oldtsp;
2714 	struct cred *new;
2715 	char *newsmack;
2716 
2717 	/*
2718 	 * Changing another process' Smack value is too dangerous
2719 	 * and supports no sane use case.
2720 	 */
2721 	if (p != current)
2722 		return -EPERM;
2723 
2724 	if (!capable(CAP_MAC_ADMIN))
2725 		return -EPERM;
2726 
2727 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
2728 		return -EINVAL;
2729 
2730 	if (strcmp(name, "current") != 0)
2731 		return -EINVAL;
2732 
2733 	newsmack = smk_import(value, size);
2734 	if (newsmack == NULL)
2735 		return -EINVAL;
2736 
2737 	/*
2738 	 * No process is ever allowed the web ("@") label.
2739 	 */
2740 	if (newsmack == smack_known_web.smk_known)
2741 		return -EPERM;
2742 
2743 	oldtsp = p->cred->security;
2744 	new = prepare_creds();
2745 	if (new == NULL)
2746 		return -ENOMEM;
2747 
2748 	tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL);
2749 	if (tsp == NULL) {
2750 		kfree(new);
2751 		return -ENOMEM;
2752 	}
2753 	rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL);
2754 	if (rc != 0)
2755 		return rc;
2756 
2757 	new->security = tsp;
2758 	commit_creds(new);
2759 	return size;
2760 }
2761 
2762 /**
2763  * smack_unix_stream_connect - Smack access on UDS
2764  * @sock: one sock
2765  * @other: the other sock
2766  * @newsk: unused
2767  *
2768  * Return 0 if a subject with the smack of sock could access
2769  * an object with the smack of other, otherwise an error code
2770  */
2771 static int smack_unix_stream_connect(struct sock *sock,
2772 				     struct sock *other, struct sock *newsk)
2773 {
2774 	struct socket_smack *ssp = sock->sk_security;
2775 	struct socket_smack *osp = other->sk_security;
2776 	struct socket_smack *nsp = newsk->sk_security;
2777 	struct smk_audit_info ad;
2778 	int rc = 0;
2779 
2780 #ifdef CONFIG_AUDIT
2781 	struct lsm_network_audit net;
2782 
2783 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2784 	smk_ad_setfield_u_net_sk(&ad, other);
2785 #endif
2786 
2787 	if (!capable(CAP_MAC_OVERRIDE))
2788 		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2789 
2790 	/*
2791 	 * Cross reference the peer labels for SO_PEERSEC.
2792 	 */
2793 	if (rc == 0) {
2794 		nsp->smk_packet = ssp->smk_out;
2795 		ssp->smk_packet = osp->smk_out;
2796 	}
2797 
2798 	return rc;
2799 }
2800 
2801 /**
2802  * smack_unix_may_send - Smack access on UDS
2803  * @sock: one socket
2804  * @other: the other socket
2805  *
2806  * Return 0 if a subject with the smack of sock could access
2807  * an object with the smack of other, otherwise an error code
2808  */
2809 static int smack_unix_may_send(struct socket *sock, struct socket *other)
2810 {
2811 	struct socket_smack *ssp = sock->sk->sk_security;
2812 	struct socket_smack *osp = other->sk->sk_security;
2813 	struct smk_audit_info ad;
2814 	int rc = 0;
2815 
2816 #ifdef CONFIG_AUDIT
2817 	struct lsm_network_audit net;
2818 
2819 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2820 	smk_ad_setfield_u_net_sk(&ad, other->sk);
2821 #endif
2822 
2823 	if (!capable(CAP_MAC_OVERRIDE))
2824 		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2825 
2826 	return rc;
2827 }
2828 
2829 /**
2830  * smack_socket_sendmsg - Smack check based on destination host
2831  * @sock: the socket
2832  * @msg: the message
2833  * @size: the size of the message
2834  *
2835  * Return 0 if the current subject can write to the destination
2836  * host. This is only a question if the destination is a single
2837  * label host.
2838  */
2839 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2840 				int size)
2841 {
2842 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
2843 
2844 	/*
2845 	 * Perfectly reasonable for this to be NULL
2846 	 */
2847 	if (sip == NULL || sip->sin_family != AF_INET)
2848 		return 0;
2849 
2850 	return smack_netlabel_send(sock->sk, sip);
2851 }
2852 
2853 /**
2854  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2855  * @sap: netlabel secattr
2856  * @ssp: socket security information
2857  *
2858  * Returns a pointer to a Smack label found on the label list.
2859  */
2860 static char *smack_from_secattr(struct netlbl_lsm_secattr *sap,
2861 				struct socket_smack *ssp)
2862 {
2863 	struct smack_known *kp;
2864 	char *sp;
2865 	int found = 0;
2866 
2867 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2868 		/*
2869 		 * Looks like a CIPSO packet.
2870 		 * If there are flags but no level netlabel isn't
2871 		 * behaving the way we expect it to.
2872 		 *
2873 		 * Look it up in the label table
2874 		 * Without guidance regarding the smack value
2875 		 * for the packet fall back on the network
2876 		 * ambient value.
2877 		 */
2878 		rcu_read_lock();
2879 		list_for_each_entry(kp, &smack_known_list, list) {
2880 			if (sap->attr.mls.lvl != kp->smk_netlabel.attr.mls.lvl)
2881 				continue;
2882 			if (memcmp(sap->attr.mls.cat,
2883 				kp->smk_netlabel.attr.mls.cat,
2884 				SMK_CIPSOLEN) != 0)
2885 				continue;
2886 			found = 1;
2887 			break;
2888 		}
2889 		rcu_read_unlock();
2890 
2891 		if (found)
2892 			return kp->smk_known;
2893 
2894 		if (ssp != NULL && ssp->smk_in == smack_known_star.smk_known)
2895 			return smack_known_web.smk_known;
2896 		return smack_known_star.smk_known;
2897 	}
2898 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2899 		/*
2900 		 * Looks like a fallback, which gives us a secid.
2901 		 */
2902 		sp = smack_from_secid(sap->attr.secid);
2903 		/*
2904 		 * This has got to be a bug because it is
2905 		 * impossible to specify a fallback without
2906 		 * specifying the label, which will ensure
2907 		 * it has a secid, and the only way to get a
2908 		 * secid is from a fallback.
2909 		 */
2910 		BUG_ON(sp == NULL);
2911 		return sp;
2912 	}
2913 	/*
2914 	 * Without guidance regarding the smack value
2915 	 * for the packet fall back on the network
2916 	 * ambient value.
2917 	 */
2918 	return smack_net_ambient;
2919 }
2920 
2921 /**
2922  * smack_socket_sock_rcv_skb - Smack packet delivery access check
2923  * @sk: socket
2924  * @skb: packet
2925  *
2926  * Returns 0 if the packet should be delivered, an error code otherwise
2927  */
2928 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2929 {
2930 	struct netlbl_lsm_secattr secattr;
2931 	struct socket_smack *ssp = sk->sk_security;
2932 	char *csp;
2933 	int rc;
2934 	struct smk_audit_info ad;
2935 #ifdef CONFIG_AUDIT
2936 	struct lsm_network_audit net;
2937 #endif
2938 	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2939 		return 0;
2940 
2941 	/*
2942 	 * Translate what netlabel gave us.
2943 	 */
2944 	netlbl_secattr_init(&secattr);
2945 
2946 	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2947 	if (rc == 0)
2948 		csp = smack_from_secattr(&secattr, ssp);
2949 	else
2950 		csp = smack_net_ambient;
2951 
2952 	netlbl_secattr_destroy(&secattr);
2953 
2954 #ifdef CONFIG_AUDIT
2955 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2956 	ad.a.u.net->family = sk->sk_family;
2957 	ad.a.u.net->netif = skb->skb_iif;
2958 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2959 #endif
2960 	/*
2961 	 * Receiving a packet requires that the other end
2962 	 * be able to write here. Read access is not required.
2963 	 * This is the simplist possible security model
2964 	 * for networking.
2965 	 */
2966 	rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2967 	if (rc != 0)
2968 		netlbl_skbuff_err(skb, rc, 0);
2969 	return rc;
2970 }
2971 
2972 /**
2973  * smack_socket_getpeersec_stream - pull in packet label
2974  * @sock: the socket
2975  * @optval: user's destination
2976  * @optlen: size thereof
2977  * @len: max thereof
2978  *
2979  * returns zero on success, an error code otherwise
2980  */
2981 static int smack_socket_getpeersec_stream(struct socket *sock,
2982 					  char __user *optval,
2983 					  int __user *optlen, unsigned len)
2984 {
2985 	struct socket_smack *ssp;
2986 	char *rcp = "";
2987 	int slen = 1;
2988 	int rc = 0;
2989 
2990 	ssp = sock->sk->sk_security;
2991 	if (ssp->smk_packet != NULL) {
2992 		rcp = ssp->smk_packet;
2993 		slen = strlen(rcp) + 1;
2994 	}
2995 
2996 	if (slen > len)
2997 		rc = -ERANGE;
2998 	else if (copy_to_user(optval, rcp, slen) != 0)
2999 		rc = -EFAULT;
3000 
3001 	if (put_user(slen, optlen) != 0)
3002 		rc = -EFAULT;
3003 
3004 	return rc;
3005 }
3006 
3007 
3008 /**
3009  * smack_socket_getpeersec_dgram - pull in packet label
3010  * @sock: the peer socket
3011  * @skb: packet data
3012  * @secid: pointer to where to put the secid of the packet
3013  *
3014  * Sets the netlabel socket state on sk from parent
3015  */
3016 static int smack_socket_getpeersec_dgram(struct socket *sock,
3017 					 struct sk_buff *skb, u32 *secid)
3018 
3019 {
3020 	struct netlbl_lsm_secattr secattr;
3021 	struct socket_smack *ssp = NULL;
3022 	char *sp;
3023 	int family = PF_UNSPEC;
3024 	u32 s = 0;	/* 0 is the invalid secid */
3025 	int rc;
3026 
3027 	if (skb != NULL) {
3028 		if (skb->protocol == htons(ETH_P_IP))
3029 			family = PF_INET;
3030 		else if (skb->protocol == htons(ETH_P_IPV6))
3031 			family = PF_INET6;
3032 	}
3033 	if (family == PF_UNSPEC && sock != NULL)
3034 		family = sock->sk->sk_family;
3035 
3036 	if (family == PF_UNIX) {
3037 		ssp = sock->sk->sk_security;
3038 		s = smack_to_secid(ssp->smk_out);
3039 	} else if (family == PF_INET || family == PF_INET6) {
3040 		/*
3041 		 * Translate what netlabel gave us.
3042 		 */
3043 		if (sock != NULL && sock->sk != NULL)
3044 			ssp = sock->sk->sk_security;
3045 		netlbl_secattr_init(&secattr);
3046 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
3047 		if (rc == 0) {
3048 			sp = smack_from_secattr(&secattr, ssp);
3049 			s = smack_to_secid(sp);
3050 		}
3051 		netlbl_secattr_destroy(&secattr);
3052 	}
3053 	*secid = s;
3054 	if (s == 0)
3055 		return -EINVAL;
3056 	return 0;
3057 }
3058 
3059 /**
3060  * smack_sock_graft - Initialize a newly created socket with an existing sock
3061  * @sk: child sock
3062  * @parent: parent socket
3063  *
3064  * Set the smk_{in,out} state of an existing sock based on the process that
3065  * is creating the new socket.
3066  */
3067 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3068 {
3069 	struct socket_smack *ssp;
3070 
3071 	if (sk == NULL ||
3072 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3073 		return;
3074 
3075 	ssp = sk->sk_security;
3076 	ssp->smk_in = ssp->smk_out = smk_of_current();
3077 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
3078 }
3079 
3080 /**
3081  * smack_inet_conn_request - Smack access check on connect
3082  * @sk: socket involved
3083  * @skb: packet
3084  * @req: unused
3085  *
3086  * Returns 0 if a task with the packet label could write to
3087  * the socket, otherwise an error code
3088  */
3089 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3090 				   struct request_sock *req)
3091 {
3092 	u16 family = sk->sk_family;
3093 	struct smack_known *skp;
3094 	struct socket_smack *ssp = sk->sk_security;
3095 	struct netlbl_lsm_secattr secattr;
3096 	struct sockaddr_in addr;
3097 	struct iphdr *hdr;
3098 	char *sp;
3099 	char *hsp;
3100 	int rc;
3101 	struct smk_audit_info ad;
3102 #ifdef CONFIG_AUDIT
3103 	struct lsm_network_audit net;
3104 #endif
3105 
3106 	/* handle mapped IPv4 packets arriving via IPv6 sockets */
3107 	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3108 		family = PF_INET;
3109 
3110 	netlbl_secattr_init(&secattr);
3111 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
3112 	if (rc == 0)
3113 		sp = smack_from_secattr(&secattr, ssp);
3114 	else
3115 		sp = smack_known_huh.smk_known;
3116 	netlbl_secattr_destroy(&secattr);
3117 
3118 #ifdef CONFIG_AUDIT
3119 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3120 	ad.a.u.net->family = family;
3121 	ad.a.u.net->netif = skb->skb_iif;
3122 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3123 #endif
3124 	/*
3125 	 * Receiving a packet requires that the other end be able to write
3126 	 * here. Read access is not required.
3127 	 */
3128 	rc = smk_access(sp, ssp->smk_in, MAY_WRITE, &ad);
3129 	if (rc != 0)
3130 		return rc;
3131 
3132 	/*
3133 	 * Save the peer's label in the request_sock so we can later setup
3134 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
3135 	 */
3136 	req->peer_secid = smack_to_secid(sp);
3137 
3138 	/*
3139 	 * We need to decide if we want to label the incoming connection here
3140 	 * if we do we only need to label the request_sock and the stack will
3141 	 * propagate the wire-label to the sock when it is created.
3142 	 */
3143 	hdr = ip_hdr(skb);
3144 	addr.sin_addr.s_addr = hdr->saddr;
3145 	rcu_read_lock();
3146 	hsp = smack_host_label(&addr);
3147 	rcu_read_unlock();
3148 
3149 	if (hsp == NULL) {
3150 		skp = smk_find_entry(sp);
3151 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
3152 	} else
3153 		netlbl_req_delattr(req);
3154 
3155 	return rc;
3156 }
3157 
3158 /**
3159  * smack_inet_csk_clone - Copy the connection information to the new socket
3160  * @sk: the new socket
3161  * @req: the connection's request_sock
3162  *
3163  * Transfer the connection's peer label to the newly created socket.
3164  */
3165 static void smack_inet_csk_clone(struct sock *sk,
3166 				 const struct request_sock *req)
3167 {
3168 	struct socket_smack *ssp = sk->sk_security;
3169 
3170 	if (req->peer_secid != 0)
3171 		ssp->smk_packet = smack_from_secid(req->peer_secid);
3172 	else
3173 		ssp->smk_packet = NULL;
3174 }
3175 
3176 /*
3177  * Key management security hooks
3178  *
3179  * Casey has not tested key support very heavily.
3180  * The permission check is most likely too restrictive.
3181  * If you care about keys please have a look.
3182  */
3183 #ifdef CONFIG_KEYS
3184 
3185 /**
3186  * smack_key_alloc - Set the key security blob
3187  * @key: object
3188  * @cred: the credentials to use
3189  * @flags: unused
3190  *
3191  * No allocation required
3192  *
3193  * Returns 0
3194  */
3195 static int smack_key_alloc(struct key *key, const struct cred *cred,
3196 			   unsigned long flags)
3197 {
3198 	key->security = smk_of_task(cred->security);
3199 	return 0;
3200 }
3201 
3202 /**
3203  * smack_key_free - Clear the key security blob
3204  * @key: the object
3205  *
3206  * Clear the blob pointer
3207  */
3208 static void smack_key_free(struct key *key)
3209 {
3210 	key->security = NULL;
3211 }
3212 
3213 /*
3214  * smack_key_permission - Smack access on a key
3215  * @key_ref: gets to the object
3216  * @cred: the credentials to use
3217  * @perm: unused
3218  *
3219  * Return 0 if the task has read and write to the object,
3220  * an error code otherwise
3221  */
3222 static int smack_key_permission(key_ref_t key_ref,
3223 				const struct cred *cred, key_perm_t perm)
3224 {
3225 	struct key *keyp;
3226 	struct smk_audit_info ad;
3227 	char *tsp = smk_of_task(cred->security);
3228 
3229 	keyp = key_ref_to_ptr(key_ref);
3230 	if (keyp == NULL)
3231 		return -EINVAL;
3232 	/*
3233 	 * If the key hasn't been initialized give it access so that
3234 	 * it may do so.
3235 	 */
3236 	if (keyp->security == NULL)
3237 		return 0;
3238 	/*
3239 	 * This should not occur
3240 	 */
3241 	if (tsp == NULL)
3242 		return -EACCES;
3243 #ifdef CONFIG_AUDIT
3244 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3245 	ad.a.u.key_struct.key = keyp->serial;
3246 	ad.a.u.key_struct.key_desc = keyp->description;
3247 #endif
3248 	return smk_access(tsp, keyp->security,
3249 				 MAY_READWRITE, &ad);
3250 }
3251 #endif /* CONFIG_KEYS */
3252 
3253 /*
3254  * Smack Audit hooks
3255  *
3256  * Audit requires a unique representation of each Smack specific
3257  * rule. This unique representation is used to distinguish the
3258  * object to be audited from remaining kernel objects and also
3259  * works as a glue between the audit hooks.
3260  *
3261  * Since repository entries are added but never deleted, we'll use
3262  * the smack_known label address related to the given audit rule as
3263  * the needed unique representation. This also better fits the smack
3264  * model where nearly everything is a label.
3265  */
3266 #ifdef CONFIG_AUDIT
3267 
3268 /**
3269  * smack_audit_rule_init - Initialize a smack audit rule
3270  * @field: audit rule fields given from user-space (audit.h)
3271  * @op: required testing operator (=, !=, >, <, ...)
3272  * @rulestr: smack label to be audited
3273  * @vrule: pointer to save our own audit rule representation
3274  *
3275  * Prepare to audit cases where (@field @op @rulestr) is true.
3276  * The label to be audited is created if necessay.
3277  */
3278 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3279 {
3280 	char **rule = (char **)vrule;
3281 	*rule = NULL;
3282 
3283 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3284 		return -EINVAL;
3285 
3286 	if (op != Audit_equal && op != Audit_not_equal)
3287 		return -EINVAL;
3288 
3289 	*rule = smk_import(rulestr, 0);
3290 
3291 	return 0;
3292 }
3293 
3294 /**
3295  * smack_audit_rule_known - Distinguish Smack audit rules
3296  * @krule: rule of interest, in Audit kernel representation format
3297  *
3298  * This is used to filter Smack rules from remaining Audit ones.
3299  * If it's proved that this rule belongs to us, the
3300  * audit_rule_match hook will be called to do the final judgement.
3301  */
3302 static int smack_audit_rule_known(struct audit_krule *krule)
3303 {
3304 	struct audit_field *f;
3305 	int i;
3306 
3307 	for (i = 0; i < krule->field_count; i++) {
3308 		f = &krule->fields[i];
3309 
3310 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3311 			return 1;
3312 	}
3313 
3314 	return 0;
3315 }
3316 
3317 /**
3318  * smack_audit_rule_match - Audit given object ?
3319  * @secid: security id for identifying the object to test
3320  * @field: audit rule flags given from user-space
3321  * @op: required testing operator
3322  * @vrule: smack internal rule presentation
3323  * @actx: audit context associated with the check
3324  *
3325  * The core Audit hook. It's used to take the decision of
3326  * whether to audit or not to audit a given object.
3327  */
3328 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3329 				  struct audit_context *actx)
3330 {
3331 	char *smack;
3332 	char *rule = vrule;
3333 
3334 	if (!rule) {
3335 		audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
3336 			  "Smack: missing rule\n");
3337 		return -ENOENT;
3338 	}
3339 
3340 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3341 		return 0;
3342 
3343 	smack = smack_from_secid(secid);
3344 
3345 	/*
3346 	 * No need to do string comparisons. If a match occurs,
3347 	 * both pointers will point to the same smack_known
3348 	 * label.
3349 	 */
3350 	if (op == Audit_equal)
3351 		return (rule == smack);
3352 	if (op == Audit_not_equal)
3353 		return (rule != smack);
3354 
3355 	return 0;
3356 }
3357 
3358 /**
3359  * smack_audit_rule_free - free smack rule representation
3360  * @vrule: rule to be freed.
3361  *
3362  * No memory was allocated.
3363  */
3364 static void smack_audit_rule_free(void *vrule)
3365 {
3366 	/* No-op */
3367 }
3368 
3369 #endif /* CONFIG_AUDIT */
3370 
3371 /**
3372  * smack_secid_to_secctx - return the smack label for a secid
3373  * @secid: incoming integer
3374  * @secdata: destination
3375  * @seclen: how long it is
3376  *
3377  * Exists for networking code.
3378  */
3379 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3380 {
3381 	char *sp = smack_from_secid(secid);
3382 
3383 	if (secdata)
3384 		*secdata = sp;
3385 	*seclen = strlen(sp);
3386 	return 0;
3387 }
3388 
3389 /**
3390  * smack_secctx_to_secid - return the secid for a smack label
3391  * @secdata: smack label
3392  * @seclen: how long result is
3393  * @secid: outgoing integer
3394  *
3395  * Exists for audit and networking code.
3396  */
3397 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3398 {
3399 	*secid = smack_to_secid(secdata);
3400 	return 0;
3401 }
3402 
3403 /**
3404  * smack_release_secctx - don't do anything.
3405  * @secdata: unused
3406  * @seclen: unused
3407  *
3408  * Exists to make sure nothing gets done, and properly
3409  */
3410 static void smack_release_secctx(char *secdata, u32 seclen)
3411 {
3412 }
3413 
3414 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3415 {
3416 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3417 }
3418 
3419 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3420 {
3421 	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3422 }
3423 
3424 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3425 {
3426 	int len = 0;
3427 	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3428 
3429 	if (len < 0)
3430 		return len;
3431 	*ctxlen = len;
3432 	return 0;
3433 }
3434 
3435 struct security_operations smack_ops = {
3436 	.name =				"smack",
3437 
3438 	.ptrace_access_check =		smack_ptrace_access_check,
3439 	.ptrace_traceme =		smack_ptrace_traceme,
3440 	.syslog = 			smack_syslog,
3441 
3442 	.sb_alloc_security = 		smack_sb_alloc_security,
3443 	.sb_free_security = 		smack_sb_free_security,
3444 	.sb_copy_data = 		smack_sb_copy_data,
3445 	.sb_kern_mount = 		smack_sb_kern_mount,
3446 	.sb_statfs = 			smack_sb_statfs,
3447 	.sb_mount = 			smack_sb_mount,
3448 	.sb_umount = 			smack_sb_umount,
3449 
3450 	.bprm_set_creds =		smack_bprm_set_creds,
3451 	.bprm_committing_creds =	smack_bprm_committing_creds,
3452 	.bprm_secureexec =		smack_bprm_secureexec,
3453 
3454 	.inode_alloc_security = 	smack_inode_alloc_security,
3455 	.inode_free_security = 		smack_inode_free_security,
3456 	.inode_init_security = 		smack_inode_init_security,
3457 	.inode_link = 			smack_inode_link,
3458 	.inode_unlink = 		smack_inode_unlink,
3459 	.inode_rmdir = 			smack_inode_rmdir,
3460 	.inode_rename = 		smack_inode_rename,
3461 	.inode_permission = 		smack_inode_permission,
3462 	.inode_setattr = 		smack_inode_setattr,
3463 	.inode_getattr = 		smack_inode_getattr,
3464 	.inode_setxattr = 		smack_inode_setxattr,
3465 	.inode_post_setxattr = 		smack_inode_post_setxattr,
3466 	.inode_getxattr = 		smack_inode_getxattr,
3467 	.inode_removexattr = 		smack_inode_removexattr,
3468 	.inode_getsecurity = 		smack_inode_getsecurity,
3469 	.inode_setsecurity = 		smack_inode_setsecurity,
3470 	.inode_listsecurity = 		smack_inode_listsecurity,
3471 	.inode_getsecid =		smack_inode_getsecid,
3472 
3473 	.file_permission = 		smack_file_permission,
3474 	.file_alloc_security = 		smack_file_alloc_security,
3475 	.file_free_security = 		smack_file_free_security,
3476 	.file_ioctl = 			smack_file_ioctl,
3477 	.file_lock = 			smack_file_lock,
3478 	.file_fcntl = 			smack_file_fcntl,
3479 	.mmap_file =			smack_mmap_file,
3480 	.mmap_addr =			cap_mmap_addr,
3481 	.file_set_fowner = 		smack_file_set_fowner,
3482 	.file_send_sigiotask = 		smack_file_send_sigiotask,
3483 	.file_receive = 		smack_file_receive,
3484 
3485 	.file_open =			smack_file_open,
3486 
3487 	.cred_alloc_blank =		smack_cred_alloc_blank,
3488 	.cred_free =			smack_cred_free,
3489 	.cred_prepare =			smack_cred_prepare,
3490 	.cred_transfer =		smack_cred_transfer,
3491 	.kernel_act_as =		smack_kernel_act_as,
3492 	.kernel_create_files_as =	smack_kernel_create_files_as,
3493 	.task_setpgid = 		smack_task_setpgid,
3494 	.task_getpgid = 		smack_task_getpgid,
3495 	.task_getsid = 			smack_task_getsid,
3496 	.task_getsecid = 		smack_task_getsecid,
3497 	.task_setnice = 		smack_task_setnice,
3498 	.task_setioprio = 		smack_task_setioprio,
3499 	.task_getioprio = 		smack_task_getioprio,
3500 	.task_setscheduler = 		smack_task_setscheduler,
3501 	.task_getscheduler = 		smack_task_getscheduler,
3502 	.task_movememory = 		smack_task_movememory,
3503 	.task_kill = 			smack_task_kill,
3504 	.task_wait = 			smack_task_wait,
3505 	.task_to_inode = 		smack_task_to_inode,
3506 
3507 	.ipc_permission = 		smack_ipc_permission,
3508 	.ipc_getsecid =			smack_ipc_getsecid,
3509 
3510 	.msg_msg_alloc_security = 	smack_msg_msg_alloc_security,
3511 	.msg_msg_free_security = 	smack_msg_msg_free_security,
3512 
3513 	.msg_queue_alloc_security = 	smack_msg_queue_alloc_security,
3514 	.msg_queue_free_security = 	smack_msg_queue_free_security,
3515 	.msg_queue_associate = 		smack_msg_queue_associate,
3516 	.msg_queue_msgctl = 		smack_msg_queue_msgctl,
3517 	.msg_queue_msgsnd = 		smack_msg_queue_msgsnd,
3518 	.msg_queue_msgrcv = 		smack_msg_queue_msgrcv,
3519 
3520 	.shm_alloc_security = 		smack_shm_alloc_security,
3521 	.shm_free_security = 		smack_shm_free_security,
3522 	.shm_associate = 		smack_shm_associate,
3523 	.shm_shmctl = 			smack_shm_shmctl,
3524 	.shm_shmat = 			smack_shm_shmat,
3525 
3526 	.sem_alloc_security = 		smack_sem_alloc_security,
3527 	.sem_free_security = 		smack_sem_free_security,
3528 	.sem_associate = 		smack_sem_associate,
3529 	.sem_semctl = 			smack_sem_semctl,
3530 	.sem_semop = 			smack_sem_semop,
3531 
3532 	.d_instantiate = 		smack_d_instantiate,
3533 
3534 	.getprocattr = 			smack_getprocattr,
3535 	.setprocattr = 			smack_setprocattr,
3536 
3537 	.unix_stream_connect = 		smack_unix_stream_connect,
3538 	.unix_may_send = 		smack_unix_may_send,
3539 
3540 	.socket_post_create = 		smack_socket_post_create,
3541 	.socket_connect =		smack_socket_connect,
3542 	.socket_sendmsg =		smack_socket_sendmsg,
3543 	.socket_sock_rcv_skb = 		smack_socket_sock_rcv_skb,
3544 	.socket_getpeersec_stream =	smack_socket_getpeersec_stream,
3545 	.socket_getpeersec_dgram =	smack_socket_getpeersec_dgram,
3546 	.sk_alloc_security = 		smack_sk_alloc_security,
3547 	.sk_free_security = 		smack_sk_free_security,
3548 	.sock_graft = 			smack_sock_graft,
3549 	.inet_conn_request = 		smack_inet_conn_request,
3550 	.inet_csk_clone =		smack_inet_csk_clone,
3551 
3552  /* key management security hooks */
3553 #ifdef CONFIG_KEYS
3554 	.key_alloc = 			smack_key_alloc,
3555 	.key_free = 			smack_key_free,
3556 	.key_permission = 		smack_key_permission,
3557 #endif /* CONFIG_KEYS */
3558 
3559  /* Audit hooks */
3560 #ifdef CONFIG_AUDIT
3561 	.audit_rule_init =		smack_audit_rule_init,
3562 	.audit_rule_known =		smack_audit_rule_known,
3563 	.audit_rule_match =		smack_audit_rule_match,
3564 	.audit_rule_free =		smack_audit_rule_free,
3565 #endif /* CONFIG_AUDIT */
3566 
3567 	.secid_to_secctx = 		smack_secid_to_secctx,
3568 	.secctx_to_secid = 		smack_secctx_to_secid,
3569 	.release_secctx = 		smack_release_secctx,
3570 	.inode_notifysecctx =		smack_inode_notifysecctx,
3571 	.inode_setsecctx =		smack_inode_setsecctx,
3572 	.inode_getsecctx =		smack_inode_getsecctx,
3573 };
3574 
3575 
3576 static __init void init_smack_known_list(void)
3577 {
3578 	/*
3579 	 * Initialize rule list locks
3580 	 */
3581 	mutex_init(&smack_known_huh.smk_rules_lock);
3582 	mutex_init(&smack_known_hat.smk_rules_lock);
3583 	mutex_init(&smack_known_floor.smk_rules_lock);
3584 	mutex_init(&smack_known_star.smk_rules_lock);
3585 	mutex_init(&smack_known_invalid.smk_rules_lock);
3586 	mutex_init(&smack_known_web.smk_rules_lock);
3587 	/*
3588 	 * Initialize rule lists
3589 	 */
3590 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
3591 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
3592 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
3593 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
3594 	INIT_LIST_HEAD(&smack_known_invalid.smk_rules);
3595 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
3596 	/*
3597 	 * Create the known labels list
3598 	 */
3599 	list_add(&smack_known_huh.list, &smack_known_list);
3600 	list_add(&smack_known_hat.list, &smack_known_list);
3601 	list_add(&smack_known_star.list, &smack_known_list);
3602 	list_add(&smack_known_floor.list, &smack_known_list);
3603 	list_add(&smack_known_invalid.list, &smack_known_list);
3604 	list_add(&smack_known_web.list, &smack_known_list);
3605 }
3606 
3607 /**
3608  * smack_init - initialize the smack system
3609  *
3610  * Returns 0
3611  */
3612 static __init int smack_init(void)
3613 {
3614 	struct cred *cred;
3615 	struct task_smack *tsp;
3616 
3617 	if (!security_module_enable(&smack_ops))
3618 		return 0;
3619 
3620 	tsp = new_task_smack(smack_known_floor.smk_known,
3621 				smack_known_floor.smk_known, GFP_KERNEL);
3622 	if (tsp == NULL)
3623 		return -ENOMEM;
3624 
3625 	printk(KERN_INFO "Smack:  Initializing.\n");
3626 
3627 	/*
3628 	 * Set the security state for the initial task.
3629 	 */
3630 	cred = (struct cred *) current->cred;
3631 	cred->security = tsp;
3632 
3633 	/* initialize the smack_known_list */
3634 	init_smack_known_list();
3635 
3636 	/*
3637 	 * Register with LSM
3638 	 */
3639 	if (register_security(&smack_ops))
3640 		panic("smack: Unable to register with kernel.\n");
3641 
3642 	return 0;
3643 }
3644 
3645 /*
3646  * Smack requires early initialization in order to label
3647  * all processes and objects when they are created.
3648  */
3649 security_initcall(smack_init);
3650