xref: /linux/security/smack/smack_lsm.c (revision e58e871becec2d3b04ed91c0c16fe8deac9c9dfa)
1 /*
2  *  Simplified MAC Kernel (smack) security module
3  *
4  *  This file contains the smack hook function implementations.
5  *
6  *  Authors:
7  *	Casey Schaufler <casey@schaufler-ca.com>
8  *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
9  *
10  *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12  *                Paul Moore <paul@paul-moore.com>
13  *  Copyright (C) 2010 Nokia Corporation
14  *  Copyright (C) 2011 Intel Corporation.
15  *
16  *	This program is free software; you can redistribute it and/or modify
17  *	it under the terms of the GNU General Public License version 2,
18  *      as published by the Free Software Foundation.
19  */
20 
21 #include <linux/xattr.h>
22 #include <linux/pagemap.h>
23 #include <linux/mount.h>
24 #include <linux/stat.h>
25 #include <linux/kd.h>
26 #include <asm/ioctls.h>
27 #include <linux/ip.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/slab.h>
32 #include <linux/mutex.h>
33 #include <linux/pipe_fs_i.h>
34 #include <net/cipso_ipv4.h>
35 #include <net/ip.h>
36 #include <net/ipv6.h>
37 #include <linux/audit.h>
38 #include <linux/magic.h>
39 #include <linux/dcache.h>
40 #include <linux/personality.h>
41 #include <linux/msg.h>
42 #include <linux/shm.h>
43 #include <linux/binfmts.h>
44 #include <linux/parser.h>
45 #include "smack.h"
46 
47 #define TRANS_TRUE	"TRUE"
48 #define TRANS_TRUE_SIZE	4
49 
50 #define SMK_CONNECTING	0
51 #define SMK_RECEIVING	1
52 #define SMK_SENDING	2
53 
54 #ifdef SMACK_IPV6_PORT_LABELING
55 DEFINE_MUTEX(smack_ipv6_lock);
56 static LIST_HEAD(smk_ipv6_port_list);
57 #endif
58 static struct kmem_cache *smack_inode_cache;
59 int smack_enabled;
60 
61 static const match_table_t smk_mount_tokens = {
62 	{Opt_fsdefault, SMK_FSDEFAULT "%s"},
63 	{Opt_fsfloor, SMK_FSFLOOR "%s"},
64 	{Opt_fshat, SMK_FSHAT "%s"},
65 	{Opt_fsroot, SMK_FSROOT "%s"},
66 	{Opt_fstransmute, SMK_FSTRANS "%s"},
67 	{Opt_error, NULL},
68 };
69 
70 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
71 static char *smk_bu_mess[] = {
72 	"Bringup Error",	/* Unused */
73 	"Bringup",		/* SMACK_BRINGUP_ALLOW */
74 	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
75 	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
76 };
77 
78 static void smk_bu_mode(int mode, char *s)
79 {
80 	int i = 0;
81 
82 	if (mode & MAY_READ)
83 		s[i++] = 'r';
84 	if (mode & MAY_WRITE)
85 		s[i++] = 'w';
86 	if (mode & MAY_EXEC)
87 		s[i++] = 'x';
88 	if (mode & MAY_APPEND)
89 		s[i++] = 'a';
90 	if (mode & MAY_TRANSMUTE)
91 		s[i++] = 't';
92 	if (mode & MAY_LOCK)
93 		s[i++] = 'l';
94 	if (i == 0)
95 		s[i++] = '-';
96 	s[i] = '\0';
97 }
98 #endif
99 
100 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
101 static int smk_bu_note(char *note, struct smack_known *sskp,
102 		       struct smack_known *oskp, int mode, int rc)
103 {
104 	char acc[SMK_NUM_ACCESS_TYPE + 1];
105 
106 	if (rc <= 0)
107 		return rc;
108 	if (rc > SMACK_UNCONFINED_OBJECT)
109 		rc = 0;
110 
111 	smk_bu_mode(mode, acc);
112 	pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
113 		sskp->smk_known, oskp->smk_known, acc, note);
114 	return 0;
115 }
116 #else
117 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
118 #endif
119 
120 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
121 static int smk_bu_current(char *note, struct smack_known *oskp,
122 			  int mode, int rc)
123 {
124 	struct task_smack *tsp = current_security();
125 	char acc[SMK_NUM_ACCESS_TYPE + 1];
126 
127 	if (rc <= 0)
128 		return rc;
129 	if (rc > SMACK_UNCONFINED_OBJECT)
130 		rc = 0;
131 
132 	smk_bu_mode(mode, acc);
133 	pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
134 		tsp->smk_task->smk_known, oskp->smk_known,
135 		acc, current->comm, note);
136 	return 0;
137 }
138 #else
139 #define smk_bu_current(note, oskp, mode, RC) (RC)
140 #endif
141 
142 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
143 static int smk_bu_task(struct task_struct *otp, int mode, int rc)
144 {
145 	struct task_smack *tsp = current_security();
146 	struct smack_known *smk_task = smk_of_task_struct(otp);
147 	char acc[SMK_NUM_ACCESS_TYPE + 1];
148 
149 	if (rc <= 0)
150 		return rc;
151 	if (rc > SMACK_UNCONFINED_OBJECT)
152 		rc = 0;
153 
154 	smk_bu_mode(mode, acc);
155 	pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
156 		tsp->smk_task->smk_known, smk_task->smk_known, acc,
157 		current->comm, otp->comm);
158 	return 0;
159 }
160 #else
161 #define smk_bu_task(otp, mode, RC) (RC)
162 #endif
163 
164 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
165 static int smk_bu_inode(struct inode *inode, int mode, int rc)
166 {
167 	struct task_smack *tsp = current_security();
168 	struct inode_smack *isp = inode->i_security;
169 	char acc[SMK_NUM_ACCESS_TYPE + 1];
170 
171 	if (isp->smk_flags & SMK_INODE_IMPURE)
172 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
173 			inode->i_sb->s_id, inode->i_ino, current->comm);
174 
175 	if (rc <= 0)
176 		return rc;
177 	if (rc > SMACK_UNCONFINED_OBJECT)
178 		rc = 0;
179 	if (rc == SMACK_UNCONFINED_SUBJECT &&
180 	    (mode & (MAY_WRITE | MAY_APPEND)))
181 		isp->smk_flags |= SMK_INODE_IMPURE;
182 
183 	smk_bu_mode(mode, acc);
184 
185 	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
186 		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
187 		inode->i_sb->s_id, inode->i_ino, current->comm);
188 	return 0;
189 }
190 #else
191 #define smk_bu_inode(inode, mode, RC) (RC)
192 #endif
193 
194 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
195 static int smk_bu_file(struct file *file, int mode, int rc)
196 {
197 	struct task_smack *tsp = current_security();
198 	struct smack_known *sskp = tsp->smk_task;
199 	struct inode *inode = file_inode(file);
200 	struct inode_smack *isp = inode->i_security;
201 	char acc[SMK_NUM_ACCESS_TYPE + 1];
202 
203 	if (isp->smk_flags & SMK_INODE_IMPURE)
204 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
205 			inode->i_sb->s_id, inode->i_ino, current->comm);
206 
207 	if (rc <= 0)
208 		return rc;
209 	if (rc > SMACK_UNCONFINED_OBJECT)
210 		rc = 0;
211 
212 	smk_bu_mode(mode, acc);
213 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
214 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
215 		inode->i_sb->s_id, inode->i_ino, file,
216 		current->comm);
217 	return 0;
218 }
219 #else
220 #define smk_bu_file(file, mode, RC) (RC)
221 #endif
222 
223 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
224 static int smk_bu_credfile(const struct cred *cred, struct file *file,
225 				int mode, int rc)
226 {
227 	struct task_smack *tsp = cred->security;
228 	struct smack_known *sskp = tsp->smk_task;
229 	struct inode *inode = file_inode(file);
230 	struct inode_smack *isp = inode->i_security;
231 	char acc[SMK_NUM_ACCESS_TYPE + 1];
232 
233 	if (isp->smk_flags & SMK_INODE_IMPURE)
234 		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
235 			inode->i_sb->s_id, inode->i_ino, current->comm);
236 
237 	if (rc <= 0)
238 		return rc;
239 	if (rc > SMACK_UNCONFINED_OBJECT)
240 		rc = 0;
241 
242 	smk_bu_mode(mode, acc);
243 	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
244 		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
245 		inode->i_sb->s_id, inode->i_ino, file,
246 		current->comm);
247 	return 0;
248 }
249 #else
250 #define smk_bu_credfile(cred, file, mode, RC) (RC)
251 #endif
252 
253 /**
254  * smk_fetch - Fetch the smack label from a file.
255  * @name: type of the label (attribute)
256  * @ip: a pointer to the inode
257  * @dp: a pointer to the dentry
258  *
259  * Returns a pointer to the master list entry for the Smack label,
260  * NULL if there was no label to fetch, or an error code.
261  */
262 static struct smack_known *smk_fetch(const char *name, struct inode *ip,
263 					struct dentry *dp)
264 {
265 	int rc;
266 	char *buffer;
267 	struct smack_known *skp = NULL;
268 
269 	if (!(ip->i_opflags & IOP_XATTR))
270 		return ERR_PTR(-EOPNOTSUPP);
271 
272 	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
273 	if (buffer == NULL)
274 		return ERR_PTR(-ENOMEM);
275 
276 	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
277 	if (rc < 0)
278 		skp = ERR_PTR(rc);
279 	else if (rc == 0)
280 		skp = NULL;
281 	else
282 		skp = smk_import_entry(buffer, rc);
283 
284 	kfree(buffer);
285 
286 	return skp;
287 }
288 
289 /**
290  * new_inode_smack - allocate an inode security blob
291  * @skp: a pointer to the Smack label entry to use in the blob
292  *
293  * Returns the new blob or NULL if there's no memory available
294  */
295 static struct inode_smack *new_inode_smack(struct smack_known *skp)
296 {
297 	struct inode_smack *isp;
298 
299 	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
300 	if (isp == NULL)
301 		return NULL;
302 
303 	isp->smk_inode = skp;
304 	isp->smk_flags = 0;
305 	mutex_init(&isp->smk_lock);
306 
307 	return isp;
308 }
309 
310 /**
311  * new_task_smack - allocate a task security blob
312  * @task: a pointer to the Smack label for the running task
313  * @forked: a pointer to the Smack label for the forked task
314  * @gfp: type of the memory for the allocation
315  *
316  * Returns the new blob or NULL if there's no memory available
317  */
318 static struct task_smack *new_task_smack(struct smack_known *task,
319 					struct smack_known *forked, gfp_t gfp)
320 {
321 	struct task_smack *tsp;
322 
323 	tsp = kzalloc(sizeof(struct task_smack), gfp);
324 	if (tsp == NULL)
325 		return NULL;
326 
327 	tsp->smk_task = task;
328 	tsp->smk_forked = forked;
329 	INIT_LIST_HEAD(&tsp->smk_rules);
330 	INIT_LIST_HEAD(&tsp->smk_relabel);
331 	mutex_init(&tsp->smk_rules_lock);
332 
333 	return tsp;
334 }
335 
336 /**
337  * smk_copy_rules - copy a rule set
338  * @nhead: new rules header pointer
339  * @ohead: old rules header pointer
340  * @gfp: type of the memory for the allocation
341  *
342  * Returns 0 on success, -ENOMEM on error
343  */
344 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
345 				gfp_t gfp)
346 {
347 	struct smack_rule *nrp;
348 	struct smack_rule *orp;
349 	int rc = 0;
350 
351 	list_for_each_entry_rcu(orp, ohead, list) {
352 		nrp = kzalloc(sizeof(struct smack_rule), gfp);
353 		if (nrp == NULL) {
354 			rc = -ENOMEM;
355 			break;
356 		}
357 		*nrp = *orp;
358 		list_add_rcu(&nrp->list, nhead);
359 	}
360 	return rc;
361 }
362 
363 /**
364  * smk_copy_relabel - copy smk_relabel labels list
365  * @nhead: new rules header pointer
366  * @ohead: old rules header pointer
367  * @gfp: type of the memory for the allocation
368  *
369  * Returns 0 on success, -ENOMEM on error
370  */
371 static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
372 				gfp_t gfp)
373 {
374 	struct smack_known_list_elem *nklep;
375 	struct smack_known_list_elem *oklep;
376 
377 	list_for_each_entry(oklep, ohead, list) {
378 		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
379 		if (nklep == NULL) {
380 			smk_destroy_label_list(nhead);
381 			return -ENOMEM;
382 		}
383 		nklep->smk_label = oklep->smk_label;
384 		list_add(&nklep->list, nhead);
385 	}
386 
387 	return 0;
388 }
389 
390 /**
391  * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
392  * @mode - input mode in form of PTRACE_MODE_*
393  *
394  * Returns a converted MAY_* mode usable by smack rules
395  */
396 static inline unsigned int smk_ptrace_mode(unsigned int mode)
397 {
398 	if (mode & PTRACE_MODE_ATTACH)
399 		return MAY_READWRITE;
400 	if (mode & PTRACE_MODE_READ)
401 		return MAY_READ;
402 
403 	return 0;
404 }
405 
406 /**
407  * smk_ptrace_rule_check - helper for ptrace access
408  * @tracer: tracer process
409  * @tracee_known: label entry of the process that's about to be traced
410  * @mode: ptrace attachment mode (PTRACE_MODE_*)
411  * @func: name of the function that called us, used for audit
412  *
413  * Returns 0 on access granted, -error on error
414  */
415 static int smk_ptrace_rule_check(struct task_struct *tracer,
416 				 struct smack_known *tracee_known,
417 				 unsigned int mode, const char *func)
418 {
419 	int rc;
420 	struct smk_audit_info ad, *saip = NULL;
421 	struct task_smack *tsp;
422 	struct smack_known *tracer_known;
423 
424 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
425 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
426 		smk_ad_setfield_u_tsk(&ad, tracer);
427 		saip = &ad;
428 	}
429 
430 	rcu_read_lock();
431 	tsp = __task_cred(tracer)->security;
432 	tracer_known = smk_of_task(tsp);
433 
434 	if ((mode & PTRACE_MODE_ATTACH) &&
435 	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
436 	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
437 		if (tracer_known->smk_known == tracee_known->smk_known)
438 			rc = 0;
439 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
440 			rc = -EACCES;
441 		else if (capable(CAP_SYS_PTRACE))
442 			rc = 0;
443 		else
444 			rc = -EACCES;
445 
446 		if (saip)
447 			smack_log(tracer_known->smk_known,
448 				  tracee_known->smk_known,
449 				  0, rc, saip);
450 
451 		rcu_read_unlock();
452 		return rc;
453 	}
454 
455 	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
456 	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
457 
458 	rcu_read_unlock();
459 	return rc;
460 }
461 
462 /*
463  * LSM hooks.
464  * We he, that is fun!
465  */
466 
467 /**
468  * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
469  * @ctp: child task pointer
470  * @mode: ptrace attachment mode (PTRACE_MODE_*)
471  *
472  * Returns 0 if access is OK, an error code otherwise
473  *
474  * Do the capability checks.
475  */
476 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
477 {
478 	struct smack_known *skp;
479 
480 	skp = smk_of_task_struct(ctp);
481 
482 	return smk_ptrace_rule_check(current, skp, mode, __func__);
483 }
484 
485 /**
486  * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
487  * @ptp: parent task pointer
488  *
489  * Returns 0 if access is OK, an error code otherwise
490  *
491  * Do the capability checks, and require PTRACE_MODE_ATTACH.
492  */
493 static int smack_ptrace_traceme(struct task_struct *ptp)
494 {
495 	int rc;
496 	struct smack_known *skp;
497 
498 	skp = smk_of_task(current_security());
499 
500 	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
501 	return rc;
502 }
503 
504 /**
505  * smack_syslog - Smack approval on syslog
506  * @type: message type
507  *
508  * Returns 0 on success, error code otherwise.
509  */
510 static int smack_syslog(int typefrom_file)
511 {
512 	int rc = 0;
513 	struct smack_known *skp = smk_of_current();
514 
515 	if (smack_privileged(CAP_MAC_OVERRIDE))
516 		return 0;
517 
518 	if (smack_syslog_label != NULL && smack_syslog_label != skp)
519 		rc = -EACCES;
520 
521 	return rc;
522 }
523 
524 
525 /*
526  * Superblock Hooks.
527  */
528 
529 /**
530  * smack_sb_alloc_security - allocate a superblock blob
531  * @sb: the superblock getting the blob
532  *
533  * Returns 0 on success or -ENOMEM on error.
534  */
535 static int smack_sb_alloc_security(struct super_block *sb)
536 {
537 	struct superblock_smack *sbsp;
538 
539 	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
540 
541 	if (sbsp == NULL)
542 		return -ENOMEM;
543 
544 	sbsp->smk_root = &smack_known_floor;
545 	sbsp->smk_default = &smack_known_floor;
546 	sbsp->smk_floor = &smack_known_floor;
547 	sbsp->smk_hat = &smack_known_hat;
548 	/*
549 	 * SMK_SB_INITIALIZED will be zero from kzalloc.
550 	 */
551 	sb->s_security = sbsp;
552 
553 	return 0;
554 }
555 
556 /**
557  * smack_sb_free_security - free a superblock blob
558  * @sb: the superblock getting the blob
559  *
560  */
561 static void smack_sb_free_security(struct super_block *sb)
562 {
563 	kfree(sb->s_security);
564 	sb->s_security = NULL;
565 }
566 
567 /**
568  * smack_sb_copy_data - copy mount options data for processing
569  * @orig: where to start
570  * @smackopts: mount options string
571  *
572  * Returns 0 on success or -ENOMEM on error.
573  *
574  * Copy the Smack specific mount options out of the mount
575  * options list.
576  */
577 static int smack_sb_copy_data(char *orig, char *smackopts)
578 {
579 	char *cp, *commap, *otheropts, *dp;
580 
581 	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
582 	if (otheropts == NULL)
583 		return -ENOMEM;
584 
585 	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
586 		if (strstr(cp, SMK_FSDEFAULT) == cp)
587 			dp = smackopts;
588 		else if (strstr(cp, SMK_FSFLOOR) == cp)
589 			dp = smackopts;
590 		else if (strstr(cp, SMK_FSHAT) == cp)
591 			dp = smackopts;
592 		else if (strstr(cp, SMK_FSROOT) == cp)
593 			dp = smackopts;
594 		else if (strstr(cp, SMK_FSTRANS) == cp)
595 			dp = smackopts;
596 		else
597 			dp = otheropts;
598 
599 		commap = strchr(cp, ',');
600 		if (commap != NULL)
601 			*commap = '\0';
602 
603 		if (*dp != '\0')
604 			strcat(dp, ",");
605 		strcat(dp, cp);
606 	}
607 
608 	strcpy(orig, otheropts);
609 	free_page((unsigned long)otheropts);
610 
611 	return 0;
612 }
613 
614 /**
615  * smack_parse_opts_str - parse Smack specific mount options
616  * @options: mount options string
617  * @opts: where to store converted mount opts
618  *
619  * Returns 0 on success or -ENOMEM on error.
620  *
621  * converts Smack specific mount options to generic security option format
622  */
623 static int smack_parse_opts_str(char *options,
624 		struct security_mnt_opts *opts)
625 {
626 	char *p;
627 	char *fsdefault = NULL;
628 	char *fsfloor = NULL;
629 	char *fshat = NULL;
630 	char *fsroot = NULL;
631 	char *fstransmute = NULL;
632 	int rc = -ENOMEM;
633 	int num_mnt_opts = 0;
634 	int token;
635 
636 	opts->num_mnt_opts = 0;
637 
638 	if (!options)
639 		return 0;
640 
641 	while ((p = strsep(&options, ",")) != NULL) {
642 		substring_t args[MAX_OPT_ARGS];
643 
644 		if (!*p)
645 			continue;
646 
647 		token = match_token(p, smk_mount_tokens, args);
648 
649 		switch (token) {
650 		case Opt_fsdefault:
651 			if (fsdefault)
652 				goto out_opt_err;
653 			fsdefault = match_strdup(&args[0]);
654 			if (!fsdefault)
655 				goto out_err;
656 			break;
657 		case Opt_fsfloor:
658 			if (fsfloor)
659 				goto out_opt_err;
660 			fsfloor = match_strdup(&args[0]);
661 			if (!fsfloor)
662 				goto out_err;
663 			break;
664 		case Opt_fshat:
665 			if (fshat)
666 				goto out_opt_err;
667 			fshat = match_strdup(&args[0]);
668 			if (!fshat)
669 				goto out_err;
670 			break;
671 		case Opt_fsroot:
672 			if (fsroot)
673 				goto out_opt_err;
674 			fsroot = match_strdup(&args[0]);
675 			if (!fsroot)
676 				goto out_err;
677 			break;
678 		case Opt_fstransmute:
679 			if (fstransmute)
680 				goto out_opt_err;
681 			fstransmute = match_strdup(&args[0]);
682 			if (!fstransmute)
683 				goto out_err;
684 			break;
685 		default:
686 			rc = -EINVAL;
687 			pr_warn("Smack:  unknown mount option\n");
688 			goto out_err;
689 		}
690 	}
691 
692 	opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
693 	if (!opts->mnt_opts)
694 		goto out_err;
695 
696 	opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
697 			GFP_KERNEL);
698 	if (!opts->mnt_opts_flags)
699 		goto out_err;
700 
701 	if (fsdefault) {
702 		opts->mnt_opts[num_mnt_opts] = fsdefault;
703 		opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
704 	}
705 	if (fsfloor) {
706 		opts->mnt_opts[num_mnt_opts] = fsfloor;
707 		opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
708 	}
709 	if (fshat) {
710 		opts->mnt_opts[num_mnt_opts] = fshat;
711 		opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
712 	}
713 	if (fsroot) {
714 		opts->mnt_opts[num_mnt_opts] = fsroot;
715 		opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
716 	}
717 	if (fstransmute) {
718 		opts->mnt_opts[num_mnt_opts] = fstransmute;
719 		opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
720 	}
721 
722 	opts->num_mnt_opts = num_mnt_opts;
723 	return 0;
724 
725 out_opt_err:
726 	rc = -EINVAL;
727 	pr_warn("Smack: duplicate mount options\n");
728 
729 out_err:
730 	kfree(fsdefault);
731 	kfree(fsfloor);
732 	kfree(fshat);
733 	kfree(fsroot);
734 	kfree(fstransmute);
735 	return rc;
736 }
737 
738 /**
739  * smack_set_mnt_opts - set Smack specific mount options
740  * @sb: the file system superblock
741  * @opts: Smack mount options
742  * @kern_flags: mount option from kernel space or user space
743  * @set_kern_flags: where to store converted mount opts
744  *
745  * Returns 0 on success, an error code on failure
746  *
747  * Allow filesystems with binary mount data to explicitly set Smack mount
748  * labels.
749  */
750 static int smack_set_mnt_opts(struct super_block *sb,
751 		struct security_mnt_opts *opts,
752 		unsigned long kern_flags,
753 		unsigned long *set_kern_flags)
754 {
755 	struct dentry *root = sb->s_root;
756 	struct inode *inode = d_backing_inode(root);
757 	struct superblock_smack *sp = sb->s_security;
758 	struct inode_smack *isp;
759 	struct smack_known *skp;
760 	int i;
761 	int num_opts = opts->num_mnt_opts;
762 	int transmute = 0;
763 
764 	if (sp->smk_flags & SMK_SB_INITIALIZED)
765 		return 0;
766 
767 	if (!smack_privileged(CAP_MAC_ADMIN)) {
768 		/*
769 		 * Unprivileged mounts don't get to specify Smack values.
770 		 */
771 		if (num_opts)
772 			return -EPERM;
773 		/*
774 		 * Unprivileged mounts get root and default from the caller.
775 		 */
776 		skp = smk_of_current();
777 		sp->smk_root = skp;
778 		sp->smk_default = skp;
779 		/*
780 		 * For a handful of fs types with no user-controlled
781 		 * backing store it's okay to trust security labels
782 		 * in the filesystem. The rest are untrusted.
783 		 */
784 		if (sb->s_user_ns != &init_user_ns &&
785 		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
786 		    sb->s_magic != RAMFS_MAGIC) {
787 			transmute = 1;
788 			sp->smk_flags |= SMK_SB_UNTRUSTED;
789 		}
790 	}
791 
792 	sp->smk_flags |= SMK_SB_INITIALIZED;
793 
794 	for (i = 0; i < num_opts; i++) {
795 		switch (opts->mnt_opts_flags[i]) {
796 		case FSDEFAULT_MNT:
797 			skp = smk_import_entry(opts->mnt_opts[i], 0);
798 			if (IS_ERR(skp))
799 				return PTR_ERR(skp);
800 			sp->smk_default = skp;
801 			break;
802 		case FSFLOOR_MNT:
803 			skp = smk_import_entry(opts->mnt_opts[i], 0);
804 			if (IS_ERR(skp))
805 				return PTR_ERR(skp);
806 			sp->smk_floor = skp;
807 			break;
808 		case FSHAT_MNT:
809 			skp = smk_import_entry(opts->mnt_opts[i], 0);
810 			if (IS_ERR(skp))
811 				return PTR_ERR(skp);
812 			sp->smk_hat = skp;
813 			break;
814 		case FSROOT_MNT:
815 			skp = smk_import_entry(opts->mnt_opts[i], 0);
816 			if (IS_ERR(skp))
817 				return PTR_ERR(skp);
818 			sp->smk_root = skp;
819 			break;
820 		case FSTRANS_MNT:
821 			skp = smk_import_entry(opts->mnt_opts[i], 0);
822 			if (IS_ERR(skp))
823 				return PTR_ERR(skp);
824 			sp->smk_root = skp;
825 			transmute = 1;
826 			break;
827 		default:
828 			break;
829 		}
830 	}
831 
832 	/*
833 	 * Initialize the root inode.
834 	 */
835 	isp = inode->i_security;
836 	if (isp == NULL) {
837 		isp = new_inode_smack(sp->smk_root);
838 		if (isp == NULL)
839 			return -ENOMEM;
840 		inode->i_security = isp;
841 	} else
842 		isp->smk_inode = sp->smk_root;
843 
844 	if (transmute)
845 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
846 
847 	return 0;
848 }
849 
850 /**
851  * smack_sb_kern_mount - Smack specific mount processing
852  * @sb: the file system superblock
853  * @flags: the mount flags
854  * @data: the smack mount options
855  *
856  * Returns 0 on success, an error code on failure
857  */
858 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
859 {
860 	int rc = 0;
861 	char *options = data;
862 	struct security_mnt_opts opts;
863 
864 	security_init_mnt_opts(&opts);
865 
866 	if (!options)
867 		goto out;
868 
869 	rc = smack_parse_opts_str(options, &opts);
870 	if (rc)
871 		goto out_err;
872 
873 out:
874 	rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
875 
876 out_err:
877 	security_free_mnt_opts(&opts);
878 	return rc;
879 }
880 
881 /**
882  * smack_sb_statfs - Smack check on statfs
883  * @dentry: identifies the file system in question
884  *
885  * Returns 0 if current can read the floor of the filesystem,
886  * and error code otherwise
887  */
888 static int smack_sb_statfs(struct dentry *dentry)
889 {
890 	struct superblock_smack *sbp = dentry->d_sb->s_security;
891 	int rc;
892 	struct smk_audit_info ad;
893 
894 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
895 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
896 
897 	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
898 	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
899 	return rc;
900 }
901 
902 /*
903  * BPRM hooks
904  */
905 
906 /**
907  * smack_bprm_set_creds - set creds for exec
908  * @bprm: the exec information
909  *
910  * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
911  */
912 static int smack_bprm_set_creds(struct linux_binprm *bprm)
913 {
914 	struct inode *inode = file_inode(bprm->file);
915 	struct task_smack *bsp = bprm->cred->security;
916 	struct inode_smack *isp;
917 	struct superblock_smack *sbsp;
918 	int rc;
919 
920 	if (bprm->cred_prepared)
921 		return 0;
922 
923 	isp = inode->i_security;
924 	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
925 		return 0;
926 
927 	sbsp = inode->i_sb->s_security;
928 	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
929 	    isp->smk_task != sbsp->smk_root)
930 		return 0;
931 
932 	if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
933 		struct task_struct *tracer;
934 		rc = 0;
935 
936 		rcu_read_lock();
937 		tracer = ptrace_parent(current);
938 		if (likely(tracer != NULL))
939 			rc = smk_ptrace_rule_check(tracer,
940 						   isp->smk_task,
941 						   PTRACE_MODE_ATTACH,
942 						   __func__);
943 		rcu_read_unlock();
944 
945 		if (rc != 0)
946 			return rc;
947 	} else if (bprm->unsafe)
948 		return -EPERM;
949 
950 	bsp->smk_task = isp->smk_task;
951 	bprm->per_clear |= PER_CLEAR_ON_SETID;
952 
953 	return 0;
954 }
955 
956 /**
957  * smack_bprm_committing_creds - Prepare to install the new credentials
958  * from bprm.
959  *
960  * @bprm: binprm for exec
961  */
962 static void smack_bprm_committing_creds(struct linux_binprm *bprm)
963 {
964 	struct task_smack *bsp = bprm->cred->security;
965 
966 	if (bsp->smk_task != bsp->smk_forked)
967 		current->pdeath_signal = 0;
968 }
969 
970 /**
971  * smack_bprm_secureexec - Return the decision to use secureexec.
972  * @bprm: binprm for exec
973  *
974  * Returns 0 on success.
975  */
976 static int smack_bprm_secureexec(struct linux_binprm *bprm)
977 {
978 	struct task_smack *tsp = current_security();
979 
980 	if (tsp->smk_task != tsp->smk_forked)
981 		return 1;
982 
983 	return 0;
984 }
985 
986 /*
987  * Inode hooks
988  */
989 
990 /**
991  * smack_inode_alloc_security - allocate an inode blob
992  * @inode: the inode in need of a blob
993  *
994  * Returns 0 if it gets a blob, -ENOMEM otherwise
995  */
996 static int smack_inode_alloc_security(struct inode *inode)
997 {
998 	struct smack_known *skp = smk_of_current();
999 
1000 	inode->i_security = new_inode_smack(skp);
1001 	if (inode->i_security == NULL)
1002 		return -ENOMEM;
1003 	return 0;
1004 }
1005 
1006 /**
1007  * smack_inode_free_rcu - Free inode_smack blob from cache
1008  * @head: the rcu_head for getting inode_smack pointer
1009  *
1010  *  Call back function called from call_rcu() to free
1011  *  the i_security blob pointer in inode
1012  */
1013 static void smack_inode_free_rcu(struct rcu_head *head)
1014 {
1015 	struct inode_smack *issp;
1016 
1017 	issp = container_of(head, struct inode_smack, smk_rcu);
1018 	kmem_cache_free(smack_inode_cache, issp);
1019 }
1020 
1021 /**
1022  * smack_inode_free_security - free an inode blob using call_rcu()
1023  * @inode: the inode with a blob
1024  *
1025  * Clears the blob pointer in inode using RCU
1026  */
1027 static void smack_inode_free_security(struct inode *inode)
1028 {
1029 	struct inode_smack *issp = inode->i_security;
1030 
1031 	/*
1032 	 * The inode may still be referenced in a path walk and
1033 	 * a call to smack_inode_permission() can be made
1034 	 * after smack_inode_free_security() is called.
1035 	 * To avoid race condition free the i_security via RCU
1036 	 * and leave the current inode->i_security pointer intact.
1037 	 * The inode will be freed after the RCU grace period too.
1038 	 */
1039 	call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
1040 }
1041 
1042 /**
1043  * smack_inode_init_security - copy out the smack from an inode
1044  * @inode: the newly created inode
1045  * @dir: containing directory object
1046  * @qstr: unused
1047  * @name: where to put the attribute name
1048  * @value: where to put the attribute value
1049  * @len: where to put the length of the attribute
1050  *
1051  * Returns 0 if it all works out, -ENOMEM if there's no memory
1052  */
1053 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
1054 				     const struct qstr *qstr, const char **name,
1055 				     void **value, size_t *len)
1056 {
1057 	struct inode_smack *issp = inode->i_security;
1058 	struct smack_known *skp = smk_of_current();
1059 	struct smack_known *isp = smk_of_inode(inode);
1060 	struct smack_known *dsp = smk_of_inode(dir);
1061 	int may;
1062 
1063 	if (name)
1064 		*name = XATTR_SMACK_SUFFIX;
1065 
1066 	if (value && len) {
1067 		rcu_read_lock();
1068 		may = smk_access_entry(skp->smk_known, dsp->smk_known,
1069 				       &skp->smk_rules);
1070 		rcu_read_unlock();
1071 
1072 		/*
1073 		 * If the access rule allows transmutation and
1074 		 * the directory requests transmutation then
1075 		 * by all means transmute.
1076 		 * Mark the inode as changed.
1077 		 */
1078 		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
1079 		    smk_inode_transmutable(dir)) {
1080 			isp = dsp;
1081 			issp->smk_flags |= SMK_INODE_CHANGED;
1082 		}
1083 
1084 		*value = kstrdup(isp->smk_known, GFP_NOFS);
1085 		if (*value == NULL)
1086 			return -ENOMEM;
1087 
1088 		*len = strlen(isp->smk_known);
1089 	}
1090 
1091 	return 0;
1092 }
1093 
1094 /**
1095  * smack_inode_link - Smack check on link
1096  * @old_dentry: the existing object
1097  * @dir: unused
1098  * @new_dentry: the new object
1099  *
1100  * Returns 0 if access is permitted, an error code otherwise
1101  */
1102 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1103 			    struct dentry *new_dentry)
1104 {
1105 	struct smack_known *isp;
1106 	struct smk_audit_info ad;
1107 	int rc;
1108 
1109 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1110 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1111 
1112 	isp = smk_of_inode(d_backing_inode(old_dentry));
1113 	rc = smk_curacc(isp, MAY_WRITE, &ad);
1114 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
1115 
1116 	if (rc == 0 && d_is_positive(new_dentry)) {
1117 		isp = smk_of_inode(d_backing_inode(new_dentry));
1118 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1119 		rc = smk_curacc(isp, MAY_WRITE, &ad);
1120 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
1121 	}
1122 
1123 	return rc;
1124 }
1125 
1126 /**
1127  * smack_inode_unlink - Smack check on inode deletion
1128  * @dir: containing directory object
1129  * @dentry: file to unlink
1130  *
1131  * Returns 0 if current can write the containing directory
1132  * and the object, error code otherwise
1133  */
1134 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1135 {
1136 	struct inode *ip = d_backing_inode(dentry);
1137 	struct smk_audit_info ad;
1138 	int rc;
1139 
1140 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1141 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1142 
1143 	/*
1144 	 * You need write access to the thing you're unlinking
1145 	 */
1146 	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
1147 	rc = smk_bu_inode(ip, MAY_WRITE, rc);
1148 	if (rc == 0) {
1149 		/*
1150 		 * You also need write access to the containing directory
1151 		 */
1152 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1153 		smk_ad_setfield_u_fs_inode(&ad, dir);
1154 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1155 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1156 	}
1157 	return rc;
1158 }
1159 
1160 /**
1161  * smack_inode_rmdir - Smack check on directory deletion
1162  * @dir: containing directory object
1163  * @dentry: directory to unlink
1164  *
1165  * Returns 0 if current can write the containing directory
1166  * and the directory, error code otherwise
1167  */
1168 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1169 {
1170 	struct smk_audit_info ad;
1171 	int rc;
1172 
1173 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1174 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1175 
1176 	/*
1177 	 * You need write access to the thing you're removing
1178 	 */
1179 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1180 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1181 	if (rc == 0) {
1182 		/*
1183 		 * You also need write access to the containing directory
1184 		 */
1185 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1186 		smk_ad_setfield_u_fs_inode(&ad, dir);
1187 		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
1188 		rc = smk_bu_inode(dir, MAY_WRITE, rc);
1189 	}
1190 
1191 	return rc;
1192 }
1193 
1194 /**
1195  * smack_inode_rename - Smack check on rename
1196  * @old_inode: unused
1197  * @old_dentry: the old object
1198  * @new_inode: unused
1199  * @new_dentry: the new object
1200  *
1201  * Read and write access is required on both the old and
1202  * new directories.
1203  *
1204  * Returns 0 if access is permitted, an error code otherwise
1205  */
1206 static int smack_inode_rename(struct inode *old_inode,
1207 			      struct dentry *old_dentry,
1208 			      struct inode *new_inode,
1209 			      struct dentry *new_dentry)
1210 {
1211 	int rc;
1212 	struct smack_known *isp;
1213 	struct smk_audit_info ad;
1214 
1215 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1216 	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
1217 
1218 	isp = smk_of_inode(d_backing_inode(old_dentry));
1219 	rc = smk_curacc(isp, MAY_READWRITE, &ad);
1220 	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
1221 
1222 	if (rc == 0 && d_is_positive(new_dentry)) {
1223 		isp = smk_of_inode(d_backing_inode(new_dentry));
1224 		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1225 		rc = smk_curacc(isp, MAY_READWRITE, &ad);
1226 		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
1227 	}
1228 	return rc;
1229 }
1230 
1231 /**
1232  * smack_inode_permission - Smack version of permission()
1233  * @inode: the inode in question
1234  * @mask: the access requested
1235  *
1236  * This is the important Smack hook.
1237  *
1238  * Returns 0 if access is permitted, -EACCES otherwise
1239  */
1240 static int smack_inode_permission(struct inode *inode, int mask)
1241 {
1242 	struct superblock_smack *sbsp = inode->i_sb->s_security;
1243 	struct smk_audit_info ad;
1244 	int no_block = mask & MAY_NOT_BLOCK;
1245 	int rc;
1246 
1247 	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
1248 	/*
1249 	 * No permission to check. Existence test. Yup, it's there.
1250 	 */
1251 	if (mask == 0)
1252 		return 0;
1253 
1254 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1255 		if (smk_of_inode(inode) != sbsp->smk_root)
1256 			return -EACCES;
1257 	}
1258 
1259 	/* May be droppable after audit */
1260 	if (no_block)
1261 		return -ECHILD;
1262 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
1263 	smk_ad_setfield_u_fs_inode(&ad, inode);
1264 	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1265 	rc = smk_bu_inode(inode, mask, rc);
1266 	return rc;
1267 }
1268 
1269 /**
1270  * smack_inode_setattr - Smack check for setting attributes
1271  * @dentry: the object
1272  * @iattr: for the force flag
1273  *
1274  * Returns 0 if access is permitted, an error code otherwise
1275  */
1276 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1277 {
1278 	struct smk_audit_info ad;
1279 	int rc;
1280 
1281 	/*
1282 	 * Need to allow for clearing the setuid bit.
1283 	 */
1284 	if (iattr->ia_valid & ATTR_FORCE)
1285 		return 0;
1286 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1287 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1288 
1289 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1290 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1291 	return rc;
1292 }
1293 
1294 /**
1295  * smack_inode_getattr - Smack check for getting attributes
1296  * @mnt: vfsmount of the object
1297  * @dentry: the object
1298  *
1299  * Returns 0 if access is permitted, an error code otherwise
1300  */
1301 static int smack_inode_getattr(const struct path *path)
1302 {
1303 	struct smk_audit_info ad;
1304 	struct inode *inode = d_backing_inode(path->dentry);
1305 	int rc;
1306 
1307 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1308 	smk_ad_setfield_u_fs_path(&ad, *path);
1309 	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1310 	rc = smk_bu_inode(inode, MAY_READ, rc);
1311 	return rc;
1312 }
1313 
1314 /**
1315  * smack_inode_setxattr - Smack check for setting xattrs
1316  * @dentry: the object
1317  * @name: name of the attribute
1318  * @value: value of the attribute
1319  * @size: size of the value
1320  * @flags: unused
1321  *
1322  * This protects the Smack attribute explicitly.
1323  *
1324  * Returns 0 if access is permitted, an error code otherwise
1325  */
1326 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1327 				const void *value, size_t size, int flags)
1328 {
1329 	struct smk_audit_info ad;
1330 	struct smack_known *skp;
1331 	int check_priv = 0;
1332 	int check_import = 0;
1333 	int check_star = 0;
1334 	int rc = 0;
1335 
1336 	/*
1337 	 * Check label validity here so import won't fail in post_setxattr
1338 	 */
1339 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1340 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1341 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1342 		check_priv = 1;
1343 		check_import = 1;
1344 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1345 		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1346 		check_priv = 1;
1347 		check_import = 1;
1348 		check_star = 1;
1349 	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1350 		check_priv = 1;
1351 		if (size != TRANS_TRUE_SIZE ||
1352 		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1353 			rc = -EINVAL;
1354 	} else
1355 		rc = cap_inode_setxattr(dentry, name, value, size, flags);
1356 
1357 	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1358 		rc = -EPERM;
1359 
1360 	if (rc == 0 && check_import) {
1361 		skp = size ? smk_import_entry(value, size) : NULL;
1362 		if (IS_ERR(skp))
1363 			rc = PTR_ERR(skp);
1364 		else if (skp == NULL || (check_star &&
1365 		    (skp == &smack_known_star || skp == &smack_known_web)))
1366 			rc = -EINVAL;
1367 	}
1368 
1369 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1370 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1371 
1372 	if (rc == 0) {
1373 		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1374 		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1375 	}
1376 
1377 	return rc;
1378 }
1379 
1380 /**
1381  * smack_inode_post_setxattr - Apply the Smack update approved above
1382  * @dentry: object
1383  * @name: attribute name
1384  * @value: attribute value
1385  * @size: attribute size
1386  * @flags: unused
1387  *
1388  * Set the pointer in the inode blob to the entry found
1389  * in the master label list.
1390  */
1391 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1392 				      const void *value, size_t size, int flags)
1393 {
1394 	struct smack_known *skp;
1395 	struct inode_smack *isp = d_backing_inode(dentry)->i_security;
1396 
1397 	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1398 		isp->smk_flags |= SMK_INODE_TRANSMUTE;
1399 		return;
1400 	}
1401 
1402 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1403 		skp = smk_import_entry(value, size);
1404 		if (!IS_ERR(skp))
1405 			isp->smk_inode = skp;
1406 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
1407 		skp = smk_import_entry(value, size);
1408 		if (!IS_ERR(skp))
1409 			isp->smk_task = skp;
1410 	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1411 		skp = smk_import_entry(value, size);
1412 		if (!IS_ERR(skp))
1413 			isp->smk_mmap = skp;
1414 	}
1415 
1416 	return;
1417 }
1418 
1419 /**
1420  * smack_inode_getxattr - Smack check on getxattr
1421  * @dentry: the object
1422  * @name: unused
1423  *
1424  * Returns 0 if access is permitted, an error code otherwise
1425  */
1426 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
1427 {
1428 	struct smk_audit_info ad;
1429 	int rc;
1430 
1431 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1432 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1433 
1434 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1435 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
1436 	return rc;
1437 }
1438 
1439 /**
1440  * smack_inode_removexattr - Smack check on removexattr
1441  * @dentry: the object
1442  * @name: name of the attribute
1443  *
1444  * Removing the Smack attribute requires CAP_MAC_ADMIN
1445  *
1446  * Returns 0 if access is permitted, an error code otherwise
1447  */
1448 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1449 {
1450 	struct inode_smack *isp;
1451 	struct smk_audit_info ad;
1452 	int rc = 0;
1453 
1454 	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1455 	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
1456 	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
1457 	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1458 	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
1459 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1460 		if (!smack_privileged(CAP_MAC_ADMIN))
1461 			rc = -EPERM;
1462 	} else
1463 		rc = cap_inode_removexattr(dentry, name);
1464 
1465 	if (rc != 0)
1466 		return rc;
1467 
1468 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
1469 	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1470 
1471 	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1472 	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
1473 	if (rc != 0)
1474 		return rc;
1475 
1476 	isp = d_backing_inode(dentry)->i_security;
1477 	/*
1478 	 * Don't do anything special for these.
1479 	 *	XATTR_NAME_SMACKIPIN
1480 	 *	XATTR_NAME_SMACKIPOUT
1481 	 */
1482 	if (strcmp(name, XATTR_NAME_SMACK) == 0) {
1483 		struct super_block *sbp = dentry->d_sb;
1484 		struct superblock_smack *sbsp = sbp->s_security;
1485 
1486 		isp->smk_inode = sbsp->smk_default;
1487 	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
1488 		isp->smk_task = NULL;
1489 	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
1490 		isp->smk_mmap = NULL;
1491 	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1492 		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
1493 
1494 	return 0;
1495 }
1496 
1497 /**
1498  * smack_inode_getsecurity - get smack xattrs
1499  * @inode: the object
1500  * @name: attribute name
1501  * @buffer: where to put the result
1502  * @alloc: unused
1503  *
1504  * Returns the size of the attribute or an error code
1505  */
1506 static int smack_inode_getsecurity(struct inode *inode,
1507 				   const char *name, void **buffer,
1508 				   bool alloc)
1509 {
1510 	struct socket_smack *ssp;
1511 	struct socket *sock;
1512 	struct super_block *sbp;
1513 	struct inode *ip = (struct inode *)inode;
1514 	struct smack_known *isp;
1515 	int ilen;
1516 	int rc = 0;
1517 
1518 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1519 		isp = smk_of_inode(inode);
1520 		ilen = strlen(isp->smk_known);
1521 		*buffer = isp->smk_known;
1522 		return ilen;
1523 	}
1524 
1525 	/*
1526 	 * The rest of the Smack xattrs are only on sockets.
1527 	 */
1528 	sbp = ip->i_sb;
1529 	if (sbp->s_magic != SOCKFS_MAGIC)
1530 		return -EOPNOTSUPP;
1531 
1532 	sock = SOCKET_I(ip);
1533 	if (sock == NULL || sock->sk == NULL)
1534 		return -EOPNOTSUPP;
1535 
1536 	ssp = sock->sk->sk_security;
1537 
1538 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1539 		isp = ssp->smk_in;
1540 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1541 		isp = ssp->smk_out;
1542 	else
1543 		return -EOPNOTSUPP;
1544 
1545 	ilen = strlen(isp->smk_known);
1546 	if (rc == 0) {
1547 		*buffer = isp->smk_known;
1548 		rc = ilen;
1549 	}
1550 
1551 	return rc;
1552 }
1553 
1554 
1555 /**
1556  * smack_inode_listsecurity - list the Smack attributes
1557  * @inode: the object
1558  * @buffer: where they go
1559  * @buffer_size: size of buffer
1560  */
1561 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1562 				    size_t buffer_size)
1563 {
1564 	int len = sizeof(XATTR_NAME_SMACK);
1565 
1566 	if (buffer != NULL && len <= buffer_size)
1567 		memcpy(buffer, XATTR_NAME_SMACK, len);
1568 
1569 	return len;
1570 }
1571 
1572 /**
1573  * smack_inode_getsecid - Extract inode's security id
1574  * @inode: inode to extract the info from
1575  * @secid: where result will be saved
1576  */
1577 static void smack_inode_getsecid(struct inode *inode, u32 *secid)
1578 {
1579 	struct inode_smack *isp = inode->i_security;
1580 
1581 	*secid = isp->smk_inode->smk_secid;
1582 }
1583 
1584 /*
1585  * File Hooks
1586  */
1587 
1588 /*
1589  * There is no smack_file_permission hook
1590  *
1591  * Should access checks be done on each read or write?
1592  * UNICOS and SELinux say yes.
1593  * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1594  *
1595  * I'll say no for now. Smack does not do the frequent
1596  * label changing that SELinux does.
1597  */
1598 
1599 /**
1600  * smack_file_alloc_security - assign a file security blob
1601  * @file: the object
1602  *
1603  * The security blob for a file is a pointer to the master
1604  * label list, so no allocation is done.
1605  *
1606  * f_security is the owner security information. It
1607  * isn't used on file access checks, it's for send_sigio.
1608  *
1609  * Returns 0
1610  */
1611 static int smack_file_alloc_security(struct file *file)
1612 {
1613 	struct smack_known *skp = smk_of_current();
1614 
1615 	file->f_security = skp;
1616 	return 0;
1617 }
1618 
1619 /**
1620  * smack_file_free_security - clear a file security blob
1621  * @file: the object
1622  *
1623  * The security blob for a file is a pointer to the master
1624  * label list, so no memory is freed.
1625  */
1626 static void smack_file_free_security(struct file *file)
1627 {
1628 	file->f_security = NULL;
1629 }
1630 
1631 /**
1632  * smack_file_ioctl - Smack check on ioctls
1633  * @file: the object
1634  * @cmd: what to do
1635  * @arg: unused
1636  *
1637  * Relies heavily on the correct use of the ioctl command conventions.
1638  *
1639  * Returns 0 if allowed, error code otherwise
1640  */
1641 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1642 			    unsigned long arg)
1643 {
1644 	int rc = 0;
1645 	struct smk_audit_info ad;
1646 	struct inode *inode = file_inode(file);
1647 
1648 	if (unlikely(IS_PRIVATE(inode)))
1649 		return 0;
1650 
1651 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1652 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1653 
1654 	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1655 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1656 		rc = smk_bu_file(file, MAY_WRITE, rc);
1657 	}
1658 
1659 	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1660 		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1661 		rc = smk_bu_file(file, MAY_READ, rc);
1662 	}
1663 
1664 	return rc;
1665 }
1666 
1667 /**
1668  * smack_file_lock - Smack check on file locking
1669  * @file: the object
1670  * @cmd: unused
1671  *
1672  * Returns 0 if current has lock access, error code otherwise
1673  */
1674 static int smack_file_lock(struct file *file, unsigned int cmd)
1675 {
1676 	struct smk_audit_info ad;
1677 	int rc;
1678 	struct inode *inode = file_inode(file);
1679 
1680 	if (unlikely(IS_PRIVATE(inode)))
1681 		return 0;
1682 
1683 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1684 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1685 	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1686 	rc = smk_bu_file(file, MAY_LOCK, rc);
1687 	return rc;
1688 }
1689 
1690 /**
1691  * smack_file_fcntl - Smack check on fcntl
1692  * @file: the object
1693  * @cmd: what action to check
1694  * @arg: unused
1695  *
1696  * Generally these operations are harmless.
1697  * File locking operations present an obvious mechanism
1698  * for passing information, so they require write access.
1699  *
1700  * Returns 0 if current has access, error code otherwise
1701  */
1702 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1703 			    unsigned long arg)
1704 {
1705 	struct smk_audit_info ad;
1706 	int rc = 0;
1707 	struct inode *inode = file_inode(file);
1708 
1709 	if (unlikely(IS_PRIVATE(inode)))
1710 		return 0;
1711 
1712 	switch (cmd) {
1713 	case F_GETLK:
1714 		break;
1715 	case F_SETLK:
1716 	case F_SETLKW:
1717 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1718 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1719 		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1720 		rc = smk_bu_file(file, MAY_LOCK, rc);
1721 		break;
1722 	case F_SETOWN:
1723 	case F_SETSIG:
1724 		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1725 		smk_ad_setfield_u_fs_path(&ad, file->f_path);
1726 		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1727 		rc = smk_bu_file(file, MAY_WRITE, rc);
1728 		break;
1729 	default:
1730 		break;
1731 	}
1732 
1733 	return rc;
1734 }
1735 
1736 /**
1737  * smack_mmap_file :
1738  * Check permissions for a mmap operation.  The @file may be NULL, e.g.
1739  * if mapping anonymous memory.
1740  * @file contains the file structure for file to map (may be NULL).
1741  * @reqprot contains the protection requested by the application.
1742  * @prot contains the protection that will be applied by the kernel.
1743  * @flags contains the operational flags.
1744  * Return 0 if permission is granted.
1745  */
1746 static int smack_mmap_file(struct file *file,
1747 			   unsigned long reqprot, unsigned long prot,
1748 			   unsigned long flags)
1749 {
1750 	struct smack_known *skp;
1751 	struct smack_known *mkp;
1752 	struct smack_rule *srp;
1753 	struct task_smack *tsp;
1754 	struct smack_known *okp;
1755 	struct inode_smack *isp;
1756 	struct superblock_smack *sbsp;
1757 	int may;
1758 	int mmay;
1759 	int tmay;
1760 	int rc;
1761 
1762 	if (file == NULL)
1763 		return 0;
1764 
1765 	if (unlikely(IS_PRIVATE(file_inode(file))))
1766 		return 0;
1767 
1768 	isp = file_inode(file)->i_security;
1769 	if (isp->smk_mmap == NULL)
1770 		return 0;
1771 	sbsp = file_inode(file)->i_sb->s_security;
1772 	if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1773 	    isp->smk_mmap != sbsp->smk_root)
1774 		return -EACCES;
1775 	mkp = isp->smk_mmap;
1776 
1777 	tsp = current_security();
1778 	skp = smk_of_current();
1779 	rc = 0;
1780 
1781 	rcu_read_lock();
1782 	/*
1783 	 * For each Smack rule associated with the subject
1784 	 * label verify that the SMACK64MMAP also has access
1785 	 * to that rule's object label.
1786 	 */
1787 	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
1788 		okp = srp->smk_object;
1789 		/*
1790 		 * Matching labels always allows access.
1791 		 */
1792 		if (mkp->smk_known == okp->smk_known)
1793 			continue;
1794 		/*
1795 		 * If there is a matching local rule take
1796 		 * that into account as well.
1797 		 */
1798 		may = smk_access_entry(srp->smk_subject->smk_known,
1799 				       okp->smk_known,
1800 				       &tsp->smk_rules);
1801 		if (may == -ENOENT)
1802 			may = srp->smk_access;
1803 		else
1804 			may &= srp->smk_access;
1805 		/*
1806 		 * If may is zero the SMACK64MMAP subject can't
1807 		 * possibly have less access.
1808 		 */
1809 		if (may == 0)
1810 			continue;
1811 
1812 		/*
1813 		 * Fetch the global list entry.
1814 		 * If there isn't one a SMACK64MMAP subject
1815 		 * can't have as much access as current.
1816 		 */
1817 		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1818 					&mkp->smk_rules);
1819 		if (mmay == -ENOENT) {
1820 			rc = -EACCES;
1821 			break;
1822 		}
1823 		/*
1824 		 * If there is a local entry it modifies the
1825 		 * potential access, too.
1826 		 */
1827 		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1828 					&tsp->smk_rules);
1829 		if (tmay != -ENOENT)
1830 			mmay &= tmay;
1831 
1832 		/*
1833 		 * If there is any access available to current that is
1834 		 * not available to a SMACK64MMAP subject
1835 		 * deny access.
1836 		 */
1837 		if ((may | mmay) != mmay) {
1838 			rc = -EACCES;
1839 			break;
1840 		}
1841 	}
1842 
1843 	rcu_read_unlock();
1844 
1845 	return rc;
1846 }
1847 
1848 /**
1849  * smack_file_set_fowner - set the file security blob value
1850  * @file: object in question
1851  *
1852  */
1853 static void smack_file_set_fowner(struct file *file)
1854 {
1855 	file->f_security = smk_of_current();
1856 }
1857 
1858 /**
1859  * smack_file_send_sigiotask - Smack on sigio
1860  * @tsk: The target task
1861  * @fown: the object the signal come from
1862  * @signum: unused
1863  *
1864  * Allow a privileged task to get signals even if it shouldn't
1865  *
1866  * Returns 0 if a subject with the object's smack could
1867  * write to the task, an error code otherwise.
1868  */
1869 static int smack_file_send_sigiotask(struct task_struct *tsk,
1870 				     struct fown_struct *fown, int signum)
1871 {
1872 	struct smack_known *skp;
1873 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
1874 	struct file *file;
1875 	int rc;
1876 	struct smk_audit_info ad;
1877 
1878 	/*
1879 	 * struct fown_struct is never outside the context of a struct file
1880 	 */
1881 	file = container_of(fown, struct file, f_owner);
1882 
1883 	/* we don't log here as rc can be overriden */
1884 	skp = file->f_security;
1885 	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1886 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
1887 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1888 		rc = 0;
1889 
1890 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1891 	smk_ad_setfield_u_tsk(&ad, tsk);
1892 	smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
1893 	return rc;
1894 }
1895 
1896 /**
1897  * smack_file_receive - Smack file receive check
1898  * @file: the object
1899  *
1900  * Returns 0 if current has access, error code otherwise
1901  */
1902 static int smack_file_receive(struct file *file)
1903 {
1904 	int rc;
1905 	int may = 0;
1906 	struct smk_audit_info ad;
1907 	struct inode *inode = file_inode(file);
1908 	struct socket *sock;
1909 	struct task_smack *tsp;
1910 	struct socket_smack *ssp;
1911 
1912 	if (unlikely(IS_PRIVATE(inode)))
1913 		return 0;
1914 
1915 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1916 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1917 
1918 	if (S_ISSOCK(inode->i_mode)) {
1919 		sock = SOCKET_I(inode);
1920 		ssp = sock->sk->sk_security;
1921 		tsp = current_security();
1922 		/*
1923 		 * If the receiving process can't write to the
1924 		 * passed socket or if the passed socket can't
1925 		 * write to the receiving process don't accept
1926 		 * the passed socket.
1927 		 */
1928 		rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1929 		rc = smk_bu_file(file, may, rc);
1930 		if (rc < 0)
1931 			return rc;
1932 		rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1933 		rc = smk_bu_file(file, may, rc);
1934 		return rc;
1935 	}
1936 	/*
1937 	 * This code relies on bitmasks.
1938 	 */
1939 	if (file->f_mode & FMODE_READ)
1940 		may = MAY_READ;
1941 	if (file->f_mode & FMODE_WRITE)
1942 		may |= MAY_WRITE;
1943 
1944 	rc = smk_curacc(smk_of_inode(inode), may, &ad);
1945 	rc = smk_bu_file(file, may, rc);
1946 	return rc;
1947 }
1948 
1949 /**
1950  * smack_file_open - Smack dentry open processing
1951  * @file: the object
1952  * @cred: task credential
1953  *
1954  * Set the security blob in the file structure.
1955  * Allow the open only if the task has read access. There are
1956  * many read operations (e.g. fstat) that you can do with an
1957  * fd even if you have the file open write-only.
1958  *
1959  * Returns 0
1960  */
1961 static int smack_file_open(struct file *file, const struct cred *cred)
1962 {
1963 	struct task_smack *tsp = cred->security;
1964 	struct inode *inode = file_inode(file);
1965 	struct smk_audit_info ad;
1966 	int rc;
1967 
1968 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1969 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1970 	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
1971 	rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1972 
1973 	return rc;
1974 }
1975 
1976 /*
1977  * Task hooks
1978  */
1979 
1980 /**
1981  * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1982  * @new: the new credentials
1983  * @gfp: the atomicity of any memory allocations
1984  *
1985  * Prepare a blank set of credentials for modification.  This must allocate all
1986  * the memory the LSM module might require such that cred_transfer() can
1987  * complete without error.
1988  */
1989 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1990 {
1991 	struct task_smack *tsp;
1992 
1993 	tsp = new_task_smack(NULL, NULL, gfp);
1994 	if (tsp == NULL)
1995 		return -ENOMEM;
1996 
1997 	cred->security = tsp;
1998 
1999 	return 0;
2000 }
2001 
2002 
2003 /**
2004  * smack_cred_free - "free" task-level security credentials
2005  * @cred: the credentials in question
2006  *
2007  */
2008 static void smack_cred_free(struct cred *cred)
2009 {
2010 	struct task_smack *tsp = cred->security;
2011 	struct smack_rule *rp;
2012 	struct list_head *l;
2013 	struct list_head *n;
2014 
2015 	if (tsp == NULL)
2016 		return;
2017 	cred->security = NULL;
2018 
2019 	smk_destroy_label_list(&tsp->smk_relabel);
2020 
2021 	list_for_each_safe(l, n, &tsp->smk_rules) {
2022 		rp = list_entry(l, struct smack_rule, list);
2023 		list_del(&rp->list);
2024 		kfree(rp);
2025 	}
2026 	kfree(tsp);
2027 }
2028 
2029 /**
2030  * smack_cred_prepare - prepare new set of credentials for modification
2031  * @new: the new credentials
2032  * @old: the original credentials
2033  * @gfp: the atomicity of any memory allocations
2034  *
2035  * Prepare a new set of credentials for modification.
2036  */
2037 static int smack_cred_prepare(struct cred *new, const struct cred *old,
2038 			      gfp_t gfp)
2039 {
2040 	struct task_smack *old_tsp = old->security;
2041 	struct task_smack *new_tsp;
2042 	int rc;
2043 
2044 	new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
2045 	if (new_tsp == NULL)
2046 		return -ENOMEM;
2047 
2048 	new->security = new_tsp;
2049 
2050 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2051 	if (rc != 0)
2052 		return rc;
2053 
2054 	rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2055 				gfp);
2056 	if (rc != 0)
2057 		return rc;
2058 
2059 	return 0;
2060 }
2061 
2062 /**
2063  * smack_cred_transfer - Transfer the old credentials to the new credentials
2064  * @new: the new credentials
2065  * @old: the original credentials
2066  *
2067  * Fill in a set of blank credentials from another set of credentials.
2068  */
2069 static void smack_cred_transfer(struct cred *new, const struct cred *old)
2070 {
2071 	struct task_smack *old_tsp = old->security;
2072 	struct task_smack *new_tsp = new->security;
2073 
2074 	new_tsp->smk_task = old_tsp->smk_task;
2075 	new_tsp->smk_forked = old_tsp->smk_task;
2076 	mutex_init(&new_tsp->smk_rules_lock);
2077 	INIT_LIST_HEAD(&new_tsp->smk_rules);
2078 
2079 
2080 	/* cbs copy rule list */
2081 }
2082 
2083 /**
2084  * smack_kernel_act_as - Set the subjective context in a set of credentials
2085  * @new: points to the set of credentials to be modified.
2086  * @secid: specifies the security ID to be set
2087  *
2088  * Set the security data for a kernel service.
2089  */
2090 static int smack_kernel_act_as(struct cred *new, u32 secid)
2091 {
2092 	struct task_smack *new_tsp = new->security;
2093 
2094 	new_tsp->smk_task = smack_from_secid(secid);
2095 	return 0;
2096 }
2097 
2098 /**
2099  * smack_kernel_create_files_as - Set the file creation label in a set of creds
2100  * @new: points to the set of credentials to be modified
2101  * @inode: points to the inode to use as a reference
2102  *
2103  * Set the file creation context in a set of credentials to the same
2104  * as the objective context of the specified inode
2105  */
2106 static int smack_kernel_create_files_as(struct cred *new,
2107 					struct inode *inode)
2108 {
2109 	struct inode_smack *isp = inode->i_security;
2110 	struct task_smack *tsp = new->security;
2111 
2112 	tsp->smk_forked = isp->smk_inode;
2113 	tsp->smk_task = tsp->smk_forked;
2114 	return 0;
2115 }
2116 
2117 /**
2118  * smk_curacc_on_task - helper to log task related access
2119  * @p: the task object
2120  * @access: the access requested
2121  * @caller: name of the calling function for audit
2122  *
2123  * Return 0 if access is permitted
2124  */
2125 static int smk_curacc_on_task(struct task_struct *p, int access,
2126 				const char *caller)
2127 {
2128 	struct smk_audit_info ad;
2129 	struct smack_known *skp = smk_of_task_struct(p);
2130 	int rc;
2131 
2132 	smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
2133 	smk_ad_setfield_u_tsk(&ad, p);
2134 	rc = smk_curacc(skp, access, &ad);
2135 	rc = smk_bu_task(p, access, rc);
2136 	return rc;
2137 }
2138 
2139 /**
2140  * smack_task_setpgid - Smack check on setting pgid
2141  * @p: the task object
2142  * @pgid: unused
2143  *
2144  * Return 0 if write access is permitted
2145  */
2146 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2147 {
2148 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2149 }
2150 
2151 /**
2152  * smack_task_getpgid - Smack access check for getpgid
2153  * @p: the object task
2154  *
2155  * Returns 0 if current can read the object task, error code otherwise
2156  */
2157 static int smack_task_getpgid(struct task_struct *p)
2158 {
2159 	return smk_curacc_on_task(p, MAY_READ, __func__);
2160 }
2161 
2162 /**
2163  * smack_task_getsid - Smack access check for getsid
2164  * @p: the object task
2165  *
2166  * Returns 0 if current can read the object task, error code otherwise
2167  */
2168 static int smack_task_getsid(struct task_struct *p)
2169 {
2170 	return smk_curacc_on_task(p, MAY_READ, __func__);
2171 }
2172 
2173 /**
2174  * smack_task_getsecid - get the secid of the task
2175  * @p: the object task
2176  * @secid: where to put the result
2177  *
2178  * Sets the secid to contain a u32 version of the smack label.
2179  */
2180 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2181 {
2182 	struct smack_known *skp = smk_of_task_struct(p);
2183 
2184 	*secid = skp->smk_secid;
2185 }
2186 
2187 /**
2188  * smack_task_setnice - Smack check on setting nice
2189  * @p: the task object
2190  * @nice: unused
2191  *
2192  * Return 0 if write access is permitted
2193  */
2194 static int smack_task_setnice(struct task_struct *p, int nice)
2195 {
2196 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2197 }
2198 
2199 /**
2200  * smack_task_setioprio - Smack check on setting ioprio
2201  * @p: the task object
2202  * @ioprio: unused
2203  *
2204  * Return 0 if write access is permitted
2205  */
2206 static int smack_task_setioprio(struct task_struct *p, int ioprio)
2207 {
2208 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2209 }
2210 
2211 /**
2212  * smack_task_getioprio - Smack check on reading ioprio
2213  * @p: the task object
2214  *
2215  * Return 0 if read access is permitted
2216  */
2217 static int smack_task_getioprio(struct task_struct *p)
2218 {
2219 	return smk_curacc_on_task(p, MAY_READ, __func__);
2220 }
2221 
2222 /**
2223  * smack_task_setscheduler - Smack check on setting scheduler
2224  * @p: the task object
2225  * @policy: unused
2226  * @lp: unused
2227  *
2228  * Return 0 if read access is permitted
2229  */
2230 static int smack_task_setscheduler(struct task_struct *p)
2231 {
2232 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2233 }
2234 
2235 /**
2236  * smack_task_getscheduler - Smack check on reading scheduler
2237  * @p: the task object
2238  *
2239  * Return 0 if read access is permitted
2240  */
2241 static int smack_task_getscheduler(struct task_struct *p)
2242 {
2243 	return smk_curacc_on_task(p, MAY_READ, __func__);
2244 }
2245 
2246 /**
2247  * smack_task_movememory - Smack check on moving memory
2248  * @p: the task object
2249  *
2250  * Return 0 if write access is permitted
2251  */
2252 static int smack_task_movememory(struct task_struct *p)
2253 {
2254 	return smk_curacc_on_task(p, MAY_WRITE, __func__);
2255 }
2256 
2257 /**
2258  * smack_task_kill - Smack check on signal delivery
2259  * @p: the task object
2260  * @info: unused
2261  * @sig: unused
2262  * @secid: identifies the smack to use in lieu of current's
2263  *
2264  * Return 0 if write access is permitted
2265  *
2266  * The secid behavior is an artifact of an SELinux hack
2267  * in the USB code. Someday it may go away.
2268  */
2269 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2270 			   int sig, u32 secid)
2271 {
2272 	struct smk_audit_info ad;
2273 	struct smack_known *skp;
2274 	struct smack_known *tkp = smk_of_task_struct(p);
2275 	int rc;
2276 
2277 	if (!sig)
2278 		return 0; /* null signal; existence test */
2279 
2280 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2281 	smk_ad_setfield_u_tsk(&ad, p);
2282 	/*
2283 	 * Sending a signal requires that the sender
2284 	 * can write the receiver.
2285 	 */
2286 	if (secid == 0) {
2287 		rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2288 		rc = smk_bu_task(p, MAY_DELIVER, rc);
2289 		return rc;
2290 	}
2291 	/*
2292 	 * If the secid isn't 0 we're dealing with some USB IO
2293 	 * specific behavior. This is not clean. For one thing
2294 	 * we can't take privilege into account.
2295 	 */
2296 	skp = smack_from_secid(secid);
2297 	rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2298 	rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
2299 	return rc;
2300 }
2301 
2302 /**
2303  * smack_task_to_inode - copy task smack into the inode blob
2304  * @p: task to copy from
2305  * @inode: inode to copy to
2306  *
2307  * Sets the smack pointer in the inode security blob
2308  */
2309 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2310 {
2311 	struct inode_smack *isp = inode->i_security;
2312 	struct smack_known *skp = smk_of_task_struct(p);
2313 
2314 	isp->smk_inode = skp;
2315 }
2316 
2317 /*
2318  * Socket hooks.
2319  */
2320 
2321 /**
2322  * smack_sk_alloc_security - Allocate a socket blob
2323  * @sk: the socket
2324  * @family: unused
2325  * @gfp_flags: memory allocation flags
2326  *
2327  * Assign Smack pointers to current
2328  *
2329  * Returns 0 on success, -ENOMEM is there's no memory
2330  */
2331 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2332 {
2333 	struct smack_known *skp = smk_of_current();
2334 	struct socket_smack *ssp;
2335 
2336 	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2337 	if (ssp == NULL)
2338 		return -ENOMEM;
2339 
2340 	/*
2341 	 * Sockets created by kernel threads receive web label.
2342 	 */
2343 	if (unlikely(current->flags & PF_KTHREAD)) {
2344 		ssp->smk_in = &smack_known_web;
2345 		ssp->smk_out = &smack_known_web;
2346 	} else {
2347 		ssp->smk_in = skp;
2348 		ssp->smk_out = skp;
2349 	}
2350 	ssp->smk_packet = NULL;
2351 
2352 	sk->sk_security = ssp;
2353 
2354 	return 0;
2355 }
2356 
2357 /**
2358  * smack_sk_free_security - Free a socket blob
2359  * @sk: the socket
2360  *
2361  * Clears the blob pointer
2362  */
2363 static void smack_sk_free_security(struct sock *sk)
2364 {
2365 #ifdef SMACK_IPV6_PORT_LABELING
2366 	struct smk_port_label *spp;
2367 
2368 	if (sk->sk_family == PF_INET6) {
2369 		rcu_read_lock();
2370 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2371 			if (spp->smk_sock != sk)
2372 				continue;
2373 			spp->smk_can_reuse = 1;
2374 			break;
2375 		}
2376 		rcu_read_unlock();
2377 	}
2378 #endif
2379 	kfree(sk->sk_security);
2380 }
2381 
2382 /**
2383 * smack_ipv4host_label - check host based restrictions
2384 * @sip: the object end
2385 *
2386 * looks for host based access restrictions
2387 *
2388 * This version will only be appropriate for really small sets of single label
2389 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2390 * taken before calling this function.
2391 *
2392 * Returns the label of the far end or NULL if it's not special.
2393 */
2394 static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
2395 {
2396 	struct smk_net4addr *snp;
2397 	struct in_addr *siap = &sip->sin_addr;
2398 
2399 	if (siap->s_addr == 0)
2400 		return NULL;
2401 
2402 	list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2403 		/*
2404 		 * we break after finding the first match because
2405 		 * the list is sorted from longest to shortest mask
2406 		 * so we have found the most specific match
2407 		 */
2408 		if (snp->smk_host.s_addr ==
2409 		    (siap->s_addr & snp->smk_mask.s_addr))
2410 			return snp->smk_label;
2411 
2412 	return NULL;
2413 }
2414 
2415 #if IS_ENABLED(CONFIG_IPV6)
2416 /*
2417  * smk_ipv6_localhost - Check for local ipv6 host address
2418  * @sip: the address
2419  *
2420  * Returns boolean true if this is the localhost address
2421  */
2422 static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2423 {
2424 	__be16 *be16p = (__be16 *)&sip->sin6_addr;
2425 	__be32 *be32p = (__be32 *)&sip->sin6_addr;
2426 
2427 	if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2428 	    ntohs(be16p[7]) == 1)
2429 		return true;
2430 	return false;
2431 }
2432 
2433 /**
2434 * smack_ipv6host_label - check host based restrictions
2435 * @sip: the object end
2436 *
2437 * looks for host based access restrictions
2438 *
2439 * This version will only be appropriate for really small sets of single label
2440 * hosts.  The caller is responsible for ensuring that the RCU read lock is
2441 * taken before calling this function.
2442 *
2443 * Returns the label of the far end or NULL if it's not special.
2444 */
2445 static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2446 {
2447 	struct smk_net6addr *snp;
2448 	struct in6_addr *sap = &sip->sin6_addr;
2449 	int i;
2450 	int found = 0;
2451 
2452 	/*
2453 	 * It's local. Don't look for a host label.
2454 	 */
2455 	if (smk_ipv6_localhost(sip))
2456 		return NULL;
2457 
2458 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2459 		/*
2460 		 * If the label is NULL the entry has
2461 		 * been renounced. Ignore it.
2462 		 */
2463 		if (snp->smk_label == NULL)
2464 			continue;
2465 		/*
2466 		* we break after finding the first match because
2467 		* the list is sorted from longest to shortest mask
2468 		* so we have found the most specific match
2469 		*/
2470 		for (found = 1, i = 0; i < 8; i++) {
2471 			if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2472 			    snp->smk_host.s6_addr16[i]) {
2473 				found = 0;
2474 				break;
2475 			}
2476 		}
2477 		if (found)
2478 			return snp->smk_label;
2479 	}
2480 
2481 	return NULL;
2482 }
2483 #endif /* CONFIG_IPV6 */
2484 
2485 /**
2486  * smack_netlabel - Set the secattr on a socket
2487  * @sk: the socket
2488  * @labeled: socket label scheme
2489  *
2490  * Convert the outbound smack value (smk_out) to a
2491  * secattr and attach it to the socket.
2492  *
2493  * Returns 0 on success or an error code
2494  */
2495 static int smack_netlabel(struct sock *sk, int labeled)
2496 {
2497 	struct smack_known *skp;
2498 	struct socket_smack *ssp = sk->sk_security;
2499 	int rc = 0;
2500 
2501 	/*
2502 	 * Usually the netlabel code will handle changing the
2503 	 * packet labeling based on the label.
2504 	 * The case of a single label host is different, because
2505 	 * a single label host should never get a labeled packet
2506 	 * even though the label is usually associated with a packet
2507 	 * label.
2508 	 */
2509 	local_bh_disable();
2510 	bh_lock_sock_nested(sk);
2511 
2512 	if (ssp->smk_out == smack_net_ambient ||
2513 	    labeled == SMACK_UNLABELED_SOCKET)
2514 		netlbl_sock_delattr(sk);
2515 	else {
2516 		skp = ssp->smk_out;
2517 		rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
2518 	}
2519 
2520 	bh_unlock_sock(sk);
2521 	local_bh_enable();
2522 
2523 	return rc;
2524 }
2525 
2526 /**
2527  * smack_netlbel_send - Set the secattr on a socket and perform access checks
2528  * @sk: the socket
2529  * @sap: the destination address
2530  *
2531  * Set the correct secattr for the given socket based on the destination
2532  * address and perform any outbound access checks needed.
2533  *
2534  * Returns 0 on success or an error code.
2535  *
2536  */
2537 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2538 {
2539 	struct smack_known *skp;
2540 	int rc;
2541 	int sk_lbl;
2542 	struct smack_known *hkp;
2543 	struct socket_smack *ssp = sk->sk_security;
2544 	struct smk_audit_info ad;
2545 
2546 	rcu_read_lock();
2547 	hkp = smack_ipv4host_label(sap);
2548 	if (hkp != NULL) {
2549 #ifdef CONFIG_AUDIT
2550 		struct lsm_network_audit net;
2551 
2552 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2553 		ad.a.u.net->family = sap->sin_family;
2554 		ad.a.u.net->dport = sap->sin_port;
2555 		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
2556 #endif
2557 		sk_lbl = SMACK_UNLABELED_SOCKET;
2558 		skp = ssp->smk_out;
2559 		rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2560 		rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
2561 	} else {
2562 		sk_lbl = SMACK_CIPSO_SOCKET;
2563 		rc = 0;
2564 	}
2565 	rcu_read_unlock();
2566 	if (rc != 0)
2567 		return rc;
2568 
2569 	return smack_netlabel(sk, sk_lbl);
2570 }
2571 
2572 #if IS_ENABLED(CONFIG_IPV6)
2573 /**
2574  * smk_ipv6_check - check Smack access
2575  * @subject: subject Smack label
2576  * @object: object Smack label
2577  * @address: address
2578  * @act: the action being taken
2579  *
2580  * Check an IPv6 access
2581  */
2582 static int smk_ipv6_check(struct smack_known *subject,
2583 				struct smack_known *object,
2584 				struct sockaddr_in6 *address, int act)
2585 {
2586 #ifdef CONFIG_AUDIT
2587 	struct lsm_network_audit net;
2588 #endif
2589 	struct smk_audit_info ad;
2590 	int rc;
2591 
2592 #ifdef CONFIG_AUDIT
2593 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2594 	ad.a.u.net->family = PF_INET6;
2595 	ad.a.u.net->dport = ntohs(address->sin6_port);
2596 	if (act == SMK_RECEIVING)
2597 		ad.a.u.net->v6info.saddr = address->sin6_addr;
2598 	else
2599 		ad.a.u.net->v6info.daddr = address->sin6_addr;
2600 #endif
2601 	rc = smk_access(subject, object, MAY_WRITE, &ad);
2602 	rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2603 	return rc;
2604 }
2605 #endif /* CONFIG_IPV6 */
2606 
2607 #ifdef SMACK_IPV6_PORT_LABELING
2608 /**
2609  * smk_ipv6_port_label - Smack port access table management
2610  * @sock: socket
2611  * @address: address
2612  *
2613  * Create or update the port list entry
2614  */
2615 static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2616 {
2617 	struct sock *sk = sock->sk;
2618 	struct sockaddr_in6 *addr6;
2619 	struct socket_smack *ssp = sock->sk->sk_security;
2620 	struct smk_port_label *spp;
2621 	unsigned short port = 0;
2622 
2623 	if (address == NULL) {
2624 		/*
2625 		 * This operation is changing the Smack information
2626 		 * on the bound socket. Take the changes to the port
2627 		 * as well.
2628 		 */
2629 		rcu_read_lock();
2630 		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2631 			if (sk != spp->smk_sock)
2632 				continue;
2633 			spp->smk_in = ssp->smk_in;
2634 			spp->smk_out = ssp->smk_out;
2635 			rcu_read_unlock();
2636 			return;
2637 		}
2638 		/*
2639 		 * A NULL address is only used for updating existing
2640 		 * bound entries. If there isn't one, it's OK.
2641 		 */
2642 		rcu_read_unlock();
2643 		return;
2644 	}
2645 
2646 	addr6 = (struct sockaddr_in6 *)address;
2647 	port = ntohs(addr6->sin6_port);
2648 	/*
2649 	 * This is a special case that is safely ignored.
2650 	 */
2651 	if (port == 0)
2652 		return;
2653 
2654 	/*
2655 	 * Look for an existing port list entry.
2656 	 * This is an indication that a port is getting reused.
2657 	 */
2658 	rcu_read_lock();
2659 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2660 		if (spp->smk_port != port || spp->smk_sock_type != sock->type)
2661 			continue;
2662 		if (spp->smk_can_reuse != 1) {
2663 			rcu_read_unlock();
2664 			return;
2665 		}
2666 		spp->smk_port = port;
2667 		spp->smk_sock = sk;
2668 		spp->smk_in = ssp->smk_in;
2669 		spp->smk_out = ssp->smk_out;
2670 		spp->smk_can_reuse = 0;
2671 		rcu_read_unlock();
2672 		return;
2673 	}
2674 	rcu_read_unlock();
2675 	/*
2676 	 * A new port entry is required.
2677 	 */
2678 	spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2679 	if (spp == NULL)
2680 		return;
2681 
2682 	spp->smk_port = port;
2683 	spp->smk_sock = sk;
2684 	spp->smk_in = ssp->smk_in;
2685 	spp->smk_out = ssp->smk_out;
2686 	spp->smk_sock_type = sock->type;
2687 	spp->smk_can_reuse = 0;
2688 
2689 	mutex_lock(&smack_ipv6_lock);
2690 	list_add_rcu(&spp->list, &smk_ipv6_port_list);
2691 	mutex_unlock(&smack_ipv6_lock);
2692 	return;
2693 }
2694 
2695 /**
2696  * smk_ipv6_port_check - check Smack port access
2697  * @sock: socket
2698  * @address: address
2699  *
2700  * Create or update the port list entry
2701  */
2702 static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
2703 				int act)
2704 {
2705 	struct smk_port_label *spp;
2706 	struct socket_smack *ssp = sk->sk_security;
2707 	struct smack_known *skp = NULL;
2708 	unsigned short port;
2709 	struct smack_known *object;
2710 
2711 	if (act == SMK_RECEIVING) {
2712 		skp = smack_ipv6host_label(address);
2713 		object = ssp->smk_in;
2714 	} else {
2715 		skp = ssp->smk_out;
2716 		object = smack_ipv6host_label(address);
2717 	}
2718 
2719 	/*
2720 	 * The other end is a single label host.
2721 	 */
2722 	if (skp != NULL && object != NULL)
2723 		return smk_ipv6_check(skp, object, address, act);
2724 	if (skp == NULL)
2725 		skp = smack_net_ambient;
2726 	if (object == NULL)
2727 		object = smack_net_ambient;
2728 
2729 	/*
2730 	 * It's remote, so port lookup does no good.
2731 	 */
2732 	if (!smk_ipv6_localhost(address))
2733 		return smk_ipv6_check(skp, object, address, act);
2734 
2735 	/*
2736 	 * It's local so the send check has to have passed.
2737 	 */
2738 	if (act == SMK_RECEIVING)
2739 		return 0;
2740 
2741 	port = ntohs(address->sin6_port);
2742 	rcu_read_lock();
2743 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2744 		if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
2745 			continue;
2746 		object = spp->smk_in;
2747 		if (act == SMK_CONNECTING)
2748 			ssp->smk_packet = spp->smk_out;
2749 		break;
2750 	}
2751 	rcu_read_unlock();
2752 
2753 	return smk_ipv6_check(skp, object, address, act);
2754 }
2755 #endif /* SMACK_IPV6_PORT_LABELING */
2756 
2757 /**
2758  * smack_inode_setsecurity - set smack xattrs
2759  * @inode: the object
2760  * @name: attribute name
2761  * @value: attribute value
2762  * @size: size of the attribute
2763  * @flags: unused
2764  *
2765  * Sets the named attribute in the appropriate blob
2766  *
2767  * Returns 0 on success, or an error code
2768  */
2769 static int smack_inode_setsecurity(struct inode *inode, const char *name,
2770 				   const void *value, size_t size, int flags)
2771 {
2772 	struct smack_known *skp;
2773 	struct inode_smack *nsp = inode->i_security;
2774 	struct socket_smack *ssp;
2775 	struct socket *sock;
2776 	int rc = 0;
2777 
2778 	if (value == NULL || size > SMK_LONGLABEL || size == 0)
2779 		return -EINVAL;
2780 
2781 	skp = smk_import_entry(value, size);
2782 	if (IS_ERR(skp))
2783 		return PTR_ERR(skp);
2784 
2785 	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
2786 		nsp->smk_inode = skp;
2787 		nsp->smk_flags |= SMK_INODE_INSTANT;
2788 		return 0;
2789 	}
2790 	/*
2791 	 * The rest of the Smack xattrs are only on sockets.
2792 	 */
2793 	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2794 		return -EOPNOTSUPP;
2795 
2796 	sock = SOCKET_I(inode);
2797 	if (sock == NULL || sock->sk == NULL)
2798 		return -EOPNOTSUPP;
2799 
2800 	ssp = sock->sk->sk_security;
2801 
2802 	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
2803 		ssp->smk_in = skp;
2804 	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2805 		ssp->smk_out = skp;
2806 		if (sock->sk->sk_family == PF_INET) {
2807 			rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2808 			if (rc != 0)
2809 				printk(KERN_WARNING
2810 					"Smack: \"%s\" netlbl error %d.\n",
2811 					__func__, -rc);
2812 		}
2813 	} else
2814 		return -EOPNOTSUPP;
2815 
2816 #ifdef SMACK_IPV6_PORT_LABELING
2817 	if (sock->sk->sk_family == PF_INET6)
2818 		smk_ipv6_port_label(sock, NULL);
2819 #endif
2820 
2821 	return 0;
2822 }
2823 
2824 /**
2825  * smack_socket_post_create - finish socket setup
2826  * @sock: the socket
2827  * @family: protocol family
2828  * @type: unused
2829  * @protocol: unused
2830  * @kern: unused
2831  *
2832  * Sets the netlabel information on the socket
2833  *
2834  * Returns 0 on success, and error code otherwise
2835  */
2836 static int smack_socket_post_create(struct socket *sock, int family,
2837 				    int type, int protocol, int kern)
2838 {
2839 	struct socket_smack *ssp;
2840 
2841 	if (sock->sk == NULL)
2842 		return 0;
2843 
2844 	/*
2845 	 * Sockets created by kernel threads receive web label.
2846 	 */
2847 	if (unlikely(current->flags & PF_KTHREAD)) {
2848 		ssp = sock->sk->sk_security;
2849 		ssp->smk_in = &smack_known_web;
2850 		ssp->smk_out = &smack_known_web;
2851 	}
2852 
2853 	if (family != PF_INET)
2854 		return 0;
2855 	/*
2856 	 * Set the outbound netlbl.
2857 	 */
2858 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2859 }
2860 
2861 #ifdef SMACK_IPV6_PORT_LABELING
2862 /**
2863  * smack_socket_bind - record port binding information.
2864  * @sock: the socket
2865  * @address: the port address
2866  * @addrlen: size of the address
2867  *
2868  * Records the label bound to a port.
2869  *
2870  * Returns 0
2871  */
2872 static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2873 				int addrlen)
2874 {
2875 	if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2876 		smk_ipv6_port_label(sock, address);
2877 	return 0;
2878 }
2879 #endif /* SMACK_IPV6_PORT_LABELING */
2880 
2881 /**
2882  * smack_socket_connect - connect access check
2883  * @sock: the socket
2884  * @sap: the other end
2885  * @addrlen: size of sap
2886  *
2887  * Verifies that a connection may be possible
2888  *
2889  * Returns 0 on success, and error code otherwise
2890  */
2891 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2892 				int addrlen)
2893 {
2894 	int rc = 0;
2895 #if IS_ENABLED(CONFIG_IPV6)
2896 	struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2897 #endif
2898 #ifdef SMACK_IPV6_SECMARK_LABELING
2899 	struct smack_known *rsp;
2900 	struct socket_smack *ssp = sock->sk->sk_security;
2901 #endif
2902 
2903 	if (sock->sk == NULL)
2904 		return 0;
2905 
2906 	switch (sock->sk->sk_family) {
2907 	case PF_INET:
2908 		if (addrlen < sizeof(struct sockaddr_in))
2909 			return -EINVAL;
2910 		rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2911 		break;
2912 	case PF_INET6:
2913 		if (addrlen < sizeof(struct sockaddr_in6))
2914 			return -EINVAL;
2915 #ifdef SMACK_IPV6_SECMARK_LABELING
2916 		rsp = smack_ipv6host_label(sip);
2917 		if (rsp != NULL)
2918 			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
2919 						SMK_CONNECTING);
2920 #endif
2921 #ifdef SMACK_IPV6_PORT_LABELING
2922 		rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2923 #endif
2924 		break;
2925 	}
2926 	return rc;
2927 }
2928 
2929 /**
2930  * smack_flags_to_may - convert S_ to MAY_ values
2931  * @flags: the S_ value
2932  *
2933  * Returns the equivalent MAY_ value
2934  */
2935 static int smack_flags_to_may(int flags)
2936 {
2937 	int may = 0;
2938 
2939 	if (flags & S_IRUGO)
2940 		may |= MAY_READ;
2941 	if (flags & S_IWUGO)
2942 		may |= MAY_WRITE;
2943 	if (flags & S_IXUGO)
2944 		may |= MAY_EXEC;
2945 
2946 	return may;
2947 }
2948 
2949 /**
2950  * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2951  * @msg: the object
2952  *
2953  * Returns 0
2954  */
2955 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2956 {
2957 	struct smack_known *skp = smk_of_current();
2958 
2959 	msg->security = skp;
2960 	return 0;
2961 }
2962 
2963 /**
2964  * smack_msg_msg_free_security - Clear the security blob for msg_msg
2965  * @msg: the object
2966  *
2967  * Clears the blob pointer
2968  */
2969 static void smack_msg_msg_free_security(struct msg_msg *msg)
2970 {
2971 	msg->security = NULL;
2972 }
2973 
2974 /**
2975  * smack_of_shm - the smack pointer for the shm
2976  * @shp: the object
2977  *
2978  * Returns a pointer to the smack value
2979  */
2980 static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2981 {
2982 	return (struct smack_known *)shp->shm_perm.security;
2983 }
2984 
2985 /**
2986  * smack_shm_alloc_security - Set the security blob for shm
2987  * @shp: the object
2988  *
2989  * Returns 0
2990  */
2991 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2992 {
2993 	struct kern_ipc_perm *isp = &shp->shm_perm;
2994 	struct smack_known *skp = smk_of_current();
2995 
2996 	isp->security = skp;
2997 	return 0;
2998 }
2999 
3000 /**
3001  * smack_shm_free_security - Clear the security blob for shm
3002  * @shp: the object
3003  *
3004  * Clears the blob pointer
3005  */
3006 static void smack_shm_free_security(struct shmid_kernel *shp)
3007 {
3008 	struct kern_ipc_perm *isp = &shp->shm_perm;
3009 
3010 	isp->security = NULL;
3011 }
3012 
3013 /**
3014  * smk_curacc_shm : check if current has access on shm
3015  * @shp : the object
3016  * @access : access requested
3017  *
3018  * Returns 0 if current has the requested access, error code otherwise
3019  */
3020 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
3021 {
3022 	struct smack_known *ssp = smack_of_shm(shp);
3023 	struct smk_audit_info ad;
3024 	int rc;
3025 
3026 #ifdef CONFIG_AUDIT
3027 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3028 	ad.a.u.ipc_id = shp->shm_perm.id;
3029 #endif
3030 	rc = smk_curacc(ssp, access, &ad);
3031 	rc = smk_bu_current("shm", ssp, access, rc);
3032 	return rc;
3033 }
3034 
3035 /**
3036  * smack_shm_associate - Smack access check for shm
3037  * @shp: the object
3038  * @shmflg: access requested
3039  *
3040  * Returns 0 if current has the requested access, error code otherwise
3041  */
3042 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
3043 {
3044 	int may;
3045 
3046 	may = smack_flags_to_may(shmflg);
3047 	return smk_curacc_shm(shp, may);
3048 }
3049 
3050 /**
3051  * smack_shm_shmctl - Smack access check for shm
3052  * @shp: the object
3053  * @cmd: what it wants to do
3054  *
3055  * Returns 0 if current has the requested access, error code otherwise
3056  */
3057 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
3058 {
3059 	int may;
3060 
3061 	switch (cmd) {
3062 	case IPC_STAT:
3063 	case SHM_STAT:
3064 		may = MAY_READ;
3065 		break;
3066 	case IPC_SET:
3067 	case SHM_LOCK:
3068 	case SHM_UNLOCK:
3069 	case IPC_RMID:
3070 		may = MAY_READWRITE;
3071 		break;
3072 	case IPC_INFO:
3073 	case SHM_INFO:
3074 		/*
3075 		 * System level information.
3076 		 */
3077 		return 0;
3078 	default:
3079 		return -EINVAL;
3080 	}
3081 	return smk_curacc_shm(shp, may);
3082 }
3083 
3084 /**
3085  * smack_shm_shmat - Smack access for shmat
3086  * @shp: the object
3087  * @shmaddr: unused
3088  * @shmflg: access requested
3089  *
3090  * Returns 0 if current has the requested access, error code otherwise
3091  */
3092 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
3093 			   int shmflg)
3094 {
3095 	int may;
3096 
3097 	may = smack_flags_to_may(shmflg);
3098 	return smk_curacc_shm(shp, may);
3099 }
3100 
3101 /**
3102  * smack_of_sem - the smack pointer for the sem
3103  * @sma: the object
3104  *
3105  * Returns a pointer to the smack value
3106  */
3107 static struct smack_known *smack_of_sem(struct sem_array *sma)
3108 {
3109 	return (struct smack_known *)sma->sem_perm.security;
3110 }
3111 
3112 /**
3113  * smack_sem_alloc_security - Set the security blob for sem
3114  * @sma: the object
3115  *
3116  * Returns 0
3117  */
3118 static int smack_sem_alloc_security(struct sem_array *sma)
3119 {
3120 	struct kern_ipc_perm *isp = &sma->sem_perm;
3121 	struct smack_known *skp = smk_of_current();
3122 
3123 	isp->security = skp;
3124 	return 0;
3125 }
3126 
3127 /**
3128  * smack_sem_free_security - Clear the security blob for sem
3129  * @sma: the object
3130  *
3131  * Clears the blob pointer
3132  */
3133 static void smack_sem_free_security(struct sem_array *sma)
3134 {
3135 	struct kern_ipc_perm *isp = &sma->sem_perm;
3136 
3137 	isp->security = NULL;
3138 }
3139 
3140 /**
3141  * smk_curacc_sem : check if current has access on sem
3142  * @sma : the object
3143  * @access : access requested
3144  *
3145  * Returns 0 if current has the requested access, error code otherwise
3146  */
3147 static int smk_curacc_sem(struct sem_array *sma, int access)
3148 {
3149 	struct smack_known *ssp = smack_of_sem(sma);
3150 	struct smk_audit_info ad;
3151 	int rc;
3152 
3153 #ifdef CONFIG_AUDIT
3154 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3155 	ad.a.u.ipc_id = sma->sem_perm.id;
3156 #endif
3157 	rc = smk_curacc(ssp, access, &ad);
3158 	rc = smk_bu_current("sem", ssp, access, rc);
3159 	return rc;
3160 }
3161 
3162 /**
3163  * smack_sem_associate - Smack access check for sem
3164  * @sma: the object
3165  * @semflg: access requested
3166  *
3167  * Returns 0 if current has the requested access, error code otherwise
3168  */
3169 static int smack_sem_associate(struct sem_array *sma, int semflg)
3170 {
3171 	int may;
3172 
3173 	may = smack_flags_to_may(semflg);
3174 	return smk_curacc_sem(sma, may);
3175 }
3176 
3177 /**
3178  * smack_sem_shmctl - Smack access check for sem
3179  * @sma: the object
3180  * @cmd: what it wants to do
3181  *
3182  * Returns 0 if current has the requested access, error code otherwise
3183  */
3184 static int smack_sem_semctl(struct sem_array *sma, int cmd)
3185 {
3186 	int may;
3187 
3188 	switch (cmd) {
3189 	case GETPID:
3190 	case GETNCNT:
3191 	case GETZCNT:
3192 	case GETVAL:
3193 	case GETALL:
3194 	case IPC_STAT:
3195 	case SEM_STAT:
3196 		may = MAY_READ;
3197 		break;
3198 	case SETVAL:
3199 	case SETALL:
3200 	case IPC_RMID:
3201 	case IPC_SET:
3202 		may = MAY_READWRITE;
3203 		break;
3204 	case IPC_INFO:
3205 	case SEM_INFO:
3206 		/*
3207 		 * System level information
3208 		 */
3209 		return 0;
3210 	default:
3211 		return -EINVAL;
3212 	}
3213 
3214 	return smk_curacc_sem(sma, may);
3215 }
3216 
3217 /**
3218  * smack_sem_semop - Smack checks of semaphore operations
3219  * @sma: the object
3220  * @sops: unused
3221  * @nsops: unused
3222  * @alter: unused
3223  *
3224  * Treated as read and write in all cases.
3225  *
3226  * Returns 0 if access is allowed, error code otherwise
3227  */
3228 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
3229 			   unsigned nsops, int alter)
3230 {
3231 	return smk_curacc_sem(sma, MAY_READWRITE);
3232 }
3233 
3234 /**
3235  * smack_msg_alloc_security - Set the security blob for msg
3236  * @msq: the object
3237  *
3238  * Returns 0
3239  */
3240 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
3241 {
3242 	struct kern_ipc_perm *kisp = &msq->q_perm;
3243 	struct smack_known *skp = smk_of_current();
3244 
3245 	kisp->security = skp;
3246 	return 0;
3247 }
3248 
3249 /**
3250  * smack_msg_free_security - Clear the security blob for msg
3251  * @msq: the object
3252  *
3253  * Clears the blob pointer
3254  */
3255 static void smack_msg_queue_free_security(struct msg_queue *msq)
3256 {
3257 	struct kern_ipc_perm *kisp = &msq->q_perm;
3258 
3259 	kisp->security = NULL;
3260 }
3261 
3262 /**
3263  * smack_of_msq - the smack pointer for the msq
3264  * @msq: the object
3265  *
3266  * Returns a pointer to the smack label entry
3267  */
3268 static struct smack_known *smack_of_msq(struct msg_queue *msq)
3269 {
3270 	return (struct smack_known *)msq->q_perm.security;
3271 }
3272 
3273 /**
3274  * smk_curacc_msq : helper to check if current has access on msq
3275  * @msq : the msq
3276  * @access : access requested
3277  *
3278  * return 0 if current has access, error otherwise
3279  */
3280 static int smk_curacc_msq(struct msg_queue *msq, int access)
3281 {
3282 	struct smack_known *msp = smack_of_msq(msq);
3283 	struct smk_audit_info ad;
3284 	int rc;
3285 
3286 #ifdef CONFIG_AUDIT
3287 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3288 	ad.a.u.ipc_id = msq->q_perm.id;
3289 #endif
3290 	rc = smk_curacc(msp, access, &ad);
3291 	rc = smk_bu_current("msq", msp, access, rc);
3292 	return rc;
3293 }
3294 
3295 /**
3296  * smack_msg_queue_associate - Smack access check for msg_queue
3297  * @msq: the object
3298  * @msqflg: access requested
3299  *
3300  * Returns 0 if current has the requested access, error code otherwise
3301  */
3302 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
3303 {
3304 	int may;
3305 
3306 	may = smack_flags_to_may(msqflg);
3307 	return smk_curacc_msq(msq, may);
3308 }
3309 
3310 /**
3311  * smack_msg_queue_msgctl - Smack access check for msg_queue
3312  * @msq: the object
3313  * @cmd: what it wants to do
3314  *
3315  * Returns 0 if current has the requested access, error code otherwise
3316  */
3317 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3318 {
3319 	int may;
3320 
3321 	switch (cmd) {
3322 	case IPC_STAT:
3323 	case MSG_STAT:
3324 		may = MAY_READ;
3325 		break;
3326 	case IPC_SET:
3327 	case IPC_RMID:
3328 		may = MAY_READWRITE;
3329 		break;
3330 	case IPC_INFO:
3331 	case MSG_INFO:
3332 		/*
3333 		 * System level information
3334 		 */
3335 		return 0;
3336 	default:
3337 		return -EINVAL;
3338 	}
3339 
3340 	return smk_curacc_msq(msq, may);
3341 }
3342 
3343 /**
3344  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3345  * @msq: the object
3346  * @msg: unused
3347  * @msqflg: access requested
3348  *
3349  * Returns 0 if current has the requested access, error code otherwise
3350  */
3351 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
3352 				  int msqflg)
3353 {
3354 	int may;
3355 
3356 	may = smack_flags_to_may(msqflg);
3357 	return smk_curacc_msq(msq, may);
3358 }
3359 
3360 /**
3361  * smack_msg_queue_msgsnd - Smack access check for msg_queue
3362  * @msq: the object
3363  * @msg: unused
3364  * @target: unused
3365  * @type: unused
3366  * @mode: unused
3367  *
3368  * Returns 0 if current has read and write access, error code otherwise
3369  */
3370 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3371 			struct task_struct *target, long type, int mode)
3372 {
3373 	return smk_curacc_msq(msq, MAY_READWRITE);
3374 }
3375 
3376 /**
3377  * smack_ipc_permission - Smack access for ipc_permission()
3378  * @ipp: the object permissions
3379  * @flag: access requested
3380  *
3381  * Returns 0 if current has read and write access, error code otherwise
3382  */
3383 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3384 {
3385 	struct smack_known *iskp = ipp->security;
3386 	int may = smack_flags_to_may(flag);
3387 	struct smk_audit_info ad;
3388 	int rc;
3389 
3390 #ifdef CONFIG_AUDIT
3391 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3392 	ad.a.u.ipc_id = ipp->id;
3393 #endif
3394 	rc = smk_curacc(iskp, may, &ad);
3395 	rc = smk_bu_current("svipc", iskp, may, rc);
3396 	return rc;
3397 }
3398 
3399 /**
3400  * smack_ipc_getsecid - Extract smack security id
3401  * @ipp: the object permissions
3402  * @secid: where result will be saved
3403  */
3404 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3405 {
3406 	struct smack_known *iskp = ipp->security;
3407 
3408 	*secid = iskp->smk_secid;
3409 }
3410 
3411 /**
3412  * smack_d_instantiate - Make sure the blob is correct on an inode
3413  * @opt_dentry: dentry where inode will be attached
3414  * @inode: the object
3415  *
3416  * Set the inode's security blob if it hasn't been done already.
3417  */
3418 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3419 {
3420 	struct super_block *sbp;
3421 	struct superblock_smack *sbsp;
3422 	struct inode_smack *isp;
3423 	struct smack_known *skp;
3424 	struct smack_known *ckp = smk_of_current();
3425 	struct smack_known *final;
3426 	char trattr[TRANS_TRUE_SIZE];
3427 	int transflag = 0;
3428 	int rc;
3429 	struct dentry *dp;
3430 
3431 	if (inode == NULL)
3432 		return;
3433 
3434 	isp = inode->i_security;
3435 
3436 	mutex_lock(&isp->smk_lock);
3437 	/*
3438 	 * If the inode is already instantiated
3439 	 * take the quick way out
3440 	 */
3441 	if (isp->smk_flags & SMK_INODE_INSTANT)
3442 		goto unlockandout;
3443 
3444 	sbp = inode->i_sb;
3445 	sbsp = sbp->s_security;
3446 	/*
3447 	 * We're going to use the superblock default label
3448 	 * if there's no label on the file.
3449 	 */
3450 	final = sbsp->smk_default;
3451 
3452 	/*
3453 	 * If this is the root inode the superblock
3454 	 * may be in the process of initialization.
3455 	 * If that is the case use the root value out
3456 	 * of the superblock.
3457 	 */
3458 	if (opt_dentry->d_parent == opt_dentry) {
3459 		switch (sbp->s_magic) {
3460 		case CGROUP_SUPER_MAGIC:
3461 			/*
3462 			 * The cgroup filesystem is never mounted,
3463 			 * so there's no opportunity to set the mount
3464 			 * options.
3465 			 */
3466 			sbsp->smk_root = &smack_known_star;
3467 			sbsp->smk_default = &smack_known_star;
3468 			isp->smk_inode = sbsp->smk_root;
3469 			break;
3470 		case TMPFS_MAGIC:
3471 			/*
3472 			 * What about shmem/tmpfs anonymous files with dentry
3473 			 * obtained from d_alloc_pseudo()?
3474 			 */
3475 			isp->smk_inode = smk_of_current();
3476 			break;
3477 		case PIPEFS_MAGIC:
3478 			isp->smk_inode = smk_of_current();
3479 			break;
3480 		case SOCKFS_MAGIC:
3481 			/*
3482 			 * Socket access is controlled by the socket
3483 			 * structures associated with the task involved.
3484 			 */
3485 			isp->smk_inode = &smack_known_star;
3486 			break;
3487 		default:
3488 			isp->smk_inode = sbsp->smk_root;
3489 			break;
3490 		}
3491 		isp->smk_flags |= SMK_INODE_INSTANT;
3492 		goto unlockandout;
3493 	}
3494 
3495 	/*
3496 	 * This is pretty hackish.
3497 	 * Casey says that we shouldn't have to do
3498 	 * file system specific code, but it does help
3499 	 * with keeping it simple.
3500 	 */
3501 	switch (sbp->s_magic) {
3502 	case SMACK_MAGIC:
3503 	case CGROUP_SUPER_MAGIC:
3504 		/*
3505 		 * Casey says that it's a little embarrassing
3506 		 * that the smack file system doesn't do
3507 		 * extended attributes.
3508 		 *
3509 		 * Cgroupfs is special
3510 		 */
3511 		final = &smack_known_star;
3512 		break;
3513 	case DEVPTS_SUPER_MAGIC:
3514 		/*
3515 		 * devpts seems content with the label of the task.
3516 		 * Programs that change smack have to treat the
3517 		 * pty with respect.
3518 		 */
3519 		final = ckp;
3520 		break;
3521 	case PROC_SUPER_MAGIC:
3522 		/*
3523 		 * Casey says procfs appears not to care.
3524 		 * The superblock default suffices.
3525 		 */
3526 		break;
3527 	case TMPFS_MAGIC:
3528 		/*
3529 		 * Device labels should come from the filesystem,
3530 		 * but watch out, because they're volitile,
3531 		 * getting recreated on every reboot.
3532 		 */
3533 		final = &smack_known_star;
3534 		/*
3535 		 * No break.
3536 		 *
3537 		 * If a smack value has been set we want to use it,
3538 		 * but since tmpfs isn't giving us the opportunity
3539 		 * to set mount options simulate setting the
3540 		 * superblock default.
3541 		 */
3542 	default:
3543 		/*
3544 		 * This isn't an understood special case.
3545 		 * Get the value from the xattr.
3546 		 */
3547 
3548 		/*
3549 		 * UNIX domain sockets use lower level socket data.
3550 		 */
3551 		if (S_ISSOCK(inode->i_mode)) {
3552 			final = &smack_known_star;
3553 			break;
3554 		}
3555 		/*
3556 		 * No xattr support means, alas, no SMACK label.
3557 		 * Use the aforeapplied default.
3558 		 * It would be curious if the label of the task
3559 		 * does not match that assigned.
3560 		 */
3561 		if (!(inode->i_opflags & IOP_XATTR))
3562 		        break;
3563 		/*
3564 		 * Get the dentry for xattr.
3565 		 */
3566 		dp = dget(opt_dentry);
3567 		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
3568 		if (!IS_ERR_OR_NULL(skp))
3569 			final = skp;
3570 
3571 		/*
3572 		 * Transmuting directory
3573 		 */
3574 		if (S_ISDIR(inode->i_mode)) {
3575 			/*
3576 			 * If this is a new directory and the label was
3577 			 * transmuted when the inode was initialized
3578 			 * set the transmute attribute on the directory
3579 			 * and mark the inode.
3580 			 *
3581 			 * If there is a transmute attribute on the
3582 			 * directory mark the inode.
3583 			 */
3584 			if (isp->smk_flags & SMK_INODE_CHANGED) {
3585 				isp->smk_flags &= ~SMK_INODE_CHANGED;
3586 				rc = __vfs_setxattr(dp, inode,
3587 					XATTR_NAME_SMACKTRANSMUTE,
3588 					TRANS_TRUE, TRANS_TRUE_SIZE,
3589 					0);
3590 			} else {
3591 				rc = __vfs_getxattr(dp, inode,
3592 					XATTR_NAME_SMACKTRANSMUTE, trattr,
3593 					TRANS_TRUE_SIZE);
3594 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3595 						       TRANS_TRUE_SIZE) != 0)
3596 					rc = -EINVAL;
3597 			}
3598 			if (rc >= 0)
3599 				transflag = SMK_INODE_TRANSMUTE;
3600 		}
3601 		/*
3602 		 * Don't let the exec or mmap label be "*" or "@".
3603 		 */
3604 		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3605 		if (IS_ERR(skp) || skp == &smack_known_star ||
3606 		    skp == &smack_known_web)
3607 			skp = NULL;
3608 		isp->smk_task = skp;
3609 
3610 		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
3611 		if (IS_ERR(skp) || skp == &smack_known_star ||
3612 		    skp == &smack_known_web)
3613 			skp = NULL;
3614 		isp->smk_mmap = skp;
3615 
3616 		dput(dp);
3617 		break;
3618 	}
3619 
3620 	if (final == NULL)
3621 		isp->smk_inode = ckp;
3622 	else
3623 		isp->smk_inode = final;
3624 
3625 	isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
3626 
3627 unlockandout:
3628 	mutex_unlock(&isp->smk_lock);
3629 	return;
3630 }
3631 
3632 /**
3633  * smack_getprocattr - Smack process attribute access
3634  * @p: the object task
3635  * @name: the name of the attribute in /proc/.../attr
3636  * @value: where to put the result
3637  *
3638  * Places a copy of the task Smack into value
3639  *
3640  * Returns the length of the smack label or an error code
3641  */
3642 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3643 {
3644 	struct smack_known *skp = smk_of_task_struct(p);
3645 	char *cp;
3646 	int slen;
3647 
3648 	if (strcmp(name, "current") != 0)
3649 		return -EINVAL;
3650 
3651 	cp = kstrdup(skp->smk_known, GFP_KERNEL);
3652 	if (cp == NULL)
3653 		return -ENOMEM;
3654 
3655 	slen = strlen(cp);
3656 	*value = cp;
3657 	return slen;
3658 }
3659 
3660 /**
3661  * smack_setprocattr - Smack process attribute setting
3662  * @name: the name of the attribute in /proc/.../attr
3663  * @value: the value to set
3664  * @size: the size of the value
3665  *
3666  * Sets the Smack value of the task. Only setting self
3667  * is permitted and only with privilege
3668  *
3669  * Returns the length of the smack label or an error code
3670  */
3671 static int smack_setprocattr(const char *name, void *value, size_t size)
3672 {
3673 	struct task_smack *tsp = current_security();
3674 	struct cred *new;
3675 	struct smack_known *skp;
3676 	struct smack_known_list_elem *sklep;
3677 	int rc;
3678 
3679 	if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
3680 		return -EPERM;
3681 
3682 	if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
3683 		return -EINVAL;
3684 
3685 	if (strcmp(name, "current") != 0)
3686 		return -EINVAL;
3687 
3688 	skp = smk_import_entry(value, size);
3689 	if (IS_ERR(skp))
3690 		return PTR_ERR(skp);
3691 
3692 	/*
3693 	 * No process is ever allowed the web ("@") label
3694 	 * and the star ("*") label.
3695 	 */
3696 	if (skp == &smack_known_web || skp == &smack_known_star)
3697 		return -EINVAL;
3698 
3699 	if (!smack_privileged(CAP_MAC_ADMIN)) {
3700 		rc = -EPERM;
3701 		list_for_each_entry(sklep, &tsp->smk_relabel, list)
3702 			if (sklep->smk_label == skp) {
3703 				rc = 0;
3704 				break;
3705 			}
3706 		if (rc)
3707 			return rc;
3708 	}
3709 
3710 	new = prepare_creds();
3711 	if (new == NULL)
3712 		return -ENOMEM;
3713 
3714 	tsp = new->security;
3715 	tsp->smk_task = skp;
3716 	/*
3717 	 * process can change its label only once
3718 	 */
3719 	smk_destroy_label_list(&tsp->smk_relabel);
3720 
3721 	commit_creds(new);
3722 	return size;
3723 }
3724 
3725 /**
3726  * smack_unix_stream_connect - Smack access on UDS
3727  * @sock: one sock
3728  * @other: the other sock
3729  * @newsk: unused
3730  *
3731  * Return 0 if a subject with the smack of sock could access
3732  * an object with the smack of other, otherwise an error code
3733  */
3734 static int smack_unix_stream_connect(struct sock *sock,
3735 				     struct sock *other, struct sock *newsk)
3736 {
3737 	struct smack_known *skp;
3738 	struct smack_known *okp;
3739 	struct socket_smack *ssp = sock->sk_security;
3740 	struct socket_smack *osp = other->sk_security;
3741 	struct socket_smack *nsp = newsk->sk_security;
3742 	struct smk_audit_info ad;
3743 	int rc = 0;
3744 #ifdef CONFIG_AUDIT
3745 	struct lsm_network_audit net;
3746 #endif
3747 
3748 	if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3749 		skp = ssp->smk_out;
3750 		okp = osp->smk_in;
3751 #ifdef CONFIG_AUDIT
3752 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3753 		smk_ad_setfield_u_net_sk(&ad, other);
3754 #endif
3755 		rc = smk_access(skp, okp, MAY_WRITE, &ad);
3756 		rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
3757 		if (rc == 0) {
3758 			okp = osp->smk_out;
3759 			skp = ssp->smk_in;
3760 			rc = smk_access(okp, skp, MAY_WRITE, &ad);
3761 			rc = smk_bu_note("UDS connect", okp, skp,
3762 						MAY_WRITE, rc);
3763 		}
3764 	}
3765 
3766 	/*
3767 	 * Cross reference the peer labels for SO_PEERSEC.
3768 	 */
3769 	if (rc == 0) {
3770 		nsp->smk_packet = ssp->smk_out;
3771 		ssp->smk_packet = osp->smk_out;
3772 	}
3773 
3774 	return rc;
3775 }
3776 
3777 /**
3778  * smack_unix_may_send - Smack access on UDS
3779  * @sock: one socket
3780  * @other: the other socket
3781  *
3782  * Return 0 if a subject with the smack of sock could access
3783  * an object with the smack of other, otherwise an error code
3784  */
3785 static int smack_unix_may_send(struct socket *sock, struct socket *other)
3786 {
3787 	struct socket_smack *ssp = sock->sk->sk_security;
3788 	struct socket_smack *osp = other->sk->sk_security;
3789 	struct smk_audit_info ad;
3790 	int rc;
3791 
3792 #ifdef CONFIG_AUDIT
3793 	struct lsm_network_audit net;
3794 
3795 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3796 	smk_ad_setfield_u_net_sk(&ad, other->sk);
3797 #endif
3798 
3799 	if (smack_privileged(CAP_MAC_OVERRIDE))
3800 		return 0;
3801 
3802 	rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3803 	rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
3804 	return rc;
3805 }
3806 
3807 /**
3808  * smack_socket_sendmsg - Smack check based on destination host
3809  * @sock: the socket
3810  * @msg: the message
3811  * @size: the size of the message
3812  *
3813  * Return 0 if the current subject can write to the destination host.
3814  * For IPv4 this is only a question if the destination is a single label host.
3815  * For IPv6 this is a check against the label of the port.
3816  */
3817 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3818 				int size)
3819 {
3820 	struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
3821 #if IS_ENABLED(CONFIG_IPV6)
3822 	struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
3823 #endif
3824 #ifdef SMACK_IPV6_SECMARK_LABELING
3825 	struct socket_smack *ssp = sock->sk->sk_security;
3826 	struct smack_known *rsp;
3827 #endif
3828 	int rc = 0;
3829 
3830 	/*
3831 	 * Perfectly reasonable for this to be NULL
3832 	 */
3833 	if (sip == NULL)
3834 		return 0;
3835 
3836 	switch (sock->sk->sk_family) {
3837 	case AF_INET:
3838 		rc = smack_netlabel_send(sock->sk, sip);
3839 		break;
3840 	case AF_INET6:
3841 #ifdef SMACK_IPV6_SECMARK_LABELING
3842 		rsp = smack_ipv6host_label(sap);
3843 		if (rsp != NULL)
3844 			rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3845 						SMK_CONNECTING);
3846 #endif
3847 #ifdef SMACK_IPV6_PORT_LABELING
3848 		rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
3849 #endif
3850 		break;
3851 	}
3852 	return rc;
3853 }
3854 
3855 /**
3856  * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
3857  * @sap: netlabel secattr
3858  * @ssp: socket security information
3859  *
3860  * Returns a pointer to a Smack label entry found on the label list.
3861  */
3862 static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3863 						struct socket_smack *ssp)
3864 {
3865 	struct smack_known *skp;
3866 	int found = 0;
3867 	int acat;
3868 	int kcat;
3869 
3870 	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
3871 		/*
3872 		 * Looks like a CIPSO packet.
3873 		 * If there are flags but no level netlabel isn't
3874 		 * behaving the way we expect it to.
3875 		 *
3876 		 * Look it up in the label table
3877 		 * Without guidance regarding the smack value
3878 		 * for the packet fall back on the network
3879 		 * ambient value.
3880 		 */
3881 		rcu_read_lock();
3882 		list_for_each_entry_rcu(skp, &smack_known_list, list) {
3883 			if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
3884 				continue;
3885 			/*
3886 			 * Compare the catsets. Use the netlbl APIs.
3887 			 */
3888 			if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3889 				if ((skp->smk_netlabel.flags &
3890 				     NETLBL_SECATTR_MLS_CAT) == 0)
3891 					found = 1;
3892 				break;
3893 			}
3894 			for (acat = -1, kcat = -1; acat == kcat; ) {
3895 				acat = netlbl_catmap_walk(sap->attr.mls.cat,
3896 							  acat + 1);
3897 				kcat = netlbl_catmap_walk(
3898 					skp->smk_netlabel.attr.mls.cat,
3899 					kcat + 1);
3900 				if (acat < 0 || kcat < 0)
3901 					break;
3902 			}
3903 			if (acat == kcat) {
3904 				found = 1;
3905 				break;
3906 			}
3907 		}
3908 		rcu_read_unlock();
3909 
3910 		if (found)
3911 			return skp;
3912 
3913 		if (ssp != NULL && ssp->smk_in == &smack_known_star)
3914 			return &smack_known_web;
3915 		return &smack_known_star;
3916 	}
3917 	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
3918 		/*
3919 		 * Looks like a fallback, which gives us a secid.
3920 		 */
3921 		return smack_from_secid(sap->attr.secid);
3922 	/*
3923 	 * Without guidance regarding the smack value
3924 	 * for the packet fall back on the network
3925 	 * ambient value.
3926 	 */
3927 	return smack_net_ambient;
3928 }
3929 
3930 #if IS_ENABLED(CONFIG_IPV6)
3931 static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
3932 {
3933 	u8 nexthdr;
3934 	int offset;
3935 	int proto = -EINVAL;
3936 	struct ipv6hdr _ipv6h;
3937 	struct ipv6hdr *ip6;
3938 	__be16 frag_off;
3939 	struct tcphdr _tcph, *th;
3940 	struct udphdr _udph, *uh;
3941 	struct dccp_hdr _dccph, *dh;
3942 
3943 	sip->sin6_port = 0;
3944 
3945 	offset = skb_network_offset(skb);
3946 	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3947 	if (ip6 == NULL)
3948 		return -EINVAL;
3949 	sip->sin6_addr = ip6->saddr;
3950 
3951 	nexthdr = ip6->nexthdr;
3952 	offset += sizeof(_ipv6h);
3953 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3954 	if (offset < 0)
3955 		return -EINVAL;
3956 
3957 	proto = nexthdr;
3958 	switch (proto) {
3959 	case IPPROTO_TCP:
3960 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3961 		if (th != NULL)
3962 			sip->sin6_port = th->source;
3963 		break;
3964 	case IPPROTO_UDP:
3965 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3966 		if (uh != NULL)
3967 			sip->sin6_port = uh->source;
3968 		break;
3969 	case IPPROTO_DCCP:
3970 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3971 		if (dh != NULL)
3972 			sip->sin6_port = dh->dccph_sport;
3973 		break;
3974 	}
3975 	return proto;
3976 }
3977 #endif /* CONFIG_IPV6 */
3978 
3979 /**
3980  * smack_socket_sock_rcv_skb - Smack packet delivery access check
3981  * @sk: socket
3982  * @skb: packet
3983  *
3984  * Returns 0 if the packet should be delivered, an error code otherwise
3985  */
3986 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3987 {
3988 	struct netlbl_lsm_secattr secattr;
3989 	struct socket_smack *ssp = sk->sk_security;
3990 	struct smack_known *skp = NULL;
3991 	int rc = 0;
3992 	struct smk_audit_info ad;
3993 #ifdef CONFIG_AUDIT
3994 	struct lsm_network_audit net;
3995 #endif
3996 #if IS_ENABLED(CONFIG_IPV6)
3997 	struct sockaddr_in6 sadd;
3998 	int proto;
3999 #endif /* CONFIG_IPV6 */
4000 
4001 	switch (sk->sk_family) {
4002 	case PF_INET:
4003 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4004 		/*
4005 		 * If there is a secmark use it rather than the CIPSO label.
4006 		 * If there is no secmark fall back to CIPSO.
4007 		 * The secmark is assumed to reflect policy better.
4008 		 */
4009 		if (skb && skb->secmark != 0) {
4010 			skp = smack_from_secid(skb->secmark);
4011 			goto access_check;
4012 		}
4013 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4014 		/*
4015 		 * Translate what netlabel gave us.
4016 		 */
4017 		netlbl_secattr_init(&secattr);
4018 
4019 		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
4020 		if (rc == 0)
4021 			skp = smack_from_secattr(&secattr, ssp);
4022 		else
4023 			skp = smack_net_ambient;
4024 
4025 		netlbl_secattr_destroy(&secattr);
4026 
4027 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4028 access_check:
4029 #endif
4030 #ifdef CONFIG_AUDIT
4031 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4032 		ad.a.u.net->family = sk->sk_family;
4033 		ad.a.u.net->netif = skb->skb_iif;
4034 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4035 #endif
4036 		/*
4037 		 * Receiving a packet requires that the other end
4038 		 * be able to write here. Read access is not required.
4039 		 * This is the simplist possible security model
4040 		 * for networking.
4041 		 */
4042 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4043 		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
4044 					MAY_WRITE, rc);
4045 		if (rc != 0)
4046 			netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
4047 		break;
4048 #if IS_ENABLED(CONFIG_IPV6)
4049 	case PF_INET6:
4050 		proto = smk_skb_to_addr_ipv6(skb, &sadd);
4051 		if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
4052 			break;
4053 #ifdef SMACK_IPV6_SECMARK_LABELING
4054 		if (skb && skb->secmark != 0)
4055 			skp = smack_from_secid(skb->secmark);
4056 		else
4057 			skp = smack_ipv6host_label(&sadd);
4058 		if (skp == NULL)
4059 			skp = smack_net_ambient;
4060 #ifdef CONFIG_AUDIT
4061 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4062 		ad.a.u.net->family = sk->sk_family;
4063 		ad.a.u.net->netif = skb->skb_iif;
4064 		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4065 #endif /* CONFIG_AUDIT */
4066 		rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4067 		rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4068 					MAY_WRITE, rc);
4069 #endif /* SMACK_IPV6_SECMARK_LABELING */
4070 #ifdef SMACK_IPV6_PORT_LABELING
4071 		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
4072 #endif /* SMACK_IPV6_PORT_LABELING */
4073 		break;
4074 #endif /* CONFIG_IPV6 */
4075 	}
4076 
4077 	return rc;
4078 }
4079 
4080 /**
4081  * smack_socket_getpeersec_stream - pull in packet label
4082  * @sock: the socket
4083  * @optval: user's destination
4084  * @optlen: size thereof
4085  * @len: max thereof
4086  *
4087  * returns zero on success, an error code otherwise
4088  */
4089 static int smack_socket_getpeersec_stream(struct socket *sock,
4090 					  char __user *optval,
4091 					  int __user *optlen, unsigned len)
4092 {
4093 	struct socket_smack *ssp;
4094 	char *rcp = "";
4095 	int slen = 1;
4096 	int rc = 0;
4097 
4098 	ssp = sock->sk->sk_security;
4099 	if (ssp->smk_packet != NULL) {
4100 		rcp = ssp->smk_packet->smk_known;
4101 		slen = strlen(rcp) + 1;
4102 	}
4103 
4104 	if (slen > len)
4105 		rc = -ERANGE;
4106 	else if (copy_to_user(optval, rcp, slen) != 0)
4107 		rc = -EFAULT;
4108 
4109 	if (put_user(slen, optlen) != 0)
4110 		rc = -EFAULT;
4111 
4112 	return rc;
4113 }
4114 
4115 
4116 /**
4117  * smack_socket_getpeersec_dgram - pull in packet label
4118  * @sock: the peer socket
4119  * @skb: packet data
4120  * @secid: pointer to where to put the secid of the packet
4121  *
4122  * Sets the netlabel socket state on sk from parent
4123  */
4124 static int smack_socket_getpeersec_dgram(struct socket *sock,
4125 					 struct sk_buff *skb, u32 *secid)
4126 
4127 {
4128 	struct netlbl_lsm_secattr secattr;
4129 	struct socket_smack *ssp = NULL;
4130 	struct smack_known *skp;
4131 	int family = PF_UNSPEC;
4132 	u32 s = 0;	/* 0 is the invalid secid */
4133 	int rc;
4134 
4135 	if (skb != NULL) {
4136 		if (skb->protocol == htons(ETH_P_IP))
4137 			family = PF_INET;
4138 #if IS_ENABLED(CONFIG_IPV6)
4139 		else if (skb->protocol == htons(ETH_P_IPV6))
4140 			family = PF_INET6;
4141 #endif /* CONFIG_IPV6 */
4142 	}
4143 	if (family == PF_UNSPEC && sock != NULL)
4144 		family = sock->sk->sk_family;
4145 
4146 	switch (family) {
4147 	case PF_UNIX:
4148 		ssp = sock->sk->sk_security;
4149 		s = ssp->smk_out->smk_secid;
4150 		break;
4151 	case PF_INET:
4152 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4153 		s = skb->secmark;
4154 		if (s != 0)
4155 			break;
4156 #endif
4157 		/*
4158 		 * Translate what netlabel gave us.
4159 		 */
4160 		if (sock != NULL && sock->sk != NULL)
4161 			ssp = sock->sk->sk_security;
4162 		netlbl_secattr_init(&secattr);
4163 		rc = netlbl_skbuff_getattr(skb, family, &secattr);
4164 		if (rc == 0) {
4165 			skp = smack_from_secattr(&secattr, ssp);
4166 			s = skp->smk_secid;
4167 		}
4168 		netlbl_secattr_destroy(&secattr);
4169 		break;
4170 	case PF_INET6:
4171 #ifdef SMACK_IPV6_SECMARK_LABELING
4172 		s = skb->secmark;
4173 #endif
4174 		break;
4175 	}
4176 	*secid = s;
4177 	if (s == 0)
4178 		return -EINVAL;
4179 	return 0;
4180 }
4181 
4182 /**
4183  * smack_sock_graft - Initialize a newly created socket with an existing sock
4184  * @sk: child sock
4185  * @parent: parent socket
4186  *
4187  * Set the smk_{in,out} state of an existing sock based on the process that
4188  * is creating the new socket.
4189  */
4190 static void smack_sock_graft(struct sock *sk, struct socket *parent)
4191 {
4192 	struct socket_smack *ssp;
4193 	struct smack_known *skp = smk_of_current();
4194 
4195 	if (sk == NULL ||
4196 	    (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
4197 		return;
4198 
4199 	ssp = sk->sk_security;
4200 	ssp->smk_in = skp;
4201 	ssp->smk_out = skp;
4202 	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
4203 }
4204 
4205 /**
4206  * smack_inet_conn_request - Smack access check on connect
4207  * @sk: socket involved
4208  * @skb: packet
4209  * @req: unused
4210  *
4211  * Returns 0 if a task with the packet label could write to
4212  * the socket, otherwise an error code
4213  */
4214 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4215 				   struct request_sock *req)
4216 {
4217 	u16 family = sk->sk_family;
4218 	struct smack_known *skp;
4219 	struct socket_smack *ssp = sk->sk_security;
4220 	struct netlbl_lsm_secattr secattr;
4221 	struct sockaddr_in addr;
4222 	struct iphdr *hdr;
4223 	struct smack_known *hskp;
4224 	int rc;
4225 	struct smk_audit_info ad;
4226 #ifdef CONFIG_AUDIT
4227 	struct lsm_network_audit net;
4228 #endif
4229 
4230 #if IS_ENABLED(CONFIG_IPV6)
4231 	if (family == PF_INET6) {
4232 		/*
4233 		 * Handle mapped IPv4 packets arriving
4234 		 * via IPv6 sockets. Don't set up netlabel
4235 		 * processing on IPv6.
4236 		 */
4237 		if (skb->protocol == htons(ETH_P_IP))
4238 			family = PF_INET;
4239 		else
4240 			return 0;
4241 	}
4242 #endif /* CONFIG_IPV6 */
4243 
4244 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4245 	/*
4246 	 * If there is a secmark use it rather than the CIPSO label.
4247 	 * If there is no secmark fall back to CIPSO.
4248 	 * The secmark is assumed to reflect policy better.
4249 	 */
4250 	if (skb && skb->secmark != 0) {
4251 		skp = smack_from_secid(skb->secmark);
4252 		goto access_check;
4253 	}
4254 #endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4255 
4256 	netlbl_secattr_init(&secattr);
4257 	rc = netlbl_skbuff_getattr(skb, family, &secattr);
4258 	if (rc == 0)
4259 		skp = smack_from_secattr(&secattr, ssp);
4260 	else
4261 		skp = &smack_known_huh;
4262 	netlbl_secattr_destroy(&secattr);
4263 
4264 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4265 access_check:
4266 #endif
4267 
4268 #ifdef CONFIG_AUDIT
4269 	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4270 	ad.a.u.net->family = family;
4271 	ad.a.u.net->netif = skb->skb_iif;
4272 	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4273 #endif
4274 	/*
4275 	 * Receiving a packet requires that the other end be able to write
4276 	 * here. Read access is not required.
4277 	 */
4278 	rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4279 	rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
4280 	if (rc != 0)
4281 		return rc;
4282 
4283 	/*
4284 	 * Save the peer's label in the request_sock so we can later setup
4285 	 * smk_packet in the child socket so that SO_PEERCRED can report it.
4286 	 */
4287 	req->peer_secid = skp->smk_secid;
4288 
4289 	/*
4290 	 * We need to decide if we want to label the incoming connection here
4291 	 * if we do we only need to label the request_sock and the stack will
4292 	 * propagate the wire-label to the sock when it is created.
4293 	 */
4294 	hdr = ip_hdr(skb);
4295 	addr.sin_addr.s_addr = hdr->saddr;
4296 	rcu_read_lock();
4297 	hskp = smack_ipv4host_label(&addr);
4298 	rcu_read_unlock();
4299 
4300 	if (hskp == NULL)
4301 		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
4302 	else
4303 		netlbl_req_delattr(req);
4304 
4305 	return rc;
4306 }
4307 
4308 /**
4309  * smack_inet_csk_clone - Copy the connection information to the new socket
4310  * @sk: the new socket
4311  * @req: the connection's request_sock
4312  *
4313  * Transfer the connection's peer label to the newly created socket.
4314  */
4315 static void smack_inet_csk_clone(struct sock *sk,
4316 				 const struct request_sock *req)
4317 {
4318 	struct socket_smack *ssp = sk->sk_security;
4319 	struct smack_known *skp;
4320 
4321 	if (req->peer_secid != 0) {
4322 		skp = smack_from_secid(req->peer_secid);
4323 		ssp->smk_packet = skp;
4324 	} else
4325 		ssp->smk_packet = NULL;
4326 }
4327 
4328 /*
4329  * Key management security hooks
4330  *
4331  * Casey has not tested key support very heavily.
4332  * The permission check is most likely too restrictive.
4333  * If you care about keys please have a look.
4334  */
4335 #ifdef CONFIG_KEYS
4336 
4337 /**
4338  * smack_key_alloc - Set the key security blob
4339  * @key: object
4340  * @cred: the credentials to use
4341  * @flags: unused
4342  *
4343  * No allocation required
4344  *
4345  * Returns 0
4346  */
4347 static int smack_key_alloc(struct key *key, const struct cred *cred,
4348 			   unsigned long flags)
4349 {
4350 	struct smack_known *skp = smk_of_task(cred->security);
4351 
4352 	key->security = skp;
4353 	return 0;
4354 }
4355 
4356 /**
4357  * smack_key_free - Clear the key security blob
4358  * @key: the object
4359  *
4360  * Clear the blob pointer
4361  */
4362 static void smack_key_free(struct key *key)
4363 {
4364 	key->security = NULL;
4365 }
4366 
4367 /**
4368  * smack_key_permission - Smack access on a key
4369  * @key_ref: gets to the object
4370  * @cred: the credentials to use
4371  * @perm: requested key permissions
4372  *
4373  * Return 0 if the task has read and write to the object,
4374  * an error code otherwise
4375  */
4376 static int smack_key_permission(key_ref_t key_ref,
4377 				const struct cred *cred, unsigned perm)
4378 {
4379 	struct key *keyp;
4380 	struct smk_audit_info ad;
4381 	struct smack_known *tkp = smk_of_task(cred->security);
4382 	int request = 0;
4383 	int rc;
4384 
4385 	keyp = key_ref_to_ptr(key_ref);
4386 	if (keyp == NULL)
4387 		return -EINVAL;
4388 	/*
4389 	 * If the key hasn't been initialized give it access so that
4390 	 * it may do so.
4391 	 */
4392 	if (keyp->security == NULL)
4393 		return 0;
4394 	/*
4395 	 * This should not occur
4396 	 */
4397 	if (tkp == NULL)
4398 		return -EACCES;
4399 #ifdef CONFIG_AUDIT
4400 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4401 	ad.a.u.key_struct.key = keyp->serial;
4402 	ad.a.u.key_struct.key_desc = keyp->description;
4403 #endif
4404 	if (perm & KEY_NEED_READ)
4405 		request = MAY_READ;
4406 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4407 		request = MAY_WRITE;
4408 	rc = smk_access(tkp, keyp->security, request, &ad);
4409 	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
4410 	return rc;
4411 }
4412 
4413 /*
4414  * smack_key_getsecurity - Smack label tagging the key
4415  * @key points to the key to be queried
4416  * @_buffer points to a pointer that should be set to point to the
4417  * resulting string (if no label or an error occurs).
4418  * Return the length of the string (including terminating NUL) or -ve if
4419  * an error.
4420  * May also return 0 (and a NULL buffer pointer) if there is no label.
4421  */
4422 static int smack_key_getsecurity(struct key *key, char **_buffer)
4423 {
4424 	struct smack_known *skp = key->security;
4425 	size_t length;
4426 	char *copy;
4427 
4428 	if (key->security == NULL) {
4429 		*_buffer = NULL;
4430 		return 0;
4431 	}
4432 
4433 	copy = kstrdup(skp->smk_known, GFP_KERNEL);
4434 	if (copy == NULL)
4435 		return -ENOMEM;
4436 	length = strlen(copy) + 1;
4437 
4438 	*_buffer = copy;
4439 	return length;
4440 }
4441 
4442 #endif /* CONFIG_KEYS */
4443 
4444 /*
4445  * Smack Audit hooks
4446  *
4447  * Audit requires a unique representation of each Smack specific
4448  * rule. This unique representation is used to distinguish the
4449  * object to be audited from remaining kernel objects and also
4450  * works as a glue between the audit hooks.
4451  *
4452  * Since repository entries are added but never deleted, we'll use
4453  * the smack_known label address related to the given audit rule as
4454  * the needed unique representation. This also better fits the smack
4455  * model where nearly everything is a label.
4456  */
4457 #ifdef CONFIG_AUDIT
4458 
4459 /**
4460  * smack_audit_rule_init - Initialize a smack audit rule
4461  * @field: audit rule fields given from user-space (audit.h)
4462  * @op: required testing operator (=, !=, >, <, ...)
4463  * @rulestr: smack label to be audited
4464  * @vrule: pointer to save our own audit rule representation
4465  *
4466  * Prepare to audit cases where (@field @op @rulestr) is true.
4467  * The label to be audited is created if necessay.
4468  */
4469 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4470 {
4471 	struct smack_known *skp;
4472 	char **rule = (char **)vrule;
4473 	*rule = NULL;
4474 
4475 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4476 		return -EINVAL;
4477 
4478 	if (op != Audit_equal && op != Audit_not_equal)
4479 		return -EINVAL;
4480 
4481 	skp = smk_import_entry(rulestr, 0);
4482 	if (IS_ERR(skp))
4483 		return PTR_ERR(skp);
4484 
4485 	*rule = skp->smk_known;
4486 
4487 	return 0;
4488 }
4489 
4490 /**
4491  * smack_audit_rule_known - Distinguish Smack audit rules
4492  * @krule: rule of interest, in Audit kernel representation format
4493  *
4494  * This is used to filter Smack rules from remaining Audit ones.
4495  * If it's proved that this rule belongs to us, the
4496  * audit_rule_match hook will be called to do the final judgement.
4497  */
4498 static int smack_audit_rule_known(struct audit_krule *krule)
4499 {
4500 	struct audit_field *f;
4501 	int i;
4502 
4503 	for (i = 0; i < krule->field_count; i++) {
4504 		f = &krule->fields[i];
4505 
4506 		if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4507 			return 1;
4508 	}
4509 
4510 	return 0;
4511 }
4512 
4513 /**
4514  * smack_audit_rule_match - Audit given object ?
4515  * @secid: security id for identifying the object to test
4516  * @field: audit rule flags given from user-space
4517  * @op: required testing operator
4518  * @vrule: smack internal rule presentation
4519  * @actx: audit context associated with the check
4520  *
4521  * The core Audit hook. It's used to take the decision of
4522  * whether to audit or not to audit a given object.
4523  */
4524 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4525 				  struct audit_context *actx)
4526 {
4527 	struct smack_known *skp;
4528 	char *rule = vrule;
4529 
4530 	if (unlikely(!rule)) {
4531 		WARN_ONCE(1, "Smack: missing rule\n");
4532 		return -ENOENT;
4533 	}
4534 
4535 	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4536 		return 0;
4537 
4538 	skp = smack_from_secid(secid);
4539 
4540 	/*
4541 	 * No need to do string comparisons. If a match occurs,
4542 	 * both pointers will point to the same smack_known
4543 	 * label.
4544 	 */
4545 	if (op == Audit_equal)
4546 		return (rule == skp->smk_known);
4547 	if (op == Audit_not_equal)
4548 		return (rule != skp->smk_known);
4549 
4550 	return 0;
4551 }
4552 
4553 /*
4554  * There is no need for a smack_audit_rule_free hook.
4555  * No memory was allocated.
4556  */
4557 
4558 #endif /* CONFIG_AUDIT */
4559 
4560 /**
4561  * smack_ismaclabel - check if xattr @name references a smack MAC label
4562  * @name: Full xattr name to check.
4563  */
4564 static int smack_ismaclabel(const char *name)
4565 {
4566 	return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4567 }
4568 
4569 
4570 /**
4571  * smack_secid_to_secctx - return the smack label for a secid
4572  * @secid: incoming integer
4573  * @secdata: destination
4574  * @seclen: how long it is
4575  *
4576  * Exists for networking code.
4577  */
4578 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4579 {
4580 	struct smack_known *skp = smack_from_secid(secid);
4581 
4582 	if (secdata)
4583 		*secdata = skp->smk_known;
4584 	*seclen = strlen(skp->smk_known);
4585 	return 0;
4586 }
4587 
4588 /**
4589  * smack_secctx_to_secid - return the secid for a smack label
4590  * @secdata: smack label
4591  * @seclen: how long result is
4592  * @secid: outgoing integer
4593  *
4594  * Exists for audit and networking code.
4595  */
4596 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4597 {
4598 	struct smack_known *skp = smk_find_entry(secdata);
4599 
4600 	if (skp)
4601 		*secid = skp->smk_secid;
4602 	else
4603 		*secid = 0;
4604 	return 0;
4605 }
4606 
4607 /*
4608  * There used to be a smack_release_secctx hook
4609  * that did nothing back when hooks were in a vector.
4610  * Now that there's a list such a hook adds cost.
4611  */
4612 
4613 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4614 {
4615 	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4616 }
4617 
4618 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4619 {
4620 	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4621 }
4622 
4623 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4624 {
4625 	int len = 0;
4626 	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4627 
4628 	if (len < 0)
4629 		return len;
4630 	*ctxlen = len;
4631 	return 0;
4632 }
4633 
4634 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
4635 	LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4636 	LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4637 	LSM_HOOK_INIT(syslog, smack_syslog),
4638 
4639 	LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
4640 	LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
4641 	LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4642 	LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4643 	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
4644 	LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4645 	LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
4646 
4647 	LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4648 	LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
4649 	LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
4650 
4651 	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
4652 	LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
4653 	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4654 	LSM_HOOK_INIT(inode_link, smack_inode_link),
4655 	LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4656 	LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4657 	LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4658 	LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4659 	LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4660 	LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4661 	LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4662 	LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4663 	LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4664 	LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4665 	LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4666 	LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4667 	LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4668 	LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4669 
4670 	LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
4671 	LSM_HOOK_INIT(file_free_security, smack_file_free_security),
4672 	LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4673 	LSM_HOOK_INIT(file_lock, smack_file_lock),
4674 	LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4675 	LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4676 	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4677 	LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4678 	LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4679 	LSM_HOOK_INIT(file_receive, smack_file_receive),
4680 
4681 	LSM_HOOK_INIT(file_open, smack_file_open),
4682 
4683 	LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4684 	LSM_HOOK_INIT(cred_free, smack_cred_free),
4685 	LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4686 	LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4687 	LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4688 	LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4689 	LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4690 	LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4691 	LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4692 	LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4693 	LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4694 	LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4695 	LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4696 	LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4697 	LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4698 	LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4699 	LSM_HOOK_INIT(task_kill, smack_task_kill),
4700 	LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4701 
4702 	LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4703 	LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4704 
4705 	LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
4706 	LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
4707 
4708 	LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
4709 	LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
4710 	LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4711 	LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4712 	LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4713 	LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4714 
4715 	LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
4716 	LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
4717 	LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4718 	LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4719 	LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4720 
4721 	LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
4722 	LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
4723 	LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4724 	LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4725 	LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4726 
4727 	LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4728 
4729 	LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4730 	LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4731 
4732 	LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4733 	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4734 
4735 	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
4736 #ifdef SMACK_IPV6_PORT_LABELING
4737 	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
4738 #endif
4739 	LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4740 	LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4741 	LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4742 	LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4743 	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4744 	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4745 	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4746 	LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4747 	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4748 	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
4749 
4750  /* key management security hooks */
4751 #ifdef CONFIG_KEYS
4752 	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
4753 	LSM_HOOK_INIT(key_free, smack_key_free),
4754 	LSM_HOOK_INIT(key_permission, smack_key_permission),
4755 	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
4756 #endif /* CONFIG_KEYS */
4757 
4758  /* Audit hooks */
4759 #ifdef CONFIG_AUDIT
4760 	LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4761 	LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4762 	LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
4763 #endif /* CONFIG_AUDIT */
4764 
4765 	LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4766 	LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4767 	LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
4768 	LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4769 	LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4770 	LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
4771 };
4772 
4773 
4774 static __init void init_smack_known_list(void)
4775 {
4776 	/*
4777 	 * Initialize rule list locks
4778 	 */
4779 	mutex_init(&smack_known_huh.smk_rules_lock);
4780 	mutex_init(&smack_known_hat.smk_rules_lock);
4781 	mutex_init(&smack_known_floor.smk_rules_lock);
4782 	mutex_init(&smack_known_star.smk_rules_lock);
4783 	mutex_init(&smack_known_web.smk_rules_lock);
4784 	/*
4785 	 * Initialize rule lists
4786 	 */
4787 	INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4788 	INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4789 	INIT_LIST_HEAD(&smack_known_star.smk_rules);
4790 	INIT_LIST_HEAD(&smack_known_floor.smk_rules);
4791 	INIT_LIST_HEAD(&smack_known_web.smk_rules);
4792 	/*
4793 	 * Create the known labels list
4794 	 */
4795 	smk_insert_entry(&smack_known_huh);
4796 	smk_insert_entry(&smack_known_hat);
4797 	smk_insert_entry(&smack_known_star);
4798 	smk_insert_entry(&smack_known_floor);
4799 	smk_insert_entry(&smack_known_web);
4800 }
4801 
4802 /**
4803  * smack_init - initialize the smack system
4804  *
4805  * Returns 0
4806  */
4807 static __init int smack_init(void)
4808 {
4809 	struct cred *cred;
4810 	struct task_smack *tsp;
4811 
4812 	if (!security_module_enable("smack"))
4813 		return 0;
4814 
4815 	smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4816 	if (!smack_inode_cache)
4817 		return -ENOMEM;
4818 
4819 	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4820 				GFP_KERNEL);
4821 	if (tsp == NULL) {
4822 		kmem_cache_destroy(smack_inode_cache);
4823 		return -ENOMEM;
4824 	}
4825 
4826 	smack_enabled = 1;
4827 
4828 	pr_info("Smack:  Initializing.\n");
4829 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
4830 	pr_info("Smack:  Netfilter enabled.\n");
4831 #endif
4832 #ifdef SMACK_IPV6_PORT_LABELING
4833 	pr_info("Smack:  IPv6 port labeling enabled.\n");
4834 #endif
4835 #ifdef SMACK_IPV6_SECMARK_LABELING
4836 	pr_info("Smack:  IPv6 Netfilter enabled.\n");
4837 #endif
4838 
4839 	/*
4840 	 * Set the security state for the initial task.
4841 	 */
4842 	cred = (struct cred *) current->cred;
4843 	cred->security = tsp;
4844 
4845 	/* initialize the smack_known_list */
4846 	init_smack_known_list();
4847 
4848 	/*
4849 	 * Register with LSM
4850 	 */
4851 	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
4852 
4853 	return 0;
4854 }
4855 
4856 /*
4857  * Smack requires early initialization in order to label
4858  * all processes and objects when they are created.
4859  */
4860 security_initcall(smack_init);
4861