| blob | 2dd91cc51d167b53676695cccbc542a2fd2c0313 |
1 /*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
6 * Author:
7 * Casey Schaufler <casey@schaufler-ca.com>
8 *
9 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2,
13 * as published by the Free Software Foundation.
14 */
16 #include <linux/xattr.h>
17 #include <linux/pagemap.h>
18 #include <linux/mount.h>
19 #include <linux/stat.h>
20 #include <linux/ext2_fs.h>
21 #include <linux/kd.h>
22 #include <asm/ioctls.h>
23 #include <linux/tcp.h>
24 #include <linux/udp.h>
25 #include <linux/mutex.h>
26 #include <linux/pipe_fs_i.h>
27 #include <net/netlabel.h>
28 #include <net/cipso_ipv4.h>
32 /*
33 * I hope these are the hokeyist lines of code in the module. Casey.
34 */
35 #define DEVPTS_SUPER_MAGIC 0x1cd1
36 #define SOCKFS_MAGIC 0x534F434B
37 #define TMPFS_MAGIC 0x01021994
39 /**
40 * smk_fetch - Fetch the smack label from a file.
41 * @ip: a pointer to the inode
42 * @dp: a pointer to the dentry
43 *
44 * Returns a pointer to the master list entry for the Smack label
45 * or NULL if there was no label to fetch.
46 */
48 {
60 }
62 /**
63 * new_inode_smack - allocate an inode security blob
64 * @smack: a pointer to the Smack label to use in the blob
65 *
66 * Returns the new blob or NULL if there's no memory available
67 */
69 {
81 }
83 /*
84 * LSM hooks.
85 * We he, that is fun!
86 */
88 /**
89 * smack_ptrace - Smack approval on ptrace
90 * @ptp: parent task pointer
91 * @ctp: child task pointer
92 *
93 * Returns 0 if access is OK, an error code otherwise
94 *
95 * Do the capability checks, and require read and write.
96 */
98 {
110 }
112 /**
113 * smack_syslog - Smack approval on syslog
114 * @type: message type
115 *
116 * Require that the task has the floor label
117 *
118 * Returns 0 on success, error code otherwise.
119 */
121 {
136 }
139 /*
140 * Superblock Hooks.
141 */
143 /**
144 * smack_sb_alloc_security - allocate a superblock blob
145 * @sb: the superblock getting the blob
146 *
147 * Returns 0 on success or -ENOMEM on error.
148 */
150 {
168 }
170 /**
171 * smack_sb_free_security - free a superblock blob
172 * @sb: the superblock getting the blob
173 *
174 */
176 {
179 }
181 /**
182 * smack_sb_copy_data - copy mount options data for processing
183 * @type: file system type
184 * @orig: where to start
185 * @smackopts
186 *
187 * Returns 0 on success or -ENOMEM on error.
188 *
189 * Copy the Smack specific mount options out of the mount
190 * options list.
191 */
195 =======
198 {
202 /* Binary mount data: just copy */
206 }
208 =======
223 else
233 }
239 }
241 /**
242 * smack_sb_kern_mount - Smack specific mount processing
243 * @sb: the file system superblock
244 * @data: the smack mount options
245 *
246 * Returns 0 on success, an error code on failure
247 */
249 {
262 }
292 }
293 }
295 /*
296 * Initialize the root inode.
297 */
301 else
305 }
307 /**
308 * smack_sb_statfs - Smack check on statfs
309 * @dentry: identifies the file system in question
310 *
311 * Returns 0 if current can read the floor of the filesystem,
312 * and error code otherwise
313 */
315 {
319 }
321 /**
322 * smack_sb_mount - Smack check for mounting
323 * @dev_name: unused
324 * @nd: mount point
325 * @type: unused
326 * @flags: unused
327 * @data: unused
328 *
329 * Returns 0 if current can write the floor of the filesystem
330 * being mounted on, an error code otherwise.
331 */
334 {
338 }
340 /**
341 * smack_sb_umount - Smack check for unmounting
342 * @mnt: file system to unmount
343 * @flags: unused
344 *
345 * Returns 0 if current can write the floor of the filesystem
346 * being unmounted, an error code otherwise.
347 */
349 {
355 }
357 /*
358 * Inode hooks
359 */
361 /**
362 * smack_inode_alloc_security - allocate an inode blob
363 * @inode - the inode in need of a blob
364 *
365 * Returns 0 if it gets a blob, -ENOMEM otherwise
366 */
368 {
373 }
375 /**
376 * smack_inode_free_security - free an inode blob
377 * @inode - the inode with a blob
378 *
379 * Clears the blob pointer in inode
380 */
382 {
385 }
387 /**
388 * smack_inode_init_security - copy out the smack from an inode
389 * @inode: the inode
390 * @dir: unused
391 * @name: where to put the attribute name
392 * @value: where to put the attribute value
393 * @len: where to put the length of the attribute
394 *
395 * Returns 0 if it all works out, -ENOMEM if there's no memory
396 */
399 {
406 }
412 }
418 }
420 /**
421 * smack_inode_link - Smack check on link
422 * @old_dentry: the existing object
423 * @dir: unused
424 * @new_dentry: the new object
425 *
426 * Returns 0 if access is permitted, an error code otherwise
427 */
430 {
440 }
443 }
445 /**
446 * smack_inode_unlink - Smack check on inode deletion
447 * @dir: containing directory object
448 * @dentry: file to unlink
449 *
450 * Returns 0 if current can write the containing directory
451 * and the object, error code otherwise
452 */
454 {
458 /*
459 * You need write access to the thing you're unlinking
460 */
463 /*
464 * You also need write access to the containing directory
465 */
469 }
471 /**
472 * smack_inode_rmdir - Smack check on directory deletion
473 * @dir: containing directory object
474 * @dentry: directory to unlink
475 *
476 * Returns 0 if current can write the containing directory
477 * and the directory, error code otherwise
478 */
480 {
483 /*
484 * You need write access to the thing you're removing
485 */
488 /*
489 * You also need write access to the containing directory
490 */
494 }
496 /**
497 * smack_inode_rename - Smack check on rename
498 * @old_inode: the old directory
499 * @old_dentry: unused
500 * @new_inode: the new directory
501 * @new_dentry: unused
502 *
503 * Read and write access is required on both the old and
504 * new directories.
505 *
506 * Returns 0 if access is permitted, an error code otherwise
507 */
512 {
522 }
525 }
527 /**
528 * smack_inode_permission - Smack version of permission()
529 * @inode: the inode in question
530 * @mask: the access requested
531 * @nd: unused
532 *
533 * This is the important Smack hook.
534 *
535 * Returns 0 if access is permitted, -EACCES otherwise
536 */
539 {
540 /*
541 * No permission to check. Existence test. Yup, it's there.
542 */
547 }
549 /**
550 * smack_inode_setattr - Smack check for setting attributes
551 * @dentry: the object
552 * @iattr: for the force flag
553 *
554 * Returns 0 if access is permitted, an error code otherwise
555 */
557 {
558 /*
559 * Need to allow for clearing the setuid bit.
560 */
565 }
567 /**
568 * smack_inode_getattr - Smack check for getting attributes
569 * @mnt: unused
570 * @dentry: the object
571 *
572 * Returns 0 if access is permitted, an error code otherwise
573 */
575 {
577 }
579 /**
580 * smack_inode_setxattr - Smack check for setting xattrs
581 * @dentry: the object
582 * @name: name of the attribute
583 * @value: unused
584 * @size: unused
585 * @flags: unused
586 *
587 * This protects the Smack attribute explicitly.
588 *
589 * Returns 0 if access is permitted, an error code otherwise
590 */
593 {
600 }
601 =======
607 =======
621 }
623 /**
624 * smack_inode_post_setxattr - Apply the Smack update approved above
625 * @dentry: object
626 * @name: attribute name
627 * @value: attribute value
628 * @size: attribute size
629 * @flags: unused
630 *
631 * Set the pointer in the inode blob to the entry found
632 * in the master label list.
633 */
636 {
640 /*
641 * Not SMACK
642 */
651 /*
652 * No locking is done here. This is a pointer
653 * assignment.
654 */
658 else
662 }
664 /*
665 * smack_inode_getxattr - Smack check on getxattr
666 * @dentry: the object
667 * @name: unused
668 *
669 * Returns 0 if access is permitted, an error code otherwise
670 */
672 {
674 }
676 /*
677 * smack_inode_removexattr - Smack check on removexattr
678 * @dentry: the object
679 * @name: name of the attribute
680 *
681 * Removing the Smack attribute requires CAP_MAC_ADMIN
682 *
683 * Returns 0 if access is permitted, an error code otherwise
684 */
686 {
690 =======
696 =======
710 }
712 /**
713 * smack_inode_getsecurity - get smack xattrs
714 * @inode: the object
715 * @name: attribute name
716 * @buffer: where to put the result
717 * @size: size of the buffer
718 * @err: unused
719 *
720 * Returns the size of the attribute or an error code
721 */
725 {
739 }
741 /*
742 * The rest of the Smack xattrs are only on sockets.
743 */
758 else
765 }
768 }
771 /**
772 * smack_inode_listsecurity - list the Smack attributes
773 * @inode: the object
774 * @buffer: where they go
775 * @buffer_size: size of buffer
776 *
777 * Returns 0 on success, -EINVAL otherwise
778 */
781 {
787 }
789 }
791 /*
792 * File Hooks
793 */
795 /**
796 * smack_file_permission - Smack check on file operations
797 * @file: unused
798 * @mask: unused
799 *
800 * Returns 0
801 *
802 * Should access checks be done on each read or write?
803 * UNICOS and SELinux say yes.
804 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
805 *
806 * I'll say no for now. Smack does not do the frequent
807 * label changing that SELinux does.
808 */
810 {
812 }
814 /**
815 * smack_file_alloc_security - assign a file security blob
816 * @file: the object
817 *
818 * The security blob for a file is a pointer to the master
819 * label list, so no allocation is done.
820 *
821 * Returns 0
822 */
824 {
827 }
829 /**
830 * smack_file_free_security - clear a file security blob
831 * @file: the object
832 *
833 * The security blob for a file is a pointer to the master
834 * label list, so no memory is freed.
835 */
837 {
839 }
841 /**
842 * smack_file_ioctl - Smack check on ioctls
843 * @file: the object
844 * @cmd: what to do
845 * @arg: unused
846 *
847 * Relies heavily on the correct use of the ioctl command conventions.
848 *
849 * Returns 0 if allowed, error code otherwise
850 */
853 {
863 }
865 /**
866 * smack_file_lock - Smack check on file locking
867 * @file: the object
868 * @cmd unused
869 *
870 * Returns 0 if current has write access, error code otherwise
871 */
873 {
875 }
877 /**
878 * smack_file_fcntl - Smack check on fcntl
879 * @file: the object
880 * @cmd: what action to check
881 * @arg: unused
882 *
883 * Returns 0 if current has access, error code otherwise
884 */
887 {
909 }
912 }
914 /**
915 * smack_file_set_fowner - set the file security blob value
916 * @file: object in question
917 *
918 * Returns 0
919 * Further research may be required on this one.
920 */
922 {
925 }
927 /**
928 * smack_file_send_sigiotask - Smack on sigio
929 * @tsk: The target task
930 * @fown: the object the signal come from
931 * @signum: unused
932 *
933 * Allow a privileged task to get signals even if it shouldn't
934 *
935 * Returns 0 if a subject with the object's smack could
936 * write to the task, an error code otherwise.
937 */
940 {
944 /*
945 * struct fown_struct is never outside the context of a struct file
946 */
952 }
954 /**
955 * smack_file_receive - Smack file receive check
956 * @file: the object
957 *
958 * Returns 0 if current has access, error code otherwise
959 */
961 {
964 /*
965 * This code relies on bitmasks.
966 */
973 }
975 /*
976 * Task hooks
977 */
979 /**
980 * smack_task_alloc_security - "allocate" a task blob
981 * @tsk: the task in need of a blob
982 *
983 * Smack isn't using copies of blobs. Everyone
984 * points to an immutable list. No alloc required.
985 * No data copy required.
986 *
987 * Always returns 0
988 */
990 {
994 }
996 /**
997 * smack_task_free_security - "free" a task blob
998 * @task: the task with the blob
999 *
1000 * Smack isn't using copies of blobs. Everyone
1001 * points to an immutable list. The blobs never go away.
1002 * There is no leak here.
1003 */
1005 {
1007 }
1009 /**
1010 * smack_task_setpgid - Smack check on setting pgid
1011 * @p: the task object
1012 * @pgid: unused
1013 *
1014 * Return 0 if write access is permitted
1015 */
1017 {
1019 }
1021 /**
1022 * smack_task_getpgid - Smack access check for getpgid
1023 * @p: the object task
1024 *
1025 * Returns 0 if current can read the object task, error code otherwise
1026 */
1028 {
1030 }
1032 /**
1033 * smack_task_getsid - Smack access check for getsid
1034 * @p: the object task
1035 *
1036 * Returns 0 if current can read the object task, error code otherwise
1037 */
1039 {
1041 }
1043 /**
1044 * smack_task_getsecid - get the secid of the task
1045 * @p: the object task
1046 * @secid: where to put the result
1047 *
1048 * Sets the secid to contain a u32 version of the smack label.
1049 */
1051 {
1053 }
1055 /**
1056 * smack_task_setnice - Smack check on setting nice
1057 * @p: the task object
1058 * @nice: unused
1059 *
1060 * Return 0 if write access is permitted
1061 */
1063 {
1066 =======
1074 }
1076 /**
1077 * smack_task_setioprio - Smack check on setting ioprio
1078 * @p: the task object
1079 * @ioprio: unused
1080 *
1081 * Return 0 if write access is permitted
1082 */
1084 {
1087 =======
1095 }
1097 /**
1098 * smack_task_getioprio - Smack check on reading ioprio
1099 * @p: the task object
1100 *
1101 * Return 0 if read access is permitted
1102 */
1104 {
1106 }
1108 /**
1109 * smack_task_setscheduler - Smack check on setting scheduler
1110 * @p: the task object
1111 * @policy: unused
1112 * @lp: unused
1113 *
1114 * Return 0 if read access is permitted
1115 */
1118 {
1121 =======
1129 }
1131 /**
1132 * smack_task_getscheduler - Smack check on reading scheduler
1133 * @p: the task object
1134 *
1135 * Return 0 if read access is permitted
1136 */
1138 {
1140 }
1142 /**
1143 * smack_task_movememory - Smack check on moving memory
1144 * @p: the task object
1145 *
1146 * Return 0 if write access is permitted
1147 */
1149 {
1151 }
1153 /**
1154 * smack_task_kill - Smack check on signal delivery
1155 * @p: the task object
1156 * @info: unused
1157 * @sig: unused
1158 * @secid: identifies the smack to use in lieu of current's
1159 *
1160 * Return 0 if write access is permitted
1161 *
1162 * The secid behavior is an artifact of an SELinux hack
1163 * in the USB code. Someday it may go away.
1164 */
1167 {
1169 =======
1176 /*
1177 * Special cases where signals really ought to go through
1178 * in spite of policy. Stephen Smalley suggests it may
1179 * make sense to change the caller so that it doesn't
1180 * bother with the LSM hook in these cases.
1181 */
1185 /*
1186 * Sending a signal requires that the sender
1187 * can write the receiver.
1188 */
1191 /*
1192 * If the secid isn't 0 we're dealing with some USB IO
1193 * specific behavior. This is not clean. For one thing
1194 * we can't take privilege into account.
1195 */
1197 }
1199 /**
1200 * smack_task_wait - Smack access check for waiting
1201 * @p: task to wait for
1202 *
1203 * Returns 0 if current can wait for p, error code otherwise
1204 */
1206 {
1213 /*
1214 * Allow the operation to succeed if either task
1215 * has privilege to perform operations that might
1216 * account for the smack labels having gotten to
1217 * be different in the first place.
1218 *
1219 * This breaks the strict subjet/object access
1220 * control ideal, taking the object's privilege
1221 * state into account in the decision as well as
1222 * the smack value.
1223 */
1228 }
1230 /**
1231 * smack_task_to_inode - copy task smack into the inode blob
1232 * @p: task to copy from
1233 * inode: inode to copy to
1234 *
1235 * Sets the smack pointer in the inode security blob
1236 */
1238 {
1241 }
1243 /*
1244 * Socket hooks.
1245 */
1247 /**
1248 * smack_sk_alloc_security - Allocate a socket blob
1249 * @sk: the socket
1250 * @family: unused
1251 * @priority: memory allocation priority
1252 *
1253 * Assign Smack pointers to current
1254 *
1255 * Returns 0 on success, -ENOMEM is there's no memory
1256 */
1258 {
1273 }
1275 /**
1276 * smack_sk_free_security - Free a socket blob
1277 * @sk: the socket
1278 *
1279 * Clears the blob pointer
1280 */
1282 {
1284 }
1286 /**
1287 * smack_set_catset - convert a capset to netlabel mls categories
1288 * @catset: the Smack categories
1289 * @sap: where to put the netlabel categories
1290 *
1291 * Allocates and fills attr.mls.cat
1292 */
1294 {
1314 }
1315 }
1317 /**
1318 * smack_to_secattr - fill a secattr from a smack value
1319 * @smack: the smack value
1320 * @nlsp: where the result goes
1321 *
1322 * Casey says that CIPSO is good enough for now.
1323 * It can be used to effect.
1324 * It can also be abused to effect when necessary.
1325 * Appologies to the TSIG group in general and GW in particular.
1326 */
1328 {
1338 =======
1350 }
1354 }
1355 }
1357 /**
1358 * smack_netlabel - Set the secattr on a socket
1359 * @sk: the socket
1360 *
1361 * Convert the outbound smack value (smk_out) to a
1362 * secattr and attach it to the socket.
1363 *
1364 * Returns 0 on success or an error code
1365 */
1367 {
1372 =======
1383 =======
1388 =======
1392 }
1394 /**
1395 * smack_inode_setsecurity - set smack xattrs
1396 * @inode: the object
1397 * @name: attribute name
1398 * @value: attribute value
1399 * @size: size of the attribute
1400 * @flags: unused
1401 *
1402 * Sets the named attribute in the appropriate blob
1403 *
1404 * Returns 0 on success, or an error code
1405 */
1408 {
1414 =======
1428 }
1429 /*
1430 * The rest of the Smack xattrs are only on sockets.
1431 */
1447 =======
1457 }
1459 /**
1460 * smack_socket_post_create - finish socket setup
1461 * @sock: the socket
1462 * @family: protocol family
1463 * @type: unused
1464 * @protocol: unused
1465 * @kern: unused
1466 *
1467 * Sets the netlabel information on the socket
1468 *
1469 * Returns 0 on success, and error code otherwise
1470 */
1473 {
1476 /*
1477 * Set the outbound netlbl.
1478 */
1480 }
1482 /**
1483 * smack_flags_to_may - convert S_ to MAY_ values
1484 * @flags: the S_ value
1485 *
1486 * Returns the equivalent MAY_ value
1487 */
1489 {
1500 }
1502 /**
1503 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
1504 * @msg: the object
1505 *
1506 * Returns 0
1507 */
1509 {
1512 }
1514 /**
1515 * smack_msg_msg_free_security - Clear the security blob for msg_msg
1516 * @msg: the object
1517 *
1518 * Clears the blob pointer
1519 */
1521 {
1523 }
1525 /**
1526 * smack_of_shm - the smack pointer for the shm
1527 * @shp: the object
1528 *
1529 * Returns a pointer to the smack value
1530 */
1532 {
1534 }
1536 /**
1537 * smack_shm_alloc_security - Set the security blob for shm
1538 * @shp: the object
1539 *
1540 * Returns 0
1541 */
1543 {
1548 }
1550 /**
1551 * smack_shm_free_security - Clear the security blob for shm
1552 * @shp: the object
1553 *
1554 * Clears the blob pointer
1555 */
1557 {
1561 }
1563 /**
1564 * smack_shm_associate - Smack access check for shm
1565 * @shp: the object
1566 * @shmflg: access requested
1567 *
1568 * Returns 0 if current has the requested access, error code otherwise
1569 */
1571 {
1577 }
1579 /**
1580 * smack_shm_shmctl - Smack access check for shm
1581 * @shp: the object
1582 * @cmd: what it wants to do
1583 *
1584 * Returns 0 if current has the requested access, error code otherwise
1585 */
1587 {
1604 /*
1605 * System level information.
1606 */
1610 }
1613 }
1615 /**
1616 * smack_shm_shmat - Smack access for shmat
1617 * @shp: the object
1618 * @shmaddr: unused
1619 * @shmflg: access requested
1620 *
1621 * Returns 0 if current has the requested access, error code otherwise
1622 */
1625 {
1631 }
1633 /**
1634 * smack_of_sem - the smack pointer for the sem
1635 * @sma: the object
1636 *
1637 * Returns a pointer to the smack value
1638 */
1640 {
1642 }
1644 /**
1645 * smack_sem_alloc_security - Set the security blob for sem
1646 * @sma: the object
1647 *
1648 * Returns 0
1649 */
1651 {
1656 }
1658 /**
1659 * smack_sem_free_security - Clear the security blob for sem
1660 * @sma: the object
1661 *
1662 * Clears the blob pointer
1663 */
1665 {
1669 }
1671 /**
1672 * smack_sem_associate - Smack access check for sem
1673 * @sma: the object
1674 * @semflg: access requested
1675 *
1676 * Returns 0 if current has the requested access, error code otherwise
1677 */
1679 {
1685 }
1687 /**
1688 * smack_sem_shmctl - Smack access check for sem
1689 * @sma: the object
1690 * @cmd: what it wants to do
1691 *
1692 * Returns 0 if current has the requested access, error code otherwise
1693 */
1695 {
1717 /*
1718 * System level information
1719 */
1723 }
1726 }
1728 /**
1729 * smack_sem_semop - Smack checks of semaphore operations
1730 * @sma: the object
1731 * @sops: unused
1732 * @nsops: unused
1733 * @alter: unused
1734 *
1735 * Treated as read and write in all cases.
1736 *
1737 * Returns 0 if access is allowed, error code otherwise
1738 */
1741 {
1745 }
1747 /**
1748 * smack_msg_alloc_security - Set the security blob for msg
1749 * @msq: the object
1750 *
1751 * Returns 0
1752 */
1754 {
1759 }
1761 /**
1762 * smack_msg_free_security - Clear the security blob for msg
1763 * @msq: the object
1764 *
1765 * Clears the blob pointer
1766 */
1768 {
1772 }
1774 /**
1775 * smack_of_msq - the smack pointer for the msq
1776 * @msq: the object
1777 *
1778 * Returns a pointer to the smack value
1779 */
1781 {
1783 }
1785 /**
1786 * smack_msg_queue_associate - Smack access check for msg_queue
1787 * @msq: the object
1788 * @msqflg: access requested
1789 *
1790 * Returns 0 if current has the requested access, error code otherwise
1791 */
1793 {
1799 }
1801 /**
1802 * smack_msg_queue_msgctl - Smack access check for msg_queue
1803 * @msq: the object
1804 * @cmd: what it wants to do
1805 *
1806 * Returns 0 if current has the requested access, error code otherwise
1807 */
1809 {
1824 /*
1825 * System level information
1826 */
1830 }
1833 }
1835 /**
1836 * smack_msg_queue_msgsnd - Smack access check for msg_queue
1837 * @msq: the object
1838 * @msg: unused
1839 * @msqflg: access requested
1840 *
1841 * Returns 0 if current has the requested access, error code otherwise
1842 */
1845 {
1851 }
1853 /**
1854 * smack_msg_queue_msgsnd - Smack access check for msg_queue
1855 * @msq: the object
1856 * @msg: unused
1857 * @target: unused
1858 * @type: unused
1859 * @mode: unused
1860 *
1861 * Returns 0 if current has read and write access, error code otherwise
1862 */
1865 {
1869 }
1871 /**
1872 * smack_ipc_permission - Smack access for ipc_permission()
1873 * @ipp: the object permissions
1874 * @flag: access requested
1875 *
1876 * Returns 0 if current has read and write access, error code otherwise
1877 */
1879 {
1885 }
1888 =======
1889 /* module stacking operations */
1891 /**
1892 * smack_register_security - stack capability module
1893 * @name: module name
1894 * @ops: module operations - ignored
1895 *
1896 * Allow the capability module to register.
1897 */
1900 {
1908 }
1911 /**
1912 * smack_d_instantiate - Make sure the blob is correct on an inode
1913 * @opt_dentry: unused
1914 * @inode: the object
1915 *
1916 * Set the inode's security blob if it hasn't been done already.
1917 */
1919 {
1934 /*
1935 * If the inode is already instantiated
1936 * take the quick way out
1937 */
1943 /*
1944 * We're going to use the superblock default label
1945 * if there's no label on the file.
1946 */
1949 /*
1950 * This is pretty hackish.
1951 * Casey says that we shouldn't have to do
1952 * file system specific code, but it does help
1953 * with keeping it simple.
1954 */
1957 /*
1958 * Casey says that it's a little embarassing
1959 * that the smack file system doesn't do
1960 * extended attributes.
1961 */
1965 /*
1966 * Casey says pipes are easy (?)
1967 */
1971 /*
1972 * devpts seems content with the label of the task.
1973 * Programs that change smack have to treat the
1974 * pty with respect.
1975 */
1979 /*
1980 * Casey says sockets get the smack of the task.
1981 */
1985 /*
1986 * Casey says procfs appears not to care.
1987 * The superblock default suffices.
1988 */
1991 /*
1992 * Device labels should come from the filesystem,
1993 * but watch out, because they're volitile,
1994 * getting recreated on every reboot.
1995 */
1997 /*
1998 * No break.
1999 *
2000 * If a smack value has been set we want to use it,
2001 * but since tmpfs isn't giving us the opportunity
2002 * to set mount options simulate setting the
2003 * superblock default.
2004 */
2006 /*
2007 * This isn't an understood special case.
2008 * Get the value from the xattr.
2009 *
2010 * No xattr support means, alas, no SMACK label.
2011 * Use the aforeapplied default.
2012 * It would be curious if the label of the task
2013 * does not match that assigned.
2014 */
2017 /*
2018 * Get the dentry for xattr.
2019 */
2028 }
2036 }
2040 else
2045 unlockandout:
2048 }
2050 /**
2051 * smack_getprocattr - Smack process attribute access
2052 * @p: the object task
2053 * @name: the name of the attribute in /proc/.../attr
2054 * @value: where to put the result
2055 *
2056 * Places a copy of the task Smack into value
2057 *
2058 * Returns the length of the smack label or an error code
2059 */
2061 {
2075 }
2077 /**
2078 * smack_setprocattr - Smack process attribute setting
2079 * @p: the object task
2080 * @name: the name of the attribute in /proc/.../attr
2081 * @value: the value to set
2082 * @size: the size of the value
2083 *
2084 * Sets the Smack value of the task. Only setting self
2085 * is permitted and only with privilege
2086 *
2087 * Returns the length of the smack label or an error code
2088 */
2091 {
2097 /*
2098 * Changing another process' Smack value is too dangerous
2099 * and supports no sane use case.
2100 */
2116 }
2118 /**
2119 * smack_unix_stream_connect - Smack access on UDS
2120 * @sock: one socket
2121 * @other: the other socket
2122 * @newsk: unused
2123 *
2124 * Return 0 if a subject with the smack of sock could access
2125 * an object with the smack of other, otherwise an error code
2126 */
2129 {
2134 }
2136 /**
2137 * smack_unix_may_send - Smack access on UDS
2138 * @sock: one socket
2139 * @other: the other socket
2140 *
2141 * Return 0 if a subject with the smack of sock could access
2142 * an object with the smack of other, otherwise an error code
2143 */
2145 {
2150 }
2152 /**
2153 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat
2154 * pair to smack
2155 * @sap: netlabel secattr
2156 * @sip: where to put the result
2157 *
2158 * Copies a smack label into sip
2159 */
2161 {
2166 /*
2167 * If there are flags but no level netlabel isn't
2168 * behaving the way we expect it to.
2169 *
2170 * Without guidance regarding the smack value
2171 * for the packet fall back on the network
2172 * ambient value.
2173 */
2176 }
2177 /*
2178 * Get the categories, if any
2179 */
2188 }
2189 /*
2190 * If it is CIPSO using smack direct mapping
2191 * we are already done. WeeHee.
2192 */
2196 }
2197 /*
2198 * Look it up in the supplied table if it is not a direct mapping.
2199 */
2202 }
2204 /**
2205 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2206 * @sk: socket
2207 * @skb: packet
2208 *
2209 * Returns 0 if the packet should be delivered, an error code otherwise
2210 */
2212 {
2221 /*
2222 * Translate what netlabel gave us.
2223 */
2229 else
2232 /*
2233 * Receiving a packet requires that the other end
2234 * be able to write here. Read access is not required.
2235 * This is the simplist possible security model
2236 * for networking.
2237 */
2239 }
2241 /**
2242 * smack_socket_getpeersec_stream - pull in packet label
2243 * @sock: the socket
2244 * @optval: user's destination
2245 * @optlen: size thereof
2246 * @len: max thereoe
2247 *
2248 * returns zero on success, an error code otherwise
2249 */
2253 {
2270 }
2273 /**
2274 * smack_socket_getpeersec_dgram - pull in packet label
2275 * @sock: the socket
2276 * @skb: packet data
2277 * @secid: pointer to where to put the secid of the packet
2278 *
2279 * Sets the netlabel socket state on sk from parent
2280 */
2284 {
2289 u32 s;
2292 /*
2293 * Only works for families with packets.
2294 */
2300 }
2301 /*
2302 * Translate what netlabel gave us.
2303 */
2311 /*
2312 * Give up if we couldn't get anything
2313 */
2323 }
2325 /**
2326 * smack_sock_graft - graft access state between two sockets
2327 * @sk: fresh sock
2328 * @parent: donor socket
2329 *
2330 * Sets the netlabel socket state on sk from parent
2331 */
2333 {
2350 =======
2355 }
2357 /**
2358 * smack_inet_conn_request - Smack access check on connect
2359 * @sk: socket involved
2360 * @skb: packet
2361 * @req: unused
2362 *
2363 * Returns 0 if a task with the packet label could write to
2364 * the socket, otherwise an error code
2365 */
2368 {
2382 else
2385 /*
2386 * Receiving a packet requires that the other end
2387 * be able to write here. Read access is not required.
2388 *
2389 * If the request is successful save the peer's label
2390 * so that SO_PEERCRED can report it.
2391 */
2397 }
2399 /*
2400 * Key management security hooks
2401 *
2402 * Casey has not tested key support very heavily.
2403 * The permission check is most likely too restrictive.
2404 * If you care about keys please have a look.
2405 */
2406 #ifdef CONFIG_KEYS
2408 /**
2409 * smack_key_alloc - Set the key security blob
2410 * @key: object
2411 * @tsk: the task associated with the key
2412 * @flags: unused
2413 *
2414 * No allocation required
2415 *
2416 * Returns 0
2417 */
2420 {
2423 }
2425 /**
2426 * smack_key_free - Clear the key security blob
2427 * @key: the object
2428 *
2429 * Clear the blob pointer
2430 */
2432 {
2434 }
2436 /*
2437 * smack_key_permission - Smack access on a key
2438 * @key_ref: gets to the object
2439 * @context: task involved
2440 * @perm: unused
2441 *
2442 * Return 0 if the task has read and write to the object,
2443 * an error code otherwise
2444 */
2447 {
2453 /*
2454 * If the key hasn't been initialized give it access so that
2455 * it may do so.
2456 */
2459 /*
2460 * This should not occur
2461 */
2466 }
2469 /*
2470 * smack_secid_to_secctx - return the smack label for a secid
2471 * @secid: incoming integer
2472 * @secdata: destination
2473 * @seclen: how long it is
2474 *
2475 * Exists for networking code.
2476 */
2478 {
2484 }
2486 /*
2487 <<<<<<< HEAD:security/smack/smack_lsm.c
2488 =======
2489 * smack_secctx_to_secid - return the secid for a smack label
2490 * @secdata: smack label
2491 * @seclen: how long result is
2492 * @secid: outgoing integer
2493 *
2494 * Exists for audit and networking code.
2495 */
2497 {
2500 }
2502 /*
2503 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:security/smack/smack_lsm.c
2504 * smack_release_secctx - don't do anything.
2505 * @key_ref: unused
2506 * @context: unused
2507 * @perm: unused
2508 *
2509 * Exists to make sure nothing gets done, and properly
2510 */
2512 {
2513 }
2552 =======
2616 =======
2636 /* key management security hooks */
2637 #ifdef CONFIG_KEYS
2644 =======
2648 };
2650 /**
2651 * smack_init - initialize the smack system
2652 *
2653 * Returns 0
2654 */
2656 {
2659 /*
2660 * Set the security state for the initial task.
2661 */
2664 /*
2665 * Initialize locks
2666 */
2674 /*
2675 * Register with LSM
2676 */
2681 }
2683 /*
2684 * Smack requires early initialization in order to label
2685 * all processes and objects when they are created.
2686 */