// SPDX-License-Identifier: GPL-2.0-only

  /*
   *  Simplified MAC Kernel (smack) security module
   *
   *  This file contains the smack hook function implementations.
   *

   *  Authors:

   *	Casey Schaufler <casey@schaufler-ca.com>

   *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>

   *
   *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>

   *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

   *                Paul Moore <paul@paul-moore.com>

   *  Copyright (C) 2010 Nokia Corporation

   *  Copyright (C) 2011 Intel Corporation.

   */
  
  #include <linux/xattr.h>
  #include <linux/pagemap.h>
  #include <linux/mount.h>
  #include <linux/stat.h>

  #include <linux/kd.h>
  #include <asm/ioctls.h>

  #include <linux/ip.h>

  #include <linux/tcp.h>
  #include <linux/udp.h>

  #include <linux/dccp.h>

  #include <linux/icmpv6.h>

  #include <linux/slab.h>

  #include <linux/mutex.h>

  #include <net/cipso_ipv4.h>

  #include <net/ip.h>
  #include <net/ipv6.h>

  #include <linux/audit.h>

  #include <linux/magic.h>

  #include <linux/dcache.h>

  #include <linux/personality.h>

  #include <linux/msg.h>
  #include <linux/shm.h>
  #include <linux/binfmts.h>

  #include <linux/parser.h>

  #include <linux/fs_context.h>
  #include <linux/fs_parser.h>

  #include <linux/watch_queue.h>

  #include "smack.h"

  #define TRANS_TRUE	"TRUE"
  #define TRANS_TRUE_SIZE	4

  #define SMK_CONNECTING	0
  #define SMK_RECEIVING	1
  #define SMK_SENDING	2

  static DEFINE_MUTEX(smack_ipv6_lock);

  static LIST_HEAD(smk_ipv6_port_list);

  struct kmem_cache *smack_rule_cache;

  int smack_enabled;

  #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
  static struct {
  	const char *name;
  	int len;
  	int opt;
  } smk_mount_opts[] = {

  	{"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},

  	A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)

  };

  #undef A
  
  static int match_opt_prefix(char *s, int l, char **arg)
  {
  	int i;
  
  	for (i = 0; i < ARRAY_SIZE(smk_mount_opts); i++) {
  		size_t len = smk_mount_opts[i].len;
  		if (len > l || memcmp(s, smk_mount_opts[i].name, len))
  			continue;
  		if (len == l || s[len] != '=')
  			continue;
  		*arg = s + len + 1;
  		return smk_mount_opts[i].opt;
  	}
  	return Opt_error;
  }

  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static char *smk_bu_mess[] = {
  	"Bringup Error",	/* Unused */
  	"Bringup",		/* SMACK_BRINGUP_ALLOW */
  	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
  	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
  };

  static void smk_bu_mode(int mode, char *s)
  {
  	int i = 0;
  
  	if (mode & MAY_READ)
  		s[i++] = 'r';
  	if (mode & MAY_WRITE)
  		s[i++] = 'w';
  	if (mode & MAY_EXEC)
  		s[i++] = 'x';
  	if (mode & MAY_APPEND)
  		s[i++] = 'a';
  	if (mode & MAY_TRANSMUTE)
  		s[i++] = 't';
  	if (mode & MAY_LOCK)
  		s[i++] = 'l';
  	if (i == 0)
  		s[i++] = '-';
  	s[i] = '\0';
  }
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP

  static int smk_bu_note(char *note, struct smack_known *sskp,
  		       struct smack_known *oskp, int mode, int rc)

  {
  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, oskp->smk_known, acc, note);

  	return 0;
  }
  #else

  #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)

  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP

  static int smk_bu_current(char *note, struct smack_known *oskp,
  			  int mode, int rc)

  {

  	struct task_smack *tsp = smack_cred(current_cred());

  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s %s
  ", smk_bu_mess[rc],

  		tsp->smk_task->smk_known, oskp->smk_known,
  		acc, current->comm, note);

  	return 0;
  }
  #else

  #define smk_bu_current(note, oskp, mode, RC) (RC)

  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_task(struct task_struct *otp, int mode, int rc)
  {

  	struct task_smack *tsp = smack_cred(current_cred());

  	struct smack_known *smk_task = smk_of_task_struct(otp);

  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s to %s
  ", smk_bu_mess[rc],

  		tsp->smk_task->smk_known, smk_task->smk_known, acc,

  		current->comm, otp->comm);
  	return 0;
  }
  #else
  #define smk_bu_task(otp, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_inode(struct inode *inode, int mode, int rc)
  {

  	struct task_smack *tsp = smack_cred(current_cred());

  	struct inode_smack *isp = smack_inode(inode);

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;
  	if (rc == SMACK_UNCONFINED_SUBJECT &&
  	    (mode & (MAY_WRITE | MAY_APPEND)))
  		isp->smk_flags |= SMK_INODE_IMPURE;

  
  	smk_bu_mode(mode, acc);

  
  	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s
  ", smk_bu_mess[rc],
  		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, current->comm);
  	return 0;
  }
  #else
  #define smk_bu_inode(inode, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_file(struct file *file, int mode, int rc)
  {

  	struct task_smack *tsp = smack_cred(current_cred());

  	struct smack_known *sskp = tsp->smk_task;

  	struct inode *inode = file_inode(file);

  	struct inode_smack *isp = smack_inode(inode);

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, file,

  		current->comm);
  	return 0;
  }
  #else
  #define smk_bu_file(file, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_credfile(const struct cred *cred, struct file *file,
  				int mode, int rc)
  {

  	struct task_smack *tsp = smack_cred(cred);

  	struct smack_known *sskp = tsp->smk_task;

  	struct inode *inode = file_inode(file);

  	struct inode_smack *isp = smack_inode(inode);

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, file,

  		current->comm);
  	return 0;
  }
  #else
  #define smk_bu_credfile(cred, file, mode, RC) (RC)
  #endif

  /**
   * smk_fetch - Fetch the smack label from a file.

   * @name: type of the label (attribute)

   * @ip: a pointer to the inode
   * @dp: a pointer to the dentry
   *

   * Returns a pointer to the master list entry for the Smack label,
   * NULL if there was no label to fetch, or an error code.

   */

  static struct smack_known *smk_fetch(const char *name, struct inode *ip,
  					struct dentry *dp)

  {
  	int rc;

  	char *buffer;

  	struct smack_known *skp = NULL;

  	if (!(ip->i_opflags & IOP_XATTR))

  		return ERR_PTR(-EOPNOTSUPP);

  	buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);

  	if (buffer == NULL)

  		return ERR_PTR(-ENOMEM);

  	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL,
  			    XATTR_NOSECURITY);

  	if (rc < 0)
  		skp = ERR_PTR(rc);
  	else if (rc == 0)
  		skp = NULL;
  	else

  		skp = smk_import_entry(buffer, rc);

  
  	kfree(buffer);

  	return skp;

  }
  
  /**

   * init_inode_smack - initialize an inode security blob

   * @inode: inode to extract the info from

   * @skp: a pointer to the Smack label entry to use in the blob

   *

   */

  static void init_inode_smack(struct inode *inode, struct smack_known *skp)

  {

  	struct inode_smack *isp = smack_inode(inode);

  	isp->smk_inode = skp;

  	isp->smk_flags = 0;

  }

  /**

   * init_task_smack - initialize a task security blob
   * @tsp: blob to initialize

   * @task: a pointer to the Smack label for the running task
   * @forked: a pointer to the Smack label for the forked task

   *

   */

  static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
  					struct smack_known *forked)

  {

  	tsp->smk_task = task;
  	tsp->smk_forked = forked;
  	INIT_LIST_HEAD(&tsp->smk_rules);

  	INIT_LIST_HEAD(&tsp->smk_relabel);

  	mutex_init(&tsp->smk_rules_lock);

  }
  
  /**
   * smk_copy_rules - copy a rule set

   * @nhead: new rules header pointer
   * @ohead: old rules header pointer
   * @gfp: type of the memory for the allocation

   *
   * Returns 0 on success, -ENOMEM on error
   */
  static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
  				gfp_t gfp)
  {
  	struct smack_rule *nrp;
  	struct smack_rule *orp;
  	int rc = 0;

  	list_for_each_entry_rcu(orp, ohead, list) {

  		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);

  		if (nrp == NULL) {
  			rc = -ENOMEM;
  			break;
  		}
  		*nrp = *orp;
  		list_add_rcu(&nrp->list, nhead);
  	}
  	return rc;
  }

  /**

   * smk_copy_relabel - copy smk_relabel labels list
   * @nhead: new rules header pointer
   * @ohead: old rules header pointer
   * @gfp: type of the memory for the allocation
   *
   * Returns 0 on success, -ENOMEM on error
   */
  static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
  				gfp_t gfp)
  {
  	struct smack_known_list_elem *nklep;
  	struct smack_known_list_elem *oklep;

  	list_for_each_entry(oklep, ohead, list) {
  		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
  		if (nklep == NULL) {
  			smk_destroy_label_list(nhead);
  			return -ENOMEM;
  		}
  		nklep->smk_label = oklep->smk_label;
  		list_add(&nklep->list, nhead);
  	}
  
  	return 0;
  }
  
  /**

   * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
   * @mode - input mode in form of PTRACE_MODE_*
   *
   * Returns a converted MAY_* mode usable by smack rules
   */
  static inline unsigned int smk_ptrace_mode(unsigned int mode)
  {

  	if (mode & PTRACE_MODE_ATTACH)

  		return MAY_READWRITE;

  	if (mode & PTRACE_MODE_READ)
  		return MAY_READ;

  
  	return 0;
  }
  
  /**
   * smk_ptrace_rule_check - helper for ptrace access
   * @tracer: tracer process

   * @tracee_known: label entry of the process that's about to be traced

   * @mode: ptrace attachment mode (PTRACE_MODE_*)
   * @func: name of the function that called us, used for audit
   *
   * Returns 0 on access granted, -error on error
   */

  static int smk_ptrace_rule_check(struct task_struct *tracer,
  				 struct smack_known *tracee_known,

  				 unsigned int mode, const char *func)
  {
  	int rc;
  	struct smk_audit_info ad, *saip = NULL;
  	struct task_smack *tsp;

  	struct smack_known *tracer_known;

  	const struct cred *tracercred;

  
  	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
  		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
  		smk_ad_setfield_u_tsk(&ad, tracer);
  		saip = &ad;
  	}

  	rcu_read_lock();

  	tracercred = __task_cred(tracer);

  	tsp = smack_cred(tracercred);

  	tracer_known = smk_of_task(tsp);

  	if ((mode & PTRACE_MODE_ATTACH) &&
  	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
  	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {

  		if (tracer_known->smk_known == tracee_known->smk_known)

  			rc = 0;
  		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
  			rc = -EACCES;

  		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))

  			rc = 0;
  		else
  			rc = -EACCES;
  
  		if (saip)

  			smack_log(tracer_known->smk_known,
  				  tracee_known->smk_known,
  				  0, rc, saip);

  		rcu_read_unlock();

  		return rc;
  	}
  
  	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */

  	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);

  
  	rcu_read_unlock();

  	return rc;
  }

  /*
   * LSM hooks.
   * We he, that is fun!
   */
  
  /**

   * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH

   * @ctp: child task pointer

   * @mode: ptrace attachment mode (PTRACE_MODE_*)

   *
   * Returns 0 if access is OK, an error code otherwise
   *

   * Do the capability checks.

   */

  static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)

  {

  	struct smack_known *skp;

  	skp = smk_of_task_struct(ctp);

  	return smk_ptrace_rule_check(current, skp, mode, __func__);

  }
  
  /**
   * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
   * @ptp: parent task pointer
   *
   * Returns 0 if access is OK, an error code otherwise
   *

   * Do the capability checks, and require PTRACE_MODE_ATTACH.

   */
  static int smack_ptrace_traceme(struct task_struct *ptp)
  {
  	int rc;

  	struct smack_known *skp;

  	skp = smk_of_task(smack_cred(current_cred()));

  	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);

  	return rc;
  }
  
  /**
   * smack_syslog - Smack approval on syslog

   * @typefrom_file: unused

   *

   * Returns 0 on success, error code otherwise.
   */

  static int smack_syslog(int typefrom_file)

  {

  	int rc = 0;

  	struct smack_known *skp = smk_of_current();

  	if (smack_privileged(CAP_MAC_OVERRIDE))

  		return 0;

  	if (smack_syslog_label != NULL && smack_syslog_label != skp)

  		rc = -EACCES;
  
  	return rc;
  }

  /*
   * Superblock Hooks.
   */
  
  /**
   * smack_sb_alloc_security - allocate a superblock blob
   * @sb: the superblock getting the blob
   *
   * Returns 0 on success or -ENOMEM on error.
   */
  static int smack_sb_alloc_security(struct super_block *sb)
  {
  	struct superblock_smack *sbsp;
  
  	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
  
  	if (sbsp == NULL)
  		return -ENOMEM;

  	sbsp->smk_root = &smack_known_floor;
  	sbsp->smk_default = &smack_known_floor;
  	sbsp->smk_floor = &smack_known_floor;
  	sbsp->smk_hat = &smack_known_hat;

  	/*

  	 * SMK_SB_INITIALIZED will be zero from kzalloc.

  	 */

  	sb->s_security = sbsp;
  
  	return 0;
  }
  
  /**
   * smack_sb_free_security - free a superblock blob
   * @sb: the superblock getting the blob
   *
   */
  static void smack_sb_free_security(struct super_block *sb)
  {
  	kfree(sb->s_security);
  	sb->s_security = NULL;
  }

  struct smack_mnt_opts {
  	const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
  };

  static void smack_free_mnt_opts(void *mnt_opts)
  {

  	struct smack_mnt_opts *opts = mnt_opts;
  	kfree(opts->fsdefault);
  	kfree(opts->fsfloor);
  	kfree(opts->fshat);
  	kfree(opts->fsroot);
  	kfree(opts->fstransmute);

  	kfree(opts);
  }

  static int smack_add_opt(int token, const char *s, void **mnt_opts)
  {
  	struct smack_mnt_opts *opts = *mnt_opts;

  	if (!opts) {
  		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
  		if (!opts)
  			return -ENOMEM;
  		*mnt_opts = opts;

  	}

  	if (!s)
  		return -ENOMEM;

  	switch (token) {
  	case Opt_fsdefault:
  		if (opts->fsdefault)
  			goto out_opt_err;
  		opts->fsdefault = s;
  		break;
  	case Opt_fsfloor:
  		if (opts->fsfloor)
  			goto out_opt_err;
  		opts->fsfloor = s;
  		break;
  	case Opt_fshat:
  		if (opts->fshat)
  			goto out_opt_err;
  		opts->fshat = s;
  		break;
  	case Opt_fsroot:
  		if (opts->fsroot)
  			goto out_opt_err;
  		opts->fsroot = s;
  		break;
  	case Opt_fstransmute:
  		if (opts->fstransmute)
  			goto out_opt_err;
  		opts->fstransmute = s;
  		break;
  	}

  	return 0;

  
  out_opt_err:
  	pr_warn("Smack: duplicate mount options
  ");
  	return -EINVAL;

  }

  /**
   * smack_fs_context_dup - Duplicate the security data on fs_context duplication
   * @fc: The new filesystem context.
   * @src_fc: The source filesystem context being duplicated.
   *
   * Returns 0 on success or -ENOMEM on error.
   */
  static int smack_fs_context_dup(struct fs_context *fc,
  				struct fs_context *src_fc)
  {
  	struct smack_mnt_opts *dst, *src = src_fc->security;
  
  	if (!src)
  		return 0;
  
  	fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
  	if (!fc->security)
  		return -ENOMEM;
  	dst = fc->security;
  
  	if (src->fsdefault) {
  		dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
  		if (!dst->fsdefault)
  			return -ENOMEM;
  	}
  	if (src->fsfloor) {
  		dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
  		if (!dst->fsfloor)
  			return -ENOMEM;
  	}
  	if (src->fshat) {
  		dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
  		if (!dst->fshat)
  			return -ENOMEM;
  	}
  	if (src->fsroot) {
  		dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
  		if (!dst->fsroot)
  			return -ENOMEM;
  	}
  	if (src->fstransmute) {
  		dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
  		if (!dst->fstransmute)
  			return -ENOMEM;
  	}
  	return 0;
  }

  static const struct fs_parameter_spec smack_fs_parameters[] = {

  	fsparam_string("smackfsdef",		Opt_fsdefault),
  	fsparam_string("smackfsdefault",	Opt_fsdefault),
  	fsparam_string("smackfsfloor",		Opt_fsfloor),
  	fsparam_string("smackfshat",		Opt_fshat),
  	fsparam_string("smackfsroot",		Opt_fsroot),
  	fsparam_string("smackfstransmute",	Opt_fstransmute),

  	{}
  };

  /**
   * smack_fs_context_parse_param - Parse a single mount parameter
   * @fc: The new filesystem context being constructed.
   * @param: The parameter.
   *
   * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on
   * error.
   */
  static int smack_fs_context_parse_param(struct fs_context *fc,
  					struct fs_parameter *param)
  {
  	struct fs_parse_result result;
  	int opt, rc;

  	opt = fs_parse(fc, smack_fs_parameters, param, &result);

  	if (opt < 0)
  		return opt;
  
  	rc = smack_add_opt(opt, param->string, &fc->security);
  	if (!rc)
  		param->string = NULL;
  	return rc;
  }

  static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)

  {

  	char *from = options, *to = options;
  	bool first = true;

  	while (1) {
  		char *next = strchr(from, ',');
  		int token, len, rc;
  		char *arg = NULL;

  		if (next)
  			len = next - from;
  		else
  			len = strlen(from);

  		token = match_opt_prefix(from, len, &arg);

  		if (token != Opt_error) {
  			arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
  			rc = smack_add_opt(token, arg, mnt_opts);
  			if (unlikely(rc)) {
  				kfree(arg);
  				if (*mnt_opts)
  					smack_free_mnt_opts(*mnt_opts);
  				*mnt_opts = NULL;
  				return rc;
  			}
  		} else {
  			if (!first) {	// copy with preceding comma
  				from--;
  				len++;
  			}
  			if (to != from)
  				memmove(to, from, len);
  			to += len;
  			first = false;

  		}

  		if (!from[len])
  			break;
  		from += len + 1;

  	}

  	*to = '\0';

  	return 0;

  }
  
  /**
   * smack_set_mnt_opts - set Smack specific mount options

   * @sb: the file system superblock

   * @mnt_opts: Smack mount options

   * @kern_flags: mount option from kernel space or user space
   * @set_kern_flags: where to store converted mount opts

   *
   * Returns 0 on success, an error code on failure

   *
   * Allow filesystems with binary mount data to explicitly set Smack mount
   * labels.

   */

  static int smack_set_mnt_opts(struct super_block *sb,

  		void *mnt_opts,

  		unsigned long kern_flags,
  		unsigned long *set_kern_flags)

  {
  	struct dentry *root = sb->s_root;

  	struct inode *inode = d_backing_inode(root);

  	struct superblock_smack *sp = sb->s_security;
  	struct inode_smack *isp;

  	struct smack_known *skp;

  	struct smack_mnt_opts *opts = mnt_opts;
  	bool transmute = false;

  	if (sp->smk_flags & SMK_SB_INITIALIZED)

  		return 0;

  	if (inode->i_security == NULL) {
  		int rc = lsm_inode_alloc(inode);
  
  		if (rc)
  			return rc;
  	}

  	if (!smack_privileged(CAP_MAC_ADMIN)) {
  		/*
  		 * Unprivileged mounts don't get to specify Smack values.
  		 */

  		if (opts)

  			return -EPERM;
  		/*
  		 * Unprivileged mounts get root and default from the caller.
  		 */
  		skp = smk_of_current();
  		sp->smk_root = skp;
  		sp->smk_default = skp;
  		/*
  		 * For a handful of fs types with no user-controlled
  		 * backing store it's okay to trust security labels
  		 * in the filesystem. The rest are untrusted.
  		 */
  		if (sb->s_user_ns != &init_user_ns &&
  		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
  		    sb->s_magic != RAMFS_MAGIC) {

  			transmute = true;

  			sp->smk_flags |= SMK_SB_UNTRUSTED;
  		}
  	}

  	sp->smk_flags |= SMK_SB_INITIALIZED;

  	if (opts) {
  		if (opts->fsdefault) {
  			skp = smk_import_entry(opts->fsdefault, 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);

  			sp->smk_default = skp;

  		}
  		if (opts->fsfloor) {
  			skp = smk_import_entry(opts->fsfloor, 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_floor = skp;

  		}
  		if (opts->fshat) {
  			skp = smk_import_entry(opts->fshat, 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);

  			sp->smk_hat = skp;

  		}
  		if (opts->fsroot) {
  			skp = smk_import_entry(opts->fsroot, 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_root = skp;

  		}
  		if (opts->fstransmute) {
  			skp = smk_import_entry(opts->fstransmute, 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_root = skp;

  			transmute = true;

  		}
  	}
  
  	/*
  	 * Initialize the root inode.
  	 */

  	init_inode_smack(inode, sp->smk_root);

  	if (transmute) {
  		isp = smack_inode(inode);

  		isp->smk_flags |= SMK_INODE_TRANSMUTE;

  	}

  	return 0;
  }
  
  /**
   * smack_sb_statfs - Smack check on statfs
   * @dentry: identifies the file system in question
   *
   * Returns 0 if current can read the floor of the filesystem,
   * and error code otherwise
   */
  static int smack_sb_statfs(struct dentry *dentry)
  {
  	struct superblock_smack *sbp = dentry->d_sb->s_security;

  	int rc;
  	struct smk_audit_info ad;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);

  	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);

  	return rc;

  }

  /*

   * BPRM hooks
   */

  /**

   * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec

   * @bprm: the exec information
   *

   * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise

   */

  static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)

  {

  	struct inode *inode = file_inode(bprm->file);

  	struct task_smack *bsp = smack_cred(bprm->cred);

  	struct inode_smack *isp;

  	struct superblock_smack *sbsp;

  	int rc;

  	isp = smack_inode(inode);

  	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)

  		return 0;

  	sbsp = inode->i_sb->s_security;
  	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
  	    isp->smk_task != sbsp->smk_root)
  		return 0;

  	if (bprm->unsafe & LSM_UNSAFE_PTRACE) {

  		struct task_struct *tracer;
  		rc = 0;
  
  		rcu_read_lock();
  		tracer = ptrace_parent(current);
  		if (likely(tracer != NULL))
  			rc = smk_ptrace_rule_check(tracer,

  						   isp->smk_task,

  						   PTRACE_MODE_ATTACH,
  						   __func__);
  		rcu_read_unlock();
  
  		if (rc != 0)
  			return rc;

  	}
  	if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)

  		return -EPERM;

  	bsp->smk_task = isp->smk_task;
  	bprm->per_clear |= PER_CLEAR_ON_SETID;

  	/* Decide if this is a secure exec. */
  	if (bsp->smk_task != bsp->smk_forked)
  		bprm->secureexec = 1;

  	return 0;
  }

  /*

   * Inode hooks
   */
  
  /**
   * smack_inode_alloc_security - allocate an inode blob

   * @inode: the inode in need of a blob

   *

   * Returns 0

   */
  static int smack_inode_alloc_security(struct inode *inode)
  {

  	struct smack_known *skp = smk_of_current();

  	init_inode_smack(inode, skp);

  	return 0;
  }
  
  /**

   * smack_inode_init_security - copy out the smack from an inode

   * @inode: the newly created inode
   * @dir: containing directory object

   * @qstr: unused

   * @name: where to put the attribute name
   * @value: where to put the attribute value
   * @len: where to put the length of the attribute
   *
   * Returns 0 if it all works out, -ENOMEM if there's no memory
   */
  static int smack_inode_init_security(struct inode *inode, struct inode *dir,

  				     const struct qstr *qstr, const char **name,

  				     void **value, size_t *len)

  {

  	struct inode_smack *issp = smack_inode(inode);

  	struct smack_known *skp = smk_of_current();

  	struct smack_known *isp = smk_of_inode(inode);
  	struct smack_known *dsp = smk_of_inode(dir);

  	int may;

  	if (name)
  		*name = XATTR_SMACK_SUFFIX;

  	if (value && len) {

  		rcu_read_lock();

  		may = smk_access_entry(skp->smk_known, dsp->smk_known,
  				       &skp->smk_rules);

  		rcu_read_unlock();

  
  		/*
  		 * If the access rule allows transmutation and
  		 * the directory requests transmutation then
  		 * by all means transmute.

  		 * Mark the inode as changed.

  		 */

  		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&

  		    smk_inode_transmutable(dir)) {

  			isp = dsp;

  			issp->smk_flags |= SMK_INODE_CHANGED;
  		}

  		*value = kstrdup(isp->smk_known, GFP_NOFS);

  		if (*value == NULL)
  			return -ENOMEM;

  		*len = strlen(isp->smk_known);

  	}

  
  	return 0;
  }
  
  /**
   * smack_inode_link - Smack check on link
   * @old_dentry: the existing object
   * @dir: unused
   * @new_dentry: the new object
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
  			    struct dentry *new_dentry)
  {

  	struct smack_known *isp;

  	struct smk_audit_info ad;
  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);

  	isp = smk_of_inode(d_backing_inode(old_dentry));

  	rc = smk_curacc(isp, MAY_WRITE, &ad);

  	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);

  	if (rc == 0 && d_is_positive(new_dentry)) {

  		isp = smk_of_inode(d_backing_inode(new_dentry));

  		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  		rc = smk_curacc(isp, MAY_WRITE, &ad);

  		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);

  	}
  
  	return rc;
  }
  
  /**
   * smack_inode_unlink - Smack check on inode deletion
   * @dir: containing directory object
   * @dentry: file to unlink
   *
   * Returns 0 if current can write the containing directory
   * and the object, error code otherwise
   */
  static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
  {

  	struct inode *ip = d_backing_inode(dentry);

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	/*
  	 * You need write access to the thing you're unlinking
  	 */

  	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);

  	rc = smk_bu_inode(ip, MAY_WRITE, rc);

  	if (rc == 0) {

  		/*
  		 * You also need write access to the containing directory
  		 */

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  		smk_ad_setfield_u_fs_inode(&ad, dir);
  		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);

  		rc = smk_bu_inode(dir, MAY_WRITE, rc);

  	}

  	return rc;
  }
  
  /**
   * smack_inode_rmdir - Smack check on directory deletion
   * @dir: containing directory object
   * @dentry: directory to unlink
   *
   * Returns 0 if current can write the containing directory
   * and the directory, error code otherwise
   */
  static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
  {

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	/*
  	 * You need write access to the thing you're removing
  	 */

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	if (rc == 0) {

  		/*
  		 * You also need write access to the containing directory
  		 */

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  		smk_ad_setfield_u_fs_inode(&ad, dir);
  		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);

  		rc = smk_bu_inode(dir, MAY_WRITE, rc);

  	}

  
  	return rc;
  }
  
  /**
   * smack_inode_rename - Smack check on rename

   * @old_inode: unused
   * @old_dentry: the old object
   * @new_inode: unused
   * @new_dentry: the new object

   *
   * Read and write access is required on both the old and
   * new directories.
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_rename(struct inode *old_inode,
  			      struct dentry *old_dentry,
  			      struct inode *new_inode,
  			      struct dentry *new_dentry)
  {
  	int rc;

  	struct smack_known *isp;

  	struct smk_audit_info ad;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);

  	isp = smk_of_inode(d_backing_inode(old_dentry));

  	rc = smk_curacc(isp, MAY_READWRITE, &ad);

  	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);

  	if (rc == 0 && d_is_positive(new_dentry)) {

  		isp = smk_of_inode(d_backing_inode(new_dentry));

  		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  		rc = smk_curacc(isp, MAY_READWRITE, &ad);

  		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);

  	}

  	return rc;
  }
  
  /**
   * smack_inode_permission - Smack version of permission()
   * @inode: the inode in question
   * @mask: the access requested

   *
   * This is the important Smack hook.
   *

   * Returns 0 if access is permitted, an error code otherwise

   */

  static int smack_inode_permission(struct inode *inode, int mask)

  {

  	struct superblock_smack *sbsp = inode->i_sb->s_security;

  	struct smk_audit_info ad;

  	int no_block = mask & MAY_NOT_BLOCK;

  	int rc;

  
  	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);

  	/*
  	 * No permission to check. Existence test. Yup, it's there.
  	 */
  	if (mask == 0)
  		return 0;

  	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
  		if (smk_of_inode(inode) != sbsp->smk_root)
  			return -EACCES;
  	}

  	/* May be droppable after audit */

  	if (no_block)

  		return -ECHILD;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  	smk_ad_setfield_u_fs_inode(&ad, inode);

  	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
  	rc = smk_bu_inode(inode, mask, rc);
  	return rc;

  }
  
  /**
   * smack_inode_setattr - Smack check for setting attributes
   * @dentry: the object
   * @iattr: for the force flag
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
  {

  	struct smk_audit_info ad;

  	int rc;

  	/*
  	 * Need to allow for clearing the setuid bit.
  	 */
  	if (iattr->ia_valid & ATTR_FORCE)
  		return 0;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	return rc;

  }
  
  /**
   * smack_inode_getattr - Smack check for getting attributes

   * @path: path to extract the info from

   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_getattr(const struct path *path)

  {

  	struct smk_audit_info ad;

  	struct inode *inode = d_backing_inode(path->dentry);

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);

  	smk_ad_setfield_u_fs_path(&ad, *path);
  	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
  	rc = smk_bu_inode(inode, MAY_READ, rc);

  	return rc;

  }
  
  /**
   * smack_inode_setxattr - Smack check for setting xattrs
   * @dentry: the object
   * @name: name of the attribute

   * @value: value of the attribute
   * @size: size of the value

   * @flags: unused
   *
   * This protects the Smack attribute explicitly.
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_setxattr(struct dentry *dentry, const char *name,
  				const void *value, size_t size, int flags)

  {

  	struct smk_audit_info ad;

  	struct smack_known *skp;
  	int check_priv = 0;
  	int check_import = 0;
  	int check_star = 0;

  	int rc = 0;

  	/*
  	 * Check label validity here so import won't fail in post_setxattr
  	 */

  	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
  		check_priv = 1;
  		check_import = 1;
  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
  		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
  		check_priv = 1;
  		check_import = 1;
  		check_star = 1;

  	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {

  		check_priv = 1;

  		if (size != TRANS_TRUE_SIZE ||
  		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
  			rc = -EINVAL;

  	} else
  		rc = cap_inode_setxattr(dentry, name, value, size, flags);

  	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
  		rc = -EPERM;
  
  	if (rc == 0 && check_import) {

  		skp = size ? smk_import_entry(value, size) : NULL;

  		if (IS_ERR(skp))
  			rc = PTR_ERR(skp);
  		else if (skp == NULL || (check_star &&

  		    (skp == &smack_known_star || skp == &smack_known_web)))
  			rc = -EINVAL;
  	}

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	if (rc == 0) {

  		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	}

  
  	return rc;

  }
  
  /**
   * smack_inode_post_setxattr - Apply the Smack update approved above
   * @dentry: object
   * @name: attribute name
   * @value: attribute value
   * @size: attribute size
   * @flags: unused
   *
   * Set the pointer in the inode blob to the entry found
   * in the master label list.
   */

  static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
  				      const void *value, size_t size, int flags)

  {

  	struct smack_known *skp;

  	struct inode_smack *isp = smack_inode(d_backing_inode(dentry));

  	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
  		isp->smk_flags |= SMK_INODE_TRANSMUTE;
  		return;
  	}

  	if (strcmp(name, XATTR_NAME_SMACK) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_inode = skp;

  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_task = skp;

  	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_mmap = skp;

  	}

  
  	return;
  }

  /**

   * smack_inode_getxattr - Smack check on getxattr
   * @dentry: the object
   * @name: unused
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_getxattr(struct dentry *dentry, const char *name)

  {

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);

  	return rc;

  }

  /**

   * smack_inode_removexattr - Smack check on removexattr
   * @dentry: the object
   * @name: name of the attribute
   *
   * Removing the Smack attribute requires CAP_MAC_ADMIN
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_removexattr(struct dentry *dentry, const char *name)

  {

  	struct inode_smack *isp;

  	struct smk_audit_info ad;

  	int rc = 0;

  	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {

  		if (!smack_privileged(CAP_MAC_ADMIN))

  			rc = -EPERM;
  	} else
  		rc = cap_inode_removexattr(dentry, name);

  	if (rc != 0)
  		return rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	if (rc != 0)
  		return rc;

  	isp = smack_inode(d_backing_inode(dentry));

  	/*
  	 * Don't do anything special for these.
  	 *	XATTR_NAME_SMACKIPIN
  	 *	XATTR_NAME_SMACKIPOUT

  	 */

  	if (strcmp(name, XATTR_NAME_SMACK) == 0) {

  		struct super_block *sbp = dentry->d_sb;

  		struct superblock_smack *sbsp = sbp->s_security;
  
  		isp->smk_inode = sbsp->smk_default;
  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)

  		isp->smk_task = NULL;

  	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)

  		isp->smk_mmap = NULL;

  	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
  		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;

  	return 0;

  }
  
  /**
   * smack_inode_getsecurity - get smack xattrs
   * @inode: the object
   * @name: attribute name
   * @buffer: where to put the result

   * @alloc: duplicate memory

   *
   * Returns the size of the attribute or an error code
   */

  static int smack_inode_getsecurity(struct inode *inode,

  				   const char *name, void **buffer,
  				   bool alloc)
  {
  	struct socket_smack *ssp;
  	struct socket *sock;
  	struct super_block *sbp;
  	struct inode *ip = (struct inode *)inode;

  	struct smack_known *isp;

  	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)

  		isp = smk_of_inode(inode);

  	else {
  		/*
  		 * The rest of the Smack xattrs are only on sockets.
  		 */
  		sbp = ip->i_sb;
  		if (sbp->s_magic != SOCKFS_MAGIC)
  			return -EOPNOTSUPP;

  		sock = SOCKET_I(ip);
  		if (sock == NULL || sock->sk == NULL)
  			return -EOPNOTSUPP;

  		ssp = sock->sk->sk_security;

  		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
  			isp = ssp->smk_in;
  		else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
  			isp = ssp->smk_out;
  		else
  			return -EOPNOTSUPP;
  	}

  	if (alloc) {
  		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
  		if (*buffer == NULL)
  			return -ENOMEM;

  	}

  	return strlen(isp->smk_known);

  }
  
  
  /**
   * smack_inode_listsecurity - list the Smack attributes
   * @inode: the object
   * @buffer: where they go
   * @buffer_size: size of buffer

   */
  static int smack_inode_listsecurity(struct inode *inode, char *buffer,
  				    size_t buffer_size)
  {

  	int len = sizeof(XATTR_NAME_SMACK);

  	if (buffer != NULL && len <= buffer_size)

  		memcpy(buffer, XATTR_NAME_SMACK, len);

  
  	return len;

  }

  /**
   * smack_inode_getsecid - Extract inode's security id
   * @inode: inode to extract the info from
   * @secid: where result will be saved
   */

  static void smack_inode_getsecid(struct inode *inode, u32 *secid)

  {

  	struct smack_known *skp = smk_of_inode(inode);

  	*secid = skp->smk_secid;

  }

  /*
   * File Hooks
   */

  /*
   * There is no smack_file_permission hook

   *
   * Should access checks be done on each read or write?
   * UNICOS and SELinux say yes.
   * Trusted Solaris, Trusted Irix, and just about everyone else says no.
   *
   * I'll say no for now. Smack does not do the frequent
   * label changing that SELinux does.
   */

  
  /**
   * smack_file_alloc_security - assign a file security blob
   * @file: the object
   *
   * The security blob for a file is a pointer to the master
   * label list, so no allocation is done.
   *

   * f_security is the owner security information. It
   * isn't used on file access checks, it's for send_sigio.
   *

   * Returns 0
   */
  static int smack_file_alloc_security(struct file *file)
  {

  	struct smack_known **blob = smack_file(file);

  	*blob = smk_of_current();

  	return 0;
  }
  
  /**

   * smack_file_ioctl - Smack check on ioctls
   * @file: the object
   * @cmd: what to do
   * @arg: unused
   *
   * Relies heavily on the correct use of the ioctl command conventions.
   *
   * Returns 0 if allowed, error code otherwise
   */
  static int smack_file_ioctl(struct file *file, unsigned int cmd,
  			    unsigned long arg)
  {
  	int rc = 0;

  	struct smk_audit_info ad;

  	struct inode *inode = file_inode(file);

  	if (unlikely(IS_PRIVATE(inode)))
  		return 0;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);

  	smk_ad_setfield_u_fs_path(&ad, file->f_path);

  	if (_IOC_DIR(cmd) & _IOC_WRITE) {

  		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);

  		rc = smk_bu_file(file, MAY_WRITE, rc);
  	}

  	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {

  		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);

  		rc = smk_bu_file(file, MAY_READ, rc);
  	}

  
  	return rc;
  }
  
  /**
   * smack_file_lock - Smack check on file locking
   * @file: the object

   * @cmd: unused

   *

   * Returns 0 if current has lock access, error code otherwise

   */
  static int smack_file_lock(struct file *file, unsigned int cmd)
  {

  	struct smk_audit_info ad;

  	int rc;

  	struct inode *inode = file_inode(file);

  	if (unlikely(IS_PRIVATE(inode)))
  		return 0;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  	smk_ad_setfield_u_fs_path(&ad, file->f_path);

  	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);

  	rc = smk_bu_file(file, MAY_LOCK, rc);
  	return rc;

  }
  
  /**
   * smack_file_fcntl - Smack check on fcntl
   * @file: the object
   * @cmd: what action to check
   * @arg: unused
   *

   * Generally these operations are harmless.
   * File locking operations present an obvious mechanism
   * for passing information, so they require write access.
   *

   * Returns 0 if current has access, error code otherwise
   */
  static int smack_file_fcntl(struct file *file, unsigned int cmd,
  			    unsigned long arg)
  {