/*
   *  Simplified MAC Kernel (smack) security module
   *
   *  This file contains the smack hook function implementations.
   *

   *  Authors:

   *	Casey Schaufler <casey@schaufler-ca.com>

   *	Jarkko Sakkinen <jarkko.sakkinen@intel.com>

   *
   *  Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>

   *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

   *                Paul Moore <paul@paul-moore.com>

   *  Copyright (C) 2010 Nokia Corporation

   *  Copyright (C) 2011 Intel Corporation.

   *
   *	This program is free software; you can redistribute it and/or modify
   *	it under the terms of the GNU General Public License version 2,
   *      as published by the Free Software Foundation.
   */
  
  #include <linux/xattr.h>
  #include <linux/pagemap.h>
  #include <linux/mount.h>
  #include <linux/stat.h>

  #include <linux/kd.h>
  #include <asm/ioctls.h>

  #include <linux/ip.h>

  #include <linux/tcp.h>
  #include <linux/udp.h>

  #include <linux/dccp.h>

  #include <linux/slab.h>

  #include <linux/mutex.h>
  #include <linux/pipe_fs_i.h>

  #include <net/cipso_ipv4.h>

  #include <net/ip.h>
  #include <net/ipv6.h>

  #include <linux/audit.h>

  #include <linux/magic.h>

  #include <linux/dcache.h>

  #include <linux/personality.h>

  #include <linux/msg.h>
  #include <linux/shm.h>
  #include <linux/binfmts.h>

  #include <linux/parser.h>

  #include "smack.h"

  #define TRANS_TRUE	"TRUE"
  #define TRANS_TRUE_SIZE	4

  #define SMK_CONNECTING	0
  #define SMK_RECEIVING	1
  #define SMK_SENDING	2

  #ifdef SMACK_IPV6_PORT_LABELING

  static LIST_HEAD(smk_ipv6_port_list);

  #endif

  static struct kmem_cache *smack_inode_cache;

  int smack_enabled;

  static const match_table_t smk_mount_tokens = {

  	{Opt_fsdefault, SMK_FSDEFAULT "%s"},
  	{Opt_fsfloor, SMK_FSFLOOR "%s"},
  	{Opt_fshat, SMK_FSHAT "%s"},
  	{Opt_fsroot, SMK_FSROOT "%s"},
  	{Opt_fstransmute, SMK_FSTRANS "%s"},
  	{Opt_error, NULL},
  };

  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static char *smk_bu_mess[] = {
  	"Bringup Error",	/* Unused */
  	"Bringup",		/* SMACK_BRINGUP_ALLOW */
  	"Unconfined Subject",	/* SMACK_UNCONFINED_SUBJECT */
  	"Unconfined Object",	/* SMACK_UNCONFINED_OBJECT */
  };

  static void smk_bu_mode(int mode, char *s)
  {
  	int i = 0;
  
  	if (mode & MAY_READ)
  		s[i++] = 'r';
  	if (mode & MAY_WRITE)
  		s[i++] = 'w';
  	if (mode & MAY_EXEC)
  		s[i++] = 'x';
  	if (mode & MAY_APPEND)
  		s[i++] = 'a';
  	if (mode & MAY_TRANSMUTE)
  		s[i++] = 't';
  	if (mode & MAY_LOCK)
  		s[i++] = 'l';
  	if (i == 0)
  		s[i++] = '-';
  	s[i] = '\0';
  }
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP

  static int smk_bu_note(char *note, struct smack_known *sskp,
  		       struct smack_known *oskp, int mode, int rc)

  {
  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, oskp->smk_known, acc, note);

  	return 0;
  }
  #else

  #define smk_bu_note(note, sskp, oskp, mode, RC) (RC)

  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP

  static int smk_bu_current(char *note, struct smack_known *oskp,
  			  int mode, int rc)

  {
  	struct task_smack *tsp = current_security();
  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s %s
  ", smk_bu_mess[rc],

  		tsp->smk_task->smk_known, oskp->smk_known,
  		acc, current->comm, note);

  	return 0;
  }
  #else

  #define smk_bu_current(note, oskp, mode, RC) (RC)

  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_task(struct task_struct *otp, int mode, int rc)
  {
  	struct task_smack *tsp = current_security();

  	struct smack_known *smk_task = smk_of_task_struct(otp);

  	char acc[SMK_NUM_ACCESS_TYPE + 1];
  
  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) %s to %s
  ", smk_bu_mess[rc],

  		tsp->smk_task->smk_known, smk_task->smk_known, acc,

  		current->comm, otp->comm);
  	return 0;
  }
  #else
  #define smk_bu_task(otp, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_inode(struct inode *inode, int mode, int rc)
  {
  	struct task_smack *tsp = current_security();

  	struct inode_smack *isp = inode->i_security;

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;
  	if (rc == SMACK_UNCONFINED_SUBJECT &&
  	    (mode & (MAY_WRITE | MAY_APPEND)))
  		isp->smk_flags |= SMK_INODE_IMPURE;

  
  	smk_bu_mode(mode, acc);

  
  	pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s
  ", smk_bu_mess[rc],
  		tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, current->comm);
  	return 0;
  }
  #else
  #define smk_bu_inode(inode, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_file(struct file *file, int mode, int rc)
  {
  	struct task_smack *tsp = current_security();
  	struct smack_known *sskp = tsp->smk_task;

  	struct inode *inode = file_inode(file);

  	struct inode_smack *isp = inode->i_security;

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, file,

  		current->comm);
  	return 0;
  }
  #else
  #define smk_bu_file(file, mode, RC) (RC)
  #endif
  
  #ifdef CONFIG_SECURITY_SMACK_BRINGUP
  static int smk_bu_credfile(const struct cred *cred, struct file *file,
  				int mode, int rc)
  {
  	struct task_smack *tsp = cred->security;
  	struct smack_known *sskp = tsp->smk_task;
  	struct inode *inode = file->f_inode;

  	struct inode_smack *isp = inode->i_security;

  	char acc[SMK_NUM_ACCESS_TYPE + 1];

  	if (isp->smk_flags & SMK_INODE_IMPURE)
  		pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s
  ",
  			inode->i_sb->s_id, inode->i_ino, current->comm);

  	if (rc <= 0)
  		return rc;

  	if (rc > SMACK_UNCONFINED_OBJECT)
  		rc = 0;

  
  	smk_bu_mode(mode, acc);

  	pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s
  ", smk_bu_mess[rc],

  		sskp->smk_known, smk_of_inode(inode)->smk_known, acc,

  		inode->i_sb->s_id, inode->i_ino, file,

  		current->comm);
  	return 0;
  }
  #else
  #define smk_bu_credfile(cred, file, mode, RC) (RC)
  #endif

  /**
   * smk_fetch - Fetch the smack label from a file.

   * @name: type of the label (attribute)

   * @ip: a pointer to the inode
   * @dp: a pointer to the dentry
   *

   * Returns a pointer to the master list entry for the Smack label,
   * NULL if there was no label to fetch, or an error code.

   */

  static struct smack_known *smk_fetch(const char *name, struct inode *ip,
  					struct dentry *dp)

  {
  	int rc;

  	char *buffer;

  	struct smack_known *skp = NULL;

  	if (!(ip->i_opflags & IOP_XATTR))

  		return ERR_PTR(-EOPNOTSUPP);

  	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
  	if (buffer == NULL)

  		return ERR_PTR(-ENOMEM);

  	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);

  	if (rc < 0)
  		skp = ERR_PTR(rc);
  	else if (rc == 0)
  		skp = NULL;
  	else

  		skp = smk_import_entry(buffer, rc);

  
  	kfree(buffer);

  	return skp;

  }
  
  /**
   * new_inode_smack - allocate an inode security blob

   * @skp: a pointer to the Smack label entry to use in the blob

   *
   * Returns the new blob or NULL if there's no memory available
   */

  static struct inode_smack *new_inode_smack(struct smack_known *skp)

  {
  	struct inode_smack *isp;

  	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);

  	if (isp == NULL)
  		return NULL;

  	isp->smk_inode = skp;

  	isp->smk_flags = 0;
  	mutex_init(&isp->smk_lock);
  
  	return isp;
  }

  /**
   * new_task_smack - allocate a task security blob

   * @task: a pointer to the Smack label for the running task
   * @forked: a pointer to the Smack label for the forked task
   * @gfp: type of the memory for the allocation

   *
   * Returns the new blob or NULL if there's no memory available
   */

  static struct task_smack *new_task_smack(struct smack_known *task,
  					struct smack_known *forked, gfp_t gfp)

  {
  	struct task_smack *tsp;
  
  	tsp = kzalloc(sizeof(struct task_smack), gfp);
  	if (tsp == NULL)
  		return NULL;
  
  	tsp->smk_task = task;
  	tsp->smk_forked = forked;
  	INIT_LIST_HEAD(&tsp->smk_rules);

  	INIT_LIST_HEAD(&tsp->smk_relabel);

  	mutex_init(&tsp->smk_rules_lock);
  
  	return tsp;
  }
  
  /**
   * smk_copy_rules - copy a rule set

   * @nhead: new rules header pointer
   * @ohead: old rules header pointer
   * @gfp: type of the memory for the allocation

   *
   * Returns 0 on success, -ENOMEM on error
   */
  static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
  				gfp_t gfp)
  {
  	struct smack_rule *nrp;
  	struct smack_rule *orp;
  	int rc = 0;
  
  	INIT_LIST_HEAD(nhead);
  
  	list_for_each_entry_rcu(orp, ohead, list) {
  		nrp = kzalloc(sizeof(struct smack_rule), gfp);
  		if (nrp == NULL) {
  			rc = -ENOMEM;
  			break;
  		}
  		*nrp = *orp;
  		list_add_rcu(&nrp->list, nhead);
  	}
  	return rc;
  }

  /**

   * smk_copy_relabel - copy smk_relabel labels list
   * @nhead: new rules header pointer
   * @ohead: old rules header pointer
   * @gfp: type of the memory for the allocation
   *
   * Returns 0 on success, -ENOMEM on error
   */
  static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
  				gfp_t gfp)
  {
  	struct smack_known_list_elem *nklep;
  	struct smack_known_list_elem *oklep;
  
  	INIT_LIST_HEAD(nhead);
  
  	list_for_each_entry(oklep, ohead, list) {
  		nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
  		if (nklep == NULL) {
  			smk_destroy_label_list(nhead);
  			return -ENOMEM;
  		}
  		nklep->smk_label = oklep->smk_label;
  		list_add(&nklep->list, nhead);
  	}
  
  	return 0;
  }
  
  /**

   * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
   * @mode - input mode in form of PTRACE_MODE_*
   *
   * Returns a converted MAY_* mode usable by smack rules
   */
  static inline unsigned int smk_ptrace_mode(unsigned int mode)
  {

  	if (mode & PTRACE_MODE_ATTACH)

  		return MAY_READWRITE;

  	if (mode & PTRACE_MODE_READ)
  		return MAY_READ;

  
  	return 0;
  }
  
  /**
   * smk_ptrace_rule_check - helper for ptrace access
   * @tracer: tracer process

   * @tracee_known: label entry of the process that's about to be traced

   * @mode: ptrace attachment mode (PTRACE_MODE_*)
   * @func: name of the function that called us, used for audit
   *
   * Returns 0 on access granted, -error on error
   */

  static int smk_ptrace_rule_check(struct task_struct *tracer,
  				 struct smack_known *tracee_known,

  				 unsigned int mode, const char *func)
  {
  	int rc;
  	struct smk_audit_info ad, *saip = NULL;
  	struct task_smack *tsp;

  	struct smack_known *tracer_known;

  
  	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
  		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
  		smk_ad_setfield_u_tsk(&ad, tracer);
  		saip = &ad;
  	}

  	rcu_read_lock();
  	tsp = __task_cred(tracer)->security;

  	tracer_known = smk_of_task(tsp);

  	if ((mode & PTRACE_MODE_ATTACH) &&
  	    (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
  	     smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {

  		if (tracer_known->smk_known == tracee_known->smk_known)

  			rc = 0;
  		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
  			rc = -EACCES;
  		else if (capable(CAP_SYS_PTRACE))
  			rc = 0;
  		else
  			rc = -EACCES;
  
  		if (saip)

  			smack_log(tracer_known->smk_known,
  				  tracee_known->smk_known,
  				  0, rc, saip);

  		rcu_read_unlock();

  		return rc;
  	}
  
  	/* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */

  	rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);

  
  	rcu_read_unlock();

  	return rc;
  }

  /*
   * LSM hooks.
   * We he, that is fun!
   */
  
  /**

   * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH

   * @ctp: child task pointer

   * @mode: ptrace attachment mode (PTRACE_MODE_*)

   *
   * Returns 0 if access is OK, an error code otherwise
   *

   * Do the capability checks.

   */

  static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)

  {

  	struct smack_known *skp;

  	skp = smk_of_task_struct(ctp);

  	return smk_ptrace_rule_check(current, skp, mode, __func__);

  }
  
  /**
   * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
   * @ptp: parent task pointer
   *
   * Returns 0 if access is OK, an error code otherwise
   *

   * Do the capability checks, and require PTRACE_MODE_ATTACH.

   */
  static int smack_ptrace_traceme(struct task_struct *ptp)
  {
  	int rc;

  	struct smack_known *skp;

  	skp = smk_of_task(current_security());

  	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);

  	return rc;
  }
  
  /**
   * smack_syslog - Smack approval on syslog
   * @type: message type
   *

   * Returns 0 on success, error code otherwise.
   */

  static int smack_syslog(int typefrom_file)

  {

  	int rc = 0;

  	struct smack_known *skp = smk_of_current();

  	if (smack_privileged(CAP_MAC_OVERRIDE))

  		return 0;

  	if (smack_syslog_label != NULL && smack_syslog_label != skp)

  		rc = -EACCES;
  
  	return rc;
  }
  
  
  /*
   * Superblock Hooks.
   */
  
  /**
   * smack_sb_alloc_security - allocate a superblock blob
   * @sb: the superblock getting the blob
   *
   * Returns 0 on success or -ENOMEM on error.
   */
  static int smack_sb_alloc_security(struct super_block *sb)
  {
  	struct superblock_smack *sbsp;
  
  	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
  
  	if (sbsp == NULL)
  		return -ENOMEM;

  	sbsp->smk_root = &smack_known_floor;
  	sbsp->smk_default = &smack_known_floor;
  	sbsp->smk_floor = &smack_known_floor;
  	sbsp->smk_hat = &smack_known_hat;

  	/*

  	 * SMK_SB_INITIALIZED will be zero from kzalloc.

  	 */

  	sb->s_security = sbsp;
  
  	return 0;
  }
  
  /**
   * smack_sb_free_security - free a superblock blob
   * @sb: the superblock getting the blob
   *
   */
  static void smack_sb_free_security(struct super_block *sb)
  {
  	kfree(sb->s_security);
  	sb->s_security = NULL;
  }
  
  /**
   * smack_sb_copy_data - copy mount options data for processing

   * @orig: where to start

   * @smackopts: mount options string

   *
   * Returns 0 on success or -ENOMEM on error.
   *
   * Copy the Smack specific mount options out of the mount
   * options list.
   */

  static int smack_sb_copy_data(char *orig, char *smackopts)

  {
  	char *cp, *commap, *otheropts, *dp;

  	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
  	if (otheropts == NULL)
  		return -ENOMEM;
  
  	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
  		if (strstr(cp, SMK_FSDEFAULT) == cp)
  			dp = smackopts;
  		else if (strstr(cp, SMK_FSFLOOR) == cp)
  			dp = smackopts;
  		else if (strstr(cp, SMK_FSHAT) == cp)
  			dp = smackopts;
  		else if (strstr(cp, SMK_FSROOT) == cp)
  			dp = smackopts;

  		else if (strstr(cp, SMK_FSTRANS) == cp)
  			dp = smackopts;

  		else
  			dp = otheropts;
  
  		commap = strchr(cp, ',');
  		if (commap != NULL)
  			*commap = '\0';
  
  		if (*dp != '\0')
  			strcat(dp, ",");
  		strcat(dp, cp);
  	}
  
  	strcpy(orig, otheropts);
  	free_page((unsigned long)otheropts);
  
  	return 0;
  }
  
  /**

   * smack_parse_opts_str - parse Smack specific mount options
   * @options: mount options string
   * @opts: where to store converted mount opts
   *
   * Returns 0 on success or -ENOMEM on error.
   *
   * converts Smack specific mount options to generic security option format
   */
  static int smack_parse_opts_str(char *options,
  		struct security_mnt_opts *opts)
  {
  	char *p;

  	char *fsdefault = NULL;
  	char *fsfloor = NULL;
  	char *fshat = NULL;
  	char *fsroot = NULL;
  	char *fstransmute = NULL;
  	int rc = -ENOMEM;
  	int num_mnt_opts = 0;
  	int token;

  
  	opts->num_mnt_opts = 0;
  
  	if (!options)
  		return 0;
  
  	while ((p = strsep(&options, ",")) != NULL) {

  		substring_t args[MAX_OPT_ARGS];
  
  		if (!*p)
  			continue;

  		token = match_token(p, smk_mount_tokens, args);

  
  		switch (token) {
  		case Opt_fsdefault:
  			if (fsdefault)
  				goto out_opt_err;
  			fsdefault = match_strdup(&args[0]);
  			if (!fsdefault)
  				goto out_err;
  			break;
  		case Opt_fsfloor:
  			if (fsfloor)
  				goto out_opt_err;
  			fsfloor = match_strdup(&args[0]);
  			if (!fsfloor)
  				goto out_err;
  			break;
  		case Opt_fshat:
  			if (fshat)
  				goto out_opt_err;
  			fshat = match_strdup(&args[0]);
  			if (!fshat)
  				goto out_err;
  			break;
  		case Opt_fsroot:
  			if (fsroot)
  				goto out_opt_err;
  			fsroot = match_strdup(&args[0]);
  			if (!fsroot)
  				goto out_err;
  			break;
  		case Opt_fstransmute:
  			if (fstransmute)
  				goto out_opt_err;
  			fstransmute = match_strdup(&args[0]);
  			if (!fstransmute)
  				goto out_err;
  			break;
  		default:
  			rc = -EINVAL;
  			pr_warn("Smack:  unknown mount option
  ");
  			goto out_err;
  		}
  	}
  
  	opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
  	if (!opts->mnt_opts)
  		goto out_err;
  
  	opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
  			GFP_ATOMIC);
  	if (!opts->mnt_opts_flags) {
  		kfree(opts->mnt_opts);
  		goto out_err;
  	}
  
  	if (fsdefault) {
  		opts->mnt_opts[num_mnt_opts] = fsdefault;
  		opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
  	}
  	if (fsfloor) {
  		opts->mnt_opts[num_mnt_opts] = fsfloor;
  		opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
  	}
  	if (fshat) {
  		opts->mnt_opts[num_mnt_opts] = fshat;
  		opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
  	}
  	if (fsroot) {
  		opts->mnt_opts[num_mnt_opts] = fsroot;
  		opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
  	}
  	if (fstransmute) {
  		opts->mnt_opts[num_mnt_opts] = fstransmute;
  		opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
  	}
  
  	opts->num_mnt_opts = num_mnt_opts;
  	return 0;
  
  out_opt_err:
  	rc = -EINVAL;
  	pr_warn("Smack: duplicate mount options
  ");
  
  out_err:
  	kfree(fsdefault);
  	kfree(fsfloor);
  	kfree(fshat);
  	kfree(fsroot);
  	kfree(fstransmute);
  	return rc;
  }
  
  /**
   * smack_set_mnt_opts - set Smack specific mount options

   * @sb: the file system superblock

   * @opts: Smack mount options
   * @kern_flags: mount option from kernel space or user space
   * @set_kern_flags: where to store converted mount opts

   *
   * Returns 0 on success, an error code on failure

   *
   * Allow filesystems with binary mount data to explicitly set Smack mount
   * labels.

   */

  static int smack_set_mnt_opts(struct super_block *sb,
  		struct security_mnt_opts *opts,
  		unsigned long kern_flags,
  		unsigned long *set_kern_flags)

  {
  	struct dentry *root = sb->s_root;

  	struct inode *inode = d_backing_inode(root);

  	struct superblock_smack *sp = sb->s_security;
  	struct inode_smack *isp;

  	struct smack_known *skp;

  	int i;
  	int num_opts = opts->num_mnt_opts;

  	int transmute = 0;

  	if (sp->smk_flags & SMK_SB_INITIALIZED)

  		return 0;

  	sp->smk_flags |= SMK_SB_INITIALIZED;

  	for (i = 0; i < num_opts; i++) {
  		switch (opts->mnt_opts_flags[i]) {
  		case FSDEFAULT_MNT:
  			skp = smk_import_entry(opts->mnt_opts[i], 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);

  			sp->smk_default = skp;
  			break;
  		case FSFLOOR_MNT:
  			skp = smk_import_entry(opts->mnt_opts[i], 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_floor = skp;

  			break;
  		case FSHAT_MNT:
  			skp = smk_import_entry(opts->mnt_opts[i], 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);

  			sp->smk_hat = skp;
  			break;
  		case FSROOT_MNT:
  			skp = smk_import_entry(opts->mnt_opts[i], 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_root = skp;

  			break;
  		case FSTRANS_MNT:
  			skp = smk_import_entry(opts->mnt_opts[i], 0);

  			if (IS_ERR(skp))
  				return PTR_ERR(skp);
  			sp->smk_root = skp;
  			transmute = 1;

  			break;
  		default:
  			break;

  		}
  	}

  	if (!smack_privileged(CAP_MAC_ADMIN)) {
  		/*
  		 * Unprivileged mounts don't get to specify Smack values.
  		 */

  		if (num_opts)

  			return -EPERM;
  		/*
  		 * Unprivileged mounts get root and default from the caller.
  		 */
  		skp = smk_of_current();

  		sp->smk_root = skp;
  		sp->smk_default = skp;

  		/*
  		 * For a handful of fs types with no user-controlled
  		 * backing store it's okay to trust security labels
  		 * in the filesystem. The rest are untrusted.
  		 */
  		if (sb->s_user_ns != &init_user_ns &&
  		    sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
  		    sb->s_magic != RAMFS_MAGIC) {
  			transmute = 1;
  			sp->smk_flags |= SMK_SB_UNTRUSTED;
  		}

  	}

  	/*
  	 * Initialize the root inode.
  	 */
  	isp = inode->i_security;

  	if (isp == NULL) {
  		isp = new_inode_smack(sp->smk_root);
  		if (isp == NULL)
  			return -ENOMEM;
  		inode->i_security = isp;

  	} else

  		isp->smk_inode = sp->smk_root;

  	if (transmute)
  		isp->smk_flags |= SMK_INODE_TRANSMUTE;

  	return 0;
  }
  
  /**

   * smack_sb_kern_mount - Smack specific mount processing
   * @sb: the file system superblock
   * @flags: the mount flags
   * @data: the smack mount options
   *
   * Returns 0 on success, an error code on failure
   */
  static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
  {
  	int rc = 0;
  	char *options = data;
  	struct security_mnt_opts opts;
  
  	security_init_mnt_opts(&opts);
  
  	if (!options)
  		goto out;
  
  	rc = smack_parse_opts_str(options, &opts);
  	if (rc)
  		goto out_err;
  
  out:
  	rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
  
  out_err:
  	security_free_mnt_opts(&opts);
  	return rc;
  }
  
  /**

   * smack_sb_statfs - Smack check on statfs
   * @dentry: identifies the file system in question
   *
   * Returns 0 if current can read the floor of the filesystem,
   * and error code otherwise
   */
  static int smack_sb_statfs(struct dentry *dentry)
  {
  	struct superblock_smack *sbp = dentry->d_sb->s_security;

  	int rc;
  	struct smk_audit_info ad;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);

  	rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);

  	return rc;

  }

  /*

   * BPRM hooks
   */

  /**
   * smack_bprm_set_creds - set creds for exec
   * @bprm: the exec information
   *

   * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise

   */

  static int smack_bprm_set_creds(struct linux_binprm *bprm)
  {

  	struct inode *inode = file_inode(bprm->file);

  	struct task_smack *bsp = bprm->cred->security;

  	struct inode_smack *isp;

  	struct superblock_smack *sbsp;

  	int rc;

  	if (bprm->cred_prepared)
  		return 0;

  	isp = inode->i_security;
  	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)

  		return 0;

  	sbsp = inode->i_sb->s_security;
  	if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
  	    isp->smk_task != sbsp->smk_root)
  		return 0;

  	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
  		struct task_struct *tracer;
  		rc = 0;
  
  		rcu_read_lock();
  		tracer = ptrace_parent(current);
  		if (likely(tracer != NULL))
  			rc = smk_ptrace_rule_check(tracer,

  						   isp->smk_task,

  						   PTRACE_MODE_ATTACH,
  						   __func__);
  		rcu_read_unlock();
  
  		if (rc != 0)
  			return rc;
  	} else if (bprm->unsafe)

  		return -EPERM;

  	bsp->smk_task = isp->smk_task;
  	bprm->per_clear |= PER_CLEAR_ON_SETID;

  	return 0;
  }

  /**
   * smack_bprm_committing_creds - Prepare to install the new credentials
   * from bprm.
   *
   * @bprm: binprm for exec
   */
  static void smack_bprm_committing_creds(struct linux_binprm *bprm)
  {
  	struct task_smack *bsp = bprm->cred->security;

  	if (bsp->smk_task != bsp->smk_forked)
  		current->pdeath_signal = 0;
  }
  
  /**
   * smack_bprm_secureexec - Return the decision to use secureexec.
   * @bprm: binprm for exec
   *
   * Returns 0 on success.
   */
  static int smack_bprm_secureexec(struct linux_binprm *bprm)
  {
  	struct task_smack *tsp = current_security();

  	if (tsp->smk_task != tsp->smk_forked)
  		return 1;

  	return 0;

  }
  
  /*

   * Inode hooks
   */
  
  /**
   * smack_inode_alloc_security - allocate an inode blob

   * @inode: the inode in need of a blob

   *
   * Returns 0 if it gets a blob, -ENOMEM otherwise
   */
  static int smack_inode_alloc_security(struct inode *inode)
  {

  	struct smack_known *skp = smk_of_current();

  	inode->i_security = new_inode_smack(skp);

  	if (inode->i_security == NULL)
  		return -ENOMEM;
  	return 0;
  }
  
  /**
   * smack_inode_free_security - free an inode blob

   * @inode: the inode with a blob

   *
   * Clears the blob pointer in inode
   */
  static void smack_inode_free_security(struct inode *inode)
  {

  	kmem_cache_free(smack_inode_cache, inode->i_security);

  	inode->i_security = NULL;
  }
  
  /**
   * smack_inode_init_security - copy out the smack from an inode

   * @inode: the newly created inode
   * @dir: containing directory object

   * @qstr: unused

   * @name: where to put the attribute name
   * @value: where to put the attribute value
   * @len: where to put the length of the attribute
   *
   * Returns 0 if it all works out, -ENOMEM if there's no memory
   */
  static int smack_inode_init_security(struct inode *inode, struct inode *dir,

  				     const struct qstr *qstr, const char **name,

  				     void **value, size_t *len)

  {

  	struct inode_smack *issp = inode->i_security;

  	struct smack_known *skp = smk_of_current();

  	struct smack_known *isp = smk_of_inode(inode);
  	struct smack_known *dsp = smk_of_inode(dir);

  	int may;

  	if (name)
  		*name = XATTR_SMACK_SUFFIX;

  	if (value && len) {

  		rcu_read_lock();

  		may = smk_access_entry(skp->smk_known, dsp->smk_known,
  				       &skp->smk_rules);

  		rcu_read_unlock();

  
  		/*
  		 * If the access rule allows transmutation and
  		 * the directory requests transmutation then
  		 * by all means transmute.

  		 * Mark the inode as changed.

  		 */

  		if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&

  		    smk_inode_transmutable(dir)) {

  			isp = dsp;

  			issp->smk_flags |= SMK_INODE_CHANGED;
  		}

  		*value = kstrdup(isp->smk_known, GFP_NOFS);

  		if (*value == NULL)
  			return -ENOMEM;

  		*len = strlen(isp->smk_known);

  	}

  
  	return 0;
  }
  
  /**
   * smack_inode_link - Smack check on link
   * @old_dentry: the existing object
   * @dir: unused
   * @new_dentry: the new object
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
  			    struct dentry *new_dentry)
  {

  	struct smack_known *isp;

  	struct smk_audit_info ad;
  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);

  	isp = smk_of_inode(d_backing_inode(old_dentry));

  	rc = smk_curacc(isp, MAY_WRITE, &ad);

  	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);

  	if (rc == 0 && d_is_positive(new_dentry)) {

  		isp = smk_of_inode(d_backing_inode(new_dentry));

  		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  		rc = smk_curacc(isp, MAY_WRITE, &ad);

  		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);

  	}
  
  	return rc;
  }
  
  /**
   * smack_inode_unlink - Smack check on inode deletion
   * @dir: containing directory object
   * @dentry: file to unlink
   *
   * Returns 0 if current can write the containing directory
   * and the object, error code otherwise
   */
  static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
  {

  	struct inode *ip = d_backing_inode(dentry);

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	/*
  	 * You need write access to the thing you're unlinking
  	 */

  	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);

  	rc = smk_bu_inode(ip, MAY_WRITE, rc);

  	if (rc == 0) {

  		/*
  		 * You also need write access to the containing directory
  		 */

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  		smk_ad_setfield_u_fs_inode(&ad, dir);
  		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);

  		rc = smk_bu_inode(dir, MAY_WRITE, rc);

  	}

  	return rc;
  }
  
  /**
   * smack_inode_rmdir - Smack check on directory deletion
   * @dir: containing directory object
   * @dentry: directory to unlink
   *
   * Returns 0 if current can write the containing directory
   * and the directory, error code otherwise
   */
  static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
  {

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	/*
  	 * You need write access to the thing you're removing
  	 */

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	if (rc == 0) {

  		/*
  		 * You also need write access to the containing directory
  		 */

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  		smk_ad_setfield_u_fs_inode(&ad, dir);
  		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);

  		rc = smk_bu_inode(dir, MAY_WRITE, rc);

  	}

  
  	return rc;
  }
  
  /**
   * smack_inode_rename - Smack check on rename

   * @old_inode: unused
   * @old_dentry: the old object
   * @new_inode: unused
   * @new_dentry: the new object

   *
   * Read and write access is required on both the old and
   * new directories.
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_rename(struct inode *old_inode,
  			      struct dentry *old_dentry,
  			      struct inode *new_inode,
  			      struct dentry *new_dentry)
  {
  	int rc;

  	struct smack_known *isp;

  	struct smk_audit_info ad;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);

  	isp = smk_of_inode(d_backing_inode(old_dentry));

  	rc = smk_curacc(isp, MAY_READWRITE, &ad);

  	rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);

  	if (rc == 0 && d_is_positive(new_dentry)) {

  		isp = smk_of_inode(d_backing_inode(new_dentry));

  		smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
  		rc = smk_curacc(isp, MAY_READWRITE, &ad);

  		rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);

  	}

  	return rc;
  }
  
  /**
   * smack_inode_permission - Smack version of permission()
   * @inode: the inode in question
   * @mask: the access requested

   *
   * This is the important Smack hook.
   *
   * Returns 0 if access is permitted, -EACCES otherwise
   */

  static int smack_inode_permission(struct inode *inode, int mask)

  {

  	struct superblock_smack *sbsp = inode->i_sb->s_security;

  	struct smk_audit_info ad;

  	int no_block = mask & MAY_NOT_BLOCK;

  	int rc;

  
  	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);

  	/*
  	 * No permission to check. Existence test. Yup, it's there.
  	 */
  	if (mask == 0)
  		return 0;

  	if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
  		if (smk_of_inode(inode) != sbsp->smk_root)
  			return -EACCES;
  	}

  	/* May be droppable after audit */

  	if (no_block)

  		return -ECHILD;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

  	smk_ad_setfield_u_fs_inode(&ad, inode);

  	rc = smk_curacc(smk_of_inode(inode), mask, &ad);
  	rc = smk_bu_inode(inode, mask, rc);
  	return rc;

  }
  
  /**
   * smack_inode_setattr - Smack check for setting attributes
   * @dentry: the object
   * @iattr: for the force flag
   *
   * Returns 0 if access is permitted, an error code otherwise
   */
  static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
  {

  	struct smk_audit_info ad;

  	int rc;

  	/*
  	 * Need to allow for clearing the setuid bit.
  	 */
  	if (iattr->ia_valid & ATTR_FORCE)
  		return 0;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	return rc;

  }
  
  /**
   * smack_inode_getattr - Smack check for getting attributes

   * @mnt: vfsmount of the object

   * @dentry: the object
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_getattr(const struct path *path)

  {

  	struct smk_audit_info ad;

  	struct inode *inode = d_backing_inode(path->dentry);

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);

  	smk_ad_setfield_u_fs_path(&ad, *path);
  	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
  	rc = smk_bu_inode(inode, MAY_READ, rc);

  	return rc;

  }
  
  /**
   * smack_inode_setxattr - Smack check for setting xattrs
   * @dentry: the object
   * @name: name of the attribute

   * @value: value of the attribute
   * @size: size of the value

   * @flags: unused
   *
   * This protects the Smack attribute explicitly.
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_setxattr(struct dentry *dentry, const char *name,
  				const void *value, size_t size, int flags)

  {

  	struct smk_audit_info ad;

  	struct smack_known *skp;
  	int check_priv = 0;
  	int check_import = 0;
  	int check_star = 0;

  	int rc = 0;

  	/*
  	 * Check label validity here so import won't fail in post_setxattr
  	 */

  	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
  		check_priv = 1;
  		check_import = 1;
  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
  		   strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
  		check_priv = 1;
  		check_import = 1;
  		check_star = 1;

  	} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {

  		check_priv = 1;

  		if (size != TRANS_TRUE_SIZE ||
  		    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
  			rc = -EINVAL;

  	} else
  		rc = cap_inode_setxattr(dentry, name, value, size, flags);

  	if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
  		rc = -EPERM;
  
  	if (rc == 0 && check_import) {

  		skp = size ? smk_import_entry(value, size) : NULL;

  		if (IS_ERR(skp))
  			rc = PTR_ERR(skp);
  		else if (skp == NULL || (check_star &&

  		    (skp == &smack_known_star || skp == &smack_known_web)))
  			rc = -EINVAL;
  	}

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	if (rc == 0) {

  		rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  		rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	}

  
  	return rc;

  }
  
  /**
   * smack_inode_post_setxattr - Apply the Smack update approved above
   * @dentry: object
   * @name: attribute name
   * @value: attribute value
   * @size: attribute size
   * @flags: unused
   *
   * Set the pointer in the inode blob to the entry found
   * in the master label list.
   */

  static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
  				      const void *value, size_t size, int flags)

  {

  	struct smack_known *skp;

  	struct inode_smack *isp = d_backing_inode(dentry)->i_security;

  	if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
  		isp->smk_flags |= SMK_INODE_TRANSMUTE;
  		return;
  	}

  	if (strcmp(name, XATTR_NAME_SMACK) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_inode = skp;

  		else

  			isp->smk_inode = &smack_known_invalid;

  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_task = skp;

  		else

  			isp->smk_task = &smack_known_invalid;

  	} else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {

  		skp = smk_import_entry(value, size);

  		if (!IS_ERR(skp))

  			isp->smk_mmap = skp;

  		else

  			isp->smk_mmap = &smack_known_invalid;
  	}

  
  	return;
  }

  /**

   * smack_inode_getxattr - Smack check on getxattr
   * @dentry: the object
   * @name: unused
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_getxattr(struct dentry *dentry, const char *name)

  {

  	struct smk_audit_info ad;

  	int rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);

  	return rc;

  }

  /**

   * smack_inode_removexattr - Smack check on removexattr
   * @dentry: the object
   * @name: name of the attribute
   *
   * Removing the Smack attribute requires CAP_MAC_ADMIN
   *
   * Returns 0 if access is permitted, an error code otherwise
   */

  static int smack_inode_removexattr(struct dentry *dentry, const char *name)

  {

  	struct inode_smack *isp;

  	struct smk_audit_info ad;

  	int rc = 0;

  	if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
  	    strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||

  	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {

  		if (!smack_privileged(CAP_MAC_ADMIN))

  			rc = -EPERM;
  	} else
  		rc = cap_inode_removexattr(dentry, name);

  	if (rc != 0)
  		return rc;

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);

  	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);

  	rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
  	rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);

  	if (rc != 0)
  		return rc;

  	isp = d_backing_inode(dentry)->i_security;

  	/*
  	 * Don't do anything special for these.
  	 *	XATTR_NAME_SMACKIPIN
  	 *	XATTR_NAME_SMACKIPOUT

  	 */

  	if (strcmp(name, XATTR_NAME_SMACK) == 0) {

  		struct super_block *sbp = dentry->d_sb;

  		struct superblock_smack *sbsp = sbp->s_security;
  
  		isp->smk_inode = sbsp->smk_default;
  	} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)

  		isp->smk_task = NULL;

  	else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)

  		isp->smk_mmap = NULL;

  	else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
  		isp->smk_flags &= ~SMK_INODE_TRANSMUTE;

  	return 0;

  }
  
  /**
   * smack_inode_getsecurity - get smack xattrs
   * @inode: the object
   * @name: attribute name
   * @buffer: where to put the result

   * @alloc: unused

   *
   * Returns the size of the attribute or an error code
   */

  static int smack_inode_getsecurity(struct inode *inode,

  				   const char *name, void **buffer,
  				   bool alloc)
  {
  	struct socket_smack *ssp;
  	struct socket *sock;
  	struct super_block *sbp;
  	struct inode *ip = (struct inode *)inode;

  	struct smack_known *isp;

  	int ilen;
  	int rc = 0;
  
  	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
  		isp = smk_of_inode(inode);

  		ilen = strlen(isp->smk_known);
  		*buffer = isp->smk_known;

  		return ilen;
  	}
  
  	/*
  	 * The rest of the Smack xattrs are only on sockets.
  	 */
  	sbp = ip->i_sb;
  	if (sbp->s_magic != SOCKFS_MAGIC)
  		return -EOPNOTSUPP;
  
  	sock = SOCKET_I(ip);

  	if (sock == NULL || sock->sk == NULL)

  		return -EOPNOTSUPP;
  
  	ssp = sock->sk->sk_security;
  
  	if (strcmp(name, XATTR_SMACK_IPIN) == 0)

  		isp = ssp->smk_in;

  	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)

  		isp = ssp->smk_out;

  	else
  		return -EOPNOTSUPP;

  	ilen = strlen(isp->smk_known);

  	if (rc == 0) {

  		*buffer = isp->smk_known;

  		rc = ilen;
  	}
  
  	return rc;
  }
  
  
  /**
   * smack_inode_listsecurity - list the Smack attributes
   * @inode: the object
   * @buffer: where they go
   * @buffer_size: size of buffer

   */
  static int smack_inode_listsecurity(struct inode *inode, char *buffer,
  				    size_t buffer_size)
  {

  	int len = sizeof(XATTR_NAME_SMACK);

  	if (buffer != NULL && len <= buffer_size)

  		memcpy(buffer, XATTR_NAME_SMACK, len);

  
  	return len;

  }

  /**
   * smack_inode_getsecid - Extract inode's security id
   * @inode: inode to extract the info from
   * @secid: where result will be saved
   */

  static void smack_inode_getsecid(struct inode *inode, u32 *secid)

  {
  	struct inode_smack *isp = inode->i_security;

  	*secid = isp->smk_inode->smk_secid;

  }

  /*
   * File Hooks
   */

  /*
   * There is no smack_file_permission hook

   *
   * Should access checks be done on each read or write?
   * UNICOS and SELinux say yes.
   * Trusted Solaris, Trusted Irix, and just about everyone else says no.
   *
   * I'll say no for now. Smack does not do the frequent
   * label changing that SELinux does.
   */

  
  /**
   * smack_file_alloc_security - assign a file security blob
   * @file: the object
   *
   * The security blob for a file is a pointer to the master
   * label list, so no allocation is done.
   *

   * f_security is the owner security information. It
   * isn't used on file access checks, it's for send_sigio.
   *

   * Returns 0
   */
  static int smack_file_alloc_security(struct file *file)
  {

  	struct smack_known *skp = smk_of_current();

  	file->f_security = skp;

  	return 0;
  }
  
  /**
   * smack_file_free_security - clear a file security blob
   * @file: the object
   *
   * The security blob for a file is a pointer to the master
   * label list, so no memory is freed.
   */
  static void smack_file_free_security(struct file *file)
  {
  	file->f_security = NULL;
  }
  
  /**
   * smack_file_ioctl - Smack check on ioctls
   * @file: the object
   * @cmd: what to do
   * @arg: unused
   *
   * Relies heavily on the correct use of the ioctl command conventions.
   *
   * Returns 0 if allowed, error code otherwise
   */
  static int smack_file_ioctl(struct file *file, unsigned int cmd,
  			    unsigned long arg)
  {
  	int rc = 0;

  	struct smk_audit_info ad;

  	struct inode *inode = file_inode(file);

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);

  	smk_ad_setfield_u_fs_path(&ad, file->f_path);

  	if (_IOC_DIR(cmd) & _IOC_WRITE) {

  		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);

  		rc = smk_bu_file(file, MAY_WRITE, rc);
  	}

  	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {

  		rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);

  		rc = smk_bu_file(file, MAY_READ, rc);
  	}

  
  	return rc;
  }
  
  /**
   * smack_file_lock - Smack check on file locking
   * @file: the object

   * @cmd: unused

   *

   * Returns 0 if current has lock access, error code otherwise

   */
  static int smack_file_lock(struct file *file, unsigned int cmd)
  {

  	struct smk_audit_info ad;

  	int rc;

  	struct inode *inode = file_inode(file);

  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  	smk_ad_setfield_u_fs_path(&ad, file->f_path);

  	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);

  	rc = smk_bu_file(file, MAY_LOCK, rc);
  	return rc;

  }
  
  /**
   * smack_file_fcntl - Smack check on fcntl
   * @file: the object
   * @cmd: what action to check
   * @arg: unused
   *

   * Generally these operations are harmless.
   * File locking operations present an obvious mechanism
   * for passing information, so they require write access.
   *

   * Returns 0 if current has access, error code otherwise
   */
  static int smack_file_fcntl(struct file *file, unsigned int cmd,
  			    unsigned long arg)
  {

  	struct smk_audit_info ad;

  	int rc = 0;

  	struct inode *inode = file_inode(file);

  	switch (cmd) {

  	case F_GETLK:

  		break;

  	case F_SETLK:
  	case F_SETLKW:

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  		smk_ad_setfield_u_fs_path(&ad, file->f_path);

  		rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);

  		rc = smk_bu_file(file, MAY_LOCK, rc);

  		break;

  	case F_SETOWN:
  	case F_SETSIG:

  		smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
  		smk_ad_setfield_u_fs_path(&ad, file->f_path);

  		rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);

  		rc = smk_bu_file(file, MAY_WRITE, rc);

  		break;
  	default:

  		break;

  	}
  
  	return rc;
  }
  
  /**

   * smack_mmap_file :

   * Check permissions for a mmap operation.  The @file may be NULL, e.g.
   * if mapping anonymous memory.
   * @file contains the file structure for file to map (may be NULL).
   * @reqprot contains the protection requested by the application.
   * @prot contains the protection that will be applied by the kernel.
   * @flags contains the operational flags.
   * Return 0 if permission is granted.
   */

  static int smack_mmap_file(struct file *file,

  			   unsigned long reqprot, unsigned long prot,

  			   unsigned long flags)

  {

  	struct smack_known *skp;

  	struct smack_known *mkp;

  	struct smack_rule *srp;
  	struct task_smack *tsp;

  	struct smack_known *okp;

  	struct inode_smack *isp;

  	struct superblock_smack *sbsp;

  	int may;
  	int mmay;
  	int tmay;

  	int rc;

  	if (file == NULL)

  		return 0;

  	isp = file_inode(file)->i_security;

  	if (isp->smk_mmap == NULL)
  		return 0;

  	sbsp = file_inode(file)->i_sb->s_security;
  	if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
  	    isp->smk_mmap != sbsp->smk_root)
  		return -EACCES;

  	mkp = isp->smk_mmap;

  
  	tsp = current_security();

  	skp = smk_of_current();

  	rc = 0;
  
  	rcu_read_lock();
  	/*
  	 * For each Smack rule associated with the subject
  	 * label verify that the SMACK64MMAP also has access
  	 * to that rule's object label.

  	 */

  	list_for_each_entry_rcu(srp, &skp->smk_rules, list) {

  		okp = srp->smk_object;

  		/*
  		 * Matching labels always allows access.
  		 */

  		if (mkp->smk_known == okp->smk_known)

  			continue;

  		/*
  		 * If there is a matching local rule take
  		 * that into account as well.
  		 */

  		may = smk_access_entry(srp->smk_subject->smk_known,
  				       okp->smk_known,
  				       &tsp->smk_rules);

  		if (may == -ENOENT)
  			may = srp->smk_access;
  		else
  			may &= srp->smk_access;
  		/*
  		 * If may is zero the SMACK64MMAP subject can't
  		 * possibly have less access.
  		 */
  		if (may == 0)
  			continue;
  
  		/*
  		 * Fetch the global list entry.
  		 * If there isn't one a SMACK64MMAP subject
  		 * can't have as much access as current.
  		 */

  		mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
  					&mkp->smk_rules);

  		if (mmay == -ENOENT) {
  			rc = -EACCES;
  			break;
  		}
  		/*
  		 * If there is a local entry it modifies the
  		 * potential access, too.
  		 */

  		tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
  					&tsp->smk_rules);

  		if (tmay != -ENOENT)
  			mmay &= tmay;

  		/*
  		 * If there is any access available to current that is
  		 * not available to a SMACK64MMAP subject
  		 * deny access.
  		 */

  		if ((may | mmay) != mmay) {

  			rc = -EACCES;

  			break;

  		}

  	}
  
  	rcu_read_unlock();
  
  	return rc;
  }
  
  /**

   * smack_file_set_fowner - set the file security blob value
   * @file: object in question
   *

   */

  static void smack_file_set_fowner(struct file *file)

  {

  	file->f_security = smk_of_current();