Eric Lee / smarc-fsl-linux-kernel

Commit 3610cda53f247e176bcbb7a7cca64bc53b12acdb

Authored by David S. Miller 14 years ago

Exists in master and in 39 other branches

af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.

unix_release() can asynchornously set socket->sk to NULL, and
it does so without holding the unix_state_lock() on "other"
during stream connects.

However, the reverse mapping, sk->sk_socket, is only transitioned
to NULL under the unix_state_lock().

Therefore make the security hooks follow the reverse mapping instead
of the forward mapping.

Reported-by: Jeremy Fitzhardinge <jeremy@goop.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 6 changed files with 22 additions and 24 deletions Inline Diff

include/linux/security.h
net/unix/af_unix.c
security/capability.c
security/security.c
security/selinux/hooks.c
security/smack/smack_lsm.c

include/linux/security.h

Diff comments View file @ 3610cda

 /*
  * Linux Security plug
  *
  * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
  * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
  * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
  * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
  * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation; either version 2 of the License, or
  *	(at your option) any later version.
  *
  *	Due to this file being licensed under the GPL there is controversy over
  *	whether this permits you to write a module that #includes this file
  *	without placing your module under the GPL.  Please consult a lawyer for
  *	advice before doing this.
  *
  */
 #ifndef __LINUX_SECURITY_H
 #define __LINUX_SECURITY_H
 #include <linux/fs.h>
 #include <linux/fsnotify.h>
 #include <linux/binfmts.h>
 #include <linux/signal.h>
 #include <linux/resource.h>
 #include <linux/sem.h>
 #include <linux/shm.h>
 #include <linux/mm.h> /* PAGE_ALIGN */
 #include <linux/msg.h>
 #include <linux/sched.h>
 #include <linux/key.h>
 #include <linux/xfrm.h>
 #include <linux/slab.h>
 #include <net/flow.h>
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX	10
 /* If capable should audit the security request */
 #define SECURITY_CAP_NOAUDIT 0
 #define SECURITY_CAP_AUDIT 1
 struct ctl_table;
 struct audit_krule;
 /*
  * These functions are in security/capability.c and are used
  * as the default capabilities functions
  */
 extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
 		       int cap, int audit);
 extern int cap_settime(struct timespec *ts, struct timezone *tz);
 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
 extern int cap_ptrace_traceme(struct task_struct *parent);
 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
 extern int cap_capset(struct cred *new, const struct cred *old,
 		      const kernel_cap_t *effective,
 		      const kernel_cap_t *inheritable,
 		      const kernel_cap_t *permitted);
 extern int cap_bprm_set_creds(struct linux_binprm *bprm);
 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
 extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
 			      const void *value, size_t size, int flags);
 extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
 extern int cap_inode_need_killpriv(struct dentry *dentry);
 extern int cap_inode_killpriv(struct dentry *dentry);
 extern int cap_file_mmap(struct file *file, unsigned long reqprot,
 			 unsigned long prot, unsigned long flags,
 			 unsigned long addr, unsigned long addr_only);
 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			  unsigned long arg4, unsigned long arg5);
 extern int cap_task_setscheduler(struct task_struct *p);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
 struct msghdr;
 struct sk_buff;
 struct sock;
 struct sockaddr;
 struct socket;
 struct flowi;
 struct dst_entry;
 struct xfrm_selector;
 struct xfrm_policy;
 struct xfrm_state;
 struct xfrm_user_sec_ctx;
 struct seq_file;
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
 void reset_security_ops(void);
 #ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
 #else
 #define dac_mmap_min_addr	0UL
 #endif
 /*
  * Values used in the task_security_ops calls
  */
 /* setuid or setgid, id0 == uid or gid */
 #define LSM_SETID_ID	1
 /* setreuid or setregid, id0 == real, id1 == eff */
 #define LSM_SETID_RE	2
 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
 #define LSM_SETID_RES	4
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS	8
 /* forward declares to avoid warnings */
 struct sched_param;
 struct request_sock;
 /* bprm->unsafe reasons */
 #define LSM_UNSAFE_SHARE	1
 #define LSM_UNSAFE_PTRACE	2
 #define LSM_UNSAFE_PTRACE_CAP	4
 #ifdef CONFIG_MMU
 /*
  * If a hint addr is less than mmap_min_addr change hint to be as
  * low as possible but still greater than mmap_min_addr
  */
 static inline unsigned long round_hint_to_min(unsigned long hint)
 {
 	hint &= PAGE_MASK;
 	if (((void *)hint != NULL) &&
 	    (hint < mmap_min_addr))
 		return PAGE_ALIGN(mmap_min_addr);
 	return hint;
 }
 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
 				 void __user *buffer, size_t *lenp, loff_t *ppos);
 #endif
 #ifdef CONFIG_SECURITY
 struct security_mnt_opts {
 	char **mnt_opts;
 	int *mnt_opts_flags;
 	int num_mnt_opts;
 };
 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
 {
 	opts->mnt_opts = NULL;
 	opts->mnt_opts_flags = NULL;
 	opts->num_mnt_opts = 0;
 }
 static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 {
 	int i;
 	if (opts->mnt_opts)
 		for (i = 0; i < opts->num_mnt_opts; i++)
 			kfree(opts->mnt_opts[i]);
 	kfree(opts->mnt_opts);
 	opts->mnt_opts = NULL;
 	kfree(opts->mnt_opts_flags);
 	opts->mnt_opts_flags = NULL;
 	opts->num_mnt_opts = 0;
 }
 /**
  * struct security_operations - main security structure
  *
  * Security module identifier.
  *
  * @name:
  *	A string that acts as a unique identifeir for the LSM with max number
  *	of characters = SECURITY_NAME_MAX.
  *
  * Security hooks for program execution operations.
  *
  * @bprm_set_creds:
  *	Save security information in the bprm->security field, typically based
  *	on information about the bprm->file, for later use by the apply_creds
  *	hook.  This hook may also optionally check permissions (e.g. for
  *	transitions between security domains).
  *	This hook may be called multiple times during a single execve, e.g. for
  *	interpreters.  The hook can tell whether it has already been called by
  *	checking to see if @bprm->security is non-NULL.  If so, then the hook
  *	may decide either to retain the security information saved earlier or
  *	to replace it.
  *	@bprm contains the linux_binprm structure.
  *	Return 0 if the hook is successful and permission is granted.
  * @bprm_check_security:
  *	This hook mediates the point when a search for a binary handler will
  *	begin.  It allows a check the @bprm->security value which is set in the
  *	preceding set_creds call.  The primary difference from set_creds is
  *	that the argv list and envp list are reliably available in @bprm.  This
  *	hook may be called multiple times during a single execve; and in each
  *	pass set_creds is called first.
  *	@bprm contains the linux_binprm structure.
  *	Return 0 if the hook is successful and permission is granted.
  * @bprm_committing_creds:
  *	Prepare to install the new security attributes of a process being
  *	transformed by an execve operation, based on the old credentials
  *	pointed to by @current->cred and the information set in @bprm->cred by
  *	the bprm_set_creds hook.  @bprm points to the linux_binprm structure.
  *	This hook is a good place to perform state changes on the process such
  *	as closing open file descriptors to which access will no longer be
  *	granted when the attributes are changed.  This is called immediately
  *	before commit_creds().
  * @bprm_committed_creds:
  *	Tidy up after the installation of the new security attributes of a
  *	process being transformed by an execve operation.  The new credentials
  *	have, by this point, been set to @current->cred.  @bprm points to the
  *	linux_binprm structure.  This hook is a good place to perform state
  *	changes on the process such as clearing out non-inheritable signal
  *	state.  This is called immediately after commit_creds().
  * @bprm_secureexec:
  *	Return a boolean value (0 or 1) indicating whether a "secure exec"
  *	is required.  The flag is passed in the auxiliary table
  *	on the initial stack to the ELF interpreter to indicate whether libc
  *	should enable secure mode.
  *	@bprm contains the linux_binprm structure.
  *
  * Security hooks for filesystem operations.
  *
  * @sb_alloc_security:
  *	Allocate and attach a security structure to the sb->s_security field.
  *	The s_security field is initialized to NULL when the structure is
  *	allocated.
  *	@sb contains the super_block structure to be modified.
  *	Return 0 if operation was successful.
  * @sb_free_security:
  *	Deallocate and clear the sb->s_security field.
  *	@sb contains the super_block structure to be modified.
  * @sb_statfs:
  *	Check permission before obtaining filesystem statistics for the @mnt
  *	mountpoint.
  *	@dentry is a handle on the superblock for the filesystem.
  *	Return 0 if permission is granted.
  * @sb_mount:
  *	Check permission before an object specified by @dev_name is mounted on
  *	the mount point named by @nd.  For an ordinary mount, @dev_name
  *	identifies a device if the file system type requires a device.  For a
  *	remount (@flags & MS_REMOUNT), @dev_name is irrelevant.  For a
  *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
  *	pathname of the object being mounted.
  *	@dev_name contains the name for object being mounted.
  *	@path contains the path for mount point object.
  *	@type contains the filesystem type.
  *	@flags contains the mount flags.
  *	@data contains the filesystem-specific data.
  *	Return 0 if permission is granted.
  * @sb_copy_data:
  *	Allow mount option data to be copied prior to parsing by the filesystem,
  *	so that the security module can extract security-specific mount
  *	options cleanly (a filesystem may modify the data e.g. with strsep()).
  *	This also allows the original mount data to be stripped of security-
  *	specific options to avoid having to make filesystems aware of them.
  *	@type the type of filesystem being mounted.
  *	@orig the original mount data copied from userspace.
  *	@copy copied data which will be passed to the security module.
  *	Returns 0 if the copy was successful.
  * @sb_umount:
  *	Check permission before the @mnt file system is unmounted.
  *	@mnt contains the mounted file system.
  *	@flags contains the unmount flags, e.g. MNT_FORCE.
  *	Return 0 if permission is granted.
  * @sb_pivotroot:
  *	Check permission before pivoting the root filesystem.
  *	@old_path contains the path for the new location of the current root (put_old).
  *	@new_path contains the path for the new root (new_root).
  *	Return 0 if permission is granted.
  * @sb_set_mnt_opts:
  *	Set the security relevant mount options used for a superblock
  *	@sb the superblock to set security mount options for
  *	@opts binary data structure containing all lsm mount data
  * @sb_clone_mnt_opts:
  *	Copy all security options from a given superblock to another
  *	@oldsb old superblock which contain information to clone
  *	@newsb new superblock which needs filled in
  * @sb_parse_opts_str:
  *	Parse a string of security data filling in the opts structure
  *	@options string containing all mount options known by the LSM
  *	@opts binary data structure usable by the LSM
  *
  * Security hooks for inode operations.
  *
  * @inode_alloc_security:
  *	Allocate and attach a security structure to @inode->i_security.  The
  *	i_security field is initialized to NULL when the inode structure is
  *	allocated.
  *	@inode contains the inode structure.
  *	Return 0 if operation was successful.
  * @inode_free_security:
  *	@inode contains the inode structure.
  *	Deallocate the inode security structure and set @inode->i_security to
  *	NULL.
  * @inode_init_security:
  *	Obtain the security attribute name suffix and value to set on a newly
  *	created inode and set up the incore security field for the new inode.
  *	This hook is called by the fs code as part of the inode creation
  *	transaction and provides for atomic labeling of the inode, unlike
  *	the post_create/mkdir/... hooks called by the VFS.  The hook function
  *	is expected to allocate the name and value via kmalloc, with the caller
  *	being responsible for calling kfree after using them.
  *	If the security module does not use security attributes or does
  *	not wish to put a security attribute on this particular inode,
  *	then it should return -EOPNOTSUPP to skip this processing.
  *	@inode contains the inode structure of the newly created inode.
  *	@dir contains the inode structure of the parent directory.
  *	@name will be set to the allocated name suffix (e.g. selinux).
  *	@value will be set to the allocated attribute value.
  *	@len will be set to the length of the value.
  *	Returns 0 if @name and @value have been successfully set,
  *		-EOPNOTSUPP if no security attribute is needed, or
  *		-ENOMEM on memory allocation failure.
  * @inode_create:
  *	Check permission to create a regular file.
  *	@dir contains inode structure of the parent of the new file.
  *	@dentry contains the dentry structure for the file to be created.
  *	@mode contains the file mode of the file to be created.
  *	Return 0 if permission is granted.
  * @inode_link:
  *	Check permission before creating a new hard link to a file.
  *	@old_dentry contains the dentry structure for an existing link to the file.
  *	@dir contains the inode structure of the parent directory of the new link.
  *	@new_dentry contains the dentry structure for the new link.
  *	Return 0 if permission is granted.
  * @path_link:
  *	Check permission before creating a new hard link to a file.
  *	@old_dentry contains the dentry structure for an existing link
  *	to the file.
  *	@new_dir contains the path structure of the parent directory of
  *	the new link.
  *	@new_dentry contains the dentry structure for the new link.
  *	Return 0 if permission is granted.
  * @inode_unlink:
  *	Check the permission to remove a hard link to a file.
  *	@dir contains the inode structure of parent directory of the file.
  *	@dentry contains the dentry structure for file to be unlinked.
  *	Return 0 if permission is granted.
  * @path_unlink:
  *	Check the permission to remove a hard link to a file.
  *	@dir contains the path structure of parent directory of the file.
  *	@dentry contains the dentry structure for file to be unlinked.
  *	Return 0 if permission is granted.
  * @inode_symlink:
  *	Check the permission to create a symbolic link to a file.
  *	@dir contains the inode structure of parent directory of the symbolic link.
  *	@dentry contains the dentry structure of the symbolic link.
  *	@old_name contains the pathname of file.
  *	Return 0 if permission is granted.
  * @path_symlink:
  *	Check the permission to create a symbolic link to a file.
  *	@dir contains the path structure of parent directory of
  *	the symbolic link.
  *	@dentry contains the dentry structure of the symbolic link.
  *	@old_name contains the pathname of file.
  *	Return 0 if permission is granted.
  * @inode_mkdir:
  *	Check permissions to create a new directory in the existing directory
  *	associated with inode strcture @dir.
  *	@dir containst the inode structure of parent of the directory to be created.
  *	@dentry contains the dentry structure of new directory.
  *	@mode contains the mode of new directory.
  *	Return 0 if permission is granted.
  * @path_mkdir:
  *	Check permissions to create a new directory in the existing directory
  *	associated with path strcture @path.
  *	@dir containst the path structure of parent of the directory
  *	to be created.
  *	@dentry contains the dentry structure of new directory.
  *	@mode contains the mode of new directory.
  *	Return 0 if permission is granted.
  * @inode_rmdir:
  *	Check the permission to remove a directory.
  *	@dir contains the inode structure of parent of the directory to be removed.
  *	@dentry contains the dentry structure of directory to be removed.
  *	Return 0 if permission is granted.
  * @path_rmdir:
  *	Check the permission to remove a directory.
  *	@dir contains the path structure of parent of the directory to be
  *	removed.
  *	@dentry contains the dentry structure of directory to be removed.
  *	Return 0 if permission is granted.
  * @inode_mknod:
  *	Check permissions when creating a special file (or a socket or a fifo
  *	file created via the mknod system call).  Note that if mknod operation
  *	is being done for a regular file, then the create hook will be called
  *	and not this hook.
  *	@dir contains the inode structure of parent of the new file.
  *	@dentry contains the dentry structure of the new file.
  *	@mode contains the mode of the new file.
  *	@dev contains the device number.
  *	Return 0 if permission is granted.
  * @path_mknod:
  *	Check permissions when creating a file. Note that this hook is called
  *	even if mknod operation is being done for a regular file.
  *	@dir contains the path structure of parent of the new file.
  *	@dentry contains the dentry structure of the new file.
  *	@mode contains the mode of the new file.
  *	@dev contains the undecoded device number. Use new_decode_dev() to get
  *	the decoded device number.
  *	Return 0 if permission is granted.
  * @inode_rename:
  *	Check for permission to rename a file or directory.
  *	@old_dir contains the inode structure for parent of the old link.
  *	@old_dentry contains the dentry structure of the old link.
  *	@new_dir contains the inode structure for parent of the new link.
  *	@new_dentry contains the dentry structure of the new link.
  *	Return 0 if permission is granted.
  * @path_rename:
  *	Check for permission to rename a file or directory.
  *	@old_dir contains the path structure for parent of the old link.
  *	@old_dentry contains the dentry structure of the old link.
  *	@new_dir contains the path structure for parent of the new link.
  *	@new_dentry contains the dentry structure of the new link.
  *	Return 0 if permission is granted.
  * @path_chmod:
  *	Check for permission to change DAC's permission of a file or directory.
  *	@dentry contains the dentry structure.
  *	@mnt contains the vfsmnt structure.
  *	@mode contains DAC's mode.
  *	Return 0 if permission is granted.
  * @path_chown:
  *	Check for permission to change owner/group of a file or directory.
  *	@path contains the path structure.
  *	@uid contains new owner's ID.
  *	@gid contains new group's ID.
  *	Return 0 if permission is granted.
  * @path_chroot:
  *	Check for permission to change root directory.
  *	@path contains the path structure.
  *	Return 0 if permission is granted.
  * @inode_readlink:
  *	Check the permission to read the symbolic link.
  *	@dentry contains the dentry structure for the file link.
  *	Return 0 if permission is granted.
  * @inode_follow_link:
  *	Check permission to follow a symbolic link when looking up a pathname.
  *	@dentry contains the dentry structure for the link.
  *	@nd contains the nameidata structure for the parent directory.
  *	Return 0 if permission is granted.
  * @inode_permission:
  *	Check permission before accessing an inode.  This hook is called by the
  *	existing Linux permission function, so a security module can use it to
  *	provide additional checking for existing Linux permission checks.
  *	Notice that this hook is called when a file is opened (as well as many
  *	other operations), whereas the file_security_ops permission hook is
  *	called when the actual read/write operations are performed.
  *	@inode contains the inode structure to check.
  *	@mask contains the permission mask.
  *	@nd contains the nameidata (may be NULL).
  *	Return 0 if permission is granted.
  * @inode_setattr:
  *	Check permission before setting file attributes.  Note that the kernel
  *	call to notify_change is performed from several locations, whenever
  *	file attributes change (such as when a file is truncated, chown/chmod
  *	operations, transferring disk quotas, etc).
  *	@dentry contains the dentry structure for the file.
  *	@attr is the iattr structure containing the new file attributes.
  *	Return 0 if permission is granted.
  * @path_truncate:
  *	Check permission before truncating a file.
  *	@path contains the path structure for the file.
  *	Return 0 if permission is granted.
  * @inode_getattr:
  *	Check permission before obtaining file attributes.
  *	@mnt is the vfsmount where the dentry was looked up
  *	@dentry contains the dentry structure for the file.
  *	Return 0 if permission is granted.
  * @inode_setxattr:
  *	Check permission before setting the extended attributes
  *	@value identified by @name for @dentry.
  *	Return 0 if permission is granted.
  * @inode_post_setxattr:
  *	Update inode security field after successful setxattr operation.
  *	@value identified by @name for @dentry.
  * @inode_getxattr:
  *	Check permission before obtaining the extended attributes
  *	identified by @name for @dentry.
  *	Return 0 if permission is granted.
  * @inode_listxattr:
  *	Check permission before obtaining the list of extended attribute
  *	names for @dentry.
  *	Return 0 if permission is granted.
  * @inode_removexattr:
  *	Check permission before removing the extended attribute
  *	identified by @name for @dentry.
  *	Return 0 if permission is granted.
  * @inode_getsecurity:
  *	Retrieve a copy of the extended attribute representation of the
  *	security label associated with @name for @inode via @buffer.  Note that
  *	@name is the remainder of the attribute name after the security prefix
  *	has been removed. @alloc is used to specify of the call should return a
  *	value via the buffer or just the value length Return size of buffer on
  *	success.
  * @inode_setsecurity:
  *	Set the security label associated with @name for @inode from the
  *	extended attribute value @value.  @size indicates the size of the
  *	@value in bytes.  @flags may be XATTR_CREATE, XATTR_REPLACE, or 0.
  *	Note that @name is the remainder of the attribute name after the
  *	security. prefix has been removed.
  *	Return 0 on success.
  * @inode_listsecurity:
  *	Copy the extended attribute names for the security labels
  *	associated with @inode into @buffer.  The maximum size of @buffer
  *	is specified by @buffer_size.  @buffer may be NULL to request
  *	the size of the buffer required.
  *	Returns number of bytes used/required on success.
  * @inode_need_killpriv:
  *	Called when an inode has been changed.
  *	@dentry is the dentry being changed.
  *	Return <0 on error to abort the inode change operation.
  *	Return 0 if inode_killpriv does not need to be called.
  *	Return >0 if inode_killpriv does need to be called.
  * @inode_killpriv:
  *	The setuid bit is being removed.  Remove similar security labels.
  *	Called with the dentry->d_inode->i_mutex held.
  *	@dentry is the dentry being changed.
  *	Return 0 on success.  If error is returned, then the operation
  *	causing setuid bit removal is failed.
  * @inode_getsecid:
  *	Get the secid associated with the node.
  *	@inode contains a pointer to the inode.
  *	@secid contains a pointer to the location where result will be saved.
  *	In case of failure, @secid will be set to zero.
  *
  * Security hooks for file operations
  *
  * @file_permission:
  *	Check file permissions before accessing an open file.  This hook is
  *	called by various operations that read or write files.  A security
  *	module can use this hook to perform additional checking on these
  *	operations, e.g.  to revalidate permissions on use to support privilege
  *	bracketing or policy changes.  Notice that this hook is used when the
  *	actual read/write operations are performed, whereas the
  *	inode_security_ops hook is called when a file is opened (as well as
  *	many other operations).
  *	Caveat:  Although this hook can be used to revalidate permissions for
  *	various system call operations that read or write files, it does not
  *	address the revalidation of permissions for memory-mapped files.
  *	Security modules must handle this separately if they need such
  *	revalidation.
  *	@file contains the file structure being accessed.
  *	@mask contains the requested permissions.
  *	Return 0 if permission is granted.
  * @file_alloc_security:
  *	Allocate and attach a security structure to the file->f_security field.
  *	The security field is initialized to NULL when the structure is first
  *	created.
  *	@file contains the file structure to secure.
  *	Return 0 if the hook is successful and permission is granted.
  * @file_free_security:
  *	Deallocate and free any security structures stored in file->f_security.
  *	@file contains the file structure being modified.
  * @file_ioctl:
  *	@file contains the file structure.
  *	@cmd contains the operation to perform.
  *	@arg contains the operational arguments.
  *	Check permission for an ioctl operation on @file.  Note that @arg can
  *	sometimes represents a user space pointer; in other cases, it may be a
  *	simple integer value.  When @arg represents a user space pointer, it
  *	should never be used by the security module.
  *	Return 0 if permission is granted.
  * @file_mmap :
  *	Check permissions for a mmap operation.  The @file may be NULL, e.g.
  *	if mapping anonymous memory.
  *	@file contains the file structure for file to map (may be NULL).
  *	@reqprot contains the protection requested by the application.
  *	@prot contains the protection that will be applied by the kernel.
  *	@flags contains the operational flags.
  *	Return 0 if permission is granted.
  * @file_mprotect:
  *	Check permissions before changing memory access permissions.
  *	@vma contains the memory region to modify.
  *	@reqprot contains the protection requested by the application.
  *	@prot contains the protection that will be applied by the kernel.
  *	Return 0 if permission is granted.
  * @file_lock:
  *	Check permission before performing file locking operations.
  *	Note: this hook mediates both flock and fcntl style locks.
  *	@file contains the file structure.
  *	@cmd contains the posix-translated lock operation to perform
  *	(e.g. F_RDLCK, F_WRLCK).
  *	Return 0 if permission is granted.
  * @file_fcntl:
  *	Check permission before allowing the file operation specified by @cmd
  *	from being performed on the file @file.  Note that @arg can sometimes
  *	represents a user space pointer; in other cases, it may be a simple
  *	integer value.  When @arg represents a user space pointer, it should
  *	never be used by the security module.
  *	@file contains the file structure.
  *	@cmd contains the operation to be performed.
  *	@arg contains the operational arguments.
  *	Return 0 if permission is granted.
  * @file_set_fowner:
  *	Save owner security information (typically from current->security) in
  *	file->f_security for later use by the send_sigiotask hook.
  *	@file contains the file structure to update.
  *	Return 0 on success.
  * @file_send_sigiotask:
  *	Check permission for the file owner @fown to send SIGIO or SIGURG to the
  *	process @tsk.  Note that this hook is sometimes called from interrupt.
  *	Note that the fown_struct, @fown, is never outside the context of a
  *	struct file, so the file structure (and associated security information)
  *	can always be obtained:
  *		container_of(fown, struct file, f_owner)
  *	@tsk contains the structure of task receiving signal.
  *	@fown contains the file owner information.
  *	@sig is the signal that will be sent.  When 0, kernel sends SIGIO.
  *	Return 0 if permission is granted.
  * @file_receive:
  *	This hook allows security modules to control the ability of a process
  *	to receive an open file descriptor via socket IPC.
  *	@file contains the file structure being received.
  *	Return 0 if permission is granted.
  *
  * Security hook for dentry
  *
  * @dentry_open
  *	Save open-time permission checking state for later use upon
  *	file_permission, and recheck access if anything has changed
  *	since inode_permission.
  *
  * Security hooks for task operations.
  *
  * @task_create:
  *	Check permission before creating a child process.  See the clone(2)
  *	manual page for definitions of the @clone_flags.
  *	@clone_flags contains the flags indicating what should be shared.
  *	Return 0 if permission is granted.
  * @cred_alloc_blank:
  *	@cred points to the credentials.
  *	@gfp indicates the atomicity of any memory allocations.
  *	Only allocate sufficient memory and attach to @cred such that
  *	cred_transfer() will not get ENOMEM.
  * @cred_free:
  *	@cred points to the credentials.
  *	Deallocate and clear the cred->security field in a set of credentials.
  * @cred_prepare:
  *	@new points to the new credentials.
  *	@old points to the original credentials.
  *	@gfp indicates the atomicity of any memory allocations.
  *	Prepare a new set of credentials by copying the data from the old set.
  * @cred_transfer:
  *	@new points to the new credentials.
  *	@old points to the original credentials.
  *	Transfer data from original creds to new creds
  * @kernel_act_as:
  *	Set the credentials for a kernel service to act as (subjective context).
  *	@new points to the credentials to be modified.
  *	@secid specifies the security ID to be set
  *	The current task must be the one that nominated @secid.
  *	Return 0 if successful.
  * @kernel_create_files_as:
  *	Set the file creation context in a set of credentials to be the same as
  *	the objective context of the specified inode.
  *	@new points to the credentials to be modified.
  *	@inode points to the inode to use as a reference.
  *	The current task must be the one that nominated @inode.
  *	Return 0 if successful.
  * @kernel_module_request:
  *	Ability to trigger the kernel to automatically upcall to userspace for
  *	userspace to load a kernel module with the given name.
  *	@kmod_name name of the module requested by the kernel
  *	Return 0 if successful.
  * @task_fix_setuid:
  *	Update the module's state after setting one or more of the user
  *	identity attributes of the current process.  The @flags parameter
  *	indicates which of the set*uid system calls invoked this hook.  If
  *	@new is the set of credentials that will be installed.  Modifications
  *	should be made to this rather than to @current->cred.
  *	@old is the set of credentials that are being replaces
  *	@flags contains one of the LSM_SETID_* values.
  *	Return 0 on success.
  * @task_setpgid:
  *	Check permission before setting the process group identifier of the
  *	process @p to @pgid.
  *	@p contains the task_struct for process being modified.
  *	@pgid contains the new pgid.
  *	Return 0 if permission is granted.
  * @task_getpgid:
  *	Check permission before getting the process group identifier of the
  *	process @p.
  *	@p contains the task_struct for the process.
  *	Return 0 if permission is granted.
  * @task_getsid:
  *	Check permission before getting the session identifier of the process
  *	@p.
  *	@p contains the task_struct for the process.
  *	Return 0 if permission is granted.
  * @task_getsecid:
  *	Retrieve the security identifier of the process @p.
  *	@p contains the task_struct for the process and place is into @secid.
  *	In case of failure, @secid will be set to zero.
  *
  * @task_setnice:
  *	Check permission before setting the nice value of @p to @nice.
  *	@p contains the task_struct of process.
  *	@nice contains the new nice value.
  *	Return 0 if permission is granted.
  * @task_setioprio
  *	Check permission before setting the ioprio value of @p to @ioprio.
  *	@p contains the task_struct of process.
  *	@ioprio contains the new ioprio value
  *	Return 0 if permission is granted.
  * @task_getioprio
  *	Check permission before getting the ioprio value of @p.
  *	@p contains the task_struct of process.
  *	Return 0 if permission is granted.
  * @task_setrlimit:
  *	Check permission before setting the resource limits of the current
  *	process for @resource to @new_rlim.  The old resource limit values can
  *	be examined by dereferencing (current->signal->rlim + resource).
  *	@resource contains the resource whose limit is being set.
  *	@new_rlim contains the new limits for @resource.
  *	Return 0 if permission is granted.
  * @task_setscheduler:
  *	Check permission before setting scheduling policy and/or parameters of
  *	process @p based on @policy and @lp.
  *	@p contains the task_struct for process.
  *	@policy contains the scheduling policy.
  *	@lp contains the scheduling parameters.
  *	Return 0 if permission is granted.
  * @task_getscheduler:
  *	Check permission before obtaining scheduling information for process
  *	@p.
  *	@p contains the task_struct for process.
  *	Return 0 if permission is granted.
  * @task_movememory
  *	Check permission before moving memory owned by process @p.
  *	@p contains the task_struct for process.
  *	Return 0 if permission is granted.
  * @task_kill:
  *	Check permission before sending signal @sig to @p.  @info can be NULL,
  *	the constant 1, or a pointer to a siginfo structure.  If @info is 1 or
  *	SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
  *	from the kernel and should typically be permitted.
  *	SIGIO signals are handled separately by the send_sigiotask hook in
  *	file_security_ops.
  *	@p contains the task_struct for process.
  *	@info contains the signal information.
  *	@sig contains the signal value.
  *	@secid contains the sid of the process where the signal originated
  *	Return 0 if permission is granted.
  * @task_wait:
  *	Check permission before allowing a process to reap a child process @p
  *	and collect its status information.
  *	@p contains the task_struct for process.
  *	Return 0 if permission is granted.
  * @task_prctl:
  *	Check permission before performing a process control operation on the
  *	current process.
  *	@option contains the operation.
  *	@arg2 contains a argument.
  *	@arg3 contains a argument.
  *	@arg4 contains a argument.
  *	@arg5 contains a argument.
  *	Return -ENOSYS if no-one wanted to handle this op, any other value to
  *	cause prctl() to return immediately with that value.
  * @task_to_inode:
  *	Set the security attributes for an inode based on an associated task's
  *	security attributes, e.g. for /proc/pid inodes.
  *	@p contains the task_struct for the task.
  *	@inode contains the inode structure for the inode.
  *
  * Security hooks for Netlink messaging.
  *
  * @netlink_send:
  *	Save security information for a netlink message so that permission
  *	checking can be performed when the message is processed.  The security
  *	information can be saved using the eff_cap field of the
  *	netlink_skb_parms structure.  Also may be used to provide fine
  *	grained control over message transmission.
  *	@sk associated sock of task sending the message.,
  *	@skb contains the sk_buff structure for the netlink message.
  *	Return 0 if the information was successfully saved and message
  *	is allowed to be transmitted.
  * @netlink_recv:
  *	Check permission before processing the received netlink message in
  *	@skb.
  *	@skb contains the sk_buff structure for the netlink message.
  *	@cap indicates the capability required
  *	Return 0 if permission is granted.
  *
  * Security hooks for Unix domain networking.
  *
  * @unix_stream_connect:
  *	Check permissions before establishing a Unix domain stream connection
  *	between @sock and @other.
- *	@sock contains the socket structure.
+ *	@sock contains the sock structure.
- *	@other contains the peer socket structure.
+ *	@other contains the peer sock structure.
+ *	@newsk contains the new sock structure.
  *	Return 0 if permission is granted.
  * @unix_may_send:
  *	Check permissions before connecting or sending datagrams from @sock to
  *	@other.
  *	@sock contains the socket structure.
  *	@sock contains the peer socket structure.
  *	Return 0 if permission is granted.
  *
  * The @unix_stream_connect and @unix_may_send hooks were necessary because
  * Linux provides an alternative to the conventional file name space for Unix
  * domain sockets.  Whereas binding and connecting to sockets in the file name
  * space is mediated by the typical file permissions (and caught by the mknod
  * and permission hooks in inode_security_ops), binding and connecting to
  * sockets in the abstract name space is completely unmediated.  Sufficient
  * control of Unix domain sockets in the abstract name space isn't possible
  * using only the socket layer hooks, since we need to know the actual target
  * socket, which is not looked up until we are inside the af_unix code.
  *
  * Security hooks for socket operations.
  *
  * @socket_create:
  *	Check permissions prior to creating a new socket.
  *	@family contains the requested protocol family.
  *	@type contains the requested communications type.
  *	@protocol contains the requested protocol.
  *	@kern set to 1 if a kernel socket.
  *	Return 0 if permission is granted.
  * @socket_post_create:
  *	This hook allows a module to update or allocate a per-socket security
  *	structure. Note that the security field was not added directly to the
  *	socket structure, but rather, the socket security information is stored
  *	in the associated inode.  Typically, the inode alloc_security hook will
  *	allocate and and attach security information to
  *	sock->inode->i_security.  This hook may be used to update the
  *	sock->inode->i_security field with additional information that wasn't
  *	available when the inode was allocated.
  *	@sock contains the newly created socket structure.
  *	@family contains the requested protocol family.
  *	@type contains the requested communications type.
  *	@protocol contains the requested protocol.
  *	@kern set to 1 if a kernel socket.
  * @socket_bind:
  *	Check permission before socket protocol layer bind operation is
  *	performed and the socket @sock is bound to the address specified in the
  *	@address parameter.
  *	@sock contains the socket structure.
  *	@address contains the address to bind to.
  *	@addrlen contains the length of address.
  *	Return 0 if permission is granted.
  * @socket_connect:
  *	Check permission before socket protocol layer connect operation
  *	attempts to connect socket @sock to a remote address, @address.
  *	@sock contains the socket structure.
  *	@address contains the address of remote endpoint.
  *	@addrlen contains the length of address.
  *	Return 0 if permission is granted.
  * @socket_listen:
  *	Check permission before socket protocol layer listen operation.
  *	@sock contains the socket structure.
  *	@backlog contains the maximum length for the pending connection queue.
  *	Return 0 if permission is granted.
  * @socket_accept:
  *	Check permission before accepting a new connection.  Note that the new
  *	socket, @newsock, has been created and some information copied to it,
  *	but the accept operation has not actually been performed.
  *	@sock contains the listening socket structure.
  *	@newsock contains the newly created server socket for connection.
  *	Return 0 if permission is granted.
  * @socket_sendmsg:
  *	Check permission before transmitting a message to another socket.
  *	@sock contains the socket structure.
  *	@msg contains the message to be transmitted.
  *	@size contains the size of message.
  *	Return 0 if permission is granted.
  * @socket_recvmsg:
  *	Check permission before receiving a message from a socket.
  *	@sock contains the socket structure.
  *	@msg contains the message structure.
  *	@size contains the size of message structure.
  *	@flags contains the operational flags.
  *	Return 0 if permission is granted.
  * @socket_getsockname:
  *	Check permission before the local address (name) of the socket object
  *	@sock is retrieved.
  *	@sock contains the socket structure.
  *	Return 0 if permission is granted.
  * @socket_getpeername:
  *	Check permission before the remote address (name) of a socket object
  *	@sock is retrieved.
  *	@sock contains the socket structure.
  *	Return 0 if permission is granted.
  * @socket_getsockopt:
  *	Check permissions before retrieving the options associated with socket
  *	@sock.
  *	@sock contains the socket structure.
  *	@level contains the protocol level to retrieve option from.
  *	@optname contains the name of option to retrieve.
  *	Return 0 if permission is granted.
  * @socket_setsockopt:
  *	Check permissions before setting the options associated with socket
  *	@sock.
  *	@sock contains the socket structure.
  *	@level contains the protocol level to set options for.
  *	@optname contains the name of the option to set.
  *	Return 0 if permission is granted.
  * @socket_shutdown:
  *	Checks permission before all or part of a connection on the socket
  *	@sock is shut down.
  *	@sock contains the socket structure.
  *	@how contains the flag indicating how future sends and receives are handled.
  *	Return 0 if permission is granted.
  * @socket_sock_rcv_skb:
  *	Check permissions on incoming network packets.  This hook is distinct
  *	from Netfilter's IP input hooks since it is the first time that the
  *	incoming sk_buff @skb has been associated with a particular socket, @sk.
  *	Must not sleep inside this hook because some callers hold spinlocks.
  *	@sk contains the sock (not socket) associated with the incoming sk_buff.
  *	@skb contains the incoming network data.
  * @socket_getpeersec_stream:
  *	This hook allows the security module to provide peer socket security
  *	state for unix or connected tcp sockets to userspace via getsockopt
  *	SO_GETPEERSEC.  For tcp sockets this can be meaningful if the
  *	socket is associated with an ipsec SA.
  *	@sock is the local socket.
  *	@optval userspace memory where the security state is to be copied.
  *	@optlen userspace int where the module should copy the actual length
  *	of the security state.
  *	@len as input is the maximum length to copy to userspace provided
  *	by the caller.
  *	Return 0 if all is well, otherwise, typical getsockopt return
  *	values.
  * @socket_getpeersec_dgram:
  *	This hook allows the security module to provide peer socket security
  *	state for udp sockets on a per-packet basis to userspace via
  *	getsockopt SO_GETPEERSEC.  The application must first have indicated
  *	the IP_PASSSEC option via getsockopt.  It can then retrieve the
  *	security state returned by this hook for a packet via the SCM_SECURITY
  *	ancillary message type.
  *	@skb is the skbuff for the packet being queried
  *	@secdata is a pointer to a buffer in which to copy the security data
  *	@seclen is the maximum length for @secdata
  *	Return 0 on success, error on failure.
  * @sk_alloc_security:
  *	Allocate and attach a security structure to the sk->sk_security field,
  *	which is used to copy security attributes between local stream sockets.
  * @sk_free_security:
  *	Deallocate security structure.
  * @sk_clone_security:
  *	Clone/copy security structure.
  * @sk_getsecid:
  *	Retrieve the LSM-specific secid for the sock to enable caching of network
  *	authorizations.
  * @sock_graft:
  *	Sets the socket's isec sid to the sock's sid.
  * @inet_conn_request:
  *	Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
  * @inet_csk_clone:
  *	Sets the new child socket's sid to the openreq sid.
  * @inet_conn_established:
  *	Sets the connection's peersid to the secmark on skb.
  * @secmark_relabel_packet:
  *	check if the process should be allowed to relabel packets to the given secid
  * @security_secmark_refcount_inc
  *	tells the LSM to increment the number of secmark labeling rules loaded
  * @security_secmark_refcount_dec
  *	tells the LSM to decrement the number of secmark labeling rules loaded
  * @req_classify_flow:
  *	Sets the flow's sid to the openreq sid.
  * @tun_dev_create:
  *	Check permissions prior to creating a new TUN device.
  * @tun_dev_post_create:
  *	This hook allows a module to update or allocate a per-socket security
  *	structure.
  *	@sk contains the newly created sock structure.
  * @tun_dev_attach:
  *	Check permissions prior to attaching to a persistent TUN device.  This
  *	hook can also be used by the module to update any security state
  *	associated with the TUN device's sock structure.
  *	@sk contains the existing sock structure.
  *
  * Security hooks for XFRM operations.
  *
  * @xfrm_policy_alloc_security:
  *	@ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
  *	Database used by the XFRM system.
  *	@sec_ctx contains the security context information being provided by
  *	the user-level policy update program (e.g., setkey).
  *	Allocate a security structure to the xp->security field; the security
  *	field is initialized to NULL when the xfrm_policy is allocated.
  *	Return 0 if operation was successful (memory to allocate, legal context)
  * @xfrm_policy_clone_security:
  *	@old_ctx contains an existing xfrm_sec_ctx.
  *	@new_ctxp contains a new xfrm_sec_ctx being cloned from old.
  *	Allocate a security structure in new_ctxp that contains the
  *	information from the old_ctx structure.
  *	Return 0 if operation was successful (memory to allocate).
  * @xfrm_policy_free_security:
  *	@ctx contains the xfrm_sec_ctx
  *	Deallocate xp->security.
  * @xfrm_policy_delete_security:
  *	@ctx contains the xfrm_sec_ctx.
  *	Authorize deletion of xp->security.
  * @xfrm_state_alloc_security:
  *	@x contains the xfrm_state being added to the Security Association
  *	Database by the XFRM system.
  *	@sec_ctx contains the security context information being provided by
  *	the user-level SA generation program (e.g., setkey or racoon).
  *	@secid contains the secid from which to take the mls portion of the context.
  *	Allocate a security structure to the x->security field; the security
  *	field is initialized to NULL when the xfrm_state is allocated. Set the
  *	context to correspond to either sec_ctx or polsec, with the mls portion
  *	taken from secid in the latter case.
  *	Return 0 if operation was successful (memory to allocate, legal context).
  * @xfrm_state_free_security:
  *	@x contains the xfrm_state.
  *	Deallocate x->security.
  * @xfrm_state_delete_security:
  *	@x contains the xfrm_state.
  *	Authorize deletion of x->security.
  * @xfrm_policy_lookup:
  *	@ctx contains the xfrm_sec_ctx for which the access control is being
  *	checked.
  *	@fl_secid contains the flow security label that is used to authorize
  *	access to the policy xp.
  *	@dir contains the direction of the flow (input or output).
  *	Check permission when a flow selects a xfrm_policy for processing
  *	XFRMs on a packet.  The hook is called when selecting either a
  *	per-socket policy or a generic xfrm policy.
  *	Return 0 if permission is granted, -ESRCH otherwise, or -errno
  *	on other errors.
  * @xfrm_state_pol_flow_match:
  *	@x contains the state to match.
  *	@xp contains the policy to check for a match.
  *	@fl contains the flow to check for a match.
  *	Return 1 if there is a match.
  * @xfrm_decode_session:
  *	@skb points to skb to decode.
  *	@secid points to the flow key secid to set.
  *	@ckall says if all xfrms used should be checked for same secid.
  *	Return 0 if ckall is zero or all xfrms used have the same secid.
  *
  * Security hooks affecting all Key Management operations
  *
  * @key_alloc:
  *	Permit allocation of a key and assign security data. Note that key does
  *	not have a serial number assigned at this point.
  *	@key points to the key.
  *	@flags is the allocation flags
  *	Return 0 if permission is granted, -ve error otherwise.
  * @key_free:
  *	Notification of destruction; free security data.
  *	@key points to the key.
  *	No return value.
  * @key_permission:
  *	See whether a specific operational right is granted to a process on a
  *	key.
  *	@key_ref refers to the key (key pointer + possession attribute bit).
  *	@cred points to the credentials to provide the context against which to
  *	evaluate the security data on the key.
  *	@perm describes the combination of permissions required of this key.
  *	Return 1 if permission granted, 0 if permission denied and -ve it the
  *	normal permissions model should be effected.
  * @key_getsecurity:
  *	Get a textual representation of the security context attached to a key
  *	for the purposes of honouring KEYCTL_GETSECURITY.  This function
  *	allocates the storage for the NUL-terminated string and the caller
  *	should free it.
  *	@key points to the key to be queried.
  *	@_buffer points to a pointer that should be set to point to the
  *	 resulting string (if no label or an error occurs).
  *	Return the length of the string (including terminating NUL) or -ve if
  *      an error.
  *	May also return 0 (and a NULL buffer pointer) if there is no label.
  *
  * Security hooks affecting all System V IPC operations.
  *
  * @ipc_permission:
  *	Check permissions for access to IPC
  *	@ipcp contains the kernel IPC permission structure
  *	@flag contains the desired (requested) permission set
  *	Return 0 if permission is granted.
  * @ipc_getsecid:
  *	Get the secid associated with the ipc object.
  *	@ipcp contains the kernel IPC permission structure.
  *	@secid contains a pointer to the location where result will be saved.
  *	In case of failure, @secid will be set to zero.
  *
  * Security hooks for individual messages held in System V IPC message queues
  * @msg_msg_alloc_security:
  *	Allocate and attach a security structure to the msg->security field.
  *	The security field is initialized to NULL when the structure is first
  *	created.
  *	@msg contains the message structure to be modified.
  *	Return 0 if operation was successful and permission is granted.
  * @msg_msg_free_security:
  *	Deallocate the security structure for this message.
  *	@msg contains the message structure to be modified.
  *
  * Security hooks for System V IPC Message Queues
  *
  * @msg_queue_alloc_security:
  *	Allocate and attach a security structure to the
  *	msq->q_perm.security field. The security field is initialized to
  *	NULL when the structure is first created.
  *	@msq contains the message queue structure to be modified.
  *	Return 0 if operation was successful and permission is granted.
  * @msg_queue_free_security:
  *	Deallocate security structure for this message queue.
  *	@msq contains the message queue structure to be modified.
  * @msg_queue_associate:
  *	Check permission when a message queue is requested through the
  *	msgget system call.  This hook is only called when returning the
  *	message queue identifier for an existing message queue, not when a
  *	new message queue is created.
  *	@msq contains the message queue to act upon.
  *	@msqflg contains the operation control flags.
  *	Return 0 if permission is granted.
  * @msg_queue_msgctl:
  *	Check permission when a message control operation specified by @cmd
  *	is to be performed on the message queue @msq.
  *	The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
  *	@msq contains the message queue to act upon.  May be NULL.
  *	@cmd contains the operation to be performed.
  *	Return 0 if permission is granted.
  * @msg_queue_msgsnd:
  *	Check permission before a message, @msg, is enqueued on the message
  *	queue, @msq.
  *	@msq contains the message queue to send message to.
  *	@msg contains the message to be enqueued.
  *	@msqflg contains operational flags.
  *	Return 0 if permission is granted.
  * @msg_queue_msgrcv:
  *	Check permission before a message, @msg, is removed from the message
  *	queue, @msq.  The @target task structure contains a pointer to the
  *	process that will be receiving the message (not equal to the current
  *	process when inline receives are being performed).
  *	@msq contains the message queue to retrieve message from.
  *	@msg contains the message destination.
  *	@target contains the task structure for recipient process.
  *	@type contains the type of message requested.
  *	@mode contains the operational flags.
  *	Return 0 if permission is granted.
  *
  * Security hooks for System V Shared Memory Segments
  *
  * @shm_alloc_security:
  *	Allocate and attach a security structure to the shp->shm_perm.security
  *	field.  The security field is initialized to NULL when the structure is
  *	first created.
  *	@shp contains the shared memory structure to be modified.
  *	Return 0 if operation was successful and permission is granted.
  * @shm_free_security:
  *	Deallocate the security struct for this memory segment.
  *	@shp contains the shared memory structure to be modified.
  * @shm_associate:
  *	Check permission when a shared memory region is requested through the
  *	shmget system call.  This hook is only called when returning the shared
  *	memory region identifier for an existing region, not when a new shared
  *	memory region is created.
  *	@shp contains the shared memory structure to be modified.
  *	@shmflg contains the operation control flags.
  *	Return 0 if permission is granted.
  * @shm_shmctl:
  *	Check permission when a shared memory control operation specified by
  *	@cmd is to be performed on the shared memory region @shp.
  *	The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO.
  *	@shp contains shared memory structure to be modified.
  *	@cmd contains the operation to be performed.
  *	Return 0 if permission is granted.
  * @shm_shmat:
  *	Check permissions prior to allowing the shmat system call to attach the
  *	shared memory segment @shp to the data segment of the calling process.
  *	The attaching address is specified by @shmaddr.
  *	@shp contains the shared memory structure to be modified.
  *	@shmaddr contains the address to attach memory region to.
  *	@shmflg contains the operational flags.
  *	Return 0 if permission is granted.
  *
  * Security hooks for System V Semaphores
  *
  * @sem_alloc_security:
  *	Allocate and attach a security structure to the sma->sem_perm.security
  *	field.  The security field is initialized to NULL when the structure is
  *	first created.
  *	@sma contains the semaphore structure
  *	Return 0 if operation was successful and permission is granted.
  * @sem_free_security:
  *	deallocate security struct for this semaphore
  *	@sma contains the semaphore structure.
  * @sem_associate:
  *	Check permission when a semaphore is requested through the semget
  *	system call.  This hook is only called when returning the semaphore
  *	identifier for an existing semaphore, not when a new one must be
  *	created.
  *	@sma contains the semaphore structure.
  *	@semflg contains the operation control flags.
  *	Return 0 if permission is granted.
  * @sem_semctl:
  *	Check permission when a semaphore operation specified by @cmd is to be
  *	performed on the semaphore @sma.  The @sma may be NULL, e.g. for
  *	IPC_INFO or SEM_INFO.
  *	@sma contains the semaphore structure.  May be NULL.
  *	@cmd contains the operation to be performed.
  *	Return 0 if permission is granted.
  * @sem_semop
  *	Check permissions before performing operations on members of the
  *	semaphore set @sma.  If the @alter flag is nonzero, the semaphore set
  *	may be modified.
  *	@sma contains the semaphore structure.
  *	@sops contains the operations to perform.
  *	@nsops contains the number of operations to perform.
  *	@alter contains the flag indicating whether changes are to be made.
  *	Return 0 if permission is granted.
  *
  * @ptrace_access_check:
  *	Check permission before allowing the current process to trace the
  *	@child process.
  *	Security modules may also want to perform a process tracing check
  *	during an execve in the set_security or apply_creds hooks of
  *	tracing check during an execve in the bprm_set_creds hook of
  *	binprm_security_ops if the process is being traced and its security
  *	attributes would be changed by the execve.
  *	@child contains the task_struct structure for the target process.
  *	@mode contains the PTRACE_MODE flags indicating the form of access.
  *	Return 0 if permission is granted.
  * @ptrace_traceme:
  *	Check that the @parent process has sufficient permission to trace the
  *	current process before allowing the current process to present itself
  *	to the @parent process for tracing.
  *	The parent process will still have to undergo the ptrace_access_check
  *	checks before it is allowed to trace this one.
  *	@parent contains the task_struct structure for debugger process.
  *	Return 0 if permission is granted.
  * @capget:
  *	Get the @effective, @inheritable, and @permitted capability sets for
  *	the @target process.  The hook may also perform permission checking to
  *	determine if the current process is allowed to see the capability sets
  *	of the @target process.
  *	@target contains the task_struct structure for target process.
  *	@effective contains the effective capability set.
  *	@inheritable contains the inheritable capability set.
  *	@permitted contains the permitted capability set.
  *	Return 0 if the capability sets were successfully obtained.
  * @capset:
  *	Set the @effective, @inheritable, and @permitted capability sets for
  *	the current process.
  *	@new contains the new credentials structure for target process.
  *	@old contains the current credentials structure for target process.
  *	@effective contains the effective capability set.
  *	@inheritable contains the inheritable capability set.
  *	@permitted contains the permitted capability set.
  *	Return 0 and update @new if permission is granted.
  * @capable:
  *	Check whether the @tsk process has the @cap capability in the indicated
  *	credentials.
  *	@tsk contains the task_struct for the process.
  *	@cred contains the credentials to use.
  *	@cap contains the capability <include/linux/capability.h>.
  *	@audit: Whether to write an audit message or not
  *	Return 0 if the capability is granted for @tsk.
  * @sysctl:
  *	Check permission before accessing the @table sysctl variable in the
  *	manner specified by @op.
  *	@table contains the ctl_table structure for the sysctl variable.
  *	@op contains the operation (001 = search, 002 = write, 004 = read).
  *	Return 0 if permission is granted.
  * @syslog:
  *	Check permission before accessing the kernel message ring or changing
  *	logging to the console.
  *	See the syslog(2) manual page for an explanation of the @type values.
  *	@type contains the type of action.
  *	@from_file indicates the context of action (if it came from /proc).
  *	Return 0 if permission is granted.
  * @settime:
  *	Check permission to change the system time.
  *	struct timespec and timezone are defined in include/linux/time.h
  *	@ts contains new time
  *	@tz contains new timezone
  *	Return 0 if permission is granted.
  * @vm_enough_memory:
  *	Check permissions for allocating a new virtual mapping.
  *	@mm contains the mm struct it is being added to.
  *	@pages contains the number of pages.
  *	Return 0 if permission is granted.
  *
  * @secid_to_secctx:
  *	Convert secid to security context.  If secdata is NULL the length of
  *	the result will be returned in seclen, but no secdata will be returned.
  *	This does mean that the length could change between calls to check the
  *	length and the next call which actually allocates and returns the secdata.
  *	@secid contains the security ID.
  *	@secdata contains the pointer that stores the converted security context.
  *	@seclen pointer which contains the length of the data
  * @secctx_to_secid:
  *	Convert security context to secid.
  *	@secid contains the pointer to the generated security ID.
  *	@secdata contains the security context.
  *
  * @release_secctx:
  *	Release the security context.
  *	@secdata contains the security context.
  *	@seclen contains the length of the security context.
  *
  * Security hooks for Audit
  *
  * @audit_rule_init:
  *	Allocate and initialize an LSM audit rule structure.
  *	@field contains the required Audit action. Fields flags are defined in include/linux/audit.h
  *	@op contains the operator the rule uses.
  *	@rulestr contains the context where the rule will be applied to.
  *	@lsmrule contains a pointer to receive the result.
  *	Return 0 if @lsmrule has been successfully set,
  *	-EINVAL in case of an invalid rule.
  *
  * @audit_rule_known:
  *	Specifies whether given @rule contains any fields related to current LSM.
  *	@rule contains the audit rule of interest.
  *	Return 1 in case of relation found, 0 otherwise.
  *
  * @audit_rule_match:
  *	Determine if given @secid matches a rule previously approved
  *	by @audit_rule_known.
  *	@secid contains the security id in question.
  *	@field contains the field which relates to current LSM.
  *	@op contains the operator that will be used for matching.
  *	@rule points to the audit rule that will be checked against.
  *	@actx points to the audit context associated with the check.
  *	Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
  *
  * @audit_rule_free:
  *	Deallocate the LSM audit rule structure previously allocated by
  *	audit_rule_init.
  *	@rule contains the allocated rule
  *
  * @inode_notifysecctx:
  *	Notify the security module of what the security context of an inode
  *	should be.  Initializes the incore security context managed by the
  *	security module for this inode.  Example usage:  NFS client invokes
  *	this hook to initialize the security context in its incore inode to the
  *	value provided by the server for the file when the server returned the
  *	file's attributes to the client.
  *
  * 	Must be called with inode->i_mutex locked.
  *
  * 	@inode we wish to set the security context of.
  * 	@ctx contains the string which we wish to set in the inode.
  * 	@ctxlen contains the length of @ctx.
  *
  * @inode_setsecctx:
  * 	Change the security context of an inode.  Updates the
  * 	incore security context managed by the security module and invokes the
  * 	fs code as needed (via __vfs_setxattr_noperm) to update any backing
  * 	xattrs that represent the context.  Example usage:  NFS server invokes
  * 	this hook to change the security context in its incore inode and on the
  * 	backing filesystem to a value provided by the client on a SETATTR
  * 	operation.
  *
  * 	Must be called with inode->i_mutex locked.
  *
  * 	@dentry contains the inode we wish to set the security context of.
  * 	@ctx contains the string which we wish to set in the inode.
  * 	@ctxlen contains the length of @ctx.
  *
  * @inode_getsecctx:
  * 	Returns a string containing all relavent security context information
  *
  * 	@inode we wish to set the security context of.
  *	@ctx is a pointer in which to place the allocated security context.
  *	@ctxlen points to the place to put the length of @ctx.
  * This is the main security structure.
  */
 struct security_operations {
 	char name[SECURITY_NAME_MAX + 1];
 	int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
 	int (*ptrace_traceme) (struct task_struct *parent);
 	int (*capget) (struct task_struct *target,
 		       kernel_cap_t *effective,
 		       kernel_cap_t *inheritable, kernel_cap_t *permitted);
 	int (*capset) (struct cred *new,
 		       const struct cred *old,
 		       const kernel_cap_t *effective,
 		       const kernel_cap_t *inheritable,
 		       const kernel_cap_t *permitted);
 	int (*capable) (struct task_struct *tsk, const struct cred *cred,
 			int cap, int audit);
 	int (*sysctl) (struct ctl_table *table, int op);
 	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
 	int (*quota_on) (struct dentry *dentry);
 	int (*syslog) (int type);
 	int (*settime) (struct timespec *ts, struct timezone *tz);
 	int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 	int (*bprm_set_creds) (struct linux_binprm *bprm);
 	int (*bprm_check_security) (struct linux_binprm *bprm);
 	int (*bprm_secureexec) (struct linux_binprm *bprm);
 	void (*bprm_committing_creds) (struct linux_binprm *bprm);
 	void (*bprm_committed_creds) (struct linux_binprm *bprm);
 	int (*sb_alloc_security) (struct super_block *sb);
 	void (*sb_free_security) (struct super_block *sb);
 	int (*sb_copy_data) (char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
 	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
 	int (*sb_statfs) (struct dentry *dentry);
 	int (*sb_mount) (char *dev_name, struct path *path,
 			 char *type, unsigned long flags, void *data);
 	int (*sb_umount) (struct vfsmount *mnt, int flags);
 	int (*sb_pivotroot) (struct path *old_path,
 			     struct path *new_path);
 	int (*sb_set_mnt_opts) (struct super_block *sb,
 				struct security_mnt_opts *opts);
 	void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
 				   struct super_block *newsb);
 	int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
 #ifdef CONFIG_SECURITY_PATH
 	int (*path_unlink) (struct path *dir, struct dentry *dentry);
 	int (*path_mkdir) (struct path *dir, struct dentry *dentry, int mode);
 	int (*path_rmdir) (struct path *dir, struct dentry *dentry);
 	int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
 			   unsigned int dev);
 	int (*path_truncate) (struct path *path);
 	int (*path_symlink) (struct path *dir, struct dentry *dentry,
 			     const char *old_name);
 	int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
 			  struct dentry *new_dentry);
 	int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
 			    struct path *new_dir, struct dentry *new_dentry);
 	int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt,
 			   mode_t mode);
 	int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
 	int (*path_chroot) (struct path *path);
 #endif
 	int (*inode_alloc_security) (struct inode *inode);
 	void (*inode_free_security) (struct inode *inode);
 	int (*inode_init_security) (struct inode *inode, struct inode *dir,
 				    char **name, void **value, size_t *len);
 	int (*inode_create) (struct inode *dir,
 			     struct dentry *dentry, int mode);
 	int (*inode_link) (struct dentry *old_dentry,
 			   struct inode *dir, struct dentry *new_dentry);
 	int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
 	int (*inode_symlink) (struct inode *dir,
 			      struct dentry *dentry, const char *old_name);
 	int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
 	int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
 	int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
 			    int mode, dev_t dev);
 	int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
 			     struct inode *new_dir, struct dentry *new_dentry);
 	int (*inode_readlink) (struct dentry *dentry);
 	int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
 	int (*inode_permission) (struct inode *inode, int mask);
 	int (*inode_setattr)	(struct dentry *dentry, struct iattr *attr);
 	int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
 	int (*inode_setxattr) (struct dentry *dentry, const char *name,
 			       const void *value, size_t size, int flags);
 	void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
 				     const void *value, size_t size, int flags);
 	int (*inode_getxattr) (struct dentry *dentry, const char *name);
 	int (*inode_listxattr) (struct dentry *dentry);
 	int (*inode_removexattr) (struct dentry *dentry, const char *name);
 	int (*inode_need_killpriv) (struct dentry *dentry);
 	int (*inode_killpriv) (struct dentry *dentry);
 	int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
 	int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
 	int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
 	void (*inode_getsecid) (const struct inode *inode, u32 *secid);
 	int (*file_permission) (struct file *file, int mask);
 	int (*file_alloc_security) (struct file *file);
 	void (*file_free_security) (struct file *file);
 	int (*file_ioctl) (struct file *file, unsigned int cmd,
 			   unsigned long arg);
 	int (*file_mmap) (struct file *file,
 			  unsigned long reqprot, unsigned long prot,
 			  unsigned long flags, unsigned long addr,
 			  unsigned long addr_only);
 	int (*file_mprotect) (struct vm_area_struct *vma,
 			      unsigned long reqprot,
 			      unsigned long prot);
 	int (*file_lock) (struct file *file, unsigned int cmd);
 	int (*file_fcntl) (struct file *file, unsigned int cmd,
 			   unsigned long arg);
 	int (*file_set_fowner) (struct file *file);
 	int (*file_send_sigiotask) (struct task_struct *tsk,
 				    struct fown_struct *fown, int sig);
 	int (*file_receive) (struct file *file);
 	int (*dentry_open) (struct file *file, const struct cred *cred);
 	int (*task_create) (unsigned long clone_flags);
 	int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
 	void (*cred_free) (struct cred *cred);
 	int (*cred_prepare)(struct cred *new, const struct cred *old,
 			    gfp_t gfp);
 	void (*cred_transfer)(struct cred *new, const struct cred *old);
 	int (*kernel_act_as)(struct cred *new, u32 secid);
 	int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
 	int (*kernel_module_request)(char *kmod_name);
 	int (*task_fix_setuid) (struct cred *new, const struct cred *old,
 				int flags);
 	int (*task_setpgid) (struct task_struct *p, pid_t pgid);
 	int (*task_getpgid) (struct task_struct *p);
 	int (*task_getsid) (struct task_struct *p);
 	void (*task_getsecid) (struct task_struct *p, u32 *secid);
 	int (*task_setnice) (struct task_struct *p, int nice);
 	int (*task_setioprio) (struct task_struct *p, int ioprio);
 	int (*task_getioprio) (struct task_struct *p);
 	int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
 			struct rlimit *new_rlim);
 	int (*task_setscheduler) (struct task_struct *p);
 	int (*task_getscheduler) (struct task_struct *p);
 	int (*task_movememory) (struct task_struct *p);
 	int (*task_kill) (struct task_struct *p,
 			  struct siginfo *info, int sig, u32 secid);
 	int (*task_wait) (struct task_struct *p);
 	int (*task_prctl) (int option, unsigned long arg2,
 			   unsigned long arg3, unsigned long arg4,
 			   unsigned long arg5);
 	void (*task_to_inode) (struct task_struct *p, struct inode *inode);
 	int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
 	void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
 	int (*msg_msg_alloc_security) (struct msg_msg *msg);
 	void (*msg_msg_free_security) (struct msg_msg *msg);
 	int (*msg_queue_alloc_security) (struct msg_queue *msq);
 	void (*msg_queue_free_security) (struct msg_queue *msq);
 	int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
 	int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
 	int (*msg_queue_msgsnd) (struct msg_queue *msq,
 				 struct msg_msg *msg, int msqflg);
 	int (*msg_queue_msgrcv) (struct msg_queue *msq,
 				 struct msg_msg *msg,
 				 struct task_struct *target,
 				 long type, int mode);
 	int (*shm_alloc_security) (struct shmid_kernel *shp);
 	void (*shm_free_security) (struct shmid_kernel *shp);
 	int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
 	int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
 	int (*shm_shmat) (struct shmid_kernel *shp,
 			  char __user *shmaddr, int shmflg);
 	int (*sem_alloc_security) (struct sem_array *sma);
 	void (*sem_free_security) (struct sem_array *sma);
 	int (*sem_associate) (struct sem_array *sma, int semflg);
 	int (*sem_semctl) (struct sem_array *sma, int cmd);
 	int (*sem_semop) (struct sem_array *sma,
 			  struct sembuf *sops, unsigned nsops, int alter);
 	int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
 	int (*netlink_recv) (struct sk_buff *skb, int cap);
 	void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
 	int (*getprocattr) (struct task_struct *p, char *name, char **value);
 	int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
 	int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
 	int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
 	void (*release_secctx) (char *secdata, u32 seclen);
 	int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
 	int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
 	int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
 #ifdef CONFIG_SECURITY_NETWORK
-	int (*unix_stream_connect) (struct socket *sock,
+	int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
-				    struct socket *other, struct sock *newsk);
 	int (*unix_may_send) (struct socket *sock, struct socket *other);
 	int (*socket_create) (int family, int type, int protocol, int kern);
 	int (*socket_post_create) (struct socket *sock, int family,
 				   int type, int protocol, int kern);
 	int (*socket_bind) (struct socket *sock,
 			    struct sockaddr *address, int addrlen);
 	int (*socket_connect) (struct socket *sock,
 			       struct sockaddr *address, int addrlen);
 	int (*socket_listen) (struct socket *sock, int backlog);
 	int (*socket_accept) (struct socket *sock, struct socket *newsock);
 	int (*socket_sendmsg) (struct socket *sock,
 			       struct msghdr *msg, int size);
 	int (*socket_recvmsg) (struct socket *sock,
 			       struct msghdr *msg, int size, int flags);
 	int (*socket_getsockname) (struct socket *sock);
 	int (*socket_getpeername) (struct socket *sock);
 	int (*socket_getsockopt) (struct socket *sock, int level, int optname);
 	int (*socket_setsockopt) (struct socket *sock, int level, int optname);
 	int (*socket_shutdown) (struct socket *sock, int how);
 	int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
 	int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
 	int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
 	int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
 	void (*sk_free_security) (struct sock *sk);
 	void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
 	void (*sk_getsecid) (struct sock *sk, u32 *secid);
 	void (*sock_graft) (struct sock *sk, struct socket *parent);
 	int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
 				  struct request_sock *req);
 	void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
 	void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
 	int (*secmark_relabel_packet) (u32 secid);
 	void (*secmark_refcount_inc) (void);
 	void (*secmark_refcount_dec) (void);
 	void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
 	int (*tun_dev_create)(void);
 	void (*tun_dev_post_create)(struct sock *sk);
 	int (*tun_dev_attach)(struct sock *sk);
 #endif	/* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 	int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
 			struct xfrm_user_sec_ctx *sec_ctx);
 	int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
 	void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
 	int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
 	int (*xfrm_state_alloc_security) (struct xfrm_state *x,
 		struct xfrm_user_sec_ctx *sec_ctx,
 		u32 secid);
 	void (*xfrm_state_free_security) (struct xfrm_state *x);
 	int (*xfrm_state_delete_security) (struct xfrm_state *x);
 	int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
 	int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
 					  struct xfrm_policy *xp,
 					  struct flowi *fl);
 	int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
 #endif	/* CONFIG_SECURITY_NETWORK_XFRM */
 	/* key management security hooks */
 #ifdef CONFIG_KEYS
 	int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
 	void (*key_free) (struct key *key);
 	int (*key_permission) (key_ref_t key_ref,
 			       const struct cred *cred,
 			       key_perm_t perm);
 	int (*key_getsecurity)(struct key *key, char **_buffer);
 #endif	/* CONFIG_KEYS */
 #ifdef CONFIG_AUDIT
 	int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
 	int (*audit_rule_known) (struct audit_krule *krule);
 	int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
 				 struct audit_context *actx);
 	void (*audit_rule_free) (void *lsmrule);
 #endif /* CONFIG_AUDIT */
 };
 /* prototypes */
 extern int security_init(void);
 extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
 /* Security operations */
 int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
 int security_ptrace_traceme(struct task_struct *parent);
 int security_capget(struct task_struct *target,
 		    kernel_cap_t *effective,
 		    kernel_cap_t *inheritable,
 		    kernel_cap_t *permitted);
 int security_capset(struct cred *new, const struct cred *old,
 		    const kernel_cap_t *effective,
 		    const kernel_cap_t *inheritable,
 		    const kernel_cap_t *permitted);
 int security_capable(int cap);
 int security_real_capable(struct task_struct *tsk, int cap);
 int security_real_capable_noaudit(struct task_struct *tsk, int cap);
 int security_sysctl(struct ctl_table *table, int op);
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
 int security_settime(struct timespec *ts, struct timezone *tz);
 int security_vm_enough_memory(long pages);
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
 int security_vm_enough_memory_kern(long pages);
 int security_bprm_set_creds(struct linux_binprm *bprm);
 int security_bprm_check(struct linux_binprm *bprm);
 void security_bprm_committing_creds(struct linux_binprm *bprm);
 void security_bprm_committed_creds(struct linux_binprm *bprm);
 int security_bprm_secureexec(struct linux_binprm *bprm);
 int security_sb_alloc(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
 int security_sb_show_options(struct seq_file *m, struct super_block *sb);
 int security_sb_statfs(struct dentry *dentry);
 int security_sb_mount(char *dev_name, struct path *path,
 		      char *type, unsigned long flags, void *data);
 int security_sb_umount(struct vfsmount *mnt, int flags);
 int security_sb_pivotroot(struct path *old_path, struct path *new_path);
 int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
 void security_sb_clone_mnt_opts(const struct super_block *oldsb,
 				struct super_block *newsb);
 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
 int security_inode_alloc(struct inode *inode);
 void security_inode_free(struct inode *inode);
 int security_inode_init_security(struct inode *inode, struct inode *dir,
 				  char **name, void **value, size_t *len);
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
 			 struct dentry *new_dentry);
 int security_inode_unlink(struct inode *dir, struct dentry *dentry);
 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
 			   const char *old_name);
 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
 int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
 			  struct inode *new_dir, struct dentry *new_dentry);
 int security_inode_readlink(struct dentry *dentry);
 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
 int security_inode_permission(struct inode *inode, int mask);
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
 int security_inode_setxattr(struct dentry *dentry, const char *name,
 			    const void *value, size_t size, int flags);
 void security_inode_post_setxattr(struct dentry *dentry, const char *name,
 				  const void *value, size_t size, int flags);
 int security_inode_getxattr(struct dentry *dentry, const char *name);
 int security_inode_listxattr(struct dentry *dentry);
 int security_inode_removexattr(struct dentry *dentry, const char *name);
 int security_inode_need_killpriv(struct dentry *dentry);
 int security_inode_killpriv(struct dentry *dentry);
 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
 void security_inode_getsecid(const struct inode *inode, u32 *secid);
 int security_file_permission(struct file *file, int mask);
 int security_file_alloc(struct file *file);
 void security_file_free(struct file *file);
 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 int security_file_mmap(struct file *file, unsigned long reqprot,
 			unsigned long prot, unsigned long flags,
 			unsigned long addr, unsigned long addr_only);
 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 			   unsigned long prot);
 int security_file_lock(struct file *file, unsigned int cmd);
 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
 int security_file_set_fowner(struct file *file);
 int security_file_send_sigiotask(struct task_struct *tsk,
 				 struct fown_struct *fown, int sig);
 int security_file_receive(struct file *file);
 int security_dentry_open(struct file *file, const struct cred *cred);
 int security_task_create(unsigned long clone_flags);
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
 void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
 			     int flags);
 int security_task_setpgid(struct task_struct *p, pid_t pgid);
 int security_task_getpgid(struct task_struct *p);
 int security_task_getsid(struct task_struct *p);
 void security_task_getsecid(struct task_struct *p, u32 *secid);
 int security_task_setnice(struct task_struct *p, int nice);
 int security_task_setioprio(struct task_struct *p, int ioprio);
 int security_task_getioprio(struct task_struct *p);
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
 		struct rlimit *new_rlim);
 int security_task_setscheduler(struct task_struct *p);
 int security_task_getscheduler(struct task_struct *p);
 int security_task_movememory(struct task_struct *p);
 int security_task_kill(struct task_struct *p, struct siginfo *info,
 			int sig, u32 secid);
 int security_task_wait(struct task_struct *p);
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			unsigned long arg4, unsigned long arg5);
 void security_task_to_inode(struct task_struct *p, struct inode *inode);
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
 int security_msg_msg_alloc(struct msg_msg *msg);
 void security_msg_msg_free(struct msg_msg *msg);
 int security_msg_queue_alloc(struct msg_queue *msq);
 void security_msg_queue_free(struct msg_queue *msq);
 int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
 int security_msg_queue_msgsnd(struct msg_queue *msq,
 			      struct msg_msg *msg, int msqflg);
 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 			      struct task_struct *target, long type, int mode);
 int security_shm_alloc(struct shmid_kernel *shp);
 void security_shm_free(struct shmid_kernel *shp);
 int security_shm_associate(struct shmid_kernel *shp, int shmflg);
 int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
 int security_sem_alloc(struct sem_array *sma);
 void security_sem_free(struct sem_array *sma);
 int security_sem_associate(struct sem_array *sma, int semflg);
 int security_sem_semctl(struct sem_array *sma, int cmd);
 int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
 			unsigned nsops, int alter);
 void security_d_instantiate(struct dentry *dentry, struct inode *inode);
 int security_getprocattr(struct task_struct *p, char *name, char **value);
 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_netlink_recv(struct sk_buff *skb, int cap);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
 void security_release_secctx(char *secdata, u32 seclen);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 #else /* CONFIG_SECURITY */
 struct security_mnt_opts {
 };
 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
 {
 }
 static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 {
 }
 /*
  * This is the default capabilities functionality.  Most of these functions
  * are just stubbed out, but a few must call the proper capable code.
  */
 static inline int security_init(void)
 {
 	return 0;
 }
 static inline int security_ptrace_access_check(struct task_struct *child,
 					     unsigned int mode)
 {
 	return cap_ptrace_access_check(child, mode);
 }
 static inline int security_ptrace_traceme(struct task_struct *parent)
 {
 	return cap_ptrace_traceme(parent);
 }
 static inline int security_capget(struct task_struct *target,
 				   kernel_cap_t *effective,
 				   kernel_cap_t *inheritable,
 				   kernel_cap_t *permitted)
 {
 	return cap_capget(target, effective, inheritable, permitted);
 }
 static inline int security_capset(struct cred *new,
 				   const struct cred *old,
 				   const kernel_cap_t *effective,
 				   const kernel_cap_t *inheritable,
 				   const kernel_cap_t *permitted)
 {
 	return cap_capset(new, old, effective, inheritable, permitted);
 }
 static inline int security_capable(int cap)
 {
 	return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT);
 }
 static inline int security_real_capable(struct task_struct *tsk, int cap)
 {
 	int ret;
 	rcu_read_lock();
 	ret = cap_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT);
 	rcu_read_unlock();
 	return ret;
 }
 static inline
 int security_real_capable_noaudit(struct task_struct *tsk, int cap)
 {
 	int ret;
 	rcu_read_lock();
 	ret = cap_capable(tsk, __task_cred(tsk), cap,
 			       SECURITY_CAP_NOAUDIT);
 	rcu_read_unlock();
 	return ret;
 }
 static inline int security_sysctl(struct ctl_table *table, int op)
 {
 	return 0;
 }
 static inline int security_quotactl(int cmds, int type, int id,
 				     struct super_block *sb)
 {
 	return 0;
 }
 static inline int security_quota_on(struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_syslog(int type)
 {
 	return 0;
 }
 static inline int security_settime(struct timespec *ts, struct timezone *tz)
 {
 	return cap_settime(ts, tz);
 }
 static inline int security_vm_enough_memory(long pages)
 {
 	WARN_ON(current->mm == NULL);
 	return cap_vm_enough_memory(current->mm, pages);
 }
 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
 {
 	WARN_ON(mm == NULL);
 	return cap_vm_enough_memory(mm, pages);
 }
 static inline int security_vm_enough_memory_kern(long pages)
 {
 	/* If current->mm is a kernel thread then we will pass NULL,
 	   for this specific case that is fine */
 	return cap_vm_enough_memory(current->mm, pages);
 }
 static inline int security_bprm_set_creds(struct linux_binprm *bprm)
 {
 	return cap_bprm_set_creds(bprm);
 }
 static inline int security_bprm_check(struct linux_binprm *bprm)
 {
 	return 0;
 }
 static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
 {
 }
 static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
 {
 }
 static inline int security_bprm_secureexec(struct linux_binprm *bprm)
 {
 	return cap_bprm_secureexec(bprm);
 }
 static inline int security_sb_alloc(struct super_block *sb)
 {
 	return 0;
 }
 static inline void security_sb_free(struct super_block *sb)
 { }
 static inline int security_sb_copy_data(char *orig, char *copy)
 {
 	return 0;
 }
 static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
 {
 	return 0;
 }
 static inline int security_sb_show_options(struct seq_file *m,
 					   struct super_block *sb)
 {
 	return 0;
 }
 static inline int security_sb_statfs(struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_sb_mount(char *dev_name, struct path *path,
 				    char *type, unsigned long flags,
 				    void *data)
 {
 	return 0;
 }
 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
 {
 	return 0;
 }
 static inline int security_sb_pivotroot(struct path *old_path,
 					struct path *new_path)
 {
 	return 0;
 }
 static inline int security_sb_set_mnt_opts(struct super_block *sb,
 					   struct security_mnt_opts *opts)
 {
 	return 0;
 }
 static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb,
 					      struct super_block *newsb)
 { }
 static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
 {
 	return 0;
 }
 static inline int security_inode_alloc(struct inode *inode)
 {
 	return 0;
 }
 static inline void security_inode_free(struct inode *inode)
 { }
 static inline int security_inode_init_security(struct inode *inode,
 						struct inode *dir,
 						char **name,
 						void **value,
 						size_t *len)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_inode_create(struct inode *dir,
 					 struct dentry *dentry,
 					 int mode)
 {
 	return 0;
 }
 static inline int security_inode_link(struct dentry *old_dentry,
 				       struct inode *dir,
 				       struct dentry *new_dentry)
 {
 	return 0;
 }
 static inline int security_inode_unlink(struct inode *dir,
 					 struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_inode_symlink(struct inode *dir,
 					  struct dentry *dentry,
 					  const char *old_name)
 {
 	return 0;
 }
 static inline int security_inode_mkdir(struct inode *dir,
 					struct dentry *dentry,
 					int mode)
 {
 	return 0;
 }
 static inline int security_inode_rmdir(struct inode *dir,
 					struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_inode_mknod(struct inode *dir,
 					struct dentry *dentry,
 					int mode, dev_t dev)
 {
 	return 0;
 }
 static inline int security_inode_rename(struct inode *old_dir,
 					 struct dentry *old_dentry,
 					 struct inode *new_dir,
 					 struct dentry *new_dentry)
 {
 	return 0;
 }
 static inline int security_inode_readlink(struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_inode_follow_link(struct dentry *dentry,
 					      struct nameidata *nd)
 {
 	return 0;
 }
 static inline int security_inode_permission(struct inode *inode, int mask)
 {
 	return 0;
 }
 static inline int security_inode_setattr(struct dentry *dentry,
 					  struct iattr *attr)
 {
 	return 0;
 }
 static inline int security_inode_getattr(struct vfsmount *mnt,
 					  struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_inode_setxattr(struct dentry *dentry,
 		const char *name, const void *value, size_t size, int flags)
 {
 	return cap_inode_setxattr(dentry, name, value, size, flags);
 }
 static inline void security_inode_post_setxattr(struct dentry *dentry,
 		const char *name, const void *value, size_t size, int flags)
 { }
 static inline int security_inode_getxattr(struct dentry *dentry,
 			const char *name)
 {
 	return 0;
 }
 static inline int security_inode_listxattr(struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_inode_removexattr(struct dentry *dentry,
 			const char *name)
 {
 	return cap_inode_removexattr(dentry, name);
 }
 static inline int security_inode_need_killpriv(struct dentry *dentry)
 {
 	return cap_inode_need_killpriv(dentry);
 }
 static inline int security_inode_killpriv(struct dentry *dentry)
 {
 	return cap_inode_killpriv(dentry);
 }
 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
 {
 	return 0;
 }
 static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
 {
 	*secid = 0;
 }
 static inline int security_file_permission(struct file *file, int mask)
 {
 	return 0;
 }
 static inline int security_file_alloc(struct file *file)
 {
 	return 0;
 }
 static inline void security_file_free(struct file *file)
 { }
 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
 				      unsigned long arg)
 {
 	return 0;
 }
 static inline int security_file_mmap(struct file *file, unsigned long reqprot,
 				     unsigned long prot,
 				     unsigned long flags,
 				     unsigned long addr,
 				     unsigned long addr_only)
 {
 	return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
 }
 static inline int security_file_mprotect(struct vm_area_struct *vma,
 					 unsigned long reqprot,
 					 unsigned long prot)
 {
 	return 0;
 }
 static inline int security_file_lock(struct file *file, unsigned int cmd)
 {
 	return 0;
 }
 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
 				      unsigned long arg)
 {
 	return 0;
 }
 static inline int security_file_set_fowner(struct file *file)
 {
 	return 0;
 }
 static inline int security_file_send_sigiotask(struct task_struct *tsk,
 					       struct fown_struct *fown,
 					       int sig)
 {
 	return 0;
 }
 static inline int security_file_receive(struct file *file)
 {
 	return 0;
 }
 static inline int security_dentry_open(struct file *file,
 				       const struct cred *cred)
 {
 	return 0;
 }
 static inline int security_task_create(unsigned long clone_flags)
 {
 	return 0;
 }
 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
 	return 0;
 }
 static inline void security_cred_free(struct cred *cred)
 { }
 static inline int security_prepare_creds(struct cred *new,
 					 const struct cred *old,
 					 gfp_t gfp)
 {
 	return 0;
 }
 static inline void security_transfer_creds(struct cred *new,
 					   const struct cred *old)
 {
 }
 static inline int security_kernel_act_as(struct cred *cred, u32 secid)
 {
 	return 0;
 }
 static inline int security_kernel_create_files_as(struct cred *cred,
 						  struct inode *inode)
 {
 	return 0;
 }
 static inline int security_kernel_module_request(char *kmod_name)
 {
 	return 0;
 }
 static inline int security_task_fix_setuid(struct cred *new,
 					   const struct cred *old,
 					   int flags)
 {
 	return cap_task_fix_setuid(new, old, flags);
 }
 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
 {
 	return 0;
 }
 static inline int security_task_getpgid(struct task_struct *p)
 {
 	return 0;
 }
 static inline int security_task_getsid(struct task_struct *p)
 {
 	return 0;
 }
 static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
 {
 	*secid = 0;
 }
 static inline int security_task_setnice(struct task_struct *p, int nice)
 {
 	return cap_task_setnice(p, nice);
 }
 static inline int security_task_setioprio(struct task_struct *p, int ioprio)
 {
 	return cap_task_setioprio(p, ioprio);
 }
 static inline int security_task_getioprio(struct task_struct *p)
 {
 	return 0;
 }
 static inline int security_task_setrlimit(struct task_struct *p,
 					  unsigned int resource,
 					  struct rlimit *new_rlim)
 {
 	return 0;
 }
 static inline int security_task_setscheduler(struct task_struct *p)
 {
 	return cap_task_setscheduler(p);
 }
 static inline int security_task_getscheduler(struct task_struct *p)
 {
 	return 0;
 }
 static inline int security_task_movememory(struct task_struct *p)
 {
 	return 0;
 }
 static inline int security_task_kill(struct task_struct *p,
 				     struct siginfo *info, int sig,
 				     u32 secid)
 {
 	return 0;
 }
 static inline int security_task_wait(struct task_struct *p)
 {
 	return 0;
 }
 static inline int security_task_prctl(int option, unsigned long arg2,
 				      unsigned long arg3,
 				      unsigned long arg4,
 				      unsigned long arg5)
 {
 	return cap_task_prctl(option, arg2, arg3, arg3, arg5);
 }
 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
 { }
 static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
 					  short flag)
 {
 	return 0;
 }
 static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
 {
 	*secid = 0;
 }
 static inline int security_msg_msg_alloc(struct msg_msg *msg)
 {
 	return 0;
 }
 static inline void security_msg_msg_free(struct msg_msg *msg)
 { }
 static inline int security_msg_queue_alloc(struct msg_queue *msq)
 {
 	return 0;
 }
 static inline void security_msg_queue_free(struct msg_queue *msq)
 { }
 static inline int security_msg_queue_associate(struct msg_queue *msq,
 					       int msqflg)
 {
 	return 0;
 }
 static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 {
 	return 0;
 }
 static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
 					    struct msg_msg *msg, int msqflg)
 {
 	return 0;
 }
 static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
 					    struct msg_msg *msg,
 					    struct task_struct *target,
 					    long type, int mode)
 {
 	return 0;
 }
 static inline int security_shm_alloc(struct shmid_kernel *shp)
 {
 	return 0;
 }
 static inline void security_shm_free(struct shmid_kernel *shp)
 { }
 static inline int security_shm_associate(struct shmid_kernel *shp,
 					 int shmflg)
 {
 	return 0;
 }
 static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
 {
 	return 0;
 }
 static inline int security_shm_shmat(struct shmid_kernel *shp,
 				     char __user *shmaddr, int shmflg)
 {
 	return 0;
 }
 static inline int security_sem_alloc(struct sem_array *sma)
 {
 	return 0;
 }
 static inline void security_sem_free(struct sem_array *sma)
 { }
 static inline int security_sem_associate(struct sem_array *sma, int semflg)
 {
 	return 0;
 }
 static inline int security_sem_semctl(struct sem_array *sma, int cmd)
 {
 	return 0;
 }
 static inline int security_sem_semop(struct sem_array *sma,
 				     struct sembuf *sops, unsigned nsops,
 				     int alter)
 {
 	return 0;
 }
 static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
 { }
 static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
 {
 	return -EINVAL;
 }
 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
 {
 	return -EINVAL;
 }
 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
 	return cap_netlink_send(sk, skb);
 }
 static inline int security_netlink_recv(struct sk_buff *skb, int cap)
 {
 	return cap_netlink_recv(skb, cap);
 }
 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_secctx_to_secid(const char *secdata,
 					   u32 seclen,
 					   u32 *secid)
 {
 	return -EOPNOTSUPP;
 }
 static inline void security_release_secctx(char *secdata, u32 seclen)
 {
 }
 static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
 {
 	return -EOPNOTSUPP;
 }
 static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 {
 	return -EOPNOTSUPP;
 }
 #endif	/* CONFIG_SECURITY */
 #ifdef CONFIG_SECURITY_NETWORK
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
-				 struct sock *newsk);
 int security_unix_may_send(struct socket *sock,  struct socket *other);
 int security_socket_create(int family, int type, int protocol, int kern);
 int security_socket_post_create(struct socket *sock, int family,
 				int type, int protocol, int kern);
 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
 int security_socket_listen(struct socket *sock, int backlog);
 int security_socket_accept(struct socket *sock, struct socket *newsock);
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
 			    int size, int flags);
 int security_socket_getsockname(struct socket *sock);
 int security_socket_getpeername(struct socket *sock);
 int security_socket_getsockopt(struct socket *sock, int level, int optname);
 int security_socket_setsockopt(struct socket *sock, int level, int optname);
 int security_socket_shutdown(struct socket *sock, int how);
 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len);
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
 void security_sk_free(struct sock *sk);
 void security_sk_clone(const struct sock *sk, struct sock *newsk);
 void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
 void security_sock_graft(struct sock*sk, struct socket *parent);
 int security_inet_conn_request(struct sock *sk,
 			struct sk_buff *skb, struct request_sock *req);
 void security_inet_csk_clone(struct sock *newsk,
 			const struct request_sock *req);
 void security_inet_conn_established(struct sock *sk,
 			struct sk_buff *skb);
 int security_secmark_relabel_packet(u32 secid);
 void security_secmark_refcount_inc(void);
 void security_secmark_refcount_dec(void);
 int security_tun_dev_create(void);
 void security_tun_dev_post_create(struct sock *sk);
 int security_tun_dev_attach(struct sock *sk);
 #else	/* CONFIG_SECURITY_NETWORK */
-static inline int security_unix_stream_connect(struct socket *sock,
+static inline int security_unix_stream_connect(struct sock *sock,
-					       struct socket *other,
+					       struct sock *other,
 					       struct sock *newsk)
 {
 	return 0;
 }
 static inline int security_unix_may_send(struct socket *sock,
 					 struct socket *other)
 {
 	return 0;
 }
 static inline int security_socket_create(int family, int type,
 					 int protocol, int kern)
 {
 	return 0;
 }
 static inline int security_socket_post_create(struct socket *sock,
 					      int family,
 					      int type,
 					      int protocol, int kern)
 {
 	return 0;
 }
 static inline int security_socket_bind(struct socket *sock,
 				       struct sockaddr *address,
 				       int addrlen)
 {
 	return 0;
 }
 static inline int security_socket_connect(struct socket *sock,
 					  struct sockaddr *address,
 					  int addrlen)
 {
 	return 0;
 }
 static inline int security_socket_listen(struct socket *sock, int backlog)
 {
 	return 0;
 }
 static inline int security_socket_accept(struct socket *sock,
 					 struct socket *newsock)
 {
 	return 0;
 }
 static inline int security_socket_sendmsg(struct socket *sock,
 					  struct msghdr *msg, int size)
 {
 	return 0;
 }
 static inline int security_socket_recvmsg(struct socket *sock,
 					  struct msghdr *msg, int size,
 					  int flags)
 {
 	return 0;
 }
 static inline int security_socket_getsockname(struct socket *sock)
 {
 	return 0;
 }
 static inline int security_socket_getpeername(struct socket *sock)
 {
 	return 0;
 }
 static inline int security_socket_getsockopt(struct socket *sock,
 					     int level, int optname)
 {
 	return 0;
 }
 static inline int security_socket_setsockopt(struct socket *sock,
 					     int level, int optname)
 {
 	return 0;
 }
 static inline int security_socket_shutdown(struct socket *sock, int how)
 {
 	return 0;
 }
 static inline int security_sock_rcv_skb(struct sock *sk,
 					struct sk_buff *skb)
 {
 	return 0;
 }
 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 						    int __user *optlen, unsigned len)
 {
 	return -ENOPROTOOPT;
 }
 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
 	return -ENOPROTOOPT;
 }
 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
 {
 	return 0;
 }
 static inline void security_sk_free(struct sock *sk)
 {
 }
 static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
 {
 }
 static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 {
 }
 static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
 {
 }
 static inline void security_sock_graft(struct sock *sk, struct socket *parent)
 {
 }
 static inline int security_inet_conn_request(struct sock *sk,
 			struct sk_buff *skb, struct request_sock *req)
 {
 	return 0;
 }
 static inline void security_inet_csk_clone(struct sock *newsk,
 			const struct request_sock *req)
 {
 }
 static inline void security_inet_conn_established(struct sock *sk,
 			struct sk_buff *skb)
 {
 }
 static inline int security_secmark_relabel_packet(u32 secid)
 {
 	return 0;
 }
 static inline void security_secmark_refcount_inc(void)
 {
 }
 static inline void security_secmark_refcount_dec(void)
 {
 }
 static inline int security_tun_dev_create(void)
 {
 	return 0;
 }
 static inline void security_tun_dev_post_create(struct sock *sk)
 {
 }
 static inline int security_tun_dev_attach(struct sock *sk)
 {
 	return 0;
 }
 #endif	/* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
 				      struct xfrm_sec_ctx *polsec, u32 secid);
 int security_xfrm_state_delete(struct xfrm_state *x);
 void security_xfrm_state_free(struct xfrm_state *x);
 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
 				       struct xfrm_policy *xp, struct flowi *fl);
 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
 #else	/* CONFIG_SECURITY_NETWORK_XFRM */
 static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
 {
 	return 0;
 }
 static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
 {
 	return 0;
 }
 static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
 }
 static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
 {
 	return 0;
 }
 static inline int security_xfrm_state_alloc(struct xfrm_state *x,
 					struct xfrm_user_sec_ctx *sec_ctx)
 {
 	return 0;
 }
 static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
 					struct xfrm_sec_ctx *polsec, u32 secid)
 {
 	return 0;
 }
 static inline void security_xfrm_state_free(struct xfrm_state *x)
 {
 }
 static inline int security_xfrm_state_delete(struct xfrm_state *x)
 {
 	return 0;
 }
 static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
 {
 	return 0;
 }
 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
 			struct xfrm_policy *xp, struct flowi *fl)
 {
 	return 1;
 }
 static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
 {
 	return 0;
 }
 static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
 {
 }
 #endif	/* CONFIG_SECURITY_NETWORK_XFRM */
 #ifdef CONFIG_SECURITY_PATH
 int security_path_unlink(struct path *dir, struct dentry *dentry);
 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
 int security_path_rmdir(struct path *dir, struct dentry *dentry);
 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
 			unsigned int dev);
 int security_path_truncate(struct path *path);
 int security_path_symlink(struct path *dir, struct dentry *dentry,
 			  const char *old_name);
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
 		       struct dentry *new_dentry);
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
 			 struct path *new_dir, struct dentry *new_dentry);
 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
 			mode_t mode);
 int security_path_chown(struct path *path, uid_t uid, gid_t gid);
 int security_path_chroot(struct path *path);
 #else	/* CONFIG_SECURITY_PATH */
 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
 				      int mode)
 {
 	return 0;
 }
 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
 	return 0;
 }
 static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
 				      int mode, unsigned int dev)
 {
 	return 0;
 }
 static inline int security_path_truncate(struct path *path)
 {
 	return 0;
 }
 static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
 					const char *old_name)
 {
 	return 0;
 }
 static inline int security_path_link(struct dentry *old_dentry,
 				     struct path *new_dir,
 				     struct dentry *new_dentry)
 {
 	return 0;
 }
 static inline int security_path_rename(struct path *old_dir,
 				       struct dentry *old_dentry,
 				       struct path *new_dir,
 				       struct dentry *new_dentry)
 {
 	return 0;
 }
 static inline int security_path_chmod(struct dentry *dentry,
 				      struct vfsmount *mnt,
 				      mode_t mode)
 {
 	return 0;
 }
 static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
 	return 0;
 }
 static inline int security_path_chroot(struct path *path)
 {
 	return 0;
 }
 #endif	/* CONFIG_SECURITY_PATH */
 #ifdef CONFIG_KEYS
 #ifdef CONFIG_SECURITY
 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
 void security_key_free(struct key *key);
 int security_key_permission(key_ref_t key_ref,
 			    const struct cred *cred, key_perm_t perm);
 int security_key_getsecurity(struct key *key, char **_buffer);
 #else
 static inline int security_key_alloc(struct key *key,
 				     const struct cred *cred,
 				     unsigned long flags)
 {
 	return 0;
 }
 static inline void security_key_free(struct key *key)
 {
 }
 static inline int security_key_permission(key_ref_t key_ref,
 					  const struct cred *cred,
 					  key_perm_t perm)
 {
 	return 0;
 }
 static inline int security_key_getsecurity(struct key *key, char **_buffer)
 {
 	*_buffer = NULL;
 	return 0;
 }
 #endif
 #endif /* CONFIG_KEYS */
 #ifdef CONFIG_AUDIT
 #ifdef CONFIG_SECURITY
 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
 int security_audit_rule_known(struct audit_krule *krule);
 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
 			      struct audit_context *actx);
 void security_audit_rule_free(void *lsmrule);
 #else
 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
 					   void **lsmrule)
 {
 	return 0;
 }
 static inline int security_audit_rule_known(struct audit_krule *krule)
 {
 	return 0;
 }
 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
 				   void *lsmrule, struct audit_context *actx)
 {
 	return 0;
 }
 static inline void security_audit_rule_free(void *lsmrule)
 { }
 #endif /* CONFIG_SECURITY */
 #endif /* CONFIG_AUDIT */
 #ifdef CONFIG_SECURITYFS
 extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
 					     struct dentry *parent, void *data,
 					     const struct file_operations *fops);
 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
 extern void securityfs_remove(struct dentry *dentry);
 #else /* CONFIG_SECURITYFS */
 static inline struct dentry *securityfs_create_dir(const char *name,
 						   struct dentry *parent)
 {
 	return ERR_PTR(-ENODEV);
 }
 static inline struct dentry *securityfs_create_file(const char *name,
 						    mode_t mode,
 						    struct dentry *parent,
 						    void *data,
 						    const struct file_operations *fops)
 {
 	return ERR_PTR(-ENODEV);
 }
 static inline void securityfs_remove(struct dentry *dentry)
 {}
 #endif
 #ifdef CONFIG_SECURITY
 static inline char *alloc_secdata(void)
 {
 	return (char *)get_zeroed_page(GFP_KERNEL);
 }
 static inline void free_secdata(void *secdata)
 {
 	free_page((unsigned long)secdata);
 }
 #else
 static inline char *alloc_secdata(void)
 {
         return (char *)1;
 }
 static inline void free_secdata(void *secdata)
 { }
 #endif /* CONFIG_SECURITY */
 #endif /* ! __LINUX_SECURITY_H */

net/unix/af_unix.c

Diff comments View file @ 3610cda

1	/*	1	/*
2	* NET4: Implementation of BSD Unix domain sockets.	2	* NET4: Implementation of BSD Unix domain sockets.
3	*	3	*
4	* Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>	4	* Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
5	*	5	*
6	* This program is free software; you can redistribute it and/or	6	* This program is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU General Public License	7	* modify it under the terms of the GNU General Public License
8	* as published by the Free Software Foundation; either version	8	* as published by the Free Software Foundation; either version
9	* 2 of the License, or (at your option) any later version.	9	* 2 of the License, or (at your option) any later version.
10	*	10	*
11	* Fixes:	11	* Fixes:
12	* Linus Torvalds : Assorted bug cures.	12	* Linus Torvalds : Assorted bug cures.
13	* Niibe Yutaka : async I/O support.	13	* Niibe Yutaka : async I/O support.
14	* Carsten Paeth : PF_UNIX check, address fixes.	14	* Carsten Paeth : PF_UNIX check, address fixes.
15	* Alan Cox : Limit size of allocated blocks.	15	* Alan Cox : Limit size of allocated blocks.
16	* Alan Cox : Fixed the stupid socketpair bug.	16	* Alan Cox : Fixed the stupid socketpair bug.
17	* Alan Cox : BSD compatibility fine tuning.	17	* Alan Cox : BSD compatibility fine tuning.
18	* Alan Cox : Fixed a bug in connect when interrupted.	18	* Alan Cox : Fixed a bug in connect when interrupted.
19	* Alan Cox : Sorted out a proper draft version of	19	* Alan Cox : Sorted out a proper draft version of
20	* file descriptor passing hacked up from	20	* file descriptor passing hacked up from
21	* Mike Shaver's work.	21	* Mike Shaver's work.
22	* Marty Leisner : Fixes to fd passing	22	* Marty Leisner : Fixes to fd passing
23	* Nick Nevin : recvmsg bugfix.	23	* Nick Nevin : recvmsg bugfix.
24	* Alan Cox : Started proper garbage collector	24	* Alan Cox : Started proper garbage collector
25	* Heiko EiBfeldt : Missing verify_area check	25	* Heiko EiBfeldt : Missing verify_area check
26	* Alan Cox : Started POSIXisms	26	* Alan Cox : Started POSIXisms
27	* Andreas Schwab : Replace inode by dentry for proper	27	* Andreas Schwab : Replace inode by dentry for proper
28	* reference counting	28	* reference counting
29	* Kirk Petersen : Made this a module	29	* Kirk Petersen : Made this a module
30	* Christoph Rohland : Elegant non-blocking accept/connect algorithm.	30	* Christoph Rohland : Elegant non-blocking accept/connect algorithm.
31	* Lots of bug fixes.	31	* Lots of bug fixes.
32	* Alexey Kuznetosv : Repaired (I hope) bugs introduces	32	* Alexey Kuznetosv : Repaired (I hope) bugs introduces
33	* by above two patches.	33	* by above two patches.
34	* Andrea Arcangeli : If possible we block in connect(2)	34	* Andrea Arcangeli : If possible we block in connect(2)
35	* if the max backlog of the listen socket	35	* if the max backlog of the listen socket
36	* is been reached. This won't break	36	* is been reached. This won't break
37	* old apps and it will avoid huge amount	37	* old apps and it will avoid huge amount
38	* of socks hashed (this for unix_gc()	38	* of socks hashed (this for unix_gc()
39	* performances reasons).	39	* performances reasons).
40	* Security fix that limits the max	40	* Security fix that limits the max
41	* number of socks to 2*max_files and	41	* number of socks to 2*max_files and
42	* the number of skb queueable in the	42	* the number of skb queueable in the
43	* dgram receiver.	43	* dgram receiver.
44	* Artur Skawina : Hash function optimizations	44	* Artur Skawina : Hash function optimizations
45	* Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)	45	* Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46	* Malcolm Beattie : Set peercred for socketpair	46	* Malcolm Beattie : Set peercred for socketpair
47	* Michal Ostrowski : Module initialization cleanup.	47	* Michal Ostrowski : Module initialization cleanup.
48	* Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,	48	* Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49	* the core infrastructure is doing that	49	* the core infrastructure is doing that
50	* for all net proto families now (2.5.69+)	50	* for all net proto families now (2.5.69+)
51	*	51	*
52	*	52	*
53	* Known differences from reference BSD that was tested:	53	* Known differences from reference BSD that was tested:
54	*	54	*
55	* [TO FIX]	55	* [TO FIX]
56	* ECONNREFUSED is not returned from one end of a connected() socket to the	56	* ECONNREFUSED is not returned from one end of a connected() socket to the
57	* other the moment one end closes.	57	* other the moment one end closes.
58	* fstat() doesn't return st_dev=0, and give the blksize as high water mark	58	* fstat() doesn't return st_dev=0, and give the blksize as high water mark
59	* and a fake inode identifier (nor the BSD first socket fstat twice bug).	59	* and a fake inode identifier (nor the BSD first socket fstat twice bug).
60	* [NOT TO FIX]	60	* [NOT TO FIX]
61	* accept() returns a path name even if the connecting socket has closed	61	* accept() returns a path name even if the connecting socket has closed
62	* in the meantime (BSD loses the path and gives up).	62	* in the meantime (BSD loses the path and gives up).
63	* accept() returns 0 length path for an unbound connector. BSD returns 16	63	* accept() returns 0 length path for an unbound connector. BSD returns 16
64	* and a null first byte in the path (but not for gethost/peername - BSD bug ??)	64	* and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65	* socketpair(...SOCK_RAW..) doesn't panic the kernel.	65	* socketpair(...SOCK_RAW..) doesn't panic the kernel.
66	* BSD af_unix apparently has connect forgetting to block properly.	66	* BSD af_unix apparently has connect forgetting to block properly.
67	* (need to check this with the POSIX spec in detail)	67	* (need to check this with the POSIX spec in detail)
68	*	68	*
69	* Differences from 2.0.0-11-... (ANK)	69	* Differences from 2.0.0-11-... (ANK)
70	* Bug fixes and improvements.	70	* Bug fixes and improvements.
71	* - client shutdown killed server socket.	71	* - client shutdown killed server socket.
72	* - removed all useless cli/sti pairs.	72	* - removed all useless cli/sti pairs.
73	*	73	*
74	* Semantic changes/extensions.	74	* Semantic changes/extensions.
75	* - generic control message passing.	75	* - generic control message passing.
76	* - SCM_CREDENTIALS control message.	76	* - SCM_CREDENTIALS control message.
77	* - "Abstract" (not FS based) socket bindings.	77	* - "Abstract" (not FS based) socket bindings.
78	* Abstract names are sequences of bytes (not zero terminated)	78	* Abstract names are sequences of bytes (not zero terminated)
79	* started by 0, so that this name space does not intersect	79	* started by 0, so that this name space does not intersect
80	* with BSD names.	80	* with BSD names.
81	*/	81	*/
82		82
83	#include <linux/module.h>	83	#include <linux/module.h>
84	#include <linux/kernel.h>	84	#include <linux/kernel.h>
85	#include <linux/signal.h>	85	#include <linux/signal.h>
86	#include <linux/sched.h>	86	#include <linux/sched.h>
87	#include <linux/errno.h>	87	#include <linux/errno.h>
88	#include <linux/string.h>	88	#include <linux/string.h>
89	#include <linux/stat.h>	89	#include <linux/stat.h>
90	#include <linux/dcache.h>	90	#include <linux/dcache.h>
91	#include <linux/namei.h>	91	#include <linux/namei.h>
92	#include <linux/socket.h>	92	#include <linux/socket.h>
93	#include <linux/un.h>	93	#include <linux/un.h>
94	#include <linux/fcntl.h>	94	#include <linux/fcntl.h>
95	#include <linux/termios.h>	95	#include <linux/termios.h>
96	#include <linux/sockios.h>	96	#include <linux/sockios.h>
97	#include <linux/net.h>	97	#include <linux/net.h>
98	#include <linux/in.h>	98	#include <linux/in.h>
99	#include <linux/fs.h>	99	#include <linux/fs.h>
100	#include <linux/slab.h>	100	#include <linux/slab.h>
101	#include <asm/uaccess.h>	101	#include <asm/uaccess.h>
102	#include <linux/skbuff.h>	102	#include <linux/skbuff.h>
103	#include <linux/netdevice.h>	103	#include <linux/netdevice.h>
104	#include <net/net_namespace.h>	104	#include <net/net_namespace.h>
105	#include <net/sock.h>	105	#include <net/sock.h>
106	#include <net/tcp_states.h>	106	#include <net/tcp_states.h>
107	#include <net/af_unix.h>	107	#include <net/af_unix.h>
108	#include <linux/proc_fs.h>	108	#include <linux/proc_fs.h>
109	#include <linux/seq_file.h>	109	#include <linux/seq_file.h>
110	#include <net/scm.h>	110	#include <net/scm.h>
111	#include <linux/init.h>	111	#include <linux/init.h>
112	#include <linux/poll.h>	112	#include <linux/poll.h>
113	#include <linux/rtnetlink.h>	113	#include <linux/rtnetlink.h>
114	#include <linux/mount.h>	114	#include <linux/mount.h>
115	#include <net/checksum.h>	115	#include <net/checksum.h>
116	#include <linux/security.h>	116	#include <linux/security.h>
117		117
118	static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];	118	static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119	static DEFINE_SPINLOCK(unix_table_lock);	119	static DEFINE_SPINLOCK(unix_table_lock);
120	static atomic_long_t unix_nr_socks;	120	static atomic_long_t unix_nr_socks;
121		121
122	#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])	122	#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
123		123
124	#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)	124	#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
125		125
126	#ifdef CONFIG_SECURITY_NETWORK	126	#ifdef CONFIG_SECURITY_NETWORK
127	static void unix_get_secdata(struct scm_cookie scm, struct sk_buff skb)	127	static void unix_get_secdata(struct scm_cookie scm, struct sk_buff skb)
128	{	128	{
129	memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));	129	memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
130	}	130	}
131		131
132	static inline void unix_set_secdata(struct scm_cookie scm, struct sk_buff skb)	132	static inline void unix_set_secdata(struct scm_cookie scm, struct sk_buff skb)
133	{	133	{
134	scm->secid = *UNIXSID(skb);	134	scm->secid = *UNIXSID(skb);
135	}	135	}
136	#else	136	#else
137	static inline void unix_get_secdata(struct scm_cookie scm, struct sk_buff skb)	137	static inline void unix_get_secdata(struct scm_cookie scm, struct sk_buff skb)
138	{ }	138	{ }
139		139
140	static inline void unix_set_secdata(struct scm_cookie scm, struct sk_buff skb)	140	static inline void unix_set_secdata(struct scm_cookie scm, struct sk_buff skb)
141	{ }	141	{ }
142	#endif /* CONFIG_SECURITY_NETWORK */	142	#endif /* CONFIG_SECURITY_NETWORK */
143		143
144	/*	144	/*
145	* SMP locking strategy:	145	* SMP locking strategy:
146	* hash table is protected with spinlock unix_table_lock	146	* hash table is protected with spinlock unix_table_lock
147	* each socket state is protected by separate spin lock.	147	* each socket state is protected by separate spin lock.
148	*/	148	*/
149		149
150	static inline unsigned unix_hash_fold(__wsum n)	150	static inline unsigned unix_hash_fold(__wsum n)
151	{	151	{
152	unsigned hash = (__force unsigned)n;	152	unsigned hash = (__force unsigned)n;
153	hash ^= hash>>16;	153	hash ^= hash>>16;
154	hash ^= hash>>8;	154	hash ^= hash>>8;
155	return hash&(UNIX_HASH_SIZE-1);	155	return hash&(UNIX_HASH_SIZE-1);
156	}	156	}
157		157
158	#define unix_peer(sk) (unix_sk(sk)->peer)	158	#define unix_peer(sk) (unix_sk(sk)->peer)
159		159
160	static inline int unix_our_peer(struct sock sk, struct sock osk)	160	static inline int unix_our_peer(struct sock sk, struct sock osk)
161	{	161	{
162	return unix_peer(osk) == sk;	162	return unix_peer(osk) == sk;
163	}	163	}
164		164
165	static inline int unix_may_send(struct sock sk, struct sock osk)	165	static inline int unix_may_send(struct sock sk, struct sock osk)
166	{	166	{
167	return unix_peer(osk) == NULL \|\| unix_our_peer(sk, osk);	167	return unix_peer(osk) == NULL \|\| unix_our_peer(sk, osk);
168	}	168	}
169		169
170	static inline int unix_recvq_full(struct sock const *sk)	170	static inline int unix_recvq_full(struct sock const *sk)
171	{	171	{
172	return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;	172	return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
173	}	173	}
174		174
175	static struct sock unix_peer_get(struct sock s)	175	static struct sock unix_peer_get(struct sock s)
176	{	176	{
177	struct sock *peer;	177	struct sock *peer;
178		178
179	unix_state_lock(s);	179	unix_state_lock(s);
180	peer = unix_peer(s);	180	peer = unix_peer(s);
181	if (peer)	181	if (peer)
182	sock_hold(peer);	182	sock_hold(peer);
183	unix_state_unlock(s);	183	unix_state_unlock(s);
184	return peer;	184	return peer;
185	}	185	}
186		186
187	static inline void unix_release_addr(struct unix_address *addr)	187	static inline void unix_release_addr(struct unix_address *addr)
188	{	188	{
189	if (atomic_dec_and_test(&addr->refcnt))	189	if (atomic_dec_and_test(&addr->refcnt))
190	kfree(addr);	190	kfree(addr);
191	}	191	}
192		192
193	/*	193	/*
194	* Check unix socket name:	194	* Check unix socket name:
195	* - should be not zero length.	195	* - should be not zero length.
196	* - if started by not zero, should be NULL terminated (FS object)	196	* - if started by not zero, should be NULL terminated (FS object)
197	* - if started by zero, it is abstract name.	197	* - if started by zero, it is abstract name.
198	*/	198	*/
199		199
200	static int unix_mkname(struct sockaddr_un sunaddr, int len, unsigned hashp)	200	static int unix_mkname(struct sockaddr_un sunaddr, int len, unsigned hashp)
201	{	201	{
202	if (len <= sizeof(short) \|\| len > sizeof(*sunaddr))	202	if (len <= sizeof(short) \|\| len > sizeof(*sunaddr))
203	return -EINVAL;	203	return -EINVAL;
204	if (!sunaddr \|\| sunaddr->sun_family != AF_UNIX)	204	if (!sunaddr \|\| sunaddr->sun_family != AF_UNIX)
205	return -EINVAL;	205	return -EINVAL;
206	if (sunaddr->sun_path[0]) {	206	if (sunaddr->sun_path[0]) {
207	/*	207	/*
208	* This may look like an off by one error but it is a bit more	208	* This may look like an off by one error but it is a bit more
209	* subtle. 108 is the longest valid AF_UNIX path for a binding.	209	* subtle. 108 is the longest valid AF_UNIX path for a binding.
210	* sun_path[108] doesnt as such exist. However in kernel space	210	* sun_path[108] doesnt as such exist. However in kernel space
211	* we are guaranteed that it is a valid memory location in our	211	* we are guaranteed that it is a valid memory location in our
212	* kernel address buffer.	212	* kernel address buffer.
213	*/	213	*/
214	((char *)sunaddr)[len] = 0;	214	((char *)sunaddr)[len] = 0;
215	len = strlen(sunaddr->sun_path)+1+sizeof(short);	215	len = strlen(sunaddr->sun_path)+1+sizeof(short);
216	return len;	216	return len;
217	}	217	}
218		218
219	*hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));	219	*hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
220	return len;	220	return len;
221	}	221	}
222		222
223	static void __unix_remove_socket(struct sock *sk)	223	static void __unix_remove_socket(struct sock *sk)
224	{	224	{
225	sk_del_node_init(sk);	225	sk_del_node_init(sk);
226	}	226	}
227		227
228	static void __unix_insert_socket(struct hlist_head list, struct sock sk)	228	static void __unix_insert_socket(struct hlist_head list, struct sock sk)
229	{	229	{
230	WARN_ON(!sk_unhashed(sk));	230	WARN_ON(!sk_unhashed(sk));
231	sk_add_node(sk, list);	231	sk_add_node(sk, list);
232	}	232	}
233		233
234	static inline void unix_remove_socket(struct sock *sk)	234	static inline void unix_remove_socket(struct sock *sk)
235	{	235	{
236	spin_lock(&unix_table_lock);	236	spin_lock(&unix_table_lock);
237	__unix_remove_socket(sk);	237	__unix_remove_socket(sk);
238	spin_unlock(&unix_table_lock);	238	spin_unlock(&unix_table_lock);
239	}	239	}
240		240
241	static inline void unix_insert_socket(struct hlist_head list, struct sock sk)	241	static inline void unix_insert_socket(struct hlist_head list, struct sock sk)
242	{	242	{
243	spin_lock(&unix_table_lock);	243	spin_lock(&unix_table_lock);
244	__unix_insert_socket(list, sk);	244	__unix_insert_socket(list, sk);
245	spin_unlock(&unix_table_lock);	245	spin_unlock(&unix_table_lock);
246	}	246	}
247		247
248	static struct sock __unix_find_socket_byname(struct net net,	248	static struct sock __unix_find_socket_byname(struct net net,
249	struct sockaddr_un *sunname,	249	struct sockaddr_un *sunname,
250	int len, int type, unsigned hash)	250	int len, int type, unsigned hash)
251	{	251	{
252	struct sock *s;	252	struct sock *s;
253	struct hlist_node *node;	253	struct hlist_node *node;
254		254
255	sk_for_each(s, node, &unix_socket_table[hash ^ type]) {	255	sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256	struct unix_sock *u = unix_sk(s);	256	struct unix_sock *u = unix_sk(s);
257		257
258	if (!net_eq(sock_net(s), net))	258	if (!net_eq(sock_net(s), net))
259	continue;	259	continue;
260		260
261	if (u->addr->len == len &&	261	if (u->addr->len == len &&
262	!memcmp(u->addr->name, sunname, len))	262	!memcmp(u->addr->name, sunname, len))
263	goto found;	263	goto found;
264	}	264	}
265	s = NULL;	265	s = NULL;
266	found:	266	found:
267	return s;	267	return s;
268	}	268	}
269		269
270	static inline struct sock unix_find_socket_byname(struct net net,	270	static inline struct sock unix_find_socket_byname(struct net net,
271	struct sockaddr_un *sunname,	271	struct sockaddr_un *sunname,
272	int len, int type,	272	int len, int type,
273	unsigned hash)	273	unsigned hash)
274	{	274	{
275	struct sock *s;	275	struct sock *s;
276		276
277	spin_lock(&unix_table_lock);	277	spin_lock(&unix_table_lock);
278	s = __unix_find_socket_byname(net, sunname, len, type, hash);	278	s = __unix_find_socket_byname(net, sunname, len, type, hash);
279	if (s)	279	if (s)
280	sock_hold(s);	280	sock_hold(s);
281	spin_unlock(&unix_table_lock);	281	spin_unlock(&unix_table_lock);
282	return s;	282	return s;
283	}	283	}
284		284
285	static struct sock unix_find_socket_byinode(struct inode i)	285	static struct sock unix_find_socket_byinode(struct inode i)
286	{	286	{
287	struct sock *s;	287	struct sock *s;
288	struct hlist_node *node;	288	struct hlist_node *node;
289		289
290	spin_lock(&unix_table_lock);	290	spin_lock(&unix_table_lock);
291	sk_for_each(s, node,	291	sk_for_each(s, node,
292	&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {	292	&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293	struct dentry *dentry = unix_sk(s)->dentry;	293	struct dentry *dentry = unix_sk(s)->dentry;
294		294
295	if (dentry && dentry->d_inode == i) {	295	if (dentry && dentry->d_inode == i) {
296	sock_hold(s);	296	sock_hold(s);
297	goto found;	297	goto found;
298	}	298	}
299	}	299	}
300	s = NULL;	300	s = NULL;
301	found:	301	found:
302	spin_unlock(&unix_table_lock);	302	spin_unlock(&unix_table_lock);
303	return s;	303	return s;
304	}	304	}
305		305
306	static inline int unix_writable(struct sock *sk)	306	static inline int unix_writable(struct sock *sk)
307	{	307	{
308	return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;	308	return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
309	}	309	}
310		310
311	static void unix_write_space(struct sock *sk)	311	static void unix_write_space(struct sock *sk)
312	{	312	{
313	struct socket_wq *wq;	313	struct socket_wq *wq;
314		314
315	rcu_read_lock();	315	rcu_read_lock();
316	if (unix_writable(sk)) {	316	if (unix_writable(sk)) {
317	wq = rcu_dereference(sk->sk_wq);	317	wq = rcu_dereference(sk->sk_wq);
318	if (wq_has_sleeper(wq))	318	if (wq_has_sleeper(wq))
319	wake_up_interruptible_sync_poll(&wq->wait,	319	wake_up_interruptible_sync_poll(&wq->wait,
320	POLLOUT \| POLLWRNORM \| POLLWRBAND);	320	POLLOUT \| POLLWRNORM \| POLLWRBAND);
321	sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);	321	sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
322	}	322	}
323	rcu_read_unlock();	323	rcu_read_unlock();
324	}	324	}
325		325
326	/* When dgram socket disconnects (or changes its peer), we clear its receive	326	/* When dgram socket disconnects (or changes its peer), we clear its receive
327	* queue of packets arrived from previous peer. First, it allows to do	327	* queue of packets arrived from previous peer. First, it allows to do
328	* flow control based only on wmem_alloc; second, sk connected to peer	328	* flow control based only on wmem_alloc; second, sk connected to peer
329	* may receive messages only from that peer. */	329	* may receive messages only from that peer. */
330	static void unix_dgram_disconnected(struct sock sk, struct sock other)	330	static void unix_dgram_disconnected(struct sock sk, struct sock other)
331	{	331	{
332	if (!skb_queue_empty(&sk->sk_receive_queue)) {	332	if (!skb_queue_empty(&sk->sk_receive_queue)) {
333	skb_queue_purge(&sk->sk_receive_queue);	333	skb_queue_purge(&sk->sk_receive_queue);
334	wake_up_interruptible_all(&unix_sk(sk)->peer_wait);	334	wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
335		335
336	/* If one link of bidirectional dgram pipe is disconnected,	336	/* If one link of bidirectional dgram pipe is disconnected,
337	* we signal error. Messages are lost. Do not make this,	337	* we signal error. Messages are lost. Do not make this,
338	* when peer was not connected to us.	338	* when peer was not connected to us.
339	*/	339	*/
340	if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {	340	if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
341	other->sk_err = ECONNRESET;	341	other->sk_err = ECONNRESET;
342	other->sk_error_report(other);	342	other->sk_error_report(other);
343	}	343	}
344	}	344	}
345	}	345	}
346		346
347	static void unix_sock_destructor(struct sock *sk)	347	static void unix_sock_destructor(struct sock *sk)
348	{	348	{
349	struct unix_sock *u = unix_sk(sk);	349	struct unix_sock *u = unix_sk(sk);
350		350
351	skb_queue_purge(&sk->sk_receive_queue);	351	skb_queue_purge(&sk->sk_receive_queue);
352		352
353	WARN_ON(atomic_read(&sk->sk_wmem_alloc));	353	WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354	WARN_ON(!sk_unhashed(sk));	354	WARN_ON(!sk_unhashed(sk));
355	WARN_ON(sk->sk_socket);	355	WARN_ON(sk->sk_socket);
356	if (!sock_flag(sk, SOCK_DEAD)) {	356	if (!sock_flag(sk, SOCK_DEAD)) {
357	printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);	357	printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
358	return;	358	return;
359	}	359	}
360		360
361	if (u->addr)	361	if (u->addr)
362	unix_release_addr(u->addr);	362	unix_release_addr(u->addr);
363		363
364	atomic_long_dec(&unix_nr_socks);	364	atomic_long_dec(&unix_nr_socks);
365	local_bh_disable();	365	local_bh_disable();
366	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);	366	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
367	local_bh_enable();	367	local_bh_enable();
368	#ifdef UNIX_REFCNT_DEBUG	368	#ifdef UNIX_REFCNT_DEBUG
369	printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,	369	printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
370	atomic_long_read(&unix_nr_socks));	370	atomic_long_read(&unix_nr_socks));
371	#endif	371	#endif
372	}	372	}
373		373
374	static int unix_release_sock(struct sock *sk, int embrion)	374	static int unix_release_sock(struct sock *sk, int embrion)
375	{	375	{
376	struct unix_sock *u = unix_sk(sk);	376	struct unix_sock *u = unix_sk(sk);
377	struct dentry *dentry;	377	struct dentry *dentry;
378	struct vfsmount *mnt;	378	struct vfsmount *mnt;
379	struct sock *skpair;	379	struct sock *skpair;
380	struct sk_buff *skb;	380	struct sk_buff *skb;
381	int state;	381	int state;
382		382
383	unix_remove_socket(sk);	383	unix_remove_socket(sk);
384		384
385	/* Clear state */	385	/* Clear state */
386	unix_state_lock(sk);	386	unix_state_lock(sk);
387	sock_orphan(sk);	387	sock_orphan(sk);
388	sk->sk_shutdown = SHUTDOWN_MASK;	388	sk->sk_shutdown = SHUTDOWN_MASK;
389	dentry = u->dentry;	389	dentry = u->dentry;
390	u->dentry = NULL;	390	u->dentry = NULL;
391	mnt = u->mnt;	391	mnt = u->mnt;
392	u->mnt = NULL;	392	u->mnt = NULL;
393	state = sk->sk_state;	393	state = sk->sk_state;
394	sk->sk_state = TCP_CLOSE;	394	sk->sk_state = TCP_CLOSE;
395	unix_state_unlock(sk);	395	unix_state_unlock(sk);
396		396
397	wake_up_interruptible_all(&u->peer_wait);	397	wake_up_interruptible_all(&u->peer_wait);
398		398
399	skpair = unix_peer(sk);	399	skpair = unix_peer(sk);
400		400
401	if (skpair != NULL) {	401	if (skpair != NULL) {
402	if (sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET) {	402	if (sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET) {
403	unix_state_lock(skpair);	403	unix_state_lock(skpair);
404	/* No more writes */	404	/* No more writes */
405	skpair->sk_shutdown = SHUTDOWN_MASK;	405	skpair->sk_shutdown = SHUTDOWN_MASK;
406	if (!skb_queue_empty(&sk->sk_receive_queue) \|\| embrion)	406	if (!skb_queue_empty(&sk->sk_receive_queue) \|\| embrion)
407	skpair->sk_err = ECONNRESET;	407	skpair->sk_err = ECONNRESET;
408	unix_state_unlock(skpair);	408	unix_state_unlock(skpair);
409	skpair->sk_state_change(skpair);	409	skpair->sk_state_change(skpair);
410	sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);	410	sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
411	}	411	}
412	sock_put(skpair); /* It may now die */	412	sock_put(skpair); /* It may now die */
413	unix_peer(sk) = NULL;	413	unix_peer(sk) = NULL;
414	}	414	}
415		415
416	/* Try to flush out this socket. Throw out buffers at least */	416	/* Try to flush out this socket. Throw out buffers at least */
417		417
418	while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {	418	while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
419	if (state == TCP_LISTEN)	419	if (state == TCP_LISTEN)
420	unix_release_sock(skb->sk, 1);	420	unix_release_sock(skb->sk, 1);
421	/* passed fds are erased in the kfree_skb hook */	421	/* passed fds are erased in the kfree_skb hook */
422	kfree_skb(skb);	422	kfree_skb(skb);
423	}	423	}
424		424
425	if (dentry) {	425	if (dentry) {
426	dput(dentry);	426	dput(dentry);
427	mntput(mnt);	427	mntput(mnt);
428	}	428	}
429		429
430	sock_put(sk);	430	sock_put(sk);
431		431
432	/* ---- Socket is dead now and most probably destroyed ---- */	432	/* ---- Socket is dead now and most probably destroyed ---- */
433		433
434	/*	434	/*
435	* Fixme: BSD difference: In BSD all sockets connected to use get	435	* Fixme: BSD difference: In BSD all sockets connected to use get
436	* ECONNRESET and we die on the spot. In Linux we behave	436	* ECONNRESET and we die on the spot. In Linux we behave
437	* like files and pipes do and wait for the last	437	* like files and pipes do and wait for the last
438	* dereference.	438	* dereference.
439	*	439	*
440	* Can't we simply set sock->err?	440	* Can't we simply set sock->err?
441	*	441	*
442	* What the above comment does talk about? --ANK(980817)	442	* What the above comment does talk about? --ANK(980817)
443	*/	443	*/
444		444
445	if (unix_tot_inflight)	445	if (unix_tot_inflight)
446	unix_gc(); /* Garbage collect fds */	446	unix_gc(); /* Garbage collect fds */
447		447
448	return 0;	448	return 0;
449	}	449	}
450		450
451	static void init_peercred(struct sock *sk)	451	static void init_peercred(struct sock *sk)
452	{	452	{
453	put_pid(sk->sk_peer_pid);	453	put_pid(sk->sk_peer_pid);
454	if (sk->sk_peer_cred)	454	if (sk->sk_peer_cred)
455	put_cred(sk->sk_peer_cred);	455	put_cred(sk->sk_peer_cred);
456	sk->sk_peer_pid = get_pid(task_tgid(current));	456	sk->sk_peer_pid = get_pid(task_tgid(current));
457	sk->sk_peer_cred = get_current_cred();	457	sk->sk_peer_cred = get_current_cred();
458	}	458	}
459		459
460	static void copy_peercred(struct sock sk, struct sock peersk)	460	static void copy_peercred(struct sock sk, struct sock peersk)
461	{	461	{
462	put_pid(sk->sk_peer_pid);	462	put_pid(sk->sk_peer_pid);
463	if (sk->sk_peer_cred)	463	if (sk->sk_peer_cred)
464	put_cred(sk->sk_peer_cred);	464	put_cred(sk->sk_peer_cred);
465	sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);	465	sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
466	sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);	466	sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467	}	467	}
468		468
469	static int unix_listen(struct socket *sock, int backlog)	469	static int unix_listen(struct socket *sock, int backlog)
470	{	470	{
471	int err;	471	int err;
472	struct sock *sk = sock->sk;	472	struct sock *sk = sock->sk;
473	struct unix_sock *u = unix_sk(sk);	473	struct unix_sock *u = unix_sk(sk);
474	struct pid *old_pid = NULL;	474	struct pid *old_pid = NULL;
475	const struct cred *old_cred = NULL;	475	const struct cred *old_cred = NULL;
476		476
477	err = -EOPNOTSUPP;	477	err = -EOPNOTSUPP;
478	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)	478	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
479	goto out; /* Only stream/seqpacket sockets accept */	479	goto out; /* Only stream/seqpacket sockets accept */
480	err = -EINVAL;	480	err = -EINVAL;
481	if (!u->addr)	481	if (!u->addr)
482	goto out; /* No listens on an unbound socket */	482	goto out; /* No listens on an unbound socket */
483	unix_state_lock(sk);	483	unix_state_lock(sk);
484	if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)	484	if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
485	goto out_unlock;	485	goto out_unlock;
486	if (backlog > sk->sk_max_ack_backlog)	486	if (backlog > sk->sk_max_ack_backlog)
487	wake_up_interruptible_all(&u->peer_wait);	487	wake_up_interruptible_all(&u->peer_wait);
488	sk->sk_max_ack_backlog = backlog;	488	sk->sk_max_ack_backlog = backlog;
489	sk->sk_state = TCP_LISTEN;	489	sk->sk_state = TCP_LISTEN;
490	/* set credentials so connect can copy them */	490	/* set credentials so connect can copy them */
491	init_peercred(sk);	491	init_peercred(sk);
492	err = 0;	492	err = 0;
493		493
494	out_unlock:	494	out_unlock:
495	unix_state_unlock(sk);	495	unix_state_unlock(sk);
496	put_pid(old_pid);	496	put_pid(old_pid);
497	if (old_cred)	497	if (old_cred)
498	put_cred(old_cred);	498	put_cred(old_cred);
499	out:	499	out:
500	return err;	500	return err;
501	}	501	}
502		502
503	static int unix_release(struct socket *);	503	static int unix_release(struct socket *);
504	static int unix_bind(struct socket , struct sockaddr , int);	504	static int unix_bind(struct socket , struct sockaddr , int);
505	static int unix_stream_connect(struct socket , struct sockaddr ,	505	static int unix_stream_connect(struct socket , struct sockaddr ,
506	int addr_len, int flags);	506	int addr_len, int flags);
507	static int unix_socketpair(struct socket , struct socket );	507	static int unix_socketpair(struct socket , struct socket );
508	static int unix_accept(struct socket , struct socket , int);	508	static int unix_accept(struct socket , struct socket , int);
509	static int unix_getname(struct socket , struct sockaddr , int *, int);	509	static int unix_getname(struct socket , struct sockaddr , int *, int);
510	static unsigned int unix_poll(struct file , struct socket , poll_table *);	510	static unsigned int unix_poll(struct file , struct socket , poll_table *);
511	static unsigned int unix_dgram_poll(struct file , struct socket ,	511	static unsigned int unix_dgram_poll(struct file , struct socket ,
512	poll_table *);	512	poll_table *);
513	static int unix_ioctl(struct socket *, unsigned int, unsigned long);	513	static int unix_ioctl(struct socket *, unsigned int, unsigned long);
514	static int unix_shutdown(struct socket *, int);	514	static int unix_shutdown(struct socket *, int);
515	static int unix_stream_sendmsg(struct kiocb , struct socket ,	515	static int unix_stream_sendmsg(struct kiocb , struct socket ,
516	struct msghdr *, size_t);	516	struct msghdr *, size_t);
517	static int unix_stream_recvmsg(struct kiocb , struct socket ,	517	static int unix_stream_recvmsg(struct kiocb , struct socket ,
518	struct msghdr *, size_t, int);	518	struct msghdr *, size_t, int);
519	static int unix_dgram_sendmsg(struct kiocb , struct socket ,	519	static int unix_dgram_sendmsg(struct kiocb , struct socket ,
520	struct msghdr *, size_t);	520	struct msghdr *, size_t);
521	static int unix_dgram_recvmsg(struct kiocb , struct socket ,	521	static int unix_dgram_recvmsg(struct kiocb , struct socket ,
522	struct msghdr *, size_t, int);	522	struct msghdr *, size_t, int);
523	static int unix_dgram_connect(struct socket , struct sockaddr ,	523	static int unix_dgram_connect(struct socket , struct sockaddr ,
524	int, int);	524	int, int);
525	static int unix_seqpacket_sendmsg(struct kiocb , struct socket ,	525	static int unix_seqpacket_sendmsg(struct kiocb , struct socket ,
526	struct msghdr *, size_t);	526	struct msghdr *, size_t);
527		527
528	static const struct proto_ops unix_stream_ops = {	528	static const struct proto_ops unix_stream_ops = {
529	.family = PF_UNIX,	529	.family = PF_UNIX,
530	.owner = THIS_MODULE,	530	.owner = THIS_MODULE,
531	.release = unix_release,	531	.release = unix_release,
532	.bind = unix_bind,	532	.bind = unix_bind,
533	.connect = unix_stream_connect,	533	.connect = unix_stream_connect,
534	.socketpair = unix_socketpair,	534	.socketpair = unix_socketpair,
535	.accept = unix_accept,	535	.accept = unix_accept,
536	.getname = unix_getname,	536	.getname = unix_getname,
537	.poll = unix_poll,	537	.poll = unix_poll,
538	.ioctl = unix_ioctl,	538	.ioctl = unix_ioctl,
539	.listen = unix_listen,	539	.listen = unix_listen,
540	.shutdown = unix_shutdown,	540	.shutdown = unix_shutdown,
541	.setsockopt = sock_no_setsockopt,	541	.setsockopt = sock_no_setsockopt,
542	.getsockopt = sock_no_getsockopt,	542	.getsockopt = sock_no_getsockopt,
543	.sendmsg = unix_stream_sendmsg,	543	.sendmsg = unix_stream_sendmsg,
544	.recvmsg = unix_stream_recvmsg,	544	.recvmsg = unix_stream_recvmsg,
545	.mmap = sock_no_mmap,	545	.mmap = sock_no_mmap,
546	.sendpage = sock_no_sendpage,	546	.sendpage = sock_no_sendpage,
547	};	547	};
548		548
549	static const struct proto_ops unix_dgram_ops = {	549	static const struct proto_ops unix_dgram_ops = {
550	.family = PF_UNIX,	550	.family = PF_UNIX,
551	.owner = THIS_MODULE,	551	.owner = THIS_MODULE,
552	.release = unix_release,	552	.release = unix_release,
553	.bind = unix_bind,	553	.bind = unix_bind,
554	.connect = unix_dgram_connect,	554	.connect = unix_dgram_connect,
555	.socketpair = unix_socketpair,	555	.socketpair = unix_socketpair,
556	.accept = sock_no_accept,	556	.accept = sock_no_accept,
557	.getname = unix_getname,	557	.getname = unix_getname,
558	.poll = unix_dgram_poll,	558	.poll = unix_dgram_poll,
559	.ioctl = unix_ioctl,	559	.ioctl = unix_ioctl,
560	.listen = sock_no_listen,	560	.listen = sock_no_listen,
561	.shutdown = unix_shutdown,	561	.shutdown = unix_shutdown,
562	.setsockopt = sock_no_setsockopt,	562	.setsockopt = sock_no_setsockopt,
563	.getsockopt = sock_no_getsockopt,	563	.getsockopt = sock_no_getsockopt,
564	.sendmsg = unix_dgram_sendmsg,	564	.sendmsg = unix_dgram_sendmsg,
565	.recvmsg = unix_dgram_recvmsg,	565	.recvmsg = unix_dgram_recvmsg,
566	.mmap = sock_no_mmap,	566	.mmap = sock_no_mmap,
567	.sendpage = sock_no_sendpage,	567	.sendpage = sock_no_sendpage,
568	};	568	};
569		569
570	static const struct proto_ops unix_seqpacket_ops = {	570	static const struct proto_ops unix_seqpacket_ops = {
571	.family = PF_UNIX,	571	.family = PF_UNIX,
572	.owner = THIS_MODULE,	572	.owner = THIS_MODULE,
573	.release = unix_release,	573	.release = unix_release,
574	.bind = unix_bind,	574	.bind = unix_bind,
575	.connect = unix_stream_connect,	575	.connect = unix_stream_connect,
576	.socketpair = unix_socketpair,	576	.socketpair = unix_socketpair,
577	.accept = unix_accept,	577	.accept = unix_accept,
578	.getname = unix_getname,	578	.getname = unix_getname,
579	.poll = unix_dgram_poll,	579	.poll = unix_dgram_poll,
580	.ioctl = unix_ioctl,	580	.ioctl = unix_ioctl,
581	.listen = unix_listen,	581	.listen = unix_listen,
582	.shutdown = unix_shutdown,	582	.shutdown = unix_shutdown,
583	.setsockopt = sock_no_setsockopt,	583	.setsockopt = sock_no_setsockopt,
584	.getsockopt = sock_no_getsockopt,	584	.getsockopt = sock_no_getsockopt,
585	.sendmsg = unix_seqpacket_sendmsg,	585	.sendmsg = unix_seqpacket_sendmsg,
586	.recvmsg = unix_dgram_recvmsg,	586	.recvmsg = unix_dgram_recvmsg,
587	.mmap = sock_no_mmap,	587	.mmap = sock_no_mmap,
588	.sendpage = sock_no_sendpage,	588	.sendpage = sock_no_sendpage,
589	};	589	};
590		590
591	static struct proto unix_proto = {	591	static struct proto unix_proto = {
592	.name = "UNIX",	592	.name = "UNIX",
593	.owner = THIS_MODULE,	593	.owner = THIS_MODULE,
594	.obj_size = sizeof(struct unix_sock),	594	.obj_size = sizeof(struct unix_sock),
595	};	595	};
596		596
597	/*	597	/*
598	* AF_UNIX sockets do not interact with hardware, hence they	598	* AF_UNIX sockets do not interact with hardware, hence they
599	* dont trigger interrupts - so it's safe for them to have	599	* dont trigger interrupts - so it's safe for them to have
600	* bh-unsafe locking for their sk_receive_queue.lock. Split off	600	* bh-unsafe locking for their sk_receive_queue.lock. Split off
601	* this special lock-class by reinitializing the spinlock key:	601	* this special lock-class by reinitializing the spinlock key:
602	*/	602	*/
603	static struct lock_class_key af_unix_sk_receive_queue_lock_key;	603	static struct lock_class_key af_unix_sk_receive_queue_lock_key;
604		604
605	static struct sock unix_create1(struct net net, struct socket *sock)	605	static struct sock unix_create1(struct net net, struct socket *sock)
606	{	606	{
607	struct sock *sk = NULL;	607	struct sock *sk = NULL;
608	struct unix_sock *u;	608	struct unix_sock *u;
609		609
610	atomic_long_inc(&unix_nr_socks);	610	atomic_long_inc(&unix_nr_socks);
611	if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())	611	if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
612	goto out;	612	goto out;
613		613
614	sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);	614	sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
615	if (!sk)	615	if (!sk)
616	goto out;	616	goto out;
617		617
618	sock_init_data(sock, sk);	618	sock_init_data(sock, sk);
619	lockdep_set_class(&sk->sk_receive_queue.lock,	619	lockdep_set_class(&sk->sk_receive_queue.lock,
620	&af_unix_sk_receive_queue_lock_key);	620	&af_unix_sk_receive_queue_lock_key);
621		621
622	sk->sk_write_space = unix_write_space;	622	sk->sk_write_space = unix_write_space;
623	sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;	623	sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
624	sk->sk_destruct = unix_sock_destructor;	624	sk->sk_destruct = unix_sock_destructor;
625	u = unix_sk(sk);	625	u = unix_sk(sk);
626	u->dentry = NULL;	626	u->dentry = NULL;
627	u->mnt = NULL;	627	u->mnt = NULL;
628	spin_lock_init(&u->lock);	628	spin_lock_init(&u->lock);
629	atomic_long_set(&u->inflight, 0);	629	atomic_long_set(&u->inflight, 0);
630	INIT_LIST_HEAD(&u->link);	630	INIT_LIST_HEAD(&u->link);
631	mutex_init(&u->readlock); /* single task reading lock */	631	mutex_init(&u->readlock); /* single task reading lock */
632	init_waitqueue_head(&u->peer_wait);	632	init_waitqueue_head(&u->peer_wait);
633	unix_insert_socket(unix_sockets_unbound, sk);	633	unix_insert_socket(unix_sockets_unbound, sk);
634	out:	634	out:
635	if (sk == NULL)	635	if (sk == NULL)
636	atomic_long_dec(&unix_nr_socks);	636	atomic_long_dec(&unix_nr_socks);
637	else {	637	else {
638	local_bh_disable();	638	local_bh_disable();
639	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);	639	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
640	local_bh_enable();	640	local_bh_enable();
641	}	641	}
642	return sk;	642	return sk;
643	}	643	}
644		644
645	static int unix_create(struct net net, struct socket sock, int protocol,	645	static int unix_create(struct net net, struct socket sock, int protocol,
646	int kern)	646	int kern)
647	{	647	{
648	if (protocol && protocol != PF_UNIX)	648	if (protocol && protocol != PF_UNIX)
649	return -EPROTONOSUPPORT;	649	return -EPROTONOSUPPORT;
650		650
651	sock->state = SS_UNCONNECTED;	651	sock->state = SS_UNCONNECTED;
652		652
653	switch (sock->type) {	653	switch (sock->type) {
654	case SOCK_STREAM:	654	case SOCK_STREAM:
655	sock->ops = &unix_stream_ops;	655	sock->ops = &unix_stream_ops;
656	break;	656	break;
657	/*	657	/*
658	* Believe it or not BSD has AF_UNIX, SOCK_RAW though	658	* Believe it or not BSD has AF_UNIX, SOCK_RAW though
659	* nothing uses it.	659	* nothing uses it.
660	*/	660	*/
661	case SOCK_RAW:	661	case SOCK_RAW:
662	sock->type = SOCK_DGRAM;	662	sock->type = SOCK_DGRAM;
663	case SOCK_DGRAM:	663	case SOCK_DGRAM:
664	sock->ops = &unix_dgram_ops;	664	sock->ops = &unix_dgram_ops;
665	break;	665	break;
666	case SOCK_SEQPACKET:	666	case SOCK_SEQPACKET:
667	sock->ops = &unix_seqpacket_ops;	667	sock->ops = &unix_seqpacket_ops;
668	break;	668	break;
669	default:	669	default:
670	return -ESOCKTNOSUPPORT;	670	return -ESOCKTNOSUPPORT;
671	}	671	}
672		672
673	return unix_create1(net, sock) ? 0 : -ENOMEM;	673	return unix_create1(net, sock) ? 0 : -ENOMEM;
674	}	674	}
675		675
676	static int unix_release(struct socket *sock)	676	static int unix_release(struct socket *sock)
677	{	677	{
678	struct sock *sk = sock->sk;	678	struct sock *sk = sock->sk;
679		679
680	if (!sk)	680	if (!sk)
681	return 0;	681	return 0;
682		682
683	sock->sk = NULL;	683	sock->sk = NULL;
684		684
685	return unix_release_sock(sk, 0);	685	return unix_release_sock(sk, 0);
686	}	686	}
687		687
688	static int unix_autobind(struct socket *sock)	688	static int unix_autobind(struct socket *sock)
689	{	689	{
690	struct sock *sk = sock->sk;	690	struct sock *sk = sock->sk;
691	struct net *net = sock_net(sk);	691	struct net *net = sock_net(sk);
692	struct unix_sock *u = unix_sk(sk);	692	struct unix_sock *u = unix_sk(sk);
693	static u32 ordernum = 1;	693	static u32 ordernum = 1;
694	struct unix_address *addr;	694	struct unix_address *addr;
695	int err;	695	int err;
696	unsigned int retries = 0;	696	unsigned int retries = 0;
697		697
698	mutex_lock(&u->readlock);	698	mutex_lock(&u->readlock);
699		699
700	err = 0;	700	err = 0;
701	if (u->addr)	701	if (u->addr)
702	goto out;	702	goto out;
703		703
704	err = -ENOMEM;	704	err = -ENOMEM;
705	addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);	705	addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
706	if (!addr)	706	if (!addr)
707	goto out;	707	goto out;
708		708
709	addr->name->sun_family = AF_UNIX;	709	addr->name->sun_family = AF_UNIX;
710	atomic_set(&addr->refcnt, 1);	710	atomic_set(&addr->refcnt, 1);
711		711
712	retry:	712	retry:
713	addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);	713	addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
714	addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));	714	addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
715		715
716	spin_lock(&unix_table_lock);	716	spin_lock(&unix_table_lock);
717	ordernum = (ordernum+1)&0xFFFFF;	717	ordernum = (ordernum+1)&0xFFFFF;
718		718
719	if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,	719	if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
720	addr->hash)) {	720	addr->hash)) {
721	spin_unlock(&unix_table_lock);	721	spin_unlock(&unix_table_lock);
722	/*	722	/*
723	* __unix_find_socket_byname() may take long time if many names	723	* __unix_find_socket_byname() may take long time if many names
724	* are already in use.	724	* are already in use.
725	*/	725	*/
726	cond_resched();	726	cond_resched();
727	/* Give up if all names seems to be in use. */	727	/* Give up if all names seems to be in use. */
728	if (retries++ == 0xFFFFF) {	728	if (retries++ == 0xFFFFF) {
729	err = -ENOSPC;	729	err = -ENOSPC;
730	kfree(addr);	730	kfree(addr);
731	goto out;	731	goto out;
732	}	732	}
733	goto retry;	733	goto retry;
734	}	734	}
735	addr->hash ^= sk->sk_type;	735	addr->hash ^= sk->sk_type;
736		736
737	__unix_remove_socket(sk);	737	__unix_remove_socket(sk);
738	u->addr = addr;	738	u->addr = addr;
739	__unix_insert_socket(&unix_socket_table[addr->hash], sk);	739	__unix_insert_socket(&unix_socket_table[addr->hash], sk);
740	spin_unlock(&unix_table_lock);	740	spin_unlock(&unix_table_lock);
741	err = 0;	741	err = 0;
742		742
743	out: mutex_unlock(&u->readlock);	743	out: mutex_unlock(&u->readlock);
744	return err;	744	return err;
745	}	745	}
746		746
747	static struct sock unix_find_other(struct net net,	747	static struct sock unix_find_other(struct net net,
748	struct sockaddr_un *sunname, int len,	748	struct sockaddr_un *sunname, int len,
749	int type, unsigned hash, int *error)	749	int type, unsigned hash, int *error)
750	{	750	{
751	struct sock *u;	751	struct sock *u;
752	struct path path;	752	struct path path;
753	int err = 0;	753	int err = 0;
754		754
755	if (sunname->sun_path[0]) {	755	if (sunname->sun_path[0]) {
756	struct inode *inode;	756	struct inode *inode;
757	err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);	757	err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
758	if (err)	758	if (err)
759	goto fail;	759	goto fail;
760	inode = path.dentry->d_inode;	760	inode = path.dentry->d_inode;
761	err = inode_permission(inode, MAY_WRITE);	761	err = inode_permission(inode, MAY_WRITE);
762	if (err)	762	if (err)
763	goto put_fail;	763	goto put_fail;
764		764
765	err = -ECONNREFUSED;	765	err = -ECONNREFUSED;
766	if (!S_ISSOCK(inode->i_mode))	766	if (!S_ISSOCK(inode->i_mode))
767	goto put_fail;	767	goto put_fail;
768	u = unix_find_socket_byinode(inode);	768	u = unix_find_socket_byinode(inode);
769	if (!u)	769	if (!u)
770	goto put_fail;	770	goto put_fail;
771		771
772	if (u->sk_type == type)	772	if (u->sk_type == type)
773	touch_atime(path.mnt, path.dentry);	773	touch_atime(path.mnt, path.dentry);
774		774
775	path_put(&path);	775	path_put(&path);
776		776
777	err = -EPROTOTYPE;	777	err = -EPROTOTYPE;
778	if (u->sk_type != type) {	778	if (u->sk_type != type) {
779	sock_put(u);	779	sock_put(u);
780	goto fail;	780	goto fail;
781	}	781	}
782	} else {	782	} else {
783	err = -ECONNREFUSED;	783	err = -ECONNREFUSED;
784	u = unix_find_socket_byname(net, sunname, len, type, hash);	784	u = unix_find_socket_byname(net, sunname, len, type, hash);
785	if (u) {	785	if (u) {
786	struct dentry *dentry;	786	struct dentry *dentry;
787	dentry = unix_sk(u)->dentry;	787	dentry = unix_sk(u)->dentry;
788	if (dentry)	788	if (dentry)
789	touch_atime(unix_sk(u)->mnt, dentry);	789	touch_atime(unix_sk(u)->mnt, dentry);
790	} else	790	} else
791	goto fail;	791	goto fail;
792	}	792	}
793	return u;	793	return u;
794		794
795	put_fail:	795	put_fail:
796	path_put(&path);	796	path_put(&path);
797	fail:	797	fail:
798	*error = err;	798	*error = err;
799	return NULL;	799	return NULL;
800	}	800	}
801		801
802		802
803	static int unix_bind(struct socket sock, struct sockaddr uaddr, int addr_len)	803	static int unix_bind(struct socket sock, struct sockaddr uaddr, int addr_len)
804	{	804	{
805	struct sock *sk = sock->sk;	805	struct sock *sk = sock->sk;
806	struct net *net = sock_net(sk);	806	struct net *net = sock_net(sk);
807	struct unix_sock *u = unix_sk(sk);	807	struct unix_sock *u = unix_sk(sk);
808	struct sockaddr_un sunaddr = (struct sockaddr_un )uaddr;	808	struct sockaddr_un sunaddr = (struct sockaddr_un )uaddr;
809	struct dentry *dentry = NULL;	809	struct dentry *dentry = NULL;
810	struct nameidata nd;	810	struct nameidata nd;
811	int err;	811	int err;
812	unsigned hash;	812	unsigned hash;
813	struct unix_address *addr;	813	struct unix_address *addr;
814	struct hlist_head *list;	814	struct hlist_head *list;
815		815
816	err = -EINVAL;	816	err = -EINVAL;
817	if (sunaddr->sun_family != AF_UNIX)	817	if (sunaddr->sun_family != AF_UNIX)
818	goto out;	818	goto out;
819		819
820	if (addr_len == sizeof(short)) {	820	if (addr_len == sizeof(short)) {
821	err = unix_autobind(sock);	821	err = unix_autobind(sock);
822	goto out;	822	goto out;
823	}	823	}
824		824
825	err = unix_mkname(sunaddr, addr_len, &hash);	825	err = unix_mkname(sunaddr, addr_len, &hash);
826	if (err < 0)	826	if (err < 0)
827	goto out;	827	goto out;
828	addr_len = err;	828	addr_len = err;
829		829
830	mutex_lock(&u->readlock);	830	mutex_lock(&u->readlock);
831		831
832	err = -EINVAL;	832	err = -EINVAL;
833	if (u->addr)	833	if (u->addr)
834	goto out_up;	834	goto out_up;
835		835
836	err = -ENOMEM;	836	err = -ENOMEM;
837	addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);	837	addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
838	if (!addr)	838	if (!addr)
839	goto out_up;	839	goto out_up;
840		840
841	memcpy(addr->name, sunaddr, addr_len);	841	memcpy(addr->name, sunaddr, addr_len);
842	addr->len = addr_len;	842	addr->len = addr_len;
843	addr->hash = hash ^ sk->sk_type;	843	addr->hash = hash ^ sk->sk_type;
844	atomic_set(&addr->refcnt, 1);	844	atomic_set(&addr->refcnt, 1);
845		845
846	if (sunaddr->sun_path[0]) {	846	if (sunaddr->sun_path[0]) {
847	unsigned int mode;	847	unsigned int mode;
848	err = 0;	848	err = 0;
849	/*	849	/*
850	* Get the parent directory, calculate the hash for last	850	* Get the parent directory, calculate the hash for last
851	* component.	851	* component.
852	*/	852	*/
853	err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);	853	err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
854	if (err)	854	if (err)
855	goto out_mknod_parent;	855	goto out_mknod_parent;
856		856
857	dentry = lookup_create(&nd, 0);	857	dentry = lookup_create(&nd, 0);
858	err = PTR_ERR(dentry);	858	err = PTR_ERR(dentry);
859	if (IS_ERR(dentry))	859	if (IS_ERR(dentry))
860	goto out_mknod_unlock;	860	goto out_mknod_unlock;
861		861
862	/*	862	/*
863	* All right, let's create it.	863	* All right, let's create it.
864	*/	864	*/
865	mode = S_IFSOCK \|	865	mode = S_IFSOCK \|
866	(SOCK_INODE(sock)->i_mode & ~current_umask());	866	(SOCK_INODE(sock)->i_mode & ~current_umask());
867	err = mnt_want_write(nd.path.mnt);	867	err = mnt_want_write(nd.path.mnt);
868	if (err)	868	if (err)
869	goto out_mknod_dput;	869	goto out_mknod_dput;
870	err = security_path_mknod(&nd.path, dentry, mode, 0);	870	err = security_path_mknod(&nd.path, dentry, mode, 0);
871	if (err)	871	if (err)
872	goto out_mknod_drop_write;	872	goto out_mknod_drop_write;
873	err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);	873	err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
874	out_mknod_drop_write:	874	out_mknod_drop_write:
875	mnt_drop_write(nd.path.mnt);	875	mnt_drop_write(nd.path.mnt);
876	if (err)	876	if (err)
877	goto out_mknod_dput;	877	goto out_mknod_dput;
878	mutex_unlock(&nd.path.dentry->d_inode->i_mutex);	878	mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
879	dput(nd.path.dentry);	879	dput(nd.path.dentry);
880	nd.path.dentry = dentry;	880	nd.path.dentry = dentry;
881		881
882	addr->hash = UNIX_HASH_SIZE;	882	addr->hash = UNIX_HASH_SIZE;
883	}	883	}
884		884
885	spin_lock(&unix_table_lock);	885	spin_lock(&unix_table_lock);
886		886
887	if (!sunaddr->sun_path[0]) {	887	if (!sunaddr->sun_path[0]) {
888	err = -EADDRINUSE;	888	err = -EADDRINUSE;
889	if (__unix_find_socket_byname(net, sunaddr, addr_len,	889	if (__unix_find_socket_byname(net, sunaddr, addr_len,
890	sk->sk_type, hash)) {	890	sk->sk_type, hash)) {
891	unix_release_addr(addr);	891	unix_release_addr(addr);
892	goto out_unlock;	892	goto out_unlock;
893	}	893	}
894		894
895	list = &unix_socket_table[addr->hash];	895	list = &unix_socket_table[addr->hash];
896	} else {	896	} else {
897	list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];	897	list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
898	u->dentry = nd.path.dentry;	898	u->dentry = nd.path.dentry;
899	u->mnt = nd.path.mnt;	899	u->mnt = nd.path.mnt;
900	}	900	}
901		901
902	err = 0;	902	err = 0;
903	__unix_remove_socket(sk);	903	__unix_remove_socket(sk);
904	u->addr = addr;	904	u->addr = addr;
905	__unix_insert_socket(list, sk);	905	__unix_insert_socket(list, sk);
906		906
907	out_unlock:	907	out_unlock:
908	spin_unlock(&unix_table_lock);	908	spin_unlock(&unix_table_lock);
909	out_up:	909	out_up:
910	mutex_unlock(&u->readlock);	910	mutex_unlock(&u->readlock);
911	out:	911	out:
912	return err;	912	return err;
913		913
914	out_mknod_dput:	914	out_mknod_dput:
915	dput(dentry);	915	dput(dentry);
916	out_mknod_unlock:	916	out_mknod_unlock:
917	mutex_unlock(&nd.path.dentry->d_inode->i_mutex);	917	mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
918	path_put(&nd.path);	918	path_put(&nd.path);
919	out_mknod_parent:	919	out_mknod_parent:
920	if (err == -EEXIST)	920	if (err == -EEXIST)
921	err = -EADDRINUSE;	921	err = -EADDRINUSE;
922	unix_release_addr(addr);	922	unix_release_addr(addr);
923	goto out_up;	923	goto out_up;
924	}	924	}
925		925
926	static void unix_state_double_lock(struct sock sk1, struct sock sk2)	926	static void unix_state_double_lock(struct sock sk1, struct sock sk2)
927	{	927	{
928	if (unlikely(sk1 == sk2) \|\| !sk2) {	928	if (unlikely(sk1 == sk2) \|\| !sk2) {
929	unix_state_lock(sk1);	929	unix_state_lock(sk1);
930	return;	930	return;
931	}	931	}
932	if (sk1 < sk2) {	932	if (sk1 < sk2) {
933	unix_state_lock(sk1);	933	unix_state_lock(sk1);
934	unix_state_lock_nested(sk2);	934	unix_state_lock_nested(sk2);
935	} else {	935	} else {
936	unix_state_lock(sk2);	936	unix_state_lock(sk2);
937	unix_state_lock_nested(sk1);	937	unix_state_lock_nested(sk1);
938	}	938	}
939	}	939	}
940		940
941	static void unix_state_double_unlock(struct sock sk1, struct sock sk2)	941	static void unix_state_double_unlock(struct sock sk1, struct sock sk2)
942	{	942	{
943	if (unlikely(sk1 == sk2) \|\| !sk2) {	943	if (unlikely(sk1 == sk2) \|\| !sk2) {
944	unix_state_unlock(sk1);	944	unix_state_unlock(sk1);
945	return;	945	return;
946	}	946	}
947	unix_state_unlock(sk1);	947	unix_state_unlock(sk1);
948	unix_state_unlock(sk2);	948	unix_state_unlock(sk2);
949	}	949	}
950		950
951	static int unix_dgram_connect(struct socket sock, struct sockaddr addr,	951	static int unix_dgram_connect(struct socket sock, struct sockaddr addr,
952	int alen, int flags)	952	int alen, int flags)
953	{	953	{
954	struct sock *sk = sock->sk;	954	struct sock *sk = sock->sk;
955	struct net *net = sock_net(sk);	955	struct net *net = sock_net(sk);
956	struct sockaddr_un sunaddr = (struct sockaddr_un )addr;	956	struct sockaddr_un sunaddr = (struct sockaddr_un )addr;
957	struct sock *other;	957	struct sock *other;
958	unsigned hash;	958	unsigned hash;
959	int err;	959	int err;
960		960
961	if (addr->sa_family != AF_UNSPEC) {	961	if (addr->sa_family != AF_UNSPEC) {
962	err = unix_mkname(sunaddr, alen, &hash);	962	err = unix_mkname(sunaddr, alen, &hash);
963	if (err < 0)	963	if (err < 0)
964	goto out;	964	goto out;
965	alen = err;	965	alen = err;
966		966
967	if (test_bit(SOCK_PASSCRED, &sock->flags) &&	967	if (test_bit(SOCK_PASSCRED, &sock->flags) &&
968	!unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)	968	!unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
969	goto out;	969	goto out;
970		970
971	restart:	971	restart:
972	other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);	972	other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
973	if (!other)	973	if (!other)
974	goto out;	974	goto out;
975		975
976	unix_state_double_lock(sk, other);	976	unix_state_double_lock(sk, other);
977		977
978	/* Apparently VFS overslept socket death. Retry. */	978	/* Apparently VFS overslept socket death. Retry. */
979	if (sock_flag(other, SOCK_DEAD)) {	979	if (sock_flag(other, SOCK_DEAD)) {
980	unix_state_double_unlock(sk, other);	980	unix_state_double_unlock(sk, other);
981	sock_put(other);	981	sock_put(other);
982	goto restart;	982	goto restart;
983	}	983	}
984		984
985	err = -EPERM;	985	err = -EPERM;
986	if (!unix_may_send(sk, other))	986	if (!unix_may_send(sk, other))
987	goto out_unlock;	987	goto out_unlock;
988		988
989	err = security_unix_may_send(sk->sk_socket, other->sk_socket);	989	err = security_unix_may_send(sk->sk_socket, other->sk_socket);
990	if (err)	990	if (err)
991	goto out_unlock;	991	goto out_unlock;
992		992
993	} else {	993	} else {
994	/*	994	/*
995	* 1003.1g breaking connected state with AF_UNSPEC	995	* 1003.1g breaking connected state with AF_UNSPEC
996	*/	996	*/
997	other = NULL;	997	other = NULL;
998	unix_state_double_lock(sk, other);	998	unix_state_double_lock(sk, other);
999	}	999	}
1000		1000
1001	/*	1001	/*
1002	* If it was connected, reconnect.	1002	* If it was connected, reconnect.
1003	*/	1003	*/
1004	if (unix_peer(sk)) {	1004	if (unix_peer(sk)) {
1005	struct sock *old_peer = unix_peer(sk);	1005	struct sock *old_peer = unix_peer(sk);
1006	unix_peer(sk) = other;	1006	unix_peer(sk) = other;
1007	unix_state_double_unlock(sk, other);	1007	unix_state_double_unlock(sk, other);
1008		1008
1009	if (other != old_peer)	1009	if (other != old_peer)
1010	unix_dgram_disconnected(sk, old_peer);	1010	unix_dgram_disconnected(sk, old_peer);
1011	sock_put(old_peer);	1011	sock_put(old_peer);
1012	} else {	1012	} else {
1013	unix_peer(sk) = other;	1013	unix_peer(sk) = other;
1014	unix_state_double_unlock(sk, other);	1014	unix_state_double_unlock(sk, other);
1015	}	1015	}
1016	return 0;	1016	return 0;
1017		1017
1018	out_unlock:	1018	out_unlock:
1019	unix_state_double_unlock(sk, other);	1019	unix_state_double_unlock(sk, other);
1020	sock_put(other);	1020	sock_put(other);
1021	out:	1021	out:
1022	return err;	1022	return err;
1023	}	1023	}
1024		1024
1025	static long unix_wait_for_peer(struct sock *other, long timeo)	1025	static long unix_wait_for_peer(struct sock *other, long timeo)
1026	{	1026	{
1027	struct unix_sock *u = unix_sk(other);	1027	struct unix_sock *u = unix_sk(other);
1028	int sched;	1028	int sched;
1029	DEFINE_WAIT(wait);	1029	DEFINE_WAIT(wait);
1030		1030
1031	prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);	1031	prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1032		1032
1033	sched = !sock_flag(other, SOCK_DEAD) &&	1033	sched = !sock_flag(other, SOCK_DEAD) &&
1034	!(other->sk_shutdown & RCV_SHUTDOWN) &&	1034	!(other->sk_shutdown & RCV_SHUTDOWN) &&
1035	unix_recvq_full(other);	1035	unix_recvq_full(other);
1036		1036
1037	unix_state_unlock(other);	1037	unix_state_unlock(other);
1038		1038
1039	if (sched)	1039	if (sched)
1040	timeo = schedule_timeout(timeo);	1040	timeo = schedule_timeout(timeo);
1041		1041
1042	finish_wait(&u->peer_wait, &wait);	1042	finish_wait(&u->peer_wait, &wait);
1043	return timeo;	1043	return timeo;
1044	}	1044	}
1045		1045
1046	static int unix_stream_connect(struct socket sock, struct sockaddr uaddr,	1046	static int unix_stream_connect(struct socket sock, struct sockaddr uaddr,
1047	int addr_len, int flags)	1047	int addr_len, int flags)
1048	{	1048	{
1049	struct sockaddr_un sunaddr = (struct sockaddr_un )uaddr;	1049	struct sockaddr_un sunaddr = (struct sockaddr_un )uaddr;
1050	struct sock *sk = sock->sk;	1050	struct sock *sk = sock->sk;
1051	struct net *net = sock_net(sk);	1051	struct net *net = sock_net(sk);
1052	struct unix_sock u = unix_sk(sk), newu, *otheru;	1052	struct unix_sock u = unix_sk(sk), newu, *otheru;
1053	struct sock *newsk = NULL;	1053	struct sock *newsk = NULL;
1054	struct sock *other = NULL;	1054	struct sock *other = NULL;
1055	struct sk_buff *skb = NULL;	1055	struct sk_buff *skb = NULL;
1056	unsigned hash;	1056	unsigned hash;
1057	int st;	1057	int st;
1058	int err;	1058	int err;
1059	long timeo;	1059	long timeo;
1060		1060
1061	err = unix_mkname(sunaddr, addr_len, &hash);	1061	err = unix_mkname(sunaddr, addr_len, &hash);
1062	if (err < 0)	1062	if (err < 0)
1063	goto out;	1063	goto out;
1064	addr_len = err;	1064	addr_len = err;
1065		1065
1066	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&	1066	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1067	(err = unix_autobind(sock)) != 0)	1067	(err = unix_autobind(sock)) != 0)
1068	goto out;	1068	goto out;
1069		1069
1070	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);	1070	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1071		1071
1072	/* First of all allocate resources.	1072	/* First of all allocate resources.
1073	If we will make it after state is locked,	1073	If we will make it after state is locked,
1074	we will have to recheck all again in any case.	1074	we will have to recheck all again in any case.
1075	*/	1075	*/
1076		1076
1077	err = -ENOMEM;	1077	err = -ENOMEM;
1078		1078
1079	/* create new sock for complete connection */	1079	/* create new sock for complete connection */
1080	newsk = unix_create1(sock_net(sk), NULL);	1080	newsk = unix_create1(sock_net(sk), NULL);
1081	if (newsk == NULL)	1081	if (newsk == NULL)
1082	goto out;	1082	goto out;
1083		1083
1084	/* Allocate skb for sending to listening sock */	1084	/* Allocate skb for sending to listening sock */
1085	skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);	1085	skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1086	if (skb == NULL)	1086	if (skb == NULL)
1087	goto out;	1087	goto out;
1088		1088
1089	restart:	1089	restart:
1090	/* Find listening sock. */	1090	/* Find listening sock. */
1091	other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);	1091	other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1092	if (!other)	1092	if (!other)
1093	goto out;	1093	goto out;
1094		1094
1095	/* Latch state of peer */	1095	/* Latch state of peer */
1096	unix_state_lock(other);	1096	unix_state_lock(other);
1097		1097
1098	/* Apparently VFS overslept socket death. Retry. */	1098	/* Apparently VFS overslept socket death. Retry. */
1099	if (sock_flag(other, SOCK_DEAD)) {	1099	if (sock_flag(other, SOCK_DEAD)) {
1100	unix_state_unlock(other);	1100	unix_state_unlock(other);
1101	sock_put(other);	1101	sock_put(other);
1102	goto restart;	1102	goto restart;
1103	}	1103	}
1104		1104
1105	err = -ECONNREFUSED;	1105	err = -ECONNREFUSED;
1106	if (other->sk_state != TCP_LISTEN)	1106	if (other->sk_state != TCP_LISTEN)
1107	goto out_unlock;	1107	goto out_unlock;
1108	if (other->sk_shutdown & RCV_SHUTDOWN)	1108	if (other->sk_shutdown & RCV_SHUTDOWN)
1109	goto out_unlock;	1109	goto out_unlock;
1110		1110
1111	if (unix_recvq_full(other)) {	1111	if (unix_recvq_full(other)) {
1112	err = -EAGAIN;	1112	err = -EAGAIN;
1113	if (!timeo)	1113	if (!timeo)
1114	goto out_unlock;	1114	goto out_unlock;
1115		1115
1116	timeo = unix_wait_for_peer(other, timeo);	1116	timeo = unix_wait_for_peer(other, timeo);
1117		1117
1118	err = sock_intr_errno(timeo);	1118	err = sock_intr_errno(timeo);
1119	if (signal_pending(current))	1119	if (signal_pending(current))
1120	goto out;	1120	goto out;
1121	sock_put(other);	1121	sock_put(other);
1122	goto restart;	1122	goto restart;
1123	}	1123	}
1124		1124
1125	/* Latch our state.	1125	/* Latch our state.
1126		1126
1127	It is tricky place. We need to grab write lock and cannot	1127	It is tricky place. We need to grab write lock and cannot
1128	drop lock on peer. It is dangerous because deadlock is	1128	drop lock on peer. It is dangerous because deadlock is
1129	possible. Connect to self case and simultaneous	1129	possible. Connect to self case and simultaneous
1130	attempt to connect are eliminated by checking socket	1130	attempt to connect are eliminated by checking socket
1131	state. other is TCP_LISTEN, if sk is TCP_LISTEN we	1131	state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1132	check this before attempt to grab lock.	1132	check this before attempt to grab lock.
1133		1133
1134	Well, and we have to recheck the state after socket locked.	1134	Well, and we have to recheck the state after socket locked.
1135	*/	1135	*/
1136	st = sk->sk_state;	1136	st = sk->sk_state;
1137		1137
1138	switch (st) {	1138	switch (st) {
1139	case TCP_CLOSE:	1139	case TCP_CLOSE:
1140	/* This is ok... continue with connect */	1140	/* This is ok... continue with connect */
1141	break;	1141	break;
1142	case TCP_ESTABLISHED:	1142	case TCP_ESTABLISHED:
1143	/* Socket is already connected */	1143	/* Socket is already connected */
1144	err = -EISCONN;	1144	err = -EISCONN;
1145	goto out_unlock;	1145	goto out_unlock;
1146	default:	1146	default:
1147	err = -EINVAL;	1147	err = -EINVAL;
1148	goto out_unlock;	1148	goto out_unlock;
1149	}	1149	}
1150		1150
1151	unix_state_lock_nested(sk);	1151	unix_state_lock_nested(sk);
1152		1152
1153	if (sk->sk_state != st) {	1153	if (sk->sk_state != st) {
1154	unix_state_unlock(sk);	1154	unix_state_unlock(sk);
1155	unix_state_unlock(other);	1155	unix_state_unlock(other);
1156	sock_put(other);	1156	sock_put(other);
1157	goto restart;	1157	goto restart;
1158	}	1158	}
1159		1159
1160	err = security_unix_stream_connect(sock, other->sk_socket, newsk);	1160	err = security_unix_stream_connect(sk, other, newsk);
1161	if (err) {	1161	if (err) {
1162	unix_state_unlock(sk);	1162	unix_state_unlock(sk);
1163	goto out_unlock;	1163	goto out_unlock;
1164	}	1164	}
1165		1165
1166	/* The way is open! Fastly set all the necessary fields... */	1166	/* The way is open! Fastly set all the necessary fields... */
1167		1167
1168	sock_hold(sk);	1168	sock_hold(sk);
1169	unix_peer(newsk) = sk;	1169	unix_peer(newsk) = sk;
1170	newsk->sk_state = TCP_ESTABLISHED;	1170	newsk->sk_state = TCP_ESTABLISHED;
1171	newsk->sk_type = sk->sk_type;	1171	newsk->sk_type = sk->sk_type;
1172	init_peercred(newsk);	1172	init_peercred(newsk);
1173	newu = unix_sk(newsk);	1173	newu = unix_sk(newsk);
1174	newsk->sk_wq = &newu->peer_wq;	1174	newsk->sk_wq = &newu->peer_wq;
1175	otheru = unix_sk(other);	1175	otheru = unix_sk(other);
1176		1176
1177	/* copy address information from listening to new sock*/	1177	/* copy address information from listening to new sock*/
1178	if (otheru->addr) {	1178	if (otheru->addr) {
1179	atomic_inc(&otheru->addr->refcnt);	1179	atomic_inc(&otheru->addr->refcnt);
1180	newu->addr = otheru->addr;	1180	newu->addr = otheru->addr;
1181	}	1181	}
1182	if (otheru->dentry) {	1182	if (otheru->dentry) {
1183	newu->dentry = dget(otheru->dentry);	1183	newu->dentry = dget(otheru->dentry);
1184	newu->mnt = mntget(otheru->mnt);	1184	newu->mnt = mntget(otheru->mnt);
1185	}	1185	}
1186		1186
1187	/* Set credentials */	1187	/* Set credentials */
1188	copy_peercred(sk, other);	1188	copy_peercred(sk, other);
1189		1189
1190	sock->state = SS_CONNECTED;	1190	sock->state = SS_CONNECTED;
1191	sk->sk_state = TCP_ESTABLISHED;	1191	sk->sk_state = TCP_ESTABLISHED;
1192	sock_hold(newsk);	1192	sock_hold(newsk);
1193		1193
1194	smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */	1194	smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1195	unix_peer(sk) = newsk;	1195	unix_peer(sk) = newsk;
1196		1196
1197	unix_state_unlock(sk);	1197	unix_state_unlock(sk);
1198		1198
1199	/* take ten and and send info to listening sock */	1199	/* take ten and and send info to listening sock */
1200	spin_lock(&other->sk_receive_queue.lock);	1200	spin_lock(&other->sk_receive_queue.lock);
1201	__skb_queue_tail(&other->sk_receive_queue, skb);	1201	__skb_queue_tail(&other->sk_receive_queue, skb);
1202	spin_unlock(&other->sk_receive_queue.lock);	1202	spin_unlock(&other->sk_receive_queue.lock);
1203	unix_state_unlock(other);	1203	unix_state_unlock(other);
1204	other->sk_data_ready(other, 0);	1204	other->sk_data_ready(other, 0);
1205	sock_put(other);	1205	sock_put(other);
1206	return 0;	1206	return 0;
1207		1207
1208	out_unlock:	1208	out_unlock:
1209	if (other)	1209	if (other)
1210	unix_state_unlock(other);	1210	unix_state_unlock(other);
1211		1211
1212	out:	1212	out:
1213	kfree_skb(skb);	1213	kfree_skb(skb);
1214	if (newsk)	1214	if (newsk)
1215	unix_release_sock(newsk, 0);	1215	unix_release_sock(newsk, 0);
1216	if (other)	1216	if (other)
1217	sock_put(other);	1217	sock_put(other);
1218	return err;	1218	return err;
1219	}	1219	}
1220		1220
1221	static int unix_socketpair(struct socket socka, struct socket sockb)	1221	static int unix_socketpair(struct socket socka, struct socket sockb)
1222	{	1222	{
1223	struct sock ska = socka->sk, skb = sockb->sk;	1223	struct sock ska = socka->sk, skb = sockb->sk;
1224		1224
1225	/* Join our sockets back to back */	1225	/* Join our sockets back to back */
1226	sock_hold(ska);	1226	sock_hold(ska);
1227	sock_hold(skb);	1227	sock_hold(skb);
1228	unix_peer(ska) = skb;	1228	unix_peer(ska) = skb;
1229	unix_peer(skb) = ska;	1229	unix_peer(skb) = ska;
1230	init_peercred(ska);	1230	init_peercred(ska);
1231	init_peercred(skb);	1231	init_peercred(skb);
1232		1232
1233	if (ska->sk_type != SOCK_DGRAM) {	1233	if (ska->sk_type != SOCK_DGRAM) {
1234	ska->sk_state = TCP_ESTABLISHED;	1234	ska->sk_state = TCP_ESTABLISHED;
1235	skb->sk_state = TCP_ESTABLISHED;	1235	skb->sk_state = TCP_ESTABLISHED;
1236	socka->state = SS_CONNECTED;	1236	socka->state = SS_CONNECTED;
1237	sockb->state = SS_CONNECTED;	1237	sockb->state = SS_CONNECTED;
1238	}	1238	}
1239	return 0;	1239	return 0;
1240	}	1240	}
1241		1241
1242	static int unix_accept(struct socket sock, struct socket newsock, int flags)	1242	static int unix_accept(struct socket sock, struct socket newsock, int flags)
1243	{	1243	{
1244	struct sock *sk = sock->sk;	1244	struct sock *sk = sock->sk;
1245	struct sock *tsk;	1245	struct sock *tsk;
1246	struct sk_buff *skb;	1246	struct sk_buff *skb;
1247	int err;	1247	int err;
1248		1248
1249	err = -EOPNOTSUPP;	1249	err = -EOPNOTSUPP;
1250	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)	1250	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1251	goto out;	1251	goto out;
1252		1252
1253	err = -EINVAL;	1253	err = -EINVAL;
1254	if (sk->sk_state != TCP_LISTEN)	1254	if (sk->sk_state != TCP_LISTEN)
1255	goto out;	1255	goto out;
1256		1256
1257	/* If socket state is TCP_LISTEN it cannot change (for now...),	1257	/* If socket state is TCP_LISTEN it cannot change (for now...),
1258	* so that no locks are necessary.	1258	* so that no locks are necessary.
1259	*/	1259	*/
1260		1260
1261	skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);	1261	skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1262	if (!skb) {	1262	if (!skb) {
1263	/* This means receive shutdown. */	1263	/* This means receive shutdown. */
1264	if (err == 0)	1264	if (err == 0)
1265	err = -EINVAL;	1265	err = -EINVAL;
1266	goto out;	1266	goto out;
1267	}	1267	}
1268		1268
1269	tsk = skb->sk;	1269	tsk = skb->sk;
1270	skb_free_datagram(sk, skb);	1270	skb_free_datagram(sk, skb);
1271	wake_up_interruptible(&unix_sk(sk)->peer_wait);	1271	wake_up_interruptible(&unix_sk(sk)->peer_wait);
1272		1272
1273	/* attach accepted sock to socket */	1273	/* attach accepted sock to socket */
1274	unix_state_lock(tsk);	1274	unix_state_lock(tsk);
1275	newsock->state = SS_CONNECTED;	1275	newsock->state = SS_CONNECTED;
1276	sock_graft(tsk, newsock);	1276	sock_graft(tsk, newsock);
1277	unix_state_unlock(tsk);	1277	unix_state_unlock(tsk);
1278	return 0;	1278	return 0;
1279		1279
1280	out:	1280	out:
1281	return err;	1281	return err;
1282	}	1282	}
1283		1283
1284		1284
1285	static int unix_getname(struct socket sock, struct sockaddr uaddr, int *uaddr_len, int peer)	1285	static int unix_getname(struct socket sock, struct sockaddr uaddr, int *uaddr_len, int peer)
1286	{	1286	{
1287	struct sock *sk = sock->sk;	1287	struct sock *sk = sock->sk;
1288	struct unix_sock *u;	1288	struct unix_sock *u;
1289	DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);	1289	DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1290	int err = 0;	1290	int err = 0;
1291		1291
1292	if (peer) {	1292	if (peer) {
1293	sk = unix_peer_get(sk);	1293	sk = unix_peer_get(sk);
1294		1294
1295	err = -ENOTCONN;	1295	err = -ENOTCONN;
1296	if (!sk)	1296	if (!sk)
1297	goto out;	1297	goto out;
1298	err = 0;	1298	err = 0;
1299	} else {	1299	} else {
1300	sock_hold(sk);	1300	sock_hold(sk);
1301	}	1301	}
1302		1302
1303	u = unix_sk(sk);	1303	u = unix_sk(sk);
1304	unix_state_lock(sk);	1304	unix_state_lock(sk);
1305	if (!u->addr) {	1305	if (!u->addr) {
1306	sunaddr->sun_family = AF_UNIX;	1306	sunaddr->sun_family = AF_UNIX;
1307	sunaddr->sun_path[0] = 0;	1307	sunaddr->sun_path[0] = 0;
1308	*uaddr_len = sizeof(short);	1308	*uaddr_len = sizeof(short);
1309	} else {	1309	} else {
1310	struct unix_address *addr = u->addr;	1310	struct unix_address *addr = u->addr;
1311		1311
1312	*uaddr_len = addr->len;	1312	*uaddr_len = addr->len;
1313	memcpy(sunaddr, addr->name, *uaddr_len);	1313	memcpy(sunaddr, addr->name, *uaddr_len);
1314	}	1314	}
1315	unix_state_unlock(sk);	1315	unix_state_unlock(sk);
1316	sock_put(sk);	1316	sock_put(sk);
1317	out:	1317	out:
1318	return err;	1318	return err;
1319	}	1319	}
1320		1320
1321	static void unix_detach_fds(struct scm_cookie scm, struct sk_buff skb)	1321	static void unix_detach_fds(struct scm_cookie scm, struct sk_buff skb)
1322	{	1322	{
1323	int i;	1323	int i;
1324		1324
1325	scm->fp = UNIXCB(skb).fp;	1325	scm->fp = UNIXCB(skb).fp;
1326	UNIXCB(skb).fp = NULL;	1326	UNIXCB(skb).fp = NULL;
1327		1327
1328	for (i = scm->fp->count-1; i >= 0; i--)	1328	for (i = scm->fp->count-1; i >= 0; i--)
1329	unix_notinflight(scm->fp->fp[i]);	1329	unix_notinflight(scm->fp->fp[i]);
1330	}	1330	}
1331		1331
1332	static void unix_destruct_scm(struct sk_buff *skb)	1332	static void unix_destruct_scm(struct sk_buff *skb)
1333	{	1333	{
1334	struct scm_cookie scm;	1334	struct scm_cookie scm;
1335	memset(&scm, 0, sizeof(scm));	1335	memset(&scm, 0, sizeof(scm));
1336	scm.pid = UNIXCB(skb).pid;	1336	scm.pid = UNIXCB(skb).pid;
1337	scm.cred = UNIXCB(skb).cred;	1337	scm.cred = UNIXCB(skb).cred;
1338	if (UNIXCB(skb).fp)	1338	if (UNIXCB(skb).fp)
1339	unix_detach_fds(&scm, skb);	1339	unix_detach_fds(&scm, skb);
1340		1340
1341	/* Alas, it calls VFS */	1341	/* Alas, it calls VFS */
1342	/* So fscking what? fput() had been SMP-safe since the last Summer */	1342	/* So fscking what? fput() had been SMP-safe since the last Summer */
1343	scm_destroy(&scm);	1343	scm_destroy(&scm);
1344	sock_wfree(skb);	1344	sock_wfree(skb);
1345	}	1345	}
1346		1346
1347	#define MAX_RECURSION_LEVEL 4	1347	#define MAX_RECURSION_LEVEL 4
1348		1348
1349	static int unix_attach_fds(struct scm_cookie scm, struct sk_buff skb)	1349	static int unix_attach_fds(struct scm_cookie scm, struct sk_buff skb)
1350	{	1350	{
1351	int i;	1351	int i;
1352	unsigned char max_level = 0;	1352	unsigned char max_level = 0;
1353	int unix_sock_count = 0;	1353	int unix_sock_count = 0;
1354		1354
1355	for (i = scm->fp->count - 1; i >= 0; i--) {	1355	for (i = scm->fp->count - 1; i >= 0; i--) {
1356	struct sock *sk = unix_get_socket(scm->fp->fp[i]);	1356	struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357		1357
1358	if (sk) {	1358	if (sk) {
1359	unix_sock_count++;	1359	unix_sock_count++;
1360	max_level = max(max_level,	1360	max_level = max(max_level,
1361	unix_sk(sk)->recursion_level);	1361	unix_sk(sk)->recursion_level);
1362	}	1362	}
1363	}	1363	}
1364	if (unlikely(max_level > MAX_RECURSION_LEVEL))	1364	if (unlikely(max_level > MAX_RECURSION_LEVEL))
1365	return -ETOOMANYREFS;	1365	return -ETOOMANYREFS;
1366		1366
1367	/*	1367	/*
1368	* Need to duplicate file references for the sake of garbage	1368	* Need to duplicate file references for the sake of garbage
1369	* collection. Otherwise a socket in the fps might become a	1369	* collection. Otherwise a socket in the fps might become a
1370	* candidate for GC while the skb is not yet queued.	1370	* candidate for GC while the skb is not yet queued.
1371	*/	1371	*/
1372	UNIXCB(skb).fp = scm_fp_dup(scm->fp);	1372	UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1373	if (!UNIXCB(skb).fp)	1373	if (!UNIXCB(skb).fp)
1374	return -ENOMEM;	1374	return -ENOMEM;
1375		1375
1376	if (unix_sock_count) {	1376	if (unix_sock_count) {
1377	for (i = scm->fp->count - 1; i >= 0; i--)	1377	for (i = scm->fp->count - 1; i >= 0; i--)
1378	unix_inflight(scm->fp->fp[i]);	1378	unix_inflight(scm->fp->fp[i]);
1379	}	1379	}
1380	return max_level;	1380	return max_level;
1381	}	1381	}
1382		1382
1383	static int unix_scm_to_skb(struct scm_cookie scm, struct sk_buff skb, bool send_fds)	1383	static int unix_scm_to_skb(struct scm_cookie scm, struct sk_buff skb, bool send_fds)
1384	{	1384	{
1385	int err = 0;	1385	int err = 0;
1386	UNIXCB(skb).pid = get_pid(scm->pid);	1386	UNIXCB(skb).pid = get_pid(scm->pid);
1387	UNIXCB(skb).cred = get_cred(scm->cred);	1387	UNIXCB(skb).cred = get_cred(scm->cred);
1388	UNIXCB(skb).fp = NULL;	1388	UNIXCB(skb).fp = NULL;
1389	if (scm->fp && send_fds)	1389	if (scm->fp && send_fds)
1390	err = unix_attach_fds(scm, skb);	1390	err = unix_attach_fds(scm, skb);
1391		1391
1392	skb->destructor = unix_destruct_scm;	1392	skb->destructor = unix_destruct_scm;
1393	return err;	1393	return err;
1394	}	1394	}
1395		1395
1396	/*	1396	/*
1397	* Send AF_UNIX data.	1397	* Send AF_UNIX data.
1398	*/	1398	*/
1399		1399
1400	static int unix_dgram_sendmsg(struct kiocb kiocb, struct socket sock,	1400	static int unix_dgram_sendmsg(struct kiocb kiocb, struct socket sock,
1401	struct msghdr *msg, size_t len)	1401	struct msghdr *msg, size_t len)
1402	{	1402	{
1403	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);	1403	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1404	struct sock *sk = sock->sk;	1404	struct sock *sk = sock->sk;
1405	struct net *net = sock_net(sk);	1405	struct net *net = sock_net(sk);
1406	struct unix_sock *u = unix_sk(sk);	1406	struct unix_sock *u = unix_sk(sk);
1407	struct sockaddr_un *sunaddr = msg->msg_name;	1407	struct sockaddr_un *sunaddr = msg->msg_name;
1408	struct sock *other = NULL;	1408	struct sock *other = NULL;
1409	int namelen = 0; /* fake GCC */	1409	int namelen = 0; /* fake GCC */
1410	int err;	1410	int err;
1411	unsigned hash;	1411	unsigned hash;
1412	struct sk_buff *skb;	1412	struct sk_buff *skb;
1413	long timeo;	1413	long timeo;
1414	struct scm_cookie tmp_scm;	1414	struct scm_cookie tmp_scm;
1415	int max_level;	1415	int max_level;
1416		1416
1417	if (NULL == siocb->scm)	1417	if (NULL == siocb->scm)
1418	siocb->scm = &tmp_scm;	1418	siocb->scm = &tmp_scm;
1419	wait_for_unix_gc();	1419	wait_for_unix_gc();
1420	err = scm_send(sock, msg, siocb->scm);	1420	err = scm_send(sock, msg, siocb->scm);
1421	if (err < 0)	1421	if (err < 0)
1422	return err;	1422	return err;
1423		1423
1424	err = -EOPNOTSUPP;	1424	err = -EOPNOTSUPP;
1425	if (msg->msg_flags&MSG_OOB)	1425	if (msg->msg_flags&MSG_OOB)
1426	goto out;	1426	goto out;
1427		1427
1428	if (msg->msg_namelen) {	1428	if (msg->msg_namelen) {
1429	err = unix_mkname(sunaddr, msg->msg_namelen, &hash);	1429	err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1430	if (err < 0)	1430	if (err < 0)
1431	goto out;	1431	goto out;
1432	namelen = err;	1432	namelen = err;
1433	} else {	1433	} else {
1434	sunaddr = NULL;	1434	sunaddr = NULL;
1435	err = -ENOTCONN;	1435	err = -ENOTCONN;
1436	other = unix_peer_get(sk);	1436	other = unix_peer_get(sk);
1437	if (!other)	1437	if (!other)
1438	goto out;	1438	goto out;
1439	}	1439	}
1440		1440
1441	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr	1441	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1442	&& (err = unix_autobind(sock)) != 0)	1442	&& (err = unix_autobind(sock)) != 0)
1443	goto out;	1443	goto out;
1444		1444
1445	err = -EMSGSIZE;	1445	err = -EMSGSIZE;
1446	if (len > sk->sk_sndbuf - 32)	1446	if (len > sk->sk_sndbuf - 32)
1447	goto out;	1447	goto out;
1448		1448
1449	skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);	1449	skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1450	if (skb == NULL)	1450	if (skb == NULL)
1451	goto out;	1451	goto out;
1452		1452
1453	err = unix_scm_to_skb(siocb->scm, skb, true);	1453	err = unix_scm_to_skb(siocb->scm, skb, true);
1454	if (err < 0)	1454	if (err < 0)
1455	goto out_free;	1455	goto out_free;
1456	max_level = err + 1;	1456	max_level = err + 1;
1457	unix_get_secdata(siocb->scm, skb);	1457	unix_get_secdata(siocb->scm, skb);
1458		1458
1459	skb_reset_transport_header(skb);	1459	skb_reset_transport_header(skb);
1460	err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);	1460	err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1461	if (err)	1461	if (err)
1462	goto out_free;	1462	goto out_free;
1463		1463
1464	timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);	1464	timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1465		1465
1466	restart:	1466	restart:
1467	if (!other) {	1467	if (!other) {
1468	err = -ECONNRESET;	1468	err = -ECONNRESET;
1469	if (sunaddr == NULL)	1469	if (sunaddr == NULL)
1470	goto out_free;	1470	goto out_free;
1471		1471
1472	other = unix_find_other(net, sunaddr, namelen, sk->sk_type,	1472	other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1473	hash, &err);	1473	hash, &err);
1474	if (other == NULL)	1474	if (other == NULL)
1475	goto out_free;	1475	goto out_free;
1476	}	1476	}
1477		1477
1478	unix_state_lock(other);	1478	unix_state_lock(other);
1479	err = -EPERM;	1479	err = -EPERM;
1480	if (!unix_may_send(sk, other))	1480	if (!unix_may_send(sk, other))
1481	goto out_unlock;	1481	goto out_unlock;
1482		1482
1483	if (sock_flag(other, SOCK_DEAD)) {	1483	if (sock_flag(other, SOCK_DEAD)) {
1484	/*	1484	/*
1485	* Check with 1003.1g - what should	1485	* Check with 1003.1g - what should
1486	* datagram error	1486	* datagram error
1487	*/	1487	*/
1488	unix_state_unlock(other);	1488	unix_state_unlock(other);
1489	sock_put(other);	1489	sock_put(other);
1490		1490
1491	err = 0;	1491	err = 0;
1492	unix_state_lock(sk);	1492	unix_state_lock(sk);
1493	if (unix_peer(sk) == other) {	1493	if (unix_peer(sk) == other) {
1494	unix_peer(sk) = NULL;	1494	unix_peer(sk) = NULL;
1495	unix_state_unlock(sk);	1495	unix_state_unlock(sk);
1496		1496
1497	unix_dgram_disconnected(sk, other);	1497	unix_dgram_disconnected(sk, other);
1498	sock_put(other);	1498	sock_put(other);
1499	err = -ECONNREFUSED;	1499	err = -ECONNREFUSED;
1500	} else {	1500	} else {
1501	unix_state_unlock(sk);	1501	unix_state_unlock(sk);
1502	}	1502	}
1503		1503
1504	other = NULL;	1504	other = NULL;
1505	if (err)	1505	if (err)
1506	goto out_free;	1506	goto out_free;
1507	goto restart;	1507	goto restart;
1508	}	1508	}
1509		1509
1510	err = -EPIPE;	1510	err = -EPIPE;
1511	if (other->sk_shutdown & RCV_SHUTDOWN)	1511	if (other->sk_shutdown & RCV_SHUTDOWN)
1512	goto out_unlock;	1512	goto out_unlock;
1513		1513
1514	if (sk->sk_type != SOCK_SEQPACKET) {	1514	if (sk->sk_type != SOCK_SEQPACKET) {
1515	err = security_unix_may_send(sk->sk_socket, other->sk_socket);	1515	err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1516	if (err)	1516	if (err)
1517	goto out_unlock;	1517	goto out_unlock;
1518	}	1518	}
1519		1519
1520	if (unix_peer(other) != sk && unix_recvq_full(other)) {	1520	if (unix_peer(other) != sk && unix_recvq_full(other)) {
1521	if (!timeo) {	1521	if (!timeo) {
1522	err = -EAGAIN;	1522	err = -EAGAIN;
1523	goto out_unlock;	1523	goto out_unlock;
1524	}	1524	}
1525		1525
1526	timeo = unix_wait_for_peer(other, timeo);	1526	timeo = unix_wait_for_peer(other, timeo);
1527		1527
1528	err = sock_intr_errno(timeo);	1528	err = sock_intr_errno(timeo);
1529	if (signal_pending(current))	1529	if (signal_pending(current))
1530	goto out_free;	1530	goto out_free;
1531		1531
1532	goto restart;	1532	goto restart;
1533	}	1533	}
1534		1534
1535	if (sock_flag(other, SOCK_RCVTSTAMP))	1535	if (sock_flag(other, SOCK_RCVTSTAMP))
1536	__net_timestamp(skb);	1536	__net_timestamp(skb);
1537	skb_queue_tail(&other->sk_receive_queue, skb);	1537	skb_queue_tail(&other->sk_receive_queue, skb);
1538	if (max_level > unix_sk(other)->recursion_level)	1538	if (max_level > unix_sk(other)->recursion_level)
1539	unix_sk(other)->recursion_level = max_level;	1539	unix_sk(other)->recursion_level = max_level;
1540	unix_state_unlock(other);	1540	unix_state_unlock(other);
1541	other->sk_data_ready(other, len);	1541	other->sk_data_ready(other, len);
1542	sock_put(other);	1542	sock_put(other);
1543	scm_destroy(siocb->scm);	1543	scm_destroy(siocb->scm);
1544	return len;	1544	return len;
1545		1545
1546	out_unlock:	1546	out_unlock:
1547	unix_state_unlock(other);	1547	unix_state_unlock(other);
1548	out_free:	1548	out_free:
1549	kfree_skb(skb);	1549	kfree_skb(skb);
1550	out:	1550	out:
1551	if (other)	1551	if (other)
1552	sock_put(other);	1552	sock_put(other);
1553	scm_destroy(siocb->scm);	1553	scm_destroy(siocb->scm);
1554	return err;	1554	return err;
1555	}	1555	}
1556		1556
1557		1557
1558	static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,	1558	static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1559	struct msghdr *msg, size_t len)	1559	struct msghdr *msg, size_t len)
1560	{	1560	{
1561	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);	1561	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1562	struct sock *sk = sock->sk;	1562	struct sock *sk = sock->sk;
1563	struct sock *other = NULL;	1563	struct sock *other = NULL;
1564	struct sockaddr_un *sunaddr = msg->msg_name;	1564	struct sockaddr_un *sunaddr = msg->msg_name;
1565	int err, size;	1565	int err, size;
1566	struct sk_buff *skb;	1566	struct sk_buff *skb;
1567	int sent = 0;	1567	int sent = 0;
1568	struct scm_cookie tmp_scm;	1568	struct scm_cookie tmp_scm;
1569	bool fds_sent = false;	1569	bool fds_sent = false;
1570	int max_level;	1570	int max_level;
1571		1571
1572	if (NULL == siocb->scm)	1572	if (NULL == siocb->scm)
1573	siocb->scm = &tmp_scm;	1573	siocb->scm = &tmp_scm;
1574	wait_for_unix_gc();	1574	wait_for_unix_gc();
1575	err = scm_send(sock, msg, siocb->scm);	1575	err = scm_send(sock, msg, siocb->scm);
1576	if (err < 0)	1576	if (err < 0)
1577	return err;	1577	return err;
1578		1578
1579	err = -EOPNOTSUPP;	1579	err = -EOPNOTSUPP;
1580	if (msg->msg_flags&MSG_OOB)	1580	if (msg->msg_flags&MSG_OOB)
1581	goto out_err;	1581	goto out_err;
1582		1582
1583	if (msg->msg_namelen) {	1583	if (msg->msg_namelen) {
1584	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;	1584	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1585	goto out_err;	1585	goto out_err;
1586	} else {	1586	} else {
1587	sunaddr = NULL;	1587	sunaddr = NULL;
1588	err = -ENOTCONN;	1588	err = -ENOTCONN;
1589	other = unix_peer(sk);	1589	other = unix_peer(sk);
1590	if (!other)	1590	if (!other)
1591	goto out_err;	1591	goto out_err;
1592	}	1592	}
1593		1593
1594	if (sk->sk_shutdown & SEND_SHUTDOWN)	1594	if (sk->sk_shutdown & SEND_SHUTDOWN)
1595	goto pipe_err;	1595	goto pipe_err;
1596		1596
1597	while (sent < len) {	1597	while (sent < len) {
1598	/*	1598	/*
1599	* Optimisation for the fact that under 0.01% of X	1599	* Optimisation for the fact that under 0.01% of X
1600	* messages typically need breaking up.	1600	* messages typically need breaking up.
1601	*/	1601	*/
1602		1602
1603	size = len-sent;	1603	size = len-sent;
1604		1604
1605	/* Keep two messages in the pipe so it schedules better */	1605	/* Keep two messages in the pipe so it schedules better */
1606	if (size > ((sk->sk_sndbuf >> 1) - 64))	1606	if (size > ((sk->sk_sndbuf >> 1) - 64))
1607	size = (sk->sk_sndbuf >> 1) - 64;	1607	size = (sk->sk_sndbuf >> 1) - 64;
1608		1608
1609	if (size > SKB_MAX_ALLOC)	1609	if (size > SKB_MAX_ALLOC)
1610	size = SKB_MAX_ALLOC;	1610	size = SKB_MAX_ALLOC;
1611		1611
1612	/*	1612	/*
1613	* Grab a buffer	1613	* Grab a buffer
1614	*/	1614	*/
1615		1615
1616	skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,	1616	skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1617	&err);	1617	&err);
1618		1618
1619	if (skb == NULL)	1619	if (skb == NULL)
1620	goto out_err;	1620	goto out_err;
1621		1621
1622	/*	1622	/*
1623	* If you pass two values to the sock_alloc_send_skb	1623	* If you pass two values to the sock_alloc_send_skb
1624	* it tries to grab the large buffer with GFP_NOFS	1624	* it tries to grab the large buffer with GFP_NOFS
1625	* (which can fail easily), and if it fails grab the	1625	* (which can fail easily), and if it fails grab the
1626	* fallback size buffer which is under a page and will	1626	* fallback size buffer which is under a page and will
1627	* succeed. [Alan]	1627	* succeed. [Alan]
1628	*/	1628	*/
1629	size = min_t(int, size, skb_tailroom(skb));	1629	size = min_t(int, size, skb_tailroom(skb));
1630		1630
1631		1631
1632	/* Only send the fds in the first buffer */	1632	/* Only send the fds in the first buffer */
1633	err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);	1633	err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1634	if (err < 0) {	1634	if (err < 0) {
1635	kfree_skb(skb);	1635	kfree_skb(skb);
1636	goto out_err;	1636	goto out_err;
1637	}	1637	}
1638	max_level = err + 1;	1638	max_level = err + 1;
1639	fds_sent = true;	1639	fds_sent = true;
1640		1640
1641	err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);	1641	err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1642	if (err) {	1642	if (err) {
1643	kfree_skb(skb);	1643	kfree_skb(skb);
1644	goto out_err;	1644	goto out_err;
1645	}	1645	}
1646		1646
1647	unix_state_lock(other);	1647	unix_state_lock(other);
1648		1648
1649	if (sock_flag(other, SOCK_DEAD) \|\|	1649	if (sock_flag(other, SOCK_DEAD) \|\|
1650	(other->sk_shutdown & RCV_SHUTDOWN))	1650	(other->sk_shutdown & RCV_SHUTDOWN))
1651	goto pipe_err_free;	1651	goto pipe_err_free;
1652		1652
1653	skb_queue_tail(&other->sk_receive_queue, skb);	1653	skb_queue_tail(&other->sk_receive_queue, skb);
1654	if (max_level > unix_sk(other)->recursion_level)	1654	if (max_level > unix_sk(other)->recursion_level)
1655	unix_sk(other)->recursion_level = max_level;	1655	unix_sk(other)->recursion_level = max_level;
1656	unix_state_unlock(other);	1656	unix_state_unlock(other);
1657	other->sk_data_ready(other, size);	1657	other->sk_data_ready(other, size);
1658	sent += size;	1658	sent += size;
1659	}	1659	}
1660		1660
1661	scm_destroy(siocb->scm);	1661	scm_destroy(siocb->scm);
1662	siocb->scm = NULL;	1662	siocb->scm = NULL;
1663		1663
1664	return sent;	1664	return sent;
1665		1665
1666	pipe_err_free:	1666	pipe_err_free:
1667	unix_state_unlock(other);	1667	unix_state_unlock(other);
1668	kfree_skb(skb);	1668	kfree_skb(skb);
1669	pipe_err:	1669	pipe_err:
1670	if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))	1670	if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1671	send_sig(SIGPIPE, current, 0);	1671	send_sig(SIGPIPE, current, 0);
1672	err = -EPIPE;	1672	err = -EPIPE;
1673	out_err:	1673	out_err:
1674	scm_destroy(siocb->scm);	1674	scm_destroy(siocb->scm);
1675	siocb->scm = NULL;	1675	siocb->scm = NULL;
1676	return sent ? : err;	1676	return sent ? : err;
1677	}	1677	}
1678		1678
1679	static int unix_seqpacket_sendmsg(struct kiocb kiocb, struct socket sock,	1679	static int unix_seqpacket_sendmsg(struct kiocb kiocb, struct socket sock,
1680	struct msghdr *msg, size_t len)	1680	struct msghdr *msg, size_t len)
1681	{	1681	{
1682	int err;	1682	int err;
1683	struct sock *sk = sock->sk;	1683	struct sock *sk = sock->sk;
1684		1684
1685	err = sock_error(sk);	1685	err = sock_error(sk);
1686	if (err)	1686	if (err)
1687	return err;	1687	return err;
1688		1688
1689	if (sk->sk_state != TCP_ESTABLISHED)	1689	if (sk->sk_state != TCP_ESTABLISHED)
1690	return -ENOTCONN;	1690	return -ENOTCONN;
1691		1691
1692	if (msg->msg_namelen)	1692	if (msg->msg_namelen)
1693	msg->msg_namelen = 0;	1693	msg->msg_namelen = 0;
1694		1694
1695	return unix_dgram_sendmsg(kiocb, sock, msg, len);	1695	return unix_dgram_sendmsg(kiocb, sock, msg, len);
1696	}	1696	}
1697		1697
1698	static void unix_copy_addr(struct msghdr msg, struct sock sk)	1698	static void unix_copy_addr(struct msghdr msg, struct sock sk)
1699	{	1699	{
1700	struct unix_sock *u = unix_sk(sk);	1700	struct unix_sock *u = unix_sk(sk);
1701		1701
1702	msg->msg_namelen = 0;	1702	msg->msg_namelen = 0;
1703	if (u->addr) {	1703	if (u->addr) {
1704	msg->msg_namelen = u->addr->len;	1704	msg->msg_namelen = u->addr->len;
1705	memcpy(msg->msg_name, u->addr->name, u->addr->len);	1705	memcpy(msg->msg_name, u->addr->name, u->addr->len);
1706	}	1706	}
1707	}	1707	}
1708		1708
1709	static int unix_dgram_recvmsg(struct kiocb iocb, struct socket sock,	1709	static int unix_dgram_recvmsg(struct kiocb iocb, struct socket sock,
1710	struct msghdr *msg, size_t size,	1710	struct msghdr *msg, size_t size,
1711	int flags)	1711	int flags)
1712	{	1712	{
1713	struct sock_iocb *siocb = kiocb_to_siocb(iocb);	1713	struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1714	struct scm_cookie tmp_scm;	1714	struct scm_cookie tmp_scm;
1715	struct sock *sk = sock->sk;	1715	struct sock *sk = sock->sk;
1716	struct unix_sock *u = unix_sk(sk);	1716	struct unix_sock *u = unix_sk(sk);
1717	int noblock = flags & MSG_DONTWAIT;	1717	int noblock = flags & MSG_DONTWAIT;
1718	struct sk_buff *skb;	1718	struct sk_buff *skb;
1719	int err;	1719	int err;
1720		1720
1721	err = -EOPNOTSUPP;	1721	err = -EOPNOTSUPP;
1722	if (flags&MSG_OOB)	1722	if (flags&MSG_OOB)
1723	goto out;	1723	goto out;
1724		1724
1725	msg->msg_namelen = 0;	1725	msg->msg_namelen = 0;
1726		1726
1727	mutex_lock(&u->readlock);	1727	mutex_lock(&u->readlock);
1728		1728
1729	skb = skb_recv_datagram(sk, flags, noblock, &err);	1729	skb = skb_recv_datagram(sk, flags, noblock, &err);
1730	if (!skb) {	1730	if (!skb) {
1731	unix_state_lock(sk);	1731	unix_state_lock(sk);
1732	/* Signal EOF on disconnected non-blocking SEQPACKET socket. */	1732	/* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1733	if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&	1733	if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1734	(sk->sk_shutdown & RCV_SHUTDOWN))	1734	(sk->sk_shutdown & RCV_SHUTDOWN))
1735	err = 0;	1735	err = 0;
1736	unix_state_unlock(sk);	1736	unix_state_unlock(sk);
1737	goto out_unlock;	1737	goto out_unlock;
1738	}	1738	}
1739		1739
1740	wake_up_interruptible_sync_poll(&u->peer_wait,	1740	wake_up_interruptible_sync_poll(&u->peer_wait,
1741	POLLOUT \| POLLWRNORM \| POLLWRBAND);	1741	POLLOUT \| POLLWRNORM \| POLLWRBAND);
1742		1742
1743	if (msg->msg_name)	1743	if (msg->msg_name)
1744	unix_copy_addr(msg, skb->sk);	1744	unix_copy_addr(msg, skb->sk);
1745		1745
1746	if (size > skb->len)	1746	if (size > skb->len)
1747	size = skb->len;	1747	size = skb->len;
1748	else if (size < skb->len)	1748	else if (size < skb->len)
1749	msg->msg_flags \|= MSG_TRUNC;	1749	msg->msg_flags \|= MSG_TRUNC;
1750		1750
1751	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);	1751	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1752	if (err)	1752	if (err)
1753	goto out_free;	1753	goto out_free;
1754		1754
1755	if (sock_flag(sk, SOCK_RCVTSTAMP))	1755	if (sock_flag(sk, SOCK_RCVTSTAMP))
1756	__sock_recv_timestamp(msg, sk, skb);	1756	__sock_recv_timestamp(msg, sk, skb);
1757		1757
1758	if (!siocb->scm) {	1758	if (!siocb->scm) {
1759	siocb->scm = &tmp_scm;	1759	siocb->scm = &tmp_scm;
1760	memset(&tmp_scm, 0, sizeof(tmp_scm));	1760	memset(&tmp_scm, 0, sizeof(tmp_scm));
1761	}	1761	}
1762	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);	1762	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1763	unix_set_secdata(siocb->scm, skb);	1763	unix_set_secdata(siocb->scm, skb);
1764		1764
1765	if (!(flags & MSG_PEEK)) {	1765	if (!(flags & MSG_PEEK)) {
1766	if (UNIXCB(skb).fp)	1766	if (UNIXCB(skb).fp)
1767	unix_detach_fds(siocb->scm, skb);	1767	unix_detach_fds(siocb->scm, skb);
1768	} else {	1768	} else {
1769	/* It is questionable: on PEEK we could:	1769	/* It is questionable: on PEEK we could:
1770	- do not return fds - good, but too simple 8)	1770	- do not return fds - good, but too simple 8)
1771	- return fds, and do not return them on read (old strategy,	1771	- return fds, and do not return them on read (old strategy,
1772	apparently wrong)	1772	apparently wrong)
1773	- clone fds (I chose it for now, it is the most universal	1773	- clone fds (I chose it for now, it is the most universal
1774	solution)	1774	solution)
1775		1775
1776	POSIX 1003.1g does not actually define this clearly	1776	POSIX 1003.1g does not actually define this clearly
1777	at all. POSIX 1003.1g doesn't define a lot of things	1777	at all. POSIX 1003.1g doesn't define a lot of things
1778	clearly however!	1778	clearly however!
1779		1779
1780	*/	1780	*/
1781	if (UNIXCB(skb).fp)	1781	if (UNIXCB(skb).fp)
1782	siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);	1782	siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1783	}	1783	}
1784	err = size;	1784	err = size;
1785		1785
1786	scm_recv(sock, msg, siocb->scm, flags);	1786	scm_recv(sock, msg, siocb->scm, flags);
1787		1787
1788	out_free:	1788	out_free:
1789	skb_free_datagram(sk, skb);	1789	skb_free_datagram(sk, skb);
1790	out_unlock:	1790	out_unlock:
1791	mutex_unlock(&u->readlock);	1791	mutex_unlock(&u->readlock);
1792	out:	1792	out:
1793	return err;	1793	return err;
1794	}	1794	}
1795		1795
1796	/*	1796	/*
1797	* Sleep until data has arrive. But check for races..	1797	* Sleep until data has arrive. But check for races..
1798	*/	1798	*/
1799		1799
1800	static long unix_stream_data_wait(struct sock *sk, long timeo)	1800	static long unix_stream_data_wait(struct sock *sk, long timeo)
1801	{	1801	{
1802	DEFINE_WAIT(wait);	1802	DEFINE_WAIT(wait);
1803		1803
1804	unix_state_lock(sk);	1804	unix_state_lock(sk);
1805		1805
1806	for (;;) {	1806	for (;;) {
1807	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);	1807	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1808		1808
1809	if (!skb_queue_empty(&sk->sk_receive_queue) \|\|	1809	if (!skb_queue_empty(&sk->sk_receive_queue) \|\|
1810	sk->sk_err \|\|	1810	sk->sk_err \|\|
1811	(sk->sk_shutdown & RCV_SHUTDOWN) \|\|	1811	(sk->sk_shutdown & RCV_SHUTDOWN) \|\|
1812	signal_pending(current) \|\|	1812	signal_pending(current) \|\|
1813	!timeo)	1813	!timeo)
1814	break;	1814	break;
1815		1815
1816	set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);	1816	set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1817	unix_state_unlock(sk);	1817	unix_state_unlock(sk);
1818	timeo = schedule_timeout(timeo);	1818	timeo = schedule_timeout(timeo);
1819	unix_state_lock(sk);	1819	unix_state_lock(sk);
1820	clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);	1820	clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1821	}	1821	}
1822		1822
1823	finish_wait(sk_sleep(sk), &wait);	1823	finish_wait(sk_sleep(sk), &wait);
1824	unix_state_unlock(sk);	1824	unix_state_unlock(sk);
1825	return timeo;	1825	return timeo;
1826	}	1826	}
1827		1827
1828		1828
1829		1829
1830	static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,	1830	static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1831	struct msghdr *msg, size_t size,	1831	struct msghdr *msg, size_t size,
1832	int flags)	1832	int flags)
1833	{	1833	{
1834	struct sock_iocb *siocb = kiocb_to_siocb(iocb);	1834	struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1835	struct scm_cookie tmp_scm;	1835	struct scm_cookie tmp_scm;
1836	struct sock *sk = sock->sk;	1836	struct sock *sk = sock->sk;
1837	struct unix_sock *u = unix_sk(sk);	1837	struct unix_sock *u = unix_sk(sk);
1838	struct sockaddr_un *sunaddr = msg->msg_name;	1838	struct sockaddr_un *sunaddr = msg->msg_name;
1839	int copied = 0;	1839	int copied = 0;
1840	int check_creds = 0;	1840	int check_creds = 0;
1841	int target;	1841	int target;
1842	int err = 0;	1842	int err = 0;
1843	long timeo;	1843	long timeo;
1844		1844
1845	err = -EINVAL;	1845	err = -EINVAL;
1846	if (sk->sk_state != TCP_ESTABLISHED)	1846	if (sk->sk_state != TCP_ESTABLISHED)
1847	goto out;	1847	goto out;
1848		1848
1849	err = -EOPNOTSUPP;	1849	err = -EOPNOTSUPP;
1850	if (flags&MSG_OOB)	1850	if (flags&MSG_OOB)
1851	goto out;	1851	goto out;
1852		1852
1853	target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);	1853	target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1854	timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);	1854	timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1855		1855
1856	msg->msg_namelen = 0;	1856	msg->msg_namelen = 0;
1857		1857
1858	/* Lock the socket to prevent queue disordering	1858	/* Lock the socket to prevent queue disordering
1859	* while sleeps in memcpy_tomsg	1859	* while sleeps in memcpy_tomsg
1860	*/	1860	*/
1861		1861
1862	if (!siocb->scm) {	1862	if (!siocb->scm) {
1863	siocb->scm = &tmp_scm;	1863	siocb->scm = &tmp_scm;
1864	memset(&tmp_scm, 0, sizeof(tmp_scm));	1864	memset(&tmp_scm, 0, sizeof(tmp_scm));
1865	}	1865	}
1866		1866
1867	mutex_lock(&u->readlock);	1867	mutex_lock(&u->readlock);
1868		1868
1869	do {	1869	do {
1870	int chunk;	1870	int chunk;
1871	struct sk_buff *skb;	1871	struct sk_buff *skb;
1872		1872
1873	unix_state_lock(sk);	1873	unix_state_lock(sk);
1874	skb = skb_dequeue(&sk->sk_receive_queue);	1874	skb = skb_dequeue(&sk->sk_receive_queue);
1875	if (skb == NULL) {	1875	if (skb == NULL) {
1876	unix_sk(sk)->recursion_level = 0;	1876	unix_sk(sk)->recursion_level = 0;
1877	if (copied >= target)	1877	if (copied >= target)
1878	goto unlock;	1878	goto unlock;
1879		1879
1880	/*	1880	/*
1881	* POSIX 1003.1g mandates this order.	1881	* POSIX 1003.1g mandates this order.
1882	*/	1882	*/
1883		1883
1884	err = sock_error(sk);	1884	err = sock_error(sk);
1885	if (err)	1885	if (err)
1886	goto unlock;	1886	goto unlock;
1887	if (sk->sk_shutdown & RCV_SHUTDOWN)	1887	if (sk->sk_shutdown & RCV_SHUTDOWN)
1888	goto unlock;	1888	goto unlock;
1889		1889
1890	unix_state_unlock(sk);	1890	unix_state_unlock(sk);
1891	err = -EAGAIN;	1891	err = -EAGAIN;
1892	if (!timeo)	1892	if (!timeo)
1893	break;	1893	break;
1894	mutex_unlock(&u->readlock);	1894	mutex_unlock(&u->readlock);
1895		1895
1896	timeo = unix_stream_data_wait(sk, timeo);	1896	timeo = unix_stream_data_wait(sk, timeo);
1897		1897
1898	if (signal_pending(current)) {	1898	if (signal_pending(current)) {
1899	err = sock_intr_errno(timeo);	1899	err = sock_intr_errno(timeo);
1900	goto out;	1900	goto out;
1901	}	1901	}
1902	mutex_lock(&u->readlock);	1902	mutex_lock(&u->readlock);
1903	continue;	1903	continue;
1904	unlock:	1904	unlock:
1905	unix_state_unlock(sk);	1905	unix_state_unlock(sk);
1906	break;	1906	break;
1907	}	1907	}
1908	unix_state_unlock(sk);	1908	unix_state_unlock(sk);
1909		1909
1910	if (check_creds) {	1910	if (check_creds) {
1911	/* Never glue messages from different writers */	1911	/* Never glue messages from different writers */
1912	if ((UNIXCB(skb).pid != siocb->scm->pid) \|\|	1912	if ((UNIXCB(skb).pid != siocb->scm->pid) \|\|
1913	(UNIXCB(skb).cred != siocb->scm->cred)) {	1913	(UNIXCB(skb).cred != siocb->scm->cred)) {
1914	skb_queue_head(&sk->sk_receive_queue, skb);	1914	skb_queue_head(&sk->sk_receive_queue, skb);
1915	break;	1915	break;
1916	}	1916	}
1917	} else {	1917	} else {
1918	/* Copy credentials */	1918	/* Copy credentials */
1919	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);	1919	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1920	check_creds = 1;	1920	check_creds = 1;
1921	}	1921	}
1922		1922
1923	/* Copy address just once */	1923	/* Copy address just once */
1924	if (sunaddr) {	1924	if (sunaddr) {
1925	unix_copy_addr(msg, skb->sk);	1925	unix_copy_addr(msg, skb->sk);
1926	sunaddr = NULL;	1926	sunaddr = NULL;
1927	}	1927	}
1928		1928
1929	chunk = min_t(unsigned int, skb->len, size);	1929	chunk = min_t(unsigned int, skb->len, size);
1930	if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {	1930	if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1931	skb_queue_head(&sk->sk_receive_queue, skb);	1931	skb_queue_head(&sk->sk_receive_queue, skb);
1932	if (copied == 0)	1932	if (copied == 0)
1933	copied = -EFAULT;	1933	copied = -EFAULT;
1934	break;	1934	break;
1935	}	1935	}
1936	copied += chunk;	1936	copied += chunk;
1937	size -= chunk;	1937	size -= chunk;
1938		1938
1939	/* Mark read part of skb as used */	1939	/* Mark read part of skb as used */
1940	if (!(flags & MSG_PEEK)) {	1940	if (!(flags & MSG_PEEK)) {
1941	skb_pull(skb, chunk);	1941	skb_pull(skb, chunk);
1942		1942
1943	if (UNIXCB(skb).fp)	1943	if (UNIXCB(skb).fp)
1944	unix_detach_fds(siocb->scm, skb);	1944	unix_detach_fds(siocb->scm, skb);
1945		1945
1946	/* put the skb back if we didn't use it up.. */	1946	/* put the skb back if we didn't use it up.. */
1947	if (skb->len) {	1947	if (skb->len) {
1948	skb_queue_head(&sk->sk_receive_queue, skb);	1948	skb_queue_head(&sk->sk_receive_queue, skb);
1949	break;	1949	break;
1950	}	1950	}
1951		1951
1952	consume_skb(skb);	1952	consume_skb(skb);
1953		1953
1954	if (siocb->scm->fp)	1954	if (siocb->scm->fp)
1955	break;	1955	break;
1956	} else {	1956	} else {
1957	/* It is questionable, see note in unix_dgram_recvmsg.	1957	/* It is questionable, see note in unix_dgram_recvmsg.
1958	*/	1958	*/
1959	if (UNIXCB(skb).fp)	1959	if (UNIXCB(skb).fp)
1960	siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);	1960	siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1961		1961
1962	/* put message back and return */	1962	/* put message back and return */
1963	skb_queue_head(&sk->sk_receive_queue, skb);	1963	skb_queue_head(&sk->sk_receive_queue, skb);
1964	break;	1964	break;
1965	}	1965	}
1966	} while (size);	1966	} while (size);
1967		1967
1968	mutex_unlock(&u->readlock);	1968	mutex_unlock(&u->readlock);
1969	scm_recv(sock, msg, siocb->scm, flags);	1969	scm_recv(sock, msg, siocb->scm, flags);
1970	out:	1970	out:
1971	return copied ? : err;	1971	return copied ? : err;
1972	}	1972	}
1973		1973
1974	static int unix_shutdown(struct socket *sock, int mode)	1974	static int unix_shutdown(struct socket *sock, int mode)
1975	{	1975	{
1976	struct sock *sk = sock->sk;	1976	struct sock *sk = sock->sk;
1977	struct sock *other;	1977	struct sock *other;
1978		1978
1979	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);	1979	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);
1980		1980
1981	if (mode) {	1981	if (mode) {
1982	unix_state_lock(sk);	1982	unix_state_lock(sk);
1983	sk->sk_shutdown \|= mode;	1983	sk->sk_shutdown \|= mode;
1984	other = unix_peer(sk);	1984	other = unix_peer(sk);
1985	if (other)	1985	if (other)
1986	sock_hold(other);	1986	sock_hold(other);
1987	unix_state_unlock(sk);	1987	unix_state_unlock(sk);
1988	sk->sk_state_change(sk);	1988	sk->sk_state_change(sk);
1989		1989
1990	if (other &&	1990	if (other &&
1991	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {	1991	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {
1992		1992
1993	int peer_mode = 0;	1993	int peer_mode = 0;
1994		1994
1995	if (mode&RCV_SHUTDOWN)	1995	if (mode&RCV_SHUTDOWN)
1996	peer_mode \|= SEND_SHUTDOWN;	1996	peer_mode \|= SEND_SHUTDOWN;
1997	if (mode&SEND_SHUTDOWN)	1997	if (mode&SEND_SHUTDOWN)
1998	peer_mode \|= RCV_SHUTDOWN;	1998	peer_mode \|= RCV_SHUTDOWN;
1999	unix_state_lock(other);	1999	unix_state_lock(other);
2000	other->sk_shutdown \|= peer_mode;	2000	other->sk_shutdown \|= peer_mode;
2001	unix_state_unlock(other);	2001	unix_state_unlock(other);
2002	other->sk_state_change(other);	2002	other->sk_state_change(other);
2003	if (peer_mode == SHUTDOWN_MASK)	2003	if (peer_mode == SHUTDOWN_MASK)
2004	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);	2004	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2005	else if (peer_mode & RCV_SHUTDOWN)	2005	else if (peer_mode & RCV_SHUTDOWN)
2006	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);	2006	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2007	}	2007	}
2008	if (other)	2008	if (other)
2009	sock_put(other);	2009	sock_put(other);
2010	}	2010	}
2011	return 0;	2011	return 0;
2012	}	2012	}
2013		2013
2014	static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)	2014	static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2015	{	2015	{
2016	struct sock *sk = sock->sk;	2016	struct sock *sk = sock->sk;
2017	long amount = 0;	2017	long amount = 0;
2018	int err;	2018	int err;
2019		2019
2020	switch (cmd) {	2020	switch (cmd) {
2021	case SIOCOUTQ:	2021	case SIOCOUTQ:
2022	amount = sk_wmem_alloc_get(sk);	2022	amount = sk_wmem_alloc_get(sk);
2023	err = put_user(amount, (int __user *)arg);	2023	err = put_user(amount, (int __user *)arg);
2024	break;	2024	break;
2025	case SIOCINQ:	2025	case SIOCINQ:
2026	{	2026	{
2027	struct sk_buff *skb;	2027	struct sk_buff *skb;
2028		2028
2029	if (sk->sk_state == TCP_LISTEN) {	2029	if (sk->sk_state == TCP_LISTEN) {
2030	err = -EINVAL;	2030	err = -EINVAL;
2031	break;	2031	break;
2032	}	2032	}
2033		2033
2034	spin_lock(&sk->sk_receive_queue.lock);	2034	spin_lock(&sk->sk_receive_queue.lock);
2035	if (sk->sk_type == SOCK_STREAM \|\|	2035	if (sk->sk_type == SOCK_STREAM \|\|
2036	sk->sk_type == SOCK_SEQPACKET) {	2036	sk->sk_type == SOCK_SEQPACKET) {
2037	skb_queue_walk(&sk->sk_receive_queue, skb)	2037	skb_queue_walk(&sk->sk_receive_queue, skb)
2038	amount += skb->len;	2038	amount += skb->len;
2039	} else {	2039	} else {
2040	skb = skb_peek(&sk->sk_receive_queue);	2040	skb = skb_peek(&sk->sk_receive_queue);
2041	if (skb)	2041	if (skb)
2042	amount = skb->len;	2042	amount = skb->len;
2043	}	2043	}
2044	spin_unlock(&sk->sk_receive_queue.lock);	2044	spin_unlock(&sk->sk_receive_queue.lock);
2045	err = put_user(amount, (int __user *)arg);	2045	err = put_user(amount, (int __user *)arg);
2046	break;	2046	break;
2047	}	2047	}
2048		2048
2049	default:	2049	default:
2050	err = -ENOIOCTLCMD;	2050	err = -ENOIOCTLCMD;
2051	break;	2051	break;
2052	}	2052	}
2053	return err;	2053	return err;
2054	}	2054	}
2055		2055
2056	static unsigned int unix_poll(struct file file, struct socket sock, poll_table *wait)	2056	static unsigned int unix_poll(struct file file, struct socket sock, poll_table *wait)
2057	{	2057	{
2058	struct sock *sk = sock->sk;	2058	struct sock *sk = sock->sk;
2059	unsigned int mask;	2059	unsigned int mask;
2060		2060
2061	sock_poll_wait(file, sk_sleep(sk), wait);	2061	sock_poll_wait(file, sk_sleep(sk), wait);
2062	mask = 0;	2062	mask = 0;
2063		2063
2064	/* exceptional events? */	2064	/* exceptional events? */
2065	if (sk->sk_err)	2065	if (sk->sk_err)
2066	mask \|= POLLERR;	2066	mask \|= POLLERR;
2067	if (sk->sk_shutdown == SHUTDOWN_MASK)	2067	if (sk->sk_shutdown == SHUTDOWN_MASK)
2068	mask \|= POLLHUP;	2068	mask \|= POLLHUP;
2069	if (sk->sk_shutdown & RCV_SHUTDOWN)	2069	if (sk->sk_shutdown & RCV_SHUTDOWN)
2070	mask \|= POLLRDHUP \| POLLIN \| POLLRDNORM;	2070	mask \|= POLLRDHUP \| POLLIN \| POLLRDNORM;
2071		2071
2072	/* readable? */	2072	/* readable? */
2073	if (!skb_queue_empty(&sk->sk_receive_queue))	2073	if (!skb_queue_empty(&sk->sk_receive_queue))
2074	mask \|= POLLIN \| POLLRDNORM;	2074	mask \|= POLLIN \| POLLRDNORM;
2075		2075
2076	/* Connection-based need to check for termination and startup */	2076	/* Connection-based need to check for termination and startup */
2077	if ((sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET) &&	2077	if ((sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET) &&
2078	sk->sk_state == TCP_CLOSE)	2078	sk->sk_state == TCP_CLOSE)
2079	mask \|= POLLHUP;	2079	mask \|= POLLHUP;
2080		2080
2081	/*	2081	/*
2082	* we set writable also when the other side has shut down the	2082	* we set writable also when the other side has shut down the
2083	* connection. This prevents stuck sockets.	2083	* connection. This prevents stuck sockets.
2084	*/	2084	*/
2085	if (unix_writable(sk))	2085	if (unix_writable(sk))
2086	mask \|= POLLOUT \| POLLWRNORM \| POLLWRBAND;	2086	mask \|= POLLOUT \| POLLWRNORM \| POLLWRBAND;
2087		2087
2088	return mask;	2088	return mask;
2089	}	2089	}
2090		2090
2091	static unsigned int unix_dgram_poll(struct file file, struct socket sock,	2091	static unsigned int unix_dgram_poll(struct file file, struct socket sock,
2092	poll_table *wait)	2092	poll_table *wait)
2093	{	2093	{
2094	struct sock sk = sock->sk, other;	2094	struct sock sk = sock->sk, other;
2095	unsigned int mask, writable;	2095	unsigned int mask, writable;
2096		2096
2097	sock_poll_wait(file, sk_sleep(sk), wait);	2097	sock_poll_wait(file, sk_sleep(sk), wait);
2098	mask = 0;	2098	mask = 0;
2099		2099
2100	/* exceptional events? */	2100	/* exceptional events? */
2101	if (sk->sk_err \|\| !skb_queue_empty(&sk->sk_error_queue))	2101	if (sk->sk_err \|\| !skb_queue_empty(&sk->sk_error_queue))
2102	mask \|= POLLERR;	2102	mask \|= POLLERR;
2103	if (sk->sk_shutdown & RCV_SHUTDOWN)	2103	if (sk->sk_shutdown & RCV_SHUTDOWN)
2104	mask \|= POLLRDHUP \| POLLIN \| POLLRDNORM;	2104	mask \|= POLLRDHUP \| POLLIN \| POLLRDNORM;
2105	if (sk->sk_shutdown == SHUTDOWN_MASK)	2105	if (sk->sk_shutdown == SHUTDOWN_MASK)
2106	mask \|= POLLHUP;	2106	mask \|= POLLHUP;
2107		2107
2108	/* readable? */	2108	/* readable? */
2109	if (!skb_queue_empty(&sk->sk_receive_queue))	2109	if (!skb_queue_empty(&sk->sk_receive_queue))
2110	mask \|= POLLIN \| POLLRDNORM;	2110	mask \|= POLLIN \| POLLRDNORM;
2111		2111
2112	/* Connection-based need to check for termination and startup */	2112	/* Connection-based need to check for termination and startup */
2113	if (sk->sk_type == SOCK_SEQPACKET) {	2113	if (sk->sk_type == SOCK_SEQPACKET) {
2114	if (sk->sk_state == TCP_CLOSE)	2114	if (sk->sk_state == TCP_CLOSE)
2115	mask \|= POLLHUP;	2115	mask \|= POLLHUP;
2116	/* connection hasn't started yet? */	2116	/* connection hasn't started yet? */
2117	if (sk->sk_state == TCP_SYN_SENT)	2117	if (sk->sk_state == TCP_SYN_SENT)
2118	return mask;	2118	return mask;
2119	}	2119	}
2120		2120
2121	/* No write status requested, avoid expensive OUT tests. */	2121	/* No write status requested, avoid expensive OUT tests. */
2122	if (wait && !(wait->key & (POLLWRBAND \| POLLWRNORM \| POLLOUT)))	2122	if (wait && !(wait->key & (POLLWRBAND \| POLLWRNORM \| POLLOUT)))
2123	return mask;	2123	return mask;
2124		2124
2125	writable = unix_writable(sk);	2125	writable = unix_writable(sk);
2126	other = unix_peer_get(sk);	2126	other = unix_peer_get(sk);
2127	if (other) {	2127	if (other) {
2128	if (unix_peer(other) != sk) {	2128	if (unix_peer(other) != sk) {
2129	sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);	2129	sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2130	if (unix_recvq_full(other))	2130	if (unix_recvq_full(other))
2131	writable = 0;	2131	writable = 0;
2132	}	2132	}
2133	sock_put(other);	2133	sock_put(other);
2134	}	2134	}
2135		2135
2136	if (writable)	2136	if (writable)
2137	mask \|= POLLOUT \| POLLWRNORM \| POLLWRBAND;	2137	mask \|= POLLOUT \| POLLWRNORM \| POLLWRBAND;
2138	else	2138	else
2139	set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);	2139	set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2140		2140
2141	return mask;	2141	return mask;
2142	}	2142	}
2143		2143
2144	#ifdef CONFIG_PROC_FS	2144	#ifdef CONFIG_PROC_FS
2145	static struct sock first_unix_socket(int i)	2145	static struct sock first_unix_socket(int i)
2146	{	2146	{
2147	for (i = 0; i <= UNIX_HASH_SIZE; (*i)++) {	2147	for (i = 0; i <= UNIX_HASH_SIZE; (*i)++) {
2148	if (!hlist_empty(&unix_socket_table[*i]))	2148	if (!hlist_empty(&unix_socket_table[*i]))
2149	return __sk_head(&unix_socket_table[*i]);	2149	return __sk_head(&unix_socket_table[*i]);
2150	}	2150	}
2151	return NULL;	2151	return NULL;
2152	}	2152	}
2153		2153
2154	static struct sock next_unix_socket(int i, struct sock *s)	2154	static struct sock next_unix_socket(int i, struct sock *s)
2155	{	2155	{
2156	struct sock *next = sk_next(s);	2156	struct sock *next = sk_next(s);
2157	/* More in this chain? */	2157	/* More in this chain? */
2158	if (next)	2158	if (next)
2159	return next;	2159	return next;
2160	/* Look for next non-empty chain. */	2160	/* Look for next non-empty chain. */
2161	for ((i)++; i <= UNIX_HASH_SIZE; (*i)++) {	2161	for ((i)++; i <= UNIX_HASH_SIZE; (*i)++) {
2162	if (!hlist_empty(&unix_socket_table[*i]))	2162	if (!hlist_empty(&unix_socket_table[*i]))
2163	return __sk_head(&unix_socket_table[*i]);	2163	return __sk_head(&unix_socket_table[*i]);
2164	}	2164	}
2165	return NULL;	2165	return NULL;
2166	}	2166	}
2167		2167
2168	struct unix_iter_state {	2168	struct unix_iter_state {
2169	struct seq_net_private p;	2169	struct seq_net_private p;
2170	int i;	2170	int i;
2171	};	2171	};
2172		2172
2173	static struct sock unix_seq_idx(struct seq_file seq, loff_t pos)	2173	static struct sock unix_seq_idx(struct seq_file seq, loff_t pos)
2174	{	2174	{
2175	struct unix_iter_state *iter = seq->private;	2175	struct unix_iter_state *iter = seq->private;
2176	loff_t off = 0;	2176	loff_t off = 0;
2177	struct sock *s;	2177	struct sock *s;
2178		2178
2179	for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {	2179	for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2180	if (sock_net(s) != seq_file_net(seq))	2180	if (sock_net(s) != seq_file_net(seq))
2181	continue;	2181	continue;
2182	if (off == pos)	2182	if (off == pos)
2183	return s;	2183	return s;
2184	++off;	2184	++off;
2185	}	2185	}
2186	return NULL;	2186	return NULL;
2187	}	2187	}
2188		2188
2189	static void unix_seq_start(struct seq_file seq, loff_t *pos)	2189	static void unix_seq_start(struct seq_file seq, loff_t *pos)
2190	__acquires(unix_table_lock)	2190	__acquires(unix_table_lock)
2191	{	2191	{
2192	spin_lock(&unix_table_lock);	2192	spin_lock(&unix_table_lock);
2193	return pos ? unix_seq_idx(seq, pos - 1) : SEQ_START_TOKEN;	2193	return pos ? unix_seq_idx(seq, pos - 1) : SEQ_START_TOKEN;
2194	}	2194	}
2195		2195
2196	static void unix_seq_next(struct seq_file seq, void v, loff_t pos)	2196	static void unix_seq_next(struct seq_file seq, void v, loff_t pos)
2197	{	2197	{
2198	struct unix_iter_state *iter = seq->private;	2198	struct unix_iter_state *iter = seq->private;
2199	struct sock *sk = v;	2199	struct sock *sk = v;
2200	++*pos;	2200	++*pos;
2201		2201
2202	if (v == SEQ_START_TOKEN)	2202	if (v == SEQ_START_TOKEN)
2203	sk = first_unix_socket(&iter->i);	2203	sk = first_unix_socket(&iter->i);
2204	else	2204	else
2205	sk = next_unix_socket(&iter->i, sk);	2205	sk = next_unix_socket(&iter->i, sk);
2206	while (sk && (sock_net(sk) != seq_file_net(seq)))	2206	while (sk && (sock_net(sk) != seq_file_net(seq)))
2207	sk = next_unix_socket(&iter->i, sk);	2207	sk = next_unix_socket(&iter->i, sk);
2208	return sk;	2208	return sk;
2209	}	2209	}
2210		2210
2211	static void unix_seq_stop(struct seq_file seq, void v)	2211	static void unix_seq_stop(struct seq_file seq, void v)
2212	__releases(unix_table_lock)	2212	__releases(unix_table_lock)
2213	{	2213	{
2214	spin_unlock(&unix_table_lock);	2214	spin_unlock(&unix_table_lock);
2215	}	2215	}
2216		2216
2217	static int unix_seq_show(struct seq_file seq, void v)	2217	static int unix_seq_show(struct seq_file seq, void v)
2218	{	2218	{
2219		2219
2220	if (v == SEQ_START_TOKEN)	2220	if (v == SEQ_START_TOKEN)
2221	seq_puts(seq, "Num RefCount Protocol Flags Type St "	2221	seq_puts(seq, "Num RefCount Protocol Flags Type St "
2222	"Inode Path\n");	2222	"Inode Path\n");
2223	else {	2223	else {
2224	struct sock *s = v;	2224	struct sock *s = v;
2225	struct unix_sock *u = unix_sk(s);	2225	struct unix_sock *u = unix_sk(s);
2226	unix_state_lock(s);	2226	unix_state_lock(s);
2227		2227
2228	seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",	2228	seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
2229	s,	2229	s,
2230	atomic_read(&s->sk_refcnt),	2230	atomic_read(&s->sk_refcnt),
2231	0,	2231	0,
2232	s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,	2232	s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2233	s->sk_type,	2233	s->sk_type,
2234	s->sk_socket ?	2234	s->sk_socket ?
2235	(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :	2235	(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2236	(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),	2236	(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2237	sock_i_ino(s));	2237	sock_i_ino(s));
2238		2238
2239	if (u->addr) {	2239	if (u->addr) {
2240	int i, len;	2240	int i, len;
2241	seq_putc(seq, ' ');	2241	seq_putc(seq, ' ');
2242		2242
2243	i = 0;	2243	i = 0;
2244	len = u->addr->len - sizeof(short);	2244	len = u->addr->len - sizeof(short);
2245	if (!UNIX_ABSTRACT(s))	2245	if (!UNIX_ABSTRACT(s))
2246	len--;	2246	len--;
2247	else {	2247	else {
2248	seq_putc(seq, '@');	2248	seq_putc(seq, '@');
2249	i++;	2249	i++;
2250	}	2250	}
2251	for ( ; i < len; i++)	2251	for ( ; i < len; i++)
2252	seq_putc(seq, u->addr->name->sun_path[i]);	2252	seq_putc(seq, u->addr->name->sun_path[i]);
2253	}	2253	}
2254	unix_state_unlock(s);	2254	unix_state_unlock(s);
2255	seq_putc(seq, '\n');	2255	seq_putc(seq, '\n');
2256	}	2256	}
2257		2257
2258	return 0;	2258	return 0;
2259	}	2259	}
2260		2260
2261	static const struct seq_operations unix_seq_ops = {	2261	static const struct seq_operations unix_seq_ops = {
2262	.start = unix_seq_start,	2262	.start = unix_seq_start,
2263	.next = unix_seq_next,	2263	.next = unix_seq_next,
2264	.stop = unix_seq_stop,	2264	.stop = unix_seq_stop,
2265	.show = unix_seq_show,	2265	.show = unix_seq_show,
2266	};	2266	};
2267		2267
2268	static int unix_seq_open(struct inode inode, struct file file)	2268	static int unix_seq_open(struct inode inode, struct file file)
2269	{	2269	{
2270	return seq_open_net(inode, file, &unix_seq_ops,	2270	return seq_open_net(inode, file, &unix_seq_ops,
2271	sizeof(struct unix_iter_state));	2271	sizeof(struct unix_iter_state));
2272	}	2272	}
2273		2273
2274	static const struct file_operations unix_seq_fops = {	2274	static const struct file_operations unix_seq_fops = {
2275	.owner = THIS_MODULE,	2275	.owner = THIS_MODULE,
2276	.open = unix_seq_open,	2276	.open = unix_seq_open,
2277	.read = seq_read,	2277	.read = seq_read,
2278	.llseek = seq_lseek,	2278	.llseek = seq_lseek,
2279	.release = seq_release_net,	2279	.release = seq_release_net,
2280	};	2280	};
2281		2281
2282	#endif	2282	#endif
2283		2283
2284	static const struct net_proto_family unix_family_ops = {	2284	static const struct net_proto_family unix_family_ops = {
2285	.family = PF_UNIX,	2285	.family = PF_UNIX,
2286	.create = unix_create,	2286	.create = unix_create,
2287	.owner = THIS_MODULE,	2287	.owner = THIS_MODULE,
2288	};	2288	};
2289		2289
2290		2290
2291	static int __net_init unix_net_init(struct net *net)	2291	static int __net_init unix_net_init(struct net *net)
2292	{	2292	{
2293	int error = -ENOMEM;	2293	int error = -ENOMEM;
2294		2294
2295	net->unx.sysctl_max_dgram_qlen = 10;	2295	net->unx.sysctl_max_dgram_qlen = 10;
2296	if (unix_sysctl_register(net))	2296	if (unix_sysctl_register(net))
2297	goto out;	2297	goto out;
2298		2298
2299	#ifdef CONFIG_PROC_FS	2299	#ifdef CONFIG_PROC_FS
2300	if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {	2300	if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2301	unix_sysctl_unregister(net);	2301	unix_sysctl_unregister(net);
2302	goto out;	2302	goto out;
2303	}	2303	}
2304	#endif	2304	#endif
2305	error = 0;	2305	error = 0;
2306	out:	2306	out:
2307	return error;	2307	return error;
2308	}	2308	}
2309		2309
2310	static void __net_exit unix_net_exit(struct net *net)	2310	static void __net_exit unix_net_exit(struct net *net)
2311	{	2311	{
2312	unix_sysctl_unregister(net);	2312	unix_sysctl_unregister(net);
2313	proc_net_remove(net, "unix");	2313	proc_net_remove(net, "unix");
2314	}	2314	}
2315		2315
2316	static struct pernet_operations unix_net_ops = {	2316	static struct pernet_operations unix_net_ops = {
2317	.init = unix_net_init,	2317	.init = unix_net_init,
2318	.exit = unix_net_exit,	2318	.exit = unix_net_exit,
2319	};	2319	};
2320		2320
2321	static int __init af_unix_init(void)	2321	static int __init af_unix_init(void)
2322	{	2322	{
2323	int rc = -1;	2323	int rc = -1;
2324	struct sk_buff *dummy_skb;	2324	struct sk_buff *dummy_skb;
2325		2325
2326	BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));	2326	BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2327		2327
2328	rc = proto_register(&unix_proto, 1);	2328	rc = proto_register(&unix_proto, 1);
2329	if (rc != 0) {	2329	if (rc != 0) {
2330	printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",	2330	printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2331	__func__);	2331	__func__);
2332	goto out;	2332	goto out;
2333	}	2333	}
2334		2334
2335	sock_register(&unix_family_ops);	2335	sock_register(&unix_family_ops);
2336	register_pernet_subsys(&unix_net_ops);	2336	register_pernet_subsys(&unix_net_ops);
2337	out:	2337	out:
2338	return rc;	2338	return rc;
2339	}	2339	}
2340		2340
2341	static void __exit af_unix_exit(void)	2341	static void __exit af_unix_exit(void)
2342	{	2342	{
2343	sock_unregister(PF_UNIX);	2343	sock_unregister(PF_UNIX);
2344	proto_unregister(&unix_proto);	2344	proto_unregister(&unix_proto);
2345	unregister_pernet_subsys(&unix_net_ops);	2345	unregister_pernet_subsys(&unix_net_ops);
2346	}	2346	}
2347		2347
2348	/* Earlier than device_initcall() so that other drivers invoking	2348	/* Earlier than device_initcall() so that other drivers invoking
2349	request_module() don't end up in a loop when modprobe tries	2349	request_module() don't end up in a loop when modprobe tries
2350	to use a UNIX socket. But later than subsys_initcall() because	2350	to use a UNIX socket. But later than subsys_initcall() because
2351	we depend on stuff initialised there */	2351	we depend on stuff initialised there */
2352	fs_initcall(af_unix_init);	2352	fs_initcall(af_unix_init);
2353	module_exit(af_unix_exit);	2353	module_exit(af_unix_exit);
2354		2354
2355	MODULE_LICENSE("GPL");	2355	MODULE_LICENSE("GPL");
2356	MODULE_ALIAS_NETPROTO(PF_UNIX);	2356	MODULE_ALIAS_NETPROTO(PF_UNIX);
2357		2357

security/capability.c

Diff comments View file @ 3610cda

security/security.c

Diff comments View file @ 3610cda

 /*
  * Security plug functions
  *
  * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
  * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
  * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation; either version 2 of the License, or
  *	(at your option) any later version.
  */
 #include <linux/capability.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/security.h>
 #include <linux/ima.h>
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
 	CONFIG_DEFAULT_SECURITY;
 /* things that live in capability.c */
 extern void __init security_fixup_ops(struct security_operations *ops);
 static struct security_operations *security_ops;
 static struct security_operations default_security_ops = {
 	.name	= "default",
 };
 static inline int __init verify(struct security_operations *ops)
 {
 	/* verify the security_operations structure exists */
 	if (!ops)
 		return -EINVAL;
 	security_fixup_ops(ops);
 	return 0;
 }
 static void __init do_security_initcalls(void)
 {
 	initcall_t *call;
 	call = __security_initcall_start;
 	while (call < __security_initcall_end) {
 		(*call) ();
 		call++;
 	}
 }
 /**
  * security_init - initializes the security framework
  *
  * This should be called early in the kernel initialization sequence.
  */
 int __init security_init(void)
 {
 	printk(KERN_INFO "Security Framework initialized\n");
 	security_fixup_ops(&default_security_ops);
 	security_ops = &default_security_ops;
 	do_security_initcalls();
 	return 0;
 }
 void reset_security_ops(void)
 {
 	security_ops = &default_security_ops;
 }
 /* Save user chosen LSM */
 static int __init choose_lsm(char *str)
 {
 	strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
 	return 1;
 }
 __setup("security=", choose_lsm);
 /**
  * security_module_enable - Load given security module on boot ?
  * @ops: a pointer to the struct security_operations that is to be checked.
  *
  * Each LSM must pass this method before registering its own operations
  * to avoid security registration races. This method may also be used
  * to check if your LSM is currently loaded during kernel initialization.
  *
  * Return true if:
  *	-The passed LSM is the one chosen by user at boot time,
  *	-or the passed LSM is configured as the default and the user did not
  *	 choose an alternate LSM at boot time.
  * Otherwise, return false.
  */
 int __init security_module_enable(struct security_operations *ops)
 {
 	return !strcmp(ops->name, chosen_lsm);
 }
 /**
  * register_security - registers a security framework with the kernel
  * @ops: a pointer to the struct security_options that is to be registered
  *
  * This function allows a security module to register itself with the
  * kernel security subsystem.  Some rudimentary checking is done on the @ops
  * value passed to this function. You'll need to check first if your LSM
  * is allowed to register its @ops by calling security_module_enable(@ops).
  *
  * If there is already a security module registered with the kernel,
  * an error will be returned.  Otherwise %0 is returned on success.
  */
 int __init register_security(struct security_operations *ops)
 {
 	if (verify(ops)) {
 		printk(KERN_DEBUG "%s could not verify "
 		       "security_operations structure.\n", __func__);
 		return -EINVAL;
 	}
 	if (security_ops != &default_security_ops)
 		return -EAGAIN;
 	security_ops = ops;
 	return 0;
 }
 /* Security operations */
 int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
 {
 	return security_ops->ptrace_access_check(child, mode);
 }
 int security_ptrace_traceme(struct task_struct *parent)
 {
 	return security_ops->ptrace_traceme(parent);
 }
 int security_capget(struct task_struct *target,
 		     kernel_cap_t *effective,
 		     kernel_cap_t *inheritable,
 		     kernel_cap_t *permitted)
 {
 	return security_ops->capget(target, effective, inheritable, permitted);
 }
 int security_capset(struct cred *new, const struct cred *old,
 		    const kernel_cap_t *effective,
 		    const kernel_cap_t *inheritable,
 		    const kernel_cap_t *permitted)
 {
 	return security_ops->capset(new, old,
 				    effective, inheritable, permitted);
 }
 int security_capable(int cap)
 {
 	return security_ops->capable(current, current_cred(), cap,
 				     SECURITY_CAP_AUDIT);
 }
 int security_real_capable(struct task_struct *tsk, int cap)
 {
 	const struct cred *cred;
 	int ret;
 	cred = get_task_cred(tsk);
 	ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
 	put_cred(cred);
 	return ret;
 }
 int security_real_capable_noaudit(struct task_struct *tsk, int cap)
 {
 	const struct cred *cred;
 	int ret;
 	cred = get_task_cred(tsk);
 	ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
 	put_cred(cred);
 	return ret;
 }
 int security_sysctl(struct ctl_table *table, int op)
 {
 	return security_ops->sysctl(table, op);
 }
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
 {
 	return security_ops->quotactl(cmds, type, id, sb);
 }
 int security_quota_on(struct dentry *dentry)
 {
 	return security_ops->quota_on(dentry);
 }
 int security_syslog(int type)
 {
 	return security_ops->syslog(type);
 }
 int security_settime(struct timespec *ts, struct timezone *tz)
 {
 	return security_ops->settime(ts, tz);
 }
 int security_vm_enough_memory(long pages)
 {
 	WARN_ON(current->mm == NULL);
 	return security_ops->vm_enough_memory(current->mm, pages);
 }
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
 {
 	WARN_ON(mm == NULL);
 	return security_ops->vm_enough_memory(mm, pages);
 }
 int security_vm_enough_memory_kern(long pages)
 {
 	/* If current->mm is a kernel thread then we will pass NULL,
 	   for this specific case that is fine */
 	return security_ops->vm_enough_memory(current->mm, pages);
 }
 int security_bprm_set_creds(struct linux_binprm *bprm)
 {
 	return security_ops->bprm_set_creds(bprm);
 }
 int security_bprm_check(struct linux_binprm *bprm)
 {
 	int ret;
 	ret = security_ops->bprm_check_security(bprm);
 	if (ret)
 		return ret;
 	return ima_bprm_check(bprm);
 }
 void security_bprm_committing_creds(struct linux_binprm *bprm)
 {
 	security_ops->bprm_committing_creds(bprm);
 }
 void security_bprm_committed_creds(struct linux_binprm *bprm)
 {
 	security_ops->bprm_committed_creds(bprm);
 }
 int security_bprm_secureexec(struct linux_binprm *bprm)
 {
 	return security_ops->bprm_secureexec(bprm);
 }
 int security_sb_alloc(struct super_block *sb)
 {
 	return security_ops->sb_alloc_security(sb);
 }
 void security_sb_free(struct super_block *sb)
 {
 	security_ops->sb_free_security(sb);
 }
 int security_sb_copy_data(char *orig, char *copy)
 {
 	return security_ops->sb_copy_data(orig, copy);
 }
 EXPORT_SYMBOL(security_sb_copy_data);
 int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
 {
 	return security_ops->sb_kern_mount(sb, flags, data);
 }
 int security_sb_show_options(struct seq_file *m, struct super_block *sb)
 {
 	return security_ops->sb_show_options(m, sb);
 }
 int security_sb_statfs(struct dentry *dentry)
 {
 	return security_ops->sb_statfs(dentry);
 }
 int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data)
 {
 	return security_ops->sb_mount(dev_name, path, type, flags, data);
 }
 int security_sb_umount(struct vfsmount *mnt, int flags)
 {
 	return security_ops->sb_umount(mnt, flags);
 }
 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
 	return security_ops->sb_pivotroot(old_path, new_path);
 }
 int security_sb_set_mnt_opts(struct super_block *sb,
 				struct security_mnt_opts *opts)
 {
 	return security_ops->sb_set_mnt_opts(sb, opts);
 }
 EXPORT_SYMBOL(security_sb_set_mnt_opts);
 void security_sb_clone_mnt_opts(const struct super_block *oldsb,
 				struct super_block *newsb)
 {
 	security_ops->sb_clone_mnt_opts(oldsb, newsb);
 }
 EXPORT_SYMBOL(security_sb_clone_mnt_opts);
 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
 {
 	return security_ops->sb_parse_opts_str(options, opts);
 }
 EXPORT_SYMBOL(security_sb_parse_opts_str);
 int security_inode_alloc(struct inode *inode)
 {
 	inode->i_security = NULL;
 	return security_ops->inode_alloc_security(inode);
 }
 void security_inode_free(struct inode *inode)
 {
 	ima_inode_free(inode);
 	security_ops->inode_free_security(inode);
 }
 int security_inode_init_security(struct inode *inode, struct inode *dir,
 				  char **name, void **value, size_t *len)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return -EOPNOTSUPP;
 	return security_ops->inode_init_security(inode, dir, name, value, len);
 }
 EXPORT_SYMBOL(security_inode_init_security);
 #ifdef CONFIG_SECURITY_PATH
 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
 			unsigned int dev)
 {
 	if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
 		return 0;
 	return security_ops->path_mknod(dir, dentry, mode, dev);
 }
 EXPORT_SYMBOL(security_path_mknod);
 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
 {
 	if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
 		return 0;
 	return security_ops->path_mkdir(dir, dentry, mode);
 }
 int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
 		return 0;
 	return security_ops->path_rmdir(dir, dentry);
 }
 int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
 		return 0;
 	return security_ops->path_unlink(dir, dentry);
 }
 int security_path_symlink(struct path *dir, struct dentry *dentry,
 			  const char *old_name)
 {
 	if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
 		return 0;
 	return security_ops->path_symlink(dir, dentry, old_name);
 }
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
 		       struct dentry *new_dentry)
 {
 	if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
 		return 0;
 	return security_ops->path_link(old_dentry, new_dir, new_dentry);
 }
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
 			 struct path *new_dir, struct dentry *new_dentry)
 {
 	if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
 		     (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
 		return 0;
 	return security_ops->path_rename(old_dir, old_dentry, new_dir,
 					 new_dentry);
 }
 int security_path_truncate(struct path *path)
 {
 	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
 		return 0;
 	return security_ops->path_truncate(path);
 }
 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
 			mode_t mode)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->path_chmod(dentry, mnt, mode);
 }
 int security_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
 	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
 		return 0;
 	return security_ops->path_chown(path, uid, gid);
 }
 int security_path_chroot(struct path *path)
 {
 	return security_ops->path_chroot(path);
 }
 #endif
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
 {
 	if (unlikely(IS_PRIVATE(dir)))
 		return 0;
 	return security_ops->inode_create(dir, dentry, mode);
 }
 EXPORT_SYMBOL_GPL(security_inode_create);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
 			 struct dentry *new_dentry)
 {
 	if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
 		return 0;
 	return security_ops->inode_link(old_dentry, dir, new_dentry);
 }
 int security_inode_unlink(struct inode *dir, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_unlink(dir, dentry);
 }
 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
 			    const char *old_name)
 {
 	if (unlikely(IS_PRIVATE(dir)))
 		return 0;
 	return security_ops->inode_symlink(dir, dentry, old_name);
 }
 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 {
 	if (unlikely(IS_PRIVATE(dir)))
 		return 0;
 	return security_ops->inode_mkdir(dir, dentry, mode);
 }
 EXPORT_SYMBOL_GPL(security_inode_mkdir);
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_rmdir(dir, dentry);
 }
 int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 {
 	if (unlikely(IS_PRIVATE(dir)))
 		return 0;
 	return security_ops->inode_mknod(dir, dentry, mode, dev);
 }
 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
 			   struct inode *new_dir, struct dentry *new_dentry)
 {
         if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
             (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
 		return 0;
 	return security_ops->inode_rename(old_dir, old_dentry,
 					   new_dir, new_dentry);
 }
 int security_inode_readlink(struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_readlink(dentry);
 }
 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_follow_link(dentry, nd);
 }
 int security_inode_permission(struct inode *inode, int mask)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
 	return security_ops->inode_permission(inode, mask);
 }
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_setattr(dentry, attr);
 }
 EXPORT_SYMBOL_GPL(security_inode_setattr);
 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_getattr(mnt, dentry);
 }
 int security_inode_setxattr(struct dentry *dentry, const char *name,
 			    const void *value, size_t size, int flags)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_setxattr(dentry, name, value, size, flags);
 }
 void security_inode_post_setxattr(struct dentry *dentry, const char *name,
 				  const void *value, size_t size, int flags)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return;
 	security_ops->inode_post_setxattr(dentry, name, value, size, flags);
 }
 int security_inode_getxattr(struct dentry *dentry, const char *name)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_getxattr(dentry, name);
 }
 int security_inode_listxattr(struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_listxattr(dentry);
 }
 int security_inode_removexattr(struct dentry *dentry, const char *name)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
 	return security_ops->inode_removexattr(dentry, name);
 }
 int security_inode_need_killpriv(struct dentry *dentry)
 {
 	return security_ops->inode_need_killpriv(dentry);
 }
 int security_inode_killpriv(struct dentry *dentry)
 {
 	return security_ops->inode_killpriv(dentry);
 }
 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return -EOPNOTSUPP;
 	return security_ops->inode_getsecurity(inode, name, buffer, alloc);
 }
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return -EOPNOTSUPP;
 	return security_ops->inode_setsecurity(inode, name, value, size, flags);
 }
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
 	return security_ops->inode_listsecurity(inode, buffer, buffer_size);
 }
 void security_inode_getsecid(const struct inode *inode, u32 *secid)
 {
 	security_ops->inode_getsecid(inode, secid);
 }
 int security_file_permission(struct file *file, int mask)
 {
 	int ret;
 	ret = security_ops->file_permission(file, mask);
 	if (ret)
 		return ret;
 	return fsnotify_perm(file, mask);
 }
 int security_file_alloc(struct file *file)
 {
 	return security_ops->file_alloc_security(file);
 }
 void security_file_free(struct file *file)
 {
 	security_ops->file_free_security(file);
 }
 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	return security_ops->file_ioctl(file, cmd, arg);
 }
 int security_file_mmap(struct file *file, unsigned long reqprot,
 			unsigned long prot, unsigned long flags,
 			unsigned long addr, unsigned long addr_only)
 {
 	int ret;
 	ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
 	if (ret)
 		return ret;
 	return ima_file_mmap(file, prot);
 }
 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
 			    unsigned long prot)
 {
 	return security_ops->file_mprotect(vma, reqprot, prot);
 }
 int security_file_lock(struct file *file, unsigned int cmd)
 {
 	return security_ops->file_lock(file, cmd);
 }
 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	return security_ops->file_fcntl(file, cmd, arg);
 }
 int security_file_set_fowner(struct file *file)
 {
 	return security_ops->file_set_fowner(file);
 }
 int security_file_send_sigiotask(struct task_struct *tsk,
 				  struct fown_struct *fown, int sig)
 {
 	return security_ops->file_send_sigiotask(tsk, fown, sig);
 }
 int security_file_receive(struct file *file)
 {
 	return security_ops->file_receive(file);
 }
 int security_dentry_open(struct file *file, const struct cred *cred)
 {
 	int ret;
 	ret = security_ops->dentry_open(file, cred);
 	if (ret)
 		return ret;
 	return fsnotify_perm(file, MAY_OPEN);
 }
 int security_task_create(unsigned long clone_flags)
 {
 	return security_ops->task_create(clone_flags);
 }
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
 	return security_ops->cred_alloc_blank(cred, gfp);
 }
 void security_cred_free(struct cred *cred)
 {
 	security_ops->cred_free(cred);
 }
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
 {
 	return security_ops->cred_prepare(new, old, gfp);
 }
 void security_transfer_creds(struct cred *new, const struct cred *old)
 {
 	security_ops->cred_transfer(new, old);
 }
 int security_kernel_act_as(struct cred *new, u32 secid)
 {
 	return security_ops->kernel_act_as(new, secid);
 }
 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
 {
 	return security_ops->kernel_create_files_as(new, inode);
 }
 int security_kernel_module_request(char *kmod_name)
 {
 	return security_ops->kernel_module_request(kmod_name);
 }
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
 			     int flags)
 {
 	return security_ops->task_fix_setuid(new, old, flags);
 }
 int security_task_setpgid(struct task_struct *p, pid_t pgid)
 {
 	return security_ops->task_setpgid(p, pgid);
 }
 int security_task_getpgid(struct task_struct *p)
 {
 	return security_ops->task_getpgid(p);
 }
 int security_task_getsid(struct task_struct *p)
 {
 	return security_ops->task_getsid(p);
 }
 void security_task_getsecid(struct task_struct *p, u32 *secid)
 {
 	security_ops->task_getsecid(p, secid);
 }
 EXPORT_SYMBOL(security_task_getsecid);
 int security_task_setnice(struct task_struct *p, int nice)
 {
 	return security_ops->task_setnice(p, nice);
 }
 int security_task_setioprio(struct task_struct *p, int ioprio)
 {
 	return security_ops->task_setioprio(p, ioprio);
 }
 int security_task_getioprio(struct task_struct *p)
 {
 	return security_ops->task_getioprio(p);
 }
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
 		struct rlimit *new_rlim)
 {
 	return security_ops->task_setrlimit(p, resource, new_rlim);
 }
 int security_task_setscheduler(struct task_struct *p)
 {
 	return security_ops->task_setscheduler(p);
 }
 int security_task_getscheduler(struct task_struct *p)
 {
 	return security_ops->task_getscheduler(p);
 }
 int security_task_movememory(struct task_struct *p)
 {
 	return security_ops->task_movememory(p);
 }
 int security_task_kill(struct task_struct *p, struct siginfo *info,
 			int sig, u32 secid)
 {
 	return security_ops->task_kill(p, info, sig, secid);
 }
 int security_task_wait(struct task_struct *p)
 {
 	return security_ops->task_wait(p);
 }
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			 unsigned long arg4, unsigned long arg5)
 {
 	return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
 }
 void security_task_to_inode(struct task_struct *p, struct inode *inode)
 {
 	security_ops->task_to_inode(p, inode);
 }
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 {
 	return security_ops->ipc_permission(ipcp, flag);
 }
 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
 {
 	security_ops->ipc_getsecid(ipcp, secid);
 }
 int security_msg_msg_alloc(struct msg_msg *msg)
 {
 	return security_ops->msg_msg_alloc_security(msg);
 }
 void security_msg_msg_free(struct msg_msg *msg)
 {
 	security_ops->msg_msg_free_security(msg);
 }
 int security_msg_queue_alloc(struct msg_queue *msq)
 {
 	return security_ops->msg_queue_alloc_security(msq);
 }
 void security_msg_queue_free(struct msg_queue *msq)
 {
 	security_ops->msg_queue_free_security(msq);
 }
 int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
 {
 	return security_ops->msg_queue_associate(msq, msqflg);
 }
 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 {
 	return security_ops->msg_queue_msgctl(msq, cmd);
 }
 int security_msg_queue_msgsnd(struct msg_queue *msq,
 			       struct msg_msg *msg, int msqflg)
 {
 	return security_ops->msg_queue_msgsnd(msq, msg, msqflg);
 }
 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 			       struct task_struct *target, long type, int mode)
 {
 	return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode);
 }
 int security_shm_alloc(struct shmid_kernel *shp)
 {
 	return security_ops->shm_alloc_security(shp);
 }
 void security_shm_free(struct shmid_kernel *shp)
 {
 	security_ops->shm_free_security(shp);
 }
 int security_shm_associate(struct shmid_kernel *shp, int shmflg)
 {
 	return security_ops->shm_associate(shp, shmflg);
 }
 int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
 {
 	return security_ops->shm_shmctl(shp, cmd);
 }
 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
 {
 	return security_ops->shm_shmat(shp, shmaddr, shmflg);
 }
 int security_sem_alloc(struct sem_array *sma)
 {
 	return security_ops->sem_alloc_security(sma);
 }
 void security_sem_free(struct sem_array *sma)
 {
 	security_ops->sem_free_security(sma);
 }
 int security_sem_associate(struct sem_array *sma, int semflg)
 {
 	return security_ops->sem_associate(sma, semflg);
 }
 int security_sem_semctl(struct sem_array *sma, int cmd)
 {
 	return security_ops->sem_semctl(sma, cmd);
 }
 int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
 			unsigned nsops, int alter)
 {
 	return security_ops->sem_semop(sma, sops, nsops, alter);
 }
 void security_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
 	if (unlikely(inode && IS_PRIVATE(inode)))
 		return;
 	security_ops->d_instantiate(dentry, inode);
 }
 EXPORT_SYMBOL(security_d_instantiate);
 int security_getprocattr(struct task_struct *p, char *name, char **value)
 {
 	return security_ops->getprocattr(p, name, value);
 }
 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
 {
 	return security_ops->setprocattr(p, name, value, size);
 }
 int security_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
 	return security_ops->netlink_send(sk, skb);
 }
 int security_netlink_recv(struct sk_buff *skb, int cap)
 {
 	return security_ops->netlink_recv(skb, cap);
 }
 EXPORT_SYMBOL(security_netlink_recv);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
 	return security_ops->secid_to_secctx(secid, secdata, seclen);
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
 {
 	return security_ops->secctx_to_secid(secdata, seclen, secid);
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 void security_release_secctx(char *secdata, u32 seclen)
 {
 	security_ops->release_secctx(secdata, seclen);
 }
 EXPORT_SYMBOL(security_release_secctx);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
 {
 	return security_ops->inode_notifysecctx(inode, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_notifysecctx);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
 {
 	return security_ops->inode_setsecctx(dentry, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_setsecctx);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 {
 	return security_ops->inode_getsecctx(inode, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_getsecctx);
 #ifdef CONFIG_SECURITY_NETWORK
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
-				 struct sock *newsk)
 {
 	return security_ops->unix_stream_connect(sock, other, newsk);
 }
 EXPORT_SYMBOL(security_unix_stream_connect);
 int security_unix_may_send(struct socket *sock,  struct socket *other)
 {
 	return security_ops->unix_may_send(sock, other);
 }
 EXPORT_SYMBOL(security_unix_may_send);
 int security_socket_create(int family, int type, int protocol, int kern)
 {
 	return security_ops->socket_create(family, type, protocol, kern);
 }
 int security_socket_post_create(struct socket *sock, int family,
 				int type, int protocol, int kern)
 {
 	return security_ops->socket_post_create(sock, family, type,
 						protocol, kern);
 }
 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
 {
 	return security_ops->socket_bind(sock, address, addrlen);
 }
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
 {
 	return security_ops->socket_connect(sock, address, addrlen);
 }
 int security_socket_listen(struct socket *sock, int backlog)
 {
 	return security_ops->socket_listen(sock, backlog);
 }
 int security_socket_accept(struct socket *sock, struct socket *newsock)
 {
 	return security_ops->socket_accept(sock, newsock);
 }
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
 {
 	return security_ops->socket_sendmsg(sock, msg, size);
 }
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
 			    int size, int flags)
 {
 	return security_ops->socket_recvmsg(sock, msg, size, flags);
 }
 int security_socket_getsockname(struct socket *sock)
 {
 	return security_ops->socket_getsockname(sock);
 }
 int security_socket_getpeername(struct socket *sock)
 {
 	return security_ops->socket_getpeername(sock);
 }
 int security_socket_getsockopt(struct socket *sock, int level, int optname)
 {
 	return security_ops->socket_getsockopt(sock, level, optname);
 }
 int security_socket_setsockopt(struct socket *sock, int level, int optname)
 {
 	return security_ops->socket_setsockopt(sock, level, optname);
 }
 int security_socket_shutdown(struct socket *sock, int how)
 {
 	return security_ops->socket_shutdown(sock, how);
 }
 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
 	return security_ops->socket_sock_rcv_skb(sk, skb);
 }
 EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len)
 {
 	return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
 }
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
 	return security_ops->socket_getpeersec_dgram(sock, skb, secid);
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
 {
 	return security_ops->sk_alloc_security(sk, family, priority);
 }
 void security_sk_free(struct sock *sk)
 {
 	security_ops->sk_free_security(sk);
 }
 void security_sk_clone(const struct sock *sk, struct sock *newsk)
 {
 	security_ops->sk_clone_security(sk, newsk);
 }
 void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 {
 	security_ops->sk_getsecid(sk, &fl->secid);
 }
 EXPORT_SYMBOL(security_sk_classify_flow);
 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
 {
 	security_ops->req_classify_flow(req, fl);
 }
 EXPORT_SYMBOL(security_req_classify_flow);
 void security_sock_graft(struct sock *sk, struct socket *parent)
 {
 	security_ops->sock_graft(sk, parent);
 }
 EXPORT_SYMBOL(security_sock_graft);
 int security_inet_conn_request(struct sock *sk,
 			struct sk_buff *skb, struct request_sock *req)
 {
 	return security_ops->inet_conn_request(sk, skb, req);
 }
 EXPORT_SYMBOL(security_inet_conn_request);
 void security_inet_csk_clone(struct sock *newsk,
 			const struct request_sock *req)
 {
 	security_ops->inet_csk_clone(newsk, req);
 }
 void security_inet_conn_established(struct sock *sk,
 			struct sk_buff *skb)
 {
 	security_ops->inet_conn_established(sk, skb);
 }
 int security_secmark_relabel_packet(u32 secid)
 {
 	return security_ops->secmark_relabel_packet(secid);
 }
 EXPORT_SYMBOL(security_secmark_relabel_packet);
 void security_secmark_refcount_inc(void)
 {
 	security_ops->secmark_refcount_inc();
 }
 EXPORT_SYMBOL(security_secmark_refcount_inc);
 void security_secmark_refcount_dec(void)
 {
 	security_ops->secmark_refcount_dec();
 }
 EXPORT_SYMBOL(security_secmark_refcount_dec);
 int security_tun_dev_create(void)
 {
 	return security_ops->tun_dev_create();
 }
 EXPORT_SYMBOL(security_tun_dev_create);
 void security_tun_dev_post_create(struct sock *sk)
 {
 	return security_ops->tun_dev_post_create(sk);
 }
 EXPORT_SYMBOL(security_tun_dev_post_create);
 int security_tun_dev_attach(struct sock *sk)
 {
 	return security_ops->tun_dev_attach(sk);
 }
 EXPORT_SYMBOL(security_tun_dev_attach);
 #endif	/* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
 {
 	return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx);
 }
 EXPORT_SYMBOL(security_xfrm_policy_alloc);
 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
 			      struct xfrm_sec_ctx **new_ctxp)
 {
 	return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
 }
 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
 	security_ops->xfrm_policy_free_security(ctx);
 }
 EXPORT_SYMBOL(security_xfrm_policy_free);
 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
 {
 	return security_ops->xfrm_policy_delete_security(ctx);
 }
 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
 {
 	return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0);
 }
 EXPORT_SYMBOL(security_xfrm_state_alloc);
 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
 				      struct xfrm_sec_ctx *polsec, u32 secid)
 {
 	if (!polsec)
 		return 0;
 	/*
 	 * We want the context to be taken from secid which is usually
 	 * from the sock.
 	 */
 	return security_ops->xfrm_state_alloc_security(x, NULL, secid);
 }
 int security_xfrm_state_delete(struct xfrm_state *x)
 {
 	return security_ops->xfrm_state_delete_security(x);
 }
 EXPORT_SYMBOL(security_xfrm_state_delete);
 void security_xfrm_state_free(struct xfrm_state *x)
 {
 	security_ops->xfrm_state_free_security(x);
 }
 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
 {
 	return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
 }
 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
 				       struct xfrm_policy *xp, struct flowi *fl)
 {
 	return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
 }
 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
 {
 	return security_ops->xfrm_decode_session(skb, secid, 1);
 }
 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
 {
 	int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
 	BUG_ON(rc);
 }
 EXPORT_SYMBOL(security_skb_classify_flow);
 #endif	/* CONFIG_SECURITY_NETWORK_XFRM */
 #ifdef CONFIG_KEYS
 int security_key_alloc(struct key *key, const struct cred *cred,
 		       unsigned long flags)
 {
 	return security_ops->key_alloc(key, cred, flags);
 }
 void security_key_free(struct key *key)
 {
 	security_ops->key_free(key);
 }
 int security_key_permission(key_ref_t key_ref,
 			    const struct cred *cred, key_perm_t perm)
 {
 	return security_ops->key_permission(key_ref, cred, perm);
 }
 int security_key_getsecurity(struct key *key, char **_buffer)
 {
 	return security_ops->key_getsecurity(key, _buffer);
 }
 #endif	/* CONFIG_KEYS */
 #ifdef CONFIG_AUDIT
 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
 {
 	return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
 }
 int security_audit_rule_known(struct audit_krule *krule)
 {
 	return security_ops->audit_rule_known(krule);
 }
 void security_audit_rule_free(void *lsmrule)
 {
 	security_ops->audit_rule_free(lsmrule);
 }
 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
 			      struct audit_context *actx)
 {
 	return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
 }
 #endif /* CONFIG_AUDIT */

security/selinux/hooks.c

Diff comments View file @ 3610cda

1	/*	1	/*
2	* NSA Security-Enhanced Linux (SELinux) security module	2	* NSA Security-Enhanced Linux (SELinux) security module
3	*	3	*
4	* This file contains the SELinux hook function implementations.	4	* This file contains the SELinux hook function implementations.
5	*	5	*
6	* Authors: Stephen Smalley, <sds@epoch.ncsc.mil>	6	* Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
7	* Chris Vance, <cvance@nai.com>	7	* Chris Vance, <cvance@nai.com>
8	* Wayne Salamon, <wsalamon@nai.com>	8	* Wayne Salamon, <wsalamon@nai.com>
9	* James Morris <jmorris@redhat.com>	9	* James Morris <jmorris@redhat.com>
10	*	10	*
11	* Copyright (C) 2001,2002 Networks Associates Technology, Inc.	11	* Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12	* Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>	12	* Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
13	* Eric Paris <eparis@redhat.com>	13	* Eric Paris <eparis@redhat.com>
14	* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.	14	* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
15	* <dgoeddel@trustedcs.com>	15	* <dgoeddel@trustedcs.com>
16	* Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.	16	* Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
17	* Paul Moore <paul.moore@hp.com>	17	* Paul Moore <paul.moore@hp.com>
18	* Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.	18	* Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
19	* Yuichi Nakamura <ynakam@hitachisoft.jp>	19	* Yuichi Nakamura <ynakam@hitachisoft.jp>
20	*	20	*
21	* This program is free software; you can redistribute it and/or modify	21	* This program is free software; you can redistribute it and/or modify
22	* it under the terms of the GNU General Public License version 2,	22	* it under the terms of the GNU General Public License version 2,
23	* as published by the Free Software Foundation.	23	* as published by the Free Software Foundation.
24	*/	24	*/
25		25
26	#include <linux/init.h>	26	#include <linux/init.h>
27	#include <linux/kernel.h>	27	#include <linux/kernel.h>
28	#include <linux/tracehook.h>	28	#include <linux/tracehook.h>
29	#include <linux/errno.h>	29	#include <linux/errno.h>
30	#include <linux/sched.h>	30	#include <linux/sched.h>
31	#include <linux/security.h>	31	#include <linux/security.h>
32	#include <linux/xattr.h>	32	#include <linux/xattr.h>
33	#include <linux/capability.h>	33	#include <linux/capability.h>
34	#include <linux/unistd.h>	34	#include <linux/unistd.h>
35	#include <linux/mm.h>	35	#include <linux/mm.h>
36	#include <linux/mman.h>	36	#include <linux/mman.h>
37	#include <linux/slab.h>	37	#include <linux/slab.h>
38	#include <linux/pagemap.h>	38	#include <linux/pagemap.h>
39	#include <linux/swap.h>	39	#include <linux/swap.h>
40	#include <linux/spinlock.h>	40	#include <linux/spinlock.h>
41	#include <linux/syscalls.h>	41	#include <linux/syscalls.h>
42	#include <linux/file.h>	42	#include <linux/file.h>
43	#include <linux/fdtable.h>	43	#include <linux/fdtable.h>
44	#include <linux/namei.h>	44	#include <linux/namei.h>
45	#include <linux/mount.h>	45	#include <linux/mount.h>
46	#include <linux/proc_fs.h>	46	#include <linux/proc_fs.h>
47	#include <linux/netfilter_ipv4.h>	47	#include <linux/netfilter_ipv4.h>
48	#include <linux/netfilter_ipv6.h>	48	#include <linux/netfilter_ipv6.h>
49	#include <linux/tty.h>	49	#include <linux/tty.h>
50	#include <net/icmp.h>	50	#include <net/icmp.h>
51	#include <net/ip.h> /* for local_port_range[] */	51	#include <net/ip.h> /* for local_port_range[] */
52	#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */	52	#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
53	#include <net/net_namespace.h>	53	#include <net/net_namespace.h>
54	#include <net/netlabel.h>	54	#include <net/netlabel.h>
55	#include <linux/uaccess.h>	55	#include <linux/uaccess.h>
56	#include <asm/ioctls.h>	56	#include <asm/ioctls.h>
57	#include <asm/atomic.h>	57	#include <asm/atomic.h>
58	#include <linux/bitops.h>	58	#include <linux/bitops.h>
59	#include <linux/interrupt.h>	59	#include <linux/interrupt.h>
60	#include <linux/netdevice.h> /* for network interface checks */	60	#include <linux/netdevice.h> /* for network interface checks */
61	#include <linux/netlink.h>	61	#include <linux/netlink.h>
62	#include <linux/tcp.h>	62	#include <linux/tcp.h>
63	#include <linux/udp.h>	63	#include <linux/udp.h>
64	#include <linux/dccp.h>	64	#include <linux/dccp.h>
65	#include <linux/quota.h>	65	#include <linux/quota.h>
66	#include <linux/un.h> /* for Unix socket types */	66	#include <linux/un.h> /* for Unix socket types */
67	#include <net/af_unix.h> /* for Unix socket types */	67	#include <net/af_unix.h> /* for Unix socket types */
68	#include <linux/parser.h>	68	#include <linux/parser.h>
69	#include <linux/nfs_mount.h>	69	#include <linux/nfs_mount.h>
70	#include <net/ipv6.h>	70	#include <net/ipv6.h>
71	#include <linux/hugetlb.h>	71	#include <linux/hugetlb.h>
72	#include <linux/personality.h>	72	#include <linux/personality.h>
73	#include <linux/sysctl.h>	73	#include <linux/sysctl.h>
74	#include <linux/audit.h>	74	#include <linux/audit.h>
75	#include <linux/string.h>	75	#include <linux/string.h>
76	#include <linux/selinux.h>	76	#include <linux/selinux.h>
77	#include <linux/mutex.h>	77	#include <linux/mutex.h>
78	#include <linux/posix-timers.h>	78	#include <linux/posix-timers.h>
79	#include <linux/syslog.h>	79	#include <linux/syslog.h>
80		80
81	#include "avc.h"	81	#include "avc.h"
82	#include "objsec.h"	82	#include "objsec.h"
83	#include "netif.h"	83	#include "netif.h"
84	#include "netnode.h"	84	#include "netnode.h"
85	#include "netport.h"	85	#include "netport.h"
86	#include "xfrm.h"	86	#include "xfrm.h"
87	#include "netlabel.h"	87	#include "netlabel.h"
88	#include "audit.h"	88	#include "audit.h"
89		89
90	#define NUM_SEL_MNT_OPTS 5	90	#define NUM_SEL_MNT_OPTS 5
91		91
92	extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);	92	extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
93	extern struct security_operations *security_ops;	93	extern struct security_operations *security_ops;
94		94
95	/* SECMARK reference count */	95	/* SECMARK reference count */
96	atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);	96	atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
97		97
98	#ifdef CONFIG_SECURITY_SELINUX_DEVELOP	98	#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
99	int selinux_enforcing;	99	int selinux_enforcing;
100		100
101	static int __init enforcing_setup(char *str)	101	static int __init enforcing_setup(char *str)
102	{	102	{
103	unsigned long enforcing;	103	unsigned long enforcing;
104	if (!strict_strtoul(str, 0, &enforcing))	104	if (!strict_strtoul(str, 0, &enforcing))
105	selinux_enforcing = enforcing ? 1 : 0;	105	selinux_enforcing = enforcing ? 1 : 0;
106	return 1;	106	return 1;
107	}	107	}
108	__setup("enforcing=", enforcing_setup);	108	__setup("enforcing=", enforcing_setup);
109	#endif	109	#endif
110		110
111	#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM	111	#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
112	int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;	112	int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
113		113
114	static int __init selinux_enabled_setup(char *str)	114	static int __init selinux_enabled_setup(char *str)
115	{	115	{
116	unsigned long enabled;	116	unsigned long enabled;
117	if (!strict_strtoul(str, 0, &enabled))	117	if (!strict_strtoul(str, 0, &enabled))
118	selinux_enabled = enabled ? 1 : 0;	118	selinux_enabled = enabled ? 1 : 0;
119	return 1;	119	return 1;
120	}	120	}
121	__setup("selinux=", selinux_enabled_setup);	121	__setup("selinux=", selinux_enabled_setup);
122	#else	122	#else
123	int selinux_enabled = 1;	123	int selinux_enabled = 1;
124	#endif	124	#endif
125		125
126	static struct kmem_cache *sel_inode_cache;	126	static struct kmem_cache *sel_inode_cache;
127		127
128	/**	128	/**
129	* selinux_secmark_enabled - Check to see if SECMARK is currently enabled	129	* selinux_secmark_enabled - Check to see if SECMARK is currently enabled
130	*	130	*
131	* Description:	131	* Description:
132	* This function checks the SECMARK reference counter to see if any SECMARK	132	* This function checks the SECMARK reference counter to see if any SECMARK
133	* targets are currently configured, if the reference counter is greater than	133	* targets are currently configured, if the reference counter is greater than
134	* zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is	134	* zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is
135	* enabled, false (0) if SECMARK is disabled.	135	* enabled, false (0) if SECMARK is disabled.
136	*	136	*
137	*/	137	*/
138	static int selinux_secmark_enabled(void)	138	static int selinux_secmark_enabled(void)
139	{	139	{
140	return (atomic_read(&selinux_secmark_refcount) > 0);	140	return (atomic_read(&selinux_secmark_refcount) > 0);
141	}	141	}
142		142
143	/*	143	/*
144	* initialise the security for the init task	144	* initialise the security for the init task
145	*/	145	*/
146	static void cred_init_security(void)	146	static void cred_init_security(void)
147	{	147	{
148	struct cred cred = (struct cred ) current->real_cred;	148	struct cred cred = (struct cred ) current->real_cred;
149	struct task_security_struct *tsec;	149	struct task_security_struct *tsec;
150		150
151	tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);	151	tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
152	if (!tsec)	152	if (!tsec)
153	panic("SELinux: Failed to initialize initial task.\n");	153	panic("SELinux: Failed to initialize initial task.\n");
154		154
155	tsec->osid = tsec->sid = SECINITSID_KERNEL;	155	tsec->osid = tsec->sid = SECINITSID_KERNEL;
156	cred->security = tsec;	156	cred->security = tsec;
157	}	157	}
158		158
159	/*	159	/*
160	* get the security ID of a set of credentials	160	* get the security ID of a set of credentials
161	*/	161	*/
162	static inline u32 cred_sid(const struct cred *cred)	162	static inline u32 cred_sid(const struct cred *cred)
163	{	163	{
164	const struct task_security_struct *tsec;	164	const struct task_security_struct *tsec;
165		165
166	tsec = cred->security;	166	tsec = cred->security;
167	return tsec->sid;	167	return tsec->sid;
168	}	168	}
169		169
170	/*	170	/*
171	* get the objective security ID of a task	171	* get the objective security ID of a task
172	*/	172	*/
173	static inline u32 task_sid(const struct task_struct *task)	173	static inline u32 task_sid(const struct task_struct *task)
174	{	174	{
175	u32 sid;	175	u32 sid;
176		176
177	rcu_read_lock();	177	rcu_read_lock();
178	sid = cred_sid(__task_cred(task));	178	sid = cred_sid(__task_cred(task));
179	rcu_read_unlock();	179	rcu_read_unlock();
180	return sid;	180	return sid;
181	}	181	}
182		182
183	/*	183	/*
184	* get the subjective security ID of the current task	184	* get the subjective security ID of the current task
185	*/	185	*/
186	static inline u32 current_sid(void)	186	static inline u32 current_sid(void)
187	{	187	{
188	const struct task_security_struct *tsec = current_security();	188	const struct task_security_struct *tsec = current_security();
189		189
190	return tsec->sid;	190	return tsec->sid;
191	}	191	}
192		192
193	/* Allocate and free functions for each kind of security blob. */	193	/* Allocate and free functions for each kind of security blob. */
194		194
195	static int inode_alloc_security(struct inode *inode)	195	static int inode_alloc_security(struct inode *inode)
196	{	196	{
197	struct inode_security_struct *isec;	197	struct inode_security_struct *isec;
198	u32 sid = current_sid();	198	u32 sid = current_sid();
199		199
200	isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);	200	isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
201	if (!isec)	201	if (!isec)
202	return -ENOMEM;	202	return -ENOMEM;
203		203
204	mutex_init(&isec->lock);	204	mutex_init(&isec->lock);
205	INIT_LIST_HEAD(&isec->list);	205	INIT_LIST_HEAD(&isec->list);
206	isec->inode = inode;	206	isec->inode = inode;
207	isec->sid = SECINITSID_UNLABELED;	207	isec->sid = SECINITSID_UNLABELED;
208	isec->sclass = SECCLASS_FILE;	208	isec->sclass = SECCLASS_FILE;
209	isec->task_sid = sid;	209	isec->task_sid = sid;
210	inode->i_security = isec;	210	inode->i_security = isec;
211		211
212	return 0;	212	return 0;
213	}	213	}
214		214
215	static void inode_free_security(struct inode *inode)	215	static void inode_free_security(struct inode *inode)
216	{	216	{
217	struct inode_security_struct *isec = inode->i_security;	217	struct inode_security_struct *isec = inode->i_security;
218	struct superblock_security_struct *sbsec = inode->i_sb->s_security;	218	struct superblock_security_struct *sbsec = inode->i_sb->s_security;
219		219
220	spin_lock(&sbsec->isec_lock);	220	spin_lock(&sbsec->isec_lock);
221	if (!list_empty(&isec->list))	221	if (!list_empty(&isec->list))
222	list_del_init(&isec->list);	222	list_del_init(&isec->list);
223	spin_unlock(&sbsec->isec_lock);	223	spin_unlock(&sbsec->isec_lock);
224		224
225	inode->i_security = NULL;	225	inode->i_security = NULL;
226	kmem_cache_free(sel_inode_cache, isec);	226	kmem_cache_free(sel_inode_cache, isec);
227	}	227	}
228		228
229	static int file_alloc_security(struct file *file)	229	static int file_alloc_security(struct file *file)
230	{	230	{
231	struct file_security_struct *fsec;	231	struct file_security_struct *fsec;
232	u32 sid = current_sid();	232	u32 sid = current_sid();
233		233
234	fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);	234	fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
235	if (!fsec)	235	if (!fsec)
236	return -ENOMEM;	236	return -ENOMEM;
237		237
238	fsec->sid = sid;	238	fsec->sid = sid;
239	fsec->fown_sid = sid;	239	fsec->fown_sid = sid;
240	file->f_security = fsec;	240	file->f_security = fsec;
241		241
242	return 0;	242	return 0;
243	}	243	}
244		244
245	static void file_free_security(struct file *file)	245	static void file_free_security(struct file *file)
246	{	246	{
247	struct file_security_struct *fsec = file->f_security;	247	struct file_security_struct *fsec = file->f_security;
248	file->f_security = NULL;	248	file->f_security = NULL;
249	kfree(fsec);	249	kfree(fsec);
250	}	250	}
251		251
252	static int superblock_alloc_security(struct super_block *sb)	252	static int superblock_alloc_security(struct super_block *sb)
253	{	253	{
254	struct superblock_security_struct *sbsec;	254	struct superblock_security_struct *sbsec;
255		255
256	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);	256	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
257	if (!sbsec)	257	if (!sbsec)
258	return -ENOMEM;	258	return -ENOMEM;
259		259
260	mutex_init(&sbsec->lock);	260	mutex_init(&sbsec->lock);
261	INIT_LIST_HEAD(&sbsec->isec_head);	261	INIT_LIST_HEAD(&sbsec->isec_head);
262	spin_lock_init(&sbsec->isec_lock);	262	spin_lock_init(&sbsec->isec_lock);
263	sbsec->sb = sb;	263	sbsec->sb = sb;
264	sbsec->sid = SECINITSID_UNLABELED;	264	sbsec->sid = SECINITSID_UNLABELED;
265	sbsec->def_sid = SECINITSID_FILE;	265	sbsec->def_sid = SECINITSID_FILE;
266	sbsec->mntpoint_sid = SECINITSID_UNLABELED;	266	sbsec->mntpoint_sid = SECINITSID_UNLABELED;
267	sb->s_security = sbsec;	267	sb->s_security = sbsec;
268		268
269	return 0;	269	return 0;
270	}	270	}
271		271
272	static void superblock_free_security(struct super_block *sb)	272	static void superblock_free_security(struct super_block *sb)
273	{	273	{
274	struct superblock_security_struct *sbsec = sb->s_security;	274	struct superblock_security_struct *sbsec = sb->s_security;
275	sb->s_security = NULL;	275	sb->s_security = NULL;
276	kfree(sbsec);	276	kfree(sbsec);
277	}	277	}
278		278
279	/* The security server must be initialized before	279	/* The security server must be initialized before
280	any labeling or access decisions can be provided. */	280	any labeling or access decisions can be provided. */
281	extern int ss_initialized;	281	extern int ss_initialized;
282		282
283	/* The file system's label must be initialized prior to use. */	283	/* The file system's label must be initialized prior to use. */
284		284
285	static const char *labeling_behaviors[6] = {	285	static const char *labeling_behaviors[6] = {
286	"uses xattr",	286	"uses xattr",
287	"uses transition SIDs",	287	"uses transition SIDs",
288	"uses task SIDs",	288	"uses task SIDs",
289	"uses genfs_contexts",	289	"uses genfs_contexts",
290	"not configured for labeling",	290	"not configured for labeling",
291	"uses mountpoint labeling",	291	"uses mountpoint labeling",
292	};	292	};
293		293
294	static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry);	294	static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry);
295		295
296	static inline int inode_doinit(struct inode *inode)	296	static inline int inode_doinit(struct inode *inode)
297	{	297	{
298	return inode_doinit_with_dentry(inode, NULL);	298	return inode_doinit_with_dentry(inode, NULL);
299	}	299	}
300		300
301	enum {	301	enum {
302	Opt_error = -1,	302	Opt_error = -1,
303	Opt_context = 1,	303	Opt_context = 1,
304	Opt_fscontext = 2,	304	Opt_fscontext = 2,
305	Opt_defcontext = 3,	305	Opt_defcontext = 3,
306	Opt_rootcontext = 4,	306	Opt_rootcontext = 4,
307	Opt_labelsupport = 5,	307	Opt_labelsupport = 5,
308	};	308	};
309		309
310	static const match_table_t tokens = {	310	static const match_table_t tokens = {
311	{Opt_context, CONTEXT_STR "%s"},	311	{Opt_context, CONTEXT_STR "%s"},
312	{Opt_fscontext, FSCONTEXT_STR "%s"},	312	{Opt_fscontext, FSCONTEXT_STR "%s"},
313	{Opt_defcontext, DEFCONTEXT_STR "%s"},	313	{Opt_defcontext, DEFCONTEXT_STR "%s"},
314	{Opt_rootcontext, ROOTCONTEXT_STR "%s"},	314	{Opt_rootcontext, ROOTCONTEXT_STR "%s"},
315	{Opt_labelsupport, LABELSUPP_STR},	315	{Opt_labelsupport, LABELSUPP_STR},
316	{Opt_error, NULL},	316	{Opt_error, NULL},
317	};	317	};
318		318
319	#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"	319	#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
320		320
321	static int may_context_mount_sb_relabel(u32 sid,	321	static int may_context_mount_sb_relabel(u32 sid,
322	struct superblock_security_struct *sbsec,	322	struct superblock_security_struct *sbsec,
323	const struct cred *cred)	323	const struct cred *cred)
324	{	324	{
325	const struct task_security_struct *tsec = cred->security;	325	const struct task_security_struct *tsec = cred->security;
326	int rc;	326	int rc;
327		327
328	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,	328	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
329	FILESYSTEM__RELABELFROM, NULL);	329	FILESYSTEM__RELABELFROM, NULL);
330	if (rc)	330	if (rc)
331	return rc;	331	return rc;
332		332
333	rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,	333	rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
334	FILESYSTEM__RELABELTO, NULL);	334	FILESYSTEM__RELABELTO, NULL);
335	return rc;	335	return rc;
336	}	336	}
337		337
338	static int may_context_mount_inode_relabel(u32 sid,	338	static int may_context_mount_inode_relabel(u32 sid,
339	struct superblock_security_struct *sbsec,	339	struct superblock_security_struct *sbsec,
340	const struct cred *cred)	340	const struct cred *cred)
341	{	341	{
342	const struct task_security_struct *tsec = cred->security;	342	const struct task_security_struct *tsec = cred->security;
343	int rc;	343	int rc;
344	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,	344	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
345	FILESYSTEM__RELABELFROM, NULL);	345	FILESYSTEM__RELABELFROM, NULL);
346	if (rc)	346	if (rc)
347	return rc;	347	return rc;
348		348
349	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,	349	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
350	FILESYSTEM__ASSOCIATE, NULL);	350	FILESYSTEM__ASSOCIATE, NULL);
351	return rc;	351	return rc;
352	}	352	}
353		353
354	static int sb_finish_set_opts(struct super_block *sb)	354	static int sb_finish_set_opts(struct super_block *sb)
355	{	355	{
356	struct superblock_security_struct *sbsec = sb->s_security;	356	struct superblock_security_struct *sbsec = sb->s_security;
357	struct dentry *root = sb->s_root;	357	struct dentry *root = sb->s_root;
358	struct inode *root_inode = root->d_inode;	358	struct inode *root_inode = root->d_inode;
359	int rc = 0;	359	int rc = 0;
360		360
361	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {	361	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
362	/* Make sure that the xattr handler exists and that no	362	/* Make sure that the xattr handler exists and that no
363	error other than -ENODATA is returned by getxattr on	363	error other than -ENODATA is returned by getxattr on
364	the root directory. -ENODATA is ok, as this may be	364	the root directory. -ENODATA is ok, as this may be
365	the first boot of the SELinux kernel before we have	365	the first boot of the SELinux kernel before we have
366	assigned xattr values to the filesystem. */	366	assigned xattr values to the filesystem. */
367	if (!root_inode->i_op->getxattr) {	367	if (!root_inode->i_op->getxattr) {
368	printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "	368	printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
369	"xattr support\n", sb->s_id, sb->s_type->name);	369	"xattr support\n", sb->s_id, sb->s_type->name);
370	rc = -EOPNOTSUPP;	370	rc = -EOPNOTSUPP;
371	goto out;	371	goto out;
372	}	372	}
373	rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);	373	rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
374	if (rc < 0 && rc != -ENODATA) {	374	if (rc < 0 && rc != -ENODATA) {
375	if (rc == -EOPNOTSUPP)	375	if (rc == -EOPNOTSUPP)
376	printk(KERN_WARNING "SELinux: (dev %s, type "	376	printk(KERN_WARNING "SELinux: (dev %s, type "
377	"%s) has no security xattr handler\n",	377	"%s) has no security xattr handler\n",
378	sb->s_id, sb->s_type->name);	378	sb->s_id, sb->s_type->name);
379	else	379	else
380	printk(KERN_WARNING "SELinux: (dev %s, type "	380	printk(KERN_WARNING "SELinux: (dev %s, type "
381	"%s) getxattr errno %d\n", sb->s_id,	381	"%s) getxattr errno %d\n", sb->s_id,
382	sb->s_type->name, -rc);	382	sb->s_type->name, -rc);
383	goto out;	383	goto out;
384	}	384	}
385	}	385	}
386		386
387	sbsec->flags \|= (SE_SBINITIALIZED \| SE_SBLABELSUPP);	387	sbsec->flags \|= (SE_SBINITIALIZED \| SE_SBLABELSUPP);
388		388
389	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))	389	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
390	printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",	390	printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
391	sb->s_id, sb->s_type->name);	391	sb->s_id, sb->s_type->name);
392	else	392	else
393	printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",	393	printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
394	sb->s_id, sb->s_type->name,	394	sb->s_id, sb->s_type->name,
395	labeling_behaviors[sbsec->behavior-1]);	395	labeling_behaviors[sbsec->behavior-1]);
396		396
397	if (sbsec->behavior == SECURITY_FS_USE_GENFS \|\|	397	if (sbsec->behavior == SECURITY_FS_USE_GENFS \|\|
398	sbsec->behavior == SECURITY_FS_USE_MNTPOINT \|\|	398	sbsec->behavior == SECURITY_FS_USE_MNTPOINT \|\|
399	sbsec->behavior == SECURITY_FS_USE_NONE \|\|	399	sbsec->behavior == SECURITY_FS_USE_NONE \|\|
400	sbsec->behavior > ARRAY_SIZE(labeling_behaviors))	400	sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
401	sbsec->flags &= ~SE_SBLABELSUPP;	401	sbsec->flags &= ~SE_SBLABELSUPP;
402		402
403	/* Special handling for sysfs. Is genfs but also has setxattr handler*/	403	/* Special handling for sysfs. Is genfs but also has setxattr handler*/
404	if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)	404	if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
405	sbsec->flags \|= SE_SBLABELSUPP;	405	sbsec->flags \|= SE_SBLABELSUPP;
406		406
407	/* Initialize the root inode. */	407	/* Initialize the root inode. */
408	rc = inode_doinit_with_dentry(root_inode, root);	408	rc = inode_doinit_with_dentry(root_inode, root);
409		409
410	/* Initialize any other inodes associated with the superblock, e.g.	410	/* Initialize any other inodes associated with the superblock, e.g.
411	inodes created prior to initial policy load or inodes created	411	inodes created prior to initial policy load or inodes created
412	during get_sb by a pseudo filesystem that directly	412	during get_sb by a pseudo filesystem that directly
413	populates itself. */	413	populates itself. */
414	spin_lock(&sbsec->isec_lock);	414	spin_lock(&sbsec->isec_lock);
415	next_inode:	415	next_inode:
416	if (!list_empty(&sbsec->isec_head)) {	416	if (!list_empty(&sbsec->isec_head)) {
417	struct inode_security_struct *isec =	417	struct inode_security_struct *isec =
418	list_entry(sbsec->isec_head.next,	418	list_entry(sbsec->isec_head.next,
419	struct inode_security_struct, list);	419	struct inode_security_struct, list);
420	struct inode *inode = isec->inode;	420	struct inode *inode = isec->inode;
421	spin_unlock(&sbsec->isec_lock);	421	spin_unlock(&sbsec->isec_lock);
422	inode = igrab(inode);	422	inode = igrab(inode);
423	if (inode) {	423	if (inode) {
424	if (!IS_PRIVATE(inode))	424	if (!IS_PRIVATE(inode))
425	inode_doinit(inode);	425	inode_doinit(inode);
426	iput(inode);	426	iput(inode);
427	}	427	}
428	spin_lock(&sbsec->isec_lock);	428	spin_lock(&sbsec->isec_lock);
429	list_del_init(&isec->list);	429	list_del_init(&isec->list);
430	goto next_inode;	430	goto next_inode;
431	}	431	}
432	spin_unlock(&sbsec->isec_lock);	432	spin_unlock(&sbsec->isec_lock);
433	out:	433	out:
434	return rc;	434	return rc;
435	}	435	}
436		436
437	/*	437	/*
438	* This function should allow an FS to ask what it's mount security	438	* This function should allow an FS to ask what it's mount security
439	* options were so it can use those later for submounts, displaying	439	* options were so it can use those later for submounts, displaying
440	* mount options, or whatever.	440	* mount options, or whatever.
441	*/	441	*/
442	static int selinux_get_mnt_opts(const struct super_block *sb,	442	static int selinux_get_mnt_opts(const struct super_block *sb,
443	struct security_mnt_opts *opts)	443	struct security_mnt_opts *opts)
444	{	444	{
445	int rc = 0, i;	445	int rc = 0, i;
446	struct superblock_security_struct *sbsec = sb->s_security;	446	struct superblock_security_struct *sbsec = sb->s_security;
447	char *context = NULL;	447	char *context = NULL;
448	u32 len;	448	u32 len;
449	char tmp;	449	char tmp;
450		450
451	security_init_mnt_opts(opts);	451	security_init_mnt_opts(opts);
452		452
453	if (!(sbsec->flags & SE_SBINITIALIZED))	453	if (!(sbsec->flags & SE_SBINITIALIZED))
454	return -EINVAL;	454	return -EINVAL;
455		455
456	if (!ss_initialized)	456	if (!ss_initialized)
457	return -EINVAL;	457	return -EINVAL;
458		458
459	tmp = sbsec->flags & SE_MNTMASK;	459	tmp = sbsec->flags & SE_MNTMASK;
460	/* count the number of mount options for this sb */	460	/* count the number of mount options for this sb */
461	for (i = 0; i < 8; i++) {	461	for (i = 0; i < 8; i++) {
462	if (tmp & 0x01)	462	if (tmp & 0x01)
463	opts->num_mnt_opts++;	463	opts->num_mnt_opts++;
464	tmp >>= 1;	464	tmp >>= 1;
465	}	465	}
466	/* Check if the Label support flag is set */	466	/* Check if the Label support flag is set */
467	if (sbsec->flags & SE_SBLABELSUPP)	467	if (sbsec->flags & SE_SBLABELSUPP)
468	opts->num_mnt_opts++;	468	opts->num_mnt_opts++;
469		469
470	opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);	470	opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
471	if (!opts->mnt_opts) {	471	if (!opts->mnt_opts) {
472	rc = -ENOMEM;	472	rc = -ENOMEM;
473	goto out_free;	473	goto out_free;
474	}	474	}
475		475
476	opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);	476	opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
477	if (!opts->mnt_opts_flags) {	477	if (!opts->mnt_opts_flags) {
478	rc = -ENOMEM;	478	rc = -ENOMEM;
479	goto out_free;	479	goto out_free;
480	}	480	}
481		481
482	i = 0;	482	i = 0;
483	if (sbsec->flags & FSCONTEXT_MNT) {	483	if (sbsec->flags & FSCONTEXT_MNT) {
484	rc = security_sid_to_context(sbsec->sid, &context, &len);	484	rc = security_sid_to_context(sbsec->sid, &context, &len);
485	if (rc)	485	if (rc)
486	goto out_free;	486	goto out_free;
487	opts->mnt_opts[i] = context;	487	opts->mnt_opts[i] = context;
488	opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;	488	opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
489	}	489	}
490	if (sbsec->flags & CONTEXT_MNT) {	490	if (sbsec->flags & CONTEXT_MNT) {
491	rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);	491	rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
492	if (rc)	492	if (rc)
493	goto out_free;	493	goto out_free;
494	opts->mnt_opts[i] = context;	494	opts->mnt_opts[i] = context;
495	opts->mnt_opts_flags[i++] = CONTEXT_MNT;	495	opts->mnt_opts_flags[i++] = CONTEXT_MNT;
496	}	496	}
497	if (sbsec->flags & DEFCONTEXT_MNT) {	497	if (sbsec->flags & DEFCONTEXT_MNT) {
498	rc = security_sid_to_context(sbsec->def_sid, &context, &len);	498	rc = security_sid_to_context(sbsec->def_sid, &context, &len);
499	if (rc)	499	if (rc)
500	goto out_free;	500	goto out_free;
501	opts->mnt_opts[i] = context;	501	opts->mnt_opts[i] = context;
502	opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;	502	opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
503	}	503	}
504	if (sbsec->flags & ROOTCONTEXT_MNT) {	504	if (sbsec->flags & ROOTCONTEXT_MNT) {
505	struct inode *root = sbsec->sb->s_root->d_inode;	505	struct inode *root = sbsec->sb->s_root->d_inode;
506	struct inode_security_struct *isec = root->i_security;	506	struct inode_security_struct *isec = root->i_security;
507		507
508	rc = security_sid_to_context(isec->sid, &context, &len);	508	rc = security_sid_to_context(isec->sid, &context, &len);
509	if (rc)	509	if (rc)
510	goto out_free;	510	goto out_free;
511	opts->mnt_opts[i] = context;	511	opts->mnt_opts[i] = context;
512	opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;	512	opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
513	}	513	}
514	if (sbsec->flags & SE_SBLABELSUPP) {	514	if (sbsec->flags & SE_SBLABELSUPP) {
515	opts->mnt_opts[i] = NULL;	515	opts->mnt_opts[i] = NULL;
516	opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;	516	opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
517	}	517	}
518		518
519	BUG_ON(i != opts->num_mnt_opts);	519	BUG_ON(i != opts->num_mnt_opts);
520		520
521	return 0;	521	return 0;
522		522
523	out_free:	523	out_free:
524	security_free_mnt_opts(opts);	524	security_free_mnt_opts(opts);
525	return rc;	525	return rc;
526	}	526	}
527		527
528	static int bad_option(struct superblock_security_struct *sbsec, char flag,	528	static int bad_option(struct superblock_security_struct *sbsec, char flag,
529	u32 old_sid, u32 new_sid)	529	u32 old_sid, u32 new_sid)
530	{	530	{
531	char mnt_flags = sbsec->flags & SE_MNTMASK;	531	char mnt_flags = sbsec->flags & SE_MNTMASK;
532		532
533	/* check if the old mount command had the same options */	533	/* check if the old mount command had the same options */
534	if (sbsec->flags & SE_SBINITIALIZED)	534	if (sbsec->flags & SE_SBINITIALIZED)
535	if (!(sbsec->flags & flag) \|\|	535	if (!(sbsec->flags & flag) \|\|
536	(old_sid != new_sid))	536	(old_sid != new_sid))
537	return 1;	537	return 1;
538		538
539	/* check if we were passed the same options twice,	539	/* check if we were passed the same options twice,
540	* aka someone passed context=a,context=b	540	* aka someone passed context=a,context=b
541	*/	541	*/
542	if (!(sbsec->flags & SE_SBINITIALIZED))	542	if (!(sbsec->flags & SE_SBINITIALIZED))
543	if (mnt_flags & flag)	543	if (mnt_flags & flag)
544	return 1;	544	return 1;
545	return 0;	545	return 0;
546	}	546	}
547		547
548	/*	548	/*
549	* Allow filesystems with binary mount data to explicitly set mount point	549	* Allow filesystems with binary mount data to explicitly set mount point
550	* labeling information.	550	* labeling information.
551	*/	551	*/
552	static int selinux_set_mnt_opts(struct super_block *sb,	552	static int selinux_set_mnt_opts(struct super_block *sb,
553	struct security_mnt_opts *opts)	553	struct security_mnt_opts *opts)
554	{	554	{
555	const struct cred *cred = current_cred();	555	const struct cred *cred = current_cred();
556	int rc = 0, i;	556	int rc = 0, i;
557	struct superblock_security_struct *sbsec = sb->s_security;	557	struct superblock_security_struct *sbsec = sb->s_security;
558	const char *name = sb->s_type->name;	558	const char *name = sb->s_type->name;
559	struct inode *inode = sbsec->sb->s_root->d_inode;	559	struct inode *inode = sbsec->sb->s_root->d_inode;
560	struct inode_security_struct *root_isec = inode->i_security;	560	struct inode_security_struct *root_isec = inode->i_security;
561	u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;	561	u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
562	u32 defcontext_sid = 0;	562	u32 defcontext_sid = 0;
563	char **mount_options = opts->mnt_opts;	563	char **mount_options = opts->mnt_opts;
564	int *flags = opts->mnt_opts_flags;	564	int *flags = opts->mnt_opts_flags;
565	int num_opts = opts->num_mnt_opts;	565	int num_opts = opts->num_mnt_opts;
566		566
567	mutex_lock(&sbsec->lock);	567	mutex_lock(&sbsec->lock);
568		568
569	if (!ss_initialized) {	569	if (!ss_initialized) {
570	if (!num_opts) {	570	if (!num_opts) {
571	/* Defer initialization until selinux_complete_init,	571	/* Defer initialization until selinux_complete_init,
572	after the initial policy is loaded and the security	572	after the initial policy is loaded and the security
573	server is ready to handle calls. */	573	server is ready to handle calls. */
574	goto out;	574	goto out;
575	}	575	}
576	rc = -EINVAL;	576	rc = -EINVAL;
577	printk(KERN_WARNING "SELinux: Unable to set superblock options "	577	printk(KERN_WARNING "SELinux: Unable to set superblock options "
578	"before the security server is initialized\n");	578	"before the security server is initialized\n");
579	goto out;	579	goto out;
580	}	580	}
581		581
582	/*	582	/*
583	* Binary mount data FS will come through this function twice. Once	583	* Binary mount data FS will come through this function twice. Once
584	* from an explicit call and once from the generic calls from the vfs.	584	* from an explicit call and once from the generic calls from the vfs.
585	* Since the generic VFS calls will not contain any security mount data	585	* Since the generic VFS calls will not contain any security mount data
586	* we need to skip the double mount verification.	586	* we need to skip the double mount verification.
587	*	587	*
588	* This does open a hole in which we will not notice if the first	588	* This does open a hole in which we will not notice if the first
589	* mount using this sb set explict options and a second mount using	589	* mount using this sb set explict options and a second mount using
590	* this sb does not set any security options. (The first options	590	* this sb does not set any security options. (The first options
591	* will be used for both mounts)	591	* will be used for both mounts)
592	*/	592	*/
593	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)	593	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
594	&& (num_opts == 0))	594	&& (num_opts == 0))
595	goto out;	595	goto out;
596		596
597	/*	597	/*
598	* parse the mount options, check if they are valid sids.	598	* parse the mount options, check if they are valid sids.
599	* also check if someone is trying to mount the same sb more	599	* also check if someone is trying to mount the same sb more
600	* than once with different security options.	600	* than once with different security options.
601	*/	601	*/
602	for (i = 0; i < num_opts; i++) {	602	for (i = 0; i < num_opts; i++) {
603	u32 sid;	603	u32 sid;
604		604
605	if (flags[i] == SE_SBLABELSUPP)	605	if (flags[i] == SE_SBLABELSUPP)
606	continue;	606	continue;
607	rc = security_context_to_sid(mount_options[i],	607	rc = security_context_to_sid(mount_options[i],
608	strlen(mount_options[i]), &sid);	608	strlen(mount_options[i]), &sid);
609	if (rc) {	609	if (rc) {
610	printk(KERN_WARNING "SELinux: security_context_to_sid"	610	printk(KERN_WARNING "SELinux: security_context_to_sid"
611	"(%s) failed for (dev %s, type %s) errno=%d\n",	611	"(%s) failed for (dev %s, type %s) errno=%d\n",
612	mount_options[i], sb->s_id, name, rc);	612	mount_options[i], sb->s_id, name, rc);
613	goto out;	613	goto out;
614	}	614	}
615	switch (flags[i]) {	615	switch (flags[i]) {
616	case FSCONTEXT_MNT:	616	case FSCONTEXT_MNT:
617	fscontext_sid = sid;	617	fscontext_sid = sid;
618		618
619	if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,	619	if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
620	fscontext_sid))	620	fscontext_sid))
621	goto out_double_mount;	621	goto out_double_mount;
622		622
623	sbsec->flags \|= FSCONTEXT_MNT;	623	sbsec->flags \|= FSCONTEXT_MNT;
624	break;	624	break;
625	case CONTEXT_MNT:	625	case CONTEXT_MNT:
626	context_sid = sid;	626	context_sid = sid;
627		627
628	if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,	628	if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
629	context_sid))	629	context_sid))
630	goto out_double_mount;	630	goto out_double_mount;
631		631
632	sbsec->flags \|= CONTEXT_MNT;	632	sbsec->flags \|= CONTEXT_MNT;
633	break;	633	break;
634	case ROOTCONTEXT_MNT:	634	case ROOTCONTEXT_MNT:
635	rootcontext_sid = sid;	635	rootcontext_sid = sid;
636		636
637	if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,	637	if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
638	rootcontext_sid))	638	rootcontext_sid))
639	goto out_double_mount;	639	goto out_double_mount;
640		640
641	sbsec->flags \|= ROOTCONTEXT_MNT;	641	sbsec->flags \|= ROOTCONTEXT_MNT;
642		642
643	break;	643	break;
644	case DEFCONTEXT_MNT:	644	case DEFCONTEXT_MNT:
645	defcontext_sid = sid;	645	defcontext_sid = sid;
646		646
647	if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,	647	if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
648	defcontext_sid))	648	defcontext_sid))
649	goto out_double_mount;	649	goto out_double_mount;
650		650
651	sbsec->flags \|= DEFCONTEXT_MNT;	651	sbsec->flags \|= DEFCONTEXT_MNT;
652		652
653	break;	653	break;
654	default:	654	default:
655	rc = -EINVAL;	655	rc = -EINVAL;
656	goto out;	656	goto out;
657	}	657	}
658	}	658	}
659		659
660	if (sbsec->flags & SE_SBINITIALIZED) {	660	if (sbsec->flags & SE_SBINITIALIZED) {
661	/* previously mounted with options, but not on this attempt? */	661	/* previously mounted with options, but not on this attempt? */
662	if ((sbsec->flags & SE_MNTMASK) && !num_opts)	662	if ((sbsec->flags & SE_MNTMASK) && !num_opts)
663	goto out_double_mount;	663	goto out_double_mount;
664	rc = 0;	664	rc = 0;
665	goto out;	665	goto out;
666	}	666	}
667		667
668	if (strcmp(sb->s_type->name, "proc") == 0)	668	if (strcmp(sb->s_type->name, "proc") == 0)
669	sbsec->flags \|= SE_SBPROC;	669	sbsec->flags \|= SE_SBPROC;
670		670
671	/* Determine the labeling behavior to use for this filesystem type. */	671	/* Determine the labeling behavior to use for this filesystem type. */
672	rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);	672	rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
673	if (rc) {	673	if (rc) {
674	printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",	674	printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
675	__func__, sb->s_type->name, rc);	675	__func__, sb->s_type->name, rc);
676	goto out;	676	goto out;
677	}	677	}
678		678
679	/* sets the context of the superblock for the fs being mounted. */	679	/* sets the context of the superblock for the fs being mounted. */
680	if (fscontext_sid) {	680	if (fscontext_sid) {
681	rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);	681	rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
682	if (rc)	682	if (rc)
683	goto out;	683	goto out;
684		684
685	sbsec->sid = fscontext_sid;	685	sbsec->sid = fscontext_sid;
686	}	686	}
687		687
688	/*	688	/*
689	* Switch to using mount point labeling behavior.	689	* Switch to using mount point labeling behavior.
690	* sets the label used on all file below the mountpoint, and will set	690	* sets the label used on all file below the mountpoint, and will set
691	* the superblock context if not already set.	691	* the superblock context if not already set.
692	*/	692	*/
693	if (context_sid) {	693	if (context_sid) {
694	if (!fscontext_sid) {	694	if (!fscontext_sid) {
695	rc = may_context_mount_sb_relabel(context_sid, sbsec,	695	rc = may_context_mount_sb_relabel(context_sid, sbsec,
696	cred);	696	cred);
697	if (rc)	697	if (rc)
698	goto out;	698	goto out;
699	sbsec->sid = context_sid;	699	sbsec->sid = context_sid;
700	} else {	700	} else {
701	rc = may_context_mount_inode_relabel(context_sid, sbsec,	701	rc = may_context_mount_inode_relabel(context_sid, sbsec,
702	cred);	702	cred);
703	if (rc)	703	if (rc)
704	goto out;	704	goto out;
705	}	705	}
706	if (!rootcontext_sid)	706	if (!rootcontext_sid)
707	rootcontext_sid = context_sid;	707	rootcontext_sid = context_sid;
708		708
709	sbsec->mntpoint_sid = context_sid;	709	sbsec->mntpoint_sid = context_sid;
710	sbsec->behavior = SECURITY_FS_USE_MNTPOINT;	710	sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
711	}	711	}
712		712
713	if (rootcontext_sid) {	713	if (rootcontext_sid) {
714	rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,	714	rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
715	cred);	715	cred);
716	if (rc)	716	if (rc)
717	goto out;	717	goto out;
718		718
719	root_isec->sid = rootcontext_sid;	719	root_isec->sid = rootcontext_sid;
720	root_isec->initialized = 1;	720	root_isec->initialized = 1;
721	}	721	}
722		722
723	if (defcontext_sid) {	723	if (defcontext_sid) {
724	if (sbsec->behavior != SECURITY_FS_USE_XATTR) {	724	if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
725	rc = -EINVAL;	725	rc = -EINVAL;
726	printk(KERN_WARNING "SELinux: defcontext option is "	726	printk(KERN_WARNING "SELinux: defcontext option is "
727	"invalid for this filesystem type\n");	727	"invalid for this filesystem type\n");
728	goto out;	728	goto out;
729	}	729	}
730		730
731	if (defcontext_sid != sbsec->def_sid) {	731	if (defcontext_sid != sbsec->def_sid) {
732	rc = may_context_mount_inode_relabel(defcontext_sid,	732	rc = may_context_mount_inode_relabel(defcontext_sid,
733	sbsec, cred);	733	sbsec, cred);
734	if (rc)	734	if (rc)
735	goto out;	735	goto out;
736	}	736	}
737		737
738	sbsec->def_sid = defcontext_sid;	738	sbsec->def_sid = defcontext_sid;
739	}	739	}
740		740
741	rc = sb_finish_set_opts(sb);	741	rc = sb_finish_set_opts(sb);
742	out:	742	out:
743	mutex_unlock(&sbsec->lock);	743	mutex_unlock(&sbsec->lock);
744	return rc;	744	return rc;
745	out_double_mount:	745	out_double_mount:
746	rc = -EINVAL;	746	rc = -EINVAL;
747	printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "	747	printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
748	"security settings for (dev %s, type %s)\n", sb->s_id, name);	748	"security settings for (dev %s, type %s)\n", sb->s_id, name);
749	goto out;	749	goto out;
750	}	750	}
751		751
752	static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,	752	static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
753	struct super_block *newsb)	753	struct super_block *newsb)
754	{	754	{
755	const struct superblock_security_struct *oldsbsec = oldsb->s_security;	755	const struct superblock_security_struct *oldsbsec = oldsb->s_security;
756	struct superblock_security_struct *newsbsec = newsb->s_security;	756	struct superblock_security_struct *newsbsec = newsb->s_security;
757		757
758	int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);	758	int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
759	int set_context = (oldsbsec->flags & CONTEXT_MNT);	759	int set_context = (oldsbsec->flags & CONTEXT_MNT);
760	int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);	760	int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
761		761
762	/*	762	/*
763	* if the parent was able to be mounted it clearly had no special lsm	763	* if the parent was able to be mounted it clearly had no special lsm
764	* mount options. thus we can safely deal with this superblock later	764	* mount options. thus we can safely deal with this superblock later
765	*/	765	*/
766	if (!ss_initialized)	766	if (!ss_initialized)
767	return;	767	return;
768		768
769	/* how can we clone if the old one wasn't set up?? */	769	/* how can we clone if the old one wasn't set up?? */
770	BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));	770	BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
771		771
772	/* if fs is reusing a sb, just let its options stand... */	772	/* if fs is reusing a sb, just let its options stand... */
773	if (newsbsec->flags & SE_SBINITIALIZED)	773	if (newsbsec->flags & SE_SBINITIALIZED)
774	return;	774	return;
775		775
776	mutex_lock(&newsbsec->lock);	776	mutex_lock(&newsbsec->lock);
777		777
778	newsbsec->flags = oldsbsec->flags;	778	newsbsec->flags = oldsbsec->flags;
779		779
780	newsbsec->sid = oldsbsec->sid;	780	newsbsec->sid = oldsbsec->sid;
781	newsbsec->def_sid = oldsbsec->def_sid;	781	newsbsec->def_sid = oldsbsec->def_sid;
782	newsbsec->behavior = oldsbsec->behavior;	782	newsbsec->behavior = oldsbsec->behavior;
783		783
784	if (set_context) {	784	if (set_context) {
785	u32 sid = oldsbsec->mntpoint_sid;	785	u32 sid = oldsbsec->mntpoint_sid;
786		786
787	if (!set_fscontext)	787	if (!set_fscontext)
788	newsbsec->sid = sid;	788	newsbsec->sid = sid;
789	if (!set_rootcontext) {	789	if (!set_rootcontext) {
790	struct inode *newinode = newsb->s_root->d_inode;	790	struct inode *newinode = newsb->s_root->d_inode;
791	struct inode_security_struct *newisec = newinode->i_security;	791	struct inode_security_struct *newisec = newinode->i_security;
792	newisec->sid = sid;	792	newisec->sid = sid;
793	}	793	}
794	newsbsec->mntpoint_sid = sid;	794	newsbsec->mntpoint_sid = sid;
795	}	795	}
796	if (set_rootcontext) {	796	if (set_rootcontext) {
797	const struct inode *oldinode = oldsb->s_root->d_inode;	797	const struct inode *oldinode = oldsb->s_root->d_inode;
798	const struct inode_security_struct *oldisec = oldinode->i_security;	798	const struct inode_security_struct *oldisec = oldinode->i_security;
799	struct inode *newinode = newsb->s_root->d_inode;	799	struct inode *newinode = newsb->s_root->d_inode;
800	struct inode_security_struct *newisec = newinode->i_security;	800	struct inode_security_struct *newisec = newinode->i_security;
801		801
802	newisec->sid = oldisec->sid;	802	newisec->sid = oldisec->sid;
803	}	803	}
804		804
805	sb_finish_set_opts(newsb);	805	sb_finish_set_opts(newsb);
806	mutex_unlock(&newsbsec->lock);	806	mutex_unlock(&newsbsec->lock);
807	}	807	}
808		808
809	static int selinux_parse_opts_str(char *options,	809	static int selinux_parse_opts_str(char *options,
810	struct security_mnt_opts *opts)	810	struct security_mnt_opts *opts)
811	{	811	{
812	char *p;	812	char *p;
813	char context = NULL, defcontext = NULL;	813	char context = NULL, defcontext = NULL;
814	char fscontext = NULL, rootcontext = NULL;	814	char fscontext = NULL, rootcontext = NULL;
815	int rc, num_mnt_opts = 0;	815	int rc, num_mnt_opts = 0;
816		816
817	opts->num_mnt_opts = 0;	817	opts->num_mnt_opts = 0;
818		818
819	/* Standard string-based options. */	819	/* Standard string-based options. */
820	while ((p = strsep(&options, "\|")) != NULL) {	820	while ((p = strsep(&options, "\|")) != NULL) {
821	int token;	821	int token;
822	substring_t args[MAX_OPT_ARGS];	822	substring_t args[MAX_OPT_ARGS];
823		823
824	if (!*p)	824	if (!*p)
825	continue;	825	continue;
826		826
827	token = match_token(p, tokens, args);	827	token = match_token(p, tokens, args);
828		828
829	switch (token) {	829	switch (token) {
830	case Opt_context:	830	case Opt_context:
831	if (context \|\| defcontext) {	831	if (context \|\| defcontext) {
832	rc = -EINVAL;	832	rc = -EINVAL;
833	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);	833	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
834	goto out_err;	834	goto out_err;
835	}	835	}
836	context = match_strdup(&args[0]);	836	context = match_strdup(&args[0]);
837	if (!context) {	837	if (!context) {
838	rc = -ENOMEM;	838	rc = -ENOMEM;
839	goto out_err;	839	goto out_err;
840	}	840	}
841	break;	841	break;
842		842
843	case Opt_fscontext:	843	case Opt_fscontext:
844	if (fscontext) {	844	if (fscontext) {
845	rc = -EINVAL;	845	rc = -EINVAL;
846	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);	846	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
847	goto out_err;	847	goto out_err;
848	}	848	}
849	fscontext = match_strdup(&args[0]);	849	fscontext = match_strdup(&args[0]);
850	if (!fscontext) {	850	if (!fscontext) {
851	rc = -ENOMEM;	851	rc = -ENOMEM;
852	goto out_err;	852	goto out_err;
853	}	853	}
854	break;	854	break;
855		855
856	case Opt_rootcontext:	856	case Opt_rootcontext:
857	if (rootcontext) {	857	if (rootcontext) {
858	rc = -EINVAL;	858	rc = -EINVAL;
859	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);	859	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
860	goto out_err;	860	goto out_err;
861	}	861	}
862	rootcontext = match_strdup(&args[0]);	862	rootcontext = match_strdup(&args[0]);
863	if (!rootcontext) {	863	if (!rootcontext) {
864	rc = -ENOMEM;	864	rc = -ENOMEM;
865	goto out_err;	865	goto out_err;
866	}	866	}
867	break;	867	break;
868		868
869	case Opt_defcontext:	869	case Opt_defcontext:
870	if (context \|\| defcontext) {	870	if (context \|\| defcontext) {
871	rc = -EINVAL;	871	rc = -EINVAL;
872	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);	872	printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
873	goto out_err;	873	goto out_err;
874	}	874	}
875	defcontext = match_strdup(&args[0]);	875	defcontext = match_strdup(&args[0]);
876	if (!defcontext) {	876	if (!defcontext) {
877	rc = -ENOMEM;	877	rc = -ENOMEM;
878	goto out_err;	878	goto out_err;
879	}	879	}
880	break;	880	break;
881	case Opt_labelsupport:	881	case Opt_labelsupport:
882	break;	882	break;
883	default:	883	default:
884	rc = -EINVAL;	884	rc = -EINVAL;
885	printk(KERN_WARNING "SELinux: unknown mount option\n");	885	printk(KERN_WARNING "SELinux: unknown mount option\n");
886	goto out_err;	886	goto out_err;
887		887
888	}	888	}
889	}	889	}
890		890
891	rc = -ENOMEM;	891	rc = -ENOMEM;
892	opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);	892	opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
893	if (!opts->mnt_opts)	893	if (!opts->mnt_opts)
894	goto out_err;	894	goto out_err;
895		895
896	opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);	896	opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
897	if (!opts->mnt_opts_flags) {	897	if (!opts->mnt_opts_flags) {
898	kfree(opts->mnt_opts);	898	kfree(opts->mnt_opts);
899	goto out_err;	899	goto out_err;
900	}	900	}
901		901
902	if (fscontext) {	902	if (fscontext) {
903	opts->mnt_opts[num_mnt_opts] = fscontext;	903	opts->mnt_opts[num_mnt_opts] = fscontext;
904	opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;	904	opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
905	}	905	}
906	if (context) {	906	if (context) {
907	opts->mnt_opts[num_mnt_opts] = context;	907	opts->mnt_opts[num_mnt_opts] = context;
908	opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;	908	opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
909	}	909	}
910	if (rootcontext) {	910	if (rootcontext) {
911	opts->mnt_opts[num_mnt_opts] = rootcontext;	911	opts->mnt_opts[num_mnt_opts] = rootcontext;
912	opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;	912	opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
913	}	913	}
914	if (defcontext) {	914	if (defcontext) {
915	opts->mnt_opts[num_mnt_opts] = defcontext;	915	opts->mnt_opts[num_mnt_opts] = defcontext;
916	opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;	916	opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
917	}	917	}
918		918
919	opts->num_mnt_opts = num_mnt_opts;	919	opts->num_mnt_opts = num_mnt_opts;
920	return 0;	920	return 0;
921		921
922	out_err:	922	out_err:
923	kfree(context);	923	kfree(context);
924	kfree(defcontext);	924	kfree(defcontext);
925	kfree(fscontext);	925	kfree(fscontext);
926	kfree(rootcontext);	926	kfree(rootcontext);
927	return rc;	927	return rc;
928	}	928	}
929	/*	929	/*
930	* string mount options parsing and call set the sbsec	930	* string mount options parsing and call set the sbsec
931	*/	931	*/
932	static int superblock_doinit(struct super_block sb, void data)	932	static int superblock_doinit(struct super_block sb, void data)
933	{	933	{
934	int rc = 0;	934	int rc = 0;
935	char *options = data;	935	char *options = data;
936	struct security_mnt_opts opts;	936	struct security_mnt_opts opts;
937		937
938	security_init_mnt_opts(&opts);	938	security_init_mnt_opts(&opts);
939		939
940	if (!data)	940	if (!data)
941	goto out;	941	goto out;
942		942
943	BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);	943	BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
944		944
945	rc = selinux_parse_opts_str(options, &opts);	945	rc = selinux_parse_opts_str(options, &opts);
946	if (rc)	946	if (rc)
947	goto out_err;	947	goto out_err;
948		948
949	out:	949	out:
950	rc = selinux_set_mnt_opts(sb, &opts);	950	rc = selinux_set_mnt_opts(sb, &opts);
951		951
952	out_err:	952	out_err:
953	security_free_mnt_opts(&opts);	953	security_free_mnt_opts(&opts);
954	return rc;	954	return rc;
955	}	955	}
956		956
957	static void selinux_write_opts(struct seq_file *m,	957	static void selinux_write_opts(struct seq_file *m,
958	struct security_mnt_opts *opts)	958	struct security_mnt_opts *opts)
959	{	959	{
960	int i;	960	int i;
961	char *prefix;	961	char *prefix;
962		962
963	for (i = 0; i < opts->num_mnt_opts; i++) {	963	for (i = 0; i < opts->num_mnt_opts; i++) {
964	char *has_comma;	964	char *has_comma;
965		965
966	if (opts->mnt_opts[i])	966	if (opts->mnt_opts[i])
967	has_comma = strchr(opts->mnt_opts[i], ',');	967	has_comma = strchr(opts->mnt_opts[i], ',');
968	else	968	else
969	has_comma = NULL;	969	has_comma = NULL;
970		970
971	switch (opts->mnt_opts_flags[i]) {	971	switch (opts->mnt_opts_flags[i]) {
972	case CONTEXT_MNT:	972	case CONTEXT_MNT:
973	prefix = CONTEXT_STR;	973	prefix = CONTEXT_STR;
974	break;	974	break;
975	case FSCONTEXT_MNT:	975	case FSCONTEXT_MNT:
976	prefix = FSCONTEXT_STR;	976	prefix = FSCONTEXT_STR;
977	break;	977	break;
978	case ROOTCONTEXT_MNT:	978	case ROOTCONTEXT_MNT:
979	prefix = ROOTCONTEXT_STR;	979	prefix = ROOTCONTEXT_STR;
980	break;	980	break;
981	case DEFCONTEXT_MNT:	981	case DEFCONTEXT_MNT:
982	prefix = DEFCONTEXT_STR;	982	prefix = DEFCONTEXT_STR;
983	break;	983	break;
984	case SE_SBLABELSUPP:	984	case SE_SBLABELSUPP:
985	seq_putc(m, ',');	985	seq_putc(m, ',');
986	seq_puts(m, LABELSUPP_STR);	986	seq_puts(m, LABELSUPP_STR);
987	continue;	987	continue;
988	default:	988	default:
989	BUG();	989	BUG();
990	};	990	};
991	/* we need a comma before each option */	991	/* we need a comma before each option */
992	seq_putc(m, ',');	992	seq_putc(m, ',');
993	seq_puts(m, prefix);	993	seq_puts(m, prefix);
994	if (has_comma)	994	if (has_comma)
995	seq_putc(m, '\"');	995	seq_putc(m, '\"');
996	seq_puts(m, opts->mnt_opts[i]);	996	seq_puts(m, opts->mnt_opts[i]);
997	if (has_comma)	997	if (has_comma)
998	seq_putc(m, '\"');	998	seq_putc(m, '\"');
999	}	999	}
1000	}	1000	}
1001		1001
1002	static int selinux_sb_show_options(struct seq_file m, struct super_block sb)	1002	static int selinux_sb_show_options(struct seq_file m, struct super_block sb)
1003	{	1003	{
1004	struct security_mnt_opts opts;	1004	struct security_mnt_opts opts;
1005	int rc;	1005	int rc;
1006		1006
1007	rc = selinux_get_mnt_opts(sb, &opts);	1007	rc = selinux_get_mnt_opts(sb, &opts);
1008	if (rc) {	1008	if (rc) {
1009	/* before policy load we may get EINVAL, don't show anything */	1009	/* before policy load we may get EINVAL, don't show anything */
1010	if (rc == -EINVAL)	1010	if (rc == -EINVAL)
1011	rc = 0;	1011	rc = 0;
1012	return rc;	1012	return rc;
1013	}	1013	}
1014		1014
1015	selinux_write_opts(m, &opts);	1015	selinux_write_opts(m, &opts);
1016		1016
1017	security_free_mnt_opts(&opts);	1017	security_free_mnt_opts(&opts);
1018		1018
1019	return rc;	1019	return rc;
1020	}	1020	}
1021		1021
1022	static inline u16 inode_mode_to_security_class(umode_t mode)	1022	static inline u16 inode_mode_to_security_class(umode_t mode)
1023	{	1023	{
1024	switch (mode & S_IFMT) {	1024	switch (mode & S_IFMT) {
1025	case S_IFSOCK:	1025	case S_IFSOCK:
1026	return SECCLASS_SOCK_FILE;	1026	return SECCLASS_SOCK_FILE;
1027	case S_IFLNK:	1027	case S_IFLNK:
1028	return SECCLASS_LNK_FILE;	1028	return SECCLASS_LNK_FILE;
1029	case S_IFREG:	1029	case S_IFREG:
1030	return SECCLASS_FILE;	1030	return SECCLASS_FILE;
1031	case S_IFBLK:	1031	case S_IFBLK:
1032	return SECCLASS_BLK_FILE;	1032	return SECCLASS_BLK_FILE;
1033	case S_IFDIR:	1033	case S_IFDIR:
1034	return SECCLASS_DIR;	1034	return SECCLASS_DIR;
1035	case S_IFCHR:	1035	case S_IFCHR:
1036	return SECCLASS_CHR_FILE;	1036	return SECCLASS_CHR_FILE;
1037	case S_IFIFO:	1037	case S_IFIFO:
1038	return SECCLASS_FIFO_FILE;	1038	return SECCLASS_FIFO_FILE;
1039		1039
1040	}	1040	}
1041		1041
1042	return SECCLASS_FILE;	1042	return SECCLASS_FILE;
1043	}	1043	}
1044		1044
1045	static inline int default_protocol_stream(int protocol)	1045	static inline int default_protocol_stream(int protocol)
1046	{	1046	{
1047	return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_TCP);	1047	return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_TCP);
1048	}	1048	}
1049		1049
1050	static inline int default_protocol_dgram(int protocol)	1050	static inline int default_protocol_dgram(int protocol)
1051	{	1051	{
1052	return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_UDP);	1052	return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_UDP);
1053	}	1053	}
1054		1054
1055	static inline u16 socket_type_to_security_class(int family, int type, int protocol)	1055	static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1056	{	1056	{
1057	switch (family) {	1057	switch (family) {
1058	case PF_UNIX:	1058	case PF_UNIX:
1059	switch (type) {	1059	switch (type) {
1060	case SOCK_STREAM:	1060	case SOCK_STREAM:
1061	case SOCK_SEQPACKET:	1061	case SOCK_SEQPACKET:
1062	return SECCLASS_UNIX_STREAM_SOCKET;	1062	return SECCLASS_UNIX_STREAM_SOCKET;
1063	case SOCK_DGRAM:	1063	case SOCK_DGRAM:
1064	return SECCLASS_UNIX_DGRAM_SOCKET;	1064	return SECCLASS_UNIX_DGRAM_SOCKET;
1065	}	1065	}
1066	break;	1066	break;
1067	case PF_INET:	1067	case PF_INET:
1068	case PF_INET6:	1068	case PF_INET6:
1069	switch (type) {	1069	switch (type) {
1070	case SOCK_STREAM:	1070	case SOCK_STREAM:
1071	if (default_protocol_stream(protocol))	1071	if (default_protocol_stream(protocol))
1072	return SECCLASS_TCP_SOCKET;	1072	return SECCLASS_TCP_SOCKET;
1073	else	1073	else
1074	return SECCLASS_RAWIP_SOCKET;	1074	return SECCLASS_RAWIP_SOCKET;
1075	case SOCK_DGRAM:	1075	case SOCK_DGRAM:
1076	if (default_protocol_dgram(protocol))	1076	if (default_protocol_dgram(protocol))
1077	return SECCLASS_UDP_SOCKET;	1077	return SECCLASS_UDP_SOCKET;
1078	else	1078	else
1079	return SECCLASS_RAWIP_SOCKET;	1079	return SECCLASS_RAWIP_SOCKET;
1080	case SOCK_DCCP:	1080	case SOCK_DCCP:
1081	return SECCLASS_DCCP_SOCKET;	1081	return SECCLASS_DCCP_SOCKET;
1082	default:	1082	default:
1083	return SECCLASS_RAWIP_SOCKET;	1083	return SECCLASS_RAWIP_SOCKET;
1084	}	1084	}
1085	break;	1085	break;
1086	case PF_NETLINK:	1086	case PF_NETLINK:
1087	switch (protocol) {	1087	switch (protocol) {
1088	case NETLINK_ROUTE:	1088	case NETLINK_ROUTE:
1089	return SECCLASS_NETLINK_ROUTE_SOCKET;	1089	return SECCLASS_NETLINK_ROUTE_SOCKET;
1090	case NETLINK_FIREWALL:	1090	case NETLINK_FIREWALL:
1091	return SECCLASS_NETLINK_FIREWALL_SOCKET;	1091	return SECCLASS_NETLINK_FIREWALL_SOCKET;
1092	case NETLINK_INET_DIAG:	1092	case NETLINK_INET_DIAG:
1093	return SECCLASS_NETLINK_TCPDIAG_SOCKET;	1093	return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1094	case NETLINK_NFLOG:	1094	case NETLINK_NFLOG:
1095	return SECCLASS_NETLINK_NFLOG_SOCKET;	1095	return SECCLASS_NETLINK_NFLOG_SOCKET;
1096	case NETLINK_XFRM:	1096	case NETLINK_XFRM:
1097	return SECCLASS_NETLINK_XFRM_SOCKET;	1097	return SECCLASS_NETLINK_XFRM_SOCKET;
1098	case NETLINK_SELINUX:	1098	case NETLINK_SELINUX:
1099	return SECCLASS_NETLINK_SELINUX_SOCKET;	1099	return SECCLASS_NETLINK_SELINUX_SOCKET;
1100	case NETLINK_AUDIT:	1100	case NETLINK_AUDIT:
1101	return SECCLASS_NETLINK_AUDIT_SOCKET;	1101	return SECCLASS_NETLINK_AUDIT_SOCKET;
1102	case NETLINK_IP6_FW:	1102	case NETLINK_IP6_FW:
1103	return SECCLASS_NETLINK_IP6FW_SOCKET;	1103	return SECCLASS_NETLINK_IP6FW_SOCKET;
1104	case NETLINK_DNRTMSG:	1104	case NETLINK_DNRTMSG:
1105	return SECCLASS_NETLINK_DNRT_SOCKET;	1105	return SECCLASS_NETLINK_DNRT_SOCKET;
1106	case NETLINK_KOBJECT_UEVENT:	1106	case NETLINK_KOBJECT_UEVENT:
1107	return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;	1107	return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1108	default:	1108	default:
1109	return SECCLASS_NETLINK_SOCKET;	1109	return SECCLASS_NETLINK_SOCKET;
1110	}	1110	}
1111	case PF_PACKET:	1111	case PF_PACKET:
1112	return SECCLASS_PACKET_SOCKET;	1112	return SECCLASS_PACKET_SOCKET;
1113	case PF_KEY:	1113	case PF_KEY:
1114	return SECCLASS_KEY_SOCKET;	1114	return SECCLASS_KEY_SOCKET;
1115	case PF_APPLETALK:	1115	case PF_APPLETALK:
1116	return SECCLASS_APPLETALK_SOCKET;	1116	return SECCLASS_APPLETALK_SOCKET;
1117	}	1117	}
1118		1118
1119	return SECCLASS_SOCKET;	1119	return SECCLASS_SOCKET;
1120	}	1120	}
1121		1121
1122	#ifdef CONFIG_PROC_FS	1122	#ifdef CONFIG_PROC_FS
1123	static int selinux_proc_get_sid(struct proc_dir_entry *de,	1123	static int selinux_proc_get_sid(struct proc_dir_entry *de,
1124	u16 tclass,	1124	u16 tclass,
1125	u32 *sid)	1125	u32 *sid)
1126	{	1126	{
1127	int buflen, rc;	1127	int buflen, rc;
1128	char buffer, path, *end;	1128	char buffer, path, *end;
1129		1129
1130	buffer = (char *)__get_free_page(GFP_KERNEL);	1130	buffer = (char *)__get_free_page(GFP_KERNEL);
1131	if (!buffer)	1131	if (!buffer)
1132	return -ENOMEM;	1132	return -ENOMEM;
1133		1133
1134	buflen = PAGE_SIZE;	1134	buflen = PAGE_SIZE;
1135	end = buffer+buflen;	1135	end = buffer+buflen;
1136	*--end = '\0';	1136	*--end = '\0';
1137	buflen--;	1137	buflen--;
1138	path = end-1;	1138	path = end-1;
1139	*path = '/';	1139	*path = '/';
1140	while (de && de != de->parent) {	1140	while (de && de != de->parent) {
1141	buflen -= de->namelen + 1;	1141	buflen -= de->namelen + 1;
1142	if (buflen < 0)	1142	if (buflen < 0)
1143	break;	1143	break;
1144	end -= de->namelen;	1144	end -= de->namelen;
1145	memcpy(end, de->name, de->namelen);	1145	memcpy(end, de->name, de->namelen);
1146	*--end = '/';	1146	*--end = '/';
1147	path = end;	1147	path = end;
1148	de = de->parent;	1148	de = de->parent;
1149	}	1149	}
1150	rc = security_genfs_sid("proc", path, tclass, sid);	1150	rc = security_genfs_sid("proc", path, tclass, sid);
1151	free_page((unsigned long)buffer);	1151	free_page((unsigned long)buffer);
1152	return rc;	1152	return rc;
1153	}	1153	}
1154	#else	1154	#else
1155	static int selinux_proc_get_sid(struct proc_dir_entry *de,	1155	static int selinux_proc_get_sid(struct proc_dir_entry *de,
1156	u16 tclass,	1156	u16 tclass,
1157	u32 *sid)	1157	u32 *sid)
1158	{	1158	{
1159	return -EINVAL;	1159	return -EINVAL;
1160	}	1160	}
1161	#endif	1161	#endif
1162		1162
1163	/* The inode's security attributes must be initialized before first use. */	1163	/* The inode's security attributes must be initialized before first use. */
1164	static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry)	1164	static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry)
1165	{	1165	{
1166	struct superblock_security_struct *sbsec = NULL;	1166	struct superblock_security_struct *sbsec = NULL;
1167	struct inode_security_struct *isec = inode->i_security;	1167	struct inode_security_struct *isec = inode->i_security;
1168	u32 sid;	1168	u32 sid;
1169	struct dentry *dentry;	1169	struct dentry *dentry;
1170	#define INITCONTEXTLEN 255	1170	#define INITCONTEXTLEN 255
1171	char *context = NULL;	1171	char *context = NULL;
1172	unsigned len = 0;	1172	unsigned len = 0;
1173	int rc = 0;	1173	int rc = 0;
1174		1174
1175	if (isec->initialized)	1175	if (isec->initialized)
1176	goto out;	1176	goto out;
1177		1177
1178	mutex_lock(&isec->lock);	1178	mutex_lock(&isec->lock);
1179	if (isec->initialized)	1179	if (isec->initialized)
1180	goto out_unlock;	1180	goto out_unlock;
1181		1181
1182	sbsec = inode->i_sb->s_security;	1182	sbsec = inode->i_sb->s_security;
1183	if (!(sbsec->flags & SE_SBINITIALIZED)) {	1183	if (!(sbsec->flags & SE_SBINITIALIZED)) {
1184	/* Defer initialization until selinux_complete_init,	1184	/* Defer initialization until selinux_complete_init,
1185	after the initial policy is loaded and the security	1185	after the initial policy is loaded and the security
1186	server is ready to handle calls. */	1186	server is ready to handle calls. */
1187	spin_lock(&sbsec->isec_lock);	1187	spin_lock(&sbsec->isec_lock);
1188	if (list_empty(&isec->list))	1188	if (list_empty(&isec->list))
1189	list_add(&isec->list, &sbsec->isec_head);	1189	list_add(&isec->list, &sbsec->isec_head);
1190	spin_unlock(&sbsec->isec_lock);	1190	spin_unlock(&sbsec->isec_lock);
1191	goto out_unlock;	1191	goto out_unlock;
1192	}	1192	}
1193		1193
1194	switch (sbsec->behavior) {	1194	switch (sbsec->behavior) {
1195	case SECURITY_FS_USE_XATTR:	1195	case SECURITY_FS_USE_XATTR:
1196	if (!inode->i_op->getxattr) {	1196	if (!inode->i_op->getxattr) {
1197	isec->sid = sbsec->def_sid;	1197	isec->sid = sbsec->def_sid;
1198	break;	1198	break;
1199	}	1199	}
1200		1200
1201	/* Need a dentry, since the xattr API requires one.	1201	/* Need a dentry, since the xattr API requires one.
1202	Life would be simpler if we could just pass the inode. */	1202	Life would be simpler if we could just pass the inode. */
1203	if (opt_dentry) {	1203	if (opt_dentry) {
1204	/* Called from d_instantiate or d_splice_alias. */	1204	/* Called from d_instantiate or d_splice_alias. */
1205	dentry = dget(opt_dentry);	1205	dentry = dget(opt_dentry);
1206	} else {	1206	} else {
1207	/* Called from selinux_complete_init, try to find a dentry. */	1207	/* Called from selinux_complete_init, try to find a dentry. */
1208	dentry = d_find_alias(inode);	1208	dentry = d_find_alias(inode);
1209	}	1209	}
1210	if (!dentry) {	1210	if (!dentry) {
1211	/*	1211	/*
1212	* this is can be hit on boot when a file is accessed	1212	* this is can be hit on boot when a file is accessed
1213	* before the policy is loaded. When we load policy we	1213	* before the policy is loaded. When we load policy we
1214	* may find inodes that have no dentry on the	1214	* may find inodes that have no dentry on the
1215	* sbsec->isec_head list. No reason to complain as these	1215	* sbsec->isec_head list. No reason to complain as these
1216	* will get fixed up the next time we go through	1216	* will get fixed up the next time we go through
1217	* inode_doinit with a dentry, before these inodes could	1217	* inode_doinit with a dentry, before these inodes could
1218	* be used again by userspace.	1218	* be used again by userspace.
1219	*/	1219	*/
1220	goto out_unlock;	1220	goto out_unlock;
1221	}	1221	}
1222		1222
1223	len = INITCONTEXTLEN;	1223	len = INITCONTEXTLEN;
1224	context = kmalloc(len+1, GFP_NOFS);	1224	context = kmalloc(len+1, GFP_NOFS);
1225	if (!context) {	1225	if (!context) {
1226	rc = -ENOMEM;	1226	rc = -ENOMEM;
1227	dput(dentry);	1227	dput(dentry);
1228	goto out_unlock;	1228	goto out_unlock;
1229	}	1229	}
1230	context[len] = '\0';	1230	context[len] = '\0';
1231	rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,	1231	rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1232	context, len);	1232	context, len);
1233	if (rc == -ERANGE) {	1233	if (rc == -ERANGE) {
1234	kfree(context);	1234	kfree(context);
1235		1235
1236	/* Need a larger buffer. Query for the right size. */	1236	/* Need a larger buffer. Query for the right size. */
1237	rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,	1237	rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1238	NULL, 0);	1238	NULL, 0);
1239	if (rc < 0) {	1239	if (rc < 0) {
1240	dput(dentry);	1240	dput(dentry);
1241	goto out_unlock;	1241	goto out_unlock;
1242	}	1242	}
1243	len = rc;	1243	len = rc;
1244	context = kmalloc(len+1, GFP_NOFS);	1244	context = kmalloc(len+1, GFP_NOFS);
1245	if (!context) {	1245	if (!context) {
1246	rc = -ENOMEM;	1246	rc = -ENOMEM;
1247	dput(dentry);	1247	dput(dentry);
1248	goto out_unlock;	1248	goto out_unlock;
1249	}	1249	}
1250	context[len] = '\0';	1250	context[len] = '\0';
1251	rc = inode->i_op->getxattr(dentry,	1251	rc = inode->i_op->getxattr(dentry,
1252	XATTR_NAME_SELINUX,	1252	XATTR_NAME_SELINUX,
1253	context, len);	1253	context, len);
1254	}	1254	}
1255	dput(dentry);	1255	dput(dentry);
1256	if (rc < 0) {	1256	if (rc < 0) {
1257	if (rc != -ENODATA) {	1257	if (rc != -ENODATA) {
1258	printk(KERN_WARNING "SELinux: %s: getxattr returned "	1258	printk(KERN_WARNING "SELinux: %s: getxattr returned "
1259	"%d for dev=%s ino=%ld\n", __func__,	1259	"%d for dev=%s ino=%ld\n", __func__,
1260	-rc, inode->i_sb->s_id, inode->i_ino);	1260	-rc, inode->i_sb->s_id, inode->i_ino);
1261	kfree(context);	1261	kfree(context);
1262	goto out_unlock;	1262	goto out_unlock;
1263	}	1263	}
1264	/* Map ENODATA to the default file SID */	1264	/* Map ENODATA to the default file SID */
1265	sid = sbsec->def_sid;	1265	sid = sbsec->def_sid;
1266	rc = 0;	1266	rc = 0;
1267	} else {	1267	} else {
1268	rc = security_context_to_sid_default(context, rc, &sid,	1268	rc = security_context_to_sid_default(context, rc, &sid,
1269	sbsec->def_sid,	1269	sbsec->def_sid,
1270	GFP_NOFS);	1270	GFP_NOFS);
1271	if (rc) {	1271	if (rc) {
1272	char *dev = inode->i_sb->s_id;	1272	char *dev = inode->i_sb->s_id;
1273	unsigned long ino = inode->i_ino;	1273	unsigned long ino = inode->i_ino;
1274		1274
1275	if (rc == -EINVAL) {	1275	if (rc == -EINVAL) {
1276	if (printk_ratelimit())	1276	if (printk_ratelimit())
1277	printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "	1277	printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1278	"context=%s. This indicates you may need to relabel the inode or the "	1278	"context=%s. This indicates you may need to relabel the inode or the "
1279	"filesystem in question.\n", ino, dev, context);	1279	"filesystem in question.\n", ino, dev, context);
1280	} else {	1280	} else {
1281	printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "	1281	printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1282	"returned %d for dev=%s ino=%ld\n",	1282	"returned %d for dev=%s ino=%ld\n",
1283	__func__, context, -rc, dev, ino);	1283	__func__, context, -rc, dev, ino);
1284	}	1284	}
1285	kfree(context);	1285	kfree(context);
1286	/* Leave with the unlabeled SID */	1286	/* Leave with the unlabeled SID */
1287	rc = 0;	1287	rc = 0;
1288	break;	1288	break;
1289	}	1289	}
1290	}	1290	}
1291	kfree(context);	1291	kfree(context);
1292	isec->sid = sid;	1292	isec->sid = sid;
1293	break;	1293	break;
1294	case SECURITY_FS_USE_TASK:	1294	case SECURITY_FS_USE_TASK:
1295	isec->sid = isec->task_sid;	1295	isec->sid = isec->task_sid;
1296	break;	1296	break;
1297	case SECURITY_FS_USE_TRANS:	1297	case SECURITY_FS_USE_TRANS:
1298	/* Default to the fs SID. */	1298	/* Default to the fs SID. */
1299	isec->sid = sbsec->sid;	1299	isec->sid = sbsec->sid;
1300		1300
1301	/* Try to obtain a transition SID. */	1301	/* Try to obtain a transition SID. */
1302	isec->sclass = inode_mode_to_security_class(inode->i_mode);	1302	isec->sclass = inode_mode_to_security_class(inode->i_mode);
1303	rc = security_transition_sid(isec->task_sid,	1303	rc = security_transition_sid(isec->task_sid,
1304	sbsec->sid,	1304	sbsec->sid,
1305	isec->sclass,	1305	isec->sclass,
1306	&sid);	1306	&sid);
1307	if (rc)	1307	if (rc)
1308	goto out_unlock;	1308	goto out_unlock;
1309	isec->sid = sid;	1309	isec->sid = sid;
1310	break;	1310	break;
1311	case SECURITY_FS_USE_MNTPOINT:	1311	case SECURITY_FS_USE_MNTPOINT:
1312	isec->sid = sbsec->mntpoint_sid;	1312	isec->sid = sbsec->mntpoint_sid;
1313	break;	1313	break;
1314	default:	1314	default:
1315	/* Default to the fs superblock SID. */	1315	/* Default to the fs superblock SID. */
1316	isec->sid = sbsec->sid;	1316	isec->sid = sbsec->sid;
1317		1317
1318	if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {	1318	if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1319	struct proc_inode *proci = PROC_I(inode);	1319	struct proc_inode *proci = PROC_I(inode);
1320	if (proci->pde) {	1320	if (proci->pde) {
1321	isec->sclass = inode_mode_to_security_class(inode->i_mode);	1321	isec->sclass = inode_mode_to_security_class(inode->i_mode);
1322	rc = selinux_proc_get_sid(proci->pde,	1322	rc = selinux_proc_get_sid(proci->pde,
1323	isec->sclass,	1323	isec->sclass,
1324	&sid);	1324	&sid);
1325	if (rc)	1325	if (rc)
1326	goto out_unlock;	1326	goto out_unlock;
1327	isec->sid = sid;	1327	isec->sid = sid;
1328	}	1328	}
1329	}	1329	}
1330	break;	1330	break;
1331	}	1331	}
1332		1332
1333	isec->initialized = 1;	1333	isec->initialized = 1;
1334		1334
1335	out_unlock:	1335	out_unlock:
1336	mutex_unlock(&isec->lock);	1336	mutex_unlock(&isec->lock);
1337	out:	1337	out:
1338	if (isec->sclass == SECCLASS_FILE)	1338	if (isec->sclass == SECCLASS_FILE)
1339	isec->sclass = inode_mode_to_security_class(inode->i_mode);	1339	isec->sclass = inode_mode_to_security_class(inode->i_mode);
1340	return rc;	1340	return rc;
1341	}	1341	}
1342		1342
1343	/* Convert a Linux signal to an access vector. */	1343	/* Convert a Linux signal to an access vector. */
1344	static inline u32 signal_to_av(int sig)	1344	static inline u32 signal_to_av(int sig)
1345	{	1345	{
1346	u32 perm = 0;	1346	u32 perm = 0;
1347		1347
1348	switch (sig) {	1348	switch (sig) {
1349	case SIGCHLD:	1349	case SIGCHLD:
1350	/* Commonly granted from child to parent. */	1350	/* Commonly granted from child to parent. */
1351	perm = PROCESS__SIGCHLD;	1351	perm = PROCESS__SIGCHLD;
1352	break;	1352	break;
1353	case SIGKILL:	1353	case SIGKILL:
1354	/* Cannot be caught or ignored */	1354	/* Cannot be caught or ignored */
1355	perm = PROCESS__SIGKILL;	1355	perm = PROCESS__SIGKILL;
1356	break;	1356	break;
1357	case SIGSTOP:	1357	case SIGSTOP:
1358	/* Cannot be caught or ignored */	1358	/* Cannot be caught or ignored */
1359	perm = PROCESS__SIGSTOP;	1359	perm = PROCESS__SIGSTOP;
1360	break;	1360	break;
1361	default:	1361	default:
1362	/* All other signals. */	1362	/* All other signals. */
1363	perm = PROCESS__SIGNAL;	1363	perm = PROCESS__SIGNAL;
1364	break;	1364	break;
1365	}	1365	}
1366		1366
1367	return perm;	1367	return perm;
1368	}	1368	}
1369		1369
1370	/*	1370	/*
1371	* Check permission between a pair of credentials	1371	* Check permission between a pair of credentials
1372	* fork check, ptrace check, etc.	1372	* fork check, ptrace check, etc.
1373	*/	1373	*/
1374	static int cred_has_perm(const struct cred *actor,	1374	static int cred_has_perm(const struct cred *actor,
1375	const struct cred *target,	1375	const struct cred *target,
1376	u32 perms)	1376	u32 perms)
1377	{	1377	{
1378	u32 asid = cred_sid(actor), tsid = cred_sid(target);	1378	u32 asid = cred_sid(actor), tsid = cred_sid(target);
1379		1379
1380	return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);	1380	return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1381	}	1381	}
1382		1382
1383	/*	1383	/*
1384	* Check permission between a pair of tasks, e.g. signal checks,	1384	* Check permission between a pair of tasks, e.g. signal checks,
1385	* fork check, ptrace check, etc.	1385	* fork check, ptrace check, etc.
1386	* tsk1 is the actor and tsk2 is the target	1386	* tsk1 is the actor and tsk2 is the target
1387	* - this uses the default subjective creds of tsk1	1387	* - this uses the default subjective creds of tsk1
1388	*/	1388	*/
1389	static int task_has_perm(const struct task_struct *tsk1,	1389	static int task_has_perm(const struct task_struct *tsk1,
1390	const struct task_struct *tsk2,	1390	const struct task_struct *tsk2,
1391	u32 perms)	1391	u32 perms)
1392	{	1392	{
1393	const struct task_security_struct __tsec1, __tsec2;	1393	const struct task_security_struct __tsec1, __tsec2;
1394	u32 sid1, sid2;	1394	u32 sid1, sid2;
1395		1395
1396	rcu_read_lock();	1396	rcu_read_lock();
1397	__tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;	1397	__tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1398	__tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;	1398	__tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1399	rcu_read_unlock();	1399	rcu_read_unlock();
1400	return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);	1400	return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1401	}	1401	}
1402		1402
1403	/*	1403	/*
1404	* Check permission between current and another task, e.g. signal checks,	1404	* Check permission between current and another task, e.g. signal checks,
1405	* fork check, ptrace check, etc.	1405	* fork check, ptrace check, etc.
1406	* current is the actor and tsk2 is the target	1406	* current is the actor and tsk2 is the target
1407	* - this uses current's subjective creds	1407	* - this uses current's subjective creds
1408	*/	1408	*/
1409	static int current_has_perm(const struct task_struct *tsk,	1409	static int current_has_perm(const struct task_struct *tsk,
1410	u32 perms)	1410	u32 perms)
1411	{	1411	{
1412	u32 sid, tsid;	1412	u32 sid, tsid;
1413		1413
1414	sid = current_sid();	1414	sid = current_sid();
1415	tsid = task_sid(tsk);	1415	tsid = task_sid(tsk);
1416	return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);	1416	return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1417	}	1417	}
1418		1418
1419	#if CAP_LAST_CAP > 63	1419	#if CAP_LAST_CAP > 63
1420	#error Fix SELinux to handle capabilities > 63.	1420	#error Fix SELinux to handle capabilities > 63.
1421	#endif	1421	#endif
1422		1422
1423	/* Check whether a task is allowed to use a capability. */	1423	/* Check whether a task is allowed to use a capability. */
1424	static int task_has_capability(struct task_struct *tsk,	1424	static int task_has_capability(struct task_struct *tsk,
1425	const struct cred *cred,	1425	const struct cred *cred,
1426	int cap, int audit)	1426	int cap, int audit)
1427	{	1427	{
1428	struct common_audit_data ad;	1428	struct common_audit_data ad;
1429	struct av_decision avd;	1429	struct av_decision avd;
1430	u16 sclass;	1430	u16 sclass;
1431	u32 sid = cred_sid(cred);	1431	u32 sid = cred_sid(cred);
1432	u32 av = CAP_TO_MASK(cap);	1432	u32 av = CAP_TO_MASK(cap);
1433	int rc;	1433	int rc;
1434		1434
1435	COMMON_AUDIT_DATA_INIT(&ad, CAP);	1435	COMMON_AUDIT_DATA_INIT(&ad, CAP);
1436	ad.tsk = tsk;	1436	ad.tsk = tsk;
1437	ad.u.cap = cap;	1437	ad.u.cap = cap;
1438		1438
1439	switch (CAP_TO_INDEX(cap)) {	1439	switch (CAP_TO_INDEX(cap)) {
1440	case 0:	1440	case 0:
1441	sclass = SECCLASS_CAPABILITY;	1441	sclass = SECCLASS_CAPABILITY;
1442	break;	1442	break;
1443	case 1:	1443	case 1:
1444	sclass = SECCLASS_CAPABILITY2;	1444	sclass = SECCLASS_CAPABILITY2;
1445	break;	1445	break;
1446	default:	1446	default:
1447	printk(KERN_ERR	1447	printk(KERN_ERR
1448	"SELinux: out of range capability %d\n", cap);	1448	"SELinux: out of range capability %d\n", cap);
1449	BUG();	1449	BUG();
1450	}	1450	}
1451		1451
1452	rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);	1452	rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1453	if (audit == SECURITY_CAP_AUDIT)	1453	if (audit == SECURITY_CAP_AUDIT)
1454	avc_audit(sid, sid, sclass, av, &avd, rc, &ad);	1454	avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1455	return rc;	1455	return rc;
1456	}	1456	}
1457		1457
1458	/* Check whether a task is allowed to use a system operation. */	1458	/* Check whether a task is allowed to use a system operation. */
1459	static int task_has_system(struct task_struct *tsk,	1459	static int task_has_system(struct task_struct *tsk,
1460	u32 perms)	1460	u32 perms)
1461	{	1461	{
1462	u32 sid = task_sid(tsk);	1462	u32 sid = task_sid(tsk);
1463		1463
1464	return avc_has_perm(sid, SECINITSID_KERNEL,	1464	return avc_has_perm(sid, SECINITSID_KERNEL,
1465	SECCLASS_SYSTEM, perms, NULL);	1465	SECCLASS_SYSTEM, perms, NULL);
1466	}	1466	}
1467		1467
1468	/* Check whether a task has a particular permission to an inode.	1468	/* Check whether a task has a particular permission to an inode.
1469	The 'adp' parameter is optional and allows other audit	1469	The 'adp' parameter is optional and allows other audit
1470	data to be passed (e.g. the dentry). */	1470	data to be passed (e.g. the dentry). */
1471	static int inode_has_perm(const struct cred *cred,	1471	static int inode_has_perm(const struct cred *cred,
1472	struct inode *inode,	1472	struct inode *inode,
1473	u32 perms,	1473	u32 perms,
1474	struct common_audit_data *adp)	1474	struct common_audit_data *adp)
1475	{	1475	{
1476	struct inode_security_struct *isec;	1476	struct inode_security_struct *isec;
1477	struct common_audit_data ad;	1477	struct common_audit_data ad;
1478	u32 sid;	1478	u32 sid;
1479		1479
1480	validate_creds(cred);	1480	validate_creds(cred);
1481		1481
1482	if (unlikely(IS_PRIVATE(inode)))	1482	if (unlikely(IS_PRIVATE(inode)))
1483	return 0;	1483	return 0;
1484		1484
1485	sid = cred_sid(cred);	1485	sid = cred_sid(cred);
1486	isec = inode->i_security;	1486	isec = inode->i_security;
1487		1487
1488	if (!adp) {	1488	if (!adp) {
1489	adp = &ad;	1489	adp = &ad;
1490	COMMON_AUDIT_DATA_INIT(&ad, FS);	1490	COMMON_AUDIT_DATA_INIT(&ad, FS);
1491	ad.u.fs.inode = inode;	1491	ad.u.fs.inode = inode;
1492	}	1492	}
1493		1493
1494	return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);	1494	return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1495	}	1495	}
1496		1496
1497	/* Same as inode_has_perm, but pass explicit audit data containing	1497	/* Same as inode_has_perm, but pass explicit audit data containing
1498	the dentry to help the auditing code to more easily generate the	1498	the dentry to help the auditing code to more easily generate the
1499	pathname if needed. */	1499	pathname if needed. */
1500	static inline int dentry_has_perm(const struct cred *cred,	1500	static inline int dentry_has_perm(const struct cred *cred,
1501	struct vfsmount *mnt,	1501	struct vfsmount *mnt,
1502	struct dentry *dentry,	1502	struct dentry *dentry,
1503	u32 av)	1503	u32 av)
1504	{	1504	{
1505	struct inode *inode = dentry->d_inode;	1505	struct inode *inode = dentry->d_inode;
1506	struct common_audit_data ad;	1506	struct common_audit_data ad;
1507		1507
1508	COMMON_AUDIT_DATA_INIT(&ad, FS);	1508	COMMON_AUDIT_DATA_INIT(&ad, FS);
1509	ad.u.fs.path.mnt = mnt;	1509	ad.u.fs.path.mnt = mnt;
1510	ad.u.fs.path.dentry = dentry;	1510	ad.u.fs.path.dentry = dentry;
1511	return inode_has_perm(cred, inode, av, &ad);	1511	return inode_has_perm(cred, inode, av, &ad);
1512	}	1512	}
1513		1513
1514	/* Check whether a task can use an open file descriptor to	1514	/* Check whether a task can use an open file descriptor to
1515	access an inode in a given way. Check access to the	1515	access an inode in a given way. Check access to the
1516	descriptor itself, and then use dentry_has_perm to	1516	descriptor itself, and then use dentry_has_perm to
1517	check a particular permission to the file.	1517	check a particular permission to the file.
1518	Access to the descriptor is implicitly granted if it	1518	Access to the descriptor is implicitly granted if it
1519	has the same SID as the process. If av is zero, then	1519	has the same SID as the process. If av is zero, then
1520	access to the file is not checked, e.g. for cases	1520	access to the file is not checked, e.g. for cases
1521	where only the descriptor is affected like seek. */	1521	where only the descriptor is affected like seek. */
1522	static int file_has_perm(const struct cred *cred,	1522	static int file_has_perm(const struct cred *cred,
1523	struct file *file,	1523	struct file *file,
1524	u32 av)	1524	u32 av)
1525	{	1525	{
1526	struct file_security_struct *fsec = file->f_security;	1526	struct file_security_struct *fsec = file->f_security;
1527	struct inode *inode = file->f_path.dentry->d_inode;	1527	struct inode *inode = file->f_path.dentry->d_inode;
1528	struct common_audit_data ad;	1528	struct common_audit_data ad;
1529	u32 sid = cred_sid(cred);	1529	u32 sid = cred_sid(cred);
1530	int rc;	1530	int rc;
1531		1531
1532	COMMON_AUDIT_DATA_INIT(&ad, FS);	1532	COMMON_AUDIT_DATA_INIT(&ad, FS);
1533	ad.u.fs.path = file->f_path;	1533	ad.u.fs.path = file->f_path;
1534		1534
1535	if (sid != fsec->sid) {	1535	if (sid != fsec->sid) {
1536	rc = avc_has_perm(sid, fsec->sid,	1536	rc = avc_has_perm(sid, fsec->sid,
1537	SECCLASS_FD,	1537	SECCLASS_FD,
1538	FD__USE,	1538	FD__USE,
1539	&ad);	1539	&ad);
1540	if (rc)	1540	if (rc)
1541	goto out;	1541	goto out;
1542	}	1542	}
1543		1543
1544	/* av is zero if only checking access to the descriptor. */	1544	/* av is zero if only checking access to the descriptor. */
1545	rc = 0;	1545	rc = 0;
1546	if (av)	1546	if (av)
1547	rc = inode_has_perm(cred, inode, av, &ad);	1547	rc = inode_has_perm(cred, inode, av, &ad);
1548		1548
1549	out:	1549	out:
1550	return rc;	1550	return rc;
1551	}	1551	}
1552		1552
1553	/* Check whether a task can create a file. */	1553	/* Check whether a task can create a file. */
1554	static int may_create(struct inode *dir,	1554	static int may_create(struct inode *dir,
1555	struct dentry *dentry,	1555	struct dentry *dentry,
1556	u16 tclass)	1556	u16 tclass)
1557	{	1557	{
1558	const struct task_security_struct *tsec = current_security();	1558	const struct task_security_struct *tsec = current_security();
1559	struct inode_security_struct *dsec;	1559	struct inode_security_struct *dsec;
1560	struct superblock_security_struct *sbsec;	1560	struct superblock_security_struct *sbsec;
1561	u32 sid, newsid;	1561	u32 sid, newsid;
1562	struct common_audit_data ad;	1562	struct common_audit_data ad;
1563	int rc;	1563	int rc;
1564		1564
1565	dsec = dir->i_security;	1565	dsec = dir->i_security;
1566	sbsec = dir->i_sb->s_security;	1566	sbsec = dir->i_sb->s_security;
1567		1567
1568	sid = tsec->sid;	1568	sid = tsec->sid;
1569	newsid = tsec->create_sid;	1569	newsid = tsec->create_sid;
1570		1570
1571	COMMON_AUDIT_DATA_INIT(&ad, FS);	1571	COMMON_AUDIT_DATA_INIT(&ad, FS);
1572	ad.u.fs.path.dentry = dentry;	1572	ad.u.fs.path.dentry = dentry;
1573		1573
1574	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,	1574	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1575	DIR__ADD_NAME \| DIR__SEARCH,	1575	DIR__ADD_NAME \| DIR__SEARCH,
1576	&ad);	1576	&ad);
1577	if (rc)	1577	if (rc)
1578	return rc;	1578	return rc;
1579		1579
1580	if (!newsid \|\| !(sbsec->flags & SE_SBLABELSUPP)) {	1580	if (!newsid \|\| !(sbsec->flags & SE_SBLABELSUPP)) {
1581	rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);	1581	rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1582	if (rc)	1582	if (rc)
1583	return rc;	1583	return rc;
1584	}	1584	}
1585		1585
1586	rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);	1586	rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1587	if (rc)	1587	if (rc)
1588	return rc;	1588	return rc;
1589		1589
1590	return avc_has_perm(newsid, sbsec->sid,	1590	return avc_has_perm(newsid, sbsec->sid,
1591	SECCLASS_FILESYSTEM,	1591	SECCLASS_FILESYSTEM,
1592	FILESYSTEM__ASSOCIATE, &ad);	1592	FILESYSTEM__ASSOCIATE, &ad);
1593	}	1593	}
1594		1594
1595	/* Check whether a task can create a key. */	1595	/* Check whether a task can create a key. */
1596	static int may_create_key(u32 ksid,	1596	static int may_create_key(u32 ksid,
1597	struct task_struct *ctx)	1597	struct task_struct *ctx)
1598	{	1598	{
1599	u32 sid = task_sid(ctx);	1599	u32 sid = task_sid(ctx);
1600		1600
1601	return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);	1601	return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1602	}	1602	}
1603		1603
1604	#define MAY_LINK 0	1604	#define MAY_LINK 0
1605	#define MAY_UNLINK 1	1605	#define MAY_UNLINK 1
1606	#define MAY_RMDIR 2	1606	#define MAY_RMDIR 2
1607		1607
1608	/* Check whether a task can link, unlink, or rmdir a file/directory. */	1608	/* Check whether a task can link, unlink, or rmdir a file/directory. */
1609	static int may_link(struct inode *dir,	1609	static int may_link(struct inode *dir,
1610	struct dentry *dentry,	1610	struct dentry *dentry,
1611	int kind)	1611	int kind)
1612		1612
1613	{	1613	{
1614	struct inode_security_struct dsec, isec;	1614	struct inode_security_struct dsec, isec;
1615	struct common_audit_data ad;	1615	struct common_audit_data ad;
1616	u32 sid = current_sid();	1616	u32 sid = current_sid();
1617	u32 av;	1617	u32 av;
1618	int rc;	1618	int rc;
1619		1619
1620	dsec = dir->i_security;	1620	dsec = dir->i_security;
1621	isec = dentry->d_inode->i_security;	1621	isec = dentry->d_inode->i_security;
1622		1622
1623	COMMON_AUDIT_DATA_INIT(&ad, FS);	1623	COMMON_AUDIT_DATA_INIT(&ad, FS);
1624	ad.u.fs.path.dentry = dentry;	1624	ad.u.fs.path.dentry = dentry;
1625		1625
1626	av = DIR__SEARCH;	1626	av = DIR__SEARCH;
1627	av \|= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);	1627	av \|= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1628	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);	1628	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1629	if (rc)	1629	if (rc)
1630	return rc;	1630	return rc;
1631		1631
1632	switch (kind) {	1632	switch (kind) {
1633	case MAY_LINK:	1633	case MAY_LINK:
1634	av = FILE__LINK;	1634	av = FILE__LINK;
1635	break;	1635	break;
1636	case MAY_UNLINK:	1636	case MAY_UNLINK:
1637	av = FILE__UNLINK;	1637	av = FILE__UNLINK;
1638	break;	1638	break;
1639	case MAY_RMDIR:	1639	case MAY_RMDIR:
1640	av = DIR__RMDIR;	1640	av = DIR__RMDIR;
1641	break;	1641	break;
1642	default:	1642	default:
1643	printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",	1643	printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1644	__func__, kind);	1644	__func__, kind);
1645	return 0;	1645	return 0;
1646	}	1646	}
1647		1647
1648	rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);	1648	rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1649	return rc;	1649	return rc;
1650	}	1650	}
1651		1651
1652	static inline int may_rename(struct inode *old_dir,	1652	static inline int may_rename(struct inode *old_dir,
1653	struct dentry *old_dentry,	1653	struct dentry *old_dentry,
1654	struct inode *new_dir,	1654	struct inode *new_dir,
1655	struct dentry *new_dentry)	1655	struct dentry *new_dentry)
1656	{	1656	{
1657	struct inode_security_struct old_dsec, new_dsec, old_isec, new_isec;	1657	struct inode_security_struct old_dsec, new_dsec, old_isec, new_isec;
1658	struct common_audit_data ad;	1658	struct common_audit_data ad;
1659	u32 sid = current_sid();	1659	u32 sid = current_sid();
1660	u32 av;	1660	u32 av;
1661	int old_is_dir, new_is_dir;	1661	int old_is_dir, new_is_dir;
1662	int rc;	1662	int rc;
1663		1663
1664	old_dsec = old_dir->i_security;	1664	old_dsec = old_dir->i_security;
1665	old_isec = old_dentry->d_inode->i_security;	1665	old_isec = old_dentry->d_inode->i_security;
1666	old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);	1666	old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1667	new_dsec = new_dir->i_security;	1667	new_dsec = new_dir->i_security;
1668		1668
1669	COMMON_AUDIT_DATA_INIT(&ad, FS);	1669	COMMON_AUDIT_DATA_INIT(&ad, FS);
1670		1670
1671	ad.u.fs.path.dentry = old_dentry;	1671	ad.u.fs.path.dentry = old_dentry;
1672	rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,	1672	rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1673	DIR__REMOVE_NAME \| DIR__SEARCH, &ad);	1673	DIR__REMOVE_NAME \| DIR__SEARCH, &ad);
1674	if (rc)	1674	if (rc)
1675	return rc;	1675	return rc;
1676	rc = avc_has_perm(sid, old_isec->sid,	1676	rc = avc_has_perm(sid, old_isec->sid,
1677	old_isec->sclass, FILE__RENAME, &ad);	1677	old_isec->sclass, FILE__RENAME, &ad);
1678	if (rc)	1678	if (rc)
1679	return rc;	1679	return rc;
1680	if (old_is_dir && new_dir != old_dir) {	1680	if (old_is_dir && new_dir != old_dir) {
1681	rc = avc_has_perm(sid, old_isec->sid,	1681	rc = avc_has_perm(sid, old_isec->sid,
1682	old_isec->sclass, DIR__REPARENT, &ad);	1682	old_isec->sclass, DIR__REPARENT, &ad);
1683	if (rc)	1683	if (rc)
1684	return rc;	1684	return rc;
1685	}	1685	}
1686		1686
1687	ad.u.fs.path.dentry = new_dentry;	1687	ad.u.fs.path.dentry = new_dentry;
1688	av = DIR__ADD_NAME \| DIR__SEARCH;	1688	av = DIR__ADD_NAME \| DIR__SEARCH;
1689	if (new_dentry->d_inode)	1689	if (new_dentry->d_inode)
1690	av \|= DIR__REMOVE_NAME;	1690	av \|= DIR__REMOVE_NAME;
1691	rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);	1691	rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1692	if (rc)	1692	if (rc)
1693	return rc;	1693	return rc;
1694	if (new_dentry->d_inode) {	1694	if (new_dentry->d_inode) {
1695	new_isec = new_dentry->d_inode->i_security;	1695	new_isec = new_dentry->d_inode->i_security;
1696	new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);	1696	new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1697	rc = avc_has_perm(sid, new_isec->sid,	1697	rc = avc_has_perm(sid, new_isec->sid,
1698	new_isec->sclass,	1698	new_isec->sclass,
1699	(new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);	1699	(new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1700	if (rc)	1700	if (rc)
1701	return rc;	1701	return rc;
1702	}	1702	}
1703		1703
1704	return 0;	1704	return 0;
1705	}	1705	}
1706		1706
1707	/* Check whether a task can perform a filesystem operation. */	1707	/* Check whether a task can perform a filesystem operation. */
1708	static int superblock_has_perm(const struct cred *cred,	1708	static int superblock_has_perm(const struct cred *cred,
1709	struct super_block *sb,	1709	struct super_block *sb,
1710	u32 perms,	1710	u32 perms,
1711	struct common_audit_data *ad)	1711	struct common_audit_data *ad)
1712	{	1712	{
1713	struct superblock_security_struct *sbsec;	1713	struct superblock_security_struct *sbsec;
1714	u32 sid = cred_sid(cred);	1714	u32 sid = cred_sid(cred);
1715		1715
1716	sbsec = sb->s_security;	1716	sbsec = sb->s_security;
1717	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);	1717	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1718	}	1718	}
1719		1719
1720	/* Convert a Linux mode and permission mask to an access vector. */	1720	/* Convert a Linux mode and permission mask to an access vector. */
1721	static inline u32 file_mask_to_av(int mode, int mask)	1721	static inline u32 file_mask_to_av(int mode, int mask)
1722	{	1722	{
1723	u32 av = 0;	1723	u32 av = 0;
1724		1724
1725	if ((mode & S_IFMT) != S_IFDIR) {	1725	if ((mode & S_IFMT) != S_IFDIR) {
1726	if (mask & MAY_EXEC)	1726	if (mask & MAY_EXEC)
1727	av \|= FILE__EXECUTE;	1727	av \|= FILE__EXECUTE;
1728	if (mask & MAY_READ)	1728	if (mask & MAY_READ)
1729	av \|= FILE__READ;	1729	av \|= FILE__READ;
1730		1730
1731	if (mask & MAY_APPEND)	1731	if (mask & MAY_APPEND)
1732	av \|= FILE__APPEND;	1732	av \|= FILE__APPEND;
1733	else if (mask & MAY_WRITE)	1733	else if (mask & MAY_WRITE)
1734	av \|= FILE__WRITE;	1734	av \|= FILE__WRITE;
1735		1735
1736	} else {	1736	} else {
1737	if (mask & MAY_EXEC)	1737	if (mask & MAY_EXEC)
1738	av \|= DIR__SEARCH;	1738	av \|= DIR__SEARCH;
1739	if (mask & MAY_WRITE)	1739	if (mask & MAY_WRITE)
1740	av \|= DIR__WRITE;	1740	av \|= DIR__WRITE;
1741	if (mask & MAY_READ)	1741	if (mask & MAY_READ)
1742	av \|= DIR__READ;	1742	av \|= DIR__READ;
1743	}	1743	}
1744		1744
1745	return av;	1745	return av;
1746	}	1746	}
1747		1747
1748	/* Convert a Linux file to an access vector. */	1748	/* Convert a Linux file to an access vector. */
1749	static inline u32 file_to_av(struct file *file)	1749	static inline u32 file_to_av(struct file *file)
1750	{	1750	{
1751	u32 av = 0;	1751	u32 av = 0;
1752		1752
1753	if (file->f_mode & FMODE_READ)	1753	if (file->f_mode & FMODE_READ)
1754	av \|= FILE__READ;	1754	av \|= FILE__READ;
1755	if (file->f_mode & FMODE_WRITE) {	1755	if (file->f_mode & FMODE_WRITE) {
1756	if (file->f_flags & O_APPEND)	1756	if (file->f_flags & O_APPEND)
1757	av \|= FILE__APPEND;	1757	av \|= FILE__APPEND;
1758	else	1758	else
1759	av \|= FILE__WRITE;	1759	av \|= FILE__WRITE;
1760	}	1760	}
1761	if (!av) {	1761	if (!av) {
1762	/*	1762	/*
1763	* Special file opened with flags 3 for ioctl-only use.	1763	* Special file opened with flags 3 for ioctl-only use.
1764	*/	1764	*/
1765	av = FILE__IOCTL;	1765	av = FILE__IOCTL;
1766	}	1766	}
1767		1767
1768	return av;	1768	return av;
1769	}	1769	}
1770		1770
1771	/*	1771	/*
1772	* Convert a file to an access vector and include the correct open	1772	* Convert a file to an access vector and include the correct open
1773	* open permission.	1773	* open permission.
1774	*/	1774	*/
1775	static inline u32 open_file_to_av(struct file *file)	1775	static inline u32 open_file_to_av(struct file *file)
1776	{	1776	{
1777	u32 av = file_to_av(file);	1777	u32 av = file_to_av(file);
1778		1778
1779	if (selinux_policycap_openperm)	1779	if (selinux_policycap_openperm)
1780	av \|= FILE__OPEN;	1780	av \|= FILE__OPEN;
1781		1781
1782	return av;	1782	return av;
1783	}	1783	}
1784		1784
1785	/* Hook functions begin here. */	1785	/* Hook functions begin here. */
1786		1786
1787	static int selinux_ptrace_access_check(struct task_struct *child,	1787	static int selinux_ptrace_access_check(struct task_struct *child,
1788	unsigned int mode)	1788	unsigned int mode)
1789	{	1789	{
1790	int rc;	1790	int rc;
1791		1791
1792	rc = cap_ptrace_access_check(child, mode);	1792	rc = cap_ptrace_access_check(child, mode);
1793	if (rc)	1793	if (rc)
1794	return rc;	1794	return rc;
1795		1795
1796	if (mode == PTRACE_MODE_READ) {	1796	if (mode == PTRACE_MODE_READ) {
1797	u32 sid = current_sid();	1797	u32 sid = current_sid();
1798	u32 csid = task_sid(child);	1798	u32 csid = task_sid(child);
1799	return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);	1799	return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1800	}	1800	}
1801		1801
1802	return current_has_perm(child, PROCESS__PTRACE);	1802	return current_has_perm(child, PROCESS__PTRACE);
1803	}	1803	}
1804		1804
1805	static int selinux_ptrace_traceme(struct task_struct *parent)	1805	static int selinux_ptrace_traceme(struct task_struct *parent)
1806	{	1806	{
1807	int rc;	1807	int rc;
1808		1808
1809	rc = cap_ptrace_traceme(parent);	1809	rc = cap_ptrace_traceme(parent);
1810	if (rc)	1810	if (rc)
1811	return rc;	1811	return rc;
1812		1812
1813	return task_has_perm(parent, current, PROCESS__PTRACE);	1813	return task_has_perm(parent, current, PROCESS__PTRACE);
1814	}	1814	}
1815		1815
1816	static int selinux_capget(struct task_struct target, kernel_cap_t effective,	1816	static int selinux_capget(struct task_struct target, kernel_cap_t effective,
1817	kernel_cap_t inheritable, kernel_cap_t permitted)	1817	kernel_cap_t inheritable, kernel_cap_t permitted)
1818	{	1818	{
1819	int error;	1819	int error;
1820		1820
1821	error = current_has_perm(target, PROCESS__GETCAP);	1821	error = current_has_perm(target, PROCESS__GETCAP);
1822	if (error)	1822	if (error)
1823	return error;	1823	return error;
1824		1824
1825	return cap_capget(target, effective, inheritable, permitted);	1825	return cap_capget(target, effective, inheritable, permitted);
1826	}	1826	}
1827		1827
1828	static int selinux_capset(struct cred new, const struct cred old,	1828	static int selinux_capset(struct cred new, const struct cred old,
1829	const kernel_cap_t *effective,	1829	const kernel_cap_t *effective,
1830	const kernel_cap_t *inheritable,	1830	const kernel_cap_t *inheritable,
1831	const kernel_cap_t *permitted)	1831	const kernel_cap_t *permitted)
1832	{	1832	{
1833	int error;	1833	int error;
1834		1834
1835	error = cap_capset(new, old,	1835	error = cap_capset(new, old,
1836	effective, inheritable, permitted);	1836	effective, inheritable, permitted);
1837	if (error)	1837	if (error)
1838	return error;	1838	return error;
1839		1839
1840	return cred_has_perm(old, new, PROCESS__SETCAP);	1840	return cred_has_perm(old, new, PROCESS__SETCAP);
1841	}	1841	}
1842		1842
1843	/*	1843	/*
1844	* (This comment used to live with the selinux_task_setuid hook,	1844	* (This comment used to live with the selinux_task_setuid hook,
1845	* which was removed).	1845	* which was removed).
1846	*	1846	*
1847	* Since setuid only affects the current process, and since the SELinux	1847	* Since setuid only affects the current process, and since the SELinux
1848	* controls are not based on the Linux identity attributes, SELinux does not	1848	* controls are not based on the Linux identity attributes, SELinux does not
1849	* need to control this operation. However, SELinux does control the use of	1849	* need to control this operation. However, SELinux does control the use of
1850	* the CAP_SETUID and CAP_SETGID capabilities using the capable hook.	1850	* the CAP_SETUID and CAP_SETGID capabilities using the capable hook.
1851	*/	1851	*/
1852		1852
1853	static int selinux_capable(struct task_struct tsk, const struct cred cred,	1853	static int selinux_capable(struct task_struct tsk, const struct cred cred,
1854	int cap, int audit)	1854	int cap, int audit)
1855	{	1855	{
1856	int rc;	1856	int rc;
1857		1857
1858	rc = cap_capable(tsk, cred, cap, audit);	1858	rc = cap_capable(tsk, cred, cap, audit);
1859	if (rc)	1859	if (rc)
1860	return rc;	1860	return rc;
1861		1861
1862	return task_has_capability(tsk, cred, cap, audit);	1862	return task_has_capability(tsk, cred, cap, audit);
1863	}	1863	}
1864		1864
1865	static int selinux_sysctl_get_sid(ctl_table table, u16 tclass, u32 sid)	1865	static int selinux_sysctl_get_sid(ctl_table table, u16 tclass, u32 sid)
1866	{	1866	{
1867	int buflen, rc;	1867	int buflen, rc;
1868	char buffer, path, *end;	1868	char buffer, path, *end;
1869		1869
1870	rc = -ENOMEM;	1870	rc = -ENOMEM;
1871	buffer = (char *)__get_free_page(GFP_KERNEL);	1871	buffer = (char *)__get_free_page(GFP_KERNEL);
1872	if (!buffer)	1872	if (!buffer)
1873	goto out;	1873	goto out;
1874		1874
1875	buflen = PAGE_SIZE;	1875	buflen = PAGE_SIZE;
1876	end = buffer+buflen;	1876	end = buffer+buflen;
1877	*--end = '\0';	1877	*--end = '\0';
1878	buflen--;	1878	buflen--;
1879	path = end-1;	1879	path = end-1;
1880	*path = '/';	1880	*path = '/';
1881	while (table) {	1881	while (table) {
1882	const char *name = table->procname;	1882	const char *name = table->procname;
1883	size_t namelen = strlen(name);	1883	size_t namelen = strlen(name);
1884	buflen -= namelen + 1;	1884	buflen -= namelen + 1;
1885	if (buflen < 0)	1885	if (buflen < 0)
1886	goto out_free;	1886	goto out_free;
1887	end -= namelen;	1887	end -= namelen;
1888	memcpy(end, name, namelen);	1888	memcpy(end, name, namelen);
1889	*--end = '/';	1889	*--end = '/';
1890	path = end;	1890	path = end;
1891	table = table->parent;	1891	table = table->parent;
1892	}	1892	}
1893	buflen -= 4;	1893	buflen -= 4;
1894	if (buflen < 0)	1894	if (buflen < 0)
1895	goto out_free;	1895	goto out_free;
1896	end -= 4;	1896	end -= 4;
1897	memcpy(end, "/sys", 4);	1897	memcpy(end, "/sys", 4);
1898	path = end;	1898	path = end;
1899	rc = security_genfs_sid("proc", path, tclass, sid);	1899	rc = security_genfs_sid("proc", path, tclass, sid);
1900	out_free:	1900	out_free:
1901	free_page((unsigned long)buffer);	1901	free_page((unsigned long)buffer);
1902	out:	1902	out:
1903	return rc;	1903	return rc;
1904	}	1904	}
1905		1905
1906	static int selinux_sysctl(ctl_table *table, int op)	1906	static int selinux_sysctl(ctl_table *table, int op)
1907	{	1907	{
1908	int error = 0;	1908	int error = 0;
1909	u32 av;	1909	u32 av;
1910	u32 tsid, sid;	1910	u32 tsid, sid;
1911	int rc;	1911	int rc;
1912		1912
1913	sid = current_sid();	1913	sid = current_sid();
1914		1914
1915	rc = selinux_sysctl_get_sid(table, (op == 0001) ?	1915	rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1916	SECCLASS_DIR : SECCLASS_FILE, &tsid);	1916	SECCLASS_DIR : SECCLASS_FILE, &tsid);
1917	if (rc) {	1917	if (rc) {
1918	/* Default to the well-defined sysctl SID. */	1918	/* Default to the well-defined sysctl SID. */
1919	tsid = SECINITSID_SYSCTL;	1919	tsid = SECINITSID_SYSCTL;
1920	}	1920	}
1921		1921
1922	/* The op values are "defined" in sysctl.c, thereby creating	1922	/* The op values are "defined" in sysctl.c, thereby creating
1923	* a bad coupling between this module and sysctl.c */	1923	* a bad coupling between this module and sysctl.c */
1924	if (op == 001) {	1924	if (op == 001) {
1925	error = avc_has_perm(sid, tsid,	1925	error = avc_has_perm(sid, tsid,
1926	SECCLASS_DIR, DIR__SEARCH, NULL);	1926	SECCLASS_DIR, DIR__SEARCH, NULL);
1927	} else {	1927	} else {
1928	av = 0;	1928	av = 0;
1929	if (op & 004)	1929	if (op & 004)
1930	av \|= FILE__READ;	1930	av \|= FILE__READ;
1931	if (op & 002)	1931	if (op & 002)
1932	av \|= FILE__WRITE;	1932	av \|= FILE__WRITE;
1933	if (av)	1933	if (av)
1934	error = avc_has_perm(sid, tsid,	1934	error = avc_has_perm(sid, tsid,
1935	SECCLASS_FILE, av, NULL);	1935	SECCLASS_FILE, av, NULL);
1936	}	1936	}
1937		1937
1938	return error;	1938	return error;
1939	}	1939	}
1940		1940
1941	static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)	1941	static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1942	{	1942	{
1943	const struct cred *cred = current_cred();	1943	const struct cred *cred = current_cred();
1944	int rc = 0;	1944	int rc = 0;
1945		1945
1946	if (!sb)	1946	if (!sb)
1947	return 0;	1947	return 0;
1948		1948
1949	switch (cmds) {	1949	switch (cmds) {
1950	case Q_SYNC:	1950	case Q_SYNC:
1951	case Q_QUOTAON:	1951	case Q_QUOTAON:
1952	case Q_QUOTAOFF:	1952	case Q_QUOTAOFF:
1953	case Q_SETINFO:	1953	case Q_SETINFO:
1954	case Q_SETQUOTA:	1954	case Q_SETQUOTA:
1955	rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);	1955	rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1956	break;	1956	break;
1957	case Q_GETFMT:	1957	case Q_GETFMT:
1958	case Q_GETINFO:	1958	case Q_GETINFO:
1959	case Q_GETQUOTA:	1959	case Q_GETQUOTA:
1960	rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);	1960	rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1961	break;	1961	break;
1962	default:	1962	default:
1963	rc = 0; /* let the kernel handle invalid cmds */	1963	rc = 0; /* let the kernel handle invalid cmds */
1964	break;	1964	break;
1965	}	1965	}
1966	return rc;	1966	return rc;
1967	}	1967	}
1968		1968
1969	static int selinux_quota_on(struct dentry *dentry)	1969	static int selinux_quota_on(struct dentry *dentry)
1970	{	1970	{
1971	const struct cred *cred = current_cred();	1971	const struct cred *cred = current_cred();
1972		1972
1973	return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);	1973	return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
1974	}	1974	}
1975		1975
1976	static int selinux_syslog(int type)	1976	static int selinux_syslog(int type)
1977	{	1977	{
1978	int rc;	1978	int rc;
1979		1979
1980	switch (type) {	1980	switch (type) {
1981	case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */	1981	case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
1982	case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */	1982	case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
1983	rc = task_has_system(current, SYSTEM__SYSLOG_READ);	1983	rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1984	break;	1984	break;
1985	case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */	1985	case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
1986	case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */	1986	case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
1987	/* Set level of messages printed to console */	1987	/* Set level of messages printed to console */
1988	case SYSLOG_ACTION_CONSOLE_LEVEL:	1988	case SYSLOG_ACTION_CONSOLE_LEVEL:
1989	rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);	1989	rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1990	break;	1990	break;
1991	case SYSLOG_ACTION_CLOSE: /* Close log */	1991	case SYSLOG_ACTION_CLOSE: /* Close log */
1992	case SYSLOG_ACTION_OPEN: /* Open log */	1992	case SYSLOG_ACTION_OPEN: /* Open log */
1993	case SYSLOG_ACTION_READ: /* Read from log */	1993	case SYSLOG_ACTION_READ: /* Read from log */
1994	case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */	1994	case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */
1995	case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */	1995	case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */
1996	default:	1996	default:
1997	rc = task_has_system(current, SYSTEM__SYSLOG_MOD);	1997	rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1998	break;	1998	break;
1999	}	1999	}
2000	return rc;	2000	return rc;
2001	}	2001	}
2002		2002
2003	/*	2003	/*
2004	* Check that a process has enough memory to allocate a new virtual	2004	* Check that a process has enough memory to allocate a new virtual
2005	* mapping. 0 means there is enough memory for the allocation to	2005	* mapping. 0 means there is enough memory for the allocation to
2006	* succeed and -ENOMEM implies there is not.	2006	* succeed and -ENOMEM implies there is not.
2007	*	2007	*
2008	* Do not audit the selinux permission check, as this is applied to all	2008	* Do not audit the selinux permission check, as this is applied to all
2009	* processes that allocate mappings.	2009	* processes that allocate mappings.
2010	*/	2010	*/
2011	static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)	2011	static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2012	{	2012	{
2013	int rc, cap_sys_admin = 0;	2013	int rc, cap_sys_admin = 0;
2014		2014
2015	rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,	2015	rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
2016	SECURITY_CAP_NOAUDIT);	2016	SECURITY_CAP_NOAUDIT);
2017	if (rc == 0)	2017	if (rc == 0)
2018	cap_sys_admin = 1;	2018	cap_sys_admin = 1;
2019		2019
2020	return __vm_enough_memory(mm, pages, cap_sys_admin);	2020	return __vm_enough_memory(mm, pages, cap_sys_admin);
2021	}	2021	}
2022		2022
2023	/* binprm security operations */	2023	/* binprm security operations */
2024		2024
2025	static int selinux_bprm_set_creds(struct linux_binprm *bprm)	2025	static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2026	{	2026	{
2027	const struct task_security_struct *old_tsec;	2027	const struct task_security_struct *old_tsec;
2028	struct task_security_struct *new_tsec;	2028	struct task_security_struct *new_tsec;
2029	struct inode_security_struct *isec;	2029	struct inode_security_struct *isec;
2030	struct common_audit_data ad;	2030	struct common_audit_data ad;
2031	struct inode *inode = bprm->file->f_path.dentry->d_inode;	2031	struct inode *inode = bprm->file->f_path.dentry->d_inode;
2032	int rc;	2032	int rc;
2033		2033
2034	rc = cap_bprm_set_creds(bprm);	2034	rc = cap_bprm_set_creds(bprm);
2035	if (rc)	2035	if (rc)
2036	return rc;	2036	return rc;
2037		2037
2038	/* SELinux context only depends on initial program or script and not	2038	/* SELinux context only depends on initial program or script and not
2039	* the script interpreter */	2039	* the script interpreter */
2040	if (bprm->cred_prepared)	2040	if (bprm->cred_prepared)
2041	return 0;	2041	return 0;
2042		2042
2043	old_tsec = current_security();	2043	old_tsec = current_security();
2044	new_tsec = bprm->cred->security;	2044	new_tsec = bprm->cred->security;
2045	isec = inode->i_security;	2045	isec = inode->i_security;
2046		2046
2047	/* Default to the current task SID. */	2047	/* Default to the current task SID. */
2048	new_tsec->sid = old_tsec->sid;	2048	new_tsec->sid = old_tsec->sid;
2049	new_tsec->osid = old_tsec->sid;	2049	new_tsec->osid = old_tsec->sid;
2050		2050
2051	/* Reset fs, key, and sock SIDs on execve. */	2051	/* Reset fs, key, and sock SIDs on execve. */
2052	new_tsec->create_sid = 0;	2052	new_tsec->create_sid = 0;
2053	new_tsec->keycreate_sid = 0;	2053	new_tsec->keycreate_sid = 0;
2054	new_tsec->sockcreate_sid = 0;	2054	new_tsec->sockcreate_sid = 0;
2055		2055
2056	if (old_tsec->exec_sid) {	2056	if (old_tsec->exec_sid) {
2057	new_tsec->sid = old_tsec->exec_sid;	2057	new_tsec->sid = old_tsec->exec_sid;
2058	/* Reset exec SID on execve. */	2058	/* Reset exec SID on execve. */
2059	new_tsec->exec_sid = 0;	2059	new_tsec->exec_sid = 0;
2060	} else {	2060	} else {
2061	/* Check for a default transition on this program. */	2061	/* Check for a default transition on this program. */
2062	rc = security_transition_sid(old_tsec->sid, isec->sid,	2062	rc = security_transition_sid(old_tsec->sid, isec->sid,
2063	SECCLASS_PROCESS, &new_tsec->sid);	2063	SECCLASS_PROCESS, &new_tsec->sid);
2064	if (rc)	2064	if (rc)
2065	return rc;	2065	return rc;
2066	}	2066	}
2067		2067
2068	COMMON_AUDIT_DATA_INIT(&ad, FS);	2068	COMMON_AUDIT_DATA_INIT(&ad, FS);
2069	ad.u.fs.path = bprm->file->f_path;	2069	ad.u.fs.path = bprm->file->f_path;
2070		2070
2071	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)	2071	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2072	new_tsec->sid = old_tsec->sid;	2072	new_tsec->sid = old_tsec->sid;
2073		2073
2074	if (new_tsec->sid == old_tsec->sid) {	2074	if (new_tsec->sid == old_tsec->sid) {
2075	rc = avc_has_perm(old_tsec->sid, isec->sid,	2075	rc = avc_has_perm(old_tsec->sid, isec->sid,
2076	SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);	2076	SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2077	if (rc)	2077	if (rc)
2078	return rc;	2078	return rc;
2079	} else {	2079	} else {
2080	/* Check permissions for the transition. */	2080	/* Check permissions for the transition. */
2081	rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2081	rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2082	SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);	2082	SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2083	if (rc)	2083	if (rc)
2084	return rc;	2084	return rc;
2085		2085
2086	rc = avc_has_perm(new_tsec->sid, isec->sid,	2086	rc = avc_has_perm(new_tsec->sid, isec->sid,
2087	SECCLASS_FILE, FILE__ENTRYPOINT, &ad);	2087	SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2088	if (rc)	2088	if (rc)
2089	return rc;	2089	return rc;
2090		2090
2091	/* Check for shared state */	2091	/* Check for shared state */
2092	if (bprm->unsafe & LSM_UNSAFE_SHARE) {	2092	if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2093	rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2093	rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2094	SECCLASS_PROCESS, PROCESS__SHARE,	2094	SECCLASS_PROCESS, PROCESS__SHARE,
2095	NULL);	2095	NULL);
2096	if (rc)	2096	if (rc)
2097	return -EPERM;	2097	return -EPERM;
2098	}	2098	}
2099		2099
2100	/* Make sure that anyone attempting to ptrace over a task that	2100	/* Make sure that anyone attempting to ptrace over a task that
2101	* changes its SID has the appropriate permit */	2101	* changes its SID has the appropriate permit */
2102	if (bprm->unsafe &	2102	if (bprm->unsafe &
2103	(LSM_UNSAFE_PTRACE \| LSM_UNSAFE_PTRACE_CAP)) {	2103	(LSM_UNSAFE_PTRACE \| LSM_UNSAFE_PTRACE_CAP)) {
2104	struct task_struct *tracer;	2104	struct task_struct *tracer;
2105	struct task_security_struct *sec;	2105	struct task_security_struct *sec;
2106	u32 ptsid = 0;	2106	u32 ptsid = 0;
2107		2107
2108	rcu_read_lock();	2108	rcu_read_lock();
2109	tracer = tracehook_tracer_task(current);	2109	tracer = tracehook_tracer_task(current);
2110	if (likely(tracer != NULL)) {	2110	if (likely(tracer != NULL)) {
2111	sec = __task_cred(tracer)->security;	2111	sec = __task_cred(tracer)->security;
2112	ptsid = sec->sid;	2112	ptsid = sec->sid;
2113	}	2113	}
2114	rcu_read_unlock();	2114	rcu_read_unlock();
2115		2115
2116	if (ptsid != 0) {	2116	if (ptsid != 0) {
2117	rc = avc_has_perm(ptsid, new_tsec->sid,	2117	rc = avc_has_perm(ptsid, new_tsec->sid,
2118	SECCLASS_PROCESS,	2118	SECCLASS_PROCESS,
2119	PROCESS__PTRACE, NULL);	2119	PROCESS__PTRACE, NULL);
2120	if (rc)	2120	if (rc)
2121	return -EPERM;	2121	return -EPERM;
2122	}	2122	}
2123	}	2123	}
2124		2124
2125	/* Clear any possibly unsafe personality bits on exec: */	2125	/* Clear any possibly unsafe personality bits on exec: */
2126	bprm->per_clear \|= PER_CLEAR_ON_SETID;	2126	bprm->per_clear \|= PER_CLEAR_ON_SETID;
2127	}	2127	}
2128		2128
2129	return 0;	2129	return 0;
2130	}	2130	}
2131		2131
2132	static int selinux_bprm_secureexec(struct linux_binprm *bprm)	2132	static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2133	{	2133	{
2134	const struct task_security_struct *tsec = current_security();	2134	const struct task_security_struct *tsec = current_security();
2135	u32 sid, osid;	2135	u32 sid, osid;
2136	int atsecure = 0;	2136	int atsecure = 0;
2137		2137
2138	sid = tsec->sid;	2138	sid = tsec->sid;
2139	osid = tsec->osid;	2139	osid = tsec->osid;
2140		2140
2141	if (osid != sid) {	2141	if (osid != sid) {
2142	/* Enable secure mode for SIDs transitions unless	2142	/* Enable secure mode for SIDs transitions unless
2143	the noatsecure permission is granted between	2143	the noatsecure permission is granted between
2144	the two SIDs, i.e. ahp returns 0. */	2144	the two SIDs, i.e. ahp returns 0. */
2145	atsecure = avc_has_perm(osid, sid,	2145	atsecure = avc_has_perm(osid, sid,
2146	SECCLASS_PROCESS,	2146	SECCLASS_PROCESS,
2147	PROCESS__NOATSECURE, NULL);	2147	PROCESS__NOATSECURE, NULL);
2148	}	2148	}
2149		2149
2150	return (atsecure \|\| cap_bprm_secureexec(bprm));	2150	return (atsecure \|\| cap_bprm_secureexec(bprm));
2151	}	2151	}
2152		2152
2153	extern struct vfsmount *selinuxfs_mount;	2153	extern struct vfsmount *selinuxfs_mount;
2154	extern struct dentry *selinux_null;	2154	extern struct dentry *selinux_null;
2155		2155
2156	/* Derived from fs/exec.c:flush_old_files. */	2156	/* Derived from fs/exec.c:flush_old_files. */
2157	static inline void flush_unauthorized_files(const struct cred *cred,	2157	static inline void flush_unauthorized_files(const struct cred *cred,
2158	struct files_struct *files)	2158	struct files_struct *files)
2159	{	2159	{
2160	struct common_audit_data ad;	2160	struct common_audit_data ad;
2161	struct file file, devnull = NULL;	2161	struct file file, devnull = NULL;
2162	struct tty_struct *tty;	2162	struct tty_struct *tty;
2163	struct fdtable *fdt;	2163	struct fdtable *fdt;
2164	long j = -1;	2164	long j = -1;
2165	int drop_tty = 0;	2165	int drop_tty = 0;
2166		2166
2167	tty = get_current_tty();	2167	tty = get_current_tty();
2168	if (tty) {	2168	if (tty) {
2169	spin_lock(&tty_files_lock);	2169	spin_lock(&tty_files_lock);
2170	if (!list_empty(&tty->tty_files)) {	2170	if (!list_empty(&tty->tty_files)) {
2171	struct tty_file_private *file_priv;	2171	struct tty_file_private *file_priv;
2172	struct inode *inode;	2172	struct inode *inode;
2173		2173
2174	/* Revalidate access to controlling tty.	2174	/* Revalidate access to controlling tty.
2175	Use inode_has_perm on the tty inode directly rather	2175	Use inode_has_perm on the tty inode directly rather
2176	than using file_has_perm, as this particular open	2176	than using file_has_perm, as this particular open
2177	file may belong to another process and we are only	2177	file may belong to another process and we are only
2178	interested in the inode-based check here. */	2178	interested in the inode-based check here. */
2179	file_priv = list_first_entry(&tty->tty_files,	2179	file_priv = list_first_entry(&tty->tty_files,
2180	struct tty_file_private, list);	2180	struct tty_file_private, list);
2181	file = file_priv->file;	2181	file = file_priv->file;
2182	inode = file->f_path.dentry->d_inode;	2182	inode = file->f_path.dentry->d_inode;
2183	if (inode_has_perm(cred, inode,	2183	if (inode_has_perm(cred, inode,
2184	FILE__READ \| FILE__WRITE, NULL)) {	2184	FILE__READ \| FILE__WRITE, NULL)) {
2185	drop_tty = 1;	2185	drop_tty = 1;
2186	}	2186	}
2187	}	2187	}
2188	spin_unlock(&tty_files_lock);	2188	spin_unlock(&tty_files_lock);
2189	tty_kref_put(tty);	2189	tty_kref_put(tty);
2190	}	2190	}
2191	/* Reset controlling tty. */	2191	/* Reset controlling tty. */
2192	if (drop_tty)	2192	if (drop_tty)
2193	no_tty();	2193	no_tty();
2194		2194
2195	/* Revalidate access to inherited open files. */	2195	/* Revalidate access to inherited open files. */
2196		2196
2197	COMMON_AUDIT_DATA_INIT(&ad, FS);	2197	COMMON_AUDIT_DATA_INIT(&ad, FS);
2198		2198
2199	spin_lock(&files->file_lock);	2199	spin_lock(&files->file_lock);
2200	for (;;) {	2200	for (;;) {
2201	unsigned long set, i;	2201	unsigned long set, i;
2202	int fd;	2202	int fd;
2203		2203
2204	j++;	2204	j++;
2205	i = j * __NFDBITS;	2205	i = j * __NFDBITS;
2206	fdt = files_fdtable(files);	2206	fdt = files_fdtable(files);
2207	if (i >= fdt->max_fds)	2207	if (i >= fdt->max_fds)
2208	break;	2208	break;
2209	set = fdt->open_fds->fds_bits[j];	2209	set = fdt->open_fds->fds_bits[j];
2210	if (!set)	2210	if (!set)
2211	continue;	2211	continue;
2212	spin_unlock(&files->file_lock);	2212	spin_unlock(&files->file_lock);
2213	for ( ; set ; i++, set >>= 1) {	2213	for ( ; set ; i++, set >>= 1) {
2214	if (set & 1) {	2214	if (set & 1) {
2215	file = fget(i);	2215	file = fget(i);
2216	if (!file)	2216	if (!file)
2217	continue;	2217	continue;
2218	if (file_has_perm(cred,	2218	if (file_has_perm(cred,
2219	file,	2219	file,
2220	file_to_av(file))) {	2220	file_to_av(file))) {
2221	sys_close(i);	2221	sys_close(i);
2222	fd = get_unused_fd();	2222	fd = get_unused_fd();
2223	if (fd != i) {	2223	if (fd != i) {
2224	if (fd >= 0)	2224	if (fd >= 0)
2225	put_unused_fd(fd);	2225	put_unused_fd(fd);
2226	fput(file);	2226	fput(file);
2227	continue;	2227	continue;
2228	}	2228	}
2229	if (devnull) {	2229	if (devnull) {
2230	get_file(devnull);	2230	get_file(devnull);
2231	} else {	2231	} else {
2232	devnull = dentry_open(	2232	devnull = dentry_open(
2233	dget(selinux_null),	2233	dget(selinux_null),
2234	mntget(selinuxfs_mount),	2234	mntget(selinuxfs_mount),
2235	O_RDWR, cred);	2235	O_RDWR, cred);
2236	if (IS_ERR(devnull)) {	2236	if (IS_ERR(devnull)) {
2237	devnull = NULL;	2237	devnull = NULL;
2238	put_unused_fd(fd);	2238	put_unused_fd(fd);
2239	fput(file);	2239	fput(file);
2240	continue;	2240	continue;
2241	}	2241	}
2242	}	2242	}
2243	fd_install(fd, devnull);	2243	fd_install(fd, devnull);
2244	}	2244	}
2245	fput(file);	2245	fput(file);
2246	}	2246	}
2247	}	2247	}
2248	spin_lock(&files->file_lock);	2248	spin_lock(&files->file_lock);
2249		2249
2250	}	2250	}
2251	spin_unlock(&files->file_lock);	2251	spin_unlock(&files->file_lock);
2252	}	2252	}
2253		2253
2254	/*	2254	/*
2255	* Prepare a process for imminent new credential changes due to exec	2255	* Prepare a process for imminent new credential changes due to exec
2256	*/	2256	*/
2257	static void selinux_bprm_committing_creds(struct linux_binprm *bprm)	2257	static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2258	{	2258	{
2259	struct task_security_struct *new_tsec;	2259	struct task_security_struct *new_tsec;
2260	struct rlimit rlim, initrlim;	2260	struct rlimit rlim, initrlim;
2261	int rc, i;	2261	int rc, i;
2262		2262
2263	new_tsec = bprm->cred->security;	2263	new_tsec = bprm->cred->security;
2264	if (new_tsec->sid == new_tsec->osid)	2264	if (new_tsec->sid == new_tsec->osid)
2265	return;	2265	return;
2266		2266
2267	/* Close files for which the new task SID is not authorized. */	2267	/* Close files for which the new task SID is not authorized. */
2268	flush_unauthorized_files(bprm->cred, current->files);	2268	flush_unauthorized_files(bprm->cred, current->files);
2269		2269
2270	/* Always clear parent death signal on SID transitions. */	2270	/* Always clear parent death signal on SID transitions. */
2271	current->pdeath_signal = 0;	2271	current->pdeath_signal = 0;
2272		2272
2273	/* Check whether the new SID can inherit resource limits from the old	2273	/* Check whether the new SID can inherit resource limits from the old
2274	* SID. If not, reset all soft limits to the lower of the current	2274	* SID. If not, reset all soft limits to the lower of the current
2275	* task's hard limit and the init task's soft limit.	2275	* task's hard limit and the init task's soft limit.
2276	*	2276	*
2277	* Note that the setting of hard limits (even to lower them) can be	2277	* Note that the setting of hard limits (even to lower them) can be
2278	* controlled by the setrlimit check. The inclusion of the init task's	2278	* controlled by the setrlimit check. The inclusion of the init task's
2279	* soft limit into the computation is to avoid resetting soft limits	2279	* soft limit into the computation is to avoid resetting soft limits
2280	* higher than the default soft limit for cases where the default is	2280	* higher than the default soft limit for cases where the default is
2281	* lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.	2281	* lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
2282	*/	2282	*/
2283	rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,	2283	rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2284	PROCESS__RLIMITINH, NULL);	2284	PROCESS__RLIMITINH, NULL);
2285	if (rc) {	2285	if (rc) {
2286	/* protect against do_prlimit() */	2286	/* protect against do_prlimit() */
2287	task_lock(current);	2287	task_lock(current);
2288	for (i = 0; i < RLIM_NLIMITS; i++) {	2288	for (i = 0; i < RLIM_NLIMITS; i++) {
2289	rlim = current->signal->rlim + i;	2289	rlim = current->signal->rlim + i;
2290	initrlim = init_task.signal->rlim + i;	2290	initrlim = init_task.signal->rlim + i;
2291	rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);	2291	rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2292	}	2292	}
2293	task_unlock(current);	2293	task_unlock(current);
2294	update_rlimit_cpu(current, rlimit(RLIMIT_CPU));	2294	update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2295	}	2295	}
2296	}	2296	}
2297		2297
2298	/*	2298	/*
2299	* Clean up the process immediately after the installation of new credentials	2299	* Clean up the process immediately after the installation of new credentials
2300	* due to exec	2300	* due to exec
2301	*/	2301	*/
2302	static void selinux_bprm_committed_creds(struct linux_binprm *bprm)	2302	static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2303	{	2303	{
2304	const struct task_security_struct *tsec = current_security();	2304	const struct task_security_struct *tsec = current_security();
2305	struct itimerval itimer;	2305	struct itimerval itimer;
2306	u32 osid, sid;	2306	u32 osid, sid;
2307	int rc, i;	2307	int rc, i;
2308		2308
2309	osid = tsec->osid;	2309	osid = tsec->osid;
2310	sid = tsec->sid;	2310	sid = tsec->sid;
2311		2311
2312	if (sid == osid)	2312	if (sid == osid)
2313	return;	2313	return;
2314		2314
2315	/* Check whether the new SID can inherit signal state from the old SID.	2315	/* Check whether the new SID can inherit signal state from the old SID.
2316	* If not, clear itimers to avoid subsequent signal generation and	2316	* If not, clear itimers to avoid subsequent signal generation and
2317	* flush and unblock signals.	2317	* flush and unblock signals.
2318	*	2318	*
2319	* This must occur _after_ the task SID has been updated so that any	2319	* This must occur _after_ the task SID has been updated so that any
2320	* kill done after the flush will be checked against the new SID.	2320	* kill done after the flush will be checked against the new SID.
2321	*/	2321	*/
2322	rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);	2322	rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2323	if (rc) {	2323	if (rc) {
2324	memset(&itimer, 0, sizeof itimer);	2324	memset(&itimer, 0, sizeof itimer);
2325	for (i = 0; i < 3; i++)	2325	for (i = 0; i < 3; i++)
2326	do_setitimer(i, &itimer, NULL);	2326	do_setitimer(i, &itimer, NULL);
2327	spin_lock_irq(&current->sighand->siglock);	2327	spin_lock_irq(&current->sighand->siglock);
2328	if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {	2328	if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2329	__flush_signals(current);	2329	__flush_signals(current);
2330	flush_signal_handlers(current, 1);	2330	flush_signal_handlers(current, 1);
2331	sigemptyset(&current->blocked);	2331	sigemptyset(&current->blocked);
2332	}	2332	}
2333	spin_unlock_irq(&current->sighand->siglock);	2333	spin_unlock_irq(&current->sighand->siglock);
2334	}	2334	}
2335		2335
2336	/* Wake up the parent if it is waiting so that it can recheck	2336	/* Wake up the parent if it is waiting so that it can recheck
2337	* wait permission to the new task SID. */	2337	* wait permission to the new task SID. */
2338	read_lock(&tasklist_lock);	2338	read_lock(&tasklist_lock);
2339	__wake_up_parent(current, current->real_parent);	2339	__wake_up_parent(current, current->real_parent);
2340	read_unlock(&tasklist_lock);	2340	read_unlock(&tasklist_lock);
2341	}	2341	}
2342		2342
2343	/* superblock security operations */	2343	/* superblock security operations */
2344		2344
2345	static int selinux_sb_alloc_security(struct super_block *sb)	2345	static int selinux_sb_alloc_security(struct super_block *sb)
2346	{	2346	{
2347	return superblock_alloc_security(sb);	2347	return superblock_alloc_security(sb);
2348	}	2348	}
2349		2349
2350	static void selinux_sb_free_security(struct super_block *sb)	2350	static void selinux_sb_free_security(struct super_block *sb)
2351	{	2351	{
2352	superblock_free_security(sb);	2352	superblock_free_security(sb);
2353	}	2353	}
2354		2354
2355	static inline int match_prefix(char prefix, int plen, char option, int olen)	2355	static inline int match_prefix(char prefix, int plen, char option, int olen)
2356	{	2356	{
2357	if (plen > olen)	2357	if (plen > olen)
2358	return 0;	2358	return 0;
2359		2359
2360	return !memcmp(prefix, option, plen);	2360	return !memcmp(prefix, option, plen);
2361	}	2361	}
2362		2362
2363	static inline int selinux_option(char *option, int len)	2363	static inline int selinux_option(char *option, int len)
2364	{	2364	{
2365	return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) \|\|	2365	return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) \|\|
2366	match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) \|\|	2366	match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) \|\|
2367	match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) \|\|	2367	match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) \|\|
2368	match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) \|\|	2368	match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) \|\|
2369	match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));	2369	match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2370	}	2370	}
2371		2371
2372	static inline void take_option(char *to, char from, int *first, int len)	2372	static inline void take_option(char *to, char from, int *first, int len)
2373	{	2373	{
2374	if (!*first) {	2374	if (!*first) {
2375	**to = ',';	2375	**to = ',';
2376	*to += 1;	2376	*to += 1;
2377	} else	2377	} else
2378	*first = 0;	2378	*first = 0;
2379	memcpy(*to, from, len);	2379	memcpy(*to, from, len);
2380	*to += len;	2380	*to += len;
2381	}	2381	}
2382		2382
2383	static inline void take_selinux_option(char *to, char from, int *first,	2383	static inline void take_selinux_option(char *to, char from, int *first,
2384	int len)	2384	int len)
2385	{	2385	{
2386	int current_size = 0;	2386	int current_size = 0;
2387		2387
2388	if (!*first) {	2388	if (!*first) {
2389	**to = '\|';	2389	**to = '\|';
2390	*to += 1;	2390	*to += 1;
2391	} else	2391	} else
2392	*first = 0;	2392	*first = 0;
2393		2393
2394	while (current_size < len) {	2394	while (current_size < len) {
2395	if (*from != '"') {	2395	if (*from != '"') {
2396	*to = from;	2396	*to = from;
2397	*to += 1;	2397	*to += 1;
2398	}	2398	}
2399	from += 1;	2399	from += 1;
2400	current_size += 1;	2400	current_size += 1;
2401	}	2401	}
2402	}	2402	}
2403		2403
2404	static int selinux_sb_copy_data(char orig, char copy)	2404	static int selinux_sb_copy_data(char orig, char copy)
2405	{	2405	{
2406	int fnosec, fsec, rc = 0;	2406	int fnosec, fsec, rc = 0;
2407	char in_save, in_curr, *in_end;	2407	char in_save, in_curr, *in_end;
2408	char sec_curr, nosec_save, *nosec;	2408	char sec_curr, nosec_save, *nosec;
2409	int open_quote = 0;	2409	int open_quote = 0;
2410		2410
2411	in_curr = orig;	2411	in_curr = orig;
2412	sec_curr = copy;	2412	sec_curr = copy;
2413		2413
2414	nosec = (char *)get_zeroed_page(GFP_KERNEL);	2414	nosec = (char *)get_zeroed_page(GFP_KERNEL);
2415	if (!nosec) {	2415	if (!nosec) {
2416	rc = -ENOMEM;	2416	rc = -ENOMEM;
2417	goto out;	2417	goto out;
2418	}	2418	}
2419		2419
2420	nosec_save = nosec;	2420	nosec_save = nosec;
2421	fnosec = fsec = 1;	2421	fnosec = fsec = 1;
2422	in_save = in_end = orig;	2422	in_save = in_end = orig;
2423		2423
2424	do {	2424	do {
2425	if (*in_end == '"')	2425	if (*in_end == '"')
2426	open_quote = !open_quote;	2426	open_quote = !open_quote;
2427	if ((*in_end == ',' && open_quote == 0) \|\|	2427	if ((*in_end == ',' && open_quote == 0) \|\|
2428	*in_end == '\0') {	2428	*in_end == '\0') {
2429	int len = in_end - in_curr;	2429	int len = in_end - in_curr;
2430		2430
2431	if (selinux_option(in_curr, len))	2431	if (selinux_option(in_curr, len))
2432	take_selinux_option(&sec_curr, in_curr, &fsec, len);	2432	take_selinux_option(&sec_curr, in_curr, &fsec, len);
2433	else	2433	else
2434	take_option(&nosec, in_curr, &fnosec, len);	2434	take_option(&nosec, in_curr, &fnosec, len);
2435		2435
2436	in_curr = in_end + 1;	2436	in_curr = in_end + 1;
2437	}	2437	}
2438	} while (*in_end++);	2438	} while (*in_end++);
2439		2439
2440	strcpy(in_save, nosec_save);	2440	strcpy(in_save, nosec_save);
2441	free_page((unsigned long)nosec_save);	2441	free_page((unsigned long)nosec_save);
2442	out:	2442	out:
2443	return rc;	2443	return rc;
2444	}	2444	}
2445		2445
2446	static int selinux_sb_kern_mount(struct super_block sb, int flags, void data)	2446	static int selinux_sb_kern_mount(struct super_block sb, int flags, void data)
2447	{	2447	{
2448	const struct cred *cred = current_cred();	2448	const struct cred *cred = current_cred();
2449	struct common_audit_data ad;	2449	struct common_audit_data ad;
2450	int rc;	2450	int rc;
2451		2451
2452	rc = superblock_doinit(sb, data);	2452	rc = superblock_doinit(sb, data);
2453	if (rc)	2453	if (rc)
2454	return rc;	2454	return rc;
2455		2455
2456	/* Allow all mounts performed by the kernel */	2456	/* Allow all mounts performed by the kernel */
2457	if (flags & MS_KERNMOUNT)	2457	if (flags & MS_KERNMOUNT)
2458	return 0;	2458	return 0;
2459		2459
2460	COMMON_AUDIT_DATA_INIT(&ad, FS);	2460	COMMON_AUDIT_DATA_INIT(&ad, FS);
2461	ad.u.fs.path.dentry = sb->s_root;	2461	ad.u.fs.path.dentry = sb->s_root;
2462	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);	2462	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2463	}	2463	}
2464		2464
2465	static int selinux_sb_statfs(struct dentry *dentry)	2465	static int selinux_sb_statfs(struct dentry *dentry)
2466	{	2466	{
2467	const struct cred *cred = current_cred();	2467	const struct cred *cred = current_cred();
2468	struct common_audit_data ad;	2468	struct common_audit_data ad;
2469		2469
2470	COMMON_AUDIT_DATA_INIT(&ad, FS);	2470	COMMON_AUDIT_DATA_INIT(&ad, FS);
2471	ad.u.fs.path.dentry = dentry->d_sb->s_root;	2471	ad.u.fs.path.dentry = dentry->d_sb->s_root;
2472	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);	2472	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2473	}	2473	}
2474		2474
2475	static int selinux_mount(char *dev_name,	2475	static int selinux_mount(char *dev_name,
2476	struct path *path,	2476	struct path *path,
2477	char *type,	2477	char *type,
2478	unsigned long flags,	2478	unsigned long flags,
2479	void *data)	2479	void *data)
2480	{	2480	{
2481	const struct cred *cred = current_cred();	2481	const struct cred *cred = current_cred();
2482		2482
2483	if (flags & MS_REMOUNT)	2483	if (flags & MS_REMOUNT)
2484	return superblock_has_perm(cred, path->mnt->mnt_sb,	2484	return superblock_has_perm(cred, path->mnt->mnt_sb,
2485	FILESYSTEM__REMOUNT, NULL);	2485	FILESYSTEM__REMOUNT, NULL);
2486	else	2486	else
2487	return dentry_has_perm(cred, path->mnt, path->dentry,	2487	return dentry_has_perm(cred, path->mnt, path->dentry,
2488	FILE__MOUNTON);	2488	FILE__MOUNTON);
2489	}	2489	}
2490		2490
2491	static int selinux_umount(struct vfsmount *mnt, int flags)	2491	static int selinux_umount(struct vfsmount *mnt, int flags)
2492	{	2492	{
2493	const struct cred *cred = current_cred();	2493	const struct cred *cred = current_cred();
2494		2494
2495	return superblock_has_perm(cred, mnt->mnt_sb,	2495	return superblock_has_perm(cred, mnt->mnt_sb,
2496	FILESYSTEM__UNMOUNT, NULL);	2496	FILESYSTEM__UNMOUNT, NULL);
2497	}	2497	}
2498		2498
2499	/* inode security operations */	2499	/* inode security operations */
2500		2500
2501	static int selinux_inode_alloc_security(struct inode *inode)	2501	static int selinux_inode_alloc_security(struct inode *inode)
2502	{	2502	{
2503	return inode_alloc_security(inode);	2503	return inode_alloc_security(inode);
2504	}	2504	}
2505		2505
2506	static void selinux_inode_free_security(struct inode *inode)	2506	static void selinux_inode_free_security(struct inode *inode)
2507	{	2507	{
2508	inode_free_security(inode);	2508	inode_free_security(inode);
2509	}	2509	}
2510		2510
2511	static int selinux_inode_init_security(struct inode inode, struct inode dir,	2511	static int selinux_inode_init_security(struct inode inode, struct inode dir,
2512	char name, void value,	2512	char name, void value,
2513	size_t *len)	2513	size_t *len)
2514	{	2514	{
2515	const struct task_security_struct *tsec = current_security();	2515	const struct task_security_struct *tsec = current_security();
2516	struct inode_security_struct *dsec;	2516	struct inode_security_struct *dsec;
2517	struct superblock_security_struct *sbsec;	2517	struct superblock_security_struct *sbsec;
2518	u32 sid, newsid, clen;	2518	u32 sid, newsid, clen;
2519	int rc;	2519	int rc;
2520	char namep = NULL, context;	2520	char namep = NULL, context;
2521		2521
2522	dsec = dir->i_security;	2522	dsec = dir->i_security;
2523	sbsec = dir->i_sb->s_security;	2523	sbsec = dir->i_sb->s_security;
2524		2524
2525	sid = tsec->sid;	2525	sid = tsec->sid;
2526	newsid = tsec->create_sid;	2526	newsid = tsec->create_sid;
2527		2527
2528	if (!newsid \|\| !(sbsec->flags & SE_SBLABELSUPP)) {	2528	if (!newsid \|\| !(sbsec->flags & SE_SBLABELSUPP)) {
2529	rc = security_transition_sid(sid, dsec->sid,	2529	rc = security_transition_sid(sid, dsec->sid,
2530	inode_mode_to_security_class(inode->i_mode),	2530	inode_mode_to_security_class(inode->i_mode),
2531	&newsid);	2531	&newsid);
2532	if (rc) {	2532	if (rc) {
2533	printk(KERN_WARNING "%s: "	2533	printk(KERN_WARNING "%s: "
2534	"security_transition_sid failed, rc=%d (dev=%s "	2534	"security_transition_sid failed, rc=%d (dev=%s "
2535	"ino=%ld)\n",	2535	"ino=%ld)\n",
2536	__func__,	2536	__func__,
2537	-rc, inode->i_sb->s_id, inode->i_ino);	2537	-rc, inode->i_sb->s_id, inode->i_ino);
2538	return rc;	2538	return rc;
2539	}	2539	}
2540	}	2540	}
2541		2541
2542	/* Possibly defer initialization to selinux_complete_init. */	2542	/* Possibly defer initialization to selinux_complete_init. */
2543	if (sbsec->flags & SE_SBINITIALIZED) {	2543	if (sbsec->flags & SE_SBINITIALIZED) {
2544	struct inode_security_struct *isec = inode->i_security;	2544	struct inode_security_struct *isec = inode->i_security;
2545	isec->sclass = inode_mode_to_security_class(inode->i_mode);	2545	isec->sclass = inode_mode_to_security_class(inode->i_mode);
2546	isec->sid = newsid;	2546	isec->sid = newsid;
2547	isec->initialized = 1;	2547	isec->initialized = 1;
2548	}	2548	}
2549		2549
2550	if (!ss_initialized \|\| !(sbsec->flags & SE_SBLABELSUPP))	2550	if (!ss_initialized \|\| !(sbsec->flags & SE_SBLABELSUPP))
2551	return -EOPNOTSUPP;	2551	return -EOPNOTSUPP;
2552		2552
2553	if (name) {	2553	if (name) {
2554	namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);	2554	namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2555	if (!namep)	2555	if (!namep)
2556	return -ENOMEM;	2556	return -ENOMEM;
2557	*name = namep;	2557	*name = namep;
2558	}	2558	}
2559		2559
2560	if (value && len) {	2560	if (value && len) {
2561	rc = security_sid_to_context_force(newsid, &context, &clen);	2561	rc = security_sid_to_context_force(newsid, &context, &clen);
2562	if (rc) {	2562	if (rc) {
2563	kfree(namep);	2563	kfree(namep);
2564	return rc;	2564	return rc;
2565	}	2565	}
2566	*value = context;	2566	*value = context;
2567	*len = clen;	2567	*len = clen;
2568	}	2568	}
2569		2569
2570	return 0;	2570	return 0;
2571	}	2571	}
2572		2572
2573	static int selinux_inode_create(struct inode dir, struct dentry dentry, int mask)	2573	static int selinux_inode_create(struct inode dir, struct dentry dentry, int mask)
2574	{	2574	{
2575	return may_create(dir, dentry, SECCLASS_FILE);	2575	return may_create(dir, dentry, SECCLASS_FILE);
2576	}	2576	}
2577		2577
2578	static int selinux_inode_link(struct dentry old_dentry, struct inode dir, struct dentry *new_dentry)	2578	static int selinux_inode_link(struct dentry old_dentry, struct inode dir, struct dentry *new_dentry)
2579	{	2579	{
2580	return may_link(dir, old_dentry, MAY_LINK);	2580	return may_link(dir, old_dentry, MAY_LINK);
2581	}	2581	}
2582		2582
2583	static int selinux_inode_unlink(struct inode dir, struct dentry dentry)	2583	static int selinux_inode_unlink(struct inode dir, struct dentry dentry)
2584	{	2584	{
2585	return may_link(dir, dentry, MAY_UNLINK);	2585	return may_link(dir, dentry, MAY_UNLINK);
2586	}	2586	}
2587		2587
2588	static int selinux_inode_symlink(struct inode dir, struct dentry dentry, const char *name)	2588	static int selinux_inode_symlink(struct inode dir, struct dentry dentry, const char *name)
2589	{	2589	{
2590	return may_create(dir, dentry, SECCLASS_LNK_FILE);	2590	return may_create(dir, dentry, SECCLASS_LNK_FILE);
2591	}	2591	}
2592		2592
2593	static int selinux_inode_mkdir(struct inode dir, struct dentry dentry, int mask)	2593	static int selinux_inode_mkdir(struct inode dir, struct dentry dentry, int mask)
2594	{	2594	{
2595	return may_create(dir, dentry, SECCLASS_DIR);	2595	return may_create(dir, dentry, SECCLASS_DIR);
2596	}	2596	}
2597		2597
2598	static int selinux_inode_rmdir(struct inode dir, struct dentry dentry)	2598	static int selinux_inode_rmdir(struct inode dir, struct dentry dentry)
2599	{	2599	{
2600	return may_link(dir, dentry, MAY_RMDIR);	2600	return may_link(dir, dentry, MAY_RMDIR);
2601	}	2601	}
2602		2602
2603	static int selinux_inode_mknod(struct inode dir, struct dentry dentry, int mode, dev_t dev)	2603	static int selinux_inode_mknod(struct inode dir, struct dentry dentry, int mode, dev_t dev)
2604	{	2604	{
2605	return may_create(dir, dentry, inode_mode_to_security_class(mode));	2605	return may_create(dir, dentry, inode_mode_to_security_class(mode));
2606	}	2606	}
2607		2607
2608	static int selinux_inode_rename(struct inode old_inode, struct dentry old_dentry,	2608	static int selinux_inode_rename(struct inode old_inode, struct dentry old_dentry,
2609	struct inode new_inode, struct dentry new_dentry)	2609	struct inode new_inode, struct dentry new_dentry)
2610	{	2610	{
2611	return may_rename(old_inode, old_dentry, new_inode, new_dentry);	2611	return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2612	}	2612	}
2613		2613
2614	static int selinux_inode_readlink(struct dentry *dentry)	2614	static int selinux_inode_readlink(struct dentry *dentry)
2615	{	2615	{
2616	const struct cred *cred = current_cred();	2616	const struct cred *cred = current_cred();
2617		2617
2618	return dentry_has_perm(cred, NULL, dentry, FILE__READ);	2618	return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2619	}	2619	}
2620		2620
2621	static int selinux_inode_follow_link(struct dentry dentry, struct nameidata nameidata)	2621	static int selinux_inode_follow_link(struct dentry dentry, struct nameidata nameidata)
2622	{	2622	{
2623	const struct cred *cred = current_cred();	2623	const struct cred *cred = current_cred();
2624		2624
2625	return dentry_has_perm(cred, NULL, dentry, FILE__READ);	2625	return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2626	}	2626	}
2627		2627
2628	static int selinux_inode_permission(struct inode *inode, int mask)	2628	static int selinux_inode_permission(struct inode *inode, int mask)
2629	{	2629	{
2630	const struct cred *cred = current_cred();	2630	const struct cred *cred = current_cred();
2631	struct common_audit_data ad;	2631	struct common_audit_data ad;
2632	u32 perms;	2632	u32 perms;
2633	bool from_access;	2633	bool from_access;
2634		2634
2635	from_access = mask & MAY_ACCESS;	2635	from_access = mask & MAY_ACCESS;
2636	mask &= (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND);	2636	mask &= (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND);
2637		2637
2638	/* No permission to check. Existence test. */	2638	/* No permission to check. Existence test. */
2639	if (!mask)	2639	if (!mask)
2640	return 0;	2640	return 0;
2641		2641
2642	COMMON_AUDIT_DATA_INIT(&ad, FS);	2642	COMMON_AUDIT_DATA_INIT(&ad, FS);
2643	ad.u.fs.inode = inode;	2643	ad.u.fs.inode = inode;
2644		2644
2645	if (from_access)	2645	if (from_access)
2646	ad.selinux_audit_data.auditdeny \|= FILE__AUDIT_ACCESS;	2646	ad.selinux_audit_data.auditdeny \|= FILE__AUDIT_ACCESS;
2647		2647
2648	perms = file_mask_to_av(inode->i_mode, mask);	2648	perms = file_mask_to_av(inode->i_mode, mask);
2649		2649
2650	return inode_has_perm(cred, inode, perms, &ad);	2650	return inode_has_perm(cred, inode, perms, &ad);
2651	}	2651	}
2652		2652
2653	static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)	2653	static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)
2654	{	2654	{
2655	const struct cred *cred = current_cred();	2655	const struct cred *cred = current_cred();
2656	unsigned int ia_valid = iattr->ia_valid;	2656	unsigned int ia_valid = iattr->ia_valid;
2657		2657
2658	/* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */	2658	/* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */
2659	if (ia_valid & ATTR_FORCE) {	2659	if (ia_valid & ATTR_FORCE) {
2660	ia_valid &= ~(ATTR_KILL_SUID \| ATTR_KILL_SGID \| ATTR_MODE \|	2660	ia_valid &= ~(ATTR_KILL_SUID \| ATTR_KILL_SGID \| ATTR_MODE \|
2661	ATTR_FORCE);	2661	ATTR_FORCE);
2662	if (!ia_valid)	2662	if (!ia_valid)
2663	return 0;	2663	return 0;
2664	}	2664	}
2665		2665
2666	if (ia_valid & (ATTR_MODE \| ATTR_UID \| ATTR_GID \|	2666	if (ia_valid & (ATTR_MODE \| ATTR_UID \| ATTR_GID \|
2667	ATTR_ATIME_SET \| ATTR_MTIME_SET \| ATTR_TIMES_SET))	2667	ATTR_ATIME_SET \| ATTR_MTIME_SET \| ATTR_TIMES_SET))
2668	return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);	2668	return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2669		2669
2670	return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);	2670	return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2671	}	2671	}
2672		2672
2673	static int selinux_inode_getattr(struct vfsmount mnt, struct dentry dentry)	2673	static int selinux_inode_getattr(struct vfsmount mnt, struct dentry dentry)
2674	{	2674	{
2675	const struct cred *cred = current_cred();	2675	const struct cred *cred = current_cred();
2676		2676
2677	return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);	2677	return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2678	}	2678	}
2679		2679
2680	static int selinux_inode_setotherxattr(struct dentry dentry, const char name)	2680	static int selinux_inode_setotherxattr(struct dentry dentry, const char name)
2681	{	2681	{
2682	const struct cred *cred = current_cred();	2682	const struct cred *cred = current_cred();
2683		2683
2684	if (!strncmp(name, XATTR_SECURITY_PREFIX,	2684	if (!strncmp(name, XATTR_SECURITY_PREFIX,
2685	sizeof XATTR_SECURITY_PREFIX - 1)) {	2685	sizeof XATTR_SECURITY_PREFIX - 1)) {
2686	if (!strcmp(name, XATTR_NAME_CAPS)) {	2686	if (!strcmp(name, XATTR_NAME_CAPS)) {
2687	if (!capable(CAP_SETFCAP))	2687	if (!capable(CAP_SETFCAP))
2688	return -EPERM;	2688	return -EPERM;
2689	} else if (!capable(CAP_SYS_ADMIN)) {	2689	} else if (!capable(CAP_SYS_ADMIN)) {
2690	/* A different attribute in the security namespace.	2690	/* A different attribute in the security namespace.
2691	Restrict to administrator. */	2691	Restrict to administrator. */
2692	return -EPERM;	2692	return -EPERM;
2693	}	2693	}
2694	}	2694	}
2695		2695
2696	/* Not an attribute we recognize, so just check the	2696	/* Not an attribute we recognize, so just check the
2697	ordinary setattr permission. */	2697	ordinary setattr permission. */
2698	return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);	2698	return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2699	}	2699	}
2700		2700
2701	static int selinux_inode_setxattr(struct dentry dentry, const char name,	2701	static int selinux_inode_setxattr(struct dentry dentry, const char name,
2702	const void *value, size_t size, int flags)	2702	const void *value, size_t size, int flags)
2703	{	2703	{
2704	struct inode *inode = dentry->d_inode;	2704	struct inode *inode = dentry->d_inode;
2705	struct inode_security_struct *isec = inode->i_security;	2705	struct inode_security_struct *isec = inode->i_security;
2706	struct superblock_security_struct *sbsec;	2706	struct superblock_security_struct *sbsec;
2707	struct common_audit_data ad;	2707	struct common_audit_data ad;
2708	u32 newsid, sid = current_sid();	2708	u32 newsid, sid = current_sid();
2709	int rc = 0;	2709	int rc = 0;
2710		2710
2711	if (strcmp(name, XATTR_NAME_SELINUX))	2711	if (strcmp(name, XATTR_NAME_SELINUX))
2712	return selinux_inode_setotherxattr(dentry, name);	2712	return selinux_inode_setotherxattr(dentry, name);
2713		2713
2714	sbsec = inode->i_sb->s_security;	2714	sbsec = inode->i_sb->s_security;
2715	if (!(sbsec->flags & SE_SBLABELSUPP))	2715	if (!(sbsec->flags & SE_SBLABELSUPP))
2716	return -EOPNOTSUPP;	2716	return -EOPNOTSUPP;
2717		2717
2718	if (!is_owner_or_cap(inode))	2718	if (!is_owner_or_cap(inode))
2719	return -EPERM;	2719	return -EPERM;
2720		2720
2721	COMMON_AUDIT_DATA_INIT(&ad, FS);	2721	COMMON_AUDIT_DATA_INIT(&ad, FS);
2722	ad.u.fs.path.dentry = dentry;	2722	ad.u.fs.path.dentry = dentry;
2723		2723
2724	rc = avc_has_perm(sid, isec->sid, isec->sclass,	2724	rc = avc_has_perm(sid, isec->sid, isec->sclass,
2725	FILE__RELABELFROM, &ad);	2725	FILE__RELABELFROM, &ad);
2726	if (rc)	2726	if (rc)
2727	return rc;	2727	return rc;
2728		2728
2729	rc = security_context_to_sid(value, size, &newsid);	2729	rc = security_context_to_sid(value, size, &newsid);
2730	if (rc == -EINVAL) {	2730	if (rc == -EINVAL) {
2731	if (!capable(CAP_MAC_ADMIN))	2731	if (!capable(CAP_MAC_ADMIN))
2732	return rc;	2732	return rc;
2733	rc = security_context_to_sid_force(value, size, &newsid);	2733	rc = security_context_to_sid_force(value, size, &newsid);
2734	}	2734	}
2735	if (rc)	2735	if (rc)
2736	return rc;	2736	return rc;
2737		2737
2738	rc = avc_has_perm(sid, newsid, isec->sclass,	2738	rc = avc_has_perm(sid, newsid, isec->sclass,
2739	FILE__RELABELTO, &ad);	2739	FILE__RELABELTO, &ad);
2740	if (rc)	2740	if (rc)
2741	return rc;	2741	return rc;
2742		2742
2743	rc = security_validate_transition(isec->sid, newsid, sid,	2743	rc = security_validate_transition(isec->sid, newsid, sid,
2744	isec->sclass);	2744	isec->sclass);
2745	if (rc)	2745	if (rc)
2746	return rc;	2746	return rc;
2747		2747
2748	return avc_has_perm(newsid,	2748	return avc_has_perm(newsid,
2749	sbsec->sid,	2749	sbsec->sid,
2750	SECCLASS_FILESYSTEM,	2750	SECCLASS_FILESYSTEM,
2751	FILESYSTEM__ASSOCIATE,	2751	FILESYSTEM__ASSOCIATE,
2752	&ad);	2752	&ad);
2753	}	2753	}
2754		2754
2755	static void selinux_inode_post_setxattr(struct dentry dentry, const char name,	2755	static void selinux_inode_post_setxattr(struct dentry dentry, const char name,
2756	const void *value, size_t size,	2756	const void *value, size_t size,
2757	int flags)	2757	int flags)
2758	{	2758	{
2759	struct inode *inode = dentry->d_inode;	2759	struct inode *inode = dentry->d_inode;
2760	struct inode_security_struct *isec = inode->i_security;	2760	struct inode_security_struct *isec = inode->i_security;
2761	u32 newsid;	2761	u32 newsid;
2762	int rc;	2762	int rc;
2763		2763
2764	if (strcmp(name, XATTR_NAME_SELINUX)) {	2764	if (strcmp(name, XATTR_NAME_SELINUX)) {
2765	/* Not an attribute we recognize, so nothing to do. */	2765	/* Not an attribute we recognize, so nothing to do. */
2766	return;	2766	return;
2767	}	2767	}
2768		2768
2769	rc = security_context_to_sid_force(value, size, &newsid);	2769	rc = security_context_to_sid_force(value, size, &newsid);
2770	if (rc) {	2770	if (rc) {
2771	printk(KERN_ERR "SELinux: unable to map context to SID"	2771	printk(KERN_ERR "SELinux: unable to map context to SID"
2772	"for (%s, %lu), rc=%d\n",	2772	"for (%s, %lu), rc=%d\n",
2773	inode->i_sb->s_id, inode->i_ino, -rc);	2773	inode->i_sb->s_id, inode->i_ino, -rc);
2774	return;	2774	return;
2775	}	2775	}
2776		2776
2777	isec->sid = newsid;	2777	isec->sid = newsid;
2778	return;	2778	return;
2779	}	2779	}
2780		2780
2781	static int selinux_inode_getxattr(struct dentry dentry, const char name)	2781	static int selinux_inode_getxattr(struct dentry dentry, const char name)
2782	{	2782	{
2783	const struct cred *cred = current_cred();	2783	const struct cred *cred = current_cred();
2784		2784
2785	return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);	2785	return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2786	}	2786	}
2787		2787
2788	static int selinux_inode_listxattr(struct dentry *dentry)	2788	static int selinux_inode_listxattr(struct dentry *dentry)
2789	{	2789	{
2790	const struct cred *cred = current_cred();	2790	const struct cred *cred = current_cred();
2791		2791
2792	return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);	2792	return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2793	}	2793	}
2794		2794
2795	static int selinux_inode_removexattr(struct dentry dentry, const char name)	2795	static int selinux_inode_removexattr(struct dentry dentry, const char name)
2796	{	2796	{
2797	if (strcmp(name, XATTR_NAME_SELINUX))	2797	if (strcmp(name, XATTR_NAME_SELINUX))
2798	return selinux_inode_setotherxattr(dentry, name);	2798	return selinux_inode_setotherxattr(dentry, name);
2799		2799
2800	/* No one is allowed to remove a SELinux security label.	2800	/* No one is allowed to remove a SELinux security label.
2801	You can change the label, but all data must be labeled. */	2801	You can change the label, but all data must be labeled. */
2802	return -EACCES;	2802	return -EACCES;
2803	}	2803	}
2804		2804
2805	/*	2805	/*
2806	* Copy the inode security context value to the user.	2806	* Copy the inode security context value to the user.
2807	*	2807	*
2808	* Permission check is handled by selinux_inode_getxattr hook.	2808	* Permission check is handled by selinux_inode_getxattr hook.
2809	*/	2809	*/
2810	static int selinux_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)	2810	static int selinux_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)
2811	{	2811	{
2812	u32 size;	2812	u32 size;
2813	int error;	2813	int error;
2814	char *context = NULL;	2814	char *context = NULL;
2815	struct inode_security_struct *isec = inode->i_security;	2815	struct inode_security_struct *isec = inode->i_security;
2816		2816
2817	if (strcmp(name, XATTR_SELINUX_SUFFIX))	2817	if (strcmp(name, XATTR_SELINUX_SUFFIX))
2818	return -EOPNOTSUPP;	2818	return -EOPNOTSUPP;
2819		2819
2820	/*	2820	/*
2821	* If the caller has CAP_MAC_ADMIN, then get the raw context	2821	* If the caller has CAP_MAC_ADMIN, then get the raw context
2822	* value even if it is not defined by current policy; otherwise,	2822	* value even if it is not defined by current policy; otherwise,
2823	* use the in-core value under current policy.	2823	* use the in-core value under current policy.
2824	* Use the non-auditing forms of the permission checks since	2824	* Use the non-auditing forms of the permission checks since
2825	* getxattr may be called by unprivileged processes commonly	2825	* getxattr may be called by unprivileged processes commonly
2826	* and lack of permission just means that we fall back to the	2826	* and lack of permission just means that we fall back to the
2827	* in-core context value, not a denial.	2827	* in-core context value, not a denial.
2828	*/	2828	*/
2829	error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,	2829	error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
2830	SECURITY_CAP_NOAUDIT);	2830	SECURITY_CAP_NOAUDIT);
2831	if (!error)	2831	if (!error)
2832	error = security_sid_to_context_force(isec->sid, &context,	2832	error = security_sid_to_context_force(isec->sid, &context,
2833	&size);	2833	&size);
2834	else	2834	else
2835	error = security_sid_to_context(isec->sid, &context, &size);	2835	error = security_sid_to_context(isec->sid, &context, &size);
2836	if (error)	2836	if (error)
2837	return error;	2837	return error;
2838	error = size;	2838	error = size;
2839	if (alloc) {	2839	if (alloc) {
2840	*buffer = context;	2840	*buffer = context;
2841	goto out_nofree;	2841	goto out_nofree;
2842	}	2842	}
2843	kfree(context);	2843	kfree(context);
2844	out_nofree:	2844	out_nofree:
2845	return error;	2845	return error;
2846	}	2846	}
2847		2847
2848	static int selinux_inode_setsecurity(struct inode inode, const char name,	2848	static int selinux_inode_setsecurity(struct inode inode, const char name,
2849	const void *value, size_t size, int flags)	2849	const void *value, size_t size, int flags)
2850	{	2850	{
2851	struct inode_security_struct *isec = inode->i_security;	2851	struct inode_security_struct *isec = inode->i_security;
2852	u32 newsid;	2852	u32 newsid;
2853	int rc;	2853	int rc;
2854		2854
2855	if (strcmp(name, XATTR_SELINUX_SUFFIX))	2855	if (strcmp(name, XATTR_SELINUX_SUFFIX))
2856	return -EOPNOTSUPP;	2856	return -EOPNOTSUPP;
2857		2857
2858	if (!value \|\| !size)	2858	if (!value \|\| !size)
2859	return -EACCES;	2859	return -EACCES;
2860		2860
2861	rc = security_context_to_sid((void *)value, size, &newsid);	2861	rc = security_context_to_sid((void *)value, size, &newsid);
2862	if (rc)	2862	if (rc)
2863	return rc;	2863	return rc;
2864		2864
2865	isec->sid = newsid;	2865	isec->sid = newsid;
2866	isec->initialized = 1;	2866	isec->initialized = 1;
2867	return 0;	2867	return 0;
2868	}	2868	}
2869		2869
2870	static int selinux_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size)	2870	static int selinux_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size)
2871	{	2871	{
2872	const int len = sizeof(XATTR_NAME_SELINUX);	2872	const int len = sizeof(XATTR_NAME_SELINUX);
2873	if (buffer && len <= buffer_size)	2873	if (buffer && len <= buffer_size)
2874	memcpy(buffer, XATTR_NAME_SELINUX, len);	2874	memcpy(buffer, XATTR_NAME_SELINUX, len);
2875	return len;	2875	return len;
2876	}	2876	}
2877		2877
2878	static void selinux_inode_getsecid(const struct inode inode, u32 secid)	2878	static void selinux_inode_getsecid(const struct inode inode, u32 secid)
2879	{	2879	{
2880	struct inode_security_struct *isec = inode->i_security;	2880	struct inode_security_struct *isec = inode->i_security;
2881	*secid = isec->sid;	2881	*secid = isec->sid;
2882	}	2882	}
2883		2883
2884	/* file security operations */	2884	/* file security operations */
2885		2885
2886	static int selinux_revalidate_file_permission(struct file *file, int mask)	2886	static int selinux_revalidate_file_permission(struct file *file, int mask)
2887	{	2887	{
2888	const struct cred *cred = current_cred();	2888	const struct cred *cred = current_cred();
2889	struct inode *inode = file->f_path.dentry->d_inode;	2889	struct inode *inode = file->f_path.dentry->d_inode;
2890		2890
2891	/* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */	2891	/* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2892	if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))	2892	if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2893	mask \|= MAY_APPEND;	2893	mask \|= MAY_APPEND;
2894		2894
2895	return file_has_perm(cred, file,	2895	return file_has_perm(cred, file,
2896	file_mask_to_av(inode->i_mode, mask));	2896	file_mask_to_av(inode->i_mode, mask));
2897	}	2897	}
2898		2898
2899	static int selinux_file_permission(struct file *file, int mask)	2899	static int selinux_file_permission(struct file *file, int mask)
2900	{	2900	{
2901	struct inode *inode = file->f_path.dentry->d_inode;	2901	struct inode *inode = file->f_path.dentry->d_inode;
2902	struct file_security_struct *fsec = file->f_security;	2902	struct file_security_struct *fsec = file->f_security;
2903	struct inode_security_struct *isec = inode->i_security;	2903	struct inode_security_struct *isec = inode->i_security;
2904	u32 sid = current_sid();	2904	u32 sid = current_sid();
2905		2905
2906	if (!mask)	2906	if (!mask)
2907	/* No permission to check. Existence test. */	2907	/* No permission to check. Existence test. */
2908	return 0;	2908	return 0;
2909		2909
2910	if (sid == fsec->sid && fsec->isid == isec->sid &&	2910	if (sid == fsec->sid && fsec->isid == isec->sid &&
2911	fsec->pseqno == avc_policy_seqno())	2911	fsec->pseqno == avc_policy_seqno())
2912	/* No change since dentry_open check. */	2912	/* No change since dentry_open check. */
2913	return 0;	2913	return 0;
2914		2914
2915	return selinux_revalidate_file_permission(file, mask);	2915	return selinux_revalidate_file_permission(file, mask);
2916	}	2916	}
2917		2917
2918	static int selinux_file_alloc_security(struct file *file)	2918	static int selinux_file_alloc_security(struct file *file)
2919	{	2919	{
2920	return file_alloc_security(file);	2920	return file_alloc_security(file);
2921	}	2921	}
2922		2922
2923	static void selinux_file_free_security(struct file *file)	2923	static void selinux_file_free_security(struct file *file)
2924	{	2924	{
2925	file_free_security(file);	2925	file_free_security(file);
2926	}	2926	}
2927		2927
2928	static int selinux_file_ioctl(struct file *file, unsigned int cmd,	2928	static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2929	unsigned long arg)	2929	unsigned long arg)
2930	{	2930	{
2931	const struct cred *cred = current_cred();	2931	const struct cred *cred = current_cred();
2932	u32 av = 0;	2932	u32 av = 0;
2933		2933
2934	if (_IOC_DIR(cmd) & _IOC_WRITE)	2934	if (_IOC_DIR(cmd) & _IOC_WRITE)
2935	av \|= FILE__WRITE;	2935	av \|= FILE__WRITE;
2936	if (_IOC_DIR(cmd) & _IOC_READ)	2936	if (_IOC_DIR(cmd) & _IOC_READ)
2937	av \|= FILE__READ;	2937	av \|= FILE__READ;
2938	if (!av)	2938	if (!av)
2939	av = FILE__IOCTL;	2939	av = FILE__IOCTL;
2940		2940
2941	return file_has_perm(cred, file, av);	2941	return file_has_perm(cred, file, av);
2942	}	2942	}
2943		2943
2944	static int default_noexec;	2944	static int default_noexec;
2945		2945
2946	static int file_map_prot_check(struct file *file, unsigned long prot, int shared)	2946	static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2947	{	2947	{
2948	const struct cred *cred = current_cred();	2948	const struct cred *cred = current_cred();
2949	int rc = 0;	2949	int rc = 0;
2950		2950
2951	if (default_noexec &&	2951	if (default_noexec &&
2952	(prot & PROT_EXEC) && (!file \|\| (!shared && (prot & PROT_WRITE)))) {	2952	(prot & PROT_EXEC) && (!file \|\| (!shared && (prot & PROT_WRITE)))) {
2953	/*	2953	/*
2954	* We are making executable an anonymous mapping or a	2954	* We are making executable an anonymous mapping or a
2955	* private file mapping that will also be writable.	2955	* private file mapping that will also be writable.
2956	* This has an additional check.	2956	* This has an additional check.
2957	*/	2957	*/
2958	rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);	2958	rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
2959	if (rc)	2959	if (rc)
2960	goto error;	2960	goto error;
2961	}	2961	}
2962		2962
2963	if (file) {	2963	if (file) {
2964	/* read access is always possible with a mapping */	2964	/* read access is always possible with a mapping */
2965	u32 av = FILE__READ;	2965	u32 av = FILE__READ;
2966		2966
2967	/* write access only matters if the mapping is shared */	2967	/* write access only matters if the mapping is shared */
2968	if (shared && (prot & PROT_WRITE))	2968	if (shared && (prot & PROT_WRITE))
2969	av \|= FILE__WRITE;	2969	av \|= FILE__WRITE;
2970		2970
2971	if (prot & PROT_EXEC)	2971	if (prot & PROT_EXEC)
2972	av \|= FILE__EXECUTE;	2972	av \|= FILE__EXECUTE;
2973		2973
2974	return file_has_perm(cred, file, av);	2974	return file_has_perm(cred, file, av);
2975	}	2975	}
2976		2976
2977	error:	2977	error:
2978	return rc;	2978	return rc;
2979	}	2979	}
2980		2980
2981	static int selinux_file_mmap(struct file *file, unsigned long reqprot,	2981	static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2982	unsigned long prot, unsigned long flags,	2982	unsigned long prot, unsigned long flags,
2983	unsigned long addr, unsigned long addr_only)	2983	unsigned long addr, unsigned long addr_only)
2984	{	2984	{
2985	int rc = 0;	2985	int rc = 0;
2986	u32 sid = current_sid();	2986	u32 sid = current_sid();
2987		2987
2988	/*	2988	/*
2989	* notice that we are intentionally putting the SELinux check before	2989	* notice that we are intentionally putting the SELinux check before
2990	* the secondary cap_file_mmap check. This is such a likely attempt	2990	* the secondary cap_file_mmap check. This is such a likely attempt
2991	* at bad behaviour/exploit that we always want to get the AVC, even	2991	* at bad behaviour/exploit that we always want to get the AVC, even
2992	* if DAC would have also denied the operation.	2992	* if DAC would have also denied the operation.
2993	*/	2993	*/
2994	if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {	2994	if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
2995	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,	2995	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
2996	MEMPROTECT__MMAP_ZERO, NULL);	2996	MEMPROTECT__MMAP_ZERO, NULL);
2997	if (rc)	2997	if (rc)
2998	return rc;	2998	return rc;
2999	}	2999	}
3000		3000
3001	/* do DAC check on address space usage */	3001	/* do DAC check on address space usage */
3002	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);	3002	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3003	if (rc \|\| addr_only)	3003	if (rc \|\| addr_only)
3004	return rc;	3004	return rc;
3005		3005
3006	if (selinux_checkreqprot)	3006	if (selinux_checkreqprot)
3007	prot = reqprot;	3007	prot = reqprot;
3008		3008
3009	return file_map_prot_check(file, prot,	3009	return file_map_prot_check(file, prot,
3010	(flags & MAP_TYPE) == MAP_SHARED);	3010	(flags & MAP_TYPE) == MAP_SHARED);
3011	}	3011	}
3012		3012
3013	static int selinux_file_mprotect(struct vm_area_struct *vma,	3013	static int selinux_file_mprotect(struct vm_area_struct *vma,
3014	unsigned long reqprot,	3014	unsigned long reqprot,
3015	unsigned long prot)	3015	unsigned long prot)
3016	{	3016	{
3017	const struct cred *cred = current_cred();	3017	const struct cred *cred = current_cred();
3018		3018
3019	if (selinux_checkreqprot)	3019	if (selinux_checkreqprot)
3020	prot = reqprot;	3020	prot = reqprot;
3021		3021
3022	if (default_noexec &&	3022	if (default_noexec &&
3023	(prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {	3023	(prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3024	int rc = 0;	3024	int rc = 0;
3025	if (vma->vm_start >= vma->vm_mm->start_brk &&	3025	if (vma->vm_start >= vma->vm_mm->start_brk &&
3026	vma->vm_end <= vma->vm_mm->brk) {	3026	vma->vm_end <= vma->vm_mm->brk) {
3027	rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);	3027	rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3028	} else if (!vma->vm_file &&	3028	} else if (!vma->vm_file &&
3029	vma->vm_start <= vma->vm_mm->start_stack &&	3029	vma->vm_start <= vma->vm_mm->start_stack &&
3030	vma->vm_end >= vma->vm_mm->start_stack) {	3030	vma->vm_end >= vma->vm_mm->start_stack) {
3031	rc = current_has_perm(current, PROCESS__EXECSTACK);	3031	rc = current_has_perm(current, PROCESS__EXECSTACK);
3032	} else if (vma->vm_file && vma->anon_vma) {	3032	} else if (vma->vm_file && vma->anon_vma) {
3033	/*	3033	/*
3034	* We are making executable a file mapping that has	3034	* We are making executable a file mapping that has
3035	* had some COW done. Since pages might have been	3035	* had some COW done. Since pages might have been
3036	* written, check ability to execute the possibly	3036	* written, check ability to execute the possibly
3037	* modified content. This typically should only	3037	* modified content. This typically should only
3038	* occur for text relocations.	3038	* occur for text relocations.
3039	*/	3039	*/
3040	rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);	3040	rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3041	}	3041	}
3042	if (rc)	3042	if (rc)
3043	return rc;	3043	return rc;
3044	}	3044	}
3045		3045
3046	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);	3046	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3047	}	3047	}
3048		3048
3049	static int selinux_file_lock(struct file *file, unsigned int cmd)	3049	static int selinux_file_lock(struct file *file, unsigned int cmd)
3050	{	3050	{
3051	const struct cred *cred = current_cred();	3051	const struct cred *cred = current_cred();
3052		3052
3053	return file_has_perm(cred, file, FILE__LOCK);	3053	return file_has_perm(cred, file, FILE__LOCK);
3054	}	3054	}
3055		3055
3056	static int selinux_file_fcntl(struct file *file, unsigned int cmd,	3056	static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3057	unsigned long arg)	3057	unsigned long arg)
3058	{	3058	{
3059	const struct cred *cred = current_cred();	3059	const struct cred *cred = current_cred();
3060	int err = 0;	3060	int err = 0;
3061		3061
3062	switch (cmd) {	3062	switch (cmd) {
3063	case F_SETFL:	3063	case F_SETFL:
3064	if (!file->f_path.dentry \|\| !file->f_path.dentry->d_inode) {	3064	if (!file->f_path.dentry \|\| !file->f_path.dentry->d_inode) {
3065	err = -EINVAL;	3065	err = -EINVAL;
3066	break;	3066	break;
3067	}	3067	}
3068		3068
3069	if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {	3069	if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3070	err = file_has_perm(cred, file, FILE__WRITE);	3070	err = file_has_perm(cred, file, FILE__WRITE);
3071	break;	3071	break;
3072	}	3072	}
3073	/* fall through */	3073	/* fall through */
3074	case F_SETOWN:	3074	case F_SETOWN:
3075	case F_SETSIG:	3075	case F_SETSIG:
3076	case F_GETFL:	3076	case F_GETFL:
3077	case F_GETOWN:	3077	case F_GETOWN:
3078	case F_GETSIG:	3078	case F_GETSIG:
3079	/* Just check FD__USE permission */	3079	/* Just check FD__USE permission */
3080	err = file_has_perm(cred, file, 0);	3080	err = file_has_perm(cred, file, 0);
3081	break;	3081	break;
3082	case F_GETLK:	3082	case F_GETLK:
3083	case F_SETLK:	3083	case F_SETLK:
3084	case F_SETLKW:	3084	case F_SETLKW:
3085	#if BITS_PER_LONG == 32	3085	#if BITS_PER_LONG == 32
3086	case F_GETLK64:	3086	case F_GETLK64:
3087	case F_SETLK64:	3087	case F_SETLK64:
3088	case F_SETLKW64:	3088	case F_SETLKW64:
3089	#endif	3089	#endif
3090	if (!file->f_path.dentry \|\| !file->f_path.dentry->d_inode) {	3090	if (!file->f_path.dentry \|\| !file->f_path.dentry->d_inode) {
3091	err = -EINVAL;	3091	err = -EINVAL;
3092	break;	3092	break;
3093	}	3093	}
3094	err = file_has_perm(cred, file, FILE__LOCK);	3094	err = file_has_perm(cred, file, FILE__LOCK);
3095	break;	3095	break;
3096	}	3096	}
3097		3097
3098	return err;	3098	return err;
3099	}	3099	}
3100		3100
3101	static int selinux_file_set_fowner(struct file *file)	3101	static int selinux_file_set_fowner(struct file *file)
3102	{	3102	{
3103	struct file_security_struct *fsec;	3103	struct file_security_struct *fsec;
3104		3104
3105	fsec = file->f_security;	3105	fsec = file->f_security;
3106	fsec->fown_sid = current_sid();	3106	fsec->fown_sid = current_sid();
3107		3107
3108	return 0;	3108	return 0;
3109	}	3109	}
3110		3110
3111	static int selinux_file_send_sigiotask(struct task_struct *tsk,	3111	static int selinux_file_send_sigiotask(struct task_struct *tsk,
3112	struct fown_struct *fown, int signum)	3112	struct fown_struct *fown, int signum)
3113	{	3113	{
3114	struct file *file;	3114	struct file *file;
3115	u32 sid = task_sid(tsk);	3115	u32 sid = task_sid(tsk);
3116	u32 perm;	3116	u32 perm;
3117	struct file_security_struct *fsec;	3117	struct file_security_struct *fsec;
3118		3118
3119	/* struct fown_struct is never outside the context of a struct file */	3119	/* struct fown_struct is never outside the context of a struct file */
3120	file = container_of(fown, struct file, f_owner);	3120	file = container_of(fown, struct file, f_owner);
3121		3121
3122	fsec = file->f_security;	3122	fsec = file->f_security;
3123		3123
3124	if (!signum)	3124	if (!signum)
3125	perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */	3125	perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
3126	else	3126	else
3127	perm = signal_to_av(signum);	3127	perm = signal_to_av(signum);
3128		3128
3129	return avc_has_perm(fsec->fown_sid, sid,	3129	return avc_has_perm(fsec->fown_sid, sid,
3130	SECCLASS_PROCESS, perm, NULL);	3130	SECCLASS_PROCESS, perm, NULL);
3131	}	3131	}
3132		3132
3133	static int selinux_file_receive(struct file *file)	3133	static int selinux_file_receive(struct file *file)
3134	{	3134	{
3135	const struct cred *cred = current_cred();	3135	const struct cred *cred = current_cred();
3136		3136
3137	return file_has_perm(cred, file, file_to_av(file));	3137	return file_has_perm(cred, file, file_to_av(file));
3138	}	3138	}
3139		3139
3140	static int selinux_dentry_open(struct file file, const struct cred cred)	3140	static int selinux_dentry_open(struct file file, const struct cred cred)
3141	{	3141	{
3142	struct file_security_struct *fsec;	3142	struct file_security_struct *fsec;
3143	struct inode *inode;	3143	struct inode *inode;
3144	struct inode_security_struct *isec;	3144	struct inode_security_struct *isec;
3145		3145
3146	inode = file->f_path.dentry->d_inode;	3146	inode = file->f_path.dentry->d_inode;
3147	fsec = file->f_security;	3147	fsec = file->f_security;
3148	isec = inode->i_security;	3148	isec = inode->i_security;
3149	/*	3149	/*
3150	* Save inode label and policy sequence number	3150	* Save inode label and policy sequence number
3151	* at open-time so that selinux_file_permission	3151	* at open-time so that selinux_file_permission
3152	* can determine whether revalidation is necessary.	3152	* can determine whether revalidation is necessary.
3153	* Task label is already saved in the file security	3153	* Task label is already saved in the file security
3154	* struct as its SID.	3154	* struct as its SID.
3155	*/	3155	*/
3156	fsec->isid = isec->sid;	3156	fsec->isid = isec->sid;
3157	fsec->pseqno = avc_policy_seqno();	3157	fsec->pseqno = avc_policy_seqno();
3158	/*	3158	/*
3159	* Since the inode label or policy seqno may have changed	3159	* Since the inode label or policy seqno may have changed
3160	* between the selinux_inode_permission check and the saving	3160	* between the selinux_inode_permission check and the saving
3161	* of state above, recheck that access is still permitted.	3161	* of state above, recheck that access is still permitted.
3162	* Otherwise, access might never be revalidated against the	3162	* Otherwise, access might never be revalidated against the
3163	* new inode label or new policy.	3163	* new inode label or new policy.
3164	* This check is not redundant - do not remove.	3164	* This check is not redundant - do not remove.
3165	*/	3165	*/
3166	return inode_has_perm(cred, inode, open_file_to_av(file), NULL);	3166	return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3167	}	3167	}
3168		3168
3169	/* task security operations */	3169	/* task security operations */
3170		3170
3171	static int selinux_task_create(unsigned long clone_flags)	3171	static int selinux_task_create(unsigned long clone_flags)
3172	{	3172	{
3173	return current_has_perm(current, PROCESS__FORK);	3173	return current_has_perm(current, PROCESS__FORK);
3174	}	3174	}
3175		3175
3176	/*	3176	/*
3177	* allocate the SELinux part of blank credentials	3177	* allocate the SELinux part of blank credentials
3178	*/	3178	*/
3179	static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)	3179	static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3180	{	3180	{
3181	struct task_security_struct *tsec;	3181	struct task_security_struct *tsec;
3182		3182
3183	tsec = kzalloc(sizeof(struct task_security_struct), gfp);	3183	tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3184	if (!tsec)	3184	if (!tsec)
3185	return -ENOMEM;	3185	return -ENOMEM;
3186		3186
3187	cred->security = tsec;	3187	cred->security = tsec;
3188	return 0;	3188	return 0;
3189	}	3189	}
3190		3190
3191	/*	3191	/*
3192	* detach and free the LSM part of a set of credentials	3192	* detach and free the LSM part of a set of credentials
3193	*/	3193	*/
3194	static void selinux_cred_free(struct cred *cred)	3194	static void selinux_cred_free(struct cred *cred)
3195	{	3195	{
3196	struct task_security_struct *tsec = cred->security;	3196	struct task_security_struct *tsec = cred->security;
3197		3197
3198	BUG_ON((unsigned long) cred->security < PAGE_SIZE);	3198	BUG_ON((unsigned long) cred->security < PAGE_SIZE);
3199	cred->security = (void *) 0x7UL;	3199	cred->security = (void *) 0x7UL;
3200	kfree(tsec);	3200	kfree(tsec);
3201	}	3201	}
3202		3202
3203	/*	3203	/*
3204	* prepare a new set of credentials for modification	3204	* prepare a new set of credentials for modification
3205	*/	3205	*/
3206	static int selinux_cred_prepare(struct cred new, const struct cred old,	3206	static int selinux_cred_prepare(struct cred new, const struct cred old,
3207	gfp_t gfp)	3207	gfp_t gfp)
3208	{	3208	{
3209	const struct task_security_struct *old_tsec;	3209	const struct task_security_struct *old_tsec;
3210	struct task_security_struct *tsec;	3210	struct task_security_struct *tsec;
3211		3211
3212	old_tsec = old->security;	3212	old_tsec = old->security;
3213		3213
3214	tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);	3214	tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3215	if (!tsec)	3215	if (!tsec)
3216	return -ENOMEM;	3216	return -ENOMEM;
3217		3217
3218	new->security = tsec;	3218	new->security = tsec;
3219	return 0;	3219	return 0;
3220	}	3220	}
3221		3221
3222	/*	3222	/*
3223	* transfer the SELinux data to a blank set of creds	3223	* transfer the SELinux data to a blank set of creds
3224	*/	3224	*/
3225	static void selinux_cred_transfer(struct cred new, const struct cred old)	3225	static void selinux_cred_transfer(struct cred new, const struct cred old)
3226	{	3226	{
3227	const struct task_security_struct *old_tsec = old->security;	3227	const struct task_security_struct *old_tsec = old->security;
3228	struct task_security_struct *tsec = new->security;	3228	struct task_security_struct *tsec = new->security;
3229		3229
3230	tsec = old_tsec;	3230	tsec = old_tsec;
3231	}	3231	}
3232		3232
3233	/*	3233	/*
3234	* set the security data for a kernel service	3234	* set the security data for a kernel service
3235	* - all the creation contexts are set to unlabelled	3235	* - all the creation contexts are set to unlabelled
3236	*/	3236	*/
3237	static int selinux_kernel_act_as(struct cred *new, u32 secid)	3237	static int selinux_kernel_act_as(struct cred *new, u32 secid)
3238	{	3238	{
3239	struct task_security_struct *tsec = new->security;	3239	struct task_security_struct *tsec = new->security;
3240	u32 sid = current_sid();	3240	u32 sid = current_sid();
3241	int ret;	3241	int ret;
3242		3242
3243	ret = avc_has_perm(sid, secid,	3243	ret = avc_has_perm(sid, secid,
3244	SECCLASS_KERNEL_SERVICE,	3244	SECCLASS_KERNEL_SERVICE,
3245	KERNEL_SERVICE__USE_AS_OVERRIDE,	3245	KERNEL_SERVICE__USE_AS_OVERRIDE,
3246	NULL);	3246	NULL);
3247	if (ret == 0) {	3247	if (ret == 0) {
3248	tsec->sid = secid;	3248	tsec->sid = secid;
3249	tsec->create_sid = 0;	3249	tsec->create_sid = 0;
3250	tsec->keycreate_sid = 0;	3250	tsec->keycreate_sid = 0;
3251	tsec->sockcreate_sid = 0;	3251	tsec->sockcreate_sid = 0;
3252	}	3252	}
3253	return ret;	3253	return ret;
3254	}	3254	}
3255		3255
3256	/*	3256	/*
3257	* set the file creation context in a security record to the same as the	3257	* set the file creation context in a security record to the same as the
3258	* objective context of the specified inode	3258	* objective context of the specified inode
3259	*/	3259	*/
3260	static int selinux_kernel_create_files_as(struct cred new, struct inode inode)	3260	static int selinux_kernel_create_files_as(struct cred new, struct inode inode)
3261	{	3261	{
3262	struct inode_security_struct *isec = inode->i_security;	3262	struct inode_security_struct *isec = inode->i_security;
3263	struct task_security_struct *tsec = new->security;	3263	struct task_security_struct *tsec = new->security;
3264	u32 sid = current_sid();	3264	u32 sid = current_sid();
3265	int ret;	3265	int ret;
3266		3266
3267	ret = avc_has_perm(sid, isec->sid,	3267	ret = avc_has_perm(sid, isec->sid,
3268	SECCLASS_KERNEL_SERVICE,	3268	SECCLASS_KERNEL_SERVICE,
3269	KERNEL_SERVICE__CREATE_FILES_AS,	3269	KERNEL_SERVICE__CREATE_FILES_AS,
3270	NULL);	3270	NULL);
3271		3271
3272	if (ret == 0)	3272	if (ret == 0)
3273	tsec->create_sid = isec->sid;	3273	tsec->create_sid = isec->sid;
3274	return ret;	3274	return ret;
3275	}	3275	}
3276		3276
3277	static int selinux_kernel_module_request(char *kmod_name)	3277	static int selinux_kernel_module_request(char *kmod_name)
3278	{	3278	{
3279	u32 sid;	3279	u32 sid;
3280	struct common_audit_data ad;	3280	struct common_audit_data ad;
3281		3281
3282	sid = task_sid(current);	3282	sid = task_sid(current);
3283		3283
3284	COMMON_AUDIT_DATA_INIT(&ad, KMOD);	3284	COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3285	ad.u.kmod_name = kmod_name;	3285	ad.u.kmod_name = kmod_name;
3286		3286
3287	return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,	3287	return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3288	SYSTEM__MODULE_REQUEST, &ad);	3288	SYSTEM__MODULE_REQUEST, &ad);
3289	}	3289	}
3290		3290
3291	static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)	3291	static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3292	{	3292	{
3293	return current_has_perm(p, PROCESS__SETPGID);	3293	return current_has_perm(p, PROCESS__SETPGID);
3294	}	3294	}
3295		3295
3296	static int selinux_task_getpgid(struct task_struct *p)	3296	static int selinux_task_getpgid(struct task_struct *p)
3297	{	3297	{
3298	return current_has_perm(p, PROCESS__GETPGID);	3298	return current_has_perm(p, PROCESS__GETPGID);
3299	}	3299	}
3300		3300
3301	static int selinux_task_getsid(struct task_struct *p)	3301	static int selinux_task_getsid(struct task_struct *p)
3302	{	3302	{
3303	return current_has_perm(p, PROCESS__GETSESSION);	3303	return current_has_perm(p, PROCESS__GETSESSION);
3304	}	3304	}
3305		3305
3306	static void selinux_task_getsecid(struct task_struct p, u32 secid)	3306	static void selinux_task_getsecid(struct task_struct p, u32 secid)
3307	{	3307	{
3308	*secid = task_sid(p);	3308	*secid = task_sid(p);
3309	}	3309	}
3310		3310
3311	static int selinux_task_setnice(struct task_struct *p, int nice)	3311	static int selinux_task_setnice(struct task_struct *p, int nice)
3312	{	3312	{
3313	int rc;	3313	int rc;
3314		3314
3315	rc = cap_task_setnice(p, nice);	3315	rc = cap_task_setnice(p, nice);
3316	if (rc)	3316	if (rc)
3317	return rc;	3317	return rc;
3318		3318
3319	return current_has_perm(p, PROCESS__SETSCHED);	3319	return current_has_perm(p, PROCESS__SETSCHED);
3320	}	3320	}
3321		3321
3322	static int selinux_task_setioprio(struct task_struct *p, int ioprio)	3322	static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3323	{	3323	{
3324	int rc;	3324	int rc;
3325		3325
3326	rc = cap_task_setioprio(p, ioprio);	3326	rc = cap_task_setioprio(p, ioprio);
3327	if (rc)	3327	if (rc)
3328	return rc;	3328	return rc;
3329		3329
3330	return current_has_perm(p, PROCESS__SETSCHED);	3330	return current_has_perm(p, PROCESS__SETSCHED);
3331	}	3331	}
3332		3332
3333	static int selinux_task_getioprio(struct task_struct *p)	3333	static int selinux_task_getioprio(struct task_struct *p)
3334	{	3334	{
3335	return current_has_perm(p, PROCESS__GETSCHED);	3335	return current_has_perm(p, PROCESS__GETSCHED);
3336	}	3336	}
3337		3337
3338	static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,	3338	static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3339	struct rlimit *new_rlim)	3339	struct rlimit *new_rlim)
3340	{	3340	{
3341	struct rlimit *old_rlim = p->signal->rlim + resource;	3341	struct rlimit *old_rlim = p->signal->rlim + resource;
3342		3342
3343	/* Control the ability to change the hard limit (whether	3343	/* Control the ability to change the hard limit (whether
3344	lowering or raising it), so that the hard limit can	3344	lowering or raising it), so that the hard limit can
3345	later be used as a safe reset point for the soft limit	3345	later be used as a safe reset point for the soft limit
3346	upon context transitions. See selinux_bprm_committing_creds. */	3346	upon context transitions. See selinux_bprm_committing_creds. */
3347	if (old_rlim->rlim_max != new_rlim->rlim_max)	3347	if (old_rlim->rlim_max != new_rlim->rlim_max)
3348	return current_has_perm(p, PROCESS__SETRLIMIT);	3348	return current_has_perm(p, PROCESS__SETRLIMIT);
3349		3349
3350	return 0;	3350	return 0;
3351	}	3351	}
3352		3352
3353	static int selinux_task_setscheduler(struct task_struct *p)	3353	static int selinux_task_setscheduler(struct task_struct *p)
3354	{	3354	{
3355	int rc;	3355	int rc;
3356		3356
3357	rc = cap_task_setscheduler(p);	3357	rc = cap_task_setscheduler(p);
3358	if (rc)	3358	if (rc)
3359	return rc;	3359	return rc;
3360		3360
3361	return current_has_perm(p, PROCESS__SETSCHED);	3361	return current_has_perm(p, PROCESS__SETSCHED);
3362	}	3362	}
3363		3363
3364	static int selinux_task_getscheduler(struct task_struct *p)	3364	static int selinux_task_getscheduler(struct task_struct *p)
3365	{	3365	{
3366	return current_has_perm(p, PROCESS__GETSCHED);	3366	return current_has_perm(p, PROCESS__GETSCHED);
3367	}	3367	}
3368		3368
3369	static int selinux_task_movememory(struct task_struct *p)	3369	static int selinux_task_movememory(struct task_struct *p)
3370	{	3370	{
3371	return current_has_perm(p, PROCESS__SETSCHED);	3371	return current_has_perm(p, PROCESS__SETSCHED);
3372	}	3372	}
3373		3373
3374	static int selinux_task_kill(struct task_struct p, struct siginfo info,	3374	static int selinux_task_kill(struct task_struct p, struct siginfo info,
3375	int sig, u32 secid)	3375	int sig, u32 secid)
3376	{	3376	{
3377	u32 perm;	3377	u32 perm;
3378	int rc;	3378	int rc;
3379		3379
3380	if (!sig)	3380	if (!sig)
3381	perm = PROCESS__SIGNULL; /* null signal; existence test */	3381	perm = PROCESS__SIGNULL; /* null signal; existence test */
3382	else	3382	else
3383	perm = signal_to_av(sig);	3383	perm = signal_to_av(sig);
3384	if (secid)	3384	if (secid)
3385	rc = avc_has_perm(secid, task_sid(p),	3385	rc = avc_has_perm(secid, task_sid(p),
3386	SECCLASS_PROCESS, perm, NULL);	3386	SECCLASS_PROCESS, perm, NULL);
3387	else	3387	else
3388	rc = current_has_perm(p, perm);	3388	rc = current_has_perm(p, perm);
3389	return rc;	3389	return rc;
3390	}	3390	}
3391		3391
3392	static int selinux_task_wait(struct task_struct *p)	3392	static int selinux_task_wait(struct task_struct *p)
3393	{	3393	{
3394	return task_has_perm(p, current, PROCESS__SIGCHLD);	3394	return task_has_perm(p, current, PROCESS__SIGCHLD);
3395	}	3395	}
3396		3396
3397	static void selinux_task_to_inode(struct task_struct *p,	3397	static void selinux_task_to_inode(struct task_struct *p,
3398	struct inode *inode)	3398	struct inode *inode)
3399	{	3399	{
3400	struct inode_security_struct *isec = inode->i_security;	3400	struct inode_security_struct *isec = inode->i_security;
3401	u32 sid = task_sid(p);	3401	u32 sid = task_sid(p);
3402		3402
3403	isec->sid = sid;	3403	isec->sid = sid;
3404	isec->initialized = 1;	3404	isec->initialized = 1;
3405	}	3405	}
3406		3406
3407	/* Returns error only if unable to parse addresses */	3407	/* Returns error only if unable to parse addresses */
3408	static int selinux_parse_skb_ipv4(struct sk_buff *skb,	3408	static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3409	struct common_audit_data ad, u8 proto)	3409	struct common_audit_data ad, u8 proto)
3410	{	3410	{
3411	int offset, ihlen, ret = -EINVAL;	3411	int offset, ihlen, ret = -EINVAL;
3412	struct iphdr _iph, *ih;	3412	struct iphdr _iph, *ih;
3413		3413
3414	offset = skb_network_offset(skb);	3414	offset = skb_network_offset(skb);
3415	ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);	3415	ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3416	if (ih == NULL)	3416	if (ih == NULL)
3417	goto out;	3417	goto out;
3418		3418
3419	ihlen = ih->ihl * 4;	3419	ihlen = ih->ihl * 4;
3420	if (ihlen < sizeof(_iph))	3420	if (ihlen < sizeof(_iph))
3421	goto out;	3421	goto out;
3422		3422
3423	ad->u.net.v4info.saddr = ih->saddr;	3423	ad->u.net.v4info.saddr = ih->saddr;
3424	ad->u.net.v4info.daddr = ih->daddr;	3424	ad->u.net.v4info.daddr = ih->daddr;
3425	ret = 0;	3425	ret = 0;
3426		3426
3427	if (proto)	3427	if (proto)
3428	*proto = ih->protocol;	3428	*proto = ih->protocol;
3429		3429
3430	switch (ih->protocol) {	3430	switch (ih->protocol) {
3431	case IPPROTO_TCP: {	3431	case IPPROTO_TCP: {
3432	struct tcphdr _tcph, *th;	3432	struct tcphdr _tcph, *th;
3433		3433
3434	if (ntohs(ih->frag_off) & IP_OFFSET)	3434	if (ntohs(ih->frag_off) & IP_OFFSET)
3435	break;	3435	break;
3436		3436
3437	offset += ihlen;	3437	offset += ihlen;
3438	th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);	3438	th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3439	if (th == NULL)	3439	if (th == NULL)
3440	break;	3440	break;
3441		3441
3442	ad->u.net.sport = th->source;	3442	ad->u.net.sport = th->source;
3443	ad->u.net.dport = th->dest;	3443	ad->u.net.dport = th->dest;
3444	break;	3444	break;
3445	}	3445	}
3446		3446
3447	case IPPROTO_UDP: {	3447	case IPPROTO_UDP: {
3448	struct udphdr _udph, *uh;	3448	struct udphdr _udph, *uh;
3449		3449
3450	if (ntohs(ih->frag_off) & IP_OFFSET)	3450	if (ntohs(ih->frag_off) & IP_OFFSET)
3451	break;	3451	break;
3452		3452
3453	offset += ihlen;	3453	offset += ihlen;
3454	uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);	3454	uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3455	if (uh == NULL)	3455	if (uh == NULL)
3456	break;	3456	break;
3457		3457
3458	ad->u.net.sport = uh->source;	3458	ad->u.net.sport = uh->source;
3459	ad->u.net.dport = uh->dest;	3459	ad->u.net.dport = uh->dest;
3460	break;	3460	break;
3461	}	3461	}
3462		3462
3463	case IPPROTO_DCCP: {	3463	case IPPROTO_DCCP: {
3464	struct dccp_hdr _dccph, *dh;	3464	struct dccp_hdr _dccph, *dh;
3465		3465
3466	if (ntohs(ih->frag_off) & IP_OFFSET)	3466	if (ntohs(ih->frag_off) & IP_OFFSET)
3467	break;	3467	break;
3468		3468
3469	offset += ihlen;	3469	offset += ihlen;
3470	dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);	3470	dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3471	if (dh == NULL)	3471	if (dh == NULL)
3472	break;	3472	break;
3473		3473
3474	ad->u.net.sport = dh->dccph_sport;	3474	ad->u.net.sport = dh->dccph_sport;
3475	ad->u.net.dport = dh->dccph_dport;	3475	ad->u.net.dport = dh->dccph_dport;
3476	break;	3476	break;
3477	}	3477	}
3478		3478
3479	default:	3479	default:
3480	break;	3480	break;
3481	}	3481	}
3482	out:	3482	out:
3483	return ret;	3483	return ret;
3484	}	3484	}
3485		3485
3486	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	3486	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
3487		3487
3488	/* Returns error only if unable to parse addresses */	3488	/* Returns error only if unable to parse addresses */
3489	static int selinux_parse_skb_ipv6(struct sk_buff *skb,	3489	static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3490	struct common_audit_data ad, u8 proto)	3490	struct common_audit_data ad, u8 proto)
3491	{	3491	{
3492	u8 nexthdr;	3492	u8 nexthdr;
3493	int ret = -EINVAL, offset;	3493	int ret = -EINVAL, offset;
3494	struct ipv6hdr _ipv6h, *ip6;	3494	struct ipv6hdr _ipv6h, *ip6;
3495		3495
3496	offset = skb_network_offset(skb);	3496	offset = skb_network_offset(skb);
3497	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);	3497	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3498	if (ip6 == NULL)	3498	if (ip6 == NULL)
3499	goto out;	3499	goto out;
3500		3500
3501	ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);	3501	ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3502	ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);	3502	ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3503	ret = 0;	3503	ret = 0;
3504		3504
3505	nexthdr = ip6->nexthdr;	3505	nexthdr = ip6->nexthdr;
3506	offset += sizeof(_ipv6h);	3506	offset += sizeof(_ipv6h);
3507	offset = ipv6_skip_exthdr(skb, offset, &nexthdr);	3507	offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3508	if (offset < 0)	3508	if (offset < 0)
3509	goto out;	3509	goto out;
3510		3510
3511	if (proto)	3511	if (proto)
3512	*proto = nexthdr;	3512	*proto = nexthdr;
3513		3513
3514	switch (nexthdr) {	3514	switch (nexthdr) {
3515	case IPPROTO_TCP: {	3515	case IPPROTO_TCP: {
3516	struct tcphdr _tcph, *th;	3516	struct tcphdr _tcph, *th;
3517		3517
3518	th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);	3518	th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3519	if (th == NULL)	3519	if (th == NULL)
3520	break;	3520	break;
3521		3521
3522	ad->u.net.sport = th->source;	3522	ad->u.net.sport = th->source;
3523	ad->u.net.dport = th->dest;	3523	ad->u.net.dport = th->dest;
3524	break;	3524	break;
3525	}	3525	}
3526		3526
3527	case IPPROTO_UDP: {	3527	case IPPROTO_UDP: {
3528	struct udphdr _udph, *uh;	3528	struct udphdr _udph, *uh;
3529		3529
3530	uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);	3530	uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3531	if (uh == NULL)	3531	if (uh == NULL)
3532	break;	3532	break;
3533		3533
3534	ad->u.net.sport = uh->source;	3534	ad->u.net.sport = uh->source;
3535	ad->u.net.dport = uh->dest;	3535	ad->u.net.dport = uh->dest;
3536	break;	3536	break;
3537	}	3537	}
3538		3538
3539	case IPPROTO_DCCP: {	3539	case IPPROTO_DCCP: {
3540	struct dccp_hdr _dccph, *dh;	3540	struct dccp_hdr _dccph, *dh;
3541		3541
3542	dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);	3542	dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3543	if (dh == NULL)	3543	if (dh == NULL)
3544	break;	3544	break;
3545		3545
3546	ad->u.net.sport = dh->dccph_sport;	3546	ad->u.net.sport = dh->dccph_sport;
3547	ad->u.net.dport = dh->dccph_dport;	3547	ad->u.net.dport = dh->dccph_dport;
3548	break;	3548	break;
3549	}	3549	}
3550		3550
3551	/* includes fragments */	3551	/* includes fragments */
3552	default:	3552	default:
3553	break;	3553	break;
3554	}	3554	}
3555	out:	3555	out:
3556	return ret;	3556	return ret;
3557	}	3557	}
3558		3558
3559	#endif /* IPV6 */	3559	#endif /* IPV6 */
3560		3560
3561	static int selinux_parse_skb(struct sk_buff skb, struct common_audit_data ad,	3561	static int selinux_parse_skb(struct sk_buff skb, struct common_audit_data ad,
3562	char *_addrp, int src, u8 proto)	3562	char *_addrp, int src, u8 proto)
3563	{	3563	{
3564	char *addrp;	3564	char *addrp;
3565	int ret;	3565	int ret;
3566		3566
3567	switch (ad->u.net.family) {	3567	switch (ad->u.net.family) {
3568	case PF_INET:	3568	case PF_INET:
3569	ret = selinux_parse_skb_ipv4(skb, ad, proto);	3569	ret = selinux_parse_skb_ipv4(skb, ad, proto);
3570	if (ret)	3570	if (ret)
3571	goto parse_error;	3571	goto parse_error;
3572	addrp = (char *)(src ? &ad->u.net.v4info.saddr :	3572	addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3573	&ad->u.net.v4info.daddr);	3573	&ad->u.net.v4info.daddr);
3574	goto okay;	3574	goto okay;
3575		3575
3576	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	3576	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
3577	case PF_INET6:	3577	case PF_INET6:
3578	ret = selinux_parse_skb_ipv6(skb, ad, proto);	3578	ret = selinux_parse_skb_ipv6(skb, ad, proto);
3579	if (ret)	3579	if (ret)
3580	goto parse_error;	3580	goto parse_error;
3581	addrp = (char *)(src ? &ad->u.net.v6info.saddr :	3581	addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3582	&ad->u.net.v6info.daddr);	3582	&ad->u.net.v6info.daddr);
3583	goto okay;	3583	goto okay;
3584	#endif /* IPV6 */	3584	#endif /* IPV6 */
3585	default:	3585	default:
3586	addrp = NULL;	3586	addrp = NULL;
3587	goto okay;	3587	goto okay;
3588	}	3588	}
3589		3589
3590	parse_error:	3590	parse_error:
3591	printk(KERN_WARNING	3591	printk(KERN_WARNING
3592	"SELinux: failure in selinux_parse_skb(),"	3592	"SELinux: failure in selinux_parse_skb(),"
3593	" unable to parse packet\n");	3593	" unable to parse packet\n");
3594	return ret;	3594	return ret;
3595		3595
3596	okay:	3596	okay:
3597	if (_addrp)	3597	if (_addrp)
3598	*_addrp = addrp;	3598	*_addrp = addrp;
3599	return 0;	3599	return 0;
3600	}	3600	}
3601		3601
3602	/**	3602	/**
3603	* selinux_skb_peerlbl_sid - Determine the peer label of a packet	3603	* selinux_skb_peerlbl_sid - Determine the peer label of a packet
3604	* @skb: the packet	3604	* @skb: the packet
3605	* @family: protocol family	3605	* @family: protocol family
3606	* @sid: the packet's peer label SID	3606	* @sid: the packet's peer label SID
3607	*	3607	*
3608	* Description:	3608	* Description:
3609	* Check the various different forms of network peer labeling and determine	3609	* Check the various different forms of network peer labeling and determine
3610	* the peer label/SID for the packet; most of the magic actually occurs in	3610	* the peer label/SID for the packet; most of the magic actually occurs in
3611	* the security server function security_net_peersid_cmp(). The function	3611	* the security server function security_net_peersid_cmp(). The function
3612	* returns zero if the value in @sid is valid (although it may be SECSID_NULL)	3612	* returns zero if the value in @sid is valid (although it may be SECSID_NULL)
3613	* or -EACCES if @sid is invalid due to inconsistencies with the different	3613	* or -EACCES if @sid is invalid due to inconsistencies with the different
3614	* peer labels.	3614	* peer labels.
3615	*	3615	*
3616	*/	3616	*/
3617	static int selinux_skb_peerlbl_sid(struct sk_buff skb, u16 family, u32 sid)	3617	static int selinux_skb_peerlbl_sid(struct sk_buff skb, u16 family, u32 sid)
3618	{	3618	{
3619	int err;	3619	int err;
3620	u32 xfrm_sid;	3620	u32 xfrm_sid;
3621	u32 nlbl_sid;	3621	u32 nlbl_sid;
3622	u32 nlbl_type;	3622	u32 nlbl_type;
3623		3623
3624	selinux_skb_xfrm_sid(skb, &xfrm_sid);	3624	selinux_skb_xfrm_sid(skb, &xfrm_sid);
3625	selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);	3625	selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3626		3626
3627	err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);	3627	err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3628	if (unlikely(err)) {	3628	if (unlikely(err)) {
3629	printk(KERN_WARNING	3629	printk(KERN_WARNING
3630	"SELinux: failure in selinux_skb_peerlbl_sid(),"	3630	"SELinux: failure in selinux_skb_peerlbl_sid(),"
3631	" unable to determine packet's peer label\n");	3631	" unable to determine packet's peer label\n");
3632	return -EACCES;	3632	return -EACCES;
3633	}	3633	}
3634		3634
3635	return 0;	3635	return 0;
3636	}	3636	}
3637		3637
3638	/* socket security operations */	3638	/* socket security operations */
3639		3639
3640	static u32 socket_sockcreate_sid(const struct task_security_struct *tsec)	3640	static u32 socket_sockcreate_sid(const struct task_security_struct *tsec)
3641	{	3641	{
3642	return tsec->sockcreate_sid ? : tsec->sid;	3642	return tsec->sockcreate_sid ? : tsec->sid;
3643	}	3643	}
3644		3644
3645	static int sock_has_perm(struct task_struct task, struct sock sk, u32 perms)	3645	static int sock_has_perm(struct task_struct task, struct sock sk, u32 perms)
3646	{	3646	{
3647	struct sk_security_struct *sksec = sk->sk_security;	3647	struct sk_security_struct *sksec = sk->sk_security;
3648	struct common_audit_data ad;	3648	struct common_audit_data ad;
3649	u32 tsid = task_sid(task);	3649	u32 tsid = task_sid(task);
3650		3650
3651	if (sksec->sid == SECINITSID_KERNEL)	3651	if (sksec->sid == SECINITSID_KERNEL)
3652	return 0;	3652	return 0;
3653		3653
3654	COMMON_AUDIT_DATA_INIT(&ad, NET);	3654	COMMON_AUDIT_DATA_INIT(&ad, NET);
3655	ad.u.net.sk = sk;	3655	ad.u.net.sk = sk;
3656		3656
3657	return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);	3657	return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3658	}	3658	}
3659		3659
3660	static int selinux_socket_create(int family, int type,	3660	static int selinux_socket_create(int family, int type,
3661	int protocol, int kern)	3661	int protocol, int kern)
3662	{	3662	{
3663	const struct task_security_struct *tsec = current_security();	3663	const struct task_security_struct *tsec = current_security();
3664	u32 newsid;	3664	u32 newsid;
3665	u16 secclass;	3665	u16 secclass;
3666		3666
3667	if (kern)	3667	if (kern)
3668	return 0;	3668	return 0;
3669		3669
3670	newsid = socket_sockcreate_sid(tsec);	3670	newsid = socket_sockcreate_sid(tsec);
3671	secclass = socket_type_to_security_class(family, type, protocol);	3671	secclass = socket_type_to_security_class(family, type, protocol);
3672	return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);	3672	return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3673	}	3673	}
3674		3674
3675	static int selinux_socket_post_create(struct socket *sock, int family,	3675	static int selinux_socket_post_create(struct socket *sock, int family,
3676	int type, int protocol, int kern)	3676	int type, int protocol, int kern)
3677	{	3677	{
3678	const struct task_security_struct *tsec = current_security();	3678	const struct task_security_struct *tsec = current_security();
3679	struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;	3679	struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3680	struct sk_security_struct *sksec;	3680	struct sk_security_struct *sksec;
3681	int err = 0;	3681	int err = 0;
3682		3682
3683	if (kern)	3683	if (kern)
3684	isec->sid = SECINITSID_KERNEL;	3684	isec->sid = SECINITSID_KERNEL;
3685	else	3685	else
3686	isec->sid = socket_sockcreate_sid(tsec);	3686	isec->sid = socket_sockcreate_sid(tsec);
3687		3687
3688	isec->sclass = socket_type_to_security_class(family, type, protocol);	3688	isec->sclass = socket_type_to_security_class(family, type, protocol);
3689	isec->initialized = 1;	3689	isec->initialized = 1;
3690		3690
3691	if (sock->sk) {	3691	if (sock->sk) {
3692	sksec = sock->sk->sk_security;	3692	sksec = sock->sk->sk_security;
3693	sksec->sid = isec->sid;	3693	sksec->sid = isec->sid;
3694	sksec->sclass = isec->sclass;	3694	sksec->sclass = isec->sclass;
3695	err = selinux_netlbl_socket_post_create(sock->sk, family);	3695	err = selinux_netlbl_socket_post_create(sock->sk, family);
3696	}	3696	}
3697		3697
3698	return err;	3698	return err;
3699	}	3699	}
3700		3700
3701	/* Range of port numbers used to automatically bind.	3701	/* Range of port numbers used to automatically bind.
3702	Need to determine whether we should perform a name_bind	3702	Need to determine whether we should perform a name_bind
3703	permission check between the socket and the port number. */	3703	permission check between the socket and the port number. */
3704		3704
3705	static int selinux_socket_bind(struct socket sock, struct sockaddr address, int addrlen)	3705	static int selinux_socket_bind(struct socket sock, struct sockaddr address, int addrlen)
3706	{	3706	{
3707	struct sock *sk = sock->sk;	3707	struct sock *sk = sock->sk;
3708	u16 family;	3708	u16 family;
3709	int err;	3709	int err;
3710		3710
3711	err = sock_has_perm(current, sk, SOCKET__BIND);	3711	err = sock_has_perm(current, sk, SOCKET__BIND);
3712	if (err)	3712	if (err)
3713	goto out;	3713	goto out;
3714		3714
3715	/*	3715	/*
3716	* If PF_INET or PF_INET6, check name_bind permission for the port.	3716	* If PF_INET or PF_INET6, check name_bind permission for the port.
3717	* Multiple address binding for SCTP is not supported yet: we just	3717	* Multiple address binding for SCTP is not supported yet: we just
3718	* check the first address now.	3718	* check the first address now.
3719	*/	3719	*/
3720	family = sk->sk_family;	3720	family = sk->sk_family;
3721	if (family == PF_INET \|\| family == PF_INET6) {	3721	if (family == PF_INET \|\| family == PF_INET6) {
3722	char *addrp;	3722	char *addrp;
3723	struct sk_security_struct *sksec = sk->sk_security;	3723	struct sk_security_struct *sksec = sk->sk_security;
3724	struct common_audit_data ad;	3724	struct common_audit_data ad;
3725	struct sockaddr_in *addr4 = NULL;	3725	struct sockaddr_in *addr4 = NULL;
3726	struct sockaddr_in6 *addr6 = NULL;	3726	struct sockaddr_in6 *addr6 = NULL;
3727	unsigned short snum;	3727	unsigned short snum;
3728	u32 sid, node_perm;	3728	u32 sid, node_perm;
3729		3729
3730	if (family == PF_INET) {	3730	if (family == PF_INET) {
3731	addr4 = (struct sockaddr_in *)address;	3731	addr4 = (struct sockaddr_in *)address;
3732	snum = ntohs(addr4->sin_port);	3732	snum = ntohs(addr4->sin_port);
3733	addrp = (char *)&addr4->sin_addr.s_addr;	3733	addrp = (char *)&addr4->sin_addr.s_addr;
3734	} else {	3734	} else {
3735	addr6 = (struct sockaddr_in6 *)address;	3735	addr6 = (struct sockaddr_in6 *)address;
3736	snum = ntohs(addr6->sin6_port);	3736	snum = ntohs(addr6->sin6_port);
3737	addrp = (char *)&addr6->sin6_addr.s6_addr;	3737	addrp = (char *)&addr6->sin6_addr.s6_addr;
3738	}	3738	}
3739		3739
3740	if (snum) {	3740	if (snum) {
3741	int low, high;	3741	int low, high;
3742		3742
3743	inet_get_local_port_range(&low, &high);	3743	inet_get_local_port_range(&low, &high);
3744		3744
3745	if (snum < max(PROT_SOCK, low) \|\| snum > high) {	3745	if (snum < max(PROT_SOCK, low) \|\| snum > high) {
3746	err = sel_netport_sid(sk->sk_protocol,	3746	err = sel_netport_sid(sk->sk_protocol,
3747	snum, &sid);	3747	snum, &sid);
3748	if (err)	3748	if (err)
3749	goto out;	3749	goto out;
3750	COMMON_AUDIT_DATA_INIT(&ad, NET);	3750	COMMON_AUDIT_DATA_INIT(&ad, NET);
3751	ad.u.net.sport = htons(snum);	3751	ad.u.net.sport = htons(snum);
3752	ad.u.net.family = family;	3752	ad.u.net.family = family;
3753	err = avc_has_perm(sksec->sid, sid,	3753	err = avc_has_perm(sksec->sid, sid,
3754	sksec->sclass,	3754	sksec->sclass,
3755	SOCKET__NAME_BIND, &ad);	3755	SOCKET__NAME_BIND, &ad);
3756	if (err)	3756	if (err)
3757	goto out;	3757	goto out;
3758	}	3758	}
3759	}	3759	}
3760		3760
3761	switch (sksec->sclass) {	3761	switch (sksec->sclass) {
3762	case SECCLASS_TCP_SOCKET:	3762	case SECCLASS_TCP_SOCKET:
3763	node_perm = TCP_SOCKET__NODE_BIND;	3763	node_perm = TCP_SOCKET__NODE_BIND;
3764	break;	3764	break;
3765		3765
3766	case SECCLASS_UDP_SOCKET:	3766	case SECCLASS_UDP_SOCKET:
3767	node_perm = UDP_SOCKET__NODE_BIND;	3767	node_perm = UDP_SOCKET__NODE_BIND;
3768	break;	3768	break;
3769		3769
3770	case SECCLASS_DCCP_SOCKET:	3770	case SECCLASS_DCCP_SOCKET:
3771	node_perm = DCCP_SOCKET__NODE_BIND;	3771	node_perm = DCCP_SOCKET__NODE_BIND;
3772	break;	3772	break;
3773		3773
3774	default:	3774	default:
3775	node_perm = RAWIP_SOCKET__NODE_BIND;	3775	node_perm = RAWIP_SOCKET__NODE_BIND;
3776	break;	3776	break;
3777	}	3777	}
3778		3778
3779	err = sel_netnode_sid(addrp, family, &sid);	3779	err = sel_netnode_sid(addrp, family, &sid);
3780	if (err)	3780	if (err)
3781	goto out;	3781	goto out;
3782		3782
3783	COMMON_AUDIT_DATA_INIT(&ad, NET);	3783	COMMON_AUDIT_DATA_INIT(&ad, NET);
3784	ad.u.net.sport = htons(snum);	3784	ad.u.net.sport = htons(snum);
3785	ad.u.net.family = family;	3785	ad.u.net.family = family;
3786		3786
3787	if (family == PF_INET)	3787	if (family == PF_INET)
3788	ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;	3788	ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3789	else	3789	else
3790	ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);	3790	ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3791		3791
3792	err = avc_has_perm(sksec->sid, sid,	3792	err = avc_has_perm(sksec->sid, sid,
3793	sksec->sclass, node_perm, &ad);	3793	sksec->sclass, node_perm, &ad);
3794	if (err)	3794	if (err)
3795	goto out;	3795	goto out;
3796	}	3796	}
3797	out:	3797	out:
3798	return err;	3798	return err;
3799	}	3799	}
3800		3800
3801	static int selinux_socket_connect(struct socket sock, struct sockaddr address, int addrlen)	3801	static int selinux_socket_connect(struct socket sock, struct sockaddr address, int addrlen)
3802	{	3802	{
3803	struct sock *sk = sock->sk;	3803	struct sock *sk = sock->sk;
3804	struct sk_security_struct *sksec = sk->sk_security;	3804	struct sk_security_struct *sksec = sk->sk_security;
3805	int err;	3805	int err;
3806		3806
3807	err = sock_has_perm(current, sk, SOCKET__CONNECT);	3807	err = sock_has_perm(current, sk, SOCKET__CONNECT);
3808	if (err)	3808	if (err)
3809	return err;	3809	return err;
3810		3810
3811	/*	3811	/*
3812	* If a TCP or DCCP socket, check name_connect permission for the port.	3812	* If a TCP or DCCP socket, check name_connect permission for the port.
3813	*/	3813	*/
3814	if (sksec->sclass == SECCLASS_TCP_SOCKET \|\|	3814	if (sksec->sclass == SECCLASS_TCP_SOCKET \|\|
3815	sksec->sclass == SECCLASS_DCCP_SOCKET) {	3815	sksec->sclass == SECCLASS_DCCP_SOCKET) {
3816	struct common_audit_data ad;	3816	struct common_audit_data ad;
3817	struct sockaddr_in *addr4 = NULL;	3817	struct sockaddr_in *addr4 = NULL;
3818	struct sockaddr_in6 *addr6 = NULL;	3818	struct sockaddr_in6 *addr6 = NULL;
3819	unsigned short snum;	3819	unsigned short snum;
3820	u32 sid, perm;	3820	u32 sid, perm;
3821		3821
3822	if (sk->sk_family == PF_INET) {	3822	if (sk->sk_family == PF_INET) {
3823	addr4 = (struct sockaddr_in *)address;	3823	addr4 = (struct sockaddr_in *)address;
3824	if (addrlen < sizeof(struct sockaddr_in))	3824	if (addrlen < sizeof(struct sockaddr_in))
3825	return -EINVAL;	3825	return -EINVAL;
3826	snum = ntohs(addr4->sin_port);	3826	snum = ntohs(addr4->sin_port);
3827	} else {	3827	} else {
3828	addr6 = (struct sockaddr_in6 *)address;	3828	addr6 = (struct sockaddr_in6 *)address;
3829	if (addrlen < SIN6_LEN_RFC2133)	3829	if (addrlen < SIN6_LEN_RFC2133)
3830	return -EINVAL;	3830	return -EINVAL;
3831	snum = ntohs(addr6->sin6_port);	3831	snum = ntohs(addr6->sin6_port);
3832	}	3832	}
3833		3833
3834	err = sel_netport_sid(sk->sk_protocol, snum, &sid);	3834	err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3835	if (err)	3835	if (err)
3836	goto out;	3836	goto out;
3837		3837
3838	perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?	3838	perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3839	TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;	3839	TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3840		3840
3841	COMMON_AUDIT_DATA_INIT(&ad, NET);	3841	COMMON_AUDIT_DATA_INIT(&ad, NET);
3842	ad.u.net.dport = htons(snum);	3842	ad.u.net.dport = htons(snum);
3843	ad.u.net.family = sk->sk_family;	3843	ad.u.net.family = sk->sk_family;
3844	err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);	3844	err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3845	if (err)	3845	if (err)
3846	goto out;	3846	goto out;
3847	}	3847	}
3848		3848
3849	err = selinux_netlbl_socket_connect(sk, address);	3849	err = selinux_netlbl_socket_connect(sk, address);
3850		3850
3851	out:	3851	out:
3852	return err;	3852	return err;
3853	}	3853	}
3854		3854
3855	static int selinux_socket_listen(struct socket *sock, int backlog)	3855	static int selinux_socket_listen(struct socket *sock, int backlog)
3856	{	3856	{
3857	return sock_has_perm(current, sock->sk, SOCKET__LISTEN);	3857	return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3858	}	3858	}
3859		3859
3860	static int selinux_socket_accept(struct socket sock, struct socket newsock)	3860	static int selinux_socket_accept(struct socket sock, struct socket newsock)
3861	{	3861	{
3862	int err;	3862	int err;
3863	struct inode_security_struct *isec;	3863	struct inode_security_struct *isec;
3864	struct inode_security_struct *newisec;	3864	struct inode_security_struct *newisec;
3865		3865
3866	err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);	3866	err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3867	if (err)	3867	if (err)
3868	return err;	3868	return err;
3869		3869
3870	newisec = SOCK_INODE(newsock)->i_security;	3870	newisec = SOCK_INODE(newsock)->i_security;
3871		3871
3872	isec = SOCK_INODE(sock)->i_security;	3872	isec = SOCK_INODE(sock)->i_security;
3873	newisec->sclass = isec->sclass;	3873	newisec->sclass = isec->sclass;
3874	newisec->sid = isec->sid;	3874	newisec->sid = isec->sid;
3875	newisec->initialized = 1;	3875	newisec->initialized = 1;
3876		3876
3877	return 0;	3877	return 0;
3878	}	3878	}
3879		3879
3880	static int selinux_socket_sendmsg(struct socket sock, struct msghdr msg,	3880	static int selinux_socket_sendmsg(struct socket sock, struct msghdr msg,
3881	int size)	3881	int size)
3882	{	3882	{
3883	return sock_has_perm(current, sock->sk, SOCKET__WRITE);	3883	return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3884	}	3884	}
3885		3885
3886	static int selinux_socket_recvmsg(struct socket sock, struct msghdr msg,	3886	static int selinux_socket_recvmsg(struct socket sock, struct msghdr msg,
3887	int size, int flags)	3887	int size, int flags)
3888	{	3888	{
3889	return sock_has_perm(current, sock->sk, SOCKET__READ);	3889	return sock_has_perm(current, sock->sk, SOCKET__READ);
3890	}	3890	}
3891		3891
3892	static int selinux_socket_getsockname(struct socket *sock)	3892	static int selinux_socket_getsockname(struct socket *sock)
3893	{	3893	{
3894	return sock_has_perm(current, sock->sk, SOCKET__GETATTR);	3894	return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3895	}	3895	}
3896		3896
3897	static int selinux_socket_getpeername(struct socket *sock)	3897	static int selinux_socket_getpeername(struct socket *sock)
3898	{	3898	{
3899	return sock_has_perm(current, sock->sk, SOCKET__GETATTR);	3899	return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3900	}	3900	}
3901		3901
3902	static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)	3902	static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3903	{	3903	{
3904	int err;	3904	int err;
3905		3905
3906	err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);	3906	err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
3907	if (err)	3907	if (err)
3908	return err;	3908	return err;
3909		3909
3910	return selinux_netlbl_socket_setsockopt(sock, level, optname);	3910	return selinux_netlbl_socket_setsockopt(sock, level, optname);
3911	}	3911	}
3912		3912
3913	static int selinux_socket_getsockopt(struct socket *sock, int level,	3913	static int selinux_socket_getsockopt(struct socket *sock, int level,
3914	int optname)	3914	int optname)
3915	{	3915	{
3916	return sock_has_perm(current, sock->sk, SOCKET__GETOPT);	3916	return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
3917	}	3917	}
3918		3918
3919	static int selinux_socket_shutdown(struct socket *sock, int how)	3919	static int selinux_socket_shutdown(struct socket *sock, int how)
3920	{	3920	{
3921	return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);	3921	return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
3922	}	3922	}
3923		3923
3924	static int selinux_socket_unix_stream_connect(struct socket *sock,	3924	static int selinux_socket_unix_stream_connect(struct sock *sock,
3925	struct socket *other,	3925	struct sock *other,
3926	struct sock *newsk)	3926	struct sock *newsk)
3927	{	3927	{
3928	struct sk_security_struct *sksec_sock = sock->sk->sk_security;	3928	struct sk_security_struct *sksec_sock = sock->sk_security;
3929	struct sk_security_struct *sksec_other = other->sk->sk_security;	3929	struct sk_security_struct *sksec_other = other->sk_security;
3930	struct sk_security_struct *sksec_new = newsk->sk_security;	3930	struct sk_security_struct *sksec_new = newsk->sk_security;
3931	struct common_audit_data ad;	3931	struct common_audit_data ad;
3932	int err;	3932	int err;
3933		3933
3934	COMMON_AUDIT_DATA_INIT(&ad, NET);	3934	COMMON_AUDIT_DATA_INIT(&ad, NET);
3935	ad.u.net.sk = other->sk;	3935	ad.u.net.sk = other;
3936		3936
3937	err = avc_has_perm(sksec_sock->sid, sksec_other->sid,	3937	err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
3938	sksec_other->sclass,	3938	sksec_other->sclass,
3939	UNIX_STREAM_SOCKET__CONNECTTO, &ad);	3939	UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3940	if (err)	3940	if (err)
3941	return err;	3941	return err;
3942		3942
3943	/* server child socket */	3943	/* server child socket */
3944	sksec_new->peer_sid = sksec_sock->sid;	3944	sksec_new->peer_sid = sksec_sock->sid;
3945	err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,	3945	err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
3946	&sksec_new->sid);	3946	&sksec_new->sid);
3947	if (err)	3947	if (err)
3948	return err;	3948	return err;
3949		3949
3950	/* connecting socket */	3950	/* connecting socket */
3951	sksec_sock->peer_sid = sksec_new->sid;	3951	sksec_sock->peer_sid = sksec_new->sid;
3952		3952
3953	return 0;	3953	return 0;
3954	}	3954	}
3955		3955
3956	static int selinux_socket_unix_may_send(struct socket *sock,	3956	static int selinux_socket_unix_may_send(struct socket *sock,
3957	struct socket *other)	3957	struct socket *other)
3958	{	3958	{
3959	struct sk_security_struct *ssec = sock->sk->sk_security;	3959	struct sk_security_struct *ssec = sock->sk->sk_security;
3960	struct sk_security_struct *osec = other->sk->sk_security;	3960	struct sk_security_struct *osec = other->sk->sk_security;
3961	struct common_audit_data ad;	3961	struct common_audit_data ad;
3962		3962
3963	COMMON_AUDIT_DATA_INIT(&ad, NET);	3963	COMMON_AUDIT_DATA_INIT(&ad, NET);
3964	ad.u.net.sk = other->sk;	3964	ad.u.net.sk = other->sk;
3965		3965
3966	return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,	3966	return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
3967	&ad);	3967	&ad);
3968	}	3968	}
3969		3969
3970	static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,	3970	static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3971	u32 peer_sid,	3971	u32 peer_sid,
3972	struct common_audit_data *ad)	3972	struct common_audit_data *ad)
3973	{	3973	{
3974	int err;	3974	int err;
3975	u32 if_sid;	3975	u32 if_sid;
3976	u32 node_sid;	3976	u32 node_sid;
3977		3977
3978	err = sel_netif_sid(ifindex, &if_sid);	3978	err = sel_netif_sid(ifindex, &if_sid);
3979	if (err)	3979	if (err)
3980	return err;	3980	return err;
3981	err = avc_has_perm(peer_sid, if_sid,	3981	err = avc_has_perm(peer_sid, if_sid,
3982	SECCLASS_NETIF, NETIF__INGRESS, ad);	3982	SECCLASS_NETIF, NETIF__INGRESS, ad);
3983	if (err)	3983	if (err)
3984	return err;	3984	return err;
3985		3985
3986	err = sel_netnode_sid(addrp, family, &node_sid);	3986	err = sel_netnode_sid(addrp, family, &node_sid);
3987	if (err)	3987	if (err)
3988	return err;	3988	return err;
3989	return avc_has_perm(peer_sid, node_sid,	3989	return avc_has_perm(peer_sid, node_sid,
3990	SECCLASS_NODE, NODE__RECVFROM, ad);	3990	SECCLASS_NODE, NODE__RECVFROM, ad);
3991	}	3991	}
3992		3992
3993	static int selinux_sock_rcv_skb_compat(struct sock sk, struct sk_buff skb,	3993	static int selinux_sock_rcv_skb_compat(struct sock sk, struct sk_buff skb,
3994	u16 family)	3994	u16 family)
3995	{	3995	{
3996	int err = 0;	3996	int err = 0;
3997	struct sk_security_struct *sksec = sk->sk_security;	3997	struct sk_security_struct *sksec = sk->sk_security;
3998	u32 peer_sid;	3998	u32 peer_sid;
3999	u32 sk_sid = sksec->sid;	3999	u32 sk_sid = sksec->sid;
4000	struct common_audit_data ad;	4000	struct common_audit_data ad;
4001	char *addrp;	4001	char *addrp;
4002		4002
4003	COMMON_AUDIT_DATA_INIT(&ad, NET);	4003	COMMON_AUDIT_DATA_INIT(&ad, NET);
4004	ad.u.net.netif = skb->skb_iif;	4004	ad.u.net.netif = skb->skb_iif;
4005	ad.u.net.family = family;	4005	ad.u.net.family = family;
4006	err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);	4006	err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4007	if (err)	4007	if (err)
4008	return err;	4008	return err;
4009		4009
4010	if (selinux_secmark_enabled()) {	4010	if (selinux_secmark_enabled()) {
4011	err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,	4011	err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4012	PACKET__RECV, &ad);	4012	PACKET__RECV, &ad);
4013	if (err)	4013	if (err)
4014	return err;	4014	return err;
4015	}	4015	}
4016		4016
4017	if (selinux_policycap_netpeer) {	4017	if (selinux_policycap_netpeer) {
4018	err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);	4018	err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4019	if (err)	4019	if (err)
4020	return err;	4020	return err;
4021	err = avc_has_perm(sk_sid, peer_sid,	4021	err = avc_has_perm(sk_sid, peer_sid,
4022	SECCLASS_PEER, PEER__RECV, &ad);	4022	SECCLASS_PEER, PEER__RECV, &ad);
4023	if (err)	4023	if (err)
4024	selinux_netlbl_err(skb, err, 0);	4024	selinux_netlbl_err(skb, err, 0);
4025	} else {	4025	} else {
4026	err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);	4026	err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4027	if (err)	4027	if (err)
4028	return err;	4028	return err;
4029	err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);	4029	err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4030	}	4030	}
4031		4031
4032	return err;	4032	return err;
4033	}	4033	}
4034		4034
4035	static int selinux_socket_sock_rcv_skb(struct sock sk, struct sk_buff skb)	4035	static int selinux_socket_sock_rcv_skb(struct sock sk, struct sk_buff skb)
4036	{	4036	{
4037	int err;	4037	int err;
4038	struct sk_security_struct *sksec = sk->sk_security;	4038	struct sk_security_struct *sksec = sk->sk_security;
4039	u16 family = sk->sk_family;	4039	u16 family = sk->sk_family;
4040	u32 sk_sid = sksec->sid;	4040	u32 sk_sid = sksec->sid;
4041	struct common_audit_data ad;	4041	struct common_audit_data ad;
4042	char *addrp;	4042	char *addrp;
4043	u8 secmark_active;	4043	u8 secmark_active;
4044	u8 peerlbl_active;	4044	u8 peerlbl_active;
4045		4045
4046	if (family != PF_INET && family != PF_INET6)	4046	if (family != PF_INET && family != PF_INET6)
4047	return 0;	4047	return 0;
4048		4048
4049	/* Handle mapped IPv4 packets arriving via IPv6 sockets */	4049	/* Handle mapped IPv4 packets arriving via IPv6 sockets */
4050	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))	4050	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4051	family = PF_INET;	4051	family = PF_INET;
4052		4052
4053	/* If any sort of compatibility mode is enabled then handoff processing	4053	/* If any sort of compatibility mode is enabled then handoff processing
4054	* to the selinux_sock_rcv_skb_compat() function to deal with the	4054	* to the selinux_sock_rcv_skb_compat() function to deal with the
4055	* special handling. We do this in an attempt to keep this function	4055	* special handling. We do this in an attempt to keep this function
4056	* as fast and as clean as possible. */	4056	* as fast and as clean as possible. */
4057	if (!selinux_policycap_netpeer)	4057	if (!selinux_policycap_netpeer)
4058	return selinux_sock_rcv_skb_compat(sk, skb, family);	4058	return selinux_sock_rcv_skb_compat(sk, skb, family);
4059		4059
4060	secmark_active = selinux_secmark_enabled();	4060	secmark_active = selinux_secmark_enabled();
4061	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();	4061	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();
4062	if (!secmark_active && !peerlbl_active)	4062	if (!secmark_active && !peerlbl_active)
4063	return 0;	4063	return 0;
4064		4064
4065	COMMON_AUDIT_DATA_INIT(&ad, NET);	4065	COMMON_AUDIT_DATA_INIT(&ad, NET);
4066	ad.u.net.netif = skb->skb_iif;	4066	ad.u.net.netif = skb->skb_iif;
4067	ad.u.net.family = family;	4067	ad.u.net.family = family;
4068	err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);	4068	err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4069	if (err)	4069	if (err)
4070	return err;	4070	return err;
4071		4071
4072	if (peerlbl_active) {	4072	if (peerlbl_active) {
4073	u32 peer_sid;	4073	u32 peer_sid;
4074		4074
4075	err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);	4075	err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4076	if (err)	4076	if (err)
4077	return err;	4077	return err;
4078	err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,	4078	err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4079	peer_sid, &ad);	4079	peer_sid, &ad);
4080	if (err) {	4080	if (err) {
4081	selinux_netlbl_err(skb, err, 0);	4081	selinux_netlbl_err(skb, err, 0);
4082	return err;	4082	return err;
4083	}	4083	}
4084	err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,	4084	err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4085	PEER__RECV, &ad);	4085	PEER__RECV, &ad);
4086	if (err)	4086	if (err)
4087	selinux_netlbl_err(skb, err, 0);	4087	selinux_netlbl_err(skb, err, 0);
4088	}	4088	}
4089		4089
4090	if (secmark_active) {	4090	if (secmark_active) {
4091	err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,	4091	err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4092	PACKET__RECV, &ad);	4092	PACKET__RECV, &ad);
4093	if (err)	4093	if (err)
4094	return err;	4094	return err;
4095	}	4095	}
4096		4096
4097	return err;	4097	return err;
4098	}	4098	}
4099		4099
4100	static int selinux_socket_getpeersec_stream(struct socket sock, char __user optval,	4100	static int selinux_socket_getpeersec_stream(struct socket sock, char __user optval,
4101	int __user *optlen, unsigned len)	4101	int __user *optlen, unsigned len)
4102	{	4102	{
4103	int err = 0;	4103	int err = 0;
4104	char *scontext;	4104	char *scontext;
4105	u32 scontext_len;	4105	u32 scontext_len;
4106	struct sk_security_struct *sksec = sock->sk->sk_security;	4106	struct sk_security_struct *sksec = sock->sk->sk_security;
4107	u32 peer_sid = SECSID_NULL;	4107	u32 peer_sid = SECSID_NULL;
4108		4108
4109	if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET \|\|	4109	if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET \|\|
4110	sksec->sclass == SECCLASS_TCP_SOCKET)	4110	sksec->sclass == SECCLASS_TCP_SOCKET)
4111	peer_sid = sksec->peer_sid;	4111	peer_sid = sksec->peer_sid;
4112	if (peer_sid == SECSID_NULL)	4112	if (peer_sid == SECSID_NULL)
4113	return -ENOPROTOOPT;	4113	return -ENOPROTOOPT;
4114		4114
4115	err = security_sid_to_context(peer_sid, &scontext, &scontext_len);	4115	err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4116	if (err)	4116	if (err)
4117	return err;	4117	return err;
4118		4118
4119	if (scontext_len > len) {	4119	if (scontext_len > len) {
4120	err = -ERANGE;	4120	err = -ERANGE;
4121	goto out_len;	4121	goto out_len;
4122	}	4122	}
4123		4123
4124	if (copy_to_user(optval, scontext, scontext_len))	4124	if (copy_to_user(optval, scontext, scontext_len))
4125	err = -EFAULT;	4125	err = -EFAULT;
4126		4126
4127	out_len:	4127	out_len:
4128	if (put_user(scontext_len, optlen))	4128	if (put_user(scontext_len, optlen))
4129	err = -EFAULT;	4129	err = -EFAULT;
4130	kfree(scontext);	4130	kfree(scontext);
4131	return err;	4131	return err;
4132	}	4132	}
4133		4133
4134	static int selinux_socket_getpeersec_dgram(struct socket sock, struct sk_buff skb, u32 *secid)	4134	static int selinux_socket_getpeersec_dgram(struct socket sock, struct sk_buff skb, u32 *secid)
4135	{	4135	{
4136	u32 peer_secid = SECSID_NULL;	4136	u32 peer_secid = SECSID_NULL;
4137	u16 family;	4137	u16 family;
4138		4138
4139	if (skb && skb->protocol == htons(ETH_P_IP))	4139	if (skb && skb->protocol == htons(ETH_P_IP))
4140	family = PF_INET;	4140	family = PF_INET;
4141	else if (skb && skb->protocol == htons(ETH_P_IPV6))	4141	else if (skb && skb->protocol == htons(ETH_P_IPV6))
4142	family = PF_INET6;	4142	family = PF_INET6;
4143	else if (sock)	4143	else if (sock)
4144	family = sock->sk->sk_family;	4144	family = sock->sk->sk_family;
4145	else	4145	else
4146	goto out;	4146	goto out;
4147		4147
4148	if (sock && family == PF_UNIX)	4148	if (sock && family == PF_UNIX)
4149	selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);	4149	selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4150	else if (skb)	4150	else if (skb)
4151	selinux_skb_peerlbl_sid(skb, family, &peer_secid);	4151	selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4152		4152
4153	out:	4153	out:
4154	*secid = peer_secid;	4154	*secid = peer_secid;
4155	if (peer_secid == SECSID_NULL)	4155	if (peer_secid == SECSID_NULL)
4156	return -EINVAL;	4156	return -EINVAL;
4157	return 0;	4157	return 0;
4158	}	4158	}
4159		4159
4160	static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)	4160	static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4161	{	4161	{
4162	struct sk_security_struct *sksec;	4162	struct sk_security_struct *sksec;
4163		4163
4164	sksec = kzalloc(sizeof(*sksec), priority);	4164	sksec = kzalloc(sizeof(*sksec), priority);
4165	if (!sksec)	4165	if (!sksec)
4166	return -ENOMEM;	4166	return -ENOMEM;
4167		4167
4168	sksec->peer_sid = SECINITSID_UNLABELED;	4168	sksec->peer_sid = SECINITSID_UNLABELED;
4169	sksec->sid = SECINITSID_UNLABELED;	4169	sksec->sid = SECINITSID_UNLABELED;
4170	selinux_netlbl_sk_security_reset(sksec);	4170	selinux_netlbl_sk_security_reset(sksec);
4171	sk->sk_security = sksec;	4171	sk->sk_security = sksec;
4172		4172
4173	return 0;	4173	return 0;
4174	}	4174	}
4175		4175
4176	static void selinux_sk_free_security(struct sock *sk)	4176	static void selinux_sk_free_security(struct sock *sk)
4177	{	4177	{
4178	struct sk_security_struct *sksec = sk->sk_security;	4178	struct sk_security_struct *sksec = sk->sk_security;
4179		4179
4180	sk->sk_security = NULL;	4180	sk->sk_security = NULL;
4181	selinux_netlbl_sk_security_free(sksec);	4181	selinux_netlbl_sk_security_free(sksec);
4182	kfree(sksec);	4182	kfree(sksec);
4183	}	4183	}
4184		4184
4185	static void selinux_sk_clone_security(const struct sock sk, struct sock newsk)	4185	static void selinux_sk_clone_security(const struct sock sk, struct sock newsk)
4186	{	4186	{
4187	struct sk_security_struct *sksec = sk->sk_security;	4187	struct sk_security_struct *sksec = sk->sk_security;
4188	struct sk_security_struct *newsksec = newsk->sk_security;	4188	struct sk_security_struct *newsksec = newsk->sk_security;
4189		4189
4190	newsksec->sid = sksec->sid;	4190	newsksec->sid = sksec->sid;
4191	newsksec->peer_sid = sksec->peer_sid;	4191	newsksec->peer_sid = sksec->peer_sid;
4192	newsksec->sclass = sksec->sclass;	4192	newsksec->sclass = sksec->sclass;
4193		4193
4194	selinux_netlbl_sk_security_reset(newsksec);	4194	selinux_netlbl_sk_security_reset(newsksec);
4195	}	4195	}
4196		4196
4197	static void selinux_sk_getsecid(struct sock sk, u32 secid)	4197	static void selinux_sk_getsecid(struct sock sk, u32 secid)
4198	{	4198	{
4199	if (!sk)	4199	if (!sk)
4200	*secid = SECINITSID_ANY_SOCKET;	4200	*secid = SECINITSID_ANY_SOCKET;
4201	else {	4201	else {
4202	struct sk_security_struct *sksec = sk->sk_security;	4202	struct sk_security_struct *sksec = sk->sk_security;
4203		4203
4204	*secid = sksec->sid;	4204	*secid = sksec->sid;
4205	}	4205	}
4206	}	4206	}
4207		4207
4208	static void selinux_sock_graft(struct sock sk, struct socket parent)	4208	static void selinux_sock_graft(struct sock sk, struct socket parent)
4209	{	4209	{
4210	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;	4210	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4211	struct sk_security_struct *sksec = sk->sk_security;	4211	struct sk_security_struct *sksec = sk->sk_security;
4212		4212
4213	if (sk->sk_family == PF_INET \|\| sk->sk_family == PF_INET6 \|\|	4213	if (sk->sk_family == PF_INET \|\| sk->sk_family == PF_INET6 \|\|
4214	sk->sk_family == PF_UNIX)	4214	sk->sk_family == PF_UNIX)
4215	isec->sid = sksec->sid;	4215	isec->sid = sksec->sid;
4216	sksec->sclass = isec->sclass;	4216	sksec->sclass = isec->sclass;
4217	}	4217	}
4218		4218
4219	static int selinux_inet_conn_request(struct sock sk, struct sk_buff skb,	4219	static int selinux_inet_conn_request(struct sock sk, struct sk_buff skb,
4220	struct request_sock *req)	4220	struct request_sock *req)
4221	{	4221	{
4222	struct sk_security_struct *sksec = sk->sk_security;	4222	struct sk_security_struct *sksec = sk->sk_security;
4223	int err;	4223	int err;
4224	u16 family = sk->sk_family;	4224	u16 family = sk->sk_family;
4225	u32 newsid;	4225	u32 newsid;
4226	u32 peersid;	4226	u32 peersid;
4227		4227
4228	/* handle mapped IPv4 packets arriving via IPv6 sockets */	4228	/* handle mapped IPv4 packets arriving via IPv6 sockets */
4229	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))	4229	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4230	family = PF_INET;	4230	family = PF_INET;
4231		4231
4232	err = selinux_skb_peerlbl_sid(skb, family, &peersid);	4232	err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4233	if (err)	4233	if (err)
4234	return err;	4234	return err;
4235	if (peersid == SECSID_NULL) {	4235	if (peersid == SECSID_NULL) {
4236	req->secid = sksec->sid;	4236	req->secid = sksec->sid;
4237	req->peer_secid = SECSID_NULL;	4237	req->peer_secid = SECSID_NULL;
4238	} else {	4238	} else {
4239	err = security_sid_mls_copy(sksec->sid, peersid, &newsid);	4239	err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4240	if (err)	4240	if (err)
4241	return err;	4241	return err;
4242	req->secid = newsid;	4242	req->secid = newsid;
4243	req->peer_secid = peersid;	4243	req->peer_secid = peersid;
4244	}	4244	}
4245		4245
4246	return selinux_netlbl_inet_conn_request(req, family);	4246	return selinux_netlbl_inet_conn_request(req, family);
4247	}	4247	}
4248		4248
4249	static void selinux_inet_csk_clone(struct sock *newsk,	4249	static void selinux_inet_csk_clone(struct sock *newsk,
4250	const struct request_sock *req)	4250	const struct request_sock *req)
4251	{	4251	{
4252	struct sk_security_struct *newsksec = newsk->sk_security;	4252	struct sk_security_struct *newsksec = newsk->sk_security;
4253		4253
4254	newsksec->sid = req->secid;	4254	newsksec->sid = req->secid;
4255	newsksec->peer_sid = req->peer_secid;	4255	newsksec->peer_sid = req->peer_secid;
4256	/* NOTE: Ideally, we should also get the isec->sid for the	4256	/* NOTE: Ideally, we should also get the isec->sid for the
4257	new socket in sync, but we don't have the isec available yet.	4257	new socket in sync, but we don't have the isec available yet.
4258	So we will wait until sock_graft to do it, by which	4258	So we will wait until sock_graft to do it, by which
4259	time it will have been created and available. */	4259	time it will have been created and available. */
4260		4260
4261	/* We don't need to take any sort of lock here as we are the only	4261	/* We don't need to take any sort of lock here as we are the only
4262	* thread with access to newsksec */	4262	* thread with access to newsksec */
4263	selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);	4263	selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4264	}	4264	}
4265		4265
4266	static void selinux_inet_conn_established(struct sock sk, struct sk_buff skb)	4266	static void selinux_inet_conn_established(struct sock sk, struct sk_buff skb)
4267	{	4267	{
4268	u16 family = sk->sk_family;	4268	u16 family = sk->sk_family;
4269	struct sk_security_struct *sksec = sk->sk_security;	4269	struct sk_security_struct *sksec = sk->sk_security;
4270		4270
4271	/* handle mapped IPv4 packets arriving via IPv6 sockets */	4271	/* handle mapped IPv4 packets arriving via IPv6 sockets */
4272	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))	4272	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4273	family = PF_INET;	4273	family = PF_INET;
4274		4274
4275	selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);	4275	selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4276	}	4276	}
4277		4277
4278	static int selinux_secmark_relabel_packet(u32 sid)	4278	static int selinux_secmark_relabel_packet(u32 sid)
4279	{	4279	{
4280	const struct task_security_struct *__tsec;	4280	const struct task_security_struct *__tsec;
4281	u32 tsid;	4281	u32 tsid;
4282		4282
4283	__tsec = current_security();	4283	__tsec = current_security();
4284	tsid = __tsec->sid;	4284	tsid = __tsec->sid;
4285		4285
4286	return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);	4286	return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4287	}	4287	}
4288		4288
4289	static void selinux_secmark_refcount_inc(void)	4289	static void selinux_secmark_refcount_inc(void)
4290	{	4290	{
4291	atomic_inc(&selinux_secmark_refcount);	4291	atomic_inc(&selinux_secmark_refcount);
4292	}	4292	}
4293		4293
4294	static void selinux_secmark_refcount_dec(void)	4294	static void selinux_secmark_refcount_dec(void)
4295	{	4295	{
4296	atomic_dec(&selinux_secmark_refcount);	4296	atomic_dec(&selinux_secmark_refcount);
4297	}	4297	}
4298		4298
4299	static void selinux_req_classify_flow(const struct request_sock *req,	4299	static void selinux_req_classify_flow(const struct request_sock *req,
4300	struct flowi *fl)	4300	struct flowi *fl)
4301	{	4301	{
4302	fl->secid = req->secid;	4302	fl->secid = req->secid;
4303	}	4303	}
4304		4304
4305	static int selinux_tun_dev_create(void)	4305	static int selinux_tun_dev_create(void)
4306	{	4306	{
4307	u32 sid = current_sid();	4307	u32 sid = current_sid();
4308		4308
4309	/* we aren't taking into account the "sockcreate" SID since the socket	4309	/* we aren't taking into account the "sockcreate" SID since the socket
4310	* that is being created here is not a socket in the traditional sense,	4310	* that is being created here is not a socket in the traditional sense,
4311	* instead it is a private sock, accessible only to the kernel, and	4311	* instead it is a private sock, accessible only to the kernel, and
4312	* representing a wide range of network traffic spanning multiple	4312	* representing a wide range of network traffic spanning multiple
4313	* connections unlike traditional sockets - check the TUN driver to	4313	* connections unlike traditional sockets - check the TUN driver to
4314	* get a better understanding of why this socket is special */	4314	* get a better understanding of why this socket is special */
4315		4315
4316	return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,	4316	return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4317	NULL);	4317	NULL);
4318	}	4318	}
4319		4319
4320	static void selinux_tun_dev_post_create(struct sock *sk)	4320	static void selinux_tun_dev_post_create(struct sock *sk)
4321	{	4321	{
4322	struct sk_security_struct *sksec = sk->sk_security;	4322	struct sk_security_struct *sksec = sk->sk_security;
4323		4323
4324	/* we don't currently perform any NetLabel based labeling here and it	4324	/* we don't currently perform any NetLabel based labeling here and it
4325	* isn't clear that we would want to do so anyway; while we could apply	4325	* isn't clear that we would want to do so anyway; while we could apply
4326	* labeling without the support of the TUN user the resulting labeled	4326	* labeling without the support of the TUN user the resulting labeled
4327	* traffic from the other end of the connection would almost certainly	4327	* traffic from the other end of the connection would almost certainly
4328	* cause confusion to the TUN user that had no idea network labeling	4328	* cause confusion to the TUN user that had no idea network labeling
4329	* protocols were being used */	4329	* protocols were being used */
4330		4330
4331	/* see the comments in selinux_tun_dev_create() about why we don't use	4331	/* see the comments in selinux_tun_dev_create() about why we don't use
4332	* the sockcreate SID here */	4332	* the sockcreate SID here */
4333		4333
4334	sksec->sid = current_sid();	4334	sksec->sid = current_sid();
4335	sksec->sclass = SECCLASS_TUN_SOCKET;	4335	sksec->sclass = SECCLASS_TUN_SOCKET;
4336	}	4336	}
4337		4337
4338	static int selinux_tun_dev_attach(struct sock *sk)	4338	static int selinux_tun_dev_attach(struct sock *sk)
4339	{	4339	{
4340	struct sk_security_struct *sksec = sk->sk_security;	4340	struct sk_security_struct *sksec = sk->sk_security;
4341	u32 sid = current_sid();	4341	u32 sid = current_sid();
4342	int err;	4342	int err;
4343		4343
4344	err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,	4344	err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4345	TUN_SOCKET__RELABELFROM, NULL);	4345	TUN_SOCKET__RELABELFROM, NULL);
4346	if (err)	4346	if (err)
4347	return err;	4347	return err;
4348	err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,	4348	err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4349	TUN_SOCKET__RELABELTO, NULL);	4349	TUN_SOCKET__RELABELTO, NULL);
4350	if (err)	4350	if (err)
4351	return err;	4351	return err;
4352		4352
4353	sksec->sid = sid;	4353	sksec->sid = sid;
4354		4354
4355	return 0;	4355	return 0;
4356	}	4356	}
4357		4357
4358	static int selinux_nlmsg_perm(struct sock sk, struct sk_buff skb)	4358	static int selinux_nlmsg_perm(struct sock sk, struct sk_buff skb)
4359	{	4359	{
4360	int err = 0;	4360	int err = 0;
4361	u32 perm;	4361	u32 perm;
4362	struct nlmsghdr *nlh;	4362	struct nlmsghdr *nlh;
4363	struct sk_security_struct *sksec = sk->sk_security;	4363	struct sk_security_struct *sksec = sk->sk_security;
4364		4364
4365	if (skb->len < NLMSG_SPACE(0)) {	4365	if (skb->len < NLMSG_SPACE(0)) {
4366	err = -EINVAL;	4366	err = -EINVAL;
4367	goto out;	4367	goto out;
4368	}	4368	}
4369	nlh = nlmsg_hdr(skb);	4369	nlh = nlmsg_hdr(skb);
4370		4370
4371	err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);	4371	err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4372	if (err) {	4372	if (err) {
4373	if (err == -EINVAL) {	4373	if (err == -EINVAL) {
4374	audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,	4374	audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4375	"SELinux: unrecognized netlink message"	4375	"SELinux: unrecognized netlink message"
4376	" type=%hu for sclass=%hu\n",	4376	" type=%hu for sclass=%hu\n",
4377	nlh->nlmsg_type, sksec->sclass);	4377	nlh->nlmsg_type, sksec->sclass);
4378	if (!selinux_enforcing \|\| security_get_allow_unknown())	4378	if (!selinux_enforcing \|\| security_get_allow_unknown())
4379	err = 0;	4379	err = 0;
4380	}	4380	}
4381		4381
4382	/* Ignore */	4382	/* Ignore */
4383	if (err == -ENOENT)	4383	if (err == -ENOENT)
4384	err = 0;	4384	err = 0;
4385	goto out;	4385	goto out;
4386	}	4386	}
4387		4387
4388	err = sock_has_perm(current, sk, perm);	4388	err = sock_has_perm(current, sk, perm);
4389	out:	4389	out:
4390	return err;	4390	return err;
4391	}	4391	}
4392		4392
4393	#ifdef CONFIG_NETFILTER	4393	#ifdef CONFIG_NETFILTER
4394		4394
4395	static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,	4395	static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4396	u16 family)	4396	u16 family)
4397	{	4397	{
4398	int err;	4398	int err;
4399	char *addrp;	4399	char *addrp;
4400	u32 peer_sid;	4400	u32 peer_sid;
4401	struct common_audit_data ad;	4401	struct common_audit_data ad;
4402	u8 secmark_active;	4402	u8 secmark_active;
4403	u8 netlbl_active;	4403	u8 netlbl_active;
4404	u8 peerlbl_active;	4404	u8 peerlbl_active;
4405		4405
4406	if (!selinux_policycap_netpeer)	4406	if (!selinux_policycap_netpeer)
4407	return NF_ACCEPT;	4407	return NF_ACCEPT;
4408		4408
4409	secmark_active = selinux_secmark_enabled();	4409	secmark_active = selinux_secmark_enabled();
4410	netlbl_active = netlbl_enabled();	4410	netlbl_active = netlbl_enabled();
4411	peerlbl_active = netlbl_active \|\| selinux_xfrm_enabled();	4411	peerlbl_active = netlbl_active \|\| selinux_xfrm_enabled();
4412	if (!secmark_active && !peerlbl_active)	4412	if (!secmark_active && !peerlbl_active)
4413	return NF_ACCEPT;	4413	return NF_ACCEPT;
4414		4414
4415	if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)	4415	if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4416	return NF_DROP;	4416	return NF_DROP;
4417		4417
4418	COMMON_AUDIT_DATA_INIT(&ad, NET);	4418	COMMON_AUDIT_DATA_INIT(&ad, NET);
4419	ad.u.net.netif = ifindex;	4419	ad.u.net.netif = ifindex;
4420	ad.u.net.family = family;	4420	ad.u.net.family = family;
4421	if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)	4421	if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4422	return NF_DROP;	4422	return NF_DROP;
4423		4423
4424	if (peerlbl_active) {	4424	if (peerlbl_active) {
4425	err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,	4425	err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4426	peer_sid, &ad);	4426	peer_sid, &ad);
4427	if (err) {	4427	if (err) {
4428	selinux_netlbl_err(skb, err, 1);	4428	selinux_netlbl_err(skb, err, 1);
4429	return NF_DROP;	4429	return NF_DROP;
4430	}	4430	}
4431	}	4431	}
4432		4432
4433	if (secmark_active)	4433	if (secmark_active)
4434	if (avc_has_perm(peer_sid, skb->secmark,	4434	if (avc_has_perm(peer_sid, skb->secmark,
4435	SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))	4435	SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4436	return NF_DROP;	4436	return NF_DROP;
4437		4437
4438	if (netlbl_active)	4438	if (netlbl_active)
4439	/* we do this in the FORWARD path and not the POST_ROUTING	4439	/* we do this in the FORWARD path and not the POST_ROUTING
4440	* path because we want to make sure we apply the necessary	4440	* path because we want to make sure we apply the necessary
4441	* labeling before IPsec is applied so we can leverage AH	4441	* labeling before IPsec is applied so we can leverage AH
4442	* protection */	4442	* protection */
4443	if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)	4443	if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4444	return NF_DROP;	4444	return NF_DROP;
4445		4445
4446	return NF_ACCEPT;	4446	return NF_ACCEPT;
4447	}	4447	}
4448		4448
4449	static unsigned int selinux_ipv4_forward(unsigned int hooknum,	4449	static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4450	struct sk_buff *skb,	4450	struct sk_buff *skb,
4451	const struct net_device *in,	4451	const struct net_device *in,
4452	const struct net_device *out,	4452	const struct net_device *out,
4453	int (okfn)(struct sk_buff ))	4453	int (okfn)(struct sk_buff ))
4454	{	4454	{
4455	return selinux_ip_forward(skb, in->ifindex, PF_INET);	4455	return selinux_ip_forward(skb, in->ifindex, PF_INET);
4456	}	4456	}
4457		4457
4458	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4458	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
4459	static unsigned int selinux_ipv6_forward(unsigned int hooknum,	4459	static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4460	struct sk_buff *skb,	4460	struct sk_buff *skb,
4461	const struct net_device *in,	4461	const struct net_device *in,
4462	const struct net_device *out,	4462	const struct net_device *out,
4463	int (okfn)(struct sk_buff ))	4463	int (okfn)(struct sk_buff ))
4464	{	4464	{
4465	return selinux_ip_forward(skb, in->ifindex, PF_INET6);	4465	return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4466	}	4466	}
4467	#endif /* IPV6 */	4467	#endif /* IPV6 */
4468		4468
4469	static unsigned int selinux_ip_output(struct sk_buff *skb,	4469	static unsigned int selinux_ip_output(struct sk_buff *skb,
4470	u16 family)	4470	u16 family)
4471	{	4471	{
4472	u32 sid;	4472	u32 sid;
4473		4473
4474	if (!netlbl_enabled())	4474	if (!netlbl_enabled())
4475	return NF_ACCEPT;	4475	return NF_ACCEPT;
4476		4476
4477	/* we do this in the LOCAL_OUT path and not the POST_ROUTING path	4477	/* we do this in the LOCAL_OUT path and not the POST_ROUTING path
4478	* because we want to make sure we apply the necessary labeling	4478	* because we want to make sure we apply the necessary labeling
4479	* before IPsec is applied so we can leverage AH protection */	4479	* before IPsec is applied so we can leverage AH protection */
4480	if (skb->sk) {	4480	if (skb->sk) {
4481	struct sk_security_struct *sksec = skb->sk->sk_security;	4481	struct sk_security_struct *sksec = skb->sk->sk_security;
4482	sid = sksec->sid;	4482	sid = sksec->sid;
4483	} else	4483	} else
4484	sid = SECINITSID_KERNEL;	4484	sid = SECINITSID_KERNEL;
4485	if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)	4485	if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4486	return NF_DROP;	4486	return NF_DROP;
4487		4487
4488	return NF_ACCEPT;	4488	return NF_ACCEPT;
4489	}	4489	}
4490		4490
4491	static unsigned int selinux_ipv4_output(unsigned int hooknum,	4491	static unsigned int selinux_ipv4_output(unsigned int hooknum,
4492	struct sk_buff *skb,	4492	struct sk_buff *skb,
4493	const struct net_device *in,	4493	const struct net_device *in,
4494	const struct net_device *out,	4494	const struct net_device *out,
4495	int (okfn)(struct sk_buff ))	4495	int (okfn)(struct sk_buff ))
4496	{	4496	{
4497	return selinux_ip_output(skb, PF_INET);	4497	return selinux_ip_output(skb, PF_INET);
4498	}	4498	}
4499		4499
4500	static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,	4500	static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4501	int ifindex,	4501	int ifindex,
4502	u16 family)	4502	u16 family)
4503	{	4503	{
4504	struct sock *sk = skb->sk;	4504	struct sock *sk = skb->sk;
4505	struct sk_security_struct *sksec;	4505	struct sk_security_struct *sksec;
4506	struct common_audit_data ad;	4506	struct common_audit_data ad;
4507	char *addrp;	4507	char *addrp;
4508	u8 proto;	4508	u8 proto;
4509		4509
4510	if (sk == NULL)	4510	if (sk == NULL)
4511	return NF_ACCEPT;	4511	return NF_ACCEPT;
4512	sksec = sk->sk_security;	4512	sksec = sk->sk_security;
4513		4513
4514	COMMON_AUDIT_DATA_INIT(&ad, NET);	4514	COMMON_AUDIT_DATA_INIT(&ad, NET);
4515	ad.u.net.netif = ifindex;	4515	ad.u.net.netif = ifindex;
4516	ad.u.net.family = family;	4516	ad.u.net.family = family;
4517	if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))	4517	if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4518	return NF_DROP;	4518	return NF_DROP;
4519		4519
4520	if (selinux_secmark_enabled())	4520	if (selinux_secmark_enabled())
4521	if (avc_has_perm(sksec->sid, skb->secmark,	4521	if (avc_has_perm(sksec->sid, skb->secmark,
4522	SECCLASS_PACKET, PACKET__SEND, &ad))	4522	SECCLASS_PACKET, PACKET__SEND, &ad))
4523	return NF_DROP_ERR(-ECONNREFUSED);	4523	return NF_DROP_ERR(-ECONNREFUSED);
4524		4524
4525	if (selinux_policycap_netpeer)	4525	if (selinux_policycap_netpeer)
4526	if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))	4526	if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4527	return NF_DROP_ERR(-ECONNREFUSED);	4527	return NF_DROP_ERR(-ECONNREFUSED);
4528		4528
4529	return NF_ACCEPT;	4529	return NF_ACCEPT;
4530	}	4530	}
4531		4531
4532	static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,	4532	static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4533	u16 family)	4533	u16 family)
4534	{	4534	{
4535	u32 secmark_perm;	4535	u32 secmark_perm;
4536	u32 peer_sid;	4536	u32 peer_sid;
4537	struct sock *sk;	4537	struct sock *sk;
4538	struct common_audit_data ad;	4538	struct common_audit_data ad;
4539	char *addrp;	4539	char *addrp;
4540	u8 secmark_active;	4540	u8 secmark_active;
4541	u8 peerlbl_active;	4541	u8 peerlbl_active;
4542		4542
4543	/* If any sort of compatibility mode is enabled then handoff processing	4543	/* If any sort of compatibility mode is enabled then handoff processing
4544	* to the selinux_ip_postroute_compat() function to deal with the	4544	* to the selinux_ip_postroute_compat() function to deal with the
4545	* special handling. We do this in an attempt to keep this function	4545	* special handling. We do this in an attempt to keep this function
4546	* as fast and as clean as possible. */	4546	* as fast and as clean as possible. */
4547	if (!selinux_policycap_netpeer)	4547	if (!selinux_policycap_netpeer)
4548	return selinux_ip_postroute_compat(skb, ifindex, family);	4548	return selinux_ip_postroute_compat(skb, ifindex, family);
4549	#ifdef CONFIG_XFRM	4549	#ifdef CONFIG_XFRM
4550	/* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec	4550	/* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4551	* packet transformation so allow the packet to pass without any checks	4551	* packet transformation so allow the packet to pass without any checks
4552	* since we'll have another chance to perform access control checks	4552	* since we'll have another chance to perform access control checks
4553	* when the packet is on it's final way out.	4553	* when the packet is on it's final way out.
4554	* NOTE: there appear to be some IPv6 multicast cases where skb->dst	4554	* NOTE: there appear to be some IPv6 multicast cases where skb->dst
4555	* is NULL, in this case go ahead and apply access control. */	4555	* is NULL, in this case go ahead and apply access control. */
4556	if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)	4556	if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4557	return NF_ACCEPT;	4557	return NF_ACCEPT;
4558	#endif	4558	#endif
4559	secmark_active = selinux_secmark_enabled();	4559	secmark_active = selinux_secmark_enabled();
4560	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();	4560	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();
4561	if (!secmark_active && !peerlbl_active)	4561	if (!secmark_active && !peerlbl_active)
4562	return NF_ACCEPT;	4562	return NF_ACCEPT;
4563		4563
4564	/* if the packet is being forwarded then get the peer label from the	4564	/* if the packet is being forwarded then get the peer label from the
4565	* packet itself; otherwise check to see if it is from a local	4565	* packet itself; otherwise check to see if it is from a local
4566	* application or the kernel, if from an application get the peer label	4566	* application or the kernel, if from an application get the peer label
4567	* from the sending socket, otherwise use the kernel's sid */	4567	* from the sending socket, otherwise use the kernel's sid */
4568	sk = skb->sk;	4568	sk = skb->sk;
4569	if (sk == NULL) {	4569	if (sk == NULL) {
4570	switch (family) {	4570	switch (family) {
4571	case PF_INET:	4571	case PF_INET:
4572	if (IPCB(skb)->flags & IPSKB_FORWARDED)	4572	if (IPCB(skb)->flags & IPSKB_FORWARDED)
4573	secmark_perm = PACKET__FORWARD_OUT;	4573	secmark_perm = PACKET__FORWARD_OUT;
4574	else	4574	else
4575	secmark_perm = PACKET__SEND;	4575	secmark_perm = PACKET__SEND;
4576	break;	4576	break;
4577	case PF_INET6:	4577	case PF_INET6:
4578	if (IP6CB(skb)->flags & IP6SKB_FORWARDED)	4578	if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4579	secmark_perm = PACKET__FORWARD_OUT;	4579	secmark_perm = PACKET__FORWARD_OUT;
4580	else	4580	else
4581	secmark_perm = PACKET__SEND;	4581	secmark_perm = PACKET__SEND;
4582	break;	4582	break;
4583	default:	4583	default:
4584	return NF_DROP_ERR(-ECONNREFUSED);	4584	return NF_DROP_ERR(-ECONNREFUSED);
4585	}	4585	}
4586	if (secmark_perm == PACKET__FORWARD_OUT) {	4586	if (secmark_perm == PACKET__FORWARD_OUT) {
4587	if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))	4587	if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4588	return NF_DROP;	4588	return NF_DROP;
4589	} else	4589	} else
4590	peer_sid = SECINITSID_KERNEL;	4590	peer_sid = SECINITSID_KERNEL;
4591	} else {	4591	} else {
4592	struct sk_security_struct *sksec = sk->sk_security;	4592	struct sk_security_struct *sksec = sk->sk_security;
4593	peer_sid = sksec->sid;	4593	peer_sid = sksec->sid;
4594	secmark_perm = PACKET__SEND;	4594	secmark_perm = PACKET__SEND;
4595	}	4595	}
4596		4596
4597	COMMON_AUDIT_DATA_INIT(&ad, NET);	4597	COMMON_AUDIT_DATA_INIT(&ad, NET);
4598	ad.u.net.netif = ifindex;	4598	ad.u.net.netif = ifindex;
4599	ad.u.net.family = family;	4599	ad.u.net.family = family;
4600	if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))	4600	if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4601	return NF_DROP;	4601	return NF_DROP;
4602		4602
4603	if (secmark_active)	4603	if (secmark_active)
4604	if (avc_has_perm(peer_sid, skb->secmark,	4604	if (avc_has_perm(peer_sid, skb->secmark,
4605	SECCLASS_PACKET, secmark_perm, &ad))	4605	SECCLASS_PACKET, secmark_perm, &ad))
4606	return NF_DROP_ERR(-ECONNREFUSED);	4606	return NF_DROP_ERR(-ECONNREFUSED);
4607		4607
4608	if (peerlbl_active) {	4608	if (peerlbl_active) {
4609	u32 if_sid;	4609	u32 if_sid;
4610	u32 node_sid;	4610	u32 node_sid;
4611		4611
4612	if (sel_netif_sid(ifindex, &if_sid))	4612	if (sel_netif_sid(ifindex, &if_sid))
4613	return NF_DROP;	4613	return NF_DROP;
4614	if (avc_has_perm(peer_sid, if_sid,	4614	if (avc_has_perm(peer_sid, if_sid,
4615	SECCLASS_NETIF, NETIF__EGRESS, &ad))	4615	SECCLASS_NETIF, NETIF__EGRESS, &ad))
4616	return NF_DROP_ERR(-ECONNREFUSED);	4616	return NF_DROP_ERR(-ECONNREFUSED);
4617		4617
4618	if (sel_netnode_sid(addrp, family, &node_sid))	4618	if (sel_netnode_sid(addrp, family, &node_sid))
4619	return NF_DROP;	4619	return NF_DROP;
4620	if (avc_has_perm(peer_sid, node_sid,	4620	if (avc_has_perm(peer_sid, node_sid,
4621	SECCLASS_NODE, NODE__SENDTO, &ad))	4621	SECCLASS_NODE, NODE__SENDTO, &ad))
4622	return NF_DROP_ERR(-ECONNREFUSED);	4622	return NF_DROP_ERR(-ECONNREFUSED);
4623	}	4623	}
4624		4624
4625	return NF_ACCEPT;	4625	return NF_ACCEPT;
4626	}	4626	}
4627		4627
4628	static unsigned int selinux_ipv4_postroute(unsigned int hooknum,	4628	static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4629	struct sk_buff *skb,	4629	struct sk_buff *skb,
4630	const struct net_device *in,	4630	const struct net_device *in,
4631	const struct net_device *out,	4631	const struct net_device *out,
4632	int (okfn)(struct sk_buff ))	4632	int (okfn)(struct sk_buff ))
4633	{	4633	{
4634	return selinux_ip_postroute(skb, out->ifindex, PF_INET);	4634	return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4635	}	4635	}
4636		4636
4637	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4637	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
4638	static unsigned int selinux_ipv6_postroute(unsigned int hooknum,	4638	static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4639	struct sk_buff *skb,	4639	struct sk_buff *skb,
4640	const struct net_device *in,	4640	const struct net_device *in,
4641	const struct net_device *out,	4641	const struct net_device *out,
4642	int (okfn)(struct sk_buff ))	4642	int (okfn)(struct sk_buff ))
4643	{	4643	{
4644	return selinux_ip_postroute(skb, out->ifindex, PF_INET6);	4644	return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4645	}	4645	}
4646	#endif /* IPV6 */	4646	#endif /* IPV6 */
4647		4647
4648	#endif /* CONFIG_NETFILTER */	4648	#endif /* CONFIG_NETFILTER */
4649		4649
4650	static int selinux_netlink_send(struct sock sk, struct sk_buff skb)	4650	static int selinux_netlink_send(struct sock sk, struct sk_buff skb)
4651	{	4651	{
4652	int err;	4652	int err;
4653		4653
4654	err = cap_netlink_send(sk, skb);	4654	err = cap_netlink_send(sk, skb);
4655	if (err)	4655	if (err)
4656	return err;	4656	return err;
4657		4657
4658	return selinux_nlmsg_perm(sk, skb);	4658	return selinux_nlmsg_perm(sk, skb);
4659	}	4659	}
4660		4660
4661	static int selinux_netlink_recv(struct sk_buff *skb, int capability)	4661	static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4662	{	4662	{
4663	int err;	4663	int err;
4664	struct common_audit_data ad;	4664	struct common_audit_data ad;
4665		4665
4666	err = cap_netlink_recv(skb, capability);	4666	err = cap_netlink_recv(skb, capability);
4667	if (err)	4667	if (err)
4668	return err;	4668	return err;
4669		4669
4670	COMMON_AUDIT_DATA_INIT(&ad, CAP);	4670	COMMON_AUDIT_DATA_INIT(&ad, CAP);
4671	ad.u.cap = capability;	4671	ad.u.cap = capability;
4672		4672
4673	return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,	4673	return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4674	SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);	4674	SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4675	}	4675	}
4676		4676
4677	static int ipc_alloc_security(struct task_struct *task,	4677	static int ipc_alloc_security(struct task_struct *task,
4678	struct kern_ipc_perm *perm,	4678	struct kern_ipc_perm *perm,
4679	u16 sclass)	4679	u16 sclass)
4680	{	4680	{
4681	struct ipc_security_struct *isec;	4681	struct ipc_security_struct *isec;
4682	u32 sid;	4682	u32 sid;
4683		4683
4684	isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);	4684	isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4685	if (!isec)	4685	if (!isec)
4686	return -ENOMEM;	4686	return -ENOMEM;
4687		4687
4688	sid = task_sid(task);	4688	sid = task_sid(task);
4689	isec->sclass = sclass;	4689	isec->sclass = sclass;
4690	isec->sid = sid;	4690	isec->sid = sid;
4691	perm->security = isec;	4691	perm->security = isec;
4692		4692
4693	return 0;	4693	return 0;
4694	}	4694	}
4695		4695
4696	static void ipc_free_security(struct kern_ipc_perm *perm)	4696	static void ipc_free_security(struct kern_ipc_perm *perm)
4697	{	4697	{
4698	struct ipc_security_struct *isec = perm->security;	4698	struct ipc_security_struct *isec = perm->security;
4699	perm->security = NULL;	4699	perm->security = NULL;
4700	kfree(isec);	4700	kfree(isec);
4701	}	4701	}
4702		4702
4703	static int msg_msg_alloc_security(struct msg_msg *msg)	4703	static int msg_msg_alloc_security(struct msg_msg *msg)
4704	{	4704	{
4705	struct msg_security_struct *msec;	4705	struct msg_security_struct *msec;
4706		4706
4707	msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);	4707	msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4708	if (!msec)	4708	if (!msec)
4709	return -ENOMEM;	4709	return -ENOMEM;
4710		4710
4711	msec->sid = SECINITSID_UNLABELED;	4711	msec->sid = SECINITSID_UNLABELED;
4712	msg->security = msec;	4712	msg->security = msec;
4713		4713
4714	return 0;	4714	return 0;
4715	}	4715	}
4716		4716
4717	static void msg_msg_free_security(struct msg_msg *msg)	4717	static void msg_msg_free_security(struct msg_msg *msg)
4718	{	4718	{
4719	struct msg_security_struct *msec = msg->security;	4719	struct msg_security_struct *msec = msg->security;
4720		4720
4721	msg->security = NULL;	4721	msg->security = NULL;
4722	kfree(msec);	4722	kfree(msec);
4723	}	4723	}
4724		4724
4725	static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,	4725	static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4726	u32 perms)	4726	u32 perms)
4727	{	4727	{
4728	struct ipc_security_struct *isec;	4728	struct ipc_security_struct *isec;
4729	struct common_audit_data ad;	4729	struct common_audit_data ad;
4730	u32 sid = current_sid();	4730	u32 sid = current_sid();
4731		4731
4732	isec = ipc_perms->security;	4732	isec = ipc_perms->security;
4733		4733
4734	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4734	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4735	ad.u.ipc_id = ipc_perms->key;	4735	ad.u.ipc_id = ipc_perms->key;
4736		4736
4737	return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);	4737	return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4738	}	4738	}
4739		4739
4740	static int selinux_msg_msg_alloc_security(struct msg_msg *msg)	4740	static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4741	{	4741	{
4742	return msg_msg_alloc_security(msg);	4742	return msg_msg_alloc_security(msg);
4743	}	4743	}
4744		4744
4745	static void selinux_msg_msg_free_security(struct msg_msg *msg)	4745	static void selinux_msg_msg_free_security(struct msg_msg *msg)
4746	{	4746	{
4747	msg_msg_free_security(msg);	4747	msg_msg_free_security(msg);
4748	}	4748	}
4749		4749
4750	/* message queue security operations */	4750	/* message queue security operations */
4751	static int selinux_msg_queue_alloc_security(struct msg_queue *msq)	4751	static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4752	{	4752	{
4753	struct ipc_security_struct *isec;	4753	struct ipc_security_struct *isec;
4754	struct common_audit_data ad;	4754	struct common_audit_data ad;
4755	u32 sid = current_sid();	4755	u32 sid = current_sid();
4756	int rc;	4756	int rc;
4757		4757
4758	rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);	4758	rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4759	if (rc)	4759	if (rc)
4760	return rc;	4760	return rc;
4761		4761
4762	isec = msq->q_perm.security;	4762	isec = msq->q_perm.security;
4763		4763
4764	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4764	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4765	ad.u.ipc_id = msq->q_perm.key;	4765	ad.u.ipc_id = msq->q_perm.key;
4766		4766
4767	rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	4767	rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4768	MSGQ__CREATE, &ad);	4768	MSGQ__CREATE, &ad);
4769	if (rc) {	4769	if (rc) {
4770	ipc_free_security(&msq->q_perm);	4770	ipc_free_security(&msq->q_perm);
4771	return rc;	4771	return rc;
4772	}	4772	}
4773	return 0;	4773	return 0;
4774	}	4774	}
4775		4775
4776	static void selinux_msg_queue_free_security(struct msg_queue *msq)	4776	static void selinux_msg_queue_free_security(struct msg_queue *msq)
4777	{	4777	{
4778	ipc_free_security(&msq->q_perm);	4778	ipc_free_security(&msq->q_perm);
4779	}	4779	}
4780		4780
4781	static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)	4781	static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4782	{	4782	{
4783	struct ipc_security_struct *isec;	4783	struct ipc_security_struct *isec;
4784	struct common_audit_data ad;	4784	struct common_audit_data ad;
4785	u32 sid = current_sid();	4785	u32 sid = current_sid();
4786		4786
4787	isec = msq->q_perm.security;	4787	isec = msq->q_perm.security;
4788		4788
4789	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4789	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4790	ad.u.ipc_id = msq->q_perm.key;	4790	ad.u.ipc_id = msq->q_perm.key;
4791		4791
4792	return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	4792	return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4793	MSGQ__ASSOCIATE, &ad);	4793	MSGQ__ASSOCIATE, &ad);
4794	}	4794	}
4795		4795
4796	static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)	4796	static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4797	{	4797	{
4798	int err;	4798	int err;
4799	int perms;	4799	int perms;
4800		4800
4801	switch (cmd) {	4801	switch (cmd) {
4802	case IPC_INFO:	4802	case IPC_INFO:
4803	case MSG_INFO:	4803	case MSG_INFO:
4804	/* No specific object, just general system-wide information. */	4804	/* No specific object, just general system-wide information. */
4805	return task_has_system(current, SYSTEM__IPC_INFO);	4805	return task_has_system(current, SYSTEM__IPC_INFO);
4806	case IPC_STAT:	4806	case IPC_STAT:
4807	case MSG_STAT:	4807	case MSG_STAT:
4808	perms = MSGQ__GETATTR \| MSGQ__ASSOCIATE;	4808	perms = MSGQ__GETATTR \| MSGQ__ASSOCIATE;
4809	break;	4809	break;
4810	case IPC_SET:	4810	case IPC_SET:
4811	perms = MSGQ__SETATTR;	4811	perms = MSGQ__SETATTR;
4812	break;	4812	break;
4813	case IPC_RMID:	4813	case IPC_RMID:
4814	perms = MSGQ__DESTROY;	4814	perms = MSGQ__DESTROY;
4815	break;	4815	break;
4816	default:	4816	default:
4817	return 0;	4817	return 0;
4818	}	4818	}
4819		4819
4820	err = ipc_has_perm(&msq->q_perm, perms);	4820	err = ipc_has_perm(&msq->q_perm, perms);
4821	return err;	4821	return err;
4822	}	4822	}
4823		4823
4824	static int selinux_msg_queue_msgsnd(struct msg_queue msq, struct msg_msg msg, int msqflg)	4824	static int selinux_msg_queue_msgsnd(struct msg_queue msq, struct msg_msg msg, int msqflg)
4825	{	4825	{
4826	struct ipc_security_struct *isec;	4826	struct ipc_security_struct *isec;
4827	struct msg_security_struct *msec;	4827	struct msg_security_struct *msec;
4828	struct common_audit_data ad;	4828	struct common_audit_data ad;
4829	u32 sid = current_sid();	4829	u32 sid = current_sid();
4830	int rc;	4830	int rc;
4831		4831
4832	isec = msq->q_perm.security;	4832	isec = msq->q_perm.security;
4833	msec = msg->security;	4833	msec = msg->security;
4834		4834
4835	/*	4835	/*
4836	* First time through, need to assign label to the message	4836	* First time through, need to assign label to the message
4837	*/	4837	*/
4838	if (msec->sid == SECINITSID_UNLABELED) {	4838	if (msec->sid == SECINITSID_UNLABELED) {
4839	/*	4839	/*
4840	* Compute new sid based on current process and	4840	* Compute new sid based on current process and
4841	* message queue this message will be stored in	4841	* message queue this message will be stored in
4842	*/	4842	*/
4843	rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,	4843	rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4844	&msec->sid);	4844	&msec->sid);
4845	if (rc)	4845	if (rc)
4846	return rc;	4846	return rc;
4847	}	4847	}
4848		4848
4849	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4849	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4850	ad.u.ipc_id = msq->q_perm.key;	4850	ad.u.ipc_id = msq->q_perm.key;
4851		4851
4852	/* Can this process write to the queue? */	4852	/* Can this process write to the queue? */
4853	rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	4853	rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4854	MSGQ__WRITE, &ad);	4854	MSGQ__WRITE, &ad);
4855	if (!rc)	4855	if (!rc)
4856	/* Can this process send the message */	4856	/* Can this process send the message */
4857	rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,	4857	rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4858	MSG__SEND, &ad);	4858	MSG__SEND, &ad);
4859	if (!rc)	4859	if (!rc)
4860	/* Can the message be put in the queue? */	4860	/* Can the message be put in the queue? */
4861	rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,	4861	rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4862	MSGQ__ENQUEUE, &ad);	4862	MSGQ__ENQUEUE, &ad);
4863		4863
4864	return rc;	4864	return rc;
4865	}	4865	}
4866		4866
4867	static int selinux_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg,	4867	static int selinux_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg,
4868	struct task_struct *target,	4868	struct task_struct *target,
4869	long type, int mode)	4869	long type, int mode)
4870	{	4870	{
4871	struct ipc_security_struct *isec;	4871	struct ipc_security_struct *isec;
4872	struct msg_security_struct *msec;	4872	struct msg_security_struct *msec;
4873	struct common_audit_data ad;	4873	struct common_audit_data ad;
4874	u32 sid = task_sid(target);	4874	u32 sid = task_sid(target);
4875	int rc;	4875	int rc;
4876		4876
4877	isec = msq->q_perm.security;	4877	isec = msq->q_perm.security;
4878	msec = msg->security;	4878	msec = msg->security;
4879		4879
4880	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4880	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4881	ad.u.ipc_id = msq->q_perm.key;	4881	ad.u.ipc_id = msq->q_perm.key;
4882		4882
4883	rc = avc_has_perm(sid, isec->sid,	4883	rc = avc_has_perm(sid, isec->sid,
4884	SECCLASS_MSGQ, MSGQ__READ, &ad);	4884	SECCLASS_MSGQ, MSGQ__READ, &ad);
4885	if (!rc)	4885	if (!rc)
4886	rc = avc_has_perm(sid, msec->sid,	4886	rc = avc_has_perm(sid, msec->sid,
4887	SECCLASS_MSG, MSG__RECEIVE, &ad);	4887	SECCLASS_MSG, MSG__RECEIVE, &ad);
4888	return rc;	4888	return rc;
4889	}	4889	}
4890		4890
4891	/* Shared Memory security operations */	4891	/* Shared Memory security operations */
4892	static int selinux_shm_alloc_security(struct shmid_kernel *shp)	4892	static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4893	{	4893	{
4894	struct ipc_security_struct *isec;	4894	struct ipc_security_struct *isec;
4895	struct common_audit_data ad;	4895	struct common_audit_data ad;
4896	u32 sid = current_sid();	4896	u32 sid = current_sid();
4897	int rc;	4897	int rc;
4898		4898
4899	rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);	4899	rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4900	if (rc)	4900	if (rc)
4901	return rc;	4901	return rc;
4902		4902
4903	isec = shp->shm_perm.security;	4903	isec = shp->shm_perm.security;
4904		4904
4905	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4905	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4906	ad.u.ipc_id = shp->shm_perm.key;	4906	ad.u.ipc_id = shp->shm_perm.key;
4907		4907
4908	rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,	4908	rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4909	SHM__CREATE, &ad);	4909	SHM__CREATE, &ad);
4910	if (rc) {	4910	if (rc) {
4911	ipc_free_security(&shp->shm_perm);	4911	ipc_free_security(&shp->shm_perm);
4912	return rc;	4912	return rc;
4913	}	4913	}
4914	return 0;	4914	return 0;
4915	}	4915	}
4916		4916
4917	static void selinux_shm_free_security(struct shmid_kernel *shp)	4917	static void selinux_shm_free_security(struct shmid_kernel *shp)
4918	{	4918	{
4919	ipc_free_security(&shp->shm_perm);	4919	ipc_free_security(&shp->shm_perm);
4920	}	4920	}
4921		4921
4922	static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)	4922	static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4923	{	4923	{
4924	struct ipc_security_struct *isec;	4924	struct ipc_security_struct *isec;
4925	struct common_audit_data ad;	4925	struct common_audit_data ad;
4926	u32 sid = current_sid();	4926	u32 sid = current_sid();
4927		4927
4928	isec = shp->shm_perm.security;	4928	isec = shp->shm_perm.security;
4929		4929
4930	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4930	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4931	ad.u.ipc_id = shp->shm_perm.key;	4931	ad.u.ipc_id = shp->shm_perm.key;
4932		4932
4933	return avc_has_perm(sid, isec->sid, SECCLASS_SHM,	4933	return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4934	SHM__ASSOCIATE, &ad);	4934	SHM__ASSOCIATE, &ad);
4935	}	4935	}
4936		4936
4937	/* Note, at this point, shp is locked down */	4937	/* Note, at this point, shp is locked down */
4938	static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)	4938	static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4939	{	4939	{
4940	int perms;	4940	int perms;
4941	int err;	4941	int err;
4942		4942
4943	switch (cmd) {	4943	switch (cmd) {
4944	case IPC_INFO:	4944	case IPC_INFO:
4945	case SHM_INFO:	4945	case SHM_INFO:
4946	/* No specific object, just general system-wide information. */	4946	/* No specific object, just general system-wide information. */
4947	return task_has_system(current, SYSTEM__IPC_INFO);	4947	return task_has_system(current, SYSTEM__IPC_INFO);
4948	case IPC_STAT:	4948	case IPC_STAT:
4949	case SHM_STAT:	4949	case SHM_STAT:
4950	perms = SHM__GETATTR \| SHM__ASSOCIATE;	4950	perms = SHM__GETATTR \| SHM__ASSOCIATE;
4951	break;	4951	break;
4952	case IPC_SET:	4952	case IPC_SET:
4953	perms = SHM__SETATTR;	4953	perms = SHM__SETATTR;
4954	break;	4954	break;
4955	case SHM_LOCK:	4955	case SHM_LOCK:
4956	case SHM_UNLOCK:	4956	case SHM_UNLOCK:
4957	perms = SHM__LOCK;	4957	perms = SHM__LOCK;
4958	break;	4958	break;
4959	case IPC_RMID:	4959	case IPC_RMID:
4960	perms = SHM__DESTROY;	4960	perms = SHM__DESTROY;
4961	break;	4961	break;
4962	default:	4962	default:
4963	return 0;	4963	return 0;
4964	}	4964	}
4965		4965
4966	err = ipc_has_perm(&shp->shm_perm, perms);	4966	err = ipc_has_perm(&shp->shm_perm, perms);
4967	return err;	4967	return err;
4968	}	4968	}
4969		4969
4970	static int selinux_shm_shmat(struct shmid_kernel *shp,	4970	static int selinux_shm_shmat(struct shmid_kernel *shp,
4971	char __user *shmaddr, int shmflg)	4971	char __user *shmaddr, int shmflg)
4972	{	4972	{
4973	u32 perms;	4973	u32 perms;
4974		4974
4975	if (shmflg & SHM_RDONLY)	4975	if (shmflg & SHM_RDONLY)
4976	perms = SHM__READ;	4976	perms = SHM__READ;
4977	else	4977	else
4978	perms = SHM__READ \| SHM__WRITE;	4978	perms = SHM__READ \| SHM__WRITE;
4979		4979
4980	return ipc_has_perm(&shp->shm_perm, perms);	4980	return ipc_has_perm(&shp->shm_perm, perms);
4981	}	4981	}
4982		4982
4983	/* Semaphore security operations */	4983	/* Semaphore security operations */
4984	static int selinux_sem_alloc_security(struct sem_array *sma)	4984	static int selinux_sem_alloc_security(struct sem_array *sma)
4985	{	4985	{
4986	struct ipc_security_struct *isec;	4986	struct ipc_security_struct *isec;
4987	struct common_audit_data ad;	4987	struct common_audit_data ad;
4988	u32 sid = current_sid();	4988	u32 sid = current_sid();
4989	int rc;	4989	int rc;
4990		4990
4991	rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);	4991	rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4992	if (rc)	4992	if (rc)
4993	return rc;	4993	return rc;
4994		4994
4995	isec = sma->sem_perm.security;	4995	isec = sma->sem_perm.security;
4996		4996
4997	COMMON_AUDIT_DATA_INIT(&ad, IPC);	4997	COMMON_AUDIT_DATA_INIT(&ad, IPC);
4998	ad.u.ipc_id = sma->sem_perm.key;	4998	ad.u.ipc_id = sma->sem_perm.key;
4999		4999
5000	rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,	5000	rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5001	SEM__CREATE, &ad);	5001	SEM__CREATE, &ad);
5002	if (rc) {	5002	if (rc) {
5003	ipc_free_security(&sma->sem_perm);	5003	ipc_free_security(&sma->sem_perm);
5004	return rc;	5004	return rc;
5005	}	5005	}
5006	return 0;	5006	return 0;
5007	}	5007	}
5008		5008
5009	static void selinux_sem_free_security(struct sem_array *sma)	5009	static void selinux_sem_free_security(struct sem_array *sma)
5010	{	5010	{
5011	ipc_free_security(&sma->sem_perm);	5011	ipc_free_security(&sma->sem_perm);
5012	}	5012	}
5013		5013
5014	static int selinux_sem_associate(struct sem_array *sma, int semflg)	5014	static int selinux_sem_associate(struct sem_array *sma, int semflg)
5015	{	5015	{
5016	struct ipc_security_struct *isec;	5016	struct ipc_security_struct *isec;
5017	struct common_audit_data ad;	5017	struct common_audit_data ad;
5018	u32 sid = current_sid();	5018	u32 sid = current_sid();
5019		5019
5020	isec = sma->sem_perm.security;	5020	isec = sma->sem_perm.security;
5021		5021
5022	COMMON_AUDIT_DATA_INIT(&ad, IPC);	5022	COMMON_AUDIT_DATA_INIT(&ad, IPC);
5023	ad.u.ipc_id = sma->sem_perm.key;	5023	ad.u.ipc_id = sma->sem_perm.key;
5024		5024
5025	return avc_has_perm(sid, isec->sid, SECCLASS_SEM,	5025	return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5026	SEM__ASSOCIATE, &ad);	5026	SEM__ASSOCIATE, &ad);
5027	}	5027	}
5028		5028
5029	/* Note, at this point, sma is locked down */	5029	/* Note, at this point, sma is locked down */
5030	static int selinux_sem_semctl(struct sem_array *sma, int cmd)	5030	static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5031	{	5031	{
5032	int err;	5032	int err;
5033	u32 perms;	5033	u32 perms;
5034		5034
5035	switch (cmd) {	5035	switch (cmd) {
5036	case IPC_INFO:	5036	case IPC_INFO:
5037	case SEM_INFO:	5037	case SEM_INFO:
5038	/* No specific object, just general system-wide information. */	5038	/* No specific object, just general system-wide information. */
5039	return task_has_system(current, SYSTEM__IPC_INFO);	5039	return task_has_system(current, SYSTEM__IPC_INFO);
5040	case GETPID:	5040	case GETPID:
5041	case GETNCNT:	5041	case GETNCNT:
5042	case GETZCNT:	5042	case GETZCNT:
5043	perms = SEM__GETATTR;	5043	perms = SEM__GETATTR;
5044	break;	5044	break;
5045	case GETVAL:	5045	case GETVAL:
5046	case GETALL:	5046	case GETALL:
5047	perms = SEM__READ;	5047	perms = SEM__READ;
5048	break;	5048	break;
5049	case SETVAL:	5049	case SETVAL:
5050	case SETALL:	5050	case SETALL:
5051	perms = SEM__WRITE;	5051	perms = SEM__WRITE;
5052	break;	5052	break;
5053	case IPC_RMID:	5053	case IPC_RMID:
5054	perms = SEM__DESTROY;	5054	perms = SEM__DESTROY;
5055	break;	5055	break;
5056	case IPC_SET:	5056	case IPC_SET:
5057	perms = SEM__SETATTR;	5057	perms = SEM__SETATTR;
5058	break;	5058	break;
5059	case IPC_STAT:	5059	case IPC_STAT:
5060	case SEM_STAT:	5060	case SEM_STAT:
5061	perms = SEM__GETATTR \| SEM__ASSOCIATE;	5061	perms = SEM__GETATTR \| SEM__ASSOCIATE;
5062	break;	5062	break;
5063	default:	5063	default:
5064	return 0;	5064	return 0;
5065	}	5065	}
5066		5066
5067	err = ipc_has_perm(&sma->sem_perm, perms);	5067	err = ipc_has_perm(&sma->sem_perm, perms);
5068	return err;	5068	return err;
5069	}	5069	}
5070		5070
5071	static int selinux_sem_semop(struct sem_array *sma,	5071	static int selinux_sem_semop(struct sem_array *sma,
5072	struct sembuf *sops, unsigned nsops, int alter)	5072	struct sembuf *sops, unsigned nsops, int alter)
5073	{	5073	{
5074	u32 perms;	5074	u32 perms;
5075		5075
5076	if (alter)	5076	if (alter)
5077	perms = SEM__READ \| SEM__WRITE;	5077	perms = SEM__READ \| SEM__WRITE;
5078	else	5078	else
5079	perms = SEM__READ;	5079	perms = SEM__READ;
5080		5080
5081	return ipc_has_perm(&sma->sem_perm, perms);	5081	return ipc_has_perm(&sma->sem_perm, perms);
5082	}	5082	}
5083		5083
5084	static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)	5084	static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5085	{	5085	{
5086	u32 av = 0;	5086	u32 av = 0;
5087		5087
5088	av = 0;	5088	av = 0;
5089	if (flag & S_IRUGO)	5089	if (flag & S_IRUGO)
5090	av \|= IPC__UNIX_READ;	5090	av \|= IPC__UNIX_READ;
5091	if (flag & S_IWUGO)	5091	if (flag & S_IWUGO)
5092	av \|= IPC__UNIX_WRITE;	5092	av \|= IPC__UNIX_WRITE;
5093		5093
5094	if (av == 0)	5094	if (av == 0)
5095	return 0;	5095	return 0;
5096		5096
5097	return ipc_has_perm(ipcp, av);	5097	return ipc_has_perm(ipcp, av);
5098	}	5098	}
5099		5099
5100	static void selinux_ipc_getsecid(struct kern_ipc_perm ipcp, u32 secid)	5100	static void selinux_ipc_getsecid(struct kern_ipc_perm ipcp, u32 secid)
5101	{	5101	{
5102	struct ipc_security_struct *isec = ipcp->security;	5102	struct ipc_security_struct *isec = ipcp->security;
5103	*secid = isec->sid;	5103	*secid = isec->sid;
5104	}	5104	}
5105		5105
5106	static void selinux_d_instantiate(struct dentry dentry, struct inode inode)	5106	static void selinux_d_instantiate(struct dentry dentry, struct inode inode)
5107	{	5107	{
5108	if (inode)	5108	if (inode)
5109	inode_doinit_with_dentry(inode, dentry);	5109	inode_doinit_with_dentry(inode, dentry);
5110	}	5110	}
5111		5111
5112	static int selinux_getprocattr(struct task_struct *p,	5112	static int selinux_getprocattr(struct task_struct *p,
5113	char name, char *value)	5113	char name, char *value)
5114	{	5114	{
5115	const struct task_security_struct *__tsec;	5115	const struct task_security_struct *__tsec;
5116	u32 sid;	5116	u32 sid;
5117	int error;	5117	int error;
5118	unsigned len;	5118	unsigned len;
5119		5119
5120	if (current != p) {	5120	if (current != p) {
5121	error = current_has_perm(p, PROCESS__GETATTR);	5121	error = current_has_perm(p, PROCESS__GETATTR);
5122	if (error)	5122	if (error)
5123	return error;	5123	return error;
5124	}	5124	}
5125		5125
5126	rcu_read_lock();	5126	rcu_read_lock();
5127	__tsec = __task_cred(p)->security;	5127	__tsec = __task_cred(p)->security;
5128		5128
5129	if (!strcmp(name, "current"))	5129	if (!strcmp(name, "current"))
5130	sid = __tsec->sid;	5130	sid = __tsec->sid;
5131	else if (!strcmp(name, "prev"))	5131	else if (!strcmp(name, "prev"))
5132	sid = __tsec->osid;	5132	sid = __tsec->osid;
5133	else if (!strcmp(name, "exec"))	5133	else if (!strcmp(name, "exec"))
5134	sid = __tsec->exec_sid;	5134	sid = __tsec->exec_sid;
5135	else if (!strcmp(name, "fscreate"))	5135	else if (!strcmp(name, "fscreate"))
5136	sid = __tsec->create_sid;	5136	sid = __tsec->create_sid;
5137	else if (!strcmp(name, "keycreate"))	5137	else if (!strcmp(name, "keycreate"))
5138	sid = __tsec->keycreate_sid;	5138	sid = __tsec->keycreate_sid;
5139	else if (!strcmp(name, "sockcreate"))	5139	else if (!strcmp(name, "sockcreate"))
5140	sid = __tsec->sockcreate_sid;	5140	sid = __tsec->sockcreate_sid;
5141	else	5141	else
5142	goto invalid;	5142	goto invalid;
5143	rcu_read_unlock();	5143	rcu_read_unlock();
5144		5144
5145	if (!sid)	5145	if (!sid)
5146	return 0;	5146	return 0;
5147		5147
5148	error = security_sid_to_context(sid, value, &len);	5148	error = security_sid_to_context(sid, value, &len);
5149	if (error)	5149	if (error)
5150	return error;	5150	return error;
5151	return len;	5151	return len;
5152		5152
5153	invalid:	5153	invalid:
5154	rcu_read_unlock();	5154	rcu_read_unlock();
5155	return -EINVAL;	5155	return -EINVAL;
5156	}	5156	}
5157		5157
5158	static int selinux_setprocattr(struct task_struct *p,	5158	static int selinux_setprocattr(struct task_struct *p,
5159	char name, void value, size_t size)	5159	char name, void value, size_t size)
5160	{	5160	{
5161	struct task_security_struct *tsec;	5161	struct task_security_struct *tsec;
5162	struct task_struct *tracer;	5162	struct task_struct *tracer;
5163	struct cred *new;	5163	struct cred *new;
5164	u32 sid = 0, ptsid;	5164	u32 sid = 0, ptsid;
5165	int error;	5165	int error;
5166	char *str = value;	5166	char *str = value;
5167		5167
5168	if (current != p) {	5168	if (current != p) {
5169	/* SELinux only allows a process to change its own	5169	/* SELinux only allows a process to change its own
5170	security attributes. */	5170	security attributes. */
5171	return -EACCES;	5171	return -EACCES;
5172	}	5172	}
5173		5173
5174	/*	5174	/*
5175	* Basic control over ability to set these attributes at all.	5175	* Basic control over ability to set these attributes at all.
5176	* current == p, but we'll pass them separately in case the	5176	* current == p, but we'll pass them separately in case the
5177	* above restriction is ever removed.	5177	* above restriction is ever removed.
5178	*/	5178	*/
5179	if (!strcmp(name, "exec"))	5179	if (!strcmp(name, "exec"))
5180	error = current_has_perm(p, PROCESS__SETEXEC);	5180	error = current_has_perm(p, PROCESS__SETEXEC);
5181	else if (!strcmp(name, "fscreate"))	5181	else if (!strcmp(name, "fscreate"))
5182	error = current_has_perm(p, PROCESS__SETFSCREATE);	5182	error = current_has_perm(p, PROCESS__SETFSCREATE);
5183	else if (!strcmp(name, "keycreate"))	5183	else if (!strcmp(name, "keycreate"))
5184	error = current_has_perm(p, PROCESS__SETKEYCREATE);	5184	error = current_has_perm(p, PROCESS__SETKEYCREATE);
5185	else if (!strcmp(name, "sockcreate"))	5185	else if (!strcmp(name, "sockcreate"))
5186	error = current_has_perm(p, PROCESS__SETSOCKCREATE);	5186	error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5187	else if (!strcmp(name, "current"))	5187	else if (!strcmp(name, "current"))
5188	error = current_has_perm(p, PROCESS__SETCURRENT);	5188	error = current_has_perm(p, PROCESS__SETCURRENT);
5189	else	5189	else
5190	error = -EINVAL;	5190	error = -EINVAL;
5191	if (error)	5191	if (error)
5192	return error;	5192	return error;
5193		5193
5194	/* Obtain a SID for the context, if one was specified. */	5194	/* Obtain a SID for the context, if one was specified. */
5195	if (size && str[1] && str[1] != '\n') {	5195	if (size && str[1] && str[1] != '\n') {
5196	if (str[size-1] == '\n') {	5196	if (str[size-1] == '\n') {
5197	str[size-1] = 0;	5197	str[size-1] = 0;
5198	size--;	5198	size--;
5199	}	5199	}
5200	error = security_context_to_sid(value, size, &sid);	5200	error = security_context_to_sid(value, size, &sid);
5201	if (error == -EINVAL && !strcmp(name, "fscreate")) {	5201	if (error == -EINVAL && !strcmp(name, "fscreate")) {
5202	if (!capable(CAP_MAC_ADMIN))	5202	if (!capable(CAP_MAC_ADMIN))
5203	return error;	5203	return error;
5204	error = security_context_to_sid_force(value, size,	5204	error = security_context_to_sid_force(value, size,
5205	&sid);	5205	&sid);
5206	}	5206	}
5207	if (error)	5207	if (error)
5208	return error;	5208	return error;
5209	}	5209	}
5210		5210
5211	new = prepare_creds();	5211	new = prepare_creds();
5212	if (!new)	5212	if (!new)
5213	return -ENOMEM;	5213	return -ENOMEM;
5214		5214
5215	/* Permission checking based on the specified context is	5215	/* Permission checking based on the specified context is
5216	performed during the actual operation (execve,	5216	performed during the actual operation (execve,
5217	open/mkdir/...), when we know the full context of the	5217	open/mkdir/...), when we know the full context of the
5218	operation. See selinux_bprm_set_creds for the execve	5218	operation. See selinux_bprm_set_creds for the execve
5219	checks and may_create for the file creation checks. The	5219	checks and may_create for the file creation checks. The
5220	operation will then fail if the context is not permitted. */	5220	operation will then fail if the context is not permitted. */
5221	tsec = new->security;	5221	tsec = new->security;
5222	if (!strcmp(name, "exec")) {	5222	if (!strcmp(name, "exec")) {
5223	tsec->exec_sid = sid;	5223	tsec->exec_sid = sid;
5224	} else if (!strcmp(name, "fscreate")) {	5224	} else if (!strcmp(name, "fscreate")) {
5225	tsec->create_sid = sid;	5225	tsec->create_sid = sid;
5226	} else if (!strcmp(name, "keycreate")) {	5226	} else if (!strcmp(name, "keycreate")) {
5227	error = may_create_key(sid, p);	5227	error = may_create_key(sid, p);
5228	if (error)	5228	if (error)
5229	goto abort_change;	5229	goto abort_change;
5230	tsec->keycreate_sid = sid;	5230	tsec->keycreate_sid = sid;
5231	} else if (!strcmp(name, "sockcreate")) {	5231	} else if (!strcmp(name, "sockcreate")) {
5232	tsec->sockcreate_sid = sid;	5232	tsec->sockcreate_sid = sid;
5233	} else if (!strcmp(name, "current")) {	5233	} else if (!strcmp(name, "current")) {
5234	error = -EINVAL;	5234	error = -EINVAL;
5235	if (sid == 0)	5235	if (sid == 0)
5236	goto abort_change;	5236	goto abort_change;
5237		5237
5238	/* Only allow single threaded processes to change context */	5238	/* Only allow single threaded processes to change context */
5239	error = -EPERM;	5239	error = -EPERM;
5240	if (!current_is_single_threaded()) {	5240	if (!current_is_single_threaded()) {
5241	error = security_bounded_transition(tsec->sid, sid);	5241	error = security_bounded_transition(tsec->sid, sid);
5242	if (error)	5242	if (error)
5243	goto abort_change;	5243	goto abort_change;
5244	}	5244	}
5245		5245
5246	/* Check permissions for the transition. */	5246	/* Check permissions for the transition. */
5247	error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,	5247	error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5248	PROCESS__DYNTRANSITION, NULL);	5248	PROCESS__DYNTRANSITION, NULL);
5249	if (error)	5249	if (error)
5250	goto abort_change;	5250	goto abort_change;
5251		5251
5252	/* Check for ptracing, and update the task SID if ok.	5252	/* Check for ptracing, and update the task SID if ok.
5253	Otherwise, leave SID unchanged and fail. */	5253	Otherwise, leave SID unchanged and fail. */
5254	ptsid = 0;	5254	ptsid = 0;
5255	task_lock(p);	5255	task_lock(p);
5256	tracer = tracehook_tracer_task(p);	5256	tracer = tracehook_tracer_task(p);
5257	if (tracer)	5257	if (tracer)
5258	ptsid = task_sid(tracer);	5258	ptsid = task_sid(tracer);
5259	task_unlock(p);	5259	task_unlock(p);
5260		5260
5261	if (tracer) {	5261	if (tracer) {
5262	error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,	5262	error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5263	PROCESS__PTRACE, NULL);	5263	PROCESS__PTRACE, NULL);
5264	if (error)	5264	if (error)
5265	goto abort_change;	5265	goto abort_change;
5266	}	5266	}
5267		5267
5268	tsec->sid = sid;	5268	tsec->sid = sid;
5269	} else {	5269	} else {
5270	error = -EINVAL;	5270	error = -EINVAL;
5271	goto abort_change;	5271	goto abort_change;
5272	}	5272	}
5273		5273
5274	commit_creds(new);	5274	commit_creds(new);
5275	return size;	5275	return size;
5276		5276
5277	abort_change:	5277	abort_change:
5278	abort_creds(new);	5278	abort_creds(new);
5279	return error;	5279	return error;
5280	}	5280	}
5281		5281
5282	static int selinux_secid_to_secctx(u32 secid, char *secdata, u32 seclen)	5282	static int selinux_secid_to_secctx(u32 secid, char *secdata, u32 seclen)
5283	{	5283	{
5284	return security_sid_to_context(secid, secdata, seclen);	5284	return security_sid_to_context(secid, secdata, seclen);
5285	}	5285	}
5286		5286
5287	static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid)	5287	static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid)
5288	{	5288	{
5289	return security_context_to_sid(secdata, seclen, secid);	5289	return security_context_to_sid(secdata, seclen, secid);
5290	}	5290	}
5291		5291
5292	static void selinux_release_secctx(char *secdata, u32 seclen)	5292	static void selinux_release_secctx(char *secdata, u32 seclen)
5293	{	5293	{
5294	kfree(secdata);	5294	kfree(secdata);
5295	}	5295	}
5296		5296
5297	/*	5297	/*
5298	* called with inode->i_mutex locked	5298	* called with inode->i_mutex locked
5299	*/	5299	*/
5300	static int selinux_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)	5300	static int selinux_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)
5301	{	5301	{
5302	return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);	5302	return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5303	}	5303	}
5304		5304
5305	/*	5305	/*
5306	* called with inode->i_mutex locked	5306	* called with inode->i_mutex locked
5307	*/	5307	*/
5308	static int selinux_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)	5308	static int selinux_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
5309	{	5309	{
5310	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);	5310	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5311	}	5311	}
5312		5312
5313	static int selinux_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)	5313	static int selinux_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)
5314	{	5314	{
5315	int len = 0;	5315	int len = 0;
5316	len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,	5316	len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5317	ctx, true);	5317	ctx, true);
5318	if (len < 0)	5318	if (len < 0)
5319	return len;	5319	return len;
5320	*ctxlen = len;	5320	*ctxlen = len;
5321	return 0;	5321	return 0;
5322	}	5322	}
5323	#ifdef CONFIG_KEYS	5323	#ifdef CONFIG_KEYS
5324		5324
5325	static int selinux_key_alloc(struct key k, const struct cred cred,	5325	static int selinux_key_alloc(struct key k, const struct cred cred,
5326	unsigned long flags)	5326	unsigned long flags)
5327	{	5327	{
5328	const struct task_security_struct *tsec;	5328	const struct task_security_struct *tsec;
5329	struct key_security_struct *ksec;	5329	struct key_security_struct *ksec;
5330		5330
5331	ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);	5331	ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5332	if (!ksec)	5332	if (!ksec)
5333	return -ENOMEM;	5333	return -ENOMEM;
5334		5334
5335	tsec = cred->security;	5335	tsec = cred->security;
5336	if (tsec->keycreate_sid)	5336	if (tsec->keycreate_sid)
5337	ksec->sid = tsec->keycreate_sid;	5337	ksec->sid = tsec->keycreate_sid;
5338	else	5338	else
5339	ksec->sid = tsec->sid;	5339	ksec->sid = tsec->sid;
5340		5340
5341	k->security = ksec;	5341	k->security = ksec;
5342	return 0;	5342	return 0;
5343	}	5343	}
5344		5344
5345	static void selinux_key_free(struct key *k)	5345	static void selinux_key_free(struct key *k)
5346	{	5346	{
5347	struct key_security_struct *ksec = k->security;	5347	struct key_security_struct *ksec = k->security;
5348		5348
5349	k->security = NULL;	5349	k->security = NULL;
5350	kfree(ksec);	5350	kfree(ksec);
5351	}	5351	}
5352		5352
5353	static int selinux_key_permission(key_ref_t key_ref,	5353	static int selinux_key_permission(key_ref_t key_ref,
5354	const struct cred *cred,	5354	const struct cred *cred,
5355	key_perm_t perm)	5355	key_perm_t perm)
5356	{	5356	{
5357	struct key *key;	5357	struct key *key;
5358	struct key_security_struct *ksec;	5358	struct key_security_struct *ksec;
5359	u32 sid;	5359	u32 sid;
5360		5360
5361	/* if no specific permissions are requested, we skip the	5361	/* if no specific permissions are requested, we skip the
5362	permission check. No serious, additional covert channels	5362	permission check. No serious, additional covert channels
5363	appear to be created. */	5363	appear to be created. */
5364	if (perm == 0)	5364	if (perm == 0)
5365	return 0;	5365	return 0;
5366		5366
5367	sid = cred_sid(cred);	5367	sid = cred_sid(cred);
5368		5368
5369	key = key_ref_to_ptr(key_ref);	5369	key = key_ref_to_ptr(key_ref);
5370	ksec = key->security;	5370	ksec = key->security;
5371		5371
5372	return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);	5372	return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5373	}	5373	}
5374		5374
5375	static int selinux_key_getsecurity(struct key key, char *_buffer)	5375	static int selinux_key_getsecurity(struct key key, char *_buffer)
5376	{	5376	{
5377	struct key_security_struct *ksec = key->security;	5377	struct key_security_struct *ksec = key->security;
5378	char *context = NULL;	5378	char *context = NULL;
5379	unsigned len;	5379	unsigned len;
5380	int rc;	5380	int rc;
5381		5381
5382	rc = security_sid_to_context(ksec->sid, &context, &len);	5382	rc = security_sid_to_context(ksec->sid, &context, &len);
5383	if (!rc)	5383	if (!rc)
5384	rc = len;	5384	rc = len;
5385	*_buffer = context;	5385	*_buffer = context;
5386	return rc;	5386	return rc;
5387	}	5387	}
5388		5388
5389	#endif	5389	#endif
5390		5390
5391	static struct security_operations selinux_ops = {	5391	static struct security_operations selinux_ops = {
5392	.name = "selinux",	5392	.name = "selinux",
5393		5393
5394	.ptrace_access_check = selinux_ptrace_access_check,	5394	.ptrace_access_check = selinux_ptrace_access_check,
5395	.ptrace_traceme = selinux_ptrace_traceme,	5395	.ptrace_traceme = selinux_ptrace_traceme,
5396	.capget = selinux_capget,	5396	.capget = selinux_capget,
5397	.capset = selinux_capset,	5397	.capset = selinux_capset,
5398	.sysctl = selinux_sysctl,	5398	.sysctl = selinux_sysctl,
5399	.capable = selinux_capable,	5399	.capable = selinux_capable,
5400	.quotactl = selinux_quotactl,	5400	.quotactl = selinux_quotactl,
5401	.quota_on = selinux_quota_on,	5401	.quota_on = selinux_quota_on,
5402	.syslog = selinux_syslog,	5402	.syslog = selinux_syslog,
5403	.vm_enough_memory = selinux_vm_enough_memory,	5403	.vm_enough_memory = selinux_vm_enough_memory,
5404		5404
5405	.netlink_send = selinux_netlink_send,	5405	.netlink_send = selinux_netlink_send,
5406	.netlink_recv = selinux_netlink_recv,	5406	.netlink_recv = selinux_netlink_recv,
5407		5407
5408	.bprm_set_creds = selinux_bprm_set_creds,	5408	.bprm_set_creds = selinux_bprm_set_creds,
5409	.bprm_committing_creds = selinux_bprm_committing_creds,	5409	.bprm_committing_creds = selinux_bprm_committing_creds,
5410	.bprm_committed_creds = selinux_bprm_committed_creds,	5410	.bprm_committed_creds = selinux_bprm_committed_creds,
5411	.bprm_secureexec = selinux_bprm_secureexec,	5411	.bprm_secureexec = selinux_bprm_secureexec,
5412		5412
5413	.sb_alloc_security = selinux_sb_alloc_security,	5413	.sb_alloc_security = selinux_sb_alloc_security,
5414	.sb_free_security = selinux_sb_free_security,	5414	.sb_free_security = selinux_sb_free_security,
5415	.sb_copy_data = selinux_sb_copy_data,	5415	.sb_copy_data = selinux_sb_copy_data,
5416	.sb_kern_mount = selinux_sb_kern_mount,	5416	.sb_kern_mount = selinux_sb_kern_mount,
5417	.sb_show_options = selinux_sb_show_options,	5417	.sb_show_options = selinux_sb_show_options,
5418	.sb_statfs = selinux_sb_statfs,	5418	.sb_statfs = selinux_sb_statfs,
5419	.sb_mount = selinux_mount,	5419	.sb_mount = selinux_mount,
5420	.sb_umount = selinux_umount,	5420	.sb_umount = selinux_umount,
5421	.sb_set_mnt_opts = selinux_set_mnt_opts,	5421	.sb_set_mnt_opts = selinux_set_mnt_opts,
5422	.sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,	5422	.sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5423	.sb_parse_opts_str = selinux_parse_opts_str,	5423	.sb_parse_opts_str = selinux_parse_opts_str,
5424		5424
5425		5425
5426	.inode_alloc_security = selinux_inode_alloc_security,	5426	.inode_alloc_security = selinux_inode_alloc_security,
5427	.inode_free_security = selinux_inode_free_security,	5427	.inode_free_security = selinux_inode_free_security,
5428	.inode_init_security = selinux_inode_init_security,	5428	.inode_init_security = selinux_inode_init_security,
5429	.inode_create = selinux_inode_create,	5429	.inode_create = selinux_inode_create,
5430	.inode_link = selinux_inode_link,	5430	.inode_link = selinux_inode_link,
5431	.inode_unlink = selinux_inode_unlink,	5431	.inode_unlink = selinux_inode_unlink,
5432	.inode_symlink = selinux_inode_symlink,	5432	.inode_symlink = selinux_inode_symlink,
5433	.inode_mkdir = selinux_inode_mkdir,	5433	.inode_mkdir = selinux_inode_mkdir,
5434	.inode_rmdir = selinux_inode_rmdir,	5434	.inode_rmdir = selinux_inode_rmdir,
5435	.inode_mknod = selinux_inode_mknod,	5435	.inode_mknod = selinux_inode_mknod,
5436	.inode_rename = selinux_inode_rename,	5436	.inode_rename = selinux_inode_rename,
5437	.inode_readlink = selinux_inode_readlink,	5437	.inode_readlink = selinux_inode_readlink,
5438	.inode_follow_link = selinux_inode_follow_link,	5438	.inode_follow_link = selinux_inode_follow_link,
5439	.inode_permission = selinux_inode_permission,	5439	.inode_permission = selinux_inode_permission,
5440	.inode_setattr = selinux_inode_setattr,	5440	.inode_setattr = selinux_inode_setattr,
5441	.inode_getattr = selinux_inode_getattr,	5441	.inode_getattr = selinux_inode_getattr,
5442	.inode_setxattr = selinux_inode_setxattr,	5442	.inode_setxattr = selinux_inode_setxattr,
5443	.inode_post_setxattr = selinux_inode_post_setxattr,	5443	.inode_post_setxattr = selinux_inode_post_setxattr,
5444	.inode_getxattr = selinux_inode_getxattr,	5444	.inode_getxattr = selinux_inode_getxattr,
5445	.inode_listxattr = selinux_inode_listxattr,	5445	.inode_listxattr = selinux_inode_listxattr,
5446	.inode_removexattr = selinux_inode_removexattr,	5446	.inode_removexattr = selinux_inode_removexattr,
5447	.inode_getsecurity = selinux_inode_getsecurity,	5447	.inode_getsecurity = selinux_inode_getsecurity,
5448	.inode_setsecurity = selinux_inode_setsecurity,	5448	.inode_setsecurity = selinux_inode_setsecurity,
5449	.inode_listsecurity = selinux_inode_listsecurity,	5449	.inode_listsecurity = selinux_inode_listsecurity,
5450	.inode_getsecid = selinux_inode_getsecid,	5450	.inode_getsecid = selinux_inode_getsecid,
5451		5451
5452	.file_permission = selinux_file_permission,	5452	.file_permission = selinux_file_permission,
5453	.file_alloc_security = selinux_file_alloc_security,	5453	.file_alloc_security = selinux_file_alloc_security,
5454	.file_free_security = selinux_file_free_security,	5454	.file_free_security = selinux_file_free_security,
5455	.file_ioctl = selinux_file_ioctl,	5455	.file_ioctl = selinux_file_ioctl,
5456	.file_mmap = selinux_file_mmap,	5456	.file_mmap = selinux_file_mmap,
5457	.file_mprotect = selinux_file_mprotect,	5457	.file_mprotect = selinux_file_mprotect,
5458	.file_lock = selinux_file_lock,	5458	.file_lock = selinux_file_lock,
5459	.file_fcntl = selinux_file_fcntl,	5459	.file_fcntl = selinux_file_fcntl,
5460	.file_set_fowner = selinux_file_set_fowner,	5460	.file_set_fowner = selinux_file_set_fowner,
5461	.file_send_sigiotask = selinux_file_send_sigiotask,	5461	.file_send_sigiotask = selinux_file_send_sigiotask,
5462	.file_receive = selinux_file_receive,	5462	.file_receive = selinux_file_receive,
5463		5463
5464	.dentry_open = selinux_dentry_open,	5464	.dentry_open = selinux_dentry_open,
5465		5465
5466	.task_create = selinux_task_create,	5466	.task_create = selinux_task_create,
5467	.cred_alloc_blank = selinux_cred_alloc_blank,	5467	.cred_alloc_blank = selinux_cred_alloc_blank,
5468	.cred_free = selinux_cred_free,	5468	.cred_free = selinux_cred_free,
5469	.cred_prepare = selinux_cred_prepare,	5469	.cred_prepare = selinux_cred_prepare,
5470	.cred_transfer = selinux_cred_transfer,	5470	.cred_transfer = selinux_cred_transfer,
5471	.kernel_act_as = selinux_kernel_act_as,	5471	.kernel_act_as = selinux_kernel_act_as,
5472	.kernel_create_files_as = selinux_kernel_create_files_as,	5472	.kernel_create_files_as = selinux_kernel_create_files_as,
5473	.kernel_module_request = selinux_kernel_module_request,	5473	.kernel_module_request = selinux_kernel_module_request,
5474	.task_setpgid = selinux_task_setpgid,	5474	.task_setpgid = selinux_task_setpgid,
5475	.task_getpgid = selinux_task_getpgid,	5475	.task_getpgid = selinux_task_getpgid,
5476	.task_getsid = selinux_task_getsid,	5476	.task_getsid = selinux_task_getsid,
5477	.task_getsecid = selinux_task_getsecid,	5477	.task_getsecid = selinux_task_getsecid,
5478	.task_setnice = selinux_task_setnice,	5478	.task_setnice = selinux_task_setnice,
5479	.task_setioprio = selinux_task_setioprio,	5479	.task_setioprio = selinux_task_setioprio,
5480	.task_getioprio = selinux_task_getioprio,	5480	.task_getioprio = selinux_task_getioprio,
5481	.task_setrlimit = selinux_task_setrlimit,	5481	.task_setrlimit = selinux_task_setrlimit,
5482	.task_setscheduler = selinux_task_setscheduler,	5482	.task_setscheduler = selinux_task_setscheduler,
5483	.task_getscheduler = selinux_task_getscheduler,	5483	.task_getscheduler = selinux_task_getscheduler,
5484	.task_movememory = selinux_task_movememory,	5484	.task_movememory = selinux_task_movememory,
5485	.task_kill = selinux_task_kill,	5485	.task_kill = selinux_task_kill,
5486	.task_wait = selinux_task_wait,	5486	.task_wait = selinux_task_wait,
5487	.task_to_inode = selinux_task_to_inode,	5487	.task_to_inode = selinux_task_to_inode,
5488		5488
5489	.ipc_permission = selinux_ipc_permission,	5489	.ipc_permission = selinux_ipc_permission,
5490	.ipc_getsecid = selinux_ipc_getsecid,	5490	.ipc_getsecid = selinux_ipc_getsecid,
5491		5491
5492	.msg_msg_alloc_security = selinux_msg_msg_alloc_security,	5492	.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5493	.msg_msg_free_security = selinux_msg_msg_free_security,	5493	.msg_msg_free_security = selinux_msg_msg_free_security,
5494		5494
5495	.msg_queue_alloc_security = selinux_msg_queue_alloc_security,	5495	.msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5496	.msg_queue_free_security = selinux_msg_queue_free_security,	5496	.msg_queue_free_security = selinux_msg_queue_free_security,
5497	.msg_queue_associate = selinux_msg_queue_associate,	5497	.msg_queue_associate = selinux_msg_queue_associate,
5498	.msg_queue_msgctl = selinux_msg_queue_msgctl,	5498	.msg_queue_msgctl = selinux_msg_queue_msgctl,
5499	.msg_queue_msgsnd = selinux_msg_queue_msgsnd,	5499	.msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5500	.msg_queue_msgrcv = selinux_msg_queue_msgrcv,	5500	.msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5501		5501
5502	.shm_alloc_security = selinux_shm_alloc_security,	5502	.shm_alloc_security = selinux_shm_alloc_security,
5503	.shm_free_security = selinux_shm_free_security,	5503	.shm_free_security = selinux_shm_free_security,
5504	.shm_associate = selinux_shm_associate,	5504	.shm_associate = selinux_shm_associate,
5505	.shm_shmctl = selinux_shm_shmctl,	5505	.shm_shmctl = selinux_shm_shmctl,
5506	.shm_shmat = selinux_shm_shmat,	5506	.shm_shmat = selinux_shm_shmat,
5507		5507
5508	.sem_alloc_security = selinux_sem_alloc_security,	5508	.sem_alloc_security = selinux_sem_alloc_security,
5509	.sem_free_security = selinux_sem_free_security,	5509	.sem_free_security = selinux_sem_free_security,
5510	.sem_associate = selinux_sem_associate,	5510	.sem_associate = selinux_sem_associate,
5511	.sem_semctl = selinux_sem_semctl,	5511	.sem_semctl = selinux_sem_semctl,
5512	.sem_semop = selinux_sem_semop,	5512	.sem_semop = selinux_sem_semop,
5513		5513
5514	.d_instantiate = selinux_d_instantiate,	5514	.d_instantiate = selinux_d_instantiate,
5515		5515
5516	.getprocattr = selinux_getprocattr,	5516	.getprocattr = selinux_getprocattr,
5517	.setprocattr = selinux_setprocattr,	5517	.setprocattr = selinux_setprocattr,
5518		5518
5519	.secid_to_secctx = selinux_secid_to_secctx,	5519	.secid_to_secctx = selinux_secid_to_secctx,
5520	.secctx_to_secid = selinux_secctx_to_secid,	5520	.secctx_to_secid = selinux_secctx_to_secid,
5521	.release_secctx = selinux_release_secctx,	5521	.release_secctx = selinux_release_secctx,
5522	.inode_notifysecctx = selinux_inode_notifysecctx,	5522	.inode_notifysecctx = selinux_inode_notifysecctx,
5523	.inode_setsecctx = selinux_inode_setsecctx,	5523	.inode_setsecctx = selinux_inode_setsecctx,
5524	.inode_getsecctx = selinux_inode_getsecctx,	5524	.inode_getsecctx = selinux_inode_getsecctx,
5525		5525
5526	.unix_stream_connect = selinux_socket_unix_stream_connect,	5526	.unix_stream_connect = selinux_socket_unix_stream_connect,
5527	.unix_may_send = selinux_socket_unix_may_send,	5527	.unix_may_send = selinux_socket_unix_may_send,
5528		5528
5529	.socket_create = selinux_socket_create,	5529	.socket_create = selinux_socket_create,
5530	.socket_post_create = selinux_socket_post_create,	5530	.socket_post_create = selinux_socket_post_create,
5531	.socket_bind = selinux_socket_bind,	5531	.socket_bind = selinux_socket_bind,
5532	.socket_connect = selinux_socket_connect,	5532	.socket_connect = selinux_socket_connect,
5533	.socket_listen = selinux_socket_listen,	5533	.socket_listen = selinux_socket_listen,
5534	.socket_accept = selinux_socket_accept,	5534	.socket_accept = selinux_socket_accept,
5535	.socket_sendmsg = selinux_socket_sendmsg,	5535	.socket_sendmsg = selinux_socket_sendmsg,
5536	.socket_recvmsg = selinux_socket_recvmsg,	5536	.socket_recvmsg = selinux_socket_recvmsg,
5537	.socket_getsockname = selinux_socket_getsockname,	5537	.socket_getsockname = selinux_socket_getsockname,
5538	.socket_getpeername = selinux_socket_getpeername,	5538	.socket_getpeername = selinux_socket_getpeername,
5539	.socket_getsockopt = selinux_socket_getsockopt,	5539	.socket_getsockopt = selinux_socket_getsockopt,
5540	.socket_setsockopt = selinux_socket_setsockopt,	5540	.socket_setsockopt = selinux_socket_setsockopt,
5541	.socket_shutdown = selinux_socket_shutdown,	5541	.socket_shutdown = selinux_socket_shutdown,
5542	.socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,	5542	.socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5543	.socket_getpeersec_stream = selinux_socket_getpeersec_stream,	5543	.socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5544	.socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,	5544	.socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5545	.sk_alloc_security = selinux_sk_alloc_security,	5545	.sk_alloc_security = selinux_sk_alloc_security,
5546	.sk_free_security = selinux_sk_free_security,	5546	.sk_free_security = selinux_sk_free_security,
5547	.sk_clone_security = selinux_sk_clone_security,	5547	.sk_clone_security = selinux_sk_clone_security,
5548	.sk_getsecid = selinux_sk_getsecid,	5548	.sk_getsecid = selinux_sk_getsecid,
5549	.sock_graft = selinux_sock_graft,	5549	.sock_graft = selinux_sock_graft,
5550	.inet_conn_request = selinux_inet_conn_request,	5550	.inet_conn_request = selinux_inet_conn_request,
5551	.inet_csk_clone = selinux_inet_csk_clone,	5551	.inet_csk_clone = selinux_inet_csk_clone,
5552	.inet_conn_established = selinux_inet_conn_established,	5552	.inet_conn_established = selinux_inet_conn_established,
5553	.secmark_relabel_packet = selinux_secmark_relabel_packet,	5553	.secmark_relabel_packet = selinux_secmark_relabel_packet,
5554	.secmark_refcount_inc = selinux_secmark_refcount_inc,	5554	.secmark_refcount_inc = selinux_secmark_refcount_inc,
5555	.secmark_refcount_dec = selinux_secmark_refcount_dec,	5555	.secmark_refcount_dec = selinux_secmark_refcount_dec,
5556	.req_classify_flow = selinux_req_classify_flow,	5556	.req_classify_flow = selinux_req_classify_flow,
5557	.tun_dev_create = selinux_tun_dev_create,	5557	.tun_dev_create = selinux_tun_dev_create,
5558	.tun_dev_post_create = selinux_tun_dev_post_create,	5558	.tun_dev_post_create = selinux_tun_dev_post_create,
5559	.tun_dev_attach = selinux_tun_dev_attach,	5559	.tun_dev_attach = selinux_tun_dev_attach,
5560		5560
5561	#ifdef CONFIG_SECURITY_NETWORK_XFRM	5561	#ifdef CONFIG_SECURITY_NETWORK_XFRM
5562	.xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,	5562	.xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5563	.xfrm_policy_clone_security = selinux_xfrm_policy_clone,	5563	.xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5564	.xfrm_policy_free_security = selinux_xfrm_policy_free,	5564	.xfrm_policy_free_security = selinux_xfrm_policy_free,
5565	.xfrm_policy_delete_security = selinux_xfrm_policy_delete,	5565	.xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5566	.xfrm_state_alloc_security = selinux_xfrm_state_alloc,	5566	.xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5567	.xfrm_state_free_security = selinux_xfrm_state_free,	5567	.xfrm_state_free_security = selinux_xfrm_state_free,
5568	.xfrm_state_delete_security = selinux_xfrm_state_delete,	5568	.xfrm_state_delete_security = selinux_xfrm_state_delete,
5569	.xfrm_policy_lookup = selinux_xfrm_policy_lookup,	5569	.xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5570	.xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,	5570	.xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5571	.xfrm_decode_session = selinux_xfrm_decode_session,	5571	.xfrm_decode_session = selinux_xfrm_decode_session,
5572	#endif	5572	#endif
5573		5573
5574	#ifdef CONFIG_KEYS	5574	#ifdef CONFIG_KEYS
5575	.key_alloc = selinux_key_alloc,	5575	.key_alloc = selinux_key_alloc,
5576	.key_free = selinux_key_free,	5576	.key_free = selinux_key_free,
5577	.key_permission = selinux_key_permission,	5577	.key_permission = selinux_key_permission,
5578	.key_getsecurity = selinux_key_getsecurity,	5578	.key_getsecurity = selinux_key_getsecurity,
5579	#endif	5579	#endif
5580		5580
5581	#ifdef CONFIG_AUDIT	5581	#ifdef CONFIG_AUDIT
5582	.audit_rule_init = selinux_audit_rule_init,	5582	.audit_rule_init = selinux_audit_rule_init,
5583	.audit_rule_known = selinux_audit_rule_known,	5583	.audit_rule_known = selinux_audit_rule_known,
5584	.audit_rule_match = selinux_audit_rule_match,	5584	.audit_rule_match = selinux_audit_rule_match,
5585	.audit_rule_free = selinux_audit_rule_free,	5585	.audit_rule_free = selinux_audit_rule_free,
5586	#endif	5586	#endif
5587	};	5587	};
5588		5588
5589	static __init int selinux_init(void)	5589	static __init int selinux_init(void)
5590	{	5590	{
5591	if (!security_module_enable(&selinux_ops)) {	5591	if (!security_module_enable(&selinux_ops)) {
5592	selinux_enabled = 0;	5592	selinux_enabled = 0;
5593	return 0;	5593	return 0;
5594	}	5594	}
5595		5595
5596	if (!selinux_enabled) {	5596	if (!selinux_enabled) {
5597	printk(KERN_INFO "SELinux: Disabled at boot.\n");	5597	printk(KERN_INFO "SELinux: Disabled at boot.\n");
5598	return 0;	5598	return 0;
5599	}	5599	}
5600		5600
5601	printk(KERN_INFO "SELinux: Initializing.\n");	5601	printk(KERN_INFO "SELinux: Initializing.\n");
5602		5602
5603	/* Set the security state for the initial task. */	5603	/* Set the security state for the initial task. */
5604	cred_init_security();	5604	cred_init_security();
5605		5605
5606	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);	5606	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5607		5607
5608	sel_inode_cache = kmem_cache_create("selinux_inode_security",	5608	sel_inode_cache = kmem_cache_create("selinux_inode_security",
5609	sizeof(struct inode_security_struct),	5609	sizeof(struct inode_security_struct),
5610	0, SLAB_PANIC, NULL);	5610	0, SLAB_PANIC, NULL);
5611	avc_init();	5611	avc_init();
5612		5612
5613	if (register_security(&selinux_ops))	5613	if (register_security(&selinux_ops))
5614	panic("SELinux: Unable to register with kernel.\n");	5614	panic("SELinux: Unable to register with kernel.\n");
5615		5615
5616	if (selinux_enforcing)	5616	if (selinux_enforcing)
5617	printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");	5617	printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5618	else	5618	else
5619	printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");	5619	printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5620		5620
5621	return 0;	5621	return 0;
5622	}	5622	}
5623		5623
5624	static void delayed_superblock_init(struct super_block sb, void unused)	5624	static void delayed_superblock_init(struct super_block sb, void unused)
5625	{	5625	{
5626	superblock_doinit(sb, NULL);	5626	superblock_doinit(sb, NULL);
5627	}	5627	}
5628		5628
5629	void selinux_complete_init(void)	5629	void selinux_complete_init(void)
5630	{	5630	{
5631	printk(KERN_DEBUG "SELinux: Completing initialization.\n");	5631	printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5632		5632
5633	/* Set up any superblocks initialized prior to the policy load. */	5633	/* Set up any superblocks initialized prior to the policy load. */
5634	printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");	5634	printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5635	iterate_supers(delayed_superblock_init, NULL);	5635	iterate_supers(delayed_superblock_init, NULL);
5636	}	5636	}
5637		5637
5638	/* SELinux requires early initialization in order to label	5638	/* SELinux requires early initialization in order to label
5639	all processes and objects when they are created. */	5639	all processes and objects when they are created. */
5640	security_initcall(selinux_init);	5640	security_initcall(selinux_init);
5641		5641
5642	#if defined(CONFIG_NETFILTER)	5642	#if defined(CONFIG_NETFILTER)
5643		5643
5644	static struct nf_hook_ops selinux_ipv4_ops[] = {	5644	static struct nf_hook_ops selinux_ipv4_ops[] = {
5645	{	5645	{
5646	.hook = selinux_ipv4_postroute,	5646	.hook = selinux_ipv4_postroute,
5647	.owner = THIS_MODULE,	5647	.owner = THIS_MODULE,
5648	.pf = PF_INET,	5648	.pf = PF_INET,
5649	.hooknum = NF_INET_POST_ROUTING,	5649	.hooknum = NF_INET_POST_ROUTING,
5650	.priority = NF_IP_PRI_SELINUX_LAST,	5650	.priority = NF_IP_PRI_SELINUX_LAST,
5651	},	5651	},
5652	{	5652	{
5653	.hook = selinux_ipv4_forward,	5653	.hook = selinux_ipv4_forward,
5654	.owner = THIS_MODULE,	5654	.owner = THIS_MODULE,
5655	.pf = PF_INET,	5655	.pf = PF_INET,
5656	.hooknum = NF_INET_FORWARD,	5656	.hooknum = NF_INET_FORWARD,
5657	.priority = NF_IP_PRI_SELINUX_FIRST,	5657	.priority = NF_IP_PRI_SELINUX_FIRST,
5658	},	5658	},
5659	{	5659	{
5660	.hook = selinux_ipv4_output,	5660	.hook = selinux_ipv4_output,
5661	.owner = THIS_MODULE,	5661	.owner = THIS_MODULE,
5662	.pf = PF_INET,	5662	.pf = PF_INET,
5663	.hooknum = NF_INET_LOCAL_OUT,	5663	.hooknum = NF_INET_LOCAL_OUT,
5664	.priority = NF_IP_PRI_SELINUX_FIRST,	5664	.priority = NF_IP_PRI_SELINUX_FIRST,
5665	}	5665	}
5666	};	5666	};
5667		5667
5668	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5668	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
5669		5669
5670	static struct nf_hook_ops selinux_ipv6_ops[] = {	5670	static struct nf_hook_ops selinux_ipv6_ops[] = {
5671	{	5671	{
5672	.hook = selinux_ipv6_postroute,	5672	.hook = selinux_ipv6_postroute,
5673	.owner = THIS_MODULE,	5673	.owner = THIS_MODULE,
5674	.pf = PF_INET6,	5674	.pf = PF_INET6,
5675	.hooknum = NF_INET_POST_ROUTING,	5675	.hooknum = NF_INET_POST_ROUTING,
5676	.priority = NF_IP6_PRI_SELINUX_LAST,	5676	.priority = NF_IP6_PRI_SELINUX_LAST,
5677	},	5677	},
5678	{	5678	{
5679	.hook = selinux_ipv6_forward,	5679	.hook = selinux_ipv6_forward,
5680	.owner = THIS_MODULE,	5680	.owner = THIS_MODULE,
5681	.pf = PF_INET6,	5681	.pf = PF_INET6,
5682	.hooknum = NF_INET_FORWARD,	5682	.hooknum = NF_INET_FORWARD,
5683	.priority = NF_IP6_PRI_SELINUX_FIRST,	5683	.priority = NF_IP6_PRI_SELINUX_FIRST,
5684	}	5684	}
5685	};	5685	};
5686		5686
5687	#endif /* IPV6 */	5687	#endif /* IPV6 */
5688		5688
5689	static int __init selinux_nf_ip_init(void)	5689	static int __init selinux_nf_ip_init(void)
5690	{	5690	{
5691	int err = 0;	5691	int err = 0;
5692		5692
5693	if (!selinux_enabled)	5693	if (!selinux_enabled)
5694	goto out;	5694	goto out;
5695		5695
5696	printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");	5696	printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5697		5697
5698	err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));	5698	err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5699	if (err)	5699	if (err)
5700	panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);	5700	panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5701		5701
5702	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5702	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
5703	err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));	5703	err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5704	if (err)	5704	if (err)
5705	panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);	5705	panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5706	#endif /* IPV6 */	5706	#endif /* IPV6 */
5707		5707
5708	out:	5708	out:
5709	return err;	5709	return err;
5710	}	5710	}
5711		5711
5712	__initcall(selinux_nf_ip_init);	5712	__initcall(selinux_nf_ip_init);
5713		5713
5714	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	5714	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5715	static void selinux_nf_ip_exit(void)	5715	static void selinux_nf_ip_exit(void)
5716	{	5716	{
5717	printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");	5717	printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5718		5718
5719	nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));	5719	nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5720	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5720	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
5721	nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));	5721	nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5722	#endif /* IPV6 */	5722	#endif /* IPV6 */
5723	}	5723	}
5724	#endif	5724	#endif
5725		5725
5726	#else /* CONFIG_NETFILTER */	5726	#else /* CONFIG_NETFILTER */
5727		5727
5728	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	5728	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5729	#define selinux_nf_ip_exit()	5729	#define selinux_nf_ip_exit()
5730	#endif	5730	#endif
5731		5731
5732	#endif /* CONFIG_NETFILTER */	5732	#endif /* CONFIG_NETFILTER */
5733		5733
5734	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	5734	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5735	static int selinux_disabled;	5735	static int selinux_disabled;
5736		5736
5737	int selinux_disable(void)	5737	int selinux_disable(void)
5738	{	5738	{
5739	extern void exit_sel_fs(void);	5739	extern void exit_sel_fs(void);
5740		5740
5741	if (ss_initialized) {	5741	if (ss_initialized) {
5742	/* Not permitted after initial policy load. */	5742	/* Not permitted after initial policy load. */
5743	return -EINVAL;	5743	return -EINVAL;
5744	}	5744	}
5745		5745
5746	if (selinux_disabled) {	5746	if (selinux_disabled) {
5747	/* Only do this once. */	5747	/* Only do this once. */
5748	return -EINVAL;	5748	return -EINVAL;
5749	}	5749	}
5750		5750
5751	printk(KERN_INFO "SELinux: Disabled at runtime.\n");	5751	printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5752		5752
5753	selinux_disabled = 1;	5753	selinux_disabled = 1;
5754	selinux_enabled = 0;	5754	selinux_enabled = 0;
5755		5755
5756	reset_security_ops();	5756	reset_security_ops();
5757		5757
5758	/* Try to destroy the avc node cache */	5758	/* Try to destroy the avc node cache */
5759	avc_disable();	5759	avc_disable();
5760		5760
5761	/* Unregister netfilter hooks. */	5761	/* Unregister netfilter hooks. */
5762	selinux_nf_ip_exit();	5762	selinux_nf_ip_exit();
5763		5763
5764	/* Unregister selinuxfs. */	5764	/* Unregister selinuxfs. */
5765	exit_sel_fs();	5765	exit_sel_fs();
5766		5766
5767	return 0;	5767	return 0;
5768	}	5768	}
5769	#endif	5769	#endif
5770		5770

security/smack/smack_lsm.c

Diff comments View file @ 3610cda

1	/*	1	/*
2	* Simplified MAC Kernel (smack) security module	2	* Simplified MAC Kernel (smack) security module
3	*	3	*
4	* This file contains the smack hook function implementations.	4	* This file contains the smack hook function implementations.
5	*	5	*
6	* Author:	6	* Author:
7	* Casey Schaufler <casey@schaufler-ca.com>	7	* Casey Schaufler <casey@schaufler-ca.com>
8	*	8	*
9	* Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>	9	* Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
10	* Copyright (C) 2009 Hewlett-Packard Development Company, L.P.	10	* Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
11	* Paul Moore <paul.moore@hp.com>	11	* Paul Moore <paul.moore@hp.com>
12	*	12	*
13	* This program is free software; you can redistribute it and/or modify	13	* This program is free software; you can redistribute it and/or modify
14	* it under the terms of the GNU General Public License version 2,	14	* it under the terms of the GNU General Public License version 2,
15	* as published by the Free Software Foundation.	15	* as published by the Free Software Foundation.
16	*/	16	*/
17		17
18	#include <linux/xattr.h>	18	#include <linux/xattr.h>
19	#include <linux/pagemap.h>	19	#include <linux/pagemap.h>
20	#include <linux/mount.h>	20	#include <linux/mount.h>
21	#include <linux/stat.h>	21	#include <linux/stat.h>
22	#include <linux/kd.h>	22	#include <linux/kd.h>
23	#include <asm/ioctls.h>	23	#include <asm/ioctls.h>
24	#include <linux/ip.h>	24	#include <linux/ip.h>
25	#include <linux/tcp.h>	25	#include <linux/tcp.h>
26	#include <linux/udp.h>	26	#include <linux/udp.h>
27	#include <linux/slab.h>	27	#include <linux/slab.h>
28	#include <linux/mutex.h>	28	#include <linux/mutex.h>
29	#include <linux/pipe_fs_i.h>	29	#include <linux/pipe_fs_i.h>
30	#include <net/netlabel.h>	30	#include <net/netlabel.h>
31	#include <net/cipso_ipv4.h>	31	#include <net/cipso_ipv4.h>
32	#include <linux/audit.h>	32	#include <linux/audit.h>
33	#include <linux/magic.h>	33	#include <linux/magic.h>
34	#include "smack.h"	34	#include "smack.h"
35		35
36	#define task_security(task) (task_cred_xxx((task), security))	36	#define task_security(task) (task_cred_xxx((task), security))
37		37
38	/**	38	/**
39	* smk_fetch - Fetch the smack label from a file.	39	* smk_fetch - Fetch the smack label from a file.
40	* @ip: a pointer to the inode	40	* @ip: a pointer to the inode
41	* @dp: a pointer to the dentry	41	* @dp: a pointer to the dentry
42	*	42	*
43	* Returns a pointer to the master list entry for the Smack label	43	* Returns a pointer to the master list entry for the Smack label
44	* or NULL if there was no label to fetch.	44	* or NULL if there was no label to fetch.
45	*/	45	*/
46	static char smk_fetch(struct inode ip, struct dentry *dp)	46	static char smk_fetch(struct inode ip, struct dentry *dp)
47	{	47	{
48	int rc;	48	int rc;
49	char in[SMK_LABELLEN];	49	char in[SMK_LABELLEN];
50		50
51	if (ip->i_op->getxattr == NULL)	51	if (ip->i_op->getxattr == NULL)
52	return NULL;	52	return NULL;
53		53
54	rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN);	54	rc = ip->i_op->getxattr(dp, XATTR_NAME_SMACK, in, SMK_LABELLEN);
55	if (rc < 0)	55	if (rc < 0)
56	return NULL;	56	return NULL;
57		57
58	return smk_import(in, rc);	58	return smk_import(in, rc);
59	}	59	}
60		60
61	/**	61	/**
62	* new_inode_smack - allocate an inode security blob	62	* new_inode_smack - allocate an inode security blob
63	* @smack: a pointer to the Smack label to use in the blob	63	* @smack: a pointer to the Smack label to use in the blob
64	*	64	*
65	* Returns the new blob or NULL if there's no memory available	65	* Returns the new blob or NULL if there's no memory available
66	*/	66	*/
67	struct inode_smack new_inode_smack(char smack)	67	struct inode_smack new_inode_smack(char smack)
68	{	68	{
69	struct inode_smack *isp;	69	struct inode_smack *isp;
70		70
71	isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);	71	isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
72	if (isp == NULL)	72	if (isp == NULL)
73	return NULL;	73	return NULL;
74		74
75	isp->smk_inode = smack;	75	isp->smk_inode = smack;
76	isp->smk_flags = 0;	76	isp->smk_flags = 0;
77	mutex_init(&isp->smk_lock);	77	mutex_init(&isp->smk_lock);
78		78
79	return isp;	79	return isp;
80	}	80	}
81		81
82	/*	82	/*
83	* LSM hooks.	83	* LSM hooks.
84	* We he, that is fun!	84	* We he, that is fun!
85	*/	85	*/
86		86
87	/**	87	/**
88	* smack_ptrace_access_check - Smack approval on PTRACE_ATTACH	88	* smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
89	* @ctp: child task pointer	89	* @ctp: child task pointer
90	* @mode: ptrace attachment mode	90	* @mode: ptrace attachment mode
91	*	91	*
92	* Returns 0 if access is OK, an error code otherwise	92	* Returns 0 if access is OK, an error code otherwise
93	*	93	*
94	* Do the capability checks, and require read and write.	94	* Do the capability checks, and require read and write.
95	*/	95	*/
96	static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)	96	static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
97	{	97	{
98	int rc;	98	int rc;
99	struct smk_audit_info ad;	99	struct smk_audit_info ad;
100	char sp, tsp;	100	char sp, tsp;
101		101
102	rc = cap_ptrace_access_check(ctp, mode);	102	rc = cap_ptrace_access_check(ctp, mode);
103	if (rc != 0)	103	if (rc != 0)
104	return rc;	104	return rc;
105		105
106	sp = current_security();	106	sp = current_security();
107	tsp = task_security(ctp);	107	tsp = task_security(ctp);
108	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	108	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
109	smk_ad_setfield_u_tsk(&ad, ctp);	109	smk_ad_setfield_u_tsk(&ad, ctp);
110		110
111	/* we won't log here, because rc can be overriden */	111	/* we won't log here, because rc can be overriden */
112	rc = smk_access(sp, tsp, MAY_READWRITE, NULL);	112	rc = smk_access(sp, tsp, MAY_READWRITE, NULL);
113	if (rc != 0 && capable(CAP_MAC_OVERRIDE))	113	if (rc != 0 && capable(CAP_MAC_OVERRIDE))
114	rc = 0;	114	rc = 0;
115		115
116	smack_log(sp, tsp, MAY_READWRITE, rc, &ad);	116	smack_log(sp, tsp, MAY_READWRITE, rc, &ad);
117	return rc;	117	return rc;
118	}	118	}
119		119
120	/**	120	/**
121	* smack_ptrace_traceme - Smack approval on PTRACE_TRACEME	121	* smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
122	* @ptp: parent task pointer	122	* @ptp: parent task pointer
123	*	123	*
124	* Returns 0 if access is OK, an error code otherwise	124	* Returns 0 if access is OK, an error code otherwise
125	*	125	*
126	* Do the capability checks, and require read and write.	126	* Do the capability checks, and require read and write.
127	*/	127	*/
128	static int smack_ptrace_traceme(struct task_struct *ptp)	128	static int smack_ptrace_traceme(struct task_struct *ptp)
129	{	129	{
130	int rc;	130	int rc;
131	struct smk_audit_info ad;	131	struct smk_audit_info ad;
132	char sp, tsp;	132	char sp, tsp;
133		133
134	rc = cap_ptrace_traceme(ptp);	134	rc = cap_ptrace_traceme(ptp);
135	if (rc != 0)	135	if (rc != 0)
136	return rc;	136	return rc;
137		137
138	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	138	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
139	smk_ad_setfield_u_tsk(&ad, ptp);	139	smk_ad_setfield_u_tsk(&ad, ptp);
140		140
141	sp = current_security();	141	sp = current_security();
142	tsp = task_security(ptp);	142	tsp = task_security(ptp);
143	/* we won't log here, because rc can be overriden */	143	/* we won't log here, because rc can be overriden */
144	rc = smk_access(tsp, sp, MAY_READWRITE, NULL);	144	rc = smk_access(tsp, sp, MAY_READWRITE, NULL);
145	if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))	145	if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
146	rc = 0;	146	rc = 0;
147		147
148	smack_log(tsp, sp, MAY_READWRITE, rc, &ad);	148	smack_log(tsp, sp, MAY_READWRITE, rc, &ad);
149	return rc;	149	return rc;
150	}	150	}
151		151
152	/**	152	/**
153	* smack_syslog - Smack approval on syslog	153	* smack_syslog - Smack approval on syslog
154	* @type: message type	154	* @type: message type
155	*	155	*
156	* Require that the task has the floor label	156	* Require that the task has the floor label
157	*	157	*
158	* Returns 0 on success, error code otherwise.	158	* Returns 0 on success, error code otherwise.
159	*/	159	*/
160	static int smack_syslog(int typefrom_file)	160	static int smack_syslog(int typefrom_file)
161	{	161	{
162	int rc = 0;	162	int rc = 0;
163	char *sp = current_security();	163	char *sp = current_security();
164		164
165	if (capable(CAP_MAC_OVERRIDE))	165	if (capable(CAP_MAC_OVERRIDE))
166	return 0;	166	return 0;
167		167
168	if (sp != smack_known_floor.smk_known)	168	if (sp != smack_known_floor.smk_known)
169	rc = -EACCES;	169	rc = -EACCES;
170		170
171	return rc;	171	return rc;
172	}	172	}
173		173
174		174
175	/*	175	/*
176	* Superblock Hooks.	176	* Superblock Hooks.
177	*/	177	*/
178		178
179	/**	179	/**
180	* smack_sb_alloc_security - allocate a superblock blob	180	* smack_sb_alloc_security - allocate a superblock blob
181	* @sb: the superblock getting the blob	181	* @sb: the superblock getting the blob
182	*	182	*
183	* Returns 0 on success or -ENOMEM on error.	183	* Returns 0 on success or -ENOMEM on error.
184	*/	184	*/
185	static int smack_sb_alloc_security(struct super_block *sb)	185	static int smack_sb_alloc_security(struct super_block *sb)
186	{	186	{
187	struct superblock_smack *sbsp;	187	struct superblock_smack *sbsp;
188		188
189	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);	189	sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
190		190
191	if (sbsp == NULL)	191	if (sbsp == NULL)
192	return -ENOMEM;	192	return -ENOMEM;
193		193
194	sbsp->smk_root = smack_known_floor.smk_known;	194	sbsp->smk_root = smack_known_floor.smk_known;
195	sbsp->smk_default = smack_known_floor.smk_known;	195	sbsp->smk_default = smack_known_floor.smk_known;
196	sbsp->smk_floor = smack_known_floor.smk_known;	196	sbsp->smk_floor = smack_known_floor.smk_known;
197	sbsp->smk_hat = smack_known_hat.smk_known;	197	sbsp->smk_hat = smack_known_hat.smk_known;
198	sbsp->smk_initialized = 0;	198	sbsp->smk_initialized = 0;
199	spin_lock_init(&sbsp->smk_sblock);	199	spin_lock_init(&sbsp->smk_sblock);
200		200
201	sb->s_security = sbsp;	201	sb->s_security = sbsp;
202		202
203	return 0;	203	return 0;
204	}	204	}
205		205
206	/**	206	/**
207	* smack_sb_free_security - free a superblock blob	207	* smack_sb_free_security - free a superblock blob
208	* @sb: the superblock getting the blob	208	* @sb: the superblock getting the blob
209	*	209	*
210	*/	210	*/
211	static void smack_sb_free_security(struct super_block *sb)	211	static void smack_sb_free_security(struct super_block *sb)
212	{	212	{
213	kfree(sb->s_security);	213	kfree(sb->s_security);
214	sb->s_security = NULL;	214	sb->s_security = NULL;
215	}	215	}
216		216
217	/**	217	/**
218	* smack_sb_copy_data - copy mount options data for processing	218	* smack_sb_copy_data - copy mount options data for processing
219	* @orig: where to start	219	* @orig: where to start
220	* @smackopts: mount options string	220	* @smackopts: mount options string
221	*	221	*
222	* Returns 0 on success or -ENOMEM on error.	222	* Returns 0 on success or -ENOMEM on error.
223	*	223	*
224	* Copy the Smack specific mount options out of the mount	224	* Copy the Smack specific mount options out of the mount
225	* options list.	225	* options list.
226	*/	226	*/
227	static int smack_sb_copy_data(char orig, char smackopts)	227	static int smack_sb_copy_data(char orig, char smackopts)
228	{	228	{
229	char cp, commap, otheropts, dp;	229	char cp, commap, otheropts, dp;
230		230
231	otheropts = (char *)get_zeroed_page(GFP_KERNEL);	231	otheropts = (char *)get_zeroed_page(GFP_KERNEL);
232	if (otheropts == NULL)	232	if (otheropts == NULL)
233	return -ENOMEM;	233	return -ENOMEM;
234		234
235	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {	235	for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
236	if (strstr(cp, SMK_FSDEFAULT) == cp)	236	if (strstr(cp, SMK_FSDEFAULT) == cp)
237	dp = smackopts;	237	dp = smackopts;
238	else if (strstr(cp, SMK_FSFLOOR) == cp)	238	else if (strstr(cp, SMK_FSFLOOR) == cp)
239	dp = smackopts;	239	dp = smackopts;
240	else if (strstr(cp, SMK_FSHAT) == cp)	240	else if (strstr(cp, SMK_FSHAT) == cp)
241	dp = smackopts;	241	dp = smackopts;
242	else if (strstr(cp, SMK_FSROOT) == cp)	242	else if (strstr(cp, SMK_FSROOT) == cp)
243	dp = smackopts;	243	dp = smackopts;
244	else	244	else
245	dp = otheropts;	245	dp = otheropts;
246		246
247	commap = strchr(cp, ',');	247	commap = strchr(cp, ',');
248	if (commap != NULL)	248	if (commap != NULL)
249	*commap = '\0';	249	*commap = '\0';
250		250
251	if (*dp != '\0')	251	if (*dp != '\0')
252	strcat(dp, ",");	252	strcat(dp, ",");
253	strcat(dp, cp);	253	strcat(dp, cp);
254	}	254	}
255		255
256	strcpy(orig, otheropts);	256	strcpy(orig, otheropts);
257	free_page((unsigned long)otheropts);	257	free_page((unsigned long)otheropts);
258		258
259	return 0;	259	return 0;
260	}	260	}
261		261
262	/**	262	/**
263	* smack_sb_kern_mount - Smack specific mount processing	263	* smack_sb_kern_mount - Smack specific mount processing
264	* @sb: the file system superblock	264	* @sb: the file system superblock
265	* @flags: the mount flags	265	* @flags: the mount flags
266	* @data: the smack mount options	266	* @data: the smack mount options
267	*	267	*
268	* Returns 0 on success, an error code on failure	268	* Returns 0 on success, an error code on failure
269	*/	269	*/
270	static int smack_sb_kern_mount(struct super_block sb, int flags, void data)	270	static int smack_sb_kern_mount(struct super_block sb, int flags, void data)
271	{	271	{
272	struct dentry *root = sb->s_root;	272	struct dentry *root = sb->s_root;
273	struct inode *inode = root->d_inode;	273	struct inode *inode = root->d_inode;
274	struct superblock_smack *sp = sb->s_security;	274	struct superblock_smack *sp = sb->s_security;
275	struct inode_smack *isp;	275	struct inode_smack *isp;
276	char *op;	276	char *op;
277	char *commap;	277	char *commap;
278	char *nsp;	278	char *nsp;
279		279
280	spin_lock(&sp->smk_sblock);	280	spin_lock(&sp->smk_sblock);
281	if (sp->smk_initialized != 0) {	281	if (sp->smk_initialized != 0) {
282	spin_unlock(&sp->smk_sblock);	282	spin_unlock(&sp->smk_sblock);
283	return 0;	283	return 0;
284	}	284	}
285	sp->smk_initialized = 1;	285	sp->smk_initialized = 1;
286	spin_unlock(&sp->smk_sblock);	286	spin_unlock(&sp->smk_sblock);
287		287
288	for (op = data; op != NULL; op = commap) {	288	for (op = data; op != NULL; op = commap) {
289	commap = strchr(op, ',');	289	commap = strchr(op, ',');
290	if (commap != NULL)	290	if (commap != NULL)
291	*commap++ = '\0';	291	*commap++ = '\0';
292		292
293	if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {	293	if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
294	op += strlen(SMK_FSHAT);	294	op += strlen(SMK_FSHAT);
295	nsp = smk_import(op, 0);	295	nsp = smk_import(op, 0);
296	if (nsp != NULL)	296	if (nsp != NULL)
297	sp->smk_hat = nsp;	297	sp->smk_hat = nsp;
298	} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {	298	} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
299	op += strlen(SMK_FSFLOOR);	299	op += strlen(SMK_FSFLOOR);
300	nsp = smk_import(op, 0);	300	nsp = smk_import(op, 0);
301	if (nsp != NULL)	301	if (nsp != NULL)
302	sp->smk_floor = nsp;	302	sp->smk_floor = nsp;
303	} else if (strncmp(op, SMK_FSDEFAULT,	303	} else if (strncmp(op, SMK_FSDEFAULT,
304	strlen(SMK_FSDEFAULT)) == 0) {	304	strlen(SMK_FSDEFAULT)) == 0) {
305	op += strlen(SMK_FSDEFAULT);	305	op += strlen(SMK_FSDEFAULT);
306	nsp = smk_import(op, 0);	306	nsp = smk_import(op, 0);
307	if (nsp != NULL)	307	if (nsp != NULL)
308	sp->smk_default = nsp;	308	sp->smk_default = nsp;
309	} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {	309	} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
310	op += strlen(SMK_FSROOT);	310	op += strlen(SMK_FSROOT);
311	nsp = smk_import(op, 0);	311	nsp = smk_import(op, 0);
312	if (nsp != NULL)	312	if (nsp != NULL)
313	sp->smk_root = nsp;	313	sp->smk_root = nsp;
314	}	314	}
315	}	315	}
316		316
317	/*	317	/*
318	* Initialize the root inode.	318	* Initialize the root inode.
319	*/	319	*/
320	isp = inode->i_security;	320	isp = inode->i_security;
321	if (isp == NULL)	321	if (isp == NULL)
322	inode->i_security = new_inode_smack(sp->smk_root);	322	inode->i_security = new_inode_smack(sp->smk_root);
323	else	323	else
324	isp->smk_inode = sp->smk_root;	324	isp->smk_inode = sp->smk_root;
325		325
326	return 0;	326	return 0;
327	}	327	}
328		328
329	/**	329	/**
330	* smack_sb_statfs - Smack check on statfs	330	* smack_sb_statfs - Smack check on statfs
331	* @dentry: identifies the file system in question	331	* @dentry: identifies the file system in question
332	*	332	*
333	* Returns 0 if current can read the floor of the filesystem,	333	* Returns 0 if current can read the floor of the filesystem,
334	* and error code otherwise	334	* and error code otherwise
335	*/	335	*/
336	static int smack_sb_statfs(struct dentry *dentry)	336	static int smack_sb_statfs(struct dentry *dentry)
337	{	337	{
338	struct superblock_smack *sbp = dentry->d_sb->s_security;	338	struct superblock_smack *sbp = dentry->d_sb->s_security;
339	int rc;	339	int rc;
340	struct smk_audit_info ad;	340	struct smk_audit_info ad;
341		341
342	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	342	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
343	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	343	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
344		344
345	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);	345	rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
346	return rc;	346	return rc;
347	}	347	}
348		348
349	/**	349	/**
350	* smack_sb_mount - Smack check for mounting	350	* smack_sb_mount - Smack check for mounting
351	* @dev_name: unused	351	* @dev_name: unused
352	* @path: mount point	352	* @path: mount point
353	* @type: unused	353	* @type: unused
354	* @flags: unused	354	* @flags: unused
355	* @data: unused	355	* @data: unused
356	*	356	*
357	* Returns 0 if current can write the floor of the filesystem	357	* Returns 0 if current can write the floor of the filesystem
358	* being mounted on, an error code otherwise.	358	* being mounted on, an error code otherwise.
359	*/	359	*/
360	static int smack_sb_mount(char dev_name, struct path path,	360	static int smack_sb_mount(char dev_name, struct path path,
361	char type, unsigned long flags, void data)	361	char type, unsigned long flags, void data)
362	{	362	{
363	struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;	363	struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
364	struct smk_audit_info ad;	364	struct smk_audit_info ad;
365		365
366	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	366	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
367	smk_ad_setfield_u_fs_path(&ad, *path);	367	smk_ad_setfield_u_fs_path(&ad, *path);
368		368
369	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);	369	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
370	}	370	}
371		371
372	/**	372	/**
373	* smack_sb_umount - Smack check for unmounting	373	* smack_sb_umount - Smack check for unmounting
374	* @mnt: file system to unmount	374	* @mnt: file system to unmount
375	* @flags: unused	375	* @flags: unused
376	*	376	*
377	* Returns 0 if current can write the floor of the filesystem	377	* Returns 0 if current can write the floor of the filesystem
378	* being unmounted, an error code otherwise.	378	* being unmounted, an error code otherwise.
379	*/	379	*/
380	static int smack_sb_umount(struct vfsmount *mnt, int flags)	380	static int smack_sb_umount(struct vfsmount *mnt, int flags)
381	{	381	{
382	struct superblock_smack *sbp;	382	struct superblock_smack *sbp;
383	struct smk_audit_info ad;	383	struct smk_audit_info ad;
384		384
385	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	385	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
386	smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);	386	smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);
387	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);	387	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
388		388
389	sbp = mnt->mnt_sb->s_security;	389	sbp = mnt->mnt_sb->s_security;
390	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);	390	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
391	}	391	}
392		392
393	/*	393	/*
394	* Inode hooks	394	* Inode hooks
395	*/	395	*/
396		396
397	/**	397	/**
398	* smack_inode_alloc_security - allocate an inode blob	398	* smack_inode_alloc_security - allocate an inode blob
399	* @inode: the inode in need of a blob	399	* @inode: the inode in need of a blob
400	*	400	*
401	* Returns 0 if it gets a blob, -ENOMEM otherwise	401	* Returns 0 if it gets a blob, -ENOMEM otherwise
402	*/	402	*/
403	static int smack_inode_alloc_security(struct inode *inode)	403	static int smack_inode_alloc_security(struct inode *inode)
404	{	404	{
405	inode->i_security = new_inode_smack(current_security());	405	inode->i_security = new_inode_smack(current_security());
406	if (inode->i_security == NULL)	406	if (inode->i_security == NULL)
407	return -ENOMEM;	407	return -ENOMEM;
408	return 0;	408	return 0;
409	}	409	}
410		410
411	/**	411	/**
412	* smack_inode_free_security - free an inode blob	412	* smack_inode_free_security - free an inode blob
413	* @inode: the inode with a blob	413	* @inode: the inode with a blob
414	*	414	*
415	* Clears the blob pointer in inode	415	* Clears the blob pointer in inode
416	*/	416	*/
417	static void smack_inode_free_security(struct inode *inode)	417	static void smack_inode_free_security(struct inode *inode)
418	{	418	{
419	kfree(inode->i_security);	419	kfree(inode->i_security);
420	inode->i_security = NULL;	420	inode->i_security = NULL;
421	}	421	}
422		422
423	/**	423	/**
424	* smack_inode_init_security - copy out the smack from an inode	424	* smack_inode_init_security - copy out the smack from an inode
425	* @inode: the inode	425	* @inode: the inode
426	* @dir: unused	426	* @dir: unused
427	* @name: where to put the attribute name	427	* @name: where to put the attribute name
428	* @value: where to put the attribute value	428	* @value: where to put the attribute value
429	* @len: where to put the length of the attribute	429	* @len: where to put the length of the attribute
430	*	430	*
431	* Returns 0 if it all works out, -ENOMEM if there's no memory	431	* Returns 0 if it all works out, -ENOMEM if there's no memory
432	*/	432	*/
433	static int smack_inode_init_security(struct inode inode, struct inode dir,	433	static int smack_inode_init_security(struct inode inode, struct inode dir,
434	char name, void value, size_t *len)	434	char name, void value, size_t *len)
435	{	435	{
436	char *isp = smk_of_inode(inode);	436	char *isp = smk_of_inode(inode);
437		437
438	if (name) {	438	if (name) {
439	*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);	439	*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
440	if (*name == NULL)	440	if (*name == NULL)
441	return -ENOMEM;	441	return -ENOMEM;
442	}	442	}
443		443
444	if (value) {	444	if (value) {
445	*value = kstrdup(isp, GFP_KERNEL);	445	*value = kstrdup(isp, GFP_KERNEL);
446	if (*value == NULL)	446	if (*value == NULL)
447	return -ENOMEM;	447	return -ENOMEM;
448	}	448	}
449		449
450	if (len)	450	if (len)
451	*len = strlen(isp) + 1;	451	*len = strlen(isp) + 1;
452		452
453	return 0;	453	return 0;
454	}	454	}
455		455
456	/**	456	/**
457	* smack_inode_link - Smack check on link	457	* smack_inode_link - Smack check on link
458	* @old_dentry: the existing object	458	* @old_dentry: the existing object
459	* @dir: unused	459	* @dir: unused
460	* @new_dentry: the new object	460	* @new_dentry: the new object
461	*	461	*
462	* Returns 0 if access is permitted, an error code otherwise	462	* Returns 0 if access is permitted, an error code otherwise
463	*/	463	*/
464	static int smack_inode_link(struct dentry old_dentry, struct inode dir,	464	static int smack_inode_link(struct dentry old_dentry, struct inode dir,
465	struct dentry *new_dentry)	465	struct dentry *new_dentry)
466	{	466	{
467	char *isp;	467	char *isp;
468	struct smk_audit_info ad;	468	struct smk_audit_info ad;
469	int rc;	469	int rc;
470		470
471	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	471	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
472	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);	472	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
473		473
474	isp = smk_of_inode(old_dentry->d_inode);	474	isp = smk_of_inode(old_dentry->d_inode);
475	rc = smk_curacc(isp, MAY_WRITE, &ad);	475	rc = smk_curacc(isp, MAY_WRITE, &ad);
476		476
477	if (rc == 0 && new_dentry->d_inode != NULL) {	477	if (rc == 0 && new_dentry->d_inode != NULL) {
478	isp = smk_of_inode(new_dentry->d_inode);	478	isp = smk_of_inode(new_dentry->d_inode);
479	smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);	479	smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
480	rc = smk_curacc(isp, MAY_WRITE, &ad);	480	rc = smk_curacc(isp, MAY_WRITE, &ad);
481	}	481	}
482		482
483	return rc;	483	return rc;
484	}	484	}
485		485
486	/**	486	/**
487	* smack_inode_unlink - Smack check on inode deletion	487	* smack_inode_unlink - Smack check on inode deletion
488	* @dir: containing directory object	488	* @dir: containing directory object
489	* @dentry: file to unlink	489	* @dentry: file to unlink
490	*	490	*
491	* Returns 0 if current can write the containing directory	491	* Returns 0 if current can write the containing directory
492	* and the object, error code otherwise	492	* and the object, error code otherwise
493	*/	493	*/
494	static int smack_inode_unlink(struct inode dir, struct dentry dentry)	494	static int smack_inode_unlink(struct inode dir, struct dentry dentry)
495	{	495	{
496	struct inode *ip = dentry->d_inode;	496	struct inode *ip = dentry->d_inode;
497	struct smk_audit_info ad;	497	struct smk_audit_info ad;
498	int rc;	498	int rc;
499		499
500	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	500	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
501	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	501	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
502		502
503	/*	503	/*
504	* You need write access to the thing you're unlinking	504	* You need write access to the thing you're unlinking
505	*/	505	*/
506	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);	506	rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
507	if (rc == 0) {	507	if (rc == 0) {
508	/*	508	/*
509	* You also need write access to the containing directory	509	* You also need write access to the containing directory
510	*/	510	*/
511	smk_ad_setfield_u_fs_path_dentry(&ad, NULL);	511	smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
512	smk_ad_setfield_u_fs_inode(&ad, dir);	512	smk_ad_setfield_u_fs_inode(&ad, dir);
513	rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);	513	rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
514	}	514	}
515	return rc;	515	return rc;
516	}	516	}
517		517
518	/**	518	/**
519	* smack_inode_rmdir - Smack check on directory deletion	519	* smack_inode_rmdir - Smack check on directory deletion
520	* @dir: containing directory object	520	* @dir: containing directory object
521	* @dentry: directory to unlink	521	* @dentry: directory to unlink
522	*	522	*
523	* Returns 0 if current can write the containing directory	523	* Returns 0 if current can write the containing directory
524	* and the directory, error code otherwise	524	* and the directory, error code otherwise
525	*/	525	*/
526	static int smack_inode_rmdir(struct inode dir, struct dentry dentry)	526	static int smack_inode_rmdir(struct inode dir, struct dentry dentry)
527	{	527	{
528	struct smk_audit_info ad;	528	struct smk_audit_info ad;
529	int rc;	529	int rc;
530		530
531	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	531	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
532	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	532	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
533		533
534	/*	534	/*
535	* You need write access to the thing you're removing	535	* You need write access to the thing you're removing
536	*/	536	*/
537	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);	537	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
538	if (rc == 0) {	538	if (rc == 0) {
539	/*	539	/*
540	* You also need write access to the containing directory	540	* You also need write access to the containing directory
541	*/	541	*/
542	smk_ad_setfield_u_fs_path_dentry(&ad, NULL);	542	smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
543	smk_ad_setfield_u_fs_inode(&ad, dir);	543	smk_ad_setfield_u_fs_inode(&ad, dir);
544	rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);	544	rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
545	}	545	}
546		546
547	return rc;	547	return rc;
548	}	548	}
549		549
550	/**	550	/**
551	* smack_inode_rename - Smack check on rename	551	* smack_inode_rename - Smack check on rename
552	* @old_inode: the old directory	552	* @old_inode: the old directory
553	* @old_dentry: unused	553	* @old_dentry: unused
554	* @new_inode: the new directory	554	* @new_inode: the new directory
555	* @new_dentry: unused	555	* @new_dentry: unused
556	*	556	*
557	* Read and write access is required on both the old and	557	* Read and write access is required on both the old and
558	* new directories.	558	* new directories.
559	*	559	*
560	* Returns 0 if access is permitted, an error code otherwise	560	* Returns 0 if access is permitted, an error code otherwise
561	*/	561	*/
562	static int smack_inode_rename(struct inode *old_inode,	562	static int smack_inode_rename(struct inode *old_inode,
563	struct dentry *old_dentry,	563	struct dentry *old_dentry,
564	struct inode *new_inode,	564	struct inode *new_inode,
565	struct dentry *new_dentry)	565	struct dentry *new_dentry)
566	{	566	{
567	int rc;	567	int rc;
568	char *isp;	568	char *isp;
569	struct smk_audit_info ad;	569	struct smk_audit_info ad;
570		570
571	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	571	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
572	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);	572	smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
573		573
574	isp = smk_of_inode(old_dentry->d_inode);	574	isp = smk_of_inode(old_dentry->d_inode);
575	rc = smk_curacc(isp, MAY_READWRITE, &ad);	575	rc = smk_curacc(isp, MAY_READWRITE, &ad);
576		576
577	if (rc == 0 && new_dentry->d_inode != NULL) {	577	if (rc == 0 && new_dentry->d_inode != NULL) {
578	isp = smk_of_inode(new_dentry->d_inode);	578	isp = smk_of_inode(new_dentry->d_inode);
579	smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);	579	smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
580	rc = smk_curacc(isp, MAY_READWRITE, &ad);	580	rc = smk_curacc(isp, MAY_READWRITE, &ad);
581	}	581	}
582	return rc;	582	return rc;
583	}	583	}
584		584
585	/**	585	/**
586	* smack_inode_permission - Smack version of permission()	586	* smack_inode_permission - Smack version of permission()
587	* @inode: the inode in question	587	* @inode: the inode in question
588	* @mask: the access requested	588	* @mask: the access requested
589	*	589	*
590	* This is the important Smack hook.	590	* This is the important Smack hook.
591	*	591	*
592	* Returns 0 if access is permitted, -EACCES otherwise	592	* Returns 0 if access is permitted, -EACCES otherwise
593	*/	593	*/
594	static int smack_inode_permission(struct inode *inode, int mask)	594	static int smack_inode_permission(struct inode *inode, int mask)
595	{	595	{
596	struct smk_audit_info ad;	596	struct smk_audit_info ad;
597		597
598	mask &= (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND);	598	mask &= (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND);
599	/*	599	/*
600	* No permission to check. Existence test. Yup, it's there.	600	* No permission to check. Existence test. Yup, it's there.
601	*/	601	*/
602	if (mask == 0)	602	if (mask == 0)
603	return 0;	603	return 0;
604	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	604	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
605	smk_ad_setfield_u_fs_inode(&ad, inode);	605	smk_ad_setfield_u_fs_inode(&ad, inode);
606	return smk_curacc(smk_of_inode(inode), mask, &ad);	606	return smk_curacc(smk_of_inode(inode), mask, &ad);
607	}	607	}
608		608
609	/**	609	/**
610	* smack_inode_setattr - Smack check for setting attributes	610	* smack_inode_setattr - Smack check for setting attributes
611	* @dentry: the object	611	* @dentry: the object
612	* @iattr: for the force flag	612	* @iattr: for the force flag
613	*	613	*
614	* Returns 0 if access is permitted, an error code otherwise	614	* Returns 0 if access is permitted, an error code otherwise
615	*/	615	*/
616	static int smack_inode_setattr(struct dentry dentry, struct iattr iattr)	616	static int smack_inode_setattr(struct dentry dentry, struct iattr iattr)
617	{	617	{
618	struct smk_audit_info ad;	618	struct smk_audit_info ad;
619	/*	619	/*
620	* Need to allow for clearing the setuid bit.	620	* Need to allow for clearing the setuid bit.
621	*/	621	*/
622	if (iattr->ia_valid & ATTR_FORCE)	622	if (iattr->ia_valid & ATTR_FORCE)
623	return 0;	623	return 0;
624	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	624	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
625	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	625	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
626		626
627	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);	627	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
628	}	628	}
629		629
630	/**	630	/**
631	* smack_inode_getattr - Smack check for getting attributes	631	* smack_inode_getattr - Smack check for getting attributes
632	* @mnt: unused	632	* @mnt: unused
633	* @dentry: the object	633	* @dentry: the object
634	*	634	*
635	* Returns 0 if access is permitted, an error code otherwise	635	* Returns 0 if access is permitted, an error code otherwise
636	*/	636	*/
637	static int smack_inode_getattr(struct vfsmount mnt, struct dentry dentry)	637	static int smack_inode_getattr(struct vfsmount mnt, struct dentry dentry)
638	{	638	{
639	struct smk_audit_info ad;	639	struct smk_audit_info ad;
640		640
641	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	641	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
642	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	642	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
643	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);	643	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
644	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);	644	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
645	}	645	}
646		646
647	/**	647	/**
648	* smack_inode_setxattr - Smack check for setting xattrs	648	* smack_inode_setxattr - Smack check for setting xattrs
649	* @dentry: the object	649	* @dentry: the object
650	* @name: name of the attribute	650	* @name: name of the attribute
651	* @value: unused	651	* @value: unused
652	* @size: unused	652	* @size: unused
653	* @flags: unused	653	* @flags: unused
654	*	654	*
655	* This protects the Smack attribute explicitly.	655	* This protects the Smack attribute explicitly.
656	*	656	*
657	* Returns 0 if access is permitted, an error code otherwise	657	* Returns 0 if access is permitted, an error code otherwise
658	*/	658	*/
659	static int smack_inode_setxattr(struct dentry dentry, const char name,	659	static int smack_inode_setxattr(struct dentry dentry, const char name,
660	const void *value, size_t size, int flags)	660	const void *value, size_t size, int flags)
661	{	661	{
662	struct smk_audit_info ad;	662	struct smk_audit_info ad;
663	int rc = 0;	663	int rc = 0;
664		664
665	if (strcmp(name, XATTR_NAME_SMACK) == 0 \|\|	665	if (strcmp(name, XATTR_NAME_SMACK) == 0 \|\|
666	strcmp(name, XATTR_NAME_SMACKIPIN) == 0 \|\|	666	strcmp(name, XATTR_NAME_SMACKIPIN) == 0 \|\|
667	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {	667	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
668	if (!capable(CAP_MAC_ADMIN))	668	if (!capable(CAP_MAC_ADMIN))
669	rc = -EPERM;	669	rc = -EPERM;
670	/*	670	/*
671	* check label validity here so import wont fail on	671	* check label validity here so import wont fail on
672	* post_setxattr	672	* post_setxattr
673	*/	673	*/
674	if (size == 0 \|\| size >= SMK_LABELLEN \|\|	674	if (size == 0 \|\| size >= SMK_LABELLEN \|\|
675	smk_import(value, size) == NULL)	675	smk_import(value, size) == NULL)
676	rc = -EINVAL;	676	rc = -EINVAL;
677	} else	677	} else
678	rc = cap_inode_setxattr(dentry, name, value, size, flags);	678	rc = cap_inode_setxattr(dentry, name, value, size, flags);
679		679
680	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	680	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
681	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	681	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
682		682
683	if (rc == 0)	683	if (rc == 0)
684	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);	684	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
685		685
686	return rc;	686	return rc;
687	}	687	}
688		688
689	/**	689	/**
690	* smack_inode_post_setxattr - Apply the Smack update approved above	690	* smack_inode_post_setxattr - Apply the Smack update approved above
691	* @dentry: object	691	* @dentry: object
692	* @name: attribute name	692	* @name: attribute name
693	* @value: attribute value	693	* @value: attribute value
694	* @size: attribute size	694	* @size: attribute size
695	* @flags: unused	695	* @flags: unused
696	*	696	*
697	* Set the pointer in the inode blob to the entry found	697	* Set the pointer in the inode blob to the entry found
698	* in the master label list.	698	* in the master label list.
699	*/	699	*/
700	static void smack_inode_post_setxattr(struct dentry dentry, const char name,	700	static void smack_inode_post_setxattr(struct dentry dentry, const char name,
701	const void *value, size_t size, int flags)	701	const void *value, size_t size, int flags)
702	{	702	{
703	struct inode_smack *isp;	703	struct inode_smack *isp;
704	char *nsp;	704	char *nsp;
705		705
706	/*	706	/*
707	* Not SMACK	707	* Not SMACK
708	*/	708	*/
709	if (strcmp(name, XATTR_NAME_SMACK))	709	if (strcmp(name, XATTR_NAME_SMACK))
710	return;	710	return;
711		711
712	isp = dentry->d_inode->i_security;	712	isp = dentry->d_inode->i_security;
713		713
714	/*	714	/*
715	* No locking is done here. This is a pointer	715	* No locking is done here. This is a pointer
716	* assignment.	716	* assignment.
717	*/	717	*/
718	nsp = smk_import(value, size);	718	nsp = smk_import(value, size);
719	if (nsp != NULL)	719	if (nsp != NULL)
720	isp->smk_inode = nsp;	720	isp->smk_inode = nsp;
721	else	721	else
722	isp->smk_inode = smack_known_invalid.smk_known;	722	isp->smk_inode = smack_known_invalid.smk_known;
723		723
724	return;	724	return;
725	}	725	}
726		726
727	/*	727	/*
728	* smack_inode_getxattr - Smack check on getxattr	728	* smack_inode_getxattr - Smack check on getxattr
729	* @dentry: the object	729	* @dentry: the object
730	* @name: unused	730	* @name: unused
731	*	731	*
732	* Returns 0 if access is permitted, an error code otherwise	732	* Returns 0 if access is permitted, an error code otherwise
733	*/	733	*/
734	static int smack_inode_getxattr(struct dentry dentry, const char name)	734	static int smack_inode_getxattr(struct dentry dentry, const char name)
735	{	735	{
736	struct smk_audit_info ad;	736	struct smk_audit_info ad;
737		737
738	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	738	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
739	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	739	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
740		740
741	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);	741	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
742	}	742	}
743		743
744	/*	744	/*
745	* smack_inode_removexattr - Smack check on removexattr	745	* smack_inode_removexattr - Smack check on removexattr
746	* @dentry: the object	746	* @dentry: the object
747	* @name: name of the attribute	747	* @name: name of the attribute
748	*	748	*
749	* Removing the Smack attribute requires CAP_MAC_ADMIN	749	* Removing the Smack attribute requires CAP_MAC_ADMIN
750	*	750	*
751	* Returns 0 if access is permitted, an error code otherwise	751	* Returns 0 if access is permitted, an error code otherwise
752	*/	752	*/
753	static int smack_inode_removexattr(struct dentry dentry, const char name)	753	static int smack_inode_removexattr(struct dentry dentry, const char name)
754	{	754	{
755	struct smk_audit_info ad;	755	struct smk_audit_info ad;
756	int rc = 0;	756	int rc = 0;
757		757
758	if (strcmp(name, XATTR_NAME_SMACK) == 0 \|\|	758	if (strcmp(name, XATTR_NAME_SMACK) == 0 \|\|
759	strcmp(name, XATTR_NAME_SMACKIPIN) == 0 \|\|	759	strcmp(name, XATTR_NAME_SMACKIPIN) == 0 \|\|
760	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {	760	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
761	if (!capable(CAP_MAC_ADMIN))	761	if (!capable(CAP_MAC_ADMIN))
762	rc = -EPERM;	762	rc = -EPERM;
763	} else	763	} else
764	rc = cap_inode_removexattr(dentry, name);	764	rc = cap_inode_removexattr(dentry, name);
765		765
766	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	766	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
767	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);	767	smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
768	if (rc == 0)	768	if (rc == 0)
769	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);	769	rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
770		770
771	return rc;	771	return rc;
772	}	772	}
773		773
774	/**	774	/**
775	* smack_inode_getsecurity - get smack xattrs	775	* smack_inode_getsecurity - get smack xattrs
776	* @inode: the object	776	* @inode: the object
777	* @name: attribute name	777	* @name: attribute name
778	* @buffer: where to put the result	778	* @buffer: where to put the result
779	* @alloc: unused	779	* @alloc: unused
780	*	780	*
781	* Returns the size of the attribute or an error code	781	* Returns the size of the attribute or an error code
782	*/	782	*/
783	static int smack_inode_getsecurity(const struct inode *inode,	783	static int smack_inode_getsecurity(const struct inode *inode,
784	const char name, void *buffer,	784	const char name, void *buffer,
785	bool alloc)	785	bool alloc)
786	{	786	{
787	struct socket_smack *ssp;	787	struct socket_smack *ssp;
788	struct socket *sock;	788	struct socket *sock;
789	struct super_block *sbp;	789	struct super_block *sbp;
790	struct inode ip = (struct inode )inode;	790	struct inode ip = (struct inode )inode;
791	char *isp;	791	char *isp;
792	int ilen;	792	int ilen;
793	int rc = 0;	793	int rc = 0;
794		794
795	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {	795	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
796	isp = smk_of_inode(inode);	796	isp = smk_of_inode(inode);
797	ilen = strlen(isp) + 1;	797	ilen = strlen(isp) + 1;
798	*buffer = isp;	798	*buffer = isp;
799	return ilen;	799	return ilen;
800	}	800	}
801		801
802	/*	802	/*
803	* The rest of the Smack xattrs are only on sockets.	803	* The rest of the Smack xattrs are only on sockets.
804	*/	804	*/
805	sbp = ip->i_sb;	805	sbp = ip->i_sb;
806	if (sbp->s_magic != SOCKFS_MAGIC)	806	if (sbp->s_magic != SOCKFS_MAGIC)
807	return -EOPNOTSUPP;	807	return -EOPNOTSUPP;
808		808
809	sock = SOCKET_I(ip);	809	sock = SOCKET_I(ip);
810	if (sock == NULL \|\| sock->sk == NULL)	810	if (sock == NULL \|\| sock->sk == NULL)
811	return -EOPNOTSUPP;	811	return -EOPNOTSUPP;
812		812
813	ssp = sock->sk->sk_security;	813	ssp = sock->sk->sk_security;
814		814
815	if (strcmp(name, XATTR_SMACK_IPIN) == 0)	815	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
816	isp = ssp->smk_in;	816	isp = ssp->smk_in;
817	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)	817	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
818	isp = ssp->smk_out;	818	isp = ssp->smk_out;
819	else	819	else
820	return -EOPNOTSUPP;	820	return -EOPNOTSUPP;
821		821
822	ilen = strlen(isp) + 1;	822	ilen = strlen(isp) + 1;
823	if (rc == 0) {	823	if (rc == 0) {
824	*buffer = isp;	824	*buffer = isp;
825	rc = ilen;	825	rc = ilen;
826	}	826	}
827		827
828	return rc;	828	return rc;
829	}	829	}
830		830
831		831
832	/**	832	/**
833	* smack_inode_listsecurity - list the Smack attributes	833	* smack_inode_listsecurity - list the Smack attributes
834	* @inode: the object	834	* @inode: the object
835	* @buffer: where they go	835	* @buffer: where they go
836	* @buffer_size: size of buffer	836	* @buffer_size: size of buffer
837	*	837	*
838	* Returns 0 on success, -EINVAL otherwise	838	* Returns 0 on success, -EINVAL otherwise
839	*/	839	*/
840	static int smack_inode_listsecurity(struct inode inode, char buffer,	840	static int smack_inode_listsecurity(struct inode inode, char buffer,
841	size_t buffer_size)	841	size_t buffer_size)
842	{	842	{
843	int len = strlen(XATTR_NAME_SMACK);	843	int len = strlen(XATTR_NAME_SMACK);
844		844
845	if (buffer != NULL && len <= buffer_size) {	845	if (buffer != NULL && len <= buffer_size) {
846	memcpy(buffer, XATTR_NAME_SMACK, len);	846	memcpy(buffer, XATTR_NAME_SMACK, len);
847	return len;	847	return len;
848	}	848	}
849	return -EINVAL;	849	return -EINVAL;
850	}	850	}
851		851
852	/**	852	/**
853	* smack_inode_getsecid - Extract inode's security id	853	* smack_inode_getsecid - Extract inode's security id
854	* @inode: inode to extract the info from	854	* @inode: inode to extract the info from
855	* @secid: where result will be saved	855	* @secid: where result will be saved
856	*/	856	*/
857	static void smack_inode_getsecid(const struct inode inode, u32 secid)	857	static void smack_inode_getsecid(const struct inode inode, u32 secid)
858	{	858	{
859	struct inode_smack *isp = inode->i_security;	859	struct inode_smack *isp = inode->i_security;
860		860
861	*secid = smack_to_secid(isp->smk_inode);	861	*secid = smack_to_secid(isp->smk_inode);
862	}	862	}
863		863
864	/*	864	/*
865	* File Hooks	865	* File Hooks
866	*/	866	*/
867		867
868	/**	868	/**
869	* smack_file_permission - Smack check on file operations	869	* smack_file_permission - Smack check on file operations
870	* @file: unused	870	* @file: unused
871	* @mask: unused	871	* @mask: unused
872	*	872	*
873	* Returns 0	873	* Returns 0
874	*	874	*
875	* Should access checks be done on each read or write?	875	* Should access checks be done on each read or write?
876	* UNICOS and SELinux say yes.	876	* UNICOS and SELinux say yes.
877	* Trusted Solaris, Trusted Irix, and just about everyone else says no.	877	* Trusted Solaris, Trusted Irix, and just about everyone else says no.
878	*	878	*
879	* I'll say no for now. Smack does not do the frequent	879	* I'll say no for now. Smack does not do the frequent
880	* label changing that SELinux does.	880	* label changing that SELinux does.
881	*/	881	*/
882	static int smack_file_permission(struct file *file, int mask)	882	static int smack_file_permission(struct file *file, int mask)
883	{	883	{
884	return 0;	884	return 0;
885	}	885	}
886		886
887	/**	887	/**
888	* smack_file_alloc_security - assign a file security blob	888	* smack_file_alloc_security - assign a file security blob
889	* @file: the object	889	* @file: the object
890	*	890	*
891	* The security blob for a file is a pointer to the master	891	* The security blob for a file is a pointer to the master
892	* label list, so no allocation is done.	892	* label list, so no allocation is done.
893	*	893	*
894	* Returns 0	894	* Returns 0
895	*/	895	*/
896	static int smack_file_alloc_security(struct file *file)	896	static int smack_file_alloc_security(struct file *file)
897	{	897	{
898	file->f_security = current_security();	898	file->f_security = current_security();
899	return 0;	899	return 0;
900	}	900	}
901		901
902	/**	902	/**
903	* smack_file_free_security - clear a file security blob	903	* smack_file_free_security - clear a file security blob
904	* @file: the object	904	* @file: the object
905	*	905	*
906	* The security blob for a file is a pointer to the master	906	* The security blob for a file is a pointer to the master
907	* label list, so no memory is freed.	907	* label list, so no memory is freed.
908	*/	908	*/
909	static void smack_file_free_security(struct file *file)	909	static void smack_file_free_security(struct file *file)
910	{	910	{
911	file->f_security = NULL;	911	file->f_security = NULL;
912	}	912	}
913		913
914	/**	914	/**
915	* smack_file_ioctl - Smack check on ioctls	915	* smack_file_ioctl - Smack check on ioctls
916	* @file: the object	916	* @file: the object
917	* @cmd: what to do	917	* @cmd: what to do
918	* @arg: unused	918	* @arg: unused
919	*	919	*
920	* Relies heavily on the correct use of the ioctl command conventions.	920	* Relies heavily on the correct use of the ioctl command conventions.
921	*	921	*
922	* Returns 0 if allowed, error code otherwise	922	* Returns 0 if allowed, error code otherwise
923	*/	923	*/
924	static int smack_file_ioctl(struct file *file, unsigned int cmd,	924	static int smack_file_ioctl(struct file *file, unsigned int cmd,
925	unsigned long arg)	925	unsigned long arg)
926	{	926	{
927	int rc = 0;	927	int rc = 0;
928	struct smk_audit_info ad;	928	struct smk_audit_info ad;
929		929
930	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	930	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
931	smk_ad_setfield_u_fs_path(&ad, file->f_path);	931	smk_ad_setfield_u_fs_path(&ad, file->f_path);
932		932
933	if (_IOC_DIR(cmd) & _IOC_WRITE)	933	if (_IOC_DIR(cmd) & _IOC_WRITE)
934	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);	934	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
935		935
936	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))	936	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
937	rc = smk_curacc(file->f_security, MAY_READ, &ad);	937	rc = smk_curacc(file->f_security, MAY_READ, &ad);
938		938
939	return rc;	939	return rc;
940	}	940	}
941		941
942	/**	942	/**
943	* smack_file_lock - Smack check on file locking	943	* smack_file_lock - Smack check on file locking
944	* @file: the object	944	* @file: the object
945	* @cmd: unused	945	* @cmd: unused
946	*	946	*
947	* Returns 0 if current has write access, error code otherwise	947	* Returns 0 if current has write access, error code otherwise
948	*/	948	*/
949	static int smack_file_lock(struct file *file, unsigned int cmd)	949	static int smack_file_lock(struct file *file, unsigned int cmd)
950	{	950	{
951	struct smk_audit_info ad;	951	struct smk_audit_info ad;
952		952
953	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	953	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
954	smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);	954	smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);
955	return smk_curacc(file->f_security, MAY_WRITE, &ad);	955	return smk_curacc(file->f_security, MAY_WRITE, &ad);
956	}	956	}
957		957
958	/**	958	/**
959	* smack_file_fcntl - Smack check on fcntl	959	* smack_file_fcntl - Smack check on fcntl
960	* @file: the object	960	* @file: the object
961	* @cmd: what action to check	961	* @cmd: what action to check
962	* @arg: unused	962	* @arg: unused
963	*	963	*
964	* Returns 0 if current has access, error code otherwise	964	* Returns 0 if current has access, error code otherwise
965	*/	965	*/
966	static int smack_file_fcntl(struct file *file, unsigned int cmd,	966	static int smack_file_fcntl(struct file *file, unsigned int cmd,
967	unsigned long arg)	967	unsigned long arg)
968	{	968	{
969	struct smk_audit_info ad;	969	struct smk_audit_info ad;
970	int rc;	970	int rc;
971		971
972	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);	972	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
973	smk_ad_setfield_u_fs_path(&ad, file->f_path);	973	smk_ad_setfield_u_fs_path(&ad, file->f_path);
974		974
975	switch (cmd) {	975	switch (cmd) {
976	case F_DUPFD:	976	case F_DUPFD:
977	case F_GETFD:	977	case F_GETFD:
978	case F_GETFL:	978	case F_GETFL:
979	case F_GETLK:	979	case F_GETLK:
980	case F_GETOWN:	980	case F_GETOWN:
981	case F_GETSIG:	981	case F_GETSIG:
982	rc = smk_curacc(file->f_security, MAY_READ, &ad);	982	rc = smk_curacc(file->f_security, MAY_READ, &ad);
983	break;	983	break;
984	case F_SETFD:	984	case F_SETFD:
985	case F_SETFL:	985	case F_SETFL:
986	case F_SETLK:	986	case F_SETLK:
987	case F_SETLKW:	987	case F_SETLKW:
988	case F_SETOWN:	988	case F_SETOWN:
989	case F_SETSIG:	989	case F_SETSIG:
990	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);	990	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
991	break;	991	break;
992	default:	992	default:
993	rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);	993	rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);
994	}	994	}
995		995
996	return rc;	996	return rc;
997	}	997	}
998		998
999	/**	999	/**
1000	* smack_file_set_fowner - set the file security blob value	1000	* smack_file_set_fowner - set the file security blob value
1001	* @file: object in question	1001	* @file: object in question
1002	*	1002	*
1003	* Returns 0	1003	* Returns 0
1004	* Further research may be required on this one.	1004	* Further research may be required on this one.
1005	*/	1005	*/
1006	static int smack_file_set_fowner(struct file *file)	1006	static int smack_file_set_fowner(struct file *file)
1007	{	1007	{
1008	file->f_security = current_security();	1008	file->f_security = current_security();
1009	return 0;	1009	return 0;
1010	}	1010	}
1011		1011
1012	/**	1012	/**
1013	* smack_file_send_sigiotask - Smack on sigio	1013	* smack_file_send_sigiotask - Smack on sigio
1014	* @tsk: The target task	1014	* @tsk: The target task
1015	* @fown: the object the signal come from	1015	* @fown: the object the signal come from
1016	* @signum: unused	1016	* @signum: unused
1017	*	1017	*
1018	* Allow a privileged task to get signals even if it shouldn't	1018	* Allow a privileged task to get signals even if it shouldn't
1019	*	1019	*
1020	* Returns 0 if a subject with the object's smack could	1020	* Returns 0 if a subject with the object's smack could
1021	* write to the task, an error code otherwise.	1021	* write to the task, an error code otherwise.
1022	*/	1022	*/
1023	static int smack_file_send_sigiotask(struct task_struct *tsk,	1023	static int smack_file_send_sigiotask(struct task_struct *tsk,
1024	struct fown_struct *fown, int signum)	1024	struct fown_struct *fown, int signum)
1025	{	1025	{
1026	struct file *file;	1026	struct file *file;
1027	int rc;	1027	int rc;
1028	char *tsp = tsk->cred->security;	1028	char *tsp = tsk->cred->security;
1029	struct smk_audit_info ad;	1029	struct smk_audit_info ad;
1030		1030
1031	/*	1031	/*
1032	* struct fown_struct is never outside the context of a struct file	1032	* struct fown_struct is never outside the context of a struct file
1033	*/	1033	*/
1034	file = container_of(fown, struct file, f_owner);	1034	file = container_of(fown, struct file, f_owner);
1035	/* we don't log here as rc can be overriden */	1035	/* we don't log here as rc can be overriden */
1036	rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);	1036	rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1037	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))	1037	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1038	rc = 0;	1038	rc = 0;
1039		1039
1040	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	1040	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1041	smk_ad_setfield_u_tsk(&ad, tsk);	1041	smk_ad_setfield_u_tsk(&ad, tsk);
1042	smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);	1042	smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1043	return rc;	1043	return rc;
1044	}	1044	}
1045		1045
1046	/**	1046	/**
1047	* smack_file_receive - Smack file receive check	1047	* smack_file_receive - Smack file receive check
1048	* @file: the object	1048	* @file: the object
1049	*	1049	*
1050	* Returns 0 if current has access, error code otherwise	1050	* Returns 0 if current has access, error code otherwise
1051	*/	1051	*/
1052	static int smack_file_receive(struct file *file)	1052	static int smack_file_receive(struct file *file)
1053	{	1053	{
1054	int may = 0;	1054	int may = 0;
1055	struct smk_audit_info ad;	1055	struct smk_audit_info ad;
1056		1056
1057	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	1057	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1058	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1058	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1059	/*	1059	/*
1060	* This code relies on bitmasks.	1060	* This code relies on bitmasks.
1061	*/	1061	*/
1062	if (file->f_mode & FMODE_READ)	1062	if (file->f_mode & FMODE_READ)
1063	may = MAY_READ;	1063	may = MAY_READ;
1064	if (file->f_mode & FMODE_WRITE)	1064	if (file->f_mode & FMODE_WRITE)
1065	may \|= MAY_WRITE;	1065	may \|= MAY_WRITE;
1066		1066
1067	return smk_curacc(file->f_security, may, &ad);	1067	return smk_curacc(file->f_security, may, &ad);
1068	}	1068	}
1069		1069
1070	/*	1070	/*
1071	* Task hooks	1071	* Task hooks
1072	*/	1072	*/
1073		1073
1074	/**	1074	/**
1075	* smack_cred_alloc_blank - "allocate" blank task-level security credentials	1075	* smack_cred_alloc_blank - "allocate" blank task-level security credentials
1076	* @new: the new credentials	1076	* @new: the new credentials
1077	* @gfp: the atomicity of any memory allocations	1077	* @gfp: the atomicity of any memory allocations
1078	*	1078	*
1079	* Prepare a blank set of credentials for modification. This must allocate all	1079	* Prepare a blank set of credentials for modification. This must allocate all
1080	* the memory the LSM module might require such that cred_transfer() can	1080	* the memory the LSM module might require such that cred_transfer() can
1081	* complete without error.	1081	* complete without error.
1082	*/	1082	*/
1083	static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)	1083	static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1084	{	1084	{
1085	cred->security = NULL;	1085	cred->security = NULL;
1086	return 0;	1086	return 0;
1087	}	1087	}
1088		1088
1089		1089
1090	/**	1090	/**
1091	* smack_cred_free - "free" task-level security credentials	1091	* smack_cred_free - "free" task-level security credentials
1092	* @cred: the credentials in question	1092	* @cred: the credentials in question
1093	*	1093	*
1094	* Smack isn't using copies of blobs. Everyone	1094	* Smack isn't using copies of blobs. Everyone
1095	* points to an immutable list. The blobs never go away.	1095	* points to an immutable list. The blobs never go away.
1096	* There is no leak here.	1096	* There is no leak here.
1097	*/	1097	*/
1098	static void smack_cred_free(struct cred *cred)	1098	static void smack_cred_free(struct cred *cred)
1099	{	1099	{
1100	cred->security = NULL;	1100	cred->security = NULL;
1101	}	1101	}
1102		1102
1103	/**	1103	/**
1104	* smack_cred_prepare - prepare new set of credentials for modification	1104	* smack_cred_prepare - prepare new set of credentials for modification
1105	* @new: the new credentials	1105	* @new: the new credentials
1106	* @old: the original credentials	1106	* @old: the original credentials
1107	* @gfp: the atomicity of any memory allocations	1107	* @gfp: the atomicity of any memory allocations
1108	*	1108	*
1109	* Prepare a new set of credentials for modification.	1109	* Prepare a new set of credentials for modification.
1110	*/	1110	*/
1111	static int smack_cred_prepare(struct cred new, const struct cred old,	1111	static int smack_cred_prepare(struct cred new, const struct cred old,
1112	gfp_t gfp)	1112	gfp_t gfp)
1113	{	1113	{
1114	new->security = old->security;	1114	new->security = old->security;
1115	return 0;	1115	return 0;
1116	}	1116	}
1117		1117
1118	/**	1118	/**
1119	* smack_cred_transfer - Transfer the old credentials to the new credentials	1119	* smack_cred_transfer - Transfer the old credentials to the new credentials
1120	* @new: the new credentials	1120	* @new: the new credentials
1121	* @old: the original credentials	1121	* @old: the original credentials
1122	*	1122	*
1123	* Fill in a set of blank credentials from another set of credentials.	1123	* Fill in a set of blank credentials from another set of credentials.
1124	*/	1124	*/
1125	static void smack_cred_transfer(struct cred new, const struct cred old)	1125	static void smack_cred_transfer(struct cred new, const struct cred old)
1126	{	1126	{
1127	new->security = old->security;	1127	new->security = old->security;
1128	}	1128	}
1129		1129
1130	/**	1130	/**
1131	* smack_kernel_act_as - Set the subjective context in a set of credentials	1131	* smack_kernel_act_as - Set the subjective context in a set of credentials
1132	* @new: points to the set of credentials to be modified.	1132	* @new: points to the set of credentials to be modified.
1133	* @secid: specifies the security ID to be set	1133	* @secid: specifies the security ID to be set
1134	*	1134	*
1135	* Set the security data for a kernel service.	1135	* Set the security data for a kernel service.
1136	*/	1136	*/
1137	static int smack_kernel_act_as(struct cred *new, u32 secid)	1137	static int smack_kernel_act_as(struct cred *new, u32 secid)
1138	{	1138	{
1139	char *smack = smack_from_secid(secid);	1139	char *smack = smack_from_secid(secid);
1140		1140
1141	if (smack == NULL)	1141	if (smack == NULL)
1142	return -EINVAL;	1142	return -EINVAL;
1143		1143
1144	new->security = smack;	1144	new->security = smack;
1145	return 0;	1145	return 0;
1146	}	1146	}
1147		1147
1148	/**	1148	/**
1149	* smack_kernel_create_files_as - Set the file creation label in a set of creds	1149	* smack_kernel_create_files_as - Set the file creation label in a set of creds
1150	* @new: points to the set of credentials to be modified	1150	* @new: points to the set of credentials to be modified
1151	* @inode: points to the inode to use as a reference	1151	* @inode: points to the inode to use as a reference
1152	*	1152	*
1153	* Set the file creation context in a set of credentials to the same	1153	* Set the file creation context in a set of credentials to the same
1154	* as the objective context of the specified inode	1154	* as the objective context of the specified inode
1155	*/	1155	*/
1156	static int smack_kernel_create_files_as(struct cred *new,	1156	static int smack_kernel_create_files_as(struct cred *new,
1157	struct inode *inode)	1157	struct inode *inode)
1158	{	1158	{
1159	struct inode_smack *isp = inode->i_security;	1159	struct inode_smack *isp = inode->i_security;
1160		1160
1161	new->security = isp->smk_inode;	1161	new->security = isp->smk_inode;
1162	return 0;	1162	return 0;
1163	}	1163	}
1164		1164
1165	/**	1165	/**
1166	* smk_curacc_on_task - helper to log task related access	1166	* smk_curacc_on_task - helper to log task related access
1167	* @p: the task object	1167	* @p: the task object
1168	* @access : the access requested	1168	* @access : the access requested
1169	*	1169	*
1170	* Return 0 if access is permitted	1170	* Return 0 if access is permitted
1171	*/	1171	*/
1172	static int smk_curacc_on_task(struct task_struct *p, int access)	1172	static int smk_curacc_on_task(struct task_struct *p, int access)
1173	{	1173	{
1174	struct smk_audit_info ad;	1174	struct smk_audit_info ad;
1175		1175
1176	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	1176	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1177	smk_ad_setfield_u_tsk(&ad, p);	1177	smk_ad_setfield_u_tsk(&ad, p);
1178	return smk_curacc(task_security(p), access, &ad);	1178	return smk_curacc(task_security(p), access, &ad);
1179	}	1179	}
1180		1180
1181	/**	1181	/**
1182	* smack_task_setpgid - Smack check on setting pgid	1182	* smack_task_setpgid - Smack check on setting pgid
1183	* @p: the task object	1183	* @p: the task object
1184	* @pgid: unused	1184	* @pgid: unused
1185	*	1185	*
1186	* Return 0 if write access is permitted	1186	* Return 0 if write access is permitted
1187	*/	1187	*/
1188	static int smack_task_setpgid(struct task_struct *p, pid_t pgid)	1188	static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1189	{	1189	{
1190	return smk_curacc_on_task(p, MAY_WRITE);	1190	return smk_curacc_on_task(p, MAY_WRITE);
1191	}	1191	}
1192		1192
1193	/**	1193	/**
1194	* smack_task_getpgid - Smack access check for getpgid	1194	* smack_task_getpgid - Smack access check for getpgid
1195	* @p: the object task	1195	* @p: the object task
1196	*	1196	*
1197	* Returns 0 if current can read the object task, error code otherwise	1197	* Returns 0 if current can read the object task, error code otherwise
1198	*/	1198	*/
1199	static int smack_task_getpgid(struct task_struct *p)	1199	static int smack_task_getpgid(struct task_struct *p)
1200	{	1200	{
1201	return smk_curacc_on_task(p, MAY_READ);	1201	return smk_curacc_on_task(p, MAY_READ);
1202	}	1202	}
1203		1203
1204	/**	1204	/**
1205	* smack_task_getsid - Smack access check for getsid	1205	* smack_task_getsid - Smack access check for getsid
1206	* @p: the object task	1206	* @p: the object task
1207	*	1207	*
1208	* Returns 0 if current can read the object task, error code otherwise	1208	* Returns 0 if current can read the object task, error code otherwise
1209	*/	1209	*/
1210	static int smack_task_getsid(struct task_struct *p)	1210	static int smack_task_getsid(struct task_struct *p)
1211	{	1211	{
1212	return smk_curacc_on_task(p, MAY_READ);	1212	return smk_curacc_on_task(p, MAY_READ);
1213	}	1213	}
1214		1214
1215	/**	1215	/**
1216	* smack_task_getsecid - get the secid of the task	1216	* smack_task_getsecid - get the secid of the task
1217	* @p: the object task	1217	* @p: the object task
1218	* @secid: where to put the result	1218	* @secid: where to put the result
1219	*	1219	*
1220	* Sets the secid to contain a u32 version of the smack label.	1220	* Sets the secid to contain a u32 version of the smack label.
1221	*/	1221	*/
1222	static void smack_task_getsecid(struct task_struct p, u32 secid)	1222	static void smack_task_getsecid(struct task_struct p, u32 secid)
1223	{	1223	{
1224	*secid = smack_to_secid(task_security(p));	1224	*secid = smack_to_secid(task_security(p));
1225	}	1225	}
1226		1226
1227	/**	1227	/**
1228	* smack_task_setnice - Smack check on setting nice	1228	* smack_task_setnice - Smack check on setting nice
1229	* @p: the task object	1229	* @p: the task object
1230	* @nice: unused	1230	* @nice: unused
1231	*	1231	*
1232	* Return 0 if write access is permitted	1232	* Return 0 if write access is permitted
1233	*/	1233	*/
1234	static int smack_task_setnice(struct task_struct *p, int nice)	1234	static int smack_task_setnice(struct task_struct *p, int nice)
1235	{	1235	{
1236	int rc;	1236	int rc;
1237		1237
1238	rc = cap_task_setnice(p, nice);	1238	rc = cap_task_setnice(p, nice);
1239	if (rc == 0)	1239	if (rc == 0)
1240	rc = smk_curacc_on_task(p, MAY_WRITE);	1240	rc = smk_curacc_on_task(p, MAY_WRITE);
1241	return rc;	1241	return rc;
1242	}	1242	}
1243		1243
1244	/**	1244	/**
1245	* smack_task_setioprio - Smack check on setting ioprio	1245	* smack_task_setioprio - Smack check on setting ioprio
1246	* @p: the task object	1246	* @p: the task object
1247	* @ioprio: unused	1247	* @ioprio: unused
1248	*	1248	*
1249	* Return 0 if write access is permitted	1249	* Return 0 if write access is permitted
1250	*/	1250	*/
1251	static int smack_task_setioprio(struct task_struct *p, int ioprio)	1251	static int smack_task_setioprio(struct task_struct *p, int ioprio)
1252	{	1252	{
1253	int rc;	1253	int rc;
1254		1254
1255	rc = cap_task_setioprio(p, ioprio);	1255	rc = cap_task_setioprio(p, ioprio);
1256	if (rc == 0)	1256	if (rc == 0)
1257	rc = smk_curacc_on_task(p, MAY_WRITE);	1257	rc = smk_curacc_on_task(p, MAY_WRITE);
1258	return rc;	1258	return rc;
1259	}	1259	}
1260		1260
1261	/**	1261	/**
1262	* smack_task_getioprio - Smack check on reading ioprio	1262	* smack_task_getioprio - Smack check on reading ioprio
1263	* @p: the task object	1263	* @p: the task object
1264	*	1264	*
1265	* Return 0 if read access is permitted	1265	* Return 0 if read access is permitted
1266	*/	1266	*/
1267	static int smack_task_getioprio(struct task_struct *p)	1267	static int smack_task_getioprio(struct task_struct *p)
1268	{	1268	{
1269	return smk_curacc_on_task(p, MAY_READ);	1269	return smk_curacc_on_task(p, MAY_READ);
1270	}	1270	}
1271		1271
1272	/**	1272	/**
1273	* smack_task_setscheduler - Smack check on setting scheduler	1273	* smack_task_setscheduler - Smack check on setting scheduler
1274	* @p: the task object	1274	* @p: the task object
1275	* @policy: unused	1275	* @policy: unused
1276	* @lp: unused	1276	* @lp: unused
1277	*	1277	*
1278	* Return 0 if read access is permitted	1278	* Return 0 if read access is permitted
1279	*/	1279	*/
1280	static int smack_task_setscheduler(struct task_struct *p)	1280	static int smack_task_setscheduler(struct task_struct *p)
1281	{	1281	{
1282	int rc;	1282	int rc;
1283		1283
1284	rc = cap_task_setscheduler(p);	1284	rc = cap_task_setscheduler(p);
1285	if (rc == 0)	1285	if (rc == 0)
1286	rc = smk_curacc_on_task(p, MAY_WRITE);	1286	rc = smk_curacc_on_task(p, MAY_WRITE);
1287	return rc;	1287	return rc;
1288	}	1288	}
1289		1289
1290	/**	1290	/**
1291	* smack_task_getscheduler - Smack check on reading scheduler	1291	* smack_task_getscheduler - Smack check on reading scheduler
1292	* @p: the task object	1292	* @p: the task object
1293	*	1293	*
1294	* Return 0 if read access is permitted	1294	* Return 0 if read access is permitted
1295	*/	1295	*/
1296	static int smack_task_getscheduler(struct task_struct *p)	1296	static int smack_task_getscheduler(struct task_struct *p)
1297	{	1297	{
1298	return smk_curacc_on_task(p, MAY_READ);	1298	return smk_curacc_on_task(p, MAY_READ);
1299	}	1299	}
1300		1300
1301	/**	1301	/**
1302	* smack_task_movememory - Smack check on moving memory	1302	* smack_task_movememory - Smack check on moving memory
1303	* @p: the task object	1303	* @p: the task object
1304	*	1304	*
1305	* Return 0 if write access is permitted	1305	* Return 0 if write access is permitted
1306	*/	1306	*/
1307	static int smack_task_movememory(struct task_struct *p)	1307	static int smack_task_movememory(struct task_struct *p)
1308	{	1308	{
1309	return smk_curacc_on_task(p, MAY_WRITE);	1309	return smk_curacc_on_task(p, MAY_WRITE);
1310	}	1310	}
1311		1311
1312	/**	1312	/**
1313	* smack_task_kill - Smack check on signal delivery	1313	* smack_task_kill - Smack check on signal delivery
1314	* @p: the task object	1314	* @p: the task object
1315	* @info: unused	1315	* @info: unused
1316	* @sig: unused	1316	* @sig: unused
1317	* @secid: identifies the smack to use in lieu of current's	1317	* @secid: identifies the smack to use in lieu of current's
1318	*	1318	*
1319	* Return 0 if write access is permitted	1319	* Return 0 if write access is permitted
1320	*	1320	*
1321	* The secid behavior is an artifact of an SELinux hack	1321	* The secid behavior is an artifact of an SELinux hack
1322	* in the USB code. Someday it may go away.	1322	* in the USB code. Someday it may go away.
1323	*/	1323	*/
1324	static int smack_task_kill(struct task_struct p, struct siginfo info,	1324	static int smack_task_kill(struct task_struct p, struct siginfo info,
1325	int sig, u32 secid)	1325	int sig, u32 secid)
1326	{	1326	{
1327	struct smk_audit_info ad;	1327	struct smk_audit_info ad;
1328		1328
1329	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	1329	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1330	smk_ad_setfield_u_tsk(&ad, p);	1330	smk_ad_setfield_u_tsk(&ad, p);
1331	/*	1331	/*
1332	* Sending a signal requires that the sender	1332	* Sending a signal requires that the sender
1333	* can write the receiver.	1333	* can write the receiver.
1334	*/	1334	*/
1335	if (secid == 0)	1335	if (secid == 0)
1336	return smk_curacc(task_security(p), MAY_WRITE, &ad);	1336	return smk_curacc(task_security(p), MAY_WRITE, &ad);
1337	/*	1337	/*
1338	* If the secid isn't 0 we're dealing with some USB IO	1338	* If the secid isn't 0 we're dealing with some USB IO
1339	* specific behavior. This is not clean. For one thing	1339	* specific behavior. This is not clean. For one thing
1340	* we can't take privilege into account.	1340	* we can't take privilege into account.
1341	*/	1341	*/
1342	return smk_access(smack_from_secid(secid), task_security(p),	1342	return smk_access(smack_from_secid(secid), task_security(p),
1343	MAY_WRITE, &ad);	1343	MAY_WRITE, &ad);
1344	}	1344	}
1345		1345
1346	/**	1346	/**
1347	* smack_task_wait - Smack access check for waiting	1347	* smack_task_wait - Smack access check for waiting
1348	* @p: task to wait for	1348	* @p: task to wait for
1349	*	1349	*
1350	* Returns 0 if current can wait for p, error code otherwise	1350	* Returns 0 if current can wait for p, error code otherwise
1351	*/	1351	*/
1352	static int smack_task_wait(struct task_struct *p)	1352	static int smack_task_wait(struct task_struct *p)
1353	{	1353	{
1354	struct smk_audit_info ad;	1354	struct smk_audit_info ad;
1355	char *sp = current_security();	1355	char *sp = current_security();
1356	char *tsp = task_security(p);	1356	char *tsp = task_security(p);
1357	int rc;	1357	int rc;
1358		1358
1359	/* we don't log here, we can be overriden */	1359	/* we don't log here, we can be overriden */
1360	rc = smk_access(sp, tsp, MAY_WRITE, NULL);	1360	rc = smk_access(sp, tsp, MAY_WRITE, NULL);
1361	if (rc == 0)	1361	if (rc == 0)
1362	goto out_log;	1362	goto out_log;
1363		1363
1364	/*	1364	/*
1365	* Allow the operation to succeed if either task	1365	* Allow the operation to succeed if either task
1366	* has privilege to perform operations that might	1366	* has privilege to perform operations that might
1367	* account for the smack labels having gotten to	1367	* account for the smack labels having gotten to
1368	* be different in the first place.	1368	* be different in the first place.
1369	*	1369	*
1370	* This breaks the strict subject/object access	1370	* This breaks the strict subject/object access
1371	* control ideal, taking the object's privilege	1371	* control ideal, taking the object's privilege
1372	* state into account in the decision as well as	1372	* state into account in the decision as well as
1373	* the smack value.	1373	* the smack value.
1374	*/	1374	*/
1375	if (capable(CAP_MAC_OVERRIDE) \|\| has_capability(p, CAP_MAC_OVERRIDE))	1375	if (capable(CAP_MAC_OVERRIDE) \|\| has_capability(p, CAP_MAC_OVERRIDE))
1376	rc = 0;	1376	rc = 0;
1377	/* we log only if we didn't get overriden */	1377	/* we log only if we didn't get overriden */
1378	out_log:	1378	out_log:
1379	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);	1379	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1380	smk_ad_setfield_u_tsk(&ad, p);	1380	smk_ad_setfield_u_tsk(&ad, p);
1381	smack_log(sp, tsp, MAY_WRITE, rc, &ad);	1381	smack_log(sp, tsp, MAY_WRITE, rc, &ad);
1382	return rc;	1382	return rc;
1383	}	1383	}
1384		1384
1385	/**	1385	/**
1386	* smack_task_to_inode - copy task smack into the inode blob	1386	* smack_task_to_inode - copy task smack into the inode blob
1387	* @p: task to copy from	1387	* @p: task to copy from
1388	* @inode: inode to copy to	1388	* @inode: inode to copy to
1389	*	1389	*
1390	* Sets the smack pointer in the inode security blob	1390	* Sets the smack pointer in the inode security blob
1391	*/	1391	*/
1392	static void smack_task_to_inode(struct task_struct p, struct inode inode)	1392	static void smack_task_to_inode(struct task_struct p, struct inode inode)
1393	{	1393	{
1394	struct inode_smack *isp = inode->i_security;	1394	struct inode_smack *isp = inode->i_security;
1395	isp->smk_inode = task_security(p);	1395	isp->smk_inode = task_security(p);
1396	}	1396	}
1397		1397
1398	/*	1398	/*
1399	* Socket hooks.	1399	* Socket hooks.
1400	*/	1400	*/
1401		1401
1402	/**	1402	/**
1403	* smack_sk_alloc_security - Allocate a socket blob	1403	* smack_sk_alloc_security - Allocate a socket blob
1404	* @sk: the socket	1404	* @sk: the socket
1405	* @family: unused	1405	* @family: unused
1406	* @gfp_flags: memory allocation flags	1406	* @gfp_flags: memory allocation flags
1407	*	1407	*
1408	* Assign Smack pointers to current	1408	* Assign Smack pointers to current
1409	*	1409	*
1410	* Returns 0 on success, -ENOMEM is there's no memory	1410	* Returns 0 on success, -ENOMEM is there's no memory
1411	*/	1411	*/
1412	static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)	1412	static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1413	{	1413	{
1414	char *csp = current_security();	1414	char *csp = current_security();
1415	struct socket_smack *ssp;	1415	struct socket_smack *ssp;
1416		1416
1417	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);	1417	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1418	if (ssp == NULL)	1418	if (ssp == NULL)
1419	return -ENOMEM;	1419	return -ENOMEM;
1420		1420
1421	ssp->smk_in = csp;	1421	ssp->smk_in = csp;
1422	ssp->smk_out = csp;	1422	ssp->smk_out = csp;
1423	ssp->smk_packet[0] = '\0';	1423	ssp->smk_packet[0] = '\0';
1424		1424
1425	sk->sk_security = ssp;	1425	sk->sk_security = ssp;
1426		1426
1427	return 0;	1427	return 0;
1428	}	1428	}
1429		1429
1430	/**	1430	/**
1431	* smack_sk_free_security - Free a socket blob	1431	* smack_sk_free_security - Free a socket blob
1432	* @sk: the socket	1432	* @sk: the socket
1433	*	1433	*
1434	* Clears the blob pointer	1434	* Clears the blob pointer
1435	*/	1435	*/
1436	static void smack_sk_free_security(struct sock *sk)	1436	static void smack_sk_free_security(struct sock *sk)
1437	{	1437	{
1438	kfree(sk->sk_security);	1438	kfree(sk->sk_security);
1439	}	1439	}
1440		1440
1441	/**	1441	/**
1442	* smack_host_label - check host based restrictions	1442	* smack_host_label - check host based restrictions
1443	* @sip: the object end	1443	* @sip: the object end
1444	*	1444	*
1445	* looks for host based access restrictions	1445	* looks for host based access restrictions
1446	*	1446	*
1447	* This version will only be appropriate for really small sets of single label	1447	* This version will only be appropriate for really small sets of single label
1448	* hosts. The caller is responsible for ensuring that the RCU read lock is	1448	* hosts. The caller is responsible for ensuring that the RCU read lock is
1449	* taken before calling this function.	1449	* taken before calling this function.
1450	*	1450	*
1451	* Returns the label of the far end or NULL if it's not special.	1451	* Returns the label of the far end or NULL if it's not special.
1452	*/	1452	*/
1453	static char smack_host_label(struct sockaddr_in sip)	1453	static char smack_host_label(struct sockaddr_in sip)
1454	{	1454	{
1455	struct smk_netlbladdr *snp;	1455	struct smk_netlbladdr *snp;
1456	struct in_addr *siap = &sip->sin_addr;	1456	struct in_addr *siap = &sip->sin_addr;
1457		1457
1458	if (siap->s_addr == 0)	1458	if (siap->s_addr == 0)
1459	return NULL;	1459	return NULL;
1460		1460
1461	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)	1461	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1462	/*	1462	/*
1463	* we break after finding the first match because	1463	* we break after finding the first match because
1464	* the list is sorted from longest to shortest mask	1464	* the list is sorted from longest to shortest mask
1465	* so we have found the most specific match	1465	* so we have found the most specific match
1466	*/	1466	*/
1467	if ((&snp->smk_host.sin_addr)->s_addr ==	1467	if ((&snp->smk_host.sin_addr)->s_addr ==
1468	(siap->s_addr & (&snp->smk_mask)->s_addr)) {	1468	(siap->s_addr & (&snp->smk_mask)->s_addr)) {
1469	/* we have found the special CIPSO option */	1469	/* we have found the special CIPSO option */
1470	if (snp->smk_label == smack_cipso_option)	1470	if (snp->smk_label == smack_cipso_option)
1471	return NULL;	1471	return NULL;
1472	return snp->smk_label;	1472	return snp->smk_label;
1473	}	1473	}
1474		1474
1475	return NULL;	1475	return NULL;
1476	}	1476	}
1477		1477
1478	/**	1478	/**
1479	* smack_set_catset - convert a capset to netlabel mls categories	1479	* smack_set_catset - convert a capset to netlabel mls categories
1480	* @catset: the Smack categories	1480	* @catset: the Smack categories
1481	* @sap: where to put the netlabel categories	1481	* @sap: where to put the netlabel categories
1482	*	1482	*
1483	* Allocates and fills attr.mls.cat	1483	* Allocates and fills attr.mls.cat
1484	*/	1484	*/
1485	static void smack_set_catset(char catset, struct netlbl_lsm_secattr sap)	1485	static void smack_set_catset(char catset, struct netlbl_lsm_secattr sap)
1486	{	1486	{
1487	unsigned char *cp;	1487	unsigned char *cp;
1488	unsigned char m;	1488	unsigned char m;
1489	int cat;	1489	int cat;
1490	int rc;	1490	int rc;
1491	int byte;	1491	int byte;
1492		1492
1493	if (!catset)	1493	if (!catset)
1494	return;	1494	return;
1495		1495
1496	sap->flags \|= NETLBL_SECATTR_MLS_CAT;	1496	sap->flags \|= NETLBL_SECATTR_MLS_CAT;
1497	sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);	1497	sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1498	sap->attr.mls.cat->startbit = 0;	1498	sap->attr.mls.cat->startbit = 0;
1499		1499
1500	for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)	1500	for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1501	for (m = 0x80; m != 0; m >>= 1, cat++) {	1501	for (m = 0x80; m != 0; m >>= 1, cat++) {
1502	if ((m & *cp) == 0)	1502	if ((m & *cp) == 0)
1503	continue;	1503	continue;
1504	rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,	1504	rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1505	cat, GFP_ATOMIC);	1505	cat, GFP_ATOMIC);
1506	}	1506	}
1507	}	1507	}
1508		1508
1509	/**	1509	/**
1510	* smack_to_secattr - fill a secattr from a smack value	1510	* smack_to_secattr - fill a secattr from a smack value
1511	* @smack: the smack value	1511	* @smack: the smack value
1512	* @nlsp: where the result goes	1512	* @nlsp: where the result goes
1513	*	1513	*
1514	* Casey says that CIPSO is good enough for now.	1514	* Casey says that CIPSO is good enough for now.
1515	* It can be used to effect.	1515	* It can be used to effect.
1516	* It can also be abused to effect when necessary.	1516	* It can also be abused to effect when necessary.
1517	* Appologies to the TSIG group in general and GW in particular.	1517	* Appologies to the TSIG group in general and GW in particular.
1518	*/	1518	*/
1519	static void smack_to_secattr(char smack, struct netlbl_lsm_secattr nlsp)	1519	static void smack_to_secattr(char smack, struct netlbl_lsm_secattr nlsp)
1520	{	1520	{
1521	struct smack_cipso cipso;	1521	struct smack_cipso cipso;
1522	int rc;	1522	int rc;
1523		1523
1524	nlsp->domain = smack;	1524	nlsp->domain = smack;
1525	nlsp->flags = NETLBL_SECATTR_DOMAIN \| NETLBL_SECATTR_MLS_LVL;	1525	nlsp->flags = NETLBL_SECATTR_DOMAIN \| NETLBL_SECATTR_MLS_LVL;
1526		1526
1527	rc = smack_to_cipso(smack, &cipso);	1527	rc = smack_to_cipso(smack, &cipso);
1528	if (rc == 0) {	1528	if (rc == 0) {
1529	nlsp->attr.mls.lvl = cipso.smk_level;	1529	nlsp->attr.mls.lvl = cipso.smk_level;
1530	smack_set_catset(cipso.smk_catset, nlsp);	1530	smack_set_catset(cipso.smk_catset, nlsp);
1531	} else {	1531	} else {
1532	nlsp->attr.mls.lvl = smack_cipso_direct;	1532	nlsp->attr.mls.lvl = smack_cipso_direct;
1533	smack_set_catset(smack, nlsp);	1533	smack_set_catset(smack, nlsp);
1534	}	1534	}
1535	}	1535	}
1536		1536
1537	/**	1537	/**
1538	* smack_netlabel - Set the secattr on a socket	1538	* smack_netlabel - Set the secattr on a socket
1539	* @sk: the socket	1539	* @sk: the socket
1540	* @labeled: socket label scheme	1540	* @labeled: socket label scheme
1541	*	1541	*
1542	* Convert the outbound smack value (smk_out) to a	1542	* Convert the outbound smack value (smk_out) to a
1543	* secattr and attach it to the socket.	1543	* secattr and attach it to the socket.
1544	*	1544	*
1545	* Returns 0 on success or an error code	1545	* Returns 0 on success or an error code
1546	*/	1546	*/
1547	static int smack_netlabel(struct sock *sk, int labeled)	1547	static int smack_netlabel(struct sock *sk, int labeled)
1548	{	1548	{
1549	struct socket_smack *ssp = sk->sk_security;	1549	struct socket_smack *ssp = sk->sk_security;
1550	struct netlbl_lsm_secattr secattr;	1550	struct netlbl_lsm_secattr secattr;
1551	int rc = 0;	1551	int rc = 0;
1552		1552
1553	/*	1553	/*
1554	* Usually the netlabel code will handle changing the	1554	* Usually the netlabel code will handle changing the
1555	* packet labeling based on the label.	1555	* packet labeling based on the label.
1556	* The case of a single label host is different, because	1556	* The case of a single label host is different, because
1557	* a single label host should never get a labeled packet	1557	* a single label host should never get a labeled packet
1558	* even though the label is usually associated with a packet	1558	* even though the label is usually associated with a packet
1559	* label.	1559	* label.
1560	*/	1560	*/
1561	local_bh_disable();	1561	local_bh_disable();
1562	bh_lock_sock_nested(sk);	1562	bh_lock_sock_nested(sk);
1563		1563
1564	if (ssp->smk_out == smack_net_ambient \|\|	1564	if (ssp->smk_out == smack_net_ambient \|\|
1565	labeled == SMACK_UNLABELED_SOCKET)	1565	labeled == SMACK_UNLABELED_SOCKET)
1566	netlbl_sock_delattr(sk);	1566	netlbl_sock_delattr(sk);
1567	else {	1567	else {
1568	netlbl_secattr_init(&secattr);	1568	netlbl_secattr_init(&secattr);
1569	smack_to_secattr(ssp->smk_out, &secattr);	1569	smack_to_secattr(ssp->smk_out, &secattr);
1570	rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);	1570	rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);
1571	netlbl_secattr_destroy(&secattr);	1571	netlbl_secattr_destroy(&secattr);
1572	}	1572	}
1573		1573
1574	bh_unlock_sock(sk);	1574	bh_unlock_sock(sk);
1575	local_bh_enable();	1575	local_bh_enable();
1576		1576
1577	return rc;	1577	return rc;
1578	}	1578	}
1579		1579
1580	/**	1580	/**
1581	* smack_netlbel_send - Set the secattr on a socket and perform access checks	1581	* smack_netlbel_send - Set the secattr on a socket and perform access checks
1582	* @sk: the socket	1582	* @sk: the socket
1583	* @sap: the destination address	1583	* @sap: the destination address
1584	*	1584	*
1585	* Set the correct secattr for the given socket based on the destination	1585	* Set the correct secattr for the given socket based on the destination
1586	* address and perform any outbound access checks needed.	1586	* address and perform any outbound access checks needed.
1587	*	1587	*
1588	* Returns 0 on success or an error code.	1588	* Returns 0 on success or an error code.
1589	*	1589	*
1590	*/	1590	*/
1591	static int smack_netlabel_send(struct sock sk, struct sockaddr_in sap)	1591	static int smack_netlabel_send(struct sock sk, struct sockaddr_in sap)
1592	{	1592	{
1593	int rc;	1593	int rc;
1594	int sk_lbl;	1594	int sk_lbl;
1595	char *hostsp;	1595	char *hostsp;
1596	struct socket_smack *ssp = sk->sk_security;	1596	struct socket_smack *ssp = sk->sk_security;
1597	struct smk_audit_info ad;	1597	struct smk_audit_info ad;
1598		1598
1599	rcu_read_lock();	1599	rcu_read_lock();
1600	hostsp = smack_host_label(sap);	1600	hostsp = smack_host_label(sap);
1601	if (hostsp != NULL) {	1601	if (hostsp != NULL) {
1602	sk_lbl = SMACK_UNLABELED_SOCKET;	1602	sk_lbl = SMACK_UNLABELED_SOCKET;
1603	#ifdef CONFIG_AUDIT	1603	#ifdef CONFIG_AUDIT
1604	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);	1604	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
1605	ad.a.u.net.family = sap->sin_family;	1605	ad.a.u.net.family = sap->sin_family;
1606	ad.a.u.net.dport = sap->sin_port;	1606	ad.a.u.net.dport = sap->sin_port;
1607	ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;	1607	ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;
1608	#endif	1608	#endif
1609	rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);	1609	rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1610	} else {	1610	} else {
1611	sk_lbl = SMACK_CIPSO_SOCKET;	1611	sk_lbl = SMACK_CIPSO_SOCKET;
1612	rc = 0;	1612	rc = 0;
1613	}	1613	}
1614	rcu_read_unlock();	1614	rcu_read_unlock();
1615	if (rc != 0)	1615	if (rc != 0)
1616	return rc;	1616	return rc;
1617		1617
1618	return smack_netlabel(sk, sk_lbl);	1618	return smack_netlabel(sk, sk_lbl);
1619	}	1619	}
1620		1620
1621	/**	1621	/**
1622	* smack_inode_setsecurity - set smack xattrs	1622	* smack_inode_setsecurity - set smack xattrs
1623	* @inode: the object	1623	* @inode: the object
1624	* @name: attribute name	1624	* @name: attribute name
1625	* @value: attribute value	1625	* @value: attribute value
1626	* @size: size of the attribute	1626	* @size: size of the attribute
1627	* @flags: unused	1627	* @flags: unused
1628	*	1628	*
1629	* Sets the named attribute in the appropriate blob	1629	* Sets the named attribute in the appropriate blob
1630	*	1630	*
1631	* Returns 0 on success, or an error code	1631	* Returns 0 on success, or an error code
1632	*/	1632	*/
1633	static int smack_inode_setsecurity(struct inode inode, const char name,	1633	static int smack_inode_setsecurity(struct inode inode, const char name,
1634	const void *value, size_t size, int flags)	1634	const void *value, size_t size, int flags)
1635	{	1635	{
1636	char *sp;	1636	char *sp;
1637	struct inode_smack *nsp = inode->i_security;	1637	struct inode_smack *nsp = inode->i_security;
1638	struct socket_smack *ssp;	1638	struct socket_smack *ssp;
1639	struct socket *sock;	1639	struct socket *sock;
1640	int rc = 0;	1640	int rc = 0;
1641		1641
1642	if (value == NULL \|\| size > SMK_LABELLEN \|\| size == 0)	1642	if (value == NULL \|\| size > SMK_LABELLEN \|\| size == 0)
1643	return -EACCES;	1643	return -EACCES;
1644		1644
1645	sp = smk_import(value, size);	1645	sp = smk_import(value, size);
1646	if (sp == NULL)	1646	if (sp == NULL)
1647	return -EINVAL;	1647	return -EINVAL;
1648		1648
1649	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {	1649	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1650	nsp->smk_inode = sp;	1650	nsp->smk_inode = sp;
1651	nsp->smk_flags \|= SMK_INODE_INSTANT;	1651	nsp->smk_flags \|= SMK_INODE_INSTANT;
1652	return 0;	1652	return 0;
1653	}	1653	}
1654	/*	1654	/*
1655	* The rest of the Smack xattrs are only on sockets.	1655	* The rest of the Smack xattrs are only on sockets.
1656	*/	1656	*/
1657	if (inode->i_sb->s_magic != SOCKFS_MAGIC)	1657	if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1658	return -EOPNOTSUPP;	1658	return -EOPNOTSUPP;
1659		1659
1660	sock = SOCKET_I(inode);	1660	sock = SOCKET_I(inode);
1661	if (sock == NULL \|\| sock->sk == NULL)	1661	if (sock == NULL \|\| sock->sk == NULL)
1662	return -EOPNOTSUPP;	1662	return -EOPNOTSUPP;
1663		1663
1664	ssp = sock->sk->sk_security;	1664	ssp = sock->sk->sk_security;
1665		1665
1666	if (strcmp(name, XATTR_SMACK_IPIN) == 0)	1666	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1667	ssp->smk_in = sp;	1667	ssp->smk_in = sp;
1668	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {	1668	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1669	ssp->smk_out = sp;	1669	ssp->smk_out = sp;
1670	rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);	1670	rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1671	if (rc != 0)	1671	if (rc != 0)
1672	printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",	1672	printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n",
1673	__func__, -rc);	1673	__func__, -rc);
1674	} else	1674	} else
1675	return -EOPNOTSUPP;	1675	return -EOPNOTSUPP;
1676		1676
1677	return 0;	1677	return 0;
1678	}	1678	}
1679		1679
1680	/**	1680	/**
1681	* smack_socket_post_create - finish socket setup	1681	* smack_socket_post_create - finish socket setup
1682	* @sock: the socket	1682	* @sock: the socket
1683	* @family: protocol family	1683	* @family: protocol family
1684	* @type: unused	1684	* @type: unused
1685	* @protocol: unused	1685	* @protocol: unused
1686	* @kern: unused	1686	* @kern: unused
1687	*	1687	*
1688	* Sets the netlabel information on the socket	1688	* Sets the netlabel information on the socket
1689	*	1689	*
1690	* Returns 0 on success, and error code otherwise	1690	* Returns 0 on success, and error code otherwise
1691	*/	1691	*/
1692	static int smack_socket_post_create(struct socket *sock, int family,	1692	static int smack_socket_post_create(struct socket *sock, int family,
1693	int type, int protocol, int kern)	1693	int type, int protocol, int kern)
1694	{	1694	{
1695	if (family != PF_INET \|\| sock->sk == NULL)	1695	if (family != PF_INET \|\| sock->sk == NULL)
1696	return 0;	1696	return 0;
1697	/*	1697	/*
1698	* Set the outbound netlbl.	1698	* Set the outbound netlbl.
1699	*/	1699	*/
1700	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);	1700	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1701	}	1701	}
1702		1702
1703	/**	1703	/**
1704	* smack_socket_connect - connect access check	1704	* smack_socket_connect - connect access check
1705	* @sock: the socket	1705	* @sock: the socket
1706	* @sap: the other end	1706	* @sap: the other end
1707	* @addrlen: size of sap	1707	* @addrlen: size of sap
1708	*	1708	*
1709	* Verifies that a connection may be possible	1709	* Verifies that a connection may be possible
1710	*	1710	*
1711	* Returns 0 on success, and error code otherwise	1711	* Returns 0 on success, and error code otherwise
1712	*/	1712	*/
1713	static int smack_socket_connect(struct socket sock, struct sockaddr sap,	1713	static int smack_socket_connect(struct socket sock, struct sockaddr sap,
1714	int addrlen)	1714	int addrlen)
1715	{	1715	{
1716	if (sock->sk == NULL \|\| sock->sk->sk_family != PF_INET)	1716	if (sock->sk == NULL \|\| sock->sk->sk_family != PF_INET)
1717	return 0;	1717	return 0;
1718	if (addrlen < sizeof(struct sockaddr_in))	1718	if (addrlen < sizeof(struct sockaddr_in))
1719	return -EINVAL;	1719	return -EINVAL;
1720		1720
1721	return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);	1721	return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
1722	}	1722	}
1723		1723
1724	/**	1724	/**
1725	* smack_flags_to_may - convert S_ to MAY_ values	1725	* smack_flags_to_may - convert S_ to MAY_ values
1726	* @flags: the S_ value	1726	* @flags: the S_ value
1727	*	1727	*
1728	* Returns the equivalent MAY_ value	1728	* Returns the equivalent MAY_ value
1729	*/	1729	*/
1730	static int smack_flags_to_may(int flags)	1730	static int smack_flags_to_may(int flags)
1731	{	1731	{
1732	int may = 0;	1732	int may = 0;
1733		1733
1734	if (flags & S_IRUGO)	1734	if (flags & S_IRUGO)
1735	may \|= MAY_READ;	1735	may \|= MAY_READ;
1736	if (flags & S_IWUGO)	1736	if (flags & S_IWUGO)
1737	may \|= MAY_WRITE;	1737	may \|= MAY_WRITE;
1738	if (flags & S_IXUGO)	1738	if (flags & S_IXUGO)
1739	may \|= MAY_EXEC;	1739	may \|= MAY_EXEC;
1740		1740
1741	return may;	1741	return may;
1742	}	1742	}
1743		1743
1744	/**	1744	/**
1745	* smack_msg_msg_alloc_security - Set the security blob for msg_msg	1745	* smack_msg_msg_alloc_security - Set the security blob for msg_msg
1746	* @msg: the object	1746	* @msg: the object
1747	*	1747	*
1748	* Returns 0	1748	* Returns 0
1749	*/	1749	*/
1750	static int smack_msg_msg_alloc_security(struct msg_msg *msg)	1750	static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1751	{	1751	{
1752	msg->security = current_security();	1752	msg->security = current_security();
1753	return 0;	1753	return 0;
1754	}	1754	}
1755		1755
1756	/**	1756	/**
1757	* smack_msg_msg_free_security - Clear the security blob for msg_msg	1757	* smack_msg_msg_free_security - Clear the security blob for msg_msg
1758	* @msg: the object	1758	* @msg: the object
1759	*	1759	*
1760	* Clears the blob pointer	1760	* Clears the blob pointer
1761	*/	1761	*/
1762	static void smack_msg_msg_free_security(struct msg_msg *msg)	1762	static void smack_msg_msg_free_security(struct msg_msg *msg)
1763	{	1763	{
1764	msg->security = NULL;	1764	msg->security = NULL;
1765	}	1765	}
1766		1766
1767	/**	1767	/**
1768	* smack_of_shm - the smack pointer for the shm	1768	* smack_of_shm - the smack pointer for the shm
1769	* @shp: the object	1769	* @shp: the object
1770	*	1770	*
1771	* Returns a pointer to the smack value	1771	* Returns a pointer to the smack value
1772	*/	1772	*/
1773	static char smack_of_shm(struct shmid_kernel shp)	1773	static char smack_of_shm(struct shmid_kernel shp)
1774	{	1774	{
1775	return (char *)shp->shm_perm.security;	1775	return (char *)shp->shm_perm.security;
1776	}	1776	}
1777		1777
1778	/**	1778	/**
1779	* smack_shm_alloc_security - Set the security blob for shm	1779	* smack_shm_alloc_security - Set the security blob for shm
1780	* @shp: the object	1780	* @shp: the object
1781	*	1781	*
1782	* Returns 0	1782	* Returns 0
1783	*/	1783	*/
1784	static int smack_shm_alloc_security(struct shmid_kernel *shp)	1784	static int smack_shm_alloc_security(struct shmid_kernel *shp)
1785	{	1785	{
1786	struct kern_ipc_perm *isp = &shp->shm_perm;	1786	struct kern_ipc_perm *isp = &shp->shm_perm;
1787		1787
1788	isp->security = current_security();	1788	isp->security = current_security();
1789	return 0;	1789	return 0;
1790	}	1790	}
1791		1791
1792	/**	1792	/**
1793	* smack_shm_free_security - Clear the security blob for shm	1793	* smack_shm_free_security - Clear the security blob for shm
1794	* @shp: the object	1794	* @shp: the object
1795	*	1795	*
1796	* Clears the blob pointer	1796	* Clears the blob pointer
1797	*/	1797	*/
1798	static void smack_shm_free_security(struct shmid_kernel *shp)	1798	static void smack_shm_free_security(struct shmid_kernel *shp)
1799	{	1799	{
1800	struct kern_ipc_perm *isp = &shp->shm_perm;	1800	struct kern_ipc_perm *isp = &shp->shm_perm;
1801		1801
1802	isp->security = NULL;	1802	isp->security = NULL;
1803	}	1803	}
1804		1804
1805	/**	1805	/**
1806	* smk_curacc_shm : check if current has access on shm	1806	* smk_curacc_shm : check if current has access on shm
1807	* @shp : the object	1807	* @shp : the object
1808	* @access : access requested	1808	* @access : access requested
1809	*	1809	*
1810	* Returns 0 if current has the requested access, error code otherwise	1810	* Returns 0 if current has the requested access, error code otherwise
1811	*/	1811	*/
1812	static int smk_curacc_shm(struct shmid_kernel *shp, int access)	1812	static int smk_curacc_shm(struct shmid_kernel *shp, int access)
1813	{	1813	{
1814	char *ssp = smack_of_shm(shp);	1814	char *ssp = smack_of_shm(shp);
1815	struct smk_audit_info ad;	1815	struct smk_audit_info ad;
1816		1816
1817	#ifdef CONFIG_AUDIT	1817	#ifdef CONFIG_AUDIT
1818	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);	1818	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1819	ad.a.u.ipc_id = shp->shm_perm.id;	1819	ad.a.u.ipc_id = shp->shm_perm.id;
1820	#endif	1820	#endif
1821	return smk_curacc(ssp, access, &ad);	1821	return smk_curacc(ssp, access, &ad);
1822	}	1822	}
1823		1823
1824	/**	1824	/**
1825	* smack_shm_associate - Smack access check for shm	1825	* smack_shm_associate - Smack access check for shm
1826	* @shp: the object	1826	* @shp: the object
1827	* @shmflg: access requested	1827	* @shmflg: access requested
1828	*	1828	*
1829	* Returns 0 if current has the requested access, error code otherwise	1829	* Returns 0 if current has the requested access, error code otherwise
1830	*/	1830	*/
1831	static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)	1831	static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1832	{	1832	{
1833	int may;	1833	int may;
1834		1834
1835	may = smack_flags_to_may(shmflg);	1835	may = smack_flags_to_may(shmflg);
1836	return smk_curacc_shm(shp, may);	1836	return smk_curacc_shm(shp, may);
1837	}	1837	}
1838		1838
1839	/**	1839	/**
1840	* smack_shm_shmctl - Smack access check for shm	1840	* smack_shm_shmctl - Smack access check for shm
1841	* @shp: the object	1841	* @shp: the object
1842	* @cmd: what it wants to do	1842	* @cmd: what it wants to do
1843	*	1843	*
1844	* Returns 0 if current has the requested access, error code otherwise	1844	* Returns 0 if current has the requested access, error code otherwise
1845	*/	1845	*/
1846	static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)	1846	static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1847	{	1847	{
1848	int may;	1848	int may;
1849		1849
1850	switch (cmd) {	1850	switch (cmd) {
1851	case IPC_STAT:	1851	case IPC_STAT:
1852	case SHM_STAT:	1852	case SHM_STAT:
1853	may = MAY_READ;	1853	may = MAY_READ;
1854	break;	1854	break;
1855	case IPC_SET:	1855	case IPC_SET:
1856	case SHM_LOCK:	1856	case SHM_LOCK:
1857	case SHM_UNLOCK:	1857	case SHM_UNLOCK:
1858	case IPC_RMID:	1858	case IPC_RMID:
1859	may = MAY_READWRITE;	1859	may = MAY_READWRITE;
1860	break;	1860	break;
1861	case IPC_INFO:	1861	case IPC_INFO:
1862	case SHM_INFO:	1862	case SHM_INFO:
1863	/*	1863	/*
1864	* System level information.	1864	* System level information.
1865	*/	1865	*/
1866	return 0;	1866	return 0;
1867	default:	1867	default:
1868	return -EINVAL;	1868	return -EINVAL;
1869	}	1869	}
1870	return smk_curacc_shm(shp, may);	1870	return smk_curacc_shm(shp, may);
1871	}	1871	}
1872		1872
1873	/**	1873	/**
1874	* smack_shm_shmat - Smack access for shmat	1874	* smack_shm_shmat - Smack access for shmat
1875	* @shp: the object	1875	* @shp: the object
1876	* @shmaddr: unused	1876	* @shmaddr: unused
1877	* @shmflg: access requested	1877	* @shmflg: access requested
1878	*	1878	*
1879	* Returns 0 if current has the requested access, error code otherwise	1879	* Returns 0 if current has the requested access, error code otherwise
1880	*/	1880	*/
1881	static int smack_shm_shmat(struct shmid_kernel shp, char __user shmaddr,	1881	static int smack_shm_shmat(struct shmid_kernel shp, char __user shmaddr,
1882	int shmflg)	1882	int shmflg)
1883	{	1883	{
1884	int may;	1884	int may;
1885		1885
1886	may = smack_flags_to_may(shmflg);	1886	may = smack_flags_to_may(shmflg);
1887	return smk_curacc_shm(shp, may);	1887	return smk_curacc_shm(shp, may);
1888	}	1888	}
1889		1889
1890	/**	1890	/**
1891	* smack_of_sem - the smack pointer for the sem	1891	* smack_of_sem - the smack pointer for the sem
1892	* @sma: the object	1892	* @sma: the object
1893	*	1893	*
1894	* Returns a pointer to the smack value	1894	* Returns a pointer to the smack value
1895	*/	1895	*/
1896	static char smack_of_sem(struct sem_array sma)	1896	static char smack_of_sem(struct sem_array sma)
1897	{	1897	{
1898	return (char *)sma->sem_perm.security;	1898	return (char *)sma->sem_perm.security;
1899	}	1899	}
1900		1900
1901	/**	1901	/**
1902	* smack_sem_alloc_security - Set the security blob for sem	1902	* smack_sem_alloc_security - Set the security blob for sem
1903	* @sma: the object	1903	* @sma: the object
1904	*	1904	*
1905	* Returns 0	1905	* Returns 0
1906	*/	1906	*/
1907	static int smack_sem_alloc_security(struct sem_array *sma)	1907	static int smack_sem_alloc_security(struct sem_array *sma)
1908	{	1908	{
1909	struct kern_ipc_perm *isp = &sma->sem_perm;	1909	struct kern_ipc_perm *isp = &sma->sem_perm;
1910		1910
1911	isp->security = current_security();	1911	isp->security = current_security();
1912	return 0;	1912	return 0;
1913	}	1913	}
1914		1914
1915	/**	1915	/**
1916	* smack_sem_free_security - Clear the security blob for sem	1916	* smack_sem_free_security - Clear the security blob for sem
1917	* @sma: the object	1917	* @sma: the object
1918	*	1918	*
1919	* Clears the blob pointer	1919	* Clears the blob pointer
1920	*/	1920	*/
1921	static void smack_sem_free_security(struct sem_array *sma)	1921	static void smack_sem_free_security(struct sem_array *sma)
1922	{	1922	{
1923	struct kern_ipc_perm *isp = &sma->sem_perm;	1923	struct kern_ipc_perm *isp = &sma->sem_perm;
1924		1924
1925	isp->security = NULL;	1925	isp->security = NULL;
1926	}	1926	}
1927		1927
1928	/**	1928	/**
1929	* smk_curacc_sem : check if current has access on sem	1929	* smk_curacc_sem : check if current has access on sem
1930	* @sma : the object	1930	* @sma : the object
1931	* @access : access requested	1931	* @access : access requested
1932	*	1932	*
1933	* Returns 0 if current has the requested access, error code otherwise	1933	* Returns 0 if current has the requested access, error code otherwise
1934	*/	1934	*/
1935	static int smk_curacc_sem(struct sem_array *sma, int access)	1935	static int smk_curacc_sem(struct sem_array *sma, int access)
1936	{	1936	{
1937	char *ssp = smack_of_sem(sma);	1937	char *ssp = smack_of_sem(sma);
1938	struct smk_audit_info ad;	1938	struct smk_audit_info ad;
1939		1939
1940	#ifdef CONFIG_AUDIT	1940	#ifdef CONFIG_AUDIT
1941	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);	1941	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
1942	ad.a.u.ipc_id = sma->sem_perm.id;	1942	ad.a.u.ipc_id = sma->sem_perm.id;
1943	#endif	1943	#endif
1944	return smk_curacc(ssp, access, &ad);	1944	return smk_curacc(ssp, access, &ad);
1945	}	1945	}
1946		1946
1947	/**	1947	/**
1948	* smack_sem_associate - Smack access check for sem	1948	* smack_sem_associate - Smack access check for sem
1949	* @sma: the object	1949	* @sma: the object
1950	* @semflg: access requested	1950	* @semflg: access requested
1951	*	1951	*
1952	* Returns 0 if current has the requested access, error code otherwise	1952	* Returns 0 if current has the requested access, error code otherwise
1953	*/	1953	*/
1954	static int smack_sem_associate(struct sem_array *sma, int semflg)	1954	static int smack_sem_associate(struct sem_array *sma, int semflg)
1955	{	1955	{
1956	int may;	1956	int may;
1957		1957
1958	may = smack_flags_to_may(semflg);	1958	may = smack_flags_to_may(semflg);
1959	return smk_curacc_sem(sma, may);	1959	return smk_curacc_sem(sma, may);
1960	}	1960	}
1961		1961
1962	/**	1962	/**
1963	* smack_sem_shmctl - Smack access check for sem	1963	* smack_sem_shmctl - Smack access check for sem
1964	* @sma: the object	1964	* @sma: the object
1965	* @cmd: what it wants to do	1965	* @cmd: what it wants to do
1966	*	1966	*
1967	* Returns 0 if current has the requested access, error code otherwise	1967	* Returns 0 if current has the requested access, error code otherwise
1968	*/	1968	*/
1969	static int smack_sem_semctl(struct sem_array *sma, int cmd)	1969	static int smack_sem_semctl(struct sem_array *sma, int cmd)
1970	{	1970	{
1971	int may;	1971	int may;
1972		1972
1973	switch (cmd) {	1973	switch (cmd) {
1974	case GETPID:	1974	case GETPID:
1975	case GETNCNT:	1975	case GETNCNT:
1976	case GETZCNT:	1976	case GETZCNT:
1977	case GETVAL:	1977	case GETVAL:
1978	case GETALL:	1978	case GETALL:
1979	case IPC_STAT:	1979	case IPC_STAT:
1980	case SEM_STAT:	1980	case SEM_STAT:
1981	may = MAY_READ;	1981	may = MAY_READ;
1982	break;	1982	break;
1983	case SETVAL:	1983	case SETVAL:
1984	case SETALL:	1984	case SETALL:
1985	case IPC_RMID:	1985	case IPC_RMID:
1986	case IPC_SET:	1986	case IPC_SET:
1987	may = MAY_READWRITE;	1987	may = MAY_READWRITE;
1988	break;	1988	break;
1989	case IPC_INFO:	1989	case IPC_INFO:
1990	case SEM_INFO:	1990	case SEM_INFO:
1991	/*	1991	/*
1992	* System level information	1992	* System level information
1993	*/	1993	*/
1994	return 0;	1994	return 0;
1995	default:	1995	default:
1996	return -EINVAL;	1996	return -EINVAL;
1997	}	1997	}
1998		1998
1999	return smk_curacc_sem(sma, may);	1999	return smk_curacc_sem(sma, may);
2000	}	2000	}
2001		2001
2002	/**	2002	/**
2003	* smack_sem_semop - Smack checks of semaphore operations	2003	* smack_sem_semop - Smack checks of semaphore operations
2004	* @sma: the object	2004	* @sma: the object
2005	* @sops: unused	2005	* @sops: unused
2006	* @nsops: unused	2006	* @nsops: unused
2007	* @alter: unused	2007	* @alter: unused
2008	*	2008	*
2009	* Treated as read and write in all cases.	2009	* Treated as read and write in all cases.
2010	*	2010	*
2011	* Returns 0 if access is allowed, error code otherwise	2011	* Returns 0 if access is allowed, error code otherwise
2012	*/	2012	*/
2013	static int smack_sem_semop(struct sem_array sma, struct sembuf sops,	2013	static int smack_sem_semop(struct sem_array sma, struct sembuf sops,
2014	unsigned nsops, int alter)	2014	unsigned nsops, int alter)
2015	{	2015	{
2016	return smk_curacc_sem(sma, MAY_READWRITE);	2016	return smk_curacc_sem(sma, MAY_READWRITE);
2017	}	2017	}
2018		2018
2019	/**	2019	/**
2020	* smack_msg_alloc_security - Set the security blob for msg	2020	* smack_msg_alloc_security - Set the security blob for msg
2021	* @msq: the object	2021	* @msq: the object
2022	*	2022	*
2023	* Returns 0	2023	* Returns 0
2024	*/	2024	*/
2025	static int smack_msg_queue_alloc_security(struct msg_queue *msq)	2025	static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2026	{	2026	{
2027	struct kern_ipc_perm *kisp = &msq->q_perm;	2027	struct kern_ipc_perm *kisp = &msq->q_perm;
2028		2028
2029	kisp->security = current_security();	2029	kisp->security = current_security();
2030	return 0;	2030	return 0;
2031	}	2031	}
2032		2032
2033	/**	2033	/**
2034	* smack_msg_free_security - Clear the security blob for msg	2034	* smack_msg_free_security - Clear the security blob for msg
2035	* @msq: the object	2035	* @msq: the object
2036	*	2036	*
2037	* Clears the blob pointer	2037	* Clears the blob pointer
2038	*/	2038	*/
2039	static void smack_msg_queue_free_security(struct msg_queue *msq)	2039	static void smack_msg_queue_free_security(struct msg_queue *msq)
2040	{	2040	{
2041	struct kern_ipc_perm *kisp = &msq->q_perm;	2041	struct kern_ipc_perm *kisp = &msq->q_perm;
2042		2042
2043	kisp->security = NULL;	2043	kisp->security = NULL;
2044	}	2044	}
2045		2045
2046	/**	2046	/**
2047	* smack_of_msq - the smack pointer for the msq	2047	* smack_of_msq - the smack pointer for the msq
2048	* @msq: the object	2048	* @msq: the object
2049	*	2049	*
2050	* Returns a pointer to the smack value	2050	* Returns a pointer to the smack value
2051	*/	2051	*/
2052	static char smack_of_msq(struct msg_queue msq)	2052	static char smack_of_msq(struct msg_queue msq)
2053	{	2053	{
2054	return (char *)msq->q_perm.security;	2054	return (char *)msq->q_perm.security;
2055	}	2055	}
2056		2056
2057	/**	2057	/**
2058	* smk_curacc_msq : helper to check if current has access on msq	2058	* smk_curacc_msq : helper to check if current has access on msq
2059	* @msq : the msq	2059	* @msq : the msq
2060	* @access : access requested	2060	* @access : access requested
2061	*	2061	*
2062	* return 0 if current has access, error otherwise	2062	* return 0 if current has access, error otherwise
2063	*/	2063	*/
2064	static int smk_curacc_msq(struct msg_queue *msq, int access)	2064	static int smk_curacc_msq(struct msg_queue *msq, int access)
2065	{	2065	{
2066	char *msp = smack_of_msq(msq);	2066	char *msp = smack_of_msq(msq);
2067	struct smk_audit_info ad;	2067	struct smk_audit_info ad;
2068		2068
2069	#ifdef CONFIG_AUDIT	2069	#ifdef CONFIG_AUDIT
2070	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);	2070	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2071	ad.a.u.ipc_id = msq->q_perm.id;	2071	ad.a.u.ipc_id = msq->q_perm.id;
2072	#endif	2072	#endif
2073	return smk_curacc(msp, access, &ad);	2073	return smk_curacc(msp, access, &ad);
2074	}	2074	}
2075		2075
2076	/**	2076	/**
2077	* smack_msg_queue_associate - Smack access check for msg_queue	2077	* smack_msg_queue_associate - Smack access check for msg_queue
2078	* @msq: the object	2078	* @msq: the object
2079	* @msqflg: access requested	2079	* @msqflg: access requested
2080	*	2080	*
2081	* Returns 0 if current has the requested access, error code otherwise	2081	* Returns 0 if current has the requested access, error code otherwise
2082	*/	2082	*/
2083	static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)	2083	static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2084	{	2084	{
2085	int may;	2085	int may;
2086		2086
2087	may = smack_flags_to_may(msqflg);	2087	may = smack_flags_to_may(msqflg);
2088	return smk_curacc_msq(msq, may);	2088	return smk_curacc_msq(msq, may);
2089	}	2089	}
2090		2090
2091	/**	2091	/**
2092	* smack_msg_queue_msgctl - Smack access check for msg_queue	2092	* smack_msg_queue_msgctl - Smack access check for msg_queue
2093	* @msq: the object	2093	* @msq: the object
2094	* @cmd: what it wants to do	2094	* @cmd: what it wants to do
2095	*	2095	*
2096	* Returns 0 if current has the requested access, error code otherwise	2096	* Returns 0 if current has the requested access, error code otherwise
2097	*/	2097	*/
2098	static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)	2098	static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2099	{	2099	{
2100	int may;	2100	int may;
2101		2101
2102	switch (cmd) {	2102	switch (cmd) {
2103	case IPC_STAT:	2103	case IPC_STAT:
2104	case MSG_STAT:	2104	case MSG_STAT:
2105	may = MAY_READ;	2105	may = MAY_READ;
2106	break;	2106	break;
2107	case IPC_SET:	2107	case IPC_SET:
2108	case IPC_RMID:	2108	case IPC_RMID:
2109	may = MAY_READWRITE;	2109	may = MAY_READWRITE;
2110	break;	2110	break;
2111	case IPC_INFO:	2111	case IPC_INFO:
2112	case MSG_INFO:	2112	case MSG_INFO:
2113	/*	2113	/*
2114	* System level information	2114	* System level information
2115	*/	2115	*/
2116	return 0;	2116	return 0;
2117	default:	2117	default:
2118	return -EINVAL;	2118	return -EINVAL;
2119	}	2119	}
2120		2120
2121	return smk_curacc_msq(msq, may);	2121	return smk_curacc_msq(msq, may);
2122	}	2122	}
2123		2123
2124	/**	2124	/**
2125	* smack_msg_queue_msgsnd - Smack access check for msg_queue	2125	* smack_msg_queue_msgsnd - Smack access check for msg_queue
2126	* @msq: the object	2126	* @msq: the object
2127	* @msg: unused	2127	* @msg: unused
2128	* @msqflg: access requested	2128	* @msqflg: access requested
2129	*	2129	*
2130	* Returns 0 if current has the requested access, error code otherwise	2130	* Returns 0 if current has the requested access, error code otherwise
2131	*/	2131	*/
2132	static int smack_msg_queue_msgsnd(struct msg_queue msq, struct msg_msg msg,	2132	static int smack_msg_queue_msgsnd(struct msg_queue msq, struct msg_msg msg,
2133	int msqflg)	2133	int msqflg)
2134	{	2134	{
2135	int may;	2135	int may;
2136		2136
2137	may = smack_flags_to_may(msqflg);	2137	may = smack_flags_to_may(msqflg);
2138	return smk_curacc_msq(msq, may);	2138	return smk_curacc_msq(msq, may);
2139	}	2139	}
2140		2140
2141	/**	2141	/**
2142	* smack_msg_queue_msgsnd - Smack access check for msg_queue	2142	* smack_msg_queue_msgsnd - Smack access check for msg_queue
2143	* @msq: the object	2143	* @msq: the object
2144	* @msg: unused	2144	* @msg: unused
2145	* @target: unused	2145	* @target: unused
2146	* @type: unused	2146	* @type: unused
2147	* @mode: unused	2147	* @mode: unused
2148	*	2148	*
2149	* Returns 0 if current has read and write access, error code otherwise	2149	* Returns 0 if current has read and write access, error code otherwise
2150	*/	2150	*/
2151	static int smack_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg,	2151	static int smack_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg,
2152	struct task_struct *target, long type, int mode)	2152	struct task_struct *target, long type, int mode)
2153	{	2153	{
2154	return smk_curacc_msq(msq, MAY_READWRITE);	2154	return smk_curacc_msq(msq, MAY_READWRITE);
2155	}	2155	}
2156		2156
2157	/**	2157	/**
2158	* smack_ipc_permission - Smack access for ipc_permission()	2158	* smack_ipc_permission - Smack access for ipc_permission()
2159	* @ipp: the object permissions	2159	* @ipp: the object permissions
2160	* @flag: access requested	2160	* @flag: access requested
2161	*	2161	*
2162	* Returns 0 if current has read and write access, error code otherwise	2162	* Returns 0 if current has read and write access, error code otherwise
2163	*/	2163	*/
2164	static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)	2164	static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2165	{	2165	{
2166	char *isp = ipp->security;	2166	char *isp = ipp->security;
2167	int may = smack_flags_to_may(flag);	2167	int may = smack_flags_to_may(flag);
2168	struct smk_audit_info ad;	2168	struct smk_audit_info ad;
2169		2169
2170	#ifdef CONFIG_AUDIT	2170	#ifdef CONFIG_AUDIT
2171	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);	2171	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2172	ad.a.u.ipc_id = ipp->id;	2172	ad.a.u.ipc_id = ipp->id;
2173	#endif	2173	#endif
2174	return smk_curacc(isp, may, &ad);	2174	return smk_curacc(isp, may, &ad);
2175	}	2175	}
2176		2176
2177	/**	2177	/**
2178	* smack_ipc_getsecid - Extract smack security id	2178	* smack_ipc_getsecid - Extract smack security id
2179	* @ipp: the object permissions	2179	* @ipp: the object permissions
2180	* @secid: where result will be saved	2180	* @secid: where result will be saved
2181	*/	2181	*/
2182	static void smack_ipc_getsecid(struct kern_ipc_perm ipp, u32 secid)	2182	static void smack_ipc_getsecid(struct kern_ipc_perm ipp, u32 secid)
2183	{	2183	{
2184	char *smack = ipp->security;	2184	char *smack = ipp->security;
2185		2185
2186	*secid = smack_to_secid(smack);	2186	*secid = smack_to_secid(smack);
2187	}	2187	}
2188		2188
2189	/**	2189	/**
2190	* smack_d_instantiate - Make sure the blob is correct on an inode	2190	* smack_d_instantiate - Make sure the blob is correct on an inode
2191	* @opt_dentry: dentry where inode will be attached	2191	* @opt_dentry: dentry where inode will be attached
2192	* @inode: the object	2192	* @inode: the object
2193	*	2193	*
2194	* Set the inode's security blob if it hasn't been done already.	2194	* Set the inode's security blob if it hasn't been done already.
2195	*/	2195	*/
2196	static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)	2196	static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
2197	{	2197	{
2198	struct super_block *sbp;	2198	struct super_block *sbp;
2199	struct superblock_smack *sbsp;	2199	struct superblock_smack *sbsp;
2200	struct inode_smack *isp;	2200	struct inode_smack *isp;
2201	char *csp = current_security();	2201	char *csp = current_security();
2202	char *fetched;	2202	char *fetched;
2203	char *final;	2203	char *final;
2204	struct dentry *dp;	2204	struct dentry *dp;
2205		2205
2206	if (inode == NULL)	2206	if (inode == NULL)
2207	return;	2207	return;
2208		2208
2209	isp = inode->i_security;	2209	isp = inode->i_security;
2210		2210
2211	mutex_lock(&isp->smk_lock);	2211	mutex_lock(&isp->smk_lock);
2212	/*	2212	/*
2213	* If the inode is already instantiated	2213	* If the inode is already instantiated
2214	* take the quick way out	2214	* take the quick way out
2215	*/	2215	*/
2216	if (isp->smk_flags & SMK_INODE_INSTANT)	2216	if (isp->smk_flags & SMK_INODE_INSTANT)
2217	goto unlockandout;	2217	goto unlockandout;
2218		2218
2219	sbp = inode->i_sb;	2219	sbp = inode->i_sb;
2220	sbsp = sbp->s_security;	2220	sbsp = sbp->s_security;
2221	/*	2221	/*
2222	* We're going to use the superblock default label	2222	* We're going to use the superblock default label
2223	* if there's no label on the file.	2223	* if there's no label on the file.
2224	*/	2224	*/
2225	final = sbsp->smk_default;	2225	final = sbsp->smk_default;
2226		2226
2227	/*	2227	/*
2228	* If this is the root inode the superblock	2228	* If this is the root inode the superblock
2229	* may be in the process of initialization.	2229	* may be in the process of initialization.
2230	* If that is the case use the root value out	2230	* If that is the case use the root value out
2231	* of the superblock.	2231	* of the superblock.
2232	*/	2232	*/
2233	if (opt_dentry->d_parent == opt_dentry) {	2233	if (opt_dentry->d_parent == opt_dentry) {
2234	isp->smk_inode = sbsp->smk_root;	2234	isp->smk_inode = sbsp->smk_root;
2235	isp->smk_flags \|= SMK_INODE_INSTANT;	2235	isp->smk_flags \|= SMK_INODE_INSTANT;
2236	goto unlockandout;	2236	goto unlockandout;
2237	}	2237	}
2238		2238
2239	/*	2239	/*
2240	* This is pretty hackish.	2240	* This is pretty hackish.
2241	* Casey says that we shouldn't have to do	2241	* Casey says that we shouldn't have to do
2242	* file system specific code, but it does help	2242	* file system specific code, but it does help
2243	* with keeping it simple.	2243	* with keeping it simple.
2244	*/	2244	*/
2245	switch (sbp->s_magic) {	2245	switch (sbp->s_magic) {
2246	case SMACK_MAGIC:	2246	case SMACK_MAGIC:
2247	/*	2247	/*
2248	* Casey says that it's a little embarassing	2248	* Casey says that it's a little embarassing
2249	* that the smack file system doesn't do	2249	* that the smack file system doesn't do
2250	* extended attributes.	2250	* extended attributes.
2251	*/	2251	*/
2252	final = smack_known_star.smk_known;	2252	final = smack_known_star.smk_known;
2253	break;	2253	break;
2254	case PIPEFS_MAGIC:	2254	case PIPEFS_MAGIC:
2255	/*	2255	/*
2256	* Casey says pipes are easy (?)	2256	* Casey says pipes are easy (?)
2257	*/	2257	*/
2258	final = smack_known_star.smk_known;	2258	final = smack_known_star.smk_known;
2259	break;	2259	break;
2260	case DEVPTS_SUPER_MAGIC:	2260	case DEVPTS_SUPER_MAGIC:
2261	/*	2261	/*
2262	* devpts seems content with the label of the task.	2262	* devpts seems content with the label of the task.
2263	* Programs that change smack have to treat the	2263	* Programs that change smack have to treat the
2264	* pty with respect.	2264	* pty with respect.
2265	*/	2265	*/
2266	final = csp;	2266	final = csp;
2267	break;	2267	break;
2268	case SOCKFS_MAGIC:	2268	case SOCKFS_MAGIC:
2269	/*	2269	/*
2270	* Casey says sockets get the smack of the task.	2270	* Casey says sockets get the smack of the task.
2271	*/	2271	*/
2272	final = csp;	2272	final = csp;
2273	break;	2273	break;
2274	case PROC_SUPER_MAGIC:	2274	case PROC_SUPER_MAGIC:
2275	/*	2275	/*
2276	* Casey says procfs appears not to care.	2276	* Casey says procfs appears not to care.
2277	* The superblock default suffices.	2277	* The superblock default suffices.
2278	*/	2278	*/
2279	break;	2279	break;
2280	case TMPFS_MAGIC:	2280	case TMPFS_MAGIC:
2281	/*	2281	/*
2282	* Device labels should come from the filesystem,	2282	* Device labels should come from the filesystem,
2283	* but watch out, because they're volitile,	2283	* but watch out, because they're volitile,
2284	* getting recreated on every reboot.	2284	* getting recreated on every reboot.
2285	*/	2285	*/
2286	final = smack_known_star.smk_known;	2286	final = smack_known_star.smk_known;
2287	/*	2287	/*
2288	* No break.	2288	* No break.
2289	*	2289	*
2290	* If a smack value has been set we want to use it,	2290	* If a smack value has been set we want to use it,
2291	* but since tmpfs isn't giving us the opportunity	2291	* but since tmpfs isn't giving us the opportunity
2292	* to set mount options simulate setting the	2292	* to set mount options simulate setting the
2293	* superblock default.	2293	* superblock default.
2294	*/	2294	*/
2295	default:	2295	default:
2296	/*	2296	/*
2297	* This isn't an understood special case.	2297	* This isn't an understood special case.
2298	* Get the value from the xattr.	2298	* Get the value from the xattr.
2299	*	2299	*
2300	* No xattr support means, alas, no SMACK label.	2300	* No xattr support means, alas, no SMACK label.
2301	* Use the aforeapplied default.	2301	* Use the aforeapplied default.
2302	* It would be curious if the label of the task	2302	* It would be curious if the label of the task
2303	* does not match that assigned.	2303	* does not match that assigned.
2304	*/	2304	*/
2305	if (inode->i_op->getxattr == NULL)	2305	if (inode->i_op->getxattr == NULL)
2306	break;	2306	break;
2307	/*	2307	/*
2308	* Get the dentry for xattr.	2308	* Get the dentry for xattr.
2309	*/	2309	*/
2310	dp = dget(opt_dentry);	2310	dp = dget(opt_dentry);
2311	fetched = smk_fetch(inode, dp);	2311	fetched = smk_fetch(inode, dp);
2312	if (fetched != NULL)	2312	if (fetched != NULL)
2313	final = fetched;	2313	final = fetched;
2314	dput(dp);	2314	dput(dp);
2315	break;	2315	break;
2316	}	2316	}
2317		2317
2318	if (final == NULL)	2318	if (final == NULL)
2319	isp->smk_inode = csp;	2319	isp->smk_inode = csp;
2320	else	2320	else
2321	isp->smk_inode = final;	2321	isp->smk_inode = final;
2322		2322
2323	isp->smk_flags \|= SMK_INODE_INSTANT;	2323	isp->smk_flags \|= SMK_INODE_INSTANT;
2324		2324
2325	unlockandout:	2325	unlockandout:
2326	mutex_unlock(&isp->smk_lock);	2326	mutex_unlock(&isp->smk_lock);
2327	return;	2327	return;
2328	}	2328	}
2329		2329
2330	/**	2330	/**
2331	* smack_getprocattr - Smack process attribute access	2331	* smack_getprocattr - Smack process attribute access
2332	* @p: the object task	2332	* @p: the object task
2333	* @name: the name of the attribute in /proc/.../attr	2333	* @name: the name of the attribute in /proc/.../attr
2334	* @value: where to put the result	2334	* @value: where to put the result
2335	*	2335	*
2336	* Places a copy of the task Smack into value	2336	* Places a copy of the task Smack into value
2337	*	2337	*
2338	* Returns the length of the smack label or an error code	2338	* Returns the length of the smack label or an error code
2339	*/	2339	*/
2340	static int smack_getprocattr(struct task_struct p, char name, char **value)	2340	static int smack_getprocattr(struct task_struct p, char name, char **value)
2341	{	2341	{
2342	char *cp;	2342	char *cp;
2343	int slen;	2343	int slen;
2344		2344
2345	if (strcmp(name, "current") != 0)	2345	if (strcmp(name, "current") != 0)
2346	return -EINVAL;	2346	return -EINVAL;
2347		2347
2348	cp = kstrdup(task_security(p), GFP_KERNEL);	2348	cp = kstrdup(task_security(p), GFP_KERNEL);
2349	if (cp == NULL)	2349	if (cp == NULL)
2350	return -ENOMEM;	2350	return -ENOMEM;
2351		2351
2352	slen = strlen(cp);	2352	slen = strlen(cp);
2353	*value = cp;	2353	*value = cp;
2354	return slen;	2354	return slen;
2355	}	2355	}
2356		2356
2357	/**	2357	/**
2358	* smack_setprocattr - Smack process attribute setting	2358	* smack_setprocattr - Smack process attribute setting
2359	* @p: the object task	2359	* @p: the object task
2360	* @name: the name of the attribute in /proc/.../attr	2360	* @name: the name of the attribute in /proc/.../attr
2361	* @value: the value to set	2361	* @value: the value to set
2362	* @size: the size of the value	2362	* @size: the size of the value
2363	*	2363	*
2364	* Sets the Smack value of the task. Only setting self	2364	* Sets the Smack value of the task. Only setting self
2365	* is permitted and only with privilege	2365	* is permitted and only with privilege
2366	*	2366	*
2367	* Returns the length of the smack label or an error code	2367	* Returns the length of the smack label or an error code
2368	*/	2368	*/
2369	static int smack_setprocattr(struct task_struct p, char name,	2369	static int smack_setprocattr(struct task_struct p, char name,
2370	void *value, size_t size)	2370	void *value, size_t size)
2371	{	2371	{
2372	struct cred *new;	2372	struct cred *new;
2373	char *newsmack;	2373	char *newsmack;
2374		2374
2375	/*	2375	/*
2376	* Changing another process' Smack value is too dangerous	2376	* Changing another process' Smack value is too dangerous
2377	* and supports no sane use case.	2377	* and supports no sane use case.
2378	*/	2378	*/
2379	if (p != current)	2379	if (p != current)
2380	return -EPERM;	2380	return -EPERM;
2381		2381
2382	if (!capable(CAP_MAC_ADMIN))	2382	if (!capable(CAP_MAC_ADMIN))
2383	return -EPERM;	2383	return -EPERM;
2384		2384
2385	if (value == NULL \|\| size == 0 \|\| size >= SMK_LABELLEN)	2385	if (value == NULL \|\| size == 0 \|\| size >= SMK_LABELLEN)
2386	return -EINVAL;	2386	return -EINVAL;
2387		2387
2388	if (strcmp(name, "current") != 0)	2388	if (strcmp(name, "current") != 0)
2389	return -EINVAL;	2389	return -EINVAL;
2390		2390
2391	newsmack = smk_import(value, size);	2391	newsmack = smk_import(value, size);
2392	if (newsmack == NULL)	2392	if (newsmack == NULL)
2393	return -EINVAL;	2393	return -EINVAL;
2394		2394
2395	/*	2395	/*
2396	* No process is ever allowed the web ("@") label.	2396	* No process is ever allowed the web ("@") label.
2397	*/	2397	*/
2398	if (newsmack == smack_known_web.smk_known)	2398	if (newsmack == smack_known_web.smk_known)
2399	return -EPERM;	2399	return -EPERM;
2400		2400
2401	new = prepare_creds();	2401	new = prepare_creds();
2402	if (new == NULL)	2402	if (new == NULL)
2403	return -ENOMEM;	2403	return -ENOMEM;
2404	new->security = newsmack;	2404	new->security = newsmack;
2405	commit_creds(new);	2405	commit_creds(new);
2406	return size;	2406	return size;
2407	}	2407	}
2408		2408
2409	/**	2409	/**
2410	* smack_unix_stream_connect - Smack access on UDS	2410	* smack_unix_stream_connect - Smack access on UDS
2411	* @sock: one socket	2411	* @sock: one sock
2412	* @other: the other socket	2412	* @other: the other sock
2413	* @newsk: unused	2413	* @newsk: unused
2414	*	2414	*
2415	* Return 0 if a subject with the smack of sock could access	2415	* Return 0 if a subject with the smack of sock could access
2416	* an object with the smack of other, otherwise an error code	2416	* an object with the smack of other, otherwise an error code
2417	*/	2417	*/
2418	static int smack_unix_stream_connect(struct socket *sock,	2418	static int smack_unix_stream_connect(struct sock *sock,
2419	struct socket other, struct sock newsk)	2419	struct sock other, struct sock newsk)
2420	{	2420	{
2421	struct inode *sp = SOCK_INODE(sock);	2421	struct inode *sp = SOCK_INODE(sock->sk_socket);
2422	struct inode *op = SOCK_INODE(other);	2422	struct inode *op = SOCK_INODE(other->sk_socket);
2423	struct smk_audit_info ad;	2423	struct smk_audit_info ad;
2424		2424
2425	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);	2425	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2426	smk_ad_setfield_u_net_sk(&ad, other->sk);	2426	smk_ad_setfield_u_net_sk(&ad, other);
2427	return smk_access(smk_of_inode(sp), smk_of_inode(op),	2427	return smk_access(smk_of_inode(sp), smk_of_inode(op),
2428	MAY_READWRITE, &ad);	2428	MAY_READWRITE, &ad);
2429	}	2429	}
2430		2430
2431	/**	2431	/**
2432	* smack_unix_may_send - Smack access on UDS	2432	* smack_unix_may_send - Smack access on UDS
2433	* @sock: one socket	2433	* @sock: one socket
2434	* @other: the other socket	2434	* @other: the other socket
2435	*	2435	*
2436	* Return 0 if a subject with the smack of sock could access	2436	* Return 0 if a subject with the smack of sock could access
2437	* an object with the smack of other, otherwise an error code	2437	* an object with the smack of other, otherwise an error code
2438	*/	2438	*/
2439	static int smack_unix_may_send(struct socket sock, struct socket other)	2439	static int smack_unix_may_send(struct socket sock, struct socket other)
2440	{	2440	{
2441	struct inode *sp = SOCK_INODE(sock);	2441	struct inode *sp = SOCK_INODE(sock);
2442	struct inode *op = SOCK_INODE(other);	2442	struct inode *op = SOCK_INODE(other);
2443	struct smk_audit_info ad;	2443	struct smk_audit_info ad;
2444		2444
2445	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);	2445	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2446	smk_ad_setfield_u_net_sk(&ad, other->sk);	2446	smk_ad_setfield_u_net_sk(&ad, other->sk);
2447	return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad);	2447	return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad);
2448	}	2448	}
2449		2449
2450	/**	2450	/**
2451	* smack_socket_sendmsg - Smack check based on destination host	2451	* smack_socket_sendmsg - Smack check based on destination host
2452	* @sock: the socket	2452	* @sock: the socket
2453	* @msg: the message	2453	* @msg: the message
2454	* @size: the size of the message	2454	* @size: the size of the message
2455	*	2455	*
2456	* Return 0 if the current subject can write to the destination	2456	* Return 0 if the current subject can write to the destination
2457	* host. This is only a question if the destination is a single	2457	* host. This is only a question if the destination is a single
2458	* label host.	2458	* label host.
2459	*/	2459	*/
2460	static int smack_socket_sendmsg(struct socket sock, struct msghdr msg,	2460	static int smack_socket_sendmsg(struct socket sock, struct msghdr msg,
2461	int size)	2461	int size)
2462	{	2462	{
2463	struct sockaddr_in sip = (struct sockaddr_in ) msg->msg_name;	2463	struct sockaddr_in sip = (struct sockaddr_in ) msg->msg_name;
2464		2464
2465	/*	2465	/*
2466	* Perfectly reasonable for this to be NULL	2466	* Perfectly reasonable for this to be NULL
2467	*/	2467	*/
2468	if (sip == NULL \|\| sip->sin_family != AF_INET)	2468	if (sip == NULL \|\| sip->sin_family != AF_INET)
2469	return 0;	2469	return 0;
2470		2470
2471	return smack_netlabel_send(sock->sk, sip);	2471	return smack_netlabel_send(sock->sk, sip);
2472	}	2472	}
2473		2473
2474		2474
2475	/**	2475	/**
2476	* smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack	2476	* smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2477	* @sap: netlabel secattr	2477	* @sap: netlabel secattr
2478	* @sip: where to put the result	2478	* @sip: where to put the result
2479	*	2479	*
2480	* Copies a smack label into sip	2480	* Copies a smack label into sip
2481	*/	2481	*/
2482	static void smack_from_secattr(struct netlbl_lsm_secattr sap, char sip)	2482	static void smack_from_secattr(struct netlbl_lsm_secattr sap, char sip)
2483	{	2483	{
2484	char smack[SMK_LABELLEN];	2484	char smack[SMK_LABELLEN];
2485	char *sp;	2485	char *sp;
2486	int pcat;	2486	int pcat;
2487		2487
2488	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {	2488	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2489	/*	2489	/*
2490	* Looks like a CIPSO packet.	2490	* Looks like a CIPSO packet.
2491	* If there are flags but no level netlabel isn't	2491	* If there are flags but no level netlabel isn't
2492	* behaving the way we expect it to.	2492	* behaving the way we expect it to.
2493	*	2493	*
2494	* Get the categories, if any	2494	* Get the categories, if any
2495	* Without guidance regarding the smack value	2495	* Without guidance regarding the smack value
2496	* for the packet fall back on the network	2496	* for the packet fall back on the network
2497	* ambient value.	2497	* ambient value.
2498	*/	2498	*/
2499	memset(smack, '\0', SMK_LABELLEN);	2499	memset(smack, '\0', SMK_LABELLEN);
2500	if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)	2500	if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2501	for (pcat = -1;;) {	2501	for (pcat = -1;;) {
2502	pcat = netlbl_secattr_catmap_walk(	2502	pcat = netlbl_secattr_catmap_walk(
2503	sap->attr.mls.cat, pcat + 1);	2503	sap->attr.mls.cat, pcat + 1);
2504	if (pcat < 0)	2504	if (pcat < 0)
2505	break;	2505	break;
2506	smack_catset_bit(pcat, smack);	2506	smack_catset_bit(pcat, smack);
2507	}	2507	}
2508	/*	2508	/*
2509	* If it is CIPSO using smack direct mapping	2509	* If it is CIPSO using smack direct mapping
2510	* we are already done. WeeHee.	2510	* we are already done. WeeHee.
2511	*/	2511	*/
2512	if (sap->attr.mls.lvl == smack_cipso_direct) {	2512	if (sap->attr.mls.lvl == smack_cipso_direct) {
2513	memcpy(sip, smack, SMK_MAXLEN);	2513	memcpy(sip, smack, SMK_MAXLEN);
2514	return;	2514	return;
2515	}	2515	}
2516	/*	2516	/*
2517	* Look it up in the supplied table if it is not	2517	* Look it up in the supplied table if it is not
2518	* a direct mapping.	2518	* a direct mapping.
2519	*/	2519	*/
2520	smack_from_cipso(sap->attr.mls.lvl, smack, sip);	2520	smack_from_cipso(sap->attr.mls.lvl, smack, sip);
2521	return;	2521	return;
2522	}	2522	}
2523	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {	2523	if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2524	/*	2524	/*
2525	* Looks like a fallback, which gives us a secid.	2525	* Looks like a fallback, which gives us a secid.
2526	*/	2526	*/
2527	sp = smack_from_secid(sap->attr.secid);	2527	sp = smack_from_secid(sap->attr.secid);
2528	/*	2528	/*
2529	* This has got to be a bug because it is	2529	* This has got to be a bug because it is
2530	* impossible to specify a fallback without	2530	* impossible to specify a fallback without
2531	* specifying the label, which will ensure	2531	* specifying the label, which will ensure
2532	* it has a secid, and the only way to get a	2532	* it has a secid, and the only way to get a
2533	* secid is from a fallback.	2533	* secid is from a fallback.
2534	*/	2534	*/
2535	BUG_ON(sp == NULL);	2535	BUG_ON(sp == NULL);
2536	strncpy(sip, sp, SMK_MAXLEN);	2536	strncpy(sip, sp, SMK_MAXLEN);
2537	return;	2537	return;
2538	}	2538	}
2539	/*	2539	/*
2540	* Without guidance regarding the smack value	2540	* Without guidance regarding the smack value
2541	* for the packet fall back on the network	2541	* for the packet fall back on the network
2542	* ambient value.	2542	* ambient value.
2543	*/	2543	*/
2544	strncpy(sip, smack_net_ambient, SMK_MAXLEN);	2544	strncpy(sip, smack_net_ambient, SMK_MAXLEN);
2545	return;	2545	return;
2546	}	2546	}
2547		2547
2548	/**	2548	/**
2549	* smack_socket_sock_rcv_skb - Smack packet delivery access check	2549	* smack_socket_sock_rcv_skb - Smack packet delivery access check
2550	* @sk: socket	2550	* @sk: socket
2551	* @skb: packet	2551	* @skb: packet
2552	*	2552	*
2553	* Returns 0 if the packet should be delivered, an error code otherwise	2553	* Returns 0 if the packet should be delivered, an error code otherwise
2554	*/	2554	*/
2555	static int smack_socket_sock_rcv_skb(struct sock sk, struct sk_buff skb)	2555	static int smack_socket_sock_rcv_skb(struct sock sk, struct sk_buff skb)
2556	{	2556	{
2557	struct netlbl_lsm_secattr secattr;	2557	struct netlbl_lsm_secattr secattr;
2558	struct socket_smack *ssp = sk->sk_security;	2558	struct socket_smack *ssp = sk->sk_security;
2559	char smack[SMK_LABELLEN];	2559	char smack[SMK_LABELLEN];
2560	char *csp;	2560	char *csp;
2561	int rc;	2561	int rc;
2562	struct smk_audit_info ad;	2562	struct smk_audit_info ad;
2563	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)	2563	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2564	return 0;	2564	return 0;
2565		2565
2566	/*	2566	/*
2567	* Translate what netlabel gave us.	2567	* Translate what netlabel gave us.
2568	*/	2568	*/
2569	netlbl_secattr_init(&secattr);	2569	netlbl_secattr_init(&secattr);
2570		2570
2571	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);	2571	rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2572	if (rc == 0) {	2572	if (rc == 0) {
2573	smack_from_secattr(&secattr, smack);	2573	smack_from_secattr(&secattr, smack);
2574	csp = smack;	2574	csp = smack;
2575	} else	2575	} else
2576	csp = smack_net_ambient;	2576	csp = smack_net_ambient;
2577		2577
2578	netlbl_secattr_destroy(&secattr);	2578	netlbl_secattr_destroy(&secattr);
2579		2579
2580	#ifdef CONFIG_AUDIT	2580	#ifdef CONFIG_AUDIT
2581	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);	2581	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2582	ad.a.u.net.family = sk->sk_family;	2582	ad.a.u.net.family = sk->sk_family;
2583	ad.a.u.net.netif = skb->skb_iif;	2583	ad.a.u.net.netif = skb->skb_iif;
2584	ipv4_skb_to_auditdata(skb, &ad.a, NULL);	2584	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2585	#endif	2585	#endif
2586	/*	2586	/*
2587	* Receiving a packet requires that the other end	2587	* Receiving a packet requires that the other end
2588	* be able to write here. Read access is not required.	2588	* be able to write here. Read access is not required.
2589	* This is the simplist possible security model	2589	* This is the simplist possible security model
2590	* for networking.	2590	* for networking.
2591	*/	2591	*/
2592	rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);	2592	rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2593	if (rc != 0)	2593	if (rc != 0)
2594	netlbl_skbuff_err(skb, rc, 0);	2594	netlbl_skbuff_err(skb, rc, 0);
2595	return rc;	2595	return rc;
2596	}	2596	}
2597		2597
2598	/**	2598	/**
2599	* smack_socket_getpeersec_stream - pull in packet label	2599	* smack_socket_getpeersec_stream - pull in packet label
2600	* @sock: the socket	2600	* @sock: the socket
2601	* @optval: user's destination	2601	* @optval: user's destination
2602	* @optlen: size thereof	2602	* @optlen: size thereof
2603	* @len: max thereof	2603	* @len: max thereof
2604	*	2604	*
2605	* returns zero on success, an error code otherwise	2605	* returns zero on success, an error code otherwise
2606	*/	2606	*/
2607	static int smack_socket_getpeersec_stream(struct socket *sock,	2607	static int smack_socket_getpeersec_stream(struct socket *sock,
2608	char __user *optval,	2608	char __user *optval,
2609	int __user *optlen, unsigned len)	2609	int __user *optlen, unsigned len)
2610	{	2610	{
2611	struct socket_smack *ssp;	2611	struct socket_smack *ssp;
2612	int slen;	2612	int slen;
2613	int rc = 0;	2613	int rc = 0;
2614		2614
2615	ssp = sock->sk->sk_security;	2615	ssp = sock->sk->sk_security;
2616	slen = strlen(ssp->smk_packet) + 1;	2616	slen = strlen(ssp->smk_packet) + 1;
2617		2617
2618	if (slen > len)	2618	if (slen > len)
2619	rc = -ERANGE;	2619	rc = -ERANGE;
2620	else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)	2620	else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
2621	rc = -EFAULT;	2621	rc = -EFAULT;
2622		2622
2623	if (put_user(slen, optlen) != 0)	2623	if (put_user(slen, optlen) != 0)
2624	rc = -EFAULT;	2624	rc = -EFAULT;
2625		2625
2626	return rc;	2626	return rc;
2627	}	2627	}
2628		2628
2629		2629
2630	/**	2630	/**
2631	* smack_socket_getpeersec_dgram - pull in packet label	2631	* smack_socket_getpeersec_dgram - pull in packet label
2632	* @sock: the socket	2632	* @sock: the socket
2633	* @skb: packet data	2633	* @skb: packet data
2634	* @secid: pointer to where to put the secid of the packet	2634	* @secid: pointer to where to put the secid of the packet
2635	*	2635	*
2636	* Sets the netlabel socket state on sk from parent	2636	* Sets the netlabel socket state on sk from parent
2637	*/	2637	*/
2638	static int smack_socket_getpeersec_dgram(struct socket *sock,	2638	static int smack_socket_getpeersec_dgram(struct socket *sock,
2639	struct sk_buff skb, u32 secid)	2639	struct sk_buff skb, u32 secid)
2640		2640
2641	{	2641	{
2642	struct netlbl_lsm_secattr secattr;	2642	struct netlbl_lsm_secattr secattr;
2643	struct sock *sk;	2643	struct sock *sk;
2644	char smack[SMK_LABELLEN];	2644	char smack[SMK_LABELLEN];
2645	int family = PF_INET;	2645	int family = PF_INET;
2646	u32 s;	2646	u32 s;
2647	int rc;	2647	int rc;
2648		2648
2649	/*	2649	/*
2650	* Only works for families with packets.	2650	* Only works for families with packets.
2651	*/	2651	*/
2652	if (sock != NULL) {	2652	if (sock != NULL) {
2653	sk = sock->sk;	2653	sk = sock->sk;
2654	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)	2654	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2655	return 0;	2655	return 0;
2656	family = sk->sk_family;	2656	family = sk->sk_family;
2657	}	2657	}
2658	/*	2658	/*
2659	* Translate what netlabel gave us.	2659	* Translate what netlabel gave us.
2660	*/	2660	*/
2661	netlbl_secattr_init(&secattr);	2661	netlbl_secattr_init(&secattr);
2662	rc = netlbl_skbuff_getattr(skb, family, &secattr);	2662	rc = netlbl_skbuff_getattr(skb, family, &secattr);
2663	if (rc == 0)	2663	if (rc == 0)
2664	smack_from_secattr(&secattr, smack);	2664	smack_from_secattr(&secattr, smack);
2665	netlbl_secattr_destroy(&secattr);	2665	netlbl_secattr_destroy(&secattr);
2666		2666
2667	/*	2667	/*
2668	* Give up if we couldn't get anything	2668	* Give up if we couldn't get anything
2669	*/	2669	*/
2670	if (rc != 0)	2670	if (rc != 0)
2671	return rc;	2671	return rc;
2672		2672
2673	s = smack_to_secid(smack);	2673	s = smack_to_secid(smack);
2674	if (s == 0)	2674	if (s == 0)
2675	return -EINVAL;	2675	return -EINVAL;
2676		2676
2677	*secid = s;	2677	*secid = s;
2678	return 0;	2678	return 0;
2679	}	2679	}
2680		2680
2681	/**	2681	/**
2682	* smack_sock_graft - Initialize a newly created socket with an existing sock	2682	* smack_sock_graft - Initialize a newly created socket with an existing sock
2683	* @sk: child sock	2683	* @sk: child sock
2684	* @parent: parent socket	2684	* @parent: parent socket
2685	*	2685	*
2686	* Set the smk_{in,out} state of an existing sock based on the process that	2686	* Set the smk_{in,out} state of an existing sock based on the process that
2687	* is creating the new socket.	2687	* is creating the new socket.
2688	*/	2688	*/
2689	static void smack_sock_graft(struct sock sk, struct socket parent)	2689	static void smack_sock_graft(struct sock sk, struct socket parent)
2690	{	2690	{
2691	struct socket_smack *ssp;	2691	struct socket_smack *ssp;
2692		2692
2693	if (sk == NULL \|\|	2693	if (sk == NULL \|\|
2694	(sk->sk_family != PF_INET && sk->sk_family != PF_INET6))	2694	(sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
2695	return;	2695	return;
2696		2696
2697	ssp = sk->sk_security;	2697	ssp = sk->sk_security;
2698	ssp->smk_in = ssp->smk_out = current_security();	2698	ssp->smk_in = ssp->smk_out = current_security();
2699	/* cssp->smk_packet is already set in smack_inet_csk_clone() */	2699	/* cssp->smk_packet is already set in smack_inet_csk_clone() */
2700	}	2700	}
2701		2701
2702	/**	2702	/**
2703	* smack_inet_conn_request - Smack access check on connect	2703	* smack_inet_conn_request - Smack access check on connect
2704	* @sk: socket involved	2704	* @sk: socket involved
2705	* @skb: packet	2705	* @skb: packet
2706	* @req: unused	2706	* @req: unused
2707	*	2707	*
2708	* Returns 0 if a task with the packet label could write to	2708	* Returns 0 if a task with the packet label could write to
2709	* the socket, otherwise an error code	2709	* the socket, otherwise an error code
2710	*/	2710	*/
2711	static int smack_inet_conn_request(struct sock sk, struct sk_buff skb,	2711	static int smack_inet_conn_request(struct sock sk, struct sk_buff skb,
2712	struct request_sock *req)	2712	struct request_sock *req)
2713	{	2713	{
2714	u16 family = sk->sk_family;	2714	u16 family = sk->sk_family;
2715	struct socket_smack *ssp = sk->sk_security;	2715	struct socket_smack *ssp = sk->sk_security;
2716	struct netlbl_lsm_secattr secattr;	2716	struct netlbl_lsm_secattr secattr;
2717	struct sockaddr_in addr;	2717	struct sockaddr_in addr;
2718	struct iphdr *hdr;	2718	struct iphdr *hdr;
2719	char smack[SMK_LABELLEN];	2719	char smack[SMK_LABELLEN];
2720	int rc;	2720	int rc;
2721	struct smk_audit_info ad;	2721	struct smk_audit_info ad;
2722		2722
2723	/* handle mapped IPv4 packets arriving via IPv6 sockets */	2723	/* handle mapped IPv4 packets arriving via IPv6 sockets */
2724	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))	2724	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
2725	family = PF_INET;	2725	family = PF_INET;
2726		2726
2727	netlbl_secattr_init(&secattr);	2727	netlbl_secattr_init(&secattr);
2728	rc = netlbl_skbuff_getattr(skb, family, &secattr);	2728	rc = netlbl_skbuff_getattr(skb, family, &secattr);
2729	if (rc == 0)	2729	if (rc == 0)
2730	smack_from_secattr(&secattr, smack);	2730	smack_from_secattr(&secattr, smack);
2731	else	2731	else
2732	strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);	2732	strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
2733	netlbl_secattr_destroy(&secattr);	2733	netlbl_secattr_destroy(&secattr);
2734		2734
2735	#ifdef CONFIG_AUDIT	2735	#ifdef CONFIG_AUDIT
2736	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);	2736	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2737	ad.a.u.net.family = family;	2737	ad.a.u.net.family = family;
2738	ad.a.u.net.netif = skb->skb_iif;	2738	ad.a.u.net.netif = skb->skb_iif;
2739	ipv4_skb_to_auditdata(skb, &ad.a, NULL);	2739	ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2740	#endif	2740	#endif
2741	/*	2741	/*
2742	* Receiving a packet requires that the other end be able to write	2742	* Receiving a packet requires that the other end be able to write
2743	* here. Read access is not required.	2743	* here. Read access is not required.
2744	*/	2744	*/
2745	rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);	2745	rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);
2746	if (rc != 0)	2746	if (rc != 0)
2747	return rc;	2747	return rc;
2748		2748
2749	/*	2749	/*
2750	* Save the peer's label in the request_sock so we can later setup	2750	* Save the peer's label in the request_sock so we can later setup
2751	* smk_packet in the child socket so that SO_PEERCRED can report it.	2751	* smk_packet in the child socket so that SO_PEERCRED can report it.
2752	*/	2752	*/
2753	req->peer_secid = smack_to_secid(smack);	2753	req->peer_secid = smack_to_secid(smack);
2754		2754
2755	/*	2755	/*
2756	* We need to decide if we want to label the incoming connection here	2756	* We need to decide if we want to label the incoming connection here
2757	* if we do we only need to label the request_sock and the stack will	2757	* if we do we only need to label the request_sock and the stack will
2758	* propogate the wire-label to the sock when it is created.	2758	* propogate the wire-label to the sock when it is created.
2759	*/	2759	*/
2760	hdr = ip_hdr(skb);	2760	hdr = ip_hdr(skb);
2761	addr.sin_addr.s_addr = hdr->saddr;	2761	addr.sin_addr.s_addr = hdr->saddr;
2762	rcu_read_lock();	2762	rcu_read_lock();
2763	if (smack_host_label(&addr) == NULL) {	2763	if (smack_host_label(&addr) == NULL) {
2764	rcu_read_unlock();	2764	rcu_read_unlock();
2765	netlbl_secattr_init(&secattr);	2765	netlbl_secattr_init(&secattr);
2766	smack_to_secattr(smack, &secattr);	2766	smack_to_secattr(smack, &secattr);
2767	rc = netlbl_req_setattr(req, &secattr);	2767	rc = netlbl_req_setattr(req, &secattr);
2768	netlbl_secattr_destroy(&secattr);	2768	netlbl_secattr_destroy(&secattr);
2769	} else {	2769	} else {
2770	rcu_read_unlock();	2770	rcu_read_unlock();
2771	netlbl_req_delattr(req);	2771	netlbl_req_delattr(req);
2772	}	2772	}
2773		2773
2774	return rc;	2774	return rc;
2775	}	2775	}
2776		2776
2777	/**	2777	/**
2778	* smack_inet_csk_clone - Copy the connection information to the new socket	2778	* smack_inet_csk_clone - Copy the connection information to the new socket
2779	* @sk: the new socket	2779	* @sk: the new socket
2780	* @req: the connection's request_sock	2780	* @req: the connection's request_sock
2781	*	2781	*
2782	* Transfer the connection's peer label to the newly created socket.	2782	* Transfer the connection's peer label to the newly created socket.
2783	*/	2783	*/
2784	static void smack_inet_csk_clone(struct sock *sk,	2784	static void smack_inet_csk_clone(struct sock *sk,
2785	const struct request_sock *req)	2785	const struct request_sock *req)
2786	{	2786	{
2787	struct socket_smack *ssp = sk->sk_security;	2787	struct socket_smack *ssp = sk->sk_security;
2788	char *smack;	2788	char *smack;
2789		2789
2790	if (req->peer_secid != 0) {	2790	if (req->peer_secid != 0) {
2791	smack = smack_from_secid(req->peer_secid);	2791	smack = smack_from_secid(req->peer_secid);
2792	strncpy(ssp->smk_packet, smack, SMK_MAXLEN);	2792	strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
2793	} else	2793	} else
2794	ssp->smk_packet[0] = '\0';	2794	ssp->smk_packet[0] = '\0';
2795	}	2795	}
2796		2796
2797	/*	2797	/*
2798	* Key management security hooks	2798	* Key management security hooks
2799	*	2799	*
2800	* Casey has not tested key support very heavily.	2800	* Casey has not tested key support very heavily.
2801	* The permission check is most likely too restrictive.	2801	* The permission check is most likely too restrictive.
2802	* If you care about keys please have a look.	2802	* If you care about keys please have a look.
2803	*/	2803	*/
2804	#ifdef CONFIG_KEYS	2804	#ifdef CONFIG_KEYS
2805		2805
2806	/**	2806	/**
2807	* smack_key_alloc - Set the key security blob	2807	* smack_key_alloc - Set the key security blob
2808	* @key: object	2808	* @key: object
2809	* @cred: the credentials to use	2809	* @cred: the credentials to use
2810	* @flags: unused	2810	* @flags: unused
2811	*	2811	*
2812	* No allocation required	2812	* No allocation required
2813	*	2813	*
2814	* Returns 0	2814	* Returns 0
2815	*/	2815	*/
2816	static int smack_key_alloc(struct key key, const struct cred cred,	2816	static int smack_key_alloc(struct key key, const struct cred cred,
2817	unsigned long flags)	2817	unsigned long flags)
2818	{	2818	{
2819	key->security = cred->security;	2819	key->security = cred->security;
2820	return 0;	2820	return 0;
2821	}	2821	}
2822		2822
2823	/**	2823	/**
2824	* smack_key_free - Clear the key security blob	2824	* smack_key_free - Clear the key security blob
2825	* @key: the object	2825	* @key: the object
2826	*	2826	*
2827	* Clear the blob pointer	2827	* Clear the blob pointer
2828	*/	2828	*/
2829	static void smack_key_free(struct key *key)	2829	static void smack_key_free(struct key *key)
2830	{	2830	{
2831	key->security = NULL;	2831	key->security = NULL;
2832	}	2832	}
2833		2833
2834	/*	2834	/*
2835	* smack_key_permission - Smack access on a key	2835	* smack_key_permission - Smack access on a key
2836	* @key_ref: gets to the object	2836	* @key_ref: gets to the object
2837	* @cred: the credentials to use	2837	* @cred: the credentials to use
2838	* @perm: unused	2838	* @perm: unused
2839	*	2839	*
2840	* Return 0 if the task has read and write to the object,	2840	* Return 0 if the task has read and write to the object,
2841	* an error code otherwise	2841	* an error code otherwise
2842	*/	2842	*/
2843	static int smack_key_permission(key_ref_t key_ref,	2843	static int smack_key_permission(key_ref_t key_ref,
2844	const struct cred *cred, key_perm_t perm)	2844	const struct cred *cred, key_perm_t perm)
2845	{	2845	{
2846	struct key *keyp;	2846	struct key *keyp;
2847	struct smk_audit_info ad;	2847	struct smk_audit_info ad;
2848		2848
2849	keyp = key_ref_to_ptr(key_ref);	2849	keyp = key_ref_to_ptr(key_ref);
2850	if (keyp == NULL)	2850	if (keyp == NULL)
2851	return -EINVAL;	2851	return -EINVAL;
2852	/*	2852	/*
2853	* If the key hasn't been initialized give it access so that	2853	* If the key hasn't been initialized give it access so that
2854	* it may do so.	2854	* it may do so.
2855	*/	2855	*/
2856	if (keyp->security == NULL)	2856	if (keyp->security == NULL)
2857	return 0;	2857	return 0;
2858	/*	2858	/*
2859	* This should not occur	2859	* This should not occur
2860	*/	2860	*/
2861	if (cred->security == NULL)	2861	if (cred->security == NULL)
2862	return -EACCES;	2862	return -EACCES;
2863	#ifdef CONFIG_AUDIT	2863	#ifdef CONFIG_AUDIT
2864	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);	2864	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
2865	ad.a.u.key_struct.key = keyp->serial;	2865	ad.a.u.key_struct.key = keyp->serial;
2866	ad.a.u.key_struct.key_desc = keyp->description;	2866	ad.a.u.key_struct.key_desc = keyp->description;
2867	#endif	2867	#endif
2868	return smk_access(cred->security, keyp->security,	2868	return smk_access(cred->security, keyp->security,
2869	MAY_READWRITE, &ad);	2869	MAY_READWRITE, &ad);
2870	}	2870	}
2871	#endif /* CONFIG_KEYS */	2871	#endif /* CONFIG_KEYS */
2872		2872
2873	/*	2873	/*
2874	* Smack Audit hooks	2874	* Smack Audit hooks
2875	*	2875	*
2876	* Audit requires a unique representation of each Smack specific	2876	* Audit requires a unique representation of each Smack specific
2877	* rule. This unique representation is used to distinguish the	2877	* rule. This unique representation is used to distinguish the
2878	* object to be audited from remaining kernel objects and also	2878	* object to be audited from remaining kernel objects and also
2879	* works as a glue between the audit hooks.	2879	* works as a glue between the audit hooks.
2880	*	2880	*
2881	* Since repository entries are added but never deleted, we'll use	2881	* Since repository entries are added but never deleted, we'll use
2882	* the smack_known label address related to the given audit rule as	2882	* the smack_known label address related to the given audit rule as
2883	* the needed unique representation. This also better fits the smack	2883	* the needed unique representation. This also better fits the smack
2884	* model where nearly everything is a label.	2884	* model where nearly everything is a label.
2885	*/	2885	*/
2886	#ifdef CONFIG_AUDIT	2886	#ifdef CONFIG_AUDIT
2887		2887
2888	/**	2888	/**
2889	* smack_audit_rule_init - Initialize a smack audit rule	2889	* smack_audit_rule_init - Initialize a smack audit rule
2890	* @field: audit rule fields given from user-space (audit.h)	2890	* @field: audit rule fields given from user-space (audit.h)
2891	* @op: required testing operator (=, !=, >, <, ...)	2891	* @op: required testing operator (=, !=, >, <, ...)
2892	* @rulestr: smack label to be audited	2892	* @rulestr: smack label to be audited
2893	* @vrule: pointer to save our own audit rule representation	2893	* @vrule: pointer to save our own audit rule representation
2894	*	2894	*
2895	* Prepare to audit cases where (@field @op @rulestr) is true.	2895	* Prepare to audit cases where (@field @op @rulestr) is true.
2896	* The label to be audited is created if necessay.	2896	* The label to be audited is created if necessay.
2897	*/	2897	*/
2898	static int smack_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)	2898	static int smack_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)
2899	{	2899	{
2900	char rule = (char )vrule;	2900	char rule = (char )vrule;
2901	*rule = NULL;	2901	*rule = NULL;
2902		2902
2903	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)	2903	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
2904	return -EINVAL;	2904	return -EINVAL;
2905		2905
2906	if (op != Audit_equal && op != Audit_not_equal)	2906	if (op != Audit_equal && op != Audit_not_equal)
2907	return -EINVAL;	2907	return -EINVAL;
2908		2908
2909	*rule = smk_import(rulestr, 0);	2909	*rule = smk_import(rulestr, 0);
2910		2910
2911	return 0;	2911	return 0;
2912	}	2912	}
2913		2913
2914	/**	2914	/**
2915	* smack_audit_rule_known - Distinguish Smack audit rules	2915	* smack_audit_rule_known - Distinguish Smack audit rules
2916	* @krule: rule of interest, in Audit kernel representation format	2916	* @krule: rule of interest, in Audit kernel representation format
2917	*	2917	*
2918	* This is used to filter Smack rules from remaining Audit ones.	2918	* This is used to filter Smack rules from remaining Audit ones.
2919	* If it's proved that this rule belongs to us, the	2919	* If it's proved that this rule belongs to us, the
2920	* audit_rule_match hook will be called to do the final judgement.	2920	* audit_rule_match hook will be called to do the final judgement.
2921	*/	2921	*/
2922	static int smack_audit_rule_known(struct audit_krule *krule)	2922	static int smack_audit_rule_known(struct audit_krule *krule)
2923	{	2923	{
2924	struct audit_field *f;	2924	struct audit_field *f;
2925	int i;	2925	int i;
2926		2926
2927	for (i = 0; i < krule->field_count; i++) {	2927	for (i = 0; i < krule->field_count; i++) {
2928	f = &krule->fields[i];	2928	f = &krule->fields[i];
2929		2929
2930	if (f->type == AUDIT_SUBJ_USER \|\| f->type == AUDIT_OBJ_USER)	2930	if (f->type == AUDIT_SUBJ_USER \|\| f->type == AUDIT_OBJ_USER)
2931	return 1;	2931	return 1;
2932	}	2932	}
2933		2933
2934	return 0;	2934	return 0;
2935	}	2935	}
2936		2936
2937	/**	2937	/**
2938	* smack_audit_rule_match - Audit given object ?	2938	* smack_audit_rule_match - Audit given object ?
2939	* @secid: security id for identifying the object to test	2939	* @secid: security id for identifying the object to test
2940	* @field: audit rule flags given from user-space	2940	* @field: audit rule flags given from user-space
2941	* @op: required testing operator	2941	* @op: required testing operator
2942	* @vrule: smack internal rule presentation	2942	* @vrule: smack internal rule presentation
2943	* @actx: audit context associated with the check	2943	* @actx: audit context associated with the check
2944	*	2944	*
2945	* The core Audit hook. It's used to take the decision of	2945	* The core Audit hook. It's used to take the decision of
2946	* whether to audit or not to audit a given object.	2946	* whether to audit or not to audit a given object.
2947	*/	2947	*/
2948	static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,	2948	static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
2949	struct audit_context *actx)	2949	struct audit_context *actx)
2950	{	2950	{
2951	char *smack;	2951	char *smack;
2952	char *rule = vrule;	2952	char *rule = vrule;
2953		2953
2954	if (!rule) {	2954	if (!rule) {
2955	audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,	2955	audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
2956	"Smack: missing rule\n");	2956	"Smack: missing rule\n");
2957	return -ENOENT;	2957	return -ENOENT;
2958	}	2958	}
2959		2959
2960	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)	2960	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
2961	return 0;	2961	return 0;
2962		2962
2963	smack = smack_from_secid(secid);	2963	smack = smack_from_secid(secid);
2964		2964
2965	/*	2965	/*
2966	* No need to do string comparisons. If a match occurs,	2966	* No need to do string comparisons. If a match occurs,
2967	* both pointers will point to the same smack_known	2967	* both pointers will point to the same smack_known
2968	* label.	2968	* label.
2969	*/	2969	*/
2970	if (op == Audit_equal)	2970	if (op == Audit_equal)
2971	return (rule == smack);	2971	return (rule == smack);
2972	if (op == Audit_not_equal)	2972	if (op == Audit_not_equal)
2973	return (rule != smack);	2973	return (rule != smack);
2974		2974
2975	return 0;	2975	return 0;
2976	}	2976	}
2977		2977
2978	/**	2978	/**
2979	* smack_audit_rule_free - free smack rule representation	2979	* smack_audit_rule_free - free smack rule representation
2980	* @vrule: rule to be freed.	2980	* @vrule: rule to be freed.
2981	*	2981	*
2982	* No memory was allocated.	2982	* No memory was allocated.
2983	*/	2983	*/
2984	static void smack_audit_rule_free(void *vrule)	2984	static void smack_audit_rule_free(void *vrule)
2985	{	2985	{
2986	/* No-op */	2986	/* No-op */
2987	}	2987	}
2988		2988
2989	#endif /* CONFIG_AUDIT */	2989	#endif /* CONFIG_AUDIT */
2990		2990
2991	/**	2991	/**
2992	* smack_secid_to_secctx - return the smack label for a secid	2992	* smack_secid_to_secctx - return the smack label for a secid
2993	* @secid: incoming integer	2993	* @secid: incoming integer
2994	* @secdata: destination	2994	* @secdata: destination
2995	* @seclen: how long it is	2995	* @seclen: how long it is
2996	*	2996	*
2997	* Exists for networking code.	2997	* Exists for networking code.
2998	*/	2998	*/
2999	static int smack_secid_to_secctx(u32 secid, char *secdata, u32 seclen)	2999	static int smack_secid_to_secctx(u32 secid, char *secdata, u32 seclen)
3000	{	3000	{
3001	char *sp = smack_from_secid(secid);	3001	char *sp = smack_from_secid(secid);
3002		3002
3003	if (secdata)	3003	if (secdata)
3004	*secdata = sp;	3004	*secdata = sp;
3005	*seclen = strlen(sp);	3005	*seclen = strlen(sp);
3006	return 0;	3006	return 0;
3007	}	3007	}
3008		3008
3009	/**	3009	/**
3010	* smack_secctx_to_secid - return the secid for a smack label	3010	* smack_secctx_to_secid - return the secid for a smack label
3011	* @secdata: smack label	3011	* @secdata: smack label
3012	* @seclen: how long result is	3012	* @seclen: how long result is
3013	* @secid: outgoing integer	3013	* @secid: outgoing integer
3014	*	3014	*
3015	* Exists for audit and networking code.	3015	* Exists for audit and networking code.
3016	*/	3016	*/
3017	static int smack_secctx_to_secid(const char secdata, u32 seclen, u32 secid)	3017	static int smack_secctx_to_secid(const char secdata, u32 seclen, u32 secid)
3018	{	3018	{
3019	*secid = smack_to_secid(secdata);	3019	*secid = smack_to_secid(secdata);
3020	return 0;	3020	return 0;
3021	}	3021	}
3022		3022
3023	/**	3023	/**
3024	* smack_release_secctx - don't do anything.	3024	* smack_release_secctx - don't do anything.
3025	* @secdata: unused	3025	* @secdata: unused
3026	* @seclen: unused	3026	* @seclen: unused
3027	*	3027	*
3028	* Exists to make sure nothing gets done, and properly	3028	* Exists to make sure nothing gets done, and properly
3029	*/	3029	*/
3030	static void smack_release_secctx(char *secdata, u32 seclen)	3030	static void smack_release_secctx(char *secdata, u32 seclen)
3031	{	3031	{
3032	}	3032	}
3033		3033
3034	static int smack_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)	3034	static int smack_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)
3035	{	3035	{
3036	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);	3036	return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3037	}	3037	}
3038		3038
3039	static int smack_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)	3039	static int smack_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
3040	{	3040	{
3041	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);	3041	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3042	}	3042	}
3043		3043
3044	static int smack_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)	3044	static int smack_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)
3045	{	3045	{
3046	int len = 0;	3046	int len = 0;
3047	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);	3047	len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3048		3048
3049	if (len < 0)	3049	if (len < 0)
3050	return len;	3050	return len;
3051	*ctxlen = len;	3051	*ctxlen = len;
3052	return 0;	3052	return 0;
3053	}	3053	}
3054		3054
3055	struct security_operations smack_ops = {	3055	struct security_operations smack_ops = {
3056	.name = "smack",	3056	.name = "smack",
3057		3057
3058	.ptrace_access_check = smack_ptrace_access_check,	3058	.ptrace_access_check = smack_ptrace_access_check,
3059	.ptrace_traceme = smack_ptrace_traceme,	3059	.ptrace_traceme = smack_ptrace_traceme,
3060	.syslog = smack_syslog,	3060	.syslog = smack_syslog,
3061		3061
3062	.sb_alloc_security = smack_sb_alloc_security,	3062	.sb_alloc_security = smack_sb_alloc_security,
3063	.sb_free_security = smack_sb_free_security,	3063	.sb_free_security = smack_sb_free_security,
3064	.sb_copy_data = smack_sb_copy_data,	3064	.sb_copy_data = smack_sb_copy_data,
3065	.sb_kern_mount = smack_sb_kern_mount,	3065	.sb_kern_mount = smack_sb_kern_mount,
3066	.sb_statfs = smack_sb_statfs,	3066	.sb_statfs = smack_sb_statfs,
3067	.sb_mount = smack_sb_mount,	3067	.sb_mount = smack_sb_mount,
3068	.sb_umount = smack_sb_umount,	3068	.sb_umount = smack_sb_umount,
3069		3069
3070	.inode_alloc_security = smack_inode_alloc_security,	3070	.inode_alloc_security = smack_inode_alloc_security,
3071	.inode_free_security = smack_inode_free_security,	3071	.inode_free_security = smack_inode_free_security,
3072	.inode_init_security = smack_inode_init_security,	3072	.inode_init_security = smack_inode_init_security,
3073	.inode_link = smack_inode_link,	3073	.inode_link = smack_inode_link,
3074	.inode_unlink = smack_inode_unlink,	3074	.inode_unlink = smack_inode_unlink,
3075	.inode_rmdir = smack_inode_rmdir,	3075	.inode_rmdir = smack_inode_rmdir,
3076	.inode_rename = smack_inode_rename,	3076	.inode_rename = smack_inode_rename,
3077	.inode_permission = smack_inode_permission,	3077	.inode_permission = smack_inode_permission,
3078	.inode_setattr = smack_inode_setattr,	3078	.inode_setattr = smack_inode_setattr,
3079	.inode_getattr = smack_inode_getattr,	3079	.inode_getattr = smack_inode_getattr,
3080	.inode_setxattr = smack_inode_setxattr,	3080	.inode_setxattr = smack_inode_setxattr,
3081	.inode_post_setxattr = smack_inode_post_setxattr,	3081	.inode_post_setxattr = smack_inode_post_setxattr,
3082	.inode_getxattr = smack_inode_getxattr,	3082	.inode_getxattr = smack_inode_getxattr,
3083	.inode_removexattr = smack_inode_removexattr,	3083	.inode_removexattr = smack_inode_removexattr,
3084	.inode_getsecurity = smack_inode_getsecurity,	3084	.inode_getsecurity = smack_inode_getsecurity,
3085	.inode_setsecurity = smack_inode_setsecurity,	3085	.inode_setsecurity = smack_inode_setsecurity,
3086	.inode_listsecurity = smack_inode_listsecurity,	3086	.inode_listsecurity = smack_inode_listsecurity,
3087	.inode_getsecid = smack_inode_getsecid,	3087	.inode_getsecid = smack_inode_getsecid,
3088		3088
3089	.file_permission = smack_file_permission,	3089	.file_permission = smack_file_permission,
3090	.file_alloc_security = smack_file_alloc_security,	3090	.file_alloc_security = smack_file_alloc_security,
3091	.file_free_security = smack_file_free_security,	3091	.file_free_security = smack_file_free_security,
3092	.file_ioctl = smack_file_ioctl,	3092	.file_ioctl = smack_file_ioctl,
3093	.file_lock = smack_file_lock,	3093	.file_lock = smack_file_lock,
3094	.file_fcntl = smack_file_fcntl,	3094	.file_fcntl = smack_file_fcntl,
3095	.file_set_fowner = smack_file_set_fowner,	3095	.file_set_fowner = smack_file_set_fowner,
3096	.file_send_sigiotask = smack_file_send_sigiotask,	3096	.file_send_sigiotask = smack_file_send_sigiotask,
3097	.file_receive = smack_file_receive,	3097	.file_receive = smack_file_receive,
3098		3098
3099	.cred_alloc_blank = smack_cred_alloc_blank,	3099	.cred_alloc_blank = smack_cred_alloc_blank,
3100	.cred_free = smack_cred_free,	3100	.cred_free = smack_cred_free,
3101	.cred_prepare = smack_cred_prepare,	3101	.cred_prepare = smack_cred_prepare,
3102	.cred_transfer = smack_cred_transfer,	3102	.cred_transfer = smack_cred_transfer,
3103	.kernel_act_as = smack_kernel_act_as,	3103	.kernel_act_as = smack_kernel_act_as,
3104	.kernel_create_files_as = smack_kernel_create_files_as,	3104	.kernel_create_files_as = smack_kernel_create_files_as,
3105	.task_setpgid = smack_task_setpgid,	3105	.task_setpgid = smack_task_setpgid,
3106	.task_getpgid = smack_task_getpgid,	3106	.task_getpgid = smack_task_getpgid,
3107	.task_getsid = smack_task_getsid,	3107	.task_getsid = smack_task_getsid,
3108	.task_getsecid = smack_task_getsecid,	3108	.task_getsecid = smack_task_getsecid,
3109	.task_setnice = smack_task_setnice,	3109	.task_setnice = smack_task_setnice,
3110	.task_setioprio = smack_task_setioprio,	3110	.task_setioprio = smack_task_setioprio,
3111	.task_getioprio = smack_task_getioprio,	3111	.task_getioprio = smack_task_getioprio,
3112	.task_setscheduler = smack_task_setscheduler,	3112	.task_setscheduler = smack_task_setscheduler,
3113	.task_getscheduler = smack_task_getscheduler,	3113	.task_getscheduler = smack_task_getscheduler,
3114	.task_movememory = smack_task_movememory,	3114	.task_movememory = smack_task_movememory,
3115	.task_kill = smack_task_kill,	3115	.task_kill = smack_task_kill,
3116	.task_wait = smack_task_wait,	3116	.task_wait = smack_task_wait,
3117	.task_to_inode = smack_task_to_inode,	3117	.task_to_inode = smack_task_to_inode,
3118		3118
3119	.ipc_permission = smack_ipc_permission,	3119	.ipc_permission = smack_ipc_permission,
3120	.ipc_getsecid = smack_ipc_getsecid,	3120	.ipc_getsecid = smack_ipc_getsecid,
3121		3121
3122	.msg_msg_alloc_security = smack_msg_msg_alloc_security,	3122	.msg_msg_alloc_security = smack_msg_msg_alloc_security,
3123	.msg_msg_free_security = smack_msg_msg_free_security,	3123	.msg_msg_free_security = smack_msg_msg_free_security,
3124		3124
3125	.msg_queue_alloc_security = smack_msg_queue_alloc_security,	3125	.msg_queue_alloc_security = smack_msg_queue_alloc_security,
3126	.msg_queue_free_security = smack_msg_queue_free_security,	3126	.msg_queue_free_security = smack_msg_queue_free_security,
3127	.msg_queue_associate = smack_msg_queue_associate,	3127	.msg_queue_associate = smack_msg_queue_associate,
3128	.msg_queue_msgctl = smack_msg_queue_msgctl,	3128	.msg_queue_msgctl = smack_msg_queue_msgctl,
3129	.msg_queue_msgsnd = smack_msg_queue_msgsnd,	3129	.msg_queue_msgsnd = smack_msg_queue_msgsnd,
3130	.msg_queue_msgrcv = smack_msg_queue_msgrcv,	3130	.msg_queue_msgrcv = smack_msg_queue_msgrcv,
3131		3131
3132	.shm_alloc_security = smack_shm_alloc_security,	3132	.shm_alloc_security = smack_shm_alloc_security,
3133	.shm_free_security = smack_shm_free_security,	3133	.shm_free_security = smack_shm_free_security,
3134	.shm_associate = smack_shm_associate,	3134	.shm_associate = smack_shm_associate,
3135	.shm_shmctl = smack_shm_shmctl,	3135	.shm_shmctl = smack_shm_shmctl,
3136	.shm_shmat = smack_shm_shmat,	3136	.shm_shmat = smack_shm_shmat,
3137		3137
3138	.sem_alloc_security = smack_sem_alloc_security,	3138	.sem_alloc_security = smack_sem_alloc_security,
3139	.sem_free_security = smack_sem_free_security,	3139	.sem_free_security = smack_sem_free_security,
3140	.sem_associate = smack_sem_associate,	3140	.sem_associate = smack_sem_associate,
3141	.sem_semctl = smack_sem_semctl,	3141	.sem_semctl = smack_sem_semctl,
3142	.sem_semop = smack_sem_semop,	3142	.sem_semop = smack_sem_semop,
3143		3143
3144	.d_instantiate = smack_d_instantiate,	3144	.d_instantiate = smack_d_instantiate,
3145		3145
3146	.getprocattr = smack_getprocattr,	3146	.getprocattr = smack_getprocattr,
3147	.setprocattr = smack_setprocattr,	3147	.setprocattr = smack_setprocattr,
3148		3148
3149	.unix_stream_connect = smack_unix_stream_connect,	3149	.unix_stream_connect = smack_unix_stream_connect,
3150	.unix_may_send = smack_unix_may_send,	3150	.unix_may_send = smack_unix_may_send,
3151		3151
3152	.socket_post_create = smack_socket_post_create,	3152	.socket_post_create = smack_socket_post_create,
3153	.socket_connect = smack_socket_connect,	3153	.socket_connect = smack_socket_connect,
3154	.socket_sendmsg = smack_socket_sendmsg,	3154	.socket_sendmsg = smack_socket_sendmsg,
3155	.socket_sock_rcv_skb = smack_socket_sock_rcv_skb,	3155	.socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
3156	.socket_getpeersec_stream = smack_socket_getpeersec_stream,	3156	.socket_getpeersec_stream = smack_socket_getpeersec_stream,
3157	.socket_getpeersec_dgram = smack_socket_getpeersec_dgram,	3157	.socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
3158	.sk_alloc_security = smack_sk_alloc_security,	3158	.sk_alloc_security = smack_sk_alloc_security,
3159	.sk_free_security = smack_sk_free_security,	3159	.sk_free_security = smack_sk_free_security,
3160	.sock_graft = smack_sock_graft,	3160	.sock_graft = smack_sock_graft,
3161	.inet_conn_request = smack_inet_conn_request,	3161	.inet_conn_request = smack_inet_conn_request,
3162	.inet_csk_clone = smack_inet_csk_clone,	3162	.inet_csk_clone = smack_inet_csk_clone,
3163		3163
3164	/* key management security hooks */	3164	/* key management security hooks */
3165	#ifdef CONFIG_KEYS	3165	#ifdef CONFIG_KEYS
3166	.key_alloc = smack_key_alloc,	3166	.key_alloc = smack_key_alloc,
3167	.key_free = smack_key_free,	3167	.key_free = smack_key_free,
3168	.key_permission = smack_key_permission,	3168	.key_permission = smack_key_permission,
3169	#endif /* CONFIG_KEYS */	3169	#endif /* CONFIG_KEYS */
3170		3170
3171	/* Audit hooks */	3171	/* Audit hooks */
3172	#ifdef CONFIG_AUDIT	3172	#ifdef CONFIG_AUDIT
3173	.audit_rule_init = smack_audit_rule_init,	3173	.audit_rule_init = smack_audit_rule_init,
3174	.audit_rule_known = smack_audit_rule_known,	3174	.audit_rule_known = smack_audit_rule_known,
3175	.audit_rule_match = smack_audit_rule_match,	3175	.audit_rule_match = smack_audit_rule_match,
3176	.audit_rule_free = smack_audit_rule_free,	3176	.audit_rule_free = smack_audit_rule_free,
3177	#endif /* CONFIG_AUDIT */	3177	#endif /* CONFIG_AUDIT */
3178		3178
3179	.secid_to_secctx = smack_secid_to_secctx,	3179	.secid_to_secctx = smack_secid_to_secctx,
3180	.secctx_to_secid = smack_secctx_to_secid,	3180	.secctx_to_secid = smack_secctx_to_secid,
3181	.release_secctx = smack_release_secctx,	3181	.release_secctx = smack_release_secctx,
3182	.inode_notifysecctx = smack_inode_notifysecctx,	3182	.inode_notifysecctx = smack_inode_notifysecctx,
3183	.inode_setsecctx = smack_inode_setsecctx,	3183	.inode_setsecctx = smack_inode_setsecctx,
3184	.inode_getsecctx = smack_inode_getsecctx,	3184	.inode_getsecctx = smack_inode_getsecctx,
3185	};	3185	};
3186		3186
3187		3187
3188	static __init void init_smack_know_list(void)	3188	static __init void init_smack_know_list(void)
3189	{	3189	{
3190	list_add(&smack_known_huh.list, &smack_known_list);	3190	list_add(&smack_known_huh.list, &smack_known_list);
3191	list_add(&smack_known_hat.list, &smack_known_list);	3191	list_add(&smack_known_hat.list, &smack_known_list);
3192	list_add(&smack_known_star.list, &smack_known_list);	3192	list_add(&smack_known_star.list, &smack_known_list);
3193	list_add(&smack_known_floor.list, &smack_known_list);	3193	list_add(&smack_known_floor.list, &smack_known_list);
3194	list_add(&smack_known_invalid.list, &smack_known_list);	3194	list_add(&smack_known_invalid.list, &smack_known_list);
3195	list_add(&smack_known_web.list, &smack_known_list);	3195	list_add(&smack_known_web.list, &smack_known_list);
3196	}	3196	}
3197		3197
3198	/**	3198	/**
3199	* smack_init - initialize the smack system	3199	* smack_init - initialize the smack system
3200	*	3200	*
3201	* Returns 0	3201	* Returns 0
3202	*/	3202	*/
3203	static __init int smack_init(void)	3203	static __init int smack_init(void)
3204	{	3204	{
3205	struct cred *cred;	3205	struct cred *cred;
3206		3206
3207	if (!security_module_enable(&smack_ops))	3207	if (!security_module_enable(&smack_ops))
3208	return 0;	3208	return 0;
3209		3209
3210	printk(KERN_INFO "Smack: Initializing.\n");	3210	printk(KERN_INFO "Smack: Initializing.\n");
3211		3211
3212	/*	3212	/*
3213	* Set the security state for the initial task.	3213	* Set the security state for the initial task.
3214	*/	3214	*/
3215	cred = (struct cred *) current->cred;	3215	cred = (struct cred *) current->cred;
3216	cred->security = &smack_known_floor.smk_known;	3216	cred->security = &smack_known_floor.smk_known;
3217		3217
3218	/* initialize the smack_know_list */	3218	/* initialize the smack_know_list */
3219	init_smack_know_list();	3219	init_smack_know_list();
3220	/*	3220	/*
3221	* Initialize locks	3221	* Initialize locks
3222	*/	3222	*/
3223	spin_lock_init(&smack_known_huh.smk_cipsolock);	3223	spin_lock_init(&smack_known_huh.smk_cipsolock);
3224	spin_lock_init(&smack_known_hat.smk_cipsolock);	3224	spin_lock_init(&smack_known_hat.smk_cipsolock);
3225	spin_lock_init(&smack_known_star.smk_cipsolock);	3225	spin_lock_init(&smack_known_star.smk_cipsolock);
3226	spin_lock_init(&smack_known_floor.smk_cipsolock);	3226	spin_lock_init(&smack_known_floor.smk_cipsolock);
3227	spin_lock_init(&smack_known_invalid.smk_cipsolock);	3227	spin_lock_init(&smack_known_invalid.smk_cipsolock);
3228		3228
3229	/*	3229	/*
3230	* Register with LSM	3230	* Register with LSM
3231	*/	3231	*/
3232	if (register_security(&smack_ops))	3232	if (register_security(&smack_ops))
3233	panic("smack: Unable to register with kernel.\n");	3233	panic("smack: Unable to register with kernel.\n");
3234		3234
3235	return 0;	3235	return 0;
3236	}	3236	}
3237		3237
3238	/*	3238	/*
3239	* Smack requires early initialization in order to label	3239	* Smack requires early initialization in order to label
3240	* all processes and objects when they are created.	3240	* all processes and objects when they are created.
3241	*/	3241	*/
3242	security_initcall(smack_init);	3242	security_initcall(smack_init);
3243		3243