[deliverable/linux.git] / security / smack / smack_access.c

/*
 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation, version 2.
 *
 * Author:
 *      Casey Schaufler <casey@schaufler-ca.com>
 *
 */

#include <linux/types.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include "smack.h"

struct smack_known smack_known_huh = {
	.smk_known	= "?",
	.smk_secid	= 2,
};

struct smack_known smack_known_hat = {
	.smk_known	= "^",
	.smk_secid	= 3,
};

struct smack_known smack_known_star = {
	.smk_known	= "*",
	.smk_secid	= 4,
};

struct smack_known smack_known_floor = {
	.smk_known	= "_",
	.smk_secid	= 5,
};

struct smack_known smack_known_invalid = {
	.smk_known	= "",
	.smk_secid	= 6,
};

struct smack_known smack_known_web = {
	.smk_known	= "@",
	.smk_secid	= 7,
};

LIST_HEAD(smack_known_list);

/*
 * The initial value needs to be bigger than any of the
 * known values above.
 */
static u32 smack_next_secid = 10;

/*
 * what events do we log
 * can be overwritten at run-time by /smack/logging
 */
int log_policy = SMACK_AUDIT_DENIED;

/**
 * smk_access_entry - look up matching access rule
 * @subject_label: a pointer to the subject's Smack label
 * @object_label: a pointer to the object's Smack label
 * @rule_list: the list of rules to search
 *
 * This function looks up the subject/object pair in the
 * access rule list and returns the access mode. If no
 * entry is found returns -ENOENT.
 *
 * NOTE:
 *
 * Earlier versions of this function allowed for labels that
 * were not on the label list. This was done to allow for
 * labels to come over the network that had never been seen
 * before on this host. Unless the receiving socket has the
 * star label this will always result in a failure check. The
 * star labeled socket case is now handled in the networking
 * hooks so there is no case where the label is not on the
 * label list. Checking to see if the address of two labels
 * is the same is now a reliable test.
 *
 * Do the object check first because that is more
 * likely to differ.
 *
 * Allowing write access implies allowing locking.
 */
int smk_access_entry(char *subject_label, char *object_label,
			struct list_head *rule_list)
{
	int may = -ENOENT;
	struct smack_rule *srp;

	list_for_each_entry_rcu(srp, rule_list, list) {
		if (srp->smk_object == object_label &&
		    srp->smk_subject->smk_known == subject_label) {
			may = srp->smk_access;
			break;
		}
	}

	/*
	 * MAY_WRITE implies MAY_LOCK.
	 */
	if ((may & MAY_WRITE) == MAY_WRITE)
		may |= MAY_LOCK;
	return may;
}

/**
 * smk_access - determine if a subject has a specific access to an object
 * @subject_known: a pointer to the subject's Smack label entry
 * @object_label: a pointer to the object's Smack label
 * @request: the access requested, in "MAY" format
 * @a : a pointer to the audit data
 *
 * This function looks up the subject/object pair in the
 * access rule list and returns 0 if the access is permitted,
 * non zero otherwise.
 *
 * Smack labels are shared on smack_list
 */
int smk_access(struct smack_known *subject_known, char *object_label,
		int request, struct smk_audit_info *a)
{
	int may = MAY_NOT;
	int rc = 0;

	/*
	 * Hardcoded comparisons.
	 *
	 * A star subject can't access any object.
	 */
	if (subject_known == &smack_known_star) {
		rc = -EACCES;
		goto out_audit;
	}
	/*
	 * An internet object can be accessed by any subject.
	 * Tasks cannot be assigned the internet label.
	 * An internet subject can access any object.
	 */
	if (object_label == smack_known_web.smk_known ||
	    subject_known == &smack_known_web)
		goto out_audit;
	/*
	 * A star object can be accessed by any subject.
	 */
	if (object_label == smack_known_star.smk_known)
		goto out_audit;
	/*
	 * An object can be accessed in any way by a subject
	 * with the same label.
	 */
	if (subject_known->smk_known == object_label)
		goto out_audit;
	/*
	 * A hat subject can read any object.
	 * A floor object can be read by any subject.
	 */
	if ((request & MAY_ANYREAD) == request) {
		if (object_label == smack_known_floor.smk_known)
			goto out_audit;
		if (subject_known == &smack_known_hat)
			goto out_audit;
	}
	/*
	 * Beyond here an explicit relationship is required.
	 * If the requested access is contained in the available
	 * access (e.g. read is included in readwrite) it's
	 * good. A negative response from smk_access_entry()
	 * indicates there is no entry for this pair.
	 */
	rcu_read_lock();
	may = smk_access_entry(subject_known->smk_known, object_label,
				&subject_known->smk_rules);
	rcu_read_unlock();

	if (may > 0 && (request & may) == request)
		goto out_audit;

	rc = -EACCES;
out_audit:
#ifdef CONFIG_AUDIT
	if (a)
		smack_log(subject_known->smk_known, object_label, request,
				rc, a);
#endif
	return rc;
}

/**
 * smk_curacc - determine if current has a specific access to an object
 * @obj_label: a pointer to the object's Smack label
 * @mode: the access requested, in "MAY" format
 * @a : common audit data
 *
 * This function checks the current subject label/object label pair
 * in the access rule list and returns 0 if the access is permitted,
 * non zero otherwise. It allows that current may have the capability
 * to override the rules.
 */
int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
{
	struct task_smack *tsp = current_security();
	struct smack_known *skp = smk_of_task(tsp);
	int may;
	int rc;

	/*
	 * Check the global rule list
	 */
	rc = smk_access(skp, obj_label, mode, NULL);
	if (rc == 0) {
		/*
		 * If there is an entry in the task's rule list
		 * it can further restrict access.
		 */
		may = smk_access_entry(skp->smk_known, obj_label,
					&tsp->smk_rules);
		if (may < 0)
			goto out_audit;
		if ((mode & may) == mode)
			goto out_audit;
		rc = -EACCES;
	}

	/*
	 * Allow for priviliged to override policy.
	 */
	if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE))
		rc = 0;

out_audit:
#ifdef CONFIG_AUDIT
	if (a)
		smack_log(skp->smk_known, obj_label, mode, rc, a);
#endif
	return rc;
}

#ifdef CONFIG_AUDIT
/**
 * smack_str_from_perm : helper to transalate an int to a
 * readable string
 * @string : the string to fill
 * @access : the int
 *
 */
static inline void smack_str_from_perm(char *string, int access)
{
	int i = 0;

	if (access & MAY_READ)
		string[i++] = 'r';
	if (access & MAY_WRITE)
		string[i++] = 'w';
	if (access & MAY_EXEC)
		string[i++] = 'x';
	if (access & MAY_APPEND)
		string[i++] = 'a';
	if (access & MAY_TRANSMUTE)
		string[i++] = 't';
	if (access & MAY_LOCK)
		string[i++] = 'l';
	string[i] = '\0';
}
/**
 * smack_log_callback - SMACK specific information
 * will be called by generic audit code
 * @ab : the audit_buffer
 * @a  : audit_data
 *
 */
static void smack_log_callback(struct audit_buffer *ab, void *a)
{
	struct common_audit_data *ad = a;
	struct smack_audit_data *sad = ad->smack_audit_data;
	audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
			 ad->smack_audit_data->function,
			 sad->result ? "denied" : "granted");
	audit_log_format(ab, " subject=");
	audit_log_untrustedstring(ab, sad->subject);
	audit_log_format(ab, " object=");
	audit_log_untrustedstring(ab, sad->object);
	audit_log_format(ab, " requested=%s", sad->request);
}

/**
 *  smack_log - Audit the granting or denial of permissions.
 *  @subject_label : smack label of the requester
 *  @object_label  : smack label of the object being accessed
 *  @request: requested permissions
 *  @result: result from smk_access
 *  @a:  auxiliary audit data
 *
 * Audit the granting or denial of permissions in accordance
 * with the policy.
 */
void smack_log(char *subject_label, char *object_label, int request,
	       int result, struct smk_audit_info *ad)
{
	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
	struct smack_audit_data *sad;
	struct common_audit_data *a = &ad->a;

	/* check if we have to log the current event */
	if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
		return;
	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
		return;

	sad = a->smack_audit_data;

	if (sad->function == NULL)
		sad->function = "unknown";

	/* end preparing the audit data */
	smack_str_from_perm(request_buffer, request);
	sad->subject = subject_label;
	sad->object  = object_label;
	sad->request = request_buffer;
	sad->result  = result;

	common_lsm_audit(a, smack_log_callback, NULL);
}
#else /* #ifdef CONFIG_AUDIT */
void smack_log(char *subject_label, char *object_label, int request,
               int result, struct smk_audit_info *ad)
{
}
#endif

DEFINE_MUTEX(smack_known_lock);

struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];

/**
 * smk_insert_entry - insert a smack label into a hash map,
 *
 * this function must be called under smack_known_lock
 */
void smk_insert_entry(struct smack_known *skp)
{
	unsigned int hash;
	struct hlist_head *head;

	hash = full_name_hash(skp->smk_known, strlen(skp->smk_known));
	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];

	hlist_add_head_rcu(&skp->smk_hashed, head);
	list_add_rcu(&skp->list, &smack_known_list);
}

/**
 * smk_find_entry - find a label on the list, return the list entry
 * @string: a text string that might be a Smack label
 *
 * Returns a pointer to the entry in the label list that
 * matches the passed string.
 */
struct smack_known *smk_find_entry(const char *string)
{
	unsigned int hash;
	struct hlist_head *head;
	struct smack_known *skp;

	hash = full_name_hash(string, strlen(string));
	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];

	hlist_for_each_entry_rcu(skp, head, smk_hashed)
		if (strcmp(skp->smk_known, string) == 0)
			return skp;

	return NULL;
}

/**
 * smk_parse_smack - parse smack label from a text string
 * @string: a text string that might contain a Smack label
 * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the clean label, or NULL
 */
char *smk_parse_smack(const char *string, int len)
{
	char *smack;
	int i;

	if (len <= 0)
		len = strlen(string) + 1;

	/*
	 * Reserve a leading '-' as an indicator that
	 * this isn't a label, but an option to interfaces
	 * including /smack/cipso and /smack/cipso2
	 */
	if (string[0] == '-')
		return NULL;

	for (i = 0; i < len; i++)
		if (string[i] > '~' || string[i] <= ' ' || string[i] == '/' ||
		    string[i] == '"' || string[i] == '\\' || string[i] == '\'')
			break;

	if (i == 0 || i >= SMK_LONGLABEL)
		return NULL;

	smack = kzalloc(i + 1, GFP_KERNEL);
	if (smack != NULL) {
		strncpy(smack, string, i + 1);
		smack[i] = '\0';
	}
	return smack;
}

/**
 * smk_netlbl_mls - convert a catset to netlabel mls categories
 * @catset: the Smack categories
 * @sap: where to put the netlabel categories
 *
 * Allocates and fills attr.mls
 * Returns 0 on success, error code on failure.
 */
int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
			int len)
{
	unsigned char *cp;
	unsigned char m;
	int cat;
	int rc;
	int byte;

	sap->flags |= NETLBL_SECATTR_MLS_CAT;
	sap->attr.mls.lvl = level;
	sap->attr.mls.cat = NULL;

	for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
		for (m = 0x80; m != 0; m >>= 1, cat++) {
			if ((m & *cp) == 0)
				continue;
			rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
							  cat, GFP_ATOMIC);
			if (rc < 0) {
				netlbl_secattr_catmap_free(sap->attr.mls.cat);
				return rc;
			}
		}

	return 0;
}

/**
 * smk_import_entry - import a label, return the list entry
 * @string: a text string that might be a Smack label
 * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the entry in the label list that
 * matches the passed string, adding it if necessary.
 */
struct smack_known *smk_import_entry(const char *string, int len)
{
	struct smack_known *skp;
	char *smack;
	int slen;
	int rc;

	smack = smk_parse_smack(string, len);
	if (smack == NULL)
		return NULL;

	mutex_lock(&smack_known_lock);

	skp = smk_find_entry(smack);
	if (skp != NULL)
		goto freeout;

	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
	if (skp == NULL)
		goto freeout;

	skp->smk_known = smack;
	skp->smk_secid = smack_next_secid++;
	skp->smk_netlabel.domain = skp->smk_known;
	skp->smk_netlabel.flags =
		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
	/*
	 * If direct labeling works use it.
	 * Otherwise use mapped labeling.
	 */
	slen = strlen(smack);
	if (slen < SMK_CIPSOLEN)
		rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
			       &skp->smk_netlabel, slen);
	else
		rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
			       &skp->smk_netlabel, sizeof(skp->smk_secid));

	if (rc >= 0) {
		INIT_LIST_HEAD(&skp->smk_rules);
		mutex_init(&skp->smk_rules_lock);
		/*
		 * Make sure that the entry is actually
		 * filled before putting it on the list.
		 */
		smk_insert_entry(skp);
		goto unlockout;
	}
	/*
	 * smk_netlbl_mls failed.
	 */
	kfree(skp);
	skp = NULL;
freeout:
	kfree(smack);
unlockout:
	mutex_unlock(&smack_known_lock);

	return skp;
}

/**
 * smk_import - import a smack label
 * @string: a text string that might be a Smack label
 * @len: the maximum size, or zero if it is NULL terminated.
 *
 * Returns a pointer to the label in the label list that
 * matches the passed string, adding it if necessary.
 */
char *smk_import(const char *string, int len)
{
	struct smack_known *skp;

	/* labels cannot begin with a '-' */
	if (string[0] == '-')
		return NULL;
	skp = smk_import_entry(string, len);
	if (skp == NULL)
		return NULL;
	return skp->smk_known;
}

/**
 * smack_from_secid - find the Smack label associated with a secid
 * @secid: an integer that might be associated with a Smack label
 *
 * Returns a pointer to the appropriate Smack label entry if there is one,
 * otherwise a pointer to the invalid Smack label.
 */
struct smack_known *smack_from_secid(const u32 secid)
{
	struct smack_known *skp;

	rcu_read_lock();
	list_for_each_entry_rcu(skp, &smack_known_list, list) {
		if (skp->smk_secid == secid) {
			rcu_read_unlock();
			return skp;
		}
	}

	/*
	 * If we got this far someone asked for the translation
	 * of a secid that is not on the list.
	 */
	rcu_read_unlock();
	return &smack_known_invalid;
}

/**
 * smack_to_secid - find the secid associated with a Smack label
 * @smack: the Smack label
 *
 * Returns the appropriate secid if there is one,
 * otherwise 0
 */
u32 smack_to_secid(const char *smack)
{
	struct smack_known *skp = smk_find_entry(smack);

	if (skp == NULL)
		return 0;
	return skp->smk_secid;
}
Commit	Line	Data
	1	/*
	2	* Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License as published by
	6	* the Free Software Foundation, version 2.
	7	*
	8	* Author:
	9	* Casey Schaufler <casey@schaufler-ca.com>
	10	*
	11	*/
	12
	13	#include <linux/types.h>
	14	#include <linux/slab.h>
	15	#include <linux/fs.h>
	16	#include <linux/sched.h>
	17	#include "smack.h"
	18
	19	struct smack_known smack_known_huh = {
	20	.smk_known = "?",
	21	.smk_secid = 2,
	22	};
	23
	24	struct smack_known smack_known_hat = {
	25	.smk_known = "^",
	26	.smk_secid = 3,
	27	};
	28
	29	struct smack_known smack_known_star = {
	30	.smk_known = "*",
	31	.smk_secid = 4,
	32	};
	33
	34	struct smack_known smack_known_floor = {
	35	.smk_known = "_",
	36	.smk_secid = 5,
	37	};
	38
	39	struct smack_known smack_known_invalid = {
	40	.smk_known = "",
	41	.smk_secid = 6,
	42	};
	43
	44	struct smack_known smack_known_web = {
	45	.smk_known = "@",
	46	.smk_secid = 7,
	47	};
	48
	49	LIST_HEAD(smack_known_list);
	50
	51	/*
	52	* The initial value needs to be bigger than any of the
	53	* known values above.
	54	*/
	55	static u32 smack_next_secid = 10;
	56
	57	/*
	58	* what events do we log
	59	* can be overwritten at run-time by /smack/logging
	60	*/
	61	int log_policy = SMACK_AUDIT_DENIED;
	62
	63	/**
	64	* smk_access_entry - look up matching access rule
	65	* @subject_label: a pointer to the subject's Smack label
	66	* @object_label: a pointer to the object's Smack label
	67	* @rule_list: the list of rules to search
	68	*
	69	* This function looks up the subject/object pair in the
	70	* access rule list and returns the access mode. If no
	71	* entry is found returns -ENOENT.
	72	*
	73	* NOTE:
	74	*
	75	* Earlier versions of this function allowed for labels that
	76	* were not on the label list. This was done to allow for
	77	* labels to come over the network that had never been seen
	78	* before on this host. Unless the receiving socket has the
	79	* star label this will always result in a failure check. The
	80	* star labeled socket case is now handled in the networking
	81	* hooks so there is no case where the label is not on the
	82	* label list. Checking to see if the address of two labels
	83	* is the same is now a reliable test.
	84	*
	85	* Do the object check first because that is more
	86	* likely to differ.
	87	*
	88	* Allowing write access implies allowing locking.
	89	*/
	90	int smk_access_entry(char subject_label, char object_label,
	91	struct list_head *rule_list)
	92	{
	93	int may = -ENOENT;
	94	struct smack_rule *srp;
	95
	96	list_for_each_entry_rcu(srp, rule_list, list) {
	97	if (srp->smk_object == object_label &&
	98	srp->smk_subject->smk_known == subject_label) {
	99	may = srp->smk_access;
	100	break;
	101	}
	102	}
	103
	104	/*
	105	* MAY_WRITE implies MAY_LOCK.
	106	*/
	107	if ((may & MAY_WRITE) == MAY_WRITE)
	108	may \|= MAY_LOCK;
	109	return may;
	110	}
	111
	112	/**
	113	* smk_access - determine if a subject has a specific access to an object
	114	* @subject_known: a pointer to the subject's Smack label entry
	115	* @object_label: a pointer to the object's Smack label
	116	* @request: the access requested, in "MAY" format
	117	* @a : a pointer to the audit data
	118	*
	119	* This function looks up the subject/object pair in the
	120	* access rule list and returns 0 if the access is permitted,
	121	* non zero otherwise.
	122	*
	123	* Smack labels are shared on smack_list
	124	*/
	125	int smk_access(struct smack_known subject_known, char object_label,
	126	int request, struct smk_audit_info *a)
	127	{
	128	int may = MAY_NOT;
	129	int rc = 0;
	130
	131	/*
	132	* Hardcoded comparisons.
	133	*
	134	* A star subject can't access any object.
	135	*/
	136	if (subject_known == &smack_known_star) {
	137	rc = -EACCES;
	138	goto out_audit;
	139	}
	140	/*
	141	* An internet object can be accessed by any subject.
	142	* Tasks cannot be assigned the internet label.
	143	* An internet subject can access any object.
	144	*/
	145	if (object_label == smack_known_web.smk_known \|\|
	146	subject_known == &smack_known_web)
	147	goto out_audit;
	148	/*
	149	* A star object can be accessed by any subject.
	150	*/
	151	if (object_label == smack_known_star.smk_known)
	152	goto out_audit;
	153	/*
	154	* An object can be accessed in any way by a subject
	155	* with the same label.
	156	*/
	157	if (subject_known->smk_known == object_label)
	158	goto out_audit;
	159	/*
	160	* A hat subject can read any object.
	161	* A floor object can be read by any subject.
	162	*/
	163	if ((request & MAY_ANYREAD) == request) {
	164	if (object_label == smack_known_floor.smk_known)
	165	goto out_audit;
	166	if (subject_known == &smack_known_hat)
	167	goto out_audit;
	168	}
	169	/*
	170	* Beyond here an explicit relationship is required.
	171	* If the requested access is contained in the available
	172	* access (e.g. read is included in readwrite) it's
	173	* good. A negative response from smk_access_entry()
	174	* indicates there is no entry for this pair.
	175	*/
	176	rcu_read_lock();
	177	may = smk_access_entry(subject_known->smk_known, object_label,
	178	&subject_known->smk_rules);
	179	rcu_read_unlock();
	180
	181	if (may > 0 && (request & may) == request)
	182	goto out_audit;
	183
	184	rc = -EACCES;
	185	out_audit:
	186	#ifdef CONFIG_AUDIT
	187	if (a)
	188	smack_log(subject_known->smk_known, object_label, request,
	189	rc, a);
	190	#endif
	191	return rc;
	192	}
	193
	194	/**
	195	* smk_curacc - determine if current has a specific access to an object
	196	* @obj_label: a pointer to the object's Smack label
	197	* @mode: the access requested, in "MAY" format
	198	* @a : common audit data
	199	*
	200	* This function checks the current subject label/object label pair
	201	* in the access rule list and returns 0 if the access is permitted,
	202	* non zero otherwise. It allows that current may have the capability
	203	* to override the rules.
	204	*/
	205	int smk_curacc(char obj_label, u32 mode, struct smk_audit_info a)
	206	{
	207	struct task_smack *tsp = current_security();
	208	struct smack_known *skp = smk_of_task(tsp);
	209	int may;
	210	int rc;
	211
	212	/*
	213	* Check the global rule list
	214	*/
	215	rc = smk_access(skp, obj_label, mode, NULL);
	216	if (rc == 0) {
	217	/*
	218	* If there is an entry in the task's rule list
	219	* it can further restrict access.
	220	*/
	221	may = smk_access_entry(skp->smk_known, obj_label,
	222	&tsp->smk_rules);
	223	if (may < 0)
	224	goto out_audit;
	225	if ((mode & may) == mode)
	226	goto out_audit;
	227	rc = -EACCES;
	228	}
	229
	230	/*
	231	* Allow for priviliged to override policy.
	232	*/
	233	if (rc != 0 && smack_privileged(CAP_MAC_OVERRIDE))
	234	rc = 0;
	235
	236	out_audit:
	237	#ifdef CONFIG_AUDIT
	238	if (a)
	239	smack_log(skp->smk_known, obj_label, mode, rc, a);
	240	#endif
	241	return rc;
	242	}
	243
	244	#ifdef CONFIG_AUDIT
	245	/**
	246	* smack_str_from_perm : helper to transalate an int to a
	247	* readable string
	248	* @string : the string to fill
	249	* @access : the int
	250	*
	251	*/
	252	static inline void smack_str_from_perm(char *string, int access)
	253	{
	254	int i = 0;
	255
	256	if (access & MAY_READ)
	257	string[i++] = 'r';
	258	if (access & MAY_WRITE)
	259	string[i++] = 'w';
	260	if (access & MAY_EXEC)
	261	string[i++] = 'x';
	262	if (access & MAY_APPEND)
	263	string[i++] = 'a';
	264	if (access & MAY_TRANSMUTE)
	265	string[i++] = 't';
	266	if (access & MAY_LOCK)
	267	string[i++] = 'l';
	268	string[i] = '\0';
	269	}
	270	/**
	271	* smack_log_callback - SMACK specific information
	272	* will be called by generic audit code
	273	* @ab : the audit_buffer
	274	* @a : audit_data
	275	*
	276	*/
	277	static void smack_log_callback(struct audit_buffer ab, void a)
	278	{
	279	struct common_audit_data *ad = a;
	280	struct smack_audit_data *sad = ad->smack_audit_data;
	281	audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
	282	ad->smack_audit_data->function,
	283	sad->result ? "denied" : "granted");
	284	audit_log_format(ab, " subject=");
	285	audit_log_untrustedstring(ab, sad->subject);
	286	audit_log_format(ab, " object=");
	287	audit_log_untrustedstring(ab, sad->object);
	288	audit_log_format(ab, " requested=%s", sad->request);
	289	}
	290
	291	/**
	292	* smack_log - Audit the granting or denial of permissions.
	293	* @subject_label : smack label of the requester
	294	* @object_label : smack label of the object being accessed
	295	* @request: requested permissions
	296	* @result: result from smk_access
	297	* @a: auxiliary audit data
	298	*
	299	* Audit the granting or denial of permissions in accordance
	300	* with the policy.
	301	*/
	302	void smack_log(char subject_label, char object_label, int request,
	303	int result, struct smk_audit_info *ad)
	304	{
	305	char request_buffer[SMK_NUM_ACCESS_TYPE + 1];
	306	struct smack_audit_data *sad;
	307	struct common_audit_data *a = &ad->a;
	308
	309	/* check if we have to log the current event */
	310	if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0)
	311	return;
	312	if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
	313	return;
	314
	315	sad = a->smack_audit_data;
	316
	317	if (sad->function == NULL)
	318	sad->function = "unknown";
	319
	320	/* end preparing the audit data */
	321	smack_str_from_perm(request_buffer, request);
	322	sad->subject = subject_label;
	323	sad->object = object_label;
	324	sad->request = request_buffer;
	325	sad->result = result;
	326
	327	common_lsm_audit(a, smack_log_callback, NULL);
	328	}
	329	#else /* #ifdef CONFIG_AUDIT */
	330	void smack_log(char subject_label, char object_label, int request,
	331	int result, struct smk_audit_info *ad)
	332	{
	333	}
	334	#endif
	335
	336	DEFINE_MUTEX(smack_known_lock);
	337
	338	struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
	339
	340	/**
	341	* smk_insert_entry - insert a smack label into a hash map,
	342	*
	343	* this function must be called under smack_known_lock
	344	*/
	345	void smk_insert_entry(struct smack_known *skp)
	346	{
	347	unsigned int hash;
	348	struct hlist_head *head;
	349
	350	hash = full_name_hash(skp->smk_known, strlen(skp->smk_known));
	351	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
	352
	353	hlist_add_head_rcu(&skp->smk_hashed, head);
	354	list_add_rcu(&skp->list, &smack_known_list);
	355	}
	356
	357	/**
	358	* smk_find_entry - find a label on the list, return the list entry
	359	* @string: a text string that might be a Smack label
	360	*
	361	* Returns a pointer to the entry in the label list that
	362	* matches the passed string.
	363	*/
	364	struct smack_known smk_find_entry(const char string)
	365	{
	366	unsigned int hash;
	367	struct hlist_head *head;
	368	struct smack_known *skp;
	369
	370	hash = full_name_hash(string, strlen(string));
	371	head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)];
	372
	373	hlist_for_each_entry_rcu(skp, head, smk_hashed)
	374	if (strcmp(skp->smk_known, string) == 0)
	375	return skp;
	376
	377	return NULL;
	378	}
	379
	380	/**
	381	* smk_parse_smack - parse smack label from a text string
	382	* @string: a text string that might contain a Smack label
	383	* @len: the maximum size, or zero if it is NULL terminated.
	384	*
	385	* Returns a pointer to the clean label, or NULL
	386	*/
	387	char smk_parse_smack(const char string, int len)
	388	{
	389	char *smack;
	390	int i;
	391
	392	if (len <= 0)
	393	len = strlen(string) + 1;
	394
	395	/*
	396	* Reserve a leading '-' as an indicator that
	397	* this isn't a label, but an option to interfaces
	398	* including /smack/cipso and /smack/cipso2
	399	*/
	400	if (string[0] == '-')
	401	return NULL;
	402
	403	for (i = 0; i < len; i++)
	404	if (string[i] > '~' \|\| string[i] <= ' ' \|\| string[i] == '/' \|\|
	405	string[i] == '"' \|\| string[i] == '\\' \|\| string[i] == '\'')
	406	break;
	407
	408	if (i == 0 \|\| i >= SMK_LONGLABEL)
	409	return NULL;
	410
	411	smack = kzalloc(i + 1, GFP_KERNEL);
	412	if (smack != NULL) {
	413	strncpy(smack, string, i + 1);
	414	smack[i] = '\0';
	415	}
	416	return smack;
	417	}
	418
	419	/**
	420	* smk_netlbl_mls - convert a catset to netlabel mls categories
	421	* @catset: the Smack categories
	422	* @sap: where to put the netlabel categories
	423	*
	424	* Allocates and fills attr.mls
	425	* Returns 0 on success, error code on failure.
	426	*/
	427	int smk_netlbl_mls(int level, char catset, struct netlbl_lsm_secattr sap,
	428	int len)
	429	{
	430	unsigned char *cp;
	431	unsigned char m;
	432	int cat;
	433	int rc;
	434	int byte;
	435
	436	sap->flags \|= NETLBL_SECATTR_MLS_CAT;
	437	sap->attr.mls.lvl = level;
	438	sap->attr.mls.cat = NULL;
	439
	440	for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
	441	for (m = 0x80; m != 0; m >>= 1, cat++) {
	442	if ((m & *cp) == 0)
	443	continue;
	444	rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
	445	cat, GFP_ATOMIC);
	446	if (rc < 0) {
	447	netlbl_secattr_catmap_free(sap->attr.mls.cat);
	448	return rc;
	449	}
	450	}
	451
	452	return 0;
	453	}
	454
	455	/**
	456	* smk_import_entry - import a label, return the list entry
	457	* @string: a text string that might be a Smack label
	458	* @len: the maximum size, or zero if it is NULL terminated.
	459	*
	460	* Returns a pointer to the entry in the label list that
	461	* matches the passed string, adding it if necessary.
	462	*/
	463	struct smack_known smk_import_entry(const char string, int len)
	464	{
	465	struct smack_known *skp;
	466	char *smack;
	467	int slen;
	468	int rc;
	469
	470	smack = smk_parse_smack(string, len);
	471	if (smack == NULL)
	472	return NULL;
	473
	474	mutex_lock(&smack_known_lock);
	475
	476	skp = smk_find_entry(smack);
	477	if (skp != NULL)
	478	goto freeout;
	479
	480	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
	481	if (skp == NULL)
	482	goto freeout;
	483
	484	skp->smk_known = smack;
	485	skp->smk_secid = smack_next_secid++;
	486	skp->smk_netlabel.domain = skp->smk_known;
	487	skp->smk_netlabel.flags =
	488	NETLBL_SECATTR_DOMAIN \| NETLBL_SECATTR_MLS_LVL;
	489	/*
	490	* If direct labeling works use it.
	491	* Otherwise use mapped labeling.
	492	*/
	493	slen = strlen(smack);
	494	if (slen < SMK_CIPSOLEN)
	495	rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
	496	&skp->smk_netlabel, slen);
	497	else
	498	rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
	499	&skp->smk_netlabel, sizeof(skp->smk_secid));
	500
	501	if (rc >= 0) {
	502	INIT_LIST_HEAD(&skp->smk_rules);
	503	mutex_init(&skp->smk_rules_lock);
	504	/*
	505	* Make sure that the entry is actually
	506	* filled before putting it on the list.
	507	*/
	508	smk_insert_entry(skp);
	509	goto unlockout;
	510	}
	511	/*
	512	* smk_netlbl_mls failed.
	513	*/
	514	kfree(skp);
	515	skp = NULL;
	516	freeout:
	517	kfree(smack);
	518	unlockout:
	519	mutex_unlock(&smack_known_lock);
	520
	521	return skp;
	522	}
	523
	524	/**
	525	* smk_import - import a smack label
	526	* @string: a text string that might be a Smack label
	527	* @len: the maximum size, or zero if it is NULL terminated.
	528	*
	529	* Returns a pointer to the label in the label list that
	530	* matches the passed string, adding it if necessary.
	531	*/
	532	char smk_import(const char string, int len)
	533	{
	534	struct smack_known *skp;
	535
	536	/* labels cannot begin with a '-' */
	537	if (string[0] == '-')
	538	return NULL;
	539	skp = smk_import_entry(string, len);
	540	if (skp == NULL)
	541	return NULL;
	542	return skp->smk_known;
	543	}
	544
	545	/**
	546	* smack_from_secid - find the Smack label associated with a secid
	547	* @secid: an integer that might be associated with a Smack label
	548	*
	549	* Returns a pointer to the appropriate Smack label entry if there is one,
	550	* otherwise a pointer to the invalid Smack label.
	551	*/
	552	struct smack_known *smack_from_secid(const u32 secid)
	553	{
	554	struct smack_known *skp;
	555
	556	rcu_read_lock();
	557	list_for_each_entry_rcu(skp, &smack_known_list, list) {
	558	if (skp->smk_secid == secid) {
	559	rcu_read_unlock();
	560	return skp;
	561	}
	562	}
	563
	564	/*
	565	* If we got this far someone asked for the translation
	566	* of a secid that is not on the list.
	567	*/
	568	rcu_read_unlock();
	569	return &smack_known_invalid;
	570	}
	571
	572	/**
	573	* smack_to_secid - find the secid associated with a Smack label
	574	* @smack: the Smack label
	575	*
	576	* Returns the appropriate secid if there is one,
	577	* otherwise 0
	578	*/
	579	u32 smack_to_secid(const char *smack)
	580	{
	581	struct smack_known *skp = smk_find_entry(smack);
	582
	583	if (skp == NULL)
	584	return 0;
	585	return skp->smk_secid;
	586	}