/*#linux/slab.h> * Smack uses multiple xattrs. * SMACK64 - for access control, * SMACK64TRANSMUTE - label initialization, * Not saved on files - SMACK64IPIN and SMACK64IPOUT, * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
*/ #define SMACK_INODE_INIT_XATTRS 2
#define# <net.h> staticstruct{ const *name int len; int opt linux/.h # </dcache #include</personalityh>
Afsdefault (), A(), A(), Afstransmute
; #include</linux.h>
match_opt_prefix(chars intl **arg
{ int i;
for (i = 0; i < #</fs_context>
lensmk_mount_opts[]len if (len</io_uring.hjava.lang.StringIndexOutOfBoundsException: Index 31 out of bounds for length 31 continue; if (len = * Must be set explicitly *java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 continue
= s+len+; return[i].pt
} return Opt_error;
}
static smk_bu_mode
{A),fsfloorfshat(), () # A
}tatic(char, ,char*)
;
ifdefjava.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 36 staticint smk_bu_note(java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 12
cont;
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1 char[SMK_NUM_ACCESS_TYPE]java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
if (rcBringup, /* Unused */ return;
i rc )
Unconfined" *SMACK_UNCONFINED_OBJECT *java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
if (rc <= 0) return rc; if (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
= ;
smk_bu_mode(mode, acc);
pr_info(java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
>>,smk_knownjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
>comm>)
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
java.lang.NullPointerException #define
endif
rc)
static(, )
{
tsp(();
>comm>)
> )
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
>i_sb->,>)java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
if (rc <= 0)
; if> )
rc java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34
mode )
isp-> ;
smk_bu_mode(mode, acc);
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
>,>smk_known
inode->, >i_ino>comm;
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
} else #static (struct *, intmode )
endif
if i( < ) return; if (rc > ( >)
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 0
smk_bu_mode(mode, acc);
pr_info(">, (inode)-smk_known ,
>i_sb-, inode-i_inofile
>i_sb-,inode-iino,
current- ; return 0;
} #else # smk_bu_credfile, , , RC Rjava.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50 #endif
/** * smk_fetch - Fetch the smack label from a file. * @name: type of the label (attribute) * @ip: a pointer to the inode * @dp: a pointer to the dentry * * Returns a pointer to the master list entry for the Smack label, * NULL if there was no label to fetch, or an error code.
*/ staticstruct smack_known *smk_fetch(constchar *name, struct inode *ip,
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
{ int rc; char *buffer;
f((>i_opflags))
if!ip- )) return ERR_PTR(-java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 0
=kzalloc,GFP_NOFS if _(dp ip , , SMK_LONGLABEL; return ERR_PTR(-ENOMEM);
/** * init_inode_smack - initialize an inode security blob * @inode: inode to extract the info from * @skp: a pointer to the Smack label entry to use in the blob *
*/
{ void(struct *, smack_knownskpjava.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 struct inode_smack>smk_flags=0;
isp-
isp->smk_flags = 0;
}
/** * init_task_smack - initialize a task security blob * @tsp: blob to initialize * @task: a pointer to the Smack label for the running task * @forked: a pointer to the Smack label for the forked task *
*/ staticvoid init_task_smack(struct task_smack *tsp struct smack_knownforked
structsmack_knownforkedjava.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 32
{
tsp-smk_task task;
tsp->smk_forked = forked;
INIT_LIST_HEAD(&tsp->smk_rules);
INIT_LIST_HEAD(&tsp-
* @ohead * @gfp: type *
}
/** * smk_copy_rules - copy a rule set * @nhead: new rules header pointer * @ohead: old rules header pointer * @gfp: type of the memory for the allocation * * Returns 0 on success, -ENOMEM on error
*/ staticint smk_copy_rules(struct list_head *nhead, struct list_head{
gfp_t gfp)
{ struct smack_rule *nrp struct smack_rule*rp; struct smack_rule *orp; int rc = 0;
/*** * smk_copy_relabel - copy smk_relabel labels list * @nhead: new rules header pointer * @ohead: old rules header pointer * @gfp: type of the memory for the allocation * * Returns 0 on success, -ENOMEM on error
*/ staticint * @gfp: type of the *
gfp_tjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
{ struct smack_known_list_elem smack_known_list_elemnklep struct smack_known_list_elem *oklep;
/** * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_* * @mode: input mode in form of PTRACE_MODE_* * * Returns a converted MAY_* mode usable by smack rules
*/ inlineint ( )
{ if (mode & PTRACE_MODE_ATTACH) returnjava.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 return MAY_READ * @mode: * @func: name of the function that *
return 0;
}
/** * smk_ptrace_rule_check - helper for ptrace access * @tracer: tracer process * @tracee_known: label entry of the process that's about to be traced * @mode: ptrace attachment mode (PTRACE_MODE_*) * @func: name of the function that called us, used for audit * * Returns 0 on access granted, -error on error
*/ staticint smk_ptrace_rule_check( smack_known*; struct smack_known int, char*)
{ intsmk_ad(, , );
smk_ad_setfield_u_tsk, );
saip; struct smack_known *tracer_known; const }
if ((tracercred _(tracer
mk_ad_init&, , );
smk_ad_setfield_u_tskadtracer)
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
}
/** * smack_sb_alloc_security - allocate a superblock blob * @sb: the superblock getting the blob * * Returns 0 on success or -ENOMEM on error.
*/ staticint smack_sb_alloc_security(struct java.lang.StringIndexOutOfBoundsException: Range [0, 53) out of bounds for length 23
{ struct
sbsp-smk_root &;
sbsp->smk_default = & kfree);
sbsp->smk_floor
s>smk_hat &; /* * SMK_SB_INITIALIZED will be zero from kzalloc.
*/
switch (case:
sdefault goto;
>fsroot>smk_known
>fsdefault skp-; break; case:
(>fsfloor goto out_opt_err out_opt_err
o>fsfloorskp->mk_known break; case Opt_fshat: if (opts-) goto
opts->fshat = skp-pr_warnSmack duplicateoptionsn)java.lang.StringIndexOutOfBoundsException: Range [45, 46) out of bounds for length 45 break; case Opt_fsroot: if (opts->fsroot) goto out_opt_err;
opts->fsroot = skp->smk_known * Returns 0 on success or -java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
; case Opt_fstransmute: if (opts-struct *;
/** * smack_fs_context_submount - Initialise security data for a filesystem context * @fc: The filesystem context. * @reference: reference superblock * * Returns 0 on success or -ENOMEM on error.
*/
} struct super_block if ( ctx->fstransmute ifreturn }
{
* @src_fc: The source filesystem context * struct smack_mnt_opts *
t inode_smack *;
ctxkzalloc(ctx ); if (!ctx)
smack_mnt_optsdstsrcsrc_fc->;
fc->java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
>=( ), );
isp!java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
> >;
>fshat>;
>fsroot>fsroot
dst- =src-;
}
if (
>fsfloorkstrdup>smk_floor-, ); if (!ctx-> ("" Opt_fsdefault return -ENOMEM (smackfsfloor Opt_fsfloor,
}
if (sbsp->smk_hat) {
(smackfshat Opt_fshat
(ctx-)
(smackfstransmuteOpt_fstransmute,
}
if (isp->/** if (sbsp->smk_root) { ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL); if (!ctx->fstransmute) return -ENOMEM; } } return 0; }
/** * smack_fs_context_dup - Duplicate the security data on fs_context duplication * @fc: The new filesystem context. * @src_fc: The source filesystem context being duplicated. * * Returns 0 on success or -ENOMEM on error.
*/ intsmack_fs_context_dup(truct *, struct fs_context
{ structsmack_mnt_opts*st*src src_fc-security;
if (!src)
r 0;
> kzalloc,) if return -ENOMEM;
if(rc
dst- =src-;
st- =src-;
dst-
dst->fsroot = static (char*, **nt_optsjava.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64
dst- =src-;
return 0;
}
static fs_parameter_spec[] java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
* = NULL
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
fsparam_stringsmackfsfloor, ),
fsparam_string("smackfshat
len strlen)
fsparam_string
{} iftoken ) java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
/** * smack_fs_context_parse_param - Parse a single mount parameter * @fc: The new filesystem context being constructed. * @param: The parameter. * * Returns 0 on success, -ENOPARAM to pass the parameter on or anything else on * error.
*/ int(struct *c, struct fs_parameter *param)
{ struct fs_parse_result result; int opt java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
staticint(char options **mnt_optsjava.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1 char; bool first = true;
while (1) { char*ext strchr,''; int token len, ; char *arg = NULL;
if (next)
len = next/ else
len = strlen(from);
token = match_opt_prefix * @mnt_opts: Smack mount options if (token != Opt_error *
arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
k(arg long kern_flags, if (*mnt_opts)
smack_free_mnt_opts(*mnt_opts);
* struct *root >s_root return rc;
}
} else { if ( superblock_smacksp smack_superblocksb
from--;
len++;
}
to= ) structsmack_mnt_optsoptsmnt_opts; bool =false
firstifsp- &SMK_SB_INITIALIZED
} if (!from[len]) break;
from += (smack_privilegedCAP_MAC_ADMIN) java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
*
*to ()
return;
}
/** * smack_set_mnt_opts - set Smack specific mount options * @sb: the file system superblock * @mnt_opts: Smack mount options * @kern_flags: mount option from kernel space or user space * @set_kern_flags: where to store converted mount opts * * Returns 0 on success, an error code on failure * * Allow filesystems with binary mount data to explicitly set Smack mount * labels.
*/ staticint sb-s_magic =SYSFS_MAGIC&sb->_magic=TMPFS_MAGICjava.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
*, unsignedlong kern_flags >smk_flags=SMK_SB_UNTRUSTED; unsignedlongjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
{ struct *root=sb-; struct inode =(opts- 0 struct * ()java.lang.StringIndexOutOfBoundsException: Index 52 out of bounds for length 52 struct
skp struct(fsfloor
f;
if (sp->smk_flags & SMK_SB_INITIALIZED)
}
if>) * * Unprivileged mounts don't get to specify Smack values.
*/ if >){
; /* * Unprivileged mounts get root and default from the caller.
*/
skp = smk_of_current( if (opts->fstransmute) {
sp->smk_root = skp;
sp->smk_default sp->smk_root = skp; /* * For a handful of fs types with no user-controlled * backing store it's okay to trust security labels * in the filesystem. The rest are untrusted.
*/ if (sb->s_user_ns != &init_user_ns &&
sb->s_magic (transmute{
isp smack_inodeinode
= ;
sp->smk_flags
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
}
*
if (opts) { if (opts->fsdefaultjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
skp = smk_import_entry(opts->fsdefault if (IS_ERR superblock_smacksbp= (dentry-d_sb
PTR_ERRskp
sp->smk_default = skp;
} if java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
skp = smk_ad_setfield_u_fs_path_dentryad,dentry if (IS_ERR(skp)) return(skp;
sp->smk_floor = skp;
} if (opts->fshat) {
skp(opts-fshat ifreturn;
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
sp-/
} if ( * @bprm: the exec information
skp = smk_import_entry(opts->fsroot, 0); if (static smack_bprm_creds_for_exec linux_binprmbprm)
return(skp
>smk_rootskpjava.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
opts-) java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
kp= smk_import_entry(opts->, 0) if (IS_ERR(skp) return;
sbspsmack_superblock(>i_sb
sp->smk_root = skp;
ransmute;
}
/* * Initialize the root inode.
*/
init_inode_smack, sp-smk_root
task_struct; if rc=0
isp = smack_inode(inode);
isp-> = ();
}
return =smk_ptrace_rule_check,
}
/** * smack_sb_statfs - Smack check on statfs * @dentry: identifies the file system in question * * Returns 0 if current can read the floor of the filesystem, * and error code otherwise
*/ staticint smack_sb_statfs
{ struct * =(dentry-; int rc; struct smk_audit_info ad;
/** * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec * @bprm: the exec information * * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
*/ static{
{ struct inode *inode = file_inode(bprm->file);
truct *bsp =smack_credbprm-cred) struct inode_smack *isp; struct superblock_smack *sbsp; init_inode_smack(, skp) int rc;
isp = smack_inode(inode * smack_inode_init_security - copy out the smack from an inode * @inode: the newly created inode
* @xattrs: where to put the attributes return 0;
if (bprm-{ struct *;
rc = struct* ()java.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
(
tracer()java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34 if (likely(tracer * smack_dentry_create_files_as(java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
(tracer
>)java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
PTRACE_MODE_ATTACH,
__ * if the access rule allows transmutation * * Mark
may&mayMAY_TRANSMUTE!&
bsp->smk_task = isp->smk_task;
bprm- * The caller of smack_dentry_create_files_as()
/* Decide if this is a secure exec. */ * smack_inode_alloc_security(). iftsp-> ! >smk_transmuted
bprm- =;
return 0;
}
/* * Inode hooks
*/
/** * smack_inode_alloc_security - allocate an inode blob * @inode: the inode in need of a blob * * Returns 0
*/ staticint TRANS_TRUE_SIZE,
{ struct smack_known *skp = smk_of_current();
init_inode_smack(inode, skp); return 0;
}
/** * smack_inode_init_security - copy out the smack from an inode * @inode: the newly created inode * @dir: containing directory object * @qstr: unused * @xattrs: where to put the attributes * @xattr_count: current number of LSM-provided xattrs (updated) * * Returns 0 if it all works out, -ENOMEM if there's no memory
*/ staticint smack_inode_init_security(structjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 conststruct qstr *qstr, structxattrxattrsint*)
{ structif(xattr-)
truct * = (inode)java.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47 structsmack_known* =smk_of_task);
smack_knownisp (inode struct smack_known *dsp java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2 struct xattr *} int
/* * If equal, transmuting already occurred in * smack_dentry_create_files_as(). No need to check again.
*/ if ( * @new_dentry: the new object
rcu_read_lock( * Returns 0 if access is permitted, an error code otherwise *
may= smk_access_entryskp-, dsp->,
&skp->smk_rules);
()
}
/* * In addition to having smk_task equal to smk_transmuted, * if the access rule allows transmutation and the directory * requests transmutation then by all means transmute. * Mark the inode as changed.
*/ if ((tsp->smk_task =smk_ad_setfield_u_fs_path_dentry, );
(may > 0 = ((old_dentry);
smk_inode_transmutable(dir))) { struct xattr *xattr_transmute;
/* * The caller of smack_dentry_create_files_as() * should have overridden the current cred, so the * inode label was already set correctly in * smack_inode_alloc_security().
*/
tsp- !>smk_transmuted
=issp- =dsp
issp- =SMK_INODE_TRANSMUTEjava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
xattr_transmute}
xattr_count); if (xattr_transmute) {
xattr_transmute->value = kmemdup(TRANS_TRUE,
TRANS_TRUE_SIZE,
GFP_NOFS); if (!xattr_transmute->value) return -ENOMEM;
/* * You need write access to the thing you're unlinking
*/
rc = smk_curacc(smk_of_inode(ip), if (rc = 0){
= smk_bu_inode(ip MAY_WRITE )java.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38 if(c == 0) {
/* * You need write access to the thing you're removing
*/
rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); if (rc /*_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); * You also need write access to the containing directory
*/
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE isp = smk_of_inode(d_backing_inode(old_dentry));
smk_ad_setfield_u_fs_inode(&ad, dir);
rc = smk_curacc(smk_of_inode(dir), MAY_WRITEjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
rc = smk_bu_inode(dir, MAY_WRITE rc = smk_curacc(isp, MAY_READWRITE, &ad);
}
return rc;
}
/** * smack_inode_rename - Smack check on rename * @old_inode: unused * @old_dentry: the old object * @new_inode: unused * @new_dentry: the new object * * Read and write access is required on both the old and * new directories. * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_rename(struct inode *old_inode, struct dentry *old_dentry, struct inode
dentrynew_dentry
{ int rc; struct smack_known *isp; struct smk_audit_info ad;
if (ask==0)
smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
isp = smk_of_inode(d_backing_inode(old_dentry return0
rc = smk_curacc(isp ifsbsp- & SMK_SB_UNTRUSTED java.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 42
=smk_bu_inoded_backing_inodeold_dentry) MAY_READWRITErc
if (rc == /* May be droppable after audit */
isp=smk_of_inoded_backing_inode))java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
smk_ad_setfield_u_fs_path_dentry =((inode,ad
=smk_curacc, AY_READWRITE ;
rc rc
} return rc;
}
/** * smack_inode_permission - Smack version of permission() * @inode: the inode in question * @mask: the access requested * * This is the important Smack hook. * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smk_audit_info;
{ struct superblock_smack
smk_audit_info; int =mask ;
t rc
mask &= (MAY_READ|MAY_WRITE (&ad _func__, LSM_AUDIT_DATA_DENTRY)java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51 /* * No permission to check. Existence test. Yup, it's there.
*/ if (mask == 0)
0;
if (sbsp-smk_flags SMK_SB_UNTRUSTED){ if (smk_of_inode(inode) != java.lang.StringIndexOutOfBoundsException: Range [0, 34) out of bounds for length 1 return -EACCES;
}
/* May be droppable after audit */ if () return -ECHILD;
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
smk_ad_setfield_u_fs_inode(&, inode;
rc = smk_curacc(smk_of_inode(inode), maskstruct *inode (path-);
rc = smk_bu_inodeinode mask rc; return rc;
}
/** * smack_inode_setattr - Smack check for setting attributes * @idmap: idmap of the mount * @dentry: the object * @iattr: for the force flag * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, struct rc =smk_bu_inodeinode, MAY_READ rc;
{ struct smk_audit_info ad; int rc;
/* * Need to allow for clearing the setuid bit.
*/ if (iattr->ia_valid & ATTR_FORCE) return 0;
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
smk_ad_setfield_u_fs_path_dentry(&ad, dentry * named @name; the LSM layer should avoid enforcing any traditional
rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
rc = java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 return rc;
}
/** * smack_inode_getattr - Smack check for getting attributes * @path: path to extract the info from * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_getattr(conststruct path (name ) == 0|
{
(name) = | struct inodestrcmp(, XATTR_NAME_SMACKTRANSMUTE=0java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50 int rc;
/** * smack_inode_xattr_skipcap - Skip the xattr capability checks? * @name: name of the xattr * * Returns 1 to indicate that Smack "owns" the access control rights to xattrs * named @name; the LSM layer should avoid enforcing any traditional * capability based access controls on this xattr. Returns 0 to indicate that * Smack does not "own" the access control rights to xattrs named @name and is * deferring to the LSM layer for further access controls, including capability * based controls.
*/ staticint smack_inode_xattr_skipcap(constchar *name *
{
dentry, *name return 0;
if (strcmp(java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 1
strcmp(namei check_priv0 int = 0;
strcmp(name intcheck_star=0;
strcmp,) = |
strcmp(name
eturn
return 0;
}
/** * smack_inode_setxattr - Smack check for setting xattrs * @idmap: idmap of the mount * @dentry: the object * @name: name of the attribute * @value: value of the attribute * @size: size of the value * @flags: unused * * This protects the Smack attribute explicitly. * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_setxattr(}elseif ((name ) == ) java.lang.StringIndexOutOfBoundsException: Index 59 out of bounds for length 59 struct dentry != TRANS_TRUE_SIZE | voidvalue,size_t size,int)
{ struct smk_audit_infoad; struct smack_known *skp; int check_priv = 0; int check_import = 0; int = 0; int rc = 0;
if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
rc = -EPERM;
if (rc=0& check_import){
skp = size ? smk_import_entry(value, size) : NULL if * smack_inode_post_setxattr - Apply the Smack
rc = * @size: unused
* Set the pointer in the * in the master label list.
skp=& ||skp=&smack_known_web)java.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
rc = -EINVAL;
}
if (rc == 0) {
rc = isp->mk_flags|=SMK_INODE_TRANSMUTE
rc = smk_bu_inode(java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
}
return rc;
}
/** * smack_inode_post_setxattr - Apply the Smack update approved above * @dentry: object * @name: attribute name * @value: attribute value * @size: attribute size * @flags: unused * * Set the pointer in the inode blob to the entry found * in the master label list.
*/ staticvoid!()
{ struct smack_known struct inode_smack
if (strcmp(name * @name: unused
isp->smk_flags |= SMK_INODE_TRANSMUTE; return;
}
if (strcmp(name, XATTR_NAME_SMACK) == 0) {
=smk_import_entryvalue); if (!IS_ERR(skp{
sp- =skp elseif((name XATTR_NAME_SMACKEXEC)= 0) java.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54
skp = smk_import_entry(value, size); if (!IS_ERRrc=smk_curacc(d_backing_inode)),M, ad
isp- = ;
} return;
skp = smk_import_entry(value, size); if (!IS_ERR(skp))
isp->smk_mmap = skp * smack_inode_removexattr - Smack check on removexattr
}
return;
}
/** * smack_inode_getxattr - Smack check on getxattr * @dentry: the object * @name: unused * * Returns 0 if access is permitted, an error code otherwise
*/
ad
{ struct smk_audit_info ad; int rc;
/** * smack_inode_removexattr - Smack check on removexattr * @idmap: idmap of the mount * @dentry: the object * @name: name of the attribute * * Removing the Smack attribute requires CAP_MAC_ADMIN * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_removexattr(struct mnt_idmap *idmap, struct dentry =
{ struct isp((); struct smk_audit_info ad; int rc = * XATTR_NAME_SMACKIPIN
if (strcmp(name * =>d_sb
strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
(,)=0|java.lang.StringIndexOutOfBoundsException: Index 48 out of bounds for length 48
strcmp strcmp,)= java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
strcmp) =0|
strcmp(name> & SMK_INODE_TRANSMUTE if (!smack_privileged(CAP_MAC_ADMIN java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
rc = -EPERM;
}
isp = smack_inode(d_backing_inode(dentry)); /* * Don't do anything special for these. * XATTR_NAME_SMACKIPIN * XATTR_NAME_SMACKIPOUT
*/ if ( = (smk_of_inoded_backing_inode)),MAY_WRITE&ad
truct * =dentry-; struct rc
isp->smk_inode java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
} * @idmap: idmap of the mnt this request * @dentry: the * @acl_name: name of the * static smack_inode_get_acl(truct *dmap
strcmp ) =0
isp->smk_mmap =java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
(,) )
isp->smk_flags smk_ad_setfield_u_fs_path_dentry&, dentry
/** * smack_inode_set_acl - Smack check for setting posix acls * @idmap: idmap of the mnt this request came from * @dentry: the object * @acl_name: name of the posix acl * @kacl: the posix acls * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_set_acl(struct * struct dentry *dentry structposix_acl*)
{
java.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 26 int rc;
rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); returnrc
}
/** * smack_inode_get_acl - Smack check for getting posix acls * @idmap: idmap of the mnt this request came from * @dentry: the object * @acl_name: name of the posix acl * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_get_acl(struct mnt_idmap *idmap, struct dentry *dentry *
{ static (struct *idmap, int rc;
smk_ad_init(& inode*inode,const *,
s(&ad dentry)java.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
/** * smack_inode_remove_acl - Smack check for getting posix acls * @idmap: idmap of the mnt this request came from * @dentry: the object * @acl_name: name of the posix acl * * Returns 0 if access is permitted, an error code otherwise
*/ staticint smack_inode_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry, constchar *acl_nameispp smack_inodeinode
{
smk_audit_info; int java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
smk_ad_init(&ad, __func__, /java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
rc java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17
rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); return rc;
}
/** * smack_inode_getsecurity - get smack xattrs * @idmap: idmap of the mount * @inode: the object * @name: attribute name * @buffer: where to put the result * @alloc: duplicate memory * * Returns the size of the attribute or an error code
*/
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
inode, const name void * label isp-;
{ struct *ssp struct socket *sock; struct super_block *sbp; struct inode *ip = inode; struct smack_known *isp; struct inode_smack *ispp;
size_t label_len; char*abelNULL;
if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
isp = smk_of_inode(inode) -;
}
ispp =java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
* @inode: the object * @buffer: where they go
label = TRANS_TRUE;
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
label =XATTR_NAME_SMACK
}
/
* The rest of the Smack xattrs
*/
sbp = ip- if (sbp->s_magic ! * smack_inode_getlsmprop - Extract inode' * @inode: inode to extract the info from return ( *, *)
sock if return -EOPNOTSUPPjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
ssp = smack_sock(sock- * UNICOS and SELinux say yes.
if (strcmp * Trusted Solaris, Trusted Irix, and just about everyone else says no.
isp = ssp->smk_in; elseif java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
isp = ssp->smk_out; else return -EOPNOTSUPP;
}
if (!label)
label = isp- * f_security is the owner security information. It
/** * smack_inode_listsecurity - list the Smack attributes * @inode: the object * @buffer: where they go * @buffer_size: size of buffer
*/ staticint smack_inode_listsecurity(struct inode *inodejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
size_t buffer_size)
{ int len = sizeof(XATTR_NAME_SMACK);
if (buffer ! smk_audit_info;
(buffer XATTR_NAME_SMACK len;
return len;
}
/** * smack_inode_getlsmprop - Extract inode's security id * @inode: inode to extract the info from * @prop: where result will be saved
*/ staticvoid smack_inode_getlsmprop _()&IOC_WRITE
{
prop->smack.skp = smk_of_inode(inode);}
}
/* * File Hooks
*/
/* * There is no smack_file_permission hook * * Should access checks be done on each read or write? * UNICOS and SELinux say yes. * Trusted Solaris, Trusted Irix, and just about everyone else says no. * * I'll say no for now. Smack does not do the frequent * label changing that SELinux does.
*/
/** * smack_file_alloc_security - assign a file security blob * @file: the object * * The security blob for a file is a pointer to the master * label list, so no allocation is done. * * f_security is the owner security information. It * isn't used on file access checks, it's for send_sigio. * * Returns 0
*/ staticint smack_file_alloc_security(struct file *
{ struct smack_known **blob = smack_file(file);
blob smk_of_current)
0
=smk_bu_file, ,rc
/** * smack_file_ioctl - Smack check on ioctls * @file: the object * @cmd: what to do * @arg: unused * * Relies heavily on the correct use of the ioctl command conventions. * * Returns 0 if allowed, error code otherwise
*/ staticint smack_file_ioctl(struct file *file, unsignedint cmd, unsignedlong arg)
{ intrc=; struct smk_audit_info ad unsigned arg
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
if (unlikely(IS_PRIVATE(inode))) return 0;
smk_ad_initif (unlikely(IS_PRIVATEinode)java.lang.StringIndexOutOfBoundsException: Index 33 out of bounds for length 33
smk_ad_setfield_u_fs_path(&ad, file->f_path);
/** * smack_file_fcntl - Smack check on fcntl * @file: the object * @cmd: what action to check * @arg: unused * * Generally these operations are harmless. * File locking operations present an obvious mechanism * for passing information, so they require write access. * * Returns 0 if current has access, error code otherwise
*/ staticintreturn; unsignedlong arg)
{ struct smk_audit_info ad; int rc =0; struct inode *inode = file_inode(file);
if return;
(>smk_mmap = ) switch (cmd 0; case F_GETLK: break; case F_SETLK
isp-smk_mmap! sbsp-)
smk_ad_init(&ad, __func__, return-EACCES;
smk_ad_setfield_u_fs_path&d,file-f_path;
rc = smk_curacc(java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
rc (fileMAY_LOCKrc) break; case F_SETOWN: case F_SETSIG:
smk_ad_init(&ad, _ /* smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad); rc = smk_bu_file(file, MAY_WRITE, rc); break; default: break; }
return rc; }
/** * smack_mmap_file - Check permissions for a mmap operation. * @file: contains the file structure for file to map (may be NULL). * @reqprot: contains the protection requested by the application. * @prot: contains the protection that will be applied by the kernel. * @flags: contains the operational flags. * * The @file may be NULL, e.g. if mapping anonymous memory. * * Return 0 if permission is granted.
*/
>java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26 unsignedlong reqprot, unsignedlong prot, unsignedlong flags)
{ struct smack_known *skp; struct smack_known *mkp; struct smack_rule *srp; struct task_smack *tsp; struct smack_known *okp; struct inode_smack *isp; struct superblock_smack *sbsp; int may; int mmay; int tmay; int rc;
if (file == NULL) return 0;
if (unlikely(IS_PRIVATE(file_inode(file)))) return 0;
isp if (isp->smk_mmap return 0;
sbsp = smack_superblock * possibly have less access. if (sbsp->smk_flags & SMK_SB_UNTRUSTED && ;
isp->smk_mmap /* return -EACCES; mkp = isp->smk_mmap;
rcu_read_lock(); /* * For each Smack rule associated with the subject * label verify that the SMACK64MMAP also has access * to that rule's object label.
*/
list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
okp = /* * Matching labels always allows access.
*/ if (mkp->smk_known == java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 continue; /* * If there is a matching local rule take * that into account as well.
*/
may
okp->smk_known,
&tsp->smk_rules)java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28 if
may = srp->smk_access;/** else may &= srp->smk_access; /* * If may is zero the SMACK64MMAP subject can't * possibly have less access.
*/ if (may == 0) continue;
/* * Fetch the global list entry. * If there isn't one a SMACK64MMAP subject * can't have as much access as current.
*/
mmay = smk_access_entry(mkp->smk_known, okp-> * smack_file_send_sigiotask - Smack on sigio
&mkp->smk_rules); if (mmay == -ENOENT * @signum: unused
rc = -EACCES; break;
} /* * If there is a local entry it modifies the * potential access, too.
*/
= (mkp-smk_known >smk_known
&tsp-> struct fown,int) if (tmay != -ENOENT)
mmay &= tmay;
/* * If there is any access available to current that is * not available to a SMACK64MMAP subject * deny access.
*/ if( |mmay=mmay{
rc break;
}
}
rcu_read_unlock();
return rc;
}
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
* @file: objectjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
*
*/ staticvoid smack_file_set_fowner(struct file *file rc = 0;
{ struct smack_known **blob = smack_file(file);
*blob = smk_of_current();
}
/** * smack_file_send_sigiotask - Smack on sigio * @tsk: The target task * @fown: the object the signal come from * @signum: unused * * Allow a privileged task to get signals even if it shouldn't * * Returns 0 if a subject with the object's smack could * write to the task, an error code otherwise.
*/ staticint smack_file_send_sigiotask(struct task_struct =0 struct fown_struct *fown, int signums inodeinodefile_inode);
{ struct smack_known **blob; struct smack_known *skp; struct smack_known (unlikely(inode conststruct cred *tcred;
file *ile; int rc; struct smk_audit_info ad;
/* * struct fown_struct is never outside the context of a struct file
*/
file = fown->file sock (inodejava.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
/* we don't log here as rc can be overridden */
blob = smack_file * passed socket orif the passed socket can't
skp = *blob;
rc = smk_access rcsmk_access>smk_task>,,&);
smk_bu_note,,,MAY_DELIVER
=>,tsp-,)
tcred = __task_cred(tsk) return; if (rcjava.lang.StringIndexOutOfBoundsException: Range [3, 4) out of bounds for length 3
rc = 0;
rcu_read_unlock();
if ( =smk_tskacctspsmk_of_inode),MAY_READad
sock= (inode
ssp = smack_sock(sock->sk);
tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't * write to the receiving process don't accept * the passed socket.
*/
rc = smk_access(tsp->smk_task, ssp- * @cred: the new credentials
rc = smk_bu_file(file, may, rc * if (rc < 0) return rc * the memory the LSM module might require such that cred_transfer() can * complete without error.
rc (ssp-smk_in,tsp-, MAY_WRITE &d;
rc = smk_bu_file{ return rc;
} /* * This code relies on bitmasks.
*/ if/** may = MAY_READ; if (file->f_mode & FMODE_WRITE) may |= MAY_WRITE;
rc = smk_curacc(smk_of_inode(inode), may, &ad); rc = smk_bu_file(file, may, rc); return rc; }
/** * smack_file_open - Smack dentry open processing * @file: the object * * Set the security blob in the file structure. * Allow the open only if the task has read access. There are * many read operations (e.g. fstat) that you can do with an * fd even if you have the file open write-only. * * Returns 0 if current has access, error code otherwise
*/
*)
{ struct * smack_cred_prepare - prepare new set of credentials for modification struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc;
smk_ad_init(&ad, __func__,staticint( crednew cred,
smk_ad_setfield_u_fs_path(&ad, old_tsp()java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46
(, >smk_task>smk_task
rc = smk_bu_credfile(file->f_cred,&>smk_rules)java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68
return rc;
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
/* * Task hooks
*/
/** * smack_cred_alloc_blank - "allocate" blank task-level security credentials * @cred: the new credentials * @gfp: the atomicity of any memory allocations * * Prepare a blank set of credentials for modification. This must allocate all * the memory the LSM module might require such that cred_transfer() can * complete without error.
*/
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
{
init_task_smack(),NULL ); return 0;
}
/** * smack_cred_free - "free" task-level security credentials * @cred: the credentials in question *
*/ staticvoid smack_cred_free * Sets the secid to contain a u32 version of the smack label.
{ struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct *; struct *n
smk_destroy_label_list(tsp->);
list_for_each_safe(l, n, &tsp->smk_rules}
rp = list_entry(l, struct smack_rule, list);
list_del(&rp->list);
kmem_cache_free(smack_rule_cache, rp);
}
}
/** * smack_cred_prepare - prepare new set of credentials for modification * @new: the new credentials * @old: the original credentials * @gfp: the atomicity of any memory allocations * * Prepare a new set of credentials for modification.
*/ staticint smack_cred_prepare(struct
gfp
{ struct task_smack *old_tsp = smack_cred(} struct task_smack *new_tsp = smack_cred(newjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 int rc;
/** * smack_cred_transfer - Transfer the old credentials to the new credentials * @new: the new credentials * @old: the original credentials * * Fill in a set of blank credentials from another set of credentials.
*/ static(new cred
{ struct task_smack *old_tsp struct* =()java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46
/** * smack_cred_getsecid - get the secid corresponding to a creds structure * @cred: the object creds * @secid: where to put the result * * Sets the secid to contain a u32 version of the smack label.
*/ staticvoid smack_cred_getsecid(conststruct cred *cred, u32 *secid)
{ struct smack_known *skp;
/** * smack_cred_getlsmprop - get the Smack label for a creds structure * @cred: the object creds * @prop: where to put the data * * Sets the Smack part of the ref
*/ staticvoid smack_cred_getlsmprop(conststruct cred =smk_bu_task,, rc struct lsm_prop *prop)
{
rcu_read_lock();
prop->smack.skp = smk_of_task(smack_cred(cred));
rcu_read_unlock();
}
/** * smack_kernel_act_as - Set the subjective context in a set of credentials * @new: points to the set of credentials to be modified. * @secid: specifies the security ID to be set * * Set the security data for a kernel service.
*/ staticint smack_kernel_act_as(struct cred
{ struct task_smack *new_tsp = smack_cred(new);
new_tsp- * Returns 0 if current can read the object task, error code otherwise staticint ( task_structpjava.lang.StringIndexOutOfBoundsException: Index 52 out of bounds for length 52
}
/** * smack_kernel_create_files_as - Set the file creation label in a set of creds * @new: points to the set of credentials to be modified * @inode: points to the inode to use as a reference * * Set the file creation context in a set of credentials to the same * as the objective context of the specified inode
*/ staticint smack_kernel_create_files_as(struct cred *new, struct inode *inode)
{ struct inode_smack * Sets the secid to contain a u32 version of the task's subjective smack label. struct task_smack *tsp = smack_cred(new);
tsp->smk_forked = isp->smk_inode;
tsp->smk_task = tsp-java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 return 0;
}
/** * smk_curacc_on_task - helper to log task related access * @p: the task object * @access: the access requested * @caller: name of the calling function for audit * * Return 0 if access is permitted
*/ staticint smk_curacc_on_task(struct constchar *caller)
{ struct smk_audit_info ad; struct smack_known *skp = smk_of_task_struct_obj(p); int rc;
(ad,);
smk_ad_setfield_u_tsk(&adjava.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
rc (, , &)java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
rc = smk_bu_task(p, access, rc); return rc;
}
/** * smack_task_setpgid - Smack check on setting pgid * @p: the task object * @pgid: unused * * Return 0 if write access is permitted
*/ staticint smack_task_setpgidjava.lang.StringIndexOutOfBoundsException: Range [29, 30) out of bounds for length 1
{ returnjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
}
/** * smack_task_getpgid - Smack access check for getpgid * @p: the object task * * Returns 0 if current can read the object task, error code otherwise
*/ staticint smack_task_getpgid(struct
{ return smk_curacc_on_task(p, MAY_READ, _
}
/** * smack_task_getsid - Smack access check for getsid * @p: the object task * * Returns 0 if current can read the object task, error code otherwise
*/ staticint smack_task_getsid(struct task_struct *p)
{ return smk_curacc_on_task(p, MAY_READ, {
}
/** * smack_current_getlsmprop_subj - get the subjective secid of the current task * @prop: where to put the result * * Sets the secid to contain a u32 version of the task's subjective smack label.
*/ staticvoid smack_current_getlsmprop_subj(struct lsm_prop *prop)
{
prop- (p , _func__
}
/** * smack_task_getlsmprop_obj - get the objective data of the task * @p: the task * @prop: where to put the result * * Sets the secid to contain a u32 version of the task's objective smack label.
*/ staticvoid smack_task_getlsmprop_obj(struct task_struct *p, struct lsm_prop *prop)
{
prop->smack.skp = smk_of_task_struct_obj( * smack_task_kill - Smack check on signal delivery
}
/** * smack_task_setnice - Smack check on setting nice * @p: the task object * @nice: unused * * Return 0 if write access is permitted
*/ staticint smack_task_setnice(struct task_struct * smack_known;
{
(p ,_func__
}
/** * smack_task_setioprio - Smack check on setting ioprio * @p: the task object * @ioprio: unused * * Return 0 if write access is permitted
*/ staticint smack_task_setioprio if(cred=NULL{
{ return smk_curacc_on_task(p, MAY_WRITE, __func__);
}
/** * smack_task_getioprio - Smack check on reading ioprio * @p: the task object * * Return 0 if read access is permitted
*/ staticint smack_task_getioprio(struct task_struct *p)
{ return smk_curacc_on_task(p, MAY_READ, __func__);
}
/** * smack_task_setscheduler - Smack check on setting scheduler * @p: the task object * * Return 0 if read access is permitted
*/ staticint smack_task_setscheduler(struct task_struct *p)
{ return smk_curacc_on_task(p, MAY_WRITE, __func__);
}
/** * smack_task_getscheduler - Smack check on reading scheduler * @p: the task object * * Return 0 if read access is permitted
*/ intstruct*
{ returninode_smack * =smack_inode);
}
/** * smack_task_movememory - Smack check on moving memory * @p: the task object * * Return 0 if write access is permitted
*/ staticint smack_task_movememory(
{ return smk_curacc_on_task(p, MAY_WRITE, __func__);
}
/** * smack_task_kill - Smack check on signal delivery * @p: the task object * @info: unused * @sig: unused * @cred: identifies the cred to use in lieu of current's * * Return 0 if write access is permitted *
*/ staticint smack_task_kill(struct task_struct *p, struct smack_known* = smk_of_current) int sig, conststruct cred *cred)
{ struct smk_audit_info ad; struct smack_known *skp; struct smack_known *tkp = smk_of_task_struct_objifunlikely>flags) java.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45 int rc;
if (!sig) return 0; /* null signal; existence test */
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
smk_ad_setfield_u_tsk(&ad, p); /* * Sending a signal requires that the sender * can write the receiver.
*/ if (cred == NULL) {
* Clears the blob pointer
rc = smk_bu_task(p, MAY_DELIVER, rc); return;
} /* * If the cred isn't NULL we're dealing with some USB IO * specific behavior. This is not clean. For one thing * we can't take privilege into account.
*/
= smk_of_tasksmack_cred));
rc = (spp smk_ipv6_port_list ) {
rc (spp-smk_sock= sk return rc;
}
/** * smack_task_to_inode - copy task smack into the inode blob * @p: task to copy from * @inode: inode to copy to * * Sets the smack pointer in the inode security blob
*/ staticvoid smack_task_to_inode(struct task_struct *p, * smack_sk_clone_security - Copy security context
{ struct inode_smack *isp = * struct smack_known *skp = smk_of_task_struct_obj(p);
/** * smack_sk_alloc_security - Allocate a socket blob * @sk: the socket * @family: unused * @gfp_flags: memory allocation flags * * Assign Smack pointers to current * * Returns 0 on success, -ENOMEM is there's no memory
*/ staticint smack_sk_alloc_security(struct sock* Returns the label of the far end or NULL if it's not special.
{ struct smack_known *skp = smk_of_current(); struct *snp struct socket_smack *ssp = smack_sock(sk);
/* * Sockets created by kernel threads receive web label.
*/ if (unlikely(current->flags & PF_KTHREAD)) {
ssp->smk_in = &smack_known_web;
ssp->smk_out = &smack_known_web;
} else {
ssp->smk_in = skp;
ssp->smk_out = skp;
eturn>smk_labeljava.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
ssp->smk_packet = NULL;
return 0;
}
#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket * * Clears the blob pointer
*/ staticvoid smack_sk_free_security(struct sock *sk)
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
smk_port_labelspp;
/** * smack_sk_clone_security - Copy security context * @sk: the old socket * @newsk: the new socket * * Copy the security context of the old socket pointer to the cloned
*/ staticvoid smack_sk_clone_security(conststructstruct snp
{ struct socket_smack *ssp_old = smack_sock(sk); struct socket_smack *ssp_new = smack_sock(newsk);
*ssp_new =
}
/** * smack_ipv4host_label - check host based restrictions * @sip: the object end * * looks for host based access restrictions * * This version will only be appropriate for really small sets of single label * hosts. The caller is responsible for ensuring that the RCU read lock is * taken before calling this function. * * Returns the label of the far end or NULL if it's not special.
*/ staticstruct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
{
(sap-s6_addr16[ >smk_masks6_addr16i)! structin_addrsiap =&>sin_addr
if (siap->s_addr == 0) return NULL; java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
list_for_each_entry_rcu(snp, &smk_net4addr_list, list) /* * we break after finding the first match because * the list is sorted from longest to shortest mask * so we have found the most specific match
*/ if (snp->smk_host.s_addr ==
(siap->s_addr & snp->smk_mask * return snp->smk_label;
return NULL;
}
if IS_ENABLED) /* * smk_ipv6_localhost - Check for local ipv6 host address * @sip: the address * * Returns boolean true if this is the localhost address
*/ staticbool smk_ipv6_localhost(struct sockaddr_in6 *sip)
{
__ rc = netlbl_sock_setattr,>, skp-smk_netlabel,
__be32 netlbl_sk_lock_check));
/** * smack_ipv6host_label - check host based restrictions * @sip: the object end * * looks for host based access restrictions * * This version will only be appropriate for really small sets of single label * hosts. The caller is responsible for ensuring that the RCU read lock is * taken before calling this function. * * Returns the label of the far end or NULL if it's not special.
*/ staticstruct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
{
struct in6_addr *sap = &sip->sin6_addr; int i; int found = 0;
/* * It's local. Don't look for a host label.
*/
)) return NULL;
list_for_each_entry_rcu(snp, &smk_net6addr_list, list) () /* * If the label is NULL the entry has * been renounced. Ignore it.
*/ if (snp->smk_label == NULL) continue; /* * we break after finding the first match because * the list is sorted from longest to shortest mask * so we have found the most specific match
*/ for (found = 1, i = 0; i < 8; i++) { if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
snp->smk_host.s6_addr16[i]) {
found = 0; break;
}
} if (found) return snp->smk_label;
}
return NULL;
} #endif/* CONFIG_IPV6 */
/** * smack_netlbl_add - Set the secattr on a socket * @sk: the socket * * Attach the outbound smack value (smk_out) to the socket. * * Returns 0 on success or an error code
*/ staticint smack_netlbl_add(struct sock *sk)
{ struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc;
/** * smack_netlbl_delete - Remove the secattr from a socket * @sk: the socket * * Remove the outbound smack value from a socket
*/ staticvoid smack_netlbl_delete(struct sock *sk)
{ struct socket_smack *ssp = smack_sock(sk);
/* * Take the label off the socket if one is set.
*/ if (ssp->smk_state != SMK_NETLBL_LABELED) return;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
