Smack: Local IPv6 port based controls

Smack does not provide access controls on IPv6 communications.
This patch introduces a mechanism for maintaining Smack lables
for local IPv6 communications. It is based on labeling local ports.
The behavior should be compatible with any future "real" IPv6
support as it provides no interfaces for users to manipulate
the labeling. Remote IPv6 connections use the ambient label
the same way that unlabeled IPv4 packets are treated.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 8ad30955e15d..bb28e099abfe 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -94,6 +94,17 @@ struct smk_netlbladdr {
 };
 
 /*
+ * An entry in the table identifying ports.
+ */
+struct smk_port_label {
+        struct list_head        list;
+        struct sock             *smk_sock;      /* socket initialized on */
+        unsigned short          smk_port;       /* the port number */
+        char                    *smk_in;        /* incoming label */
+        char                    *smk_out;       /* outgoing label */
+};
+
+/*
  * This is the repository for labels seen so that it is
  * not necessary to keep allocating tiny chuncks of memory
  * and so that they can be shared.