Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits)
  AppArmor: kill unused macros in lsm.c
  AppArmor: cleanup generated files correctly
  KEYS: Add an iovec version of KEYCTL_INSTANTIATE
  KEYS: Add a new keyctl op to reject a key with a specified error code
  KEYS: Add a key type op to permit the key description to be vetted
  KEYS: Add an RCU payload dereference macro
  AppArmor: Cleanup make file to remove cruft and make it easier to read
  SELinux: implement the new sb_remount LSM hook
  LSM: Pass -o remount options to the LSM
  SELinux: Compute SID for the newly created socket
  SELinux: Socket retains creator role and MLS attribute
  SELinux: Auto-generate security_is_socket_class
  TOMOYO: Fix memory leak upon file open.
  Revert "selinux: simplify ioctl checking"
  selinux: drop unused packet flow permissions
  selinux: Fix packet forwarding checks on postrouting
  selinux: Fix wrong checks for selinux_policycap_netpeer
  selinux: Fix check for xfrm selinux context algorithm
  ima: remove unnecessary call to ima_must_measure
  IMA: remove IMA imbalance checking
  ...

1 files changed, 6 insertions, 11 deletions

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 129c4eb8ffb1..b449cfdad21c 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -52,13 +52,16 @@ struct socket_smack {
 struct inode_smack {
         char            *smk_inode;     /* label of the fso */
         char            *smk_task;      /* label of the task */
+        char            *smk_mmap;      /* label of the mmap domain */
         struct mutex    smk_lock;       /* initialization lock */
         int             smk_flags;      /* smack inode flags */
 };
 
 struct task_smack {
-        char            *smk_task;      /* label used for access control */
-        char            *smk_forked;    /* label when forked */
+        char                    *smk_task;      /* label for access control */
+        char                    *smk_forked;    /* label when forked */
+        struct list_head        smk_rules;      /* per task access rules */
+        struct mutex            smk_rules_lock; /* lock for the rules */
 };
 
 #define SMK_INODE_INSTANT       0x01    /* inode is instantiated */
@@ -152,12 +155,6 @@ struct smack_known {
 #define SMACK_MAGIC     0x43415d53 /* "SMAC" */
 
 /*
- * A limit on the number of entries in the lists
- * makes some of the list administration easier.
- */
-#define SMACK_LIST_MAX  10000
-
-/*
  * CIPSO defaults.
  */
 #define SMACK_CIPSO_DOI_DEFAULT         3       /* Historical */
@@ -174,9 +171,7 @@ struct smack_known {
 /*
  * Just to make the common cases easier to deal with
  */
-#define MAY_ANY         (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
 #define MAY_ANYREAD     (MAY_READ | MAY_EXEC)
-#define MAY_ANYWRITE    (MAY_WRITE | MAY_APPEND)
 #define MAY_READWRITE   (MAY_READ | MAY_WRITE)
 #define MAY_NOT         0
 
@@ -202,7 +197,7 @@ struct inode_smack *new_inode_smack(char *);
 /*
  * These functions are in smack_access.c
  */
-int smk_access_entry(char *, char *);
+int smk_access_entry(char *, char *, struct list_head *);
 int smk_access(char *, char *, int, struct smk_audit_info *);
 int smk_curacc(char *, u32, struct smk_audit_info *);
 int smack_to_cipso(const char *, struct smack_cipso *);