5 files changed, 50 insertions, 11 deletions

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 39e5ff512fbe..90012b9ddbf3 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -49,9 +49,6 @@ typedef struct __user_cap_data_struct {
 } __user *cap_user_data_t;
 
 
-#define XATTR_CAPS_SUFFIX "capability"
-#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
-
 #define VFS_CAP_REVISION_MASK   0xFF000000
 #define VFS_CAP_REVISION_SHIFT  24
 #define VFS_CAP_FLAGS_MASK      ~VFS_CAP_REVISION_MASK
diff --git a/include/linux/fs.h b/include/linux/fs.h
index f91affb7d530..e5106e49bd2c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -53,6 +53,7 @@ struct inodes_stat_t {
 #define MAY_APPEND 8
 #define MAY_ACCESS 16
 #define MAY_OPEN 32
+#define MAY_CHDIR 64
 
 /*
  * flags in file.f_mode.  Note that FMODE_READ and FMODE_WRITE must correspond
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 6907251d5200..112a55033352 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -90,10 +90,42 @@ struct common_audit_data {
                         u32 requested;
                         u32 audited;
                         u32 denied;
+                        /*
+                         * auditdeny is a bit tricky and unintuitive.  See the
+                         * comments in avc.c for it's meaning and usage.
+                         */
+                        u32 auditdeny;
                         struct av_decision *avd;
                         int result;
                 } selinux_audit_data;
 #endif
+#ifdef CONFIG_SECURITY_APPARMOR
+                struct {
+                        int error;
+                        int op;
+                        int type;
+                        void *profile;
+                        const char *name;
+                        const char *info;
+                        union {
+                                void *target;
+                                struct {
+                                        long pos;
+                                        void *target;
+                                } iface;
+                                struct {
+                                        int rlim;
+                                        unsigned long max;
+                                } rlim;
+                                struct {
+                                        const char *target;
+                                        u32 request;
+                                        u32 denied;
+                                        uid_t ouid;
+                                } fs;
+                        };
+                } apparmor_audit_data;
+#endif
         };
         /* these callback will be implemented by a specific LSM */
         void (*lsm_pre_audit)(struct audit_buffer *, void *);
diff --git a/include/linux/security.h b/include/linux/security.h
index 0c8819170463..723a93df756a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -470,8 +470,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @path_truncate:
  *      Check permission before truncating a file.
  *      @path contains the path structure for the file.
- *      @length is the new length of the file.
- *      @time_attrs is the flags passed to do_truncate().
  *      Return 0 if permission is granted.
  * @inode_getattr:
  *      Check permission before obtaining file attributes.
@@ -1412,8 +1410,7 @@ struct security_operations {
         int (*path_rmdir) (struct path *dir, struct dentry *dentry);
         int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
                            unsigned int dev);
-        int (*path_truncate) (struct path *path, loff_t length,
-                              unsigned int time_attrs);
+        int (*path_truncate) (struct path *path);
         int (*path_symlink) (struct path *dir, struct dentry *dentry,
                              const char *old_name);
         int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
@@ -2806,8 +2803,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
 int security_path_rmdir(struct path *dir, struct dentry *dentry);
 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
                         unsigned int dev);
-int security_path_truncate(struct path *path, loff_t length,
-                           unsigned int time_attrs);
+int security_path_truncate(struct path *path);
 int security_path_symlink(struct path *dir, struct dentry *dentry,
                           const char *old_name);
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -2841,8 +2837,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
         return 0;
 }
 
-static inline int security_path_truncate(struct path *path, loff_t length,
-                                         unsigned int time_attrs)
+static inline int security_path_truncate(struct path *path)
 {
         return 0;
 }
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index 0cfa1e9c4cc1..f1e5bde4b35a 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -33,6 +33,20 @@
 #define XATTR_USER_PREFIX "user."
 #define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
 
+/* Security namespace */
+#define XATTR_SELINUX_SUFFIX "selinux"
+#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
+
+#define XATTR_SMACK_SUFFIX "SMACK64"
+#define XATTR_SMACK_IPIN "SMACK64IPIN"
+#define XATTR_SMACK_IPOUT "SMACK64IPOUT"
+#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
+#define XATTR_NAME_SMACKIPIN    XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
+#define XATTR_NAME_SMACKIPOUT   XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
+
+#define XATTR_CAPS_SUFFIX "capability"
+#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
+
 struct inode;
 struct dentry;