1 files changed, 45 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 43ae747a5aa4..129c4eb8ffb1 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -51,11 +51,18 @@ struct socket_smack {
 */
 struct inode_smack {
        char            *smk_inode;     /* label of the fso */
+        char            *smk_task;      /* label of the task */
        struct mutex    smk_lock;       /* initialization lock */
        int             smk_flags;      /* smack inode flags */
 };
+struct task_smack {
+        char            *smk_task;      /* label used for access control */
+        char            *smk_forked;    /* label when forked */
+};
 #define SMK_INODE_INSTANT       0x01    /* inode is instantiated */
+#define SMK_INODE_TRANSMUTE     0x02    /* directory is transmuting */
 /*
 * A label access rule.
@@ -161,6 +168,10 @@ struct smack_known {
 #define SMACK_CIPSO_MAXCATNUM           239     /* CIPSO 2.2 standard */
 /*
+ * Flag for transmute access
+ */
+#define MAY_TRANSMUTE   64
+/*
 * Just to make the common cases easier to deal with
 */
 #define MAY_ANY         (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
@@ -191,6 +202,7 @@ struct inode_smack *new_inode_smack(char *);
 /*
 * These functions are in smack_access.c
 */
+int smk_access_entry(char *, char *);
 int smk_access(char *, char *, int, struct smk_audit_info *);
 int smk_curacc(char *, u32, struct smk_audit_info *);
 int smack_to_cipso(const char *, struct smack_cipso *);
@@ -234,6 +246,15 @@ static inline void smack_catset_bit(int cat, char *catsetp)
 }
 /*
+ * Is the directory transmuting?
+ */
+static inline int smk_inode_transmutable(const struct inode *isp)
+{
+        struct inode_smack *sip = isp->i_security;
+        return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
+}
+/*
 * Present a pointer to the smack label in an inode blob.
 */
 static inline char *smk_of_inode(const struct inode *isp)
@@ -243,6 +264,30 @@ static inline char *smk_of_inode(const struct inode *isp)
 }
 /*
+ * Present a pointer to the smack label in an task blob.
+ */
+static inline char *smk_of_task(const struct task_smack *tsp)
+{
+        return tsp->smk_task;
+}
+/*
+ * Present a pointer to the forked smack label in an task blob.
+ */
+static inline char *smk_of_forked(const struct task_smack *tsp)
+{
+        return tsp->smk_forked;
+}
+/*
+ * Present a pointer to the smack label in the current task blob.
+ */
+static inline char *smk_of_current(void)
+{
+        return smk_of_task(current_security());
+}
+/*
 * logging functions
 */
 #define SMACK_AUDIT_DENIED 0x1

diff --git a/security/smack/smack.h b/security/smack/smack.h index 43ae747a5aa4..129c4eb8ffb1 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h
@@ -51,11 +51,18 @@ struct socket_smack {
51	*/	51	*/
52	struct inode_smack {	52	struct inode_smack {
53	char smk_inode; / label of the fso */	53	char smk_inode; / label of the fso */
		54	char smk_task; / label of the task */
54	struct mutex smk_lock; /* initialization lock */	55	struct mutex smk_lock; /* initialization lock */
55	int smk_flags; /* smack inode flags */	56	int smk_flags; /* smack inode flags */
56	};	57	};
57		58
		59	struct task_smack {
		60	char smk_task; / label used for access control */
		61	char smk_forked; / label when forked */
		62	};
		63
58	#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */	64	#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
		65	#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
59		66
60	/*	67	/*
61	* A label access rule.	68	* A label access rule.
@@ -161,6 +168,10 @@ struct smack_known {
161	#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */	168	#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
162		169
163	/*	170	/*
		171	* Flag for transmute access
		172	*/
		173	#define MAY_TRANSMUTE 64
		174	/*
164	* Just to make the common cases easier to deal with	175	* Just to make the common cases easier to deal with
165	*/	176	*/
166	#define MAY_ANY (MAY_READ \| MAY_WRITE \| MAY_APPEND \| MAY_EXEC)	177	#define MAY_ANY (MAY_READ \| MAY_WRITE \| MAY_APPEND \| MAY_EXEC)
@@ -191,6 +202,7 @@ struct inode_smack new_inode_smack(char );
191	/*	202	/*
192	* These functions are in smack_access.c	203	* These functions are in smack_access.c
193	*/	204	*/
		205	int smk_access_entry(char , char );
194	int smk_access(char , char , int, struct smk_audit_info *);	206	int smk_access(char , char , int, struct smk_audit_info *);
195	int smk_curacc(char , u32, struct smk_audit_info );	207	int smk_curacc(char , u32, struct smk_audit_info );
196	int smack_to_cipso(const char , struct smack_cipso );	208	int smack_to_cipso(const char , struct smack_cipso );
@@ -234,6 +246,15 @@ static inline void smack_catset_bit(int cat, char *catsetp)
234	}	246	}
235		247
236	/*	248	/*
		249	* Is the directory transmuting?
		250	*/
		251	static inline int smk_inode_transmutable(const struct inode *isp)
		252	{
		253	struct inode_smack *sip = isp->i_security;
		254	return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
		255	}
		256
		257	/*
237	* Present a pointer to the smack label in an inode blob.	258	* Present a pointer to the smack label in an inode blob.
238	*/	259	*/
239	static inline char smk_of_inode(const struct inode isp)	260	static inline char smk_of_inode(const struct inode isp)
@@ -243,6 +264,30 @@ static inline char smk_of_inode(const struct inode isp)
243	}	264	}
244		265
245	/*	266	/*
		267	* Present a pointer to the smack label in an task blob.
		268	*/
		269	static inline char smk_of_task(const struct task_smack tsp)
		270	{
		271	return tsp->smk_task;
		272	}
		273
		274	/*
		275	* Present a pointer to the forked smack label in an task blob.
		276	*/
		277	static inline char smk_of_forked(const struct task_smack tsp)
		278	{
		279	return tsp->smk_forked;
		280	}
		281
		282	/*
		283	* Present a pointer to the smack label in the current task blob.
		284	*/
		285	static inline char *smk_of_current(void)
		286	{
		287	return smk_of_task(current_security());
		288	}
		289
		290	/*
246	* logging functions	291	* logging functions
247	*/	292	*/
248	#define SMACK_AUDIT_DENIED 0x1	293	#define SMACK_AUDIT_DENIED 0x1