3 files changed, 67 insertions, 11 deletions

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 243bec175be0..c6e9acae72e4 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -275,7 +275,7 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
 {
         memset(a, 0, sizeof(*a));
         a->a.type = type;
-        a->a.function = func;
+        a->a.smack_audit_data.function = func;
 }
 
 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 513dc1aa16dd..0f9ac8146900 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -240,8 +240,9 @@ static inline void smack_str_from_perm(char *string, int access)
 static void smack_log_callback(struct audit_buffer *ab, void *a)
 {
         struct common_audit_data *ad = a;
-        struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
-        audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
+        struct smack_audit_data *sad = &ad->smack_audit_data;
+        audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
+                         ad->smack_audit_data.function,
                          sad->result ? "denied" : "granted");
         audit_log_format(ab, " subject=");
         audit_log_untrustedstring(ab, sad->subject);
@@ -274,11 +275,11 @@ void smack_log(char *subject_label, char *object_label, int request,
         if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
                 return;
 
-        if (a->function == NULL)
-                a->function = "unknown";
+        if (a->smack_audit_data.function == NULL)
+                a->smack_audit_data.function = "unknown";
 
         /* end preparing the audit data */
-        sad = &a->lsm_priv.smack_audit_data;
+        sad = &a->smack_audit_data;
         smack_str_from_perm(request_buffer, request);
         sad->subject = subject_label;
         sad->object  = object_label;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0023182078c7..acae7ef4092d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
  */
 
 /**
- * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH
+ * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
  * @ctp: child task pointer
  * @mode: ptrace attachment mode
  *
@@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
  *
  * Do the capability checks, and require read and write.
  */
-static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
+static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 {
         int rc;
         struct smk_audit_info ad;
         char *sp, *tsp;
 
-        rc = cap_ptrace_may_access(ctp, mode);
+        rc = cap_ptrace_access_check(ctp, mode);
         if (rc != 0)
                 return rc;
 
@@ -1080,6 +1080,22 @@ static int smack_file_receive(struct file *file)
  */
 
 /**
+ * smack_cred_alloc_blank - "allocate" blank task-level security credentials
+ * @new: the new credentials
+ * @gfp: the atomicity of any memory allocations
+ *
+ * Prepare a blank set of credentials for modification.  This must allocate all
+ * the memory the LSM module might require such that cred_transfer() can
+ * complete without error.
+ */
+static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
+{
+        cred->security = NULL;
+        return 0;
+}
+
+
+/**
  * smack_cred_free - "free" task-level security credentials
  * @cred: the credentials in question
  *
@@ -1117,6 +1133,18 @@ static void smack_cred_commit(struct cred *new, const struct cred *old)
 }
 
 /**
+ * smack_cred_transfer - Transfer the old credentials to the new credentials
+ * @new: the new credentials
+ * @old: the original credentials
+ *
+ * Fill in a set of blank credentials from another set of credentials.
+ */
+static void smack_cred_transfer(struct cred *new, const struct cred *old)
+{
+        new->security = old->security;
+}
+
+/**
  * smack_kernel_act_as - Set the subjective context in a set of credentials
  * @new: points to the set of credentials to be modified.
  * @secid: specifies the security ID to be set
@@ -1638,6 +1666,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
 
         if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
                 nsp->smk_inode = sp;
+                nsp->smk_flags |= SMK_INODE_INSTANT;
                 return 0;
         }
         /*
@@ -2464,7 +2493,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
         /*
          * Perfectly reasonable for this to be NULL
          */
-        if (sip == NULL || sip->sin_family != PF_INET)
+        if (sip == NULL || sip->sin_family != AF_INET)
                 return 0;
 
         return smack_netlabel_send(sock->sk, sip);
@@ -3029,10 +3058,31 @@ static void smack_release_secctx(char *secdata, u32 seclen)
 {
 }
 
+static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+{
+        return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
+}
+
+static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+{
+        return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
+}
+
+static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+{
+        int len = 0;
+        len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
+
+        if (len < 0)
+                return len;
+        *ctxlen = len;
+        return 0;
+}
+
 struct security_operations smack_ops = {
         .name =                         "smack",
 
-        .ptrace_may_access =            smack_ptrace_may_access,
+        .ptrace_access_check =          smack_ptrace_access_check,
         .ptrace_traceme =               smack_ptrace_traceme,
         .syslog =                       smack_syslog,
 
@@ -3073,9 +3123,11 @@ struct security_operations smack_ops = {
         .file_send_sigiotask =          smack_file_send_sigiotask,
         .file_receive =                 smack_file_receive,
 
+        .cred_alloc_blank =             smack_cred_alloc_blank,
         .cred_free =                    smack_cred_free,
         .cred_prepare =                 smack_cred_prepare,
         .cred_commit =                  smack_cred_commit,
+        .cred_transfer =                smack_cred_transfer,
         .kernel_act_as =                smack_kernel_act_as,
         .kernel_create_files_as =       smack_kernel_create_files_as,
         .task_setpgid =                 smack_task_setpgid,
@@ -3155,6 +3207,9 @@ struct security_operations smack_ops = {
         .secid_to_secctx =              smack_secid_to_secctx,
         .secctx_to_secid =              smack_secctx_to_secid,
         .release_secctx =               smack_release_secctx,
+        .inode_notifysecctx =           smack_inode_notifysecctx,
+        .inode_setsecctx =              smack_inode_setsecctx,
+        .inode_getsecctx =              smack_inode_getsecctx,
 };