~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,13 +1,9 @@
	1	+/* SPDX-License-Identifier: GPL-2.0-only */
1	2	/*
2	3	* Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3	4	*
4		- * This program is free software; you can redistribute it and/or modify
5		- * it under the terms of the GNU General Public License as published by
6		- * the Free Software Foundation, version 2.
7		- *
8	5	* Author:
9	6	* Casey Schaufler <casey@schaufler-ca.com>
10		- *
11	7	*/
12	8
13	9	#ifndef _SECURITY_SMACK_H
..	..	@@ -24,6 +20,7 @@
24	20	#include <linux/list.h>
25	21	#include <linux/rculist.h>
26	22	#include <linux/lsm_audit.h>
	23	+#include <linux/msg.h>
27	24
28	25	/*
29	26	* Use IPv6 port labeling if IPv6 is enabled and secmarks
..	..	@@ -103,7 +100,12 @@
103	100	struct smack_known smk_out; / outbound label */
104	101	struct smack_known smk_in; / inbound label */
105	102	struct smack_known smk_packet; / TCP peer label */
	103	+ int smk_state; /* netlabel socket states */
106	104	};
	105	+#define SMK_NETLBL_UNSET 0
	106	+#define SMK_NETLBL_UNLABELED 1
	107	+#define SMK_NETLBL_LABELED 2
	108	+#define SMK_NETLBL_REQSKB 3
107	109
108	110	/*
109	111	* Inode smack data
..	..	@@ -112,9 +114,7 @@
112	114	struct smack_known smk_inode; / label of the fso */
113	115	struct smack_known smk_task; / label of the task */
114	116	struct smack_known smk_mmap; / label of the mmap domain */
115		- struct mutex smk_lock; /* initialization lock */
116	117	int smk_flags; /* smack inode flags */
117		- struct rcu_head smk_rcu; /* for freeing inode_smack */
118	118	};
119	119
120	120	struct task_smack {
..	..	@@ -151,7 +151,6 @@
151	151	struct smack_known smk_label; / label */
152	152	};
153	153
154		-#if IS_ENABLED(CONFIG_IPV6)
155	154	/*
156	155	* An entry in the table identifying IPv6 hosts.
157	156	*/
..	..	@@ -162,9 +161,7 @@
162	161	int smk_masks; /* mask size */
163	162	struct smack_known smk_label; / label */
164	163	};
165		-#endif /* CONFIG_IPV6 */
166	164
167		-#ifdef SMACK_IPV6_PORT_LABELING
168	165	/*
169	166	* An entry in the table identifying ports.
170	167	*/
..	..	@@ -177,7 +174,6 @@
177	174	short smk_sock_type; /* Socket type */
178	175	short smk_can_reuse;
179	176	};
180		-#endif /* SMACK_IPV6_PORT_LABELING */
181	177
182	178	struct smack_known_list_elem {
183	179	struct list_head list;
..	..	@@ -195,37 +191,15 @@
195	191
196	192	enum {
197	193	Opt_error = -1,
198		- Opt_fsdefault = 1,
199		- Opt_fsfloor = 2,
200		- Opt_fshat = 3,
201		- Opt_fsroot = 4,
202		- Opt_fstransmute = 5,
	194	+ Opt_fsdefault = 0,
	195	+ Opt_fsfloor = 1,
	196	+ Opt_fshat = 2,
	197	+ Opt_fsroot = 3,
	198	+ Opt_fstransmute = 4,
203	199	};
204		-
205		-/*
206		- * Mount options
207		- */
208		-#define SMK_FSDEFAULT "smackfsdef="
209		-#define SMK_FSFLOOR "smackfsfloor="
210		-#define SMK_FSHAT "smackfshat="
211		-#define SMK_FSROOT "smackfsroot="
212		-#define SMK_FSTRANS "smackfstransmute="
213	200
214	201	#define SMACK_DELETE_OPTION "-DELETE"
215	202	#define SMACK_CIPSO_OPTION "-CIPSO"
216		-
217		-/*
218		- * How communications on this socket are treated.
219		- * Usually it's determined by the underlying netlabel code
220		- * but there are certain cases, including single label hosts
221		- * and potentially single label interfaces for which the
222		- * treatment can not be known in advance.
223		- *
224		- * The possibility of additional labeling schemes being
225		- * introduced in the future exists as well.
226		- */
227		-#define SMACK_UNLABELED_SOCKET 0
228		-#define SMACK_CIPSO_SOCKET 1
229	203
230	204	/*
231	205	* CIPSO defaults.
..	..	@@ -323,6 +297,7 @@
323	297	bool smack_privileged(int cap);
324	298	bool smack_privileged_cred(int cap, const struct cred *cred);
325	299	void smk_destroy_label_list(struct list_head *list);
	300	+int smack_populate_secattr(struct smack_known *skp);
326	301
327	302	/*
328	303	* Shared data.
..	..	@@ -336,6 +311,7 @@
336	311	extern struct smack_known *smack_unconfined;
337	312	#endif
338	313	extern int smack_ptrace_rule;
	314	+extern struct lsm_blob_sizes smack_blob_sizes;
339	315
340	316	extern struct smack_known smack_known_floor;
341	317	extern struct smack_known smack_known_hat;
..	..	@@ -346,22 +322,47 @@
346	322	extern struct mutex smack_known_lock;
347	323	extern struct list_head smack_known_list;
348	324	extern struct list_head smk_net4addr_list;
349		-#if IS_ENABLED(CONFIG_IPV6)
350	325	extern struct list_head smk_net6addr_list;
351		-#endif /* CONFIG_IPV6 */
352	326
353	327	extern struct mutex smack_onlycap_lock;
354	328	extern struct list_head smack_onlycap_list;
355	329
356	330	#define SMACK_HASH_SLOTS 16
357	331	extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
	332	+extern struct kmem_cache *smack_rule_cache;
	333	+
	334	+static inline struct task_smack smack_cred(const struct cred cred)
	335	+{
	336	+ return cred->security + smack_blob_sizes.lbs_cred;
	337	+}
	338	+
	339	+static inline struct smack_known *smack_file(const struct file file)
	340	+{
	341	+ return (struct smack_known **)(file->f_security +
	342	+ smack_blob_sizes.lbs_file);
	343	+}
	344	+
	345	+static inline struct inode_smack smack_inode(const struct inode inode)
	346	+{
	347	+ return inode->i_security + smack_blob_sizes.lbs_inode;
	348	+}
	349	+
	350	+static inline struct smack_known *smack_msg_msg(const struct msg_msg msg)
	351	+{
	352	+ return msg->security + smack_blob_sizes.lbs_msg_msg;
	353	+}
	354	+
	355	+static inline struct smack_known *smack_ipc(const struct kern_ipc_perm ipc)
	356	+{
	357	+ return ipc->security + smack_blob_sizes.lbs_ipc;
	358	+}
358	359
359	360	/*
360	361	* Is the directory transmuting?
361	362	*/
362	363	static inline int smk_inode_transmutable(const struct inode *isp)
363	364	{
364		- struct inode_smack *sip = isp->i_security;
	365	+ struct inode_smack *sip = smack_inode(isp);
365	366	return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
366	367	}
367	368
..	..	@@ -370,7 +371,7 @@
370	371	*/
371	372	static inline struct smack_known smk_of_inode(const struct inode isp)
372	373	{
373		- struct inode_smack *sip = isp->i_security;
	374	+ struct inode_smack *sip = smack_inode(isp);
374	375	return sip->smk_inode;
375	376	}
376	377
..	..	@@ -382,13 +383,19 @@
382	383	return tsp->smk_task;
383	384	}
384	385
385		-static inline struct smack_known smk_of_task_struct(const struct task_struct t)
	386	+static inline struct smack_known *smk_of_task_struct(
	387	+ const struct task_struct *t)
386	388	{
387	389	struct smack_known *skp;
	390	+ const struct cred *cred;
388	391
389	392	rcu_read_lock();
390		- skp = smk_of_task(__task_cred(t)->security);
	393	+
	394	+ cred = __task_cred(t);
	395	+ skp = smk_of_task(smack_cred(cred));
	396	+
391	397	rcu_read_unlock();
	398	+
392	399	return skp;
393	400	}
394	401
..	..	@@ -405,7 +412,7 @@
405	412	*/
406	413	static inline struct smack_known *smk_of_current(void)
407	414	{
408		- return smk_of_task(current_security());
	415	+ return smk_of_task(smack_cred(current_cred()));
409	416	}
410	417
411	418	/*
..	..	@@ -481,10 +488,6 @@
481	488	}
482	489	static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
483	490	struct dentry *d)
484		-{
485		-}
486		-static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
487		- struct vfsmount *m)
488	491	{
489	492	}
490	493	static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,