add wifi6 8852be driver

hc

2024-12-19 9370bb92b2d16684ee45cf24e879c93c509162da

 kernel/security/smack/smack_access.c
..
..
@@ -1,13 +1,9 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3
4
  *
4
- *      This program is free software; you can redistribute it and/or modify
5
- *      it under the terms of the GNU General Public License as published by
6
- *      the Free Software Foundation, version 2.
7
- *
8
5
  * Author:
9
6
  *      Casey Schaufler <casey@schaufler-ca.com>
10
- *
11
7
  */
12
8
 
13
9
 #include <linux/types.h>
..
..
@@ -274,7 +270,7 @@
274
270
 int smk_curacc(struct smack_known *obj_known,
275
271
 	       u32 mode, struct smk_audit_info *a)
276
272
 {
277
-	struct task_smack *tsp = current_security();
273
+	struct task_smack *tsp = smack_cred(current_cred());
278
274
 
279
275
 	return smk_tskacc(tsp, obj_known, mode, a);
280
276
 }
..
..
@@ -514,6 +510,42 @@
514
510
 }
515
511
 
516
512
 /**
513
+ * smack_populate_secattr - fill in the smack_known netlabel information
514
+ * @skp: pointer to the structure to fill
515
+ *
516
+ * Populate the netlabel secattr structure for a Smack label.
517
+ *
518
+ * Returns 0 unless creating the category mapping fails
519
+ */
520
+int smack_populate_secattr(struct smack_known *skp)
521
+{
522
+	int slen;
523
+
524
+	skp->smk_netlabel.attr.secid = skp->smk_secid;
525
+	skp->smk_netlabel.domain = skp->smk_known;
526
+	skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
527
+	if (skp->smk_netlabel.cache != NULL) {
528
+		skp->smk_netlabel.flags |= NETLBL_SECATTR_CACHE;
529
+		skp->smk_netlabel.cache->free = NULL;
530
+		skp->smk_netlabel.cache->data = skp;
531
+	}
532
+	skp->smk_netlabel.flags |= NETLBL_SECATTR_SECID |
533
+				   NETLBL_SECATTR_MLS_LVL |
534
+				   NETLBL_SECATTR_DOMAIN;
535
+	/*
536
+	 * If direct labeling works use it.
537
+	 * Otherwise use mapped labeling.
538
+	 */
539
+	slen = strlen(skp->smk_known);
540
+	if (slen < SMK_CIPSOLEN)
541
+		return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
542
+				      &skp->smk_netlabel, slen);
543
+
544
+	return smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
545
+			      &skp->smk_netlabel, sizeof(skp->smk_secid));
546
+}
547
+
548
+/**
517
549
  * smk_import_entry - import a label, return the list entry
518
550
  * @string: a text string that might be a Smack label
519
551
  * @len: the maximum size, or zero if it is NULL terminated.
..
..
@@ -526,7 +558,6 @@
526
558
 {
527
559
 	struct smack_known *skp;
528
560
 	char *smack;
529
-	int slen;
530
561
 	int rc;
531
562
 
532
563
 	smack = smk_parse_smack(string, len);
..
..
@@ -547,21 +578,8 @@
547
578
 
548
579
 	skp->smk_known = smack;
549
580
 	skp->smk_secid = smack_next_secid++;
550
-	skp->smk_netlabel.domain = skp->smk_known;
551
-	skp->smk_netlabel.flags =
552
-		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
553
-	/*
554
-	 * If direct labeling works use it.
555
-	 * Otherwise use mapped labeling.
556
-	 */
557
-	slen = strlen(smack);
558
-	if (slen < SMK_CIPSOLEN)
559
-		rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
560
-			       &skp->smk_netlabel, slen);
561
-	else
562
-		rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,
563
-			       &skp->smk_netlabel, sizeof(skp->smk_secid));
564
581
 
582
+	rc = smack_populate_secattr(skp);
565
583
 	if (rc >= 0) {
566
584
 		INIT_LIST_HEAD(&skp->smk_rules);
567
585
 		mutex_init(&skp->smk_rules_lock);
..
..
@@ -572,9 +590,6 @@
572
590
 		smk_insert_entry(skp);
573
591
 		goto unlockout;
574
592
 	}
575
-	/*
576
-	 * smk_netlbl_mls failed.
577
-	 */
578
593
 	kfree(skp);
579
594
 	skp = ERR_PTR(rc);
580
595
 freeout:
..
..
@@ -634,7 +649,7 @@
634
649
  */
635
650
 bool smack_privileged_cred(int cap, const struct cred *cred)
636
651
 {
637
-	struct task_smack *tsp = cred->security;
652
+	struct task_smack *tsp = smack_cred(cred);
638
653
 	struct smack_known *skp = tsp->smk_task;
639
654
 	struct smack_known_list_elem *sklep;
640
655
 	int rc;
..
..
@@ -672,9 +687,10 @@
672
687
 bool smack_privileged(int cap)
673
688
 {
674
689
 	/*
675
-	 * All kernel tasks are privileged
690
+	 * Kernel threads may not have credentials we can use.
691
+	 * The io_uring kernel threads do have reliable credentials.
676
692
 	 */
677
-	if (unlikely(current->flags & PF_KTHREAD))
693
+	if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
678
694
 		return true;
679
695
 
680
696
 	return smack_privileged_cred(cap, current_cred());