Smack: Use the netlabel cache

bool smack_privileged(int cap);

bool smack_privileged_cred(int cap, const struct cred *cred);

void smk_destroy_label_list(struct list_head *list);

int smack_populate_secattr(struct smack_known *skp);

/*

 * Shared data.

	return 0;

}

/**

 * smack_populate_secattr - fill in the smack_known netlabel information

 * @skp: pointer to the structure to fill

 *

 * Populate the netlabel secattr structure for a Smack label.

 *

 * Returns 0 unless creating the category mapping fails

 */

int smack_populate_secattr(struct smack_known *skp)

{

	int slen;

	skp->smk_netlabel.attr.secid = skp->smk_secid;

	skp->smk_netlabel.domain = skp->smk_known;

	skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);

	if (skp->smk_netlabel.cache != NULL) {

		skp->smk_netlabel.flags |= NETLBL_SECATTR_CACHE;

		skp->smk_netlabel.cache->free = NULL;

		skp->smk_netlabel.cache->data = skp;

	}

	skp->smk_netlabel.flags |= NETLBL_SECATTR_SECID |

				   NETLBL_SECATTR_MLS_LVL |

				   NETLBL_SECATTR_DOMAIN;

	/*

	 * If direct labeling works use it.

	 * Otherwise use mapped labeling.

	 */

	slen = strlen(skp->smk_known);

	if (slen < SMK_CIPSOLEN)

		return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,

				      &skp->smk_netlabel, slen);

	return smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,

			      &skp->smk_netlabel, sizeof(skp->smk_secid));

}

/**

 * smk_import_entry - import a label, return the list entry

 * @string: a text string that might be a Smack label

{

	struct smack_known *skp;

	char *smack;

	int slen;

	int rc;

	smack = smk_parse_smack(string, len);

	skp->smk_known = smack;

	skp->smk_secid = smack_next_secid++;

	skp->smk_netlabel.domain = skp->smk_known;

	skp->smk_netlabel.flags =

		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;

	/*

	 * If direct labeling works use it.

	 * Otherwise use mapped labeling.

	 */

	slen = strlen(smack);

	if (slen < SMK_CIPSOLEN)

		rc = smk_netlbl_mls(smack_cipso_direct, skp->smk_known,

			       &skp->smk_netlabel, slen);

	else

		rc = smk_netlbl_mls(smack_cipso_mapped, (char *)&skp->smk_secid,

			       &skp->smk_netlabel, sizeof(skp->smk_secid));

	rc = smack_populate_secattr(skp);

	if (rc >= 0) {

		INIT_LIST_HEAD(&skp->smk_rules);

		mutex_init(&skp->smk_rules_lock);

		smk_insert_entry(skp);

		goto unlockout;

	}

	/*

	 * smk_netlbl_mls failed.

	 */

	kfree(skp);

	skp = ERR_PTR(rc);

freeout:

	int acat;

	int kcat;

	/*

	 * Netlabel found it in the cache.

	 */

	if ((sap->flags & NETLBL_SECATTR_CACHE) != 0)

		return (struct smack_known *)sap->cache->data;

	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)

		/*

		 * Looks like a fallback, which gives us a secid.

		 */

		return smack_from_secid(sap->attr.secid);

	if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {

		/*

		 * Looks like a CIPSO packet.

			return &smack_known_web;

		return &smack_known_star;

	}

	if ((sap->flags & NETLBL_SECATTR_SECID) != 0)

		/*

		 * Looks like a fallback, which gives us a secid.

		 */

		return smack_from_secid(sap->attr.secid);

	/*

	 * Without guidance regarding the smack value

	 * for the packet fall back on the network

 * @family: address family

 * @skb: packet

 *

 * Find the Smack label in the IP options. If it hasn't been

 * added to the netlabel cache, add it here.

 *

 * Returns smack_known of the IP options or NULL if that won't work.

 */

static struct smack_known *smack_from_netlbl(struct sock *sk, u16 family,

	struct netlbl_lsm_secattr secattr;

	struct socket_smack *ssp = NULL;

	struct smack_known *skp = NULL;

	int rc = 0;

	netlbl_secattr_init(&secattr);

	if (sk)

		ssp = sk->sk_security;

	if (netlbl_skbuff_getattr(skb, family, &secattr) == 0)

	if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {

		skp = smack_from_secattr(&secattr, ssp);

		if (secattr.flags & NETLBL_SECATTR_CACHEABLE)

			rc = netlbl_cache_add(skb, family, &skp->smk_netlabel);

	}

	netlbl_secattr_destroy(&secattr);

		skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;

		skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;

		rc = count;

		/*

		 * This mapping may have been cached, so clear the cache.

		 */

		netlbl_cache_invalidate();

	}

out:

static struct vfsmount *smackfs_mount;

static int __init smk_preset_netlabel(struct smack_known *skp)

{

	skp->smk_netlabel.domain = skp->smk_known;

	skp->smk_netlabel.flags =

		NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;

	return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,

				&skp->smk_netlabel, strlen(skp->smk_known));

}

/**

 * init_smk_fs - get the smackfs superblock

 *

	smk_cipso_doi();

	smk_unlbl_ambient(NULL);

	rc = smk_preset_netlabel(&smack_known_floor);

	rc = smack_populate_secattr(&smack_known_floor);

	if (err == 0 && rc < 0)

		err = rc;

	rc = smk_preset_netlabel(&smack_known_hat);

	rc = smack_populate_secattr(&smack_known_hat);

	if (err == 0 && rc < 0)

		err = rc;

	rc = smk_preset_netlabel(&smack_known_huh);

	rc = smack_populate_secattr(&smack_known_huh);

	if (err == 0 && rc < 0)

		err = rc;

	rc = smk_preset_netlabel(&smack_known_star);

	rc = smack_populate_secattr(&smack_known_star);

	if (err == 0 && rc < 0)

		err = rc;

	rc = smk_preset_netlabel(&smack_known_web);

	rc = smack_populate_secattr(&smack_known_web);

	if (err == 0 && rc < 0)

		err = rc;