tizen 2.4 release

[kernel/linux-3.0.git] / security / smack / smack.h

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 80dd59f..42c4775 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -137,6 +137,11 @@ struct smk_port_label {
        struct smack_known      *smk_out;       /* outgoing label */
 };
 
+struct smack_onlycap {
+       struct list_head        list;
+       struct smack_known      *smk_label;
+};
+
 /*
  * Mount options
  */
@@ -235,6 +240,7 @@ struct smack_known *smk_import_entry(const char *, int);
 void smk_insert_entry(struct smack_known *skp);
 struct smack_known *smk_find_entry(const char *);
 u32 smack_to_secid(const char *);
+int smack_privileged(int cap);
 
 /*
  * Shared data.
@@ -242,7 +248,6 @@ u32 smack_to_secid(const char *);
 extern int smack_cipso_direct;
 extern int smack_cipso_mapped;
 extern struct smack_known *smack_net_ambient;
-extern char *smack_onlycap;
 extern const char *smack_cipso_option;
 
 extern struct smack_known smack_known_floor;
@@ -262,6 +267,9 @@ extern struct kmem_cache *smack_master_list_cache;
 
 extern struct security_operations smack_ops;
 
+extern struct mutex     smack_onlycap_lock;
+extern struct list_head smack_onlycap_list;
+
 #define SMACK_HASH_SLOTS 16
 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
 
@@ -307,21 +315,6 @@ static inline struct smack_known *smk_of_current(void)
        return smk_of_task(current_security());
 }
 
-/*
- * Is the task privileged and allowed to be privileged
- * by the onlycap rule.
- */
-static inline int smack_privileged(int cap)
-{
-       struct smack_known *skp = smk_of_current();
-
-       if (!capable(cap))
-               return 0;
-       if (smack_onlycap == NULL || smack_onlycap == skp->smk_known)
-               return 1;
-       return 0;
-}
-
 #ifdef CONFIG_SECURITY_SMACK_PERMISSIVE_MODE
 /*
  * permissive mode