File: lsm-full-2002_02_12-2.5.4.patch

package info (click to toggle)
kernel-patch-2.5-lsm 2002.03.14-1
links: PTS
area: main
in suites: woody
size: 3,836 kB
ctags: 1
sloc: makefile: 38
file content (33434 lines) | stat: -rw-r--r-- 896,639 bytes
diff --minimal -Nru a/Documentation/DocBook/Makefile b/Documentation/DocBook/Makefile
--- a/Documentation/DocBook/Makefile	Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/Makefile	Tue Feb 12 18:59:50 2002
@@ -2,7 +2,7 @@
 	   kernel-api.sgml parportbook.sgml kernel-hacking.sgml \
 	   kernel-locking.sgml via-audio.sgml mousedrivers.sgml sis900.sgml \
 	   deviceiobook.sgml procfs-guide.sgml tulip-user.sgml \
-	   writing_usb_driver.sgml
+	   writing_usb_driver.sgml lsm.sgml
 
 PS	:=	$(patsubst %.sgml, %.ps, $(BOOKS))
 PDF	:=	$(patsubst %.sgml, %.pdf, $(BOOKS))
@@ -42,6 +42,9 @@
 $(TOPDIR)/scripts/docproc:
 	$(MAKE) -C $(TOPDIR)/scripts docproc
 
+lsm.sgml: lsm.tmpl 
+	$(TOPDIR)/scripts/docgen <$< >$@
+
 mousedrivers.sgml: mousedrivers.tmpl
 	$(TOPDIR)/scripts/docgen <$< >$@
 
@@ -125,6 +128,7 @@
 		$(TOPDIR)/kernel/printk.c \
 		$(TOPDIR)/kernel/sched.c \
 		$(TOPDIR)/kernel/sysctl.c \
+		$(TOPDIR)/security/security.c \
 		$(TOPDIR)/lib/string.c \
 		$(TOPDIR)/lib/vsprintf.c \
 		$(TOPDIR)/net/netsyms.c
diff --minimal -Nru a/Documentation/DocBook/deviceiobook.tmpl b/Documentation/DocBook/deviceiobook.tmpl
--- a/Documentation/DocBook/deviceiobook.tmpl	Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/deviceiobook.tmpl	Tue Feb 12 18:59:50 2002
@@ -224,9 +224,4 @@
 
   </chapter>
 
-  <chapter id="pubfunctions">
-     <title>Public Functions Provided</title>
-!Einclude/asm-i386/io.h
-  </chapter>
-
 </book>
diff --minimal -Nru a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl
--- a/Documentation/DocBook/kernel-api.tmpl	Tue Feb 12 18:59:50 2002
+++ b/Documentation/DocBook/kernel-api.tmpl	Tue Feb 12 18:59:50 2002
@@ -181,6 +181,11 @@
 !Efs/devfs/base.c
   </chapter>
 
+  <chapter id="security">
+     <title>Security Framework</title>
+!Esecurity/security.c
+  </chapter>
+
   <chapter id="pmfuncs">
      <title>Power Management</title>
 !Ekernel/pm.c
diff --minimal -Nru a/Documentation/DocBook/lsm.tmpl b/Documentation/DocBook/lsm.tmpl
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/Documentation/DocBook/lsm.tmpl	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,271 @@
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN"[]>
+<article class="whitepaper" id="LinuxSecurityModule" lang="en">
+ <artheader>
+ <title>Linux Security Modules:  General Security Hooks for Linux</title>
+ <authorgroup>
+ <author>
+ <firstname>Stephen</firstname> 
+ <surname>Smalley</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>ssmalley@nai.com</email></address>
+ </affiliation>
+ </author>
+ <author>
+ <firstname>Timothy</firstname> 
+ <surname>Fraser</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>tfraser@nai.com</email></address>
+ </affiliation>
+ </author>
+ <author>
+ <firstname>Chris</firstname> 
+ <surname>Vance</surname>
+ <affiliation>
+ <orgname>NAI Labs</orgname>
+ <address><email>cvance@nai.com</email></address>
+ </affiliation>
+ </author>
+ </authorgroup
+ </artheader>
+
+<sect1><title>Introduction</title>
+
+<para>
+In March 2001, the National Security Agency (NSA) gave a presentation
+about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel
+Summit.  SELinux is an implementation of flexible and fine-grained
+nondiscretionary access controls in the Linux kernel, originally
+implemented as its own particular kernel patch.  Several other
+security projects (e.g. RSBAC, Medusa) have also developed flexible
+access control architectures for the Linux kernel, and various
+projects have developed particular access control models for Linux
+(e.g. LIDS, DTE, SubDomain).  Each project has developed and
+maintained its own kernel patch to support its security needs.
+</para>
+
+<para>
+In response to the NSA presentation, Linus Torvalds made a set of
+remarks that described a security framework he would be willing to
+consider for inclusion in the mainstream Linux kernel.  He described a
+general framework that would provide a set of security hooks to
+control operations on kernel objects and a set of opaque security
+fields in kernel data structures for maintaining security attributes.
+This framework could then be used by loadable kernel modules to
+implement any desired model of security.  Linus also suggested the
+possibility of migrating the Linux capabilities code into such a
+module.
+</para>
+
+<para>
+The Linux Security Modules (LSM) project was started by WireX to
+develop such a framework.  LSM is a joint development effort by
+several security projects, including Immunix, SELinux, SGI and Janus,
+and several individuals, including Greg Kroah-Hartman and James
+Morris, to develop a Linux kernel patch that implements this
+framework.  The patch is currently tracking the 2.4 series and is
+targeted for integration into the 2.5 development series.  This
+technical report provides an overview of the framework and the example
+capabilities security module provided by the LSM kernel patch.
+</para>
+
+</sect1>
+
+<sect1 id="framework"><title>LSM Framework</title>
+
+<para>
+The LSM kernel patch provides a general kernel framework to support
+security modules.  In particular, the LSM framework is primarily
+focused on supporting access control modules, although future
+development is likely to address other security needs such as
+auditing.  By itself, the framework does not provide any additional
+security; it merely provides the infrastructure to support security
+modules.  The LSM kernel patch also moves most of the capabilities
+logic into an optional security module, with the system defaulting
+to the traditional superuser logic.  This capabilities module
+is discussed further in <XRef LinkEnd="cap">.
+</para>
+
+<para>
+The LSM kernel patch adds security fields to kernel data structures
+and inserts calls to hook functions at critical points in the kernel
+code to manage the security fields and to perform access control.  It
+also adds functions for registering and unregistering security
+modules, and adds a general <function>security</function> system call
+to support new system calls for security-aware applications.
+</para>
+
+<para>
+The LSM security fields are simply <type>void*</type> pointers.  For
+process and program execution security information, security fields
+were added to <structname>struct task_struct</structname> and 
+<structname>struct linux_binprm</structname>.  For filesystem security
+information, a security field was added to 
+<structname>struct super_block</structname>.  For pipe, file, and socket
+security information, security fields were added to 
+<structname>struct inode</structname> and 
+<structname>struct file</structname>.  For packet and network device security
+information, security fields were added to
+<structname>struct sk_buff</structname> and
+<structname>struct net_device</structname>.  For System V IPC security
+information, security fields were added to
+<structname>struct kern_ipc_perm</structname> and
+<structname>struct msg_msg</structname>; additionally, the definitions
+for <structname>struct msg_msg</structname>, <structname>struct 
+msg_queue</structname>, and <structname>struct 
+shmid_kernel</structname> were moved to header files
+(<filename>include/linux/msg.h</filename> and
+<filename>include/linux/shm.h</filename> as appropriate) to allow
+the security modules to use these definitions.
+</para>
+
+<para>
+Each LSM hook is a function pointer in a global table,
+security_ops. This table is a
+<structname>security_operations</structname> structure as defined by
+<filename>include/linux/security.h</filename>.  Detailed documentation
+for each hook is included in this header file.  At present, this
+structure consists of a collection of substructures that group related
+hooks based on the kernel object (e.g. task, inode, file, sk_buff,
+etc) as well as some top-level hook function pointers for system
+operations.  This structure is likely to be flattened in the future
+for performance.  The placement of the hook calls in the kernel code
+is described by the "called:" lines in the per-hook documentation in
+the header file.  The hook calls can also be easily found in the
+kernel code by looking for the string "security_ops->".
+
+</para>
+
+<para>
+Linus mentioned per-process security hooks in his original remarks as a
+possible alternative to global security hooks.  However, if LSM were
+to start from the perspective of per-process hooks, then the base
+framework would have to deal with how to handle operations that
+involve multiple processes (e.g. kill), since each process might have
+its own hook for controlling the operation.  This would require a
+general mechanism for composing hooks in the base framework.
+Additionally, LSM would still need global hooks for operations that
+have no process context (e.g. network input operations).
+Consequently, LSM provides global security hooks, but a security
+module is free to implement per-process hooks (where that makes sense)
+by storing a security_ops table in each process' security field and
+then invoking these per-process hooks from the global hooks.
+The problem of composition is thus deferred to the module.
+</para>
+
+<para>
+The global security_ops table is initialized to a set of hook
+functions provided by a dummy security module that provides
+traditional superuser logic.  A <function>register_security</function>
+function (in <filename>security/security.c</filename>) is provided to
+allow a security module to set security_ops to refer to its own hook
+functions, and an <function>unregister_security</function> function is
+provided to revert security_ops to the dummy module hooks.  This
+mechanism is used to set the primary security module, which is
+responsible for making the final decision for each hook.
+</para>
+
+<para>
+LSM also provides a simple mechanism for stacking additional security
+modules with the primary security module.  It defines
+<function>register_security</function> and
+<function>unregister_security</function> hooks in the
+<structname>security_operations</structname> structure and provides
+<function>mod_reg_security</function> and
+<function>mod_unreg_security</function> functions that invoke these
+hooks after performing some sanity checking.  A security module can
+call these functions in order to stack with other modules.  However,
+the actual details of how this stacking is handled are deferred to the
+module, which can implement these hooks in any way it wishes
+(including always returning an error if it does not wish to support
+stacking).  In this manner, LSM again defers the problem of
+composition to the module.
+</para>
+
+<para>
+Although the LSM hooks are organized into substructures based on
+kernel object, all of the hooks can be viewed as falling into two
+major categories: hooks that are used to manage the security fields
+and hooks that are used to perform access control.  Examples of the
+first category of hooks include the
+<function>alloc_security</function> and
+<function>free_security</function> hooks defined for each kernel data
+structure that has a security field.  These hooks are used to allocate
+and free security structures for kernel objects.  The first category
+of hooks also includes hooks that set information in the security
+field after allocation, such as the <function>post_lookup</function>
+hook in <structname>struct inode_security_ops</structname>.  This hook
+is used to set security information for inodes after successful lookup
+operations.  An example of the second category of hooks is the
+<function>permission</function> hook in 
+<structname>struct inode_security_ops</structname>.  This hook checks
+permission when accessing an inode.
+</para>
+
+<para>
+LSM adds a general <function>security</function> system call that
+simply invokes the <function>sys_security</function> hook.  This
+system call and hook permits security modules to implement new system
+calls for security-aware applications.  The interface is similar to
+socketcall, but also has an <parameter>id</parameter> to help identify
+the security module whose call is being invoked.  
+</para>
+
+</sect1>
+
+<sect1 id="cap"><title>LSM Capabilities Module</title>
+
+<para>
+The LSM kernel patch moves most of the existing POSIX.1e capabilities
+logic into an optional security module stored in the file
+<filename>security/capability.c</filename>.  This change allows
+users who do not want to use capabilities to omit this code entirely
+from their kernel, instead using the dummy module for traditional
+superuser logic or any other module that they desire.  This change
+also allows the developers of the capabilities logic to maintain and
+enhance their code more freely, without needing to integrate patches
+back into the base kernel.
+</para>
+
+<para>
+In addition to moving the capabilities logic, the LSM kernel patch
+could move the capability-related fields from the kernel data
+structures into the new security fields managed by the security
+modules.  However, at present, the LSM kernel patch leaves the
+capability fields in the kernel data structures.  In his original
+remarks, Linus suggested that this might be preferable so that other
+security modules can be easily stacked with the capabilities module
+without needing to chain multiple security structures on the security field.
+It also avoids imposing extra overhead on the capabilities module
+to manage the security fields.  However, the LSM framework could
+certainly support such a move if it is determined to be desirable,
+with only a few additional changes described below.
+</para>
+
+<para>
+At present, the capabilities logic for computing process capabilities
+on <function>execve</function> and <function>set*uid</function>,
+checking capabilities for a particular process, saving and checking
+capabilities for netlink messages, and handling the
+<function>capget</function> and <function>capset</function> system
+calls have been moved into the capabilities module.  There are still a
+few locations in the base kernel where capability-related fields are
+directly examined or modified, but the current version of the LSM
+patch does allow a security module to completely replace the
+assignment and testing of capabilities.  These few locations would
+need to be changed if the capability-related fields were moved into
+the security field.  The following is a list of known locations that
+still perform such direct examination or modification of
+capability-related fields:
+<itemizedlist>
+<listitem><para><filename>fs/open.c</filename>:<function>sys_access</function></para></listitem>
+<listitem><para><filename>fs/lockd/host.c</filename>:<function>nlm_bind_host</function></para></listitem>
+<listitem><para><filename>fs/nfsd/auth.c</filename>:<function>nfsd_setuser</function></para></listitem>
+<listitem><para><filename>fs/proc/array.c</filename>:<function>task_cap</function></para></listitem>
+</itemizedlist>
+</para>
+
+</sect1>
+
+</article>
diff --minimal -Nru a/Makefile b/Makefile
--- a/Makefile	Tue Feb 12 18:59:50 2002
+++ b/Makefile	Tue Feb 12 18:59:50 2002
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 5
 SUBLEVEL = 4
-EXTRAVERSION =
+EXTRAVERSION =-lsm
 
 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
 
@@ -118,11 +118,11 @@
 
 #export RAMDISK = -DRAMDISK=512
 
-CORE_FILES	=kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
+CORE_FILES	=kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o security/vmlinux-obj.o
 NETWORKS	=net/network.o
 
 LIBS		=$(TOPDIR)/lib/lib.a
-SUBDIRS		=kernel lib drivers mm fs net ipc
+SUBDIRS		=kernel lib drivers mm fs net ipc security
 
 DRIVERS-n :=
 DRIVERS-y :=
@@ -244,6 +244,10 @@
 
 
 include arch/$(ARCH)/Makefile
+
+# if we have a StackGuard compiler, then we need to turn off the canary death handler stuff
+CFLAGS	+= $(shell if $(CC) -fno-canary-all-functions -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-fno-canary-all-functions"; fi)
+CFLAGS	+= $(shell if $(CC) -mno-terminator-canary -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-mno-terminator-canary"; fi)
 
 export	CPPFLAGS CFLAGS AFLAGS
 
diff --minimal -Nru a/arch/i386/boot/compressed/Makefile b/arch/i386/boot/compressed/Makefile
--- a/arch/i386/boot/compressed/Makefile	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/boot/compressed/Makefile	Tue Feb 12 18:59:50 2002
@@ -11,6 +11,10 @@
 
 ZLDFLAGS = -e startup_32
 
+# if we have a StackGuard compiler, then we need to turn off the canary death handler stuff
+CFLAGS += $(shell if $(CC) -fno-canary-all-functions -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-fno-canary-all-functions"; fi)
+CFLAGS += $(shell if $(CC) -mno-terminator-canary -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then echo "-mno-terminator-canary"; fi)
+
 #
 # ZIMAGE_OFFSET is the load offset of the compression loader
 # BZIMAGE_OFFSET is the load offset of the high loaded compression loader
diff --minimal -Nru a/arch/i386/config.in b/arch/i386/config.in
--- a/arch/i386/config.in	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/config.in	Tue Feb 12 18:59:50 2002
@@ -407,4 +407,5 @@
 
 endmenu
 
+source security/Config.in
 source lib/Config.in
diff --minimal -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
--- a/arch/i386/kernel/entry.S	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/entry.S	Tue Feb 12 18:59:50 2002
@@ -683,7 +683,7 @@
 	.long SYMBOL_NAME(sys_getdents64)	/* 220 */
 	.long SYMBOL_NAME(sys_fcntl64)
 	.long SYMBOL_NAME(sys_ni_syscall)	/* reserved for TUX */
-	.long SYMBOL_NAME(sys_ni_syscall)	/* Reserved for Security */
+	.long SYMBOL_NAME(sys_security)		/* Reserved for Security */
 	.long SYMBOL_NAME(sys_gettid)
 	.long SYMBOL_NAME(sys_readahead)	/* 225 */
 	.long SYMBOL_NAME(sys_setxattr)
diff --minimal -Nru a/arch/i386/kernel/ioport.c b/arch/i386/kernel/ioport.c
--- a/arch/i386/kernel/ioport.c	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/ioport.c	Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
 #include <linux/stddef.h>
+#include <linux/security.h>
 
 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
@@ -56,11 +57,18 @@
 {
 	struct thread_struct * t = &current->thread;
 	struct tss_struct * tss = init_tss + smp_processor_id();
+	int retval;
 
 	if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
 		return -EINVAL;
 	if (turn_on && !capable(CAP_SYS_RAWIO))
 		return -EPERM;
+
+	retval = security_ops->ioperm(from, num, turn_on);
+	if (retval) {
+		return retval;
+	}
+
 	/*
 	 * If it's the first ioperm() call in this thread's lifetime, set the
 	 * IO bitmap up. ioperm() is much less timing critical than clone(),
@@ -103,6 +111,7 @@
 	struct pt_regs * regs = (struct pt_regs *) &unused;
 	unsigned int level = regs->ebx;
 	unsigned int old = (regs->eflags >> 12) & 3;
+	int retval;
 
 	if (level > 3)
 		return -EINVAL;
@@ -111,6 +120,11 @@
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
 	}
+	retval = security_ops->iopl(old, level);
+	if (retval) {
+		return retval;
+	}
+
 	regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
 	return 0;
 }
diff --minimal -Nru a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
--- a/arch/i386/kernel/process.c	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/process.c	Tue Feb 12 18:59:50 2002
@@ -55,6 +55,14 @@
 int hlt_counter;
 
 /*
+ * Return saved PC of a blocked thread.
+ */
+unsigned long thread_saved_pc(struct task_struct *tsk)
+{
+	return ((unsigned long *)tsk->thread.esp)[3];
+}
+
+/*
  * Powermanagement idle function, if any..
  */
 void (*pm_idle)(void);
diff --minimal -Nru a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
--- a/arch/i386/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
+++ b/arch/i386/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
@@ -13,6 +13,7 @@
 #include <linux/errno.h>
 #include <linux/ptrace.h>
 #include <linux/user.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -158,6 +159,9 @@
 	if (request == PTRACE_TRACEME) {
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
+			goto out;
+		ret = security_ops->ptrace(current->p_pptr, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;
diff --minimal -Nru a/arch/ia64/config.in b/arch/ia64/config.in
--- a/arch/ia64/config.in	Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/config.in	Tue Feb 12 18:59:50 2002
@@ -262,3 +262,6 @@
 fi
 
 endmenu
+
+source security/Config.in
+
diff --minimal -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
--- a/arch/ia64/ia32/sys_ia32.c	Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/ia32/sys_ia32.c	Tue Feb 12 18:59:50 2002
@@ -48,6 +48,7 @@
 #include <linux/personality.h>
 #include <linux/stat.h>
 #include <linux/ipc.h>
+#include <linux/security.h>
 
 #include <asm/types.h>
 #include <asm/uaccess.h>
@@ -3177,6 +3178,7 @@
 	unsigned int old;
 	unsigned long addr;
 	mm_segment_t old_fs = get_fs ();
+	int retval;
 
 	if (level != 3)
 		return(-EINVAL);
@@ -3186,6 +3188,11 @@
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
 	}
+	retval = security_ops->iopl(old,level);
+	if (retval) {
+		return retval;
+	}
+
 	set_fs(KERNEL_DS);
 	fd = sys_open("/dev/mem", O_SYNC | O_RDWR, 0);
 	set_fs(old_fs);
diff --minimal -Nru a/arch/ia64/kernel/entry.S b/arch/ia64/kernel/entry.S
--- a/arch/ia64/kernel/entry.S	Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/kernel/entry.S	Tue Feb 12 18:59:50 2002
@@ -1130,8 +1130,8 @@
 	data8 sys_getdents64
 	data8 sys_getunwind			// 1215
 	data8 sys_readahead
+	data8 sys_security
 	data8 sys_tkill
-	data8 ia64_ni_syscall
 	data8 ia64_ni_syscall
 	data8 ia64_ni_syscall			// 1220
 	data8 ia64_ni_syscall
diff --minimal -Nru a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
--- a/arch/ia64/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
+++ b/arch/ia64/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
 #include <linux/ptrace.h>
 #include <linux/smp_lock.h>
 #include <linux/user.h>
+#include <linux/security.h>
 
 #include <asm/pgtable.h>
 #include <asm/processor.h>
@@ -822,6 +823,9 @@
 	if (request == PTRACE_TRACEME) {
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
+			goto out;
+		ret = security_ops->ptrace(current->p_pptr, current);
+		if (ret)
 			goto out;
 		current->ptrace |= PT_PTRACED;
 		ret = 0;
diff --minimal -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c
--- a/drivers/char/tty_io.c	Tue Feb 12 18:59:50 2002
+++ b/drivers/char/tty_io.c	Tue Feb 12 18:59:50 2002
@@ -1453,6 +1453,10 @@
 		if (!waitqueue_active(&tty->read_wait))
 			tty->minimum_to_wake = 1;
 		if (filp->f_owner.pid == 0) {
+			retval = security_ops->file_ops->set_fowner(filp);
+			if (retval)
+				return retval;
+
 			filp->f_owner.pid = (-tty->pgrp) ? : current->pid;
 			filp->f_owner.uid = current->uid;
 			filp->f_owner.euid = current->euid;
diff --minimal -Nru a/fs/attr.c b/fs/attr.c
--- a/fs/attr.c	Tue Feb 12 18:59:50 2002
+++ b/fs/attr.c	Tue Feb 12 18:59:50 2002
@@ -12,6 +12,7 @@
 #include <linux/dnotify.h>
 #include <linux/fcntl.h>
 #include <linux/quotaops.h>
+#include <linux/security.h>
 
 /* Taken over from the old code... */
 
@@ -128,10 +129,14 @@
 		attr->ia_mtime = now;
 
 	lock_kernel();
-	if (inode->i_op && inode->i_op->setattr) 
-		error = inode->i_op->setattr(dentry, attr);
-	else {
+	if (inode->i_op && inode->i_op->setattr) {
+		error = security_ops->inode_ops->setattr(dentry, attr);
+		if (!error)
+			error = inode->i_op->setattr(dentry, attr);
+	} else {
 		error = inode_change_ok(inode, attr);
+		if (!error)
+			error = security_ops->inode_ops->setattr(dentry, attr);
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
diff --minimal -Nru a/fs/buffer.c b/fs/buffer.c
--- a/fs/buffer.c	Tue Feb 12 18:59:50 2002
+++ b/fs/buffer.c	Tue Feb 12 18:59:50 2002
@@ -2545,15 +2545,20 @@
 
 asmlinkage long sys_bdflush(int func, long data)
 {
+	int error;
+
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
+	error = security_ops->bdflush(func, data);
+	if( error )
+		return error;
+
 	if (func == 1) {
 		/* do_exit directly and let kupdate to do its work alone. */
 		do_exit(0);
 #if 0 /* left here as it's the only example of lazy-mm-stuff used from
 	 a syscall that doesn't care about the current mm context. */
-		int error;
 		struct mm_struct *user_mm;
 
 		/*
diff --minimal -Nru a/fs/dnotify.c b/fs/dnotify.c
--- a/fs/dnotify.c	Tue Feb 12 18:59:50 2002
+++ b/fs/dnotify.c	Tue Feb 12 18:59:50 2002
@@ -45,6 +45,7 @@
 	struct dnotify_struct **prev;
 	struct inode *inode;
 	int turning_off = (arg & ~DN_MULTISHOT) == 0;
+	int error;
 
 	if (!turning_off && !dir_notify_enable)
 		return -EINVAL;
@@ -75,6 +76,13 @@
 	}
 	if (turning_off)
 		goto out;
+
+	error = security_ops->file_ops->set_fowner(filp);
+	if (error) {
+		write_unlock(&dn_lock);
+		return error;
+	}
+
 	filp->f_owner.pid = current->pid;
 	filp->f_owner.uid = current->uid;
 	filp->f_owner.euid = current->euid;
diff --minimal -Nru a/fs/dquot.c b/fs/dquot.c
--- a/fs/dquot.c	Tue Feb 12 18:59:50 2002
+++ b/fs/dquot.c	Tue Feb 12 18:59:50 2002
@@ -1356,6 +1356,9 @@
 	error = -EIO;
 	if (!f->f_op || !f->f_op->read || !f->f_op->write)
 		goto out_f;
+	error = security_ops->quota_on(f);
+	if (error)
+		goto out_f;
 	inode = f->f_dentry->d_inode;
 	error = -EACCES;
 	if (!S_ISREG(inode->i_mode))
@@ -1449,6 +1452,10 @@
 		if (!sb)
 			goto out;
 	}
+
+	ret = security_ops->quotactl (cmds, type, id, sb);
+	if (ret)
+		goto out;
 
 	ret = -EINVAL;
 	switch (cmds) {
diff --minimal -Nru a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c	Tue Feb 12 18:59:50 2002
+++ b/fs/exec.c	Tue Feb 12 18:59:50 2002
@@ -611,6 +611,7 @@
 {
 	int mode;
 	struct inode * inode = bprm->file->f_dentry->d_inode;
+	int retval;
 
 	mode = inode->i_mode;
 	/*
@@ -640,27 +641,10 @@
 			bprm->e_gid = inode->i_gid;
 	}
 
-	/* We don't have VFS support for capabilities yet */
-	cap_clear(bprm->cap_inheritable);
-	cap_clear(bprm->cap_permitted);
-	cap_clear(bprm->cap_effective);
-
-	/*  To support inheritance of root-permissions and suid-root
-         *  executables under compatibility mode, we raise all three
-         *  capability sets for the file.
-         *
-         *  If only the real uid is 0, we only raise the inheritable
-         *  and permitted sets of the executable file.
-         */
-
-	if (!issecure(SECURE_NOROOT)) {
-		if (bprm->e_uid == 0 || current->uid == 0) {
-			cap_set_full(bprm->cap_inheritable);
-			cap_set_full(bprm->cap_permitted);
-		}
-		if (bprm->e_uid == 0) 
-			cap_set_full(bprm->cap_effective);
-	}
+	/* fill in binprm security blob */
+	retval = security_ops->bprm_ops->set_security(bprm);
+	if (retval)
+		return retval;
 
 	memset(bprm->buf,0,BINPRM_BUF_SIZE);
 	return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
@@ -683,16 +667,9 @@
 
 void compute_creds(struct linux_binprm *bprm) 
 {
-	kernel_cap_t new_permitted, working;
 	int do_unlock = 0;
 
-	new_permitted = cap_intersect(bprm->cap_permitted, cap_bset);
-	working = cap_intersect(bprm->cap_inheritable,
-				current->cap_inheritable);
-	new_permitted = cap_combine(new_permitted, working);
-
-	if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
-	    !cap_issubset(new_permitted, current->cap_permitted)) {
+	if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
                 current->mm->dumpable = 0;
 		
 		lock_kernel();
@@ -704,32 +681,17 @@
 				bprm->e_uid = current->uid;
 				bprm->e_gid = current->gid;
 			}
-			if(!capable(CAP_SETPCAP)) {
-				new_permitted = cap_intersect(new_permitted,
-							current->cap_permitted);
-			}
 		}
 		do_unlock = 1;
 	}
 
-
-	/* For init, we want to retain the capabilities set
-         * in the init_task struct. Thus we skip the usual
-         * capability rules */
-	if (current->pid != 1) {
-		current->cap_permitted = new_permitted;
-		current->cap_effective =
-			cap_intersect(new_permitted, bprm->cap_effective);
-	}
-	
-        /* AUD: Audit candidate if current->cap_effective is set */
-
         current->suid = current->euid = current->fsuid = bprm->e_uid;
         current->sgid = current->egid = current->fsgid = bprm->e_gid;
 
 	if(do_unlock)
 		unlock_kernel();
-	current->keep_capabilities = 0;
+
+	security_ops->bprm_ops->compute_creds(bprm);
 }
 
 
@@ -875,6 +837,7 @@
 	bprm.sh_bang = 0;
 	bprm.loader = 0;
 	bprm.exec = 0;
+	bprm.security = NULL;
 	if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
 		allow_write_access(file);
 		fput(file);
@@ -887,6 +850,10 @@
 		return bprm.envc;
 	}
 
+	retval = security_ops->bprm_ops->alloc_security(&bprm);
+	if (retval) 
+		goto out;
+
 	retval = prepare_binprm(&bprm);
 	if (retval < 0) 
 		goto out; 
@@ -905,9 +872,11 @@
 		goto out; 
 
 	retval = search_binary_handler(&bprm,regs);
-	if (retval >= 0)
+	if (retval >= 0) {
 		/* execve success */
+		security_ops->bprm_ops->free_security(&bprm);
 		return retval;
+	}
 
 out:
 	/* Something went wrong, return the inode and free the argument pages*/
@@ -920,6 +889,9 @@
 		if (page)
 			__free_page(page);
 	}
+
+	if (bprm.security)
+		security_ops->bprm_ops->free_security(&bprm);
 
 	return retval;
 }
diff --minimal -Nru a/fs/fcntl.c b/fs/fcntl.c
--- a/fs/fcntl.c	Tue Feb 12 18:59:50 2002
+++ b/fs/fcntl.c	Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
 #include <linux/smp_lock.h>
 #include <linux/slab.h>
 #include <linux/iobuf.h>
+#include <linux/security.h>
 
 #include <asm/poll.h>
 #include <asm/siginfo.h>
@@ -296,11 +297,11 @@
 			unlock_kernel();
 			break;
 		case F_GETLK:
-			err = fcntl_getlk(fd, (struct flock *) arg);
+			err = fcntl_getlk(filp, (struct flock *) arg);
 			break;
 		case F_SETLK:
 		case F_SETLKW:
-			err = fcntl_setlk(fd, cmd, (struct flock *) arg);
+			err = fcntl_setlk(filp, cmd, (struct flock *) arg);
 			break;
 		case F_GETOWN:
 			/*
@@ -314,6 +315,13 @@
 			break;
 		case F_SETOWN:
 			lock_kernel();
+
+			err = security_ops->file_ops->set_fowner(filp);
+			if (err) {
+				unlock_kernel();
+				break;
+			}
+
 			filp->f_owner.pid = arg;
 			filp->f_owner.uid = current->uid;
 			filp->f_owner.euid = current->euid;
@@ -362,6 +370,12 @@
 	if (!filp)
 		goto out;
 
+	err = security_ops->file_ops->fcntl(filp, cmd, arg);
+	if (err) {
+		fput(filp);
+		return err;
+	}
+
 	err = do_fcntl(fd, cmd, arg, filp);
 
  	fput(filp);
@@ -380,15 +394,20 @@
 	if (!filp)
 		goto out;
 
+	err = security_ops->file_ops->fcntl(filp, cmd, arg);
+	if (err) {
+		fput(filp);
+		return err;
+	}
+	err = -EBADF;
+	
 	switch (cmd) {
 		case F_GETLK64:
-			err = fcntl_getlk64(fd, (struct flock64 *) arg);
+			err = fcntl_getlk64(filp, (struct flock64 *) arg);
 			break;
 		case F_SETLK64:
-			err = fcntl_setlk64(fd, cmd, (struct flock64 *) arg);
-			break;
 		case F_SETLKW64:
-			err = fcntl_setlk64(fd, cmd, (struct flock64 *) arg);
+			err = fcntl_setlk64(filp, cmd, (struct flock64 *) arg);
 			break;
 		default:
 			err = do_fcntl(fd, cmd, arg, filp);
@@ -420,6 +439,10 @@
 	    (fown->euid ^ p->suid) && (fown->euid ^ p->uid) &&
 	    (fown->uid ^ p->suid) && (fown->uid ^ p->uid))
 		return;
+
+	if (security_ops->file_ops->send_sigiotask(p, fown, fd, reason))
+		return;
+
 	switch (fown->signum) {
 		siginfo_t si;
 		default:
diff --minimal -Nru a/fs/file_table.c b/fs/file_table.c
--- a/fs/file_table.c	Tue Feb 12 18:59:50 2002
+++ b/fs/file_table.c	Tue Feb 12 18:59:50 2002
@@ -13,6 +13,7 @@
 #include <linux/smp_lock.h>
 #include <linux/iobuf.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 /* sysctl tunables... */
 struct files_stat_struct files_stat = {0, 0, NR_FILE};
@@ -43,6 +44,12 @@
 		files_stat.nr_free_files--;
 	new_one:
 		memset(f, 0, sizeof(*f));
+		if (security_ops->file_ops->alloc_security(f)) {
+			list_add(&f->f_list, &free_list);
+			files_stat.nr_free_files++;
+			file_list_unlock();
+			return NULL;
+		}
 		atomic_set(&f->f_count,1);
 		f->f_version = ++event;
 		f->f_uid = current->fsuid;
@@ -112,6 +119,8 @@
 
 		if (file->f_op && file->f_op->release)
 			file->f_op->release(inode, file);
+		security_ops->file_ops->free_security (file);
+
 		fops_put(file->f_op);
 		if (file->f_mode & FMODE_WRITE)
 			put_write_access(inode);
@@ -145,6 +154,7 @@
 void put_filp(struct file *file)
 {
 	if(atomic_dec_and_test(&file->f_count)) {
+		security_ops->file_ops->free_security(file);
 		file_list_lock();
 		list_del(&file->f_list);
 		list_add(&file->f_list, &free_list);
diff --minimal -Nru a/fs/inode.c b/fs/inode.c
--- a/fs/inode.c	Tue Feb 12 18:59:50 2002
+++ b/fs/inode.c	Tue Feb 12 18:59:50 2002
@@ -17,6 +17,7 @@
 #include <linux/swapctl.h>
 #include <linux/prefetch.h>
 #include <linux/locks.h>
+#include <linux/security.h>
 
 /*
  * New inode.c implementation.
@@ -88,6 +89,14 @@
 		inode = (struct inode *) kmem_cache_alloc(inode_cachep, SLAB_KERNEL);
 
 	if (inode) {
+		inode->i_security = NULL;
+		if (security_ops->inode_ops->alloc_security(inode)) {
+			if (inode->i_sb->s_op->destroy_inode)
+				inode->i_sb->s_op->destroy_inode(inode);
+			else
+				kmem_cache_free(inode_cachep, (inode));
+			return NULL;
+		}
 		inode->i_sb = sb;
 		inode->i_dev = sb->s_dev;
 		inode->i_blkbits = sb->s_blocksize_bits;
@@ -118,6 +127,7 @@
 {
 	if (inode_has_buffers(inode))
 		BUG();
+	security_ops->inode_ops->free_security(inode);
 	if (inode->i_sb->s_op->destroy_inode)
 		inode->i_sb->s_op->destroy_inode(inode);
 	else
@@ -1055,6 +1065,8 @@
 
 			if (inode->i_data.nrpages)
 				truncate_inode_pages(&inode->i_data, 0);
+
+			security_ops->inode_ops->delete(inode);
 
 			if (op && op->delete_inode) {
 				void (*delete)(struct inode *) = op->delete_inode;
diff --minimal -Nru a/fs/ioctl.c b/fs/ioctl.c
--- a/fs/ioctl.c	Tue Feb 12 18:59:50 2002
+++ b/fs/ioctl.c	Tue Feb 12 18:59:50 2002
@@ -8,6 +8,7 @@
 #include <linux/smp_lock.h>
 #include <linux/file.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
@@ -57,6 +58,14 @@
 	if (!filp)
 		goto out;
 	error = 0;
+
+	/* Call the Linux Security Module to perform its checks. */
+	error = security_ops->file_ops->ioctl(filp, cmd, arg);
+        if (error) {
+                fput(filp);
+                goto out;
+        }
+
 	lock_kernel();
 	switch (cmd) {
 		case FIOCLEX:
diff --minimal -Nru a/fs/locks.c b/fs/locks.c
--- a/fs/locks.c	Tue Feb 12 18:59:50 2002
+++ b/fs/locks.c	Tue Feb 12 18:59:50 2002
@@ -1289,6 +1289,11 @@
 	fl->fl_next = *before;
 	*before = fl;
 	list_add(&fl->fl_link, &file_lock_list);
+
+	error = security_ops->file_ops->set_fowner(filp);
+	if (error)
+		goto out_unlock;
+
 	filp->f_owner.pid = current->pid;
 	filp->f_owner.uid = current->uid;
 	filp->f_owner.euid = current->euid;
@@ -1339,6 +1344,11 @@
 		&& !(filp->f_mode & 3))
 		goto out_putf;
 
+	error = security_ops->file_ops->lock(filp, cmd,
+					(cmd & LOCK_NB) ? 0 : 1);
+	if (error)
+		goto out_putf;
+
 	lock_kernel();
 	error = flock_lock_file(filp, type,
 				(cmd & (LOCK_UN | LOCK_NB)) ? 0 : 1);
@@ -1353,9 +1363,8 @@
 /* Report the first existing lock that would conflict with l.
  * This implements the F_GETLK command of fcntl().
  */
-int fcntl_getlk(unsigned int fd, struct flock *l)
+int fcntl_getlk(struct file *filp, struct flock *l)
 {
-	struct file *filp;
 	struct file_lock *fl, file_lock;
 	struct flock flock;
 	int error;
@@ -1367,19 +1376,14 @@
 	if ((flock.l_type != F_RDLCK) && (flock.l_type != F_WRLCK))
 		goto out;
 
-	error = -EBADF;
-	filp = fget(fd);
-	if (!filp)
-		goto out;
-
 	error = flock_to_posix_lock(filp, &file_lock, &flock);
 	if (error)
-		goto out_putf;
+		goto out;
 
 	if (filp->f_op && filp->f_op->lock) {
 		error = filp->f_op->lock(filp, F_GETLK, &file_lock);
 		if (error < 0)
-			goto out_putf;
+			goto out;
 		else if (error == LOCK_USE_CLNT)
 		  /* Bypass for NFS with no locking - 2.0.36 compat */
 		  fl = posix_test_lock(filp, &file_lock);
@@ -1399,10 +1403,10 @@
 		 */
 		error = -EOVERFLOW;
 		if (fl->fl_start > OFFT_OFFSET_MAX)
-			goto out_putf;
+			goto out;
 		if ((fl->fl_end != OFFSET_MAX)
 		    && (fl->fl_end > OFFT_OFFSET_MAX))
-			goto out_putf;
+			goto out;
 #endif
 		flock.l_start = fl->fl_start;
 		flock.l_len = fl->fl_end == OFFSET_MAX ? 0 :
@@ -1414,8 +1418,6 @@
 	if (!copy_to_user(l, &flock, sizeof(flock)))
 		error = 0;
   
-out_putf:
-	fput(filp);
 out:
 	return error;
 }
@@ -1423,12 +1425,11 @@
 /* Apply the lock described by l to an open file descriptor.
  * This implements both the F_SETLK and F_SETLKW commands of fcntl().
  */
-int fcntl_setlk(unsigned int fd, unsigned int cmd, struct flock *l)
+int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
 {
-	struct file *filp;
 	struct file_lock *file_lock = locks_alloc_lock(0);
 	struct flock flock;
-	struct inode *inode;
+	struct inode *inode = filp->f_dentry->d_inode;
 	int error;
 
 	if (file_lock == NULL)
@@ -1441,17 +1442,6 @@
 	if (copy_from_user(&flock, l, sizeof(flock)))
 		goto out;
 
-	/* Get arguments and validate them ...
-	 */
-
-	error = -EBADF;
-	filp = fget(fd);
-	if (!filp)
-		goto out;
-
-	error = -EINVAL;
-	inode = filp->f_dentry->d_inode;
-
 	/* Don't allow mandatory locks on files that may be memory mapped
 	 * and shared.
 	 */
@@ -1461,23 +1451,25 @@
 
 		if (mapping->i_mmap_shared != NULL) {
 			error = -EAGAIN;
-			goto out_putf;
+			goto out;
 		}
 	}
 
+	/* Get arguments and validate them ...
+	 */
 	error = flock_to_posix_lock(filp, file_lock, &flock);
 	if (error)
-		goto out_putf;
+		goto out;
 	
 	error = -EBADF;
 	switch (flock.l_type) {
 	case F_RDLCK:
 		if (!(filp->f_mode & FMODE_READ))
-			goto out_putf;
+			goto out;
 		break;
 	case F_WRLCK:
 		if (!(filp->f_mode & FMODE_WRITE))
-			goto out_putf;
+			goto out;
 		break;
 	case F_UNLCK:
 		break;
@@ -1495,23 +1487,26 @@
 	}
 }
 		if (!(filp->f_mode & 3))
-			goto out_putf;
+			goto out;
 		break;
 #endif
 	default:
 		error = -EINVAL;
-		goto out_putf;
+		goto out;
 	}
 
+	error = security_ops->file_ops->lock(filp, file_lock->fl_type,
+						cmd == F_SETLKW);
+	if (error)
+		goto out;
+
 	if (filp->f_op && filp->f_op->lock != NULL) {
 		error = filp->f_op->lock(filp, cmd, file_lock);
 		if (error < 0)
-			goto out_putf;
+			goto out;
 	}
 	error = posix_lock_file(filp, file_lock, cmd == F_SETLKW);
 
-out_putf:
-	fput(filp);
 out:
 	locks_free_lock(file_lock);
 	return error;
@@ -1521,9 +1516,8 @@
 /* Report the first existing lock that would conflict with l.
  * This implements the F_GETLK command of fcntl().
  */
-int fcntl_getlk64(unsigned int fd, struct flock64 *l)
+int fcntl_getlk64(struct file *filp, struct flock64 *l)
 {
-	struct file *filp;
 	struct file_lock *fl, file_lock;
 	struct flock64 flock;
 	int error;
@@ -1535,19 +1529,15 @@
 	if ((flock.l_type != F_RDLCK) && (flock.l_type != F_WRLCK))
 		goto out;
 
-	error = -EBADF;
-	filp = fget(fd);
-	if (!filp)
-		goto out;
 
 	error = flock64_to_posix_lock(filp, &file_lock, &flock);
 	if (error)
-		goto out_putf;
+		goto out;
 
 	if (filp->f_op && filp->f_op->lock) {
 		error = filp->f_op->lock(filp, F_GETLK, &file_lock);
 		if (error < 0)
-			goto out_putf;
+			goto out;
 		else if (error == LOCK_USE_CLNT)
 		  /* Bypass for NFS with no locking - 2.0.36 compat */
 		  fl = posix_test_lock(filp, &file_lock);
@@ -1570,8 +1560,6 @@
 	if (!copy_to_user(l, &flock, sizeof(flock)))
 		error = 0;
   
-out_putf:
-	fput(filp);
 out:
 	return error;
 }
@@ -1579,12 +1567,11 @@
 /* Apply the lock described by l to an open file descriptor.
  * This implements both the F_SETLK and F_SETLKW commands of fcntl().
  */
-int fcntl_setlk64(unsigned int fd, unsigned int cmd, struct flock64 *l)
+int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
 {
-	struct file *filp;
 	struct file_lock *file_lock = locks_alloc_lock(0);
 	struct flock64 flock;
-	struct inode *inode;
+	struct inode *inode = filp->f_dentry->d_inode;
 	int error;
 
 	if (file_lock == NULL)
@@ -1597,16 +1584,6 @@
 	if (copy_from_user(&flock, l, sizeof(flock)))
 		goto out;
 
-	/* Get arguments and validate them ...
-	 */
-
-	error = -EBADF;
-	filp = fget(fd);
-	if (!filp)
-		goto out;
-
-	error = -EINVAL;
-	inode = filp->f_dentry->d_inode;
 
 	/* Don't allow mandatory locks on files that may be memory mapped
 	 * and shared.
@@ -1617,23 +1594,25 @@
 
 		if (mapping->i_mmap_shared != NULL) {
 			error = -EAGAIN;
-			goto out_putf;
+			goto out;
 		}
 	}
 
+	/* Get arguments and validate them ...
+	 */
 	error = flock64_to_posix_lock(filp, file_lock, &flock);
 	if (error)
-		goto out_putf;
+		goto out;
 	
 	error = -EBADF;
 	switch (flock.l_type) {
 	case F_RDLCK:
 		if (!(filp->f_mode & FMODE_READ))
-			goto out_putf;
+			goto out;
 		break;
 	case F_WRLCK:
 		if (!(filp->f_mode & FMODE_WRITE))
-			goto out_putf;
+			goto out;
 		break;
 	case F_UNLCK:
 		break;
@@ -1641,18 +1620,21 @@
 	case F_EXLCK:
 	default:
 		error = -EINVAL;
-		goto out_putf;
+		goto out;
 	}
 
+	error = security_ops->file_ops->lock(filp, file_lock->fl_type,
+						cmd == F_SETLKW64);
+	if (error)
+		goto out;
+
 	if (filp->f_op && filp->f_op->lock != NULL) {
 		error = filp->f_op->lock(filp, cmd, file_lock);
 		if (error < 0)
-			goto out_putf;
+			goto out;
 	}
 	error = posix_lock_file(filp, file_lock, cmd == F_SETLKW64);
 
-out_putf:
-	fput(filp);
 out:
 	locks_free_lock(file_lock);
 	return error;
diff --minimal -Nru a/fs/namei.c b/fs/namei.c
--- a/fs/namei.c	Tue Feb 12 18:59:50 2002
+++ b/fs/namei.c	Tue Feb 12 18:59:50 2002
@@ -22,6 +22,7 @@
 #include <linux/dnotify.h>
 #include <linux/smp_lock.h>
 #include <linux/personality.h>
+#include <linux/security.h>
 
 #include <asm/namei.h>
 #include <asm/uaccess.h>
@@ -198,14 +199,23 @@
 
 int permission(struct inode * inode,int mask)
 {
+	int retval;
+	int submask;
+
+	/* Ordinary permission routines do not understand MAY_APPEND. */
+	submask = mask & ~MAY_APPEND;
+
 	if (inode->i_op && inode->i_op->permission) {
-		int retval;
 		lock_kernel();
-		retval = inode->i_op->permission(inode, mask);
+		retval = inode->i_op->permission(inode, submask);
 		unlock_kernel();
-		return retval;
+	} else {
+		retval = vfs_permission(inode, submask);
 	}
-	return vfs_permission(inode, mask);
+	if (retval)
+		return retval;
+
+	return security_ops->inode_ops->permission(inode, mask);
 }
 
 /*
@@ -304,8 +314,10 @@
 			unlock_kernel();
 			if (result)
 				dput(dentry);
-			else
+			else {
 				result = dentry;
+				security_ops->inode_ops->post_lookup(dir, result);
+			}
 		}
 		up(&dir->i_sem);
 		return result;
@@ -334,7 +346,7 @@
  */
 static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
-	int err;
+	int err = -ELOOP;
 	if (current->link_count >= 5)
 		goto loop;
 	if (current->total_link_count >= 40)
@@ -343,6 +355,9 @@
 		current->state = TASK_RUNNING;
 		schedule();
 	}
+	err = security_ops->inode_ops->follow_link(dentry, nd);
+	if (err)
+		goto loop;
 	current->link_count++;
 	current->total_link_count++;
 	UPDATE_ATIME(dentry->d_inode);
@@ -351,7 +366,7 @@
 	return err;
 loop:
 	path_release(nd);
-	return -ELOOP;
+	return err;
 }
 
 static inline int __follow_up(struct vfsmount **mnt, struct dentry **base)
@@ -776,9 +791,10 @@
 		lock_kernel();
 		dentry = inode->i_op->lookup(inode, new);
 		unlock_kernel();
-		if (!dentry)
+		if (!dentry) {
 			dentry = new;
-		else
+			security_ops->inode_ops->post_lookup(inode, dentry);
+		} else
 			dput(new);
 	}
 out:
@@ -947,14 +963,20 @@
 	if (!dir->i_op || !dir->i_op->create)
 		goto exit_lock;
 
+	error = security_ops->inode_ops->create(dir, dentry, mode);
+	if (error)
+		goto exit_lock;
+
 	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->create(dir, dentry, mode);
 	unlock_kernel();
 exit_lock:
 	up(&dir->i_zombie);
-	if (!error)
+	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
+		security_ops->inode_ops->post_create(dir, dentry, mode);
+	}
 	return error;
 }
 
@@ -982,6 +1004,11 @@
 
 	acc_mode = ACC_MODE(flag);
 
+	/* Allow the LSM permission hook to distinguish append 
+	   access from general write access. */
+	if (flag & O_APPEND)
+		acc_mode |= MAY_APPEND;
+
 	/*
 	 * The simplest case - just a plain lookup.
 	 */
@@ -1160,6 +1187,9 @@
 	 * stored in nd->last.name and we will have to putname() it when we
 	 * are done. Procfs-like symlinks just set LAST_BIND.
 	 */
+	error = security_ops->inode_ops->follow_link(dentry, nd);
+	if (error)
+		goto exit_dput;
 	UPDATE_ATIME(dentry->d_inode);
 	error = dentry->d_inode->i_op->follow_link(dentry, nd);
 	dput(dentry);
@@ -1226,14 +1256,20 @@
 	if (!dir->i_op || !dir->i_op->mknod)
 		goto exit_lock;
 
+	error = security_ops->inode_ops->mknod(dir, dentry, mode, dev);
+	if (error)
+		goto exit_lock;
+
 	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->mknod(dir, dentry, mode, dev);
 	unlock_kernel();
 exit_lock:
 	up(&dir->i_zombie);
-	if (!error)
+	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
+		security_ops->inode_ops->post_mknod(dir, dentry, mode, dev);
+	}
 	return error;
 }
 
@@ -1295,16 +1331,22 @@
 	if (!dir->i_op || !dir->i_op->mkdir)
 		goto exit_lock;
 
-	DQUOT_INIT(dir);
 	mode &= (S_IRWXUGO|S_ISVTX);
+	error = security_ops->inode_ops->mkdir(dir, dentry, mode);
+	if (error)
+		goto exit_lock;
+
+	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->mkdir(dir, dentry, mode);
 	unlock_kernel();
 
 exit_lock:
 	up(&dir->i_zombie);
-	if (!error)
+	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
+		security_ops->inode_ops->post_mkdir(dir,dentry, mode);
+	}
 	return error;
 }
 
@@ -1387,11 +1429,14 @@
 	else if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		lock_kernel();
-		error = dir->i_op->rmdir(dir, dentry);
-		unlock_kernel();
-		if (!error)
-			dentry->d_inode->i_flags |= S_DEAD;
+		error = security_ops->inode_ops->rmdir(dir, dentry);
+		if (!error) {
+			lock_kernel();
+			error = dir->i_op->rmdir(dir, dentry);
+			unlock_kernel();
+			if (!error)
+				dentry->d_inode->i_flags |= S_DEAD;
+		}
 	}
 	double_up(&dir->i_zombie, &dentry->d_inode->i_zombie);
 	if (!error) {
@@ -1458,11 +1503,14 @@
 			if (d_mountpoint(dentry))
 				error = -EBUSY;
 			else {
-				lock_kernel();
-				error = dir->i_op->unlink(dir, dentry);
-				unlock_kernel();
-				if (!error)
-					d_delete(dentry);
+				error = security_ops->inode_ops->unlink(dir, dentry);
+				if (!error) {
+					lock_kernel();
+					error = dir->i_op->unlink(dir, dentry);
+					unlock_kernel();
+					if (!error)
+						d_delete(dentry);
+				}
 			}
 		}
 	}
@@ -1528,6 +1576,10 @@
 	if (!dir->i_op || !dir->i_op->symlink)
 		goto exit_lock;
 
+	error = security_ops->inode_ops->symlink(dir, dentry, oldname);
+	if (error)
+		goto exit_lock;
+
 	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->symlink(dir, dentry, oldname);
@@ -1535,8 +1587,10 @@
 
 exit_lock:
 	up(&dir->i_zombie);
-	if (!error)
+	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
+		security_ops->inode_ops->post_symlink(dir, dentry, oldname);
+	}
 	return error;
 }
 
@@ -1602,6 +1656,10 @@
 	if (!dir->i_op || !dir->i_op->link)
 		goto exit_lock;
 
+	error = security_ops->inode_ops->link(old_dentry, dir, new_dentry);
+	if (error)
+		goto exit_lock;
+
 	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->link(old_dentry, dir, new_dentry);
@@ -1609,8 +1667,10 @@
 
 exit_lock:
 	up(&dir->i_zombie);
-	if (!error)
+	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
+		security_ops->inode_ops->post_link(old_dentry, dir, new_dentry);
+	}
 	return error;
 }
 
@@ -1731,6 +1791,10 @@
 	if (error)
 		return error;
 
+	error = security_ops->inode_ops->rename(old_dir, old_dentry, new_dir, new_dentry);
+	if (error)
+		return error;
+
 	DQUOT_INIT(old_dir);
 	DQUOT_INIT(new_dir);
 	down(&old_dir->i_sb->s_vfs_rename_sem);
@@ -1769,8 +1833,11 @@
 		double_up(&old_dir->i_zombie,
 			  &new_dir->i_zombie);
 		
-	if (!error)
+	if (!error) {
 		d_move(old_dentry,new_dentry);
+		security_ops->inode_ops->post_rename(old_dir, old_dentry,
+							new_dir, new_dentry);
+	}
 out_unlock:
 	up(&old_dir->i_sb->s_vfs_rename_sem);
 	return error;
@@ -1801,6 +1868,10 @@
 	if (!old_dir->i_op || !old_dir->i_op->rename)
 		return -EPERM;
 
+	error = security_ops->inode_ops->rename(old_dir, old_dentry, new_dir, new_dentry);
+	if (error)
+		return error;
+
 	DQUOT_INIT(old_dir);
 	DQUOT_INIT(new_dir);
 	double_down(&old_dir->i_zombie, &new_dir->i_zombie);
@@ -1815,6 +1886,7 @@
 	if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) {
 		d_move(old_dentry, new_dentry);
 	}
+	security_ops->inode_ops->post_rename(old_dir, old_dentry, new_dir, new_dentry);
 	return 0;
 }
 
diff --minimal -Nru a/fs/namespace.c b/fs/namespace.c
--- a/fs/namespace.c	Tue Feb 12 18:59:50 2002
+++ b/fs/namespace.c	Tue Feb 12 18:59:50 2002
@@ -287,6 +287,10 @@
 	struct super_block * sb = mnt->mnt_sb;
 	int retval = 0;
 
+	retval = security_ops->sb_ops->umount(mnt, flags);
+	if (retval)
+		return retval;
+
 	/*
 	 * If we may have to abort operations to get out of this
 	 * mount, and they will themselves hold resources we must
@@ -336,6 +340,7 @@
 		DQUOT_OFF(sb);
 		acct_auto_close(sb);
 		unlock_kernel();
+		security_ops->sb_ops->umount_close(mnt);
 		spin_lock(&dcache_lock);
 	}
 	retval = -EBUSY;
@@ -345,6 +350,8 @@
 		retval = 0;
 	}
 	spin_unlock(&dcache_lock);
+	if (retval)
+		security_ops->sb_ops->umount_busy(mnt);
 	up_write(&current->namespace->sem);
 	return retval;
 }
@@ -470,6 +477,10 @@
 	if (IS_DEADDIR(nd->dentry->d_inode))
 		goto out_unlock;
 
+	err = security_ops->sb_ops->check_sb(mnt, nd);
+	if (err)
+		goto out_unlock;
+
 	spin_lock(&dcache_lock);
 	if (IS_ROOT(nd->dentry) || !d_unhashed(nd->dentry)) {
 		struct list_head head;
@@ -482,6 +493,8 @@
 	spin_unlock(&dcache_lock);
 out_unlock:
 	up(&nd->dentry->d_inode->i_zombie);
+	if (!err)
+		security_ops->sb_ops->post_addmount(mnt, nd);
 	return err;
 }
 
@@ -552,6 +565,8 @@
 	if (!err)
 		nd->mnt->mnt_flags=mnt_flags;
 	up_write(&sb->s_umount);
+	if (!err)
+		security_ops->sb_ops->post_remount(nd->mnt, flags, data);
 	return err;
 }
 
@@ -736,6 +751,10 @@
 	if (retval)
 		return retval;
 
+	retval = security_ops->sb_ops->mount(dev_name, &nd, type_page, flags, data_page);
+	if (retval)
+		goto dput_out;
+
 	if (flags & MS_REMOUNT)
 		retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
 				    data_page);
@@ -746,6 +765,7 @@
 	else
 		retval = do_add_mount(&nd, type_page, flags, mnt_flags,
 				      dev_name, data_page);
+dput_out:
 	path_release(&nd);
 	return retval;
 }
diff --minimal -Nru a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
--- a/fs/nfsd/nfsctl.c	Tue Feb 12 18:59:50 2002
+++ b/fs/nfsd/nfsctl.c	Tue Feb 12 18:59:50 2002
@@ -234,6 +234,10 @@
 		goto done;
 	}
 
+	err = security_ops->nfsservctl(cmd, arg);
+	if (err)
+		goto done;
+
 	switch(cmd) {
 	case NFSCTL_SVC:
 		err = nfsctl_svc(&arg->ca_svc);
diff --minimal -Nru a/fs/open.c b/fs/open.c
--- a/fs/open.c	Tue Feb 12 18:59:50 2002
+++ b/fs/open.c	Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
 #include <linux/slab.h>
 #include <linux/tty.h>
 #include <linux/iobuf.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -28,6 +29,9 @@
 		retval = -ENOSYS;
 		if (sb->s_op && sb->s_op->statfs) {
 			memset(buf, 0, sizeof(struct statfs));
+			retval = security_ops->sb_ops->statfs(sb);
+			if (retval)
+				return retval;
 			lock_kernel();
 			retval = sb->s_op->statfs(sb, buf);
 			unlock_kernel();
diff --minimal -Nru a/fs/proc/base.c b/fs/proc/base.c
--- a/fs/proc/base.c	Tue Feb 12 18:59:50 2002
+++ b/fs/proc/base.c	Tue Feb 12 18:59:50 2002
@@ -336,7 +336,7 @@
 };
 
 #define MAY_PTRACE(p) \
-(p==current||(p->p_pptr==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED))
+(p==current||(p->p_pptr==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
 
 
 static int mem_open(struct inode* inode, struct file* file)
diff --minimal -Nru a/fs/read_write.c b/fs/read_write.c
--- a/fs/read_write.c	Tue Feb 12 18:59:50 2002
+++ b/fs/read_write.c	Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
 #include <linux/uio.h>
 #include <linux/smp_lock.h>
 #include <linux/dnotify.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -125,6 +126,13 @@
 	file = fget(fd);
 	if (!file)
 		goto bad;
+
+	retval = security_ops->file_ops->llseek(file);
+	if (retval) {
+		fput(file);
+		goto bad;
+	}
+
 	retval = -EINVAL;
 	if (origin <= 2) {
 		loff_t res = llseek(file, offset, origin);
@@ -150,6 +158,11 @@
 	file = fget(fd);
 	if (!file)
 		goto bad;
+
+	retval = security_ops->file_ops->llseek(file);
+	if (retval)
+		goto out_putf;
+
 	retval = -EINVAL;
 	if (origin > 2)
 		goto out_putf;
@@ -184,8 +197,11 @@
 			if (!ret) {
 				ssize_t (*read)(struct file *, char *, size_t, loff_t *);
 				ret = -EINVAL;
-				if (file->f_op && (read = file->f_op->read) != NULL)
-					ret = read(file, buf, count, &file->f_pos);
+				if (file->f_op && (read = file->f_op->read) != NULL) {
+					ret = security_ops->file_ops->permission (file, MAY_READ);
+					if (!ret)
+						ret = read(file, buf, count, &file->f_pos);
+				}
 			}
 		}
 		if (ret > 0)
@@ -211,8 +227,11 @@
 			if (!ret) {
 				ssize_t (*write)(struct file *, const char *, size_t, loff_t *);
 				ret = -EINVAL;
-				if (file->f_op && (write = file->f_op->write) != NULL)
-					ret = write(file, buf, count, &file->f_pos);
+				if (file->f_op && (write = file->f_op->write) != NULL) {
+					ret = security_ops->file_ops->permission (file, MAY_WRITE);
+					if (!ret)
+						ret = write(file, buf, count, &file->f_pos);
+				}
 			}
 		}
 		if (ret > 0)
@@ -338,8 +357,11 @@
 	if (!file)
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_READ) &&
-	    (file->f_op->readv || file->f_op->read))
-		ret = do_readv_writev(VERIFY_WRITE, file, vector, count);
+	    (file->f_op->readv || file->f_op->read)) {
+		ret = security_ops->file_ops->permission (file, MAY_READ);
+		if (!ret)
+			ret = do_readv_writev(VERIFY_WRITE, file, vector, count);
+	}
 	fput(file);
 
 bad_file:
@@ -358,8 +380,11 @@
 	if (!file)
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_WRITE) &&
-	    (file->f_op->writev || file->f_op->write))
-		ret = do_readv_writev(VERIFY_READ, file, vector, count);
+	    (file->f_op->writev || file->f_op->write)) {
+		ret = security_ops->file_ops->permission (file, MAY_WRITE);
+		if (!ret)
+			ret = do_readv_writev(VERIFY_READ, file, vector, count);
+	}
 	fput(file);
 
 bad_file:
@@ -392,6 +417,11 @@
 		goto out;
 	if (pos < 0)
 		goto out;
+
+	ret = security_ops->file_ops->permission (file, MAY_READ);
+	if (ret)
+		goto out;
+
 	ret = read(file, buf, count, &pos);
 	if (ret > 0)
 		inode_dir_notify(file->f_dentry->d_parent->d_inode, DN_ACCESS);
@@ -422,6 +452,10 @@
 	if (!file->f_op || !(write = file->f_op->write))
 		goto out;
 	if (pos < 0)
+		goto out;
+
+	ret = security_ops->file_ops->permission (file, MAY_WRITE);
+	if (ret)
 		goto out;
 
 	ret = write(file, buf, count, &pos);
diff --minimal -Nru a/fs/readdir.c b/fs/readdir.c
--- a/fs/readdir.c	Tue Feb 12 18:59:50 2002
+++ b/fs/readdir.c	Tue Feb 12 18:59:50 2002
@@ -20,6 +20,11 @@
 	int res = -ENOTDIR;
 	if (!file->f_op || !file->f_op->readdir)
 		goto out;
+
+	res = security_ops->file_ops->permission(file, MAY_READ);
+	if (res)
+		goto out;
+
 	down(&inode->i_sem);
 	down(&inode->i_zombie);
 	res = -ENOENT;
diff --minimal -Nru a/fs/stat.c b/fs/stat.c
--- a/fs/stat.c	Tue Feb 12 18:59:50 2002
+++ b/fs/stat.c	Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
 #include <linux/smp_lock.h>
 #include <linux/highuid.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -20,9 +21,14 @@
 static __inline__ int
 do_revalidate(struct dentry *dentry)
 {
+	int error;
 	struct inode * inode = dentry->d_inode;
-	if (inode->i_op && inode->i_op->revalidate)
+	if (inode->i_op && inode->i_op->revalidate) {
+		error = security_ops->inode_ops->revalidate(dentry);
+		if (error)
+			return error;
 		return inode->i_op->revalidate(dentry);
+	}
 	return 0;
 }
 
@@ -36,6 +42,10 @@
 	if (res)
 		return res;
 
+	res = security_ops->inode_ops->stat(inode);
+	if (res)
+		return res;
+
 	stat->dev = kdev_t_to_nr(inode->i_dev);
 	stat->ino = inode->i_ino;
 	stat->mode = inode->i_mode;
@@ -267,8 +277,11 @@
 		error = -EINVAL;
 		if (inode->i_op && inode->i_op->readlink &&
 		    !(error = do_revalidate(nd.dentry))) {
-			UPDATE_ATIME(inode);
-			error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
+			error = security_ops->inode_ops->readlink(nd.dentry);
+			if (!error) {
+				UPDATE_ATIME(inode);
+				error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
+			}
 		}
 		path_release(&nd);
 	}
diff --minimal -Nru a/fs/super.c b/fs/super.c
--- a/fs/super.c	Tue Feb 12 18:59:50 2002
+++ b/fs/super.c	Tue Feb 12 18:59:50 2002
@@ -30,6 +30,8 @@
 
 #include <asm/uaccess.h>
 
+#include <linux/security.h>
+
 #include <linux/kmod.h>
 #define __NO_VERSION__
 #include <linux/module.h>
@@ -265,6 +267,11 @@
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
+		if (security_ops->sb_ops->alloc_security(s)) {
+			kfree(s);
+			s = NULL;
+			goto out;
+		}
 		INIT_LIST_HEAD(&s->s_dirty);
 		INIT_LIST_HEAD(&s->s_locked_inodes);
 		INIT_LIST_HEAD(&s->s_files);
@@ -280,6 +287,7 @@
 		sema_init(&s->s_dquot.dqoff_sem, 1);
 		s->s_maxbytes = MAX_NON_LFS;
 	}
+out:
 	return s;
 }
 
@@ -291,6 +299,7 @@
  */
 static inline void destroy_super(struct super_block *s)
 {
+	security_ops->sb_ops->free_security(s);
 	kfree(s);
 }
 
diff --minimal -Nru a/fs/xattr.c b/fs/xattr.c
--- a/fs/xattr.c	Tue Feb 12 18:59:50 2002
+++ b/fs/xattr.c	Tue Feb 12 18:59:50 2002
@@ -82,11 +82,16 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
+		error = security_ops->inode_ops->setxattr(d, kname, kvalue,
+				size, flags);
+		if (error)
+			goto out;
 		lock_kernel();
 		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
 		unlock_kernel();
 	}
 
+out:
 	xattr_free(kvalue, size);
 	return error;
 }
@@ -153,6 +158,9 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
+		error = security_ops->inode_ops->getxattr(d, kname);
+		if (error)
+			goto out;
 		lock_kernel();
 		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
 		unlock_kernel();
@@ -161,6 +169,7 @@
 	if (kvalue && error > 0)
 		if (copy_to_user(value, kvalue, size))
 			error = -EFAULT;
+out:
 	xattr_free(kvalue, size);
 	return error;
 }
@@ -222,6 +231,9 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
+		error = security_ops->inode_ops->listxattr(d);
+		if (error)
+			goto out;
 		lock_kernel();
 		error = d->d_inode->i_op->listxattr(d, klist, size);
 		unlock_kernel();
@@ -230,6 +242,7 @@
 	if (klist && error > 0)
 		if (copy_to_user(list, klist, size))
 			error = -EFAULT;
+out:
 	xattr_free(klist, size);
 	return error;
 }
@@ -291,10 +304,14 @@
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
+		error = security_ops->inode_ops->removexattr(d, kname);
+		if (error)
+			goto out;
 		lock_kernel();
 		error = d->d_inode->i_op->removexattr(d, kname);
 		unlock_kernel();
 	}
+out:
 	return error;
 }
 
diff --minimal -Nru a/include/asm-i386/processor.h b/include/asm-i386/processor.h
--- a/include/asm-i386/processor.h	Tue Feb 12 18:59:50 2002
+++ b/include/asm-i386/processor.h	Tue Feb 12 18:59:50 2002
@@ -435,14 +435,7 @@
 /* Copy and release all segment info associated with a VM */
 extern void copy_segments(struct task_struct *p, struct mm_struct * mm);
 extern void release_segments(struct mm_struct * mm);
-
-/*
- * Return saved PC of a blocked thread.
- */
-static inline unsigned long thread_saved_pc(struct task_struct *tsk)
-{
-	return ((unsigned long *)tsk->thread->esp)[3];
-}
+extern unsigned long thread_saved_pc(struct task_struct *tsk);
 
 unsigned long get_wchan(struct task_struct *p);
 #define KSTK_EIP(tsk)	(((unsigned long *)(4096+(unsigned long)(tsk)->thread_info))[1019])
diff --minimal -Nru a/include/asm-i386/smplock.h b/include/asm-i386/smplock.h
--- a/include/asm-i386/smplock.h	Tue Feb 12 18:59:50 2002
+++ b/include/asm-i386/smplock.h	Tue Feb 12 18:59:50 2002
@@ -15,7 +15,7 @@
 #else
 #ifdef CONFIG_PREEMPT
 #define kernel_locked()		preempt_get_count()
-#define global_irq_holder	0
+#define global_irq_holder	0xFF	/* XXX: NO_PROC_ID */
 #else
 #define kernel_locked()		1
 #endif
diff --minimal -Nru a/include/linux/binfmts.h b/include/linux/binfmts.h
--- a/include/linux/binfmts.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/binfmts.h	Tue Feb 12 18:59:50 2002
@@ -27,6 +27,7 @@
 	struct file * file;
 	int e_uid, e_gid;
 	kernel_cap_t cap_inheritable, cap_permitted, cap_effective;
+	void *security;
 	int argc, envc;
 	char * filename;	/* Name of binary */
 	unsigned long loader, exec;
diff --minimal -Nru a/include/linux/fs.h b/include/linux/fs.h
--- a/include/linux/fs.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/fs.h	Tue Feb 12 18:59:50 2002
@@ -70,6 +70,7 @@
 #define MAY_EXEC 1
 #define MAY_WRITE 2
 #define MAY_READ 4
+#define MAY_APPEND 8
 
 #define FMODE_READ 1
 #define FMODE_WRITE 2
@@ -450,6 +451,7 @@
 
 	atomic_t		i_writecount;
 	unsigned int		i_attr_flags;
+	void			*i_security;
 	__u32			i_generation;
 	union {
 		/* struct umsdos_inode_info	umsdos_i; */
@@ -483,6 +485,7 @@
 	int pid;		/* pid or -pgrp where SIGIO should be sent */
 	uid_t uid, euid;	/* uid/euid of process setting the owner */
 	int signum;		/* posix.1b rt signal to be delivered on IO */
+	void *security;
 };
 
 struct file {
@@ -500,6 +503,7 @@
 	int			f_error;
 
 	unsigned long		f_version;
+	void			*f_security;
 
 	/* needed for tty driver, and maybe others */
 	void			*private_data;
@@ -581,11 +585,11 @@
 
 #include <linux/fcntl.h>
 
-extern int fcntl_getlk(unsigned int, struct flock *);
-extern int fcntl_setlk(unsigned int, unsigned int, struct flock *);
+extern int fcntl_getlk(struct file *, struct flock *);
+extern int fcntl_setlk(struct file *, unsigned int, struct flock *);
 
-extern int fcntl_getlk64(unsigned int, struct flock64 *);
-extern int fcntl_setlk64(unsigned int, unsigned int, struct flock64 *);
+extern int fcntl_getlk64(struct file *, struct flock64 *);
+extern int fcntl_setlk64(struct file *, unsigned int, struct flock64 *);
 
 /* fs/locks.c */
 extern void locks_init_lock(struct file_lock *);
@@ -693,6 +697,7 @@
 	struct semaphore	s_lock;
 	int			s_count;
 	atomic_t		s_active;
+	void                    *s_security;
 
 	struct list_head	s_dirty;	/* dirty inodes */
 	struct list_head	s_locked_inodes;/* inodes being synced */
diff --minimal -Nru a/include/linux/input.h b/include/linux/input.h
--- a/include/linux/input.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/input.h	Tue Feb 12 18:59:50 2002
@@ -490,7 +490,7 @@
 #define BUS_USB			0x03
 #define BUS_HIL			0x04
 
-#define BUS_ISA			0x10
+/* #define BUS_ISA			0x10   conflicts with sysctl.h */
 #define BUS_I8042		0x11
 #define BUS_XTKBD		0x12
 #define BUS_RS232		0x13
diff --minimal -Nru a/include/linux/ip.h b/include/linux/ip.h
--- a/include/linux/ip.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/ip.h	Tue Feb 12 18:59:50 2002
@@ -58,6 +58,7 @@
 #define IPOPT_SEC	(2 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_LSRR	(3 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_TIMESTAMP	(4 |IPOPT_MEASUREMENT)
+#define IPOPT_CIPSO	(6 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_RR	(7 |IPOPT_CONTROL)
 #define IPOPT_SID	(8 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_SSRR	(9 |IPOPT_CONTROL|IPOPT_COPY)
diff --minimal -Nru a/include/linux/ipc.h b/include/linux/ipc.h
--- a/include/linux/ipc.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/ipc.h	Tue Feb 12 18:59:50 2002
@@ -63,6 +63,7 @@
 	gid_t		cgid;
 	mode_t		mode; 
 	unsigned long	seq;
+	void		*security;
 };
 
 #endif /* __KERNEL__ */
diff --minimal -Nru a/include/linux/msg.h b/include/linux/msg.h
--- a/include/linux/msg.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/msg.h	Tue Feb 12 18:59:50 2002
@@ -63,6 +63,36 @@
 
 #ifdef __KERNEL__
 
+/* one msg_msg structure for each message */
+struct msg_msg {
+	struct list_head m_list; 
+	long  m_type;          
+	int m_ts;           /* message text size */
+	struct msg_msgseg* next;
+	void *security;
+	/* the actual message follows immediately */
+};
+
+#define DATALEN_MSG	(PAGE_SIZE-sizeof(struct msg_msg))
+#define DATALEN_SEG	(PAGE_SIZE-sizeof(struct msg_msgseg))
+
+/* one msq_queue structure for each present queue on the system */
+struct msg_queue {
+	struct kern_ipc_perm q_perm;
+	time_t q_stime;			/* last msgsnd time */
+	time_t q_rtime;			/* last msgrcv time */
+	time_t q_ctime;			/* last change time */
+	unsigned long q_cbytes;		/* current number of bytes on queue */
+	unsigned long q_qnum;		/* number of messages in queue */
+	unsigned long q_qbytes;		/* max number of bytes on queue */
+	pid_t q_lspid;			/* pid of last msgsnd */
+	pid_t q_lrpid;			/* last receive pid */
+
+	struct list_head q_messages;
+	struct list_head q_receivers;
+	struct list_head q_senders;
+};
+
 asmlinkage long sys_msgget (key_t key, int msgflg);
 asmlinkage long sys_msgsnd (int msqid, struct msgbuf *msgp, size_t msgsz, int msgflg);
 asmlinkage long sys_msgrcv (int msqid, struct msgbuf *msgp, size_t msgsz, long msgtyp, int msgflg);
diff --minimal -Nru a/include/linux/netdevice.h b/include/linux/netdevice.h
--- a/include/linux/netdevice.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/netdevice.h	Tue Feb 12 18:59:50 2002
@@ -419,6 +419,7 @@
 	/* this will get initialized at each interface type init routine */
 	struct divert_blk	*divert;
 #endif /* CONFIG_NET_DIVERT */
+	void			*security;
 };
 
 
diff --minimal -Nru a/include/linux/sched.h b/include/linux/sched.h
--- a/include/linux/sched.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/sched.h	Tue Feb 12 18:59:50 2002
@@ -339,6 +339,8 @@
 	void *notifier_data;
 	sigset_t *notifier_mask;
 	
+	void *security;
+
 /* Thread group tracking */
    	u32 parent_exec_id;
    	u32 self_exec_id;
@@ -650,7 +652,9 @@
  * New privilege checks should use this interface, rather than suser() or
  * fsuser(). See include/linux/capability.h for defined capabilities.
  */
-
+/* capable prototype and code moved to security.[hc] */
+#include <linux/security.h>
+#if 0
 static inline int capable(int cap)
 {
 #if 1 /* ok now */
@@ -664,6 +668,7 @@
 	}
 	return 0;
 }
+#endif	/* if 0 */
 
 /*
  * Routines for handling mm_structs
diff --minimal -Nru a/include/linux/security.h b/include/linux/security.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/include/linux/security.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1480 @@
+/*
+ * Linux Security plug
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
+ * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	Due to this file being licensed under the GPL there is controversy over
+ *	whether this permits you to write a module that #includes this file
+ *	without placing your module under the GPL.  Please consult a lawyer for
+ *	advice before doing this.
+ *
+ */
+
+#ifndef __LINUX_SECURITY_H
+#define __LINUX_SECURITY_H
+
+#ifdef __KERNEL__
+
+#include <linux/fs.h>
+#include <linux/binfmts.h>
+#include <linux/signal.h>
+#include <linux/resource.h>
+#include <linux/sem.h>
+#include <linux/sysctl.h>
+#include <linux/shm.h>
+#include <linux/msg.h>
+
+
+/*
+ * Values used in the task_security_ops calls
+ */
+/* setuid or setgid, id0 == uid or gid */
+#define LSM_SETID_ID	1
+
+/* setreuid or setregid, id0 == real, id1 == eff */
+#define LSM_SETID_RE	2
+
+/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
+#define LSM_SETID_RES	4
+
+/* setfsuid or setfsgid, id0 == fsuid or fsgid */
+#define LSM_SETID_FS	8
+
+/**
+ * struct binprm_security_ops - Security hooks for program execution operations.
+ * @alloc_security:
+ *	Allocate and attach a security structure to the @bprm->security field.
+ *	The security field is initialized to NULL when the bprm structure is
+ *	allocated.
+ *	@bprm contains the linux_binprm structure to be modified.
+ *	Return 0 if operation was successful.
+ * @free_security:
+ *	@bprm contains the linux_binprm structure to be modified.
+ *	Deallocate and clear the @bprm->security field.
+ * @compute_creds:
+ *	Compute and set the security attributes of a process being transformed
+ *	by an execve operation based on the old attributes (current->security)
+ *	and the information saved in @bprm->security by the set_security hook.
+ *	Since this hook function (and its caller) are void, this hook can not
+ *	return an error.  However, it can leave the security attributes of the
+ *	process unchanged if an access failure occurs at this point. It can
+ *	also perform other state changes on the process (e.g.  closing open
+ *	file descriptors to which access is no longer granted if the attributes
+ *	were changed). 
+ *	@bprm contains the linux_binprm structure.
+ * @set_security:
+ *	Save security information in the bprm->security field, typically based
+ *	on information about the bprm->file, for later use by the compute_creds
+ *	hook.  This hook may also optionally check permissions (e.g. for
+ *	transitions between security domains).
+ *	This hook may be called multiple times during a single execve, e.g. for
+ *	interpreters.  The hook can tell whether it has already been called by
+ *	checking to see if @bprm->security is non-NULL.  If so, then the hook
+ *	may decide either to retain the security information saved earlier or
+ *	to replace it.
+ *	@bprm contains the linux_binprm structure.
+ *	Return 0 if the hook is successful and permission is granted.
+ *
+ * These are the security hooks for program execution operations.
+ */
+struct binprm_security_ops {
+	int (*alloc_security) (struct linux_binprm *bprm);
+	void (*free_security) (struct linux_binprm *bprm);
+	void (*compute_creds) (struct linux_binprm *bprm);
+	int (*set_security) (struct linux_binprm *bprm);
+};
+
+/**
+ * struct super_block_security_ops - Security hooks for filesystem operations.
+ * @alloc_security:
+ *	Allocate and attach a security structure to the sb->s_security field.
+ *	The s_security field is initialized to NULL when the structure is
+ *	allocated.
+ *	@sb contains the super_block structure to be modified.
+ *	Return 0 if operation was successful.
+ * @free_security:
+ *	Deallocate and clear the sb->s_security field.
+ *	@sb contains the super_block structure to be modified.
+ * @statfs:
+ *	Check permission before obtaining filesystem statistics for the @sb
+ *	filesystem.
+ *	@sb contains the super_block structure for the filesystem.
+ *	Return 0 if permission is granted.  
+ * @mount:
+ *	Check permission before an object specified by @dev_name is mounted on
+ *	the mount point named by @nd.  For an ordinary mount, @dev_name
+ *	identifies a device if the file system type requires a device.  For a
+ *	remount (@flags & MS_REMOUNT), @dev_name is irrelevant.  For a
+ *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
+ *	pathname of the object being mounted.
+ *	@dev_name contains the name for object being mounted.
+ *	@nd contains the nameidata structure for mount point object.
+ *	@type contains the filesystem type.
+ *	@flags contains the mount flags.
+ *	@data contains the filesystem-specific data.
+ *	Return 0 if permission is granted.
+ * @check_sb:
+ *	Check permission before the device with superblock @mnt->sb is mounted
+ *	on the mount point named by @nd.
+ *	@mnt contains the vfsmount for device being mounted.
+ *	@nd contains the nameidata object for the mount point.
+ *	Return 0 if permission is granted.
+ * @umount:
+ *	Check permission before the @mnt file system is unmounted.
+ *	@mnt contains the mounted file system.
+ *	@flags contains the unmount flags, e.g. MNT_FORCE.
+ *	Return 0 if permission is granted.
+ * @umount_close:
+ *	Close any files in the @mnt mounted filesystem that are held open by
+ *	the security module.  This hook is called during an umount operation
+ *	prior to checking whether the filesystem is still busy.
+ *	@mnt contains the mounted filesystem.
+ * @umount_busy:
+ *	Handle a failed umount of the @mnt mounted filesystem, e.g.  re-opening
+ *	any files that were closed by umount_close.  This hook is called during
+ *	an umount operation if the umount fails after a call to the
+ *	umount_close hook.
+ *	@mnt contains the mounted filesystem.
+ * @post_remount:
+ *	Update the security module's state when a filesystem is remounted.
+ *	This hook is only called if the remount was successful.
+ *	@mnt contains the mounted file system.
+ *	@flags contains the new filesystem flags.
+ *	@data contains the filesystem-specific data.
+ * @post_mountroot:
+ *	Update the security module's state when the root filesystem is mounted.
+ *	This hook is only called if the mount was successful.
+ * @post_addmount:
+ *	Update the security module's state when a filesystem is mounted.
+ *	This hook is called any time a mount is successfully grafetd to
+ *	the tree.
+ *	@mnt contains the mounted filesystem.
+ *	@mountpoint_nd contains the nameidata structure for the mount point.
+ *
+ * These are the security hooks for filesystem operations.
+ */
+struct super_block_security_ops {
+	int (*alloc_security) (struct super_block *sb);
+	void (*free_security) (struct super_block *sb);
+	int (*statfs) (struct super_block *sb);
+	int (*mount) (char * dev_name, struct nameidata *nd, char * type,
+		      unsigned long flags, void * data);
+	int (*check_sb) (struct vfsmount *mnt, struct nameidata *nd);
+	int (*umount) (struct vfsmount *mnt, int flags);
+	void (*umount_close) (struct vfsmount *mnt);
+	void (*umount_busy) (struct vfsmount *mnt);
+	void (*post_remount) (struct vfsmount *mnt, unsigned long flags,
+			      void *data);
+	void (*post_mountroot) (void);
+	void (*post_addmount) (struct vfsmount *mnt, struct nameidata
+			       *mountpoint_nd);
+};
+
+/**
+ * struct inode_security_ops - Security hooks for inode operations.
+ * @alloc_security:
+ *	Allocate and attach a security structure to @inode->i_security.  The
+ *	i_security field is initialized to NULL when the inode structure is
+ *	allocated.
+ *	@inode contains the inode structure.
+ *	Return 0 if operation was successful.
+ * @free_security:
+ *	@inode contains the inode structure.
+ *	Deallocate the inode security structure and set @inode->i_security to
+ *	NULL. 
+ * @create:
+ *	Check permission to create a regular file.
+ *	@dir contains inode structure of the parent of the new file.
+ *	@dentry contains the dentry structure for the file to be created.
+ *	@mode contains the file mode of the file to be created.
+ *	Return 0 if permission is granted.
+ * @post_create:
+ *	Set the security attributes on a newly created regular file.  This hook
+ *	is called after a file has been successfully created.
+ *	@dir contains the inode structure of the parent directory of the new file.
+ *	@dentry contains the the dentry structure for the newly created file.
+ *	@mode contains the file mode.
+ * @link:
+ *	Check permission before creating a new hard link to a file.
+ *	@old_dentry contains the dentry structure for an existing link to the file.
+ *	@dir contains the inode structure of the parent directory of the new link.
+ *	@new_dentry contains the dentry structure for the new link.
+ *	Return 0 if permission is granted.
+ * @post_link:
+ *	Set security attributes for a new hard link to a file.
+ *	@old_dentry contains the dentry structure for the existing link.
+ *	@dir contains the inode structure of the parent directory of the new file.
+ *	@new_dentry contains the dentry structure for the new file link.
+ * @unlink:
+ *	Check the permission to remove a hard link to a file. 
+ *	@dir contains the inode structure of parent directory of the file.
+ *	@dentry contains the dentry structure for file to be unlinked.
+ *	Return 0 if permission is granted.
+ * @symlink:
+ *	Check the permission to create a symbolic link to a file.
+ *	@dir contains the inode structure of parent directory of the symbolic link.
+ *	@dentry contains the dentry structure of the symbolic link.
+ *	@old_name contains the pathname of file.
+ *	Return 0 if permission is granted.
+ * @post_symlink:
+ *	@dir contains the inode structure of the parent directory of the new link.
+ *	@dentry contains the dentry structure of new symbolic link.
+ *	@old_name contains the pathname of file.
+ *	Set security attributes for a newly created symbolic link.  Note that
+ *	@dentry->d_inode may be NULL, since the filesystem might not
+ *	instantiate the dentry (e.g. NFS).
+ * @mkdir:
+ *	Check permissions to create a new directory in the existing directory
+ *	associated with inode strcture @dir. 
+ *	@dir containst the inode structure of parent of the directory to be created.
+ *	@dentry contains the dentry structure of new directory.
+ *	@mode contains the mode of new directory.
+ *	Return 0 if permission is granted.
+ * @post_mkdir:
+ *	Set security attributes on a newly created directory.
+ *	@dir contains the inode structure of parent of the directory to be created.
+ *	@dentry contains the dentry structure of new directory.
+ *	@mode contains the mode of new directory.
+ * @rmdir:
+ *	Check the permission to remove a directory.
+ *	@dir contains the inode structure of parent of the directory to be removed.
+ *	@dentry contains the dentry structure of directory to be removed.
+ *	Return 0 if permission is granted.
+ * @mknod:
+ *	Check permissions when creating a special file (or a socket or a fifo
+ *	file created via the mknod system call).  Note that if mknod operation
+ *	is being done for a regular file, then the create hook will be called
+ *	and not this hook.
+ *	@dir contains the inode structure of parent of the new file.
+ *	@dentry contains the dentry structure of the new file.
+ *	@mode contains the mode of the new file.
+ *	@dev contains the the device number.
+ *	Return 0 if permission is granted.
+ * @post_mknod:
+ *	Set security attributes on a newly created special file (or socket or
+ *	fifo file created via the mknod system call).
+ *	@dir contains the inode structure of parent of the new node.
+ *	@dentry contains the dentry structure of the new node.
+ *	@mode contains the mode of the new node.
+ *	@dev contains the the device number.
+ * @rename:
+ *	Check for permission to rename a file or directory.
+ *	@old_dir contains the inode structure for parent of the old link.
+ *	@old_dentry contains the dentry structure of the old link.
+ *	@new_dir contains the inode structure for parent of the new link.
+ *	@new_dentry contains the dentry structure of the new link.
+ *	Return 0 if permission is granted.
+ * @post_rename:
+ *	Set security attributes on a renamed file or directory.
+ *	@old_dir contains the inode structure for parent of the old link.
+ *	@old_dentry contains the dentry structure of the old link.
+ *	@new_dir contains the inode structure for parent of the new link.
+ *	@new_dentry contains the dentry structure of the new link.
+ * @readlink:
+ *	Check the permission to read the symbolic link.
+ *	@dentry contains the dentry structure for the file link.
+ *	Return 0 if permission is granted.
+ * @follow_link:
+ *	Check permission to follow a symbolic link when looking up a pathname.
+ *	@dentry contains the dentry structure for the link.
+ *	@nd contains the nameidata structure for the parent directory.
+ *	Return 0 if permission is granted.
+ * @permission:
+ *	Check permission before accessing an inode.  This hook is called by the
+ *	existing Linux permission function, so a security module can use it to
+ *	provide additional checking for existing Linux permission checks.
+ *	Notice that this hook is called when a file is opened (as well as many
+ *	other operations), whereas the file_security_ops permission hook is
+ *	called when the actual read/write operations are performed.
+ *	@inode contains the inode structure to check.
+ *	@mask contains the permission mask.
+ *	Return 0 if permission is granted.
+ * @revalidate:
+ *	Revalidate the inode attributes.  This hook can be used by a security
+ *	module to revalidate the attributes stored in the i_security field to
+ *	maintain consistency when the file is remote.
+ *	@dentry contains the dentry structure associated with the inode.
+ *	Return 0 if successful.
+ * @setattr:
+ *	Check permission before setting file attributes.  Note that the kernel
+ *	call to notify_change is performed from several locations, whenever
+ *	file attributes change (such as when a file is truncated, chown/chmod
+ *	operations, transferring disk quotas, etc).
+ *	@dentry contains the dentry structure for the file.
+ *	@attr is the iattr structure containing the new file attributes.
+ *	Return 0 if permission is granted.
+ * @stat:
+ *	Check permission before obtaining file attributes.
+ *	@inode contains the inode structure for the file.
+ *	Return 0 if permission is granted.
+ * @post_lookup:
+ *	Set the security attributes for a file after it has been looked up.
+ *	@inode contains the inode structure for parent directory.
+ *	@d contains the dentry structure for the file.
+ * @delete:
+ *	@inode contains the inode structure for deleted inode.
+ *	This hook is called when a deleted inode is released (i.e. an inode
+ *	with no hard links has its use count drop to zero).  A security module
+ *	can use this hook to release any persistent label associated with the
+ *	inode.
+ * @setxattr:
+ * 	Check permission before setting the extended attributes
+ * 	@value identified by @name for @dentry.
+ * 	Return 0 if permission is granted.
+ * @getxattr:
+ * 	Check permission before obtaining the extended attributes
+ * 	identified by @name for @dentry.
+ * 	Return 0 if permission is granted.
+ * @listxattr:
+ * 	Check permission before obtaining the list of extended attribute 
+ * 	names for @dentry.
+ * 	Return 0 if permission is granted.
+ * @removexattr:
+ * 	Check permission before removing the extended attribute
+ * 	identified by @name for @dentry.
+ * 	Return 0 if permission is granted.
+ *
+ * These are the security hooks for inode operations.
+ */
+struct inode_security_ops {
+	int (*alloc_security) (struct inode *inode);	
+	void (*free_security) (struct inode *inode);
+	int (*create) (struct inode *dir, struct dentry *dentry, int mode);
+	void (*post_create) (struct inode *dir, struct dentry *dentry, 
+			     int mode);
+	int (*link) (struct dentry *old_dentry, struct inode *dir, 
+		     struct dentry *new_dentry);
+	void (*post_link) (struct dentry *old_dentry, struct inode *dir,
+			   struct dentry *new_dentry);
+	int (*unlink) (struct inode *dir, struct dentry *dentry);
+	int (*symlink) (struct inode *dir, struct dentry *dentry, 
+			const char *old_name);
+	void (*post_symlink) (struct inode *dir, struct dentry *dentry,
+			      const char *old_name);
+	int (*mkdir) (struct inode *dir, struct dentry *dentry, int mode);
+	void (*post_mkdir) (struct inode *dir, struct dentry *dentry, 
+			    int mode);
+	int (*rmdir) (struct inode *dir, struct dentry *dentry);
+	int (*mknod) (struct inode *dir, struct dentry *dentry, int mode,
+		      dev_t dev);
+	void (*post_mknod) (struct inode *dir, struct dentry *dentry,
+			    int mode, dev_t dev);
+	int (*rename) (struct inode *old_dir, struct dentry *old_dentry,
+		       struct inode *new_dir, struct dentry *new_dentry);
+	void (*post_rename) (struct inode *old_dir, struct dentry *old_dentry,
+			     struct inode *new_dir, struct dentry *new_dentry);
+	int (*readlink) (struct dentry *dentry);
+	int (*follow_link) (struct dentry *dentry, struct nameidata *nd);
+	int (*permission) (struct inode *inode, int mask);
+	int (*revalidate) (struct dentry *dentry);
+	int (*setattr)	(struct dentry *dentry, struct iattr *attr);
+	int (*stat) (struct inode *inode);
+	void (*post_lookup) (struct inode *inode, struct dentry *d);
+        void (*delete) (struct inode *inode);
+	int (*setxattr) (struct dentry *dentry, char *name, void *value,
+			 size_t size, int flags);
+	int (*getxattr) (struct dentry *dentry, char *name);
+	int (*listxattr) (struct dentry *dentry);
+	int (*removexattr) (struct dentry *dentry, char *name);
+};
+
+/**
+ * struct file_security_ops - Security hooks for file operations
+ * @permission:
+ *	Check file permissions before accessing an open file.  This hook is
+ *	called by various operations that read or write files.  A security
+ *	module can use this hook to perform additional checking on these
+ *	operations, e.g.  to revalidate permissions on use to support privilege
+ *	bracketing or policy changes.  Notice that this hook is used when the
+ *	actual read/write operations are performed, whereas the
+ *	inode_security_ops hook is called when a file is opened (as well as
+ *	many other operations).
+ *	Caveat:  Although this hook can be used to revalidate permissions for
+ *	various system call operations that read or write files, it does not
+ *	address the revalidation of permissions for memory-mapped files.
+ *	Security modules must handle this separately if they need such
+ *	revalidation.
+ *	@file contains the file structure being accessed.
+ *	@mask contains the requested permissions.
+ *	Return 0 if permission is granted.
+ * @alloc_security:
+ *	Allocate and attach a security structure to the file->f_security field.
+ *	The security field is initialized to NULL when the structure is first
+ *	created.
+ *	@file contains the file structure to secure.
+ *	Return 0 if the hook is successful and permission is granted.
+ * @free_security:
+ *	Deallocate and free any security structures stored in file->f_security.
+ *	@file contains the file structure being modified.
+ * @llseek:
+ *	Check permission before re-positioning the file offset in @file.
+ *	@file contains the file structure being modified.
+ *	Return 0 if permission is granted.
+ * @ioctl:
+ *	@file contains the file structure.
+ *	@cmd contains the operation to perform.
+ *	@arg contains the operational arguments.
+ *	Check permission for an ioctl operation on @file.  Note that @arg can
+ *	sometimes represents a user space pointer; in other cases, it may be a
+ *	simple integer value.  When @arg represents a user space pointer, it
+ *	should never be used by the security module.
+ *	Return 0 if permission is granted.
+ * @mmap :
+ *	Check permissions for a mmap operation.  The @file may be NULL, e.g.
+ *	if mapping anonymous memory.
+ *	@file contains the file structure for file to map (may be NULL).
+ *	@prot contains the requested permissions.
+ *	@flags contains the operational flags.
+ *	Return 0 if permission is granted.
+ * @mprotect:
+ *	Check permissions before changing memory access permissions.
+ *	@vma contains the memory region to modify.
+ *	@prot contains the requested permissions.
+ *	Return 0 if permission is granted.
+ * @lock:
+ *	Check permission before performing file locking operations.
+ *	Note: this hook mediates both flock and fcntl style locks.
+ *	@file contains the file structure.
+ *	@cmd contains the posix-translated lock operation to perform
+ *	(e.g. F_RDLCK, F_WRLCK).
+ *	@blocking indicates if the request is for a blocking lock.
+ *	Return 0 if permission is granted.
+ * @fcntl:
+ *	Check permission before allowing the file operation specified by @cmd
+ *	from being performed on the file @file.  Note that @arg can sometimes
+ *	represents a user space pointer; in other cases, it may be a simple
+ *	integer value.  When @arg represents a user space pointer, it should
+ *	never be used by the security module.
+ *	@file contains the file structure.
+ *	@cmd contains the operation to be performed.
+ *	@arg contains the operational arguments.
+ *	Return 0 if permission is granted.
+ * @set_fowner:
+ *	Save owner security information (typically from current->security) in
+ *	file->f_security for later use by the send_sigiotask hook.
+ *	@file contains the file structure to update.
+ *	Return 0 on success.
+ * @send_sigiotask:
+ *	Check permission for the file owner @fown to send SIGIO to the process
+ *	@tsk.  Note that this hook is always called from interrupt.  Note that
+ *	the fown_struct, @fown, is never outside the context of a struct file,
+ *	so the file structure (and associated security information) can always
+ *	be obtained:
+ *		(struct file *)((long)fown - offsetof(struct file,f_owner));
+ * 	@tsk contains the structure of task receiving signal.
+ *	@fown contains the file owner information.
+ *	@fd contains the file descriptor.
+ *	@reason contains the operational flags.
+ *	Return 0 if permission is granted.
+ * @receive:
+ *	This hook allows security modules to control the ability of a process
+ *	to receive an open file descriptor via socket IPC.
+ *	@file contains the file structure being received.
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for file operations.
+ */
+struct file_security_ops {
+	int (*permission) (struct file * file, int mask);
+	int (*alloc_security) (struct file * file);
+	void (*free_security) (struct file * file);
+	int (*llseek) (struct file * file);
+	int (*ioctl) (struct file * file, unsigned int cmd, unsigned long arg);
+	int (*mmap) (struct file * file, unsigned long prot,
+		     unsigned long flags);
+	int (*mprotect) (struct vm_area_struct * vma, unsigned long prot);
+	int (*lock) (struct file * file, unsigned int cmd, int blocking);
+	int (*fcntl) (struct file * file, unsigned int cmd, unsigned long arg);
+	int (*set_fowner) (struct file * file);
+	int (*send_sigiotask) (struct task_struct * tsk, 
+			       struct fown_struct * fown, int fd, int reason);
+	int (*receive) (struct file * file);
+};
+
+struct sched_param;
+/**
+ * struct task_security_ops - Security hooks for task operations.
+ * @create:
+ *	Check permission before creating a child process.  See the clone(2)
+ *	manual page for definitions of the @clone_flags.
+ *	@clone_flags contains the flags indicating what should be shared.
+ *	Return 0 if permission is granted.
+ * @alloc_security:
+ *	@p contains the task_struct for child process.
+ *	Allocate and attach a security structure to the p->security field. The
+ *	security field is initialized to NULL when the task structure is
+ *	allocated.
+ *	Return 0 if operation was successful.
+ * @free_security:
+ *	@p contains the task_struct for process.
+ *	Deallocate and clear the p->security field.
+ * @setuid:
+ *	Check permission before setting one or more of the user identity
+ *	attributes of the current process.  The @flags parameter indicates
+ *	which of the set*uid system calls invoked this hook and how to
+ *	interpret the @id0, @id1, and @id2 parameters.  See the LSM_SETID
+ *	definitions at the beginning of this file for the @flags values and
+ *	their meanings.
+ *	@id0 contains a uid.
+ *	@id1 contains a uid.
+ *	@id2 contains a uid.
+ *	@flags contains one of the LSM_SETID_* values.
+ *	Return 0 if permission is granted.
+ * @post_setuid:
+ *	Update the module's state after setting one or more of the user
+ *	identity attributes of the current process.  The @flags parameter
+ *	indicates which of the set*uid system calls invoked this hook.  If
+ *	@flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other
+ *	parameters are not used.
+ *	@old_ruid contains the old real uid (or fs uid if LSM_SETID_FS).
+ *	@old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
+ *	@old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
+ *	@flags contains one of the LSM_SETID_* values.
+ *	Return 0 on success.
+ * @setgid:
+ *	Check permission before setting one or more of the group identity
+ *	attributes of the current process.  The @flags parameter indicates
+ *	which of the set*gid system calls invoked this hook and how to
+ *	interpret the @id0, @id1, and @id2 parameters.  See the LSM_SETID
+ *	definitions at the beginning of this file for the @flags values and
+ *	their meanings.
+ *	@id0 contains a gid.
+ *	@id1 contains a gid.
+ *	@id2 contains a gid.
+ *	@flags contains one of the LSM_SETID_* values.
+ *	Return 0 if permission is granted.
+ * @setpgid:
+ *	Check permission before setting the process group identifier of the
+ *	process @p to @pgid.
+ *	@p contains the task_struct for process being modified.
+ *	@pgid contains the new pgid.
+ *	Return 0 if permission is granted.
+ * @getpgid:
+ *	Check permission before getting the process group identifier of the
+ *	process @p.
+ *	@p contains the task_struct for the process.
+ *	Return 0 if permission is granted.
+ * @getsid:
+ *	Check permission before getting the session identifier of the process
+ *	@p.
+ *	@p contains the task_struct for the process.
+ *	Return 0 if permission is granted.
+ * @setgroups:
+ *	Check permission before setting the supplementary group set of the
+ *	current process to @grouplist.
+ *	@gidsetsize contains the number of elements in @grouplist.
+ *	@grouplist contains the array of gids.
+ *	Return 0 if permission is granted.
+ * @setnice:
+ *	Check permission before setting the nice value of @p to @nice.
+ *	@p contains the task_struct of process.
+ *	@nice contains the new nice value.
+ *	Return 0 if permission is granted.
+ * @setrlimit:
+ *	Check permission before setting the resource limits of the current
+ *	process for @resource to @new_rlim.  The old resource limit values can
+ *	be examined by dereferencing (current->rlim + resource).
+ *	@resource contains the resource whose limit is being set.
+ *	@new_rlim contains the new limits for @resource.
+ *	Return 0 if permission is granted.
+ * @setscheduler:
+ *	Check permission before setting scheduling policy and/or parameters of
+ *	process @p based on @policy and @lp.
+ *	@p contains the task_struct for process.
+ *	@policy contains the scheduling policy.
+ *	@lp contains the scheduling parameters.
+ *	Return 0 if permission is granted.
+ * @getscheduler:
+ *	Check permission before obtaining scheduling information for process
+ *	@p.
+ *	@p contains the task_struct for process.
+ *	Return 0 if permission is granted.
+ * @kill:
+ *	Check permission before sending signal @sig to @p.  @info can be NULL,
+ *	the constant 1, or a pointer to a siginfo structure.  If @info is 1 or
+ *	SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
+ *	from the kernel and should typically be permitted.
+ *	SIGIO signals are handled separately by the send_sigiotask hook in
+ *	file_security_ops.
+ *	@p contains the task_struct for process.
+ *	@info contains the signal information.
+ *	@sig contains the signal value.
+ *	Return 0 if permission is granted.
+ * @wait:
+ *	Check permission before allowing a process to reap a child process @p
+ *	and collect its status information.
+ *	@p contains the task_struct for process.
+ *	Return 0 if permission is granted.
+ * @prctl:
+ *	Check permission before performing a process control operation on the
+ *	current process.
+ *	@option contains the operation.
+ *	@arg2 contains a argument.
+ *	@arg3 contains a argument.
+ *	@arg4 contains a argument.
+ *	@arg5 contains a argument.
+ *	Return 0 if permission is granted.
+ * @kmod_set_label:
+ *	Set the security attributes in current->security for the kernel module
+ *	loader thread, so that it has the permissions needed to perform its
+ *	function.
+ *
+ * These are the security hooks for task operations.
+ */
+struct task_security_ops {
+	int (*create) (unsigned long clone_flags);
+	int (*alloc_security) (struct task_struct *p);
+	void (*free_security) (struct task_struct *p);
+	int (*setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
+	int (*post_setuid) (uid_t old_ruid/* or fsuid */, uid_t old_euid,  
+			    uid_t old_suid, int flags);
+	int (*setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
+	int (*setpgid)	(struct task_struct *p, pid_t pgid);
+	int (*getpgid)	(struct task_struct *p);
+	int (*getsid) (struct task_struct *p);
+	int (*setgroups) (int gidsetsize, gid_t *grouplist);
+	int (*setnice)	(struct task_struct *p, int nice);
+	int (*setrlimit) (unsigned int resource, struct rlimit *new_rlim);
+	int (*setscheduler) (struct task_struct *p, int policy, 
+			      struct sched_param *lp);
+	int (*getscheduler) (struct task_struct *p);
+	int (*kill) (struct task_struct *p, struct siginfo *info, int sig);
+	int (*wait) (struct task_struct *p);
+	int (*prctl) (int option, unsigned long arg2, unsigned long arg3, 
+		      unsigned long arg4, unsigned long arg5);
+	void (*kmod_set_label) (void);
+};
+
+struct sk_buff;
+/**
+ * struct socket_security_ops - Security hooks for socket operations.
+ * @create:
+ *	Check permissions prior to creating a new socket.
+ *	@family contains the requested protocol family.
+ *	@type contains the requested communications type.
+ *	@protocol contains the requested protocol.
+ *	Return 0 if permission is granted.
+ * @post_create:
+ *	This hook allows a module to update or allocate a per-socket security
+ *	structure. Note that the security field was not added directly to the
+ *	socket structure, but rather, the socket security information is stored
+ *	in the associated inode.  Typically, the inode alloc_security hook will
+ *	allocate and and attach security information to
+ *	sock->inode->i_security.  This hook may be used to update the
+ *	sock->inode->i_security field with additional information that wasn't
+ *	available when the inode was allocated.
+ *	@sock contains the newly created socket structure.
+ *	@family contains the requested protocol family.
+ *	@type contains the requested communications type.
+ *	@protocol contains the requested protocol.
+ * @bind:
+ *	Check permission before socket protocol layer bind operation is
+ *	performed and the socket @sock is bound to the address specified in the
+ *	@address parameter.
+ *	@sock contains the socket structure.
+ *	@address contains the address to bind to.
+ *	@addrlen contains the length of address.
+ *	Return 0 if permission is granted.  
+ * @connect:
+ *	Check permission before socket protocol layer connect operation
+ *	attempts to connect socket @sock to a remote address, @address.
+ *	@sock contains the socket structure.
+ *	@address contains the address of remote endpoint.
+ *	@addrlen contains the length of address.
+ *	Return 0 if permission is granted.  
+ * @listen:
+ *	Check permission before socket protocol layer listen operation.
+ *	@sock contains the socket structure.
+ *	@backlog contains the maximum length for the pending connection queue.
+ *	Return 0 if permission is granted.
+ * @accept:
+ *	Check permission before accepting a new connection.  Note that the new
+ *	socket, @newsock, has been created and some information copied to it,
+ *	but the accept operation has not actually been performed. This hook
+ *	also allows a security module to copy security information into the
+ *	newly created socket's inode.
+ *	@sock contains the listening socket structure.
+ *	@newsock contains the newly created server socket for connection.
+ *	Return 0 if permission is granted.
+ * @sendmsg:
+ *	Check permission before transmitting a message to another socket.
+ *	@sock contains the socket structure.
+ *	@msg contains the message to be transmitted.
+ *	@size contains the size of message.
+ *	Return 0 if permission is granted.
+ * @recvmsg:
+ *	Check permission before receiving a message from a socket.
+ *	@sock contains the socket structure.
+ *	@msg contains the message structure.
+ *	@size contains the size of message structure.
+ *	@flags contains the operational flags.
+ *	Return 0 if permission is granted.  
+ * @getsockname:
+ *	Check permission before the local address (name) of the socket object
+ *	@sock is retrieved.
+ *	@sock contains the socket structure.
+ *	Return 0 if permission is granted.
+ * @getpeername:
+ *	Check permission before the remote address (name) of a socket object
+ *	@sock is retrieved.
+ *	@sock contains the socket structure.
+ *	Return 0 if permission is granted.
+ * @getsockopt:
+ *	Check permissions before retrieving the options associated with socket
+ *	@sock.
+ *	@sock contains the socket structure.
+ *	@level contains the protocol level to retrieve option from.
+ *	@optname contains the name of option to retrieve.
+ *	Return 0 if permission is granted.
+ * @setsockopt:
+ *	Check permissions before setting the options associated with socket
+ *	@sock.
+ *	@sock contains the socket structure.
+ *	@level contains the protocol level to set options for.
+ *	@optname contains the name of the option to set.
+ *	Return 0 if permission is granted.  
+ * @shutdown:
+ *	Checks permission before all or part of a connection on the socket
+ *	@sock is shut down.
+ *	@sock contains the socket structure.
+ *	@how contains the flag indicating how future sends and receives are handled.
+ *	Return 0 if permission is granted.
+ * @sock_rcv_skb:
+ *	Check permissions on incoming network packets.  This hook is distinct
+ *	from the network input hooks of ip_security_ops since it is the first
+ *	time that the incoming sk_buff @skb has been associated with a
+ *	particular socket, @sk.  Security modules should not try to dereference
+ *	@sk->socket if the socket is in a time wait state 
+ *	(@sk->state == TCP_TIME_WAIT), since the @sk refers to a tcp_tw_bucket
+ *	structure in that case.  Also, even if the socket is not in this state,
+ *	@sk->socket may be NULL, e.g. a newly created server socket for a
+ *	connection that has not yet been accepted by a process.
+ *	@sk contains the sock (not socket) associated with the incoming sk_buff.
+ *	@skb contains the incoming network data.
+ * 	Return 0 if permission is granted.
+ * @unix_stream_connect:
+ *	Check permissions before establishing a Unix domain stream connection
+ *	between @sock and @other.
+ *	@sock contains the socket structure.
+ *	@other contains the peer socket structure.
+ *	Return 0 if permission is granted.
+ * @unix_may_send:
+ *	Check permissions before connecting or sending datagrams from @sock to
+ *	@other.
+ *	@sock contains the socket structure.
+ *	@sock contains the peer socket structure.
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for socket operations.
+ *
+ * The @unix_stream_connect and @unix_may_send hooks were necessary because
+ * Linux provides an alternative to the conventional file name space for Unix
+ * domain sockets.  Whereas binding and connecting to sockets in the file name
+ * space is mediated by the typical file permissions (and caught by the mknod
+ * and permission hooks in inode_security_ops), binding and connecting to
+ * sockets in the abstract name space is completely unmediated.  Sufficient
+ * control of Unix domain sockets in the abstract name space isn't possible
+ * using only the socket layer hooks, since we need to know the actual target
+ * socket, which is not looked up until we are inside the af_unix code.
+ */
+struct socket_security_ops {
+	int (*create) (int family, int type, int protocol);
+	void (*post_create) (struct socket * sock, int family, int type,
+			     int protocol);
+	int (*bind) (struct socket * sock, struct sockaddr * address,
+		     int addrlen);
+	int (*connect) (struct socket * sock, struct sockaddr * address,
+			int addrlen);
+	int (*listen) (struct socket * sock, int backlog);
+	int (*accept) (struct socket * sock, struct socket * newsock);
+	int (*sendmsg) (struct socket * sock, struct msghdr * msg, int size);
+	int (*recvmsg) (struct socket * sock, struct msghdr * msg, int size,
+			int flags);
+	int (*getsockname) (struct socket * sock);
+	int (*getpeername) (struct socket * sock);
+	int (*getsockopt) (struct socket * sock, int level, int optname);
+	int (*setsockopt) (struct socket * sock, int level, int optname);
+	int (*shutdown) (struct socket * sock, int how);
+	int (*sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
+	int (*unix_stream_connect) (struct socket * sock,
+				    struct socket * other);
+	int (*unix_may_send) (struct socket * sock, struct socket * other);
+};
+
+/**
+ * struct skb_security_ops - Lifecycle hooks for network buffers.
+ * @alloc_security:
+ *	This hook is called by the &sk_buff allocator when a new buffer is
+ *	being allocated.  An LSM module may allocate and assign a new security
+ *	blob for the &sk_buff via this hook.
+ *	@skb contains the buffer being allocated.
+ *	Return 0 if successful, or -ENOMEM on out of memory condition.
+ * @clone:
+ *	This hook is called when an &sk_buff is being cloned, and may be used,
+ *	for example, to increment a reference count on the associated security
+ *	blob.  The security blob in the @newskb will not have been allocated.
+ *	@newskb contains the newly cloned buffer.
+ *	@oldskb contains the buffer being cloned.
+ *	Returns 0 on success -ENOMEM on failure.
+ * @copy:
+ *	This hook is called when an &sk_buff header is being copied, which
+ *	occurs during the skb_copy() and pskb_copy() functions in
+ *	<net/core/skbuff.c>
+ *	@newskb contains the newly copied buffer.
+ *	@oldskb contains the buffer being copied.
+ * @set_owner_w:
+ *	This hook is called when the ownership of an &sk_buff is being assigned
+ *	to a sending socket.  Typically, this would be used to copy security
+ *	attributes from the sending socket to the &sk_buff.
+ *	@skb contains the buffer being owned.
+ *	@sk contains sock to which ownership is being assigned.
+ * @free_security:
+ *	This hook is called when an &sk_buff is being destroyed, and should be
+ *	used to free any associated security blob.
+ *	@skb contains the buffer being destroyed.
+ *
+ * These are the lifecycle hooks for network buffers. They are used to help
+ * manage the lifecycle of security blobs for &sk_buff structures, and are not
+ * intended to be used for access decisions.
+ */
+struct skb_security_ops {
+	int (*alloc_security) (struct sk_buff *skb);
+	int (*clone) (struct sk_buff *newskb, const struct sk_buff *oldskb);
+	void (*copy) (struct sk_buff *newskb, const struct sk_buff *oldskb);
+	void (*set_owner_w) (struct sk_buff *skb, struct sock *sk);
+	void (*free_security) (struct sk_buff *skb);
+};
+
+struct net_device;
+typedef unsigned int (*ip_opfn)(unsigned int hooknum, struct sk_buff **skb,
+                                const struct net_device *in, const struct net_device *out,
+                                int (*okfn)(struct sk_buff *));
+/**
+ * struct ip_security_ops - IPv4 networking hooks.
+ * @preroute_first:
+ *	Hooks declared with the &ip_opfn function pointer make use of the
+ *	Netfilter API for intercepting packets as they traverse the IP layer.
+ *	Each Netfilter hook is grabbed twice, before and after packets are
+ *	passed through the standard iptables-based packet filtering and
+ *	mangling mechanisms.
+ *	Parameters for these hooks are as follows;
+ *	@hooknum contains the hook the packet arrived on.
+ *	@skb contains the &sk_buff containing the packet.
+ *	@in contains the incoming netdevice associated with the packet.
+ *	@out contains the outgoing netdevice associated with the packet.
+ *	@okfn contains the used internally by Netfilter.
+ *	These hooks may return NF_ACCEPT to allow the packet through and
+ *	NF_DROP to drop the packet.
+ *	Further information on the Netfilter API may be found in the Netfilter
+ *	Hacking HOWTO at http://netfilter.samba.org/ 
+ * @preroute_last:
+ *	Netfilter API, see @preroute_first for more information.
+ * @input_first:
+ *	Netfilter API, see @preroute_first for more information.
+ * @input_last:
+ *	Netfilter API, see @preroute_first for more information.
+ * @forward_first:
+ *	Netfilter API, see @preroute_first for more information.
+ * @forward_last:
+ *	Netfilter API, see @preroute_first for more information.
+ * @output_first:
+ *	Netfilter API, see @preroute_first for more information.
+ * @output_last:
+ *	Netfilter API, see @preroute_first for more information.
+ * @postroute_first:
+ *	Netfilter API, see @preroute_first for more information.
+ * @postroute_last:
+ *	Netfilter API, see @preroute_first for more information.
+ * @fragment:
+ *	This is called for each fragment generated when an outgoing packet is
+ *	being fragmented, and may be used to copy security attributes from the
+ *	original packet to each fragment.
+ *	@newskb contains the newly created fragment.
+ *	@oldskb contains the original packet being fragmented.
+ * @defragment:
+ *	This hook is called when an incoming fragment is about to be inserted
+ *	into a reassembly queue.  It's purpose is to enable the validation of
+ *	security attributes for each fragment.  An LSM module using this hook
+ *	will likely need to maintain its own fragment queue information, handle
+ *	fragment expiration and implement DoS countermeasures.
+ *	@skb contains the incoming fragment.
+ *	Returns 0 on success.
+ * @encapsulate:
+ *	This hook is called when an IP packet is encapsulated, and may be used
+ *	to update security attributes prior to reprocessing via the local_out
+ *	or forward hooks.
+ *	@skb contains the encapsulated packet.
+ * @decapsulate:
+ *	This hook is called when a packet is decapsulated, and may be used to
+ *	process security attributes at each level of encapsulation.  An example
+ *	of this would be keeping track of nested security associations for an
+ *	incoming packet.
+ *	@skb contains the decapsulated packet.
+ * @decode_options:
+ *	This hook is used for processing IP security options at the network
+ *	layer when labeled networking (e.g. CIPSO) is implemented.
+ *	For outgoing packets, IP options passed down from the application or
+ *	transport layers may be verified here prior the packet being built.
+ *	For incoming packets, IP options may be verified and their values
+ *	recorded via the &sk_buff security blob for later processing.
+ *	@skb contains the &sk_buff containing IP packet (usually NULL for outgoing).
+ *	@optptr contains the &ip_options structure.
+ *	@pp_ptr contains the parameter problem pointer.
+ *	Returns 0 on success.
+ *	A non-zero return value will cause an ICMP parameter problem message to
+ *	be generated and transmitted to the sender.  The @pp_ptr parameter may
+ *	be used to point to the offending option parameter.
+ *
+ * These are the IPv4 networking hooks.
+ */
+struct ip_security_ops {
+	ip_opfn preroute_first;
+	ip_opfn preroute_last;
+	ip_opfn input_first;
+	ip_opfn input_last;
+	ip_opfn forward_first;
+	ip_opfn forward_last;
+	ip_opfn output_first;
+	ip_opfn output_last;
+	ip_opfn postroute_first;
+	ip_opfn postroute_last;
+	void (*fragment) (struct sk_buff *newskb,
+			  const struct sk_buff *oldskb);
+	int (*defragment) (struct sk_buff *skb);
+	void (*encapsulate) (struct sk_buff *skb);
+	void (*decapsulate) (struct sk_buff *skb);
+	int (*decode_options) (struct sk_buff *skb, const char *optptr,
+			       unsigned char **pp_ptr);
+};
+
+/**
+ * struct netdev_security_ops - Security hooks for network devices.
+ * @unregister:
+ *	Update the module's state when a network device is unregistered,
+ *	deallocating the dev->security field if it was previously allocated.
+ *	@dev contains the network device
+ *
+ * These are the hooks for network device operations.  Since it would be quite
+ * invasive to provide hooks in every location where a network device might be
+ * probed or initialized, there are no separate hooks for allocation or
+ * initialization.  Security modules can allocate and initialize the
+ * dev->security field on the first access to the device, but should be careful
+ * to use nonblocking allocation.
+ */
+struct netdev_security_ops {
+	void (*unregister) (struct net_device *dev);
+};
+
+/**
+ * struct module_security_ops - Security hooks for kernel module operations.
+ * @create_module:
+ *	Check the permission before allocating space for a module.
+ *	@name contains the module name.
+ *	@size contains the module size.
+ *	Return 0 if permission is granted.
+ * @init_module:
+ * 	Check permission before initializing a module.
+ * 	@mod contains a pointer to the module being initialized.
+ *	Return 0 if permission is granted.
+ * @delete_module:
+ *	Check permission before removing a module.
+ *	@mod contains a pointer to the module being deleted.
+ *	Return 0 if permission is granted.
+ * 
+ * These are the hooks for kernel module operations.  All hooks are called with
+ * the big kernel lock held, and @delete_module is also called with the
+ * unload_lock held.
+ */
+struct module_security_ops {
+ 	int  (*create_module) (const char *name, size_t size);
+ 	int  (*init_module) (struct module *mod);
+ 	int  (*delete_module) (const struct module *mod);
+};
+
+/**
+ * struct ipc_security_ops - Security hooks affecting all System V IPC operations.
+ * @permission:
+ *	Check user, group, and other permissions for access to IPC
+ *	@ipcp contains the IPC permission set
+ *	@flag contains the desired (requested) permission set
+ *	Return 0 if permission is granted.
+ * @getinfo:
+ *	Check permission to retrieve information on previously allocated IPC
+ *	resources.  Called by the IPC resource control syscalls, shmctl,
+ *	msgctl, semctl with a @cmd argument of: IPC_INFO, SEM_INFO, MSG_INFO,
+ *	or SHM_INFO as appropriate.
+ *	@id contains the resource identifier
+ *	@cmd contains the operation to be performed
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for all System V IPC operations.
+ */
+struct ipc_security_ops {
+	int (*permission) (struct kern_ipc_perm *ipcp, short flag);
+	int (*getinfo) (int id, int cmd);
+};
+
+/**
+ * struct msg_msg_security_ops - Security hooks for individual messages held in System V IPC message queues
+ * @alloc_security:
+ *	Allocate and attach a security structure to the msg->security field.
+ *	The security field is initialized to NULL when the structure is first
+ *	created.
+ *	@msg contains the message structure to be modified.
+ *	Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ *	Deallocate the security structure for this message.
+ *	@msg contains the message structure to be modified.
+ *
+ * These are the security hooks for individual messages held in System V IPC
+ * message queues.
+ */
+struct msg_msg_security_ops {
+	int (*alloc_security) (struct msg_msg *msg);
+	void (*free_security) (struct msg_msg *msg);
+};
+
+/**
+ * struct msg_queue_security_ops - Security hooks for System V IPC Message Queues
+ * @alloc_security:
+ *	Allocate and attach a security structure to the
+ *	msq->q_perm.security field. The security field is initialized to
+ *	NULL when the structure is first created.
+ *	@msq contains the message queue structure to be modified.
+ *	Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ *	Deallocate security structure for this message queue.
+ *	@msq contains the message queue structure to be modified.
+ * @associate:
+ *	Check permission when a message queue is requested through the
+ *	msgget system call.  This hook is only called when returning the
+ *	message queue identifier for an existing message queue, not when a
+ *	new message queue is created.
+ *	@msq contains the message queue to act upon.
+ *	@msqid contains the resource identifier.
+ *	@msqflg contains the operation control flags.
+ *	Return 0 if permission is granted.
+ * @msgctl:
+ *	Check permission when a message control operation specified by @cmd
+ *	is to be performed on the message queue @msq, with identifier
+ *	@msqid.
+ *	@msq contains the message queue to act upon.
+ *	@msqid contains the resource identifier.
+ *	@cmd contains the operation to be performed.
+ *	Return 0 if permission is granted.  
+ * @msgsnd:
+ *	Check permission before a message, @msg, is enqueued on the message
+ *	queue, @msq, whose identifier is specified by the value of @msqid.
+ *	@msq contains the message queue to send message to.
+ *	@msg contains the message to be enqueued.
+ *	@msqid contains resource identifier.
+ *	@msqflg contains operational flags.
+ *	Return 0 if permission is granted.
+ * @msgrcv:
+ *	Check permission before a message, @msg, is removed from the message
+ *	queue, @msq, whose identifier is specified by the value of @msqid.  The
+ *	@target task structure contains a pointer to the process that will be
+ *	receiving the message (not equal to the current process when inline
+ *	receives are being performed).
+ *	@msq contains the message queue to retrieve message from.
+ *	@msg contains the message destination.
+ *	@target contains the task structure for recipient process.
+ *	@type contains the type of message requested.
+ *	@mode contains the operational flags.
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V IPC message queues.
+ */
+struct msg_queue_security_ops {
+	int (*alloc_security) (struct msg_queue *msq);
+	void (*free_security) (struct msg_queue *msq);
+	int (*associate) (struct msg_queue *msq, int msqid, int msqflg);
+	int (*msgctl) (struct msg_queue *msq, int msqid, int cmd);
+	int (*msgsnd) (struct msg_queue *msq, struct msg_msg *msg, int msqid,
+		       int msqflg);
+	int (*msgrcv) (struct msg_queue *msq, struct msg_msg *msg,
+		       struct task_struct *target, long type, int mode);
+};
+
+/**
+ * struct shm_security_ops - Security hooks for System V Shared Memory Segments
+ * @alloc_security:
+ *	Allocate and attach a security structure to the shp->shm_perm.security
+ *	field.  The security field is initialized to NULL when the structure is
+ *	first created.
+ *	@shp contains the shared memory structure to be modified.
+ *	Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ *	Deallocate the security struct for this memory segment.
+ *	@shp contains the shared memory structure to be modified.
+ * @associate:
+ *	Check permission when a shared memory region is requested through the
+ *	shmget system call.  This hook is only called when returning the shared
+ *	memory region identifier for an existing region, not when a new shared
+ *	memory region is created.
+ *	@shp contains the shared memory structure to be modified.
+ *	@shmid contains the resource identifier.
+ *	@shmflg contains the operation control flags.
+ *	Return 0 if permission is granted.
+ * @shmctl:
+ *	Check permission when a shared memory control operation specified by
+ *	@cmd is to be performed on the shared memory region @shp, with
+ *	identifier @shmid.
+ *	@shp contains shared memory structure to be modified.
+ *	@shmid contains the resource identifier.
+ *	@cmd contains the operation to be performed.
+ *	Return 0 if permission is granted.
+ * @shmat:
+ *	Check permissions prior to allowing the shmat system call to attach the
+ *	shared memory segment @shp, identified by @shmid, to the data segment
+ *	of the calling process. The attaching address is specified by @shmaddr.
+ *	@shp contains the shared memory structure to be modified.
+ *	@shmid contains the resource identifier.
+ *	@shmaddr contains the address to attach memory region to.
+ *	@shmflg contains the operational flags.
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V shared memory segments.
+ */
+struct shm_security_ops {
+	int (*alloc_security) (struct shmid_kernel *shp);
+	void (*free_security) (struct shmid_kernel *shp);
+	int (*associate) (struct shmid_kernel *shp, int shmid, int shmflg);
+	int (*shmctl) (struct shmid_kernel *shp, int shmid, int cmd);
+	int (*shmat) (struct shmid_kernel *shp, int shmid, char *shmaddr, 
+		      int shmflg);
+};
+
+/**
+ * struct sem_security_ops - Security hooks for System V Semaphores
+ * @alloc_security:
+ *	Allocate and attach a security structure to the sma->sem_perm.security
+ *	field.  The security field is initialized to NULL when the structure is
+ *	first created.
+ *	@sma contains the semaphore structure
+ *	Return 0 if operation was successful and permission is granted.
+ * @free_security:
+ *	deallocate security struct for this semaphore
+ *	@sma contains the semaphore structure.
+ * @associate:
+ *	Check permission when a semaphore is requested through the semget
+ *	system call.  This hook is only called when returning the semaphore
+ *	identifier for an existing semaphore, not when a new one must be
+ *	created.
+ *	@sma contains the semaphore structure.
+ *	@semid contains the resource identifier.
+ *	@semflg contains the operation control flags.
+ *	Return 0 if permission is granted.
+ * @semctl:
+ *	Check permission when a semaphore operation specified by @cmd is to be
+ *	performed on the semaphore @sma, with identifier @semid.
+ *	@sma contains the semaphore structure.
+ *	@semid contains the resource identifier.
+ *	@cmd contains the operation to be performed.
+ *	Return 0 if permission is granted.
+ * @semop
+ *	Check permissions before performing operations on members of the
+ *	semaphore set @sma, identified by @semid.  If the @alter flag is
+ *	nonzero, the semaphore set may be modified.
+ *	@sma contains the semaphore structure.
+ *	@semid contains the resource identifier.
+ *	@sops contains the operations to perform.
+ *	@nsops contains the number of operations to perform.
+ *	@alter contains the flag indicating whether changes are to be made.
+ *	Return 0 if permission is granted.
+ *
+ * These are the security hooks for System V semaphores.
+ */
+struct sem_security_ops {
+	int (*alloc_security) (struct sem_array *sma);
+	void (*free_security) (struct sem_array *sma);
+	int (*associate) (struct sem_array *sma, int semid, int semflg);
+	int (*semctl) (struct sem_array *sma, int semid, int cmd);
+	int (*semop) (struct sem_array *sma, int semid, struct sembuf *sops,
+		      unsigned nsops, int alter);
+};
+
+/* forward declares to avoid warnings */
+struct nfsctl_arg;
+struct swap_info_struct;
+/**
+ * struct security_operations - main security structure
+ * @sethostname:
+ *	Check permission before the hostname is set to @hostname.
+ *	@hostname contains the new hostname
+ *	Return 0 if permission is granted.
+ * @setdomainname:
+ *	Check permission before the domainname is set to @domainname.
+ *	@domainname contains the new domainname
+ *	Return 0 if permission is granted.
+ * @reboot:
+ *	Check permission before rebooting or enabling/disabling the
+ *	Ctrl-Alt-Del key sequence.
+ *	The values for @cmd are defined in the reboot(2) manual page.
+ *	@cmd contains the reboot command.
+ *	Return 0 if permission is granted.
+ * @ioperm:
+ *	Check permission before setting port input/output permissions for the
+ *	process for @num bytes starting from the port address @from to the
+ *	value @turn_on.
+ *	@from contains the starting port address.
+ *	@num contains the number of bytes starting from @from.
+ *	@turn_on contains the permissions value.
+ *	Return 0 if permission is granted.
+ * @iopl:
+ *	Check permission before changing the I/O privilege level of the current
+ *	process from @old to @level.
+ *	@old contains the old level.
+ *	@level contains the new level.
+ *	Return 0 if permission is granted.
+ * @ptrace:
+ *	Check permission before allowing the @parent process to trace the
+ *	@child process.
+ *	Security modules may also want to perform a process tracing check
+ *	during an execve in the set_security or compute_creds hooks of
+ *	binprm_security_ops if the process is being traced and its security
+ *	attributes would be changed by the execve.
+ *	@parent contains the task_struct structure for parent process.
+ *	@child contains the task_struct structure for child process.
+ *	Return 0 if permission is granted.
+ * @capget:
+ *	Get the @effective, @inheritable, and @permitted capability sets for
+ *	the @target process.  The hook may also perform permission checking to
+ *	determine if the current process is allowed to see the capability sets
+ *	of the @target process.
+ *	@target contains the task_struct structure for target process.
+ *	@effective contains the effective capability set.
+ *	@inheritable contains the inheritable capability set.
+ *	@permitted contains the permitted capability set.
+ *	Return 0 if the capability sets were successfully obtained.
+ * @capset_check:
+ *	Check permission before setting the @effective, @inheritable, and
+ *	@permitted capability sets for the @target process.
+ *	Caveat:  @target is also set to current if a set of processes is
+ *	specified (i.e. all processes other than current and init or a
+ *	particular process group).  Hence, the capset_set hook may need to
+ *	revalidate permission to the actual target process.
+ *	@target contains the task_struct structure for target process.
+ *	@effective contains the effective capability set.
+ *	@inheritable contains the inheritable capability set.
+ *	@permitted contains the permitted capability set.
+ *	Return 0 if permission is granted.
+ * @capset_set:
+ *	Set the @effective, @inheritable, and @permitted capability sets for
+ *	the @target process.  Since capset_check cannot always check permission
+ *	to the real @target process, this hook may also perform permission
+ *	checking to determine if the current process is allowed to set the
+ *	capability sets of the @target process.  However, this hook has no way
+ *	of returning an error due to the structure of the sys_capset code.
+ *	@target contains the task_struct structure for target process.
+ *	@effective contains the effective capability set.
+ *	@inheritable contains the inheritable capability set.
+ *	@permitted contains the permitted capability set.
+ * @acct:
+ *	Check permission before enabling or disabling process accounting.  If
+ *	accounting is being enabled, then @file refers to the open file used to
+ *	store accounting records.  If accounting is being disabled, then @file
+ *	is NULL.
+ *	@file contains the file structure for the accounting file (may be NULL).
+ *	Return 0 if permission is granted.
+ * @sysctl:
+ *	Check permission before accessing the @table sysctl variable in the
+ *	manner specified by @op.
+ *	@table contains the ctl_table structure for the sysctl variable.
+ *	@op contains the operation (001 = search, 002 = write, 004 = read).
+ *	Return 0 if permission is granted.
+ * @capable:
+ *	Check whether the @tsk process has the @cap capability.
+ *	@tsk contains the task_struct for the process.
+ *	@cap contains the capability <include/linux/capability.h>.
+ *	Return 0 if the capability is granted for @tsk.
+ * @sys_security:
+ *	Security modules may use this hook to implement new system calls for
+ *	security-aware applications.  The interface is similar to socketcall,
+ *	but with an @id parameter to help identify the security module whose
+ *	call is being invoked.  The module is responsible for interpreting the
+ *	parameters, and must copy in the @args array from user space if it is
+ *	used.
+ *	@id contains the security module identifier.
+ *	@call contains the call value.
+ *	@args contains the call arguments (user space pointer).
+ *	The module should return -ENOSYS if it does not implement any new
+ *	system calls.
+ * @swapon:
+ *	Check permission before enabling swapping to the file or block device
+ *	identified by @swap.
+ *	@swap contains the swap_info_struct structure for the swap file and device.
+ *	Return 0 if permission is granted.
+ * @swapoff:
+ *	Check permission before disabling swapping to the file or block device
+ *	identified by @swap.
+ *	@swap contains the swap_info_struct structure for the swap file and device.
+ *	Return 0 if permission is granted.
+ * @nfsservctl:
+ *	Check permission before having the kernel NFS daemon perform command
+ *	@cmd with arguments @arg.
+ *	See the nfsservctl(2) manual page for an explanation of @cmd and @arg
+ *	values.
+ *	@cmd contains the command value.
+ *	@arg contains the command arguments.
+ *	Return 0 if permission is granted.
+ * @quotactl:
+ *	Check permission before performing the quota operation identified by
+ *	@cmd for the specified @type, @id, and @sb.  The @sb parameter may be
+ *	NULL, e.g. for the Q_SYNC and Q_GETSTATS commands.
+ *	@cmd contains the command value.
+ *	@type contains the type of quota (USRQUOTA or GRPQUOTA).
+ *	@id contains the user or group identifier.
+ *	@sb contains the super_block structure for the filesystem (may be NULL).
+ *	Return 0 if permission is granted.
+ * @quota_on:
+ *	Check permission before enabling quotas for a file system using @f as
+ *	the quota file.
+ *	@f contains the open file for storing quotas.
+ *	Return 0 if permission is granted.
+ * @bdflush:
+ *	Check permission before tuning the bdflush parameter.  
+ *	See the bdflush(2) manual page for an explanation of the @func and
+ *	@data parameters.  The @data parameter should only be used by the
+ *	module if it is an input value.
+ *	@func contains the tuning function.
+ *	@data contains the tuning parameter pointer (user space pointer) or value.
+ *	Return 0 if permission is granted.
+ * @syslog:
+ *	Check permission before accessing the kernel message ring or changing
+ *	logging to the console.
+ *	See the syslog(2) manual page for an explanation of the @type values.  
+ *	@type contains the type of action.
+ *	Return 0 if permission is granted.
+ * @netlink_send:
+ *	Save security information for a netlink message so that permission
+ *	checking can be performed when the message is processed.  The security
+ *	information can either be saved using the existing eff_cap field of the
+ *	netlink_skb_parms structure or it can be saved using the skbuff
+ *	lsm_security field.
+ *	@skb contains the sk_buff structure for the netlink message.
+ *	Return 0 if the information was successfully saved.
+ * @netlink_recv:
+ *	Check permission before processing the received netlink message in
+ *	@skb.
+ *	@skb contains the sk_buff structure for the netlink message.
+ *	Return 0 if permission is granted.
+ * @bprm_ops:
+ *	struct binprm_security_ops
+ * @sb_ops:
+ *	struct super_block_security_ops
+ * @inode_ops:
+ *	struct inode_security_ops
+ * @file_ops:
+ *	struct file_security_ops
+ * @task_ops:
+ *	struct task_security_ops
+ * @socket_ops:
+ *	struct socket_security_ops
+ * @skb_ops:
+ *	struct skb_security_ops
+ * @ip_ops:
+ *	struct ip_security_ops
+ * @netdev_ops:
+ *	struct netdev_security_ops
+ * @module_ops:
+ *	struct module_security_ops
+ * @ipc_ops:
+ *	struct ipc_security_ops
+ * @msg_msg_ops:
+ *	struct msg_msg_security_ops
+ * @msg_queue_ops:
+ *	struct msg_queue_security_ops
+ * @shm_ops:
+ *	struct shm_security_ops
+ * @sem_ops:
+ *	struct sem_security_ops
+ * @register_security:
+ * 	allow module stacking.
+ * 	@name contains the name of the security module being stacked.
+ * 	@ops contains a pointer to the struct security_operations of the module to stack.
+ * @unregister_security:
+ *	remove a stacked module.
+ *	@name contains the name of the security module being unstacked.
+ *	@ops contains a pointer to the struct security_operations of the module to unstack.
+ * 
+ * This is the main security structure.
+ */
+struct security_operations {
+	int (*sethostname) (char *hostname);
+	int (*setdomainname) (char *domainname);
+	int (*reboot) (unsigned int cmd);	
+	int (*ioperm) (unsigned long from, unsigned long num, int turn_on);
+	int (*iopl) (unsigned int old, unsigned int level);
+	int (*ptrace) (struct task_struct *parent, struct task_struct *child);
+	int (*capget) (struct task_struct *target, kernel_cap_t *effective,
+		       kernel_cap_t *inheritable, kernel_cap_t *permitted);
+	int (*capset_check) (struct task_struct *target,
+			     kernel_cap_t *effective, 
+			     kernel_cap_t *inheritable,
+			     kernel_cap_t *permitted);
+	void (*capset_set) (struct task_struct *target,
+			    kernel_cap_t *effective, kernel_cap_t *inheritable,
+			    kernel_cap_t *permitted);
+	int (*acct) (struct file *file);
+	int (*sysctl) (ctl_table * table, int op);
+	int (*capable) (struct task_struct *tsk, int cap);
+	int (*sys_security) (unsigned int id, unsigned call,
+			     unsigned long *args);
+	int (*swapon) (struct swap_info_struct *swap);
+	int (*swapoff) (struct swap_info_struct *swap);
+	int (*nfsservctl) (int cmd, struct nfsctl_arg *arg);
+	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
+	int (*quota_on) (struct file *f);
+	int (*bdflush) (int func, long data);
+	int (*syslog) (int type);
+	int (*netlink_send) (struct sk_buff *skb);
+	int (*netlink_recv) (struct sk_buff *skb);
+
+	struct binprm_security_ops	* bprm_ops;
+	struct super_block_security_ops	* sb_ops;
+	struct inode_security_ops	* inode_ops;
+	struct file_security_ops	* file_ops;
+	struct task_security_ops	* task_ops;
+	struct socket_security_ops	* socket_ops;
+	struct skb_security_ops		* skb_ops;
+	struct ip_security_ops		* ip_ops;
+	struct netdev_security_ops	* netdev_ops;
+	struct module_security_ops	* module_ops;
+	struct ipc_security_ops		* ipc_ops;
+	struct msg_msg_security_ops	* msg_msg_ops;
+	struct msg_queue_security_ops	* msg_queue_ops;
+	struct shm_security_ops		* shm_ops;
+	struct sem_security_ops		* sem_ops;
+
+	/* allow module stacking */
+	int (*register_security)	(const char *name, struct security_operations *ops);
+	int (*unregister_security)	(const char *name, struct security_operations *ops);
+};
+
+
+/* prototypes */
+extern int security_scaffolding_startup	(void);
+extern int register_security	(struct security_operations *ops);
+extern int unregister_security	(struct security_operations *ops);
+extern int mod_reg_security	(const char *name, struct security_operations *ops);
+extern int mod_unreg_security	(const char *name, struct security_operations *ops);
+extern int capable		(int cap);
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+
+#endif /* __KERNEL__ */
+
+#endif /* ! __LINUX_SECURITY_H */
+
diff --minimal -Nru a/include/linux/shm.h b/include/linux/shm.h
--- a/include/linux/shm.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/shm.h	Tue Feb 12 18:59:50 2002
@@ -71,6 +71,19 @@
 };
 
 #ifdef __KERNEL__
+struct shmid_kernel /* private to the kernel */
+{	
+	struct kern_ipc_perm	shm_perm;
+	struct file *		shm_file;
+	int			id;
+	unsigned long		shm_nattch;
+	unsigned long		shm_segsz;
+	time_t			shm_atim;
+	time_t			shm_dtim;
+	time_t			shm_ctim;
+	pid_t			shm_cprid;
+	pid_t			shm_lprid;
+};
 
 /* shm_mode upper byte flags */
 #define	SHM_DEST	01000	/* segment will be destroyed on last detach */
diff --minimal -Nru a/include/linux/skbuff.h b/include/linux/skbuff.h
--- a/include/linux/skbuff.h	Tue Feb 12 18:59:50 2002
+++ b/include/linux/skbuff.h	Tue Feb 12 18:59:50 2002
@@ -217,6 +217,8 @@
 #ifdef CONFIG_NET_SCHED
        __u32           tc_index;               /* traffic control index */
 #endif
+
+	void		*lsm_security;		/* replaces the above security field */
 };
 
 #define SK_WMEM_MAX	65535
diff --minimal -Nru a/include/net/sock.h b/include/net/sock.h
--- a/include/net/sock.h	Tue Feb 12 18:59:50 2002
+++ b/include/net/sock.h	Tue Feb 12 18:59:50 2002
@@ -1136,6 +1136,7 @@
 	skb->sk = sk;
 	skb->destructor = sock_wfree;
 	atomic_add(skb->truesize, &sk->wmem_alloc);
+	security_ops->skb_ops->set_owner_w(skb, sk);
 }
 
 static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
@@ -1147,15 +1148,20 @@
 
 static inline int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
+	int err = 0;
+
 	/* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
 	   number of warnings when compiling with -W --ANK
 	 */
 	if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
                 return -ENOMEM;
 
+	err = security_ops->socket_ops->sock_rcv_skb(sk, skb);
+	if (err) 
+		return err;
+
 #ifdef CONFIG_FILTER
 	if (sk->filter) {
-		int err = 0;
 		struct sk_filter *filter;
 
 		/* It would be deadlock, if sock_queue_rcv_skb is used
diff --minimal -Nru a/init/do_mounts.c b/init/do_mounts.c
--- a/init/do_mounts.c	Tue Feb 12 18:59:50 2002
+++ b/init/do_mounts.c	Tue Feb 12 18:59:50 2002
@@ -837,6 +837,7 @@
 	sys_umount("/dev", 0);
 	sys_mount(".", "/", NULL, MS_MOVE, NULL);
 	sys_chroot(".");
+	security_ops->sb_ops->post_mountroot();
 	mount_devfs_fs ();
 }
 
diff --minimal -Nru a/init/main.c b/init/main.c
--- a/init/main.c	Tue Feb 12 18:59:50 2002
+++ b/init/main.c	Tue Feb 12 18:59:50 2002
@@ -27,6 +27,7 @@
 #include <linux/iobuf.h>
 #include <linux/bootmem.h>
 #include <linux/tty.h>
+#include <linux/security.h>
 
 #include <asm/io.h>
 #include <asm/bugs.h>
@@ -360,6 +361,7 @@
 
 	fork_init(mempages);
 	proc_caches_init();
+	security_scaffolding_startup();
 	vfs_caches_init(mempages);
 	buffer_init(mempages);
 	page_cache_init(mempages);
diff --minimal -Nru a/ipc/msg.c b/ipc/msg.c
--- a/ipc/msg.c	Tue Feb 12 18:59:50 2002
+++ b/ipc/msg.c	Tue Feb 12 18:59:50 2002
@@ -52,34 +52,6 @@
 	struct msg_msgseg* next;
 	/* the next part of the message follows immediately */
 };
-/* one msg_msg structure for each message */
-struct msg_msg {
-	struct list_head m_list; 
-	long  m_type;          
-	int m_ts;           /* message text size */
-	struct msg_msgseg* next;
-	/* the actual message follows immediately */
-};
-
-#define DATALEN_MSG	(PAGE_SIZE-sizeof(struct msg_msg))
-#define DATALEN_SEG	(PAGE_SIZE-sizeof(struct msg_msgseg))
-
-/* one msq_queue structure for each present queue on the system */
-struct msg_queue {
-	struct kern_ipc_perm q_perm;
-	time_t q_stime;			/* last msgsnd time */
-	time_t q_rtime;			/* last msgrcv time */
-	time_t q_ctime;			/* last change time */
-	unsigned long q_cbytes;		/* current number of bytes on queue */
-	unsigned long q_qnum;		/* number of messages in queue */
-	unsigned long q_qbytes;		/* max number of bytes on queue */
-	pid_t q_lspid;			/* pid of last msgsnd */
-	pid_t q_lrpid;			/* last receive pid */
-
-	struct list_head q_messages;
-	struct list_head q_receivers;
-	struct list_head q_senders;
-};
 
 #define SEARCH_ANY		1
 #define SEARCH_EQUAL		2
@@ -117,18 +89,28 @@
 static int newque (key_t key, int msgflg)
 {
 	int id;
+	int retval;
 	struct msg_queue *msq;
 
 	msq  = (struct msg_queue *) kmalloc (sizeof (*msq), GFP_KERNEL);
 	if (!msq) 
 		return -ENOMEM;
+
+	msq->q_perm.mode = (msgflg & S_IRWXUGO);
+	msq->q_perm.key = key;
+
+	msq->q_perm.security = NULL;
+	retval = security_ops->msg_queue_ops->alloc_security(msq);
+	if (retval) {
+		kfree(msq);
+		return retval;
+	}
+
 	id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
 	if(id == -1) {
 		kfree(msq);
 		return -ENOSPC;
 	}
-	msq->q_perm.mode = (msgflg & S_IRWXUGO);
-	msq->q_perm.key = key;
 
 	msq->q_stime = msq->q_rtime = 0;
 	msq->q_ctime = CURRENT_TIME;
@@ -146,6 +128,9 @@
 static void free_msg(struct msg_msg* msg)
 {
 	struct msg_msgseg* seg;
+
+	security_ops->msg_msg_ops->free_security(msg);
+
 	seg = msg->next;
 	kfree(msg);
 	while(seg != NULL) {
@@ -200,6 +185,12 @@
 		len -= alen;
 		src = ((char*)src)+alen;
 	}
+	
+	msg->security = NULL;
+	err = security_ops->msg_msg_ops->alloc_security(msg);
+	if (err)
+		goto out_err;
+
 	return msg;
 
 out_err:
@@ -285,6 +276,8 @@
 
 	msq = msg_rmid(id);
 
+	security_ops->msg_queue_ops->free_security(msq);
+
 	expunge_all(msq,-EIDRM);
 	ss_wakeup(&msq->q_senders,1);
 	msg_unlock(id);
@@ -321,8 +314,12 @@
 			BUG();
 		if (ipcperms(&msq->q_perm, msgflg))
 			ret = -EACCES;
-		else
-			ret = msg_buildid(id, msq->q_perm.seq);
+		else {
+			int qid = msg_buildid(id, msq->q_perm.seq);
+		    	ret = security_ops->msg_queue_ops->associate(msq, qid, msgflg);
+			if (!ret)
+				ret = qid;
+		}
 		msg_unlock(id);
 	}
 	up(&msg_ids.sem);
@@ -444,6 +441,11 @@
 		 * due to padding, it's not enough
 		 * to set all member fields.
 		 */
+
+		err = security_ops->ipc_ops->getinfo(msqid, cmd);
+		if (err)
+			return err;
+
 		memset(&msginfo,0,sizeof(msginfo));	
 		msginfo.msgmni = msg_ctlmni;
 		msginfo.msgmax = msg_ctlmax;
@@ -494,6 +496,10 @@
 		if (ipcperms (&msq->q_perm, S_IRUGO))
 			goto out_unlock;
 
+		err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+		if (err)
+			goto out_unlock;
+
 		kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm);
 		tbuf.msg_stime  = msq->q_stime;
 		tbuf.msg_rtime  = msq->q_rtime;
@@ -541,6 +547,11 @@
 	{
 		if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE))
 			goto out_unlock_up;
+
+		err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+		if (err)
+			goto out_unlock_up;
+		
 		msq->q_qbytes = setbuf.qbytes;
 
 		ipcp->uid = setbuf.uid;
@@ -560,6 +571,10 @@
 		break;
 	}
 	case IPC_RMID:
+		err = security_ops->msg_queue_ops->msgctl(msq, msqid, cmd);
+		if (err)
+			goto out_unlock_up;
+
 		freeque (msqid); 
 		break;
 	}
@@ -606,7 +621,8 @@
 		struct msg_receiver* msr;
 		msr = list_entry(tmp,struct msg_receiver,r_list);
 		tmp = tmp->next;
-		if(testmsg(msg,msr->r_msgtype,msr->r_mode)) {
+		if(testmsg(msg,msr->r_msgtype,msr->r_mode) &&
+		   !security_ops->msg_queue_ops->msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
 			list_del(&msr->r_list);
 			if(msr->r_maxsize < msg->m_ts) {
 				msr->r_msg = ERR_PTR(-E2BIG);
@@ -657,6 +673,10 @@
 	if (ipcperms(&msq->q_perm, S_IWUGO)) 
 		goto out_unlock_free;
 
+	err = security_ops->msg_queue_ops->msgsnd(msq, msg, msqid, msgflg);
+	if (err)
+		goto out_unlock_free;
+
 	if(msgsz + msq->q_cbytes > msq->q_qbytes ||
 		1 + msq->q_qnum > msq->q_qbytes) {
 		struct msg_sender s;
@@ -755,7 +775,8 @@
 	found_msg=NULL;
 	while (tmp != &msq->q_messages) {
 		msg = list_entry(tmp,struct msg_msg,m_list);
-		if(testmsg(msg,msgtyp,mode)) {
+		if(testmsg(msg,msgtyp,mode) &&
+		   !security_ops->msg_queue_ops->msgrcv(msq, msg, current, msgtyp, mode)) {
 			found_msg = msg;
 			if(mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
 				found_msg=msg;
@@ -773,6 +794,7 @@
 			err=-E2BIG;
 			goto out_unlock;
 		}
+
 		list_del(&msg->m_list);
 		msq->q_qnum--;
 		msq->q_rtime = CURRENT_TIME;
diff --minimal -Nru a/ipc/sem.c b/ipc/sem.c
--- a/ipc/sem.c	Tue Feb 12 18:59:50 2002
+++ b/ipc/sem.c	Tue Feb 12 18:59:50 2002
@@ -62,6 +62,7 @@
 #include <linux/spinlock.h>
 #include <linux/init.h>
 #include <linux/proc_fs.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 #include "util.h"
 
@@ -114,6 +115,7 @@
 static int newary (key_t key, int nsems, int semflg)
 {
 	int id;
+	int retval;
 	struct sem_array *sma;
 	int size;
 
@@ -128,6 +130,17 @@
 		return -ENOMEM;
 	}
 	memset (sma, 0, size);
+
+	sma->sem_perm.mode = (semflg & S_IRWXUGO);
+	sma->sem_perm.key = key;
+
+	sma->sem_perm.security = NULL;
+	retval = security_ops->sem_ops->alloc_security(sma);
+	if (retval) {
+		ipc_free(sma, size);
+		return retval;
+	}
+
 	id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
 	if(id == -1) {
 		ipc_free(sma, size);
@@ -135,9 +148,6 @@
 	}
 	used_sems += nsems;
 
-	sma->sem_perm.mode = (semflg & S_IRWXUGO);
-	sma->sem_perm.key = key;
-
 	sma->sem_base = (struct sem *) &sma[1];
 	/* sma->sem_pending = NULL; */
 	sma->sem_pending_last = &sma->sem_pending;
@@ -175,8 +185,12 @@
 			err = -EINVAL;
 		else if (ipcperms(&sma->sem_perm, semflg))
 			err = -EACCES;
-		else
-			err = sem_buildid(id, sma->sem_perm.seq);
+		else {
+			int semid = sem_buildid(id, sma->sem_perm.seq);
+			err = security_ops->sem_ops->associate(sma, semid, semflg);
+			if (!err)
+				err = semid;
+		}
 		sem_unlock(id);
 	}
 
@@ -397,6 +411,7 @@
 	int size;
 
 	sma = sem_rmid(id);
+	security_ops->sem_ops->free_security(sma);
 
 	/* Invalidate the existing undo structures for this semaphore set.
 	 * (They will be freed without any further action in sem_exit()
@@ -451,6 +466,10 @@
 		struct seminfo seminfo;
 		int max_id;
 
+		err = security_ops->ipc_ops->getinfo(semid, cmd);
+		if (err)
+			return err;
+		
 		memset(&seminfo,0,sizeof(seminfo));
 		seminfo.semmni = sc_semmni;
 		seminfo.semmns = sc_semmns;
@@ -492,6 +511,11 @@
 		err = -EACCES;
 		if (ipcperms (&sma->sem_perm, S_IRUGO))
 			goto out_unlock;
+
+		err = security_ops->sem_ops->semctl(sma, semid, cmd);
+		if (err)
+			goto out_unlock;
+
 		id = sem_buildid(semid, sma->sem_perm.seq);
 
 		kernel_to_ipc64_perm(&sma->sem_perm, &tbuf.sem_perm);
@@ -535,6 +559,11 @@
 	if (ipcperms (&sma->sem_perm, (cmd==SETVAL||cmd==SETALL)?S_IWUGO:S_IRUGO))
 		goto out_unlock;
 
+	err = security_ops->sem_ops->semctl(sma, semid, cmd);
+	if (err)
+		goto out_unlock;
+
+	err = -EACCES;
 	switch (cmd) {
 	case GETALL:
 	{
@@ -725,6 +754,10 @@
 		goto out_unlock;
 	}
 
+	err = security_ops->sem_ops->semctl(sma, semid, cmd);
+	if (err)
+		goto out_unlock;
+
 	switch(cmd){
 	case IPC_RMID:
 		freeary(semid);
@@ -882,6 +915,12 @@
 	error = -EACCES;
 	if (ipcperms(&sma->sem_perm, alter ? S_IWUGO : S_IRUGO))
 		goto out_unlock_free;
+
+	error = security_ops->sem_ops->semop(sma, semid, sops, nsops, alter);
+	if (error)
+		goto out_unlock_free;
+	error = -EACCES;		
+
 	if (undos) {
 		/* Make sure we have an undo structure
 		 * for this process and this semaphore set.
diff --minimal -Nru a/ipc/shm.c b/ipc/shm.c
--- a/ipc/shm.c	Tue Feb 12 18:59:50 2002
+++ b/ipc/shm.c	Tue Feb 12 18:59:50 2002
@@ -23,24 +23,11 @@
 #include <linux/file.h>
 #include <linux/mman.h>
 #include <linux/proc_fs.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 
 #include "util.h"
 
-struct shmid_kernel /* private to the kernel */
-{	
-	struct kern_ipc_perm	shm_perm;
-	struct file *		shm_file;
-	int			id;
-	unsigned long		shm_nattch;
-	unsigned long		shm_segsz;
-	time_t			shm_atim;
-	time_t			shm_dtim;
-	time_t			shm_ctim;
-	pid_t			shm_cprid;
-	pid_t			shm_lprid;
-};
-
 #define shm_flags	shm_perm.mode
 
 static struct file_operations shm_file_operations;
@@ -124,6 +111,9 @@
 {
 	shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
 	shm_rmid (shp->id);
+
+	security_ops->shm_ops->free_security(shp);
+
 	shmem_lock(shp->shm_file, 0);
 	fput (shp->shm_file);
 	kfree (shp);
@@ -192,6 +182,17 @@
 	shp = (struct shmid_kernel *) kmalloc (sizeof (*shp), GFP_USER);
 	if (!shp)
 		return -ENOMEM;
+
+	shp->shm_perm.key = key;
+	shp->shm_flags = (shmflg & S_IRWXUGO);
+
+	shp->shm_perm.security = NULL;
+	error = security_ops->shm_ops->alloc_security(shp);
+	if (error) {
+		kfree(shp);
+		return error;
+	}
+
 	sprintf (name, "SYSV%08x", key);
 	file = shmem_file_setup(name, size);
 	error = PTR_ERR(file);
@@ -202,8 +203,7 @@
 	id = shm_addid(shp);
 	if(id == -1) 
 		goto no_id;
-	shp->shm_perm.key = key;
-	shp->shm_flags = (shmflg & S_IRWXUGO);
+
 	shp->shm_cprid = current->pid;
 	shp->shm_lprid = 0;
 	shp->shm_atim = shp->shm_dtim = 0;
@@ -248,8 +248,12 @@
 			err = -EINVAL;
 		else if (ipcperms(&shp->shm_perm, shmflg))
 			err = -EACCES;
-		else
-			err = shm_buildid(id, shp->shm_perm.seq);
+		else {
+			int shmid = shm_buildid(id, shp->shm_perm.seq);
+			err = security_ops->shm_ops->associate(shp, shmid, shmflg);
+			if (!err)
+				err = shmid;
+		}
 		shm_unlock(id);
 	}
 	up(&shm_ids.sem);
@@ -387,6 +391,10 @@
 	{
 		struct shminfo64 shminfo;
 
+		err = security_ops->ipc_ops->getinfo(shmid, cmd);
+		if (err)
+			return err;
+
 		memset(&shminfo,0,sizeof(shminfo));
 		shminfo.shmmni = shminfo.shmseg = shm_ctlmni;
 		shminfo.shmmax = shm_ctlmax;
@@ -405,6 +413,10 @@
 	{
 		struct shm_info shm_info;
 
+		err = security_ops->ipc_ops->getinfo(shmid, cmd);
+		if (err)
+			return err;
+
 		memset(&shm_info,0,sizeof(shm_info));
 		down(&shm_ids.sem);
 		shm_lockall();
@@ -430,6 +442,11 @@
 		shp = shm_lock(shmid);
 		if(shp==NULL)
 			return -EINVAL;
+
+		err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+		if (err)
+			goto out_unlock;
+		
 		if(cmd==SHM_STAT) {
 			err = -EINVAL;
 			if (shmid > shm_ids.max_id)
@@ -472,6 +489,11 @@
 		err = shm_checkid(shp,shmid);
 		if(err)
 			goto out_unlock;
+
+		err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+		if (err)
+			goto out_unlock;
+		
 		if(cmd==SHM_LOCK) {
 			shmem_lock(shp->shm_file, 1);
 			shp->shm_flags |= SHM_LOCKED;
@@ -502,6 +524,11 @@
 		err = shm_checkid(shp, shmid);
 		if(err)
 			goto out_unlock_up;
+
+		err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+		if (err)
+			goto out_unlock_up;
+
 		if (current->euid != shp->shm_perm.uid &&
 		    current->euid != shp->shm_perm.cuid && 
 		    !capable(CAP_SYS_ADMIN)) {
@@ -533,6 +560,11 @@
 		err = shm_checkid(shp,shmid);
 		if(err)
 			goto out_unlock_up;
+
+		err = security_ops->shm_ops->shmctl(shp, shmid, cmd);
+		if (err)
+			goto out_unlock_up;
+		
 		err=-EPERM;
 		if (current->euid != shp->shm_perm.uid &&
 		    current->euid != shp->shm_perm.cuid && 
@@ -623,6 +655,13 @@
 		shm_unlock(shmid);
 		return -EACCES;
 	}
+
+	err = security_ops->shm_ops->shmat(shp, shmid, shmaddr, shmflg);
+	if (err) {
+		shm_unlock(shmid);
+		return err;
+	}
+		
 	file = shp->shm_file;
 	size = file->f_dentry->d_inode->i_size;
 	shp->shm_nattch++;
diff --minimal -Nru a/ipc/util.c b/ipc/util.c
--- a/ipc/util.c	Tue Feb 12 18:59:50 2002
+++ b/ipc/util.c	Tue Feb 12 18:59:50 2002
@@ -19,6 +19,7 @@
 #include <linux/vmalloc.h>
 #include <linux/slab.h>
 #include <linux/highuid.h>
+#include <linux/security.h>
 
 #if defined(CONFIG_SYSVIPC)
 
@@ -263,7 +264,7 @@
 	    !capable(CAP_IPC_OWNER))
 		return -1;
 
-	return 0;
+	return security_ops->ipc_ops->permission(ipcp, flag);
 }
 
 /*
diff --minimal -Nru a/kernel/acct.c b/kernel/acct.c
--- a/kernel/acct.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/acct.c	Tue Feb 12 18:59:50 2002
@@ -182,6 +182,10 @@
 			goto out_err;
 	}
 
+	error = security_ops->acct(file);
+	if (error)
+		goto out_err;
+
 	error = 0;
 	lock_kernel();
 	if (acct_file) {
@@ -209,7 +213,8 @@
 out:
 	return error;
 out_err:
-	filp_close(file, NULL);
+	if (file)
+		filp_close(file, NULL);
 	goto out;
 }
 
diff --minimal -Nru a/kernel/capability.c b/kernel/capability.c
--- a/kernel/capability.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/capability.c	Tue Feb 12 18:59:50 2002
@@ -59,9 +59,7 @@
      }
 
      if (!error) { 
-	     data.permitted = cap_t(target->cap_permitted);
-	     data.inheritable = cap_t(target->cap_inheritable); 
-	     data.effective = cap_t(target->cap_effective);
+	     error = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
      }
 
      if (target != current)
@@ -90,9 +88,7 @@
      for_each_task(target) {
              if (target->pgrp != pgrp)
                      continue;
-             target->cap_effective   = *effective;
-             target->cap_inheritable = *inheritable;
-             target->cap_permitted   = *permitted;
+	     security_ops->capset_set(target, effective, inheritable, permitted);
      }
      read_unlock(&tasklist_lock);
 }
@@ -111,9 +107,7 @@
      for_each_task(target) {
              if (target == current || target->pid == 1)
                      continue;
-             target->cap_effective   = *effective;
-             target->cap_inheritable = *inheritable;
-             target->cap_permitted   = *permitted;
+	     security_ops->capset_set(target, effective, inheritable, permitted);
      }
      read_unlock(&tasklist_lock);
 }
@@ -170,30 +164,12 @@
              target = current;
      }
 
-
-     /* verify restrictions on target's new Inheritable set */
-     if (!cap_issubset(inheritable,
-                       cap_combine(target->cap_inheritable,
-                                   current->cap_permitted))) {
-             goto out;
-     }
-
-     /* verify restrictions on target's new Permitted set */
-     if (!cap_issubset(permitted,
-                       cap_combine(target->cap_permitted,
-                                   current->cap_permitted))) {
-             goto out;
-     }
-
-     /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
-     if (!cap_issubset(effective, permitted)) {
-             goto out;
-     }
+     error = security_ops->capset_check(target, &effective, &inheritable, &permitted);
+     if (error)
+	     goto out;
 
      /* having verified that the proposed changes are legal,
            we now put them into effect. */
-     error = 0;
-
      if (pid < 0) {
              if (pid == -1)  /* all procs other than current and init */
                      cap_set_all(&effective, &inheritable, &permitted);
@@ -202,10 +178,7 @@
                      cap_set_pg(-pid, &effective, &inheritable, &permitted);
              goto spin_out;
      } else {
-             /* FIXME: do we need to have a write lock here..? */
-             target->cap_effective   = effective;
-             target->cap_inheritable = inheritable;
-             target->cap_permitted   = permitted;
+	     security_ops->capset_set(target, &effective, &inheritable, &permitted);
      }
 
 out:
diff --minimal -Nru a/kernel/exit.c b/kernel/exit.c
--- a/kernel/exit.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/exit.c	Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
 #include <linux/personality.h>
 #include <linux/tty.h>
 #include <linux/namespace.h>
+#include <linux/security.h>
 #ifdef CONFIG_BSD_PROCESS_ACCT
 #include <linux/acct.h>
 #endif
@@ -39,6 +40,7 @@
 	wait_task_inactive(p);
 #endif
 	atomic_dec(&p->user->processes);
+	security_ops->task_ops->free_security(p);
 	free_uid(p->user);
 	unhash_process(p);
 
@@ -603,6 +605,10 @@
 			if (((p->exit_signal != SIGCHLD) ^ ((options & __WCLONE) != 0))
 			    && !(options & __WALL))
 				continue;
+
+			if (security_ops->task_ops->wait(p))
+				continue;
+
 			flag = 1;
 			switch (p->state) {
 			case TASK_STOPPED:
diff --minimal -Nru a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/fork.c	Tue Feb 12 18:59:50 2002
@@ -24,6 +24,7 @@
 #include <linux/file.h>
 #include <linux/binfmts.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -625,6 +626,10 @@
 			goto fork_out;
 	}
 
+	retval = security_ops->task_ops->create(clone_flags);
+	if (retval)
+		goto fork_out;
+
 	retval = -ENOMEM;
 	p = dup_task_struct(current);
 	if (!p)
@@ -703,13 +708,16 @@
 	p->array = NULL;
 	p->lock_depth = -1;		/* -1 = no lock */
 	p->start_time = jiffies;
+	p->security = NULL;
 
 	INIT_LIST_HEAD(&p->local_pages);
 
 	retval = -ENOMEM;
+	if (security_ops->task_ops->alloc_security(p))
+		goto bad_fork_cleanup;
 	/* copy all the process information */
 	if (copy_files(clone_flags, p))
-		goto bad_fork_cleanup;
+		goto bad_fork_cleanup_security;
 	if (copy_fs(clone_flags, p))
 		goto bad_fork_cleanup_files;
 	if (copy_sighand(clone_flags, p))
@@ -816,6 +824,8 @@
 	exit_fs(p); /* blocking */
 bad_fork_cleanup_files:
 	exit_files(p); /* blocking */
+bad_fork_cleanup_security:
+	security_ops->task_ops->free_security(p);
 bad_fork_cleanup:
 	put_exec_domain(p->thread_info->exec_domain);
 	if (p->binfmt && p->binfmt->module)
diff --minimal -Nru a/kernel/kmod.c b/kernel/kmod.c
--- a/kernel/kmod.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/kmod.c	Tue Feb 12 18:59:50 2002
@@ -133,7 +133,7 @@
 	/* Give kmod all effective privileges.. */
 	curtask->euid = curtask->fsuid = 0;
 	curtask->egid = curtask->fsgid = 0;
-	cap_set_full(curtask->cap_effective);
+	security_ops->task_ops->kmod_set_label();
 
 	/* Allow execve args to be in kernel space. */
 	set_fs(KERNEL_DS);
diff --minimal -Nru a/kernel/module.c b/kernel/module.c
--- a/kernel/module.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/module.c	Tue Feb 12 18:59:50 2002
@@ -11,6 +11,7 @@
 #include <linux/kmod.h>
 #include <linux/seq_file.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 /*
  * Originally by Anonymous (as far as I know...)
@@ -312,6 +313,12 @@
 		error = -EEXIST;
 		goto err1;
 	}
+
+	/* check that we have permission to do this */
+	error = security_ops->module_ops->create_module(name, size);
+	if (error)
+		goto err1;
+
 	if ((mod = (struct module *)module_map(size)) == NULL) {
 		error = -ENOMEM;
 		goto err1;
@@ -499,6 +506,12 @@
 		goto err3;
 	}
 
+	/* check that we have permission to do this */
+	error = security_ops->module_ops->init_module(mod);
+	if (error)
+		goto err3;
+	error = -EINVAL;
+
 	if (module_arch_init(mod))
 		goto err3;
 
@@ -619,6 +632,12 @@
 
 		spin_lock(&unload_lock);
 		if (!__MOD_IN_USE(mod)) {
+			/* check that we have permission to do this */
+			error = security_ops->module_ops->delete_module(mod);
+			if (error) {
+				spin_unlock(&unload_lock);
+				goto out;
+			}
 			mod->flags |= MOD_DELETED;
 			spin_unlock(&unload_lock);
 			free_module(mod, 0);
@@ -647,6 +666,13 @@
 				spin_unlock(&unload_lock);
 				mod->flags &= ~MOD_VISITED;
 			} else {
+				/* check that we have permission to do this
+				 * an error is not propagated if perm fails
+				 */
+				if (security_ops->module_ops->delete_module(mod)) {
+					spin_unlock(&unload_lock);
+					continue;
+				}
 				mod->flags |= MOD_DELETED;
 				spin_unlock(&unload_lock);
 				free_module(mod, 1);
diff --minimal -Nru a/kernel/printk.c b/kernel/printk.c
--- a/kernel/printk.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/printk.c	Tue Feb 12 18:59:50 2002
@@ -165,6 +165,10 @@
 	char c;
 	int error = 0;
 
+	error = security_ops->syslog(type);
+	if( error )
+		return error;
+
 	switch (type) {
 	case 0:		/* Close log */
 		break;
diff --minimal -Nru a/kernel/ptrace.c b/kernel/ptrace.c
--- a/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/ptrace.c	Tue Feb 12 18:59:50 2002
@@ -41,7 +41,9 @@
 
 int ptrace_attach(struct task_struct *task)
 {
+	int retval;
 	task_lock(task);
+	retval = -EPERM;
 	if (task->pid <= 1)
 		goto bad;
 	if (task == current)
@@ -53,7 +55,6 @@
 	    (current->uid != task->uid) ||
  	    (current->gid != task->egid) ||
  	    (current->gid != task->sgid) ||
- 	    (!cap_issubset(task->cap_permitted, current->cap_permitted)) ||
  	    (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE))
 		goto bad;
 	rmb();
@@ -62,6 +63,9 @@
 	/* the same process cannot be attached many times */
 	if (task->ptrace & PT_PTRACED)
 		goto bad;
+	retval = security_ops->ptrace(current, task);
+	if (retval)
+		goto bad;
 
 	/* Go */
 	task->ptrace |= PT_PTRACED;
@@ -82,7 +86,7 @@
 
 bad:
 	task_unlock(task);
-	return -EPERM;
+	return retval;
 }
 
 int ptrace_detach(struct task_struct *child, unsigned int data)
diff --minimal -Nru a/kernel/sched.c b/kernel/sched.c
--- a/kernel/sched.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/sched.c	Tue Feb 12 18:59:50 2002
@@ -19,6 +19,7 @@
 #include <linux/smp_lock.h>
 #include <linux/interrupt.h>
 #include <linux/completion.h>
+#include <linux/security.h>
 #include <asm/mmu_context.h>
 
 #define BITMAP_SIZE ((((MAX_PRIO+7)/8)+sizeof(long)-1)/sizeof(long))
@@ -969,6 +970,7 @@
 
 asmlinkage long sys_nice(int increment)
 {
+	int retval;
 	long nice;
 
 	/*
@@ -990,6 +992,11 @@
 		nice = -20;
 	if (nice > 19)
 		nice = 19;
+
+	retval = security_ops->task_ops->setnice(current, nice);
+	if (retval)
+		return retval;
+
 	set_user_nice(current, nice);
 	return 0;
 }
@@ -1062,6 +1069,10 @@
 	    !capable(CAP_SYS_NICE))
 		goto out_unlock;
 
+	retval = security_ops->task_ops->setscheduler(p, policy, &lp);
+	if (retval)
+		goto out_unlock;
+
 	array = p->array;
 	if (array)
 		deactivate_task(p, task_rq(p));
@@ -1107,8 +1118,11 @@
 	retval = -ESRCH;
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
-	if (p)
-		retval = p->policy;
+	if (p) {
+		retval = security_ops->task_ops->getscheduler(p);
+		if (!retval)
+			retval = p->policy;
+	}
 	read_unlock(&tasklist_lock);
 
 out_nounlock:
@@ -1130,6 +1144,11 @@
 	retval = -ESRCH;
 	if (!p)
 		goto out_unlock;
+
+	retval = security_ops->task_ops->getscheduler(p);
+	if (retval)
+		goto out_unlock;
+
 	lp.sched_priority = p->rt_priority;
 	read_unlock(&tasklist_lock);
 
@@ -1230,13 +1249,21 @@
 	retval = -ESRCH;
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
-	if (p)
-		jiffies_to_timespec(p->policy & SCHED_FIFO ?
-					 0 : NICE_TO_TIMESLICE(p->__nice), &t);
+	if (!p)
+		goto out_unlock;
+
+	retval = security_ops->task_ops->getscheduler(p);
+	if (retval)
+		goto out_unlock;
+
+	jiffies_to_timespec(p->policy & SCHED_FIFO ?
+				0 : NICE_TO_TIMESLICE(p->__nice), &t);
 	read_unlock(&tasklist_lock);
-	if (p)
-		retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0;
+	retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0;
 out_nounlock:
+	return retval;
+out_unlock:
+	read_unlock(&tasklist_lock);
 	return retval;
 }
 
diff --minimal -Nru a/kernel/signal.c b/kernel/signal.c
--- a/kernel/signal.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/signal.c	Tue Feb 12 18:59:50 2002
@@ -545,6 +545,9 @@
 	ret = -EPERM;
 	if (bad_signal(sig, info, t))
 		goto out_nolock;
+	ret = security_ops->task_ops->kill(t, info, sig);
+	if (ret)
+		goto out_nolock;
 
 	/* The null signal is a permissions and process existance probe.
 	   No signal is actually delivered.  Same goes for zombies. */
diff --minimal -Nru a/kernel/sys.c b/kernel/sys.c
--- a/kernel/sys.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/sys.c	Tue Feb 12 18:59:50 2002
@@ -15,6 +15,7 @@
 #include <linux/init.h>
 #include <linux/highuid.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/io.h>
@@ -212,6 +213,7 @@
 
 	read_lock(&tasklist_lock);
 	for_each_task(p) {
+		int no_nice;
 		if (!proc_sel(p, which, who))
 			continue;
 		if (p->uid != current->euid &&
@@ -221,10 +223,17 @@
 		}
 		if (error == -ESRCH)
 			error = 0;
-		if (niceval < p->__nice && !capable(CAP_SYS_NICE))
+		if (niceval < p->__nice && !capable(CAP_SYS_NICE)) {
 			error = -EACCES;
-		else
-			set_user_nice(p, niceval);
+			continue;
+		}
+		no_nice = security_ops->task_ops->setnice(p, niceval);
+		if (no_nice) {
+			error = no_nice;
+			continue;
+		}
+		set_user_nice(p, niceval);
+
 	}
 	read_unlock(&tasklist_lock);
 
@@ -271,11 +280,17 @@
 asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void * arg)
 {
 	char buffer[256];
+	int retval;
 
 	/* We only trust the superuser with rebooting the system. */
 	if (!capable(CAP_SYS_BOOT))
 		return -EPERM;
 
+	retval = security_ops->reboot(cmd);
+	if (retval) {
+		return retval;
+	}
+
 	/* For safety, we require "magic" arguments. */
 	if (magic1 != LINUX_REBOOT_MAGIC1 ||
 	    (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
@@ -380,6 +395,11 @@
 	int old_egid = current->egid;
 	int new_rgid = old_rgid;
 	int new_egid = old_egid;
+	int retval;
+
+	retval = security_ops->task_ops->setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
+	if (retval)
+		return retval;
 
 	if (rgid != (gid_t) -1) {
 		if ((old_rgid == rgid) ||
@@ -421,6 +441,11 @@
 asmlinkage long sys_setgid(gid_t gid)
 {
 	int old_egid = current->egid;
+	int retval;
+
+	retval = security_ops->task_ops->setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
+	if (retval)
+		return retval;
 
 	if (capable(CAP_SETGID))
 	{
@@ -445,52 +470,6 @@
 	return 0;
 }
   
-/* 
- * cap_emulate_setxuid() fixes the effective / permitted capabilities of
- * a process after a call to setuid, setreuid, or setresuid.
- *
- *  1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
- *  {r,e,s}uid != 0, the permitted and effective capabilities are
- *  cleared.
- *
- *  2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
- *  capabilities of the process are cleared.
- *
- *  3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
- *  capabilities are set to the permitted capabilities.
- *
- *  fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 
- *  never happen.
- *
- *  -astor 
- *
- * cevans - New behaviour, Oct '99
- * A process may, via prctl(), elect to keep its capabilities when it
- * calls setuid() and switches away from uid==0. Both permitted and
- * effective sets will be retained.
- * Without this change, it was impossible for a daemon to drop only some
- * of its privilege. The call to setuid(!=0) would drop all privileges!
- * Keeping uid 0 is not an option because uid 0 owns too many vital
- * files..
- * Thanks to Olaf Kirch and Peter Benie for spotting this.
- */
-static inline void cap_emulate_setxuid(int old_ruid, int old_euid, 
-				       int old_suid)
-{
-	if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
-	    (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
-	    !current->keep_capabilities) {
-		cap_clear(current->cap_permitted);
-		cap_clear(current->cap_effective);
-	}
-	if (old_euid == 0 && current->euid != 0) {
-		cap_clear(current->cap_effective);
-	}
-	if (old_euid != 0 && current->euid == 0) {
-		current->cap_effective = current->cap_permitted;
-	}
-}
-
 static int set_user(uid_t new_ruid, int dumpclear)
 {
 	struct user_struct *new_user, *old_user;
@@ -536,6 +515,11 @@
 asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
 {
 	int old_ruid, old_euid, old_suid, new_ruid, new_euid;
+	int retval;
+
+	retval = security_ops->task_ops->setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
+	if (retval)
+		return retval;
 
 	new_ruid = old_ruid = current->uid;
 	new_euid = old_euid = current->euid;
@@ -572,11 +556,7 @@
 		current->suid = current->euid;
 	current->fsuid = current->euid;
 
-	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
-		cap_emulate_setxuid(old_ruid, old_euid, old_suid);
-	}
-
-	return 0;
+	return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
 }
 
 
@@ -596,6 +576,11 @@
 {
 	int old_euid = current->euid;
 	int old_ruid, old_suid, new_ruid, new_suid;
+	int retval;
+
+	retval = security_ops->task_ops->setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
+	if (retval)
+		return retval;
 
 	old_ruid = new_ruid = current->uid;
 	old_suid = current->suid;
@@ -616,11 +601,7 @@
 	current->fsuid = current->euid = uid;
 	current->suid = new_suid;
 
-	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
-		cap_emulate_setxuid(old_ruid, old_euid, old_suid);
-	}
-
-	return 0;
+	return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
 }
 
 
@@ -633,6 +614,11 @@
 	int old_ruid = current->uid;
 	int old_euid = current->euid;
 	int old_suid = current->suid;
+	int retval;
+
+	retval = security_ops->task_ops->setuid(ruid, euid, suid, LSM_SETID_RES);
+	if (retval)
+		return retval;
 
 	if (!capable(CAP_SETUID)) {
 		if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
@@ -661,11 +647,7 @@
 	if (suid != (uid_t) -1)
 		current->suid = suid;
 
-	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
-		cap_emulate_setxuid(old_ruid, old_euid, old_suid);
-	}
-
-	return 0;
+	return security_ops->task_ops->post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
 }
 
 asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -684,6 +666,12 @@
  */
 asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
 {
+	int retval;
+
+	retval = security_ops->task_ops->setgid(rgid, egid, sgid, LSM_SETID_RES);
+	if (retval)
+		return retval;
+
 	if (!capable(CAP_SETGID)) {
 		if ((rgid != (gid_t) -1) && (rgid != current->gid) &&
 		    (rgid != current->egid) && (rgid != current->sgid))
@@ -732,6 +720,11 @@
 asmlinkage long sys_setfsuid(uid_t uid)
 {
 	int old_fsuid;
+	int retval;
+
+	retval = security_ops->task_ops->setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+	if (retval)
+		return retval;
 
 	old_fsuid = current->fsuid;
 	if (uid == current->uid || uid == current->euid ||
@@ -746,24 +739,9 @@
 		current->fsuid = uid;
 	}
 
-	/* We emulate fsuid by essentially doing a scaled-down version
-	 * of what we did in setresuid and friends. However, we only
-	 * operate on the fs-specific bits of the process' effective
-	 * capabilities 
-	 *
-	 * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
-	 *          if not, we might be a bit too harsh here.
-	 */
-	
-	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
-		if (old_fsuid == 0 && current->fsuid != 0) {
-			cap_t(current->cap_effective) &= ~CAP_FS_MASK;
-		}
-		if (old_fsuid != 0 && current->fsuid == 0) {
-			cap_t(current->cap_effective) |=
-				(cap_t(current->cap_permitted) & CAP_FS_MASK);
-		}
-	}
+	retval = security_ops->task_ops->post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+	if (retval)
+		return retval;
 
 	return old_fsuid;
 }
@@ -774,6 +752,11 @@
 asmlinkage long sys_setfsgid(gid_t gid)
 {
 	int old_fsgid;
+	int retval;
+
+	retval = security_ops->task_ops->setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
+	if (retval)
+		return retval;
 
 	old_fsgid = current->fsgid;
 	if (gid == current->gid || gid == current->egid ||
@@ -862,6 +845,10 @@
 	}
 
 ok_pgid:
+	err = security_ops->task_ops->setpgid(p, pgid);
+	if (err)
+		goto out;
+
 	p->pgrp = pgid;
 	err = 0;
 out:
@@ -882,8 +869,11 @@
 		p = find_task_by_pid(pid);
 
 		retval = -ESRCH;
-		if (p)
-			retval = p->pgrp;
+		if (p) {
+			retval = security_ops->task_ops->getpgid(p);
+			if (!retval)
+				retval = p->pgrp;
+		}
 		read_unlock(&tasklist_lock);
 		return retval;
 	}
@@ -907,8 +897,11 @@
 		p = find_task_by_pid(pid);
 
 		retval = -ESRCH;
-		if(p)
-			retval = p->session;
+		if(p) {
+			retval = security_ops->task_ops->getsid(p);
+			if (!retval)
+				retval = p->session;
+		}
 		read_unlock(&tasklist_lock);
 		return retval;
 	}
@@ -966,12 +959,19 @@
  
 asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
 {
+	gid_t groups[NGROUPS];
+	int retval;
+
 	if (!capable(CAP_SETGID))
 		return -EPERM;
 	if ((unsigned) gidsetsize > NGROUPS)
 		return -EINVAL;
-	if(copy_from_user(current->groups, grouplist, gidsetsize * sizeof(gid_t)))
+	if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
 		return -EFAULT;
+	retval = security_ops->task_ops->setgroups(gidsetsize, groups);
+	if (retval)
+		return retval;
+	memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
 	return 0;
 }
@@ -1026,20 +1026,25 @@
 
 asmlinkage long sys_sethostname(char *name, int len)
 {
+	char nodename[__NEW_UTS_LEN+1];
 	int errno;
 
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	if (copy_from_user(nodename, name, len)) 
+		return -EFAULT;
+	nodename[len] = 0;
+
+	errno = security_ops->sethostname(nodename);
+	if (errno)
+		return errno;
+
 	down_write(&uts_sem);
-	errno = -EFAULT;
-	if (!copy_from_user(system_utsname.nodename, name, len)) {
-		system_utsname.nodename[len] = 0;
-		errno = 0;
-	}
+	memcpy(system_utsname.nodename, nodename, len+1);
 	up_write(&uts_sem);
-	return errno;
+	return 0;
 }
 
 asmlinkage long sys_gethostname(char *name, int len)
@@ -1065,19 +1070,23 @@
  */
 asmlinkage long sys_setdomainname(char *name, int len)
 {
+	char domainname[__NEW_UTS_LEN+1];
 	int errno;
 
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	if (copy_from_user(domainname, name, len)) 
+		return -EFAULT;
+	domainname[len] = 0;
+
+	errno = security_ops->setdomainname(domainname);
+	if (errno)
+		return errno;
 
 	down_write(&uts_sem);
-	errno = -EFAULT;
-	if (!copy_from_user(system_utsname.domainname, name, len)) {
-		errno = 0;
-		system_utsname.domainname[len] = 0;
-	}
+	memcpy(system_utsname.domainname, domainname, len+1);
 	up_write(&uts_sem);
 	return errno;
 }
@@ -1116,6 +1125,7 @@
 asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
 {
 	struct rlimit new_rlim, *old_rlim;
+	int retval;
 
 	if (resource >= RLIM_NLIMITS)
 		return -EINVAL;
@@ -1130,6 +1140,11 @@
 		if (new_rlim.rlim_cur > NR_OPEN || new_rlim.rlim_max > NR_OPEN)
 			return -EPERM;
 	}
+
+	retval = security_ops->task_ops->setrlimit(resource, &new_rlim);
+	if (retval)
+		return retval;
+
 	*old_rlim = new_rlim;
 	return 0;
 }
@@ -1206,6 +1221,10 @@
 {
 	int error = 0;
 	int sig;
+
+	error = security_ops->task_ops->prctl(option, arg2, arg3, arg4, arg5);
+	if (error)
+		return error;
 
 	switch (option) {
 		case PR_SET_PDEATHSIG:
diff --minimal -Nru a/kernel/sysctl.c b/kernel/sysctl.c
--- a/kernel/sysctl.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/sysctl.c	Tue Feb 12 18:59:50 2002
@@ -387,6 +387,11 @@
 
 static inline int ctl_perm(ctl_table *table, int op)
 {
+	int error;
+	error = security_ops->sysctl(table, op);
+	if(error) {
+		return error;
+	}
 	return test_perm(table->mode, op);
 }
 
diff --minimal -Nru a/kernel/uid16.c b/kernel/uid16.c
--- a/kernel/uid16.c	Tue Feb 12 18:59:50 2002
+++ b/kernel/uid16.c	Tue Feb 12 18:59:50 2002
@@ -12,6 +12,7 @@
 #include <linux/prctl.h>
 #include <linux/init.h>
 #include <linux/highuid.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 
@@ -128,6 +129,7 @@
 asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
 {
 	old_gid_t groups[NGROUPS];
+	gid_t new_groups[NGROUPS];
 	int i;
 
 	if (!capable(CAP_SETGID))
@@ -137,7 +139,11 @@
 	if (copy_from_user(groups, grouplist, gidsetsize * sizeof(old_gid_t)))
 		return -EFAULT;
 	for (i = 0 ; i < gidsetsize ; i++)
-		current->groups[i] = (gid_t)groups[i];
+		new_groups[i] = (gid_t)groups[i];
+	i = security_ops->task_ops->setgroups(gidsetsize, new_groups);
+	if (i)
+		return i;
+	memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
 	return 0;
 }
diff --minimal -Nru a/mm/filemap.c b/mm/filemap.c
--- a/mm/filemap.c	Tue Feb 12 18:59:50 2002
+++ b/mm/filemap.c	Tue Feb 12 18:59:50 2002
@@ -25,6 +25,7 @@
 #include <linux/iobuf.h>
 #include <linux/compiler.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/pgalloc.h>
 #include <asm/uaccess.h>
@@ -1700,6 +1701,10 @@
 	if (retval)
 		goto fput_in;
 
+	retval = security_ops->file_ops->permission (in_file, MAY_READ);
+	if (retval)
+		goto fput_in;
+
 	/*
 	 * Get output file, and verify that it is ok..
 	 */
@@ -1714,6 +1719,10 @@
 		goto fput_out;
 	out_inode = out_file->f_dentry->d_inode;
 	retval = locks_verify_area(FLOCK_VERIFY_WRITE, out_inode, out_file, out_file->f_pos, count);
+	if (retval)
+		goto fput_out;
+
+	retval = security_ops->file_ops->permission (out_file, MAY_WRITE);
 	if (retval)
 		goto fput_out;
 
diff --minimal -Nru a/mm/memory.c b/mm/memory.c
--- a/mm/memory.c	Tue Feb 12 18:59:50 2002
+++ b/mm/memory.c	Tue Feb 12 18:59:50 2002
@@ -44,6 +44,7 @@
 #include <linux/iobuf.h>
 #include <linux/highmem.h>
 #include <linux/pagemap.h>
+#include <linux/security.h>
 
 #include <asm/pgalloc.h>
 #include <asm/uaccess.h>
diff --minimal -Nru a/mm/mmap.c b/mm/mmap.c
--- a/mm/mmap.c	Tue Feb 12 18:59:50 2002
+++ b/mm/mmap.c	Tue Feb 12 18:59:50 2002
@@ -14,6 +14,7 @@
 #include <linux/file.h>
 #include <linux/fs.h>
 #include <linux/personality.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
@@ -477,6 +478,10 @@
 		}
 	}
 
+	error = security_ops->file_ops->mmap(file, prot, flags);
+	if (error)
+		return error;
+		
 	/* Clear old maps */
 	error = -ENOMEM;
 munmap_back:
diff --minimal -Nru a/mm/mprotect.c b/mm/mprotect.c
--- a/mm/mprotect.c	Tue Feb 12 18:59:50 2002
+++ b/mm/mprotect.c	Tue Feb 12 18:59:50 2002
@@ -9,6 +9,7 @@
 #include <linux/shm.h>
 #include <linux/mman.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
@@ -301,6 +302,10 @@
 			error = -EACCES;
 			goto out;
 		}
+
+		error = security_ops->file_ops->mprotect(vma, prot);
+		if (error)
+			goto out;
 
 		if (vma->vm_end > end) {
 			error = mprotect_fixup(vma, &prev, nstart, end, newflags);
diff --minimal -Nru a/mm/oom_kill.c b/mm/oom_kill.c
--- a/mm/oom_kill.c	Tue Feb 12 18:59:50 2002
+++ b/mm/oom_kill.c	Tue Feb 12 18:59:50 2002
@@ -89,7 +89,7 @@
 	 * Superuser processes are usually more important, so we make it
 	 * less likely that we kill those.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
+	if (!security_ops->capable(p,CAP_SYS_ADMIN) ||
 				p->uid == 0 || p->euid == 0)
 		points /= 4;
 
@@ -99,7 +99,7 @@
 	 * tend to only have this flag set on applications they think
 	 * of as important.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
+	if (!security_ops->capable(p,CAP_SYS_RAWIO))
 		points /= 4;
 #ifdef DEBUG
 	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -150,7 +150,7 @@
 	p->flags |= PF_MEMALLOC | PF_MEMDIE;
 
 	/* This process has hardware access, be more careful. */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
+	if (!security_ops->capable(p,CAP_SYS_RAWIO)) {
 		force_sig(SIGTERM, p);
 	} else {
 		force_sig(SIGKILL, p);
diff --minimal -Nru a/mm/swapfile.c b/mm/swapfile.c
--- a/mm/swapfile.c	Tue Feb 12 18:59:50 2002
+++ b/mm/swapfile.c	Tue Feb 12 18:59:50 2002
@@ -735,6 +735,13 @@
 		}
 		prev = type;
 	}
+
+	err = security_ops->swapoff(p);
+	if (err) {
+		swap_list_unlock();
+		goto out_dput;
+	}
+
 	err = -EINVAL;
 	if (type < 0) {
 		swap_list_unlock();
@@ -908,6 +915,9 @@
 		goto bad_swap_2;
 
 	p->swap_file = swap_file;
+	error = security_ops->swapon(p);
+	if (error)
+		goto bad_swap_2;
 
 	error = -EINVAL;
 	if (S_ISBLK(swap_file->f_dentry->d_inode->i_mode)) {
diff --minimal -Nru a/net/core/dev.c b/net/core/dev.c
--- a/net/core/dev.c	Tue Feb 12 18:59:50 2002
+++ b/net/core/dev.c	Tue Feb 12 18:59:50 2002
@@ -100,6 +100,7 @@
 #include <linux/init.h>
 #include <linux/kmod.h>
 #include <linux/module.h>
+#include <linux/security.h>
 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
 #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
 #include <net/iw_handler.h>
@@ -2534,6 +2535,8 @@
 #ifdef CONFIG_NET_DIVERT
 	free_divert_blk(dev);
 #endif
+
+	security_ops->netdev_ops->unregister(dev);
 
 	if (dev->features & NETIF_F_DYNALLOC) {
 #ifdef NET_REFCNT_DEBUG
diff --minimal -Nru a/net/core/rtnetlink.c b/net/core/rtnetlink.c
--- a/net/core/rtnetlink.c	Tue Feb 12 18:59:50 2002
+++ b/net/core/rtnetlink.c	Tue Feb 12 18:59:50 2002
@@ -316,7 +316,7 @@
 	sz_idx = type>>2;
 	kind = type&3;
 
-	if (kind != 2 && !cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) {
+	if (kind != 2 && security_ops->netlink_recv(skb)) {
 		*errp = -EPERM;
 		return -1;
 	}
diff --minimal -Nru a/net/core/scm.c b/net/core/scm.c
--- a/net/core/scm.c	Tue Feb 12 18:59:50 2002
+++ b/net/core/scm.c	Tue Feb 12 18:59:50 2002
@@ -22,6 +22,7 @@
 #include <linux/net.h>
 #include <linux/interrupt.h>
 #include <linux/netdevice.h>
+#include <linux/security.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -216,6 +217,9 @@
 	for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
 	{
 		int new_fd;
+		err = security_ops->file_ops->receive(fp[i]);
+		if (err)
+			break;
 		err = get_unused_fd();
 		if (err < 0)
 			break;
diff --minimal -Nru a/net/core/skbuff.c b/net/core/skbuff.c
--- a/net/core/skbuff.c	Tue Feb 12 18:59:50 2002
+++ b/net/core/skbuff.c	Tue Feb 12 18:59:50 2002
@@ -52,6 +52,7 @@
 #include <linux/rtnetlink.h>
 #include <linux/init.h>
 #include <linux/highmem.h>
+#include <linux/security.h>
 
 #include <net/protocol.h>
 #include <net/dst.h>
@@ -190,6 +191,11 @@
 	if (data == NULL)
 		goto nodata;
 
+	if (security_ops->skb_ops->alloc_security(skb)) {
+ 		kfree(data);
+		goto nodata;
+	}
+
 	/* XXX: does not include slab overhead */ 
 	skb->truesize = size + sizeof(struct sk_buff);
 
@@ -249,6 +255,7 @@
 #ifdef CONFIG_NET_SCHED
 	skb->tc_index = 0;
 #endif
+	skb->lsm_security = NULL;
 }
 
 static void skb_drop_fraglist(struct sk_buff *skb)
@@ -326,6 +333,7 @@
 #ifdef CONFIG_NETFILTER
 	nf_conntrack_put(skb->nfct);
 #endif
+	security_ops->skb_ops->free_security(skb);
 	skb_headerinit(skb, NULL, 0);  /* clean state */
 	kfree_skbmem(skb);
 }
@@ -354,6 +362,11 @@
 		if (!n)
 			return NULL;
 	}
+	
+	if (security_ops->skb_ops->clone(n, skb)) {
+		skb_head_to_pool(n);
+		return NULL;
+	}
 
 #define C(x) n->x = skb->x
 
@@ -441,6 +454,7 @@
 #ifdef CONFIG_NET_SCHED
 	new->tc_index = old->tc_index;
 #endif
+	security_ops->skb_ops->copy(new, old);
 }
 
 /**
diff --minimal -Nru a/net/ipv4/devinet.c b/net/ipv4/devinet.c
--- a/net/ipv4/devinet.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/devinet.c	Tue Feb 12 18:59:50 2002
@@ -55,6 +55,7 @@
 #include <linux/sysctl.h>
 #endif
 #include <linux/kmod.h>
+#include <linux/security.h>
 
 #include <net/ip.h>
 #include <net/route.h>
diff --minimal -Nru a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
--- a/net/ipv4/ip_fragment.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_fragment.c	Tue Feb 12 18:59:50 2002
@@ -37,6 +37,7 @@
 #include <linux/udp.h>
 #include <linux/inet.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/security.h>
 
 /* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6
  * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c
@@ -372,7 +373,11 @@
 {
 	struct sk_buff *prev, *next;
 	int flags, offset;
-	int ihl, end;
+	int ihl, end, ret;
+
+	ret = security_ops->ip_ops->defragment(skb);
+	if (ret)
+		goto err;
 
 	if (qp->last_in & COMPLETE)
 		goto err;
diff --minimal -Nru a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
--- a/net/ipv4/ip_gre.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_gre.c	Tue Feb 12 18:59:50 2002
@@ -651,6 +651,7 @@
 		skb->nf_debug = 0;
 #endif
 #endif
+		security_ops->ip_ops->decapsulate(skb);
 		ipgre_ecn_decapsulate(iph, skb);
 		netif_rx(skb);
 		read_unlock(&ipgre_lock);
@@ -880,6 +881,7 @@
 	skb->nf_debug = 0;
 #endif
 #endif
+	security_ops->ip_ops->encapsulate(skb);
 
 	IPTUNNEL_XMIT();
 	tunnel->recursion--;
diff --minimal -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
--- a/net/ipv4/ip_options.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_options.c	Tue Feb 12 18:59:50 2002
@@ -433,7 +433,11 @@
 				opt->router_alert = optptr - iph;
 			break;
 		      case IPOPT_SEC:
+		      case IPOPT_CIPSO:
 		      case IPOPT_SID:
+		      	if (security_ops->ip_ops->decode_options(skb, optptr, &pp_ptr))
+				goto error;
+			break;
 		      default:
 			if (!skb && !capable(CAP_NET_RAW)) {
 				pp_ptr = optptr;
diff --minimal -Nru a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
--- a/net/ipv4/ip_output.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ip_output.c	Tue Feb 12 18:59:50 2002
@@ -872,6 +872,7 @@
 		skb2->nf_debug = skb->nf_debug;
 #endif
 #endif
+		security_ops->ip_ops->fragment(skb2, skb);
 
 		/*
 		 *	Put this fragment into the sending queue.
diff --minimal -Nru a/net/ipv4/ipip.c b/net/ipv4/ipip.c
--- a/net/ipv4/ipip.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ipip.c	Tue Feb 12 18:59:50 2002
@@ -500,6 +500,7 @@
 		skb->nf_debug = 0;
 #endif
 #endif
+		security_ops->ip_ops->decapsulate(skb);
 		ipip_ecn_decapsulate(iph, skb);
 		netif_rx(skb);
 		read_unlock(&ipip_lock);
@@ -647,6 +648,8 @@
 	skb->nf_debug = 0;
 #endif
 #endif
+
+	security_ops->ip_ops->encapsulate(skb);
 
 	IPTUNNEL_XMIT();
 	tunnel->recursion--;
diff --minimal -Nru a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
--- a/net/ipv4/ipmr.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/ipmr.c	Tue Feb 12 18:59:50 2002
@@ -1100,6 +1100,7 @@
 	nf_conntrack_put(skb->nfct);
 	skb->nfct = NULL;
 #endif
+	security_ops->ip_ops->encapsulate(skb);
 }
 
 static inline int ipmr_forward_finish(struct sk_buff *skb)
@@ -1445,6 +1446,7 @@
 	nf_conntrack_put(skb->nfct);
 	skb->nfct = NULL;
 #endif
+	security_ops->ip_ops->decapsulate(skb);
 	netif_rx(skb);
 	dev_put(reg_dev);
 	return 0;
@@ -1512,6 +1514,7 @@
 	nf_conntrack_put(skb->nfct);
 	skb->nfct = NULL;
 #endif
+	security_ops->ip_ops->decapsulate(skb);
 	netif_rx(skb);
 	dev_put(reg_dev);
 	return 0;
diff --minimal -Nru a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
--- a/net/ipv4/netfilter/ip_queue.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/netfilter/ip_queue.c	Tue Feb 12 18:59:50 2002
@@ -490,7 +490,7 @@
 		RCV_SKB_FAIL(-EINVAL);
 	if (type <= IPQM_BASE)
 		return;
-	if(!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
+	if (security_ops->netlink_recv(skb))
 		RCV_SKB_FAIL(-EPERM);
 	if (nlq->peer.pid && !nlq->peer.died
 	    && (nlq->peer.pid != nlh->nlmsg_pid)) {
diff --minimal -Nru a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
--- a/net/ipv4/tcp_ipv4.c	Tue Feb 12 18:59:50 2002
+++ b/net/ipv4/tcp_ipv4.c	Tue Feb 12 18:59:50 2002
@@ -1646,6 +1646,9 @@
 	if(!ipsec_sk_policy(sk,skb))
 		goto discard_and_relse;
 
+	if (security_ops->socket_ops->sock_rcv_skb(sk, skb))
+		goto discard_and_relse;
+
 	if (sk->state == TCP_TIME_WAIT)
 		goto do_time_wait;
 
diff --minimal -Nru a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
--- a/net/netlink/af_netlink.c	Tue Feb 12 18:59:50 2002
+++ b/net/netlink/af_netlink.c	Tue Feb 12 18:59:50 2002
@@ -597,7 +597,12 @@
 	   check them, when this message will be delivered
 	   to corresponding kernel module.   --ANK (980802)
 	 */
-	NETLINK_CB(skb).eff_cap = current->cap_effective;
+
+	err = security_ops->netlink_send(skb);
+	if (err) {
+		kfree_skb(skb);
+		goto out;
+	}
 
 	err = -EFAULT;
 	if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
diff --minimal -Nru a/net/socket.c b/net/socket.c
--- a/net/socket.c	Tue Feb 12 18:59:50 2002
+++ b/net/socket.c	Tue Feb 12 18:59:50 2002
@@ -547,6 +547,10 @@
 	int err;
 	struct scm_cookie scm;
 
+	err = security_ops->socket_ops->sendmsg(sock, msg, size);
+	if (err)
+		return err;
+
 	err = scm_send(sock, msg, &scm);
 	if (err >= 0) {
 		err = sock->ops->sendmsg(sock, msg, size, &scm);
@@ -558,6 +562,11 @@
 int sock_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags)
 {
 	struct scm_cookie scm;
+	int err;
+
+	err = security_ops->socket_ops->recvmsg(sock, msg, size, flags);
+	if (err)
+		return err;
 
 	memset(&scm, 0, sizeof(scm));
 
@@ -867,6 +876,7 @@
 int sock_create(int family, int type, int protocol, struct socket **res)
 {
 	int i;
+	int err;
 	struct socket *sock;
 
 	/*
@@ -890,6 +900,10 @@
 		}
 		family = PF_PACKET;
 	}
+
+	err = security_ops->socket_ops->create(family, type, protocol);
+	if (err)
+		return err;
 		
 #if defined(CONFIG_KMOD) && defined(CONFIG_NET)
 	/* Attempt to load a protocol module if the find failed. 
@@ -936,6 +950,8 @@
 
 	*res = sock;
 
+	security_ops->socket_ops->post_create(sock, family, type, protocol);
+
 out:
 	net_family_read_unlock();
 	return i;
@@ -1045,8 +1061,14 @@
 
 	if((sock = sockfd_lookup(fd,&err))!=NULL)
 	{
-		if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
+		if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
+			err = security_ops->socket_ops->bind(sock, (struct sockaddr *)address, addrlen);
+			if (err) {
+				sockfd_put(sock);
+				return err;
+			}
 			err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
+		}
 		sockfd_put(sock);
 	}			
 	return err;
@@ -1067,6 +1089,13 @@
 	if ((sock = sockfd_lookup(fd, &err)) != NULL) {
 		if ((unsigned) backlog > SOMAXCONN)
 			backlog = SOMAXCONN;
+
+		err = security_ops->socket_ops->listen(sock, backlog);
+		if (err) {
+			sockfd_put(sock);
+			return err;
+		}
+
 		err=sock->ops->listen(sock, backlog);
 		sockfd_put(sock);
 	}
@@ -1103,6 +1132,10 @@
 	newsock->type = sock->type;
 	newsock->ops = sock->ops;
 
+	err = security_ops->socket_ops->accept(sock, newsock);
+	if (err)
+		goto out_release;
+
 	err = sock->ops->accept(sock, newsock, sock->file->f_flags);
 	if (err < 0)
 		goto out_release;
@@ -1157,8 +1190,14 @@
 	err = move_addr_to_kernel(uservaddr, addrlen, address);
 	if (err < 0)
 		goto out_put;
+
+	err = security_ops->socket_ops->connect(sock, (struct sockaddr *)address, addrlen);
+	if (err)
+		goto out_put;
+
 	err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
 				 sock->file->f_flags);
+
 out_put:
 	sockfd_put(sock);
 out:
@@ -1179,6 +1218,11 @@
 	sock = sockfd_lookup(fd, &err);
 	if (!sock)
 		goto out;
+
+	err = security_ops->socket_ops->getsockname(sock);
+	if (err)
+		goto out_put;
+
 	err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 0);
 	if (err)
 		goto out_put;
@@ -1203,6 +1247,12 @@
 
 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
 	{
+		err = security_ops->socket_ops->getpeername(sock);
+		if (err) {
+			sockfd_put(sock);
+			return err;
+		}
+
 		err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 1);
 		if (!err)
 			err=move_addr_to_user(address,len, usockaddr, usockaddr_len);
@@ -1331,6 +1381,12 @@
 			
 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
 	{
+		err = security_ops->socket_ops->setsockopt(sock,level,optname);
+		if (err) {
+			sockfd_put(sock);
+			return err;
+		}
+
 		if (level == SOL_SOCKET)
 			err=sock_setsockopt(sock,level,optname,optval,optlen);
 		else
@@ -1352,6 +1408,13 @@
 
 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
 	{
+		err = security_ops->socket_ops->getsockopt(sock, level, 
+							   optname);
+		if (err) {
+			sockfd_put(sock);
+			return err;
+		}
+
 		if (level == SOL_SOCKET)
 			err=sock_getsockopt(sock,level,optname,optval,optlen);
 		else
@@ -1373,6 +1436,12 @@
 
 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
 	{
+		err = security_ops->socket_ops->shutdown(sock, how);
+		if (err) {
+			sockfd_put(sock);
+			return err;
+		}
+				
 		err=sock->ops->shutdown(sock, how);
 		sockfd_put(sock);
 	}
diff --minimal -Nru a/net/unix/af_unix.c b/net/unix/af_unix.c
--- a/net/unix/af_unix.c	Tue Feb 12 18:59:50 2002
+++ b/net/unix/af_unix.c	Tue Feb 12 18:59:50 2002
@@ -109,6 +109,7 @@
 #include <linux/poll.h>
 #include <linux/smp_lock.h>
 #include <linux/rtnetlink.h>
+#include <linux/security.h>
 
 #include <asm/checksum.h>
 
@@ -792,6 +793,12 @@
 		err = -EPERM;
 		if (!unix_may_send(sk, other))
 			goto out_unlock;
+
+		err = security_ops->socket_ops->unix_may_send(sk->socket, 
+							      other->socket);
+		if (err)
+			goto out_unlock;
+
 	} else {
 		/*
 		 *	1003.1g breaking connected state with AF_UNSPEC
@@ -956,6 +963,12 @@
 		goto restart;
 	}
 
+	err = security_ops->socket_ops->unix_stream_connect(sock, other->socket);
+	if (err) {
+		unix_state_wunlock(sk);
+		goto out_unlock;
+	}
+
 	/* The way is open! Fastly set all the necessary fields... */
 
 	sock_hold(sk);
@@ -1249,6 +1262,11 @@
 
 	err = -EPIPE;
 	if (other->shutdown&RCV_SHUTDOWN)
+		goto out_unlock;
+
+	err = security_ops->socket_ops->unix_may_send(sk->socket,
+						      other->socket);
+	if (err)
 		goto out_unlock;
 
 	if (unix_peer(other) != sk &&
diff --minimal -Nru a/security/Config.help b/security/Config.help
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/Config.help	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,78 @@
+CONFIG_SECURITY_CAPABILITIES
+  This enables the "default" Linux capabilities functionality.
+  If you are unsure how to answer this question, answer Y.
+
+CONFIG_SECURITY_IP
+  This option enables the Netfilter-based IP networking hooks.
+  
+  Answer Y to this if using an LSM module which uses these
+  hooks, otherwise, answer N.
+
+CONFIG_SECURITY_OWLSM
+  This enables the LSM port of the Openwall kernel patch.  This is NOT
+  official Openwall.  For more information on the Openwall kernel patch
+  go to <http://www.openwall.com/>
+  
+CONFIG_OWLSM_RLIMIT_NPROC
+  This option is an LSM port of the Openwall CONFIG_SECURE_RLIMIT_NPROC
+  patch. It is derived from Openwall but is not official Openwall.  This
+  option is only valid if you have chosen to build the LSM port of
+  Openwall (CONFIG_SECURITY_OWLSM).
+
+  Linux lets you set a limit on how many processes a user can have, via
+  a setrlimit(2) call with RLIMIT_NPROC. Unfortunately, this limit is
+  only looked at when a new process is created on fork(2). If a process
+  changes its UID, it might exceed the limit for its new UID. This is
+  not a security issue by itself, as changing the UID is a privileged
+  operation. However, there're privileged programs that want to switch
+  to a user's context, including setting up some resource limits. The
+  only fork(2) required (if at all) is done before switching the UID,
+  and thus doesn't result in a check against RLIMIT_NPROC. Enable this
+  option to enforce RLIMIT_NPROC on execve(2) calls.
+
+  If you are unsure how to answer this question, answer N.
+
+CONFIG_OWLSM_LINK
+  This option is an LSM port of the Openwall CONFIG_SECURE_LINK patch.
+  It is derived from Openwall but is not official Openwall.  This option
+  is only valid if you have chosen to build the LSM port of Openwall
+  (CONFIG_SECURITY_OWLSM).
+
+  There's a very common attack that involves a malicious user creating
+  a symbolic link in /tmp, with a carefully chosen name, pointing at
+  another user's file. When the victim then writes to that file name,
+  without the required precautions, they inadvertently write to the
+  wrong file. Enabling this option reduces the impact of this class of
+  holes (some get fixed, many others allow for DoS attacks only, most
+  of the rest become harder to exploit) by preventing a process from
+  following a link which is in a +t directory, unless the link owner
+  is trusted (that is, it's the user we're running as or the directory
+  owner). To prevent from using a hard link in an attack instead, this
+  option does not allow users to create hard links to files they don't
+  own. This might break things. Say Y if security is more important.
+
+CONFIG_OWLSM_FD
+  This option is an LSM port of the Openwall CONFIG_SECURE_FD_0_1_2
+  patch.  It is derived from Openwall but is not official Openwall.
+  This option is only valid if you have chosen to build the LSM port of
+  Openwall (CONFIG_SECURITY_OWLSM).
+
+  File descriptors 0, 1, and 2 have a special meaning for the C library
+  and lots of programs. Thus, they're often referenced by number. Still,
+  it is normally possible to execute a program with one or more of these
+  fd's closed, and any open(2) calls it might do will happily provide
+  these fd numbers. The program (or the libraries it is linked with)
+  will continue using the fd's for their usual purposes, in reality
+  accessing files the program has just opened. If such a program is
+  installed SUID and/or SGID, then we might have a security problem.
+  Enable this option to ensure that fd's 0, 1, and 2 are always open on
+  execution of a SUID/SGID binary.
+
+CONFIG_SECURITY_DTE
+  This enables Domain and Type Enforcement.  It assigns labels to
+  files and processes.  File labels are called types, and process
+  labels are called domains.  DTE controls transitions and signal
+  access between domains, and access from domains to types.  For
+  more information, please see <http://www.cs.wm.edu/~hallyn/dte>
+
+  If you're unsure, answer N.
diff --minimal -Nru a/security/Config.in b/security/Config.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/Config.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,16 @@
+#
+# Security configuration
+#
+mainmenu_option next_comment
+comment 'Security options'
+tristate 'Capabilities Support' CONFIG_SECURITY_CAPABILITIES
+dep_tristate 'IP Networking Support' CONFIG_SECURITY_IP $CONFIG_NETFILTER
+source security/selinux/Config.in
+dep_tristate 'LSM port of Openwall (EXPERIMENTAL)' CONFIG_SECURITY_OWLSM $CONFIG_EXPERIMENTAL
+if [ "$CONFIG_SECURITY_OWLSM" = "y" -o "$CONFIG_SECURITY_OWLSM" = "m" ]; then
+	bool '  Add RLIMITS_NPROC check to execve' CONFIG_OWLSM_RLIMIT_NPROC
+	bool '  Restricted links in /tmp' CONFIG_OWLSM_LINK
+	bool '  Special handling of fd 0, 1, and 2' CONFIG_OWLSM_FD
+fi
+dep_tristate 'Domain and Type Enforcement (EXPERIMENTAL)' CONFIG_SECURITY_DTE $CONFIG_EXPERIMENTAL
+endmenu
diff --minimal -Nru a/security/Makefile b/security/Makefile
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/Makefile	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,29 @@
+#
+# Makefile for the kernel security code
+#
+
+# The target object and module list name.
+O_TARGET	:= vmlinux-obj.o
+
+# subdirectory list
+subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
+subdir-$(CONFIG_SECURITY_DTE)		+= dte
+
+# Objects that export symbols
+export-objs	:= security.o
+
+# Object file lists
+obj-y		:= security.o dummy.o
+
+# Must precede capabilities in order to stack properly.
+ifeq ($(CONFIG_SECURITY_SELINUX),y)
+	obj-$(CONFIG_SECURITY_SELINUX)	+= selinux/selinux-obj.o
+endif
+obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
+obj-$(CONFIG_SECURITY_IP)		+= lsm_ip_glue.o
+obj-$(CONFIG_SECURITY_OWLSM)		+= owlsm.o
+ifeq ($(CONFIG_SECURITY_DTE),y)
+	obj-y += dte/dte_plug.o
+endif
+
+include $(TOPDIR)/Rules.make
diff --minimal -Nru a/security/Makefile.in b/security/Makefile.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/Makefile.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,27 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+
+
+# security.o has exportable symbols.
+expsyms(security.o)
+
+# Always build the framework
+select(security.o)
+select(dummy.o)
+
+
+# the pre-existing capabilities code.
+select(CONFIG_M CONFIG_SECURITY_CAPABILITIES capability.o)
+
+
+select(CONFIG_M CONFIG_SECURITY_IP lsm_ip_glue.o)
+
+# OpenWall
+select(CONFIG_M CONFIG_SECURITY_OWLSM owlsm.o)
+
+# NSA/NAI SELinux
+link_subdirs(selinux)
+
+# Domain Type Enforcement
+link_subdirs(dte)
diff --minimal -Nru a/security/capability.c b/security/capability.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/capability.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1361 @@
+/*
+ *  Capabilities Linux Security Module
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/file.h>
+#include <linux/mm.h>
+#include <linux/smp_lock.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+/* flag to keep track of how we were registered */
+static int secondary;
+
+static int cap_sethostname (char *hostname)
+{
+	return 0;
+}
+
+static int cap_setdomainname (char *domainname)
+{
+	return 0;
+}
+
+static int cap_reboot (unsigned int cmd)
+{
+	return 0;
+}
+
+static int cap_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+	return 0;
+}
+
+static int cap_iopl (unsigned int old, unsigned int level)
+{
+	return 0;
+}
+
+static int cap_capable (struct task_struct *tsk, int cap)
+{
+	/* Derived from include/linux/sched.h:capable. */
+	if (cap_raised (tsk->cap_effective, cap))
+		return 0;
+	else
+		return -EPERM;
+}
+
+static int cap_sys_security (unsigned int id, unsigned int call,
+			     unsigned long *args)
+{
+	return -ENOSYS;
+}
+
+static int cap_swapon (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int cap_swapoff (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int cap_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+	return 0;
+}
+
+static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+	return 0;
+}
+
+static int cap_quota_on (struct file *f)
+{
+	return 0;
+}
+
+static int cap_bdflush (int func, long data)
+{
+	return 0;
+}
+
+static int cap_syslog (int type)
+{
+	return 0;
+}
+
+static int cap_netlink_send (struct sk_buff *skb)
+{
+	NETLINK_CB (skb).eff_cap = current->cap_effective;
+	return 0;
+}
+
+static int cap_netlink_recv (struct sk_buff *skb)
+{
+	if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+static int cap_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+	/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
+	if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
+	    !capable (CAP_SYS_PTRACE))
+		return -EPERM;
+	else
+		return 0;
+}
+
+static int cap_capget (struct task_struct *target, kernel_cap_t * effective,
+		       kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+	/* Derived from kernel/capability.c:sys_capget. */
+	*effective = cap_t (target->cap_effective);
+	*inheritable = cap_t (target->cap_inheritable);
+	*permitted = cap_t (target->cap_permitted);
+	return 0;
+}
+
+static int cap_capset_check (struct task_struct *target,
+			     kernel_cap_t * effective,
+			     kernel_cap_t * inheritable,
+			     kernel_cap_t * permitted)
+{
+	/* Derived from kernel/capability.c:sys_capset. */
+	/* verify restrictions on target's new Inheritable set */
+	if (!cap_issubset (*inheritable,
+			   cap_combine (target->cap_inheritable,
+					current->cap_permitted))) {
+		return -EPERM;
+	}
+
+	/* verify restrictions on target's new Permitted set */
+	if (!cap_issubset (*permitted,
+			   cap_combine (target->cap_permitted,
+					current->cap_permitted))) {
+		return -EPERM;
+	}
+
+	/* verify the _new_Effective_ is a subset of the _new_Permitted_ */
+	if (!cap_issubset (*effective, *permitted)) {
+		return -EPERM;
+	}
+
+	return 0;
+}
+
+static void cap_capset_set (struct task_struct *target,
+			    kernel_cap_t * effective,
+			    kernel_cap_t * inheritable,
+			    kernel_cap_t * permitted)
+{
+	target->cap_effective = *effective;
+	target->cap_inheritable = *inheritable;
+	target->cap_permitted = *permitted;
+}
+
+static int cap_acct (struct file *file)
+{
+	return 0;
+}
+
+static int cap_sysctl (ctl_table * table, int op)
+{
+	return 0;
+}
+
+static int cap_binprm_alloc_security (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static int cap_binprm_set_security (struct linux_binprm *bprm)
+{
+	/* Copied from fs/exec.c:prepare_binprm. */
+
+	/* We don't have VFS support for capabilities yet */
+	cap_clear (bprm->cap_inheritable);
+	cap_clear (bprm->cap_permitted);
+	cap_clear (bprm->cap_effective);
+
+	/*  To support inheritance of root-permissions and suid-root
+	 *  executables under compatibility mode, we raise all three
+	 *  capability sets for the file.
+	 *
+	 *  If only the real uid is 0, we only raise the inheritable
+	 *  and permitted sets of the executable file.
+	 */
+
+	if (!issecure (SECURE_NOROOT)) {
+		if (bprm->e_uid == 0 || current->uid == 0) {
+			cap_set_full (bprm->cap_inheritable);
+			cap_set_full (bprm->cap_permitted);
+		}
+		if (bprm->e_uid == 0)
+			cap_set_full (bprm->cap_effective);
+	}
+	return 0;
+}
+
+static void cap_binprm_free_security (struct linux_binprm *bprm)
+{
+	return;
+}
+
+/* Copied from fs/exec.c */
+static inline int must_not_trace_exec (struct task_struct *p)
+{
+	return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
+}
+
+static void cap_binprm_compute_creds (struct linux_binprm *bprm)
+{
+	/* Derived from fs/exec.c:compute_creds. */
+	kernel_cap_t new_permitted, working;
+	int do_unlock = 0;
+
+	new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
+	working = cap_intersect (bprm->cap_inheritable,
+				 current->cap_inheritable);
+	new_permitted = cap_combine (new_permitted, working);
+
+	if (!cap_issubset (new_permitted, current->cap_permitted)) {
+		current->mm->dumpable = 0;
+
+		lock_kernel ();
+		if (must_not_trace_exec (current)
+		    || atomic_read (&current->fs->count) > 1
+		    || atomic_read (&current->files->count) > 1
+		    || atomic_read (&current->sig->count) > 1) {
+			if (!capable (CAP_SETPCAP)) {
+				new_permitted = cap_intersect (new_permitted,
+							       current->
+							       cap_permitted);
+			}
+		}
+		do_unlock = 1;
+	}
+
+	/* For init, we want to retain the capabilities set
+	 * in the init_task struct. Thus we skip the usual
+	 * capability rules */
+	if (current->pid != 1) {
+		current->cap_permitted = new_permitted;
+		current->cap_effective =
+		    cap_intersect (new_permitted, bprm->cap_effective);
+	}
+
+	/* AUD: Audit candidate if current->cap_effective is set */
+
+	if (do_unlock)
+		unlock_kernel ();
+
+	current->keep_capabilities = 0;
+}
+
+static int cap_sb_alloc_security (struct super_block *sb)
+{
+	return 0;
+}
+
+static void cap_sb_free_security (struct super_block *sb)
+{
+	return;
+}
+
+static int cap_sb_statfs (struct super_block *sb)
+{
+	return 0;
+}
+
+static int cap_mount (char *dev_name, struct nameidata *nd, char *type,
+		      unsigned long flags, void *data)
+{
+	return 0;
+}
+
+static int cap_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return 0;
+}
+
+static int cap_umount (struct vfsmount *mnt, int flags)
+{
+	return 0;
+}
+
+static void cap_umount_close (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void cap_umount_busy (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void cap_post_remount (struct vfsmount *mnt, unsigned long flags,
+			      void *data)
+{
+	return;
+}
+
+static void cap_post_mountroot (void)
+{
+	return;
+}
+
+static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return;
+}
+
+static int cap_inode_alloc_security (struct inode *inode)
+{
+	return 0;
+}
+
+static void cap_inode_free_security (struct inode *inode)
+{
+	return;
+}
+
+static int cap_inode_create (struct inode *inode, struct dentry *dentry,
+			     int mask)
+{
+	return 0;
+}
+
+static void cap_inode_post_create (struct inode *inode, struct dentry *dentry,
+				   int mask)
+{
+	return;
+}
+
+static int cap_inode_link (struct dentry *old_dentry, struct inode *inode,
+			   struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void cap_inode_post_link (struct dentry *old_dentry, struct inode *inode,
+				 struct dentry *new_dentry)
+{
+	return;
+}
+
+static int cap_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int cap_inode_symlink (struct inode *inode, struct dentry *dentry,
+			      const char *name)
+{
+	return 0;
+}
+
+static void cap_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+				    const char *name)
+{
+	return;
+}
+
+static int cap_inode_mkdir (struct inode *inode, struct dentry *dentry,
+			    int mask)
+{
+	return 0;
+}
+
+static void cap_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+				  int mask)
+{
+	return;
+}
+
+static int cap_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int cap_inode_mknod (struct inode *inode, struct dentry *dentry,
+			    int major, dev_t minor)
+{
+	return 0;
+}
+
+static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+				  int major, dev_t minor)
+{
+	return;
+}
+
+static int cap_inode_rename (struct inode *old_inode, struct dentry *old_dentry,
+			     struct inode *new_inode, struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void cap_inode_post_rename (struct inode *old_inode,
+				   struct dentry *old_dentry,
+				   struct inode *new_inode,
+				   struct dentry *new_dentry)
+{
+	return;
+}
+
+static int cap_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int cap_inode_follow_link (struct dentry *dentry,
+				  struct nameidata *nameidata)
+{
+	return 0;
+}
+
+static int cap_inode_permission (struct inode *inode, int mask)
+{
+	return 0;
+}
+
+static int cap_inode_revalidate (struct dentry *inode)
+{
+	return 0;
+}
+
+static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+	return 0;
+}
+
+static int cap_inode_stat (struct inode *inode)
+{
+	return 0;
+}
+
+static void cap_post_lookup (struct inode *ino, struct dentry *d)
+{
+	return;
+}
+
+static void cap_delete (struct inode *ino)
+{
+	return;
+}
+
+static int cap_inode_setxattr (struct dentry *dentry, char *name, void *value,
+				size_t size, int flags)
+{
+	return 0;
+}
+
+static int cap_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int cap_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int cap_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int cap_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static int cap_file_alloc_security (struct file *file)
+{
+	return 0;
+}
+
+static void cap_file_free_security (struct file *file)
+{
+	return;
+}
+
+static int cap_file_llseek (struct file *file)
+{
+	return 0;
+}
+
+static int cap_file_ioctl (struct file *file, unsigned int command,
+			   unsigned long arg)
+{
+	return 0;
+}
+
+static int cap_file_mmap (struct file *file, unsigned long prot,
+			  unsigned long flags)
+{
+	return 0;
+}
+
+static int cap_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+	return 0;
+}
+
+static int cap_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+	return 0;
+}
+
+static int cap_file_fcntl (struct file *file, unsigned int cmd,
+			   unsigned long arg)
+{
+	return 0;
+}
+
+static int cap_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static int cap_file_send_sigiotask (struct task_struct *tsk,
+				    struct fown_struct *fown, int fd,
+				    int reason)
+{
+	return 0;
+}
+
+static int cap_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static int cap_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static int cap_task_alloc_security (struct task_struct *p)
+{
+	return 0;
+}
+
+static void cap_task_free_security (struct task_struct *p)
+{
+	return;
+}
+
+static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	return 0;
+}
+
+/* moved from kernel/sys.c. */
+/* 
+ * cap_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ *  1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ *  {r,e,s}uid != 0, the permitted and effective capabilities are
+ *  cleared.
+ *
+ *  2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ *  capabilities of the process are cleared.
+ *
+ *  3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ *  capabilities are set to the permitted capabilities.
+ *
+ *  fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 
+ *  never happen.
+ *
+ *  -astor 
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
+					int old_suid)
+{
+	if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+	    (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+	    !current->keep_capabilities) {
+		cap_clear (current->cap_permitted);
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid == 0 && current->euid != 0) {
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid != 0 && current->euid == 0) {
+		current->cap_effective = current->cap_permitted;
+	}
+}
+
+static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+				 int flags)
+{
+	switch (flags) {
+	case LSM_SETID_RE:
+	case LSM_SETID_ID:
+	case LSM_SETID_RES:
+		/* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
+		if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+			cap_emulate_setxuid (old_ruid, old_euid, old_suid);
+		}
+		break;
+	case LSM_SETID_FS:
+		{
+			uid_t old_fsuid = old_ruid;
+
+			/* Copied from kernel/sys.c:setfsuid. */
+
+			/*
+			 * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
+			 *          if not, we might be a bit too harsh here.
+			 */
+
+			if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+				if (old_fsuid == 0 && current->fsuid != 0) {
+					cap_t (current->cap_effective) &=
+					    ~CAP_FS_MASK;
+				}
+				if (old_fsuid != 0 && current->fsuid == 0) {
+					cap_t (current->cap_effective) |=
+					    (cap_t (current->cap_permitted) &
+					     CAP_FS_MASK);
+				}
+			}
+			break;
+		}
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+	return 0;
+}
+
+static int cap_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return 0;
+}
+
+static int cap_task_getpgid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int cap_task_getsid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int cap_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+	return 0;
+}
+
+static int cap_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static int cap_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static int cap_task_setscheduler (struct task_struct *p, int policy,
+				  struct sched_param *lp)
+{
+	return 0;
+}
+
+static int cap_task_getscheduler (struct task_struct *p)
+{
+	return 0;
+}
+
+static int cap_task_wait (struct task_struct *p)
+{
+	return 0;
+}
+
+static int cap_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+	return 0;
+}
+
+static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+			   unsigned long arg4, unsigned long arg5)
+{
+	return 0;
+}
+
+static void cap_task_kmod_set_label (void)
+{
+	cap_set_full (current->cap_effective);
+	return;
+}
+
+static unsigned int cap_ip_preroute_first (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_preroute_last (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_input_first (unsigned int hooknum,
+					struct sk_buff **pskb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_input_last (unsigned int hooknum,
+				       struct sk_buff **pskb,
+				       const struct net_device *in,
+				       const struct net_device *out,
+				       int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_forward_first (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_forward_last (unsigned int hooknum,
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out,
+					 int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_output_first (unsigned int hooknum,
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out,
+					 int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_output_last (unsigned int hooknum,
+					struct sk_buff **pskb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_postroute_first (unsigned int hooknum,
+					    struct sk_buff **pskb,
+					    const struct net_device *in,
+					    const struct net_device *out,
+					    int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int cap_ip_postroute_last (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static void cap_ip_fragment (struct sk_buff *newskb,
+			     const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static int cap_ip_defragment (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static void cap_ip_encapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static void cap_ip_decapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
+				  unsigned char **pp_ptr)
+{
+	if (!skb && !capable (CAP_NET_RAW)) {
+		(const unsigned char *) *pp_ptr = optptr;
+		return -EPERM;
+	}
+	return 0;
+}
+
+static void cap_netdev_unregister (struct net_device *dev)
+{
+	return;
+}
+
+static int cap_socket_create (int family, int type, int protocol)
+{
+	return 0;
+}
+
+static void cap_socket_post_create (struct socket *sock, int family, int type,
+				    int protocol)
+{
+	return;
+}
+
+static int cap_socket_bind (struct socket *sock, struct sockaddr *address,
+			    int addrlen)
+{
+	return 0;
+}
+
+static int cap_socket_connect (struct socket *sock, struct sockaddr *address,
+			       int addrlen)
+{
+	return 0;
+}
+
+static int cap_socket_listen (struct socket *sock, int backlog)
+{
+	return 0;
+}
+
+static int cap_socket_accept (struct socket *sock, struct socket *newsock)
+{
+	return 0;
+}
+
+static int cap_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+			       int size)
+{
+	return 0;
+}
+
+static int cap_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+			       int size, int flags)
+{
+	return 0;
+}
+
+static int cap_socket_getsockname (struct socket *sock)
+{
+	return 0;
+}
+
+static int cap_socket_getpeername (struct socket *sock)
+{
+	return 0;
+}
+
+static int cap_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int cap_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int cap_socket_shutdown (struct socket *sock, int how)
+{
+	return 0;
+}
+
+static int cap_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int cap_socket_unix_stream_connect (struct socket *sock,
+					   struct socket *other)
+{
+	return 0;
+}
+
+static int cap_socket_unix_may_send (struct socket *sock, struct socket *other)
+{
+	return 0;
+}
+
+static int cap_module_create_module (const char *name_user, size_t size)
+{
+	return 0;
+}
+
+static int cap_module_init_module (struct module *mod_user)
+{
+	return 0;
+}
+
+static int cap_module_delete_module (const struct module *mod)
+{
+	return 0;
+}
+
+static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+	return 0;
+}
+
+static int cap_ipc_getinfo (int id, int cmd)
+{
+	return 0;
+}
+
+static int cap_msg_msg_alloc_security (struct msg_msg *msg)
+{
+	return 0;
+}
+
+static void cap_msg_msg_free_security (struct msg_msg *msg)
+{
+	return;
+}
+
+static int cap_msg_queue_alloc_security (struct msg_queue *msq)
+{
+	return 0;
+}
+
+static void cap_msg_queue_free_security (struct msg_queue *msq)
+{
+	return;
+}
+
+static int cap_msg_queue_associate (struct msg_queue *msq, int msgid,
+				    int msgflg)
+{
+	return 0;
+}
+
+static int cap_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+	return 0;
+}
+
+static int cap_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+				 int msgid, int msgflg)
+{
+	return 0;
+}
+
+static int cap_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+				 struct task_struct *target, long type,
+				 int mode)
+{
+	return 0;
+}
+
+static int cap_shm_alloc_security (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static void cap_shm_free_security (struct shmid_kernel *shp)
+{
+	return;
+}
+
+static int cap_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+	return 0;
+}
+
+static int cap_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+	return 0;
+}
+
+static int cap_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+			  int shmflg)
+{
+	return 0;
+}
+
+static int cap_sem_alloc_security (struct sem_array *sma)
+{
+	return 0;
+}
+
+static void cap_sem_free_security (struct sem_array *sma)
+{
+	return;
+}
+
+static int cap_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+	return 0;
+}
+
+static int cap_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+	return 0;
+}
+
+static int cap_sem_semop (struct sem_array *sma, int semid, struct sembuf *sops,
+			  unsigned nsops, int alter)
+{
+	return 0;
+}
+
+static int cap_skb_alloc_security (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int cap_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void cap_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static void cap_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
+static void cap_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
+static int cap_register (const char *name, struct security_operations *ops)
+{
+	return -EINVAL;
+}
+
+static int cap_unregister (const char *name, struct security_operations *ops)
+{
+	return -EINVAL;
+}
+
+static struct binprm_security_ops cap_binprm_ops = {
+	alloc_security:	cap_binprm_alloc_security,
+	free_security:	cap_binprm_free_security,
+	compute_creds:	cap_binprm_compute_creds,
+	set_security:	cap_binprm_set_security,
+};
+
+static struct super_block_security_ops cap_sb_ops = {
+	alloc_security:	cap_sb_alloc_security,
+	free_security:	cap_sb_free_security,
+	statfs:		cap_sb_statfs,
+	mount:		cap_mount,
+	check_sb:	cap_check_sb,
+	umount:		cap_umount,
+	umount_close:	cap_umount_close,
+	umount_busy:	cap_umount_busy,
+	post_remount:	cap_post_remount,
+	post_mountroot:	cap_post_mountroot,
+	post_addmount:	cap_post_addmount,
+};
+
+static struct inode_security_ops cap_inode_ops = {
+	alloc_security:	cap_inode_alloc_security,
+	free_security:	cap_inode_free_security,
+	create:		cap_inode_create,
+	post_create:	cap_inode_post_create,
+	link:		cap_inode_link,
+	post_link:	cap_inode_post_link,
+	unlink:		cap_inode_unlink,
+	symlink:	cap_inode_symlink,
+	post_symlink:	cap_inode_post_symlink,
+	mkdir:		cap_inode_mkdir,
+	post_mkdir:	cap_inode_post_mkdir,
+	rmdir:		cap_inode_rmdir,
+	mknod:		cap_inode_mknod,
+	post_mknod:	cap_inode_post_mknod,
+	rename:		cap_inode_rename,
+	post_rename:	cap_inode_post_rename,
+	readlink:	cap_inode_readlink,
+	follow_link:	cap_inode_follow_link,
+	permission:	cap_inode_permission,
+	revalidate:	cap_inode_revalidate,
+	setattr:	cap_inode_setattr,
+	stat:		cap_inode_stat,
+	post_lookup:	cap_post_lookup,
+	delete:		cap_delete,
+	setxattr:	cap_inode_setxattr,
+	getxattr:	cap_inode_getxattr,
+	listxattr:	cap_inode_listxattr,
+	removexattr:	cap_inode_removexattr,
+};
+
+static struct file_security_ops cap_file_ops = {
+	permission:	cap_file_permission,
+	alloc_security:	cap_file_alloc_security,
+	free_security:	cap_file_free_security,
+	llseek:		cap_file_llseek,
+	ioctl:		cap_file_ioctl,
+	mmap:		cap_file_mmap,
+	mprotect:	cap_file_mprotect,
+	lock:		cap_file_lock,
+	fcntl:		cap_file_fcntl,
+	set_fowner:	cap_file_set_fowner,
+	send_sigiotask:	cap_file_send_sigiotask,
+	receive:	cap_file_receive,
+};
+
+static struct task_security_ops cap_task_ops = {
+	create:		cap_task_create,
+	alloc_security:	cap_task_alloc_security,
+	free_security:	cap_task_free_security,
+	setuid:		cap_task_setuid,
+	post_setuid:	cap_task_post_setuid,
+	setgid:		cap_task_setgid,
+	setpgid:	cap_task_setpgid,
+	getpgid:	cap_task_getpgid,
+	getsid:		cap_task_getsid,
+	setgroups:	cap_task_setgroups,
+	setnice:	cap_task_setnice,
+	setrlimit:	cap_task_setrlimit,
+	setscheduler:	cap_task_setscheduler,
+	getscheduler:	cap_task_getscheduler,
+	wait:		cap_task_wait,
+	kill:		cap_task_kill,
+	prctl:		cap_task_prctl,
+	kmod_set_label:	cap_task_kmod_set_label,
+};
+
+static struct socket_security_ops cap_socket_ops = {
+	create:			cap_socket_create,
+	post_create:		cap_socket_post_create,
+	bind:			cap_socket_bind,
+	connect:		cap_socket_connect,
+	listen:			cap_socket_listen,
+	accept:			cap_socket_accept,
+	sendmsg:		cap_socket_sendmsg,
+	recvmsg:		cap_socket_recvmsg,
+	getsockname:		cap_socket_getsockname,
+	getpeername:		cap_socket_getpeername,
+	getsockopt:		cap_socket_getsockopt,
+	setsockopt:		cap_socket_setsockopt,
+	shutdown:		cap_socket_shutdown,
+	sock_rcv_skb:		cap_sock_rcv_skb,
+	unix_stream_connect:	cap_socket_unix_stream_connect,
+	unix_may_send:		cap_socket_unix_may_send,
+};
+
+static struct skb_security_ops cap_skb_ops = {
+	alloc_security:	cap_skb_alloc_security,
+	clone:		cap_skb_clone,
+	copy:		cap_skb_copy,
+	set_owner_w:	cap_skb_set_owner_w,
+	free_security:	cap_skb_free_security,
+};
+
+static struct ip_security_ops cap_ip_ops = {
+	preroute_first:		cap_ip_preroute_first,
+	preroute_last:		cap_ip_preroute_last,
+	input_first:		cap_ip_input_first,
+	input_last:		cap_ip_input_last,
+	forward_first:		cap_ip_forward_first,
+	forward_last:		cap_ip_forward_last,
+	output_first:		cap_ip_output_first,
+	output_last:		cap_ip_output_last,
+	postroute_first:	cap_ip_postroute_first,
+	postroute_last:		cap_ip_postroute_last,
+	fragment:		cap_ip_fragment,
+	defragment:		cap_ip_defragment,
+	encapsulate:		cap_ip_encapsulate,
+	decapsulate:		cap_ip_decapsulate,
+	decode_options:		cap_ip_decode_options,
+};
+
+static struct netdev_security_ops cap_netdev_ops = {
+	unregister:	cap_netdev_unregister,
+};
+
+static struct module_security_ops cap_module_ops = {
+	create_module:	cap_module_create_module,
+	init_module:	cap_module_init_module,
+	delete_module:	cap_module_delete_module,
+
+};
+
+static struct ipc_security_ops cap_ipc_ops = {
+	permission:	cap_ipc_permission,
+	getinfo:	cap_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops cap_msg_ops = {
+	alloc_security:	cap_msg_msg_alloc_security,
+	free_security:	cap_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops cap_msg_queue_ops = {
+	alloc_security:	cap_msg_queue_alloc_security,
+	free_security:	cap_msg_queue_free_security,
+	associate:	cap_msg_queue_associate,
+	msgctl:		cap_msg_queue_msgctl,
+	msgsnd:		cap_msg_queue_msgsnd,
+	msgrcv:		cap_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops cap_shm_ops = {
+	alloc_security:	cap_shm_alloc_security,
+	free_security:	cap_shm_free_security,
+	associate:	cap_shm_associate,
+	shmctl:		cap_shm_shmctl,
+	shmat:		cap_shm_shmat,
+};
+
+static struct sem_security_ops cap_sem_ops = {
+	alloc_security:	cap_sem_alloc_security,
+	free_security:	cap_sem_free_security,
+	associate:	cap_sem_associate,
+	semctl:		cap_sem_semctl,
+	semop:		cap_sem_semop,
+};
+
+static struct security_operations capability_ops = {
+	sethostname:		cap_sethostname,
+	setdomainname:		cap_setdomainname,
+	reboot:			cap_reboot,
+	ioperm:			cap_ioperm,
+	iopl:			cap_iopl,
+	ptrace:			cap_ptrace,
+	capget:			cap_capget,
+	capset_check:		cap_capset_check,
+	capset_set:		cap_capset_set,
+	acct:			cap_acct,
+	sysctl:			cap_sysctl,
+	capable:		cap_capable,
+	sys_security:		cap_sys_security,
+	swapon:			cap_swapon,
+	swapoff:		cap_swapoff,
+	nfsservctl:		cap_nfsservctl,
+	quotactl:		cap_quotactl,
+	quota_on:		cap_quota_on,
+	bdflush:		cap_bdflush,
+	syslog:			cap_syslog,
+	netlink_send:		cap_netlink_send,
+	netlink_recv:		cap_netlink_recv,
+
+	bprm_ops:		&cap_binprm_ops,
+	sb_ops:			&cap_sb_ops,
+	inode_ops:		&cap_inode_ops,
+	file_ops:		&cap_file_ops,
+	task_ops:		&cap_task_ops,
+	socket_ops:		&cap_socket_ops,
+	skb_ops:		&cap_skb_ops,
+	ip_ops:			&cap_ip_ops,
+	netdev_ops:		&cap_netdev_ops,
+	module_ops:		&cap_module_ops,
+	ipc_ops:		&cap_ipc_ops,
+	msg_msg_ops:		&cap_msg_ops,
+	msg_queue_ops:		&cap_msg_queue_ops,
+	shm_ops:		&cap_shm_ops,
+	sem_ops:		&cap_sem_ops,
+
+	register_security:	cap_register,
+	unregister_security:	cap_unregister,
+};
+
+#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
+#define MY_NAME THIS_MODULE->name
+#else
+#define MY_NAME "capability"
+#endif
+
+static int __init capability_init (void)
+{
+	/* register ourselves with the security framework */
+	if (register_security (&capability_ops)) {
+		printk (KERN_INFO
+			"Failure registering capabilities with the kernel\n");
+		/* try registering with primary module */
+		if (mod_reg_security (MY_NAME, &capability_ops)) {
+			printk (KERN_INFO "Failure registering capabilities "
+				"with primary security module.\n");
+			return -EINVAL;
+		}
+		secondary = 1;
+	}
+	printk (KERN_INFO "Capability LSM initialized\n");
+	return 0;
+}
+
+static void __exit capability_exit (void)
+{
+	/* remove ourselves from the security framework */
+	if (secondary) {
+		if (mod_unreg_security (MY_NAME, &capability_ops))
+			printk (KERN_INFO "Failure unregistering capabilities "
+				"with primary module.\n");
+		return;
+	}
+
+	if (unregister_security (&capability_ops)) {
+		printk (KERN_INFO
+			"Failure unregistering capabilities with the kernel\n");
+	}
+}
+
+module_init (capability_init);
+module_exit (capability_exit);
+
+MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/dte/Makefile b/security/dte/Makefile
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/Makefile	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,15 @@
+#
+# Makefile for the DTE code
+#
+
+O_TARGET := vmlinux-obj.o
+
+obj-$(CONFIG_SECURITY_DTE)	:= dte_plug.o
+
+dte-objs			:= dte.o inode.o mount.o read_policy.o task.o \
+					module.o path.o syscall.o
+
+include $(TOPDIR)/Rules.make
+
+dte_plug.o: $(dte-objs)
+	$(LD) -r -o $@ $(dte-objs)
diff --minimal -Nru a/security/dte/Makefile.in b/security/dte/Makefile.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/Makefile.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,6 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+objlink(CONFIG_SECURITY_DTE dte_plug.o dte.o inode.o mount.o read_policy.o task.o module.o path.o syscall.o)
+
+select(CONFIG_SECURITY_DTE dte_plug.o)
diff --minimal -Nru a/security/dte/dte.c b/security/dte/dte.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/dte.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1217 @@
+/*
+ *  Domain and Type Enforcement Security plug
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This essentially a copy of the capability_plug.h file, with a few
+ *	mods.  The dte functions to plug in here are in dte-funcs.c
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+#include <linux/fs.h>
+#include <asm/uaccess.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+
+extern int dte_initialized;
+struct security_operations *dte_secondary_ops;
+
+/*
+ * Prototypes for functions defined in dte-funcs.c
+ */
+
+extern int dte_sys_security(unsigned int id, unsigned int call,
+		unsigned long *args);
+extern void dte_post_mountroot (void);
+extern void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd);
+extern int dte_binprm_alloc_security (struct linux_binprm *bprm);
+extern void dte_binprm_free_security (struct linux_binprm *bprm);
+extern int dte_binprm_set_security (struct linux_binprm *bprm);
+extern int dte_inode_alloc_security	(struct inode *inode);
+extern void dte_inode_free_security	(struct inode *inode);
+extern void dte_inode_post_create (struct inode *inode, struct dentry *dentry, int mask);
+extern int dte_inode_permission (struct inode *inode, int mask);
+extern int dte_task_alloc_security (struct task_struct *p);
+extern void dte_task_free_security (struct task_struct *p);
+extern void dte_post_lookup (struct inode *ino, struct dentry *d);
+extern int dte_sb_alloc_security (struct super_block *sb);
+extern void dte_sb_free_security (struct super_block *sb);
+extern int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+			unsigned long flags, void * data);
+extern int dte_umount (struct vfsmount *mnt, int flags);
+extern int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+extern void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+				  int major, dev_t minor);
+extern void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+				    const char *name);
+extern void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+				  int mask);
+extern int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig);
+
+/* flag to keep track of how we were registered */
+/*static int secondary;*/
+
+/*
+ * Stub functions for the default security function pointers in case no
+ * security model is loaded */
+static int dte_sethostname (char *hostname)
+{
+	return 0;
+}
+
+static int dte_setdomainname (char *domainname)
+{
+	return 0;
+}
+
+static int dte_reboot (unsigned int cmd)
+{
+	return 0;
+}
+
+static int dte_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+	return 0;
+}
+
+static int dte_iopl (unsigned int old, unsigned int level)
+{
+	return 0;
+}
+
+/*
+ * not sure about this one
+ * For now, I will assume that if there is a dte_secondary_ops, then it
+ * will do the right thing for capable().  This is true as of now,
+ * since capability.c does the *right* thing, and owlsm.c does what
+ * we used to do.
+ * If no dte_secondary_ops, do same thing dummy.c did.
+ */
+static int dte_capable (struct task_struct *tsk, int cap)
+{
+	int rc;
+
+	if (dte_secondary_ops) {
+		rc = dte_secondary_ops->capable(tsk, cap);
+		return rc;
+	}
+	if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+		/* capability granted */
+		return 0;
+
+	/* capability denied */
+	return -EPERM;
+}
+
+static int dte_swapon (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int dte_swapoff (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int dte_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+	return 0;
+}
+
+static int dte_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+	return 0;
+}
+
+static int dte_quota_on (struct file *f)
+{
+	return 0;
+}
+
+static int dte_bdflush (int func, long data)
+{
+	return 0;
+}
+
+static int dte_syslog (int type)
+{
+	return 0;
+}
+
+static int dte_netlink_send (struct sk_buff *skb)
+{
+	NETLINK_CB (skb).eff_cap = current->cap_effective;
+	return 0;
+}
+
+static int dte_netlink_recv (struct sk_buff *skb)
+{
+	if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+static int dte_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+	int rc = 0;
+
+	if (dte_secondary_ops)
+		rc = dte_secondary_ops->ptrace(parent, child);
+
+	return rc;
+}
+
+static int dte_capget (struct task_struct *target, kernel_cap_t * effective,
+		       kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+	int rc = 0;
+
+	if (dte_secondary_ops)
+		rc = dte_secondary_ops->capget(target, effective, inheritable, permitted);
+
+	return rc;
+}
+
+static int dte_capset_check (struct task_struct *target,
+			     kernel_cap_t * effective,
+			     kernel_cap_t * inheritable,
+			     kernel_cap_t * permitted)
+{
+	int rc = 0;
+
+	if (dte_secondary_ops)
+		rc = dte_secondary_ops->capset_check(target, effective,
+				inheritable, permitted);
+
+	return rc;
+}
+
+static void dte_capset_set (struct task_struct *target,
+			    kernel_cap_t * effective,
+			    kernel_cap_t * inheritable,
+			    kernel_cap_t * permitted)
+{
+	if (dte_secondary_ops)
+		dte_secondary_ops->capset_set(target, effective,
+				inheritable, permitted);
+}
+
+static int dte_acct (struct file *file)
+{
+	return 0;
+}
+
+static int dte_sysctl (ctl_table * table, int op)
+{
+	return 0;
+}
+
+/* Copied from fs/exec.c */
+static inline int must_not_trace_exec (struct task_struct *p)
+{
+	return (p->ptrace & PT_PTRACED)
+	    && dte_capable (p->p_pptr, CAP_SYS_PTRACE);
+}
+
+static void dte_binprm_compute_creds (struct linux_binprm *bprm)
+{
+	if (dte_secondary_ops)
+		dte_secondary_ops->bprm_ops->compute_creds(bprm);
+}
+
+static int dte_sb_statfs (struct super_block *sb)
+{
+	return 0;
+}
+
+static void dte_umount_close (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void dte_umount_busy (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void dte_post_remount (struct vfsmount *mnt, unsigned long flags,
+			      void *data)
+{
+	return;
+}
+
+static int dte_inode_create (struct inode *inode, struct dentry *dentry,
+			     int mask)
+{
+	return 0;
+}
+
+static int dte_inode_link (struct dentry *old_dentry, struct inode *inode,
+			   struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void dte_inode_post_link (struct dentry *old_dentry, struct inode *inode,
+				 struct dentry *new_dentry)
+{
+	return;
+}
+
+static int dte_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dte_inode_symlink (struct inode *inode, struct dentry *dentry,
+			      const char *name)
+{
+	return 0;
+}
+
+static int dte_inode_mkdir (struct inode *inode, struct dentry *dentry,
+			    int mask)
+{
+	return 0;
+}
+
+static int dte_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dte_inode_mknod (struct inode *inode, struct dentry *dentry,
+			    int major, dev_t minor)
+{
+	return 0;
+}
+
+static int dte_inode_rename (struct inode *old_inode, struct dentry *old_dentry,
+			     struct inode *new_inode, struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void dte_inode_post_rename (struct inode *old_inode,
+				   struct dentry *old_dentry,
+				   struct inode *new_inode,
+				   struct dentry *new_dentry)
+{
+	return;
+}
+
+static int dte_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dte_inode_follow_link (struct dentry *dentry,
+				  struct nameidata *nameidata)
+{
+	int rc = 0;
+
+	if (dte_secondary_ops)
+		rc = dte_secondary_ops->inode_ops->follow_link(dentry, nameidata);
+
+	return rc;
+}
+
+static int dte_inode_revalidate (struct dentry *inode)
+{
+	return 0;
+}
+
+static int dte_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+	return 0;
+}
+
+static int dte_inode_stat (struct inode *inode)
+{
+	return 0;
+}
+
+static void dte_delete (struct inode *ino)
+{
+	return;
+}
+
+static int dte_inode_setxattr (struct dentry *dentry, char *name, void *value,
+				size_t size, int flags)
+{
+	return 0;
+}
+
+static int dte_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int dte_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dte_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int dte_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static int dte_file_alloc_security (struct file *file)
+{
+	return 0;
+}
+
+static void dte_file_free_security (struct file *file)
+{
+	return;
+}
+
+static int dte_file_llseek (struct file *file)
+{
+	return 0;
+}
+
+static int dte_file_ioctl (struct file *file, unsigned int command,
+			   unsigned long arg)
+{
+	return 0;
+}
+
+static int dte_file_mmap (struct file *file, unsigned long prot,
+			  unsigned long flags)
+{
+	return 0;
+}
+
+static int dte_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+	return 0;
+}
+
+static int dte_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+	return 0;
+}
+
+static int dte_file_fcntl (struct file *file, unsigned int cmd,
+			   unsigned long arg)
+{
+	return 0;
+}
+
+static int dte_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static int dte_file_send_sigiotask (struct task_struct *tsk,
+				    struct fown_struct *fown, int fd,
+				    int reason)
+{
+	return 0;
+}
+
+static int dte_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static int dte_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static int dte_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	return 0;
+}
+
+/* moved from kernel/sys.c. */
+/* 
+ * dte_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ *  1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ *  {r,e,s}uid != 0, the permitted and effective capabilities are
+ *  cleared.
+ *
+ *  2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ *  capabilities of the process are cleared.
+ *
+ *  3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ *  capabilities are set to the permitted capabilities.
+ *
+ *  fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 
+ *  never happen.
+ *
+ *  -astor 
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void dte_emulate_setxuid (int old_ruid, int old_euid,
+					int old_suid)
+{
+	if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+	    (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+	    !current->keep_capabilities) {
+		cap_clear (current->cap_permitted);
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid == 0 && current->euid != 0) {
+		cap_clear (current->cap_effective);
+	}
+	if (old_euid != 0 && current->euid == 0) {
+		current->cap_effective = current->cap_permitted;
+	}
+}
+
+static int dte_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+				 int flags)
+{
+	int rc = 0;
+	if (dte_secondary_ops)
+		return dte_secondary_ops->task_ops->post_setuid(old_ruid, old_euid,
+				old_suid, flags);
+	return rc;
+}
+
+static int dte_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+	return 0;
+}
+
+static int dte_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return 0;
+}
+
+static int dte_task_getpgid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dte_task_getsid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dte_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+	return 0;
+}
+
+static int dte_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static int dte_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static int dte_task_setscheduler (struct task_struct *p, int policy,
+				  struct sched_param *lp)
+{
+	return 0;
+}
+
+static int dte_task_getscheduler (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dte_task_wait (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dte_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+			   unsigned long arg4, unsigned long arg5)
+{
+	return 0;
+}
+
+static void dte_task_kmod_set_label (void)
+{
+	if (dte_secondary_ops)
+		dte_secondary_ops->task_ops->kmod_set_label();
+}
+
+static unsigned int dte_ip_preroute_first (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_preroute_last (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_input_first (unsigned int hooknum,
+					struct sk_buff **pskb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_input_last (unsigned int hooknum,
+				       struct sk_buff **pskb,
+				       const struct net_device *in,
+				       const struct net_device *out,
+				       int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_forward_first (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_forward_last (unsigned int hooknum,
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out,
+					 int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_output_first (unsigned int hooknum,
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out,
+					 int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_output_last (unsigned int hooknum,
+					struct sk_buff **pskb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_postroute_first (unsigned int hooknum,
+					    struct sk_buff **pskb,
+					    const struct net_device *in,
+					    const struct net_device *out,
+					    int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dte_ip_postroute_last (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static void dte_ip_fragment (struct sk_buff *newskb,
+			     const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static int dte_ip_defragment (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static void dte_ip_encapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static void dte_ip_decapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static int dte_ip_decode_options (struct sk_buff *skb, const char *optptr,
+				  unsigned char **pp_ptr)
+{
+	if (!skb && !capable (CAP_NET_RAW)) {
+		(const unsigned char *) *pp_ptr = optptr;
+		return -EPERM;
+	}
+	return 0;
+}
+
+static void dte_netdev_unregister (struct net_device *dev)
+{
+	return;
+}
+
+static int dte_socket_create (int family, int type, int protocol)
+{
+	return 0;
+}
+
+static void dte_socket_post_create (struct socket *sock, int family, int type,
+				    int protocol)
+{
+	return;
+}
+
+static int dte_socket_bind (struct socket *sock, struct sockaddr *address,
+			    int addrlen)
+{
+	return 0;
+}
+
+static int dte_socket_connect (struct socket *sock, struct sockaddr *address,
+			       int addrlen)
+{
+	return 0;
+}
+
+static int dte_socket_listen (struct socket *sock, int backlog)
+{
+	return 0;
+}
+
+static int dte_socket_accept (struct socket *sock, struct socket *newsock)
+{
+	return 0;
+}
+
+static int dte_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+			       int size)
+{
+	return 0;
+}
+
+static int dte_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+			       int size, int flags)
+{
+	return 0;
+}
+
+static int dte_socket_getsockname (struct socket *sock)
+{
+	return 0;
+}
+
+static int dte_socket_getpeername (struct socket *sock)
+{
+	return 0;
+}
+
+static int dte_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int dte_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int dte_socket_shutdown (struct socket *sock, int how)
+{
+	return 0;
+}
+
+static int dte_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int dte_socket_unix_stream_connect (struct socket *sock,
+					   struct socket *other)
+{
+	return 0;
+}
+
+static int dte_socket_unix_may_send (struct socket *sock, struct socket *other)
+{
+	return 0;
+}
+
+static int dte_module_create_module (const char *name_user, size_t size)
+{
+	return 0;
+}
+
+static int dte_module_init_module (struct module *mod_user)
+{
+	return 0;
+}
+
+static int dte_module_delete_module (const struct module *mod)
+{
+	return 0;
+}
+
+static int dte_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+	return 0;
+}
+
+static int dte_ipc_getinfo (int id, int cmd)
+{
+	return 0;
+}
+
+static int dte_msg_msg_alloc_security (struct msg_msg *msg)
+{
+	return 0;
+}
+
+static void dte_msg_msg_free_security (struct msg_msg *msg)
+{
+	return;
+}
+
+static int dte_msg_queue_alloc_security (struct msg_queue *msq)
+{
+	return 0;
+}
+
+static void dte_msg_queue_free_security (struct msg_queue *msq)
+{
+	return;
+}
+
+static int dte_msg_queue_associate (struct msg_queue *msq, int msgid,
+				    int msgflg)
+{
+	return 0;
+}
+
+static int dte_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+	return 0;
+}
+
+static int dte_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+				 int msgid, int msgflg)
+{
+	return 0;
+}
+
+static int dte_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+				 struct task_struct *target, long type,
+				 int mode)
+{
+	return 0;
+}
+
+static int dte_shm_alloc_security (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static void dte_shm_free_security (struct shmid_kernel *shp)
+{
+	return;
+}
+
+static int dte_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+	return 0;
+}
+
+static int dte_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+	return 0;
+}
+
+static int dte_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+			  int shmflg)
+{
+	return 0;
+}
+
+static int dte_sem_alloc_security (struct sem_array *sma)
+{
+	return 0;
+}
+
+static void dte_sem_free_security (struct sem_array *sma)
+{
+	return;
+}
+
+static int dte_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+	return 0;
+}
+
+static int dte_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+	return 0;
+}
+
+static int dte_sem_semop (struct sem_array *sma, int semid, struct sembuf *sops,
+			  unsigned nsops, int alter)
+{
+	return 0;
+}
+
+static int dte_skb_alloc_security (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int dte_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void dte_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static void dte_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
+static void dte_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
+static int dte_register (const char *name, struct security_operations *ops)
+{
+	int rc;
+
+	if (dte_secondary_ops) {
+		rc = dte_secondary_ops->register_security(name, ops);
+		printk("DTE: registering +tertiary module %s returned %d.\n",
+				name, rc);
+		return rc;
+	}
+	if (strcmp(name,"capability")==0 ||
+			strcmp(name, "owlsm")==0) {
+		dte_secondary_ops = ops;
+		printk(KERN_NOTICE "DTE: Registering security module %s.\n", name);
+		return 0;
+	}
+	printk(KERN_NOTICE 
+	"Only capability and openwall modules may be registered with DTE.\n");
+	printk(KERN_NOTICE "DTE: module %s may not be loaded.\n", name);
+	return -EINVAL;
+}
+
+static int dte_unregister (const char *name, struct security_operations *ops)
+{
+	if (!dte_secondary_ops) {
+		printk(KERN_NOTICE "DTE: no secondary module %s.\n", name);
+		return -EINVAL;
+	} else if (ops == dte_secondary_ops) {
+		dte_secondary_ops = NULL;
+		printk(KERN_NOTICE "DTE: unregistering module %s.\n", name);
+		return 0;
+	} else
+		return dte_secondary_ops->unregister_security(name, ops);
+}
+
+static struct binprm_security_ops dte_binprm_ops = {
+	alloc_security:	dte_binprm_alloc_security,
+	free_security:	dte_binprm_free_security,
+	compute_creds:	dte_binprm_compute_creds,
+	set_security:	dte_binprm_set_security,
+};
+
+static struct super_block_security_ops dte_sb_ops = {
+	alloc_security:	dte_sb_alloc_security,
+	free_security:	dte_sb_free_security,
+	statfs:		dte_sb_statfs,
+	mount:		dte_mount,
+	check_sb:		dte_check_sb,
+	umount:		dte_umount,
+	umount_close:	dte_umount_close,
+	umount_busy:	dte_umount_busy,
+	post_remount:	dte_post_remount,
+	post_mountroot:	dte_post_mountroot,
+	post_addmount:	dte_post_addmount,
+};
+
+static struct inode_security_ops dte_inode_ops = {
+	alloc_security:	dte_inode_alloc_security,
+	free_security:	dte_inode_free_security,
+	create:		dte_inode_create,
+	post_create:	dte_inode_post_create,
+	link:		dte_inode_link,
+	post_link:	dte_inode_post_link,
+	unlink:		dte_inode_unlink,
+	symlink:	dte_inode_symlink,
+	post_symlink:	dte_inode_post_symlink,
+	mkdir:		dte_inode_mkdir,
+	post_mkdir:	dte_inode_post_mkdir,
+	rmdir:		dte_inode_rmdir,
+	mknod:		dte_inode_mknod,
+	post_mknod:	dte_inode_post_mknod,
+	rename:		dte_inode_rename,
+	post_rename:	dte_inode_post_rename,
+	readlink:	dte_inode_readlink,
+	follow_link:	dte_inode_follow_link,
+	permission:	dte_inode_permission,
+	revalidate:	dte_inode_revalidate,
+	setattr:	dte_inode_setattr,
+	stat:		dte_inode_stat,
+	post_lookup:	dte_post_lookup,
+	delete:		dte_delete,
+	setxattr:	dte_inode_setxattr,
+	getxattr:	dte_inode_getxattr,
+	listxattr:	dte_inode_listxattr,
+	removexattr:	dte_inode_removexattr,
+};
+
+static struct file_security_ops dte_file_ops = {
+	permission:	dte_file_permission,
+	alloc_security:	dte_file_alloc_security,
+	free_security:	dte_file_free_security,
+	llseek:		dte_file_llseek,
+	ioctl:		dte_file_ioctl,
+	mmap:		dte_file_mmap,
+	mprotect:	dte_file_mprotect,
+	lock:		dte_file_lock,
+	fcntl:		dte_file_fcntl,
+	set_fowner:	dte_file_set_fowner,
+	send_sigiotask:	dte_file_send_sigiotask,
+	receive:	dte_file_receive,
+};
+
+static struct task_security_ops dte_task_ops = {
+	create:		dte_task_create,
+	alloc_security:	dte_task_alloc_security,
+	free_security:	dte_task_free_security,
+	setuid:		dte_task_setuid,
+	post_setuid:	dte_task_post_setuid,
+	setgid:		dte_task_setgid,
+	setpgid:	dte_task_setpgid,
+	getpgid:	dte_task_getpgid,
+	getsid:		dte_task_getsid,
+	setgroups:	dte_task_setgroups,
+	setnice:	dte_task_setnice,
+	setrlimit:	dte_task_setrlimit,
+	setscheduler:	dte_task_setscheduler,
+	getscheduler:	dte_task_getscheduler,
+	wait:		dte_task_wait,
+	kill:		dte_task_kill,
+	prctl:		dte_task_prctl,
+	kmod_set_label:	dte_task_kmod_set_label,
+};
+
+static struct socket_security_ops dte_socket_ops = {
+	create:			dte_socket_create,
+	post_create:		dte_socket_post_create,
+	bind:			dte_socket_bind,
+	connect:		dte_socket_connect,
+	listen:			dte_socket_listen,
+	accept:			dte_socket_accept,
+	sendmsg:		dte_socket_sendmsg,
+	recvmsg:		dte_socket_recvmsg,
+	getsockname:		dte_socket_getsockname,
+	getpeername:		dte_socket_getpeername,
+	getsockopt:		dte_socket_getsockopt,
+	setsockopt:		dte_socket_setsockopt,
+	shutdown:		dte_socket_shutdown,
+	sock_rcv_skb:		dte_sock_rcv_skb,
+	unix_stream_connect:	dte_socket_unix_stream_connect,
+	unix_may_send:		dte_socket_unix_may_send,
+};
+
+static struct skb_security_ops dte_skb_ops = {
+	alloc_security:	dte_skb_alloc_security,
+	clone:		dte_skb_clone,
+	copy:		dte_skb_copy,
+	set_owner_w:	dte_skb_set_owner_w,
+	free_security:	dte_skb_free_security,
+};
+
+static struct ip_security_ops dte_ip_ops = {
+	preroute_first:		dte_ip_preroute_first,
+	preroute_last:		dte_ip_preroute_last,
+	input_first:		dte_ip_input_first,
+	input_last:		dte_ip_input_last,
+	forward_first:		dte_ip_forward_first,
+	forward_last:		dte_ip_forward_last,
+	output_first:		dte_ip_output_first,
+	output_last:		dte_ip_output_last,
+	postroute_first:	dte_ip_postroute_first,
+	postroute_last:		dte_ip_postroute_last,
+	fragment:		dte_ip_fragment,
+	defragment:		dte_ip_defragment,
+	encapsulate:		dte_ip_encapsulate,
+	decapsulate:		dte_ip_decapsulate,
+	decode_options:		dte_ip_decode_options,
+};
+
+static struct netdev_security_ops dte_netdev_ops = {
+	unregister:	dte_netdev_unregister,
+};
+
+static struct module_security_ops dte_module_ops = {
+	create_module:	dte_module_create_module,
+	init_module:	dte_module_init_module,
+	delete_module:	dte_module_delete_module,
+
+};
+
+static struct ipc_security_ops dte_ipc_ops = {
+	permission:	dte_ipc_permission,
+	getinfo:	dte_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops dte_msg_ops = {
+	alloc_security:	dte_msg_msg_alloc_security,
+	free_security:	dte_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops dte_msg_queue_ops = {
+	alloc_security:	dte_msg_queue_alloc_security,
+	free_security:	dte_msg_queue_free_security,
+	associate:	dte_msg_queue_associate,
+	msgctl:		dte_msg_queue_msgctl,
+	msgsnd:		dte_msg_queue_msgsnd,
+	msgrcv:		dte_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops dte_shm_ops = {
+	alloc_security:	dte_shm_alloc_security,
+	free_security:	dte_shm_free_security,
+	associate:	dte_shm_associate,
+	shmctl:		dte_shm_shmctl,
+	shmat:		dte_shm_shmat,
+};
+
+static struct sem_security_ops dte_sem_ops = {
+	alloc_security:	dte_sem_alloc_security,
+	free_security:	dte_sem_free_security,
+	associate:	dte_sem_associate,
+	semctl:		dte_sem_semctl,
+	semop:		dte_sem_semop,
+};
+
+struct security_operations dte_security_ops = {
+	sethostname:		dte_sethostname,
+	setdomainname:		dte_setdomainname,
+	reboot:			dte_reboot,
+	ioperm:			dte_ioperm,
+	iopl:			dte_iopl,
+	ptrace:			dte_ptrace,
+	capget:			dte_capget,
+	capset_check:		dte_capset_check,
+	capset_set:		dte_capset_set,
+	acct:			dte_acct,
+	sysctl:			dte_sysctl,
+	capable:		dte_capable,
+	sys_security:		dte_sys_security,
+	swapon:			dte_swapon,
+	swapoff:		dte_swapoff,
+	nfsservctl:		dte_nfsservctl,
+	quotactl:		dte_quotactl,
+	quota_on:		dte_quota_on,
+	bdflush:		dte_bdflush,
+	syslog:			dte_syslog,
+	netlink_send:		dte_netlink_send,
+	netlink_recv:		dte_netlink_recv,
+
+	bprm_ops:		&dte_binprm_ops,
+	sb_ops:			&dte_sb_ops,
+	inode_ops:		&dte_inode_ops,
+	file_ops:		&dte_file_ops,
+	task_ops:		&dte_task_ops,
+	socket_ops:		&dte_socket_ops,
+	skb_ops:		&dte_skb_ops,
+	ip_ops:			&dte_ip_ops,
+	netdev_ops:		&dte_netdev_ops,
+	module_ops:		&dte_module_ops,
+	ipc_ops:		&dte_ipc_ops,
+	msg_msg_ops:		&dte_msg_ops,
+	msg_queue_ops:		&dte_msg_queue_ops,
+	shm_ops:		&dte_shm_ops,
+	sem_ops:		&dte_sem_ops,
+
+	register_security:	dte_register,
+	unregister_security:	dte_unregister,
+};
+
+extern void setup_dte_module(void);
+
+static int __init dte_plug_init (void)
+{
+	/* register ourselves with the security framework */
+	if (register_security (&dte_security_ops)) {
+		printk (KERN_INFO "Failure registering DTE with the kernel\n");
+		return -EINVAL;
+	}
+	dte_initialized = 0;
+	dte_secondary_ops = NULL;
+#ifdef MODULE
+	printk(KERN_NOTICE "Setting up DTE...\n");
+	setup_dte_module();
+	printk(KERN_NOTICE "Finished setting up DTE.\n");
+#endif
+	printk(KERN_INFO "Domain and Type Enforcement Plug initialized\n");
+	return 0;
+}
+
+static void __exit dte_plug_exit (void)
+{
+	if (unregister_security (&dte_security_ops)) {
+		printk(KERN_INFO "Failure unregistering DTE with the kernel\n");
+	}
+}
+
+module_init (dte_plug_init);
+module_exit (dte_plug_exit);
+
+MODULE_AUTHOR("Serge Hallyn");
+MODULE_DESCRIPTION("Linux DTE Security Module");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/dte/dte.h b/security/dte/dte.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/dte.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,283 @@
+#ifndef __DTE_H
+#define __DTE_H
+
+/*
+ *  Domain and Type Enforcement Security plug
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include <linux/fs.h>
+#include <asm/uaccess.h>
+#include <linux/file.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/mount.h>
+
+/* type access */
+#define DTE_READ    1
+#define DTE_WRITE   2
+#define DTE_EXECUTE 4
+#define DTE_APPEND  8
+#define DTE_READDIR 16
+#define DTE_CREATE  32
+#define DTE_DESCEND 64
+
+/* same thing */
+#define DTE_FR   1
+#define DTE_FW   2
+#define DTE_FX   4
+#define DTE_FA   8
+#define DTE_DR  16
+#define DTE_DW  32
+#define DTE_DX  64
+
+#define DTE_ACCESS_GRANTED 0
+#define DTE_FR_DENIED      1
+#define DTE_FW_DENIED      2
+#define DTE_FX_DENIED      3
+#define DTE_FA_DENIED      4
+#define DTE_DR_DENIED      5
+#define DTE_DW_DENIED      6
+#define DTE_DX_DENIED      7
+#define DTE_ERR_NOHASH     8
+#define DTE_ERR_NOENT      8
+
+/* domain access */
+#define DTE_EXEC 1
+#define DTE_AUTO 2
+
+#define dte_fr_access(x) (x & DTE_READ)
+#define dte_fw_access(x) (x & DTE_WRITE)
+#define dte_fx_access(x) (x & DTE_EXECUTE)
+#define dte_create_access(x)  (x & DTE_CREATE)
+#define dte_dw_access(x)      (x & DTE_CREATE)
+#define dte_descend_access(x) (x & DTE_DESCEND)
+#define dte_dx_access(x)      (x & DTE_DESCEND)
+#define dte_readdir_access(x) (x & DTE_READDIR)
+#define dte_dr_access(x)      (x & DTE_READDIR)
+
+#define dte_exec_access(x) (x & DTE_EXEC)
+#define dte_auto_access(x) (x & DTE_AUTO)
+
+#define NAME_ALLOC_LEN(len)   ((len+16) & ~15)
+
+/*
+ * SECTION
+ * mapnodes:
+ * mirror the dentry tree as far down as type assignment rules go.
+ * Every inode whose (first-loaded) name is subject to a type
+ * assignment rule will point to a mapnode.
+ */
+struct dte_map_node {
+	char *name;
+	int namelen;
+	char *etype, *utype;
+	int num_kids;
+	struct dte_map_node **kids;
+	struct dte_map_node *hash_next;
+};
+
+/*
+ * SECTION
+ * mount restrictions/pretend stuff
+ */
+
+#define DTE_MOUNT_PRETEND  1
+#define DTE_MOUNT_RESTRICT 2
+struct dte_mntr {
+	unsigned char maj, min;
+	char summ[8];  /* for hashing, convenience: "maj,min" */
+	char *path;
+	char how;
+	struct dte_mntr *hash_next;
+};
+
+/*
+ * SECTION
+ * dte-lsm security labels
+ */
+struct dte_inode_sec {
+	char *etype;
+	char *utype;
+	struct dte_map_node *map;
+	char initialized;
+	struct semaphore s_sem;
+};
+
+struct dte_task_sec {
+	struct dte_domain_t *dte_domain;
+	struct dte_domain_t *dte_back;
+};
+
+struct dte_sb_sec {
+	char initialized;
+	struct semaphore s_sem;
+
+	/* hierarchical type assignment */
+	/* this may become a list, to deal with cloned fs trees */
+	struct vfsmount *mnt_parent;
+	struct dentry *mountpoint;
+
+	/* type assignment through external attributes */
+	/* use a inode->type file... */
+	int ntypes;
+	char **type_conv;   /* type conversion array */
+	struct file *fp;     /* the file storing ino->type */
+	char fp_ready;
+	int offset;  /* offset into file where inodes start */
+};
+
+/* entry points into domains */
+/* this used to be done by filenames.  However we no longer have access at
+ * run-time to filenames.  So we determine entry points by typename.  Ugh.
+ */
+struct dte_ep {
+	char   *type;
+	struct dte_ep *hash_next;
+};
+
+/*
+ * the next two are hashed by domain name
+ */
+struct dte_ea {
+	struct dte_domain_t *other_domain;  /* points into dte_domain_cache */
+	unsigned char access;
+	struct dte_ea *hash_next;
+};
+
+/*
+ * since domains may send any signals to themselves, we use the
+ * domain being defined as recv_domain for ->0 definitions.  That
+ * is, if d->sa[j]->recv_domain==d, then d->sa[j]->sig may be sent
+ * to anyone
+ */
+struct dte_sa {
+	struct dte_domain_t *recv_domain;
+	int signal;       /* 0 means all signals */
+	struct dte_sa *hash_next;
+};
+
+struct dte_gateway {
+	char *type;  /* dte type of files which may be used to enter a domain */
+	struct dte_domain_t *domain;
+	struct dte_gateway *hash_next;
+};
+
+/*
+ * hashed by type name
+ */
+struct dte_ta {
+	char *type;  /* points into dte_type_cache */
+	unsigned char access;
+	struct dte_ta *hash_next;
+};
+
+struct dte_domain_t {
+	char *name;
+	int namelen;
+	int num_ep;
+	struct dte_ep *ep;
+	int num_ta;
+	struct dte_ta *ta;
+	int num_ea;
+	struct dte_ea *ea;
+	int num_sa;
+	struct dte_sa *sa;
+	int num_gw;             /* number of gateways */
+	struct dte_gateway *gw; /* gateways into other domains */
+	struct dte_domain_t *hash_next;
+};
+
+/*
+ * SECTION
+ * defs/structs to aid in reading policy file
+ */
+
+/* states reached during the reading of /etc/dte.conf */
+#define DTE_STATE_TYPES 1
+#define DTE_STATE_DOMAINS 2
+#define DTE_STATE_DEFS 3
+#define DTE_STATE_SPECD 4
+#define DTE_STATE_TA 5  /* type assigns */
+#define DTE_STATE_DONE 30
+
+struct dte_fdata {
+	struct file *fin;
+	int numbufs;  /* how many buffers have been read? */
+	int state;
+	char buffer[4096];
+	int buflen;   /* how much was actually read into buffer */
+	int eof;      /* have we reached end of file? */
+	char *blin, *elin;  /* start and end of current line */
+	char *mark;   /* after buffer read, points to prev eob */
+	int len;      /* length of current line */
+	mm_segment_t *fs;
+};
+
+/* from read_policy.c: */
+unsigned int dte_hash(const char *s, int n);
+unsigned int dte_hash_c(char *c, char *ce, int n);
+int read_dte_config(void);
+int dte_setup_gateways(void);
+#ifdef CONFIG_DTE_VERBOSE
+void show_dte(void);
+#endif
+char *dte_get_type(char *c, char *ce);
+
+/* from inode.c: */
+void dte_copy_ino_sec(struct inode *p, struct inode *c);
+void dte_post_lookup (struct inode *ino, struct dentry *d);
+int dte_inode_alloc_security	(struct inode *inode);
+void dte_inode_free_security	(struct inode *inode);
+void dte_inode_post_create (struct inode *inode, struct dentry *dentry,
+			int mask);
+void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+			int major, dev_t minor);
+void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+				    const char *name);
+void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+				  int mask);
+int dte_inode_permission (struct inode *inode, int mask);
+int find_type_conv(char **conv_array, int array_size, char *type);
+
+/* from mount.c: */
+void hierarchical_setup(struct vfsmount *mnt);
+void dte_post_mountroot (void);
+void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd);
+int dte_sb_alloc_security (struct super_block *sb);
+void dte_sb_free_security (struct super_block *sb);
+void dte_setup_eafile(struct super_block *sb, struct vfsmount *mnt);
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+			unsigned long flags, void * data);
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+			unsigned long flags, void * data);
+int dte_umount (struct vfsmount *mnt, int flags);
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd);
+
+/* from path.c: */
+struct dte_map_node *dte_find_map_node_create(char *path);
+int dte_c_maptohash(struct dte_map_node *p);
+char * dte_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
+			char *buffer, int buflen);
+struct dte_map_node *mapnode_getkid(struct dte_map_node *m,
+			const unsigned char *name);
+
+/* from syscall.c: */
+int dte_sys_security(unsigned int id, unsigned int call,
+		unsigned long *args);
+
+/* from task.c: */
+int dte_binprm_alloc_security (struct linux_binprm *bprm);
+void dte_binprm_free_security (struct linux_binprm *bprm);
+int dte_binprm_set_security (struct linux_binprm *bprm);
+int dte_task_alloc_security (struct task_struct *p);
+void dte_task_free_security (struct task_struct *p);
+int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig);
+#endif
diff --minimal -Nru a/security/dte/inode.c b/security/dte/inode.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/inode.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,374 @@
+/*
+ * security/dte/inode.c
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int dte_debug;
+extern int dte_bitchmode;
+
+void dte_copy_ino_sec(struct inode *p, struct inode *c)
+{
+	struct dte_inode_sec *ps, *cs;
+
+	ps = (struct dte_inode_sec *)p->i_security;
+	cs = (struct dte_inode_sec *)c->i_security;
+	if (!cs) {
+		dte_inode_alloc_security(c);
+		cs = (struct dte_inode_sec *)c->i_security;
+	}
+	cs->etype = ps->etype;
+	cs->utype = ps->utype;
+	cs->map   = ps->map;
+	sema_init(&cs->s_sem, 1);
+	cs->initialized = 1;
+}
+
+static inline void dte_real_postlookup (struct inode *ino, 
+		struct dentry *d, int create)
+{
+	struct inode *di;  /* inode taken from child dentry */
+	/*
+	 * p is security field for parent inode
+	 * c is security field for child inode
+	 */
+	struct dte_inode_sec *p, *c;
+	struct dte_sb_sec *sb_sec; /* superblock security field */
+	long long offset;
+	unsigned char buf[2];
+	int et, ret;
+	mm_segment_t old_fs;
+
+#ifdef CONFIG_DTE_DEBUG
+	printk(KERN_NOTICE "dte_real_postlookup: called on %s.\n", d->d_iname);
+#endif
+
+	if (!dte_initialized) return;
+	if (!d || !(di = d->d_inode)) {
+		return;
+	}
+	c = (struct dte_inode_sec *) di->i_security;
+	p = (struct dte_inode_sec *) ino->i_security;
+#if 1
+	if (!p)		/* this ought never happen */
+		panic("no security object on parent inode %lu!\n",ino->i_ino);
+	if (!c) {
+		printk(KERN_NOTICE "no security object on child inode %s!\n",
+				d->d_iname);
+		dte_inode_alloc_security(di);
+		c = di->i_security;
+	}
+#endif
+	down(&c->s_sem);
+	if (c->initialized) {
+		up(&c->s_sem);
+		return;
+	}
+
+	sb_sec = (struct dte_sb_sec *)di->i_sb->s_security;
+	if (!sb_sec) {
+		panic("dte_post_lookup: no s_security on inode's sb, %lu.\n", di->i_ino);
+	}
+
+	/* assign types using the hierarchical scheme */
+
+#ifdef CONFIG_DTE_DEBUG
+	printk(KERN_NOTICE "dte_real_postlookup: looking up %s.\n", d->d_iname);
+#endif
+
+	c->map = NULL;
+	c->utype = c->etype = p->utype;
+	c->initialized = 1;
+
+	if (p->map && p->map->num_kids) {
+		c->map = mapnode_getkid(p->map, d->d_name.name);
+		if (c->map) {
+			if (c->map->etype)
+				c->etype = c->map->etype;
+			if (c->map->utype)
+				c->utype = c->map->utype;
+		}
+	}
+
+	if (create || !sb_sec->fp_ready) {
+		up(&c->s_sem);
+		return;
+	}
+
+	/* 
+	 * Read types from ea file
+	 * We leave the mapnodes as are, but, if a valid type is found, we use
+	 * that for both etype and utype
+	 *
+	 * An alternative would be to use it only for etype.  Not sure which is
+	 * best.
+	 */
+	c->map = NULL;
+	if (sb_sec->ntypes<128) {
+		offset = sb_sec->offset+di->i_ino;
+		old_fs = get_fs();
+		set_fs(KERNEL_DS);
+		ret = sb_sec->fp->f_op->read(sb_sec->fp, buf, 1, &offset);
+		set_fs(old_fs);
+		if (ret<0)
+			printk(KERN_NOTICE "dte_post_lookup: read(1) returned %d.\n", ret);
+		et = (int)(*((unsigned char *)buf));
+	} else {
+		offset = sb_sec->offset+2*di->i_ino;
+		old_fs = get_fs();
+		set_fs(KERNEL_DS);
+		ret = sb_sec->fp->f_op->read(sb_sec->fp, buf, 2, &offset);
+		set_fs(old_fs);
+		if (ret<0)
+			printk(KERN_NOTICE "dte_post_lookup: read(2) returned %d.\n", ret);
+		et = (int)(*((unsigned short *)buf));
+	}
+
+	if (et!=sb_sec->ntypes) {
+		c->utype = c->etype = sb_sec->type_conv[et];
+		c->initialized = 1;
+	}
+	up(&c->s_sem);
+}
+
+void dte_post_lookup (struct inode *ino, struct dentry *d) {
+	dte_real_postlookup(ino, d, 0);
+}
+
+int dte_inode_alloc_security	(struct inode *inode)
+{
+	struct dte_inode_sec *s;
+	
+	s = inode->i_security = kmalloc(sizeof(struct dte_inode_sec), GFP_KERNEL);
+	if (!s)
+		panic("Out of memory, kmalloc failed.\n");
+	s->map = NULL;
+	s->etype = s->utype = NULL;
+	s->initialized = 0;
+	sema_init(&s->s_sem, 1);
+
+	return 0;
+}
+
+void dte_inode_free_security	(struct inode *inode)
+{
+	if (inode->i_security)
+		kfree(inode->i_security);
+	inode->i_security = NULL;
+}
+
+/*
+ * we'll optimize this later
+ */
+inline int find_type_conv(char **conv_array, int array_size, char *type)
+{
+	int i;
+
+	for (i=0; i<array_size; i++) {
+		if (strcmp(conv_array[i], type)==0)
+			return i;
+	}
+
+	printk(KERN_ERR "dte: type not listed in superblock ea type list: %s.\n", type);
+	printk(KERN_ERR "dte: returning type 0, which is %s.\n", conv_array[0]);
+	return 0;
+}
+
+static void dte_inode_real_post_create (struct inode *inode, struct dentry *dentry)
+{
+	long long offset;
+	unsigned char buf[2];
+	int et, ret;
+	mm_segment_t old_fs;
+	unsigned short *usp;
+	struct dte_inode_sec *isec;
+	struct dte_sb_sec *sb_sec;
+
+	if (!dte_initialized)
+		return;
+	dte_real_postlookup(inode, dentry, 1);
+
+	sb_sec = (struct dte_sb_sec *)dentry->d_sb->s_security;
+
+	if (sb_sec->fp_ready) {
+		/* write ea */
+		isec = (struct dte_inode_sec *)dentry->d_inode->i_security;
+		et = find_type_conv(sb_sec->type_conv, sb_sec->ntypes, isec->etype);
+
+		if (sb_sec->ntypes<128) {
+			buf[0] = (unsigned char) et;
+			offset = sb_sec->offset+dentry->d_inode->i_ino;
+			old_fs = get_fs();
+			set_fs(KERNEL_DS);
+			ret = sb_sec->fp->f_op->write(sb_sec->fp, buf, 1, &offset);
+			set_fs(old_fs);
+			if (ret<0)
+				printk(KERN_NOTICE "dte_post_lookup: write(1) returned %d.\n", ret);
+		} else {
+			usp = (unsigned short *) buf;
+			*usp = (unsigned short) et;
+			offset = sb_sec->offset+2*dentry->d_inode->i_ino;
+			old_fs = get_fs();
+			set_fs(KERNEL_DS);
+			ret = sb_sec->fp->f_op->write(sb_sec->fp, buf, 2, &offset);
+			set_fs(old_fs);
+			if (ret<0)
+				printk(KERN_NOTICE "dte_post_lookup: write(2) returned %d.\n", ret);
+		}
+	}
+}
+
+void dte_inode_post_create (struct inode *inode, struct dentry *dentry, int mask)
+{
+	dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+				  int major, dev_t minor)
+{
+	dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_symlink (struct inode *inode, struct dentry *dentry,
+				    const char *name)
+{
+	dte_inode_real_post_create(inode, dentry);
+}
+
+void dte_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+				  int mask)
+{
+	dte_inode_real_post_create(inode, dentry);
+}
+
+#ifdef CONFIG_DTE_VERBOSE
+#define DENY_ACCESS(str) { \
+	printk(KERN_NOTICE "denied: %s to %s as %s\n", ts->dte_domain->name, \
+			s->etype, str); \
+	return -EACCES;}
+#else
+#define DENY_ACCESS(str) {return -EACCES;}
+#endif
+
+#define BITCH_ACCESS(str) { \
+	printk(KERN_NOTICE "Would be denied: %s to %s as %s\n", ts->dte_domain->name, \
+			s->etype, str); \
+	return 0;}
+
+static inline int dte_bitch_inode_permission (struct inode *inode, int mask)
+{
+	struct dte_inode_sec *s = inode->i_security;
+	struct dte_task_sec *ts = current->security;
+	struct dte_domain_t *d;
+	struct dte_ta *ta;
+	int h;
+
+	if (!dte_initialized) return 0;  /* only during setup, particularly 
+							dte.conf and dteeaf */
+	if (!s || !s->etype) {
+		printk(KERN_NOTICE "dte_inode_permission: inode has no i_security or et.\n");
+		return 0;
+	}
+	if (!ts) {
+		printk(KERN_NOTICE "dte_inode_permission: task has no task_security.\n");
+		return 0;
+	}
+	d = ts->dte_domain;
+	if (!d) {
+		printk(KERN_NOTICE "dte_inode_permission: task has no dte_domain.\n");
+		return 0;
+	}
+	h = dte_hash(s->etype, ts->dte_domain->num_ta);
+	ta = &d->ta[h];
+	while (ta && ta->type != s->etype)
+		ta = ta->hash_next;
+	if (!ta) {
+		printk(KERN_NOTICE "dte_inode_permission: can't find type access.  Would deny!\n");
+		return 0;
+	}
+	if (S_ISDIR(inode->i_mode)) {
+		if ((mask&MAY_EXEC) && !(dte_descend_access(ta->access)))
+			BITCH_ACCESS("dir x");
+		if ((mask&MAY_WRITE) && !(dte_create_access(ta->access)))
+			BITCH_ACCESS("dir w");
+		if ((mask&MAY_READ) && !(dte_readdir_access(ta->access)))
+			BITCH_ACCESS("dir r");
+	} else {
+		if ((mask&MAY_WRITE) && !(dte_fw_access(ta->access)))
+			BITCH_ACCESS("file w");
+		if ((mask&MAY_READ) && !(dte_fr_access(ta->access)))
+			BITCH_ACCESS("file r");
+	}
+	return 0;
+}
+
+static inline int dte_real_inode_permission(struct inode *inode, int mask)
+{
+	struct dte_inode_sec *s = inode->i_security;
+	struct dte_task_sec *ts = current->security;
+	struct dte_domain_t *d;
+	struct dte_ta *ta;
+	int h;
+
+	if (!dte_initialized) return 0;  /* only during setup, particularly 
+							dte.conf and dteeaf */
+	if (!s || !s->etype) {
+		return 0;
+	}
+	if (!ts) {
+		printk(KERN_NOTICE "dte_inode_permission: task has no task_security.\n");
+		return 0;
+	}
+	d = ts->dte_domain;
+	if (!d) {
+		printk(KERN_NOTICE "dte_inode_permission: task has no dte_domain.\n");
+		return 0;
+	}
+	h = dte_hash(s->etype, ts->dte_domain->num_ta);
+	ta = &d->ta[h];
+	while (ta && ta->type != s->etype)
+		ta = ta->hash_next;
+	if (!ta) {
+		return -EACCES;
+	}
+	if (S_ISDIR(inode->i_mode)) {
+		if ((mask&MAY_EXEC) && !(dte_descend_access(ta->access)))
+			DENY_ACCESS("dir x");
+		if ((mask&MAY_WRITE) && !(dte_create_access(ta->access)))
+			DENY_ACCESS("dir w");
+		if ((mask&MAY_READ) && !(dte_readdir_access(ta->access)))
+			DENY_ACCESS("dir r");
+	} else {
+		if ((mask&MAY_WRITE) && !(dte_fw_access(ta->access)))
+			DENY_ACCESS("file w");
+		if ((mask&MAY_READ) && !(dte_fr_access(ta->access)))
+			DENY_ACCESS("file r");
+	}
+	return 0;
+}
+
+int dte_inode_permission (struct inode *inode, int mask)
+{
+	if (dte_bitchmode)
+		return dte_bitch_inode_permission(inode, mask);
+	else
+		return dte_real_inode_permission(inode, mask);
+}
diff --minimal -Nru a/security/dte/module.c b/security/dte/module.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/module.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,162 @@
+/*
+ * security/dte/module.c
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern struct dte_map_node   *dte_root_mapnode;
+extern struct dte_domain_t *default_domain;
+
+/* a version of walk_dcache_tree which also crosses mounts */
+/* it's called only at dte init, so it also sets up the superblocks */
+void dte_walk_dcache_tree_full(struct vfsmount *pmnt, struct dentry *parent)
+{
+	struct dentry *this_parent = parent;
+	struct vfsmount *mnt;
+	struct list_head *next;
+	mm_segment_t old_fs;
+
+	/*
+	 * check for external attributes file
+	 * handle the 'true parent' hookups
+	 */
+	printk(KERN_NOTICE "dte_walk_dcache_tree_full: called on %s.\n",
+			pmnt->mnt_devname);
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	dte_setup_eafile(pmnt->mnt_sb, pmnt);
+	set_fs(old_fs);
+	hierarchical_setup(pmnt);
+	printk(KERN_NOTICE "dte_walk_dcache_tree_full: did setup on %s.\n",
+			pmnt->mnt_devname);
+
+repeat:
+	next = this_parent->d_subdirs.next;
+resume:
+	while (next != &this_parent->d_subdirs) {
+		struct list_head *tmp = next;
+		struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
+		next = tmp->next;
+
+		if (dentry->d_inode) {
+#ifdef CONFIG_DTE_DEBUG
+			printk(KERN_NOTICE "dte_walk_dcache_tree_full: allocing sec on %s.\n",
+					dentry->d_iname);
+#endif
+			dte_inode_alloc_security(dentry->d_inode);
+#ifdef CONFIG_DTE_DEBUG
+			printk(KERN_NOTICE "dte_walk_dcache_tree_full: starting lookup on %s.\n",
+					dentry->d_iname);
+#endif
+			dte_post_lookup(this_parent->d_inode, dentry);
+#ifdef CONFIG_DTE_DEBUG
+			printk(KERN_NOTICE "dte_walk_dcache_tree_full: finished lookup on %s.\n",
+					dentry->d_iname);
+#endif
+		}
+		if (dentry->d_mounted) {
+			mnt = lookup_mnt(pmnt, dentry);
+			/* if it's a bind or we've already assigned this fs, skip */
+			if (mnt && !mnt->mnt_root->d_inode->i_security &&
+					mnt->mnt_root == mnt->mnt_sb->s_root) {
+				printk(KERN_NOTICE "dte_walk_dcache_tree_full: setting root for %s.\n",
+						mnt->mnt_devname);
+				dte_copy_ino_sec(dentry->d_inode, mnt->mnt_root->d_inode);
+				printk(KERN_NOTICE "dte_walk_dcache_tree_full: descending to %s.\n",
+						mnt->mnt_devname);
+				dte_walk_dcache_tree_full(mnt, mnt->mnt_root);
+			} else if (mnt) {
+				printk(KERN_NOTICE "walk_dcache_tree_full: not descending %s.\n",
+						mnt->mnt_devname);
+				if (mnt->mnt_root->d_inode->i_security) {
+					printk(KERN_NOTICE "walk_dcache_tree_full: i_sec set for %s.\n",
+							mnt->mnt_devname);
+				}
+				if (mnt->mnt_root != mnt->mnt_sb->s_root) {
+					printk(KERN_NOTICE "walk_dcache_tree_full: s_root!=mnt_root,%s.\n",
+							mnt->mnt_devname);
+				}
+			} else {
+				printk(KERN_NOTICE "walk_dcache_tree_full: no mnt under %s,%s.\n",
+						pmnt->mnt_devname, dentry->d_iname);
+			}
+		}
+		if (!list_empty(&dentry->d_subdirs)) {
+			this_parent = dentry;
+			goto repeat;
+		}
+	}
+	/*
+	 * All done at this level ... ascend and resume the search.
+	 */
+	if (this_parent != parent) {
+		next = this_parent->d_child.next;
+		this_parent = this_parent->d_parent;
+		goto resume;
+	}
+/*	spin_unlock(&dcache_lock);*/
+}
+
+void setup_dte_module(void)
+{
+	struct vfsmount *root_mnt;
+	struct super_block *root_sb;
+	struct dte_sb_sec *root_sbsec;
+	struct task_struct *taskp;
+	struct dte_task_sec *task_sec;
+	struct dte_inode_sec *root_ino_sec;
+
+	read_dte_config();
+
+	dte_setup_gateways();
+	if (dte_c_maptohash(dte_root_mapnode)!=1) {
+		printk(KERN_EMERG "Uh-oh : Trouble hashing mapnodes.\n");
+	}
+
+	/*
+	* Might want to work on making the next step more intelligent:  Try to
+	* assign the *appropriate* domains?
+	*/
+	lock_kernel();
+	for_each_task(taskp) {
+		taskp->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+		task_sec = (struct dte_task_sec *)taskp->security;
+		task_sec->dte_domain = default_domain;
+		task_sec->dte_back   = NULL;
+	}
+
+	root_mnt = current->fs->rootmnt;
+	root_sb = root_mnt->mnt_sb;
+	dte_sb_alloc_security(root_sb);
+	root_sbsec = (struct dte_sb_sec *)root_sb->s_security;
+
+	dte_inode_alloc_security(root_mnt->mnt_root->d_inode);
+	root_ino_sec = (struct dte_inode_sec *)
+		root_mnt->mnt_root->d_inode->i_security;
+	root_ino_sec->map = dte_root_mapnode;
+	root_ino_sec->etype = dte_root_mapnode->etype;
+	root_ino_sec->utype = dte_root_mapnode->utype;
+
+	dte_initialized = 1;
+	dte_walk_dcache_tree_full(root_mnt, root_sb->s_root);
+	unlock_kernel();
+}
+
diff --minimal -Nru a/security/dte/mount.c b/security/dte/mount.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/mount.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,501 @@
+/*
+ * security/dte/mount.c
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int num_dte_mount_r;
+extern struct dte_mntr **dte_mount_r;
+extern struct dte_map_node   *dte_root_mapnode;
+extern int dte_bitchmode;
+extern struct dte_domain_t *dte_init_domain;
+
+static int xtoi(char *c)
+{
+	int ret = 0;
+
+	while (*c==' ') c++;
+
+	while (*c!='\n' && *c!='\0' && *c!=' ') {
+		ret *= 16;
+		switch(*c) {
+			case 'a':
+			case 'A': ret += 10; break;
+			case 'b':
+			case 'B': ret += 11; break;
+			case 'c':
+			case 'C': ret += 12; break;
+			case 'd':
+			case 'D': ret += 13; break;
+			case 'e':
+			case 'E': ret += 14; break;
+			case 'f':
+			case 'F': ret += 15; break;
+			default: ret += ((*c)-'0');
+		}
+		c++;
+	}
+	return ret;
+}
+
+/* allocate and free the super-block's DTE security blob */
+int dte_sb_alloc_security (struct super_block *sb)
+{
+	struct dte_sb_sec *sb_sec;
+
+	/* temp test */
+	printk(KERN_NOTICE "dte_sb_alloc_security: called on (%3d,%3d).\n",
+			major(sb->s_dev), minor(sb->s_dev));
+	if (sb->s_security)
+		panic("dte_sb_alloc_security: already alloc'ed!\n");
+	/* end temp test */
+	sb_sec = sb->s_security = kmalloc(sizeof(struct dte_sb_sec), GFP_KERNEL);
+	if (!sb_sec) {
+		panic("dte_sb_alloc_security: out of memory.");
+	}
+	memset(sb_sec,0,sizeof(struct dte_sb_sec));
+	sb_sec->fp = kmalloc(sizeof(struct file), GFP_KERNEL);
+	sema_init(&sb_sec->s_sem, 1);
+	return 0;
+}
+
+void dte_sb_free_security (struct super_block *sb)
+{
+	struct dte_sb_sec *sb_sec;
+
+	printk(KERN_NOTICE "dte_sb_free_security: starting (%3d,%3d).\n",
+			major(sb->s_dev), minor(sb->s_dev));
+	sb_sec = (struct dte_sb_sec *)sb->s_security;
+	sb_sec->initialized=0;
+	kfree(sb_sec->type_conv);
+	kfree(sb_sec);
+	sb->s_security = NULL;
+	printk(KERN_NOTICE "dte_sb_free_security: done (%3d,%3d).\n",
+			major(sb->s_dev), minor(sb->s_dev));
+}
+
+/*
+ * Look for the ea file
+ * It will be in the root directory, named 'dteeaf'
+ *
+ * Note: mnt is null only when called from post_mountroot, in which case
+ * sb->s_root is in fact root, and there's no fallback for deftype other
+ * than the default utype (no parent inode)
+ */
+void dte_setup_eafile(struct super_block *sb, struct vfsmount *mnt)
+{
+	char *devname;
+	struct dentry *dentry;
+	char buf[1024], *bufp, *bufp2;
+	struct dte_sb_sec *sb_sec;
+	struct dte_inode_sec *p;
+	long long offset;
+	int i, err;
+	struct file *fp;
+
+	if (!dte_initialized)
+		return;
+
+	sb_sec = sb->s_security;
+	if (!sb_sec) {
+		printk(KERN_ERR "dte_setup_eafile: no s_security on the superblock! (%3d/%3d)\n",
+				major(sb->s_dev), minor(sb->s_dev));
+		dte_sb_alloc_security(sb);
+		sb_sec = (struct dte_sb_sec *)sb->s_security;
+	}
+	if (sb_sec->initialized)
+		return;
+
+	if (mnt) {
+		p = (struct dte_inode_sec *)
+			mnt->mnt_mountpoint->d_inode->i_security;
+		devname = mnt->mnt_devname;
+		dentry = lookup_one_len("dteeaf", mnt->mnt_root, 6);
+		err = PTR_ERR(dentry);
+		if (IS_ERR(dentry) || !dentry->d_inode) {
+			printk(KERN_NOTICE "dte_setup_eafile: error opening ea file for %s, %d.\n",
+					devname, err);
+			return;
+		}
+	} else {
+		devname = "/dev/root";
+		dentry = lookup_one_len("dteeaf", sb->s_root, 6);
+		err = PTR_ERR(dentry);
+		if (IS_ERR(dentry) || !dentry->d_inode) {
+			printk(KERN_NOTICE "dte_setup_eafile: error opening ea file for %s, %d.\n",
+					devname, err);
+			return;
+		}
+	}
+
+	err = init_private_file(sb_sec->fp, dentry, FMODE_READ|FMODE_WRITE);
+	fp = sb_sec->fp;
+	fp->f_flags = O_RDWR | O_SYNC;
+	if (err)
+	{
+		printk(KERN_NOTICE "dte_setup_eafile: no dte ea file for %s, %d.\n",
+				devname, err);
+	} else if (!fp->f_op || !fp->f_op->read || !fp->f_op->write) {
+		printk(KERN_NOTICE "dte_setup_eafile: no rw support for %s's ea file.\n",
+				devname);
+		dput(fp->f_dentry);
+	} else {
+		/* read type table from the ea file */
+		offset = 0;
+		fp->f_op->read(fp, buf, 1024, &offset);
+		sb_sec->ntypes = xtoi(buf);
+		printk(KERN_NOTICE "dte_setup_eafile: there were %d types, buf %4s.\n",
+				sb_sec->ntypes, buf);
+		sb_sec->type_conv = kmalloc(sb_sec->ntypes*sizeof(char *), GFP_KERNEL);
+		memset(sb_sec->type_conv, 0, sb_sec->ntypes*sizeof(char *));
+		bufp2 = bufp = buf+4;
+		for (i=0; i<sb_sec->ntypes; i++) {
+			while (*bufp2!='\n') bufp2++;
+			sb_sec->type_conv[i] = dte_get_type(bufp, bufp2);
+			if (!sb_sec->type_conv[i]) {
+				*bufp2 = '\0';
+				panic("dev %s: can't find type number %d, %s.\n",
+						devname, i, bufp);
+			}
+			bufp = ++bufp2;
+		}
+		sb_sec->offset = bufp2-buf;
+		sb_sec->initialized = 1;
+		sb_sec->fp_ready = 1;
+	}
+	printk(KERN_NOTICE "dte_setup_eafile: done\n");
+}
+
+/*
+ * hierarchical_setup: hook up the superblock->true_parents.
+ * called from dte_post_addmount, dte_post_mountroot, and
+ * 		dte_walk_dcache_tree_full.
+ * only wants to run on first mount of a device.
+ */
+void hierarchical_setup(struct vfsmount *mnt)
+{
+	struct dte_mntr *r;
+	struct nameidata nd2;
+	char path[500], devp[500];
+	long retval=0;
+	struct super_block *sb = mnt->mnt_sb;
+	struct dte_sb_sec *sb_sec;
+
+	if (!dte_initialized)
+		return;
+	sb_sec = (struct dte_sb_sec *)sb->s_security;
+	if (atomic_read(&sb->s_active)>1 && sb_sec && sb_sec->mnt_parent)
+		return;
+
+	if (!sb_sec) {
+		printk(KERN_ERR "hierarch_setup: no s_security on the superblock! (%3d/%3d)\n",
+				major(sb->s_dev), minor(sb->s_dev));
+		dte_sb_alloc_security(sb);
+		sb_sec = (struct dte_sb_sec *)sb->s_security;
+	}
+	/* here's one of the saddest parts about doing this with lsm:
+	 * I have to find the mntr a second time
+	 */
+	if (num_dte_mount_r) {
+		sprintf(devp,"%3d,%3d",major(sb->s_dev),minor(sb->s_dev));
+		/*
+		* now look for a restriction on this device ...
+		*/
+		r = dte_mount_r[dte_hash(devp,num_dte_mount_r)];
+		while (r && strcmp(devp,r->summ))
+			r = r->hash_next;
+	} else {
+		/* no pretends, use the given parents */
+		sb_sec->mnt_parent = mntget(mnt->mnt_parent);
+		sb_sec->mountpoint = dget(mnt->mnt_mountpoint);
+		return;
+	}
+
+	if (r && r->how=='p') {
+		/*
+		* got a pretend mount to hook up
+		*/
+		/* make sure we check against the real pathname, no bind trickery */
+		printk(KERN_NOTICE "hooking up pretend for %s.\n",devp);
+		if (path_init(r->path,
+					LOOKUP_FOLLOW|LOOKUP_POSITIVE|LOOKUP_DIRECTORY, &nd2))
+			retval = path_walk(r->path, &nd2);
+		if (retval) {
+			printk(KERN_NOTICE "dte_mount: path pretend %s does not exist!\n",
+					r->path);
+			/* so use the given parents */
+			sb_sec->mnt_parent = mntget(mnt->mnt_parent);
+			sb_sec->mountpoint = dget(mnt->mnt_mountpoint);
+		} else {
+			/* debug */
+			dte_d_path(nd2.dentry,nd2.mnt,path,500);
+			printk(KERN_NOTICE "dte_mount: mounting %s at %s.\n",devp,path);
+			/* /debug */
+			sb_sec->mnt_parent = mntget(nd2.mnt);
+			sb_sec->mountpoint = dget(nd2.dentry);
+			path_release(&nd2);
+		}
+	}
+}
+
+static void dte_walk_dcache_tree(struct dentry *parent)
+{
+	struct dentry *this_parent = parent;
+	struct list_head *next;
+
+repeat:
+	next = this_parent->d_subdirs.next;
+resume:
+	while (next != &this_parent->d_subdirs) {
+		struct list_head *tmp = next;
+		struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
+		next = tmp->next;
+
+		if (dentry->d_inode) {
+			dte_inode_alloc_security(dentry->d_inode);
+			dte_post_lookup(this_parent->d_inode, dentry);
+		}
+		if (!list_empty(&dentry->d_subdirs)) {
+			this_parent = dentry;
+			goto repeat;
+		}
+	}
+	/*
+	 * All done at this level ... ascend and resume the search.
+	 */
+	if (this_parent != parent) {
+		next = this_parent->d_child.next;
+		this_parent = this_parent->d_parent;
+		goto resume;
+	}
+}
+
+void dte_post_mountroot (void)
+{
+	struct super_block *sb;
+	struct dte_inode_sec *s;
+	struct dte_task_sec *task_sec;
+	struct task_struct *p;
+	mm_segment_t old_fs;
+
+	read_dte_config();
+	if (!current->fs || !current->fs->rootmnt || !current->fs->rootmnt->mnt_sb) {
+		printk(KERN_NOTICE "dte_post_mountroot: no sb\n");
+		return;
+	}
+	sb = current->fs->rootmnt->mnt_sb;
+	if (!sb->s_root || !sb->s_root->d_inode) {
+		printk(KERN_NOTICE "dte_post_mountroot: dammit, no root d or inode.\n");
+		return;
+	}
+	s = sb->s_root->d_inode->i_security;
+	s->map = dte_root_mapnode;
+	s->etype = dte_root_mapnode->etype;
+	s->utype = dte_root_mapnode->utype;
+
+	if (dte_c_maptohash(dte_root_mapnode)!=1) {
+		printk(KERN_EMERG "Uh-oh : Trouble hashing mapnodes.\n");
+	}
+
+	dte_walk_dcache_tree(sb->s_root);
+
+	/*
+	 * assign default label to running processes, of which there should
+	 * be two : idle task and init
+	 */
+	for_each_task(p) {
+		p->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+		task_sec = (struct dte_task_sec *)p->security;
+		task_sec->dte_domain = dte_init_domain;
+		task_sec->dte_back   = NULL;
+	}
+
+	/* setup gateways (for auto switches) from entry point data */
+	dte_setup_gateways();
+
+	if (!dte_root_mapnode || !dte_root_mapnode->etype ||
+			!dte_root_mapnode->utype)
+		panic("Whoa: DTE: no root etype/utype set.  Stopping.\n");
+
+#ifdef CONFIG_DTE_VERBOSE
+	show_dte();
+#endif
+
+	printk(KERN_NOTICE "dte_post_mountroot: almost finished.\n");
+	dte_initialized = 1;
+	/* external attribute file setup */
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	dte_setup_eafile(sb, NULL);
+	set_fs(old_fs);
+	/* hierarchical type assignment setup */
+	hierarchical_setup(current->fs->rootmnt);
+	printk(KERN_NOTICE "dte_post_mountroot: finished.\n");
+}
+
+void dte_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+	struct dte_inode_sec *p;
+	struct dentry *mntroot = mnt->mnt_root;
+	mm_segment_t old_fs;
+
+	if (!dte_initialized)
+		return ;
+
+	printk(KERN_NOTICE "dte_post_addmount: Called on %s.\n",
+			mnt->mnt_devname);
+	if (!mnt->mnt_root) {
+		printk(KERN_NOTICE "dte_post_addmount: no root dentry for dev %s.\n",
+				mnt->mnt_devname);
+		return;
+	}
+
+	/*
+	 * check for external attributes file
+	 */
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	dte_setup_eafile(mnt->mnt_sb, mnt);
+	set_fs(old_fs);
+
+	/*
+	 * handle the 'true parent' hookups
+	 */
+	hierarchical_setup(mnt);
+
+	/*
+	 * lots of oops checks, but mainly just set the security and type info
+	 * on the root inode
+	 */
+	if (!mntroot->d_inode) {
+		printk(KERN_NOTICE "dte_post_addmount: no inode for root dentry for %s.\n",
+				mnt->mnt_devname);
+		return;
+	}
+	p = (struct dte_inode_sec *)mntroot->d_inode->i_security;
+	if (!p) {
+		/* this would only happen if dte was not yet initialized when
+		 * the fs was first loaded */
+		printk(KERN_NOTICE
+				"dte_post_addmount: root dentry+inode, but no i_sec for %s.\n",
+				mnt->mnt_devname);
+		printk(KERN_NOTICE
+				"dte_post_addmount: this is for inode %lu, dentry %s.\n",
+				mntroot->d_inode->i_ino, mntroot->d_name.name);
+		dte_copy_ino_sec(nd->dentry->d_inode, mntroot->d_inode);
+		dte_walk_dcache_tree(mntroot);
+		return;
+	}
+
+	if (p->etype)
+		return;
+	dte_copy_ino_sec(nd->dentry->d_inode, mntroot->d_inode);
+}
+
+int dte_mount (char * dev_name, struct nameidata *nd, char * type,
+			unsigned long flags, void * data)
+{
+	return 0;
+}
+
+int dte_umount (struct vfsmount *mnt, int flags)
+{
+	struct super_block *sb = mnt->mnt_sb;
+	struct dte_sb_sec *sb_sec = sb->s_security;
+
+	printk(KERN_NOTICE "dte_umount: cleaning up ea fp and parents for %s (0).\n",
+			mnt->mnt_devname);
+	down(&sb_sec->s_sem);
+	if (atomic_read(&sb->s_active) != 1) {
+		up(&sb_sec->s_sem);
+		return 0;
+	}
+	if (!sb_sec) {
+		up(&sb_sec->s_sem);
+		return 0;
+	}
+	if (!sb_sec->mountpoint) {
+		up(&sb_sec->s_sem);
+		return 0;
+	}
+
+	printk(KERN_NOTICE "dte_umount: cleaning up ea fp and parents for %s (1).\n",
+			mnt->mnt_devname);
+	if (sb_sec->fp_ready) {
+		printk(KERN_NOTICE "dte_umount: dput'ing eafp.\n");
+		dput(sb_sec->fp->f_dentry);
+		sb_sec->fp_ready = 0;
+		printk(KERN_NOTICE "dte_umount: dput'ed eafp.\n");
+	}
+	if (sb_sec->fp) {
+		kfree(sb_sec->fp);
+		sb_sec->fp = NULL;
+	}
+	dput(sb_sec->mountpoint);
+	mntput(sb_sec->mnt_parent);
+	sb_sec->mountpoint = NULL;
+	sb_sec->mnt_parent = NULL;
+	printk(KERN_NOTICE "dte_umount: done with %s (2).\n",
+			mnt->mnt_devname);
+	up(&sb_sec->s_sem);
+	return 0;
+}
+
+int dte_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	struct super_block *sb = mnt->mnt_sb;
+	struct dte_mntr *r;
+	char path[500];
+	char devp[500];
+	int retval;
+
+#ifdef CONFIG_DTE_VERBOSE
+	printk(KERN_NOTICE "dte_check_sb: called (%3d,%3d).\n",
+		major(sb->s_dev),minor(sb->s_dev));
+#endif
+
+	if (dte_initialized && num_dte_mount_r) {
+		retval = -EPERM;
+
+		sprintf(devp,"%3d,%3d",major(sb->s_dev),minor(sb->s_dev));
+
+		/*
+		* now look for a restriction on this device ...
+		*/
+		r = dte_mount_r[dte_hash(devp,num_dte_mount_r)];
+		while (r && strcmp(devp,r->summ) && r->hash_next)
+			r = r->hash_next;
+		if (r && strcmp(devp, r->summ)==0) {
+			dte_d_path(nd->dentry, nd->mnt, path, 500);
+			if (r->how=='r' && strcmp(r->path, path)) {
+				printk(KERN_NOTICE "dte_check_sb: dte forbids mounting %s except at %s.\n",
+						r->summ, r->path);
+/*				up(&nd.dentry->d_inode->i_zombie);*/
+				if (dte_bitchmode) {
+					printk(KERN_NOTICE "dte_check_sb: would deny.\n");
+					return 0;
+				}
+				return retval;
+			}
+		}
+	}
+	return 0;
+}
diff --minimal -Nru a/security/dte/path.c b/security/dte/path.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/path.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,277 @@
+/*
+ * security/dte/path.c
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+struct dte_map_node   *dte_root_mapnode;
+int num_dte_map_nodes;
+extern kmem_cache_t *dte_map_cache;   /* dte_map_node cache */
+
+/*
+* dte_d_path:
+* This version of __d_path follows the dte rules for deciding a
+* pathname.  It always uses the real root, and (when implemented, will)
+* follows the pretend mounts.
+ */
+char * dte_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
+		char *buffer, int buflen)
+{
+	char * end = buffer+buflen;
+	char * retval;
+	int namelen;
+	struct dte_sb_sec *sb_sec;
+
+	*--end = '\0';
+	buflen--;
+	if (!IS_ROOT(dentry) && list_empty(&dentry->d_hash)) {
+		buflen -= 10;
+		end -= 10;
+		memcpy(end, " (deleted)", 10);
+	}
+
+	/* Get '/' right */
+	retval = end-1;
+	*retval = '/';
+
+	if (!dentry)
+		panic("dentry is NULL.\n");
+	if (!vfsmnt)
+		panic("vfsmnt is NULL.\n");
+
+	for (;;) {
+		struct dentry * parent;
+
+		if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
+			/* Global root? */
+			if (vfsmnt->mnt_parent == vfsmnt)
+				goto global_root;
+
+			sb_sec = (struct dte_sb_sec *)vfsmnt->mnt_sb->s_security;
+			if (!sb_sec) {
+				printk(KERN_ERR "at %s(maj %d/min %d): superblock has no dte_sec.\n",
+						dentry->d_iname, major(vfsmnt->mnt_sb->s_dev),
+						minor(vfsmnt->mnt_sb->s_dev));
+				dentry = vfsmnt->mnt_mountpoint;
+				vfsmnt = vfsmnt->mnt_parent;
+			} else {
+				dentry = sb_sec->mountpoint;
+				vfsmnt = sb_sec->mnt_parent;
+			}
+			continue;
+		}
+		parent = dentry->d_parent;
+		namelen = dentry->d_name.len;
+		buflen -= namelen + 1;
+		if (buflen < 0)
+			break;
+		end -= namelen;
+		memcpy(end, dentry->d_name.name, namelen);
+		*--end = '/';
+		retval = end;
+		dentry = parent;
+	}
+global_root:
+	namelen = dentry->d_name.len;
+	buflen -= namelen;
+	if (buflen >= 0) {
+		retval -= namelen-1;    /* hit the slash */
+		memcpy(retval, dentry->d_name.name, namelen);
+	}
+	return retval;
+}
+
+#define map_strcmp(node, str, inlen) \
+	(strncmp(node->name, str, inlen)!=0 || inlen!=node->namelen)
+
+/*
+ * called in read_policy.c:read_ta()
+ */
+struct dte_map_node *dte_find_map_node_create(char *path)
+{
+	int done, len;
+	char *ptr, *ptre;  /* string pointer, end of string pointer */
+	struct dte_map_node *c, *p;  /* child, parent map nodes */
+	struct dte_map_node *tn, *tp; /* temp map node, and its hashprev */
+	char *str;
+
+	ptre=path;
+	/* we insist on having full pathnames! */
+	if (*ptre!='/') {
+		panic("dte_find_map_node - sent pathname w/out leading /");
+	}
+
+	if (!num_dte_map_nodes)
+		panic("dte_find_map_node_create: root map node not yet created!\n");
+
+	done = 0;
+	p    = dte_root_mapnode;
+	while (!done) {
+		ptr = ++ptre;
+		while (*ptre!='/' && *ptre!='\0') ptre++;
+		if (*ptre=='\0') done=1;
+		len = ptre-ptr;
+		if (len<=1) continue;
+		if (!p->num_kids) {
+			p->kids = kmalloc(sizeof(struct dte_map_node **),GFP_KERNEL);
+			if (!p->kids) {
+				printk(KERN_NOTICE "dte-map-create: out of memory.\n");
+				return 0;
+			}
+			p->kids[0] = NULL;
+		}
+		tn = tp = p->kids[0];
+		if (!tn) {
+			/* The parent map node has no children yet */
+			c = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+			if (!c)
+				panic("dte_find_map_node_create: out of memory.\n");
+			p->kids[0] = c;
+			p->num_kids = 1;
+			c->etype = c->utype = NULL;
+			c->hash_next = NULL;
+			c->kids = NULL;
+			c->num_kids = 0;
+			str = kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+			if (!str)
+				panic("dte_find_map_node_create: out of memory.\n");
+			memcpy(str,ptr,len);
+			str[len]=0;
+			c->name = str;
+			c->namelen  = len;
+			p = c;
+			continue;
+		}
+		while (tn) {
+			if (map_strcmp(tn,ptr,len)==0) {
+				/* this map node exists */
+				p = tn;
+				break;
+			}
+			tp = tn;
+			tn = tn->hash_next;
+		}
+		if (tn)
+			/* this piece existed and we've set the parentmap (p) */
+			continue;
+		/* this piece does not exist in the map node tree yet. */
+		tp->hash_next = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+		tp = tp->hash_next;
+		if (!tp) {
+			printk(KERN_NOTICE "dte_find_map_node_create: out of memory.\n");
+			return 0;
+		}
+		tp->etype = tp->utype = NULL;
+		tp->hash_next = NULL;
+		tp->kids = NULL;
+		tp->num_kids = 0;
+		str = (char *) kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+		if (!str) {
+			printk(KERN_NOTICE "dte_find_map_node_create: out of memory.\n");
+			return NULL;
+		}
+		memcpy(str,ptr,len);
+		str[len]=0;
+		tp->name = str;
+		tp->namelen  = len;
+		/* can't yet create accurate hash: don't know num_kids for sure */
+		p->num_kids++;
+		p = tp;
+	}
+	return p;
+}
+
+/* convert the map_node tree to a hash table.  We keep the siblings
+ * as a linked list while reading it in
+ *
+ * this requires at dte_read_policy:
+ * mapnode->hash_next = NULL;
+ */
+int dte_c_maptohash(struct dte_map_node *p)
+{
+	struct dte_map_node *tmp;
+	struct dte_map_node **tmparray;
+	int i, lo;
+	unsigned int h;
+
+	if (!p->num_kids) return 0;
+
+	/* first realloc the parent's child array from 1 to num_kids */
+	tmparray = kmalloc((p->num_kids*sizeof(struct dte_map_node *)),
+			GFP_KERNEL);
+	if (!tmparray) {
+		printk(KERN_NOTICE "dte_c_maptohash: out of mem.\n");
+		return -ENOMEM;
+	}
+	tmparray[0] = p->kids[0];
+	kfree(p->kids);
+	tmp = tmparray[0];
+	for (i=1; i<p->num_kids; i++) {
+		tmp = tmp->hash_next;
+		tmparray[i] = tmp;
+	}
+
+	p->kids = kmalloc((p->num_kids*sizeof(struct dte_map_node *)),
+			GFP_KERNEL);
+	if (!p->kids) {
+		printk(KERN_NOTICE "dte_c_maptohash: out of mem.\n");
+		return -ENOMEM;
+	}
+	memset(p->kids,0,p->num_kids*sizeof(struct dte_map_node *));
+
+	lo = 0;
+	for (i=0; i<p->num_kids; i++) {
+		h = dte_hash(tmparray[i]->name,p->num_kids);
+		tmp = p->kids[h];
+		while (tmp && tmp->hash_next)
+			tmp = tmp->hash_next;
+		if (tmp) {
+			while (p->kids[lo])
+				lo++;
+			p->kids[lo] = tmparray[i];
+			tmp->hash_next = tmparray[i];
+			tmp->hash_next->hash_next = NULL;
+			lo++;
+		} else {
+			p->kids[h] = tmparray[i];
+			p->kids[h]->hash_next = NULL;
+		}
+	}
+	kfree(tmparray);
+
+	for (i=0; i<p->num_kids; i++)
+		dte_c_maptohash(p->kids[i]);
+
+	return 1;
+}
+
+struct dte_map_node *mapnode_getkid(struct dte_map_node *m,
+			const unsigned char *name)
+{
+	struct dte_map_node *tmp;
+	unsigned int h;
+
+	h = dte_hash(name, m->num_kids);
+	tmp = m->kids[h];
+	while (tmp && strcmp(name, tmp->name)!=0)
+		tmp = tmp->hash_next;
+
+	return tmp;
+}
diff --minimal -Nru a/security/dte/read_policy.c b/security/dte/read_policy.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/read_policy.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1448 @@
+/*
+ * security/dte/read_policy.c
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+/*
+ * CONFIG_DTE_VERBOSE:  prints some helpful info, ie when access is denied
+ * CONFIG_DTE_DEBUG:    prints painful amount of debugging info
+ */
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+kmem_cache_t *dte_type_cache,  /* cache of typenames */
+*dte_path_cache,  /* cache of pathnames */
+*dte_domain_cache,/* cache of domains */
+*dte_ep_cache,    /* entry point cache */
+*dte_ea_cache,    /* entry access cache */
+*dte_sa_cache,    /* signal access cache */
+*dte_mntr_cache,  /* mount restricts */
+*dte_map_cache;   /* dte_map_node cache */
+
+/*
+ * Secondary_ops to allow using capability, and hopefully the openwall
+ * modules as secondary modules.  Needless to say, example gratefully
+ * taken from selinux.
+ */
+extern struct security_operations *dte_secondary_ops;
+
+/*
+ * SECTION
+ * dte_types pretends to be an array of typenames.
+ *
+ * we grab space for the actual names out of a kernel cache.  when
+ * we grab a slab, dte_type_names points to the start of it.  As we
+ * add typenames, dte_type_names move to point to the first free spot
+ * in the slab, and sizeof_type_names lists the free space left in the
+ * slab.
+ *
+ * num_dte_types gives the number of types.  It can't grow
+ *  larger than pagesize (8192)/sizeof(char*), because
+ *  the array sits on a 4096-byte kernel page
+ *
+ *  The same layout is used for dte pathnames.
+ */
+char **dte_types, **dte_paths; /* arrays pointing to actual names */
+char *dte_type_names;  /* only used at boot, this is where dte_types \ */
+char *dte_path_names;  /* and dte_paths point into */
+int num_dte_types, num_dte_paths;
+int sizeof_dte_types, sizeof_dte_paths;  /* space used in current 4096k block */
+
+extern struct dte_map_node   *dte_root_mapnode;
+extern int num_dte_map_nodes;
+
+struct dte_mntr **dte_mount_r;
+int num_dte_mount_r;
+
+int dte_initialized;
+int dte_debug;
+struct dte_domain_t *dte_init_domain;
+struct dte_domain_t **dte_domains;  /* 8192 bytes */
+int num_dte_domains;
+int dte_bitchmode;
+
+/*
+ * DTE really should not be compiled as a module.  The reason is that there is
+ * no good way to determine domains for running processes, or types for loaded
+ * files.
+ *
+ * Domains for running processes could be solved by running through the process
+ * tree, and determining labels based upon the name of the executed file.  Two
+ * problems are the determination of the exec'd filename, and the possibility
+ * of a parent process dying before the child.  The child's parent will be
+ * reassigned, and the result could be completely wrong.
+ *
+ * For now (perhaps forever), if you insist on using dte as a module,  all
+ * running processes will be assigned a default domain.  My first solution, to
+ * get this running, is to use init_domain as default_domain.  If it seems
+ * worth it, I could make it separately specifiable in the config file.
+ *
+ * I'm afraid just starting at root and walking the whole path *is* the best
+ * solution for setting up the inode->type and inode->mapnode pointers.  Since
+ * "rootfs" is a loose concept these days, I will simply use the rootfs of the
+ * process loading the module.  Who knows, maybe it'll allow for some cool
+ * trickery of setting up a new namespace before setting up dte.
+ */
+struct dte_domain_t *default_domain;
+
+#define DTE_DEBUG(x) printk(KERN_NOTICE x);
+#define DTE_DEBUG2(x,y) printk(KERN_NOTICE x,y);
+#define DTE_NO_MEM(x) { \
+	printk(KERN_NOTICE "%s: out of memory", x); \
+	return 0; \
+}
+
+static int atoi(char *c, char *ce)
+{
+	int ret = 0;
+
+	while (c<ce) {
+		ret *= 10;
+		ret += ((*c)-'0');
+		c++;
+	}
+	return ret;
+}
+
+unsigned int dte_hash(const char *s, int n)
+{
+	unsigned int sum;
+
+	if (!s) return 0;
+	sum = *s++;
+	while (*s) {
+		sum = (sum << 4) | (sum >> (8*sizeof(unsigned long)-4));
+		sum ^= *s++;
+	}
+	return (sum % (unsigned int)n);
+}
+
+unsigned int dte_hash_c(char *c, char *ce, int n)
+{
+	unsigned int sum;
+
+	if (!c || !ce) return 0;
+	sum = *c++;
+	while (c < ce) {
+		sum = (sum << 4) | (sum >> (8*sizeof(unsigned long)-4));
+		sum ^= *c++;
+	}
+	return (sum % (unsigned int)n);
+}
+
+static int strcmp_c(char *s, char *c, char *ce)
+{
+	while (c<ce) {
+		if (*s++!=*c++)
+			return 1;
+	}
+	if (*s!='\0')
+		return 1;
+	return 0;
+}
+
+static int dte_add_typename(char *s, char *e)
+{
+	int len = e-s;
+
+	if (sizeof_dte_types+len+1 > 4096) {
+		/* grab a new slab to throw this onto */
+		dte_type_names = kmem_cache_alloc(dte_type_cache,GFP_KERNEL);
+		if (!dte_type_names) {
+			printk(KERN_NOTICE "dte_add_typename: insufficient memory for names.\n");
+			return 0;
+		}
+		sizeof_dte_types = 0;
+	}
+	sizeof_dte_types += len+1;
+	if (num_dte_types > 2048) {
+		printk(KERN_NOTICE "2048 types?  MY LORD!  Sorry, the dte_types array\n");
+		printk(KERN_NOTICE "doesn't expand (yet).  No more types possible.\n");
+		return 0;
+	}
+	dte_types[num_dte_types++] = dte_type_names;
+	while (s<e) {
+		*dte_type_names = *s;
+		dte_type_names++;
+		s++;
+	}
+	sizeof_dte_types += len+1;
+	*dte_type_names = '\0';
+	dte_type_names++;
+	return 1;
+}
+
+static char *dte_add_pathname(char *s, char *e)
+{
+	int len = e-s;
+	int i=0;
+
+	/* avoid duplicates */
+	while (i<num_dte_paths) {
+		if (strcmp_c(dte_paths[i],s,e)==0)
+			return dte_paths[i];
+		i++;
+	}
+
+	if (sizeof_dte_paths+len+1 > 4096) {
+		/* grab a new slab to throw this onto */
+		dte_path_names = kmem_cache_alloc(dte_path_cache,GFP_KERNEL);
+		if (!dte_path_names) {
+			printk(KERN_NOTICE "dte_add_pathname: insufficient memory for names.\n");
+			return NULL;
+		}
+		sizeof_dte_paths = 0;
+	}
+	sizeof_dte_paths += len+1;
+	if (num_dte_paths > 2048) {
+		printk(KERN_NOTICE "2048 paths?  MY LORD!  Sorry, the dte_paths array\n");
+		printk(KERN_NOTICE "doesn't expand (yet).  No more paths possible.\n");
+		return NULL;
+	}
+	dte_paths[num_dte_paths++] = dte_path_names;
+	while (s<e) {
+		*dte_path_names = *s;
+		dte_path_names++;
+		s++;
+	}
+	sizeof_dte_paths += len+1;
+	*dte_path_names = '\0';
+	dte_path_names++;
+	return dte_paths[num_dte_paths-1];
+}
+
+static int dte_add_domain(char *s, char *e)
+{
+	struct dte_domain_t *d;
+	char *c;
+
+	d = dte_domains[num_dte_domains] = kmem_cache_alloc(dte_domain_cache,
+			GFP_KERNEL);
+	if (!d)
+		panic("dte_add_domain: out of memory.\n");
+	c = d->name = kmalloc(e-s+1,GFP_KERNEL);
+	if (!c)
+		panic("dte_add_domain: out of memory (name).\n");
+	d->namelen = (e-s);
+	while (s<e)
+		*c++ = *s++;
+	*c = '\0';
+	d->num_ep = d->num_ta = d->num_ea = d->num_sa = d->num_gw = 0;
+	d->ep = NULL;
+	d->ta = NULL;
+	d->ea = NULL;
+	d->sa = NULL;
+	d->gw = NULL;
+	d->hash_next = NULL;
+	num_dte_domains++;
+	return 1;
+}
+
+static struct dte_domain_t *dte_get_domain(char *c, char *ce)
+{
+	struct dte_domain_t *d;
+	int len = ce-c;
+	int h;
+
+	h = dte_hash_c(c,ce,num_dte_domains);
+	if (h<0 || h>num_dte_domains)
+		return NULL;
+	d = dte_domains[h];
+	if (!d)
+		return NULL;
+	while (d->hash_next && (strncmp(d->name,c,len) || d->namelen!=len))
+		d = d->hash_next;
+	if (strncmp(d->name,c,len) || d->namelen!=len)
+		return NULL;
+	return d;
+}
+
+/* this is only called at boot, so not too worried about speed */
+/* hey wait - that's no longer true! It's called from setup_eafile*/
+/* 
+ * TODO
+ * will have to sort or hash these now!
+ * */
+char *dte_get_type(char *c, char *ce)
+{
+	int i;
+
+	for (i=0; i<num_dte_types; i++) {
+		if (!strcmp_c(dte_types[i], c, ce))
+			return dte_types[i];
+	}
+	return 0;
+}
+
+static void sort_domains(void)
+{
+	int i, lo, h, nd=num_dte_domains;
+	struct dte_domain_t **d, *t;
+
+	d = (struct dte_domain_t **)kmalloc(nd*sizeof(struct dte_domain_t *),GFP_KERNEL);
+	if (!d)
+		panic("sort_domains: out of memory.\n");
+
+	for (i=0; i<nd; i++) {
+		d[i] = dte_domains[i];
+		dte_domains[i] = NULL;
+	}
+	/* lo keeps the lowest dte_domain which might be null */
+	/* used only in case of hash collisions */
+	lo = 0;
+	for (i=0; i<nd; i++) {
+		h = dte_hash(d[i]->name, nd);
+		if (dte_domains[h]) {
+			/* hash collision */
+			while (dte_domains[lo])
+				lo++;
+			dte_domains[lo] = d[i];
+			lo++;
+			t = dte_domains[h];
+			while (t->hash_next) {
+				t = t->hash_next;
+			}
+			t->hash_next = d[i];
+		} else
+			dte_domains[h] = d[i];
+	}
+	kfree(d);
+}
+
+/*
+ * set up the gateways for auto switches
+ * in 2.3.28, we then removed the auto ea's from domain->ea.
+ * since we've already set up hashes, and since the overhead
+ * of having the ea's seems minimal, maybe we should just
+ * keep them in there?
+ *
+ * The easiest alternative would be to switch the policy language
+ * to separate autos from execs.  Maybe I should do that?
+ */
+int dte_setup_gateways(void)
+{
+	struct dte_domain_t *d;
+	struct dte_ep *ep;
+	struct dte_gateway *gw;
+	int h, i, j, k, lo, n;
+
+	for (i=0; i<num_dte_domains; i++) {
+		d = dte_domains[i];
+		/* calculate number of gateways */
+		for (j=0; j<d->num_ea; j++)
+			if (d->ea[j].access == DTE_AUTO)
+				d->num_gw += d->ea[j].other_domain->num_ep;
+		/* allocate the space */
+		d->gw = kmalloc(d->num_gw * sizeof(struct dte_gateway), GFP_KERNEL);
+		if (!d->gw) {
+			panic("dte gateway setup:  out of memory.\n");
+		}
+		memset(d->gw,0,d->num_gw * sizeof(struct dte_gateway));
+		/* set up the hash table
+		* note that auto access to two domains which share an entry point
+		* amounts to undefined (well, defined by hash function behavior)
+		* behavior.  This will be warned against by the policy setup GUI
+		 */
+		lo = 0;
+		for (j=0; j<d->num_ea; j++)
+			if (d->ea[j].access == DTE_AUTO) {
+				ep = d->ea[j].other_domain->ep;
+				n  = d->ea[j].other_domain->num_ep;
+				for (k=0; k<n; k++) {
+					h = dte_hash(ep[k].type, d->num_gw);
+					gw = &d->gw[h];
+					while (gw->type && gw->hash_next)
+						gw = gw->hash_next;
+					if (gw->type) {
+						while (d->gw[lo].type)
+							lo++;
+						/*                  d->gw[lo] = kmem_cache_alloc();*/
+						gw->hash_next = &d->gw[lo];
+						/*                  lo++;*/
+						d->gw[lo].type = ep[k].type;
+						d->gw[lo].domain = d->ea[j].other_domain;
+						d->gw[lo].hash_next = NULL;
+						lo++;
+					} else {
+						d->gw[h].type = ep[k].type;
+						d->gw[h].domain = d->ea[j].other_domain;
+						d->gw[h].hash_next = NULL;
+					}
+				}
+			}
+	}
+	return 1;
+}
+
+#ifdef CONFIG_DTE_VERBOSE
+static void dte_show_assigns(struct dte_map_node *n, int tab)
+{
+	int i;
+	char line[40];
+
+	if (!n) return;
+	for (i=0; i<tab && i<39; i++)
+		line[i] = ' ';
+	line[i]='\0';
+	printk(KERN_NOTICE "%sname: %s len %d\n",line,n->name,n->namelen);
+	printk(KERN_NOTICE "%setype: %s\n",line,n->etype ? n->etype : "");
+	printk(KERN_NOTICE "%sutype: %s\n",line,n->utype ? n->utype : "");
+	printk(KERN_NOTICE "%s%d children%c\n",line,n->num_kids,
+			n->num_kids ? ':' : '.');
+	for (i=0; i<n->num_kids; i++)
+		dte_show_assigns(n->kids[i],tab+2);
+}
+
+void show_dte(void)
+{
+	int i, j;
+	struct dte_domain_t *d;
+
+	printk("types:\n");
+	for (i=0; i<num_dte_types; i++)
+		printk("%s\n", dte_types[i]);
+	printk("paths:\n");
+	for (i=0; i<num_dte_paths; i++)
+		printk("%s\n", dte_paths[i]);
+	printk("domains:\n");
+	for (i=0; i<num_dte_domains; i++) {
+		d = dte_domains[i];
+		printk("domain %d is %s.\n", i, d->name);
+		printk(" %d entry points: ", d->num_ep);
+		for (j=0; j<d->num_ep; j++)
+			printk("%s ", d->ep[j].type);
+		printk("\n");
+		printk(" %d type accesses: ", d->num_ta);
+		for (j=0; j<d->num_ta; j++)
+			printk("%d->%s ",(int)d->ta[j].access, d->ta[j].type);
+		printk("\n");
+		printk(" %d domain access: ",d->num_ea);
+		for (j=0; j<d->num_ea; j++)
+			printk("%d->%s ",(int)d->ea[j].access, d->ea[j].other_domain->name);
+		printk("\n");
+		printk(" %d gateways: ",d->num_gw);
+		for (j=0; j<d->num_gw; j++) {
+			printk("j is %d.\n", j);
+			if (!d->gw) printk("gateway array null.\n");
+			if (!d->gw[j].domain) printk("gateway's domain is null.\n");
+			if (!d->gw[j].domain->name) printk("gw.domain->name is null.\n");
+			printk("%s->%s ",d->gw[j].type, d->gw[j].domain->name);
+		}
+		printk("\n");
+		printk(" %d signals: ",d->num_sa);
+		for (j=0; j<d->num_sa; j++)
+			printk("%d->%s ",d->sa[j].signal,
+					(d->sa[j].recv_domain==d) ? "all" : d->sa[j].recv_domain->name);
+		printk("\n\n");
+	}
+	printk("Type assignments:\n");
+	dte_show_assigns(dte_root_mapnode,2);
+}
+#endif
+
+/*
+ * fill up the buffer from file.  We save the current data sitting
+ * after stat->blin, so the first line will be complete.
+ *
+ * Since we might be in the middle of reading a line, we set
+ * stat->mark to the previous end of buffer, so we can continue
+ * at mark+1.
+ * tmplen is the size from start of last line to end of buffer (before read)
+ * newlen is numchars read in
+ */
+static int dte_fread_buf(struct dte_fdata *stat)
+{
+	mm_segment_t *fs;
+	int i, tmplen, newlen;
+
+	DTE_DEBUG("dte_fread_buf: starting.\n");
+	if (stat->blin == stat->buffer) {
+		printk(KERN_NOTICE "dte_fread_buf: error: current line is size of buffer.\n");
+		/* probably not the safest way to handle it, but gotta think what is: */
+		printk(KERN_NOTICE "skipping this line...\n");
+		stat->blin = stat->buffer+stat->buflen;
+	}
+	if (stat->elin > stat->blin)
+		tmplen = stat->elin-stat->blin;
+	else
+		tmplen=0;
+	fs = &get_fs();
+	set_fs(KERNEL_DS);
+	/* we assume stat.blin points to the beginning of the unfinished line */
+	/*   memset(stat.buffer,0,4096);*/
+	for (i=0; i<tmplen; i++)
+		*(stat->buffer+i) = *(stat->blin+i);
+	stat->buflen = tmplen;
+	newlen = stat->fin->f_op->read(stat->fin,stat->buffer+tmplen,
+			4096-tmplen, &stat->fin->f_pos);
+	stat->numbufs++;
+	if (newlen <= 4096-tmplen) {
+		stat->eof = 1;
+		if (newlen<=0)
+			return 0;
+	}
+	stat->buflen += newlen;
+	set_fs(*fs);
+	stat->blin = stat->buffer;
+	stat->mark = stat->buffer+tmplen;
+	DTE_DEBUG("dte_fread_buf: done.\n");
+	return 1;
+}
+
+/*
+ * puts stat.elin at the end of the line started with stat.blin
+ * skips blank lines or comments
+ * comments are not allowed to begin mid-line
+ * returns 0 if the line is incomplete (iow more of the file needs
+ * to be read into stat.buffer)
+ */
+static int dte_find_endline(struct dte_fdata *stat)
+{
+	char c;
+	int reread = 0;
+
+start:
+	stat->elin = stat->blin;
+	c = *(stat->elin);
+	while (c==' ' || c=='\t') {
+		if (stat->elin >= stat->buffer+stat->buflen) {
+			if (reread)
+				return 0;
+			if (!dte_fread_buf(stat)) {
+				printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+				return 0;
+			}
+			reread++;
+			stat->elin = stat->mark;
+		}
+		c = *(++stat->elin);
+	}
+	if (c=='#' || c=='\n') {
+		/* go to start of next line */
+		while (c!='\n') {
+			if (stat->elin >= stat->buffer+stat->buflen) {
+				if (reread)
+					return 0;
+				if (!dte_fread_buf(stat)) {
+					printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+					return 0;
+				}
+				reread++;
+				stat->elin = stat->mark;
+			}
+			c = *(++stat->elin);
+		}
+		stat->blin = stat->elin+1;
+		goto start;
+	}
+
+	while (c!='\n') {
+		if (stat->elin >= stat->buffer+stat->buflen) {
+			if (reread)
+				return 0;
+			if (!dte_fread_buf(stat)) {
+				printk(KERN_NOTICE "dte_find_endline: premature end of file.\n");
+				return 0;
+			}
+			reread++;
+			stat->elin = stat->mark;
+		}
+		c = *(++stat->elin);
+	}
+	return 1;
+}
+
+/*
+* places stat->elin at true eol, and makes sure the whole line is read
+* into the buffer in the process.
+*
+* true eol here means we take into account '\'.
+*
+* also sets blin if the incoming blin was for a comment line
+*/
+static int dte_find_true_eol(struct dte_fdata *stat)
+{
+	char c;
+	int reread = 0;
+
+start:
+	stat->elin = stat->blin;
+	c = *(stat->elin);
+	while (c==' ' || c=='\t') {
+		if (stat->elin >= stat->buffer+stat->buflen) {
+			if (reread)
+				return 0;
+			if (!dte_fread_buf(stat)) {
+				printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+				return 0;
+			}
+			reread++;
+			stat->elin = stat->mark;
+		}
+		c = *(++stat->elin);
+	}
+	if (c=='#' || c=='\n') {
+		/* go to start of next line */
+		while (c!='\n') {
+			if (stat->elin >= stat->buffer+stat->buflen) {
+				if (reread)
+					return 0;
+				if (!dte_fread_buf(stat)) {
+					printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+					return 0;
+				}
+				reread++;
+				stat->elin = stat->mark;
+			}
+			c = *(++stat->elin);
+		}
+		stat->blin = stat->elin+1;
+		goto start;
+	}
+
+	/* no comments allowed between '\'-connected lines */
+	while (1) {
+		while (c!='\n' && c!='\\') {
+			if (stat->elin >= stat->buffer+stat->buflen) {
+				if (reread)
+					return 0;
+				if (!dte_fread_buf(stat)) {
+					printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+					return 0;
+				}
+				reread++;
+				stat->elin = stat->mark;
+			}
+			c = *(++stat->elin);
+		}
+		if (c=='\n')
+			return 1;
+		/* find end of this line, go to first char on next line */
+		while (c!='\n') {
+			if (stat->elin >= stat->buffer+stat->buflen) {
+				if (reread)
+					return 0;
+				if (!dte_fread_buf(stat)) {
+					printk(KERN_NOTICE "findtrueeol: premature end of file.\n");
+					return 0;
+				}
+				reread++;
+				stat->elin = stat->mark;
+			}
+			c = *(++stat->elin);
+		}
+		c = *(++stat->elin);
+	}
+}
+
+
+static int read_types(struct dte_fdata *stat)
+{
+	char *c, *ce;
+
+	stat->state = DTE_STATE_TYPES;
+	c = stat->blin;
+	dte_find_true_eol(stat);
+	/* we know there are now no comments, full line is in buffer, and
+	* stat->elin is eol after all '\'-connected lines. */
+	while (*c==' ' || *c=='\t') c++;
+	if (strncmp(c,"types ",6))
+		return -1;
+	c += 6;
+	while (1) {
+		while (*c==' ' || *c=='\t') c++;
+		if (*c=='\n') {
+			stat->blin = stat->elin+1;
+			stat->state = DTE_STATE_DOMAINS;
+			/* done reading types */
+			return 1;
+		}
+		ce = c;
+		while (*ce!='\\' && *ce!=' ' && *ce!='\t' && *ce!='\n')
+			ce++;
+		if (c!=ce) {
+			/* regardless what ce is, there's a word between c and ce-1 */
+			if (!dte_add_typename(c,ce)) {
+				*ce='\0';
+				printk(KERN_NOTICE "at typename %s.\n", c);
+				panic("Error adding typename.\n");
+			}
+		}
+		if (*ce=='\\') {
+			/* continue on the next line */
+			do { ce++;} while (*ce!='\n');
+		} else if (*ce=='\n') {
+			/* end of line, end of types */
+			if (ce!=stat->elin) {
+				panic("bad input on types line.\n");
+			}
+			/* set up for the next stuff to be read in */
+			stat->blin = stat->elin+1;
+			stat->state = DTE_STATE_DOMAINS;
+			/* done reading types */
+			return 1;
+		}
+		c = ce+1;
+	}
+	/* not reached */
+}
+
+static int read_domains(struct dte_fdata *stat)
+{
+	char *c, *ce;
+
+	if (stat->state != DTE_STATE_DOMAINS)
+		panic("domains line out of order in /etc/dte.conf.\n");
+
+	c = stat->blin;
+	dte_find_true_eol(stat);
+	/* we know there are now no comments, full line is in buffer, and
+	* stat->elin is eol after all '\'-connected lines. */
+	while (*c==' ' || *c=='\t') c++;
+	if (strncmp(c,"domains ",6))
+		return -1;
+	c += 8;
+	while (1) {
+		while (*c==' ' || *c=='\t') c++;
+		if (*c=='\n') {
+			stat->blin = stat->elin+1;
+			stat->state = DTE_STATE_DEFS;
+			return 1;
+		}
+		ce = c;
+		while (*ce!='\\' && *ce!=' ' && *ce!='\t' && *ce!='\n')
+			ce++;
+		if (c!=ce) {
+			/* regardless what ce is, there's a word between c and ce-1 */
+			if (!dte_add_domain(c,ce)) {
+				*ce = '\0';
+				printk(KERN_NOTICE "At domain %s.\n", c);
+				panic("Error adding domain name.\n");
+			}
+		}
+		if (*ce=='\\') {
+			/* continue on the next line */
+			do { ce++; } while (*ce!='\n');
+		} else if (*ce=='\n') {
+			/* end of line, end of types */
+			if (ce!=stat->elin)
+				panic("bad input on domains line.\n");
+			/* set up for the next stuff to be read in */
+			stat->blin = stat->elin+1;
+			stat->state = DTE_STATE_DEFS;
+			return 1;
+		}
+		c = ce+1;
+	}
+	/* not reached */
+}
+
+static int read_def_d(struct dte_fdata *stat)
+{
+	char *c, *ce;
+
+	c = stat->blin;
+	while (*c==' ' || *c=='\t')
+		c++;
+	if (strncmp(c,"default_d ",10))
+		panic ("read_def_d: no default domain here!\n");
+
+	c += 10;
+	while (*c==' ' || *c=='\t')
+		c++;
+	ce = c;
+	while (*ce!=' ' && *ce!='\t' && *ce!='\n')
+		ce++;
+	dte_init_domain = dte_get_domain(c,ce);
+	if (!dte_init_domain) {
+		*ce = '\0';
+		printk(KERN_NOTICE "at default domain: %s.\n", c);
+		panic("Bad default domain: does not exist.\n");
+	}
+	default_domain = dte_init_domain;
+	stat->blin = stat->elin+1;
+	return 1;
+}
+
+static int read_def_t(struct dte_fdata *stat, int w)
+{
+	char *c, *ce, *t;
+
+	c = stat->blin;
+	while (*c==' ' || *c=='\t')
+		c++;
+	if (strncmp(c,"default_",8) || *(c+9)!='t')
+		panic ("read_def_t: no default type here!\n");
+
+	c += 11;
+	while (*c==' ' || *c=='\t')
+		c++;
+	ce = c;
+	while (*ce!=' ' && *ce!='\t' && *ce!='\n')
+		ce++;
+	t = dte_get_type(c,ce);
+
+	if (!num_dte_map_nodes) {
+		dte_root_mapnode = kmem_cache_alloc(dte_map_cache, GFP_KERNEL);
+		num_dte_map_nodes++;
+		dte_root_mapnode->name = kmalloc(2,GFP_KERNEL);
+		sprintf(dte_root_mapnode->name, "/");
+		dte_root_mapnode->namelen = 1;
+		dte_root_mapnode->etype     = NULL;
+		dte_root_mapnode->utype     = NULL;
+		dte_root_mapnode->num_kids  = 0;
+		dte_root_mapnode->hash_next = NULL;
+		dte_root_mapnode->kids      = NULL;
+	}
+
+	switch (w) {
+		case 1: dte_root_mapnode->etype =  t;
+				  DTE_DEBUG2("dte_root_etype set to %s.\n",t);
+				  break;
+		case 2: dte_root_mapnode->utype =  t;
+				  DTE_DEBUG2("dte_root_utype set to %s.\n",t);
+				  break;
+		case 3: dte_root_mapnode->etype = dte_root_mapnode->utype = t;
+				  DTE_DEBUG2("dte_root_rtype set to %s.\n",t);
+				  break;
+		default: printk(KERN_NOTICE "read_def_t: this can't be. w!={1,2,3}.\n");
+					return 0;
+	}
+	stat->blin = stat->elin+1;
+	stat->state = DTE_STATE_SPECD;  /* might be one more def_t, that's ok */
+	return 1;
+}
+
+static unsigned char dte_convert_ta(char c)
+{
+	switch(c) {
+		default : return 0;
+		case 'R':
+		case 'r': return (unsigned char) DTE_FR;
+		case 'W':
+		case 'w': return (unsigned char) DTE_FW;
+		case 'x':
+		case 'X': return (unsigned char) DTE_FX;
+		case 'a':
+		case 'A': return (unsigned char) DTE_FA;
+		case 'd': /* d: directory descend */
+		case 'D': return (unsigned char) DTE_DX;
+		case 'c':
+		case 'C': return (unsigned char) DTE_DW;
+		case 'l': /* l: as in ls - yeah, i'm reaching */
+		case 'L': return (unsigned char) DTE_DR;
+	}
+}
+
+#define DTE_P_ERR(which) printk(KERN_NOTICE \
+		"read_specd: no opening paren for %s.\n",which);
+
+#define MEM_ERROR(which) printk(KERN_NOTICE \
+		"read_specd: insufficent memory for %s.\n",which);
+
+#define DTE_W_ERR(wnum,wdom) printk(KERN_NOTICE \
+		"read_specd: wrong number of %s specified for domain %s.\n",\
+		wnum,wdom);
+
+static int read_specd(struct dte_fdata *stat)
+{
+	char *c, *ce;
+	int h, n, p, w;
+	int lo, state=0;
+	struct dte_domain_t *d;
+	int have_num;
+
+	dte_find_true_eol(stat);
+	c = stat->blin;
+	while (*c==' ' || *c=='\t')
+		c++;
+	if (strncmp(c,"spec_domain ",12)) {
+		/* debug */
+		int i;
+		printk(KERN_NOTICE "\nHere's the current line:\n");
+		for (i=0; i<20; i++)
+			printk(KERN_NOTICE "%c", *(c+i));
+		printk(KERN_NOTICE "\n\n");
+		panic("read_specd: no domain spec here...\n");
+	}
+
+	w = lo = p = 0;
+	d = NULL;
+	c += 12;
+	have_num=0;
+	while (state < 5) {
+		/* first the domain name being defined */
+		while (*c==' ' || *c=='\t')
+			c++;
+		if (*c=='\\') {
+			do {c++;} while (*c!='\n');
+			c++;
+			continue;
+		}
+		if (state>0 && *c==')') {
+			switch(state) {
+				default: break;
+				case 1: if (w!=d->num_ep) {
+							  DTE_W_ERR("entry points",d->name);
+							  panic("domain_spec\n");
+						  }
+						  break;
+				case 2: if (w!=d->num_ta) {
+							  DTE_W_ERR("type accesses",d->name);
+							  panic("domain_spec\n");
+						  }
+						  break;
+				case 3: if (w!=d->num_ea) {
+							  DTE_W_ERR("domain accesses",d->name);
+							  panic("domain_spec\n");
+						  }
+						  break;
+				case 4: if (w!=d->num_sa) {
+							  DTE_W_ERR("signal accesses",d->name);
+							  panic("domain_spec\n");
+						  }
+						  break;
+			}
+			state++;
+			c++;
+			have_num = p = 0;
+			continue;
+		}
+		if (*c=='(') {
+			if (p) {
+				panic("read_specd:  unmatched '('.\n");
+			}
+			if (state==0)
+				/* easier to have it always or never allowed, and unnecessary */
+				panic("read_specd: no '(' for spec_domain name.\n");
+			p++;
+			c++;
+			continue;
+		}
+		switch(state) {
+			/* We're sure now that c sits on first char of next valid word */
+			case 0: ce = c;
+					  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+						  ce++;
+					  d = dte_get_domain(c,ce);
+					  if (!d) {
+						  *ce = '\0';
+						  printk(KERN_NOTICE "domain %s.\n", c);
+						  panic("dte_specd: invalid domain.\n");
+					  }
+					  c = ce;  /* ce is the char *after* word. */
+					  state++;
+					  break;
+
+			case 1: ce = c;
+					  if (!p) DTE_P_ERR("entry points");
+					  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+						  ce++;
+					  if (!have_num) {
+						  n = atoi(c,ce);
+						  d->num_ep = n;
+						  d->ep = (struct dte_ep*) kmalloc(n*sizeof(struct dte_ep),
+								  GFP_KERNEL);
+						  if (!d->ep) {
+							  MEM_ERROR("entry points");
+							  panic("domain_spec\n");
+						  }
+						  memset(d->ep,0,n*sizeof(struct dte_ep));
+						  lo = w = 0;  /* w is which one is being defined */
+						  have_num++;
+						  c = ce;
+					  } else {
+						  struct dte_ep *e;
+						  char *t;
+
+						  if (w >= d->num_ep) {
+							  DTE_W_ERR("entry points",d->name);
+							  panic("domain_spec\n");
+						  }
+						  t = dte_get_type(c,ce);
+						  if (!t) {
+							  *ce = '\0';
+							  printk(KERN_NOTICE "at domain %s gateway %s.\n",
+									  d->name, c);
+							  panic("domain_spec\n");
+						  }
+						  h = dte_hash(t,d->num_ep);
+						  e = &d->ep[h];
+						  while (e->type && e->hash_next)
+							  e = e->hash_next;
+						  if (e->type) {
+							  while (d->ep[lo].type) lo++;
+							  d->ep[lo].type = t;
+							  e->hash_next = &d->ep[lo];
+							  lo++;
+						  } else
+							  e->type = t;
+						  w++;
+						  c = ce;
+					  }
+					  break;
+			case 2: ce = c;
+					  if (!p) DTE_P_ERR("type access specs");
+					  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+						  ce++;
+					  if (!have_num) {
+						  n = atoi(c,ce);
+						  d->num_ta = n;
+						  d->ta = (struct dte_ta*) kmalloc(n*sizeof(struct dte_ta),
+								  GFP_KERNEL);
+						  if (!d->ta) {
+							  MEM_ERROR("entry points");
+							  panic("domain_spec\n");
+						  }
+						  memset(d->ta,0,n*sizeof(struct dte_ta));
+						  have_num++;
+						  lo = w = 0;  /* w is which one is being defined */
+						  c = ce;
+					  } else {
+						  struct dte_ta *ta;
+						  char *t;
+						  unsigned char access = 0;
+
+						  if (w >= d->num_ta) {
+							  DTE_W_ERR("type access",d->name);
+							  panic("domain_spec\n");
+						  }
+						  /* must be exactly:
+						  * rwx->typename (rwx can be any type access combo)
+							*/
+						  while (*c!='-') {
+							  access |= dte_convert_ta(*c);
+							  c++;
+						  }
+						  c += 2; /* get passed '->' */
+						  t = dte_get_type(c,ce);
+						  if (!t) {
+							  printk(KERN_NOTICE "bad type in domain spec %s.\n",
+									  d->name);
+							  panic("domain_spec\n");
+						  }
+						  h = dte_hash(t,d->num_ta);
+						  ta = &d->ta[h];
+						  while (ta->type && ta->hash_next)
+							  ta = ta->hash_next;
+						  if (ta->type) {
+							  while (d->ta[lo].type) lo++;
+							  d->ta[lo].type = t;
+							  d->ta[lo].access = access;
+							  ta->hash_next = &d->ta[lo];
+							  lo++;
+						  } else {
+							  ta->type = t;
+							  ta->access = access;
+						  }
+						  w++;
+						  c = ce;
+					  }
+					  break;
+			case 3: ce = c;
+					  if (!p) DTE_P_ERR("domain access specs");
+					  if (!have_num) {
+						  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+							  ce++;
+						  n = atoi(c,ce);
+						  d->num_ea = n;
+						  d->ea = (struct dte_ea*) kmalloc(n*sizeof(struct dte_ea)
+								  ,GFP_KERNEL);
+						  if (!d->ea) {
+							  MEM_ERROR("domain access");
+							  panic("domain_spec\n");
+						  }
+						  memset(d->ea,0,n*sizeof(struct dte_ea));
+						  have_num++;
+						  c = ce;
+						  lo = w = 0;
+					  } else {
+						  struct dte_ea *ea;
+						  struct dte_domain_t *dest;
+						  unsigned char access;
+
+						  if (w >= d->num_ea) {
+							  DTE_W_ERR("domain access",d->name);
+							  panic("domain_spec\n");
+						  }
+						  /* first comes 'exec' or 'auto' */
+						  ce = c;
+						  while (*ce!='-') ce++;
+						  if (!strncmp(c,"exec",4) && (ce-c==4))
+							  access = DTE_EXEC;
+						  else access = DTE_AUTO;
+						  c = ce += 2;
+						  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+							  ce++;
+						  dest = dte_get_domain(c,ce);
+						  if (!dest) {
+							  printk(KERN_NOTICE "bad d in domain accesses for %s.\n",
+									  d->name);
+							  panic("fatal...\n");
+						  }
+						  h = dte_hash(dest->name,d->num_ea);
+						  ea = &d->ea[h];
+						  while (ea->other_domain && ea->hash_next)
+							  ea = ea->hash_next;
+						  if (ea->other_domain) {
+							  while (d->ea[lo].other_domain) lo++;
+							  d->ea[lo].other_domain = dest;
+							  d->ea[lo].access = access;
+							  ea->hash_next = &d->ea[lo];
+							  lo++;
+						  } else {
+							  ea->other_domain = dest;
+							  ea->access = access;
+						  }
+						  w++;
+						  c = ce;
+					  }
+					  break;
+			case 4: ce = c;
+					  if (!p) DTE_P_ERR("signal access specs");
+					  if (!have_num) {
+						  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+							  ce++;
+						  n = atoi(c,ce);
+						  d->num_sa = n;
+						  d->sa = (struct dte_sa*) kmalloc(n*sizeof(struct dte_sa),
+								  GFP_KERNEL);
+						  if (!d->sa) {
+							  MEM_ERROR("signal access");
+							  panic("domain_spec\n");
+						  }
+						  memset(d->sa,0,n*sizeof(struct dte_sa));
+						  lo = w = 0;
+						  c = ce;
+						  have_num++;
+					  } else {
+						  struct dte_sa *sa;
+						  struct dte_domain_t *dest;
+						  int signal;
+
+						  if (w >= d->num_sa) {
+							  DTE_W_ERR("signal access",d->name);
+							  panic("domain_spec\n");
+						  }
+						  ce = c;
+						  while (*ce!='-') ce++;
+						  signal = atoi(c,ce);
+						  c = ce +=2;
+						  while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+							  ce++;
+						  if (*c!='0' || ce-c>1) {
+							  dest = dte_get_domain(c,ce);
+							  if (!dest || dest==d) {
+								  printk(KERN_NOTICE "bad d in signal access for %s.\n",
+										  d->name);
+								  panic("domain_spec\n");
+							  }
+						  } else
+							  dest = d;
+						  h = dte_hash(dest->name, d->num_sa);
+						  sa = &d->sa[h];
+						  while (sa->recv_domain && sa->hash_next)
+							  sa = sa->hash_next;
+						  if (sa->recv_domain) {
+							  while (d->sa[lo].recv_domain) lo++;
+							  d->sa[lo].recv_domain = dest;
+							  d->sa[lo].signal = signal;
+							  sa->hash_next = &d->sa[lo];
+							  lo++;
+						  } else {
+							  sa->recv_domain = dest;
+							  sa->signal = signal;
+						  }
+						  w++;
+						  c = ce;
+					  }
+					break;
+			default:	printk("bad case.\n");
+					panic("domain_spec\n");
+					break;
+		}
+	}
+
+	stat->blin = stat->elin+1;
+	return 1;
+}
+
+/* format of ta:
+* assign -X type path1 path2 ... pathn
+* where x is e,r or u.  no combos.
+* line may be split by \
+ */
+static int read_ta(struct dte_fdata *stat)
+{
+	char *t, *c, *ce;
+	char *p;
+	char assign;
+	struct dte_map_node *tmpmap;
+
+	dte_find_true_eol(stat);
+	c = stat->blin;
+	while (*c==' ' || *c=='\t')
+		c++;
+	if (strncmp(c,"assign ",7))
+		panic("read_ta: no type assign here...\n");
+
+	while (*c!='-') c++;
+	c++;
+	assign = *c;
+	ce = c += 2;
+
+	while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+		ce++;
+
+	t = dte_get_type(c,ce);
+	if (!t) {
+		ce = '\0';
+		panic("dte: bad type %s in type assignment.\n", c);
+	}
+
+	while (1) {
+		c = ce;
+		while (*c==' ' || *c == '\t') c++;
+		if (*c=='\n') {
+			stat->blin = stat->elin+1;
+			return 1;
+		}
+		if (*c=='\\') {
+			do {c++;} while (*c!='\n');
+			c++;
+			continue;
+		}
+		ce = c;
+
+		while (*ce!=' '&&*ce!='\t'&&*ce!=')'&&*ce!='\n'&&*ce!='\\')
+			ce++;
+		p = dte_add_pathname(c,ce);
+
+		tmpmap = dte_find_map_node_create(p);
+		if (!tmpmap)
+			panic("This shouldn't happen: couldn't creat map node for %s.\n",p);
+
+		switch(assign) {
+			case 'e': tmpmap->etype = t; break;
+			case 'u': tmpmap->utype = t; break;
+			default : tmpmap->etype = tmpmap->utype = t;
+						 break;
+		}
+
+		c = ce;
+	}
+}
+
+int read_mntr(struct dte_fdata *stat)
+{
+	char *c, *ce;
+	char how;
+	int maj, min;
+	struct dte_mntr *r;
+	int len;
+
+	DTE_DEBUG("read_mntr: starting.\n");
+	dte_find_true_eol(stat);
+	c = stat->blin;
+	while (*c==' ' || *c=='\t')
+		c++;
+	if (!strncmp(c,"pretend ",8))
+		how = 'p';
+	else if (!strncmp(c,"restrict ",9))
+		how = 'r';
+	else {
+		printk(KERN_NOTICE "read_mntr: no mount restriction here...\n");
+		return 0;
+	}
+	while (*c!=' ' && *c!='\t')
+		c++;
+	while (*c==' ' || *c=='\t')
+		c++;
+	/* 
+	 * in this case, we'll always be comparing copies of path/dev names,
+	 * so we'll never be able to compare by array offsets.  So we just
+	 * allocate mem for device names right here
+	 *
+	 * we don't allow '\' to split lines in this case - shouldn't really be
+	 * necessary...
+	 *
+	 * First, get device:
+	 */
+	while (*c==' ' && *c=='\t') c++;
+	ce = c;
+	while (*ce!=' ' && *ce!='\t') ce++;
+	maj = atoi(c,ce);
+	c=++ce;
+	while (*c==' ' && *c=='\t') c++;
+	ce = c;
+	while (*ce!=' ' && *ce!='\t') ce++;
+	min = atoi(c,ce);
+
+	/* grab a mntr struct from cache */
+	r = kmem_cache_alloc(dte_mntr_cache, GFP_KERNEL);
+	if (!r)
+		DTE_NO_MEM("dte_read_mntr");
+	r->maj   = (unsigned char)maj;
+	r->min   = (unsigned char)min;
+	sprintf(r->summ, "%3d,%3d",maj,min);
+
+	c = ++ce;
+	while (*c==' ' || *c=='\t')
+		c++;
+	ce = c;
+	while (*ce!=' ' && *ce!='\t' && *ce!='\n' && *ce!='\0')
+		ce++;
+	len = ce-c;
+	r->path = (char *)kmalloc(NAME_ALLOC_LEN(len), GFP_KERNEL);
+	if (!r->path)
+		DTE_NO_MEM("dte_read_mntr");
+	memcpy(r->path,c,len);
+	r->path[len] = 0;
+
+	r->how = how;
+	num_dte_mount_r++;
+	r->hash_next = dte_mount_r[0];
+	dte_mount_r[0]  = r;
+
+	stat->blin = stat->elin+1;
+
+	DTE_DEBUG("read_mntr: returning.\n");
+	return 1;
+}
+
+/*
+ * read_dte_config: read the config file.
+ */
+int read_dte_config(void)
+{
+	struct dte_fdata stat;
+	char *c;
+	int line = 0;
+
+	/* initialization of variables and memcaches */
+	num_dte_domains = 0;
+	printk(KERN_NOTICE "before kmalloc\n");
+	dte_domains = kmalloc(8192,GFP_KERNEL);
+	printk(KERN_NOTICE "after kmalloc\n");
+	dte_type_cache = kmem_cache_create("dte_type_names",4096,0,0,NULL,NULL);
+	printk(KERN_NOTICE "after kmem_cache_create\n");
+	dte_path_cache = kmem_cache_create("dte_path_names",4096,0,0,NULL,NULL);
+	dte_domain_cache = kmem_cache_create("dte_domains",sizeof(struct dte_domain_t),
+			0,0,NULL,NULL);
+	dte_ep_cache   = kmem_cache_create("dte_ep_cache",sizeof(struct dte_ep),
+			0,0,NULL,NULL);
+	dte_ea_cache   = kmem_cache_create("dte_ea_cache",sizeof(struct dte_ea),
+			0,0,NULL,NULL);
+	dte_sa_cache   = kmem_cache_create("dte_sa_cache",sizeof(struct dte_sa),
+			0,0,NULL,NULL);
+	dte_map_cache  = kmem_cache_create("dte_map_cache",sizeof(struct dte_map_node),
+			0,0,NULL,NULL);
+	dte_mntr_cache = kmem_cache_create("dte_mount_r",sizeof(struct dte_mntr),
+			0,0,NULL,NULL);
+	printk(KERN_NOTICE "after all kmem_cache_creates\n");
+	if (!dte_type_cache || !dte_path_cache || !dte_domain_cache || !dte_ep_cache
+			|| !dte_ea_cache || !dte_sa_cache || !dte_map_cache
+			|| !dte_mntr_cache || !dte_domains) {
+		printk(KERN_NOTICE "read_dte_config: insufficient memory for caches.\n");
+		return -ENOMEM;
+	}
+
+	num_dte_map_nodes = 0;
+	dte_root_mapnode  = NULL;
+	num_dte_types   = sizeof_dte_types = 0;
+	num_dte_paths   = sizeof_dte_paths = 0;
+	dte_types = kmalloc(8192,GFP_KERNEL);/* this is just an array of pointers */
+	dte_paths = kmalloc(8192,GFP_KERNEL);/* into slabs coming from next two */
+	printk(KERN_NOTICE "before kmme_cache_alloc\n");
+	dte_type_names = kmem_cache_alloc(dte_type_cache,GFP_KERNEL);
+	printk(KERN_NOTICE "after kmme_cache_alloc\n");
+	dte_path_names = kmem_cache_alloc(dte_path_cache,GFP_KERNEL);
+	if (!dte_types || !dte_paths || !dte_type_names || !dte_path_names) {
+		printk(KERN_NOTICE "read_dte_config: insufficient memory for names.\n");
+		return -ENOMEM;
+	}
+	printk(KERN_NOTICE "after all kmem_cache_allocs\n");
+
+	printk(KERN_NOTICE "before filp_open\n");
+/*	lock_kernel();*/
+	stat.fin = filp_open("/etc/dte.conf",00,O_RDONLY);
+/*	unlock_kernel();*/
+	printk(KERN_NOTICE "after filp_open\n");
+	if (IS_ERR(stat.fin) || stat.fin==NULL)
+		panic( "Error opening /etc/dte.conf for reading.\n");
+
+	if (stat.fin->f_op==NULL || stat.fin->f_op->read==NULL)
+		panic("/etc/dte.conf or root fs not readable.\n");
+
+	stat.numbufs=0;
+	stat.fin->f_pos = 0;
+	stat.blin = stat.elin = stat.buffer+4095;
+	stat.buflen = stat.eof = 0;
+	dte_bitchmode = 0;
+
+	printk(KERN_NOTICE "before dte_fread_buf\n");
+	if (dte_fread_buf(&stat)!=1)
+		panic("Error reading dte policy file.\n");
+	printk(KERN_NOTICE "after dte_fread_buf\n");
+
+	while (stat.state != DTE_STATE_DONE &&
+			!(stat.eof && stat.blin >= stat.buffer+stat.buflen)) {
+
+		if (stat.blin >= stat.buffer+stat.buflen) {
+			/* end of file */
+			return 0;
+		}
+
+		dte_find_endline(&stat);
+		c = stat.blin;
+		while (*c==' ') c++;
+		if (strncmp(c,"types ",6)==0)
+			read_types(&stat);
+		else if (strncmp(c,"domains ",8)==0) {
+			read_domains(&stat);
+			sort_domains();
+		} else if (strncmp(c,"default_d ",10)==0)
+			read_def_d(&stat);
+		else if (strncmp(c,"default_et ",11)==0)
+			read_def_t(&stat,1);
+		else if (strncmp(c,"default_ut ",11)==0)
+			read_def_t(&stat,2);
+		else if (strncmp(c,"default_rt ",11)==0)
+			read_def_t(&stat,3);
+		else if (strncmp(c,"spec_domain ",12)==0)
+			read_specd(&stat);
+		else if (strncmp(c,"assign ",7)==0)
+			read_ta(&stat);
+		else if (strncmp(c,"pretend ",8)==0)
+			read_mntr(&stat);
+		else if (strncmp(c,"restrict ",9)==0)
+			read_mntr(&stat);
+		else if (strncmp(c,"bitch\n",6)==0) {
+			dte_bitchmode = 1;
+			stat.blin = stat.elin+1;
+		} else
+			panic("bad input line.\n");
+		line++;
+	}
+
+	fput(stat.fin);
+	
+	return 1;
+}
diff --minimal -Nru a/security/dte/syscall.c b/security/dte/syscall.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/syscall.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,276 @@
+/*
+ * security/dte/syscall.c
+ *
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int num_dte_domains;
+extern struct dte_domain_t **dte_domains;
+
+#define min(x,y) ( x<y ? x : y )
+/*
+ * for do_gettype: data is:
+ *  1. (char *) filename
+ *  2. (char *) buffer
+ *  3. (int)    buflen
+ */
+struct dte_gt_struct {
+	char *fnam;
+	char *buf;
+	int buflen;
+};
+static long dte_do_gettype(void *data)
+{
+	struct dte_gt_struct gs;
+	char *fnam;
+	long err;
+	int len;
+	struct nameidata nd;
+	struct dte_inode_sec *s;
+
+	err = -EFAULT;
+	if (copy_from_user(&gs, data, sizeof(struct dte_gt_struct)))
+		goto out;
+	fnam = getname(gs.fnam);
+	err = PTR_ERR(fnam);
+	if (IS_ERR(fnam))
+		goto out;
+	err = 0;
+	if (path_init(fnam,LOOKUP_POSITIVE|LOOKUP_FOLLOW,&nd))
+		err = path_walk(fnam, &nd);
+	putname(fnam);
+	if (err)
+		goto out;
+
+	err = permission(nd.dentry->d_inode,MAY_READ);
+	if (err)
+		goto dput_and_out;
+
+	err = -ENOENT;
+	if (!nd.dentry->d_inode)
+		goto dput_and_out;
+	s = (struct dte_inode_sec *) nd.dentry->d_inode->i_security;
+	if (!s)
+		goto dput_and_out;
+	if (!s->etype) {
+		if (gs.buflen<10) {
+			copy_to_user(gs.buf, "no etype.", gs.buflen);
+			gs.buf[gs.buflen] = '\0';
+		} else
+			copy_to_user(gs.buf, "no etype.", 10);
+		goto dput_and_out;
+	}
+	len = min(strlen(s->etype)+1, gs.buflen-1);
+	if (copy_to_user(gs.buf, s->etype, len))
+		err = -EFAULT;
+	else {
+		err = 0;
+	/*	gs.buf[len] = '\0';*/  /* just to be SURE */
+	}
+
+dput_and_out:
+	path_release(&nd);
+out:
+	return err;
+}
+
+struct dte_gd_struct {
+	unsigned int pid;
+	char *buf;
+	int buflen;
+};
+static long dte_do_getdomain(void *data)
+{
+	struct dte_gd_struct gd;
+	struct task_struct *p;
+	struct dte_task_sec *ts;
+	int err, len;
+
+	err = -EFAULT;
+	if (copy_from_user(&gd, data, sizeof(struct dte_gd_struct)))
+		goto out;
+	err = -1;
+	p = find_task_by_pid(gd.pid);
+	if (!p) goto out;
+	ts = p->security;
+	if (!ts || !ts->dte_domain) goto out;
+
+	err = -EFAULT;
+	len = min(strlen(ts->dte_domain->name)+1, gd.buflen-1);
+	if (!copy_to_user(gd.buf, ts->dte_domain->name, len)) {
+		err = 0;
+/*		gd.buf[len] = '\0';*/
+	}
+
+out:
+	return err;
+}
+
+static int dte_may_exec_to(struct dte_domain_t *a, struct dte_domain_t *b)
+{
+	struct dte_ea *ea;
+	char *bn = b->name;
+	int h;
+
+	h = dte_hash(bn, a->num_ea);
+	ea = &a->ea[h];
+	while (ea->other_domain && strcmp(ea->other_domain->name, bn)!=0 &&
+			ea->hash_next)
+		ea = ea->hash_next;
+	if (ea->other_domain && strcmp(ea->other_domain->name, bn)==0 &&
+			dte_exec_access(ea->access))
+		return 1;
+
+	return 0;
+}
+
+static struct dte_domain_t *get_domain(char *name)
+{
+	struct dte_domain_t *d;
+	int h;
+
+	h = dte_hash(name,num_dte_domains);
+	if (h<0 || h>num_dte_domains)
+		return NULL;
+	d = dte_domains[h];
+	if (!d)
+		return NULL;
+	while (d->hash_next && strcmp(d->name,name))
+		d = d->hash_next;
+	if (strcmp(d->name,name))
+		return NULL;
+	return d;
+}
+
+/*
+ * Modules apparently can't use errno, so I can't use unistd.h
+ * directly.  Ergo, define my own execve.
+ */
+#define __NR_execve		 11
+#define __syscall_return(type, res) \
+do { \
+	return (type) (res); \
+} while (0)
+#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) \
+type name(type1 arg1,type2 arg2,type3 arg3) \
+{ \
+long __res; \
+__asm__ volatile ("int $0x80" \
+	: "=a" (__res) \
+	: "0" (__NR_##name),"b" ((long)(arg1)),"c" ((long)(arg2)), \
+		  "d" ((long)(arg3))); \
+__syscall_return(type,__res); \
+}
+
+static inline _syscall3(int,execve,const char *,file,char **,argv,char **,envp)
+/*
+ * Note on dte_d_exec:
+ * here is a major switch from my previous version.  I delay checking the
+ * validity of the domain switch until well into the execve, in the
+ * binprm_alloc_security, in fact.  In order to check it here, the current
+ * domain needs to have the ability to access the file being executed so
+ * that I can check the type of the file.  This should not be necessary, as
+ * only the domain being switched to should need this permission.
+ *
+ * Note that this cannot work for auto domain switches.  There the source
+ * domain must be able to reach the entry point, for us to even figure out
+ * that there is a required auto switch.
+ */
+struct dte_exec_struct{
+	char *fnam;
+	char **argv;
+	char **envp;
+	char *domain;
+};
+static long dte_do_exec(void *data)
+{
+	struct dte_exec_struct es;
+	char *fnam;
+	long err;
+	char *d;
+	struct dte_task_sec *ts;
+	struct dte_domain_t *dest;
+
+	err = -EFAULT;
+	if (copy_from_user(&es, data, sizeof(struct dte_exec_struct)))
+		goto out;
+	fnam = getname(es.fnam);
+	err = PTR_ERR(fnam);
+	if (IS_ERR(fnam))
+		goto out;
+
+	d = getname(es.domain);
+	err = PTR_ERR(d);
+	if (IS_ERR(d))
+		goto out_putf;
+	dest = get_domain(d);
+	if (!dest) {
+		printk(KERN_NOTICE "Error: no domain named %s.\n", d);
+		putname(d);
+		err = -EINVAL;
+		goto out_putf;
+	}
+	putname(d);
+
+	ts = current->security;
+	if (!dte_may_exec_to(ts->dte_domain, dest)) {
+		printk(KERN_NOTICE "dte: domain %s may not exec to domain %s.\n",
+				ts->dte_domain->name, dest->name);
+		err = -EACCES;
+		goto out_putf;
+	}
+
+	ts->dte_back  = ts->dte_domain;
+	ts->dte_domain = dest;
+
+	printk(KERN_NOTICE "dte: requesting exec from %s to %s on %s.\n", 
+			ts->dte_back->name, ts->dte_domain->name, fnam);
+	putname(fnam);
+	err = execve(es.fnam, es.argv, es.envp);
+
+	/* 
+	 * uh-oh - we had an error...
+	 * reset the domain to original
+	 */
+	if (ts->dte_back) {
+		ts->dte_domain = ts->dte_back;
+		ts->dte_back = NULL;
+	}
+	goto out;
+
+out_putf:
+	putname(fnam);
+out:
+	return err;
+}
+
+/*asmlinkage*/
+int dte_sys_security(unsigned int id, unsigned int call,
+		unsigned long *args)
+{
+	switch(call) {
+		case 1: return (int)dte_do_gettype(args);
+		case 2: return (int)dte_do_getdomain(args);
+		case 3: return (int)dte_do_exec(args);
+		default: return -ENOSYS;
+	}
+}
+
diff --minimal -Nru a/security/dte/task.c b/security/dte/task.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dte/task.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,268 @@
+/*
+ * security/dte/task.c
+ *
+ * DTE security module functions.  These are inserted into the DTE
+ * security plug in security/dte.c
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ * The functions which I don't redefine stay in security/dte/dte.c.
+ *
+ * author: Serge Hallyn  <hallyn@cs.wm.edu>
+ */
+
+#include "dte.h"
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/sysctl.h>
+
+extern int dte_initialized;
+extern int dte_bitchmode;
+extern struct security_operations *dte_secondary_ops;
+
+/*
+ * check whether current domain is required to switch domains
+ * on execution of filename, if yes switch and return 0.
+ * If error reading file, return < 0, else return > 0
+ */
+static int dte_auto_switch(char *type)
+{
+	int h;
+	struct dte_task_sec *ts = current->security;
+	struct dte_domain_t *curd = ts->dte_domain;
+	struct dte_gateway *gw;
+
+	/* no gateways, no auto switches: */
+	if (!curd->num_gw)
+		return 1;
+
+	h = dte_hash(type, curd->num_gw);
+	gw = &curd->gw[h];
+	while (gw) {
+		if (strcmp(gw->type, type)==0)
+			break;
+		gw = gw->hash_next;
+	}
+	if (gw) {
+		if (ts->dte_back) {
+			printk(KERN_NOTICE "auto switch overriding exec switch to %s.\n",
+					curd->name);
+			printk(KERN_NOTICE "switching domains: %s to %s on exec %s.\n",
+					ts->dte_back->name, gw->domain->name, type);
+			ts->dte_domain = gw->domain;
+		} else {
+			printk(KERN_NOTICE "switching domains: %s to %s on exec %s.\n",
+					curd->name, gw->domain->name, type);
+			ts->dte_back = ts->dte_domain;
+			ts->dte_domain = gw->domain;
+		}
+		return 0;
+	}
+	return 1;
+}
+
+static int dte_check_x(struct dte_domain_t *d, char *type)
+{
+	struct dte_ta *ta;
+	int h;
+
+	h = dte_hash(type, d->num_ta);
+	ta = &d->ta[h];
+	while (ta && ta->type!=type)
+		ta = ta->hash_next;
+
+	if (ta && (ta->access&DTE_FX))
+		return 0;		/* x granted */
+	if (dte_bitchmode) {
+		printk(KERN_NOTICE "Would be denied:  access from %s to %s as execute.\n",
+				d->name, type);
+		return 0;
+	}
+	return 1;			/* x denied */
+}
+
+static int dte_domain_has_ep(struct dte_domain_t *d, char *t)
+{
+	struct dte_ep *e;
+	int h;
+
+	h = dte_hash(t, d->num_ep);
+	e = &d->ep[h];
+	while (e->type && strcmp(e->type, t)!=0 && e->hash_next)
+		e = e->hash_next;
+	if (e->type && strcmp(e->type, t)==0)
+		return 1;
+	return 0;
+}
+
+int dte_binprm_alloc_security (struct linux_binprm *bprm)
+{
+	int rc = 0;
+	bprm->security = NULL;
+	if (dte_secondary_ops)
+		rc = dte_secondary_ops->bprm_ops->alloc_security(bprm);
+
+	return rc;
+}
+
+void dte_binprm_free_security (struct linux_binprm *bprm)
+{
+	return;
+}
+
+int dte_binprm_set_security (struct linux_binprm *bprm)
+{
+	struct dte_inode_sec *s = bprm->file->f_dentry->d_inode->i_security;
+	struct dte_task_sec *ts = current->security;
+	int ret = 0;
+
+	if (dte_secondary_ops)
+		ret = dte_secondary_ops->bprm_ops->set_security(bprm);
+	if (ret)
+		return ret;
+
+	if (!s || !s->etype) {
+		printk(KERN_NOTICE "dte_binprm_set_security: on exec of %s - no etype.\n",
+				bprm->filename);
+#if 0
+		return -EACCES;
+#else
+		/* don't want to return -eaccess, as the file probably doesn't
+		 * exist, and that could be misleading info for the user */
+		return 0;
+#endif
+	}
+
+	if (!dte_auto_switch(s->etype)) {
+		printk(KERN_NOTICE "dte: auto switch to %s on exec %s in %s.\n",
+				ts->dte_domain->name, bprm->filename, ts->dte_back->name);
+	} else if (ts->dte_back &&
+			!dte_domain_has_ep(ts->dte_domain, s->etype)) {
+		printk(KERN_NOTICE "dte: type %s is not ep to domain %s.\n",
+				s->etype, ts->dte_domain->name);
+		ts->dte_domain = ts->dte_back;
+		ts->dte_back = NULL;
+		return -EACCES;
+	}
+
+	ret = dte_check_x(ts->dte_domain, s->etype);
+	if (ret) {
+		/* not allowed */
+		printk(KERN_NOTICE "dte: domain %s may not execute type %s.\n",
+				ts->dte_domain->name, s->etype);
+		if (ts->dte_back) {
+			ts->dte_domain = ts->dte_back;
+			ts->dte_back = NULL;
+		}
+		return ret;
+	}
+
+#if 0
+	if (ts->dte_back)
+		printk(KERN_NOTICE "dte_binprm_set_sec: finalized trans from %s to %s.\n",
+				ts->dte_back->name, ts->dte_domain->name);
+#endif
+	ts->dte_back = NULL;
+
+	return 0;
+}
+
+int dte_task_alloc_security (struct task_struct *p)
+{
+	struct dte_task_sec *ps, *cs;
+
+	ps = p->security = kmalloc(sizeof(struct dte_task_sec), GFP_KERNEL);
+	cs = current->security;
+
+	if (!ps)
+		return -ENOMEM;
+
+	if (cs)
+		ps->dte_domain = cs->dte_domain;
+	else
+		ps->dte_domain = NULL;
+	ps->dte_back   = NULL;
+	return 0;
+}
+
+void dte_task_free_security (struct task_struct *p)
+{
+	if (p->security) {
+		kfree(p->security);
+		p->security = NULL;
+	}
+}
+
+int dte_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+	int h;
+	struct dte_sa *sa;
+	struct dte_task_sec *sts,  /* sending task security */
+				  *rts;  /* receiv task security */
+	struct dte_domain_t *std,  /* sending task domain */
+				  *rtd;  /* receiv task domain */
+
+	if (!dte_initialized)
+		return 0;
+
+	/* following lsm documentation advice: */
+	if (info && ((unsigned long)info==1 || SI_FROMKERNEL(info)))
+		return 0;
+
+	if (!p) {
+		printk(KERN_ERR "dte_task_kill: sending signal to null.\n");
+		return 0;
+	}
+
+#ifdef CONFIG_DTE_DEBUG
+	printk(KERN_NOTICE "dte_task_kill: from %d to %d sig %d.\n",
+			current->pid, p->pid, sig);
+#endif
+
+	sts = (struct dte_task_sec *)current->security;
+	rts = (struct dte_task_sec *)p->security;
+	if (!sts)
+		panic("dte_kill: sending task has no security blob.\n");
+	if (!rts)
+		panic("dte_kill: recv task has no security blob.\n");
+	std = sts->dte_domain;
+	rtd = rts->dte_domain;
+	if (std == rtd)
+		return 0;  /* any signals allowed as far as we're concerned */
+	if (!std || !rtd)
+		BUG();
+	if (!std->num_sa)
+		goto signal_reject;  /* no signals at all, save some time */
+
+	/* signals to anyone: */
+	h  = dte_hash(std->name, std->num_sa);
+	sa = &std->sa[h];
+	while (sa) {
+		if (sa->recv_domain==std)
+			if (sa->signal==0 || sa->signal==sig)
+				return 0;
+		sa = sa->hash_next;
+	}
+
+	/* signals to requested receiving domain: */
+	h  = dte_hash(rtd->name, std->num_sa);
+	sa = &std->sa[h];
+	while (sa) {
+		if (sa->recv_domain==rtd)
+			if (sa->signal==0 || sa->signal==sig)
+				return 0;
+		sa = sa->hash_next;
+	}
+
+signal_reject:
+	printk(KERN_NOTICE "DTE: refusing signal %d from %d(%s) to %d(%s).\n",
+			sig, current->pid, sts->dte_domain->name, p->pid,
+			rts->dte_domain->name);
+	return -EPERM;
+}
diff --minimal -Nru a/security/dummy.c b/security/dummy.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/dummy.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1139 @@
+/*
+ * Stub functions for the default security function pointers in case no
+ * security model is loaded.
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+
+static int dummy_sethostname (char *hostname)
+{
+	return 0;
+}
+
+static int dummy_setdomainname (char *domainname)
+{
+	return 0;
+}
+
+static int dummy_reboot (unsigned int cmd)
+{
+	return 0;
+}
+
+static int dummy_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+	return 0;
+}
+
+static int dummy_iopl (unsigned int old, unsigned int level)
+{
+	return 0;
+}
+
+static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
+{
+	return 0;
+}
+
+static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
+			 kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+	return 0;
+}
+
+static int dummy_capset_check (struct task_struct *target,
+			       kernel_cap_t * effective,
+			       kernel_cap_t * inheritable,
+			       kernel_cap_t * permitted)
+{
+	return 0;
+}
+
+static void dummy_capset_set (struct task_struct *target,
+			      kernel_cap_t * effective,
+			      kernel_cap_t * inheritable,
+			      kernel_cap_t * permitted)
+{
+	return;
+}
+
+static int dummy_acct (struct file *file)
+{
+	return 0;
+}
+
+static int dummy_capable (struct task_struct *tsk, int cap)
+{
+	if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+		/* capability granted */
+		return 0;
+
+	/* capability denied */
+	return -EPERM;
+}
+
+static int dummy_sysctl (ctl_table * table, int op)
+{
+	return 0;
+}
+
+static int dummy_sys_security (unsigned int id, unsigned int call,
+			       unsigned long *args)
+{
+	return -ENOSYS;
+}
+
+static int dummy_swapon (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int dummy_swapoff (struct swap_info_struct *swap)
+{
+	return 0;
+}
+
+static int dummy_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+	return 0;
+}
+
+static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+	return 0;
+}
+
+static int dummy_quota_on (struct file *f)
+{
+	return 0;
+}
+
+static int dummy_bdflush (int func, long data)
+{
+	return 0;
+}
+
+static int dummy_syslog (int type)
+{
+	return 0;
+}
+
+static int dummy_netlink_send (struct sk_buff *skb)
+{
+	if (current->euid == 0)
+		cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+	else
+		NETLINK_CB (skb).eff_cap = 0;
+	return 0;
+}
+
+static int dummy_netlink_recv (struct sk_buff *skb)
+{
+	if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+static int dummy_binprm_alloc_security (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static void dummy_binprm_free_security (struct linux_binprm *bprm)
+{
+	return;
+}
+
+static void dummy_binprm_compute_creds (struct linux_binprm *bprm)
+{
+	return;
+}
+
+static int dummy_binprm_set_security (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static int dummy_sb_alloc_security (struct super_block *sb)
+{
+	return 0;
+}
+
+static void dummy_sb_free_security (struct super_block *sb)
+{
+	return;
+}
+
+static int dummy_sb_statfs (struct super_block *sb)
+{
+	return 0;
+}
+
+static int dummy_mount (char *dev_name, struct nameidata *nd, char *type,
+			unsigned long flags, void *data)
+{
+	return 0;
+}
+
+static int dummy_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return 0;
+}
+
+static int dummy_umount (struct vfsmount *mnt, int flags)
+{
+	return 0;
+}
+
+static void dummy_umount_close (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void dummy_umount_busy (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags,
+				void *data)
+{
+	return;
+}
+
+
+static void dummy_post_mountroot (void)
+{
+	return;
+}
+
+static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return;
+}
+
+static int dummy_inode_alloc_security (struct inode *inode)
+{
+	return 0;
+}
+
+static void dummy_inode_free_security (struct inode *inode)
+{
+	return;
+}
+
+static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
+			       int mask)
+{
+	return 0;
+}
+
+static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry,
+				     int mask)
+{
+	return;
+}
+
+static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
+			     struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void dummy_inode_post_link (struct dentry *old_dentry,
+				   struct inode *inode,
+				   struct dentry *new_dentry)
+{
+	return;
+}
+
+static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
+				const char *name)
+{
+	return 0;
+}
+
+static void dummy_inode_post_symlink (struct inode *inode,
+				      struct dentry *dentry, const char *name)
+{
+	return;
+}
+
+static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
+			      int mask)
+{
+	return 0;
+}
+
+static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+				    int mask)
+{
+	return;
+}
+
+static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
+			      int major, dev_t minor)
+{
+	return 0;
+}
+
+static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+				    int major, dev_t minor)
+{
+	return;
+}
+
+static int dummy_inode_rename (struct inode *old_inode,
+			       struct dentry *old_dentry,
+			       struct inode *new_inode,
+			       struct dentry *new_dentry)
+{
+	return 0;
+}
+
+static void dummy_inode_post_rename (struct inode *old_inode,
+				     struct dentry *old_dentry,
+				     struct inode *new_inode,
+				     struct dentry *new_dentry)
+{
+	return;
+}
+
+static int dummy_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dummy_inode_follow_link (struct dentry *dentry,
+				    struct nameidata *nameidata)
+{
+	return 0;
+}
+
+static int dummy_inode_permission (struct inode *inode, int mask)
+{
+	return 0;
+}
+
+static int dummy_inode_revalidate (struct dentry *inode)
+{
+	return 0;
+}
+
+static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+	return 0;
+}
+
+static int dummy_inode_stat (struct inode *inode)
+{
+	return 0;
+}
+
+static void dummy_post_lookup (struct inode *ino, struct dentry *d)
+{
+	return;
+}
+
+static void dummy_delete (struct inode *ino)
+{
+	return;
+}
+
+static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
+				size_t size, int flags)
+{
+	return 0;
+}
+
+static int dummy_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int dummy_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int dummy_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int dummy_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static int dummy_file_alloc_security (struct file *file)
+{
+	return 0;
+}
+
+static void dummy_file_free_security (struct file *file)
+{
+	return;
+}
+
+static int dummy_file_llseek (struct file *file)
+{
+	return 0;
+}
+
+static int dummy_file_ioctl (struct file *file, unsigned int command,
+			     unsigned long arg)
+{
+	return 0;
+}
+
+static int dummy_file_mmap (struct file *file, unsigned long prot,
+			    unsigned long flags)
+{
+	return 0;
+}
+
+static int dummy_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+	return 0;
+}
+
+static int dummy_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+	return 0;
+}
+
+static int dummy_file_fcntl (struct file *file, unsigned int cmd,
+			     unsigned long arg)
+{
+	return 0;
+}
+
+static int dummy_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static int dummy_file_send_sigiotask (struct task_struct *tsk,
+				      struct fown_struct *fown, int fd,
+				      int reason)
+{
+	return 0;
+}
+
+static int dummy_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static int dummy_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static int dummy_task_alloc_security (struct task_struct *p)
+{
+	return 0;
+}
+
+static void dummy_task_free_security (struct task_struct *p)
+{
+	return;
+}
+
+static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	return 0;
+}
+
+static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	return 0;
+}
+
+static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+	return 0;
+}
+
+static int dummy_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+	return 0;
+}
+
+static int dummy_task_getpgid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dummy_task_getsid (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dummy_task_setgroups (int gidsetsize, gid_t * grouplist)
+{
+	return 0;
+}
+
+static int dummy_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static int dummy_task_setscheduler (struct task_struct *p, int policy,
+				    struct sched_param *lp)
+{
+	return 0;
+}
+
+static int dummy_task_getscheduler (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dummy_task_wait (struct task_struct *p)
+{
+	return 0;
+}
+
+static int dummy_task_kill (struct task_struct *p, struct siginfo *info,
+			    int sig)
+{
+	return 0;
+}
+
+static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+			     unsigned long arg4, unsigned long arg5)
+{
+	return 0;
+}
+
+static void dummy_task_kmod_set_label (void)
+{
+	return;
+}
+
+static unsigned int dummy_ip_preroute_first (unsigned int hooknum,
+					     struct sk_buff **pskb,
+					     const struct net_device *in,
+					     const struct net_device *out,
+					     int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_preroute_last (unsigned int hooknum,
+					    struct sk_buff **pskb,
+					    const struct net_device *in,
+					    const struct net_device *out,
+					    int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_input_first (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_input_last (unsigned int hooknum,
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out,
+					 int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_forward_first (unsigned int hooknum,
+					    struct sk_buff **pskb,
+					    const struct net_device *in,
+					    const struct net_device *out,
+					    int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_forward_last (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_output_first (unsigned int hooknum,
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_output_last (unsigned int hooknum,
+					  struct sk_buff **pskb,
+					  const struct net_device *in,
+					  const struct net_device *out,
+					  int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_postroute_first (unsigned int hooknum,
+					      struct sk_buff **pskb,
+					      const struct net_device *in,
+					      const struct net_device *out,
+					      int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int dummy_ip_postroute_last (unsigned int hooknum,
+					     struct sk_buff **pskb,
+					     const struct net_device *in,
+					     const struct net_device *out,
+					     int (*okfn) (struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static void dummy_ip_fragment (struct sk_buff *newskb,
+			       const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static int dummy_ip_defragment (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static void dummy_ip_decapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static void dummy_ip_encapsulate (struct sk_buff *skb)
+{
+	return;
+}
+
+static int dummy_ip_decode_options (struct sk_buff *skb, const char *optptr,
+				    unsigned char **pp_ptr)
+{
+	if (!skb && !capable (CAP_NET_RAW)) {
+		(const unsigned char *) *pp_ptr = optptr;
+		return -EPERM;
+	}
+	return 0;
+}
+
+static void dummy_netdev_unregister (struct net_device *dev)
+{
+	return;
+}
+
+static int dummy_socket_create (int family, int type, int protocol)
+{
+	return 0;
+}
+
+static void dummy_socket_post_create (struct socket *sock, int family, int type,
+				      int protocol)
+{
+	return;
+}
+
+static int dummy_socket_bind (struct socket *sock, struct sockaddr *address,
+			      int addrlen)
+{
+	return 0;
+}
+
+static int dummy_socket_connect (struct socket *sock, struct sockaddr *address,
+				 int addrlen)
+{
+	return 0;
+}
+
+static int dummy_socket_listen (struct socket *sock, int backlog)
+{
+	return 0;
+}
+
+static int dummy_socket_accept (struct socket *sock, struct socket *newsock)
+{
+	return 0;
+}
+
+static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+				 int size)
+{
+	return 0;
+}
+
+static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+				 int size, int flags)
+{
+	return 0;
+}
+
+static int dummy_socket_getsockname (struct socket *sock)
+{
+	return 0;
+}
+
+static int dummy_socket_getpeername (struct socket *sock)
+{
+	return 0;
+}
+
+static int dummy_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int dummy_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int dummy_socket_shutdown (struct socket *sock, int how)
+{
+	return 0;
+}
+
+static int dummy_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int dummy_socket_unix_stream_connect (struct socket *sock,
+					     struct socket *other)
+{
+	return 0;
+}
+
+static int dummy_socket_unix_may_send (struct socket *sock,
+				       struct socket *other)
+{
+	return 0;
+}
+
+static int dummy_module_create_module (const char *name_user, size_t size)
+{
+	return 0;
+}
+
+static int dummy_module_init_module (struct module *mod_user)
+{
+	return 0;
+}
+
+static int dummy_module_delete_module (const struct module *mod)
+{
+	return 0;
+}
+
+static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+	return 0;
+}
+
+static int dummy_ipc_getinfo (int id, int cmd)
+{
+	return 0;
+}
+
+static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
+{
+	return 0;
+}
+
+static void dummy_msg_msg_free_security (struct msg_msg *msg)
+{
+	return;
+}
+
+static int dummy_msg_queue_alloc_security (struct msg_queue *msq)
+{
+	return 0;
+}
+
+static void dummy_msg_queue_free_security (struct msg_queue *msq)
+{
+	return;
+}
+
+static int dummy_msg_queue_associate (struct msg_queue *msq, int msqid,
+				      int msqflg)
+{
+	return 0;
+}
+
+static int dummy_msg_queue_msgctl (struct msg_queue *msq, int msqid, int cmd)
+{
+	return 0;
+}
+
+static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+				   int msqid, int msgflg)
+{
+	return 0;
+}
+
+static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+				   struct task_struct *target, long type,
+				   int mode)
+{
+	return 0;
+}
+
+static int dummy_shm_alloc_security (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static void dummy_shm_free_security (struct shmid_kernel *shp)
+{
+	return;
+}
+
+static int dummy_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+	return 0;
+}
+
+static int dummy_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+	return 0;
+}
+
+static int dummy_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr,
+			    int shmflg)
+{
+	return 0;
+}
+
+static int dummy_sem_alloc_security (struct sem_array *sma)
+{
+	return 0;
+}
+
+static void dummy_sem_free_security (struct sem_array *sma)
+{
+	return;
+}
+
+static int dummy_sem_associate (struct sem_array *sma, int semid, int semflg)
+{
+	return 0;
+}
+
+static int dummy_sem_semctl (struct sem_array *sma, int semid, int cmd)
+{
+	return 0;
+}
+
+static int dummy_sem_semop (struct sem_array *sma, int semid,
+			    struct sembuf *sops, unsigned nsops, int alter)
+{
+	return 0;
+}
+
+static int dummy_skb_alloc_security (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int dummy_skb_clone (struct sk_buff *newskb,
+			     const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void dummy_skb_copy (struct sk_buff *newskb,
+			    const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static void dummy_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
+static void dummy_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
+static int dummy_register (const char *name, struct security_operations *ops)
+{
+	return -EINVAL;
+}
+
+static int dummy_unregister (const char *name, struct security_operations *ops)
+{
+	return -EINVAL;
+}
+
+static struct binprm_security_ops dummy_binprm_ops = {
+	alloc_security:	dummy_binprm_alloc_security,
+	free_security:	dummy_binprm_free_security,
+	compute_creds:	dummy_binprm_compute_creds,
+	set_security:	dummy_binprm_set_security,
+};
+
+static struct super_block_security_ops dummy_sb_ops = {
+	alloc_security:	dummy_sb_alloc_security,
+	free_security:	dummy_sb_free_security,
+	statfs:		dummy_sb_statfs,
+	mount:		dummy_mount,
+	check_sb:	dummy_check_sb,
+	umount:		dummy_umount,
+	umount_close:	dummy_umount_close,
+	umount_busy:	dummy_umount_busy,
+	post_remount:	dummy_post_remount,
+	post_mountroot:	dummy_post_mountroot,
+	post_addmount:	dummy_post_addmount,
+};
+
+static struct inode_security_ops dummy_inode_ops = {
+	alloc_security:	dummy_inode_alloc_security,
+	free_security:	dummy_inode_free_security,
+	create:		dummy_inode_create,
+	post_create:	dummy_inode_post_create,
+	link:		dummy_inode_link,
+	post_link:	dummy_inode_post_link,
+	unlink:		dummy_inode_unlink,
+	symlink:	dummy_inode_symlink,
+	post_symlink:	dummy_inode_post_symlink,
+	mkdir:		dummy_inode_mkdir,
+	post_mkdir:	dummy_inode_post_mkdir,
+	rmdir:		dummy_inode_rmdir,
+	mknod:		dummy_inode_mknod,
+	post_mknod:	dummy_inode_post_mknod,
+	rename:		dummy_inode_rename,
+	post_rename:	dummy_inode_post_rename,
+	readlink:	dummy_inode_readlink,
+	follow_link:	dummy_inode_follow_link,
+	permission:	dummy_inode_permission,
+	revalidate:	dummy_inode_revalidate,
+	setattr:	dummy_inode_setattr,
+	stat:		dummy_inode_stat,
+	post_lookup:	dummy_post_lookup,
+	delete:		dummy_delete,
+	setxattr:	dummy_inode_setxattr,
+	getxattr:	dummy_inode_getxattr,
+	listxattr:	dummy_inode_listxattr,
+	removexattr:	dummy_inode_removexattr,
+};
+
+static struct file_security_ops dummy_file_ops = {
+	permission:	dummy_file_permission,
+	alloc_security:	dummy_file_alloc_security,
+	free_security:	dummy_file_free_security,
+	llseek:		dummy_file_llseek,
+	ioctl:		dummy_file_ioctl,
+	mmap:		dummy_file_mmap,
+	mprotect:	dummy_file_mprotect,
+	lock:		dummy_file_lock,
+	fcntl:		dummy_file_fcntl,
+	set_fowner:	dummy_file_set_fowner,
+	send_sigiotask:	dummy_file_send_sigiotask,
+	receive:	dummy_file_receive,
+};
+
+static struct task_security_ops dummy_task_ops = {
+	create:		dummy_task_create,
+	alloc_security:	dummy_task_alloc_security,
+	free_security:	dummy_task_free_security,
+	setuid:		dummy_task_setuid,
+	post_setuid:	dummy_task_post_setuid,
+	setgid:		dummy_task_setgid,
+	setpgid:	dummy_task_setpgid,
+	getpgid:	dummy_task_getpgid,
+	getsid:		dummy_task_getsid,
+	setgroups:	dummy_task_setgroups,
+	setnice:	dummy_task_setnice,
+	setrlimit:	dummy_task_setrlimit,
+	setscheduler:	dummy_task_setscheduler,
+	getscheduler:	dummy_task_getscheduler,
+	wait:		dummy_task_wait,
+	kill:		dummy_task_kill,
+	prctl:		dummy_task_prctl,
+	kmod_set_label:	dummy_task_kmod_set_label,
+};
+
+static struct socket_security_ops dummy_socket_ops = {
+	create:			dummy_socket_create,
+	post_create:		dummy_socket_post_create,
+	bind:			dummy_socket_bind,
+	connect:		dummy_socket_connect,
+	listen:			dummy_socket_listen,
+	accept:			dummy_socket_accept,
+	sendmsg:		dummy_socket_sendmsg,
+	recvmsg:		dummy_socket_recvmsg,
+	getsockname:		dummy_socket_getsockname,
+	getpeername:		dummy_socket_getpeername,
+	getsockopt:		dummy_socket_getsockopt,
+	setsockopt:		dummy_socket_setsockopt,
+	shutdown:		dummy_socket_shutdown,
+	sock_rcv_skb:		dummy_sock_rcv_skb,
+	unix_stream_connect:	dummy_socket_unix_stream_connect,
+	unix_may_send:		dummy_socket_unix_may_send,
+};
+
+static struct skb_security_ops dummy_skb_ops = {
+	alloc_security:	dummy_skb_alloc_security,
+	clone:		dummy_skb_clone,
+	copy:		dummy_skb_copy,
+	set_owner_w:	dummy_skb_set_owner_w,
+	free_security:	dummy_skb_free_security,
+};
+
+static struct ip_security_ops dummy_ip_ops = {
+	preroute_first:		dummy_ip_preroute_first,
+	preroute_last:		dummy_ip_preroute_last,
+	input_first:		dummy_ip_input_first,
+	input_last:		dummy_ip_input_last,
+	forward_first:		dummy_ip_forward_first,
+	forward_last:		dummy_ip_forward_last,
+	output_first:		dummy_ip_output_first,
+	output_last:		dummy_ip_output_last,
+	postroute_first:	dummy_ip_postroute_first,
+	postroute_last:		dummy_ip_postroute_last,
+	fragment:		dummy_ip_fragment,
+	defragment:		dummy_ip_defragment,
+	encapsulate:		dummy_ip_encapsulate,
+	decapsulate:		dummy_ip_decapsulate,
+	decode_options:		dummy_ip_decode_options,
+};
+
+static struct netdev_security_ops dummy_netdev_ops = {
+	unregister:	dummy_netdev_unregister,
+};
+
+static struct module_security_ops dummy_module_ops = {
+	create_module:	dummy_module_create_module,
+	init_module:	dummy_module_init_module,
+	delete_module:	dummy_module_delete_module,
+
+};
+
+static struct ipc_security_ops dummy_ipc_ops = {
+	permission:	dummy_ipc_permission,
+	getinfo:	dummy_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops dummy_msg_msg_ops = {
+	alloc_security:	dummy_msg_msg_alloc_security,
+	free_security:	dummy_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops dummy_msg_queue_ops = {
+	alloc_security:	dummy_msg_queue_alloc_security,
+	free_security:	dummy_msg_queue_free_security,
+	associate:	dummy_msg_queue_associate,
+	msgctl:		dummy_msg_queue_msgctl,
+	msgsnd:		dummy_msg_queue_msgsnd,
+	msgrcv:		dummy_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops dummy_shm_ops = {
+	alloc_security:	dummy_shm_alloc_security,
+	free_security:	dummy_shm_free_security,
+	associate:	dummy_shm_associate,
+	shmctl:		dummy_shm_shmctl,
+	shmat:		dummy_shm_shmat,
+};
+
+static struct sem_security_ops dummy_sem_ops = {
+	alloc_security:	dummy_sem_alloc_security,
+	free_security:	dummy_sem_free_security,
+	associate:	dummy_sem_associate,
+	semctl:		dummy_sem_semctl,
+	semop:		dummy_sem_semop,
+};
+
+struct security_operations dummy_security_ops = {
+	sethostname:		dummy_sethostname,
+	setdomainname:		dummy_setdomainname,
+	reboot:			dummy_reboot,
+	ioperm:			dummy_ioperm,
+	iopl:			dummy_iopl,
+	ptrace:			dummy_ptrace,
+	capget:			dummy_capget,
+	capset_check:		dummy_capset_check,
+	capset_set:		dummy_capset_set,
+	acct:			dummy_acct,
+	capable:		dummy_capable,
+	sysctl:			dummy_sysctl,
+	sys_security:		dummy_sys_security,
+	swapon:			dummy_swapon,
+	swapoff:		dummy_swapoff,
+	nfsservctl:		dummy_nfsservctl,
+	quotactl:		dummy_quotactl,
+	quota_on:		dummy_quota_on,
+	bdflush:		dummy_bdflush,
+	syslog:			dummy_syslog,
+	netlink_send:		dummy_netlink_send,
+	netlink_recv:		dummy_netlink_recv,
+
+	bprm_ops:		&dummy_binprm_ops,
+	sb_ops:			&dummy_sb_ops,
+	inode_ops:		&dummy_inode_ops,
+	file_ops:		&dummy_file_ops,
+	task_ops:		&dummy_task_ops,
+	socket_ops:		&dummy_socket_ops,
+	skb_ops:		&dummy_skb_ops,
+	ip_ops:			&dummy_ip_ops,
+	ipc_ops:		&dummy_ipc_ops,
+	netdev_ops:		&dummy_netdev_ops,
+	module_ops:		&dummy_module_ops,
+	msg_msg_ops:		&dummy_msg_msg_ops,
+	msg_queue_ops:		&dummy_msg_queue_ops,
+	shm_ops:		&dummy_shm_ops,
+	sem_ops:		&dummy_sem_ops,
+
+	register_security:	dummy_register,
+	unregister_security:	dummy_unregister,
+};
+
diff --minimal -Nru a/security/lsm_ip_glue.c b/security/lsm_ip_glue.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/lsm_ip_glue.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,157 @@
+/*
+ * Nefilter IPv4 Operations Glue Module for LSM
+ *
+ * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option) 
+ * any later version.
+ *
+ */
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/security.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+
+#define NF_IP_PRI_LSM_FIRST (NF_IP_PRI_FIRST + 20)
+#define NF_IP_PRI_LSM_LAST  (NF_IP_PRI_LAST - 20)
+
+static unsigned int
+preroute_first(unsigned int hooknum, struct sk_buff **pskb,
+               const struct net_device *in, const struct net_device *out,
+               int (*okfn)(struct sk_buff *))
+{
+	return security_ops->ip_ops->preroute_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+preroute_last(unsigned int hooknum, struct sk_buff **pskb,
+              const struct net_device *in, const struct net_device *out,
+              int (*okfn)(struct sk_buff *))
+{
+	return security_ops->ip_ops->preroute_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+input_first(unsigned int hooknum, struct sk_buff **pskb,
+            const struct net_device *in, const struct net_device *out,
+            int (*okfn)(struct sk_buff *))
+{
+	 return security_ops->ip_ops->input_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+input_last(unsigned int hooknum, struct sk_buff **pskb,
+           const struct net_device *in, const struct net_device *out,
+           int (*okfn)(struct sk_buff *))
+{
+	return security_ops->ip_ops->input_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+forward_first(unsigned int hooknum, struct sk_buff **pskb,
+              const struct net_device *in, const struct net_device *out,
+              int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->forward_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+forward_last(unsigned int hooknum, struct sk_buff **pskb,
+             const struct net_device *in, const struct net_device *out,
+             int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->forward_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+output_first(unsigned int hooknum, struct sk_buff **pskb,
+             const struct net_device *in, const struct net_device *out,
+             int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->output_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+output_last(unsigned int hooknum, struct sk_buff **pskb,
+            const struct net_device *in, const struct net_device *out,
+            int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->output_last(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+postroute_first(unsigned int hooknum, struct sk_buff **pskb,
+                const struct net_device *in, const struct net_device *out,
+                int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->postroute_first(hooknum, pskb, in, out, okfn);
+}
+
+static unsigned int
+postroute_last(unsigned int hooknum, struct sk_buff **pskb,
+               const struct net_device *in, const struct net_device *out,
+               int (*okfn)(struct sk_buff *))
+{
+        return security_ops->ip_ops->postroute_last(hooknum, pskb, in, out, okfn);
+}
+
+static struct nf_hook_ops lsm_ip_ops[] = {
+	{ { NULL, NULL }, preroute_first,
+	PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_LSM_FIRST },
+
+	{ { NULL, NULL }, preroute_last,
+	PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_LSM_LAST },
+
+	{ { NULL, NULL }, input_first,
+	PF_INET, NF_IP_LOCAL_IN, NF_IP_PRI_LSM_FIRST },
+
+	{ { NULL, NULL }, input_last,
+	PF_INET, NF_IP_LOCAL_IN, NF_IP_PRI_LSM_LAST },
+
+	{ { NULL, NULL }, forward_first,
+	PF_INET, NF_IP_FORWARD, NF_IP_PRI_LSM_FIRST },
+
+	{ { NULL, NULL }, forward_last,
+	PF_INET, NF_IP_FORWARD, NF_IP_PRI_LSM_LAST },
+
+	{ { NULL, NULL }, output_first,
+	PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_LSM_FIRST },
+
+	{ { NULL, NULL }, output_last,
+	PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_LSM_LAST },
+
+	{ { NULL, NULL }, postroute_first,
+	PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_LSM_FIRST },
+
+	{ { NULL, NULL }, postroute_last,
+	PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_LSM_LAST }
+};
+
+static int __init init(void)
+{
+	int i;
+
+	/* Hook registration never returns error (for now) */
+	for (i = 0; i < sizeof(lsm_ip_ops)/sizeof(struct nf_hook_ops); i++)
+		nf_register_hook(&lsm_ip_ops[i]);
+
+	return 0;
+}
+
+static void __exit fini(void)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(lsm_ip_ops)/sizeof(struct nf_hook_ops); i++)
+		nf_unregister_hook(&lsm_ip_ops[i]);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_DESCRIPTION("Nefilter IPv4 Operations Glue for Linux Security Module");
+MODULE_LICENSE("GPL");
+
diff --minimal -Nru a/security/owlsm.c b/security/owlsm.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/owlsm.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1199 @@
+/*
+ * This is NOT Openwall, however, it is some of the Openwall kernel patch
+ * ported to LSM.  For more information regarding the Openwall project
+ * can be found at http://www.openwall.com/
+ *
+ * Copyright (C) 2001 Emily Ratliff <ratliff@austin.ibm.com>
+ * Copyright (C) 2001 Nick Bellinger, Esquire <nickb@attheoffice.org>
+ * Copyright (C) 2001 Chris Wright <chris@wirex.com>
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/stat.h>
+#include <linux/netfilter.h>
+#include <linux/netlink.h>
+#include <linux/ctype.h>
+#include <linux/file.h>
+
+#include "owlsm.h"
+
+/* flag to keep track of how we were registered */
+static int secondary;
+
+static int owlsm_sethostname (char *hostname)
+{
+	return 0;
+}
+
+static int owlsm_setdomainname (char *domainname)
+{
+	return 0;
+}
+
+static int owlsm_reboot (unsigned int cmd)
+{
+	return 0;
+}
+
+static int owlsm_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+	return 0;
+}
+
+static int owlsm_iopl (unsigned int old, unsigned int level)
+{
+	return 0;
+}
+
+static int owlsm_ptrace (struct task_struct *parent, struct task_struct *child) 
+{ 
+	return 0; 
+}
+
+static int owlsm_capget (struct task_struct *target, kernel_cap_t * effective,
+                        kernel_cap_t * inheritable, kernel_cap_t * permitted)
+{
+	return 0;
+}
+
+static int owlsm_capset_check (struct task_struct *target,
+                             kernel_cap_t * effective,
+                             kernel_cap_t * inheritable,
+                             kernel_cap_t * permitted)
+{
+	return 0;
+}
+
+static void owlsm_capset_set (struct task_struct *target,
+                            kernel_cap_t * effective,
+                            kernel_cap_t * inheritable,
+                            kernel_cap_t * permitted)
+{
+	return;
+}
+
+static int owlsm_acct (struct file *file) 
+{
+	return 0;
+}
+
+static int owlsm_capable (struct task_struct *tsk, int cap)
+{
+	/* from dummy.c */
+	if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+		/* capability granted */
+		return 0;
+
+	/* capability denied */
+	return -EPERM;
+}
+
+static int owlsm_sysctl (ctl_table * table, int op) 
+{
+	return 0;
+}
+
+static int owlsm_sys_security (unsigned int id, unsigned int call,
+                             unsigned long *args)
+{
+        return -ENOSYS;
+}
+
+static int owlsm_swapon (struct swap_info_struct *swap)
+{
+        return 0;
+}
+
+static int owlsm_swapoff (struct swap_info_struct *swap)
+{
+        return 0;
+}
+
+static int owlsm_nfsservctl (int cmd, struct nfsctl_arg *arg)
+{
+        return 0;
+}
+
+static int owlsm_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+        return 0;
+}
+
+static int owlsm_quota_on (struct file *f)
+{
+        return 0;
+}
+
+static int owlsm_bdflush (int func, long data)
+{
+        return 0;
+}
+
+static int owlsm_syslog (int type)
+{
+        return 0;
+}
+
+static int owlsm_netlink_send (struct sk_buff *skb)
+{
+	/* from dummy.c */
+	if (current->euid == 0)
+		cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+	else
+		NETLINK_CB (skb).eff_cap = 0;
+	return 0;
+}
+
+static int owlsm_netlink_recv (struct sk_buff *skb)
+{
+	/* from dummy.c */
+	if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+static int owlsm_binprm_alloc_security(struct linux_binprm *bprm)
+{
+	int exec_return, fd_return;
+	
+	exec_return = do_owlsm_exec_rlimit(bprm);
+	fd_return = do_owlsm_sfd_alloc(bprm);
+
+	return (exec_return || fd_return) ? -EPERM : 0;
+}
+
+static void owlsm_binprm_free_security (struct linux_binprm *bprm)
+{
+	return do_owlsm_sfd_free(bprm);
+}
+
+static void owlsm_binprm_compute_creds (struct linux_binprm *bprm) 
+{
+	return do_owlsm_sfd_compute(bprm);
+}
+
+static int owlsm_binprm_set_security (struct linux_binprm *bprm) 
+{
+	return do_owlsm_sfd_set(bprm);
+}
+
+static int owlsm_sb_alloc_security (struct super_block *sb)
+{
+	return 0;
+}
+
+static void owlsm_sb_free_security (struct super_block *sb)
+{
+	return;
+}
+
+static int owlsm_sb_statfs (struct super_block *sb) 
+{
+	return 0;
+}
+
+static int owlsm_sb_mount (char *devname, struct nameidata *nd, char *type, 
+			  unsigned long flags, void *data) 
+{
+	return 0;
+}
+
+static int owlsm_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return 0;
+}
+
+static int owlsm_sb_umount (struct vfsmount *mnt, int flags) 
+{
+	return 0;
+}
+
+static void owlsm_sb_umount_close (struct vfsmount *mnt)
+{
+	return;
+}
+
+static void owlsm_sb_umount_busy (struct vfsmount *mnt) 
+{
+	return;
+}
+static void owlsm_sb_post_remount (struct vfsmount *mnt, unsigned long flags, 
+				  void *data)
+{
+	return;
+}
+
+static void owlsm_sb_post_mountroot (void)
+{
+	return;
+}
+
+static void owlsm_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return;
+}
+
+static int owlsm_inode_alloc_security (struct inode *inode)
+{
+	return 0;
+}
+
+static void owlsm_inode_free_security (struct inode *inode)
+{
+	return;
+}
+
+static int owlsm_inode_create (struct inode *inode, struct dentry *dentry, 
+			      int mask) 
+{
+	return 0;
+}
+
+static void owlsm_inode_post_create (struct inode *inode, struct dentry *dentry,
+				    int mask) 
+{
+	return;
+}
+
+static int owlsm_inode_link (struct dentry *old_dentry, struct inode *inode, 
+			    struct dentry *new_dentry) 
+{
+	return do_owlsm_link(old_dentry, inode, new_dentry);
+}
+
+static void owlsm_inode_post_link (struct dentry *old_dentry, 
+				  struct inode *inode, 
+				  struct dentry *new_dentry) 
+{
+	return;
+}
+
+static int owlsm_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+	return 0;
+}
+
+static int owlsm_inode_symlink (struct inode *inode, struct dentry *dentry, 
+			       const char *name)
+{
+	return 0;
+}
+
+static void owlsm_inode_post_symlink (struct inode *inode, 
+				      struct dentry *dentry, const char *name)
+{
+	return;
+}
+
+static int owlsm_inode_mkdir (struct inode *inode, struct dentry *dentry, 
+			     int mask) 
+{
+	return 0;
+}
+
+static void owlsm_inode_post_mkdir (struct inode *inode, struct dentry *dentry, 
+				   int mask) 
+{
+	return;
+}
+
+static int owlsm_inode_rmdir (struct inode *inode, struct dentry *dentry) 
+{
+	return 0;
+}
+
+static int owlsm_inode_mknod (struct inode *inode, struct dentry *dentry, 
+			     int major, dev_t minor) 
+{
+	return 0;
+}
+
+static void owlsm_inode_post_mknod (struct inode *inode, struct dentry *dentry, 
+				   int major, dev_t minor)
+{
+	return;
+}
+
+static int owlsm_inode_rename (struct inode *old_inode, 
+			      struct dentry *old_dentry, 
+			      struct inode *new_inode, 
+			      struct dentry *new_dentry) 
+{
+	return 0;
+}
+
+static void owlsm_inode_post_rename (struct inode *old_inode, 
+				    struct dentry *old_dentry, 
+				    struct inode *new_inode, 
+				    struct dentry *new_dentry) 
+{
+	return;
+}
+
+static int owlsm_inode_readlink (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int owlsm_inode_follow_link (struct dentry *dentry, 
+				   struct nameidata *nameidata) 
+{
+	return do_owlsm_follow_link(dentry, nameidata);
+}
+
+static int owlsm_inode_permission (struct inode *inode, int mask)
+{
+	return 0;
+}
+
+static int owlsm_inode_revalidate (struct dentry *inode)
+{
+	return 0;
+}
+
+static int owlsm_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+	return 0;
+}
+
+static int owlsm_inode_stat (struct inode *inode)
+{
+	return 0;
+}
+
+static void owlsm_post_lookup (struct inode *ino, struct dentry *d) 
+{
+	return;
+}
+
+static void owlsm_delete (struct inode *ino) 
+{
+	return;
+}
+
+static int owlsm_inode_setxattr (struct dentry *dentry, char *name, void *value,
+				size_t size, int flags)
+{
+	return 0;
+}
+
+static int owlsm_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int owlsm_inode_listxattr (struct dentry *dentry)
+{
+	return 0;
+}
+
+static int owlsm_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return 0;
+}
+
+static int owlsm_file_permission (struct file *file, int mask)
+{
+	return 0;
+}
+
+static int owlsm_file_alloc_security (struct file *file)	
+{
+	return 0;
+}
+
+static void owlsm_file_free_security (struct file *file)	
+{
+	return;
+}
+
+static int owlsm_file_llseek (struct file *file)	
+{
+	return 0;
+}
+
+static int owlsm_file_ioctl (struct file *file, unsigned int command , 
+			    unsigned long arg)
+{
+	return 0;
+}
+
+static int owlsm_file_mmap (struct file *file, unsigned long prot, 
+			   unsigned long flags)	
+{
+	return 0;
+}
+
+static int owlsm_file_mprotect (struct vm_area_struct *vma, unsigned long prot)
+{
+	return 0;
+}
+
+static int owlsm_file_lock (struct file *file, unsigned int cmd, int blocking)
+{
+	return 0;
+}
+
+static int owlsm_file_fcntl (struct file *file, unsigned int cmd, 
+			     unsigned long arg)
+{
+	return 0;
+}
+
+static int owlsm_file_set_fowner (struct file *file)
+{
+	return 0;
+}
+
+static int owlsm_file_send_sigiotask (struct task_struct *tsk, 
+				      struct fown_struct *fown, 
+				      int fd, int reason) 
+{ 
+	return 0;
+}
+
+static int owlsm_file_receive (struct file *file)
+{
+	return 0;
+}
+
+static int owlsm_task_create (unsigned long clone_flags)
+{
+	return 0;
+}
+
+static int owlsm_task_alloc_security (struct task_struct *p)
+{
+	return 0;
+}
+
+static void owlsm_task_free_security (struct task_struct *p)
+{
+	return;
+}
+
+static int owlsm_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{ 
+	return 0; 
+}
+
+static int owlsm_task_post_setuid(uid_t old_ruid, uid_t old_euid, 
+				 uid_t old_suid, int flags)
+{
+	return 0;
+}
+
+static int owlsm_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) 
+{
+	return 0;
+}
+
+static int owlsm_task_setpgid (struct task_struct *p, pid_t pgid) 
+{
+	return 0;
+}
+
+static int owlsm_task_getpgid (struct task_struct *p) 
+{
+	return 0;
+}
+
+static int owlsm_task_getsid (struct task_struct *p) 
+{
+	return 0;
+}
+
+static int owlsm_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+	return 0;
+}
+
+static int owlsm_task_setnice (struct task_struct *p, int nice)
+{
+	return 0;
+}
+
+static int owlsm_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+	return 0;
+}
+
+static int owlsm_task_setscheduler (struct task_struct *p, int policy,
+				   struct sched_param *lp)
+{
+	return 0;
+}
+
+static int owlsm_task_getscheduler (struct task_struct *p) 
+{ 
+	return 0; 
+}
+
+static int owlsm_task_wait (struct task_struct *p) 
+{
+	return 0;
+}
+
+static int owlsm_task_kill (struct task_struct *p, struct siginfo *info, int sig)
+{
+	return 0;
+}
+
+static int owlsm_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+			     unsigned long arg4, unsigned long arg5)
+{
+	return 0;
+}
+
+static void owlsm_task_kmod_set_label (void) 
+{ 
+	return; 
+}
+
+static unsigned int owlsm_ip_preroute_first (unsigned int hooknum, 
+					    struct sk_buff **pskb,
+					    const struct net_device *in, 
+					    const struct net_device *out,
+					    int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_preroute_last (unsigned int hooknum, 
+					   struct sk_buff **pskb, 
+					   const struct net_device *in, 
+					   const struct net_device *out, 
+					   int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_input_first	(unsigned int hooknum, 
+					 struct sk_buff **pskb,
+					 const struct net_device *in,
+					 const struct net_device *out, 
+					 int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_input_last (unsigned int hooknum, 
+					struct sk_buff **pskb, 
+					const struct net_device *in, 
+					const struct net_device *out, 
+					int (*okfn)(struct sk_buff *)) 
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_forward_first (unsigned int hooknum, 
+					   struct sk_buff **pskb, 
+					   const struct net_device *in, 
+					   const struct net_device *out, 
+					   int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_forward_last (unsigned int hooknum, 
+					  struct sk_buff **pskb, 
+					  const struct net_device *in, 
+					  const struct net_device *out, 
+					  int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_output_first (unsigned int hooknum, 
+					  struct sk_buff **pskb, 
+					  const struct net_device *in, 
+					  const struct net_device *out, 
+					  int (*okfn)(struct sk_buff *)) 
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_output_last	(unsigned int hooknum, 
+					 struct sk_buff **pskb,
+					 const struct net_device *in, 
+					 const struct net_device *out, 
+					 int (*okfn)(struct sk_buff *)) 
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_postroute_first (unsigned int hooknum, 
+					     struct sk_buff **pskb, 
+					     const struct net_device *in, 
+					     const struct net_device *out, 
+					     int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int owlsm_ip_postroute_last (unsigned int hooknum, 
+					    struct sk_buff **pskb, 
+					    const struct net_device *in, 
+					    const struct net_device *out, 
+					    int (*okfn)(struct sk_buff *)) 
+{
+	return NF_ACCEPT;
+}
+
+static void owlsm_ip_fragment (struct sk_buff *newskb, 
+			      const struct sk_buff *oldskb) 
+{
+	return;
+}
+
+static int owlsm_ip_defragment (struct sk_buff *skb) 
+{
+	return 0;
+}
+
+static void owlsm_ip_encapsulate (struct sk_buff *skb) 
+{
+	return;
+}
+
+static void owlsm_ip_decapsulate (struct sk_buff *skb) 
+{
+	return;
+}
+
+static int owlsm_decode_options (struct sk_buff *skb, const char *optptr,
+				unsigned char **pp_ptr)
+{
+	/* from dummy.c */
+	if (!skb && !capable (CAP_NET_RAW)) {
+		(const unsigned char *) *pp_ptr = optptr;
+		return -EPERM;
+	}
+	return 0;
+}
+
+static void owlsm_netdev_unregister (struct net_device *dev) 
+{
+	return;
+}
+
+static int owlsm_socket_create (int family, int type, int protocol) 
+{
+	return 0;
+}
+static void owlsm_socket_post_create (struct socket *sock, int family, 
+				      int type, int protocol) 
+{
+	return;
+}
+
+static int owlsm_socket_bind (struct socket *sock, struct sockaddr *address, 
+			      int addrlen) 
+{
+	return 0;
+}
+
+static int owlsm_socket_connect (struct socket *sock, struct sockaddr *address, 
+				 int addrlen) 
+{
+	return 0;
+}
+
+static int owlsm_socket_listen (struct socket *sock, int backlog) 
+{
+	return 0;
+}
+
+static int owlsm_socket_accept (struct socket *sock, struct socket *newsock) 
+{
+	return 0;
+}
+
+static int owlsm_socket_sendmsg (struct socket *sock, struct msghdr *msg, 
+				int size) 
+{
+	return 0;
+}
+
+static int owlsm_socket_recvmsg (struct socket *sock, struct msghdr *msg, 
+				int size, int flags) 
+{
+	return 0;
+}
+
+static int owlsm_socket_getsockname (struct socket *sock) 
+{
+	return 0;
+}
+
+static int owlsm_socket_getpeername (struct socket *sock) 
+{
+	return 0;
+}
+
+static int owlsm_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int owlsm_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+	return 0;
+}
+
+static int owlsm_socket_shutdown (struct socket *sock, int how) 
+{
+	return 0;
+}
+
+static int owlsm_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int owlsm_socket_unix_stream_connect (struct socket *sock, 
+					     struct socket *other)
+{
+	return 0;
+}
+
+static int owlsm_socket_unix_may_send (struct socket *sock, 
+				       struct socket *other)
+{
+	return 0;
+}
+
+static int owlsm_module_create_module (const char *name_user, size_t size)
+{
+	return 0;
+}
+
+static int owlsm_module_init_module (struct module *mod)
+{
+	return 0;
+}
+
+static int owlsm_module_delete_module (const struct module *mod)	
+{
+	return 0;
+}
+
+static int owlsm_ipc_permission (struct kern_ipc_perm *ipcp, short flag) 
+{
+	return 0;
+}
+
+static int owlsm_ipc_getinfo (int id, int cmd) 
+{
+	return 0;
+}
+
+static int owlsm_msg_msg_alloc_security (struct msg_msg *msg)	
+{
+	return 0;
+}
+
+static void owlsm_msg_msg_free_security	(struct msg_msg *msg)
+{
+	return;
+}
+
+static int owlsm_msg_queue_alloc_security (struct msg_queue *msq)	
+{
+	return 0;
+}
+
+static void owlsm_msg_queue_free_security (struct msg_queue *msq)	
+{
+	return;
+}
+
+static int owlsm_msg_queue_associate (struct msg_queue *msq, int msgid, 
+				     int msgflg)	
+{
+	return 0;
+}
+
+static int owlsm_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd)
+{
+	return 0;
+}
+
+static int owlsm_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, 
+				  int msgid, int msgflg)
+{
+	return 0;
+}
+
+static int owlsm_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, 
+				  struct task_struct *target, 
+				  long type, int mode)
+{
+	return 0;
+}
+
+static int owlsm_shm_alloc_security (struct shmid_kernel *shp)
+{
+	return 0;
+}
+
+static void owlsm_shm_free_security (struct shmid_kernel *shp)
+{
+	return;
+}
+
+static int owlsm_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg)
+{
+	return 0;
+}
+
+static int owlsm_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd)
+{
+	return 0;
+}
+
+static int owlsm_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr, 
+			   int shmflg) 
+{
+	return 0;
+}
+
+static int owlsm_sem_alloc_security (struct sem_array *sma) 
+{
+	return 0;
+}
+
+static void owlsm_sem_free_security (struct sem_array *sma) 
+{
+	return;
+}
+
+static int owlsm_sem_associate (struct sem_array *sma, int semid, int semflg) 
+{
+	return 0;
+}
+
+static int owlsm_sem_semctl (struct sem_array *sma, int semid, int cmd) 
+{
+	return 0;
+}
+
+static int owlsm_sem_semop (struct sem_array *sma, int semid, 
+			   struct sembuf *sops, unsigned nsops, int alter)
+{
+	return 0;
+}
+
+static int owlsm_skb_alloc_security (struct sk_buff *skb)
+{
+	return 0;
+}
+
+static int owlsm_skb_clone (struct sk_buff *newskb, 
+			    const struct sk_buff *oldskb)
+{
+	return 0;
+}
+
+static void owlsm_skb_copy (struct sk_buff *newskb, 
+			    const struct sk_buff *oldskb) 
+{
+	return;
+}
+
+static void owlsm_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+        return;
+}
+
+static void owlsm_skb_free_security (struct sk_buff *skb)
+{
+	return;
+}
+
+static int owlsm_register (const char *name, struct security_operations *ops)	
+{
+	return -EINVAL;
+}
+
+static int owlsm_unregister (const char *name, struct security_operations *ops)
+{
+	return -EINVAL;
+}
+
+static struct binprm_security_ops owlsm_binprm_ops = {
+	alloc_security:	owlsm_binprm_alloc_security,
+	free_security:	owlsm_binprm_free_security,
+	compute_creds:	owlsm_binprm_compute_creds,
+	set_security:	owlsm_binprm_set_security,
+};
+
+static struct super_block_security_ops owlsm_sb_ops = {
+	alloc_security:	owlsm_sb_alloc_security,
+	free_security:	owlsm_sb_free_security,
+	statfs:	        owlsm_sb_statfs,
+	mount:		owlsm_sb_mount,
+	check_sb:	owlsm_sb_check_sb,
+	umount:		owlsm_sb_umount,
+	umount_close:	owlsm_sb_umount_close,
+	umount_busy:	owlsm_sb_umount_busy,
+	post_remount:	owlsm_sb_post_remount,
+	post_mountroot:	owlsm_sb_post_mountroot,
+	post_addmount:	owlsm_sb_post_addmount,
+};
+
+static struct inode_security_ops owlsm_inode_ops = {
+	alloc_security:	owlsm_inode_alloc_security,
+	free_security:	owlsm_inode_free_security,
+	create:		owlsm_inode_create,
+	post_create:	owlsm_inode_post_create,
+	link:		owlsm_inode_link,
+	post_link:	owlsm_inode_post_link,
+	unlink:		owlsm_inode_unlink,
+	symlink:	owlsm_inode_symlink,
+	post_symlink:	owlsm_inode_post_symlink,
+	mkdir:		owlsm_inode_mkdir,
+	post_mkdir:	owlsm_inode_post_mkdir,
+	rmdir:		owlsm_inode_rmdir,
+	mknod:		owlsm_inode_mknod,
+	post_mknod:	owlsm_inode_post_mknod,
+	rename:		owlsm_inode_rename,
+	post_rename:	owlsm_inode_post_rename,
+	readlink:	owlsm_inode_readlink,
+	follow_link:	owlsm_inode_follow_link,
+	permission:	owlsm_inode_permission,
+	revalidate:	owlsm_inode_revalidate,
+	setattr:	owlsm_inode_setattr,
+	stat:           owlsm_inode_stat,
+	post_lookup:	owlsm_post_lookup,
+	delete:		owlsm_delete,
+	setxattr:	owlsm_inode_setxattr,
+	getxattr:	owlsm_inode_getxattr,
+	listxattr:	owlsm_inode_listxattr,
+	removexattr:	owlsm_inode_removexattr,
+};
+
+static struct file_security_ops	owlsm_file_ops = {
+	permission:	owlsm_file_permission,
+	alloc_security:	owlsm_file_alloc_security,
+	free_security:	owlsm_file_free_security,
+	llseek:		owlsm_file_llseek,
+	ioctl:		owlsm_file_ioctl,
+	mmap:		owlsm_file_mmap,
+	mprotect:	owlsm_file_mprotect,
+	lock:		owlsm_file_lock,
+	fcntl:		owlsm_file_fcntl,
+	set_fowner:	owlsm_file_set_fowner,
+	send_sigiotask:	owlsm_file_send_sigiotask,
+	receive:        owlsm_file_receive,
+};
+
+static struct task_security_ops	owlsm_task_ops = {
+	create:		owlsm_task_create,
+	alloc_security:	owlsm_task_alloc_security,
+	free_security:	owlsm_task_free_security,
+	setuid:		owlsm_task_setuid,
+	post_setuid:	owlsm_task_post_setuid,
+	setgid:		owlsm_task_setgid,
+	setpgid:	owlsm_task_setpgid,
+	getpgid:	owlsm_task_getpgid,
+	getsid:		owlsm_task_getsid,
+	setgroups:	owlsm_task_setgroups,
+	setnice:	owlsm_task_setnice,
+	setrlimit:	owlsm_task_setrlimit,
+	setscheduler:	owlsm_task_setscheduler,
+	getscheduler:	owlsm_task_getscheduler,
+	wait:		owlsm_task_wait,
+	kill:		owlsm_task_kill,
+	prctl:		owlsm_task_prctl,
+	kmod_set_label:	owlsm_task_kmod_set_label,
+};
+
+static struct socket_security_ops owlsm_socket_ops = {
+	create:			owlsm_socket_create,
+	post_create:		owlsm_socket_post_create,
+	bind:			owlsm_socket_bind,
+	connect:		owlsm_socket_connect,
+	listen:			owlsm_socket_listen,
+	accept:			owlsm_socket_accept,
+	sendmsg:		owlsm_socket_sendmsg,
+	recvmsg:		owlsm_socket_recvmsg,
+	getsockname:		owlsm_socket_getsockname,
+	getpeername:		owlsm_socket_getpeername,
+	getsockopt:		owlsm_socket_getsockopt,
+	setsockopt:		owlsm_socket_setsockopt,
+	shutdown:		owlsm_socket_shutdown,
+	sock_rcv_skb:		owlsm_socket_sock_rcv_skb,
+	unix_stream_connect:	owlsm_socket_unix_stream_connect,
+	unix_may_send:		owlsm_socket_unix_may_send,
+};
+
+static struct skb_security_ops owlsm_skb_ops = {
+	alloc_security:	owlsm_skb_alloc_security,
+	clone:		owlsm_skb_clone,
+	copy:		owlsm_skb_copy,
+	set_owner_w:	owlsm_skb_set_owner_w,
+	free_security:	owlsm_skb_free_security,
+};
+
+static struct ip_security_ops owlsm_ip_ops = {
+	preroute_first:		owlsm_ip_preroute_first,
+	preroute_last:		owlsm_ip_preroute_last,
+	input_first:		owlsm_ip_input_first,
+	input_last:		owlsm_ip_input_last,
+	forward_first:		owlsm_ip_forward_first,
+	forward_last:		owlsm_ip_forward_last,
+	output_first:		owlsm_ip_output_first,
+	output_last:		owlsm_ip_output_last,
+	postroute_first:	owlsm_ip_postroute_first,
+	postroute_last:		owlsm_ip_postroute_last,
+	fragment:		owlsm_ip_fragment,
+	defragment:		owlsm_ip_defragment,
+	encapsulate:		owlsm_ip_encapsulate,
+	decapsulate:		owlsm_ip_decapsulate,
+	decode_options:		owlsm_decode_options,
+};
+
+static struct netdev_security_ops owlsm_netdev_ops = {
+	unregister:	owlsm_netdev_unregister,
+};
+
+static struct module_security_ops owlsm_module_ops = {
+	create_module:	owlsm_module_create_module,
+	init_module:	owlsm_module_init_module,
+	delete_module:	owlsm_module_delete_module,
+
+};
+
+static struct ipc_security_ops owlsm_ipc_ops = {
+	permission:	owlsm_ipc_permission,
+	getinfo:	owlsm_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops owlsm_msg_ops = {
+	alloc_security:	owlsm_msg_msg_alloc_security,
+	free_security:	owlsm_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops owlsm_msg_queue_ops = {
+	alloc_security:	owlsm_msg_queue_alloc_security,
+	free_security:	owlsm_msg_queue_free_security,
+	associate:	owlsm_msg_queue_associate,
+	msgctl:		owlsm_msg_queue_msgctl,
+	msgsnd:		owlsm_msg_queue_msgsnd,
+	msgrcv:		owlsm_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops owlsm_shm_ops = {
+	alloc_security: owlsm_shm_alloc_security,
+	free_security:  owlsm_shm_free_security,
+	associate:	owlsm_shm_associate,
+	shmctl:		owlsm_shm_shmctl,
+	shmat:		owlsm_shm_shmat,
+};
+
+static struct sem_security_ops owlsm_sem_ops = {
+	alloc_security: owlsm_sem_alloc_security,
+	free_security:  owlsm_sem_free_security,
+	associate:	owlsm_sem_associate,
+	semctl:		owlsm_sem_semctl,
+	semop:		owlsm_sem_semop,
+};
+
+static struct security_operations owlsm_ops = {
+	sethostname:		owlsm_sethostname,
+	setdomainname:		owlsm_setdomainname,
+	reboot:			owlsm_reboot,
+	ioperm:			owlsm_ioperm,
+	iopl:			owlsm_iopl,
+	ptrace:			owlsm_ptrace,
+	capget:			owlsm_capget,
+	capset_check:		owlsm_capset_check,
+	capset_set:		owlsm_capset_set,
+	acct:			owlsm_acct,
+	sysctl:			owlsm_sysctl,
+	capable:		owlsm_capable,
+	sys_security:		owlsm_sys_security,
+	swapon:			owlsm_swapon,
+	swapoff:		owlsm_swapoff,
+	nfsservctl:		owlsm_nfsservctl,
+	quotactl:		owlsm_quotactl,
+	quota_on:		owlsm_quota_on,
+	bdflush:		owlsm_bdflush,
+	syslog:			owlsm_syslog,
+	netlink_send:		owlsm_netlink_send,
+	netlink_recv:		owlsm_netlink_recv,
+
+	bprm_ops:		&owlsm_binprm_ops,
+	sb_ops:			&owlsm_sb_ops,
+	inode_ops:		&owlsm_inode_ops,
+	file_ops:		&owlsm_file_ops,
+	task_ops:		&owlsm_task_ops,
+	socket_ops:		&owlsm_socket_ops,
+	skb_ops:		&owlsm_skb_ops,
+	ip_ops:			&owlsm_ip_ops,
+	netdev_ops:		&owlsm_netdev_ops,
+	module_ops:		&owlsm_module_ops,
+	ipc_ops:		&owlsm_ipc_ops,
+	msg_msg_ops:		&owlsm_msg_ops,
+	msg_queue_ops:		&owlsm_msg_queue_ops,
+	shm_ops:		&owlsm_shm_ops,
+	sem_ops:		&owlsm_sem_ops,
+	
+	register_security:	owlsm_register,
+	unregister_security:	owlsm_unregister,
+};
+
+#if defined(CONFIG_SECURITY_owlsm_MODULE)
+#define MY_NAME THIS_MODULE->name
+#else
+#define MY_NAME "owlsm"
+#endif
+
+static int __init owlsm_init (void)
+{
+	/* register ourselves with the security framework */
+	if (register_security (&owlsm_ops)) {
+		printk (KERN_INFO 
+			"Failure registering owlsm module with the kernel\n");
+		/* try registering with primary module */
+		if (mod_reg_security (MY_NAME, &owlsm_ops)) {
+			printk (KERN_INFO "Failure registering owlsm module "
+				"with primary security module.\n");
+			return -EINVAL;
+		}
+		secondary = 1;
+	}
+	printk(KERN_INFO "owlsm LSM initialized\n");
+	return 0;
+}
+
+static void __exit owlsm_exit (void)
+{
+	/* remove ourselves from the security framework */
+	if (secondary) {
+		if (mod_unreg_security (MY_NAME, &owlsm_ops))
+			printk (KERN_INFO "Failure unregistering owlsm module "
+				"with primary module.\n");
+		return;
+	}
+ 
+	if (unregister_security (&owlsm_ops)) {
+		printk (KERN_INFO
+			"Failure unregistering owlsm module with the kernel\n");
+	}
+}
+
+module_init (owlsm_init);
+module_exit (owlsm_exit);
+
+MODULE_DESCRIPTION("LSM implementation of the Openwall kernel patch");
+MODULE_LICENSE("GPL");
diff --minimal -Nru a/security/owlsm.h b/security/owlsm.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/owlsm.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,277 @@
+#ifndef _OWLSM_H
+#define _OWLSM_H
+
+/*
+ * This is NOT Openwall, however, it is some of the Openwall functionality
+ * ported to LSM.  For more information regarding the Openwall project
+ * can be found at http://www.openwall.com/
+ */
+
+#include <linux/config.h>
+#include <linux/major.h>
+
+#define security_alert(normal_msg, flood_msg, args...)			\
+({									\
+ 	static unsigned long warning_time = 0, no_flood_yet = 0;	\
+	static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED;	\
+									\
+	spin_lock(&security_alert_lock);				\
+									\
+/* Make sure at least one minute passed since the last warning logged */\
+	if (!warning_time || jiffies - warning_time > 60 * HZ) {	\
+		warning_time = jiffies; no_flood_yet = 1;		\
+		printk(KERN_ALERT "Security: " normal_msg "\n", ## args);\
+	} else if (no_flood_yet) {					\
+		warning_time = jiffies; no_flood_yet = 0;		\
+		printk(KERN_ALERT "Security: more " flood_msg		\
+			", logging disabled for a minute\n");		\
+	}								\
+									\
+	spin_unlock(&security_alert_lock);				\
+})
+
+/*
+ * Conditional defines for Openwall LSM helper functions
+ */
+
+#ifdef CONFIG_OWLSM_RLIMIT_NPROC
+static inline int do_owlsm_exec_rlimit(struct linux_binprm *bprm)
+{
+	/*
+	 * This check is similar to that done in kernel/fork.c, except
+	 * that we are not going to allocate a new task slot here.
+	 *
+	 * Note that we can only exceed the limit if our UID has changed.
+	 */
+	if (current->user) {
+		if (atomic_read(&current->user->processes) 
+		    > current->rlim[RLIMIT_NPROC].rlim_cur) {
+			return -EAGAIN;
+		}
+	}
+	return 0;
+}
+#else
+static inline int do_owlsm_exec_rlimit(struct linux_binprm *bprm)
+{
+	return 0;
+}
+#endif /* CONFIG_OWLSM_RLIMIT_NPROC */
+
+#ifdef CONFIG_OWLSM_LINK
+/*
+ * Don't allow users to create hard links to files they don't own,
+ * unless they have CAP_FOWNER.
+ *
+ * The last two checks are here as a workaround for atd(8), to be
+ * removed one day.
+ */
+static inline int do_owlsm_link(struct dentry *old_dentry, struct inode *inode,
+				struct dentry *new_dentry)
+{
+	struct inode* i = old_dentry->d_inode;
+
+	if (current->fsuid != i->i_uid && !capable(CAP_FOWNER) &&
+	    current->uid != i->i_uid && current->uid) {
+	    	security_alert("denied hard link to %d.%d "
+			"for UID %d, EUID %d, process %s:%d",
+			"hard links denied", i->i_uid, i->i_gid,
+			current->uid, current->euid,
+			current->comm, current->pid);
+		return -EPERM;
+	}
+	return 0;
+
+}
+
+/*
+ * Don't follow links that we don't own in +t
+ * directories, unless the link is owned by the
+ * owner of the directory.
+ */
+static inline int do_owlsm_follow_link(struct dentry *dentry,
+				   struct nameidata *nameidata)
+{
+	struct inode *inode = dentry->d_inode;
+	struct inode *parent = dentry->d_parent->d_inode;
+	if (S_ISLNK(inode->i_mode) &&
+		(parent->i_mode & S_ISVTX) &&
+		inode->i_uid != parent->i_uid &&
+		current->fsuid != inode->i_uid) {
+			security_alert("not followed symlink of %d.%d "
+				"by UID %d, EUID %d, process %s:%d",
+				"symlinks not followed",
+				inode->i_uid, inode->i_gid,
+				current->uid, current->euid,
+				current->comm, current->pid);
+			return -EPERM;
+	}
+	return 0;
+}
+#else
+static inline int do_owlsm_link(struct dentry *old_dentry, struct inode *inode,
+				struct dentry *new_dentry)
+{
+	return 0;
+}
+static inline int do_owlsm_follow_link(struct dentry *dentry,
+				   struct nameidata *nameidata)
+{
+	return 0;
+}
+#endif /* CONFIG_OWLSM_LINK */
+
+#ifdef CONFIG_OWLSM_FD
+/* Helper struct and functions for OWLSM_FD */
+
+struct secure_fds {
+	int fd_mask;
+	int priv_change;
+	struct file *fd_null;
+};
+
+static inline int tweak_fd_open_null(struct linux_binprm *bprm)
+{
+	int dev;
+	struct inode *i;
+	struct dentry *d;
+	struct file *f;
+	struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+
+	if(!(i = get_empty_inode()))
+		return -ENOMEM;
+	if(!(d = dget(d_alloc_root(i)))) {
+		iput(i);
+		return -ENOMEM;
+	}
+	if(!(f = get_empty_filp())) {
+		dput(d);
+		iput(i);
+		return -ENFILE;
+	}
+
+	dev = MKDEV(MEM_MAJOR, 3); /* /dev/null */
+
+	i->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
+	i->i_uid = current->fsuid;
+	i->i_gid = current->fsgid;
+	i->i_blksize = PAGE_SIZE;
+	i->i_blocks = 0;
+	i->i_atime = i->i_mtime = i->i_ctime = CURRENT_TIME;
+	i->i_op = &page_symlink_inode_operations;
+	i->i_state = I_DIRTY; /* so that mark_inode_dirty() won't touch us */
+
+	f->f_flags = O_RDWR;
+	f->f_mode = FMODE_READ | FMODE_WRITE;
+	f->f_dentry = d;
+	f->f_pos = 0;
+	f->f_reada = 0;
+
+	init_special_inode(i, i->i_mode, dev);
+	i->i_fop->open(i, f);
+	sfds->fd_null = f;
+	return 0;
+}
+
+static int tweak_fd_0_1_2(struct linux_binprm *bprm)
+{
+	int fd, new, retval;
+	struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+	struct file *f = (struct file *) sfds->fd_null;
+
+	for(fd = 0 ; fd <= 2 ; fd++) {
+		if(current->files->fd[fd]) continue;
+
+		if((new = get_unused_fd()) != fd) {
+			if(new >= 0) put_unused_fd(new);
+			return -EMFILE;
+		}
+		if(f) {
+			atomic_inc(&f->f_count);
+		} else {
+			if((retval = tweak_fd_open_null(bprm))) {
+				return retval;
+			}
+		}
+
+		fd_install(fd, sfds->fd_null);
+		sfds->fd_mask |= 1 << fd;
+	}
+	return 0;
+}
+
+/* End helper stuff */
+
+static inline int do_owlsm_sfd_alloc(struct linux_binprm *bprm)
+{
+	struct secure_fds *s_fds;
+
+	s_fds = kmalloc(sizeof(struct secure_fds), GFP_KERNEL);
+	if (!s_fds)
+		return -ENOMEM;
+
+	s_fds->fd_mask = 0;
+	s_fds->fd_null = NULL;
+	s_fds->priv_change = 0;
+	bprm->security = (void *)s_fds;
+	return 0;
+}
+
+static inline int do_owlsm_sfd_set(struct linux_binprm *bprm)
+{
+	struct secure_fds *s_fds = (struct secure_fds *)bprm->security;
+
+	if (bprm->e_uid != current->euid || !in_group_p(bprm->e_gid)) {
+		s_fds->priv_change = 1;
+		return tweak_fd_0_1_2(bprm);
+	}
+	return 0;
+}
+
+static inline void do_owlsm_sfd_free(struct linux_binprm *bprm)
+{
+	int i;
+	struct secure_fds *s_fds = ( struct secure_fds *) &bprm->security;
+
+	if (s_fds->fd_mask) {
+		for (i = 0; i <= 2; i++) {
+			if ( s_fds->fd_mask & (1 << i ))
+				(void) sys_close(i);
+		}
+	}
+
+	kfree(bprm->security);
+}
+
+static inline void do_owlsm_sfd_compute(struct linux_binprm *bprm)
+{
+	struct secure_fds *sfds = (struct secure_fds *) bprm->security;
+
+	/* Take care of close-on-exec files */
+	if ( sfds->priv_change ) {
+		(void) tweak_fd_0_1_2(bprm);
+	}
+}
+#else
+static inline int do_owlsm_sfd_alloc (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static inline void do_owlsm_sfd_free(struct linux_binprm *bprm)
+{
+	return;
+}
+
+static inline int do_owlsm_sfd_set (struct linux_binprm *bprm)
+{
+	return 0;
+}
+
+static inline void do_owlsm_sfd_compute (struct linux_binprm *bprm)
+{
+	return;
+}
+#endif /* CONFIG_OWLSM_FD */
+
+#endif /* _OWLSM_H */
diff --minimal -Nru a/security/security.c b/security/security.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/security.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,260 @@
+/*
+ * Security plug functions
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+
+#define SECURITY_SCAFFOLD_VERSION	"1.0.0"
+
+extern struct security_operations dummy_security_ops;	/* lives in dummy.c */
+
+struct security_operations *security_ops;	/* Initialized to NULL */
+
+/* This macro checks that all pointers in a struct are non-NULL.  It 
+ * can be fooled by struct padding for object tile alignment and when
+ * pointers to data and pointers to functions aren't the same size.
+ * Yes it's ugly, we'll replace it if it becomes a problem.
+ */
+#define VERIFY_STRUCT(struct_type, s, e) \
+	do { \
+		unsigned long * __start = (unsigned long *)(s); \
+		unsigned long * __end = __start + \
+				sizeof(struct_type)/sizeof(unsigned long *); \
+		while (__start != __end) { \
+			if (!*__start) { \
+				printk(KERN_INFO "%s is missing something\n",\
+					#struct_type); \
+				e++; \
+				break; \
+			} \
+			__start++; \
+		} \
+	} while (0)
+
+static int inline verify (struct security_operations *ops)
+{
+	int err;
+
+	/* verify the security_operations structure exists */
+	if (!ops) {
+		printk (KERN_INFO "Passed a NULL security_operations "
+			"pointer, " __FUNCTION__ " failed.\n");
+		return -EINVAL;
+	}
+
+	/* Perform a little sanity checking on our inputs */
+	err = 0;
+
+	/* This first check scans the whole security_ops struct for
+	 * missing structs or functions.
+	 */
+	VERIFY_STRUCT(struct security_operations, ops, err);
+
+	VERIFY_STRUCT(struct binprm_security_ops, ops->bprm_ops, err);
+	VERIFY_STRUCT(struct super_block_security_ops, ops->sb_ops, err);
+	VERIFY_STRUCT(struct inode_security_ops, ops->inode_ops, err);
+	VERIFY_STRUCT(struct file_security_ops, ops->file_ops, err);
+	VERIFY_STRUCT(struct task_security_ops, ops->task_ops, err);
+	VERIFY_STRUCT(struct socket_security_ops, ops->socket_ops, err);
+	VERIFY_STRUCT(struct skb_security_ops, ops->skb_ops, err);
+	VERIFY_STRUCT(struct ip_security_ops, ops->ip_ops, err);
+	VERIFY_STRUCT(struct netdev_security_ops, ops->netdev_ops, err);
+	VERIFY_STRUCT(struct module_security_ops, ops->module_ops, err);
+	VERIFY_STRUCT(struct ipc_security_ops, ops->ipc_ops, err);
+	VERIFY_STRUCT(struct msg_msg_security_ops, ops->msg_msg_ops, err);
+	VERIFY_STRUCT(struct msg_queue_security_ops, ops->msg_queue_ops, err);
+	VERIFY_STRUCT(struct shm_security_ops, ops->shm_ops, err);
+	VERIFY_STRUCT(struct sem_security_ops, ops->sem_ops, err);
+
+	if (err) {
+		printk (KERN_INFO "Not enough functions specified in the "
+			"security_operation structure, " __FUNCTION__
+			" failed.\n");
+		return -EINVAL;
+	}
+	return 0;
+}
+
+/**
+ * security_scaffolding_startup - initialzes the security scaffolding framework
+ *
+ * This should be called early in the kernel initialization sequence.
+ */
+int security_scaffolding_startup (void)
+{
+	printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION
+		" initialized\n");
+
+	security_ops = &dummy_security_ops;
+
+	return 0;
+}
+
+/**
+ * register_security - registers a security framework with the kernel
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function is to allow a security module to register itself with the
+ * kernel security subsystem.  Some rudimentary checking is done on the @ops
+ * value passed to this function.  A call to unregister_security() should be
+ * done to remove this security_options structure from the kernel.
+ *
+ * If the @ops structure does not contain function pointers for all hooks in
+ * the structure, or there is already a security module registered with the
+ * kernel, an error will be returned.  Otherwise 0 is returned on success.
+ */
+int register_security (struct security_operations *ops)
+{
+
+	if (verify (ops)) {
+		printk (KERN_INFO __FUNCTION__ " could not verify "
+			"security_operations structure.\n");
+		return -EINVAL;
+	}
+	if (security_ops != &dummy_security_ops) {
+		printk (KERN_INFO "There is already a security "
+			"framework initialized, " __FUNCTION__ " failed.\n");
+		return -EINVAL;
+	}
+
+	security_ops = ops;
+
+	return 0;
+}
+
+/**
+ * unregister_security - unregisters a security framework with the kernel
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function removes a struct security_operations variable that had
+ * previously been registered with a successful call to register_security().
+ *
+ * If @ops does not match the valued previously passed to register_security()
+ * an error is returned.  Otherwise the default security options is set to the
+ * the dummy_security_ops structure, and 0 is returned.
+ */
+int unregister_security (struct security_operations *ops)
+{
+	if (ops != security_ops) {
+		printk (KERN_INFO __FUNCTION__ ": trying to unregister "
+			"a security_opts structure that is not "
+			"registered, failing.\n");
+		return -EINVAL;
+	}
+
+	security_ops = &dummy_security_ops;
+
+	return 0;
+}
+
+/**
+ * mod_reg_security - allows security modules to be "stacked"
+ * @name: a pointer to a string with the name of the security_options to be registered
+ * @ops: a pointer to the struct security_options that is to be registered
+ *
+ * This function allows security modules to be stacked if the currently loaded
+ * security module allows this to happen.  It passes the @name and @ops to the
+ * register_security function of the currently loaded security module.
+ *
+ * The return value depends on the currently loaded security module, with 0 as
+ * success.
+ */
+int mod_reg_security (const char *name, struct security_operations *ops)
+{
+	if (verify (ops)) {
+		printk (KERN_INFO __FUNCTION__ " could not verify "
+			"security operations.\n");
+		return -EINVAL;
+	}
+
+	if (ops == security_ops) {
+		printk (KERN_INFO __FUNCTION__ " security operations "
+			"already registered.\n");
+		return -EINVAL;
+	}
+
+	return security_ops->register_security (name, ops);
+}
+
+/**
+ * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
+ * @name: a pointer to a string with the name of the security_options to be removed
+ * @ops: a pointer to the struct security_options that is to be removed
+ *
+ * This function allows security modules that have been successfully registered
+ * with a call to mod_reg_security() to be unloaded from the system.
+ * This calls the currently loaded security module's unregister_security() call
+ * with the @name and @ops variables.
+ *
+ * The return value depends on the currently loaded security module, with 0 as
+ * success.
+ */
+int mod_unreg_security (const char *name, struct security_operations *ops)
+{
+	if (ops == security_ops) {
+		printk (KERN_INFO __FUNCTION__ " invalid attempt to unregister "
+			" primary security ops.\n");
+		return -EINVAL;
+	}
+
+	return security_ops->unregister_security (name, ops);
+}
+
+/**
+ * capable - calls the currently loaded security module's capable() function with the specified capability
+ * @cap: the requested capability level.
+ *
+ * This function calls the currently loaded security module's cabable()
+ * function with a pointer to the current task and the specified @cap value.
+ *
+ * This allows the security module to implement the capable function call
+ * however it chooses to.
+ */
+int capable (int cap)
+{
+	if (security_ops->capable (current, cap)) {
+		/* capability denied */
+		return 0;
+	}
+
+	/* capability granted */
+	current->flags |= PF_SUPERPRIV;
+	return 1;
+}
+
+/**
+ * sys_security - security syscall multiplexor.
+ * @id: module id
+ * @call: call identifier
+ * @args: arg list for call
+ *
+ * Similar to sys_socketcall.  Can use id to help identify which module user
+ * app is talking to.
+ *
+ */
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+			      unsigned long *args)
+{
+	return security_ops->sys_security (id, call, args);
+}
+
+EXPORT_SYMBOL (register_security);
+EXPORT_SYMBOL (unregister_security);
+EXPORT_SYMBOL (mod_reg_security);
+EXPORT_SYMBOL (mod_unreg_security);
+EXPORT_SYMBOL (capable);
+EXPORT_SYMBOL (security_ops);
diff --minimal -Nru a/security/selinux/Config.help b/security/selinux/Config.help
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Config.help	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,41 @@
+CONFIG_SECURITY_SELINUX
+  This enables the NSA Security-Enhanced Linux (SELinux) security module, 
+  which provides fine-grained and flexible nondiscretionary access 
+  controls, including support for a generalization of Type Enforcement, 
+  Role-Based Access Control and optionally Multi-Level Security.  To use 
+  this security module, you should obtain the SELinux archive from 
+  http://www.nsa.gov/selinux and follow the README instructions in it.  
+  That archive provides additional components needed by SELinux, such as 
+  the checkpolicy policy compiler, the example security policy 
+  configuration, the setfiles file labeling utility, the example 
+  file_contexts configuration, and a set of new and modified daemons and 
+  utility programs extended to deal with security contexts.  
+  If you want to use SELinux, say Y here.  Although you can enable
+  SELinux as a module, we don't recommend it.  You should also enable
+  the Capabilities security module and the NetFilter-based IP networking
+  hooks.  
+
+CONFIG_SECURITY_SELINUX_DEVELOP
+  This causes the NSA SELinux security module to be built as a 
+  development module.  The development module starts in permissive mode, 
+  logging permission failures but not enforcing them.  You can use 
+  permissive mode in order to determine what additional permissions are 
+  needed for your particular system and can then revise your policy 
+  configuration accordingly.  You can subseqently run the avc_toggle 
+  program to switch into enforcing mode.  Once in enforcing mode, you can 
+  only switch back to permissive mode if authorized by the policy (in the 
+  example policy, only the administrator role can do this).  Once you are 
+  satisfied that your policy configuration is sufficient for your system, 
+  you should either run avc_toggle from an rc script to switch into 
+  enforcing mode during initialization, or you should rebuild the kernel 
+  without this option so that it is always in enforcing mode.  The first 
+  option leaves open the possibility of switching back to permissive mode 
+  by an administrator, while the latter option provides stricter security.  
+  If unsure, say Y.
+
+CONFIG_SECURITY_SELINUX_MLS
+  This enables the Multi-Level Security (MLS) policy component in the NSA 
+  SELinux security module.  This policy component is considered 
+  experimental and has not been configured for use.  If you want to 
+  experiment with it, see the README.MLS file in the SELinux archive.  
+  If unsure, say N.
diff --minimal -Nru a/security/selinux/Config.in b/security/selinux/Config.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Config.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,7 @@
+tristate 'NSA SELinux Support' CONFIG_SECURITY_SELINUX
+if [ "$CONFIG_SECURITY_SELINUX" != "n" ]; then
+   bool '  NSA SELinux Development Module' CONFIG_SECURITY_SELINUX_DEVELOP 
+   if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+      bool '  NSA SELinux MLS policy (EXPERIMENTAL)' CONFIG_SECURITY_SELINUX_MLS 
+   fi
+fi
diff --minimal -Nru a/security/selinux/Makefile b/security/selinux/Makefile
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Makefile	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,29 @@
+#
+# Makefile for building the SELinux module as part of the kernel tree.
+#
+
+O_TARGET := selinux-obj.o
+
+subdir-$(CONFIG_SELINUX) := flask ss
+
+selinux-objs := avc.o psid.o hooks.o syscalls.o ss.o
+
+obj-y := $(selinux-objs)
+obj-m := $(O_TARGET)
+
+EXTRA_CFLAGS += -Iinclude 
+
+ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
+
+include $(TOPDIR)/Rules.make
+
+ss.o:
+	make -C ss ss.o
+	cp ss/ss.o ss.o
+
+symlinks:
+	rm -f include/asm arch/machine
+	(cd include; ln -sf asm-$(ARCH) asm)
+
+fastdep: symlinks
+
diff --minimal -Nru a/security/selinux/Makefile.in b/security/selinux/Makefile.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/Makefile.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,16 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+KBUILD_INCLUDE_PATHS=security/selinux/include
+
+objlink(CONFIG_SECURITY_SELINUX selinux-obj.o \
+	avc.o psid.o \
+	hooks.o \
+	syscalls.o ss/ss.o)
+
+extra_cflags_all(-Isecurity/selinux/include)
+
+link_subdirs(ss)
+
+select(CONFIG_Y CONFIG_SECURITY_SELINUX selinux-obj.o)
+
diff --minimal -Nru a/security/selinux/avc.c b/security/selinux/avc.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/avc.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1146 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author:  Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+/*
+ * Implementation of the kernel access vector cache (AVC).
+ */
+
+#include <linux/types.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/class_to_string.h>
+#include <linux/flask/common_perm_to_string.h>
+#include <linux/flask/av_inherit.h>
+#include <linux/flask/av_perm_to_string.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/fs.h>
+#include <linux/dcache.h>
+#include <linux/skbuff.h>
+#include <net/sock.h>
+#include <linux/un.h>
+#include <net/af_unix.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+#include <linux/tcp.h>
+#include "selinux_plug.h"
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+int avc_debug_always_allow = 1;
+#endif
+
+spinlock_t avc_lock = SPIN_LOCK_UNLOCKED;
+
+typedef struct avc_node {
+	struct avc_entry ae;
+	struct avc_node *next;
+}               avc_node_t;
+
+static struct avc_node *avc_node_freelist = NULL;
+
+#define AVC_CACHE_SLOTS 512 
+#define AVC_CACHE_MAXNODES 410 
+
+typedef struct {
+	avc_node_t     *slots[AVC_CACHE_SLOTS];
+	__u32    lru_hint;	/* LRU hint for reclaim scan */
+	__u32   activeNodes;
+	__u32	latest_notif;	/* latest revocation notification */
+}               avc_cache_t;
+
+
+static avc_cache_t avc_cache;
+
+#define AVC_HASH(ssid,tsid,tclass) \
+((ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1))
+
+static char *avc_audit_buffer = NULL;
+
+unsigned        avc_cache_stats[AVC_NSTATS];
+
+/* 
+ * Display the cache statistics 
+ */
+void avc_dump_stats(char *tag)
+{
+	printk("%s avc:  entry:  %d lookups == %d hits + %d misses (%d discards)\n",
+	       tag,
+	       avc_cache_stats[AVC_ENTRY_LOOKUPS],
+	       avc_cache_stats[AVC_ENTRY_HITS],
+	       avc_cache_stats[AVC_ENTRY_MISSES],
+	       avc_cache_stats[AVC_ENTRY_DISCARDS]);
+
+	printk("%s avc:  cav:  %d lookups == %d hits + %d misses\n",
+	       tag,
+	       avc_cache_stats[AVC_CAV_LOOKUPS],
+	       avc_cache_stats[AVC_CAV_HITS],
+	       avc_cache_stats[AVC_CAV_MISSES]);
+
+	printk("%s avc:  cav:  %d/%d probe/hit ratio\n",
+	       tag,
+	       avc_cache_stats[AVC_CAV_PROBES],
+	       avc_cache_stats[AVC_CAV_HITS]);
+}
+
+
+/* 
+ * Display an access vector in human-readable form.
+ */
+void avc_dump_av(
+	security_class_t tclass,
+	access_vector_t av)
+{
+	char          **common_pts = 0;
+	access_vector_t common_base = 0;
+	int             i, i2, perm;
+
+
+	if (av == 0) {
+		printk(" null");
+		return;
+	}
+
+	for (i = 0; i < AV_INHERIT_SIZE; i++) {
+		if (av_inherit[i].tclass == tclass) {
+			common_pts = av_inherit[i].common_pts;
+			common_base = av_inherit[i].common_base;
+			break;
+		}
+	}
+
+	printk(" {");
+	i = 0;
+	perm = 1;
+	while (perm < common_base) {
+		if (perm & av)
+			printk(" %s", common_pts[i]);
+		i++;
+		perm <<= 1;
+	}
+
+	while (i < sizeof(access_vector_t) * 8) {
+		if (perm & av) {
+			for (i2 = 0; i2 < AV_PERM_TO_STRING_SIZE; i2++) {
+				if ((av_perm_to_string[i2].tclass == tclass) &&
+				    (av_perm_to_string[i2].value == perm))
+					break;
+			}
+			if (i2 < AV_PERM_TO_STRING_SIZE)
+				printk(" %s", av_perm_to_string[i2].name);
+		}
+		i++;
+		perm <<= 1;
+	}
+
+	printk(" }");
+}
+
+
+/* 
+ * Display a SID pair and a class in human-readable form.
+ */
+void avc_dump_query(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass)	/* IN */
+{
+	int rc;
+	security_context_t scontext;
+	__u32 scontext_len;
+	
+ 	rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+	if (rc)
+		printk("ssid=%d", ssid);		
+	else {
+		printk("scontext=%s", scontext);		
+		kfree(scontext);
+	}
+
+	rc = security_sid_to_context(tsid, &scontext, &scontext_len);
+	if (rc)
+		printk(" tsid=%d", tsid);
+	else {
+		printk(" tcontext=%s", scontext);
+		kfree(scontext);
+	}
+	printk(" tclass=%s", class_to_string[tclass]);
+}
+
+
+/*
+ * Initialize the cache.
+ */
+void avc_init(void)
+{
+	avc_node_t	*new;
+	int             i;
+
+	for (i = 0; i < AVC_NSTATS; i++)
+		avc_cache_stats[i] = 0;
+
+	for (i = 0; i < AVC_CACHE_SLOTS; i++)
+		avc_cache.slots[i] = 0;
+	avc_cache.lru_hint = 0;
+	avc_cache.activeNodes = 0;
+	avc_cache.latest_notif = 0;
+
+	for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
+		new = (avc_node_t *) kmalloc(sizeof(avc_node_t),
+					     GFP_ATOMIC);
+		if (!new) {
+			printk("avc:  only able to allocate %d entries\n", i);
+			break;
+		}
+		memset(new, 0, sizeof(avc_node_t));
+		new->next = avc_node_freelist;
+		avc_node_freelist = new;
+	}
+
+	printk("AVC:  allocated %d bytes during initialization.\n", 
+	       i * sizeof(avc_node_t));
+
+	avc_audit_buffer = (char *)__get_free_page(GFP_ATOMIC);
+	if (!avc_audit_buffer)
+		panic("AVC:  unable to allocate audit buffer\n");
+}
+
+#if 0
+static void avc_hash_eval(char *tag)
+{
+	int             i, chain_len, max_chain_len, slots_used;
+	avc_node_t     *node;
+
+	spin_lock(&avc_lock);
+
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+		node = avc_cache.slots[i];
+		if (node) {
+			slots_used++;
+			chain_len = 0;
+			while (node) {
+				chain_len++;
+				node = node->next;
+			}
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	spin_unlock(&avc_lock);
+
+	printk("\n%s avc:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, avc_cache.activeNodes, slots_used, AVC_CACHE_SLOTS, max_chain_len);
+}
+#else
+#define avc_hash_eval(t)
+#endif
+
+/* 
+ * Display the contents of the cache in human-readable form.
+ */
+void avc_dump_cache(char *tag)
+{
+	int             i, chain_len, max_chain_len, slots_used;
+	avc_node_t     *node;
+
+	avc_dump_stats(tag);
+
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+		node = avc_cache.slots[i];
+		if (node) {
+			printk("\n%s avc:  slot %d:\n", tag, i);
+			slots_used++;
+			chain_len = 0;
+			while (node) {
+				avc_dump_query(node->ae.ssid, node->ae.tsid, node->ae.tclass);
+				printk(" allowed");
+				avc_dump_av(node->ae.tclass, node->ae.allowed);
+				printk("\n");
+
+				chain_len++;
+				node = node->next;
+			}
+
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	printk("\n%s avc:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, avc_cache.activeNodes, slots_used, AVC_CACHE_SLOTS, max_chain_len);
+
+	printk("%s avc:  latest_notif=%d\n", tag, avc_cache.latest_notif);
+}
+
+
+/*
+ * Reclaim a node from the cache for use.
+ */
+static inline avc_node_t *avc_reclaim_node(void)
+{
+	avc_node_t     *prev, *cur;
+	int             hvalue, try;
+
+	hvalue = avc_cache.lru_hint;
+	for (try = 0; try < 2; try++) {
+		do {
+			prev = NULL;
+			cur = avc_cache.slots[hvalue];
+			while (cur) {
+				if (!cur->ae.used)
+					goto found;
+
+				cur->ae.used = 0;
+
+				prev = cur;
+				cur = cur->next;
+			}
+			hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
+		} while (hvalue != avc_cache.lru_hint);
+	}
+
+	panic("avc_reclaim_node");
+
+found:
+	avc_cache.lru_hint = hvalue;
+
+	if (prev == NULL)
+		avc_cache.slots[hvalue] = cur->next;
+	else
+		prev->next = cur->next;
+
+	return cur;
+}
+
+
+/*
+ * Claim a node for use for a particular 
+ * SID pair and class.
+ */
+static inline avc_node_t *avc_claim_node(
+	security_id_t ssid,
+	security_id_t tsid,
+	security_class_t tclass)
+{
+	avc_node_t     *new;
+	int             hvalue;
+
+
+	hvalue = AVC_HASH(ssid, tsid, tclass);
+	if (avc_node_freelist) {
+		new = avc_node_freelist;
+		avc_node_freelist = avc_node_freelist->next;
+		avc_cache.activeNodes++;
+	} else {
+		new = avc_reclaim_node();
+		if (!new)
+			return NULL;
+	}
+
+	new->ae.used = 1;
+	new->ae.ssid = ssid;
+	new->ae.tsid = tsid;
+	new->ae.tclass = tclass;
+	new->next = avc_cache.slots[hvalue];
+	avc_cache.slots[hvalue] = new;
+
+	return new;
+}
+
+
+/*
+ * Search for a node that has the specified
+ * SID pair and class.
+ */
+static inline avc_node_t *avc_search_node(
+	security_id_t ssid,
+	security_id_t tsid,
+	security_class_t tclass,
+	int *probes)
+{
+	avc_node_t     *cur;
+	int             hvalue;
+	int             tprobes = 1;
+
+
+	hvalue = AVC_HASH(ssid, tsid, tclass);
+	cur = avc_cache.slots[hvalue];
+	while (cur != NULL &&
+	       (ssid != cur->ae.ssid ||
+		tclass != cur->ae.tclass ||
+		tsid != cur->ae.tsid)) {
+		tprobes++;
+		cur = cur->next;
+	}
+
+	if (cur == NULL) {
+		/* cache miss */
+		return NULL;
+	}
+
+	/* cache hit */
+	if (probes)
+		*probes = tprobes;
+
+	cur->ae.used = 1;
+
+	return cur;
+}
+
+
+/*
+ * Look up an AVC entry that is valid for the 
+ * `requested' permissions between the SID pair
+ * (`ssid', `tsid'), interpreting the permissions
+ * based on `tclass'.  If a valid AVC entry exists,
+ * then this function updates `aeref' to refer to the
+ * entry and returns 0. Otherwise, this function
+ * returns -ENOENT.
+ */
+int avc_lookup(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t requested,	/* IN */
+	avc_entry_ref_t *aeref)		/* OUT */
+{
+	avc_node_t     *node;
+	int             probes;
+
+	avc_cache_stats_incr(AVC_CAV_LOOKUPS);
+	node = avc_search_node(ssid, tsid, tclass,&probes);
+
+	if (node && ((node->ae.decided & requested) == requested)) {
+		avc_cache_stats_incr(AVC_CAV_HITS);
+		avc_cache_stats_add(AVC_CAV_PROBES,probes);
+		aeref->ae = &node->ae;
+		return 0;
+	} 
+
+	avc_cache_stats_incr(AVC_CAV_MISSES);
+	return -ENOENT;
+}
+
+
+/*
+ * Insert an AVC entry for the SID pair
+ * (`ssid', `tsid') and class `tclass'. 
+ * The access vectors and the sequence number are
+ * normally provided by the security server in 
+ * response to a security_compute_av call.  If the 
+ * sequence number `seqno' is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates 
+ * `aeref' to refer to the entry, and returns 0.
+ * Otherwise, this function returns -EAGAIN.
+ */
+int avc_insert(security_id_t ssid,		/* IN */
+	       security_id_t tsid,		/* IN */
+	       security_class_t tclass,		/* IN */
+	       struct avc_entry *ae,		/* IN */
+	       __u32 seqno,			/* IN */
+	       avc_entry_ref_t *aeref)		/* OUT */
+{
+	avc_node_t     *node;
+
+	if (seqno < avc_cache.latest_notif) {
+		printk("avc:  seqno %d < latest_notif %d\n", seqno,
+		       avc_cache.latest_notif);
+		return -EAGAIN;
+	}
+
+	node = avc_claim_node(ssid, tsid, tclass);
+	if (!node) {
+		return -ENOMEM;
+	}
+	
+	node->ae.allowed = ae->allowed;
+	node->ae.decided = ae->decided;
+	node->ae.auditallow = ae->auditallow;
+	node->ae.auditdeny = ae->auditdeny;
+	aeref->ae = &node->ae;
+	return 0;
+}
+
+#define print_ipv4_addr(_addr,_port,_name1,_name2) { \
+	if ((_addr)) \
+		printk(" %s=%d.%d.%d.%d", (_name1), \
+		       NIPQUAD((_addr))); \
+	if ((_port)) \
+		printk(" %s=%d", (_name2), ntohs((_port))); \
+	}
+
+
+/*
+ * Copied from fs/dcache.c:d_path and hacked up to
+ * avoid need for vfsmnt, root, and rootmnt parameters.
+ */
+char * avc_d_path(struct dentry *dentry, 
+		  char *buffer, int buflen)
+{
+	char * end = buffer+buflen;
+	char * retval;
+	int namelen;
+
+	*--end = '\0';
+	buflen--;
+	if (!IS_ROOT(dentry) && list_empty(&dentry->d_hash)) {
+		buflen -= 10;
+		end -= 10;
+		memcpy(end, " (deleted)", 10);
+	}
+
+	/* Get '/' right */
+	retval = end-1;
+	*retval = '/';
+
+	for (;;) {
+		struct dentry * parent;
+
+		if (IS_ROOT(dentry)) {
+			goto global_root;
+		}
+		parent = dentry->d_parent;
+		namelen = dentry->d_name.len;
+		if (!namelen)
+			goto skip;
+		buflen -= namelen + 1;
+		if (buflen < 0)
+			break;
+		end -= namelen;
+		memcpy(end, dentry->d_name.name, namelen);
+		*--end = '/';
+		retval = end;
+skip:
+		dentry = parent;
+		if (!dentry)
+			break;
+	}
+	return retval;
+global_root:
+	namelen = dentry->d_name.len;
+	buflen -= namelen;
+	if (buflen >= 0) {
+		retval -= namelen-1;	/* hit the slash */
+		memcpy(retval, dentry->d_name.name, namelen);
+	}
+	return retval;
+}
+
+/*
+ * Copied from net/core/utils.c:net_ratelimit and modified for
+ * use by the AVC audit facility.
+ */
+
+int avc_msg_cost = 5*HZ;
+int avc_msg_burst = 10*5*HZ;
+
+/* 
+ * This enforces a rate limit: not more than one kernel message
+ * every 5secs to make a denial-of-service attack impossible.
+ */ 
+int avc_ratelimit(void)
+{
+	static spinlock_t ratelimit_lock = SPIN_LOCK_UNLOCKED;
+	static unsigned long toks = 10*5*HZ;
+	static unsigned long last_msg; 
+	static int missed;
+	unsigned long flags;
+	unsigned long now = jiffies;
+
+	spin_lock_irqsave(&ratelimit_lock, flags);
+	toks += now - last_msg;
+	last_msg = now;
+	if (toks > avc_msg_burst)
+		toks = avc_msg_burst;
+	if (toks >= avc_msg_cost) {
+		int lost = missed;
+		missed = 0;
+		toks -= avc_msg_cost;
+		spin_unlock_irqrestore(&ratelimit_lock, flags);
+		if (lost)
+			printk(KERN_WARNING "AVC: %d messages suppressed.\n", lost);
+		return 1;
+	}
+	missed++;
+	spin_unlock_irqrestore(&ratelimit_lock, flags);
+	return 0;
+}
+
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+
+static inline int check_avc_ratelimit(void)  
+{
+	if (avc_debug_always_allow)
+		/* If permissive, then never suppress messages. */
+		return 1;
+	else
+		return avc_ratelimit();
+}
+
+#else
+
+static inline int check_avc_ratelimit(void)  
+{
+	return avc_ratelimit();
+}
+
+#endif
+
+
+
+/*
+ * Audit the granting or denial of permissions.
+ */
+void avc_audit(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t audited,	/* IN */
+	struct avc_entry *ae,		/* IN */
+	__u32 denied,			/* IN */
+	avc_audit_data_t *a)		/* IN */
+{
+	char *p;
+
+	if (!check_avc_ratelimit())
+		return;
+
+	printk("\navc:  %s ", denied ? "denied" : "granted");
+	avc_dump_av(tclass,audited);
+	printk(" for ");
+	if (current && current->pid) {
+		printk(" pid=%d", current->pid);
+		if (current->mm) {
+			struct vm_area_struct *vma = current->mm->mmap;
+
+			while (vma) {
+				if ((vma->vm_flags & VM_EXECUTABLE) && 
+				    vma->vm_file) {
+					p = d_path(vma->vm_file->f_dentry, 
+						   vma->vm_file->f_vfsmnt, 
+						   avc_audit_buffer,
+						   PAGE_SIZE);
+					printk(" exe=%s", p);
+					break;
+				}
+				vma = vma->vm_next;
+			}
+		}
+	}
+	if (a) {
+		switch (a->type) {
+		case AVC_AUDIT_DATA_IPC:
+			printk(" IPCID=%d", a->u.ipc_id);
+			break;
+		case AVC_AUDIT_DATA_CAP:
+			printk(" capability=%d", a->u.cap);
+			break;
+		case AVC_AUDIT_DATA_FS:
+			if (a->u.fs.dentry) {
+				struct inode *inode = a->u.fs.dentry->d_inode;
+
+				p = avc_d_path(a->u.fs.dentry, 
+					       avc_audit_buffer,
+					       PAGE_SIZE);
+				if (p)
+					printk(" path=%s", p);
+
+				if (inode) {
+					printk(" dev=%s ino=%ld", 
+					       kdevname(inode->i_dev),
+					       inode->i_ino);
+				}
+			}
+
+			if (a->u.fs.inode) {
+				struct inode *inode = a->u.fs.inode;
+				struct dentry *dentry = d_find_alias(inode);
+
+				if (dentry) {
+					p = avc_d_path(dentry, 
+						       avc_audit_buffer,
+						       PAGE_SIZE);
+					if (p)
+						printk(" path=%s", p);
+					dput(dentry);
+				}
+
+				printk(" dev=%s ino=%ld", 
+				       kdevname(inode->i_dev),inode->i_ino);
+			}
+			break;
+		case AVC_AUDIT_DATA_NET:
+			if (a->u.net.sk) {
+				struct sock *sk = a->u.net.sk;
+
+				switch (sk->family) {
+				case AF_INET:
+					print_ipv4_addr(sk->rcv_saddr,
+							sk->sport,
+							"laddr", "lport");
+					print_ipv4_addr(sk->daddr,
+							sk->dport,
+							"faddr", "fport");
+					break;
+				case AF_UNIX: 
+					if (sk->protinfo.af_unix.dentry) {
+						p = d_path(sk->protinfo.af_unix.dentry, 
+							   sk->protinfo.af_unix.mnt,
+							   avc_audit_buffer,
+							   PAGE_SIZE);
+						printk(" path=%s", p);
+					} else if (sk->protinfo.af_unix.addr) {
+						p = avc_audit_buffer;
+						memcpy(p,
+						       sk->protinfo.af_unix.addr->name->sun_path,
+						       sk->protinfo.af_unix.addr->len-sizeof(short));
+						if (*p == 0) {
+							*p = '@';
+							p += sk->protinfo.af_unix.addr->len-sizeof(short);
+							*p = 0;
+						}
+						printk(" path=%s", 
+						       avc_audit_buffer);
+					}
+					break;
+				}
+			}
+			if (a->u.net.daddr) {
+				printk(" daddr=%d.%d.%d.%d", 
+				       NIPQUAD(a->u.net.daddr));
+				if (a->u.net.port)
+					printk(" dest=%d", ntohs(a->u.net.port));
+			} else if (a->u.net.port)
+				printk(" port=%d", ntohs(a->u.net.port));
+			if (a->u.net.skb) {
+				struct sk_buff *skb = a->u.net.skb;
+
+				if (skb->nh.iph) {
+					__u16 source = 0, dest = 0;
+					__u8  protocol = skb->nh.iph->protocol;
+
+
+					if (protocol == IPPROTO_TCP && 
+					    skb->h.th) {
+						source = skb->h.th->source;
+						dest = skb->h.th->dest;
+					} 
+					if (protocol == IPPROTO_UDP && 
+					    skb->h.uh) {
+						source = skb->h.uh->source;
+						dest = skb->h.uh->dest;
+					}
+
+					print_ipv4_addr(skb->nh.iph->saddr,
+							source,
+							"saddr", "source");
+					print_ipv4_addr(skb->nh.iph->daddr,
+							dest,
+							"daddr", "dest");
+				}
+			}
+			if (a->u.net.netif)
+				printk(" netif=%s", a->u.net.netif);
+			break;
+		}
+	}
+	printk(" ");
+	avc_dump_query(ssid, tsid, tclass);
+	printk("\n");
+}
+
+
+typedef struct avc_callback_node 
+{
+	int (*callback)(__u32 event, 
+			security_id_t ssid,
+			security_id_t tsid,
+			security_class_t tclass,
+			access_vector_t perms,
+			access_vector_t *out_retained);
+	__u32 events;
+	security_id_t ssid;
+	security_id_t tsid;
+	security_class_t tclass;
+	access_vector_t perms;
+	struct avc_callback_node *next;
+} avc_callback_node_t;
+
+static avc_callback_node_t *avc_callbacks = NULL;
+
+
+/*
+ * Register a callback for events in the set `events'
+ * related to the SID pair (`ssid', `tsid') and
+ * and the permissions `perms', interpreting
+ * `perms' based on `tclass'.
+ */
+int avc_add_callback(
+	int (*callback)(__u32 event, 
+			security_id_t ssid,
+			security_id_t tsid,
+			security_class_t tclass,
+			access_vector_t perms,
+			access_vector_t *out_retained),
+	__u32 events,
+	security_id_t ssid,
+	security_id_t tsid,
+	security_class_t tclass,
+	access_vector_t perms)
+{
+    avc_callback_node_t *c;
+
+    c = (avc_callback_node_t *) kmalloc(sizeof(avc_callback_node_t),
+					GFP_ATOMIC);
+    if (!c)
+	return -ENOMEM;
+
+    c->callback = callback;
+    c->events = events;
+    c->ssid = ssid;
+    c->tsid = tsid;
+    c->perms = perms;
+    c->next = avc_callbacks;
+    avc_callbacks = c;
+    return 0;
+}
+
+
+#define AVC_SIDCMP(x,y) \
+((x) == (y) || (x) == SECSID_WILD || (y) == SECSID_WILD)
+
+
+/*
+ * Update the cache entry `node' based on the 
+ * event `event' and permissions `perms'.
+ */
+static inline void avc_update_node(
+	__u32 event,
+	avc_node_t *node,
+	access_vector_t perms)
+{
+	switch (event) { 
+	case AVC_CALLBACK_GRANT: 
+		node->ae.allowed |= perms; 
+		break; 
+	case AVC_CALLBACK_TRY_REVOKE: 
+	case AVC_CALLBACK_REVOKE: 
+		node->ae.allowed &= ~perms; 
+		break; 
+	case AVC_CALLBACK_AUDITALLOW_ENABLE: 
+		node->ae.auditallow |= perms; 
+		break; 
+	case AVC_CALLBACK_AUDITALLOW_DISABLE: 
+		node->ae.auditallow &= ~perms; 
+		break; 
+	case AVC_CALLBACK_AUDITDENY_ENABLE: 
+		node->ae.auditdeny |= perms; 
+		break; 
+	case AVC_CALLBACK_AUDITDENY_DISABLE: 
+		node->ae.auditdeny &= ~perms; 
+		break; 
+	}
+}
+
+
+/*
+ * Update any cache entries that match the 
+ * SID pair (`ssid', `tsid') and class `tclass'
+ * based on the event `event' and permissions
+ * `perms'.
+ */
+static int avc_update_cache(
+	__u32 event,	 		/* IN */
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms)		/* IN */
+{
+	avc_node_t     *node;	
+	int i;
+
+	spin_lock(&avc_lock);
+
+	if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
+		/* apply to all matching nodes */
+		for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+			for (node = avc_cache.slots[i]; node; 
+			     node = node->next) {
+				if (AVC_SIDCMP(ssid, node->ae.ssid) && 
+				    AVC_SIDCMP(tsid, node->ae.tsid) &&
+				    tclass == node->ae.tclass) {
+					avc_update_node(event,node,perms);
+				}
+			}
+		}
+	} else {
+		/* apply to one node */
+		node = avc_search_node(ssid, tsid, tclass, 0);		
+		if (node) {
+			avc_update_node(event,node,perms);
+		}
+	}
+
+	spin_unlock(&avc_lock);
+
+	return 0;
+}
+
+/*
+ * Update the cache state and invoke any 
+ * registered callbacks that match the 
+ * SID pair (`ssid', `tsid') and class `tclass'
+ * based on the event `event' and permissions
+ * `perms'.  Increase the latest revocation 
+ * notification sequence number if appropriate.
+ */
+static int avc_control(
+	__u32 event,	 		/* IN */
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	access_vector_t *out_retained)	/* OUT */
+{
+	avc_callback_node_t *c;
+	access_vector_t tretained = 0, cretained = 0;
+	int rc;
+
+	/*
+	 * try_revoke only removes permissions from the cache
+	 * state if they are not retained by the object manager.
+	 * Hence, try_revoke must wait until after the callbacks have
+	 * been invoked to update the cache state.
+	 */
+	if (event != AVC_CALLBACK_TRY_REVOKE)
+		avc_update_cache(event,ssid,tsid,tclass,perms);
+
+	for (c = avc_callbacks; c; c = c->next)
+	{
+		if ((c->events & event) &&
+		    AVC_SIDCMP(c->ssid, ssid) && 
+		    AVC_SIDCMP(c->tsid, tsid) &&
+		    c->tclass == tclass &&
+		    (c->perms & perms)) {
+			cretained = 0;
+			rc = c->callback(event, ssid, tsid, tclass,
+					 (c->perms & perms),	
+					 &cretained);
+			if (rc)
+				return rc;
+			tretained |= cretained;			
+		}
+	}
+
+	if (event == AVC_CALLBACK_TRY_REVOKE) {
+		/* revoke any unretained permissions */
+		perms &= ~tretained;
+		avc_update_cache(event,ssid,tsid,tclass,perms);
+		*out_retained = tretained;
+	}
+
+	spin_lock(&avc_lock);
+	if (seqno > avc_cache.latest_notif)
+		avc_cache.latest_notif = seqno;
+	spin_unlock(&avc_lock);
+	
+	return 0;
+}
+
+
+/* Grant previously denied permissions */
+int avc_ss_grant(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno)			/* IN */
+{
+	return avc_control(AVC_CALLBACK_GRANT,
+			   ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/*
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained.
+ */
+int avc_ss_try_revoke(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	access_vector_t *out_retained)	/* OUT */
+{
+	return avc_control(AVC_CALLBACK_TRY_REVOKE,
+			   ssid, tsid, tclass, perms, seqno, out_retained);
+}
+
+
+/*
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno)			/* IN */
+{
+	return avc_control(AVC_CALLBACK_REVOKE,
+			   ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/* 
+ * Flush the cache and revalidate all migrated permissions.
+ */
+int avc_ss_reset(__u32 seqno)
+{
+	avc_callback_node_t *c;
+	int rc;
+	avc_node_t     *node, *tmp;
+	int             i;
+
+	avc_hash_eval("reset");
+
+	spin_lock(&avc_lock);
+
+	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+		node = avc_cache.slots[i];
+		while (node) {
+			tmp = node;
+			node = node->next;
+			tmp->ae.ssid = tmp->ae.tsid = SECSID_NULL;
+			tmp->ae.tclass = SECCLASS_NULL;
+			tmp->ae.allowed = tmp->ae.decided = 0;
+			tmp->ae.auditallow = tmp->ae.auditdeny = 0;
+			tmp->ae.used = 0;
+			tmp->next = avc_node_freelist;
+			avc_node_freelist = tmp;
+			avc_cache.activeNodes--;
+		}
+		avc_cache.slots[i] = 0;
+	}
+	avc_cache.lru_hint = 0;
+
+	spin_unlock(&avc_lock);
+
+	for (i = 0; i < AVC_NSTATS; i++)
+		avc_cache_stats[i] = 0;
+
+	for (c = avc_callbacks; c; c = c->next) {
+		if (c->events & AVC_CALLBACK_RESET) {
+			rc = c->callback(AVC_CALLBACK_RESET, 
+					 0, 0, 0, 0, 0);
+			if (rc)
+				return rc;
+		}
+	}
+
+	spin_lock(&avc_lock);
+	if (seqno > avc_cache.latest_notif)
+		avc_cache.latest_notif = seqno;
+	spin_unlock(&avc_lock);	
+
+	return 0;
+}
+
+
+/* Enable or disable auditing of granted permissions */
+int avc_ss_set_auditallow(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	__u32 enable)
+{
+	if (enable)
+		return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
+				   ssid, tsid, tclass, perms, seqno, 0);
+	else
+		return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
+				   ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/* Enable or disable auditing of denied permissions */
+int avc_ss_set_auditdeny(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	__u32 enable)
+{
+	if (enable)
+		return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
+				   ssid, tsid, tclass, perms, seqno, 0);
+	else
+		return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
+				   ssid, tsid, tclass, perms, seqno, 0);
+}
+
+
+/*
+ * Toggle the AVC between being permissive and 
+ * enforcing permissions.  
+ */
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+long sys_avc_toggle(void) 
+{
+	extern int ss_initialized;
+	int error;
+
+	error = task_has_system(current, SYSTEM__AVC_TOGGLE);
+	if (error)
+		return error;
+	avc_debug_always_allow = !avc_debug_always_allow;
+	if (!avc_debug_always_allow) {
+		avc_ss_reset(avc_cache.latest_notif);
+		if (!ss_initialized) {
+			error = security_init();
+			if (error)
+				panic("SELinux:  Could not initialize\n");
+		}
+	}
+	return avc_debug_always_allow;
+}
+
+long sys_avc_enforcing(void) 
+{
+	return !avc_debug_always_allow;
+}
+#else
+long sys_avc_toggle(void) 
+{
+	return 0;
+}
+
+long sys_avc_enforcing(void) 
+{
+	return 1;
+}
+#endif
+
+
diff --minimal -Nru a/security/selinux/flask/Makefile b/security/selinux/flask/Makefile
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/Makefile	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,32 @@
+#
+# Makefile for building the SELinux module as part of the kernel.
+#
+
+AWK = awk
+
+CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
+          else if [ -x /bin/bash ]; then echo /bin/bash; \
+          else echo sh; fi ; fi)
+
+FLASK_H_DEPEND = security_classes initial_sids
+AV_H_DEPEND = access_vectors
+IDIR = ../include/linux/flask
+
+FLASK_H_FILES = av_inherit.h av_perm_to_string.h av_permissions.h class_to_string.h common_perm_to_string.h flask.h initial_sid_to_string.h
+FLASK_IH_FILES := $(addprefix $(IDIR)/,$(FLASK_H_FILES))
+
+all:  ../include/linux/flask/flask.h ../include/linux/flask/av_permissions.h
+
+../include/linux/flask/flask.h: $(FLASK_H_DEPEND)
+	$(CONFIG_SHELL) ./mkflask.sh $(AWK) $(FLASK_H_DEPEND)
+	install flask.h class_to_string.h initial_sid_to_string.h $(IDIR)
+
+../include/linux/flask/av_permissions.h: $(AV_H_DEPEND)
+	$(CONFIG_SHELL) ./mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
+	install av_inherit.h common_perm_to_string.h av_perm_to_string.h av_permissions.h $(IDIR)
+
+clean:  
+	rm -f $(FLASK_H_FILES)
+	rm -f $(FLASK_IH_FILES)
+
+include $(TOPDIR)/Rules.make
diff --minimal -Nru a/security/selinux/flask/access_vectors b/security/selinux/flask/access_vectors
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/access_vectors	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,346 @@
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+	poll
+	ioctl
+	read
+	write
+	create
+	getattr
+	setattr
+	lock
+	relabelfrom
+	relabelto
+	transition
+	append
+	access
+	unlink
+	link
+	rename
+	execute
+	swapon
+	quotaon
+	mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+	poll
+	ioctl
+	read
+	write
+	create
+	getattr
+	setattr
+	lock
+	relabelfrom
+	relabelto
+	transition
+	append
+# socket-specific
+	bind
+	connect
+	listen
+	accept
+	getopt
+	setopt
+	shutdown
+	recvfrom
+	sendto
+	recv_msg
+	send_msg
+	name_bind
+}	
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+	create
+	destroy
+	getattr
+	setattr
+	read
+	write
+	associate
+	unix_read
+	unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+	mount
+	remount
+	unmount
+	getattr
+	relabelfrom
+	relabelto
+	transition
+	associate
+	quotamod
+	quotaget
+}
+
+class dir
+inherits file
+{
+	add_name
+	remove_name
+	reparent
+	search
+	rmdir
+}
+
+class file
+inherits file
+{
+	execute_no_trans
+	entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+	create
+	use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+	connectto
+	newconn
+	acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node 
+{
+	tcp_recv
+	tcp_send
+	udp_recv
+	udp_send
+	rawip_recv
+	rawip_send
+	enforce_dest
+}
+
+class netif
+{
+	getattr
+	setattr
+	tcp_recv
+	tcp_send
+	udp_recv
+	udp_send
+	rawip_recv
+	rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+	connectto
+	newconn
+	acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+	fork
+	transition
+	sigchld
+	sigkill
+	sigstop
+	signal
+	ptrace
+	getsched
+	setsched
+	getsession
+	getpgid
+	setpgid
+	getcap
+	setcap
+	share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+	enqueue
+}
+
+class msg
+{
+	send
+	receive
+}
+
+class shm
+inherits ipc
+{
+	lock
+}
+
+
+#
+# Define the access vector interpretation for the security server. 
+#
+
+class security
+{
+	compute_av
+	notify_perm
+	transition_sid
+	member_sid
+	sid_to_context
+	context_to_sid
+	load_policy
+	get_sids
+	register_avc
+	change_sid
+	get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+	net_io_control
+	route_control
+	arp_control
+	rarp_control
+	ipc_info
+	avc_toggle
+	nfsd_control
+	bdflush
+	syslog_read
+	syslog_mod
+	syslog_console
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+	# The capabilities are defined in include/linux/capability.h
+	# Care should be taken to ensure that these are consistent with
+	# those definitions. (Order matters)
+
+	chown           
+	dac_override    
+	dac_read_search 
+	fowner          
+	fsetid          
+	kill            
+	setgid           
+	setuid           
+	setpcap          
+	linux_immutable  
+	net_bind_service 
+	net_broadcast    
+	net_admin        
+	net_raw          
+	ipc_lock         
+	ipc_owner        
+	sys_module       
+	sys_rawio        
+	sys_chroot       
+	sys_ptrace       
+	sys_pacct        
+	sys_admin        
+	sys_boot         
+	sys_nice         
+	sys_resource     
+	sys_time         
+	sys_tty_config  
+	mknod
+	lease
+}
diff --minimal -Nru a/security/selinux/flask/initial_sids b/security/selinux/flask/initial_sids
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/initial_sids	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,39 @@
+# FLASK
+
+#
+# Define initial security identifiers 
+#
+
+sid kernel
+sid security
+sid unlabeled
+sid fs
+sid file
+sid file_labels
+sid init
+sid proc
+sid any_socket
+sid port
+sid netif
+sid netmsg
+sid node
+sid icmp_socket
+sid tcp_socket
+sid proc_kmsg
+sid proc_kcore
+sid sysctl_modprobe
+sid sysctl
+sid sysctl_fs
+sid sysctl_kernel
+sid sysctl_net
+sid sysctl_net_unix
+sid sysctl_vm
+sid sysctl_dev
+sid kmod
+sid devpts
+sid nfs
+sid policy
+sid tmpfs
+sid devfs
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/mkaccess_vector.sh b/security/selinux/flask/mkaccess_vector.sh
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/mkaccess_vector.sh	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,250 @@
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+#subproject id
+subproject="FLASK"
+
+awk=$1
+shift
+
+# output files
+av_permissions="av_permissions.h"
+av_inherit="av_inherit.h"
+common_perm_to_string="common_perm_to_string.h"
+av_perm_to_string="av_perm_to_string.h"
+
+cat $* | $awk "
+BEGIN	{
+		outfile = \"$av_permissions\"
+		subproject = \"$subproject\"
+		inheritfile = \"$av_inherit\"
+		cpermfile = \"$common_perm_to_string\"
+		avpermfile = \"$av_perm_to_string\"
+		"'
+		nextstate = "COMMON_OR_AV";
+		printf("/* This file is automatically generated.  Do not edit. */\n") > outfile;
+		printf("/* This file is automatically generated.  Do not edit. */\n") > inheritfile;
+		printf("/* This file is automatically generated.  Do not edit. */\n") > cpermfile;
+		printf("/* This file is automatically generated.  Do not edit. */\n") > avpermfile;
+;
+		printf("/* %s */\n\n", subproject) > outfile;
+
+		printf("/* %s */\n\n", subproject) > cpermfile;
+
+		printf("/* %s */\n\n", subproject) > inheritfile;
+		printf("typedef struct\n") > inheritfile;
+		printf("{\n") > inheritfile;
+		printf("    security_class_t tclass;\n") > inheritfile;
+		printf("    char **common_pts;\n") > inheritfile; 
+		printf("    access_vector_t common_base;\n") > inheritfile; 
+		printf("} av_inherit_t;\n\n") > inheritfile;
+		printf("static av_inherit_t av_inherit[] = {\n") > inheritfile;
+	
+		printf("/* %s */\n\n", subproject) > avpermfile;
+		printf("typedef struct\n") > avpermfile;
+		printf("{\n") > avpermfile;
+		printf("    security_class_t tclass;\n") > avpermfile;
+		printf("    access_vector_t value;\n") > avpermfile; 
+		printf("    char *name;\n") > avpermfile; 
+		printf("} av_perm_to_string_t;\n\n") > avpermfile;
+		printf("static av_perm_to_string_t av_perm_to_string[] = {\n") > avpermfile;
+	}
+/^[ \t]*#/	{ 
+			next;
+		}
+$1 == "common"	{ 
+			if (nextstate != "COMMON_OR_AV")
+			{
+				printf("Parse error:  Unexpected COMMON definition on line %d\n", NR);
+				next;	
+			}
+
+			if ($2 in common_defined)
+			{
+				printf("Duplicate COMMON definition for %s on line %d.\n", $2, NR);
+				next;
+			}	
+			common_defined[$2] = 1;
+
+			tclass = $2;
+			common_name = $2; 
+			permission = 1;
+
+			printf("static char *common_%s_perm_to_string[] =\n{\n", $2) > cpermfile;
+
+			nextstate = "COMMON-OPENBRACKET";
+			next;
+		}
+$1 == "class"	{
+			if (nextstate != "COMMON_OR_AV" &&
+			    nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+			{
+				printf("Parse error:  Unexpected class definition on line %d\n", NR);
+				next;	
+			}
+
+			tclass = $2;
+
+			if (tclass in av_defined)
+			{
+				printf("Duplicate access vector definition for %s on line %d\n", tclass, NR);
+				next;
+			} 
+			av_defined[tclass] = 1;
+
+			inherits = "";
+			permission = 1;
+
+			nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
+			next;
+		}
+$1 == "inherits" {			
+			if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET")
+			{
+				printf("Parse error:  Unexpected INHERITS definition on line %d\n", NR);
+				next;	
+			}
+
+			if (!($2 in common_defined))
+			{
+				printf("COMMON %s is not defined (line %d).\n", $2, NR);
+				next;
+			}
+
+			inherits = $2;
+			permission = common_base[$2];
+
+			for (combined in common_perms)
+			{
+				split(combined,separate, SUBSEP);
+				if (separate[1] == inherits)
+				{
+					printf("#define %s__%s", toupper(tclass), toupper(separate[2])) > outfile; 
+					spaces = 40 - (length(separate[2]) + length(tclass));
+					if (spaces < 1)
+					      spaces = 1;
+					for (i = 0; i < spaces; i++) 
+						printf(" ") > outfile; 
+					printf("0x%08xUL\n", common_perms[combined]) > outfile; 
+				}
+			}
+			printf("\n") > outfile;
+	
+			printf("   { SECCLASS_%s, common_%s_perm_to_string, 0x%08xUL },\n", toupper(tclass), inherits, permission) > inheritfile; 
+
+			nextstate = "CLASS_OR_CLASS-OPENBRACKET";
+			next;
+		}
+$1 == "{"	{ 
+			if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
+			    nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
+			    nextstate != "COMMON-OPENBRACKET")
+			{
+				printf("Parse error:  Unexpected { on line %d\n", NR);
+				next;
+			}
+
+			if (nextstate == "INHERITS_OR_CLASS-OPENBRACKET")
+				nextstate = "CLASS-CLOSEBRACKET";
+
+			if (nextstate == "CLASS_OR_CLASS-OPENBRACKET")
+				nextstate = "CLASS-CLOSEBRACKET";
+
+			if (nextstate == "COMMON-OPENBRACKET")
+				nextstate = "COMMON-CLOSEBRACKET";
+		}
+/[a-z][a-z_]*/	{
+			if (nextstate != "COMMON-CLOSEBRACKET" &&
+			    nextstate != "CLASS-CLOSEBRACKET")
+			{
+				printf("Parse error:  Unexpected symbol %s on line %d\n", $1, NR);		
+				next;
+			}
+
+			if (nextstate == "COMMON-CLOSEBRACKET")
+			{
+				if ((common_name,$1) in common_perms)
+				{
+					printf("Duplicate permission %s for common %s on line %d.\n", $1, common_name, NR);
+					next;
+				}
+
+				common_perms[common_name,$1] = permission;
+
+				printf("#define COMMON_%s__%s", toupper(common_name), toupper($1)) > outfile; 
+
+				printf("    \"%s\",\n", $1) > cpermfile;
+			}
+			else
+			{
+				if ((tclass,$1) in av_perms)
+				{
+					printf("Duplicate permission %s for %s on line %d.\n", $1, tclass, NR);
+					next;
+				}
+
+				av_perms[tclass,$1] = permission;
+		
+				if (inherits != "")
+				{
+					if ((inherits,$1) in common_perms)
+					{
+						printf("Permission %s in %s on line %d conflicts with common permission.\n", $1, tclass, inherits, NR);
+						next;
+					}
+				}
+
+				printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile; 
+
+				printf("   { SECCLASS_%s, %s__%s, \"%s\" },\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile; 
+			}
+
+			spaces = 40 - (length($1) + length(tclass));
+			if (spaces < 1)
+			      spaces = 1;
+
+			for (i = 0; i < spaces; i++) 
+				printf(" ") > outfile; 
+			printf("0x%08xUL\n", permission) > outfile; 
+			permission = permission * 2;
+		}
+$1 == "}"	{
+			if (nextstate != "CLASS-CLOSEBRACKET" && 
+			    nextstate != "COMMON-CLOSEBRACKET")
+			{
+				printf("Parse error:  Unexpected } on line %d\n", NR);
+				next;
+			}
+
+			if (nextstate == "COMMON-CLOSEBRACKET")
+			{
+				common_base[common_name] = permission;
+				printf("};\n\n") > cpermfile; 
+			}
+
+			printf("\n") > outfile;
+
+			nextstate = "COMMON_OR_AV";
+		}
+END	{
+		if (nextstate != "COMMON_OR_AV" && nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+			printf("Parse error:  Unexpected end of file\n");
+
+		printf("\n/* %s */\n", subproject) > outfile;
+
+		printf("\n/* %s */\n", subproject) > cpermfile;
+	
+		printf("};\n\n") > inheritfile;
+		printf("#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))\n\n") > inheritfile;
+		printf("\n/* %s */\n", subproject) > inheritfile;
+
+		printf("};\n\n") > avpermfile;
+		printf("#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))\n\n") > avpermfile;
+		printf("\n/* %s */\n", subproject) > avpermfile;
+	}'
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/mkflask.sh b/security/selinux/flask/mkflask.sh
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/mkflask.sh	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,99 @@
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+awk=$1
+shift 1
+
+# output file
+output_file="flask.h"
+debug_file="class_to_string.h"
+debug_file2="initial_sid_to_string.h"
+
+cat $* | $awk "
+BEGIN	{
+		outfile = \"$output_file\"
+		debugfile = \"$debug_file\"
+		debugfile2 = \"$debug_file2\"
+		"'
+		nextstate = "CLASS";
+
+		printf("/* This file is automatically generated.  Do not edit. */\n") > outfile;
+
+		printf("#ifndef _LINUX_FLASK_H_\n") > outfile;
+		printf("#define _LINUX_FLASK_H_\n") > outfile;
+		printf("\n#include <linux/flask/flask_types.h>\n") > outfile;
+
+		printf("\n/*\n * Security object class definitions\n */\n") > outfile;
+		printf("/* This file is automatically generated.  Do not edit. */\n") > debugfile;
+		printf("/*\n * Security object class definitions\n */\n") > debugfile;
+		printf("static char *class_to_string[] =\n{\n") > debugfile;
+		printf("    \"null\",\n") > debugfile;
+		printf("/* This file is automatically generated.  Do not edit. */\n") > debugfile2;
+		printf("static char *initial_sid_to_string[] =\n{\n") > debugfile2;
+		printf("    \"null\",\n") > debugfile2;
+	}
+/^[ \t]*#/	{ 
+			next;
+		}
+$1 == "class"	{ 
+			if (nextstate != "CLASS")
+			{
+				printf("Parse error:  Unexpected class definition on line %d\n", NR);
+				next;	
+			}
+
+			if ($2 in class_found)
+			{
+				printf("Duplicate class definition for %s on line %d.\n", $2, NR);
+				next;
+			}	
+			class_found[$2] = 1;
+
+			class_value++;
+
+			printf("#define SECCLASS_%s", toupper($2)) > outfile;
+			for (i = 0; i < 40 - length($2); i++) 
+				printf(" ") > outfile; 
+			printf("%d\n", class_value) > outfile; 
+
+			printf("    \"%s\",\n", $2) > debugfile;
+		}
+$1 == "sid"	{ 
+			if (nextstate == "CLASS")
+			{
+			    nextstate = "SID";
+			    printf("};\n\n") > debugfile;
+			    printf("\n/*\n * Security identifier indices for initial entities\n */\n") > outfile;			    
+			}
+
+			if ($2 in sid_found)
+			{
+				printf("Duplicate SID definition for %s on line %d.\n", $2, NR);
+				next;
+			}	
+			sid_found[$2] = 1;
+			sid_value++;
+
+			printf("#define SECINITSID_%s", toupper($2)) > outfile;
+			for (i = 0; i < 37 - length($2); i++) 
+				printf(" ") > outfile; 
+			printf("%d\n", sid_value) > outfile; 
+			printf("    \"%s\",\n", $2) > debugfile2;
+		}
+END	{
+		if (nextstate != "SID")
+			printf("Parse error:  Unexpected end of file\n");
+
+		printf("\n#define SECINITSID_NUM") > outfile;
+		for (i = 0; i < 34; i++) 
+			printf(" ") > outfile; 
+		printf("%d\n", sid_value) > outfile; 
+		printf("\n#endif\n") > outfile;
+		printf("};\n\n") > debugfile2;
+	}'
+
+# FLASK
diff --minimal -Nru a/security/selinux/flask/security_classes b/security/selinux/flask/security_classes
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/flask/security_classes	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,43 @@
+# FLASK
+
+#
+# Define the security object classes 
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
diff --minimal -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/hooks.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,4338 @@
+/*
+ *  NSA Security-Enhanced Linux (SELinux) security module
+ *
+ *  This file contains the SELinux hook function implementations.
+ *
+ *  Authors:  Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *            Chris Vance, <cvance@nai.com>
+ *            Wayne Salamon, <wsalamon@nai.com>
+ *
+ *  Copyright (C) 2001 Networks Associates Technology, Inc.
+ * 
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */ 
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+#include <linux/capability.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include <linux/mm.h>
+#include <linux/mman.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/spinlock.h>
+#include <linux/file.h>
+#include <linux/ext2_fs.h>
+#include <net/ip.h>		/* for sysctl_local_port_range[] */
+#include <asm/uaccess.h>
+#include <asm/semaphore.h>
+#include <asm/ioctls.h>
+#include <linux/bitops.h>
+#include <linux/interrupt.h>
+#include <linux/netfilter.h>	/* for network interface checks */
+#include <linux/netdevice.h>	/* for network interface checks */
+#include <linux/netlink.h>
+#include "selinux_plug.h"
+
+
+/* Original (dummy) security module. */
+static struct security_operations *original_ops = NULL;
+
+/* Minimal support for a secondary security module,
+   just to allow the use of the capability plug. */
+static struct security_operations *secondary_ops = NULL;
+
+/* 
+ * Tables to map the CTL table name to a security ID.
+ * The members of this struct are used to define a signature for 
+ * matching the sysctl field to a specific SID. Because the ctl_name
+ * values are not unique, we rely on the procname even though it is
+ * not guaranteed to be present. So far we only care about sysctl
+ * fields that have an associated procname. 
+ * These ctl tables are defined in sysctl.c, except where noted. 
+ */
+static ctl_sid ctl_sid_kern_table[] = {
+	{KERN_OSTYPE, "ostype", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_OSRELEASE, "osrelease", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_VERSION, "version", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_NODENAME, "hostname", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_DOMAINNAME, "domainname", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PANIC, "panic", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_CAP_BSET, "cap-bound", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_REALROOTDEV, "real-rot-dev", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SPARC_REBOOT, "reboot-cmd", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SPARC_STOP_A, "stop-a", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PPC_HTABRECLAIM, "htab-reclaim",SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PPC_ZEROPAGED, "zero-paged", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PPC_POWERSAVE_NAP, "powersave-nap", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PPC_L2CR, "l2cr", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_CTLALTDEL, "ctrl-alt-del", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_PRINTK, "printk", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_MODPROBE, "modprobe", SECINITSID_SYSCTL_MODPROBE, NULL},
+	{KERN_HOTPLUG, "hotplug", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SG_BIG_BUFF, "sg-big-buff", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_ACCT, "acct", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_RTSIGNR, "rtsig-nr", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_RTSIGMAX, "rtsig-max", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SHMMAX, "shmmax", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SHMALL, "shmall", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SHMMNI, "shmmni", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_MSGMAX, "msgmax", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_MSGMNI, "msgmni", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_MSGMNB, "msgmnb", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SEM, "sem", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_SYSRQ, "sysrq", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_MAX_THREADS, "threads-max", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_RANDOM, "random", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_OVERFLOWUID, "overflowuid", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_OVERFLOWGID, "overflowgid", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_IEEE_EMULATION_WARNINGS, "ieee_emulation_warnings", SECINITSID_SYSCTL_KERNEL, NULL},
+	{KERN_S390_USER_DEBUG_LOGGING, "userprocess_debug", SECINITSID_SYSCTL_KERNEL, NULL},
+	{0}
+};
+
+static ctl_sid ctl_sid_vm_table[] = {
+	{VM_FREEPG, "freepages", SECINITSID_SYSCTL_VM, NULL},
+	{VM_BDFLUSH, "bdflush", SECINITSID_SYSCTL_VM, NULL},
+	{VM_OVERCOMMIT_MEMORY, "overcommit_memory", SECINITSID_SYSCTL_VM, NULL},
+	{VM_BUFFERMEM, "buffermem", SECINITSID_SYSCTL_VM, NULL},
+	{VM_PAGECACHE, "pagecache", SECINITSID_SYSCTL_VM, NULL},
+	{VM_PAGERDAEMON, "kswapd", SECINITSID_SYSCTL_VM, NULL},
+	{VM_PGT_CACHE, "pagetable_cache", SECINITSID_SYSCTL_VM, NULL},
+	{VM_PAGE_CLUSTER, "page-cluster", SECINITSID_SYSCTL_VM, NULL},
+	{0}
+};
+
+static ctl_sid ctl_sid_net_table[] = {
+	/* The Net ctl table is defined in net/sysctl_net.c */
+	{NET_CORE, "core", SECINITSID_SYSCTL_NET, NULL},
+	{NET_802, "802", SECINITSID_SYSCTL_NET, NULL},
+	{NET_ETHER, "ethernet", SECINITSID_SYSCTL_NET, NULL},
+	{NET_IPV4, "ipv4", SECINITSID_SYSCTL_NET, NULL},
+	{NET_IPV6, "ipv6", SECINITSID_SYSCTL_NET, NULL},
+	{NET_TR, "token-ring", SECINITSID_SYSCTL_NET, NULL},
+	{NET_ECONET, "econet", SECINITSID_SYSCTL_NET, NULL},
+	{NET_UNIX, "unix", SECINITSID_SYSCTL_NET_UNIX, NULL},
+	{0}
+};
+
+static ctl_sid ctl_sid_fs_table[] = {
+	{FS_NRINODE, "inode-nr", SECINITSID_SYSCTL_FS, NULL},
+	{FS_STATINODE, "inode-state", SECINITSID_SYSCTL_FS, NULL},
+	{FS_NRFILE, "file-nr", SECINITSID_SYSCTL_FS, NULL},
+	{FS_MAXFILE, "file-max", SECINITSID_SYSCTL_FS, NULL},
+	{FS_NRSUPER, "super-nr", SECINITSID_SYSCTL_FS, NULL},
+	{FS_MAXSUPER, "super-max", SECINITSID_SYSCTL_FS, NULL},
+	{FS_NRDQUOT, "dquot-nr", SECINITSID_SYSCTL_FS, NULL},
+	{FS_MAXDQUOT, "dquot-max", SECINITSID_SYSCTL_FS, NULL},
+	{FS_DENTRY, "dentry-state", SECINITSID_SYSCTL_FS, NULL},
+	{FS_OVERFLOWUID, "overflowuid", SECINITSID_SYSCTL_FS, NULL},
+	{FS_OVERFLOWGID, "overflowgid", SECINITSID_SYSCTL_FS, NULL},
+	{FS_LEASES, "leases-enable", SECINITSID_SYSCTL_FS, NULL},
+	{FS_DIR_NOTIFY, "dir-notify-enable", SECINITSID_SYSCTL_FS, NULL},
+	{FS_LEASE_TIME, "lease-break-time", SECINITSID_SYSCTL_FS, NULL},
+	{0}
+};
+
+static ctl_sid ctl_sid_root_table[] = {
+	{CTL_KERN, "kernel", SECINITSID_SYSCTL_KERNEL, ctl_sid_kern_table},
+	{CTL_VM, "vm", SECINITSID_SYSCTL_VM, ctl_sid_vm_table},
+	{CTL_NET, "net", SECINITSID_SYSCTL_NET, ctl_sid_net_table},
+	{CTL_PROC, "proc", SECINITSID_SYSCTL, NULL},
+	{CTL_FS, "fs", SECINITSID_SYSCTL_FS, ctl_sid_fs_table},
+	{CTL_DEBUG, "debug", SECINITSID_SYSCTL, NULL},	
+	{CTL_DEV, "dev", SECINITSID_SYSCTL_DEV, NULL},	
+	{0}
+};
+
+/* Lists of security blobs created by this module. 
+   Used to deallocate all security blobs and clear security 
+   fields when the module exits. */
+static LIST_HEAD(task_security_head);
+static LIST_HEAD(inode_security_head);
+static LIST_HEAD(file_security_head);
+static LIST_HEAD(msg_security_head);
+static LIST_HEAD(ipc_security_head);
+static LIST_HEAD(superblock_security_head);
+static LIST_HEAD(netdev_security_head);
+
+/* Allocate and free functions for each kind of security blob. */
+
+static struct semaphore task_alloc_semaphore;
+
+static int task_alloc_security(struct task_struct *task)
+{
+	struct task_security_struct *tsec;
+	int rc = 0;
+
+	if (safe_down(&task_alloc_semaphore))
+		return -ENOMEM;
+
+	tsec = task->security;
+	if (tsec && tsec->magic == SELINUX_MAGIC)
+		goto out;
+	  
+	tsec = kmalloc(sizeof(struct task_security_struct), SAFE_ALLOC);
+	if (!tsec) {
+		rc = -ENOMEM; 
+		goto out;
+	}
+	memset(tsec, 0, sizeof(struct task_security_struct));
+	tsec->magic = SELINUX_MAGIC;
+	tsec->task = task;
+	list_add(&tsec->list, &task_security_head);
+	tsec->osid = tsec->sid = SECINITSID_UNLABELED;
+	task->security = tsec;
+
+out:
+	safe_up(&task_alloc_semaphore);
+	return rc;
+}
+
+static void task_free_security(struct task_struct *task)
+{
+	struct task_security_struct *tsec = task->security;
+
+	if (!tsec || tsec->magic != SELINUX_MAGIC)
+		return; 
+
+	task->security = NULL;
+	list_del(&tsec->list);
+	kfree(tsec);
+}
+
+static struct semaphore inode_alloc_semaphore;
+
+static int inode_alloc_security(struct inode *inode)
+{
+	struct task_security_struct *tsec = current->security;
+	struct inode_security_struct *isec;
+	int rc = 0;
+
+	if (safe_down(&inode_alloc_semaphore))
+		return -ENOMEM;
+	isec = inode->i_security;
+	if (isec && isec->magic ==  SELINUX_MAGIC)
+		goto out;
+	isec = kmalloc(sizeof(struct inode_security_struct), SAFE_ALLOC);
+	if (!isec) {
+		rc = -ENOMEM; 
+		goto out;
+	}
+	memset(isec, 0, sizeof(struct inode_security_struct));
+	init_MUTEX(&isec->sem);
+	isec->magic = SELINUX_MAGIC;
+	isec->inode = inode;
+	list_add(&isec->list, &inode_security_head);
+	isec->sid = SECINITSID_UNLABELED;
+	if (tsec && tsec->magic == SELINUX_MAGIC)
+		isec->task_sid = tsec->sid;
+	else
+		isec->task_sid = SECINITSID_UNLABELED;
+	inode->i_security = isec;
+
+out:
+	safe_up(&inode_alloc_semaphore);
+	return rc;
+}
+
+static void inode_free_security(struct inode *inode)
+{
+	struct inode_security_struct *isec = inode->i_security;
+
+	if (!isec || isec->magic != SELINUX_MAGIC) 
+		return; 
+
+	inode->i_security = NULL;
+	list_del(&isec->list);
+	kfree(isec);
+}
+
+static struct semaphore file_alloc_semaphore;
+
+static int file_alloc_security(struct task_struct *task, struct file *file)
+{
+	struct task_security_struct *tsec = task->security;
+	struct file_security_struct *fsec;
+	int rc = 0;
+
+	if (safe_down(&file_alloc_semaphore))
+		return -ENOMEM;
+	fsec = file->f_security;
+	if (fsec && fsec->magic == SELINUX_MAGIC)
+		goto out;
+
+	fsec = kmalloc(sizeof(struct file_security_struct), SAFE_ALLOC);
+	if (!fsec) {
+		rc = -ENOMEM; 
+		goto out;
+	}
+	memset(fsec, 0, sizeof(struct file_security_struct));
+	fsec->magic = SELINUX_MAGIC;
+	fsec->file = file;
+	list_add(&fsec->list, &file_security_head);
+	if (tsec && tsec->magic == SELINUX_MAGIC) {
+		fsec->sid = tsec->sid;
+		fsec->fown_sid = tsec->sid;
+	} else {
+		fsec->sid = SECINITSID_UNLABELED;
+		fsec->fown_sid = SECINITSID_UNLABELED;
+	}
+	file->f_security = fsec;
+
+out:
+	safe_up(&file_alloc_semaphore);
+	return rc;
+}
+
+static void file_free_security(struct file *file)
+{
+	struct file_security_struct *fsec = file->f_security;
+
+	if (!fsec || fsec->magic != SELINUX_MAGIC) 
+		return; 
+
+	file->f_security = NULL;
+	list_del(&fsec->list);
+	kfree(fsec);
+}
+
+static struct semaphore sb_alloc_semaphore;
+
+static int superblock_alloc_security(struct super_block *sb)
+{
+	struct superblock_security_struct *sbsec;
+	int rc = 0;
+
+	if (safe_down(&sb_alloc_semaphore))
+		return -ENOMEM;
+	sbsec = sb->s_security;
+	if (sbsec && sbsec->magic == SELINUX_MAGIC)
+		goto out;
+
+	sbsec = kmalloc(sizeof(struct superblock_security_struct), SAFE_ALLOC);
+	if (!sbsec) {
+		rc = -ENOMEM; 
+		goto out;
+	}
+	memset(sbsec, 0, sizeof(struct superblock_security_struct));
+	init_MUTEX(&sbsec->sem);
+	sbsec->magic = SELINUX_MAGIC;
+	sbsec->sb = sb;
+	list_add(&sbsec->list, &superblock_security_head);
+	sbsec->sid = SECINITSID_UNLABELED;
+	sb->s_security = sbsec;
+out:
+	safe_up(&sb_alloc_semaphore);
+	return rc;
+}
+
+static void superblock_free_security(struct super_block *sb)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+
+	if (!sbsec || sbsec->magic != SELINUX_MAGIC) 
+		return; 
+
+	if (sbsec->uses_psids && sbsec->psidtab)
+		psid_release(sb);
+
+	sb->s_security = NULL;
+	list_del(&sbsec->list);
+	kfree(sbsec);
+}
+
+static struct semaphore netdev_alloc_semaphore;
+
+static int netdev_alloc_security(struct net_device *dev)
+{
+	struct netdev_security_struct *nsec;
+	int rc = 0;
+
+	if (safe_down(&netdev_alloc_semaphore))
+		return -ENOMEM;
+	nsec = dev->security;
+	if (nsec && nsec->magic == SELINUX_MAGIC) 
+		goto out;
+
+	nsec = kmalloc(sizeof(struct netdev_security_struct), SAFE_ALLOC);
+	if (!nsec) {
+		rc = -ENOMEM;
+		goto out;
+	}
+	memset(nsec, 0, sizeof(struct netdev_security_struct));
+	nsec->magic = SELINUX_MAGIC;
+	nsec->dev = dev;
+	list_add(&nsec->list, &netdev_security_head);
+	nsec->sid = nsec->default_msg_sid = SECINITSID_UNLABELED;
+	dev->security = nsec;
+out:
+	safe_up(&netdev_alloc_semaphore);
+	return rc;
+}
+
+static void netdev_free_security(struct net_device *dev)
+{
+	struct netdev_security_struct *nsec = dev->security;
+
+	if (!nsec || nsec->magic != SELINUX_MAGIC)
+		return; 
+
+	dev->security = NULL;
+	list_del(&nsec->list);
+	kfree(nsec);
+}
+
+/* The security server must be initialized before
+   any labeling or access decisions can be provided. */
+static inline int ss_precondition(void) 
+{
+	extern int ss_initialized;
+
+	return ss_initialized; 
+}
+
+/* The file system's label must be initialized prior to use.
+   If the file system is persistent, then its persistent label mapping 
+   must be initialized before labels for files in it can be obtained. */
+int superblock_precondition(struct super_block *sb) 
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+
+	if (sbsec && sbsec->magic == SELINUX_MAGIC) {
+		if (sbsec->initialized) 
+			return 1;  /* ready for service */
+	} else {
+		rc = superblock_alloc_security(sb);
+		if (rc)
+			return rc;
+		sbsec = sb->s_security;
+	}
+
+	if (test_and_set_bit(0, &sbsec->initializing))
+		return 0; /* currently initializing */
+
+	if ((strcmp(sb->s_type->name, "ext2") == 0) ||
+	    (strcmp(sb->s_type->name, "ext3") == 0) ||
+	    (strcmp(sb->s_type->name, "reiserfs") == 0)) {
+		/* PSIDs only work for persistent file systems with
+		   persistent inode numbers. */
+		if (in_interrupt()) {
+			sbsec->initializing = 0;
+			return 0; /* in interrupt, handle later */
+		}
+
+		rc = psid_init(sb);
+		if (rc) {
+			printk("superblock_precondition: psid_init returned "
+			       "%d, retrying... (filesystem=%s, pid=%d)\n", 
+			       -rc, sb->s_root->d_name.name, current->pid);
+			sbsec->initializing = 0;
+			return 0; 
+		}
+		sbsec->uses_psids = 1;
+	} else if (strcmp(sb->s_type->name, "proc") == 0)
+		sbsec->sid = SECINITSID_PROC;
+	else if (strcmp(sb->s_type->name, "devpts") == 0)
+		sbsec->sid = SECINITSID_DEVPTS;
+	else if (strcmp(sb->s_type->name, "nfs") == 0)
+		sbsec->sid = SECINITSID_NFS;
+	else if ( (strcmp(sb->s_type->name, "tmpfs") == 0) ||
+		  (strcmp(sb->s_type->name, "shm") == 0)) 
+		sbsec->sid = SECINITSID_TMPFS;
+	else if ( (strcmp(sb->s_type->name, "devfs") == 0))
+		sbsec->sid = SECINITSID_DEVFS;
+	else if ( (strcmp(sb->s_type->name, "pipefs") == 0) ||
+		  (strcmp(sb->s_type->name, "sockfs") == 0)) 
+		sbsec->uses_task = 1;
+
+	sbsec->initialized = 1;
+
+	return 1;
+}
+
+/*
+ * Set the SID on a /proc entry.
+ * The top-level directory is labeled with the proc initial SID.  
+ * The kmsg and kcore files are labeled with the kmsg and kcore initial SIDs.
+ * The /proc/sys entries are labeled consistently with the sysctl variables.
+ * The /proc/PID entries are labeled with the SID of the owning process.
+ * Most entries simply inherit their SID from the parent directory SID.
+ *
+ * Precondition:  the inode_security_struct has been allocated
+ * and initialized by inode_precondition.
+ */
+static void procfs_set_sid(struct dentry *dentry)
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *isec, *pisec;
+	struct dentry *parent;
+	unsigned int pid, c;
+	struct task_struct *task;
+	const char *name;
+	int len, len2, rc;
+
+	if (!dentry->d_inode)
+		return;
+
+	/* Initialize the SID to the proc initial SID. */
+	isec = dentry->d_inode->i_security;
+	if (!isec)
+		return;
+	isec->sid = SECINITSID_PROC;
+
+	name = dentry->d_name.name;
+	len = dentry->d_name.len;
+
+	parent = dentry->d_parent;
+	if (!parent || parent == dentry) {
+		/* /proc.  Done. */
+		return;
+	}
+
+	/* Ensure that the parent entry's attributes are set. */
+	rc = inode_precondition(parent->d_inode);
+	if (rc <= 0)
+		return;
+	pisec = parent->d_inode->i_security;
+
+	/* Inherit the SID from the parent by default. */
+	isec->sid = pisec->sid;
+
+	if (pisec->ctl) {
+		/* A /proc/sys entry.  Search the parent's table
+		   for this entry to find its SID. */
+		struct ctl_sid *ctl;
+		for (ctl = pisec->ctl; ctl->ctl_name; ctl++) {
+			len2 = strlen(ctl->procname);
+			if (len == len2 && !memcmp(name, ctl->procname, len)) {
+				isec->sid = ctl->sid;
+				isec->ctl = ctl->child;
+				break;
+			}
+		}
+		return;
+	}
+
+	if (parent->d_parent != parent) {
+		/* This entry is not in the top-level /proc directory.
+		   Simply return, inheriting from the parent. */
+		return;
+	}
+
+	/* Check for /proc/kmsg and /proc/kcore. */
+	if (len == 4 && !memcmp(name, "kmsg", 4)) {
+		isec->sid = SECINITSID_PROC_KMSG;
+		return;
+	}
+	if (len == 5 && !memcmp(name, "kcore", 5)) {
+		isec->sid = SECINITSID_PROC_KCORE;
+		return;
+	}
+
+	/* Check for /proc/sys. */
+	if (len == 3 && !memcmp(name, "sys", 3)) {
+		isec->sid = SECINITSID_SYSCTL;
+		isec->ctl = ctl_sid_root_table;
+		return;
+	}
+
+	/* For /proc/PID entries, use the SID of the owning process. 
+	   Derived from fs/proc/base.c:proc_pid_lookup. */
+#define MAX_MULBY10	((~0U-9)/10)
+	pid = 0;
+	while (len-- > 0) {
+		c = *name - '0';
+		name++;
+		if (c > 9)
+			return;
+		if (pid >= MAX_MULBY10)
+			return;
+		pid *= 10;
+		pid += c;
+		if (!pid)
+			return;
+	}
+
+	read_lock(&tasklist_lock);
+	task = find_task_by_pid(pid);
+	if (task)
+		get_task_struct(task);
+	read_unlock(&tasklist_lock);
+	if (!task)
+		return;
+
+	rc = task_precondition(task);
+	if (rc <= 0) {
+		printk("task_precondition failed, rc=%d, pid=%d\n", -rc, task->pid);
+		put_task_struct(task);
+		return;
+	}
+	tsec = task->security;
+	isec->sid = tsec->sid;
+	put_task_struct(task);
+
+	return;
+}
+
+extern char * avc_d_path(struct dentry *dentry, 
+			 char *buffer, int buflen);
+
+/* The inode's security attributes must be initialized before first use. */
+int inode_precondition(struct inode *inode) 
+{
+	struct superblock_security_struct *sbsec = NULL; 
+	struct inode_security_struct *isec = inode->i_security;
+	struct task_security_struct *tsec;
+	security_id_t sid;
+	char *buffer, *path;
+	struct dentry *dentry;
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+
+	if (isec && isec->magic == SELINUX_MAGIC) {
+		if (isec->initialized)
+			return 1;
+	} else {
+		rc = inode_alloc_security(inode);
+		if (rc)
+			return rc;
+		isec = inode->i_security;
+	}
+
+	if (test_and_set_bit(0, &isec->initializing))
+		return 0; /* currently initializing */
+
+	if (inode->i_sb) {
+		rc = superblock_precondition(inode->i_sb);
+		if (rc <= 0) {
+			isec->initializing = 0;
+			return rc;
+		}
+		sbsec = inode->i_sb->s_security;
+	}
+
+	if (inode->i_sock) {
+		struct socket *sock = SOCKET_I(inode);
+		if (sock->sk) {
+			isec->sclass = socket_type_to_security_class(sock->sk->family, sock->sk->type);
+		} else {
+			/* else TCP control message? */
+			isec->sclass = SECCLASS_SOCKET;
+		}
+	} else {
+		isec->sclass = inode_mode_to_security_class(inode->i_mode);
+	}
+
+	if (sbsec) {
+		if (sbsec->uses_psids) {
+			if (in_interrupt()) {
+				isec->initializing = 0;
+				return 0; /* in interrupt, handle later */
+			}
+
+			rc = psid_to_sid(inode, &isec->sid);
+			if (rc) {
+				printk("inode_precondition:  psid_to_sid returned %d for inode %p\n", -rc, inode);
+				isec->initializing = 0;
+				return rc;
+			}
+		} else if (sbsec->uses_task) {
+			isec->sid = isec->task_sid;
+		} else {
+			if (in_interrupt()) {
+				isec->initializing = 0;
+				return 0; /* in interrupt, handle later */
+			}
+
+		        /* Inherit from the file system */
+			isec->sid = sbsec->sid;
+		}
+
+		if (sbsec->sid == SECINITSID_PROC) {
+			/* Handle procfs entries. */
+			dentry = d_find_alias(inode);
+			if (dentry) {
+				procfs_set_sid(dentry);
+				dput(dentry);
+			}
+		}
+		if (sbsec->sid == SECINITSID_DEVFS) {
+			/* Handle devfs entries. */
+			dentry = d_find_alias(inode);
+			if (dentry) {
+				buffer = (char*)__get_free_page(GFP_KERNEL);
+				if (buffer) {
+					path = avc_d_path(dentry, buffer,
+							  PAGE_SIZE);
+					if (path) {
+						security_devfs_sid(path, 
+								   isec->sclass,
+								   &isec->sid);
+					}
+					free_page((unsigned long)buffer);
+				}
+				dput(dentry);
+			}
+		}
+		if (sbsec->sid == SECINITSID_DEVPTS) { 
+			dentry = d_find_alias(inode);
+			if (dentry) {
+				tsec = current->security;
+				rc = security_transition_sid(tsec->sid, 
+					SECINITSID_DEVPTS,
+					SECCLASS_CHR_FILE, &sid);
+				if( !rc ) {
+					isec->sid = sid;
+				}
+				dput(dentry);
+			}
+		}
+		if (sbsec->sid == SECINITSID_TMPFS) { 
+			tsec = current->security;
+			rc = security_transition_sid(tsec->sid, 
+						     SECINITSID_TMPFS,
+						     isec->sclass,
+						     &sid);
+			if( !rc )
+				isec->sid = sid;
+		}
+	}
+
+	isec->initialized = 1;
+
+	return 1;
+}
+
+/* The task's security attributes must be initialized before first use. */
+int task_precondition(struct task_struct *task) 
+{
+	struct task_security_struct *tsec = task->security, *psec;
+	struct task_struct *parent = task->p_pptr;
+	struct vm_area_struct *vma = NULL;
+	struct inode *inode = NULL;
+	struct inode_security_struct *isec;
+	security_id_t newsid;
+	security_context_t context;
+	char *buffer = NULL, *path = NULL;
+	__u32 len;
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+	     
+	if (tsec && tsec->magic == SELINUX_MAGIC)
+		return 1;
+
+	if (in_interrupt()) {
+		return 0; /* in interrupt, handle later */
+	}
+
+	parent = task->p_pptr;
+	if (parent == task) {
+		rc = task_alloc_security(task);
+		if (rc)
+			return rc;
+		tsec = task->security;
+		tsec->osid = tsec->sid = SECINITSID_KERNEL;
+		goto out;
+	}
+		
+	rc = task_precondition(parent);
+	if (rc <= 0)
+		return rc; 
+	psec = parent->security;
+
+	rc = task_alloc_security(task);
+	if (rc)
+		return rc;
+	tsec = task->security;
+
+	/* Default to the attributes of my parent. */
+	tsec->osid = psec->osid;
+	tsec->sid = psec->sid;
+
+	/* Try to determine the executable. */
+	if (!task->mm) 
+		goto out;
+	for (vma = task->mm->mmap; vma; vma = vma->vm_next) {
+		if ((vma->vm_flags & VM_EXECUTABLE) && 
+		    vma->vm_file) {
+			break;
+		}
+	}
+	if (!vma) 
+		goto out;
+
+	/* Try to obtain the executable's security attributes. */
+	inode = vma->vm_file->f_dentry->d_inode;
+	if (!inode)
+		goto out;
+	rc = inode_precondition(inode);
+	if (rc <= 0) {
+		/* May be in the midst of initializing the PSID mapping. */
+		task_free_security(task);
+		return rc;
+	}
+	isec = inode->i_security;
+
+	/* Compute my attributes based on the attributes of my
+	   parent and my executable. */
+	rc = security_transition_sid(psec->sid, 
+				     isec->sid,
+				     SECCLASS_PROCESS,
+				     &newsid);
+	if (rc) {
+		printk("task_precondition:  security_transition_sid returned %d\n", -rc);
+		goto out;
+	}
+
+	tsec->sid = newsid;
+
+
+out:
+	/* Typically, a task's attributes are initially assigned
+	   by task_alloc_security and changed upon program execution
+	   by bprm_compute_creds.  So task_precondition should
+	   only determine a task's attributes if the task
+	   was created prior to the initialization of this module.
+	   Show all such assignments until we are sure that they
+	   occur correctly both in the static case and the dynamically
+	   loaded case. */
+	
+	if (vma) {
+		buffer = (char*)__get_free_page(GFP_KERNEL);
+		if (buffer) {
+			path = d_path(vma->vm_file->f_dentry, 
+				      vma->vm_file->f_vfsmnt,
+				      buffer, PAGE_SIZE);
+		}
+	}
+
+	rc = security_sid_to_context(tsec->sid, &context, &len);
+	if (rc) {
+		printk("task_precondition:  assigning SID %d to pid %d exe=%s\n", tsec->sid, task->pid, path ? path : "none");
+	} else {
+		printk("task_precondition:  assigning context %s to pid %d exe=%s\n", context, task->pid, path ? path : "none");		
+		kfree(context);
+	}
+	if (buffer)
+		free_page((unsigned long)buffer);
+
+	return 1;
+}
+
+/* The file's security attributes must be initialized before first use. */
+int file_precondition(struct file *file) 
+{
+	struct file_security_struct *fsec = file->f_security;
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+
+	if (fsec && fsec->magic == SELINUX_MAGIC) 
+		return 1;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	rc = file_alloc_security(current, file);
+	if (rc)
+		return rc;
+
+	return 1;
+}
+
+/* The network interface security attributes must be initialized before 
+ * first use. */
+int netdev_precondition(struct net_device *dev) 
+{
+	struct netdev_security_struct *nsec = dev->security;
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+
+	if (nsec && nsec->magic == SELINUX_MAGIC) 
+		return 1;
+
+	rc = netdev_alloc_security(dev);
+	if (rc)
+		return rc;
+
+	/* Set the SID for the device and the default message SID */
+	nsec = dev->security;
+
+	rc = security_netif_sid(dev->name, &nsec->sid,
+				&nsec->default_msg_sid);
+	if (rc) 
+		return rc;
+
+	return 1;
+}
+
+/* Check permission betweeen a pair of tasks, e.g. signal checks,
+   fork check, ptrace check, etc. */
+int task_has_perm(struct task_struct *tsk1,
+		  struct task_struct *tsk2,
+		  access_vector_t perms)
+{
+	struct task_security_struct *tsec1, *tsec2;
+	int rc;
+
+	rc = task_precondition(tsk1);
+	if (rc <= 0)
+		return rc;
+	rc = task_precondition(tsk2);
+	if (rc <= 0)
+		return rc;
+	tsec1 = tsk1->security;
+	tsec2 = tsk2->security;
+	return avc_has_perm_ref(tsec1->sid, tsec2->sid, 
+				SECCLASS_PROCESS, perms, &tsec2->avcr);
+}
+
+/* Check whether a task is allowed to use a capability. */
+int task_has_capability(struct task_struct *tsk,
+			int cap)
+{
+	struct task_security_struct *tsec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+
+	tsec = tsk->security;
+	AVC_AUDIT_DATA_INIT(&ad,CAP);
+	ad.u.cap = cap;
+	return avc_has_perm_audit(tsec->sid, tsec->sid, 
+				  SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
+}
+
+/* Check whether a task is allowed to use a system operation. */
+int task_has_system(struct task_struct *tsk,
+		    access_vector_t perms)
+{
+	struct task_security_struct *tsec;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+
+	tsec = tsk->security;
+
+	return avc_has_perm(tsec->sid, SECINITSID_KERNEL, 
+			    SECCLASS_SYSTEM, perms);
+}
+
+/* Check whether a task is allowed to use a security operation. */
+int task_has_security(struct task_struct *tsk,
+		      access_vector_t perms)
+{
+	struct task_security_struct *tsec;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+
+	tsec = tsk->security;
+
+	return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 
+			    SECCLASS_SECURITY, perms);
+}
+
+/* Check whether a task has a particular permission to an inode.
+   The 'aeref' parameter is optional and allows other AVC
+   entry references to be passed (e.g. the one in the struct file).
+   The 'adp' parameter is optional and allows other audit
+   data to be passed (e.g. the dentry). */
+int inode_has_perm(struct task_struct *tsk,
+		   struct inode *inode,
+		   access_vector_t perms,
+		   avc_entry_ref_t *aeref,
+		   avc_audit_data_t *adp)
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(inode);
+	if (rc <= 0)
+		return rc;
+	tsec = tsk->security;
+	isec = inode->i_security;
+
+	if (!adp) {
+		adp = &ad;
+		AVC_AUDIT_DATA_INIT(&ad, FS);
+		ad.u.fs.inode = inode;
+	}
+
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass, 
+				      perms, aeref ? aeref : &isec->avcr, adp);
+}
+
+/* Same as inode_has_perm, but pass explicit audit data containing 
+   the dentry to help the auditing code to more easily generate the 
+   pathname if needed. */
+static inline int dentry_has_perm(struct task_struct *tsk,
+				  struct dentry *dentry, 
+				  access_vector_t av,
+				  avc_entry_ref_t *aeref) 
+{
+	struct inode *inode = dentry->d_inode;
+	avc_audit_data_t ad;
+	AVC_AUDIT_DATA_INIT(&ad,FS);
+	ad.u.fs.dentry = dentry;
+	return inode_has_perm(tsk, inode, av, aeref, &ad);
+}
+
+/* Check whether a task can use an open file descriptor to
+   access an inode in a given way.  Check access to the
+   descriptor itself, and then use dentry_has_perm to
+   check a particular permission to the file.
+   Access to the descriptor is implicitly granted if it
+   has the same SID as the process.  If av is zero, then
+   access to the file is not checked, e.g. for cases
+   where only the descriptor is affected like seek. */
+static inline int file_has_perm(struct task_struct *tsk,
+				struct file *file, 
+				access_vector_t av)
+{
+	struct task_security_struct *tsec;
+	struct file_security_struct *fsec;
+	struct dentry *dentry = file->f_dentry;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+	rc = file_precondition(file);
+	if (rc <= 0)
+		return rc;
+
+	tsec = tsk->security;
+	fsec = file->f_security;
+
+	if (tsec->sid != fsec->sid) {
+		AVC_AUDIT_DATA_INIT(&ad, FS);
+		ad.u.fs.dentry = file->f_dentry;
+
+		rc = avc_has_perm_ref_audit(tsec->sid, fsec->sid, 
+					    SECCLASS_FD,
+					    FD__USE,
+					    &fsec->avcr, &ad);
+		if (rc)
+			return rc;
+	}
+
+	/* av is zero if only checking access to the descriptor. */
+	if (av)
+		return dentry_has_perm(tsk, dentry, av, &fsec->inode_avcr);
+	
+	return 0;
+}
+
+/* Check whether a task can create a file. */
+static int may_create(struct inode *dir, 
+		      struct dentry *dentry, 
+		      security_class_t tclass)
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *dsec;
+	struct superblock_security_struct *sbsec;
+	security_id_t newsid;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(dir);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	dsec = dir->i_security;
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.dentry = dentry;
+
+	rc = avc_has_perm_ref_audit(tsec->sid, dsec->sid, SECCLASS_DIR, 
+				    DIR__ADD_NAME | DIR__SEARCH, 
+				    &dsec->avcr, &ad);
+	if (rc)
+		return rc;
+
+	if (tsec->in_sid[0]) {
+		newsid = tsec->in_sid[0];
+	} else {
+		rc = security_transition_sid(tsec->sid, dsec->sid, tclass, 
+					     &newsid);
+		if (rc)
+			return rc;
+	}
+
+	rc = avc_has_perm_audit(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
+	if (rc)
+		return rc;
+
+	if (dir->i_sb) {
+		sbsec = dir->i_sb->s_security;
+
+		rc = avc_has_perm_audit(newsid, sbsec->sid, 
+					SECCLASS_FILESYSTEM, 
+					FILESYSTEM__ASSOCIATE, &ad);
+		if (rc)
+			return rc;
+	}
+
+	return 0;
+}
+
+#define MAY_LINK   0
+#define MAY_UNLINK 1
+#define MAY_RMDIR  2
+
+/* Check whether a task can link, unlink, or rmdir a file/directory. */
+static int may_link(struct inode *dir, 
+		    struct dentry *dentry,
+		    int kind)
+				 
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *dsec, *isec;
+	avc_audit_data_t ad;
+	access_vector_t av;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(dir);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(dentry->d_inode);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	dsec = dir->i_security;
+	isec = dentry->d_inode->i_security;
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.dentry = dentry;
+
+	av = DIR__SEARCH;
+	av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
+	rc = avc_has_perm_ref_audit(tsec->sid, dsec->sid, SECCLASS_DIR, 
+				    av, &dsec->avcr, &ad);
+	if (rc)
+		return rc;
+
+	switch (kind) {
+	case MAY_LINK:
+		av = FILE__LINK;
+		break;
+	case MAY_UNLINK:
+		av = FILE__UNLINK;
+		break;
+	case MAY_RMDIR:
+		av = DIR__RMDIR;
+		break;
+	default:
+		printk("may_link:  unrecognized kind %d\n", kind);
+		return 0;
+	}
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass, 
+				    av, &isec->avcr, &ad);
+	return rc;
+}
+
+static inline int may_rename(struct inode *old_dir, 
+			     struct dentry *old_dentry, 
+			     struct inode *new_dir, 
+			     struct dentry *new_dentry)
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
+	avc_audit_data_t ad;
+	access_vector_t av;
+	int old_is_dir, new_is_dir;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(old_dir);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(new_dir);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(old_dentry->d_inode);
+	if (rc <= 0)
+		return rc;
+	if (new_dentry->d_inode) {
+		rc = inode_precondition(new_dentry->d_inode);
+		if (rc <= 0)
+			return rc;
+	}
+
+	tsec = current->security;
+	old_dsec = old_dir->i_security;
+	old_isec = old_dentry->d_inode->i_security;
+	old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
+	new_dsec = new_dir->i_security;
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+
+	ad.u.fs.dentry = old_dentry;
+	rc = avc_has_perm_ref_audit(tsec->sid, old_dsec->sid, SECCLASS_DIR, 
+				    DIR__REMOVE_NAME | DIR__SEARCH, 
+				    &old_dsec->avcr, &ad);
+	if (rc)
+		return rc;
+	rc = avc_has_perm_ref_audit(tsec->sid, old_isec->sid, 
+				    old_isec->sclass, 
+				    FILE__RENAME, 
+				    &old_isec->avcr, &ad);
+	if (rc)
+		return rc;
+	if (old_is_dir && new_dir != old_dir) {
+		rc = avc_has_perm_ref_audit(tsec->sid, old_isec->sid, 
+					    old_isec->sclass, 
+					    DIR__REPARENT, 
+					    &old_isec->avcr, &ad);
+		if (rc)
+			return rc;
+	}
+
+	ad.u.fs.dentry = new_dentry;
+	av = DIR__ADD_NAME | DIR__SEARCH;
+	if (new_dentry->d_inode)
+		av |= DIR__REMOVE_NAME;
+	rc = avc_has_perm_ref_audit(tsec->sid, new_dsec->sid, SECCLASS_DIR, 
+				    av,&new_dsec->avcr, &ad);
+	if (rc)
+		return rc;
+	if (new_dentry->d_inode) {
+		new_isec = new_dentry->d_inode->i_security;
+		new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
+		rc = avc_has_perm_ref_audit(tsec->sid, new_isec->sid, 
+					    new_isec->sclass,
+					    (new_is_dir ? DIR__RMDIR : FILE__UNLINK),
+					    &new_isec->avcr, &ad);
+		if (rc)
+			return rc;
+	}
+
+	return 0;
+}
+
+/* Check whether a task can perform a filesystem operation. */
+int superblock_has_perm(struct task_struct *tsk,
+			struct super_block *sb,
+			access_vector_t perms,
+			avc_audit_data_t *ad)
+{
+	struct task_security_struct *tsec;
+	struct superblock_security_struct *sbsec;
+	int rc;
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+	rc = superblock_precondition(sb);
+	if (rc <= 0)
+		return rc;
+	tsec = tsk->security;
+	sbsec = sb->s_security;
+	return avc_has_perm_audit(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 
+				  perms, ad);
+}
+
+/* Convert a Linux mode and permission mask to an access vector. */
+static inline access_vector_t file_mask_to_av(int mode, int mask) 
+{
+	access_vector_t av = 0;
+
+	if ((mode & S_IFMT) != S_IFDIR) {
+		if (mask & MAY_EXEC) 
+			av |= FILE__EXECUTE;
+		if (mask & MAY_READ) 
+			av |= FILE__READ;
+
+		if (mask & MAY_APPEND)
+			av |= FILE__APPEND;
+		else if (mask & MAY_WRITE) 
+			av |= FILE__WRITE;
+
+	} else {
+		if (mask & MAY_EXEC) 
+			av |= DIR__SEARCH;
+		if (mask & MAY_WRITE) 
+			av |= DIR__WRITE;
+		if (mask & MAY_READ) 
+			av |= DIR__READ;
+	}
+
+	return av;
+}
+
+/* Convert a Linux file to an access vector. */
+static inline access_vector_t file_to_av(struct file *file)
+{
+	access_vector_t av = 0;
+
+	if (file->f_mode & FMODE_READ) 
+		av |= FILE__READ;
+	if (file->f_mode & FMODE_WRITE) {
+		if (file->f_flags & O_APPEND)
+			av |= FILE__APPEND;
+		else
+			av |= FILE__WRITE;
+	}
+	return av;
+}
+
+/* Set an inode's SID, where the inode may or may not already
+   have a security structure. */
+int inode_security_set_sid(struct inode *inode, security_id_t sid)
+{
+	struct inode_security_struct *isec = inode->i_security;
+	int rc;
+
+	if (!isec) {
+		rc = inode_alloc_security(inode);
+		if (rc)
+			return rc;
+		isec = inode->i_security;
+	}
+	isec->sclass = inode_mode_to_security_class(inode->i_mode);
+	isec->sid = sid;
+	isec->initialized = 1;
+	return 0;
+}
+
+/* Set the security attributes on a newly created file. */
+static int post_create(struct inode *dir, 
+		       struct dentry *dentry)
+{
+
+	struct task_security_struct *tsec;
+	struct inode_security_struct *dsec;
+	struct superblock_security_struct *sbsec;
+	security_id_t newsid;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(dir);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	dsec = dir->i_security;
+
+	if (!dentry->d_inode) {
+		/* Some file system types (e.g. NFS) may not instantiate
+		   a dentry for all create operations (e.g. symlink),
+		   so we have to check to see if the inode is non-NULL. */
+		printk("post_create:  unable to set SID dir dev=%s ino=%ld\n", kdevname(dir->i_dev), dir->i_ino);
+		return 0;
+	}
+
+	/* XXX:  Need a way to propagate SID from may_create to post_create. */
+	if (tsec->in_sid[0]) {
+		newsid = tsec->in_sid[0];
+	} else {
+		rc = security_transition_sid(tsec->sid, dsec->sid, 
+					     inode_mode_to_security_class(dentry->d_inode->i_mode), 
+					     &newsid);
+		if (rc) {
+			printk("post_create:  unable to obtain new SID, rc=%d\n",-rc);
+			return rc;
+		}
+	}
+	
+	rc = inode_security_set_sid(dentry->d_inode, newsid);
+	if (rc) {
+		printk("post_create:  unable to set new SID, rc=%d\n",-rc);
+		return rc;
+	}
+
+	if (dir->i_sb) {
+		sbsec = dir->i_sb->s_security;
+		if (sbsec && sbsec->uses_psids) {
+			rc = sid_to_psid(dentry->d_inode, newsid);
+			if (rc) {
+				printk("post_create:  unable to set new PSID, rc=%d\n",-rc);
+				return rc;
+			}
+		}
+	}
+
+	return 0;
+}	
+
+
+/* Hook functions begin here. */
+
+/* assorted security operations  (mostly syscall interposition) */
+
+static int selinux_sethostname(char *hostname)
+{
+	/* Controlled via the capable hook - CAP_SYS_ADMIN */
+	return 0;
+}
+
+static int selinux_setdomainname(char *domainname)
+{
+	/* Controlled via the capable hook - CAP_SYS_ADMIN */
+	return 0;
+}
+
+static int selinux_reboot(unsigned int cmd)
+{
+	/* Controlled via the capable hook - CAP_SYS_BOOT */
+	return 0;
+}
+
+static int selinux_ioperm(unsigned long from, unsigned long num, int turn_on)
+{
+	/* Controlled via the capable hook - CAP_SYS_RAWIO */
+	return 0;
+}
+
+static int selinux_iopl(unsigned int old, unsigned int level)
+{
+	/* Controlled via the capable hook - CAP_SYS_RAWIO */
+	return 0;
+}
+
+static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
+{
+	int rc;
+
+	rc = secondary_ops->ptrace(parent,child);
+	if (rc)
+		return rc;
+
+	return task_has_perm(parent, child, PROCESS__PTRACE);
+}
+
+static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted)	
+{
+	int error;
+
+	error = task_has_perm(current, target, PROCESS__GETCAP);
+	if (error)
+		return error;
+
+	return secondary_ops->capget(target, effective, inheritable, permitted);
+}
+
+static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted)	
+{
+	int error;
+
+	error = task_has_perm(current, target, PROCESS__SETCAP);
+	if (error)
+		return error;
+
+	return secondary_ops->capset_check(target, effective, inheritable, permitted);
+}
+
+static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) 
+{
+	int error;
+
+	error = task_has_perm(current, target, PROCESS__SETCAP);
+	if (error)
+		return;
+
+	return secondary_ops->capset_set(target, effective, inheritable, permitted);
+}
+
+static int selinux_acct(struct file *file)
+{
+	/* Controlled via the capable hook - CAP_SYS_PACCT */
+	return 0;
+}
+
+static int selinux_capable(struct task_struct *tsk, int cap)
+{
+	int rc;
+
+	rc = secondary_ops->capable(tsk, cap);
+	if (rc)
+		return rc;
+
+	return task_has_capability(tsk,cap);
+}
+
+/* Function to search the hierarchy of ctl_sid tables for a match with a
+   given ctl table, where a match is defined as ctl_name and procname 
+   being equal. */
+static security_id_t search_ctl_sid(ctl_sid *root, ctl_table *table)
+{
+	ctl_sid *t;
+	for(t = root; t->ctl_name; t++) {
+		if((t->ctl_name == table->ctl_name) && 
+		(strcmp(t->procname, table->procname) == 0)) {
+			return t->sid;
+		}
+		if(t->child)
+		  return search_ctl_sid(t->child, table);
+	}
+	return SECINITSID_SYSCTL;
+}
+
+static int selinux_sysctl(ctl_table *table, int op)
+{
+	int error = 0;
+	access_vector_t av;
+	struct task_security_struct *tsec;
+	security_id_t tsid;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	tsid = search_ctl_sid(ctl_sid_root_table, table);
+
+	/* The op values are "defined" in sysctl.c, thereby creating
+	 * a bad coupling between this module and sysctl.c */
+	if(op == 001) {
+		error = avc_has_perm(tsec->sid, tsid, 
+					SECCLASS_DIR, DIR__SEARCH);
+	} else {
+		av = 0;
+		if (op & 004)
+			av |= FILE__READ;
+		if (op & 002)
+			av |= FILE__WRITE;
+		if (av)
+			error = avc_has_perm(tsec->sid, tsid,
+                                             SECCLASS_FILE, av);
+        }
+
+	return error;
+}
+
+static int selinux_sys_security(unsigned int magic, unsigned int call, unsigned long *args) 
+{
+	/* This hook function is not used, because the SELinux
+	   module replaces the generic security syscall with its
+	   own call in order to have the registers on the stack
+	   available for execve_secure. */
+	return -ENOSYS;
+}
+
+static int selinux_swapon(struct swap_info_struct *swap)
+{
+	return file_has_perm(current, swap->swap_file, FILE__SWAPON);
+}
+
+static int selinux_swapoff(struct swap_info_struct *swap)
+{
+	/* Controlled via the capable hook - CAP_SYS_ADMIN */
+	return 0;
+}
+
+static int selinux_nfsservctl(int cmd, struct nfsctl_arg *arg)
+{
+	return task_has_system(current, SYSTEM__NFSD_CONTROL);
+}
+
+static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+{
+	int rc = 0;
+
+	if (!sb)
+		return 0;
+
+	switch (cmds) {
+		case Q_QUOTAON:
+		case Q_QUOTAOFF:
+		case Q_SETQUOTA:
+		case Q_SETUSE:
+		case Q_SETQLIM:
+		case Q_SYNC:
+	        CASE_QMOD  
+			rc = superblock_has_perm(current, 
+						 sb, 
+						 FILESYSTEM__QUOTAMOD, NULL);
+			break;
+		case Q_GETQUOTA:
+		case Q_GETSTATS:
+		CASE_QGET 
+			rc = superblock_has_perm(current, 
+						 sb, 
+						 FILESYSTEM__QUOTAGET, NULL);
+			break;
+		default:
+			rc = 0;  /* let the kernel handle invalid cmds */
+			break;
+	}
+	return rc;
+}
+
+static int selinux_quota_on(struct file *f)
+{
+	return file_has_perm(current, f, FILE__QUOTAON);;
+}
+
+static int selinux_bdflush(int func, long data)
+{
+	return task_has_system(current, SYSTEM__BDFLUSH);
+}
+
+static int selinux_syslog(int type)
+{
+	int rc;
+
+	switch (type) {
+		case 3:         /* Read last kernel messages */
+			rc = task_has_system(current, SYSTEM__SYSLOG_READ);
+			break;
+		case 6:         /* Disable logging to console */
+		case 7:         /* Enable logging to console */
+		case 8:		/* Set level of messages printed to console */
+			rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
+			break;
+		case 0:         /* Close log */
+		case 1:         /* Open log */
+		case 2:         /* Read from log */
+		case 4:         /* Read/clear last kernel messages */
+		case 5:         /* Clear ring buffer */
+		default:
+			rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
+			break;
+	}
+	return rc;
+}
+
+static int selinux_netlink_send(struct sk_buff *skb)  
+{
+	if (capable(CAP_NET_ADMIN))
+		cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
+	else
+		NETLINK_CB(skb).eff_cap = 0;
+	return 0;
+}
+
+static int selinux_netlink_recv(struct sk_buff *skb)  
+{
+	if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) 
+		return -EPERM;
+	return 0;
+}
+
+/* binprm security operations */
+
+static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
+{
+	bprm->security = NULL;
+	return 0;
+}
+
+static int selinux_bprm_set_security(struct linux_binprm *bprm)
+{
+	struct task_security_struct *tsec, *psec;
+	struct inode *inode = bprm->file->f_dentry->d_inode;
+	struct inode_security_struct *isec;
+	security_id_t newsid;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = secondary_ops->bprm_ops->set_security(bprm);
+	if (rc)
+		return rc;
+
+	if (bprm->sh_bang || bprm->security)
+		/* The security field should already be set properly. */
+		return 0;
+
+	/* Preconditions */
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(inode);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	isec = inode->i_security;
+
+	/* Default to the current task SID. */
+	bprm->security = (void *)tsec->sid;
+
+	if (tsec->in_sid[0]) {
+		newsid = tsec->in_sid[0];
+	} else {
+		/* Check for a default transition on this program. */
+		rc = security_transition_sid(tsec->sid, isec->sid, SECCLASS_PROCESS, 
+					     &newsid);
+		if (rc)
+			return rc;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.dentry = bprm->file->f_dentry;
+
+        if (tsec->sid == newsid) {
+		rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, 
+					    SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, 
+					    &isec->avcr, &ad);
+		if (rc)
+			return rc;
+	} else {
+		/* Check permissions for the transition. */
+		rc = avc_has_perm_audit(tsec->sid, newsid, 
+					SECCLASS_PROCESS, PROCESS__TRANSITION, 
+					&ad);
+		if (rc)
+			return rc;
+
+		rc = avc_has_perm_ref_audit(newsid, isec->sid, 
+					    SECCLASS_FILE, FILE__ENTRYPOINT, 
+					    &isec->avcr, &ad);
+		if (rc)
+			return rc;
+
+		/* Check ptrace permission between the parent and 
+		   the new SID for this process if this process is 
+		   being traced. */
+		if (current->ptrace & PT_PTRACED) {
+			rc = task_precondition(current->p_pptr);
+			if (rc <= 0)
+				return rc;
+			psec = current->p_pptr->security;
+			rc = avc_has_perm(psec->sid, newsid, 
+					  SECCLASS_PROCESS, PROCESS__PTRACE);
+			if (rc)
+				return rc;
+		}
+
+		/* Check share permission between the old and new SIDs
+		   of the process if the process will share state. */
+		if ((atomic_read(&current->fs->count) > 1 ||
+		     atomic_read(&current->files->count) > 1 ||
+		     atomic_read(&current->sig->count) > 1)) {
+			rc = avc_has_perm(tsec->sid, newsid, 
+					  SECCLASS_PROCESS, PROCESS__SHARE);
+			if (rc)
+				return rc;
+		}
+
+		/* Set the security field to the new SID. */
+		bprm->security = (void*) newsid;
+	}
+
+	return 0;
+}
+
+static void selinux_bprm_free_security(struct linux_binprm *bprm)
+{
+	/* Nothing to do - not dynamically allocated. */
+	return;
+}
+
+/* Derived from fs/exec.c:flush_old_files. */
+static inline void flush_unauthorized_files(struct files_struct * files)
+{
+	avc_audit_data_t ad;
+	struct file *file;
+	long j = -1;
+
+	AVC_AUDIT_DATA_INIT(&ad,FS);
+
+	read_lock(&files->file_lock);
+	for (;;) {
+		unsigned long set, i;
+
+		j++;
+		i = j * __NFDBITS;
+		if (i >= files->max_fds || i >= files->max_fdset)
+			break;
+		set = files->open_fds->fds_bits[j];
+		if (!set)
+			continue;
+		read_unlock(&files->file_lock);
+		for ( ; set ; i++,set >>= 1) {
+			if (set & 1) {
+				file = fget(i);
+				if (!file)
+					continue;
+				if (file_has_perm(current,
+						  file, 
+						  file_to_av(file))) 
+					sys_close(i);
+				fput(file);
+			}
+		}
+		read_lock(&files->file_lock);
+
+	}
+	read_unlock(&files->file_lock);
+}
+
+static void selinux_bprm_compute_creds(struct linux_binprm *bprm)
+{
+	struct task_security_struct *tsec;
+	security_id_t sid;
+	int rc;
+
+	secondary_ops->bprm_ops->compute_creds(bprm);
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return;
+	tsec = current->security;
+
+	sid = (security_id_t)bprm->security;
+	if (!sid)
+		sid = tsec->sid;
+
+	tsec->osid = tsec->sid;
+	if (tsec->sid != sid) {
+		tsec->sid = sid;
+
+		flush_unauthorized_files(current->files);
+
+		/* need to force wait permission check if parent is waiting */
+		wake_up_interruptible(&current->p_pptr->wait_chldexit);
+	}
+}
+
+/* superblock security operations */
+
+static int selinux_sb_alloc_security(struct super_block *sb)
+{
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	return superblock_alloc_security(sb);
+}
+
+static void selinux_sb_free_security(struct super_block *sb)
+{
+	superblock_free_security(sb);
+}
+
+static int selinux_sb_statfs(struct super_block *sb)
+{
+	struct task_security_struct *tsec;
+	struct superblock_security_struct *sbsec;
+	int rc;
+
+	/* This hook function would simply call superblock_has_perm,
+	   but it also needs to save the sb SID to support
+	   statfs_secure, so we just inline superblock_has_perm. */
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = superblock_precondition(sb);
+	if (rc <= 0)
+		return rc;
+	tsec = current->security;
+	sbsec = sb->s_security;
+
+	tsec->out_sid[0] = sbsec->sid;
+
+	return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 
+			    FILESYSTEM__GETATTR);
+}
+
+static int selinux_mount(char * dev_name, 
+                         struct nameidata *nd, 
+                         char * type, 
+                         unsigned long flags, 
+                         void * data)	
+{
+	if (flags & MS_REMOUNT)
+		return superblock_has_perm(current, nd->mnt->mnt_sb, FILESYSTEM__REMOUNT, NULL);
+	else
+		return dentry_has_perm(current, nd->dentry, FILE__MOUNTON, NULL);
+}
+
+static int selinux_check_sb(struct vfsmount *mnt, struct nameidata *nd)
+{
+	avc_audit_data_t ad;
+
+
+	AVC_AUDIT_DATA_INIT(&ad,FS);
+	ad.u.fs.dentry = nd->dentry;
+	return superblock_has_perm(current, mnt->mnt_sb, FILESYSTEM__MOUNT, &ad);
+}
+
+static int selinux_umount(struct vfsmount *mnt, int flags)
+{
+	return superblock_has_perm(current,mnt->mnt_sb, FILESYSTEM__UNMOUNT,NULL);
+}
+
+static void selinux_umount_close(struct vfsmount *mnt)
+{
+	struct super_block *sb = mnt->mnt_sb;
+	struct superblock_security_struct *sbsec;
+	int rc;
+
+	rc = superblock_precondition(sb);
+	if (rc <= 0)
+		return;
+	sbsec = sb->s_security;
+
+	if (sbsec && sbsec->uses_psids)
+		psid_release(sb);
+	return;
+}
+
+static void selinux_umount_busy	(struct vfsmount *mnt)
+{
+	struct super_block *sb = mnt->mnt_sb;
+	struct superblock_security_struct *sbsec;
+	int rc;
+
+	rc = superblock_precondition(sb);
+	if (rc <= 0)
+		return;
+	sbsec = sb->s_security;
+
+	if (sbsec && sbsec->uses_psids)
+		psid_init(sb);
+
+	return;
+}
+
+static void selinux_post_remount(struct vfsmount *mnt, unsigned long flags, void *data)
+{
+	struct super_block *sb = mnt->mnt_sb;
+	struct superblock_security_struct *sbsec;
+	int rc;
+
+	rc = superblock_precondition(sb);
+	if (rc <= 0)
+		return;
+	sbsec = sb->s_security;
+
+	if (sbsec && sbsec->uses_psids)
+		psid_remount(sb);
+}
+
+static void selinux_post_mountroot	(void)
+{
+	int rc;
+
+	rc = security_init();
+	if (rc) {
+		handle_security_init_failure;
+		return;
+	}
+
+	if (!current->fs || !current->fs->rootmnt || !current->fs->rootmnt->mnt_sb) {
+		printk("selinux_post_mountroot:  unable to initialize root filesystem.\n");
+		return;
+	}
+
+	rc = superblock_precondition(current->fs->rootmnt->mnt_sb);
+	if (rc <= 0)
+		return;
+
+	return;
+}
+
+static void selinux_post_addmount(struct vfsmount *mnt, struct nameidata *nd)
+{
+	/* No longer necessary due to check_sb, but leave it here until
+	   the check_sb hook shows up in the released SELinux prototype. */
+	superblock_precondition(mnt->mnt_sb);
+}
+
+/* inode security operations */
+
+static int selinux_inode_alloc_security(struct inode *inode)
+{
+	int rc;
+  
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	return inode_alloc_security(inode);
+}
+
+static void selinux_inode_free_security(struct inode *inode)
+{
+	inode_free_security(inode);
+}
+
+static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
+{
+	return may_create(dir, dentry, SECCLASS_FILE);
+}
+
+static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
+{
+	post_create(dir, dentry);
+}
+
+static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+{
+	return may_link(dir, old_dentry, MAY_LINK);
+}
+
+static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry)
+{
+	return;
+}
+
+static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
+{
+	return may_link(dir, dentry, MAY_UNLINK);
+}
+
+static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+{
+	return may_create(dir, dentry, SECCLASS_LNK_FILE);
+}
+
+static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+{
+	post_create(dir, dentry);
+}
+
+static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
+{
+	return may_create(dir, dentry, SECCLASS_DIR);
+}
+
+static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
+{
+	post_create(dir, dentry);
+}
+
+static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
+{
+	return may_link(dir, dentry, MAY_RMDIR);
+}
+
+static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+{
+	return may_create(dir, dentry, inode_mode_to_security_class(mode));
+}
+
+static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+{
+	post_create(dir, dentry);
+}
+
+static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry)
+{
+	return may_rename(old_inode, old_dentry, new_inode, new_dentry);
+}
+
+static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry)
+{
+	return;
+}
+
+static int selinux_inode_readlink(struct dentry *dentry)
+{
+	return dentry_has_perm(current, dentry, FILE__READ, NULL);
+}
+
+static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
+{
+	return dentry_has_perm(current, dentry, FILE__READ, NULL);
+}
+
+static int selinux_inode_permission(struct inode *inode, int mask)
+{
+	return inode_has_perm(current, inode, 
+			       file_mask_to_av(inode->i_mode, mask), NULL, NULL);
+}
+
+static int selinux_inode_revalidate(struct dentry *inode)
+{
+	/* Unused until we deal with NFS. */
+	return 0;
+}
+
+static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+{
+	return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+static int selinux_inode_stat(struct inode *inode)
+{
+	struct task_security_struct *tsec;
+	struct inode_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	/* This hook function would simply call inode_has_perm,
+	   but it also needs to save the inode SID to support
+	   stat_secure, so we just inline inode_has_perm. */
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = inode_precondition(inode);
+	if (rc <= 0)
+		return rc;
+	tsec = current->security;
+	isec = inode->i_security;
+
+	tsec->out_sid[0] = isec->sid;
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.inode = inode;
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass, 
+				      FILE__GETATTR, &isec->avcr, &ad);
+}
+
+static void selinux_inode_post_lookup(struct inode *dir, struct dentry *dentry)
+{
+	struct inode *inode = dentry->d_inode;
+
+	if (inode) 
+		inode_precondition(inode);
+	return;
+}
+
+static void selinux_inode_delete(struct inode *inode)
+{
+	struct super_block *sb = inode->i_sb; 
+	if (sb) {
+		struct superblock_security_struct *sbsec;
+		int rc;
+
+		rc = superblock_precondition(sb);
+		if (rc <= 0)
+			return;
+		sbsec = sb->s_security;
+		if (sbsec && sbsec->uses_psids)
+			clear_psid(inode);
+	}
+}
+
+/* For now, simply use the existing [gs]etattr permissions between
+   the current process and the target file for the *xattr operations.
+   We will likely define new permissions later to distinguish these operations.
+   If SELinux is changed to use extended attributes for file security contexts,
+   then we will need to apply similar checking to setxattr as in 
+   syscalls.c:chsid_common when 'name' corresponds to the SELinux security
+   context, and we will need to impose stronger restrictions on removexattr. */
+
+static int selinux_inode_setxattr (struct dentry *dentry, char *name, void *value, size_t size, int flags)
+{
+	return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+static int selinux_inode_getxattr (struct dentry *dentry, char *name)
+{
+	return dentry_has_perm(current, dentry, FILE__GETATTR, NULL);
+}
+
+static int selinux_inode_listxattr (struct dentry *dentry)
+{
+	return dentry_has_perm(current, dentry, FILE__GETATTR, NULL);
+}
+
+static int selinux_inode_removexattr (struct dentry *dentry, char *name)
+{
+	return dentry_has_perm(current, dentry, FILE__SETATTR, NULL);
+}
+
+/* file security operations */
+
+static int selinux_file_permission(struct file *file, int mask)
+{
+	struct inode *inode = file->f_dentry->d_inode;
+
+	/* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
+	if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
+		mask |= MAY_APPEND; 
+
+	return file_has_perm(current, file, 
+			     file_mask_to_av(inode->i_mode, mask));
+}
+
+static int selinux_file_alloc_security(struct file *file)
+{
+	int rc;
+
+	rc = ss_precondition();
+	if (rc <= 0)
+		return rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	return file_alloc_security(current, file);
+}
+
+static void selinux_file_free_security(struct file *file)
+{
+	file_free_security(file);
+}
+
+static int selinux_file_llseek(struct file *file)
+{
+	return file_has_perm(current, file, 0 /* descriptor only */);
+}
+
+static int selinux_file_ioctl(struct file *file, unsigned int cmd, 
+			      unsigned long arg)
+{
+	int error = 0;
+
+	switch (cmd) {
+		case FIONREAD:
+		/* fall through */
+		case FIBMAP:
+		/* fall through */
+		case FIGETBSZ:
+		/* fall through */
+		case EXT2_IOC_GETFLAGS:
+		/* fall through */
+		case EXT2_IOC_GETVERSION:
+			error = file_has_perm(current, file, FILE__GETATTR);
+			break;
+
+		case EXT2_IOC_SETFLAGS:
+		/* fall through */
+		case EXT2_IOC_SETVERSION:
+			error = file_has_perm(current, file, FILE__SETATTR);
+			break;
+
+		/* sys_ioctl() checks */
+		case FIONBIO:
+		/* fall through */
+		case FIOASYNC:
+			error = file_has_perm(current, file, 0);
+			break;
+
+		/* default case assumes that the command will go
+		 * to the file's ioctl() function.
+		 */
+		default:
+			error = file_has_perm(current, file, FILE__IOCTL);
+			
+	}
+	return error;
+}
+
+static int selinux_file_mmap(struct file *file, unsigned long prot,
+			     unsigned long flags)
+{
+	access_vector_t av;
+
+	if (file) {
+		/* read access is always possible with a mapping */
+		av = FILE__READ;
+
+		/* write access only matters if the mapping is shared */
+		if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) 
+			av |= FILE__WRITE;
+
+		if (prot & PROT_EXEC) 
+			av |= FILE__EXECUTE;
+
+		return file_has_perm(current, file, av);
+	}
+	return 0;
+}
+
+static int selinux_file_mprotect(struct vm_area_struct *vma, 
+				 unsigned long prot)
+{
+	return selinux_file_mmap(vma->vm_file, prot, vma->vm_flags);
+}
+
+static int selinux_file_lock(struct file *file, unsigned int cmd, int blocking)
+{
+	return file_has_perm(current, file, FILE__LOCK);
+}
+
+static int selinux_file_fcntl(struct file *file, unsigned int cmd,
+			      unsigned long arg)
+{
+	int err = 0;
+
+	switch (cmd) {
+	        case F_SETFL: 
+			if (!file->f_dentry || !file->f_dentry->d_inode) {
+				err = -EINVAL;
+				break;
+			}
+
+			if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
+				err = file_has_perm(current, file,FILE__WRITE);
+				break;
+			}
+			/* fall through */
+	        case F_SETOWN:
+	        case F_SETSIG:
+	        case F_GETFL:
+	        case F_GETOWN:
+	        case F_GETSIG:
+			/* Just check FD__USE permission */
+			err = file_has_perm(current, file, 0);
+			break;
+		case F_GETLK:
+		case F_SETLK:
+	        case F_SETLKW: 
+	        case F_GETLK64:
+		case F_SETLK64:
+	        case F_SETLKW64: 
+			if (!file->f_dentry || !file->f_dentry->d_inode) {
+				err = -EINVAL;
+				break;
+			}
+			err = file_has_perm(current, file, FILE__LOCK);
+			break;
+	}
+
+	return err;
+}
+
+static int selinux_file_set_fowner(struct file *file)
+{
+	struct task_security_struct *tsec;
+	struct file_security_struct *fsec;
+	int rc;
+
+	rc = file_precondition(file);
+	if (rc <= 0)
+		return rc;
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	fsec = file->f_security;
+	fsec->fown_sid = tsec->sid;
+
+	return 0;
+}
+
+static int selinux_file_send_sigiotask(struct task_struct *tsk, 
+				       struct fown_struct *fown, 
+				       int fd, int reason)
+{
+        struct file *file;
+	access_vector_t perm;
+	struct task_security_struct *tsec;
+	struct file_security_struct *fsec;
+	int rc;
+
+	/* struct fown_struct is never outside the context of a struct file */
+        file = (struct file *)((long)fown - offsetof(struct file,f_owner));
+
+	rc = task_precondition(tsk);
+	if (rc <= 0)
+		return rc;
+	rc = file_precondition(file);
+	if (rc <= 0)
+		return rc;
+
+	tsec = tsk->security;
+	fsec = file->f_security;
+
+	switch (fown->signum) {
+	case SIGCHLD:
+		perm = PROCESS__SIGCHLD;
+		break;
+	case SIGKILL:
+		perm = PROCESS__SIGKILL;
+		break;
+	case SIGSTOP:
+		perm = PROCESS__SIGSTOP;
+		break;
+	default:
+		perm = PROCESS__SIGNAL;
+		break;
+	}
+
+	return avc_has_perm(fsec->fown_sid, tsec->sid, 
+			    SECCLASS_PROCESS, perm);
+}
+
+static int selinux_file_receive(struct file *file)
+{
+	return file_has_perm(current, file, file_to_av(file));
+}
+
+/* task security operations */
+
+static int selinux_task_create(unsigned long clone_flags)
+{
+	return task_has_perm(current, current, PROCESS__FORK);
+}
+
+static int selinux_task_alloc_security(struct task_struct *tsk)
+{
+	struct task_security_struct *tsec1, *tsec2;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	tsec1 = current->security;
+
+	rc = task_alloc_security(tsk);
+	if (rc)
+		return rc;
+	tsec2 = tsk->security;
+
+	tsec2->osid = tsec1->osid;
+	tsec2->sid = tsec1->sid;
+
+	return 0;
+}
+
+static void selinux_task_free_security(struct task_struct *tsk)
+{
+	task_free_security(tsk);
+}
+
+static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	/* Since setuid only affects the current process, and
+	   since the SELinux controls are not based on the Linux
+	   identity attributes, SELinux does not need to control
+	   this operation.  However, SELinux does control the use 
+	   of the CAP_SETUID and CAP_SETGID capabilities using the
+	   capable hook. */
+	return 0;
+}
+
+static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+	return secondary_ops->task_ops->post_setuid(id0,id1,id2,flags);
+}
+
+static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+	/* See the comment for setuid above. */
+	return 0;
+}
+
+static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
+{
+	return task_has_perm(current, p, PROCESS__SETPGID);
+}
+
+static int selinux_task_getpgid(struct task_struct *p)
+{
+	return task_has_perm(current, p, PROCESS__GETPGID);
+}
+
+static int selinux_task_getsid(struct task_struct *p)
+{
+	return task_has_perm(current, p, PROCESS__GETSESSION);
+}
+
+static int selinux_task_setgroups(int gidsetsize, gid_t *grouplist)
+{
+	/* See the comment for setuid above. */
+	return 0;
+}
+
+static int selinux_task_setnice(struct task_struct *p, int nice)
+{
+	return task_has_perm(current,p, PROCESS__SETSCHED);
+}
+
+static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+{
+	/* SELinux does not currently provide a process 
+	   resource limit policy based on security contexts.
+	   It does control the use of the CAP_SYS_RESOURCE capability
+	   using the capable hook. */
+	return 0;
+}
+
+static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
+{
+	return task_has_perm(current, p, PROCESS__SETSCHED);
+}
+
+static int selinux_task_getscheduler(struct task_struct *p)
+{
+	return task_has_perm(current, p, PROCESS__GETSCHED);
+}
+
+static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
+{
+	access_vector_t perm;
+
+	if (info && ((unsigned long)info == 1 || SI_FROMKERNEL(info)))
+		return 0;
+		
+
+	switch (sig) {
+	case SIGCHLD:
+		perm = PROCESS__SIGCHLD;
+		break;
+	case SIGKILL:
+		perm = PROCESS__SIGKILL;
+		break;
+	case SIGSTOP:
+		perm = PROCESS__SIGSTOP;
+		break;
+	default:
+		perm = PROCESS__SIGNAL;
+		break;
+	}
+
+	return task_has_perm(current, p, perm);
+}
+
+static int selinux_task_prctl(int option, 
+			      unsigned long arg2, 
+			      unsigned long arg3,
+			      unsigned long arg4, 
+			      unsigned long arg5)
+{
+	/* The current prctl operations do not appear to require 
+	   any SELinux controls since they merely observe or modify 
+	   the state of the current process. */
+	return 0;
+}
+
+static int selinux_task_wait(struct task_struct *p)
+{
+	access_vector_t perm;
+
+	switch (p->exit_signal) {
+	case SIGCHLD:
+		perm = PROCESS__SIGCHLD;
+		break;
+	case SIGKILL:
+		perm = PROCESS__SIGKILL;
+		break;
+	case SIGSTOP:
+		perm = PROCESS__SIGSTOP;
+		break;
+	default:
+		perm = PROCESS__SIGNAL;
+		break;
+	}
+
+	return task_has_perm(p, current, perm);
+}
+
+static void selinux_task_kmod_set_label(void)
+{
+  	struct task_security_struct *tsec;
+	int rc;
+
+	secondary_ops->task_ops->kmod_set_label();
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return;
+
+	tsec = current->security;
+	tsec->osid = tsec->sid;
+	tsec->sid = SECINITSID_KMOD;
+	return;
+}
+
+static unsigned int selinux_ip_preroute_first(unsigned int hooknum, 
+					      struct sk_buff **pskb,
+					      const struct net_device *in, 
+					      const struct net_device *out,
+					      int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_preroute_last(unsigned int hooknum, 
+					     struct sk_buff **pskb,
+					     const struct net_device *in,
+					     const struct net_device *out,
+					     int (*okfn)(struct sk_buff *))
+{
+	struct sk_buff *skb = *pskb;
+	struct net_device *dev = (struct net_device*)in;
+	struct iphdr *iph = skb->nh.iph;
+
+	struct netdev_security_struct *nsec;
+	access_vector_t netif_perm, node_perm;
+	security_id_t node_sid;
+	security_id_t msg_sid;
+	avc_audit_data_t ad;
+	int err;
+
+	err = netdev_precondition(dev);
+	if (err == 0)
+		return NF_ACCEPT;
+	if (err < 0) {
+		return NF_DROP;
+	}
+	nsec = dev->security;
+
+	msg_sid = nsec->default_msg_sid;
+
+	err = security_node_sid(PF_INET, &iph->saddr, sizeof(iph->saddr),
+				&node_sid);
+	if (err) {
+		return NF_DROP;
+	}
+
+	switch (iph->protocol) {
+	case IPPROTO_UDP:
+		netif_perm = NETIF__UDP_RECV;
+		node_perm =   NODE__UDP_RECV;
+		break;
+	case IPPROTO_TCP:
+		netif_perm = NETIF__TCP_RECV;
+		node_perm =   NODE__TCP_RECV;
+		break;
+	default:
+		netif_perm = NETIF__RAWIP_RECV;
+		node_perm =   NODE__RAWIP_RECV;
+		break;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.netif = dev->name;
+	ad.u.net.skb = skb;
+
+	err =  avc_has_perm_audit(msg_sid, node_sid, SECCLASS_NODE, 
+				  node_perm, &ad);
+	if (err)
+		return NF_DROP;
+
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_input_first(unsigned int hooknum, 
+					   struct sk_buff **pskb,
+					   const struct net_device *in, 
+					   const struct net_device *out,
+					   int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_input_last(unsigned int hooknum, 
+					  struct sk_buff **pskb,
+					  const struct net_device *in, 
+					  const struct net_device *out,
+					  int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_forward_first(unsigned int hooknum, 
+					     struct sk_buff **pskb,
+					     const struct net_device *in,
+					     const struct net_device *out,
+					     int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_forward_last(unsigned int hooknum, 
+					    struct sk_buff **pskb,
+					    const struct net_device *in, 
+					    const struct net_device *out,
+					    int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_output_first(unsigned int hooknum, 
+					    struct sk_buff **pskb,
+					    const struct net_device *in,
+					    const struct net_device *out,
+					    int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_output_last(unsigned int hooknum, 
+					   struct sk_buff **pskb,
+					   const struct net_device *in,
+					   const struct net_device *out,
+					   int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_postroute_first(unsigned int hooknum, 
+					       struct sk_buff **pskb,
+					       const struct net_device *in,
+					       const struct net_device *out,
+					       int (*okfn)(struct sk_buff *))
+{
+	return NF_ACCEPT;
+}
+
+static unsigned int selinux_ip_postroute_last(unsigned int hooknum, 
+					      struct sk_buff **pskb,
+					      const struct net_device *in,
+					      const struct net_device *out,
+					      int (*okfn)(struct sk_buff *))
+{
+	struct sk_buff *skb = *pskb;
+	struct net_device *dev = (struct net_device*)out;
+	struct sock *sk = skb->sk;
+	struct socket *sock;
+
+	struct netdev_security_struct *nsec;
+	struct inode_security_struct *isec = NULL;
+	avc_audit_data_t ad;
+	struct iphdr *iph = skb->nh.iph;
+	access_vector_t netif_perm;
+	access_vector_t node_perm;
+	security_id_t node_sid;	
+	security_id_t msg_sid;	
+	int err;
+
+	err = security_node_sid(PF_INET, &iph->daddr, sizeof(iph->daddr),
+				&node_sid);
+	if (err) {
+		return NF_DROP;
+	}
+
+	if (sk == NULL) {
+		return NF_ACCEPT;
+	}
+	sock = sk->socket;
+
+	err = netdev_precondition(dev);
+	if (err == 0)
+		return NF_ACCEPT;
+	if (err < 0) {
+		return NF_DROP;
+	}
+	nsec = dev->security;
+
+	if (sock == NULL) {
+		msg_sid = SECINITSID_TCP_SOCKET;
+	} else {
+		err = inode_precondition(SOCK_INODE(sock));
+		if (err <= 0) {
+			return NF_DROP;
+		}
+		isec = SOCK_INODE(sock)->i_security;
+		msg_sid = isec->sid;
+	}
+
+	switch (iph->protocol) {
+	case IPPROTO_UDP:
+		netif_perm = NETIF__UDP_SEND;
+		node_perm =   NODE__UDP_SEND;
+		break;
+	case IPPROTO_TCP:
+		netif_perm = NETIF__TCP_SEND;
+		node_perm =   NODE__TCP_SEND;
+
+		if (isec && isec->sid == SECINITSID_UNLABELED) {
+			/* Instead of assigning type in tcp_v4_init() */
+			isec->sid = SECINITSID_TCP_SOCKET;
+			msg_sid = isec->sid;
+		}
+		break;
+	case IPPROTO_ICMP:
+		if (isec && isec->sid == SECINITSID_UNLABELED) {
+			/* Instead of assigning type in icmp_init() */
+			isec->sid = SECINITSID_ICMP_SOCKET;
+			msg_sid = isec->sid;
+		}
+		/* fall through */
+	default:
+		netif_perm = NETIF__RAWIP_SEND;
+		node_perm =   NODE__RAWIP_SEND;
+		break;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.netif = dev->name;
+	ad.u.net.skb = skb;
+
+	err = avc_has_perm_ref_audit(msg_sid, nsec->sid, SECCLASS_NETIF, 
+				     netif_perm, &nsec->avcr, &ad);
+	if (err)
+		return NF_DROP;
+
+	err =  avc_has_perm_audit(msg_sid, node_sid, SECCLASS_NODE, 
+				  node_perm, &ad);
+	if (err)
+		return NF_DROP;
+
+	return NF_ACCEPT;
+}
+
+static void selinux_ip_fragment(struct sk_buff *newskb, 
+				const struct sk_buff *oldskb)
+{
+	return;
+}
+
+static int selinux_ip_defragment(struct sk_buff *skb) 
+{
+	return 0;
+}
+
+static void selinux_ip_decapsulate(struct sk_buff *skb) 
+{
+	return;
+}
+
+static void selinux_ip_encapsulate(struct sk_buff *skb)
+{
+	return;
+}
+
+static int selinux_ip_decode_options(struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr) 
+{
+	if (!skb && !capable(CAP_NET_RAW)) {
+		(const unsigned char *)*pp_ptr = optptr;
+		return -EPERM;
+	}
+	return 0;
+}
+
+static void selinux_netdev_unregister(struct net_device *dev)
+{
+	netdev_free_security(dev);
+}
+
+/* socket security operations */
+static int socket_has_perm(struct task_struct *task, struct socket *sock,
+			   access_vector_t perms)
+{
+	struct inode_security_struct *isec;
+	struct task_security_struct *tsec;
+	avc_audit_data_t ad;
+	int err;
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return err;
+	err = task_precondition(task);
+	if (err <= 0)
+		return err;
+
+	tsec = task->security;
+	isec = SOCK_INODE(sock)->i_security;
+	
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.sk = sock->sk;
+	err = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass,
+				     perms, &isec->avcr, &ad);
+
+	return err;
+}
+
+static int selinux_socket_create(int family, int type, int protocol)
+{
+	int err;
+	struct task_security_struct *tsec;
+
+	err = task_precondition(current);
+	if (err <= 0)
+		return err;
+
+	tsec = current->security;
+
+	/*
+	 * TBD: new system call may pass a different sid...
+	 */
+	err = avc_has_perm(tsec->sid, tsec->sid,
+			   socket_type_to_security_class(family, type),
+			   SOCKET__CREATE);
+
+	return err;
+}
+
+static void selinux_socket_post_create(struct socket *sock, int family, 
+				      int type, int protocol)
+{
+	int err;
+	struct inode_security_struct *isec;
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return;
+	isec = SOCK_INODE(sock)->i_security;
+
+	/*
+	 * TBD: Need to save sid from socket_secure() system call
+	 */
+	isec->sclass = socket_type_to_security_class(family, type);
+
+	return;
+}
+
+static int selinux_socket_bind(struct socket *sock, struct sockaddr *address,
+			       int addrlen)
+{
+	int err;
+
+	err = socket_has_perm(current, sock, SOCKET__BIND);
+	if (err)
+		return err;
+
+	/*
+	 * If PF_INET, check name_bind permission for the port.
+	 */
+	if (sock->sk->family == PF_INET) {
+		struct inode_security_struct *isec;
+		struct task_security_struct *tsec;
+		avc_audit_data_t ad;
+		struct sockaddr_in *addr = (struct sockaddr_in *)address;
+		unsigned short snum = ntohs(addr->sin_port);
+		struct sock *sk = sock->sk;
+		security_id_t sid;
+
+		err = task_precondition(current);
+		if (err <= 0)
+			return err;
+		tsec = current->security;
+		err = inode_precondition(SOCK_INODE(sock));
+		if (err <= 0)
+			return err;
+		isec = SOCK_INODE(sock)->i_security;
+
+		if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
+			   snum > ip_local_port_range_1)) {
+			err = security_port_sid(sk->family, sk->type,
+						sk->protocol, snum, &sid);
+			if (err)
+				return err;
+			AVC_AUDIT_DATA_INIT(&ad,NET);
+			ad.u.net.port = snum;
+			err = avc_has_perm_audit(isec->sid, sid,
+						 isec->sclass,
+						 SOCKET__NAME_BIND, &ad);
+			if (err)
+				return err;
+		}
+	}
+
+	return 0;
+}
+
+static int selinux_socket_connect(struct socket *sock, 
+				  struct sockaddr *address,
+				  int addrlen)
+{
+	return socket_has_perm(current, sock, SOCKET__CONNECT);
+}
+
+static int selinux_socket_listen(struct socket *sock, int backlog)
+{
+	/*
+	 * TBD: with sys_listen_secure, we may be passed a SID value
+	 * for the new connection, and an additional check must be
+	 * done.  Also, the new connection sid and 'useclient' must be
+	 * stored in the SOCK_INODE(struct socket*)->security structure.
+	 */
+	return socket_has_perm(current, sock, SOCKET__LISTEN);
+}
+
+static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
+{
+	struct inode_security_struct *isec;
+	struct inode_security_struct *newisec;
+	int err;
+
+	err = socket_has_perm(current, sock, SOCKET__ACCEPT);
+	if (err)
+		return err;
+
+	err = inode_precondition(SOCK_INODE(newsock));
+	if (err <= 0)
+		return err;
+	newisec = SOCK_INODE(newsock)->i_security;
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return err;
+	isec = SOCK_INODE(sock)->i_security;
+
+	/*
+	 * TBD:  If listen_secure was used, then the SID
+	 * of the newly created server socket may differ. 
+	 */
+	newisec->sid = isec->sid;
+	newisec->sclass = isec->sclass;
+	return 0;
+}
+
+static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, 
+				  int size)
+{
+	return socket_has_perm(current, sock, SOCKET__WRITE);
+}
+
+static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, 
+				  int size, int flags)
+{
+	return socket_has_perm(current, sock, SOCKET__READ);
+}
+
+static int selinux_socket_getsockname(struct socket *sock)
+{
+	return socket_has_perm(current, sock, SOCKET__GETATTR);
+}
+
+static int selinux_socket_getpeername(struct socket *sock)
+{
+	return socket_has_perm(current, sock, SOCKET__GETATTR);
+}
+
+static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
+{
+	return socket_has_perm(current, sock, SOCKET__SETOPT);
+}
+
+static int selinux_socket_getsockopt(struct socket *sock, int level, 
+				     int optname)
+{
+	return socket_has_perm(current, sock, SOCKET__GETOPT);
+}
+
+static int selinux_socket_shutdown(struct socket *sock, int how)
+{
+	return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
+}
+
+#if 0
+static void hexdump(u8 *x, int len)
+{
+	int i;
+
+	printk("[ ");
+	for (i = 0; i < len; i++)
+		printk("%x ", x[i]);
+	printk("]\n");
+}
+
+static void debug_skbuff(struct sock *sk, struct sk_buff *skb)
+{
+	struct iphdr *ip = skb->nh.iph;
+	struct tcphdr *th = NULL;
+	unsigned char *data = skb->data;
+	unsigned int len = skb->len-skb->data_len;
+
+	printk("debug_skbuff::\n");
+	nf_dump_skb(PF_INET, skb); 
+
+	printk("skb:: len=%d, data_len=%d\n", skb->len, skb->data_len);
+	if (ip->protocol == IPPROTO_TCP) {
+		th = skb->h.th;
+		printk("tcp:: seq=%u, ack_seq=%u flags: %s%s%s%s%s%s%s%s\n",
+		       th->seq, th->ack_seq,
+		       th->fin?" FIN":"", th->syn?" SYN":"", th->rst?" RST":"",
+		       th->psh?" PSH":"", th->ack?" ACK":"", th->urg?" URG":"",
+		       th->ece?" ECE":"", th->cwr?" CWR":"");
+	}
+
+	if (!sk) {
+		printk("debug_skbuff: null skb->sk\n");
+	} else {
+		printk("sock:: state=%d family=%d reuse=%d pair=%p\n",
+		       sk->state, sk->family, sk->reuse, sk->pair);
+	}
+
+	if (data) {
+		printk("data (len=%d):: ", len);
+		hexdump((u8 *)data, len);
+	}
+	
+	return;
+}
+#endif 
+
+static int selinux_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
+{
+	avc_audit_data_t ad;
+	struct socket *sock;
+	struct net_device *dev;
+	struct netdev_security_struct *nsec;
+	struct inode_security_struct *isec;
+	int err;
+
+	if (sk->state == TCP_TIME_WAIT) {
+		/* The sk is actually a tcp_tw_bucket, so 
+		   there is no sk->socket to use. */
+		/* debug_skbuff(sk, skb); */
+		return 0;
+	}
+
+	sock = sk->socket;
+	if (!sock) {
+		/*
+		 * TCP control messages don't always have a socket.
+		 * TBD/cvance - should we still perform a recvfrom check?
+		 */
+		return 0;
+	}
+
+	if (!SOCK_INODE(sock)) {
+		return 0;
+	}
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return err;
+	isec = SOCK_INODE(sock)->i_security;
+
+	dev = skb->dev;
+	if (!dev) {
+		return 0;
+	}
+	err = netdev_precondition(dev);
+	if (err <= 0) 
+		return err;
+	nsec = dev->security;
+	
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.netif = skb->dev->name;
+	ad.u.net.skb = skb;
+
+	err = avc_has_perm_ref_audit(isec->sid, nsec->default_msg_sid,
+				     isec->sclass, SOCKET__RECVFROM, 
+				     &isec->avcr, &ad);
+	if (err)
+		return err;
+
+	if (isec->sclass == SECCLASS_TCP_SOCKET) {
+		struct tcphdr *th = skb->h.th;
+
+		switch (sk->state) {
+		case TCP_LISTEN:
+			if (th->syn) {
+				return avc_has_perm_ref_audit(isec->sid, 
+						      nsec->default_msg_sid,
+						      isec->sclass, 
+						      TCP_SOCKET__ACCEPTFROM, 
+						      &isec->avcr, &ad);
+			}
+			break;
+		case TCP_SYN_SENT:
+			/*
+			 * if we see th->ack, check connectto,
+			 * if th->syn (but not th->ack), check connectto
+			 * 
+			 * Kernel Comment: "We see SYN without ACK. It is
+			 * attempt of simultaneous connect with crossed SYNs.
+			 * Particularly, it can be connect to self."
+			 */
+			if (th->ack || th->syn)
+				return avc_has_perm_ref_audit(isec->sid, 
+						      nsec->default_msg_sid,
+						      isec->sclass, 
+						      TCP_SOCKET__CONNECTTO, 
+						      &isec->avcr, &ad);
+			break;
+		case TCP_ESTABLISHED:
+			/* 
+			 * TBD: Can re-validate the permissions at
+			 * this point, if necessary.  
+			 */
+			break;
+		}
+	}
+
+	return 0;
+}
+
+static int selinux_socket_unix_stream_connect(struct socket *sock, 
+					      struct socket *other)
+{
+	struct inode_security_struct *isec;
+	struct inode_security_struct *other_isec;
+	avc_audit_data_t ad;
+	int err;
+
+	if (sock == NULL) {
+		printk("socket_unix_stream_connect:: sock is NULL!\n");
+		return 0;
+	}
+	if (other == NULL) {
+		printk("socket_unix_stream_connect:: other is NULL!\n");
+		return 0;
+	}
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return err;
+	err = inode_precondition(SOCK_INODE(other));
+	if (err <= 0)
+		return err;
+
+	isec = SOCK_INODE(sock)->i_security;
+	other_isec = SOCK_INODE(other)->i_security;
+	
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.sk = sock->sk;
+
+	return avc_has_perm_ref_audit(isec->sid, other_isec->sid,
+				      isec->sclass,
+				      UNIX_STREAM_SOCKET__CONNECTTO,
+				      &other_isec->avcr, &ad);
+}
+
+static int selinux_socket_unix_may_send(struct socket *sock, 
+					struct socket *other)
+{
+	struct inode_security_struct *isec;
+	struct inode_security_struct *other_isec;
+	avc_audit_data_t ad;
+	int err;
+
+	err = inode_precondition(SOCK_INODE(sock));
+	if (err <= 0)
+		return err;
+	err = inode_precondition(SOCK_INODE(other));
+	if (err <= 0)
+		return err;
+
+	isec = SOCK_INODE(sock)->i_security;
+	other_isec = SOCK_INODE(other)->i_security;
+	
+	AVC_AUDIT_DATA_INIT(&ad,NET);
+	ad.u.net.sk = sock->sk;
+
+	return avc_has_perm_ref_audit(isec->sid, other_isec->sid,
+				      isec->sclass,
+				      SOCKET__SENDTO,
+				      &other_isec->avcr, &ad);
+}
+
+/* module security operations */
+
+static int selinux_module_create_module(const char *name, size_t size)
+{
+	/* Controlled via the capable hook - CAP_SYS_MODULE */
+	return 0;
+}
+
+static int selinux_module_init_module(struct module *mod)
+{
+	/* Controlled via the capable hook - CAP_SYS_MODULE */
+	return 0;
+}
+
+static int selinux_module_delete_module(const struct module *mod)
+{
+	/* Controlled via the capable hook - CAP_SYS_MODULE */
+	return 0;
+}
+
+static struct semaphore ipc_alloc_semaphore;
+
+static int ipc_alloc_security(struct task_struct *task, 
+			      struct kern_ipc_perm *perm,
+			      security_class_t sclass)
+{
+	struct task_security_struct *tsec = task->security;
+	struct ipc_security_struct *isec;
+	int rc = 0;
+
+	if (safe_down(&ipc_alloc_semaphore))
+		return -ENOMEM;
+	isec = perm->security;
+	if (isec && isec->magic == SELINUX_MAGIC)
+		goto out;
+
+	isec = kmalloc(sizeof(struct ipc_security_struct), SAFE_ALLOC);
+	if (!isec) {
+		rc = -ENOMEM;
+		goto out;
+	}
+	memset(isec, 0, sizeof(struct ipc_security_struct));
+	isec->magic = SELINUX_MAGIC;
+	isec->sclass = sclass;
+	isec->ipc_perm = perm;
+	list_add(&isec->list, &ipc_security_head);
+	perm->security = isec;
+
+	if (tsec) {
+		if (tsec->in_sid[0])
+			isec->sid = tsec->in_sid[0];
+		else
+			isec->sid = tsec->sid;
+	} else {
+		isec->sid = SECINITSID_UNLABELED;
+	}
+
+out:
+	safe_up(&ipc_alloc_semaphore);
+	return rc;
+}
+
+static void ipc_free_security(struct kern_ipc_perm *perm)
+{
+	struct ipc_security_struct *isec = perm->security;
+	if (!isec || isec->magic != SELINUX_MAGIC)
+		return;
+
+	perm->security = NULL;
+	list_del(&isec->list);
+	kfree(isec);
+}
+
+static struct semaphore msg_alloc_semaphore;
+
+static int msg_msg_alloc_security(struct msg_msg *msg)
+{
+	struct msg_security_struct *msec;
+	int rc = 0;
+
+	if (safe_down(&msg_alloc_semaphore))
+		return -ENOMEM;
+	msec = msg->security;
+	if (msec && msec->magic == SELINUX_MAGIC) 
+		goto out;
+
+	msec = kmalloc(sizeof(struct msg_security_struct), SAFE_ALLOC);
+	if (!msec) {
+		rc = -ENOMEM;
+		goto out;
+	}
+	memset(msec, 0, sizeof(struct msg_security_struct));
+	msec->magic = SELINUX_MAGIC;
+	msec->msg = msg;
+	list_add(&msec->list, &msg_security_head);
+	msec->sid = SECINITSID_UNLABELED;
+	msg->security = msec;
+out:
+	safe_up(&msg_alloc_semaphore);
+	return 0;
+}
+
+static void msg_msg_free_security(struct msg_msg *msg)
+{
+	struct msg_security_struct *msec = msg->security;
+	if (!msec || msec->magic != SELINUX_MAGIC)
+		return;
+
+	msg->security = NULL;
+	list_del(&msec->list);
+	kfree(msec);
+}
+
+static int ipc_precondition(struct kern_ipc_perm *perm, 
+			    security_class_t sclass)
+{
+	struct ipc_security_struct *isec = perm->security;
+	int rc;
+
+	if (isec && isec->magic == SELINUX_MAGIC)
+		return 1;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	rc = ipc_alloc_security(current, perm, sclass);
+	if (rc)
+		return rc;
+
+	return 1;
+}
+
+static int msg_precondition(struct msg_msg *msg)
+{
+	struct msg_security_struct *msec;
+	int rc;
+
+	msec = msg->security;
+
+	if (msec && msec->magic == SELINUX_MAGIC)
+		return 1;
+
+	rc = msg_msg_alloc_security(msg);
+	if (rc)
+		return rc;
+
+	return 1;
+}
+
+static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, int id,
+			security_class_t sclass, access_vector_t perms)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(ipc_perms, sclass);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	isec = ipc_perms->security;
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+	ad.u.ipc_id = id;
+
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, sclass,
+				      perms, &isec->avcr, &ad);
+}
+
+static void ipc_savesid(struct kern_ipc_perm *ipc_perms, 
+			security_class_t sclass)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return;
+	rc = ipc_precondition(ipc_perms, sclass);
+	if (rc <= 0)
+		return;
+
+	tsec = current->security;
+	isec = ipc_perms->security;
+	
+	tsec->out_sid[0] = isec->sid;
+
+	return;
+}
+
+static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
+{
+	return msg_msg_alloc_security(msg);
+}
+
+static void selinux_msg_msg_free_security(struct msg_msg *msg)
+{
+	return msg_msg_free_security(msg);
+}
+
+/* message queue security operations */
+static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
+	if (rc)
+		return rc;
+
+	tsec = current->security;
+	isec = msq->q_perm.security;
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* 	ad.u.ipc_id = xxx; */ /* TBD: what to set to? */
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+				    MSGQ__CREATE, &isec->avcr, &ad);
+	if (rc) {
+		ipc_free_security(&msq->q_perm);
+		return rc;
+	}
+	return 0;
+}
+
+static void selinux_msg_queue_free_security(struct msg_queue *msq)
+{
+	ipc_free_security(&msq->q_perm);
+}
+
+static int selinux_msg_queue_associate(struct msg_queue *msq, int msqid, int msqflg)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	isec = msq->q_perm.security;
+
+	/*
+	 * If using msgget_secure and a sid was specified, but the key
+	 * already has a different sid.
+	 */
+	if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+		return -EACCES;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+	ad.u.ipc_id = msqid;
+
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+				      MSGQ__ASSOCIATE, &isec->avcr, &ad);
+}
+
+static int selinux_msg_queue_msgctl(struct msg_queue *msq, int msqid, int cmd)
+{
+	int err;
+	int perms;
+
+	switch(cmd) {
+	case IPC_STAT:
+	case MSG_STAT:
+		perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
+		break;
+	case IPC_SET:
+		perms = MSGQ__SETATTR;
+		break;
+	case IPC_RMID:
+		perms = MSGQ__DESTROY;
+		break;
+	default:
+		return 0;
+	}
+
+	err = ipc_has_perm(&msq->q_perm, msqid, SECCLASS_MSGQ, perms);
+	if (!err && cmd == IPC_STAT)
+		ipc_savesid(&msq->q_perm, SECCLASS_MSGQ);
+
+	return err;
+}
+
+static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
+				    int msqid, int msqflg)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	struct msg_security_struct *msec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+	if (rc <= 0)
+		return rc;
+	rc = msg_precondition(msg);
+	if (rc <= 0)
+		return rc;
+	    
+	tsec = current->security;
+	isec = msq->q_perm.security;
+	msec = msg->security;
+
+	/*
+	 * First time through, need to assign label to the message
+	 */
+	if (msec->sid == SECINITSID_UNLABELED) {
+		/*
+		 * Compute new sid based on current process and
+		 * message queue this message will be stored in
+		 */
+		if (tsec->in_sid[0]) {
+			msec->sid = tsec->in_sid[0];
+		} else {
+			rc = security_transition_sid(tsec->sid,
+						      isec->sid,
+						      SECCLASS_MSG,
+						      &msec->sid);
+			if (rc)
+				return rc;
+		}
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+	ad.u.ipc_id = msqid;
+
+	/* Can this process write to the queue? */
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_MSGQ,
+				      MSGQ__WRITE, &isec->avcr, &ad);
+	if (!rc)
+		/* Can this process send the message */
+		rc = avc_has_perm_ref_audit(tsec->sid, msec->sid,
+					     SECCLASS_MSG, MSG__SEND,
+					     &msec->avcr, &ad);
+	if (!rc)
+		/* Can the message be put in the queue? */
+		rc = avc_has_perm_ref_audit(msec->sid, isec->sid,
+					     SECCLASS_MSGQ, MSGQ__ENQUEUE,
+					     &isec->avcr, &ad);
+
+	return rc;
+}
+
+static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
+				    struct task_struct *target, 
+				    long type, int mode)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	struct msg_security_struct *msec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(target);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(&msq->q_perm, SECCLASS_MSGQ);
+	if (rc <= 0)
+		return rc;
+	rc = msg_precondition(msg);
+	if (rc <= 0)
+		return rc;
+	    
+	tsec = target->security;
+	isec = msq->q_perm.security;
+	msec = msg->security;
+
+	tsec->out_sid[0] = SECSID_NULL;
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* 	ad.u.ipc_id = msqid; */
+	
+	if (tsec->in_sid[0] && tsec->in_sid[0] != msec->sid) {
+		return -EACCES;
+	}
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, 
+				    SECCLASS_MSGQ, MSGQ__READ, 
+				    &isec->avcr, &ad);
+	if (!rc)
+		rc = avc_has_perm_ref_audit(tsec->sid, msec->sid, 
+					    SECCLASS_MSG, MSG__RECEIVE, 
+					    &msec->avcr, &ad);
+	if (!rc)
+		tsec->out_sid[0] = msec->sid;
+
+	return rc;
+}
+
+/* Shared Memory security operations */
+static int selinux_shm_alloc_security(struct shmid_kernel *shp)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
+	if (rc)
+		return rc;
+
+	tsec = current->security;
+	isec = shp->shm_perm.security;
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* 	ad.u.ipc_id = xxx; */ /* TBD: what to set to? */
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SHM,
+				    SHM__CREATE, &isec->avcr, &ad);
+	if (rc) {
+		ipc_free_security(&shp->shm_perm);
+		return rc;
+	}
+	return 0;
+}
+
+static void selinux_shm_free_security(struct shmid_kernel *shp)
+{
+	ipc_free_security(&shp->shm_perm);
+}
+
+static int selinux_shm_associate(struct shmid_kernel *shp, int shmid, int shmflg)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(&shp->shm_perm, SECCLASS_SHM);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	isec = shp->shm_perm.security;
+
+	/*
+	 * If using msgget_secure and a sid was specified, but the key
+	 * already has a different sid.
+	 */
+	if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+		return -EACCES;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+	ad.u.ipc_id = shmid;
+
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SHM,
+				      SHM__ASSOCIATE, &isec->avcr, &ad);
+}
+
+/* Note, at this point, shp is locked down */
+static int selinux_shm_shmctl(struct shmid_kernel *shp, int shmid, int cmd)
+{
+	int perms;
+	int err;
+
+	switch(cmd) {
+	case IPC_STAT:
+	case SHM_STAT:
+		perms = SHM__GETATTR | SHM__ASSOCIATE;
+		break;
+	case IPC_SET:
+		perms = SHM__SETATTR;
+		break;
+	case SHM_LOCK:
+	case SHM_UNLOCK:
+		perms = SHM__LOCK;
+		break;
+	case IPC_RMID:
+		perms = SHM__DESTROY;
+		break;
+	default:
+		return 0;
+	}
+
+	err = ipc_has_perm(&shp->shm_perm, shmid, SECCLASS_SHM, perms);
+	if (!err && cmd == IPC_STAT)
+		ipc_savesid(&shp->shm_perm, SECCLASS_SHM);
+
+	return err;
+}
+
+static int selinux_shm_shmat(struct shmid_kernel *shp, int shmid,
+			     char *shmaddr, int shmflg)
+{
+	access_vector_t perms;
+
+	if (shmflg & SHM_RDONLY)
+		perms = SHM__READ;
+	else
+		perms = SHM__READ | SHM__WRITE;
+
+	return ipc_has_perm(&shp->shm_perm, shmid, SECCLASS_SHM, perms);
+}
+
+/* Semaphore security operations */
+static int selinux_sem_alloc_security(struct sem_array *sma)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+
+	rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
+	if (rc)
+		return rc;
+
+	tsec = current->security;
+	isec = sma->sem_perm.security;
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+/* 	ad.u.ipc_id = xxx; */
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SEM,
+				    SEM__CREATE, &isec->avcr, &ad);
+	if (rc) {
+		ipc_free_security(&sma->sem_perm);
+		return rc;
+	}
+	return 0;
+}
+
+static void selinux_sem_free_security(struct sem_array *sma)
+{
+	ipc_free_security(&sma->sem_perm);
+}
+
+static int selinux_sem_associate(struct sem_array *sma, int semid, int semflg)
+{
+	struct task_security_struct *tsec;
+	struct ipc_security_struct *isec;
+	avc_audit_data_t ad;
+	int rc;
+
+	rc = task_precondition(current);
+	if (rc <= 0)
+		return rc;
+	rc = ipc_precondition(&sma->sem_perm, SECCLASS_SEM);
+	if (rc <= 0)
+		return rc;
+
+	tsec = current->security;
+	isec = sma->sem_perm.security;
+
+	/*
+	 * If using semget_secure and a sid was specified, but the key
+	 * already has a different sid.
+	 */
+	if (tsec->in_sid[0] && tsec->in_sid[0] != isec->sid) {
+		return -EACCES;
+	}
+
+	AVC_AUDIT_DATA_INIT(&ad, IPC);
+	ad.u.ipc_id = semid;
+
+	return avc_has_perm_ref_audit(tsec->sid, isec->sid, SECCLASS_SEM,
+				      SEM__ASSOCIATE, &isec->avcr, &ad);
+}
+
+/* Note, at this point, sma is locked down */
+static int selinux_sem_semctl(struct sem_array *sma, int semid, int cmd)
+{
+	int err;
+	access_vector_t perms;
+
+	switch(cmd) {
+	case GETPID:
+	case GETNCNT:
+	case GETZCNT:
+		perms = SEM__GETATTR;
+		break;
+	case GETVAL:
+	case GETALL:
+		perms = SEM__READ;
+		break;
+	case SETVAL:
+	case SETALL:
+		perms = SEM__WRITE;
+		break;
+	case IPC_RMID:
+		perms = SEM__DESTROY;
+		break;
+	case IPC_SET:
+		perms = SEM__SETATTR;
+		break;
+	case IPC_STAT:
+	case SEM_STAT:
+		perms = SEM__GETATTR | SEM__ASSOCIATE;
+		break;
+	default:
+		return 0;
+	}
+
+	err = ipc_has_perm(&sma->sem_perm, semid, SECCLASS_SEM, perms);
+	if (!err && cmd == IPC_STAT)
+		ipc_savesid(&sma->sem_perm, SECCLASS_SEM);
+
+	return err;
+}
+
+static int selinux_sem_semop(struct sem_array *sma, int semid,
+			     struct sembuf *sops, unsigned nsops, int alter)
+{
+	access_vector_t perms;
+
+	if (alter)
+		perms = SEM__READ | SEM__WRITE;
+	else
+		perms = SEM__READ;
+
+	return ipc_has_perm(&sma->sem_perm, semid, SECCLASS_SEM, perms);
+}
+
+static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
+{
+	struct ipc_security_struct *isec = ipcp->security;
+	security_class_t sclass = SECCLASS_IPC;
+	access_vector_t av = 0;
+
+	if (isec && isec->magic == SELINUX_MAGIC)
+		sclass = isec->sclass;
+
+	av = 0;
+	if (flag & S_IRUGO)
+		av |= IPC__UNIX_READ;
+	if (flag & S_IWUGO)
+		av |= IPC__UNIX_WRITE;
+
+	return ipc_has_perm(ipcp, 0 /* XXX */, sclass, av);
+}
+
+static int selinux_ipc_getinfo(int id, int cmd)
+{
+	return task_has_system(current, SYSTEM__IPC_INFO);
+}
+
+static int selinux_skb_alloc_security(struct sk_buff *skb)
+{
+	/* Unused until we have packet labeling across the network. */
+	return 0;
+}
+
+static int selinux_skb_clone(struct sk_buff *newskb, 
+			      const struct sk_buff *oldskb) 
+{
+	/* Unused until we have packet labeling across the network. */
+	return 0;
+}
+
+static void selinux_skb_copy(struct sk_buff *newskb, 
+			     const struct sk_buff *oldskb)
+{
+	/* Unused until we have packet labeling across the network. */
+	return;
+}
+
+static void selinux_skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
+{
+  	/* Unused until we have packet labeling across the network. */
+	return;
+}
+
+static void selinux_skb_free_security(struct sk_buff *skb)
+{
+	/* Unused until we have packet labeling across the network. */
+	return;
+}
+
+/* module stacking operations */
+int selinux_register_security (const char *name, struct security_operations *ops)
+{
+	if (secondary_ops != original_ops) {
+		printk(KERN_INFO __FUNCTION__ ":  There is already a secondary security module registered.\n");
+		return -EINVAL;
+ 	}
+	
+	secondary_ops = ops;
+
+	printk(KERN_INFO __FUNCTION__ ":  Registering secondary module %s\n",
+	       name);
+
+	return 0;
+}
+
+int selinux_unregister_security (const char *name, struct security_operations *ops)
+{
+	if (ops != secondary_ops) {
+		printk (KERN_INFO __FUNCTION__ ":  trying to unregister a security module that is not registered.\n");
+		return -EINVAL;
+	}
+
+	secondary_ops = original_ops;
+
+	return 0;
+}
+
+static struct binprm_security_ops selinux_bprm_ops = {
+	alloc_security:	selinux_bprm_alloc_security,
+	free_security:	selinux_bprm_free_security,
+	compute_creds:	selinux_bprm_compute_creds,
+	set_security:	selinux_bprm_set_security,
+};
+
+static struct super_block_security_ops selinux_sb_ops = {
+	alloc_security:	selinux_sb_alloc_security,
+	free_security:	selinux_sb_free_security,
+	statfs:         selinux_sb_statfs,
+	mount:		selinux_mount,
+	check_sb:       selinux_check_sb,
+	umount:		selinux_umount,
+	umount_close:	selinux_umount_close,
+	umount_busy:	selinux_umount_busy,
+	post_remount:	selinux_post_remount,
+	post_mountroot:	selinux_post_mountroot,
+	post_addmount:	selinux_post_addmount,
+};
+
+static struct inode_security_ops selinux_inode_ops = {
+	alloc_security:	selinux_inode_alloc_security,
+	free_security:	selinux_inode_free_security,
+	create:		selinux_inode_create,
+	post_create:	selinux_inode_post_create,
+	link:		selinux_inode_link,
+	post_link:	selinux_inode_post_link,
+	unlink:		selinux_inode_unlink,
+	symlink:	selinux_inode_symlink,
+	post_symlink:	selinux_inode_post_symlink,
+	mkdir:		selinux_inode_mkdir,
+	post_mkdir:	selinux_inode_post_mkdir,
+	rmdir:		selinux_inode_rmdir,
+	mknod:		selinux_inode_mknod,
+	post_mknod:	selinux_inode_post_mknod,
+	rename:		selinux_inode_rename,
+	post_rename:	selinux_inode_post_rename,
+	readlink:	selinux_inode_readlink,
+	follow_link:	selinux_inode_follow_link,
+	permission:	selinux_inode_permission,
+	revalidate:	selinux_inode_revalidate,
+	setattr:	selinux_inode_setattr,
+	stat:           selinux_inode_stat,
+	post_lookup:	selinux_inode_post_lookup,
+	delete:         selinux_inode_delete,
+	setxattr:	selinux_inode_setxattr,
+	getxattr:	selinux_inode_getxattr,
+	listxattr:	selinux_inode_listxattr,
+	removexattr:	selinux_inode_removexattr,
+};
+
+static struct file_security_ops	selinux_file_ops = {
+	permission:	selinux_file_permission,
+	alloc_security:	selinux_file_alloc_security,
+	free_security:	selinux_file_free_security,
+	llseek:		selinux_file_llseek,
+	ioctl:		selinux_file_ioctl,
+	mmap:		selinux_file_mmap,
+	mprotect:	selinux_file_mprotect,
+	lock:		selinux_file_lock,
+	fcntl:		selinux_file_fcntl,
+	set_fowner:	selinux_file_set_fowner,
+	send_sigiotask:	selinux_file_send_sigiotask,
+	receive:        selinux_file_receive,
+};
+
+static struct task_security_ops	selinux_task_ops = {
+	create:		selinux_task_create,
+	alloc_security:	selinux_task_alloc_security,
+	free_security:	selinux_task_free_security,
+	setuid:		selinux_task_setuid,
+	post_setuid:	selinux_task_post_setuid,
+	setgid:		selinux_task_setgid,
+	setpgid:	selinux_task_setpgid,
+	getpgid:	selinux_task_getpgid,
+	getsid:	        selinux_task_getsid,
+	setgroups:	selinux_task_setgroups,
+	setnice:	selinux_task_setnice,
+	setrlimit:	selinux_task_setrlimit,
+	setscheduler:	selinux_task_setscheduler,
+	getscheduler:	selinux_task_getscheduler,
+	kill:		selinux_task_kill,
+	wait:		selinux_task_wait,
+	prctl:		selinux_task_prctl,
+	kmod_set_label:	selinux_task_kmod_set_label,
+};
+
+static struct socket_security_ops selinux_socket_ops = {
+	create:			selinux_socket_create,
+	post_create:		selinux_socket_post_create,
+	bind:			selinux_socket_bind,
+	connect:		selinux_socket_connect,
+	listen:			selinux_socket_listen,
+	accept:			selinux_socket_accept,
+	sendmsg:		selinux_socket_sendmsg,
+	recvmsg:		selinux_socket_recvmsg,
+	getsockname:		selinux_socket_getsockname,
+	getpeername:		selinux_socket_getpeername,
+	getsockopt:		selinux_socket_getsockopt,
+	setsockopt:		selinux_socket_setsockopt,
+	shutdown:		selinux_socket_shutdown,
+	sock_rcv_skb:		selinux_sock_rcv_skb,
+	unix_stream_connect:	selinux_socket_unix_stream_connect,
+	unix_may_send:		selinux_socket_unix_may_send,
+};
+
+static struct skb_security_ops selinux_skb_ops = {
+	alloc_security:		selinux_skb_alloc_security,
+	clone:			selinux_skb_clone,
+	copy:			selinux_skb_copy,
+	set_owner_w:		selinux_skb_set_owner_w,
+	free_security:		selinux_skb_free_security,
+};
+
+static struct ip_security_ops selinux_ip_ops = {
+	preroute_first:		selinux_ip_preroute_first,
+	preroute_last:		selinux_ip_preroute_last,
+	input_first:		selinux_ip_input_first,
+	input_last:		selinux_ip_input_last,
+	forward_first:		selinux_ip_forward_first,
+	forward_last:		selinux_ip_forward_last,
+	output_first:		selinux_ip_output_first,
+	output_last:		selinux_ip_output_last,
+	postroute_first:	selinux_ip_postroute_first,
+	postroute_last:		selinux_ip_postroute_last,
+	fragment:		selinux_ip_fragment,
+	defragment:		selinux_ip_defragment,
+	encapsulate:		selinux_ip_encapsulate,
+	decapsulate:		selinux_ip_decapsulate,
+	decode_options:		selinux_ip_decode_options,
+};
+
+static struct netdev_security_ops selinux_netdev_ops = {
+	unregister:	selinux_netdev_unregister,
+};
+
+static struct module_security_ops selinux_module_ops = {
+	create_module:	selinux_module_create_module,
+	init_module:	selinux_module_init_module,
+	delete_module:	selinux_module_delete_module,
+};
+
+static struct ipc_security_ops selinux_ipc_ops = {
+	permission:	selinux_ipc_permission,
+	getinfo:	selinux_ipc_getinfo,
+};
+
+static struct msg_msg_security_ops selinux_msg_msg_ops = {
+	alloc_security:	selinux_msg_msg_alloc_security,
+	free_security:	selinux_msg_msg_free_security,
+};
+
+static struct msg_queue_security_ops selinux_msg_queue_ops = {
+	alloc_security:	selinux_msg_queue_alloc_security,
+	free_security:	selinux_msg_queue_free_security,
+	associate:	selinux_msg_queue_associate,
+	msgctl:		selinux_msg_queue_msgctl,
+	msgsnd:		selinux_msg_queue_msgsnd,
+	msgrcv:		selinux_msg_queue_msgrcv,
+};
+
+static struct shm_security_ops selinux_shm_ops = {
+	alloc_security: selinux_shm_alloc_security,
+	free_security:  selinux_shm_free_security,
+	associate:	selinux_shm_associate,
+	shmctl:		selinux_shm_shmctl,
+	shmat:		selinux_shm_shmat,
+};
+
+static struct sem_security_ops selinux_sem_ops = {
+	alloc_security: selinux_sem_alloc_security,
+	free_security:  selinux_sem_free_security,
+	associate:	selinux_sem_associate,
+	semctl:		selinux_sem_semctl,
+	semop:		selinux_sem_semop,
+};
+
+struct security_operations selinux_ops = {
+	sethostname:		selinux_sethostname,
+	setdomainname:		selinux_setdomainname,
+	reboot:			selinux_reboot,
+	ioperm:			selinux_ioperm,
+	iopl:			selinux_iopl,
+	ptrace:			selinux_ptrace,
+	capget:		        selinux_capget,
+	capset_check:	        selinux_capset_check,
+	capset_set:	        selinux_capset_set,	
+	acct:			selinux_acct,
+	sysctl:			selinux_sysctl,
+	capable:                selinux_capable,
+	sys_security:           selinux_sys_security,
+	swapon:			selinux_swapon,
+	swapoff:		selinux_swapoff,
+	nfsservctl:		selinux_nfsservctl,
+	quotactl:		selinux_quotactl,
+	quota_on:               selinux_quota_on,
+	bdflush:		selinux_bdflush,
+	syslog:			selinux_syslog,
+	netlink_send:           selinux_netlink_send,
+        netlink_recv:           selinux_netlink_recv,
+
+	bprm_ops:		&selinux_bprm_ops,
+	sb_ops:                 &selinux_sb_ops,
+	inode_ops:		&selinux_inode_ops,
+	file_ops:		&selinux_file_ops,
+	task_ops:		&selinux_task_ops,
+	socket_ops:		&selinux_socket_ops,
+	skb_ops:		&selinux_skb_ops,
+	ip_ops:			&selinux_ip_ops,
+	netdev_ops:		&selinux_netdev_ops,
+	module_ops:		&selinux_module_ops,
+	ipc_ops:		&selinux_ipc_ops,
+	msg_msg_ops:		&selinux_msg_msg_ops,
+	msg_queue_ops:		&selinux_msg_queue_ops,
+	shm_ops:		&selinux_shm_ops,
+	sem_ops:		&selinux_sem_ops,
+
+	register_security:	&selinux_register_security,
+	unregister_security:	&selinux_unregister_security,
+};
+
+extern void *sys_call_table[];
+
+static long (*orig_syscall)(void);
+
+static int __init selinux_plug_init (void)
+{
+	init_MUTEX(&task_alloc_semaphore);
+	init_MUTEX(&inode_alloc_semaphore);
+	init_MUTEX(&file_alloc_semaphore);
+	init_MUTEX(&sb_alloc_semaphore);
+	init_MUTEX(&netdev_alloc_semaphore);
+	init_MUTEX(&ipc_alloc_semaphore);
+	init_MUTEX(&msg_alloc_semaphore);
+
+	original_ops = secondary_ops = security_ops;
+	if (!original_ops) {
+		printk (KERN_INFO __FUNCTION__ ": No dummy security operations\n");
+		return -EINVAL;
+	}
+
+	avc_init();
+
+#ifdef MODULE
+	if (security_init()) {
+		/* XXX Need an AVC interface for cleaning up. */
+		printk(KERN_INFO __FUNCTION__ ": Could not initialize\n");
+		return -EINVAL;
+	}
+#endif
+
+	/* Replace the LSM security syscall with our own entrypoint 
+	   function so that the registers on the stack are available
+	   for the execve_secure system call.  If we didn't need the
+	   registers for that call, then we could simply use the LSM
+	   security syscall and the sys_security hook function to
+	   multiplex our calls. */
+	orig_syscall = sys_call_table[__NR_security];
+	sys_call_table[__NR_security] = sys_security_selinux;
+
+	if (register_security (&selinux_ops)) {
+		printk (KERN_INFO "Failure registering SELinux with the kernel\n");
+		sys_call_table[__NR_security] = orig_syscall;
+		return -EINVAL;
+	}
+
+	printk (KERN_INFO "SELinux:  module inserted\n");
+
+	return 0;
+}
+
+
+static void __exit selinux_plug_exit (void)
+{
+	struct list_head *p;
+
+	/* remove ourselves from the security framework */
+	if (unregister_security (&selinux_ops)) {
+		printk (KERN_INFO "Failure unregistering SELinux with the kernel\n");
+	}
+
+	sys_call_table[__NR_security] = orig_syscall;
+
+	/* Deallocate all of the security blobs created by this module
+	   and clear the security fields in the corresponding objects. */
+
+	p = task_security_head.next; 
+	while (p != &task_security_head) {
+		struct task_security_struct *tsec = list_entry(p, struct task_security_struct, list);
+		p = p->next;
+		task_free_security(tsec->task);
+	}
+
+	p = inode_security_head.next; 
+	while (p != &inode_security_head) {
+		struct inode_security_struct *isec = list_entry(p, struct inode_security_struct, list);
+		p = p->next;
+		inode_free_security(isec->inode);
+	}
+
+	p = file_security_head.next; 
+	while (p != &file_security_head) {
+		struct file_security_struct *fsec = list_entry(p, struct file_security_struct, list);
+		p = p->next;
+		file_free_security(fsec->file);
+	}
+
+	p = superblock_security_head.next; 
+	while (p != &superblock_security_head) {
+		struct superblock_security_struct *sbsec = list_entry(p, struct superblock_security_struct, list);
+		p = p->next;
+		superblock_free_security(sbsec->sb);
+	}
+
+	p = ipc_security_head.next;
+	while (p != &ipc_security_head) {
+		struct ipc_security_struct *isec = list_entry(p, struct ipc_security_struct, list);
+		p = p->next;
+		ipc_free_security(isec->ipc_perm);
+	}
+
+	p = msg_security_head.next;
+	while (p != &msg_security_head) {
+		struct msg_security_struct *msgsec = list_entry(p, struct msg_security_struct, list);
+		p = p->next;
+		msg_msg_free_security(msgsec->msg);
+	}
+
+	p = netdev_security_head.next;
+	while (p != &netdev_security_head) {
+		struct netdev_security_struct *nsec = list_entry(p, struct netdev_security_struct, list);
+		p = p->next;
+		netdev_free_security(nsec->dev);
+	}
+
+	/* XXX:  Need AVC and security server interfaces for cleaning up. */
+		
+	printk (KERN_INFO "SELinux:  module removed\n");
+}
+
+module_init (selinux_plug_init);
+module_exit (selinux_plug_exit);
+
+EXPORT_NO_SYMBOLS;
+
+MODULE_DESCRIPTION("SELinux Security Module");
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Stephen Smalley <ssmalley@nai.com>");
+/* How to specify multiple authors? */
+/*MODULE_AUTHOR("Chris Vance <cvance@nai.com>");*/
+/*MODULE_AUTHOR("Wayne Salamon <wsalamon@nai.com>");*/
diff --minimal -Nru a/security/selinux/include/asm-i386/flask/syscalls.c b/security/selinux/include/asm-i386/flask/syscalls.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/asm-i386/flask/syscalls.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,341 @@
+/*
+ *  NSA Security-Enhanced Linux (SELinux) security module
+ *
+ *  This file contains the x86-specific code for the
+ *  SELinux new system call implementations.  In particular,
+ *  this code is necessary to support the execve_secure system call.
+ *  This file consists of the sys_execve_secure function and the 
+ *  sys_security_selinux function.  The latter function is used to
+ *  replace the LSM entrypoint function for sys_security so that we
+ *  can pass a pointer to the registers on the stack to the sys_execve_secure
+ *  function.
+ *
+ *  This file also contains the 64-bit variants of the stat_secure system
+ *  calls.
+ *
+ *  Authors:  Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *            Chris Vance, <cvance@nai.com>
+ *
+ *  Copyright (C) 2001 Networks Associates Technology, Inc.
+ * 
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */ 
+
+#include <linux/ptrace.h>
+
+long sys_execve_secure(const char *path,
+		       char **argv,
+		       char **envp,
+		       security_id_t sid,
+		       struct pt_regs *regp)
+{
+	int error;
+	char * filename;
+	struct task_security_struct *tsec;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+
+	filename = getname(path);
+	error = PTR_ERR(filename);
+	if (IS_ERR(filename))
+		goto out;
+	tsec->in_sid[0] = sid;
+	error = do_execve(filename, argv, envp, regp);
+	tsec->in_sid[0] = 0;
+	if (error == 0)
+		current->ptrace &= ~PT_DTRACE;
+	putname(filename);
+out:
+	return error;
+}
+
+
+long sys_lstat64_stat64_secure(int follow_link,
+			       const char *pathname, 
+			       struct stat64 *buf,
+			       security_id_t *out_sid)
+{
+	long (*stat64_f)(const char * filename, struct stat64 * statbuf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	if (follow_link) 
+		stat64_f = sys_call_table[__NR_stat64];
+	else
+		stat64_f = sys_call_table[__NR_lstat64];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+
+	rc = stat64_f(pathname, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+long sys_fstat64_secure(unsigned int fd,
+			struct stat64 *buf,
+			security_id_t *out_sid)
+{
+	long (*fstat64_f)(unsigned int fd, struct stat64 * statbuf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	fstat64_f = sys_call_table[__NR_fstat64];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	rc = fstat64_f(fd, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+/* Argument list sizes for sys_security_selinux */
+#define AL(x) ((x) * sizeof(unsigned long))
+static unsigned char nargs[SELINUXCALL_NUM+1]= {
+	AL(0), /* null */
+	AL(2), /* compute_av */
+	AL(0), /* unused */
+	AL(4), /* transition_sid */
+	AL(4), /* member_sid */
+	AL(3), /* sid_to_context */
+	AL(3), /* context_to_sid */
+	AL(2), /* load_policy */
+	AL(4), /* change_sid */
+	AL(2), /* get_sids */
+	AL(5), /* get_user_sids */
+	AL(0), /* avc_toggle */
+	AL(0), /* getsid */
+	AL(0), /* getosid */
+	AL(3), /* lstat */
+	AL(2), /* lchsid */
+	AL(3), /* stat */
+	AL(2), /* chsid */
+	AL(3), /* fstat */
+	AL(2), /* fchsid */
+	AL(4), /* open */
+	AL(3), /* mkdir */
+	AL(4), /* mknod */
+	AL(3), /* symlink */
+	AL(3), /* statfs */
+	AL(3), /* fstatfs */
+	AL(3), /* chsidfs */
+	AL(3), /* fchsidfs */
+	AL(2), /* shmsid */
+	AL(2), /* semsid */
+	AL(2), /* msgsid */
+	AL(4), /* shmget */
+	AL(4), /* semget */
+	AL(3), /* msgget */
+	AL(5), /* msgsnd */
+	AL(6), /* msgrcv */
+	AL(4), /* execve */
+	AL(3), /* stat64 */
+	AL(3), /* lstat64 */
+	AL(3), /* fstat64 */
+	AL(0)  /* avc_enforcing */
+};
+#undef AL
+
+asmlinkage long sys_security_selinux(struct pt_regs regs) 
+{
+	unsigned long a[6];
+	unsigned long a0,a1;
+	unsigned int magic = regs.ebx;
+	unsigned int call = regs.ecx;
+	unsigned long *args = (unsigned long *)regs.edx;
+	int err = -EINVAL;
+
+	if (magic != SELINUX_MAGIC)
+		return -ENOSYS;
+
+	if(call<1||call>SELINUXCALL_NUM)
+		return -EINVAL;
+
+	/* copy_from_user should be SMP safe. */
+	if (copy_from_user(a, args, nargs[call]))
+		return -EFAULT;
+		
+	a0=a[0];
+	a1=a[1];
+	
+	switch(call) {
+	case SELINUXCALL_COMPUTE_AV:
+		err = sys_security_compute_av((struct security_query *)a0,
+					      (struct security_response*)a1);
+		break;
+	case SELINUXCALL_TRANSITION_SID:
+		err = sys_security_transition_sid(a0,a1,a[2],(security_id_t*)a[3]);
+		break;
+	case SELINUXCALL_MEMBER_SID:
+		err = sys_security_member_sid(a0,a1,a[2],(security_id_t*)a[3]);
+		break;
+	case SELINUXCALL_SID_TO_CONTEXT:
+		err = sys_security_sid_to_context(a0,
+						  (security_context_t)a1,
+						  (__u32 *)a[2]);
+		break;
+	case SELINUXCALL_CONTEXT_TO_SID:
+		err = sys_security_context_to_sid((security_context_t)a0,
+						  a1,
+						  (security_id_t *)a[2]);
+		break;
+	case SELINUXCALL_LOAD_POLICY:
+		err = sys_security_load_policy((char *) a0, a1);
+		break;
+	case SELINUXCALL_CHANGE_SID:
+		err = sys_security_change_sid(a0,a1,a[2],
+					      (security_id_t*)a[3]);
+		break;
+	case SELINUXCALL_GET_SIDS:
+		err = sys_security_get_sids((security_id_t*)a0,
+					    (__u32*)a1);
+		break;
+	case SELINUXCALL_GET_USER_SIDS:
+		err = sys_security_get_user_sids(a0,
+						 (char *) a1,
+						 a[2],
+						 (security_id_t*)a[3],
+						 (__u32*)a[4]);
+		break;
+	case SELINUXCALL_AVC_TOGGLE:
+		err = sys_avc_toggle();
+		break;
+	case SELINUXCALL_GETOSECSID:
+		err = sys_getosecsid();
+		break;
+	case SELINUXCALL_GETSECSID:
+		err = sys_getsecsid();
+		break;
+	case SELINUXCALL_LSTAT:
+		err = sys_lstat_stat_secure(0,
+					    (const char *)a0, 
+					    (struct stat*)a1, 
+					    (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_STAT:
+		err = sys_lstat_stat_secure(1,
+					    (const char *)a0, 
+					    (struct stat*)a1, 
+					    (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_FSTAT:
+		err = sys_fstat_secure(a0, 
+				       (struct stat*)a1, 
+				       (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_LCHSID:
+		err = sys_lchsid_chsid(0, (const char*)a0, a1);
+		break;
+	case SELINUXCALL_CHSID:
+		err = sys_lchsid_chsid(1, (const char*)a0, a1);
+		break;
+	case SELINUXCALL_FCHSID:
+		err = sys_fchsid(a0, a1);
+		break;
+	case SELINUXCALL_OPEN:
+		err = sys_open_secure((const char *)a0,a1,a[2],a[3]);
+		break;
+	case SELINUXCALL_MKDIR:
+		err = sys_mkdir_secure((const char *)a0,a1,a[2]);
+		break;
+	case SELINUXCALL_MKNOD:
+		err = sys_mknod_secure((const char *)a0,a1,a[2],a[3]);
+		break;
+	case SELINUXCALL_SYMLINK:
+		err = sys_symlink_secure((const char *)a0,(const char *)a1,a[2]);
+		break;
+	case SELINUXCALL_STATFS:
+		err = sys_statfs_secure((const char *)a0,
+					(struct statfs *)a1,
+					(security_id_t *)a[2]);
+		break;
+	case SELINUXCALL_FSTATFS:
+		err = sys_fstatfs_secure(a0,
+					(struct statfs *)a1,
+					(security_id_t *)a[2]);
+	case SELINUXCALL_CHSIDFS:
+		err = sys_chsidfs((const char *)a0,a1,a[2]);
+		break;
+	case SELINUXCALL_FCHSIDFS:
+		err = sys_fchsidfs(a0,a1,a[2]);
+		break;
+	case SELINUXCALL_MSGGET:
+		err = sys_msgget_secure(a0, a1, a[2]);
+		break;
+	case SELINUXCALL_SEMGET:
+		err = sys_semget_secure(a0, a1, a[2], a[3]);
+		break;
+	case SELINUXCALL_SHMGET:
+		err = sys_shmget_secure(a0, a1, a[2], a[3]);
+		break;
+	case SELINUXCALL_MSGSND:
+		err = sys_msgsnd_secure(a0, (void *)a1, a[2], a[3], a[4]);
+		break;
+	case SELINUXCALL_MSGRCV:
+		err = sys_msgrcv_secure(a0, (void *)a1, a[2], a[3], a[4], 
+					(security_id_t *)a[5]);
+		break;
+	case SELINUXCALL_SEMSID:
+		err = sys_semsid(a0, (security_id_t *)a1);
+		break;
+	case SELINUXCALL_SHMSID:
+		err = sys_shmsid(a0, (security_id_t *)a1);
+		break;
+	case SELINUXCALL_MSGSID:
+		err = sys_msgsid(a0, (security_id_t *)a1);
+		break;
+	case SELINUXCALL_EXECVE:
+		err = sys_execve_secure((char *)a0, (char**)a1,
+					(char**)a[2], a[3], &regs);
+		break;
+	case SELINUXCALL_LSTAT64:
+		err = sys_lstat64_stat64_secure(0,
+					    (const char *)a0, 
+					    (struct stat64*)a1, 
+					    (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_STAT64:
+		err = sys_lstat64_stat64_secure(1,
+					    (const char *)a0, 
+					    (struct stat64*)a1, 
+					    (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_FSTAT64:
+		err = sys_fstat64_secure(a0, 
+				       (struct stat64*)a1, 
+				       (security_id_t*)a[2]);
+		break;
+	case SELINUXCALL_AVC_ENFORCING:
+		err = sys_avc_enforcing();
+		break;
+	default:
+		err = -EINVAL;
+		break;
+	}
+
+	return err;
+}
diff --minimal -Nru a/security/selinux/include/asm-i386/flask/unistd.h b/security/selinux/include/asm-i386/flask/unistd.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/asm-i386/flask/unistd.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,10 @@
+#ifndef _ASM_FLASK_UNISTD_H_
+#define _ASM_FLASK_UNISTD_H_
+
+#include <linux/unistd.h>
+#define __NR_lsm                __NR_security
+
+#include <linux/ptrace.h>
+extern long sys_security_selinux(struct pt_regs regs);
+
+#endif
diff --minimal -Nru a/security/selinux/include/linux/flask/av_inherit.h b/security/selinux/include/linux/flask/av_inherit.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_inherit.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,37 @@
+/* This file is automatically generated.  Do not edit. */
+/* FLASK */
+
+typedef struct
+{
+    security_class_t tclass;
+    char **common_pts;
+    access_vector_t common_base;
+} av_inherit_t;
+
+static av_inherit_t av_inherit[] = {
+   { SECCLASS_DIR, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00100000UL },
+   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
+   { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL },
+   { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL },
+   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL },
+   { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL },
+};
+
+#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/av_perm_to_string.h b/security/selinux/include/linux/flask/av_perm_to_string.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_perm_to_string.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,127 @@
+/* This file is automatically generated.  Do not edit. */
+/* FLASK */
+
+typedef struct
+{
+    security_class_t tclass;
+    access_vector_t value;
+    char *name;
+} av_perm_to_string_t;
+
+static av_perm_to_string_t av_perm_to_string[] = {
+   { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" },
+   { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" },
+   { SECCLASS_DIR, DIR__ADD_NAME, "add_name" },
+   { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" },
+   { SECCLASS_DIR, DIR__REPARENT, "reparent" },
+   { SECCLASS_DIR, DIR__SEARCH, "search" },
+   { SECCLASS_DIR, DIR__RMDIR, "rmdir" },
+   { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" },
+   { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" },
+   { SECCLASS_FD, FD__CREATE, "create" },
+   { SECCLASS_FD, FD__USE, "use" },
+   { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
+   { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
+   { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
+   { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
+   { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
+   { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
+   { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" },
+   { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" },
+   { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" },
+   { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" },
+   { SECCLASS_NETIF, NETIF__GETATTR, "getattr" },
+   { SECCLASS_NETIF, NETIF__SETATTR, "setattr" },
+   { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" },
+   { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" },
+   { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" },
+   { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" },
+   { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" },
+   { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" },
+   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" },
+   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" },
+   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" },
+   { SECCLASS_PROCESS, PROCESS__FORK, "fork" },
+   { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" },
+   { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
+   { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" },
+   { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" },
+   { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" },
+   { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" },
+   { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" },
+   { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" },
+   { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" },
+   { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" },
+   { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" },
+   { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" },
+   { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" },
+   { SECCLASS_PROCESS, PROCESS__SHARE, "share" },
+   { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
+   { SECCLASS_MSG, MSG__SEND, "send" },
+   { SECCLASS_MSG, MSG__RECEIVE, "receive" },
+   { SECCLASS_SHM, SHM__LOCK, "lock" },
+   { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" },
+   { SECCLASS_SECURITY, SECURITY__NOTIFY_PERM, "notify_perm" },
+   { SECCLASS_SECURITY, SECURITY__TRANSITION_SID, "transition_sid" },
+   { SECCLASS_SECURITY, SECURITY__MEMBER_SID, "member_sid" },
+   { SECCLASS_SECURITY, SECURITY__SID_TO_CONTEXT, "sid_to_context" },
+   { SECCLASS_SECURITY, SECURITY__CONTEXT_TO_SID, "context_to_sid" },
+   { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" },
+   { SECCLASS_SECURITY, SECURITY__GET_SIDS, "get_sids" },
+   { SECCLASS_SECURITY, SECURITY__REGISTER_AVC, "register_avc" },
+   { SECCLASS_SECURITY, SECURITY__CHANGE_SID, "change_sid" },
+   { SECCLASS_SECURITY, SECURITY__GET_USER_SIDS, "get_user_sids" },
+   { SECCLASS_SYSTEM, SYSTEM__NET_IO_CONTROL, "net_io_control" },
+   { SECCLASS_SYSTEM, SYSTEM__ROUTE_CONTROL, "route_control" },
+   { SECCLASS_SYSTEM, SYSTEM__ARP_CONTROL, "arp_control" },
+   { SECCLASS_SYSTEM, SYSTEM__RARP_CONTROL, "rarp_control" },
+   { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" },
+   { SECCLASS_SYSTEM, SYSTEM__AVC_TOGGLE, "avc_toggle" },
+   { SECCLASS_SYSTEM, SYSTEM__NFSD_CONTROL, "nfsd_control" },
+   { SECCLASS_SYSTEM, SYSTEM__BDFLUSH, "bdflush" },
+   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" },
+   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
+   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
+   { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
+   { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
+   { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
+   { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
+   { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
+   { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
+   { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
+   { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" },
+   { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" },
+   { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" },
+   { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
+   { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
+};
+
+#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/av_permissions.h b/security/selinux/include/linux/flask/av_permissions.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/av_permissions.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,598 @@
+/* This file is automatically generated.  Do not edit. */
+/* FLASK */
+
+#define COMMON_FILE__POLL                                0x00000001UL
+#define COMMON_FILE__IOCTL                               0x00000002UL
+#define COMMON_FILE__READ                                0x00000004UL
+#define COMMON_FILE__WRITE                               0x00000008UL
+#define COMMON_FILE__CREATE                              0x00000010UL
+#define COMMON_FILE__GETATTR                             0x00000020UL
+#define COMMON_FILE__SETATTR                             0x00000040UL
+#define COMMON_FILE__LOCK                                0x00000080UL
+#define COMMON_FILE__RELABELFROM                         0x00000100UL
+#define COMMON_FILE__RELABELTO                           0x00000200UL
+#define COMMON_FILE__TRANSITION                          0x00000400UL
+#define COMMON_FILE__APPEND                              0x00000800UL
+#define COMMON_FILE__ACCESS                              0x00001000UL
+#define COMMON_FILE__UNLINK                              0x00002000UL
+#define COMMON_FILE__LINK                                0x00004000UL
+#define COMMON_FILE__RENAME                              0x00008000UL
+#define COMMON_FILE__EXECUTE                             0x00010000UL
+#define COMMON_FILE__SWAPON                              0x00020000UL
+#define COMMON_FILE__QUOTAON                             0x00040000UL
+#define COMMON_FILE__MOUNTON                             0x00080000UL
+
+#define COMMON_SOCKET__POLL                              0x00000001UL
+#define COMMON_SOCKET__IOCTL                             0x00000002UL
+#define COMMON_SOCKET__READ                              0x00000004UL
+#define COMMON_SOCKET__WRITE                             0x00000008UL
+#define COMMON_SOCKET__CREATE                            0x00000010UL
+#define COMMON_SOCKET__GETATTR                           0x00000020UL
+#define COMMON_SOCKET__SETATTR                           0x00000040UL
+#define COMMON_SOCKET__LOCK                              0x00000080UL
+#define COMMON_SOCKET__RELABELFROM                       0x00000100UL
+#define COMMON_SOCKET__RELABELTO                         0x00000200UL
+#define COMMON_SOCKET__TRANSITION                        0x00000400UL
+#define COMMON_SOCKET__APPEND                            0x00000800UL
+#define COMMON_SOCKET__BIND                              0x00001000UL
+#define COMMON_SOCKET__CONNECT                           0x00002000UL
+#define COMMON_SOCKET__LISTEN                            0x00004000UL
+#define COMMON_SOCKET__ACCEPT                            0x00008000UL
+#define COMMON_SOCKET__GETOPT                            0x00010000UL
+#define COMMON_SOCKET__SETOPT                            0x00020000UL
+#define COMMON_SOCKET__SHUTDOWN                          0x00040000UL
+#define COMMON_SOCKET__RECVFROM                          0x00080000UL
+#define COMMON_SOCKET__SENDTO                            0x00100000UL
+#define COMMON_SOCKET__RECV_MSG                          0x00200000UL
+#define COMMON_SOCKET__SEND_MSG                          0x00400000UL
+#define COMMON_SOCKET__NAME_BIND                         0x00800000UL
+
+#define COMMON_IPC__CREATE                               0x00000001UL
+#define COMMON_IPC__DESTROY                              0x00000002UL
+#define COMMON_IPC__GETATTR                              0x00000004UL
+#define COMMON_IPC__SETATTR                              0x00000008UL
+#define COMMON_IPC__READ                                 0x00000010UL
+#define COMMON_IPC__WRITE                                0x00000020UL
+#define COMMON_IPC__ASSOCIATE                            0x00000040UL
+#define COMMON_IPC__UNIX_READ                            0x00000080UL
+#define COMMON_IPC__UNIX_WRITE                           0x00000100UL
+
+#define FILESYSTEM__MOUNT                         0x00000001UL
+#define FILESYSTEM__REMOUNT                       0x00000002UL
+#define FILESYSTEM__UNMOUNT                       0x00000004UL
+#define FILESYSTEM__GETATTR                       0x00000008UL
+#define FILESYSTEM__RELABELFROM                   0x00000010UL
+#define FILESYSTEM__RELABELTO                     0x00000020UL
+#define FILESYSTEM__TRANSITION                    0x00000040UL
+#define FILESYSTEM__ASSOCIATE                     0x00000080UL
+#define FILESYSTEM__QUOTAMOD                      0x00000100UL
+#define FILESYSTEM__QUOTAGET                      0x00000200UL
+
+#define DIR__EXECUTE                              0x00010000UL
+#define DIR__UNLINK                               0x00002000UL
+#define DIR__SETATTR                              0x00000040UL
+#define DIR__QUOTAON                              0x00040000UL
+#define DIR__RELABELFROM                          0x00000100UL
+#define DIR__LINK                                 0x00004000UL
+#define DIR__WRITE                                0x00000008UL
+#define DIR__ACCESS                               0x00001000UL
+#define DIR__IOCTL                                0x00000002UL
+#define DIR__RELABELTO                            0x00000200UL
+#define DIR__READ                                 0x00000004UL
+#define DIR__POLL                                 0x00000001UL
+#define DIR__RENAME                               0x00008000UL
+#define DIR__APPEND                               0x00000800UL
+#define DIR__TRANSITION                           0x00000400UL
+#define DIR__LOCK                                 0x00000080UL
+#define DIR__SWAPON                               0x00020000UL
+#define DIR__GETATTR                              0x00000020UL
+#define DIR__MOUNTON                              0x00080000UL
+#define DIR__CREATE                               0x00000010UL
+
+#define DIR__ADD_NAME                             0x00100000UL
+#define DIR__REMOVE_NAME                          0x00200000UL
+#define DIR__REPARENT                             0x00400000UL
+#define DIR__SEARCH                               0x00800000UL
+#define DIR__RMDIR                                0x01000000UL
+
+#define FILE__EXECUTE                             0x00010000UL
+#define FILE__UNLINK                              0x00002000UL
+#define FILE__SETATTR                             0x00000040UL
+#define FILE__QUOTAON                             0x00040000UL
+#define FILE__RELABELFROM                         0x00000100UL
+#define FILE__LINK                                0x00004000UL
+#define FILE__WRITE                               0x00000008UL
+#define FILE__ACCESS                              0x00001000UL
+#define FILE__IOCTL                               0x00000002UL
+#define FILE__RELABELTO                           0x00000200UL
+#define FILE__READ                                0x00000004UL
+#define FILE__POLL                                0x00000001UL
+#define FILE__RENAME                              0x00008000UL
+#define FILE__APPEND                              0x00000800UL
+#define FILE__TRANSITION                          0x00000400UL
+#define FILE__LOCK                                0x00000080UL
+#define FILE__SWAPON                              0x00020000UL
+#define FILE__GETATTR                             0x00000020UL
+#define FILE__MOUNTON                             0x00080000UL
+#define FILE__CREATE                              0x00000010UL
+
+#define FILE__EXECUTE_NO_TRANS                    0x00100000UL
+#define FILE__ENTRYPOINT                          0x00200000UL
+
+#define LNK_FILE__EXECUTE                         0x00010000UL
+#define LNK_FILE__UNLINK                          0x00002000UL
+#define LNK_FILE__SETATTR                         0x00000040UL
+#define LNK_FILE__QUOTAON                         0x00040000UL
+#define LNK_FILE__RELABELFROM                     0x00000100UL
+#define LNK_FILE__LINK                            0x00004000UL
+#define LNK_FILE__WRITE                           0x00000008UL
+#define LNK_FILE__ACCESS                          0x00001000UL
+#define LNK_FILE__IOCTL                           0x00000002UL
+#define LNK_FILE__RELABELTO                       0x00000200UL
+#define LNK_FILE__READ                            0x00000004UL
+#define LNK_FILE__POLL                            0x00000001UL
+#define LNK_FILE__RENAME                          0x00008000UL
+#define LNK_FILE__APPEND                          0x00000800UL
+#define LNK_FILE__TRANSITION                      0x00000400UL
+#define LNK_FILE__LOCK                            0x00000080UL
+#define LNK_FILE__SWAPON                          0x00020000UL
+#define LNK_FILE__GETATTR                         0x00000020UL
+#define LNK_FILE__MOUNTON                         0x00080000UL
+#define LNK_FILE__CREATE                          0x00000010UL
+
+#define CHR_FILE__EXECUTE                         0x00010000UL
+#define CHR_FILE__UNLINK                          0x00002000UL
+#define CHR_FILE__SETATTR                         0x00000040UL
+#define CHR_FILE__QUOTAON                         0x00040000UL
+#define CHR_FILE__RELABELFROM                     0x00000100UL
+#define CHR_FILE__LINK                            0x00004000UL
+#define CHR_FILE__WRITE                           0x00000008UL
+#define CHR_FILE__ACCESS                          0x00001000UL
+#define CHR_FILE__IOCTL                           0x00000002UL
+#define CHR_FILE__RELABELTO                       0x00000200UL
+#define CHR_FILE__READ                            0x00000004UL
+#define CHR_FILE__POLL                            0x00000001UL
+#define CHR_FILE__RENAME                          0x00008000UL
+#define CHR_FILE__APPEND                          0x00000800UL
+#define CHR_FILE__TRANSITION                      0x00000400UL
+#define CHR_FILE__LOCK                            0x00000080UL
+#define CHR_FILE__SWAPON                          0x00020000UL
+#define CHR_FILE__GETATTR                         0x00000020UL
+#define CHR_FILE__MOUNTON                         0x00080000UL
+#define CHR_FILE__CREATE                          0x00000010UL
+
+#define BLK_FILE__EXECUTE                         0x00010000UL
+#define BLK_FILE__UNLINK                          0x00002000UL
+#define BLK_FILE__SETATTR                         0x00000040UL
+#define BLK_FILE__QUOTAON                         0x00040000UL
+#define BLK_FILE__RELABELFROM                     0x00000100UL
+#define BLK_FILE__LINK                            0x00004000UL
+#define BLK_FILE__WRITE                           0x00000008UL
+#define BLK_FILE__ACCESS                          0x00001000UL
+#define BLK_FILE__IOCTL                           0x00000002UL
+#define BLK_FILE__RELABELTO                       0x00000200UL
+#define BLK_FILE__READ                            0x00000004UL
+#define BLK_FILE__POLL                            0x00000001UL
+#define BLK_FILE__RENAME                          0x00008000UL
+#define BLK_FILE__APPEND                          0x00000800UL
+#define BLK_FILE__TRANSITION                      0x00000400UL
+#define BLK_FILE__LOCK                            0x00000080UL
+#define BLK_FILE__SWAPON                          0x00020000UL
+#define BLK_FILE__GETATTR                         0x00000020UL
+#define BLK_FILE__MOUNTON                         0x00080000UL
+#define BLK_FILE__CREATE                          0x00000010UL
+
+#define SOCK_FILE__EXECUTE                        0x00010000UL
+#define SOCK_FILE__UNLINK                         0x00002000UL
+#define SOCK_FILE__SETATTR                        0x00000040UL
+#define SOCK_FILE__QUOTAON                        0x00040000UL
+#define SOCK_FILE__RELABELFROM                    0x00000100UL
+#define SOCK_FILE__LINK                           0x00004000UL
+#define SOCK_FILE__WRITE                          0x00000008UL
+#define SOCK_FILE__ACCESS                         0x00001000UL
+#define SOCK_FILE__IOCTL                          0x00000002UL
+#define SOCK_FILE__RELABELTO                      0x00000200UL
+#define SOCK_FILE__READ                           0x00000004UL
+#define SOCK_FILE__POLL                           0x00000001UL
+#define SOCK_FILE__RENAME                         0x00008000UL
+#define SOCK_FILE__APPEND                         0x00000800UL
+#define SOCK_FILE__TRANSITION                     0x00000400UL
+#define SOCK_FILE__LOCK                           0x00000080UL
+#define SOCK_FILE__SWAPON                         0x00020000UL
+#define SOCK_FILE__GETATTR                        0x00000020UL
+#define SOCK_FILE__MOUNTON                        0x00080000UL
+#define SOCK_FILE__CREATE                         0x00000010UL
+
+#define FIFO_FILE__EXECUTE                        0x00010000UL
+#define FIFO_FILE__UNLINK                         0x00002000UL
+#define FIFO_FILE__SETATTR                        0x00000040UL
+#define FIFO_FILE__QUOTAON                        0x00040000UL
+#define FIFO_FILE__RELABELFROM                    0x00000100UL
+#define FIFO_FILE__LINK                           0x00004000UL
+#define FIFO_FILE__WRITE                          0x00000008UL
+#define FIFO_FILE__ACCESS                         0x00001000UL
+#define FIFO_FILE__IOCTL                          0x00000002UL
+#define FIFO_FILE__RELABELTO                      0x00000200UL
+#define FIFO_FILE__READ                           0x00000004UL
+#define FIFO_FILE__POLL                           0x00000001UL
+#define FIFO_FILE__RENAME                         0x00008000UL
+#define FIFO_FILE__APPEND                         0x00000800UL
+#define FIFO_FILE__TRANSITION                     0x00000400UL
+#define FIFO_FILE__LOCK                           0x00000080UL
+#define FIFO_FILE__SWAPON                         0x00020000UL
+#define FIFO_FILE__GETATTR                        0x00000020UL
+#define FIFO_FILE__MOUNTON                        0x00080000UL
+#define FIFO_FILE__CREATE                         0x00000010UL
+
+#define FD__CREATE                                0x00000001UL
+#define FD__USE                                   0x00000002UL
+
+#define SOCKET__RELABELTO                         0x00000200UL
+#define SOCKET__RECV_MSG                          0x00200000UL
+#define SOCKET__RELABELFROM                       0x00000100UL
+#define SOCKET__SETOPT                            0x00020000UL
+#define SOCKET__APPEND                            0x00000800UL
+#define SOCKET__SETATTR                           0x00000040UL
+#define SOCKET__SENDTO                            0x00100000UL
+#define SOCKET__GETOPT                            0x00010000UL
+#define SOCKET__TRANSITION                        0x00000400UL
+#define SOCKET__READ                              0x00000004UL
+#define SOCKET__POLL                              0x00000001UL
+#define SOCKET__SHUTDOWN                          0x00040000UL
+#define SOCKET__LISTEN                            0x00004000UL
+#define SOCKET__BIND                              0x00001000UL
+#define SOCKET__WRITE                             0x00000008UL
+#define SOCKET__ACCEPT                            0x00008000UL
+#define SOCKET__CONNECT                           0x00002000UL
+#define SOCKET__LOCK                              0x00000080UL
+#define SOCKET__IOCTL                             0x00000002UL
+#define SOCKET__CREATE                            0x00000010UL
+#define SOCKET__NAME_BIND                         0x00800000UL
+#define SOCKET__SEND_MSG                          0x00400000UL
+#define SOCKET__RECVFROM                          0x00080000UL
+#define SOCKET__GETATTR                           0x00000020UL
+
+#define TCP_SOCKET__RELABELTO                     0x00000200UL
+#define TCP_SOCKET__RECV_MSG                      0x00200000UL
+#define TCP_SOCKET__RELABELFROM                   0x00000100UL
+#define TCP_SOCKET__SETOPT                        0x00020000UL
+#define TCP_SOCKET__APPEND                        0x00000800UL
+#define TCP_SOCKET__SETATTR                       0x00000040UL
+#define TCP_SOCKET__SENDTO                        0x00100000UL
+#define TCP_SOCKET__GETOPT                        0x00010000UL
+#define TCP_SOCKET__TRANSITION                    0x00000400UL
+#define TCP_SOCKET__READ                          0x00000004UL
+#define TCP_SOCKET__POLL                          0x00000001UL
+#define TCP_SOCKET__SHUTDOWN                      0x00040000UL
+#define TCP_SOCKET__LISTEN                        0x00004000UL
+#define TCP_SOCKET__BIND                          0x00001000UL
+#define TCP_SOCKET__WRITE                         0x00000008UL
+#define TCP_SOCKET__ACCEPT                        0x00008000UL
+#define TCP_SOCKET__CONNECT                       0x00002000UL
+#define TCP_SOCKET__LOCK                          0x00000080UL
+#define TCP_SOCKET__IOCTL                         0x00000002UL
+#define TCP_SOCKET__CREATE                        0x00000010UL
+#define TCP_SOCKET__NAME_BIND                     0x00800000UL
+#define TCP_SOCKET__SEND_MSG                      0x00400000UL
+#define TCP_SOCKET__RECVFROM                      0x00080000UL
+#define TCP_SOCKET__GETATTR                       0x00000020UL
+
+#define TCP_SOCKET__CONNECTTO                     0x01000000UL
+#define TCP_SOCKET__NEWCONN                       0x02000000UL
+#define TCP_SOCKET__ACCEPTFROM                    0x04000000UL
+
+#define UDP_SOCKET__RELABELTO                     0x00000200UL
+#define UDP_SOCKET__RECV_MSG                      0x00200000UL
+#define UDP_SOCKET__RELABELFROM                   0x00000100UL
+#define UDP_SOCKET__SETOPT                        0x00020000UL
+#define UDP_SOCKET__APPEND                        0x00000800UL
+#define UDP_SOCKET__SETATTR                       0x00000040UL
+#define UDP_SOCKET__SENDTO                        0x00100000UL
+#define UDP_SOCKET__GETOPT                        0x00010000UL
+#define UDP_SOCKET__TRANSITION                    0x00000400UL
+#define UDP_SOCKET__READ                          0x00000004UL
+#define UDP_SOCKET__POLL                          0x00000001UL
+#define UDP_SOCKET__SHUTDOWN                      0x00040000UL
+#define UDP_SOCKET__LISTEN                        0x00004000UL
+#define UDP_SOCKET__BIND                          0x00001000UL
+#define UDP_SOCKET__WRITE                         0x00000008UL
+#define UDP_SOCKET__ACCEPT                        0x00008000UL
+#define UDP_SOCKET__CONNECT                       0x00002000UL
+#define UDP_SOCKET__LOCK                          0x00000080UL
+#define UDP_SOCKET__IOCTL                         0x00000002UL
+#define UDP_SOCKET__CREATE                        0x00000010UL
+#define UDP_SOCKET__NAME_BIND                     0x00800000UL
+#define UDP_SOCKET__SEND_MSG                      0x00400000UL
+#define UDP_SOCKET__RECVFROM                      0x00080000UL
+#define UDP_SOCKET__GETATTR                       0x00000020UL
+
+#define RAWIP_SOCKET__RELABELTO                   0x00000200UL
+#define RAWIP_SOCKET__RECV_MSG                    0x00200000UL
+#define RAWIP_SOCKET__RELABELFROM                 0x00000100UL
+#define RAWIP_SOCKET__SETOPT                      0x00020000UL
+#define RAWIP_SOCKET__APPEND                      0x00000800UL
+#define RAWIP_SOCKET__SETATTR                     0x00000040UL
+#define RAWIP_SOCKET__SENDTO                      0x00100000UL
+#define RAWIP_SOCKET__GETOPT                      0x00010000UL
+#define RAWIP_SOCKET__TRANSITION                  0x00000400UL
+#define RAWIP_SOCKET__READ                        0x00000004UL
+#define RAWIP_SOCKET__POLL                        0x00000001UL
+#define RAWIP_SOCKET__SHUTDOWN                    0x00040000UL
+#define RAWIP_SOCKET__LISTEN                      0x00004000UL
+#define RAWIP_SOCKET__BIND                        0x00001000UL
+#define RAWIP_SOCKET__WRITE                       0x00000008UL
+#define RAWIP_SOCKET__ACCEPT                      0x00008000UL
+#define RAWIP_SOCKET__CONNECT                     0x00002000UL
+#define RAWIP_SOCKET__LOCK                        0x00000080UL
+#define RAWIP_SOCKET__IOCTL                       0x00000002UL
+#define RAWIP_SOCKET__CREATE                      0x00000010UL
+#define RAWIP_SOCKET__NAME_BIND                   0x00800000UL
+#define RAWIP_SOCKET__SEND_MSG                    0x00400000UL
+#define RAWIP_SOCKET__RECVFROM                    0x00080000UL
+#define RAWIP_SOCKET__GETATTR                     0x00000020UL
+
+#define NODE__TCP_RECV                            0x00000001UL
+#define NODE__TCP_SEND                            0x00000002UL
+#define NODE__UDP_RECV                            0x00000004UL
+#define NODE__UDP_SEND                            0x00000008UL
+#define NODE__RAWIP_RECV                          0x00000010UL
+#define NODE__RAWIP_SEND                          0x00000020UL
+#define NODE__ENFORCE_DEST                        0x00000040UL
+
+#define NETIF__GETATTR                            0x00000001UL
+#define NETIF__SETATTR                            0x00000002UL
+#define NETIF__TCP_RECV                           0x00000004UL
+#define NETIF__TCP_SEND                           0x00000008UL
+#define NETIF__UDP_RECV                           0x00000010UL
+#define NETIF__UDP_SEND                           0x00000020UL
+#define NETIF__RAWIP_RECV                         0x00000040UL
+#define NETIF__RAWIP_SEND                         0x00000080UL
+
+#define NETLINK_SOCKET__RELABELTO                 0x00000200UL
+#define NETLINK_SOCKET__RECV_MSG                  0x00200000UL
+#define NETLINK_SOCKET__RELABELFROM               0x00000100UL
+#define NETLINK_SOCKET__SETOPT                    0x00020000UL
+#define NETLINK_SOCKET__APPEND                    0x00000800UL
+#define NETLINK_SOCKET__SETATTR                   0x00000040UL
+#define NETLINK_SOCKET__SENDTO                    0x00100000UL
+#define NETLINK_SOCKET__GETOPT                    0x00010000UL
+#define NETLINK_SOCKET__TRANSITION                0x00000400UL
+#define NETLINK_SOCKET__READ                      0x00000004UL
+#define NETLINK_SOCKET__POLL                      0x00000001UL
+#define NETLINK_SOCKET__SHUTDOWN                  0x00040000UL
+#define NETLINK_SOCKET__LISTEN                    0x00004000UL
+#define NETLINK_SOCKET__BIND                      0x00001000UL
+#define NETLINK_SOCKET__WRITE                     0x00000008UL
+#define NETLINK_SOCKET__ACCEPT                    0x00008000UL
+#define NETLINK_SOCKET__CONNECT                   0x00002000UL
+#define NETLINK_SOCKET__LOCK                      0x00000080UL
+#define NETLINK_SOCKET__IOCTL                     0x00000002UL
+#define NETLINK_SOCKET__CREATE                    0x00000010UL
+#define NETLINK_SOCKET__NAME_BIND                 0x00800000UL
+#define NETLINK_SOCKET__SEND_MSG                  0x00400000UL
+#define NETLINK_SOCKET__RECVFROM                  0x00080000UL
+#define NETLINK_SOCKET__GETATTR                   0x00000020UL
+
+#define PACKET_SOCKET__RELABELTO                  0x00000200UL
+#define PACKET_SOCKET__RECV_MSG                   0x00200000UL
+#define PACKET_SOCKET__RELABELFROM                0x00000100UL
+#define PACKET_SOCKET__SETOPT                     0x00020000UL
+#define PACKET_SOCKET__APPEND                     0x00000800UL
+#define PACKET_SOCKET__SETATTR                    0x00000040UL
+#define PACKET_SOCKET__SENDTO                     0x00100000UL
+#define PACKET_SOCKET__GETOPT                     0x00010000UL
+#define PACKET_SOCKET__TRANSITION                 0x00000400UL
+#define PACKET_SOCKET__READ                       0x00000004UL
+#define PACKET_SOCKET__POLL                       0x00000001UL
+#define PACKET_SOCKET__SHUTDOWN                   0x00040000UL
+#define PACKET_SOCKET__LISTEN                     0x00004000UL
+#define PACKET_SOCKET__BIND                       0x00001000UL
+#define PACKET_SOCKET__WRITE                      0x00000008UL
+#define PACKET_SOCKET__ACCEPT                     0x00008000UL
+#define PACKET_SOCKET__CONNECT                    0x00002000UL
+#define PACKET_SOCKET__LOCK                       0x00000080UL
+#define PACKET_SOCKET__IOCTL                      0x00000002UL
+#define PACKET_SOCKET__CREATE                     0x00000010UL
+#define PACKET_SOCKET__NAME_BIND                  0x00800000UL
+#define PACKET_SOCKET__SEND_MSG                   0x00400000UL
+#define PACKET_SOCKET__RECVFROM                   0x00080000UL
+#define PACKET_SOCKET__GETATTR                    0x00000020UL
+
+#define KEY_SOCKET__RELABELTO                     0x00000200UL
+#define KEY_SOCKET__RECV_MSG                      0x00200000UL
+#define KEY_SOCKET__RELABELFROM                   0x00000100UL
+#define KEY_SOCKET__SETOPT                        0x00020000UL
+#define KEY_SOCKET__APPEND                        0x00000800UL
+#define KEY_SOCKET__SETATTR                       0x00000040UL
+#define KEY_SOCKET__SENDTO                        0x00100000UL
+#define KEY_SOCKET__GETOPT                        0x00010000UL
+#define KEY_SOCKET__TRANSITION                    0x00000400UL
+#define KEY_SOCKET__READ                          0x00000004UL
+#define KEY_SOCKET__POLL                          0x00000001UL
+#define KEY_SOCKET__SHUTDOWN                      0x00040000UL
+#define KEY_SOCKET__LISTEN                        0x00004000UL
+#define KEY_SOCKET__BIND                          0x00001000UL
+#define KEY_SOCKET__WRITE                         0x00000008UL
+#define KEY_SOCKET__ACCEPT                        0x00008000UL
+#define KEY_SOCKET__CONNECT                       0x00002000UL
+#define KEY_SOCKET__LOCK                          0x00000080UL
+#define KEY_SOCKET__IOCTL                         0x00000002UL
+#define KEY_SOCKET__CREATE                        0x00000010UL
+#define KEY_SOCKET__NAME_BIND                     0x00800000UL
+#define KEY_SOCKET__SEND_MSG                      0x00400000UL
+#define KEY_SOCKET__RECVFROM                      0x00080000UL
+#define KEY_SOCKET__GETATTR                       0x00000020UL
+
+#define UNIX_STREAM_SOCKET__RELABELTO             0x00000200UL
+#define UNIX_STREAM_SOCKET__RECV_MSG              0x00200000UL
+#define UNIX_STREAM_SOCKET__RELABELFROM           0x00000100UL
+#define UNIX_STREAM_SOCKET__SETOPT                0x00020000UL
+#define UNIX_STREAM_SOCKET__APPEND                0x00000800UL
+#define UNIX_STREAM_SOCKET__SETATTR               0x00000040UL
+#define UNIX_STREAM_SOCKET__SENDTO                0x00100000UL
+#define UNIX_STREAM_SOCKET__GETOPT                0x00010000UL
+#define UNIX_STREAM_SOCKET__TRANSITION            0x00000400UL
+#define UNIX_STREAM_SOCKET__READ                  0x00000004UL
+#define UNIX_STREAM_SOCKET__POLL                  0x00000001UL
+#define UNIX_STREAM_SOCKET__SHUTDOWN              0x00040000UL
+#define UNIX_STREAM_SOCKET__LISTEN                0x00004000UL
+#define UNIX_STREAM_SOCKET__BIND                  0x00001000UL
+#define UNIX_STREAM_SOCKET__WRITE                 0x00000008UL
+#define UNIX_STREAM_SOCKET__ACCEPT                0x00008000UL
+#define UNIX_STREAM_SOCKET__CONNECT               0x00002000UL
+#define UNIX_STREAM_SOCKET__LOCK                  0x00000080UL
+#define UNIX_STREAM_SOCKET__IOCTL                 0x00000002UL
+#define UNIX_STREAM_SOCKET__CREATE                0x00000010UL
+#define UNIX_STREAM_SOCKET__NAME_BIND             0x00800000UL
+#define UNIX_STREAM_SOCKET__SEND_MSG              0x00400000UL
+#define UNIX_STREAM_SOCKET__RECVFROM              0x00080000UL
+#define UNIX_STREAM_SOCKET__GETATTR               0x00000020UL
+
+#define UNIX_STREAM_SOCKET__CONNECTTO             0x01000000UL
+#define UNIX_STREAM_SOCKET__NEWCONN               0x02000000UL
+#define UNIX_STREAM_SOCKET__ACCEPTFROM            0x04000000UL
+
+#define UNIX_DGRAM_SOCKET__RELABELTO              0x00000200UL
+#define UNIX_DGRAM_SOCKET__RECV_MSG               0x00200000UL
+#define UNIX_DGRAM_SOCKET__RELABELFROM            0x00000100UL
+#define UNIX_DGRAM_SOCKET__SETOPT                 0x00020000UL
+#define UNIX_DGRAM_SOCKET__APPEND                 0x00000800UL
+#define UNIX_DGRAM_SOCKET__SETATTR                0x00000040UL
+#define UNIX_DGRAM_SOCKET__SENDTO                 0x00100000UL
+#define UNIX_DGRAM_SOCKET__GETOPT                 0x00010000UL
+#define UNIX_DGRAM_SOCKET__TRANSITION             0x00000400UL
+#define UNIX_DGRAM_SOCKET__READ                   0x00000004UL
+#define UNIX_DGRAM_SOCKET__POLL                   0x00000001UL
+#define UNIX_DGRAM_SOCKET__SHUTDOWN               0x00040000UL
+#define UNIX_DGRAM_SOCKET__LISTEN                 0x00004000UL
+#define UNIX_DGRAM_SOCKET__BIND                   0x00001000UL
+#define UNIX_DGRAM_SOCKET__WRITE                  0x00000008UL
+#define UNIX_DGRAM_SOCKET__ACCEPT                 0x00008000UL
+#define UNIX_DGRAM_SOCKET__CONNECT                0x00002000UL
+#define UNIX_DGRAM_SOCKET__LOCK                   0x00000080UL
+#define UNIX_DGRAM_SOCKET__IOCTL                  0x00000002UL
+#define UNIX_DGRAM_SOCKET__CREATE                 0x00000010UL
+#define UNIX_DGRAM_SOCKET__NAME_BIND              0x00800000UL
+#define UNIX_DGRAM_SOCKET__SEND_MSG               0x00400000UL
+#define UNIX_DGRAM_SOCKET__RECVFROM               0x00080000UL
+#define UNIX_DGRAM_SOCKET__GETATTR                0x00000020UL
+
+#define PROCESS__FORK                             0x00000001UL
+#define PROCESS__TRANSITION                       0x00000002UL
+#define PROCESS__SIGCHLD                          0x00000004UL
+#define PROCESS__SIGKILL                          0x00000008UL
+#define PROCESS__SIGSTOP                          0x00000010UL
+#define PROCESS__SIGNAL                           0x00000020UL
+#define PROCESS__PTRACE                           0x00000040UL
+#define PROCESS__GETSCHED                         0x00000080UL
+#define PROCESS__SETSCHED                         0x00000100UL
+#define PROCESS__GETSESSION                       0x00000200UL
+#define PROCESS__GETPGID                          0x00000400UL
+#define PROCESS__SETPGID                          0x00000800UL
+#define PROCESS__GETCAP                           0x00001000UL
+#define PROCESS__SETCAP                           0x00002000UL
+#define PROCESS__SHARE                            0x00004000UL
+
+#define IPC__SETATTR                              0x00000008UL
+#define IPC__READ                                 0x00000010UL
+#define IPC__ASSOCIATE                            0x00000040UL
+#define IPC__DESTROY                              0x00000002UL
+#define IPC__UNIX_WRITE                           0x00000100UL
+#define IPC__CREATE                               0x00000001UL
+#define IPC__UNIX_READ                            0x00000080UL
+#define IPC__GETATTR                              0x00000004UL
+#define IPC__WRITE                                0x00000020UL
+
+#define SEM__SETATTR                              0x00000008UL
+#define SEM__READ                                 0x00000010UL
+#define SEM__ASSOCIATE                            0x00000040UL
+#define SEM__DESTROY                              0x00000002UL
+#define SEM__UNIX_WRITE                           0x00000100UL
+#define SEM__CREATE                               0x00000001UL
+#define SEM__UNIX_READ                            0x00000080UL
+#define SEM__GETATTR                              0x00000004UL
+#define SEM__WRITE                                0x00000020UL
+
+#define MSGQ__SETATTR                             0x00000008UL
+#define MSGQ__READ                                0x00000010UL
+#define MSGQ__ASSOCIATE                           0x00000040UL
+#define MSGQ__DESTROY                             0x00000002UL
+#define MSGQ__UNIX_WRITE                          0x00000100UL
+#define MSGQ__CREATE                              0x00000001UL
+#define MSGQ__UNIX_READ                           0x00000080UL
+#define MSGQ__GETATTR                             0x00000004UL
+#define MSGQ__WRITE                               0x00000020UL
+
+#define MSGQ__ENQUEUE                             0x00000200UL
+
+#define MSG__SEND                                 0x00000001UL
+#define MSG__RECEIVE                              0x00000002UL
+
+#define SHM__SETATTR                              0x00000008UL
+#define SHM__READ                                 0x00000010UL
+#define SHM__ASSOCIATE                            0x00000040UL
+#define SHM__DESTROY                              0x00000002UL
+#define SHM__UNIX_WRITE                           0x00000100UL
+#define SHM__CREATE                               0x00000001UL
+#define SHM__UNIX_READ                            0x00000080UL
+#define SHM__GETATTR                              0x00000004UL
+#define SHM__WRITE                                0x00000020UL
+
+#define SHM__LOCK                                 0x00000200UL
+
+#define SECURITY__COMPUTE_AV                      0x00000001UL
+#define SECURITY__NOTIFY_PERM                     0x00000002UL
+#define SECURITY__TRANSITION_SID                  0x00000004UL
+#define SECURITY__MEMBER_SID                      0x00000008UL
+#define SECURITY__SID_TO_CONTEXT                  0x00000010UL
+#define SECURITY__CONTEXT_TO_SID                  0x00000020UL
+#define SECURITY__LOAD_POLICY                     0x00000040UL
+#define SECURITY__GET_SIDS                        0x00000080UL
+#define SECURITY__REGISTER_AVC                    0x00000100UL
+#define SECURITY__CHANGE_SID                      0x00000200UL
+#define SECURITY__GET_USER_SIDS                   0x00000400UL
+
+#define SYSTEM__NET_IO_CONTROL                    0x00000001UL
+#define SYSTEM__ROUTE_CONTROL                     0x00000002UL
+#define SYSTEM__ARP_CONTROL                       0x00000004UL
+#define SYSTEM__RARP_CONTROL                      0x00000008UL
+#define SYSTEM__IPC_INFO                          0x00000010UL
+#define SYSTEM__AVC_TOGGLE                        0x00000020UL
+#define SYSTEM__NFSD_CONTROL                      0x00000040UL
+#define SYSTEM__BDFLUSH                           0x00000080UL
+#define SYSTEM__SYSLOG_READ                       0x00000100UL
+#define SYSTEM__SYSLOG_MOD                        0x00000200UL
+#define SYSTEM__SYSLOG_CONSOLE                    0x00000400UL
+
+#define CAPABILITY__CHOWN                         0x00000001UL
+#define CAPABILITY__DAC_OVERRIDE                  0x00000002UL
+#define CAPABILITY__DAC_READ_SEARCH               0x00000004UL
+#define CAPABILITY__FOWNER                        0x00000008UL
+#define CAPABILITY__FSETID                        0x00000010UL
+#define CAPABILITY__KILL                          0x00000020UL
+#define CAPABILITY__SETGID                        0x00000040UL
+#define CAPABILITY__SETUID                        0x00000080UL
+#define CAPABILITY__SETPCAP                       0x00000100UL
+#define CAPABILITY__LINUX_IMMUTABLE               0x00000200UL
+#define CAPABILITY__NET_BIND_SERVICE              0x00000400UL
+#define CAPABILITY__NET_BROADCAST                 0x00000800UL
+#define CAPABILITY__NET_ADMIN                     0x00001000UL
+#define CAPABILITY__NET_RAW                       0x00002000UL
+#define CAPABILITY__IPC_LOCK                      0x00004000UL
+#define CAPABILITY__IPC_OWNER                     0x00008000UL
+#define CAPABILITY__SYS_MODULE                    0x00010000UL
+#define CAPABILITY__SYS_RAWIO                     0x00020000UL
+#define CAPABILITY__SYS_CHROOT                    0x00040000UL
+#define CAPABILITY__SYS_PTRACE                    0x00080000UL
+#define CAPABILITY__SYS_PACCT                     0x00100000UL
+#define CAPABILITY__SYS_ADMIN                     0x00200000UL
+#define CAPABILITY__SYS_BOOT                      0x00400000UL
+#define CAPABILITY__SYS_NICE                      0x00800000UL
+#define CAPABILITY__SYS_RESOURCE                  0x01000000UL
+#define CAPABILITY__SYS_TIME                      0x02000000UL
+#define CAPABILITY__SYS_TTY_CONFIG                0x04000000UL
+#define CAPABILITY__MKNOD                         0x08000000UL
+#define CAPABILITY__LEASE                         0x10000000UL
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/avc.h b/security/selinux/include/linux/flask/avc.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/avc.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,332 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_AVC_H_
+#define _LINUX_AVC_H_
+
+/*
+ * Access vector cache interface for object managers
+ */
+
+#include <linux/flask/flask.h>
+#include <linux/flask/av_permissions.h>
+#include <linux/flask/security.h>
+#include <linux/stddef.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/kdev_t.h>
+#include <linux/spinlock.h>
+#include <asm/system.h>
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+extern int avc_debug_always_allow;
+#endif
+
+
+/*
+ * An entry in the AVC.
+ */
+typedef struct avc_entry {
+	security_id_t   ssid;
+	security_id_t   tsid;
+	security_class_t tclass;
+	access_vector_t allowed;       
+	access_vector_t decided; 
+        access_vector_t auditallow;
+	access_vector_t auditdeny;
+	int		used;	 /* used recently */
+} avc_entry_t;
+
+
+/*
+ * A reference to an AVC entry.
+ */
+typedef struct avc_entry_ref {  
+	avc_entry_t *ae;	
+} avc_entry_ref_t;
+
+#define AVC_ENTRY_REF_NULL { NULL }
+
+/* Initialize an AVC entry reference before first use. */
+#define AVC_ENTRY_REF_INIT(h) { (h)->ae = NULL; }
+
+#define AVC_ENTRY_REF_CPY(dst,src) (dst)->ae = (src)->ae
+
+
+struct dentry;
+struct inode;
+struct sock;
+struct sk_buff;
+
+typedef struct avc_audit_data {
+	char    type;
+#define AVC_AUDIT_DATA_FS   1	
+#define AVC_AUDIT_DATA_NET  2
+#define AVC_AUDIT_DATA_CAP  3
+#define AVC_AUDIT_DATA_IPC  4
+	union 	{
+		struct {
+			struct dentry *dentry;
+			struct inode *inode;
+		} fs;
+		struct {
+			char *netif;
+			struct sk_buff *skb;
+			struct sock *sk;
+			__u16 port;
+			__u32 daddr;
+		} net;
+		int cap;
+		int ipc_id;
+	} u;
+} avc_audit_data_t;
+
+/* Initialize an AVC audit data structure. */
+#define AVC_AUDIT_DATA_INIT(_d,_t) \
+        { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
+
+
+extern spinlock_t avc_lock;
+
+
+/* 
+ * AVC statistics
+ */
+#define AVC_ENTRY_LOOKUPS        0
+#define AVC_ENTRY_HITS	         1
+#define AVC_ENTRY_MISSES         2
+#define AVC_ENTRY_DISCARDS       3
+#define AVC_CAV_LOOKUPS          4
+#define AVC_CAV_HITS             5
+#define AVC_CAV_PROBES           6
+#define AVC_CAV_MISSES           7
+#define AVC_NSTATS               8
+extern unsigned avc_cache_stats[AVC_NSTATS];
+void avc_dump_stats(char *tag);
+
+#ifdef AVC_CACHE_STATS
+#define avc_cache_stats_incr(x) avc_cache_stats[(x)]++
+#define avc_cache_stats_add(x,y) avc_cache_stats[(x)] += (y)
+#else
+#define avc_cache_stats_incr(x) 
+#define avc_cache_stats_add(x,y) 
+#endif
+
+
+/*
+ * AVC display support
+ */
+void avc_dump_av(
+	security_class_t tclass,	/* IN */
+	access_vector_t av);		/* IN */
+
+void avc_dump_query(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass);	/* IN */
+
+void avc_dump_cache(char *tag);
+
+
+/*
+ * AVC operations
+ */
+
+/* Initialize the AVC */
+void avc_init(void);
+
+/*
+ * Look up an AVC entry that is valid for the 
+ * `requested' permissions between the SID pair
+ * (`ssid', `tsid'), interpreting the permissions
+ * based on `tclass'.  If a valid AVC entry exists,
+ * then this function updates `aeref' to refer to the
+ * entry and returns 0. Otherwise, this function
+ * returns -ENOENT.
+ */
+int avc_lookup(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t requested,	/* IN */
+	avc_entry_ref_t *aeref);	/* OUT */
+
+/*
+ * Insert an AVC entry for the SID pair
+ * (`ssid', `tsid') and class `tclass'. 
+ * The access vectors and the sequence number are
+ * normally provided by the security server in 
+ * response to a security_compute_av call.  If the 
+ * sequence number `seqno' is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates 
+ * `aeref' to refer to the entry, and returns 0.
+ * Otherwise, this function returns -EAGAIN.
+ */
+int avc_insert(security_id_t ssid,		/* IN */
+	       security_id_t tsid,		/* IN */
+	       security_class_t tclass,		/* IN */
+	       struct avc_entry *ae,		/* IN */
+	       __u32 seqno,			/* IN */
+	       avc_entry_ref_t *out_aeref);	/* OUT */
+
+
+/* Audit the checking of permissions */
+#define AVC_AUDITALLOW 0
+#define AVC_AUDITDENY 1
+void avc_audit(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	struct avc_entry *ae,		/* IN */
+	__u32 denied,			/* IN */
+	avc_audit_data_t *auditdata);   /* IN */
+
+/*
+ * Check permissions using an AVC entry ref.
+ *
+ * If the ref is null or the underlying AVC entry has been invalidated
+ * or the underlying AVC entry does not contain all the requested 
+ * decisions, then this code falls through to avc_lookup.  In
+ * this case, the AVC entry ref will be updated appropriately.
+ */
+static inline int avc_has_perm_ref_audit(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t requested, 	/* IN */
+	avc_entry_ref_t *aeref,		/* IN */
+	avc_audit_data_t *auditdata)	/* IN */
+{
+	struct avc_entry *ae;
+	int             rc;
+	unsigned long	flags;
+	struct avc_entry entry;
+	__u32 seqno;
+
+	spin_lock_irqsave(&avc_lock, flags);
+	avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
+	ae = aeref->ae;
+	if (ae) {
+		if (ae->ssid == ssid &&
+		    ae->tsid == tsid &&
+		    ae->tclass == tclass &&
+		    ((ae->decided & requested) == requested)) {
+			avc_cache_stats_incr(AVC_ENTRY_HITS);
+			ae->used = 1;
+		} else {
+			avc_cache_stats_incr(AVC_ENTRY_DISCARDS);
+			ae = 0;
+		}
+	}
+
+	if (!ae) {
+		avc_cache_stats_incr(AVC_ENTRY_MISSES);
+		rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
+		if (rc) {
+			spin_unlock_irqrestore(&avc_lock,flags);
+			rc = security_compute_av(ssid,tsid,tclass,requested,
+						 &entry.allowed, 
+						 &entry.decided,
+						 &entry.auditallow,
+						 &entry.auditdeny,
+						 &seqno);
+			if (rc)
+				return rc;
+			spin_lock_irqsave(&avc_lock, flags);
+			rc = avc_insert(ssid,tsid,tclass,&entry,seqno,aeref);
+			if (rc) {
+				spin_unlock_irqrestore(&avc_lock,flags);
+				return rc;
+			}
+		}
+		ae = aeref->ae;
+	}
+
+	if ((requested & ae->allowed) != requested) {
+		if (requested & ae->auditdeny)
+			avc_audit(ssid, tsid, tclass, requested & ~(ae->allowed), ae,
+				  AVC_AUDITDENY, auditdata);
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+		if (avc_debug_always_allow) {
+			ae->allowed |= requested; 
+			spin_unlock_irqrestore(&avc_lock,flags);
+			return 0;
+		} else {
+			spin_unlock_irqrestore(&avc_lock,flags);
+			return -EACCES;
+		}
+#else
+		spin_unlock_irqrestore(&avc_lock,flags);
+		return -EACCES;
+#endif
+	}
+
+	if (requested & ae->auditallow)
+		avc_audit(ssid, tsid, tclass, requested, ae, 
+			  AVC_AUDITALLOW, auditdata);
+
+	spin_unlock_irqrestore(&avc_lock,flags);
+	return 0;    
+}
+
+#define avc_has_perm_ref(ssid,tsid,tclass,requested,aeref) \
+        avc_has_perm_ref_audit(ssid,tsid,tclass,requested,aeref,0)
+
+
+/* Check permissions */
+static inline int avc_has_perm_audit(
+	security_id_t ssid,	   /* IN */
+	security_id_t tsid,	   /* IN */
+	security_class_t tclass,   /* IN */
+	access_vector_t requested, /* IN */
+	avc_audit_data_t *auditdata) /* IN */
+{
+	avc_entry_ref_t ref;
+	AVC_ENTRY_REF_INIT(&ref);
+	return avc_has_perm_ref_audit(ssid,tsid,tclass,requested,&ref,auditdata);
+}
+
+#define avc_has_perm(ssid,tsid,tclass,requested) \
+        avc_has_perm_audit(ssid,tsid,tclass,requested,0)
+
+#define AVC_CALLBACK_GRANT 	1
+#define AVC_CALLBACK_TRY_REVOKE 2
+#define AVC_CALLBACK_REVOKE     4
+#define AVC_CALLBACK_RESET      8
+#define AVC_CALLBACK_AUDITALLOW_ENABLE  16
+#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
+#define AVC_CALLBACK_AUDITDENY_ENABLE   64
+#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+
+/*
+ * Register a callback for events in the set `events'
+ * related to the SID pair (`ssid', `tsid') and
+ * and the permissions `perms', interpreting
+ * `perms' based on `tclass'.
+ */
+int avc_add_callback(int (*callback)(__u32 event, 
+				     security_id_t ssid,
+				     security_id_t tsid,
+				     security_class_t tclass,
+				     access_vector_t perms,
+				     access_vector_t *out_retained),
+		     __u32 events,
+		     security_id_t ssid,
+		     security_id_t tsid,
+		     security_class_t tclass,
+		     access_vector_t perms);
+
+extern long sys_avc_toggle(void);
+
+#endif /* _LINUX_AVC_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/avc_ss.h b/security/selinux/include/linux/flask/avc_ss.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/avc_ss.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,84 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * The access vector cache was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_AVC_SS_H_
+#define _LINUX_AVC_SS_H_
+
+/* 
+ * Access vector cache interface for the security server
+ */
+
+#include <linux/flask/flask.h>
+
+/*
+ * Any of the SID parameters may be wildcarded,
+ * in which case the operation is applied to all
+ * matching entries in the AVC.
+ */
+
+/* Grant previously denied permissions */
+int avc_ss_grant(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno);			/* IN */
+
+/*
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained.
+ */
+int avc_ss_try_revoke(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	access_vector_t *out_retained);	/* OUT */
+
+/*
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno);			/* IN */
+
+/* 
+ * Flush the cache and revalidate all migrated permissions.
+ */
+int avc_ss_reset(__u32 seqno);
+
+
+/* Enable or disable auditing of granted permissions */
+int avc_ss_set_auditallow(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	__u32 enable);
+
+/* Enable or disable auditing of denied permissions */
+int avc_ss_set_auditdeny(
+	security_id_t ssid,		/* IN */
+	security_id_t tsid,		/* IN */
+	security_class_t tclass,	/* IN */
+	access_vector_t perms,		/* IN */
+	__u32 seqno,			/* IN */
+	__u32 enable);
+
+#endif /* _LINUX_AVC_SS_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/class_to_string.h b/security/selinux/include/linux/flask/class_to_string.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/class_to_string.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,38 @@
+/* This file is automatically generated.  Do not edit. */
+/*
+ * Security object class definitions
+ */
+static char *class_to_string[] =
+{
+    "null",
+    "security",
+    "process",
+    "system",
+    "capability",
+    "filesystem",
+    "file",
+    "dir",
+    "fd",
+    "lnk_file",
+    "chr_file",
+    "blk_file",
+    "sock_file",
+    "fifo_file",
+    "socket",
+    "tcp_socket",
+    "udp_socket",
+    "rawip_socket",
+    "node",
+    "netif",
+    "netlink_socket",
+    "packet_socket",
+    "key_socket",
+    "unix_stream_socket",
+    "unix_dgram_socket",
+    "sem",
+    "msg",
+    "msgq",
+    "shm",
+    "ipc",
+};
+
diff --minimal -Nru a/security/selinux/include/linux/flask/common_perm_to_string.h b/security/selinux/include/linux/flask/common_perm_to_string.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/common_perm_to_string.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,70 @@
+/* This file is automatically generated.  Do not edit. */
+/* FLASK */
+
+static char *common_file_perm_to_string[] =
+{
+    "poll",
+    "ioctl",
+    "read",
+    "write",
+    "create",
+    "getattr",
+    "setattr",
+    "lock",
+    "relabelfrom",
+    "relabelto",
+    "transition",
+    "append",
+    "access",
+    "unlink",
+    "link",
+    "rename",
+    "execute",
+    "swapon",
+    "quotaon",
+    "mounton",
+};
+
+static char *common_socket_perm_to_string[] =
+{
+    "poll",
+    "ioctl",
+    "read",
+    "write",
+    "create",
+    "getattr",
+    "setattr",
+    "lock",
+    "relabelfrom",
+    "relabelto",
+    "transition",
+    "append",
+    "bind",
+    "connect",
+    "listen",
+    "accept",
+    "getopt",
+    "setopt",
+    "shutdown",
+    "recvfrom",
+    "sendto",
+    "recv_msg",
+    "send_msg",
+    "name_bind",
+};
+
+static char *common_ipc_perm_to_string[] =
+{
+    "create",
+    "destroy",
+    "getattr",
+    "setattr",
+    "read",
+    "write",
+    "associate",
+    "unix_read",
+    "unix_write",
+};
+
+
+/* FLASK */
diff --minimal -Nru a/security/selinux/include/linux/flask/flask.h b/security/selinux/include/linux/flask/flask.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/flask.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,77 @@
+/* This file is automatically generated.  Do not edit. */
+#ifndef _LINUX_FLASK_H_
+#define _LINUX_FLASK_H_
+
+#include <linux/flask/flask_types.h>
+
+/*
+ * Security object class definitions
+ */
+#define SECCLASS_SECURITY                                1
+#define SECCLASS_PROCESS                                 2
+#define SECCLASS_SYSTEM                                  3
+#define SECCLASS_CAPABILITY                              4
+#define SECCLASS_FILESYSTEM                              5
+#define SECCLASS_FILE                                    6
+#define SECCLASS_DIR                                     7
+#define SECCLASS_FD                                      8
+#define SECCLASS_LNK_FILE                                9
+#define SECCLASS_CHR_FILE                                10
+#define SECCLASS_BLK_FILE                                11
+#define SECCLASS_SOCK_FILE                               12
+#define SECCLASS_FIFO_FILE                               13
+#define SECCLASS_SOCKET                                  14
+#define SECCLASS_TCP_SOCKET                              15
+#define SECCLASS_UDP_SOCKET                              16
+#define SECCLASS_RAWIP_SOCKET                            17
+#define SECCLASS_NODE                                    18
+#define SECCLASS_NETIF                                   19
+#define SECCLASS_NETLINK_SOCKET                          20
+#define SECCLASS_PACKET_SOCKET                           21
+#define SECCLASS_KEY_SOCKET                              22
+#define SECCLASS_UNIX_STREAM_SOCKET                      23
+#define SECCLASS_UNIX_DGRAM_SOCKET                       24
+#define SECCLASS_SEM                                     25
+#define SECCLASS_MSG                                     26
+#define SECCLASS_MSGQ                                    27
+#define SECCLASS_SHM                                     28
+#define SECCLASS_IPC                                     29
+
+/*
+ * Security identifier indices for initial entities
+ */
+#define SECINITSID_KERNEL                               1
+#define SECINITSID_SECURITY                             2
+#define SECINITSID_UNLABELED                            3
+#define SECINITSID_FS                                   4
+#define SECINITSID_FILE                                 5
+#define SECINITSID_FILE_LABELS                          6
+#define SECINITSID_INIT                                 7
+#define SECINITSID_PROC                                 8
+#define SECINITSID_ANY_SOCKET                           9
+#define SECINITSID_PORT                                 10
+#define SECINITSID_NETIF                                11
+#define SECINITSID_NETMSG                               12
+#define SECINITSID_NODE                                 13
+#define SECINITSID_ICMP_SOCKET                          14
+#define SECINITSID_TCP_SOCKET                           15
+#define SECINITSID_PROC_KMSG                            16
+#define SECINITSID_PROC_KCORE                           17
+#define SECINITSID_SYSCTL_MODPROBE                      18
+#define SECINITSID_SYSCTL                               19
+#define SECINITSID_SYSCTL_FS                            20
+#define SECINITSID_SYSCTL_KERNEL                        21
+#define SECINITSID_SYSCTL_NET                           22
+#define SECINITSID_SYSCTL_NET_UNIX                      23
+#define SECINITSID_SYSCTL_VM                            24
+#define SECINITSID_SYSCTL_DEV                           25
+#define SECINITSID_KMOD                                 26
+#define SECINITSID_DEVPTS                               27
+#define SECINITSID_NFS                                  28
+#define SECINITSID_POLICY                               29
+#define SECINITSID_TMPFS                                30
+#define SECINITSID_DEVFS                                31
+
+#define SECINITSID_NUM                                  31
+
+#endif
diff --minimal -Nru a/security/selinux/include/linux/flask/flask_types.h b/security/selinux/include/linux/flask/flask_types.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/flask_types.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,115 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * This file was originally written while I was employed by NSA.
+ * It is mostly unchanged, except for the SAFE_ALLOC definition
+ * and safe_down/up functions added for the SELinux security module.
+ * They don't really belong here and should be moved somewhere else.
+ */
+
+#ifndef _LINUX_FLASK_TYPES_H_
+#define _LINUX_FLASK_TYPES_H_
+
+/*
+ * The basic Flask types and constants.
+ */
+
+#include <asm/types.h>
+
+/*
+ * A security context is a set of security attributes 
+ * associated with each subject and object controlled
+ * by the security policy.  The security context type
+ * is defined as a variable-length string that can be
+ * interpreted by any application or user with an 
+ * understanding of the security policy.
+ */
+typedef char* security_context_t;
+
+/*
+ * A security identifier (SID) is a fixed-size value
+ * that is mapped by the security server to a 
+ * particular security context.  The SID mapping
+ * cannot be assumed to be consistent either across
+ * executions (reboots) of the security server or
+ * across security servers on different nodes.
+ *
+ * Certain SIDs (specified in flask/initial_sids) are 
+ * predefined for system initialization. The corresponding
+ * constants are defined in the automatically generated
+ * header file flask.h.
+ */
+typedef __u32 security_id_t;
+#define SECSID_NULL			0x00000000 /* unspecified SID */
+#define SECSID_WILD			0xFFFFFFFF /* wildcard SID */
+
+/*
+ * An access vector (AV) is a collection of related permissions
+ * for a pair of SIDs.  The bits within an access vector
+ * are interpreted differently depending on the class of
+ * the object.  The access vector interpretations are specified
+ * in flask/access_vectors, and the corresponding constants
+ * for permissions are defined in the automatically generated
+ * header file av_permissions.h.
+ */
+typedef __u32 access_vector_t;
+
+/*
+ * Each object class is identified by a fixed-size value.
+ * The set of security classes is specified in flask/security_classes, 
+ * with the corresponding constants defined in the automatically 
+ * generated header file flask.h.
+ */
+typedef __u16 security_class_t;
+#define SECCLASS_NULL			0x0000 /* no class */
+
+/*
+ * A persistent security identifier (PSID) is a fixed-size
+ * value that is assigned by the file system component
+ * to each security context associated with an object
+ * in the file system.  A separate PSID mapping is
+ * maintained for each file system.
+ */
+typedef __u32 psid_t;
+struct psidtab;
+
+#define CUR_SID current->sid 
+
+#ifdef __KERNEL__
+#include <linux/sched.h>
+#include <linux/spinlock.h>
+#include <linux/interrupt.h>
+#include <asm/semaphore.h>
+
+/*
+ * Use this for memory allocation flags (e.g. for kmalloc()) when the 
+ * interrupt state is unknown.
+ */
+#define SAFE_ALLOC (in_interrupt () ? GFP_ATOMIC : GFP_KERNEL)
+
+/*
+ * Use these for semaphores when the interrupt state is unknown.
+ */
+
+static inline int safe_down(struct semaphore *sem)
+{
+	if (in_interrupt()) {
+		if (down_trylock(sem))
+			return -EAGAIN;
+	} else {
+		down(sem);
+	}
+	return 0;
+}
+
+static inline void safe_up(struct semaphore *sem)
+{
+	up(sem);
+}
+#endif
+
+#endif
+
diff --minimal -Nru a/security/selinux/include/linux/flask/initial_sid_to_string.h b/security/selinux/include/linux/flask/initial_sid_to_string.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/initial_sid_to_string.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,37 @@
+/* This file is automatically generated.  Do not edit. */
+static char *initial_sid_to_string[] =
+{
+    "null",
+    "kernel",
+    "security",
+    "unlabeled",
+    "fs",
+    "file",
+    "file_labels",
+    "init",
+    "proc",
+    "any_socket",
+    "port",
+    "netif",
+    "netmsg",
+    "node",
+    "icmp_socket",
+    "tcp_socket",
+    "proc_kmsg",
+    "proc_kcore",
+    "sysctl_modprobe",
+    "sysctl",
+    "sysctl_fs",
+    "sysctl_kernel",
+    "sysctl_net",
+    "sysctl_net_unix",
+    "sysctl_vm",
+    "sysctl_dev",
+    "kmod",
+    "devpts",
+    "nfs",
+    "policy",
+    "tmpfs",
+    "devfs",
+};
+
diff --minimal -Nru a/security/selinux/include/linux/flask/psid.h b/security/selinux/include/linux/flask/psid.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/psid.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,87 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * The persistent label mapping was originally written while I was 
+ * employed by NSA, but I modified it after joining NAI Labs for
+ * the new LSM-based SELinux prototype to maintain the inode-to-PSID
+ * mapping in a regular file rather than using a spare field in the
+ * on-disk inode, since LSM does not provide filesystem-specific hooks.
+ * I've also made other minor revisions, including bug fixes.
+ */
+
+#ifndef _LINUX_FLASK_PSID_H_
+#define _LINUX_FLASK_PSID_H_
+
+/*
+ * Persistent label mappings. 
+ */
+
+#include <linux/types.h>
+#include <linux/flask/flask.h>
+#include <linux/fs.h>
+
+/*
+ * Initialize the PSID mapping on the file system `sb'.
+ * If `sb' is an unlabeled file system and it is being
+ * mounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_init(struct super_block *sb);
+
+/*
+ * If `sb' is an unlabeled file system that was 
+ * originally mounted read-only and is now being 
+ * remounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_remount(struct super_block *sb);
+
+/*
+ * Free any memory and release any files used for
+ * the PSID mapping of `sb'.
+ */
+void psid_release(struct super_block *sb);
+
+/*
+ * Look up the PSID of `inode' in the PSID mapping
+ * and return the SID for the corresponding 
+ * security context.
+ */
+int psid_to_sid(
+	struct inode *inode, security_id_t *out_sid);
+
+/*
+ * Look up the security context associated with the 
+ * SID `sid' in the PSID mapping and set the PSID
+ * for the inode accordingly.  If no PSID exists in
+ * the PSID mapping for the security context, then
+ * allocate a new PSID and assign it to the security
+ * context.
+ */
+int sid_to_psid(
+	struct inode *inode,
+	security_id_t sid);
+
+/*
+ * Clear the PSID associated with `inode'.
+ */
+int clear_psid(struct inode *inode);
+
+/*
+ * Change the file system security and the 
+ * default file security context in the PSID
+ * mapping of `sb' to the security contexts
+ * associated with `fs_sid' and `f_sid'.
+ * If either `fs_sid' or `f_sid' is null,
+ * then do not change the corresponding
+ * security context.
+ */
+int psid_chsidfs(struct super_block *sb, 
+		 security_id_t fs_sid,
+		 security_id_t f_sid);
+
+#endif /* _LINUX_FLASK_PSID_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/security.h b/security/selinux/include/linux/flask/security.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/security.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,161 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * The security server was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+#ifndef _LINUX_SECURITY_H_
+#define _LINUX_SECURITY_H_
+
+/*
+ * Security server interface.
+ */
+
+#include <linux/flask/flask.h>
+
+/* Initialize the security server */
+int security_init(void); 
+
+/*
+ * Compute access vectors based on a SID pair for
+ * the permissions in a particular class.
+ */
+int security_compute_av(
+	security_id_t ssid,			/* IN */
+	security_id_t tsid,			/* IN */
+	security_class_t tclass,		/* IN */
+	access_vector_t requested,		/* IN */
+	access_vector_t *allowed,		/* OUT */
+	access_vector_t *decided,		/* OUT */
+	access_vector_t *auditallow,		/* OUT */
+	access_vector_t *auditdeny,		/* OUT */
+	__u32 *seqno);			/* OUT */
+
+/*
+ * Compute a SID to use for labeling a new object in the 
+ * class `tclass' based on a SID pair.  
+ */
+int security_transition_sid(
+	security_id_t ssid,			/* IN */
+	security_id_t tsid,			/* IN */
+	security_class_t tclass,		/* IN */
+	security_id_t *out_sid);	        /* OUT */
+
+/*
+ * Compute a SID to use when selecting a member of a 
+ * polyinstantiated object of class `tclass' based on 
+ * a SID pair.
+ */
+int security_member_sid(
+	security_id_t ssid,			/* IN */
+	security_id_t tsid,			/* IN */
+	security_class_t tclass,		/* IN */
+	security_id_t *out_sid);	        /* OUT */
+
+/*
+ * Compute a SID to use for relabeling an object in the 
+ * class `tclass' based on a SID pair.  
+ */
+int security_change_sid(
+	security_id_t ssid,			/* IN */
+	security_id_t tsid,			/* IN */
+	security_class_t tclass,		/* IN */
+	security_id_t *out_sid);	        /* OUT */
+
+/*
+ * Write the security context string representation of 
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size.  Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int security_sid_to_context(
+	security_id_t  sid,			/* IN */
+	security_context_t *scontext,		/* OUT */
+	__u32   *scontext_len);			/* OUT */
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+int security_context_to_sid(
+	security_context_t scontext,		/* IN */
+	__u32   scontext_len,			/* IN */
+	security_id_t *out_sid);		/* OUT */
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'.  The `fs_sid' SID is returned for 
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+int security_fs_sid(
+	char *dev,				/* IN */
+	security_id_t *fs_sid,			/* OUT  */
+	security_id_t *file_sid);		/* OUT */
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+int security_port_sid(
+	__u16 domain,
+	__u16 type,
+	__u8 protocol,
+	__u16 port,
+	security_id_t *out_sid);
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'.  The `if_sid' SID is returned for 
+ * the interface and the `msg_sid' SID is returned as
+ * the default SID for messages received on the
+ * interface.
+ */
+int security_netif_sid(
+	char *name,
+	security_id_t *if_sid,
+	security_id_t *msg_sid);
+
+/*
+ * Return the SID of the node specified by the address
+ * `addr' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_node_sid(
+	__u16 domain,
+	void *addr,
+	__u32 addrlen,
+	security_id_t *out_sid);
+
+
+/*
+ * Return the SIDs to use for a NFS file system mounted
+ * from the address `addr' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_nfs_sid(
+	__u16 domain,
+	void *addr,
+	__u32 addrlen,
+	security_id_t *fs_sid,
+	security_id_t *file_sid);
+
+/*
+ * Return the SID to use for a devfs entry.
+ */
+int security_devfs_sid(
+	char *name,				/* IN */
+	security_class_t sclass,                /* IN */
+	security_id_t *sid);			/* OUT  */
+
+#endif /* _LINUX_SECURITY_H_ */
+
diff --minimal -Nru a/security/selinux/include/linux/flask/syscalls.h b/security/selinux/include/linux/flask/syscalls.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/include/linux/flask/syscalls.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,129 @@
+/* -*- linux-c -*- */
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+#ifndef _LINUX_FLASK_SYSCALLS_H_
+#define _LINUX_FLASK_SYSCALLS_H_
+
+#include <linux/flask/flask_types.h>
+
+#include <asm/flask/unistd.h>
+
+#define SELINUX_MAGIC 0xf97cff8c 
+
+/* Call values for lsm. */
+#define SELINUXCALL_COMPUTE_AV     1
+#define SELINUXCALL_NOTIFY_PERM    2
+#define SELINUXCALL_TRANSITION_SID 3
+#define SELINUXCALL_MEMBER_SID     4
+#define SELINUXCALL_SID_TO_CONTEXT 5
+#define SELINUXCALL_CONTEXT_TO_SID 6
+#define SELINUXCALL_LOAD_POLICY    7
+#define SELINUXCALL_CHANGE_SID     8
+#define SELINUXCALL_GET_SIDS       9
+#define SELINUXCALL_GET_USER_SIDS 10
+#define SELINUXCALL_AVC_TOGGLE    11
+#define SELINUXCALL_GETSECSID     12
+#define SELINUXCALL_GETOSECSID    13
+#define SELINUXCALL_LSTAT         14
+#define SELINUXCALL_LCHSID        15
+#define SELINUXCALL_STAT          16
+#define SELINUXCALL_CHSID         17
+#define SELINUXCALL_FSTAT         18
+#define SELINUXCALL_FCHSID        19
+#define SELINUXCALL_OPEN          20
+#define SELINUXCALL_MKDIR         21
+#define SELINUXCALL_MKNOD         22
+#define SELINUXCALL_SYMLINK       23
+#define SELINUXCALL_STATFS        24
+#define SELINUXCALL_FSTATFS       25
+#define SELINUXCALL_CHSIDFS       26
+#define SELINUXCALL_FCHSIDFS      27
+
+#define SELINUXCALL_SHMSID        28
+#define SELINUXCALL_SEMSID        29
+#define SELINUXCALL_MSGSID        30
+#define SELINUXCALL_SHMGET        31
+#define SELINUXCALL_SEMGET        32
+#define SELINUXCALL_MSGGET        33
+#define SELINUXCALL_MSGSND        34
+#define SELINUXCALL_MSGRCV        35
+
+#define SELINUXCALL_EXECVE        36
+
+#define SELINUXCALL_STAT64        37
+#define SELINUXCALL_LSTAT64       38
+#define SELINUXCALL_FSTAT64       39
+
+#define SELINUXCALL_AVC_ENFORCING 40
+
+#define SELINUXCALL_NUM           40
+
+/* Structure definitions for compute_av call */
+struct security_query {
+	security_id_t ssid;
+	security_id_t tsid;
+	security_class_t tclass;
+	access_vector_t requested;
+};
+
+struct security_response {
+	access_vector_t allowed;
+	access_vector_t decided;
+	access_vector_t auditallow;
+	access_vector_t auditdeny;
+	access_vector_t notify;
+	__u32 seqno;
+};
+
+#ifdef __KERNEL__
+extern long sys_security_compute_av(struct security_query *query, 
+				    struct security_response *response);
+
+extern long sys_security_sid_to_context(security_id_t sid,	
+					security_context_t scontext,	
+					__u32 *scontext_len);
+
+extern long sys_security_context_to_sid(security_context_t scontext,	
+					__u32 scontext_len,	
+					security_id_t * out_sid);
+
+extern long sys_security_transition_sid(security_id_t ssid,	
+					security_id_t tsid,	
+					security_class_t tclass, 
+					security_id_t * out_sid );
+
+extern long sys_security_change_sid(security_id_t ssid,	
+				    security_id_t tsid,	
+				    security_class_t tclass, 
+				    security_id_t * out_sid );
+
+extern long sys_security_member_sid(security_id_t ssid,	
+				    security_id_t tsid,	
+				    security_class_t tclass,	
+				    security_id_t * out_sid);
+
+extern long sys_security_load_policy(char *path,
+				     __u32 pathlen);
+
+extern long sys_security_notify_perm(security_id_t ssid,	
+				     security_id_t tsid,	
+				     security_class_t tclass, 
+				     access_vector_t requested);
+
+extern long sys_security_get_sids(security_id_t * sids,
+				  __u32 *nel);
+
+extern long sys_security_get_user_sids(security_id_t fromsid,
+				       char *username, 
+				       __u32 namelen,
+				       security_id_t * sids,
+				       __u32 *nel);
+
+extern long sys_avc_toggle(void);
+extern long sys_avc_enforcing(void);
+
+#endif /* __KERNEL__ */
+
+#endif
+
diff --minimal -Nru a/security/selinux/psid.c b/security/selinux/psid.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/psid.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1113 @@
+/* -*- linux-c -*- */
+
+/*
+ * Implementation of the persistent label mapping.
+ *
+ * Author:  Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *
+ * The persistent label mapping was originally written while I was 
+ * employed by NSA, but I modified it after joining NAI Labs for
+ * the new LSM-based SELinux prototype to maintain the inode-to-PSID
+ * mapping in a regular file rather than using a spare field in the
+ * on-disk inode, since LSM does not provide filesystem-specific hooks.
+ * I've also made other minor revisions, including bug fixes.
+ *
+ * The mapping is currently implemented using
+ * regular files in a fixed subdirectory of the
+ * root directory of each file system.  The "contexts" 
+ * file stores the security contexts associated with
+ * objects in the file system.  The "index" file
+ * stores (offset, length) pairs for the security 
+ * contexts in the "contexts" file, indexed by 
+ * persistent SID (PSID). The "inodes" file stores 
+ * PSIDs for the files in the file system, indexed by
+ * inode number.
+ */
+
+#include <linux/config.h>
+
+#include <linux/types.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/security.h>
+#include <linux/flask/psid.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+#include <asm/uaccess.h>
+#include <asm/semaphore.h>
+#include "selinux_plug.h"
+
+#if 0
+#define DPRINTF(args...) printk(KERN_ALERT args)
+#else
+#define DPRINTF(args...)
+#endif
+
+/* Read or write at an absolute offset.  The offset is only an
+   input parameter. */
+static inline ssize_t read_abs(struct file *fp, char *buf, size_t len, loff_t off) 
+{
+  return fp->f_op->read(fp, buf, len, &off);
+}
+static inline ssize_t write_abs(struct file *fp, const char *buf, size_t len, loff_t off) 
+{
+  return fp->f_op->write(fp, buf, len, &off);
+}
+
+
+/*
+ * Subdirectory for the PSID mapping files.
+ */
+#define PSEC_SECDIR "...security"
+#define PSEC_SECDIR_MODE 0700
+
+/*
+ * The PSID mapping files
+ */
+#define PSEC_CONTEXTS   0	/* security contexts */
+#define PSEC_INDEX      1	/* psid -> (offset, len) of context */
+#define PSEC_INODES     2	/* ino -> psid */
+#define PSEC_NFILES	3	/* total number of security files */
+
+static char *psec_sfiles[PSEC_NFILES] = 
+{
+	"contexts",
+	"index", 
+	"inodes"
+};
+
+#define PSEC_SECFILE_MODE (S_IFREG | 0600)
+
+
+/*
+ * Record structure for entries in index file.
+ */
+typedef struct 
+{
+	loff_t ofs;	/* offset within file, in bytes */
+	size_t len;	/* length of context, in bytes */
+} s_index_t;
+
+#define SINDEX_MASK (sizeof(s_index_t)-1)
+
+/*
+ * For each mounted file system, we maintain a
+ * incore cache that maps between PSIDs and SIDs.
+ * The current implementation loads the entire
+ * PSID mapping into this "cache" at mount time,
+ * but the intent is to change the implementation
+ * to load from the mapping on demand.  
+ */
+typedef struct psidtab_node {
+	psid_t psid;
+	security_id_t sid;
+	struct psidtab_node *next;
+} psidtab_node_t;
+
+#define PSIDTAB_SLOTS 32
+#define BAD_PSIDS 32
+
+struct psidtab {
+	psidtab_node_t *slots[PSIDTAB_SLOTS];	/* PSID cache */
+	int    initialized;	/* is the PSID mapping initialized? */
+	psid_t next_psid;	/* next PSID to be allocated */
+	loff_t next_context;    /* offset of next context */
+	struct file files[PSEC_NFILES];  /* mapping files */
+#define contexts_fp files[PSEC_CONTEXTS] /* contexts file */
+#define index_fp files[PSEC_INDEX]	 /* index file */
+#define inodes_fp files[PSEC_INODES]       /* inode file */
+	psid_t bad_psids[BAD_PSIDS];     /* bad PSIDs */
+	int n_bad;			 /* number of bad PSIDs */
+	s_index_t raw_sindex;		 /* PSID 0 */
+	spinlock_t lock;
+	struct semaphore sem;
+};
+typedef struct psidtab psidtab_t;
+
+#define PSIDTAB_HASH(psid) (psid & (PSIDTAB_SLOTS - 1))
+
+
+/*
+ * Two PSIDs are reserved:  PSID 0
+ * refers to the security context to
+ * assign to unlabeled objects in the
+ * file system and PSID 1 refers to the
+ * security context of the file system itself.
+ */
+#define FILE_PSID 0
+#define FS_PSID   1
+
+/*
+ * Create a PSID cache.
+ */
+static int psidtab_create(psidtab_t **tp)
+{
+	psidtab_t 	*t;
+
+
+	t = (psidtab_t *) kmalloc(sizeof(psidtab_t), GFP_KERNEL);
+	if (!t)
+		return -ENOMEM;
+	memset(t, 0, sizeof(psidtab_t));
+	t->lock = SPIN_LOCK_UNLOCKED;
+	init_MUTEX(&t->sem);
+	*tp = t;
+	return 0;
+}
+
+
+/* 
+ * Release the PSID mapping files and
+ * free the memory used by the PSID cache.
+ */
+static void psidtab_destroy(psidtab_t *t)
+{
+	psidtab_node_t     *cur, *tmp;
+	int             hvalue, i;
+
+
+	for (i = 0; i < PSEC_NFILES; i++) {
+		if (t->files[i].f_dentry) {
+			dput(t->files[i].f_dentry);
+		}
+	}
+
+	for (hvalue = 0; hvalue < PSIDTAB_SLOTS; hvalue++) {
+		cur = t->slots[hvalue];
+		while (cur) {
+			tmp = cur;
+			cur = cur->next;
+			kfree(tmp);
+		}
+	}
+
+	kfree(t);
+}
+
+
+/*
+ * Insert an entry for the pair (`psid', `sid') in the PSID cache.
+ */
+static int psidtab_insert(psidtab_t *t, psid_t psid, security_id_t sid)
+{
+	psidtab_node_t     *new;
+	int             hvalue;
+
+
+	hvalue = PSIDTAB_HASH(psid);	
+	new = (psidtab_node_t *) kmalloc(sizeof(psidtab_node_t), GFP_KERNEL);
+	if (!new) {
+		return -ENOMEM;
+	}
+	new->psid = psid;
+	new->sid = sid;
+	new->next = t->slots[hvalue];
+	wmb();
+	t->slots[hvalue] = new;
+	return 0;
+}
+
+
+/*
+ * Return the SID associated with the 
+ * PSID `psid' in the PSID cache.
+ * Return 0 if no match is found.
+ */
+static security_id_t psidtab_search_psid(psidtab_t *t, psid_t psid)
+{
+	psidtab_node_t     *cur;
+	int             hvalue;
+
+
+	hvalue = PSIDTAB_HASH(psid);
+	for (cur = t->slots[hvalue]; cur ; cur = cur->next) {
+		if (psid == cur->psid)
+			return cur->sid;
+	}
+
+	return 0;
+}
+
+
+/*
+ * Return the PSID associated with the 
+ * SID `sid' in the PSID cache.
+ * If 'reserved' is zero, then a reserved PSID is not 
+ * returned even if it matches.
+ * Return 0 if no match is found.
+ */
+static psid_t psidtab_search_sid(psidtab_t *t, security_id_t sid, int reserved)
+{
+	psidtab_node_t     *cur;
+	int             hvalue;
+
+
+	for (hvalue = 0; hvalue < PSIDTAB_SLOTS; hvalue++) {
+		for (cur = t->slots[hvalue]; cur; cur = cur->next) {
+			if (sid == cur->sid && 
+			    ((cur->psid > FS_PSID) || reserved))
+				return cur->psid;
+		}
+	}
+	
+	return 0;
+}
+
+
+/*
+ * Change the SID associated with PSID `psid'
+ * to the SID `sid' in the PSID cache.
+ */
+static void psidtab_change_psid(psidtab_t *t, 
+				psid_t psid, security_id_t sid)
+{
+	psidtab_node_t     *cur;
+	int             hvalue;
+
+
+	hvalue = PSIDTAB_HASH(psid);
+	for (cur = t->slots[hvalue]; cur ; cur = cur->next) {
+		if (psid == cur->psid) {
+			cur->sid = sid;
+			return;
+		}
+	}
+
+	return;
+}
+
+#if 0
+static void psidtab_hash_eval(psidtab_t *t, char *tag)
+{
+	int             i, nel, chain_len, max_chain_len, slots_used;
+	psidtab_node_t     *node;
+
+	nel = 0;
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < PSIDTAB_SLOTS; i++) {
+		node = t->slots[i];
+		if (node) {
+			slots_used++;
+			chain_len = 0;
+			while (node) {
+				nel++;
+				chain_len++;
+				node = node->next;
+			}
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	printk("\n%s psidtab:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, nel, slots_used, PSIDTAB_SLOTS, max_chain_len);
+}
+#else
+#define psidtab_hash_eval(t, tag) 
+#endif
+
+
+/*
+ * Allocate and return a new PSID for the 
+ * security context associated with the 
+ * SID `newsid'.  
+ */
+static int newpsid(psidtab_t *t,
+		   security_id_t newsid,
+		   psid_t *out_psid)
+{
+	security_context_t context;
+	s_index_t raw_sindex;
+	psid_t psid;
+	loff_t off;
+	size_t len;
+	int rc;
+
+
+	DPRINTF("newpsid:  obtaining psid for sid %d\n", newsid);
+
+	rc = security_sid_to_context(newsid, &context, &len);
+	if (rc)
+		return -EACCES;
+	DPRINTF("newpsid:  sid %d -> context %s\n", newsid, context);
+
+	/*
+	 * Append the security context to the contexts file.
+	 */
+	spin_lock(&t->lock);
+	off = t->next_context;
+	t->next_context += len;
+	spin_unlock(&t->lock);
+	rc = write_abs(&t->contexts_fp, context, len, off);
+	if (rc < 0) {
+		printk("newpsid:  error %d in writing to contexts\n", -rc);
+		kfree(context);
+		return rc;
+	}
+	DPRINTF("newpsid:  added %s to contexts at %Ld\n", 
+		context, off);
+	kfree(context);
+
+	/*
+	 * Write the index record at the location
+	 * for the next allocated PSID.
+	 */
+	raw_sindex.ofs = cpu_to_le64(off);
+	raw_sindex.len = cpu_to_le32(len);
+	spin_lock(&t->lock);
+	psid = t->next_psid++;
+	spin_unlock(&t->lock);
+	rc = write_abs(&t->index_fp, (const char*)&raw_sindex, sizeof(s_index_t), psid * sizeof(s_index_t));
+	if (rc < 0) {
+		printk("newpsid:  error %d in writing to index\n", -rc);
+		return rc;
+	}
+	DPRINTF("newpsid:  added new psid %d = (%Ld,%d) to index\n", 
+		psid, off, len); 
+
+	/*
+	 * Add the (`psid', `newsid') pair to the PSID cache.
+	 */
+	rc = psidtab_insert(t, psid, newsid);
+	if (rc)
+		return rc;
+
+	DPRINTF("newpsid:  added (%d, %d) to psidtab\n", psid, newsid);
+
+	*out_psid = psid;
+	return 0;
+}
+
+
+/*
+ * Initialize the incore data in `t' for a PSID mapping
+ * from the PSID mapping files in the  file system `sb'.
+ * Set the SID of `sb' and the SIDs of the inodes for the
+ * root directory, the mapping directory and the mapping
+ * files.
+ *
+ * If the file system is unlabeled and the 
+ * file system is being mounted read-write, then 
+ * create a new PSID mapping on it.  
+ */
+static int psidfiles_init(struct super_block *sb, psidtab_t *t)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	struct dentry *dir, *file;
+	int index;
+	int need_to_init = 0;
+	s_index_t sindex, raw_sindex;
+	security_id_t fs_sid, file_sid, sid;
+	psid_t file_psid, fs_psid, raw_psid;
+	loff_t pos;
+	char *cbuf;
+	int rc = 0;
+
+	DPRINTF("psidfiles_init:  looking up %s\n", PSEC_SECDIR);
+	dir = lookup_one_len(PSEC_SECDIR, sb->s_root, strlen(PSEC_SECDIR));
+	rc = PTR_ERR(dir);
+	if (IS_ERR(dir)) {
+		printk("psidfiles_init:  lookup_one returned %d\n", -rc);
+		goto bad;
+	}
+
+	if (!dir->d_inode) {
+		if ((sb->s_flags & MS_RDONLY) == 0) {
+			/*
+			 * The mapping subdirectory did not exist.  
+			 * Since the file system is mounted 
+			 * read-write, create it.
+			 */
+			DPRINTF("psidfiles_init:  %s did not exist; creating\n", 
+				PSEC_SECDIR);
+
+			need_to_init = 1;
+
+			if (!sb->s_root->d_inode->i_op || 
+			    !sb->s_root->d_inode->i_op->mkdir) {
+				printk("psidfiles_init:  no mkdir support\n");
+				rc = -EPERM;
+				dput(dir);
+				goto bad;
+			}
+
+			rc = sb->s_root->d_inode->i_op->mkdir(
+				sb->s_root->d_inode, dir, 
+				PSEC_SECDIR_MODE);
+			if (rc) {
+				printk("psidfiles_init:  mkdir returned %d\n", -rc);
+				dput(dir);	
+				goto bad;
+			}
+		} else {
+			/*
+			 * The mapping subdirectory did not exist.  
+			 * Since the file system is mounted 
+			 * read-only, no mapping can be created.
+			 * Obtain the SID of the file system and the
+			 * default file SID from the security server
+			 * and return without setting the initialized
+			 * flag.  
+			 */
+			DPRINTF("psidfiles_init:  %s did not exist; read-only\n", PSEC_SECDIR);
+
+			dput(dir);
+
+			rc = security_fs_sid((char *)kdevname(sb->s_dev), 
+					     &fs_sid, &file_sid);
+			if (rc) 
+				goto bad;
+
+			sbsec->sid = fs_sid;
+			inode_security_set_sid(sb->s_root->d_inode, file_sid);
+
+			return 0;
+		}
+	}
+
+	/* Set the SID on the mapping subdirectory */
+	inode_security_set_sid(dir->d_inode, SECINITSID_FILE_LABELS);
+	
+	/* Look up or create each mapping file */
+	for (index = 0; index < PSEC_NFILES; index++) {
+		DPRINTF("psidfiles_init:  checking for %s\n",
+			psec_sfiles[index]);
+		file = lookup_one_len(psec_sfiles[index], dir, strlen(psec_sfiles[index]));
+		rc = PTR_ERR(file);
+		if (IS_ERR(file)) {
+			printk("psidfiles_init:  lookup_one returned %d\n", -rc);
+			goto bad;
+		}
+
+		if (!file->d_inode) {
+			/*
+			 * The mapping file did not exist.  
+			 * If the mapping subdirectory was just created,
+			 * then create the mapping file.  Otherwise,
+			 * fail.
+			 */
+			if (!need_to_init) {
+				printk("psidfiles_init:  %s did not exist\n",
+				       psec_sfiles[index]);
+				rc = -ENOENT;
+				goto bad_file;
+			}
+
+			DPRINTF("psidfiles_init:  %s did not exist; creating\n", 
+				psec_sfiles[index]);
+
+			if (!dir->d_inode->i_op || 
+			    !dir->d_inode->i_op->create) {
+				printk("psidfiles_init:  no create support!\n");
+				rc = -ENOENT;
+				goto bad_file;
+			}
+
+			rc = dir->d_inode->i_op->create(
+				dir->d_inode, 
+				file, 
+				PSEC_SECFILE_MODE);
+			if (rc) {
+				printk("psidfiles_init:  create returned %d\n", -rc);
+				goto bad_file;
+			}
+		}
+
+		/* Set the SID on the mapping file */
+		inode_security_set_sid(file->d_inode, SECINITSID_FILE_LABELS);
+
+		/* "Open" the file and set it for synchronous writes */
+		rc = init_private_file(&t->files[index], file, 3); 
+		t->files[index].f_flags = O_RDWR;
+		if (index == PSEC_CONTEXTS || index == PSEC_INDEX)
+			t->files[index].f_flags |= O_SYNC;
+		if (rc) {	
+			printk("psidfiles_init:  init_private_file returned %d\n", -rc);
+			goto bad_file;
+		}
+
+		if (!t->files[index].f_op || 
+		    !t->files[index].f_op->read ||
+		    !t->files[index].f_op->write) {
+			printk("psidfiles_init:  no read/write support\n");
+			dput(dir);
+			rc = -ENOENT;
+			goto bad;
+		}
+	}
+
+	dput(dir);
+
+	if (need_to_init) {
+		/*
+		 * The mapping subdirectory and files were just created.
+		 * Obtain the file system and default file SIDs from
+		 * the security server, define the corresponding
+		 * reserved PSIDs, set the initialized flag and return.
+		 */
+		DPRINTF("psidfiles_init:  initializing labeling files\n");
+
+		rc = security_fs_sid((char*)kdevname(sb->s_dev), 
+				     &fs_sid, &file_sid);
+		if (rc)
+			goto bad;
+
+		sbsec->sid = fs_sid;
+		inode_security_set_sid(sb->s_root->d_inode, file_sid);
+
+		rc = newpsid(t, file_sid, &file_psid);
+		if (rc)
+			goto bad;
+
+		if (file_psid) {
+			printk("psidfiles_init:  default file psid should be zero, is %d\n", file_psid);
+			goto bad;
+		}
+		
+		rc = newpsid(t, fs_sid, &fs_psid);
+		if (rc)
+			goto bad;
+
+		if (fs_psid != FS_PSID) {
+			printk("psidfiles_init:  file system psid should be %d, is %d\n", FS_PSID, fs_psid);
+			goto bad;
+		}
+
+		t->initialized = 1;
+
+		return 0;
+	}	
+
+	/*	
+	 * The mapping subdirectory and files already existed.
+	 * Load the mapping files into the PSID cache.  Obtain
+	 * the SIDs for the file system and the root directory
+	 * from the mapping.  Set the initialized flag.
+	 */
+	DPRINTF("psidfiles_init:  reading index and contexts files\n");
+	pos = 0;
+	rc = read_abs(&t->index_fp, (char *)&raw_sindex, sizeof(s_index_t), pos);
+	t->raw_sindex.ofs = raw_sindex.ofs;
+	t->raw_sindex.len = raw_sindex.len;
+	while (rc > 0) {	    
+		sindex.ofs = le64_to_cpu(raw_sindex.ofs);
+		sindex.len = le32_to_cpu(raw_sindex.len);
+
+		DPRINTF("psidfiles_init:  read index (%Ld,%d) at %Ld\n",
+			sindex.ofs, sindex.len, pos);
+
+		cbuf = kmalloc(sindex.len, GFP_KERNEL);
+		if (!cbuf) {
+			rc = -ENOMEM;
+			goto bad;
+		}
+
+		rc = read_abs(&t->contexts_fp, cbuf, sindex.len, sindex.ofs);
+		if (rc < 0) {
+			printk("psidfiles_init:  error %d in reading contexts\n", 
+			       -rc);
+			kfree(cbuf);
+			goto bad;
+		}
+		
+		rc = security_context_to_sid(cbuf, rc, &sid);
+		if (rc) {
+			printk("psidfiles_init:  error %d in obtaining SID for context %s (psid %d).\n", 
+			       -rc, cbuf, t->next_psid);
+			if ((sb->s_flags & MS_RDONLY) == 0) {
+				rc = write_abs(&t->index_fp, 
+					       (const char*)&t->raw_sindex, 
+					       sizeof(s_index_t),
+					       pos);
+				if (rc < 0) {
+					printk("psidfiles_init:  error %d in writing to index for psid %d\n", -rc, t->next_psid);
+				}
+				DPRINTF("psidfiles_init:  remapped psid %d to psid 0\n", 
+					t->next_psid);
+			} else {
+				if (t->n_bad < BAD_PSIDS)
+					t->bad_psids[t->n_bad++] = t->next_psid;
+			}
+			t->next_psid++;
+		}
+		else
+		{
+			DPRINTF("psidfiles_init:  psid %d -> context %s -> sid %d\n",
+				t->next_psid, cbuf, sid);
+
+			rc = psidtab_insert(t, t->next_psid, sid);
+			t->next_psid++;
+			if (rc) {
+				goto bad;
+			}
+		}
+
+		kfree(cbuf);
+
+		pos += sizeof(s_index_t);
+		rc = read_abs(&t->index_fp, (char *)&raw_sindex, 
+			      sizeof(s_index_t), pos);
+	}
+
+	if (rc < 0) {
+		printk("psidfiles_init:  error %d in reading index\n", 
+		       -rc);
+		goto bad;
+	}
+
+	fs_sid = psidtab_search_psid(t, FS_PSID);
+	if (!fs_sid) {
+		printk("psidfiles_init:  no SID for fs psid\n");
+		rc = -EINVAL;
+		goto bad;
+	}
+
+	DPRINTF("psidfiles_init:  fs sid %d\n", fs_sid);
+
+	sbsec->sid = fs_sid;
+
+	DPRINTF("psidfiles_init:  reading inodes file for root inode\n");
+
+	rc = read_abs(&t->inodes_fp, (char *)&raw_psid, sizeof(psid_t), 
+		      sb->s_root->d_inode->i_ino * sizeof(psid_t));
+	if (rc < 0) {
+		printk("psidfiles_init:  error %d in reading inodes\n", 		
+		       -rc);
+		goto bad;
+	}
+	if (rc == 0)
+		file_psid = 0;
+	else
+		file_psid = le32_to_cpu(raw_psid);
+
+	sid = psidtab_search_psid(t, file_psid);
+	if (!sid) {
+		printk("psidfiles_init:  root inode is unlabeled\n");
+		sid = SECINITSID_UNLABELED;
+	}
+
+	inode_security_set_sid(sb->s_root->d_inode, sid);
+
+	{ 
+		struct inode *inode = t->contexts_fp.f_dentry->d_inode;
+
+		down(&inode->i_sem);
+		t->next_context = inode->i_size;
+		up(&inode->i_sem);
+	}
+
+	t->initialized = 1;
+
+	return 0;
+
+bad_file:
+	dput(file);
+	dput(dir);
+bad:	
+	printk("psidfiles_init:  initialization failed, error %d\n", -rc);
+	return rc;
+}
+
+
+/*
+ * Initialize the PSID mapping on the file system `sb'.
+ * If `sb' is an unlabeled file system and it is being
+ * mounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_init(struct super_block *sb)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	psidtab_t *t = sbsec->psidtab;
+	mm_segment_t old_fs;
+	int rc;
+
+
+	if (t) {
+		printk("psid_init:  already initialized this super block\n");
+		return -EACCES;
+	}
+
+	DPRINTF("psid_init:  creating psidtab\n");
+
+	rc = psidtab_create(&t);
+	if (rc)
+		return rc;
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	rc = psidfiles_init(sb, t);
+	set_fs(old_fs);
+	if (rc)	{
+		psidtab_destroy(t);
+		sbsec->psidtab = 0;
+		return rc;
+	}
+	if (t->initialized)
+		psidtab_hash_eval(t, "init");
+
+	sbsec->psidtab = t;
+	return 0;
+}
+
+
+/*
+ * If `sb' is an unlabeled file system that was 
+ * originally mounted read-only and is now being 
+ * remounted read-write, then create a new PSID mapping
+ * on it.
+ */
+int psid_remount(struct super_block *sb)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	psidtab_t *t = sbsec->psidtab;
+	mm_segment_t old_fs;
+	int i, rc;
+	
+
+	if (!t) {
+		printk("psid_remount:  uninitialized super block\n");
+		return -EACCES;
+	}
+
+	if (!t->initialized) {
+		old_fs = get_fs();
+		set_fs(KERNEL_DS);
+		rc = psidfiles_init(sb, t);
+		set_fs(old_fs);
+		if (rc)	{
+			psidtab_destroy(t);
+			sbsec->psidtab = 0;
+			panic("VFS:  psid_remount failed (rc=%d)", rc);
+			return rc;
+		}
+	} else if (t->n_bad) {
+		old_fs = get_fs();
+		set_fs(KERNEL_DS);
+		for (i = 0; i < t->n_bad; i++) {
+			rc = write_abs(&t->index_fp, 
+				       (const char*)&t->raw_sindex, 
+				       sizeof(s_index_t), 
+				       t->bad_psids[i] * sizeof(s_index_t));
+
+			if (rc < 0) {
+				printk("psid_remount:  error %d in writing to index for psid %d\n", -rc, t->bad_psids[i]);
+			}
+			DPRINTF("psid_remount:  remapped psid %d to psid 0\n", 
+				t->bad_psids[i]);
+		}
+		set_fs(old_fs);
+		t->n_bad = 0;
+	}
+
+	if (t->initialized)
+		psidtab_hash_eval(t, "remount");
+
+	return 0;
+}
+
+
+/*
+ * Free any memory and release any files used for
+ * the PSID mapping of `sb'.
+ */
+void psid_release(struct super_block *sb)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	if (!sbsec->psidtab) {
+		printk("psid_release:  uninitialized super block\n");
+		return;
+	}
+
+	DPRINTF("psid_release:  destroying psidtab\n");
+
+	if (sbsec->psidtab->initialized)
+		psidtab_hash_eval(sb->s_security, "release");
+
+	psidtab_destroy(sbsec->psidtab);
+	sbsec->psidtab = 0;
+}
+
+
+/*
+ * Look up the PSID of `inode' in the PSID mapping
+ * and return the corresponding SID.
+ */
+int psid_to_sid(struct inode *inode, security_id_t *out_sid)
+{
+	struct super_block *sb = inode->i_sb;
+	struct superblock_security_struct *sbsec = sb->s_security;
+	struct inode_security_struct *isec;
+	psidtab_t *t = sbsec->psidtab;
+	psid_t psid, raw_psid;
+	security_id_t sid;
+	mm_segment_t old_fs;
+	int rc;
+
+	if (!t) {
+		printk("psid_to_sid:  ino %ld -> unlabeled\n", inode->i_ino);
+		*out_sid = SECINITSID_UNLABELED;
+		return 0;
+	}
+
+	if (!t->initialized) {
+		isec = sb->s_root->d_inode->i_security;
+		*out_sid = isec->sid;
+		return 0;
+	}
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	rc = read_abs(&t->inodes_fp, (char *)&raw_psid, sizeof(psid_t), inode->i_ino * sizeof(psid_t));
+	set_fs(old_fs);
+	if (rc < 0) {
+		printk("psid_to_sid:  unable to read inodes for %ld, using unlabeled\n", 
+		       inode->i_ino);
+		*out_sid = SECINITSID_UNLABELED;
+		return 0;
+	}
+	if (rc == 0)
+		psid = 0;
+	else
+		psid = le32_to_cpu(raw_psid);
+
+	sid = psidtab_search_psid(t, psid);
+	if (!sid) {
+		printk("psid_to_sid:  no SID for psid %d\n", psid);
+		sid = psidtab_search_psid(t, 0);
+		if (!sid) {
+			printk("psid_to_sid:  psid %d -> unlabeled\n", psid);
+			inode_security_set_sid(inode, SECINITSID_UNLABELED);
+			return 0;
+		}
+	}
+
+	*out_sid = sid;
+
+	return 0;
+}
+
+
+/*
+ * Look up the security context associated with the 
+ * SID `sid' in the PSID mapping and set the PSID
+ * for the inode accordingly.  If no PSID exists in
+ * the PSID mapping for the security context, then
+ * allocate a new PSID and assign it to the security
+ * context.
+ */
+int sid_to_psid(struct inode *inode,
+		security_id_t sid)
+{
+	struct super_block *sb = inode->i_sb;
+	struct superblock_security_struct *sbsec = sb->s_security;
+	psidtab_t *t = sbsec->psidtab;
+	psid_t          psid, raw_psid;
+	int rc = 0;
+	mm_segment_t old_fs;
+
+	if (!t || !t->initialized) {
+		return 0;
+	}
+
+	psid = psidtab_search_sid(t, sid, 0);
+	if (!psid) {
+		down(&t->sem);
+		/* Rescan now that we hold the semaphore */
+		psid = psidtab_search_sid(t, sid, 0);
+		if (psid) 
+			goto up_out;
+		/* No PSID for this SID - allocate a new one. */
+		if (sb->s_flags & MS_RDONLY) {
+			rc = -EACCES;
+			goto up_out;
+		}
+
+		old_fs = get_fs();
+		set_fs(KERNEL_DS);
+		rc = newpsid(t, sid, &psid);
+		set_fs(old_fs);
+up_out:
+		up(&t->sem);
+	}
+
+	if (rc)
+		return rc;
+
+	raw_psid = cpu_to_le32(psid);
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	rc = write_abs(&t->inodes_fp, (char*)&raw_psid, sizeof(psid_t), 
+		       inode->i_ino * sizeof(psid_t));
+	set_fs(old_fs);
+	if (rc < 0) 
+		return rc;
+	return 0;
+}
+
+int clear_psid(struct inode *inode)
+{
+	struct super_block *sb = inode->i_sb;
+	struct superblock_security_struct *sbsec = sb->s_security;
+	psidtab_t *t = sbsec->psidtab;
+	psid_t          raw_psid;
+	int rc;
+	mm_segment_t old_fs;
+
+	if (!t || !t->initialized) {
+		return 0;
+	}
+
+	raw_psid = 0;
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	rc = write_abs(&t->inodes_fp, (char*)&raw_psid, sizeof(psid_t), 
+		       inode->i_ino * sizeof(psid_t));
+	set_fs(old_fs);
+	if (rc < 0) 
+		return rc;
+	return 0;
+}
+
+
+/*
+ * Change the security context associated
+ * with PSID `psid' in the PSID mapping to
+ * the security context associated with `newsid'.
+ */
+static int chpsid(psidtab_t *t,
+		  psid_t psid,
+		  security_id_t newsid)
+{
+	security_context_t context;
+	s_index_t raw_sindex;
+	psid_t clone_psid;
+	loff_t off;
+	size_t len;
+	int rc = 0;
+
+	DPRINTF("chpsid:  changing psid %d to sid %d\n", psid, newsid);
+
+	psid = psidtab_search_sid(t, newsid, 1);
+	if (psid) {
+		/*
+		 * There is already a PSID for the security context
+		 * associated with `newsid'.  The index record for 
+		 * `psid' can simply be changed to be the same as 
+		 * the index record for this PSID.
+		 */
+		clone_psid = psid;
+		DPRINTF("chpsid:  cloning existing psid %d\n", clone_psid);
+		rc = read_abs(&t->index_fp, 
+			      (char *)&raw_sindex, sizeof(s_index_t), 
+			      clone_psid * sizeof(s_index_t));
+		if (rc < 0) 
+			return rc;
+		
+		off = le64_to_cpu(raw_sindex.ofs);
+		len = le32_to_cpu(raw_sindex.len);
+	} else {
+		/*
+		 * There is no PSID for the security context 
+		 * associated with `newsid'.  Add the security
+		 * context to the contexts file and define a
+		 * new index record for `psid'.
+		 */
+		DPRINTF("chpsid:  adding new entry to contexts\n");
+		rc = security_sid_to_context(newsid, &context, &len);
+		if (rc) 
+			return rc;
+
+		DPRINTF("chpsid:  sid %d -> context %s\n", newsid, context);
+
+		spin_lock(&t->lock);
+		off = t->next_context;
+		t->next_context += len;
+		spin_unlock(&t->lock);
+		rc = write_abs(&t->contexts_fp, context, len, off);
+		if (rc < 0) {
+			kfree(context);
+			return rc;
+		}
+
+		raw_sindex.ofs = cpu_to_le64(off);
+		raw_sindex.len = cpu_to_le32(len);
+
+		DPRINTF("chpsid:  added %s to contexts at %Ld\n", 
+			context, off);
+
+		kfree(context);
+	}
+
+	/*
+	 * Change the index record for `psid'.
+	 */
+	rc = write_abs(&t->index_fp, (const char*)&raw_sindex, sizeof(s_index_t), psid * sizeof(s_index_t));
+	if (rc < 0) 
+		return rc;
+
+	DPRINTF("chpsid:  changed psid %d to (%Ld, %d)\n", 
+		psid, off, len); 
+
+	/* 
+	 * Change the SID for `psid' in the PSID cache.
+	 */
+	psidtab_change_psid(t, psid, newsid);
+
+	DPRINTF("chpsid:  changed to (%d, %d) in psidtab\n", psid, newsid);
+
+	return 0;
+}
+
+
+/*
+ * Change the file system security and the 
+ * default file security context in the PSID
+ * mapping of `sb' to the security contexts
+ * associated with `fs_sid' and `f_sid'.
+ * If either `fs_sid' or `f_sid' is null,
+ * then do not change the corresponding
+ * security context.
+ */
+int psid_chsidfs(struct super_block *sb, 
+		 security_id_t fs_sid,
+		 security_id_t f_sid)
+{
+	struct superblock_security_struct *sbsec = sb->s_security;
+	psidtab_t *t = sbsec->psidtab;
+	mm_segment_t old_fs;
+	int rc = 0;
+
+
+	if (sb->s_flags & MS_RDONLY) {
+		DPRINTF("psid_chsidfs:  file system is read-only\n");
+		return -EACCES;
+	}
+
+	if (!t || !t->initialized) {
+		printk("psid_chsidfs:  uninitialized super block\n");
+		return -EACCES;
+	}	
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+
+	down(&t->sem);
+
+	if (fs_sid) {
+		rc = chpsid(t, FS_PSID, fs_sid);
+	}
+	if (f_sid && !rc) {
+		rc = chpsid(t, FILE_PSID, f_sid);
+	}
+
+	up(&t->sem);
+
+	set_fs(old_fs);
+
+	return rc;
+}
diff --minimal -Nru a/security/selinux/selinux_plug.h b/security/selinux/selinux_plug.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/selinux_plug.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,211 @@
+/*
+ *  NSA Security-Enhanced Linux (SELinux) security module
+ *
+ *  This file contains the SELinux security data structures for kernel objects.
+ *
+ *  Author(s):  Stephen Smalley, <ssmalley@nai.com>
+ *              Chris Vance, <cvance@nai.com>
+ *              Wayne Salamon, <wsalamon@nai.com>
+ *
+ *  Copyright (C) 2001 Networks Associates Technology, Inc.
+ * 
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */ 
+#ifndef __SELINUX_PLUG_H
+#define __SELINUX_PLUG_H
+
+#include <linux/flask/flask.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include <linux/list.h>
+#include <linux/sched.h>
+#include <linux/fs.h>
+
+struct task_security_struct {
+        unsigned long magic;           /* magic number for this module */
+	struct task_struct *task;      /* back pointer to task object */
+	struct list_head list;         /* list of task_security_struct */
+	security_id_t osid;            /* SID prior to last execve */
+	security_id_t sid;             /* current SID */
+	security_id_t in_sid[2];       /* input SIDs */
+	security_id_t out_sid[2];      /* output SIDs */
+        avc_entry_ref_t avcr;          /* reference to process permissions */
+};
+
+typedef struct ctl_sid ctl_sid;
+struct ctl_sid {
+	int ctl_name;
+	const char *procname;
+	security_id_t sid;
+	ctl_sid *child;
+};
+
+struct inode_security_struct {
+	unsigned long magic;           /* magic number for this module */
+        struct inode *inode;           /* back pointer to inode object */
+	struct list_head list;         /* list of inode_security_struct */
+	security_id_t task_sid;        /* SID of creating task */
+	security_id_t sid;             /* SID of this object */
+	security_class_t sclass;       /* security class of this object */
+	avc_entry_ref_t avcr;          /* reference to object permissions */
+	unsigned char initialized;     /* initialization flag */
+	unsigned char initializing;    /* initializing flag */
+	ctl_sid *ctl;                  
+	struct semaphore sem;          
+};
+
+struct file_security_struct {
+	unsigned long magic;            /* magic number for this module */
+	struct file *file;              /* back pointer to file object */
+	struct list_head list;          /* list of file_security_struct */
+	security_id_t sid;              /* SID of open file description */
+	security_id_t fown_sid;         /* SID of file owner (for SIGIO) */
+	avc_entry_ref_t avcr;           /* reference to fd permissions */
+	avc_entry_ref_t inode_avcr;     /* reference to object permissions */
+};
+
+struct superblock_security_struct {
+	unsigned long magic;            /* magic number for this module */
+	struct super_block *sb;         /* back pointer to sb object */
+	struct list_head list;          /* list of superblock_security_struct */
+	security_id_t sid;              /* SID of file system */
+	struct psidtab *psidtab;        /* persistent SID mapping */
+	unsigned char uses_psids;       /* uses persistent SID flag */
+	unsigned char initialized;      /* initialization flag */
+	unsigned char initializing;     /* initializing flag */
+	unsigned char uses_task;        /* use creating task SID for inodes */
+	struct semaphore sem;          
+};
+
+struct msg_security_struct {
+        unsigned long magic;		/* magic number for this module */
+	struct msg_msg *msg;		/* back pointer */
+	struct list_head list;		/* list of msg_security_struct */
+	security_id_t sid;              /* SID of message */
+        avc_entry_ref_t avcr;		/* reference to permissions */
+};
+
+struct ipc_security_struct {
+        unsigned long magic;		/* magic number for this module */
+	struct kern_ipc_perm *ipc_perm; /* back pointer */
+	security_class_t sclass;	/* security class of this object */
+	struct list_head list;		/* list of ipc_security_struct */
+	security_id_t sid;              /* SID of IPC resource */
+        avc_entry_ref_t avcr;		/* reference to permissions */
+};
+
+struct netdev_security_struct {
+        unsigned long magic;		/* magic number for this module */
+	struct net_device *dev;		/* back pointer to network device */
+	struct list_head list;		/* list of netdev_security_struct */
+	security_id_t sid;		/* SID of the network device    */
+	security_id_t default_msg_sid;	/* Default SID for received messages */
+        avc_entry_ref_t avcr;		/* reference to permissions */
+};
+
+static inline security_class_t inode_mode_to_security_class(umode_t mode) 
+{
+	switch (mode & S_IFMT) {
+	case S_IFSOCK:
+		return SECCLASS_SOCK_FILE;
+	case S_IFLNK:
+		return SECCLASS_LNK_FILE;
+	case S_IFREG:
+		return SECCLASS_FILE;
+	case S_IFBLK:
+		return SECCLASS_BLK_FILE;
+	case S_IFDIR:
+		return SECCLASS_DIR;
+	case S_IFCHR:
+		return SECCLASS_CHR_FILE;
+	case S_IFIFO:
+		return SECCLASS_FIFO_FILE;
+		
+	}
+
+	return SECCLASS_FILE;
+}
+
+static inline security_class_t socket_type_to_security_class(int family, 
+							     int type)
+{
+	switch (family) {
+	case PF_UNIX:
+		switch (type) {
+		case SOCK_STREAM:
+			return SECCLASS_UNIX_STREAM_SOCKET;
+		case SOCK_DGRAM:
+			return SECCLASS_UNIX_DGRAM_SOCKET;
+		}
+	case PF_INET:
+	case PF_INET6:
+		switch (type) {
+		case SOCK_STREAM:
+			return SECCLASS_TCP_SOCKET;
+		case SOCK_DGRAM:
+			return SECCLASS_UDP_SOCKET;
+		case SOCK_RAW:
+			return SECCLASS_RAWIP_SOCKET;
+		}
+	case PF_NETLINK:
+		return SECCLASS_NETLINK_SOCKET;
+	case PF_PACKET:
+		return SECCLASS_PACKET_SOCKET;
+	case PF_KEY:
+		return SECCLASS_KEY_SOCKET;
+	}
+
+	return SECCLASS_SOCKET;
+}
+
+extern int inode_security_set_sid(struct inode *inode, security_id_t sid);
+
+extern int task_has_system(struct task_struct *tsk, access_vector_t perms);
+
+extern int task_has_security(struct task_struct *tsk, access_vector_t perms);
+
+extern int task_precondition(struct task_struct *task);
+
+extern int inode_precondition(struct inode *inode);
+
+extern int superblock_precondition(struct super_block *sb);
+
+/* Range of port numbers used to automatically bind.
+   Need to determine whether we should perform a name_bind 
+   permission check between the socket and the port number. */
+#ifndef MODULE
+#define ip_local_port_range_0 sysctl_local_port_range[0]
+#define ip_local_port_range_1 sysctl_local_port_range[1]
+#else
+#define ip_local_port_range_0 32768
+#define ip_local_port_range_1 61000
+#endif
+
+/* -ac and -linus have different quotactl interfaces. */
+#include <linux/quota.h>
+
+#ifdef Q_SETINFO
+
+/* -ac */
+#define CASE_QMOD case Q_SETINFO: case Q_SETGRACE: case Q_SETFLAGS:
+#define CASE_QGET case Q_GETINFO:
+
+#else
+
+/* -linus */
+#define CASE_QMOD case Q_RSQUASH:
+#define CASE_QGET 
+
+#endif
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+#define handle_security_init_failure printk("SELinux:  Could not initialize\n")
+#else
+#define handle_security_init_failure panic("SELinux:  Could not initialize\n")
+#endif
+
+#endif /* __SELINUX_PLUG_H */
diff --minimal -Nru a/security/selinux/ss/Makefile b/security/selinux/ss/Makefile
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/Makefile	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,22 @@
+#
+# Makefile for building the SELinux security server as part of the kernel tree.
+#
+
+EXTRA_CFLAGS += -I../include -include global.h -I..
+
+O_TARGET := ss.o
+
+obj-y := ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o init.o syscalls.o 
+obj-m := $(O_TARGET)
+
+ifeq ($(CONFIG_SECURITY_SELINUX_MLS),y)
+obj-y += mls.o
+endif
+
+all: $(O_TARGET) 
+
+clean:
+	rm -f $(O_TARGET) $(O_OBJS) 
+
+include $(TOPDIR)/Rules.make
+
diff --minimal -Nru a/security/selinux/ss/Makefile.in b/security/selinux/ss/Makefile.in
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/Makefile.in	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,10 @@
+
+# Beginnings of a kbuild-2.5 makefile --- offer@sgi.com
+
+objlink(CONFIG_SECURITY_SELINUX ss.o \
+	ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o init.o syscalls.o)
+objlink(CONFIG_SECURITY_SELINUX CONFIG_SECURITY_SELINUX_MLS  ss.o \
+ mls.o)
+
+extra_cflags_all(-Isecurity/selinux -Isecurity/selinux/include -include security/selinux/ss/global.h)
+
diff --minimal -Nru a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/avtab.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,341 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/* 
+ * Implementation of the access vector table type.
+ */
+
+#include "avtab.h"
+#include "policydb.h"
+
+#define HASH_BITS 15
+#define HASH_BUCKETS (1 << HASH_BITS)
+#define HASH_MASK (HASH_BUCKETS-1)
+
+#define AVTAB_SIZE HASH_BUCKETS
+
+#define AVTAB_HASH(keyp) \
+((keyp->target_class + \
+ (keyp->target_type << 2) + \
+ (keyp->source_type << 9)) & \
+ HASH_MASK)
+
+int avtab_insert(avtab_t * h, avtab_key_t * key, avtab_datum_t * datum)
+{
+	int hvalue;
+	avtab_ptr_t prev, cur, newnode;
+
+	if (!h)
+		return -ENOMEM;
+
+	hvalue = AVTAB_HASH(key);
+	for (prev = NULL, cur = h->htable[hvalue];
+	     cur;
+	     prev = cur, cur = cur->next) {
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type == cur->key.target_type &&
+		    key->target_class == cur->key.target_class &&
+		    (datum->specified & cur->datum.specified))
+			return -EEXIST;
+		if (key->source_type < cur->key.source_type)
+			break;
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type < cur->key.target_type)
+			break;
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type == cur->key.target_type &&
+		    key->target_class < cur->key.target_class)
+			break;
+	}
+
+	newnode = (avtab_ptr_t) malloc(sizeof(struct avtab_node));
+	if (newnode == NULL)
+		return -ENOMEM;
+	memset(newnode, 0, sizeof(struct avtab_node));
+	newnode->key = *key;
+	newnode->datum = *datum;
+	if (prev) {
+		newnode->next = prev->next;
+		prev->next = newnode;
+	} else {
+		newnode->next = h->htable[hvalue];
+		h->htable[hvalue] = newnode;
+	}
+
+	h->nel++;
+	return 0;
+}
+
+
+avtab_datum_t *
+ avtab_search(avtab_t * h, avtab_key_t * key, int specified)
+{
+	int hvalue;
+	avtab_ptr_t cur;
+
+
+	if (!h)
+		return NULL;
+
+	hvalue = AVTAB_HASH(key);
+	for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type == cur->key.target_type &&
+		    key->target_class == cur->key.target_class &&
+		    (specified & cur->datum.specified))
+			return &cur->datum;
+
+		if (key->source_type < cur->key.source_type)
+			break;
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type < cur->key.target_type)
+			break;
+		if (key->source_type == cur->key.source_type && 
+		    key->target_type == cur->key.target_type &&
+		    key->target_class < cur->key.target_class)
+			break;
+	}
+
+	return NULL;
+}
+
+
+void avtab_destroy(avtab_t * h)
+{
+	int i;
+	avtab_ptr_t cur, temp;
+
+
+	if (!h)
+		return;
+
+	for (i = 0; i < AVTAB_SIZE; i++) {
+		cur = h->htable[i];
+		while (cur != NULL) {
+			temp = cur;
+			cur = cur->next;
+			free(temp);
+		}
+		h->htable[i] = NULL;
+	}
+	free(h->htable);
+}
+
+
+int avtab_map(avtab_t * h,
+	      int (*apply) (avtab_key_t * k,
+			    avtab_datum_t * d,
+			    void *args),
+	      void *args)
+{
+	int i, ret;
+	avtab_ptr_t cur;
+
+
+	if (!h)
+		return 0;
+
+	for (i = 0; i < AVTAB_SIZE; i++) {
+		cur = h->htable[i];
+		while (cur != NULL) {
+			ret = apply(&cur->key, &cur->datum, args);
+			if (ret)
+				return ret;
+			cur = cur->next;
+		}
+	}
+	return 0;
+}
+
+
+int avtab_init(avtab_t * h)
+{
+	int i;
+
+	h->htable = malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE);
+	if (!h->htable)
+		return -1;
+	for (i = 0; i < AVTAB_SIZE; i++)
+		h->htable[i] = (avtab_ptr_t) NULL;
+	h->nel = 0;
+	return 0;
+}
+
+
+void avtab_hash_eval(avtab_t * h, char *tag)
+{
+	int i, chain_len, slots_used, max_chain_len;
+	avtab_ptr_t cur;
+
+
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < AVTAB_SIZE; i++) {
+		cur = h->htable[i];
+		if (cur) {
+			slots_used++;
+			chain_len = 0;
+			while (cur) {
+				chain_len++;
+				cur = cur->next;
+			}
+
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	printf("%s:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, h->nel, slots_used, AVTAB_SIZE, max_chain_len);
+}
+
+
+int avtab_read(avtab_t * a, FILE * fp, __u32 config)
+{
+	int i, rc;
+	avtab_key_t avkey;
+	avtab_datum_t avdatum;
+	__u32 buf[32];
+	__u32 nel;
+	size_t items, items2;
+
+
+	items = fread(&nel, sizeof(__u32), 1, fp);
+	if (items != 1) {
+		printf("security: avtab: truncated table\n");
+		goto bad;
+	}
+	nel = le32_to_cpu(nel);
+	if (!nel) {
+		printf("security: avtab: table is empty\n");
+		goto bad;
+	}
+	for (i = 0; i < nel; i++) {
+		memset(&avkey, 0, sizeof(avtab_key_t));
+		memset(&avdatum, 0, sizeof(avtab_datum_t));
+
+		items = fread(buf, sizeof(__u32), 1, fp);
+		if (items != 1) {
+			printf("security: avtab: truncated entry\n");
+			goto bad;
+		}
+		items2 = le32_to_cpu(buf[0]);
+		if (items2 > (sizeof(buf) / sizeof(__u32))) {
+			printf("security: avtab: entry too large\n");
+			goto bad;
+		}
+		items = fread(buf, sizeof(__u32), items2, fp);
+		if (items != items2) {
+			printf("security: avtab: truncated entry\n");
+			goto bad;
+		}
+		items = 0;
+		avkey.source_type = le32_to_cpu(buf[items++]);
+		avkey.target_type = le32_to_cpu(buf[items++]);
+		avkey.target_class = le32_to_cpu(buf[items++]);
+		avdatum.specified = le32_to_cpu(buf[items++]);
+		if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) {
+			printf("security: avtab: null entry\n");
+			goto bad;
+		}
+		if ((avdatum.specified & AVTAB_AV) &&
+		    (avdatum.specified & AVTAB_TYPE)) {
+			printf("security: avtab: entry has both access vectors and types\n");
+			goto bad;
+		}
+		if (avdatum.specified & AVTAB_AV) {
+			if (avdatum.specified & AVTAB_ALLOWED)
+				avtab_allowed(&avdatum) = le32_to_cpu(buf[items++]);
+			if (avdatum.specified & AVTAB_AUDITDENY) 
+				avtab_auditdeny(&avdatum) = le32_to_cpu(buf[items++]);
+			if (avdatum.specified & AVTAB_AUDITALLOW) 
+				avtab_auditallow(&avdatum) = le32_to_cpu(buf[items++]);
+		} else {
+			if (avdatum.specified & AVTAB_TRANSITION)
+				avtab_transition(&avdatum) = le32_to_cpu(buf[items++]);
+			if (avdatum.specified & AVTAB_CHANGE)
+				avtab_change(&avdatum) = le32_to_cpu(buf[items++]);
+			if (avdatum.specified & AVTAB_MEMBER)
+				avtab_member(&avdatum) = le32_to_cpu(buf[items++]);
+		}
+		if (items != items2) {
+			printf("security: avtab: entry only had %d items, expected %d\n", items2, items);
+			goto bad;
+		}
+		rc = avtab_insert(a, &avkey, &avdatum);
+		if (rc) {
+			if (rc == -ENOMEM)
+				printf("security: avtab: out of memory\n");
+			if (rc == -EEXIST)
+				printf("security: avtab: duplicate entry\n");
+			goto bad;
+		}
+	}
+
+	return 0;
+
+      bad:
+	avtab_destroy(a);
+	return -1;
+}
+
+
+#ifndef __KERNEL__
+int avtab_write(avtab_t * a, FILE * fp)
+{
+	int i;
+	avtab_ptr_t cur;
+	__u32 buf[32];
+	__u32 nel;
+	size_t items, items2;
+
+	nel = cpu_to_le32(a->nel);
+	items = fwrite(&nel, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+
+	for (i = 0; i < AVTAB_SIZE; i++) {
+		for (cur = a->htable[i]; cur; cur = cur->next) {
+			items = 1;	/* item 0 is used for the item count */
+			buf[items++] = cpu_to_le32(cur->key.source_type);
+			buf[items++] = cpu_to_le32(cur->key.target_type);
+			buf[items++] = cpu_to_le32(cur->key.target_class);
+			buf[items++] = cpu_to_le32(cur->datum.specified);
+			if (!(cur->datum.specified & (AVTAB_AV | AVTAB_TYPE))) {
+				printf("security: avtab: null entry\n");
+				return -1;
+			}
+			if ((cur->datum.specified & AVTAB_AV) &&
+			    (cur->datum.specified & AVTAB_TYPE)) {
+				printf("security: avtab: entry has both access vectors and types\n");
+				return -1;
+			}
+			if (cur->datum.specified & AVTAB_AV) {
+				if (cur->datum.specified & AVTAB_ALLOWED)
+					buf[items++] = cpu_to_le32(avtab_allowed(&cur->datum));
+				if (cur->datum.specified & AVTAB_AUDITDENY)
+					buf[items++] = cpu_to_le32(avtab_auditdeny(&cur->datum));
+				if (cur->datum.specified & AVTAB_AUDITALLOW)
+					buf[items++] = cpu_to_le32(avtab_auditallow(&cur->datum));
+			} else {
+				if (cur->datum.specified & AVTAB_TRANSITION)
+					buf[items++] = cpu_to_le32(avtab_transition(&cur->datum));
+				if (cur->datum.specified & AVTAB_CHANGE)
+					buf[items++] = cpu_to_le32(avtab_change(&cur->datum));
+				if (cur->datum.specified & AVTAB_MEMBER)
+					buf[items++] = cpu_to_le32(avtab_member(&cur->datum));
+			}
+			buf[0] = cpu_to_le32(items - 1);
+
+			items2 = fwrite(buf, sizeof(__u32), items, fp);
+			if (items != items2)
+				return -1;
+		}
+	}
+
+	return 0;
+}
+#endif
+
diff --minimal -Nru a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/avtab.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,80 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * An access vector table (avtab) is a hash table
+ * of access vectors and transition types indexed 
+ * by a type pair and a class.  An access vector
+ * table is used to represent the type enforcement
+ * tables.
+ */
+
+#ifndef _AVTAB_H_
+#define _AVTAB_H_
+
+typedef struct avtab_key {
+	__u32 source_type;	/* source type */
+	__u32 target_type;	/* target type */
+	__u32 target_class;     /* target object class */
+} avtab_key_t;
+
+typedef struct avtab_datum {
+#define AVTAB_ALLOWED     1
+#define AVTAB_AUDITALLOW  2
+#define AVTAB_AUDITDENY   4
+#define AVTAB_AV         (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
+#define AVTAB_TRANSITION 16
+#define AVTAB_MEMBER     32
+#define AVTAB_CHANGE     64
+#define AVTAB_TYPE       (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
+	__u32 specified;	/* what fields are specified */
+        __u32 data[3];          /* access vectors or types */
+#define avtab_allowed(x) (x)->data[0]
+#define avtab_auditdeny(x) (x)->data[1]
+#define avtab_auditallow(x) (x)->data[2]
+#define avtab_transition(x) (x)->data[0]
+#define avtab_change(x) (x)->data[1]
+#define avtab_member(x) (x)->data[2]
+} avtab_datum_t;
+
+typedef struct avtab_node *avtab_ptr_t;
+
+struct avtab_node {
+	avtab_key_t key;
+	avtab_datum_t datum;
+	avtab_ptr_t next;
+};
+
+typedef struct avtab {
+	avtab_ptr_t *htable;
+	__u32 nel;	/* number of elements */
+} avtab_t;
+
+int avtab_init(avtab_t *);
+
+int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
+
+avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k, int specified);
+
+void avtab_destroy(avtab_t * h);
+
+int avtab_map(avtab_t * h,
+	      int (*apply) (avtab_key_t * k,
+			    avtab_datum_t * d,
+			    void *args),
+	      void *args);
+
+void avtab_hash_eval(avtab_t * h, char *tag);
+
+int avtab_read(avtab_t * a, FILE * fp, __u32 config);
+
+#ifndef __KERNEL__
+int avtab_write(avtab_t * a, FILE * fp);
+#endif
+
+#endif	/* _AVTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/constraint.h b/security/selinux/ss/constraint.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/constraint.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,63 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A constraint is a condition that must be satisfied in
+ * order for one or more permissions to be granted.  
+ * Constraints are used to impose additional restrictions
+ * beyond the type-based rules in `te' or the role-based
+ * transition rules in `rbac'.  Constraints are typically
+ * used to prevent a process from transitioning to a new user 
+ * identity or role unless it is in a privileged type.
+ * Constraints are likewise typically used to prevent a
+ * process from labeling an object with a different user
+ * identity.   
+ */
+
+#ifndef _CONSTRAINT_H_
+#define _CONSTRAINT_H_
+
+#include "ebitmap.h"
+
+typedef struct constraint_expr {
+#define CEXPR_NOT		1 /* not expr */
+#define CEXPR_AND		2 /* expr and expr */
+#define CEXPR_OR		3 /* expr or expr */
+#define CEXPR_ATTR		4 /* attr op attr */
+#define CEXPR_NAMES		5 /* attr op names */	
+	__u32 expr_type;	/* expression type */
+
+#define CEXPR_USER 1		/* user */
+#define CEXPR_ROLE 2		/* role */
+#define CEXPR_TYPE 4		/* type */
+#define CEXPR_TARGET 8		/* target if set, source otherwise */
+	__u32 attr;		/* attribute */
+
+#define CEXPR_EQ     1		/* == or eq */
+#define CEXPR_NEQ    2		/* != */
+#define CEXPR_DOM    3		/* dom */
+#define CEXPR_DOMBY  4		/* domby  */
+#define CEXPR_INCOMP 5		/* incomp */
+	__u32 op;		/* operator */
+	
+	ebitmap_t names;	/* names */
+
+	struct constraint_expr *left;
+	struct constraint_expr *right;
+
+	__u32 count;		/* reference count */
+} constraint_expr_t;
+
+
+typedef struct constraint_node {
+	access_vector_t permissions;	/* constrained permissions */
+	constraint_expr_t *expr;	/* constraint on permissions */
+	struct constraint_node *next;	/* next constraint */
+} constraint_node_t;
+
+#endif	/* _CONSTRAINT_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/context.h b/security/selinux/ss/context.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/context.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,113 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy.  Security contexts are
+ * externally represented as variable-length strings
+ * that can be interpreted by a user or application
+ * with an understanding of the security policy. 
+ * Internally, the security server uses a simple
+ * structure.  This structure is private to the
+ * security server and can be changed without affecting
+ * clients of the security server.
+ */
+
+#ifndef _CONTEXT_H_
+#define _CONTEXT_H_
+
+#include "ebitmap.h"
+
+#include "mls_types.h"
+
+/*
+ * A security context consists of an authenticated user
+ * identity, a role, a type and a MLS range.
+ */
+typedef struct context_struct {
+	__u32 user;
+	__u32 role;
+	__u32 type;
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+	mls_range_t range;
+#endif
+} context_struct_t;
+
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+#define mls_context_init(c) memset(c, 0, sizeof(mls_range_t))
+
+static inline int mls_context_cpy(context_struct_t * dst, 
+				  context_struct_t * src)
+{
+	(dst)->range.level[0].sens = (src)->range.level[0].sens;
+	if (!ebitmap_cpy(&(dst)->range.level[0].cat, &(src)->range.level[0].cat))
+		return -ENOMEM;
+	(dst)->range.level[1].sens = (src)->range.level[1].sens;
+	if (!ebitmap_cpy(&(dst)->range.level[1].cat, &(src)->range.level[1].cat)) {
+		ebitmap_destroy(&(dst)->range.level[0].cat);
+		return -ENOMEM;
+	}
+	return 0;
+}
+
+#define mls_context_cmp(c1,c2) \
+(((c1)->range.level[0].sens == (c2)->range.level[0].sens) && \
+ ebitmap_cmp(&(c1)->range.level[0].cat,&(c2)->range.level[0].cat) && \
+ ((c1)->range.level[1].sens == (c2)->range.level[1].sens) && \
+ ebitmap_cmp(&(c1)->range.level[1].cat,&(c2)->range.level[1].cat))
+
+#define mls_context_destroy(c) \
+do { \
+	ebitmap_destroy(&(c)->range.level[0].cat); \
+	ebitmap_destroy(&(c)->range.level[1].cat); \
+        memset(c, 0, sizeof(mls_range_t)); \
+} while (0)
+
+#else
+
+#define mls_context_init(c)
+#define mls_context_cpy(dst,src) 0
+#define mls_context_destroy(c)
+#define mls_context_cmp(c1,c2) 1
+
+#endif
+
+
+#define context_init(c) memset(c, 0, sizeof(context_struct_t))
+
+static inline int context_cpy(context_struct_t * dst,
+			      context_struct_t * src)
+{
+	(dst)->user = (src)->user;
+	(dst)->role = (src)->role;
+	(dst)->type = (src)->type;
+	return mls_context_cpy(dst, src);
+}
+
+
+#define context_destroy(c) \
+do { \
+	(c)->user = 0; \
+	(c)->role = 0; \
+	(c)->type = 0; \
+	mls_context_destroy(c); \
+} while (0)
+
+static inline int context_cmp(context_struct_t * c1,
+			      context_struct_t * c2)
+{
+	return (((c1)->user == (c2)->user) &&
+		((c1)->role == (c2)->role) &&
+		((c1)->type == (c2)->type) &&
+		mls_context_cmp(c1, c2));
+}
+
+#endif	/* _CONTEXT_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/ebitmap.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,375 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/* 
+ * Implementation of the extensible bitmap type.
+ */
+
+#include "ebitmap.h"
+
+int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
+{
+	ebitmap_node_t *n1, *n2, *new, *prev;
+
+
+	ebitmap_init(dst);
+
+	n1 = e1->node;
+	n2 = e2->node;
+	prev = 0;
+	while (n1 || n2) {
+		new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+		if (!new) {
+			ebitmap_destroy(dst);
+			return FALSE;
+		}
+		memset(new, 0, sizeof(ebitmap_node_t));
+		if (n1 && n2 && n1->startbit == n2->startbit) {
+			new->startbit = n1->startbit;
+			new->map = n1->map | n2->map;
+			n1 = n1->next;
+			n2 = n2->next;
+		} else if (!n2 || (n1 && n1->startbit < n2->startbit)) {
+			new->startbit = n1->startbit;
+			new->map = n1->map;
+			n1 = n1->next;
+		} else {
+			new->startbit = n2->startbit;
+			new->map = n2->map;
+			n2 = n2->next;
+		}
+
+		new->next = 0;
+		if (prev)
+			prev->next = new;
+		else
+			dst->node = new;
+		prev = new;
+	}
+
+	dst->highbit = (e1->highbit > e2->highbit) ? e1->highbit : e2->highbit;
+	return TRUE;
+}
+
+
+int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2)
+{
+	ebitmap_node_t *n1, *n2;
+
+
+	if (e1->highbit != e2->highbit)
+		return FALSE;
+
+	n1 = e1->node;
+	n2 = e2->node;
+	while (n1 && n2 &&
+	       (n1->startbit == n2->startbit) &&
+	       (n1->map == n2->map)) {
+		n1 = n1->next;
+		n2 = n2->next;
+	}
+
+	if (n1 || n2)
+		return FALSE;
+
+	return TRUE;
+}
+
+
+int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src)
+{
+	ebitmap_node_t *n, *new, *prev;
+
+
+	ebitmap_init(dst);
+	n = src->node;
+	prev = 0;
+	while (n) {
+		new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+		if (!new) {
+			ebitmap_destroy(dst);
+			return FALSE;
+		}
+		memset(new, 0, sizeof(ebitmap_node_t));
+		new->startbit = n->startbit;
+		new->map = n->map;
+		new->next = 0;
+		if (prev)
+			prev->next = new;
+		else
+			dst->node = new;
+		prev = new;
+		n = n->next;
+	}
+
+	dst->highbit = src->highbit;
+	return TRUE;
+}
+
+
+int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2)
+{
+	ebitmap_node_t *n1, *n2;
+
+
+	if (e1->highbit < e2->highbit)
+		return FALSE;
+
+	n1 = e1->node;
+	n2 = e2->node;
+	while (n1 && n2 && (n1->startbit <= n2->startbit)) {
+		if (n1->startbit < n2->startbit) {
+			n1 = n1->next;
+			continue;
+		}
+		if ((n1->map & n2->map) != n2->map)
+			return FALSE;
+
+		n1 = n1->next;
+		n2 = n2->next;
+	}
+
+	if (n2)
+		return FALSE;
+
+	return TRUE;
+}
+
+
+int ebitmap_get_bit(ebitmap_t * e, unsigned long bit)
+{
+	ebitmap_node_t *n;
+
+
+	if (e->highbit < bit)
+		return FALSE;
+
+	n = e->node;
+	while (n && (n->startbit <= bit)) {
+		if ((n->startbit + MAPSIZE) > bit) {
+			if (n->map & (MAPBIT << (bit - n->startbit)))
+				return TRUE;
+			else
+				return FALSE;
+		}
+		n = n->next;
+	}
+
+	return FALSE;
+}
+
+
+int ebitmap_set_bit(ebitmap_t * e, unsigned long bit, int value)
+{
+	ebitmap_node_t *n, *prev, *new;
+
+
+	prev = 0;
+	n = e->node;
+	while (n && n->startbit <= bit) {
+		if ((n->startbit + MAPSIZE) > bit) {
+			if (value) {
+				n->map |= (MAPBIT << (bit - n->startbit));
+			} else {
+				n->map &= ~(MAPBIT << (bit - n->startbit));
+				if (!n->map) {
+					/* drop this node from the bitmap */
+
+					if (!n->next) {
+						/*
+						 * this was the highest map
+						 * within the bitmap
+						 */
+						if (prev)
+							e->highbit = prev->startbit + MAPSIZE;
+						else
+							e->highbit = 0;
+					}
+					if (prev)
+						prev->next = n->next;
+					else
+						e->node = n->next;
+
+					free(n);
+				}
+			}
+			return TRUE;
+		}
+		prev = n;
+		n = n->next;
+	}
+
+	if (!value)
+		return TRUE;
+
+	new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+	if (!new)
+		return FALSE;
+	memset(new, 0, sizeof(ebitmap_node_t));
+
+	new->startbit = bit & ~(MAPSIZE - 1);
+	new->map = (MAPBIT << (bit - new->startbit));
+
+	if (!n)
+		/* this node will be the highest map within the bitmap */
+		e->highbit = new->startbit + MAPSIZE;
+
+	if (prev) {
+		new->next = prev->next;
+		prev->next = new;
+	} else {
+		new->next = e->node;
+		e->node = new;
+	}
+
+	return TRUE;
+}
+
+
+void ebitmap_destroy(ebitmap_t * e)
+{
+	ebitmap_node_t *n, *temp;
+
+
+	if (!e)
+		return;
+
+	n = e->node;
+	while (n) {
+		temp = n;
+		n = n->next;
+		free(temp);
+	}
+
+	e->highbit = 0;
+	e->node = 0;
+	return;
+}
+
+
+int ebitmap_read(ebitmap_t * e, FILE * fp)
+{
+	ebitmap_node_t *n, *l;
+	__u32 buf[32], mapsize, count, i;
+	__u64 map;
+	size_t items;
+
+
+	ebitmap_init(e);
+
+	items = fread(buf, sizeof(__u32), 3, fp);
+	if (items != 3)
+		return FALSE;
+	mapsize = le32_to_cpu(buf[0]);
+	e->highbit = le32_to_cpu(buf[1]);
+	count = le32_to_cpu(buf[2]);
+
+	if (mapsize != MAPSIZE) {
+		printf("security: ebitmap: map size %d does not match my size %d (high bit was %d)\n", mapsize, MAPSIZE, e->highbit);
+		return FALSE;
+	}
+	if (!e->highbit) {
+		e->node = NULL;
+		return TRUE;
+	}
+	if (e->highbit & (MAPSIZE - 1)) {
+		printf("security: ebitmap: high bit (%d) is not a multiple of the map size (%d)\n", e->highbit, MAPSIZE);
+		goto bad;
+	}
+	l = NULL;
+	for (i = 0; i < count; i++) {
+		items = fread(buf, sizeof(__u32), 1, fp);
+		if (items != 1) {
+			printf("security: ebitmap: truncated map\n");
+			goto bad;
+		}
+		n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+		if (!n) {
+			printf("security: ebitmap: out of memory\n");
+			goto bad;
+		}
+		memset(n, 0, sizeof(ebitmap_node_t));
+
+		n->startbit = le32_to_cpu(buf[0]);
+
+		if (n->startbit & (MAPSIZE - 1)) {
+			printf("security: ebitmap start bit (%d) is not a multiple of the map size (%d)\n", n->startbit, MAPSIZE);
+			goto bad_free;
+		}
+		if (n->startbit > (e->highbit - MAPSIZE)) {
+			printf("security: ebitmap start bit (%d) is beyond the end of the bitmap (%d)\n", n->startbit, (e->highbit - MAPSIZE));
+			goto bad_free;
+		}
+		items = fread(&map, sizeof(__u64), 1, fp);
+		if (items != 1) {
+			printf("security: ebitmap: truncated map\n");
+			goto bad_free;
+		}
+		n->map = le64_to_cpu(map);
+
+		if (!n->map) {
+			printf("security: ebitmap: null map in ebitmap (startbit %d)\n", n->startbit);
+			goto bad_free;
+		}
+		if (l) {
+			if (n->startbit <= l->startbit) {
+				printf("security: ebitmap: start bit %d comes after start bit %d\n", n->startbit, l->startbit);
+				goto bad_free;
+			}
+			l->next = n;
+		} else
+			e->node = n;
+
+		l = n;
+	}
+
+	return TRUE;
+
+      bad_free:
+	free(n);
+      bad:
+	ebitmap_destroy(e);
+	return FALSE;
+}
+
+
+#ifndef __KERNEL__
+int ebitmap_write(ebitmap_t * e, FILE * fp)
+{
+	ebitmap_node_t *n;
+	__u32 buf[32], bit, count;
+	__u64 map;
+	size_t items;
+
+	buf[0] = cpu_to_le32(MAPSIZE);
+	buf[1] = cpu_to_le32(e->highbit);
+
+	count = 0;
+	for (n = e->node; n; n = n->next)
+		count++;
+	buf[2] = cpu_to_le32(count);
+
+	items = fwrite(buf, sizeof(__u32), 3, fp);
+	if (items != 3)
+		return FALSE;
+
+	for (n = e->node; n; n = n->next) {
+		bit = cpu_to_le32(n->startbit);
+		items = fwrite(&bit, sizeof(__u32), 1, fp);
+		if (items != 1)
+			return FALSE;
+		map = cpu_to_le64(n->map);
+		items = fwrite(&map, sizeof(__u64), 1, fp);
+		if (items != 1)
+			return FALSE;
+
+	}
+
+	return TRUE;
+}
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/ebitmap.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,67 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * An extensible bitmap is a bitmap that supports an 
+ * arbitrary number of bits.  Extensible bitmaps are
+ * used to represent sets of values, such as types,
+ * roles, categories, and classes.
+ *
+ * Each extensible bitmap is implemented as a linked
+ * list of bitmap nodes, where each bitmap node has
+ * an explicitly specified starting bit position within
+ * the total bitmap.
+ */
+
+#ifndef _EBITMAP_H_
+#define _EBITMAP_H_
+
+#define MAPTYPE __u64			/* portion of bitmap in each node */
+#define MAPSIZE (sizeof(MAPTYPE) * 8)	/* number of bits in node bitmap */
+#define MAPBIT  1ULL			/* a bit in the node bitmap */
+
+typedef struct ebitmap_node {
+	__u32 startbit;		/* starting position in the total bitmap */
+	MAPTYPE map;		/* this node's portion of the bitmap */
+	struct ebitmap_node *next;
+} ebitmap_node_t;
+
+typedef struct ebitmap {
+	ebitmap_node_t *node;	/* first node in the bitmap */
+	__u32 highbit;	/* highest position in the total bitmap */
+} ebitmap_t;
+
+
+#define ebitmap_length(e) ((e)->highbit)
+#define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0)
+
+#define ebitmap_init(e) memset(e, 0, sizeof(ebitmap_t))
+
+/*
+ * All of the non-void functions return TRUE or FALSE.
+ * Contrary to typical usage, nonzero (TRUE) is returned
+ * on success and zero (FALSE) is returned on failure.
+ * These functions should be changed to use more conventional 
+ * return codes.  TBD.
+ */
+#define FALSE 0
+#define TRUE 1
+
+int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src);
+int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2);
+int ebitmap_get_bit(ebitmap_t * e, unsigned long bit);
+int ebitmap_set_bit(ebitmap_t * e, unsigned long bit, int value);
+void ebitmap_destroy(ebitmap_t * e);
+int ebitmap_read(ebitmap_t * e, FILE * fp);
+#ifndef __KERNEL__
+int ebitmap_write(ebitmap_t * e, FILE * fp);
+#endif
+
+#endif	/* _EBITMAP_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/global.h b/security/selinux/ss/global.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/global.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,148 @@
+
+/*
+ * Author:  Stephen Smalley (NAI Labs), <ssmalley@nai.com>
+ */
+
+/* FLASK */
+
+/* 
+ * Global definitions that are included at the beginning
+ * of every file using the -include directive.
+ *
+ * These definitions are used to permit the same
+ * source code to be used to build both the security
+ * server component of the kernel and the checkpolicy
+ * program.
+ */
+
+#ifndef __SS_GLOBAL_H
+#define __SS_GLOBAL_H
+/*
+ * This variable is set to one when the security server
+ * has completed initialization.
+ */
+extern int ss_initialized;
+
+#ifndef __KERNEL__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <byteswap.h>
+#include <endian.h>
+#include <linux/config.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/security.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/av_permissions.h>
+
+#define NIPQUAD(addr) \
+	((unsigned char *)&addr)[0], \
+	((unsigned char *)&addr)[1], \
+	((unsigned char *)&addr)[2], \
+	((unsigned char *)&addr)[3]
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define cpu_to_le32(x) (x)
+#define le32_to_cpu(x) (x)
+#define cpu_to_le64(x) (x)
+#define le64_to_cpu(x) (x)
+#else
+#define cpu_to_le32(x) bswap_32(x)
+#define le32_to_cpu(x) bswap_32(x)
+#define cpu_to_le64(x) bswap_64(x)
+#define le64_to_cpu(x) bswap_64(x)
+#endif
+
+#define wmb() 
+
+#else
+
+#include <linux/kernel.h>	/* printk */
+#include <linux/slab.h>		/* kmalloc, kfree */
+#include <linux/fs.h>		/* read, write, open */
+#include <linux/file.h>
+#include <linux/string.h>	/* strcpy, strncpy, strcmp */
+#include <linux/in.h>		/* IPPROTO_* */
+#include <linux/ctype.h>
+#include <linux/flask/flask.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/avc_ss.h>
+#include <linux/flask/security.h>
+#include <asm/system.h>
+#include <linux/spinlock.h>
+#include <asm/uaccess.h>
+#include "selinux_plug.h"
+
+#define malloc(size) kmalloc(size, SAFE_ALLOC)
+#define free(ptr) kfree(ptr)
+
+typedef struct file FILE;
+
+static inline FILE *fopen(char *path, char *type)
+{
+	struct nameidata nd;
+	struct file *file;
+	int err = 0;
+
+	if (strcmp(type, "r"))
+		panic("fopen");
+
+	if (path_init(path, LOOKUP_FOLLOW | LOOKUP_POSITIVE, &nd)) 
+		err = path_walk(path, &nd);
+	if (err)
+		return NULL;
+
+	if (!ss_initialized)
+		inode_security_set_sid(nd.dentry->d_inode,SECINITSID_POLICY);
+
+	if (!S_ISREG(nd.dentry->d_inode->i_mode)) 
+		goto bad;
+
+	file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
+	if (IS_ERR(file))
+		return NULL;
+	else 
+		return file;
+
+bad:
+	path_release(&nd);
+	return NULL;
+}
+
+
+static inline int fclose(FILE * stream)
+{
+	fput(stream);
+	return 0;
+}
+
+
+static inline ssize_t fread(void *buf, size_t size, size_t nitems, FILE * fp)
+{
+	mm_segment_t old_fs;
+	ssize_t rc;
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	rc = (fp)->f_op->read((fp), (buf), (nitems * size), &(fp)->f_pos);
+	set_fs(old_fs);
+	if (rc > 0)
+		return (rc / size);
+	return 0;
+}
+
+#define printf printk
+
+#define exit(error_code) panic("SS: exiting (%d)",error_code)
+
+#endif
+
+#endif /* __SS_GLOBAL_H */
diff --minimal -Nru a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/hashtab.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,310 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the hash table type.
+ */
+
+#include "hashtab.h"
+
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+						     hashtab_key_t key),
+			 int (*keycmp) (hashtab_t h,
+					hashtab_key_t key1,
+					hashtab_key_t key2),
+			 unsigned int size)
+{
+	hashtab_t p;
+	int i;
+
+
+	p = (hashtab_t) malloc(sizeof(hashtab_val_t));
+	if (p == NULL)
+		return p;
+
+	memset(p, 0, sizeof(hashtab_val_t));
+	p->size = size;
+	p->nel = 0;
+	p->hash_value = hash_value;
+	p->keycmp = keycmp;
+	p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size);
+	if (p->htable == NULL) {
+		free(p);
+		return NULL;
+	}
+	for (i = 0; i < size; i++)
+		p->htable[i] = (hashtab_ptr_t) NULL;
+
+	return p;
+}
+
+
+int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
+{
+	int hvalue;
+	hashtab_ptr_t prev, cur, newnode;
+
+
+	if (!h)
+		return HASHTAB_OVERFLOW;
+
+	hvalue = h->hash_value(h, key);
+	prev = NULL;
+	cur = h->htable[hvalue];
+	while (cur && h->keycmp(h, key, cur->key) > 0) {
+		prev = cur;
+		cur = cur->next;
+	} 
+
+	if (cur && (h->keycmp(h, key, cur->key) == 0))
+		return HASHTAB_PRESENT;
+
+	newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+	if (newnode == NULL)
+		return HASHTAB_OVERFLOW;
+	memset(newnode, 0, sizeof(struct hashtab_node));
+	newnode->key = key;
+	newnode->datum = datum;
+	if (prev) {
+		newnode->next = prev->next;
+		prev->next = newnode;
+	} else {
+		newnode->next = h->htable[hvalue];
+		h->htable[hvalue] = newnode;
+	}
+
+	h->nel++;
+	return HASHTAB_SUCCESS;
+}
+
+
+int hashtab_remove(hashtab_t h, hashtab_key_t key,
+		   void (*destroy) (hashtab_key_t k,
+				    hashtab_datum_t d,
+				    void *args),
+		   void *args)
+{
+	int hvalue;
+	hashtab_ptr_t cur, last;
+
+
+	if (!h)
+		return HASHTAB_MISSING;
+
+	hvalue = h->hash_value(h, key);
+	last = NULL;
+	cur = h->htable[hvalue];
+	while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+		last = cur;
+		cur = cur->next;
+	}
+
+	if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+		return HASHTAB_MISSING;
+
+	if (last == NULL)
+		h->htable[hvalue] = cur->next;
+	else
+		last->next = cur->next;
+
+	if (destroy)
+		destroy(cur->key, cur->datum, args);
+	free(cur);
+	h->nel--;
+	return HASHTAB_SUCCESS;
+}
+
+
+int hashtab_replace(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum,
+		    void (*destroy) (hashtab_key_t k,
+				     hashtab_datum_t d,
+				     void *args),
+		    void *args)
+{
+	int hvalue;
+	hashtab_ptr_t prev, cur, newnode;
+
+
+	if (!h)
+		return HASHTAB_OVERFLOW;
+
+	hvalue = h->hash_value(h, key);
+	prev = NULL;
+	cur = h->htable[hvalue];
+	while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+		prev = cur;
+		cur = cur->next;
+	}
+
+	if (cur && (h->keycmp(h, key, cur->key) == 0)) {
+		if (destroy)
+			destroy(cur->key, cur->datum, args);
+		cur->key = key;
+		cur->datum = datum;
+	} else {
+		newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+		if (newnode == NULL)
+			return HASHTAB_OVERFLOW;
+		memset(newnode, 0, sizeof(struct hashtab_node));
+		newnode->key = key;
+		newnode->datum = datum;
+		if (prev) {
+			newnode->next = prev->next;
+			prev->next = newnode;
+		} else {
+			newnode->next = h->htable[hvalue];
+			h->htable[hvalue] = newnode;
+		}
+	}
+
+	return HASHTAB_SUCCESS;
+}
+
+
+hashtab_datum_t
+hashtab_search(hashtab_t h, hashtab_key_t key)
+{
+	int hvalue;
+	hashtab_ptr_t cur;
+
+
+	if (!h)
+		return NULL;
+
+	hvalue = h->hash_value(h, key);
+	cur = h->htable[hvalue];
+	while (cur != NULL && h->keycmp(h, key, cur->key) > 0)
+		cur = cur->next;
+
+	if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+		return NULL;
+
+	return cur->datum;
+}
+
+
+void hashtab_destroy(hashtab_t h)
+{
+	int i;
+	hashtab_ptr_t cur, temp;
+
+
+	if (!h)
+		return;
+
+	for (i = 0; i < h->size; i++) {
+		cur = h->htable[i];
+		while (cur != NULL) {
+			temp = cur;
+			cur = cur->next;
+			free(temp);
+		}
+		h->htable[i] = NULL;
+	}
+
+	free(h->htable);
+	h->htable = NULL;
+
+	free(h);
+}
+
+
+int hashtab_map(hashtab_t h,
+		int (*apply) (hashtab_key_t k,
+			      hashtab_datum_t d,
+			      void *args),
+		void *args)
+{
+	int i, ret;
+	hashtab_ptr_t cur;
+
+
+	if (!h)
+		return HASHTAB_SUCCESS;
+
+	for (i = 0; i < h->size; i++) {
+		cur = h->htable[i];
+		while (cur != NULL) {
+			ret = apply(cur->key, cur->datum, args);
+			if (ret)
+				return ret;
+			cur = cur->next;
+		}
+	}
+	return HASHTAB_SUCCESS;
+}
+
+
+void hashtab_map_remove_on_error(hashtab_t h,
+				 int (*apply) (hashtab_key_t k,
+					       hashtab_datum_t d,
+					       void *args),
+				 void (*destroy) (hashtab_key_t k,
+						  hashtab_datum_t d,
+						  void *args),
+				 void *args)
+{
+	int i, ret;
+	hashtab_ptr_t last, cur, temp;
+
+
+	if (!h)
+		return;
+
+	for (i = 0; i < h->size; i++) {
+		last = NULL;
+		cur = h->htable[i];
+		while (cur != NULL) {
+			ret = apply(cur->key, cur->datum, args);
+			if (ret) {
+				if (last) {
+					last->next = cur->next;
+				} else {
+					h->htable[i] = cur->next;
+				}
+
+				temp = cur;
+				cur = cur->next;
+				if (destroy)
+					destroy(temp->key, temp->datum, args);
+				free(temp);
+				h->nel--;
+			} else {
+				last = cur;
+				cur = cur->next;
+			}
+		}
+	}
+
+	return;
+}
+
+void hashtab_hash_eval(hashtab_t h, char *tag)
+{
+	int i, chain_len, slots_used, max_chain_len;
+	hashtab_ptr_t cur;
+
+
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < h->size; i++) {
+		cur = h->htable[i];
+		if (cur) {
+			slots_used++;
+			chain_len = 0;
+			while (cur) {
+				chain_len++;
+				cur = cur->next;
+			}
+
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	printf("%s:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, h->nel, slots_used, h->size, max_chain_len);
+}
+
diff --minimal -Nru a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/hashtab.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,144 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A hash table (hashtab) maintains associations between
+ * key values and datum values.  The type of the key values 
+ * and the type of the datum values is arbitrary.  The
+ * functions for hash computation and key comparison are
+ * provided by the creator of the table.
+ */
+
+#ifndef _HASHTAB_H_
+#define _HASHTAB_H_
+
+typedef char *hashtab_key_t;	/* generic key type */
+typedef void *hashtab_datum_t;	/* generic datum type */
+
+typedef struct hashtab_node *hashtab_ptr_t;
+
+typedef struct hashtab_node {
+	hashtab_key_t key;
+	hashtab_datum_t datum;
+	hashtab_ptr_t next;	
+} hashtab_node_t;
+
+typedef struct hashtab_val {
+	hashtab_ptr_t *htable; /* hash table */
+	unsigned int size; /* number of slots in hash table */
+	__u32 nel;  	  /* number of elements in hash table */
+	unsigned int (*hash_value) (struct hashtab_val *h, hashtab_key_t key); /* hash function */
+	int (*keycmp) (struct hashtab_val *h, hashtab_key_t key1, hashtab_key_t key2); /* key comparison function */
+} hashtab_val_t;
+
+
+typedef hashtab_val_t *hashtab_t;
+
+/* Define status codes for hash table functions */
+#define HASHTAB_SUCCESS     0
+#define HASHTAB_OVERFLOW    -ENOMEM
+#define HASHTAB_PRESENT     -EEXIST
+#define HASHTAB_MISSING     -ENOENT
+
+/*
+   Creates a new hash table with the specified characteristics.
+
+   Returns NULL if insufficent space is available or
+   the new hash table otherwise.
+ */
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+						     hashtab_key_t key),
+			 int (*keycmp) (hashtab_t h,
+					hashtab_key_t key1,
+					hashtab_key_t key2),
+			 unsigned int size);
+
+/*
+   Inserts the specified (key, datum) pair into the specified hash table.
+
+   Returns HASHTAB_OVERFLOW if insufficient space is available or
+   HASHTAB_PRESENT  if there is already an entry with the same key or
+   HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_insert(hashtab_t h, hashtab_key_t k, hashtab_datum_t d);
+
+/*
+   Removes the entry with the specified key from the hash table.
+   Applies the specified destroy function to (key,datum,args) for
+   the entry.
+
+   Returns HASHTAB_MISSING if no entry has the specified key or
+   HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_remove(hashtab_t h, hashtab_key_t k,
+		   void (*destroy) (hashtab_key_t k,
+				    hashtab_datum_t d,
+				    void *args),
+		   void *args);
+
+/*
+   Insert or replace the specified (key, datum) pair in the specified
+   hash table.  If an entry for the specified key already exists,
+   then the specified destroy function is applied to (key,datum,args)
+   for the entry prior to replacing the entry's contents.
+
+   Returns HASHTAB_OVERFLOW if insufficient space is available or
+   HASHTAB_SUCCESS otherwise.
+ */
+int hashtab_replace(hashtab_t h, hashtab_key_t k, hashtab_datum_t d,
+		    void (*destroy) (hashtab_key_t k,
+				     hashtab_datum_t d,
+				     void *args),
+		    void *args);
+
+/*
+   Searches for the entry with the specified key in the hash table.
+
+   Returns NULL if no entry has the specified key or
+   the datum of the entry otherwise.
+ */
+hashtab_datum_t hashtab_search(hashtab_t h, hashtab_key_t k);
+
+/*
+   Destroys the specified hash table.
+ */
+void hashtab_destroy(hashtab_t h);
+
+/*
+   Applies the specified apply function to (key,datum,args)
+   for each entry in the specified hash table.
+
+   The order in which the function is applied to the entries
+   is dependent upon the internal structure of the hash table.
+
+   If apply returns a non-zero status, then hashtab_map will cease
+   iterating through the hash table and will propagate the error
+   return to its caller.
+ */
+int hashtab_map(hashtab_t h,
+		int (*apply) (hashtab_key_t k,
+			      hashtab_datum_t d,
+			      void *args),
+		void *args);
+
+/*
+   Same as hashtab_map, except that if apply returns a non-zero status,
+   then the (key,datum) pair will be removed from the hashtab and the
+   destroy function will be applied to (key,datum,args).
+ */
+void hashtab_map_remove_on_error(hashtab_t h,
+				 int (*apply) (hashtab_key_t k,
+					       hashtab_datum_t d,
+					       void *args),
+				 void (*destroy) (hashtab_key_t k,
+						  hashtab_datum_t d,
+						  void *args),
+				 void *args);
+
+void hashtab_hash_eval(hashtab_t h, char *tag);
+
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/init.c b/security/selinux/ss/init.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/init.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,43 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/* 
+ * Initialize the security server by reading the policy
+ * database and initializing the SID table.
+ */
+
+#include "policydb.h"
+#include "services.h"
+
+char *policyfile = "/ss_policy";
+
+int security_init(void)
+{
+	FILE *fp;
+	int rc;
+
+	printf("security:  starting up (compiled " __DATE__ ")\n");
+	printf("security:  loading policy configuration from %s\n", policyfile);
+
+	fp = fopen(policyfile, "r");
+	if (!fp) {
+		printf("security:  unable to open %s, cannot initialize.\n", policyfile);
+		return -EINVAL;
+	}
+	
+	rc = security_load_policy(fp);
+	if (rc) {
+		printf("security:  error while loading %s, cannot initialize.\n", policyfile);
+		fclose(fp);
+		return -EINVAL;
+	}
+
+	fclose(fp);
+
+	return 0;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,871 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/* 
+ * Implementation of the multi-level security (MLS) policy.
+ */
+
+#include "mls.h"
+
+/*
+ * Remove any permissions from `allowed' that are
+ * denied by the MLS policy.
+ */
+void mls_compute_av(context_struct_t * scontext,
+		    context_struct_t * tcontext,
+		    class_datum_t * tclass,
+		    access_vector_t * allowed)
+{
+	unsigned int rel[2];
+	int l;
+
+	for (l = 0; l < 2; l++)
+		rel[l] = mls_level_relation(scontext->range.level[l],
+					    tcontext->range.level[l]);
+
+	if (rel[1] != MLS_RELATION_EQ) {
+		if (rel[1] != MLS_RELATION_DOM)
+			/* read(s,t) = (s.high >= t.high) = False */
+			*allowed = (*allowed) & ~(tclass->mlsperms.read);
+		if (rel[1] != MLS_RELATION_DOMBY)
+			/* readby(s,t) = read(t,s) = False */
+			*allowed = (*allowed) & ~(tclass->mlsperms.readby);
+	}
+	if ((rel[0] != MLS_RELATION_DOMBY && rel[0] != MLS_RELATION_EQ) ||
+	    ((!mls_level_eq(tcontext->range.level[0],
+			    tcontext->range.level[1])) &&
+	     (rel[1] != MLS_RELATION_DOM && rel[1] != MLS_RELATION_EQ)))
+		/*
+		 * write(s,t) = ((s.low <= t.low = t.high) or (s.low
+		 * <= t.low <= t.high <= s.high)) = False
+		 */
+		*allowed = (*allowed) & ~(tclass->mlsperms.write);
+
+	if ((rel[0] != MLS_RELATION_DOM && rel[0] != MLS_RELATION_EQ) ||
+	    ((!mls_level_eq(scontext->range.level[0],
+			    scontext->range.level[1])) &&
+	     (rel[1] != MLS_RELATION_DOMBY && rel[1] != MLS_RELATION_EQ)))
+		/* writeby(s,t) = write(t,s) = False */
+		*allowed = (*allowed) & ~(tclass->mlsperms.writeby);
+
+}
+
+
+/*
+ * Return the length in bytes for the MLS fields of the
+ * security context string representation of `context'.
+ */
+int mls_compute_context_len(context_struct_t * context)
+{
+	int i, l, len;
+
+
+	len = 0;
+	for (l = 0; l < 2; l++) {
+		len += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]) + 1;
+
+		for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++)
+			if (ebitmap_get_bit(&context->range.level[l].cat, i - 1))
+				len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1;
+
+		if (mls_level_relation(context->range.level[0], context->range.level[1]) == MLS_RELATION_EQ)
+			break;
+	}
+
+	return len;
+}
+
+
+/*
+ * Write the security context string representation of 
+ * the MLS fields of `context' into the string `*scontext'.
+ * Update `*scontext' to point to the end of the MLS fields.
+ */
+int mls_sid_to_context(context_struct_t * context,
+		       char **scontext)
+{
+	char *scontextp;
+	int i, l;
+
+
+	scontextp = *scontext;
+
+	for (l = 0; l < 2; l++) {
+		strcpy(scontextp,
+		       policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
+		scontextp += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
+		*scontextp = ':';
+		scontextp++;
+		for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++)
+			if (ebitmap_get_bit(&context->range.level[l].cat, i - 1)) {
+				strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]);
+				scontextp += strlen(policydb.p_cat_val_to_name[i - 1]);
+				*scontextp = ',';
+				scontextp++;
+			}
+		if (mls_level_relation(context->range.level[0], context->range.level[1]) != MLS_RELATION_EQ) {
+			scontextp--;
+			sprintf(scontextp, "-");
+			scontextp++;
+
+		} else {
+			break;
+		}
+	}
+
+	*scontext = scontextp;
+	return 0;
+}
+
+
+/*
+ * Return TRUE if the MLS fields in the security context 
+ * structure `c' are valid.  Return FALSE otherwise.
+ */
+int mls_context_isvalid(policydb_t *p, context_struct_t * c)
+{
+	unsigned int relation;
+	level_datum_t *levdatum;
+	user_datum_t *usrdatum;
+	mls_range_list_t *rnode;
+	int i, l;
+
+	/*  
+	 * MLS range validity checks: high must dominate low, low level must 
+	 * be valid (category set <-> sensitivity check), and high level must 
+	 * be valid (category set <-> sensitivity check)
+	 */
+	relation = mls_level_relation(c->range.level[1],
+				      c->range.level[0]);
+	if (!(relation & (MLS_RELATION_DOM | MLS_RELATION_EQ)))
+		/* High does not dominate low. */
+		return FALSE;
+
+	for (l = 0; l < 2; l++) {
+		if (!c->range.level[l].sens || c->range.level[l].sens > p->p_levels.nprim)
+			return FALSE;
+		levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
+		p->p_sens_val_to_name[c->range.level[l].sens - 1]);
+		if (!levdatum)
+			return FALSE;
+
+		for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
+			if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
+				if (i > p->p_cats.nprim)
+					return FALSE;
+				if (!ebitmap_get_bit(&levdatum->level->cat, i - 1))
+					/*
+					 * Category may not be associated with
+					 * sensitivity in low level.
+					 */
+					return FALSE;
+			}
+		}
+	}
+
+	if (c->role == OBJECT_R_VAL) 
+		return TRUE;
+
+	/*
+	 * User must be authorized for the MLS range.
+	 */
+	if (!c->user || c->user > p->p_users.nprim)
+		return FALSE;
+	usrdatum = p->user_val_to_struct[c->user - 1];
+	for (rnode = usrdatum->ranges; rnode; rnode = rnode->next) {
+		if (mls_range_contains(rnode->range, c->range))
+			break;
+	}
+	if (!rnode)
+		/* user may not be associated with range */
+		return FALSE;
+
+	return TRUE;
+}
+
+
+/*
+ * Set the MLS fields in the security context structure
+ * `context' based on the string representation in
+ * the string `*scontext'.  Update `*scontext' to
+ * point to the end of the string representation of
+ * the MLS fields.  
+ *
+ * This function modifies the string in place, inserting
+ * NULL characters to terminate the MLS fields. 
+ */
+int mls_context_to_sid(char oldc,
+		       char **scontext,
+		       context_struct_t * context)
+{
+
+	char delim;
+	char *scontextp, *p;
+	level_datum_t *levdatum;
+	cat_datum_t *catdatum;
+	int l;
+
+	if (!oldc) {
+		/* No MLS component to the security context.  Try
+		   to use a default 'unclassified' value. */
+		levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
+							    (hashtab_key_t) "unclassified");
+		
+		if (!levdatum)
+			return -EINVAL;
+		context->range.level[0].sens = levdatum->level->sens;
+		context->range.level[1].sens = context->range.level[0].sens;
+		return 0;
+	}
+
+	/* Extract low sensitivity. */
+	scontextp = p = *scontext;
+	while (*p && *p != ':' && *p != '-')
+		p++;
+
+	delim = *p;
+	if (delim != 0)
+		*p++ = 0;
+
+	for (l = 0; l < 2; l++) {
+		levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
+					      (hashtab_key_t) scontextp);
+
+		if (!levdatum)
+			return -EINVAL;
+
+		context->range.level[l].sens = levdatum->level->sens;
+
+		if (delim == ':') {
+			/* Extract low category set. */
+			while (1) {
+				scontextp = p;
+				while (*p && *p != ',' && *p != '-')
+					p++;
+				delim = *p;
+				if (delim != 0)
+					*p++ = 0;
+
+				catdatum = (cat_datum_t *) hashtab_search(policydb.p_cats.table,
+					      (hashtab_key_t) scontextp);
+
+				if (!catdatum)
+					return -EINVAL;
+
+				if (!ebitmap_set_bit(&context->range.level[l].cat,
+					      catdatum->value - 1, TRUE))
+					return -ENOMEM;
+				if (delim != ',')
+					break;
+			}
+		}
+		if (delim == '-') {
+			/* Extract high sensitivity. */
+			scontextp = p;
+			while (*p && *p != ':')
+				p++;
+
+			delim = *p;
+			if (delim != 0)
+				*p++ = 0;
+		} else
+			break;
+	}
+
+	if (l == 0) {
+		context->range.level[1].sens = context->range.level[0].sens;
+		ebitmap_cpy(&context->range.level[1].cat, &context->range.level[0].cat);
+	}
+	*scontext = p;
+	return 0;
+}
+
+
+/* 
+ * Copies the MLS range from `src' into `dst'.
+ */
+static inline int mls_copy_context(context_struct_t * dst,
+				   context_struct_t * src)
+{
+	int l;
+
+	/* Copy the MLS range from the source context */
+	for (l = 0; l < 2; l++) {
+		dst->range.level[l].sens = src->range.level[l].sens;
+		if (!ebitmap_cpy(&dst->range.level[l].cat, &src->range.level[l].cat))
+			return -ENOMEM;
+	}
+
+	return 0;
+}
+
+
+/* 
+ * Convert the MLS fields in the security context
+ * structure `c' from the values specified in the
+ * policy `oldp' to the values specified in the policy `newp'.
+ */
+int mls_convert_context(policydb_t * oldp,
+			policydb_t * newp,
+			context_struct_t * c)
+{
+	level_datum_t *levdatum;
+	cat_datum_t *catdatum;
+	ebitmap_t bitmap;
+	int l, i;
+
+	for (l = 0; l < 2; l++) {
+		levdatum = (level_datum_t *) hashtab_search(
+						    newp->p_levels.table,
+		   oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
+
+		if (!levdatum)
+			return -EINVAL;
+		c->range.level[l].sens = levdatum->level->sens;
+
+		ebitmap_init(&bitmap);
+		for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
+			if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
+				catdatum = (cat_datum_t *) hashtab_search(newp->p_cats.table,
+					 oldp->p_cat_val_to_name[i - 1]);
+				if (!catdatum)
+					return -EINVAL;
+				if (!ebitmap_set_bit(&bitmap, catdatum->value - 1, TRUE))
+					return -ENOMEM;
+			}
+		}
+		ebitmap_destroy(&c->range.level[l].cat);
+		c->range.level[l].cat = bitmap;
+	}
+
+	return 0;
+}
+
+int mls_compute_sid(context_struct_t *scontext,
+		    context_struct_t *tcontext,
+		    security_class_t tclass,
+		    __u32 specified,
+		    context_struct_t *newcontext)
+{
+	switch (specified) {
+	case AVTAB_TRANSITION:
+	case AVTAB_CHANGE:
+		/* Use the process MLS attributes. */
+		return mls_copy_context(newcontext, scontext);
+	case AVTAB_MEMBER:
+		/* Only polyinstantiate the MLS attributes if
+		   the type is being polyinstantiated */
+		if (newcontext->type != tcontext->type) {
+			/* Use the process MLS attributes. */
+			return mls_copy_context(newcontext, scontext);
+		} else {
+			/* Use the related object MLS attributes. */
+			return mls_copy_context(newcontext, tcontext);
+		}
+	default:
+		return -EINVAL;
+	}
+	return -EINVAL;
+}
+
+void mls_user_destroy(user_datum_t *usrdatum) 
+{
+	mls_range_list_t *rnode, *rtmp;
+	rnode = usrdatum->ranges;
+	while (rnode) {
+		rtmp = rnode;
+		rnode = rnode->next;
+		ebitmap_destroy(&rtmp->range.level[0].cat);
+		ebitmap_destroy(&rtmp->range.level[1].cat);
+		free(rtmp);
+	}
+}
+
+int mls_read_perm(perm_datum_t *perdatum, FILE *fp) 
+{
+	__u32 buf[3];
+	int items;
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+	perdatum->base_perms = le32_to_cpu(buf[0]);
+	return 0;
+}
+
+/*
+ * Read a MLS level structure from a policydb binary 
+ * representation file.
+ */
+mls_level_t *mls_read_level(FILE * fp)
+{
+	mls_level_t *l;
+	__u32 sens;
+	int items;
+
+	l = malloc(sizeof(mls_level_t));
+	if (!l) {
+		printf("security: mls: out of memory\n");
+		return NULL;
+	}
+	memset(l, 0, sizeof(mls_level_t));
+
+	items = fread(&sens, sizeof(__u32), 1, fp);
+	if (items != 1) {
+		printf("security: mls: truncated level\n");
+		goto bad;
+	}
+	l->sens = cpu_to_le32(sens);
+
+	if (!ebitmap_read(&l->cat, fp)) {
+		printf("security: mls:  error reading level categories\n");
+		goto bad;
+	}
+	return l;
+
+      bad:
+	free(l);
+	return NULL;
+}
+
+
+/*
+ * Read a MLS range structure from a policydb binary 
+ * representation file.
+ */
+
+static int mls_read_range_helper(mls_range_t *r,
+				 FILE * fp)
+{
+	__u32 buf[3];
+	int items, items2;
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+
+	items2 = le32_to_cpu(buf[0]);
+	if (items2 > (sizeof(buf) / sizeof(__u32))) {
+		printf("security: mls:  range too large\n");
+		return -1;
+	}
+	items = fread(buf, sizeof(__u32), items2, fp);
+	if (items != items2) {
+		printf("security: mls:  truncated range\n");
+		return -1;
+	}
+	r->level[0].sens = le32_to_cpu(buf[0]);
+	if (items > 1) {
+		r->level[1].sens = le32_to_cpu(buf[1]);
+	} else {
+		r->level[1].sens = r->level[0].sens;
+	}
+
+	if (!ebitmap_read(&r->level[0].cat, fp)) {
+		printf("security: mls:  error reading low categories\n");
+		return -1;
+	}
+	if (items > 1) {
+		if (!ebitmap_read(&r->level[1].cat, fp)) {
+			printf("security: mls:  error reading high categories\n");
+			goto bad_high;
+		}
+	} else {
+		if (!ebitmap_cpy(&r->level[1].cat, &r->level[0].cat)) {
+			printf("security: mls:  out of memory\n");
+			goto bad_high;
+		}
+	}
+
+	return 0;
+
+      bad_high:
+	ebitmap_destroy(&r->level[0].cat);
+	return -1;
+}
+
+int mls_read_range(context_struct_t * c,
+		   FILE * fp)
+{
+	return mls_read_range_helper(&c->range, fp);
+}
+
+
+/*
+ * Read a MLS perms structure from a policydb binary 
+ * representation file.
+ */
+int mls_read_class(class_datum_t *cladatum,
+		   FILE * fp)
+{
+	mls_perms_t * p = &cladatum->mlsperms;
+	__u32 buf[32];
+	int items;
+
+	items = fread(buf, sizeof(__u32), 4, fp);
+	if (items != 4) {
+		printf("security: mls:  truncated mls permissions\n");
+		return -1;
+	}
+	p->read = le32_to_cpu(buf[0]);
+	p->readby = le32_to_cpu(buf[1]);
+	p->write = le32_to_cpu(buf[2]);
+	p->writeby = le32_to_cpu(buf[3]);
+	return 0;
+}
+
+int mls_read_user(user_datum_t *usrdatum, FILE *fp)
+{
+	mls_range_list_t *r, *l;
+	__u32 nel, i;
+	__u32 buf[32];
+	int items;
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		goto bad;
+	nel = le32_to_cpu(buf[0]);
+	l = NULL;
+	for (i = 0; i < nel; i++) {
+		r = malloc(sizeof(mls_range_list_t));
+		if (!r)
+			goto bad;
+		memset(r, 0, sizeof(mls_range_list_t));
+
+		if (mls_read_range_helper(&r->range, fp))
+			goto bad;
+
+		if (l)
+			l->next = r;
+		else
+			usrdatum->ranges = r;
+		l = r;
+	}
+	return 0;
+ bad:
+	return -1;
+}
+
+int mls_read_nlevels(policydb_t *p, FILE *fp)
+{
+	__u32 buf[2];
+	int items;
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1) {
+		return -1;
+	}
+	p->nlevels = le32_to_cpu(buf[0]);
+	return 0;
+}
+
+int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	level_datum_t *levdatum;
+
+
+	levdatum = (level_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	if (!levdatum->isalias)
+		p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *) key;
+
+	return 0;
+}
+
+int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	cat_datum_t *catdatum;
+
+
+	catdatum = (cat_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+
+	if (!catdatum->isalias)
+		p->p_cat_val_to_name[catdatum->value - 1] = (char *) key;
+
+	return 0;
+}
+
+int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	level_datum_t *levdatum;
+
+	if (key)
+		free(key);
+	levdatum = (level_datum_t *) datum;
+	if (!levdatum->isalias) {
+		ebitmap_destroy(&levdatum->level->cat);
+		free(levdatum->level);
+	}
+	free(datum);
+	return 0;
+}
+
+int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	if (key)
+		free(key);
+	free(datum);
+	return 0;
+}
+
+int sens_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	level_datum_t *levdatum;
+	__u32 buf[32], len;
+	int items;
+
+	levdatum = malloc(sizeof(level_datum_t));
+	if (!levdatum)
+		return -1;
+	memset(levdatum, 0, sizeof(level_datum_t));
+
+	items = fread(buf, sizeof(__u32), 2, fp);
+	if (items != 2)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	levdatum->isalias = le32_to_cpu(buf[1]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	levdatum->level = mls_read_level(fp);
+	if (!levdatum->level)
+		goto bad;
+
+	if (hashtab_insert(h, key, levdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	sens_destroy(key, levdatum, NULL);
+	return -1;
+}
+
+
+int cat_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	cat_datum_t *catdatum;
+	__u32 buf[32], len;
+	int items;
+
+	catdatum = malloc(sizeof(cat_datum_t));
+	if (!catdatum)
+		return -1;
+	memset(catdatum, 0, sizeof(cat_datum_t));
+
+	items = fread(buf, sizeof(__u32), 3, fp);
+	if (items != 3)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	catdatum->value = le32_to_cpu(buf[1]);
+	catdatum->isalias = le32_to_cpu(buf[2]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (hashtab_insert(h, key, catdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	cat_destroy(key, catdatum, NULL);
+	return -1;
+}
+
+#ifndef __KERNEL__
+/*
+ * Write a MLS level structure to a policydb binary 
+ * representation file.
+ */
+int mls_write_level(mls_level_t * l,
+		    FILE * fp)
+{
+	__u32 sens;
+	int items;
+
+	sens = cpu_to_le32(l->sens);
+	items = fwrite(&sens, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+
+	if (!ebitmap_write(&l->cat, fp))
+		return -1;
+
+	return 0;
+}
+
+
+/*
+ * Write a MLS range structure to a policydb binary 
+ * representation file.
+ */
+static int mls_write_range_helper(mls_range_t * r,
+				  FILE * fp)
+{
+	__u32 buf[3];
+	int items, items2;
+	int rel;
+
+	rel = mls_level_relation(r->level[1], r->level[0]);
+
+	items = 1;		/* item 0 is used for the item count */
+	buf[items++] = cpu_to_le32(r->level[0].sens);
+	if (rel != MLS_RELATION_EQ)
+		buf[items++] = cpu_to_le32(r->level[1].sens);
+	buf[0] = cpu_to_le32(items - 1);
+
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items2 != items)
+		return -1;
+
+	if (!ebitmap_write(&r->level[0].cat, fp))
+		return -1;
+	if (rel != MLS_RELATION_EQ)
+		if (!ebitmap_write(&r->level[1].cat, fp))
+			return -1;
+
+	return 0;
+}
+
+int mls_write_range(context_struct_t * c,
+		    FILE * fp)
+{
+	return mls_write_range_helper(&c->range, fp);
+}
+
+
+/*
+ * Write a MLS perms structure to a policydb binary 
+ * representation file.
+ */
+int mls_write_class(class_datum_t * cladatum,
+		    FILE * fp)
+{
+	mls_perms_t *p = &cladatum->mlsperms;
+	__u32 buf[32];
+	int items, items2;
+
+	items = 0;
+	buf[items++] = cpu_to_le32(p->read);
+	buf[items++] = cpu_to_le32(p->readby);
+	buf[items++] = cpu_to_le32(p->write);
+	buf[items++] = cpu_to_le32(p->writeby);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items2 != items)
+		return -1;
+
+	return 0;
+}
+
+int mls_write_user(user_datum_t *usrdatum, FILE *fp)
+{
+	mls_range_list_t *r;
+	__u32 nel;
+	__u32 buf[32];
+	int items;
+
+	nel = 0;
+	for (r = usrdatum->ranges; r; r = r->next)
+		nel++;
+	buf[0] = cpu_to_le32(nel);
+	items = fwrite(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+	for (r = usrdatum->ranges; r; r = r->next) {
+		if (mls_write_range_helper(&r->range, fp))
+			return -1;
+	}
+	return 0;
+}
+
+int mls_write_nlevels(policydb_t *p, FILE *fp)
+{
+	__u32 buf[32];
+	size_t items;
+
+	buf[0] = cpu_to_le32(p->nlevels);
+	items = fwrite(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+	return 0;
+}
+
+int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	level_datum_t *levdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+	levdatum = (level_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(levdatum->isalias);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	if (mls_write_level(levdatum->level, fp))
+		return -1;
+
+	return 0;
+}
+
+int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	cat_datum_t *catdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+
+	catdatum = (cat_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(catdatum->value);
+	buf[items++] = cpu_to_le32(catdatum->isalias);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	return 0;
+}
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,137 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Multi-level security (MLS) policy operations.
+ */
+
+#ifndef _MLS_H_
+#define _MLS_H_
+
+#include "context.h"
+#include "policydb.h"
+#include "services.h"
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+void mls_compute_av(context_struct_t * scontext,
+		    context_struct_t * tcontext,
+		    class_datum_t * tclass,
+		    access_vector_t * allowed);
+
+int mls_compute_context_len(context_struct_t * context);
+
+int mls_sid_to_context(context_struct_t * context,
+		       char **scontext);
+
+int mls_context_isvalid(policydb_t *p, context_struct_t * c);
+
+int mls_context_to_sid(char oldc,
+	               char **scontext,
+		       context_struct_t * context);
+
+int mls_convert_context(policydb_t * oldp,
+			policydb_t * newp,
+			context_struct_t * context);
+
+int mls_compute_sid(context_struct_t *scontext,
+		    context_struct_t *tcontext,
+		    security_class_t tclass,
+		    __u32 specified,
+		    context_struct_t *newcontext);
+
+int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap);
+int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap);
+int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int sens_read(policydb_t * p, hashtab_t h, FILE * fp);
+int cat_read(policydb_t * p, hashtab_t h, FILE * fp);
+
+#define mls_for_user_ranges(user, usercon) { \
+mls_range_list_t *ranges; \
+for (ranges = user->ranges; ranges; ranges = ranges->next) { \
+usercon.range = ranges->range; 
+
+#define mls_end_user_ranges } } 
+
+#define mls_symtab_names , "levels", "categories"
+#define mls_symtab_sizes , 16, 16
+#define mls_index_f ,sens_index, cat_index
+#define mls_destroy_f ,sens_destroy, cat_destroy
+#define mls_read_f ,sens_read, cat_read
+#define mls_write_f ,sens_write, cat_write
+#define mls_policydb_index_others(p) printf(", %d levels", p->nlevels);
+
+#define mls_set_config(config) config |= POLICYDB_CONFIG_MLS
+
+void mls_user_destroy(user_datum_t *usrdatum);
+int mls_read_range(context_struct_t *c, FILE * fp);
+int mls_read_perm(perm_datum_t *perdatum, FILE *fp);
+int mls_read_class(class_datum_t *cladatum,  FILE * fp);
+int mls_read_user(user_datum_t *usrdatum, FILE *fp);
+int mls_read_nlevels(policydb_t *p, FILE *fp);
+
+#else
+
+#define	mls_compute_av(scontext, tcontext, tclass_datum, allowed)
+#define mls_compute_context_len(context) 0
+#define	mls_sid_to_context(context, scontextpp)
+#define mls_context_isvalid(p, c) 1
+#define	mls_context_to_sid(oldc, context_str, context) 0
+#define mls_convert_context(oldp, newp, c) 0
+#define mls_compute_sid(scontext, tcontext, tclass, specified, newcontextp) 0
+#define mls_for_user_ranges(user, usercon) 
+#define mls_end_user_ranges
+#define mls_symtab_names
+#define mls_symtab_sizes
+#define mls_index_f
+#define mls_destroy_f  
+#define mls_read_f 
+#define mls_write_f 
+#define mls_policydb_index_others(p) 
+#define mls_set_config(config) 
+#define mls_user_destroy(usrdatum) 
+#define mls_read_range(c, fp) 0
+#define mls_read_perm(p, fp) 0
+#define mls_read_class(c, fp) 0
+#define mls_read_user(u, fp) 0
+#define mls_read_nlevels(p, fp) 0
+
+#endif
+
+#ifndef __KERNEL__
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+
+int mls_write_range(context_struct_t * c,
+		    FILE * fp);
+
+int mls_write_class(class_datum_t * cladatum,
+		    FILE * fp);
+
+#define mls_write_perm(buf, items, perdatum) \
+     buf[items++] = cpu_to_le32(perdatum->base_perms);
+
+int mls_write_user(user_datum_t *usrdatum, FILE *fp);
+
+int mls_write_nlevels(policydb_t *p, FILE *fp);
+
+int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *p);
+int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *p);
+
+#else
+
+#define mls_write_range(c, fp) 0
+#define mls_write_class(c, fp) 0
+#define mls_write_perm(buf, items, perdatum) 
+#define mls_write_user(u, fp) 0
+#define mls_write_nlevels(p, fp) 0
+
+#endif
+
+#endif
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/mls_types.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,65 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Type definitions for the multi-level security (MLS) policy.
+ */
+
+#ifndef _MLS_TYPES_H_
+#define _MLS_TYPES_H_
+
+typedef struct mls_level {
+	__u32 sens; 	   /* sensitivity */
+	ebitmap_t cat;	   /* category set */
+} mls_level_t;
+
+typedef struct mls_range {
+	mls_level_t level[2]; /* low == level[0], high == level[1] */
+} mls_range_t;
+
+typedef struct mls_range_list {
+	mls_range_t range;
+	struct mls_range_list *next;
+} mls_range_list_t;
+
+#define MLS_RELATION_DOM	1 /* source dominates */
+#define MLS_RELATION_DOMBY	2 /* target dominates */
+#define MLS_RELATION_EQ		4 /* source and target are equivalent */
+#define MLS_RELATION_INCOMP	8 /* source and target are incomparable */
+
+#define mls_level_eq(l1,l2) \
+(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat))
+
+#define mls_level_relation(l1,l2) ( \
+(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat)) ? \
+				    MLS_RELATION_EQ : \
+(((l1).sens >= (l2).sens) && ebitmap_contains(&(l1).cat, &(l2).cat)) ? \
+				    MLS_RELATION_DOM : \
+(((l2).sens >= (l1).sens) && ebitmap_contains(&(l2).cat, &(l1).cat)) ? \
+				    MLS_RELATION_DOMBY : \
+				    MLS_RELATION_INCOMP )
+
+#define mls_range_contains(r1,r2) \
+((mls_level_relation((r1).level[0], (r2).level[0]) & \
+	  (MLS_RELATION_EQ | MLS_RELATION_DOMBY)) && \
+	 (mls_level_relation((r1).level[1], (r2).level[1]) & \
+	  (MLS_RELATION_EQ | MLS_RELATION_DOM)))
+
+/*
+ * Every access vector permission is mapped to a set of MLS base
+ * permissions, based on the flow properties of the corresponding
+ * operation.
+ */
+typedef struct mls_perms {
+	access_vector_t read;     /* permissions that map to `read' */
+	access_vector_t readby;   /* permissions that map to `readby' */
+	access_vector_t write;    /* permissions that map to `write' */
+	access_vector_t writeby;  /* permissions that map to `writeby' */
+} mls_perms_t;
+
+#endif
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/policydb.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1581 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the policy database.
+ */
+
+#include "policydb.h"
+#include "services.h"
+#include "mls.h"
+
+#if 0
+static char *symtab_name[SYM_NUM] = {
+	"common prefixes",
+	"classes",
+	"roles",
+	"types",
+	"users"
+	mls_symtab_names
+};
+#endif
+
+static unsigned int symtab_sizes[SYM_NUM] = {
+	2,
+	32,
+	16,
+	512,
+	128
+	mls_symtab_sizes
+};
+
+
+/* 
+ * Initialize the role table.
+ */
+int roles_init(policydb_t *p)
+{
+	char *key = 0;
+	role_datum_t *role;
+
+	role = malloc(sizeof(role_datum_t));
+	if (!role)
+		return -1;
+	memset(role, 0, sizeof(role_datum_t));
+	role->value = ++p->p_roles.nprim;
+	if (role->value != OBJECT_R_VAL)
+		return -1;
+	key = malloc(strlen(OBJECT_R)+1);
+	if (!key)
+		return -1;
+	strcpy(key, OBJECT_R);
+
+	if (hashtab_insert(p->p_roles.table, key, role))
+		return -1;
+	
+	return 0;
+}
+
+
+/*
+ * Initialize a policy database structure.
+ */
+int policydb_init(policydb_t * p)
+{
+	int i;
+
+	memset(p, 0, sizeof(policydb_t));
+
+	for (i = 0; i < SYM_NUM; i++) {
+		if (symtab_init(&p->symtab[i], symtab_sizes[i]))
+			return -1;
+	}
+
+	if (avtab_init(&p->te_avtab))
+		return -1;
+
+	if (roles_init(p))
+		return -1;
+
+	return 0;
+}
+
+
+/*
+ * The following *_index functions are used to
+ * define the val_to_name and val_to_struct arrays
+ * in a policy database structure.  The val_to_name
+ * arrays are used when converting security context
+ * structures into string representations.  The
+ * val_to_struct arrays are used when the attributes
+ * of a class, role, or user are needed.
+ */
+
+static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	common_datum_t *comdatum;
+
+
+	comdatum = (common_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	p->p_common_val_to_name[comdatum->value - 1] = (char *) key;
+
+	return 0;
+}
+
+
+static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	class_datum_t *cladatum;
+
+
+	cladatum = (class_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	p->p_class_val_to_name[cladatum->value - 1] = (char *) key;
+	p->class_val_to_struct[cladatum->value - 1] = cladatum;
+
+	return 0;
+}
+
+
+static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	role_datum_t *role;
+
+
+	role = (role_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	p->p_role_val_to_name[role->value - 1] = (char *) key;
+	p->role_val_to_struct[role->value - 1] = role;
+
+	return 0;
+}
+
+
+static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	type_datum_t *typdatum;
+
+
+	typdatum = (type_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	if (typdatum->primary)
+		p->p_type_val_to_name[typdatum->value - 1] = (char *) key;
+
+	return 0;
+}
+
+static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+	policydb_t *p;
+	user_datum_t *usrdatum;
+
+
+	usrdatum = (user_datum_t *) datum;
+	p = (policydb_t *) datap;
+
+	p->p_user_val_to_name[usrdatum->value - 1] = (char *) key;
+	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
+
+	return 0;
+}
+
+static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+	common_index,
+	class_index,
+	role_index,
+	type_index,
+	user_index
+	mls_index_f
+};
+
+
+/*
+ * Define the common val_to_name array and the class
+ * val_to_name and val_to_struct arrays in a policy
+ * database structure.  
+ */
+int policydb_index_classes(policydb_t * p)
+{
+	p->p_common_val_to_name = (char **)
+	    malloc(p->p_commons.nprim * sizeof(char *));
+	if (!p->p_common_val_to_name)
+		return -1;
+
+	if (hashtab_map(p->p_commons.table, common_index, p))
+		return -1;
+
+	p->class_val_to_struct = (class_datum_t **)
+	    malloc(p->p_classes.nprim * sizeof(class_datum_t *));
+	if (!p->class_val_to_struct)
+		return -1;
+
+	p->p_class_val_to_name = (char **)
+	    malloc(p->p_classes.nprim * sizeof(char *));
+	if (!p->p_class_val_to_name)
+		return -1;
+
+	if (hashtab_map(p->p_classes.table, class_index, p))
+		return -1;
+	return 0;
+}
+
+
+/*
+ * Define the other val_to_name and val_to_struct arrays
+ * in a policy database structure.  
+ */
+int policydb_index_others(policydb_t * p)
+{
+	int i;
+
+
+	printf("security:  %d users, %d roles, %d types",
+	       p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim);
+	mls_policydb_index_others(p);
+	printf("\n");
+
+	printf("security:  %d classes, %d rules\n",
+	       p->p_classes.nprim, p->te_avtab.nel);
+
+#if 0
+	avtab_hash_eval(&p->te_avtab, "rules");
+	for (i = 0; i < SYM_NUM; i++) 
+		hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
+#endif
+
+	p->role_val_to_struct = (role_datum_t **)
+	    malloc(p->p_roles.nprim * sizeof(role_datum_t *));
+	if (!p->role_val_to_struct)
+		return -1;
+
+	p->user_val_to_struct = (user_datum_t **)
+	    malloc(p->p_users.nprim * sizeof(user_datum_t *));
+	if (!p->user_val_to_struct)
+		return -1;
+
+	for (i = SYM_ROLES; i < SYM_NUM; i++) {
+		p->sym_val_to_name[i] = (char **)
+		    malloc(p->symtab[i].nprim * sizeof(char *));
+		if (!p->sym_val_to_name[i])
+			return -1;
+		if (hashtab_map(p->symtab[i].table, index_f[i], p))
+			return -1;
+	}
+
+	return 0;
+}
+
+
+/*
+ * The following *_destroy functions are used to
+ * free any memory allocated for each kind of
+ * symbol data in the policy database.
+ */
+
+static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	if (key)
+		free(key);
+	free(datum);
+	return 0;
+}
+
+
+static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	common_datum_t *comdatum;
+
+	if (key)
+		free(key);
+	comdatum = (common_datum_t *) datum;
+	hashtab_map(comdatum->permissions.table, perm_destroy, 0);
+	hashtab_destroy(comdatum->permissions.table);
+	free(datum);
+	return 0;
+}
+
+
+int constraint_expr_destroy(constraint_expr_t * expr)
+{
+	expr->count--;
+	if (expr->count == 0) {
+		ebitmap_destroy(&expr->names);
+		if (expr->left)
+			constraint_expr_destroy(expr->left);
+		if (expr->right)
+			constraint_expr_destroy(expr->right);
+		free(expr);
+	}
+	return 0;
+}
+
+
+static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	class_datum_t *cladatum;
+	constraint_node_t *constraint, *ctemp;
+
+	if (key)
+		free(key);
+	cladatum = (class_datum_t *) datum;
+	hashtab_map(cladatum->permissions.table, perm_destroy, 0);
+	hashtab_destroy(cladatum->permissions.table);
+	constraint = cladatum->constraints;
+	while (constraint) {
+		constraint_expr_destroy(constraint->expr);
+		ctemp = constraint;
+		constraint = constraint->next;
+		free(ctemp);
+	}
+	if (cladatum->comkey)
+		free(cladatum->comkey);
+	free(datum);
+	return 0;
+}
+
+static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	role_datum_t *role;
+
+	if (key)
+		free(key);
+	role = (role_datum_t *) datum;
+	ebitmap_destroy(&role->dominates);
+	ebitmap_destroy(&role->types);
+	free(datum);
+	return 0;
+}
+
+static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	if (key)
+		free(key);
+	free(datum);
+	return 0;
+}
+
+static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	user_datum_t *usrdatum;
+
+	if (key)
+		free(key);
+	usrdatum = (user_datum_t *) datum;
+	ebitmap_destroy(&usrdatum->roles);
+	mls_user_destroy(usrdatum);
+	free(datum);
+	return 0;
+}
+
+
+static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+	common_destroy,
+	class_destroy,
+	role_destroy,
+	type_destroy,
+	user_destroy
+	mls_destroy_f
+};
+
+
+/*
+ * Free any memory allocated by a policy database structure.
+ */
+void policydb_destroy(policydb_t * p)
+{
+	ocontext_t *c, *ctmp;
+	int i;
+
+	for (i = 0; i < SYM_NUM; i++) {
+		hashtab_map(p->symtab[i].table, destroy_f[i], 0);
+		hashtab_destroy(p->symtab[i].table);
+	}
+
+	for (i = 0; i < SYM_NUM; i++) {
+		if (p->sym_val_to_name[i])
+			free(p->sym_val_to_name[i]);
+	}
+
+	if (p->class_val_to_struct)
+		free(p->class_val_to_struct);
+	if (p->role_val_to_struct)
+		free(p->role_val_to_struct);
+	if (p->user_val_to_struct)
+		free(p->user_val_to_struct);
+
+	avtab_destroy(&p->te_avtab);
+
+	for (i = 0; i < OCON_NUM; i++) {
+		c = p->ocontexts[i];
+		while (c) {
+			ctmp = c;
+			c = c->next;
+			context_destroy(&ctmp->context[0]);
+			context_destroy(&ctmp->context[1]);
+			if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || i == OCON_DEVFS)
+				free(ctmp->u.name);
+			free(ctmp);
+		}
+	}
+
+	return;
+}
+
+
+/*
+ * Load the initial SIDs specified in a policy database
+ * structure into a SID table.
+ */
+int policydb_load_isids(policydb_t *p, sidtab_t *s) 
+{
+	ocontext_t *head, *c;
+
+	if (sidtab_init(s)) {
+		printf("security:  out of memory on SID table init\n");
+		return -1;
+	}
+
+	head = p->ocontexts[OCON_ISID];
+	for (c = head; c; c = c->next) {
+		if (!c->context[0].user) {
+			printf("security:  SID %s was never defined.\n", 
+			       c->u.name);
+			return -1;
+		}
+		if (sidtab_insert(s, c->sid[0], &c->context[0])) {
+			printf("security:  unable to load initial SID %s.\n", 
+			       c->u.name);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+
+/*
+ * Return TRUE if the fields in the security context 
+ * structure `c' are valid.  Return FALSE otherwise.
+ */
+int policydb_context_isvalid(policydb_t *p, context_struct_t *c)
+{
+	role_datum_t *role;
+	user_datum_t *usrdatum;
+
+
+	/*
+	 * Role must be authorized for the type.
+	 */
+	if (!c->role || c->role > p->p_roles.nprim)
+		return FALSE;
+
+	if (c->role != OBJECT_R_VAL) {
+		role = p->role_val_to_struct[c->role - 1];
+		if (!ebitmap_get_bit(&role->types,
+				     c->type - 1))
+			/* role may not be associated with type */
+			return FALSE;
+		
+		/*
+		 * User must be authorized for the role.
+		 */
+		if (!c->user || c->user > p->p_users.nprim)
+			return FALSE;
+		usrdatum = p->user_val_to_struct[c->user - 1];
+		if (!usrdatum)
+			return FALSE;
+
+		if (!ebitmap_get_bit(&usrdatum->roles,
+				     c->role - 1))
+			/* user may not be associated with role */
+			return FALSE;
+	}
+
+	if (!mls_context_isvalid(p, c))
+		return FALSE;
+
+	return TRUE;
+}
+
+
+/*
+ * Read and validate a security context structure
+ * from a policydb binary representation file.
+ */
+static int context_read_and_validate(context_struct_t * c,
+					policydb_t * p,
+					FILE * fp)
+{
+	__u32 buf[32];
+	size_t items;
+
+	items = fread(buf, sizeof(__u32), 3, fp);
+	if (items != 3) {
+		printf("security: context truncated\n");
+		return -1;
+	}
+	c->user = le32_to_cpu(buf[0]);
+	c->role = le32_to_cpu(buf[1]);
+	c->type = le32_to_cpu(buf[2]);
+	if (mls_read_range(c, fp)) {
+		printf("security: error reading MLS range of context\n");
+		return -1;
+	}
+
+	if (!policydb_context_isvalid(p, c)) {
+		printf("security:  invalid security context\n");
+		context_destroy(c);
+		return -1;
+	}
+	return 0;
+}
+
+
+/*
+ * The following *_read functions are used to
+ * read the symbol data from a policy database
+ * binary representation file.
+ */
+
+static int perm_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	perm_datum_t *perdatum;
+	__u32 buf[32], len;
+	int items, items2;
+
+	perdatum = malloc(sizeof(perm_datum_t));
+	if (!perdatum)
+		return -1;
+	memset(perdatum, 0, sizeof(perm_datum_t));
+
+	items = 2;
+	items2 = fread(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	perdatum->value = le32_to_cpu(buf[1]);
+	if (mls_read_perm(perdatum, fp))
+		goto bad;
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (hashtab_insert(h, key, perdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	perm_destroy(key, perdatum, NULL);
+	return -1;
+}
+
+
+static int common_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	common_datum_t *comdatum;
+	__u32 buf[32], len, nel;
+	int items, i;
+
+	comdatum = malloc(sizeof(common_datum_t));
+	if (!comdatum)
+		return -1;
+	memset(comdatum, 0, sizeof(common_datum_t));
+
+	items = fread(buf, sizeof(__u32), 4, fp);
+	if (items != 4)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	comdatum->value = le32_to_cpu(buf[1]);
+
+	if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
+		goto bad;
+	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
+	nel = le32_to_cpu(buf[3]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	for (i = 0; i < nel; i++) {
+		if (perm_read(p, comdatum->permissions.table, fp))
+			goto bad;
+	}
+
+	if (hashtab_insert(h, key, comdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	common_destroy(key, comdatum, NULL);
+	return -1;
+}
+
+
+static constraint_expr_t *
+ constraint_expr_read(FILE * fp)
+{
+	constraint_expr_t *expr;
+	__u32 buf[32];
+	int items;
+
+	expr = malloc(sizeof(constraint_expr_t));
+	if (!expr)
+		return NULL;
+	memset(expr, 0, sizeof(constraint_expr_t));
+
+	items = fread(buf, sizeof(__u32), 3, fp);
+	if (items != 3)
+		goto bad;
+
+	expr->expr_type = le32_to_cpu(buf[0]);
+	expr->attr = le32_to_cpu(buf[1]);
+	expr->op = le32_to_cpu(buf[2]);
+	expr->count = 1;
+	items = 0;
+
+	switch (expr->expr_type) {
+	case CEXPR_NAMES:
+		if (!ebitmap_read(&expr->names, fp))
+			goto bad;
+		break;
+	case CEXPR_AND:
+	case CEXPR_OR:
+		expr->left = constraint_expr_read(fp);
+		if (!expr->left)
+			goto bad;
+		expr->right = constraint_expr_read(fp);
+		if (!expr->right)
+			goto bad;
+		break;
+	case CEXPR_NOT:
+		expr->left = constraint_expr_read(fp);
+		if (!expr->left)
+			goto bad;
+		break;
+	}
+
+	return expr;
+
+      bad:
+	constraint_expr_destroy(expr);
+	return NULL;
+}
+
+
+static int class_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	class_datum_t *cladatum;
+	constraint_node_t *c, *l;
+	__u32 buf[32], len, len2, ncons, nel;
+	int items, i;
+
+	cladatum = (class_datum_t *) malloc(sizeof(class_datum_t));
+	if (!cladatum)
+		return -1;
+	memset(cladatum, 0, sizeof(class_datum_t));
+
+	items = fread(buf, sizeof(__u32), 6, fp);
+	if (items != 6)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	len2 = le32_to_cpu(buf[1]);
+	cladatum->value = le32_to_cpu(buf[2]);
+
+	if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
+		goto bad;
+	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
+	nel = le32_to_cpu(buf[4]);
+
+	ncons = le32_to_cpu(buf[5]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (len2) {
+		cladatum->comkey = malloc(len2 + 1);
+		if (!cladatum->comkey)
+			goto bad;
+		items = fread(cladatum->comkey, 1, len2, fp);
+		if (items != len2)
+			goto bad;
+		cladatum->comkey[len2] = 0;
+
+		cladatum->comdatum = hashtab_search(p->p_commons.table,
+						    cladatum->comkey);
+		if (!cladatum->comdatum) {
+			printf("security:  unknown common %s\n", cladatum->comkey);
+			goto bad;
+		}
+	}
+	for (i = 0; i < nel; i++) {
+		if (perm_read(p, cladatum->permissions.table, fp))
+			goto bad;
+	}
+
+	l = NULL;
+	for (i = 0; i < ncons; i++) {
+		c = malloc(sizeof(constraint_node_t));
+		if (!c)
+			goto bad;
+		memset(c, 0, sizeof(constraint_node_t));
+		items = fread(buf, sizeof(__u32), 1, fp);
+		if (items != 1)
+			goto bad;
+		c->permissions = le32_to_cpu(buf[0]);
+		c->expr = constraint_expr_read(fp);
+		if (!c->expr)
+			goto bad;
+		if (l) {
+			l->next = c;
+		} else {
+			cladatum->constraints = c;
+		}
+		l = c;
+
+	}
+
+	if (mls_read_class(cladatum, fp))
+		goto bad;
+
+	if (hashtab_insert(h, key, cladatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	class_destroy(key, cladatum, NULL);
+	return -1;
+}
+
+
+static int role_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	role_datum_t *role;
+	__u32 buf[32], len;
+	int items;
+
+	role = malloc(sizeof(role_datum_t));
+	if (!role)
+		return -1;
+	memset(role, 0, sizeof(role_datum_t));
+
+	items = fread(buf, sizeof(__u32), 2, fp);
+	if (items != 2)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	role->value = le32_to_cpu(buf[1]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (!ebitmap_read(&role->dominates, fp))
+		goto bad;
+
+	if (!ebitmap_read(&role->types, fp))
+		goto bad;
+
+	if (strcmp(key, OBJECT_R) == 0) {
+		if (role->value != OBJECT_R_VAL) {
+			printf("Role %s has wrong value %d\n",
+			       OBJECT_R, role->value);
+			role_destroy(key, role, NULL);
+			return -1;
+		}
+		role_destroy(key, role, NULL);
+		return 0;
+	}
+
+	if (hashtab_insert(h, key, role))
+		goto bad;
+
+	return 0;
+
+      bad:
+	role_destroy(key, role, NULL);
+	return -1;
+}
+
+
+static int type_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	type_datum_t *typdatum;
+	__u32 buf[32], len;
+	int items;
+
+	typdatum = malloc(sizeof(type_datum_t));
+	if (!typdatum)
+		return -1;
+	memset(typdatum, 0, sizeof(type_datum_t));
+
+	items = fread(buf, sizeof(__u32), 3, fp);
+	if (items != 3)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	typdatum->value = le32_to_cpu(buf[1]);
+	typdatum->primary = le32_to_cpu(buf[2]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (hashtab_insert(h, key, typdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	type_destroy(key, typdatum, NULL);
+	return -1;
+}
+
+static int user_read(policydb_t * p, hashtab_t h, FILE * fp)
+{
+	char *key = 0;
+	user_datum_t *usrdatum;
+	__u32 buf[32], len;
+	int items;
+
+
+	usrdatum = malloc(sizeof(user_datum_t));
+	if (!usrdatum)
+		return -1;
+	memset(usrdatum, 0, sizeof(user_datum_t));
+
+	items = fread(buf, sizeof(__u32), 2, fp);
+	if (items != 2)
+		goto bad;
+
+	len = le32_to_cpu(buf[0]);
+	usrdatum->value = le32_to_cpu(buf[1]);
+
+	key = malloc(len + 1);
+	if (!key)
+		goto bad;
+	items = fread(key, 1, len, fp);
+	if (items != len)
+		goto bad;
+	key[len] = 0;
+
+	if (!ebitmap_read(&usrdatum->roles, fp))
+		goto bad;
+
+	if (mls_read_user(usrdatum, fp))
+		goto bad;
+
+	if (hashtab_insert(h, key, usrdatum))
+		goto bad;
+
+	return 0;
+
+      bad:
+	user_destroy(key, usrdatum, NULL);
+	return -1;
+}
+
+
+static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, FILE * fp) =
+{
+	common_read,
+	class_read,
+	role_read,
+	type_read,
+	user_read
+	mls_read_f
+};
+
+#define mls_config(x) \
+       ((x) & POLICYDB_CONFIG_MLS) ? "mls" : "no_mls"
+
+/*
+ * Read the configuration data from a policy database binary
+ * representation file into a policy database structure.
+ */
+int policydb_read(policydb_t * p, FILE * fp)
+{
+	struct role_allow *ra, *lra;
+	struct role_trans *tr, *ltr;
+	ocontext_t *c, *l;
+	int i, j;
+	__u32 buf[32], len, config, nprim, nel;
+	size_t items;
+
+
+	config = 0;
+	mls_set_config(config);
+	items = fread(buf, sizeof(__u32), 4, fp);
+	if (items != 4) {
+		return -1;
+	}
+	for (i = 0; i < 4; i++)
+		buf[i] = le32_to_cpu(buf[i]);
+
+	if (buf[0] != POLICYDB_VERSION) {
+		printf("security:  policydb version %d does not match my version %d\n", buf[0], POLICYDB_VERSION);
+		return -1;
+	}
+	if (buf[1] != config) {
+		printf("security:  policydb configuration (%s) does not match my configuration (%s)\n",
+		       mls_config(buf[1]),
+		       mls_config(config));
+		return -1;
+	}
+	if (buf[2] != SYM_NUM || buf[3] != OCON_NUM) {
+		printf("security:  policydb table sizes (%d,%d) do not match mine (%d,%d)\n", buf[2], buf[3], SYM_NUM, OCON_NUM);
+		return -1;
+	}
+
+	if (policydb_init(p))
+		return -1;
+
+	if (mls_read_nlevels(p, fp))
+		return -1;
+
+	for (i = 0; i < SYM_NUM; i++) {
+		items = fread(buf, sizeof(__u32), 2, fp);
+		if (items != 2)
+			goto bad;
+		nprim = le32_to_cpu(buf[0]);
+		nel = le32_to_cpu(buf[1]);
+		for (j = 0; j < nel; j++) {
+			if (read_f[i] (p, p->symtab[i].table, fp))
+				goto bad;
+		}
+
+		p->symtab[i].nprim = nprim;
+	}
+
+	if (avtab_read(&p->te_avtab, fp, config))
+		goto bad;
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		goto bad;
+	nel = le32_to_cpu(buf[0]);
+	ltr = NULL;
+	for (i = 0; i < nel; i++) {
+		tr = malloc(sizeof(struct role_trans));
+		if (!tr) {
+			goto bad;
+		}
+		memset(tr, 0, sizeof(struct role_trans));
+		if (ltr) {
+			ltr->next = tr;
+		} else {
+			p->role_tr = tr;
+		}
+		items = fread(buf, sizeof(__u32), 3, fp);
+		if (items != 3)
+			goto bad;
+		tr->role = le32_to_cpu(buf[0]);
+		tr->type = le32_to_cpu(buf[1]);
+		tr->new_role = le32_to_cpu(buf[2]);
+		ltr = tr;
+	}
+
+	items = fread(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		goto bad;
+	nel = le32_to_cpu(buf[0]);
+	lra = NULL;
+	for (i = 0; i < nel; i++) {
+		ra = malloc(sizeof(struct role_allow));
+		if (!ra) {
+			goto bad;
+		}
+		memset(ra, 0, sizeof(struct role_allow));
+		if (lra) {
+			lra->next = ra;
+		} else {
+			p->role_allow = ra;
+		}
+		items = fread(buf, sizeof(__u32), 2, fp);
+		if (items != 2)
+			goto bad;
+		ra->role = le32_to_cpu(buf[0]);
+		ra->new_role = le32_to_cpu(buf[1]);
+		lra = ra;
+	}
+
+	if (policydb_index_classes(p))
+		goto bad;
+
+	if (policydb_index_others(p))
+		goto bad;
+
+	for (i = 0; i < OCON_NUM; i++) {
+		items = fread(buf, sizeof(__u32), 1, fp);
+		if (items != 1)
+			goto bad;
+		nel = le32_to_cpu(buf[0]);
+		l = NULL;
+		for (j = 0; j < nel; j++) {
+			c = malloc(sizeof(ocontext_t));
+			if (!c) {
+				goto bad;
+			}
+			memset(c, 0, sizeof(ocontext_t));
+			if (l) {
+				l->next = c;
+			} else {
+				p->ocontexts[i] = c;
+			}
+			l = c;
+			switch (i) {
+			case OCON_ISID:
+				items = fread(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					goto bad;
+				c->sid[0] = le32_to_cpu(buf[0]);
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				break;
+			case OCON_FS:
+			case OCON_NETIF:
+				items = fread(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					goto bad;
+				len = le32_to_cpu(buf[0]);
+				c->u.name = malloc(len + 1);
+				if (!c->u.name) {
+					goto bad;
+				}
+				items = fread(c->u.name, 1, len, fp);
+				if (items != len)
+					goto bad;
+				c->u.name[len] = 0;
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				if (context_read_and_validate(&c->context[1], p, fp))
+					goto bad;
+				break;
+			case OCON_PORT:
+				items = fread(buf, sizeof(__u32), 3, fp);
+				if (items != 3)
+					goto bad;
+				c->u.port.protocol = le32_to_cpu(buf[0]);
+				c->u.port.low_port = le32_to_cpu(buf[1]);
+				c->u.port.high_port = le32_to_cpu(buf[2]);
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				break;
+			case OCON_NODE:
+				items = fread(buf, sizeof(__u32), 2, fp);
+				if (items != 2)
+					goto bad;
+				c->u.node.addr = le32_to_cpu(buf[0]);
+				c->u.node.mask = le32_to_cpu(buf[1]);
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				break;
+			case OCON_NFS:
+				items = fread(buf, sizeof(__u32), 2, fp);
+				if (items != 2)
+					goto bad;
+				c->u.node.addr = le32_to_cpu(buf[0]);
+				c->u.node.mask = le32_to_cpu(buf[1]);
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				if (context_read_and_validate(&c->context[1], p, fp))
+					goto bad;
+				break;
+			case OCON_DEVFS:
+				items = fread(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					goto bad;
+				len = le32_to_cpu(buf[0]);
+				c->u.name = malloc(len + 1);
+				if (!c->u.name) {
+					goto bad;
+				}
+				items = fread(c->u.name, 1, len, fp);
+				if (items != len)
+					goto bad;
+				c->u.name[len] = 0;
+				items = fread(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					goto bad;
+				c->sclass = le32_to_cpu(buf[0]);
+				if (context_read_and_validate(&c->context[0], p, fp))
+					goto bad;
+				break;
+			}
+		}
+	}
+
+	return 0;
+      bad:
+	policydb_destroy(p);
+	return -1;
+}
+
+
+#ifndef __KERNEL__
+
+/*
+ * Write a security context structure
+ * to a policydb binary representation file.
+ */
+static int context_write(context_struct_t * c, FILE * fp)
+{
+	__u32 buf[32];
+	size_t items, items2;
+
+	items = 0;
+	buf[items++] = cpu_to_le32(c->user);
+	buf[items++] = cpu_to_le32(c->role);
+	buf[items++] = cpu_to_le32(c->type);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items2 != items)
+		return -1;
+	if (mls_write_range(c, fp))
+		return -1;
+
+	return 0;
+}
+
+
+/*
+ * The following *_write functions are used to
+ * write the symbol data to a policy database
+ * binary representation file.
+ */
+
+static int perm_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	perm_datum_t *perdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+	perdatum = (perm_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(perdatum->value);
+	mls_write_perm(buf, items, perdatum);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	return 0;
+}
+
+
+static int common_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	common_datum_t *comdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+	comdatum = (common_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(comdatum->value);
+	buf[items++] = cpu_to_le32(comdatum->permissions.nprim);
+	buf[items++] = cpu_to_le32(comdatum->permissions.table->nel);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	if (hashtab_map(comdatum->permissions.table, perm_write, fp))
+		return -1;
+
+	return 0;
+}
+
+
+static int constraint_expr_write(constraint_expr_t * expr, FILE * fp)
+{
+	__u32 buf[32];
+	int items, items2;
+
+	items = 0;
+	buf[items++] = cpu_to_le32(expr->expr_type);
+	buf[items++] = cpu_to_le32(expr->attr);
+	buf[items++] = cpu_to_le32(expr->op);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	switch (expr->expr_type) {
+	case CEXPR_NAMES:
+		if (!ebitmap_write(&expr->names, fp))
+			return -1;
+		break;
+	default:
+		break;
+	}
+
+	if (expr->left) {
+		if (constraint_expr_write(expr->left, fp))
+			return -1;
+	}
+	if (expr->right) {
+		if (constraint_expr_write(expr->right, fp))
+			return -1;
+	}
+	return 0;
+}
+
+
+static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	class_datum_t *cladatum;
+	constraint_node_t *c;
+	__u32 buf[32], len, len2, ncons;
+	int items, items2;
+	FILE *fp = p;
+
+	cladatum = (class_datum_t *) datum;
+
+	len = strlen(key);
+	if (cladatum->comkey)
+		len2 = strlen(cladatum->comkey);
+	else
+		len2 = 0;
+
+	ncons = 0;
+	for (c = cladatum->constraints; c; c = c->next) {
+		ncons++;
+	}
+
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(len2);
+	buf[items++] = cpu_to_le32(cladatum->value);
+	buf[items++] = cpu_to_le32(cladatum->permissions.nprim);
+	if (cladatum->permissions.table) 
+		buf[items++] = cpu_to_le32(cladatum->permissions.table->nel);
+	else
+		buf[items++] = 0;
+	buf[items++] = cpu_to_le32(ncons);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	if (cladatum->comkey) {
+		items = fwrite(cladatum->comkey, 1, len2, fp);
+		if (items != len2)
+			return -1;
+	}
+	if (hashtab_map(cladatum->permissions.table, perm_write, fp))
+		return -1;
+
+	for (c = cladatum->constraints; c; c = c->next) {
+		buf[0] = cpu_to_le32(c->permissions);
+		items = fwrite(buf, sizeof(__u32), 1, fp);
+		if (items != 1)
+			return -1;
+		if (constraint_expr_write(c->expr, fp))
+			return -1;
+	}
+
+	if (mls_write_class(cladatum, fp))
+		return -1;
+
+	return 0;
+}
+
+static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	role_datum_t *role;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+	role = (role_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(role->value);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	if (!ebitmap_write(&role->dominates, fp))
+		return -1;
+
+	if (!ebitmap_write(&role->types, fp))
+		return -1;
+
+	return 0;
+}
+
+static int type_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	type_datum_t *typdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+	typdatum = (type_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(typdatum->value);
+	buf[items++] = cpu_to_le32(typdatum->primary);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	return 0;
+}
+
+static int user_write(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	user_datum_t *usrdatum;
+	__u32 buf[32], len;
+	int items, items2;
+	FILE *fp = p;
+
+
+	usrdatum = (user_datum_t *) datum;
+
+	len = strlen(key);
+	items = 0;
+	buf[items++] = cpu_to_le32(len);
+	buf[items++] = cpu_to_le32(usrdatum->value);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	items = fwrite(key, 1, len, fp);
+	if (items != len)
+		return -1;
+
+	if (!ebitmap_write(&usrdatum->roles, fp))
+		return -1;
+
+	return mls_write_user(usrdatum, fp);
+}
+
+
+static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
+{
+	common_write,
+	class_write,
+	role_write,
+	type_write,
+	user_write
+	mls_write_f
+};
+
+
+/*
+ * Write the configuration data in a policy database
+ * structure to a policy database binary representation
+ * file.
+ */
+int policydb_write(policydb_t * p, FILE * fp)
+{
+	struct role_allow *ra;
+	struct role_trans *tr;
+	ocontext_t *c;
+	int i, j;
+	__u32 buf[32], len, config, nel;
+	size_t items, items2;
+
+	config = 0;
+	mls_set_config(config);
+
+	items = 0;
+	buf[items++] = cpu_to_le32(POLICYDB_VERSION);
+	buf[items++] = cpu_to_le32(config);
+	buf[items++] = cpu_to_le32(SYM_NUM);
+	buf[items++] = cpu_to_le32(OCON_NUM);
+	items2 = fwrite(buf, sizeof(__u32), items, fp);
+	if (items != items2)
+		return -1;
+
+	if (mls_write_nlevels(p, fp))
+		return -1;
+
+	for (i = 0; i < SYM_NUM; i++) {
+		buf[0] = cpu_to_le32(p->symtab[i].nprim);
+		buf[1] = cpu_to_le32(p->symtab[i].table->nel);
+		items = fwrite(buf, sizeof(__u32), 2, fp);
+		if (items != 2)
+			return -1;
+		if (hashtab_map(p->symtab[i].table, write_f[i], fp))
+			return -1;
+	}
+
+	if (avtab_write(&p->te_avtab, fp))
+		return -1;
+
+	nel = 0;
+	for (tr = p->role_tr; tr; tr = tr->next) 
+		nel++;
+	buf[0] = cpu_to_le32(nel);
+	items = fwrite(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+	for (tr = p->role_tr; tr; tr = tr->next) {
+		buf[0] = cpu_to_le32(tr->role);
+		buf[1] = cpu_to_le32(tr->type);
+		buf[2] = cpu_to_le32(tr->new_role);
+		items = fwrite(buf, sizeof(__u32), 3, fp);
+		if (items != 3)
+			return -1;		
+	}
+
+	nel = 0;
+	for (ra = p->role_allow; ra; ra = ra->next) 
+		nel++;
+	buf[0] = cpu_to_le32(nel);
+	items = fwrite(buf, sizeof(__u32), 1, fp);
+	if (items != 1)
+		return -1;
+	for (ra = p->role_allow; ra; ra = ra->next) {
+		buf[0] = cpu_to_le32(ra->role);
+		buf[1] = cpu_to_le32(ra->new_role);
+		items = fwrite(buf, sizeof(__u32), 2, fp);
+		if (items != 2)
+			return -1;		
+	}
+
+	for (i = 0; i < OCON_NUM; i++) {
+		nel = 0;
+		for (c = p->ocontexts[i]; c; c = c->next)
+			nel++;
+		buf[0] = cpu_to_le32(nel);
+		items = fwrite(buf, sizeof(__u32), 1, fp);
+		if (items != 1)
+			return -1;
+		for (c = p->ocontexts[i]; c; c = c->next) {
+			switch (i) {
+			case OCON_ISID:
+				buf[0] = cpu_to_le32(c->sid[0]);
+				items = fwrite(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				break;
+			case OCON_FS:
+			case OCON_NETIF:
+				len = strlen(c->u.name);
+				buf[0] = cpu_to_le32(len);
+				items = fwrite(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					return -1;
+				items = fwrite(c->u.name, 1, len, fp);
+				if (items != len)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				if (context_write(&c->context[1], fp))
+					return -1;
+				break;
+			case OCON_PORT:
+				buf[0] = c->u.port.protocol;
+				buf[1] = c->u.port.low_port;
+				buf[2] = c->u.port.high_port;
+				for (j = 0; j < 3; j++) {
+					buf[j] = cpu_to_le32(buf[j]);
+				}
+				items = fwrite(buf, sizeof(__u32), 3, fp);
+				if (items != 3)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				break;
+			case OCON_NODE:
+				buf[0] = cpu_to_le32(c->u.node.addr);
+				buf[1] = cpu_to_le32(c->u.node.mask);
+				items = fwrite(buf, sizeof(__u32), 2, fp);
+				if (items != 2)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				break;
+			case OCON_NFS:
+				buf[0] = cpu_to_le32(c->u.node.addr);
+				buf[1] = cpu_to_le32(c->u.node.mask);
+				items = fwrite(buf, sizeof(__u32), 2, fp);
+				if (items != 2)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				if (context_write(&c->context[1], fp))
+					return -1;
+				break;
+			case OCON_DEVFS:
+				len = strlen(c->u.name);
+				buf[0] = cpu_to_le32(len);
+				items = fwrite(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					return -1;
+				items = fwrite(c->u.name, 1, len, fp);
+				if (items != len)
+					return -1;
+				buf[0] = cpu_to_le32(c->sclass);
+				items = fwrite(buf, sizeof(__u32), 1, fp);
+				if (items != 1)
+					return -1;
+				if (context_write(&c->context[0], fp))
+					return -1;
+				break;
+			}
+		}
+	}
+
+	return 0;
+}
+
+#endif
+
diff --minimal -Nru a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/policydb.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,241 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A policy database (policydb) specifies the 
+ * configuration data for the security policy.
+ */
+
+#ifndef _POLICYDB_H_
+#define _POLICYDB_H_
+
+#include "symtab.h"
+#include "avtab.h"
+#include "sidtab.h"
+#include "context.h"
+#include "constraint.h"
+
+
+/*
+ * A datum type is defined for each kind of symbol 
+ * in the configuration data:  individual permissions, 
+ * common prefixes for access vectors, classes,
+ * users, roles, types, sensitivities, categories, etc.
+ */
+
+/* Permission attributes */
+typedef struct perm_datum {
+	__u32 value;		/* permission bit + 1 */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+#define MLS_BASE_READ    1	/* MLS base permission `read' */
+#define MLS_BASE_WRITE   2	/* MLS base permission `write' */
+#define MLS_BASE_READBY  4	/* MLS base permission `readby' */
+#define MLS_BASE_WRITEBY 8	/* MLS base permission `writeby' */
+	__u32 base_perms;		/* MLS base permission mask */
+#endif
+} perm_datum_t;
+
+/* Attributes of a common prefix for access vectors */
+typedef struct common_datum {
+	__u32 value;		/* internal common value */
+	symtab_t permissions;	/* common permissions */
+} common_datum_t;
+
+/* Class attributes */
+typedef struct class_datum {
+	__u32 value;		/* class value */
+	char *comkey;		/* common name */
+	common_datum_t *comdatum;	/* common datum */
+	symtab_t permissions;	/* class-specific permission symbol table */
+	constraint_node_t *constraints;		/* constraints on class permissions */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+	mls_perms_t mlsperms;	/* MLS base permission masks */
+#endif
+} class_datum_t;
+
+/* Role attributes */
+typedef struct role_datum {
+	__u32 value;		/* internal role value */
+	ebitmap_t dominates;	/* set of roles dominated by this role */
+	ebitmap_t types;	/* set of authorized types for role */
+} role_datum_t;
+
+typedef struct role_trans {
+	__u32 role;		/* current role */
+	__u32 type;		/* program executable type */
+	__u32 new_role;		/* new role */
+	struct role_trans *next;
+} role_trans_t;
+
+typedef struct role_allow {
+	__u32 role;		/* current role */
+	__u32 new_role;		/* new role */
+	struct role_allow *next;
+} role_allow_t;
+
+/* Type attributes */
+typedef struct type_datum {
+	__u32 value;		/* internal type value */
+	unsigned char primary;	/* primary name? */
+#ifndef __KERNEL__
+	unsigned char isattr;   /* is this a type attribute? */
+	ebitmap_t types;        /* types with this attribute */
+#endif
+} type_datum_t;
+
+/* User attributes */
+typedef struct user_datum {
+	__u32 value;		/* internal user value */
+	ebitmap_t roles;	/* set of authorized roles for user */
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+	mls_range_list_t *ranges;	/* list of authorized MLS ranges for user */
+#endif
+} user_datum_t;
+
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+/* Sensitivity attributes */
+typedef struct level_datum {
+	mls_level_t *level;	/* sensitivity and associated categories */
+	unsigned char isalias;  /* is this sensitivity an alias for another? */
+} level_datum_t;
+
+/* Category attributes */
+typedef struct cat_datum {
+	__u32 value;		/* internal category bit + 1 */
+	unsigned char isalias;  /* is this category an alias for another? */
+} cat_datum_t;
+#endif
+
+
+/*
+ * The configuration data includes security contexts for 
+ * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 
+ * network interfaces, nodes, and NFS servers.  This structure stores the
+ * relevant data for one such entry.  Entries of the same kind
+ * (e.g. all initial SIDs) are linked together into a list.
+ */
+typedef struct ocontext {
+	union {
+		char *name;	/* name of initial SID, fs, devfs entry or netif */
+		struct {
+			__u8 protocol;
+			__u16 low_port;
+			__u16 high_port;
+		} port;		/* TCP or UDP port information */
+		struct {
+			__u32 addr;
+			__u32 mask;
+		} node;		/* node or NFS information */
+	} u;
+        __u32 sclass;
+	context_struct_t context[2];	/* security context(s) */
+	security_id_t sid[2];	/* SID(s) */
+	struct ocontext *next;
+} ocontext_t;
+
+
+/* symbol table array indices */
+#define SYM_COMMONS 0
+#define SYM_CLASSES 1
+#define SYM_ROLES   2
+#define SYM_TYPES   3
+#define SYM_USERS   4
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+#define SYM_LEVELS  5
+#define SYM_CATS    6
+#define SYM_NUM     7
+#else
+#define SYM_NUM     5
+#endif
+
+/* object context array indices */
+#define OCON_ISID  0	/* initial SIDs */
+#define OCON_FS    1	/* unlabeled file systems */
+#define OCON_PORT  2	/* TCP and UDP port numbers */
+#define OCON_NETIF 3	/* network interfaces */
+#define OCON_NODE  4	/* nodes */
+#define OCON_NFS   5	/* NFS */
+#define OCON_DEVFS 6	/* devfs */
+#define OCON_NUM   7
+
+/* The policy database */
+typedef struct policydb {
+	/* symbol tables */
+	symtab_t symtab[SYM_NUM];
+#define p_commons symtab[SYM_COMMONS]
+#define p_classes symtab[SYM_CLASSES]
+#define p_roles symtab[SYM_ROLES]
+#define p_types symtab[SYM_TYPES]
+#define p_users symtab[SYM_USERS]
+#define p_levels symtab[SYM_LEVELS]
+#define p_cats symtab[SYM_CATS]
+
+	/* symbol names indexed by (value - 1) */
+	char **sym_val_to_name[SYM_NUM];
+#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
+#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
+#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
+#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
+#define p_user_val_to_name sym_val_to_name[SYM_USERS]
+#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
+#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
+
+	/* class, role, and user attributes indexed by (value - 1) */
+	class_datum_t **class_val_to_struct;
+	role_datum_t **role_val_to_struct;
+	user_datum_t **user_val_to_struct;
+
+	/* type enforcement access vectors and transitions */
+	avtab_t te_avtab;
+
+	/* role transitions */
+	role_trans_t *role_tr;
+
+	/* role allows */
+	role_allow_t *role_allow;
+
+	/* security contexts of initial SIDs, unlabeled file systems,
+	   TCP or UDP port numbers, network interfaces, nodes, NFS servers */
+	ocontext_t *ocontexts[OCON_NUM];
+
+#ifdef CONFIG_SECURITY_SELINUX_MLS
+	/* number of legitimate MLS levels */
+	__u32 nlevels;
+#endif
+} policydb_t;
+
+extern int policydb_init(policydb_t * p);
+
+extern int policydb_index_classes(policydb_t * p);
+
+extern int policydb_index_others(policydb_t * p);
+
+extern int constraint_expr_destroy(constraint_expr_t * expr);
+
+extern void policydb_destroy(policydb_t * p);
+
+extern int policydb_load_isids(policydb_t *p, sidtab_t *s);
+
+extern int policydb_context_isvalid(policydb_t *p, context_struct_t *c);
+
+extern int policydb_read(policydb_t * p, FILE * fp);
+
+#ifndef __KERNEL__
+int policydb_write(policydb_t * p, FILE * fp);
+#endif
+
+#define PERM_SYMTAB_SIZE 32
+
+#define POLICYDB_VERSION 8
+#define POLICYDB_CONFIG_MLS    1
+
+#define OBJECT_R "object_r"
+#define OBJECT_R_VAL 1
+
+#endif	/* _POLICYDB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/queue.c b/security/selinux/ss/queue.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/queue.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,192 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the double-ended queue type.
+ */
+
+#include "queue.h"
+
+queue_t
+queue_create(void)
+{
+	queue_t q;
+
+	q = (queue_t) malloc(sizeof(struct queue_info));
+	if (q == NULL)
+		return NULL;
+
+	q->head = q->tail = NULL;
+
+	return q;
+}
+
+int queue_insert(queue_t q, queue_element_t e)
+{
+	queue_node_ptr_t newnode;
+
+
+	if (!q)
+		return -1;
+
+	newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+	if (newnode == NULL)
+		return -1;
+
+	newnode->element = e;
+	newnode->next = NULL;
+
+	if (q->head == NULL) {
+		q->head = q->tail = newnode;
+	} else {
+		q->tail->next = newnode;
+		q->tail = newnode;
+	}
+
+	return 0;
+}
+
+int queue_push(queue_t q, queue_element_t e)
+{
+	queue_node_ptr_t newnode;
+
+
+	if (!q)
+		return -1;
+
+	newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+	if (newnode == NULL)
+		return -1;
+
+	newnode->element = e;
+	newnode->next = NULL;
+
+	if (q->head == NULL) {
+		q->head = q->tail = newnode;
+	} else {
+		newnode->next = q->head;
+		q->head = newnode;
+	}
+
+	return 0;
+}
+
+queue_element_t
+queue_remove(queue_t q)
+{
+	queue_node_ptr_t node;
+	queue_element_t e;
+
+
+	if (!q)
+		return NULL;
+
+	if (q->head == NULL)
+		return NULL;
+
+	node = q->head;
+	q->head = q->head->next;
+	if (q->head == NULL)
+		q->tail = NULL;
+
+	e = node->element;
+	free(node);
+
+	return e;
+}
+
+queue_element_t
+queue_head(queue_t q)
+{
+	if (!q)
+		return NULL;
+
+	if (q->head == NULL)
+		return NULL;
+
+	return q->head->element;
+}
+
+void queue_destroy(queue_t q)
+{
+	queue_node_ptr_t p, temp;
+
+
+	if (!q)
+		return;
+
+	p = q->head;
+	while (p != NULL) {
+		temp = p;
+		p = p->next;
+		free(temp);
+	}
+
+	free(q);
+}
+
+int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
+{
+	queue_node_ptr_t p;
+	int ret;
+
+
+	if (!q)
+		return 0;
+
+	p = q->head;
+	while (p != NULL) {
+		ret = f(p->element, vp);
+		if (ret)
+			return ret;
+		p = p->next;
+	}
+	return 0;
+}
+
+
+void queue_map_remove_on_error(queue_t q,
+			       int (*f) (queue_element_t, void *),
+			       void (*g) (queue_element_t, void *),
+			       void *vp)
+{
+	queue_node_ptr_t p, last, temp;
+	int ret;
+
+
+	if (!q)
+		return;
+
+	last = NULL;
+	p = q->head;
+	while (p != NULL) {
+		ret = f(p->element, vp);
+		if (ret) {
+			if (last) {
+				last->next = p->next;
+				if (last->next == NULL)
+					q->tail = last;
+			} else {
+				q->head = p->next;
+				if (q->head == NULL)
+					q->tail = NULL;
+			}
+
+			temp = p;
+			p = p->next;
+			g(temp->element, vp);
+			free(temp);
+		} else {
+			last = p;
+			p = p->next;
+		}
+	}
+
+	return;
+}
+
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/queue.h b/security/selinux/ss/queue.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/queue.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,65 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/* 
+ * A double-ended queue is a singly linked list of 
+ * elements of arbitrary type that may be accessed
+ * at either end.
+ */
+
+#ifndef _QUEUE_H_
+#define _QUEUE_H_
+
+typedef void *queue_element_t;
+
+typedef struct queue_node *queue_node_ptr_t;
+
+typedef struct queue_node {
+	queue_element_t element;
+	queue_node_ptr_t next;
+} queue_node_t;
+
+typedef struct queue_info {
+	queue_node_ptr_t head;
+	queue_node_ptr_t tail;
+} queue_info_t;
+
+typedef queue_info_t *queue_t;
+
+queue_t queue_create(void);
+int queue_insert(queue_t, queue_element_t);
+int queue_push(queue_t, queue_element_t);
+queue_element_t queue_remove(queue_t);
+queue_element_t queue_head(queue_t);
+void queue_destroy(queue_t);
+
+/* 
+   Applies the specified function f to each element in the
+   specified queue. 
+
+   In addition to passing the element to f, queue_map
+   passes the specified void* pointer to f on each invocation.
+
+   If f returns a non-zero status, then queue_map will cease
+   iterating through the hash table and will propagate the error
+   return to its caller.
+ */
+int queue_map(queue_t, int (*f) (queue_element_t, void *), void *);
+
+/*
+   Same as queue_map, except that if f returns a non-zero status,
+   then the element will be removed from the queue and the g
+   function will be applied to the element. 
+ */
+void queue_map_remove_on_error(queue_t,
+			       int (*f) (queue_element_t, void *),
+			       void (*g) (queue_element_t, void *),
+			       void *);
+
+#endif
+
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services.c b/security/selinux/ss/services.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,1315 @@
+
+/*
+ * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> 
+ *
+ * The security server was originally written while I was employed by NSA,
+ * and has undergone some revisions since I joined NAI Labs, but is largely
+ * unchanged.
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the security services.
+ */
+
+#include "context.h"
+#include "policydb.h"
+#include "services.h"
+#include "sidtab.h"
+#include "mls.h"
+#include "services_private.h"
+
+sidtab_t sidtab;
+policydb_t policydb;
+int ss_initialized = 0;
+
+/*
+ * The largest sequence number that has been used when
+ * providing an access decision to the access vector cache.
+ * The sequence number only changes when a policy change
+ * occurs.
+ */
+static __u32 latest_granting = 0;
+
+
+/*
+ * Return the boolean value of a constraint expression 
+ * when it is applied to the specified source and target 
+ * security contexts.
+ */
+static int constraint_expr_eval(context_struct_t * scontext,
+				context_struct_t * tcontext,
+				constraint_expr_t * expr)
+{
+	__u32 val1, val2;
+	context_struct_t *c;
+	role_datum_t *r1, *r2;
+
+	switch (expr->expr_type) {
+	case CEXPR_NOT:
+		return !constraint_expr_eval(scontext, tcontext, expr->left);
+	case CEXPR_AND:
+		return constraint_expr_eval(scontext, tcontext, expr->left) &&
+		    constraint_expr_eval(scontext, tcontext, expr->right);
+	case CEXPR_OR:
+		return constraint_expr_eval(scontext, tcontext, expr->left) ||
+		    constraint_expr_eval(scontext, tcontext, expr->right);
+	case CEXPR_ATTR:
+		if (expr->attr & CEXPR_USER) {
+			val1 = scontext->user;
+			val2 = tcontext->user;
+		} else if (expr->attr & CEXPR_ROLE) {
+			val1 = scontext->role;
+			val2 = tcontext->role;
+			r1 = policydb.role_val_to_struct[val1 - 1];
+			r2 = policydb.role_val_to_struct[val2 - 1];
+			switch (expr->op) {
+			case CEXPR_DOM:
+				return ebitmap_get_bit(&r1->dominates,
+						       val2 - 1);
+			case CEXPR_DOMBY:
+				return ebitmap_get_bit(&r2->dominates,
+						       val1 - 1);
+			case CEXPR_INCOMP:
+				return ( !ebitmap_get_bit(&r1->dominates,
+							  val2 - 1) &&
+					 !ebitmap_get_bit(&r2->dominates,
+							  val1 - 1) );
+			}
+		} else if (expr->attr & CEXPR_TYPE) {
+			val1 = scontext->type;
+			val2 = tcontext->type;
+		} else
+			return 0;
+		
+		switch (expr->op) {
+		case CEXPR_EQ:
+			return (val1 == val2);
+		case CEXPR_NEQ:
+			return (val1 != val2);
+		default:
+			return 0;
+		}
+		return 0;
+	case CEXPR_NAMES:
+		c = scontext;
+		if (expr->attr & CEXPR_TARGET) 
+			c = tcontext;
+		if (expr->attr & CEXPR_USER) 
+			val1 = c->user;
+		else if (expr->attr & CEXPR_ROLE)
+			val1 = c->role;
+		else if (expr->attr & CEXPR_TYPE)
+			val1 = c->type;
+		else 
+			return 0;
+		
+		return ebitmap_get_bit(&expr->names, val1 - 1);
+	default:
+		return 0;
+	}
+
+	return 0;
+}
+
+
+/*
+ * Compute access vectors based on a context structure pair for
+ * the permissions in a particular class.
+ */
+static int context_struct_compute_av(context_struct_t *scontext,
+				     context_struct_t *tcontext,
+				     security_class_t tclass,
+				     access_vector_t requested,
+				     access_vector_t * allowed,
+				     access_vector_t * decided,
+				     access_vector_t * auditallow,
+				     access_vector_t * auditdeny,
+				     __u32 *seqno)
+{
+	constraint_node_t *constraint;
+	struct role_allow *ra;
+	avtab_key_t avkey;
+	avtab_datum_t *avdatum;
+	class_datum_t *tclass_datum;
+
+	*seqno = latest_granting;
+	*decided = 0xffffffff;
+
+	if (!tclass || tclass > policydb.p_classes.nprim) {
+		printf("security_compute_av:  unrecognized class %d\n",
+		       tclass);
+		return -EINVAL;
+	}
+	tclass_datum = policydb.class_val_to_struct[tclass - 1];
+
+	/* 
+	 * Initialize the access vectors to the default values.
+	 */
+	*allowed = 0;
+	*auditallow = 0;
+	*auditdeny = ~0;
+
+	/*
+	 * If a specific type enforcement rule was defined for
+	 * this permission check, then use it.
+	 */
+	avkey.source_type = scontext->type;
+	avkey.target_type = tcontext->type;
+	avkey.target_class = tclass;
+	avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_AV);
+	if (avdatum) {
+		if (avdatum->specified & AVTAB_ALLOWED)
+			*allowed = avtab_allowed(avdatum);
+		if (avdatum->specified & AVTAB_AUDITDENY)
+			*auditdeny = avtab_auditdeny(avdatum);
+		if (avdatum->specified & AVTAB_AUDITALLOW)
+			*auditallow = avtab_auditallow(avdatum);
+	}
+
+	/*
+	 * Remove any permissions prohibited by the MLS policy.
+	 */
+	mls_compute_av(scontext, tcontext, tclass_datum, allowed);
+
+	/* 
+	 * Remove any permissions prohibited by a constraint.
+	 */
+	constraint = tclass_datum->constraints;
+	while (constraint) {
+		if ((constraint->permissions & (*allowed)) &&
+		    !constraint_expr_eval(scontext, tcontext,
+					  constraint->expr)) {
+			*allowed = (*allowed) & ~(constraint->permissions);
+		}
+		constraint = constraint->next;
+	}
+
+	/* 
+	 * If checking process transition permission and the
+	 * role is changing, then check the (current_role, new_role) 
+	 * pair.
+	 */
+	if (tclass == SECCLASS_PROCESS &&
+	    *allowed && PROCESS__TRANSITION &&
+	    scontext->role != tcontext->role) {
+		for (ra = policydb.role_allow; ra; ra = ra->next) {
+			if (scontext->role == ra->role &&
+			    tcontext->role == ra->new_role) 
+				break;
+		}		
+		if (!ra)
+			*allowed = (*allowed) & ~(PROCESS__TRANSITION);
+	}	
+
+	return 0;
+}
+
+
+int security_compute_av(security_id_t ssid,
+			security_id_t tsid,
+			security_class_t tclass,
+			access_vector_t requested,
+			access_vector_t * allowed,
+			access_vector_t * decided,
+			access_vector_t * auditallow,
+			access_vector_t * auditdeny,
+			__u32 *seqno)
+{
+	context_struct_t *scontext = 0, *tcontext = 0;
+	int rc = 0;
+
+	if (!ss_initialized) {
+		*allowed = requested;
+		*decided = requested;
+		*auditallow = 0;
+		*auditdeny = 0xffffffff;
+		return 0;
+	}
+
+	if (POLICY_RDLOCK)
+		return -EAGAIN;
+
+	scontext = sidtab_search(&sidtab, ssid);
+	if (!scontext) {
+		printf("security_compute_av:  unrecognized SID %d\n", ssid);
+		rc = -EINVAL;
+		goto out;
+	}
+	tcontext = sidtab_search(&sidtab, tsid);
+	if (!tcontext) {
+		printf("security_compute_av:  unrecognized SID %d\n", tsid);
+		rc = -EINVAL;
+		goto out;
+	}
+
+	rc = context_struct_compute_av(scontext, tcontext, tclass,
+				       requested, allowed, decided,
+				       auditallow, auditdeny,
+				       seqno);
+out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+
+/*
+ * Write the security context string representation of 
+ * the context structure `context' into a dynamically
+ * allocated string of the correct size.  Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int context_struct_to_string(context_struct_t * context,
+			     security_context_t * scontext,
+			     __u32 *scontext_len)
+{
+	char *scontextp;
+
+	*scontext = 0;
+	*scontext_len = 0;
+
+	/* Compute the size of the context. */
+	*scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
+	*scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
+	*scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
+	*scontext_len += mls_compute_context_len(context);
+
+	/* Allocate space for the context; caller must free this space. */
+	scontextp = (char *) malloc(*scontext_len+1);
+	if (!scontextp) {
+		return -ENOMEM;
+	}
+	*scontext = (security_context_t) scontextp;
+
+	/*
+	 * Copy the user name, role name and type name into the context.
+	 */
+	sprintf(scontextp, "%s:%s:%s:",
+		policydb.p_user_val_to_name[context->user - 1],
+		policydb.p_role_val_to_name[context->role - 1],
+		policydb.p_type_val_to_name[context->type - 1]);
+	scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + 1 + strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
+
+	mls_sid_to_context(context, &scontextp);
+
+	scontextp--;
+	*scontextp = 0;
+
+	return 0;
+}
+
+
+#include <linux/flask/initial_sid_to_string.h>
+
+/*
+ * Write the security context string representation of 
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size.  Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int security_sid_to_context(security_id_t sid,
+			    security_context_t * scontext,
+			    __u32 *scontext_len)
+{
+	context_struct_t *context;
+	int rc = 0;
+
+	if (!ss_initialized) {
+		if (sid <= SECINITSID_NUM) {
+			char *scontextp;
+
+			*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
+			scontextp = malloc(*scontext_len);
+			strcpy(scontextp, initial_sid_to_string[sid]);
+			*scontext = (security_context_t) scontextp;
+			return 0;
+		}
+		printf("security_sid_to_context:  called before initial load_policy on unknown SID %d\n", sid);
+		return -EINVAL;
+	}
+	if (POLICY_RDLOCK)
+		return -EAGAIN;
+	context = sidtab_search(&sidtab, sid);
+	if (!context) {
+		printf("security_sid_to_context:  unrecognized SID %d\n", sid);
+		rc = -EINVAL;
+		goto out;
+	}
+	rc = context_struct_to_string(context, scontext, scontext_len);
+out:
+	POLICY_RDUNLOCK;
+	return rc;
+	
+}
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+int security_context_to_sid(security_context_t scontext,
+			    __u32 scontext_len,
+			    security_id_t * sid)
+{
+	security_context_t scontext2;
+	context_struct_t context;
+	role_datum_t *role;
+	type_datum_t *typdatum;
+	user_datum_t *usrdatum;
+	char *scontextp, *p, oldc;
+	int rc = 0;
+
+	if (!ss_initialized) {
+		int i;
+
+		for (i = 1; i < SECINITSID_NUM; i++) {
+			if (!strcmp(initial_sid_to_string[i], scontext)) {
+				*sid = i;
+				return 0;
+			}
+		}
+		printf("security_context_to_sid: called before initial load_policy on unknown context %s\n", scontext);
+		return -EINVAL;
+	}
+	*sid = SECSID_NULL;
+
+	/* copy the string so that we can modify the copy as we parse it */
+	scontext2 = malloc(scontext_len);
+	if (!scontext2) {
+		return -ENOMEM;
+	}
+	memcpy(scontext2, scontext, scontext_len);
+
+	context_init(&context);
+	*sid = SECSID_NULL;
+
+	if (POLICY_RDLOCK) {
+		free(scontext2);
+		return -EAGAIN;
+	}
+
+	/* Parse the security context. */
+
+	rc = -EINVAL;
+	scontextp = (char *) scontext2;
+	if (scontextp[scontext_len - 1])
+		/* Security context is not null-terminated. */
+		goto out;
+
+	/* Extract the user. */
+	p = scontextp;
+	while (*p && *p != ':')
+		p++;
+
+	if (*p == 0)
+		goto out;
+
+	*p++ = 0;
+
+	usrdatum = (user_datum_t *) hashtab_search(policydb.p_users.table,
+					      (hashtab_key_t) scontextp);
+	if (!usrdatum)
+		goto out;
+
+	context.user = usrdatum->value;
+
+	/* Extract role. */
+	scontextp = p;
+	while (*p && *p != ':')
+		p++;
+
+	if (*p == 0)
+		goto out;
+
+	*p++ = 0;
+
+	role = (role_datum_t *) hashtab_search(policydb.p_roles.table,
+					       (hashtab_key_t) scontextp);
+	if (!role)
+		goto out;
+	context.role = role->value;
+
+	/* Extract type. */
+	scontextp = p;
+	while (*p && *p != ':')
+		p++;
+	oldc = *p;
+	*p++ = 0;
+
+	typdatum = (type_datum_t *) hashtab_search(policydb.p_types.table,
+					      (hashtab_key_t) scontextp);
+
+	if (!typdatum)
+		goto out;
+
+	context.type = typdatum->value;
+
+	rc = mls_context_to_sid(oldc, &p, &context);
+	if (rc)
+		goto out;
+
+	/* Check the validity of the new context. */
+	if (!policydb_context_isvalid(&policydb, &context)) {
+		rc = -EINVAL;
+		goto out;
+	}
+	/* Obtain the new sid. */
+	rc = sidtab_context_to_sid(&sidtab, &context, sid);
+out:
+	POLICY_RDUNLOCK;
+	context_destroy(&context);
+	free(scontext2);
+	return rc;
+}
+
+static int security_compute_sid(security_id_t ssid,
+				security_id_t tsid,
+				security_class_t tclass,
+				__u32 specified,
+				security_id_t * out_sid)
+{
+	context_struct_t *scontext = 0, *tcontext = 0, newcontext;
+	struct role_trans *roletr = 0;
+	avtab_key_t avkey;
+	avtab_datum_t *avdatum;
+	unsigned int type_change = 0;
+	int rc = 0;
+
+	if (!ss_initialized) {
+		switch (tclass) {
+		case SECCLASS_PROCESS:
+			*out_sid = ssid;
+			break;
+		default:
+			*out_sid = tsid;
+			break;
+		}
+		return 0;
+	}
+	
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	scontext = sidtab_search(&sidtab, ssid);
+	if (!scontext) {
+		printf("security_compute_sid:  unrecognized SID %d\n", ssid);
+		rc = -EINVAL;
+		goto out;
+	}
+	tcontext = sidtab_search(&sidtab, tsid);
+	if (!tcontext) {
+		printf("security_compute_sid:  unrecognized SID %d\n", tsid);
+		rc = -EINVAL;
+		goto out;
+	}
+
+	context_init(&newcontext);
+
+	/* Set the user identity. */
+	switch (specified) {
+	case AVTAB_TRANSITION:
+	case AVTAB_CHANGE:
+		/* Use the process user identity. */
+		newcontext.user = scontext->user;
+		break;
+	case AVTAB_MEMBER:
+		/* Use the related object owner. */
+		newcontext.user = tcontext->user;
+		break;
+	}
+
+	/* Set the role and type to default values. */
+	switch (tclass) {
+	case SECCLASS_PROCESS:
+		/* Use the current role and type of process. */
+		newcontext.role = scontext->role;
+		newcontext.type = scontext->type;
+		break;
+	default:
+		/* Use the well-defined object role. */
+		newcontext.role = OBJECT_R_VAL;
+		/* Use the type of the related object. */
+		newcontext.type = tcontext->type;
+	}
+
+	/* Look for a type transition/member/change rule. */
+	avkey.source_type = scontext->type;
+	avkey.target_type = tcontext->type;
+	avkey.target_class = tclass;
+	avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_TYPE);
+	type_change = (avdatum && (avdatum->specified & specified));
+	if (type_change) {
+		/* Use the type from the type transition/member/change rule. */
+		switch (specified) {
+		case AVTAB_TRANSITION:
+			newcontext.type = avtab_transition(avdatum);
+			break;
+		case AVTAB_MEMBER:
+			newcontext.type = avtab_member(avdatum);
+			break;
+		case AVTAB_CHANGE:
+			newcontext.type = avtab_change(avdatum);
+			break;
+		}
+	}
+
+	/* Check for class-specific changes. */
+	switch (tclass) {
+	case SECCLASS_PROCESS:
+		if (specified & AVTAB_TRANSITION) {
+			/* Look for a role transition rule. */
+			for (roletr = policydb.role_tr; roletr; 
+			     roletr = roletr->next) {
+				if (roletr->role == scontext->role &&
+				    roletr->type == tcontext->type) {
+					/* Use the role transition rule. */
+					newcontext.role = roletr->new_role;
+					break;
+				}
+			}
+		}
+
+		if (!type_change && !roletr) {
+			/* No change in process role or type. */
+			*out_sid = ssid;
+			goto out;
+
+		}
+		break;
+	default:
+		if (!type_change &&
+		    (newcontext.user == tcontext->user) &&
+		    mls_context_cmp(scontext, tcontext)) {
+                        /* No change in object type, owner, 
+			   or MLS attributes. */
+			*out_sid = tsid;
+			goto out;
+		}
+		break;
+	}
+
+	/* Set the MLS attributes.
+	   This is done last because it may allocate memory. */
+	rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);
+	if (rc) 
+		goto out;
+
+	/* Check the validity of the context. */
+	if (!policydb_context_isvalid(&policydb, &newcontext)) {
+		rc = compute_sid_handle_invalid_context(scontext, 
+							tcontext, 
+							tclass, 
+							&newcontext);
+		if (rc)
+			goto out;
+	}
+	/* Obtain the sid for the context. */
+	rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
+out:
+	POLICY_RDUNLOCK;
+	context_destroy(&newcontext);
+	return rc;
+}
+
+/*
+ * Compute a SID to use for labeling a new object in the 
+ * class `tclass' based on a SID pair.  
+ */
+int security_transition_sid(security_id_t ssid,
+			    security_id_t tsid,
+			    security_class_t tclass,
+			    security_id_t * out_sid)
+{
+	return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
+}
+
+
+/*
+ * Compute a SID to use when selecting a member of a 
+ * polyinstantiated object of class `tclass' based on 
+ * a SID pair.
+ */
+int security_member_sid(security_id_t ssid,
+			security_id_t tsid,
+			security_class_t tclass,
+			security_id_t * out_sid)
+{
+	return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
+}
+
+
+/*
+ * Compute a SID to use for relabeling an object in the 
+ * class `tclass' based on a SID pair.  
+ */
+int security_change_sid(security_id_t ssid,
+			security_id_t tsid,
+			security_class_t tclass,
+			security_id_t * out_sid)
+{
+	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
+}
+
+
+/*
+ * Verify that each permission that is defined under the
+ * existing policy is still defined with the same value
+ * in the new policy.
+ */
+static int validate_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	hashtab_t h;
+	perm_datum_t *perdatum, *perdatum2;
+
+
+	h = (hashtab_t) p;
+	perdatum = (perm_datum_t *) datum;
+
+	perdatum2 = (perm_datum_t *) hashtab_search(h, key);
+	if (!perdatum2) {
+		printf("security:  permission %s disappeared", key);
+		return -1;
+	}
+	if (perdatum->value != perdatum2->value) {
+		printf("security:  the value of permission %s changed", key);
+		return -1;
+	}
+	return 0;
+}
+
+
+/*
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same 
+ * attributes in the new policy.
+ */
+static int validate_class(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+	policydb_t *newp;
+	class_datum_t *cladatum, *cladatum2;
+
+	newp = (policydb_t *) p;
+	cladatum = (class_datum_t *) datum;
+
+	cladatum2 = (class_datum_t *) hashtab_search(newp->p_classes.table, key);
+	if (!cladatum2) {
+		printf("security:  class %s disappeared\n", key);
+		return -1;
+	}
+	if (cladatum->value != cladatum2->value) {
+		printf("security:  the value of class %s changed\n", key);
+		return -1;
+	}
+	if ((cladatum->comdatum && !cladatum2->comdatum) ||
+	    (!cladatum->comdatum && cladatum2->comdatum)) {
+		printf("security:  the inherits clause for the access vector definition for class %s changed\n", key);
+		return -1;
+	}
+	if (cladatum->comdatum) {
+		if (hashtab_map(cladatum->comdatum->permissions.table, validate_perm,
+				cladatum2->comdatum->permissions.table)) {
+			printf(" in the access vector definition for class %s\n", key);
+			return -1;
+		}
+	}
+	if (hashtab_map(cladatum->permissions.table, validate_perm,
+			cladatum2->permissions.table)) {
+		printf(" in access vector definition for class %s\n", key);
+		return -1;
+	}
+	return 0;
+}
+
+/* Clone the SID into the new SID table. */
+static int clone_sid(security_id_t sid,
+		     context_struct_t *context,
+		     void *arg)
+{
+	sidtab_t *s = arg;
+
+	return sidtab_insert(s, sid, context);
+}
+
+typedef struct {
+	policydb_t *oldp;
+	policydb_t *newp;
+} convert_context_args_t;
+
+/*
+ * Convert the values in the security context
+ * structure `c' from the values specified
+ * in the policy `p->oldp' to the values specified
+ * in the policy `p->newp'.  Verify that the
+ * context is valid under the new policy.
+ */
+static int convert_context(security_id_t key,
+			   context_struct_t * c,
+			   void *p)
+{
+	convert_context_args_t *args;
+	context_struct_t oldc;
+	role_datum_t *role;
+	type_datum_t *typdatum;
+	user_datum_t *usrdatum;
+	security_context_t s;
+	__u32 len;
+	int rc = -EINVAL;
+       
+	args = (convert_context_args_t *) p;
+
+	if (context_cpy(&oldc, c))
+		return -ENOMEM;
+
+	/* Convert the user. */
+	usrdatum = (user_datum_t *) hashtab_search(args->newp->p_users.table,
+			    args->oldp->p_user_val_to_name[c->user - 1]);
+
+	if (!usrdatum) {
+		goto bad;
+	}
+	c->user = usrdatum->value;
+
+	/* Convert the role. */
+	role = (role_datum_t *) hashtab_search(args->newp->p_roles.table,
+			    args->oldp->p_role_val_to_name[c->role - 1]);
+	if (!role) {
+		goto bad;
+	}
+	c->role = role->value;
+
+	/* Convert the type. */
+	typdatum = (type_datum_t *)
+	    hashtab_search(args->newp->p_types.table,
+			   args->oldp->p_type_val_to_name[c->type - 1]);
+	if (!typdatum) {
+		goto bad;
+	}
+	c->type = typdatum->value;
+
+	rc = mls_convert_context(args->oldp, args->newp, c);
+	if (rc)
+		goto bad;
+
+	/* Check the validity of the new context. */
+	if (!policydb_context_isvalid(args->newp, c)) {
+		rc = convert_context_handle_invalid_context(&oldc);
+		if (rc)
+			goto bad;
+	}
+
+	context_destroy(&oldc);
+	return 0;
+
+      bad:
+	context_struct_to_string(&oldc, &s, &len);
+	context_destroy(&oldc);
+	printf("security:  invalidating context %s\n", s);
+	free(s);
+	return rc;
+}
+
+
+/*
+ * Read a new set of configuration data from 
+ * a policy database binary representation file.
+ *
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same 
+ * attributes in the new policy.  
+ *
+ * Convert the context structures in the SID table to the
+ * new representation and verify that all entries
+ * in the SID table are valid under the new policy. 
+ *
+ * Change the active policy database to use the new 
+ * configuration data.  
+ *
+ * Reset the access vector cache.
+ */
+int security_load_policy(FILE * fp)
+{
+	policydb_t oldpolicydb, newpolicydb;
+	sidtab_t oldsidtab, newsidtab;
+	convert_context_args_t args;
+	__u32 seqno;
+	int rc = 0;
+
+	if (!ss_initialized) {
+		if (policydb_read(&policydb, fp)) {
+			return -EINVAL;
+		}
+		if (policydb_load_isids(&policydb, &sidtab)) {
+			policydb_destroy(&policydb);
+			return -EINVAL;
+		}
+		ss_initialized = 1;
+		return 0;
+	}
+
+#if 0
+	sidtab_hash_eval(&sidtab, "sids");
+#endif 
+
+	if (policydb_read(&newpolicydb, fp)) {
+		return -EINVAL;
+	}
+
+	sidtab_init(&newsidtab);
+
+	LOAD_LOCK;
+
+	/* Verify that the existing classes did not change. */
+	if (hashtab_map(policydb.p_classes.table, validate_class, &newpolicydb)) {
+		printf("security:  the definition of an existing class changed\n");
+		rc = -EINVAL;
+		goto err;
+	}
+
+	/* Clone the SID table. */
+	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
+		rc = -ENOMEM;
+		goto err;
+	}
+
+	/* Convert the internal representations of contexts 
+	   in the new SID table and remove invalid SIDs. */
+	args.oldp = &policydb;
+	args.newp = &newpolicydb;
+	sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
+
+	/* Save the old policydb and SID table to free later. */
+	memcpy(&oldpolicydb, &policydb, sizeof policydb);
+	sidtab_set(&oldsidtab, &sidtab);
+
+	/* Install the new policydb and SID table. */
+	POLICY_WRLOCK;
+	INTERRUPTS_OFF;
+	memcpy(&policydb, &newpolicydb, sizeof policydb);
+	sidtab_set(&sidtab, &newsidtab);
+	seqno = ++latest_granting;
+	INTERRUPTS_ON;
+	POLICY_WRUNLOCK;
+	LOAD_UNLOCK;
+
+	/* Free the old policydb and SID table. */
+	policydb_destroy(&oldpolicydb);
+	sidtab_destroy(&oldsidtab);
+
+	avc_ss_reset(seqno);
+
+	return 0;
+
+err:
+	LOAD_UNLOCK;
+	sidtab_destroy(&newsidtab);
+	policydb_destroy(&newpolicydb);
+	return rc;
+
+}
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'.  The `fs_sid' SID is returned for 
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+int security_fs_sid(char *name,
+		    security_id_t * fs_sid,
+		    security_id_t * file_sid)
+{
+	int rc = 0;
+	ocontext_t *c;
+
+	if (POLICY_RDLOCK)
+		return -EAGAIN;
+
+	c = policydb.ocontexts[OCON_FS];
+	while (c) {
+		if (strcmp(c->u.name, name) == 0)
+			break;
+		c = c->next;
+	}
+
+	if (c) {
+		if (!c->sid[0] || !c->sid[1]) {
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[0],
+						   &c->sid[0]);
+			if (rc)
+				goto out;
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[1],
+						   &c->sid[1]);
+			if (rc)
+				goto out;
+		}
+		*fs_sid = c->sid[0];
+		*file_sid = c->sid[1];
+	} else {
+		*fs_sid = SECINITSID_FS;
+		*file_sid = SECINITSID_FILE;
+	}
+
+      out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+int security_port_sid(__u16 domain,
+		      __u16 type,
+		      __u8 protocol,
+		      __u16 port,
+		      security_id_t * out_sid)
+{
+	ocontext_t *c;
+	int rc = 0;
+
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	c = policydb.ocontexts[OCON_PORT];
+	while (c) {
+		if (c->u.port.protocol == protocol &&
+		    c->u.port.low_port <= port &&
+		    c->u.port.high_port >= port)
+			break;
+		c = c->next;
+	}
+
+	if (c) {
+		if (!c->sid[0]) {
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[0],
+						   &c->sid[0]);
+			if (rc)
+				goto out;
+		}
+		*out_sid = c->sid[0];
+	} else {
+		*out_sid = SECINITSID_PORT;
+	}
+
+      out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'.  The `if_sid' SID is returned for 
+ * the interface and the `msg_sid' SID is returned as 
+ * the default SID for messages received on the
+ * interface.
+ */
+int security_netif_sid(char *name,
+		       security_id_t * if_sid,
+		       security_id_t * msg_sid)
+{
+	int rc = 0;
+	ocontext_t *c;
+
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	c = policydb.ocontexts[OCON_NETIF];
+	while (c) {
+		if (strcmp(name, c->u.name) == 0)
+			break;
+		c = c->next;
+	}
+
+	if (c) {
+		if (!c->sid[0] || !c->sid[1]) {
+			rc = sidtab_context_to_sid(&sidtab,
+						  &c->context[0],
+						  &c->sid[0]);
+			if (rc)
+				goto out;
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[1],
+						   &c->sid[1]);
+			if (rc)
+				goto out;
+		}
+		*if_sid = c->sid[0];
+		*msg_sid = c->sid[1];
+	} else {
+		*if_sid = SECINITSID_NETIF;
+		*msg_sid = SECINITSID_NETMSG;
+	}
+
+      out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+
+/*
+ * Return the SID of the node specified by the address
+ * `addrp' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_node_sid(__u16 domain,
+		      void *addrp,
+		      __u32 addrlen,
+		      security_id_t *out_sid)
+{
+	int rc = 0;
+	__u32 addr;
+	ocontext_t *c;
+
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	if (domain != AF_INET || addrlen != sizeof(__u32)) {
+		*out_sid = SECINITSID_NODE;
+		goto out;
+	}
+	addr = *((__u32 *)addrp);
+
+	c = policydb.ocontexts[OCON_NODE];
+	while (c) {
+		if (c->u.node.addr == (addr & c->u.node.mask))
+			break;
+		c = c->next;
+	}
+
+	if (c) {
+		if (!c->sid[0]) {
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[0],
+						   &c->sid[0]);
+			if (rc)
+				goto out;
+		}
+		*out_sid = c->sid[0];
+	} else {
+		*out_sid = SECINITSID_NODE;
+	}
+
+      out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+
+/*
+ * Return the SIDs to use for a NFS file system mounted
+ * from the address `addrp' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int security_nfs_sid(__u16 domain,
+		      void *addrp,
+		      __u32 addrlen,
+		      security_id_t *fs_sid,
+		      security_id_t *file_sid)
+{
+	int rc = 0;
+	__u32 addr;
+	ocontext_t *c;
+
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	if (domain != AF_INET || addrlen != sizeof(__u32)) {
+		*fs_sid = SECINITSID_NFS;
+		*file_sid = SECINITSID_NFS;
+		goto out;
+	}
+	addr = *((__u32 *)addrp);
+
+	c = policydb.ocontexts[OCON_NFS];
+	while (c) {
+		if (c->u.node.addr == (addr & c->u.node.mask))
+			break;
+		c = c->next;
+	}
+
+	if (c) {
+		if (!c->sid[0] || !c->sid[1]) {
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[0],
+						   &c->sid[0]);
+			if (rc)
+				goto out;
+			rc = sidtab_context_to_sid(&sidtab,
+						   &c->context[1],
+						   &c->sid[1]);
+			if (rc)
+				goto out;
+		}
+		*fs_sid = c->sid[0];
+		*file_sid = c->sid[1];
+	} else {
+		*fs_sid = SECINITSID_NFS;
+		*file_sid = SECINITSID_NFS;
+	}
+
+      out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Set `*sids' to point to a dynamically allocated 
+ * array containing the set of SIDs.  Set `*nel' to the
+ * number of elements in the array.
+ */
+#define SIDS_NEL 25
+
+int security_get_user_sids(security_id_t fromsid,
+	                   char *username,
+			   security_id_t **sids,
+			   __u32 *nel)
+{
+	context_struct_t *fromcon, usercon;
+	security_id_t *mysids, *mysids2, sid;
+	__u32 mynel = 0, maxnel = SIDS_NEL;
+	user_datum_t *user;
+	role_datum_t *role;
+	access_vector_t allowed, decided;
+	access_vector_t auditallow, auditdeny;
+	__u32 seqno;
+	int rc = 0, i, j;
+
+	if (POLICY_RDLOCK) 
+		return -EAGAIN;
+
+	fromcon = sidtab_search(&sidtab, fromsid);
+	if (!fromcon) {
+		rc = -EINVAL;
+		goto out;
+	}
+
+	user = (user_datum_t *) hashtab_search(policydb.p_users.table,
+					       username);
+	if (!user) {
+		rc = -EINVAL;
+		goto out;
+	}
+	usercon.user = user->value;
+
+	mysids = malloc(maxnel*sizeof(security_id_t));
+	if (!mysids) {
+		rc = -ENOMEM;
+		goto out;
+	}
+	memset(mysids, 0, maxnel*sizeof(security_id_t));
+
+	for (i = ebitmap_startbit(&user->roles); i < ebitmap_length(&user->roles); i++) {
+		if (!ebitmap_get_bit(&user->roles, i)) 
+			continue;		
+		role = policydb.role_val_to_struct[i];
+		usercon.role = i+1;
+		for (j = ebitmap_startbit(&role->types); j < ebitmap_length(&role->types); j++) {
+			if (!ebitmap_get_bit(&role->types, j)) 
+				continue;	
+			usercon.type = j+1;
+			if (usercon.type == fromcon->type)
+				continue;
+			mls_for_user_ranges(user,usercon) {
+				rc = context_struct_compute_av(fromcon, &usercon, 
+							       SECCLASS_PROCESS,
+							       PROCESS__TRANSITION, 
+							       &allowed, &decided,
+							       &auditallow, &auditdeny,
+							       &seqno);
+				if (rc ||  !(allowed & PROCESS__TRANSITION)) 
+					continue;
+				rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
+				if (rc) {
+					free(mysids);
+					goto out;
+				}
+				if (mynel < maxnel) {
+					mysids[mynel++] = sid;
+				} else {
+					maxnel += SIDS_NEL;
+					mysids2 = malloc(maxnel*sizeof(security_id_t));
+					if (!mysids2) {
+						rc = -ENOMEM;
+						free(mysids);
+						goto out;
+					}
+					memset(mysids2, 0, maxnel*sizeof(security_id_t));
+					memcpy(mysids2, mysids, mynel * sizeof(security_id_t));
+					free(mysids);
+					mysids = mysids2;
+					mysids[mynel++] = sid;
+				}
+			}
+			mls_end_user_ranges;
+		}
+	}
+
+	*sids = mysids;
+	*nel = mynel;
+
+out:	
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+/*
+ * Return the SID to use for a devfs entry.
+ */
+int security_devfs_sid(char *name,
+		       security_class_t sclass,
+		       security_id_t *sid)
+{
+	int len, found_len;
+	ocontext_t *c, *found_c;
+	int rc = 0;
+
+	if (POLICY_RDLOCK)
+		return -EAGAIN;
+
+	found_len = 0;
+	found_c = NULL;
+	c = policydb.ocontexts[OCON_DEVFS];
+	while (c) {
+		len = strlen(c->u.name);
+		if (len > found_len && 
+		    (!c->sclass || sclass == c->sclass) &&
+		    strncmp(c->u.name, name, len) == 0) {
+			found_len = len;
+			found_c = c;
+		}
+		c = c->next;
+	}
+
+	c = found_c;
+	if (!c) {
+		*sid = SECINITSID_DEVFS;
+		goto out;
+	}
+
+	if (!c->sid[0]) {
+		rc = sidtab_context_to_sid(&sidtab,
+					   &c->context[0],
+					   &c->sid[0]);
+		if (rc)
+			goto out;
+	}
+
+	*sid = c->sid[0];
+out:
+	POLICY_RDUNLOCK;
+	return rc;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services.h b/security/selinux/ss/services.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,36 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+#ifndef _SERVICES_H_
+#define _SERVICES_H_
+
+#include "policydb.h"
+#include "sidtab.h"
+
+/*
+ * The security server uses two global data structures
+ * when providing its services:  the SID table (sidtab)
+ * and the policy database (policydb).
+ */
+extern sidtab_t sidtab;
+extern policydb_t policydb;
+
+/*
+ * The prototypes for the security services provided to
+ * the kernel are declared in include/linux/flask/security.h.
+ * Some security services are not used by the kernel, so their 
+ * prototypes are here.
+ */
+int security_load_policy(FILE * fp);	/* IN */
+
+int security_get_user_sids(security_id_t callsid,
+	                   char *username,
+			   security_id_t **sids,
+			   __u32 *nel);
+
+#endif	/* _SERVICES_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/services_private.h b/security/selinux/ss/services_private.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/services_private.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,79 @@
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+int context_struct_to_string(context_struct_t * context,
+			     security_context_t * scontext,
+			     __u32 *scontext_len);
+
+extern int avc_debug_always_allow;
+
+static inline int compute_sid_handle_invalid_context(
+	context_struct_t *scontext,
+	context_struct_t *tcontext,
+	security_class_t tclass,
+	context_struct_t *newcontext)
+{
+	security_context_t s, t, n;
+	__u32 slen, tlen, nlen;
+
+	if (avc_debug_always_allow) {
+		context_struct_to_string(scontext, &s, &slen);
+		context_struct_to_string(tcontext, &t, &tlen);
+		context_struct_to_string(newcontext, &n, &nlen);
+		printf("security_compute_sid:  invalid context %s", n);
+		printf(" for scontext=%s", s);
+		printf(" tcontext=%s", t);
+		printf(" tclass=%s\n", policydb.p_class_val_to_name[tclass-1]);
+		free(s);
+		free(t);
+		free(n);
+		return 0;
+	} else {
+		return -EACCES;
+	}
+}
+
+static inline int convert_context_handle_invalid_context(
+	context_struct_t *context)
+{
+	security_context_t s;
+	__u32 len;
+
+	if (avc_debug_always_allow) {
+		context_struct_to_string(context, &s, &len);
+		printf("security:  context %s is invalid\n", s);
+		free(s);
+		return 0;
+	} else {
+		return -EINVAL;
+	}
+}
+
+#else
+#define compute_sid_handle_invalid_context(scontext,tcontext,tclass,newcontext) -EACCES
+#define convert_context_handle_invalid_context(context) -EINVAL
+#endif
+
+#ifdef __KERNEL__
+static DECLARE_MUTEX(policy_sem);
+#define POLICY_RDLOCK safe_down(&policy_sem)
+#define POLICY_WRLOCK safe_down(&policy_sem)
+#define POLICY_RDUNLOCK safe_up(&policy_sem)
+#define POLICY_WRUNLOCK safe_up(&policy_sem)
+#else
+#define POLICY_RDLOCK 0
+#define POLICY_WRLOCK
+#define POLICY_RDUNLOCK
+#define POLICY_WRUNLOCK
+#endif
+
+#ifdef __KERNEL__
+static DECLARE_MUTEX(load_sem);
+#define LOAD_LOCK down(&load_sem)
+#define LOAD_UNLOCK up(&load_sem)
+#define INTERRUPTS_OFF local_irq_disable()
+#define INTERRUPTS_ON local_irq_enable()
+#else
+#define LOAD_LOCK 
+#define LOAD_UNLOCK
+#define INTERRUPTS_OFF 
+#define INTERRUPTS_ON 
+#endif
diff --minimal -Nru a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/sidtab.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,330 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the SID table type.
+ */
+
+#include "sidtab.h"
+#include "services.h"
+
+#define SIDTAB_HASH(sid) \
+(sid & SIDTAB_HASH_MASK)
+
+#ifdef __KERNEL__
+#define INIT_SIDTAB_LOCK(s) init_MUTEX(&s->sem)
+#define SIDTAB_LOCK(s) safe_down(&s->sem)
+#define SIDTAB_UNLOCK(s) safe_up(&s->sem)
+#else
+#define INIT_SIDTAB_LOCK(s) 
+#define SIDTAB_LOCK(s) 0
+#define SIDTAB_UNLOCK(s)
+#endif
+
+int sidtab_init(sidtab_t *s) 
+{
+	int i;
+
+	s->htable = malloc(sizeof(sidtab_ptr_t)*SIDTAB_SIZE);
+	if (!s->htable)
+		return -ENOMEM;
+	for (i = 0; i < SIDTAB_SIZE; i++)
+		s->htable[i] = (sidtab_ptr_t) NULL;
+	s->nel = 0;
+	s->next_sid = 1;
+	INIT_SIDTAB_LOCK(s);
+	return 0;
+}
+
+int sidtab_insert(sidtab_t * s, security_id_t sid, context_struct_t * context)
+{
+	int hvalue;
+	sidtab_node_t *prev, *cur, *newnode;
+
+
+	if (!s)
+		return -ENOMEM;
+
+	hvalue = SIDTAB_HASH(sid);
+	prev = NULL;
+	cur = s->htable[hvalue];
+	while (cur != NULL && sid > cur->sid) {
+		prev = cur;
+		cur = cur->next;
+	}
+
+	if (cur && sid == cur->sid)
+		return -EEXIST;
+
+	newnode = (sidtab_node_t *) malloc(sizeof(sidtab_node_t));
+	if (newnode == NULL) 
+		return -ENOMEM;
+	newnode->sid = sid;
+	if (context_cpy(&newnode->context, context)) {
+		free(newnode);
+		return -ENOMEM;
+	}
+
+	if (prev) {
+		newnode->next = prev->next;
+		wmb();
+		prev->next = newnode;
+	} else {
+		newnode->next = s->htable[hvalue];
+		wmb();
+		s->htable[hvalue] = newnode;
+	}
+
+	s->nel++;
+	if (sid >= s->next_sid) 
+		s->next_sid = sid + 1;
+	return 0;
+}
+
+
+int sidtab_remove(sidtab_t * s, security_id_t sid)
+{
+	int hvalue;
+	sidtab_node_t *cur, *last;
+
+
+	if (!s)
+		return -ENOENT;
+
+	hvalue = SIDTAB_HASH(sid);
+	last = NULL;
+	cur = s->htable[hvalue];
+	while (cur != NULL && sid > cur->sid) {
+		last = cur;
+		cur = cur->next;
+	}
+
+	if (cur == NULL || sid != cur->sid)
+		return -ENOENT;
+
+	if (last == NULL)
+		s->htable[hvalue] = cur->next;
+	else
+		last->next = cur->next;
+
+	context_destroy(&cur->context);
+
+	free(cur);
+	s->nel--;
+	return 0;
+}
+
+
+context_struct_t *
+ sidtab_search(sidtab_t * s, security_id_t sid)
+{
+	int hvalue;
+	sidtab_node_t *cur;
+
+
+	if (!s)
+		return NULL;
+
+	hvalue = SIDTAB_HASH(sid);
+	cur = s->htable[hvalue];
+	while (cur != NULL && sid > cur->sid)
+		cur = cur->next;
+
+	if (cur == NULL || sid != cur->sid) {
+		/* Remap invalid SIDs to the unlabeled SID. */
+		sid = SECINITSID_UNLABELED;
+		hvalue = SIDTAB_HASH(sid);
+		cur = s->htable[hvalue];
+		while (cur != NULL && sid > cur->sid)
+			cur = cur->next;			
+		if (!cur || sid != cur->sid)
+			return NULL;
+	}
+
+	return &cur->context;
+}
+
+
+int sidtab_map(sidtab_t * s,
+	       int (*apply) (security_id_t sid,
+			     context_struct_t * context,
+			     void *args),
+	       void *args)
+{
+	int i, ret;
+	sidtab_node_t *cur;
+
+
+	if (!s)
+		return 0;
+
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		cur = s->htable[i];
+		while (cur != NULL) {
+			ret = apply(cur->sid, &cur->context, args);
+			if (ret)
+				return ret;
+			cur = cur->next;
+		}
+	}
+	return 0;
+}
+
+
+void sidtab_map_remove_on_error(sidtab_t * s,
+				int (*apply) (security_id_t sid,
+					      context_struct_t * context,
+					      void *args),
+				void *args)
+{
+	int i, ret;
+	sidtab_node_t *last, *cur, *temp;
+
+
+	if (!s)
+		return;
+
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		last = NULL;
+		cur = s->htable[i];
+		while (cur != NULL) {
+			ret = apply(cur->sid, &cur->context, args);
+			if (ret) {
+				if (last) {
+					last->next = cur->next;
+				} else {
+					s->htable[i] = cur->next;
+				}
+
+				temp = cur;
+				cur = cur->next;
+				context_destroy(&temp->context);
+				free(temp);
+				s->nel--;
+			} else {
+				last = cur;
+				cur = cur->next;
+			}
+		}
+	}
+
+	return;
+}
+
+static inline security_id_t sidtab_search_context(sidtab_t *s, 
+						  context_struct_t *context) 
+{
+	int i;
+	sidtab_node_t *cur;
+
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		cur = s->htable[i];
+		while (cur != NULL) {
+			if (context_cmp(&cur->context, context)) 
+				return cur->sid;
+			cur = cur->next;
+		}
+	}
+	return 0;
+}
+
+int sidtab_context_to_sid(sidtab_t * s,
+			  context_struct_t * context,
+			  security_id_t * out_sid)
+{
+	security_id_t sid;
+	int ret = 0;
+
+	*out_sid = SECSID_NULL;
+
+	sid = sidtab_search_context(s, context);
+	if (!sid) {
+		if (SIDTAB_LOCK(s))
+			return -EAGAIN;
+		/* Rescan now that we hold the semaphore. */
+		sid = sidtab_search_context(s, context);
+		if (sid) 
+			goto up_out;
+		/* No SID exists for the context.  Allocate a new one. */
+		if (s->next_sid == UINT_MAX) {
+			ret = -ENOMEM;
+			goto up_out;
+		}
+		sid = s->next_sid++;
+		ret = sidtab_insert(s, sid, context);
+		if (ret)
+			s->next_sid--;
+up_out:
+		SIDTAB_UNLOCK(s);
+	}
+
+	if (ret)
+		return ret;
+
+	*out_sid = sid;
+	return 0;
+}
+
+void sidtab_hash_eval(sidtab_t *h, char *tag)
+{
+	int i, chain_len, slots_used, max_chain_len;
+	sidtab_node_t *cur;
+
+
+	slots_used = 0;
+	max_chain_len = 0;
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		cur = h->htable[i];
+		if (cur) {
+			slots_used++;
+			chain_len = 0;
+			while (cur) {
+				chain_len++;
+				cur = cur->next;
+			}
+
+			if (chain_len > max_chain_len)
+				max_chain_len = chain_len;
+		}
+	}
+
+	printf("%s:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	       tag, h->nel, slots_used, SIDTAB_SIZE, max_chain_len);
+}
+
+void sidtab_destroy(sidtab_t * s)
+{
+	int i;
+	sidtab_ptr_t cur, temp;
+
+
+	if (!s)
+		return;
+
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		cur = s->htable[i];
+		while (cur != NULL) {
+			temp = cur;
+			cur = cur->next;
+			context_destroy(&temp->context);
+			free(temp);
+		}
+		s->htable[i] = NULL;
+	}
+	free(s->htable);
+	s->htable = NULL;
+	s->nel = 0;
+	s->next_sid = 1;
+}
+
+void sidtab_set(sidtab_t *dst, sidtab_t *src)
+{
+	dst->htable = src->htable;
+	dst->nel = src->nel;
+	dst->next_sid = src->next_sid;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/sidtab.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,70 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A security identifier table (sidtab) is a hash table
+ * of security context structures indexed by SID value.
+ */
+
+#ifndef _SIDTAB_H_
+#define _SIDTAB_H_
+
+#include "context.h"
+
+typedef struct sidtab_node {
+	security_id_t sid;		/* security identifier */
+	context_struct_t context;	/* security context structure */
+	struct sidtab_node *next;
+} sidtab_node_t;
+
+typedef struct sidtab_node *sidtab_ptr_t;
+
+#define SIDTAB_HASH_BITS 7
+#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS)
+#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1)
+
+#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
+
+typedef struct {
+	sidtab_ptr_t *htable;
+	unsigned int nel;	/* number of elements */
+	unsigned int next_sid;	/* next SID to allocate */
+#ifdef __KERNEL__
+	struct semaphore sem;
+#endif
+} sidtab_t;
+
+int sidtab_init(sidtab_t *s);
+
+int sidtab_insert(sidtab_t * s, security_id_t sid, context_struct_t * context);
+
+context_struct_t *sidtab_search(sidtab_t * s, security_id_t sid);
+
+int sidtab_map(sidtab_t * s,
+	       int (*apply) (security_id_t sid,
+			     context_struct_t * context,
+			     void *args),
+	       void *args);
+
+void sidtab_map_remove_on_error(sidtab_t * s,
+				int (*apply) (security_id_t sid,
+					      context_struct_t * context,
+					      void *args),
+				void *args);
+
+int sidtab_context_to_sid(sidtab_t * s,		/* IN */
+			  context_struct_t * context,	/* IN */
+			  security_id_t * sid);		/* OUT */
+
+void sidtab_hash_eval(sidtab_t *h, char *tag);
+
+void sidtab_destroy(sidtab_t *s);
+
+void sidtab_set(sidtab_t *dst, sidtab_t *src);
+
+#endif	/* _SIDTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/symtab.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,48 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * Implementation of the symbol table type.
+ */
+
+#include "symtab.h"
+
+static unsigned int symhash(hashtab_t h, hashtab_key_t key)
+{
+	char *p, *keyp;
+	unsigned int size;
+	unsigned int val;
+
+
+	val = 0;
+	keyp = (char *) key;
+	size = strlen(keyp);
+	for (p = keyp; (p - keyp) < size; p++)
+		val = (val << 4 | (val >> (8*sizeof(unsigned int)-4))) ^ (*p);
+	return val & (h->size - 1);
+}
+
+static int symcmp(hashtab_t h, hashtab_key_t key1, hashtab_key_t key2)
+{
+	char *keyp1, *keyp2;
+
+
+	keyp1 = (char *) key1;
+	keyp2 = (char *) key2;
+	return strcmp(keyp1, keyp2);
+}
+
+
+int symtab_init(symtab_t * s, unsigned int size)
+{
+	s->table = hashtab_create(symhash, symcmp, size);
+	if (!s->table)
+		return -1;
+	s->nprim = 0;
+	return 0;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/symtab.h	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,28 @@
+
+/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */
+
+/* FLASK */
+
+/*
+ * A symbol table (symtab) maintains associations between symbol
+ * strings and datum values.  The type of the datum values
+ * is arbitrary.  The symbol table type is implemented
+ * using the hash table type (hashtab).
+ */ 
+
+#ifndef _SYMTAB_H_
+#define _SYMTAB_H_
+
+#include "hashtab.h"
+
+typedef struct {
+	hashtab_t table;	/* hash table (keyed on a string) */
+	__u32 nprim;		/* number of primary names in table */
+} symtab_t;
+
+int symtab_init(symtab_t *, unsigned int size);
+
+#endif	/* _SYMTAB_H_ */
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/ss/syscalls.c b/security/selinux/ss/syscalls.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/ss/syscalls.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,442 @@
+
+/* FLASK */
+
+/* 
+ * Implementation of security server system calls
+ */
+
+#include <linux/config.h>
+#include <linux/flask/security.h>
+#include <linux/flask/avc.h>
+#include <linux/flask/syscalls.h>
+#include <asm/uaccess.h>	/* copy_to/from_user  */
+#include <asm/errno.h>
+#include "services.h"
+#include "sidtab.h"
+
+/* hooks.c */
+extern int task_has_security(struct task_struct *tsk,
+			     access_vector_t perms);
+
+#define CONTEXT_MAX  8192 
+#define USERNAME_MAX  255 
+
+/*
+ * Compute access vectors based on a SID pair for
+ * the permissions in a particular class.
+ */
+long sys_security_compute_av(struct security_query *query, 
+			     struct security_response *response)
+{				
+	int ret_val;
+	struct security_query q2;
+	struct security_response r2;
+
+
+	ret_val = task_has_security(current, SECURITY__COMPUTE_AV);
+	if (ret_val)
+		goto out;
+
+	if (copy_from_user(&q2, query, sizeof(q2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+	ret_val = security_compute_av(
+			       q2.ssid, q2.tsid, q2.tclass, q2.requested,
+					     &(r2.allowed), &(r2.decided),
+					     &(r2.auditallow),
+					     &(r2.auditdeny),
+					     &(r2.seqno));
+
+	if (ret_val)
+		goto out;
+
+	if (copy_to_user(response, &r2, sizeof(r2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	return ret_val;
+}
+
+
+/*
+ * Write the security context string representation of 
+ * the context associated with `sid' into the provided
+ * buffer `scontext'.  On entry, `*scontext_len' should
+ * be set to the length of the provided buffer.  On exit,
+ * `*scontext_len' is set to the length of the string.
+ * If the provided buffer is too small, `*scontext_len'
+ * is set to the correct length and -ENOSPC is returned.
+ */
+long sys_security_sid_to_context(security_id_t sid,	
+				 security_context_t scontext,	
+				 __u32 *scontext_len)
+{				
+	int ret_val;
+	security_context_t scontext2;
+	__u32 in_len, out_len;
+
+
+	ret_val = task_has_security(current, SECURITY__SID_TO_CONTEXT);
+	if (ret_val)
+		goto out2;
+
+	ret_val = security_sid_to_context(sid, &scontext2, &out_len);
+	if (ret_val)
+		goto out2;
+
+	if (copy_from_user(&in_len, scontext_len, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	if (copy_to_user(scontext_len, &out_len, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	if (in_len < out_len) {
+		ret_val = -ENOSPC;
+		goto out;
+	}
+	if (copy_to_user(scontext, scontext2, out_len)) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	kfree(scontext2);
+      out2:
+	return ret_val;
+}
+
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+long sys_security_context_to_sid(security_context_t scontext,	
+				 __u32 scontext_len,	
+				 security_id_t * out_sid)
+{				
+	int ret_val;
+	security_context_t scontext2;
+	security_id_t out_sid_2;
+
+	if (scontext_len == 0 || scontext_len > CONTEXT_MAX)
+		return -ENAMETOOLONG;
+
+	ret_val = task_has_security(current, SECURITY__CONTEXT_TO_SID);
+	if (ret_val)
+		goto out;
+
+	scontext2 = kmalloc(scontext_len, GFP_USER);
+	if (!scontext2) {
+		ret_val = -ENOMEM;
+		goto out;
+	}
+	if (copy_from_user(scontext2, scontext,(unsigned long) scontext_len)) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	ret_val = security_context_to_sid(scontext2, scontext_len, &out_sid_2);
+	kfree(scontext2);
+	if (ret_val)
+		goto out;
+	if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	return ret_val;
+}
+
+
+/*
+ * Compute a SID to use for labeling a new object in the 
+ * class `tclass' based on a SID pair.  
+ */
+long sys_security_transition_sid(security_id_t ssid,	
+					   security_id_t tsid,	
+					   security_class_t tclass, 
+					   security_id_t * out_sid )
+{
+	int ret_val;
+	security_id_t out_sid_2;
+
+
+	ret_val = task_has_security(current, SECURITY__TRANSITION_SID);
+	if (ret_val)
+		goto out;
+
+	ret_val = security_transition_sid(ssid, tsid, tclass, &out_sid_2);
+	if (ret_val)
+		goto out;
+	if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	return ret_val;
+}
+
+
+/*
+ * Compute a SID to use for relabeling an object in the 
+ * class `tclass' based on a SID pair.  
+ */
+long sys_security_change_sid(security_id_t ssid,	
+			     security_id_t tsid,	
+			     security_class_t tclass, 
+			     security_id_t * out_sid )
+{
+	int ret_val;
+	security_id_t out_sid_2;
+
+
+	ret_val = task_has_security(current, SECURITY__CHANGE_SID);
+	if (ret_val)
+		goto out;
+
+	ret_val = security_change_sid(ssid, tsid, tclass, &out_sid_2);
+	if (ret_val)
+		goto out;
+	if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	return ret_val;
+}
+
+
+/*
+ * Compute a SID to use when selecting a member of a 
+ * polyinstantiated object of class `tclass' based on 
+ * a SID pair.
+ */
+long sys_security_member_sid(security_id_t ssid,	
+			     security_id_t tsid,	
+			     security_class_t tclass,	
+			     security_id_t * out_sid)
+{				
+	int ret_val;
+	security_id_t out_sid_2;
+
+
+	ret_val = task_has_security(current, SECURITY__MEMBER_SID);
+	if (ret_val)
+		goto out;
+
+	ret_val = security_member_sid(ssid, tsid, tclass, &out_sid_2);
+	if (ret_val)
+		goto out;
+	if (copy_to_user(out_sid, &out_sid_2, sizeof(out_sid_2))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+      out:
+	return ret_val;
+}
+
+
+extern char *policyfile;
+
+/*
+ * Load a new policy configuration from a file,
+ * update the security server state, and reset
+ * the access vector cache.  If no path is specified,
+ * then the default policy configuration file is used.
+ */
+long sys_security_load_policy(char *path,
+			      __u32 pathlen)
+					
+{				
+	char *file;
+	FILE *fp;
+	int ret_val;
+
+	if (pathlen > PATH_MAX) 
+		return -ENAMETOOLONG;
+
+	if (pathlen) {
+		file = kmalloc(pathlen, GFP_USER);
+		if (!file) {
+			return -ENOMEM;
+		}
+		if (copy_from_user(file, path, (unsigned long) pathlen)) {
+			ret_val = -EFAULT;
+			goto out2;
+		}
+		if (file[pathlen - 1]) {
+			/* Path is not null-terminated. */
+			ret_val = -EINVAL;
+			goto out2;
+		}
+		if (file[0] == 0) {
+			kfree(file);
+			file = policyfile;
+		}
+	} else
+		file = policyfile;
+
+	printf("ss:  loading policy configuration from %s\n", file);
+	fp = fopen(file, "r");
+	if (!fp) {
+		printf("ss:  unable to open %s\n", file);
+		ret_val = -EINVAL;
+		goto out2;
+	}
+	ret_val = task_has_security(current, SECURITY__LOAD_POLICY);
+	if (ret_val)
+		goto out;
+	ret_val = security_load_policy(fp);
+
+      out:
+	fclose(fp);
+      out2:
+	if (file != policyfile)
+		kfree(file);
+	return ret_val;
+}
+
+
+/*
+ * Write the set of active SIDs into the provided  
+ * array `sids'. On entry, `*nel' should be set
+ * to the number of elements in the provided array.  On 
+ * exit, `*nel' is set to the number of active SIDs.
+ * If the provided array is too small, `*nel' is set
+ * to the number of active SIDs and -ENOSPC is returned.
+ */
+long sys_security_get_sids(security_id_t * sids,
+				     __u32 *nel)
+{
+	int ret_val, i, j;
+	security_id_t *sids2;
+	__u32 in_nel;
+	sidtab_node_t *cur;
+
+	ret_val = task_has_security(current, SECURITY__GET_SIDS);
+	if (ret_val)
+		goto out;
+
+	if (copy_from_user(&in_nel, nel, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	if (copy_to_user(nel, &sidtab.nel, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	if (in_nel < sidtab.nel) {
+		ret_val = -ENOSPC;
+		goto out;
+	}
+	sids2 = kmalloc(sizeof(security_id_t) * sidtab.nel, GFP_USER);
+	if (!sids2) {
+		ret_val = -ENOMEM;
+		goto out;
+	}
+	j = 0;
+	for (i = 0; i < SIDTAB_SIZE; i++) {
+		cur = sidtab.htable[i];
+		while (cur != NULL) {
+			sids2[j++] = cur->sid;
+			cur = cur->next;
+		}
+	}
+
+	if (copy_to_user(sids, sids2, sizeof(security_id_t) * sidtab.nel)) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+	kfree(sids2);
+      out:
+	return ret_val;
+}
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Write the set of SIDs into the provided array `sids'.  
+ * On entry, `*nel' should be set to the number of elements in 
+ * the provided array.  On exit, `*nel' is set to the number of SIDs.
+ * If the provided array is too small, `*nel' is set to the number 
+ * of SIDs and -ENOSPC is returned.
+ */
+long sys_security_get_user_sids(security_id_t fromsid,
+					  char *username, 
+					  __u32 namelen,
+					  security_id_t * sids,
+					  __u32 *nel)
+{
+	int ret_val = 0;
+	char *username2 = 0;
+	security_id_t *sids2 = 0;
+	__u32 in_nel, out_nel;
+
+	if (namelen == 0 || namelen > USERNAME_MAX)
+		return -ENAMETOOLONG;
+
+
+	ret_val = task_has_security(current, SECURITY__GET_USER_SIDS);
+	if (ret_val)
+		goto out;
+
+	if (copy_from_user(&in_nel, nel, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+	username2 = kmalloc(namelen, GFP_USER);
+	if (!username2) {
+		ret_val = -ENOMEM;
+		goto out;
+	}
+
+	if (copy_from_user(username2, username, (unsigned long)namelen)) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+	if (username2[namelen - 1]) {
+		ret_val = -EINVAL;
+		goto out;
+	}
+
+	ret_val = security_get_user_sids(fromsid, username2,
+					 &sids2, &out_nel);
+	if (ret_val) 
+		goto out;
+
+	if (copy_to_user(nel, &out_nel, sizeof(__u32))) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+		
+	if (in_nel < out_nel) {
+		ret_val = -ENOSPC;
+		goto out;
+	}
+
+	if (copy_to_user(sids, sids2, sizeof(security_id_t) * out_nel)) {
+		ret_val = -EFAULT;
+		goto out;
+	}
+
+out:
+	if (username2)
+		kfree(username2);
+	if (sids2)
+		kfree(sids2);
+	return ret_val;
+}
+
+/* FLASK */
+
diff --minimal -Nru a/security/selinux/syscalls.c b/security/selinux/syscalls.c
--- /dev/null	Wed Dec 31 16:00:00 1969
+++ b/security/selinux/syscalls.c	Tue Feb 12 18:59:50 2002
@@ -0,0 +1,660 @@
+/*
+ *  NSA Security-Enhanced Linux (SELinux) security module
+ *
+ *  This file contains the architecture-independent code for the
+ *  SELinux new system call implementations.
+ *
+ *  Authors:  Stephen Smalley, NAI Labs, <ssmalley@nai.com>
+ *            Chris Vance, <cvance@nai.com>
+ *
+ *  Copyright (C) 2001 Networks Associates Technology, Inc.
+ * 
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ */ 
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/security.h>
+#include <linux/capability.h>
+#include <linux/unistd.h>
+#include <linux/mm.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/spinlock.h>
+#include <linux/file.h>
+#include <asm/uaccess.h>
+#include <asm/ipc.h>			/* MSGGET, etc needed for sys_ipc() */
+#include <linux/flask/avc.h>
+#include <linux/flask/psid.h>
+#include <linux/flask/syscalls.h>
+#include "selinux_plug.h"
+
+extern void *sys_call_table[];
+
+long sys_getsecsid(void) 
+{
+	struct task_security_struct *tsec;
+
+	if (task_precondition(current) <= 0)
+		return SECINITSID_UNLABELED;
+
+	tsec = current->security;
+	return tsec->sid;
+}
+
+long sys_getosecsid(void) 
+{
+	struct task_security_struct *tsec;
+
+	if (task_precondition(current) <= 0)
+		return SECINITSID_UNLABELED;
+
+	tsec = current->security;
+	return tsec->osid;
+}
+
+long sys_lstat_stat_secure(int follow_link,
+			   const char *pathname, 
+			   struct stat *buf,
+			   security_id_t *out_sid)
+{
+	long (*stat_f)(const char * filename, struct stat * statbuf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	if (follow_link) 
+		stat_f = sys_call_table[__NR_stat];
+	else
+		stat_f = sys_call_table[__NR_lstat];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+
+	rc = stat_f(pathname, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+long sys_fstat_secure(unsigned int fd,
+		      struct stat *buf,
+		      security_id_t *out_sid)
+{
+	long (*fstat_f)(unsigned int fd, struct stat * statbuf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	fstat_f = sys_call_table[__NR_fstat];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	rc = fstat_f(fd, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+
+static int chsid_common(struct dentry * dentry, security_id_t newsid)
+{
+	struct inode *inode = dentry->d_inode;
+	struct task_security_struct *tsec;
+	struct inode_security_struct *isec;
+	struct superblock_security_struct *sbsec;
+	avc_audit_data_t ad;
+	int rc = 0;
+
+	if (!inode) {
+		printk("chsid_common: NULL inode\n");
+		return -ENOENT;
+	}
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	if (inode_precondition(inode) <= 0)
+		return -EACCES;
+
+	if (IS_RDONLY(inode))
+		return -EROFS;
+	if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+		return -EPERM;
+
+	tsec = current->security;
+	isec = inode->i_security;
+
+	AVC_AUDIT_DATA_INIT(&ad,FS);
+	ad.u.fs.dentry = dentry;
+
+	down(&isec->sem);
+
+	rc = avc_has_perm_ref_audit(tsec->sid, isec->sid, isec->sclass, 
+				    FILE__RELABELFROM,
+				    &isec->avcr, &ad);
+	if (rc)
+		goto out;
+
+	rc = avc_has_perm_audit(tsec->sid, newsid, isec->sclass,
+				FILE__RELABELTO, &ad);
+	if (rc)
+		goto out;
+
+	if (inode->i_sb) {
+		sbsec = inode->i_sb->s_security;
+		rc = avc_has_perm_audit(newsid,
+					sbsec->sid,
+					SECCLASS_FILESYSTEM,
+					FILESYSTEM__ASSOCIATE,
+					&ad);
+		if (rc)
+			goto out;
+
+		if (sbsec->uses_psids) {
+			rc = sid_to_psid(inode, newsid);
+			if (rc) 
+				goto out;
+		}
+	}
+
+	isec->sid = newsid;
+out:
+
+	up(&isec->sem);
+	return rc;
+}
+
+long sys_lchsid_chsid(int follow_link,
+		      const char *filename, 
+		      security_id_t sid)
+{
+	struct nameidata nd;
+	int error;
+
+	if (follow_link) 
+		error = user_path_walk(filename, &nd);
+	else
+		error = user_path_walk_link(filename, &nd);
+	if (!error) {
+		error = chsid_common(nd.dentry, sid);
+		path_release(&nd);
+	}
+	return error;
+}
+
+long sys_fchsid(unsigned int fd, security_id_t sid)
+{
+	struct file * file;
+	int error = -EBADF;
+
+	file = fget(fd);
+	if (file) {
+		error = chsid_common(file->f_dentry, sid);
+		fput(file);
+	}
+	return error;
+}
+
+long sys_open_secure(const char * filename, int flags, int mode,
+		     security_id_t sid)
+{
+	long (*open_f)(const char * filename, int flags, int mode);
+	struct task_security_struct *tsec;
+	int rc;
+
+	open_f = sys_call_table[__NR_open];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = open_f(filename, flags, mode);
+	tsec->in_sid[0] = 0;
+	return rc;
+}
+
+long sys_mkdir_secure(const char * pathname, int mode,
+		      security_id_t sid)
+{
+	long (*mkdir_f)(const char * pathname, int mode);
+	struct task_security_struct *tsec;
+	int rc;
+
+	mkdir_f = sys_call_table[__NR_mkdir];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = mkdir_f(pathname, mode);
+	tsec->in_sid[0] = 0;
+	return rc;
+}
+
+long sys_mknod_secure(const char * filename, int mode, dev_t dev,
+		      security_id_t sid)
+{
+	long (*mknod_f)(const char * filename, int mode, dev_t dev);
+	struct task_security_struct *tsec;
+	int rc;
+
+	mknod_f = sys_call_table[__NR_mknod];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = mknod_f(filename,mode,dev);
+	tsec->in_sid[0] = 0;
+	return rc;
+}
+
+long sys_symlink_secure(const char * oldname, const char * newname,
+			security_id_t sid)
+{
+	long (*symlink_f)(const char * oldname, const char * newname);
+	struct task_security_struct *tsec;
+	int rc;
+
+	symlink_f = sys_call_table[__NR_symlink];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = symlink_f(oldname, newname);
+	tsec->in_sid[0] = 0;
+	return rc;
+}
+
+long sys_statfs_secure(const char *pathname, 
+		       struct statfs *buf,
+		       security_id_t *out_sid)
+{
+	long (*statfs_f)(const char * path, struct statfs * buf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	statfs_f = sys_call_table[__NR_statfs];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	rc = statfs_f(pathname, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+long sys_fstatfs_secure(unsigned int fd,
+			struct statfs *buf,
+			security_id_t *out_sid)
+{
+	long (*fstatfs_f)(unsigned int fd, struct statfs * buf);
+	struct task_security_struct *tsec;
+	int rc;
+
+	fstatfs_f = sys_call_table[__NR_fstatfs];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	rc = fstatfs_f(fd, buf);
+	if (rc)
+		return rc;
+
+	if (out_sid) {
+		if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+			return -EFAULT;
+	}
+	
+	return 0;
+}
+
+int vfs_chsidfs(struct super_block *sb, 
+		security_id_t fs_sid, 
+		security_id_t f_sid)
+{
+	struct task_security_struct *tsec;
+	struct superblock_security_struct *sbsec;
+	avc_audit_data_t ad;
+	int rc = 0;
+
+	if (!sb) 
+		return -ENODEV;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	if (superblock_precondition(sb) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	sbsec = sb->s_security;
+
+	AVC_AUDIT_DATA_INIT(&ad,FS);
+	ad.u.fs.dentry = sb->s_root;
+
+	down(&sbsec->sem);
+
+	rc = avc_has_perm_audit(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
+				FILESYSTEM__RELABELFROM, &ad);
+	if (rc)
+		goto out;
+
+	rc = avc_has_perm_audit(sbsec->sid, fs_sid, SECCLASS_FILESYSTEM,
+				FILESYSTEM__TRANSITION, &ad);
+	if (rc)
+		goto out;
+
+	rc = avc_has_perm_audit(tsec->sid, fs_sid, SECCLASS_FILESYSTEM,
+				FILESYSTEM__RELABELTO, &ad);
+	if (rc)
+		goto out;
+
+	rc = avc_has_perm_audit(f_sid, fs_sid, SECCLASS_FILESYSTEM,
+				FILESYSTEM__ASSOCIATE,
+				&ad);
+	if (rc)
+		goto out;
+
+	if (sbsec->uses_psids) {
+		rc = psid_chsidfs(sb, fs_sid, f_sid);
+		if (rc) 
+			goto out;
+	}
+
+	sbsec->sid = fs_sid;
+
+ out:
+	up(&sbsec->sem);
+	return rc;
+}
+
+long sys_chsidfs(const char * path, 
+		 security_id_t fs_sid,
+		 security_id_t f_sid)
+{
+	struct nameidata nd;
+	int error;
+
+	error = user_path_walk(path, &nd);
+	if (!error) {
+		error = vfs_chsidfs(nd.dentry->d_inode->i_sb, fs_sid, f_sid);
+		path_release(&nd);
+	}
+	return error;
+}
+
+long sys_fchsidfs(unsigned int fd, 
+		  security_id_t fs_sid,
+		  security_id_t f_sid)
+{
+	struct file * file;
+	int error;
+
+	error = -EBADF;
+	file = fget(fd);
+	if (!file)
+		goto out;
+	error = vfs_chsidfs(file->f_dentry->d_inode->i_sb, fs_sid, f_sid);
+	fput(file);
+out:
+	return error;
+}
+
+/*
+ * 8 new IPC syscalls.
+ */
+int sys_semsid(int semid, security_id_t *out_sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	mm_segment_t old_fs;
+	struct semid_ds buf;
+	union semun arg;
+	int err;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	tsec = current->security;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	arg.buf = &buf;
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	err = ipc_f(SEMCTL, semid, 0, IPC_STAT, &arg, 0);
+	set_fs(old_fs);
+
+	if (err)
+		return err;
+	
+        if (out_sid) {
+                if (copy_to_user(out_sid, &tsec->out_sid[0],
+                                 sizeof(security_id_t)))
+                        return -EFAULT;
+        }
+
+	return 0;
+}
+
+int sys_shmsid(int shmid, security_id_t *out_sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	mm_segment_t old_fs;
+	struct shmid_ds buf;
+	int err;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	tsec = current->security;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	err = ipc_f(SHMCTL, shmid, IPC_STAT, 0, &buf, 0);
+	set_fs(old_fs);
+
+	if (err)
+		return err;
+	
+        if (out_sid) {
+                if (copy_to_user(out_sid, &tsec->out_sid[0],
+                                 sizeof(security_id_t)))
+                        return -EFAULT;
+        }
+
+	return 0;
+}
+
+int sys_msgsid(int msqid, security_id_t *out_sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	mm_segment_t old_fs;
+	struct msqid_ds buf;
+	int err;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	tsec = current->security;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	old_fs = get_fs();
+	set_fs(KERNEL_DS);
+	err = ipc_f(MSGCTL, msqid, IPC_STAT, 0, &buf, 0);
+	set_fs(old_fs);
+
+	if (err)
+		return err;
+	
+        if (out_sid) {
+                if (copy_to_user(out_sid, &tsec->out_sid[0],
+                                 sizeof(security_id_t)))
+                        return -EFAULT;
+        }
+
+	return 0;
+}
+
+int sys_msgget_secure(key_t key, int msgflag, security_id_t sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	int rc;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = ipc_f(MSGGET, key, msgflag, 0, 0, 0);
+	tsec->in_sid[0] = 0;
+
+	return rc;
+}
+
+int sys_semget_secure(key_t key, int nsems, int semflag, security_id_t sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	int rc;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = ipc_f(SEMGET, key, nsems, semflag, 0, 0);
+	tsec->in_sid[0] = 0;
+
+	return rc;
+}
+
+
+int sys_shmget_secure (key_t key, int size, int flag, security_id_t sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	int rc;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = ipc_f(SHMGET, key, size, flag, 0, 0);
+	tsec->in_sid[0] = 0;
+
+	return rc;
+}
+
+
+int sys_msgsnd_secure(int msqid, void *msgp, size_t msgsz, int msgflg,
+		      security_id_t sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	int rc;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+
+	tsec = current->security;
+	tsec->in_sid[0] = sid;
+	rc = ipc_f(MSGSND, msqid, msgsz, msgflg, msgp, 0);
+	tsec->in_sid[0] = 0;
+
+	return rc;
+}
+
+
+int sys_msgrcv_secure(int msqid, void *msgp, size_t msgsz, long msgtyp,
+		      int msgflg, security_id_t *out_sid)
+{
+	long (*ipc_f)(uint call, int first, int second, 
+		      int third, void *ptr, long fifth);
+	struct task_security_struct *tsec;
+	uint call;
+	int rc;
+
+	if (!out_sid)
+		return -EFAULT;
+
+	if (task_precondition(current) <= 0)
+		return -EACCES;
+	tsec = current->security;
+
+	ipc_f = sys_call_table[__NR_ipc];
+
+	if (copy_from_user(&tsec->in_sid[0], out_sid, sizeof(security_id_t)))
+		return -EFAULT;
+
+	/*
+	 * Don't use default version (0), since sys_ipc will then
+	 * perform a copy_from_user on an expected struct ipc_kludge
+	 * pointer parameter.  Otherwise, note that the order of the
+	 * parameters is different.  
+	 */
+	call = IPCCALL(1,MSGRCV);
+
+	rc = ipc_f(call, msqid, msgsz, msgflg, msgp, msgtyp );
+	tsec->in_sid[0] = 0;
+
+	if (copy_to_user(out_sid, &tsec->out_sid[0], sizeof(security_id_t)))
+		return -EFAULT;
+
+	return rc;
+}
+
+#include "asm/flask/syscalls.c"