Merge commit 'v2.6.29-rc1' into timers/hrtimers

Conflicts:
	kernel/time/tick-common.c

1 files changed, 19 insertions, 9 deletions

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 247cec3b5a4..2e0b83e77ff 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -15,15 +15,8 @@
 #include <linux/sched.h>
 #include "smack.h"
 
-struct smack_known smack_known_unset = {
-	.smk_next	= NULL,
-	.smk_known	= "UNSET",
-	.smk_secid	= 1,
-	.smk_cipso	= NULL,
-};
-
 struct smack_known smack_known_huh = {
-	.smk_next	= &smack_known_unset,
+	.smk_next	= NULL,
 	.smk_known	= "?",
 	.smk_secid	= 2,
 	.smk_cipso	= NULL,
@@ -57,7 +50,14 @@ struct smack_known smack_known_invalid = {
 	.smk_cipso	= NULL,
 };
 
-struct smack_known *smack_known = &smack_known_invalid;
+struct smack_known smack_known_web = {
+	.smk_next	= &smack_known_invalid,
+	.smk_known	= "@",
+	.smk_secid	= 7,
+	.smk_cipso	= NULL,
+};
+
+struct smack_known *smack_known = &smack_known_web;
 
 /*
  * The initial value needs to be bigger than any of the
@@ -99,6 +99,16 @@ int smk_access(char *subject_label, char *object_label, int request)
 	    strcmp(subject_label, smack_known_star.smk_known) == 0)
 		return -EACCES;
 	/*
+	 * An internet object can be accessed by any subject.
+	 * Tasks cannot be assigned the internet label.
+	 * An internet subject can access any object.
+	 */
+	if (object_label == smack_known_web.smk_known ||
+	    subject_label == smack_known_web.smk_known ||
+	    strcmp(object_label, smack_known_web.smk_known) == 0 ||
+	    strcmp(subject_label, smack_known_web.smk_known) == 0)
+		return 0;
+	/*
 	 * A star object can be accessed by any subject.
 	 */
 	if (object_label == smack_known_star.smk_known ||