gpl-source-mybooklive-010002-update.zipgpl-source-mybooklive-010103-update.zipgpl-source-mybooklive-010002-update.zip

8 files changed, 1696 insertions, 0 deletions

diff --git a/security/Kconfig b/security/Kconfig
index fb363cd81cf..ae6d6175f3a 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -113,6 +113,33 @@ config SECURITY_ROOTPLUG
 
 	  If you are unsure how to answer this question, answer N.
 
+config SECURITY_TRUSTEES
+	bool "Linux Trustees ACLs"
+	select SECURITYFS
+	depends on SECURITY
+	help
+	  Implements a system similar to Netware ACLs.  Trustees
+	  allows a global configuration of recursive ACLs via a
+	  centralized file.  ACLs can be added to an entire
+	  directory tree and masked out on subdirectories.
+
+	  Trustees allows complex permissions to be enforced
+	  system-wide without needing to touch every file or
+	  maintain thousands of ugly POSIX ACLs.  See
+	  http://trustees.sourceforge.net for more information on
+	  trustees and the associated user-space tools.
+
+	  If you are unsure how to answer this question, answer N.
+
+config SECURITY_TRUSTEES_DEBUG
+	bool "Enable debugging code and messages"
+	depends on SECURITY_TRUSTEES
+	help
+	  Turns on certain diagnostic messages and debugging code
+	  in trustees.
+
+	  If you are unsure how to answer this question, answer N.
+
 config INTEL_TXT
 	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
 	depends on HAVE_INTEL_TXT
diff --git a/security/Makefile b/security/Makefile
index 510bbc80b9b..bbc35aa12e9 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -5,6 +5,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 subdir-$(CONFIG_SECURITY_SMACK)		+= smack
+subdir-$(CONFIG_SECURITY_TRUSTEES)      += trustees
 subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo
 
 # always enable default capabilities
@@ -15,6 +16,7 @@ obj-$(CONFIG_MMU)			+= min_addr.o
 obj-$(CONFIG_SECURITY)			+= security.o capability.o
 obj-$(CONFIG_SECURITYFS)		+= inode.o
 # Must precede capability.o in order to stack properly.
+obj-$(CONFIG_SECURITY_TRUSTEES)         += trustees/built-in.o
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
 obj-$(CONFIG_SECURITY_SMACK)		+= smack/built-in.o
 obj-$(CONFIG_AUDIT)			+= lsm_audit.o
diff --git a/security/trustees/Makefile b/security/trustees/Makefile
new file mode 100755
index 00000000000..0613ea613c9
--- /dev/null
+++ b/security/trustees/Makefile
@@ -0,0 +1,7 @@
+ifeq ($(CONFIG_SECURITY_TRUSTEES_DEBUG),y)
+	EXTRA_CFLAGS += -DTRUSTEES_DEBUG
+endif
+
+obj-$(CONFIG_SECURITY_TRUSTEES) := trustees.o
+
+trustees-y := security.o fs.o init.o funcs.o
diff --git a/security/trustees/fs.c b/security/trustees/fs.c
new file mode 100755
index 00000000000..6463c64631a
--- /dev/null
+++ b/security/trustees/fs.c
@@ -0,0 +1,273 @@
+/*
+ * Trustees ACL Project
+ *
+ * Copyright (c) 1999-2000 Vyacheslav Zavadsky
+ * Copyright (c) 2004 Andrew Ruder (aeruder@ksu.edu)
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2.
+ *
+ * This code handles the virtual filesystem for trustees.
+ *
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/fs.h>
+#include <linux/vmalloc.h>
+#include <linux/security.h>
+#include <asm/atomic.h>
+#include <asm/uaccess.h>
+
+#include "internal.h"
+
+
+/* initialization code for the trustees filesystem */
+
+/* File operations
+ *
+ * this is all the code for handling the file operations done on the few files
+ * in the trustees filesystem
+ */
+static int trustees_open(struct inode *inode, struct file *filp);
+static ssize_t trustees_read_bogus(struct file *filp, char __user * buf,
+				   size_t count, loff_t * offset);
+static ssize_t trustees_write_bogus(struct file *filp,
+				    const char __user * buf, size_t count,
+				    loff_t * offset);
+static ssize_t trustees_read_status(struct file *filp, char __user * buf,
+				    size_t count, loff_t * offset);
+static ssize_t trustees_read_apiversion(struct file *filp, char __user * buf,
+				    size_t count, loff_t * offset);
+static ssize_t trustees_write_trustees(struct file *filp,
+				       const char __user * buf,
+				       size_t count, loff_t * offset);
+static int trustees_open_trustees(struct inode *inode, struct file *file);
+static int trustees_release_trustees(struct inode *inode, struct file *file);
+
+/* Various structs
+ */
+
+static struct file_operations trustees_ops_apiversion = {
+	.open = trustees_open,
+	.read = trustees_read_apiversion,
+	.write = trustees_write_bogus,
+};
+
+static struct file_operations trustees_ops_status = {
+	.open = trustees_open,
+	.read = trustees_read_status,
+	.write = trustees_write_bogus
+};
+
+static struct file_operations trustees_ops_trustees = {
+	.open = trustees_open_trustees,
+	.read = trustees_read_bogus,
+	.write = trustees_write_trustees,
+	.release = trustees_release_trustees
+};
+
+static struct trustees_file_info {
+	const char *name;
+	struct file_operations *fops;
+	int mode;
+	struct dentry *dentry;
+} trustees_files[] = {
+	{.name = "device",
+	 .fops = &trustees_ops_trustees,
+	 .mode = S_IWUSR,
+	 .dentry = 0
+	 },
+	{.name = "status",
+	 .fops = &trustees_ops_status,
+	 .mode = S_IRUSR,
+	 .dentry = 0
+	 },
+	{.name = "apiversion",
+	 .fops = &trustees_ops_apiversion,
+	 .mode = S_IRUSR | S_IRGRP | S_IROTH,
+	 .dentry = 0
+	 },
+	{"", NULL, 0, 0}
+};
+
+struct trustee_command_reader {
+	struct trustee_command command;
+	unsigned curarg;
+	void *arg[TRUSTEE_MAX_ARGS];
+	size_t argsize[TRUSTEE_MAX_ARGS];
+};
+
+
+static struct dentry *toplevel = NULL;
+
+int trustees_init_fs(void)
+{
+	struct trustees_file_info *iter;
+	toplevel = securityfs_create_dir("trustees", NULL);
+	if (!toplevel) trustees_deinit_fs();
+	for (iter = trustees_files; iter->fops && toplevel; iter++) {
+		iter->dentry = securityfs_create_file(
+		   iter->name, iter->mode, toplevel, NULL, iter->fops);
+		if (!iter->dentry) trustees_deinit_fs();
+	}
+	return !toplevel;
+}
+
+void trustees_deinit_fs(void)
+{
+	struct trustees_file_info *iter;
+	for (iter = trustees_files; iter->fops; iter++) {
+		securityfs_remove(iter->dentry);
+		iter->dentry = NULL;
+	}
+	securityfs_remove(toplevel);
+	toplevel = NULL;
+}
+
+/*
+ * They're opening the file...
+ */
+
+static int trustees_open(struct inode *inode, struct file *filp)
+{
+	return 0;
+}
+
+static int trustees_open_trustees(struct inode *inode, struct file *file)
+{
+	file->private_data = vmalloc(sizeof(struct trustee_command_reader));
+	if (!file->private_data)
+		return -ENOMEM;
+
+	memset(file->private_data, 0, sizeof(struct trustee_command_reader));
+
+	return 0;
+}
+
+static int trustees_release_trustees(struct inode *inode, struct file *file)
+{
+	vfree(file->private_data);
+	return 0;
+}
+
+/* Do a read on a bogus file.  Just return nothing :) */
+static ssize_t trustees_read_bogus(struct file *filp, char __user * buf,
+				   size_t count, loff_t * offset)
+{
+	return 0;
+}
+
+/* Similar way to handle writes.  Just say we wrote the data and return */
+static ssize_t trustees_write_bogus(struct file *filp,
+				    const char __user * buf, size_t count,
+				    loff_t * offset)
+{
+	return count;
+}
+
+/* Function for handling reading of the status. */
+static ssize_t trustees_read_status(struct file *filp, char __user * buf,
+				    size_t count, loff_t * offset)
+{
+	static const char msg[] = "Damnit, it works, OK?!\n";
+	unsigned long nocopy;
+
+	if (*offset >= (sizeof(msg) - 1)) {
+		return 0;
+	}
+
+	if (count > (sizeof(msg) - 1 - *offset)) {
+		count = sizeof(msg) - 1 - *offset;
+	}
+	nocopy = copy_to_user(buf, msg, count);
+	(*offset) += count;
+	(*offset) -= nocopy;
+
+	return count;
+}
+
+/* Function for handling reading of the apiversion. */
+static ssize_t trustees_read_apiversion(struct file *filp, char __user * buf,
+				    size_t count, loff_t * offset)
+{
+	static const char msg[] = TRUSTEES_APIVERSION_STR "\n";
+	unsigned long nocopy;
+
+	if (*offset >= (sizeof(msg) - 1)) {
+		return 0;
+	}
+
+	if (count > (sizeof(msg) - 1 - *offset)) {
+		count = sizeof(msg) - 1 - *offset;
+	}
+	nocopy = copy_to_user(buf, msg, count);
+	(*offset) += count;
+	(*offset) -= nocopy;
+
+	return count;
+}
+
+/* Cleanup our reader (deallocate all the allocated memory) */
+static void cleanup_reader(struct trustee_command_reader *reader) {
+	int z;
+	if (!reader) {
+		TS_ERR_MSG("How does reader disappear on us?\n");
+		return;
+	}
+
+	for (z = reader->curarg - 1; z >= 0; z--) {
+		vfree(reader->arg[z]);
+		reader->argsize[z] = 0;
+	}
+	reader->command.command = 0;
+	reader->curarg = 0;
+}
+
+static ssize_t trustees_write_trustees(struct file *filp,
+				       const char __user * buf,
+				       size_t count, loff_t * offset)
+{
+	struct trustee_command_reader *reader = filp->private_data;
+
+	if (reader->command.command == 0) {
+		reader->curarg = 0;
+		if (count != sizeof(struct trustee_command)) {
+			return -EIO;
+		}
+		if (copy_from_user(&reader->command, buf, count)) {
+			reader->command.command = 0;
+			TS_ERR_MSG("copy_from_user failed on command\n");
+			return -EIO;
+		}
+		if (reader->command.numargs > TRUSTEE_MAX_ARGS) {
+			TS_ERR_MSG("Too many arguments specified for command %d\n",
+			  reader->command.command);
+			return -EIO;
+		}
+	} else {
+		unsigned curarg = reader->curarg;
+		if (!(reader->arg[curarg] = vmalloc(count+1))) {
+			cleanup_reader(reader);
+			return -EIO;
+		}
+		reader->argsize[curarg] = count;
+		((char *)reader->arg[curarg])[count] = '\0';
+		reader->curarg++;
+		if (copy_from_user(reader->arg[curarg], buf, count)) {
+			cleanup_reader(reader);
+			TS_ERR_MSG("copy_from_user failed on arg\n");
+			return -EIO;
+		}
+	}
+
+	if (reader->command.command && reader->curarg == reader->command.numargs) {
+		int ret = trustees_process_command(reader->command, reader->arg,
+		                                   reader->argsize);
+		cleanup_reader(reader);
+		if (ret) return -EIO;
+	}
+
+	return count;
+}
diff --git a/security/trustees/funcs.c b/security/trustees/funcs.c
new file mode 100755
index 00000000000..fe152d75df2
--- /dev/null
+++ b/security/trustees/funcs.c
@@ -0,0 +1,812 @@
+/*
+ * Trustees ACL Project
+ *
+ * Copyright (c) 1999-2000 Vyacheslav Zavadsky
+ * Copyright (c) 2004 Andrew Ruder (aeruder@ksu.edu)
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2.
+ *
+ * This code contains the functions for handling the actual trustees data
+ * and returning the permissions for a given file, etc.
+ *
+ *
+ */
+
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/dcache.h>
+#include <linux/string.h>
+#include <linux/mm.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/poll.h>
+#include <linux/sched.h>
+#include <linux/limits.h>
+#include <linux/list.h>
+#include <linux/vmalloc.h>
+#include <linux/ctype.h>
+#include <linux/cred.h>
+
+#include "internal.h"
+
+/*
+ * This is a hash of all the trustee_names currently added.  These values
+ * are hashed on a combination of device/filename.  Before reading/writing
+ * be sure to take care of the locking of trustee_hash_lock.
+ */
+rwlock_t trustee_hash_lock;
+static struct hlist_head *trustee_hash = NULL;
+
+/*
+ * This is the deepest level trustee.  When calculating filenames, we can
+ * skip several of the levels in many case since we know it won't be any
+ * deeper than this.
+ *
+ * Kept up to date by calculate_deepest_level
+ *
+ * /           => 0
+ * /test       => 1
+ * /test/blah  => 2
+ */
+static int deepest_level = 0;
+
+/*
+ * A list of filesystems that need to have their case
+ * ignored.  This is protected by trustee_hash_lock.
+ */
+static LIST_HEAD(trustee_ic_list);
+
+
+/* The calling method needs to free the buffer created by this function
+ * This method returns the filename for a dentry.  This is, of course,
+ * relative to the device.  The filename can be truncated to be as deep as
+ * the deepest trustee.  The depth returned in d will always be the true
+ * depth, however.
+ *
+ * Args:
+ *   dentry: The dentry we are interested in.
+ *   d: a pointer to the place where the depth can be stored.
+ *   trunc: ok to truncate the name to the longest that needs to be figured out.
+ */
+
+#define FN_CHUNK_SIZE 64
+char *trustees_filename_for_dentry(struct dentry *dentry, int *d, int trunc)
+{
+	char *buffer = NULL, *tmpbuf = NULL;
+	int bufsize = FN_CHUNK_SIZE;
+	char c;
+	int i, j, k;
+	int depth = 0;
+	struct dentry *temp_dentry;
+
+	if (dentry->d_parent == NULL) {
+		TS_ERR_MSG("d_parent is null\n");
+		return NULL;
+	}
+
+	if (dentry->d_name.name == NULL) {
+		TS_ERR_MSG("name is null\n");
+		return NULL;
+	}
+
+	buffer = kmalloc(FN_CHUNK_SIZE, GFP_KERNEL);
+	if (!buffer) {
+		TS_ERR_MSG("could not allocate filename buffer\n");
+		return NULL;
+	}
+
+	buffer[0] = '/';
+	buffer[i = 1] = '\0';
+	for (temp_dentry = dentry; !IS_ROOT(temp_dentry); temp_dentry = temp_dentry->d_parent)
+		depth++;
+	if (d) *d = depth;
+	if (deepest_level <= 0) return buffer;
+
+	for (;;) {
+		if (IS_ROOT(dentry))
+			break;
+		if (depth-- > deepest_level) continue;
+
+		j = i + strlen(dentry->d_name.name);
+		if ((j + 2) > bufsize) {	/* reallocate - won't fit */
+			bufsize = (((j + 2) / FN_CHUNK_SIZE) + 1) * FN_CHUNK_SIZE;
+			tmpbuf = kmalloc(bufsize, GFP_KERNEL);
+			if (!tmpbuf) {
+				kfree(buffer);
+				TS_ERR_MSG
+				    ("Out of memory allocating tmpbuf\n");
+				return NULL;
+			}
+			memcpy(tmpbuf, buffer, i);
+			kfree(buffer);
+			buffer = tmpbuf;
+		}
+		/* Throw the name in there backward */
+		for (k = 0; dentry->d_name.name[k]; k++) {
+			buffer[j - 1 - k] = dentry->d_name.name[k];
+		}
+		i = j;
+		buffer[i++] = '/';
+		dentry = dentry->d_parent;
+	}
+	buffer[i] = 0;
+
+	/* buffer is backwards, reverse it */
+	for (j = 0; j < (i / 2); ++j) {
+		c = buffer[j];
+		buffer[j] = buffer[i - j - 1];
+		buffer[i - j - 1] = c;
+	}
+
+	return buffer;
+}
+
+/**
+ * Allocate memory using vmalloc and return a duplicate of the passed in string.
+ * Returns NULL if a problem occurs
+ */
+static char *vmalloc_strdup(const char *str, size_t len)
+{
+	char *r;
+
+	if (!str) return NULL;
+	len = strlen(str);
+	r = vmalloc(len + 1);
+	if (!r) return NULL;
+	memcpy(r, str, len + 1);
+
+	return r;
+}
+
+/*
+ * Add a filesystem as a ignored-case dev.
+ */
+static inline void add_ic_dev(u32 dev, char *devname)
+{
+	char *devname2;
+	struct trustee_ic *ic;
+	size_t dev_len;
+
+	dev_len = strlen(devname);
+
+	if (dev_len > PATH_MAX) {
+		TS_ERR_MSG("devname bad, add_ic_dev ignored.\n");
+		return;
+	}
+
+	if (!dev_len) {
+		TS_ERR_MSG("No devname specified in add_ic_dev.\n");
+		return;
+	}
+
+	devname2 = vmalloc_strdup(devname, dev_len);
+	if (!devname2) {
+		TS_ERR_MSG
+		    ("Seems that we have ran out of memory adding ic dev!\n");
+		return;
+	}
+
+	ic = vmalloc(sizeof(struct trustee_ic));
+	if (!ic) {
+		TS_ERR_MSG
+		    ("Seems that we ran out of memory allocating ic!\n");
+		return;
+	}
+
+	ic->dev = new_decode_dev(dev);
+	ic->devname = devname2;
+
+	write_lock(&trustee_hash_lock);
+	list_add(&ic->ic_list, &trustee_ic_list);
+	write_unlock(&trustee_hash_lock);
+}
+
+/*
+ * Remove all ignored-case filesystems.
+ */
+static inline void remove_ic_devs(void)
+{
+	struct trustee_ic *ic, *temp_ic;
+	struct list_head temp_ic_list;
+
+	INIT_LIST_HEAD(&temp_ic_list);
+	list_splice_init(&trustee_ic_list, &temp_ic_list);
+
+	list_for_each_entry_safe(ic, temp_ic, &temp_ic_list, ic_list) {
+		vfree(ic->devname);
+		vfree(ic);
+	}
+}
+
+/*
+ * This frees all the capsules in a trustee element.
+ */
+static inline void free_hash_element_list(struct trustee_hash_element *e)
+{
+	struct trustee_permission_capsule *capsule, *temp;
+
+	list_for_each_entry_safe(capsule, temp, &e->perm_list, perm_list) {
+		list_del(&capsule->perm_list);
+		vfree(capsule);
+	}
+}
+
+/*
+ * Free a trustee name.  This frees the devname and the filename
+ */
+static inline void free_trustee_name(struct trustee_name *name)
+{
+	vfree(name->filename);
+	vfree(name->devname);
+}
+
+/*
+ * Frees the capsules, and the filenames for a trustee hash element.
+ * Also marks it as unused in the hash.
+ */
+static inline void free_hash_element(struct trustee_hash_element *e)
+{
+	free_hash_element_list(e);
+	free_trustee_name(&e->name);
+	vfree(e);
+}
+
+/**
+ * Copies from src to dest (duplicating the strings in the
+ * trustee_name structure.  Returns zero for unsuccesful.
+ */
+static int copy_trustee_name(struct trustee_name *dst, struct trustee_name *src)
+{
+	*dst = *src;
+	if (dst->filename) {
+		dst->filename = vmalloc_strdup(src->filename, strlen(src->filename));
+		if (!dst->filename) {
+			TS_ERR_MSG("Ran out of memory duplicating src->filename\n");
+			return 0;
+		}
+	}
+
+	if (dst->devname) {
+		dst->devname = vmalloc_strdup(src->devname, strlen(src->devname));
+		if (!dst->devname) {
+			TS_ERR_MSG("Ran out of memory duplicating src->devname\n");
+			vfree(dst->filename);
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+
+/*
+ * hashing function researched by Karl Nelson <kenelson @ ece ucdavis edu>
+ * and is used in glib.
+ */
+static inline unsigned int hash_string(const char *s)
+{
+	unsigned int v = 0;
+
+	while (*s) {
+		v = (v << 5) - v + tolower(*s);
+		s++;
+	}
+
+	return v;
+}
+
+/*
+ * Return the hash for a device.
+ */
+static inline unsigned int hash_device(const char *name, dev_t device)
+{
+	if (MAJOR(device) == 0) {
+		return hash_string(name);
+	}
+
+	return new_encode_dev(device);
+}
+
+/*
+ * Return the hash for a file.  This is a combination of the
+ * hash of the filename and the hash for the device.
+ */
+static inline unsigned int hash(const struct trustee_name *name)
+{
+	return hash_string(name->filename) ^
+	       hash_device(name->devname, name->dev);
+}
+
+/*
+ * Return the slot in the trustees_hash where a trustee is located
+ */
+static inline unsigned int hash_slot(const struct trustee_name *name)
+{
+    return hash(name) % trustee_hash_size;
+}
+
+/*
+ * Compare two devices.  Return 1 if they are equal otherwise return 0
+ */
+static inline int trustee_dev_cmp(dev_t dev1, dev_t dev2, const char *devname1,
+				  const char *devname2)
+{
+	if ((MAJOR(dev1) == 0) && (MAJOR(dev2) == 0))
+		return (strcmp(devname1, devname2) == 0);
+	else if ((MAJOR(dev1) != 0) && (MAJOR(dev2) != 0))
+		return (dev1 == dev2);
+	return 0;
+}
+
+/*
+ * Compare two trustee_name's.  Returns 1 if they are are equal
+ * otherwise return 0
+ */
+static inline int trustee_name_cmp(const struct trustee_name *n1,
+				   const struct trustee_name *n2,
+				   unsigned ignore_case)
+{
+	if (trustee_dev_cmp(n1->dev, n2->dev, n1->devname, n2->devname))
+		return ignore_case ?
+		    (strnicmp(n1->filename, n2->filename, PATH_MAX) == 0) :
+		    (strcmp(n1->filename, n2->filename) == 0);
+	return 0;
+}
+
+/*
+ * Calculate the deepest level.
+ */
+static inline void calculate_deepest_level(const struct trustee_name *name)
+{
+	const char *fn = name->filename;
+	const char *x;
+	int level = 0;
+
+	for (x = fn; *x; ++x) {
+		if (*x == '/')
+			++level;
+	}
+
+	/* If it is the root, it should have
+	 * a level of 0.
+	 */
+	if (x == (fn + 1)) level = 0;
+
+	if (level > deepest_level) deepest_level = level;
+}
+
+/*
+ * Return the trustee element for a name.
+ * This should be called with a lock on the trustee_hash (which should
+ * not be released until you are done with the returned hash_element)!
+ */
+static struct trustee_hash_element *get_trustee_for_name(const struct trustee_name *name,
+							 unsigned ignore_case)
+{
+	struct trustee_hash_element *item = NULL;
+	struct hlist_node *iter = NULL;
+
+	hlist_for_each_entry(item, iter, &trustee_hash[hash_slot(name)], hash_list) {
+		if (trustee_name_cmp(&item->name, name, ignore_case))
+			return item;
+	}
+
+	return NULL;
+}
+
+/**
+ * Add a new blank trustee to the hash.
+ *
+ * If this returns zero, then the adding failed and name should be freed
+ * (assuming must_copy is 0), otherwise assume we used its memory.
+ */
+static unsigned add_trustee(struct trustee_name *name, int must_copy) {
+	struct trustee_name newname;
+	struct trustee_name rootname;
+	unsigned is_root = 1;
+	unsigned r = 0;
+	struct trustee_hash_element *new;
+	struct trustee_hash_element *root;
+
+	if (!name->filename || !name->filename[0]) goto err0;
+
+	if (!copy_trustee_name(&rootname, name)) goto err0;
+	rootname.filename[1] = '\0';
+
+	if (strlen(name->filename) > 1 && strcmp(name->filename, "/")) {
+		add_trustee(&rootname, 1);
+		is_root = 0;
+	}
+
+	if (must_copy) {
+		if (!copy_trustee_name(&newname, name)) goto err1;
+	} else {
+		newname = *name;
+	}
+
+	new = vmalloc(sizeof(struct trustee_hash_element));
+	if (!new) goto err2;
+	new->name = newname;
+	INIT_HLIST_NODE(&new->hash_list);
+	INIT_LIST_HEAD(&new->perm_list);
+	INIT_LIST_HEAD(&new->device_list);
+
+	write_lock(&trustee_hash_lock);
+	if (get_trustee_for_name(&newname, 0)) goto err3;
+
+	if (is_root) {
+		root = NULL;
+	} else if (!(root = get_trustee_for_name(&rootname, 0))) {
+		TS_ERR_MSG("Root trustee disappeared on us!\n");
+		goto err3;
+	}
+	hlist_add_head(&new->hash_list, &trustee_hash[hash_slot(name)]);
+	if (!is_root) {
+		list_add_tail(&new->device_list, &root->device_list);
+	}
+	calculate_deepest_level(&newname);
+	TS_DEBUG_MSG("Created '%s' trustee\n", newname.filename);
+	r = 1;
+err3:
+	write_unlock(&trustee_hash_lock);
+	if (!r) vfree(new);
+err2:
+	if (must_copy && !r) free_trustee_name(&newname);
+err1:
+	free_trustee_name(&rootname);
+err0:
+	return r;
+}
+
+/**
+ * Add a permissions module to the trustee specified by name.
+ */
+static unsigned add_trustee_perm
+    (struct trustee_name *name, struct trustee_permission acl)
+{
+	struct trustee_hash_element *r = NULL;
+	struct trustee_permission_capsule *capsule;
+
+	capsule = vmalloc(sizeof(struct trustee_permission_capsule));
+	if (!capsule) {
+		TS_ERR_MSG
+		    ("Can not allocate memory for trustee capsule\n");
+		return 0;
+	}
+	capsule->permission = acl;
+
+	write_lock(&trustee_hash_lock);
+	r = get_trustee_for_name(name, 0);
+
+	if (r) {
+		list_add_tail(&capsule->perm_list, &r->perm_list);
+		write_unlock(&trustee_hash_lock);
+		TS_DEBUG_MSG("Added permission capsule to '%s' trustee\n", name->filename);
+		return 1;
+	}
+	write_unlock(&trustee_hash_lock);
+	TS_ERR_MSG("trustee disappeared under us while trying to add perms\n");
+	vfree(capsule);
+
+	return 0;
+}
+
+/*
+ * Get the mask for a trustee name.
+ * This should be called with a lock on the trustee_hash (which should
+ * not be released until you are done with the returned hash_element)!
+ */
+static int get_trustee_mask_for_name(struct trustee_name *name,
+				     int oldmask, int height,
+				     struct trustee_hash_element **element,
+				     unsigned ignore_case)
+{
+	struct trustee_hash_element *e;
+	int m;
+	struct trustee_permission_capsule *l;
+	int appl;
+	e = get_trustee_for_name(name, ignore_case);
+	if (!e) {
+		return oldmask;
+	}
+	list_for_each_entry(l, &e->perm_list, perm_list) {
+		if ((height < 0)
+		    && (l->permission.mask & TRUSTEE_ONE_LEVEL_MASK))
+			continue;
+		if (element) {
+			*element = e;
+			element = NULL;
+		}
+		appl = ((!(l->permission.mask & TRUSTEE_IS_GROUP_MASK))
+			&& (current_fsuid() == l->permission.u.uid))
+		    || (((l->permission.mask & TRUSTEE_IS_GROUP_MASK))
+			&& (in_group_p(l->permission.u.gid)))
+		    || (l->permission.mask & TRUSTEE_ALL_MASK);
+		if (l->permission.mask & TRUSTEE_NOT_MASK)
+			appl = !appl;
+
+		if (!appl)
+			continue;
+
+		m = l->permission.mask & TRUSTEE_ACL_MASK;
+
+		if (l->permission.mask & TRUSTEE_ALLOW_DENY_MASK)
+			m <<= TRUSTEE_NUM_ACL_BITS;
+
+		oldmask =
+		    l->permission.
+		    mask & TRUSTEE_CLEAR_SET_MASK ? (oldmask & (~m))
+		    : (oldmask | m);
+	}
+
+	return oldmask;
+}
+
+/*
+ * Return non-zero if a trustee exists in a subpath.
+ *
+ * WARNING!
+ * This function requires that you lock/unlock the trustees_hash_lock
+ */
+int trustee_has_child(struct vfsmount *mnt, char *file_name)
+{
+	struct trustee_name trustee_name;
+	char tempchar;
+	unsigned ignore_case = 0;
+	struct trustee_hash_element *root;
+	size_t len;
+	struct trustee_ic *iter;
+	struct trustee_hash_element *r;
+
+	if (!file_name || !*file_name) return 0;
+
+	trustee_name.dev = mnt->mnt_sb->s_dev;
+	trustee_name.devname = mnt->mnt_devname;
+	trustee_name.filename = file_name;
+
+	list_for_each_entry(iter, &trustee_ic_list, ic_list) {
+		if (trustee_dev_cmp
+		    (iter->dev, trustee_name.dev, iter->devname,
+		     trustee_name.devname)) {
+			ignore_case = 1;
+			break;
+		}
+	}
+
+	tempchar = file_name[1];
+	file_name[1] = '\0';
+
+	root = get_trustee_for_name(&trustee_name, ignore_case);
+	if (!root) return 0;
+
+	file_name[1] = tempchar;
+
+	len = strlen(file_name);
+
+	list_for_each_entry(r, &root->device_list, device_list) {
+		size_t this_len = strlen(r->name.filename);
+		if (this_len <= len) continue;
+		if (!strncmp(file_name, r->name.filename, len) &&
+			r->name.filename[len] != '\0')
+			return 1;
+	}
+
+	return 0;
+}
+
+/*
+ * Return the mask for a file.
+ *
+ * WARNING!
+ * This function requires that you lock/unlock the trustees_hash_lock
+ */
+int trustee_perm(struct path *path,
+		 char *file_name, int unix_ret, int depth, int is_dir,
+		 struct trustee_hash_element **deepest)
+{
+	static char dbl_nul_slash[3] = { '/', '\0', '\0' };
+	int oldmask = trustee_default_acl;
+	int height = 0;
+	char *filecount;
+	char c;
+	struct trustee_name trustee_name;
+	struct trustee_ic *iter;
+	unsigned ignore_case = 0;
+
+	trustee_name.dev = path->mnt->mnt_sb->s_dev;
+	trustee_name.devname = path->mnt->mnt_devname;
+	trustee_name.filename = file_name;
+
+	list_for_each_entry(iter, &trustee_ic_list, ic_list) {
+		if (trustee_dev_cmp
+		    (iter->dev, trustee_name.dev, iter->devname,
+		     trustee_name.devname)) {
+			ignore_case = 1;
+			break;
+		}
+	}
+
+	if (deepest) *deepest = NULL;
+
+	filecount = file_name + 1;
+	/* Try to handle the unlikely case where the string will be '/'
+	 * out here to simplify the logic inside the loop.  We do this
+	 * by giving it a string with two nul byte terminators so that it
+	 * will gracefully (and safely) make it through the loop below.
+	 */
+	if (*filecount == '\0') {
+		file_name = dbl_nul_slash;
+		filecount = file_name + 1;
+	}
+	do {
+		c = *filecount;
+		*filecount = 0;
+		oldmask =
+		    get_trustee_mask_for_name(&trustee_name, oldmask,
+					      height - depth + !is_dir,
+					      deepest, ignore_case);
+		height++;
+		*filecount = c;
+		++filecount;
+		while ((*filecount) && (*filecount != '/')) filecount++;
+
+	} while(*filecount);
+
+	return oldmask;
+}
+
+/* Clear out the hash of trustees and release the hash itself.
+ * Also gets rid of the ignore-case list
+ */
+static void trustees_clear_all(void)
+{
+	struct trustee_hash_element *item = NULL;
+	struct hlist_node *iter, *temp = NULL;
+	unsigned i;
+	write_lock(&trustee_hash_lock);
+
+	for (i = 0; i < trustee_hash_size; i++) {
+		hlist_for_each_entry_safe(item, iter, temp, &trustee_hash[i], hash_list) {
+			free_hash_element(item);
+		}
+		INIT_HLIST_HEAD(&trustee_hash[i]);
+	}
+
+	deepest_level = 0;
+
+	remove_ic_devs();
+
+	write_unlock(&trustee_hash_lock);
+}
+
+/*
+ * Initialize globals
+ */
+int trustees_funcs_init_globals(void)
+{
+	unsigned int iter;
+
+	if (trustee_hash_size <= 0)
+		return 1;
+
+	rwlock_init(&trustee_hash_lock);
+
+	trustee_hash = vmalloc(sizeof(*trustee_hash) * trustee_hash_size);
+	if (!trustee_hash)
+		return 1;
+
+	for (iter = 0; iter < trustee_hash_size; iter++)
+		INIT_HLIST_HEAD(trustee_hash + iter);
+
+	return 0;
+}
+
+/*
+ * Clear globals
+ */
+int trustees_funcs_cleanup_globals(void)
+{
+	trustees_clear_all();
+
+	vfree(trustee_hash);
+
+	return 0;
+}
+
+/*
+ * Prepare a trustee name from a passed in trustee name.
+ */
+static int prepare_trustee_name(u32 device, char *devname, char *filename, struct trustee_name *name)
+{
+	size_t devl, filel;
+	char *devb = NULL, *fileb = NULL;
+
+	if ((!name))
+		return 0;
+
+	filel = strlen(filename);
+	devl = strlen(devname);
+
+	if (devl > PATH_MAX) {
+		TS_ERR_MSG("device name bad, command ignored.\n");
+		return 0;
+	}
+	if (filel > PATH_MAX) {
+		TS_ERR_MSG("file name bad, command ignored.\n");
+		return 0;
+	}
+
+	devb = vmalloc_strdup(devname, devl);
+	if (!devb) {
+		TS_ERR_MSG("Couldn't allocate mem for devb.\n");
+		return 0;
+	}
+
+	fileb = vmalloc_strdup(filename, filel);
+	if (!fileb) {
+		TS_ERR_MSG("Couldn't allocate mem for fileb.\n");
+		return 0;
+	}
+
+	name->devname = devb;
+	name->filename = fileb;
+
+	name->dev = new_decode_dev(device);
+
+	return 1;
+}
+
+/*
+ * Process a user command
+ */
+extern int trustees_process_command(struct trustee_command command,
+                                    void **arg,
+                                    size_t *argsize)
+{
+	int r = -ENOSYS;
+	int must_free = 0;
+	struct trustee_name name;
+
+	if ((current_euid() != 0) && !capable(CAP_SYS_ADMIN)) {
+		r = -EACCES;
+		return r;
+	}
+
+	switch (command.command) {
+	case TRUSTEE_COMMAND_MAKE_IC:
+		if (command.numargs != 2 ||
+		    argsize[1] != sizeof(u32)) goto unlk;
+		add_ic_dev(*(u32 *)arg[1], arg[0]);
+		r = 0;
+		break;
+	case TRUSTEE_COMMAND_REMOVE_ALL:
+		if (command.numargs != 0) goto unlk;
+		trustees_clear_all();
+		r = 0;
+		break;
+	case TRUSTEE_COMMAND_ADD:
+		if (command.numargs != 4 ||
+		    argsize[3] != sizeof(u32) ||
+		    argsize[1] != sizeof(struct trustee_permission))
+			goto unlk;
+		if (!prepare_trustee_name(*(u32 *)arg[3], arg[2], arg[0], &name)) {
+			r = -ENOMEM;
+			goto unlk;
+		}
+		if (!add_trustee(&name, 0)) {
+			must_free = 1;
+		}
+		if (!add_trustee_perm(&name, *(struct trustee_permission *)arg[1]))
+			r = -ENOMEM;
+		else
+			r = 0;
+
+		if (must_free) free_trustee_name(&name);
+		break;
+	}
+   unlk:
+
+	return r;
+}
diff --git a/security/trustees/init.c b/security/trustees/init.c
new file mode 100755
index 00000000000..38eb964c382
--- /dev/null
+++ b/security/trustees/init.c
@@ -0,0 +1,57 @@
+/*
+ * Trustees ACL Project
+ *
+ * Copyright (c) 1999-2000 Vyacheslav Zavadsky
+ * Copyright (c) 2004 Andrew Ruder (aeruder@ksu.edu)
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2.
+ *
+ * Module initialization and cleanup
+ *
+ * History:
+ *  2002-12-16 trustees 2.10 released by Vyacheslav Zavadsky
+ *
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/capability.h>
+
+#include "internal.h"
+
+unsigned int trustee_hash_size = 256;
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Trustees ACL System");
+MODULE_AUTHOR("Vyacheslav Zavadsky and Andrew E. Ruder <aeruder@ksu.edu>");
+MODULE_VERSION("2.11");
+
+MODULE_PARM_DESC(hash_size, "Trustees hash size");
+module_param_named(hash_size, trustee_hash_size, uint, 0444);
+
+
+static int __init trustees_init(void)
+{
+	if (trustees_funcs_init_globals() != 0) {
+		return -EINVAL;
+	}
+
+	if (trustees_init_fs() != 0) {
+		trustees_funcs_cleanup_globals();
+		return -EINVAL;
+	}
+
+	if (trustees_init_security() != 0) {
+		trustees_deinit_fs();
+		trustees_funcs_cleanup_globals();
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+fs_initcall(trustees_init);
diff --git a/security/trustees/internal.h b/security/trustees/internal.h
new file mode 100755
index 00000000000..f7203a05fc1
--- /dev/null
+++ b/security/trustees/internal.h
@@ -0,0 +1,101 @@
+/*
+ * Trustees ACL Project
+ *
+ * Copyright (c) 1999-2000 Vyacheslav Zavadsky
+ * Copyright (c) 2004 Andrew Ruder (aeruder@ksu.edu)
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2.
+ *
+ * Private methods and definitions used only within the module.
+ *
+ */
+
+#ifndef _LINUX_TRUSTEES_H
+#define _LINUX_TRUSTEES_H
+#include <linux/types.h>
+#include <linux/dcache.h>
+#include <linux/kdev_t.h>
+#include <linux/list.h>
+#include <linux/version.h>
+#include <linux/trustees.h>
+#include <linux/path.h>
+
+#define TRUSTEE_DEFAULT_MASK TRUSTEE_USE_UNIX_MASK
+
+struct trustee_ic {
+	dev_t dev;
+	char *devname;		/* ONLY if MAJOR(dev)==0 */
+	struct list_head ic_list;
+};
+
+struct trustee_name {
+	dev_t dev;
+	char *filename;
+	const char *devname;		/* ONLY if MAJOR(dev)==0 */
+};
+
+struct trustee_permission_capsule {
+	struct list_head perm_list;
+	struct trustee_permission permission;
+};
+
+/* For the usage field */
+#define TRUSTEE_HASH_ELEMENT_USED 2
+#define TRUSTEE_HASH_ELEMENT_DELETED 1
+#define TRUSTEE_HASH_ELEMENT_NOTUSED 0
+
+struct trustee_hash_element {
+	struct trustee_name name;
+	struct list_head perm_list;
+	struct hlist_node hash_list;
+	struct list_head device_list;
+};
+
+extern char *trustees_filename_for_dentry(struct dentry *dentry, int *d, int trunc);
+
+extern int trustees_funcs_init_globals(void);
+extern int trustees_funcs_cleanup_globals(void);
+
+int trustee_has_child(struct vfsmount *mnt, char *file_name);
+int trustee_perm(struct path *path,
+		 char *file_name, int unix_ret, int depth, int is_dir,
+		 struct trustee_hash_element **deepest);
+
+extern int trustees_process_command(struct trustee_command command,
+                                    void **arg, size_t *argsize);
+
+extern unsigned int trustee_hash_size;
+extern rwlock_t trustee_hash_lock;
+
+#define TRUSTEE_INITIAL_NAME_BUFFER 256
+#define TRUSTEE_HASDEVNAME(TNAME) (MAJOR((TNAME).dev)==0)
+
+#define TS_ERR_MSG(...) printk(KERN_ERR "Trustees: " __VA_ARGS__)
+
+#ifdef TRUSTEES_DEBUG
+#define TS_DEBUG_MSG(...) printk(KERN_ERR "Trustees: " __VA_ARGS__)
+#else
+#define TS_DEBUG_MSG(...)
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
+#define NAMESPACE_SEM(_ns) (namespace_sem)
+#else
+#define NAMESPACE_SEM(_ns) ((_ns)->sem)
+#endif
+
+/*
+ * Magic number!
+ *
+ * FIXME: Do I just make this up or is there some system for coming
+ * up with magic numbers?
+ */
+#define TRUSTEES_MAGIC 0x32236975
+
+int trustees_init_fs(void);
+void trustees_deinit_fs(void);
+
+int trustees_init_security(void);
+#endif				/* _LINUX_TRUSTEES_H */
diff --git a/security/trustees/security.c b/security/trustees/security.c
new file mode 100755
index 00000000000..bbc98886243
--- /dev/null
+++ b/security/trustees/security.c
@@ -0,0 +1,417 @@
+/*
+ * Trustees ACL Project
+ *
+ * Copyright (c) 1999-2000 Vyacheslav Zavadsky
+ * Copyright (c) 2004 Andrew Ruder (aeruder@ksu.edu)
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2.
+ *
+ * The security module (LSM API) component of the trustees system
+ *
+ * One quick note: generally security modules with the LSM are supposed
+ * to be solely restrictive modules.  Unless the trustees module were to
+ * require that people set all files rwx by all, it could not function
+ * as it is meant to function as a solely restrictive module.
+ *
+ * To compensate, every process is given the capability CAP_DAC_OVERRIDE.
+ * In other words, every process is first given full rights to the filesystem.
+ * This is the only non-restricting portion of this module, since it -does-
+ * in fact give additional permissions.  However, in the inode_permission hook,
+ * any rights the user should not have are taken away.
+ *
+ * Side effects: Posix ACLs or other filesystem-specific permissions are not
+ * honored.  Trustees ACLs can (and do) take into account the standard unix
+ * permissions, but any permissions further than that are difficult, to say
+ * the least, to take into account.  I, personally, do not find this to
+ * be a problem since if you are using Trustees ACLs, why also require the use
+ * of another ACL system?
+ */
+
+#include <linux/security.h>
+#include <linux/capability.h>
+#include <linux/mount.h>
+#include <linux/namei.h>
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include <linux/smp_lock.h>
+#include <linux/nsproxy.h>
+#include <linux/cred.h>
+#include <linux/mnt_namespace.h>
+
+#include "internal.h"
+
+static int trustees_capable(struct task_struct *tsk, const struct cred *cred,
+			    int cap,
+			    int audit);
+static int trustees_inode_permission(struct inode *inode, int mask);
+
+/* Checks if user has access to the inode due to root status
+ */
+static inline int has_root_perm(struct inode *inode, int mask)
+{
+	umode_t mode = inode->i_mode;
+
+	if (!(mask & MAY_EXEC) || (mode & S_IXUGO) || S_ISDIR(mode))
+		if (current_fsuid() == 0)
+			return 0;
+
+	return -EACCES;
+}
+
+/* The logic for this was mostly stolen from vfs_permission.  The security API
+ * doesn't give a good way to use the actual vfs_permission for this since our
+ * CAP_DAC_OVERRIDE causes it to always return 0.  But if we didn't return
+ * CAP_DAC_OVERRIDE, we'd never get to handle permissions!  Since we don't need
+ * to handle capabilities and dealing with ACLs with trustees loaded isn't an
+ * issue for me, the function ends up being pretty simple.
+ */
+
+static inline int has_unix_perm(struct inode *inode, int mask)
+{
+	umode_t mode = inode->i_mode;
+	mask &= ~MAY_APPEND;
+
+	if (current_fsuid() == inode->i_uid)
+		mode >>= 6;
+	else if (in_group_p(inode->i_gid))
+		mode >>= 3;
+
+	if (((mode & mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == mask))
+		return 0;
+
+	return -EACCES;
+}
+
+/* Find a vfsmount given an inode */
+static inline struct vfsmount *find_inode_mnt(struct inode *inode)
+{
+	struct mnt_namespace *ns = NULL;
+	struct vfsmount *mnt = NULL;
+
+	if (!inode->i_sb) {
+		TS_ERR_MSG("Inode without a i_sb entry?");
+		return NULL;
+	}
+
+	/* Okay, we need to find the vfsmount by looking
+	 * at the namespace now.
+	 */
+	task_lock(current);
+	if (current->nsproxy) {
+		ns = current->nsproxy->mnt_ns;
+		if (ns)
+			get_mnt_ns(ns);
+	}
+	task_unlock(current);
+
+	if (!ns)
+		return NULL;
+
+	list_for_each_entry(mnt, &ns->list, mnt_list) {
+		if (mnt->mnt_sb == inode->i_sb && mnt->mnt_devname) {
+			mntget(mnt);
+			goto out;
+		}
+	}
+
+  out:
+	put_mnt_ns(ns);
+
+	return mnt;
+}
+
+/* Find a dentry given an inode */
+static inline struct dentry *find_inode_dentry(struct inode *inode)
+{
+	struct dentry *dentry;
+
+	dentry = d_find_alias(inode);
+
+	return dentry;
+}
+
+/* Find a path (dentry/vfsmount pair) given an inode
+ */
+static inline int find_inode_path(struct inode *inode, struct path *path)
+{
+	int ret = 0;
+
+	path->dentry = NULL;
+	path->mnt = NULL;
+
+	path->mnt = find_inode_mnt(inode);
+	if (unlikely(!path->mnt)) {
+		TS_ERR_MSG("inode does not have a mnt!\n");
+		goto error_out;
+	}
+
+	path->dentry = find_inode_dentry(inode);
+	if (unlikely(!path->dentry)) {
+		/* Most of the time when this happens, it is the /
+		 * If it is not, we need to dump as much information
+		 * as possible on it and dump it to logs, because
+		 * I'm really not sure how it happens.
+		 */
+		if (path->mnt->mnt_root && inode == path->mnt->mnt_root->d_inode) {
+			path->dentry = dget(path->mnt->mnt_root);
+		} else {
+			/* I have seen this happen once but I did not have any
+			 * way to see what caused it.  I am gonna dump_stack
+			 * until I have that happen again to see if the cause
+			 * is something that I need to worry about.
+			 */
+			dump_stack();	/* DEBUG FIXME */
+			TS_ERR_MSG("Inode number: %ld\n", inode->i_ino);
+			TS_ERR_MSG("dentry does not exist!\n");
+			goto error_mnt_out;
+		}
+	}
+
+	goto out;
+
+error_mnt_out:
+	mntput(path->mnt);
+	path->mnt = NULL;
+
+error_out:
+	ret = 1;
+
+out:
+	return ret;
+}
+
+/*
+ * Return 1 if they are under the same set of trustees
+ * otherwise return 0.  In the case that we are handling
+ * a directory, we also check to see if there are subdirectories
+ * with trustees.
+ */
+static inline int have_same_trustees_rename(struct path *path1, struct path *path2)
+{
+	char *filename1, *filename2;
+	int depth1, depth2;
+	struct trustee_hash_element *deep1, *deep2;
+	int is_dir;
+	int ret = 0;
+
+	filename1 = trustees_filename_for_dentry(path1->dentry, &depth1, 1);
+	if (!filename1) {
+		TS_ERR_MSG("Couldn't allocate filename\n");
+		goto out;
+	}
+
+	filename2 = trustees_filename_for_dentry(path2->dentry, &depth2, 1);
+	if (!filename2) {
+		TS_ERR_MSG("Couldn't allocate filename\n");
+		goto out_file_name;
+	}
+
+	is_dir = S_ISDIR(path1->dentry->d_inode->i_mode);
+
+	read_lock(&trustee_hash_lock);
+	trustee_perm(path1, filename1, ret, depth1, is_dir, &deep1);
+	trustee_perm(path2, filename2, ret, depth2, is_dir, &deep2);
+	if (deep1 == deep2) {
+		ret = 1;
+		if (is_dir) {
+			if (trustee_has_child(path1->mnt, filename1) ||
+				trustee_has_child(path2->mnt, filename2)) ret = 0;
+		}
+	}
+	read_unlock(&trustee_hash_lock);
+
+	kfree(filename2);
+  out_file_name:
+	kfree(filename1);
+  out:
+
+	return ret;
+}
+
+static int trustees_inode_rename(struct inode *old_dir,
+				 struct dentry *old_dentry,
+				 struct inode *new_dir,
+				 struct dentry *new_dentry);
+static int trustees_inode_link(struct dentry *old_dentry,
+			       struct inode *dir,
+			       struct dentry *new_dentry);
+
+/* Structure where we fill in the various hooks we are implementing in this module
+ */
+struct security_operations trustees_security_ops = {
+	.capable = trustees_capable,
+	.inode_permission = trustees_inode_permission,
+	.inode_link = trustees_inode_link,
+	.inode_rename = trustees_inode_rename
+};
+
+#define ALL_MAYS (MAY_WRITE | MAY_EXEC | MAY_READ)
+/* Converts a trustee_mask to a normal unix mask
+ */
+static int inline trustee_mask_to_normal_mask(int mask, int isdir)
+{
+	int r = 0;
+	if ((mask & TRUSTEE_READ_MASK) && !isdir)
+		r |= MAY_READ;
+	if ((mask & TRUSTEE_READ_DIR_MASK) && isdir)
+		r |= MAY_READ;
+	if (mask & TRUSTEE_WRITE_MASK)
+		r |= MAY_WRITE;
+	if ((mask & TRUSTEE_BROWSE_MASK) && isdir)
+		r |= MAY_EXEC;
+	if ((mask & TRUSTEE_EXECUTE_MASK) && !isdir)
+		r |= MAY_EXEC;
+	return r;
+}
+
+/* This is the meat of the permissions checking.  First it checks for root,
+ * otherwise it first checks for any errors finding the dentry/vfsmount for
+ * the inode, and then it looks up the dentry in the trustees hash.
+ */
+static int trustees_inode_permission(struct inode *inode, int mask)
+{
+	struct path path;
+	char *file_name;
+	int is_dir;
+	int ret;
+	int depth;
+	int amask;
+	int dmask;
+	umode_t mode = inode->i_mode;
+
+	if (has_root_perm(inode, mask) == 0)
+		return 0;
+
+	ret = has_unix_perm(inode, mask);
+
+	if (find_inode_path(inode, &path)) {
+		return -EACCES;
+	}
+
+	file_name = trustees_filename_for_dentry(path.dentry, &depth, 1);
+	if (!file_name) {
+		TS_ERR_MSG("Couldn't allocate filename\n");
+		ret = -EACCES;
+		goto out_path;
+	}
+
+	is_dir = S_ISDIR(inode->i_mode);
+
+	read_lock(&trustee_hash_lock);
+	amask = trustee_perm(&path, file_name, ret, depth, is_dir,
+			     (struct trustee_hash_element **)NULL);
+	read_unlock(&trustee_hash_lock);
+	dmask = amask >> TRUSTEE_NUM_ACL_BITS;
+
+	/* no permission if denied */
+	if (trustee_mask_to_normal_mask(dmask, is_dir) & mask & ALL_MAYS) {
+		ret = -EACCES;
+		goto out;
+	}
+	/* use unix perms */
+	if (!(dmask & TRUSTEE_USE_UNIX_MASK) &&
+	    (amask & TRUSTEE_USE_UNIX_MASK) && (!ret))
+		goto out;
+
+	/* if the file isn't executable, then the trustees shouldn't
+	 * make it executable
+	 */
+	if ((mask & MAY_EXEC) && !(mode & S_IXOTH) &&
+	    !((mode >> 3) & S_IXOTH) & !((mode >> 6) & S_IXOTH) &&
+	    (!is_dir)) {
+		ret = -EACCES;
+		goto out;
+	}
+	/* Check trustees for permission
+	 */
+	if ((trustee_mask_to_normal_mask(amask, is_dir) & mask & ALL_MAYS)
+	    == mask) {
+		ret = 0;
+		goto out;
+	} else
+		ret = -EACCES;
+
+out:
+	kfree(file_name);
+out_path:
+	path_put(&path);
+
+	return ret;
+}
+
+/* We should only allow hard links under one of two conditions:
+ *   1. Its in the same trustee
+ *        - if the two dentries are covered by the same trustee, there shouldn't
+ *          be much of a problem with allowing the hardlink to occur.
+ *   2. fsuid = 0
+ */
+static int trustees_inode_link(struct dentry *old_dentry,
+			       struct inode *dir,
+			       struct dentry *new_dentry)
+{
+	int ret = -EXDEV;
+	struct path path1;
+	struct path path2;
+
+	if (current_fsuid() == 0)
+		return 0;
+
+	path1.dentry = dget(old_dentry);
+	path1.mnt = find_inode_mnt(old_dentry->d_inode);
+	path2.dentry = dget(new_dentry);
+	path2.mnt = mntget(path1.mnt);
+
+	if (have_same_trustees_rename(&path1, &path2))
+		ret = 0;
+
+	path_put(&path1);
+	path_put(&path2);
+
+	return ret;
+}
+
+/* We have a few renames to protect against:
+ *   1. Any file or directory that is affected by different trustees at its
+ *      old location than at its new location.
+ *   2. In the case of a directory, we should protect against moving a directory
+ *      that has trustees set inside of it.
+ *
+ * In any case above, we return -EXDEV which signifies to the calling program that
+ * the files are on different devices, and assuming the program is written correctly
+ * it should then handle the situation by copying the files and removing the originals
+ * ( which will then use the trustees permissions as they are meant to be used )
+ */
+static int trustees_inode_rename(struct inode *old_dir,
+				 struct dentry *old_dentry,
+				 struct inode *new_dir,
+				 struct dentry *new_dentry)
+{
+	return trustees_inode_link(old_dentry, new_dir, new_dentry);
+}
+
+/* Return CAP_DAC_OVERRIDE on everything.  We want to handle our own
+ * permissions (overriding those normally allowed by unix permissions)
+ */
+static int trustees_capable(struct task_struct *tsk, const struct cred *cred,
+			    int cap,
+			    int audit)
+{
+	if (cap == CAP_DAC_OVERRIDE)
+		return 0;
+
+	return cap_capable(tsk, cred, cap, audit);
+}
+
+/* Register the security module
+ */
+int trustees_init_security(void)
+{
+	if (register_security(&trustees_security_ops)) {
+		TS_ERR_MSG("Could not register security component\n");
+		return -EINVAL;
+	}
+
+	return 0;
+}