3 files changed, 31 insertions, 2 deletions

diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig
index b0d0623c83ed..83a961bf7280 100644
--- a/fs/ubifs/Kconfig
+++ b/fs/ubifs/Kconfig
@@ -61,3 +61,16 @@ config UBIFS_FS_ENCRYPTION
           feature is similar to ecryptfs, but it is more memory
           efficient since it avoids caching the encrypted and
           decrypted pages in the page cache.
+
+config UBIFS_FS_SECURITY
+        bool "UBIFS Security Labels"
+        depends on UBIFS_FS
+        default y
+        help
+          Security labels provide an access control facility to support Linux
+          Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
+          Linux. This option enables an extended attribute handler for file
+          security labels in the ubifs filesystem, so that it requires enabling
+          the extended attribute support in advance.
+
+          If you are not using a security module, say N.
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index 4d57e488038e..abdd11634ba4 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -1756,13 +1756,23 @@ int ubifs_check_dir_empty(struct inode *dir);
 /* xattr.c */
 extern const struct xattr_handler *ubifs_xattr_handlers[];
 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size);
-int ubifs_init_security(struct inode *dentry, struct inode *inode,
-                        const struct qstr *qstr);
 int ubifs_xattr_set(struct inode *host, const char *name, const void *value,
                     size_t size, int flags);
 ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
                         size_t size);
 
+#ifdef CONFIG_UBIFS_FS_SECURITY
+extern int ubifs_init_security(struct inode *dentry, struct inode *inode,
+                        const struct qstr *qstr);
+#else
+static inline int ubifs_init_security(struct inode *dentry,
+                        struct inode *inode, const struct qstr *qstr)
+{
+        return 0;
+}
+#endif
+
+
 /* super.c */
 struct inode *ubifs_iget(struct super_block *sb, unsigned long inum);
 
diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
index efe00fcb8b75..de88732c680c 100644
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -559,6 +559,7 @@ out_free:
         return err;
 }
 
+#ifdef CONFIG_UBIFS_FS_SECURITY
 static int init_xattrs(struct inode *inode, const struct xattr *xattr_array,
                       void *fs_info)
 {
@@ -599,6 +600,7 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode,
         }
         return err;
 }
+#endif
 
 static int xattr_get(const struct xattr_handler *handler,
                            struct dentry *dentry, struct inode *inode,
@@ -639,15 +641,19 @@ static const struct xattr_handler ubifs_trusted_xattr_handler = {
         .set = xattr_set,
 };
 
+#ifdef CONFIG_UBIFS_FS_SECURITY
 static const struct xattr_handler ubifs_security_xattr_handler = {
         .prefix = XATTR_SECURITY_PREFIX,
         .get = xattr_get,
         .set = xattr_set,
 };
+#endif
 
 const struct xattr_handler *ubifs_xattr_handlers[] = {
         &ubifs_user_xattr_handler,
         &ubifs_trusted_xattr_handler,
+#ifdef CONFIG_UBIFS_FS_SECURITY
         &ubifs_security_xattr_handler,
+#endif
         NULL
 };