security: new security_inode_init_security API adds function callback

This patch changes the security_inode_init_security API by adding a filesystem specific callback to write security extended attributes. This change is in preparation for supporting the initialization of multiple LSM xattrs and the EVM xattr. Initially the callback function walks an array of xattrs, writing each xattr separately, but could be optimized to write multiple xattrs at once. For existing security_inode_init_security() calls, which have not yet been converted to use the new callback function, such as those in reiserfs and ocfs2, this patch defines security_old_inode_init_security(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-06-06 15:29:25 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-07-18 12:29:38 -0400
commit: 9d8f13ba3f4833219e50767b022b82cd0da930eb (patch)
tree: 3ba2367380d009111ea17696162a62320c88d144 /security
parent: 0f2a55d5bb2372058275b0b343d90dd5d640d045 (diff)
1 files changed, 36 insertions, 3 deletions
diff --git a/security/security.c b/security/security.c
index 4ba6d4cc061..3464d58a576 100644
--- a/security/security.c
+++ b/security/security.c
@@ -18,6 +18,8 @@
 #include <linux/security.h>
 #include <linux/ima.h>
+#define MAX_LSM_XATTR   1
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
        CONFIG_DEFAULT_SECURITY;
@@ -339,15 +341,46 @@ void security_inode_free(struct inode *inode)
 }
 int security_inode_init_security(struct inode *inode, struct inode *dir,
-                                 const struct qstr *qstr, char **name,
+                                 const struct qstr *qstr,
-                                 void **value, size_t *len)
+                                 const initxattrs initxattrs, void *fs_data)
+{
+        struct xattr new_xattrs[MAX_LSM_XATTR + 1];
+        struct xattr *lsm_xattr;
+        int ret;
+        if (unlikely(IS_PRIVATE(inode)))
+                return -EOPNOTSUPP;
+        memset(new_xattrs, 0, sizeof new_xattrs);
+        if (!initxattrs)
+                return security_ops->inode_init_security(inode, dir, qstr,
+                                                         NULL, NULL, NULL);
+        lsm_xattr = new_xattrs;
+        ret = security_ops->inode_init_security(inode, dir, qstr,
+                                                &lsm_xattr->name,
+                                                &lsm_xattr->value,
+                                                &lsm_xattr->value_len);
+        if (ret)
+                goto out;
+        ret = initxattrs(inode, new_xattrs, fs_data);
+out:
+        kfree(lsm_xattr->name);
+        kfree(lsm_xattr->value);
+        return (ret == -EOPNOTSUPP) ? 0 : ret;
+}
+EXPORT_SYMBOL(security_inode_init_security);
+int security_old_inode_init_security(struct inode *inode, struct inode *dir,
+                                     const struct qstr *qstr, char **name,
+                                     void **value, size_t *len)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
        return security_ops->inode_init_security(inode, dir, qstr, name, value,
                                                 len);
 }
-EXPORT_SYMBOL(security_inode_init_security);
+EXPORT_SYMBOL(security_old_inode_init_security);
 #ifdef CONFIG_SECURITY_PATH
 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-06-06 15:29:25 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-07-18 12:29:38 -0400
commit	9d8f13ba3f4833219e50767b022b82cd0da930eb (patch)
tree	3ba2367380d009111ea17696162a62320c88d144 /security
parent	0f2a55d5bb2372058275b0b343d90dd5d640d045 (diff)

diff --git a/security/security.c b/security/security.c index 4ba6d4cc061..3464d58a576 100644 --- a/security/security.c +++ b/security/security.c
@@ -18,6 +18,8 @@
18	#include <linux/security.h>	18	#include <linux/security.h>
19	#include <linux/ima.h>	19	#include <linux/ima.h>
20		20
		21	#define MAX_LSM_XATTR 1
		22
21	/* Boot-time LSM user choice */	23	/* Boot-time LSM user choice */
22	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =	24	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
23	CONFIG_DEFAULT_SECURITY;	25	CONFIG_DEFAULT_SECURITY;
@@ -339,15 +341,46 @@ void security_inode_free(struct inode *inode)
339	}	341	}
340		342
341	int security_inode_init_security(struct inode inode, struct inode dir,	343	int security_inode_init_security(struct inode inode, struct inode dir,
342	const struct qstr qstr, char *name,	344	const struct qstr *qstr,
343	void *value, size_t len)	345	const initxattrs initxattrs, void *fs_data)
		346	{
		347	struct xattr new_xattrs[MAX_LSM_XATTR + 1];
		348	struct xattr *lsm_xattr;
		349	int ret;
		350
		351	if (unlikely(IS_PRIVATE(inode)))
		352	return -EOPNOTSUPP;
		353
		354	memset(new_xattrs, 0, sizeof new_xattrs);
		355	if (!initxattrs)
		356	return security_ops->inode_init_security(inode, dir, qstr,
		357	NULL, NULL, NULL);
		358	lsm_xattr = new_xattrs;
		359	ret = security_ops->inode_init_security(inode, dir, qstr,
		360	&lsm_xattr->name,
		361	&lsm_xattr->value,
		362	&lsm_xattr->value_len);
		363	if (ret)
		364	goto out;
		365	ret = initxattrs(inode, new_xattrs, fs_data);
		366	out:
		367	kfree(lsm_xattr->name);
		368	kfree(lsm_xattr->value);
		369
		370	return (ret == -EOPNOTSUPP) ? 0 : ret;
		371	}
		372	EXPORT_SYMBOL(security_inode_init_security);
		373
		374	int security_old_inode_init_security(struct inode inode, struct inode dir,
		375	const struct qstr qstr, char *name,
		376	void *value, size_t len)
344	{	377	{
345	if (unlikely(IS_PRIVATE(inode)))	378	if (unlikely(IS_PRIVATE(inode)))
346	return -EOPNOTSUPP;	379	return -EOPNOTSUPP;
347	return security_ops->inode_init_security(inode, dir, qstr, name, value,	380	return security_ops->inode_init_security(inode, dir, qstr, name, value,
348	len);	381	len);
349	}	382	}
350	EXPORT_SYMBOL(security_inode_init_security);	383	EXPORT_SYMBOL(security_old_inode_init_security);
351		384
352	#ifdef CONFIG_SECURITY_PATH	385	#ifdef CONFIG_SECURITY_PATH
353	int security_path_mknod(struct path dir, struct dentry dentry, int mode,	386	int security_path_mknod(struct path dir, struct dentry dentry, int mode,