[PATCH] ext2: Enable atomic inode security labeling

This patch modifies ext2 to call the inode_init_security LSM hook to obtain the security attribute for a newly created inode and to set the resulting attribute on the new inode. This parallels the existing processing for setting ACLs on newly created inodes. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Stephen Smalley <sds@tycho.nsa.gov> 2005-09-09 16:01:39 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-09-09 16:57:27 -0400
commit: 10f47e6a1b8b276323b652053945c87a63a5812d (patch)
tree: a927d6a4129cb9d76e96d2434b4dde7c1aff76d5
parent: 5e41ff9e0650f327a6c819841fa412da95d57319 (diff)
3 files changed, 35 insertions, 0 deletions
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c
index 161f156d98c8..c8d07030c897 100644
--- a/fs/ext2/ialloc.c
+++ b/fs/ext2/ialloc.c
@@ -615,6 +615,11 @@ got:
                DQUOT_DROP(inode);
                goto fail2;
        }
+        err = ext2_init_security(inode,dir);
+        if (err) {
+                DQUOT_FREE_INODE(inode);
+                goto fail2;
+        }
        mark_inode_dirty(inode);
        ext2_debug("allocating inode %lu\n", inode->i_ino);
        ext2_preread_inode(inode);
diff --git a/fs/ext2/xattr.h b/fs/ext2/xattr.h
index 5f3bfde3b810..67cfeb66e897 100644
--- a/fs/ext2/xattr.h
+++ b/fs/ext2/xattr.h
@@ -116,3 +116,11 @@ exit_ext2_xattr(void)
 # endif  /* CONFIG_EXT2_FS_XATTR */
+#ifdef CONFIG_EXT2_FS_SECURITY
+extern int ext2_init_security(struct inode *inode, struct inode *dir);
+#else
+static inline int ext2_init_security(struct inode *inode, struct inode *dir)
+{
+        return 0;
+}
+#endif
diff --git a/fs/ext2/xattr_security.c b/fs/ext2/xattr_security.c
index 6a6c59fbe599..a26612798471 100644
--- a/fs/ext2/xattr_security.c
+++ b/fs/ext2/xattr_security.c
@@ -8,6 +8,7 @@
 #include <linux/fs.h>
 #include <linux/smp_lock.h>
 #include <linux/ext2_fs.h>
+#include <linux/security.h>
 #include "xattr.h"
 static size_t
@@ -45,6 +46,27 @@ ext2_xattr_security_set(struct inode *inode, const char *name,
                              value, size, flags);
 }
+int
+ext2_init_security(struct inode *inode, struct inode *dir)
+{
+        int err;
+        size_t len;
+        void *value;
+        char *name;
+        err = security_inode_init_security(inode, dir, &name, &value, &len);
+        if (err) {
+                if (err == -EOPNOTSUPP)
+                        return 0;
+                return err;
+        }
+        err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY,
+                             name, value, len, 0);
+        kfree(name);
+        kfree(value);
+        return err;
+}
 struct xattr_handler ext2_xattr_security_handler = {
        .prefix = XATTR_SECURITY_PREFIX,
        .list   = ext2_xattr_security_list,
author	Stephen Smalley <sds@tycho.nsa.gov>	2005-09-09 16:01:39 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-09-09 16:57:27 -0400
commit	10f47e6a1b8b276323b652053945c87a63a5812d (patch)
tree	a927d6a4129cb9d76e96d2434b4dde7c1aff76d5
parent	5e41ff9e0650f327a6c819841fa412da95d57319 (diff)

diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c index 161f156d98c8..c8d07030c897 100644 --- a/fs/ext2/ialloc.c +++ b/fs/ext2/ialloc.c
@@ -615,6 +615,11 @@ got:
615	DQUOT_DROP(inode);	615	DQUOT_DROP(inode);
616	goto fail2;	616	goto fail2;
617	}	617	}
		618	err = ext2_init_security(inode,dir);
		619	if (err) {
		620	DQUOT_FREE_INODE(inode);
		621	goto fail2;
		622	}
618	mark_inode_dirty(inode);	623	mark_inode_dirty(inode);
619	ext2_debug("allocating inode %lu\n", inode->i_ino);	624	ext2_debug("allocating inode %lu\n", inode->i_ino);
620	ext2_preread_inode(inode);	625	ext2_preread_inode(inode);


diff --git a/fs/ext2/xattr.h b/fs/ext2/xattr.h index 5f3bfde3b810..67cfeb66e897 100644 --- a/fs/ext2/xattr.h +++ b/fs/ext2/xattr.h
@@ -116,3 +116,11 @@ exit_ext2_xattr(void)
116		116
117	# endif /* CONFIG_EXT2_FS_XATTR */	117	# endif /* CONFIG_EXT2_FS_XATTR */
118		118
		119	#ifdef CONFIG_EXT2_FS_SECURITY
		120	extern int ext2_init_security(struct inode inode, struct inode dir);
		121	#else
		122	static inline int ext2_init_security(struct inode inode, struct inode dir)
		123	{
		124	return 0;
		125	}
		126	#endif


diff --git a/fs/ext2/xattr_security.c b/fs/ext2/xattr_security.c index 6a6c59fbe599..a26612798471 100644 --- a/fs/ext2/xattr_security.c +++ b/fs/ext2/xattr_security.c
@@ -8,6 +8,7 @@
8	#include <linux/fs.h>	8	#include <linux/fs.h>
9	#include <linux/smp_lock.h>	9	#include <linux/smp_lock.h>
10	#include <linux/ext2_fs.h>	10	#include <linux/ext2_fs.h>
		11	#include <linux/security.h>
11	#include "xattr.h"	12	#include "xattr.h"
12		13
13	static size_t	14	static size_t
@@ -45,6 +46,27 @@ ext2_xattr_security_set(struct inode inode, const char name,
45	value, size, flags);	46	value, size, flags);
46	}	47	}
47		48
		49	int
		50	ext2_init_security(struct inode inode, struct inode dir)
		51	{
		52	int err;
		53	size_t len;
		54	void *value;
		55	char *name;
		56
		57	err = security_inode_init_security(inode, dir, &name, &value, &len);
		58	if (err) {
		59	if (err == -EOPNOTSUPP)
		60	return 0;
		61	return err;
		62	}
		63	err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY,
		64	name, value, len, 0);
		65	kfree(name);
		66	kfree(value);
		67	return err;
		68	}
		69
48	struct xattr_handler ext2_xattr_security_handler = {	70	struct xattr_handler ext2_xattr_security_handler = {
49	.prefix = XATTR_SECURITY_PREFIX,	71	.prefix = XATTR_SECURITY_PREFIX,
50	.list = ext2_xattr_security_list,	72	.list = ext2_xattr_security_list,