security: new security_inode_init_security API adds function callback

This patch changes the security_inode_init_security API by adding a filesystem specific callback to write security extended attributes. This change is in preparation for supporting the initialization of multiple LSM xattrs and the EVM xattr. Initially the callback function walks an array of xattrs, writing each xattr separately, but could be optimized to write multiple xattrs at once. For existing security_inode_init_security() calls, which have not yet been converted to use the new callback function, such as those in reiserfs and ocfs2, this patch defines security_old_inode_init_security(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-06-06 15:29:25 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-07-18 12:29:38 -0400
commit: 9d8f13ba3f4833219e50767b022b82cd0da930eb (patch)
tree: 3ba2367380d009111ea17696162a62320c88d144 /fs/ext4/xattr_security.c
parent: 0f2a55d5bb2372058275b0b343d90dd5d640d045 (diff)
1 files changed, 20 insertions, 16 deletions
diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c
index 007c3bfbf094..34e4350dd4d9 100644
--- a/fs/ext4/xattr_security.c
+++ b/fs/ext4/xattr_security.c
@@ -48,28 +48,32 @@ ext4_xattr_security_set(struct dentry *dentry, const char *name,
                              name, value, size, flags);
 }
-int
+int ext4_initxattrs(struct inode *inode, const struct xattr *xattr_array,
-ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir,
+                    void *fs_info)
-                   const struct qstr *qstr)
 {
-        int err;
+        const struct xattr *xattr;
-        size_t len;
+        handle_t *handle = fs_info;
-        void *value;
+        int err = 0;
-        char *name;
-        err = security_inode_init_security(inode, dir, qstr, &name, &value, &len);
+        for (xattr = xattr_array; xattr->name != NULL; xattr++) {
-        if (err) {
+                err = ext4_xattr_set_handle(handle, inode,
-                if (err == -EOPNOTSUPP)
+                                            EXT4_XATTR_INDEX_SECURITY,
-                        return 0;
+                                            xattr->name, xattr->value,
-                return err;
+                                            xattr->value_len, 0);
+                if (err < 0)
+                        break;
        }
-        err = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_SECURITY,
-                                    name, value, len, 0);
-        kfree(name);
-        kfree(value);
        return err;
 }
+int
+ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir,
+                   const struct qstr *qstr)
+{
+        return security_inode_init_security(inode, dir, qstr,
+                                            &ext4_initxattrs, handle);
+}
 const struct xattr_handler ext4_xattr_security_handler = {
        .prefix = XATTR_SECURITY_PREFIX,
        .list   = ext4_xattr_security_list,
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-06-06 15:29:25 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-07-18 12:29:38 -0400
commit	9d8f13ba3f4833219e50767b022b82cd0da930eb (patch)
tree	3ba2367380d009111ea17696162a62320c88d144 /fs/ext4/xattr_security.c
parent	0f2a55d5bb2372058275b0b343d90dd5d640d045 (diff)