fs/vfs/security: pass last path component to LSM on inode creation

SELinux would like to implement a new labeling behavior of newly created
inodes.  We currently label new inodes based on the parent and the creating
process.  This new behavior would also take into account the name of the
new object when deciding the new label.  This is not the (supposed) full path,
just the last component of the path.

This is very useful because creating /etc/shadow is different than creating
/etc/passwd but the kernel hooks are unable to differentiate these
operations.  We currently require that userspace realize it is doing some
difficult operation like that and than userspace jumps through SELinux hoops
to get things set up correctly.  This patch does not implement new
behavior, that is obviously contained in a seperate SELinux patch, but it
does pass the needed name down to the correct LSM hook.  If no such name
exists it is fine to pass NULL.

Signed-off-by: Eric Paris <eparis@redhat.com>

1 files changed, 10 insertions, 8 deletions

diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
index c819eb0e982d..30d175b6d290 100644
--- a/fs/jffs2/write.c
+++ b/fs/jffs2/write.c
@@ -424,7 +424,9 @@ int jffs2_write_inode_range(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
         return ret;
 }
 
-int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, const char *name, int namelen)
+int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
+                    struct jffs2_inode_info *f, struct jffs2_raw_inode *ri,
+                    const struct qstr *qstr)
 {
         struct jffs2_raw_dirent *rd;
         struct jffs2_full_dnode *fn;
@@ -466,15 +468,15 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
         mutex_unlock(&f->sem);
         jffs2_complete_reservation(c);
 
-        ret = jffs2_init_security(&f->vfs_inode, &dir_f->vfs_inode);
+        ret = jffs2_init_security(&f->vfs_inode, &dir_f->vfs_inode, qstr);
         if (ret)
                 return ret;
         ret = jffs2_init_acl_post(&f->vfs_inode);
         if (ret)
                 return ret;
 
-        ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
-                                ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
+        ret = jffs2_reserve_space(c, sizeof(*rd)+qstr->len, &alloclen,
+                                ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(qstr->len));
 
         if (ret) {
                 /* Eep. */
@@ -493,19 +495,19 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
 
         rd->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
         rd->nodetype = cpu_to_je16(JFFS2_NODETYPE_DIRENT);
-        rd->totlen = cpu_to_je32(sizeof(*rd) + namelen);
+        rd->totlen = cpu_to_je32(sizeof(*rd) + qstr->len);
         rd->hdr_crc = cpu_to_je32(crc32(0, rd, sizeof(struct jffs2_unknown_node)-4));
 
         rd->pino = cpu_to_je32(dir_f->inocache->ino);
         rd->version = cpu_to_je32(++dir_f->highest_version);
         rd->ino = ri->ino;
         rd->mctime = ri->ctime;
-        rd->nsize = namelen;
+        rd->nsize = qstr->len;
         rd->type = DT_REG;
         rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
-        rd->name_crc = cpu_to_je32(crc32(0, name, namelen));
+        rd->name_crc = cpu_to_je32(crc32(0, qstr->name, qstr->len));
 
-        fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, ALLOC_NORMAL);
+        fd = jffs2_write_dirent(c, dir_f, rd, qstr->name, qstr->len, ALLOC_NORMAL);
 
         jffs2_free_raw_dirent(rd);