diff options
| author | James Morris <jmorris@namei.org> | 2011-08-08 20:31:03 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-08-08 20:31:03 -0400 |
| commit | 5a2f3a02aea164f4f59c0c3497772090a411b462 (patch) | |
| tree | d3ebe03d4f97575290087843960baa01de3acd0a /fs | |
| parent | 1d568ab068c021672d6cd7f50f92a3695a921ffb (diff) | |
| parent | 817b54aa45db03437c6d09a7693fc6926eb8e822 (diff) | |
Merge branch 'next-evm' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next
Conflicts:
fs/attr.c
Resolve conflict manually.
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/attr.c | 5 | ||||
| -rw-r--r-- | fs/btrfs/xattr.c | 50 | ||||
| -rw-r--r-- | fs/ext2/xattr_security.c | 34 | ||||
| -rw-r--r-- | fs/ext3/xattr_security.c | 36 | ||||
| -rw-r--r-- | fs/ext4/xattr_security.c | 36 | ||||
| -rw-r--r-- | fs/gfs2/inode.c | 38 | ||||
| -rw-r--r-- | fs/jffs2/security.c | 35 | ||||
| -rw-r--r-- | fs/jfs/xattr.c | 57 | ||||
| -rw-r--r-- | fs/ocfs2/xattr.c | 38 | ||||
| -rw-r--r-- | fs/reiserfs/xattr_security.c | 4 | ||||
| -rw-r--r-- | fs/xattr.c | 63 | ||||
| -rw-r--r-- | fs/xfs/linux-2.6/xfs_iops.c | 39 |
12 files changed, 260 insertions, 175 deletions
| @@ -13,6 +13,7 @@ | |||
| 13 | #include <linux/fsnotify.h> | 13 | #include <linux/fsnotify.h> |
| 14 | #include <linux/fcntl.h> | 14 | #include <linux/fcntl.h> |
| 15 | #include <linux/security.h> | 15 | #include <linux/security.h> |
| 16 | #include <linux/evm.h> | ||
| 16 | 17 | ||
| 17 | /** | 18 | /** |
| 18 | * inode_change_ok - check if attribute changes to an inode are allowed | 19 | * inode_change_ok - check if attribute changes to an inode are allowed |
| @@ -237,8 +238,10 @@ int notify_change(struct dentry * dentry, struct iattr * attr) | |||
| 237 | else | 238 | else |
| 238 | error = simple_setattr(dentry, attr); | 239 | error = simple_setattr(dentry, attr); |
| 239 | 240 | ||
| 240 | if (!error) | 241 | if (!error) { |
| 241 | fsnotify_change(dentry, ia_valid); | 242 | fsnotify_change(dentry, ia_valid); |
| 243 | evm_inode_post_setattr(dentry, ia_valid); | ||
| 244 | } | ||
| 242 | 245 | ||
| 243 | return error; | 246 | return error; |
| 244 | } | 247 | } |
diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c index d733b9cfea34..6196e1a76c14 100644 --- a/fs/btrfs/xattr.c +++ b/fs/btrfs/xattr.c | |||
| @@ -374,36 +374,36 @@ int btrfs_removexattr(struct dentry *dentry, const char *name) | |||
| 374 | XATTR_REPLACE); | 374 | XATTR_REPLACE); |
| 375 | } | 375 | } |
| 376 | 376 | ||
| 377 | int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, | 377 | int btrfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 378 | struct inode *inode, struct inode *dir, | 378 | void *fs_info) |
| 379 | const struct qstr *qstr) | ||
| 380 | { | 379 | { |
| 381 | int err; | 380 | const struct xattr *xattr; |
| 382 | size_t len; | 381 | struct btrfs_trans_handle *trans = fs_info; |
| 383 | void *value; | ||
| 384 | char *suffix; | ||
| 385 | char *name; | 382 | char *name; |
| 383 | int err = 0; | ||
| 386 | 384 | ||
| 387 | err = security_inode_init_security(inode, dir, qstr, &suffix, &value, | 385 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 388 | &len); | 386 | name = kmalloc(XATTR_SECURITY_PREFIX_LEN + |
| 389 | if (err) { | 387 | strlen(xattr->name) + 1, GFP_NOFS); |
| 390 | if (err == -EOPNOTSUPP) | 388 | if (!name) { |
| 391 | return 0; | 389 | err = -ENOMEM; |
| 392 | return err; | 390 | break; |
| 393 | } | 391 | } |
| 394 | |||
| 395 | name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1, | ||
| 396 | GFP_NOFS); | ||
| 397 | if (!name) { | ||
| 398 | err = -ENOMEM; | ||
| 399 | } else { | ||
| 400 | strcpy(name, XATTR_SECURITY_PREFIX); | 392 | strcpy(name, XATTR_SECURITY_PREFIX); |
| 401 | strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix); | 393 | strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name); |
| 402 | err = __btrfs_setxattr(trans, inode, name, value, len, 0); | 394 | err = __btrfs_setxattr(trans, inode, name, |
| 395 | xattr->value, xattr->value_len, 0); | ||
| 403 | kfree(name); | 396 | kfree(name); |
| 397 | if (err < 0) | ||
| 398 | break; | ||
| 404 | } | 399 | } |
| 405 | |||
| 406 | kfree(suffix); | ||
| 407 | kfree(value); | ||
| 408 | return err; | 400 | return err; |
| 409 | } | 401 | } |
| 402 | |||
| 403 | int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, | ||
| 404 | struct inode *inode, struct inode *dir, | ||
| 405 | const struct qstr *qstr) | ||
| 406 | { | ||
| 407 | return security_inode_init_security(inode, dir, qstr, | ||
| 408 | &btrfs_initxattrs, trans); | ||
| 409 | } | ||
diff --git a/fs/ext2/xattr_security.c b/fs/ext2/xattr_security.c index 5d979b4347b0..c922adc8ef41 100644 --- a/fs/ext2/xattr_security.c +++ b/fs/ext2/xattr_security.c | |||
| @@ -46,28 +46,30 @@ ext2_xattr_security_set(struct dentry *dentry, const char *name, | |||
| 46 | value, size, flags); | 46 | value, size, flags); |
| 47 | } | 47 | } |
| 48 | 48 | ||
| 49 | int | 49 | int ext2_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 50 | ext2_init_security(struct inode *inode, struct inode *dir, | 50 | void *fs_info) |
| 51 | const struct qstr *qstr) | ||
| 52 | { | 51 | { |
| 53 | int err; | 52 | const struct xattr *xattr; |
| 54 | size_t len; | 53 | int err = 0; |
| 55 | void *value; | ||
| 56 | char *name; | ||
| 57 | 54 | ||
| 58 | err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); | 55 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 59 | if (err) { | 56 | err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY, |
| 60 | if (err == -EOPNOTSUPP) | 57 | xattr->name, xattr->value, |
| 61 | return 0; | 58 | xattr->value_len, 0); |
| 62 | return err; | 59 | if (err < 0) |
| 60 | break; | ||
| 63 | } | 61 | } |
| 64 | err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY, | ||
| 65 | name, value, len, 0); | ||
| 66 | kfree(name); | ||
| 67 | kfree(value); | ||
| 68 | return err; | 62 | return err; |
| 69 | } | 63 | } |
| 70 | 64 | ||
| 65 | int | ||
| 66 | ext2_init_security(struct inode *inode, struct inode *dir, | ||
| 67 | const struct qstr *qstr) | ||
| 68 | { | ||
| 69 | return security_inode_init_security(inode, dir, qstr, | ||
| 70 | &ext2_initxattrs, NULL); | ||
| 71 | } | ||
| 72 | |||
| 71 | const struct xattr_handler ext2_xattr_security_handler = { | 73 | const struct xattr_handler ext2_xattr_security_handler = { |
| 72 | .prefix = XATTR_SECURITY_PREFIX, | 74 | .prefix = XATTR_SECURITY_PREFIX, |
| 73 | .list = ext2_xattr_security_list, | 75 | .list = ext2_xattr_security_list, |
diff --git a/fs/ext3/xattr_security.c b/fs/ext3/xattr_security.c index b8d9f83aa5c5..3c218b8a51d4 100644 --- a/fs/ext3/xattr_security.c +++ b/fs/ext3/xattr_security.c | |||
| @@ -48,28 +48,32 @@ ext3_xattr_security_set(struct dentry *dentry, const char *name, | |||
| 48 | name, value, size, flags); | 48 | name, value, size, flags); |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | int | 51 | int ext3_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 52 | ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir, | 52 | void *fs_info) |
| 53 | const struct qstr *qstr) | ||
| 54 | { | 53 | { |
| 55 | int err; | 54 | const struct xattr *xattr; |
| 56 | size_t len; | 55 | handle_t *handle = fs_info; |
| 57 | void *value; | 56 | int err = 0; |
| 58 | char *name; | ||
| 59 | 57 | ||
| 60 | err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); | 58 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 61 | if (err) { | 59 | err = ext3_xattr_set_handle(handle, inode, |
| 62 | if (err == -EOPNOTSUPP) | 60 | EXT3_XATTR_INDEX_SECURITY, |
| 63 | return 0; | 61 | xattr->name, xattr->value, |
| 64 | return err; | 62 | xattr->value_len, 0); |
| 63 | if (err < 0) | ||
| 64 | break; | ||
| 65 | } | 65 | } |
| 66 | err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY, | ||
| 67 | name, value, len, 0); | ||
| 68 | kfree(name); | ||
| 69 | kfree(value); | ||
| 70 | return err; | 66 | return err; |
| 71 | } | 67 | } |
| 72 | 68 | ||
| 69 | int | ||
| 70 | ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir, | ||
| 71 | const struct qstr *qstr) | ||
| 72 | { | ||
| 73 | return security_inode_init_security(inode, dir, qstr, | ||
| 74 | &ext3_initxattrs, handle); | ||
| 75 | } | ||
| 76 | |||
| 73 | const struct xattr_handler ext3_xattr_security_handler = { | 77 | const struct xattr_handler ext3_xattr_security_handler = { |
| 74 | .prefix = XATTR_SECURITY_PREFIX, | 78 | .prefix = XATTR_SECURITY_PREFIX, |
| 75 | .list = ext3_xattr_security_list, | 79 | .list = ext3_xattr_security_list, |
diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c index 007c3bfbf094..34e4350dd4d9 100644 --- a/fs/ext4/xattr_security.c +++ b/fs/ext4/xattr_security.c | |||
| @@ -48,28 +48,32 @@ ext4_xattr_security_set(struct dentry *dentry, const char *name, | |||
| 48 | name, value, size, flags); | 48 | name, value, size, flags); |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | int | 51 | int ext4_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 52 | ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir, | 52 | void *fs_info) |
| 53 | const struct qstr *qstr) | ||
| 54 | { | 53 | { |
| 55 | int err; | 54 | const struct xattr *xattr; |
| 56 | size_t len; | 55 | handle_t *handle = fs_info; |
| 57 | void *value; | 56 | int err = 0; |
| 58 | char *name; | ||
| 59 | 57 | ||
| 60 | err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); | 58 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 61 | if (err) { | 59 | err = ext4_xattr_set_handle(handle, inode, |
| 62 | if (err == -EOPNOTSUPP) | 60 | EXT4_XATTR_INDEX_SECURITY, |
| 63 | return 0; | 61 | xattr->name, xattr->value, |
| 64 | return err; | 62 | xattr->value_len, 0); |
| 63 | if (err < 0) | ||
| 64 | break; | ||
| 65 | } | 65 | } |
| 66 | err = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_SECURITY, | ||
| 67 | name, value, len, 0); | ||
| 68 | kfree(name); | ||
| 69 | kfree(value); | ||
| 70 | return err; | 66 | return err; |
| 71 | } | 67 | } |
| 72 | 68 | ||
| 69 | int | ||
| 70 | ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir, | ||
| 71 | const struct qstr *qstr) | ||
| 72 | { | ||
| 73 | return security_inode_init_security(inode, dir, qstr, | ||
| 74 | &ext4_initxattrs, handle); | ||
| 75 | } | ||
| 76 | |||
| 73 | const struct xattr_handler ext4_xattr_security_handler = { | 77 | const struct xattr_handler ext4_xattr_security_handler = { |
| 74 | .prefix = XATTR_SECURITY_PREFIX, | 78 | .prefix = XATTR_SECURITY_PREFIX, |
| 75 | .list = ext4_xattr_security_list, | 79 | .list = ext4_xattr_security_list, |
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 900cf986aadc..6525b804d5ec 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
| @@ -624,31 +624,29 @@ fail: | |||
| 624 | return error; | 624 | return error; |
| 625 | } | 625 | } |
| 626 | 626 | ||
| 627 | static int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip, | 627 | int gfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 628 | const struct qstr *qstr) | 628 | void *fs_info) |
| 629 | { | 629 | { |
| 630 | int err; | 630 | const struct xattr *xattr; |
| 631 | size_t len; | 631 | int err = 0; |
| 632 | void *value; | 632 | |
| 633 | char *name; | 633 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 634 | 634 | err = __gfs2_xattr_set(inode, xattr->name, xattr->value, | |
| 635 | err = security_inode_init_security(&ip->i_inode, &dip->i_inode, qstr, | 635 | xattr->value_len, 0, |
| 636 | &name, &value, &len); | 636 | GFS2_EATYPE_SECURITY); |
| 637 | 637 | if (err < 0) | |
| 638 | if (err) { | 638 | break; |
| 639 | if (err == -EOPNOTSUPP) | ||
| 640 | return 0; | ||
| 641 | return err; | ||
| 642 | } | 639 | } |
| 643 | |||
| 644 | err = __gfs2_xattr_set(&ip->i_inode, name, value, len, 0, | ||
| 645 | GFS2_EATYPE_SECURITY); | ||
| 646 | kfree(value); | ||
| 647 | kfree(name); | ||
| 648 | |||
| 649 | return err; | 640 | return err; |
| 650 | } | 641 | } |
| 651 | 642 | ||
| 643 | static int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip, | ||
| 644 | const struct qstr *qstr) | ||
| 645 | { | ||
| 646 | return security_inode_init_security(&ip->i_inode, &dip->i_inode, qstr, | ||
| 647 | &gfs2_initxattrs, NULL); | ||
| 648 | } | ||
| 649 | |||
| 652 | /** | 650 | /** |
| 653 | * gfs2_create_inode - Create a new inode | 651 | * gfs2_create_inode - Create a new inode |
| 654 | * @dir: The parent directory | 652 | * @dir: The parent directory |
diff --git a/fs/jffs2/security.c b/fs/jffs2/security.c index cfeb7164b085..0f20208df602 100644 --- a/fs/jffs2/security.c +++ b/fs/jffs2/security.c | |||
| @@ -22,26 +22,29 @@ | |||
| 22 | #include <linux/security.h> | 22 | #include <linux/security.h> |
| 23 | #include "nodelist.h" | 23 | #include "nodelist.h" |
| 24 | 24 | ||
| 25 | /* ---- Initial Security Label Attachment -------------- */ | 25 | /* ---- Initial Security Label(s) Attachment callback --- */ |
| 26 | int jffs2_init_security(struct inode *inode, struct inode *dir, | 26 | int jffs2_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 27 | const struct qstr *qstr) | 27 | void *fs_info) |
| 28 | { | 28 | { |
| 29 | int rc; | 29 | const struct xattr *xattr; |
| 30 | size_t len; | 30 | int err = 0; |
| 31 | void *value; | ||
| 32 | char *name; | ||
| 33 | 31 | ||
| 34 | rc = security_inode_init_security(inode, dir, qstr, &name, &value, &len); | 32 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 35 | if (rc) { | 33 | err = do_jffs2_setxattr(inode, JFFS2_XPREFIX_SECURITY, |
| 36 | if (rc == -EOPNOTSUPP) | 34 | xattr->name, xattr->value, |
| 37 | return 0; | 35 | xattr->value_len, 0); |
| 38 | return rc; | 36 | if (err < 0) |
| 37 | break; | ||
| 39 | } | 38 | } |
| 40 | rc = do_jffs2_setxattr(inode, JFFS2_XPREFIX_SECURITY, name, value, len, 0); | 39 | return err; |
| 40 | } | ||
| 41 | 41 | ||
| 42 | kfree(name); | 42 | /* ---- Initial Security Label(s) Attachment ----------- */ |
| 43 | kfree(value); | 43 | int jffs2_init_security(struct inode *inode, struct inode *dir, |
| 44 | return rc; | 44 | const struct qstr *qstr) |
| 45 | { | ||
| 46 | return security_inode_init_security(inode, dir, qstr, | ||
| 47 | &jffs2_initxattrs, NULL); | ||
| 45 | } | 48 | } |
| 46 | 49 | ||
| 47 | /* ---- XATTR Handler for "security.*" ----------------- */ | 50 | /* ---- XATTR Handler for "security.*" ----------------- */ |
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index e87fedef23db..26683e15b3ac 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c | |||
| @@ -1089,38 +1089,37 @@ int jfs_removexattr(struct dentry *dentry, const char *name) | |||
| 1089 | } | 1089 | } |
| 1090 | 1090 | ||
| 1091 | #ifdef CONFIG_JFS_SECURITY | 1091 | #ifdef CONFIG_JFS_SECURITY |
| 1092 | int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir, | 1092 | int jfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
| 1093 | const struct qstr *qstr) | 1093 | void *fs_info) |
| 1094 | { | 1094 | { |
| 1095 | int rc; | 1095 | const struct xattr *xattr; |
| 1096 | size_t len; | 1096 | tid_t *tid = fs_info; |
| 1097 | void *value; | ||
| 1098 | char *suffix; | ||
| 1099 | char *name; | 1097 | char *name; |
| 1100 | 1098 | int err = 0; | |
| 1101 | rc = security_inode_init_security(inode, dir, qstr, &suffix, &value, | 1099 | |
| 1102 | &len); | 1100 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { |
| 1103 | if (rc) { | 1101 | name = kmalloc(XATTR_SECURITY_PREFIX_LEN + |
| 1104 | if (rc == -EOPNOTSUPP) | 1102 | strlen(xattr->name) + 1, GFP_NOFS); |
| 1105 | return 0; | 1103 | if (!name) { |
| 1106 | return rc; | 1104 | err = -ENOMEM; |
| 1107 | } | 1105 | break; |
| 1108 | name = kmalloc(XATTR_SECURITY_PREFIX_LEN + 1 + strlen(suffix), | 1106 | } |
| 1109 | GFP_NOFS); | 1107 | strcpy(name, XATTR_SECURITY_PREFIX); |
| 1110 | if (!name) { | 1108 | strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name); |
| 1111 | rc = -ENOMEM; | 1109 | |
| 1112 | goto kmalloc_failed; | 1110 | err = __jfs_setxattr(*tid, inode, name, |
| 1111 | xattr->value, xattr->value_len, 0); | ||
| 1112 | kfree(name); | ||
| 1113 | if (err < 0) | ||
| 1114 | break; | ||
| 1113 | } | 1115 | } |
| 1114 | strcpy(name, XATTR_SECURITY_PREFIX); | 1116 | return err; |
| 1115 | strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix); | 1117 | } |
| 1116 | |||
| 1117 | rc = __jfs_setxattr(tid, inode, name, value, len, 0); | ||
| 1118 | |||
| 1119 | kfree(name); | ||
| 1120 | kmalloc_failed: | ||
| 1121 | kfree(suffix); | ||
| 1122 | kfree(value); | ||
| 1123 | 1118 | ||
| 1124 | return rc; | 1119 | int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir, |
| 1120 | const struct qstr *qstr) | ||
| 1121 | { | ||
| 1122 | return security_inode_init_security(inode, dir, qstr, | ||
| 1123 | &jfs_initxattrs, &tid); | ||
| 1125 | } | 1124 | } |
| 1126 | #endif | 1125 | #endif |
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 81ecf9c0bf0a..194fb22ef79d 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c | |||
| @@ -7185,20 +7185,9 @@ int ocfs2_init_security_and_acl(struct inode *dir, | |||
| 7185 | { | 7185 | { |
| 7186 | int ret = 0; | 7186 | int ret = 0; |
| 7187 | struct buffer_head *dir_bh = NULL; | 7187 | struct buffer_head *dir_bh = NULL; |
| 7188 | struct ocfs2_security_xattr_info si = { | ||
| 7189 | .enable = 1, | ||
| 7190 | }; | ||
| 7191 | 7188 | ||
| 7192 | ret = ocfs2_init_security_get(inode, dir, qstr, &si); | 7189 | ret = ocfs2_init_security_get(inode, dir, qstr, NULL); |
| 7193 | if (!ret) { | 7190 | if (!ret) { |
| 7194 | ret = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, | ||
| 7195 | si.name, si.value, si.value_len, | ||
| 7196 | XATTR_CREATE); | ||
| 7197 | if (ret) { | ||
| 7198 | mlog_errno(ret); | ||
| 7199 | goto leave; | ||
| 7200 | } | ||
| 7201 | } else if (ret != -EOPNOTSUPP) { | ||
| 7202 | mlog_errno(ret); | 7191 | mlog_errno(ret); |
| 7203 | goto leave; | 7192 | goto leave; |
| 7204 | } | 7193 | } |
| @@ -7255,6 +7244,22 @@ static int ocfs2_xattr_security_set(struct dentry *dentry, const char *name, | |||
| 7255 | name, value, size, flags); | 7244 | name, value, size, flags); |
| 7256 | } | 7245 | } |
| 7257 | 7246 | ||
| 7247 | int ocfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array, | ||
| 7248 | void *fs_info) | ||
| 7249 | { | ||
| 7250 | const struct xattr *xattr; | ||
| 7251 | int err = 0; | ||
| 7252 | |||
| 7253 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { | ||
| 7254 | err = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, | ||
| 7255 | xattr->name, xattr->value, | ||
| 7256 | xattr->value_len, XATTR_CREATE); | ||
| 7257 | if (err) | ||
| 7258 | break; | ||
| 7259 | } | ||
| 7260 | return err; | ||
| 7261 | } | ||
| 7262 | |||
| 7258 | int ocfs2_init_security_get(struct inode *inode, | 7263 | int ocfs2_init_security_get(struct inode *inode, |
| 7259 | struct inode *dir, | 7264 | struct inode *dir, |
| 7260 | const struct qstr *qstr, | 7265 | const struct qstr *qstr, |
| @@ -7263,8 +7268,13 @@ int ocfs2_init_security_get(struct inode *inode, | |||
| 7263 | /* check whether ocfs2 support feature xattr */ | 7268 | /* check whether ocfs2 support feature xattr */ |
| 7264 | if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb))) | 7269 | if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb))) |
| 7265 | return -EOPNOTSUPP; | 7270 | return -EOPNOTSUPP; |
| 7266 | return security_inode_init_security(inode, dir, qstr, &si->name, | 7271 | if (si) |
| 7267 | &si->value, &si->value_len); | 7272 | return security_old_inode_init_security(inode, dir, qstr, |
| 7273 | &si->name, &si->value, | ||
| 7274 | &si->value_len); | ||
| 7275 | |||
| 7276 | return security_inode_init_security(inode, dir, qstr, | ||
| 7277 | &ocfs2_initxattrs, NULL); | ||
| 7268 | } | 7278 | } |
| 7269 | 7279 | ||
| 7270 | int ocfs2_init_security_set(handle_t *handle, | 7280 | int ocfs2_init_security_set(handle_t *handle, |
diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index ef66c18a9332..534668fa41be 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c | |||
| @@ -66,8 +66,8 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode, | |||
| 66 | if (IS_PRIVATE(dir)) | 66 | if (IS_PRIVATE(dir)) |
| 67 | return 0; | 67 | return 0; |
| 68 | 68 | ||
| 69 | error = security_inode_init_security(inode, dir, qstr, &sec->name, | 69 | error = security_old_inode_init_security(inode, dir, qstr, &sec->name, |
| 70 | &sec->value, &sec->length); | 70 | &sec->value, &sec->length); |
| 71 | if (error) { | 71 | if (error) { |
| 72 | if (error == -EOPNOTSUPP) | 72 | if (error == -EOPNOTSUPP) |
| 73 | error = 0; | 73 | error = 0; |
diff --git a/fs/xattr.c b/fs/xattr.c index f060663ab70c..67583de8218c 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
| @@ -14,6 +14,7 @@ | |||
| 14 | #include <linux/mount.h> | 14 | #include <linux/mount.h> |
| 15 | #include <linux/namei.h> | 15 | #include <linux/namei.h> |
| 16 | #include <linux/security.h> | 16 | #include <linux/security.h> |
| 17 | #include <linux/evm.h> | ||
| 17 | #include <linux/syscalls.h> | 18 | #include <linux/syscalls.h> |
| 18 | #include <linux/module.h> | 19 | #include <linux/module.h> |
| 19 | #include <linux/fsnotify.h> | 20 | #include <linux/fsnotify.h> |
| @@ -166,6 +167,64 @@ out_noalloc: | |||
| 166 | } | 167 | } |
| 167 | EXPORT_SYMBOL_GPL(xattr_getsecurity); | 168 | EXPORT_SYMBOL_GPL(xattr_getsecurity); |
| 168 | 169 | ||
| 170 | /* | ||
| 171 | * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr | ||
| 172 | * | ||
| 173 | * Allocate memory, if not already allocated, or re-allocate correct size, | ||
| 174 | * before retrieving the extended attribute. | ||
| 175 | * | ||
| 176 | * Returns the result of alloc, if failed, or the getxattr operation. | ||
| 177 | */ | ||
| 178 | ssize_t | ||
| 179 | vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, | ||
| 180 | size_t xattr_size, gfp_t flags) | ||
| 181 | { | ||
| 182 | struct inode *inode = dentry->d_inode; | ||
| 183 | char *value = *xattr_value; | ||
| 184 | int error; | ||
| 185 | |||
| 186 | error = xattr_permission(inode, name, MAY_READ); | ||
| 187 | if (error) | ||
| 188 | return error; | ||
| 189 | |||
| 190 | if (!inode->i_op->getxattr) | ||
| 191 | return -EOPNOTSUPP; | ||
| 192 | |||
| 193 | error = inode->i_op->getxattr(dentry, name, NULL, 0); | ||
| 194 | if (error < 0) | ||
| 195 | return error; | ||
| 196 | |||
| 197 | if (!value || (error > xattr_size)) { | ||
| 198 | value = krealloc(*xattr_value, error + 1, flags); | ||
| 199 | if (!value) | ||
| 200 | return -ENOMEM; | ||
| 201 | memset(value, 0, error + 1); | ||
| 202 | } | ||
| 203 | |||
| 204 | error = inode->i_op->getxattr(dentry, name, value, error); | ||
| 205 | *xattr_value = value; | ||
| 206 | return error; | ||
| 207 | } | ||
| 208 | |||
| 209 | /* Compare an extended attribute value with the given value */ | ||
| 210 | int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, | ||
| 211 | const char *value, size_t size, gfp_t flags) | ||
| 212 | { | ||
| 213 | char *xattr_value = NULL; | ||
| 214 | int rc; | ||
| 215 | |||
| 216 | rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags); | ||
| 217 | if (rc < 0) | ||
| 218 | return rc; | ||
| 219 | |||
| 220 | if ((rc != size) || (memcmp(xattr_value, value, rc) != 0)) | ||
| 221 | rc = -EINVAL; | ||
| 222 | else | ||
| 223 | rc = 0; | ||
| 224 | kfree(xattr_value); | ||
| 225 | return rc; | ||
| 226 | } | ||
| 227 | |||
| 169 | ssize_t | 228 | ssize_t |
| 170 | vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) | 229 | vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) |
| 171 | { | 230 | { |
| @@ -243,8 +302,10 @@ vfs_removexattr(struct dentry *dentry, const char *name) | |||
| 243 | error = inode->i_op->removexattr(dentry, name); | 302 | error = inode->i_op->removexattr(dentry, name); |
| 244 | mutex_unlock(&inode->i_mutex); | 303 | mutex_unlock(&inode->i_mutex); |
| 245 | 304 | ||
| 246 | if (!error) | 305 | if (!error) { |
| 247 | fsnotify_xattr(dentry); | 306 | fsnotify_xattr(dentry); |
| 307 | evm_inode_post_removexattr(dentry, name); | ||
| 308 | } | ||
| 248 | return error; | 309 | return error; |
| 249 | } | 310 | } |
| 250 | EXPORT_SYMBOL_GPL(vfs_removexattr); | 311 | EXPORT_SYMBOL_GPL(vfs_removexattr); |
diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c index b9c172b3fbbe..37194607162d 100644 --- a/fs/xfs/linux-2.6/xfs_iops.c +++ b/fs/xfs/linux-2.6/xfs_iops.c | |||
| @@ -94,37 +94,38 @@ xfs_mark_inode_dirty( | |||
| 94 | mark_inode_dirty(inode); | 94 | mark_inode_dirty(inode); |
| 95 | } | 95 | } |
| 96 | 96 | ||
| 97 | |||
| 98 | int xfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, | ||
| 99 | void *fs_info) | ||
| 100 | { | ||
| 101 | const struct xattr *xattr; | ||
| 102 | struct xfs_inode *ip = XFS_I(inode); | ||
| 103 | int error = 0; | ||
| 104 | |||
| 105 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { | ||
| 106 | error = xfs_attr_set(ip, xattr->name, xattr->value, | ||
| 107 | xattr->value_len, ATTR_SECURE); | ||
| 108 | if (error < 0) | ||
| 109 | break; | ||
| 110 | } | ||
| 111 | return error; | ||
| 112 | } | ||
| 113 | |||
| 97 | /* | 114 | /* |
| 98 | * Hook in SELinux. This is not quite correct yet, what we really need | 115 | * Hook in SELinux. This is not quite correct yet, what we really need |
| 99 | * here (as we do for default ACLs) is a mechanism by which creation of | 116 | * here (as we do for default ACLs) is a mechanism by which creation of |
| 100 | * these attrs can be journalled at inode creation time (along with the | 117 | * these attrs can be journalled at inode creation time (along with the |
| 101 | * inode, of course, such that log replay can't cause these to be lost). | 118 | * inode, of course, such that log replay can't cause these to be lost). |
| 102 | */ | 119 | */ |
| 120 | |||
| 103 | STATIC int | 121 | STATIC int |
| 104 | xfs_init_security( | 122 | xfs_init_security( |
| 105 | struct inode *inode, | 123 | struct inode *inode, |
| 106 | struct inode *dir, | 124 | struct inode *dir, |
| 107 | const struct qstr *qstr) | 125 | const struct qstr *qstr) |
| 108 | { | 126 | { |
| 109 | struct xfs_inode *ip = XFS_I(inode); | 127 | return security_inode_init_security(inode, dir, qstr, |
| 110 | size_t length; | 128 | &xfs_initxattrs, NULL); |
| 111 | void *value; | ||
| 112 | unsigned char *name; | ||
| 113 | int error; | ||
| 114 | |||
| 115 | error = security_inode_init_security(inode, dir, qstr, (char **)&name, | ||
| 116 | &value, &length); | ||
| 117 | if (error) { | ||
| 118 | if (error == -EOPNOTSUPP) | ||
| 119 | return 0; | ||
| 120 | return -error; | ||
| 121 | } | ||
| 122 | |||
| 123 | error = xfs_attr_set(ip, name, value, length, ATTR_SECURE); | ||
| 124 | |||
| 125 | kfree(name); | ||
| 126 | kfree(value); | ||
| 127 | return error; | ||
| 128 | } | 129 | } |
| 129 | 130 | ||
| 130 | static void | 131 | static void |