Merge branch 'next' of git://selinuxproject.org/~jmorris/linux-security

* 'next' of git://selinuxproject.org/~jmorris/linux-security: (95 commits) TOMOYO: Fix incomplete read after seek. Smack: allow to access /smack/access as normal user TOMOYO: Fix unused kernel config option. Smack: fix: invalid length set for the result of /smack/access Smack: compilation fix Smack: fix for /smack/access output, use string instead of byte Smack: domain transition protections (v3) Smack: Provide information for UDS getsockopt(SO_PEERCRED) Smack: Clean up comments Smack: Repair processing of fcntl Smack: Rule list lookup performance Smack: check permissions from user space (v2) TOMOYO: Fix quota and garbage collector. TOMOYO: Remove redundant tasklist_lock. TOMOYO: Fix domain transition failure warning. TOMOYO: Remove tomoyo_policy_memory_lock spinlock. TOMOYO: Simplify garbage collector. TOMOYO: Fix make namespacecheck warnings. target: check hex2bin result encrypted-keys: check hex2bin result ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2011-10-25 03:45:31 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2011-10-25 03:45:31 -0400
commit: 36b8d186e6cc8e32cb5227f5645a58e1bc0af190 (patch)
tree: 1000ad26e189e6ff2c53fb7eeff605f59c7ad94e /include
parent: cd85b557414fe4cd44ea6608825e96612a5fe2b2 (diff)
parent: c45ed235abf1b0b6666417e3c394f18717976acd (diff)
6 files changed, 183 insertions, 22 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h
new file mode 100644
index 000000000000..9fc13a760928
--- /dev/null
+++ b/include/linux/evm.h
@@ -0,0 +1,100 @@
+/*
+ * evm.h
+ *
+ * Copyright (c) 2009 IBM Corporation
+ * Author: Mimi Zohar <zohar@us.ibm.com>
+ */
+#ifndef _LINUX_EVM_H
+#define _LINUX_EVM_H
+#include <linux/integrity.h>
+#include <linux/xattr.h>
+struct integrity_iint_cache;
+#ifdef CONFIG_EVM
+extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
+                                             const char *xattr_name,
+                                             void *xattr_value,
+                                             size_t xattr_value_len,
+                                             struct integrity_iint_cache *iint);
+extern int evm_inode_setattr(struct dentry *dentry, struct iattr *attr);
+extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
+extern int evm_inode_setxattr(struct dentry *dentry, const char *name,
+                              const void *value, size_t size);
+extern void evm_inode_post_setxattr(struct dentry *dentry,
+                                    const char *xattr_name,
+                                    const void *xattr_value,
+                                    size_t xattr_value_len);
+extern int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name);
+extern void evm_inode_post_removexattr(struct dentry *dentry,
+                                       const char *xattr_name);
+extern int evm_inode_init_security(struct inode *inode,
+                                   const struct xattr *xattr_array,
+                                   struct xattr *evm);
+#ifdef CONFIG_FS_POSIX_ACL
+extern int posix_xattr_acl(const char *xattrname);
+#else
+static inline int posix_xattr_acl(const char *xattrname)
+{
+        return 0;
+}
+#endif
+#else
+#ifdef CONFIG_INTEGRITY
+static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
+                                                    const char *xattr_name,
+                                                    void *xattr_value,
+                                                    size_t xattr_value_len,
+                                        struct integrity_iint_cache *iint)
+{
+        return INTEGRITY_UNKNOWN;
+}
+#endif
+static inline int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
+{
+        return 0;
+}
+static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
+{
+        return;
+}
+static inline int evm_inode_setxattr(struct dentry *dentry, const char *name,
+                                     const void *value, size_t size)
+{
+        return 0;
+}
+static inline void evm_inode_post_setxattr(struct dentry *dentry,
+                                           const char *xattr_name,
+                                           const void *xattr_value,
+                                           size_t xattr_value_len)
+{
+        return;
+}
+static inline int evm_inode_removexattr(struct dentry *dentry,
+                                        const char *xattr_name)
+{
+        return 0;
+}
+static inline void evm_inode_post_removexattr(struct dentry *dentry,
+                                              const char *xattr_name)
+{
+        return;
+}
+static inline int evm_inode_init_security(struct inode *inode,
+                                          const struct xattr *xattr_array,
+                                          struct xattr *evm)
+{
+        return 0;
+}
+#endif /* CONFIG_EVM_H */
+#endif /* LINUX_EVM_H */
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 09e6e62f9953..6ac8e50c6cf5 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -15,8 +15,6 @@ struct linux_binprm;
 #ifdef CONFIG_IMA
 extern int ima_bprm_check(struct linux_binprm *bprm);
-extern int ima_inode_alloc(struct inode *inode);
-extern void ima_inode_free(struct inode *inode);
 extern int ima_file_check(struct file *file, int mask);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
@@ -27,16 +25,6 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
        return 0;
 }
-static inline int ima_inode_alloc(struct inode *inode)
-{
-        return 0;
-}
-static inline void ima_inode_free(struct inode *inode)
-{
-        return;
-}
 static inline int ima_file_check(struct file *file, int mask)
 {
        return 0;
@@ -51,6 +39,5 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
 {
        return 0;
 }
 #endif /* CONFIG_IMA_H */
 #endif /* _LINUX_IMA_H */
diff --git a/include/linux/integrity.h b/include/linux/integrity.h
new file mode 100644
index 000000000000..a0c41256cb92
--- /dev/null
+++ b/include/linux/integrity.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2009 IBM Corporation
+ * Author: Mimi Zohar <zohar@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2 of the License.
+ */
+#ifndef _LINUX_INTEGRITY_H
+#define _LINUX_INTEGRITY_H
+#include <linux/fs.h>
+enum integrity_status {
+        INTEGRITY_PASS = 0,
+        INTEGRITY_FAIL,
+        INTEGRITY_NOLABEL,
+        INTEGRITY_NOXATTRS,
+        INTEGRITY_UNKNOWN,
+};
+/* List of EVM protected security xattrs */
+#ifdef CONFIG_INTEGRITY
+extern int integrity_inode_alloc(struct inode *inode);
+extern void integrity_inode_free(struct inode *inode);
+#else
+static inline int integrity_inode_alloc(struct inode *inode)
+{
+        return 0;
+}
+static inline void integrity_inode_free(struct inode *inode)
+{
+        return;
+}
+#endif /* CONFIG_INTEGRITY_H */
+#endif /* _LINUX_INTEGRITY_H */
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 46ac9a50528d..8eefcf7e95eb 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char *pack_hex_byte(char *buf, u8 byte)
 }
 extern int hex_to_bin(char ch);
-extern void hex2bin(u8 *dst, const char *src, size_t count);
+extern int __must_check hex2bin(u8 *dst, const char *src, size_t count);
 /*
 * General tracing related utility functions - trace_printk(),
diff --git a/include/linux/security.h b/include/linux/security.h
index ebd2a53a3d07..19d8e04e1688 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -36,6 +36,7 @@
 #include <linux/key.h>
 #include <linux/xfrm.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
 #include <net/flow.h>
 /* Maximum number of letters for an LSM name string */
@@ -147,6 +148,10 @@ extern int mmap_min_addr_handler(struct ctl_table *table, int write,
                                 void __user *buffer, size_t *lenp, loff_t *ppos);
 #endif
+/* security_inode_init_security callback function to write xattrs */
+typedef int (*initxattrs) (struct inode *inode,
+                           const struct xattr *xattr_array, void *fs_data);
 #ifdef CONFIG_SECURITY
 struct security_mnt_opts {
@@ -1367,7 +1372,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 * @inode_getsecctx:
 *      Returns a string containing all relavent security context information
 *
- *      @inode we wish to set the security context of.
+ *      @inode we wish to get the security context of.
 *      @ctx is a pointer in which to place the allocated security context.
 *      @ctxlen points to the place to put the length of @ctx.
 * This is the main security structure.
@@ -1655,6 +1660,8 @@ struct security_operations {
 extern int security_init(void);
 extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
+extern void __init security_fixup_ops(struct security_operations *ops);
 /* Security operations */
 int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
@@ -1704,8 +1711,11 @@ int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
 int security_inode_alloc(struct inode *inode);
 void security_inode_free(struct inode *inode);
 int security_inode_init_security(struct inode *inode, struct inode *dir,
-                                 const struct qstr *qstr, char **name,
+                                 const struct qstr *qstr,
-                                 void **value, size_t *len);
+                                 initxattrs initxattrs, void *fs_data);
+int security_old_inode_init_security(struct inode *inode, struct inode *dir,
+                                     const struct qstr *qstr, char **name,
+                                     void **value, size_t *len);
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
                         struct dentry *new_dentry);
@@ -2034,11 +2044,19 @@ static inline void security_inode_free(struct inode *inode)
 static inline int security_inode_init_security(struct inode *inode,
                                                struct inode *dir,
                                                const struct qstr *qstr,
-                                                char **name,
+                                                initxattrs initxattrs,
-                                                void **value,
+                                                void *fs_data)
-                                                size_t *len)
 {
-        return -EOPNOTSUPP;
+        return 0;
+}
+static inline int security_old_inode_init_security(struct inode *inode,
+                                                   struct inode *dir,
+                                                   const struct qstr *qstr,
+                                                   char **name, void **value,
+                                                   size_t *len)
+{
+        return 0;
 }
 static inline int security_inode_create(struct inode *dir,
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index aed54c50aa66..e5d122031542 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -30,6 +30,9 @@
 #define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
 /* Security namespace */
+#define XATTR_EVM_SUFFIX "evm"
+#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
 #define XATTR_SELINUX_SUFFIX "selinux"
 #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
@@ -49,6 +52,11 @@
 #define XATTR_CAPS_SUFFIX "capability"
 #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
+#define XATTR_POSIX_ACL_ACCESS  "posix_acl_access"
+#define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS
+#define XATTR_POSIX_ACL_DEFAULT  "posix_acl_default"
+#define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
 #ifdef  __KERNEL__
 #include <linux/types.h>
@@ -67,6 +75,12 @@ struct xattr_handler {
                   size_t size, int flags, int handler_flags);
 };
+struct xattr {
+        char *name;
+        void *value;
+        size_t value_len;
+};
 ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
 ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
@@ -78,7 +92,10 @@ ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer,
 ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
 int generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags);
 int generic_removexattr(struct dentry *dentry, const char *name);
+ssize_t vfs_getxattr_alloc(struct dentry *dentry, const char *name,
+                           char **xattr_value, size_t size, gfp_t flags);
+int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
+                  const char *value, size_t size, gfp_t flags);
 #endif  /*  __KERNEL__  */
 #endif  /* _LINUX_XATTR_H */
author	Linus Torvalds <torvalds@linux-foundation.org>	2011-10-25 03:45:31 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2011-10-25 03:45:31 -0400
commit	36b8d186e6cc8e32cb5227f5645a58e1bc0af190 (patch)
tree	1000ad26e189e6ff2c53fb7eeff605f59c7ad94e /include
parent	cd85b557414fe4cd44ea6608825e96612a5fe2b2 (diff)
parent	c45ed235abf1b0b6666417e3c394f18717976acd (diff)

diff --git a/include/linux/evm.h b/include/linux/evm.h new file mode 100644 index 000000000000..9fc13a760928 --- /dev/null +++ b/include/linux/evm.h
@@ -0,0 +1,100 @@
		1	/*
		2	* evm.h
		3	*
		4	* Copyright (c) 2009 IBM Corporation
		5	* Author: Mimi Zohar <zohar@us.ibm.com>
		6	*/
		7
		8	#ifndef _LINUX_EVM_H
		9	#define _LINUX_EVM_H
		10
		11	#include <linux/integrity.h>
		12	#include <linux/xattr.h>
		13
		14	struct integrity_iint_cache;
		15
		16	#ifdef CONFIG_EVM
		17	extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
		18	const char *xattr_name,
		19	void *xattr_value,
		20	size_t xattr_value_len,
		21	struct integrity_iint_cache *iint);
		22	extern int evm_inode_setattr(struct dentry dentry, struct iattr attr);
		23	extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
		24	extern int evm_inode_setxattr(struct dentry dentry, const char name,
		25	const void *value, size_t size);
		26	extern void evm_inode_post_setxattr(struct dentry *dentry,
		27	const char *xattr_name,
		28	const void *xattr_value,
		29	size_t xattr_value_len);
		30	extern int evm_inode_removexattr(struct dentry dentry, const char xattr_name);
		31	extern void evm_inode_post_removexattr(struct dentry *dentry,
		32	const char *xattr_name);
		33	extern int evm_inode_init_security(struct inode *inode,
		34	const struct xattr *xattr_array,
		35	struct xattr *evm);
		36	#ifdef CONFIG_FS_POSIX_ACL
		37	extern int posix_xattr_acl(const char *xattrname);
		38	#else
		39	static inline int posix_xattr_acl(const char *xattrname)
		40	{
		41	return 0;
		42	}
		43	#endif
		44	#else
		45	#ifdef CONFIG_INTEGRITY
		46	static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
		47	const char *xattr_name,
		48	void *xattr_value,
		49	size_t xattr_value_len,
		50	struct integrity_iint_cache *iint)
		51	{
		52	return INTEGRITY_UNKNOWN;
		53	}
		54	#endif
		55
		56	static inline int evm_inode_setattr(struct dentry dentry, struct iattr attr)
		57	{
		58	return 0;
		59	}
		60
		61	static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
		62	{
		63	return;
		64	}
		65
		66	static inline int evm_inode_setxattr(struct dentry dentry, const char name,
		67	const void *value, size_t size)
		68	{
		69	return 0;
		70	}
		71
		72	static inline void evm_inode_post_setxattr(struct dentry *dentry,
		73	const char *xattr_name,
		74	const void *xattr_value,
		75	size_t xattr_value_len)
		76	{
		77	return;
		78	}
		79
		80	static inline int evm_inode_removexattr(struct dentry *dentry,
		81	const char *xattr_name)
		82	{
		83	return 0;
		84	}
		85
		86	static inline void evm_inode_post_removexattr(struct dentry *dentry,
		87	const char *xattr_name)
		88	{
		89	return;
		90	}
		91
		92	static inline int evm_inode_init_security(struct inode *inode,
		93	const struct xattr *xattr_array,
		94	struct xattr *evm)
		95	{
		96	return 0;
		97	}
		98
		99	#endif /* CONFIG_EVM_H */
		100	#endif /* LINUX_EVM_H */


diff --git a/include/linux/ima.h b/include/linux/ima.h index 09e6e62f9953..6ac8e50c6cf5 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h
@@ -15,8 +15,6 @@ struct linux_binprm;
15		15
16	#ifdef CONFIG_IMA	16	#ifdef CONFIG_IMA
17	extern int ima_bprm_check(struct linux_binprm *bprm);	17	extern int ima_bprm_check(struct linux_binprm *bprm);
18	extern int ima_inode_alloc(struct inode *inode);
19	extern void ima_inode_free(struct inode *inode);
20	extern int ima_file_check(struct file *file, int mask);	18	extern int ima_file_check(struct file *file, int mask);
21	extern void ima_file_free(struct file *file);	19	extern void ima_file_free(struct file *file);
22	extern int ima_file_mmap(struct file *file, unsigned long prot);	20	extern int ima_file_mmap(struct file *file, unsigned long prot);
@@ -27,16 +25,6 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
27	return 0;	25	return 0;
28	}	26	}
29		27
30	static inline int ima_inode_alloc(struct inode *inode)
31	{
32	return 0;
33	}
34
35	static inline void ima_inode_free(struct inode *inode)
36	{
37	return;
38	}
39
40	static inline int ima_file_check(struct file *file, int mask)	28	static inline int ima_file_check(struct file *file, int mask)
41	{	29	{
42	return 0;	30	return 0;
@@ -51,6 +39,5 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
51	{	39	{
52	return 0;	40	return 0;
53	}	41	}
54
55	#endif /* CONFIG_IMA_H */	42	#endif /* CONFIG_IMA_H */
56	#endif /* _LINUX_IMA_H */	43	#endif /* _LINUX_IMA_H */


diff --git a/include/linux/integrity.h b/include/linux/integrity.h new file mode 100644 index 000000000000..a0c41256cb92 --- /dev/null +++ b/include/linux/integrity.h
@@ -0,0 +1,39 @@
		1	/*
		2	* Copyright (C) 2009 IBM Corporation
		3	* Author: Mimi Zohar <zohar@us.ibm.com>
		4	*
		5	* This program is free software; you can redistribute it and/or modify
		6	* it under the terms of the GNU General Public License as published by
		7	* the Free Software Foundation, version 2 of the License.
		8	*/
		9
		10	#ifndef _LINUX_INTEGRITY_H
		11	#define _LINUX_INTEGRITY_H
		12
		13	#include <linux/fs.h>
		14
		15	enum integrity_status {
		16	INTEGRITY_PASS = 0,
		17	INTEGRITY_FAIL,
		18	INTEGRITY_NOLABEL,
		19	INTEGRITY_NOXATTRS,
		20	INTEGRITY_UNKNOWN,
		21	};
		22
		23	/* List of EVM protected security xattrs */
		24	#ifdef CONFIG_INTEGRITY
		25	extern int integrity_inode_alloc(struct inode *inode);
		26	extern void integrity_inode_free(struct inode *inode);
		27
		28	#else
		29	static inline int integrity_inode_alloc(struct inode *inode)
		30	{
		31	return 0;
		32	}
		33
		34	static inline void integrity_inode_free(struct inode *inode)
		35	{
		36	return;
		37	}
		38	#endif /* CONFIG_INTEGRITY_H */
		39	#endif /* _LINUX_INTEGRITY_H */


diff --git a/include/linux/kernel.h b/include/linux/kernel.h index 46ac9a50528d..8eefcf7e95eb 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char pack_hex_byte(char buf, u8 byte)
382	}	382	}
383		383
384	extern int hex_to_bin(char ch);	384	extern int hex_to_bin(char ch);
385	extern void hex2bin(u8 dst, const char src, size_t count);	385	extern int __must_check hex2bin(u8 dst, const char src, size_t count);
386		386
387	/*	387	/*
388	* General tracing related utility functions - trace_printk(),	388	* General tracing related utility functions - trace_printk(),


diff --git a/include/linux/security.h b/include/linux/security.h index ebd2a53a3d07..19d8e04e1688 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -36,6 +36,7 @@
36	#include <linux/key.h>	36	#include <linux/key.h>
37	#include <linux/xfrm.h>	37	#include <linux/xfrm.h>
38	#include <linux/slab.h>	38	#include <linux/slab.h>
		39	#include <linux/xattr.h>
39	#include <net/flow.h>	40	#include <net/flow.h>
40		41
41	/* Maximum number of letters for an LSM name string */	42	/* Maximum number of letters for an LSM name string */
@@ -147,6 +148,10 @@ extern int mmap_min_addr_handler(struct ctl_table *table, int write,
147	void __user buffer, size_t lenp, loff_t *ppos);	148	void __user buffer, size_t lenp, loff_t *ppos);
148	#endif	149	#endif
149		150
		151	/* security_inode_init_security callback function to write xattrs */
		152	typedef int (initxattrs) (struct inode inode,
		153	const struct xattr xattr_array, void fs_data);
		154
150	#ifdef CONFIG_SECURITY	155	#ifdef CONFIG_SECURITY
151		156
152	struct security_mnt_opts {	157	struct security_mnt_opts {
@@ -1367,7 +1372,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1367	* @inode_getsecctx:	1372	* @inode_getsecctx:
1368	* Returns a string containing all relavent security context information	1373	* Returns a string containing all relavent security context information
1369	*	1374	*
1370	* @inode we wish to set the security context of.	1375	* @inode we wish to get the security context of.
1371	* @ctx is a pointer in which to place the allocated security context.	1376	* @ctx is a pointer in which to place the allocated security context.
1372	* @ctxlen points to the place to put the length of @ctx.	1377	* @ctxlen points to the place to put the length of @ctx.
1373	* This is the main security structure.	1378	* This is the main security structure.
@@ -1655,6 +1660,8 @@ struct security_operations {
1655	extern int security_init(void);	1660	extern int security_init(void);
1656	extern int security_module_enable(struct security_operations *ops);	1661	extern int security_module_enable(struct security_operations *ops);
1657	extern int register_security(struct security_operations *ops);	1662	extern int register_security(struct security_operations *ops);
		1663	extern void __init security_fixup_ops(struct security_operations *ops);
		1664
1658		1665
1659	/* Security operations */	1666	/* Security operations */
1660	int security_ptrace_access_check(struct task_struct *child, unsigned int mode);	1667	int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
@@ -1704,8 +1711,11 @@ int security_sb_parse_opts_str(char options, struct security_mnt_opts opts);
1704	int security_inode_alloc(struct inode *inode);	1711	int security_inode_alloc(struct inode *inode);
1705	void security_inode_free(struct inode *inode);	1712	void security_inode_free(struct inode *inode);
1706	int security_inode_init_security(struct inode inode, struct inode dir,	1713	int security_inode_init_security(struct inode inode, struct inode dir,
1707	const struct qstr qstr, char *name,	1714	const struct qstr *qstr,
1708	void *value, size_t len);	1715	initxattrs initxattrs, void *fs_data);
		1716	int security_old_inode_init_security(struct inode inode, struct inode dir,
		1717	const struct qstr qstr, char *name,
		1718	void *value, size_t len);
1709	int security_inode_create(struct inode dir, struct dentry dentry, int mode);	1719	int security_inode_create(struct inode dir, struct dentry dentry, int mode);
1710	int security_inode_link(struct dentry old_dentry, struct inode dir,	1720	int security_inode_link(struct dentry old_dentry, struct inode dir,
1711	struct dentry *new_dentry);	1721	struct dentry *new_dentry);
@@ -2034,11 +2044,19 @@ static inline void security_inode_free(struct inode *inode)
2034	static inline int security_inode_init_security(struct inode *inode,	2044	static inline int security_inode_init_security(struct inode *inode,
2035	struct inode *dir,	2045	struct inode *dir,
2036	const struct qstr *qstr,	2046	const struct qstr *qstr,
2037	char **name,	2047	initxattrs initxattrs,
2038	void **value,	2048	void *fs_data)
2039	size_t *len)
2040	{	2049	{
2041	return -EOPNOTSUPP;	2050	return 0;
		2051	}
		2052
		2053	static inline int security_old_inode_init_security(struct inode *inode,
		2054	struct inode *dir,
		2055	const struct qstr *qstr,
		2056	char name, void value,
		2057	size_t *len)
		2058	{
		2059	return 0;
2042	}	2060	}
2043		2061
2044	static inline int security_inode_create(struct inode *dir,	2062	static inline int security_inode_create(struct inode *dir,


diff --git a/include/linux/xattr.h b/include/linux/xattr.h index aed54c50aa66..e5d122031542 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h
@@ -30,6 +30,9 @@
30	#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)	30	#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
31		31
32	/* Security namespace */	32	/* Security namespace */
		33	#define XATTR_EVM_SUFFIX "evm"
		34	#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
		35
33	#define XATTR_SELINUX_SUFFIX "selinux"	36	#define XATTR_SELINUX_SUFFIX "selinux"
34	#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX	37	#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
35		38
@@ -49,6 +52,11 @@
49	#define XATTR_CAPS_SUFFIX "capability"	52	#define XATTR_CAPS_SUFFIX "capability"
50	#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX	53	#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
51		54
		55	#define XATTR_POSIX_ACL_ACCESS "posix_acl_access"
		56	#define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS
		57	#define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
		58	#define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
		59
52	#ifdef __KERNEL__	60	#ifdef __KERNEL__
53		61
54	#include <linux/types.h>	62	#include <linux/types.h>
@@ -67,6 +75,12 @@ struct xattr_handler {
67	size_t size, int flags, int handler_flags);	75	size_t size, int flags, int handler_flags);
68	};	76	};
69		77
		78	struct xattr {
		79	char *name;
		80	void *value;
		81	size_t value_len;
		82	};
		83
70	ssize_t xattr_getsecurity(struct inode , const char , void *, size_t);	84	ssize_t xattr_getsecurity(struct inode , const char , void *, size_t);
71	ssize_t vfs_getxattr(struct dentry , const char , void *, size_t);	85	ssize_t vfs_getxattr(struct dentry , const char , void *, size_t);
72	ssize_t vfs_listxattr(struct dentry d, char list, size_t size);	86	ssize_t vfs_listxattr(struct dentry d, char list, size_t size);
@@ -78,7 +92,10 @@ ssize_t generic_getxattr(struct dentry dentry, const char name, void *buffer,
78	ssize_t generic_listxattr(struct dentry dentry, char buffer, size_t buffer_size);	92	ssize_t generic_listxattr(struct dentry dentry, char buffer, size_t buffer_size);
79	int generic_setxattr(struct dentry dentry, const char name, const void *value, size_t size, int flags);	93	int generic_setxattr(struct dentry dentry, const char name, const void *value, size_t size, int flags);
80	int generic_removexattr(struct dentry dentry, const char name);	94	int generic_removexattr(struct dentry dentry, const char name);
81		95	ssize_t vfs_getxattr_alloc(struct dentry dentry, const char name,
		96	char **xattr_value, size_t size, gfp_t flags);
		97	int vfs_xattr_cmp(struct dentry dentry, const char xattr_name,
		98	const char *value, size_t size, gfp_t flags);
82	#endif /* __KERNEL__ */	99	#endif /* __KERNEL__ */
83		100
84	#endif /* _LINUX_XATTR_H */	101	#endif /* _LINUX_XATTR_H */