7 files changed, 182 insertions, 3 deletions
diff --git a/fs/9p/Kconfig b/fs/9p/Kconfig
index 55abfd62654a..6489e1fc1afd 100644
--- a/fs/9p/Kconfig
+++ b/fs/9p/Kconfig
@@ -31,3 +31,16 @@ config 9P_FS_POSIX_ACL
          If you don't know what Access Control Lists are, say N
 endif
+config 9P_FS_SECURITY
+        bool "9P Security Labels"
+        depends on 9P_FS
+        help
+          Security labels support alternative access control models
+          implemented by security modules like SELinux.  This option
+          enables an extended attribute handler for file security
+          labels in the 9P filesystem.
+          If you are not using a security module that requires using
+          extended attributes for file security labels, say N.
diff --git a/fs/9p/Makefile b/fs/9p/Makefile
index ab8c12780634..ff7be98f84f2 100644
--- a/fs/9p/Makefile
+++ b/fs/9p/Makefile
@@ -11,7 +11,9 @@ obj-$(CONFIG_9P_FS) := 9p.o
        v9fs.o \
        fid.o  \
        xattr.o \
-        xattr_user.o
+        xattr_user.o \
+        xattr_trusted.o
 9p-$(CONFIG_9P_FSCACHE) += cache.o
 9p-$(CONFIG_9P_FS_POSIX_ACL) += acl.o
+9p-$(CONFIG_9P_FS_SECURITY) += xattr_security.o
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index d86edc8d3fd0..25b018efb8ab 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -1054,13 +1054,11 @@ static int
 v9fs_vfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
                 struct kstat *stat)
 {
-        int err;
        struct v9fs_session_info *v9ses;
        struct p9_fid *fid;
        struct p9_wstat *st;
        p9_debug(P9_DEBUG_VFS, "dentry: %p\n", dentry);
-        err = -EPERM;
        v9ses = v9fs_dentry2v9ses(dentry);
        if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) {
                generic_fillattr(dentry->d_inode, stat);
diff --git a/fs/9p/xattr.c b/fs/9p/xattr.c
index c45e016b190f..3c28cdfb8c47 100644
--- a/fs/9p/xattr.c
+++ b/fs/9p/xattr.c
@@ -167,9 +167,13 @@ ssize_t v9fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 const struct xattr_handler *v9fs_xattr_handlers[] = {
        &v9fs_xattr_user_handler,
+        &v9fs_xattr_trusted_handler,
 #ifdef CONFIG_9P_FS_POSIX_ACL
        &v9fs_xattr_acl_access_handler,
        &v9fs_xattr_acl_default_handler,
 #endif
+#ifdef CONFIG_9P_FS_SECURITY
+        &v9fs_xattr_security_handler,
+#endif
        NULL
 };
diff --git a/fs/9p/xattr.h b/fs/9p/xattr.h
index eec348a3df71..d3e2ea3840be 100644
--- a/fs/9p/xattr.h
+++ b/fs/9p/xattr.h
@@ -20,6 +20,8 @@
 extern const struct xattr_handler *v9fs_xattr_handlers[];
 extern struct xattr_handler v9fs_xattr_user_handler;
+extern struct xattr_handler v9fs_xattr_trusted_handler;
+extern struct xattr_handler v9fs_xattr_security_handler;
 extern const struct xattr_handler v9fs_xattr_acl_access_handler;
 extern const struct xattr_handler v9fs_xattr_acl_default_handler;
diff --git a/fs/9p/xattr_security.c b/fs/9p/xattr_security.c
new file mode 100644
index 000000000000..cb247a142a6e
--- /dev/null
+++ b/fs/9p/xattr_security.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright IBM Corporation, 2010
+ * Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include "xattr.h"
+static int v9fs_xattr_security_get(struct dentry *dentry, const char *name,
+                        void *buffer, size_t size, int type)
+{
+        int retval;
+        char *full_name;
+        size_t name_len;
+        size_t prefix_len = XATTR_SECURITY_PREFIX_LEN;
+        if (name == NULL)
+                return -EINVAL;
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        name_len = strlen(name);
+        full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
+        if (!full_name)
+                return -ENOMEM;
+        memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len);
+        memcpy(full_name+prefix_len, name, name_len);
+        full_name[prefix_len + name_len] = '\0';
+        retval = v9fs_xattr_get(dentry, full_name, buffer, size);
+        kfree(full_name);
+        return retval;
+}
+static int v9fs_xattr_security_set(struct dentry *dentry, const char *name,
+                        const void *value, size_t size, int flags, int type)
+{
+        int retval;
+        char *full_name;
+        size_t name_len;
+        size_t prefix_len = XATTR_SECURITY_PREFIX_LEN;
+        if (name == NULL)
+                return -EINVAL;
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        name_len = strlen(name);
+        full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
+        if (!full_name)
+                return -ENOMEM;
+        memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len);
+        memcpy(full_name + prefix_len, name, name_len);
+        full_name[prefix_len + name_len] = '\0';
+        retval = v9fs_xattr_set(dentry, full_name, value, size, flags);
+        kfree(full_name);
+        return retval;
+}
+struct xattr_handler v9fs_xattr_security_handler = {
+        .prefix = XATTR_SECURITY_PREFIX,
+        .get    = v9fs_xattr_security_get,
+        .set    = v9fs_xattr_security_set,
+};
diff --git a/fs/9p/xattr_trusted.c b/fs/9p/xattr_trusted.c
new file mode 100644
index 000000000000..e30d33b8a3fb
--- /dev/null
+++ b/fs/9p/xattr_trusted.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright IBM Corporation, 2010
+ * Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include "xattr.h"
+static int v9fs_xattr_trusted_get(struct dentry *dentry, const char *name,
+                        void *buffer, size_t size, int type)
+{
+        int retval;
+        char *full_name;
+        size_t name_len;
+        size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
+        if (name == NULL)
+                return -EINVAL;
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        name_len = strlen(name);
+        full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
+        if (!full_name)
+                return -ENOMEM;
+        memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len);
+        memcpy(full_name+prefix_len, name, name_len);
+        full_name[prefix_len + name_len] = '\0';
+        retval = v9fs_xattr_get(dentry, full_name, buffer, size);
+        kfree(full_name);
+        return retval;
+}
+static int v9fs_xattr_trusted_set(struct dentry *dentry, const char *name,
+                        const void *value, size_t size, int flags, int type)
+{
+        int retval;
+        char *full_name;
+        size_t name_len;
+        size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
+        if (name == NULL)
+                return -EINVAL;
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        name_len = strlen(name);
+        full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
+        if (!full_name)
+                return -ENOMEM;
+        memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len);
+        memcpy(full_name + prefix_len, name, name_len);
+        full_name[prefix_len + name_len] = '\0';
+        retval = v9fs_xattr_set(dentry, full_name, value, size, flags);
+        kfree(full_name);
+        return retval;
+}
+struct xattr_handler v9fs_xattr_trusted_handler = {
+        .prefix = XATTR_TRUSTED_PREFIX,
+        .get    = v9fs_xattr_trusted_get,
+        .set    = v9fs_xattr_trusted_set,
+};

diff --git a/fs/9p/Kconfig b/fs/9p/Kconfig index 55abfd62654a..6489e1fc1afd 100644 --- a/fs/9p/Kconfig +++ b/fs/9p/Kconfig
@@ -31,3 +31,16 @@ config 9P_FS_POSIX_ACL
31	If you don't know what Access Control Lists are, say N	31	If you don't know what Access Control Lists are, say N
32		32
33	endif	33	endif
		34
		35
		36	config 9P_FS_SECURITY
		37	bool "9P Security Labels"
		38	depends on 9P_FS
		39	help
		40	Security labels support alternative access control models
		41	implemented by security modules like SELinux. This option
		42	enables an extended attribute handler for file security
		43	labels in the 9P filesystem.
		44
		45	If you are not using a security module that requires using
		46	extended attributes for file security labels, say N.


diff --git a/fs/9p/Makefile b/fs/9p/Makefile index ab8c12780634..ff7be98f84f2 100644 --- a/fs/9p/Makefile +++ b/fs/9p/Makefile
@@ -11,7 +11,9 @@ obj-$(CONFIG_9P_FS) := 9p.o
11	v9fs.o \	11	v9fs.o \
12	fid.o \	12	fid.o \
13	xattr.o \	13	xattr.o \
14	xattr_user.o	14	xattr_user.o \
		15	xattr_trusted.o
15		16
16	9p-$(CONFIG_9P_FSCACHE) += cache.o	17	9p-$(CONFIG_9P_FSCACHE) += cache.o
17	9p-$(CONFIG_9P_FS_POSIX_ACL) += acl.o	18	9p-$(CONFIG_9P_FS_POSIX_ACL) += acl.o
		19	9p-$(CONFIG_9P_FS_SECURITY) += xattr_security.o


diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index d86edc8d3fd0..25b018efb8ab 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c
@@ -1054,13 +1054,11 @@ static int
1054	v9fs_vfs_getattr(struct vfsmount mnt, struct dentry dentry,	1054	v9fs_vfs_getattr(struct vfsmount mnt, struct dentry dentry,
1055	struct kstat *stat)	1055	struct kstat *stat)
1056	{	1056	{
1057	int err;
1058	struct v9fs_session_info *v9ses;	1057	struct v9fs_session_info *v9ses;
1059	struct p9_fid *fid;	1058	struct p9_fid *fid;
1060	struct p9_wstat *st;	1059	struct p9_wstat *st;
1061		1060
1062	p9_debug(P9_DEBUG_VFS, "dentry: %p\n", dentry);	1061	p9_debug(P9_DEBUG_VFS, "dentry: %p\n", dentry);
1063	err = -EPERM;
1064	v9ses = v9fs_dentry2v9ses(dentry);	1062	v9ses = v9fs_dentry2v9ses(dentry);
1065	if (v9ses->cache == CACHE_LOOSE \|\| v9ses->cache == CACHE_FSCACHE) {	1063	if (v9ses->cache == CACHE_LOOSE \|\| v9ses->cache == CACHE_FSCACHE) {
1066	generic_fillattr(dentry->d_inode, stat);	1064	generic_fillattr(dentry->d_inode, stat);


diff --git a/fs/9p/xattr.c b/fs/9p/xattr.c index c45e016b190f..3c28cdfb8c47 100644 --- a/fs/9p/xattr.c +++ b/fs/9p/xattr.c
@@ -167,9 +167,13 @@ ssize_t v9fs_listxattr(struct dentry dentry, char buffer, size_t buffer_size)
167		167
168	const struct xattr_handler *v9fs_xattr_handlers[] = {	168	const struct xattr_handler *v9fs_xattr_handlers[] = {
169	&v9fs_xattr_user_handler,	169	&v9fs_xattr_user_handler,
		170	&v9fs_xattr_trusted_handler,
170	#ifdef CONFIG_9P_FS_POSIX_ACL	171	#ifdef CONFIG_9P_FS_POSIX_ACL
171	&v9fs_xattr_acl_access_handler,	172	&v9fs_xattr_acl_access_handler,
172	&v9fs_xattr_acl_default_handler,	173	&v9fs_xattr_acl_default_handler,
173	#endif	174	#endif
		175	#ifdef CONFIG_9P_FS_SECURITY
		176	&v9fs_xattr_security_handler,
		177	#endif
174	NULL	178	NULL
175	};	179	};


diff --git a/fs/9p/xattr.h b/fs/9p/xattr.h index eec348a3df71..d3e2ea3840be 100644 --- a/fs/9p/xattr.h +++ b/fs/9p/xattr.h
@@ -20,6 +20,8 @@
20		20
21	extern const struct xattr_handler *v9fs_xattr_handlers[];	21	extern const struct xattr_handler *v9fs_xattr_handlers[];
22	extern struct xattr_handler v9fs_xattr_user_handler;	22	extern struct xattr_handler v9fs_xattr_user_handler;
		23	extern struct xattr_handler v9fs_xattr_trusted_handler;
		24	extern struct xattr_handler v9fs_xattr_security_handler;
23	extern const struct xattr_handler v9fs_xattr_acl_access_handler;	25	extern const struct xattr_handler v9fs_xattr_acl_access_handler;
24	extern const struct xattr_handler v9fs_xattr_acl_default_handler;	26	extern const struct xattr_handler v9fs_xattr_acl_default_handler;
25		27


diff --git a/fs/9p/xattr_security.c b/fs/9p/xattr_security.c new file mode 100644 index 000000000000..cb247a142a6e --- /dev/null +++ b/fs/9p/xattr_security.c
@@ -0,0 +1,80 @@
		1	/*
		2	* Copyright IBM Corporation, 2010
		3	* Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
		4	*
		5	* This program is free software; you can redistribute it and/or modify it
		6	* under the terms of version 2.1 of the GNU Lesser General Public License
		7	* as published by the Free Software Foundation.
		8	*
		9	* This program is distributed in the hope that it would be useful, but
		10	* WITHOUT ANY WARRANTY; without even the implied warranty of
		11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
		12	*
		13	*/
		14
		15
		16	#include <linux/module.h>
		17	#include <linux/string.h>
		18	#include <linux/fs.h>
		19	#include <linux/slab.h>
		20	#include "xattr.h"
		21
		22	static int v9fs_xattr_security_get(struct dentry dentry, const char name,
		23	void *buffer, size_t size, int type)
		24	{
		25	int retval;
		26	char *full_name;
		27	size_t name_len;
		28	size_t prefix_len = XATTR_SECURITY_PREFIX_LEN;
		29
		30	if (name == NULL)
		31	return -EINVAL;
		32
		33	if (strcmp(name, "") == 0)
		34	return -EINVAL;
		35
		36	name_len = strlen(name);
		37	full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
		38	if (!full_name)
		39	return -ENOMEM;
		40	memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len);
		41	memcpy(full_name+prefix_len, name, name_len);
		42	full_name[prefix_len + name_len] = '\0';
		43
		44	retval = v9fs_xattr_get(dentry, full_name, buffer, size);
		45	kfree(full_name);
		46	return retval;
		47	}
		48
		49	static int v9fs_xattr_security_set(struct dentry dentry, const char name,
		50	const void *value, size_t size, int flags, int type)
		51	{
		52	int retval;
		53	char *full_name;
		54	size_t name_len;
		55	size_t prefix_len = XATTR_SECURITY_PREFIX_LEN;
		56
		57	if (name == NULL)
		58	return -EINVAL;
		59
		60	if (strcmp(name, "") == 0)
		61	return -EINVAL;
		62
		63	name_len = strlen(name);
		64	full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
		65	if (!full_name)
		66	return -ENOMEM;
		67	memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len);
		68	memcpy(full_name + prefix_len, name, name_len);
		69	full_name[prefix_len + name_len] = '\0';
		70
		71	retval = v9fs_xattr_set(dentry, full_name, value, size, flags);
		72	kfree(full_name);
		73	return retval;
		74	}
		75
		76	struct xattr_handler v9fs_xattr_security_handler = {
		77	.prefix = XATTR_SECURITY_PREFIX,
		78	.get = v9fs_xattr_security_get,
		79	.set = v9fs_xattr_security_set,
		80	};


diff --git a/fs/9p/xattr_trusted.c b/fs/9p/xattr_trusted.c new file mode 100644 index 000000000000..e30d33b8a3fb --- /dev/null +++ b/fs/9p/xattr_trusted.c
@@ -0,0 +1,80 @@
		1	/*
		2	* Copyright IBM Corporation, 2010
		3	* Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
		4	*
		5	* This program is free software; you can redistribute it and/or modify it
		6	* under the terms of version 2.1 of the GNU Lesser General Public License
		7	* as published by the Free Software Foundation.
		8	*
		9	* This program is distributed in the hope that it would be useful, but
		10	* WITHOUT ANY WARRANTY; without even the implied warranty of
		11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
		12	*
		13	*/
		14
		15
		16	#include <linux/module.h>
		17	#include <linux/string.h>
		18	#include <linux/fs.h>
		19	#include <linux/slab.h>
		20	#include "xattr.h"
		21
		22	static int v9fs_xattr_trusted_get(struct dentry dentry, const char name,
		23	void *buffer, size_t size, int type)
		24	{
		25	int retval;
		26	char *full_name;
		27	size_t name_len;
		28	size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
		29
		30	if (name == NULL)
		31	return -EINVAL;
		32
		33	if (strcmp(name, "") == 0)
		34	return -EINVAL;
		35
		36	name_len = strlen(name);
		37	full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
		38	if (!full_name)
		39	return -ENOMEM;
		40	memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len);
		41	memcpy(full_name+prefix_len, name, name_len);
		42	full_name[prefix_len + name_len] = '\0';
		43
		44	retval = v9fs_xattr_get(dentry, full_name, buffer, size);
		45	kfree(full_name);
		46	return retval;
		47	}
		48
		49	static int v9fs_xattr_trusted_set(struct dentry dentry, const char name,
		50	const void *value, size_t size, int flags, int type)
		51	{
		52	int retval;
		53	char *full_name;
		54	size_t name_len;
		55	size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
		56
		57	if (name == NULL)
		58	return -EINVAL;
		59
		60	if (strcmp(name, "") == 0)
		61	return -EINVAL;
		62
		63	name_len = strlen(name);
		64	full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL);
		65	if (!full_name)
		66	return -ENOMEM;
		67	memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len);
		68	memcpy(full_name + prefix_len, name, name_len);
		69	full_name[prefix_len + name_len] = '\0';
		70
		71	retval = v9fs_xattr_set(dentry, full_name, value, size, flags);
		72	kfree(full_name);
		73	return retval;
		74	}
		75
		76	struct xattr_handler v9fs_xattr_trusted_handler = {
		77	.prefix = XATTR_TRUSTED_PREFIX,
		78	.get = v9fs_xattr_trusted_get,
		79	.set = v9fs_xattr_trusted_set,
		80	};