1 files changed, 29 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 134a9c0d2004..7118be2a74a5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5351,6 +5351,32 @@ static void selinux_release_secctx(char *secdata, u32 seclen)
        kfree(secdata);
 }
+/*
+ *      called with inode->i_mutex locked
+ */
+static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+{
+        return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
+}
+/*
+ *      called with inode->i_mutex locked
+ */
+static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+{
+        return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
+}
+static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+{
+        int len = 0;
+        len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
+                                                ctx, true);
+        if (len < 0)
+                return len;
+        *ctxlen = len;
+        return 0;
+}
 #ifdef CONFIG_KEYS
 static int selinux_key_alloc(struct key *k, const struct cred *cred,
@@ -5550,6 +5576,9 @@ static struct security_operations selinux_ops = {
        .secid_to_secctx =              selinux_secid_to_secctx,
        .secctx_to_secid =              selinux_secctx_to_secid,
        .release_secctx =               selinux_release_secctx,
+        .inode_notifysecctx =           selinux_inode_notifysecctx,
+        .inode_setsecctx =              selinux_inode_setsecctx,
+        .inode_getsecctx =              selinux_inode_getsecctx,
        .unix_stream_connect =          selinux_socket_unix_stream_connect,
        .unix_may_send =                selinux_socket_unix_may_send,

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 134a9c0d2004..7118be2a74a5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -5351,6 +5351,32 @@ static void selinux_release_secctx(char *secdata, u32 seclen)
5351	kfree(secdata);	5351	kfree(secdata);
5352	}	5352	}
5353		5353
		5354	/*
		5355	* called with inode->i_mutex locked
		5356	*/
		5357	static int selinux_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)
		5358	{
		5359	return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
		5360	}
		5361
		5362	/*
		5363	* called with inode->i_mutex locked
		5364	*/
		5365	static int selinux_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
		5366	{
		5367	return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
		5368	}
		5369
		5370	static int selinux_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)
		5371	{
		5372	int len = 0;
		5373	len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
		5374	ctx, true);
		5375	if (len < 0)
		5376	return len;
		5377	*ctxlen = len;
		5378	return 0;
		5379	}
5354	#ifdef CONFIG_KEYS	5380	#ifdef CONFIG_KEYS
5355		5381
5356	static int selinux_key_alloc(struct key k, const struct cred cred,	5382	static int selinux_key_alloc(struct key k, const struct cred cred,
@@ -5550,6 +5576,9 @@ static struct security_operations selinux_ops = {
5550	.secid_to_secctx = selinux_secid_to_secctx,	5576	.secid_to_secctx = selinux_secid_to_secctx,
5551	.secctx_to_secid = selinux_secctx_to_secid,	5577	.secctx_to_secid = selinux_secctx_to_secid,
5552	.release_secctx = selinux_release_secctx,	5578	.release_secctx = selinux_release_secctx,
		5579	.inode_notifysecctx = selinux_inode_notifysecctx,
		5580	.inode_setsecctx = selinux_inode_setsecctx,
		5581	.inode_getsecctx = selinux_inode_getsecctx,
5553		5582
5554	.unix_stream_connect = selinux_socket_unix_stream_connect,	5583	.unix_stream_connect = selinux_socket_unix_stream_connect,
5555	.unix_may_send = selinux_socket_unix_may_send,	5584	.unix_may_send = selinux_socket_unix_may_send,