kernfs: use simple_xattrs for security attributes
Replace the special handling of security xattrs with simple_xattrs, as is already done for the trusted xattrs. This simplifies the code and allows LSMs to use more than just a single xattr to do their business. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> [PM: manual merge fixes] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Ondrej Mosnacek
Paul Moore
parent
b754026bd9
commit
0ac6075a32
@ -532,9 +532,6 @@ void kernfs_put(struct kernfs_node *kn)
|
||||
kfree_const(kn->name);
|
||||
|
||||
if (kn->iattr) {
|
||||
if (kn->iattr->ia_secdata)
|
||||
security_release_secctx(kn->iattr->ia_secdata,
|
||||
kn->iattr->ia_secdata_len);
|
||||
simple_xattrs_free(&kn->iattr->xattrs);
|
||||
kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
|
||||
}
|
||||
|
||||
@ -137,23 +137,6 @@ out:
|
||||
return error;
|
||||
}
|
||||
|
||||
static int kernfs_node_setsecdata(struct kernfs_iattrs *attrs, void **secdata,
|
||||
u32 *secdata_len)
|
||||
{
|
||||
void *old_secdata;
|
||||
size_t old_secdata_len;
|
||||
|
||||
old_secdata = attrs->ia_secdata;
|
||||
old_secdata_len = attrs->ia_secdata_len;
|
||||
|
||||
attrs->ia_secdata = *secdata;
|
||||
attrs->ia_secdata_len = *secdata_len;
|
||||
|
||||
*secdata = old_secdata;
|
||||
*secdata_len = old_secdata_len;
|
||||
return 0;
|
||||
}
|
||||
|
||||
ssize_t kernfs_iop_listxattr(struct dentry *dentry, char *buf, size_t size)
|
||||
{
|
||||
struct kernfs_node *kn = kernfs_dentry_node(dentry);
|
||||
@ -189,15 +172,12 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
|
||||
struct kernfs_iattrs *attrs = kn->iattr;
|
||||
|
||||
inode->i_mode = kn->mode;
|
||||
if (attrs) {
|
||||
if (attrs)
|
||||
/*
|
||||
* kernfs_node has non-default attributes get them from
|
||||
* persistent copy in kernfs_node.
|
||||
*/
|
||||
set_inode_attr(inode, attrs);
|
||||
security_inode_notifysecctx(inode, attrs->ia_secdata,
|
||||
attrs->ia_secdata_len);
|
||||
}
|
||||
|
||||
if (kernfs_type(kn) == KERNFS_DIR)
|
||||
set_nlink(inode, kn->dir.subdirs + 2);
|
||||
@ -345,41 +325,10 @@ static const struct xattr_handler kernfs_trusted_xattr_handler = {
|
||||
.set = kernfs_xattr_set,
|
||||
};
|
||||
|
||||
static int kernfs_security_xattr_set(const struct xattr_handler *handler,
|
||||
struct dentry *unused, struct inode *inode,
|
||||
const char *suffix, const void *value,
|
||||
size_t size, int flags)
|
||||
{
|
||||
struct kernfs_node *kn = inode->i_private;
|
||||
struct kernfs_iattrs *attrs;
|
||||
void *secdata;
|
||||
u32 secdata_len = 0;
|
||||
int error;
|
||||
|
||||
attrs = kernfs_iattrs(kn);
|
||||
if (!attrs)
|
||||
return -ENOMEM;
|
||||
|
||||
error = security_inode_setsecurity(inode, suffix, value, size, flags);
|
||||
if (error)
|
||||
return error;
|
||||
error = security_inode_getsecctx(inode, &secdata, &secdata_len);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
mutex_lock(&kernfs_mutex);
|
||||
error = kernfs_node_setsecdata(attrs, &secdata, &secdata_len);
|
||||
mutex_unlock(&kernfs_mutex);
|
||||
|
||||
if (secdata)
|
||||
security_release_secctx(secdata, secdata_len);
|
||||
return error;
|
||||
}
|
||||
|
||||
static const struct xattr_handler kernfs_security_xattr_handler = {
|
||||
.prefix = XATTR_SECURITY_PREFIX,
|
||||
.get = kernfs_xattr_get,
|
||||
.set = kernfs_security_xattr_set,
|
||||
.set = kernfs_xattr_set,
|
||||
};
|
||||
|
||||
const struct xattr_handler *kernfs_xattr_handlers[] = {
|
||||
|
||||
@ -25,8 +25,6 @@ struct kernfs_iattrs {
|
||||
struct timespec64 ia_atime;
|
||||
struct timespec64 ia_mtime;
|
||||
struct timespec64 ia_ctime;
|
||||
void *ia_secdata;
|
||||
u32 ia_secdata_len;
|
||||
|
||||
struct simple_xattrs xattrs;
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user