This patch modifies ext3 to call the inode_init_security LSM hook to obtain the security attribute for a newly created inode and to set the resulting attribute on the new inode as part of the same transaction. This parallels the existing processing for setting ACLs on newly created inodes. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
		
			
				
	
	
		
			78 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			78 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * linux/fs/ext3/xattr_security.c
 | |
|  * Handler for storing security labels as extended attributes.
 | |
|  */
 | |
| 
 | |
| #include <linux/module.h>
 | |
| #include <linux/string.h>
 | |
| #include <linux/fs.h>
 | |
| #include <linux/smp_lock.h>
 | |
| #include <linux/ext3_jbd.h>
 | |
| #include <linux/ext3_fs.h>
 | |
| #include <linux/security.h>
 | |
| #include "xattr.h"
 | |
| 
 | |
| static size_t
 | |
| ext3_xattr_security_list(struct inode *inode, char *list, size_t list_size,
 | |
| 			 const char *name, size_t name_len)
 | |
| {
 | |
| 	const size_t prefix_len = sizeof(XATTR_SECURITY_PREFIX)-1;
 | |
| 	const size_t total_len = prefix_len + name_len + 1;
 | |
| 
 | |
| 
 | |
| 	if (list && total_len <= list_size) {
 | |
| 		memcpy(list, XATTR_SECURITY_PREFIX, prefix_len);
 | |
| 		memcpy(list+prefix_len, name, name_len);
 | |
| 		list[prefix_len + name_len] = '\0';
 | |
| 	}
 | |
| 	return total_len;
 | |
| }
 | |
| 
 | |
| static int
 | |
| ext3_xattr_security_get(struct inode *inode, const char *name,
 | |
| 		       void *buffer, size_t size)
 | |
| {
 | |
| 	if (strcmp(name, "") == 0)
 | |
| 		return -EINVAL;
 | |
| 	return ext3_xattr_get(inode, EXT3_XATTR_INDEX_SECURITY, name,
 | |
| 			      buffer, size);
 | |
| }
 | |
| 
 | |
| static int
 | |
| ext3_xattr_security_set(struct inode *inode, const char *name,
 | |
| 		       const void *value, size_t size, int flags)
 | |
| {
 | |
| 	if (strcmp(name, "") == 0)
 | |
| 		return -EINVAL;
 | |
| 	return ext3_xattr_set(inode, EXT3_XATTR_INDEX_SECURITY, name,
 | |
| 			      value, size, flags);
 | |
| }
 | |
| 
 | |
| int
 | |
| ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
 | |
| {
 | |
| 	int err;
 | |
| 	size_t len;
 | |
| 	void *value;
 | |
| 	char *name;
 | |
| 
 | |
| 	err = security_inode_init_security(inode, dir, &name, &value, &len);
 | |
| 	if (err) {
 | |
| 		if (err == -EOPNOTSUPP)
 | |
| 			return 0;
 | |
| 		return err;
 | |
| 	}
 | |
| 	err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
 | |
| 				    name, value, len, 0);
 | |
| 	kfree(name);
 | |
| 	kfree(value);
 | |
| 	return err;
 | |
| }
 | |
| 
 | |
| struct xattr_handler ext3_xattr_security_handler = {
 | |
| 	.prefix	= XATTR_SECURITY_PREFIX,
 | |
| 	.list	= ext3_xattr_security_list,
 | |
| 	.get	= ext3_xattr_security_get,
 | |
| 	.set	= ext3_xattr_security_set,
 | |
| };
 |