LU-13826 utils: fix compatibility for LL_IOC_MDC_GETINFO

[fs/lustre-release.git] / lustre / llite / xattr_security.c

diff --git a/lustre/llite/xattr_security.c b/lustre/llite/xattr_security.c
index 37ba2a4..94679b8 100644 (file)
--- a/lustre/llite/xattr_security.c
+++ b/lustre/llite/xattr_security.c
@@ -21,6 +21,8 @@
 
 /*
  * Copyright (c) 2014 Bull SAS
+ *
+ * Copyright (c) 2015, 2016, Intel Corporation.
  * Author: Sebastien Buisson sebastien.buisson@bull.net
  */
 
@@ -31,7 +33,9 @@
 
 #include <linux/types.h>
 #include <linux/security.h>
+#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
 #include <linux/selinux.h>
+#endif
 #include <linux/xattr.h>
 #include "llite_internal.h"
 
@@ -50,10 +54,10 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
                            const char **secctx_name, void **secctx,
                            __u32 *secctx_size)
 {
-#ifdef HAVE_SECURITY_DENTRY_INIT_SECURITY
        int rc;
 
-       /* security_dentry_init_security() is strange. Like
+       /*
+        * security_dentry_init_security() is strange. Like
         * security_inode_init_security() it may return a context (provided a
         * Linux security module is enabled) but unlike
         * security_inode_init_security() it does not return to us the name of
@@ -63,25 +67,26 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
         * SELinux is the only module that implements
         * security_dentry_init_security(). Note that the NFS client code just
         * calls it and assumes that if anything is returned then it must come
-        * from SELinux. */
+        * from SELinux.
+        */
 
        if (!selinux_is_enabled())
                return 0;
 
        rc = security_dentry_init_security(dentry, mode, name, secctx,
                                           secctx_size);
+       if (rc == -EOPNOTSUPP)
+               return 0;
        if (rc < 0)
                return rc;
 
        *secctx_name = XATTR_NAME_SELINUX;
-#endif /* HAVE_SECURITY_DENTRY_INIT_SECURITY */
 
        return 0;
 }
 
-#ifdef HAVE_SECURITY_IINITSEC_CALLBACK
 /**
- * A helper function for ll_security_inode_init_security()
+ * A helper function for security_inode_init_security()
  * that takes care of setting xattrs
  *
  * Get security context of @inode from @xattr_array,
@@ -96,26 +101,23 @@ static int
 ll_initxattrs(struct inode *inode, const struct xattr *xattr_array,
              void *fs_info)
 {
-       const struct xattr *xattr;
        struct dentry *dentry = fs_info;
-       size_t name_len;
-       char *full_name;
+       const struct xattr *xattr;
        int err = 0;
 
-       for (xattr = xattr_array; xattr->name != NULL; xattr++) {
-               name_len = strlen(XATTR_SECURITY_PREFIX) + strlen(xattr->name)
-                          + 1;
-               OBD_ALLOC(full_name, name_len);
-               if (full_name == NULL)
-                       return -ENOMEM;
-               strlcpy(full_name, XATTR_SECURITY_PREFIX, name_len);
-               strlcat(full_name, xattr->name, name_len);
-
-               err = ll_setxattr(dentry, full_name, xattr->value,
-                                 xattr->value_len, 0);
+       for (xattr = xattr_array; xattr->name; xattr++) {
+               char *full_name;
 
-               OBD_FREE(full_name, name_len);
+               full_name = kasprintf(GFP_KERNEL, "%s%s",
+                                     XATTR_SECURITY_PREFIX, xattr->name);
+               if (!full_name) {
+                       err = -ENOMEM;
+                       break;
+               }
 
+               err = ll_vfs_setxattr(dentry, inode, full_name, xattr->value,
+                                     xattr->value_len, XATTR_CREATE);
+               kfree(full_name);
                if (err < 0)
                        break;
        }
@@ -136,57 +138,37 @@ int
 ll_inode_init_security(struct dentry *dentry, struct inode *inode,
                       struct inode *dir)
 {
+       int rc;
+
        if (!selinux_is_enabled())
                return 0;
 
-       return ll_security_inode_init_security(inode, dir, NULL, NULL, 0,
-                                              &ll_initxattrs, dentry);
+       rc = security_inode_init_security(inode, dir, NULL,
+                                         &ll_initxattrs, dentry);
+       if (rc == -EOPNOTSUPP)
+               return 0;
+
+       return rc;
 }
-#else /* !HAVE_SECURITY_IINITSEC_CALLBACK */
+
 /**
- * Initializes security context
- *
- * Get security context of @inode in @dir,
- * and put it in 'security.xxx' xattr of @dentry.
+ * Get security context xattr name used by policy.
  *
- * \retval 0        success, or SELinux is disabled
- * \retval -ENOMEM  if no memory could be allocated for xattr name
- * \retval < 0      failure to get security context or set xattr
+ * \retval >= 0     length of xattr name
+ * \retval < 0      failure to get security context xattr name
  */
 int
-ll_inode_init_security(struct dentry *dentry, struct inode *inode,
-                      struct inode *dir)
+ll_listsecurity(struct inode *inode, char *secctx_name, size_t secctx_name_size)
 {
-       int err;
-       size_t len, name_len;
-       void *value;
-       char *name, *full_name;
+       int rc;
 
        if (!selinux_is_enabled())
                return 0;
 
-       err = ll_security_inode_init_security(inode, dir, &name, &value, &len,
-                                             NULL, dentry);
-       if (err != 0) {
-               if (err == -EOPNOTSUPP)
-                       return 0;
-               return err;
-       }
-
-       name_len = strlen(XATTR_SECURITY_PREFIX) + strlen(name) + 1;
-       OBD_ALLOC(full_name, name_len);
-       if (full_name == NULL)
-               GOTO(out_free, err = -ENOMEM);
-       strlcpy(full_name, XATTR_SECURITY_PREFIX, name_len);
-       strlcat(full_name, name, name_len);
-
-       err = ll_setxattr(dentry, full_name, value, len, 0);
-       OBD_FREE(full_name, name_len);
-
-out_free:
-       kfree(name);
-       kfree(value);
-
-       return err;
+       rc = security_inode_listsecurity(inode, secctx_name, secctx_name_size);
+       if (rc >= secctx_name_size)
+               rc = -ERANGE;
+       else if (rc >= 0)
+               secctx_name[rc] = '\0';
+       return rc;
 }
-#endif /* HAVE_SECURITY_IINITSEC_CALLBACK */