#include <linux/types.h>
#include <linux/security.h>
+#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
#include <linux/selinux.h>
+#endif
#include <linux/xattr.h>
#include "llite_internal.h"
const char **secctx_name, void **secctx,
__u32 *secctx_size)
{
-#ifdef HAVE_SECURITY_DENTRY_INIT_SECURITY
int rc;
- /* security_dentry_init_security() is strange. Like
+ /*
+ * security_dentry_init_security() is strange. Like
* security_inode_init_security() it may return a context (provided a
* Linux security module is enabled) but unlike
* security_inode_init_security() it does not return to us the name of
* SELinux is the only module that implements
* security_dentry_init_security(). Note that the NFS client code just
* calls it and assumes that if anything is returned then it must come
- * from SELinux. */
+ * from SELinux.
+ */
if (!selinux_is_enabled())
return 0;
rc = security_dentry_init_security(dentry, mode, name, secctx,
secctx_size);
+ if (rc == -EOPNOTSUPP)
+ return 0;
if (rc < 0)
return rc;
*secctx_name = XATTR_NAME_SELINUX;
-#endif /* HAVE_SECURITY_DENTRY_INIT_SECURITY */
return 0;
}
-#ifdef HAVE_SECURITY_IINITSEC_CALLBACK
/**
- * A helper function for ll_security_inode_init_security()
+ * A helper function for security_inode_init_security()
* that takes care of setting xattrs
*
* Get security context of @inode from @xattr_array,
break;
}
- err = __vfs_setxattr(dentry, inode, full_name, xattr->value,
- xattr->value_len, XATTR_CREATE);
+ err = ll_vfs_setxattr(dentry, inode, full_name, xattr->value,
+ xattr->value_len, XATTR_CREATE);
kfree(full_name);
if (err < 0)
break;
ll_inode_init_security(struct dentry *dentry, struct inode *inode,
struct inode *dir)
{
+ int rc;
+
if (!selinux_is_enabled())
return 0;
- return ll_security_inode_init_security(inode, dir, NULL, NULL, 0,
- &ll_initxattrs, dentry);
+ rc = security_inode_init_security(inode, dir, NULL,
+ &ll_initxattrs, dentry);
+ if (rc == -EOPNOTSUPP)
+ return 0;
+
+ return rc;
}
-#else /* !HAVE_SECURITY_IINITSEC_CALLBACK */
+
/**
- * Initializes security context
- *
- * Get security context of @inode in @dir,
- * and put it in 'security.xxx' xattr of @dentry.
+ * Get security context xattr name used by policy.
*
- * \retval 0 success, or SELinux is disabled
- * \retval -ENOMEM if no memory could be allocated for xattr name
- * \retval < 0 failure to get security context or set xattr
+ * \retval >= 0 length of xattr name
+ * \retval < 0 failure to get security context xattr name
*/
int
-ll_inode_init_security(struct dentry *dentry, struct inode *inode,
- struct inode *dir)
+ll_listsecurity(struct inode *inode, char *secctx_name, size_t secctx_name_size)
{
- char *full_name;
- void *value;
- char *name;
- size_t len;
- int err;
+ int rc;
if (!selinux_is_enabled())
return 0;
- err = ll_security_inode_init_security(inode, dir, &name, &value, &len,
- NULL, dentry);
- if (err != 0) {
- if (err == -EOPNOTSUPP)
- return 0;
- return err;
- }
-
- full_name = kasprintf(GFP_KERNEL, "%s%s", XATTR_SECURITY_PREFIX, name);
- if (!full_name)
- GOTO(out_free, err = -ENOMEM);
-
- err = __vfs_setxattr(dentry, inode, full_name, value, len,
- XATTR_CREATE);
- kfree(full_name);
-out_free:
- kfree(name);
- kfree(value);
-
- return err;
+ rc = security_inode_listsecurity(inode, secctx_name, secctx_name_size);
+ if (rc >= secctx_name_size)
+ rc = -ERANGE;
+ else if (rc >= 0)
+ secctx_name[rc] = '\0';
+ return rc;
}
-#endif /* HAVE_SECURITY_IINITSEC_CALLBACK */