/* selinux_dentry_init_security() uses dentry->d_parent and name
* to determine the security context for the file. So our fake
* dentry should be real enough for this purpose. */
- err = ll_dentry_init_security(&dentry, mode, &dentry.d_name,
+ err = ll_dentry_init_security(parent,
+ &dentry, mode, &dentry.d_name,
&op_data->op_file_secctx_name,
&op_data->op_file_secctx,
&op_data->op_file_secctx_size);
#endif
}
-int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
+int ll_dentry_init_security(struct inode *parent, struct dentry *dentry,
+ int mode, struct qstr *name,
const char **secctx_name, void **secctx,
__u32 *secctx_size);
int ll_inode_init_security(struct dentry *dentry, struct inode *inode,
if (it->it_op & IT_CREAT &&
test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(parent)->ll_flags)) {
- rc = ll_dentry_init_security(dentry, it->it_create_mode,
+ rc = ll_dentry_init_security(parent,
+ dentry, it->it_create_mode,
&dentry->d_name,
&op_data->op_file_secctx_name,
&op_data->op_file_secctx,
ll_qos_mkdir_prep(op_data, dir);
if (test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
- err = ll_dentry_init_security(dchild, mode, &dchild->d_name,
+ err = ll_dentry_init_security(dir,
+ dchild, mode, &dchild->d_name,
&op_data->op_file_secctx_name,
&op_data->op_file_secctx,
&op_data->op_file_secctx_size);
/*
* Check for LL_SBI_FILE_SECCTX before calling.
*/
-int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
+int ll_dentry_init_security(struct inode *parent, struct dentry *dentry,
+ int mode, struct qstr *name,
const char **secctx_name, void **secctx,
__u32 *secctx_size)
{
if (!selinux_is_enabled())
return 0;
+ /* fetch length of security xattr name */
+ rc = security_inode_listsecurity(parent, NULL, 0);
+ /* xattr name length == 0 means SELinux is disabled */
+ if (rc == 0)
+ return 0;
+ /* we support SELinux only */
+ if (rc != strlen(XATTR_NAME_SELINUX) + 1)
+ return -EOPNOTSUPP;
+
rc = security_dentry_init_security(dentry, mode, name, secctx,
secctx_size);
/* Usually, security_dentry_init_security() returns -EOPNOTSUPP when