Commit 1d15b10f95d4c4295a0f2288c7be7b6a005490da
1 parent
4f4b401bfa
JFS: Implement jfs_init_security
This atomically initializes the security xattr when an object is created Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Showing 3 changed files with 68 additions and 0 deletions Side-by-side Diff
fs/jfs/jfs_xattr.h
... | ... | @@ -61,5 +61,15 @@ |
61 | 61 | extern ssize_t jfs_listxattr(struct dentry *, char *, size_t); |
62 | 62 | extern int jfs_removexattr(struct dentry *, const char *); |
63 | 63 | |
64 | +#ifdef CONFIG_JFS_SECURITY | |
65 | +extern int jfs_init_security(tid_t, struct inode *, struct inode *); | |
66 | +#else | |
67 | +static inline int jfs_init_security(tid_t tid, struct inode *inode, | |
68 | + struct inode *dir) | |
69 | +{ | |
70 | + return 0; | |
71 | +} | |
72 | +#endif | |
73 | + | |
64 | 74 | #endif /* H_JFS_XATTR */ |
fs/jfs/namei.c
... | ... | @@ -111,6 +111,12 @@ |
111 | 111 | if (rc) |
112 | 112 | goto out3; |
113 | 113 | |
114 | + rc = jfs_init_security(tid, ip, dip); | |
115 | + if (rc) { | |
116 | + txAbort(tid, 0); | |
117 | + goto out3; | |
118 | + } | |
119 | + | |
114 | 120 | if ((rc = dtSearch(dip, &dname, &ino, &btstack, JFS_CREATE))) { |
115 | 121 | jfs_err("jfs_create: dtSearch returned %d", rc); |
116 | 122 | txAbort(tid, 0); |
... | ... | @@ -239,6 +245,12 @@ |
239 | 245 | if (rc) |
240 | 246 | goto out3; |
241 | 247 | |
248 | + rc = jfs_init_security(tid, ip, dip); | |
249 | + if (rc) { | |
250 | + txAbort(tid, 0); | |
251 | + goto out3; | |
252 | + } | |
253 | + | |
242 | 254 | if ((rc = dtSearch(dip, &dname, &ino, &btstack, JFS_CREATE))) { |
243 | 255 | jfs_err("jfs_mkdir: dtSearch returned %d", rc); |
244 | 256 | txAbort(tid, 0); |
... | ... | @@ -906,6 +918,10 @@ |
906 | 918 | down(&JFS_IP(dip)->commit_sem); |
907 | 919 | down(&JFS_IP(ip)->commit_sem); |
908 | 920 | |
921 | + rc = jfs_init_security(tid, ip, dip); | |
922 | + if (rc) | |
923 | + goto out3; | |
924 | + | |
909 | 925 | tblk = tid_to_tblock(tid); |
910 | 926 | tblk->xflag |= COMMIT_CREATE; |
911 | 927 | tblk->ino = ip->i_ino; |
... | ... | @@ -1348,6 +1364,12 @@ |
1348 | 1364 | rc = jfs_init_acl(tid, ip, dir); |
1349 | 1365 | if (rc) |
1350 | 1366 | goto out3; |
1367 | + | |
1368 | + rc = jfs_init_security(tid, ip, dir); | |
1369 | + if (rc) { | |
1370 | + txAbort(tid, 0); | |
1371 | + goto out3; | |
1372 | + } | |
1351 | 1373 | |
1352 | 1374 | if ((rc = dtSearch(dir, &dname, &ino, &btstack, JFS_CREATE))) { |
1353 | 1375 | txAbort(tid, 0); |
fs/jfs/xattr.c
... | ... | @@ -21,6 +21,7 @@ |
21 | 21 | #include <linux/xattr.h> |
22 | 22 | #include <linux/posix_acl_xattr.h> |
23 | 23 | #include <linux/quotaops.h> |
24 | +#include <linux/security.h> | |
24 | 25 | #include "jfs_incore.h" |
25 | 26 | #include "jfs_superblock.h" |
26 | 27 | #include "jfs_dmap.h" |
... | ... | @@ -1148,4 +1149,39 @@ |
1148 | 1149 | |
1149 | 1150 | return rc; |
1150 | 1151 | } |
1152 | + | |
1153 | +#ifdef CONFIG_JFS_SECURITY | |
1154 | +int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir) | |
1155 | +{ | |
1156 | + int rc; | |
1157 | + size_t len; | |
1158 | + void *value; | |
1159 | + char *suffix; | |
1160 | + char *name; | |
1161 | + | |
1162 | + rc = security_inode_init_security(inode, dir, &suffix, &value, &len); | |
1163 | + if (rc) { | |
1164 | + if (rc == -EOPNOTSUPP) | |
1165 | + return 0; | |
1166 | + return rc; | |
1167 | + } | |
1168 | + name = kmalloc(XATTR_SECURITY_PREFIX_LEN + 1 + strlen(suffix), | |
1169 | + GFP_NOFS); | |
1170 | + if (!name) { | |
1171 | + rc = -ENOMEM; | |
1172 | + goto kmalloc_failed; | |
1173 | + } | |
1174 | + strcpy(name, XATTR_SECURITY_PREFIX); | |
1175 | + strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix); | |
1176 | + | |
1177 | + rc = __jfs_setxattr(tid, inode, name, value, len, 0); | |
1178 | + | |
1179 | + kfree(name); | |
1180 | +kmalloc_failed: | |
1181 | + kfree(suffix); | |
1182 | + kfree(value); | |
1183 | + | |
1184 | + return rc; | |
1185 | +} | |
1186 | +#endif |