Home » Mailing list archives » linux-kernel » 2008 » September » 29

[PATCH 01/14] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: David P. Quigley
Subject: [PATCH 01/14] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.
Date: Monday, September 29, 2008 - 10:06 am

This factors out the part of the vfs_setxattr function that performs the
setting of the xattr and its notification. This is needed so the SELinux
implementation of inode_setsecctx can handle the setting of it's xattr while
maintaining the proper separation of layers.

Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
---
 fs/xattr.c            |   55 +++++++++++++++++++++++++++++++++++++-----------
 include/linux/xattr.h |    1 +
 2 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/fs/xattr.c b/fs/xattr.c
index 468377e..2f93006 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -66,22 +66,28 @@ xattr_permission(struct inode *inode, const char *name, int mask)
 	return inode_permission(inode, mask);
 }
 
-int
-vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
-		size_t size, int flags)
+/**
+ *  __vfs_setxattr_noperm - perform setxattr operation without performing
+ *  permission checks.
+ *
+ *  @dentry - object to perform setxattr on
+ *  @name - xattr name to set
+ *  @value - value to set @name to
+ *  @size - size of @value
+ *  @flags - flags to pass into filesystem operations
+ *
+ *  returns the result of the internal setxattr or setsecurity operations.
+ *
+ *  This function requires the caller to lock the inode's i_mutex before it
+ *  is executed. It also assumes that the caller will make the appropriate
+ *  permission checks.
+ */
+int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
+		const void *value, size_t size, int flags)
 {
 	struct inode *inode = dentry->d_inode;
-	int error;
-
-	error = xattr_permission(inode, name, MAY_WRITE);
-	if (error)
-		return error;
+	int error = -EOPNOTSUPP;
 
-	mutex_lock(&inode->i_mutex);
-	error = security_inode_setxattr(dentry, name, value, size, flags);
-	if (error)
-		goto out;
-	error = -EOPNOTSUPP;
 	if (inode->i_op->setxattr) {
 		error = inode->i_op->setxattr(dentry, name, value, size, flags);
 		if (!error) {
@@ -97,6 +103,29 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 		if (!error)
 			fsnotify_xattr(dentry);
 	}
+
+	return error;
+}
+
+
+int
+vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+		size_t size, int flags)
+{
+	struct inode *inode = dentry->d_inode;
+	int error;
+
+	error = xattr_permission(inode, name, MAY_WRITE);
+	if (error)
+		return error;
+
+	mutex_lock(&inode->i_mutex);
+	error = security_inode_setxattr(dentry, name, value, size, flags);
+	if (error)
+		goto out;
+
+	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
+
 out:
 	mutex_unlock(&inode->i_mutex);
 	return error;
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index d131e35..5c84af8 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -49,6 +49,7 @@ struct xattr_handler {
 ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
 ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
+int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
 int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int);
 int vfs_removexattr(struct dentry *, const char *);
 
-- 
1.5.5.1

--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[RFC v3] Security Label Support for NFSv4, David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 01/14] VFS: Factor out part of vfs_setxattr so it c ..., David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 05/14] SELinux: Add new labeling type native labels, David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 06/14] KConfig: Add KConfig entries for Labeled NFS, David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 08/14] NFS: Add security_label text mount option an ..., David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 10/14] NFSv4: Introduce new label structure, David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 11/14] NFS/RPC: Add the auth_seclabel security flav ..., David P. Quigley, (Mon Sep 29, 10:06 am)
[PATCH 13/14] NFS: Extend NFS xattr handlers to accept the ..., David P. Quigley, (Mon Sep 29, 10:06 am)
Re: [PATCH 01/14] VFS: Factor out part of vfs_setxattr so ..., Serge E. Hallyn, (Tue Sep 30, 12:51 pm)
Re: [PATCH 06/14] KConfig: Add KConfig entries for Labeled NFS, Serge E. Hallyn, (Tue Sep 30, 1:40 pm)
Re: [PATCH 11/14] NFS/RPC: Add the auth_seclabel security ..., Andy Whitcroft, (Fri Oct 3, 7:23 am)
Re: [PATCH 11/14] NFS/RPC: Add the auth_seclabel security ..., Matthew N. Dodd, (Fri Oct 3, 8:44 am)
Re: [RFC v3] Security Label Support for NFSv4, James Morris, (Mon Oct 13, 4:31 pm)
Re: [Labeled-nfs] [RFC v3] Security Label Support for NFSv4, Matthew N. Dodd, (Mon Oct 13, 7:15 pm)
Re: [Labeled-nfs] [RFC v3] Security Label Support for NFSv4, Trond Myklebust, (Tue Oct 14, 6:20 am)
Re: [Labeled-nfs] [RFC v3] Security Label Support for NFSv4, David P. Quigley, (Tue Oct 14, 7:28 am)