| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | // SPDX-License-Identifier: GPL-2.0 |
| 2 | #include "reiserfs.h" |
| 3 | #include <linux/errno.h> |
| 4 | #include <linux/fs.h> |
| 5 | #include <linux/pagemap.h> |
| 6 | #include <linux/xattr.h> |
| 7 | #include <linux/slab.h> |
| 8 | #include "xattr.h" |
| 9 | #include <linux/security.h> |
| 10 | #include <linux/uaccess.h> |
| 11 | |
| 12 | static int |
| 13 | security_get(const struct xattr_handler *handler, struct dentry *unused, |
| 14 | struct inode *inode, const char *name, void *buffer, size_t size) |
| 15 | { |
| 16 | if (IS_PRIVATE(inode)) |
| 17 | return -EPERM; |
| 18 | |
| 19 | return reiserfs_xattr_get(inode, xattr_full_name(handler, name), |
| 20 | buffer, size); |
| 21 | } |
| 22 | |
| 23 | static int |
| 24 | security_set(const struct xattr_handler *handler, struct dentry *unused, |
| 25 | struct inode *inode, const char *name, const void *buffer, |
| 26 | size_t size, int flags) |
| 27 | { |
| 28 | if (IS_PRIVATE(inode)) |
| 29 | return -EPERM; |
| 30 | |
| 31 | return reiserfs_xattr_set(inode, |
| 32 | xattr_full_name(handler, name), |
| 33 | buffer, size, flags); |
| 34 | } |
| 35 | |
| 36 | static bool security_list(struct dentry *dentry) |
| 37 | { |
| 38 | return !IS_PRIVATE(d_inode(dentry)); |
| 39 | } |
| 40 | |
| 41 | /* Initializes the security context for a new inode and returns the number |
| 42 | * of blocks needed for the transaction. If successful, reiserfs_security |
| 43 | * must be released using reiserfs_security_free when the caller is done. */ |
| 44 | int reiserfs_security_init(struct inode *dir, struct inode *inode, |
| 45 | const struct qstr *qstr, |
| 46 | struct reiserfs_security_handle *sec) |
| 47 | { |
| 48 | int blocks = 0; |
| 49 | int error; |
| 50 | |
| 51 | sec->name = NULL; |
| 52 | |
| 53 | /* Don't add selinux attributes on xattrs - they'll never get used */ |
| 54 | if (IS_PRIVATE(dir)) |
| 55 | return 0; |
| 56 | |
| 57 | error = security_old_inode_init_security(inode, dir, qstr, &sec->name, |
| 58 | &sec->value, &sec->length); |
| 59 | if (error) { |
| 60 | if (error == -EOPNOTSUPP) |
| 61 | error = 0; |
| 62 | |
| 63 | sec->name = NULL; |
| 64 | sec->value = NULL; |
| 65 | sec->length = 0; |
| 66 | return error; |
| 67 | } |
| 68 | |
| 69 | if (sec->length && reiserfs_xattrs_initialized(inode->i_sb)) { |
| 70 | blocks = reiserfs_xattr_jcreate_nblocks(inode) + |
| 71 | reiserfs_xattr_nblocks(inode, sec->length); |
| 72 | /* We don't want to count the directories twice if we have |
| 73 | * a default ACL. */ |
| 74 | REISERFS_I(inode)->i_flags |= i_has_xattr_dir; |
| 75 | } |
| 76 | return blocks; |
| 77 | } |
| 78 | |
| 79 | int reiserfs_security_write(struct reiserfs_transaction_handle *th, |
| 80 | struct inode *inode, |
| 81 | struct reiserfs_security_handle *sec) |
| 82 | { |
| 83 | int error; |
| 84 | if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX)) |
| 85 | return -EINVAL; |
| 86 | |
| 87 | error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, |
| 88 | sec->length, XATTR_CREATE); |
| 89 | if (error == -ENODATA || error == -EOPNOTSUPP) |
| 90 | error = 0; |
| 91 | |
| 92 | return error; |
| 93 | } |
| 94 | |
| 95 | void reiserfs_security_free(struct reiserfs_security_handle *sec) |
| 96 | { |
| 97 | kfree(sec->name); |
| 98 | kfree(sec->value); |
| 99 | sec->name = NULL; |
| 100 | sec->value = NULL; |
| 101 | } |
| 102 | |
| 103 | const struct xattr_handler reiserfs_xattr_security_handler = { |
| 104 | .prefix = XATTR_SECURITY_PREFIX, |
| 105 | .get = security_get, |
| 106 | .set = security_set, |
| 107 | .list = security_list, |
| 108 | }; |