VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

[linux-2.6-omap-h63xx.git] / fs / xattr.c

diff --git a/fs/xattr.c b/fs/xattr.c
index 4523aca79659c24f5d2ca3b8ee415ddd9588b73f..1858552a6a1a0c6af76afb92316507c7d2d352eb 100644 (file)
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -60,8 +60,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
                if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
                        return -EPERM;
                if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
-                   (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) &&
-                   !capable(CAP_FOWNER))
+                   (mask & MAY_WRITE) && !is_owner_or_cap(inode))
                        return -EPERM;
        }
 
@@ -105,6 +104,33 @@ out:
 }
 EXPORT_SYMBOL_GPL(vfs_setxattr);
 
+ssize_t
+xattr_getsecurity(struct inode *inode, const char *name, void *value,
+                       size_t size)
+{
+       void *buffer = NULL;
+       ssize_t len;
+
+       if (!value || !size) {
+               len = security_inode_getsecurity(inode, name, &buffer, false);
+               goto out_noalloc;
+       }
+
+       len = security_inode_getsecurity(inode, name, &buffer, true);
+       if (len < 0)
+               return len;
+       if (size < len) {
+               len = -ERANGE;
+               goto out;
+       }
+       memcpy(value, buffer, len);
+out:
+       security_release_secctx(buffer, len);
+out_noalloc:
+       return len;
+}
+EXPORT_SYMBOL_GPL(xattr_getsecurity);
+
 ssize_t
 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
 {
@@ -127,8 +153,7 @@ vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                                XATTR_SECURITY_PREFIX_LEN)) {
                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
-               int ret = security_inode_getsecurity(inode, suffix, value,
-                                                    size, error);
+               int ret = xattr_getsecurity(inode, suffix, value, size);
                /*
                 * Only overwrite the return value if a security module
                 * is actually active.
@@ -268,7 +293,7 @@ sys_fsetxattr(int fd, char __user *name, void __user *value,
        if (!f)
                return error;
        dentry = f->f_path.dentry;
-       audit_inode(NULL, dentry->d_inode);
+       audit_inode(NULL, dentry);
        error = setxattr(dentry, name, value, size, flags);
        fput(f);
        return error;
@@ -350,7 +375,7 @@ sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size)
        f = fget(fd);
        if (!f)
                return error;
-       audit_inode(NULL, f->f_path.dentry->d_inode);
+       audit_inode(NULL, f->f_path.dentry);
        error = getxattr(f->f_path.dentry, name, value, size);
        fput(f);
        return error;
@@ -423,7 +448,7 @@ sys_flistxattr(int fd, char __user *list, size_t size)
        f = fget(fd);
        if (!f)
                return error;
-       audit_inode(NULL, f->f_path.dentry->d_inode);
+       audit_inode(NULL, f->f_path.dentry);
        error = listxattr(f->f_path.dentry, list, size);
        fput(f);
        return error;
@@ -486,7 +511,7 @@ sys_fremovexattr(int fd, char __user *name)
        if (!f)
                return error;
        dentry = f->f_path.dentry;
-       audit_inode(NULL, dentry->d_inode);
+       audit_inode(NULL, dentry);
        error = removexattr(dentry, name);
        fput(f);
        return error;