*/
#include <linux/fs.h>
#include <linux/slab.h>
-#include <linux/smp_lock.h>
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
return 0;
/*
- * The trusted.* namespace can only accessed by a privilegued user.
+ * The trusted.* namespace can only be accessed by a privileged user.
*/
if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
+ /* In user.* namespace, only regular files and directories can have
+ * extended attributes. For sticky directories, only the owner and
+ * privileged user can write attributes.
+ */
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
- if (!S_ISREG(inode->i_mode) &&
- (!S_ISDIR(inode->i_mode) || inode->i_mode & S_ISVTX))
+ if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
+ return -EPERM;
+ if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
+ (mask & MAY_WRITE) && !is_owner_or_cap(inode))
return -EPERM;
}
}
EXPORT_SYMBOL_GPL(vfs_setxattr);
+ssize_t
+xattr_getsecurity(struct inode *inode, const char *name, void *value,
+ size_t size)
+{
+ void *buffer = NULL;
+ ssize_t len;
+
+ if (!value || !size) {
+ len = security_inode_getsecurity(inode, name, &buffer, false);
+ goto out_noalloc;
+ }
+
+ len = security_inode_getsecurity(inode, name, &buffer, true);
+ if (len < 0)
+ return len;
+ if (size < len) {
+ len = -ERANGE;
+ goto out;
+ }
+ memcpy(value, buffer, len);
+out:
+ security_release_secctx(buffer, len);
+out_noalloc:
+ return len;
+}
+EXPORT_SYMBOL_GPL(xattr_getsecurity);
+
ssize_t
vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
{
if (error)
return error;
- if (inode->i_op->getxattr)
- error = inode->i_op->getxattr(dentry, name, value, size);
- else
- error = -EOPNOTSUPP;
-
if (!strncmp(name, XATTR_SECURITY_PREFIX,
XATTR_SECURITY_PREFIX_LEN)) {
const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
- int ret = security_inode_getsecurity(inode, suffix, value,
- size, error);
+ int ret = xattr_getsecurity(inode, suffix, value, size);
/*
* Only overwrite the return value if a security module
* is actually active.
*/
- if (ret != -EOPNOTSUPP)
- error = ret;
+ if (ret == -EOPNOTSUPP)
+ goto nolsm;
+ return ret;
}
+nolsm:
+ if (inode->i_op->getxattr)
+ error = inode->i_op->getxattr(dentry, name, value, size);
+ else
+ error = -EOPNOTSUPP;
return error;
}
error = user_path_walk(path, &nd);
if (error)
return error;
- error = setxattr(nd.dentry, name, value, size, flags);
- path_release(&nd);
+ error = setxattr(nd.path.dentry, name, value, size, flags);
+ path_put(&nd.path);
return error;
}
error = user_path_walk_link(path, &nd);
if (error)
return error;
- error = setxattr(nd.dentry, name, value, size, flags);
- path_release(&nd);
+ error = setxattr(nd.path.dentry, name, value, size, flags);
+ path_put(&nd.path);
return error;
}
f = fget(fd);
if (!f)
return error;
- dentry = f->f_dentry;
- audit_inode(NULL, dentry->d_inode);
+ dentry = f->f_path.dentry;
+ audit_inode(NULL, dentry);
error = setxattr(dentry, name, value, size, flags);
fput(f);
return error;
error = user_path_walk(path, &nd);
if (error)
return error;
- error = getxattr(nd.dentry, name, value, size);
- path_release(&nd);
+ error = getxattr(nd.path.dentry, name, value, size);
+ path_put(&nd.path);
return error;
}
error = user_path_walk_link(path, &nd);
if (error)
return error;
- error = getxattr(nd.dentry, name, value, size);
- path_release(&nd);
+ error = getxattr(nd.path.dentry, name, value, size);
+ path_put(&nd.path);
return error;
}
f = fget(fd);
if (!f)
return error;
- error = getxattr(f->f_dentry, name, value, size);
+ audit_inode(NULL, f->f_path.dentry);
+ error = getxattr(f->f_path.dentry, name, value, size);
fput(f);
return error;
}
error = user_path_walk(path, &nd);
if (error)
return error;
- error = listxattr(nd.dentry, list, size);
- path_release(&nd);
+ error = listxattr(nd.path.dentry, list, size);
+ path_put(&nd.path);
return error;
}
error = user_path_walk_link(path, &nd);
if (error)
return error;
- error = listxattr(nd.dentry, list, size);
- path_release(&nd);
+ error = listxattr(nd.path.dentry, list, size);
+ path_put(&nd.path);
return error;
}
f = fget(fd);
if (!f)
return error;
- error = listxattr(f->f_dentry, list, size);
+ audit_inode(NULL, f->f_path.dentry);
+ error = listxattr(f->f_path.dentry, list, size);
fput(f);
return error;
}
error = user_path_walk(path, &nd);
if (error)
return error;
- error = removexattr(nd.dentry, name);
- path_release(&nd);
+ error = removexattr(nd.path.dentry, name);
+ path_put(&nd.path);
return error;
}
error = user_path_walk_link(path, &nd);
if (error)
return error;
- error = removexattr(nd.dentry, name);
- path_release(&nd);
+ error = removexattr(nd.path.dentry, name);
+ path_put(&nd.path);
return error;
}
f = fget(fd);
if (!f)
return error;
- dentry = f->f_dentry;
- audit_inode(NULL, dentry->d_inode);
+ dentry = f->f_path.dentry;
+ audit_inode(NULL, dentry);
error = removexattr(dentry, name);
fput(f);
return error;
projects / linux-2.6-omap-h63xx.git / blobdiff