Commits

Stephen Smalley  committed afef4d6

yaffs: set security attribute at file creation

Add support to yaffs to set the security attribute of new inodes when
they are created. This parallels similar support in other filesystems,
and is a requirement for SELinux and other MAC systems.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits 6b34756

Comments (0)

Files changed (1)

File fs/yaffs2/yaffs_vfs.c

 #include <linux/slab.h>
 #include <linux/init.h>
 #include <linux/fs.h>
+#include <linux/security.h>
+#include <linux/xattr.h>
 #include <linux/proc_fs.h>
 #include <linux/pagemap.h>
 #include <linux/mtd/mtd.h>
 	return inode;
 }
 
+#ifdef CONFIG_YAFFS_XATTR
+static int yaffs_initxattrs(struct inode *inode,
+			    const struct xattr *xattr_array,
+			    void *fs_info)
+{
+	const struct xattr *xattr;
+	struct yaffs_obj *obj = fs_info;
+	struct yaffs_dev *dev = obj->my_dev;
+	char name[XATTR_NAME_MAX];
+	int err = 0;
+	int result = YAFFS_OK;
+
+	yaffs_gross_lock(dev);
+	for (xattr = xattr_array; xattr->name != NULL; xattr++) {
+		snprintf(name, sizeof name, "%s%s", XATTR_SECURITY_PREFIX, xattr->name);
+		/* inlined yaffs_setxattr: no instantiated dentry yet */
+		result = yaffs_set_xattrib(obj, name, xattr->value,
+					   xattr->value_len, 0);
+		if (result < 0)
+			break;
+	}
+	yaffs_gross_unlock(dev);
+	if (result == YAFFS_OK)
+		err = 0;
+	else if (result < 0)
+		err = result;
+	return err;
+}
+
+static int yaffs_init_security(struct inode *dir, struct dentry *dentry,
+			       struct inode *inode)
+{
+	struct yaffs_obj *obj = yaffs_inode_to_obj(inode);
+	return security_inode_init_security(inode, dir, &dentry->d_name,
+					    &yaffs_initxattrs, obj);
+}
+#else
+static int yaffs_init_security(struct inode *dir, struct dentry *dentry,
+			       struct inode *inode)
+{
+	return 0;
+}
+#endif
+
 static int yaffs_mknod(struct inode *dir, struct dentry *dentry, int mode,
 		       dev_t rdev)
 {
 
 	if (obj) {
 		inode = yaffs_get_inode(dir->i_sb, mode, rdev, obj);
+		yaffs_init_security(dir, dentry, inode);
 		d_instantiate(dentry, inode);
 		update_dir_time(dir);
 		yaffs_trace(YAFFS_TRACE_OS,
 		struct inode *inode;
 
 		inode = yaffs_get_inode(dir->i_sb, obj->yst_mode, 0, obj);
+		yaffs_init_security(dir, dentry, inode);
 		d_instantiate(dentry, inode);
 		update_dir_time(dir);
 		yaffs_trace(YAFFS_TRACE_OS, "symlink created OK");