Stephen Smalley avatar Stephen Smalley committed 0c408c7

yaffs: set security attribute at file creation

Add support to yaffs to set the security attribute of new inodes when
they are created. This parallels similar support in other filesystems,
and is a requirement for SELinux and other MAC systems.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>;

Comments (0)

Files changed (1)

fs/yaffs2/yaffs_vfs.c

 #include <linux/slab.h>
 #include <linux/init.h>
 #include <linux/fs.h>
+#include <linux/security.h>
 #include <linux/proc_fs.h>
 #include <linux/pagemap.h>
 #include <linux/mtd/mtd.h>
 	return inode;
 }
 
+#ifdef CONFIG_YAFFS_XATTR
+static int yaffs_init_security(struct inode *dir, struct dentry *dentry,
+			       struct inode *inode)
+{
+	int err;
+	size_t size;
+	void *value;
+	char *suffix;
+	char name[XATTR_NAME_MAX];
+	struct yaffs_dev *dev;
+	struct yaffs_obj *obj = yaffs_inode_to_obj(inode);
+	int result;
+
+	err = security_inode_init_security(inode, dir, &dentry->d_name,
+					   &suffix, &value, &size);
+	if (err) {
+		if (err == -EOPNOTSUPP)
+			return 0;
+		return err;
+	}
+	snprintf(name, sizeof name, "%s%s", XATTR_SECURITY_PREFIX, suffix);
+
+	/* inlined yaffs_setxattr: no instantiated dentry yet */
+	dev = obj->my_dev;
+	yaffs_gross_lock(dev);
+	result = yaffs_set_xattrib(obj, name, value, size, 0);
+	if (result == YAFFS_OK)
+		err = 0;
+	else if (result < 0)
+		err = result;
+	yaffs_gross_unlock(dev);
+
+	kfree(value);
+	kfree(suffix);
+	return err;
+}
+#else
+static int yaffs_init_security(struct inode *dir, struct dentry *dentry,
+			       struct inode *inode)
+{
+	return 0;
+}
+#endif
+
 static int yaffs_mknod(struct inode *dir, struct dentry *dentry, int mode,
 		       dev_t rdev)
 {
 
 	if (obj) {
 		inode = yaffs_get_inode(dir->i_sb, mode, rdev, obj);
+		yaffs_init_security(dir, dentry, inode);
 		d_instantiate(dentry, inode);
 		update_dir_time(dir);
 		yaffs_trace(YAFFS_TRACE_OS,
 		struct inode *inode;
 
 		inode = yaffs_get_inode(dir->i_sb, obj->yst_mode, 0, obj);
+		yaffs_init_security(dir, dentry, inode);
 		d_instantiate(dentry, inode);
 		update_dir_time(dir);
 		yaffs_trace(YAFFS_TRACE_OS, "symlink created OK");
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.