1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #include "reiserfs.h" |
3 | #include <linux/errno.h> |
4 | #include <linux/fs.h> |
5 | #include <linux/pagemap.h> |
6 | #include <linux/xattr.h> |
7 | #include <linux/slab.h> |
8 | #include "xattr.h" |
9 | #include <linux/security.h> |
10 | #include <linux/uaccess.h> |
11 | |
12 | static int |
13 | security_get(const struct xattr_handler *handler, struct dentry *unused, |
14 | struct inode *inode, const char *name, void *buffer, size_t size) |
15 | { |
16 | if (IS_PRIVATE(inode)) |
17 | return -EPERM; |
18 | |
19 | return reiserfs_xattr_get(inode, xattr_full_name(handler, name), |
20 | buffer, size); |
21 | } |
22 | |
23 | static int |
24 | security_set(const struct xattr_handler *handler, |
25 | struct mnt_idmap *idmap, struct dentry *unused, |
26 | struct inode *inode, const char *name, const void *buffer, |
27 | size_t size, int flags) |
28 | { |
29 | if (IS_PRIVATE(inode)) |
30 | return -EPERM; |
31 | |
32 | return reiserfs_xattr_set(inode, |
33 | xattr_full_name(handler, name), |
34 | buffer, size, flags); |
35 | } |
36 | |
37 | static bool security_list(struct dentry *dentry) |
38 | { |
39 | return !IS_PRIVATE(d_inode(dentry)); |
40 | } |
41 | |
42 | static int |
43 | reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, |
44 | void *fs_info) |
45 | { |
46 | struct reiserfs_security_handle *sec = fs_info; |
47 | |
48 | sec->value = kmemdup(p: xattr_array->value, size: xattr_array->value_len, |
49 | GFP_KERNEL); |
50 | if (!sec->value) |
51 | return -ENOMEM; |
52 | |
53 | sec->name = xattr_array->name; |
54 | sec->length = xattr_array->value_len; |
55 | return 0; |
56 | } |
57 | |
58 | /* Initializes the security context for a new inode and returns the number |
59 | * of blocks needed for the transaction. If successful, reiserfs_security |
60 | * must be released using reiserfs_security_free when the caller is done. */ |
61 | int reiserfs_security_init(struct inode *dir, struct inode *inode, |
62 | const struct qstr *qstr, |
63 | struct reiserfs_security_handle *sec) |
64 | { |
65 | int blocks = 0; |
66 | int error; |
67 | |
68 | sec->name = NULL; |
69 | sec->value = NULL; |
70 | sec->length = 0; |
71 | |
72 | /* Don't add selinux attributes on xattrs - they'll never get used */ |
73 | if (IS_PRIVATE(dir)) |
74 | return 0; |
75 | |
76 | error = security_inode_init_security(inode, dir, qstr, |
77 | initxattrs: &reiserfs_initxattrs, fs_data: sec); |
78 | if (error) { |
79 | sec->name = NULL; |
80 | sec->value = NULL; |
81 | sec->length = 0; |
82 | return error; |
83 | } |
84 | |
85 | if (sec->length && reiserfs_xattrs_initialized(sb: inode->i_sb)) { |
86 | blocks = reiserfs_xattr_jcreate_nblocks(inode) + |
87 | reiserfs_xattr_nblocks(inode, size: sec->length); |
88 | /* We don't want to count the directories twice if we have |
89 | * a default ACL. */ |
90 | REISERFS_I(inode)->i_flags |= i_has_xattr_dir; |
91 | } |
92 | return blocks; |
93 | } |
94 | |
95 | int reiserfs_security_write(struct reiserfs_transaction_handle *th, |
96 | struct inode *inode, |
97 | struct reiserfs_security_handle *sec) |
98 | { |
99 | char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX; |
100 | int error; |
101 | |
102 | if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX) |
103 | return -EINVAL; |
104 | |
105 | strlcat(p: xattr_name, q: sec->name, avail: sizeof(xattr_name)); |
106 | |
107 | error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value, |
108 | sec->length, XATTR_CREATE); |
109 | if (error == -ENODATA || error == -EOPNOTSUPP) |
110 | error = 0; |
111 | |
112 | return error; |
113 | } |
114 | |
115 | void reiserfs_security_free(struct reiserfs_security_handle *sec) |
116 | { |
117 | kfree(objp: sec->value); |
118 | sec->name = NULL; |
119 | sec->value = NULL; |
120 | } |
121 | |
122 | const struct xattr_handler reiserfs_xattr_security_handler = { |
123 | .prefix = XATTR_SECURITY_PREFIX, |
124 | .get = security_get, |
125 | .set = security_set, |
126 | .list = security_list, |
127 | }; |
128 | |