From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch against 2.5.68 implements an xattr handler for ext3 to support the
use of extended attributes by security modules for storing file security
labels. As per the earlier discussion of extended attributes for security
modules, this handler uses a "security." prefix and allows for per-module
attribute names. Security checking for userspace access to these attributes
can be performed by the security module using the LSM hooks in fs/xattr.c,
and the security module is free to internally use the inode operations
without restriction for managing its security labels. Unlike the trusted
namespace, these labels are used internally for access control purposes by
the security modules, and controls over userspace access to them require
finer granularity than capable() supports.
25-akpm/fs/Kconfig | 12 ++++++++
25-akpm/fs/ext3/Makefile | 4 ++
25-akpm/fs/ext3/xattr.c | 21 ++++++++++++--
25-akpm/fs/ext3/xattr.h | 2 +
25-akpm/fs/ext3/xattr_security.c | 55 +++++++++++++++++++++++++++++++++++++++
5 files changed, 91 insertions(+), 3 deletions(-)
diff -puN fs/ext3/Makefile~ext3-security-xattr fs/ext3/Makefile
--- 25/fs/ext3/Makefile~ext3-security-xattr Mon May 5 13:18:48 2003
+++ 25-akpm/fs/ext3/Makefile Mon May 5 13:18:48 2003
@@ -14,3 +14,7 @@ endif
ifeq ($(CONFIG_EXT3_FS_POSIX_ACL),y)
ext3-objs += acl.o
endif
+
+ifeq ($(CONFIG_EXT3_FS_SECURITY),y)
+ext3-objs += xattr_security.o
+endif
diff -puN fs/ext3/xattr.c~ext3-security-xattr fs/ext3/xattr.c
--- 25/fs/ext3/xattr.c~ext3-security-xattr Mon May 5 13:18:48 2003
+++ 25-akpm/fs/ext3/xattr.c Mon May 5 13:18:48 2003
@@ -1142,22 +1142,33 @@ init_ext3_xattr(void)
&ext3_xattr_trusted_handler);
if (err)
goto out;
+#ifdef CONFIG_EXT3_FS_SECURITY
+ err = ext3_xattr_register(EXT3_XATTR_INDEX_SECURITY,
+ &ext3_xattr_security_handler);
+ if (err)
+ goto out1;
+#endif
#ifdef CONFIG_EXT3_FS_POSIX_ACL
err = init_ext3_acl();
if (err)
- goto out1;
+ goto out2;
#endif
ext3_xattr_cache = mb_cache_create("ext3_xattr", NULL,
sizeof(struct mb_cache_entry) +
sizeof(struct mb_cache_entry_index), 1, 6);
if (!ext3_xattr_cache) {
err = -ENOMEM;
- goto out2;
+ goto out3;
}
return 0;
-out2:
+out3:
#ifdef CONFIG_EXT3_FS_POSIX_ACL
exit_ext3_acl();
+out2:
+#endif
+#ifdef CONFIG_EXT3_FS_SECURITY
+ ext3_xattr_unregister(EXT3_XATTR_INDEX_SECURITY,
+ &ext3_xattr_security_handler);
out1:
#endif
ext3_xattr_unregister(EXT3_XATTR_INDEX_TRUSTED,
@@ -1177,6 +1188,10 @@ exit_ext3_xattr(void)
#ifdef CONFIG_EXT3_FS_POSIX_ACL
exit_ext3_acl();
#endif
+#ifdef CONFIG_EXT3_FS_SECURITY
+ ext3_xattr_unregister(EXT3_XATTR_INDEX_SECURITY,
+ &ext3_xattr_security_handler);
+#endif
ext3_xattr_unregister(EXT3_XATTR_INDEX_TRUSTED,
&ext3_xattr_trusted_handler);
ext3_xattr_unregister(EXT3_XATTR_INDEX_USER,
diff -puN fs/ext3/xattr.h~ext3-security-xattr fs/ext3/xattr.h
--- 25/fs/ext3/xattr.h~ext3-security-xattr Mon May 5 13:18:48 2003
+++ 25-akpm/fs/ext3/xattr.h Mon May 5 13:19:18 2003
@@ -21,6 +21,7 @@
#define EXT3_XATTR_INDEX_POSIX_ACL_ACCESS 2
#define EXT3_XATTR_INDEX_POSIX_ACL_DEFAULT 3
#define EXT3_XATTR_INDEX_TRUSTED 4
+#define EXT3_XATTR_INDEX_SECURITY 6
struct ext3_xattr_header {
__u32 h_magic; /* magic number for identification */
@@ -141,3 +142,4 @@ exit_ext3_xattr(void)
extern struct ext3_xattr_handler ext3_xattr_user_handler;
extern struct ext3_xattr_handler ext3_xattr_trusted_handler;
+extern struct ext3_xattr_handler ext3_xattr_security_handler;
diff -puN /dev/null fs/ext3/xattr_security.c
--- /dev/null Thu Apr 11 07:25:15 2002
+++ 25-akpm/fs/ext3/xattr_security.c Mon May 5 13:18:48 2003
@@ -0,0 +1,55 @@
+/*
+ * linux/fs/ext3/xattr_security.c
+ * Handler for storing security labels as extended attributes.
+ */
+
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/fs.h>
+#include <linux/smp_lock.h>
+#include <linux/ext3_jbd.h>
+#include <linux/ext3_fs.h>
+#include "xattr.h"
+
+#define XATTR_SECURITY_PREFIX "security."
+
+static size_t
+ext3_xattr_security_list(char *list, struct inode *inode,
+ const char *name, int name_len)
+{
+ const int prefix_len = sizeof(XATTR_SECURITY_PREFIX)-1;
+
+ if (list) {
+ memcpy(list, XATTR_SECURITY_PREFIX, prefix_len);
+ memcpy(list+prefix_len, name, name_len);
+ list[prefix_len + name_len] = '\0';
+ }
+ return prefix_len + name_len + 1;
+}
+
+static int
+ext3_xattr_security_get(struct inode *inode, const char *name,
+ void *buffer, size_t size)
+{
+ if (strcmp(name, "") == 0)
+ return -EINVAL;
+ return ext3_xattr_get(inode, EXT3_XATTR_INDEX_SECURITY, name,
+ buffer, size);
+}
+
+static int
+ext3_xattr_security_set(struct inode *inode, const char *name,
+ const void *value, size_t size, int flags)
+{
+ if (strcmp(name, "") == 0)
+ return -EINVAL;
+ return ext3_xattr_set(inode, EXT3_XATTR_INDEX_SECURITY, name,
+ value, size, flags);
+}
+
+struct ext3_xattr_handler ext3_xattr_security_handler = {
+ .prefix = XATTR_SECURITY_PREFIX,
+ .list = ext3_xattr_security_list,
+ .get = ext3_xattr_security_get,
+ .set = ext3_xattr_security_set,
+};
diff -puN fs/Kconfig~ext3-security-xattr fs/Kconfig
--- 25/fs/Kconfig~ext3-security-xattr Mon May 5 13:18:48 2003
+++ 25-akpm/fs/Kconfig Mon May 5 13:18:52 2003
@@ -131,6 +131,18 @@ config EXT3_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
+config EXT3_FS_SECURITY
+ bool "Ext3 Security Labels"
+ depends on EXT3_FS_XATTR
+ help
+ Security labels support alternative access control models
+ implemented by security modules like SELinux. This option
+ enables an extended attribute handler for file security
+ labels in the ext3 filesystem.
+
+ If you are not using a security module that requires using
+ extended attributes for file security labels, say N.
+
config JBD
# CONFIG_JBD could be its own option (even modular), but until there are
# other users than ext3, we will simply make it be the same as CONFIG_EXT3_FS
_