@@ -22,6 +22,7 @@
#include <linux/rwsem.h>
#include <linux/xattr.h>
#include <linux/security.h>
+#include <linux/evm.h>
#include "ctree.h"
#include "btrfs_inode.h"
#include "transaction.h"
@@ -367,31 +368,49 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans,
const struct qstr *qstr)
{
int err;
- size_t len;
- void *value;
- char *suffix;
+ struct xattr lsm_xattr;
+ struct xattr evm_xattr;
char *name;
- err = security_inode_init_security(inode, dir, qstr, &suffix, &value,
- &len);
+ err = security_inode_init_security(inode, dir, qstr, &lsm_xattr.name,
+ &lsm_xattr.value,
+ &lsm_xattr.value_len);
if (err) {
if (err == -EOPNOTSUPP)
return 0;
return err;
}
- name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1,
+ name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(lsm_xattr.name) + 1,
GFP_NOFS);
if (!name) {
err = -ENOMEM;
} else {
strcpy(name, XATTR_SECURITY_PREFIX);
- strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix);
- err = __btrfs_setxattr(trans, inode, name, value, len, 0);
+ strcpy(name + XATTR_SECURITY_PREFIX_LEN, lsm_xattr.name);
+ err = __btrfs_setxattr(trans, inode, name, lsm_xattr.value,
+ lsm_xattr.value_len, 0);
kfree(name);
}
+ if (err)
+ goto out;
+
+ err = evm_inode_post_init_security(inode, &lsm_xattr, &evm_xattr);
+ if (err)
+ goto out;
- kfree(suffix);
- kfree(value);
+ name = kasprintf(GFP_NOFS, "%s%s", XATTR_SECURITY_PREFIX,
+ evm_xattr.name);
+ if (!name)
+ err = -ENOMEM;
+ else {
+ err = __btrfs_setxattr(trans, inode, name, evm_xattr.value,
+ evm_xattr.value_len, 0);
+ kfree(name);
+ }
+ kfree(evm_xattr.value);
+out:
+ kfree(lsm_xattr.name);
+ kfree(lsm_xattr.value);
return err;
}
After creating the initial LSM security extended attribute, call evm_inode_post_init_security() to create the 'security.evm' extended attribute. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> --- fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++---------- 1 files changed, 29 insertions(+), 10 deletions(-)