@@ -184,6 +184,7 @@ static inline void set_inode_attr(struct inode *inode, struct iattr *iattr)
static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
{
struct kernfs_iattrs *attrs = kn->iattr;
+ struct lsm_context lc; /* Scaffolding -Casey */
inode->i_mode = kn->mode;
if (attrs) {
@@ -192,8 +193,9 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
* persistent copy in kernfs_node.
*/
set_inode_attr(inode, &attrs->ia_iattr);
- security_inode_notifysecctx(inode, attrs->ia_secdata,
- attrs->ia_secdata_len);
+ lc.context = attrs->ia_secdata;
+ lc.len = attrs->ia_secdata_len;
+ security_inode_notifysecctx(inode, &lc);
}
if (kernfs_type(kn) == KERNFS_DIR)
@@ -339,14 +339,16 @@ static void nfs_clear_label_invalid(struct inode *inode)
void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,
struct nfs4_label *label)
{
+ struct lsm_context lc; /* Scaffolding -Casey */
int error;
if (label == NULL)
return;
if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) {
- error = security_inode_notifysecctx(inode, label->label,
- label->len);
+ lc.context = label->label;
+ lc.len = label->len;
+ error = security_inode_notifysecctx(inode, &lc);
if (error)
printk(KERN_ERR "%s() %s %d "
"security_inode_notifysecctx() %d\n",
@@ -434,7 +434,7 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
void security_release_secctx(char *secdata, u32 seclen);
void security_inode_invalidate_secctx(struct inode *inode);
-int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
+int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
#else /* CONFIG_SECURITY */
@@ -1218,7 +1218,8 @@ static inline void security_inode_invalidate_secctx(struct inode *inode)
{
}
-static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+static inline int security_inode_notifysecctx(struct inode *inode,
+ struct lsm_context *cp);
{
return -EOPNOTSUPP;
}
@@ -2012,13 +2012,9 @@ void security_inode_invalidate_secctx(struct inode *inode)
}
EXPORT_SYMBOL(security_inode_invalidate_secctx);
-int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+int security_inode_notifysecctx(struct inode *inode, struct lsm_context *cp)
{
- struct lsm_context lc;
-
- lc.context = ctx;
- lc.len = ctxlen;
- return call_int_hook(inode_notifysecctx, 0, inode, &lc);
+ return call_int_hook(inode_notifysecctx, 0, inode, cp);
}
EXPORT_SYMBOL(security_inode_notifysecctx);
Convert security_inode_notifysecctx to use the lsm_context structure instead of a context/secid pair. There is some scaffolding involved that will be removed when the related data is updated. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- fs/kernfs/inode.c | 6 ++++-- fs/nfs/inode.c | 6 ++++-- include/linux/security.h | 5 +++-- security/security.c | 8 ++------ 4 files changed, 13 insertions(+), 12 deletions(-)