提交 8326c1ee 编写于 作者: H Hyunchul Lee 提交者: Richard Weinberger

ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels

When write syscall is called, every time security label is searched to
determine that file's privileges should be changed.
If LSM(Linux Security Model) is not used, this is useless.

So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default
value is "y".
Signed-off-by: NHyunchul Lee <cheol.lee@lge.com>
Signed-off-by: NRichard Weinberger <richard@nod.at>
上级 997d30cb
...@@ -61,3 +61,16 @@ config UBIFS_FS_ENCRYPTION ...@@ -61,3 +61,16 @@ config UBIFS_FS_ENCRYPTION
feature is similar to ecryptfs, but it is more memory feature is similar to ecryptfs, but it is more memory
efficient since it avoids caching the encrypted and efficient since it avoids caching the encrypted and
decrypted pages in the page cache. decrypted pages in the page cache.
config UBIFS_FS_SECURITY
bool "UBIFS Security Labels"
depends on UBIFS_FS
default y
help
Security labels provide an access control facility to support Linux
Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
Linux. This option enables an extended attribute handler for file
security labels in the ubifs filesystem, so that it requires enabling
the extended attribute support in advance.
If you are not using a security module, say N.
...@@ -1756,13 +1756,23 @@ int ubifs_check_dir_empty(struct inode *dir); ...@@ -1756,13 +1756,23 @@ int ubifs_check_dir_empty(struct inode *dir);
/* xattr.c */ /* xattr.c */
extern const struct xattr_handler *ubifs_xattr_handlers[]; extern const struct xattr_handler *ubifs_xattr_handlers[];
ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size);
int ubifs_init_security(struct inode *dentry, struct inode *inode,
const struct qstr *qstr);
int ubifs_xattr_set(struct inode *host, const char *name, const void *value, int ubifs_xattr_set(struct inode *host, const char *name, const void *value,
size_t size, int flags); size_t size, int flags);
ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf, ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
size_t size); size_t size);
#ifdef CONFIG_UBIFS_FS_SECURITY
extern int ubifs_init_security(struct inode *dentry, struct inode *inode,
const struct qstr *qstr);
#else
static inline int ubifs_init_security(struct inode *dentry,
struct inode *inode, const struct qstr *qstr)
{
return 0;
}
#endif
/* super.c */ /* super.c */
struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); struct inode *ubifs_iget(struct super_block *sb, unsigned long inum);
......
...@@ -559,6 +559,7 @@ static int ubifs_xattr_remove(struct inode *host, const char *name) ...@@ -559,6 +559,7 @@ static int ubifs_xattr_remove(struct inode *host, const char *name)
return err; return err;
} }
#ifdef CONFIG_UBIFS_FS_SECURITY
static int init_xattrs(struct inode *inode, const struct xattr *xattr_array, static int init_xattrs(struct inode *inode, const struct xattr *xattr_array,
void *fs_info) void *fs_info)
{ {
...@@ -599,6 +600,7 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode, ...@@ -599,6 +600,7 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode,
} }
return err; return err;
} }
#endif
static int xattr_get(const struct xattr_handler *handler, static int xattr_get(const struct xattr_handler *handler,
struct dentry *dentry, struct inode *inode, struct dentry *dentry, struct inode *inode,
...@@ -639,15 +641,19 @@ static const struct xattr_handler ubifs_trusted_xattr_handler = { ...@@ -639,15 +641,19 @@ static const struct xattr_handler ubifs_trusted_xattr_handler = {
.set = xattr_set, .set = xattr_set,
}; };
#ifdef CONFIG_UBIFS_FS_SECURITY
static const struct xattr_handler ubifs_security_xattr_handler = { static const struct xattr_handler ubifs_security_xattr_handler = {
.prefix = XATTR_SECURITY_PREFIX, .prefix = XATTR_SECURITY_PREFIX,
.get = xattr_get, .get = xattr_get,
.set = xattr_set, .set = xattr_set,
}; };
#endif
const struct xattr_handler *ubifs_xattr_handlers[] = { const struct xattr_handler *ubifs_xattr_handlers[] = {
&ubifs_user_xattr_handler, &ubifs_user_xattr_handler,
&ubifs_trusted_xattr_handler, &ubifs_trusted_xattr_handler,
#ifdef CONFIG_UBIFS_FS_SECURITY
&ubifs_security_xattr_handler, &ubifs_security_xattr_handler,
#endif
NULL NULL
}; };
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册