mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 02:36:02 +00:00
6140be90ec
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and removexattrat(). Those can be used to operate on extended attributes, especially security related ones, either relative to a pinned directory or on a file descriptor without read access, avoiding a /proc/<pid>/fd/<fd> detour, requiring a mounted procfs. One use case will be setfiles(8) setting SELinux file contexts ("security.selinux") without race conditions and without a file descriptor opened with read access requiring SELinux read permission. Use the do_{name}at() pattern from fs/open.c. Pass the value of the extended attribute, its length, and for setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added struct xattr_args to not exceed six syscall arguments and not merging the AT_* and XATTR_* flags. [AV: fixes by Christian Brauner folded in, the entire thing rebased on top of {filename,file}_...xattr() primitives, treatment of empty pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling is cheap, so f...(2) can use it] Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de Reviewed-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Christian Brauner <brauner@kernel.org> CC: x86@kernel.org CC: linux-alpha@vger.kernel.org CC: linux-kernel@vger.kernel.org CC: linux-arm-kernel@lists.infradead.org CC: linux-ia64@vger.kernel.org CC: linux-m68k@lists.linux-m68k.org CC: linux-mips@vger.kernel.org CC: linux-parisc@vger.kernel.org CC: linuxppc-dev@lists.ozlabs.org CC: linux-s390@vger.kernel.org CC: linux-sh@vger.kernel.org CC: sparclinux@vger.kernel.org CC: linux-fsdevel@vger.kernel.org CC: audit@vger.kernel.org CC: linux-arch@vger.kernel.org CC: linux-api@vger.kernel.org CC: linux-security-module@vger.kernel.org CC: selinux@vger.kernel.org [brauner: slight tweaks] Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
137 lines
4.5 KiB
C
137 lines
4.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
File: linux/xattr.h
|
|
|
|
Extended attributes handling.
|
|
|
|
Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved.
|
|
Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
*/
|
|
#ifndef _LINUX_XATTR_H
|
|
#define _LINUX_XATTR_H
|
|
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/types.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/user_namespace.h>
|
|
#include <uapi/linux/xattr.h>
|
|
|
|
/* List of all open_how "versions". */
|
|
#define XATTR_ARGS_SIZE_VER0 16 /* sizeof first published struct */
|
|
#define XATTR_ARGS_SIZE_LATEST XATTR_ARGS_SIZE_VER0
|
|
|
|
struct inode;
|
|
struct dentry;
|
|
|
|
static inline bool is_posix_acl_xattr(const char *name)
|
|
{
|
|
return (strcmp(name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
|
|
(strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0);
|
|
}
|
|
|
|
/*
|
|
* struct xattr_handler: When @name is set, match attributes with exactly that
|
|
* name. When @prefix is set instead, match attributes with that prefix and
|
|
* with a non-empty suffix.
|
|
*/
|
|
struct xattr_handler {
|
|
const char *name;
|
|
const char *prefix;
|
|
int flags; /* fs private flags */
|
|
bool (*list)(struct dentry *dentry);
|
|
int (*get)(const struct xattr_handler *, struct dentry *dentry,
|
|
struct inode *inode, const char *name, void *buffer,
|
|
size_t size);
|
|
int (*set)(const struct xattr_handler *,
|
|
struct mnt_idmap *idmap, struct dentry *dentry,
|
|
struct inode *inode, const char *name, const void *buffer,
|
|
size_t size, int flags);
|
|
};
|
|
|
|
/**
|
|
* xattr_handler_can_list - check whether xattr can be listed
|
|
* @handler: handler for this type of xattr
|
|
* @dentry: dentry whose inode xattr to list
|
|
*
|
|
* Determine whether the xattr associated with @dentry can be listed given
|
|
* @handler.
|
|
*
|
|
* Return: true if xattr can be listed, false if not.
|
|
*/
|
|
static inline bool xattr_handler_can_list(const struct xattr_handler *handler,
|
|
struct dentry *dentry)
|
|
{
|
|
return handler && (!handler->list || handler->list(dentry));
|
|
}
|
|
|
|
const char *xattr_full_name(const struct xattr_handler *, const char *);
|
|
|
|
struct xattr {
|
|
const char *name;
|
|
void *value;
|
|
size_t value_len;
|
|
};
|
|
|
|
ssize_t __vfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t);
|
|
ssize_t vfs_getxattr(struct mnt_idmap *, struct dentry *, const char *,
|
|
void *, size_t);
|
|
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
|
|
int __vfs_setxattr(struct mnt_idmap *, struct dentry *, struct inode *,
|
|
const char *, const void *, size_t, int);
|
|
int __vfs_setxattr_noperm(struct mnt_idmap *, struct dentry *,
|
|
const char *, const void *, size_t, int);
|
|
int __vfs_setxattr_locked(struct mnt_idmap *, struct dentry *,
|
|
const char *, const void *, size_t, int,
|
|
struct inode **);
|
|
int vfs_setxattr(struct mnt_idmap *, struct dentry *, const char *,
|
|
const void *, size_t, int);
|
|
int __vfs_removexattr(struct mnt_idmap *, struct dentry *, const char *);
|
|
int __vfs_removexattr_locked(struct mnt_idmap *, struct dentry *,
|
|
const char *, struct inode **);
|
|
int vfs_removexattr(struct mnt_idmap *, struct dentry *, const char *);
|
|
|
|
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
|
|
int vfs_getxattr_alloc(struct mnt_idmap *idmap,
|
|
struct dentry *dentry, const char *name,
|
|
char **xattr_value, size_t size, gfp_t flags);
|
|
|
|
int xattr_supports_user_prefix(struct inode *inode);
|
|
|
|
static inline const char *xattr_prefix(const struct xattr_handler *handler)
|
|
{
|
|
return handler->prefix ?: handler->name;
|
|
}
|
|
|
|
struct simple_xattrs {
|
|
struct rb_root rb_root;
|
|
rwlock_t lock;
|
|
};
|
|
|
|
struct simple_xattr {
|
|
struct rb_node rb_node;
|
|
char *name;
|
|
size_t size;
|
|
char value[];
|
|
};
|
|
|
|
void simple_xattrs_init(struct simple_xattrs *xattrs);
|
|
void simple_xattrs_free(struct simple_xattrs *xattrs, size_t *freed_space);
|
|
size_t simple_xattr_space(const char *name, size_t size);
|
|
struct simple_xattr *simple_xattr_alloc(const void *value, size_t size);
|
|
void simple_xattr_free(struct simple_xattr *xattr);
|
|
int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
|
|
void *buffer, size_t size);
|
|
struct simple_xattr *simple_xattr_set(struct simple_xattrs *xattrs,
|
|
const char *name, const void *value,
|
|
size_t size, int flags);
|
|
ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
|
|
char *buffer, size_t size);
|
|
void simple_xattr_add(struct simple_xattrs *xattrs,
|
|
struct simple_xattr *new_xattr);
|
|
int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name);
|
|
|
|
#endif /* _LINUX_XATTR_H */
|