return error;
}
+EXPORT_SYMBOL_GPL(__vfs_setxattr_noperm);
int
}
memcpy(value, buffer, len);
out:
- security_release_secctx(buffer, len);
+ kfree(buffer);
out_noalloc:
return len;
}
*xattr_value = value;
return error;
}
+EXPORT_SYMBOL_GPL(vfs_getxattr_alloc);
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
}
EXPORT_SYMBOL(__vfs_removexattr);
+/**
+ * __vfs_removexattr_noperm - perform removexattr operation without
+ * performing permission checks.
+ *
+ * @dentry - object to perform setxattr on
+ * @name - xattr name to set
+ *
+ * returns the result of the internal setxattr or setsecurity operations.
+ *
+ * This function requires the caller to lock the inode's i_mutex before it
+ * is executed. It also assumes that the caller will make the appropriate
+ * permission checks.
+ */
+int
+__vfs_removexattr_noperm(struct dentry *dentry, const char *name)
+{
+ int error;
+
+ error =__vfs_removexattr(dentry, name);
+ if (!error) {
+ fsnotify_xattr(dentry);
+ evm_inode_post_removexattr(dentry, name);
+ }
+ return error;
+}
+EXPORT_SYMBOL_GPL(__vfs_removexattr_noperm);
+
int
vfs_removexattr(struct dentry *dentry, const char *name)
{
if (error)
goto out;
- error = __vfs_removexattr(dentry, name);
-
- if (!error) {
- fsnotify_xattr(dentry);
- evm_inode_post_removexattr(dentry, name);
- }
+ error = __vfs_removexattr_noperm(dentry, name);
out:
inode_unlock(inode);
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
posix_acl_fix_xattr_from_user(kvalue, size);
+ else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
+ error = cap_convert_nscap(d, &kvalue, size);
+ if (error < 0)
+ goto out;
+ size = error;
+ }
}
error = vfs_setxattr(d, kname, kvalue, size, flags);