Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d5f3a5f6 authored by Mark Salyzyn's avatar Mark Salyzyn Committed by Paul Moore
Browse files

selinux: add security in-core xattr support for pstore and debugfs 



- add "pstore" and "debugfs" to list of in-core exceptions
- change fstype checks to boolean equation
- change from strncmp to strcmp for checking

Signed-off-by: default avatarMark Salyzyn <salyzyn@android.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
[PM: tweaked the subject line prefix to "selinux"]
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent 2088d60e

security/selinux/hooks.c

+8 −17
Original line number Original line Diff line number Diff line
@@ -401,23 +401,14 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) 
{

{

	struct superblock_security_struct *sbsec = sb->s_security;

	struct superblock_security_struct *sbsec = sb->s_security;





	if (sbsec->behavior == SECURITY_FS_USE_XATTR ||

	return sbsec->behavior == SECURITY_FS_USE_XATTR ||

		sbsec->behavior == SECURITY_FS_USE_TRANS ||

		sbsec->behavior == SECURITY_FS_USE_TRANS ||

	    sbsec->behavior == SECURITY_FS_USE_TASK)

		sbsec->behavior == SECURITY_FS_USE_TASK ||

		return 1;

		/* Special handling. Genfs but also in-core setxattr handler */



		!strcmp(sb->s_type->name, "sysfs") ||

	/* Special handling for sysfs. Is genfs but also has setxattr handler*/

		!strcmp(sb->s_type->name, "pstore") ||

	if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)

		!strcmp(sb->s_type->name, "debugfs") ||

		return 1;

		!strcmp(sb->s_type->name, "rootfs");



	/*

	 * Special handling for rootfs. Is genfs but supports

	 * setting SELinux context on in-core inodes.

	 */

	if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)

		return 1;



	return 0;

}

}





static int sb_finish_set_opts(struct super_block *sb)

static int sb_finish_set_opts(struct super_block *sb)