[PATCH v7 04/16] LSM: List multiple security attributes in security_inode_listsecurity

Casey Schaufler casey at schaufler-ca.com
Wed Aug 7 22:42:33 UTC 2019


Listing security extended attributes is extended to the case
where there is more than one security module that provides them.
The same format used in other xattr list providers:
	name1\0name2\0name3
is used.

Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
 security/security.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/security/security.c b/security/security.c
index a58e60970035..87cb3562646b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1475,9 +1475,34 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void
 
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
 {
+	struct security_hook_list *hp;
+	bool first = true;
+	int finallen = 0;
+	int len;
+
 	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
-	return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
+
+	hlist_for_each_entry(hp, &security_hook_heads.inode_listsecurity,
+			     list) {
+		len = hp->hook.inode_listsecurity(inode, buffer, buffer_size);
+		if (len < buffer_size) {
+			if (buffer)
+				buffer[len] = '\0';
+			buffer_size -= len + 1;
+		} else {
+			buffer = NULL;
+			buffer_size = 0;
+		}
+		if (first) {
+			finallen = len;
+			first = false;
+		} else
+			finallen += len + 1;
+		if (buffer)
+			buffer += len + 1;
+	}
+	return finallen;
 }
 EXPORT_SYMBOL(security_inode_listsecurity);
 
-- 
2.20.1



More information about the Linux-security-module-archive mailing list