From f71ece9712b7712df98871eea9aeb60e49ca5239 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 28 Apr 2025 15:50:19 -0400 Subject: security,fs,nfs,net: update security_inode_listsecurity() interface Update the security_inode_listsecurity() interface to allow use of the xattr_list_one() helper and update the hook implementations. Link: https://lore.kernel.org/selinux/20250424152822.2719-1-stephen.smalley.work@gmail.com Signed-off-by: Stephen Smalley [PM: forward porting to bring this patch up to v7.1-rc1+] Signed-off-by: Paul Moore --- security/security.c | 16 ++++++++-------- security/selinux/hooks.c | 10 +++------- security/smack/smack_lsm.c | 13 ++++--------- 3 files changed, 15 insertions(+), 24 deletions(-) (limited to 'security') diff --git a/security/security.c b/security/security.c index 4e999f023651..71aea8fdf014 100644 --- a/security/security.c +++ b/security/security.c @@ -2258,22 +2258,22 @@ int security_inode_setsecurity(struct inode *inode, const char *name, /** * security_inode_listsecurity() - List the xattr security label names * @inode: inode - * @buffer: buffer - * @buffer_size: size of buffer + * @buffer: pointer to buffer + * @remaining_size: pointer to remaining size of buffer * * Copy the extended attribute names for the security labels associated with - * @inode into @buffer. The maximum size of @buffer is specified by - * @buffer_size. @buffer may be NULL to request the size of the buffer - * required. + * @inode into *(@buffer). The remaining size of @buffer is specified by + * *(@remaining_size). *(@buffer) may be NULL to request the size of the + * buffer required. Updates *(@buffer) and *(@remaining_size). * - * Return: Returns number of bytes used/required on success. + * Return: Returns 0 on success, or -errno on failure. */ int security_inode_listsecurity(struct inode *inode, - char *buffer, size_t buffer_size) + char **buffer, ssize_t *remaining_size) { if (unlikely(IS_PRIVATE(inode))) return 0; - return call_int_hook(inode_listsecurity, inode, buffer, buffer_size); + return call_int_hook(inode_listsecurity, inode, buffer, remaining_size); } EXPORT_SYMBOL(security_inode_listsecurity); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 97801966bf32..4ae736755557 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3684,16 +3684,12 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name, return 0; } -static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) +static int selinux_inode_listsecurity(struct inode *inode, char **buffer, + ssize_t *remaining_size) { - const int len = sizeof(XATTR_NAME_SELINUX); - if (!selinux_initialized()) return 0; - - if (buffer && len <= buffer_size) - memcpy(buffer, XATTR_NAME_SELINUX, len); - return len; + return xattr_list_one(buffer, remaining_size, XATTR_NAME_SELINUX); } static void selinux_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f9ae05039a2..ff115068c5c0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1665,17 +1665,12 @@ static int smack_inode_getsecurity(struct mnt_idmap *idmap, * smack_inode_listsecurity - list the Smack attributes * @inode: the object * @buffer: where they go - * @buffer_size: size of buffer + * @remaining_size: size of buffer */ -static int smack_inode_listsecurity(struct inode *inode, char *buffer, - size_t buffer_size) +static int smack_inode_listsecurity(struct inode *inode, char **buffer, + ssize_t *remaining_size) { - int len = sizeof(XATTR_NAME_SMACK); - - if (buffer != NULL && len <= buffer_size) - memcpy(buffer, XATTR_NAME_SMACK, len); - - return len; + return xattr_list_one(buffer, remaining_size, XATTR_NAME_SMACK); } /** -- cgit v1.2.3