static int kernfs_security_xattr_set(const struct xattr_handler *handler, struct dentry *unused, struct inode *inode, const char *suffix, const void *value, size_t size, int flags) { struct kernfs_node *kn = inode->i_private; struct kernfs_iattrs *attrs; void *secdata; u32 secdata_len = 0; int error; attrs = kernfs_iattrs(kn); if (!attrs) return -ENOMEM; error = security_inode_setsecurity(inode, suffix, value, size, flags); if (error) return error; error = security_inode_getsecctx(inode, &secdata, &secdata_len); if (error) return error; mutex_lock(&kernfs_mutex); error = kernfs_node_setsecdata(attrs, &secdata, &secdata_len); mutex_unlock(&kernfs_mutex); if (secdata) security_release_secctx(secdata, secdata_len); return error; }
int kernfs_iop_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct kernfs_node *kn = dentry->d_fsdata; struct kernfs_iattrs *attrs; void *secdata; int error; u32 secdata_len = 0; attrs = kernfs_iattrs(kn); if (!attrs) return -ENOMEM; if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) { const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; error = security_inode_setsecurity(dentry->d_inode, suffix, value, size, flags); if (error) return error; error = security_inode_getsecctx(dentry->d_inode, &secdata, &secdata_len); if (error) return error; mutex_lock(&kernfs_mutex); error = kernfs_node_setsecdata(kn, &secdata, &secdata_len); mutex_unlock(&kernfs_mutex); if (secdata) security_release_secctx(secdata, secdata_len); return error; } else if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { return simple_xattr_set(&attrs->xattrs, name, value, size, flags); } return -EINVAL; }