Darkangeel_hd
/
lineage_android_kernel_samsung_jf
mirror of https://github.com/Darkangeel-hd/lineage_android_kernel_samsung_jf.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Enable setting security contexts on rootfs inodes. 

rootfs (ramfs) can support setting of security contexts
by userspace due to the vfs fallback behavior of calling
the security module to set the in-core inode state
for security.* attributes when the filesystem does not
provide an xattr handler.  No xattr handler required
as the inodes are pinned in memory and have no backing
store.

This is useful in allowing early userspace to label individual
files within a rootfs while still providing a policy-defined
default via genfs.

Change-Id: Ifc7e2dad167e79c2319139e22042513fd3130be2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2013-05-10 10:16:19 -04:00 committed by ShevT
parent 5a3c48ebd5
commit 4888634719
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security/selinux/hooks.c
View File

@ -437,6 +437,13 @@ static int sb_finish_set_opts(struct super_block *sb)
if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
sbsec->flags |= SE_SBLABELSUPP;
/*
* Special handling for rootfs. Is genfs but supports
* setting SELinux context on in-core inodes.
*/
if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
sbsec->flags |= SE_SBLABELSUPP;
/* Initialize the root inode. */
rc = inode_doinit_with_dentry(root_inode, root);