aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2013-05-10 10:16:19 -0400
committerBrett Rogers <brettrogers11@gmail.com>2015-11-07 23:25:35 -0800
commit193be18cdc2b9b06f359d14d42cdfd46f2afa773 (patch)
tree44069e0f25c01966c4c4542c03e8a9c5135194e0 /security
parentdbcebd4c943ec1bf3af6ad2b0886aa4346831de2 (diff)
downloadkernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.zip
kernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.tar.gz
kernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.tar.bz2
Enable setting security contexts on rootfs inodes.
rootfs (ramfs) can support setting of security contexts by userspace due to the vfs fallback behavior of calling the security module to set the in-core inode state for security.* attributes when the filesystem does not provide an xattr handler. No xattr handler required as the inodes are pinned in memory and have no backing store. This is useful in allowing early userspace to label individual files within a rootfs while still providing a policy-defined default via genfs. Change-Id: Ia7116e0a9100b9a1957af548a78e8f0ab8087e32 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 49ddc59..71f949f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -407,6 +407,13 @@ static int sb_finish_set_opts(struct super_block *sb)
if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
sbsec->flags |= SE_SBLABELSUPP;
+ /*
+ * Special handling for rootfs. Is genfs but supports
+ * setting SELinux context on in-core inodes.
+ */
+ if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
+ sbsec->flags |= SE_SBLABELSUPP;
+
/* Initialize the root inode. */
rc = inode_doinit_with_dentry(root_inode, root);