Received: by 10.223.176.46 with SMTP id f43csp1570397wra; Wed, 24 Jan 2018 19:39:58 -0800 (PST) X-Google-Smtp-Source: AH8x224RnT1xJ9NnR9t2Pxy+L854nBLLjWfjzKgtyLz/anDnO7Q9zmhwVkGjNGbZut9dXwUm+oA0 X-Received: by 10.98.236.93 with SMTP id k90mr14945541pfh.35.1516851598656; Wed, 24 Jan 2018 19:39:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516851598; cv=none; d=google.com; s=arc-20160816; b=Et5fQmSkmHqoSGc5KaVXj8flA5g+HSSRTSYPTZOkfTdve420GPZv4QuDkuocDtOHJd ZZW1ZngxZHDG3NAXRNdKEqY6Q3GBluaMv6Y7Y5/7cUSWbT3UPbBOtoE7CqZzNZb9Eqha UVVfEoqUDL0Ov2eBPaJGQqnV1PFFyeK9MugZxl2DOcokf9mXlchikOnHK9yjcq1YM0NL d8jaTN2T0r/akSc5U7hXSm1lTDfHyefXQ5PXAul9bxTeRuaJR0DQJh6pz6YwFOUXEE6E JkgRHTI/UaDaySiJPWaHrwDTScZG8NeTDmys9DkMoKYiebJdx/3c6YXWJ7zjhhK+YbDd b+GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Zk5jGL9NCIciLeju1cpdAnoGyGF8AyPrXL0RKyE60Ck=; b=gI4wlH6yMIj2+FAXgdZ83mhB7SqHS94H4nDvZitRoOIk3+CytpfYS3KhLGh0dCfVaN a7H674q/WU0ml3zHqCyN28PIqwR2dKBopJ3P8tHCYjnsd4XtR7BiiHNyMIVIGLSon0S5 ZTEstf6Ypy+PgmMqms9uRgt751T9yTGRmKRp9ImJGFnuGVBIFQ4ITnvYOi2dEXOa9NHG 0W19ViOXCv7LradN+Lym00hP8Ysii+SI1xkQE9UpCGt272cRDJevlo4tb82BUCXm+wrc 61rnIAiuIowiIZZucgOTIgNzh4q94iKhhlYeTnyoi4Drz1OePHEV+GofLL3lDsPAVL2i Q95A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cisco.com header.s=iport header.b=Uy9YB+af; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j33-v6si1237673pld.301.2018.01.24.19.39.44; Wed, 24 Jan 2018 19:39:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cisco.com header.s=iport header.b=Uy9YB+af; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933725AbeAYDim (ORCPT + 99 others); Wed, 24 Jan 2018 22:38:42 -0500 Received: from alln-iport-1.cisco.com ([173.37.142.88]:37385 "EHLO alln-iport-1.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933530AbeAYDhh (ORCPT ); Wed, 24 Jan 2018 22:37:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3554; q=dns/txt; s=iport; t=1516851457; x=1518061057; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=SKSzgJ7JOr5F6Hhe3wP2BTpv621zuUSOPmDByr7KvIs=; b=Uy9YB+afMKtsL5GxaonvXuMA1KmO8w3URINIMU5HOhDLPMC7BFnCXUwr v7rQhTamOcyppjEtdWp9YoqNDTOlGvjf2aHxXQO/ajbDcJw5EreSVeLMP k9IZ8kA9fPwfSCQ1vpcXEgPCpVKZ/Xv4A5+stbosgalsX0FDKeUyJYJns o=; X-IronPort-AV: E=Sophos;i="5.46,409,1511827200"; d="scan'208";a="61310568" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jan 2018 03:28:05 +0000 Received: from sjc-ads-7132.cisco.com (sjc-ads-7132.cisco.com [10.30.217.207]) (authenticated bits=0) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w0P3Ruj0007601 (version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NO); Thu, 25 Jan 2018 03:28:04 GMT From: Taras Kondratiuk To: "H. Peter Anvin" , Al Viro , Arnd Bergmann , Rob Landley , Mimi Zohar , Jonathan Corbet , James McMechan Cc: initramfs@vger.kernel.org, Victor Kamensky , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, xe-linux-external@cisco.com Subject: [PATCH v2 09/15] initramfs: set extended attributes Date: Thu, 25 Jan 2018 03:27:49 +0000 Message-Id: <1516850875-25066-10-git-send-email-takondra@cisco.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516850875-25066-1-git-send-email-takondra@cisco.com> References: <1516850875-25066-1-git-send-email-takondra@cisco.com> X-Auto-Response-Suppress: DR, OOF, AutoReply X-Authenticated-User: takondra@cisco.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mimi Zohar This patch writes out the extended attributes included in the cpio file. As the "security.ima" xattr needs to be written after the file data. this patch separates extracting and setting the xattrs by defining new do_setxattrs state. [kamensky: fixed restoring of xattrs for symbolic links by using sys_lsetxattr() instead of sys_setxattr()] Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 5 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index 3d0f46c28459..040e26cf451a 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -310,6 +310,7 @@ static int __init do_xattrs(void); static int __init do_create(void); static int __init do_copy(void); static int __init do_symlink(void); +static int __init do_setxattrs(void); static int __init do_reset(void); typedef int (*fsm_state_t)(void); @@ -472,7 +473,7 @@ static int __init do_name(void) static int __init do_xattrs(void) { - /* Do nothing for now */ + memcpy_optional(xattr_buf, collected, xattr_len); state = do_create; return 0; } @@ -481,8 +482,7 @@ static __initdata int wfd; static int __init do_create(void) { - state = do_skip; - next_state = do_reset; + state = do_setxattrs; clean_path(name_buf, mode); if (S_ISREG(mode)) { int ml = maybe_link(name_buf); @@ -515,8 +515,11 @@ static int __init do_create(void) do_utime(name_buf, mtime); } } else if (S_ISLNK(mode)) { - if (body_len > PATH_MAX) + if (body_len > PATH_MAX) { + state = do_skip; + next_state = do_reset; return 0; + } read_into(symlink_buf, body_len, do_symlink); } return 0; @@ -530,7 +533,7 @@ static int __init do_copy(void) sys_close(wfd); do_utime(name_buf, mtime); eat(body_len); - state = do_skip; + state = do_setxattrs; return 0; } else { if (xwrite(wfd, victim, byte_count) != byte_count) @@ -549,8 +552,52 @@ static int __init do_symlink(void) sys_symlink(symlink_buf, name_buf); sys_lchown(name_buf, uid, gid); do_utime(name_buf, mtime); + state = do_setxattrs; + return 0; +} + +struct xattr_hdr { + char c_size[8]; /* total size including c_size field */ + char c_data[]; /* \0 */ +}; + +static int __init do_setxattrs(void) +{ + char *buf = xattr_buf; + char *bufend = buf + xattr_len; + struct xattr_hdr *hdr; + char str[sizeof(hdr->c_size) + 1]; + state = do_skip; next_state = do_reset; + if (!xattr_len) + return 0; + + str[sizeof(hdr->c_size)] = 0; + + while (buf < bufend) { + char *xattr_name, *xattr_value; + unsigned long xattr_entry_size, xattr_value_size; + int ret; + + hdr = (struct xattr_hdr *)buf; + memcpy(str, hdr->c_size, sizeof(hdr->c_size)); + ret = kstrtoul(str, 16, &xattr_entry_size); + buf += xattr_entry_size; + if (ret || buf > bufend) { + error("malformed xattrs"); + break; + } + + xattr_name = hdr->c_data; + xattr_value = xattr_name + strlen(xattr_name) + 1; + xattr_value_size = buf - xattr_value; + + ret = sys_lsetxattr(name_buf, xattr_name, xattr_value, + xattr_value_size, 0); + pr_debug("%s: %s size: %lu val: %s (ret: %d)\n", name_buf, + xattr_name, xattr_value_size, xattr_value, ret); + } return 0; } -- 2.10.3.dirty