Received: by 10.223.185.116 with SMTP id b49csp1109770wrg; Fri, 16 Feb 2018 12:38:46 -0800 (PST) X-Google-Smtp-Source: AH8x227hJBDCAGOu0JSOWfXXlUeNaw8ULjJqYCaoH34qgphBKPBEYCSG2oK0lXc7bIsIGsd1c9T4 X-Received: by 2002:a17:902:3084:: with SMTP id v4-v6mr7058668plb.131.1518813526241; Fri, 16 Feb 2018 12:38:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518813526; cv=none; d=google.com; s=arc-20160816; b=uryCIlXuzJCt3/rlJ3goG+rOuoEHcOPG+UKVPsG8UaKl/cHYKMUN7EKISQrjjyzcvV LO2ROF5tUWwla6/ac83rzO42/9Wea8/j9k7Uu/8s01qFD9nRRbR4QJS7YSEOWVzyw+SZ 6YPYaXg6+ijVnc1gXw+FEHRXB7nBJpKpXnaIPUQPCVDFkvm9bkItcfv1z1+H8ewk/GBy VnlfM1NlLkoe/FWuKOhFeCiPB3pEQm5i/TplkE3kBU69NXoS+phEpqpJ6rm2cu5YeVhH nFve65VtIwQh9RfJevEmpvAwxGhSiatojhkjoaRmkjqP4HyONIQbdOdNZuSLO/3pZDqK JO/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Z21pXwr7B6Y4e2ptQ5t/PwpTHWEnkufVr8VLFzwYDDc=; b=zOiOTDleoRWE+ii66Ch7LZjjxe4CxY4ec42FU1+wfGN7DmHXnRPjbP7rM8QM826G/J Q7gavTZWjwBHimy9fhCujEF14BbC5FO/g6QqZGVBnC37JNxCyqbdymd3eFOt+Cy3a6A0 44sWPWaxCzPEGPTdflb8k16mBbOgJ9HB+jBfNWDAZOe2xTDgEI1XOTbRqglRLpAM2K8Z 4Fy1OgsAen+ETupzPHE+0+72Bk4WKzS/msNg9p3am0yj0dmWYTHbCpJzmXwLmuhpoJya QYmknJUxCjx7wo/BrA9Amy+p7QyZ+pIZ+U4+ZQbERUrt2nAcIABNb6ZiVPRzupaFncKZ ryiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cisco.com header.s=iport header.b=PYqyDxZV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u5-v6si374464plz.165.2018.02.16.12.38.31; Fri, 16 Feb 2018 12:38:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cisco.com header.s=iport header.b=PYqyDxZV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751267AbeBPUhS (ORCPT + 99 others); Fri, 16 Feb 2018 15:37:18 -0500 Received: from alln-iport-3.cisco.com ([173.37.142.90]:11980 "EHLO alln-iport-3.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750984AbeBPUeE (ORCPT ); Fri, 16 Feb 2018 15:34:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3557; q=dns/txt; s=iport; t=1518813244; x=1520022844; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=DSbhT5Y/PuZSezsP76XtBxQUFS4IvIZLAqaTmU1QUCA=; b=PYqyDxZVXf1MNIEnr3j0kbp8kad395hbI+n2XovO3vGS48rlclk78Ld2 DzIq7t/RpwNeSAZfb6GYa7tqt1yFTEIS2utjXDndlTaoSOZ7fMzgQ04wn P9quVfXv25MjtJ7lqt/QG2aeq0fVf0gpqRK1jpin0qVo4bG22kXG6LDua s=; X-IronPort-AV: E=Sophos;i="5.46,520,1511827200"; d="scan'208";a="72038407" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 20:34:03 +0000 Received: from sjc-ads-7132.cisco.com (sjc-ads-7132.cisco.com [10.30.217.207]) (authenticated bits=0) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1GKXsMY015412 (version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NO); Fri, 16 Feb 2018 20:34:02 GMT From: Taras Kondratiuk To: "H. Peter Anvin" , Al Viro , Arnd Bergmann , Rob Landley , Mimi Zohar , Jonathan Corbet , James McMechan Cc: initramfs@vger.kernel.org, Victor Kamensky , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, xe-linux-external@cisco.com Subject: [PATCH v3 09/15] initramfs: set extended attributes Date: Fri, 16 Feb 2018 20:33:45 +0000 Message-Id: <1518813234-5874-10-git-send-email-takondra@cisco.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518813234-5874-1-git-send-email-takondra@cisco.com> References: <1518813234-5874-1-git-send-email-takondra@cisco.com> X-Auto-Response-Suppress: DR, OOF, AutoReply X-Authenticated-User: takondra@cisco.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mimi Zohar This patch writes out the extended attributes included in the cpio file. As the "security.ima" xattr needs to be written after the file data. this patch separates extracting and setting the xattrs by defining new do_setxattrs state. [kamensky: fixed restoring of xattrs for symbolic links by using sys_lsetxattr() instead of sys_setxattr()] Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 5 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index 0407e199352e..ac636097aee5 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -306,6 +306,7 @@ static int __init do_xattrs(void); static int __init do_create(void); static int __init do_copy(void); static int __init do_symlink(void); +static int __init do_setxattrs(void); static int __init do_reset(void); typedef int (*fsm_state_t)(void); @@ -468,7 +469,7 @@ static int __init do_name(void) static int __init do_xattrs(void) { - /* Do nothing for now */ + memcpy_optional(xattr_buf, collected, xattr_len); state = do_create; return 0; } @@ -477,8 +478,7 @@ static __initdata int wfd; static int __init do_create(void) { - state = do_skip; - next_state = do_reset; + state = do_setxattrs; clean_path(name_buf, mode); if (S_ISREG(mode)) { int ml = maybe_link(name_buf); @@ -511,8 +511,11 @@ static int __init do_create(void) do_utime(name_buf, &mtime); } } else if (S_ISLNK(mode)) { - if (body_len > PATH_MAX) + if (body_len > PATH_MAX) { + state = do_skip; + next_state = do_reset; return 0; + } read_into(symlink_buf, body_len, do_symlink); } return 0; @@ -526,7 +529,7 @@ static int __init do_copy(void) sys_close(wfd); do_utime(name_buf, &mtime); eat(body_len); - state = do_skip; + state = do_setxattrs; return 0; } else { if (xwrite(wfd, victim, byte_count) != byte_count) @@ -545,8 +548,52 @@ static int __init do_symlink(void) sys_symlink(symlink_buf, name_buf); sys_lchown(name_buf, uid, gid); do_utime(name_buf, &mtime); + state = do_setxattrs; + return 0; +} + +struct xattr_hdr { + char c_size[8]; /* total size including c_size field */ + char c_data[]; /* \0 */ +}; + +static int __init do_setxattrs(void) +{ + char *buf = xattr_buf; + char *bufend = buf + xattr_len; + struct xattr_hdr *hdr; + char str[sizeof(hdr->c_size) + 1]; + state = do_skip; next_state = do_reset; + if (!xattr_len) + return 0; + + str[sizeof(hdr->c_size)] = 0; + + while (buf < bufend) { + char *xattr_name, *xattr_value; + unsigned long xattr_entry_size, xattr_value_size; + int ret; + + hdr = (struct xattr_hdr *)buf; + memcpy(str, hdr->c_size, sizeof(hdr->c_size)); + ret = kstrtoul(str, 16, &xattr_entry_size); + buf += xattr_entry_size; + if (ret || buf > bufend) { + error("malformed xattrs"); + break; + } + + xattr_name = hdr->c_data; + xattr_value = xattr_name + strlen(xattr_name) + 1; + xattr_value_size = buf - xattr_value; + + ret = sys_lsetxattr(name_buf, xattr_name, xattr_value, + xattr_value_size, 0); + pr_debug("%s: %s size: %lu val: %s (ret: %d)\n", name_buf, + xattr_name, xattr_value_size, xattr_value, ret); + } return 0; } -- 2.10.3.dirty