From 0de37a88532f6640c49a9049497414ed77b726e3 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Sat, 19 Sep 2020 19:57:55 +0200 Subject: [PATCH] ext4: Add no_sehash_xattr mount option * Useful for devices where /persist may have unexpected SELinux contexts but xattr of root directory is valid, leading to restorecon early exitting without traversing the partition. Change-Id: I5089ff90f76aa9f3db7da26f73548cf62fe67bd0 (cherry picked from commit 8c6c40aa2ce13b83bcc137424e99be5e39d5245d) --- fs/ext4/ext4.h | 1 + fs/ext4/super.c | 4 +++- fs/ext4/xattr_security.c | 10 ++++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 6709f7adb..4d3ef2abc 100755 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1202,6 +1202,7 @@ struct ext4_inode_info { #define EXT4_MOUNT_NO_AUTO_DA_ALLOC 0x10000 /* No auto delalloc mapping */ #define EXT4_MOUNT_BARRIER 0x20000 /* Use block barriers */ #define EXT4_MOUNT_QUOTA 0x40000 /* Some quota option set */ +#define EXT4_MOUNT_NO_SEHASH_XATTR 0x40000 /* Ignore security.sehash extended attribute */ #define EXT4_MOUNT_USRQUOTA 0x80000 /* "old" user quota, * enable enforcement for hidden * quota files */ diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 4751be82c..5d7ecd325 100755 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1678,7 +1678,7 @@ enum { Opt_bsd_df, Opt_minix_df, Opt_grpid, Opt_nogrpid, Opt_resgid, Opt_resuid, Opt_sb, Opt_err_cont, Opt_err_panic, Opt_err_ro, Opt_nouid32, Opt_debug, Opt_removed, - Opt_user_xattr, Opt_nouser_xattr, Opt_acl, Opt_noacl, + Opt_user_xattr, Opt_nouser_xattr, Opt_no_sehash_xattr, Opt_acl, Opt_noacl, Opt_auto_da_alloc, Opt_noauto_da_alloc, Opt_noload, Opt_commit, Opt_min_batch_time, Opt_max_batch_time, Opt_journal_dev, Opt_journal_path, Opt_journal_checksum, Opt_journal_async_commit, @@ -1723,6 +1723,7 @@ static const match_table_t tokens = { {Opt_removed, "orlov"}, {Opt_user_xattr, "user_xattr"}, {Opt_nouser_xattr, "nouser_xattr"}, + {Opt_no_sehash_xattr, "no_sehash_xattr"}, {Opt_acl, "acl"}, {Opt_noacl, "noacl"}, {Opt_noload, "norecovery"}, @@ -1988,6 +1989,7 @@ static const struct mount_opts { MOPT_NO_EXT2 | MOPT_DATAJ}, {Opt_user_xattr, EXT4_MOUNT_XATTR_USER, MOPT_SET}, {Opt_nouser_xattr, EXT4_MOUNT_XATTR_USER, MOPT_CLEAR}, + {Opt_no_sehash_xattr, EXT4_MOUNT_NO_SEHASH_XATTR, MOPT_SET}, #ifdef CONFIG_EXT4_FS_POSIX_ACL {Opt_acl, EXT4_MOUNT_POSIX_ACL, MOPT_SET}, {Opt_noacl, EXT4_MOUNT_POSIX_ACL, MOPT_CLEAR}, diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c index 50fb71393..2c29ad5b5 100755 --- a/fs/ext4/xattr_security.c +++ b/fs/ext4/xattr_security.c @@ -14,19 +14,25 @@ static int ext4_xattr_security_get(const struct xattr_handler *handler, - struct dentry *unused, struct inode *inode, + struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size, int flags) { + + if (strcmp(name, "sehash") == 0 && test_opt(dentry->d_sb, NO_SEHASH_XATTR)) + return 0; return ext4_xattr_get(inode, EXT4_XATTR_INDEX_SECURITY, name, buffer, size); } static int ext4_xattr_security_set(const struct xattr_handler *handler, - struct dentry *unused, struct inode *inode, + struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) { + + if (strcmp(name, "sehash") == 0 && test_opt(dentry->d_sb, NO_SEHASH_XATTR)) + return 0; return ext4_xattr_set(inode, EXT4_XATTR_INDEX_SECURITY, name, value, size, flags); }