From liaohua4@huawei.com Tue May 26 10:16:28 2020 Received: from szxga05-in.huawei.com ([45.249.212.191] helo=huawei.com) by stoneboat.default.lvansomeren.uk0.bigv.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jdVh5-0005u3-3y for yaffs@stoneboat.aleph1.co.uk; Tue, 26 May 2020 10:16:28 +0100 Received: from DGGEMS407-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id ED3DCD32FD7B7D065BDD for ; Tue, 26 May 2020 17:16:13 +0800 (CST) Received: from DESKTOP-D70G4DM.china.huawei.com (10.67.101.5) by DGGEMS407-HUB.china.huawei.com (10.3.19.207) with Microsoft SMTP Server id 14.3.487.0; Tue, 26 May 2020 17:16:05 +0800 From: Liao Hua To: , CC: , Date: Tue, 26 May 2020 17:13:26 +0800 Message-ID: <20200526091325.4675-1-liaohua4@huawei.com> X-Mailer: git-send-email 2.26.2.windows.1 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.101.5] X-CFilter-Loop: Reflected X-Spam_score: -104.0 X-Spam_score_int: -1039 X-Spam_bar: --------------------------------------------------- X-Spam_report: Spam detection software, running on the system "stoneboat.default.lvansomeren.uk0.bigv.io", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: liaohua This patch provides security namespace xattr support for Yaffs2. Adjust the yaffs2 to use the generic xattr handler by replace yaffs_setxattr with generic_setxattr in yaffs_file_inode_operations. And we add yaffs_security_xattr_handler for security namespace xattr [...] Content analysis details: (-104.0 points, 4.9 required) pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [45.249.212.191 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [45.249.212.191 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-ACL-Warn: warn X-SA-Exim-Connect-IP: 45.249.212.191 X-SA-Exim-Mail-From: liaohua4@huawei.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on stoneboat.default.lvansomeren.uk0.bigv.io X-Spam-Level: X-Spam-Status: No, score=-104.0 required=4.9 tests=AWL,BAYES_00, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, USER_IN_WHITELIST autolearn=unavailable autolearn_force=no version=3.4.2 X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on stoneboat.default.lvansomeren.uk0.bigv.io) Subject: [Yaffs] [PATCH] Add security namespace xattr support X-BeenThere: yaffs@stoneboat.aleph1.co.uk X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of YAFFS NAND flash filesystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2020 09:16:28 -0000 From: liaohua This patch provides security namespace xattr support for Yaffs2. Adjust the yaffs2 to use the generic xattr handler by replace yaffs_setxattr with generic_setxattr in yaffs_file_inode_operations. And we add yaffs_security_xattr_handler for security namespace xattr support. We have tested the basic functions, for example, set and get the capabilities of some file like ping. And a file named security_xattr_ping.sh is provided as a test script. Thanks in advance for any advice you can provide. Signed-off-by: liaohua --- Makefile | 1 + Makefile.kernel | 1 + linux-tests/security_xattr_ping.sh | 151 +++++++++++++++++++++++++++++ yaffs_guts.h | 4 + yaffs_nameval.c | 39 ++++---- yaffs_security.c | 87 +++++++++++++++++ yaffs_vfs_multi.c | 119 ++++++++++++++++++----- yaffs_xattr.h | 40 ++++++++ 8 files changed, 398 insertions(+), 44 deletions(-) create mode 100644 linux-tests/security_xattr_ping.sh create mode 100644 yaffs_security.c create mode 100644 yaffs_xattr.h diff --git a/Makefile b/Makefile index 9318d4d..509c306 100644 --- a/Makefile +++ b/Makefile @@ -55,6 +55,7 @@ ifneq ($(KERNELRELEASE),) yaffs2multi-objs += yaffs_verify.o yaffs2multi-objs += yaffs_endian.o yaffs2multi-objs += yaffs_summary.o + yaffs2multi-objs += yaffs_security.o else KERNELDIR ?= /lib/modules/$(shell uname -r)/build diff --git a/Makefile.kernel b/Makefile.kernel index c052395..e842883 100644 --- a/Makefile.kernel +++ b/Makefile.kernel @@ -16,4 +16,5 @@ yaffs-y += yaffs_yaffs2.o yaffs-y += yaffs_bitmap.o yaffs-y += yaffs_summary.o yaffs-y += yaffs_verify.o +yaffs-y += yaffs_security.o diff --git a/linux-tests/security_xattr_ping.sh b/linux-tests/security_xattr_ping.sh new file mode 100644 index 0000000..42a9fd1 --- /dev/null +++ b/linux-tests/security_xattr_ping.sh @@ -0,0 +1,151 @@ +#!/bin/bash + +pre_test() { + mount | grep yaffs2 + if [ $? -ne 0 ]; then + echo "ERROR: no yaffs2 filesystem was mounted." + return 1 + fi + yaffs_dir=$(mount | grep yaffs2 | awk -F " " '{print $3}') + echo $yaffs_dir + + which ping + if [ $? -ne 0 ]; then + echo "ERROR: no ping exist." + return 1 + fi + ping_dir=$(which ping) + echo $ping_dir +} + +setcap_net_ping_test() { + cd $yaffs_dir + if [ $? -ne 0 ]; then + echo "Error: yaffs2 dir not fount" + return 1 + fi + + cp $ping_dir ./ + chmod 755 ping + ls -al ping | grep rws + if [ $? -eq 0 ]; then + chmod -s ping + fi + + ./ping 127.0.0.1 -c 3 + if [ $? -ne 0 ]; then + echo "ERROR: ping 127.0.0.1 fail" + return 1 + fi + + # Add normal user; + useradd -m yaffs_test + echo "Yaffs2 xattr test: su yaffs_test and ping again." + su yaffs_test -c "cd $yaffs_dir && ./ping 127.0.0.1 -c 3" + if [ $? -eq 0 ]; then + echo "ERROR: yaffs_test ping 127.0.0.1 success, test fail" + return 1 + fi + + setcap 'cap_net_admin,cap_net_raw+ep' ./ping + getcap ./ping | grep "cap_net_admin,cap_net_raw+ep" + if [ $? -ne 0 ]; then + echo "ERROR: set cap fail. test fail" + return 1 + fi + + attr -l ./ping | grep '"capability" has a 20 byte' + if [ $? -ne 0 ]; then + echo "ERROR: setfattr cap fail. test fail" + return 1 + fi + + echo "Yaffs2 xattr test: setcap of ping, su yaffs_test and ping again." + su yaffs_test -c "cd $yaffs_dir && ./ping 127.0.0.1 -c 3" + if [ $? -ne 0 ]; then + echo "ERROR: yaffs_test ping 127.0.0.1 fail,add cap fail, test fail" + return 1 + fi + + rm ping + echo "Yaffs2 xattr test: setcap_net_ping_test success." +} + +setfattr_net_ping_test() { + cd $yaffs_dir + if [ $? -ne 0 ]; then + echo "Error: yaffs2 dir not fount" + return 1 + fi + + cp $ping_dir ./ + chmod 755 ping + ls -al ping | grep rws + if [ $? -eq 0 ]; then + chmod -s ping + fi + + ./ping 127.0.0.1 -c 3 + if [ $? -ne 0 ]; then + echo "ERROR: ping 127.0.0.1 fail" + return 1 + fi + + # set cap_net_admin,cap_net_raw+ep of ping by setfattr, check if getcap gets the attribute correctly.; + setfattr -n security.capability -v 0sAQAAAgAwAAAAAAAAAAAAAAAAAAA= ./ping + getfattr -n security.capability ./ping | grep "security.capability=0sAQAAAgAwAAAAAAAAAAAAAAAAAAA=" + if [ $? -ne 0 ]; then + echo "ERROR: getfattr fail. test fail" + return 1 + fi + + getcap ./ping | grep "cap_net_admin,cap_net_raw+ep" + if [ $? -ne 0 ]; then + echo "ERROR: setfattr cap fail. test fail" + return 1 + fi + + rm ping + echo "Yaffs2 xattr test: setfattr_net_ping_test success." +} + +getfattr_net_ping_test() { + cd $yaffs_dir + if [ $? -ne 0 ]; then + echo "Error: yaffs2 dir not fount" + return 1 + fi + + cp $ping_dir ./ + chmod 755 ping + ls -al ping | grep rws + if [ $? -eq 0 ]; then + chmod -s ping + fi + + ./ping 127.0.0.1 -c 3 + if [ $? -ne 0 ]; then + echo "ERROR: ping 127.0.0.1 fail" + return 1 + fi + + # Set cap_net_admin,cap_net_raw+ep of ping, check if getfattr gets the attribute correctly. + setcap 'cap_net_admin,cap_net_raw+ep' ./ping + getcap ./ping | grep net_admin + if [ $? -ne 0 ]; then + echo "ERROR: set cap fail. test fail" + fi + + getfattr -n security.capability ./ping | grep "security.capability=0sAQAAAgAwAAAAAAAAAAAAAAAAAAA=" + if [ $? -ne 0 ]; then + echo "ERROR: getfattr fail. test fail" + fi + + rm ping + echo "Yaffs2 xattr test: security_xattr_ping success." +} + +pre_test || return 1 +setcap_net_ping_test || return 1 +setfattr_net_ping_test || return 1 +getfattr_net_ping_test || return 1 diff --git a/yaffs_guts.h b/yaffs_guts.h index 124e4c9..e34ca27 100644 --- a/yaffs_guts.h +++ b/yaffs_guts.h @@ -15,6 +15,7 @@ #ifndef __YAFFS_GUTS_H__ #define __YAFFS_GUTS_H__ +#include #include "yportenv.h" #define YAFFS_OK 1 @@ -956,6 +957,9 @@ int yaffs_set_xattrib(struct yaffs_obj *obj, const YCHAR *name, const void *value, int size, int flags); int yaffs_get_xattrib(struct yaffs_obj *obj, const YCHAR *name, void *value, int size); + +const struct xattr_handler *yaffs_xprefix_to_handler(const char *name); + int yaffs_list_xattrib(struct yaffs_obj *obj, char *buffer, int size); int yaffs_remove_xattrib(struct yaffs_obj *obj, const YCHAR *name); diff --git a/yaffs_nameval.c b/yaffs_nameval.c index b855365..862be08 100644 --- a/yaffs_nameval.c +++ b/yaffs_nameval.c @@ -171,7 +171,8 @@ int nval_get(struct yaffs_dev *dev, return size; if (size <= bsize) { - memcpy(buf, xb + pos, size); + if (buf) + memcpy(buf, xb + pos, size); return size; } } @@ -187,38 +188,40 @@ int nval_list(struct yaffs_dev *dev, const char *xb, int xb_size, char *buf, int s32 size; int name_len; int ncopied = 0; - int filled = 0; + const struct xattr_handler *handler; + int onecopy; memcpy(&size, xb + pos, sizeof(size)); yaffs_do_endian_s32(dev, &size); while (size > (int)(sizeof(size)) && size <= xb_size && - (pos + size) < xb_size && - !filled) { + (pos + size) < xb_size) { pos += sizeof(size); size -= sizeof(size); - name_len = strnlen((YCHAR *) (xb + pos), size); - if (ncopied + name_len + 1 < bsize) { - memcpy(buf, xb + pos, name_len * sizeof(YCHAR)); - buf += name_len; - *buf = '\0'; - buf++; - if (sizeof(YCHAR) > 1) { - *buf = '\0'; - buf++; + name_len = strnlen(xb + pos, size); + + handler = yaffs_xprefix_to_handler(xb + pos); + if (handler) { + onecopy = handler->list(handler, NULL, + buf, bsize, + xb + pos, name_len); + /* check if it is a size query */ + if (buf) { + if (onecopy + ncopied > bsize) + return -ERANGE; + buf += onecopy; } - ncopied += (name_len + 1); - } else { - filled = 1; + ncopied += onecopy; } + pos += size; if (pos < (int)(xb_size - sizeof(size))) { memcpy(&size, xb + pos, sizeof(size)); yaffs_do_endian_s32(dev, &size); - } - else + } else { size = 0; + } } return ncopied; } diff --git a/yaffs_security.c b/yaffs_security.c new file mode 100644 index 0000000..8917d4b --- /dev/null +++ b/yaffs_security.c @@ -0,0 +1,87 @@ +/* + * YAFFS: Yet Another Flash File System. A NAND-flash specific file system. + * + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. + * Description: add security xattr for yaffs2 + * Author: wanglei ,chenjie + * Create: 2019-6-12 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include "yaffs_xattr.h" +#include + +static int yaffs_init_xattrs(struct inode *inode, + const struct xattr *xattr_array, void *dentry) +{ + const struct xattr *xattr; + int err = 0; + struct yaffs_obj *obj = yaffs_security_inode_to_obj(inode); + + for (xattr = xattr_array; xattr->name != NULL; xattr++) { + err = yaffs_set_xattrib(obj, xattr->name, + xattr->value, xattr->value_len, 0); + if (err <= 0) + break; + } + return err; +} + +int yaffs_inode_init_security(struct dentry *dentry, struct inode *inode, + struct inode *dir, const struct qstr *qstr) +{ + return security_inode_init_security(inode, dir, qstr, + &yaffs_init_xattrs, dentry); +} + + +/* security xattr handler implementions */ + +static int yaffs_security_get(const struct xattr_handler *handler, + struct dentry *dentry, + const char *name, + void *buffer, size_t size) +{ + if (strcmp(name, "") == 0) + return -EINVAL; + return yaffs_getxattr(dentry, name, buffer, size); +} + +static int yaffs_security_set(const struct xattr_handler *handler, + struct dentry *dentry, const char *name, + const void *buffer, size_t size, int flags) +{ + if (strcmp(name, "") == 0) + return -EINVAL; + return yaffs_setxattr(dentry, name, buffer, size, flags); +} + +/* + * If the list is not NULL, put xattr name with prefix in list + * and return the length, otherwise just return the length + */ +static size_t yaffs_security_list(const struct xattr_handler *handler, + struct dentry *dentry, + char *list, size_t list_len, + const char *name, size_t name_len) +{ + size_t total_len = XATTR_SECURITY_PREFIX_LEN + name_len + 1; + + if (list && total_len <= list_len) { + memcpy(list, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN); + memcpy(list + XATTR_SECURITY_PREFIX_LEN, name, name_len); + list[total_len - 1] = '\0'; + } + return total_len; +} + + +const struct xattr_handler yaffs_security_xattr_handler = { + .prefix = XATTR_SECURITY_PREFIX, + .get = yaffs_security_get, + .set = yaffs_security_set, + .list = yaffs_security_list, +}; diff --git a/yaffs_vfs_multi.c b/yaffs_vfs_multi.c index 3044db7..73afa6d 100644 --- a/yaffs_vfs_multi.c +++ b/yaffs_vfs_multi.c @@ -88,6 +88,7 @@ #include #include #include +#include "yaffs_xattr.h" #if (YAFFS_NEW_FOLLOW_LINK == 1) #include @@ -952,12 +953,56 @@ static int yaffs_setattr(struct dentry *dentry, struct iattr *attr) } #ifdef YAFFS_USE_XATTR +const struct xattr_handler *yaffs2_xattr_handlers[] = { + &yaffs_security_xattr_handler, + NULL +}; + +/* + * Check if the name xattr is supported. + * Currently, Only security xattr are supported on yaffs Now! + * Because of the restriction of yaffs2 xattr storage structure + * xattr_entry bytes = sizeof(size) + name + value + * we consider the xattr name with out dot(.) is security xattr +*/ +const struct xattr_handler *yaffs_xprefix_to_handler(const char *name) +{ + char *dot = strchr(name, '.'); + + if (!dot) + return &yaffs_security_xattr_handler; + + return NULL; +} + +struct yaffs_obj *yaffs_security_inode_to_obj(struct inode *inode) +{ + return yaffs_inode_to_obj(inode); +} + +int yaffs_init_security(struct dentry *dentry, struct inode *inode, + struct inode *dir, + struct yaffs_obj *obj, struct yaffs_dev *dev) +{ + int err = 0; + + yaffs_gross_lock(dev); + err = yaffs_inode_init_security(dentry, inode, dir, &dentry->d_name); + if (err) { + yaffs_del_obj(obj); + err = -ENOMEM; + } + yaffs_gross_unlock(dev); + + return err; +} + #if (YAFFS_NEW_XATTR > 0) -static int yaffs_setxattr(struct dentry *dentry, struct inode *inode, +int yaffs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) { #else -static int yaffs_setxattr(struct dentry *dentry, const char *name, +int yaffs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct inode *inode = dentry->d_inode; @@ -986,11 +1031,11 @@ static int yaffs_setxattr(struct dentry *dentry, const char *name, } #if (YAFFS_NEW_XATTR > 0) -static ssize_t yaffs_getxattr(struct dentry * dentry, struct inode *inode, - const char *name, void *buff, size_t size) +ssize_t yaffs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buff, size_t size) { #else -static ssize_t yaffs_getxattr(struct dentry * dentry, const char *name, +ssize_t yaffs_getxattr(struct dentry *dentry, const char *name, void *buff, size_t size) { struct inode *inode = dentry->d_inode; @@ -1042,40 +1087,38 @@ static int yaffs_removexattr(struct dentry *dentry, const char *name) return error; } -#endif -static ssize_t yaffs_listxattr(struct dentry * dentry, char *buff, size_t size) +static ssize_t yaffs_listxattr(struct dentry *dentry, char *buff, size_t size) { struct inode *inode = dentry->d_inode; - int error = 0; + int error; struct yaffs_dev *dev; struct yaffs_obj *obj = yaffs_inode_to_obj(inode); yaffs_trace(YAFFS_TRACE_OS, "yaffs_listxattr of object %d", obj->obj_id); - if (error == 0) { - dev = obj->my_dev; - yaffs_gross_lock(dev); - error = yaffs_list_xattrib(obj, buff, size); - yaffs_gross_unlock(dev); + dev = obj->my_dev; + yaffs_gross_lock(dev); + error = yaffs_list_xattrib(obj, buff, size); + yaffs_gross_unlock(dev); - } yaffs_trace(YAFFS_TRACE_OS, "yaffs_listxattr done returning %d", error); return error; } +#endif /* YAFFS_USE_XATTR */ static const struct inode_operations yaffs_file_inode_operations = { .setattr = yaffs_setattr, #ifdef YAFFS_USE_XATTR - .setxattr = yaffs_setxattr, - .getxattr = yaffs_getxattr, - .removexattr = yaffs_removexattr, -#endif + .setxattr = generic_setxattr, + .getxattr = generic_getxattr, + .removexattr = generic_removexattr, .listxattr = yaffs_listxattr, +#endif }; @@ -1200,11 +1243,11 @@ static const struct inode_operations yaffs_symlink_inode_operations = { #endif .setattr = yaffs_setattr, #ifdef YAFFS_USE_XATTR - .setxattr = yaffs_setxattr, - .getxattr = yaffs_getxattr, - .removexattr = yaffs_removexattr, -#endif + .setxattr = generic_setxattr, + .getxattr = generic_getxattr, + .removexattr = generic_removexattr, .listxattr = yaffs_listxattr, +#endif }; #ifdef YAFFS_USE_OWN_IGET @@ -1407,6 +1450,15 @@ static int yaffs_mknod(struct inode *dir, struct dentry *dentry, int mode, if (obj) { inode = yaffs_get_inode(dir->i_sb, mode, rdev, obj); + +#ifdef YAFFS_USE_XATTR + yaffs_trace(YAFFS_TRACE_OS, "yaffs_mknod: init security"); + if (yaffs_init_security(dentry, inode, dir, obj, dev) < 0) { + yaffs_trace(YAFFS_TRACE_OS, + "yaffs_mknod: init inode security failed"); + return -ENOMEM; + } +#endif d_instantiate(dentry, inode); update_dir_time(dir); yaffs_trace(YAFFS_TRACE_OS, @@ -1570,6 +1622,15 @@ static int yaffs_symlink(struct inode *dir, struct dentry *dentry, struct inode *inode; inode = yaffs_get_inode(dir->i_sb, obj->yst_mode, 0, obj); + +#ifdef YAFFS_USE_XATTR + yaffs_trace(YAFFS_TRACE_OS, "yaffs_symlink: init security"); + if (yaffs_init_security(dentry, inode, dir, obj, dev) < 0) { + yaffs_trace(YAFFS_TRACE_OS, + "yaffs_symlink: init inode security failed"); + return -ENOMEM; + } +#endif d_instantiate(dentry, inode); update_dir_time(dir); yaffs_trace(YAFFS_TRACE_OS, "symlink created OK"); @@ -1684,11 +1745,11 @@ static const struct inode_operations yaffs_dir_inode_operations = { .mknod = yaffs_mknod, .rename = yaffs_rename, .setattr = yaffs_setattr, - .listxattr = yaffs_listxattr, #ifdef YAFFS_USE_XATTR - .setxattr = yaffs_setxattr, - .getxattr = yaffs_getxattr, - .removexattr = yaffs_removexattr, + .setxattr = generic_setxattr, + .getxattr = generic_getxattr, + .removexattr = generic_removexattr, + .listxattr = yaffs_listxattr, #endif }; @@ -3025,6 +3086,12 @@ static struct super_block *yaffs_internal_read_super(int yaffs_version, dev->read_only = read_only; +#ifdef YAFFS_USE_XATTR + yaffs_trace(YAFFS_TRACE_ALWAYS, + "yaffs_read_super: set s_xattr handlers for security xattr."); + sb->s_xattr = yaffs2_xattr_handlers; +#endif + #if (LINUX_VERSION_CODE > KERNEL_VERSION(2, 5, 0)) sb->s_fs_info = dev; #else diff --git a/yaffs_xattr.h b/yaffs_xattr.h new file mode 100644 index 0000000..40dde54 --- /dev/null +++ b/yaffs_xattr.h @@ -0,0 +1,40 @@ +/* + * YAFFS: Yet Another Flash File System. A NAND-flash specific file system. + * + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. + * Description: head of namespace xattr + * Author: wanglei ,chenjie + * Create: 2019-6-12 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Note: Only YAFFS headers are LGPL, YAFFS C code is covered by GPL. + */ + +#ifndef __YAFFS_XATTR_H__ +#define __YAFFS_XATTR_H__ + +#include +#include +#include +#include +#include "yaffs_guts.h" + + +struct yaffs_obj *yaffs_security_inode_to_obj(struct inode *inode); + +ssize_t yaffs_getxattr(struct dentry *dentry, const char *name, + void *buff, size_t size); + +int yaffs_setxattr(struct dentry *dentry, const char *name, + const void *value, size_t size, int flags); + +int yaffs_inode_init_security(struct dentry *dentry, struct inode *inode, + struct inode *dir, const struct qstr *qstr); + +extern const struct xattr_handler yaffs_security_xattr_handler; + +#endif /* __YAFFS_XATTR_H__ */ + -- 2.26.2.windows.1