selinux: add security in-core xattr support for tracefs
authorYongqin Liu <yongqin.liu@linaro.org>
Mon, 9 Jan 2017 15:07:30 +0000 (10:07 -0500)
committerPaul Moore <paul@paul-moore.com>
Mon, 9 Jan 2017 15:07:30 +0000 (10:07 -0500)
Since kernel 4.1 ftrace is supported as a new separate filesystem. It
gets automatically mounted by the kernel under the old path
/sys/kernel/debug/tracing. Because it lives now on a separate filesystem
SELinux needs to be updated to also support setting SELinux labels
on tracefs inodes.  This is required for compatibility in Android
when moving to Linux 4.1 or newer.

Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c

index 74cd3a689cf8479983aa9bcf70d728c6fdc7428e..5ce633aabce6e7f2d1d984b7b9ef398ed1c713b7 100644 (file)
@@ -492,6 +492,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
                !strcmp(sb->s_type->name, "sysfs") ||
                !strcmp(sb->s_type->name, "pstore") ||
                !strcmp(sb->s_type->name, "debugfs") ||
+               !strcmp(sb->s_type->name, "tracefs") ||
                !strcmp(sb->s_type->name, "rootfs");
 }