devices: fs: Use l{get,set,list,remove}xattr

Using the `open_inode` method on an fd for a symlink results in the
kernel returning -ELOOP.  Since there are no `*at` methods for extended
attributes, manually read the path for the file and then use the
l{get,set,list,remove}xattr method on the returned path.

BUG=b:136128512
TEST=boot arcvm with virtio-fs and selinux enabled

Change-Id: I2fde57db8a075838a3a877309f6cf89059f19258
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2120763
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

3 files changed, 12 insertions, 6 deletions

diff --git a/seccomp/aarch64/fs_device.policy b/seccomp/aarch64/fs_device.policy
index ec9d155..7bf794a 100644
--- a/seccomp/aarch64/fs_device.policy
+++ b/seccomp/aarch64/fs_device.policy
@@ -9,8 +9,10 @@ fallocate: 1
 fchmodat: 1
 fchownat: 1
 fdatasync: 1
-fgetxattr: 1
-fsetxattr: 1
+lgetxattr: 1
+lsetxattr: 1
+llistxattr: 1
+lremovexattr: 1
 fsync: 1
 newfstatat: 1
 fstatfs: 1
diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy
index 4078f41..661883a 100644
--- a/seccomp/arm/fs_device.policy
+++ b/seccomp/arm/fs_device.policy
@@ -9,8 +9,10 @@ fallocate: 1
 fchmodat: 1
 fchownat: 1
 fdatasync: 1
-fgetxattr: 1
-fsetxattr: 1
+lgetxattr: 1
+lsetxattr: 1
+llistxattr: 1
+lremovexattr: 1
 fstatat64: 1
 fstatfs64: 1
 fsync: 1
diff --git a/seccomp/x86_64/fs_device.policy b/seccomp/x86_64/fs_device.policy
index eb5a1c4..1c10601 100644
--- a/seccomp/x86_64/fs_device.policy
+++ b/seccomp/x86_64/fs_device.policy
@@ -9,8 +9,10 @@ fallocate: 1
 fchmodat: 1
 fchownat: 1
 fdatasync: 1
-fgetxattr: 1
-fsetxattr: 1
+lgetxattr: 1
+lsetxattr: 1
+llistxattr: 1
+lremovexattr: 1
 fstatfs: 1
 fsync: 1
 ftruncate: 1