linux/fs/xattr.c
<<
>>
Prefs 
   1/*
   2  File: fs/xattr.c
   3
   4  Extended attribute handling.
   5
   6  Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
   7  Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
   8  Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
   9 */
  10#include <linux/fs.h>
  11#include <linux/slab.h>
  12#include <linux/file.h>
  13#include <linux/xattr.h>
  14#include <linux/mount.h>
  15#include <linux/namei.h>
  16#include <linux/security.h>
  17#include <linux/evm.h>
  18#include <linux/syscalls.h>
  19#include <linux/module.h>
  20#include <linux/fsnotify.h>
  21#include <linux/audit.h>
  22#include <asm/uaccess.h>
  23
  24
  25/*
  26 * Check permissions for extended attribute access.  This is a bit complicated
  27 * because different namespaces have very different rules.
  28 */
  29static int
  30xattr_permission(struct inode *inode, const char *name, int mask)
  31{
  32        /*
  33         * We can never set or remove an extended attribute on a read-only
  34         * filesystem  or on an immutable / append-only inode.
  35         */
  36        if (mask & MAY_WRITE) {
  37                if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
  38                        return -EPERM;
  39        }
  40
  41        /*
  42         * No restriction for security.* and system.* from the VFS.  Decision
  43         * on these is left to the underlying filesystem / security module.
  44         */
  45        if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
  46            !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
  47                return 0;
  48
  49        /*
  50         * The trusted.* namespace can only be accessed by privileged users.
  51         */
  52        if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
  53                if (!capable(CAP_SYS_ADMIN))
  54                        return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  55                return 0;
  56        }
  57
  58        /*
  59         * In the user.* namespace, only regular files and directories can have
  60         * extended attributes. For sticky directories, only the owner and
  61         * privileged users can write attributes.
  62         */
  63        if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
  64                if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
  65                        return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  66                if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
  67                    (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
  68                        return -EPERM;
  69        }
  70
  71        return inode_permission(inode, mask);
  72}
  73
  74/**
  75 *  __vfs_setxattr_noperm - perform setxattr operation without performing
  76 *  permission checks.
  77 *
  78 *  @dentry - object to perform setxattr on
  79 *  @name - xattr name to set
  80 *  @value - value to set @name to
  81 *  @size - size of @value
  82 *  @flags - flags to pass into filesystem operations
  83 *
  84 *  returns the result of the internal setxattr or setsecurity operations.
  85 *
  86 *  This function requires the caller to lock the inode's i_mutex before it
  87 *  is executed. It also assumes that the caller will make the appropriate
  88 *  permission checks.
  89 */
  90int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
  91                const void *value, size_t size, int flags)
  92{
  93        struct inode *inode = dentry->d_inode;
  94        int error = -EOPNOTSUPP;
  95        int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
  96                                   XATTR_SECURITY_PREFIX_LEN);
  97
  98        if (issec)
  99                inode->i_flags &= ~S_NOSEC;
 100        if (inode->i_op->setxattr) {
 101                error = inode->i_op->setxattr(dentry, name, value, size, flags);
 102                if (!error) {
 103                        fsnotify_xattr(dentry);
 104                        security_inode_post_setxattr(dentry, name, value,
 105                                                     size, flags);
 106                }
 107        } else if (issec) {
 108                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 109                error = security_inode_setsecurity(inode, suffix, value,
 110                                                   size, flags);
 111                if (!error)
 112                        fsnotify_xattr(dentry);
 113        }
 114
 115        return error;
 116}
 117
 118
 119int
 120vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 121                size_t size, int flags)
 122{
 123        struct inode *inode = dentry->d_inode;
 124        int error;
 125
 126        error = xattr_permission(inode, name, MAY_WRITE);
 127        if (error)
 128                return error;
 129
 130        mutex_lock(&inode->i_mutex);
 131        error = security_inode_setxattr(dentry, name, value, size, flags);
 132        if (error)
 133                goto out;
 134
 135        error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
 136
 137out:
 138        mutex_unlock(&inode->i_mutex);
 139        return error;
 140}
 141EXPORT_SYMBOL_GPL(vfs_setxattr);
 142
 143ssize_t
 144xattr_getsecurity(struct inode *inode, const char *name, void *value,
 145                        size_t size)
 146{
 147        void *buffer = NULL;
 148        ssize_t len;
 149
 150        if (!value || !size) {
 151                len = security_inode_getsecurity(inode, name, &buffer, false);
 152                goto out_noalloc;
 153        }
 154
 155        len = security_inode_getsecurity(inode, name, &buffer, true);
 156        if (len < 0)
 157                return len;
 158        if (size < len) {
 159                len = -ERANGE;
 160                goto out;
 161        }
 162        memcpy(value, buffer, len);
 163out:
 164        security_release_secctx(buffer, len);
 165out_noalloc:
 166        return len;
 167}
 168EXPORT_SYMBOL_GPL(xattr_getsecurity);
 169
 170/*
 171 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
 172 *
 173 * Allocate memory, if not already allocated, or re-allocate correct size,
 174 * before retrieving the extended attribute.
 175 *
 176 * Returns the result of alloc, if failed, or the getxattr operation.
 177 */
 178ssize_t
 179vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
 180                   size_t xattr_size, gfp_t flags)
 181{
 182        struct inode *inode = dentry->d_inode;
 183        char *value = *xattr_value;
 184        int error;
 185
 186        error = xattr_permission(inode, name, MAY_READ);
 187        if (error)
 188                return error;
 189
 190        if (!inode->i_op->getxattr)
 191                return -EOPNOTSUPP;
 192
 193        error = inode->i_op->getxattr(dentry, name, NULL, 0);
 194        if (error < 0)
 195                return error;
 196
 197        if (!value || (error > xattr_size)) {
 198                value = krealloc(*xattr_value, error + 1, flags);
 199                if (!value)
 200                        return -ENOMEM;
 201                memset(value, 0, error + 1);
 202        }
 203
 204        error = inode->i_op->getxattr(dentry, name, value, error);
 205        *xattr_value = value;
 206        return error;
 207}
 208
 209/* Compare an extended attribute value with the given value */
 210int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
 211                  const char *value, size_t size, gfp_t flags)
 212{
 213        char *xattr_value = NULL;
 214        int rc;
 215
 216        rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags);
 217        if (rc < 0)
 218                return rc;
 219
 220        if ((rc != size) || (memcmp(xattr_value, value, rc) != 0))
 221                rc = -EINVAL;
 222        else
 223                rc = 0;
 224        kfree(xattr_value);
 225        return rc;
 226}
 227
 228ssize_t
 229vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
 230{
 231        struct inode *inode = dentry->d_inode;
 232        int error;
 233
 234        error = xattr_permission(inode, name, MAY_READ);
 235        if (error)
 236                return error;
 237
 238        error = security_inode_getxattr(dentry, name);
 239        if (error)
 240                return error;
 241
 242        if (!strncmp(name, XATTR_SECURITY_PREFIX,
 243                                XATTR_SECURITY_PREFIX_LEN)) {
 244                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 245                int ret = xattr_getsecurity(inode, suffix, value, size);
 246                /*
 247                 * Only overwrite the return value if a security module
 248                 * is actually active.
 249                 */
 250                if (ret == -EOPNOTSUPP)
 251                        goto nolsm;
 252                return ret;
 253        }
 254nolsm:
 255        if (inode->i_op->getxattr)
 256                error = inode->i_op->getxattr(dentry, name, value, size);
 257        else
 258                error = -EOPNOTSUPP;
 259
 260        return error;
 261}
 262EXPORT_SYMBOL_GPL(vfs_getxattr);
 263
 264ssize_t
 265vfs_listxattr(struct dentry *d, char *list, size_t size)
 266{
 267        ssize_t error;
 268
 269        error = security_inode_listxattr(d);
 270        if (error)
 271                return error;
 272        error = -EOPNOTSUPP;
 273        if (d->d_inode->i_op->listxattr) {
 274                error = d->d_inode->i_op->listxattr(d, list, size);
 275        } else {
 276                error = security_inode_listsecurity(d->d_inode, list, size);
 277                if (size && error > size)
 278                        error = -ERANGE;
 279        }
 280        return error;
 281}
 282EXPORT_SYMBOL_GPL(vfs_listxattr);
 283
 284int
 285vfs_removexattr(struct dentry *dentry, const char *name)
 286{
 287        struct inode *inode = dentry->d_inode;
 288        int error;
 289
 290        if (!inode->i_op->removexattr)
 291                return -EOPNOTSUPP;
 292
 293        error = xattr_permission(inode, name, MAY_WRITE);
 294        if (error)
 295                return error;
 296
 297        error = security_inode_removexattr(dentry, name);
 298        if (error)
 299                return error;
 300
 301        mutex_lock(&inode->i_mutex);
 302        error = inode->i_op->removexattr(dentry, name);
 303        mutex_unlock(&inode->i_mutex);
 304
 305        if (!error) {
 306                fsnotify_xattr(dentry);
 307                evm_inode_post_removexattr(dentry, name);
 308        }
 309        return error;
 310}
 311EXPORT_SYMBOL_GPL(vfs_removexattr);
 312
 313
 314/*
 315 * Extended attribute SET operations
 316 */
 317static long
 318setxattr(struct dentry *d, const char __user *name, const void __user *value,
 319         size_t size, int flags)
 320{
 321        int error;
 322        void *kvalue = NULL;
 323        char kname[XATTR_NAME_MAX + 1];
 324
 325        if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
 326                return -EINVAL;
 327
 328        error = strncpy_from_user(kname, name, sizeof(kname));
 329        if (error == 0 || error == sizeof(kname))
 330                error = -ERANGE;
 331        if (error < 0)
 332                return error;
 333
 334        if (size) {
 335                if (size > XATTR_SIZE_MAX)
 336                        return -E2BIG;
 337                kvalue = memdup_user(value, size);
 338                if (IS_ERR(kvalue))
 339                        return PTR_ERR(kvalue);
 340        }
 341
 342        error = vfs_setxattr(d, kname, kvalue, size, flags);
 343        kfree(kvalue);
 344        return error;
 345}
 346
 347SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
 348                const char __user *, name, const void __user *, value,
 349                size_t, size, int, flags)
 350{
 351        struct path path;
 352        int error;
 353
 354        error = user_path(pathname, &path);
 355        if (error)
 356                return error;
 357        error = mnt_want_write(path.mnt);
 358        if (!error) {
 359                error = setxattr(path.dentry, name, value, size, flags);
 360                mnt_drop_write(path.mnt);
 361        }
 362        path_put(&path);
 363        return error;
 364}
 365
 366SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
 367                const char __user *, name, const void __user *, value,
 368                size_t, size, int, flags)
 369{
 370        struct path path;
 371        int error;
 372
 373        error = user_lpath(pathname, &path);
 374        if (error)
 375                return error;
 376        error = mnt_want_write(path.mnt);
 377        if (!error) {
 378                error = setxattr(path.dentry, name, value, size, flags);
 379                mnt_drop_write(path.mnt);
 380        }
 381        path_put(&path);
 382        return error;
 383}
 384
 385SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
 386                const void __user *,value, size_t, size, int, flags)
 387{
 388        struct file *f;
 389        struct dentry *dentry;
 390        int error = -EBADF;
 391
 392        f = fget(fd);
 393        if (!f)
 394                return error;
 395        dentry = f->f_path.dentry;
 396        audit_inode(NULL, dentry);
 397        error = mnt_want_write_file(f);
 398        if (!error) {
 399                error = setxattr(dentry, name, value, size, flags);
 400                mnt_drop_write_file(f);
 401        }
 402        fput(f);
 403        return error;
 404}
 405
 406/*
 407 * Extended attribute GET operations
 408 */
 409static ssize_t
 410getxattr(struct dentry *d, const char __user *name, void __user *value,
 411         size_t size)
 412{
 413        ssize_t error;
 414        void *kvalue = NULL;
 415        char kname[XATTR_NAME_MAX + 1];
 416
 417        error = strncpy_from_user(kname, name, sizeof(kname));
 418        if (error == 0 || error == sizeof(kname))
 419                error = -ERANGE;
 420        if (error < 0)
 421                return error;
 422
 423        if (size) {
 424                if (size > XATTR_SIZE_MAX)
 425                        size = XATTR_SIZE_MAX;
 426                kvalue = kzalloc(size, GFP_KERNEL);
 427                if (!kvalue)
 428                        return -ENOMEM;
 429        }
 430
 431        error = vfs_getxattr(d, kname, kvalue, size);
 432        if (error > 0) {
 433                if (size && copy_to_user(value, kvalue, error))
 434                        error = -EFAULT;
 435        } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
 436                /* The file system tried to returned a value bigger
 437                   than XATTR_SIZE_MAX bytes. Not possible. */
 438                error = -E2BIG;
 439        }
 440        kfree(kvalue);
 441        return error;
 442}
 443
 444SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
 445                const char __user *, name, void __user *, value, size_t, size)
 446{
 447        struct path path;
 448        ssize_t error;
 449
 450        error = user_path(pathname, &path);
 451        if (error)
 452                return error;
 453        error = getxattr(path.dentry, name, value, size);
 454        path_put(&path);
 455        return error;
 456}
 457
 458SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
 459                const char __user *, name, void __user *, value, size_t, size)
 460{
 461        struct path path;
 462        ssize_t error;
 463
 464        error = user_lpath(pathname, &path);
 465        if (error)
 466                return error;
 467        error = getxattr(path.dentry, name, value, size);
 468        path_put(&path);
 469        return error;
 470}
 471
 472SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
 473                void __user *, value, size_t, size)
 474{
 475        struct file *f;
 476        ssize_t error = -EBADF;
 477
 478        f = fget(fd);
 479        if (!f)
 480                return error;
 481        audit_inode(NULL, f->f_path.dentry);
 482        error = getxattr(f->f_path.dentry, name, value, size);
 483        fput(f);
 484        return error;
 485}
 486
 487/*
 488 * Extended attribute LIST operations
 489 */
 490static ssize_t
 491listxattr(struct dentry *d, char __user *list, size_t size)
 492{
 493        ssize_t error;
 494        char *klist = NULL;
 495
 496        if (size) {
 497                if (size > XATTR_LIST_MAX)
 498                        size = XATTR_LIST_MAX;
 499                klist = kmalloc(size, GFP_KERNEL);
 500                if (!klist)
 501                        return -ENOMEM;
 502        }
 503
 504        error = vfs_listxattr(d, klist, size);
 505        if (error > 0) {
 506                if (size && copy_to_user(list, klist, error))
 507                        error = -EFAULT;
 508        } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
 509                /* The file system tried to returned a list bigger
 510                   than XATTR_LIST_MAX bytes. Not possible. */
 511                error = -E2BIG;
 512        }
 513        kfree(klist);
 514        return error;
 515}
 516
 517SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
 518                size_t, size)
 519{
 520        struct path path;
 521        ssize_t error;
 522
 523        error = user_path(pathname, &path);
 524        if (error)
 525                return error;
 526        error = listxattr(path.dentry, list, size);
 527        path_put(&path);
 528        return error;
 529}
 530
 531SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
 532                size_t, size)
 533{
 534        struct path path;
 535        ssize_t error;
 536
 537        error = user_lpath(pathname, &path);
 538        if (error)
 539                return error;
 540        error = listxattr(path.dentry, list, size);
 541        path_put(&path);
 542        return error;
 543}
 544
 545SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
 546{
 547        struct file *f;
 548        ssize_t error = -EBADF;
 549
 550        f = fget(fd);
 551        if (!f)
 552                return error;
 553        audit_inode(NULL, f->f_path.dentry);
 554        error = listxattr(f->f_path.dentry, list, size);
 555        fput(f);
 556        return error;
 557}
 558
 559/*
 560 * Extended attribute REMOVE operations
 561 */
 562static long
 563removexattr(struct dentry *d, const char __user *name)
 564{
 565        int error;
 566        char kname[XATTR_NAME_MAX + 1];
 567
 568        error = strncpy_from_user(kname, name, sizeof(kname));
 569        if (error == 0 || error == sizeof(kname))
 570                error = -ERANGE;
 571        if (error < 0)
 572                return error;
 573
 574        return vfs_removexattr(d, kname);
 575}
 576
 577SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
 578                const char __user *, name)
 579{
 580        struct path path;
 581        int error;
 582
 583        error = user_path(pathname, &path);
 584        if (error)
 585                return error;
 586        error = mnt_want_write(path.mnt);
 587        if (!error) {
 588                error = removexattr(path.dentry, name);
 589                mnt_drop_write(path.mnt);
 590        }
 591        path_put(&path);
 592        return error;
 593}
 594
 595SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
 596                const char __user *, name)
 597{
 598        struct path path;
 599        int error;
 600
 601        error = user_lpath(pathname, &path);
 602        if (error)
 603                return error;
 604        error = mnt_want_write(path.mnt);
 605        if (!error) {
 606                error = removexattr(path.dentry, name);
 607                mnt_drop_write(path.mnt);
 608        }
 609        path_put(&path);
 610        return error;
 611}
 612
 613SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
 614{
 615        struct file *f;
 616        struct dentry *dentry;
 617        int error = -EBADF;
 618
 619        f = fget(fd);
 620        if (!f)
 621                return error;
 622        dentry = f->f_path.dentry;
 623        audit_inode(NULL, dentry);
 624        error = mnt_want_write_file(f);
 625        if (!error) {
 626                error = removexattr(dentry, name);
 627                mnt_drop_write_file(f);
 628        }
 629        fput(f);
 630        return error;
 631}
 632
 633
 634static const char *
 635strcmp_prefix(const char *a, const char *a_prefix)
 636{
 637        while (*a_prefix && *a == *a_prefix) {
 638                a++;
 639                a_prefix++;
 640        }
 641        return *a_prefix ? NULL : a;
 642}
 643
 644/*
 645 * In order to implement different sets of xattr operations for each xattr
 646 * prefix with the generic xattr API, a filesystem should create a
 647 * null-terminated array of struct xattr_handler (one for each prefix) and
 648 * hang a pointer to it off of the s_xattr field of the superblock.
 649 *
 650 * The generic_fooxattr() functions will use this list to dispatch xattr
 651 * operations to the correct xattr_handler.
 652 */
 653#define for_each_xattr_handler(handlers, handler)               \
 654                for ((handler) = *(handlers)++;                 \
 655                        (handler) != NULL;                      \
 656                        (handler) = *(handlers)++)
 657
 658/*
 659 * Find the xattr_handler with the matching prefix.
 660 */
 661static const struct xattr_handler *
 662xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
 663{
 664        const struct xattr_handler *handler;
 665
 666        if (!*name)
 667                return NULL;
 668
 669        for_each_xattr_handler(handlers, handler) {
 670                const char *n = strcmp_prefix(*name, handler->prefix);
 671                if (n) {
 672                        *name = n;
 673                        break;
 674                }
 675        }
 676        return handler;
 677}
 678
 679/*
 680 * Find the handler for the prefix and dispatch its get() operation.
 681 */
 682ssize_t
 683generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
 684{
 685        const struct xattr_handler *handler;
 686
 687        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 688        if (!handler)
 689                return -EOPNOTSUPP;
 690        return handler->get(dentry, name, buffer, size, handler->flags);
 691}
 692
 693/*
 694 * Combine the results of the list() operation from every xattr_handler in the
 695 * list.
 696 */
 697ssize_t
 698generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 699{
 700        const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
 701        unsigned int size = 0;
 702
 703        if (!buffer) {
 704                for_each_xattr_handler(handlers, handler) {
 705                        size += handler->list(dentry, NULL, 0, NULL, 0,
 706                                              handler->flags);
 707                }
 708        } else {
 709                char *buf = buffer;
 710
 711                for_each_xattr_handler(handlers, handler) {
 712                        size = handler->list(dentry, buf, buffer_size,
 713                                             NULL, 0, handler->flags);
 714                        if (size > buffer_size)
 715                                return -ERANGE;
 716                        buf += size;
 717                        buffer_size -= size;
 718                }
 719                size = buf - buffer;
 720        }
 721        return size;
 722}
 723
 724/*
 725 * Find the handler for the prefix and dispatch its set() operation.
 726 */
 727int
 728generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
 729{
 730        const struct xattr_handler *handler;
 731
 732        if (size == 0)
 733                value = "";  /* empty EA, do not remove */
 734        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 735        if (!handler)
 736                return -EOPNOTSUPP;
 737        return handler->set(dentry, name, value, size, flags, handler->flags);
 738}
 739
 740/*
 741 * Find the handler for the prefix and dispatch its set() operation to remove
 742 * any associated extended attribute.
 743 */
 744int
 745generic_removexattr(struct dentry *dentry, const char *name)
 746{
 747        const struct xattr_handler *handler;
 748
 749        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 750        if (!handler)
 751                return -EOPNOTSUPP;
 752        return handler->set(dentry, name, NULL, 0,
 753                            XATTR_REPLACE, handler->flags);
 754}
 755
 756EXPORT_SYMBOL(generic_getxattr);
 757EXPORT_SYMBOL(generic_listxattr);
 758EXPORT_SYMBOL(generic_setxattr);
 759EXPORT_SYMBOL(generic_removexattr);
 760
The original LXR software by the LXR community, this experimental version by lxr@linux.no.
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.