Lines Matching defs:sbsec
218 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
220 spin_lock(&sbsec->isec_lock);
223 spin_unlock(&sbsec->isec_lock);
254 struct superblock_security_struct *sbsec;
256 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
257 if (!sbsec)
260 mutex_init(&sbsec->lock);
261 INIT_LIST_HEAD(&sbsec->isec_head);
262 spin_lock_init(&sbsec->isec_lock);
263 sbsec->sb = sb;
264 sbsec->sid = SECINITSID_UNLABELED;
265 sbsec->def_sid = SECINITSID_FILE;
266 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
267 sb->s_security = sbsec;
274 struct superblock_security_struct *sbsec = sb->s_security;
276 kfree(sbsec);
322 struct superblock_security_struct *sbsec,
328 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
339 struct superblock_security_struct *sbsec,
344 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
349 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
356 struct superblock_security_struct *sbsec = sb->s_security;
361 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
387 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
389 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
395 labeling_behaviors[sbsec->behavior-1]);
397 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
398 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
399 sbsec->behavior == SECURITY_FS_USE_NONE ||
400 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
401 sbsec->flags &= ~SE_SBLABELSUPP;
405 sbsec->flags |= SE_SBLABELSUPP;
414 spin_lock(&sbsec->isec_lock);
416 if (!list_empty(&sbsec->isec_head)) {
418 list_entry(sbsec->isec_head.next,
421 spin_unlock(&sbsec->isec_lock);
428 spin_lock(&sbsec->isec_lock);
432 spin_unlock(&sbsec->isec_lock);
446 struct superblock_security_struct *sbsec = sb->s_security;
453 if (!(sbsec->flags & SE_SBINITIALIZED))
459 tmp = sbsec->flags & SE_MNTMASK;
467 if (sbsec->flags & SE_SBLABELSUPP)
483 if (sbsec->flags & FSCONTEXT_MNT) {
484 rc = security_sid_to_context(sbsec->sid, &context, &len);
490 if (sbsec->flags & CONTEXT_MNT) {
491 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
497 if (sbsec->flags & DEFCONTEXT_MNT) {
498 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
504 if (sbsec->flags & ROOTCONTEXT_MNT) {
505 struct inode *root = sbsec->sb->s_root->d_inode;
514 if (sbsec->flags & SE_SBLABELSUPP) {
528 static int bad_option(struct superblock_security_struct *sbsec, char flag,
531 char mnt_flags = sbsec->flags & SE_MNTMASK;
534 if (sbsec->flags & SE_SBINITIALIZED)
535 if (!(sbsec->flags & flag) ||
542 if (!(sbsec->flags & SE_SBINITIALIZED))
557 struct superblock_security_struct *sbsec = sb->s_security;
559 struct inode *inode = sbsec->sb->s_root->d_inode;
567 mutex_lock(&sbsec->lock);
593 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
619 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
623 sbsec->flags |= FSCONTEXT_MNT;
628 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
632 sbsec->flags |= CONTEXT_MNT;
637 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
641 sbsec->flags |= ROOTCONTEXT_MNT;
647 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
651 sbsec->flags |= DEFCONTEXT_MNT;
660 if (sbsec->flags & SE_SBINITIALIZED) {
662 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
669 sbsec->flags |= SE_SBPROC;
672 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
681 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
685 sbsec->sid = fscontext_sid;
695 rc = may_context_mount_sb_relabel(context_sid, sbsec,
699 sbsec->sid = context_sid;
701 rc = may_context_mount_inode_relabel(context_sid, sbsec,
709 sbsec->mntpoint_sid = context_sid;
710 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
714 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
724 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
731 if (defcontext_sid != sbsec->def_sid) {
733 sbsec, cred);
738 sbsec->def_sid = defcontext_sid;
743 mutex_unlock(&sbsec->lock);
930 * string mount options parsing and call set the sbsec
1166 struct superblock_security_struct *sbsec = NULL;
1182 sbsec = inode->i_sb->s_security;
1183 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1187 spin_lock(&sbsec->isec_lock);
1189 list_add(&isec->list, &sbsec->isec_head);
1190 spin_unlock(&sbsec->isec_lock);
1194 switch (sbsec->behavior) {
1197 isec->sid = sbsec->def_sid;
1215 * sbsec->isec_head list. No reason to complain as these
1265 sid = sbsec->def_sid;
1269 sbsec->def_sid,
1299 isec->sid = sbsec->sid;
1304 sbsec->sid,
1312 isec->sid = sbsec->mntpoint_sid;
1316 isec->sid = sbsec->sid;
1318 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1560 struct superblock_security_struct *sbsec;
1566 sbsec = dir->i_sb->s_security;
1580 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1590 return avc_has_perm(newsid, sbsec->sid,
1713 struct superblock_security_struct *sbsec;
1716 sbsec = sb->s_security;
1717 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2521 struct superblock_security_struct *sbsec;
2527 sbsec = dir->i_sb->s_security;
2532 if ((sbsec->flags & SE_SBINITIALIZED) &&
2533 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2534 newsid = sbsec->mntpoint_sid;
2535 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2550 if (sbsec->flags & SE_SBINITIALIZED) {
2557 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2713 struct superblock_security_struct *sbsec;
2721 sbsec = inode->i_sb->s_security;
2722 if (!(sbsec->flags & SE_SBLABELSUPP))
2756 sbsec->sid,