Lines Matching defs:sbsec
258 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
260 spin_lock(&sbsec->isec_lock);
263 spin_unlock(&sbsec->isec_lock);
302 struct superblock_security_struct *sbsec;
304 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
305 if (!sbsec)
308 mutex_init(&sbsec->lock);
309 INIT_LIST_HEAD(&sbsec->isec_head);
310 spin_lock_init(&sbsec->isec_lock);
311 sbsec->sb = sb;
312 sbsec->sid = SECINITSID_UNLABELED;
313 sbsec->def_sid = SECINITSID_FILE;
314 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
315 sb->s_security = sbsec;
322 struct superblock_security_struct *sbsec = sb->s_security;
324 kfree(sbsec);
370 struct superblock_security_struct *sbsec,
376 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
387 struct superblock_security_struct *sbsec,
392 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
397 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
404 struct superblock_security_struct *sbsec = sb->s_security;
406 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
407 sbsec->behavior == SECURITY_FS_USE_TRANS ||
408 sbsec->behavior == SECURITY_FS_USE_TASK ||
418 struct superblock_security_struct *sbsec = sb->s_security;
423 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
449 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
455 labeling_behaviors[sbsec->behavior-1]);
457 sbsec->flags |= SE_SBINITIALIZED;
459 sbsec->flags |= SBLABEL_MNT;
468 spin_lock(&sbsec->isec_lock);
470 if (!list_empty(&sbsec->isec_head)) {
472 list_entry(sbsec->isec_head.next,
476 spin_unlock(&sbsec->isec_lock);
483 spin_lock(&sbsec->isec_lock);
486 spin_unlock(&sbsec->isec_lock);
500 struct superblock_security_struct *sbsec = sb->s_security;
507 if (!(sbsec->flags & SE_SBINITIALIZED))
516 tmp = sbsec->flags & SE_MNTMASK;
524 if (sbsec->flags & SBLABEL_MNT)
540 if (sbsec->flags & FSCONTEXT_MNT) {
541 rc = security_sid_to_context(sbsec->sid, &context, &len);
547 if (sbsec->flags & CONTEXT_MNT) {
548 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
554 if (sbsec->flags & DEFCONTEXT_MNT) {
555 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
561 if (sbsec->flags & ROOTCONTEXT_MNT) {
562 struct inode *root = sbsec->sb->s_root->d_inode;
571 if (sbsec->flags & SBLABEL_MNT) {
585 static int bad_option(struct superblock_security_struct *sbsec, char flag,
588 char mnt_flags = sbsec->flags & SE_MNTMASK;
591 if (sbsec->flags & SE_SBINITIALIZED)
592 if (!(sbsec->flags & flag) ||
599 if (!(sbsec->flags & SE_SBINITIALIZED))
616 struct superblock_security_struct *sbsec = sb->s_security;
618 struct inode *inode = sbsec->sb->s_root->d_inode;
626 mutex_lock(&sbsec->lock);
658 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
684 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
688 sbsec->flags |= FSCONTEXT_MNT;
693 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
697 sbsec->flags |= CONTEXT_MNT;
702 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
706 sbsec->flags |= ROOTCONTEXT_MNT;
712 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
716 sbsec->flags |= DEFCONTEXT_MNT;
725 if (sbsec->flags & SE_SBINITIALIZED) {
727 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
734 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
739 sbsec->flags |= SE_SBGENFS;
741 if (!sbsec->behavior) {
756 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
760 sbsec->sid = fscontext_sid;
769 sbsec->behavior = SECURITY_FS_USE_NATIVE;
775 rc = may_context_mount_sb_relabel(context_sid, sbsec,
779 sbsec->sid = context_sid;
781 rc = may_context_mount_inode_relabel(context_sid, sbsec,
789 sbsec->mntpoint_sid = context_sid;
790 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
794 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
804 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
805 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
812 if (defcontext_sid != sbsec->def_sid) {
814 sbsec, cred);
819 sbsec->def_sid = defcontext_sid;
824 mutex_unlock(&sbsec->lock);
1042 * string mount options parsing and call set the sbsec
1270 struct superblock_security_struct *sbsec = NULL;
1286 sbsec = inode->i_sb->s_security;
1287 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1291 spin_lock(&sbsec->isec_lock);
1293 list_add(&isec->list, &sbsec->isec_head);
1294 spin_unlock(&sbsec->isec_lock);
1298 switch (sbsec->behavior) {
1303 isec->sid = sbsec->def_sid;
1321 * sbsec->isec_head list. No reason to complain as these
1371 sid = sbsec->def_sid;
1375 sbsec->def_sid,
1405 isec->sid = sbsec->sid;
1409 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1416 isec->sid = sbsec->mntpoint_sid;
1420 isec->sid = sbsec->sid;
1422 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1437 * sbsec->isec_head list. No reason to complain as
1446 sbsec->flags, &sid);
1702 struct superblock_security_struct *sbsec;
1708 sbsec = dir->i_sb->s_security;
1722 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1733 return avc_has_perm(newsid, sbsec->sid,
1856 struct superblock_security_struct *sbsec;
1859 sbsec = sb->s_security;
1860 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2576 struct superblock_security_struct *sbsec = sb->s_security;
2578 if (!(sbsec->flags & SE_SBINITIALIZED))
2620 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2624 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2631 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2636 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2728 struct superblock_security_struct *sbsec;
2735 sbsec = dir->i_sb->s_security;
2737 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2762 struct superblock_security_struct *sbsec;
2768 sbsec = dir->i_sb->s_security;
2773 if ((sbsec->flags & SE_SBINITIALIZED) &&
2774 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2775 newsid = sbsec->mntpoint_sid;
2776 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2791 if (sbsec->flags & SE_SBINITIALIZED) {
2798 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2993 struct superblock_security_struct *sbsec;
3001 sbsec = inode->i_sb->s_security;
3002 if (!(sbsec->flags & SBLABEL_MNT))
3058 sbsec->sid,