255 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in inode_free_security()  local
257 	spin_lock(&sbsec->isec_lock);  in inode_free_security()
260 	spin_unlock(&sbsec->isec_lock);  in inode_free_security()
299 	struct superblock_security_struct *sbsec;  in superblock_alloc_security()  local
301 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in superblock_alloc_security()
302 	if (!sbsec)  in superblock_alloc_security()
305 	mutex_init(&sbsec->lock);  in superblock_alloc_security()
306 	INIT_LIST_HEAD(&sbsec->isec_head);  in superblock_alloc_security()
307 	spin_lock_init(&sbsec->isec_lock);  in superblock_alloc_security()
308 	sbsec->sb = sb;  in superblock_alloc_security()
309 	sbsec->sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
310 	sbsec->def_sid = SECINITSID_FILE;  in superblock_alloc_security()
311 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
312 	sb->s_security = sbsec;  in superblock_alloc_security()
319 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
321 	kfree(sbsec);  in superblock_free_security()
367 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
373 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
384 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
389 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
394 	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
401 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
403 	return sbsec->behavior == SECURITY_FS_USE_XATTR ||  in selinux_is_sblabel_mnt()
404 		sbsec->behavior == SECURITY_FS_USE_TRANS ||  in selinux_is_sblabel_mnt()
405 		sbsec->behavior == SECURITY_FS_USE_TASK ||  in selinux_is_sblabel_mnt()
406 		sbsec->behavior == SECURITY_FS_USE_NATIVE ||  in selinux_is_sblabel_mnt()
416 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
421 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
447 	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))  in sb_finish_set_opts()
451 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
453 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
462 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
464 	if (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
466 				list_entry(sbsec->isec_head.next,  in sb_finish_set_opts()
470 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
477 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
480 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
494 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_get_mnt_opts()  local
501 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_get_mnt_opts()
510 	tmp = sbsec->flags & SE_MNTMASK;  in selinux_get_mnt_opts()
518 	if (sbsec->flags & SBLABEL_MNT)  in selinux_get_mnt_opts()
534 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_get_mnt_opts()
535 		rc = security_sid_to_context(sbsec->sid, &context, &len);  in selinux_get_mnt_opts()
541 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_get_mnt_opts()
542 		rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);  in selinux_get_mnt_opts()
548 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_get_mnt_opts()
549 		rc = security_sid_to_context(sbsec->def_sid, &context, &len);  in selinux_get_mnt_opts()
555 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_get_mnt_opts()
556 		struct inode *root = d_backing_inode(sbsec->sb->s_root);  in selinux_get_mnt_opts()
565 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_get_mnt_opts()
579 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
582 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
585 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
586 		if (!(sbsec->flags & flag) ||  in bad_option()
593 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
610 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
612 	struct inode *inode = d_backing_inode(sbsec->sb->s_root);  in selinux_set_mnt_opts()
620 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
652 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
678 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
682 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
687 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
691 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
696 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
700 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
706 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
710 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
719 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
721 		if ((sbsec->flags & SE_MNTMASK) && !num_opts)  in selinux_set_mnt_opts()
728 		sbsec->flags |= SE_SBPROC;  in selinux_set_mnt_opts()
730 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
745 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
749 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
758 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
764 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
768 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
770 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
778 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
779 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
783 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
793 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
794 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
801 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
803 							     sbsec, cred);  in selinux_set_mnt_opts()
808 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
813 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1264 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1280 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1281 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1285 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1287 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1288 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1292 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1297 			isec->sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1365 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1369 							     sbsec->def_sid,  in inode_doinit_with_dentry()
1399 		isec->sid = sbsec->sid;  in inode_doinit_with_dentry()
1403 		rc = security_transition_sid(isec->task_sid, sbsec->sid,  in inode_doinit_with_dentry()
1410 		isec->sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1414 		isec->sid = sbsec->sid;  in inode_doinit_with_dentry()
1416 		if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {  in inode_doinit_with_dentry()
1695 	struct superblock_security_struct *sbsec;  in may_create()  local
1701 	sbsec = dir->i_sb->s_security;  in may_create()
1715 	if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {  in may_create()
1726 	return avc_has_perm(newsid, sbsec->sid,  in may_create()
1849 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1852 	sbsec = sb->s_security;  in superblock_has_perm()
1853 	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2578 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2580 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2622 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2626 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2633 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2638 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
2730 	struct superblock_security_struct *sbsec;  in selinux_dentry_init_security()  local
2737 	sbsec = dir->i_sb->s_security;  in selinux_dentry_init_security()
2739 	if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {  in selinux_dentry_init_security()
2764 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2770 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
2775 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_inode_init_security()
2776 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))  in selinux_inode_init_security()
2777 		newsid = sbsec->mntpoint_sid;  in selinux_inode_init_security()
2778 	else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {  in selinux_inode_init_security()
2793 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2800 	if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
2988 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
2996 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
2997 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3053 			    sbsec->sid,  in selinux_inode_setxattr()