256 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in inode_free_security()  local
269 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
271 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
311 	struct superblock_security_struct *sbsec;  in superblock_alloc_security()  local
313 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in superblock_alloc_security()
314 	if (!sbsec)  in superblock_alloc_security()
317 	mutex_init(&sbsec->lock);  in superblock_alloc_security()
318 	INIT_LIST_HEAD(&sbsec->isec_head);  in superblock_alloc_security()
319 	spin_lock_init(&sbsec->isec_lock);  in superblock_alloc_security()
320 	sbsec->sb = sb;  in superblock_alloc_security()
321 	sbsec->sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
322 	sbsec->def_sid = SECINITSID_FILE;  in superblock_alloc_security()
323 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
324 	sb->s_security = sbsec;  in superblock_alloc_security()
331 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
333 	kfree(sbsec);  in superblock_free_security()
379 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
385 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
396 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
401 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
406 	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
413 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
415 	return sbsec->behavior == SECURITY_FS_USE_XATTR ||  in selinux_is_sblabel_mnt()
416 		sbsec->behavior == SECURITY_FS_USE_TRANS ||  in selinux_is_sblabel_mnt()
417 		sbsec->behavior == SECURITY_FS_USE_TASK ||  in selinux_is_sblabel_mnt()
418 		sbsec->behavior == SECURITY_FS_USE_NATIVE ||  in selinux_is_sblabel_mnt()
428 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
433 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
459 	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))  in sb_finish_set_opts()
463 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
465 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
474 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
476 	if (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
478 				list_entry(sbsec->isec_head.next,  in sb_finish_set_opts()
482 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
489 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
492 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
506 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_get_mnt_opts()  local
513 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_get_mnt_opts()
522 	tmp = sbsec->flags & SE_MNTMASK;  in selinux_get_mnt_opts()
530 	if (sbsec->flags & SBLABEL_MNT)  in selinux_get_mnt_opts()
546 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_get_mnt_opts()
547 		rc = security_sid_to_context(sbsec->sid, &context, &len);  in selinux_get_mnt_opts()
553 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_get_mnt_opts()
554 		rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);  in selinux_get_mnt_opts()
560 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_get_mnt_opts()
561 		rc = security_sid_to_context(sbsec->def_sid, &context, &len);  in selinux_get_mnt_opts()
567 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_get_mnt_opts()
568 		struct inode *root = d_backing_inode(sbsec->sb->s_root);  in selinux_get_mnt_opts()
577 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_get_mnt_opts()
591 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
594 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
597 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
598 		if (!(sbsec->flags & flag) ||  in bad_option()
605 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
622 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
624 	struct inode *inode = d_backing_inode(sbsec->sb->s_root);  in selinux_set_mnt_opts()
632 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
664 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
689 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
693 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
698 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
702 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
707 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
711 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
717 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
721 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
730 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
732 		if ((sbsec->flags & SE_MNTMASK) && !num_opts)  in selinux_set_mnt_opts()
739 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
744 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
746 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
761 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
765 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
774 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
780 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
784 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
786 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
794 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
795 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
799 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
809 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
810 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
817 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
819 							     sbsec, cred);  in selinux_set_mnt_opts()
824 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
829 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1287 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1303 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1304 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1308 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1310 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1311 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1315 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1320 			isec->sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1388 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1392 							     sbsec->def_sid,  in inode_doinit_with_dentry()
1422 		isec->sid = sbsec->sid;  in inode_doinit_with_dentry()
1426 		rc = security_transition_sid(isec->task_sid, sbsec->sid,  in inode_doinit_with_dentry()
1433 		isec->sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1437 		isec->sid = sbsec->sid;  in inode_doinit_with_dentry()
1439 		if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {  in inode_doinit_with_dentry()
1463 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1720 	const struct superblock_security_struct *sbsec = dir->i_sb->s_security;  in selinux_determine_inode_label()  local
1724 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1725 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1726 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1727 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1745 	struct superblock_security_struct *sbsec;  in may_create()  local
1751 	sbsec = dir->i_sb->s_security;  in may_create()
1773 	return avc_has_perm(newsid, sbsec->sid,  in may_create()
1896 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1899 	sbsec = sb->s_security;  in superblock_has_perm()
1900 	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2592 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2594 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2633 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2637 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2644 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2649 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
2757 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2763 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
2776 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2783 	if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
2984 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
2992 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
2993 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3049 			    sbsec->sid,  in selinux_inode_setxattr()