int err;
struct super_block *sb = path->mnt->mnt_sb;
struct mount *mnt = real_mount(path->mnt);
+ struct security_mnt_opts opts;
if (!check_mnt(mnt))
return -EINVAL;
if (!can_change_locked_flags(mnt, mnt_flags))
return -EPERM;
- err = security_sb_remount(sb, data);
+ security_init_mnt_opts(&opts);
+ if (data && !(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)) {
+ char *secdata = alloc_secdata();
+ if (!secdata)
+ return -ENOMEM;
+ err = security_sb_copy_data(data, secdata);
+ if (err) {
+ free_secdata(secdata);
+ return err;
+ }
+ err = security_sb_parse_opts_str(secdata, &opts);
+ free_secdata(secdata);
+ if (err)
+ return err;
+ }
+ err = security_sb_remount(sb, &opts);
+ security_free_mnt_opts(&opts);
if (err)
return err;
int (*sb_alloc_security)(struct super_block *sb);
void (*sb_free_security)(struct super_block *sb);
int (*sb_copy_data)(char *orig, char *copy);
- int (*sb_remount)(struct super_block *sb, void *data);
+ int (*sb_remount)(struct super_block *sb,
+ struct security_mnt_opts *opts);
int (*sb_kern_mount)(struct super_block *sb, int flags,
struct security_mnt_opts *opts);
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
int security_sb_copy_data(char *orig, char *copy);
-int security_sb_remount(struct super_block *sb, void *data);
+int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts);
int security_sb_kern_mount(struct super_block *sb, int flags,
struct security_mnt_opts *opts);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
return 0;
}
-static inline int security_sb_remount(struct super_block *sb, void *data)
+static inline int security_sb_remount(struct super_block *sb,
+ struct security_mnt_opts *opts)
{
return 0;
}
}
EXPORT_SYMBOL(security_sb_copy_data);
-int security_sb_remount(struct super_block *sb, void *data)
+int security_sb_remount(struct super_block *sb,
+ struct security_mnt_opts *opts)
{
- return call_int_hook(sb_remount, 0, sb, data);
+ return call_int_hook(sb_remount, 0, sb, opts);
}
int security_sb_kern_mount(struct super_block *sb, int flags,
return rc;
}
-static int selinux_sb_remount(struct super_block *sb, void *data)
+static int selinux_sb_remount(struct super_block *sb,
+ struct security_mnt_opts *opts)
{
- int rc, i, *flags;
- struct security_mnt_opts opts;
- char *secdata, **mount_options;
+ int i, *flags;
+ char **mount_options;
struct superblock_security_struct *sbsec = sb->s_security;
if (!(sbsec->flags & SE_SBINITIALIZED))
return 0;
- if (!data)
- return 0;
-
- if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
- return 0;
-
- security_init_mnt_opts(&opts);
- secdata = alloc_secdata();
- if (!secdata)
- return -ENOMEM;
- rc = selinux_sb_copy_data(data, secdata);
- if (rc)
- goto out_free_secdata;
-
- rc = selinux_parse_opts_str(secdata, &opts);
- if (rc)
- goto out_free_secdata;
+ mount_options = opts->mnt_opts;
+ flags = opts->mnt_opts_flags;
- mount_options = opts.mnt_opts;
- flags = opts.mnt_opts_flags;
-
- for (i = 0; i < opts.num_mnt_opts; i++) {
+ for (i = 0; i < opts->num_mnt_opts; i++) {
u32 sid;
+ int rc;
if (flags[i] == SBLABEL_MNT)
continue;
pr_warn("SELinux: security_context_str_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, sb->s_type->name, rc);
- goto out_free_opts;
+ return rc;
}
- rc = -EINVAL;
switch (flags[i]) {
case FSCONTEXT_MNT:
if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
goto out_bad_option;
break;
default:
- goto out_free_opts;
+ return -EINVAL;
}
}
+ return 0;
- rc = 0;
-out_free_opts:
- security_free_mnt_opts(&opts);
-out_free_secdata:
- free_secdata(secdata);
- return rc;
out_bad_option:
pr_warn("SELinux: unable to change security options "
"during remount (dev %s, type=%s)\n", sb->s_id,
sb->s_type->name);
- goto out_free_opts;
+ return -EINVAL;
}
static int selinux_sb_kern_mount(struct super_block *sb, int flags,
projects / linux.git / commitdiff