introduce cloning of fs_context

new primitive: vfs_dup_fs_context(). Comes with fs_context method (->dup()) for copying the filesystem-specific parts of fs_context, along with LSM one (->fs_context_dup()) for doing the same to LSM parts. [needs better commit message, and change of Author:, anyway] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2018-12-23 16:02:47 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2019-02-28 03:29:27 -0500
commit: 0b52075ee62301dd150c9f2c3ddd0035ed894cde (patch)
tree: bb5b54d2fee0e0e37f73635030dc0e25e93c9aa5 /security/selinux
parent: cb50b348c71ffa90d7d1b2a494b553b5099bc090 (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f99381e97d73..4ba83de5fa80 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2764,6 +2764,44 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
                                   FILESYSTEM__UNMOUNT, NULL);
 }
+static int selinux_fs_context_dup(struct fs_context *fc,
+                                  struct fs_context *src_fc)
+{
+        const struct selinux_mnt_opts *src = src_fc->security;
+        struct selinux_mnt_opts *opts;
+        if (!src)
+                return 0;
+        fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
+        if (!fc->security)
+                return -ENOMEM;
+        opts = fc->security;
+        if (src->fscontext) {
+                opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
+                if (!opts->fscontext)
+                        return -ENOMEM;
+        }
+        if (src->context) {
+                opts->context = kstrdup(src->context, GFP_KERNEL);
+                if (!opts->context)
+                        return -ENOMEM;
+        }
+        if (src->rootcontext) {
+                opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
+                if (!opts->rootcontext)
+                        return -ENOMEM;
+        }
+        if (src->defcontext) {
+                opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
+                if (!opts->defcontext)
+                        return -ENOMEM;
+        }
+        return 0;
+}
 static const struct fs_parameter_spec selinux_param_specs[] = {
        fsparam_string(CONTEXT_STR,     Opt_context),
        fsparam_string(DEFCONTEXT_STR,  Opt_defcontext),
@@ -6745,6 +6783,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
        LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
        LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
+        LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
        LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
        LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
author	Al Viro <viro@zeniv.linux.org.uk>	2018-12-23 16:02:47 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2019-02-28 03:29:27 -0500
commit	0b52075ee62301dd150c9f2c3ddd0035ed894cde (patch)
tree	bb5b54d2fee0e0e37f73635030dc0e25e93c9aa5 /security/selinux
parent	cb50b348c71ffa90d7d1b2a494b553b5099bc090 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f99381e97d73..4ba83de5fa80 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -2764,6 +2764,44 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
2764	FILESYSTEM__UNMOUNT, NULL);	2764	FILESYSTEM__UNMOUNT, NULL);
2765	}	2765	}
2766		2766
		2767	static int selinux_fs_context_dup(struct fs_context *fc,
		2768	struct fs_context *src_fc)
		2769	{
		2770	const struct selinux_mnt_opts *src = src_fc->security;
		2771	struct selinux_mnt_opts *opts;
		2772
		2773	if (!src)
		2774	return 0;
		2775
		2776	fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
		2777	if (!fc->security)
		2778	return -ENOMEM;
		2779
		2780	opts = fc->security;
		2781
		2782	if (src->fscontext) {
		2783	opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
		2784	if (!opts->fscontext)
		2785	return -ENOMEM;
		2786	}
		2787	if (src->context) {
		2788	opts->context = kstrdup(src->context, GFP_KERNEL);
		2789	if (!opts->context)
		2790	return -ENOMEM;
		2791	}
		2792	if (src->rootcontext) {
		2793	opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
		2794	if (!opts->rootcontext)
		2795	return -ENOMEM;
		2796	}
		2797	if (src->defcontext) {
		2798	opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
		2799	if (!opts->defcontext)
		2800	return -ENOMEM;
		2801	}
		2802	return 0;
		2803	}
		2804
2767	static const struct fs_parameter_spec selinux_param_specs[] = {	2805	static const struct fs_parameter_spec selinux_param_specs[] = {
2768	fsparam_string(CONTEXT_STR, Opt_context),	2806	fsparam_string(CONTEXT_STR, Opt_context),
2769	fsparam_string(DEFCONTEXT_STR, Opt_defcontext),	2807	fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
@@ -6745,6 +6783,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6745	LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),	6783	LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6746	LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),	6784	LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6747		6785
		6786	LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
6748	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),	6787	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
6749		6788
6750	LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),	6789	LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),