diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-14 23:42:21 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-21 11:50:02 -0500 |
| commit | 757cbe597fe8490c7c0a9650ebe5d60195f151d4 (patch) | |
| tree | 3603e26c54988aa08e45592f7955439974239e54 /security/selinux | |
| parent | 99dbbb593fe6b39153c15ea9b9c63ea911864cf2 (diff) | |
LSM: new method: ->sb_add_mnt_opt()
Adding options to growing mnt_opts. NFS kludge with passing
context= down into non-text-options mount switched to it, and
with that the last use of ->sb_parse_opts_str() is gone.
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 45 |
1 files changed, 19 insertions, 26 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5336d6671c5c..5bc230327bc0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1049,40 +1049,33 @@ Einval: | |||
| 1049 | return -EINVAL; | 1049 | return -EINVAL; |
| 1050 | } | 1050 | } |
| 1051 | 1051 | ||
| 1052 | static int selinux_parse_opts_str(char *options, | 1052 | static int selinux_add_mnt_opt(const char *option, const char *val, int len, |
| 1053 | void **mnt_opts) | 1053 | void **mnt_opts) |
| 1054 | { | 1054 | { |
| 1055 | char *p = options, *next; | 1055 | int token = Opt_error; |
| 1056 | int rc; | 1056 | int rc, i; |
| 1057 | |||
| 1058 | /* Standard string-based options. */ | ||
| 1059 | for (p = options; *p; p = next) { | ||
| 1060 | int token, len; | ||
| 1061 | char *arg = NULL; | ||
| 1062 | 1057 | ||
| 1063 | next = strchr(p, '|'); | 1058 | for (i = 0; i < ARRAY_SIZE(tokens); i++) { |
| 1064 | if (next) { | 1059 | if (strcmp(option, tokens[i].name) == 0) { |
| 1065 | len = next++ - p; | 1060 | token = tokens[i].opt; |
| 1066 | } else { | 1061 | break; |
| 1067 | len = strlen(p); | ||
| 1068 | next = p + len; | ||
| 1069 | } | 1062 | } |
| 1063 | } | ||
| 1070 | 1064 | ||
| 1071 | if (!len) | 1065 | if (token == Opt_error) |
| 1072 | continue; | 1066 | return -EINVAL; |
| 1073 | 1067 | ||
| 1074 | token = match_opt_prefix(p, len, &arg); | 1068 | if (token != Opt_seclabel) |
| 1075 | if (arg) | 1069 | val = kmemdup_nul(val, len, GFP_KERNEL); |
| 1076 | arg = kmemdup_nul(arg, p + len - arg, GFP_KERNEL); | 1070 | rc = selinux_add_opt(token, val, mnt_opts); |
| 1077 | rc = selinux_add_opt(token, arg, mnt_opts); | 1071 | if (unlikely(rc)) { |
| 1078 | if (rc) { | 1072 | kfree(val); |
| 1079 | kfree(arg); | 1073 | if (*mnt_opts) { |
| 1080 | selinux_free_mnt_opts(*mnt_opts); | 1074 | selinux_free_mnt_opts(*mnt_opts); |
| 1081 | *mnt_opts = NULL; | 1075 | *mnt_opts = NULL; |
| 1082 | return rc; | ||
| 1083 | } | 1076 | } |
| 1084 | } | 1077 | } |
| 1085 | return 0; | 1078 | return rc; |
| 1086 | } | 1079 | } |
| 1087 | 1080 | ||
| 1088 | static int show_sid(struct seq_file *m, u32 sid) | 1081 | static int show_sid(struct seq_file *m, u32 sid) |
| @@ -6726,7 +6719,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6726 | LSM_HOOK_INIT(sb_umount, selinux_umount), | 6719 | LSM_HOOK_INIT(sb_umount, selinux_umount), |
| 6727 | LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts), | 6720 | LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts), |
| 6728 | LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts), | 6721 | LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts), |
| 6729 | LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str), | 6722 | LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt), |
| 6730 | 6723 | ||
| 6731 | LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security), | 6724 | LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security), |
| 6732 | LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as), | 6725 | LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as), |