LSM: lift parsing LSM options into the caller of ->sb_kern_mount()

This paves the way for retaining the LSM options from a common filesystem
mount context during a mount parameter parsing phase to be instituted prior
to actual mount/reconfiguration actions.

Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

3 files changed, 9 insertions, 43 deletions

diff --git a/security/security.c b/security/security.c
index 04d173eb93f6..b5fc8e1e849c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -395,9 +395,10 @@ int security_sb_remount(struct super_block *sb, void *data)
         return call_int_hook(sb_remount, 0, sb, data);
 }
 
-int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
+int security_sb_kern_mount(struct super_block *sb, int flags,
+                           struct security_mnt_opts *opts)
 {
-        return call_int_hook(sb_kern_mount, 0, sb, flags, data);
+        return call_int_hook(sb_kern_mount, 0, sb, flags, opts);
 }
 
 int security_sb_show_options(struct seq_file *m, struct super_block *sb)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4bd6f9435e2f..ba229d4a64d3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2897,30 +2897,12 @@ out_bad_option:
         goto out_free_opts;
 }
 
-static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
+static int selinux_sb_kern_mount(struct super_block *sb, int flags,
+                                 struct security_mnt_opts *opts)
 {
-        char *options = data;
         const struct cred *cred = current_cred();
         struct common_audit_data ad;
-        int rc = 0;
-        struct security_mnt_opts opts;
-
-        security_init_mnt_opts(&opts);
-
-        if (!data)
-                goto out;
-
-        BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
-
-        rc = selinux_parse_opts_str(options, &opts);
-        if (rc)
-                goto out_err;
-
-out:
-        rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
-
-out_err:
-        security_free_mnt_opts(&opts);
+        int rc = selinux_set_mnt_opts(sb, opts, 0, NULL);
         if (rc)
                 return rc;
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 73e41797960e..1d465ae3d11c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -859,27 +859,10 @@ static int smack_set_mnt_opts(struct super_block *sb,
  *
  * Returns 0 on success, an error code on failure
  */
-static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
+static int smack_sb_kern_mount(struct super_block *sb, int flags,
+                               struct security_mnt_opts *opts)
 {
-        int rc = 0;
-        char *options = data;
-        struct security_mnt_opts opts;
-
-        security_init_mnt_opts(&opts);
-
-        if (!options)
-                goto out;
-
-        rc = smack_parse_opts_str(options, &opts);
-        if (rc)
-                goto out_err;
-
-out:
-        rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
-
-out_err:
-        security_free_mnt_opts(&opts);
-        return rc;
+        return smack_set_mnt_opts(sb, opts, 0, NULL);
 }
 
 /**