LSM: lift extracting and parsing LSM options into the caller of ->sb_remount()

This paves the way for retaining the LSM options from a common filesystem mount context during a mount parameter parsing phase to be instituted prior to actual mount/reconfiguration actions. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2018-12-01 23:06:57 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2018-12-21 11:45:41 -0500
commit: c039bc3c2498724946304a8f964244a9b6af1043 (patch)
tree: ce98ee8e698a28cbaed969460457941e8b34f2e3 /security/selinux/hooks.c
parent: 6be8750b4cba8c37170f46b29841d112f1be749b (diff)
1 files changed, 12 insertions, 35 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ba229d4a64d3..ba3e2917bd24 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2812,39 +2812,22 @@ out:
        return rc;
 }
-static int selinux_sb_remount(struct super_block *sb, void *data)
+static int selinux_sb_remount(struct super_block *sb,
+                              struct security_mnt_opts *opts)
 {
-        int rc, i, *flags;
+        int i, *flags;
-        struct security_mnt_opts opts;
+        char **mount_options;
-        char *secdata, **mount_options;
        struct superblock_security_struct *sbsec = sb->s_security;
        if (!(sbsec->flags & SE_SBINITIALIZED))
                return 0;
-        if (!data)
+        mount_options = opts->mnt_opts;
-                return 0;
+        flags = opts->mnt_opts_flags;
-        if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
-                return 0;
-        security_init_mnt_opts(&opts);
-        secdata = alloc_secdata();
-        if (!secdata)
-                return -ENOMEM;
-        rc = selinux_sb_copy_data(data, secdata);
-        if (rc)
-                goto out_free_secdata;
-        rc = selinux_parse_opts_str(secdata, &opts);
-        if (rc)
-                goto out_free_secdata;
-        mount_options = opts.mnt_opts;
+        for (i = 0; i < opts->num_mnt_opts; i++) {
-        flags = opts.mnt_opts_flags;
-        for (i = 0; i < opts.num_mnt_opts; i++) {
                u32 sid;
+                int rc;
                if (flags[i] == SBLABEL_MNT)
                        continue;
@@ -2855,9 +2838,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
                        pr_warn("SELinux: security_context_str_to_sid"
                               "(%s) failed for (dev %s, type %s) errno=%d\n",
                               mount_options[i], sb->s_id, sb->s_type->name, rc);
-                        goto out_free_opts;
+                        return rc;
                }
-                rc = -EINVAL;
                switch (flags[i]) {
                case FSCONTEXT_MNT:
                        if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
@@ -2880,21 +2862,16 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
                                goto out_bad_option;
                        break;
                default:
-                        goto out_free_opts;
+                        return -EINVAL;
                }
        }
+        return 0;
-        rc = 0;
-out_free_opts:
-        security_free_mnt_opts(&opts);
-out_free_secdata:
-        free_secdata(secdata);
-        return rc;
 out_bad_option:
        pr_warn("SELinux: unable to change security options "
               "during remount (dev %s, type=%s)\n", sb->s_id,
               sb->s_type->name);
-        goto out_free_opts;
+        return -EINVAL;
 }
 static int selinux_sb_kern_mount(struct super_block *sb, int flags,
author	Al Viro <viro@zeniv.linux.org.uk>	2018-12-01 23:06:57 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2018-12-21 11:45:41 -0500
commit	c039bc3c2498724946304a8f964244a9b6af1043 (patch)
tree	ce98ee8e698a28cbaed969460457941e8b34f2e3 /security/selinux/hooks.c
parent	6be8750b4cba8c37170f46b29841d112f1be749b (diff)