diff options
| author | Eric Paris <eparis@redhat.com> | 2012-10-10 14:27:35 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2013-07-25 13:03:24 -0400 |
| commit | b43e725d8d386bf2092473953b525aaae71b6c28 (patch) | |
| tree | cb370712e9683312529f469df2b15c8c63399375 /security/selinux/hooks.c | |
| parent | a64c54cf0811b8032fdab8c9d52576f0370837fa (diff) | |
SELinux: use a helper function to determine seclabel
Use a helper to determine if a superblock should have the seclabel flag
rather than doing it in the function. I'm going to use this in the
security server as well.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ec15a5694b9e..b222e966babe 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -354,6 +354,29 @@ static int may_context_mount_inode_relabel(u32 sid, | |||
| 354 | return rc; | 354 | return rc; |
| 355 | } | 355 | } |
| 356 | 356 | ||
| 357 | static int selinux_is_sblabel_mnt(struct super_block *sb) | ||
| 358 | { | ||
| 359 | struct superblock_security_struct *sbsec = sb->s_security; | ||
| 360 | |||
| 361 | if (sbsec->behavior == SECURITY_FS_USE_XATTR || | ||
| 362 | sbsec->behavior == SECURITY_FS_USE_TRANS || | ||
| 363 | sbsec->behavior == SECURITY_FS_USE_TASK) | ||
| 364 | return 1; | ||
| 365 | |||
| 366 | /* Special handling for sysfs. Is genfs but also has setxattr handler*/ | ||
| 367 | if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) | ||
| 368 | return 1; | ||
| 369 | |||
| 370 | /* | ||
| 371 | * Special handling for rootfs. Is genfs but supports | ||
| 372 | * setting SELinux context on in-core inodes. | ||
| 373 | */ | ||
| 374 | if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) | ||
| 375 | return 1; | ||
| 376 | |||
| 377 | return 0; | ||
| 378 | } | ||
| 379 | |||
| 357 | static int sb_finish_set_opts(struct super_block *sb) | 380 | static int sb_finish_set_opts(struct super_block *sb) |
| 358 | { | 381 | { |
| 359 | struct superblock_security_struct *sbsec = sb->s_security; | 382 | struct superblock_security_struct *sbsec = sb->s_security; |
| @@ -396,20 +419,7 @@ static int sb_finish_set_opts(struct super_block *sb) | |||
| 396 | labeling_behaviors[sbsec->behavior-1]); | 419 | labeling_behaviors[sbsec->behavior-1]); |
| 397 | 420 | ||
| 398 | sbsec->flags |= SE_SBINITIALIZED; | 421 | sbsec->flags |= SE_SBINITIALIZED; |
| 399 | if (sbsec->behavior == SECURITY_FS_USE_XATTR || | 422 | if (selinux_is_sblabel_mnt(sb)) |
| 400 | sbsec->behavior == SECURITY_FS_USE_TRANS || | ||
| 401 | sbsec->behavior == SECURITY_FS_USE_TASK) | ||
| 402 | sbsec->flags |= SBLABEL_MNT; | ||
| 403 | |||
| 404 | /* Special handling for sysfs. Is genfs but also has setxattr handler*/ | ||
| 405 | if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) | ||
| 406 | sbsec->flags |= SBLABEL_MNT; | ||
| 407 | |||
| 408 | /* | ||
| 409 | * Special handling for rootfs. Is genfs but supports | ||
| 410 | * setting SELinux context on in-core inodes. | ||
| 411 | */ | ||
| 412 | if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) | ||
| 413 | sbsec->flags |= SBLABEL_MNT; | 423 | sbsec->flags |= SBLABEL_MNT; |
| 414 | 424 | ||
| 415 | /* Initialize the root inode. */ | 425 | /* Initialize the root inode. */ |