aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/selinux/hooks.c40
-rw-r--r--security/selinux/ss/services.c42
2 files changed, 22 insertions, 60 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bf0537d78a70..756a6d269c9a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -96,10 +96,6 @@
96#include "audit.h" 96#include "audit.h"
97#include "avc_ss.h" 97#include "avc_ss.h"
98 98
99#define SB_TYPE_FMT "%s%s%s"
100#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0])
101#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : ""
102
103extern struct security_operations *security_ops; 99extern struct security_operations *security_ops;
104 100
105/* SECMARK reference count */ 101/* SECMARK reference count */
@@ -414,8 +410,8 @@ static int sb_finish_set_opts(struct super_block *sb)
414 the first boot of the SELinux kernel before we have 410 the first boot of the SELinux kernel before we have
415 assigned xattr values to the filesystem. */ 411 assigned xattr values to the filesystem. */
416 if (!root_inode->i_op->getxattr) { 412 if (!root_inode->i_op->getxattr) {
417 printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no " 413 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
418 "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb)); 414 "xattr support\n", sb->s_id, sb->s_type->name);
419 rc = -EOPNOTSUPP; 415 rc = -EOPNOTSUPP;
420 goto out; 416 goto out;
421 } 417 }
@@ -423,22 +419,22 @@ static int sb_finish_set_opts(struct super_block *sb)
423 if (rc < 0 && rc != -ENODATA) { 419 if (rc < 0 && rc != -ENODATA) {
424 if (rc == -EOPNOTSUPP) 420 if (rc == -EOPNOTSUPP)
425 printk(KERN_WARNING "SELinux: (dev %s, type " 421 printk(KERN_WARNING "SELinux: (dev %s, type "
426 SB_TYPE_FMT") has no security xattr handler\n", 422 "%s) has no security xattr handler\n",
427 sb->s_id, SB_TYPE_ARGS(sb)); 423 sb->s_id, sb->s_type->name);
428 else 424 else
429 printk(KERN_WARNING "SELinux: (dev %s, type " 425 printk(KERN_WARNING "SELinux: (dev %s, type "
430 SB_TYPE_FMT") getxattr errno %d\n", sb->s_id, 426 "%s) getxattr errno %d\n", sb->s_id,
431 SB_TYPE_ARGS(sb), -rc); 427 sb->s_type->name, -rc);
432 goto out; 428 goto out;
433 } 429 }
434 } 430 }
435 431
436 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) 432 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
437 printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n", 433 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
438 sb->s_id, SB_TYPE_ARGS(sb)); 434 sb->s_id, sb->s_type->name);
439 else 435 else
440 printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n", 436 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
441 sb->s_id, SB_TYPE_ARGS(sb), 437 sb->s_id, sb->s_type->name,
442 labeling_behaviors[sbsec->behavior-1]); 438 labeling_behaviors[sbsec->behavior-1]);
443 439
444 sbsec->flags |= SE_SBINITIALIZED; 440 sbsec->flags |= SE_SBINITIALIZED;
@@ -601,6 +597,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
601 const struct cred *cred = current_cred(); 597 const struct cred *cred = current_cred();
602 int rc = 0, i; 598 int rc = 0, i;
603 struct superblock_security_struct *sbsec = sb->s_security; 599 struct superblock_security_struct *sbsec = sb->s_security;
600 const char *name = sb->s_type->name;
604 struct inode *inode = sbsec->sb->s_root->d_inode; 601 struct inode *inode = sbsec->sb->s_root->d_inode;
605 struct inode_security_struct *root_isec = inode->i_security; 602 struct inode_security_struct *root_isec = inode->i_security;
606 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 603 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
@@ -659,8 +656,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
659 strlen(mount_options[i]), &sid); 656 strlen(mount_options[i]), &sid);
660 if (rc) { 657 if (rc) {
661 printk(KERN_WARNING "SELinux: security_context_to_sid" 658 printk(KERN_WARNING "SELinux: security_context_to_sid"
662 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", 659 "(%s) failed for (dev %s, type %s) errno=%d\n",
663 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); 660 mount_options[i], sb->s_id, name, rc);
664 goto out; 661 goto out;
665 } 662 }
666 switch (flags[i]) { 663 switch (flags[i]) {
@@ -807,8 +804,7 @@ out:
807out_double_mount: 804out_double_mount:
808 rc = -EINVAL; 805 rc = -EINVAL;
809 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " 806 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
810 "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, 807 "security settings for (dev %s, type %s)\n", sb->s_id, name);
811 SB_TYPE_ARGS(sb));
812 goto out; 808 goto out;
813} 809}
814 810
@@ -2481,8 +2477,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
2481 rc = security_context_to_sid(mount_options[i], len, &sid); 2477 rc = security_context_to_sid(mount_options[i], len, &sid);
2482 if (rc) { 2478 if (rc) {
2483 printk(KERN_WARNING "SELinux: security_context_to_sid" 2479 printk(KERN_WARNING "SELinux: security_context_to_sid"
2484 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", 2480 "(%s) failed for (dev %s, type %s) errno=%d\n",
2485 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); 2481 mount_options[i], sb->s_id, sb->s_type->name, rc);
2486 goto out_free_opts; 2482 goto out_free_opts;
2487 } 2483 }
2488 rc = -EINVAL; 2484 rc = -EINVAL;
@@ -2520,8 +2516,8 @@ out_free_secdata:
2520 return rc; 2516 return rc;
2521out_bad_option: 2517out_bad_option:
2522 printk(KERN_WARNING "SELinux: unable to change security options " 2518 printk(KERN_WARNING "SELinux: unable to change security options "
2523 "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, 2519 "during remount (dev %s, type=%s)\n", sb->s_id,
2524 SB_TYPE_ARGS(sb)); 2520 sb->s_type->name);
2525 goto out_free_opts; 2521 goto out_free_opts;
2526} 2522}
2527 2523
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 6db5546717eb..fc5a63a05a1c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2344,50 +2344,16 @@ int security_fs_use(struct super_block *sb)
2344 struct ocontext *c; 2344 struct ocontext *c;
2345 struct superblock_security_struct *sbsec = sb->s_security; 2345 struct superblock_security_struct *sbsec = sb->s_security;
2346 const char *fstype = sb->s_type->name; 2346 const char *fstype = sb->s_type->name;
2347 const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL;
2348 struct ocontext *base = NULL;
2349 2347
2350 read_lock(&policy_rwlock); 2348 read_lock(&policy_rwlock);
2351 2349
2352 for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) { 2350 c = policydb.ocontexts[OCON_FSUSE];
2353 char *sub; 2351 while (c) {
2354 int baselen; 2352 if (strcmp(fstype, c->u.name) == 0)
2355
2356 baselen = strlen(fstype);
2357
2358 /* if base does not match, this is not the one */
2359 if (strncmp(fstype, c->u.name, baselen))
2360 continue;
2361
2362 /* if there is no subtype, this is the one! */
2363 if (!subtype)
2364 break;
2365
2366 /* skip past the base in this entry */
2367 sub = c->u.name + baselen;
2368
2369 /* entry is only a base. save it. keep looking for subtype */
2370 if (sub[0] == '\0') {
2371 base = c;
2372 continue;
2373 }
2374
2375 /* entry is not followed by a subtype, so it is not a match */
2376 if (sub[0] != '.')
2377 continue;
2378
2379 /* whew, we found a subtype of this fstype */
2380 sub++; /* move past '.' */
2381
2382 /* exact match of fstype AND subtype */
2383 if (!strcmp(subtype, sub))
2384 break; 2353 break;
2354 c = c->next;
2385 } 2355 }
2386 2356
2387 /* in case we had found an fstype match but no subtype match */
2388 if (!c)
2389 c = base;
2390
2391 if (c) { 2357 if (c) {
2392 sbsec->behavior = c->v.behavior; 2358 sbsec->behavior = c->v.behavior;
2393 if (!c->sid[0]) { 2359 if (!c->sid[0]) {
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-03 02:42:50 -0500