diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 55 |
1 files changed, 8 insertions, 47 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a03fd74602b4..5c9f25ba1c95 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -126,11 +126,6 @@ __setup("selinux=", selinux_enabled_setup); | |||
| 126 | int selinux_enabled = 1; | 126 | int selinux_enabled = 1; |
| 127 | #endif | 127 | #endif |
| 128 | 128 | ||
| 129 | /* Lists of inode and superblock security structures initialized | ||
| 130 | before the policy was loaded. */ | ||
| 131 | static LIST_HEAD(superblock_security_head); | ||
| 132 | static DEFINE_SPINLOCK(sb_security_lock); | ||
| 133 | |||
| 134 | static struct kmem_cache *sel_inode_cache; | 129 | static struct kmem_cache *sel_inode_cache; |
| 135 | 130 | ||
| 136 | /** | 131 | /** |
| @@ -266,7 +261,6 @@ static int superblock_alloc_security(struct super_block *sb) | |||
| 266 | return -ENOMEM; | 261 | return -ENOMEM; |
| 267 | 262 | ||
| 268 | mutex_init(&sbsec->lock); | 263 | mutex_init(&sbsec->lock); |
| 269 | INIT_LIST_HEAD(&sbsec->list); | ||
| 270 | INIT_LIST_HEAD(&sbsec->isec_head); | 264 | INIT_LIST_HEAD(&sbsec->isec_head); |
| 271 | spin_lock_init(&sbsec->isec_lock); | 265 | spin_lock_init(&sbsec->isec_lock); |
| 272 | sbsec->sb = sb; | 266 | sbsec->sb = sb; |
| @@ -281,12 +275,6 @@ static int superblock_alloc_security(struct super_block *sb) | |||
| 281 | static void superblock_free_security(struct super_block *sb) | 275 | static void superblock_free_security(struct super_block *sb) |
| 282 | { | 276 | { |
| 283 | struct superblock_security_struct *sbsec = sb->s_security; | 277 | struct superblock_security_struct *sbsec = sb->s_security; |
| 284 | |||
| 285 | spin_lock(&sb_security_lock); | ||
| 286 | if (!list_empty(&sbsec->list)) | ||
| 287 | list_del_init(&sbsec->list); | ||
| 288 | spin_unlock(&sb_security_lock); | ||
| 289 | |||
| 290 | sb->s_security = NULL; | 278 | sb->s_security = NULL; |
| 291 | kfree(sbsec); | 279 | kfree(sbsec); |
| 292 | } | 280 | } |
| @@ -612,10 +600,6 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 612 | /* Defer initialization until selinux_complete_init, | 600 | /* Defer initialization until selinux_complete_init, |
| 613 | after the initial policy is loaded and the security | 601 | after the initial policy is loaded and the security |
| 614 | server is ready to handle calls. */ | 602 | server is ready to handle calls. */ |
| 615 | spin_lock(&sb_security_lock); | ||
| 616 | if (list_empty(&sbsec->list)) | ||
| 617 | list_add(&sbsec->list, &superblock_security_head); | ||
| 618 | spin_unlock(&sb_security_lock); | ||
| 619 | goto out; | 603 | goto out; |
| 620 | } | 604 | } |
| 621 | rc = -EINVAL; | 605 | rc = -EINVAL; |
| @@ -806,16 +790,10 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, | |||
| 806 | 790 | ||
| 807 | /* | 791 | /* |
| 808 | * if the parent was able to be mounted it clearly had no special lsm | 792 | * if the parent was able to be mounted it clearly had no special lsm |
| 809 | * mount options. thus we can safely put this sb on the list and deal | 793 | * mount options. thus we can safely deal with this superblock later |
| 810 | * with it later | ||
| 811 | */ | 794 | */ |
| 812 | if (!ss_initialized) { | 795 | if (!ss_initialized) |
| 813 | spin_lock(&sb_security_lock); | ||
| 814 | if (list_empty(&newsbsec->list)) | ||
| 815 | list_add(&newsbsec->list, &superblock_security_head); | ||
| 816 | spin_unlock(&sb_security_lock); | ||
| 817 | return; | 796 | return; |
| 818 | } | ||
| 819 | 797 | ||
| 820 | /* how can we clone if the old one wasn't set up?? */ | 798 | /* how can we clone if the old one wasn't set up?? */ |
| 821 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); | 799 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); |
| @@ -5680,35 +5658,18 @@ static __init int selinux_init(void) | |||
| 5680 | return 0; | 5658 | return 0; |
| 5681 | } | 5659 | } |
| 5682 | 5660 | ||
| 5661 | static void delayed_superblock_init(struct super_block *sb, void *unused) | ||
| 5662 | { | ||
| 5663 | superblock_doinit(sb, NULL); | ||
| 5664 | } | ||
| 5665 | |||
| 5683 | void selinux_complete_init(void) | 5666 | void selinux_complete_init(void) |
| 5684 | { | 5667 | { |
| 5685 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); | 5668 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); |
| 5686 | 5669 | ||
| 5687 | /* Set up any superblocks initialized prior to the policy load. */ | 5670 | /* Set up any superblocks initialized prior to the policy load. */ |
| 5688 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); | 5671 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); |
| 5689 | spin_lock(&sb_lock); | 5672 | iterate_supers(delayed_superblock_init, NULL); |
| 5690 | spin_lock(&sb_security_lock); | ||
| 5691 | next_sb: | ||
| 5692 | if (!list_empty(&superblock_security_head)) { | ||
| 5693 | struct superblock_security_struct *sbsec = | ||
| 5694 | list_entry(superblock_security_head.next, | ||
| 5695 | struct superblock_security_struct, | ||
| 5696 | list); | ||
| 5697 | struct super_block *sb = sbsec->sb; | ||
| 5698 | sb->s_count++; | ||
| 5699 | spin_unlock(&sb_security_lock); | ||
| 5700 | spin_unlock(&sb_lock); | ||
| 5701 | down_read(&sb->s_umount); | ||
| 5702 | if (sb->s_root) | ||
| 5703 | superblock_doinit(sb, NULL); | ||
| 5704 | drop_super(sb); | ||
| 5705 | spin_lock(&sb_lock); | ||
| 5706 | spin_lock(&sb_security_lock); | ||
| 5707 | list_del_init(&sbsec->list); | ||
| 5708 | goto next_sb; | ||
| 5709 | } | ||
| 5710 | spin_unlock(&sb_security_lock); | ||
| 5711 | spin_unlock(&sb_lock); | ||
| 5712 | } | 5673 | } |
| 5713 | 5674 | ||
| 5714 | /* SELinux requires early initialization in order to label | 5675 | /* SELinux requires early initialization in order to label |