From: James Morris <jmorris@redhat.com>
selinux is currently inspecting the filesystem name ("nfs" vs "coda" vs
watever) to work out whether it needs to hanbdle binary mount data.
Eliminate all that by adding a flag to file_system_type.fs_flags.
---
25-akpm/fs/afs/super.c | 1 +
25-akpm/fs/coda/inode.c | 1 +
25-akpm/fs/nfs/inode.c | 4 ++--
25-akpm/fs/smbfs/inode.c | 1 +
25-akpm/fs/super.c | 2 +-
25-akpm/include/linux/fs.h | 1 +
25-akpm/include/linux/security.h | 13 ++++++++-----
25-akpm/security/dummy.c | 3 ++-
25-akpm/security/selinux/hooks.c | 32 +++++++++++++++-----------------
9 files changed, 32 insertions(+), 26 deletions(-)
diff -puN fs/afs/super.c~selinux-cleanup-binary-mount-data fs/afs/super.c
--- 25/fs/afs/super.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/fs/afs/super.c Wed Mar 10 15:46:47 2004
@@ -53,6 +53,7 @@ static struct file_system_type afs_fs_ty
.name = "afs",
.get_sb = afs_get_sb,
.kill_sb = kill_anon_super,
+ .fs_flags = FS_BINARY_MOUNTDATA,
};
static struct super_operations afs_super_ops = {
diff -puN fs/coda/inode.c~selinux-cleanup-binary-mount-data fs/coda/inode.c
--- 25/fs/coda/inode.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/fs/coda/inode.c Wed Mar 10 15:46:47 2004
@@ -309,5 +309,6 @@ struct file_system_type coda_fs_type = {
.name = "coda",
.get_sb = coda_get_sb,
.kill_sb = kill_anon_super,
+ .fs_flags = FS_BINARY_MOUNTDATA,
};
diff -puN fs/nfs/inode.c~selinux-cleanup-binary-mount-data fs/nfs/inode.c
--- 25/fs/nfs/inode.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/fs/nfs/inode.c Wed Mar 10 15:46:47 2004
@@ -1365,7 +1365,7 @@ static struct file_system_type nfs_fs_ty
.name = "nfs",
.get_sb = nfs_get_sb,
.kill_sb = nfs_kill_super,
- .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT,
+ .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT|FS_BINARY_MOUNTDATA,
};
#ifdef CONFIG_NFS_V4
@@ -1684,7 +1684,7 @@ static struct file_system_type nfs4_fs_t
.name = "nfs4",
.get_sb = nfs4_get_sb,
.kill_sb = nfs_kill_super,
- .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT,
+ .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT|FS_BINARY_MOUNTDATA,
};
#define nfs4_zero_state(nfsi) \
diff -puN fs/smbfs/inode.c~selinux-cleanup-binary-mount-data fs/smbfs/inode.c
--- 25/fs/smbfs/inode.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/fs/smbfs/inode.c Wed Mar 10 15:46:47 2004
@@ -779,6 +779,7 @@ static struct file_system_type smb_fs_ty
.name = "smbfs",
.get_sb = smb_get_sb,
.kill_sb = kill_anon_super,
+ .fs_flags = FS_BINARY_MOUNTDATA,
};
static int __init init_smb_fs(void)
diff -puN fs/super.c~selinux-cleanup-binary-mount-data fs/super.c
--- 25/fs/super.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/fs/super.c Wed Mar 10 15:46:47 2004
@@ -746,7 +746,7 @@ do_kern_mount(const char *fstype, int fl
goto out_mnt;
}
- error = security_sb_copy_data(fstype, data, secdata);
+ error = security_sb_copy_data(type, data, secdata);
if (error) {
sb = ERR_PTR(error);
goto out_free_secdata;
diff -puN include/linux/fs.h~selinux-cleanup-binary-mount-data include/linux/fs.h
--- 25/include/linux/fs.h~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/include/linux/fs.h Wed Mar 10 15:46:47 2004
@@ -89,6 +89,7 @@ extern int leases_enable, dir_notify_ena
/* public flags for file_system_type */
#define FS_REQUIRES_DEV 1
+#define FS_BINARY_MOUNTDATA 2
#define FS_REVAL_DOT 16384 /* Check the paths ".", ".." for staleness */
#define FS_ODD_RENAME 32768 /* Temporary stuff; will go away as soon
* as nfs_rename() will be cleaned up
diff -puN include/linux/security.h~selinux-cleanup-binary-mount-data include/linux/security.h
--- 25/include/linux/security.h~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/include/linux/security.h Wed Mar 10 15:46:47 2004
@@ -177,7 +177,7 @@ struct swap_info_struct;
* options cleanly (a filesystem may modify the data e.g. with strsep()).
* This also allows the original mount data to be stripped of security-
* specific options to avoid having to make filesystems aware of them.
- * @fstype the type of filesystem being mounted.
+ * @type the type of filesystem being mounted.
* @orig the original mount data copied from userspace.
* @copy copied data which will be passed to the security module.
* Returns 0 if the copy was successful.
@@ -1033,7 +1033,8 @@ struct security_operations {
int (*sb_alloc_security) (struct super_block * sb);
void (*sb_free_security) (struct super_block * sb);
- int (*sb_copy_data)(const char *fstype, void *orig, void *copy);
+ int (*sb_copy_data)(struct file_system_type *type,
+ void *orig, void *copy);
int (*sb_kern_mount) (struct super_block *sb, void *data);
int (*sb_statfs) (struct super_block * sb);
int (*sb_mount) (char *dev_name, struct nameidata * nd,
@@ -1318,9 +1319,10 @@ static inline void security_sb_free (str
security_ops->sb_free_security (sb);
}
-static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy)
+static inline int security_sb_copy_data (struct file_system_type *type,
+ void *orig, void *copy)
{
- return security_ops->sb_copy_data (fstype, orig, copy);
+ return security_ops->sb_copy_data (type, orig, copy);
}
static inline int security_sb_kern_mount (struct super_block *sb, void *data)
@@ -1988,7 +1990,8 @@ static inline int security_sb_alloc (str
static inline void security_sb_free (struct super_block *sb)
{ }
-static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy)
+static inline int security_sb_copy_data (struct file_system_type *type,
+ void *orig, void *copy)
{
return 0;
}
diff -puN security/dummy.c~selinux-cleanup-binary-mount-data security/dummy.c
--- 25/security/dummy.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/security/dummy.c Wed Mar 10 15:46:47 2004
@@ -194,7 +194,8 @@ static void dummy_sb_free_security (stru
return;
}
-static int dummy_sb_copy_data (const char *fstype, void *orig, void *copy)
+static int dummy_sb_copy_data (struct file_system_type *type,
+ void *orig, void *copy)
{
return 0;
}
diff -puN security/selinux/hooks.c~selinux-cleanup-binary-mount-data security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-cleanup-binary-mount-data Wed Mar 10 15:46:47 2004
+++ 25-akpm/security/selinux/hooks.c Wed Mar 10 15:46:47 2004
@@ -331,25 +331,24 @@ static int try_context_mount(struct supe
name = sb->s_type->name;
- /* Ignore these fileystems with binary mount option data. */
- if (!strcmp(name, "coda") ||
- !strcmp(name, "afs") || !strcmp(name, "smbfs"))
- goto out;
+ if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
- /* NFS we understand. */
- if (!strcmp(name, "nfs")) {
- struct nfs_mount_data *d = data;
+ /* NFS we understand. */
+ if (!strcmp(name, "nfs")) {
+ struct nfs_mount_data *d = data;
- if (d->version < NFS_MOUNT_VERSION)
- goto out;
+ if (d->version < NFS_MOUNT_VERSION)
+ goto out;
- if (d->context[0]) {
- context = d->context;
- seen |= Opt_context;
- }
+ if (d->context[0]) {
+ context = d->context;
+ seen |= Opt_context;
+ }
+ } else
+ goto out;
- /* Standard string-based options. */
} else {
+ /* Standard string-based options. */
char *p, *options = data;
while ((p = strsep(&options, ",")) != NULL) {
@@ -1886,7 +1885,7 @@ static inline void take_option(char **to
*to += len;
}
-static int selinux_sb_copy_data(const char *fstype, void *orig, void *copy)
+static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
{
int fnosec, fsec, rc = 0;
char *in_save, *in_curr, *in_end;
@@ -1896,8 +1895,7 @@ static int selinux_sb_copy_data(const ch
sec_curr = copy;
/* Binary mount data: just copy */
- if (!strcmp(fstype, "nfs") || !strcmp(fstype, "coda") ||
- !strcmp(fstype, "smbfs") || !strcmp(fstype, "afs")) {
+ if (type->fs_flags & FS_BINARY_MOUNTDATA) {
copy_page(sec_curr, in_curr);
goto out;
}
_