mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-20 21:04:40 +08:00
SELinux: pass a superblock to security_fs_use
Rather than passing pointers to memory locations, strings, and other stuff just give up on the separation and give security_fs_use the superblock. It just makes the code easier to read (even if not easier to reuse on some other OS) Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
308ab70c46
commit
a64c54cf08
@ -677,7 +677,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
|
||||
sbsec->flags |= SE_SBPROC;
|
||||
|
||||
/* Determine the labeling behavior to use for this filesystem type. */
|
||||
rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
|
||||
rc = security_fs_use(sb);
|
||||
if (rc) {
|
||||
printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
|
||||
__func__, sb->s_type->name, rc);
|
||||
|
@ -171,8 +171,7 @@ int security_get_allow_unknown(void);
|
||||
#define SECURITY_FS_USE_NONE 5 /* no labeling support */
|
||||
#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
|
||||
|
||||
int security_fs_use(const char *fstype, short unsigned int *behavior,
|
||||
u32 *sid);
|
||||
int security_fs_use(struct super_block *sb);
|
||||
|
||||
int security_genfs_sid(const char *fstype, char *name, u16 sclass,
|
||||
u32 *sid);
|
||||
|
@ -2323,17 +2323,14 @@ out:
|
||||
|
||||
/**
|
||||
* security_fs_use - Determine how to handle labeling for a filesystem.
|
||||
* @fstype: filesystem type
|
||||
* @behavior: labeling behavior
|
||||
* @sid: SID for filesystem (superblock)
|
||||
* @sb: superblock in question
|
||||
*/
|
||||
int security_fs_use(
|
||||
const char *fstype,
|
||||
short unsigned int *behavior,
|
||||
u32 *sid)
|
||||
int security_fs_use(struct super_block *sb)
|
||||
{
|
||||
int rc = 0;
|
||||
struct ocontext *c;
|
||||
struct superblock_security_struct *sbsec = sb->s_security;
|
||||
const char *fstype = sb->s_type->name;
|
||||
|
||||
read_lock(&policy_rwlock);
|
||||
|
||||
@ -2345,21 +2342,21 @@ int security_fs_use(
|
||||
}
|
||||
|
||||
if (c) {
|
||||
*behavior = c->v.behavior;
|
||||
sbsec->behavior = c->v.behavior;
|
||||
if (!c->sid[0]) {
|
||||
rc = sidtab_context_to_sid(&sidtab, &c->context[0],
|
||||
&c->sid[0]);
|
||||
if (rc)
|
||||
goto out;
|
||||
}
|
||||
*sid = c->sid[0];
|
||||
sbsec->sid = c->sid[0];
|
||||
} else {
|
||||
rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
|
||||
rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, &sbsec->sid);
|
||||
if (rc) {
|
||||
*behavior = SECURITY_FS_USE_NONE;
|
||||
sbsec->behavior = SECURITY_FS_USE_NONE;
|
||||
rc = 0;
|
||||
} else {
|
||||
*behavior = SECURITY_FS_USE_GENFS;
|
||||
sbsec->behavior = SECURITY_FS_USE_GENFS;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user