summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2018-12-14 23:42:21 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2018-12-21 11:50:02 -0500
commit757cbe597fe8490c7c0a9650ebe5d60195f151d4 (patch)
tree3603e26c54988aa08e45592f7955439974239e54 /security
parent99dbbb593fe6b39153c15ea9b9c63ea911864cf2 (diff)
LSM: new method: ->sb_add_mnt_opt()
Adding options to growing mnt_opts. NFS kludge with passing context= down into non-text-options mount switched to it, and with that the last use of ->sb_parse_opts_str() is gone. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/security.c8
-rw-r--r--security/selinux/hooks.c45
-rw-r--r--security/smack/smack_lsm.c1
3 files changed, 24 insertions, 30 deletions
diff --git a/security/security.c b/security/security.c
index b7a5a0051807..c251278b0297 100644
--- a/security/security.c
+++ b/security/security.c
@@ -458,11 +458,13 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
}
EXPORT_SYMBOL(security_sb_clone_mnt_opts);
-int security_sb_parse_opts_str(char *options, void **mnt_opts)
+int security_add_mnt_opt(const char *option, const char *val, int len,
+ void **mnt_opts)
{
- return call_int_hook(sb_parse_opts_str, 0, options, mnt_opts);
+ return call_int_hook(sb_add_mnt_opt, -EINVAL,
+ option, val, len, mnt_opts);
}
-EXPORT_SYMBOL(security_sb_parse_opts_str);
+EXPORT_SYMBOL(security_add_mnt_opt);
int security_inode_alloc(struct inode *inode)
{
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5336d6671c5c..5bc230327bc0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1049,40 +1049,33 @@ Einval:
return -EINVAL;
}
-static int selinux_parse_opts_str(char *options,
- void **mnt_opts)
+static int selinux_add_mnt_opt(const char *option, const char *val, int len,
+ void **mnt_opts)
{
- char *p = options, *next;
- int rc;
-
- /* Standard string-based options. */
- for (p = options; *p; p = next) {
- int token, len;
- char *arg = NULL;
+ int token = Opt_error;
+ int rc, i;
- next = strchr(p, '|');
- if (next) {
- len = next++ - p;
- } else {
- len = strlen(p);
- next = p + len;
+ for (i = 0; i < ARRAY_SIZE(tokens); i++) {
+ if (strcmp(option, tokens[i].name) == 0) {
+ token = tokens[i].opt;
+ break;
}
+ }
- if (!len)
- continue;
+ if (token == Opt_error)
+ return -EINVAL;
- token = match_opt_prefix(p, len, &arg);
- if (arg)
- arg = kmemdup_nul(arg, p + len - arg, GFP_KERNEL);
- rc = selinux_add_opt(token, arg, mnt_opts);
- if (rc) {
- kfree(arg);
+ if (token != Opt_seclabel)
+ val = kmemdup_nul(val, len, GFP_KERNEL);
+ rc = selinux_add_opt(token, val, mnt_opts);
+ if (unlikely(rc)) {
+ kfree(val);
+ if (*mnt_opts) {
selinux_free_mnt_opts(*mnt_opts);
*mnt_opts = NULL;
- return rc;
}
}
- return 0;
+ return rc;
}
static int show_sid(struct seq_file *m, u32 sid)
@@ -6726,7 +6719,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(sb_umount, selinux_umount),
LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
- LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
+ LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 99aec9f42be3..b607b1151e30 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4629,7 +4629,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
- LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),