From 6be8750b4cba8c37170f46b29841d112f1be749b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 1 Dec 2018 22:42:44 -0500 Subject: LSM: lift parsing LSM options into the caller of ->sb_kern_mount() This paves the way for retaining the LSM options from a common filesystem mount context during a mount parameter parsing phase to be instituted prior to actual mount/reconfiguration actions. Reviewed-by: David Howells Signed-off-by: Al Viro --- security/security.c | 5 +++-- security/selinux/hooks.c | 24 +++--------------------- security/smack/smack_lsm.c | 23 +++-------------------- 3 files changed, 9 insertions(+), 43 deletions(-) (limited to 'security') diff --git a/security/security.c b/security/security.c index 04d173eb93f6..b5fc8e1e849c 100644 --- a/security/security.c +++ b/security/security.c @@ -395,9 +395,10 @@ int security_sb_remount(struct super_block *sb, void *data) return call_int_hook(sb_remount, 0, sb, data); } -int security_sb_kern_mount(struct super_block *sb, int flags, void *data) +int security_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - return call_int_hook(sb_kern_mount, 0, sb, flags, data); + return call_int_hook(sb_kern_mount, 0, sb, flags, opts); } int security_sb_show_options(struct seq_file *m, struct super_block *sb) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4bd6f9435e2f..ba229d4a64d3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2897,30 +2897,12 @@ out_bad_option: goto out_free_opts; } -static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) +static int selinux_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - char *options = data; const struct cred *cred = current_cred(); struct common_audit_data ad; - int rc = 0; - struct security_mnt_opts opts; - - security_init_mnt_opts(&opts); - - if (!data) - goto out; - - BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); - - rc = selinux_parse_opts_str(options, &opts); - if (rc) - goto out_err; - -out: - rc = selinux_set_mnt_opts(sb, &opts, 0, NULL); - -out_err: - security_free_mnt_opts(&opts); + int rc = selinux_set_mnt_opts(sb, opts, 0, NULL); if (rc) return rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 73e41797960e..1d465ae3d11c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -859,27 +859,10 @@ static int smack_set_mnt_opts(struct super_block *sb, * * Returns 0 on success, an error code on failure */ -static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) +static int smack_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - int rc = 0; - char *options = data; - struct security_mnt_opts opts; - - security_init_mnt_opts(&opts); - - if (!options) - goto out; - - rc = smack_parse_opts_str(options, &opts); - if (rc) - goto out_err; - -out: - rc = smack_set_mnt_opts(sb, &opts, 0, NULL); - -out_err: - security_free_mnt_opts(&opts); - return rc; + return smack_set_mnt_opts(sb, opts, 0, NULL); } /** -- cgit v1.2.3