From 757cbe597fe8490c7c0a9650ebe5d60195f151d4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 14 Dec 2018 23:42:21 -0500 Subject: LSM: new method: ->sb_add_mnt_opt() Adding options to growing mnt_opts. NFS kludge with passing context= down into non-text-options mount switched to it, and with that the last use of ->sb_parse_opts_str() is gone. Reviewed-by: David Howells Signed-off-by: Al Viro --- security/security.c | 8 +++++--- security/selinux/hooks.c | 45 +++++++++++++++++++-------------------------- security/smack/smack_lsm.c | 1 - 3 files changed, 24 insertions(+), 30 deletions(-) (limited to 'security') diff --git a/security/security.c b/security/security.c index b7a5a0051807..c251278b0297 100644 --- a/security/security.c +++ b/security/security.c @@ -458,11 +458,13 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, } EXPORT_SYMBOL(security_sb_clone_mnt_opts); -int security_sb_parse_opts_str(char *options, void **mnt_opts) +int security_add_mnt_opt(const char *option, const char *val, int len, + void **mnt_opts) { - return call_int_hook(sb_parse_opts_str, 0, options, mnt_opts); + return call_int_hook(sb_add_mnt_opt, -EINVAL, + option, val, len, mnt_opts); } -EXPORT_SYMBOL(security_sb_parse_opts_str); +EXPORT_SYMBOL(security_add_mnt_opt); int security_inode_alloc(struct inode *inode) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5336d6671c5c..5bc230327bc0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1049,40 +1049,33 @@ Einval: return -EINVAL; } -static int selinux_parse_opts_str(char *options, - void **mnt_opts) +static int selinux_add_mnt_opt(const char *option, const char *val, int len, + void **mnt_opts) { - char *p = options, *next; - int rc; - - /* Standard string-based options. */ - for (p = options; *p; p = next) { - int token, len; - char *arg = NULL; + int token = Opt_error; + int rc, i; - next = strchr(p, '|'); - if (next) { - len = next++ - p; - } else { - len = strlen(p); - next = p + len; + for (i = 0; i < ARRAY_SIZE(tokens); i++) { + if (strcmp(option, tokens[i].name) == 0) { + token = tokens[i].opt; + break; } + } - if (!len) - continue; + if (token == Opt_error) + return -EINVAL; - token = match_opt_prefix(p, len, &arg); - if (arg) - arg = kmemdup_nul(arg, p + len - arg, GFP_KERNEL); - rc = selinux_add_opt(token, arg, mnt_opts); - if (rc) { - kfree(arg); + if (token != Opt_seclabel) + val = kmemdup_nul(val, len, GFP_KERNEL); + rc = selinux_add_opt(token, val, mnt_opts); + if (unlikely(rc)) { + kfree(val); + if (*mnt_opts) { selinux_free_mnt_opts(*mnt_opts); *mnt_opts = NULL; - return rc; } } - return 0; + return rc; } static int show_sid(struct seq_file *m, u32 sid) @@ -6726,7 +6719,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_umount, selinux_umount), LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts), LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts), - LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str), + LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt), LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security), LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 99aec9f42be3..b607b1151e30 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4629,7 +4629,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), - LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), -- cgit v1.2.3