if (data->context[0]){
#ifdef CONFIG_SECURITY_SELINUX
int rc;
- char *opts_str = kmalloc(sizeof(data->context) + 8, GFP_KERNEL);
- if (!opts_str)
- return -ENOMEM;
- strcpy(opts_str, "context=");
data->context[NFS_MAX_CONTEXT_LEN] = '\0';
- strcat(opts_str, &data->context[0]);
- rc = security_sb_parse_opts_str(opts_str, &args->lsm_opts);
- kfree(opts_str);
+ rc = security_add_mnt_opt("context", data->context,
+ strlen(data->context), &args->lsm_opts);
if (rc)
return rc;
#else
struct super_block *newsb,
unsigned long kern_flags,
unsigned long *set_kern_flags);
- int (*sb_parse_opts_str)(char *options, void **mnt_opts);
+ int (*sb_add_mnt_opt)(const char *option, const char *val, int len,
+ void **mnt_opts);
int (*dentry_init_security)(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen);
struct hlist_head sb_pivotroot;
struct hlist_head sb_set_mnt_opts;
struct hlist_head sb_clone_mnt_opts;
- struct hlist_head sb_parse_opts_str;
+ struct hlist_head sb_add_mnt_opt;
struct hlist_head dentry_init_security;
struct hlist_head dentry_create_files_as;
#ifdef CONFIG_SECURITY_PATH
struct super_block *newsb,
unsigned long kern_flags,
unsigned long *set_kern_flags);
-int security_sb_parse_opts_str(char *options, void **mnt_opts);
+int security_add_mnt_opt(const char *option, const char *val,
+ int len, void **mnt_opts);
int security_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen);
return 0;
}
-static inline int security_sb_parse_opts_str(char *options, void **mnt_opts)
+static inline int security_add_mnt_opt(const char *option, const char *val,
+ int len, void **mnt_opts)
{
return 0;
}
}
EXPORT_SYMBOL(security_sb_clone_mnt_opts);
-int security_sb_parse_opts_str(char *options, void **mnt_opts)
+int security_add_mnt_opt(const char *option, const char *val, int len,
+ void **mnt_opts)
{
- return call_int_hook(sb_parse_opts_str, 0, options, mnt_opts);
+ return call_int_hook(sb_add_mnt_opt, -EINVAL,
+ option, val, len, mnt_opts);
}
-EXPORT_SYMBOL(security_sb_parse_opts_str);
+EXPORT_SYMBOL(security_add_mnt_opt);
int security_inode_alloc(struct inode *inode)
{
return -EINVAL;
}
-static int selinux_parse_opts_str(char *options,
- void **mnt_opts)
+static int selinux_add_mnt_opt(const char *option, const char *val, int len,
+ void **mnt_opts)
{
- char *p = options, *next;
- int rc;
-
- /* Standard string-based options. */
- for (p = options; *p; p = next) {
- int token, len;
- char *arg = NULL;
+ int token = Opt_error;
+ int rc, i;
- next = strchr(p, '|');
- if (next) {
- len = next++ - p;
- } else {
- len = strlen(p);
- next = p + len;
+ for (i = 0; i < ARRAY_SIZE(tokens); i++) {
+ if (strcmp(option, tokens[i].name) == 0) {
+ token = tokens[i].opt;
+ break;
}
+ }
- if (!len)
- continue;
+ if (token == Opt_error)
+ return -EINVAL;
- token = match_opt_prefix(p, len, &arg);
- if (arg)
- arg = kmemdup_nul(arg, p + len - arg, GFP_KERNEL);
- rc = selinux_add_opt(token, arg, mnt_opts);
- if (rc) {
- kfree(arg);
+ if (token != Opt_seclabel)
+ val = kmemdup_nul(val, len, GFP_KERNEL);
+ rc = selinux_add_opt(token, val, mnt_opts);
+ if (unlikely(rc)) {
+ kfree(val);
+ if (*mnt_opts) {
selinux_free_mnt_opts(*mnt_opts);
*mnt_opts = NULL;
- return rc;
}
}
- return 0;
+ return rc;
}
static int show_sid(struct seq_file *m, u32 sid)
LSM_HOOK_INIT(sb_umount, selinux_umount),
LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
- LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
+ LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
- LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
git.samba.org / sfrench / cifs-2.6.git / commitdiff