hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (746df9b5..)new (649f6e77..)

hooks.c (746df9b59c8a5f162c907796c7295d3c4c0d8995)	hooks.c (649f6e7718891fe7691e5084ce3fa623acba3129)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 538 unchanged lines hidden (view full) --- 547 return 0; 548} 549 550/* 551 * Allow filesystems with binary mount data to explicitly set mount point 552 * labeling information. 553 / 554static int selinux_set_mnt_opts(struct super_block sb,	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 538 unchanged lines hidden (view full) --- 547 return 0; 548} 549 550/* 551 * Allow filesystems with binary mount data to explicitly set mount point 552 * labeling information. 553 / 554static int selinux_set_mnt_opts(struct super_block sb,
555 struct security_mnt_opts *opts)	555 struct security_mnt_opts opts, 556 unsigned long kern_flags, 557 unsigned long set_kern_flags)
556{ 557 const struct cred cred = current_cred(); 558 int rc = 0, i; 559 struct superblock_security_struct sbsec = sb->s_security; 560 const char name = sb->s_type->name; 561 struct inode inode = sbsec->sb->s_root->d_inode; 562 struct inode_security_struct root_isec = inode->i_security; 563 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; --- 11 unchanged lines hidden* (view full) --- 575 server is ready to handle calls. */ 576 goto out; 577 } 578 rc = -EINVAL; 579 printk(KERN_WARNING "SELinux: Unable to set superblock options " 580 "before the security server is initialized\n"); 581 goto out; 582 }	558{ 559 const struct cred cred = current_cred(); 560 int rc = 0, i; 561 struct superblock_security_struct sbsec = sb->s_security; 562 const char name = sb->s_type->name; 563 struct inode inode = sbsec->sb->s_root->d_inode; 564 struct inode_security_struct root_isec = inode->i_security; 565 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; --- 11 unchanged lines hidden* (view full) --- 577 server is ready to handle calls. */ 578 goto out; 579 } 580 rc = -EINVAL; 581 printk(KERN_WARNING "SELinux: Unable to set superblock options " 582 "before the security server is initialized\n"); 583 goto out; 584 }
	585 if (kern_flags && !set_kern_flags) { 586 /* Specifying internal flags without providing a place to 587 * place the results is not allowed */ 588 rc = -EINVAL; 589 goto out; 590 }
583 584 /* 585 * Binary mount data FS will come through this function twice. Once 586 * from an explicit call and once from the generic calls from the vfs. 587 * Since the generic VFS calls will not contain any security mount data 588 * we need to skip the double mount verification. 589 * 590 * This does open a hole in which we will not notice if the first --- 384 unchanged lines hidden (view full) --- 975 976 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); 977 978 rc = selinux_parse_opts_str(options, &opts); 979 if (rc) 980 goto out_err; 981 982out:	591 592 /* 593 * Binary mount data FS will come through this function twice. Once 594 * from an explicit call and once from the generic calls from the vfs. 595 * Since the generic VFS calls will not contain any security mount data 596 * we need to skip the double mount verification. 597 * 598 * This does open a hole in which we will not notice if the first --- 384 unchanged lines hidden (view full) --- 983 984 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); 985 986 rc = selinux_parse_opts_str(options, &opts); 987 if (rc) 988 goto out_err; 989 990out:
983 rc = selinux_set_mnt_opts(sb, &opts);	991 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
984 985out_err: 986 security_free_mnt_opts(&opts); 987 return rc; 988} 989 990static void selinux_write_opts(struct seq_file m, 991 struct security_mnt_opts opts) --- 4962 unchanged lines hidden ---	992 993out_err: 994 security_free_mnt_opts(&opts); 995 return rc; 996} 997 998static void selinux_write_opts(struct seq_file m, 999 struct security_mnt_opts opts) --- 4962 unchanged lines hidden ---