summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-10-10 20:27:35 +0200
committerEric Paris <eparis@redhat.com>2013-07-25 19:03:24 +0200
commitb43e725d8d386bf2092473953b525aaae71b6c28 (patch)
treecb370712e9683312529f469df2b15c8c63399375 /security
parentSELinux: pass a superblock to security_fs_use (diff)
downloadlinux-b43e725d8d386bf2092473953b525aaae71b6c28.tar.xz
linux-b43e725d8d386bf2092473953b525aaae71b6c28.zip
SELinux: use a helper function to determine seclabel
Use a helper to determine if a superblock should have the seclabel flag rather than doing it in the function. I'm going to use this in the security server as well. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c38
1 files changed, 24 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ec15a5694b9e..b222e966babe 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -354,6 +354,29 @@ static int may_context_mount_inode_relabel(u32 sid,
return rc;
}
+static int selinux_is_sblabel_mnt(struct super_block *sb)
+{
+ struct superblock_security_struct *sbsec = sb->s_security;
+
+ if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
+ sbsec->behavior == SECURITY_FS_USE_TRANS ||
+ sbsec->behavior == SECURITY_FS_USE_TASK)
+ return 1;
+
+ /* Special handling for sysfs. Is genfs but also has setxattr handler*/
+ if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
+ return 1;
+
+ /*
+ * Special handling for rootfs. Is genfs but supports
+ * setting SELinux context on in-core inodes.
+ */
+ if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
+ return 1;
+
+ return 0;
+}
+
static int sb_finish_set_opts(struct super_block *sb)
{
struct superblock_security_struct *sbsec = sb->s_security;
@@ -396,20 +419,7 @@ static int sb_finish_set_opts(struct super_block *sb)
labeling_behaviors[sbsec->behavior-1]);
sbsec->flags |= SE_SBINITIALIZED;
- if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
- sbsec->behavior == SECURITY_FS_USE_TRANS ||
- sbsec->behavior == SECURITY_FS_USE_TASK)
- sbsec->flags |= SBLABEL_MNT;
-
- /* Special handling for sysfs. Is genfs but also has setxattr handler*/
- if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
- sbsec->flags |= SBLABEL_MNT;
-
- /*
- * Special handling for rootfs. Is genfs but supports
- * setting SELinux context on in-core inodes.
- */
- if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
+ if (selinux_is_sblabel_mnt(sb))
sbsec->flags |= SBLABEL_MNT;
/* Initialize the root inode. */