From: James Morris selinux is currently inspecting the filesystem name ("nfs" vs "coda" vs watever) to work out whether it needs to hanbdle binary mount data. Eliminate all that by adding a flag to file_system_type.fs_flags. --- fs/afs/super.c | 1 + fs/coda/inode.c | 1 + fs/nfs/inode.c | 4 ++-- fs/smbfs/inode.c | 1 + fs/super.c | 2 +- include/linux/fs.h | 1 + include/linux/security.h | 13 ++++++++----- security/dummy.c | 3 ++- security/selinux/hooks.c | 34 ++++++++++++++++------------------ 9 files changed, 33 insertions(+), 27 deletions(-) diff -puN fs/afs/super.c~selinux-cleanup-binary-mount-data fs/afs/super.c --- 25/fs/afs/super.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/fs/afs/super.c 2004-02-29 20:18:06.000000000 -0800 @@ -53,6 +53,7 @@ static struct file_system_type afs_fs_ty .name = "afs", .get_sb = afs_get_sb, .kill_sb = kill_anon_super, + .fs_flags = FS_BINARY_MOUNTDATA, }; static struct super_operations afs_super_ops = { diff -puN fs/coda/inode.c~selinux-cleanup-binary-mount-data fs/coda/inode.c --- 25/fs/coda/inode.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/fs/coda/inode.c 2004-02-29 20:18:06.000000000 -0800 @@ -307,5 +307,6 @@ struct file_system_type coda_fs_type = { .name = "coda", .get_sb = coda_get_sb, .kill_sb = kill_anon_super, + .fs_flags = FS_BINARY_MOUNTDATA, }; diff -puN fs/nfs/inode.c~selinux-cleanup-binary-mount-data fs/nfs/inode.c --- 25/fs/nfs/inode.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/fs/nfs/inode.c 2004-02-29 20:18:06.000000000 -0800 @@ -1365,7 +1365,7 @@ static struct file_system_type nfs_fs_ty .name = "nfs", .get_sb = nfs_get_sb, .kill_sb = nfs_kill_super, - .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT, + .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT|FS_BINARY_MOUNTDATA, }; #ifdef CONFIG_NFS_V4 @@ -1684,7 +1684,7 @@ static struct file_system_type nfs4_fs_t .name = "nfs4", .get_sb = nfs4_get_sb, .kill_sb = nfs_kill_super, - .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT, + .fs_flags = FS_ODD_RENAME|FS_REVAL_DOT|FS_BINARY_MOUNTDATA, }; #define nfs4_zero_state(nfsi) \ diff -puN fs/smbfs/inode.c~selinux-cleanup-binary-mount-data fs/smbfs/inode.c --- 25/fs/smbfs/inode.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/fs/smbfs/inode.c 2004-02-29 20:18:06.000000000 -0800 @@ -779,6 +779,7 @@ static struct file_system_type smb_fs_ty .name = "smbfs", .get_sb = smb_get_sb, .kill_sb = kill_anon_super, + .fs_flags = FS_BINARY_MOUNTDATA, }; static int __init init_smb_fs(void) diff -puN fs/super.c~selinux-cleanup-binary-mount-data fs/super.c --- 25/fs/super.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/fs/super.c 2004-02-29 20:18:06.000000000 -0800 @@ -746,7 +746,7 @@ do_kern_mount(const char *fstype, int fl goto out_mnt; } - error = security_sb_copy_data(fstype, data, secdata); + error = security_sb_copy_data(type, data, secdata); if (error) { sb = ERR_PTR(error); goto out_free_secdata; diff -puN include/linux/fs.h~selinux-cleanup-binary-mount-data include/linux/fs.h --- 25/include/linux/fs.h~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/include/linux/fs.h 2004-02-29 20:18:06.000000000 -0800 @@ -89,6 +89,7 @@ extern int leases_enable, dir_notify_ena /* public flags for file_system_type */ #define FS_REQUIRES_DEV 1 +#define FS_BINARY_MOUNTDATA 2 #define FS_REVAL_DOT 16384 /* Check the paths ".", ".." for staleness */ #define FS_ODD_RENAME 32768 /* Temporary stuff; will go away as soon * as nfs_rename() will be cleaned up diff -puN include/linux/security.h~selinux-cleanup-binary-mount-data include/linux/security.h --- 25/include/linux/security.h~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/include/linux/security.h 2004-02-29 20:18:06.000000000 -0800 @@ -177,7 +177,7 @@ struct swap_info_struct; * options cleanly (a filesystem may modify the data e.g. with strsep()). * This also allows the original mount data to be stripped of security- * specific options to avoid having to make filesystems aware of them. - * @fstype the type of filesystem being mounted. + * @type the type of filesystem being mounted. * @orig the original mount data copied from userspace. * @copy copied data which will be passed to the security module. * Returns 0 if the copy was successful. @@ -1033,7 +1033,8 @@ struct security_operations { int (*sb_alloc_security) (struct super_block * sb); void (*sb_free_security) (struct super_block * sb); - int (*sb_copy_data)(const char *fstype, void *orig, void *copy); + int (*sb_copy_data)(struct file_system_type *type, + void *orig, void *copy); int (*sb_kern_mount) (struct super_block *sb, void *data); int (*sb_statfs) (struct super_block * sb); int (*sb_mount) (char *dev_name, struct nameidata * nd, @@ -1318,9 +1319,10 @@ static inline void security_sb_free (str security_ops->sb_free_security (sb); } -static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy) +static inline int security_sb_copy_data (struct file_system_type *type, + void *orig, void *copy) { - return security_ops->sb_copy_data (fstype, orig, copy); + return security_ops->sb_copy_data (type, orig, copy); } static inline int security_sb_kern_mount (struct super_block *sb, void *data) @@ -1988,7 +1990,8 @@ static inline int security_sb_alloc (str static inline void security_sb_free (struct super_block *sb) { } -static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy) +static inline int security_sb_copy_data (struct file_system_type *type, + void *orig, void *copy) { return 0; } diff -puN security/dummy.c~selinux-cleanup-binary-mount-data security/dummy.c --- 25/security/dummy.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/security/dummy.c 2004-02-29 20:18:06.000000000 -0800 @@ -194,7 +194,8 @@ static void dummy_sb_free_security (stru return; } -static int dummy_sb_copy_data (const char *fstype, void *orig, void *copy) +static int dummy_sb_copy_data (struct file_system_type *type, + void *orig, void *copy) { return 0; } diff -puN security/selinux/hooks.c~selinux-cleanup-binary-mount-data security/selinux/hooks.c --- 25/security/selinux/hooks.c~selinux-cleanup-binary-mount-data 2004-02-29 20:18:06.000000000 -0800 +++ 25-akpm/security/selinux/hooks.c 2004-02-29 20:18:06.000000000 -0800 @@ -331,25 +331,24 @@ static int try_context_mount(struct supe name = sb->s_type->name; - /* Ignore these fileystems with binary mount option data. */ - if (!strcmp(name, "coda") || - !strcmp(name, "afs") || !strcmp(name, "smbfs")) - goto out; - - /* NFS we understand. */ - if (!strcmp(name, "nfs")) { - struct nfs_mount_data *d = data; + if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) { - if (d->version < NFS_MOUNT_VERSION) + /* NFS we understand. */ + if (!strcmp(name, "nfs")) { + struct nfs_mount_data *d = data; + + if (d->version < NFS_MOUNT_VERSION) + goto out; + + if (d->context[0]) { + context = d->context; + seen |= Opt_context; + } + } else goto out; - if (d->context[0]) { - context = d->context; - seen |= Opt_context; - } - - /* Standard string-based options. */ } else { + /* Standard string-based options. */ char *p, *options = data; while ((p = strsep(&options, ",")) != NULL) { @@ -1886,7 +1885,7 @@ static inline void take_option(char **to *to += len; } -static int selinux_sb_copy_data(const char *fstype, void *orig, void *copy) +static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy) { int fnosec, fsec, rc = 0; char *in_save, *in_curr, *in_end; @@ -1896,8 +1895,7 @@ static int selinux_sb_copy_data(const ch sec_curr = copy; /* Binary mount data: just copy */ - if (!strcmp(fstype, "nfs") || !strcmp(fstype, "coda") || - !strcmp(fstype, "smbfs") || !strcmp(fstype, "afs")) { + if (type->fs_flags & FS_BINARY_MOUNTDATA) { copy_page(sec_curr, in_curr); goto out; } _