LSM/SELinux: Interfaces to allow FS to control mount options

	if (!mnt)

		goto out;

	if (data) {

	if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) {

		secdata = alloc_secdata();

		if (!secdata)

			goto out_mnt;

		error = security_sb_copy_data(type, data, secdata);

		error = security_sb_copy_data(data, secdata);

		if (error)

			goto out_free_secdata;

	}

#include <linux/xfrm.h>

#include <net/flow.h>

/* only a char in selinux superblock security struct flags */

#define FSCONTEXT_MNT		0x01

#define CONTEXT_MNT		0x02

#define ROOTCONTEXT_MNT		0x04

#define DEFCONTEXT_MNT		0x08

extern unsigned securebits;

struct ctl_table;

#ifdef CONFIG_SECURITY

struct security_mnt_opts {

	char **mnt_opts;

	int *mnt_opts_flags;

	int num_mnt_opts;

};

static inline void security_init_mnt_opts(struct security_mnt_opts *opts)

{

	opts->mnt_opts = NULL;

	opts->mnt_opts_flags = NULL;

	opts->num_mnt_opts = 0;

}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)

{

	int i;

	if (opts->mnt_opts)

		for(i = 0; i < opts->num_mnt_opts; i++)

			kfree(opts->mnt_opts[i]);

	kfree(opts->mnt_opts);

	opts->mnt_opts = NULL;

	kfree(opts->mnt_opts_flags);

	opts->mnt_opts_flags = NULL;

	opts->num_mnt_opts = 0;

}

/**

 * struct security_operations - main security structure

 *

 * @sb_get_mnt_opts:

 *	Get the security relevant mount options used for a superblock

 *	@sb the superblock to get security mount options from

 *	@mount_options array for pointers to mount options

 *	@mount_flags array of ints specifying what each mount options is

 *	@num_opts number of options in the arrays

 *	@opts binary data structure containing all lsm mount data

 * @sb_set_mnt_opts:

 *	Set the security relevant mount options used for a superblock

 *	@sb the superblock to set security mount options for

 *	@mount_options array for pointers to mount options

 *	@mount_flags array of ints specifying what each mount options is

 *	@num_opts number of options in the arrays

 *	@opts binary data structure containing all lsm mount data

 * @sb_clone_mnt_opts:

 *	Copy all security options from a given superblock to another

 *	@oldsb old superblock which contain information to clone

 *	@newsb new superblock which needs filled in

 * @sb_parse_opts_str:

 *	Parse a string of security data filling in the opts structure

 *	@options string containing all mount options known by the LSM

 *	@opts binary data structure usable by the LSM

 *

 * Security hooks for inode operations.

 *

	int (*sb_alloc_security) (struct super_block * sb);

	void (*sb_free_security) (struct super_block * sb);

	int (*sb_copy_data)(struct file_system_type *type,

			    void *orig, void *copy);

	int (*sb_copy_data)(char *orig, char *copy);

	int (*sb_kern_mount) (struct super_block *sb, void *data);

	int (*sb_statfs) (struct dentry *dentry);

	int (*sb_mount) (char *dev_name, struct nameidata * nd,

	void (*sb_post_pivotroot) (struct nameidata * old_nd,

				   struct nameidata * new_nd);

	int (*sb_get_mnt_opts) (const struct super_block *sb,

				char ***mount_options, int **flags,

				int *num_opts);

	int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options,

				int *flags, int num_opts);

				struct security_mnt_opts *opts);

	int (*sb_set_mnt_opts) (struct super_block *sb,

				struct security_mnt_opts *opts);

	void (*sb_clone_mnt_opts) (const struct super_block *oldsb,

				   struct super_block *newsb);

	int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);

	int (*inode_alloc_security) (struct inode *inode);	

	void (*inode_free_security) (struct inode *inode);

int security_bprm_secureexec(struct linux_binprm *bprm);

int security_sb_alloc(struct super_block *sb);

void security_sb_free(struct super_block *sb);

int security_sb_copy_data(struct file_system_type *type, void *orig, void *copy);

int security_sb_copy_data(char *orig, char *copy);

int security_sb_kern_mount(struct super_block *sb, void *data);

int security_sb_statfs(struct dentry *dentry);

int security_sb_mount(char *dev_name, struct nameidata *nd,

void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);

int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);

void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);

int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,

			     int **flags, int *num_opts);

int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options,

			     int *flags, int num_opts);

int security_sb_get_mnt_opts(const struct super_block *sb,

				struct security_mnt_opts *opts);

int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);

void security_sb_clone_mnt_opts(const struct super_block *oldsb,

				struct super_block *newsb);

int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);

int security_inode_alloc(struct inode *inode);

void security_inode_free(struct inode *inode);

void security_release_secctx(char *secdata, u32 seclen);

#else /* CONFIG_SECURITY */

struct security_mnt_opts {

};

static inline void security_init_mnt_opts(struct security_mnt_opts *opts)

{

}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)

{

}

/*

 * This is the default capabilities functionality.  Most of these functions

static inline void security_sb_free (struct super_block *sb)

{ }

static inline int security_sb_copy_data (struct file_system_type *type,

					 void *orig, void *copy)

static inline int security_sb_copy_data (char *orig, char *copy)

{

	return 0;

}

static inline void security_sb_post_pivotroot (struct nameidata *old_nd,

					       struct nameidata *new_nd)

{ }

static inline int security_sb_get_mnt_opts(const struct super_block *sb,

					   struct security_mnt_opts *opts)

{

	security_init_mnt_opts(opts);

	return 0;

}

static inline int security_sb_set_mnt_opts(struct super_block *sb,

					   struct security_mnt_opts *opts)

{

	return 0;

}

static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb,

					      struct super_block *newsb)

{ }

static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)

{

	return 0;

}

static inline int security_inode_alloc (struct inode *inode)

{

	return;

}

static int dummy_sb_copy_data (struct file_system_type *type,

			       void *orig, void *copy)

static int dummy_sb_copy_data (char *orig, char *copy)

{

	return 0;

}

	return;

}

static int dummy_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,

				 int **flags, int *num_opts)

static int dummy_sb_get_mnt_opts(const struct super_block *sb,

				 struct security_mnt_opts *opts)

{

	*mount_options = NULL;

	*flags = NULL;

	*num_opts = 0;

	security_init_mnt_opts(opts);

	return 0;

}

static int dummy_sb_set_mnt_opts(struct super_block *sb, char **mount_options,

				 int *flags, int num_opts)

static int dummy_sb_set_mnt_opts(struct super_block *sb,

				 struct security_mnt_opts *opts)

{

	if (unlikely(num_opts))

	if (unlikely(opts->num_mnt_opts))

		return -EOPNOTSUPP;

	return 0;

}

	return;

}

static int dummy_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)

{

	return 0;

}

static int dummy_inode_alloc_security (struct inode *inode)

{

	return 0;

	set_to_dummy_if_null(ops, sb_get_mnt_opts);

	set_to_dummy_if_null(ops, sb_set_mnt_opts);

	set_to_dummy_if_null(ops, sb_clone_mnt_opts);

	set_to_dummy_if_null(ops, sb_parse_opts_str);

	set_to_dummy_if_null(ops, inode_alloc_security);

	set_to_dummy_if_null(ops, inode_free_security);

	set_to_dummy_if_null(ops, inode_init_security);

	security_ops->sb_free_security(sb);

}

int security_sb_copy_data(struct file_system_type *type, void *orig, void *copy)

int security_sb_copy_data(char *orig, char *copy)

{

	return security_ops->sb_copy_data(type, orig, copy);

	return security_ops->sb_copy_data(orig, copy);

}

EXPORT_SYMBOL(security_sb_copy_data);

int security_sb_kern_mount(struct super_block *sb, void *data)

{

}

int security_sb_get_mnt_opts(const struct super_block *sb,

			      char ***mount_options,

			      int **flags, int *num_opts)

				struct security_mnt_opts *opts)

{

	return security_ops->sb_get_mnt_opts(sb, mount_options, flags, num_opts);

	return security_ops->sb_get_mnt_opts(sb, opts);

}

int security_sb_set_mnt_opts(struct super_block *sb,

			      char **mount_options,

			      int *flags, int num_opts)

				struct security_mnt_opts *opts)

{

	return security_ops->sb_set_mnt_opts(sb, mount_options, flags, num_opts);

	return security_ops->sb_set_mnt_opts(sb, opts);

}

EXPORT_SYMBOL(security_sb_set_mnt_opts);

void security_sb_clone_mnt_opts(const struct super_block *oldsb,

				struct super_block *newsb)

{

	security_ops->sb_clone_mnt_opts(oldsb, newsb);

}

EXPORT_SYMBOL(security_sb_clone_mnt_opts);

int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)

{

	return security_ops->sb_parse_opts_str(options, opts);

}

EXPORT_SYMBOL(security_sb_parse_opts_str);

int security_inode_alloc(struct inode *inode)

{

 * mount options, or whatever.

 */

static int selinux_get_mnt_opts(const struct super_block *sb,

				char ***mount_options, int **mnt_opts_flags,

				int *num_opts)

				struct security_mnt_opts *opts)

{

	int rc = 0, i;

	struct superblock_security_struct *sbsec = sb->s_security;

	u32 len;

	char tmp;

	*num_opts = 0;

	*mount_options = NULL;

	*mnt_opts_flags = NULL;

	security_init_mnt_opts(opts);

	if (!sbsec->initialized)

		return -EINVAL;

	/* count the number of mount options for this sb */

	for (i = 0; i < 8; i++) {

		if (tmp & 0x01)

			(*num_opts)++;

			opts->num_mnt_opts++;

		tmp >>= 1;

	}

	*mount_options = kcalloc(*num_opts, sizeof(char *), GFP_ATOMIC);

	if (!*mount_options) {

	opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);

	if (!opts->mnt_opts) {

		rc = -ENOMEM;

		goto out_free;

	}

	*mnt_opts_flags = kcalloc(*num_opts, sizeof(int), GFP_ATOMIC);

	if (!*mnt_opts_flags) {

	opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);

	if (!opts->mnt_opts_flags) {

		rc = -ENOMEM;

		goto out_free;

	}

		rc = security_sid_to_context(sbsec->sid, &context, &len);

		if (rc)

			goto out_free;

		(*mount_options)[i] = context;

		(*mnt_opts_flags)[i++] = FSCONTEXT_MNT;

		opts->mnt_opts[i] = context;

		opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;

	}

	if (sbsec->flags & CONTEXT_MNT) {

		rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);

		if (rc)

			goto out_free;

		(*mount_options)[i] = context;

		(*mnt_opts_flags)[i++] = CONTEXT_MNT;

		opts->mnt_opts[i] = context;

		opts->mnt_opts_flags[i++] = CONTEXT_MNT;

	}

	if (sbsec->flags & DEFCONTEXT_MNT) {

		rc = security_sid_to_context(sbsec->def_sid, &context, &len);

		if (rc)

			goto out_free;

		(*mount_options)[i] = context;

		(*mnt_opts_flags)[i++] = DEFCONTEXT_MNT;

		opts->mnt_opts[i] = context;

		opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;

	}

	if (sbsec->flags & ROOTCONTEXT_MNT) {

		struct inode *root = sbsec->sb->s_root->d_inode;

		rc = security_sid_to_context(isec->sid, &context, &len);

		if (rc)

			goto out_free;

		(*mount_options)[i] = context;

		(*mnt_opts_flags)[i++] = ROOTCONTEXT_MNT;

		opts->mnt_opts[i] = context;

		opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;

	}

	BUG_ON(i != *num_opts);

	BUG_ON(i != opts->num_mnt_opts);

	return 0;

out_free:

	/* don't leak context string if security_sid_to_context had an error */

	if (*mount_options && i)

		for (; i > 0; i--)

			kfree((*mount_options)[i-1]);

	kfree(*mount_options);

	*mount_options = NULL;

	kfree(*mnt_opts_flags);

	*mnt_opts_flags = NULL;

	*num_opts = 0;

	security_free_mnt_opts(opts);

	return rc;

}

			return 1;

	return 0;

}

/*

 * Allow filesystems with binary mount data to explicitly set mount point

 * labeling information.

 */

static int selinux_set_mnt_opts(struct super_block *sb, char **mount_options,

				int *flags, int num_opts)

static int selinux_set_mnt_opts(struct super_block *sb,

				struct security_mnt_opts *opts)

{

	int rc = 0, i;

	struct task_security_struct *tsec = current->security;

	struct inode_security_struct *root_isec = inode->i_security;

	u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;

	u32 defcontext_sid = 0;

	char **mount_options = opts->mnt_opts;

	int *flags = opts->mnt_opts_flags;

	int num_opts = opts->num_mnt_opts;

	mutex_lock(&sbsec->lock);

		goto out;

	}

	/*

	 * Binary mount data FS will come through this function twice.  Once

	 * from an explicit call and once from the generic calls from the vfs.

	 * Since the generic VFS calls will not contain any security mount data

	 * we need to skip the double mount verification.

	 *

	 * This does open a hole in which we will not notice if the first

	 * mount using this sb set explict options and a second mount using

	 * this sb does not set any security options.  (The first options

	 * will be used for both mounts)

	 */

	if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)

	    && (num_opts == 0))

	        goto out;

	/*

	 * parse the mount options, check if they are valid sids.

	 * also check if someone is trying to mount the same sb more

	mutex_unlock(&newsbsec->lock);

}

/*

 * string mount options parsing and call set the sbsec

 */

static int superblock_doinit(struct super_block *sb, void *data)

int selinux_parse_opts_str(char *options, struct security_mnt_opts *opts)

{

	char *p;

	char *context = NULL, *defcontext = NULL;

	char *fscontext = NULL, *rootcontext = NULL;

	int rc = 0;

	char *p, *options = data;

	/* selinux only know about a fixed number of mount options */

	char *mnt_opts[NUM_SEL_MNT_OPTS];

	int mnt_opts_flags[NUM_SEL_MNT_OPTS], num_mnt_opts = 0;

	if (!data)

		goto out;

	/* with the nfs patch this will become a goto out; */

	if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {

		const char *name = sb->s_type->name;

		/* NFS we understand. */

		if (!strcmp(name, "nfs")) {

			struct nfs_mount_data *d = data;

	int rc, num_mnt_opts = 0;

			if (d->version !=  NFS_MOUNT_VERSION)

				goto out;

			if (d->context[0]) {

				context = kstrdup(d->context, GFP_KERNEL);

				if (!context) {

					rc = -ENOMEM;

					goto out;

				}

			}

			goto build_flags;

		} else

			goto out;

	}

	opts->num_mnt_opts = 0;

	/* Standard string-based options. */

	while ((p = strsep(&options, "|")) != NULL) {

		}

	}

build_flags:

	rc = -ENOMEM;

	opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);

	if (!opts->mnt_opts)

		goto out_err;

	opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);

	if (!opts->mnt_opts_flags) {

		kfree(opts->mnt_opts);

		goto out_err;

	}

	if (fscontext) {

		mnt_opts[num_mnt_opts] = fscontext;

		mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;

		opts->mnt_opts[num_mnt_opts] = fscontext;

		opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;

	}

	if (context) {

		mnt_opts[num_mnt_opts] = context;

		mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;

		opts->mnt_opts[num_mnt_opts] = context;

		opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;

	}

	if (rootcontext) {

		mnt_opts[num_mnt_opts] = rootcontext;

		mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;

		opts->mnt_opts[num_mnt_opts] = rootcontext;

		opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;

	}

	if (defcontext) {

		mnt_opts[num_mnt_opts] = defcontext;

		mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;

		opts->mnt_opts[num_mnt_opts] = defcontext;

		opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;

	}

out:

	rc = selinux_set_mnt_opts(sb, mnt_opts, mnt_opts_flags, num_mnt_opts);

	opts->num_mnt_opts = num_mnt_opts;

	return 0;

out_err:

	kfree(context);

	kfree(defcontext);

	kfree(rootcontext);

	return rc;

}

/*

 * string mount options parsing and call set the sbsec

 */

static int superblock_doinit(struct super_block *sb, void *data)

{

	int rc = 0;

	char *options = data;

	struct security_mnt_opts opts;

	security_init_mnt_opts(&opts);

	if (!data)

		goto out;

	BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);

	rc = selinux_parse_opts_str(options, &opts);

	if (rc)

		goto out_err;

out:

	rc = selinux_set_mnt_opts(sb, &opts);

out_err:

	security_free_mnt_opts(&opts);

	return rc;

}

static inline u16 inode_mode_to_security_class(umode_t mode)

{

	}

}

static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)

static int selinux_sb_copy_data(char *orig, char *copy)

{

	int fnosec, fsec, rc = 0;

	char *in_save, *in_curr, *in_end;

	in_curr = orig;

	sec_curr = copy;