355 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in inode_free_security()  local
368 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
370 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
410 	struct superblock_security_struct *sbsec;  in superblock_alloc_security()  local
412 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in superblock_alloc_security()
413 	if (!sbsec)  in superblock_alloc_security()
416 	mutex_init(&sbsec->lock);  in superblock_alloc_security()
417 	INIT_LIST_HEAD(&sbsec->isec_head);  in superblock_alloc_security()
418 	spin_lock_init(&sbsec->isec_lock);  in superblock_alloc_security()
419 	sbsec->sb = sb;  in superblock_alloc_security()
420 	sbsec->sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
421 	sbsec->def_sid = SECINITSID_FILE;  in superblock_alloc_security()
422 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
423 	sb->s_security = sbsec;  in superblock_alloc_security()
430 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
432 	kfree(sbsec);  in superblock_free_security()
464 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
471 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
483 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
489 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
495 			  sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
502 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
504 	return sbsec->behavior == SECURITY_FS_USE_XATTR ||  in selinux_is_sblabel_mnt()
505 		sbsec->behavior == SECURITY_FS_USE_TRANS ||  in selinux_is_sblabel_mnt()
506 		sbsec->behavior == SECURITY_FS_USE_TASK ||  in selinux_is_sblabel_mnt()
507 		sbsec->behavior == SECURITY_FS_USE_NATIVE ||  in selinux_is_sblabel_mnt()
521 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
526 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
553 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
561 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
563 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
572 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
574 	if (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
576 				list_entry(sbsec->isec_head.next,  in sb_finish_set_opts()
580 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
587 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
590 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
604 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_get_mnt_opts()  local
611 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_get_mnt_opts()
620 	tmp = sbsec->flags & SE_MNTMASK;  in selinux_get_mnt_opts()
628 	if (sbsec->flags & SBLABEL_MNT)  in selinux_get_mnt_opts()
644 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_get_mnt_opts()
645 		rc = security_sid_to_context(&selinux_state, sbsec->sid,  in selinux_get_mnt_opts()
652 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_get_mnt_opts()
654 					     sbsec->mntpoint_sid,  in selinux_get_mnt_opts()
661 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_get_mnt_opts()
662 		rc = security_sid_to_context(&selinux_state, sbsec->def_sid,  in selinux_get_mnt_opts()
669 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_get_mnt_opts()
670 		struct dentry *root = sbsec->sb->s_root;  in selinux_get_mnt_opts()
680 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_get_mnt_opts()
694 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
697 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
700 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
701 		if (!(sbsec->flags & flag) ||  in bad_option()
708 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
725 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
727 	struct dentry *root = sbsec->sb->s_root;  in selinux_set_mnt_opts()
735 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
767 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
796 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
800 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
805 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
809 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
814 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
818 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
824 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
828 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
837 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
839 		if ((sbsec->flags & SE_MNTMASK) && !num_opts)  in selinux_set_mnt_opts()
846 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
854 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
856 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
883 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
884 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
889 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
898 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
902 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
911 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
917 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
921 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
923 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
931 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
932 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
936 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
946 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
947 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
954 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
956 							     sbsec, cred);  in selinux_set_mnt_opts()
961 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
967 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1519 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1539 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1540 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1544 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1546 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1547 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1557 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1562 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1632 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1637 							     sbsec->def_sid,  in inode_doinit_with_dentry()
1666 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1675 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1679 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1681 		if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {  in inode_doinit_with_dentry()
1709 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1929 	const struct superblock_security_struct *sbsec = dir->i_sb->s_security;  in selinux_determine_inode_label()  local
1931 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1932 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1933 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1934 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1954 	struct superblock_security_struct *sbsec;  in may_create()  local
1960 	sbsec = dir->i_sb->s_security;  in may_create()
1985 			    newsid, sbsec->sid,  in may_create()
2106 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
2109 	sbsec = sb->s_security;  in superblock_has_perm()
2111 			    sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2841 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2843 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2884 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2888 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2895 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2900 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
3030 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
3035 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
3047 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
3054 	if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3257 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3272 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
3273 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3335 			    sbsec->sid,  in selinux_inode_setxattr()