335 	struct superblock_security_struct *sbsec;  in inode_free_security()  local
339 	sbsec = inode->i_sb->s_security;  in inode_free_security()
351 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
353 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
370 	struct superblock_security_struct *sbsec;  in superblock_alloc_security()  local
372 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in superblock_alloc_security()
373 	if (!sbsec)  in superblock_alloc_security()
376 	mutex_init(&sbsec->lock);  in superblock_alloc_security()
377 	INIT_LIST_HEAD(&sbsec->isec_head);  in superblock_alloc_security()
378 	spin_lock_init(&sbsec->isec_lock);  in superblock_alloc_security()
379 	sbsec->sb = sb;  in superblock_alloc_security()
380 	sbsec->sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
381 	sbsec->def_sid = SECINITSID_FILE;  in superblock_alloc_security()
382 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
383 	sb->s_security = sbsec;  in superblock_alloc_security()
390 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
392 	kfree(sbsec);  in superblock_free_security()
460 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
467 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
479 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
485 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
491 			  sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
511 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
519 	switch (sbsec->behavior) {  in selinux_is_sblabel_mnt()
539 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
544 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
571 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
579 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
581 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
590 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
591 	while (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
593 				list_first_entry(&sbsec->isec_head,  in sb_finish_set_opts()
597 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
604 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
606 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
611 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
614 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
617 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
618 		if (!(sbsec->flags & flag) ||  in bad_option()
625 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
652 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
653 	struct dentry *root = sbsec->sb->s_root;  in selinux_set_mnt_opts()
660 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
692 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
708 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
711 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
717 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
720 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
726 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
729 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
735 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
738 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
742 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
744 		if ((sbsec->flags & SE_MNTMASK) && !opts)  in selinux_set_mnt_opts()
751 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
756 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
761 		sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;  in selinux_set_mnt_opts()
763 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
790 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
791 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
796 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
805 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
809 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
818 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
824 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
828 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
830 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
838 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
839 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
843 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
853 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
854 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
861 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
863 							     sbsec, cred);  in selinux_set_mnt_opts()
868 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
874 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1100 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_show_options()  local
1103 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_show_options()
1109 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_sb_show_options()
1112 		rc = show_sid(m, sbsec->sid);  in selinux_sb_show_options()
1116 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_sb_show_options()
1119 		rc = show_sid(m, sbsec->mntpoint_sid);  in selinux_sb_show_options()
1123 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_sb_show_options()
1126 		rc = show_sid(m, sbsec->def_sid);  in selinux_sb_show_options()
1130 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_sb_show_options()
1131 		struct dentry *root = sbsec->sb->s_root;  in selinux_sb_show_options()
1139 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_sb_show_options()
1433 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1450 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1451 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1455 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1457 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1458 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1468 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1473 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1505 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,  in inode_doinit_with_dentry()
1516 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1525 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1529 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1531 		if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {  in inode_doinit_with_dentry()
1559 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1565 			if ((sbsec->flags & SE_SBGENFS_XATTR) &&  in inode_doinit_with_dentry()
1791 	const struct superblock_security_struct *sbsec = dir->i_sb->s_security;  in selinux_determine_inode_label()  local
1793 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1794 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1795 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1796 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1816 	struct superblock_security_struct *sbsec;  in may_create()  local
1822 	sbsec = dir->i_sb->s_security;  in may_create()
1847 			    newsid, sbsec->sid,  in may_create()
1968 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1971 	sbsec = sb->s_security;  in superblock_has_perm()
1973 			    sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2685 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2689 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2699 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2706 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2715 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2722 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
2904 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2909 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
2921 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2928 	if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3132 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3147 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
3148 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3210 			    sbsec->sid,  in selinux_inode_setxattr()
3372 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in selinux_inode_setsecurity()  local
3379 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setsecurity()