320 	struct superblock_security_struct *sbsec;  in inode_free_security()  local
324 	sbsec = selinux_superblock(inode->i_sb);  in inode_free_security()
336 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
338 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
400 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
407 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
419 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
425 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
431 			  sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
451 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_is_sblabel_mnt()  local
459 	switch (sbsec->behavior) {  in selinux_is_sblabel_mnt()
479 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in sb_check_xattr_support()  local
521 	sbsec->behavior = SECURITY_FS_USE_GENFS;  in sb_check_xattr_support()
522 	sbsec->sid = sid;  in sb_check_xattr_support()
528 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in sb_finish_set_opts()  local
533 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
539 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
547 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
549 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
558 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
559 	while (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
561 				list_first_entry(&sbsec->isec_head,  in sb_finish_set_opts()
565 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
572 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
574 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
578 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
581 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
584 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
585 		if (!(sbsec->flags & flag) ||  in bad_option()
592 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
608 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_set_mnt_opts()  local
616 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
648 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
662 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
665 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
669 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
672 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
676 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
679 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
683 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
686 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
690 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
692 		if ((sbsec->flags & SE_MNTMASK) && !opts)  in selinux_set_mnt_opts()
699 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
707 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
712 		sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;  in selinux_set_mnt_opts()
714 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
742 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
743 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
748 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
757 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
761 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
770 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
776 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
780 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
782 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
790 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
791 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
795 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
805 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
806 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
813 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
815 							     sbsec, cred);  in selinux_set_mnt_opts()
820 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
826 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1035 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_show_options()  local
1038 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_show_options()
1044 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_sb_show_options()
1047 		rc = show_sid(m, sbsec->sid);  in selinux_sb_show_options()
1051 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_sb_show_options()
1054 		rc = show_sid(m, sbsec->mntpoint_sid);  in selinux_sb_show_options()
1058 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_sb_show_options()
1061 		rc = show_sid(m, sbsec->def_sid);  in selinux_sb_show_options()
1065 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_sb_show_options()
1074 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_sb_show_options()
1371 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1388 	sbsec = selinux_superblock(inode->i_sb);  in inode_doinit_with_dentry()
1389 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1393 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1395 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1396 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1406 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1411 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1443 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,  in inode_doinit_with_dentry()
1454 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1463 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1467 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1469 		if ((sbsec->flags & SE_SBGENFS) &&  in inode_doinit_with_dentry()
1499 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1505 			if ((sbsec->flags & SE_SBGENFS_XATTR) &&  in inode_doinit_with_dentry()
1739 	const struct superblock_security_struct *sbsec =  in selinux_determine_inode_label()  local
1742 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1743 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1744 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1745 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1765 	struct superblock_security_struct *sbsec;  in may_create()  local
1771 	sbsec = selinux_superblock(dir->i_sb);  in may_create()
1796 			    newsid, sbsec->sid,  in may_create()
1917 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1920 	sbsec = selinux_superblock(sb);  in superblock_has_perm()
1922 			    sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2543 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_alloc_security()  local
2545 	mutex_init(&sbsec->lock);  in selinux_sb_alloc_security()
2546 	INIT_LIST_HEAD(&sbsec->isec_head);  in selinux_sb_alloc_security()
2547 	spin_lock_init(&sbsec->isec_lock);  in selinux_sb_alloc_security()
2548 	sbsec->sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2549 	sbsec->def_sid = SECINITSID_FILE;  in selinux_sb_alloc_security()
2550 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2634 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_mnt_opts_compat()  local
2640 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_mnt_opts_compat()
2648 		return (sbsec->flags & SE_MNTMASK) ? 1 : 0;  in selinux_sb_mnt_opts_compat()
2651 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_sb_mnt_opts_compat()
2656 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_sb_mnt_opts_compat()
2664 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_sb_mnt_opts_compat()
2669 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_sb_mnt_opts_compat()
2679 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_remount()  local
2681 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2688 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_sb_remount()
2693 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_sb_remount()
2700 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_sb_remount()
2705 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_sb_remount()
2875 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2880 	sbsec = selinux_superblock(dir->i_sb);  in selinux_inode_init_security()
2891 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2899 	    !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3154 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3172 	sbsec = selinux_superblock(inode->i_sb);  in selinux_inode_setxattr()
3173 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3237 			    sbsec->sid,  in selinux_inode_setxattr()
3417 	struct superblock_security_struct *sbsec;  in selinux_inode_setsecurity()  local
3424 	sbsec = selinux_superblock(inode->i_sb);  in selinux_inode_setsecurity()
3425 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setsecurity()