343 	struct superblock_security_struct *sbsec;  in inode_free_security()  local
347 	sbsec = selinux_superblock(inode->i_sb);  in inode_free_security()
359 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
361 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
423 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
429 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
440 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
445 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
450 	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
470 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_is_sblabel_mnt()  local
478 	switch (sbsec->behavior) {  in selinux_is_sblabel_mnt()
498 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in sb_check_xattr_support()  local
540 	sbsec->behavior = SECURITY_FS_USE_GENFS;  in sb_check_xattr_support()
541 	sbsec->sid = sid;  in sb_check_xattr_support()
547 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in sb_finish_set_opts()  local
552 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
558 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
566 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
568 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
577 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
578 	while (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
580 				list_first_entry(&sbsec->isec_head,  in sb_finish_set_opts()
584 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
591 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
593 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
597 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
600 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
603 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
604 		if (!(sbsec->flags & flag) ||  in bad_option()
611 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
627 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_set_mnt_opts()  local
642 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
650 				sbsec->flags |= SE_SBNATIVE;  in selinux_set_mnt_opts()
672 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
686 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
689 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
693 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
696 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
700 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
703 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
707 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
710 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
714 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
716 		if ((sbsec->flags & SE_MNTMASK) && !opts)  in selinux_set_mnt_opts()
723 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
731 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
736 		sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;  in selinux_set_mnt_opts()
738 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
766 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
767 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
771 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
780 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
784 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
792 	if (sbsec->flags & SE_SBNATIVE) {  in selinux_set_mnt_opts()
801 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
803 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
809 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
813 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
815 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
823 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
824 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
828 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
838 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
839 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
846 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
848 							     sbsec, cred);  in selinux_set_mnt_opts()
853 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
859 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1073 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_show_options()  local
1076 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_show_options()
1082 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_sb_show_options()
1085 		rc = show_sid(m, sbsec->sid);  in selinux_sb_show_options()
1089 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_sb_show_options()
1092 		rc = show_sid(m, sbsec->mntpoint_sid);  in selinux_sb_show_options()
1096 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_sb_show_options()
1099 		rc = show_sid(m, sbsec->def_sid);  in selinux_sb_show_options()
1103 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_sb_show_options()
1112 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_sb_show_options()
1409 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1426 	sbsec = selinux_superblock(inode->i_sb);  in inode_doinit_with_dentry()
1427 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1431 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1433 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1434 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1444 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1452 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1484 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,  in inode_doinit_with_dentry()
1495 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1504 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1508 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1510 		if ((sbsec->flags & SE_SBGENFS) &&  in inode_doinit_with_dentry()
1540 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1546 			if ((sbsec->flags & SE_SBGENFS_XATTR) &&  in inode_doinit_with_dentry()
1776 	const struct superblock_security_struct *sbsec =  in selinux_determine_inode_label()  local
1779 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1780 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1781 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1782 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1802 	struct superblock_security_struct *sbsec;  in may_create()  local
1808 	sbsec = selinux_superblock(dir->i_sb);  in may_create()
1830 	return avc_has_perm(newsid, sbsec->sid,  in may_create()
1944 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1947 	sbsec = selinux_superblock(sb);  in superblock_has_perm()
1948 	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2549 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_alloc_security()  local
2551 	mutex_init(&sbsec->lock);  in selinux_sb_alloc_security()
2552 	INIT_LIST_HEAD(&sbsec->isec_head);  in selinux_sb_alloc_security()
2553 	spin_lock_init(&sbsec->isec_lock);  in selinux_sb_alloc_security()
2554 	sbsec->sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2555 	sbsec->def_sid = SECINITSID_FILE;  in selinux_sb_alloc_security()
2556 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2640 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_mnt_opts_compat()  local
2646 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_mnt_opts_compat()
2654 		return (sbsec->flags & SE_MNTMASK) ? 1 : 0;  in selinux_sb_mnt_opts_compat()
2657 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_sb_mnt_opts_compat()
2662 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_sb_mnt_opts_compat()
2670 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_sb_mnt_opts_compat()
2675 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_sb_mnt_opts_compat()
2685 	struct superblock_security_struct *sbsec = selinux_superblock(sb);  in selinux_sb_remount()  local
2687 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2694 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_sb_remount()
2699 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_sb_remount()
2706 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_sb_remount()
2711 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_sb_remount()
2778 	const struct superblock_security_struct *sbsec = selinux_superblock(reference);  in selinux_fs_context_submount()  local
2785 	if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))  in selinux_fs_context_submount()
2792 	if (sbsec->flags & FSCONTEXT_MNT)  in selinux_fs_context_submount()
2793 		opts->fscontext_sid = sbsec->sid;  in selinux_fs_context_submount()
2794 	if (sbsec->flags & CONTEXT_MNT)  in selinux_fs_context_submount()
2795 		opts->context_sid = sbsec->mntpoint_sid;  in selinux_fs_context_submount()
2796 	if (sbsec->flags & DEFCONTEXT_MNT)  in selinux_fs_context_submount()
2797 		opts->defcontext_sid = sbsec->def_sid;  in selinux_fs_context_submount()
2907 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2913 	sbsec = selinux_superblock(dir->i_sb);  in selinux_inode_init_security()
2924 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2932 	    !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3181 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3199 	sbsec = selinux_superblock(inode->i_sb);  in selinux_inode_setxattr()
3200 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3261 			    sbsec->sid,  in selinux_inode_setxattr()
3459 	struct superblock_security_struct *sbsec;  in selinux_inode_setsecurity()  local
3466 	sbsec = selinux_superblock(inode->i_sb);  in selinux_inode_setsecurity()
3467 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setsecurity()