335 	struct superblock_security_struct *sbsec;  in inode_free_security()  local
339 	sbsec = inode->i_sb->s_security;  in inode_free_security()
351 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
353 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
370 	struct superblock_security_struct *sbsec;  in superblock_alloc_security()  local
372 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in superblock_alloc_security()
373 	if (!sbsec)  in superblock_alloc_security()
376 	mutex_init(&sbsec->lock);  in superblock_alloc_security()
377 	INIT_LIST_HEAD(&sbsec->isec_head);  in superblock_alloc_security()
378 	spin_lock_init(&sbsec->isec_lock);  in superblock_alloc_security()
379 	sbsec->sb = sb;  in superblock_alloc_security()
380 	sbsec->sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
381 	sbsec->def_sid = SECINITSID_FILE;  in superblock_alloc_security()
382 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in superblock_alloc_security()
383 	sb->s_security = sbsec;  in superblock_alloc_security()
390 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
392 	kfree(sbsec);  in superblock_free_security()
460 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
467 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
479 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
485 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
491 			  sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
511 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
519 	switch (sbsec->behavior) {  in selinux_is_sblabel_mnt()
539 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
544 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
572 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
580 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
582 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
591 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
592 	while (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
594 				list_first_entry(&sbsec->isec_head,  in sb_finish_set_opts()
598 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
605 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
607 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
612 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
615 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
618 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
619 		if (!(sbsec->flags & flag) ||  in bad_option()
626 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
653 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
654 	struct dentry *root = sbsec->sb->s_root;  in selinux_set_mnt_opts()
661 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
693 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
709 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
712 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
718 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
721 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
727 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
730 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
736 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
739 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
743 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
745 		if ((sbsec->flags & SE_MNTMASK) && !opts)  in selinux_set_mnt_opts()
752 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
759 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
764 		sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;  in selinux_set_mnt_opts()
766 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
793 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
794 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
799 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
808 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
812 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
821 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
827 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
831 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
833 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
841 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
842 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
846 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
856 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
857 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
864 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
866 							     sbsec, cred);  in selinux_set_mnt_opts()
871 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
877 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1111 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_show_options()  local
1114 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_show_options()
1120 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_sb_show_options()
1123 		rc = show_sid(m, sbsec->sid);  in selinux_sb_show_options()
1127 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_sb_show_options()
1130 		rc = show_sid(m, sbsec->mntpoint_sid);  in selinux_sb_show_options()
1134 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_sb_show_options()
1137 		rc = show_sid(m, sbsec->def_sid);  in selinux_sb_show_options()
1141 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_sb_show_options()
1142 		struct dentry *root = sbsec->sb->s_root;  in selinux_sb_show_options()
1150 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_sb_show_options()
1446 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1463 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1464 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1468 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1470 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1471 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1481 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1486 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1518 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,  in inode_doinit_with_dentry()
1529 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1538 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1542 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1544 		if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {  in inode_doinit_with_dentry()
1572 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1578 			if ((sbsec->flags & SE_SBGENFS_XATTR) &&  in inode_doinit_with_dentry()
1812 	const struct superblock_security_struct *sbsec = dir->i_sb->s_security;  in selinux_determine_inode_label()  local
1814 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1815 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1816 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1817 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1837 	struct superblock_security_struct *sbsec;  in may_create()  local
1843 	sbsec = dir->i_sb->s_security;  in may_create()
1868 			    newsid, sbsec->sid,  in may_create()
1989 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1992 	sbsec = sb->s_security;  in superblock_has_perm()
1994 			    sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2700 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2704 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2714 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2721 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2730 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2737 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
2926 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2931 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
2943 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2950 	if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3158 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3176 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
3177 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3239 			    sbsec->sid,  in selinux_inode_setxattr()
3410 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in selinux_inode_setsecurity()  local
3417 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setsecurity()