321 	struct superblock_security_struct *sbsec;  in inode_free_security()  local
325 	sbsec = inode->i_sb->s_security;  in inode_free_security()
337 		spin_lock(&sbsec->isec_lock);  in inode_free_security()
339 		spin_unlock(&sbsec->isec_lock);  in inode_free_security()
345 	struct superblock_security_struct *sbsec = sb->s_security;  in superblock_free_security()  local
347 	kfree(sbsec);  in superblock_free_security()
410 			struct superblock_security_struct *sbsec,  in may_context_mount_sb_relabel()  argument
417 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_sb_relabel()
429 			struct superblock_security_struct *sbsec,  in may_context_mount_inode_relabel()  argument
435 			  tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
441 			  sid, sbsec->sid, SECCLASS_FILESYSTEM,  in may_context_mount_inode_relabel()
461 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_is_sblabel_mnt()  local
469 	switch (sbsec->behavior) {  in selinux_is_sblabel_mnt()
489 	struct superblock_security_struct *sbsec = sb->s_security;  in sb_finish_set_opts()  local
494 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in sb_finish_set_opts()
522 	sbsec->flags |= SE_SBINITIALIZED;  in sb_finish_set_opts()
530 		sbsec->flags |= SBLABEL_MNT;  in sb_finish_set_opts()
532 		sbsec->flags &= ~SBLABEL_MNT;  in sb_finish_set_opts()
541 	spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
542 	while (!list_empty(&sbsec->isec_head)) {  in sb_finish_set_opts()
544 				list_first_entry(&sbsec->isec_head,  in sb_finish_set_opts()
548 		spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
555 		spin_lock(&sbsec->isec_lock);  in sb_finish_set_opts()
557 	spin_unlock(&sbsec->isec_lock);  in sb_finish_set_opts()
562 static int bad_option(struct superblock_security_struct *sbsec, char flag,  in bad_option()  argument
565 	char mnt_flags = sbsec->flags & SE_MNTMASK;  in bad_option()
568 	if (sbsec->flags & SE_SBINITIALIZED)  in bad_option()
569 		if (!(sbsec->flags & flag) ||  in bad_option()
576 	if (!(sbsec->flags & SE_SBINITIALIZED))  in bad_option()
603 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_set_mnt_opts()  local
604 	struct dentry *root = sbsec->sb->s_root;  in selinux_set_mnt_opts()
611 	mutex_lock(&sbsec->lock);  in selinux_set_mnt_opts()
643 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)  in selinux_set_mnt_opts()
659 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,  in selinux_set_mnt_opts()
662 			sbsec->flags |= FSCONTEXT_MNT;  in selinux_set_mnt_opts()
668 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,  in selinux_set_mnt_opts()
671 			sbsec->flags |= CONTEXT_MNT;  in selinux_set_mnt_opts()
677 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,  in selinux_set_mnt_opts()
680 			sbsec->flags |= ROOTCONTEXT_MNT;  in selinux_set_mnt_opts()
686 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,  in selinux_set_mnt_opts()
689 			sbsec->flags |= DEFCONTEXT_MNT;  in selinux_set_mnt_opts()
693 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_set_mnt_opts()
695 		if ((sbsec->flags & SE_MNTMASK) && !opts)  in selinux_set_mnt_opts()
702 		sbsec->flags |= SE_SBPROC | SE_SBGENFS;  in selinux_set_mnt_opts()
709 		sbsec->flags |= SE_SBGENFS;  in selinux_set_mnt_opts()
714 		sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;  in selinux_set_mnt_opts()
716 	if (!sbsec->behavior) {  in selinux_set_mnt_opts()
743 		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {  in selinux_set_mnt_opts()
744 			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
749 						     &sbsec->mntpoint_sid);  in selinux_set_mnt_opts()
758 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
762 		sbsec->sid = fscontext_sid;  in selinux_set_mnt_opts()
771 		sbsec->behavior = SECURITY_FS_USE_NATIVE;  in selinux_set_mnt_opts()
777 			rc = may_context_mount_sb_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
781 			sbsec->sid = context_sid;  in selinux_set_mnt_opts()
783 			rc = may_context_mount_inode_relabel(context_sid, sbsec,  in selinux_set_mnt_opts()
791 		sbsec->mntpoint_sid = context_sid;  in selinux_set_mnt_opts()
792 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;  in selinux_set_mnt_opts()
796 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,  in selinux_set_mnt_opts()
806 		if (sbsec->behavior != SECURITY_FS_USE_XATTR &&  in selinux_set_mnt_opts()
807 			sbsec->behavior != SECURITY_FS_USE_NATIVE) {  in selinux_set_mnt_opts()
814 		if (defcontext_sid != sbsec->def_sid) {  in selinux_set_mnt_opts()
816 							     sbsec, cred);  in selinux_set_mnt_opts()
821 		sbsec->def_sid = defcontext_sid;  in selinux_set_mnt_opts()
827 	mutex_unlock(&sbsec->lock);  in selinux_set_mnt_opts()
1061 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_show_options()  local
1064 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_show_options()
1070 	if (sbsec->flags & FSCONTEXT_MNT) {  in selinux_sb_show_options()
1073 		rc = show_sid(m, sbsec->sid);  in selinux_sb_show_options()
1077 	if (sbsec->flags & CONTEXT_MNT) {  in selinux_sb_show_options()
1080 		rc = show_sid(m, sbsec->mntpoint_sid);  in selinux_sb_show_options()
1084 	if (sbsec->flags & DEFCONTEXT_MNT) {  in selinux_sb_show_options()
1087 		rc = show_sid(m, sbsec->def_sid);  in selinux_sb_show_options()
1091 	if (sbsec->flags & ROOTCONTEXT_MNT) {  in selinux_sb_show_options()
1092 		struct dentry *root = sbsec->sb->s_root;  in selinux_sb_show_options()
1100 	if (sbsec->flags & SBLABEL_MNT) {  in selinux_sb_show_options()
1396 	struct superblock_security_struct *sbsec = NULL;  in inode_doinit_with_dentry()  local
1413 	sbsec = inode->i_sb->s_security;  in inode_doinit_with_dentry()
1414 	if (!(sbsec->flags & SE_SBINITIALIZED)) {  in inode_doinit_with_dentry()
1418 		spin_lock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1420 			list_add(&isec->list, &sbsec->isec_head);  in inode_doinit_with_dentry()
1421 		spin_unlock(&sbsec->isec_lock);  in inode_doinit_with_dentry()
1431 	switch (sbsec->behavior) {  in inode_doinit_with_dentry()
1436 			sid = sbsec->def_sid;  in inode_doinit_with_dentry()
1468 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,  in inode_doinit_with_dentry()
1479 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1488 		sid = sbsec->mntpoint_sid;  in inode_doinit_with_dentry()
1492 		sid = sbsec->sid;  in inode_doinit_with_dentry()
1494 		if ((sbsec->flags & SE_SBGENFS) &&  in inode_doinit_with_dentry()
1524 						   sbsec->flags, &sid);  in inode_doinit_with_dentry()
1530 			if ((sbsec->flags & SE_SBGENFS_XATTR) &&  in inode_doinit_with_dentry()
1764 	const struct superblock_security_struct *sbsec = dir->i_sb->s_security;  in selinux_determine_inode_label()  local
1766 	if ((sbsec->flags & SE_SBINITIALIZED) &&  in selinux_determine_inode_label()
1767 	    (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {  in selinux_determine_inode_label()
1768 		*_new_isid = sbsec->mntpoint_sid;  in selinux_determine_inode_label()
1769 	} else if ((sbsec->flags & SBLABEL_MNT) &&  in selinux_determine_inode_label()
1789 	struct superblock_security_struct *sbsec;  in may_create()  local
1795 	sbsec = dir->i_sb->s_security;  in may_create()
1820 			    newsid, sbsec->sid,  in may_create()
1941 	struct superblock_security_struct *sbsec;  in superblock_has_perm()  local
1944 	sbsec = sb->s_security;  in superblock_has_perm()
1946 			    sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);  in superblock_has_perm()
2567 	struct superblock_security_struct *sbsec;  in selinux_sb_alloc_security()  local
2569 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);  in selinux_sb_alloc_security()
2570 	if (!sbsec)  in selinux_sb_alloc_security()
2573 	mutex_init(&sbsec->lock);  in selinux_sb_alloc_security()
2574 	INIT_LIST_HEAD(&sbsec->isec_head);  in selinux_sb_alloc_security()
2575 	spin_lock_init(&sbsec->isec_lock);  in selinux_sb_alloc_security()
2576 	sbsec->sb = sb;  in selinux_sb_alloc_security()
2577 	sbsec->sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2578 	sbsec->def_sid = SECINITSID_FILE;  in selinux_sb_alloc_security()
2579 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;  in selinux_sb_alloc_security()
2580 	sb->s_security = sbsec;  in selinux_sb_alloc_security()
2668 	struct superblock_security_struct *sbsec = sb->s_security;  in selinux_sb_remount()  local
2672 	if (!(sbsec->flags & SE_SBINITIALIZED))  in selinux_sb_remount()
2682 		if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))  in selinux_sb_remount()
2689 		if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))  in selinux_sb_remount()
2698 		if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))  in selinux_sb_remount()
2705 		if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))  in selinux_sb_remount()
2900 	struct superblock_security_struct *sbsec;  in selinux_inode_init_security()  local
2905 	sbsec = dir->i_sb->s_security;  in selinux_inode_init_security()
2916 	if (sbsec->flags & SE_SBINITIALIZED) {  in selinux_inode_init_security()
2924 	    !(sbsec->flags & SBLABEL_MNT))  in selinux_inode_init_security()
3188 	struct superblock_security_struct *sbsec;  in selinux_inode_setxattr()  local
3206 	sbsec = inode->i_sb->s_security;  in selinux_inode_setxattr()
3207 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setxattr()
3269 			    sbsec->sid,  in selinux_inode_setxattr()
3448 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;  in selinux_inode_setsecurity()  local
3455 	if (!(sbsec->flags & SBLABEL_MNT))  in selinux_inode_setsecurity()