[PATCH] LSM changes for 2.5.58

[Greg KH <greg@kroah.com>]

ChangeSet 1.953, 2003/01/16 14:18:05-08:00, sds@epoch.ncsc.mil

[PATCH] Add LSM hook to do_kern_mount

This patch adds a security_sb_kern_mount hook call to the do_kern_mount
function.  This hook enables initialization of the superblock security
information of all superblock objects.  Placing a hook in do_kern_mount
was originally suggested by Al Viro.  This hook is used by SELinux to
setup the superblock security state and eliminated the need for the
superblock_precondition function.


diff -Nru a/fs/super.c b/fs/super.c
--- a/fs/super.c	Thu Jan 16 15:07:36 2003
+++ b/fs/super.c	Thu Jan 16 15:07:36 2003
@@ -610,6 +610,7 @@
 	struct file_system_type *type = get_fs_type(fstype);
 	struct super_block *sb = ERR_PTR(-ENOMEM);
 	struct vfsmount *mnt;
+	int error;
 
 	if (!type)
 		return ERR_PTR(-ENODEV);
@@ -620,6 +621,13 @@
 	sb = type->get_sb(type, flags, name, data);
 	if (IS_ERR(sb))
 		goto out_mnt;
+ 	error = security_sb_kern_mount(sb);
+ 	if (error) {
+ 		up_write(&sb->s_umount);
+ 		deactivate_super(sb);
+ 		sb = ERR_PTR(error);
+ 		goto out_mnt;
+ 	}
 	mnt->mnt_sb = sb;
 	mnt->mnt_root = dget(sb->s_root);
 	mnt->mnt_mountpoint = sb->s_root;
diff -Nru a/include/linux/security.h b/include/linux/security.h
--- a/include/linux/security.h	Thu Jan 16 15:07:36 2003
+++ b/include/linux/security.h	Thu Jan 16 15:07:36 2003
@@ -814,6 +814,7 @@
 
 	int (*sb_alloc_security) (struct super_block * sb);
 	void (*sb_free_security) (struct super_block * sb);
+	int (*sb_kern_mount) (struct super_block *sb);
 	int (*sb_statfs) (struct super_block * sb);
 	int (*sb_mount) (char *dev_name, struct nameidata * nd,
 			 char *type, unsigned long flags, void *data);
@@ -1034,6 +1035,11 @@
 	security_ops->sb_free_security (sb);
 }
 
+static inline int security_sb_kern_mount (struct super_block *sb)
+{
+	return security_ops->sb_kern_mount (sb);
+}
+
 static inline int security_sb_statfs (struct super_block *sb)
 {
 	return security_ops->sb_statfs (sb);
@@ -1638,6 +1644,11 @@
 
 static inline void security_sb_free (struct super_block *sb)
 { }
+
+static inline int security_sb_kern_mount (struct super_block *sb)
+{
+	return 0;
+}
 
 static inline int security_sb_statfs (struct super_block *sb)
 {
diff -Nru a/security/dummy.c b/security/dummy.c
--- a/security/dummy.c	Thu Jan 16 15:07:36 2003
+++ b/security/dummy.c	Thu Jan 16 15:07:36 2003
@@ -120,6 +120,11 @@
 	return;
 }
 
+static int dummy_sb_kern_mount (struct super_block *sb)
+{
+	return 0;
+}
+
 static int dummy_sb_statfs (struct super_block *sb)
 {
 	return 0;
@@ -635,6 +640,7 @@
 	set_to_dummy_if_null(ops, bprm_check_security);
 	set_to_dummy_if_null(ops, sb_alloc_security);
 	set_to_dummy_if_null(ops, sb_free_security);
+	set_to_dummy_if_null(ops, sb_kern_mount);
 	set_to_dummy_if_null(ops, sb_statfs);
 	set_to_dummy_if_null(ops, sb_mount);
 	set_to_dummy_if_null(ops, sb_check_sb);