From: Cory Olmo <colmo@TrustedCS.com>
To: selinux@tycho.nsa.gov
Subject: [RFC Patch 1/3] Context Mounts and Unsupported Contexts: kernel
Date: Tue, 15 Aug 2006 10:56:15 -0500 [thread overview]
Message-ID: <20060815105615.82a6a474.colmo@TrustedCS.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 600 bytes --]
This patch modifies selinux_sb_copy_data() so that it will only take an
option after seeing a ',' if it hasn't seen a quote or if the quotes are
matched. When it does take the option, if the option is an selinux option
then it calls a new function take_selinux_option(). This new function will
strip the quotes and replace the previously used comma separator with a '|'.
try_context_mount() was modified to look for the '|' as the separator
instead of ','.
linux-2.6.17/security/selinux/hooks.c | 36 +++++++++++++++++++++++++++++++++---
1 file changed, 33 insertions(+), 3 deletions(-)
[-- Attachment #2: linux-2.6-quoted_context.patch --]
[-- Type: text/x-patch, Size: 1767 bytes --]
diff --git a/linux-2.6.17.i686/security/selinux/hooks.c b/linux-2.6.17.i686/security/selinux/hooks.c
index 93bc2df..378d90c 100644
--- a/linux-2.6.17.i686/security/selinux/hooks.c
+++ b/linux-2.6.17.i686/security/selinux/hooks.c
@@ -398,7 +398,7 @@ static int try_context_mount(struct supe
/* Standard string-based options. */
char *p, *options = data;
- while ((p = strsep(&options, ",")) != NULL) {
+ while ((p = strsep(&options, "|")) != NULL) {
int token;
substring_t args[MAX_OPT_ARGS];
@@ -1949,11 +1949,34 @@ static inline void take_option(char **to
*to += len;
}
+static inline void take_selinux_option(char **to, char *from, int *first,
+ int len)
+{
+ int current_size = 0;
+
+ if (!*first) {
+ **to = '|';
+ *to += 1;
+ }
+ else
+ *first = 0;
+
+ while (current_size < len) {
+ if (*from != '"') {
+ **to = *from;
+ *to += 1;
+ }
+ from += 1;
+ current_size += 1;
+ }
+}
+
static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
{
int fnosec, fsec, rc = 0;
char *in_save, *in_curr, *in_end;
char *sec_curr, *nosec_save, *nosec;
+ int open_quote = 0;
in_curr = orig;
sec_curr = copy;
@@ -1975,11 +1998,18 @@ static int selinux_sb_copy_data(struct f
in_save = in_end = orig;
do {
- if (*in_end == ',' || *in_end == '\0') {
+ if (*in_end == '"') {
+ if (open_quote == 0)
+ open_quote -= 1;
+ else
+ open_quote += 1;
+ }
+ if (((*in_end == ',') && (open_quote == 0)) ||
+ *in_end == '\0') {
int len = in_end - in_curr;
if (selinux_option(in_curr, len))
- take_option(&sec_curr, in_curr, &fsec, len);
+ take_selinux_option(&sec_curr, in_curr, &fsec, len);
else
take_option(&nosec, in_curr, &fnosec, len);
next reply other threads:[~2006-08-15 15:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-15 15:56 Cory Olmo [this message]
2006-08-15 19:21 ` [RFC Patch 1/3] Context Mounts and Unsupported Contexts: kernel James Morris
2006-08-15 20:49 ` Cory Olmo
2006-08-16 13:58 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060815105615.82a6a474.colmo@TrustedCS.com \
--to=colmo@trustedcs.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.