Revert "SELinux: allow fstype unknown to policy to use xattrs if present"

This reverts commit 811f379927. From Eric Paris: "Please drop this patch for now. It deadlocks on ntfs-3g. I need to rework it to handle fuse filesystems better. (casey was right)"
2025-06-17 20:25:19 +00:00 · 2008-07-15 18:32:49 +10:00 · 2008-07-15 18:32:49 +10:00 · 089be43e40
commit 089be43e40
parent 50515af207
3 changed files with 14 additions and 37 deletions
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@ -555,15 +555,13 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 	struct task_security_struct *tsec = current->security;
 	struct superblock_security_struct *sbsec = sb->s_security;
 	const char *name = sb->s_type->name;
-	struct dentry *root = sb->s_root;
+	struct inode *inode = sbsec->sb->s_root->d_inode;
-	struct inode *root_inode = root->d_inode;
+	struct inode_security_struct *root_isec = inode->i_security;
 	struct inode_security_struct *root_isec = root_inode->i_security;
 	u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
 	u32 defcontext_sid = 0;
 	char **mount_options = opts->mnt_opts;
 	int *flags = opts->mnt_opts_flags;
 	int num_opts = opts->num_mnt_opts;
 	bool can_xattr = false;
 	mutex_lock(&sbsec->lock);
@ -667,24 +665,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 		goto out;
 	}
-	if (strcmp(name, "proc") == 0)
+	if (strcmp(sb->s_type->name, "proc") == 0)
 		sbsec->proc = 1;
 	/*
 	 * test if the fs supports xattrs, fs_use might make use of this if the
 	 * fs has no definition in policy.
 	 */
 	if (root_inode->i_op->getxattr) {
 		rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
 		if (rc >= 0 || rc == -ENODATA)
 			can_xattr = true;
 	}
 	/* Determine the labeling behavior to use for this filesystem type. */
-	rc = security_fs_use(name, &sbsec->behavior, &sbsec->sid, can_xattr);
+	rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
 	if (rc) {
 		printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
-		       __func__, name, rc);
+		       __func__, sb->s_type->name, rc);
 		goto out;
 	}
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@ -136,7 +136,7 @@ int security_get_allow_unknown(void);
 #define SECURITY_FS_USE_MNTPOINT	6 /* use mountpoint labeling */
 int security_fs_use(const char *fstype, unsigned int *behavior,
-	u32 *sid, bool can_xattr);
+	u32 *sid);
 int security_genfs_sid(const char *fstype, char *name, u16 sclass,
 	u32 *sid);
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -1934,8 +1934,7 @@ out:
 int security_fs_use(
 	const char *fstype,
 	unsigned int *behavior,
-	u32 *sid,
+	u32 *sid)
 	bool can_xattr)
 {
 	int rc = 0;
 	struct ocontext *c;
@ -1949,7 +1948,6 @@ int security_fs_use(
 		c = c->next;
 	}
 	/* look for labeling behavior defined in policy */
 	if (c) {
 		*behavior = c->v.behavior;
 		if (!c->sid[0]) {
@ -1960,23 +1958,14 @@ int security_fs_use(
 				goto out;
 		}
 		*sid = c->sid[0];
 		goto out;
 	}
 	/* labeling behavior not in policy, use xattrs if possible */
 	if (can_xattr) {
 		*behavior = SECURITY_FS_USE_XATTR;
 		*sid = SECINITSID_FS;
 		goto out;
 	}
 	/* no behavior in policy and can't use xattrs, try GENFS */
 	rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
 	if (rc) {
 		*behavior = SECURITY_FS_USE_NONE;
 		rc = 0;
 	} else {
-		*behavior = SECURITY_FS_USE_GENFS;
+		rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
 		if (rc) {
 			*behavior = SECURITY_FS_USE_NONE;
 			rc = 0;
 		} else {
 			*behavior = SECURITY_FS_USE_GENFS;
 		}
 	}
 out: