Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/tomoyo/mount.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * security/tomoyo/mount.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2005-2011  NTT DATA CORPORATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <uapi/linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include "common.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) /* String table for special mount operations. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 	[TOMOYO_MOUNT_BIND]            = "--bind",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 	[TOMOYO_MOUNT_MOVE]            = "--move",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) 	[TOMOYO_MOUNT_REMOUNT]         = "--remount",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 	[TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 	[TOMOYO_MOUNT_MAKE_PRIVATE]    = "--make-private",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 	[TOMOYO_MOUNT_MAKE_SLAVE]      = "--make-slave",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 	[TOMOYO_MOUNT_MAKE_SHARED]     = "--make-shared",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)  * tomoyo_audit_mount_log - Audit mount log.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26)  * @r: Pointer to "struct tomoyo_request_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)  * Returns 0 on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 				 r->param.mount.dev->name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 				 r->param.mount.dir->name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 				 r->param.mount.type->name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 				 r->param.mount.flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40)  * tomoyo_check_mount_acl - Check permission for path path path number operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  * @r:   Pointer to "struct tomoyo_request_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)  * @ptr: Pointer to "struct tomoyo_acl_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45)  * Returns true if granted, false otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 				   const struct tomoyo_acl_info *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	const struct tomoyo_mount_acl *acl =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		container_of(ptr, typeof(*acl), head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	return tomoyo_compare_number_union(r->param.mount.flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 					   &acl->flags) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 		tomoyo_compare_name_union(r->param.mount.type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 					  &acl->fs_type) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 		tomoyo_compare_name_union(r->param.mount.dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 					  &acl->dir_name) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 		(!r->param.mount.need_dev ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		 tomoyo_compare_name_union(r->param.mount.dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 					   &acl->dev_name));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65)  * tomoyo_mount_acl - Check permission for mount() operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67)  * @r:        Pointer to "struct tomoyo_request_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68)  * @dev_name: Name of device file. Maybe NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69)  * @dir:      Pointer to "struct path".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70)  * @type:     Name of filesystem type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  * @flags:    Mount options.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73)  * Returns 0 on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75)  * Caller holds tomoyo_read_lock().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) static int tomoyo_mount_acl(struct tomoyo_request_info *r,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 			    const char *dev_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 			    const struct path *dir, const char *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 			    unsigned long flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	struct tomoyo_obj_info obj = { };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	struct path path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	struct file_system_type *fstype = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	const char *requested_type = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	const char *requested_dir_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	const char *requested_dev_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	struct tomoyo_path_info rtype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	struct tomoyo_path_info rdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	struct tomoyo_path_info rdir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	int need_dev = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	int error = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	r->obj = &obj;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	/* Get fstype. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	requested_type = tomoyo_encode(type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	if (!requested_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	rtype.name = requested_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	tomoyo_fill_path_info(&rtype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	/* Get mount point. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	obj.path2 = *dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	requested_dir_name = tomoyo_realpath_from_path(dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	if (!requested_dir_name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 		error = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	rdir.name = requested_dir_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	tomoyo_fill_path_info(&rdir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	/* Compare fs name. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 		/* dev_name is ignored. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		/* dev_name is ignored. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 		   type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 		need_dev = -1; /* dev_name is a directory */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 		fstype = get_fs_type(type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 		if (!fstype) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 			error = -ENODEV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		if (fstype->fs_flags & FS_REQUIRES_DEV)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 			/* dev_name is a block device file. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 			need_dev = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	if (need_dev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		/* Get mount point or device file. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 		if (!dev_name || kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 			error = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 		obj.path1 = path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 		requested_dev_name = tomoyo_realpath_from_path(&path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 		if (!requested_dev_name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 			error = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		/* Map dev_name to "<NULL>" if no dev_name given. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		if (!dev_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 			dev_name = "<NULL>";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		requested_dev_name = tomoyo_encode(dev_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		if (!requested_dev_name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 			error = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	rdev.name = requested_dev_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	tomoyo_fill_path_info(&rdev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	r->param_type = TOMOYO_TYPE_MOUNT_ACL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	r->param.mount.need_dev = need_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	r->param.mount.dev = &rdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	r->param.mount.dir = &rdir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	r->param.mount.type = &rtype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	r->param.mount.flags = flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		tomoyo_check_acl(r, tomoyo_check_mount_acl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 		error = tomoyo_audit_mount_log(r);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	} while (error == TOMOYO_RETRY_REQUEST);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)  out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	kfree(requested_dev_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	kfree(requested_dir_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	if (fstype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		put_filesystem(fstype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	kfree(requested_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	/* Drop refcount obtained by kern_path(). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	if (obj.path1.dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		path_put(&obj.path1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)  * tomoyo_mount_permission - Check permission for mount() operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)  * @dev_name:  Name of device file. Maybe NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)  * @path:      Pointer to "struct path".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)  * @type:      Name of filesystem type. Maybe NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)  * @flags:     Mount options.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)  * @data_page: Optional data. Maybe NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)  * Returns 0 on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) int tomoyo_mount_permission(const char *dev_name, const struct path *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 			    const char *type, unsigned long flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 			    void *data_page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	struct tomoyo_request_info r;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	int idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	    == TOMOYO_CONFIG_DISABLED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 		flags &= ~MS_MGC_MSK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	if (flags & MS_REMOUNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 		type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 		flags &= ~MS_REMOUNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	} else if (flags & MS_BIND) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 		type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 		flags &= ~MS_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	} else if (flags & MS_SHARED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 		if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		flags &= ~MS_SHARED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	} else if (flags & MS_PRIVATE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 		if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 		flags &= ~MS_PRIVATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	} else if (flags & MS_SLAVE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 		flags &= ~MS_SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	} else if (flags & MS_UNBINDABLE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 		if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 		flags &= ~MS_UNBINDABLE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	} else if (flags & MS_MOVE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 		type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		flags &= ~MS_MOVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	if (!type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 		type = "<NULL>";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	idx = tomoyo_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	error = tomoyo_mount_acl(&r, dev_name, path, type, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	tomoyo_read_unlock(idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.