include/linux/fs.h | 1 + security/selinux/hooks.c | 194 +++++++++++++++++--------------------- security/selinux/include/objsec.h | 2 - security/selinux/selinuxfs.c | 10 +- 4 files changed, 94 insertions(+), 113 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 43db02e9c9fa..11a11525b7a8 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -536,6 +536,7 @@ struct inode { #ifdef CONFIG_SECURITY void *i_security; + u32 i_sid, i_sclass; #endif /* Stat data, not accessed from path walking */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5c6f2cd2d095..bcc3ea477b35 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -210,10 +210,10 @@ static int inode_alloc_security(struct inode *inode) mutex_init(&isec->lock); INIT_LIST_HEAD(&isec->list); isec->inode = inode; - isec->sid = SECINITSID_UNLABELED; - isec->sclass = SECCLASS_FILE; isec->task_sid = sid; inode->i_security = isec; + inode->i_sid = SECINITSID_UNLABELED; + inode->i_sclass = SECCLASS_FILE; return 0; } @@ -505,9 +505,8 @@ static int selinux_get_mnt_opts(const struct super_block *sb, } if (sbsec->flags & ROOTCONTEXT_MNT) { struct inode *root = sbsec->sb->s_root->d_inode; - struct inode_security_struct *isec = root->i_security; - rc = security_sid_to_context(isec->sid, &context, &len); + rc = security_sid_to_context(root->i_sid, &context, &len); if (rc) goto out_free; opts->mnt_opts[i] = context; @@ -636,7 +635,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, case ROOTCONTEXT_MNT: rootcontext_sid = sid; - if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, + if (bad_option(sbsec, ROOTCONTEXT_MNT, inode->i_sid, rootcontext_sid)) goto out_double_mount; @@ -718,7 +717,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (rc) goto out; - root_isec->sid = rootcontext_sid; + inode->i_sid = rootcontext_sid; root_isec->initialized = 1; } @@ -768,9 +767,9 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) goto mismatch; if (oldflags & ROOTCONTEXT_MNT) { - struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security; - struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security; - if (oldroot->sid != newroot->sid) + struct inode *oldroot = oldsb->s_root->d_inode; + struct inode *newroot = newsb->s_root->d_inode; + if (oldroot->i_sid != newroot->i_sid) goto mismatch; } return 0; @@ -820,18 +819,15 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, newsbsec->sid = sid; if (!set_rootcontext) { struct inode *newinode = newsb->s_root->d_inode; - struct inode_security_struct *newisec = newinode->i_security; - newisec->sid = sid; + newinode->i_sid = sid; } newsbsec->mntpoint_sid = sid; } if (set_rootcontext) { const struct inode *oldinode = oldsb->s_root->d_inode; - const struct inode_security_struct *oldisec = oldinode->i_security; struct inode *newinode = newsb->s_root->d_inode; - struct inode_security_struct *newisec = newinode->i_security; - newisec->sid = oldisec->sid; + newinode->i_sid = oldinode->i_sid; } sb_finish_set_opts(newsb); @@ -1224,7 +1220,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent switch (sbsec->behavior) { case SECURITY_FS_USE_XATTR: if (!inode->i_op->getxattr) { - isec->sid = sbsec->def_sid; + inode->i_sid = sbsec->def_sid; break; } @@ -1319,39 +1315,39 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent } } kfree(context); - isec->sid = sid; + inode->i_sid = sid; break; case SECURITY_FS_USE_TASK: - isec->sid = isec->task_sid; + inode->i_sid = isec->task_sid; break; case SECURITY_FS_USE_TRANS: /* Default to the fs SID. */ - isec->sid = sbsec->sid; + inode->i_sid = sbsec->sid; /* Try to obtain a transition SID. */ - isec->sclass = inode_mode_to_security_class(inode->i_mode); + inode->i_sclass = inode_mode_to_security_class(inode->i_mode); rc = security_transition_sid(isec->task_sid, sbsec->sid, - isec->sclass, NULL, &sid); + inode->i_sclass, NULL, &sid); if (rc) goto out_unlock; - isec->sid = sid; + inode->i_sid = sid; break; case SECURITY_FS_USE_MNTPOINT: - isec->sid = sbsec->mntpoint_sid; + inode->i_sid = sbsec->mntpoint_sid; break; default: /* Default to the fs superblock SID. */ - isec->sid = sbsec->sid; + inode->i_sid = sbsec->sid; if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { if (opt_dentry) { - isec->sclass = inode_mode_to_security_class(inode->i_mode); + inode->i_sclass = inode_mode_to_security_class(inode->i_mode); rc = selinux_proc_get_sid(opt_dentry, - isec->sclass, + inode->i_sclass, &sid); if (rc) goto out_unlock; - isec->sid = sid; + inode->i_sid = sid; } } break; @@ -1362,8 +1358,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent out_unlock: mutex_unlock(&isec->lock); out: - if (isec->sclass == SECCLASS_FILE) - isec->sclass = inode_mode_to_security_class(inode->i_mode); + if (inode->i_sclass == SECCLASS_FILE) + inode->i_sclass = inode_mode_to_security_class(inode->i_mode); return rc; } @@ -1503,7 +1499,6 @@ static int inode_has_perm(const struct cred *cred, struct common_audit_data *adp, unsigned flags) { - struct inode_security_struct *isec; u32 sid; validate_creds(cred); @@ -1512,9 +1507,8 @@ static int inode_has_perm(const struct cred *cred, return 0; sid = cred_sid(cred); - isec = inode->i_security; - return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); + return avc_has_perm_flags(sid, inode->i_sid, inode->i_sclass, perms, adp, flags); } /* Same as inode_has_perm, but pass explicit audit data containing @@ -1592,13 +1586,11 @@ static int may_create(struct inode *dir, u16 tclass) { const struct task_security_struct *tsec = current_security(); - struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; struct common_audit_data ad; int rc; - dsec = dir->i_security; sbsec = dir->i_sb->s_security; sid = tsec->sid; @@ -1607,14 +1599,14 @@ static int may_create(struct inode *dir, ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; - rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, + rc = avc_has_perm(sid, dir->i_sid, SECCLASS_DIR, DIR__ADD_NAME | DIR__SEARCH, &ad); if (rc) return rc; if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { - rc = security_transition_sid(sid, dsec->sid, tclass, + rc = security_transition_sid(sid, dir->i_sid, tclass, &dentry->d_name, &newsid); if (rc) return rc; @@ -1648,21 +1640,20 @@ static int may_link(struct inode *dir, int kind) { - struct inode_security_struct *dsec, *isec; + struct inode *inode; struct common_audit_data ad; u32 sid = current_sid(); u32 av; int rc; - dsec = dir->i_security; - isec = dentry->d_inode->i_security; + inode = dentry->d_inode; ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; av = DIR__SEARCH; av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); - rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); + rc = avc_has_perm(sid, dir->i_sid, SECCLASS_DIR, av, &ad); if (rc) return rc; @@ -1682,7 +1673,7 @@ static int may_link(struct inode *dir, return 0; } - rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); + rc = avc_has_perm(sid, inode->i_sid, inode->i_sclass, av, &ad); return rc; } @@ -1691,32 +1682,30 @@ static inline int may_rename(struct inode *old_dir, struct inode *new_dir, struct dentry *new_dentry) { - struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; + struct inode *old_inode, *new_inode; struct common_audit_data ad; u32 sid = current_sid(); u32 av; int old_is_dir, new_is_dir; int rc; - old_dsec = old_dir->i_security; - old_isec = old_dentry->d_inode->i_security; - old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); - new_dsec = new_dir->i_security; + old_inode = old_dentry->d_inode; + old_is_dir = S_ISDIR(old_inode->i_mode); ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = old_dentry; - rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, + rc = avc_has_perm(sid, old_dir->i_sid, SECCLASS_DIR, DIR__REMOVE_NAME | DIR__SEARCH, &ad); if (rc) return rc; - rc = avc_has_perm(sid, old_isec->sid, - old_isec->sclass, FILE__RENAME, &ad); + rc = avc_has_perm(sid, old_inode->i_sid, + old_inode->i_sclass, FILE__RENAME, &ad); if (rc) return rc; if (old_is_dir && new_dir != old_dir) { - rc = avc_has_perm(sid, old_isec->sid, - old_isec->sclass, DIR__REPARENT, &ad); + rc = avc_has_perm(sid, old_inode->i_sid, + old_inode->i_sclass, DIR__REPARENT, &ad); if (rc) return rc; } @@ -1725,14 +1714,14 @@ static inline int may_rename(struct inode *old_dir, av = DIR__ADD_NAME | DIR__SEARCH; if (new_dentry->d_inode) av |= DIR__REMOVE_NAME; - rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); + rc = avc_has_perm(sid, new_dir->i_sid, SECCLASS_DIR, av, &ad); if (rc) return rc; - if (new_dentry->d_inode) { - new_isec = new_dentry->d_inode->i_security; - new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); - rc = avc_has_perm(sid, new_isec->sid, - new_isec->sclass, + new_inode = new_dentry->d_inode; + if (new_inode) { + new_is_dir = S_ISDIR(new_inode->i_mode); + rc = avc_has_perm(sid, new_inode->i_sid, + new_inode->i_sclass, (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); if (rc) return rc; @@ -2027,7 +2016,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) return -EPERM; } else { /* Check for a default transition on this program. */ - rc = security_transition_sid(old_tsec->sid, isec->sid, + rc = security_transition_sid(old_tsec->sid, inode->i_sid, SECCLASS_PROCESS, NULL, &new_tsec->sid); if (rc) @@ -2042,7 +2031,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) new_tsec->sid = old_tsec->sid; if (new_tsec->sid == old_tsec->sid) { - rc = avc_has_perm(old_tsec->sid, isec->sid, + rc = avc_has_perm(old_tsec->sid, inode->i_sid, SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); if (rc) return rc; @@ -2053,7 +2042,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (rc) return rc; - rc = avc_has_perm(new_tsec->sid, isec->sid, + rc = avc_has_perm(new_tsec->sid, inode->i_sid, SECCLASS_FILE, FILE__ENTRYPOINT, &ad); if (rc) return rc; @@ -2422,10 +2411,10 @@ static int selinux_sb_remount(struct super_block *sb, void *data) goto out_bad_option; break; case ROOTCONTEXT_MNT: { - struct inode_security_struct *root_isec; - root_isec = sb->s_root->d_inode->i_security; + struct inode *root_inode; + root_inode = sb->s_root->d_inode; - if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) + if (bad_option(sbsec, ROOTCONTEXT_MNT, root_inode->i_sid, sid)) goto out_bad_option; break; } @@ -2520,13 +2509,11 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, void **value, size_t *len) { const struct task_security_struct *tsec = current_security(); - struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid, clen; int rc; char *namep = NULL, *context; - dsec = dir->i_security; sbsec = dir->i_sb->s_security; sid = tsec->sid; @@ -2536,7 +2523,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) newsid = sbsec->mntpoint_sid; else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { - rc = security_transition_sid(sid, dsec->sid, + rc = security_transition_sid(sid, dir->i_sid, inode_mode_to_security_class(inode->i_mode), qstr, &newsid); if (rc) { @@ -2552,8 +2539,8 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, /* Possibly defer initialization to selinux_complete_init. */ if (sbsec->flags & SE_SBINITIALIZED) { struct inode_security_struct *isec = inode->i_security; - isec->sclass = inode_mode_to_security_class(inode->i_mode); - isec->sid = newsid; + inode->i_sclass = inode_mode_to_security_class(inode->i_mode); + inode->i_sid = newsid; isec->initialized = 1; } @@ -2640,13 +2627,12 @@ static noinline int audit_inode_permission(struct inode *inode, unsigned flags) { struct common_audit_data ad; - struct inode_security_struct *isec = inode->i_security; int rc; ad.type = LSM_AUDIT_DATA_INODE; ad.u.inode = inode; - rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, + rc = slow_avc_audit(current_sid(), inode->i_sid, inode->i_sclass, perms, audited, denied, &ad, flags); if (rc) return rc; @@ -2682,7 +2668,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) sid = cred_sid(cred); isec = inode->i_security; - rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd); + rc = avc_has_perm_noaudit(sid, inode->i_sid, inode->i_sclass, perms, 0, &avd); audited = avc_audit_required(perms, &avd, rc, from_access ? FILE__AUDIT_ACCESS : 0, &denied); @@ -2755,7 +2741,6 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct inode *inode = dentry->d_inode; - struct inode_security_struct *isec = inode->i_security; struct superblock_security_struct *sbsec; struct common_audit_data ad; u32 newsid, sid = current_sid(); @@ -2774,7 +2759,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; - rc = avc_has_perm(sid, isec->sid, isec->sclass, + rc = avc_has_perm(sid, inode->i_sid, inode->i_sclass, FILE__RELABELFROM, &ad); if (rc) return rc; @@ -2810,13 +2795,13 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, if (rc) return rc; - rc = avc_has_perm(sid, newsid, isec->sclass, + rc = avc_has_perm(sid, newsid, inode->i_sclass, FILE__RELABELTO, &ad); if (rc) return rc; - rc = security_validate_transition(isec->sid, newsid, sid, - isec->sclass); + rc = security_validate_transition(inode->i_sid, newsid, sid, + inode->i_sclass); if (rc) return rc; @@ -2832,7 +2817,6 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, int flags) { struct inode *inode = dentry->d_inode; - struct inode_security_struct *isec = inode->i_security; u32 newsid; int rc; @@ -2849,7 +2833,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, return; } - isec->sid = newsid; + inode->i_sid = newsid; return; } @@ -2887,7 +2871,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name u32 size; int error; char *context = NULL; - struct inode_security_struct *isec = inode->i_security; if (strcmp(name, XATTR_SELINUX_SUFFIX)) return -EOPNOTSUPP; @@ -2904,10 +2887,10 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); if (!error) - error = security_sid_to_context_force(isec->sid, &context, + error = security_sid_to_context_force(inode->i_sid, &context, &size); else - error = security_sid_to_context(isec->sid, &context, &size); + error = security_sid_to_context(inode->i_sid, &context, &size); if (error) return error; error = size; @@ -2937,7 +2920,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name, if (rc) return rc; - isec->sid = newsid; + inode->i_sid = newsid; isec->initialized = 1; return 0; } @@ -2952,8 +2935,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) { - struct inode_security_struct *isec = inode->i_security; - *secid = isec->sid; + *secid = inode->i_sid; } /* file security operations */ @@ -2975,14 +2957,13 @@ static int selinux_file_permission(struct file *file, int mask) { struct inode *inode = file_inode(file); struct file_security_struct *fsec = file->f_security; - struct inode_security_struct *isec = inode->i_security; u32 sid = current_sid(); if (!mask) /* No permission to check. Existence test. */ return 0; - if (sid == fsec->sid && fsec->isid == isec->sid && + if (sid == fsec->sid && fsec->isid == inode->i_sid && fsec->pseqno == avc_policy_seqno()) /* No change since file_open check. */ return 0; @@ -3238,10 +3219,10 @@ static int selinux_file_receive(struct file *file) static int selinux_file_open(struct file *file, const struct cred *cred) { struct file_security_struct *fsec; - struct inode_security_struct *isec; + struct inode *inode; fsec = file->f_security; - isec = file_inode(file)->i_security; + inode = file_inode(file); /* * Save inode label and policy sequence number * at open-time so that selinux_file_permission @@ -3249,7 +3230,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred) * Task label is already saved in the file security * struct as its SID. */ - fsec->isid = isec->sid; + fsec->isid = inode->i_sid; fsec->pseqno = avc_policy_seqno(); /* * Since the inode label or policy seqno may have changed @@ -3359,18 +3340,17 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) */ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { - struct inode_security_struct *isec = inode->i_security; struct task_security_struct *tsec = new->security; u32 sid = current_sid(); int ret; - ret = avc_has_perm(sid, isec->sid, + ret = avc_has_perm(sid, inode->i_sid, SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, NULL); if (ret == 0) - tsec->create_sid = isec->sid; + tsec->create_sid = inode->i_sid; return ret; } @@ -3500,7 +3480,7 @@ static void selinux_task_to_inode(struct task_struct *p, struct inode_security_struct *isec = inode->i_security; u32 sid = task_sid(p); - isec->sid = sid; + inode->i_sid = sid; isec->initialized = 1; } @@ -3790,16 +3770,17 @@ static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { const struct task_security_struct *tsec = current_security(); - struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; + struct inode *inode = SOCK_INODE(sock); + struct inode_security_struct *isec = inode->i_security; struct sk_security_struct *sksec; int err = 0; - isec->sclass = socket_type_to_security_class(family, type, protocol); + inode->i_sclass = socket_type_to_security_class(family, type, protocol); if (kern) - isec->sid = SECINITSID_KERNEL; + inode->i_sid = SECINITSID_KERNEL; else { - err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); + err = socket_sockcreate_sid(tsec, inode->i_sclass, &(inode->i_sid)); if (err) return err; } @@ -3808,8 +3789,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, if (sock->sk) { sksec = sock->sk->sk_security; - sksec->sid = isec->sid; - sksec->sclass = isec->sclass; + sksec->sid = inode->i_sid; + sksec->sclass = inode->i_sclass; err = selinux_netlbl_socket_post_create(sock->sk, family); } @@ -3983,18 +3964,19 @@ static int selinux_socket_listen(struct socket *sock, int backlog) static int selinux_socket_accept(struct socket *sock, struct socket *newsock) { int err; - struct inode_security_struct *isec; + struct inode *inode, *newinode; struct inode_security_struct *newisec; err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT); if (err) return err; - newisec = SOCK_INODE(newsock)->i_security; + newinode = SOCK_INODE(newsock); + newisec = newinode->i_security; - isec = SOCK_INODE(sock)->i_security; - newisec->sclass = isec->sclass; - newisec->sid = isec->sid; + inode = SOCK_INODE(sock); + newinode->i_sclass = inode->i_sclass; + newinode->i_sid = inode->i_sid; newisec->initialized = 1; return 0; @@ -4327,13 +4309,13 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) static void selinux_sock_graft(struct sock *sk, struct socket *parent) { - struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; + struct inode *inode = SOCK_INODE(parent); struct sk_security_struct *sksec = sk->sk_security; if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) - isec->sid = sksec->sid; - sksec->sclass = isec->sclass; + inode->i_sid = sksec->sid; + sksec->sclass = inode->i_sclass; } static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index aa47bcabb5f6..f48693889e27 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -40,8 +40,6 @@ struct inode_security_struct { struct inode *inode; /* back pointer to inode object */ struct list_head list; /* list of inode_security_struct */ u32 task_sid; /* SID of creating task */ - u32 sid; /* SID of this object */ - u16 sclass; /* security class of this object */ unsigned char initialized; /* initialization flag */ struct mutex lock; }; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ff427733c290..1591a3c042dc 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1262,12 +1262,12 @@ static int sel_make_bools(void) if (len >= PAGE_SIZE) goto out; - isec = (struct inode_security_struct *)inode->i_security; + isec = inode->i_security; ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid); if (ret) goto out; - isec->sid = sid; + inode->i_sid = sid; isec->initialized = 1; inode->i_fop = &sel_bool_ops; inode->i_ino = i|SEL_BOOL_INO_OFFSET; @@ -1827,9 +1827,9 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) goto err; inode->i_ino = ++sel_last_ino; - isec = (struct inode_security_struct *)inode->i_security; - isec->sid = SECINITSID_DEVNULL; - isec->sclass = SECCLASS_CHR_FILE; + isec = inode->i_security; + inode->i_sid = SECINITSID_DEVNULL; + inode->i_sclass = SECCLASS_CHR_FILE; isec->initialized = 1; init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));