1 files changed, 0 insertions, 193 deletions
diff --git a/module/os/freebsd/zfs/zfs_vfsops.c b/module/os/freebsd/zfs/zfs_vfsops.c
index f94ea4433..b6cf0c92b 100644
--- a/module/os/freebsd/zfs/zfs_vfsops.c
+++ b/module/os/freebsd/zfs/zfs_vfsops.c
@@ -1267,193 +1267,6 @@ zfs_unregister_callbacks(zfsvfs_t *zfsvfs)
 		dsl_prop_unregister_all(dmu_objset_ds(os), zfsvfs);
 }
 
-#ifdef SECLABEL
-/*
- * Convert a decimal digit string to a uint64_t integer.
- */
-static int
-str_to_uint64(char *str, uint64_t *objnum)
-{
-	uint64_t num = 0;
-
-	while (*str) {
-		if (*str < '0' || *str > '9')
-			return (SET_ERROR(EINVAL));
-
-		num = num*10 + *str++ - '0';
-	}
-
-	*objnum = num;
-	return (0);
-}
-
-/*
- * The boot path passed from the boot loader is in the form of
- * "rootpool-name/root-filesystem-object-number'. Convert this
- * string to a dataset name: "rootpool-name/root-filesystem-name".
- */
-static int
-zfs_parse_bootfs(char *bpath, char *outpath)
-{
-	char *slashp;
-	uint64_t objnum;
-	int error;
-
-	if (*bpath == 0 || *bpath == '/')
-		return (SET_ERROR(EINVAL));
-
-	(void) strcpy(outpath, bpath);
-
-	slashp = strchr(bpath, '/');
-
-	/* if no '/', just return the pool name */
-	if (slashp == NULL) {
-		return (0);
-	}
-
-	/* if not a number, just return the root dataset name */
-	if (str_to_uint64(slashp+1, &objnum)) {
-		return (0);
-	}
-
-	*slashp = '\0';
-	error = dsl_dsobj_to_dsname(bpath, objnum, outpath);
-	*slashp = '/';
-
-	return (error);
-}
-
-/*
- * Check that the hex label string is appropriate for the dataset being
- * mounted into the global_zone proper.
- *
- * Return an error if the hex label string is not default or
- * admin_low/admin_high.  For admin_low labels, the corresponding
- * dataset must be readonly.
- */
-int
-zfs_check_global_label(const char *dsname, const char *hexsl)
-{
-	if (strcasecmp(hexsl, ZFS_MLSLABEL_DEFAULT) == 0)
-		return (0);
-	if (strcasecmp(hexsl, ADMIN_HIGH) == 0)
-		return (0);
-	if (strcasecmp(hexsl, ADMIN_LOW) == 0) {
-		/* must be readonly */
-		uint64_t rdonly;
-
-		if (dsl_prop_get_integer(dsname,
-		    zfs_prop_to_name(ZFS_PROP_READONLY), &rdonly, NULL))
-			return (SET_ERROR(EACCES));
-		return (rdonly ? 0 : EACCES);
-	}
-	return (SET_ERROR(EACCES));
-}
-
-/*
- * Determine whether the mount is allowed according to MAC check.
- * by comparing (where appropriate) label of the dataset against
- * the label of the zone being mounted into.  If the dataset has
- * no label, create one.
- *
- * Returns 0 if access allowed, error otherwise (e.g. EACCES)
- */
-static int
-zfs_mount_label_policy(vfs_t *vfsp, char *osname)
-{
-	int		error, retv;
-	zone_t		*mntzone = NULL;
-	ts_label_t	*mnt_tsl;
-	bslabel_t	*mnt_sl;
-	bslabel_t	ds_sl;
-	char		ds_hexsl[MAXNAMELEN];
-
-	retv = EACCES;				/* assume the worst */
-
-	/*
-	 * Start by getting the dataset label if it exists.
-	 */
-	error = dsl_prop_get(osname, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
-	    1, sizeof (ds_hexsl), &ds_hexsl, NULL);
-	if (error)
-		return (SET_ERROR(EACCES));
-
-	/*
-	 * If labeling is NOT enabled, then disallow the mount of datasets
-	 * which have a non-default label already.  No other label checks
-	 * are needed.
-	 */
-	if (!is_system_labeled()) {
-		if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) == 0)
-			return (0);
-		return (SET_ERROR(EACCES));
-	}
-
-	/*
-	 * Get the label of the mountpoint.  If mounting into the global
-	 * zone (i.e. mountpoint is not within an active zone and the
-	 * zoned property is off), the label must be default or
-	 * admin_low/admin_high only; no other checks are needed.
-	 */
-	mntzone = zone_find_by_any_path(vfsp->vfs_mntpt, B_FALSE);
-	if (mntzone->zone_id == GLOBAL_ZONEID) {
-		uint64_t zoned;
-
-		zone_rele(mntzone);
-
-		if (dsl_prop_get_integer(osname,
-		    zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
-			return (SET_ERROR(EACCES));
-		if (!zoned)
-			return (zfs_check_global_label(osname, ds_hexsl));
-		else
-			/*
-			 * This is the case of a zone dataset being mounted
-			 * initially, before the zone has been fully created;
-			 * allow this mount into global zone.
-			 */
-			return (0);
-	}
-
-	mnt_tsl = mntzone->zone_slabel;
-	ASSERT(mnt_tsl != NULL);
-	label_hold(mnt_tsl);
-	mnt_sl = label2bslabel(mnt_tsl);
-
-	if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) == 0) {
-		/*
-		 * The dataset doesn't have a real label, so fabricate one.
-		 */
-		char *str = NULL;
-
-		if (l_to_str_internal(mnt_sl, &str) == 0 &&
-		    dsl_prop_set_string(osname,
-		    zfs_prop_to_name(ZFS_PROP_MLSLABEL),
-		    ZPROP_SRC_LOCAL, str) == 0)
-			retv = 0;
-		if (str != NULL)
-			kmem_free(str, strlen(str) + 1);
-	} else if (hexstr_to_label(ds_hexsl, &ds_sl) == 0) {
-		/*
-		 * Now compare labels to complete the MAC check.  If the
-		 * labels are equal then allow access.  If the mountpoint
-		 * label dominates the dataset label, allow readonly access.
-		 * Otherwise, access is denied.
-		 */
-		if (blequal(mnt_sl, &ds_sl))
-			retv = 0;
-		else if (bldominates(mnt_sl, &ds_sl)) {
-			vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
-			retv = 0;
-		}
-	}
-
-	label_rele(mnt_tsl);
-	zone_rele(mntzone);
-	return (retv);
-}
-#endif	/* SECLABEL */
-
 static int
 getpoolname(const char *osname, char *poolname)
 {
@@ -1544,12 +1357,6 @@ zfs_mount(vfs_t *vfsp)
 		goto out;
 	}
 
-#ifdef SECLABEL
-	error = zfs_mount_label_policy(vfsp, osname);
-	if (error)
-		goto out;
-#endif
-
 	vfsp->vfs_flag |= MNT_NFS4ACLS;
 
 	/*