[PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security
Casey Schaufler
casey at schaufler-ca.com
Fri Apr 19 00:45:30 UTC 2019
From: Casey Schaufler <cschaufler at schaufler-ca.com>
Convert security_dentry_init_security to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
fs/nfs/nfs4proc.c | 5 ++++-
include/linux/security.h | 7 +++----
security/security.c | 14 ++++----------
3 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 4dbb0ee23432..de000649f9f3 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -113,6 +113,7 @@ static inline struct nfs4_label *
nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
struct iattr *sattr, struct nfs4_label *label)
{
+ struct lsm_context lc; /* Scaffolding -Casey */
int err;
if (label == NULL)
@@ -122,7 +123,9 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
return NULL;
err = security_dentry_init_security(dentry, sattr->ia_mode,
- &dentry->d_name, (void **)&label->label, &label->len);
+ &dentry->d_name, &lc);
+ label->label = lc.context;
+ label->len = lc.len;
if (err == 0)
return label;
diff --git a/include/linux/security.h b/include/linux/security.h
index e12b169deed6..6c3a74a44a59 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -302,8 +302,8 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
int security_add_mnt_opt(const char *option, const char *val,
int len, void **mnt_opts);
int security_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen);
+ const struct qstr *name,
+ struct lsm_context *cp);
int security_dentry_create_files_as(struct dentry *dentry, int mode,
struct qstr *name,
const struct cred *old,
@@ -674,8 +674,7 @@ static inline void security_inode_free(struct inode *inode)
static inline int security_dentry_init_security(struct dentry *dentry,
int mode,
const struct qstr *name,
- void **ctx,
- u32 *ctxlen)
+ struct lsm_context *cp)
{
return -EOPNOTSUPP;
}
diff --git a/security/security.c b/security/security.c
index fa0500b2c15f..649fd13cdda1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1014,17 +1014,11 @@ void security_inode_free(struct inode *inode)
}
int security_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen)
+ const struct qstr *name,
+ struct lsm_context *cp)
{
- struct lsm_context lc = { .context = NULL, .len = 0, };
- int rc;
-
- rc = call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
- name, &lc);
- *ctx = (void *)lc.context;
- *ctxlen = lc.len;
- return rc;
+ return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
+ name, cp);
}
EXPORT_SYMBOL(security_dentry_init_security);
--
2.19.1
More information about the Linux-security-module-archive
mailing list