[PATCH v7 01/16] LSM: Single hook called in secmark refcounting
Casey Schaufler
casey at schaufler-ca.com
Wed Aug 7 22:42:30 UTC 2019
Restrict the secmark_refcount_dec and secmark_refcount_inc
interfaces to a single module. The secmark is too small to
share, and this allows the modules a way to detect if the
secmark is theirs to use.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
security/security.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/security/security.c b/security/security.c
index e9f579483d12..0467f194d87d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2564,13 +2564,25 @@ EXPORT_SYMBOL(security_secmark_relabel_packet);
void security_secmark_refcount_inc(void)
{
- call_void_hook(secmark_refcount_inc);
+ struct security_hook_list *hp;
+
+ hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_inc,
+ list) {
+ hp->hook.secmark_refcount_inc();
+ break;
+ }
}
EXPORT_SYMBOL(security_secmark_refcount_inc);
void security_secmark_refcount_dec(void)
{
- call_void_hook(secmark_refcount_dec);
+ struct security_hook_list *hp;
+
+ hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_dec,
+ list) {
+ hp->hook.secmark_refcount_dec();
+ break;
+ }
}
EXPORT_SYMBOL(security_secmark_refcount_dec);
--
2.20.1
More information about the Linux-security-module-archive
mailing list