[PATCH v12 09/25] LSM: Use lsmblob in security_task_getsecid
Stephen Smalley
sds at tycho.nsa.gov
Tue Dec 17 18:11:44 UTC 2019
On 12/16/19 5:36 PM, Casey Schaufler wrote:
> Change the security_task_getsecid() interface to fill in
> a lsmblob structure instead of a u32 secid in support of
> LSM stacking. Audit interfaces will need to collect all
> possible secids for possible reporting.
>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: John Johansen <john.johansen at canonical.com>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> cc: linux-integrity at vger.kernel.org
> ---
> drivers/android/binder.c | 4 +--
> include/linux/security.h | 7 +++--
> kernel/audit.c | 11 +++----
> kernel/auditfilter.c | 4 +--
> kernel/auditsc.c | 18 ++++++++----
> net/netlabel/netlabel_unlabeled.c | 5 +++-
> net/netlabel/netlabel_user.h | 6 +++-
> security/integrity/ima/ima_appraise.c | 4 ++-
> security/integrity/ima/ima_main.c | 42 +++++++++++++++------------
> security/security.c | 12 ++++++--
> 10 files changed, 69 insertions(+), 44 deletions(-)
>
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 300c8d2943c5..69e549164949 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -49,11 +49,13 @@ bool is_ima_appraise_enabled(void)
> int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
> {
> u32 secid;
> + struct lsmblob blob;
>
> if (!ima_appraise)
> return 0;
>
> - security_task_getsecid(current, &secid);
> + security_task_getsecid(current, &blob);
> + lsmblob_secid(&blob, &secid);
> return ima_match_policy(inode, current_cred(), secid, func, mask,
> IMA_APPRAISE | IMA_HASH, NULL, NULL);
> }
I missed where lsmblob_secid() is defined? Looks like it is later
deleted by patch 12/25. Leftover from an earlier version of the series?
Have you checked that it compiles after each patch?
More information about the Linux-security-module-archive
mailing list