[PATCH 48/97] LSM: Use lsm_context in dentry_init_security hooks
Casey Schaufler
casey at schaufler-ca.com
Thu Feb 28 22:18:44 UTC 2019
From: Casey Schaufler <cschaufler at schaufler-ca.com>
Convert SELinux to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
include/linux/lsm_hooks.h | 7 +++----
security/security.c | 10 ++++++++--
security/selinux/hooks.c | 8 ++++----
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index a7a68be7e507..29e52aedd6ac 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -150,8 +150,7 @@
* @dentry dentry to use in calculating the context.
* @mode mode used to determine resource type.
* @name name of the last path component used to create file
- * @ctx pointer to place the pointer to the resulting context in.
- * @ctxlen point to place the length of the resulting context.
+ * @cp pointer to place the pointer to the resulting context in.
* @dentry_create_files_as:
* Compute a context for a dentry as the inode is not yet available
* and set that context in passed in creds so that new files are
@@ -1482,8 +1481,8 @@ union security_list_options {
int (*sb_add_mnt_opt)(const char *option, const char *val, int len,
void **mnt_opts);
int (*dentry_init_security)(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen);
+ const struct qstr *name,
+ struct lsm_context *cp);
int (*dentry_create_files_as)(struct dentry *dentry, int mode,
struct qstr *name,
const struct cred *old,
diff --git a/security/security.c b/security/security.c
index a0c4ae7da840..bacfb690392e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1018,8 +1018,14 @@ int security_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen)
{
- return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
- name, ctx, ctxlen);
+ struct lsm_context lc = { .context = NULL, .len = 0, };
+ int rc;
+
+ rc = call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
+ name, &lc);
+ *ctx = (void *)lc.context;
+ *ctxlen = lc.len;
+ return rc;
}
EXPORT_SYMBOL(security_dentry_init_security);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 33e58efe59ce..8b8eb5115d6d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2715,8 +2715,8 @@ static void selinux_inode_free_security(struct inode *inode)
}
static int selinux_dentry_init_security(struct dentry *dentry, int mode,
- const struct qstr *name, void **ctx,
- u32 *ctxlen)
+ const struct qstr *name,
+ struct lsm_context *cp)
{
u32 newsid;
int rc;
@@ -2728,8 +2728,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
if (rc)
return rc;
- return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
- ctxlen);
+ return security_sid_to_context(&selinux_state, newsid, &cp->context,
+ &cp->len);
}
static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
--
2.17.0
More information about the Linux-security-module-archive
mailing list