[PATCH 53/97] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
casey at schaufler-ca.com
Thu Feb 28 22:18:49 UTC 2019
Convert SELinux, Smack and AppAror to use the lsm_context structure
instead of a context/secid pair. There is some scaffolding involved
that will be removed when the related data is updated.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
include/linux/lsm_hooks.h | 3 +--
security/apparmor/include/secid.h | 2 +-
security/apparmor/secid.c | 4 ++--
security/security.c | 7 +++++--
security/selinux/hooks.c | 4 ++--
security/smack/smack_lsm.c | 4 ++--
6 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 29e52aedd6ac..2f07be4b9800 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1316,7 +1316,6 @@
* @release_secctx:
* Release the security context.
* @secdata contains the security context.
- * @seclen contains the length of the security context.
*
* Security hooks for Audit
*
@@ -1653,7 +1652,7 @@ union security_list_options {
int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
int (*secctx_to_secid)(const struct lsm_context *cp,
struct lsm_export *l);
- void (*release_secctx)(char *secdata, u32 seclen);
+ void (*release_secctx)(struct lsm_context *cp);
void (*inode_invalidate_secctx)(struct inode *inode);
int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp);
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index acfcf99bff0e..a780e56d4f5b 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -29,7 +29,7 @@ struct aa_label *aa_secid_to_label(struct lsm_export *l);
int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp);
int apparmor_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l);
-void apparmor_release_secctx(char *secdata, u32 seclen);
+void apparmor_release_secctx(struct lsm_context *cp);
int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 35df38592b6e..46c8b9a67ac7 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -123,9 +123,9 @@ int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
return 0;
}
-void apparmor_release_secctx(char *secdata, u32 seclen)
+void apparmor_release_secctx(struct lsm_context *cp)
{
- kfree(secdata);
+ kfree(cp->context);
}
/**
diff --git a/security/security.c b/security/security.c
index dadb1cb72920..4dfe053ced5b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1990,7 +1990,6 @@ EXPORT_SYMBOL(security_secid_to_secctx);
int security_secctx_to_secid(struct lsm_context *cp, struct lsm_export *l)
{
-
lsm_export_init(l);
return call_one_int_hook(secctx_to_secid, 0, cp, l);
}
@@ -1998,7 +1997,11 @@ EXPORT_SYMBOL(security_secctx_to_secid);
void security_release_secctx(char *secdata, u32 seclen)
{
- call_one_void_hook(release_secctx, secdata, seclen);
+ struct lsm_context lc;
+
+ lc.context = secdata;
+ lc.len = seclen;
+ call_one_void_hook(release_secctx, &lc);
}
EXPORT_SYMBOL(security_release_secctx);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8b8eb5115d6d..ea9603b63f77 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6215,9 +6215,9 @@ static int selinux_secctx_to_secid(const struct lsm_context *cp,
return rc;
}
-static void selinux_release_secctx(char *secdata, u32 seclen)
+static void selinux_release_secctx(struct lsm_context *cp)
{
- kfree(secdata);
+ kfree(cp->context);
}
static void selinux_inode_invalidate_secctx(struct inode *inode)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 26cf42ddba0e..332ac71e8a41 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4383,9 +4383,9 @@ static int smack_secctx_to_secid(const struct lsm_context *cp,
}
/*
- * There smack_release_secctx hook does nothing
+ * The smack_release_secctx hook does nothing
*/
-static void smack_release_secctx(char *secdata, u32 seclen)
+static void smack_release_secctx(struct lsm_context *cp)
{
}
--
2.17.0
More information about the Linux-security-module-archive
mailing list