[PATCH v20 03/23] LSM: Use lsmblob in security_audit_rule_match

Paul Moore paul at paul-moore.com
Fri Sep 4 18:53:43 UTC 2020


On Wed, Aug 26, 2020 at 11:04 AM Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> Change the secid parameter of security_audit_rule_match
> to a lsmblob structure pointer. Pass the entry from the
> lsmblob structure for the approprite slot to the LSM hook.
>
> Change the users of security_audit_rule_match to use the
> lsmblob instead of a u32. The scaffolding function lsmblob_init()
> fills the blob with the value of the old secid, ensuring that
> it is available to the appropriate module hook. The sources of
> the secid, security_task_getsecid() and security_inode_getsecid(),
> will be converted to use the blob structure later in the series.
> At the point the use of lsmblob_init() is dropped.
>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
>  include/linux/security.h            |  7 ++++---
>  kernel/auditfilter.c                |  6 ++++--
>  kernel/auditsc.c                    | 14 ++++++++++----
>  security/integrity/ima/ima.h        |  4 ++--
>  security/integrity/ima/ima_policy.c |  7 +++++--
>  security/security.c                 | 10 ++++++++--
>  6 files changed, 33 insertions(+), 15 deletions(-)

Acked-by: Paul Moore <paul at paul-moore.com>

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list