[PATCH v39 32/42] LSM: Identify which LSM handles the context string
Casey Schaufler
casey at schaufler-ca.com
Fri Dec 15 22:16:26 UTC 2023
The security_secctx_to_secid() call can only interpret the
context string for a single LSM. Use the first LSM that supplies a hook.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
security/security.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index 8469816c0472..8576121fadb9 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4248,8 +4248,13 @@ EXPORT_SYMBOL(security_lsmblob_to_secctx);
*/
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
{
+ struct security_hook_list *hp;
+
*secid = 0;
- return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
+ hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list)
+ return hp->hook.secctx_to_secid(secdata, seclen, secid);
+
+ return LSM_RET_DEFAULT(secctx_to_secid);
}
EXPORT_SYMBOL(security_secctx_to_secid);
--
2.41.0
More information about the Linux-security-module-archive
mailing list