[PATCH v39 32/42] LSM: Identify which LSM handles the context string

Casey Schaufler casey at schaufler-ca.com
Fri Dec 15 22:16:26 UTC 2023


The security_secctx_to_secid() call can only interpret the
context string for a single LSM. Use the first LSM that supplies a hook.

Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
 security/security.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/security/security.c b/security/security.c
index 8469816c0472..8576121fadb9 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4248,8 +4248,13 @@ EXPORT_SYMBOL(security_lsmblob_to_secctx);
  */
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
 {
+	struct security_hook_list *hp;
+
 	*secid = 0;
-	return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
+	hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list)
+		return hp->hook.secctx_to_secid(secdata, seclen, secid);
+
+	return LSM_RET_DEFAULT(secctx_to_secid);
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
-- 
2.41.0




More information about the Linux-security-module-archive mailing list