[PATCH] security: use default hook return value in call_int_hook()
Paul Moore
paul at paul-moore.com
Thu Feb 22 21:52:21 UTC 2024
On Jan 30, 2024 Ondrej Mosnacek <omosnace at redhat.com> wrote:
>
> Change the definition of call_int_hook() to treat LSM_RET_DEFAULT(...)
> as the "continue" value instead of 0. To further simplify this macro,
> also drop the IRC argument and replace it with LSM_RET_DEFAULT(...).
>
> After this the macro can be used in a couple more hooks, where similar
> logic is currently open-coded. At the same time, some other existing
> call_int_hook() users now need to be open-coded, but overall it's still
> a net simplification.
>
> There should be no functional change resulting from this patch.
>
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
> security/security.c | 525 +++++++++++++++++++-------------------------
> 1 file changed, 221 insertions(+), 304 deletions(-)
Thanks Ondrej.
Merged into lsm/dev with a fair amount fixups due to merge conflicts
from the IMA/EVM promotion as well as the tweaks in
security_inode_copy_up_xattr() that were discussed in the thread. If
anyone notices anything odd, please let me know.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list