[PATCH] security: use default hook return value in call_int_hook()

Paul Moore paul at paul-moore.com
Thu Feb 22 21:52:21 UTC 2024


On Jan 30, 2024 Ondrej Mosnacek <omosnace at redhat.com> wrote:
> 
> Change the definition of call_int_hook() to treat LSM_RET_DEFAULT(...)
> as the "continue" value instead of 0. To further simplify this macro,
> also drop the IRC argument and replace it with LSM_RET_DEFAULT(...).
> 
> After this the macro can be used in a couple more hooks, where similar
> logic is currently open-coded. At the same time, some other existing
> call_int_hook() users now need to be open-coded, but overall it's still
> a net simplification.
> 
> There should be no functional change resulting from this patch.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
>  security/security.c | 525 +++++++++++++++++++-------------------------
>  1 file changed, 221 insertions(+), 304 deletions(-)

Thanks Ondrej.

Merged into lsm/dev with a fair amount fixups due to merge conflicts
from the IMA/EVM promotion as well as the tweaks in
security_inode_copy_up_xattr() that were discussed in the thread.  If
anyone notices anything odd, please let me know.

--
paul-moore.com



More information about the Linux-security-module-archive mailing list