TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lsm: use lsm_prop in security_current_getsecid

Browse Source 
Change the security_current_getsecid_subj() and
security_task_getsecid_obj() interfaces to fill in a lsm_prop structure
instead of a u32 secid.  Audit interfaces will need to collect all
possible security data for possible reporting.

Cc: linux-integrity@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: selinux@vger.kernel.org
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler
2024-10-09 10:32:15 -07:00
committed by Paul Moore
parent e4f6822044
commit 37f670aacd
16 changed files with 139 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/smack/smack_lsm.c
+15 -10
View File
@@ -2239,30 +2239,35 @@ static int smack_task_getsid(struct task_struct *p)
}
/**
* smack_current_getsecid_subj - get the subjective secid of the current task
* @secid: where to put the result
* smack_current_getlsmprop_subj - get the subjective secid of the current task
* @prop: where to put the result
*
* Sets the secid to contain a u32 version of the task's subjective smack label.
*/
static void smack_current_getsecid_subj(u32 *secid)
static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
{
struct smack_known *skp = smk_of_current();
*secid = skp->smk_secid;
prop->smack.skp = skp;
/* scaffolding */
prop->scaffold.secid = skp->smk_secid;
}
/**
* smack_task_getsecid_obj - get the objective secid of the task
* smack_task_getlsmprop_obj - get the objective data of the task
* @p: the task
* @secid: where to put the result
* @prop: where to put the result
*
* Sets the secid to contain a u32 version of the task's objective smack label.
*/
static void smack_task_getsecid_obj(struct task_struct *p, u32 *secid)
static void smack_task_getlsmprop_obj(struct task_struct *p,
struct lsm_prop *prop)
{
struct smack_known *skp = smk_of_task_struct_obj(p);
*secid = skp->smk_secid;
prop->smack.skp = skp;
/* scaffolding */
prop->scaffold.secid = skp->smk_secid;
}
/**
@@ -5130,8 +5135,8 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
LSM_HOOK_INIT(task_getsid, smack_task_getsid),
LSM_HOOK_INIT(current_getsecid_subj, smack_current_getsecid_subj),
LSM_HOOK_INIT(task_getsecid_obj, smack_task_getsecid_obj),
LSM_HOOK_INIT(current_getlsmprop_subj, smack_current_getlsmprop_subj),
LSM_HOOK_INIT(task_getlsmprop_obj, smack_task_getlsmprop_obj),
LSM_HOOK_INIT(task_setnice, smack_task_setnice),
LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),