lsm: use lsm_prop in security_ipc_getsecid
There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsm_prop structure instead of the u32 secid. Change the name to security_ipc_getlsmprop() to reflect the change. Cc: audit@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler
committed by
Paul Moore
Paul Moore
parent
7183abccd8
commit
f4602f163c
@@ -3435,16 +3435,18 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
|
||||
}
|
||||
|
||||
/**
|
||||
* smack_ipc_getsecid - Extract smack security id
|
||||
* smack_ipc_getlsmprop - Extract smack security data
|
||||
* @ipp: the object permissions
|
||||
* @secid: where result will be saved
|
||||
* @prop: where result will be saved
|
||||
*/
|
||||
static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
|
||||
static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
|
||||
{
|
||||
struct smack_known **blob = smack_ipc(ipp);
|
||||
struct smack_known *iskp = *blob;
|
||||
struct smack_known **iskpp = smack_ipc(ipp);
|
||||
struct smack_known *iskp = *iskpp;
|
||||
|
||||
*secid = iskp->smk_secid;
|
||||
prop->smack.skp = iskp;
|
||||
/* scaffolding */
|
||||
prop->scaffold.secid = iskp->smk_secid;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -5140,7 +5142,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
|
||||
|
||||
LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
|
||||
LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
|
||||
LSM_HOOK_INIT(ipc_getlsmprop, smack_ipc_getlsmprop),
|
||||
|
||||
LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
|
||||
|
||||
|
||||
Reference in New Issue
Block a user