lsm: use lsm_prop in security_inode_getsecid (07f9d2c1) · Commits · git / linux-nf

include/linux/lsm_hook_defs.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -176,7 +176,8 @@ LSM_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode,
		const char name, const void value, size_t size, int flags)
		LSM_HOOK(int, 0, inode_listsecurity, struct inode inode, char buffer,
		size_t buffer_size)
		LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode inode, u32 secid)
		LSM_HOOK(void, LSM_RET_VOID, inode_getlsmprop, struct inode *inode,
		struct lsm_prop *prop)
		LSM_HOOK(int, 0, inode_copy_up, struct dentry src, struct cred *new)
		LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src,
		const char *name)

+4 −3

Original line number	Diff line number	Diff line
		@@ -452,7 +452,7 @@ int security_inode_getsecurity(struct mnt_idmap *idmap,
		void **buffer, bool alloc);
		int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);
		int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);
		void security_inode_getsecid(struct inode inode, u32 secid);
		void security_inode_getlsmprop(struct inode inode, struct lsm_prop prop);
		int security_inode_copy_up(struct dentry src, struct cred *new);
		int security_inode_copy_up_xattr(struct dentry src, const char name);
		int security_inode_setintegrity(const struct inode *inode,
		@@ -1076,9 +1076,10 @@ static inline int security_inode_listsecurity(struct inode inode, char buffer,
		return 0;
		}

		static inline void security_inode_getsecid(struct inode inode, u32 secid)
		static inline void security_inode_getlsmprop(struct inode *inode,
		struct lsm_prop *prop)
		{
		*secid = 0;
		lsmprop_init(prop);
		}

		static inline int security_inode_copy_up(struct dentry src, struct cred *new)

+5 −1

Original line number	Diff line number	Diff line
		@@ -2276,13 +2276,17 @@ static void audit_copy_inode(struct audit_names *name,
		const struct dentry *dentry,
		struct inode *inode, unsigned int flags)
		{
		struct lsm_prop prop;

		name->ino = inode->i_ino;
		name->dev = inode->i_sb->s_dev;
		name->mode = inode->i_mode;
		name->uid = inode->i_uid;
		name->gid = inode->i_gid;
		name->rdev = inode->i_rdev;
		security_inode_getsecid(inode, &name->osid);
		security_inode_getlsmprop(inode, &prop);
		/* scaffolding */
		name->osid = prop.scaffold.secid;
		if (flags & AUDIT_INODE_NOEVAL) {
		name->fcap_ver = -1;
		return;

+1 −2

Original line number	Diff line number	Diff line
		@@ -649,8 +649,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
		case LSM_OBJ_USER:
		case LSM_OBJ_ROLE:
		case LSM_OBJ_TYPE:
		/* scaffolding */
		security_inode_getsecid(inode, &prop.scaffold.secid);
		security_inode_getlsmprop(inode, &prop);
		rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,
		Audit_equal,
		lsm_rule->lsm[i].rule);

+5 −6

Original line number	Diff line number	Diff line
		@@ -2724,16 +2724,15 @@ int security_inode_listsecurity(struct inode *inode,
		EXPORT_SYMBOL(security_inode_listsecurity);

		/**
		* security_inode_getsecid() - Get an inode's secid
		* security_inode_getlsmprop() - Get an inode's LSM data
		* @inode: inode
		* @secid: secid to return
		* @prop: lsm specific information to return
		*
		* Get the secid associated with the node. In case of failure, @secid will be
		* set to zero.
		* Get the lsm specific information associated with the node.
		*/
		void security_inode_getsecid(struct inode inode, u32 secid)
		void security_inode_getlsmprop(struct inode inode, struct lsm_prop prop)
		{
		call_void_hook(inode_getsecid, inode, secid);
		call_void_hook(inode_getlsmprop, inode, prop);
		}

		/**