Commit 5591fd5e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm 

Pull lsm updates from Paul Moore:
 "Thirteen patches, all focused on moving away from the current 'secid'
  LSM identifier to a richer 'lsm_prop' structure.

  This move will help reduce the translation that is necessary in many
  LSMs, offering better performance, and make it easier to support
  different LSMs in the future"

* tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: remove lsm_prop scaffolding
  netlabel,smack: use lsm_prop for audit data
  audit: change context data from secid to lsm_prop
  lsm: create new security_cred_getlsmprop LSM hook
  audit: use an lsm_prop in audit_names
  lsm: use lsm_prop in security_inode_getsecid
  lsm: use lsm_prop in security_current_getsecid
  audit: update shutdown LSM data
  lsm: use lsm_prop in security_ipc_getsecid
  audit: maintain an lsm_prop in audit_context
  lsm: add lsmprop_to_secctx hook
  lsm: use lsm_prop in security_audit_rule_match
  lsm: add the lsm_prop data structure
parents 8ffc7dbc 8afd8c8f

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -20804,6 +20804,7 @@ Q: https://patchwork.kernel.org/project/linux-security-module/list 
B:	mailto:linux-security-module@vger.kernel.org

P:	https://github.com/LinuxSecurityModule/kernel/blob/main/README.md

T:	git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git

F:	include/linux/lsm/

F:	include/linux/lsm_audit.h

F:	include/linux/lsm_hook_defs.h

F:	include/linux/lsm_hooks.h

include/linux/lsm/apparmor.h

0 → 100644
+17 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Linux Security Module interface to other subsystems.

 * AppArmor presents single pointer to an aa_label structure.

 */

#ifndef __LINUX_LSM_APPARMOR_H

#define __LINUX_LSM_APPARMOR_H



struct aa_label;



struct lsm_prop_apparmor {

#ifdef CONFIG_SECURITY_APPARMOR

	struct aa_label *label;

#endif

};



#endif /* ! __LINUX_LSM_APPARMOR_H */

include/linux/lsm/bpf.h

0 → 100644
+16 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Linux Security Module interface to other subsystems.

 * BPF may present a single u32 value.

 */

#ifndef __LINUX_LSM_BPF_H

#define __LINUX_LSM_BPF_H

#include <linux/types.h>



struct lsm_prop_bpf {

#ifdef CONFIG_BPF_LSM

	u32 secid;

#endif

};



#endif /* ! __LINUX_LSM_BPF_H */

include/linux/lsm/selinux.h

0 → 100644
+16 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Linux Security Module interface to other subsystems.

 * SELinux presents a single u32 value which is known as a secid.

 */

#ifndef __LINUX_LSM_SELINUX_H

#define __LINUX_LSM_SELINUX_H

#include <linux/types.h>



struct lsm_prop_selinux {

#ifdef CONFIG_SECURITY_SELINUX

	u32 secid;

#endif

};



#endif /* ! __LINUX_LSM_SELINUX_H */

include/linux/lsm/smack.h

0 → 100644
+17 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Linux Security Module interface to other subsystems.

 * Smack presents a pointer into the global Smack label list.

 */

#ifndef __LINUX_LSM_SMACK_H

#define __LINUX_LSM_SMACK_H



struct smack_known;



struct lsm_prop_smack {

#ifdef CONFIG_SECURITY_SMACK

	struct smack_known *skp;

#endif

};



#endif /* ! __LINUX_LSM_SMACK_H */