jchzhou/kernel-sophgo-sg2044-revyos-6.17-src
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lsm: replace context+len with lsm_context

Browse Source 
Replace the (secctx,seclen) pointer pair with a single
lsm_context pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.

security_secid_to_secctx() and security_lsmproc_to_secctx()
will now return the length value on success instead of 0.

Cc: netdev@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
Cc: Todd Kjos <tkjos@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject tweak, kdoc fix, signedness fix from Dan Carpenter]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler
2024-10-23 14:21:55 -07:00
committed by Paul Moore
parent 6fba89813c
commit 2d470c7781
17 changed files with 121 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
security/security.c
View File

@@ -4304,40 +4304,36 @@ EXPORT_SYMBOL(security_ismaclabel);
/**
* security_secid_to_secctx() - Convert a secid to a secctx
* @secid: secid
* @secdata: secctx
* @seclen: secctx length
* @cp: the LSM context
*
* Convert secid to security context. If @secdata is NULL the length of the
* result will be returned in @seclen, but no @secdata will be returned. This
* Convert secid to security context. If @cp is NULL the length of the
* result will be returned, but no data will be returned. This
* does mean that the length could change between calls to check the length and
* the next call which actually allocates and returns the @secdata.
* the next call which actually allocates and returns the data.
*
* Return: Return 0 on success, error on failure.
* Return: Return length of data on success, error on failure.
*/
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
{
return call_int_hook(secid_to_secctx, secid, secdata, seclen);
return call_int_hook(secid_to_secctx, secid, cp);
}
EXPORT_SYMBOL(security_secid_to_secctx);
/**
* security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
* @prop: lsm specific information
* @secdata: secctx
* @seclen: secctx length
* @cp: the LSM context
*
* Convert a @prop entry to security context. If @secdata is NULL the
* length of the result will be returned in @seclen, but no @secdata
* will be returned. This does mean that the length could change between
* calls to check the length and the next call which actually allocates
* and returns the @secdata.
* Convert a @prop entry to security context. If @cp is NULL the
* length of the result will be returned. This does mean that the
* length could change between calls to check the length and the
* next call which actually allocates and returns the @cp.
*
* Return: Return 0 on success, error on failure.
* Return: Return length of data on success, error on failure.
*/
int security_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
u32 *seclen)
int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)
{
return call_int_hook(lsmprop_to_secctx, prop, secdata, seclen);
return call_int_hook(lsmprop_to_secctx, prop, cp);
}
EXPORT_SYMBOL(security_lsmprop_to_secctx);