@@ -1311,8 +1311,8 @@
* context.
* @secctx_to_secid:
* Convert security context to exported lsm data.
+ * @cp contains the security context.
* @l contains the pointer to the generated security data.
- * @secdata contains the security context.
*
* @release_secctx:
* Release the security context.
@@ -1654,7 +1654,7 @@ union security_list_options {
int (*setprocattr)(const char *name, void *value, size_t size);
int (*ismaclabel)(const char *name);
int (*secid_to_secctx)(struct lsm_export *l, struct lsm_context *cp);
- int (*secctx_to_secid)(const char *secdata, u32 seclen,
+ int (*secctx_to_secid)(const struct lsm_context *cp,
struct lsm_export *l);
void (*release_secctx)(char *secdata, u32 seclen);
@@ -27,7 +27,7 @@ struct aa_label;
struct aa_label *aa_secid_to_label(struct lsm_export *l);
int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp);
-int apparmor_secctx_to_secid(const char *secdata, u32 seclen,
+int apparmor_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l);
void apparmor_release_secctx(char *secdata, u32 seclen);
@@ -110,13 +110,12 @@ int apparmor_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
return 0;
}
-int apparmor_secctx_to_secid(const char *secdata, u32 seclen,
- struct lsm_export *l)
+int apparmor_secctx_to_secid(const struct lsm_context *cp, struct lsm_export *l)
{
struct aa_label *label;
- label = aa_label_strn_parse(&root_ns->unconfined->label, secdata,
- seclen, GFP_KERNEL, false, false);
+ label = aa_label_strn_parse(&root_ns->unconfined->label, cp->context,
+ cp->len, GFP_KERNEL, false, false);
if (IS_ERR(label))
return PTR_ERR(label);
aa_export_secid(l, label->secid);
@@ -1991,8 +1991,12 @@ EXPORT_SYMBOL(security_secid_to_secctx);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsm_export *l)
{
+ struct lsm_context lc;
+
+ lc.context = secdata;
+ lc.len = seclen;
lsm_export_init(l);
- return call_one_int_hook(secctx_to_secid, 0, secdata, seclen, l);
+ return call_one_int_hook(secctx_to_secid, 0, &lc, l);
}
EXPORT_SYMBOL(security_secctx_to_secid);
@@ -6203,13 +6203,13 @@ static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
&cp->context, &cp->len);
}
-static int selinux_secctx_to_secid(const char *secdata, u32 seclen,
+static int selinux_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l)
{
u32 secid;
int rc;
- rc = security_context_to_sid(&selinux_state, secdata, seclen,
+ rc = security_context_to_sid(&selinux_state, cp->context, cp->len,
&secid, GFP_KERNEL);
selinux_export_secid(l, secid);
return rc;
@@ -4370,10 +4370,10 @@ static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
*
* Exists for audit and networking code.
*/
-static int smack_secctx_to_secid(const char *secdata, u32 seclen,
+static int smack_secctx_to_secid(const struct lsm_context *cp,
struct lsm_export *l)
{
- struct smack_known *skp = smk_find_entry(secdata);
+ struct smack_known *skp = smk_find_entry(cp->context);
if (skp)
smack_export_secid(l, skp->smk_secid);
Convert SELinux, Smack and AppArmor to use the lsm_context structure instead of a context/secid pair. There is some scaffolding involved that will be removed when the related data is updated. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- include/linux/lsm_hooks.h | 4 ++-- security/apparmor/include/secid.h | 2 +- security/apparmor/secid.c | 7 +++---- security/security.c | 6 +++++- security/selinux/hooks.c | 4 ++-- security/smack/smack_lsm.c | 4 ++-- 6 files changed, 15 insertions(+), 12 deletions(-)