[v35,24/29] LSM: Add a function to report multiple LSMs

Message ID	20220418145945.38797-25-casey@schaufler-ca.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v35 24/29] LSM: Add a function to report multiple LSMs Date: Mon, 18 Apr 2022 07:59:40 -0700 Message-Id: <20220418145945.38797-25-casey@schaufler-ca.com> In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com> References: <20220418145945.38797-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v35,01/29] integrity: disassociate ima_filter_rule from security_audit_rule \| expand [v35,01/29] integrity: disassociate ima_filter_rule from security_audit_rule [v35,02/29] LSM: Infrastructure management of the sock security [v35,03/29] LSM: Add the lsmblob data structure. [v35,04/29] LSM: provide lsm name and id slot mappings [v35,05/29] IMA: avoid label collisions with stacked LSMs [v35,06/29] LSM: Use lsmblob in security_audit_rule_match [v35,07/29] LSM: Use lsmblob in security_kernel_act_as [v35,08/29] LSM: Use lsmblob in security_secctx_to_secid [v35,09/29] LSM: Use lsmblob in security_secid_to_secctx [v35,10/29] LSM: Use lsmblob in security_ipc_getsecid [v35,11/29] LSM: Use lsmblob in security_current_getsecid [v35,12/29] LSM: Use lsmblob in security_inode_getsecid [v35,13/29] LSM: Use lsmblob in security_cred_getsecid [v35,14/29] LSM: Specify which LSM to display [v35,15/29] LSM: Ensure the correct LSM context releaser [v35,16/29] LSM: Use lsmcontext in security_secid_to_secctx [v35,17/29] LSM: Use lsmcontext in security_inode_getsecctx [v35,18/29] LSM: security_secid_to_secctx in netlink netfilter [v35,19/29] NET: Store LSM netlabel data in a lsmblob [v35,20/29] binder: Pass LSM identifier for confirmation [v35,21/29] LSM: Extend security_secid_to_secctx to include module selection [v35,22/29] Audit: Keep multiple LSM data in audit_names [v35,23/29] Audit: Create audit_stamp structure [v35,24/29] LSM: Add a function to report multiple LSMs [v35,25/29] Audit: Allow multiple records in an audit_buffer [v35,26/29] Audit: Add record for multiple task security contexts [v35,27/29] Audit: Add record for multiple object contexts [v35,28/29] LSM: Add /proc attr entry for full LSM context [v35,29/29] AppArmor: Remove the exclusive flag

Message ID

20220418145945.38797-25-casey@schaufler-ca.com (mailing list archive)

State

New, archived

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org
Subject: [PATCH v35 24/29] LSM: Add a function to report multiple LSMs
Date: Mon, 18 Apr 2022 07:59:40 -0700
Message-Id: <20220418145945.38797-25-casey@schaufler-ca.com>
In-Reply-To: <20220418145945.38797-1-casey@schaufler-ca.com>
References: <20220418145945.38797-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v35,01/29] integrity: disassociate ima_filter_rule from security_audit_rule | expand

Commit Message

Casey Schaufler April 18, 2022, 2:59 p.m. UTC

Add a new boolean function lsm_multiple_contexts() to
identify when multiple security modules provide security
context strings.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Paul Moore April 22, 2022, 4:26 p.m. UTC | #1

On Mon, Apr 18, 2022 at 11:12 AM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> Add a new boolean function lsm_multiple_contexts() to
> identify when multiple security modules provide security
> context strings.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  include/linux/security.h | 9 +++++++++
>  1 file changed, 9 insertions(+)

Acked-by: Paul Moore <paul@paul-moore.com>

John Johansen April 25, 2022, 11:33 p.m. UTC | #2

On 4/18/22 07:59, Casey Schaufler wrote:
> Add a new boolean function lsm_multiple_contexts() to
> identify when multiple security modules provide security
> context strings.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Reviewed-by: John Johansen <john.johansen@canonical.com>

> ---
>  include/linux/security.h | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 2150016492be..3fab84220f88 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -232,6 +232,15 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba,
>  extern int lsm_name_to_slot(char *name);
>  extern const char *lsm_slot_to_name(int slot);
>  
> +static inline bool lsm_multiple_contexts(void)
> +{
> +#ifdef CONFIG_SECURITY
> +	return lsm_slot_to_name(1) != NULL;
> +#else
> +	return false;
> +#endif
> +}
> +
>  /**
>   * lsmblob_value - find the first non-zero value in an lsmblob structure.
>   * @blob: Pointer to the data

diff --git a/include/linux/security.h b/include/linux/security.h
index 2150016492be..3fab84220f88 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -232,6 +232,15 @@  static inline bool lsmblob_equal(const struct lsmblob *bloba,
 extern int lsm_name_to_slot(char *name);
 extern const char *lsm_slot_to_name(int slot);
 
+static inline bool lsm_multiple_contexts(void)
+{
+#ifdef CONFIG_SECURITY
+	return lsm_slot_to_name(1) != NULL;
+#else
+	return false;
+#endif
+}
+
 /**
  * lsmblob_value - find the first non-zero value in an lsmblob structure.
  * @blob: Pointer to the data

[v35,24/29] LSM: Add a function to report multiple LSMs

Commit Message

Comments

Patch