From patchwork Thu Aug 3 17:12:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Abeni X-Patchwork-Id: 13340363 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8259AEB64DD for ; Thu, 3 Aug 2023 17:14:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234661AbjHCROP (ORCPT ); Thu, 3 Aug 2023 13:14:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234648AbjHCROL (ORCPT ); Thu, 3 Aug 2023 13:14:11 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2C2E3C16 for ; Thu, 3 Aug 2023 10:13:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691082804; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YiA6TsqHwe73wZwOUb7qdSWZF8mWFolXm7MMmc8GrsI=; b=FnQ+eOOSv0L7dFEr0eng2vPgD/CxTuEqA/LRsE8tO+yc7hflzqDgMS3nduLuKej2xxODfI oBJNTeO8+KlsLx74rPIXM0Am3PDY85WCqh09qWrYu8H4ohnnP7ZlmF7X87cazqkLApT61F BSnA35qJ2QK/WTg2a6IQ0JvAYQPoLlM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-672-JDFrQwn0Pya9QVAi0XjWhw-1; Thu, 03 Aug 2023 13:13:21 -0400 X-MC-Unique: JDFrQwn0Pya9QVAi0XjWhw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1C3518DC664; Thu, 3 Aug 2023 17:13:21 +0000 (UTC) Received: from gerbillo.redhat.com (unknown [10.45.224.242]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB5C2200A7CA; Thu, 3 Aug 2023 17:13:18 +0000 (UTC) From: Paolo Abeni To: linux-security-module@vger.kernel.org Cc: Paul Moore , James Morris , "Serge E. Hallyn" , Ondrej Mosnacek , KP Singh Subject: [PATCH RFC 1/3] security: introduce and use call_int_hook_ignore_default() Date: Thu, 3 Aug 2023 19:12:40 +0200 Message-ID: <7bfe86eb0a0e3ec15af0a93c329d2aca72fb0bdc.1691082677.git.pabeni@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: bulk List-ID: The following hooks currently don't allow the LSM module to tell the core to ignore its return code: sb_set_mnt_opts inode_init_security inode_getsecctx socket_getpeersec_stream socket_getpeersec_dgram because the return value for the security function when no LSMs are loaded is non zero, and LSMs use the current LSM_RET_DEFAULT() (zero) to represent "success". Introduce a new variant of the call_int_hook() macros the explicitly ignores the return code from the LSM when equal to LSM_RET_DEFAULT, use it for the above hooks, and change the default to 1. All the exiting LSM except BPF don't use such return value, so no functional change is expected. After this change, LSM returning the LSM_RET_DEFAULT value will become a no-op for the mentioned hooks. Signed-off-by: Paolo Abeni --- include/linux/lsm_hook_defs.h | 10 ++++----- security/security.c | 42 ++++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 16 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 4f2621e87634..c9032e20d0b3 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -73,7 +73,7 @@ LSM_HOOK(int, 0, sb_mount, const char *dev_name, const struct path *path, LSM_HOOK(int, 0, sb_umount, struct vfsmount *mnt, int flags) LSM_HOOK(int, 0, sb_pivotroot, const struct path *old_path, const struct path *new_path) -LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts, +LSM_HOOK(int, 1, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts, unsigned long kern_flags, unsigned long *set_kern_flags) LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, @@ -111,7 +111,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) -LSM_HOOK(int, 0, inode_init_security, struct inode *inode, +LSM_HOOK(int, 1, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, const char **name, void **value, size_t *len) LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode, @@ -272,7 +272,7 @@ LSM_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen) LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode) LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) -LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, +LSM_HOOK(int, 1, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) @@ -308,9 +308,9 @@ LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how) LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) -LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, +LSM_HOOK(int, 1, socket_getpeersec_stream, struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) -LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, +LSM_HOOK(int, 1, socket_getpeersec_dgram, struct socket *sock, struct sk_buff *skb, u32 *secid) LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority) LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) diff --git a/security/security.c b/security/security.c index 2dfc7b9f6ed9..b9a7b15e269e 100644 --- a/security/security.c +++ b/security/security.c @@ -784,6 +784,23 @@ static int lsm_superblock_alloc(struct super_block *sb) RC; \ }) +#define call_int_hook_ignore_default(FUNC, IRC, ...) ({ \ + int TRC, RC = IRC; \ + do { \ + struct security_hook_list *P; \ + \ + hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ + TRC = P->hook.FUNC(__VA_ARGS__); \ + if (TRC != LSM_RET_DEFAULT(FUNC)) \ + continue; \ + RC = TRC; \ + if (RC != 0) \ + break; \ + } \ + } while (0); \ + RC; \ +}) + /* Security operations */ /** @@ -1405,9 +1422,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, unsigned long kern_flags, unsigned long *set_kern_flags) { - return call_int_hook(sb_set_mnt_opts, - mnt_opts ? -EOPNOTSUPP : 0, sb, - mnt_opts, kern_flags, set_kern_flags); + return call_int_hook_ignore_default(sb_set_mnt_opts, + mnt_opts ? -EOPNOTSUPP : 0, sb, + mnt_opts, kern_flags, set_kern_flags); } EXPORT_SYMBOL(security_sb_set_mnt_opts); @@ -1612,11 +1629,13 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, return 0; if (!initxattrs) - return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, - dir, qstr, NULL, NULL, NULL); + return call_int_hook_ignore_default(inode_init_security, + -EOPNOTSUPP, inode, dir, + qstr, NULL, NULL, NULL); memset(new_xattrs, 0, sizeof(new_xattrs)); lsm_xattr = new_xattrs; - ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, + ret = call_int_hook_ignore_default(inode_init_security, -EOPNOTSUPP, + inode, dir, qstr, &lsm_xattr->name, &lsm_xattr->value, &lsm_xattr->value_len); @@ -3973,7 +3992,8 @@ EXPORT_SYMBOL(security_inode_setsecctx); */ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + return call_int_hook_ignore_default(inode_getsecctx, -EOPNOTSUPP, inode, + ctx, ctxlen); } EXPORT_SYMBOL(security_inode_getsecctx); @@ -4330,8 +4350,8 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + return call_int_hook_ignore_default(socket_getpeersec_stream, -ENOPROTOOPT, + sock, optval, optlen, len); } /** @@ -4351,8 +4371,8 @@ int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + return call_int_hook_ignore_default(socket_getpeersec_dgram, -ENOPROTOOPT, + sock, skb, secid); } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Thu Aug 3 17:12:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Abeni X-Patchwork-Id: 13340365 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D271EB64DD for ; Thu, 3 Aug 2023 17:14:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233738AbjHCROb (ORCPT ); Thu, 3 Aug 2023 13:14:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234347AbjHCRO2 (ORCPT ); Thu, 3 Aug 2023 13:14:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12C193C38 for ; Thu, 3 Aug 2023 10:13:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691082819; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NwboMpndKcSVwHb15bn2zb0MUP8wKG5ZpPY0Hw7kAC8=; b=GEEhkYhiRQNXL9BgUR0kbbmjV9dKKQx7ZVc/FaQZFS2Oft2bpYhYxiW7rq9oeSfc6yQtM8 HJqgWjzeVKXBzRJvReOPf1HdQtwvDufEcb8481DR6K6fq8IiuatpppMMyBwrF3jATjfDZh BLVi40kr4p9le33V2BM10P7sv3PvSYI= Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-647-JrasZZNjM3mDGgFrfS1szg-1; Thu, 03 Aug 2023 13:13:33 -0400 X-MC-Unique: JrasZZNjM3mDGgFrfS1szg-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A1CD83C0C4A9; Thu, 3 Aug 2023 17:13:22 +0000 (UTC) Received: from gerbillo.redhat.com (unknown [10.45.224.242]) by smtp.corp.redhat.com (Postfix) with ESMTP id 657C9200C0EF; Thu, 3 Aug 2023 17:13:21 +0000 (UTC) From: Paolo Abeni To: linux-security-module@vger.kernel.org Cc: Paul Moore , James Morris , "Serge E. Hallyn" , Ondrej Mosnacek , KP Singh Subject: [PATCH RFC 2/3] security: two more call_int_hook_ignore_default use-cases Date: Thu, 3 Aug 2023 19:12:41 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: bulk List-ID: Quite similar to the previous commit, the hooks: inode_setxattr inode_removexattr don't allow the LSM to tell the core to ignore it's return code. The main difference it that the above mentioned hooks explicitly check for a non zero return value from the hook to perform the default action. Changing the LSM_RET_DEFAULT to 1 and using call_int_hook_ignore_default allows LSM returning the LSM_RET_DEFAULT value will become no-op for the mentioned hooks. All the exiting LSM except BPF never use 1 as return value, so no functional change is expected. Signed-off-by: Paolo Abeni --- include/linux/lsm_hook_defs.h | 4 ++-- security/security.c | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index c9032e20d0b3..49f1f9bed958 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -136,14 +136,14 @@ LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode, LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask) LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr) LSM_HOOK(int, 0, inode_getattr, const struct path *path) -LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap, +LSM_HOOK(int, 1, inode_setxattr, struct mnt_idmap *idmap, struct dentry *dentry, const char *name, const void *value, size_t size, int flags) LSM_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry, const char *name, const void *value, size_t size, int flags) LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name) LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry) -LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap, +LSM_HOOK(int, 1, inode_removexattr, struct mnt_idmap *idmap, struct dentry *dentry, const char *name) LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap, struct dentry *dentry, const char *acl_name, struct posix_acl *kacl) diff --git a/security/security.c b/security/security.c index b9a7b15e269e..0528cbef0624 100644 --- a/security/security.c +++ b/security/security.c @@ -2158,8 +2158,8 @@ int security_inode_setxattr(struct mnt_idmap *idmap, * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ - ret = call_int_hook(inode_setxattr, 1, idmap, dentry, name, value, - size, flags); + ret = call_int_hook_ignore_default(inode_setxattr, 1, idmap, dentry, name, + value, size, flags); if (ret == 1) ret = cap_inode_setxattr(dentry, name, value, size, flags); @@ -2321,7 +2321,8 @@ int security_inode_removexattr(struct mnt_idmap *idmap, * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ - ret = call_int_hook(inode_removexattr, 1, idmap, dentry, name); + ret = call_int_hook_ignore_default(inode_removexattr, 1, idmap, dentry, + name); if (ret == 1) ret = cap_inode_removexattr(idmap, dentry, name); if (ret) From patchwork Thu Aug 3 17:12:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Abeni X-Patchwork-Id: 13340362 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40837C001DB for ; Thu, 3 Aug 2023 17:14:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234638AbjHCROP (ORCPT ); Thu, 3 Aug 2023 13:14:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234347AbjHCROL (ORCPT ); Thu, 3 Aug 2023 13:14:11 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 576813C22 for ; Thu, 3 Aug 2023 10:13:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691082807; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0Sd8udM4quE+FkVJlTeE6p9Jeb2cJdOzPnhjvTuy2rU=; b=fDcJQCQL3vAJLtUKOGzZufYEyIwkxeIcgG5D943sB0gTMKxSRvmXuOy2HyiQV3HfVgXtrM +4+8sJUmZzYb78rwJtNEbEHcKQXm38GOntfCm00Ti6Z+uQ6fx0vxRr5iJbPT9B8RjNfJcX rZMdUbeDKb4F4kcUADV0eKim8v/Fs7E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-113-kSsMx2D8OSKt3S0LVMVD6g-1; Thu, 03 Aug 2023 13:13:24 -0400 X-MC-Unique: kSsMx2D8OSKt3S0LVMVD6g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2A2858564EF; Thu, 3 Aug 2023 17:13:24 +0000 (UTC) Received: from gerbillo.redhat.com (unknown [10.45.224.242]) by smtp.corp.redhat.com (Postfix) with ESMTP id EADE2200A7CA; Thu, 3 Aug 2023 17:13:22 +0000 (UTC) From: Paolo Abeni To: linux-security-module@vger.kernel.org Cc: Paul Moore , James Morris , "Serge E. Hallyn" , Ondrej Mosnacek , KP Singh Subject: [PATCH RFC 3/3] security: more call_int_hook_ignore_default use-cases Date: Thu, 3 Aug 2023 19:12:42 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: bulk List-ID: The vm_enough_memory and xfrm_state_pol_flow_match behavior is somewhat similar, as both possibly need to reconciliate multiple LSM return value to a take a single decision. Currently xfrm_state_pol_flow_match has a simple implementation leveraging the fact that only a LSM is supposed to implement such hook. This patch extend xfrm_state_pol_flow_match() to possibly cope with multiple hooks alike what vm_enough_memory is currently doing, switch both hooks to use the call_int_hook_ignore_default helper and change the default hook return value to 1. Overall the above should not lead to any functional change. After this change, LSM returning the LSM_RET_DEFAULT value will become a no-op for the mentioned hooks. Signed-off-by: Paolo Abeni --- include/linux/lsm_hook_defs.h | 2 +- security/security.c | 34 ++++++++-------------------------- 2 files changed, 9 insertions(+), 27 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 49f1f9bed958..e41ae0f90825 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry) LSM_HOOK(int, 0, syslog, int type) LSM_HOOK(int, 0, settime, const struct timespec64 *ts, const struct timezone *tz) -LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages) +LSM_HOOK(int, 1, vm_enough_memory, struct mm_struct *mm, long pages) LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm) LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file) LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm) diff --git a/security/security.c b/security/security.c index 0528cbef0624..b7b2d359c230 100644 --- a/security/security.c +++ b/security/security.c @@ -1036,9 +1036,7 @@ int security_settime64(const struct timespec64 *ts, const struct timezone *tz) */ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) { - struct security_hook_list *hp; - int cap_sys_admin = 1; - int rc; + int cap_sys_admin; /* * The module will respond with a positive value if @@ -1047,13 +1045,8 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) * agree that it should be set it will. If any module * thinks it should not be set it won't. */ - hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) { - rc = hp->hook.vm_enough_memory(mm, pages); - if (rc <= 0) { - cap_sys_admin = 0; - break; - } - } + cap_sys_admin = call_int_hook_ignore_default(vm_enough_memory, 1, mm, + pages); return __vm_enough_memory(mm, pages, cap_sys_admin); } @@ -4922,24 +4915,13 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, const struct flowi_common *flic) { - struct security_hook_list *hp; - int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match); - /* - * Since this function is expected to return 0 or 1, the judgment - * becomes difficult if multiple LSMs supply this call. Fortunately, - * we can use the first LSM's judgment because currently only SELinux - * supplies this call. - * - * For speed optimization, we explicitly break the loop rather than - * using the macro + * The module will respond with a 1 value if + * it thinks there is a match. If all of the modules + * agree we consider the match succesfull. */ - hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, - list) { - rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic); - break; - } - return rc; + return call_int_hook_ignore_default(xfrm_state_pol_flow_match, + 1, x, xp, flic); } /**