diff options
author | Paul Moore <paul@paul-moore.com> | 2023-02-16 17:13:40 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2023-03-06 13:41:07 -0500 |
commit | 55e853201a9e0383c9f6d5d800155e334685cd7e (patch) | |
tree | 7a100eb0654bf4a29c1f060b29fd53367acbc575 /include/linux/lsm_hooks.h | |
parent | b14faf9c94a66ef398c2c3fa6e141814f04e274e (diff) |
lsm: move the bpf hook comments to security/security.c
This patch relocates the LSM hook function comments to the function
definitions, in keeping with the current kernel conventions. This
should make the hook descriptions more easily discoverable and easier
to maintain.
While formatting changes have been done to better fit the kernel-doc
style, content changes have been kept to a minimum and limited to
text which was obviously incorrect and/or outdated. It is expected
the future patches will improve the quality of the function header
comments.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/lsm_hooks.h')
-rw-r--r-- | include/linux/lsm_hooks.h | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e36387f88083..601d1ecdae0f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -190,42 +190,6 @@ * @key: The key to watch. * Return 0 if permission is granted. * - * Security hooks for using the eBPF maps and programs functionalities through - * eBPF syscalls. - * - * @bpf: - * Do a initial check for all bpf syscalls after the attribute is copied - * into the kernel. The actual security module can implement their own - * rules to check the specific cmd they need. - * Return 0 if permission is granted. - * - * @bpf_map: - * Do a check when the kernel generate and return a file descriptor for - * eBPF maps. - * @map: bpf map that we want to access. - * @mask: the access flags. - * Return 0 if permission is granted. - * - * @bpf_prog: - * Do a check when the kernel generate and return a file descriptor for - * eBPF programs. - * @prog: bpf prog that userspace want to use. - * Return 0 if permission is granted. - * - * @bpf_map_alloc_security: - * Initialize the security field inside bpf map. - * Return 0 on success, error on failure. - * - * @bpf_map_free_security: - * Clean up the security information stored inside bpf map. - * - * @bpf_prog_alloc_security: - * Initialize the security field inside bpf program. - * Return 0 on success, error on failure. - * - * @bpf_prog_free_security: - * Clean up the security information stored inside bpf prog. - * * @locked_down: * Determine whether a kernel feature that potentially enables arbitrary * code execution in kernel space should be permitted. |