diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-10-09 10:32:18 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-10-11 14:34:15 -0400 |
| commit | b0654ca42998440df42ba2ccc3b7dbe3bf5b7bb5 (patch) | |
| tree | 8c0ee9aa36bbe930160cb0e03dccb1bc861edbdc /security/security.c | |
| parent | e0a8dcbd53b646d8535acd9fec95540275231b13 (diff) | |
lsm: create new security_cred_getlsmprop LSM hook
Create a new LSM hook security_cred_getlsmprop() which, like
security_cred_getsecid(), fetches LSM specific attributes from the
cred structure. The associated data elements in the audit sub-system
are changed from a secid to a lsm_prop to accommodate multiple possible
LSM audit users.
Cc: linux-integrity@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: selinux@vger.kernel.org
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 5e76e35dda09..0003d5ace5cc 100644 --- a/security/security.c +++ b/security/security.c @@ -3273,6 +3273,21 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) EXPORT_SYMBOL(security_cred_getsecid); /** + * security_cred_getlsmprop() - Get the LSM data from a set of credentials + * @c: credentials + * @prop: destination for the LSM data + * + * Retrieve the security data of the cred structure @c. In case of + * failure, @prop will be cleared. + */ +void security_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop) +{ + lsmprop_init(prop); + call_void_hook(cred_getlsmprop, c, prop); +} +EXPORT_SYMBOL(security_cred_getlsmprop); + +/** * security_kernel_act_as() - Set the kernel credentials to act as secid * @new: credentials * @secid: secid |