diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-07-10 14:32:30 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-07-29 16:54:52 -0400 |
| commit | 61a1dcdceb44d79e5ab511295791b88ea178c045 (patch) | |
| tree | 6b00649321c65c2cc224e843b52415a96944519a /security/selinux | |
| parent | 66de33a0bbb59ef3909d2c65dbbb7fc503d573bd (diff) | |
lsm: infrastructure management of the perf_event security blob
Move management of the perf_event->security blob out of the individual
security modules and into the security infrastructure. Instead of
allocating the blobs from within the modules the modules tell the
infrastructure how much space is required, and the space is allocated
there. There are no longer any modules that require the perf_event_free()
hook. The hook definition has been removed.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 18 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 6 |
2 files changed, 10 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 675c69ebb77c..0939816e9671 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6955,6 +6955,9 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = { .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_key = sizeof(struct key_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), +#ifdef CONFIG_PERF_EVENTS + .lbs_perf_event = sizeof(struct perf_event_security_struct), +#endif .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), .lbs_xattr_count = SELINUX_INODE_INIT_XATTRS, @@ -6986,24 +6989,12 @@ static int selinux_perf_event_alloc(struct perf_event *event) { struct perf_event_security_struct *perfsec; - perfsec = kzalloc(sizeof(*perfsec), GFP_KERNEL); - if (!perfsec) - return -ENOMEM; - + perfsec = selinux_perf_event(event->security); perfsec->sid = current_sid(); - event->security = perfsec; return 0; } -static void selinux_perf_event_free(struct perf_event *event) -{ - struct perf_event_security_struct *perfsec = event->security; - - event->security = NULL; - kfree(perfsec); -} - static int selinux_perf_event_read(struct perf_event *event) { struct perf_event_security_struct *perfsec = event->security; @@ -7316,7 +7307,6 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { #ifdef CONFIG_PERF_EVENTS LSM_HOOK_INIT(perf_event_open, selinux_perf_event_open), - LSM_HOOK_INIT(perf_event_free, selinux_perf_event_free), LSM_HOOK_INIT(perf_event_read, selinux_perf_event_read), LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write), #endif diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index ed9e37f3c9b5..c88cae81ee4c 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -217,4 +217,10 @@ static inline struct ib_security_struct *selinux_ib(void *ib_sec) return ib_sec + selinux_blob_sizes.lbs_ib; } +static inline struct perf_event_security_struct * +selinux_perf_event(void *perf_event) +{ + return perf_event + selinux_blob_sizes.lbs_perf_event; +} + #endif /* _SELINUX_OBJSEC_H_ */ |