selinux,smack: properly reference the LSM blob in security_watch_key()

Unfortunately when we migrated the lifecycle management of the key LSM blob to the LSM framework we forgot to convert the security_watch_key() callbacks for SELinux and Smack. This patch corrects this by making use of the selinux_key() and smack_key() helper functions respectively. This patch also removes some input checking in the Smack callback as it is no longer needed. Fixes: 5f8d28f6d7d5 ("lsm: infrastructure management of the key security blob") Reported-by: syzbot+044fdf24e96093584232@syzkaller.appspotmail.com Tested-by: syzbot+044fdf24e96093584232@syzkaller.appspotmail.com Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2024-09-19 11:37:11 -0400
committer: Paul Moore <paul@paul-moore.com> 2024-09-19 16:37:01 -0400
commit: 8a23c9e1ba4642b60420e8caa75859883a509c24 (patch)
tree: 5e2355935f9261b1f00c90c234c487207bf59c3f /security/selinux
parent: ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 81fbfa5b80d4..67baa487cf7a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6720,7 +6720,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
 #ifdef CONFIG_KEY_NOTIFICATIONS
 static int selinux_watch_key(struct key *key)
 {
-	struct key_security_struct *ksec = key->security;
+	struct key_security_struct *ksec = selinux_key(key);
 	u32 sid = current_sid();
 
 	return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
author	Paul Moore <paul@paul-moore.com>	2024-09-19 11:37:11 -0400
committer	Paul Moore <paul@paul-moore.com>	2024-09-19 16:37:01 -0400
commit	8a23c9e1ba4642b60420e8caa75859883a509c24 (patch)
tree	5e2355935f9261b1f00c90c234c487207bf59c3f /security/selinux
parent	ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 (diff)