diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-10-09 20:32:18 +0300 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-10-11 21:34:15 +0300 |
| commit | b0654ca42998440df42ba2ccc3b7dbe3bf5b7bb5 (patch) | |
| tree | 8c0ee9aa36bbe930160cb0e03dccb1bc861edbdc /security/integrity/ima | |
| parent | e0a8dcbd53b646d8535acd9fec95540275231b13 (diff) | |
| download | linux-b0654ca42998440df42ba2ccc3b7dbe3bf5b7bb5.tar.xz | |
lsm: create new security_cred_getlsmprop LSM hook
Create a new LSM hook security_cred_getlsmprop() which, like
security_cred_getsecid(), fetches LSM specific attributes from the
cred structure. The associated data elements in the audit sub-system
are changed from a secid to a lsm_prop to accommodate multiple possible
LSM audit users.
Cc: linux-integrity@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: selinux@vger.kernel.org
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/integrity/ima')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 553a6f54a1e2..91154bb05900 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -541,8 +541,7 @@ static int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, static int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; - struct lsm_prop prop = { }; + struct lsm_prop prop; security_current_getlsmprop_subj(&prop); ret = process_measurement(bprm->file, current_cred(), @@ -550,9 +549,7 @@ static int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - /* scaffolding */ - prop.scaffold.secid = secid; + security_cred_getlsmprop(bprm->cred, &prop); return process_measurement(bprm->file, bprm->cred, &prop, NULL, 0, MAY_EXEC, CREDS_CHECK); } |