LSM: Infrastructure management of the inode security
Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Casey Schaufler
committed by
Kees Cook
Kees Cook
parent
fb4021b6fb
commit
afb1cbe374
@@ -57,10 +57,7 @@ enum label_initialized {
|
||||
|
||||
struct inode_security_struct {
|
||||
struct inode *inode; /* back pointer to inode object */
|
||||
union {
|
||||
struct list_head list; /* list of inode_security_struct */
|
||||
struct rcu_head rcu; /* for freeing the inode_security_struct */
|
||||
};
|
||||
struct list_head list; /* list of inode_security_struct */
|
||||
u32 task_sid; /* SID of creating task */
|
||||
u32 sid; /* SID of this object */
|
||||
u16 sclass; /* security class of this object */
|
||||
@@ -173,7 +170,9 @@ static inline struct file_security_struct *selinux_file(const struct file *file)
|
||||
static inline struct inode_security_struct *selinux_inode(
|
||||
const struct inode *inode)
|
||||
{
|
||||
return inode->i_security;
|
||||
if (unlikely(!inode->i_security))
|
||||
return NULL;
|
||||
return inode->i_security + selinux_blob_sizes.lbs_inode;
|
||||
}
|
||||
|
||||
#endif /* _SELINUX_OBJSEC_H_ */
|
||||
|
||||
Reference in New Issue
Block a user