forked from Minki/linux
b1d9e6b064
Instead of using a vector of security operations with explicit, special case stacking of the capability and yama hooks use lists of hooks with capability and yama hooks included as appropriate. The security_operations structure is no longer required. Instead, there is a union of the function pointers that allows all the hooks lists to use a common mechanism for list management while retaining typing. Each module supplies an array describing the hooks it provides instead of a sparsely populated security_operations structure. The description includes the element that gets put on the hook list, avoiding the issues surrounding individual element allocation. The method for registering security modules is changed to reflect the information available. The method for removing a module, currently only used by SELinux, has also changed. It should be generic now, however if there are potential race conditions based on ordering of hook removal that needs to be addressed by the calling module. The security hooks are called from the lists and the first failure is returned. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
---|---|---|
.. | ||
include | ||
.gitignore | ||
apparmorfs.c | ||
audit.c | ||
capability.c | ||
context.c | ||
crypto.c | ||
domain.c | ||
file.c | ||
ipc.c | ||
Kconfig | ||
lib.c | ||
lsm.c | ||
Makefile | ||
match.c | ||
path.c | ||
policy_unpack.c | ||
policy.c | ||
procattr.c | ||
resource.c | ||
sid.c |