diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-07-13 14:05:56 -0400 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2018-07-16 15:31:57 -0400 |
| commit | 377179cd28cd417dcfb4396edb824533431e607e (patch) | |
| tree | 65c6670521648ce4a307cae400786f442952c532 /security | |
| parent | 57b54d74dd5c559bd35f2affaf11d8828aaf5733 (diff) | |
security: define new LSM hook named security_kernel_load_data
Differentiate between the kernel reading a file specified by userspace
from the kernel loading a buffer containing data provided by userspace.
This patch defines a new LSM hook named security_kernel_load_data().
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Luis R. Rodriguez <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/security.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 68f46d849abe..c2de2f134854 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -1056,6 +1056,11 @@ int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, | |||
| 1056 | } | 1056 | } |
| 1057 | EXPORT_SYMBOL_GPL(security_kernel_post_read_file); | 1057 | EXPORT_SYMBOL_GPL(security_kernel_post_read_file); |
| 1058 | 1058 | ||
| 1059 | int security_kernel_load_data(enum kernel_load_data_id id) | ||
| 1060 | { | ||
| 1061 | return call_int_hook(kernel_load_data, 0, id); | ||
| 1062 | } | ||
| 1063 | |||
| 1059 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 1064 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
| 1060 | int flags) | 1065 | int flags) |
| 1061 | { | 1066 | { |