security: Add a cred_getsecid hook

For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Paul Moore <paul@paul-moore.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Matthew Garrett <mjg59@google.com> 2018-01-08 16:36:19 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-03-23 06:31:11 -0400
commit: 3ec30113264a7bcd389f51d1738e42da0f41bb5a (patch)
tree: 75a1465c8f53522dafcf2d41085c925cb025e29f /security/security.c
parent: 5893ed18a26d1f56b97c0290b0cbbc2d49d6de28 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 14c291910d25..957e8bee3554 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1005,6 +1005,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
        call_void_hook(cred_transfer, new, old);
 }
+void security_cred_getsecid(const struct cred *c, u32 *secid)
+{
+        *secid = 0;
+        call_void_hook(cred_getsecid, c, secid);
+}
+EXPORT_SYMBOL(security_cred_getsecid);
 int security_kernel_act_as(struct cred *new, u32 secid)
 {
        return call_int_hook(kernel_act_as, 0, new, secid);
author	Matthew Garrett <mjg59@google.com>	2018-01-08 16:36:19 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2018-03-23 06:31:11 -0400
commit	3ec30113264a7bcd389f51d1738e42da0f41bb5a (patch)
tree	75a1465c8f53522dafcf2d41085c925cb025e29f /security/security.c
parent	5893ed18a26d1f56b97c0290b0cbbc2d49d6de28 (diff)

diff --git a/security/security.c b/security/security.c index 14c291910d25..957e8bee3554 100644 --- a/security/security.c +++ b/security/security.c
@@ -1005,6 +1005,13 @@ void security_transfer_creds(struct cred new, const struct cred old)
1005	call_void_hook(cred_transfer, new, old);	1005	call_void_hook(cred_transfer, new, old);
1006	}	1006	}
1007		1007
		1008	void security_cred_getsecid(const struct cred c, u32 secid)
		1009	{
		1010	*secid = 0;
		1011	call_void_hook(cred_getsecid, c, secid);
		1012	}
		1013	EXPORT_SYMBOL(security_cred_getsecid);
		1014
1008	int security_kernel_act_as(struct cred *new, u32 secid)	1015	int security_kernel_act_as(struct cred *new, u32 secid)
1009	{	1016	{
1010	return call_int_hook(kernel_act_as, 0, new, secid);	1017	return call_int_hook(kernel_act_as, 0, new, secid);