diff options
| author | Matthew Garrett <mjg59@google.com> | 2018-01-08 16:36:19 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-03-23 06:31:11 -0400 |
| commit | 3ec30113264a7bcd389f51d1738e42da0f41bb5a (patch) | |
| tree | 75a1465c8f53522dafcf2d41085c925cb025e29f /security/selinux/hooks.c | |
| parent | 5893ed18a26d1f56b97c0290b0cbbc2d49d6de28 (diff) | |
security: Add a cred_getsecid hook
For IMA purposes, we want to be able to obtain the prepared secid in the
bprm structure before the credentials are committed. Add a cred_getsecid
hook that makes this possible.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8abd542c6b7c..b7d4473edbde 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3844,6 +3844,11 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) | |||
| 3844 | *tsec = *old_tsec; | 3844 | *tsec = *old_tsec; |
| 3845 | } | 3845 | } |
| 3846 | 3846 | ||
| 3847 | static void selinux_cred_getsecid(const struct cred *c, u32 *secid) | ||
| 3848 | { | ||
| 3849 | *secid = cred_sid(c); | ||
| 3850 | } | ||
| 3851 | |||
| 3847 | /* | 3852 | /* |
| 3848 | * set the security data for a kernel service | 3853 | * set the security data for a kernel service |
| 3849 | * - all the creation contexts are set to unlabelled | 3854 | * - all the creation contexts are set to unlabelled |
| @@ -6482,6 +6487,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6482 | LSM_HOOK_INIT(cred_free, selinux_cred_free), | 6487 | LSM_HOOK_INIT(cred_free, selinux_cred_free), |
| 6483 | LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), | 6488 | LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), |
| 6484 | LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), | 6489 | LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), |
| 6490 | LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), | ||
| 6485 | LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), | 6491 | LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), |
| 6486 | LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), | 6492 | LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), |
| 6487 | LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), | 6493 | LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), |