lsm: split the xfrm_state_alloc_security() hook implementation

The xfrm_state_alloc_security() LSM hook implementation is really a
multiplexed hook with two different behaviors depending on the
arguments passed to it by the caller.  This patch splits the LSM hook
implementation into two new hook implementations, which match the
LSM hooks in the rest of the kernel:

 * xfrm_state_alloc
 * xfrm_state_alloc_acquire

Also included in this patch are the necessary changes to the SELinux
code; no other LSMs are affected.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

1 files changed, 18 insertions, 8 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index 4686491852a7..e5a5e8a41e55 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1039,17 +1039,25 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @xfrm_policy_delete_security:
  *      @ctx contains the xfrm_sec_ctx.
  *      Authorize deletion of xp->security.
- * @xfrm_state_alloc_security:
+ * @xfrm_state_alloc:
  *      @x contains the xfrm_state being added to the Security Association
  *      Database by the XFRM system.
  *      @sec_ctx contains the security context information being provided by
  *      the user-level SA generation program (e.g., setkey or racoon).
- *      @secid contains the secid from which to take the mls portion of the context.
  *      Allocate a security structure to the x->security field; the security
  *      field is initialized to NULL when the xfrm_state is allocated. Set the
- *      context to correspond to either sec_ctx or polsec, with the mls portion
- *      taken from secid in the latter case.
- *      Return 0 if operation was successful (memory to allocate, legal context).
+ *      context to correspond to sec_ctx. Return 0 if operation was successful
+ *      (memory to allocate, legal context).
+ * @xfrm_state_alloc_acquire:
+ *      @x contains the xfrm_state being added to the Security Association
+ *      Database by the XFRM system.
+ *      @polsec contains the policy's security context.
+ *      @secid contains the secid from which to take the mls portion of the
+ *      context.
+ *      Allocate a security structure to the x->security field; the security
+ *      field is initialized to NULL when the xfrm_state is allocated. Set the
+ *      context to correspond to secid. Return 0 if operation was successful
+ *      (memory to allocate, legal context).
  * @xfrm_state_free_security:
  *      @x contains the xfrm_state.
  *      Deallocate x->security.
@@ -1651,9 +1659,11 @@ struct security_operations {
         int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
         void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
         int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
-        int (*xfrm_state_alloc_security) (struct xfrm_state *x,
-                struct xfrm_user_sec_ctx *sec_ctx,
-                u32 secid);
+        int (*xfrm_state_alloc) (struct xfrm_state *x,
+                                 struct xfrm_user_sec_ctx *sec_ctx);
+        int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
+                                         struct xfrm_sec_ctx *polsec,
+                                         u32 secid);
         void (*xfrm_state_free_security) (struct xfrm_state *x);
         int (*xfrm_state_delete_security) (struct xfrm_state *x);
         int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);