On Wed, Aug 26, 2020 at 11:09 AM Casey Schaufler <[email protected]> wrote: > > Change security_secid_to_secctx() to take a lsmblob as input > instead of a u32 secid. It will then call the LSM hooks > using the lsmblob element allocated for that module. The > callers have been updated as well. This allows for the > possibility that more than one module may be called upon > to translate a secid to a string, as can occur in the > audit code. > > Reviewed-by: Kees Cook <[email protected]> > Reviewed-by: John Johansen <[email protected]> > Acked-by: Stephen Smalley <[email protected]> > Signed-off-by: Casey Schaufler <[email protected]> > --- > drivers/android/binder.c | 12 +++++++++- > include/linux/security.h | 5 +++-- > include/net/scm.h | 8 ++----- > kernel/audit.c | 20 +++++++++++++++-- > kernel/auditsc.c | 28 +++++++++++++++++++---- > net/ipv4/ip_sockglue.c | 5 +---- > net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- > net/netfilter/nf_conntrack_standalone.c | 4 +++- > net/netfilter/nfnetlink_queue.c | 11 +++++++-- > net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- > net/netlabel/netlabel_user.c | 6 ++--- > security/security.c | 11 +++++---- > 12 files changed, 117 insertions(+), 37 deletions(-)
Acked-by: Paul Moore <[email protected]> -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
