On Wed, 2020-07-29 at 10:58 -0700, Kees Cook wrote: > As with the kernel_load_data LSM hook, add a "contents" flag to the > kernel_read_file LSM hook that indicates whether the LSM can expect > a matching call to the kernel_post_read_file LSM hook with the full > contents of the file. With the coming addition of partial file read > support for kernel_read_file*() API, the LSM will no longer be able > to always see the entire contents of a file during the read calls. > > For cases where the LSM must read examine the complete file contents, > it will need to do so on its own every time the kernel_read_file > hook is called with contents=false (or reject such cases). Adjust all > existing LSMs to retain existing behavior. > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
