On Jul 11, 2024 Xu Kuohai <xukuohai@xxxxxxxxxxxxxxx> wrote: > > To be consistent with most LSM hooks, convert the return value of > hook getselfattr to 0 or a negative error code. > > Before: > - Hook getselfattr returns number of attributes found on success > or a negative error code on failure. > > After: > - Hook getselfattr returns 0 on success or a negative error code > on failure. An output parameter @nattr is introduced to hold > the number of attributes found on success. > > Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx> > --- > include/linux/lsm_hook_defs.h | 2 +- > include/linux/security.h | 5 +++-- > security/apparmor/lsm.c | 5 +++-- > security/lsm_syscalls.c | 6 +++++- > security/security.c | 18 +++++++++++------- > security/selinux/hooks.c | 13 +++++++++---- > security/smack/smack_lsm.c | 13 +++++++++---- > 7 files changed, 41 insertions(+), 21 deletions(-) The getselfattr hook is different from the majority of the other LSM hooks as getselfattr is used as part of lsm_get_self_attr(2) syscall and not by other subsystems within the kernel. Let's leave it as-is for now as it is sufficiently special case that a deviation is okay. -- paul-moore.com
