Convert SELinux and Smack to use the lsm_context structure instead of a context/secid pair. There is some scaffolding involved that will be removed when the related data is updated. Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> --- include/linux/lsm_hooks.h | 5 ++--- security/security.c | 6 +++++- security/selinux/hooks.c | 6 ++++-- security/smack/smack_lsm.c | 5 +++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 349d7c28147a..84035aea5a2e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1375,8 +1375,7 @@ * Must be called with inode->i_mutex locked. * * @dentry contains the inode we wish to set the security context of. - * @ctx contains the string which we wish to set in the inode. - * @ctxlen contains the length of @ctx. + * @cp contains the string which we wish to set in the inode. * * @inode_getsecctx: * On success, returns 0 and fills out @cp with the security @@ -1651,7 +1650,7 @@ union security_list_options { void (*inode_invalidate_secctx)(struct inode *inode); int (*inode_notifysecctx)(struct inode *inode, struct lsm_context *cp); - int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen); + int (*inode_setsecctx)(struct dentry *dentry, struct lsm_context *cp); int (*inode_getsecctx)(struct inode *inode, struct lsm_context *cp); #ifdef CONFIG_SECURITY_NETWORK diff --git a/security/security.c b/security/security.c index a49095112416..42c5467ccedc 100644 --- a/security/security.c +++ b/security/security.c @@ -2009,7 +2009,11 @@ EXPORT_SYMBOL(security_inode_notifysecctx); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { - return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); + struct lsm_context lc; + + lc.context = ctx; + lc.len = ctxlen; + return call_int_hook(inode_setsecctx, 0, dentry, &lc); } EXPORT_SYMBOL(security_inode_setsecctx); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8ecdf975c53d..f58c96e2b6c1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6247,9 +6247,11 @@ static int selinux_inode_notifysecctx(struct inode *inode, /* * called with inode->i_mutex locked */ -static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) +static int selinux_inode_setsecctx(struct dentry *dentry, + struct lsm_context *cp) { - return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); + return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, cp->context, + cp->len, 0); } static int selinux_inode_getsecctx(struct inode *inode, struct lsm_context *cp) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4fcd8271ca24..d3ec5f49ef44 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4395,9 +4395,10 @@ static int smack_inode_notifysecctx(struct inode *inode, struct lsm_context *cp) cp->len, 0); } -static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) +static int smack_inode_setsecctx(struct dentry *dentry, struct lsm_context *cp) { - return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); + return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, cp->context, + cp->len, 0); } static int smack_inode_getsecctx(struct inode *inode, struct lsm_context *cp) -- 2.17.0