On 12/19/2019 1:11 PM, Mimi Zohar wrote: > On Mon, 2019-12-16 at 14:35 -0800, Casey Schaufler wrote: >> When more than one security module is exporting data to >> audit and networking sub-systems a single 32 bit integer >> is no longer sufficient to represent the data. Add a >> structure to be used instead. >> >> The lsmblob structure is currently an array of >> u32 "secids". There is an entry for each of the >> security modules built into the system that would >> use secids if active. The system assigns the module >> a "slot" when it registers hooks. If modules are >> compiled in but not registered there will be unused >> slots. >> >> A new lsm_id structure, which contains the name >> of the LSM and its slot number, is created. There >> is an instance for each LSM, which assigns the name >> and passes it to the infrastructure to set the slot. >> >> Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> >> --- >> include/linux/lsm_hooks.h | 12 ++++++-- >> include/linux/security.h | 58 ++++++++++++++++++++++++++++++++++++++ >> security/apparmor/lsm.c | 7 ++++- >> security/commoncap.c | 7 ++++- >> security/loadpin/loadpin.c | 8 +++++- >> security/safesetid/lsm.c | 8 +++++- >> security/security.c | 28 ++++++++++++++---- >> security/selinux/hooks.c | 8 +++++- >> security/smack/smack_lsm.c | 7 ++++- >> security/tomoyo/tomoyo.c | 8 +++++- >> security/yama/yama_lsm.c | 7 ++++- >> 11 files changed, 142 insertions(+), 16 deletions(-) > security/lockdown/lockdown.c is missing. I'm getting a compiler > error. Whoops. I'll add the new kid to the list. > > Mimi >
