On 2/3/20 1:54 PM, Stephen Smalley wrote:
I'd suggest something like the following instead:
* @getprocattr
* Get the value of process attribute @name for task @p into a buffer
* allocated by the security module and returned via @value. The
* caller will free the returned buffer via kfree. The set of
* attribute names is fixed by proc but the format of @value is up
* to the security module authors except for the "context" attribute,
* whose value is required to be a NUL-terminated printable ASCII
* string without trailing whitespace.
* @p the task whose attribute is being fetched
* @name the name of the process attribute being fetched
* @value set to point to the buffer containing the attribute value
* Return the length of @value including the NUL on success, or -errno
on error.
The printable ASCII bit is based on what the dbus maintainer requested
in previous discussions. The question of whether the terminating NUL
should be included in the returned length was otherwise left ambiguous
and inconsistent in your patch among the different security modules; if
you prefer not including it in the length returned by the security
modules, you'll need to adjust SELinux at least to not do so for "context".
BTW, I think the above guarantees with the exception of no trailing
whitespace and whether the NUL byte is included or excluded from length
are in reality also required for "current" (and SO_PEERSEC) or existing
userspace will break.
