On Wed, Aug 26, 2020 at 11:04 AM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > Change the secid parameter of security_audit_rule_match > to a lsmblob structure pointer. Pass the entry from the > lsmblob structure for the approprite slot to the LSM hook. > > Change the users of security_audit_rule_match to use the > lsmblob instead of a u32. The scaffolding function lsmblob_init() > fills the blob with the value of the old secid, ensuring that > it is available to the appropriate module hook. The sources of > the secid, security_task_getsecid() and security_inode_getsecid(), > will be converted to use the blob structure later in the series. > At the point the use of lsmblob_init() is dropped. > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx> > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > --- > include/linux/security.h | 7 ++++--- > kernel/auditfilter.c | 6 ++++-- > kernel/auditsc.c | 14 ++++++++++---- > security/integrity/ima/ima.h | 4 ++-- > security/integrity/ima/ima_policy.c | 7 +++++-- > security/security.c | 10 ++++++++-- > 6 files changed, 33 insertions(+), 15 deletions(-) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
