On Wed, Aug 26, 2020 at 11:09 AM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > Change security_secid_to_secctx() to take a lsmblob as input > instead of a u32 secid. It will then call the LSM hooks > using the lsmblob element allocated for that module. The > callers have been updated as well. This allows for the > possibility that more than one module may be called upon > to translate a secid to a string, as can occur in the > audit code. > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx> > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > --- > drivers/android/binder.c | 12 +++++++++- > include/linux/security.h | 5 +++-- > include/net/scm.h | 8 ++----- > kernel/audit.c | 20 +++++++++++++++-- > kernel/auditsc.c | 28 +++++++++++++++++++---- > net/ipv4/ip_sockglue.c | 5 +---- > net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- > net/netfilter/nf_conntrack_standalone.c | 4 +++- > net/netfilter/nfnetlink_queue.c | 11 +++++++-- > net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- > net/netlabel/netlabel_user.c | 6 ++--- > security/security.c | 11 +++++---- > 12 files changed, 117 insertions(+), 37 deletions(-) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
