@@ -1568,6 +1568,8 @@ union security_list_options {
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+ int (*buffer_check)(const void *buff, int size, const char *eventname);
+
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect)(struct sock *sock, struct sock *other,
struct sock *newsk);
@@ -1813,6 +1815,7 @@ struct security_hook_heads {
struct list_head inode_notifysecctx;
struct list_head inode_setsecctx;
struct list_head inode_getsecctx;
+ struct list_head buffer_check;
#ifdef CONFIG_SECURITY_NETWORK
struct list_head unix_stream_connect;
struct list_head unix_may_send;
@@ -377,6 +377,8 @@ void security_inode_invalidate_secctx(struct inode *inode);
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+
+void security_buffer_measure(const void *buff, int size, char *eventname);
#else /* CONFIG_SECURITY */
struct security_mnt_opts {
};
@@ -776,6 +778,9 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
*secid = 0;
}
+static inline void security_buffer_measure(const void *buff, int size, char *eventname)
+{ }
+
static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
{
return 0;
@@ -320,6 +320,13 @@ int security_bprm_check(struct linux_binprm *bprm)
return ima_bprm_check(bprm);
}
+void security_buffer_measure(const void *buff, int size, char *eventname)
+{
+ call_void_hook(buffer_check, buff, size, eventname);
+ return ima_buffer_check(buff, size, eventname);
+}
+
+
void security_bprm_committing_creds(struct linux_binprm *bprm)
{
call_void_hook(bprm_committing_creds, bprm);