[04/58] LSM: Create an lsm_export data structure.

Message ID	20190531233149.715-5-casey@schaufler-ca.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <selinux-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH 04/58] LSM: Create an lsm_export data structure. Date: Fri, 31 May 2019 16:30:55 -0700 Message-Id: <20190531233149.715-5-casey@schaufler-ca.com> In-Reply-To: <20190531233149.715-1-casey@schaufler-ca.com> References: <20190531233149.715-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	LSM: Module stacking for AppArmor \| expand [00/58] LSM: Module stacking for AppArmor [01/58] LSM: Infrastructure management of the superblock [02/58] LSM: Infrastructure management of the sock security [03/58] LSM: Infrastructure management of the key security blob [04/58] LSM: Create an lsm_export data structure. [05/58] LSM: Use lsm_export in the inode_getsecid hooks [06/58] LSM: Use lsm_export in the cred_getsecid hooks [07/58] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks [08/58] LSM: Use lsm_export in the kernel_ask_as hooks [09/58] LSM: Use lsm_export in the getpeersec_dgram hooks [10/58] LSM: Use lsm_export in the audit_rule_match hooks [11/58] LSM: Use lsm_export in the secid_to_secctx hooks [12/58] LSM: Use lsm_export in the secctx_to_secid hooks [13/58] LSM: Use lsm_export in security_audit_rule_match [14/58] LSM: Use lsm_export in security_kernel_act_as [15/58] LSM: Use lsm_export in security_socket_getpeersec_dgram [16/58] LSM: Use lsm_export in security_secctx_to_secid [17/58] LSM: Use lsm_export in security_secid_to_secctx

Message ID

20190531233149.715-5-casey@schaufler-ca.com (mailing list archive)

State

Superseded

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
        john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
        paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH 04/58] LSM: Create an lsm_export data structure.
Date: Fri, 31 May 2019 16:30:55 -0700
Message-Id: <20190531233149.715-5-casey@schaufler-ca.com>
In-Reply-To: <20190531233149.715-1-casey@schaufler-ca.com>
References: <20190531233149.715-1-casey@schaufler-ca.com>
Sender: selinux-owner@vger.kernel.org
Precedence: bulk

Series

LSM: Module stacking for AppArmor | expand

Commit Message

Casey Schaufler May 31, 2019, 11:30 p.m. UTC

When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/linux/security.h b/include/linux/security.h
index 49f2685324b0..81f9f79f9a1e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -76,6 +76,18 @@  enum lsm_event {
 	LSM_POLICY_CHANGE,
 };
 
+/* Data exported by the security modules */
+struct lsm_export {
+	u32	selinux;
+	u32	smack;
+	u32	apparmor;
+	u32	flags;
+};
+#define LSM_EXPORT_NONE		0x00
+#define LSM_EXPORT_SELINUX	0x01
+#define LSM_EXPORT_SMACK	0x02
+#define LSM_EXPORT_APPARMOR	0x04
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);

[04/58] LSM: Create an lsm_export data structure.

Commit Message

Patch