[v7,01/16] LSM: Single hook called in secmark refcounting

Commit Message

Casey Schaufler Aug. 7, 2019, 10:42 p.m. UTC

Restrict the secmark_refcount_dec and secmark_refcount_inc
interfaces to a single module. The secmark is too small to
share, and this allows the modules a way to detect if the
secmark is theirs to use.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/security.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

Patch

diff --git a/security/security.c b/security/security.c
index e9f579483d12..0467f194d87d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2564,13 +2564,25 @@  EXPORT_SYMBOL(security_secmark_relabel_packet);
 
 void security_secmark_refcount_inc(void)
 {
-	call_void_hook(secmark_refcount_inc);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_inc,
+			     list) {
+		hp->hook.secmark_refcount_inc();
+		break;
+	}
 }
 EXPORT_SYMBOL(security_secmark_refcount_inc);
 
 void security_secmark_refcount_dec(void)
 {
-	call_void_hook(secmark_refcount_dec);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_dec,
+			     list) {
+		hp->hook.secmark_refcount_dec();
+		break;
+	}
 }
 EXPORT_SYMBOL(security_secmark_refcount_dec);