| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250621171851.5869-14-casey@schaufler-ca.com>
Date: Sat, 21 Jun 2025 10:18:48 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
eparis@...hat.com,
linux-security-module@...r.kernel.org,
audit@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
selinux@...r.kernel.org
Subject: [RFC PATCH 13/15] LSM: restrict security_cred_getsecid() to a single LSM
The LSM hook security_cred_getsecid() provides a single secid
that is only used by the binder driver. Provide the first value
available, and abandon any other hooks.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
security/security.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index dd167a872248..409b1cb10d35 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2740,8 +2740,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
*/
void security_cred_getsecid(const struct cred *c, u32 *secid)
{
+ struct lsm_static_call *scall;
+
*secid = 0;
- call_void_hook(cred_getsecid, c, secid);
+ lsm_for_each_hook(scall, cred_getsecid) {
+ scall->hl->hook.cred_getsecid(c, secid);
+ break;
+ }
}
EXPORT_SYMBOL(security_cred_getsecid);
--
2.47.0
Powered by blists - more mailing lists