Infrastructure management of the cred security blob
Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:

committed by
Kees Cook

parent
43fc460907
commit
bbd3662a83
@@ -2027,6 +2027,13 @@ struct security_hook_list {
|
||||
char *lsm;
|
||||
} __randomize_layout;
|
||||
|
||||
/*
|
||||
* Security blob size or offset data.
|
||||
*/
|
||||
struct lsm_blob_sizes {
|
||||
int lbs_cred;
|
||||
};
|
||||
|
||||
/*
|
||||
* Initializing a security_hook_list structure takes
|
||||
* up a lot of space in a source file. This macro takes
|
||||
@@ -2056,6 +2063,7 @@ struct lsm_info {
|
||||
unsigned long flags; /* Optional: flags describing LSM */
|
||||
int *enabled; /* Optional: controlled by CONFIG_LSM */
|
||||
int (*init)(void); /* Required. */
|
||||
struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
|
||||
};
|
||||
|
||||
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
|
||||
@@ -2095,4 +2103,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
|
||||
#define __lsm_ro_after_init __ro_after_init
|
||||
#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
|
||||
|
||||
#ifdef CONFIG_SECURITY
|
||||
void __init lsm_early_cred(struct cred *cred);
|
||||
#endif
|
||||
|
||||
#endif /* ! __LINUX_LSM_HOOKS_H */
|
||||
|
Reference in New Issue
Block a user