Infrastructure management of the cred security blob

Move management of the cred security blob out of the
security modules and into the security infrastructre.
Instead of allocating and freeing space the security
modules tell the infrastructure how much space they
require.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Casey Schaufler
2018-11-12 09:30:56 -08:00
committed by Kees Cook
parent 43fc460907
commit bbd3662a83
11 changed files with 162 additions and 102 deletions

View File

@@ -2027,6 +2027,13 @@ struct security_hook_list {
char *lsm;
} __randomize_layout;
/*
* Security blob size or offset data.
*/
struct lsm_blob_sizes {
int lbs_cred;
};
/*
* Initializing a security_hook_list structure takes
* up a lot of space in a source file. This macro takes
@@ -2056,6 +2063,7 @@ struct lsm_info {
unsigned long flags; /* Optional: flags describing LSM */
int *enabled; /* Optional: controlled by CONFIG_LSM */
int (*init)(void); /* Required. */
struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
};
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
@@ -2095,4 +2103,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
#define __lsm_ro_after_init __ro_after_init
#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
#ifdef CONFIG_SECURITY
void __init lsm_early_cred(struct cred *cred);
#endif
#endif /* ! __LINUX_LSM_HOOKS_H */