Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lsm: replace context+len with lsm_context
Replace the (secctx,seclen) pointer pair with a single
lsm_context pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.
security_secid_to_secctx() and security_lsmproc_to_secctx()
will now return the length value on success instead of 0.
Cc: netdev@vger.kernel.org
Cc: audit@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
Cc: Todd Kjos <tkjos@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject tweak, kdoc fix, signedness fix from Dan Carpenter]
Signed-off-by: Paul Moore <paul@paul-moore.com>
authored by
Casey Schaufler
and committed by
Paul Moore
2d470c77
6fba8981
+121
-125
+2
-3
drivers/android/binder.c
+2
-3
drivers/android/binder.c
···
3296
3296
size_t added_size;
3297
3297
3298
3298
security_cred_getsecid(proc->cred, &secid);
3299
-
ret = security_secid_to_secctx(secid, &lsmctx.context,
3300
-
&lsmctx.len);
3301
-
if (ret) {
3299
+
ret = security_secid_to_secctx(secid, &lsmctx);
3300
+
if (ret < 0) {
3302
3301
binder_txn_error("%d:%d failed to get security context\n",
3303
3302
thread->pid, proc->pid);
3304
3303
return_error = BR_FAILED_REPLY;
+2
-3
include/linux/lsm_hook_defs.h
+2
-3
include/linux/lsm_hook_defs.h
···
295
295
char **value)
296
296
LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size)
297
297
LSM_HOOK(int, 0, ismaclabel, const char *name)
298
-
LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata,
299
-
u32 *seclen)
298
+
LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, struct lsm_context *cp)
300
299
LSM_HOOK(int, -EOPNOTSUPP, lsmprop_to_secctx, struct lsm_prop *prop,
301
-
char **secdata, u32 *seclen)
300
+
struct lsm_context *cp)
302
301
LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid)
303
302
LSM_HOOK(void, LSM_RET_VOID, release_secctx, struct lsm_context *cp)
304
303
LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode)
+4
-5
include/linux/security.h
+4
-5
include/linux/security.h
···
584
584
int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
585
585
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
586
586
int security_ismaclabel(const char *name);
587
-
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
588
-
int security_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata, u32 *seclen);
587
+
int security_secid_to_secctx(u32 secid, struct lsm_context *cp);
588
+
int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp);
589
589
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
590
590
void security_release_secctx(struct lsm_context *cp);
591
591
void security_inode_invalidate_secctx(struct inode *inode);
···
1557
1557
return 0;
1558
1558
}
1559
1559
1560
-
static inline int security_secid_to_secctx(u32 secid, char **secdata,
1561
-
u32 *seclen)
1560
+
static inline int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
1562
1561
{
1563
1562
return -EOPNOTSUPP;
1564
1563
}
1565
1564
1566
1565
static inline int security_lsmprop_to_secctx(struct lsm_prop *prop,
1567
-
char **secdata, u32 *seclen)
1566
+
struct lsm_context *cp)
1568
1567
{
1569
1568
return -EOPNOTSUPP;
1570
1569
}
+2
-3
include/net/scm.h
+2
-3
include/net/scm.h
···
109
109
int err;
110
110
111
111
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
112
-
err = security_secid_to_secctx(scm->secid, &ctx.context,
113
-
&ctx.len);
112
+
err = security_secid_to_secctx(scm->secid, &ctx);
114
113
115
-
if (!err) {
114
+
if (err >= 0) {
116
115
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len,
117
116
ctx.context);
118
117
security_release_secctx(&ctx);
+4
-5
kernel/audit.c
+4
-5
kernel/audit.c
···
1473
1473
case AUDIT_SIGNAL_INFO:
1474
1474
if (lsmprop_is_set(&audit_sig_lsm)) {
1475
1475
err = security_lsmprop_to_secctx(&audit_sig_lsm,
1476
-
&lsmctx.context,
1477
-
&lsmctx.len);
1478
-
if (err)
1476
+
&lsmctx);
1477
+
if (err < 0)
1479
1478
return err;
1480
1479
}
1481
1480
sig_data = kmalloc(struct_size(sig_data, ctx, lsmctx.len),
···
2187
2188
if (!lsmprop_is_set(&prop))
2188
2189
return 0;
2189
2190
2190
-
error = security_lsmprop_to_secctx(&prop, &ctx.context, &ctx.len);
2191
-
if (error) {
2191
+
error = security_lsmprop_to_secctx(&prop, &ctx);
2192
+
if (error < 0) {
2192
2193
if (error != -EINVAL)
2193
2194
goto error_path;
2194
2195
return 0;
+6
-10
kernel/auditsc.c
+6
-10
kernel/auditsc.c
···
1109
1109
from_kuid(&init_user_ns, auid),
1110
1110
from_kuid(&init_user_ns, uid), sessionid);
1111
1111
if (lsmprop_is_set(prop)) {
1112
-
if (security_lsmprop_to_secctx(prop, &ctx.context, &ctx.len)) {
1112
+
if (security_lsmprop_to_secctx(prop, &ctx) < 0) {
1113
1113
audit_log_format(ab, " obj=(none)");
1114
1114
rc = 1;
1115
1115
} else {
···
1370
1370
1371
1371
static void show_special(struct audit_context *context, int *call_panic)
1372
1372
{
1373
-
struct lsm_context lsmcxt;
1374
1373
struct audit_buffer *ab;
1375
1374
int i;
1376
1375
···
1392
1393
from_kgid(&init_user_ns, context->ipc.gid),
1393
1394
context->ipc.mode);
1394
1395
if (lsmprop_is_set(&context->ipc.oprop)) {
1395
-
char *ctx = NULL;
1396
-
u32 len;
1396
+
struct lsm_context lsmctx;
1397
1397
1398
1398
if (security_lsmprop_to_secctx(&context->ipc.oprop,
1399
-
&ctx, &len)) {
1399
+
&lsmctx) < 0) {
1400
1400
*call_panic = 1;
1401
1401
} else {
1402
-
audit_log_format(ab, " obj=%s", ctx);
1403
-
lsmcontext_init(&lsmcxt, ctx, len, 0);
1404
-
security_release_secctx(&lsmcxt);
1402
+
audit_log_format(ab, " obj=%s", lsmctx.context);
1403
+
security_release_secctx(&lsmctx);
1405
1404
}
1406
1405
}
1407
1406
if (context->ipc.has_perm) {
···
1560
1563
if (lsmprop_is_set(&n->oprop)) {
1561
1564
struct lsm_context ctx;
1562
1565
1563
-
if (security_lsmprop_to_secctx(&n->oprop, &ctx.context,
1564
-
&ctx.len)) {
1566
+
if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) {
1565
1567
if (call_panic)
1566
1568
*call_panic = 2;
1567
1569
} else {
+2
-2
net/ipv4/ip_sockglue.c
+2
-2
net/ipv4/ip_sockglue.c
+6
-6
net/netfilter/nf_conntrack_netlink.c
+6
-6
net/netfilter/nf_conntrack_netlink.c
···
360
360
struct lsm_context ctx;
361
361
int ret;
362
362
363
-
ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len);
364
-
if (ret)
363
+
ret = security_secid_to_secctx(ct->secmark, &ctx);
364
+
if (ret < 0)
365
365
return 0;
366
366
367
367
ret = -1;
···
663
663
static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
664
664
{
665
665
#ifdef CONFIG_NF_CONNTRACK_SECMARK
666
-
int len, ret;
666
+
int ret;
667
667
668
-
ret = security_secid_to_secctx(ct->secmark, NULL, &len);
669
-
if (ret)
668
+
ret = security_secid_to_secctx(ct->secmark, NULL);
669
+
if (ret < 0)
670
670
return 0;
671
671
672
672
return nla_total_size(0) /* CTA_SECCTX */
673
-
+ nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
673
+
+ nla_total_size(sizeof(char) * ret); /* CTA_SECCTX_NAME */
674
674
#else
675
675
return 0;
676
676
#endif
+2
-2
net/netfilter/nf_conntrack_standalone.c
+2
-2
net/netfilter/nf_conntrack_standalone.c
···
175
175
struct lsm_context ctx;
176
176
int ret;
177
177
178
-
ret = security_secid_to_secctx(ct->secmark, &ctx.context, &ctx.len);
179
-
if (ret)
178
+
ret = security_secid_to_secctx(ct->secmark, &ctx);
179
+
if (ret < 0)
180
180
return;
181
181
182
182
seq_printf(s, "secctx=%s ", ctx.context);
+11
-16
net/netfilter/nfnetlink_queue.c
+11
-16
net/netfilter/nfnetlink_queue.c
···
470
470
return 0;
471
471
}
472
472
473
-
static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
473
+
static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx)
474
474
{
475
475
u32 seclen = 0;
476
476
#if IS_ENABLED(CONFIG_NETWORK_SECMARK)
477
+
477
478
if (!skb || !sk_fullsock(skb->sk))
478
479
return 0;
479
480
480
481
read_lock_bh(&skb->sk->sk_callback_lock);
481
482
482
483
if (skb->secmark)
483
-
security_secid_to_secctx(skb->secmark, secdata, &seclen);
484
-
484
+
seclen = security_secid_to_secctx(skb->secmark, ctx);
485
485
read_unlock_bh(&skb->sk->sk_callback_lock);
486
486
#endif
487
487
return seclen;
···
567
567
enum ip_conntrack_info ctinfo = 0;
568
568
const struct nfnl_ct_hook *nfnl_ct;
569
569
bool csum_verify;
570
-
struct lsm_context scaff; /* scaffolding */
571
-
char *secdata = NULL;
570
+
struct lsm_context ctx;
572
571
u32 seclen = 0;
573
572
ktime_t tstamp;
574
573
···
642
643
}
643
644
644
645
if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) {
645
-
seclen = nfqnl_get_sk_secctx(entskb, &secdata);
646
-
if (seclen)
646
+
seclen = nfqnl_get_sk_secctx(entskb, &ctx);
647
+
if (seclen >= 0)
647
648
size += nla_total_size(seclen);
648
649
}
649
650
···
782
783
if (nfqnl_put_sk_classid(skb, entskb->sk) < 0)
783
784
goto nla_put_failure;
784
785
785
-
if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata))
786
+
if (seclen && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context))
786
787
goto nla_put_failure;
787
788
788
789
if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0)
···
810
811
}
811
812
812
813
nlh->nlmsg_len = skb->len;
813
-
if (seclen) {
814
-
lsmcontext_init(&scaff, secdata, seclen, 0);
815
-
security_release_secctx(&scaff);
816
-
}
814
+
if (seclen >= 0)
815
+
security_release_secctx(&ctx);
817
816
return skb;
818
817
819
818
nla_put_failure:
···
819
822
kfree_skb(skb);
820
823
net_err_ratelimited("nf_queue: error creating packet message\n");
821
824
nlmsg_failure:
822
-
if (seclen) {
823
-
lsmcontext_init(&scaff, secdata, seclen, 0);
824
-
security_release_secctx(&scaff);
825
-
}
825
+
if (seclen >= 0)
826
+
security_release_secctx(&ctx);
826
827
return NULL;
827
828
}
828
829
+5
-9
net/netlabel/netlabel_unlabeled.c
+5
-9
net/netlabel/netlabel_unlabeled.c
···
437
437
unlhsh_add_return:
438
438
rcu_read_unlock();
439
439
if (audit_buf != NULL) {
440
-
if (security_secid_to_secctx(secid,
441
-
&ctx.context,
442
-
&ctx.len) == 0) {
440
+
if (security_secid_to_secctx(secid, &ctx) == 0) {
443
441
audit_log_format(audit_buf, " sec_obj=%s", ctx.context);
444
442
security_release_secctx(&ctx);
445
443
}
···
490
492
addr->s_addr, mask->s_addr);
491
493
dev_put(dev);
492
494
if (entry != NULL &&
493
-
security_secid_to_secctx(entry->secid,
494
-
&ctx.context, &ctx.len) == 0) {
495
+
security_secid_to_secctx(entry->secid, &ctx) == 0) {
495
496
audit_log_format(audit_buf, " sec_obj=%s", ctx.context);
496
497
security_release_secctx(&ctx);
497
498
}
···
548
551
addr, mask);
549
552
dev_put(dev);
550
553
if (entry != NULL &&
551
-
security_secid_to_secctx(entry->secid,
552
-
&ctx.context, &ctx.len) == 0) {
554
+
security_secid_to_secctx(entry->secid, &ctx) == 0) {
553
555
audit_log_format(audit_buf, " sec_obj=%s", ctx.context);
554
556
security_release_secctx(&ctx);
555
557
}
···
1119
1123
secid = addr6->secid;
1120
1124
}
1121
1125
1122
-
ret_val = security_secid_to_secctx(secid, &ctx.context, &ctx.len);
1123
-
if (ret_val != 0)
1126
+
ret_val = security_secid_to_secctx(secid, &ctx);
1127
+
if (ret_val < 0)
1124
1128
goto list_cb_failure;
1125
1129
ret_val = nla_put(cb_arg->skb,
1126
1130
NLBL_UNLABEL_A_SECCTX,
+1
-2
net/netlabel/netlabel_user.c
+1
-2
net/netlabel/netlabel_user.c
···
98
98
audit_info->sessionid);
99
99
100
100
if (lsmprop_is_set(&audit_info->prop) &&
101
-
security_lsmprop_to_secctx(&audit_info->prop, &ctx.context,
102
-
&ctx.len) == 0) {
101
+
security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) {
103
102
audit_log_format(audit_buf, " subj=%s", ctx.context);
104
103
security_release_secctx(&ctx);
105
104
}
+2
-3
security/apparmor/include/secid.h
+2
-3
security/apparmor/include/secid.h
···
25
25
extern int apparmor_display_secid_mode;
26
26
27
27
struct aa_label *aa_secid_to_label(u32 secid);
28
-
int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
29
-
int apparmor_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
30
-
u32 *seclen);
28
+
int apparmor_secid_to_secctx(u32 secid, struct lsm_context *cp);
29
+
int apparmor_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp);
31
30
int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
32
31
void apparmor_release_secctx(struct lsm_context *cp);
33
32
+13
-13
security/apparmor/secid.c
+13
-13
security/apparmor/secid.c
···
47
47
return xa_load(&aa_secids, secid);
48
48
}
49
49
50
-
static int apparmor_label_to_secctx(struct aa_label *label, char **secdata,
51
-
u32 *seclen)
50
+
static int apparmor_label_to_secctx(struct aa_label *label,
51
+
struct lsm_context *cp)
52
52
{
53
53
/* TODO: cache secctx and ref count so we don't have to recreate */
54
54
int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT;
55
55
int len;
56
-
57
-
AA_BUG(!seclen);
58
56
59
57
if (!label)
60
58
return -EINVAL;
···
60
62
if (apparmor_display_secid_mode)
61
63
flags |= FLAG_SHOW_MODE;
62
64
63
-
if (secdata)
64
-
len = aa_label_asxprint(secdata, root_ns, label,
65
+
if (cp)
66
+
len = aa_label_asxprint(&cp->context, root_ns, label,
65
67
flags, GFP_ATOMIC);
66
68
else
67
69
len = aa_label_snxprint(NULL, 0, root_ns, label, flags);
···
69
71
if (len < 0)
70
72
return -ENOMEM;
71
73
72
-
*seclen = len;
74
+
if (cp) {
75
+
cp->len = len;
76
+
cp->id = LSM_ID_APPARMOR;
77
+
}
73
78
74
-
return 0;
79
+
return len;
75
80
}
76
81
77
-
int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
82
+
int apparmor_secid_to_secctx(u32 secid, struct lsm_context *cp)
78
83
{
79
84
struct aa_label *label = aa_secid_to_label(secid);
80
85
81
-
return apparmor_label_to_secctx(label, secdata, seclen);
86
+
return apparmor_label_to_secctx(label, cp);
82
87
}
83
88
84
-
int apparmor_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
85
-
u32 *seclen)
89
+
int apparmor_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)
86
90
{
87
91
struct aa_label *label;
88
92
89
93
label = prop->apparmor.label;
90
94
91
-
return apparmor_label_to_secctx(label, secdata, seclen);
95
+
return apparmor_label_to_secctx(label, cp);
92
96
}
93
97
94
98
int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+15
-19
security/security.c
+15
-19
security/security.c
···
4304
4304
/**
4305
4305
* security_secid_to_secctx() - Convert a secid to a secctx
4306
4306
* @secid: secid
4307
-
* @secdata: secctx
4308
-
* @seclen: secctx length
4307
+
* @cp: the LSM context
4309
4308
*
4310
-
* Convert secid to security context. If @secdata is NULL the length of the
4311
-
* result will be returned in @seclen, but no @secdata will be returned. This
4309
+
* Convert secid to security context. If @cp is NULL the length of the
4310
+
* result will be returned, but no data will be returned. This
4312
4311
* does mean that the length could change between calls to check the length and
4313
-
* the next call which actually allocates and returns the @secdata.
4312
+
* the next call which actually allocates and returns the data.
4314
4313
*
4315
-
* Return: Return 0 on success, error on failure.
4314
+
* Return: Return length of data on success, error on failure.
4316
4315
*/
4317
-
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4316
+
int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
4318
4317
{
4319
-
return call_int_hook(secid_to_secctx, secid, secdata, seclen);
4318
+
return call_int_hook(secid_to_secctx, secid, cp);
4320
4319
}
4321
4320
EXPORT_SYMBOL(security_secid_to_secctx);
4322
4321
4323
4322
/**
4324
4323
* security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
4325
4324
* @prop: lsm specific information
4326
-
* @secdata: secctx
4327
-
* @seclen: secctx length
4325
+
* @cp: the LSM context
4328
4326
*
4329
-
* Convert a @prop entry to security context. If @secdata is NULL the
4330
-
* length of the result will be returned in @seclen, but no @secdata
4331
-
* will be returned. This does mean that the length could change between
4332
-
* calls to check the length and the next call which actually allocates
4333
-
* and returns the @secdata.
4327
+
* Convert a @prop entry to security context. If @cp is NULL the
4328
+
* length of the result will be returned. This does mean that the
4329
+
* length could change between calls to check the length and the
4330
+
* next call which actually allocates and returns the @cp.
4334
4331
*
4335
-
* Return: Return 0 on success, error on failure.
4332
+
* Return: Return length of data on success, error on failure.
4336
4333
*/
4337
-
int security_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
4338
-
u32 *seclen)
4334
+
int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)
4339
4335
{
4340
-
return call_int_hook(lsmprop_to_secctx, prop, secdata, seclen);
4336
+
return call_int_hook(lsmprop_to_secctx, prop, cp);
4341
4337
}
4342
4338
EXPORT_SYMBOL(security_lsmprop_to_secctx);
4343
4339
+18
-5
security/selinux/hooks.c
+18
-5
security/selinux/hooks.c
···
6640
6640
return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6641
6641
}
6642
6642
6643
-
static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6643
+
static int selinux_secid_to_secctx(u32 secid, struct lsm_context *cp)
6644
6644
{
6645
-
return security_sid_to_context(secid, secdata, seclen);
6645
+
u32 seclen;
6646
+
int ret;
6647
+
6648
+
if (cp) {
6649
+
cp->id = LSM_ID_SELINUX;
6650
+
ret = security_sid_to_context(secid, &cp->context, &cp->len);
6651
+
if (ret < 0)
6652
+
return ret;
6653
+
return cp->len;
6654
+
}
6655
+
ret = security_sid_to_context(secid, NULL, &seclen);
6656
+
if (ret < 0)
6657
+
return ret;
6658
+
return seclen;
6646
6659
}
6647
6660
6648
-
static int selinux_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
6649
-
u32 *seclen)
6661
+
static int selinux_lsmprop_to_secctx(struct lsm_prop *prop,
6662
+
struct lsm_context *cp)
6650
6663
{
6651
-
return selinux_secid_to_secctx(prop->selinux.secid, secdata, seclen);
6664
+
return selinux_secid_to_secctx(prop->selinux.secid, cp);
6652
6665
}
6653
6666
6654
6667
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+26
-19
security/smack/smack_lsm.c
+26
-19
security/smack/smack_lsm.c
···
4818
4818
}
4819
4819
4820
4820
/**
4821
+
* smack_to_secctx - fill a lsm_context
4822
+
* @skp: Smack label
4823
+
* @cp: destination
4824
+
*
4825
+
* Fill the passed @cp and return the length of the string
4826
+
*/
4827
+
static int smack_to_secctx(struct smack_known *skp, struct lsm_context *cp)
4828
+
{
4829
+
int len = strlen(skp->smk_known);
4830
+
4831
+
if (cp) {
4832
+
cp->context = skp->smk_known;
4833
+
cp->len = len;
4834
+
cp->id = LSM_ID_SMACK;
4835
+
}
4836
+
return len;
4837
+
}
4838
+
4839
+
/**
4821
4840
* smack_secid_to_secctx - return the smack label for a secid
4822
4841
* @secid: incoming integer
4823
-
* @secdata: destination
4824
-
* @seclen: how long it is
4842
+
* @cp: destination
4825
4843
*
4826
4844
* Exists for networking code.
4827
4845
*/
4828
-
static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4846
+
static int smack_secid_to_secctx(u32 secid, struct lsm_context *cp)
4829
4847
{
4830
-
struct smack_known *skp = smack_from_secid(secid);
4831
-
4832
-
if (secdata)
4833
-
*secdata = skp->smk_known;
4834
-
*seclen = strlen(skp->smk_known);
4835
-
return 0;
4848
+
return smack_to_secctx(smack_from_secid(secid), cp);
4836
4849
}
4837
4850
4838
4851
/**
4839
4852
* smack_lsmprop_to_secctx - return the smack label
4840
4853
* @prop: includes incoming Smack data
4841
-
* @secdata: destination
4842
-
* @seclen: how long it is
4854
+
* @cp: destination
4843
4855
*
4844
4856
* Exists for audit code.
4845
4857
*/
4846
-
static int smack_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
4847
-
u32 *seclen)
4858
+
static int smack_lsmprop_to_secctx(struct lsm_prop *prop,
4859
+
struct lsm_context *cp)
4848
4860
{
4849
-
struct smack_known *skp = prop->smack.skp;
4850
-
4851
-
if (secdata)
4852
-
*secdata = skp->smk_known;
4853
-
*seclen = strlen(skp->smk_known);
4854
-
return 0;
4861
+
return smack_to_secctx(prop->smack.skp, cp);
4855
4862
}
4856
4863
4857
4864
/**