diff --git a/rust/kernel/cred.rs b/rust/kernel/cred.rs index 169cd8590783..3aa2e4c4a50c 100644 --- a/rust/kernel/cred.rs +++ b/rust/kernel/cred.rs @@ -55,6 +55,7 @@ impl Credential { } /// Returns a raw pointer to the inner credential. + #[inline] pub fn as_ptr(&self) -> *const bindings::cred { self.0.get() } diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs index 4bb41a8f07b7..bbc122ec6a42 100644 --- a/rust/kernel/security.rs +++ b/rust/kernel/security.rs @@ -15,6 +15,7 @@ use crate::{ /// Calls the security modules to determine if the given task can become the manager of a binder /// context. +#[inline] pub fn binder_set_context_mgr(mgr: &Credential) -> Result { // SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount. to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) }) @@ -22,6 +23,7 @@ pub fn binder_set_context_mgr(mgr: &Credential) -> Result { /// Calls the security modules to determine if binder transactions are allowed from task `from` to /// task `to`. +#[inline] pub fn binder_transaction(from: &Credential, to: &Credential) -> Result { // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts. to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) }) @@ -29,6 +31,7 @@ pub fn binder_transaction(from: &Credential, to: &Credential) -> Result { /// Calls the security modules to determine if task `from` is allowed to send binder objects /// (owned by itself or other processes) to task `to` through a binder transaction. +#[inline] pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result { // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts. to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) }) @@ -36,6 +39,7 @@ pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result { /// Calls the security modules to determine if task `from` is allowed to send the given file to /// task `to` (which would get its own file descriptor) through a binder transaction. +#[inline] pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result { // SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero // refcounts. diff --git a/security/security.c b/security/security.c index c5981e558bc2..cb999f0f8094 100644 --- a/security/security.c +++ b/security/security.c @@ -997,6 +997,7 @@ int security_binder_set_context_mgr(const struct cred *mgr) { return call_int_hook(binder_set_context_mgr, mgr); } +EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); /** * security_binder_transaction() - Check if a binder transaction is allowed @@ -1012,6 +1013,7 @@ int security_binder_transaction(const struct cred *from, { return call_int_hook(binder_transaction, from, to); } +EXPORT_SYMBOL_GPL(security_binder_transaction); /** * security_binder_transfer_binder() - Check if a binder transfer is allowed @@ -1027,6 +1029,7 @@ int security_binder_transfer_binder(const struct cred *from, { return call_int_hook(binder_transfer_binder, from, to); } +EXPORT_SYMBOL_GPL(security_binder_transfer_binder); /** * security_binder_transfer_file() - Check if a binder file xfer is allowed @@ -1043,6 +1046,7 @@ int security_binder_transfer_file(const struct cred *from, { return call_int_hook(binder_transfer_file, from, to, file); } +EXPORT_SYMBOL_GPL(security_binder_transfer_file); /** * security_ptrace_access_check() - Check if tracing is allowed