tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UBUNTU: SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/2028253

The LSM hook security_cred_getsecid() provides a single secid
that is only used by the binder driver. Provide the first value
available, and abandon any other hooks.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry picked from commit 99a7fdaa09799cce3cbdfd5acacf120b7ba4daca
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This commit is contained in:
Casey Schaufler
2023-11-06 11:02:57 -08:00
committed by Paolo Pisati
parent bc04c8e3f4
commit b8989f8014
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/security.c
+10 -3
View File
@@ -3174,13 +3174,20 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
* @c: credentials
* @secid: secid value
*
* Retrieve the security identifier of the cred structure @c. In case of
* failure, @secid will be set to zero.
* Retrieve the first available security identifier of the
* cred structure @c. In case of failure, @secid will be set to zero.
* Currently only used by binder.
*/
void security_cred_getsecid(const struct cred *c, u32 *secid)
{
struct security_hook_list *hp;
hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) {
hp->hook.cred_getsecid(c, secid);
return;
}
*secid = 0;
call_void_hook(cred_getsecid, c, secid);
}
EXPORT_SYMBOL(security_cred_getsecid);