diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-07-13 14:05:56 -0400 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2018-07-16 12:31:57 -0700 |
commit | 377179cd28cd417dcfb4396edb824533431e607e (patch) | |
tree | 65c6670521648ce4a307cae400786f442952c532 /security | |
parent | 57b54d74dd5c559bd35f2affaf11d8828aaf5733 (diff) |
security: define new LSM hook named security_kernel_load_data
Differentiate between the kernel reading a file specified by userspace
from the kernel loading a buffer containing data provided by userspace.
This patch defines a new LSM hook named security_kernel_load_data().
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Luis R. Rodriguez <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 68f46d849abe..c2de2f134854 100644 --- a/security/security.c +++ b/security/security.c @@ -1056,6 +1056,11 @@ int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, } EXPORT_SYMBOL_GPL(security_kernel_post_read_file); +int security_kernel_load_data(enum kernel_load_data_id id) +{ + return call_int_hook(kernel_load_data, 0, id); +} + int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) { |