LSM: Infrastructure management of the inode security

Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
author: Casey Schaufler <casey@schaufler-ca.com> 2018-09-21 17:19:29 -0700
committer: Kees Cook <keescook@chromium.org> 2019-01-08 13:18:45 -0800
commit: afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 (patch)
tree: 050d1e2575f9a79e20c67634660aef927981694c /include
parent: fb4021b6fb5818df1228a35b7e2645038d01bb9f (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e8cef019b645..1c798e842de2 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2033,6 +2033,7 @@ struct security_hook_list {
 struct lsm_blob_sizes {
 	int	lbs_cred;
 	int	lbs_file;
+	int	lbs_inode;
 };
 
 /*
@@ -2104,6 +2105,8 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
 #define __lsm_ro_after_init	__ro_after_init
 #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
 
+extern int lsm_inode_alloc(struct inode *inode);
+
 #ifdef CONFIG_SECURITY
 void __init lsm_early_cred(struct cred *cred);
 #endif
author	Casey Schaufler <casey@schaufler-ca.com>	2018-09-21 17:19:29 -0700
committer	Kees Cook <keescook@chromium.org>	2019-01-08 13:18:45 -0800
commit	afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 (patch)
tree	050d1e2575f9a79e20c67634660aef927981694c /include
parent	fb4021b6fb5818df1228a35b7e2645038d01bb9f (diff)