summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/linux/lsm_hooks.h17
-rw-r--r--security/security.c39
2 files changed, 39 insertions, 17 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 601d1ecdae0f..3d8d430e271a 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -196,23 +196,6 @@
* @what: kernel feature being accessed.
* Return 0 if permission is granted.
*
- * Security hooks for perf events
- *
- * @perf_event_open:
- * Check whether the @type of perf_event_open syscall is allowed.
- * Return 0 if permission is granted.
- * @perf_event_alloc:
- * Allocate and save perf_event security info.
- * Return 0 on success, error on failure.
- * @perf_event_free:
- * Release (free) perf_event security info.
- * @perf_event_read:
- * Read perf_event security info if allowed.
- * Return 0 if permission is granted.
- * @perf_event_write:
- * Write perf_event security info if allowed.
- * Return 0 if permission is granted.
- *
* Security hooks for io_uring
*
* @uring_override_creds:
diff --git a/security/security.c b/security/security.c
index 4037af6b5196..47506ae1b187 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4927,26 +4927,65 @@ int security_locked_down(enum lockdown_reason what)
EXPORT_SYMBOL(security_locked_down);
#ifdef CONFIG_PERF_EVENTS
+/**
+ * security_perf_event_open() - Check if a perf event open is allowed
+ * @attr: perf event attribute
+ * @type: type of event
+ *
+ * Check whether the @type of perf_event_open syscall is allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_open(struct perf_event_attr *attr, int type)
{
return call_int_hook(perf_event_open, 0, attr, type);
}
+/**
+ * security_perf_event_alloc() - Allocate a perf event LSM blob
+ * @event: perf event
+ *
+ * Allocate and save perf_event security info.
+ *
+ * Return: Returns 0 on success, error on failure.
+ */
int security_perf_event_alloc(struct perf_event *event)
{
return call_int_hook(perf_event_alloc, 0, event);
}
+/**
+ * security_perf_event_free() - Free a perf event LSM blob
+ * @event: perf event
+ *
+ * Release (free) perf_event security info.
+ */
void security_perf_event_free(struct perf_event *event)
{
call_void_hook(perf_event_free, event);
}
+/**
+ * security_perf_event_read() - Check if reading a perf event label is allowed
+ * @event: perf event
+ *
+ * Read perf_event security info if allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_read(struct perf_event *event)
{
return call_int_hook(perf_event_read, 0, event);
}
+/**
+ * security_perf_event_write() - Check if writing a perf event label is allowed
+ * @event: perf event
+ *
+ * Write perf_event security info if allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_write(struct perf_event *event)
{
return call_int_hook(perf_event_write, 0, event);