aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid P. Quigley2008-02-05 00:29:39 -0600
committerLinus Torvalds2008-02-05 11:44:20 -0600
commit42492594043d621a7910ff5877c3eb9202870b45 (patch)
tree9188d112c019a189606847dc1d90ccc63c1bacf2 /security/security.c
parent3729145821e3088a0c3c4183037fde356204bf97 (diff)
downloadkernel-common-42492594043d621a7910ff5877c3eb9202870b45.tar.gz
kernel-common-42492594043d621a7910ff5877c3eb9202870b45.tar.xz
kernel-common-42492594043d621a7910ff5877c3eb9202870b45.zip
VFS/Security: Rework inode_getsecurity and callers to return resulting buffer
This patch modifies the interface to inode_getsecurity to have the function return a buffer containing the security blob and its length via parameters instead of relying on the calling function to give it an appropriately sized buffer. Security blobs obtained with this function should be freed using the release_secctx LSM hook. This alleviates the problem of the caller having to guess a length and preallocate a buffer for this function allowing it to be used elsewhere for Labeled NFS. The patch also removed the unused err parameter. The conversion is similar to the one performed by Al Viro for the security_getprocattr hook. Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index ca475ca206e..b6c57a6b2ff 100644
--- a/security/security.c
+++ b/security/security.c
@@ -493,11 +493,11 @@ int security_inode_killpriv(struct dentry *dentry)
493 return security_ops->inode_killpriv(dentry); 493 return security_ops->inode_killpriv(dentry);
494} 494}
495 495
496int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) 496int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
497{ 497{
498 if (unlikely(IS_PRIVATE(inode))) 498 if (unlikely(IS_PRIVATE(inode)))
499 return 0; 499 return 0;
500 return security_ops->inode_getsecurity(inode, name, buffer, size, err); 500 return security_ops->inode_getsecurity(inode, name, buffer, alloc);
501} 501}
502 502
503int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 503int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)