lsm: split the xfrm_state_alloc_security() hook implementation
The xfrm_state_alloc_security() LSM hook implementation is really a multiplexed hook with two different behaviors depending on the arguments passed to it by the caller. This patch splits the LSM hook implementation into two new hook implementations, which match the LSM hooks in the rest of the kernel: * xfrm_state_alloc * xfrm_state_alloc_acquire Also included in this patch are the necessary changes to the SELinux code; no other LSMs are affected. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Paul Moore
Eric Paris
parent
8bb495e3f0
commit
2e5aa86609
6 changed files with 128 additions and 132 deletions
|
|
@ -5708,7 +5708,8 @@ static struct security_operations selinux_ops = {
|
|||
.xfrm_policy_clone_security = selinux_xfrm_policy_clone,
|
||||
.xfrm_policy_free_security = selinux_xfrm_policy_free,
|
||||
.xfrm_policy_delete_security = selinux_xfrm_policy_delete,
|
||||
.xfrm_state_alloc_security = selinux_xfrm_state_alloc,
|
||||
.xfrm_state_alloc = selinux_xfrm_state_alloc,
|
||||
.xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
|
||||
.xfrm_state_free_security = selinux_xfrm_state_free,
|
||||
.xfrm_state_delete_security = selinux_xfrm_state_delete,
|
||||
.xfrm_policy_lookup = selinux_xfrm_policy_lookup,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue