summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2023-02-16 23:00:01 +0100
committerPaul Moore <paul@paul-moore.com>2023-03-06 19:41:07 +0100
commitb14faf9c94a66ef398c2c3fa6e141814f04e274e (patch)
treeb4c9d2c9a6bd876a1f613a2805bf8d9336b636e8 /security/security.c
parentlsm: move the binder hook comments to security/security.c (diff)
downloadlinux-b14faf9c94a66ef398c2c3fa6e141814f04e274e.tar.xz
linux-b14faf9c94a66ef398c2c3fa6e141814f04e274e.zip
lsm: move the audit hook comments to security/security.c
This patch relocates the LSM hook function comments to the function definitions, in keeping with the current kernel conventions. This should make the hook descriptions more easily discoverable and easier to maintain. While formatting changes have been done to better fit the kernel-doc style, content changes have been kept to a minimum and limited to text which was obviously incorrect and/or outdated. It is expected the future patches will improve the quality of the function header comments. Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index b21154ed152f..80c05c28b7ff 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4762,21 +4762,62 @@ int security_key_getsecurity(struct key *key, char **_buffer)
#ifdef CONFIG_AUDIT
+/**
+ * security_audit_rule_init() - Allocate and init an LSM audit rule struct
+ * @field: audit action
+ * @op: rule operator
+ * @rulestr: rule context
+ * @lsmrule: receive buffer for audit rule struct
+ *
+ * Allocate and initialize an LSM audit rule structure.
+ *
+ * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
+ * an invalid rule.
+ */
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
}
+/**
+ * security_audit_rule_known() - Check if an audit rule contains LSM fields
+ * @krule: audit rule
+ *
+ * Specifies whether given @krule contains any fields related to the current
+ * LSM.
+ *
+ * Return: Returns 1 in case of relation found, 0 otherwise.
+ */
int security_audit_rule_known(struct audit_krule *krule)
{
return call_int_hook(audit_rule_known, 0, krule);
}
+/**
+ * security_audit_rule_free() - Free an LSM audit rule struct
+ * @lsmrule: audit rule struct
+ *
+ * Deallocate the LSM audit rule structure previously allocated by
+ * audit_rule_init().
+ */
void security_audit_rule_free(void *lsmrule)
{
call_void_hook(audit_rule_free, lsmrule);
}
+/**
+ * security_audit_rule_match() - Check if a label matches an audit rule
+ * @secid: security label
+ * @field: LSM audit field
+ * @op: matching operator
+ * @lsmrule: audit rule
+ *
+ * Determine if given @secid matches a rule previously approved by
+ * security_audit_rule_known().
+ *
+ * Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
+ * failure.
+ */
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
{
return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);