summaryrefslogtreecommitdiffstats
path: root/security/selinux/include/objsec.h
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2018-09-22 02:19:29 +0200
committerKees Cook <keescook@chromium.org>2019-01-08 22:18:45 +0100
commitafb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 (patch)
tree050d1e2575f9a79e20c67634660aef927981694c /security/selinux/include/objsec.h
parentSmack: Abstract use of inode security blob (diff)
downloadlinux-afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21.tar.xz
linux-afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21.zip
LSM: Infrastructure management of the inode security
Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/selinux/include/objsec.h')
-rw-r--r--security/selinux/include/objsec.h9
1 files changed, 4 insertions, 5 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 26b4ff6b4d81..562fad58c56b 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -57,10 +57,7 @@ enum label_initialized {
struct inode_security_struct {
struct inode *inode; /* back pointer to inode object */
- union {
- struct list_head list; /* list of inode_security_struct */
- struct rcu_head rcu; /* for freeing the inode_security_struct */
- };
+ struct list_head list; /* list of inode_security_struct */
u32 task_sid; /* SID of creating task */
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
@@ -173,7 +170,9 @@ static inline struct file_security_struct *selinux_file(const struct file *file)
static inline struct inode_security_struct *selinux_inode(
const struct inode *inode)
{
- return inode->i_security;
+ if (unlikely(!inode->i_security))
+ return NULL;
+ return inode->i_security + selinux_blob_sizes.lbs_inode;
}
#endif /* _SELINUX_OBJSEC_H_ */