mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-08 14:23:19 +00:00
bpf,selinux: allocate bpf_security_struct per BPF token
Utilize newly added bpf_token_create/bpf_token_free LSM hooks to allocate struct bpf_security_struct for each BPF token object in SELinux. This just follows similar pattern for BPF prog and map. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/r/20231130185229.2688956-18-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
parent
dc5196fac4
commit
36fb94944b
@ -6828,6 +6828,29 @@ static void selinux_bpf_prog_free(struct bpf_prog *prog)
|
||||
prog->aux->security = NULL;
|
||||
kfree(bpfsec);
|
||||
}
|
||||
|
||||
static int selinux_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
|
||||
struct path *path)
|
||||
{
|
||||
struct bpf_security_struct *bpfsec;
|
||||
|
||||
bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
|
||||
if (!bpfsec)
|
||||
return -ENOMEM;
|
||||
|
||||
bpfsec->sid = current_sid();
|
||||
token->security = bpfsec;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void selinux_bpf_token_free(struct bpf_token *token)
|
||||
{
|
||||
struct bpf_security_struct *bpfsec = token->security;
|
||||
|
||||
token->security = NULL;
|
||||
kfree(bpfsec);
|
||||
}
|
||||
#endif
|
||||
|
||||
struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = {
|
||||
@ -7183,6 +7206,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
|
||||
LSM_HOOK_INIT(bpf_map_free, selinux_bpf_map_free),
|
||||
LSM_HOOK_INIT(bpf_prog_free, selinux_bpf_prog_free),
|
||||
LSM_HOOK_INIT(bpf_token_free, selinux_bpf_token_free),
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_PERF_EVENTS
|
||||
@ -7241,6 +7265,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
|
||||
#ifdef CONFIG_BPF_SYSCALL
|
||||
LSM_HOOK_INIT(bpf_map_create, selinux_bpf_map_create),
|
||||
LSM_HOOK_INIT(bpf_prog_load, selinux_bpf_prog_load),
|
||||
LSM_HOOK_INIT(bpf_token_create, selinux_bpf_token_create),
|
||||
#endif
|
||||
#ifdef CONFIG_PERF_EVENTS
|
||||
LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc),
|
||||
|
Loading…
Reference in New Issue
Block a user