Infrastructure management of the cred security blob Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>

commit: bbd3662a834813730912a58efb44dd6df6d952e6 [log] [tgz]
author: Casey Schaufler <casey@schaufler-ca.com> Mon Nov 12 09:30:56 2018 -0800
committer: Kees Cook <keescook@chromium.org> Tue Jan 08 13:18:44 2019 -0800
tree: f4c0252814e717185845bde03fe88d341d5967b5
parent: 43fc460907dc56a3450654efc6ba1dfbcd4594eb [diff] [blame]
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 734b683..c2974b0 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h

@@ -25,6 +25,7 @@
 #include <linux/binfmts.h>
 #include <linux/in.h>
 #include <linux/spinlock.h>
+#include <linux/lsm_hooks.h>
 #include <net/net_namespace.h>
 #include "flask.h"
 #include "avc.h"
@@ -158,9 +159,10 @@ struct bpf_security_struct {
 	u32 sid;  /*SID of bpf obj creater*/
 };
 
+extern struct lsm_blob_sizes selinux_blob_sizes;
 static inline struct task_security_struct *selinux_cred(const struct cred *cred)
 {
-	return cred->security;
+	return cred->security + selinux_blob_sizes.lbs_cred;
 }
 
 #endif /* _SELINUX_OBJSEC_H_ */
commit	bbd3662a834813730912a58efb44dd6df6d952e6	[log] [tgz]
author	Casey Schaufler <casey@schaufler-ca.com>	Mon Nov 12 09:30:56 2018 -0800
committer	Kees Cook <keescook@chromium.org>	Tue Jan 08 13:18:44 2019 -0800
tree	f4c0252814e717185845bde03fe88d341d5967b5
parent	43fc460907dc56a3450654efc6ba1dfbcd4594eb [diff] [blame]