diff options
| author | Paul Moore <[email protected]> | 2024-09-19 15:37:11 +0000 |
|---|---|---|
| committer | Paul Moore <[email protected]> | 2024-09-19 20:37:01 +0000 |
| commit | 8a23c9e1ba4642b60420e8caa75859883a509c24 (patch) | |
| tree | 5e2355935f9261b1f00c90c234c487207bf59c3f /security/selinux/hooks.c | |
| parent | mm: call the security_mmap_file() LSM hook in remap_file_pages() (diff) | |
| download | kernel-8a23c9e1ba4642b60420e8caa75859883a509c24.tar.gz kernel-8a23c9e1ba4642b60420e8caa75859883a509c24.zip | |
selinux,smack: properly reference the LSM blob in security_watch_key()
Unfortunately when we migrated the lifecycle management of the key LSM
blob to the LSM framework we forgot to convert the security_watch_key()
callbacks for SELinux and Smack. This patch corrects this by making use
of the selinux_key() and smack_key() helper functions respectively.
This patch also removes some input checking in the Smack callback as it
is no longer needed.
Fixes: 5f8d28f6d7d5 ("lsm: infrastructure management of the key security blob")
Reported-by: [email protected]
Tested-by: [email protected]
Reviewed-by: Casey Schaufler <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 81fbfa5b80d4..67baa487cf7a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6720,7 +6720,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_KEY_NOTIFICATIONS static int selinux_watch_key(struct key *key) { - struct key_security_struct *ksec = key->security; + struct key_security_struct *ksec = selinux_key(key); u32 sid = current_sid(); return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); |