[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-security-module
Subject: Re: [PATCH v8 1/2] LSM: Multiple concurrent LSMs
From: Casey Schaufler <casey () schaufler-ca ! com>
Date: 2012-11-26 16:33:39
Message-ID: 50B399E3.2000207 () schaufler-ca ! com
[Download RAW message or body]
On 11/26/2012 5:04 AM, Tetsuo Handa wrote:
> Something like this?
I've incorporated several of differences. They'll be in the next (v8) patch.
>
> int security_getprocattr(struct task_struct *p, char *name, char **value)
> {
> struct security_operations *sop;
> struct security_operations *note[COMPOSER_MAX];
> char *values[COMPOSER_MAX];
> int rcs[COMPOSER_MAX];
> int i = 0;
> struct security_operations *preferred = lsm_present;
>
> if (preferred)
> return preferred->getprocattr(p, name, value);
>
> /*
> * Find all the LSMs that produce procattrs and call them,
> * saving the results.
> */
> for_each_hook(sop, getprocattr) {
> note[i] = sop;
> values[i] = NULL;
> rcs[i] = sop->getprocattr(p, name, &values[i]);
> i++;
> }
> /*
> * Special cases for 0 and 1 LSMs getting called.
> * Otherwise, return a composed string.
> */
> if (!i)
> return -EINVAL;
> if (i == 1) {
> *value = values[0];
> return rcs[0];
> } else {
> char *result;
> int notes = i;
> int total = 0;
> for (i = 0; i < notes; i++) {
> if (rcs[i] < 0)
> total += 6; /* "(null)" */
> else
> total += rcs[i];
> total += strlen(note[i]->name) + 2;
> }
> result = kzalloc(total + 3, GFP_KERNEL);
> *value = result;
> if (!result) {
> for (i = 0; i < notes; i++)
> kfree(values[i]);
> return -ENOMEM;
> }
> for (i = 0; i < notes; i++) {
> char *cp;
> strcat(result, "/");
> strcat(result, note[i]->name);
> strcat(result, "=");
> if (!values[i]) {
> strcat(result, "(null)");
> continue;
> }
> cp = memchr(values[i], '\n', rcs[i]);
> if (cp)
> *cp = '\0';
> strncat(result, values[i], rcs[i]);
> kfree(values[i]);
> }
> strcat(result, "/\n");
> return strlen(result) + 1;
> }
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic