* [PATCH 1/2] landlock: Simplify current_check_access_socket()
@ 2024-03-07 9:39 Mickaël Salaün
2024-03-07 9:39 ` [PATCH 2/2] landlock: Rename "ptrace" files to "task" Mickaël Salaün
0 siblings, 1 reply; 2+ messages in thread
From: Mickaël Salaün @ 2024-03-07 9:39 UTC (permalink / raw
To: Günther Noack, Konstantin Meskhidze, Paul Moore
Cc: Mickaël Salaün, Serge E . Hallyn, linux-kernel,
linux-security-module
Remove the handled_access variable in current_check_access_socket() and
update access_request instead. One up-to-date variable avoids picking
the wrong one.
Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
security/landlock/net.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/security/landlock/net.c b/security/landlock/net.c
index efa1b644a4af..c8bcd29bde09 100644
--- a/security/landlock/net.c
+++ b/security/landlock/net.c
@@ -64,12 +64,11 @@ static const struct landlock_ruleset *get_current_net_domain(void)
static int current_check_access_socket(struct socket *const sock,
struct sockaddr *const address,
const int addrlen,
- const access_mask_t access_request)
+ access_mask_t access_request)
{
__be16 port;
layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_NET] = {};
const struct landlock_rule *rule;
- access_mask_t handled_access;
struct landlock_id id = {
.type = LANDLOCK_KEY_NET_PORT,
};
@@ -164,9 +163,9 @@ static int current_check_access_socket(struct socket *const sock,
BUILD_BUG_ON(sizeof(port) > sizeof(id.key.data));
rule = landlock_find_rule(dom, id);
- handled_access = landlock_init_layer_masks(
+ access_request = landlock_init_layer_masks(
dom, access_request, &layer_masks, LANDLOCK_KEY_NET_PORT);
- if (landlock_unmask_layers(rule, handled_access, &layer_masks,
+ if (landlock_unmask_layers(rule, access_request, &layer_masks,
ARRAY_SIZE(layer_masks)))
return 0;
--
2.44.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] landlock: Rename "ptrace" files to "task"
2024-03-07 9:39 [PATCH 1/2] landlock: Simplify current_check_access_socket() Mickaël Salaün
@ 2024-03-07 9:39 ` Mickaël Salaün
0 siblings, 0 replies; 2+ messages in thread
From: Mickaël Salaün @ 2024-03-07 9:39 UTC (permalink / raw
To: Günther Noack, Konstantin Meskhidze, Paul Moore
Cc: Mickaël Salaün, Serge E . Hallyn, linux-kernel,
linux-security-module
ptrace.[ch] are currently only used for the ptrace LSM hooks but their
scope will expand with IPCs and audit support. Rename ptrace.[ch] to
task.[ch], which better reflect their content. Similarly, rename
landlock_add_ptrace_hooks() to landlock_add_task_hooks(). Keep header
files for now.
Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
security/landlock/Makefile | 2 +-
security/landlock/setup.c | 4 ++--
security/landlock/{ptrace.c => task.c} | 4 ++--
security/landlock/{ptrace.h => task.h} | 8 ++++----
4 files changed, 9 insertions(+), 9 deletions(-)
rename security/landlock/{ptrace.c => task.c} (98%)
rename security/landlock/{ptrace.h => task.h} (52%)
diff --git a/security/landlock/Makefile b/security/landlock/Makefile
index c2e116f2a299..b4538b7cf7d2 100644
--- a/security/landlock/Makefile
+++ b/security/landlock/Makefile
@@ -1,6 +1,6 @@
obj-$(CONFIG_SECURITY_LANDLOCK) := landlock.o
landlock-y := setup.o syscalls.o object.o ruleset.o \
- cred.o ptrace.o fs.o
+ cred.o task.o fs.o
landlock-$(CONFIG_INET) += net.o
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index f6dd33143b7f..28519a45b11f 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -14,8 +14,8 @@
#include "cred.h"
#include "fs.h"
#include "net.h"
-#include "ptrace.h"
#include "setup.h"
+#include "task.h"
bool landlock_initialized __ro_after_init = false;
@@ -34,7 +34,7 @@ const struct lsm_id landlock_lsmid = {
static int __init landlock_init(void)
{
landlock_add_cred_hooks();
- landlock_add_ptrace_hooks();
+ landlock_add_task_hooks();
landlock_add_fs_hooks();
landlock_add_net_hooks();
landlock_initialized = true;
diff --git a/security/landlock/ptrace.c b/security/landlock/task.c
similarity index 98%
rename from security/landlock/ptrace.c
rename to security/landlock/task.c
index 2bfc533d36e4..849f5123610b 100644
--- a/security/landlock/ptrace.c
+++ b/security/landlock/task.c
@@ -16,9 +16,9 @@
#include "common.h"
#include "cred.h"
-#include "ptrace.h"
#include "ruleset.h"
#include "setup.h"
+#include "task.h"
/**
* domain_scope_le - Checks domain ordering for scoped ptrace
@@ -113,7 +113,7 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = {
LSM_HOOK_INIT(ptrace_traceme, hook_ptrace_traceme),
};
-__init void landlock_add_ptrace_hooks(void)
+__init void landlock_add_task_hooks(void)
{
security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
&landlock_lsmid);
diff --git a/security/landlock/ptrace.h b/security/landlock/task.h
similarity index 52%
rename from security/landlock/ptrace.h
rename to security/landlock/task.h
index 265b220ae3bf..7c00360219a2 100644
--- a/security/landlock/ptrace.h
+++ b/security/landlock/task.h
@@ -6,9 +6,9 @@
* Copyright © 2019 ANSSI
*/
-#ifndef _SECURITY_LANDLOCK_PTRACE_H
-#define _SECURITY_LANDLOCK_PTRACE_H
+#ifndef _SECURITY_LANDLOCK_TASK_H
+#define _SECURITY_LANDLOCK_TASK_H
-__init void landlock_add_ptrace_hooks(void);
+__init void landlock_add_task_hooks(void);
-#endif /* _SECURITY_LANDLOCK_PTRACE_H */
+#endif /* _SECURITY_LANDLOCK_TASK_H */
--
2.44.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-07 9:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-07 9:39 [PATCH 1/2] landlock: Simplify current_check_access_socket() Mickaël Salaün
2024-03-07 9:39 ` [PATCH 2/2] landlock: Rename "ptrace" files to "task" Mickaël Salaün
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).