security: define new LSM hook named security_kernel_load_data Differentiate between the kernel reading a file specified by userspace from the kernel loading a buffer containing data provided by userspace. This patch defines a new LSM hook named security_kernel_load_data(). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>

commit: 377179cd28cd417dcfb4396edb824533431e607e [log] [tgz]
author: Mimi Zohar <zohar@linux.vnet.ibm.com> Fri Jul 13 14:05:56 2018 -0400
committer: James Morris <james.morris@microsoft.com> Mon Jul 16 12:31:57 2018 -0700
tree: 65c6670521648ce4a307cae400786f442952c532
parent: 57b54d74dd5c559bd35f2affaf11d8828aaf5733 [diff] [blame]
diff --git a/security/security.c b/security/security.c
index 68f46d8..c2de2f1 100644
--- a/security/security.c
+++ b/security/security.c

@@ -1056,6 +1056,11 @@
 }
 EXPORT_SYMBOL_GPL(security_kernel_post_read_file);
 
+int security_kernel_load_data(enum kernel_load_data_id id)
+{
+	return call_int_hook(kernel_load_data, 0, id);
+}
+
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
 			     int flags)
 {
commit	377179cd28cd417dcfb4396edb824533431e607e	[log] [tgz]
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	Fri Jul 13 14:05:56 2018 -0400
committer	James Morris <james.morris@microsoft.com>	Mon Jul 16 12:31:57 2018 -0700
tree	65c6670521648ce4a307cae400786f442952c532
parent	57b54d74dd5c559bd35f2affaf11d8828aaf5733 [diff] [blame]