LSM: Infrastructure management of the task security Move management of the task_struct->security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. The only user of this blob is AppArmor. The AppArmor use is abstracted to avoid future conflict. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>

commit: f4ad8f2c40769b3cc9497ba0883bbaf823f7752f [log] [tgz]
author: Casey Schaufler <casey@schaufler-ca.com> Fri Sep 21 17:19:37 2018 -0700
committer: Kees Cook <keescook@chromium.org> Tue Jan 08 13:18:45 2019 -0800
tree: ae8e8bfc5a3abfaa5ea3c90908efd941a230bbdf
parent: afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 [diff] [blame]
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1c798e8..9b39fef 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h

@@ -2034,6 +2034,7 @@
 	int	lbs_cred;
 	int	lbs_file;
 	int	lbs_inode;
+	int	lbs_task;
 };
 
 /*
@@ -2109,6 +2110,7 @@
 
 #ifdef CONFIG_SECURITY
 void __init lsm_early_cred(struct cred *cred);
+void __init lsm_early_task(struct task_struct *task);
 #endif
 
 #endif /* ! __LINUX_LSM_HOOKS_H */
commit	f4ad8f2c40769b3cc9497ba0883bbaf823f7752f	[log] [tgz]
author	Casey Schaufler <casey@schaufler-ca.com>	Fri Sep 21 17:19:37 2018 -0700
committer	Kees Cook <keescook@chromium.org>	Tue Jan 08 13:18:45 2019 -0800
tree	ae8e8bfc5a3abfaa5ea3c90908efd941a230bbdf
parent	afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 [diff] [blame]