lsm: replace context+len with lsm_context

Replace the (secctx,seclen) pointer pair with a single lsm_context pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. security_secid_to_secctx() and security_lsmproc_to_secctx() will now return the length value on success instead of 0. Cc: netdev@vger.kernel.org Cc: audit@vger.kernel.org Cc: netfilter-devel@vger.kernel.org Cc: Todd Kjos <tkjos@google.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subject tweak, kdoc fix, signedness fix from Dan Carpenter] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2024-10-23 14:21:55 -0700
committer: Paul Moore <paul@paul-moore.com> 2024-12-04 14:42:31 -0500
commit: 2d470c778120d3cdb8d8ab250329ca85f49f12b1 (patch)
tree: 9796bb2460bd31563d4993b32f47fec7c80fad86 /include/net/scm.h
parent: 6fba89813ccf333d2bc4d5caea04cd5f3c39eb50 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/include/net/scm.h b/include/net/scm.h
index f75449e1d876..22bb49589fde 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -109,10 +109,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 	int err;
 
 	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
-		err = security_secid_to_secctx(scm->secid, &ctx.context,
-					       &ctx.len);
+		err = security_secid_to_secctx(scm->secid, &ctx);
 
-		if (!err) {
+		if (err >= 0) {
 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len,
 				 ctx.context);
 			security_release_secctx(&ctx);
author	Casey Schaufler <casey@schaufler-ca.com>	2024-10-23 14:21:55 -0700
committer	Paul Moore <paul@paul-moore.com>	2024-12-04 14:42:31 -0500
commit	2d470c778120d3cdb8d8ab250329ca85f49f12b1 (patch)
tree	9796bb2460bd31563d4993b32f47fec7c80fad86 /include/net/scm.h
parent	6fba89813ccf333d2bc4d5caea04cd5f3c39eb50 (diff)