lsm: security_lsmblob_to_secctx module selection

Add a parameter lsmid to security_lsmblob_to_secctx() to identify which of the security modules that may be active should provide the security context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing a hook is used. security_secid_to_secctx() is unchanged, and will always report the first LSM providing a hook. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subj tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2025-08-16 10:28:57 -0700
committer: Paul Moore <paul@paul-moore.com> 2025-08-30 10:15:29 -0400
commit: a59076f2669ec23a122549e1f4114e8d4255b632 (patch)
tree: 2e92e79f92c48a45210d1b0b7dedf28f7e50501c /kernel/audit.c
parent: 0a561e3904a92492fee8e02a9f69276e939fd990 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 547967cb4266..226c8ae00d04 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1473,7 +1473,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 	case AUDIT_SIGNAL_INFO:
 		if (lsmprop_is_set(&audit_sig_lsm)) {
 			err = security_lsmprop_to_secctx(&audit_sig_lsm,
-							 &lsmctx);
+							 &lsmctx, LSM_ID_UNDEF);
 			if (err < 0)
 				return err;
 		}
@@ -2188,7 +2188,7 @@ int audit_log_task_context(struct audit_buffer *ab)
 	if (!lsmprop_is_set(&prop))
 		return 0;
 
-	error = security_lsmprop_to_secctx(&prop, &ctx);
+	error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF);
 	if (error < 0) {
 		if (error != -EINVAL)
 			goto error_path;
author	Casey Schaufler <casey@schaufler-ca.com>	2025-08-16 10:28:57 -0700
committer	Paul Moore <paul@paul-moore.com>	2025-08-30 10:15:29 -0400
commit	a59076f2669ec23a122549e1f4114e8d4255b632 (patch)
tree	2e92e79f92c48a45210d1b0b7dedf28f7e50501c /kernel/audit.c
parent	0a561e3904a92492fee8e02a9f69276e939fd990 (diff)