lsm: security_lsmblob_to_secctx module selection

Add a parameter lsmid to security_lsmblob_to_secctx() to identify which of the security modules that may be active should provide the security context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing a hook is used. security_secid_to_secctx() is unchanged, and will always report the first LSM providing a hook. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subj tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2025-08-16 10:28:57 -0700
committer: Paul Moore <paul@paul-moore.com> 2025-08-30 10:15:29 -0400
commit: a59076f2669ec23a122549e1f4114e8d4255b632 (patch)
tree: 2e92e79f92c48a45210d1b0b7dedf28f7e50501c /net/netlabel/netlabel_user.c
parent: 0a561e3904a92492fee8e02a9f69276e939fd990 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 0d04d23aafe7..6d6545297ee3 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -98,7 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 			 audit_info->sessionid);
 
 	if (lsmprop_is_set(&audit_info->prop) &&
-	    security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) {
+	    security_lsmprop_to_secctx(&audit_info->prop, &ctx,
+				       LSM_ID_UNDEF) > 0) {
 		audit_log_format(audit_buf, " subj=%s", ctx.context);
 		security_release_secctx(&ctx);
 	}
author	Casey Schaufler <casey@schaufler-ca.com>	2025-08-16 10:28:57 -0700
committer	Paul Moore <paul@paul-moore.com>	2025-08-30 10:15:29 -0400
commit	a59076f2669ec23a122549e1f4114e8d4255b632 (patch)
tree	2e92e79f92c48a45210d1b0b7dedf28f7e50501c /net/netlabel/netlabel_user.c
parent	0a561e3904a92492fee8e02a9f69276e939fd990 (diff)