Re: [PATCH RFC] perf_event: Add support for LSM and SELinux checks
From: James Morris <jmorris@namei.org>
Date: 2019-10-09 22:13:12
Also in:
bpf, lkml, selinux
On Wed, 9 Oct 2019, Joel Fernandes (Google) wrote:
+#ifdef CONFIG_SECURITY + err = security_perf_event_alloc(event); + if (err) + goto err_security; +#endif
You should not need this ifdef.
quoted hunk ↗ jump to hunk
diff --git a/security/security.c b/security/security.c index 1bc000f834e2..7639bca1db59 100644 --- a/security/security.c +++ b/security/security.c@@ -2373,26 +2373,32 @@ int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { return call_int_hook(bpf, 0, cmd, attr, size); } + int security_bpf_map(struct bpf_map *map, fmode_t fmode) { return call_int_hook(bpf_map, 0, map, fmode); } + int security_bpf_prog(struct bpf_prog *prog) { return call_int_hook(bpf_prog, 0, prog); } + int security_bpf_map_alloc(struct bpf_map *map) { return call_int_hook(bpf_map_alloc_security, 0, map); } + int security_bpf_prog_alloc(struct bpf_prog_aux *aux) { return call_int_hook(bpf_prog_alloc_security, 0, aux); } + void security_bpf_map_free(struct bpf_map *map) { call_void_hook(bpf_map_free_security, map); } + void security_bpf_prog_free(struct bpf_prog_aux *aux) { call_void_hook(bpf_prog_free_security, aux);@@ -2404,3 +2410,30 @@ int security_locked_down(enum lockdown_reason what) return call_int_hook(locked_down, 0, what); } EXPORT_SYMBOL(security_locked_down);
Please avoid unrelated whitespace changes. -- James Morris [off-list ref]