SELinux: Abstract use of ipc security blobs

Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
2025-06-17 20:25:19 +00:00 · 2018-09-21 17:19:45 -07:00 · 2018-09-21 17:19:45 -07:00 · 7c6538280a
commit 7c6538280a
parent f4ad8f2c40
2 changed files with 22 additions and 9 deletions
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@ -26,6 +26,7 @@
 #include <linux/in.h>
 #include <linux/spinlock.h>
 #include <linux/lsm_hooks.h>
+#include <linux/msg.h>
 #include <net/net_namespace.h>
 #include "flask.h"
 #include "avc.h"
@ -175,4 +176,16 @@ static inline struct inode_security_struct *selinux_inode(
 	return inode->i_security + selinux_blob_sizes.lbs_inode;
 }

+static inline struct msg_security_struct *selinux_msg_msg(
+						const struct msg_msg *msg_msg)
+{
+	return msg_msg->security;
+}
+
+static inline struct ipc_security_struct *selinux_ipc(
+						const struct kern_ipc_perm *ipc)
+{
+	return ipc->security;
+}
+
 #endif /* _SELINUX_OBJSEC_H_ */