On Wed, Jan 18, 2017 at 11:07:19AM -0800, Casey Schaufler wrote:
> -int security_getprocattr(struct task_struct *p, char *name, char **value)
> +int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
> + char **value)
> {
> - return call_int_hook(getprocattr, -EINVAL, p, name, value);
> + struct security_hook_list *hp;
> + int rc = -EINVAL;
This is dead write.
> + list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
> + if (lsm != NULL && strcmp(lsm, hp->lsm))
> + continue;
> + rc = hp->hook.getprocattr(p, name, value);
> + if (rc != -ENOENT)
> + return rc;
> + }
> + return -EINVAL; <-------+
|
> -int security_setprocattr(struct task_|struct *p, char *name, void *value,
> size_t size)
> +int security_setprocattr(struct task_|struct *p, const char *lsm, char *name,
> + void *va|lue, size_t size)
> { |
> - return call_int_hook(setprocattr|, -EINVAL, p, name, value, size);
> + struct security_hook_list *hp; |
> + int rc = -EINVAL; |
|
This one is not. |
|
> + |
> + list_for_each_entry(hp, &securit|y_hook_heads.setprocattr, list) {
> + if (lsm != NULL && strcm|p(lsm, hp->lsm))
> + continue; |
> + rc = hp->hook.setprocatt|r(p, name, value, size);
> + if (rc != -ENOENT) |
> + break; |
> + } |
> + return rc; <-------+
