On 1/18/2017 3:52 PM, Alexey Dobriyan wrote:
> On Wed, Jan 18, 2017 at 11:07:19AM -0800, Casey Schaufler wrote:
>
>> -int security_getprocattr(struct task_struct *p, char *name, char **value)
>> +int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
>> + char **value)
>> {
>> - return call_int_hook(getprocattr, -EINVAL, p, name, value);
>> + struct security_hook_list *hp;
>> + int rc = -EINVAL;
> This is dead write.
So it is. I will fix and repost after testing.
>
>> + list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
>> + if (lsm != NULL && strcmp(lsm, hp->lsm))
>> + continue;
>> + rc = hp->hook.getprocattr(p, name, value);
>> + if (rc != -ENOENT)
>> + return rc;
>> + }
>> + return -EINVAL; <-------+
> |
>> -int security_setprocattr(struct task_|struct *p, char *name, void *value,
>> size_t size)
>> +int security_setprocattr(struct task_|struct *p, const char *lsm, char
>> *name,
>> + void *va|lue, size_t size)
>> { |
>> - return call_int_hook(setprocattr|, -EINVAL, p, name, value, size);
>> + struct security_hook_list *hp; |
>> + int rc = -EINVAL; |
> |
> This one is not. |
> |
>> + |
>> + list_for_each_entry(hp, &securit|y_hook_heads.setprocattr, list) {
>> + if (lsm != NULL && strcm|p(lsm, hp->lsm))
>> + continue; |
>> + rc = hp->hook.setprocatt|r(p, name, value, size);
>> + if (rc != -ENOENT) |
>> + break; |
>> + } |
>> + return rc; <-------+
