1 // SPDX-License-Identifier: GPL-2.0-only
3 * Landlock LSM - Credential hooks
5 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
6 * Copyright © 2018-2020 ANSSI
9 #include <linux/cred.h>
10 #include <linux/lsm_hooks.h>
17 static int hook_cred_prepare(struct cred
*const new,
18 const struct cred
*const old
, const gfp_t gfp
)
20 struct landlock_ruleset
*const old_dom
= landlock_cred(old
)->domain
;
23 landlock_get_ruleset(old_dom
);
24 landlock_cred(new)->domain
= old_dom
;
29 static void hook_cred_free(struct cred
*const cred
)
31 struct landlock_ruleset
*const dom
= landlock_cred(cred
)->domain
;
34 landlock_put_ruleset_deferred(dom
);
37 static struct security_hook_list landlock_hooks
[] __lsm_ro_after_init
= {
38 LSM_HOOK_INIT(cred_prepare
, hook_cred_prepare
),
39 LSM_HOOK_INIT(cred_free
, hook_cred_free
),
42 __init
void landlock_add_cred_hooks(void)
44 security_add_hooks(landlock_hooks
, ARRAY_SIZE(landlock_hooks
),