Re: [PATCH 03/10] SELinux: Abstract use of cred security blob

From: Kees Cook
Date: Wed Sep 12 2018 - 19:10:34 EST


On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

Like smack, this seems to be largely:

s/$identifier->security/selinux_cred($identifier)/
s/current_security()/selinux_cred(current_cred())/

Is that right? The one __task_cred() use seemed to be fully contained
under rcu read lock.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

--
Kees Cook
Pixel Security