summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2023-02-16 17:22:36 -0500
committerPaul Moore <paul@paul-moore.com>2023-03-06 13:41:07 -0500
commit452b670c7222c7bf11b45b13f5a736f96d0be1e3 (patch)
tree75282652c8dbd056e4c23730d7d4af27c93b1a3d
parent55e853201a9e0383c9f6d5d800155e334685cd7e (diff)
lsm: move the perf hook comments to security/security.c
This patch relocates the LSM hook function comments to the function definitions, in keeping with the current kernel conventions. This should make the hook descriptions more easily discoverable and easier to maintain. While formatting changes have been done to better fit the kernel-doc style, content changes have been kept to a minimum and limited to text which was obviously incorrect and/or outdated. It is expected the future patches will improve the quality of the function header comments. Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--include/linux/lsm_hooks.h17
-rw-r--r--security/security.c39
2 files changed, 39 insertions, 17 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 601d1ecdae0f..3d8d430e271a 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -196,23 +196,6 @@
* @what: kernel feature being accessed.
* Return 0 if permission is granted.
*
- * Security hooks for perf events
- *
- * @perf_event_open:
- * Check whether the @type of perf_event_open syscall is allowed.
- * Return 0 if permission is granted.
- * @perf_event_alloc:
- * Allocate and save perf_event security info.
- * Return 0 on success, error on failure.
- * @perf_event_free:
- * Release (free) perf_event security info.
- * @perf_event_read:
- * Read perf_event security info if allowed.
- * Return 0 if permission is granted.
- * @perf_event_write:
- * Write perf_event security info if allowed.
- * Return 0 if permission is granted.
- *
* Security hooks for io_uring
*
* @uring_override_creds:
diff --git a/security/security.c b/security/security.c
index 4037af6b5196..47506ae1b187 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4927,26 +4927,65 @@ int security_locked_down(enum lockdown_reason what)
EXPORT_SYMBOL(security_locked_down);
#ifdef CONFIG_PERF_EVENTS
+/**
+ * security_perf_event_open() - Check if a perf event open is allowed
+ * @attr: perf event attribute
+ * @type: type of event
+ *
+ * Check whether the @type of perf_event_open syscall is allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_open(struct perf_event_attr *attr, int type)
{
return call_int_hook(perf_event_open, 0, attr, type);
}
+/**
+ * security_perf_event_alloc() - Allocate a perf event LSM blob
+ * @event: perf event
+ *
+ * Allocate and save perf_event security info.
+ *
+ * Return: Returns 0 on success, error on failure.
+ */
int security_perf_event_alloc(struct perf_event *event)
{
return call_int_hook(perf_event_alloc, 0, event);
}
+/**
+ * security_perf_event_free() - Free a perf event LSM blob
+ * @event: perf event
+ *
+ * Release (free) perf_event security info.
+ */
void security_perf_event_free(struct perf_event *event)
{
call_void_hook(perf_event_free, event);
}
+/**
+ * security_perf_event_read() - Check if reading a perf event label is allowed
+ * @event: perf event
+ *
+ * Read perf_event security info if allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_read(struct perf_event *event)
{
return call_int_hook(perf_event_read, 0, event);
}
+/**
+ * security_perf_event_write() - Check if writing a perf event label is allowed
+ * @event: perf event
+ *
+ * Write perf_event security info if allowed.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
int security_perf_event_write(struct perf_event *event)
{
return call_int_hook(perf_event_write, 0, event);