20 20 #endif 21 21 22 22 static Lsmtype lsmtype; 23 - static int (*get_label)(pid_t, char **) = NULL; 24 23 25 24 static int apparmor_get_label(pid_t pid, char **profile_name) 26 25 { 109 108 void kerndat_lsm(void) 110 109 { 111 110 if (access(AA_SECURITYFS_PATH, F_OK) == 0) { 112 - get_label = apparmor_get_label; 113 111 lsmtype = LSMTYPE__APPARMOR; 114 112 return; 115 113 } 121 119 * well. 122 120 */ 123 121 if (access("/sys/fs/selinux", F_OK) == 0) { 124 - get_label = selinux_get_label; 125 122 lsmtype = LSMTYPE__SELINUX; 126 123 return; 127 124 } 128 125 #endif 129 126 130 - get_label = NULL; 131 127 lsmtype = LSMTYPE__NO_LSM; 132 128 } 133 129 138 134 139 135 int collect_lsm_profile(pid_t pid, CredsEntry *ce) 140 136 { 137 + int ret; 138 + 141 139 ce->lsm_profile = NULL; 142 140 143 - if (lsmtype == LSMTYPE__NO_LSM) 144 - return 0; 145 - 146 - if (get_label(pid, &ce->lsm_profile) < 0) 147 - return -1; 141 + switch (lsmtype) { 142 + case LSMTYPE__NO_LSM: 143 + ret = 0; 144 + break; 145 + case LSMTYPE__APPARMOR: 146 + ret = apparmor_get_label(pid, &ce->lsm_profile); 147 + break; 148 + #ifdef CONFIG_HAS_SELINUX 149 + case LSMTYPE__SELINUX: 150 + ret = selinux_get_label(pid, &ce->lsm_profile); 151 + break; 152 + #endif 153 + default: 154 + BUG(); 155 + ret = -1; 156 + break; 157 + } 148 158 149 159 if (ce->lsm_profile) 150 160 pr_info("%d has lsm profile %s\n", pid, ce->lsm_profile); 151 161 152 - return 0 ; 162 + return ret ; 153 163 } 154 164 155 165 // in inventory.c
Pavel Emelyanov
committed
with
Andrei Vagin
7 years ago
1 parent 09c131c8