path: root/net
diff options
authorPaul Moore <>2021-09-29 11:01:21 -0400
committerPaul Moore <>2021-11-22 17:52:47 -0500
commit6326948f940dc3f77066d5cdc44ba6afe67830c0 (patch)
tree13976c9bfaedfc1105ac27a1efaf9c752d3949ee /net
parentfa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf (diff)
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only safe when the current task is referenced. Fix this by removing the task_struct argument to the hook, requiring LSM implementations to use the current task. While we are changing the hook declaration we also rename the function to security_current_getsecid_subj() in an effort to reinforce that the hook captures the subjective credentials of the current task and not an arbitrary task on the system. Reviewed-by: Serge Hallyn <> Reviewed-by: Casey Schaufler <> Signed-off-by: Paul Moore <>
Diffstat (limited to 'net')
2 files changed, 2 insertions, 2 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 566ba4397ee4..8490e46359ae 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1537,7 +1537,7 @@ int __init netlbl_unlabel_defconf(void)
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_task_getsecid_subj(current, &audit_info.secid);
+ security_current_getsecid_subj(&audit_info.secid);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 6190cbf94bf0..d6c5b31eb4eb 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,7 +32,7 @@
static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
- security_task_getsecid_subj(current, &audit_info->secid);
+ security_current_getsecid_subj(&audit_info->secid);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);