Re: [PATCH v20 07/23] LSM: Use lsmblob in security_secid_to_secctx

Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Reviewed-by: Kees Cook <keescook(a)chromium.org&gt; Reviewed-by: John Johansen <john.johansen(a)canonical.com&gt; Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov&gt; Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 8 ++----- kernel/audit.c | 20 +++++++++++++++-- kernel/auditsc.c | 28 +++++++++++++++++++---- net/ipv4/ip_sockglue.c | 5 +---- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 117 insertions(+), 37 deletions(-)