CHROMIUM: security: introduce kernel_module_from_file hook
Now that kernel module origins can be reasoned about, provide a hook to
the LSMs to make policy decisions about the module file.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: Eric Paris <eparis@redhat.com>
[accepted into Rusty's modules-wip tree for linux-next:
http://git.kernel.org/?p=linux/kernel/git/rusty/linux.git;a=shortlog;h=refs/heads/modules-wip]
BUG=chromium-os:34134
TEST=parrot build, manual testing
Change-Id: I97f5cc0a0f3c1c04e1dc886d6d20f5a6d82326ac
Reviewed-on: https://gerrit.chromium.org/gerrit/34303
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Commit-Ready: Kees Cook <keescook@chromium.org>