apparmor: localize getting the security context to a few macros
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Родитель
53fe8b9961
Коммит
214beacaa7
|
@ -93,7 +93,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
|
|||
*/
|
||||
int aa_replace_current_profile(struct aa_profile *profile)
|
||||
{
|
||||
struct aa_task_cxt *cxt = current_cred()->security;
|
||||
struct aa_task_cxt *cxt = current_cxt();
|
||||
struct cred *new;
|
||||
BUG_ON(!profile);
|
||||
|
||||
|
@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
|
|||
if (!new)
|
||||
return -ENOMEM;
|
||||
|
||||
cxt = new->security;
|
||||
cxt = cred_cxt(new);
|
||||
if (unconfined(profile) || (cxt->profile->ns != profile->ns))
|
||||
/* if switching to unconfined or a different profile namespace
|
||||
* clear out context state
|
||||
|
@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
|
|||
if (!new)
|
||||
return -ENOMEM;
|
||||
|
||||
cxt = new->security;
|
||||
cxt = cred_cxt(new);
|
||||
aa_get_profile(profile);
|
||||
aa_put_profile(cxt->onexec);
|
||||
cxt->onexec = profile;
|
||||
|
@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
|
|||
return -ENOMEM;
|
||||
BUG_ON(!profile);
|
||||
|
||||
cxt = new->security;
|
||||
cxt = cred_cxt(new);
|
||||
if (!cxt->previous) {
|
||||
/* transfer refcount */
|
||||
cxt->previous = cxt->profile;
|
||||
|
@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
|
|||
if (!new)
|
||||
return -ENOMEM;
|
||||
|
||||
cxt = new->security;
|
||||
cxt = cred_cxt(new);
|
||||
if (cxt->token != token) {
|
||||
abort_creds(new);
|
||||
return -EACCES;
|
||||
|
|
|
@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
|
|||
if (bprm->cred_prepared)
|
||||
return 0;
|
||||
|
||||
cxt = bprm->cred->security;
|
||||
cxt = cred_cxt(bprm->cred);
|
||||
BUG_ON(!cxt);
|
||||
|
||||
profile = aa_get_profile(aa_newest_version(cxt->profile));
|
||||
|
@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
|
|||
void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
|
||||
{
|
||||
struct aa_profile *profile = __aa_current_profile();
|
||||
struct aa_task_cxt *new_cxt = bprm->cred->security;
|
||||
struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
|
||||
|
||||
/* bail out if unconfined or not changing profile */
|
||||
if ((new_cxt->profile == profile) ||
|
||||
|
@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
|
|||
|
||||
/* released below */
|
||||
cred = get_current_cred();
|
||||
cxt = cred->security;
|
||||
cxt = cred_cxt(cred);
|
||||
profile = aa_cred_profile(cred);
|
||||
previous_profile = cxt->previous;
|
||||
|
||||
|
|
|
@ -21,6 +21,9 @@
|
|||
|
||||
#include "policy.h"
|
||||
|
||||
#define cred_cxt(X) (X)->security
|
||||
#define current_cxt() cred_cxt(current_cred())
|
||||
|
||||
/* struct aa_file_cxt - the AppArmor context the file was opened in
|
||||
* @perms: the permission the file was opened with
|
||||
*
|
||||
|
@ -93,7 +96,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task);
|
|||
*/
|
||||
static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
|
||||
{
|
||||
struct aa_task_cxt *cxt = cred->security;
|
||||
struct aa_task_cxt *cxt = cred_cxt(cred);
|
||||
BUG_ON(!cxt || !cxt->profile);
|
||||
return aa_newest_version(cxt->profile);
|
||||
}
|
||||
|
@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void)
|
|||
*/
|
||||
static inline struct aa_profile *aa_current_profile(void)
|
||||
{
|
||||
const struct aa_task_cxt *cxt = current_cred()->security;
|
||||
const struct aa_task_cxt *cxt = current_cxt();
|
||||
struct aa_profile *profile;
|
||||
BUG_ON(!cxt || !cxt->profile);
|
||||
|
||||
|
|
|
@ -48,8 +48,8 @@ int apparmor_initialized __initdata;
|
|||
*/
|
||||
static void apparmor_cred_free(struct cred *cred)
|
||||
{
|
||||
aa_free_task_context(cred->security);
|
||||
cred->security = NULL;
|
||||
aa_free_task_context(cred_cxt(cred));
|
||||
cred_cxt(cred) = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
|||
if (!cxt)
|
||||
return -ENOMEM;
|
||||
|
||||
cred->security = cxt;
|
||||
cred_cxt(cred) = cxt;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
|
|||
if (!cxt)
|
||||
return -ENOMEM;
|
||||
|
||||
aa_dup_task_context(cxt, old->security);
|
||||
new->security = cxt;
|
||||
aa_dup_task_context(cxt, cred_cxt(old));
|
||||
cred_cxt(new) = cxt;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
|
|||
*/
|
||||
static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
|
||||
{
|
||||
const struct aa_task_cxt *old_cxt = old->security;
|
||||
struct aa_task_cxt *new_cxt = new->security;
|
||||
const struct aa_task_cxt *old_cxt = cred_cxt(old);
|
||||
struct aa_task_cxt *new_cxt = cred_cxt(new);
|
||||
|
||||
aa_dup_task_context(new_cxt, old_cxt);
|
||||
}
|
||||
|
@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
|
|||
int error = -ENOENT;
|
||||
/* released below */
|
||||
const struct cred *cred = get_task_cred(task);
|
||||
struct aa_task_cxt *cxt = cred->security;
|
||||
struct aa_task_cxt *cxt = cred_cxt(cred);
|
||||
|
||||
if (strcmp(name, "current") == 0)
|
||||
error = aa_getprocattr(aa_newest_version(cxt->profile),
|
||||
|
@ -880,7 +880,7 @@ static int __init set_init_cxt(void)
|
|||
return -ENOMEM;
|
||||
|
||||
cxt->profile = aa_get_profile(root_ns->unconfined);
|
||||
cred->security = cxt;
|
||||
cred_cxt(cred) = cxt;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -910,8 +910,8 @@ static int __init apparmor_init(void)
|
|||
error = register_security(&apparmor_ops);
|
||||
if (error) {
|
||||
struct cred *cred = (struct cred *)current->real_cred;
|
||||
aa_free_task_context(cred->security);
|
||||
cred->security = NULL;
|
||||
aa_free_task_context(cred_cxt(cred));
|
||||
cred_cxt(cred) = NULL;
|
||||
AA_ERROR("Unable to register AppArmor\n");
|
||||
goto register_security_out;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче