Commit 214beaca authored by John Johansen's avatar John Johansen

apparmor: localize getting the security context to a few macros

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent 53fe8b99
...@@ -93,7 +93,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task) ...@@ -93,7 +93,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
*/ */
int aa_replace_current_profile(struct aa_profile *profile) int aa_replace_current_profile(struct aa_profile *profile)
{ {
struct aa_task_cxt *cxt = current_cred()->security; struct aa_task_cxt *cxt = current_cxt();
struct cred *new; struct cred *new;
BUG_ON(!profile); BUG_ON(!profile);
...@@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile) ...@@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
if (!new) if (!new)
return -ENOMEM; return -ENOMEM;
cxt = new->security; cxt = cred_cxt(new);
if (unconfined(profile) || (cxt->profile->ns != profile->ns)) if (unconfined(profile) || (cxt->profile->ns != profile->ns))
/* if switching to unconfined or a different profile namespace /* if switching to unconfined or a different profile namespace
* clear out context state * clear out context state
...@@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile) ...@@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
if (!new) if (!new)
return -ENOMEM; return -ENOMEM;
cxt = new->security; cxt = cred_cxt(new);
aa_get_profile(profile); aa_get_profile(profile);
aa_put_profile(cxt->onexec); aa_put_profile(cxt->onexec);
cxt->onexec = profile; cxt->onexec = profile;
...@@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token) ...@@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
return -ENOMEM; return -ENOMEM;
BUG_ON(!profile); BUG_ON(!profile);
cxt = new->security; cxt = cred_cxt(new);
if (!cxt->previous) { if (!cxt->previous) {
/* transfer refcount */ /* transfer refcount */
cxt->previous = cxt->profile; cxt->previous = cxt->profile;
...@@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token) ...@@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
if (!new) if (!new)
return -ENOMEM; return -ENOMEM;
cxt = new->security; cxt = cred_cxt(new);
if (cxt->token != token) { if (cxt->token != token) {
abort_creds(new); abort_creds(new);
return -EACCES; return -EACCES;
......
...@@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) ...@@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
if (bprm->cred_prepared) if (bprm->cred_prepared)
return 0; return 0;
cxt = bprm->cred->security; cxt = cred_cxt(bprm->cred);
BUG_ON(!cxt); BUG_ON(!cxt);
profile = aa_get_profile(aa_newest_version(cxt->profile)); profile = aa_get_profile(aa_newest_version(cxt->profile));
...@@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm) ...@@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
void apparmor_bprm_committing_creds(struct linux_binprm *bprm) void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
{ {
struct aa_profile *profile = __aa_current_profile(); struct aa_profile *profile = __aa_current_profile();
struct aa_task_cxt *new_cxt = bprm->cred->security; struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
/* bail out if unconfined or not changing profile */ /* bail out if unconfined or not changing profile */
if ((new_cxt->profile == profile) || if ((new_cxt->profile == profile) ||
...@@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) ...@@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
/* released below */ /* released below */
cred = get_current_cred(); cred = get_current_cred();
cxt = cred->security; cxt = cred_cxt(cred);
profile = aa_cred_profile(cred); profile = aa_cred_profile(cred);
previous_profile = cxt->previous; previous_profile = cxt->previous;
......
...@@ -21,6 +21,9 @@ ...@@ -21,6 +21,9 @@
#include "policy.h" #include "policy.h"
#define cred_cxt(X) (X)->security
#define current_cxt() cred_cxt(current_cred())
/* struct aa_file_cxt - the AppArmor context the file was opened in /* struct aa_file_cxt - the AppArmor context the file was opened in
* @perms: the permission the file was opened with * @perms: the permission the file was opened with
* *
...@@ -93,7 +96,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task); ...@@ -93,7 +96,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task);
*/ */
static inline struct aa_profile *aa_cred_profile(const struct cred *cred) static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
{ {
struct aa_task_cxt *cxt = cred->security; struct aa_task_cxt *cxt = cred_cxt(cred);
BUG_ON(!cxt || !cxt->profile); BUG_ON(!cxt || !cxt->profile);
return aa_newest_version(cxt->profile); return aa_newest_version(cxt->profile);
} }
...@@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void) ...@@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void)
*/ */
static inline struct aa_profile *aa_current_profile(void) static inline struct aa_profile *aa_current_profile(void)
{ {
const struct aa_task_cxt *cxt = current_cred()->security; const struct aa_task_cxt *cxt = current_cxt();
struct aa_profile *profile; struct aa_profile *profile;
BUG_ON(!cxt || !cxt->profile); BUG_ON(!cxt || !cxt->profile);
......
...@@ -48,8 +48,8 @@ int apparmor_initialized __initdata; ...@@ -48,8 +48,8 @@ int apparmor_initialized __initdata;
*/ */
static void apparmor_cred_free(struct cred *cred) static void apparmor_cred_free(struct cred *cred)
{ {
aa_free_task_context(cred->security); aa_free_task_context(cred_cxt(cred));
cred->security = NULL; cred_cxt(cred) = NULL;
} }
/* /*
...@@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) ...@@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
if (!cxt) if (!cxt)
return -ENOMEM; return -ENOMEM;
cred->security = cxt; cred_cxt(cred) = cxt;
return 0; return 0;
} }
...@@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old, ...@@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
if (!cxt) if (!cxt)
return -ENOMEM; return -ENOMEM;
aa_dup_task_context(cxt, old->security); aa_dup_task_context(cxt, cred_cxt(old));
new->security = cxt; cred_cxt(new) = cxt;
return 0; return 0;
} }
...@@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old, ...@@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
*/ */
static void apparmor_cred_transfer(struct cred *new, const struct cred *old) static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
{ {
const struct aa_task_cxt *old_cxt = old->security; const struct aa_task_cxt *old_cxt = cred_cxt(old);
struct aa_task_cxt *new_cxt = new->security; struct aa_task_cxt *new_cxt = cred_cxt(new);
aa_dup_task_context(new_cxt, old_cxt); aa_dup_task_context(new_cxt, old_cxt);
} }
...@@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, ...@@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
int error = -ENOENT; int error = -ENOENT;
/* released below */ /* released below */
const struct cred *cred = get_task_cred(task); const struct cred *cred = get_task_cred(task);
struct aa_task_cxt *cxt = cred->security; struct aa_task_cxt *cxt = cred_cxt(cred);
if (strcmp(name, "current") == 0) if (strcmp(name, "current") == 0)
error = aa_getprocattr(aa_newest_version(cxt->profile), error = aa_getprocattr(aa_newest_version(cxt->profile),
...@@ -880,7 +880,7 @@ static int __init set_init_cxt(void) ...@@ -880,7 +880,7 @@ static int __init set_init_cxt(void)
return -ENOMEM; return -ENOMEM;
cxt->profile = aa_get_profile(root_ns->unconfined); cxt->profile = aa_get_profile(root_ns->unconfined);
cred->security = cxt; cred_cxt(cred) = cxt;
return 0; return 0;
} }
...@@ -910,8 +910,8 @@ static int __init apparmor_init(void) ...@@ -910,8 +910,8 @@ static int __init apparmor_init(void)
error = register_security(&apparmor_ops); error = register_security(&apparmor_ops);
if (error) { if (error) {
struct cred *cred = (struct cred *)current->real_cred; struct cred *cred = (struct cred *)current->real_cred;
aa_free_task_context(cred->security); aa_free_task_context(cred_cxt(cred));
cred->security = NULL; cred_cxt(cred) = NULL;
AA_ERROR("Unable to register AppArmor\n"); AA_ERROR("Unable to register AppArmor\n");
goto register_security_out; goto register_security_out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment