apparmor: rename task_ctx to the more accurate cred_ctx

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/context.c

@@ -13,11 +13,11 @@
  * License.
  *
  *
- * AppArmor sets confinement on every task, via the the aa_task_ctx and
- * the aa_task_ctx.label, both of which are required and are not allowed
- * to be NULL.  The aa_task_ctx is not reference counted and is unique
+ * AppArmor sets confinement on every task, via the the aa_cred_ctx and
+ * the aa_cred_ctx.label, both of which are required and are not allowed
+ * to be NULL.  The aa_cred_ctx is not reference counted and is unique
  * to each cred (which is reference count).  The label pointed to by
- * the task_ctx is reference counted.
+ * the cred_ctx is reference counted.
  *
  * TODO
  * If a task uses change_hat it currently does not return to the old
@@ -30,21 +30,21 @@
 #include "include/policy.h"
 
 /**
- * aa_alloc_task_context - allocate a new task_ctx
+ * aa_alloc_cred_ctx - allocate a new cred_ctx
  * @flags: gfp flags for allocation
  *
  * Returns: allocated buffer or NULL on failure
  */
-struct aa_task_ctx *aa_alloc_task_context(gfp_t flags)
+struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags)
 {
-	return kzalloc(sizeof(struct aa_task_ctx), flags);
+	return kzalloc(sizeof(struct aa_cred_ctx), flags);
 }
 
 /**
- * aa_free_task_context - free a task_ctx
- * @ctx: task_ctx to free (MAYBE NULL)
+ * aa_free_cred_ctx - free a cred_ctx
+ * @ctx: cred_ctx to free (MAYBE NULL)
  */
-void aa_free_task_context(struct aa_task_ctx *ctx)
+void aa_free_cred_ctx(struct aa_cred_ctx *ctx)
 {
 	if (ctx) {
 		aa_put_label(ctx->label);
@@ -56,11 +56,11 @@ void aa_free_task_context(struct aa_task_ctx *ctx)
 }
 
 /**
- * aa_dup_task_context - duplicate a task context, incrementing reference counts
+ * aa_dup_cred_ctx - duplicate a task context, incrementing reference counts
  * @new: a blank task context      (NOT NULL)
  * @old: the task context to copy  (NOT NULL)
  */
-void aa_dup_task_context(struct aa_task_ctx *new, const struct aa_task_ctx *old)
+void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old)
 {
 	*new = *old;
 	aa_get_label(new->label);
@@ -93,7 +93,7 @@ struct aa_label *aa_get_task_label(struct task_struct *task)
  */
 int aa_replace_current_label(struct aa_label *label)
 {
-	struct aa_task_ctx *ctx = current_ctx();
+	struct aa_cred_ctx *ctx = current_cred_ctx();
 	struct cred *new;
 	AA_BUG(!label);
 
@@ -112,7 +112,7 @@ int aa_replace_current_label(struct aa_label *label)
 		/* if switching to unconfined or a different label namespace
 		 * clear out context state
 		 */
-		aa_clear_task_ctx_trans(ctx);
+		aa_clear_cred_ctx_trans(ctx);
 
 	/*
 	 * be careful switching ctx->profile, when racing replacement it
@@ -136,14 +136,14 @@ int aa_replace_current_label(struct aa_label *label)
  */
 int aa_set_current_onexec(struct aa_label *label, bool stack)
 {
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 	struct cred *new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
 
 	ctx = cred_ctx(new);
 	aa_get_label(label);
-	aa_clear_task_ctx_trans(ctx);
+	aa_clear_cred_ctx_trans(ctx);
 	ctx->onexec = label;
 	ctx->token = stack;
 
@@ -163,7 +163,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
  */
 int aa_set_current_hat(struct aa_label *label, u64 token)
 {
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 	struct cred *new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
@@ -201,7 +201,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
  */
 int aa_restore_previous_label(u64 token)
 {
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 	struct cred *new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
@@ -221,7 +221,7 @@ int aa_restore_previous_label(u64 token)
 	ctx->label = aa_get_newest_label(ctx->previous);
 	AA_BUG(!ctx->label);
 	/* clear exec && prev information when restoring to previous context */
-	aa_clear_task_ctx_trans(ctx);
+	aa_clear_cred_ctx_trans(ctx);
 
 	commit_creds(new);
 	return 0;

security/apparmor/domain.c

@@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
  */
 int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 {
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 	struct aa_label *label, *new = NULL;
 	struct aa_profile *profile;
 	char *buffer = NULL;
@@ -859,7 +859,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 
 done:
 	/* clear out temporary/transitional state from the context */
-	aa_clear_task_ctx_trans(ctx);
+	aa_clear_cred_ctx_trans(ctx);
 
 	aa_put_label(label);
 	put_buffers(buffer);
@@ -1049,7 +1049,7 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
 int aa_change_hat(const char *hats[], int count, u64 token, int flags)
 {
 	const struct cred *cred;
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 	struct aa_label *label, *previous, *new = NULL, *target = NULL;
 	struct aa_profile *profile;
 	struct aa_perms perms = {};

security/apparmor/include/context.h

@@ -23,10 +23,10 @@
 #include "policy_ns.h"
 
 #define cred_ctx(X) ((X)->security)
-#define current_ctx() cred_ctx(current_cred())
+#define current_cred_ctx() cred_ctx(current_cred())
 
 /**
- * struct aa_task_ctx - primary label for confined tasks
+ * struct aa_cred_ctx - primary label for confined tasks
  * @label: the current label   (NOT NULL)
  * @exec: label to transition to on next exec  (MAYBE NULL)
  * @previous: label the task may return to     (MAYBE NULL)
@@ -37,17 +37,16 @@
  *
  * TODO: make so a task can be confined by a stack of contexts
  */
-struct aa_task_ctx {
+struct aa_cred_ctx {
 	struct aa_label *label;
 	struct aa_label *onexec;
 	struct aa_label *previous;
 	u64 token;
 };
 
-struct aa_task_ctx *aa_alloc_task_context(gfp_t flags);
-void aa_free_task_context(struct aa_task_ctx *ctx);
-void aa_dup_task_context(struct aa_task_ctx *new,
-			 const struct aa_task_ctx *old);
+struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags);
+void aa_free_cred_ctx(struct aa_cred_ctx *ctx);
+void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old);
 int aa_replace_current_label(struct aa_label *label);
 int aa_set_current_onexec(struct aa_label *label, bool stack);
 int aa_set_current_hat(struct aa_label *label, u64 token);
@@ -65,7 +64,7 @@ struct aa_label *aa_get_task_label(struct task_struct *task);
  */
 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
 {
-	struct aa_task_ctx *ctx = cred_ctx(cred);
+	struct aa_cred_ctx *ctx = cred_ctx(cred);
 
 	AA_BUG(!ctx || !ctx->label);
 	return ctx->label;
@@ -214,10 +213,10 @@ static inline struct aa_ns *aa_get_current_ns(void)
 }
 
 /**
- * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
+ * aa_clear_cred_ctx_trans - clear transition tracking info from the ctx
  * @ctx: task context to clear (NOT NULL)
  */
-static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
+static inline void aa_clear_cred_ctx_trans(struct aa_cred_ctx *ctx)
 {
 	aa_put_label(ctx->previous);
 	aa_put_label(ctx->onexec);

security/apparmor/lsm.c

@@ -51,11 +51,11 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers);
  */
 
 /*
- * free the associated aa_task_ctx and put its labels
+ * free the associated aa_cred_ctx and put its labels
  */
 static void apparmor_cred_free(struct cred *cred)
 {
-	aa_free_task_context(cred_ctx(cred));
+	aa_free_cred_ctx(cred_ctx(cred));
 	cred_ctx(cred) = NULL;
 }
 
@@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cred *cred)
 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
 	/* freed by apparmor_cred_free */
-	struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+	struct aa_cred_ctx *ctx = aa_alloc_cred_ctx(gfp);
 
 	if (!ctx)
 		return -ENOMEM;
@@ -75,18 +75,18 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 }
 
 /*
- * prepare new aa_task_ctx for modification by prepare_cred block
+ * prepare new aa_cred_ctx for modification by prepare_cred block
  */
 static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
 				 gfp_t gfp)
 {
 	/* freed by apparmor_cred_free */
-	struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+	struct aa_cred_ctx *ctx = aa_alloc_cred_ctx(gfp);
 
 	if (!ctx)
 		return -ENOMEM;
 
-	aa_dup_task_context(ctx, cred_ctx(old));
+	aa_dup_cred_ctx(ctx, cred_ctx(old));
 	cred_ctx(new) = ctx;
 	return 0;
 }
@@ -96,10 +96,10 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
  */
 static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
 {
-	const struct aa_task_ctx *old_ctx = cred_ctx(old);
-	struct aa_task_ctx *new_ctx = cred_ctx(new);
+	const struct aa_cred_ctx *old_ctx = cred_ctx(old);
+	struct aa_cred_ctx *new_ctx = cred_ctx(new);
 
-	aa_dup_task_context(new_ctx, old_ctx);
+	aa_dup_cred_ctx(new_ctx, old_ctx);
 }
 
 static int apparmor_ptrace_access_check(struct task_struct *child,
@@ -577,7 +577,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 	int error = -ENOENT;
 	/* released below */
 	const struct cred *cred = get_task_cred(task);
-	struct aa_task_ctx *ctx = cred_ctx(cred);
+	struct aa_cred_ctx *ctx = cred_ctx(cred);
 	struct aa_label *label = NULL;
 
 	if (strcmp(name, "current") == 0)
@@ -678,7 +678,7 @@ static int apparmor_setprocattr(const char *name, void *value,
 static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 {
 	struct aa_label *label = aa_current_raw_label();
-	struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
+	struct aa_cred_ctx *new_ctx = cred_ctx(bprm->cred);
 
 	/* bail out if unconfined or not changing profile */
 	if ((new_ctx->label->proxy == label->proxy) ||
@@ -1024,9 +1024,9 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
 static int __init set_init_ctx(void)
 {
 	struct cred *cred = (struct cred *)current->real_cred;
-	struct aa_task_ctx *ctx;
+	struct aa_cred_ctx *ctx;
 
-	ctx = aa_alloc_task_context(GFP_KERNEL);
+	ctx = aa_alloc_cred_ctx(GFP_KERNEL);
 	if (!ctx)
 		return -ENOMEM;
 

security/apparmor/policy.c

@@ -845,7 +845,7 @@ static struct aa_profile *update_to_newest_parent(struct aa_profile *new)
  * @udata: serialized data stream  (NOT NULL)
  *
  * unpack and replace a profile on the profile list and uses of that profile
- * by any aa_task_ctx.  If the profile does not exist on the profile list
+ * by any aa_cred_ctx.  If the profile does not exist on the profile list
  * it is added.
  *
  * Returns: size of data consumed else error code on failure.