apparmor: localize getting the security context to a few macros

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen 2013-02-27 03:43:40 -08:00
parent 53fe8b9961
commit 214beacaa7
4 changed files with 24 additions and 21 deletions

View file

@ -93,7 +93,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
*/
int aa_replace_current_profile(struct aa_profile *profile)
{
struct aa_task_cxt *cxt = current_cred()->security;
struct aa_task_cxt *cxt = current_cxt();
struct cred *new;
BUG_ON(!profile);
@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
if (!new)
return -ENOMEM;
cxt = new->security;
cxt = cred_cxt(new);
if (unconfined(profile) || (cxt->profile->ns != profile->ns))
/* if switching to unconfined or a different profile namespace
* clear out context state
@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
if (!new)
return -ENOMEM;
cxt = new->security;
cxt = cred_cxt(new);
aa_get_profile(profile);
aa_put_profile(cxt->onexec);
cxt->onexec = profile;
@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
return -ENOMEM;
BUG_ON(!profile);
cxt = new->security;
cxt = cred_cxt(new);
if (!cxt->previous) {
/* transfer refcount */
cxt->previous = cxt->profile;
@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
if (!new)
return -ENOMEM;
cxt = new->security;
cxt = cred_cxt(new);
if (cxt->token != token) {
abort_creds(new);
return -EACCES;

View file

@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
if (bprm->cred_prepared)
return 0;
cxt = bprm->cred->security;
cxt = cred_cxt(bprm->cred);
BUG_ON(!cxt);
profile = aa_get_profile(aa_newest_version(cxt->profile));
@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
{
struct aa_profile *profile = __aa_current_profile();
struct aa_task_cxt *new_cxt = bprm->cred->security;
struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
/* bail out if unconfined or not changing profile */
if ((new_cxt->profile == profile) ||
@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
/* released below */
cred = get_current_cred();
cxt = cred->security;
cxt = cred_cxt(cred);
profile = aa_cred_profile(cred);
previous_profile = cxt->previous;

View file

@ -21,6 +21,9 @@
#include "policy.h"
#define cred_cxt(X) (X)->security
#define current_cxt() cred_cxt(current_cred())
/* struct aa_file_cxt - the AppArmor context the file was opened in
* @perms: the permission the file was opened with
*
@ -93,7 +96,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task);
*/
static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
{
struct aa_task_cxt *cxt = cred->security;
struct aa_task_cxt *cxt = cred_cxt(cred);
BUG_ON(!cxt || !cxt->profile);
return aa_newest_version(cxt->profile);
}
@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void)
*/
static inline struct aa_profile *aa_current_profile(void)
{
const struct aa_task_cxt *cxt = current_cred()->security;
const struct aa_task_cxt *cxt = current_cxt();
struct aa_profile *profile;
BUG_ON(!cxt || !cxt->profile);

View file

@ -48,8 +48,8 @@ int apparmor_initialized __initdata;
*/
static void apparmor_cred_free(struct cred *cred)
{
aa_free_task_context(cred->security);
cred->security = NULL;
aa_free_task_context(cred_cxt(cred));
cred_cxt(cred) = NULL;
}
/*
@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
if (!cxt)
return -ENOMEM;
cred->security = cxt;
cred_cxt(cred) = cxt;
return 0;
}
@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
if (!cxt)
return -ENOMEM;
aa_dup_task_context(cxt, old->security);
new->security = cxt;
aa_dup_task_context(cxt, cred_cxt(old));
cred_cxt(new) = cxt;
return 0;
}
@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
*/
static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
{
const struct aa_task_cxt *old_cxt = old->security;
struct aa_task_cxt *new_cxt = new->security;
const struct aa_task_cxt *old_cxt = cred_cxt(old);
struct aa_task_cxt *new_cxt = cred_cxt(new);
aa_dup_task_context(new_cxt, old_cxt);
}
@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
int error = -ENOENT;
/* released below */
const struct cred *cred = get_task_cred(task);
struct aa_task_cxt *cxt = cred->security;
struct aa_task_cxt *cxt = cred_cxt(cred);
if (strcmp(name, "current") == 0)
error = aa_getprocattr(aa_newest_version(cxt->profile),
@ -880,7 +880,7 @@ static int __init set_init_cxt(void)
return -ENOMEM;
cxt->profile = aa_get_profile(root_ns->unconfined);
cred->security = cxt;
cred_cxt(cred) = cxt;
return 0;
}
@ -910,8 +910,8 @@ static int __init apparmor_init(void)
error = register_security(&apparmor_ops);
if (error) {
struct cred *cred = (struct cred *)current->real_cred;
aa_free_task_context(cred->security);
cred->security = NULL;
aa_free_task_context(cred_cxt(cred));
cred_cxt(cred) = NULL;
AA_ERROR("Unable to register AppArmor\n");
goto register_security_out;
}