apparmor: localize getting the security context to a few macros (214beaca) · Commits · e / devices / android_kernel_fairphone_FP4

security/apparmor/context.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -93,7 +93,7 @@ struct aa_profile aa_get_task_profile(struct task_struct task)
		*/
		int aa_replace_current_profile(struct aa_profile *profile)
		{
		struct aa_task_cxt *cxt = current_cred()->security;
		struct aa_task_cxt *cxt = current_cxt();
		struct cred *new;
		BUG_ON(!profile);

		@@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
		if (!new)
		return -ENOMEM;

		cxt = new->security;
		cxt = cred_cxt(new);
		if (unconfined(profile) \|\| (cxt->profile->ns != profile->ns))
		/* if switching to unconfined or a different profile namespace
		* clear out context state
		@@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
		if (!new)
		return -ENOMEM;

		cxt = new->security;
		cxt = cred_cxt(new);
		aa_get_profile(profile);
		aa_put_profile(cxt->onexec);
		cxt->onexec = profile;
		@@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
		return -ENOMEM;
		BUG_ON(!profile);

		cxt = new->security;
		cxt = cred_cxt(new);
		if (!cxt->previous) {
		/* transfer refcount */
		cxt->previous = cxt->profile;
		@@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
		if (!new)
		return -ENOMEM;

		cxt = new->security;
		cxt = cred_cxt(new);
		if (cxt->token != token) {
		abort_creds(new);
		return -EACCES;

security/apparmor/domain.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
		if (bprm->cred_prepared)
		return 0;

		cxt = bprm->cred->security;
		cxt = cred_cxt(bprm->cred);
		BUG_ON(!cxt);

		profile = aa_get_profile(aa_newest_version(cxt->profile));
		@@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
		void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
		{
		struct aa_profile *profile = __aa_current_profile();
		struct aa_task_cxt *new_cxt = bprm->cred->security;
		struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);

		/* bail out if unconfined or not changing profile */
		if ((new_cxt->profile == profile) \|\|
		@@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)

		/* released below */
		cred = get_current_cred();
		cxt = cred->security;
		cxt = cred_cxt(cred);
		profile = aa_cred_profile(cred);
		previous_profile = cxt->previous;

security/apparmor/include/context.h

+5 −2

Original line number	Diff line number	Diff line
		@@ -21,6 +21,9 @@

		#include "policy.h"

		#define cred_cxt(X) (X)->security
		#define current_cxt() cred_cxt(current_cred())

		/* struct aa_file_cxt - the AppArmor context the file was opened in
		* @perms: the permission the file was opened with
		*
		@@ -93,7 +96,7 @@ struct aa_profile aa_get_task_profile(struct task_struct task);
		*/
		static inline struct aa_profile aa_cred_profile(const struct cred cred)
		{
		struct aa_task_cxt *cxt = cred->security;
		struct aa_task_cxt *cxt = cred_cxt(cred);
		BUG_ON(!cxt \|\| !cxt->profile);
		return aa_newest_version(cxt->profile);
		}
		@@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void)
		*/
		static inline struct aa_profile *aa_current_profile(void)
		{
		const struct aa_task_cxt *cxt = current_cred()->security;
		const struct aa_task_cxt *cxt = current_cxt();
		struct aa_profile *profile;
		BUG_ON(!cxt \|\| !cxt->profile);

security/apparmor/lsm.c

+11 −11

Original line number	Diff line number	Diff line
		@@ -48,8 +48,8 @@ int apparmor_initialized __initdata;
		*/
		static void apparmor_cred_free(struct cred *cred)
		{
		aa_free_task_context(cred->security);
		cred->security = NULL;
		aa_free_task_context(cred_cxt(cred));
		cred_cxt(cred) = NULL;
		}

		/*
		@@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
		if (!cxt)
		return -ENOMEM;

		cred->security = cxt;
		cred_cxt(cred) = cxt;
		return 0;
		}

		@@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred new, const struct cred old,
		if (!cxt)
		return -ENOMEM;

		aa_dup_task_context(cxt, old->security);
		new->security = cxt;
		aa_dup_task_context(cxt, cred_cxt(old));
		cred_cxt(new) = cxt;
		return 0;
		}

		@@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred new, const struct cred old,
		*/
		static void apparmor_cred_transfer(struct cred new, const struct cred old)
		{
		const struct aa_task_cxt *old_cxt = old->security;
		struct aa_task_cxt *new_cxt = new->security;
		const struct aa_task_cxt *old_cxt = cred_cxt(old);
		struct aa_task_cxt *new_cxt = cred_cxt(new);

		aa_dup_task_context(new_cxt, old_cxt);
		}
		@@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct task, char name,
		int error = -ENOENT;
		/* released below */
		const struct cred *cred = get_task_cred(task);
		struct aa_task_cxt *cxt = cred->security;
		struct aa_task_cxt *cxt = cred_cxt(cred);

		if (strcmp(name, "current") == 0)
		error = aa_getprocattr(aa_newest_version(cxt->profile),
		@@ -880,7 +880,7 @@ static int __init set_init_cxt(void)
		return -ENOMEM;

		cxt->profile = aa_get_profile(root_ns->unconfined);
		cred->security = cxt;
		cred_cxt(cred) = cxt;

		return 0;
		}
		@@ -910,8 +910,8 @@ static int __init apparmor_init(void)
		error = register_security(&apparmor_ops);
		if (error) {
		struct cred cred = (struct cred )current->real_cred;
		aa_free_task_context(cred->security);
		cred->security = NULL;
		aa_free_task_context(cred_cxt(cred));
		cred_cxt(cred) = NULL;
		AA_ERROR("Unable to register AppArmor\n");
		goto register_security_out;
		}