Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1cfb2a51 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

LSM: Make lsm_early_cred() and lsm_early_task() local functions.



Since current->cred == current->real_cred when ordered_lsm_init()
is called, and lsm_early_cred()/lsm_early_task() need to be called
between the amount of required bytes is determined and module specific
initialization function is called, we can move these calls from
individual modules to ordered_lsm_init().

Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent c1a85a00
Loading
Loading
Loading
Loading
+0 −5
Original line number Diff line number Diff line
@@ -2112,9 +2112,4 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,

extern int lsm_inode_alloc(struct inode *inode);

#ifdef CONFIG_SECURITY
void __init lsm_early_cred(struct cred *cred);
void __init lsm_early_task(struct task_struct *task);
#endif

#endif /* ! __LINUX_LSM_HOOKS_H */
+0 −2
Original line number Diff line number Diff line
@@ -1484,8 +1484,6 @@ static int __init set_init_ctx(void)
{
	struct cred *cred = (struct cred *)current->real_cred;

	lsm_early_cred(cred);
	lsm_early_task(current);
	set_cred_label(cred, aa_get_label(ns_unconfined(root_ns)));

	return 0;
+11 −16
Original line number Diff line number Diff line
@@ -278,6 +278,9 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
	kfree(sep);
}

static void __init lsm_early_cred(struct cred *cred);
static void __init lsm_early_task(struct task_struct *task);

static void __init ordered_lsm_init(void)
{
	struct lsm_info **lsm;
@@ -312,6 +315,8 @@ static void __init ordered_lsm_init(void)
						    blob_sizes.lbs_inode, 0,
						    SLAB_PANIC, NULL);

	lsm_early_cred((struct cred *) current->cred);
	lsm_early_task(current);
	for (lsm = ordered_lsms; *lsm; lsm++)
		initialize_lsm(*lsm);

@@ -465,17 +470,12 @@ static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
 * lsm_early_cred - during initialization allocate a composite cred blob
 * @cred: the cred that needs a blob
 *
 * Allocate the cred blob for all the modules if it's not already there
 * Allocate the cred blob for all the modules
 */
void __init lsm_early_cred(struct cred *cred)
static void __init lsm_early_cred(struct cred *cred)
{
	int rc;
	int rc = lsm_cred_alloc(cred, GFP_KERNEL);

	if (cred == NULL)
		panic("%s: NULL cred.\n", __func__);
	if (cred->security != NULL)
		return;
	rc = lsm_cred_alloc(cred, GFP_KERNEL);
	if (rc)
		panic("%s: Early cred alloc failed.\n", __func__);
}
@@ -589,17 +589,12 @@ int lsm_msg_msg_alloc(struct msg_msg *mp)
 * lsm_early_task - during initialization allocate a composite task blob
 * @task: the task that needs a blob
 *
 * Allocate the task blob for all the modules if it's not already there
 * Allocate the task blob for all the modules
 */
void __init lsm_early_task(struct task_struct *task)
static void __init lsm_early_task(struct task_struct *task)
{
	int rc;
	int rc = lsm_task_alloc(task);

	if (task == NULL)
		panic("%s: task cred.\n", __func__);
	if (task->security != NULL)
		return;
	rc = lsm_task_alloc(task);
	if (rc)
		panic("%s: Early task alloc failed.\n", __func__);
}
+0 −1
Original line number Diff line number Diff line
@@ -207,7 +207,6 @@ static void cred_init_security(void)
	struct cred *cred = (struct cred *) current->real_cred;
	struct task_security_struct *tsec;

	lsm_early_cred(cred);
	tsec = selinux_cred(cred);
	tsec->osid = tsec->sid = SECINITSID_KERNEL;
}
+0 −2
Original line number Diff line number Diff line
@@ -4671,8 +4671,6 @@ static __init int smack_init(void)
	if (!smack_inode_cache)
		return -ENOMEM;

	lsm_early_cred(cred);

	/*
	 * Set the security state for the initial task.
	 */
Loading