Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe864821 authored by John Johansen's avatar John Johansen
Browse files

apparmor: move bprm_committing_creds/committed_creds to lsm.c 



There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent d9f02d9c

security/apparmor/domain.c

+0 −30
Original line number Diff line number Diff line
@@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm) 
	return 0;

}



/**

 * apparmor_bprm_committing_creds - do task cleanup on committing new creds

 * @bprm: binprm for the exec  (NOT NULL)

 */

void apparmor_bprm_committing_creds(struct linux_binprm *bprm)

{

	struct aa_profile *profile = __aa_current_profile();

	struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);



	/* bail out if unconfined or not changing profile */

	if ((new_ctx->profile == profile) ||

	    (unconfined(new_ctx->profile)))

		return;



	current->pdeath_signal = 0;



	/* reset soft limits and set hard limits for the new profile */

	__aa_transition_rlimits(profile, new_ctx->profile);

}



/**

 * apparmor_bprm_commited_cred - do cleanup after new creds committed

 * @bprm: binprm for the exec  (NOT NULL)

 */

void apparmor_bprm_committed_creds(struct linux_binprm *bprm)

{

	/* TODO: cleanup signals - ipc mediation */

	return;

}



/*

 * Functions for self directed profile change

 */

security/apparmor/include/domain.h

+0 −2
Original line number Diff line number Diff line
@@ -25,8 +25,6 @@ struct aa_domain { 


int apparmor_bprm_set_creds(struct linux_binprm *bprm);

int apparmor_bprm_secureexec(struct linux_binprm *bprm);

void apparmor_bprm_committing_creds(struct linux_binprm *bprm);

void apparmor_bprm_committed_creds(struct linux_binprm *bprm);



void aa_free_domain_entries(struct aa_domain *domain);

int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);

security/apparmor/lsm.c

+30 −0
Original line number Diff line number Diff line
@@ -575,6 +575,36 @@ static int apparmor_setprocattr(const char *name, void *value, 
	goto out;

}



/**

 * apparmor_bprm_committing_creds - do task cleanup on committing new creds

 * @bprm: binprm for the exec  (NOT NULL)

 */

static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)

{

	struct aa_profile *profile = __aa_current_profile();

	struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);



	/* bail out if unconfined or not changing profile */

	if ((new_ctx->profile == profile) ||

	    (unconfined(new_ctx->profile)))

		return;



	current->pdeath_signal = 0;



	/* reset soft limits and set hard limits for the new profile */

	__aa_transition_rlimits(profile, new_ctx->profile);

}



/**

 * apparmor_bprm_committed_cred - do cleanup after new creds committed

 * @bprm: binprm for the exec  (NOT NULL)

 */

static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)

{

	/* TODO: cleanup signals - ipc mediation */

	return;

}



static int apparmor_task_setrlimit(struct task_struct *task,

		unsigned int resource, struct rlimit *new_rlim)

{