apparmor: move task related defines and fns to task.X files

#

obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o

apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \

apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \

              path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \

              resource.o secid.o file.o policy_ns.o label.o mount.o

apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o

	if (bprm->called_set_creds)

		return 0;

	ctx = current_task_ctx();

	ctx = task_ctx(current);

	AA_BUG(!cred_label(bprm->cred));

	AA_BUG(!ctx);

	/* released below */

	cred = get_current_cred();

	ctx = current_task_ctx();

	ctx = task_ctx(current);

	label = aa_get_newest_cred_label(cred);

	previous = aa_get_newest_label(ctx->previous);

#include "label.h"

#include "policy_ns.h"

#include "task.h"

#define task_ctx(X) ((X)->security)

#define current_task_ctx() (task_ctx(current))

#define cred_label(X) ((X)->security)

/*

 * struct aa_task_ctx - information for current task label change

 * @onexec: profile to transition to on next exec  (MAY BE NULL)

 * @previous: profile the task may return to     (MAY BE NULL)

 * @token: magic value the task must know for returning to @previous_profile

 */

struct aa_task_ctx {

	struct aa_label *onexec;

	struct aa_label *previous;

	u64 token;

};

struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags);

void aa_free_task_ctx(struct aa_task_ctx *ctx);

void aa_dup_task_ctx(struct aa_task_ctx *new, const struct aa_task_ctx *old);

int aa_replace_current_label(struct aa_label *label);

int aa_set_current_onexec(struct aa_label *label, bool stack);

int aa_set_current_hat(struct aa_label *label, u64 token);

int aa_restore_previous_label(u64 cookie);

struct aa_label *aa_get_task_label(struct task_struct *task);

/**

 * aa_cred_raw_label - obtain cred's label

	return ns;

}

/**

 * aa_clear_task_ctx_trans - clear transition tracking info from the ctx

 * @ctx: task context to clear (NOT NULL)

 */

static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)

{

	AA_BUG(!ctx);

	aa_put_label(ctx->previous);

	aa_put_label(ctx->onexec);

	ctx->previous = NULL;

	ctx->onexec = NULL;

	ctx->token = 0;

}

#endif /* __AA_CONTEXT_H */

/*

 * AppArmor security module

 *

 * This file contains AppArmor task related definitions and mediation

 *

 * Copyright 2017 Canonical Ltd.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation, version 2 of the

 * License.

 */

#ifndef __AA_TASK_H

#define __AA_TASK_H

#define task_ctx(X) ((X)->security)

/*

 * struct aa_task_ctx - information for current task label change

 * @onexec: profile to transition to on next exec  (MAY BE NULL)

 * @previous: profile the task may return to     (MAY BE NULL)

 * @token: magic value the task must know for returning to @previous_profile

 */

struct aa_task_ctx {

	struct aa_label *onexec;

	struct aa_label *previous;

	u64 token;

};

int aa_replace_current_label(struct aa_label *label);

int aa_set_current_onexec(struct aa_label *label, bool stack);

int aa_set_current_hat(struct aa_label *label, u64 token);

int aa_restore_previous_label(u64 cookie);

struct aa_label *aa_get_task_label(struct task_struct *task);

/**

 * aa_alloc_task_ctx - allocate a new task_ctx

 * @flags: gfp flags for allocation

 *

 * Returns: allocated buffer or NULL on failure

 */

static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags)

{

	return kzalloc(sizeof(struct aa_task_ctx), flags);

}

/**

 * aa_free_task_ctx - free a task_ctx

 * @ctx: task_ctx to free (MAYBE NULL)

 */

static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)

{

	if (ctx) {

		aa_put_label(ctx->previous);

		aa_put_label(ctx->onexec);

		kzfree(ctx);

	}

}

/**

 * aa_dup_task_ctx - duplicate a task context, incrementing reference counts

 * @new: a blank task context      (NOT NULL)

 * @old: the task context to copy  (NOT NULL)

 */

static inline void aa_dup_task_ctx(struct aa_task_ctx *new,

				   const struct aa_task_ctx *old)

{

	*new = *old;

	aa_get_label(new->previous);

	aa_get_label(new->onexec);

}

/**

 * aa_clear_task_ctx_trans - clear transition tracking info from the ctx

 * @ctx: task context to clear (NOT NULL)

 */

static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)

{

	AA_BUG(!ctx);

	aa_put_label(ctx->previous);

	aa_put_label(ctx->onexec);

	ctx->previous = NULL;

	ctx->onexec = NULL;

	ctx->token = 0;

}

#endif /* __AA_TASK_H */

	if (!new)

		return -ENOMEM;

	aa_dup_task_ctx(new, current_task_ctx());

	aa_dup_task_ctx(new, task_ctx(current));

	task_ctx(task) = new;

	return 0;

	int error = -ENOENT;

	/* released below */

	const struct cred *cred = get_task_cred(task);

	struct aa_task_ctx *ctx = current_task_ctx();

	struct aa_task_ctx *ctx = task_ctx(current);

	struct aa_label *label = NULL;

	if (strcmp(name, "current") == 0)

static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)

{

	/* clear out temporary/transitional state from the context */

	aa_clear_task_ctx_trans(current_task_ctx());

	aa_clear_task_ctx_trans(task_ctx(current));

	return;

}