summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-27 13:09:40 +0100
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 20:30:01 +0100
commitf175221af35bedf99b201d861a0fe54e19ef36c2 (patch)
treeb5c076029b10b7d3bb1d814ba5c596a7a9e1bed7 /security
parentapparmor: drop cred_ctx and reference the label directly (diff)
downloadlinux-f175221af35bedf99b201d861a0fe54e19ef36c2.tar.xz
linux-f175221af35bedf99b201d861a0fe54e19ef36c2.zip
apparmor: rename tctx to ctx
now that cred_ctx has been removed we can rename task_ctxs from tctx without causing confusion. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/context.c25
-rw-r--r--security/apparmor/domain.c16
-rw-r--r--security/apparmor/lsm.c18
3 files changed, 29 insertions, 30 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 70e4a094add8..d95a3d47cb92 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -156,8 +156,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
*/
int aa_set_current_hat(struct aa_label *label, u64 token)
{
- struct aa_task_ctx *tctx = current_task_ctx();
- struct aa_cred_ctx *ctx;
+ struct aa_task_ctx *ctx = current_task_ctx();
struct cred *new;
new = prepare_creds();
@@ -165,11 +164,11 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
return -ENOMEM;
AA_BUG(!label);
- if (!tctx->previous) {
+ if (!ctx->previous) {
/* transfer refcount */
- tctx->previous = cred_label(new);
- tctx->token = token;
- } else if (tctx->token == token) {
+ ctx->previous = cred_label(new);
+ ctx->token = token;
+ } else if (ctx->token == token) {
aa_put_label(cred_label(new));
} else {
/* previous_profile && ctx->token != token */
@@ -179,8 +178,8 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
cred_label(new) = aa_get_newest_label(label);
/* clear exec on switching context */
- aa_put_label(tctx->onexec);
- tctx->onexec = NULL;
+ aa_put_label(ctx->onexec);
+ ctx->onexec = NULL;
commit_creds(new);
return 0;
@@ -197,13 +196,13 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
*/
int aa_restore_previous_label(u64 token)
{
- struct aa_task_ctx *tctx = current_task_ctx();
+ struct aa_task_ctx *ctx = current_task_ctx();
struct cred *new;
- if (tctx->token != token)
+ if (ctx->token != token)
return -EACCES;
/* ignore restores when there is no saved label */
- if (!tctx->previous)
+ if (!ctx->previous)
return 0;
new = prepare_creds();
@@ -211,10 +210,10 @@ int aa_restore_previous_label(u64 token)
return -ENOMEM;
aa_put_label(cred_label(new));
- cred_label(new) = aa_get_newest_label(tctx->previous);
+ cred_label(new) = aa_get_newest_label(ctx->previous);
AA_BUG(!cred_label(new));
/* clear exec && prev information when restoring to previous context */
- aa_clear_task_ctx_trans(tctx);
+ aa_clear_task_ctx_trans(ctx);
commit_creds(new);
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 5285938680e0..b180e10f2b86 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
*/
int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
struct aa_label *label, *new = NULL;
struct aa_profile *profile;
char *buffer = NULL;
@@ -794,17 +794,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
if (bprm->called_set_creds)
return 0;
- tctx = current_task_ctx();
+ ctx = current_task_ctx();
AA_BUG(!cred_label(bprm->cred));
- AA_BUG(!tctx);
+ AA_BUG(!ctx);
label = aa_get_newest_label(cred_label(bprm->cred));
/* buffer freed below, name is pointer into buffer */
get_buffers(buffer);
/* Test for onexec first as onexec override other x transitions. */
- if (tctx->onexec)
- new = handle_onexec(label, tctx->onexec, tctx->token,
+ if (ctx->onexec)
+ new = handle_onexec(label, ctx->onexec, ctx->token,
bprm, buffer, &cond, &unsafe);
else
new = fn_label_build(label, profile, GFP_ATOMIC,
@@ -1047,7 +1047,7 @@ build:
int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{
const struct cred *cred;
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile;
struct aa_perms perms = {};
@@ -1067,9 +1067,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
/* released below */
cred = get_current_cred();
- tctx = current_task_ctx();
+ ctx = current_task_ctx();
label = aa_get_newest_cred_label(cred);
- previous = aa_get_newest_label(tctx->previous);
+ previous = aa_get_newest_label(ctx->previous);
if (unconfined(label)) {
info = "unconfined can not change_hat";
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 628c6a07df64..fda36f3e3820 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -582,15 +582,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
int error = -ENOENT;
/* released below */
const struct cred *cred = get_task_cred(task);
- struct aa_task_ctx *tctx = current_task_ctx();
+ struct aa_task_ctx *ctx = current_task_ctx();
struct aa_label *label = NULL;
if (strcmp(name, "current") == 0)
label = aa_get_newest_label(cred_label(cred));
- else if (strcmp(name, "prev") == 0 && tctx->previous)
- label = aa_get_newest_label(tctx->previous);
- else if (strcmp(name, "exec") == 0 && tctx->onexec)
- label = aa_get_newest_label(tctx->onexec);
+ else if (strcmp(name, "prev") == 0 && ctx->previous)
+ label = aa_get_newest_label(ctx->previous);
+ else if (strcmp(name, "exec") == 0 && ctx->onexec)
+ label = aa_get_newest_label(ctx->onexec);
else
error = -EINVAL;
@@ -1033,14 +1033,14 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
static int __init set_init_ctx(void)
{
struct cred *cred = (struct cred *)current->real_cred;
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
- tctx = aa_alloc_task_ctx(GFP_KERNEL);
- if (!tctx)
+ ctx = aa_alloc_task_ctx(GFP_KERNEL);
+ if (!ctx)
return -ENOMEM;
cred_label(cred) = aa_get_label(ns_unconfined(root_ns));
- task_ctx(current) = tctx;
+ task_ctx(current) = ctx;
return 0;
}