diff options
-rw-r--r-- | security/safesetid/lsm.c | 26 | ||||
-rw-r--r-- | security/safesetid/securityfs.c | 2 |
2 files changed, 14 insertions, 14 deletions
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index c08e67108a82..8a176b6adbe5 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -116,7 +116,7 @@ static int safesetid_security_capable(const struct cred *cred, * If no policy applies to this task, allow the use of CAP_SETUID for * other purposes. */ - if (setid_policy_lookup((kid_t)cred->uid, INVALID_ID, UID) == SIDPOL_DEFAULT) + if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) return 0; /* * Reject use of CAP_SETUID for functionality other than calling @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, * If no policy applies to this task, allow the use of CAP_SETGID for * other purposes. */ - if (setid_policy_lookup((kid_t)cred->gid, INVALID_ID, GID) == SIDPOL_DEFAULT) + if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) return 0; /* * Reject use of CAP_SETUID for functionality other than calling @@ -174,7 +174,7 @@ static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum set * RUID. */ permitted = - setid_policy_lookup((kid_t)old->uid, new_id, new_type) != SIDPOL_CONSTRAINED; + setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED; if (!permitted) { if (new_type == UID) { @@ -202,13 +202,13 @@ static int safesetid_task_fix_setuid(struct cred *new, { /* Do nothing if there are no setuid restrictions for our old RUID. */ - if (setid_policy_lookup((kid_t)old->uid, INVALID_ID, UID) == SIDPOL_DEFAULT) + if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) return 0; - if (id_permitted_for_cred(old, (kid_t)new->uid, UID) && - id_permitted_for_cred(old, (kid_t)new->euid, UID) && - id_permitted_for_cred(old, (kid_t)new->suid, UID) && - id_permitted_for_cred(old, (kid_t)new->fsuid, UID)) + if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) && + id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) && + id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) && + id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID)) return 0; /* @@ -226,13 +226,13 @@ static int safesetid_task_fix_setgid(struct cred *new, { /* Do nothing if there are no setgid restrictions for our old RGID. */ - if (setid_policy_lookup((kid_t)old->gid, INVALID_ID, GID) == SIDPOL_DEFAULT) + if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) return 0; - if (id_permitted_for_cred(old, (kid_t)new->gid, GID) && - id_permitted_for_cred(old, (kid_t)new->egid, GID) && - id_permitted_for_cred(old, (kid_t)new->sgid, GID) && - id_permitted_for_cred(old, (kid_t)new->fsgid, GID)) + if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) && + id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) && + id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) && + id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID)) return 0; /* diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c index 642139008d42..25310468bcdd 100644 --- a/security/safesetid/securityfs.c +++ b/security/safesetid/securityfs.c @@ -261,7 +261,7 @@ static ssize_t safesetid_gid_file_write(struct file *file, } static ssize_t safesetid_file_read(struct file *file, char __user *buf, - size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct setid_ruleset* ruleset) + size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) { ssize_t res = 0; struct setid_ruleset *pol; |