diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/context.c | 25 | ||||
-rw-r--r-- | security/apparmor/domain.c | 16 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 18 |
3 files changed, 29 insertions, 30 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c index 70e4a094add8..d95a3d47cb92 100644 --- a/security/apparmor/context.c +++ b/security/apparmor/context.c @@ -156,8 +156,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack) */ int aa_set_current_hat(struct aa_label *label, u64 token) { - struct aa_task_ctx *tctx = current_task_ctx(); - struct aa_cred_ctx *ctx; + struct aa_task_ctx *ctx = current_task_ctx(); struct cred *new; new = prepare_creds(); @@ -165,11 +164,11 @@ int aa_set_current_hat(struct aa_label *label, u64 token) return -ENOMEM; AA_BUG(!label); - if (!tctx->previous) { + if (!ctx->previous) { /* transfer refcount */ - tctx->previous = cred_label(new); - tctx->token = token; - } else if (tctx->token == token) { + ctx->previous = cred_label(new); + ctx->token = token; + } else if (ctx->token == token) { aa_put_label(cred_label(new)); } else { /* previous_profile && ctx->token != token */ @@ -179,8 +178,8 @@ int aa_set_current_hat(struct aa_label *label, u64 token) cred_label(new) = aa_get_newest_label(label); /* clear exec on switching context */ - aa_put_label(tctx->onexec); - tctx->onexec = NULL; + aa_put_label(ctx->onexec); + ctx->onexec = NULL; commit_creds(new); return 0; @@ -197,13 +196,13 @@ int aa_set_current_hat(struct aa_label *label, u64 token) */ int aa_restore_previous_label(u64 token) { - struct aa_task_ctx *tctx = current_task_ctx(); + struct aa_task_ctx *ctx = current_task_ctx(); struct cred *new; - if (tctx->token != token) + if (ctx->token != token) return -EACCES; /* ignore restores when there is no saved label */ - if (!tctx->previous) + if (!ctx->previous) return 0; new = prepare_creds(); @@ -211,10 +210,10 @@ int aa_restore_previous_label(u64 token) return -ENOMEM; aa_put_label(cred_label(new)); - cred_label(new) = aa_get_newest_label(tctx->previous); + cred_label(new) = aa_get_newest_label(ctx->previous); AA_BUG(!cred_label(new)); /* clear exec && prev information when restoring to previous context */ - aa_clear_task_ctx_trans(tctx); + aa_clear_task_ctx_trans(ctx); commit_creds(new); diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 5285938680e0..b180e10f2b86 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label, */ int apparmor_bprm_set_creds(struct linux_binprm *bprm) { - struct aa_task_ctx *tctx; + struct aa_task_ctx *ctx; struct aa_label *label, *new = NULL; struct aa_profile *profile; char *buffer = NULL; @@ -794,17 +794,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - tctx = current_task_ctx(); + ctx = current_task_ctx(); AA_BUG(!cred_label(bprm->cred)); - AA_BUG(!tctx); + AA_BUG(!ctx); label = aa_get_newest_label(cred_label(bprm->cred)); /* buffer freed below, name is pointer into buffer */ get_buffers(buffer); /* Test for onexec first as onexec override other x transitions. */ - if (tctx->onexec) - new = handle_onexec(label, tctx->onexec, tctx->token, + if (ctx->onexec) + new = handle_onexec(label, ctx->onexec, ctx->token, bprm, buffer, &cond, &unsafe); else new = fn_label_build(label, profile, GFP_ATOMIC, @@ -1047,7 +1047,7 @@ build: int aa_change_hat(const char *hats[], int count, u64 token, int flags) { const struct cred *cred; - struct aa_task_ctx *tctx; + struct aa_task_ctx *ctx; struct aa_label *label, *previous, *new = NULL, *target = NULL; struct aa_profile *profile; struct aa_perms perms = {}; @@ -1067,9 +1067,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags) /* released below */ cred = get_current_cred(); - tctx = current_task_ctx(); + ctx = current_task_ctx(); label = aa_get_newest_cred_label(cred); - previous = aa_get_newest_label(tctx->previous); + previous = aa_get_newest_label(ctx->previous); if (unconfined(label)) { info = "unconfined can not change_hat"; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 628c6a07df64..fda36f3e3820 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -582,15 +582,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, int error = -ENOENT; /* released below */ const struct cred *cred = get_task_cred(task); - struct aa_task_ctx *tctx = current_task_ctx(); + struct aa_task_ctx *ctx = current_task_ctx(); struct aa_label *label = NULL; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); - else if (strcmp(name, "prev") == 0 && tctx->previous) - label = aa_get_newest_label(tctx->previous); - else if (strcmp(name, "exec") == 0 && tctx->onexec) - label = aa_get_newest_label(tctx->onexec); + else if (strcmp(name, "prev") == 0 && ctx->previous) + label = aa_get_newest_label(ctx->previous); + else if (strcmp(name, "exec") == 0 && ctx->onexec) + label = aa_get_newest_label(ctx->onexec); else error = -EINVAL; @@ -1033,14 +1033,14 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) static int __init set_init_ctx(void) { struct cred *cred = (struct cred *)current->real_cred; - struct aa_task_ctx *tctx; + struct aa_task_ctx *ctx; - tctx = aa_alloc_task_ctx(GFP_KERNEL); - if (!tctx) + ctx = aa_alloc_task_ctx(GFP_KERNEL); + if (!ctx) return -ENOMEM; cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); - task_ctx(current) = tctx; + task_ctx(current) = ctx; return 0; } |