summaryrefslogtreecommitdiff
path: root/security/apparmor/domain.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-20 01:59:25 -0800
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 11:30:01 -0800
commit3b529a7600d834f450ac244f43a7c082687284b4 (patch)
tree76cfaede7be88ba9890f4cca4533e6bf69ef360a /security/apparmor/domain.c
parent4d2f8ba3e3b76e34f84ae1de456934713e9e59af (diff)
downloadlinux-next-3b529a7600d834f450ac244f43a7c082687284b4.tar.gz
apparmor: move task domain change info to task security
The task domain change info is task specific and its and abuse of the cred to store the information in there. Now that a task->security field exists store it in the proper place. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r--security/apparmor/domain.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 90967de96be0..b90759a765b5 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -780,6 +780,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{
struct aa_cred_ctx *ctx;
+ struct aa_task_ctx *tctx;
struct aa_label *label, *new = NULL;
struct aa_profile *profile;
char *buffer = NULL;
@@ -795,15 +796,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
return 0;
ctx = cred_ctx(bprm->cred);
+ tctx = current_task_ctx();
AA_BUG(!ctx);
+ AA_BUG(!tctx);
label = aa_get_newest_label(ctx->label);
/* buffer freed below, name is pointer into buffer */
get_buffers(buffer);
/* Test for onexec first as onexec override other x transitions. */
- if (ctx->onexec)
- new = handle_onexec(label, ctx->onexec, ctx->token,
+ if (tctx->onexec)
+ new = handle_onexec(label, tctx->onexec, tctx->token,
bprm, buffer, &cond, &unsafe);
else
new = fn_label_build(label, profile, GFP_ATOMIC,
@@ -858,9 +861,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
ctx->label = new;
done:
- /* clear out temporary/transitional state from the context */
- aa_clear_cred_ctx_trans(ctx);
-
aa_put_label(label);
put_buffers(buffer);
@@ -1050,6 +1050,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{
const struct cred *cred;
struct aa_cred_ctx *ctx;
+ struct aa_task_ctx *tctx;
struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile;
struct aa_perms perms = {};
@@ -1070,8 +1071,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
/* released below */
cred = get_current_cred();
ctx = cred_ctx(cred);
+ tctx = current_task_ctx();
label = aa_get_newest_cred_label(cred);
- previous = aa_get_newest_label(ctx->previous);
+ previous = aa_get_newest_label(tctx->previous);
if (unconfined(label)) {
info = "unconfined can not change_hat";