diff options
author | John Johansen <john.johansen@canonical.com> | 2017-01-20 01:59:25 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 11:30:01 -0800 |
commit | 3b529a7600d834f450ac244f43a7c082687284b4 (patch) | |
tree | 76cfaede7be88ba9890f4cca4533e6bf69ef360a /security/apparmor/include | |
parent | 4d2f8ba3e3b76e34f84ae1de456934713e9e59af (diff) |
apparmor: move task domain change info to task security
The task domain change info is task specific and its and abuse of
the cred to store the information in there. Now that a task->security
field exists store it in the proper place.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r-- | security/apparmor/include/context.h | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h index 0622fcf2a695..c3b51d88275b 100644 --- a/security/apparmor/include/context.h +++ b/security/apparmor/include/context.h @@ -25,20 +25,24 @@ #define cred_ctx(X) ((X)->security) #define current_cred_ctx() cred_ctx(current_cred()) +#define task_ctx(X) ((X)->security) +#define current_task_ctx() (task_ctx(current)) + /** * struct aa_cred_ctx - primary label for confined tasks * @label: the current label (NOT NULL) - * @exec: label to transition to on next exec (MAYBE NULL) - * @previous: label the task may return to (MAYBE NULL) - * @token: magic value the task must know for returning to @previous - * - * Contains the task's current label (which could change due to - * change_hat). Plus the hat_magic needed during change_hat. - * - * TODO: make so a task can be confined by a stack of contexts */ struct aa_cred_ctx { struct aa_label *label; +}; + +/** + * struct aa_task_ctx - information for current task label change + * @onexec: profile to transition to on next exec (MAY BE NULL) + * @previous: profile the task may return to (MAY BE NULL) + * @token: magic value the task must know for returning to @previous_profile + */ +struct aa_task_ctx { struct aa_label *onexec; struct aa_label *previous; u64 token; @@ -47,6 +51,11 @@ struct aa_cred_ctx { struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags); void aa_free_cred_ctx(struct aa_cred_ctx *ctx); void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old); + +struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags); +void aa_free_task_ctx(struct aa_task_ctx *ctx); +void aa_dup_task_ctx(struct aa_task_ctx *new, const struct aa_task_ctx *old); + int aa_replace_current_label(struct aa_label *label); int aa_set_current_onexec(struct aa_label *label, bool stack); int aa_set_current_hat(struct aa_label *label, u64 token); @@ -213,11 +222,13 @@ static inline struct aa_ns *aa_get_current_ns(void) } /** - * aa_clear_cred_ctx_trans - clear transition tracking info from the ctx + * aa_clear_task_ctx_trans - clear transition tracking info from the ctx * @ctx: task context to clear (NOT NULL) */ -static inline void aa_clear_cred_ctx_trans(struct aa_cred_ctx *ctx) +static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx) { + AA_BUG(!ctx); + aa_put_label(ctx->previous); aa_put_label(ctx->onexec); ctx->previous = NULL; |