diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 15:27:50 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 03:11:34 +0300 |
commit | fe864821d504f33f22b3ce2d5599ae95598db721 (patch) | |
tree | 62a2ec77f67f80f27948108de38e00837302e13c /security | |
parent | d9f02d9c237aa603d781fe5165ebe383c554376d (diff) | |
download | linux-fe864821d504f33f22b3ce2d5599ae95598db721.tar.xz |
apparmor: move bprm_committing_creds/committed_creds to lsm.c
There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/domain.c | 30 | ||||
-rw-r--r-- | security/apparmor/include/domain.h | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 30 |
3 files changed, 30 insertions, 32 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index a0ba33454b8c..2b1524c79fb8 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm) return 0; } -/** - * apparmor_bprm_committing_creds - do task cleanup on committing new creds - * @bprm: binprm for the exec (NOT NULL) - */ -void apparmor_bprm_committing_creds(struct linux_binprm *bprm) -{ - struct aa_profile *profile = __aa_current_profile(); - struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred); - - /* bail out if unconfined or not changing profile */ - if ((new_ctx->profile == profile) || - (unconfined(new_ctx->profile))) - return; - - current->pdeath_signal = 0; - - /* reset soft limits and set hard limits for the new profile */ - __aa_transition_rlimits(profile, new_ctx->profile); -} - -/** - * apparmor_bprm_commited_cred - do cleanup after new creds committed - * @bprm: binprm for the exec (NOT NULL) - */ -void apparmor_bprm_committed_creds(struct linux_binprm *bprm) -{ - /* TODO: cleanup signals - ipc mediation */ - return; -} - /* * Functions for self directed profile change */ diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h index 30544729878a..6587c4abb7e8 100644 --- a/security/apparmor/include/domain.h +++ b/security/apparmor/include/domain.h @@ -25,8 +25,6 @@ struct aa_domain { int apparmor_bprm_set_creds(struct linux_binprm *bprm); int apparmor_bprm_secureexec(struct linux_binprm *bprm); -void apparmor_bprm_committing_creds(struct linux_binprm *bprm); -void apparmor_bprm_committed_creds(struct linux_binprm *bprm); void aa_free_domain_entries(struct aa_domain *domain); int aa_change_hat(const char *hats[], int count, u64 token, bool permtest); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8ab00c98613f..35492008658f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -575,6 +575,36 @@ fail: goto out; } +/** + * apparmor_bprm_committing_creds - do task cleanup on committing new creds + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committing_creds(struct linux_binprm *bprm) +{ + struct aa_profile *profile = __aa_current_profile(); + struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred); + + /* bail out if unconfined or not changing profile */ + if ((new_ctx->profile == profile) || + (unconfined(new_ctx->profile))) + return; + + current->pdeath_signal = 0; + + /* reset soft limits and set hard limits for the new profile */ + __aa_transition_rlimits(profile, new_ctx->profile); +} + +/** + * apparmor_bprm_committed_cred - do cleanup after new creds committed + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) +{ + /* TODO: cleanup signals - ipc mediation */ + return; +} + static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { |