diff options
author | John Johansen <john.johansen@canonical.com> | 2017-01-27 14:53:53 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 22:30:01 +0300 |
commit | d9087c49d4388e3f35f09a5cf7ed6e09c9106604 (patch) | |
tree | cdc1032157a2cb4ceb8c8f5278f7a280acf9d463 /security/apparmor/domain.c | |
parent | 3b529a7600d834f450ac244f43a7c082687284b4 (diff) | |
download | linux-d9087c49d4388e3f35f09a5cf7ed6e09c9106604.tar.xz |
apparmor: drop cred_ctx and reference the label directly
With the task domain change information now stored in the task->security
context, the cred->security context only stores the label. We can get
rid of the cred_ctx and directly reference the label, removing a layer
of indirection, and unneeded extra allocations.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r-- | security/apparmor/domain.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index b90759a765b5..5285938680e0 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -779,7 +779,6 @@ static struct aa_label *handle_onexec(struct aa_label *label, */ int apparmor_bprm_set_creds(struct linux_binprm *bprm) { - struct aa_cred_ctx *ctx; struct aa_task_ctx *tctx; struct aa_label *label, *new = NULL; struct aa_profile *profile; @@ -795,12 +794,11 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - ctx = cred_ctx(bprm->cred); tctx = current_task_ctx(); - AA_BUG(!ctx); + AA_BUG(!cred_label(bprm->cred)); AA_BUG(!tctx); - label = aa_get_newest_label(ctx->label); + label = aa_get_newest_label(cred_label(bprm->cred)); /* buffer freed below, name is pointer into buffer */ get_buffers(buffer); @@ -856,9 +854,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) } bprm->per_clear |= PER_CLEAR_ON_SETID; } - aa_put_label(ctx->label); - /* transfer reference, released when ctx is freed */ - ctx->label = new; + aa_put_label(cred_label(bprm->cred)); + /* transfer reference, released when cred is freed */ + cred_label(bprm->cred) = new; done: aa_put_label(label); @@ -1049,7 +1047,6 @@ build: int aa_change_hat(const char *hats[], int count, u64 token, int flags) { const struct cred *cred; - struct aa_cred_ctx *ctx; struct aa_task_ctx *tctx; struct aa_label *label, *previous, *new = NULL, *target = NULL; struct aa_profile *profile; @@ -1070,7 +1067,6 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags) /* released below */ cred = get_current_cred(); - ctx = cred_ctx(cred); tctx = current_task_ctx(); label = aa_get_newest_cred_label(cred); previous = aa_get_newest_label(tctx->previous); |