diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2018-11-12 20:30:56 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2019-01-09 00:18:44 +0300 |
commit | bbd3662a834813730912a58efb44dd6df6d952e6 (patch) | |
tree | f4c0252814e717185845bde03fe88d341d5967b5 /security/apparmor/include | |
parent | 43fc460907dc56a3450654efc6ba1dfbcd4594eb (diff) | |
download | linux-bbd3662a834813730912a58efb44dd6df6d952e6.tar.xz |
Infrastructure management of the cred security blob
Move management of the cred security blob out of the
security modules and into the security infrastructre.
Instead of allocating and freeing space the security
modules tell the infrastructure how much space they
require.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r-- | security/apparmor/include/cred.h | 4 | ||||
-rw-r--r-- | security/apparmor/include/lib.h | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index a757370f2a0c..b9504a05fddc 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h @@ -25,7 +25,7 @@ static inline struct aa_label *cred_label(const struct cred *cred) { - struct aa_label **blob = cred->security; + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; AA_BUG(!blob); return *blob; @@ -34,7 +34,7 @@ static inline struct aa_label *cred_label(const struct cred *cred) static inline void set_cred_label(const struct cred *cred, struct aa_label *label) { - struct aa_label **blob = cred->security; + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; AA_BUG(!blob); *blob = label; diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h index 6505e1ad9e23..bbe9b384d71d 100644 --- a/security/apparmor/include/lib.h +++ b/security/apparmor/include/lib.h @@ -16,6 +16,7 @@ #include <linux/slab.h> #include <linux/fs.h> +#include <linux/lsm_hooks.h> #include "match.h" @@ -55,6 +56,9 @@ const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, size_t *ns_len); void aa_info_message(const char *str); +/* Security blob offsets */ +extern struct lsm_blob_sizes apparmor_blob_sizes; + /** * aa_strneq - compare null terminated @str to a non null terminated substring * @str: a null terminated string |