mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-18 03:44:27 +08:00
apparmor: rename tctx to ctx
now that cred_ctx has been removed we can rename task_ctxs from tctx without causing confusion. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
d9087c49d4
commit
f175221af3
@ -156,8 +156,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
|
||||
*/
|
||||
int aa_set_current_hat(struct aa_label *label, u64 token)
|
||||
{
|
||||
struct aa_task_ctx *tctx = current_task_ctx();
|
||||
struct aa_cred_ctx *ctx;
|
||||
struct aa_task_ctx *ctx = current_task_ctx();
|
||||
struct cred *new;
|
||||
|
||||
new = prepare_creds();
|
||||
@ -165,11 +164,11 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
|
||||
return -ENOMEM;
|
||||
AA_BUG(!label);
|
||||
|
||||
if (!tctx->previous) {
|
||||
if (!ctx->previous) {
|
||||
/* transfer refcount */
|
||||
tctx->previous = cred_label(new);
|
||||
tctx->token = token;
|
||||
} else if (tctx->token == token) {
|
||||
ctx->previous = cred_label(new);
|
||||
ctx->token = token;
|
||||
} else if (ctx->token == token) {
|
||||
aa_put_label(cred_label(new));
|
||||
} else {
|
||||
/* previous_profile && ctx->token != token */
|
||||
@ -179,8 +178,8 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
|
||||
|
||||
cred_label(new) = aa_get_newest_label(label);
|
||||
/* clear exec on switching context */
|
||||
aa_put_label(tctx->onexec);
|
||||
tctx->onexec = NULL;
|
||||
aa_put_label(ctx->onexec);
|
||||
ctx->onexec = NULL;
|
||||
|
||||
commit_creds(new);
|
||||
return 0;
|
||||
@ -197,13 +196,13 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
|
||||
*/
|
||||
int aa_restore_previous_label(u64 token)
|
||||
{
|
||||
struct aa_task_ctx *tctx = current_task_ctx();
|
||||
struct aa_task_ctx *ctx = current_task_ctx();
|
||||
struct cred *new;
|
||||
|
||||
if (tctx->token != token)
|
||||
if (ctx->token != token)
|
||||
return -EACCES;
|
||||
/* ignore restores when there is no saved label */
|
||||
if (!tctx->previous)
|
||||
if (!ctx->previous)
|
||||
return 0;
|
||||
|
||||
new = prepare_creds();
|
||||
@ -211,10 +210,10 @@ int aa_restore_previous_label(u64 token)
|
||||
return -ENOMEM;
|
||||
|
||||
aa_put_label(cred_label(new));
|
||||
cred_label(new) = aa_get_newest_label(tctx->previous);
|
||||
cred_label(new) = aa_get_newest_label(ctx->previous);
|
||||
AA_BUG(!cred_label(new));
|
||||
/* clear exec && prev information when restoring to previous context */
|
||||
aa_clear_task_ctx_trans(tctx);
|
||||
aa_clear_task_ctx_trans(ctx);
|
||||
|
||||
commit_creds(new);
|
||||
|
||||
|
@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
|
||||
*/
|
||||
int apparmor_bprm_set_creds(struct linux_binprm *bprm)
|
||||
{
|
||||
struct aa_task_ctx *tctx;
|
||||
struct aa_task_ctx *ctx;
|
||||
struct aa_label *label, *new = NULL;
|
||||
struct aa_profile *profile;
|
||||
char *buffer = NULL;
|
||||
@ -794,17 +794,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
|
||||
if (bprm->called_set_creds)
|
||||
return 0;
|
||||
|
||||
tctx = current_task_ctx();
|
||||
ctx = current_task_ctx();
|
||||
AA_BUG(!cred_label(bprm->cred));
|
||||
AA_BUG(!tctx);
|
||||
AA_BUG(!ctx);
|
||||
|
||||
label = aa_get_newest_label(cred_label(bprm->cred));
|
||||
|
||||
/* buffer freed below, name is pointer into buffer */
|
||||
get_buffers(buffer);
|
||||
/* Test for onexec first as onexec override other x transitions. */
|
||||
if (tctx->onexec)
|
||||
new = handle_onexec(label, tctx->onexec, tctx->token,
|
||||
if (ctx->onexec)
|
||||
new = handle_onexec(label, ctx->onexec, ctx->token,
|
||||
bprm, buffer, &cond, &unsafe);
|
||||
else
|
||||
new = fn_label_build(label, profile, GFP_ATOMIC,
|
||||
@ -1047,7 +1047,7 @@ build:
|
||||
int aa_change_hat(const char *hats[], int count, u64 token, int flags)
|
||||
{
|
||||
const struct cred *cred;
|
||||
struct aa_task_ctx *tctx;
|
||||
struct aa_task_ctx *ctx;
|
||||
struct aa_label *label, *previous, *new = NULL, *target = NULL;
|
||||
struct aa_profile *profile;
|
||||
struct aa_perms perms = {};
|
||||
@ -1067,9 +1067,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
|
||||
|
||||
/* released below */
|
||||
cred = get_current_cred();
|
||||
tctx = current_task_ctx();
|
||||
ctx = current_task_ctx();
|
||||
label = aa_get_newest_cred_label(cred);
|
||||
previous = aa_get_newest_label(tctx->previous);
|
||||
previous = aa_get_newest_label(ctx->previous);
|
||||
|
||||
if (unconfined(label)) {
|
||||
info = "unconfined can not change_hat";
|
||||
|
@ -582,15 +582,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
|
||||
int error = -ENOENT;
|
||||
/* released below */
|
||||
const struct cred *cred = get_task_cred(task);
|
||||
struct aa_task_ctx *tctx = current_task_ctx();
|
||||
struct aa_task_ctx *ctx = current_task_ctx();
|
||||
struct aa_label *label = NULL;
|
||||
|
||||
if (strcmp(name, "current") == 0)
|
||||
label = aa_get_newest_label(cred_label(cred));
|
||||
else if (strcmp(name, "prev") == 0 && tctx->previous)
|
||||
label = aa_get_newest_label(tctx->previous);
|
||||
else if (strcmp(name, "exec") == 0 && tctx->onexec)
|
||||
label = aa_get_newest_label(tctx->onexec);
|
||||
else if (strcmp(name, "prev") == 0 && ctx->previous)
|
||||
label = aa_get_newest_label(ctx->previous);
|
||||
else if (strcmp(name, "exec") == 0 && ctx->onexec)
|
||||
label = aa_get_newest_label(ctx->onexec);
|
||||
else
|
||||
error = -EINVAL;
|
||||
|
||||
@ -1033,14 +1033,14 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
|
||||
static int __init set_init_ctx(void)
|
||||
{
|
||||
struct cred *cred = (struct cred *)current->real_cred;
|
||||
struct aa_task_ctx *tctx;
|
||||
struct aa_task_ctx *ctx;
|
||||
|
||||
tctx = aa_alloc_task_ctx(GFP_KERNEL);
|
||||
if (!tctx)
|
||||
ctx = aa_alloc_task_ctx(GFP_KERNEL);
|
||||
if (!ctx)
|
||||
return -ENOMEM;
|
||||
|
||||
cred_label(cred) = aa_get_label(ns_unconfined(root_ns));
|
||||
task_ctx(current) = tctx;
|
||||
task_ctx(current) = ctx;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user