apparmor: rename tctx to ctx

now that cred_ctx has been removed we can rename task_ctxs from tctx
without causing confusion.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2017-01-27 04:09:40 -08:00
parent d9087c49d4
commit f175221af3
3 changed files with 29 additions and 30 deletions

View File

@ -156,8 +156,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
*/ */
int aa_set_current_hat(struct aa_label *label, u64 token) int aa_set_current_hat(struct aa_label *label, u64 token)
{ {
struct aa_task_ctx *tctx = current_task_ctx(); struct aa_task_ctx *ctx = current_task_ctx();
struct aa_cred_ctx *ctx;
struct cred *new; struct cred *new;
new = prepare_creds(); new = prepare_creds();
@ -165,11 +164,11 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
return -ENOMEM; return -ENOMEM;
AA_BUG(!label); AA_BUG(!label);
if (!tctx->previous) { if (!ctx->previous) {
/* transfer refcount */ /* transfer refcount */
tctx->previous = cred_label(new); ctx->previous = cred_label(new);
tctx->token = token; ctx->token = token;
} else if (tctx->token == token) { } else if (ctx->token == token) {
aa_put_label(cred_label(new)); aa_put_label(cred_label(new));
} else { } else {
/* previous_profile && ctx->token != token */ /* previous_profile && ctx->token != token */
@ -179,8 +178,8 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
cred_label(new) = aa_get_newest_label(label); cred_label(new) = aa_get_newest_label(label);
/* clear exec on switching context */ /* clear exec on switching context */
aa_put_label(tctx->onexec); aa_put_label(ctx->onexec);
tctx->onexec = NULL; ctx->onexec = NULL;
commit_creds(new); commit_creds(new);
return 0; return 0;
@ -197,13 +196,13 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
*/ */
int aa_restore_previous_label(u64 token) int aa_restore_previous_label(u64 token)
{ {
struct aa_task_ctx *tctx = current_task_ctx(); struct aa_task_ctx *ctx = current_task_ctx();
struct cred *new; struct cred *new;
if (tctx->token != token) if (ctx->token != token)
return -EACCES; return -EACCES;
/* ignore restores when there is no saved label */ /* ignore restores when there is no saved label */
if (!tctx->previous) if (!ctx->previous)
return 0; return 0;
new = prepare_creds(); new = prepare_creds();
@ -211,10 +210,10 @@ int aa_restore_previous_label(u64 token)
return -ENOMEM; return -ENOMEM;
aa_put_label(cred_label(new)); aa_put_label(cred_label(new));
cred_label(new) = aa_get_newest_label(tctx->previous); cred_label(new) = aa_get_newest_label(ctx->previous);
AA_BUG(!cred_label(new)); AA_BUG(!cred_label(new));
/* clear exec && prev information when restoring to previous context */ /* clear exec && prev information when restoring to previous context */
aa_clear_task_ctx_trans(tctx); aa_clear_task_ctx_trans(ctx);
commit_creds(new); commit_creds(new);

View File

@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
*/ */
int apparmor_bprm_set_creds(struct linux_binprm *bprm) int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{ {
struct aa_task_ctx *tctx; struct aa_task_ctx *ctx;
struct aa_label *label, *new = NULL; struct aa_label *label, *new = NULL;
struct aa_profile *profile; struct aa_profile *profile;
char *buffer = NULL; char *buffer = NULL;
@ -794,17 +794,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
if (bprm->called_set_creds) if (bprm->called_set_creds)
return 0; return 0;
tctx = current_task_ctx(); ctx = current_task_ctx();
AA_BUG(!cred_label(bprm->cred)); AA_BUG(!cred_label(bprm->cred));
AA_BUG(!tctx); AA_BUG(!ctx);
label = aa_get_newest_label(cred_label(bprm->cred)); label = aa_get_newest_label(cred_label(bprm->cred));
/* buffer freed below, name is pointer into buffer */ /* buffer freed below, name is pointer into buffer */
get_buffers(buffer); get_buffers(buffer);
/* Test for onexec first as onexec override other x transitions. */ /* Test for onexec first as onexec override other x transitions. */
if (tctx->onexec) if (ctx->onexec)
new = handle_onexec(label, tctx->onexec, tctx->token, new = handle_onexec(label, ctx->onexec, ctx->token,
bprm, buffer, &cond, &unsafe); bprm, buffer, &cond, &unsafe);
else else
new = fn_label_build(label, profile, GFP_ATOMIC, new = fn_label_build(label, profile, GFP_ATOMIC,
@ -1047,7 +1047,7 @@ build:
int aa_change_hat(const char *hats[], int count, u64 token, int flags) int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{ {
const struct cred *cred; const struct cred *cred;
struct aa_task_ctx *tctx; struct aa_task_ctx *ctx;
struct aa_label *label, *previous, *new = NULL, *target = NULL; struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile; struct aa_profile *profile;
struct aa_perms perms = {}; struct aa_perms perms = {};
@ -1067,9 +1067,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
/* released below */ /* released below */
cred = get_current_cred(); cred = get_current_cred();
tctx = current_task_ctx(); ctx = current_task_ctx();
label = aa_get_newest_cred_label(cred); label = aa_get_newest_cred_label(cred);
previous = aa_get_newest_label(tctx->previous); previous = aa_get_newest_label(ctx->previous);
if (unconfined(label)) { if (unconfined(label)) {
info = "unconfined can not change_hat"; info = "unconfined can not change_hat";

View File

@ -582,15 +582,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
int error = -ENOENT; int error = -ENOENT;
/* released below */ /* released below */
const struct cred *cred = get_task_cred(task); const struct cred *cred = get_task_cred(task);
struct aa_task_ctx *tctx = current_task_ctx(); struct aa_task_ctx *ctx = current_task_ctx();
struct aa_label *label = NULL; struct aa_label *label = NULL;
if (strcmp(name, "current") == 0) if (strcmp(name, "current") == 0)
label = aa_get_newest_label(cred_label(cred)); label = aa_get_newest_label(cred_label(cred));
else if (strcmp(name, "prev") == 0 && tctx->previous) else if (strcmp(name, "prev") == 0 && ctx->previous)
label = aa_get_newest_label(tctx->previous); label = aa_get_newest_label(ctx->previous);
else if (strcmp(name, "exec") == 0 && tctx->onexec) else if (strcmp(name, "exec") == 0 && ctx->onexec)
label = aa_get_newest_label(tctx->onexec); label = aa_get_newest_label(ctx->onexec);
else else
error = -EINVAL; error = -EINVAL;
@ -1033,14 +1033,14 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
static int __init set_init_ctx(void) static int __init set_init_ctx(void)
{ {
struct cred *cred = (struct cred *)current->real_cred; struct cred *cred = (struct cred *)current->real_cred;
struct aa_task_ctx *tctx; struct aa_task_ctx *ctx;
tctx = aa_alloc_task_ctx(GFP_KERNEL); ctx = aa_alloc_task_ctx(GFP_KERNEL);
if (!tctx) if (!ctx)
return -ENOMEM; return -ENOMEM;
cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); cred_label(cred) = aa_get_label(ns_unconfined(root_ns));
task_ctx(current) = tctx; task_ctx(current) = ctx;
return 0; return 0;
} }