Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / d9087c49d4388e3f35f09a5cf7ed6e09c9106604^! / . / security / apparmor / domain.c
commitd9087c49d4388e3f35f09a5cf7ed6e09c9106604[log] [tgz]
authorJohn Johansen <john.johansen@canonical.com>Fri Jan 27 03:53:53 2017 -0800
committerJohn Johansen <john.johansen@canonical.com>Fri Feb 09 11:30:01 2018 -0800
treecdc1032157a2cb4ceb8c8f5278f7a280acf9d463
parent3b529a7600d834f450ac244f43a7c082687284b4 [diff] [blame]
apparmor: drop cred_ctx and reference the label directly

With the task domain change information now stored in the task->security
context, the cred->security context only stores the label. We can get
rid of the cred_ctx and directly reference the label, removing a layer
of indirection, and unneeded extra allocations.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index b90759a..5285938 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c

@@ -779,7 +779,6 @@ static struct aa_label *handle_onexec(struct aa_label *label,
  */
 int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 {
-	struct aa_cred_ctx *ctx;
 	struct aa_task_ctx *tctx;
 	struct aa_label *label, *new = NULL;
 	struct aa_profile *profile;
@@ -795,12 +794,11 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 	if (bprm->called_set_creds)
 		return 0;
 
-	ctx = cred_ctx(bprm->cred);
 	tctx = current_task_ctx();
-	AA_BUG(!ctx);
+	AA_BUG(!cred_label(bprm->cred));
 	AA_BUG(!tctx);
 
-	label = aa_get_newest_label(ctx->label);
+	label = aa_get_newest_label(cred_label(bprm->cred));
 
 	/* buffer freed below, name is pointer into buffer */
 	get_buffers(buffer);
@@ -856,9 +854,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 		}
 		bprm->per_clear |= PER_CLEAR_ON_SETID;
 	}
-	aa_put_label(ctx->label);
-	/* transfer reference, released when ctx is freed */
-	ctx->label = new;
+	aa_put_label(cred_label(bprm->cred));
+	/* transfer reference, released when cred is freed */
+	cred_label(bprm->cred) = new;
 
 done:
 	aa_put_label(label);
@@ -1049,7 +1047,6 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
 int aa_change_hat(const char *hats[], int count, u64 token, int flags)
 {
 	const struct cred *cred;
-	struct aa_cred_ctx *ctx;
 	struct aa_task_ctx *tctx;
 	struct aa_label *label, *previous, *new = NULL, *target = NULL;
 	struct aa_profile *profile;
@@ -1070,7 +1067,6 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
 
 	/* released below */
 	cred = get_current_cred();
-	ctx = cred_ctx(cred);
 	tctx = current_task_ctx();
 	label = aa_get_newest_cred_label(cred);
 	previous = aa_get_newest_label(tctx->previous);