apparmor: localize getting the security context to a few macros Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>

commit: 214beacaa7b669473bc963af719fa359a8312ea4 [log] [tgz]
author: John Johansen <john.johansen@canonical.com> Wed Feb 27 03:43:40 2013 -0800
committer: John Johansen <john.johansen@canonical.com> Sun Apr 28 00:39:35 2013 -0700
tree: e847f9c082c579f711a53f35442710af753aaf7f
parent: 53fe8b9961716033571d9799005bfdbbafa5162c [diff]
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 3f911af..d5af1d1 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c

@@ -93,7 +93,7 @@
  */
 int aa_replace_current_profile(struct aa_profile *profile)
 {
-	struct aa_task_cxt *cxt = current_cred()->security;
+	struct aa_task_cxt *cxt = current_cxt();
 	struct cred *new;
 	BUG_ON(!profile);
 
@@ -104,7 +104,7 @@
 	if (!new)
 		return -ENOMEM;
 
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (unconfined(profile) || (cxt->profile->ns != profile->ns))
 		/* if switching to unconfined or a different profile namespace
 		 * clear out context state
@@ -136,7 +136,7 @@
 	if (!new)
 		return -ENOMEM;
 
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	aa_get_profile(profile);
 	aa_put_profile(cxt->onexec);
 	cxt->onexec = profile;
@@ -163,7 +163,7 @@
 		return -ENOMEM;
 	BUG_ON(!profile);
 
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (!cxt->previous) {
 		/* transfer refcount */
 		cxt->previous = cxt->profile;
@@ -200,7 +200,7 @@
 	if (!new)
 		return -ENOMEM;
 
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (cxt->token != token) {
 		abort_creds(new);
 		return -EACCES;

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 07fcb09..01b7bd6 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c

@@ -356,7 +356,7 @@
 	if (bprm->cred_prepared)
 		return 0;
 
-	cxt = bprm->cred->security;
+	cxt = cred_cxt(bprm->cred);
 	BUG_ON(!cxt);
 
 	profile = aa_get_profile(aa_newest_version(cxt->profile));
@@ -551,7 +551,7 @@
 void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 {
 	struct aa_profile *profile = __aa_current_profile();
-	struct aa_task_cxt *new_cxt = bprm->cred->security;
+	struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
 
 	/* bail out if unconfined or not changing profile */
 	if ((new_cxt->profile == profile) ||
@@ -628,7 +628,7 @@
 
 	/* released below */
 	cred = get_current_cred();
-	cxt = cred->security;
+	cxt = cred_cxt(cred);
 	profile = aa_cred_profile(cred);
 	previous_profile = cxt->previous;
 

diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 4cecad3..d44ba58 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h

@@ -21,6 +21,9 @@
 
 #include "policy.h"
 
+#define cred_cxt(X) (X)->security
+#define current_cxt() cred_cxt(current_cred())
+
 /* struct aa_file_cxt - the AppArmor context the file was opened in
  * @perms: the permission the file was opened with
  *
@@ -93,7 +96,7 @@
  */
 static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
 {
-	struct aa_task_cxt *cxt = cred->security;
+	struct aa_task_cxt *cxt = cred_cxt(cred);
 	BUG_ON(!cxt || !cxt->profile);
 	return aa_newest_version(cxt->profile);
 }
@@ -145,7 +148,7 @@
  */
 static inline struct aa_profile *aa_current_profile(void)
 {
-	const struct aa_task_cxt *cxt = current_cred()->security;
+	const struct aa_task_cxt *cxt = current_cxt();
 	struct aa_profile *profile;
 	BUG_ON(!cxt || !cxt->profile);
 

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 10843aa..2027fdf 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c

@@ -48,8 +48,8 @@
  */
 static void apparmor_cred_free(struct cred *cred)
 {
-	aa_free_task_context(cred->security);
-	cred->security = NULL;
+	aa_free_task_context(cred_cxt(cred));
+	cred_cxt(cred) = NULL;
 }
 
 /*
@@ -62,7 +62,7 @@
 	if (!cxt)
 		return -ENOMEM;
 
-	cred->security = cxt;
+	cred_cxt(cred) = cxt;
 	return 0;
 }
 
@@ -77,8 +77,8 @@
 	if (!cxt)
 		return -ENOMEM;
 
-	aa_dup_task_context(cxt, old->security);
-	new->security = cxt;
+	aa_dup_task_context(cxt, cred_cxt(old));
+	cred_cxt(new) = cxt;
 	return 0;
 }
 
@@ -87,8 +87,8 @@
  */
 static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
 {
-	const struct aa_task_cxt *old_cxt = old->security;
-	struct aa_task_cxt *new_cxt = new->security;
+	const struct aa_task_cxt *old_cxt = cred_cxt(old);
+	struct aa_task_cxt *new_cxt = cred_cxt(new);
 
 	aa_dup_task_context(new_cxt, old_cxt);
 }
@@ -507,7 +507,7 @@
 	int error = -ENOENT;
 	/* released below */
 	const struct cred *cred = get_task_cred(task);
-	struct aa_task_cxt *cxt = cred->security;
+	struct aa_task_cxt *cxt = cred_cxt(cred);
 
 	if (strcmp(name, "current") == 0)
 		error = aa_getprocattr(aa_newest_version(cxt->profile),
@@ -880,7 +880,7 @@
 		return -ENOMEM;
 
 	cxt->profile = aa_get_profile(root_ns->unconfined);
-	cred->security = cxt;
+	cred_cxt(cred) = cxt;
 
 	return 0;
 }
@@ -910,8 +910,8 @@
 	error = register_security(&apparmor_ops);
 	if (error) {
 		struct cred *cred = (struct cred *)current->real_cred;
-		aa_free_task_context(cred->security);
-		cred->security = NULL;
+		aa_free_task_context(cred_cxt(cred));
+		cred_cxt(cred) = NULL;
 		AA_ERROR("Unable to register AppArmor\n");
 		goto register_security_out;
 	}
commit	214beacaa7b669473bc963af719fa359a8312ea4	[log] [tgz]
author	John Johansen <john.johansen@canonical.com>	Wed Feb 27 03:43:40 2013 -0800
committer	John Johansen <john.johansen@canonical.com>	Sun Apr 28 00:39:35 2013 -0700
tree	e847f9c082c579f711a53f35442710af753aaf7f
parent	53fe8b9961716033571d9799005bfdbbafa5162c [diff]