apparmor: localize getting the security context to a few macros

Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2013-02-27 06:43:40 -0500
committer: John Johansen <john.johansen@canonical.com> 2013-04-28 03:39:35 -0400
commit: 214beacaa7b669473bc963af719fa359a8312ea4 (patch)
tree: e847f9c082c579f711a53f35442710af753aaf7f /security/apparmor
parent: 53fe8b9961716033571d9799005bfdbbafa5162c (diff)
4 files changed, 24 insertions, 21 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 3f911afa2bb9..d5af1d15f26d 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -93,7 +93,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
 */
 int aa_replace_current_profile(struct aa_profile *profile)
 {
-        struct aa_task_cxt *cxt = current_cred()->security;
+        struct aa_task_cxt *cxt = current_cxt();
        struct cred *new;
        BUG_ON(!profile);
@@ -104,7 +104,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
        if (unconfined(profile) || (cxt->profile->ns != profile->ns))
                /* if switching to unconfined or a different profile namespace
                 * clear out context state
@@ -136,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
        aa_get_profile(profile);
        aa_put_profile(cxt->onexec);
        cxt->onexec = profile;
@@ -163,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
                return -ENOMEM;
        BUG_ON(!profile);
-        cxt = new->security;
+        cxt = cred_cxt(new);
        if (!cxt->previous) {
                /* transfer refcount */
                cxt->previous = cxt->profile;
@@ -200,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
        if (cxt->token != token) {
                abort_creds(new);
                return -EACCES;
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 07fcb09b990f..01b7bd669a88 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -356,7 +356,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
        if (bprm->cred_prepared)
                return 0;
-        cxt = bprm->cred->security;
+        cxt = cred_cxt(bprm->cred);
        BUG_ON(!cxt);
        profile = aa_get_profile(aa_newest_version(cxt->profile));
@@ -551,7 +551,7 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
 void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 {
        struct aa_profile *profile = __aa_current_profile();
-        struct aa_task_cxt *new_cxt = bprm->cred->security;
+        struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
        /* bail out if unconfined or not changing profile */
        if ((new_cxt->profile == profile) ||
@@ -628,7 +628,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
        /* released below */
        cred = get_current_cred();
-        cxt = cred->security;
+        cxt = cred_cxt(cred);
        profile = aa_cred_profile(cred);
        previous_profile = cxt->previous;
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 4cecad313227..d44ba5802e3d 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -21,6 +21,9 @@
 #include "policy.h"
+#define cred_cxt(X) (X)->security
+#define current_cxt() cred_cxt(current_cred())
 /* struct aa_file_cxt - the AppArmor context the file was opened in
 * @perms: the permission the file was opened with
 *
@@ -93,7 +96,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task);
 */
 static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
 {
-        struct aa_task_cxt *cxt = cred->security;
+        struct aa_task_cxt *cxt = cred_cxt(cred);
        BUG_ON(!cxt || !cxt->profile);
        return aa_newest_version(cxt->profile);
 }
@@ -145,7 +148,7 @@ static inline struct aa_profile *__aa_current_profile(void)
 */
 static inline struct aa_profile *aa_current_profile(void)
 {
-        const struct aa_task_cxt *cxt = current_cred()->security;
+        const struct aa_task_cxt *cxt = current_cxt();
        struct aa_profile *profile;
        BUG_ON(!cxt || !cxt->profile);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 10843aa5a368..2027fdf2060b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -48,8 +48,8 @@ int apparmor_initialized __initdata;
 */
 static void apparmor_cred_free(struct cred *cred)
 {
-        aa_free_task_context(cred->security);
+        aa_free_task_context(cred_cxt(cred));
-        cred->security = NULL;
+        cred_cxt(cred) = NULL;
 }
 /*
@@ -62,7 +62,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
        if (!cxt)
                return -ENOMEM;
-        cred->security = cxt;
+        cred_cxt(cred) = cxt;
        return 0;
 }
@@ -77,8 +77,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
        if (!cxt)
                return -ENOMEM;
-        aa_dup_task_context(cxt, old->security);
+        aa_dup_task_context(cxt, cred_cxt(old));
-        new->security = cxt;
+        cred_cxt(new) = cxt;
        return 0;
 }
@@ -87,8 +87,8 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
 */
 static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
 {
-        const struct aa_task_cxt *old_cxt = old->security;
+        const struct aa_task_cxt *old_cxt = cred_cxt(old);
-        struct aa_task_cxt *new_cxt = new->security;
+        struct aa_task_cxt *new_cxt = cred_cxt(new);
        aa_dup_task_context(new_cxt, old_cxt);
 }
@@ -507,7 +507,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
        int error = -ENOENT;
        /* released below */
        const struct cred *cred = get_task_cred(task);
-        struct aa_task_cxt *cxt = cred->security;
+        struct aa_task_cxt *cxt = cred_cxt(cred);
        if (strcmp(name, "current") == 0)
                error = aa_getprocattr(aa_newest_version(cxt->profile),
@@ -880,7 +880,7 @@ static int __init set_init_cxt(void)
                return -ENOMEM;
        cxt->profile = aa_get_profile(root_ns->unconfined);
-        cred->security = cxt;
+        cred_cxt(cred) = cxt;
        return 0;
 }
@@ -910,8 +910,8 @@ static int __init apparmor_init(void)
        error = register_security(&apparmor_ops);
        if (error) {
                struct cred *cred = (struct cred *)current->real_cred;
-                aa_free_task_context(cred->security);
+                aa_free_task_context(cred_cxt(cred));
-                cred->security = NULL;
+                cred_cxt(cred) = NULL;
                AA_ERROR("Unable to register AppArmor\n");
                goto register_security_out;
        }
author	John Johansen <john.johansen@canonical.com>	2013-02-27 06:43:40 -0500
committer	John Johansen <john.johansen@canonical.com>	2013-04-28 03:39:35 -0400
commit	214beacaa7b669473bc963af719fa359a8312ea4 (patch)
tree	e847f9c082c579f711a53f35442710af753aaf7f /security/apparmor
parent	53fe8b9961716033571d9799005bfdbbafa5162c (diff)