apparmor: rename task_ctx to the more accurate cred_ctx

Signed-off-by: John Johansen <john.johansen@canonical.com>

5 files changed, 45 insertions, 46 deletions

diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index c95f1ac6190b..89c03053303e 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -13,11 +13,11 @@
  * License.
  *
  *
- * AppArmor sets confinement on every task, via the the aa_task_ctx and
- * the aa_task_ctx.label, both of which are required and are not allowed
- * to be NULL.  The aa_task_ctx is not reference counted and is unique
+ * AppArmor sets confinement on every task, via the the aa_cred_ctx and
+ * the aa_cred_ctx.label, both of which are required and are not allowed
+ * to be NULL.  The aa_cred_ctx is not reference counted and is unique
  * to each cred (which is reference count).  The label pointed to by
- * the task_ctx is reference counted.
+ * the cred_ctx is reference counted.
  *
  * TODO
  * If a task uses change_hat it currently does not return to the old
@@ -30,21 +30,21 @@
 #include "include/policy.h"
 
 /**
- * aa_alloc_task_context - allocate a new task_ctx
+ * aa_alloc_cred_ctx - allocate a new cred_ctx
  * @flags: gfp flags for allocation
  *
  * Returns: allocated buffer or NULL on failure
  */
-struct aa_task_ctx *aa_alloc_task_context(gfp_t flags)
+struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags)
 {
-        return kzalloc(sizeof(struct aa_task_ctx), flags);
+        return kzalloc(sizeof(struct aa_cred_ctx), flags);
 }
 
 /**
- * aa_free_task_context - free a task_ctx
- * @ctx: task_ctx to free (MAYBE NULL)
+ * aa_free_cred_ctx - free a cred_ctx
+ * @ctx: cred_ctx to free (MAYBE NULL)
  */
-void aa_free_task_context(struct aa_task_ctx *ctx)
+void aa_free_cred_ctx(struct aa_cred_ctx *ctx)
 {
         if (ctx) {
                 aa_put_label(ctx->label);
@@ -56,11 +56,11 @@ void aa_free_task_context(struct aa_task_ctx *ctx)
 }
 
 /**
- * aa_dup_task_context - duplicate a task context, incrementing reference counts
+ * aa_dup_cred_ctx - duplicate a task context, incrementing reference counts
  * @new: a blank task context      (NOT NULL)
  * @old: the task context to copy  (NOT NULL)
  */
-void aa_dup_task_context(struct aa_task_ctx *new, const struct aa_task_ctx *old)
+void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old)
 {
         *new = *old;
         aa_get_label(new->label);
@@ -93,7 +93,7 @@ struct aa_label *aa_get_task_label(struct task_struct *task)
  */
 int aa_replace_current_label(struct aa_label *label)
 {
-        struct aa_task_ctx *ctx = current_ctx();
+        struct aa_cred_ctx *ctx = current_cred_ctx();
         struct cred *new;
         AA_BUG(!label);
 
@@ -112,7 +112,7 @@ int aa_replace_current_label(struct aa_label *label)
                 /* if switching to unconfined or a different label namespace
                  * clear out context state
                  */
-                aa_clear_task_ctx_trans(ctx);
+                aa_clear_cred_ctx_trans(ctx);
 
         /*
          * be careful switching ctx->profile, when racing replacement it
@@ -136,14 +136,14 @@ int aa_replace_current_label(struct aa_label *label)
  */
 int aa_set_current_onexec(struct aa_label *label, bool stack)
 {
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
         struct cred *new = prepare_creds();
         if (!new)
                 return -ENOMEM;
 
         ctx = cred_ctx(new);
         aa_get_label(label);
-        aa_clear_task_ctx_trans(ctx);
+        aa_clear_cred_ctx_trans(ctx);
         ctx->onexec = label;
         ctx->token = stack;
 
@@ -163,7 +163,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
  */
 int aa_set_current_hat(struct aa_label *label, u64 token)
 {
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
         struct cred *new = prepare_creds();
         if (!new)
                 return -ENOMEM;
@@ -201,7 +201,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
  */
 int aa_restore_previous_label(u64 token)
 {
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
         struct cred *new = prepare_creds();
         if (!new)
                 return -ENOMEM;
@@ -221,7 +221,7 @@ int aa_restore_previous_label(u64 token)
         ctx->label = aa_get_newest_label(ctx->previous);
         AA_BUG(!ctx->label);
         /* clear exec && prev information when restoring to previous context */
-        aa_clear_task_ctx_trans(ctx);
+        aa_clear_cred_ctx_trans(ctx);
 
         commit_creds(new);
         return 0;
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 6a54d2ffa840..90967de96be0 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
  */
 int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 {
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
         struct aa_label *label, *new = NULL;
         struct aa_profile *profile;
         char *buffer = NULL;
@@ -859,7 +859,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 
 done:
         /* clear out temporary/transitional state from the context */
-        aa_clear_task_ctx_trans(ctx);
+        aa_clear_cred_ctx_trans(ctx);
 
         aa_put_label(label);
         put_buffers(buffer);
@@ -1049,7 +1049,7 @@ build:
 int aa_change_hat(const char *hats[], int count, u64 token, int flags)
 {
         const struct cred *cred;
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
         struct aa_label *label, *previous, *new = NULL, *target = NULL;
         struct aa_profile *profile;
         struct aa_perms perms = {};
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 6ae07e9aaa17..0622fcf2a695 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -23,10 +23,10 @@
 #include "policy_ns.h"
 
 #define cred_ctx(X) ((X)->security)
-#define current_ctx() cred_ctx(current_cred())
+#define current_cred_ctx() cred_ctx(current_cred())
 
 /**
- * struct aa_task_ctx - primary label for confined tasks
+ * struct aa_cred_ctx - primary label for confined tasks
  * @label: the current label   (NOT NULL)
  * @exec: label to transition to on next exec  (MAYBE NULL)
  * @previous: label the task may return to     (MAYBE NULL)
@@ -37,17 +37,16 @@
  *
  * TODO: make so a task can be confined by a stack of contexts
  */
-struct aa_task_ctx {
+struct aa_cred_ctx {
         struct aa_label *label;
         struct aa_label *onexec;
         struct aa_label *previous;
         u64 token;
 };
 
-struct aa_task_ctx *aa_alloc_task_context(gfp_t flags);
-void aa_free_task_context(struct aa_task_ctx *ctx);
-void aa_dup_task_context(struct aa_task_ctx *new,
-                         const struct aa_task_ctx *old);
+struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags);
+void aa_free_cred_ctx(struct aa_cred_ctx *ctx);
+void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old);
 int aa_replace_current_label(struct aa_label *label);
 int aa_set_current_onexec(struct aa_label *label, bool stack);
 int aa_set_current_hat(struct aa_label *label, u64 token);
@@ -65,7 +64,7 @@ struct aa_label *aa_get_task_label(struct task_struct *task);
  */
 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
 {
-        struct aa_task_ctx *ctx = cred_ctx(cred);
+        struct aa_cred_ctx *ctx = cred_ctx(cred);
 
         AA_BUG(!ctx || !ctx->label);
         return ctx->label;
@@ -214,10 +213,10 @@ static inline struct aa_ns *aa_get_current_ns(void)
 }
 
 /**
- * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
+ * aa_clear_cred_ctx_trans - clear transition tracking info from the ctx
  * @ctx: task context to clear (NOT NULL)
  */
-static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
+static inline void aa_clear_cred_ctx_trans(struct aa_cred_ctx *ctx)
 {
         aa_put_label(ctx->previous);
         aa_put_label(ctx->onexec);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9a65eeaf7dfa..0624eb2081f3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -51,11 +51,11 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers);
  */
 
 /*
- * free the associated aa_task_ctx and put its labels
+ * free the associated aa_cred_ctx and put its labels
  */
 static void apparmor_cred_free(struct cred *cred)
 {
-        aa_free_task_context(cred_ctx(cred));
+        aa_free_cred_ctx(cred_ctx(cred));
         cred_ctx(cred) = NULL;
 }
 
@@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cred *cred)
 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
         /* freed by apparmor_cred_free */
-        struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+        struct aa_cred_ctx *ctx = aa_alloc_cred_ctx(gfp);
 
         if (!ctx)
                 return -ENOMEM;
@@ -75,18 +75,18 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 }
 
 /*
- * prepare new aa_task_ctx for modification by prepare_cred block
+ * prepare new aa_cred_ctx for modification by prepare_cred block
  */
 static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
                                  gfp_t gfp)
 {
         /* freed by apparmor_cred_free */
-        struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+        struct aa_cred_ctx *ctx = aa_alloc_cred_ctx(gfp);
 
         if (!ctx)
                 return -ENOMEM;
 
-        aa_dup_task_context(ctx, cred_ctx(old));
+        aa_dup_cred_ctx(ctx, cred_ctx(old));
         cred_ctx(new) = ctx;
         return 0;
 }
@@ -96,10 +96,10 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
  */
 static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
 {
-        const struct aa_task_ctx *old_ctx = cred_ctx(old);
-        struct aa_task_ctx *new_ctx = cred_ctx(new);
+        const struct aa_cred_ctx *old_ctx = cred_ctx(old);
+        struct aa_cred_ctx *new_ctx = cred_ctx(new);
 
-        aa_dup_task_context(new_ctx, old_ctx);
+        aa_dup_cred_ctx(new_ctx, old_ctx);
 }
 
 static int apparmor_ptrace_access_check(struct task_struct *child,
@@ -577,7 +577,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
         int error = -ENOENT;
         /* released below */
         const struct cred *cred = get_task_cred(task);
-        struct aa_task_ctx *ctx = cred_ctx(cred);
+        struct aa_cred_ctx *ctx = cred_ctx(cred);
         struct aa_label *label = NULL;
 
         if (strcmp(name, "current") == 0)
@@ -678,7 +678,7 @@ fail:
 static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 {
         struct aa_label *label = aa_current_raw_label();
-        struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
+        struct aa_cred_ctx *new_ctx = cred_ctx(bprm->cred);
 
         /* bail out if unconfined or not changing profile */
         if ((new_ctx->label->proxy == label->proxy) ||
@@ -1024,9 +1024,9 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
 static int __init set_init_ctx(void)
 {
         struct cred *cred = (struct cred *)current->real_cred;
-        struct aa_task_ctx *ctx;
+        struct aa_cred_ctx *ctx;
 
-        ctx = aa_alloc_task_context(GFP_KERNEL);
+        ctx = aa_alloc_cred_ctx(GFP_KERNEL);
         if (!ctx)
                 return -ENOMEM;
 
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index b0b58848c248..c505d517fa3c 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -845,7 +845,7 @@ static struct aa_profile *update_to_newest_parent(struct aa_profile *new)
  * @udata: serialized data stream  (NOT NULL)
  *
  * unpack and replace a profile on the profile list and uses of that profile
- * by any aa_task_ctx.  If the profile does not exist on the profile list
+ * by any aa_cred_ctx.  If the profile does not exist on the profile list
  * it is added.
  *
  * Returns: size of data consumed else error code on failure.