Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: - Extend LSM stacking to allow sharing of cred, file, ipc, inode, and task blobs. This paves the way for more full-featured LSMs to be merged, and is specifically aimed at LandLock and SARA LSMs. This work is from Casey and Kees. - There's a new LSM from Micah Morton: "SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist." This feature is currently shipping in ChromeOS. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits) keys: fix missing __user in KEYCTL_PKEY_QUERY LSM: Update list of SECURITYFS users in Kconfig LSM: Ignore "security=" when "lsm=" is specified LSM: Update function documentation for cap_capable security: mark expected switch fall-throughs and add a missing break tomoyo: Bump version. LSM: fix return value check in safesetid_init_securityfs() LSM: SafeSetID: add selftest LSM: SafeSetID: remove unused include LSM: SafeSetID: 'depend' on CONFIG_SECURITY LSM: Add 'name' field for SafeSetID in DEFINE_LSM LSM: add SafeSetID module that gates setid calls LSM: add SafeSetID module that gates setid calls tomoyo: Allow multiple use_group lines. tomoyo: Coding style fix. tomoyo: Swicth from cred->security to task_struct->security. security: keys: annotate implicit fall throughs security: keys: annotate implicit fall throughs security: keys: annotate implicit fall through capabilities:: annotate implicit fall through ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 14:44:01 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 14:44:01 -0500
commit: ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch)
tree: 841a11c6d3c3afcf7e4d57be370ebcf57aab214a /security/apparmor/include/task.h
parent: 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff)
parent: 468e91cecb3218afd684b8c422490dfebe0691bb (diff)
1 files changed, 4 insertions, 14 deletions
diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h
index 55edaa1d83f8..311e652324e3 100644
--- a/security/apparmor/include/task.h
+++ b/security/apparmor/include/task.h
@@ -14,7 +14,10 @@
 #ifndef __AA_TASK_H
 #define __AA_TASK_H
-#define task_ctx(X) ((X)->security)
+static inline struct aa_task_ctx *task_ctx(struct task_struct *task)
+{
+        return task->security + apparmor_blob_sizes.lbs_task;
+}
 /*
 * struct aa_task_ctx - information for current task label change
@@ -37,17 +40,6 @@ int aa_restore_previous_label(u64 cookie);
 struct aa_label *aa_get_task_label(struct task_struct *task);
 /**
- * aa_alloc_task_ctx - allocate a new task_ctx
- * @flags: gfp flags for allocation
- *
- * Returns: allocated buffer or NULL on failure
- */
-static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags)
-{
-        return kzalloc(sizeof(struct aa_task_ctx), flags);
-}
-/**
 * aa_free_task_ctx - free a task_ctx
 * @ctx: task_ctx to free (MAYBE NULL)
 */
@@ -57,8 +49,6 @@ static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
                aa_put_label(ctx->nnp);
                aa_put_label(ctx->previous);
                aa_put_label(ctx->onexec);
-                kzfree(ctx);
        }
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 14:44:01 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 14:44:01 -0500
commit	ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch)
tree	841a11c6d3c3afcf7e4d57be370ebcf57aab214a /security/apparmor/include/task.h
parent	1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff)
parent	468e91cecb3218afd684b8c422490dfebe0691bb (diff)