shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks

All of the implementations of security hooks that take shmid_kernel only access shm_perm the struct kern_ipc_perm member. This means the dependencies of the shm security hooks can be simplified by passing the kern_ipc_perm member of shmid_kernel.. Making this change will allow struct shmid_kernel to become private to ipc/shm.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2018-03-22 22:08:27 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2018-03-22 22:08:27 -0400
commit: 7191adff2a5566efb139c79ea03eda3d0520d44a (patch)
tree: bfde0d973881cfaa21e9993b290de4ca9c5bbe4b /security/selinux/hooks.c
parent: aefad9593ec5ad4aae5346253a8b646364cd7317 (diff)
1 files changed, 14 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cce994e9fc0a..14f9e6c08273 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5674,53 +5674,53 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 }
 /* Shared Memory security operations */
-static int selinux_shm_alloc_security(struct shmid_kernel *shp)
+static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
 {
        struct ipc_security_struct *isec;
        struct common_audit_data ad;
        u32 sid = current_sid();
        int rc;
-        rc = ipc_alloc_security(&shp->shm_perm, SECCLASS_SHM);
+        rc = ipc_alloc_security(shp, SECCLASS_SHM);
        if (rc)
                return rc;
-        isec = shp->shm_perm.security;
+        isec = shp->security;
        ad.type = LSM_AUDIT_DATA_IPC;
-        ad.u.ipc_id = shp->shm_perm.key;
+        ad.u.ipc_id = shp->key;
        rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
                          SHM__CREATE, &ad);
        if (rc) {
-                ipc_free_security(&shp->shm_perm);
+                ipc_free_security(shp);
                return rc;
        }
        return 0;
 }
-static void selinux_shm_free_security(struct shmid_kernel *shp)
+static void selinux_shm_free_security(struct kern_ipc_perm *shp)
 {
-        ipc_free_security(&shp->shm_perm);
+        ipc_free_security(shp);
 }
-static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
+static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
 {
        struct ipc_security_struct *isec;
        struct common_audit_data ad;
        u32 sid = current_sid();
-        isec = shp->shm_perm.security;
+        isec = shp->security;
        ad.type = LSM_AUDIT_DATA_IPC;
-        ad.u.ipc_id = shp->shm_perm.key;
+        ad.u.ipc_id = shp->key;
        return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
                            SHM__ASSOCIATE, &ad);
 }
 /* Note, at this point, shp is locked down */
-static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
+static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
 {
        int perms;
        int err;
@@ -5749,11 +5749,11 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
                return 0;
        }
-        err = ipc_has_perm(&shp->shm_perm, perms);
+        err = ipc_has_perm(shp, perms);
        return err;
 }
-static int selinux_shm_shmat(struct shmid_kernel *shp,
+static int selinux_shm_shmat(struct kern_ipc_perm *shp,
                             char __user *shmaddr, int shmflg)
 {
        u32 perms;
@@ -5763,7 +5763,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
        else
                perms = SHM__READ | SHM__WRITE;
-        return ipc_has_perm(&shp->shm_perm, perms);
+        return ipc_has_perm(shp, perms);
 }
 /* Semaphore security operations */
author	Eric W. Biederman <ebiederm@xmission.com>	2018-03-22 22:08:27 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2018-03-22 22:08:27 -0400
commit	7191adff2a5566efb139c79ea03eda3d0520d44a (patch)
tree	bfde0d973881cfaa21e9993b290de4ca9c5bbe4b /security/selinux/hooks.c
parent	aefad9593ec5ad4aae5346253a8b646364cd7317 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cce994e9fc0a..14f9e6c08273 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -5674,53 +5674,53 @@ static int selinux_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg,
5674	}	5674	}
5675		5675
5676	/* Shared Memory security operations */	5676	/* Shared Memory security operations */
5677	static int selinux_shm_alloc_security(struct shmid_kernel *shp)	5677	static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
5678	{	5678	{
5679	struct ipc_security_struct *isec;	5679	struct ipc_security_struct *isec;
5680	struct common_audit_data ad;	5680	struct common_audit_data ad;
5681	u32 sid = current_sid();	5681	u32 sid = current_sid();
5682	int rc;	5682	int rc;
5683		5683
5684	rc = ipc_alloc_security(&shp->shm_perm, SECCLASS_SHM);	5684	rc = ipc_alloc_security(shp, SECCLASS_SHM);
5685	if (rc)	5685	if (rc)
5686	return rc;	5686	return rc;
5687		5687
5688	isec = shp->shm_perm.security;	5688	isec = shp->security;
5689		5689
5690	ad.type = LSM_AUDIT_DATA_IPC;	5690	ad.type = LSM_AUDIT_DATA_IPC;
5691	ad.u.ipc_id = shp->shm_perm.key;	5691	ad.u.ipc_id = shp->key;
5692		5692
5693	rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,	5693	rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5694	SHM__CREATE, &ad);	5694	SHM__CREATE, &ad);
5695	if (rc) {	5695	if (rc) {
5696	ipc_free_security(&shp->shm_perm);	5696	ipc_free_security(shp);
5697	return rc;	5697	return rc;
5698	}	5698	}
5699	return 0;	5699	return 0;
5700	}	5700	}
5701		5701
5702	static void selinux_shm_free_security(struct shmid_kernel *shp)	5702	static void selinux_shm_free_security(struct kern_ipc_perm *shp)
5703	{	5703	{
5704	ipc_free_security(&shp->shm_perm);	5704	ipc_free_security(shp);
5705	}	5705	}
5706		5706
5707	static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)	5707	static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
5708	{	5708	{
5709	struct ipc_security_struct *isec;	5709	struct ipc_security_struct *isec;
5710	struct common_audit_data ad;	5710	struct common_audit_data ad;
5711	u32 sid = current_sid();	5711	u32 sid = current_sid();
5712		5712
5713	isec = shp->shm_perm.security;	5713	isec = shp->security;
5714		5714
5715	ad.type = LSM_AUDIT_DATA_IPC;	5715	ad.type = LSM_AUDIT_DATA_IPC;
5716	ad.u.ipc_id = shp->shm_perm.key;	5716	ad.u.ipc_id = shp->key;
5717		5717
5718	return avc_has_perm(sid, isec->sid, SECCLASS_SHM,	5718	return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5719	SHM__ASSOCIATE, &ad);	5719	SHM__ASSOCIATE, &ad);
5720	}	5720	}
5721		5721
5722	/* Note, at this point, shp is locked down */	5722	/* Note, at this point, shp is locked down */
5723	static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)	5723	static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
5724	{	5724	{
5725	int perms;	5725	int perms;
5726	int err;	5726	int err;
@@ -5749,11 +5749,11 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5749	return 0;	5749	return 0;
5750	}	5750	}
5751		5751
5752	err = ipc_has_perm(&shp->shm_perm, perms);	5752	err = ipc_has_perm(shp, perms);
5753	return err;	5753	return err;
5754	}	5754	}
5755		5755
5756	static int selinux_shm_shmat(struct shmid_kernel *shp,	5756	static int selinux_shm_shmat(struct kern_ipc_perm *shp,
5757	char __user *shmaddr, int shmflg)	5757	char __user *shmaddr, int shmflg)
5758	{	5758	{
5759	u32 perms;	5759	u32 perms;
@@ -5763,7 +5763,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
5763	else	5763	else
5764	perms = SHM__READ \| SHM__WRITE;	5764	perms = SHM__READ \| SHM__WRITE;
5765		5765
5766	return ipc_has_perm(&shp->shm_perm, perms);	5766	return ipc_has_perm(shp, perms);
5767	}	5767	}
5768		5768
5769	/* Semaphore security operations */	5769	/* Semaphore security operations */