diff options
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/security/security.c b/security/security.c index a618e22df5c6..992b612c819a 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -278,6 +278,9 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) | |||
| 278 | kfree(sep); | 278 | kfree(sep); |
| 279 | } | 279 | } |
| 280 | 280 | ||
| 281 | static void __init lsm_early_cred(struct cred *cred); | ||
| 282 | static void __init lsm_early_task(struct task_struct *task); | ||
| 283 | |||
| 281 | static void __init ordered_lsm_init(void) | 284 | static void __init ordered_lsm_init(void) |
| 282 | { | 285 | { |
| 283 | struct lsm_info **lsm; | 286 | struct lsm_info **lsm; |
| @@ -312,6 +315,8 @@ static void __init ordered_lsm_init(void) | |||
| 312 | blob_sizes.lbs_inode, 0, | 315 | blob_sizes.lbs_inode, 0, |
| 313 | SLAB_PANIC, NULL); | 316 | SLAB_PANIC, NULL); |
| 314 | 317 | ||
| 318 | lsm_early_cred((struct cred *) current->cred); | ||
| 319 | lsm_early_task(current); | ||
| 315 | for (lsm = ordered_lsms; *lsm; lsm++) | 320 | for (lsm = ordered_lsms; *lsm; lsm++) |
| 316 | initialize_lsm(*lsm); | 321 | initialize_lsm(*lsm); |
| 317 | 322 | ||
| @@ -465,17 +470,12 @@ static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) | |||
| 465 | * lsm_early_cred - during initialization allocate a composite cred blob | 470 | * lsm_early_cred - during initialization allocate a composite cred blob |
| 466 | * @cred: the cred that needs a blob | 471 | * @cred: the cred that needs a blob |
| 467 | * | 472 | * |
| 468 | * Allocate the cred blob for all the modules if it's not already there | 473 | * Allocate the cred blob for all the modules |
| 469 | */ | 474 | */ |
| 470 | void __init lsm_early_cred(struct cred *cred) | 475 | static void __init lsm_early_cred(struct cred *cred) |
| 471 | { | 476 | { |
| 472 | int rc; | 477 | int rc = lsm_cred_alloc(cred, GFP_KERNEL); |
| 473 | 478 | ||
| 474 | if (cred == NULL) | ||
| 475 | panic("%s: NULL cred.\n", __func__); | ||
| 476 | if (cred->security != NULL) | ||
| 477 | return; | ||
| 478 | rc = lsm_cred_alloc(cred, GFP_KERNEL); | ||
| 479 | if (rc) | 479 | if (rc) |
| 480 | panic("%s: Early cred alloc failed.\n", __func__); | 480 | panic("%s: Early cred alloc failed.\n", __func__); |
| 481 | } | 481 | } |
| @@ -589,17 +589,12 @@ int lsm_msg_msg_alloc(struct msg_msg *mp) | |||
| 589 | * lsm_early_task - during initialization allocate a composite task blob | 589 | * lsm_early_task - during initialization allocate a composite task blob |
| 590 | * @task: the task that needs a blob | 590 | * @task: the task that needs a blob |
| 591 | * | 591 | * |
| 592 | * Allocate the task blob for all the modules if it's not already there | 592 | * Allocate the task blob for all the modules |
| 593 | */ | 593 | */ |
| 594 | void __init lsm_early_task(struct task_struct *task) | 594 | static void __init lsm_early_task(struct task_struct *task) |
| 595 | { | 595 | { |
| 596 | int rc; | 596 | int rc = lsm_task_alloc(task); |
| 597 | 597 | ||
| 598 | if (task == NULL) | ||
| 599 | panic("%s: task cred.\n", __func__); | ||
| 600 | if (task->security != NULL) | ||
| 601 | return; | ||
| 602 | rc = lsm_task_alloc(task); | ||
| 603 | if (rc) | 598 | if (rc) |
| 604 | panic("%s: Early task alloc failed.\n", __func__); | 599 | panic("%s: Early task alloc failed.\n", __func__); |
| 605 | } | 600 | } |