aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/domain.c19
-rw-r--r--security/apparmor/include/domain.h1
-rw-r--r--security/apparmor/include/file.h3
-rw-r--r--security/apparmor/lsm.c1
4 files changed, 1 insertions, 23 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 67ec52cfc523..17a601c67b62 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -807,7 +807,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
807 aa_label_printk(new, GFP_ATOMIC); 807 aa_label_printk(new, GFP_ATOMIC);
808 dbg_printk("\n"); 808 dbg_printk("\n");
809 } 809 }
810 bprm->unsafe |= AA_SECURE_X_NEEDED; 810 bprm->secureexec = 1;
811 } 811 }
812 812
813 if (label->proxy != new->proxy) { 813 if (label->proxy != new->proxy) {
@@ -843,23 +843,6 @@ audit:
843 goto done; 843 goto done;
844} 844}
845 845
846/**
847 * apparmor_bprm_secureexec - determine if secureexec is needed
848 * @bprm: binprm for exec (NOT NULL)
849 *
850 * Returns: %1 if secureexec is needed else %0
851 */
852int apparmor_bprm_secureexec(struct linux_binprm *bprm)
853{
854 /* the decision to use secure exec is computed in set_creds
855 * and stored in bprm->unsafe.
856 */
857 if (bprm->unsafe & AA_SECURE_X_NEEDED)
858 return 1;
859
860 return 0;
861}
862
863/* 846/*
864 * Functions for self directed profile change 847 * Functions for self directed profile change
865 */ 848 */
diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h
index bab5810b6e9a..24c5976d6143 100644
--- a/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@ -30,7 +30,6 @@ struct aa_domain {
30#define AA_CHANGE_STACK 8 30#define AA_CHANGE_STACK 8
31 31
32int apparmor_bprm_set_creds(struct linux_binprm *bprm); 32int apparmor_bprm_set_creds(struct linux_binprm *bprm);
33int apparmor_bprm_secureexec(struct linux_binprm *bprm);
34 33
35void aa_free_domain_entries(struct aa_domain *domain); 34void aa_free_domain_entries(struct aa_domain *domain);
36int aa_change_hat(const char *hats[], int count, u64 token, int flags); 35int aa_change_hat(const char *hats[], int count, u64 token, int flags);
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 001e40073ff9..4c2c8ac8842f 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -101,9 +101,6 @@ static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx)
101#define AA_X_INHERIT 0x4000 101#define AA_X_INHERIT 0x4000
102#define AA_X_UNCONFINED 0x8000 102#define AA_X_UNCONFINED 0x8000
103 103
104/* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */
105#define AA_SECURE_X_NEEDED 0x8000
106
107/* need to make conditional which ones are being set */ 104/* need to make conditional which ones are being set */
108struct path_cond { 105struct path_cond {
109 kuid_t uid; 106 kuid_t uid;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 867bcd154c7e..7a82c0f61452 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -694,7 +694,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
694 LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds), 694 LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds),
695 LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds), 695 LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds),
696 LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds), 696 LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds),
697 LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec),
698 697
699 LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), 698 LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
700}; 699};
generated by cgit v1.2.2 (git 2.25.0) at 2026-05-27 18:43:58 -0400