diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
| commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
| tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /security/keys/permission.c | |
| parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) | |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/permission.c')
| -rw-r--r-- | security/keys/permission.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index 3b41f9b52537..baf3d5f31e71 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
| @@ -22,6 +22,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
| 22 | struct task_struct *context, | 22 | struct task_struct *context, |
| 23 | key_perm_t perm) | 23 | key_perm_t perm) |
| 24 | { | 24 | { |
| 25 | struct cred *cred = context->cred; | ||
| 25 | struct key *key; | 26 | struct key *key; |
| 26 | key_perm_t kperm; | 27 | key_perm_t kperm; |
| 27 | int ret; | 28 | int ret; |
| @@ -29,7 +30,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
| 29 | key = key_ref_to_ptr(key_ref); | 30 | key = key_ref_to_ptr(key_ref); |
| 30 | 31 | ||
| 31 | /* use the second 8-bits of permissions for keys the caller owns */ | 32 | /* use the second 8-bits of permissions for keys the caller owns */ |
| 32 | if (key->uid == context->fsuid) { | 33 | if (key->uid == cred->fsuid) { |
| 33 | kperm = key->perm >> 16; | 34 | kperm = key->perm >> 16; |
| 34 | goto use_these_perms; | 35 | goto use_these_perms; |
| 35 | } | 36 | } |
| @@ -37,14 +38,14 @@ int key_task_permission(const key_ref_t key_ref, | |||
| 37 | /* use the third 8-bits of permissions for keys the caller has a group | 38 | /* use the third 8-bits of permissions for keys the caller has a group |
| 38 | * membership in common with */ | 39 | * membership in common with */ |
| 39 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { | 40 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { |
| 40 | if (key->gid == context->fsgid) { | 41 | if (key->gid == cred->fsgid) { |
| 41 | kperm = key->perm >> 8; | 42 | kperm = key->perm >> 8; |
| 42 | goto use_these_perms; | 43 | goto use_these_perms; |
| 43 | } | 44 | } |
| 44 | 45 | ||
| 45 | task_lock(context); | 46 | spin_lock(&cred->lock); |
| 46 | ret = groups_search(context->group_info, key->gid); | 47 | ret = groups_search(cred->group_info, key->gid); |
| 47 | task_unlock(context); | 48 | spin_unlock(&cred->lock); |
| 48 | 49 | ||
| 49 | if (ret) { | 50 | if (ret) { |
| 50 | kperm = key->perm >> 8; | 51 | kperm = key->perm >> 8; |