diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:18 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:18 -0500 |
| commit | 86a264abe542cfececb4df129bc45a0338d8cdb9 (patch) | |
| tree | 30152f04ba847f311028d5ca697f864c16c7ebb3 /security | |
| parent | f1752eec6145c97163dbce62d17cf5d928e28a27 (diff) | |
CRED: Wrap current->cred and a few other accessors
Wrap current->cred and a few other accessors to hide their actual
implementation.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 2 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 2 | ||||
| -rw-r--r-- | security/keys/request_key.c | 11 | ||||
| -rw-r--r-- | security/selinux/exports.c | 8 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 6 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 2 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 26 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 4 |
8 files changed, 32 insertions, 29 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index fa61679f8c73..61307f590003 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
| 641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
| 642 | unsigned long arg4, unsigned long arg5, long *rc_p) | 642 | unsigned long arg4, unsigned long arg5, long *rc_p) |
| 643 | { | 643 | { |
| 644 | struct cred *cred = current->cred; | 644 | struct cred *cred = current_cred(); |
| 645 | long error = 0; | 645 | long error = 0; |
| 646 | 646 | ||
| 647 | switch (option) { | 647 | switch (option) { |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b0904cdda2e7..ce8ac6073d57 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial, | |||
| 582 | { | 582 | { |
| 583 | struct request_key_auth *rka; | 583 | struct request_key_auth *rka; |
| 584 | struct task_struct *t = current; | 584 | struct task_struct *t = current; |
| 585 | struct cred *cred = t->cred; | 585 | struct cred *cred = current_cred(); |
| 586 | struct key *key; | 586 | struct key *key; |
| 587 | key_ref_t key_ref, skey_ref; | 587 | key_ref_t key_ref, skey_ref; |
| 588 | int ret; | 588 | int ret; |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 3e9b9eb1dd28..0488b0af5bd6 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 67 | void *aux) | 67 | void *aux) |
| 68 | { | 68 | { |
| 69 | struct task_struct *tsk = current; | 69 | struct task_struct *tsk = current; |
| 70 | const struct cred *cred = current_cred(); | ||
| 70 | key_serial_t prkey, sskey; | 71 | key_serial_t prkey, sskey; |
| 71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; | 72 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
| 72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | 73 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
| @@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 96 | goto error_link; | 97 | goto error_link; |
| 97 | 98 | ||
| 98 | /* record the UID and GID */ | 99 | /* record the UID and GID */ |
| 99 | sprintf(uid_str, "%d", current_fsuid()); | 100 | sprintf(uid_str, "%d", cred->fsuid); |
| 100 | sprintf(gid_str, "%d", current_fsgid()); | 101 | sprintf(gid_str, "%d", cred->fsgid); |
| 101 | 102 | ||
| 102 | /* we say which key is under construction */ | 103 | /* we say which key is under construction */ |
| 103 | sprintf(key_str, "%d", key->serial); | 104 | sprintf(key_str, "%d", key->serial); |
| 104 | 105 | ||
| 105 | /* we specify the process's default keyrings */ | 106 | /* we specify the process's default keyrings */ |
| 106 | sprintf(keyring_str[0], "%d", | 107 | sprintf(keyring_str[0], "%d", |
| 107 | tsk->cred->thread_keyring ? | 108 | cred->thread_keyring ? |
| 108 | tsk->cred->thread_keyring->serial : 0); | 109 | cred->thread_keyring->serial : 0); |
| 109 | 110 | ||
| 110 | prkey = 0; | 111 | prkey = 0; |
| 111 | if (tsk->signal->process_keyring) | 112 | if (tsk->signal->process_keyring) |
| @@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 118 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | 119 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; |
| 119 | rcu_read_unlock(); | 120 | rcu_read_unlock(); |
| 120 | } else { | 121 | } else { |
| 121 | sskey = tsk->cred->user->session_keyring->serial; | 122 | sskey = cred->user->session_keyring->serial; |
| 122 | } | 123 | } |
| 123 | 124 | ||
| 124 | sprintf(keyring_str[2], "%d", sskey); | 125 | sprintf(keyring_str[2], "%d", sskey); |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index cf02490cd1eb..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
| @@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
| 39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
| 40 | { | 40 | { |
| 41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
| 42 | struct task_security_struct *tsec = current->cred->security; | 42 | const struct task_security_struct *__tsec; |
| 43 | u32 tsid; | ||
| 43 | 44 | ||
| 44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
| 46 | tsid = __tsec->sid; | ||
| 47 | |||
| 48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
| 45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
| 46 | } | 50 | } |
| 47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index d7db76617b0e..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
| 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
| 198 | { | 198 | { |
| 199 | int rc = 0; | 199 | int rc = 0; |
| 200 | struct task_security_struct *tsec = current->cred->security; | 200 | const struct task_security_struct *tsec = current_security(); |
| 201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
| 202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
| 203 | u32 str_len; | 203 | u32 str_len; |
| @@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
| 333 | */ | 333 | */ |
| 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
| 335 | { | 335 | { |
| 336 | struct task_security_struct *tsec = current->cred->security; | 336 | const struct task_security_struct *tsec = current_security(); |
| 337 | int rc = 0; | 337 | int rc = 0; |
| 338 | 338 | ||
| 339 | if (ctx) { | 339 | if (ctx) { |
| @@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
| 378 | */ | 378 | */ |
| 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
| 380 | { | 380 | { |
| 381 | struct task_security_struct *tsec = current->cred->security; | 381 | const struct task_security_struct *tsec = current_security(); |
| 382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
| 383 | int rc = 0; | 383 | int rc = 0; |
| 384 | 384 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index b6dd4fc0fb0b..247cec3b5a43 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
| 164 | { | 164 | { |
| 165 | int rc; | 165 | int rc; |
| 166 | 166 | ||
| 167 | rc = smk_access(current->cred->security, obj_label, mode); | 167 | rc = smk_access(current_security(), obj_label, mode); |
| 168 | if (rc == 0) | 168 | if (rc == 0) |
| 169 | return 0; | 169 | return 0; |
| 170 | 170 | ||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cc837314fb0e..e8a4fcb1ad04 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
| 143 | static int smack_syslog(int type) | 143 | static int smack_syslog(int type) |
| 144 | { | 144 | { |
| 145 | int rc; | 145 | int rc; |
| 146 | char *sp = current->cred->security; | 146 | char *sp = current_security(); |
| 147 | 147 | ||
| 148 | rc = cap_syslog(type); | 148 | rc = cap_syslog(type); |
| 149 | if (rc != 0) | 149 | if (rc != 0) |
| @@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
| 375 | */ | 375 | */ |
| 376 | static int smack_inode_alloc_security(struct inode *inode) | 376 | static int smack_inode_alloc_security(struct inode *inode) |
| 377 | { | 377 | { |
| 378 | inode->i_security = new_inode_smack(current->cred->security); | 378 | inode->i_security = new_inode_smack(current_security()); |
| 379 | if (inode->i_security == NULL) | 379 | if (inode->i_security == NULL) |
| 380 | return -ENOMEM; | 380 | return -ENOMEM; |
| 381 | return 0; | 381 | return 0; |
| @@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask) | |||
| 820 | */ | 820 | */ |
| 821 | static int smack_file_alloc_security(struct file *file) | 821 | static int smack_file_alloc_security(struct file *file) |
| 822 | { | 822 | { |
| 823 | file->f_security = current->cred->security; | 823 | file->f_security = current_security(); |
| 824 | return 0; | 824 | return 0; |
| 825 | } | 825 | } |
| 826 | 826 | ||
| @@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 918 | */ | 918 | */ |
| 919 | static int smack_file_set_fowner(struct file *file) | 919 | static int smack_file_set_fowner(struct file *file) |
| 920 | { | 920 | { |
| 921 | file->f_security = current->cred->security; | 921 | file->f_security = current_security(); |
| 922 | return 0; | 922 | return 0; |
| 923 | } | 923 | } |
| 924 | 924 | ||
| @@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file) | |||
| 986 | */ | 986 | */ |
| 987 | static int smack_cred_alloc_security(struct cred *cred) | 987 | static int smack_cred_alloc_security(struct cred *cred) |
| 988 | { | 988 | { |
| 989 | cred->security = current->cred->security; | 989 | cred->security = current_security(); |
| 990 | |||
| 991 | return 0; | 990 | return 0; |
| 992 | } | 991 | } |
| 993 | 992 | ||
| @@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
| 1225 | */ | 1224 | */ |
| 1226 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1225 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
| 1227 | { | 1226 | { |
| 1228 | char *csp = current->cred->security; | 1227 | char *csp = current_security(); |
| 1229 | struct socket_smack *ssp; | 1228 | struct socket_smack *ssp; |
| 1230 | 1229 | ||
| 1231 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1230 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
| @@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags) | |||
| 1450 | */ | 1449 | */ |
| 1451 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 1450 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
| 1452 | { | 1451 | { |
| 1453 | msg->security = current->cred->security; | 1452 | msg->security = current_security(); |
| 1454 | return 0; | 1453 | return 0; |
| 1455 | } | 1454 | } |
| 1456 | 1455 | ||
| @@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp) | |||
| 1486 | { | 1485 | { |
| 1487 | struct kern_ipc_perm *isp = &shp->shm_perm; | 1486 | struct kern_ipc_perm *isp = &shp->shm_perm; |
| 1488 | 1487 | ||
| 1489 | isp->security = current->cred->security; | 1488 | isp->security = current_security(); |
| 1490 | return 0; | 1489 | return 0; |
| 1491 | } | 1490 | } |
| 1492 | 1491 | ||
| @@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma) | |||
| 1595 | { | 1594 | { |
| 1596 | struct kern_ipc_perm *isp = &sma->sem_perm; | 1595 | struct kern_ipc_perm *isp = &sma->sem_perm; |
| 1597 | 1596 | ||
| 1598 | isp->security = current->cred->security; | 1597 | isp->security = current_security(); |
| 1599 | return 0; | 1598 | return 0; |
| 1600 | } | 1599 | } |
| 1601 | 1600 | ||
| @@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq) | |||
| 1699 | { | 1698 | { |
| 1700 | struct kern_ipc_perm *kisp = &msq->q_perm; | 1699 | struct kern_ipc_perm *kisp = &msq->q_perm; |
| 1701 | 1700 | ||
| 1702 | kisp->security = current->cred->security; | 1701 | kisp->security = current_security(); |
| 1703 | return 0; | 1702 | return 0; |
| 1704 | } | 1703 | } |
| 1705 | 1704 | ||
| @@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
| 1854 | struct super_block *sbp; | 1853 | struct super_block *sbp; |
| 1855 | struct superblock_smack *sbsp; | 1854 | struct superblock_smack *sbsp; |
| 1856 | struct inode_smack *isp; | 1855 | struct inode_smack *isp; |
| 1857 | char *csp = current->cred->security; | 1856 | char *csp = current_security(); |
| 1858 | char *fetched; | 1857 | char *fetched; |
| 1859 | char *final; | 1858 | char *final; |
| 1860 | struct dentry *dp; | 1859 | struct dentry *dp; |
| @@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
| 2290 | return; | 2289 | return; |
| 2291 | 2290 | ||
| 2292 | ssp = sk->sk_security; | 2291 | ssp = sk->sk_security; |
| 2293 | ssp->smk_in = current->cred->security; | 2292 | ssp->smk_in = ssp->smk_out = current_security(); |
| 2294 | ssp->smk_out = current->cred->security; | ||
| 2295 | ssp->smk_packet[0] = '\0'; | 2293 | ssp->smk_packet[0] = '\0'; |
| 2296 | 2294 | ||
| 2297 | rc = smack_netlabel(sk); | 2295 | rc = smack_netlabel(sk); |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c5ca279e0506..ca257dfdc75d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -336,7 +336,7 @@ static void smk_cipso_doi(void) | |||
| 336 | 336 | ||
| 337 | audit_info.loginuid = audit_get_loginuid(current); | 337 | audit_info.loginuid = audit_get_loginuid(current); |
| 338 | audit_info.sessionid = audit_get_sessionid(current); | 338 | audit_info.sessionid = audit_get_sessionid(current); |
| 339 | audit_info.secid = smack_to_secid(current->cred->security); | 339 | audit_info.secid = smack_to_secid(current_security()); |
| 340 | 340 | ||
| 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
| 342 | if (rc != 0) | 342 | if (rc != 0) |
| @@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient) | |||
| 371 | 371 | ||
| 372 | audit_info.loginuid = audit_get_loginuid(current); | 372 | audit_info.loginuid = audit_get_loginuid(current); |
| 373 | audit_info.sessionid = audit_get_sessionid(current); | 373 | audit_info.sessionid = audit_get_sessionid(current); |
| 374 | audit_info.secid = smack_to_secid(current->cred->security); | 374 | audit_info.secid = smack_to_secid(current_security()); |
| 375 | 375 | ||
| 376 | if (oldambient != NULL) { | 376 | if (oldambient != NULL) { |
| 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); |