1 files changed, 28 insertions, 16 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 8a9b5027c813..d5af1d15f26d 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -69,6 +69,23 @@ void aa_dup_task_context(struct aa_task_cxt *new, const struct aa_task_cxt *old)
 }
 /**
+ * aa_get_task_profile - Get another task's profile
+ * @task: task to query  (NOT NULL)
+ *
+ * Returns: counted reference to @task's profile
+ */
+struct aa_profile *aa_get_task_profile(struct task_struct *task)
+{
+        struct aa_profile *p;
+        rcu_read_lock();
+        p = aa_get_profile(__aa_task_profile(task));
+        rcu_read_unlock();
+        return p;
+}
+/**
 * aa_replace_current_profile - replace the current tasks profiles
 * @profile: new profile  (NOT NULL)
 *
@@ -76,7 +93,7 @@ void aa_dup_task_context(struct aa_task_cxt *new, const struct aa_task_cxt *old)
 */
 int aa_replace_current_profile(struct aa_profile *profile)
 {
-        struct aa_task_cxt *cxt = current_cred()->security;
+        struct aa_task_cxt *cxt = current_cxt();
        struct cred *new;
        BUG_ON(!profile);
@@ -87,17 +104,13 @@ int aa_replace_current_profile(struct aa_profile *profile)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
-        if (unconfined(profile) || (cxt->profile->ns != profile->ns)) {
+        if (unconfined(profile) || (cxt->profile->ns != profile->ns))
                /* if switching to unconfined or a different profile namespace
                 * clear out context state
                 */
-                aa_put_profile(cxt->previous);
+                aa_clear_task_cxt_trans(cxt);
-                aa_put_profile(cxt->onexec);
-                cxt->previous = NULL;
-                cxt->onexec = NULL;
-                cxt->token = 0;
-        }
        /* be careful switching cxt->profile, when racing replacement it
         * is possible that cxt->profile->replacedby is the reference keeping
         * @profile valid, so make sure to get its reference before dropping
@@ -123,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
        aa_get_profile(profile);
        aa_put_profile(cxt->onexec);
        cxt->onexec = profile;
@@ -150,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
                return -ENOMEM;
        BUG_ON(!profile);
-        cxt = new->security;
+        cxt = cred_cxt(new);
        if (!cxt->previous) {
                /* transfer refcount */
                cxt->previous = cxt->profile;
@@ -187,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
        if (!new)
                return -ENOMEM;
-        cxt = new->security;
+        cxt = cred_cxt(new);
        if (cxt->token != token) {
                abort_creds(new);
                return -EACCES;
@@ -205,11 +218,10 @@ int aa_restore_previous_profile(u64 token)
                aa_get_profile(cxt->profile);
                aa_put_profile(cxt->previous);
        }
-        /* clear exec && prev information when restoring to previous context */
+        /* ref has been transfered so avoid putting ref in clear_task_cxt */
        cxt->previous = NULL;
-        cxt->token = 0;
+        /* clear exec && prev information when restoring to previous context */
-        aa_put_profile(cxt->onexec);
+        aa_clear_task_cxt_trans(cxt);
-        cxt->onexec = NULL;
        commit_creds(new);
        return 0;

diff --git a/security/apparmor/context.c b/security/apparmor/context.c index 8a9b5027c813..d5af1d15f26d 100644 --- a/security/apparmor/context.c +++ b/security/apparmor/context.c
@@ -69,6 +69,23 @@ void aa_dup_task_context(struct aa_task_cxt new, const struct aa_task_cxt old)
69	}	69	}
70		70
71	/**	71	/**
		72	* aa_get_task_profile - Get another task's profile
		73	* @task: task to query (NOT NULL)
		74	*
		75	* Returns: counted reference to @task's profile
		76	*/
		77	struct aa_profile aa_get_task_profile(struct task_struct task)
		78	{
		79	struct aa_profile *p;
		80
		81	rcu_read_lock();
		82	p = aa_get_profile(__aa_task_profile(task));
		83	rcu_read_unlock();
		84
		85	return p;
		86	}
		87
		88	/**
72	* aa_replace_current_profile - replace the current tasks profiles	89	* aa_replace_current_profile - replace the current tasks profiles
73	* @profile: new profile (NOT NULL)	90	* @profile: new profile (NOT NULL)
74	*	91	*
@@ -76,7 +93,7 @@ void aa_dup_task_context(struct aa_task_cxt new, const struct aa_task_cxt old)
76	*/	93	*/
77	int aa_replace_current_profile(struct aa_profile *profile)	94	int aa_replace_current_profile(struct aa_profile *profile)
78	{	95	{
79	struct aa_task_cxt *cxt = current_cred()->security;	96	struct aa_task_cxt *cxt = current_cxt();
80	struct cred *new;	97	struct cred *new;
81	BUG_ON(!profile);	98	BUG_ON(!profile);
82		99
@@ -87,17 +104,13 @@ int aa_replace_current_profile(struct aa_profile *profile)
87	if (!new)	104	if (!new)
88	return -ENOMEM;	105	return -ENOMEM;
89		106
90	cxt = new->security;	107	cxt = cred_cxt(new);
91	if (unconfined(profile) \|\| (cxt->profile->ns != profile->ns)) {	108	if (unconfined(profile) \|\| (cxt->profile->ns != profile->ns))
92	/* if switching to unconfined or a different profile namespace	109	/* if switching to unconfined or a different profile namespace
93	* clear out context state	110	* clear out context state
94	*/	111	*/
95	aa_put_profile(cxt->previous);	112	aa_clear_task_cxt_trans(cxt);
96	aa_put_profile(cxt->onexec);	113
97	cxt->previous = NULL;
98	cxt->onexec = NULL;
99	cxt->token = 0;
100	}
101	/* be careful switching cxt->profile, when racing replacement it	114	/* be careful switching cxt->profile, when racing replacement it
102	* is possible that cxt->profile->replacedby is the reference keeping	115	* is possible that cxt->profile->replacedby is the reference keeping
103	* @profile valid, so make sure to get its reference before dropping	116	* @profile valid, so make sure to get its reference before dropping
@@ -123,7 +136,7 @@ int aa_set_current_onexec(struct aa_profile *profile)
123	if (!new)	136	if (!new)
124	return -ENOMEM;	137	return -ENOMEM;
125		138
126	cxt = new->security;	139	cxt = cred_cxt(new);
127	aa_get_profile(profile);	140	aa_get_profile(profile);
128	aa_put_profile(cxt->onexec);	141	aa_put_profile(cxt->onexec);
129	cxt->onexec = profile;	142	cxt->onexec = profile;
@@ -150,7 +163,7 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
150	return -ENOMEM;	163	return -ENOMEM;
151	BUG_ON(!profile);	164	BUG_ON(!profile);
152		165
153	cxt = new->security;	166	cxt = cred_cxt(new);
154	if (!cxt->previous) {	167	if (!cxt->previous) {
155	/* transfer refcount */	168	/* transfer refcount */
156	cxt->previous = cxt->profile;	169	cxt->previous = cxt->profile;
@@ -187,7 +200,7 @@ int aa_restore_previous_profile(u64 token)
187	if (!new)	200	if (!new)
188	return -ENOMEM;	201	return -ENOMEM;
189		202
190	cxt = new->security;	203	cxt = cred_cxt(new);
191	if (cxt->token != token) {	204	if (cxt->token != token) {
192	abort_creds(new);	205	abort_creds(new);
193	return -EACCES;	206	return -EACCES;
@@ -205,11 +218,10 @@ int aa_restore_previous_profile(u64 token)
205	aa_get_profile(cxt->profile);	218	aa_get_profile(cxt->profile);
206	aa_put_profile(cxt->previous);	219	aa_put_profile(cxt->previous);
207	}	220	}
208	/* clear exec && prev information when restoring to previous context */	221	/* ref has been transfered so avoid putting ref in clear_task_cxt */
209	cxt->previous = NULL;	222	cxt->previous = NULL;
210	cxt->token = 0;	223	/* clear exec && prev information when restoring to previous context */
211	aa_put_profile(cxt->onexec);	224	aa_clear_task_cxt_trans(cxt);
212	cxt->onexec = NULL;
213		225
214	commit_creds(new);	226	commit_creds(new);
215	return 0;	227	return 0;