diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 64 | ||||
-rw-r--r-- | security/keys/permission.c | 10 | ||||
-rw-r--r-- | security/keys/process_keys.c | 24 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 13 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 32 |
5 files changed, 86 insertions, 57 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 61307f590003..0384bf95db68 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -51,10 +51,13 @@ EXPORT_SYMBOL(cap_netlink_recv); | |||
51 | */ | 51 | */ |
52 | int cap_capable(struct task_struct *tsk, int cap, int audit) | 52 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
53 | { | 53 | { |
54 | __u32 cap_raised; | ||
55 | |||
54 | /* Derived from include/linux/sched.h:capable. */ | 56 | /* Derived from include/linux/sched.h:capable. */ |
55 | if (cap_raised(tsk->cred->cap_effective, cap)) | 57 | rcu_read_lock(); |
56 | return 0; | 58 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); |
57 | return -EPERM; | 59 | rcu_read_unlock(); |
60 | return cap_raised ? 0 : -EPERM; | ||
58 | } | 61 | } |
59 | 62 | ||
60 | int cap_settime(struct timespec *ts, struct timezone *tz) | 63 | int cap_settime(struct timespec *ts, struct timezone *tz) |
@@ -66,34 +69,42 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
66 | 69 | ||
67 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | 70 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) |
68 | { | 71 | { |
69 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 72 | int ret = 0; |
70 | if (cap_issubset(child->cred->cap_permitted, | 73 | |
71 | current->cred->cap_permitted)) | 74 | rcu_read_lock(); |
72 | return 0; | 75 | if (!cap_issubset(child->cred->cap_permitted, |
73 | if (capable(CAP_SYS_PTRACE)) | 76 | current->cred->cap_permitted) && |
74 | return 0; | 77 | !capable(CAP_SYS_PTRACE)) |
75 | return -EPERM; | 78 | ret = -EPERM; |
79 | rcu_read_unlock(); | ||
80 | return ret; | ||
76 | } | 81 | } |
77 | 82 | ||
78 | int cap_ptrace_traceme(struct task_struct *parent) | 83 | int cap_ptrace_traceme(struct task_struct *parent) |
79 | { | 84 | { |
80 | if (cap_issubset(current->cred->cap_permitted, | 85 | int ret = 0; |
81 | parent->cred->cap_permitted)) | 86 | |
82 | return 0; | 87 | rcu_read_lock(); |
83 | if (has_capability(parent, CAP_SYS_PTRACE)) | 88 | if (!cap_issubset(current->cred->cap_permitted, |
84 | return 0; | 89 | parent->cred->cap_permitted) && |
85 | return -EPERM; | 90 | !has_capability(parent, CAP_SYS_PTRACE)) |
91 | ret = -EPERM; | ||
92 | rcu_read_unlock(); | ||
93 | return ret; | ||
86 | } | 94 | } |
87 | 95 | ||
88 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, | 96 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, |
89 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 97 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
90 | { | 98 | { |
91 | struct cred *cred = target->cred; | 99 | const struct cred *cred; |
92 | 100 | ||
93 | /* Derived from kernel/capability.c:sys_capget. */ | 101 | /* Derived from kernel/capability.c:sys_capget. */ |
102 | rcu_read_lock(); | ||
103 | cred = __task_cred(target); | ||
94 | *effective = cred->cap_effective; | 104 | *effective = cred->cap_effective; |
95 | *inheritable = cred->cap_inheritable; | 105 | *inheritable = cred->cap_inheritable; |
96 | *permitted = cred->cap_permitted; | 106 | *permitted = cred->cap_permitted; |
107 | rcu_read_unlock(); | ||
97 | return 0; | 108 | return 0; |
98 | } | 109 | } |
99 | 110 | ||
@@ -433,7 +444,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | |||
433 | 444 | ||
434 | int cap_bprm_secureexec (struct linux_binprm *bprm) | 445 | int cap_bprm_secureexec (struct linux_binprm *bprm) |
435 | { | 446 | { |
436 | const struct cred *cred = current->cred; | 447 | const struct cred *cred = current_cred(); |
437 | 448 | ||
438 | if (cred->uid != 0) { | 449 | if (cred->uid != 0) { |
439 | if (bprm->cap_effective) | 450 | if (bprm->cap_effective) |
@@ -511,11 +522,11 @@ static inline void cap_emulate_setxuid (int old_ruid, int old_euid, | |||
511 | if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && | 522 | if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && |
512 | (cred->uid != 0 && cred->euid != 0 && cred->suid != 0) && | 523 | (cred->uid != 0 && cred->euid != 0 && cred->suid != 0) && |
513 | !issecure(SECURE_KEEP_CAPS)) { | 524 | !issecure(SECURE_KEEP_CAPS)) { |
514 | cap_clear (cred->cap_permitted); | 525 | cap_clear(cred->cap_permitted); |
515 | cap_clear (cred->cap_effective); | 526 | cap_clear(cred->cap_effective); |
516 | } | 527 | } |
517 | if (old_euid == 0 && cred->euid != 0) { | 528 | if (old_euid == 0 && cred->euid != 0) { |
518 | cap_clear (cred->cap_effective); | 529 | cap_clear(cred->cap_effective); |
519 | } | 530 | } |
520 | if (old_euid != 0 && cred->euid == 0) { | 531 | if (old_euid != 0 && cred->euid == 0) { |
521 | cred->cap_effective = cred->cap_permitted; | 532 | cred->cap_effective = cred->cap_permitted; |
@@ -582,9 +593,14 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | |||
582 | */ | 593 | */ |
583 | static int cap_safe_nice(struct task_struct *p) | 594 | static int cap_safe_nice(struct task_struct *p) |
584 | { | 595 | { |
585 | if (!cap_issubset(p->cred->cap_permitted, | 596 | int is_subset; |
586 | current->cred->cap_permitted) && | 597 | |
587 | !capable(CAP_SYS_NICE)) | 598 | rcu_read_lock(); |
599 | is_subset = cap_issubset(__task_cred(p)->cap_permitted, | ||
600 | current_cred()->cap_permitted); | ||
601 | rcu_read_unlock(); | ||
602 | |||
603 | if (!is_subset && !capable(CAP_SYS_NICE)) | ||
588 | return -EPERM; | 604 | return -EPERM; |
589 | return 0; | 605 | return 0; |
590 | } | 606 | } |
diff --git a/security/keys/permission.c b/security/keys/permission.c index baf3d5f31e71..13c36164f284 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
@@ -22,13 +22,16 @@ int key_task_permission(const key_ref_t key_ref, | |||
22 | struct task_struct *context, | 22 | struct task_struct *context, |
23 | key_perm_t perm) | 23 | key_perm_t perm) |
24 | { | 24 | { |
25 | struct cred *cred = context->cred; | 25 | const struct cred *cred; |
26 | struct key *key; | 26 | struct key *key; |
27 | key_perm_t kperm; | 27 | key_perm_t kperm; |
28 | int ret; | 28 | int ret; |
29 | 29 | ||
30 | key = key_ref_to_ptr(key_ref); | 30 | key = key_ref_to_ptr(key_ref); |
31 | 31 | ||
32 | rcu_read_lock(); | ||
33 | cred = __task_cred(context); | ||
34 | |||
32 | /* use the second 8-bits of permissions for keys the caller owns */ | 35 | /* use the second 8-bits of permissions for keys the caller owns */ |
33 | if (key->uid == cred->fsuid) { | 36 | if (key->uid == cred->fsuid) { |
34 | kperm = key->perm >> 16; | 37 | kperm = key->perm >> 16; |
@@ -43,10 +46,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
43 | goto use_these_perms; | 46 | goto use_these_perms; |
44 | } | 47 | } |
45 | 48 | ||
46 | spin_lock(&cred->lock); | ||
47 | ret = groups_search(cred->group_info, key->gid); | 49 | ret = groups_search(cred->group_info, key->gid); |
48 | spin_unlock(&cred->lock); | ||
49 | |||
50 | if (ret) { | 50 | if (ret) { |
51 | kperm = key->perm >> 8; | 51 | kperm = key->perm >> 8; |
52 | goto use_these_perms; | 52 | goto use_these_perms; |
@@ -57,6 +57,8 @@ int key_task_permission(const key_ref_t key_ref, | |||
57 | kperm = key->perm; | 57 | kperm = key->perm; |
58 | 58 | ||
59 | use_these_perms: | 59 | use_these_perms: |
60 | rcu_read_lock(); | ||
61 | |||
60 | /* use the top 8-bits of permissions for keys the caller possesses | 62 | /* use the top 8-bits of permissions for keys the caller possesses |
61 | * - possessor permissions are additive with other permissions | 63 | * - possessor permissions are additive with other permissions |
62 | */ | 64 | */ |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index ce8ac6073d57..212601ebaa46 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -412,10 +412,13 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
412 | struct task_struct *context) | 412 | struct task_struct *context) |
413 | { | 413 | { |
414 | struct request_key_auth *rka; | 414 | struct request_key_auth *rka; |
415 | struct cred *cred; | ||
415 | key_ref_t key_ref, ret, err; | 416 | key_ref_t key_ref, ret, err; |
416 | 417 | ||
417 | might_sleep(); | 418 | might_sleep(); |
418 | 419 | ||
420 | cred = get_task_cred(context); | ||
421 | |||
419 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were | 422 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
420 | * searchable, but we failed to find a key or we found a negative key; | 423 | * searchable, but we failed to find a key or we found a negative key; |
421 | * otherwise we want to return a sample error (probably -EACCES) if | 424 | * otherwise we want to return a sample error (probably -EACCES) if |
@@ -428,9 +431,9 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
428 | err = ERR_PTR(-EAGAIN); | 431 | err = ERR_PTR(-EAGAIN); |
429 | 432 | ||
430 | /* search the thread keyring first */ | 433 | /* search the thread keyring first */ |
431 | if (context->cred->thread_keyring) { | 434 | if (cred->thread_keyring) { |
432 | key_ref = keyring_search_aux( | 435 | key_ref = keyring_search_aux( |
433 | make_key_ref(context->cred->thread_keyring, 1), | 436 | make_key_ref(cred->thread_keyring, 1), |
434 | context, type, description, match); | 437 | context, type, description, match); |
435 | if (!IS_ERR(key_ref)) | 438 | if (!IS_ERR(key_ref)) |
436 | goto found; | 439 | goto found; |
@@ -495,9 +498,9 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
495 | } | 498 | } |
496 | } | 499 | } |
497 | /* or search the user-session keyring */ | 500 | /* or search the user-session keyring */ |
498 | else if (context->cred->user->session_keyring) { | 501 | else if (cred->user->session_keyring) { |
499 | key_ref = keyring_search_aux( | 502 | key_ref = keyring_search_aux( |
500 | make_key_ref(context->cred->user->session_keyring, 1), | 503 | make_key_ref(cred->user->session_keyring, 1), |
501 | context, type, description, match); | 504 | context, type, description, match); |
502 | if (!IS_ERR(key_ref)) | 505 | if (!IS_ERR(key_ref)) |
503 | goto found; | 506 | goto found; |
@@ -519,20 +522,20 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
519 | * search the keyrings of the process mentioned there | 522 | * search the keyrings of the process mentioned there |
520 | * - we don't permit access to request_key auth keys via this method | 523 | * - we don't permit access to request_key auth keys via this method |
521 | */ | 524 | */ |
522 | if (context->cred->request_key_auth && | 525 | if (cred->request_key_auth && |
523 | context == current && | 526 | context == current && |
524 | type != &key_type_request_key_auth | 527 | type != &key_type_request_key_auth |
525 | ) { | 528 | ) { |
526 | /* defend against the auth key being revoked */ | 529 | /* defend against the auth key being revoked */ |
527 | down_read(&context->cred->request_key_auth->sem); | 530 | down_read(&cred->request_key_auth->sem); |
528 | 531 | ||
529 | if (key_validate(context->cred->request_key_auth) == 0) { | 532 | if (key_validate(cred->request_key_auth) == 0) { |
530 | rka = context->cred->request_key_auth->payload.data; | 533 | rka = cred->request_key_auth->payload.data; |
531 | 534 | ||
532 | key_ref = search_process_keyrings(type, description, | 535 | key_ref = search_process_keyrings(type, description, |
533 | match, rka->context); | 536 | match, rka->context); |
534 | 537 | ||
535 | up_read(&context->cred->request_key_auth->sem); | 538 | up_read(&cred->request_key_auth->sem); |
536 | 539 | ||
537 | if (!IS_ERR(key_ref)) | 540 | if (!IS_ERR(key_ref)) |
538 | goto found; | 541 | goto found; |
@@ -549,7 +552,7 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
549 | break; | 552 | break; |
550 | } | 553 | } |
551 | } else { | 554 | } else { |
552 | up_read(&context->cred->request_key_auth->sem); | 555 | up_read(&cred->request_key_auth->sem); |
553 | } | 556 | } |
554 | } | 557 | } |
555 | 558 | ||
@@ -557,6 +560,7 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
557 | key_ref = ret ? ret : err; | 560 | key_ref = ret ? ret : err; |
558 | 561 | ||
559 | found: | 562 | found: |
563 | put_cred(cred); | ||
560 | return key_ref; | 564 | return key_ref; |
561 | 565 | ||
562 | } /* end search_process_keyrings() */ | 566 | } /* end search_process_keyrings() */ |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 10715d1330b9..c86303638235 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val); | |||
95 | static int task_has_security(struct task_struct *tsk, | 95 | static int task_has_security(struct task_struct *tsk, |
96 | u32 perms) | 96 | u32 perms) |
97 | { | 97 | { |
98 | struct task_security_struct *tsec; | 98 | const struct task_security_struct *tsec; |
99 | 99 | u32 sid = 0; | |
100 | tsec = tsk->cred->security; | 100 | |
101 | rcu_read_lock(); | ||
102 | tsec = __task_cred(tsk)->security; | ||
103 | if (tsec) | ||
104 | sid = tsec->sid; | ||
105 | rcu_read_unlock(); | ||
101 | if (!tsec) | 106 | if (!tsec) |
102 | return -EACCES; | 107 | return -EACCES; |
103 | 108 | ||
104 | return avc_has_perm(tsec->sid, SECINITSID_SECURITY, | 109 | return avc_has_perm(sid, SECINITSID_SECURITY, |
105 | SECCLASS_SECURITY, perms, NULL); | 110 | SECCLASS_SECURITY, perms, NULL); |
106 | } | 111 | } |
107 | 112 | ||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e8a4fcb1ad04..11167fd567b9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -30,6 +30,8 @@ | |||
30 | 30 | ||
31 | #include "smack.h" | 31 | #include "smack.h" |
32 | 32 | ||
33 | #define task_security(task) (task_cred_xxx((task), security)) | ||
34 | |||
33 | /* | 35 | /* |
34 | * I hope these are the hokeyist lines of code in the module. Casey. | 36 | * I hope these are the hokeyist lines of code in the module. Casey. |
35 | */ | 37 | */ |
@@ -1012,7 +1014,7 @@ static void smack_cred_free(struct cred *cred) | |||
1012 | */ | 1014 | */ |
1013 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | 1015 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) |
1014 | { | 1016 | { |
1015 | return smk_curacc(p->cred->security, MAY_WRITE); | 1017 | return smk_curacc(task_security(p), MAY_WRITE); |
1016 | } | 1018 | } |
1017 | 1019 | ||
1018 | /** | 1020 | /** |
@@ -1023,7 +1025,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | |||
1023 | */ | 1025 | */ |
1024 | static int smack_task_getpgid(struct task_struct *p) | 1026 | static int smack_task_getpgid(struct task_struct *p) |
1025 | { | 1027 | { |
1026 | return smk_curacc(p->cred->security, MAY_READ); | 1028 | return smk_curacc(task_security(p), MAY_READ); |
1027 | } | 1029 | } |
1028 | 1030 | ||
1029 | /** | 1031 | /** |
@@ -1034,7 +1036,7 @@ static int smack_task_getpgid(struct task_struct *p) | |||
1034 | */ | 1036 | */ |
1035 | static int smack_task_getsid(struct task_struct *p) | 1037 | static int smack_task_getsid(struct task_struct *p) |
1036 | { | 1038 | { |
1037 | return smk_curacc(p->cred->security, MAY_READ); | 1039 | return smk_curacc(task_security(p), MAY_READ); |
1038 | } | 1040 | } |
1039 | 1041 | ||
1040 | /** | 1042 | /** |
@@ -1046,7 +1048,7 @@ static int smack_task_getsid(struct task_struct *p) | |||
1046 | */ | 1048 | */ |
1047 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) | 1049 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) |
1048 | { | 1050 | { |
1049 | *secid = smack_to_secid(p->cred->security); | 1051 | *secid = smack_to_secid(task_security(p)); |
1050 | } | 1052 | } |
1051 | 1053 | ||
1052 | /** | 1054 | /** |
@@ -1062,7 +1064,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) | |||
1062 | 1064 | ||
1063 | rc = cap_task_setnice(p, nice); | 1065 | rc = cap_task_setnice(p, nice); |
1064 | if (rc == 0) | 1066 | if (rc == 0) |
1065 | rc = smk_curacc(p->cred->security, MAY_WRITE); | 1067 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1066 | return rc; | 1068 | return rc; |
1067 | } | 1069 | } |
1068 | 1070 | ||
@@ -1079,7 +1081,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1079 | 1081 | ||
1080 | rc = cap_task_setioprio(p, ioprio); | 1082 | rc = cap_task_setioprio(p, ioprio); |
1081 | if (rc == 0) | 1083 | if (rc == 0) |
1082 | rc = smk_curacc(p->cred->security, MAY_WRITE); | 1084 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1083 | return rc; | 1085 | return rc; |
1084 | } | 1086 | } |
1085 | 1087 | ||
@@ -1091,7 +1093,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1091 | */ | 1093 | */ |
1092 | static int smack_task_getioprio(struct task_struct *p) | 1094 | static int smack_task_getioprio(struct task_struct *p) |
1093 | { | 1095 | { |
1094 | return smk_curacc(p->cred->security, MAY_READ); | 1096 | return smk_curacc(task_security(p), MAY_READ); |
1095 | } | 1097 | } |
1096 | 1098 | ||
1097 | /** | 1099 | /** |
@@ -1109,7 +1111,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1109 | 1111 | ||
1110 | rc = cap_task_setscheduler(p, policy, lp); | 1112 | rc = cap_task_setscheduler(p, policy, lp); |
1111 | if (rc == 0) | 1113 | if (rc == 0) |
1112 | rc = smk_curacc(p->cred->security, MAY_WRITE); | 1114 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1113 | return rc; | 1115 | return rc; |
1114 | } | 1116 | } |
1115 | 1117 | ||
@@ -1121,7 +1123,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1121 | */ | 1123 | */ |
1122 | static int smack_task_getscheduler(struct task_struct *p) | 1124 | static int smack_task_getscheduler(struct task_struct *p) |
1123 | { | 1125 | { |
1124 | return smk_curacc(p->cred->security, MAY_READ); | 1126 | return smk_curacc(task_security(p), MAY_READ); |
1125 | } | 1127 | } |
1126 | 1128 | ||
1127 | /** | 1129 | /** |
@@ -1132,7 +1134,7 @@ static int smack_task_getscheduler(struct task_struct *p) | |||
1132 | */ | 1134 | */ |
1133 | static int smack_task_movememory(struct task_struct *p) | 1135 | static int smack_task_movememory(struct task_struct *p) |
1134 | { | 1136 | { |
1135 | return smk_curacc(p->cred->security, MAY_WRITE); | 1137 | return smk_curacc(task_security(p), MAY_WRITE); |
1136 | } | 1138 | } |
1137 | 1139 | ||
1138 | /** | 1140 | /** |
@@ -1155,13 +1157,13 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
1155 | * can write the receiver. | 1157 | * can write the receiver. |
1156 | */ | 1158 | */ |
1157 | if (secid == 0) | 1159 | if (secid == 0) |
1158 | return smk_curacc(p->cred->security, MAY_WRITE); | 1160 | return smk_curacc(task_security(p), MAY_WRITE); |
1159 | /* | 1161 | /* |
1160 | * If the secid isn't 0 we're dealing with some USB IO | 1162 | * If the secid isn't 0 we're dealing with some USB IO |
1161 | * specific behavior. This is not clean. For one thing | 1163 | * specific behavior. This is not clean. For one thing |
1162 | * we can't take privilege into account. | 1164 | * we can't take privilege into account. |
1163 | */ | 1165 | */ |
1164 | return smk_access(smack_from_secid(secid), p->cred->security, MAY_WRITE); | 1166 | return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); |
1165 | } | 1167 | } |
1166 | 1168 | ||
1167 | /** | 1169 | /** |
@@ -1174,7 +1176,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1174 | { | 1176 | { |
1175 | int rc; | 1177 | int rc; |
1176 | 1178 | ||
1177 | rc = smk_access(current->cred->security, p->cred->security, MAY_WRITE); | 1179 | rc = smk_access(current_security(), task_security(p), MAY_WRITE); |
1178 | if (rc == 0) | 1180 | if (rc == 0) |
1179 | return 0; | 1181 | return 0; |
1180 | 1182 | ||
@@ -1205,7 +1207,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1205 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | 1207 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) |
1206 | { | 1208 | { |
1207 | struct inode_smack *isp = inode->i_security; | 1209 | struct inode_smack *isp = inode->i_security; |
1208 | isp->smk_inode = p->cred->security; | 1210 | isp->smk_inode = task_security(p); |
1209 | } | 1211 | } |
1210 | 1212 | ||
1211 | /* | 1213 | /* |
@@ -2010,7 +2012,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) | |||
2010 | if (strcmp(name, "current") != 0) | 2012 | if (strcmp(name, "current") != 0) |
2011 | return -EINVAL; | 2013 | return -EINVAL; |
2012 | 2014 | ||
2013 | cp = kstrdup(p->cred->security, GFP_KERNEL); | 2015 | cp = kstrdup(task_security(p), GFP_KERNEL); |
2014 | if (cp == NULL) | 2016 | if (cp == NULL) |
2015 | return -ENOMEM; | 2017 | return -ENOMEM; |
2016 | 2018 | ||