aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c2
-rw-r--r--security/keys/process_keys.c2
-rw-r--r--security/keys/request_key.c11
-rw-r--r--security/selinux/exports.c8
-rw-r--r--security/selinux/xfrm.c6
-rw-r--r--security/smack/smack_access.c2
-rw-r--r--security/smack/smack_lsm.c26
-rw-r--r--security/smack/smackfs.c4
8 files changed, 32 insertions, 29 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index fa61679f8c73..61307f590003 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice)
641int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 641int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
642 unsigned long arg4, unsigned long arg5, long *rc_p) 642 unsigned long arg4, unsigned long arg5, long *rc_p)
643{ 643{
644 struct cred *cred = current->cred; 644 struct cred *cred = current_cred();
645 long error = 0; 645 long error = 0;
646 646
647 switch (option) { 647 switch (option) {
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b0904cdda2e7..ce8ac6073d57 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
582{ 582{
583 struct request_key_auth *rka; 583 struct request_key_auth *rka;
584 struct task_struct *t = current; 584 struct task_struct *t = current;
585 struct cred *cred = t->cred; 585 struct cred *cred = current_cred();
586 struct key *key; 586 struct key *key;
587 key_ref_t key_ref, skey_ref; 587 key_ref_t key_ref, skey_ref;
588 int ret; 588 int ret;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 3e9b9eb1dd28..0488b0af5bd6 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons,
67 void *aux) 67 void *aux)
68{ 68{
69 struct task_struct *tsk = current; 69 struct task_struct *tsk = current;
70 const struct cred *cred = current_cred();
70 key_serial_t prkey, sskey; 71 key_serial_t prkey, sskey;
71 struct key *key = cons->key, *authkey = cons->authkey, *keyring; 72 struct key *key = cons->key, *authkey = cons->authkey, *keyring;
72 char *argv[9], *envp[3], uid_str[12], gid_str[12]; 73 char *argv[9], *envp[3], uid_str[12], gid_str[12];
@@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons,
96 goto error_link; 97 goto error_link;
97 98
98 /* record the UID and GID */ 99 /* record the UID and GID */
99 sprintf(uid_str, "%d", current_fsuid()); 100 sprintf(uid_str, "%d", cred->fsuid);
100 sprintf(gid_str, "%d", current_fsgid()); 101 sprintf(gid_str, "%d", cred->fsgid);
101 102
102 /* we say which key is under construction */ 103 /* we say which key is under construction */
103 sprintf(key_str, "%d", key->serial); 104 sprintf(key_str, "%d", key->serial);
104 105
105 /* we specify the process's default keyrings */ 106 /* we specify the process's default keyrings */
106 sprintf(keyring_str[0], "%d", 107 sprintf(keyring_str[0], "%d",
107 tsk->cred->thread_keyring ? 108 cred->thread_keyring ?
108 tsk->cred->thread_keyring->serial : 0); 109 cred->thread_keyring->serial : 0);
109 110
110 prkey = 0; 111 prkey = 0;
111 if (tsk->signal->process_keyring) 112 if (tsk->signal->process_keyring)
@@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons,
118 sskey = rcu_dereference(tsk->signal->session_keyring)->serial; 119 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
119 rcu_read_unlock(); 120 rcu_read_unlock();
120 } else { 121 } else {
121 sskey = tsk->cred->user->session_keyring->serial; 122 sskey = cred->user->session_keyring->serial;
122 } 123 }
123 124
124 sprintf(keyring_str[2], "%d", sskey); 125 sprintf(keyring_str[2], "%d", sskey);
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index cf02490cd1eb..c73aeaa008e8 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid);
39int selinux_secmark_relabel_packet_permission(u32 sid) 39int selinux_secmark_relabel_packet_permission(u32 sid)
40{ 40{
41 if (selinux_enabled) { 41 if (selinux_enabled) {
42 struct task_security_struct *tsec = current->cred->security; 42 const struct task_security_struct *__tsec;
43 u32 tsid;
43 44
44 return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, 45 __tsec = current_security();
46 tsid = __tsec->sid;
47
48 return avc_has_perm(tsid, sid, SECCLASS_PACKET,
45 PACKET__RELABELTO, NULL); 49 PACKET__RELABELTO, NULL);
46 } 50 }
47 return 0; 51 return 0;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index d7db76617b0e..c0eb72013d67 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
197 struct xfrm_user_sec_ctx *uctx, u32 sid) 197 struct xfrm_user_sec_ctx *uctx, u32 sid)
198{ 198{
199 int rc = 0; 199 int rc = 0;
200 struct task_security_struct *tsec = current->cred->security; 200 const struct task_security_struct *tsec = current_security();
201 struct xfrm_sec_ctx *ctx = NULL; 201 struct xfrm_sec_ctx *ctx = NULL;
202 char *ctx_str = NULL; 202 char *ctx_str = NULL;
203 u32 str_len; 203 u32 str_len;
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
333 */ 333 */
334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
335{ 335{
336 struct task_security_struct *tsec = current->cred->security; 336 const struct task_security_struct *tsec = current_security();
337 int rc = 0; 337 int rc = 0;
338 338
339 if (ctx) { 339 if (ctx) {
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x)
378 */ 378 */
379int selinux_xfrm_state_delete(struct xfrm_state *x) 379int selinux_xfrm_state_delete(struct xfrm_state *x)
380{ 380{
381 struct task_security_struct *tsec = current->cred->security; 381 const struct task_security_struct *tsec = current_security();
382 struct xfrm_sec_ctx *ctx = x->security; 382 struct xfrm_sec_ctx *ctx = x->security;
383 int rc = 0; 383 int rc = 0;
384 384
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index b6dd4fc0fb0b..247cec3b5a43 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)
164{ 164{
165 int rc; 165 int rc;
166 166
167 rc = smk_access(current->cred->security, obj_label, mode); 167 rc = smk_access(current_security(), obj_label, mode);
168 if (rc == 0) 168 if (rc == 0)
169 return 0; 169 return 0;
170 170
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cc837314fb0e..e8a4fcb1ad04 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
143static int smack_syslog(int type) 143static int smack_syslog(int type)
144{ 144{
145 int rc; 145 int rc;
146 char *sp = current->cred->security; 146 char *sp = current_security();
147 147
148 rc = cap_syslog(type); 148 rc = cap_syslog(type);
149 if (rc != 0) 149 if (rc != 0)
@@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
375 */ 375 */
376static int smack_inode_alloc_security(struct inode *inode) 376static int smack_inode_alloc_security(struct inode *inode)
377{ 377{
378 inode->i_security = new_inode_smack(current->cred->security); 378 inode->i_security = new_inode_smack(current_security());
379 if (inode->i_security == NULL) 379 if (inode->i_security == NULL)
380 return -ENOMEM; 380 return -ENOMEM;
381 return 0; 381 return 0;
@@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask)
820 */ 820 */
821static int smack_file_alloc_security(struct file *file) 821static int smack_file_alloc_security(struct file *file)
822{ 822{
823 file->f_security = current->cred->security; 823 file->f_security = current_security();
824 return 0; 824 return 0;
825} 825}
826 826
@@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
918 */ 918 */
919static int smack_file_set_fowner(struct file *file) 919static int smack_file_set_fowner(struct file *file)
920{ 920{
921 file->f_security = current->cred->security; 921 file->f_security = current_security();
922 return 0; 922 return 0;
923} 923}
924 924
@@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file)
986 */ 986 */
987static int smack_cred_alloc_security(struct cred *cred) 987static int smack_cred_alloc_security(struct cred *cred)
988{ 988{
989 cred->security = current->cred->security; 989 cred->security = current_security();
990
991 return 0; 990 return 0;
992} 991}
993 992
@@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1225 */ 1224 */
1226static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1225static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1227{ 1226{
1228 char *csp = current->cred->security; 1227 char *csp = current_security();
1229 struct socket_smack *ssp; 1228 struct socket_smack *ssp;
1230 1229
1231 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1230 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
@@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags)
1450 */ 1449 */
1451static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1450static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1452{ 1451{
1453 msg->security = current->cred->security; 1452 msg->security = current_security();
1454 return 0; 1453 return 0;
1455} 1454}
1456 1455
@@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp)
1486{ 1485{
1487 struct kern_ipc_perm *isp = &shp->shm_perm; 1486 struct kern_ipc_perm *isp = &shp->shm_perm;
1488 1487
1489 isp->security = current->cred->security; 1488 isp->security = current_security();
1490 return 0; 1489 return 0;
1491} 1490}
1492 1491
@@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma)
1595{ 1594{
1596 struct kern_ipc_perm *isp = &sma->sem_perm; 1595 struct kern_ipc_perm *isp = &sma->sem_perm;
1597 1596
1598 isp->security = current->cred->security; 1597 isp->security = current_security();
1599 return 0; 1598 return 0;
1600} 1599}
1601 1600
@@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq)
1699{ 1698{
1700 struct kern_ipc_perm *kisp = &msq->q_perm; 1699 struct kern_ipc_perm *kisp = &msq->q_perm;
1701 1700
1702 kisp->security = current->cred->security; 1701 kisp->security = current_security();
1703 return 0; 1702 return 0;
1704} 1703}
1705 1704
@@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
1854 struct super_block *sbp; 1853 struct super_block *sbp;
1855 struct superblock_smack *sbsp; 1854 struct superblock_smack *sbsp;
1856 struct inode_smack *isp; 1855 struct inode_smack *isp;
1857 char *csp = current->cred->security; 1856 char *csp = current_security();
1858 char *fetched; 1857 char *fetched;
1859 char *final; 1858 char *final;
1860 struct dentry *dp; 1859 struct dentry *dp;
@@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)
2290 return; 2289 return;
2291 2290
2292 ssp = sk->sk_security; 2291 ssp = sk->sk_security;
2293 ssp->smk_in = current->cred->security; 2292 ssp->smk_in = ssp->smk_out = current_security();
2294 ssp->smk_out = current->cred->security;
2295 ssp->smk_packet[0] = '\0'; 2293 ssp->smk_packet[0] = '\0';
2296 2294
2297 rc = smack_netlabel(sk); 2295 rc = smack_netlabel(sk);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c5ca279e0506..ca257dfdc75d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void)
336 336
337 audit_info.loginuid = audit_get_loginuid(current); 337 audit_info.loginuid = audit_get_loginuid(current);
338 audit_info.sessionid = audit_get_sessionid(current); 338 audit_info.sessionid = audit_get_sessionid(current);
339 audit_info.secid = smack_to_secid(current->cred->security); 339 audit_info.secid = smack_to_secid(current_security());
340 340
341 rc = netlbl_cfg_map_del(NULL, &audit_info); 341 rc = netlbl_cfg_map_del(NULL, &audit_info);
342 if (rc != 0) 342 if (rc != 0)
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient)
371 371
372 audit_info.loginuid = audit_get_loginuid(current); 372 audit_info.loginuid = audit_get_loginuid(current);
373 audit_info.sessionid = audit_get_sessionid(current); 373 audit_info.sessionid = audit_get_sessionid(current);
374 audit_info.secid = smack_to_secid(current->cred->security); 374 audit_info.secid = smack_to_secid(current_security());
375 375
376 if (oldambient != NULL) { 376 if (oldambient != NULL) {
377 rc = netlbl_cfg_map_del(oldambient, &audit_info); 377 rc = netlbl_cfg_map_del(oldambient, &audit_info);