diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 2 | ||||
-rw-r--r-- | security/keys/process_keys.c | 2 | ||||
-rw-r--r-- | security/keys/request_key.c | 11 | ||||
-rw-r--r-- | security/selinux/exports.c | 8 | ||||
-rw-r--r-- | security/selinux/xfrm.c | 6 | ||||
-rw-r--r-- | security/smack/smack_access.c | 2 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 26 | ||||
-rw-r--r-- | security/smack/smackfs.c | 4 |
8 files changed, 32 insertions, 29 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index fa61679f8c73..61307f590003 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
642 | unsigned long arg4, unsigned long arg5, long *rc_p) | 642 | unsigned long arg4, unsigned long arg5, long *rc_p) |
643 | { | 643 | { |
644 | struct cred *cred = current->cred; | 644 | struct cred *cred = current_cred(); |
645 | long error = 0; | 645 | long error = 0; |
646 | 646 | ||
647 | switch (option) { | 647 | switch (option) { |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b0904cdda2e7..ce8ac6073d57 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial, | |||
582 | { | 582 | { |
583 | struct request_key_auth *rka; | 583 | struct request_key_auth *rka; |
584 | struct task_struct *t = current; | 584 | struct task_struct *t = current; |
585 | struct cred *cred = t->cred; | 585 | struct cred *cred = current_cred(); |
586 | struct key *key; | 586 | struct key *key; |
587 | key_ref_t key_ref, skey_ref; | 587 | key_ref_t key_ref, skey_ref; |
588 | int ret; | 588 | int ret; |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 3e9b9eb1dd28..0488b0af5bd6 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
67 | void *aux) | 67 | void *aux) |
68 | { | 68 | { |
69 | struct task_struct *tsk = current; | 69 | struct task_struct *tsk = current; |
70 | const struct cred *cred = current_cred(); | ||
70 | key_serial_t prkey, sskey; | 71 | key_serial_t prkey, sskey; |
71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; | 72 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | 73 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
@@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
96 | goto error_link; | 97 | goto error_link; |
97 | 98 | ||
98 | /* record the UID and GID */ | 99 | /* record the UID and GID */ |
99 | sprintf(uid_str, "%d", current_fsuid()); | 100 | sprintf(uid_str, "%d", cred->fsuid); |
100 | sprintf(gid_str, "%d", current_fsgid()); | 101 | sprintf(gid_str, "%d", cred->fsgid); |
101 | 102 | ||
102 | /* we say which key is under construction */ | 103 | /* we say which key is under construction */ |
103 | sprintf(key_str, "%d", key->serial); | 104 | sprintf(key_str, "%d", key->serial); |
104 | 105 | ||
105 | /* we specify the process's default keyrings */ | 106 | /* we specify the process's default keyrings */ |
106 | sprintf(keyring_str[0], "%d", | 107 | sprintf(keyring_str[0], "%d", |
107 | tsk->cred->thread_keyring ? | 108 | cred->thread_keyring ? |
108 | tsk->cred->thread_keyring->serial : 0); | 109 | cred->thread_keyring->serial : 0); |
109 | 110 | ||
110 | prkey = 0; | 111 | prkey = 0; |
111 | if (tsk->signal->process_keyring) | 112 | if (tsk->signal->process_keyring) |
@@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
118 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | 119 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; |
119 | rcu_read_unlock(); | 120 | rcu_read_unlock(); |
120 | } else { | 121 | } else { |
121 | sskey = tsk->cred->user->session_keyring->serial; | 122 | sskey = cred->user->session_keyring->serial; |
122 | } | 123 | } |
123 | 124 | ||
124 | sprintf(keyring_str[2], "%d", sskey); | 125 | sprintf(keyring_str[2], "%d", sskey); |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index cf02490cd1eb..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
40 | { | 40 | { |
41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
42 | struct task_security_struct *tsec = current->cred->security; | 42 | const struct task_security_struct *__tsec; |
43 | u32 tsid; | ||
43 | 44 | ||
44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
46 | } | 50 | } |
47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index d7db76617b0e..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
198 | { | 198 | { |
199 | int rc = 0; | 199 | int rc = 0; |
200 | struct task_security_struct *tsec = current->cred->security; | 200 | const struct task_security_struct *tsec = current_security(); |
201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
203 | u32 str_len; | 203 | u32 str_len; |
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
333 | */ | 333 | */ |
334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
335 | { | 335 | { |
336 | struct task_security_struct *tsec = current->cred->security; | 336 | const struct task_security_struct *tsec = current_security(); |
337 | int rc = 0; | 337 | int rc = 0; |
338 | 338 | ||
339 | if (ctx) { | 339 | if (ctx) { |
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
378 | */ | 378 | */ |
379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
380 | { | 380 | { |
381 | struct task_security_struct *tsec = current->cred->security; | 381 | const struct task_security_struct *tsec = current_security(); |
382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
383 | int rc = 0; | 383 | int rc = 0; |
384 | 384 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index b6dd4fc0fb0b..247cec3b5a43 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
164 | { | 164 | { |
165 | int rc; | 165 | int rc; |
166 | 166 | ||
167 | rc = smk_access(current->cred->security, obj_label, mode); | 167 | rc = smk_access(current_security(), obj_label, mode); |
168 | if (rc == 0) | 168 | if (rc == 0) |
169 | return 0; | 169 | return 0; |
170 | 170 | ||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cc837314fb0e..e8a4fcb1ad04 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
143 | static int smack_syslog(int type) | 143 | static int smack_syslog(int type) |
144 | { | 144 | { |
145 | int rc; | 145 | int rc; |
146 | char *sp = current->cred->security; | 146 | char *sp = current_security(); |
147 | 147 | ||
148 | rc = cap_syslog(type); | 148 | rc = cap_syslog(type); |
149 | if (rc != 0) | 149 | if (rc != 0) |
@@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
375 | */ | 375 | */ |
376 | static int smack_inode_alloc_security(struct inode *inode) | 376 | static int smack_inode_alloc_security(struct inode *inode) |
377 | { | 377 | { |
378 | inode->i_security = new_inode_smack(current->cred->security); | 378 | inode->i_security = new_inode_smack(current_security()); |
379 | if (inode->i_security == NULL) | 379 | if (inode->i_security == NULL) |
380 | return -ENOMEM; | 380 | return -ENOMEM; |
381 | return 0; | 381 | return 0; |
@@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask) | |||
820 | */ | 820 | */ |
821 | static int smack_file_alloc_security(struct file *file) | 821 | static int smack_file_alloc_security(struct file *file) |
822 | { | 822 | { |
823 | file->f_security = current->cred->security; | 823 | file->f_security = current_security(); |
824 | return 0; | 824 | return 0; |
825 | } | 825 | } |
826 | 826 | ||
@@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
918 | */ | 918 | */ |
919 | static int smack_file_set_fowner(struct file *file) | 919 | static int smack_file_set_fowner(struct file *file) |
920 | { | 920 | { |
921 | file->f_security = current->cred->security; | 921 | file->f_security = current_security(); |
922 | return 0; | 922 | return 0; |
923 | } | 923 | } |
924 | 924 | ||
@@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file) | |||
986 | */ | 986 | */ |
987 | static int smack_cred_alloc_security(struct cred *cred) | 987 | static int smack_cred_alloc_security(struct cred *cred) |
988 | { | 988 | { |
989 | cred->security = current->cred->security; | 989 | cred->security = current_security(); |
990 | |||
991 | return 0; | 990 | return 0; |
992 | } | 991 | } |
993 | 992 | ||
@@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
1225 | */ | 1224 | */ |
1226 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1225 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
1227 | { | 1226 | { |
1228 | char *csp = current->cred->security; | 1227 | char *csp = current_security(); |
1229 | struct socket_smack *ssp; | 1228 | struct socket_smack *ssp; |
1230 | 1229 | ||
1231 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1230 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
@@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags) | |||
1450 | */ | 1449 | */ |
1451 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 1450 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
1452 | { | 1451 | { |
1453 | msg->security = current->cred->security; | 1452 | msg->security = current_security(); |
1454 | return 0; | 1453 | return 0; |
1455 | } | 1454 | } |
1456 | 1455 | ||
@@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp) | |||
1486 | { | 1485 | { |
1487 | struct kern_ipc_perm *isp = &shp->shm_perm; | 1486 | struct kern_ipc_perm *isp = &shp->shm_perm; |
1488 | 1487 | ||
1489 | isp->security = current->cred->security; | 1488 | isp->security = current_security(); |
1490 | return 0; | 1489 | return 0; |
1491 | } | 1490 | } |
1492 | 1491 | ||
@@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma) | |||
1595 | { | 1594 | { |
1596 | struct kern_ipc_perm *isp = &sma->sem_perm; | 1595 | struct kern_ipc_perm *isp = &sma->sem_perm; |
1597 | 1596 | ||
1598 | isp->security = current->cred->security; | 1597 | isp->security = current_security(); |
1599 | return 0; | 1598 | return 0; |
1600 | } | 1599 | } |
1601 | 1600 | ||
@@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq) | |||
1699 | { | 1698 | { |
1700 | struct kern_ipc_perm *kisp = &msq->q_perm; | 1699 | struct kern_ipc_perm *kisp = &msq->q_perm; |
1701 | 1700 | ||
1702 | kisp->security = current->cred->security; | 1701 | kisp->security = current_security(); |
1703 | return 0; | 1702 | return 0; |
1704 | } | 1703 | } |
1705 | 1704 | ||
@@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
1854 | struct super_block *sbp; | 1853 | struct super_block *sbp; |
1855 | struct superblock_smack *sbsp; | 1854 | struct superblock_smack *sbsp; |
1856 | struct inode_smack *isp; | 1855 | struct inode_smack *isp; |
1857 | char *csp = current->cred->security; | 1856 | char *csp = current_security(); |
1858 | char *fetched; | 1857 | char *fetched; |
1859 | char *final; | 1858 | char *final; |
1860 | struct dentry *dp; | 1859 | struct dentry *dp; |
@@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
2290 | return; | 2289 | return; |
2291 | 2290 | ||
2292 | ssp = sk->sk_security; | 2291 | ssp = sk->sk_security; |
2293 | ssp->smk_in = current->cred->security; | 2292 | ssp->smk_in = ssp->smk_out = current_security(); |
2294 | ssp->smk_out = current->cred->security; | ||
2295 | ssp->smk_packet[0] = '\0'; | 2293 | ssp->smk_packet[0] = '\0'; |
2296 | 2294 | ||
2297 | rc = smack_netlabel(sk); | 2295 | rc = smack_netlabel(sk); |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c5ca279e0506..ca257dfdc75d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void) | |||
336 | 336 | ||
337 | audit_info.loginuid = audit_get_loginuid(current); | 337 | audit_info.loginuid = audit_get_loginuid(current); |
338 | audit_info.sessionid = audit_get_sessionid(current); | 338 | audit_info.sessionid = audit_get_sessionid(current); |
339 | audit_info.secid = smack_to_secid(current->cred->security); | 339 | audit_info.secid = smack_to_secid(current_security()); |
340 | 340 | ||
341 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
342 | if (rc != 0) | 342 | if (rc != 0) |
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient) | |||
371 | 371 | ||
372 | audit_info.loginuid = audit_get_loginuid(current); | 372 | audit_info.loginuid = audit_get_loginuid(current); |
373 | audit_info.sessionid = audit_get_sessionid(current); | 373 | audit_info.sessionid = audit_get_sessionid(current); |
374 | audit_info.secid = smack_to_secid(current->cred->security); | 374 | audit_info.secid = smack_to_secid(current_security()); |
375 | 375 | ||
376 | if (oldambient != NULL) { | 376 | if (oldambient != NULL) { |
377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); |