apparmor: localize getting the security context to a few macros

Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>

apparmor: localize getting the security context to a few macros
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
John Johansen
1 parent 53fe8b9961
Showing 4 changed files with 24 additions and 21 deletions Side-by-side Diff
security/apparmor/context.c
security/apparmor/domain.c
security/apparmor/include/context.h
security/apparmor/lsm.c
@@ -93,7 +93,7 @@
  */
 int aa_replace_current_profile(struct aa_profile *profile)
 {
-	struct aa_task_cxt *cxt = current_cred()->security;
+	struct aa_task_cxt *cxt = current_cxt();
 	struct cred *new;
 	BUG_ON(!profile);
  
@@ -104,7 +104,7 @@
 	if (!new)
 		return -ENOMEM;
  
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (unconfined(profile) || (cxt->profile->ns != profile->ns))
 		/* if switching to unconfined or a different profile namespace
 		 * clear out context state
@@ -136,7 +136,7 @@
 	if (!new)
 		return -ENOMEM;
  
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	aa_get_profile(profile);
 	aa_put_profile(cxt->onexec);
 	cxt->onexec = profile;
@@ -163,7 +163,7 @@
 		return -ENOMEM;
 	BUG_ON(!profile);
  
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (!cxt->previous) {
 		/* transfer refcount */
 		cxt->previous = cxt->profile;
@@ -200,7 +200,7 @@
 	if (!new)
 		return -ENOMEM;
  
-	cxt = new->security;
+	cxt = cred_cxt(new);
 	if (cxt->token != token) {
 		abort_creds(new);
 		return -EACCES;
@@ -356,7 +356,7 @@
 	if (bprm->cred_prepared)
 		return 0;
  
-	cxt = bprm->cred->security;
+	cxt = cred_cxt(bprm->cred);
 	BUG_ON(!cxt);
  
 	profile = aa_get_profile(aa_newest_version(cxt->profile));
@@ -551,7 +551,7 @@
 void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 {
 	struct aa_profile *profile = __aa_current_profile();
-	struct aa_task_cxt *new_cxt = bprm->cred->security;
+	struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
  
 	/* bail out if unconfined or not changing profile */
 	if ((new_cxt->profile == profile) ||
@@ -628,7 +628,7 @@
  
 	/* released below */
 	cred = get_current_cred();
-	cxt = cred->security;
+	cxt = cred_cxt(cred);
 	profile = aa_cred_profile(cred);
 	previous_profile = cxt->previous;
  
@@ -21,6 +21,9 @@
  
 #include "policy.h"
  
+#define cred_cxt(X) (X)->security
+#define current_cxt() cred_cxt(current_cred())
+
 /* struct aa_file_cxt - the AppArmor context the file was opened in
  * @perms: the permission the file was opened with
  *
@@ -93,7 +96,7 @@
  */
 static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
 {
-	struct aa_task_cxt *cxt = cred->security;
+	struct aa_task_cxt *cxt = cred_cxt(cred);
 	BUG_ON(!cxt || !cxt->profile);
 	return aa_newest_version(cxt->profile);
 }
@@ -145,7 +148,7 @@
  */
 static inline struct aa_profile *aa_current_profile(void)
 {
-	const struct aa_task_cxt *cxt = current_cred()->security;
+	const struct aa_task_cxt *cxt = current_cxt();
 	struct aa_profile *profile;
 	BUG_ON(!cxt || !cxt->profile);
  
@@ -48,8 +48,8 @@
  */
 static void apparmor_cred_free(struct cred *cred)
 {
-	aa_free_task_context(cred->security);
-	cred->security = NULL;
+	aa_free_task_context(cred_cxt(cred));
+	cred_cxt(cred) = NULL;
 }
  
 /*
@@ -62,7 +62,7 @@
 	if (!cxt)
 		return -ENOMEM;
  
-	cred->security = cxt;
+	cred_cxt(cred) = cxt;
 	return 0;
 }
  
@@ -77,8 +77,8 @@
 	if (!cxt)
 		return -ENOMEM;
  
-	aa_dup_task_context(cxt, old->security);
-	new->security = cxt;
+	aa_dup_task_context(cxt, cred_cxt(old));
+	cred_cxt(new) = cxt;
 	return 0;
 }
  
@@ -87,8 +87,8 @@
  */
 static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
 {
-	const struct aa_task_cxt *old_cxt = old->security;
-	struct aa_task_cxt *new_cxt = new->security;
+	const struct aa_task_cxt *old_cxt = cred_cxt(old);
+	struct aa_task_cxt *new_cxt = cred_cxt(new);
  
 	aa_dup_task_context(new_cxt, old_cxt);
 }
@@ -507,7 +507,7 @@
 	int error = -ENOENT;
 	/* released below */
 	const struct cred *cred = get_task_cred(task);
-	struct aa_task_cxt *cxt = cred->security;
+	struct aa_task_cxt *cxt = cred_cxt(cred);
  
 	if (strcmp(name, "current") == 0)
 		error = aa_getprocattr(aa_newest_version(cxt->profile),
@@ -880,7 +880,7 @@
 		return -ENOMEM;
  
 	cxt->profile = aa_get_profile(root_ns->unconfined);
-	cred->security = cxt;
+	cred_cxt(cred) = cxt;
  
 	return 0;
 }
@@ -910,8 +910,8 @@
 	error = register_security(&apparmor_ops);
 	if (error) {
 		struct cred *cred = (struct cred *)current->real_cred;
-		aa_free_task_context(cred->security);
-		cred->security = NULL;
+		aa_free_task_context(cred_cxt(cred));
+		cred_cxt(cred) = NULL;
 		AA_ERROR("Unable to register AppArmor\n");
 		goto register_security_out;
 	}
...	...	@@ -93,7 +93,7 @@
93	93	*/
94	94	int aa_replace_current_profile(struct aa_profile *profile)
95	95	{
96		- struct aa_task_cxt *cxt = current_cred()->security;
	96	+ struct aa_task_cxt *cxt = current_cxt();
97	97	struct cred *new;
98	98	BUG_ON(!profile);
99	99
...	...	@@ -104,7 +104,7 @@
104	104	if (!new)
105	105	return -ENOMEM;
106	106
107		- cxt = new->security;
	107	+ cxt = cred_cxt(new);
108	108	if (unconfined(profile) \|\| (cxt->profile->ns != profile->ns))
109	109	/* if switching to unconfined or a different profile namespace
110	110	* clear out context state
...	...	@@ -136,7 +136,7 @@
136	136	if (!new)
137	137	return -ENOMEM;
138	138
139		- cxt = new->security;
	139	+ cxt = cred_cxt(new);
140	140	aa_get_profile(profile);
141	141	aa_put_profile(cxt->onexec);
142	142	cxt->onexec = profile;
...	...	@@ -163,7 +163,7 @@
163	163	return -ENOMEM;
164	164	BUG_ON(!profile);
165	165
166		- cxt = new->security;
	166	+ cxt = cred_cxt(new);
167	167	if (!cxt->previous) {
168	168	/* transfer refcount */
169	169	cxt->previous = cxt->profile;
...	...	@@ -200,7 +200,7 @@
200	200	if (!new)
201	201	return -ENOMEM;
202	202
203		- cxt = new->security;
	203	+ cxt = cred_cxt(new);
204	204	if (cxt->token != token) {
205	205	abort_creds(new);
206	206	return -EACCES;
...	...	@@ -356,7 +356,7 @@
356	356	if (bprm->cred_prepared)
357	357	return 0;
358	358
359		- cxt = bprm->cred->security;
	359	+ cxt = cred_cxt(bprm->cred);
360	360	BUG_ON(!cxt);
361	361
362	362	profile = aa_get_profile(aa_newest_version(cxt->profile));
...	...	@@ -551,7 +551,7 @@
551	551	void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
552	552	{
553	553	struct aa_profile *profile = __aa_current_profile();
554		- struct aa_task_cxt *new_cxt = bprm->cred->security;
	554	+ struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
555	555
556	556	/* bail out if unconfined or not changing profile */
557	557	if ((new_cxt->profile == profile) \|\|
...	...	@@ -628,7 +628,7 @@
628	628
629	629	/* released below */
630	630	cred = get_current_cred();
631		- cxt = cred->security;
	631	+ cxt = cred_cxt(cred);
632	632	profile = aa_cred_profile(cred);
633	633	previous_profile = cxt->previous;
634	634
...	...	@@ -21,6 +21,9 @@
21	21
22	22	#include "policy.h"
23	23
	24	+#define cred_cxt(X) (X)->security
	25	+#define current_cxt() cred_cxt(current_cred())
	26	+
24	27	/* struct aa_file_cxt - the AppArmor context the file was opened in
25	28	* @perms: the permission the file was opened with
26	29	*
...	...	@@ -93,7 +96,7 @@
93	96	*/
94	97	static inline struct aa_profile aa_cred_profile(const struct cred cred)
95	98	{
96		- struct aa_task_cxt *cxt = cred->security;
	99	+ struct aa_task_cxt *cxt = cred_cxt(cred);
97	100	BUG_ON(!cxt \|\| !cxt->profile);
98	101	return aa_newest_version(cxt->profile);
99	102	}
...	...	@@ -145,7 +148,7 @@
145	148	*/
146	149	static inline struct aa_profile *aa_current_profile(void)
147	150	{
148		- const struct aa_task_cxt *cxt = current_cred()->security;
	151	+ const struct aa_task_cxt *cxt = current_cxt();
149	152	struct aa_profile *profile;
150	153	BUG_ON(!cxt \|\| !cxt->profile);
151	154
...	...	@@ -48,8 +48,8 @@
48	48	*/
49	49	static void apparmor_cred_free(struct cred *cred)
50	50	{
51		- aa_free_task_context(cred->security);
52		- cred->security = NULL;
	51	+ aa_free_task_context(cred_cxt(cred));
	52	+ cred_cxt(cred) = NULL;
53	53	}
54	54
55	55	/*
...	...	@@ -62,7 +62,7 @@
62	62	if (!cxt)
63	63	return -ENOMEM;
64	64
65		- cred->security = cxt;
	65	+ cred_cxt(cred) = cxt;
66	66	return 0;
67	67	}
68	68
...	...	@@ -77,8 +77,8 @@
77	77	if (!cxt)
78	78	return -ENOMEM;
79	79
80		- aa_dup_task_context(cxt, old->security);
81		- new->security = cxt;
	80	+ aa_dup_task_context(cxt, cred_cxt(old));
	81	+ cred_cxt(new) = cxt;
82	82	return 0;
83	83	}
84	84
...	...	@@ -87,8 +87,8 @@
87	87	*/
88	88	static void apparmor_cred_transfer(struct cred new, const struct cred old)
89	89	{
90		- const struct aa_task_cxt *old_cxt = old->security;
91		- struct aa_task_cxt *new_cxt = new->security;
	90	+ const struct aa_task_cxt *old_cxt = cred_cxt(old);
	91	+ struct aa_task_cxt *new_cxt = cred_cxt(new);
92	92
93	93	aa_dup_task_context(new_cxt, old_cxt);
94	94	}
...	...	@@ -507,7 +507,7 @@
507	507	int error = -ENOENT;
508	508	/* released below */
509	509	const struct cred *cred = get_task_cred(task);
510		- struct aa_task_cxt *cxt = cred->security;
	510	+ struct aa_task_cxt *cxt = cred_cxt(cred);
511	511
512	512	if (strcmp(name, "current") == 0)
513	513	error = aa_getprocattr(aa_newest_version(cxt->profile),
...	...	@@ -880,7 +880,7 @@
880	880	return -ENOMEM;
881	881
882	882	cxt->profile = aa_get_profile(root_ns->unconfined);
883		- cred->security = cxt;
	883	+ cred_cxt(cred) = cxt;
884	884
885	885	return 0;
886	886	}
...	...	@@ -910,8 +910,8 @@
910	910	error = register_security(&apparmor_ops);
911	911	if (error) {
912	912	struct cred cred = (struct cred )current->real_cred;
913		- aa_free_task_context(cred->security);
914		- cred->security = NULL;
	913	+ aa_free_task_context(cred_cxt(cred));
	914	+ cred_cxt(cred) = NULL;
915	915	AA_ERROR("Unable to register AppArmor\n");
916	916	goto register_security_out;
917	917	}