summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 05:27:50 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:34 -0700
commitfe864821d504f33f22b3ce2d5599ae95598db721 (patch)
tree62a2ec77f67f80f27948108de38e00837302e13c
parentd9f02d9c237aa603d781fe5165ebe383c554376d (diff)
apparmor: move bprm_committing_creds/committed_creds to lsm.c
There is no reason to have the small stubs that don't use domain private functions in domain.c, instead move them to lsm.c and make them static. Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/domain.c30
-rw-r--r--security/apparmor/include/domain.h2
-rw-r--r--security/apparmor/lsm.c30
3 files changed, 30 insertions, 32 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index a0ba33454b8c..2b1524c79fb8 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
return 0;
}
-/**
- * apparmor_bprm_committing_creds - do task cleanup on committing new creds
- * @bprm: binprm for the exec (NOT NULL)
- */
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
-{
- struct aa_profile *profile = __aa_current_profile();
- struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
-
- /* bail out if unconfined or not changing profile */
- if ((new_ctx->profile == profile) ||
- (unconfined(new_ctx->profile)))
- return;
-
- current->pdeath_signal = 0;
-
- /* reset soft limits and set hard limits for the new profile */
- __aa_transition_rlimits(profile, new_ctx->profile);
-}
-
-/**
- * apparmor_bprm_commited_cred - do cleanup after new creds committed
- * @bprm: binprm for the exec (NOT NULL)
- */
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
-{
- /* TODO: cleanup signals - ipc mediation */
- return;
-}
-
/*
* Functions for self directed profile change
*/
diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h
index 30544729878a..6587c4abb7e8 100644
--- a/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@ -25,8 +25,6 @@ struct aa_domain {
int apparmor_bprm_set_creds(struct linux_binprm *bprm);
int apparmor_bprm_secureexec(struct linux_binprm *bprm);
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm);
void aa_free_domain_entries(struct aa_domain *domain);
int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8ab00c98613f..35492008658f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -575,6 +575,36 @@ fail:
goto out;
}
+/**
+ * apparmor_bprm_committing_creds - do task cleanup on committing new creds
+ * @bprm: binprm for the exec (NOT NULL)
+ */
+static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
+{
+ struct aa_profile *profile = __aa_current_profile();
+ struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
+
+ /* bail out if unconfined or not changing profile */
+ if ((new_ctx->profile == profile) ||
+ (unconfined(new_ctx->profile)))
+ return;
+
+ current->pdeath_signal = 0;
+
+ /* reset soft limits and set hard limits for the new profile */
+ __aa_transition_rlimits(profile, new_ctx->profile);
+}
+
+/**
+ * apparmor_bprm_committed_cred - do cleanup after new creds committed
+ * @bprm: binprm for the exec (NOT NULL)
+ */
+static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
+{
+ /* TODO: cleanup signals - ipc mediation */
+ return;
+}
+
static int apparmor_task_setrlimit(struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim)
{