diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-14 10:39:18 +1100 | 
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-14 10:39:18 +1100 | 
| commit | 86a264abe542cfececb4df129bc45a0338d8cdb9 (patch) | |
| tree | 30152f04ba847f311028d5ca697f864c16c7ebb3 /security | |
| parent | f1752eec6145c97163dbce62d17cf5d928e28a27 (diff) | |
CRED: Wrap current->cred and a few other accessors
Wrap current->cred and a few other accessors to hide their actual
implementation.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 2 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 2 | ||||
| -rw-r--r-- | security/keys/request_key.c | 11 | ||||
| -rw-r--r-- | security/selinux/exports.c | 8 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 6 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 2 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 26 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 4 | 
8 files changed, 32 insertions, 29 deletions
| diff --git a/security/commoncap.c b/security/commoncap.c index fa61679f8c7..61307f59000 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice)  int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,  		   unsigned long arg4, unsigned long arg5, long *rc_p)  { -	struct cred *cred = current->cred; +	struct cred *cred = current_cred();  	long error = 0;  	switch (option) { diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b0904cdda2e..ce8ac6073d5 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial,  {  	struct request_key_auth *rka;  	struct task_struct *t = current; -	struct cred *cred = t->cred; +	struct cred *cred = current_cred();  	struct key *key;  	key_ref_t key_ref, skey_ref;  	int ret; diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 3e9b9eb1dd2..0488b0af5bd 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons,  				 void *aux)  {  	struct task_struct *tsk = current; +	const struct cred *cred = current_cred();  	key_serial_t prkey, sskey;  	struct key *key = cons->key, *authkey = cons->authkey, *keyring;  	char *argv[9], *envp[3], uid_str[12], gid_str[12]; @@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons,  		goto error_link;  	/* record the UID and GID */ -	sprintf(uid_str, "%d", current_fsuid()); -	sprintf(gid_str, "%d", current_fsgid()); +	sprintf(uid_str, "%d", cred->fsuid); +	sprintf(gid_str, "%d", cred->fsgid);  	/* we say which key is under construction */  	sprintf(key_str, "%d", key->serial);  	/* we specify the process's default keyrings */  	sprintf(keyring_str[0], "%d", -		tsk->cred->thread_keyring ? -		tsk->cred->thread_keyring->serial : 0); +		cred->thread_keyring ? +		cred->thread_keyring->serial : 0);  	prkey = 0;  	if (tsk->signal->process_keyring) @@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons,  		sskey = rcu_dereference(tsk->signal->session_keyring)->serial;  		rcu_read_unlock();  	} else { -		sskey = tsk->cred->user->session_keyring->serial; +		sskey = cred->user->session_keyring->serial;  	}  	sprintf(keyring_str[2], "%d", sskey); diff --git a/security/selinux/exports.c b/security/selinux/exports.c index cf02490cd1e..c73aeaa008e 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c @@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid);  int selinux_secmark_relabel_packet_permission(u32 sid)  {  	if (selinux_enabled) { -		struct task_security_struct *tsec = current->cred->security; +		const struct task_security_struct *__tsec; +		u32 tsid; -		return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, +		__tsec = current_security(); +		tsid = __tsec->sid; + +		return avc_has_perm(tsid, sid, SECCLASS_PACKET,  				    PACKET__RELABELTO, NULL);  	}  	return 0; diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index d7db76617b0..c0eb72013d6 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,  	struct xfrm_user_sec_ctx *uctx, u32 sid)  {  	int rc = 0; -	struct task_security_struct *tsec = current->cred->security; +	const struct task_security_struct *tsec = current_security();  	struct xfrm_sec_ctx *ctx = NULL;  	char *ctx_str = NULL;  	u32 str_len; @@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)   */  int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)  { -	struct task_security_struct *tsec = current->cred->security; +	const struct task_security_struct *tsec = current_security();  	int rc = 0;  	if (ctx) { @@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x)    */  int selinux_xfrm_state_delete(struct xfrm_state *x)  { -	struct task_security_struct *tsec = current->cred->security; +	const struct task_security_struct *tsec = current_security();  	struct xfrm_sec_ctx *ctx = x->security;  	int rc = 0; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index b6dd4fc0fb0..247cec3b5a4 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)  {  	int rc; -	rc = smk_access(current->cred->security, obj_label, mode); +	rc = smk_access(current_security(), obj_label, mode);  	if (rc == 0)  		return 0; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cc837314fb0..e8a4fcb1ad0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp)  static int smack_syslog(int type)  {  	int rc; -	char *sp = current->cred->security; +	char *sp = current_security();  	rc = cap_syslog(type);  	if (rc != 0) @@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)   */  static int smack_inode_alloc_security(struct inode *inode)  { -	inode->i_security = new_inode_smack(current->cred->security); +	inode->i_security = new_inode_smack(current_security());  	if (inode->i_security == NULL)  		return -ENOMEM;  	return 0; @@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask)   */  static int smack_file_alloc_security(struct file *file)  { -	file->f_security = current->cred->security; +	file->f_security = current_security();  	return 0;  } @@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,   */  static int smack_file_set_fowner(struct file *file)  { -	file->f_security = current->cred->security; +	file->f_security = current_security();  	return 0;  } @@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file)   */  static int smack_cred_alloc_security(struct cred *cred)  { -	cred->security = current->cred->security; - +	cred->security = current_security();  	return 0;  } @@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)   */  static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)  { -	char *csp = current->cred->security; +	char *csp = current_security();  	struct socket_smack *ssp;  	ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); @@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags)   */  static int smack_msg_msg_alloc_security(struct msg_msg *msg)  { -	msg->security = current->cred->security; +	msg->security = current_security();  	return 0;  } @@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp)  {  	struct kern_ipc_perm *isp = &shp->shm_perm; -	isp->security = current->cred->security; +	isp->security = current_security();  	return 0;  } @@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma)  {  	struct kern_ipc_perm *isp = &sma->sem_perm; -	isp->security = current->cred->security; +	isp->security = current_security();  	return 0;  } @@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq)  {  	struct kern_ipc_perm *kisp = &msq->q_perm; -	kisp->security = current->cred->security; +	kisp->security = current_security();  	return 0;  } @@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)  	struct super_block *sbp;  	struct superblock_smack *sbsp;  	struct inode_smack *isp; -	char *csp = current->cred->security; +	char *csp = current_security();  	char *fetched;  	char *final;  	struct dentry *dp; @@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)  		return;  	ssp = sk->sk_security; -	ssp->smk_in = current->cred->security; -	ssp->smk_out = current->cred->security; +	ssp->smk_in = ssp->smk_out = current_security();  	ssp->smk_packet[0] = '\0';  	rc = smack_netlabel(sk); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c5ca279e050..ca257dfdc75 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -336,7 +336,7 @@ static void smk_cipso_doi(void)  	audit_info.loginuid = audit_get_loginuid(current);  	audit_info.sessionid = audit_get_sessionid(current); -	audit_info.secid = smack_to_secid(current->cred->security); +	audit_info.secid = smack_to_secid(current_security());  	rc = netlbl_cfg_map_del(NULL, &audit_info);  	if (rc != 0) @@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient)  	audit_info.loginuid = audit_get_loginuid(current);  	audit_info.sessionid = audit_get_sessionid(current); -	audit_info.secid = smack_to_secid(current->cred->security); +	audit_info.secid = smack_to_secid(current_security());  	if (oldambient != NULL) {  		rc = netlbl_cfg_map_del(oldambient, &audit_info); | 
