leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apparmor: move bprm_committing_creds/committed_creds to lsm.c

Browse Source 
There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2017-06-09 05:27:50 -07:00
parent d9f02d9c23
commit fe864821d5
3 changed files with 30 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
security/apparmor/domain.c
View File

@@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
return 0; return 0;
} }
/**
* apparmor_bprm_committing_creds - do task cleanup on committing new creds
* @bprm: binprm for the exec (NOT NULL)
*/
void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
{
struct aa_profile *profile = __aa_current_profile();
struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
/* bail out if unconfined or not changing profile */
if ((new_ctx->profile == profile) ||
(unconfined(new_ctx->profile)))
return;
current->pdeath_signal = 0;
/* reset soft limits and set hard limits for the new profile */
__aa_transition_rlimits(profile, new_ctx->profile);
}
/**
* apparmor_bprm_commited_cred - do cleanup after new creds committed
* @bprm: binprm for the exec (NOT NULL)
*/
void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
{
/* TODO: cleanup signals - ipc mediation */
return;
}
/* /*
* Functions for self directed profile change * Functions for self directed profile change
*/ */

2
security/apparmor/include/domain.h
View File

@@ -25,8 +25,6 @@ struct aa_domain {
int apparmor_bprm_set_creds(struct linux_binprm *bprm); int apparmor_bprm_set_creds(struct linux_binprm *bprm);
int apparmor_bprm_secureexec(struct linux_binprm *bprm); int apparmor_bprm_secureexec(struct linux_binprm *bprm);
void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
void apparmor_bprm_committed_creds(struct linux_binprm *bprm);
void aa_free_domain_entries(struct aa_domain *domain); void aa_free_domain_entries(struct aa_domain *domain);
int aa_change_hat(const char *hats[], int count, u64 token, bool permtest); int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);

30
security/apparmor/lsm.c
View File

@@ -575,6 +575,36 @@ fail:
goto out; goto out;
} }
/**
* apparmor_bprm_committing_creds - do task cleanup on committing new creds
* @bprm: binprm for the exec (NOT NULL)
*/
static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
{
struct aa_profile *profile = __aa_current_profile();
struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
/* bail out if unconfined or not changing profile */
if ((new_ctx->profile == profile) ||
(unconfined(new_ctx->profile)))
return;
current->pdeath_signal = 0;
/* reset soft limits and set hard limits for the new profile */
__aa_transition_rlimits(profile, new_ctx->profile);
}
/**
* apparmor_bprm_committed_cred - do cleanup after new creds committed
* @bprm: binprm for the exec (NOT NULL)
*/
static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
{
/* TODO: cleanup signals - ipc mediation */
return;
}
static int apparmor_task_setrlimit(struct task_struct *task, static int apparmor_task_setrlimit(struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim) unsigned int resource, struct rlimit *new_rlim)
{ {