summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2019-01-19 23:11:40 +0900
committerJames Morris <james.morris@microsoft.com>2019-01-23 11:36:15 -0800
commit8c6cb983cd52d78ab4e4c0191c73a11dcb60b866 (patch)
treec79c9274855fa8dcb1a7fa0da75c710036351c25 /security/tomoyo/domain.c
parent23711df7f4a268dce2adba379ad77ded8220d097 (diff)
downloadlinux-stable-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.gz
linux-stable-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.bz2
linux-stable-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.zip
tomoyo: Swicth from cred->security to task_struct->security.
TOMOYO security module is designed to use "struct task_struct"->security in order to allow per "struct task_struct" tracking without being disturbed by unable to update "struct cred"->security due to override mechanism. Now that infrastructure-managed security blob is ready, this patch updates TOMOYO to use "struct task_struct"->security. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index b7469fdbff01..39abf3ae6168 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -678,7 +678,6 @@ out:
*/
int tomoyo_find_next_domain(struct linux_binprm *bprm)
{
- struct tomoyo_domain_info **blob;
struct tomoyo_domain_info *old_domain = tomoyo_domain();
struct tomoyo_domain_info *domain = NULL;
const char *original_name = bprm->filename;
@@ -843,9 +842,13 @@ force_jump_domain:
if (!domain)
domain = old_domain;
/* Update reference count on "struct tomoyo_domain_info". */
- atomic_inc(&domain->users);
- blob = tomoyo_cred(bprm->cred);
- *blob = domain;
+ {
+ struct tomoyo_task *s = tomoyo_task(current);
+
+ s->old_domain_info = s->domain_info;
+ s->domain_info = domain;
+ atomic_inc(&domain->users);
+ }
kfree(exename.name);
if (!retval) {
ee->r.domain = domain;