From 169ce0c081cd85f78388bb6c1638c1ad7b81bde7 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 4 Sep 2019 10:32:48 -0400 Subject: selinux: fix residual uses of current_security() for the SELinux blob We need to use selinux_cred() to fetch the SELinux cred blob instead of directly using current->security or current_security(). There were a couple of lingering uses of current_security() in the SELinux code that were apparently missed during the earlier conversions. IIUC, this would only manifest as a bug if multiple security modules including SELinux are enabled and SELinux is not first in the lsm order. After this change, there appear to be no other users of current_security() in-tree; perhaps we should remove it altogether. Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob") Signed-off-by: Stephen Smalley Acked-by: Casey Schaufler Reviewed-by: James Morris Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d55571c585ff..f1b763eceef9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3435,7 +3435,7 @@ static int selinux_inode_copy_up_xattr(const char *name) static int selinux_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 parent_sid, newsid, clen; int rc; char *context; -- cgit v1.2.3