diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2019-01-19 23:11:40 +0900 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2019-01-23 11:36:15 -0800 |
commit | 8c6cb983cd52d78ab4e4c0191c73a11dcb60b866 (patch) | |
tree | c79c9274855fa8dcb1a7fa0da75c710036351c25 /security/tomoyo/common.h | |
parent | 23711df7f4a268dce2adba379ad77ded8220d097 (diff) | |
download | linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.gz linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.bz2 linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.zip |
tomoyo: Swicth from cred->security to task_struct->security.
TOMOYO security module is designed to use "struct task_struct"->security
in order to allow per "struct task_struct" tracking without being disturbed
by unable to update "struct cred"->security due to override mechanism.
Now that infrastructure-managed security blob is ready, this patch updates
TOMOYO to use "struct task_struct"->security.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 45 |
1 files changed, 13 insertions, 32 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 4fc17294a12d..cfd075c92583 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -686,7 +686,7 @@ struct tomoyo_domain_info { u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; - atomic_t users; /* Number of referring credentials. */ + atomic_t users; /* Number of referring tasks. */ }; /* @@ -913,6 +913,12 @@ struct tomoyo_policy_namespace { const char *name; }; +/* Structure for "struct task_struct"->security. */ +struct tomoyo_task { + struct tomoyo_domain_info *domain_info; + struct tomoyo_domain_info *old_domain_info; +}; + /********** Function prototypes. **********/ bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, @@ -1021,6 +1027,7 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param); struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, const bool transit); +struct tomoyo_domain_info *tomoyo_domain(void); struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); @@ -1200,41 +1207,15 @@ static inline void tomoyo_put_group(struct tomoyo_group *group) } /** - * tomoyo_cred - Get a pointer to the tomoyo cred security blob - * @cred - the relevant cred - * - * Returns pointer to the tomoyo cred blob. - */ -static inline struct tomoyo_domain_info **tomoyo_cred(const struct cred *cred) -{ - return cred->security + tomoyo_blob_sizes.lbs_cred; -} - -/** - * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. + * tomoyo_task - Get "struct tomoyo_task" for specified thread. * - * Returns pointer to "struct tomoyo_domain_info" for current thread. - */ -static inline struct tomoyo_domain_info *tomoyo_domain(void) -{ - struct tomoyo_domain_info **blob = tomoyo_cred(current_cred()); - - return *blob; -} - -/** - * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread. + * @task - Pointer to "struct task_struct". * - * @task: Pointer to "struct task_struct". - * - * Returns pointer to "struct tomoyo_security" for specified thread. + * Returns pointer to "struct tomoyo_task" for specified thread. */ -static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct - *task) +static inline struct tomoyo_task *tomoyo_task(struct task_struct *task) { - struct tomoyo_domain_info **blob = tomoyo_cred(get_task_cred(task)); - - return *blob; + return task->security + tomoyo_blob_sizes.lbs_task; } /** |