diff options
Diffstat (limited to 'security/apparmor/domain.c')
| -rw-r--r-- | security/apparmor/domain.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 90967de96be0..b90759a765b5 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -780,6 +780,7 @@ static struct aa_label *handle_onexec(struct aa_label *label, int apparmor_bprm_set_creds(struct linux_binprm *bprm) { struct aa_cred_ctx *ctx; + struct aa_task_ctx *tctx; struct aa_label *label, *new = NULL; struct aa_profile *profile; char *buffer = NULL; @@ -795,15 +796,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) return 0; ctx = cred_ctx(bprm->cred); + tctx = current_task_ctx(); AA_BUG(!ctx); + AA_BUG(!tctx); label = aa_get_newest_label(ctx->label); /* buffer freed below, name is pointer into buffer */ get_buffers(buffer); /* Test for onexec first as onexec override other x transitions. */ - if (ctx->onexec) - new = handle_onexec(label, ctx->onexec, ctx->token, + if (tctx->onexec) + new = handle_onexec(label, tctx->onexec, tctx->token, bprm, buffer, &cond, &unsafe); else new = fn_label_build(label, profile, GFP_ATOMIC, @@ -858,9 +861,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) ctx->label = new; done: - /* clear out temporary/transitional state from the context */ - aa_clear_cred_ctx_trans(ctx); - aa_put_label(label); put_buffers(buffer); @@ -1050,6 +1050,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags) { const struct cred *cred; struct aa_cred_ctx *ctx; + struct aa_task_ctx *tctx; struct aa_label *label, *previous, *new = NULL, *target = NULL; struct aa_profile *profile; struct aa_perms perms = {}; @@ -1070,8 +1071,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags) /* released below */ cred = get_current_cred(); ctx = cred_ctx(cred); + tctx = current_task_ctx(); label = aa_get_newest_cred_label(cred); - previous = aa_get_newest_label(ctx->previous); + previous = aa_get_newest_label(tctx->previous); if (unconfined(label)) { info = "unconfined can not change_hat"; |