xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TOMOYO: Abstract use of cred security blob

Browse Source 
Don't use the cred->security pointer directly.
Provide helper functions that provide the security blob pointer.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Casey Schaufler
2018-09-21 17:18:07 -07:00
committed by Kees Cook
parent 69b5a44a95
commit 43fc460907
4 changed files with 64 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
security/tomoyo/common.h
View File

@@ -29,6 +29,7 @@
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/un.h>
#include <linux/lsm_hooks.h>
#include <net/sock.h>
#include <net/af_unix.h>
#include <net/ip.h>
@@ -1062,6 +1063,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
/********** External variable definitions. **********/
extern bool tomoyo_policy_loaded;
extern int tomoyo_enabled;
extern const char * const tomoyo_condition_keyword
[TOMOYO_MAX_CONDITION_KEYWORD];
extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
@@ -1196,6 +1198,17 @@ static inline void tomoyo_put_group(struct tomoyo_group *group)
atomic_dec(&group->head.users);
}
/**
* tomoyo_cred - Get a pointer to the tomoyo cred security blob
* @cred - the relevant cred
*
* Returns pointer to the tomoyo cred blob.
*/
static inline struct tomoyo_domain_info **tomoyo_cred(const struct cred *cred)
{
return (struct tomoyo_domain_info **)&cred->security;
}
/**
* tomoyo_domain - Get "struct tomoyo_domain_info" for current thread.
*
@@ -1203,7 +1216,9 @@ static inline void tomoyo_put_group(struct tomoyo_group *group)
*/
static inline struct tomoyo_domain_info *tomoyo_domain(void)
{
return current_cred()->security;
struct tomoyo_domain_info **blob = tomoyo_cred(current_cred());
return *blob;
}
/**
@@ -1216,7 +1231,9 @@ static inline struct tomoyo_domain_info *tomoyo_domain(void)
static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
*task)
{
return task_cred_xxx(task, security);
struct tomoyo_domain_info **blob = tomoyo_cred(get_task_cred(task));
return *blob;
}
/**