xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apparmor: use common fn to clear task_context for domain transitions

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
John Johansen
2013-02-18 16:05:34 -08:00
parent 0ca554b9fc
commit 7a2871b566
3 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
security/apparmor/context.c
View File

@@ -105,16 +105,12 @@ int aa_replace_current_profile(struct aa_profile *profile)
return -ENOMEM; return -ENOMEM;
cxt = new->security; cxt = new->security;
if (unconfined(profile) || (cxt->profile->ns != profile->ns)) { if (unconfined(profile) || (cxt->profile->ns != profile->ns))
/* if switching to unconfined or a different profile namespace /* if switching to unconfined or a different profile namespace
* clear out context state * clear out context state
*/ */
aa_put_profile(cxt->previous); aa_clear_task_cxt_trans(cxt);
aa_put_profile(cxt->onexec);
cxt->previous = NULL;
cxt->onexec = NULL;
cxt->token = 0;
}
/* be careful switching cxt->profile, when racing replacement it /* be careful switching cxt->profile, when racing replacement it
* is possible that cxt->profile->replacedby is the reference keeping * is possible that cxt->profile->replacedby is the reference keeping
* @profile valid, so make sure to get its reference before dropping * @profile valid, so make sure to get its reference before dropping
@@ -222,11 +218,10 @@ int aa_restore_previous_profile(u64 token)
aa_get_profile(cxt->profile); aa_get_profile(cxt->profile);
aa_put_profile(cxt->previous); aa_put_profile(cxt->previous);
} }
/* clear exec && prev information when restoring to previous context */ /* ref has been transfered so avoid putting ref in clear_task_cxt */
cxt->previous = NULL; cxt->previous = NULL;
cxt->token = 0; /* clear exec && prev information when restoring to previous context */
aa_put_profile(cxt->onexec); aa_clear_task_cxt_trans(cxt);
cxt->onexec = NULL;
commit_creds(new); commit_creds(new);
return 0; return 0;

6
security/apparmor/domain.c
View File

@@ -512,11 +512,7 @@ x_clear:
cxt->profile = new_profile; cxt->profile = new_profile;
/* clear out all temporary/transitional state from the context */ /* clear out all temporary/transitional state from the context */
aa_put_profile(cxt->previous); aa_clear_task_cxt_trans(cxt);
aa_put_profile(cxt->onexec);
cxt->previous = NULL;
cxt->onexec = NULL;
cxt->token = 0;
audit: audit:
error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC, error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,

13
security/apparmor/include/context.h
View File

@@ -160,4 +160,17 @@ static inline struct aa_profile *aa_current_profile(void)
return profile; return profile;
} }
/**
* aa_clear_task_cxt_trans - clear transition tracking info from the cxt
* @cxt: task context to clear (NOT NULL)
*/
static inline void aa_clear_task_cxt_trans(struct aa_task_cxt *cxt)
{
aa_put_profile(cxt->previous);
aa_put_profile(cxt->onexec);
cxt->previous = NULL;
cxt->onexec = NULL;
cxt->token = 0;
}
#endif /* __AA_CONTEXT_H */ #endif /* __AA_CONTEXT_H */