diff mbox

[RFC,06/10] AppArmor: Abstract the file security blob

Message ID a7c13526-e5a1-873d-4c30-fd7540000311@schaufler-ca.com (mailing list archive)
State New, archived
Headers show

Commit Message

Casey Schaufler July 11, 2016, 7:30 p.m. UTC 
Subject: [PATCH RFC 06/10] AppArmor: Abstract the file security blob

Abstract reading the file security blob.
Remove abstraction when writing the file security blob.
There is no change in the behavior of the code.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/apparmor/include/context.h | 6 ++++++
 security/apparmor/lsm.c             | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 07fb7a1..c140aad 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -24,6 +24,7 @@ 
 
 #define cred_cxt(X) apparmor_cred(X)
 #define current_cxt() cred_cxt(current_cred())
+#define file_cxt(X) apparmor_file(X)
 
 /* struct aa_file_cxt - the AppArmor context the file was opened in
  * @perms: the permission the file was opened with
@@ -91,6 +92,11 @@  static inline struct aa_task_cxt *apparmor_cred(const struct cred *cred)
 	return cred->security;
 }
 
+static inline struct aa_file_cxt *apparmor_file(const struct file *file)
+{
+	return file->f_security;
+}
+
 /**
  * aa_cred_profile - obtain cred's profiles
  * @cred: cred to obtain profiles from  (NOT NULL)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 41a0290..1bd99fa 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -321,7 +321,7 @@  static int apparmor_inode_getattr(const struct path *path)
 
 static int apparmor_file_open(struct file *file, const struct cred *cred)
 {
-	struct aa_file_cxt *fcxt = file->f_security;
+	struct aa_file_cxt *fcxt = file_cxt(file);
 	struct aa_profile *profile;
 	int error = 0;
 
@@ -364,14 +364,14 @@  static int apparmor_file_alloc_security(struct file *file)
 
 static void apparmor_file_free_security(struct file *file)
 {
-	struct aa_file_cxt *cxt = file->f_security;
+	struct aa_file_cxt *cxt = file_cxt(file);
 
 	aa_free_file_context(cxt);
 }
 
 static int common_file_perm(int op, struct file *file, u32 mask)
 {
-	struct aa_file_cxt *fcxt = file->f_security;
+	struct aa_file_cxt *fcxt = file_cxt(file);
 	struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
 	int error = 0;
 
@@ -417,7 +417,7 @@  static int common_mmap(int op, struct file *file, unsigned long prot,
 {
 	int mask = 0;
 
-	if (!file || !file->f_security)
+	if (!file || file_cxt(file) == NULL)
 		return 0;
 
 	if (prot & PROT_READ)