From d8889d49e414b371eb235c08c3a759ab3e0cfa51 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 11 Oct 2017 01:04:48 -0700 Subject: apparmor: move context.h to cred.h Now that file contexts have been moved into file, and task context fns() and data have been split from the context, only the cred context remains in context.h so rename to cred.h to better reflect what it deals with. Signed-off-by: John Johansen --- security/apparmor/apparmorfs.c | 2 +- security/apparmor/capability.c | 2 +- security/apparmor/domain.c | 2 +- security/apparmor/file.c | 2 +- security/apparmor/include/context.h | 176 ------------------------------------ security/apparmor/include/cred.h | 176 ++++++++++++++++++++++++++++++++++++ security/apparmor/ipc.c | 2 +- security/apparmor/label.c | 2 +- security/apparmor/lsm.c | 2 +- security/apparmor/mount.c | 2 +- security/apparmor/policy.c | 2 +- security/apparmor/policy_ns.c | 2 +- security/apparmor/policy_unpack.c | 2 +- security/apparmor/procattr.c | 2 +- security/apparmor/resource.c | 2 +- security/apparmor/task.c | 2 +- 16 files changed, 190 insertions(+), 190 deletions(-) delete mode 100644 security/apparmor/include/context.h create mode 100644 security/apparmor/include/cred.h (limited to 'security') diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 00fc4f9f7f14..874c1bf6b84a 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -30,7 +30,7 @@ #include "include/apparmor.h" #include "include/apparmorfs.h" #include "include/audit.h" -#include "include/context.h" +#include "include/cred.h" #include "include/crypto.h" #include "include/ipc.h" #include "include/label.h" diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 67e347192a55..253ef6e9d445 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -19,7 +19,7 @@ #include "include/apparmor.h" #include "include/capability.h" -#include "include/context.h" +#include "include/cred.h" #include "include/policy.h" #include "include/audit.h" diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 56d080a6d774..cd58eef4eb8d 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -22,7 +22,7 @@ #include "include/audit.h" #include "include/apparmorfs.h" -#include "include/context.h" +#include "include/cred.h" #include "include/domain.h" #include "include/file.h" #include "include/ipc.h" diff --git a/security/apparmor/file.c b/security/apparmor/file.c index e79bf44396a3..9a67a33904b3 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -18,7 +18,7 @@ #include "include/apparmor.h" #include "include/audit.h" -#include "include/context.h" +#include "include/cred.h" #include "include/file.h" #include "include/match.h" #include "include/path.h" diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h deleted file mode 100644 index e287b7d0d4be..000000000000 --- a/security/apparmor/include/context.h +++ /dev/null @@ -1,176 +0,0 @@ -/* - * AppArmor security module - * - * This file contains AppArmor contexts used to associate "labels" to objects. - * - * Copyright (C) 1998-2008 Novell/SUSE - * Copyright 2009-2010 Canonical Ltd. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - */ - -#ifndef __AA_CONTEXT_H -#define __AA_CONTEXT_H - -#include -#include -#include - -#include "label.h" -#include "policy_ns.h" -#include "task.h" - -#define cred_label(X) ((X)->security) - - -/** - * aa_cred_raw_label - obtain cred's label - * @cred: cred to obtain label from (NOT NULL) - * - * Returns: confining label - * - * does NOT increment reference count - */ -static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) -{ - struct aa_label *label = cred_label(cred); - - AA_BUG(!label); - return label; -} - -/** - * aa_get_newest_cred_label - obtain the newest label on a cred - * @cred: cred to obtain label from (NOT NULL) - * - * Returns: newest version of confining label - */ -static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) -{ - return aa_get_newest_label(aa_cred_raw_label(cred)); -} - -/** - * __aa_task_raw_label - retrieve another task's label - * @task: task to query (NOT NULL) - * - * Returns: @task's label without incrementing its ref count - * - * If @task != current needs to be called in RCU safe critical section - */ -static inline struct aa_label *__aa_task_raw_label(struct task_struct *task) -{ - return aa_cred_raw_label(__task_cred(task)); -} - -/** - * aa_current_raw_label - find the current tasks confining label - * - * Returns: up to date confining label or the ns unconfined label (NOT NULL) - * - * This fn will not update the tasks cred to the most up to date version - * of the label so it is safe to call when inside of locks. - */ -static inline struct aa_label *aa_current_raw_label(void) -{ - return aa_cred_raw_label(current_cred()); -} - -/** - * aa_get_current_label - get the newest version of the current tasks label - * - * Returns: newest version of confining label (NOT NULL) - * - * This fn will not update the tasks cred, so it is safe inside of locks - * - * The returned reference must be put with aa_put_label() - */ -static inline struct aa_label *aa_get_current_label(void) -{ - struct aa_label *l = aa_current_raw_label(); - - if (label_is_stale(l)) - return aa_get_newest_label(l); - return aa_get_label(l); -} - -#define __end_current_label_crit_section(X) end_current_label_crit_section(X) - -/** - * end_label_crit_section - put a reference found with begin_current_label.. - * @label: label reference to put - * - * Should only be used with a reference obtained with - * begin_current_label_crit_section and never used in situations where the - * task cred may be updated - */ -static inline void end_current_label_crit_section(struct aa_label *label) -{ - if (label != aa_current_raw_label()) - aa_put_label(label); -} - -/** - * __begin_current_label_crit_section - current's confining label - * - * Returns: up to date confining label or the ns unconfined label (NOT NULL) - * - * safe to call inside locks - * - * The returned reference must be put with __end_current_label_crit_section() - * This must NOT be used if the task cred could be updated within the - * critical section between __begin_current_label_crit_section() .. - * __end_current_label_crit_section() - */ -static inline struct aa_label *__begin_current_label_crit_section(void) -{ - struct aa_label *label = aa_current_raw_label(); - - if (label_is_stale(label)) - label = aa_get_newest_label(label); - - return label; -} - -/** - * begin_current_label_crit_section - current's confining label and update it - * - * Returns: up to date confining label or the ns unconfined label (NOT NULL) - * - * Not safe to call inside locks - * - * The returned reference must be put with end_current_label_crit_section() - * This must NOT be used if the task cred could be updated within the - * critical section between begin_current_label_crit_section() .. - * end_current_label_crit_section() - */ -static inline struct aa_label *begin_current_label_crit_section(void) -{ - struct aa_label *label = aa_current_raw_label(); - - if (label_is_stale(label)) { - label = aa_get_newest_label(label); - if (aa_replace_current_label(label) == 0) - /* task cred will keep the reference */ - aa_put_label(label); - } - - return label; -} - -static inline struct aa_ns *aa_get_current_ns(void) -{ - struct aa_label *label; - struct aa_ns *ns; - - label = __begin_current_label_crit_section(); - ns = aa_get_ns(labels_ns(label)); - __end_current_label_crit_section(label); - - return ns; -} - -#endif /* __AA_CONTEXT_H */ diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h new file mode 100644 index 000000000000..e287b7d0d4be --- /dev/null +++ b/security/apparmor/include/cred.h @@ -0,0 +1,176 @@ +/* + * AppArmor security module + * + * This file contains AppArmor contexts used to associate "labels" to objects. + * + * Copyright (C) 1998-2008 Novell/SUSE + * Copyright 2009-2010 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + */ + +#ifndef __AA_CONTEXT_H +#define __AA_CONTEXT_H + +#include +#include +#include + +#include "label.h" +#include "policy_ns.h" +#include "task.h" + +#define cred_label(X) ((X)->security) + + +/** + * aa_cred_raw_label - obtain cred's label + * @cred: cred to obtain label from (NOT NULL) + * + * Returns: confining label + * + * does NOT increment reference count + */ +static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) +{ + struct aa_label *label = cred_label(cred); + + AA_BUG(!label); + return label; +} + +/** + * aa_get_newest_cred_label - obtain the newest label on a cred + * @cred: cred to obtain label from (NOT NULL) + * + * Returns: newest version of confining label + */ +static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) +{ + return aa_get_newest_label(aa_cred_raw_label(cred)); +} + +/** + * __aa_task_raw_label - retrieve another task's label + * @task: task to query (NOT NULL) + * + * Returns: @task's label without incrementing its ref count + * + * If @task != current needs to be called in RCU safe critical section + */ +static inline struct aa_label *__aa_task_raw_label(struct task_struct *task) +{ + return aa_cred_raw_label(__task_cred(task)); +} + +/** + * aa_current_raw_label - find the current tasks confining label + * + * Returns: up to date confining label or the ns unconfined label (NOT NULL) + * + * This fn will not update the tasks cred to the most up to date version + * of the label so it is safe to call when inside of locks. + */ +static inline struct aa_label *aa_current_raw_label(void) +{ + return aa_cred_raw_label(current_cred()); +} + +/** + * aa_get_current_label - get the newest version of the current tasks label + * + * Returns: newest version of confining label (NOT NULL) + * + * This fn will not update the tasks cred, so it is safe inside of locks + * + * The returned reference must be put with aa_put_label() + */ +static inline struct aa_label *aa_get_current_label(void) +{ + struct aa_label *l = aa_current_raw_label(); + + if (label_is_stale(l)) + return aa_get_newest_label(l); + return aa_get_label(l); +} + +#define __end_current_label_crit_section(X) end_current_label_crit_section(X) + +/** + * end_label_crit_section - put a reference found with begin_current_label.. + * @label: label reference to put + * + * Should only be used with a reference obtained with + * begin_current_label_crit_section and never used in situations where the + * task cred may be updated + */ +static inline void end_current_label_crit_section(struct aa_label *label) +{ + if (label != aa_current_raw_label()) + aa_put_label(label); +} + +/** + * __begin_current_label_crit_section - current's confining label + * + * Returns: up to date confining label or the ns unconfined label (NOT NULL) + * + * safe to call inside locks + * + * The returned reference must be put with __end_current_label_crit_section() + * This must NOT be used if the task cred could be updated within the + * critical section between __begin_current_label_crit_section() .. + * __end_current_label_crit_section() + */ +static inline struct aa_label *__begin_current_label_crit_section(void) +{ + struct aa_label *label = aa_current_raw_label(); + + if (label_is_stale(label)) + label = aa_get_newest_label(label); + + return label; +} + +/** + * begin_current_label_crit_section - current's confining label and update it + * + * Returns: up to date confining label or the ns unconfined label (NOT NULL) + * + * Not safe to call inside locks + * + * The returned reference must be put with end_current_label_crit_section() + * This must NOT be used if the task cred could be updated within the + * critical section between begin_current_label_crit_section() .. + * end_current_label_crit_section() + */ +static inline struct aa_label *begin_current_label_crit_section(void) +{ + struct aa_label *label = aa_current_raw_label(); + + if (label_is_stale(label)) { + label = aa_get_newest_label(label); + if (aa_replace_current_label(label) == 0) + /* task cred will keep the reference */ + aa_put_label(label); + } + + return label; +} + +static inline struct aa_ns *aa_get_current_ns(void) +{ + struct aa_label *label; + struct aa_ns *ns; + + label = __begin_current_label_crit_section(); + ns = aa_get_ns(labels_ns(label)); + __end_current_label_crit_section(label); + + return ns; +} + +#endif /* __AA_CONTEXT_H */ diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index d7b137d4eb74..527ea1557120 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -17,7 +17,7 @@ #include "include/audit.h" #include "include/capability.h" -#include "include/context.h" +#include "include/cred.h" #include "include/policy.h" #include "include/ipc.h" #include "include/sig_names.h" diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 69c7451becef..523250e34837 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -16,7 +16,7 @@ #include #include "include/apparmor.h" -#include "include/context.h" +#include "include/cred.h" #include "include/label.h" #include "include/policy.h" #include "include/secid.h" diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7577cd982230..ef6334e11597 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -30,7 +30,7 @@ #include "include/apparmorfs.h" #include "include/audit.h" #include "include/capability.h" -#include "include/context.h" +#include "include/cred.h" #include "include/file.h" #include "include/ipc.h" #include "include/path.h" diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 8c558cbce930..6e8c7ac0b33d 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -18,7 +18,7 @@ #include "include/apparmor.h" #include "include/audit.h" -#include "include/context.h" +#include "include/cred.h" #include "include/domain.h" #include "include/file.h" #include "include/match.h" diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index a158af1f1b38..a8e096a88e62 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -82,7 +82,7 @@ #include "include/apparmor.h" #include "include/capability.h" -#include "include/context.h" +#include "include/cred.h" #include "include/file.h" #include "include/ipc.h" #include "include/match.h" diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index b1e629cba70b..b0f9dc3f765a 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -21,7 +21,7 @@ #include #include "include/apparmor.h" -#include "include/context.h" +#include "include/cred.h" #include "include/policy_ns.h" #include "include/label.h" #include "include/policy.h" diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index ece0c246cfe6..40c8dc617b13 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -23,7 +23,7 @@ #include "include/apparmor.h" #include "include/audit.h" -#include "include/context.h" +#include "include/cred.h" #include "include/crypto.h" #include "include/match.h" #include "include/path.h" diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index d81617379d63..80c34ed373c3 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -13,7 +13,7 @@ */ #include "include/apparmor.h" -#include "include/context.h" +#include "include/cred.h" #include "include/policy.h" #include "include/policy_ns.h" #include "include/domain.h" diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index cf4d234febe9..d022137143b9 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -16,7 +16,7 @@ #include #include "include/audit.h" -#include "include/context.h" +#include "include/cred.h" #include "include/resource.h" #include "include/policy.h" diff --git a/security/apparmor/task.c b/security/apparmor/task.c index 36eb8707ad89..44b9b938e06d 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -16,7 +16,7 @@ * should return to the previous cred if it has not been modified. */ -#include "include/context.h" +#include "include/cred.h" #include "include/task.h" /** -- cgit v1.2.1