summaryrefslogtreecommitdiff
path: root/security/apparmor/include
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-27 03:53:53 -0800
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 11:30:01 -0800
commitd9087c49d4388e3f35f09a5cf7ed6e09c9106604 (patch)
treecdc1032157a2cb4ceb8c8f5278f7a280acf9d463 /security/apparmor/include
parent3b529a7600d834f450ac244f43a7c082687284b4 (diff)
downloadlwn-d9087c49d4388e3f35f09a5cf7ed6e09c9106604.tar.gz
lwn-d9087c49d4388e3f35f09a5cf7ed6e09c9106604.zip
apparmor: drop cred_ctx and reference the label directly
With the task domain change information now stored in the task->security context, the cred->security context only stores the label. We can get rid of the cred_ctx and directly reference the label, removing a layer of indirection, and unneeded extra allocations. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r--security/apparmor/include/context.h24
1 files changed, 5 insertions, 19 deletions
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index c3b51d88275b..8d36c14bc76d 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -22,21 +22,11 @@
#include "label.h"
#include "policy_ns.h"
-#define cred_ctx(X) ((X)->security)
-#define current_cred_ctx() cred_ctx(current_cred())
-
#define task_ctx(X) ((X)->security)
#define current_task_ctx() (task_ctx(current))
+#define cred_label(X) ((X)->security)
-/**
- * struct aa_cred_ctx - primary label for confined tasks
- * @label: the current label (NOT NULL)
- */
-struct aa_cred_ctx {
- struct aa_label *label;
-};
-
-/**
+/*
* struct aa_task_ctx - information for current task label change
* @onexec: profile to transition to on next exec (MAY BE NULL)
* @previous: profile the task may return to (MAY BE NULL)
@@ -48,10 +38,6 @@ struct aa_task_ctx {
u64 token;
};
-struct aa_cred_ctx *aa_alloc_cred_ctx(gfp_t flags);
-void aa_free_cred_ctx(struct aa_cred_ctx *ctx);
-void aa_dup_cred_ctx(struct aa_cred_ctx *new, const struct aa_cred_ctx *old);
-
struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags);
void aa_free_task_ctx(struct aa_task_ctx *ctx);
void aa_dup_task_ctx(struct aa_task_ctx *new, const struct aa_task_ctx *old);
@@ -73,10 +59,10 @@ struct aa_label *aa_get_task_label(struct task_struct *task);
*/
static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
{
- struct aa_cred_ctx *ctx = cred_ctx(cred);
+ struct aa_label *label = cred_label(cred);
- AA_BUG(!ctx || !ctx->label);
- return ctx->label;
+ AA_BUG(!label);
+ return label;
}
/**