summaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2018-11-12 09:38:53 -0800
committerKees Cook <keescook@chromium.org>2019-01-08 13:18:44 -0800
commitf28952ac900822a189fc383a5b73631e72c69356 (patch)
tree4daaf025cb9fa286cb5b4d76025e3e6b3f7588fa /security/smack
parentbb6c6b02ccb7d76f628c5dc6abe13f1115637cfd (diff)
downloadlwn-f28952ac900822a189fc383a5b73631e72c69356.tar.gz
lwn-f28952ac900822a189fc383a5b73631e72c69356.zip
Smack: Abstract use of file security blob
Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack.h5
-rw-r--r--security/smack/smack_lsm.c12
2 files changed, 13 insertions, 4 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index b27eb252e953..50854969a391 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred)
return cred->security + smack_blob_sizes.lbs_cred;
}
+static inline struct smack_known **smack_file(const struct file *file)
+{
+ return (struct smack_known **)&file->f_security;
+}
+
/*
* Is the directory transmuting?
*/
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index bad27a8e1631..8f72641f94ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1489,9 +1489,9 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
*/
static int smack_file_alloc_security(struct file *file)
{
- struct smack_known *skp = smk_of_current();
+ struct smack_known **blob = smack_file(file);
- file->f_security = skp;
+ *blob = smk_of_current();
return 0;
}
@@ -1731,7 +1731,9 @@ static int smack_mmap_file(struct file *file,
*/
static void smack_file_set_fowner(struct file *file)
{
- file->f_security = smk_of_current();
+ struct smack_known **blob = smack_file(file);
+
+ *blob = smk_of_current();
}
/**
@@ -1748,6 +1750,7 @@ static void smack_file_set_fowner(struct file *file)
static int smack_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int signum)
{
+ struct smack_known **blob;
struct smack_known *skp;
struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
const struct cred *tcred;
@@ -1761,7 +1764,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
file = container_of(fown, struct file, f_owner);
/* we don't log here as rc can be overriden */
- skp = file->f_security;
+ blob = smack_file(file);
+ skp = *blob;
rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);