diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2018-11-12 09:38:53 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2019-01-08 13:18:44 -0800 |
commit | f28952ac900822a189fc383a5b73631e72c69356 (patch) | |
tree | 4daaf025cb9fa286cb5b4d76025e3e6b3f7588fa /security/smack | |
parent | bb6c6b02ccb7d76f628c5dc6abe13f1115637cfd (diff) | |
download | lwn-f28952ac900822a189fc383a5b73631e72c69356.tar.gz lwn-f28952ac900822a189fc383a5b73631e72c69356.zip |
Smack: Abstract use of file security blob
Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack.h | 5 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 12 |
2 files changed, 13 insertions, 4 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index b27eb252e953..50854969a391 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred) return cred->security + smack_blob_sizes.lbs_cred; } +static inline struct smack_known **smack_file(const struct file *file) +{ + return (struct smack_known **)&file->f_security; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index bad27a8e1631..8f72641f94ab 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1489,9 +1489,9 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) */ static int smack_file_alloc_security(struct file *file) { - struct smack_known *skp = smk_of_current(); + struct smack_known **blob = smack_file(file); - file->f_security = skp; + *blob = smk_of_current(); return 0; } @@ -1731,7 +1731,9 @@ static int smack_mmap_file(struct file *file, */ static void smack_file_set_fowner(struct file *file) { - file->f_security = smk_of_current(); + struct smack_known **blob = smack_file(file); + + *blob = smk_of_current(); } /** @@ -1748,6 +1750,7 @@ static void smack_file_set_fowner(struct file *file) static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { + struct smack_known **blob; struct smack_known *skp; struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); const struct cred *tcred; @@ -1761,7 +1764,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, file = container_of(fown, struct file, f_owner); /* we don't log here as rc can be overriden */ - skp = file->f_security; + blob = smack_file(file); + skp = *blob; rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); |