Google Git
Sign in
gem5/arm/linux/7a2871b566f34d980556072943295efd107eb53c^!/.
commit
7a2871b566f34d980556072943295efd107eb53c
[log]
author
John Johansen <john.johansen@canonical.com>
Mon Feb 18 16:05:34 2013 -0800
committer
John Johansen <john.johansen@canonical.com>
Sun Apr 28 00:36:20 2013 -0700
tree
7f991bd472872e62780ba9119d8e3a3784008dfc
parent
0ca554b9fca425eb58325a36290deef698cef34b [diff]
apparmor: use common fn to clear task_context for domain transitions

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>

diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 611e6ce..3f911af 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c

@@ -105,16 +105,12 @@
 		return -ENOMEM;
 
 	cxt = new->security;
-	if (unconfined(profile) || (cxt->profile->ns != profile->ns)) {
+	if (unconfined(profile) || (cxt->profile->ns != profile->ns))
 		/* if switching to unconfined or a different profile namespace
 		 * clear out context state
 		 */
-		aa_put_profile(cxt->previous);
-		aa_put_profile(cxt->onexec);
-		cxt->previous = NULL;
-		cxt->onexec = NULL;
-		cxt->token = 0;
-	}
+		aa_clear_task_cxt_trans(cxt);
+
 	/* be careful switching cxt->profile, when racing replacement it
 	 * is possible that cxt->profile->replacedby is the reference keeping
 	 * @profile valid, so make sure to get its reference before dropping
@@ -222,11 +218,10 @@
 		aa_get_profile(cxt->profile);
 		aa_put_profile(cxt->previous);
 	}
-	/* clear exec && prev information when restoring to previous context */
+	/* ref has been transfered so avoid putting ref in clear_task_cxt */
 	cxt->previous = NULL;
-	cxt->token = 0;
-	aa_put_profile(cxt->onexec);
-	cxt->onexec = NULL;
+	/* clear exec && prev information when restoring to previous context */
+	aa_clear_task_cxt_trans(cxt);
 
 	commit_creds(new);
 	return 0;

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index fb47d5b..07fcb09 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c

@@ -512,11 +512,7 @@
 	cxt->profile = new_profile;
 
 	/* clear out all temporary/transitional state from the context */
-	aa_put_profile(cxt->previous);
-	aa_put_profile(cxt->onexec);
-	cxt->previous = NULL;
-	cxt->onexec = NULL;
-	cxt->token = 0;
+	aa_clear_task_cxt_trans(cxt);
 
 audit:
 	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,

diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 1e9443a..4cecad3 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h

@@ -160,4 +160,17 @@
 	return profile;
 }
 
+/**
+ * aa_clear_task_cxt_trans - clear transition tracking info from the cxt
+ * @cxt: task context to clear (NOT NULL)
+ */
+static inline void aa_clear_task_cxt_trans(struct aa_task_cxt *cxt)
+{
+	aa_put_profile(cxt->previous);
+	aa_put_profile(cxt->onexec);
+	cxt->previous = NULL;
+	cxt->onexec = NULL;
+	cxt->token = 0;
+}
+
 #endif /* __AA_CONTEXT_H */