| lsm.c (d9087c49d4388e3f35f09a5cf7ed6e09c9106604) | lsm.c (f175221af35bedf99b201d861a0fe54e19ef36c2) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor LSM hooks. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 568 unchanged lines hidden (view full) --- 577} 578 579static int apparmor_getprocattr(struct task_struct *task, char *name, 580 char **value) 581{ 582 int error = -ENOENT; 583 /* released below */ 584 const struct cred *cred = get_task_cred(task); | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor LSM hooks. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 568 unchanged lines hidden (view full) --- 577} 578 579static int apparmor_getprocattr(struct task_struct *task, char *name, 580 char **value) 581{ 582 int error = -ENOENT; 583 /* released below */ 584 const struct cred *cred = get_task_cred(task); |
| 585 struct aa_task_ctx *tctx = current_task_ctx(); | 585 struct aa_task_ctx *ctx = current_task_ctx(); |
| 586 struct aa_label *label = NULL; 587 588 if (strcmp(name, "current") == 0) 589 label = aa_get_newest_label(cred_label(cred)); | 586 struct aa_label *label = NULL; 587 588 if (strcmp(name, "current") == 0) 589 label = aa_get_newest_label(cred_label(cred)); |
| 590 else if (strcmp(name, "prev") == 0 && tctx->previous) 591 label = aa_get_newest_label(tctx->previous); 592 else if (strcmp(name, "exec") == 0 && tctx->onexec) 593 label = aa_get_newest_label(tctx->onexec); | 590 else if (strcmp(name, "prev") == 0 && ctx->previous) 591 label = aa_get_newest_label(ctx->previous); 592 else if (strcmp(name, "exec") == 0 && ctx->onexec) 593 label = aa_get_newest_label(ctx->onexec); |
| 594 else 595 error = -EINVAL; 596 597 if (label) 598 error = aa_getprocattr(label, value); 599 600 aa_put_label(label); 601 put_cred(cred); --- 426 unchanged lines hidden (view full) --- 1028/** 1029 * set_init_ctx - set a task context and profile on the first task. 1030 * 1031 * TODO: allow setting an alternate profile than unconfined 1032 */ 1033static int __init set_init_ctx(void) 1034{ 1035 struct cred *cred = (struct cred *)current->real_cred; | 594 else 595 error = -EINVAL; 596 597 if (label) 598 error = aa_getprocattr(label, value); 599 600 aa_put_label(label); 601 put_cred(cred); --- 426 unchanged lines hidden (view full) --- 1028/** 1029 * set_init_ctx - set a task context and profile on the first task. 1030 * 1031 * TODO: allow setting an alternate profile than unconfined 1032 */ 1033static int __init set_init_ctx(void) 1034{ 1035 struct cred *cred = (struct cred *)current->real_cred; |
| 1036 struct aa_task_ctx *tctx; | 1036 struct aa_task_ctx *ctx; |
| 1037 | 1037 |
| 1038 tctx = aa_alloc_task_ctx(GFP_KERNEL); 1039 if (!tctx) | 1038 ctx = aa_alloc_task_ctx(GFP_KERNEL); 1039 if (!ctx) |
| 1040 return -ENOMEM; 1041 1042 cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); | 1040 return -ENOMEM; 1041 1042 cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); |
| 1043 task_ctx(current) = tctx; | 1043 task_ctx(current) = ctx; |
| 1044 1045 return 0; 1046} 1047 1048static void destroy_buffers(void) 1049{ 1050 u32 i, j; 1051 --- 140 unchanged lines hidden --- | 1044 1045 return 0; 1046} 1047 1048static void destroy_buffers(void) 1049{ 1050 u32 i, j; 1051 --- 140 unchanged lines hidden --- |