| lsm.c (f175221af35bedf99b201d861a0fe54e19ef36c2) | lsm.c (de62de59c27881c59c7df2e535cb9e1275cd52cc) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor LSM hooks. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 87 unchanged lines hidden (view full) --- 96static int apparmor_task_alloc(struct task_struct *task, 97 unsigned long clone_flags) 98{ 99 struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL); 100 101 if (!new) 102 return -ENOMEM; 103 | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor LSM hooks. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 87 unchanged lines hidden (view full) --- 96static int apparmor_task_alloc(struct task_struct *task, 97 unsigned long clone_flags) 98{ 99 struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL); 100 101 if (!new) 102 return -ENOMEM; 103 |
| 104 aa_dup_task_ctx(new, current_task_ctx()); | 104 aa_dup_task_ctx(new, task_ctx(current)); |
| 105 task_ctx(task) = new; 106 107 return 0; 108} 109 110static int apparmor_ptrace_access_check(struct task_struct *child, 111 unsigned int mode) 112{ --- 464 unchanged lines hidden (view full) --- 577} 578 579static int apparmor_getprocattr(struct task_struct *task, char *name, 580 char **value) 581{ 582 int error = -ENOENT; 583 /* released below */ 584 const struct cred *cred = get_task_cred(task); | 105 task_ctx(task) = new; 106 107 return 0; 108} 109 110static int apparmor_ptrace_access_check(struct task_struct *child, 111 unsigned int mode) 112{ --- 464 unchanged lines hidden (view full) --- 577} 578 579static int apparmor_getprocattr(struct task_struct *task, char *name, 580 char **value) 581{ 582 int error = -ENOENT; 583 /* released below */ 584 const struct cred *cred = get_task_cred(task); |
| 585 struct aa_task_ctx *ctx = current_task_ctx(); | 585 struct aa_task_ctx *ctx = task_ctx(current); |
| 586 struct aa_label *label = NULL; 587 588 if (strcmp(name, "current") == 0) 589 label = aa_get_newest_label(cred_label(cred)); 590 else if (strcmp(name, "prev") == 0 && ctx->previous) 591 label = aa_get_newest_label(ctx->previous); 592 else if (strcmp(name, "exec") == 0 && ctx->onexec) 593 label = aa_get_newest_label(ctx->onexec); --- 106 unchanged lines hidden (view full) --- 700 701/** 702 * apparmor_bprm_committed_cred - do cleanup after new creds committed 703 * @bprm: binprm for the exec (NOT NULL) 704 */ 705static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) 706{ 707 /* clear out temporary/transitional state from the context */ | 586 struct aa_label *label = NULL; 587 588 if (strcmp(name, "current") == 0) 589 label = aa_get_newest_label(cred_label(cred)); 590 else if (strcmp(name, "prev") == 0 && ctx->previous) 591 label = aa_get_newest_label(ctx->previous); 592 else if (strcmp(name, "exec") == 0 && ctx->onexec) 593 label = aa_get_newest_label(ctx->onexec); --- 106 unchanged lines hidden (view full) --- 700 701/** 702 * apparmor_bprm_committed_cred - do cleanup after new creds committed 703 * @bprm: binprm for the exec (NOT NULL) 704 */ 705static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) 706{ 707 /* clear out temporary/transitional state from the context */ |
| 708 aa_clear_task_ctx_trans(current_task_ctx()); | 708 aa_clear_task_ctx_trans(task_ctx(current)); |
| 709 710 return; 711} 712 713static int apparmor_task_setrlimit(struct task_struct *task, 714 unsigned int resource, struct rlimit *new_rlim) 715{ 716 struct aa_label *label = __begin_current_label_crit_section(); --- 475 unchanged lines hidden --- | 709 710 return; 711} 712 713static int apparmor_task_setrlimit(struct task_struct *task, 714 unsigned int resource, struct rlimit *new_rlim) 715{ 716 struct aa_label *label = __begin_current_label_crit_section(); --- 475 unchanged lines hidden --- |