*/
int aa_set_current_hat(struct aa_label *label, u64 token)
{
- struct aa_task_ctx *tctx = current_task_ctx();
- struct aa_cred_ctx *ctx;
+ struct aa_task_ctx *ctx = current_task_ctx();
struct cred *new;
new = prepare_creds();
return -ENOMEM;
AA_BUG(!label);
- if (!tctx->previous) {
+ if (!ctx->previous) {
/* transfer refcount */
- tctx->previous = cred_label(new);
- tctx->token = token;
- } else if (tctx->token == token) {
+ ctx->previous = cred_label(new);
+ ctx->token = token;
+ } else if (ctx->token == token) {
aa_put_label(cred_label(new));
} else {
/* previous_profile && ctx->token != token */
cred_label(new) = aa_get_newest_label(label);
/* clear exec on switching context */
- aa_put_label(tctx->onexec);
- tctx->onexec = NULL;
+ aa_put_label(ctx->onexec);
+ ctx->onexec = NULL;
commit_creds(new);
return 0;
*/
int aa_restore_previous_label(u64 token)
{
- struct aa_task_ctx *tctx = current_task_ctx();
+ struct aa_task_ctx *ctx = current_task_ctx();
struct cred *new;
- if (tctx->token != token)
+ if (ctx->token != token)
return -EACCES;
/* ignore restores when there is no saved label */
- if (!tctx->previous)
+ if (!ctx->previous)
return 0;
new = prepare_creds();
return -ENOMEM;
aa_put_label(cred_label(new));
- cred_label(new) = aa_get_newest_label(tctx->previous);
+ cred_label(new) = aa_get_newest_label(ctx->previous);
AA_BUG(!cred_label(new));
/* clear exec && prev information when restoring to previous context */
- aa_clear_task_ctx_trans(tctx);
+ aa_clear_task_ctx_trans(ctx);
commit_creds(new);
*/
int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
struct aa_label *label, *new = NULL;
struct aa_profile *profile;
char *buffer = NULL;
if (bprm->called_set_creds)
return 0;
- tctx = current_task_ctx();
+ ctx = current_task_ctx();
AA_BUG(!cred_label(bprm->cred));
- AA_BUG(!tctx);
+ AA_BUG(!ctx);
label = aa_get_newest_label(cred_label(bprm->cred));
/* buffer freed below, name is pointer into buffer */
get_buffers(buffer);
/* Test for onexec first as onexec override other x transitions. */
- if (tctx->onexec)
- new = handle_onexec(label, tctx->onexec, tctx->token,
+ if (ctx->onexec)
+ new = handle_onexec(label, ctx->onexec, ctx->token,
bprm, buffer, &cond, &unsafe);
else
new = fn_label_build(label, profile, GFP_ATOMIC,
int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{
const struct cred *cred;
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile;
struct aa_perms perms = {};
/* released below */
cred = get_current_cred();
- tctx = current_task_ctx();
+ ctx = current_task_ctx();
label = aa_get_newest_cred_label(cred);
- previous = aa_get_newest_label(tctx->previous);
+ previous = aa_get_newest_label(ctx->previous);
if (unconfined(label)) {
info = "unconfined can not change_hat";
int error = -ENOENT;
/* released below */
const struct cred *cred = get_task_cred(task);
- struct aa_task_ctx *tctx = current_task_ctx();
+ struct aa_task_ctx *ctx = current_task_ctx();
struct aa_label *label = NULL;
if (strcmp(name, "current") == 0)
label = aa_get_newest_label(cred_label(cred));
- else if (strcmp(name, "prev") == 0 && tctx->previous)
- label = aa_get_newest_label(tctx->previous);
- else if (strcmp(name, "exec") == 0 && tctx->onexec)
- label = aa_get_newest_label(tctx->onexec);
+ else if (strcmp(name, "prev") == 0 && ctx->previous)
+ label = aa_get_newest_label(ctx->previous);
+ else if (strcmp(name, "exec") == 0 && ctx->onexec)
+ label = aa_get_newest_label(ctx->onexec);
else
error = -EINVAL;
static int __init set_init_ctx(void)
{
struct cred *cred = (struct cred *)current->real_cred;
- struct aa_task_ctx *tctx;
+ struct aa_task_ctx *ctx;
- tctx = aa_alloc_task_ctx(GFP_KERNEL);
- if (!tctx)
+ ctx = aa_alloc_task_ctx(GFP_KERNEL);
+ if (!ctx)
return -ENOMEM;
cred_label(cred) = aa_get_label(ns_unconfined(root_ns));
- task_ctx(current) = tctx;
+ task_ctx(current) = ctx;
return 0;
}
git.samba.org / sfrench / cifs-2.6.git / commitdiff