Use current api to replace old codes.
Signed-off-by: Zhitong Wang <[email protected]>
---
security/apparmor/include/context.h | 34 +++++++++++++++-------------------
1 files changed, 15 insertions(+), 19 deletions(-)
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index a9cbee4..c9112f3 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -82,23 +82,6 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token);
int aa_restore_previous_profile(u64 cookie);
/**
- * __aa_task_is_confined - determine if @task has any confinement
- * @task: task to check confinement of (NOT NULL)
- *
- * If @task != current needs to be called in RCU safe critical section
- */
-static inline bool __aa_task_is_confined(struct task_struct *task)
-{
- struct aa_task_cxt *cxt = __task_cred(task)->security;
-
- BUG_ON(!cxt || !cxt->profile);
- if (unconfined(aa_newest_version(cxt->profile)))
- return 0;
-
- return 1;
-}
-
-/**
* aa_cred_profile - obtain cred's profiles
* @cred: cred to obtain profiles from (NOT NULL)
*
@@ -138,9 +121,8 @@ static inline struct aa_profile *aa_current_profile(void)
{
const struct aa_task_cxt *cxt = current_cred()->security;
struct aa_profile *profile;
- BUG_ON(!cxt || !cxt->profile);
- profile = aa_newest_version(cxt->profile);
+ profile = __aa_current_profile();
/*
* Whether or not replacement succeeds, use newest profile so
* there is no need to update it after replacement.
@@ -151,4 +133,18 @@ static inline struct aa_profile *aa_current_profile(void)
return profile;
}
+/**
+ * __aa_task_is_confined - determine if @task has any confinement
+ * @task: task to check confinement of (NOT NULL)
+ *
+ * If @task != current needs to be called in RCU safe critical section
+ */
+static inline bool __aa_task_is_confined(struct task_struct *task)
+{
+ if (unconfined(aa_cred_profile(__task_cred(task))))
+ return 0;
+
+ return 1;
+}
+
#endif /* __AA_CONTEXT_H */
--
1.6.5.3
hi, john, any comments?
On Sat, Nov 13, 2010 at 10:34 AM, <[email protected]> wrote:
> Use current api to replace old codes.
>
> Signed-off-by: Zhitong Wang <[email protected]>
>
> ---
> security/apparmor/include/context.h | 34 +++++++++++++++-------------------
> 1 files changed, 15 insertions(+), 19 deletions(-)
>
> diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
> index a9cbee4..c9112f3 100644
> --- a/security/apparmor/include/context.h
> +++ b/security/apparmor/include/context.h
> @@ -82,23 +82,6 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token);
> int aa_restore_previous_profile(u64 cookie);
>
> /**
> - * __aa_task_is_confined - determine if @task has any confinement
> - * @task: task to check confinement of (NOT NULL)
> - *
> - * If @task != current needs to be called in RCU safe critical section
> - */
> -static inline bool __aa_task_is_confined(struct task_struct *task)
> -{
> - struct aa_task_cxt *cxt = __task_cred(task)->security;
> -
> - BUG_ON(!cxt || !cxt->profile);
> - if (unconfined(aa_newest_version(cxt->profile)))
> - return 0;
> -
> - return 1;
> -}
> -
> -/**
> * aa_cred_profile - obtain cred's profiles
> * @cred: cred to obtain profiles from (NOT NULL)
> *
> @@ -138,9 +121,8 @@ static inline struct aa_profile *aa_current_profile(void)
> {
> const struct aa_task_cxt *cxt = current_cred()->security;
> struct aa_profile *profile;
> - BUG_ON(!cxt || !cxt->profile);
>
> - profile = aa_newest_version(cxt->profile);
> + profile = __aa_current_profile();
> /*
> * Whether or not replacement succeeds, use newest profile so
> * there is no need to update it after replacement.
> @@ -151,4 +133,18 @@ static inline struct aa_profile *aa_current_profile(void)
> return profile;
> }
>
> +/**
> + * __aa_task_is_confined - determine if @task has any confinement
> + * @task: task to check confinement of (NOT NULL)
> + *
> + * If @task != current needs to be called in RCU safe critical section
> + */
> +static inline bool __aa_task_is_confined(struct task_struct *task)
> +{
> + if (unconfined(aa_cred_profile(__task_cred(task))))
> + return 0;
> +
> + return 1;
> +}
> +
> #endif /* __AA_CONTEXT_H */
> --
> 1.6.5.3
>
>
On 11/15/2010 03:29 PM, wzt wzt wrote:
> hi, john, any comments?
>
Hi, yes sorry I am just trying to dig my self out from under a 4 day weekend :)
ACK, I am going to add it to the apparmor tree tonight once I finish cleaning the
tree up and push, and it will be included in the next pull request to security.
thanks
john
> On Sat, Nov 13, 2010 at 10:34 AM, <[email protected]> wrote:
>> Use current api to replace old codes.
>>
>> Signed-off-by: Zhitong Wang <[email protected]>
>>
>> ---
>> security/apparmor/include/context.h | 34 +++++++++++++++-------------------
>> 1 files changed, 15 insertions(+), 19 deletions(-)
>>
>> diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
>> index a9cbee4..c9112f3 100644
>> --- a/security/apparmor/include/context.h
>> +++ b/security/apparmor/include/context.h
>> @@ -82,23 +82,6 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token);
>> int aa_restore_previous_profile(u64 cookie);
>>
>> /**
>> - * __aa_task_is_confined - determine if @task has any confinement
>> - * @task: task to check confinement of (NOT NULL)
>> - *
>> - * If @task != current needs to be called in RCU safe critical section
>> - */
>> -static inline bool __aa_task_is_confined(struct task_struct *task)
>> -{
>> - struct aa_task_cxt *cxt = __task_cred(task)->security;
>> -
>> - BUG_ON(!cxt || !cxt->profile);
>> - if (unconfined(aa_newest_version(cxt->profile)))
>> - return 0;
>> -
>> - return 1;
>> -}
>> -
>> -/**
>> * aa_cred_profile - obtain cred's profiles
>> * @cred: cred to obtain profiles from (NOT NULL)
>> *
>> @@ -138,9 +121,8 @@ static inline struct aa_profile *aa_current_profile(void)
>> {
>> const struct aa_task_cxt *cxt = current_cred()->security;
>> struct aa_profile *profile;
>> - BUG_ON(!cxt || !cxt->profile);
>>
>> - profile = aa_newest_version(cxt->profile);
>> + profile = __aa_current_profile();
>> /*
>> * Whether or not replacement succeeds, use newest profile so
>> * there is no need to update it after replacement.
>> @@ -151,4 +133,18 @@ static inline struct aa_profile *aa_current_profile(void)
>> return profile;
>> }
>>
>> +/**
>> + * __aa_task_is_confined - determine if @task has any confinement
>> + * @task: task to check confinement of (NOT NULL)
>> + *
>> + * If @task != current needs to be called in RCU safe critical section
>> + */
>> +static inline bool __aa_task_is_confined(struct task_struct *task)
>> +{
>> + if (unconfined(aa_cred_profile(__task_cred(task))))
>> + return 0;
>> +
>> + return 1;
>> +}
>> +
>> #endif /* __AA_CONTEXT_H */
>> --
>> 1.6.5.3
>>
>>
OK, thank you.
> Hi, yes sorry I am just trying to dig my self out from under a 4 day weekend :)
>
> ACK, I am going to add it to the apparmor tree tonight once I finish cleaning the
> tree up and push, and it will be included in the next pull request to security.
>
> thanks
> john
>