diff options
| author | Casey Schaufler | 2018-09-22 02:17:59 +0200 |
|---|---|---|
| committer | Kees Cook | 2019-01-08 22:18:44 +0100 |
| commit | 69b5a44a95bb86f3ad8a50bf2e354057ec450082 (patch) | |
| tree | 64a3c7a0e942b15a16d387f474409ebb48761558 /security/apparmor/task.c | |
| parent | SELinux: Remove unused selinux_is_enabled (diff) | |
| download | kernel-qcow2-linux-69b5a44a95bb86f3ad8a50bf2e354057ec450082.tar.gz kernel-qcow2-linux-69b5a44a95bb86f3ad8a50bf2e354057ec450082.tar.xz kernel-qcow2-linux-69b5a44a95bb86f3ad8a50bf2e354057ec450082.zip | |
AppArmor: Abstract use of cred security blob
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/apparmor/task.c')
| -rw-r--r-- | security/apparmor/task.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/apparmor/task.c b/security/apparmor/task.c index c6b78a14da91..4551110f0496 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_label *label) */ aa_get_label(label); aa_put_label(cred_label(new)); - cred_label(new) = label; + set_cred_label(new, label); commit_creds(new); return 0; @@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token) return -EACCES; } - cred_label(new) = aa_get_newest_label(label); + set_cred_label(new, aa_get_newest_label(label)); /* clear exec on switching context */ aa_put_label(ctx->onexec); ctx->onexec = NULL; @@ -172,7 +172,7 @@ int aa_restore_previous_label(u64 token) return -ENOMEM; aa_put_label(cred_label(new)); - cred_label(new) = aa_get_newest_label(ctx->previous); + set_cred_label(new, aa_get_newest_label(ctx->previous)); AA_BUG(!cred_label(new)); /* clear exec && prev information when restoring to previous context */ aa_clear_task_ctx_trans(ctx); |