diff options
author | Tetsuo Handa | 2019-01-19 15:11:40 +0100 |
---|---|---|
committer | James Morris | 2019-01-23 20:36:15 +0100 |
commit | 8c6cb983cd52d78ab4e4c0191c73a11dcb60b866 (patch) | |
tree | c79c9274855fa8dcb1a7fa0da75c710036351c25 /security/tomoyo/domain.c | |
parent | security: keys: annotate implicit fall throughs (diff) | |
download | kernel-qcow2-linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.gz kernel-qcow2-linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.tar.xz kernel-qcow2-linux-8c6cb983cd52d78ab4e4c0191c73a11dcb60b866.zip |
tomoyo: Swicth from cred->security to task_struct->security.
TOMOYO security module is designed to use "struct task_struct"->security
in order to allow per "struct task_struct" tracking without being disturbed
by unable to update "struct cred"->security due to override mechanism.
Now that infrastructure-managed security blob is ready, this patch updates
TOMOYO to use "struct task_struct"->security.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r-- | security/tomoyo/domain.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index b7469fdbff01..39abf3ae6168 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -678,7 +678,6 @@ out: */ int tomoyo_find_next_domain(struct linux_binprm *bprm) { - struct tomoyo_domain_info **blob; struct tomoyo_domain_info *old_domain = tomoyo_domain(); struct tomoyo_domain_info *domain = NULL; const char *original_name = bprm->filename; @@ -843,9 +842,13 @@ force_jump_domain: if (!domain) domain = old_domain; /* Update reference count on "struct tomoyo_domain_info". */ - atomic_inc(&domain->users); - blob = tomoyo_cred(bprm->cred); - *blob = domain; + { + struct tomoyo_task *s = tomoyo_task(current); + + s->old_domain_info = s->domain_info; + s->domain_info = domain; + atomic_inc(&domain->users); + } kfree(exename.name); if (!retval) { ee->r.domain = domain; |