mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-04 12:13:43 +00:00
selinux: make more use of current_sid()
Use the internal helper current_sid() where applicable. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
4b3124de63
commit
cdc12eb412
@ -2961,7 +2961,7 @@ static int selinux_inode_init_security_anon(struct inode *inode,
|
||||
const struct qstr *name,
|
||||
const struct inode *context_inode)
|
||||
{
|
||||
const struct task_security_struct *tsec = selinux_cred(current_cred());
|
||||
u32 sid = current_sid();
|
||||
struct common_audit_data ad;
|
||||
struct inode_security_struct *isec;
|
||||
int rc;
|
||||
@ -2990,7 +2990,7 @@ static int selinux_inode_init_security_anon(struct inode *inode,
|
||||
} else {
|
||||
isec->sclass = SECCLASS_ANON_INODE;
|
||||
rc = security_transition_sid(
|
||||
tsec->sid, tsec->sid,
|
||||
sid, sid,
|
||||
isec->sclass, name, &isec->sid);
|
||||
if (rc)
|
||||
return rc;
|
||||
@ -3005,7 +3005,7 @@ static int selinux_inode_init_security_anon(struct inode *inode,
|
||||
ad.type = LSM_AUDIT_DATA_ANONINODE;
|
||||
ad.u.anonclass = name ? (const char *)name->name : "?";
|
||||
|
||||
return avc_has_perm(tsec->sid,
|
||||
return avc_has_perm(sid,
|
||||
isec->sid,
|
||||
isec->sclass,
|
||||
FILE__CREATE,
|
||||
@ -3063,14 +3063,12 @@ static int selinux_inode_readlink(struct dentry *dentry)
|
||||
static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
|
||||
bool rcu)
|
||||
{
|
||||
const struct cred *cred = current_cred();
|
||||
struct common_audit_data ad;
|
||||
struct inode_security_struct *isec;
|
||||
u32 sid;
|
||||
u32 sid = current_sid();
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_DENTRY;
|
||||
ad.u.dentry = dentry;
|
||||
sid = cred_sid(cred);
|
||||
isec = inode_security_rcu(inode, rcu);
|
||||
if (IS_ERR(isec))
|
||||
return PTR_ERR(isec);
|
||||
@ -3094,12 +3092,11 @@ static noinline int audit_inode_permission(struct inode *inode,
|
||||
|
||||
static int selinux_inode_permission(struct inode *inode, int mask)
|
||||
{
|
||||
const struct cred *cred = current_cred();
|
||||
u32 perms;
|
||||
bool from_access;
|
||||
bool no_block = mask & MAY_NOT_BLOCK;
|
||||
struct inode_security_struct *isec;
|
||||
u32 sid;
|
||||
u32 sid = current_sid();
|
||||
struct av_decision avd;
|
||||
int rc, rc2;
|
||||
u32 audited, denied;
|
||||
@ -3116,7 +3113,6 @@ static int selinux_inode_permission(struct inode *inode, int mask)
|
||||
|
||||
perms = file_mask_to_av(inode->i_mode, mask);
|
||||
|
||||
sid = cred_sid(cred);
|
||||
isec = inode_security_rcu(inode, no_block);
|
||||
if (IS_ERR(isec))
|
||||
return PTR_ERR(isec);
|
||||
@ -5564,13 +5560,7 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
|
||||
|
||||
static int selinux_secmark_relabel_packet(u32 sid)
|
||||
{
|
||||
const struct task_security_struct *tsec;
|
||||
u32 tsid;
|
||||
|
||||
tsec = selinux_cred(current_cred());
|
||||
tsid = tsec->sid;
|
||||
|
||||
return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
|
||||
return avc_has_perm(current_sid(), sid, SECCLASS_PACKET, PACKET__RELABELTO,
|
||||
NULL);
|
||||
}
|
||||
|
||||
|
@ -76,7 +76,6 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
|
||||
gfp_t gfp)
|
||||
{
|
||||
int rc;
|
||||
const struct task_security_struct *tsec = selinux_cred(current_cred());
|
||||
struct xfrm_sec_ctx *ctx = NULL;
|
||||
u32 str_len;
|
||||
|
||||
@ -103,7 +102,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
|
||||
rc = avc_has_perm(current_sid(), ctx->ctx_sid,
|
||||
SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL);
|
||||
if (rc)
|
||||
goto err;
|
||||
@ -134,12 +133,10 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx)
|
||||
*/
|
||||
static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
const struct task_security_struct *tsec = selinux_cred(current_cred());
|
||||
|
||||
if (!ctx)
|
||||
return 0;
|
||||
|
||||
return avc_has_perm(tsec->sid, ctx->ctx_sid,
|
||||
return avc_has_perm(current_sid(), ctx->ctx_sid,
|
||||
SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
|
||||
NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user