@@ -24,6 +24,7 @@
#define cred_cxt(X) apparmor_cred(X)
#define current_cxt() cred_cxt(current_cred())
+#define file_cxt(X) apparmor_file(X)
/* struct aa_file_cxt - the AppArmor context the file was opened in
* @perms: the permission the file was opened with
@@ -91,6 +92,11 @@ static inline struct aa_task_cxt *apparmor_cred(const struct cred *cred)
return cred->security;
}
+static inline struct aa_file_cxt *apparmor_file(const struct file *file)
+{
+ return file->f_security;
+}
+
/**
* aa_cred_profile - obtain cred's profiles
* @cred: cred to obtain profiles from (NOT NULL)
@@ -321,7 +321,7 @@ static int apparmor_inode_getattr(const struct path *path)
static int apparmor_file_open(struct file *file, const struct cred *cred)
{
- struct aa_file_cxt *fcxt = file->f_security;
+ struct aa_file_cxt *fcxt = file_cxt(file);
struct aa_profile *profile;
int error = 0;
@@ -364,14 +364,14 @@ static int apparmor_file_alloc_security(struct file *file)
static void apparmor_file_free_security(struct file *file)
{
- struct aa_file_cxt *cxt = file->f_security;
+ struct aa_file_cxt *cxt = file_cxt(file);
aa_free_file_context(cxt);
}
static int common_file_perm(int op, struct file *file, u32 mask)
{
- struct aa_file_cxt *fcxt = file->f_security;
+ struct aa_file_cxt *fcxt = file_cxt(file);
struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
int error = 0;
@@ -417,7 +417,7 @@ static int common_mmap(int op, struct file *file, unsigned long prot,
{
int mask = 0;
- if (!file || !file->f_security)
+ if (!file || file_cxt(file) == NULL)
return 0;
if (prot & PROT_READ)
Subject: [PATCH 09/25] AppArmor: Abstract the file security blob Abstract reading the file security blob. Remove abstraction when writing the file security blob. There is no change in the behavior of the code. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- security/apparmor/include/context.h | 6 ++++++ security/apparmor/lsm.c | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-)