LOCKDOWN_CONFIDENTIALITY_MAX,
};
-/* scaffolding */
-struct lsm_prop_scaffold {
- u32 secid;
-};
-
/*
* Data exported by the security modules
*/
struct lsm_prop_smack smack;
struct lsm_prop_apparmor apparmor;
struct lsm_prop_bpf bpf;
- struct lsm_prop_scaffold scaffold;
};
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
struct aa_label *label;
int found = 0;
- /* scaffolding */
- if (!prop->apparmor.label && prop->scaffold.secid)
- label = aa_secid_to_label(prop->scaffold.secid);
- else
- label = prop->apparmor.label;
+ label = prop->apparmor.label;
if (!label)
return -ENOENT;
struct aa_label *label = __begin_current_label_crit_section();
prop->apparmor.label = label;
- /* scaffolding */
- prop->scaffold.secid = label->secid;
__end_current_label_crit_section(label);
}
struct aa_label *label = aa_get_task_label(p);
prop->apparmor.label = label;
- /* scaffolding */
- prop->scaffold.secid = label->secid;
aa_put_label(label);
}
{
struct aa_label *label;
- /* scaffolding */
- if (!prop->apparmor.label && prop->scaffold.secid)
- label = aa_secid_to_label(prop->scaffold.secid);
- else
- label = prop->apparmor.label;
+ label = prop->apparmor.label;
return apparmor_label_to_secctx(label, secdata, seclen);
}
struct inode_security_struct *isec = inode_security_novalidate(inode);
prop->selinux.secid = isec->sid;
- /* scaffolding */
- prop->scaffold.secid = isec->sid;
}
static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
static void selinux_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
{
prop->selinux.secid = cred_sid(c);
- /* scaffolding */
- prop->scaffold.secid = prop->selinux.secid;
}
/*
static void selinux_current_getlsmprop_subj(struct lsm_prop *prop)
{
prop->selinux.secid = current_sid();
- /* scaffolding */
- prop->scaffold.secid = prop->selinux.secid;
}
static void selinux_task_getlsmprop_obj(struct task_struct *p,
struct lsm_prop *prop)
{
prop->selinux.secid = task_sid_obj(p);
- /* scaffolding */
- prop->scaffold.secid = prop->selinux.secid;
}
static int selinux_task_setnice(struct task_struct *p, int nice)
{
struct ipc_security_struct *isec = selinux_ipc(ipcp);
prop->selinux.secid = isec->sid;
- /* scaffolding */
- prop->scaffold.secid = isec->sid;
}
static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
static int selinux_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
u32 *seclen)
{
- u32 secid = prop->selinux.secid;
-
- /* scaffolding */
- if (!secid)
- secid = prop->scaffold.secid;
-
- return selinux_secid_to_secctx(secid, secdata, seclen);
+ return selinux_secid_to_secctx(prop->selinux.secid, secdata, seclen);
}
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
goto out;
}
- /* scaffolding */
- if (!prop->selinux.secid && prop->scaffold.secid)
- prop->selinux.secid = prop->scaffold.secid;
-
ctxt = sidtab_search(policy->sidtab, prop->selinux.secid);
if (unlikely(!ctxt)) {
WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
*/
static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
{
- struct smack_known *skp = smk_of_inode(inode);
-
- prop->smack.skp = skp;
- /* scaffolding */
- prop->scaffold.secid = skp->smk_secid;
+ prop->smack.skp = smk_of_inode(inode);
}
/*
{
rcu_read_lock();
prop->smack.skp = smk_of_task(smack_cred(cred));
- /* scaffolding */
- prop->scaffold.secid = prop->smack.skp->smk_secid;
rcu_read_unlock();
}
*/
static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
{
- struct smack_known *skp = smk_of_current();
-
- prop->smack.skp = skp;
- /* scaffolding */
- prop->scaffold.secid = skp->smk_secid;
+ prop->smack.skp = smk_of_current();
}
/**
static void smack_task_getlsmprop_obj(struct task_struct *p,
struct lsm_prop *prop)
{
- struct smack_known *skp = smk_of_task_struct_obj(p);
-
- prop->smack.skp = skp;
- /* scaffolding */
- prop->scaffold.secid = skp->smk_secid;
+ prop->smack.skp = smk_of_task_struct_obj(p);
}
/**
static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
{
struct smack_known **iskpp = smack_ipc(ipp);
- struct smack_known *iskp = *iskpp;
- prop->smack.skp = iskp;
- /* scaffolding */
- prop->scaffold.secid = iskp->smk_secid;
+ prop->smack.skp = *iskpp;
}
/**
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
return 0;
- /* scaffolding */
- if (!skp && prop->scaffold.secid)
- skp = smack_from_secid(prop->scaffold.secid);
-
/*
* No need to do string comparisons. If a match occurs,
* both pointers will point to the same smack_known
{
struct smack_known *skp = prop->smack.skp;
- /* scaffolding */
- if (!skp && prop->scaffold.secid)
- skp = smack_from_secid(prop->scaffold.secid);
-
if (secdata)
*secdata = skp->smk_known;
*seclen = strlen(skp->smk_known);
projects / users / dwmw2 / linux.git / commitdiff