Commit f28952ac authored by Casey Schaufler's avatar Casey Schaufler Committed by Kees Cook

Smack: Abstract use of file security blob

Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent bb6c6b02
...@@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred) ...@@ -362,6 +362,11 @@ static inline struct task_smack *smack_cred(const struct cred *cred)
return cred->security + smack_blob_sizes.lbs_cred; return cred->security + smack_blob_sizes.lbs_cred;
} }
static inline struct smack_known **smack_file(const struct file *file)
{
return (struct smack_known **)&file->f_security;
}
/* /*
* Is the directory transmuting? * Is the directory transmuting?
*/ */
......
...@@ -1489,9 +1489,9 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid) ...@@ -1489,9 +1489,9 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
*/ */
static int smack_file_alloc_security(struct file *file) static int smack_file_alloc_security(struct file *file)
{ {
struct smack_known *skp = smk_of_current(); struct smack_known **blob = smack_file(file);
file->f_security = skp; *blob = smk_of_current();
return 0; return 0;
} }
...@@ -1731,7 +1731,9 @@ static int smack_mmap_file(struct file *file, ...@@ -1731,7 +1731,9 @@ static int smack_mmap_file(struct file *file,
*/ */
static void smack_file_set_fowner(struct file *file) static void smack_file_set_fowner(struct file *file)
{ {
file->f_security = smk_of_current(); struct smack_known **blob = smack_file(file);
*blob = smk_of_current();
} }
/** /**
...@@ -1748,6 +1750,7 @@ static void smack_file_set_fowner(struct file *file) ...@@ -1748,6 +1750,7 @@ static void smack_file_set_fowner(struct file *file)
static int smack_file_send_sigiotask(struct task_struct *tsk, static int smack_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int signum) struct fown_struct *fown, int signum)
{ {
struct smack_known **blob;
struct smack_known *skp; struct smack_known *skp;
struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
const struct cred *tcred; const struct cred *tcred;
...@@ -1761,7 +1764,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, ...@@ -1761,7 +1764,8 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
file = container_of(fown, struct file, f_owner); file = container_of(fown, struct file, f_owner);
/* we don't log here as rc can be overriden */ /* we don't log here as rc can be overriden */
skp = file->f_security; blob = smack_file(file);
skp = *blob;
rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment