CRED: Wrap current->cred and a few other accessors
Wrap current->cred and a few other accessors to hide their actual
implementation.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/commoncap.c b/security/commoncap.c
index fa61679..61307f5 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -641,7 +641,7 @@
int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5, long *rc_p)
{
- struct cred *cred = current->cred;
+ struct cred *cred = current_cred();
long error = 0;
switch (option) {
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b0904cd..ce8ac60 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -582,7 +582,7 @@
{
struct request_key_auth *rka;
struct task_struct *t = current;
- struct cred *cred = t->cred;
+ struct cred *cred = current_cred();
struct key *key;
key_ref_t key_ref, skey_ref;
int ret;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 3e9b9eb..0488b0a 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -67,6 +67,7 @@
void *aux)
{
struct task_struct *tsk = current;
+ const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = cons->key, *authkey = cons->authkey, *keyring;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
@@ -96,16 +97,16 @@
goto error_link;
/* record the UID and GID */
- sprintf(uid_str, "%d", current_fsuid());
- sprintf(gid_str, "%d", current_fsgid());
+ sprintf(uid_str, "%d", cred->fsuid);
+ sprintf(gid_str, "%d", cred->fsgid);
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
- tsk->cred->thread_keyring ?
- tsk->cred->thread_keyring->serial : 0);
+ cred->thread_keyring ?
+ cred->thread_keyring->serial : 0);
prkey = 0;
if (tsk->signal->process_keyring)
@@ -118,7 +119,7 @@
sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
rcu_read_unlock();
} else {
- sskey = tsk->cred->user->session_keyring->serial;
+ sskey = cred->user->session_keyring->serial;
}
sprintf(keyring_str[2], "%d", sskey);
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index cf02490..c73aeaa 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,9 +39,13 @@
int selinux_secmark_relabel_packet_permission(u32 sid)
{
if (selinux_enabled) {
- struct task_security_struct *tsec = current->cred->security;
+ const struct task_security_struct *__tsec;
+ u32 tsid;
- return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET,
+ __tsec = current_security();
+ tsid = __tsec->sid;
+
+ return avc_has_perm(tsid, sid, SECCLASS_PACKET,
PACKET__RELABELTO, NULL);
}
return 0;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index d7db766..c0eb720 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@
struct xfrm_user_sec_ctx *uctx, u32 sid)
{
int rc = 0;
- struct task_security_struct *tsec = current->cred->security;
+ const struct task_security_struct *tsec = current_security();
struct xfrm_sec_ctx *ctx = NULL;
char *ctx_str = NULL;
u32 str_len;
@@ -333,7 +333,7 @@
*/
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
- struct task_security_struct *tsec = current->cred->security;
+ const struct task_security_struct *tsec = current_security();
int rc = 0;
if (ctx) {
@@ -378,7 +378,7 @@
*/
int selinux_xfrm_state_delete(struct xfrm_state *x)
{
- struct task_security_struct *tsec = current->cred->security;
+ const struct task_security_struct *tsec = current_security();
struct xfrm_sec_ctx *ctx = x->security;
int rc = 0;
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index b6dd4fc..247cec3 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -164,7 +164,7 @@
{
int rc;
- rc = smk_access(current->cred->security, obj_label, mode);
+ rc = smk_access(current_security(), obj_label, mode);
if (rc == 0)
return 0;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cc83731..e8a4fcb 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -143,7 +143,7 @@
static int smack_syslog(int type)
{
int rc;
- char *sp = current->cred->security;
+ char *sp = current_security();
rc = cap_syslog(type);
if (rc != 0)
@@ -375,7 +375,7 @@
*/
static int smack_inode_alloc_security(struct inode *inode)
{
- inode->i_security = new_inode_smack(current->cred->security);
+ inode->i_security = new_inode_smack(current_security());
if (inode->i_security == NULL)
return -ENOMEM;
return 0;
@@ -820,7 +820,7 @@
*/
static int smack_file_alloc_security(struct file *file)
{
- file->f_security = current->cred->security;
+ file->f_security = current_security();
return 0;
}
@@ -918,7 +918,7 @@
*/
static int smack_file_set_fowner(struct file *file)
{
- file->f_security = current->cred->security;
+ file->f_security = current_security();
return 0;
}
@@ -986,8 +986,7 @@
*/
static int smack_cred_alloc_security(struct cred *cred)
{
- cred->security = current->cred->security;
-
+ cred->security = current_security();
return 0;
}
@@ -1225,7 +1224,7 @@
*/
static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
{
- char *csp = current->cred->security;
+ char *csp = current_security();
struct socket_smack *ssp;
ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
@@ -1450,7 +1449,7 @@
*/
static int smack_msg_msg_alloc_security(struct msg_msg *msg)
{
- msg->security = current->cred->security;
+ msg->security = current_security();
return 0;
}
@@ -1486,7 +1485,7 @@
{
struct kern_ipc_perm *isp = &shp->shm_perm;
- isp->security = current->cred->security;
+ isp->security = current_security();
return 0;
}
@@ -1595,7 +1594,7 @@
{
struct kern_ipc_perm *isp = &sma->sem_perm;
- isp->security = current->cred->security;
+ isp->security = current_security();
return 0;
}
@@ -1699,7 +1698,7 @@
{
struct kern_ipc_perm *kisp = &msq->q_perm;
- kisp->security = current->cred->security;
+ kisp->security = current_security();
return 0;
}
@@ -1854,7 +1853,7 @@
struct super_block *sbp;
struct superblock_smack *sbsp;
struct inode_smack *isp;
- char *csp = current->cred->security;
+ char *csp = current_security();
char *fetched;
char *final;
struct dentry *dp;
@@ -2290,8 +2289,7 @@
return;
ssp = sk->sk_security;
- ssp->smk_in = current->cred->security;
- ssp->smk_out = current->cred->security;
+ ssp->smk_in = ssp->smk_out = current_security();
ssp->smk_packet[0] = '\0';
rc = smack_netlabel(sk);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c5ca279..ca257df 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -336,7 +336,7 @@
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = smack_to_secid(current->cred->security);
+ audit_info.secid = smack_to_secid(current_security());
rc = netlbl_cfg_map_del(NULL, &audit_info);
if (rc != 0)
@@ -371,7 +371,7 @@
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = smack_to_secid(current->cred->security);
+ audit_info.secid = smack_to_secid(current_security());
if (oldambient != NULL) {
rc = netlbl_cfg_map_del(oldambient, &audit_info);