diff options
author | John Johansen <john.johansen@canonical.com> | 2013-02-18 16:05:34 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2013-04-28 00:36:20 -0700 |
commit | 7a2871b566f34d980556072943295efd107eb53c (patch) | |
tree | 7f991bd472872e62780ba9119d8e3a3784008dfc /security/apparmor/context.c | |
parent | 0ca554b9fca425eb58325a36290deef698cef34b (diff) | |
download | op-kernel-dev-7a2871b566f34d980556072943295efd107eb53c.zip op-kernel-dev-7a2871b566f34d980556072943295efd107eb53c.tar.gz |
apparmor: use common fn to clear task_context for domain transitions
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
Diffstat (limited to 'security/apparmor/context.c')
-rw-r--r-- | security/apparmor/context.c | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c index 611e6ce..3f911af 100644 --- a/security/apparmor/context.c +++ b/security/apparmor/context.c @@ -105,16 +105,12 @@ int aa_replace_current_profile(struct aa_profile *profile) return -ENOMEM; cxt = new->security; - if (unconfined(profile) || (cxt->profile->ns != profile->ns)) { + if (unconfined(profile) || (cxt->profile->ns != profile->ns)) /* if switching to unconfined or a different profile namespace * clear out context state */ - aa_put_profile(cxt->previous); - aa_put_profile(cxt->onexec); - cxt->previous = NULL; - cxt->onexec = NULL; - cxt->token = 0; - } + aa_clear_task_cxt_trans(cxt); + /* be careful switching cxt->profile, when racing replacement it * is possible that cxt->profile->replacedby is the reference keeping * @profile valid, so make sure to get its reference before dropping @@ -222,11 +218,10 @@ int aa_restore_previous_profile(u64 token) aa_get_profile(cxt->profile); aa_put_profile(cxt->previous); } - /* clear exec && prev information when restoring to previous context */ + /* ref has been transfered so avoid putting ref in clear_task_cxt */ cxt->previous = NULL; - cxt->token = 0; - aa_put_profile(cxt->onexec); - cxt->onexec = NULL; + /* clear exec && prev information when restoring to previous context */ + aa_clear_task_cxt_trans(cxt); commit_creds(new); return 0; |