diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/domain.c | 30 | ||||
-rw-r--r-- | security/apparmor/include/domain.h | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 30 |
3 files changed, 30 insertions, 32 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index a0ba334..2b1524c 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm) return 0; } -/** - * apparmor_bprm_committing_creds - do task cleanup on committing new creds - * @bprm: binprm for the exec (NOT NULL) - */ -void apparmor_bprm_committing_creds(struct linux_binprm *bprm) -{ - struct aa_profile *profile = __aa_current_profile(); - struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred); - - /* bail out if unconfined or not changing profile */ - if ((new_ctx->profile == profile) || - (unconfined(new_ctx->profile))) - return; - - current->pdeath_signal = 0; - - /* reset soft limits and set hard limits for the new profile */ - __aa_transition_rlimits(profile, new_ctx->profile); -} - -/** - * apparmor_bprm_commited_cred - do cleanup after new creds committed - * @bprm: binprm for the exec (NOT NULL) - */ -void apparmor_bprm_committed_creds(struct linux_binprm *bprm) -{ - /* TODO: cleanup signals - ipc mediation */ - return; -} - /* * Functions for self directed profile change */ diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h index 3054472..6587c4a 100644 --- a/security/apparmor/include/domain.h +++ b/security/apparmor/include/domain.h @@ -25,8 +25,6 @@ struct aa_domain { int apparmor_bprm_set_creds(struct linux_binprm *bprm); int apparmor_bprm_secureexec(struct linux_binprm *bprm); -void apparmor_bprm_committing_creds(struct linux_binprm *bprm); -void apparmor_bprm_committed_creds(struct linux_binprm *bprm); void aa_free_domain_entries(struct aa_domain *domain); int aa_change_hat(const char *hats[], int count, u64 token, bool permtest); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8ab00c9..3549200 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -575,6 +575,36 @@ fail: goto out; } +/** + * apparmor_bprm_committing_creds - do task cleanup on committing new creds + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committing_creds(struct linux_binprm *bprm) +{ + struct aa_profile *profile = __aa_current_profile(); + struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred); + + /* bail out if unconfined or not changing profile */ + if ((new_ctx->profile == profile) || + (unconfined(new_ctx->profile))) + return; + + current->pdeath_signal = 0; + + /* reset soft limits and set hard limits for the new profile */ + __aa_transition_rlimits(profile, new_ctx->profile); +} + +/** + * apparmor_bprm_committed_cred - do cleanup after new creds committed + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) +{ + /* TODO: cleanup signals - ipc mediation */ + return; +} + static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { |