Commit fbb55fdb authored by Lukas Braun's avatar Lukas Braun Committed by Simon Ruderich
Browse files

slsm: refactor and rename new_passt_task()

passt_dup_task() initializes all fields, not just ->label.
parent ab7a6fa5
...@@ -16,14 +16,12 @@ static char *init = "<<init>>"; ...@@ -16,14 +16,12 @@ static char *init = "<<init>>";
/** /**
* new_passt_task - allocate a task security blob * passt_dup_task - duplicates all resources related to @old_pt
* @lbl: a pointer to the label for the running task
* @gfp: type of the memory for the allocation
* *
* Returns the new blob or NULL if there's no memory available * Returns the new passt_task or NULL if there's no memory available
*/ */
static struct passt_task *new_passt_task(char *lbl, gfp_t gfp) { static struct passt_task *passt_dup_task(const struct passt_task *old_pt, gfp_t gfp) {
struct passt_task *pt = kzalloc(sizeof(struct passt_task), gfp); struct passt_task *pt = kmemdup(old_pt, sizeof(struct passt_task), gfp);
if (!pt) if (!pt)
return NULL; return NULL;
...@@ -31,7 +29,7 @@ static struct passt_task *new_passt_task(char *lbl, gfp_t gfp) { ...@@ -31,7 +29,7 @@ static struct passt_task *new_passt_task(char *lbl, gfp_t gfp) {
* TODO: global cache for labels, see SMACK * TODO: global cache for labels, see SMACK
* for now we duplicate everything to avoid refcounting headaches * for now we duplicate everything to avoid refcounting headaches
*/ */
pt->label = kstrdup(lbl, gfp); pt->label = kstrdup(old_pt->label, gfp);
if (!pt->label) { if (!pt->label) {
kfree(pt); kfree(pt);
return NULL; return NULL;
...@@ -68,7 +66,7 @@ static int passt_cred_prepare(struct cred *new, const struct cred *old, ...@@ -68,7 +66,7 @@ static int passt_cred_prepare(struct cred *new, const struct cred *old,
gfp_t gfp) { gfp_t gfp) {
struct passt_task *new_pt, *old_pt = old->security; struct passt_task *new_pt, *old_pt = old->security;
new_pt = new_passt_task(old_pt->label, gfp); new_pt = passt_dup_task(old_pt, gfp);
if (!new_pt) if (!new_pt)
return -ENOMEM; return -ENOMEM;
...@@ -336,6 +334,7 @@ static struct security_hook_list passt_hooks[] = { ...@@ -336,6 +334,7 @@ static struct security_hook_list passt_hooks[] = {
static __init int passt_init(void) { static __init int passt_init(void) {
struct cred *cred; struct cred *cred;
struct passt_task *pt; struct passt_task *pt;
struct passt_task init_pt = { .label = init, .confined = 0 };
if (!security_module_enable("passt")) { if (!security_module_enable("passt")) {
printk(KERN_INFO "PASST-MAC disabled by boot parameter\n"); printk(KERN_INFO "PASST-MAC disabled by boot parameter\n");
...@@ -348,7 +347,7 @@ static __init int passt_init(void) { ...@@ -348,7 +347,7 @@ static __init int passt_init(void) {
* how do we find out what init actually is? * how do we find out what init actually is?
* hardcode /sbin/init? beware symlinks * hardcode /sbin/init? beware symlinks
*/ */
pt = new_passt_task(init, GFP_KERNEL); pt = passt_dup_task(&init_pt, GFP_KERNEL);
if (!pt) if (!pt)
/* TODO: panic? */ /* TODO: panic? */
return -ENOMEM; return -ENOMEM;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment