From: John Johansen <john.johansen@canonical.com>
To: wzt wzt <wzt.wzt@gmail.com>
Cc: linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] APPARMOR: code cleanup on context.h
Date: Mon, 15 Nov 2010 16:25:44 -0800 [thread overview]
Message-ID: <4CE1CF88.2090702@canonical.com> (raw)
In-Reply-To: <AANLkTikrdQw1h=efa7EtnXCbQ5APT0PtWdaCUA83T5pN@mail.gmail.com>
On 11/15/2010 03:29 PM, wzt wzt wrote:
> hi, john, any comments?
>
Hi, yes sorry I am just trying to dig my self out from under a 4 day weekend :)
ACK, I am going to add it to the apparmor tree tonight once I finish cleaning the
tree up and push, and it will be included in the next pull request to security.
thanks
john
> On Sat, Nov 13, 2010 at 10:34 AM, <wzt.wzt@gmail.com> wrote:
>> Use current api to replace old codes.
>>
>> Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
>>
>> ---
>> security/apparmor/include/context.h | 34 +++++++++++++++-------------------
>> 1 files changed, 15 insertions(+), 19 deletions(-)
>>
>> diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
>> index a9cbee4..c9112f3 100644
>> --- a/security/apparmor/include/context.h
>> +++ b/security/apparmor/include/context.h
>> @@ -82,23 +82,6 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token);
>> int aa_restore_previous_profile(u64 cookie);
>>
>> /**
>> - * __aa_task_is_confined - determine if @task has any confinement
>> - * @task: task to check confinement of (NOT NULL)
>> - *
>> - * If @task != current needs to be called in RCU safe critical section
>> - */
>> -static inline bool __aa_task_is_confined(struct task_struct *task)
>> -{
>> - struct aa_task_cxt *cxt = __task_cred(task)->security;
>> -
>> - BUG_ON(!cxt || !cxt->profile);
>> - if (unconfined(aa_newest_version(cxt->profile)))
>> - return 0;
>> -
>> - return 1;
>> -}
>> -
>> -/**
>> * aa_cred_profile - obtain cred's profiles
>> * @cred: cred to obtain profiles from (NOT NULL)
>> *
>> @@ -138,9 +121,8 @@ static inline struct aa_profile *aa_current_profile(void)
>> {
>> const struct aa_task_cxt *cxt = current_cred()->security;
>> struct aa_profile *profile;
>> - BUG_ON(!cxt || !cxt->profile);
>>
>> - profile = aa_newest_version(cxt->profile);
>> + profile = __aa_current_profile();
>> /*
>> * Whether or not replacement succeeds, use newest profile so
>> * there is no need to update it after replacement.
>> @@ -151,4 +133,18 @@ static inline struct aa_profile *aa_current_profile(void)
>> return profile;
>> }
>>
>> +/**
>> + * __aa_task_is_confined - determine if @task has any confinement
>> + * @task: task to check confinement of (NOT NULL)
>> + *
>> + * If @task != current needs to be called in RCU safe critical section
>> + */
>> +static inline bool __aa_task_is_confined(struct task_struct *task)
>> +{
>> + if (unconfined(aa_cred_profile(__task_cred(task))))
>> + return 0;
>> +
>> + return 1;
>> +}
>> +
>> #endif /* __AA_CONTEXT_H */
>> --
>> 1.6.5.3
>>
>>
next prev parent reply other threads:[~2010-11-16 0:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-13 2:34 [PATCH] APPARMOR: code cleanup on context.h wzt.wzt
2010-11-15 23:29 ` wzt wzt
2010-11-16 0:25 ` John Johansen [this message]
2010-11-16 6:38 ` wzt wzt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CE1CF88.2090702@canonical.com \
--to=john.johansen@canonical.com \
--cc=apparmor@lists.ubuntu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=wzt.wzt@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.