AppArmor: Abstract use of cred security blob

Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
author: Casey Schaufler <casey@schaufler-ca.com> 2018-09-21 17:17:59 -0700
committer: Kees Cook <keescook@chromium.org> 2019-01-08 13:18:44 -0800
commit: 69b5a44a95bb86f3ad8a50bf2e354057ec450082 (patch)
tree: 64a3c7a0e942b15a16d387f474409ebb48761558 /security/apparmor/include
parent: SELinux: Remove unused selinux_is_enabled (diff)
download: linux-dev-69b5a44a95bb86f3ad8a50bf2e354057ec450082.tar.xz
linux-dev-69b5a44a95bb86f3ad8a50bf2e354057ec450082.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h
index 265ae6641a06..a757370f2a0c 100644
--- a/security/apparmor/include/cred.h
+++ b/security/apparmor/include/cred.h
@@ -23,8 +23,22 @@
 #include "policy_ns.h"
 #include "task.h"
 
-#define cred_label(X) ((X)->security)
+static inline struct aa_label *cred_label(const struct cred *cred)
+{
+	struct aa_label **blob = cred->security;
+
+	AA_BUG(!blob);
+	return *blob;
+}
 
+static inline void set_cred_label(const struct cred *cred,
+				  struct aa_label *label)
+{
+	struct aa_label **blob = cred->security;
+
+	AA_BUG(!blob);
+	*blob = label;
+}
 
 /**
  * aa_cred_raw_label - obtain cred's label
author	Casey Schaufler <casey@schaufler-ca.com>	2018-09-21 17:17:59 -0700
committer	Kees Cook <keescook@chromium.org>	2019-01-08 13:18:44 -0800
commit	69b5a44a95bb86f3ad8a50bf2e354057ec450082 (patch)
tree	64a3c7a0e942b15a16d387f474409ebb48761558 /security/apparmor/include
parent	SELinux: Remove unused selinux_is_enabled (diff)
download	linux-dev-69b5a44a95bb86f3ad8a50bf2e354057ec450082.tar.xz linux-dev-69b5a44a95bb86f3ad8a50bf2e354057ec450082.zip