~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/include/cred.h

Version: ~ [ linux-5.12 ] ~ [ linux-5.11.16 ] ~ [ linux-5.10.32 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.114 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.188 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.231 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.267 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.267 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * AppArmor security module
  3  *
  4  * This file contains AppArmor contexts used to associate "labels" to objects.
  5  *
  6  * Copyright (C) 1998-2008 Novell/SUSE
  7  * Copyright 2009-2010 Canonical Ltd.
  8  *
  9  * This program is free software; you can redistribute it and/or
 10  * modify it under the terms of the GNU General Public License as
 11  * published by the Free Software Foundation, version 2 of the
 12  * License.
 13  */
 14 
 15 #ifndef __AA_CONTEXT_H
 16 #define __AA_CONTEXT_H
 17 
 18 #include <linux/cred.h>
 19 #include <linux/slab.h>
 20 #include <linux/sched.h>
 21 
 22 #include "label.h"
 23 #include "policy_ns.h"
 24 #include "task.h"
 25 
 26 #define cred_label(X) ((X)->security)
 27 
 28 
 29 /**
 30  * aa_cred_raw_label - obtain cred's label
 31  * @cred: cred to obtain label from  (NOT NULL)
 32  *
 33  * Returns: confining label
 34  *
 35  * does NOT increment reference count
 36  */
 37 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
 38 {
 39         struct aa_label *label = cred_label(cred);
 40 
 41         AA_BUG(!label);
 42         return label;
 43 }
 44 
 45 /**
 46  * aa_get_newest_cred_label - obtain the newest label on a cred
 47  * @cred: cred to obtain label from (NOT NULL)
 48  *
 49  * Returns: newest version of confining label
 50  */
 51 static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred)
 52 {
 53         return aa_get_newest_label(aa_cred_raw_label(cred));
 54 }
 55 
 56 /**
 57  * __aa_task_raw_label - retrieve another task's label
 58  * @task: task to query  (NOT NULL)
 59  *
 60  * Returns: @task's label without incrementing its ref count
 61  *
 62  * If @task != current needs to be called in RCU safe critical section
 63  */
 64 static inline struct aa_label *__aa_task_raw_label(struct task_struct *task)
 65 {
 66         return aa_cred_raw_label(__task_cred(task));
 67 }
 68 
 69 /**
 70  * aa_current_raw_label - find the current tasks confining label
 71  *
 72  * Returns: up to date confining label or the ns unconfined label (NOT NULL)
 73  *
 74  * This fn will not update the tasks cred to the most up to date version
 75  * of the label so it is safe to call when inside of locks.
 76  */
 77 static inline struct aa_label *aa_current_raw_label(void)
 78 {
 79         return aa_cred_raw_label(current_cred());
 80 }
 81 
 82 /**
 83  * aa_get_current_label - get the newest version of the current tasks label
 84  *
 85  * Returns: newest version of confining label (NOT NULL)
 86  *
 87  * This fn will not update the tasks cred, so it is safe inside of locks
 88  *
 89  * The returned reference must be put with aa_put_label()
 90  */
 91 static inline struct aa_label *aa_get_current_label(void)
 92 {
 93         struct aa_label *l = aa_current_raw_label();
 94 
 95         if (label_is_stale(l))
 96                 return aa_get_newest_label(l);
 97         return aa_get_label(l);
 98 }
 99 
100 #define __end_current_label_crit_section(X) end_current_label_crit_section(X)
101 
102 /**
103  * end_label_crit_section - put a reference found with begin_current_label..
104  * @label: label reference to put
105  *
106  * Should only be used with a reference obtained with
107  * begin_current_label_crit_section and never used in situations where the
108  * task cred may be updated
109  */
110 static inline void end_current_label_crit_section(struct aa_label *label)
111 {
112         if (label != aa_current_raw_label())
113                 aa_put_label(label);
114 }
115 
116 /**
117  * __begin_current_label_crit_section - current's confining label
118  *
119  * Returns: up to date confining label or the ns unconfined label (NOT NULL)
120  *
121  * safe to call inside locks
122  *
123  * The returned reference must be put with __end_current_label_crit_section()
124  * This must NOT be used if the task cred could be updated within the
125  * critical section between __begin_current_label_crit_section() ..
126  * __end_current_label_crit_section()
127  */
128 static inline struct aa_label *__begin_current_label_crit_section(void)
129 {
130         struct aa_label *label = aa_current_raw_label();
131 
132         if (label_is_stale(label))
133                 label = aa_get_newest_label(label);
134 
135         return label;
136 }
137 
138 /**
139  * begin_current_label_crit_section - current's confining label and update it
140  *
141  * Returns: up to date confining label or the ns unconfined label (NOT NULL)
142  *
143  * Not safe to call inside locks
144  *
145  * The returned reference must be put with end_current_label_crit_section()
146  * This must NOT be used if the task cred could be updated within the
147  * critical section between begin_current_label_crit_section() ..
148  * end_current_label_crit_section()
149  */
150 static inline struct aa_label *begin_current_label_crit_section(void)
151 {
152         struct aa_label *label = aa_current_raw_label();
153 
154         if (label_is_stale(label)) {
155                 label = aa_get_newest_label(label);
156                 if (aa_replace_current_label(label) == 0)
157                         /* task cred will keep the reference */
158                         aa_put_label(label);
159         }
160 
161         return label;
162 }
163 
164 static inline struct aa_ns *aa_get_current_ns(void)
165 {
166         struct aa_label *label;
167         struct aa_ns *ns;
168 
169         label  = __begin_current_label_crit_section();
170         ns = aa_get_ns(labels_ns(label));
171         __end_current_label_crit_section(label);
172 
173         return ns;
174 }
175 
176 #endif /* __AA_CONTEXT_H */
177 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp