apparmor: use common fn to clear task_context for domain transitions
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 611e6ce..3f911af 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -105,16 +105,12 @@
return -ENOMEM;
cxt = new->security;
- if (unconfined(profile) || (cxt->profile->ns != profile->ns)) {
+ if (unconfined(profile) || (cxt->profile->ns != profile->ns))
/* if switching to unconfined or a different profile namespace
* clear out context state
*/
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
- cxt->previous = NULL;
- cxt->onexec = NULL;
- cxt->token = 0;
- }
+ aa_clear_task_cxt_trans(cxt);
+
/* be careful switching cxt->profile, when racing replacement it
* is possible that cxt->profile->replacedby is the reference keeping
* @profile valid, so make sure to get its reference before dropping
@@ -222,11 +218,10 @@
aa_get_profile(cxt->profile);
aa_put_profile(cxt->previous);
}
- /* clear exec && prev information when restoring to previous context */
+ /* ref has been transfered so avoid putting ref in clear_task_cxt */
cxt->previous = NULL;
- cxt->token = 0;
- aa_put_profile(cxt->onexec);
- cxt->onexec = NULL;
+ /* clear exec && prev information when restoring to previous context */
+ aa_clear_task_cxt_trans(cxt);
commit_creds(new);
return 0;
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index fb47d5b..07fcb09 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -512,11 +512,7 @@
cxt->profile = new_profile;
/* clear out all temporary/transitional state from the context */
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
- cxt->previous = NULL;
- cxt->onexec = NULL;
- cxt->token = 0;
+ aa_clear_task_cxt_trans(cxt);
audit:
error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 1e9443a..4cecad3 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -160,4 +160,17 @@
return profile;
}
+/**
+ * aa_clear_task_cxt_trans - clear transition tracking info from the cxt
+ * @cxt: task context to clear (NOT NULL)
+ */
+static inline void aa_clear_task_cxt_trans(struct aa_task_cxt *cxt)
+{
+ aa_put_profile(cxt->previous);
+ aa_put_profile(cxt->onexec);
+ cxt->previous = NULL;
+ cxt->onexec = NULL;
+ cxt->token = 0;
+}
+
#endif /* __AA_CONTEXT_H */