selinux: rename the cred_security_struct variables to "crsec"

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Along with the renaming from task_security_struct to cred_security_struct,
rename the local variables to "crsec" from "tsec". This both fits with
existing conventions and helps distinguish between task and cred related
variables.

No functional changes.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 4 months ago 3ded250b dde3a5d0

+117 -117

2 changed files

expand all

security

selinux

hooks.c

include

objsec.h

+115 -115

security/selinux/hooks.c

··· 210 210 */ 211 211 static void cred_init_security(void) 212 212 { 213 - struct cred_security_struct *tsec; 213 + struct cred_security_struct *crsec; 214 214 215 215 /* NOTE: the lsm framework zeros out the buffer on allocation */ 216 216 217 - tsec = selinux_cred(unrcu_pointer(current->real_cred)); 218 - tsec->osid = tsec->sid = SECINITSID_KERNEL; 217 + crsec = selinux_cred(unrcu_pointer(current->real_cred)); 218 + crsec->osid = crsec->sid = SECINITSID_KERNEL; 219 219 } 220 220 221 221 /* ··· 223 223 */ 224 224 static inline u32 cred_sid(const struct cred *cred) 225 225 { 226 - const struct cred_security_struct *tsec; 226 + const struct cred_security_struct *crsec; 227 227 228 - tsec = selinux_cred(cred); 229 - return tsec->sid; 228 + crsec = selinux_cred(cred); 229 + return crsec->sid; 230 230 } 231 231 232 232 static void __ad_net_init(struct common_audit_data *ad, ··· 437 437 struct superblock_security_struct *sbsec, 438 438 const struct cred *cred) 439 439 { 440 - const struct cred_security_struct *tsec = selinux_cred(cred); 440 + const struct cred_security_struct *crsec = selinux_cred(cred); 441 441 int rc; 442 442 443 - rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 443 + rc = avc_has_perm(crsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 444 444 FILESYSTEM__RELABELFROM, NULL); 445 445 if (rc) 446 446 return rc; 447 447 448 - rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, 448 + rc = avc_has_perm(crsec->sid, sid, SECCLASS_FILESYSTEM, 449 449 FILESYSTEM__RELABELTO, NULL); 450 450 return rc; 451 451 } ··· 454 454 struct superblock_security_struct *sbsec, 455 455 const struct cred *cred) 456 456 { 457 - const struct cred_security_struct *tsec = selinux_cred(cred); 457 + const struct cred_security_struct *crsec = selinux_cred(cred); 458 458 int rc; 459 - rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 459 + rc = avc_has_perm(crsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 460 460 FILESYSTEM__RELABELFROM, NULL); 461 461 if (rc) 462 462 return rc; ··· 1788 1788 * Determine the label for an inode that might be unioned. 1789 1789 */ 1790 1790 static int 1791 - selinux_determine_inode_label(const struct cred_security_struct *tsec, 1791 + selinux_determine_inode_label(const struct cred_security_struct *crsec, 1792 1792 struct inode *dir, 1793 1793 const struct qstr *name, u16 tclass, 1794 1794 u32 *_new_isid) ··· 1800 1800 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { 1801 1801 *_new_isid = sbsec->mntpoint_sid; 1802 1802 } else if ((sbsec->flags & SBLABEL_MNT) && 1803 - tsec->create_sid) { 1804 - *_new_isid = tsec->create_sid; 1803 + crsec->create_sid) { 1804 + *_new_isid = crsec->create_sid; 1805 1805 } else { 1806 1806 const struct inode_security_struct *dsec = inode_security(dir); 1807 - return security_transition_sid(tsec->sid, 1807 + return security_transition_sid(crsec->sid, 1808 1808 dsec->sid, tclass, 1809 1809 name, _new_isid); 1810 1810 } ··· 1817 1817 struct dentry *dentry, 1818 1818 u16 tclass) 1819 1819 { 1820 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 1820 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 1821 1821 struct inode_security_struct *dsec; 1822 1822 struct superblock_security_struct *sbsec; 1823 1823 u32 sid, newsid; ··· 1827 1827 dsec = inode_security(dir); 1828 1828 sbsec = selinux_superblock(dir->i_sb); 1829 1829 1830 - sid = tsec->sid; 1830 + sid = crsec->sid; 1831 1831 1832 1832 ad.type = LSM_AUDIT_DATA_DENTRY; 1833 1833 ad.u.dentry = dentry; ··· 1838 1838 if (rc) 1839 1839 return rc; 1840 1840 1841 - rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass, 1841 + rc = selinux_determine_inode_label(crsec, dir, &dentry->d_name, tclass, 1842 1842 &newsid); 1843 1843 if (rc) 1844 1844 return rc; ··· 2251 2251 } 2252 2252 2253 2253 static int check_nnp_nosuid(const struct linux_binprm *bprm, 2254 - const struct cred_security_struct *old_tsec, 2255 - const struct cred_security_struct *new_tsec) 2254 + const struct cred_security_struct *old_crsec, 2255 + const struct cred_security_struct *new_crsec) 2256 2256 { 2257 2257 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); 2258 2258 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt); ··· 2262 2262 if (!nnp && !nosuid) 2263 2263 return 0; /* neither NNP nor nosuid */ 2264 2264 2265 - if (new_tsec->sid == old_tsec->sid) 2265 + if (new_crsec->sid == old_crsec->sid) 2266 2266 return 0; /* No change in credentials */ 2267 2267 2268 2268 /* ··· 2277 2277 av |= PROCESS2__NNP_TRANSITION; 2278 2278 if (nosuid) 2279 2279 av |= PROCESS2__NOSUID_TRANSITION; 2280 - rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2280 + rc = avc_has_perm(old_crsec->sid, new_crsec->sid, 2281 2281 SECCLASS_PROCESS2, av, NULL); 2282 2282 if (!rc) 2283 2283 return 0; ··· 2288 2288 * i.e. SIDs that are guaranteed to only be allowed a subset 2289 2289 * of the permissions of the current SID. 2290 2290 */ 2291 - rc = security_bounded_transition(old_tsec->sid, 2292 - new_tsec->sid); 2291 + rc = security_bounded_transition(old_crsec->sid, 2292 + new_crsec->sid); 2293 2293 if (!rc) 2294 2294 return 0; 2295 2295 ··· 2305 2305 2306 2306 static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm) 2307 2307 { 2308 - const struct cred_security_struct *old_tsec; 2309 - struct cred_security_struct *new_tsec; 2308 + const struct cred_security_struct *old_crsec; 2309 + struct cred_security_struct *new_crsec; 2310 2310 struct inode_security_struct *isec; 2311 2311 struct common_audit_data ad; 2312 2312 struct inode *inode = file_inode(bprm->file); ··· 2315 2315 /* SELinux context only depends on initial program or script and not 2316 2316 * the script interpreter */ 2317 2317 2318 - old_tsec = selinux_cred(current_cred()); 2319 - new_tsec = selinux_cred(bprm->cred); 2318 + old_crsec = selinux_cred(current_cred()); 2319 + new_crsec = selinux_cred(bprm->cred); 2320 2320 isec = inode_security(inode); 2321 2321 2322 2322 /* Default to the current task SID. */ 2323 - new_tsec->sid = old_tsec->sid; 2324 - new_tsec->osid = old_tsec->sid; 2323 + new_crsec->sid = old_crsec->sid; 2324 + new_crsec->osid = old_crsec->sid; 2325 2325 2326 2326 /* Reset fs, key, and sock SIDs on execve. */ 2327 - new_tsec->create_sid = 0; 2328 - new_tsec->keycreate_sid = 0; 2329 - new_tsec->sockcreate_sid = 0; 2327 + new_crsec->create_sid = 0; 2328 + new_crsec->keycreate_sid = 0; 2329 + new_crsec->sockcreate_sid = 0; 2330 2330 2331 2331 /* 2332 2332 * Before policy is loaded, label any task outside kernel space ··· 2335 2335 * (if the policy chooses to set SECINITSID_INIT != SECINITSID_KERNEL). 2336 2336 */ 2337 2337 if (!selinux_initialized()) { 2338 - new_tsec->sid = SECINITSID_INIT; 2338 + new_crsec->sid = SECINITSID_INIT; 2339 2339 /* also clear the exec_sid just in case */ 2340 - new_tsec->exec_sid = 0; 2340 + new_crsec->exec_sid = 0; 2341 2341 return 0; 2342 2342 } 2343 2343 2344 - if (old_tsec->exec_sid) { 2345 - new_tsec->sid = old_tsec->exec_sid; 2344 + if (old_crsec->exec_sid) { 2345 + new_crsec->sid = old_crsec->exec_sid; 2346 2346 /* Reset exec SID on execve. */ 2347 - new_tsec->exec_sid = 0; 2347 + new_crsec->exec_sid = 0; 2348 2348 2349 2349 /* Fail on NNP or nosuid if not an allowed transition. */ 2350 - rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2350 + rc = check_nnp_nosuid(bprm, old_crsec, new_crsec); 2351 2351 if (rc) 2352 2352 return rc; 2353 2353 } else { 2354 2354 /* Check for a default transition on this program. */ 2355 - rc = security_transition_sid(old_tsec->sid, 2355 + rc = security_transition_sid(old_crsec->sid, 2356 2356 isec->sid, SECCLASS_PROCESS, NULL, 2357 - &new_tsec->sid); 2357 + &new_crsec->sid); 2358 2358 if (rc) 2359 2359 return rc; 2360 2360 ··· 2362 2362 * Fallback to old SID on NNP or nosuid if not an allowed 2363 2363 * transition. 2364 2364 */ 2365 - rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2365 + rc = check_nnp_nosuid(bprm, old_crsec, new_crsec); 2366 2366 if (rc) 2367 - new_tsec->sid = old_tsec->sid; 2367 + new_crsec->sid = old_crsec->sid; 2368 2368 } 2369 2369 2370 2370 ad.type = LSM_AUDIT_DATA_FILE; 2371 2371 ad.u.file = bprm->file; 2372 2372 2373 - if (new_tsec->sid == old_tsec->sid) { 2374 - rc = avc_has_perm(old_tsec->sid, isec->sid, 2373 + if (new_crsec->sid == old_crsec->sid) { 2374 + rc = avc_has_perm(old_crsec->sid, isec->sid, 2375 2375 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2376 2376 if (rc) 2377 2377 return rc; 2378 2378 } else { 2379 2379 /* Check permissions for the transition. */ 2380 - rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2380 + rc = avc_has_perm(old_crsec->sid, new_crsec->sid, 2381 2381 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2382 2382 if (rc) 2383 2383 return rc; 2384 2384 2385 - rc = avc_has_perm(new_tsec->sid, isec->sid, 2385 + rc = avc_has_perm(new_crsec->sid, isec->sid, 2386 2386 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2387 2387 if (rc) 2388 2388 return rc; 2389 2389 2390 2390 /* Check for shared state */ 2391 2391 if (bprm->unsafe & LSM_UNSAFE_SHARE) { 2392 - rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2392 + rc = avc_has_perm(old_crsec->sid, new_crsec->sid, 2393 2393 SECCLASS_PROCESS, PROCESS__SHARE, 2394 2394 NULL); 2395 2395 if (rc) ··· 2401 2401 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 2402 2402 u32 ptsid = ptrace_parent_sid(); 2403 2403 if (ptsid != 0) { 2404 - rc = avc_has_perm(ptsid, new_tsec->sid, 2404 + rc = avc_has_perm(ptsid, new_crsec->sid, 2405 2405 SECCLASS_PROCESS, 2406 2406 PROCESS__PTRACE, NULL); 2407 2407 if (rc) ··· 2415 2415 /* Enable secure mode for SIDs transitions unless 2416 2416 the noatsecure permission is granted between 2417 2417 the two SIDs, i.e. ahp returns 0. */ 2418 - rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2418 + rc = avc_has_perm(old_crsec->sid, new_crsec->sid, 2419 2419 SECCLASS_PROCESS, PROCESS__NOATSECURE, 2420 2420 NULL); 2421 2421 bprm->secureexec |= !!rc; ··· 2483 2483 */ 2484 2484 static void selinux_bprm_committing_creds(const struct linux_binprm *bprm) 2485 2485 { 2486 - struct cred_security_struct *new_tsec; 2486 + struct cred_security_struct *new_crsec; 2487 2487 struct rlimit *rlim, *initrlim; 2488 2488 int rc, i; 2489 2489 2490 - new_tsec = selinux_cred(bprm->cred); 2491 - if (new_tsec->sid == new_tsec->osid) 2490 + new_crsec = selinux_cred(bprm->cred); 2491 + if (new_crsec->sid == new_crsec->osid) 2492 2492 return; 2493 2493 2494 2494 /* Close files for which the new task SID is not authorized. */ ··· 2507 2507 * higher than the default soft limit for cases where the default is 2508 2508 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. 2509 2509 */ 2510 - rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, 2510 + rc = avc_has_perm(new_crsec->osid, new_crsec->sid, SECCLASS_PROCESS, 2511 2511 PROCESS__RLIMITINH, NULL); 2512 2512 if (rc) { 2513 2513 /* protect against do_prlimit() */ ··· 2529 2529 */ 2530 2530 static void selinux_bprm_committed_creds(const struct linux_binprm *bprm) 2531 2531 { 2532 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 2532 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 2533 2533 u32 osid, sid; 2534 2534 int rc; 2535 2535 2536 - osid = tsec->osid; 2537 - sid = tsec->sid; 2536 + osid = crsec->osid; 2537 + sid = crsec->sid; 2538 2538 2539 2539 if (sid == osid) 2540 2540 return; ··· 2911 2911 { 2912 2912 u32 newsid; 2913 2913 int rc; 2914 - struct cred_security_struct *tsec; 2914 + struct cred_security_struct *crsec; 2915 2915 2916 2916 rc = selinux_determine_inode_label(selinux_cred(old), 2917 2917 d_inode(dentry->d_parent), name, ··· 2920 2920 if (rc) 2921 2921 return rc; 2922 2922 2923 - tsec = selinux_cred(new); 2924 - tsec->create_sid = newsid; 2923 + crsec = selinux_cred(new); 2924 + crsec->create_sid = newsid; 2925 2925 return 0; 2926 2926 } 2927 2927 ··· 2929 2929 const struct qstr *qstr, 2930 2930 struct xattr *xattrs, int *xattr_count) 2931 2931 { 2932 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 2932 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 2933 2933 struct superblock_security_struct *sbsec; 2934 2934 struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); 2935 2935 u32 newsid, clen; ··· 2939 2939 2940 2940 sbsec = selinux_superblock(dir->i_sb); 2941 2941 2942 - newsid = tsec->create_sid; 2942 + newsid = crsec->create_sid; 2943 2943 newsclass = inode_mode_to_security_class(inode->i_mode); 2944 - rc = selinux_determine_inode_label(tsec, dir, qstr, newsclass, &newsid); 2944 + rc = selinux_determine_inode_label(crsec, dir, qstr, newsclass, &newsid); 2945 2945 if (rc) 2946 2946 return rc; 2947 2947 ··· 3660 3660 static int selinux_inode_copy_up(struct dentry *src, struct cred **new) 3661 3661 { 3662 3662 struct lsm_prop prop; 3663 - struct cred_security_struct *tsec; 3663 + struct cred_security_struct *crsec; 3664 3664 struct cred *new_creds = *new; 3665 3665 3666 3666 if (new_creds == NULL) { ··· 3669 3669 return -ENOMEM; 3670 3670 } 3671 3671 3672 - tsec = selinux_cred(new_creds); 3672 + crsec = selinux_cred(new_creds); 3673 3673 /* Get label from overlay inode and set it in create_sid */ 3674 3674 selinux_inode_getlsmprop(d_inode(src), &prop); 3675 - tsec->create_sid = prop.selinux.secid; 3675 + crsec->create_sid = prop.selinux.secid; 3676 3676 *new = new_creds; 3677 3677 return 0; 3678 3678 } ··· 3698 3698 static int selinux_kernfs_init_security(struct kernfs_node *kn_dir, 3699 3699 struct kernfs_node *kn) 3700 3700 { 3701 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 3701 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 3702 3702 u32 parent_sid, newsid, clen; 3703 3703 int rc; 3704 3704 char *context; ··· 3726 3726 if (rc) 3727 3727 return rc; 3728 3728 3729 - if (tsec->create_sid) { 3730 - newsid = tsec->create_sid; 3729 + if (crsec->create_sid) { 3730 + newsid = crsec->create_sid; 3731 3731 } else { 3732 3732 u16 secclass = inode_mode_to_security_class(kn->mode); 3733 3733 const char *kn_name; ··· 3738 3738 q.name = kn_name; 3739 3739 q.hash_len = hashlen_string(kn_dir, kn_name); 3740 3740 3741 - rc = security_transition_sid(tsec->sid, 3741 + rc = security_transition_sid(crsec->sid, 3742 3742 parent_sid, secclass, &q, 3743 3743 &newsid); 3744 3744 if (rc) ··· 4165 4165 static int selinux_cred_prepare(struct cred *new, const struct cred *old, 4166 4166 gfp_t gfp) 4167 4167 { 4168 - const struct cred_security_struct *old_tsec = selinux_cred(old); 4169 - struct cred_security_struct *tsec = selinux_cred(new); 4168 + const struct cred_security_struct *old_crsec = selinux_cred(old); 4169 + struct cred_security_struct *crsec = selinux_cred(new); 4170 4170 4171 - *tsec = *old_tsec; 4171 + *crsec = *old_crsec; 4172 4172 return 0; 4173 4173 } 4174 4174 ··· 4177 4177 */ 4178 4178 static void selinux_cred_transfer(struct cred *new, const struct cred *old) 4179 4179 { 4180 - const struct cred_security_struct *old_tsec = selinux_cred(old); 4181 - struct cred_security_struct *tsec = selinux_cred(new); 4180 + const struct cred_security_struct *old_crsec = selinux_cred(old); 4181 + struct cred_security_struct *crsec = selinux_cred(new); 4182 4182 4183 - *tsec = *old_tsec; 4183 + *crsec = *old_crsec; 4184 4184 } 4185 4185 4186 4186 static void selinux_cred_getsecid(const struct cred *c, u32 *secid) ··· 4199 4199 */ 4200 4200 static int selinux_kernel_act_as(struct cred *new, u32 secid) 4201 4201 { 4202 - struct cred_security_struct *tsec = selinux_cred(new); 4202 + struct cred_security_struct *crsec = selinux_cred(new); 4203 4203 u32 sid = current_sid(); 4204 4204 int ret; 4205 4205 ··· 4208 4208 KERNEL_SERVICE__USE_AS_OVERRIDE, 4209 4209 NULL); 4210 4210 if (ret == 0) { 4211 - tsec->sid = secid; 4212 - tsec->create_sid = 0; 4213 - tsec->keycreate_sid = 0; 4214 - tsec->sockcreate_sid = 0; 4211 + crsec->sid = secid; 4212 + crsec->create_sid = 0; 4213 + crsec->keycreate_sid = 0; 4214 + crsec->sockcreate_sid = 0; 4215 4215 } 4216 4216 return ret; 4217 4217 } ··· 4223 4223 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) 4224 4224 { 4225 4225 struct inode_security_struct *isec = inode_security(inode); 4226 - struct cred_security_struct *tsec = selinux_cred(new); 4226 + struct cred_security_struct *crsec = selinux_cred(new); 4227 4227 u32 sid = current_sid(); 4228 4228 int ret; 4229 4229 ··· 4233 4233 NULL); 4234 4234 4235 4235 if (ret == 0) 4236 - tsec->create_sid = isec->sid; 4236 + crsec->create_sid = isec->sid; 4237 4237 return ret; 4238 4238 } 4239 4239 ··· 4748 4748 4749 4749 /* socket security operations */ 4750 4750 4751 - static int socket_sockcreate_sid(const struct cred_security_struct *tsec, 4751 + static int socket_sockcreate_sid(const struct cred_security_struct *crsec, 4752 4752 u16 secclass, u32 *socksid) 4753 4753 { 4754 - if (tsec->sockcreate_sid > SECSID_NULL) { 4755 - *socksid = tsec->sockcreate_sid; 4754 + if (crsec->sockcreate_sid > SECSID_NULL) { 4755 + *socksid = crsec->sockcreate_sid; 4756 4756 return 0; 4757 4757 } 4758 4758 4759 - return security_transition_sid(tsec->sid, tsec->sid, 4759 + return security_transition_sid(crsec->sid, crsec->sid, 4760 4760 secclass, NULL, socksid); 4761 4761 } 4762 4762 ··· 4801 4801 static int selinux_socket_create(int family, int type, 4802 4802 int protocol, int kern) 4803 4803 { 4804 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 4804 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 4805 4805 u32 newsid; 4806 4806 u16 secclass; 4807 4807 int rc; ··· 4810 4810 return 0; 4811 4811 4812 4812 secclass = socket_type_to_security_class(family, type, protocol); 4813 - rc = socket_sockcreate_sid(tsec, secclass, &newsid); 4813 + rc = socket_sockcreate_sid(crsec, secclass, &newsid); 4814 4814 if (rc) 4815 4815 return rc; 4816 4816 4817 - return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); 4817 + return avc_has_perm(crsec->sid, newsid, secclass, SOCKET__CREATE, NULL); 4818 4818 } 4819 4819 4820 4820 static int selinux_socket_post_create(struct socket *sock, int family, 4821 4821 int type, int protocol, int kern) 4822 4822 { 4823 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 4823 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 4824 4824 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); 4825 4825 struct sk_security_struct *sksec; 4826 4826 u16 sclass = socket_type_to_security_class(family, type, protocol); ··· 4828 4828 int err = 0; 4829 4829 4830 4830 if (!kern) { 4831 - err = socket_sockcreate_sid(tsec, sclass, &sid); 4831 + err = socket_sockcreate_sid(crsec, sclass, &sid); 4832 4832 if (err) 4833 4833 return err; 4834 4834 } ··· 6530 6530 static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p, 6531 6531 char **value) 6532 6532 { 6533 - const struct cred_security_struct *tsec; 6533 + const struct cred_security_struct *crsec; 6534 6534 int error; 6535 6535 u32 sid; 6536 6536 u32 len; 6537 6537 6538 6538 rcu_read_lock(); 6539 - tsec = selinux_cred(__task_cred(p)); 6539 + crsec = selinux_cred(__task_cred(p)); 6540 6540 if (p != current) { 6541 - error = avc_has_perm(current_sid(), tsec->sid, 6541 + error = avc_has_perm(current_sid(), crsec->sid, 6542 6542 SECCLASS_PROCESS, PROCESS__GETATTR, NULL); 6543 6543 if (error) 6544 6544 goto err_unlock; 6545 6545 } 6546 6546 switch (attr) { 6547 6547 case LSM_ATTR_CURRENT: 6548 - sid = tsec->sid; 6548 + sid = crsec->sid; 6549 6549 break; 6550 6550 case LSM_ATTR_PREV: 6551 - sid = tsec->osid; 6551 + sid = crsec->osid; 6552 6552 break; 6553 6553 case LSM_ATTR_EXEC: 6554 - sid = tsec->exec_sid; 6554 + sid = crsec->exec_sid; 6555 6555 break; 6556 6556 case LSM_ATTR_FSCREATE: 6557 - sid = tsec->create_sid; 6557 + sid = crsec->create_sid; 6558 6558 break; 6559 6559 case LSM_ATTR_KEYCREATE: 6560 - sid = tsec->keycreate_sid; 6560 + sid = crsec->keycreate_sid; 6561 6561 break; 6562 6562 case LSM_ATTR_SOCKCREATE: 6563 - sid = tsec->sockcreate_sid; 6563 + sid = crsec->sockcreate_sid; 6564 6564 break; 6565 6565 default: 6566 6566 error = -EOPNOTSUPP; ··· 6585 6585 6586 6586 static int selinux_lsm_setattr(u64 attr, void *value, size_t size) 6587 6587 { 6588 - struct cred_security_struct *tsec; 6588 + struct cred_security_struct *crsec; 6589 6589 struct cred *new; 6590 6590 u32 mysid = current_sid(), sid = 0, ptsid; 6591 6591 int error; ··· 6671 6671 operation. See selinux_bprm_creds_for_exec for the execve 6672 6672 checks and may_create for the file creation checks. The 6673 6673 operation will then fail if the context is not permitted. */ 6674 - tsec = selinux_cred(new); 6674 + crsec = selinux_cred(new); 6675 6675 if (attr == LSM_ATTR_EXEC) { 6676 - tsec->exec_sid = sid; 6676 + crsec->exec_sid = sid; 6677 6677 } else if (attr == LSM_ATTR_FSCREATE) { 6678 - tsec->create_sid = sid; 6678 + crsec->create_sid = sid; 6679 6679 } else if (attr == LSM_ATTR_KEYCREATE) { 6680 6680 if (sid) { 6681 6681 error = avc_has_perm(mysid, sid, ··· 6683 6683 if (error) 6684 6684 goto abort_change; 6685 6685 } 6686 - tsec->keycreate_sid = sid; 6686 + crsec->keycreate_sid = sid; 6687 6687 } else if (attr == LSM_ATTR_SOCKCREATE) { 6688 - tsec->sockcreate_sid = sid; 6688 + crsec->sockcreate_sid = sid; 6689 6689 } else if (attr == LSM_ATTR_CURRENT) { 6690 6690 error = -EINVAL; 6691 6691 if (sid == 0) 6692 6692 goto abort_change; 6693 6693 6694 6694 if (!current_is_single_threaded()) { 6695 - error = security_bounded_transition(tsec->sid, sid); 6695 + error = security_bounded_transition(crsec->sid, sid); 6696 6696 if (error) 6697 6697 goto abort_change; 6698 6698 } 6699 6699 6700 6700 /* Check permissions for the transition. */ 6701 - error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 6701 + error = avc_has_perm(crsec->sid, sid, SECCLASS_PROCESS, 6702 6702 PROCESS__DYNTRANSITION, NULL); 6703 6703 if (error) 6704 6704 goto abort_change; ··· 6713 6713 goto abort_change; 6714 6714 } 6715 6715 6716 - tsec->sid = sid; 6716 + crsec->sid = sid; 6717 6717 } else { 6718 6718 error = -EINVAL; 6719 6719 goto abort_change; ··· 6880 6880 static int selinux_key_alloc(struct key *k, const struct cred *cred, 6881 6881 unsigned long flags) 6882 6882 { 6883 - const struct cred_security_struct *tsec; 6883 + const struct cred_security_struct *crsec; 6884 6884 struct key_security_struct *ksec = selinux_key(k); 6885 6885 6886 - tsec = selinux_cred(cred); 6887 - if (tsec->keycreate_sid) 6888 - ksec->sid = tsec->keycreate_sid; 6886 + crsec = selinux_cred(cred); 6887 + if (crsec->keycreate_sid) 6888 + ksec->sid = crsec->keycreate_sid; 6889 6889 else 6890 - ksec->sid = tsec->sid; 6890 + ksec->sid = crsec->sid; 6891 6891 6892 6892 return 0; 6893 6893 }

+2 -2

security/selinux/include/objsec.h

··· 217 217 */ 218 218 static inline u32 current_sid(void) 219 219 { 220 - const struct cred_security_struct *tsec = selinux_cred(current_cred()); 220 + const struct cred_security_struct *crsec = selinux_cred(current_cred()); 221 221 222 - return tsec->sid; 222 + return crsec->sid; 223 223 } 224 224 225 225 static inline struct superblock_security_struct *