tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor: rename SK_CTX() to aa_sock and make it an inline fn

In preparation for LSM stacking rework the macro to an inline fn

Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen 79ddd4a7 2516fde1

+16 -11
+5
security/apparmor/include/net.h
··· 52 52 }; 53 53 54 54 #define SK_CTX(X) ((X)->sk_security) 55 + static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) 56 + { 57 + return sk->sk_security; 58 + } 59 + 55 60 #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ 56 61 struct lsm_network_audit NAME ## _net = { .sk = (SK), \ 57 62 .family = (F)}; \
+11 -11
security/apparmor/lsm.c
··· 829 829 if (!ctx) 830 830 return -ENOMEM; 831 831 832 - SK_CTX(sk) = ctx; 832 + sk->sk_security = ctx; 833 833 834 834 return 0; 835 835 } ··· 839 839 */ 840 840 static void apparmor_sk_free_security(struct sock *sk) 841 841 { 842 - struct aa_sk_ctx *ctx = SK_CTX(sk); 842 + struct aa_sk_ctx *ctx = aa_sock(sk); 843 843 844 - SK_CTX(sk) = NULL; 844 + sk->sk_security = NULL; 845 845 aa_put_label(ctx->label); 846 846 aa_put_label(ctx->peer); 847 847 kfree(ctx); ··· 853 853 static void apparmor_sk_clone_security(const struct sock *sk, 854 854 struct sock *newsk) 855 855 { 856 - struct aa_sk_ctx *ctx = SK_CTX(sk); 857 - struct aa_sk_ctx *new = SK_CTX(newsk); 856 + struct aa_sk_ctx *ctx = aa_sock(sk); 857 + struct aa_sk_ctx *new = aa_sock(newsk); 858 858 859 859 if (new->label) 860 860 aa_put_label(new->label); ··· 907 907 label = aa_get_current_label(); 908 908 909 909 if (sock->sk) { 910 - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); 910 + struct aa_sk_ctx *ctx = aa_sock(sock->sk); 911 911 912 912 aa_put_label(ctx->label); 913 913 ctx->label = aa_get_label(label); ··· 1092 1092 */ 1093 1093 static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 1094 1094 { 1095 - struct aa_sk_ctx *ctx = SK_CTX(sk); 1095 + struct aa_sk_ctx *ctx = aa_sock(sk); 1096 1096 1097 1097 if (!skb->secmark) 1098 1098 return 0; ··· 1105 1105 1106 1106 static struct aa_label *sk_peer_label(struct sock *sk) 1107 1107 { 1108 - struct aa_sk_ctx *ctx = SK_CTX(sk); 1108 + struct aa_sk_ctx *ctx = aa_sock(sk); 1109 1109 1110 1110 if (ctx->peer) 1111 1111 return ctx->peer; ··· 1186 1186 */ 1187 1187 static void apparmor_sock_graft(struct sock *sk, struct socket *parent) 1188 1188 { 1189 - struct aa_sk_ctx *ctx = SK_CTX(sk); 1189 + struct aa_sk_ctx *ctx = aa_sock(sk); 1190 1190 1191 1191 if (!ctx->label) 1192 1192 ctx->label = aa_get_current_label(); ··· 1196 1196 static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, 1197 1197 struct request_sock *req) 1198 1198 { 1199 - struct aa_sk_ctx *ctx = SK_CTX(sk); 1199 + struct aa_sk_ctx *ctx = aa_sock(sk); 1200 1200 1201 1201 if (!skb->secmark) 1202 1202 return 0; ··· 1809 1809 if (sk == NULL) 1810 1810 return NF_ACCEPT; 1811 1811 1812 - ctx = SK_CTX(sk); 1812 + ctx = aa_sock(sk); 1813 1813 if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, 1814 1814 skb->secmark, sk)) 1815 1815 return NF_ACCEPT;