TOMOYO: Abstract use of cred security blob

[linux-2.6-microblaze.git] / security / tomoyo / tomoyo.c

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index daff7d7..1586430 100644 (file)
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -18,7 +18,9 @@
  */
 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
 {
-       new->security = NULL;
+       struct tomoyo_domain_info **blob = tomoyo_cred(new);
+
+       *blob = NULL;
        return 0;
 }
 
@@ -34,8 +36,13 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
                               gfp_t gfp)
 {
-       struct tomoyo_domain_info *domain = old->security;
-       new->security = domain;
+       struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
+       struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
+       struct tomoyo_domain_info *domain;
+
+       domain = *old_blob;
+       *new_blob = domain;
+
        if (domain)
                atomic_inc(&domain->users);
        return 0;
@@ -59,7 +66,9 @@ static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
  */
 static void tomoyo_cred_free(struct cred *cred)
 {
-       struct tomoyo_domain_info *domain = cred->security;
+       struct tomoyo_domain_info **blob = tomoyo_cred(cred);
+       struct tomoyo_domain_info *domain = *blob;
+
        if (domain)
                atomic_dec(&domain->users);
 }
@@ -73,6 +82,9 @@ static void tomoyo_cred_free(struct cred *cred)
  */
 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 {
+       struct tomoyo_domain_info **blob;
+       struct tomoyo_domain_info *domain;
+
        /*
         * Do only if this function is called for the first time of an execve
         * operation.
@@ -93,13 +105,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
         * stored inside "bprm->cred->security" will be acquired later inside
         * tomoyo_find_next_domain().
         */
-       atomic_dec(&((struct tomoyo_domain_info *)
-                    bprm->cred->security)->users);
+       blob = tomoyo_cred(bprm->cred);
+       domain = *blob;
+       atomic_dec(&domain->users);
        /*
         * Tell tomoyo_bprm_check_security() is called for the first time of an
         * execve operation.
         */
-       bprm->cred->security = NULL;
+       *blob = NULL;
        return 0;
 }
 
@@ -112,8 +125,11 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
  */
 static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
 {
-       struct tomoyo_domain_info *domain = bprm->cred->security;
+       struct tomoyo_domain_info **blob;
+       struct tomoyo_domain_info *domain;
 
+       blob = tomoyo_cred(bprm->cred);
+       domain = *blob;
        /*
         * Execute permission is checked against pathname passed to do_execve()
         * using current domain.
@@ -531,6 +547,8 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
 /* Lock for GC. */
 DEFINE_SRCU(tomoyo_ss);
 
+int tomoyo_enabled __lsm_ro_after_init = 1;
+
 /**
  * tomoyo_init - Register TOMOYO Linux as a LSM module.
  *
@@ -539,17 +557,21 @@ DEFINE_SRCU(tomoyo_ss);
 static int __init tomoyo_init(void)
 {
        struct cred *cred = (struct cred *) current_cred();
+       struct tomoyo_domain_info **blob;
 
        /* register ourselves with the security framework */
        security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
        printk(KERN_INFO "TOMOYO Linux initialized\n");
-       cred->security = &tomoyo_kernel_domain;
+       blob = tomoyo_cred(cred);
+       *blob = &tomoyo_kernel_domain;
        tomoyo_mm_init();
+
        return 0;
 }
 
 DEFINE_LSM(tomoyo) = {
        .name = "tomoyo",
+       .enabled = &tomoyo_enabled,
        .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
        .init = tomoyo_init,
 };