/* Allocate and free functions for each kind of security blob. */
-static int task_alloc_security(struct task_struct *task)
+static int cred_alloc_security(struct cred *cred)
{
struct task_security_struct *tsec;
return -ENOMEM;
tsec->osid = tsec->sid = SECINITSID_UNLABELED;
- task->cred->security = tsec;
+ cred->security = tsec;
return 0;
}
-static void task_free_security(struct task_struct *task)
-{
- struct task_security_struct *tsec = task->cred->security;
- task->cred->security = NULL;
- kfree(tsec);
-}
-
static int inode_alloc_security(struct inode *inode)
{
struct task_security_struct *tsec = current->cred->security;
return task_has_perm(current, current, PROCESS__FORK);
}
-static int selinux_task_alloc_security(struct task_struct *tsk)
+static int selinux_cred_alloc_security(struct cred *cred)
{
struct task_security_struct *tsec1, *tsec2;
int rc;
tsec1 = current->cred->security;
- rc = task_alloc_security(tsk);
+ rc = cred_alloc_security(cred);
if (rc)
return rc;
- tsec2 = tsk->cred->security;
+ tsec2 = cred->security;
tsec2->osid = tsec1->osid;
tsec2->sid = tsec1->sid;
return 0;
}
-static void selinux_task_free_security(struct task_struct *tsk)
+/*
+ * detach and free the LSM part of a set of credentials
+ */
+static void selinux_cred_free(struct cred *cred)
{
- task_free_security(tsk);
+ struct task_security_struct *tsec = cred->security;
+ cred->security = NULL;
+ kfree(tsec);
}
static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
.dentry_open = selinux_dentry_open,
.task_create = selinux_task_create,
- .task_alloc_security = selinux_task_alloc_security,
- .task_free_security = selinux_task_free_security,
+ .cred_alloc_security = selinux_cred_alloc_security,
+ .cred_free = selinux_cred_free,
.task_setuid = selinux_task_setuid,
.task_post_setuid = selinux_task_post_setuid,
.task_setgid = selinux_task_setgid,
printk(KERN_INFO "SELinux: Initializing.\n");
/* Set the security state for the initial task. */
- if (task_alloc_security(current))
+ if (cred_alloc_security(current->cred))
panic("SELinux: Failed to initialize initial task.\n");
tsec = current->cred->security;
tsec->osid = tsec->sid = SECINITSID_KERNEL;