1
Index: b/security/apparmor/inline.h
2
===================================================================
3
--- a/security/apparmor/inline.h
4
+++ b/security/apparmor/inline.h
5
@@ -62,28 +62,21 @@ static inline struct aa_profile *aa_find
9
- * aa_switch_to_profile - change aa_task_context to use a new profile
10
+ * aa_change_profile - switch a task context to a new profile
11
* @cxt: aa_task_context to switch the profile on
12
- * @newactive: new profile (NULL for unconfined)
13
+ * @profile: new profile (NULL for unconfined)
14
* @hat_magic: hat value to switch to (0 for no hat)
16
- * aa_switch_to_profile handles the changing of a aa_task_context's profile
17
- * profile. The cxt_lock must be held to ensure consistency against
18
- * other writers. Some write paths (ex. aa_register) require
19
- * cxt->profile not to change over several operations, so the calling
20
- * function is responsible for grabbing the cxt_lock to meet its
21
- * consistency constraints before calling aa_switch_to_profile
23
-static inline void aa_switch_to_profile(struct aa_task_context *cxt,
24
- struct aa_profile *newactive,
27
+static inline void aa_change_profile(struct aa_task_context *cxt,
28
+ struct aa_profile *profile,
31
- struct aa_profile *old = cxt->profile;
32
+ struct aa_profile *old_profile = cxt->profile;
34
cxt->caps_logged = CAP_EMPTY_SET;
35
cxt->hat_magic = hat_magic;
36
- rcu_assign_pointer(cxt->profile, aa_dup_profile(newactive));
37
- aa_put_profile(old);
38
+ rcu_assign_pointer(cxt->profile, aa_dup_profile(profile));
39
+ aa_put_profile(old_profile);
43
Index: b/security/apparmor/lsm.c
44
===================================================================
45
--- a/security/apparmor/lsm.c
46
+++ b/security/apparmor/lsm.c
47
@@ -772,7 +772,7 @@ static void __exit apparmor_exit(void)
48
read_lock(&task_context_list_lock);
49
list_for_each_entry(cxt, &task_context_list, list) {
51
- aa_switch_to_profile(cxt, NULL, 0);
52
+ aa_change_profile(cxt, NULL, 0);
54
read_unlock(&task_context_list_lock);
55
spin_unlock_irqrestore(&cxt_lock, flags);
56
Index: b/security/apparmor/main.c
57
===================================================================
58
--- a/security/apparmor/main.c
59
+++ b/security/apparmor/main.c
60
@@ -759,7 +759,7 @@ int aa_fork(struct task_struct *task)
61
* he new task would end up with an obsolete profile.
63
spin_lock_irqsave(&cxt_lock, flags);
64
- aa_switch_to_profile(newcxt, cxt->profile, cxt->hat_magic);
65
+ aa_change_profile(newcxt, cxt->profile, cxt->hat_magic);
66
spin_unlock_irqrestore(&cxt_lock, flags);
68
if (APPARMOR_COMPLAIN(cxt) &&
69
@@ -999,7 +999,7 @@ repeat:
70
((unsigned long)bprm->security | bprm_flags);
73
- aa_switch_to_profile(cxt, newprofile, 0);
74
+ aa_change_profile(cxt, newprofile, 0);
76
if (complain && newprofile == null_complain_profile)
77
LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
78
@@ -1029,7 +1029,7 @@ cleanup:
79
* removing a profile from a aa_task_context. Once the aa_task_context has
80
* been removed from the aa_task_context_list, we are no longer racing other
81
* writers. There may still be other readers so we must still use
82
- * aa_switch_to_profile to put the aa_task_context's reference safely.
83
+ * aa_change_profile to put the aa_task_context's reference safely.
85
void aa_release(struct task_struct *task)
87
@@ -1038,7 +1038,7 @@ void aa_release(struct task_struct *task
88
task->security = NULL;
90
aa_task_context_list_remove(cxt);
91
- aa_switch_to_profile(cxt, NULL, 0);
92
+ aa_change_profile(cxt, NULL, 0);
96
@@ -1069,7 +1069,7 @@ static inline int do_change_hat(const ch
97
sub = __aa_find_profile(hat_name, &cxt->profile->parent->sub);
100
- aa_switch_to_profile(cxt, sub, hat_magic);
101
+ aa_change_profile(cxt, sub, hat_magic);
103
if (APPARMOR_COMPLAIN(cxt)) {
104
LOG_HINT(cxt->profile, GFP_ATOMIC, HINT_UNKNOWN_HAT,
105
@@ -1097,8 +1097,7 @@ static inline int do_change_hat(const ch
107
* In learning mode, this allows us to learn about new hats.
109
- aa_switch_to_profile(cxt, cxt->profile->null_profile,
111
+ aa_change_profile(cxt, cxt->profile->null_profile, hat_magic);
115
@@ -1186,8 +1185,7 @@ int aa_change_hat(const char *hat_name,
116
* Got here via changehat(NULL, magic)
117
* Return from subprofile, back to parent
119
- aa_switch_to_profile(cxt, cxt->profile->parent,
121
+ aa_change_profile(cxt, cxt->profile->parent, 0);
124
* Change to another (sibling) profile, and
125
Index: b/security/apparmor/module_interface.c
126
===================================================================
127
--- a/security/apparmor/module_interface.c
128
+++ b/security/apparmor/module_interface.c
129
@@ -61,10 +61,10 @@ static inline void task_replace(struct a
131
nactive = aa_dup_profile(new->null_profile);
133
- aa_switch_to_profile(cxt, nactive, cxt->hat_magic);
134
+ aa_change_profile(cxt, nactive, cxt->hat_magic);
135
aa_put_profile(nactive);
137
- aa_switch_to_profile(cxt, new, cxt->hat_magic);
138
+ aa_change_profile(cxt, new, cxt->hat_magic);
141
static inline int aa_inbounds(struct aa_ext *e, size_t size)
142
@@ -522,7 +522,7 @@ ssize_t aa_file_prof_remove(const char *
143
list_for_each_entry(cxt, &task_context_list, list) {
144
if (cxt->profile && cxt->profile->parent == profile) {
145
spin_lock(&cxt_lock);
146
- aa_switch_to_profile(cxt, NULL, 0);
147
+ aa_change_profile(cxt, NULL, 0);
148
spin_unlock(&cxt_lock);
151
Index: b/security/apparmor/procattr.c
152
===================================================================
153
--- a/security/apparmor/procattr.c
154
+++ b/security/apparmor/procattr.c
155
@@ -235,7 +235,7 @@ int aa_setprocattr_setprofile(struct tas
156
cxt->profile->parent->name,
159
- aa_switch_to_profile(cxt, NULL, 0);
160
+ aa_change_profile(cxt, NULL, 0);
162
AA_WARN("%s: task %s(%d) "
163
"is already unconstrained\n",
164
@@ -308,7 +308,7 @@ int aa_setprocattr_setprofile(struct tas
165
cxt->profile ? cxt->profile->name : "unconstrained",
168
- aa_switch_to_profile(cxt, profile, 0);
169
+ aa_change_profile(cxt, profile, 0);
170
aa_put_profile(profile);