Re: [PATCH] APPARMOR: code cleanup on context.h

From: John Johansen <john.johansen@canonical.com>
To: wzt wzt <wzt.wzt@gmail.com>
Cc: linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH] APPARMOR: code cleanup on context.h
Date: Mon, 15 Nov 2010 16:25:44 -0800	[thread overview]
Message-ID: <4CE1CF88.2090702@canonical.com> (raw)
In-Reply-To: <AANLkTikrdQw1h=efa7EtnXCbQ5APT0PtWdaCUA83T5pN@mail.gmail.com>

On 11/15/2010 03:29 PM, wzt wzt wrote:
> hi, john, any comments?
> 
Hi, yes sorry I am just trying to dig my self out from under a 4 day weekend :)

ACK, I am going to add it to the apparmor tree tonight once I finish cleaning the
tree up and push, and it will be included in the next pull request to security.

thanks
john

> On Sat, Nov 13, 2010 at 10:34 AM,  <wzt.wzt@gmail.com> wrote:
>> Use current api to replace old codes.
>>
>> Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
>>
>> ---
>>  security/apparmor/include/context.h |   34 +++++++++++++++-------------------
>>  1 files changed, 15 insertions(+), 19 deletions(-)
>>
>> diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
>> index a9cbee4..c9112f3 100644
>> --- a/security/apparmor/include/context.h
>> +++ b/security/apparmor/include/context.h
>> @@ -82,23 +82,6 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token);
>>  int aa_restore_previous_profile(u64 cookie);
>>
>>  /**
>> - * __aa_task_is_confined - determine if @task has any confinement
>> - * @task: task to check confinement of  (NOT NULL)
>> - *
>> - * If @task != current needs to be called in RCU safe critical section
>> - */
>> -static inline bool __aa_task_is_confined(struct task_struct *task)
>> -{
>> -       struct aa_task_cxt *cxt = __task_cred(task)->security;
>> -
>> -       BUG_ON(!cxt || !cxt->profile);
>> -       if (unconfined(aa_newest_version(cxt->profile)))
>> -               return 0;
>> -
>> -       return 1;
>> -}
>> -
>> -/**
>>  * aa_cred_profile - obtain cred's profiles
>>  * @cred: cred to obtain profiles from  (NOT NULL)
>>  *
>> @@ -138,9 +121,8 @@ static inline struct aa_profile *aa_current_profile(void)
>>  {
>>        const struct aa_task_cxt *cxt = current_cred()->security;
>>        struct aa_profile *profile;
>> -       BUG_ON(!cxt || !cxt->profile);
>>
>> -       profile = aa_newest_version(cxt->profile);
>> +       profile = __aa_current_profile();
>>        /*
>>         * Whether or not replacement succeeds, use newest profile so
>>         * there is no need to update it after replacement.
>> @@ -151,4 +133,18 @@ static inline struct aa_profile *aa_current_profile(void)
>>        return profile;
>>  }
>>
>> +/**
>> + * __aa_task_is_confined - determine if @task has any confinement
>> + * @task: task to check confinement of  (NOT NULL)
>> + *
>> + * If @task != current needs to be called in RCU safe critical section
>> + */
>> +static inline bool __aa_task_is_confined(struct task_struct *task)
>> +{
>> +       if (unconfined(aa_cred_profile(__task_cred(task))))
>> +               return 0;
>> +
>> +       return 1;
>> +}
>> +
>>  #endif /* __AA_CONTEXT_H */
>> --
>> 1.6.5.3
>>
>>