#include <linux/cred.h>
#include <linux/slab.h>
#include <linux/sched.h>
+#include <linux/lsm_hooks.h>
#include "label.h"
#include "policy_ns.h"
-#define cred_ctx(X) ((X)->security)
+#define cred_ctx(X) apparmor_cred(X)
#define current_ctx() cred_ctx(current_cred())
/**
int aa_restore_previous_label(u64 cookie);
struct aa_label *aa_get_task_label(struct task_struct *task);
+extern struct lsm_blob_sizes apparmor_blob_sizes;
+
+static inline struct aa_task_ctx *apparmor_cred(const struct cred *cred)
+{
+#ifdef CONFIG_SECURITY_STACKING
+ return cred->security + apparmor_blob_sizes.lbs_cred;
+#else
+ return cred->security;
+#endif
+}
/**
* aa_cred_raw_label - obtain cred's label
*/
static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
{
- struct aa_task_ctx *ctx = cred_ctx(cred);
+ struct aa_task_ctx *ctx = apparmor_cred(cred);
AA_BUG(!ctx || !ctx->label);
return ctx->label;
return aa_get_newest_label(aa_cred_raw_label(cred));
}
+static inline struct aa_file_ctx *apparmor_file(const struct file *file)
+{
+#ifdef CONFIG_SECURITY_STACKING
+ return file->f_security + apparmor_blob_sizes.lbs_file;
+#else
+ return file->f_security;
+#endif
+}
+
/**
* __aa_task_raw_label - retrieve another task's label
* @task: task to query (NOT NULL)