UBUNTU: SAUCE: LSM stacking: LSM: General stacking

[mirror_ubuntu-bionic-kernel.git] / security / apparmor / include / context.h

diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index 6ae07e9aaa172dac7cd8820af0b9817afdf73f8a..c6d5dbbd18b01ede369eb523524c8154321fe436 100644 (file)
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -18,11 +18,12 @@
 #include <linux/cred.h>
 #include <linux/slab.h>
 #include <linux/sched.h>
+#include <linux/lsm_hooks.h>
 
 #include "label.h"
 #include "policy_ns.h"
 
-#define cred_ctx(X) ((X)->security)
+#define cred_ctx(X) apparmor_cred(X)
 #define current_ctx() cred_ctx(current_cred())
 
 /**
@@ -54,6 +55,16 @@ int aa_set_current_hat(struct aa_label *label, u64 token);
 int aa_restore_previous_label(u64 cookie);
 struct aa_label *aa_get_task_label(struct task_struct *task);
 
+extern struct lsm_blob_sizes apparmor_blob_sizes;
+
+static inline struct aa_task_ctx *apparmor_cred(const struct cred *cred)
+{
+#ifdef CONFIG_SECURITY_STACKING
+       return cred->security + apparmor_blob_sizes.lbs_cred;
+#else
+       return cred->security;
+#endif
+}
 
 /**
  * aa_cred_raw_label - obtain cred's label
@@ -65,7 +76,7 @@ struct aa_label *aa_get_task_label(struct task_struct *task);
  */
 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
 {
-       struct aa_task_ctx *ctx = cred_ctx(cred);
+       struct aa_task_ctx *ctx = apparmor_cred(cred);
 
        AA_BUG(!ctx || !ctx->label);
        return ctx->label;
@@ -82,6 +93,15 @@ static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred)
        return aa_get_newest_label(aa_cred_raw_label(cred));
 }
 
+static inline struct aa_file_ctx *apparmor_file(const struct file *file)
+{
+#ifdef CONFIG_SECURITY_STACKING
+       return file->f_security + apparmor_blob_sizes.lbs_file;
+#else
+       return file->f_security;
+#endif
+}
+
 /**
  * __aa_task_raw_label - retrieve another task's label
  * @task: task to query  (NOT NULL)