Yama: Check for pid death before checking ancestry

[mirror_ubuntu-bionic-kernel.git] / security / tomoyo / securityfs_if.c

diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 49393c2a3f8bce114eb55eeff40698d44b0514e4..cdb66071a890dceacdd21f625f89daae205ee991 100644 (file)
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -71,9 +71,12 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
                                if (!cred) {
                                        error = -ENOMEM;
                                } else {
-                                       struct tomoyo_domain_info *old_domain =
-                                               cred->security;
-                                       cred->security = new_domain;
+                                       struct tomoyo_domain_info **blob;
+                                       struct tomoyo_domain_info *old_domain;
+
+                                       blob = tomoyo_cred(cred);
+                                       old_domain = *blob;
+                                       *blob = new_domain;
                                        atomic_inc(&new_domain->users);
                                        atomic_dec(&old_domain->users);
                                        commit_creds(cred);
@@ -234,10 +237,14 @@ static void __init tomoyo_create_entry(const char *name, const umode_t mode,
  */
 static int __init tomoyo_initerface_init(void)
 {
+       struct tomoyo_domain_info *domain;
        struct dentry *tomoyo_dir;
 
+       if (!tomoyo_enabled)
+               return 0;
+       domain = tomoyo_domain();
        /* Don't create securityfs entries unless registered. */
-       if (current_cred()->security != &tomoyo_kernel_domain)
+       if (domain != &tomoyo_kernel_domain)
                return 0;
 
        tomoyo_dir = securityfs_create_dir("tomoyo", NULL);