提交 af7caa8f 编写于 作者: J John Johansen

apparmor: move file context into file.h

Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
上级 651e5495
......@@ -25,38 +25,6 @@
#define cred_ctx(X) ((X)->security)
#define current_ctx() cred_ctx(current_cred())
/* struct aa_file_ctx - the AppArmor context the file was opened in
* @perms: the permission the file was opened with
*
* The file_ctx could currently be directly stored in file->f_security
* as the profile reference is now stored in the f_cred. However the
* ctx struct will expand in the future so we keep the struct.
*/
struct aa_file_ctx {
u16 allow;
};
/**
* aa_alloc_file_context - allocate file_ctx
* @gfp: gfp flags for allocation
*
* Returns: file_ctx or NULL on failure
*/
static inline struct aa_file_ctx *aa_alloc_file_context(gfp_t gfp)
{
return kzalloc(sizeof(struct aa_file_ctx), gfp);
}
/**
* aa_free_file_context - free a file_ctx
* @ctx: file_ctx to free (MAYBE_NULL)
*/
static inline void aa_free_file_context(struct aa_file_ctx *ctx)
{
if (ctx)
kzfree(ctx);
}
/**
* struct aa_task_ctx - primary label for confined tasks
* @profile: the current profile (NOT NULL)
......
......@@ -47,6 +47,38 @@ struct path;
AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \
AA_EXEC_MMAP | AA_MAY_LINK)
/* struct aa_file_ctx - the AppArmor context the file was opened in
* @perms: the permission the file was opened with
*
* The file_ctx could currently be directly stored in file->f_security
* as the profile reference is now stored in the f_cred. However the
* ctx struct will expand in the future so we keep the struct.
*/
struct aa_file_ctx {
u16 allow;
};
/**
* aa_alloc_file_context - allocate file_ctx
* @gfp: gfp flags for allocation
*
* Returns: file_ctx or NULL on failure
*/
static inline struct aa_file_ctx *aa_alloc_file_context(gfp_t gfp)
{
return kzalloc(sizeof(struct aa_file_ctx), gfp);
}
/**
* aa_free_file_context - free a file_ctx
* @ctx: file_ctx to free (MAYBE_NULL)
*/
static inline void aa_free_file_context(struct aa_file_ctx *ctx)
{
if (ctx)
kzfree(ctx);
}
/*
* The xindex is broken into 3 parts
* - index - an index into either the exec name table or the variable table
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册