static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
int (*show)(struct seq_file *, void *))
{
- struct aa_replacedby *r = aa_get_replacedby(inode->i_private);
- int error = single_open(file, show, r);
+ struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
+ int error = single_open(file, show, proxy);
if (error) {
file->private_data = NULL;
- aa_put_replacedby(r);
+ aa_put_proxy(proxy);
}
return error;
{
struct seq_file *seq = (struct seq_file *) file->private_data;
if (seq)
- aa_put_replacedby(seq->private);
+ aa_put_proxy(seq->private);
return single_release(inode, file);
}
static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
{
- struct aa_replacedby *r = seq->private;
- struct aa_profile *profile = aa_get_profile_rcu(&r->profile);
+ struct aa_proxy *proxy = seq->private;
+ struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
seq_printf(seq, "%s\n", profile->base.name);
aa_put_profile(profile);
static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
{
- struct aa_replacedby *r = seq->private;
- struct aa_profile *profile = aa_get_profile_rcu(&r->profile);
+ struct aa_proxy *proxy = seq->private;
+ struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
aa_put_profile(profile);
static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
{
- struct aa_replacedby *r = seq->private;
- struct aa_profile *profile = aa_get_profile_rcu(&r->profile);
+ struct aa_proxy *proxy = seq->private;
+ struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
if (profile->attach)
seq_printf(seq, "%s\n", profile->attach);
else if (profile->xmatch)
static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
{
- struct aa_replacedby *r = seq->private;
- struct aa_profile *profile = aa_get_profile_rcu(&r->profile);
+ struct aa_proxy *proxy = seq->private;
+ struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
unsigned int i, size = aa_hash_size();
if (profile->hash) {
__aa_fs_profile_rmdir(child);
for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
- struct aa_replacedby *r;
+ struct aa_proxy *proxy;
if (!profile->dents[i])
continue;
- r = d_inode(profile->dents[i])->i_private;
+ proxy = d_inode(profile->dents[i])->i_private;
securityfs_remove(profile->dents[i]);
- aa_put_replacedby(r);
+ aa_put_proxy(proxy);
profile->dents[i] = NULL;
}
}
struct aa_profile *profile,
const struct file_operations *fops)
{
- struct aa_replacedby *r = aa_get_replacedby(profile->replacedby);
+ struct aa_proxy *proxy = aa_get_proxy(profile->proxy);
struct dentry *dent;
- dent = securityfs_create_file(name, S_IFREG | 0444, dir, r, fops);
+ dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
if (IS_ERR(dent))
- aa_put_replacedby(r);
+ aa_put_proxy(proxy);
return dent;
}
};
-struct aa_replacedby {
+struct aa_proxy {
struct kref count;
struct aa_profile __rcu *profile;
};
* @rcu: rcu head used when removing from @list
* @parent: parent of profile
* @ns: namespace the profile is in
- * @replacedby: is set to the profile that replaced this profile
+ * @proxy: is set to the profile that replaced this profile
* @rename: optional profile name that this profile renamed
* @attach: human readable attachment string
* @xmatch: optional extended matching for unconfined executables names
* used to determine profile attachment against unconfined tasks. All other
* attachments are determined by profile X transition rules.
*
- * The @replacedby struct is write protected by the profile lock.
+ * The @proxy struct is write protected by the profile lock.
*
* Profiles have a hierarchy where hats and children profiles keep
* a reference to their parent.
struct aa_profile __rcu *parent;
struct aa_ns *ns;
- struct aa_replacedby *replacedby;
+ struct aa_proxy *proxy;
const char *rename;
const char *attach;
extern enum profile_mode aa_g_profile_mode;
-void __aa_update_replacedby(struct aa_profile *orig, struct aa_profile *new);
+void __aa_update_proxy(struct aa_profile *orig, struct aa_profile *new);
void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
-void aa_free_replacedby_kref(struct kref *kref);
+void aa_free_proxy_kref(struct kref *kref);
struct aa_profile *aa_alloc_profile(const char *name);
struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void aa_free_profile(struct aa_profile *profile);
return NULL;
if (profile_is_stale(p))
- return aa_get_profile_rcu(&p->replacedby->profile);
+ return aa_get_profile_rcu(&p->proxy->profile);
return aa_get_profile(p);
}
kref_put(&p->count, aa_free_profile_kref);
}
-static inline struct aa_replacedby *aa_get_replacedby(struct aa_replacedby *p)
+static inline struct aa_proxy *aa_get_proxy(struct aa_proxy *p)
{
if (p)
kref_get(&(p->count));
return p;
}
-static inline void aa_put_replacedby(struct aa_replacedby *p)
+static inline void aa_put_proxy(struct aa_proxy *p)
{
if (p)
- kref_put(&p->count, aa_free_replacedby_kref);
+ kref_put(&p->count, aa_free_proxy_kref);
}
static inline int AUDIT_MODE(struct aa_profile *profile)
/* requires profile list write lock held */
-void __aa_update_replacedby(struct aa_profile *orig, struct aa_profile *new)
+void __aa_update_proxy(struct aa_profile *orig, struct aa_profile *new)
{
struct aa_profile *tmp;
- tmp = rcu_dereference_protected(orig->replacedby->profile,
+ tmp = rcu_dereference_protected(orig->proxy->profile,
mutex_is_locked(&orig->ns->lock));
- rcu_assign_pointer(orig->replacedby->profile, aa_get_profile(new));
+ rcu_assign_pointer(orig->proxy->profile, aa_get_profile(new));
orig->flags |= PFLAG_STALE;
aa_put_profile(tmp);
}
/* release any children lists first */
__aa_profile_list_release(&profile->base.profiles);
/* released by free_profile */
- __aa_update_replacedby(profile, profile->ns->unconfined);
+ __aa_update_proxy(profile, profile->ns->unconfined);
__aa_fs_profile_rmdir(profile);
__list_remove_profile(profile);
}
}
-static void free_replacedby(struct aa_replacedby *r)
+static void free_proxy(struct aa_proxy *p)
{
- if (r) {
+ if (p) {
/* r->profile will not be updated any more as r is dead */
- aa_put_profile(rcu_dereference_protected(r->profile, true));
- kzfree(r);
+ aa_put_profile(rcu_dereference_protected(p->profile, true));
+ kzfree(p);
}
}
-void aa_free_replacedby_kref(struct kref *kref)
+void aa_free_proxy_kref(struct kref *kref)
{
- struct aa_replacedby *r = container_of(kref, struct aa_replacedby,
- count);
- free_replacedby(r);
+ struct aa_proxy *p = container_of(kref, struct aa_proxy, count);
+
+ free_proxy(p);
}
/**
kzfree(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile->policy.dfa);
- aa_put_replacedby(profile->replacedby);
+ aa_put_proxy(profile->proxy);
kzfree(profile->hash);
kzfree(profile);
if (!profile)
return NULL;
- profile->replacedby = kzalloc(sizeof(struct aa_replacedby), GFP_KERNEL);
- if (!profile->replacedby)
+ profile->proxy = kzalloc(sizeof(struct aa_proxy), GFP_KERNEL);
+ if (!profile->proxy)
goto fail;
- kref_init(&profile->replacedby->count);
+ kref_init(&profile->proxy->count);
if (!aa_policy_init(&profile->base, NULL, hname))
goto fail;
return profile;
fail:
- kzfree(profile->replacedby);
+ kzfree(profile->proxy);
kzfree(profile);
return NULL;
* __replace_profile - replace @old with @new on a list
* @old: profile to be replaced (NOT NULL)
* @new: profile to replace @old with (NOT NULL)
- * @share_replacedby: transfer @old->replacedby to @new
+ * @share_proxy: transfer @old->proxy to @new
*
* Will duplicate and refcount elements that @new inherits from @old
* and will inherit @old children.
* Requires: namespace list lock be held, or list not be shared
*/
static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
- bool share_replacedby)
+ bool share_proxy)
{
struct aa_profile *child, *tmp;
p = __find_child(&new->base.profiles, child->base.name);
if (p) {
/* @p replaces @child */
- __replace_profile(child, p, share_replacedby);
+ __replace_profile(child, p, share_proxy);
continue;
}
struct aa_profile *parent = aa_deref_parent(old);
rcu_assign_pointer(new->parent, aa_get_profile(parent));
}
- __aa_update_replacedby(old, new);
- if (share_replacedby) {
- aa_put_replacedby(new->replacedby);
- new->replacedby = aa_get_replacedby(old->replacedby);
- } else if (!rcu_access_pointer(new->replacedby->profile))
- /* aafs interface uses replacedby */
- rcu_assign_pointer(new->replacedby->profile,
+ __aa_update_proxy(old, new);
+ if (share_proxy) {
+ aa_put_proxy(new->proxy);
+ new->proxy = aa_get_proxy(old->proxy);
+ } else if (!rcu_access_pointer(new->proxy->profile))
+ /* aafs interface uses proxy */
+ rcu_assign_pointer(new->proxy->profile,
aa_get_profile(new));
__aa_fs_profile_migrate_dents(old, new);
if (ent->old) {
__replace_profile(ent->old, ent->new, 1);
if (ent->rename) {
- /* aafs interface uses replacedby */
- struct aa_replacedby *r = ent->new->replacedby;
+ /* aafs interface uses proxy */
+ struct aa_proxy *r = ent->new->proxy;
rcu_assign_pointer(r->profile,
aa_get_profile(ent->new));
__replace_profile(ent->rename, ent->new, 0);
}
} else if (ent->rename) {
- /* aafs interface uses replacedby */
- rcu_assign_pointer(ent->new->replacedby->profile,
+ /* aafs interface uses proxy */
+ rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new));
__replace_profile(ent->rename, ent->new, 0);
} else if (ent->new->parent) {
rcu_assign_pointer(ent->new->parent, newest);
aa_put_profile(parent);
}
- /* aafs interface uses replacedby */
- rcu_assign_pointer(ent->new->replacedby->profile,
+ /* aafs interface uses proxy */
+ rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new));
__list_add_profile(&newest->base.profiles, ent->new);
aa_put_profile(newest);
} else {
- /* aafs interface uses replacedby */
- rcu_assign_pointer(ent->new->replacedby->profile,
+ /* aafs interface uses proxy */
+ rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new));
__list_add_profile(&ns->base.profiles, ent->new);
}
projects / platform / kernel / linux-rpi.git / commitdiff