apparmor: move bprm_committing_creds/committed_creds to lsm.c

There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index a0ba334..2b1524c 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -539,36 +539,6 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
        return 0;
 }
 
-/**
- * apparmor_bprm_committing_creds - do task cleanup on committing new creds
- * @bprm: binprm for the exec  (NOT NULL)
- */
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
-{
-       struct aa_profile *profile = __aa_current_profile();
-       struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
-
-       /* bail out if unconfined or not changing profile */
-       if ((new_ctx->profile == profile) ||
-           (unconfined(new_ctx->profile)))
-               return;
-
-       current->pdeath_signal = 0;
-
-       /* reset soft limits and set hard limits for the new profile */
-       __aa_transition_rlimits(profile, new_ctx->profile);
-}
-
-/**
- * apparmor_bprm_commited_cred - do cleanup after new creds committed
- * @bprm: binprm for the exec  (NOT NULL)
- */
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
-{
-       /* TODO: cleanup signals - ipc mediation */
-       return;
-}
-
 /*
  * Functions for self directed profile change
  */

diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h
index 3054472..6587c4a 100644 (file)
--- a/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@ -25,8 +25,6 @@ struct aa_domain {
 
 int apparmor_bprm_set_creds(struct linux_binprm *bprm);
 int apparmor_bprm_secureexec(struct linux_binprm *bprm);
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm);
 
 void aa_free_domain_entries(struct aa_domain *domain);
 int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8ab00c9..3549200 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -575,6 +575,36 @@ fail:
        goto out;
 }
 
+/**
+ * apparmor_bprm_committing_creds - do task cleanup on committing new creds
+ * @bprm: binprm for the exec  (NOT NULL)
+ */
+static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
+{
+       struct aa_profile *profile = __aa_current_profile();
+       struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
+
+       /* bail out if unconfined or not changing profile */
+       if ((new_ctx->profile == profile) ||
+           (unconfined(new_ctx->profile)))
+               return;
+
+       current->pdeath_signal = 0;
+
+       /* reset soft limits and set hard limits for the new profile */
+       __aa_transition_rlimits(profile, new_ctx->profile);
+}
+
+/**
+ * apparmor_bprm_committed_cred - do cleanup after new creds committed
+ * @bprm: binprm for the exec  (NOT NULL)
+ */
+static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
+{
+       /* TODO: cleanup signals - ipc mediation */
+       return;
+}
+
 static int apparmor_task_setrlimit(struct task_struct *task,
                unsigned int resource, struct rlimit *new_rlim)
 {