diff mbox series

[SRU,Artful,Bionic,1/2] Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks"

Message ID d8929e60e6e505c25be54ae4f1c651e7c83d92d0.1512755253.git.joseph.salisbury@canonical.com
State New
Headers show
Series [SRU,Artful,Bionic,1/2] Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks" | expand

Commit Message

Joseph Salisbury Dec. 8, 2017, 5:59 p.m. UTC 
BugLink: http://bugs.launchpad.net/bugs/1734327

This reverts commit 4ae2508f0bedb1acddf1ef2f474d8105cf003f80.
---
 security/apparmor/include/net.h | 12 +-----------
 security/apparmor/lsm.c         | 15 +++++++++------
 2 files changed, 10 insertions(+), 17 deletions(-)
diff mbox series

Patch

diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
index d378b5f..0ae4524 100644
--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -17,7 +17,6 @@ 
 
 #include <net/sock.h>
 #include <linux/path.h>
-#include <linux/lsm_hooks.h>
 
 #include "apparmorfs.h"
 #include "label.h"
@@ -57,16 +56,7 @@  struct aa_sk_ctx {
 	struct path path;
 };
 
-extern struct lsm_blob_sizes apparmor_blob_sizes;
-static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
-{
-#ifdef CONFIG_SECURITY_STACKING
-	return sk->sk_security + apparmor_blob_sizes.lbs_sock;
-#else
-	return sk->sk_security;
-#endif
-}
-#define SK_CTX(X) apparmor_sock(X)
+#define SK_CTX(X) ((X)->sk_security)
 #define SOCK_ctx(X) SOCK_INODE(X)->i_security
 #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P)				  \
 	struct lsm_network_audit NAME ## _net = { .sk = (SK),		  \
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 792264c..8ccbf04 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -748,7 +748,13 @@  static int apparmor_task_kill(struct task_struct *target, struct siginfo *info,
  */
 static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
 {
-	/* allocated and cleared by LSM */
+	struct aa_sk_ctx *ctx;
+
+	ctx = kzalloc(sizeof(*ctx), flags);
+	if (!ctx)
+		return -ENOMEM;
+
+	SK_CTX(sk) = ctx;
 
 	return 0;
 }
@@ -760,13 +766,11 @@  static void apparmor_sk_free_security(struct sock *sk)
 {
 	struct aa_sk_ctx *ctx = SK_CTX(sk);
 
+	SK_CTX(sk) = NULL;
 	aa_put_label(ctx->label);
-	ctx->label = NULL;
 	aa_put_label(ctx->peer);
-	ctx->peer = NULL;
 	path_put(&ctx->path);
-	ctx->path.dentry = NULL;
-	ctx->path.mnt = NULL;
+	kfree(ctx);
 }
 
 /**
@@ -1147,7 +1151,6 @@  static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
 struct lsm_blob_sizes apparmor_blob_sizes = {
 	.lbs_cred = sizeof(struct aa_task_ctx),
 	.lbs_file = sizeof(struct aa_file_ctx),
-	.lbs_sock = sizeof(struct aa_sk_ctx),
 };
 
 static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {