summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/context.c100
-rw-r--r--security/apparmor/domain.c42
-rw-r--r--security/apparmor/include/context.h78
-rw-r--r--security/apparmor/lsm.c72
-rw-r--r--security/apparmor/policy.c2
5 files changed, 150 insertions, 144 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 3f32f594c999..71e9910cca7b 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -13,11 +13,11 @@
* License.
*
*
- * AppArmor sets confinement on every task, via the the aa_task_cxt and
- * the aa_task_cxt.profile, both of which are required and are not allowed
- * to be NULL. The aa_task_cxt is not reference counted and is unique
+ * AppArmor sets confinement on every task, via the the aa_task_ctx and
+ * the aa_task_ctx.profile, both of which are required and are not allowed
+ * to be NULL. The aa_task_ctx is not reference counted and is unique
* to each cred (which is reference count). The profile pointed to by
- * the task_cxt is reference counted.
+ * the task_ctx is reference counted.
*
* TODO
* If a task uses change_hat it currently does not return to the old
@@ -30,28 +30,28 @@
#include "include/policy.h"
/**
- * aa_alloc_task_context - allocate a new task_cxt
+ * aa_alloc_task_context - allocate a new task_ctx
* @flags: gfp flags for allocation
*
* Returns: allocated buffer or NULL on failure
*/
-struct aa_task_cxt *aa_alloc_task_context(gfp_t flags)
+struct aa_task_ctx *aa_alloc_task_context(gfp_t flags)
{
- return kzalloc(sizeof(struct aa_task_cxt), flags);
+ return kzalloc(sizeof(struct aa_task_ctx), flags);
}
/**
- * aa_free_task_context - free a task_cxt
- * @cxt: task_cxt to free (MAYBE NULL)
+ * aa_free_task_context - free a task_ctx
+ * @ctx: task_ctx to free (MAYBE NULL)
*/
-void aa_free_task_context(struct aa_task_cxt *cxt)
+void aa_free_task_context(struct aa_task_ctx *ctx)
{
- if (cxt) {
- aa_put_profile(cxt->profile);
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
+ if (ctx) {
+ aa_put_profile(ctx->profile);
+ aa_put_profile(ctx->previous);
+ aa_put_profile(ctx->onexec);
- kzfree(cxt);
+ kzfree(ctx);
}
}
@@ -60,7 +60,7 @@ void aa_free_task_context(struct aa_task_cxt *cxt)
* @new: a blank task context (NOT NULL)
* @old: the task context to copy (NOT NULL)
*/
-void aa_dup_task_context(struct aa_task_cxt *new, const struct aa_task_cxt *old)
+void aa_dup_task_context(struct aa_task_ctx *new, const struct aa_task_ctx *old)
{
*new = *old;
aa_get_profile(new->profile);
@@ -93,11 +93,11 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
*/
int aa_replace_current_profile(struct aa_profile *profile)
{
- struct aa_task_cxt *cxt = current_cxt();
+ struct aa_task_ctx *ctx = current_ctx();
struct cred *new;
BUG_ON(!profile);
- if (cxt->profile == profile)
+ if (ctx->profile == profile)
return 0;
if (current_cred() != current_real_cred())
@@ -107,20 +107,22 @@ int aa_replace_current_profile(struct aa_profile *profile)
if (!new)
return -ENOMEM;
- cxt = cred_cxt(new);
- if (unconfined(profile) || (cxt->profile->ns != profile->ns))
+ ctx = cred_ctx(new);
+ if (unconfined(profile) || (ctx->profile->ns != profile->ns))
/* if switching to unconfined or a different profile namespace
* clear out context state
*/
- aa_clear_task_cxt_trans(cxt);
+ aa_clear_task_ctx_trans(ctx);
- /* be careful switching cxt->profile, when racing replacement it
- * is possible that cxt->profile->proxy->profile is the reference
+ /*
+ * be careful switching ctx->profile, when racing replacement it
+ * is possible that ctx->profile->proxy->profile is the reference
* keeping @profile valid, so make sure to get its reference before
- * dropping the reference on cxt->profile */
+ * dropping the reference on ctx->profile
+ */
aa_get_profile(profile);
- aa_put_profile(cxt->profile);
- cxt->profile = profile;
+ aa_put_profile(ctx->profile);
+ ctx->profile = profile;
commit_creds(new);
return 0;
@@ -134,15 +136,15 @@ int aa_replace_current_profile(struct aa_profile *profile)
*/
int aa_set_current_onexec(struct aa_profile *profile)
{
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
struct cred *new = prepare_creds();
if (!new)
return -ENOMEM;
- cxt = cred_cxt(new);
+ ctx = cred_ctx(new);
aa_get_profile(profile);
- aa_put_profile(cxt->onexec);
- cxt->onexec = profile;
+ aa_put_profile(ctx->onexec);
+ ctx->onexec = profile;
commit_creds(new);
return 0;
@@ -160,28 +162,28 @@ int aa_set_current_onexec(struct aa_profile *profile)
*/
int aa_set_current_hat(struct aa_profile *profile, u64 token)
{
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
struct cred *new = prepare_creds();
if (!new)
return -ENOMEM;
BUG_ON(!profile);
- cxt = cred_cxt(new);
- if (!cxt->previous) {
+ ctx = cred_ctx(new);
+ if (!ctx->previous) {
/* transfer refcount */
- cxt->previous = cxt->profile;
- cxt->token = token;
- } else if (cxt->token == token) {
- aa_put_profile(cxt->profile);
+ ctx->previous = ctx->profile;
+ ctx->token = token;
+ } else if (ctx->token == token) {
+ aa_put_profile(ctx->profile);
} else {
- /* previous_profile && cxt->token != token */
+ /* previous_profile && ctx->token != token */
abort_creds(new);
return -EACCES;
}
- cxt->profile = aa_get_newest_profile(profile);
+ ctx->profile = aa_get_newest_profile(profile);
/* clear exec on switching context */
- aa_put_profile(cxt->onexec);
- cxt->onexec = NULL;
+ aa_put_profile(ctx->onexec);
+ ctx->onexec = NULL;
commit_creds(new);
return 0;
@@ -198,27 +200,27 @@ int aa_set_current_hat(struct aa_profile *profile, u64 token)
*/
int aa_restore_previous_profile(u64 token)
{
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
struct cred *new = prepare_creds();
if (!new)
return -ENOMEM;
- cxt = cred_cxt(new);
- if (cxt->token != token) {
+ ctx = cred_ctx(new);
+ if (ctx->token != token) {
abort_creds(new);
return -EACCES;
}
/* ignore restores when there is no saved profile */
- if (!cxt->previous) {
+ if (!ctx->previous) {
abort_creds(new);
return 0;
}
- aa_put_profile(cxt->profile);
- cxt->profile = aa_get_newest_profile(cxt->previous);
- BUG_ON(!cxt->profile);
+ aa_put_profile(ctx->profile);
+ ctx->profile = aa_get_newest_profile(ctx->previous);
+ AA_BUG(!ctx->profile);
/* clear exec && prev information when restoring to previous context */
- aa_clear_task_cxt_trans(cxt);
+ aa_clear_task_ctx_trans(ctx);
commit_creds(new);
return 0;
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 1a8ffc577009..84856b7bbee1 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -337,7 +337,7 @@ static struct aa_profile *x_to_profile(struct aa_profile *profile,
*/
int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
struct aa_profile *profile, *new_profile = NULL;
struct aa_ns *ns;
char *buffer = NULL;
@@ -353,10 +353,10 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
if (bprm->cred_prepared)
return 0;
- cxt = cred_cxt(bprm->cred);
- BUG_ON(!cxt);
+ ctx = cred_ctx(bprm->cred);
+ AA_BUG(!ctx);
- profile = aa_get_newest_profile(cxt->profile);
+ profile = aa_get_newest_profile(ctx->profile);
/*
* get the namespace from the replacement profile as replacement
* can change the namespace
@@ -380,9 +380,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
*/
if (unconfined(profile)) {
/* unconfined task */
- if (cxt->onexec)
+ if (ctx->onexec)
/* change_profile on exec already been granted */
- new_profile = aa_get_profile(cxt->onexec);
+ new_profile = aa_get_profile(ctx->onexec);
else
new_profile = find_attach(ns, &ns->base.profiles, name);
if (!new_profile)
@@ -397,10 +397,10 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
/* find exec permissions for name */
state = aa_str_perms(profile->file.dfa, state, name, &cond, &perms);
- if (cxt->onexec) {
+ if (ctx->onexec) {
struct file_perms cp;
info = "change_profile onexec";
- new_profile = aa_get_newest_profile(cxt->onexec);
+ new_profile = aa_get_newest_profile(ctx->onexec);
if (!(perms.allow & AA_MAY_ONEXEC))
goto audit;
@@ -409,8 +409,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
* exec\0change_profile
*/
state = aa_dfa_null_transition(profile->file.dfa, state);
- cp = change_profile_perms(profile, cxt->onexec->ns,
- cxt->onexec->base.name,
+ cp = change_profile_perms(profile, ctx->onexec->ns,
+ ctx->onexec->base.name,
AA_MAY_ONEXEC, state);
if (!(cp.allow & AA_MAY_ONEXEC))
@@ -499,13 +499,13 @@ apply:
bprm->per_clear |= PER_CLEAR_ON_SETID;
x_clear:
- aa_put_profile(cxt->profile);
- /* transfer new profile reference will be released when cxt is freed */
- cxt->profile = new_profile;
+ aa_put_profile(ctx->profile);
+ /* transfer new profile reference will be released when ctx is freed */
+ ctx->profile = new_profile;
new_profile = NULL;
/* clear out all temporary/transitional state from the context */
- aa_clear_task_cxt_trans(cxt);
+ aa_clear_task_ctx_trans(ctx);
audit:
error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
@@ -545,17 +545,17 @@ int apparmor_bprm_secureexec(struct linux_binprm *bprm)
void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
{
struct aa_profile *profile = __aa_current_profile();
- struct aa_task_cxt *new_cxt = cred_cxt(bprm->cred);
+ struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred);
/* bail out if unconfined or not changing profile */
- if ((new_cxt->profile == profile) ||
- (unconfined(new_cxt->profile)))
+ if ((new_ctx->profile == profile) ||
+ (unconfined(new_ctx->profile)))
return;
current->pdeath_signal = 0;
/* reset soft limits and set hard limits for the new profile */
- __aa_transition_rlimits(profile, new_cxt->profile);
+ __aa_transition_rlimits(profile, new_ctx->profile);
}
/**
@@ -604,7 +604,7 @@ static char *new_compound_name(const char *n1, const char *n2)
int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
{
const struct cred *cred;
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
struct aa_profile *profile, *previous_profile, *hat = NULL;
char *name = NULL;
int i;
@@ -622,9 +622,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
/* released below */
cred = get_current_cred();
- cxt = cred_cxt(cred);
+ ctx = cred_ctx(cred);
profile = aa_get_newest_profile(aa_cred_profile(cred));
- previous_profile = aa_get_newest_profile(cxt->previous);
+ previous_profile = aa_get_newest_profile(ctx->previous);
if (unconfined(profile)) {
info = "unconfined";
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
index d378bff47ccd..5b18fedab4c8 100644
--- a/security/apparmor/include/context.h
+++ b/security/apparmor/include/context.h
@@ -22,43 +22,43 @@
#include "policy.h"
#include "policy_ns.h"
-#define cred_cxt(X) (X)->security
-#define current_cxt() cred_cxt(current_cred())
+#define cred_ctx(X) ((X)->security)
+#define current_ctx() cred_ctx(current_cred())
-/* struct aa_file_cxt - the AppArmor context the file was opened in
+/* struct aa_file_ctx - the AppArmor context the file was opened in
* @perms: the permission the file was opened with
*
- * The file_cxt could currently be directly stored in file->f_security
+ * The file_ctx could currently be directly stored in file->f_security
* as the profile reference is now stored in the f_cred. However the
- * cxt struct will expand in the future so we keep the struct.
+ * ctx struct will expand in the future so we keep the struct.
*/
-struct aa_file_cxt {
+struct aa_file_ctx {
u16 allow;
};
/**
- * aa_alloc_file_context - allocate file_cxt
+ * aa_alloc_file_context - allocate file_ctx
* @gfp: gfp flags for allocation
*
- * Returns: file_cxt or NULL on failure
+ * Returns: file_ctx or NULL on failure
*/
-static inline struct aa_file_cxt *aa_alloc_file_context(gfp_t gfp)
+static inline struct aa_file_ctx *aa_alloc_file_context(gfp_t gfp)
{
- return kzalloc(sizeof(struct aa_file_cxt), gfp);
+ return kzalloc(sizeof(struct aa_file_ctx), gfp);
}
/**
- * aa_free_file_context - free a file_cxt
- * @cxt: file_cxt to free (MAYBE_NULL)
+ * aa_free_file_context - free a file_ctx
+ * @ctx: file_ctx to free (MAYBE_NULL)
*/
-static inline void aa_free_file_context(struct aa_file_cxt *cxt)
+static inline void aa_free_file_context(struct aa_file_ctx *ctx)
{
- if (cxt)
- kzfree(cxt);
+ if (ctx)
+ kzfree(ctx);
}
/**
- * struct aa_task_cxt - primary label for confined tasks
+ * struct aa_task_ctx - primary label for confined tasks
* @profile: the current profile (NOT NULL)
* @exec: profile to transition to on next exec (MAYBE NULL)
* @previous: profile the task may return to (MAYBE NULL)
@@ -69,17 +69,17 @@ static inline void aa_free_file_context(struct aa_file_cxt *cxt)
*
* TODO: make so a task can be confined by a stack of contexts
*/
-struct aa_task_cxt {
+struct aa_task_ctx {
struct aa_profile *profile;
struct aa_profile *onexec;
struct aa_profile *previous;
u64 token;
};
-struct aa_task_cxt *aa_alloc_task_context(gfp_t flags);
-void aa_free_task_context(struct aa_task_cxt *cxt);
-void aa_dup_task_context(struct aa_task_cxt *new,
- const struct aa_task_cxt *old);
+struct aa_task_ctx *aa_alloc_task_context(gfp_t flags);
+void aa_free_task_context(struct aa_task_ctx *ctx);
+void aa_dup_task_context(struct aa_task_ctx *new,
+ const struct aa_task_ctx *old);
int aa_replace_current_profile(struct aa_profile *profile);
int aa_set_current_onexec(struct aa_profile *profile);
int aa_set_current_hat(struct aa_profile *profile, u64 token);
@@ -97,9 +97,10 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task);
*/
static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
{
- struct aa_task_cxt *cxt = cred_cxt(cred);
- BUG_ON(!cxt || !cxt->profile);
- return cxt->profile;
+ struct aa_task_ctx *ctx = cred_ctx(cred);
+
+ AA_BUG(!ctx || !ctx->profile);
+ return ctx->profile;
}
/**
@@ -149,18 +150,19 @@ static inline struct aa_profile *__aa_current_profile(void)
*/
static inline struct aa_profile *aa_current_profile(void)
{
- const struct aa_task_cxt *cxt = current_cxt();
+ const struct aa_task_ctx *ctx = current_ctx();
struct aa_profile *profile;
- BUG_ON(!cxt || !cxt->profile);
- if (profile_is_stale(cxt->profile)) {
- profile = aa_get_newest_profile(cxt->profile);
+ AA_BUG(!ctx || !ctx->profile);
+
+ if (profile_is_stale(ctx->profile)) {
+ profile = aa_get_newest_profile(ctx->profile);
aa_replace_current_profile(profile);
aa_put_profile(profile);
- cxt = current_cxt();
+ ctx = current_ctx();
}
- return cxt->profile;
+ return ctx->profile;
}
static inline struct aa_ns *aa_get_current_ns(void)
@@ -169,16 +171,16 @@ static inline struct aa_ns *aa_get_current_ns(void)
}
/**
- * aa_clear_task_cxt_trans - clear transition tracking info from the cxt
- * @cxt: task context to clear (NOT NULL)
+ * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
+ * @ctx: task context to clear (NOT NULL)
*/
-static inline void aa_clear_task_cxt_trans(struct aa_task_cxt *cxt)
+static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
{
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
- cxt->previous = NULL;
- cxt->onexec = NULL;
- cxt->token = 0;
+ aa_put_profile(ctx->previous);
+ aa_put_profile(ctx->onexec);
+ ctx->previous = NULL;
+ ctx->onexec = NULL;
+ ctx->token = 0;
}
#endif /* __AA_CONTEXT_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 09f1c407c4d8..84666114e9f5 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -45,12 +45,12 @@ int apparmor_initialized __initdata;
*/
/*
- * free the associated aa_task_cxt and put its profiles
+ * free the associated aa_task_ctx and put its profiles
*/
static void apparmor_cred_free(struct cred *cred)
{
- aa_free_task_context(cred_cxt(cred));
- cred_cxt(cred) = NULL;
+ aa_free_task_context(cred_ctx(cred));
+ cred_ctx(cred) = NULL;
}
/*
@@ -59,27 +59,29 @@ static void apparmor_cred_free(struct cred *cred)
static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
/* freed by apparmor_cred_free */
- struct aa_task_cxt *cxt = aa_alloc_task_context(gfp);
- if (!cxt)
+ struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+
+ if (!ctx)
return -ENOMEM;
- cred_cxt(cred) = cxt;
+ cred_ctx(cred) = ctx;
return 0;
}
/*
- * prepare new aa_task_cxt for modification by prepare_cred block
+ * prepare new aa_task_ctx for modification by prepare_cred block
*/
static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
gfp_t gfp)
{
/* freed by apparmor_cred_free */
- struct aa_task_cxt *cxt = aa_alloc_task_context(gfp);
- if (!cxt)
+ struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
+
+ if (!ctx)
return -ENOMEM;
- aa_dup_task_context(cxt, cred_cxt(old));
- cred_cxt(new) = cxt;
+ aa_dup_task_context(ctx, cred_ctx(old));
+ cred_ctx(new) = ctx;
return 0;
}
@@ -88,10 +90,10 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
*/
static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
{
- const struct aa_task_cxt *old_cxt = cred_cxt(old);
- struct aa_task_cxt *new_cxt = cred_cxt(new);
+ const struct aa_task_ctx *old_ctx = cred_ctx(old);
+ struct aa_task_ctx *new_ctx = cred_ctx(new);
- aa_dup_task_context(new_cxt, old_cxt);
+ aa_dup_task_context(new_ctx, old_ctx);
}
static int apparmor_ptrace_access_check(struct task_struct *child,
@@ -345,7 +347,7 @@ static int apparmor_inode_getattr(const struct path *path)
static int apparmor_file_open(struct file *file, const struct cred *cred)
{
- struct aa_file_cxt *fcxt = file->f_security;
+ struct aa_file_ctx *fctx = file->f_security;
struct aa_profile *profile;
int error = 0;
@@ -358,7 +360,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
* actually execute the image.
*/
if (current->in_execve) {
- fcxt->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
+ fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
return 0;
}
@@ -370,7 +372,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0,
aa_map_file_to_perms(file), &cond);
/* todo cache full allowed permissions set and state */
- fcxt->allow = aa_map_file_to_perms(file);
+ fctx->allow = aa_map_file_to_perms(file);
}
return error;
@@ -388,14 +390,14 @@ static int apparmor_file_alloc_security(struct file *file)
static void apparmor_file_free_security(struct file *file)
{
- struct aa_file_cxt *cxt = file->f_security;
+ struct aa_file_ctx *ctx = file->f_security;
- aa_free_file_context(cxt);
+ aa_free_file_context(ctx);
}
static int common_file_perm(int op, struct file *file, u32 mask)
{
- struct aa_file_cxt *fcxt = file->f_security;
+ struct aa_file_ctx *fctx = file->f_security;
struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
int error = 0;
@@ -415,7 +417,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
* delegation from unconfined tasks
*/
if (!unconfined(profile) && !unconfined(fprofile) &&
- ((fprofile != profile) || (mask & ~fcxt->allow)))
+ ((fprofile != profile) || (mask & ~fctx->allow)))
error = aa_file_perm(op, profile, file, mask);
return error;
@@ -477,15 +479,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
int error = -ENOENT;
/* released below */
const struct cred *cred = get_task_cred(task);
- struct aa_task_cxt *cxt = cred_cxt(cred);
+ struct aa_task_ctx *ctx = cred_ctx(cred);
struct aa_profile *profile = NULL;
if (strcmp(name, "current") == 0)
- profile = aa_get_newest_profile(cxt->profile);
- else if (strcmp(name, "prev") == 0 && cxt->previous)
- profile = aa_get_newest_profile(cxt->previous);
- else if (strcmp(name, "exec") == 0 && cxt->onexec)
- profile = aa_get_newest_profile(cxt->onexec);
+ profile = aa_get_newest_profile(ctx->profile);
+ else if (strcmp(name, "prev") == 0 && ctx->previous)
+ profile = aa_get_newest_profile(ctx->previous);
+ else if (strcmp(name, "exec") == 0 && ctx->onexec)
+ profile = aa_get_newest_profile(ctx->onexec);
else
error = -EINVAL;
@@ -849,21 +851,21 @@ static int param_set_mode(const char *val, struct kernel_param *kp)
*/
/**
- * set_init_cxt - set a task context and profile on the first task.
+ * set_init_ctx - set a task context and profile on the first task.
*
* TODO: allow setting an alternate profile than unconfined
*/
-static int __init set_init_cxt(void)
+static int __init set_init_ctx(void)
{
struct cred *cred = (struct cred *)current->real_cred;
- struct aa_task_cxt *cxt;
+ struct aa_task_ctx *ctx;
- cxt = aa_alloc_task_context(GFP_KERNEL);
- if (!cxt)
+ ctx = aa_alloc_task_context(GFP_KERNEL);
+ if (!ctx)
return -ENOMEM;
- cxt->profile = aa_get_profile(root_ns->unconfined);
- cred_cxt(cred) = cxt;
+ ctx->profile = aa_get_profile(root_ns->unconfined);
+ cred_ctx(cred) = ctx;
return 0;
}
@@ -890,7 +892,7 @@ static int __init apparmor_init(void)
goto alloc_out;
}
- error = set_init_cxt();
+ error = set_init_ctx();
if (error) {
AA_ERROR("Failed to set context on init task\n");
aa_free_root_ns();
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 912cdbed7977..4ec24474bd1a 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -808,7 +808,7 @@ static int __lookup_replace(struct aa_ns *ns, const char *hname,
* @udata: serialized data stream (NOT NULL)
*
* unpack and replace a profile on the profile list and uses of that profile
- * by any aa_task_cxt. If the profile does not exist on the profile list
+ * by any aa_task_ctx. If the profile does not exist on the profile list
* it is added.
*
* Returns: size of data consumed else error code on failure.