@@ -17,7 +17,6 @@
#include <net/sock.h>
#include <linux/path.h>
-#include <linux/lsm_hooks.h>
#include "apparmorfs.h"
#include "label.h"
@@ -57,16 +56,7 @@ struct aa_sk_ctx {
struct path path;
};
-extern struct lsm_blob_sizes apparmor_blob_sizes;
-static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
-{
-#ifdef CONFIG_SECURITY_STACKING
- return sk->sk_security + apparmor_blob_sizes.lbs_sock;
-#else
- return sk->sk_security;
-#endif
-}
-#define SK_CTX(X) apparmor_sock(X)
+#define SK_CTX(X) ((X)->sk_security)
#define SOCK_ctx(X) SOCK_INODE(X)->i_security
#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \
struct lsm_network_audit NAME ## _net = { .sk = (SK), \
@@ -748,7 +748,13 @@ static int apparmor_task_kill(struct task_struct *target, struct siginfo *info,
*/
static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
{
- /* allocated and cleared by LSM */
+ struct aa_sk_ctx *ctx;
+
+ ctx = kzalloc(sizeof(*ctx), flags);
+ if (!ctx)
+ return -ENOMEM;
+
+ SK_CTX(sk) = ctx;
return 0;
}
@@ -760,13 +766,11 @@ static void apparmor_sk_free_security(struct sock *sk)
{
struct aa_sk_ctx *ctx = SK_CTX(sk);
+ SK_CTX(sk) = NULL;
aa_put_label(ctx->label);
- ctx->label = NULL;
aa_put_label(ctx->peer);
- ctx->peer = NULL;
path_put(&ctx->path);
- ctx->path.dentry = NULL;
- ctx->path.mnt = NULL;
+ kfree(ctx);
}
/**
@@ -1147,7 +1151,6 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
struct lsm_blob_sizes apparmor_blob_sizes = {
.lbs_cred = sizeof(struct aa_task_ctx),
.lbs_file = sizeof(struct aa_file_ctx),
- .lbs_sock = sizeof(struct aa_sk_ctx),
};
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {