From 8c6cb983cd52d78ab4e4c0191c73a11dcb60b866 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 19 Jan 2019 23:11:40 +0900
Subject: tomoyo: Swicth from cred->security to task_struct->security.

TOMOYO security module is designed to use "struct task_struct"->security
in order to allow per "struct task_struct" tracking without being disturbed
by unable to update "struct cred"->security due to override mechanism.

Now that infrastructure-managed security blob is ready, this patch updates
TOMOYO to use "struct task_struct"->security.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.morris@microsoft.com>
---
 security/tomoyo/domain.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'security/tomoyo/domain.c')

diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index b7469fdbff01..39abf3ae6168 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -678,7 +678,6 @@ out:
  */
 int tomoyo_find_next_domain(struct linux_binprm *bprm)
 {
-	struct tomoyo_domain_info **blob;
 	struct tomoyo_domain_info *old_domain = tomoyo_domain();
 	struct tomoyo_domain_info *domain = NULL;
 	const char *original_name = bprm->filename;
@@ -843,9 +842,13 @@ force_jump_domain:
 	if (!domain)
 		domain = old_domain;
 	/* Update reference count on "struct tomoyo_domain_info". */
-	atomic_inc(&domain->users);
-	blob = tomoyo_cred(bprm->cred);
-	*blob = domain;
+	{
+		struct tomoyo_task *s = tomoyo_task(current);
+
+		s->old_domain_info = s->domain_info;
+		s->domain_info = domain;
+		atomic_inc(&domain->users);
+	}
 	kfree(exename.name);
 	if (!retval) {
 		ee->r.domain = domain;
-- 
cgit