diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2018-09-21 20:17:16 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:44 -0500 |
| commit | 0c6cfa622cf57109607f3416b286b6b55561a2ea (patch) | |
| tree | b19919a635083c0e7dd218e794d78cf536ffb194 /security/selinux | |
| parent | b17103a8b8ae9c9ecc5e1e6501b1478ee2dc6fe4 (diff) | |
SELinux: Abstract use of cred security blob
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 54 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 5 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 4 |
3 files changed, 34 insertions, 29 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c5d9fbbb5e5b..beec1de5c2da 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -226,7 +226,7 @@ static inline u32 cred_sid(const struct cred *cred) | |||
| 226 | { | 226 | { |
| 227 | const struct task_security_struct *tsec; | 227 | const struct task_security_struct *tsec; |
| 228 | 228 | ||
| 229 | tsec = cred->security; | 229 | tsec = selinux_cred(cred); |
| 230 | return tsec->sid; | 230 | return tsec->sid; |
| 231 | } | 231 | } |
| 232 | 232 | ||
| @@ -498,7 +498,7 @@ static int may_context_mount_sb_relabel(u32 sid, | |||
| 498 | struct superblock_security_struct *sbsec, | 498 | struct superblock_security_struct *sbsec, |
| 499 | const struct cred *cred) | 499 | const struct cred *cred) |
| 500 | { | 500 | { |
| 501 | const struct task_security_struct *tsec = cred->security; | 501 | const struct task_security_struct *tsec = selinux_cred(cred); |
| 502 | int rc; | 502 | int rc; |
| 503 | 503 | ||
| 504 | rc = avc_has_perm(&selinux_state, | 504 | rc = avc_has_perm(&selinux_state, |
| @@ -517,7 +517,7 @@ static int may_context_mount_inode_relabel(u32 sid, | |||
| 517 | struct superblock_security_struct *sbsec, | 517 | struct superblock_security_struct *sbsec, |
| 518 | const struct cred *cred) | 518 | const struct cred *cred) |
| 519 | { | 519 | { |
| 520 | const struct task_security_struct *tsec = cred->security; | 520 | const struct task_security_struct *tsec = selinux_cred(cred); |
| 521 | int rc; | 521 | int rc; |
| 522 | rc = avc_has_perm(&selinux_state, | 522 | rc = avc_has_perm(&selinux_state, |
| 523 | tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 523 | tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
| @@ -1803,7 +1803,7 @@ static int may_create(struct inode *dir, | |||
| 1803 | struct dentry *dentry, | 1803 | struct dentry *dentry, |
| 1804 | u16 tclass) | 1804 | u16 tclass) |
| 1805 | { | 1805 | { |
| 1806 | const struct task_security_struct *tsec = current_security(); | 1806 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 1807 | struct inode_security_struct *dsec; | 1807 | struct inode_security_struct *dsec; |
| 1808 | struct superblock_security_struct *sbsec; | 1808 | struct superblock_security_struct *sbsec; |
| 1809 | u32 sid, newsid; | 1809 | u32 sid, newsid; |
| @@ -1825,7 +1825,7 @@ static int may_create(struct inode *dir, | |||
| 1825 | if (rc) | 1825 | if (rc) |
| 1826 | return rc; | 1826 | return rc; |
| 1827 | 1827 | ||
| 1828 | rc = selinux_determine_inode_label(current_security(), dir, | 1828 | rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, |
| 1829 | &dentry->d_name, tclass, &newsid); | 1829 | &dentry->d_name, tclass, &newsid); |
| 1830 | if (rc) | 1830 | if (rc) |
| 1831 | return rc; | 1831 | return rc; |
| @@ -2332,8 +2332,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2332 | if (bprm->called_set_creds) | 2332 | if (bprm->called_set_creds) |
| 2333 | return 0; | 2333 | return 0; |
| 2334 | 2334 | ||
| 2335 | old_tsec = current_security(); | 2335 | old_tsec = selinux_cred(current_cred()); |
| 2336 | new_tsec = bprm->cred->security; | 2336 | new_tsec = selinux_cred(bprm->cred); |
| 2337 | isec = inode_security(inode); | 2337 | isec = inode_security(inode); |
| 2338 | 2338 | ||
| 2339 | /* Default to the current task SID. */ | 2339 | /* Default to the current task SID. */ |
| @@ -2497,7 +2497,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | |||
| 2497 | struct rlimit *rlim, *initrlim; | 2497 | struct rlimit *rlim, *initrlim; |
| 2498 | int rc, i; | 2498 | int rc, i; |
| 2499 | 2499 | ||
| 2500 | new_tsec = bprm->cred->security; | 2500 | new_tsec = selinux_cred(bprm->cred); |
| 2501 | if (new_tsec->sid == new_tsec->osid) | 2501 | if (new_tsec->sid == new_tsec->osid) |
| 2502 | return; | 2502 | return; |
| 2503 | 2503 | ||
| @@ -2540,7 +2540,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | |||
| 2540 | */ | 2540 | */ |
| 2541 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) | 2541 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) |
| 2542 | { | 2542 | { |
| 2543 | const struct task_security_struct *tsec = current_security(); | 2543 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 2544 | struct itimerval itimer; | 2544 | struct itimerval itimer; |
| 2545 | u32 osid, sid; | 2545 | u32 osid, sid; |
| 2546 | int rc, i; | 2546 | int rc, i; |
| @@ -2777,7 +2777,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, | |||
| 2777 | u32 newsid; | 2777 | u32 newsid; |
| 2778 | int rc; | 2778 | int rc; |
| 2779 | 2779 | ||
| 2780 | rc = selinux_determine_inode_label(current_security(), | 2780 | rc = selinux_determine_inode_label(selinux_cred(current_cred()), |
| 2781 | d_inode(dentry->d_parent), name, | 2781 | d_inode(dentry->d_parent), name, |
| 2782 | inode_mode_to_security_class(mode), | 2782 | inode_mode_to_security_class(mode), |
| 2783 | &newsid); | 2783 | &newsid); |
| @@ -2797,14 +2797,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, | |||
| 2797 | int rc; | 2797 | int rc; |
| 2798 | struct task_security_struct *tsec; | 2798 | struct task_security_struct *tsec; |
| 2799 | 2799 | ||
| 2800 | rc = selinux_determine_inode_label(old->security, | 2800 | rc = selinux_determine_inode_label(selinux_cred(old), |
| 2801 | d_inode(dentry->d_parent), name, | 2801 | d_inode(dentry->d_parent), name, |
| 2802 | inode_mode_to_security_class(mode), | 2802 | inode_mode_to_security_class(mode), |
| 2803 | &newsid); | 2803 | &newsid); |
| 2804 | if (rc) | 2804 | if (rc) |
| 2805 | return rc; | 2805 | return rc; |
| 2806 | 2806 | ||
| 2807 | tsec = new->security; | 2807 | tsec = selinux_cred(new); |
| 2808 | tsec->create_sid = newsid; | 2808 | tsec->create_sid = newsid; |
| 2809 | return 0; | 2809 | return 0; |
| 2810 | } | 2810 | } |
| @@ -2814,7 +2814,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 2814 | const char **name, | 2814 | const char **name, |
| 2815 | void **value, size_t *len) | 2815 | void **value, size_t *len) |
| 2816 | { | 2816 | { |
| 2817 | const struct task_security_struct *tsec = current_security(); | 2817 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 2818 | struct superblock_security_struct *sbsec; | 2818 | struct superblock_security_struct *sbsec; |
| 2819 | u32 newsid, clen; | 2819 | u32 newsid, clen; |
| 2820 | int rc; | 2820 | int rc; |
| @@ -2824,7 +2824,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 2824 | 2824 | ||
| 2825 | newsid = tsec->create_sid; | 2825 | newsid = tsec->create_sid; |
| 2826 | 2826 | ||
| 2827 | rc = selinux_determine_inode_label(current_security(), | 2827 | rc = selinux_determine_inode_label(selinux_cred(current_cred()), |
| 2828 | dir, qstr, | 2828 | dir, qstr, |
| 2829 | inode_mode_to_security_class(inode->i_mode), | 2829 | inode_mode_to_security_class(inode->i_mode), |
| 2830 | &newsid); | 2830 | &newsid); |
| @@ -3286,7 +3286,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) | |||
| 3286 | return -ENOMEM; | 3286 | return -ENOMEM; |
| 3287 | } | 3287 | } |
| 3288 | 3288 | ||
| 3289 | tsec = new_creds->security; | 3289 | tsec = selinux_cred(new_creds); |
| 3290 | /* Get label from overlay inode and set it in create_sid */ | 3290 | /* Get label from overlay inode and set it in create_sid */ |
| 3291 | selinux_inode_getsecid(d_inode(src), &sid); | 3291 | selinux_inode_getsecid(d_inode(src), &sid); |
| 3292 | tsec->create_sid = sid; | 3292 | tsec->create_sid = sid; |
| @@ -3706,7 +3706,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) | |||
| 3706 | */ | 3706 | */ |
| 3707 | static void selinux_cred_free(struct cred *cred) | 3707 | static void selinux_cred_free(struct cred *cred) |
| 3708 | { | 3708 | { |
| 3709 | struct task_security_struct *tsec = cred->security; | 3709 | struct task_security_struct *tsec = selinux_cred(cred); |
| 3710 | 3710 | ||
| 3711 | /* | 3711 | /* |
| 3712 | * cred->security == NULL if security_cred_alloc_blank() or | 3712 | * cred->security == NULL if security_cred_alloc_blank() or |
| @@ -3726,7 +3726,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, | |||
| 3726 | const struct task_security_struct *old_tsec; | 3726 | const struct task_security_struct *old_tsec; |
| 3727 | struct task_security_struct *tsec; | 3727 | struct task_security_struct *tsec; |
| 3728 | 3728 | ||
| 3729 | old_tsec = old->security; | 3729 | old_tsec = selinux_cred(old); |
| 3730 | 3730 | ||
| 3731 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); | 3731 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); |
| 3732 | if (!tsec) | 3732 | if (!tsec) |
| @@ -3741,8 +3741,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, | |||
| 3741 | */ | 3741 | */ |
| 3742 | static void selinux_cred_transfer(struct cred *new, const struct cred *old) | 3742 | static void selinux_cred_transfer(struct cred *new, const struct cred *old) |
| 3743 | { | 3743 | { |
| 3744 | const struct task_security_struct *old_tsec = old->security; | 3744 | const struct task_security_struct *old_tsec = selinux_cred(old); |
| 3745 | struct task_security_struct *tsec = new->security; | 3745 | struct task_security_struct *tsec = selinux_cred(new); |
| 3746 | 3746 | ||
| 3747 | *tsec = *old_tsec; | 3747 | *tsec = *old_tsec; |
| 3748 | } | 3748 | } |
| @@ -3758,7 +3758,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) | |||
| 3758 | */ | 3758 | */ |
| 3759 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | 3759 | static int selinux_kernel_act_as(struct cred *new, u32 secid) |
| 3760 | { | 3760 | { |
| 3761 | struct task_security_struct *tsec = new->security; | 3761 | struct task_security_struct *tsec = selinux_cred(new); |
| 3762 | u32 sid = current_sid(); | 3762 | u32 sid = current_sid(); |
| 3763 | int ret; | 3763 | int ret; |
| 3764 | 3764 | ||
| @@ -3783,7 +3783,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) | |||
| 3783 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | 3783 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) |
| 3784 | { | 3784 | { |
| 3785 | struct inode_security_struct *isec = inode_security(inode); | 3785 | struct inode_security_struct *isec = inode_security(inode); |
| 3786 | struct task_security_struct *tsec = new->security; | 3786 | struct task_security_struct *tsec = selinux_cred(new); |
| 3787 | u32 sid = current_sid(); | 3787 | u32 sid = current_sid(); |
| 3788 | int ret; | 3788 | int ret; |
| 3789 | 3789 | ||
| @@ -4332,7 +4332,7 @@ static int sock_has_perm(struct sock *sk, u32 perms) | |||
| 4332 | static int selinux_socket_create(int family, int type, | 4332 | static int selinux_socket_create(int family, int type, |
| 4333 | int protocol, int kern) | 4333 | int protocol, int kern) |
| 4334 | { | 4334 | { |
| 4335 | const struct task_security_struct *tsec = current_security(); | 4335 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 4336 | u32 newsid; | 4336 | u32 newsid; |
| 4337 | u16 secclass; | 4337 | u16 secclass; |
| 4338 | int rc; | 4338 | int rc; |
| @@ -4352,7 +4352,7 @@ static int selinux_socket_create(int family, int type, | |||
| 4352 | static int selinux_socket_post_create(struct socket *sock, int family, | 4352 | static int selinux_socket_post_create(struct socket *sock, int family, |
| 4353 | int type, int protocol, int kern) | 4353 | int type, int protocol, int kern) |
| 4354 | { | 4354 | { |
| 4355 | const struct task_security_struct *tsec = current_security(); | 4355 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 4356 | struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); | 4356 | struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); |
| 4357 | struct sk_security_struct *sksec; | 4357 | struct sk_security_struct *sksec; |
| 4358 | u16 sclass = socket_type_to_security_class(family, type, protocol); | 4358 | u16 sclass = socket_type_to_security_class(family, type, protocol); |
| @@ -5233,7 +5233,7 @@ static int selinux_secmark_relabel_packet(u32 sid) | |||
| 5233 | const struct task_security_struct *__tsec; | 5233 | const struct task_security_struct *__tsec; |
| 5234 | u32 tsid; | 5234 | u32 tsid; |
| 5235 | 5235 | ||
| 5236 | __tsec = current_security(); | 5236 | __tsec = selinux_cred(current_cred()); |
| 5237 | tsid = __tsec->sid; | 5237 | tsid = __tsec->sid; |
| 5238 | 5238 | ||
| 5239 | return avc_has_perm(&selinux_state, | 5239 | return avc_has_perm(&selinux_state, |
| @@ -6170,7 +6170,7 @@ static int selinux_getprocattr(struct task_struct *p, | |||
| 6170 | unsigned len; | 6170 | unsigned len; |
| 6171 | 6171 | ||
| 6172 | rcu_read_lock(); | 6172 | rcu_read_lock(); |
| 6173 | __tsec = __task_cred(p)->security; | 6173 | __tsec = selinux_cred(__task_cred(p)); |
| 6174 | 6174 | ||
| 6175 | if (current != p) { | 6175 | if (current != p) { |
| 6176 | error = avc_has_perm(&selinux_state, | 6176 | error = avc_has_perm(&selinux_state, |
| @@ -6293,7 +6293,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) | |||
| 6293 | operation. See selinux_bprm_set_creds for the execve | 6293 | operation. See selinux_bprm_set_creds for the execve |
| 6294 | checks and may_create for the file creation checks. The | 6294 | checks and may_create for the file creation checks. The |
| 6295 | operation will then fail if the context is not permitted. */ | 6295 | operation will then fail if the context is not permitted. */ |
| 6296 | tsec = new->security; | 6296 | tsec = selinux_cred(new); |
| 6297 | if (!strcmp(name, "exec")) { | 6297 | if (!strcmp(name, "exec")) { |
| 6298 | tsec->exec_sid = sid; | 6298 | tsec->exec_sid = sid; |
| 6299 | } else if (!strcmp(name, "fscreate")) { | 6299 | } else if (!strcmp(name, "fscreate")) { |
| @@ -6422,7 +6422,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, | |||
| 6422 | if (!ksec) | 6422 | if (!ksec) |
| 6423 | return -ENOMEM; | 6423 | return -ENOMEM; |
| 6424 | 6424 | ||
| 6425 | tsec = cred->security; | 6425 | tsec = selinux_cred(cred); |
| 6426 | if (tsec->keycreate_sid) | 6426 | if (tsec->keycreate_sid) |
| 6427 | ksec->sid = tsec->keycreate_sid; | 6427 | ksec->sid = tsec->keycreate_sid; |
| 6428 | else | 6428 | else |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cc5e26b0161b..734b6833bdff 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
| @@ -158,4 +158,9 @@ struct bpf_security_struct { | |||
| 158 | u32 sid; /*SID of bpf obj creater*/ | 158 | u32 sid; /*SID of bpf obj creater*/ |
| 159 | }; | 159 | }; |
| 160 | 160 | ||
| 161 | static inline struct task_security_struct *selinux_cred(const struct cred *cred) | ||
| 162 | { | ||
| 163 | return cred->security; | ||
| 164 | } | ||
| 165 | |||
| 161 | #endif /* _SELINUX_OBJSEC_H_ */ | 166 | #endif /* _SELINUX_OBJSEC_H_ */ |
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index bd7d18bdb147..7c57cb7e4146 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, | |||
| 79 | gfp_t gfp) | 79 | gfp_t gfp) |
| 80 | { | 80 | { |
| 81 | int rc; | 81 | int rc; |
| 82 | const struct task_security_struct *tsec = current_security(); | 82 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 83 | struct xfrm_sec_ctx *ctx = NULL; | 83 | struct xfrm_sec_ctx *ctx = NULL; |
| 84 | u32 str_len; | 84 | u32 str_len; |
| 85 | 85 | ||
| @@ -138,7 +138,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) | |||
| 138 | */ | 138 | */ |
| 139 | static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) | 139 | static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) |
| 140 | { | 140 | { |
| 141 | const struct task_security_struct *tsec = current_security(); | 141 | const struct task_security_struct *tsec = selinux_cred(current_cred()); |
| 142 | 142 | ||
| 143 | if (!ctx) | 143 | if (!ctx) |
| 144 | return 0; | 144 | return 0; |