diff options
| author | Kees Cook <keescook@chromium.org> | 2017-07-18 18:25:25 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-08-01 15:03:07 -0400 |
| commit | 62874c3adf709b884ceb0c61c35ab3794b3b0e95 (patch) | |
| tree | 2fab65d2a21b0c898063d1accaa59bc10793e647 /security | |
| parent | 993b3ab0642e57da5de6bef11dd50db7e2fc3b7e (diff) | |
selinux: Refactor to remove bprm_secureexec hook
The SELinux bprm_secureexec hook can be merged with the bprm_set_creds
hook since it's dealing with the same information, and all of the details
are finalized during the first call to the bprm_set_creds hook via
prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
via bprm->called_set_creds).
Here, the test can just happen at the end of the bprm_set_creds hook,
and the bprm_secureexec hook can be dropped.
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Tested-by: Paul Moore <paul@paul-moore.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 24 |
1 files changed, 5 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1db40195d178..a1f5f5ddfba7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2442,30 +2442,17 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2442 | 2442 | ||
| 2443 | /* Clear any possibly unsafe personality bits on exec: */ | 2443 | /* Clear any possibly unsafe personality bits on exec: */ |
| 2444 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 2444 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 2445 | } | ||
| 2446 | |||
| 2447 | return 0; | ||
| 2448 | } | ||
| 2449 | |||
| 2450 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | ||
| 2451 | { | ||
| 2452 | const struct task_security_struct *tsec = current_security(); | ||
| 2453 | u32 sid, osid; | ||
| 2454 | int atsecure = 0; | ||
| 2455 | |||
| 2456 | sid = tsec->sid; | ||
| 2457 | osid = tsec->osid; | ||
| 2458 | 2445 | ||
| 2459 | if (osid != sid) { | ||
| 2460 | /* Enable secure mode for SIDs transitions unless | 2446 | /* Enable secure mode for SIDs transitions unless |
| 2461 | the noatsecure permission is granted between | 2447 | the noatsecure permission is granted between |
| 2462 | the two SIDs, i.e. ahp returns 0. */ | 2448 | the two SIDs, i.e. ahp returns 0. */ |
| 2463 | atsecure = avc_has_perm(osid, sid, | 2449 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
| 2464 | SECCLASS_PROCESS, | 2450 | SECCLASS_PROCESS, PROCESS__NOATSECURE, |
| 2465 | PROCESS__NOATSECURE, NULL); | 2451 | NULL); |
| 2452 | bprm->secureexec |= !!rc; | ||
| 2466 | } | 2453 | } |
| 2467 | 2454 | ||
| 2468 | return !!atsecure; | 2455 | return 0; |
| 2469 | } | 2456 | } |
| 2470 | 2457 | ||
| 2471 | static int match_file(const void *p, struct file *file, unsigned fd) | 2458 | static int match_file(const void *p, struct file *file, unsigned fd) |
| @@ -6266,7 +6253,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6266 | LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), | 6253 | LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), |
| 6267 | LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), | 6254 | LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), |
| 6268 | LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), | 6255 | LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), |
| 6269 | LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec), | ||
| 6270 | 6256 | ||
| 6271 | LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), | 6257 | LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), |
| 6272 | LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), | 6258 | LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), |