diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 51 |
1 files changed, 10 insertions, 41 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 169cf5b3334b..239b13b442e7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -210,12 +210,9 @@ static void cred_init_security(void) | |||
| 210 | struct cred *cred = (struct cred *) current->real_cred; | 210 | struct cred *cred = (struct cred *) current->real_cred; |
| 211 | struct task_security_struct *tsec; | 211 | struct task_security_struct *tsec; |
| 212 | 212 | ||
| 213 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 213 | lsm_early_cred(cred); |
| 214 | if (!tsec) | 214 | tsec = selinux_cred(cred); |
| 215 | panic("SELinux: Failed to initialize initial task.\n"); | ||
| 216 | |||
| 217 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | 215 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
| 218 | cred->security = tsec; | ||
| 219 | } | 216 | } |
| 220 | 217 | ||
| 221 | /* | 218 | /* |
| @@ -3686,46 +3683,15 @@ static int selinux_task_alloc(struct task_struct *task, | |||
| 3686 | } | 3683 | } |
| 3687 | 3684 | ||
| 3688 | /* | 3685 | /* |
| 3689 | * allocate the SELinux part of blank credentials | ||
| 3690 | */ | ||
| 3691 | static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) | ||
| 3692 | { | ||
| 3693 | struct task_security_struct *tsec; | ||
| 3694 | |||
| 3695 | tsec = kzalloc(sizeof(struct task_security_struct), gfp); | ||
| 3696 | if (!tsec) | ||
| 3697 | return -ENOMEM; | ||
| 3698 | |||
| 3699 | cred->security = tsec; | ||
| 3700 | return 0; | ||
| 3701 | } | ||
| 3702 | |||
| 3703 | /* | ||
| 3704 | * detach and free the LSM part of a set of credentials | ||
| 3705 | */ | ||
| 3706 | static void selinux_cred_free(struct cred *cred) | ||
| 3707 | { | ||
| 3708 | struct task_security_struct *tsec = selinux_cred(cred); | ||
| 3709 | |||
| 3710 | kfree(tsec); | ||
| 3711 | } | ||
| 3712 | |||
| 3713 | /* | ||
| 3714 | * prepare a new set of credentials for modification | 3686 | * prepare a new set of credentials for modification |
| 3715 | */ | 3687 | */ |
| 3716 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, | 3688 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, |
| 3717 | gfp_t gfp) | 3689 | gfp_t gfp) |
| 3718 | { | 3690 | { |
| 3719 | const struct task_security_struct *old_tsec; | 3691 | const struct task_security_struct *old_tsec = selinux_cred(old); |
| 3720 | struct task_security_struct *tsec; | 3692 | struct task_security_struct *tsec = selinux_cred(new); |
| 3721 | |||
| 3722 | old_tsec = selinux_cred(old); | ||
| 3723 | |||
| 3724 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); | ||
| 3725 | if (!tsec) | ||
| 3726 | return -ENOMEM; | ||
| 3727 | 3693 | ||
| 3728 | new->security = tsec; | 3694 | *tsec = *old_tsec; |
| 3729 | return 0; | 3695 | return 0; |
| 3730 | } | 3696 | } |
| 3731 | 3697 | ||
| @@ -6678,6 +6644,10 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) | |||
| 6678 | } | 6644 | } |
| 6679 | #endif | 6645 | #endif |
| 6680 | 6646 | ||
| 6647 | struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { | ||
| 6648 | .lbs_cred = sizeof(struct task_security_struct), | ||
| 6649 | }; | ||
| 6650 | |||
| 6681 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | 6651 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { |
| 6682 | LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), | 6652 | LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), |
| 6683 | LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), | 6653 | LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), |
| @@ -6761,8 +6731,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6761 | LSM_HOOK_INIT(file_open, selinux_file_open), | 6731 | LSM_HOOK_INIT(file_open, selinux_file_open), |
| 6762 | 6732 | ||
| 6763 | LSM_HOOK_INIT(task_alloc, selinux_task_alloc), | 6733 | LSM_HOOK_INIT(task_alloc, selinux_task_alloc), |
| 6764 | LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), | ||
| 6765 | LSM_HOOK_INIT(cred_free, selinux_cred_free), | ||
| 6766 | LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), | 6734 | LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), |
| 6767 | LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), | 6735 | LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), |
| 6768 | LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), | 6736 | LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), |
| @@ -6981,6 +6949,7 @@ DEFINE_LSM(selinux) = { | |||
| 6981 | .name = "selinux", | 6949 | .name = "selinux", |
| 6982 | .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, | 6950 | .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, |
| 6983 | .enabled = &selinux_enabled, | 6951 | .enabled = &selinux_enabled, |
| 6952 | .blobs = &selinux_blob_sizes, | ||
| 6984 | .init = selinux_init, | 6953 | .init = selinux_init, |
| 6985 | }; | 6954 | }; |
| 6986 | 6955 | ||