diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:17 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:17 -0500 |
commit | f1752eec6145c97163dbce62d17cf5d928e28a27 (patch) | |
tree | 16bc51166d38815092de36a461b845b0b4b522f9 /security/selinux/hooks.c | |
parent | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (diff) |
CRED: Detach the credentials from task_struct
Detach the credentials from task_struct, duplicating them in copy_process()
and releasing them in __put_task_struct().
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 328308f2882..658435dce37 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -158,7 +158,7 @@ static int selinux_secmark_enabled(void) | |||
158 | 158 | ||
159 | /* Allocate and free functions for each kind of security blob. */ | 159 | /* Allocate and free functions for each kind of security blob. */ |
160 | 160 | ||
161 | static int task_alloc_security(struct task_struct *task) | 161 | static int cred_alloc_security(struct cred *cred) |
162 | { | 162 | { |
163 | struct task_security_struct *tsec; | 163 | struct task_security_struct *tsec; |
164 | 164 | ||
@@ -167,18 +167,11 @@ static int task_alloc_security(struct task_struct *task) | |||
167 | return -ENOMEM; | 167 | return -ENOMEM; |
168 | 168 | ||
169 | tsec->osid = tsec->sid = SECINITSID_UNLABELED; | 169 | tsec->osid = tsec->sid = SECINITSID_UNLABELED; |
170 | task->cred->security = tsec; | 170 | cred->security = tsec; |
171 | 171 | ||
172 | return 0; | 172 | return 0; |
173 | } | 173 | } |
174 | 174 | ||
175 | static void task_free_security(struct task_struct *task) | ||
176 | { | ||
177 | struct task_security_struct *tsec = task->cred->security; | ||
178 | task->cred->security = NULL; | ||
179 | kfree(tsec); | ||
180 | } | ||
181 | |||
182 | static int inode_alloc_security(struct inode *inode) | 175 | static int inode_alloc_security(struct inode *inode) |
183 | { | 176 | { |
184 | struct task_security_struct *tsec = current->cred->security; | 177 | struct task_security_struct *tsec = current->cred->security; |
@@ -3184,17 +3177,17 @@ static int selinux_task_create(unsigned long clone_flags) | |||
3184 | return task_has_perm(current, current, PROCESS__FORK); | 3177 | return task_has_perm(current, current, PROCESS__FORK); |
3185 | } | 3178 | } |
3186 | 3179 | ||
3187 | static int selinux_task_alloc_security(struct task_struct *tsk) | 3180 | static int selinux_cred_alloc_security(struct cred *cred) |
3188 | { | 3181 | { |
3189 | struct task_security_struct *tsec1, *tsec2; | 3182 | struct task_security_struct *tsec1, *tsec2; |
3190 | int rc; | 3183 | int rc; |
3191 | 3184 | ||
3192 | tsec1 = current->cred->security; | 3185 | tsec1 = current->cred->security; |
3193 | 3186 | ||
3194 | rc = task_alloc_security(tsk); | 3187 | rc = cred_alloc_security(cred); |
3195 | if (rc) | 3188 | if (rc) |
3196 | return rc; | 3189 | return rc; |
3197 | tsec2 = tsk->cred->security; | 3190 | tsec2 = cred->security; |
3198 | 3191 | ||
3199 | tsec2->osid = tsec1->osid; | 3192 | tsec2->osid = tsec1->osid; |
3200 | tsec2->sid = tsec1->sid; | 3193 | tsec2->sid = tsec1->sid; |
@@ -3208,9 +3201,14 @@ static int selinux_task_alloc_security(struct task_struct *tsk) | |||
3208 | return 0; | 3201 | return 0; |
3209 | } | 3202 | } |
3210 | 3203 | ||
3211 | static void selinux_task_free_security(struct task_struct *tsk) | 3204 | /* |
3205 | * detach and free the LSM part of a set of credentials | ||
3206 | */ | ||
3207 | static void selinux_cred_free(struct cred *cred) | ||
3212 | { | 3208 | { |
3213 | task_free_security(tsk); | 3209 | struct task_security_struct *tsec = cred->security; |
3210 | cred->security = NULL; | ||
3211 | kfree(tsec); | ||
3214 | } | 3212 | } |
3215 | 3213 | ||
3216 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3214 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -5552,8 +5550,8 @@ static struct security_operations selinux_ops = { | |||
5552 | .dentry_open = selinux_dentry_open, | 5550 | .dentry_open = selinux_dentry_open, |
5553 | 5551 | ||
5554 | .task_create = selinux_task_create, | 5552 | .task_create = selinux_task_create, |
5555 | .task_alloc_security = selinux_task_alloc_security, | 5553 | .cred_alloc_security = selinux_cred_alloc_security, |
5556 | .task_free_security = selinux_task_free_security, | 5554 | .cred_free = selinux_cred_free, |
5557 | .task_setuid = selinux_task_setuid, | 5555 | .task_setuid = selinux_task_setuid, |
5558 | .task_post_setuid = selinux_task_post_setuid, | 5556 | .task_post_setuid = selinux_task_post_setuid, |
5559 | .task_setgid = selinux_task_setgid, | 5557 | .task_setgid = selinux_task_setgid, |
@@ -5683,7 +5681,7 @@ static __init int selinux_init(void) | |||
5683 | printk(KERN_INFO "SELinux: Initializing.\n"); | 5681 | printk(KERN_INFO "SELinux: Initializing.\n"); |
5684 | 5682 | ||
5685 | /* Set the security state for the initial task. */ | 5683 | /* Set the security state for the initial task. */ |
5686 | if (task_alloc_security(current)) | 5684 | if (cred_alloc_security(current->cred)) |
5687 | panic("SELinux: Failed to initialize initial task.\n"); | 5685 | panic("SELinux: Failed to initialize initial task.\n"); |
5688 | tsec = current->cred->security; | 5686 | tsec = current->cred->security; |
5689 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | 5687 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |