diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-26 14:03:39 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-26 14:03:39 -0400 |
| commit | 8d80ce80e1d58ba9cd3e3972b112cccd6b4008f4 (patch) | |
| tree | 16d3cca8d260c731d02a4e5e1ea5b9817c9c3626 /fs | |
| parent | 1646df40bb111715a90ce0b86448dabbcc5b3f3d (diff) | |
| parent | 703a3cd72817e99201cef84a8a7aecc60b2b3581 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (71 commits)
SELinux: inode_doinit_with_dentry drop no dentry printk
SELinux: new permission between tty audit and audit socket
SELinux: open perm for sock files
smack: fixes for unlabeled host support
keys: make procfiles per-user-namespace
keys: skip keys from another user namespace
keys: consider user namespace in key_permission
keys: distinguish per-uid keys in different namespaces
integrity: ima iint radix_tree_lookup locking fix
TOMOYO: Do not call tomoyo_realpath_init unless registered.
integrity: ima scatterlist bug fix
smack: fix lots of kernel-doc notation
TOMOYO: Don't create securityfs entries unless registered.
TOMOYO: Fix exception policy read failure.
SELinux: convert the avc cache hash list to an hlist
SELinux: code readability with avc_cache
SELinux: remove unused av.decided field
SELinux: more careful use of avd in avc_has_perm_noaudit
SELinux: remove the unused ae.used
SELinux: check seqno when updating an avc_node
...
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/compat.c | 3 | ||||
| -rw-r--r-- | fs/exec.c | 13 | ||||
| -rw-r--r-- | fs/file_table.c | 2 | ||||
| -rw-r--r-- | fs/inode.c | 24 | ||||
| -rw-r--r-- | fs/namei.c | 8 |
5 files changed, 43 insertions, 7 deletions
diff --git a/fs/compat.c b/fs/compat.c index d0145ca27572..0949b43794a4 100644 --- a/fs/compat.c +++ b/fs/compat.c | |||
| @@ -1402,6 +1402,7 @@ int compat_do_execve(char * filename, | |||
| 1402 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | 1402 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); |
| 1403 | if (retval < 0) | 1403 | if (retval < 0) |
| 1404 | goto out_free; | 1404 | goto out_free; |
| 1405 | current->in_execve = 1; | ||
| 1405 | 1406 | ||
| 1406 | retval = -ENOMEM; | 1407 | retval = -ENOMEM; |
| 1407 | bprm->cred = prepare_exec_creds(); | 1408 | bprm->cred = prepare_exec_creds(); |
| @@ -1454,6 +1455,7 @@ int compat_do_execve(char * filename, | |||
| 1454 | goto out; | 1455 | goto out; |
| 1455 | 1456 | ||
| 1456 | /* execve succeeded */ | 1457 | /* execve succeeded */ |
| 1458 | current->in_execve = 0; | ||
| 1457 | mutex_unlock(¤t->cred_exec_mutex); | 1459 | mutex_unlock(¤t->cred_exec_mutex); |
| 1458 | acct_update_integrals(current); | 1460 | acct_update_integrals(current); |
| 1459 | free_bprm(bprm); | 1461 | free_bprm(bprm); |
| @@ -1470,6 +1472,7 @@ out_file: | |||
| 1470 | } | 1472 | } |
| 1471 | 1473 | ||
| 1472 | out_unlock: | 1474 | out_unlock: |
| 1475 | current->in_execve = 0; | ||
| 1473 | mutex_unlock(¤t->cred_exec_mutex); | 1476 | mutex_unlock(¤t->cred_exec_mutex); |
| 1474 | 1477 | ||
| 1475 | out_free: | 1478 | out_free: |
| @@ -45,6 +45,7 @@ | |||
| 45 | #include <linux/proc_fs.h> | 45 | #include <linux/proc_fs.h> |
| 46 | #include <linux/mount.h> | 46 | #include <linux/mount.h> |
| 47 | #include <linux/security.h> | 47 | #include <linux/security.h> |
| 48 | #include <linux/ima.h> | ||
| 48 | #include <linux/syscalls.h> | 49 | #include <linux/syscalls.h> |
| 49 | #include <linux/tsacct_kern.h> | 50 | #include <linux/tsacct_kern.h> |
| 50 | #include <linux/cn_proc.h> | 51 | #include <linux/cn_proc.h> |
| @@ -127,6 +128,9 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) | |||
| 127 | MAY_READ | MAY_EXEC | MAY_OPEN); | 128 | MAY_READ | MAY_EXEC | MAY_OPEN); |
| 128 | if (error) | 129 | if (error) |
| 129 | goto exit; | 130 | goto exit; |
| 131 | error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN); | ||
| 132 | if (error) | ||
| 133 | goto exit; | ||
| 130 | 134 | ||
| 131 | file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); | 135 | file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); |
| 132 | error = PTR_ERR(file); | 136 | error = PTR_ERR(file); |
| @@ -674,6 +678,9 @@ struct file *open_exec(const char *name) | |||
| 674 | err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); | 678 | err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); |
| 675 | if (err) | 679 | if (err) |
| 676 | goto out_path_put; | 680 | goto out_path_put; |
| 681 | err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN); | ||
| 682 | if (err) | ||
| 683 | goto out_path_put; | ||
| 677 | 684 | ||
| 678 | file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); | 685 | file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); |
| 679 | if (IS_ERR(file)) | 686 | if (IS_ERR(file)) |
| @@ -1184,6 +1191,9 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) | |||
| 1184 | retval = security_bprm_check(bprm); | 1191 | retval = security_bprm_check(bprm); |
| 1185 | if (retval) | 1192 | if (retval) |
| 1186 | return retval; | 1193 | return retval; |
| 1194 | retval = ima_bprm_check(bprm); | ||
| 1195 | if (retval) | ||
| 1196 | return retval; | ||
| 1187 | 1197 | ||
| 1188 | /* kernel module loader fixup */ | 1198 | /* kernel module loader fixup */ |
| 1189 | /* so we don't try to load run modprobe in kernel space. */ | 1199 | /* so we don't try to load run modprobe in kernel space. */ |
| @@ -1284,6 +1294,7 @@ int do_execve(char * filename, | |||
| 1284 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | 1294 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); |
| 1285 | if (retval < 0) | 1295 | if (retval < 0) |
| 1286 | goto out_free; | 1296 | goto out_free; |
| 1297 | current->in_execve = 1; | ||
| 1287 | 1298 | ||
| 1288 | retval = -ENOMEM; | 1299 | retval = -ENOMEM; |
| 1289 | bprm->cred = prepare_exec_creds(); | 1300 | bprm->cred = prepare_exec_creds(); |
| @@ -1337,6 +1348,7 @@ int do_execve(char * filename, | |||
| 1337 | goto out; | 1348 | goto out; |
| 1338 | 1349 | ||
| 1339 | /* execve succeeded */ | 1350 | /* execve succeeded */ |
| 1351 | current->in_execve = 0; | ||
| 1340 | mutex_unlock(¤t->cred_exec_mutex); | 1352 | mutex_unlock(¤t->cred_exec_mutex); |
| 1341 | acct_update_integrals(current); | 1353 | acct_update_integrals(current); |
| 1342 | free_bprm(bprm); | 1354 | free_bprm(bprm); |
| @@ -1355,6 +1367,7 @@ out_file: | |||
| 1355 | } | 1367 | } |
| 1356 | 1368 | ||
| 1357 | out_unlock: | 1369 | out_unlock: |
| 1370 | current->in_execve = 0; | ||
| 1358 | mutex_unlock(¤t->cred_exec_mutex); | 1371 | mutex_unlock(¤t->cred_exec_mutex); |
| 1359 | 1372 | ||
| 1360 | out_free: | 1373 | out_free: |
diff --git a/fs/file_table.c b/fs/file_table.c index bbeeac6efa1a..da806aceae3f 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
| @@ -13,6 +13,7 @@ | |||
| 13 | #include <linux/module.h> | 13 | #include <linux/module.h> |
| 14 | #include <linux/fs.h> | 14 | #include <linux/fs.h> |
| 15 | #include <linux/security.h> | 15 | #include <linux/security.h> |
| 16 | #include <linux/ima.h> | ||
| 16 | #include <linux/eventpoll.h> | 17 | #include <linux/eventpoll.h> |
| 17 | #include <linux/rcupdate.h> | 18 | #include <linux/rcupdate.h> |
| 18 | #include <linux/mount.h> | 19 | #include <linux/mount.h> |
| @@ -279,6 +280,7 @@ void __fput(struct file *file) | |||
| 279 | if (file->f_op && file->f_op->release) | 280 | if (file->f_op && file->f_op->release) |
| 280 | file->f_op->release(inode, file); | 281 | file->f_op->release(inode, file); |
| 281 | security_file_free(file); | 282 | security_file_free(file); |
| 283 | ima_file_free(file); | ||
| 282 | if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL)) | 284 | if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL)) |
| 283 | cdev_put(inode->i_cdev); | 285 | cdev_put(inode->i_cdev); |
| 284 | fops_put(file->f_op); | 286 | fops_put(file->f_op); |
diff --git a/fs/inode.c b/fs/inode.c index 6ac0cef6c5f5..643ac43e5a5c 100644 --- a/fs/inode.c +++ b/fs/inode.c | |||
| @@ -17,6 +17,7 @@ | |||
| 17 | #include <linux/hash.h> | 17 | #include <linux/hash.h> |
| 18 | #include <linux/swap.h> | 18 | #include <linux/swap.h> |
| 19 | #include <linux/security.h> | 19 | #include <linux/security.h> |
| 20 | #include <linux/ima.h> | ||
| 20 | #include <linux/pagemap.h> | 21 | #include <linux/pagemap.h> |
| 21 | #include <linux/cdev.h> | 22 | #include <linux/cdev.h> |
| 22 | #include <linux/bootmem.h> | 23 | #include <linux/bootmem.h> |
| @@ -147,13 +148,13 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode) | |||
| 147 | inode->i_cdev = NULL; | 148 | inode->i_cdev = NULL; |
| 148 | inode->i_rdev = 0; | 149 | inode->i_rdev = 0; |
| 149 | inode->dirtied_when = 0; | 150 | inode->dirtied_when = 0; |
| 150 | if (security_inode_alloc(inode)) { | 151 | |
| 151 | if (inode->i_sb->s_op->destroy_inode) | 152 | if (security_inode_alloc(inode)) |
| 152 | inode->i_sb->s_op->destroy_inode(inode); | 153 | goto out_free_inode; |
| 153 | else | 154 | |
| 154 | kmem_cache_free(inode_cachep, (inode)); | 155 | /* allocate and initialize an i_integrity */ |
| 155 | return NULL; | 156 | if (ima_inode_alloc(inode)) |
| 156 | } | 157 | goto out_free_security; |
| 157 | 158 | ||
| 158 | spin_lock_init(&inode->i_lock); | 159 | spin_lock_init(&inode->i_lock); |
| 159 | lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key); | 160 | lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key); |
| @@ -189,6 +190,15 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode) | |||
| 189 | inode->i_mapping = mapping; | 190 | inode->i_mapping = mapping; |
| 190 | 191 | ||
| 191 | return inode; | 192 | return inode; |
| 193 | |||
| 194 | out_free_security: | ||
| 195 | security_inode_free(inode); | ||
| 196 | out_free_inode: | ||
| 197 | if (inode->i_sb->s_op->destroy_inode) | ||
| 198 | inode->i_sb->s_op->destroy_inode(inode); | ||
| 199 | else | ||
| 200 | kmem_cache_free(inode_cachep, (inode)); | ||
| 201 | return NULL; | ||
| 192 | } | 202 | } |
| 193 | EXPORT_SYMBOL(inode_init_always); | 203 | EXPORT_SYMBOL(inode_init_always); |
| 194 | 204 | ||
diff --git a/fs/namei.c b/fs/namei.c index bbc15c237558..199317642ad6 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <linux/fsnotify.h> | 24 | #include <linux/fsnotify.h> |
| 25 | #include <linux/personality.h> | 25 | #include <linux/personality.h> |
| 26 | #include <linux/security.h> | 26 | #include <linux/security.h> |
| 27 | #include <linux/ima.h> | ||
| 27 | #include <linux/syscalls.h> | 28 | #include <linux/syscalls.h> |
| 28 | #include <linux/mount.h> | 29 | #include <linux/mount.h> |
| 29 | #include <linux/audit.h> | 30 | #include <linux/audit.h> |
| @@ -850,6 +851,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd) | |||
| 850 | if (err == -EAGAIN) | 851 | if (err == -EAGAIN) |
| 851 | err = inode_permission(nd->path.dentry->d_inode, | 852 | err = inode_permission(nd->path.dentry->d_inode, |
| 852 | MAY_EXEC); | 853 | MAY_EXEC); |
| 854 | if (!err) | ||
| 855 | err = ima_path_check(&nd->path, MAY_EXEC); | ||
| 853 | if (err) | 856 | if (err) |
| 854 | break; | 857 | break; |
| 855 | 858 | ||
| @@ -1509,6 +1512,11 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
| 1509 | error = inode_permission(inode, acc_mode); | 1512 | error = inode_permission(inode, acc_mode); |
| 1510 | if (error) | 1513 | if (error) |
| 1511 | return error; | 1514 | return error; |
| 1515 | |||
| 1516 | error = ima_path_check(path, | ||
| 1517 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); | ||
| 1518 | if (error) | ||
| 1519 | return error; | ||
| 1512 | /* | 1520 | /* |
| 1513 | * An append-only file must be opened in append mode for writing. | 1521 | * An append-only file must be opened in append mode for writing. |
| 1514 | */ | 1522 | */ |