aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:28 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:28 -0500
commit3a3b7ce9336952ea7b9564d976d068a238976c9d (patch)
tree3f0a3be33022492161f534636a20a4b1059f8236 /include/linux/security.h
parent1bfdc75ae077d60a01572a7781ec6264d55ab1b9 (diff)
CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions performed by a task by duplicating a set of credentials, modifying it and then using task_struct::cred to point to it when performing operations on behalf of a task. This is used, for example, by CacheFiles which has to transparently access the cache on behalf of a process that thinks it is doing, say, NFS accesses with a potentially inappropriate (with respect to accessing the cache) set of credentials. This patch provides two LSM hooks for modifying a task security record: (*) security_kernel_act_as() which allows modification of the security datum with which a task acts on other objects (most notably files). (*) security_kernel_create_files_as() which allows modification of the security datum that is used to initialise the security data on a file that a task creates. The patch also provides four new credentials handling functions, which wrap the LSM functions: (1) prepare_kernel_cred() Prepare a set of credentials for a kernel service to use, based either on a daemon's credentials or on init_cred. All the keyrings are cleared. (2) set_security_override() Set the LSM security ID in a set of credentials to a specific security context, assuming permission from the LSM policy. (3) set_security_override_from_ctx() As (2), but takes the security context as a string. (4) set_create_files_as() Set the file creation LSM security ID in a set of credentials to be the same as that on a particular inode. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h28
1 files changed, 28 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 56a0eed65673..59a11e19b617 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -587,6 +587,19 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
587 * @new points to the new credentials. 587 * @new points to the new credentials.
588 * @old points to the original credentials. 588 * @old points to the original credentials.
589 * Install a new set of credentials. 589 * Install a new set of credentials.
590 * @kernel_act_as:
591 * Set the credentials for a kernel service to act as (subjective context).
592 * @new points to the credentials to be modified.
593 * @secid specifies the security ID to be set
594 * The current task must be the one that nominated @secid.
595 * Return 0 if successful.
596 * @kernel_create_files_as:
597 * Set the file creation context in a set of credentials to be the same as
598 * the objective context of the specified inode.
599 * @new points to the credentials to be modified.
600 * @inode points to the inode to use as a reference.
601 * The current task must be the one that nominated @inode.
602 * Return 0 if successful.
590 * @task_setuid: 603 * @task_setuid:
591 * Check permission before setting one or more of the user identity 604 * Check permission before setting one or more of the user identity
592 * attributes of the current process. The @flags parameter indicates 605 * attributes of the current process. The @flags parameter indicates
@@ -1381,6 +1394,8 @@ struct security_operations {
1381 int (*cred_prepare)(struct cred *new, const struct cred *old, 1394 int (*cred_prepare)(struct cred *new, const struct cred *old,
1382 gfp_t gfp); 1395 gfp_t gfp);
1383 void (*cred_commit)(struct cred *new, const struct cred *old); 1396 void (*cred_commit)(struct cred *new, const struct cred *old);
1397 int (*kernel_act_as)(struct cred *new, u32 secid);
1398 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1384 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1399 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1385 int (*task_fix_setuid) (struct cred *new, const struct cred *old, 1400 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1386 int flags); 1401 int flags);
@@ -1632,6 +1647,8 @@ int security_task_create(unsigned long clone_flags);
1632void security_cred_free(struct cred *cred); 1647void security_cred_free(struct cred *cred);
1633int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 1648int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1634void security_commit_creds(struct cred *new, const struct cred *old); 1649void security_commit_creds(struct cred *new, const struct cred *old);
1650int security_kernel_act_as(struct cred *new, u32 secid);
1651int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1635int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); 1652int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1636int security_task_fix_setuid(struct cred *new, const struct cred *old, 1653int security_task_fix_setuid(struct cred *new, const struct cred *old,
1637 int flags); 1654 int flags);
@@ -2151,6 +2168,17 @@ static inline void security_commit_creds(struct cred *new,
2151{ 2168{
2152} 2169}
2153 2170
2171static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2172{
2173 return 0;
2174}
2175
2176static inline int security_kernel_create_files_as(struct cred *cred,
2177 struct inode *inode)
2178{
2179 return 0;
2180}
2181
2154static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, 2182static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2155 int flags) 2183 int flags)
2156{ 2184{