diff options
author | James Morris <jmorris@namei.org> | 2008-12-24 19:40:09 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-12-24 19:40:09 -0500 |
commit | cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (patch) | |
tree | 90d1093131d2a3543a8b3b1f3364e7c6f4081a93 /include/linux | |
parent | 4a6908a3a050aacc9c3a2f36b276b46c0629ad91 (diff) | |
parent | 74192246910ff4fb95309ba1a683215644beeb62 (diff) |
Merge branch 'next' into for-linus
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 26 | ||||
-rw-r--r-- | include/linux/binfmts.h | 16 | ||||
-rw-r--r-- | include/linux/capability.h | 25 | ||||
-rw-r--r-- | include/linux/cred.h | 342 | ||||
-rw-r--r-- | include/linux/fs.h | 8 | ||||
-rw-r--r-- | include/linux/init_task.h | 14 | ||||
-rw-r--r-- | include/linux/key-ui.h | 66 | ||||
-rw-r--r-- | include/linux/key.h | 32 | ||||
-rw-r--r-- | include/linux/keyctl.h | 4 | ||||
-rw-r--r-- | include/linux/nsproxy.h | 1 | ||||
-rw-r--r-- | include/linux/sched.h | 65 | ||||
-rw-r--r-- | include/linux/securebits.h | 2 | ||||
-rw-r--r-- | include/linux/security.h | 344 | ||||
-rw-r--r-- | include/linux/tty.h | 4 | ||||
-rw-r--r-- | include/linux/user_namespace.h | 13 |
15 files changed, 581 insertions, 381 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 8f0672d13eb1..26c4f6f65a46 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -99,6 +99,8 @@ | |||
99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ |
100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ | 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ |
101 | #define AUDIT_EOE 1320 /* End of multi-record event */ | 101 | #define AUDIT_EOE 1320 /* End of multi-record event */ |
102 | #define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */ | ||
103 | #define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */ | ||
102 | 104 | ||
103 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 105 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
104 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 106 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -453,6 +455,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr | |||
453 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 455 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); |
454 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 456 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); |
455 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | 457 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
458 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
459 | const struct cred *new, | ||
460 | const struct cred *old); | ||
461 | extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | ||
456 | 462 | ||
457 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | 463 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) |
458 | { | 464 | { |
@@ -502,6 +508,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
502 | return __audit_mq_getsetattr(mqdes, mqstat); | 508 | return __audit_mq_getsetattr(mqdes, mqstat); |
503 | return 0; | 509 | return 0; |
504 | } | 510 | } |
511 | |||
512 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
513 | const struct cred *new, | ||
514 | const struct cred *old) | ||
515 | { | ||
516 | if (unlikely(!audit_dummy_context())) | ||
517 | return __audit_log_bprm_fcaps(bprm, new, old); | ||
518 | return 0; | ||
519 | } | ||
520 | |||
521 | static inline int audit_log_capset(pid_t pid, const struct cred *new, | ||
522 | const struct cred *old) | ||
523 | { | ||
524 | if (unlikely(!audit_dummy_context())) | ||
525 | return __audit_log_capset(pid, new, old); | ||
526 | return 0; | ||
527 | } | ||
528 | |||
505 | extern int audit_n_rules; | 529 | extern int audit_n_rules; |
506 | extern int audit_signals; | 530 | extern int audit_signals; |
507 | #else | 531 | #else |
@@ -534,6 +558,8 @@ extern int audit_signals; | |||
534 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 558 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
535 | #define audit_mq_notify(d,n) ({ 0; }) | 559 | #define audit_mq_notify(d,n) ({ 0; }) |
536 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 560 | #define audit_mq_getsetattr(d,s) ({ 0; }) |
561 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) | ||
562 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) | ||
537 | #define audit_ptrace(t) ((void)0) | 563 | #define audit_ptrace(t) ((void)0) |
538 | #define audit_n_rules 0 | 564 | #define audit_n_rules 0 |
539 | #define audit_signals 0 | 565 | #define audit_signals 0 |
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 7394b5b349ff..6cbfbe297180 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
@@ -35,16 +35,20 @@ struct linux_binprm{ | |||
35 | struct mm_struct *mm; | 35 | struct mm_struct *mm; |
36 | unsigned long p; /* current top of mem */ | 36 | unsigned long p; /* current top of mem */ |
37 | unsigned int sh_bang:1, | 37 | unsigned int sh_bang:1, |
38 | misc_bang:1; | 38 | misc_bang:1, |
39 | cred_prepared:1,/* true if creds already prepared (multiple | ||
40 | * preps happen for interpreters) */ | ||
41 | cap_effective:1;/* true if has elevated effective capabilities, | ||
42 | * false if not; except for init which inherits | ||
43 | * its parent's caps anyway */ | ||
39 | #ifdef __alpha__ | 44 | #ifdef __alpha__ |
40 | unsigned int taso:1; | 45 | unsigned int taso:1; |
41 | #endif | 46 | #endif |
42 | unsigned int recursion_depth; | 47 | unsigned int recursion_depth; |
43 | struct file * file; | 48 | struct file * file; |
44 | int e_uid, e_gid; | 49 | struct cred *cred; /* new credentials */ |
45 | kernel_cap_t cap_post_exec_permitted; | 50 | int unsafe; /* how unsafe this exec is (mask of LSM_UNSAFE_*) */ |
46 | bool cap_effective; | 51 | unsigned int per_clear; /* bits to clear in current->personality */ |
47 | void *security; | ||
48 | int argc, envc; | 52 | int argc, envc; |
49 | char * filename; /* Name of binary as seen by procps */ | 53 | char * filename; /* Name of binary as seen by procps */ |
50 | char * interp; /* Name of the binary really executed. Most | 54 | char * interp; /* Name of the binary really executed. Most |
@@ -101,7 +105,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm, | |||
101 | int executable_stack); | 105 | int executable_stack); |
102 | extern int bprm_mm_init(struct linux_binprm *bprm); | 106 | extern int bprm_mm_init(struct linux_binprm *bprm); |
103 | extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); | 107 | extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); |
104 | extern void compute_creds(struct linux_binprm *binprm); | 108 | extern void install_exec_creds(struct linux_binprm *bprm); |
105 | extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); | 109 | extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); |
106 | extern int set_binfmt(struct linux_binfmt *new); | 110 | extern int set_binfmt(struct linux_binfmt *new); |
107 | extern void free_bprm(struct linux_binprm *); | 111 | extern void free_bprm(struct linux_binprm *); |
diff --git a/include/linux/capability.h b/include/linux/capability.h index 9d1fe30b6f6c..e22f48c2a46f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -53,6 +53,7 @@ typedef struct __user_cap_data_struct { | |||
53 | #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX | 53 | #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX |
54 | 54 | ||
55 | #define VFS_CAP_REVISION_MASK 0xFF000000 | 55 | #define VFS_CAP_REVISION_MASK 0xFF000000 |
56 | #define VFS_CAP_REVISION_SHIFT 24 | ||
56 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK | 57 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK |
57 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | 58 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 |
58 | 59 | ||
@@ -68,6 +69,9 @@ typedef struct __user_cap_data_struct { | |||
68 | #define VFS_CAP_U32 VFS_CAP_U32_2 | 69 | #define VFS_CAP_U32 VFS_CAP_U32_2 |
69 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 | 70 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 |
70 | 71 | ||
72 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
73 | extern int file_caps_enabled; | ||
74 | #endif | ||
71 | 75 | ||
72 | struct vfs_cap_data { | 76 | struct vfs_cap_data { |
73 | __le32 magic_etc; /* Little endian */ | 77 | __le32 magic_etc; /* Little endian */ |
@@ -96,6 +100,13 @@ typedef struct kernel_cap_struct { | |||
96 | __u32 cap[_KERNEL_CAPABILITY_U32S]; | 100 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
97 | } kernel_cap_t; | 101 | } kernel_cap_t; |
98 | 102 | ||
103 | /* exact same as vfs_cap_data but in cpu endian and always filled completely */ | ||
104 | struct cpu_vfs_cap_data { | ||
105 | __u32 magic_etc; | ||
106 | kernel_cap_t permitted; | ||
107 | kernel_cap_t inheritable; | ||
108 | }; | ||
109 | |||
99 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) | 110 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
100 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) | 111 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
101 | 112 | ||
@@ -454,6 +465,13 @@ static inline int cap_isclear(const kernel_cap_t a) | |||
454 | return 1; | 465 | return 1; |
455 | } | 466 | } |
456 | 467 | ||
468 | /* | ||
469 | * Check if "a" is a subset of "set". | ||
470 | * return 1 if ALL of the capabilities in "a" are also in "set" | ||
471 | * cap_issubset(0101, 1111) will return 1 | ||
472 | * return 0 if ANY of the capabilities in "a" are not in "set" | ||
473 | * cap_issubset(1111, 0101) will return 0 | ||
474 | */ | ||
457 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) | 475 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
458 | { | 476 | { |
459 | kernel_cap_t dest; | 477 | kernel_cap_t dest; |
@@ -501,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set; | |||
501 | extern const kernel_cap_t __cap_full_set; | 519 | extern const kernel_cap_t __cap_full_set; |
502 | extern const kernel_cap_t __cap_init_eff_set; | 520 | extern const kernel_cap_t __cap_init_eff_set; |
503 | 521 | ||
504 | kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); | ||
505 | |||
506 | /** | 522 | /** |
507 | * has_capability - Determine if a task has a superior capability available | 523 | * has_capability - Determine if a task has a superior capability available |
508 | * @t: The task in question | 524 | * @t: The task in question |
@@ -514,9 +530,14 @@ kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); | |||
514 | * Note that this does not set PF_SUPERPRIV on the task. | 530 | * Note that this does not set PF_SUPERPRIV on the task. |
515 | */ | 531 | */ |
516 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) | 532 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) |
533 | #define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0) | ||
517 | 534 | ||
518 | extern int capable(int cap); | 535 | extern int capable(int cap); |
519 | 536 | ||
537 | /* audit system wants to get cap info from files as well */ | ||
538 | struct dentry; | ||
539 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); | ||
540 | |||
520 | #endif /* __KERNEL__ */ | 541 | #endif /* __KERNEL__ */ |
521 | 542 | ||
522 | #endif /* !_LINUX_CAPABILITY_H */ | 543 | #endif /* !_LINUX_CAPABILITY_H */ |
diff --git a/include/linux/cred.h b/include/linux/cred.h index b69222cc1fd2..3282ee4318e7 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* Credentials management | 1 | /* Credentials management - see Documentation/credentials.txt |
2 | * | 2 | * |
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
@@ -12,39 +12,335 @@ | |||
12 | #ifndef _LINUX_CRED_H | 12 | #ifndef _LINUX_CRED_H |
13 | #define _LINUX_CRED_H | 13 | #define _LINUX_CRED_H |
14 | 14 | ||
15 | #define get_current_user() (get_uid(current->user)) | 15 | #include <linux/capability.h> |
16 | #include <linux/key.h> | ||
17 | #include <asm/atomic.h> | ||
16 | 18 | ||
17 | #define task_uid(task) ((task)->uid) | 19 | struct user_struct; |
18 | #define task_gid(task) ((task)->gid) | 20 | struct cred; |
19 | #define task_euid(task) ((task)->euid) | 21 | struct inode; |
20 | #define task_egid(task) ((task)->egid) | ||
21 | 22 | ||
22 | #define current_uid() (current->uid) | 23 | /* |
23 | #define current_gid() (current->gid) | 24 | * COW Supplementary groups list |
24 | #define current_euid() (current->euid) | 25 | */ |
25 | #define current_egid() (current->egid) | 26 | #define NGROUPS_SMALL 32 |
26 | #define current_suid() (current->suid) | 27 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) |
27 | #define current_sgid() (current->sgid) | 28 | |
28 | #define current_fsuid() (current->fsuid) | 29 | struct group_info { |
29 | #define current_fsgid() (current->fsgid) | 30 | atomic_t usage; |
30 | #define current_cap() (current->cap_effective) | 31 | int ngroups; |
32 | int nblocks; | ||
33 | gid_t small_block[NGROUPS_SMALL]; | ||
34 | gid_t *blocks[0]; | ||
35 | }; | ||
36 | |||
37 | /** | ||
38 | * get_group_info - Get a reference to a group info structure | ||
39 | * @group_info: The group info to reference | ||
40 | * | ||
41 | * This gets a reference to a set of supplementary groups. | ||
42 | * | ||
43 | * If the caller is accessing a task's credentials, they must hold the RCU read | ||
44 | * lock when reading. | ||
45 | */ | ||
46 | static inline struct group_info *get_group_info(struct group_info *gi) | ||
47 | { | ||
48 | atomic_inc(&gi->usage); | ||
49 | return gi; | ||
50 | } | ||
51 | |||
52 | /** | ||
53 | * put_group_info - Release a reference to a group info structure | ||
54 | * @group_info: The group info to release | ||
55 | */ | ||
56 | #define put_group_info(group_info) \ | ||
57 | do { \ | ||
58 | if (atomic_dec_and_test(&(group_info)->usage)) \ | ||
59 | groups_free(group_info); \ | ||
60 | } while (0) | ||
61 | |||
62 | extern struct group_info *groups_alloc(int); | ||
63 | extern struct group_info init_groups; | ||
64 | extern void groups_free(struct group_info *); | ||
65 | extern int set_current_groups(struct group_info *); | ||
66 | extern int set_groups(struct cred *, struct group_info *); | ||
67 | extern int groups_search(const struct group_info *, gid_t); | ||
68 | |||
69 | /* access the groups "array" with this macro */ | ||
70 | #define GROUP_AT(gi, i) \ | ||
71 | ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK]) | ||
72 | |||
73 | extern int in_group_p(gid_t); | ||
74 | extern int in_egroup_p(gid_t); | ||
75 | |||
76 | /* | ||
77 | * The common credentials for a thread group | ||
78 | * - shared by CLONE_THREAD | ||
79 | */ | ||
80 | #ifdef CONFIG_KEYS | ||
81 | struct thread_group_cred { | ||
82 | atomic_t usage; | ||
83 | pid_t tgid; /* thread group process ID */ | ||
84 | spinlock_t lock; | ||
85 | struct key *session_keyring; /* keyring inherited over fork */ | ||
86 | struct key *process_keyring; /* keyring private to this process */ | ||
87 | struct rcu_head rcu; /* RCU deletion hook */ | ||
88 | }; | ||
89 | #endif | ||
90 | |||
91 | /* | ||
92 | * The security context of a task | ||
93 | * | ||
94 | * The parts of the context break down into two categories: | ||
95 | * | ||
96 | * (1) The objective context of a task. These parts are used when some other | ||
97 | * task is attempting to affect this one. | ||
98 | * | ||
99 | * (2) The subjective context. These details are used when the task is acting | ||
100 | * upon another object, be that a file, a task, a key or whatever. | ||
101 | * | ||
102 | * Note that some members of this structure belong to both categories - the | ||
103 | * LSM security pointer for instance. | ||
104 | * | ||
105 | * A task has two security pointers. task->real_cred points to the objective | ||
106 | * context that defines that task's actual details. The objective part of this | ||
107 | * context is used whenever that task is acted upon. | ||
108 | * | ||
109 | * task->cred points to the subjective context that defines the details of how | ||
110 | * that task is going to act upon another object. This may be overridden | ||
111 | * temporarily to point to another security context, but normally points to the | ||
112 | * same context as task->real_cred. | ||
113 | */ | ||
114 | struct cred { | ||
115 | atomic_t usage; | ||
116 | uid_t uid; /* real UID of the task */ | ||
117 | gid_t gid; /* real GID of the task */ | ||
118 | uid_t suid; /* saved UID of the task */ | ||
119 | gid_t sgid; /* saved GID of the task */ | ||
120 | uid_t euid; /* effective UID of the task */ | ||
121 | gid_t egid; /* effective GID of the task */ | ||
122 | uid_t fsuid; /* UID for VFS ops */ | ||
123 | gid_t fsgid; /* GID for VFS ops */ | ||
124 | unsigned securebits; /* SUID-less security management */ | ||
125 | kernel_cap_t cap_inheritable; /* caps our children can inherit */ | ||
126 | kernel_cap_t cap_permitted; /* caps we're permitted */ | ||
127 | kernel_cap_t cap_effective; /* caps we can actually use */ | ||
128 | kernel_cap_t cap_bset; /* capability bounding set */ | ||
129 | #ifdef CONFIG_KEYS | ||
130 | unsigned char jit_keyring; /* default keyring to attach requested | ||
131 | * keys to */ | ||
132 | struct key *thread_keyring; /* keyring private to this thread */ | ||
133 | struct key *request_key_auth; /* assumed request_key authority */ | ||
134 | struct thread_group_cred *tgcred; /* thread-group shared credentials */ | ||
135 | #endif | ||
136 | #ifdef CONFIG_SECURITY | ||
137 | void *security; /* subjective LSM security */ | ||
138 | #endif | ||
139 | struct user_struct *user; /* real user ID subscription */ | ||
140 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ | ||
141 | struct rcu_head rcu; /* RCU deletion hook */ | ||
142 | }; | ||
143 | |||
144 | extern void __put_cred(struct cred *); | ||
145 | extern int copy_creds(struct task_struct *, unsigned long); | ||
146 | extern struct cred *prepare_creds(void); | ||
147 | extern struct cred *prepare_exec_creds(void); | ||
148 | extern struct cred *prepare_usermodehelper_creds(void); | ||
149 | extern int commit_creds(struct cred *); | ||
150 | extern void abort_creds(struct cred *); | ||
151 | extern const struct cred *override_creds(const struct cred *); | ||
152 | extern void revert_creds(const struct cred *); | ||
153 | extern struct cred *prepare_kernel_cred(struct task_struct *); | ||
154 | extern int change_create_files_as(struct cred *, struct inode *); | ||
155 | extern int set_security_override(struct cred *, u32); | ||
156 | extern int set_security_override_from_ctx(struct cred *, const char *); | ||
157 | extern int set_create_files_as(struct cred *, struct inode *); | ||
158 | extern void __init cred_init(void); | ||
159 | |||
160 | /** | ||
161 | * get_new_cred - Get a reference on a new set of credentials | ||
162 | * @cred: The new credentials to reference | ||
163 | * | ||
164 | * Get a reference on the specified set of new credentials. The caller must | ||
165 | * release the reference. | ||
166 | */ | ||
167 | static inline struct cred *get_new_cred(struct cred *cred) | ||
168 | { | ||
169 | atomic_inc(&cred->usage); | ||
170 | return cred; | ||
171 | } | ||
172 | |||
173 | /** | ||
174 | * get_cred - Get a reference on a set of credentials | ||
175 | * @cred: The credentials to reference | ||
176 | * | ||
177 | * Get a reference on the specified set of credentials. The caller must | ||
178 | * release the reference. | ||
179 | * | ||
180 | * This is used to deal with a committed set of credentials. Although the | ||
181 | * pointer is const, this will temporarily discard the const and increment the | ||
182 | * usage count. The purpose of this is to attempt to catch at compile time the | ||
183 | * accidental alteration of a set of credentials that should be considered | ||
184 | * immutable. | ||
185 | */ | ||
186 | static inline const struct cred *get_cred(const struct cred *cred) | ||
187 | { | ||
188 | return get_new_cred((struct cred *) cred); | ||
189 | } | ||
190 | |||
191 | /** | ||
192 | * put_cred - Release a reference to a set of credentials | ||
193 | * @cred: The credentials to release | ||
194 | * | ||
195 | * Release a reference to a set of credentials, deleting them when the last ref | ||
196 | * is released. | ||
197 | * | ||
198 | * This takes a const pointer to a set of credentials because the credentials | ||
199 | * on task_struct are attached by const pointers to prevent accidental | ||
200 | * alteration of otherwise immutable credential sets. | ||
201 | */ | ||
202 | static inline void put_cred(const struct cred *_cred) | ||
203 | { | ||
204 | struct cred *cred = (struct cred *) _cred; | ||
205 | |||
206 | BUG_ON(atomic_read(&(cred)->usage) <= 0); | ||
207 | if (atomic_dec_and_test(&(cred)->usage)) | ||
208 | __put_cred(cred); | ||
209 | } | ||
210 | |||
211 | /** | ||
212 | * current_cred - Access the current task's subjective credentials | ||
213 | * | ||
214 | * Access the subjective credentials of the current task. | ||
215 | */ | ||
216 | #define current_cred() \ | ||
217 | (current->cred) | ||
218 | |||
219 | /** | ||
220 | * __task_cred - Access a task's objective credentials | ||
221 | * @task: The task to query | ||
222 | * | ||
223 | * Access the objective credentials of a task. The caller must hold the RCU | ||
224 | * readlock. | ||
225 | * | ||
226 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
227 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
228 | */ | ||
229 | #define __task_cred(task) \ | ||
230 | ((const struct cred *)(rcu_dereference((task)->real_cred))) | ||
231 | |||
232 | /** | ||
233 | * get_task_cred - Get another task's objective credentials | ||
234 | * @task: The task to query | ||
235 | * | ||
236 | * Get the objective credentials of a task, pinning them so that they can't go | ||
237 | * away. Accessing a task's credentials directly is not permitted. | ||
238 | * | ||
239 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
240 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
241 | */ | ||
242 | #define get_task_cred(task) \ | ||
243 | ({ \ | ||
244 | struct cred *__cred; \ | ||
245 | rcu_read_lock(); \ | ||
246 | __cred = (struct cred *) __task_cred((task)); \ | ||
247 | get_cred(__cred); \ | ||
248 | rcu_read_unlock(); \ | ||
249 | __cred; \ | ||
250 | }) | ||
251 | |||
252 | /** | ||
253 | * get_current_cred - Get the current task's subjective credentials | ||
254 | * | ||
255 | * Get the subjective credentials of the current task, pinning them so that | ||
256 | * they can't go away. Accessing the current task's credentials directly is | ||
257 | * not permitted. | ||
258 | */ | ||
259 | #define get_current_cred() \ | ||
260 | (get_cred(current_cred())) | ||
261 | |||
262 | /** | ||
263 | * get_current_user - Get the current task's user_struct | ||
264 | * | ||
265 | * Get the user record of the current task, pinning it so that it can't go | ||
266 | * away. | ||
267 | */ | ||
268 | #define get_current_user() \ | ||
269 | ({ \ | ||
270 | struct user_struct *__u; \ | ||
271 | struct cred *__cred; \ | ||
272 | __cred = (struct cred *) current_cred(); \ | ||
273 | __u = get_uid(__cred->user); \ | ||
274 | __u; \ | ||
275 | }) | ||
276 | |||
277 | /** | ||
278 | * get_current_groups - Get the current task's supplementary group list | ||
279 | * | ||
280 | * Get the supplementary group list of the current task, pinning it so that it | ||
281 | * can't go away. | ||
282 | */ | ||
283 | #define get_current_groups() \ | ||
284 | ({ \ | ||
285 | struct group_info *__groups; \ | ||
286 | struct cred *__cred; \ | ||
287 | __cred = (struct cred *) current_cred(); \ | ||
288 | __groups = get_group_info(__cred->group_info); \ | ||
289 | __groups; \ | ||
290 | }) | ||
291 | |||
292 | #define task_cred_xxx(task, xxx) \ | ||
293 | ({ \ | ||
294 | __typeof__(((struct cred *)NULL)->xxx) ___val; \ | ||
295 | rcu_read_lock(); \ | ||
296 | ___val = __task_cred((task))->xxx; \ | ||
297 | rcu_read_unlock(); \ | ||
298 | ___val; \ | ||
299 | }) | ||
300 | |||
301 | #define task_uid(task) (task_cred_xxx((task), uid)) | ||
302 | #define task_euid(task) (task_cred_xxx((task), euid)) | ||
303 | |||
304 | #define current_cred_xxx(xxx) \ | ||
305 | ({ \ | ||
306 | current->cred->xxx; \ | ||
307 | }) | ||
308 | |||
309 | #define current_uid() (current_cred_xxx(uid)) | ||
310 | #define current_gid() (current_cred_xxx(gid)) | ||
311 | #define current_euid() (current_cred_xxx(euid)) | ||
312 | #define current_egid() (current_cred_xxx(egid)) | ||
313 | #define current_suid() (current_cred_xxx(suid)) | ||
314 | #define current_sgid() (current_cred_xxx(sgid)) | ||
315 | #define current_fsuid() (current_cred_xxx(fsuid)) | ||
316 | #define current_fsgid() (current_cred_xxx(fsgid)) | ||
317 | #define current_cap() (current_cred_xxx(cap_effective)) | ||
318 | #define current_user() (current_cred_xxx(user)) | ||
319 | #define current_user_ns() (current_cred_xxx(user)->user_ns) | ||
320 | #define current_security() (current_cred_xxx(security)) | ||
31 | 321 | ||
32 | #define current_uid_gid(_uid, _gid) \ | 322 | #define current_uid_gid(_uid, _gid) \ |
33 | do { \ | 323 | do { \ |
34 | *(_uid) = current->uid; \ | 324 | const struct cred *__cred; \ |
35 | *(_gid) = current->gid; \ | 325 | __cred = current_cred(); \ |
326 | *(_uid) = __cred->uid; \ | ||
327 | *(_gid) = __cred->gid; \ | ||
36 | } while(0) | 328 | } while(0) |
37 | 329 | ||
38 | #define current_euid_egid(_uid, _gid) \ | 330 | #define current_euid_egid(_euid, _egid) \ |
39 | do { \ | 331 | do { \ |
40 | *(_uid) = current->euid; \ | 332 | const struct cred *__cred; \ |
41 | *(_gid) = current->egid; \ | 333 | __cred = current_cred(); \ |
334 | *(_euid) = __cred->euid; \ | ||
335 | *(_egid) = __cred->egid; \ | ||
42 | } while(0) | 336 | } while(0) |
43 | 337 | ||
44 | #define current_fsuid_fsgid(_uid, _gid) \ | 338 | #define current_fsuid_fsgid(_fsuid, _fsgid) \ |
45 | do { \ | 339 | do { \ |
46 | *(_uid) = current->fsuid; \ | 340 | const struct cred *__cred; \ |
47 | *(_gid) = current->fsgid; \ | 341 | __cred = current_cred(); \ |
342 | *(_fsuid) = __cred->fsuid; \ | ||
343 | *(_fsgid) = __cred->fsgid; \ | ||
48 | } while(0) | 344 | } while(0) |
49 | 345 | ||
50 | #endif /* _LINUX_CRED_H */ | 346 | #endif /* _LINUX_CRED_H */ |
diff --git a/include/linux/fs.h b/include/linux/fs.h index 4a853ef6fd35..195a8cb2a749 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
@@ -316,6 +316,7 @@ struct poll_table_struct; | |||
316 | struct kstatfs; | 316 | struct kstatfs; |
317 | struct vm_area_struct; | 317 | struct vm_area_struct; |
318 | struct vfsmount; | 318 | struct vfsmount; |
319 | struct cred; | ||
319 | 320 | ||
320 | extern void __init inode_init(void); | 321 | extern void __init inode_init(void); |
321 | extern void __init inode_init_early(void); | 322 | extern void __init inode_init_early(void); |
@@ -827,7 +828,7 @@ struct file { | |||
827 | fmode_t f_mode; | 828 | fmode_t f_mode; |
828 | loff_t f_pos; | 829 | loff_t f_pos; |
829 | struct fown_struct f_owner; | 830 | struct fown_struct f_owner; |
830 | unsigned int f_uid, f_gid; | 831 | const struct cred *f_cred; |
831 | struct file_ra_state f_ra; | 832 | struct file_ra_state f_ra; |
832 | 833 | ||
833 | u64 f_version; | 834 | u64 f_version; |
@@ -1194,7 +1195,7 @@ enum { | |||
1194 | #define has_fs_excl() atomic_read(¤t->fs_excl) | 1195 | #define has_fs_excl() atomic_read(¤t->fs_excl) |
1195 | 1196 | ||
1196 | #define is_owner_or_cap(inode) \ | 1197 | #define is_owner_or_cap(inode) \ |
1197 | ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) | 1198 | ((current_fsuid() == (inode)->i_uid) || capable(CAP_FOWNER)) |
1198 | 1199 | ||
1199 | /* not quite ready to be deprecated, but... */ | 1200 | /* not quite ready to be deprecated, but... */ |
1200 | extern void lock_super(struct super_block *); | 1201 | extern void lock_super(struct super_block *); |
@@ -1674,7 +1675,8 @@ extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, | |||
1674 | extern long do_sys_open(int dfd, const char __user *filename, int flags, | 1675 | extern long do_sys_open(int dfd, const char __user *filename, int flags, |
1675 | int mode); | 1676 | int mode); |
1676 | extern struct file *filp_open(const char *, int, int); | 1677 | extern struct file *filp_open(const char *, int, int); |
1677 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int); | 1678 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int, |
1679 | const struct cred *); | ||
1678 | extern int filp_close(struct file *, fl_owner_t id); | 1680 | extern int filp_close(struct file *, fl_owner_t id); |
1679 | extern char * getname(const char __user *); | 1681 | extern char * getname(const char __user *); |
1680 | 1682 | ||
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 23fd8909b9e5..959f5522d10a 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
@@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy; | |||
57 | .mnt_ns = NULL, \ | 57 | .mnt_ns = NULL, \ |
58 | INIT_NET_NS(net_ns) \ | 58 | INIT_NET_NS(net_ns) \ |
59 | INIT_IPC_NS(ipc_ns) \ | 59 | INIT_IPC_NS(ipc_ns) \ |
60 | .user_ns = &init_user_ns, \ | ||
61 | } | 60 | } |
62 | 61 | ||
63 | #define INIT_SIGHAND(sighand) { \ | 62 | #define INIT_SIGHAND(sighand) { \ |
@@ -113,6 +112,8 @@ extern struct group_info init_groups; | |||
113 | # define CAP_INIT_BSET CAP_INIT_EFF_SET | 112 | # define CAP_INIT_BSET CAP_INIT_EFF_SET |
114 | #endif | 113 | #endif |
115 | 114 | ||
115 | extern struct cred init_cred; | ||
116 | |||
116 | /* | 117 | /* |
117 | * INIT_TASK is used to set up the first task table, touch at | 118 | * INIT_TASK is used to set up the first task table, touch at |
118 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | 119 | * your own risk!. Base=0, limit=0x1fffff (=2MB) |
@@ -147,13 +148,10 @@ extern struct group_info init_groups; | |||
147 | .children = LIST_HEAD_INIT(tsk.children), \ | 148 | .children = LIST_HEAD_INIT(tsk.children), \ |
148 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ | 149 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ |
149 | .group_leader = &tsk, \ | 150 | .group_leader = &tsk, \ |
150 | .group_info = &init_groups, \ | 151 | .real_cred = &init_cred, \ |
151 | .cap_effective = CAP_INIT_EFF_SET, \ | 152 | .cred = &init_cred, \ |
152 | .cap_inheritable = CAP_INIT_INH_SET, \ | 153 | .cred_exec_mutex = \ |
153 | .cap_permitted = CAP_FULL_SET, \ | 154 | __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \ |
154 | .cap_bset = CAP_INIT_BSET, \ | ||
155 | .securebits = SECUREBITS_DEFAULT, \ | ||
156 | .user = INIT_USER, \ | ||
157 | .comm = "swapper", \ | 155 | .comm = "swapper", \ |
158 | .thread = INIT_THREAD, \ | 156 | .thread = INIT_THREAD, \ |
159 | .fs = &init_fs, \ | 157 | .fs = &init_fs, \ |
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h deleted file mode 100644 index e8b8a7a5c496..000000000000 --- a/include/linux/key-ui.h +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | /* key-ui.h: key userspace interface stuff | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_KEY_UI_H | ||
13 | #define _LINUX_KEY_UI_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | |||
17 | /* the key tree */ | ||
18 | extern struct rb_root key_serial_tree; | ||
19 | extern spinlock_t key_serial_lock; | ||
20 | |||
21 | /* required permissions */ | ||
22 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
23 | #define KEY_READ 0x02 /* require permission to read content */ | ||
24 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
25 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
26 | #define KEY_LINK 0x10 /* require permission to link */ | ||
27 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
28 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
29 | |||
30 | /* | ||
31 | * the keyring payload contains a list of the keys to which the keyring is | ||
32 | * subscribed | ||
33 | */ | ||
34 | struct keyring_list { | ||
35 | struct rcu_head rcu; /* RCU deletion hook */ | ||
36 | unsigned short maxkeys; /* max keys this list can hold */ | ||
37 | unsigned short nkeys; /* number of keys currently held */ | ||
38 | unsigned short delkey; /* key to be unlinked by RCU */ | ||
39 | struct key *keys[0]; | ||
40 | }; | ||
41 | |||
42 | /* | ||
43 | * check to see whether permission is granted to use a key in the desired way | ||
44 | */ | ||
45 | extern int key_task_permission(const key_ref_t key_ref, | ||
46 | struct task_struct *context, | ||
47 | key_perm_t perm); | ||
48 | |||
49 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
50 | { | ||
51 | return key_task_permission(key_ref, current, perm); | ||
52 | } | ||
53 | |||
54 | extern key_ref_t lookup_user_key(struct task_struct *context, | ||
55 | key_serial_t id, int create, int partial, | ||
56 | key_perm_t perm); | ||
57 | |||
58 | extern long join_session_keyring(const char *name); | ||
59 | |||
60 | extern struct key_type *key_type_lookup(const char *type); | ||
61 | extern void key_type_put(struct key_type *ktype); | ||
62 | |||
63 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
64 | |||
65 | |||
66 | #endif /* _LINUX_KEY_UI_H */ | ||
diff --git a/include/linux/key.h b/include/linux/key.h index 1b70e35a71e3..21d32a142c00 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
@@ -73,6 +73,7 @@ struct key; | |||
73 | struct seq_file; | 73 | struct seq_file; |
74 | struct user_struct; | 74 | struct user_struct; |
75 | struct signal_struct; | 75 | struct signal_struct; |
76 | struct cred; | ||
76 | 77 | ||
77 | struct key_type; | 78 | struct key_type; |
78 | struct key_owner; | 79 | struct key_owner; |
@@ -181,7 +182,7 @@ struct key { | |||
181 | extern struct key *key_alloc(struct key_type *type, | 182 | extern struct key *key_alloc(struct key_type *type, |
182 | const char *desc, | 183 | const char *desc, |
183 | uid_t uid, gid_t gid, | 184 | uid_t uid, gid_t gid, |
184 | struct task_struct *ctx, | 185 | const struct cred *cred, |
185 | key_perm_t perm, | 186 | key_perm_t perm, |
186 | unsigned long flags); | 187 | unsigned long flags); |
187 | 188 | ||
@@ -249,7 +250,7 @@ extern int key_unlink(struct key *keyring, | |||
249 | struct key *key); | 250 | struct key *key); |
250 | 251 | ||
251 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | 252 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
252 | struct task_struct *ctx, | 253 | const struct cred *cred, |
253 | unsigned long flags, | 254 | unsigned long flags, |
254 | struct key *dest); | 255 | struct key *dest); |
255 | 256 | ||
@@ -276,24 +277,11 @@ extern ctl_table key_sysctls[]; | |||
276 | /* | 277 | /* |
277 | * the userspace interface | 278 | * the userspace interface |
278 | */ | 279 | */ |
279 | extern void switch_uid_keyring(struct user_struct *new_user); | 280 | extern int install_thread_keyring_to_cred(struct cred *cred); |
280 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); | ||
281 | extern int copy_thread_group_keys(struct task_struct *tsk); | ||
282 | extern void exit_keys(struct task_struct *tsk); | ||
283 | extern void exit_thread_group_keys(struct signal_struct *tg); | ||
284 | extern int suid_keys(struct task_struct *tsk); | ||
285 | extern int exec_keys(struct task_struct *tsk); | ||
286 | extern void key_fsuid_changed(struct task_struct *tsk); | 281 | extern void key_fsuid_changed(struct task_struct *tsk); |
287 | extern void key_fsgid_changed(struct task_struct *tsk); | 282 | extern void key_fsgid_changed(struct task_struct *tsk); |
288 | extern void key_init(void); | 283 | extern void key_init(void); |
289 | 284 | ||
290 | #define __install_session_keyring(tsk, keyring) \ | ||
291 | ({ \ | ||
292 | struct key *old_session = tsk->signal->session_keyring; \ | ||
293 | tsk->signal->session_keyring = keyring; \ | ||
294 | old_session; \ | ||
295 | }) | ||
296 | |||
297 | #else /* CONFIG_KEYS */ | 285 | #else /* CONFIG_KEYS */ |
298 | 286 | ||
299 | #define key_validate(k) 0 | 287 | #define key_validate(k) 0 |
@@ -302,17 +290,9 @@ extern void key_init(void); | |||
302 | #define key_revoke(k) do { } while(0) | 290 | #define key_revoke(k) do { } while(0) |
303 | #define key_put(k) do { } while(0) | 291 | #define key_put(k) do { } while(0) |
304 | #define key_ref_put(k) do { } while(0) | 292 | #define key_ref_put(k) do { } while(0) |
305 | #define make_key_ref(k, p) ({ NULL; }) | 293 | #define make_key_ref(k, p) NULL |
306 | #define key_ref_to_ptr(k) ({ NULL; }) | 294 | #define key_ref_to_ptr(k) NULL |
307 | #define is_key_possessed(k) 0 | 295 | #define is_key_possessed(k) 0 |
308 | #define switch_uid_keyring(u) do { } while(0) | ||
309 | #define __install_session_keyring(t, k) ({ NULL; }) | ||
310 | #define copy_keys(f,t) 0 | ||
311 | #define copy_thread_group_keys(t) 0 | ||
312 | #define exit_keys(t) do { } while(0) | ||
313 | #define exit_thread_group_keys(tg) do { } while(0) | ||
314 | #define suid_keys(t) do { } while(0) | ||
315 | #define exec_keys(t) do { } while(0) | ||
316 | #define key_fsuid_changed(t) do { } while(0) | 296 | #define key_fsuid_changed(t) do { } while(0) |
317 | #define key_fsgid_changed(t) do { } while(0) | 297 | #define key_fsgid_changed(t) do { } while(0) |
318 | #define key_init() do { } while(0) | 298 | #define key_init() do { } while(0) |
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index 656ee6b77a4a..c0688eb72093 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h | |||
@@ -1,6 +1,6 @@ | |||
1 | /* keyctl.h: keyctl command IDs | 1 | /* keyctl.h: keyctl command IDs |
2 | * | 2 | * |
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | 5 | * |
6 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
@@ -20,6 +20,7 @@ | |||
20 | #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ | 20 | #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ |
21 | #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ | 21 | #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ |
22 | #define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ | 22 | #define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ |
23 | #define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */ | ||
23 | 24 | ||
24 | /* request-key default keyrings */ | 25 | /* request-key default keyrings */ |
25 | #define KEY_REQKEY_DEFL_NO_CHANGE -1 | 26 | #define KEY_REQKEY_DEFL_NO_CHANGE -1 |
@@ -30,6 +31,7 @@ | |||
30 | #define KEY_REQKEY_DEFL_USER_KEYRING 4 | 31 | #define KEY_REQKEY_DEFL_USER_KEYRING 4 |
31 | #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 | 32 | #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 |
32 | #define KEY_REQKEY_DEFL_GROUP_KEYRING 6 | 33 | #define KEY_REQKEY_DEFL_GROUP_KEYRING 6 |
34 | #define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7 | ||
33 | 35 | ||
34 | /* keyctl commands */ | 36 | /* keyctl commands */ |
35 | #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ | 37 | #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ |
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h index c8a768e59640..afad7dec1b36 100644 --- a/include/linux/nsproxy.h +++ b/include/linux/nsproxy.h | |||
@@ -27,7 +27,6 @@ struct nsproxy { | |||
27 | struct ipc_namespace *ipc_ns; | 27 | struct ipc_namespace *ipc_ns; |
28 | struct mnt_namespace *mnt_ns; | 28 | struct mnt_namespace *mnt_ns; |
29 | struct pid_namespace *pid_ns; | 29 | struct pid_namespace *pid_ns; |
30 | struct user_namespace *user_ns; | ||
31 | struct net *net_ns; | 30 | struct net *net_ns; |
32 | }; | 31 | }; |
33 | extern struct nsproxy init_nsproxy; | 32 | extern struct nsproxy init_nsproxy; |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 55e30d114477..9624e2cfc2dc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -572,12 +572,6 @@ struct signal_struct { | |||
572 | */ | 572 | */ |
573 | struct rlimit rlim[RLIM_NLIMITS]; | 573 | struct rlimit rlim[RLIM_NLIMITS]; |
574 | 574 | ||
575 | /* keep the process-shared keyrings here so that they do the right | ||
576 | * thing in threads created with CLONE_THREAD */ | ||
577 | #ifdef CONFIG_KEYS | ||
578 | struct key *session_keyring; /* keyring inherited over fork */ | ||
579 | struct key *process_keyring; /* keyring private to this process */ | ||
580 | #endif | ||
581 | #ifdef CONFIG_BSD_PROCESS_ACCT | 575 | #ifdef CONFIG_BSD_PROCESS_ACCT |
582 | struct pacct_struct pacct; /* per-process accounting information */ | 576 | struct pacct_struct pacct; /* per-process accounting information */ |
583 | #endif | 577 | #endif |
@@ -648,6 +642,7 @@ struct user_struct { | |||
648 | /* Hash table maintenance information */ | 642 | /* Hash table maintenance information */ |
649 | struct hlist_node uidhash_node; | 643 | struct hlist_node uidhash_node; |
650 | uid_t uid; | 644 | uid_t uid; |
645 | struct user_namespace *user_ns; | ||
651 | 646 | ||
652 | #ifdef CONFIG_USER_SCHED | 647 | #ifdef CONFIG_USER_SCHED |
653 | struct task_group *tg; | 648 | struct task_group *tg; |
@@ -665,6 +660,7 @@ extern struct user_struct *find_user(uid_t); | |||
665 | extern struct user_struct root_user; | 660 | extern struct user_struct root_user; |
666 | #define INIT_USER (&root_user) | 661 | #define INIT_USER (&root_user) |
667 | 662 | ||
663 | |||
668 | struct backing_dev_info; | 664 | struct backing_dev_info; |
669 | struct reclaim_state; | 665 | struct reclaim_state; |
670 | 666 | ||
@@ -888,38 +884,7 @@ partition_sched_domains(int ndoms_new, cpumask_t *doms_new, | |||
888 | #endif /* !CONFIG_SMP */ | 884 | #endif /* !CONFIG_SMP */ |
889 | 885 | ||
890 | struct io_context; /* See blkdev.h */ | 886 | struct io_context; /* See blkdev.h */ |
891 | #define NGROUPS_SMALL 32 | ||
892 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) | ||
893 | struct group_info { | ||
894 | int ngroups; | ||
895 | atomic_t usage; | ||
896 | gid_t small_block[NGROUPS_SMALL]; | ||
897 | int nblocks; | ||
898 | gid_t *blocks[0]; | ||
899 | }; | ||
900 | 887 | ||
901 | /* | ||
902 | * get_group_info() must be called with the owning task locked (via task_lock()) | ||
903 | * when task != current. The reason being that the vast majority of callers are | ||
904 | * looking at current->group_info, which can not be changed except by the | ||
905 | * current task. Changing current->group_info requires the task lock, too. | ||
906 | */ | ||
907 | #define get_group_info(group_info) do { \ | ||
908 | atomic_inc(&(group_info)->usage); \ | ||
909 | } while (0) | ||
910 | |||
911 | #define put_group_info(group_info) do { \ | ||
912 | if (atomic_dec_and_test(&(group_info)->usage)) \ | ||
913 | groups_free(group_info); \ | ||
914 | } while (0) | ||
915 | |||
916 | extern struct group_info *groups_alloc(int gidsetsize); | ||
917 | extern void groups_free(struct group_info *group_info); | ||
918 | extern int set_current_groups(struct group_info *group_info); | ||
919 | extern int groups_search(struct group_info *group_info, gid_t grp); | ||
920 | /* access the groups "array" with this macro */ | ||
921 | #define GROUP_AT(gi, i) \ | ||
922 | ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK]) | ||
923 | 888 | ||
924 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK | 889 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK |
925 | extern void prefetch_stack(struct task_struct *t); | 890 | extern void prefetch_stack(struct task_struct *t); |
@@ -1186,17 +1151,12 @@ struct task_struct { | |||
1186 | struct list_head cpu_timers[3]; | 1151 | struct list_head cpu_timers[3]; |
1187 | 1152 | ||
1188 | /* process credentials */ | 1153 | /* process credentials */ |
1189 | uid_t uid,euid,suid,fsuid; | 1154 | const struct cred *real_cred; /* objective and real subjective task |
1190 | gid_t gid,egid,sgid,fsgid; | 1155 | * credentials (COW) */ |
1191 | struct group_info *group_info; | 1156 | const struct cred *cred; /* effective (overridable) subjective task |
1192 | kernel_cap_t cap_effective, cap_inheritable, cap_permitted, cap_bset; | 1157 | * credentials (COW) */ |
1193 | struct user_struct *user; | 1158 | struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */ |
1194 | unsigned securebits; | 1159 | |
1195 | #ifdef CONFIG_KEYS | ||
1196 | unsigned char jit_keyring; /* default keyring to attach requested keys to */ | ||
1197 | struct key *request_key_auth; /* assumed request_key authority */ | ||
1198 | struct key *thread_keyring; /* keyring private to this thread */ | ||
1199 | #endif | ||
1200 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 1160 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
1201 | - access with [gs]et_task_comm (which lock | 1161 | - access with [gs]et_task_comm (which lock |
1202 | it with task_lock()) | 1162 | it with task_lock()) |
@@ -1233,9 +1193,6 @@ struct task_struct { | |||
1233 | int (*notifier)(void *priv); | 1193 | int (*notifier)(void *priv); |
1234 | void *notifier_data; | 1194 | void *notifier_data; |
1235 | sigset_t *notifier_mask; | 1195 | sigset_t *notifier_mask; |
1236 | #ifdef CONFIG_SECURITY | ||
1237 | void *security; | ||
1238 | #endif | ||
1239 | struct audit_context *audit_context; | 1196 | struct audit_context *audit_context; |
1240 | #ifdef CONFIG_AUDITSYSCALL | 1197 | #ifdef CONFIG_AUDITSYSCALL |
1241 | uid_t loginuid; | 1198 | uid_t loginuid; |
@@ -1775,7 +1732,6 @@ static inline struct user_struct *get_uid(struct user_struct *u) | |||
1775 | return u; | 1732 | return u; |
1776 | } | 1733 | } |
1777 | extern void free_uid(struct user_struct *); | 1734 | extern void free_uid(struct user_struct *); |
1778 | extern void switch_uid(struct user_struct *); | ||
1779 | extern void release_uids(struct user_namespace *ns); | 1735 | extern void release_uids(struct user_namespace *ns); |
1780 | 1736 | ||
1781 | #include <asm/current.h> | 1737 | #include <asm/current.h> |
@@ -1794,9 +1750,6 @@ extern void wake_up_new_task(struct task_struct *tsk, | |||
1794 | extern void sched_fork(struct task_struct *p, int clone_flags); | 1750 | extern void sched_fork(struct task_struct *p, int clone_flags); |
1795 | extern void sched_dead(struct task_struct *p); | 1751 | extern void sched_dead(struct task_struct *p); |
1796 | 1752 | ||
1797 | extern int in_group_p(gid_t); | ||
1798 | extern int in_egroup_p(gid_t); | ||
1799 | |||
1800 | extern void proc_caches_init(void); | 1753 | extern void proc_caches_init(void); |
1801 | extern void flush_signals(struct task_struct *); | 1754 | extern void flush_signals(struct task_struct *); |
1802 | extern void ignore_signals(struct task_struct *); | 1755 | extern void ignore_signals(struct task_struct *); |
@@ -1928,6 +1881,8 @@ static inline unsigned long wait_task_inactive(struct task_struct *p, | |||
1928 | #define for_each_process(p) \ | 1881 | #define for_each_process(p) \ |
1929 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) | 1882 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) |
1930 | 1883 | ||
1884 | extern bool is_single_threaded(struct task_struct *); | ||
1885 | |||
1931 | /* | 1886 | /* |
1932 | * Careful: do_each_thread/while_each_thread is a double loop so | 1887 | * Careful: do_each_thread/while_each_thread is a double loop so |
1933 | * 'break' will not work as expected - use goto instead. | 1888 | * 'break' will not work as expected - use goto instead. |
diff --git a/include/linux/securebits.h b/include/linux/securebits.h index 92f09bdf1175..d2c5ed845bcc 100644 --- a/include/linux/securebits.h +++ b/include/linux/securebits.h | |||
@@ -32,7 +32,7 @@ | |||
32 | setting is locked or not. A setting which is locked cannot be | 32 | setting is locked or not. A setting which is locked cannot be |
33 | changed from user-level. */ | 33 | changed from user-level. */ |
34 | #define issecure_mask(X) (1 << (X)) | 34 | #define issecure_mask(X) (1 << (X)) |
35 | #define issecure(X) (issecure_mask(X) & current->securebits) | 35 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
36 | 36 | ||
37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ | 37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ | 38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
diff --git a/include/linux/security.h b/include/linux/security.h index e3d4ecda2673..3416cb85e77b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -37,6 +37,10 @@ | |||
37 | /* Maximum number of letters for an LSM name string */ | 37 | /* Maximum number of letters for an LSM name string */ |
38 | #define SECURITY_NAME_MAX 10 | 38 | #define SECURITY_NAME_MAX 10 |
39 | 39 | ||
40 | /* If capable should audit the security request */ | ||
41 | #define SECURITY_CAP_NOAUDIT 0 | ||
42 | #define SECURITY_CAP_AUDIT 1 | ||
43 | |||
40 | struct ctl_table; | 44 | struct ctl_table; |
41 | struct audit_krule; | 45 | struct audit_krule; |
42 | 46 | ||
@@ -44,25 +48,25 @@ struct audit_krule; | |||
44 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
45 | * as the default capabilities functions | 49 | * as the default capabilities functions |
46 | */ | 50 | */ |
47 | extern int cap_capable(struct task_struct *tsk, int cap); | 51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); |
48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
49 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
50 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
51 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
52 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 56 | extern int cap_capset(struct cred *new, const struct cred *old, |
53 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 57 | const kernel_cap_t *effective, |
54 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 58 | const kernel_cap_t *inheritable, |
55 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 59 | const kernel_cap_t *permitted); |
60 | extern int cap_bprm_set_creds(struct linux_binprm *bprm); | ||
56 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 61 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
57 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | 62 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
58 | const void *value, size_t size, int flags); | 63 | const void *value, size_t size, int flags); |
59 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 64 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
60 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 65 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
61 | extern int cap_inode_killpriv(struct dentry *dentry); | 66 | extern int cap_inode_killpriv(struct dentry *dentry); |
62 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 67 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
63 | extern void cap_task_reparent_to_init(struct task_struct *p); | ||
64 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 68 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
65 | unsigned long arg4, unsigned long arg5, long *rc_p); | 69 | unsigned long arg4, unsigned long arg5); |
66 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 70 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); |
67 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 71 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
68 | extern int cap_task_setnice(struct task_struct *p, int nice); | 72 | extern int cap_task_setnice(struct task_struct *p, int nice); |
@@ -105,7 +109,7 @@ extern unsigned long mmap_min_addr; | |||
105 | struct sched_param; | 109 | struct sched_param; |
106 | struct request_sock; | 110 | struct request_sock; |
107 | 111 | ||
108 | /* bprm_apply_creds unsafe reasons */ | 112 | /* bprm->unsafe reasons */ |
109 | #define LSM_UNSAFE_SHARE 1 | 113 | #define LSM_UNSAFE_SHARE 1 |
110 | #define LSM_UNSAFE_PTRACE 2 | 114 | #define LSM_UNSAFE_PTRACE 2 |
111 | #define LSM_UNSAFE_PTRACE_CAP 4 | 115 | #define LSM_UNSAFE_PTRACE_CAP 4 |
@@ -149,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
149 | * | 153 | * |
150 | * Security hooks for program execution operations. | 154 | * Security hooks for program execution operations. |
151 | * | 155 | * |
152 | * @bprm_alloc_security: | 156 | * @bprm_set_creds: |
153 | * Allocate and attach a security structure to the @bprm->security field. | ||
154 | * The security field is initialized to NULL when the bprm structure is | ||
155 | * allocated. | ||
156 | * @bprm contains the linux_binprm structure to be modified. | ||
157 | * Return 0 if operation was successful. | ||
158 | * @bprm_free_security: | ||
159 | * @bprm contains the linux_binprm structure to be modified. | ||
160 | * Deallocate and clear the @bprm->security field. | ||
161 | * @bprm_apply_creds: | ||
162 | * Compute and set the security attributes of a process being transformed | ||
163 | * by an execve operation based on the old attributes (current->security) | ||
164 | * and the information saved in @bprm->security by the set_security hook. | ||
165 | * Since this hook function (and its caller) are void, this hook can not | ||
166 | * return an error. However, it can leave the security attributes of the | ||
167 | * process unchanged if an access failure occurs at this point. | ||
168 | * bprm_apply_creds is called under task_lock. @unsafe indicates various | ||
169 | * reasons why it may be unsafe to change security state. | ||
170 | * @bprm contains the linux_binprm structure. | ||
171 | * @bprm_post_apply_creds: | ||
172 | * Runs after bprm_apply_creds with the task_lock dropped, so that | ||
173 | * functions which cannot be called safely under the task_lock can | ||
174 | * be used. This hook is a good place to perform state changes on | ||
175 | * the process such as closing open file descriptors to which access | ||
176 | * is no longer granted if the attributes were changed. | ||
177 | * Note that a security module might need to save state between | ||
178 | * bprm_apply_creds and bprm_post_apply_creds to store the decision | ||
179 | * on whether the process may proceed. | ||
180 | * @bprm contains the linux_binprm structure. | ||
181 | * @bprm_set_security: | ||
182 | * Save security information in the bprm->security field, typically based | 157 | * Save security information in the bprm->security field, typically based |
183 | * on information about the bprm->file, for later use by the apply_creds | 158 | * on information about the bprm->file, for later use by the apply_creds |
184 | * hook. This hook may also optionally check permissions (e.g. for | 159 | * hook. This hook may also optionally check permissions (e.g. for |
@@ -191,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
191 | * @bprm contains the linux_binprm structure. | 166 | * @bprm contains the linux_binprm structure. |
192 | * Return 0 if the hook is successful and permission is granted. | 167 | * Return 0 if the hook is successful and permission is granted. |
193 | * @bprm_check_security: | 168 | * @bprm_check_security: |
194 | * This hook mediates the point when a search for a binary handler will | 169 | * This hook mediates the point when a search for a binary handler will |
195 | * begin. It allows a check the @bprm->security value which is set in | 170 | * begin. It allows a check the @bprm->security value which is set in the |
196 | * the preceding set_security call. The primary difference from | 171 | * preceding set_creds call. The primary difference from set_creds is |
197 | * set_security is that the argv list and envp list are reliably | 172 | * that the argv list and envp list are reliably available in @bprm. This |
198 | * available in @bprm. This hook may be called multiple times | 173 | * hook may be called multiple times during a single execve; and in each |
199 | * during a single execve; and in each pass set_security is called | 174 | * pass set_creds is called first. |
200 | * first. | ||
201 | * @bprm contains the linux_binprm structure. | 175 | * @bprm contains the linux_binprm structure. |
202 | * Return 0 if the hook is successful and permission is granted. | 176 | * Return 0 if the hook is successful and permission is granted. |
177 | * @bprm_committing_creds: | ||
178 | * Prepare to install the new security attributes of a process being | ||
179 | * transformed by an execve operation, based on the old credentials | ||
180 | * pointed to by @current->cred and the information set in @bprm->cred by | ||
181 | * the bprm_set_creds hook. @bprm points to the linux_binprm structure. | ||
182 | * This hook is a good place to perform state changes on the process such | ||
183 | * as closing open file descriptors to which access will no longer be | ||
184 | * granted when the attributes are changed. This is called immediately | ||
185 | * before commit_creds(). | ||
186 | * @bprm_committed_creds: | ||
187 | * Tidy up after the installation of the new security attributes of a | ||
188 | * process being transformed by an execve operation. The new credentials | ||
189 | * have, by this point, been set to @current->cred. @bprm points to the | ||
190 | * linux_binprm structure. This hook is a good place to perform state | ||
191 | * changes on the process such as clearing out non-inheritable signal | ||
192 | * state. This is called immediately after commit_creds(). | ||
203 | * @bprm_secureexec: | 193 | * @bprm_secureexec: |
204 | * Return a boolean value (0 or 1) indicating whether a "secure exec" | 194 | * Return a boolean value (0 or 1) indicating whether a "secure exec" |
205 | * is required. The flag is passed in the auxiliary table | 195 | * is required. The flag is passed in the auxiliary table |
@@ -585,15 +575,31 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
585 | * manual page for definitions of the @clone_flags. | 575 | * manual page for definitions of the @clone_flags. |
586 | * @clone_flags contains the flags indicating what should be shared. | 576 | * @clone_flags contains the flags indicating what should be shared. |
587 | * Return 0 if permission is granted. | 577 | * Return 0 if permission is granted. |
588 | * @task_alloc_security: | 578 | * @cred_free: |
589 | * @p contains the task_struct for child process. | 579 | * @cred points to the credentials. |
590 | * Allocate and attach a security structure to the p->security field. The | 580 | * Deallocate and clear the cred->security field in a set of credentials. |
591 | * security field is initialized to NULL when the task structure is | 581 | * @cred_prepare: |
592 | * allocated. | 582 | * @new points to the new credentials. |
593 | * Return 0 if operation was successful. | 583 | * @old points to the original credentials. |
594 | * @task_free_security: | 584 | * @gfp indicates the atomicity of any memory allocations. |
595 | * @p contains the task_struct for process. | 585 | * Prepare a new set of credentials by copying the data from the old set. |
596 | * Deallocate and clear the p->security field. | 586 | * @cred_commit: |
587 | * @new points to the new credentials. | ||
588 | * @old points to the original credentials. | ||
589 | * Install a new set of credentials. | ||
590 | * @kernel_act_as: | ||
591 | * Set the credentials for a kernel service to act as (subjective context). | ||
592 | * @new points to the credentials to be modified. | ||
593 | * @secid specifies the security ID to be set | ||
594 | * The current task must be the one that nominated @secid. | ||
595 | * Return 0 if successful. | ||
596 | * @kernel_create_files_as: | ||
597 | * Set the file creation context in a set of credentials to be the same as | ||
598 | * the objective context of the specified inode. | ||
599 | * @new points to the credentials to be modified. | ||
600 | * @inode points to the inode to use as a reference. | ||
601 | * The current task must be the one that nominated @inode. | ||
602 | * Return 0 if successful. | ||
597 | * @task_setuid: | 603 | * @task_setuid: |
598 | * Check permission before setting one or more of the user identity | 604 | * Check permission before setting one or more of the user identity |
599 | * attributes of the current process. The @flags parameter indicates | 605 | * attributes of the current process. The @flags parameter indicates |
@@ -606,15 +612,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
606 | * @id2 contains a uid. | 612 | * @id2 contains a uid. |
607 | * @flags contains one of the LSM_SETID_* values. | 613 | * @flags contains one of the LSM_SETID_* values. |
608 | * Return 0 if permission is granted. | 614 | * Return 0 if permission is granted. |
609 | * @task_post_setuid: | 615 | * @task_fix_setuid: |
610 | * Update the module's state after setting one or more of the user | 616 | * Update the module's state after setting one or more of the user |
611 | * identity attributes of the current process. The @flags parameter | 617 | * identity attributes of the current process. The @flags parameter |
612 | * indicates which of the set*uid system calls invoked this hook. If | 618 | * indicates which of the set*uid system calls invoked this hook. If |
613 | * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other | 619 | * @new is the set of credentials that will be installed. Modifications |
614 | * parameters are not used. | 620 | * should be made to this rather than to @current->cred. |
615 | * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). | 621 | * @old is the set of credentials that are being replaces |
616 | * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS). | ||
617 | * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS). | ||
618 | * @flags contains one of the LSM_SETID_* values. | 622 | * @flags contains one of the LSM_SETID_* values. |
619 | * Return 0 on success. | 623 | * Return 0 on success. |
620 | * @task_setgid: | 624 | * @task_setgid: |
@@ -717,13 +721,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
717 | * @arg3 contains a argument. | 721 | * @arg3 contains a argument. |
718 | * @arg4 contains a argument. | 722 | * @arg4 contains a argument. |
719 | * @arg5 contains a argument. | 723 | * @arg5 contains a argument. |
720 | * @rc_p contains a pointer to communicate back the forced return code | 724 | * Return -ENOSYS if no-one wanted to handle this op, any other value to |
721 | * Return 0 if permission is granted, and non-zero if the security module | 725 | * cause prctl() to return immediately with that value. |
722 | * has taken responsibility (setting *rc_p) for the prctl call. | ||
723 | * @task_reparent_to_init: | ||
724 | * Set the security attributes in @p->security for a kernel thread that | ||
725 | * is being reparented to the init task. | ||
726 | * @p contains the task_struct for the kernel thread. | ||
727 | * @task_to_inode: | 726 | * @task_to_inode: |
728 | * Set the security attributes for an inode based on an associated task's | 727 | * Set the security attributes for an inode based on an associated task's |
729 | * security attributes, e.g. for /proc/pid inodes. | 728 | * security attributes, e.g. for /proc/pid inodes. |
@@ -1000,7 +999,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1000 | * See whether a specific operational right is granted to a process on a | 999 | * See whether a specific operational right is granted to a process on a |
1001 | * key. | 1000 | * key. |
1002 | * @key_ref refers to the key (key pointer + possession attribute bit). | 1001 | * @key_ref refers to the key (key pointer + possession attribute bit). |
1003 | * @context points to the process to provide the context against which to | 1002 | * @cred points to the credentials to provide the context against which to |
1004 | * evaluate the security data on the key. | 1003 | * evaluate the security data on the key. |
1005 | * @perm describes the combination of permissions required of this key. | 1004 | * @perm describes the combination of permissions required of this key. |
1006 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1005 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
@@ -1162,6 +1161,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1162 | * @child process. | 1161 | * @child process. |
1163 | * Security modules may also want to perform a process tracing check | 1162 | * Security modules may also want to perform a process tracing check |
1164 | * during an execve in the set_security or apply_creds hooks of | 1163 | * during an execve in the set_security or apply_creds hooks of |
1164 | * tracing check during an execve in the bprm_set_creds hook of | ||
1165 | * binprm_security_ops if the process is being traced and its security | 1165 | * binprm_security_ops if the process is being traced and its security |
1166 | * attributes would be changed by the execve. | 1166 | * attributes would be changed by the execve. |
1167 | * @child contains the task_struct structure for the target process. | 1167 | * @child contains the task_struct structure for the target process. |
@@ -1185,29 +1185,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1185 | * @inheritable contains the inheritable capability set. | 1185 | * @inheritable contains the inheritable capability set. |
1186 | * @permitted contains the permitted capability set. | 1186 | * @permitted contains the permitted capability set. |
1187 | * Return 0 if the capability sets were successfully obtained. | 1187 | * Return 0 if the capability sets were successfully obtained. |
1188 | * @capset_check: | 1188 | * @capset: |
1189 | * Check permission before setting the @effective, @inheritable, and | ||
1190 | * @permitted capability sets for the @target process. | ||
1191 | * Caveat: @target is also set to current if a set of processes is | ||
1192 | * specified (i.e. all processes other than current and init or a | ||
1193 | * particular process group). Hence, the capset_set hook may need to | ||
1194 | * revalidate permission to the actual target process. | ||
1195 | * @target contains the task_struct structure for target process. | ||
1196 | * @effective contains the effective capability set. | ||
1197 | * @inheritable contains the inheritable capability set. | ||
1198 | * @permitted contains the permitted capability set. | ||
1199 | * Return 0 if permission is granted. | ||
1200 | * @capset_set: | ||
1201 | * Set the @effective, @inheritable, and @permitted capability sets for | 1189 | * Set the @effective, @inheritable, and @permitted capability sets for |
1202 | * the @target process. Since capset_check cannot always check permission | 1190 | * the current process. |
1203 | * to the real @target process, this hook may also perform permission | 1191 | * @new contains the new credentials structure for target process. |
1204 | * checking to determine if the current process is allowed to set the | 1192 | * @old contains the current credentials structure for target process. |
1205 | * capability sets of the @target process. However, this hook has no way | ||
1206 | * of returning an error due to the structure of the sys_capset code. | ||
1207 | * @target contains the task_struct structure for target process. | ||
1208 | * @effective contains the effective capability set. | 1193 | * @effective contains the effective capability set. |
1209 | * @inheritable contains the inheritable capability set. | 1194 | * @inheritable contains the inheritable capability set. |
1210 | * @permitted contains the permitted capability set. | 1195 | * @permitted contains the permitted capability set. |
1196 | * Return 0 and update @new if permission is granted. | ||
1211 | * @capable: | 1197 | * @capable: |
1212 | * Check whether the @tsk process has the @cap capability. | 1198 | * Check whether the @tsk process has the @cap capability. |
1213 | * @tsk contains the task_struct for the process. | 1199 | * @tsk contains the task_struct for the process. |
@@ -1299,15 +1285,12 @@ struct security_operations { | |||
1299 | int (*capget) (struct task_struct *target, | 1285 | int (*capget) (struct task_struct *target, |
1300 | kernel_cap_t *effective, | 1286 | kernel_cap_t *effective, |
1301 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1287 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
1302 | int (*capset_check) (struct task_struct *target, | 1288 | int (*capset) (struct cred *new, |
1303 | kernel_cap_t *effective, | 1289 | const struct cred *old, |
1304 | kernel_cap_t *inheritable, | 1290 | const kernel_cap_t *effective, |
1305 | kernel_cap_t *permitted); | 1291 | const kernel_cap_t *inheritable, |
1306 | void (*capset_set) (struct task_struct *target, | 1292 | const kernel_cap_t *permitted); |
1307 | kernel_cap_t *effective, | 1293 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
1308 | kernel_cap_t *inheritable, | ||
1309 | kernel_cap_t *permitted); | ||
1310 | int (*capable) (struct task_struct *tsk, int cap); | ||
1311 | int (*acct) (struct file *file); | 1294 | int (*acct) (struct file *file); |
1312 | int (*sysctl) (struct ctl_table *table, int op); | 1295 | int (*sysctl) (struct ctl_table *table, int op); |
1313 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1296 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
@@ -1316,18 +1299,16 @@ struct security_operations { | |||
1316 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1299 | int (*settime) (struct timespec *ts, struct timezone *tz); |
1317 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1300 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
1318 | 1301 | ||
1319 | int (*bprm_alloc_security) (struct linux_binprm *bprm); | 1302 | int (*bprm_set_creds) (struct linux_binprm *bprm); |
1320 | void (*bprm_free_security) (struct linux_binprm *bprm); | ||
1321 | void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); | ||
1322 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); | ||
1323 | int (*bprm_set_security) (struct linux_binprm *bprm); | ||
1324 | int (*bprm_check_security) (struct linux_binprm *bprm); | 1303 | int (*bprm_check_security) (struct linux_binprm *bprm); |
1325 | int (*bprm_secureexec) (struct linux_binprm *bprm); | 1304 | int (*bprm_secureexec) (struct linux_binprm *bprm); |
1305 | void (*bprm_committing_creds) (struct linux_binprm *bprm); | ||
1306 | void (*bprm_committed_creds) (struct linux_binprm *bprm); | ||
1326 | 1307 | ||
1327 | int (*sb_alloc_security) (struct super_block *sb); | 1308 | int (*sb_alloc_security) (struct super_block *sb); |
1328 | void (*sb_free_security) (struct super_block *sb); | 1309 | void (*sb_free_security) (struct super_block *sb); |
1329 | int (*sb_copy_data) (char *orig, char *copy); | 1310 | int (*sb_copy_data) (char *orig, char *copy); |
1330 | int (*sb_kern_mount) (struct super_block *sb, void *data); | 1311 | int (*sb_kern_mount) (struct super_block *sb, int flags, void *data); |
1331 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); | 1312 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); |
1332 | int (*sb_statfs) (struct dentry *dentry); | 1313 | int (*sb_statfs) (struct dentry *dentry); |
1333 | int (*sb_mount) (char *dev_name, struct path *path, | 1314 | int (*sb_mount) (char *dev_name, struct path *path, |
@@ -1406,14 +1387,18 @@ struct security_operations { | |||
1406 | int (*file_send_sigiotask) (struct task_struct *tsk, | 1387 | int (*file_send_sigiotask) (struct task_struct *tsk, |
1407 | struct fown_struct *fown, int sig); | 1388 | struct fown_struct *fown, int sig); |
1408 | int (*file_receive) (struct file *file); | 1389 | int (*file_receive) (struct file *file); |
1409 | int (*dentry_open) (struct file *file); | 1390 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1410 | 1391 | ||
1411 | int (*task_create) (unsigned long clone_flags); | 1392 | int (*task_create) (unsigned long clone_flags); |
1412 | int (*task_alloc_security) (struct task_struct *p); | 1393 | void (*cred_free) (struct cred *cred); |
1413 | void (*task_free_security) (struct task_struct *p); | 1394 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1395 | gfp_t gfp); | ||
1396 | void (*cred_commit)(struct cred *new, const struct cred *old); | ||
1397 | int (*kernel_act_as)(struct cred *new, u32 secid); | ||
1398 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | ||
1414 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1399 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1415 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , | 1400 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1416 | uid_t old_euid, uid_t old_suid, int flags); | 1401 | int flags); |
1417 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | 1402 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
1418 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1403 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1419 | int (*task_getpgid) (struct task_struct *p); | 1404 | int (*task_getpgid) (struct task_struct *p); |
@@ -1433,8 +1418,7 @@ struct security_operations { | |||
1433 | int (*task_wait) (struct task_struct *p); | 1418 | int (*task_wait) (struct task_struct *p); |
1434 | int (*task_prctl) (int option, unsigned long arg2, | 1419 | int (*task_prctl) (int option, unsigned long arg2, |
1435 | unsigned long arg3, unsigned long arg4, | 1420 | unsigned long arg3, unsigned long arg4, |
1436 | unsigned long arg5, long *rc_p); | 1421 | unsigned long arg5); |
1437 | void (*task_reparent_to_init) (struct task_struct *p); | ||
1438 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); | 1422 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); |
1439 | 1423 | ||
1440 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); | 1424 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); |
@@ -1539,10 +1523,10 @@ struct security_operations { | |||
1539 | 1523 | ||
1540 | /* key management security hooks */ | 1524 | /* key management security hooks */ |
1541 | #ifdef CONFIG_KEYS | 1525 | #ifdef CONFIG_KEYS |
1542 | int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); | 1526 | int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags); |
1543 | void (*key_free) (struct key *key); | 1527 | void (*key_free) (struct key *key); |
1544 | int (*key_permission) (key_ref_t key_ref, | 1528 | int (*key_permission) (key_ref_t key_ref, |
1545 | struct task_struct *context, | 1529 | const struct cred *cred, |
1546 | key_perm_t perm); | 1530 | key_perm_t perm); |
1547 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1531 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1548 | #endif /* CONFIG_KEYS */ | 1532 | #endif /* CONFIG_KEYS */ |
@@ -1568,15 +1552,12 @@ int security_capget(struct task_struct *target, | |||
1568 | kernel_cap_t *effective, | 1552 | kernel_cap_t *effective, |
1569 | kernel_cap_t *inheritable, | 1553 | kernel_cap_t *inheritable, |
1570 | kernel_cap_t *permitted); | 1554 | kernel_cap_t *permitted); |
1571 | int security_capset_check(struct task_struct *target, | 1555 | int security_capset(struct cred *new, const struct cred *old, |
1572 | kernel_cap_t *effective, | 1556 | const kernel_cap_t *effective, |
1573 | kernel_cap_t *inheritable, | 1557 | const kernel_cap_t *inheritable, |
1574 | kernel_cap_t *permitted); | 1558 | const kernel_cap_t *permitted); |
1575 | void security_capset_set(struct task_struct *target, | ||
1576 | kernel_cap_t *effective, | ||
1577 | kernel_cap_t *inheritable, | ||
1578 | kernel_cap_t *permitted); | ||
1579 | int security_capable(struct task_struct *tsk, int cap); | 1559 | int security_capable(struct task_struct *tsk, int cap); |
1560 | int security_capable_noaudit(struct task_struct *tsk, int cap); | ||
1580 | int security_acct(struct file *file); | 1561 | int security_acct(struct file *file); |
1581 | int security_sysctl(struct ctl_table *table, int op); | 1562 | int security_sysctl(struct ctl_table *table, int op); |
1582 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1563 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
@@ -1586,17 +1567,15 @@ int security_settime(struct timespec *ts, struct timezone *tz); | |||
1586 | int security_vm_enough_memory(long pages); | 1567 | int security_vm_enough_memory(long pages); |
1587 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1568 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
1588 | int security_vm_enough_memory_kern(long pages); | 1569 | int security_vm_enough_memory_kern(long pages); |
1589 | int security_bprm_alloc(struct linux_binprm *bprm); | 1570 | int security_bprm_set_creds(struct linux_binprm *bprm); |
1590 | void security_bprm_free(struct linux_binprm *bprm); | ||
1591 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | ||
1592 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); | ||
1593 | int security_bprm_set(struct linux_binprm *bprm); | ||
1594 | int security_bprm_check(struct linux_binprm *bprm); | 1571 | int security_bprm_check(struct linux_binprm *bprm); |
1572 | void security_bprm_committing_creds(struct linux_binprm *bprm); | ||
1573 | void security_bprm_committed_creds(struct linux_binprm *bprm); | ||
1595 | int security_bprm_secureexec(struct linux_binprm *bprm); | 1574 | int security_bprm_secureexec(struct linux_binprm *bprm); |
1596 | int security_sb_alloc(struct super_block *sb); | 1575 | int security_sb_alloc(struct super_block *sb); |
1597 | void security_sb_free(struct super_block *sb); | 1576 | void security_sb_free(struct super_block *sb); |
1598 | int security_sb_copy_data(char *orig, char *copy); | 1577 | int security_sb_copy_data(char *orig, char *copy); |
1599 | int security_sb_kern_mount(struct super_block *sb, void *data); | 1578 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data); |
1600 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); | 1579 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); |
1601 | int security_sb_statfs(struct dentry *dentry); | 1580 | int security_sb_statfs(struct dentry *dentry); |
1602 | int security_sb_mount(char *dev_name, struct path *path, | 1581 | int security_sb_mount(char *dev_name, struct path *path, |
@@ -1663,13 +1642,16 @@ int security_file_set_fowner(struct file *file); | |||
1663 | int security_file_send_sigiotask(struct task_struct *tsk, | 1642 | int security_file_send_sigiotask(struct task_struct *tsk, |
1664 | struct fown_struct *fown, int sig); | 1643 | struct fown_struct *fown, int sig); |
1665 | int security_file_receive(struct file *file); | 1644 | int security_file_receive(struct file *file); |
1666 | int security_dentry_open(struct file *file); | 1645 | int security_dentry_open(struct file *file, const struct cred *cred); |
1667 | int security_task_create(unsigned long clone_flags); | 1646 | int security_task_create(unsigned long clone_flags); |
1668 | int security_task_alloc(struct task_struct *p); | 1647 | void security_cred_free(struct cred *cred); |
1669 | void security_task_free(struct task_struct *p); | 1648 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1649 | void security_commit_creds(struct cred *new, const struct cred *old); | ||
1650 | int security_kernel_act_as(struct cred *new, u32 secid); | ||
1651 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | ||
1670 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1652 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1671 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 1653 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1672 | uid_t old_suid, int flags); | 1654 | int flags); |
1673 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | 1655 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
1674 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1656 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1675 | int security_task_getpgid(struct task_struct *p); | 1657 | int security_task_getpgid(struct task_struct *p); |
@@ -1688,8 +1670,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, | |||
1688 | int sig, u32 secid); | 1670 | int sig, u32 secid); |
1689 | int security_task_wait(struct task_struct *p); | 1671 | int security_task_wait(struct task_struct *p); |
1690 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 1672 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
1691 | unsigned long arg4, unsigned long arg5, long *rc_p); | 1673 | unsigned long arg4, unsigned long arg5); |
1692 | void security_task_reparent_to_init(struct task_struct *p); | ||
1693 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1674 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1694 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1675 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1695 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | 1676 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); |
@@ -1764,25 +1745,23 @@ static inline int security_capget(struct task_struct *target, | |||
1764 | return cap_capget(target, effective, inheritable, permitted); | 1745 | return cap_capget(target, effective, inheritable, permitted); |
1765 | } | 1746 | } |
1766 | 1747 | ||
1767 | static inline int security_capset_check(struct task_struct *target, | 1748 | static inline int security_capset(struct cred *new, |
1768 | kernel_cap_t *effective, | 1749 | const struct cred *old, |
1769 | kernel_cap_t *inheritable, | 1750 | const kernel_cap_t *effective, |
1770 | kernel_cap_t *permitted) | 1751 | const kernel_cap_t *inheritable, |
1752 | const kernel_cap_t *permitted) | ||
1771 | { | 1753 | { |
1772 | return cap_capset_check(target, effective, inheritable, permitted); | 1754 | return cap_capset(new, old, effective, inheritable, permitted); |
1773 | } | 1755 | } |
1774 | 1756 | ||
1775 | static inline void security_capset_set(struct task_struct *target, | 1757 | static inline int security_capable(struct task_struct *tsk, int cap) |
1776 | kernel_cap_t *effective, | ||
1777 | kernel_cap_t *inheritable, | ||
1778 | kernel_cap_t *permitted) | ||
1779 | { | 1758 | { |
1780 | cap_capset_set(target, effective, inheritable, permitted); | 1759 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); |
1781 | } | 1760 | } |
1782 | 1761 | ||
1783 | static inline int security_capable(struct task_struct *tsk, int cap) | 1762 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) |
1784 | { | 1763 | { |
1785 | return cap_capable(tsk, cap); | 1764 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
1786 | } | 1765 | } |
1787 | 1766 | ||
1788 | static inline int security_acct(struct file *file) | 1767 | static inline int security_acct(struct file *file) |
@@ -1835,32 +1814,22 @@ static inline int security_vm_enough_memory_kern(long pages) | |||
1835 | return cap_vm_enough_memory(current->mm, pages); | 1814 | return cap_vm_enough_memory(current->mm, pages); |
1836 | } | 1815 | } |
1837 | 1816 | ||
1838 | static inline int security_bprm_alloc(struct linux_binprm *bprm) | 1817 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) |
1839 | { | ||
1840 | return 0; | ||
1841 | } | ||
1842 | |||
1843 | static inline void security_bprm_free(struct linux_binprm *bprm) | ||
1844 | { } | ||
1845 | |||
1846 | static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
1847 | { | 1818 | { |
1848 | cap_bprm_apply_creds(bprm, unsafe); | 1819 | return cap_bprm_set_creds(bprm); |
1849 | } | 1820 | } |
1850 | 1821 | ||
1851 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 1822 | static inline int security_bprm_check(struct linux_binprm *bprm) |
1852 | { | 1823 | { |
1853 | return; | 1824 | return 0; |
1854 | } | 1825 | } |
1855 | 1826 | ||
1856 | static inline int security_bprm_set(struct linux_binprm *bprm) | 1827 | static inline void security_bprm_committing_creds(struct linux_binprm *bprm) |
1857 | { | 1828 | { |
1858 | return cap_bprm_set_security(bprm); | ||
1859 | } | 1829 | } |
1860 | 1830 | ||
1861 | static inline int security_bprm_check(struct linux_binprm *bprm) | 1831 | static inline void security_bprm_committed_creds(struct linux_binprm *bprm) |
1862 | { | 1832 | { |
1863 | return 0; | ||
1864 | } | 1833 | } |
1865 | 1834 | ||
1866 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) | 1835 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) |
@@ -1881,7 +1850,7 @@ static inline int security_sb_copy_data(char *orig, char *copy) | |||
1881 | return 0; | 1850 | return 0; |
1882 | } | 1851 | } |
1883 | 1852 | ||
1884 | static inline int security_sb_kern_mount(struct super_block *sb, void *data) | 1853 | static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
1885 | { | 1854 | { |
1886 | return 0; | 1855 | return 0; |
1887 | } | 1856 | } |
@@ -2177,7 +2146,8 @@ static inline int security_file_receive(struct file *file) | |||
2177 | return 0; | 2146 | return 0; |
2178 | } | 2147 | } |
2179 | 2148 | ||
2180 | static inline int security_dentry_open(struct file *file) | 2149 | static inline int security_dentry_open(struct file *file, |
2150 | const struct cred *cred) | ||
2181 | { | 2151 | { |
2182 | return 0; | 2152 | return 0; |
2183 | } | 2153 | } |
@@ -2187,13 +2157,31 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2187 | return 0; | 2157 | return 0; |
2188 | } | 2158 | } |
2189 | 2159 | ||
2190 | static inline int security_task_alloc(struct task_struct *p) | 2160 | static inline void security_cred_free(struct cred *cred) |
2161 | { } | ||
2162 | |||
2163 | static inline int security_prepare_creds(struct cred *new, | ||
2164 | const struct cred *old, | ||
2165 | gfp_t gfp) | ||
2191 | { | 2166 | { |
2192 | return 0; | 2167 | return 0; |
2193 | } | 2168 | } |
2194 | 2169 | ||
2195 | static inline void security_task_free(struct task_struct *p) | 2170 | static inline void security_commit_creds(struct cred *new, |
2196 | { } | 2171 | const struct cred *old) |
2172 | { | ||
2173 | } | ||
2174 | |||
2175 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) | ||
2176 | { | ||
2177 | return 0; | ||
2178 | } | ||
2179 | |||
2180 | static inline int security_kernel_create_files_as(struct cred *cred, | ||
2181 | struct inode *inode) | ||
2182 | { | ||
2183 | return 0; | ||
2184 | } | ||
2197 | 2185 | ||
2198 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2186 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |
2199 | int flags) | 2187 | int flags) |
@@ -2201,10 +2189,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |||
2201 | return 0; | 2189 | return 0; |
2202 | } | 2190 | } |
2203 | 2191 | ||
2204 | static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 2192 | static inline int security_task_fix_setuid(struct cred *new, |
2205 | uid_t old_suid, int flags) | 2193 | const struct cred *old, |
2194 | int flags) | ||
2206 | { | 2195 | { |
2207 | return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); | 2196 | return cap_task_fix_setuid(new, old, flags); |
2208 | } | 2197 | } |
2209 | 2198 | ||
2210 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | 2199 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, |
@@ -2291,14 +2280,9 @@ static inline int security_task_wait(struct task_struct *p) | |||
2291 | static inline int security_task_prctl(int option, unsigned long arg2, | 2280 | static inline int security_task_prctl(int option, unsigned long arg2, |
2292 | unsigned long arg3, | 2281 | unsigned long arg3, |
2293 | unsigned long arg4, | 2282 | unsigned long arg4, |
2294 | unsigned long arg5, long *rc_p) | 2283 | unsigned long arg5) |
2295 | { | ||
2296 | return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); | ||
2297 | } | ||
2298 | |||
2299 | static inline void security_task_reparent_to_init(struct task_struct *p) | ||
2300 | { | 2284 | { |
2301 | cap_task_reparent_to_init(p); | 2285 | return cap_task_prctl(option, arg2, arg3, arg3, arg5); |
2302 | } | 2286 | } |
2303 | 2287 | ||
2304 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) | 2288 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -2724,16 +2708,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi | |||
2724 | #ifdef CONFIG_KEYS | 2708 | #ifdef CONFIG_KEYS |
2725 | #ifdef CONFIG_SECURITY | 2709 | #ifdef CONFIG_SECURITY |
2726 | 2710 | ||
2727 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); | 2711 | int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); |
2728 | void security_key_free(struct key *key); | 2712 | void security_key_free(struct key *key); |
2729 | int security_key_permission(key_ref_t key_ref, | 2713 | int security_key_permission(key_ref_t key_ref, |
2730 | struct task_struct *context, key_perm_t perm); | 2714 | const struct cred *cred, key_perm_t perm); |
2731 | int security_key_getsecurity(struct key *key, char **_buffer); | 2715 | int security_key_getsecurity(struct key *key, char **_buffer); |
2732 | 2716 | ||
2733 | #else | 2717 | #else |
2734 | 2718 | ||
2735 | static inline int security_key_alloc(struct key *key, | 2719 | static inline int security_key_alloc(struct key *key, |
2736 | struct task_struct *tsk, | 2720 | const struct cred *cred, |
2737 | unsigned long flags) | 2721 | unsigned long flags) |
2738 | { | 2722 | { |
2739 | return 0; | 2723 | return 0; |
@@ -2744,7 +2728,7 @@ static inline void security_key_free(struct key *key) | |||
2744 | } | 2728 | } |
2745 | 2729 | ||
2746 | static inline int security_key_permission(key_ref_t key_ref, | 2730 | static inline int security_key_permission(key_ref_t key_ref, |
2747 | struct task_struct *context, | 2731 | const struct cred *cred, |
2748 | key_perm_t perm) | 2732 | key_perm_t perm) |
2749 | { | 2733 | { |
2750 | return 0; | 2734 | return 0; |
diff --git a/include/linux/tty.h b/include/linux/tty.h index 3b8121d4e36f..580700f20a1c 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h | |||
@@ -442,6 +442,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, | |||
442 | size_t size); | 442 | size_t size); |
443 | extern void tty_audit_exit(void); | 443 | extern void tty_audit_exit(void); |
444 | extern void tty_audit_fork(struct signal_struct *sig); | 444 | extern void tty_audit_fork(struct signal_struct *sig); |
445 | extern void tty_audit_tiocsti(struct tty_struct *tty, char ch); | ||
445 | extern void tty_audit_push(struct tty_struct *tty); | 446 | extern void tty_audit_push(struct tty_struct *tty); |
446 | extern void tty_audit_push_task(struct task_struct *tsk, | 447 | extern void tty_audit_push_task(struct task_struct *tsk, |
447 | uid_t loginuid, u32 sessionid); | 448 | uid_t loginuid, u32 sessionid); |
@@ -450,6 +451,9 @@ static inline void tty_audit_add_data(struct tty_struct *tty, | |||
450 | unsigned char *data, size_t size) | 451 | unsigned char *data, size_t size) |
451 | { | 452 | { |
452 | } | 453 | } |
454 | static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch) | ||
455 | { | ||
456 | } | ||
453 | static inline void tty_audit_exit(void) | 457 | static inline void tty_audit_exit(void) |
454 | { | 458 | { |
455 | } | 459 | } |
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index b5f41d4c2eec..315bcd375224 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h | |||
@@ -12,7 +12,7 @@ | |||
12 | struct user_namespace { | 12 | struct user_namespace { |
13 | struct kref kref; | 13 | struct kref kref; |
14 | struct hlist_head uidhash_table[UIDHASH_SZ]; | 14 | struct hlist_head uidhash_table[UIDHASH_SZ]; |
15 | struct user_struct *root_user; | 15 | struct user_struct *creator; |
16 | }; | 16 | }; |
17 | 17 | ||
18 | extern struct user_namespace init_user_ns; | 18 | extern struct user_namespace init_user_ns; |
@@ -26,8 +26,7 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |||
26 | return ns; | 26 | return ns; |
27 | } | 27 | } |
28 | 28 | ||
29 | extern struct user_namespace *copy_user_ns(int flags, | 29 | extern int create_user_ns(struct cred *new); |
30 | struct user_namespace *old_ns); | ||
31 | extern void free_user_ns(struct kref *kref); | 30 | extern void free_user_ns(struct kref *kref); |
32 | 31 | ||
33 | static inline void put_user_ns(struct user_namespace *ns) | 32 | static inline void put_user_ns(struct user_namespace *ns) |
@@ -43,13 +42,9 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |||
43 | return &init_user_ns; | 42 | return &init_user_ns; |
44 | } | 43 | } |
45 | 44 | ||
46 | static inline struct user_namespace *copy_user_ns(int flags, | 45 | static inline int create_user_ns(struct cred *new) |
47 | struct user_namespace *old_ns) | ||
48 | { | 46 | { |
49 | if (flags & CLONE_NEWUSER) | 47 | return -EINVAL; |
50 | return ERR_PTR(-EINVAL); | ||
51 | |||
52 | return old_ns; | ||
53 | } | 48 | } |
54 | 49 | ||
55 | static inline void put_user_ns(struct user_namespace *ns) | 50 | static inline void put_user_ns(struct user_namespace *ns) |