aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
committerJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
commitcbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (patch)
tree90d1093131d2a3543a8b3b1f3364e7c6f4081a93 /include/linux
parent4a6908a3a050aacc9c3a2f36b276b46c0629ad91 (diff)
parent74192246910ff4fb95309ba1a683215644beeb62 (diff)
Merge branch 'next' into for-linus
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/audit.h26
-rw-r--r--include/linux/binfmts.h16
-rw-r--r--include/linux/capability.h25
-rw-r--r--include/linux/cred.h342
-rw-r--r--include/linux/fs.h8
-rw-r--r--include/linux/init_task.h14
-rw-r--r--include/linux/key-ui.h66
-rw-r--r--include/linux/key.h32
-rw-r--r--include/linux/keyctl.h4
-rw-r--r--include/linux/nsproxy.h1
-rw-r--r--include/linux/sched.h65
-rw-r--r--include/linux/securebits.h2
-rw-r--r--include/linux/security.h344
-rw-r--r--include/linux/tty.h4
-rw-r--r--include/linux/user_namespace.h13
15 files changed, 581 insertions, 381 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8f0672d13eb1..26c4f6f65a46 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
99#define AUDIT_OBJ_PID 1318 /* ptrace target */ 99#define AUDIT_OBJ_PID 1318 /* ptrace target */
100#define AUDIT_TTY 1319 /* Input on an administrative TTY */ 100#define AUDIT_TTY 1319 /* Input on an administrative TTY */
101#define AUDIT_EOE 1320 /* End of multi-record event */ 101#define AUDIT_EOE 1320 /* End of multi-record event */
102#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
103#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
102 104
103#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 105#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
104#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 106#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -453,6 +455,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr
453extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); 455extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout);
454extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); 456extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
455extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 457extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
458extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
459 const struct cred *new,
460 const struct cred *old);
461extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
456 462
457static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) 463static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
458{ 464{
@@ -502,6 +508,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
502 return __audit_mq_getsetattr(mqdes, mqstat); 508 return __audit_mq_getsetattr(mqdes, mqstat);
503 return 0; 509 return 0;
504} 510}
511
512static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
513 const struct cred *new,
514 const struct cred *old)
515{
516 if (unlikely(!audit_dummy_context()))
517 return __audit_log_bprm_fcaps(bprm, new, old);
518 return 0;
519}
520
521static inline int audit_log_capset(pid_t pid, const struct cred *new,
522 const struct cred *old)
523{
524 if (unlikely(!audit_dummy_context()))
525 return __audit_log_capset(pid, new, old);
526 return 0;
527}
528
505extern int audit_n_rules; 529extern int audit_n_rules;
506extern int audit_signals; 530extern int audit_signals;
507#else 531#else
@@ -534,6 +558,8 @@ extern int audit_signals;
534#define audit_mq_timedreceive(d,l,p,t) ({ 0; }) 558#define audit_mq_timedreceive(d,l,p,t) ({ 0; })
535#define audit_mq_notify(d,n) ({ 0; }) 559#define audit_mq_notify(d,n) ({ 0; })
536#define audit_mq_getsetattr(d,s) ({ 0; }) 560#define audit_mq_getsetattr(d,s) ({ 0; })
561#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
562#define audit_log_capset(pid, ncr, ocr) ({ 0; })
537#define audit_ptrace(t) ((void)0) 563#define audit_ptrace(t) ((void)0)
538#define audit_n_rules 0 564#define audit_n_rules 0
539#define audit_signals 0 565#define audit_signals 0
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 7394b5b349ff..6cbfbe297180 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -35,16 +35,20 @@ struct linux_binprm{
35 struct mm_struct *mm; 35 struct mm_struct *mm;
36 unsigned long p; /* current top of mem */ 36 unsigned long p; /* current top of mem */
37 unsigned int sh_bang:1, 37 unsigned int sh_bang:1,
38 misc_bang:1; 38 misc_bang:1,
39 cred_prepared:1,/* true if creds already prepared (multiple
40 * preps happen for interpreters) */
41 cap_effective:1;/* true if has elevated effective capabilities,
42 * false if not; except for init which inherits
43 * its parent's caps anyway */
39#ifdef __alpha__ 44#ifdef __alpha__
40 unsigned int taso:1; 45 unsigned int taso:1;
41#endif 46#endif
42 unsigned int recursion_depth; 47 unsigned int recursion_depth;
43 struct file * file; 48 struct file * file;
44 int e_uid, e_gid; 49 struct cred *cred; /* new credentials */
45 kernel_cap_t cap_post_exec_permitted; 50 int unsafe; /* how unsafe this exec is (mask of LSM_UNSAFE_*) */
46 bool cap_effective; 51 unsigned int per_clear; /* bits to clear in current->personality */
47 void *security;
48 int argc, envc; 52 int argc, envc;
49 char * filename; /* Name of binary as seen by procps */ 53 char * filename; /* Name of binary as seen by procps */
50 char * interp; /* Name of the binary really executed. Most 54 char * interp; /* Name of the binary really executed. Most
@@ -101,7 +105,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm,
101 int executable_stack); 105 int executable_stack);
102extern int bprm_mm_init(struct linux_binprm *bprm); 106extern int bprm_mm_init(struct linux_binprm *bprm);
103extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); 107extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm);
104extern void compute_creds(struct linux_binprm *binprm); 108extern void install_exec_creds(struct linux_binprm *bprm);
105extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); 109extern int do_coredump(long signr, int exit_code, struct pt_regs * regs);
106extern int set_binfmt(struct linux_binfmt *new); 110extern int set_binfmt(struct linux_binfmt *new);
107extern void free_bprm(struct linux_binprm *); 111extern void free_bprm(struct linux_binprm *);
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 9d1fe30b6f6c..e22f48c2a46f 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -53,6 +53,7 @@ typedef struct __user_cap_data_struct {
53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX 53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
54 54
55#define VFS_CAP_REVISION_MASK 0xFF000000 55#define VFS_CAP_REVISION_MASK 0xFF000000
56#define VFS_CAP_REVISION_SHIFT 24
56#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 57#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
57#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 58#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
58 59
@@ -68,6 +69,9 @@ typedef struct __user_cap_data_struct {
68#define VFS_CAP_U32 VFS_CAP_U32_2 69#define VFS_CAP_U32 VFS_CAP_U32_2
69#define VFS_CAP_REVISION VFS_CAP_REVISION_2 70#define VFS_CAP_REVISION VFS_CAP_REVISION_2
70 71
72#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
73extern int file_caps_enabled;
74#endif
71 75
72struct vfs_cap_data { 76struct vfs_cap_data {
73 __le32 magic_etc; /* Little endian */ 77 __le32 magic_etc; /* Little endian */
@@ -96,6 +100,13 @@ typedef struct kernel_cap_struct {
96 __u32 cap[_KERNEL_CAPABILITY_U32S]; 100 __u32 cap[_KERNEL_CAPABILITY_U32S];
97} kernel_cap_t; 101} kernel_cap_t;
98 102
103/* exact same as vfs_cap_data but in cpu endian and always filled completely */
104struct cpu_vfs_cap_data {
105 __u32 magic_etc;
106 kernel_cap_t permitted;
107 kernel_cap_t inheritable;
108};
109
99#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) 110#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
100#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 111#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
101 112
@@ -454,6 +465,13 @@ static inline int cap_isclear(const kernel_cap_t a)
454 return 1; 465 return 1;
455} 466}
456 467
468/*
469 * Check if "a" is a subset of "set".
470 * return 1 if ALL of the capabilities in "a" are also in "set"
471 * cap_issubset(0101, 1111) will return 1
472 * return 0 if ANY of the capabilities in "a" are not in "set"
473 * cap_issubset(1111, 0101) will return 0
474 */
457static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) 475static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
458{ 476{
459 kernel_cap_t dest; 477 kernel_cap_t dest;
@@ -501,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set;
501extern const kernel_cap_t __cap_full_set; 519extern const kernel_cap_t __cap_full_set;
502extern const kernel_cap_t __cap_init_eff_set; 520extern const kernel_cap_t __cap_init_eff_set;
503 521
504kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
505
506/** 522/**
507 * has_capability - Determine if a task has a superior capability available 523 * has_capability - Determine if a task has a superior capability available
508 * @t: The task in question 524 * @t: The task in question
@@ -514,9 +530,14 @@ kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
514 * Note that this does not set PF_SUPERPRIV on the task. 530 * Note that this does not set PF_SUPERPRIV on the task.
515 */ 531 */
516#define has_capability(t, cap) (security_capable((t), (cap)) == 0) 532#define has_capability(t, cap) (security_capable((t), (cap)) == 0)
533#define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0)
517 534
518extern int capable(int cap); 535extern int capable(int cap);
519 536
537/* audit system wants to get cap info from files as well */
538struct dentry;
539extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
540
520#endif /* __KERNEL__ */ 541#endif /* __KERNEL__ */
521 542
522#endif /* !_LINUX_CAPABILITY_H */ 543#endif /* !_LINUX_CAPABILITY_H */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b69222cc1fd2..3282ee4318e7 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -1,4 +1,4 @@
1/* Credentials management 1/* Credentials management - see Documentation/credentials.txt
2 * 2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -12,39 +12,335 @@
12#ifndef _LINUX_CRED_H 12#ifndef _LINUX_CRED_H
13#define _LINUX_CRED_H 13#define _LINUX_CRED_H
14 14
15#define get_current_user() (get_uid(current->user)) 15#include <linux/capability.h>
16#include <linux/key.h>
17#include <asm/atomic.h>
16 18
17#define task_uid(task) ((task)->uid) 19struct user_struct;
18#define task_gid(task) ((task)->gid) 20struct cred;
19#define task_euid(task) ((task)->euid) 21struct inode;
20#define task_egid(task) ((task)->egid)
21 22
22#define current_uid() (current->uid) 23/*
23#define current_gid() (current->gid) 24 * COW Supplementary groups list
24#define current_euid() (current->euid) 25 */
25#define current_egid() (current->egid) 26#define NGROUPS_SMALL 32
26#define current_suid() (current->suid) 27#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
27#define current_sgid() (current->sgid) 28
28#define current_fsuid() (current->fsuid) 29struct group_info {
29#define current_fsgid() (current->fsgid) 30 atomic_t usage;
30#define current_cap() (current->cap_effective) 31 int ngroups;
32 int nblocks;
33 gid_t small_block[NGROUPS_SMALL];
34 gid_t *blocks[0];
35};
36
37/**
38 * get_group_info - Get a reference to a group info structure
39 * @group_info: The group info to reference
40 *
41 * This gets a reference to a set of supplementary groups.
42 *
43 * If the caller is accessing a task's credentials, they must hold the RCU read
44 * lock when reading.
45 */
46static inline struct group_info *get_group_info(struct group_info *gi)
47{
48 atomic_inc(&gi->usage);
49 return gi;
50}
51
52/**
53 * put_group_info - Release a reference to a group info structure
54 * @group_info: The group info to release
55 */
56#define put_group_info(group_info) \
57do { \
58 if (atomic_dec_and_test(&(group_info)->usage)) \
59 groups_free(group_info); \
60} while (0)
61
62extern struct group_info *groups_alloc(int);
63extern struct group_info init_groups;
64extern void groups_free(struct group_info *);
65extern int set_current_groups(struct group_info *);
66extern int set_groups(struct cred *, struct group_info *);
67extern int groups_search(const struct group_info *, gid_t);
68
69/* access the groups "array" with this macro */
70#define GROUP_AT(gi, i) \
71 ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])
72
73extern int in_group_p(gid_t);
74extern int in_egroup_p(gid_t);
75
76/*
77 * The common credentials for a thread group
78 * - shared by CLONE_THREAD
79 */
80#ifdef CONFIG_KEYS
81struct thread_group_cred {
82 atomic_t usage;
83 pid_t tgid; /* thread group process ID */
84 spinlock_t lock;
85 struct key *session_keyring; /* keyring inherited over fork */
86 struct key *process_keyring; /* keyring private to this process */
87 struct rcu_head rcu; /* RCU deletion hook */
88};
89#endif
90
91/*
92 * The security context of a task
93 *
94 * The parts of the context break down into two categories:
95 *
96 * (1) The objective context of a task. These parts are used when some other
97 * task is attempting to affect this one.
98 *
99 * (2) The subjective context. These details are used when the task is acting
100 * upon another object, be that a file, a task, a key or whatever.
101 *
102 * Note that some members of this structure belong to both categories - the
103 * LSM security pointer for instance.
104 *
105 * A task has two security pointers. task->real_cred points to the objective
106 * context that defines that task's actual details. The objective part of this
107 * context is used whenever that task is acted upon.
108 *
109 * task->cred points to the subjective context that defines the details of how
110 * that task is going to act upon another object. This may be overridden
111 * temporarily to point to another security context, but normally points to the
112 * same context as task->real_cred.
113 */
114struct cred {
115 atomic_t usage;
116 uid_t uid; /* real UID of the task */
117 gid_t gid; /* real GID of the task */
118 uid_t suid; /* saved UID of the task */
119 gid_t sgid; /* saved GID of the task */
120 uid_t euid; /* effective UID of the task */
121 gid_t egid; /* effective GID of the task */
122 uid_t fsuid; /* UID for VFS ops */
123 gid_t fsgid; /* GID for VFS ops */
124 unsigned securebits; /* SUID-less security management */
125 kernel_cap_t cap_inheritable; /* caps our children can inherit */
126 kernel_cap_t cap_permitted; /* caps we're permitted */
127 kernel_cap_t cap_effective; /* caps we can actually use */
128 kernel_cap_t cap_bset; /* capability bounding set */
129#ifdef CONFIG_KEYS
130 unsigned char jit_keyring; /* default keyring to attach requested
131 * keys to */
132 struct key *thread_keyring; /* keyring private to this thread */
133 struct key *request_key_auth; /* assumed request_key authority */
134 struct thread_group_cred *tgcred; /* thread-group shared credentials */
135#endif
136#ifdef CONFIG_SECURITY
137 void *security; /* subjective LSM security */
138#endif
139 struct user_struct *user; /* real user ID subscription */
140 struct group_info *group_info; /* supplementary groups for euid/fsgid */
141 struct rcu_head rcu; /* RCU deletion hook */
142};
143
144extern void __put_cred(struct cred *);
145extern int copy_creds(struct task_struct *, unsigned long);
146extern struct cred *prepare_creds(void);
147extern struct cred *prepare_exec_creds(void);
148extern struct cred *prepare_usermodehelper_creds(void);
149extern int commit_creds(struct cred *);
150extern void abort_creds(struct cred *);
151extern const struct cred *override_creds(const struct cred *);
152extern void revert_creds(const struct cred *);
153extern struct cred *prepare_kernel_cred(struct task_struct *);
154extern int change_create_files_as(struct cred *, struct inode *);
155extern int set_security_override(struct cred *, u32);
156extern int set_security_override_from_ctx(struct cred *, const char *);
157extern int set_create_files_as(struct cred *, struct inode *);
158extern void __init cred_init(void);
159
160/**
161 * get_new_cred - Get a reference on a new set of credentials
162 * @cred: The new credentials to reference
163 *
164 * Get a reference on the specified set of new credentials. The caller must
165 * release the reference.
166 */
167static inline struct cred *get_new_cred(struct cred *cred)
168{
169 atomic_inc(&cred->usage);
170 return cred;
171}
172
173/**
174 * get_cred - Get a reference on a set of credentials
175 * @cred: The credentials to reference
176 *
177 * Get a reference on the specified set of credentials. The caller must
178 * release the reference.
179 *
180 * This is used to deal with a committed set of credentials. Although the
181 * pointer is const, this will temporarily discard the const and increment the
182 * usage count. The purpose of this is to attempt to catch at compile time the
183 * accidental alteration of a set of credentials that should be considered
184 * immutable.
185 */
186static inline const struct cred *get_cred(const struct cred *cred)
187{
188 return get_new_cred((struct cred *) cred);
189}
190
191/**
192 * put_cred - Release a reference to a set of credentials
193 * @cred: The credentials to release
194 *
195 * Release a reference to a set of credentials, deleting them when the last ref
196 * is released.
197 *
198 * This takes a const pointer to a set of credentials because the credentials
199 * on task_struct are attached by const pointers to prevent accidental
200 * alteration of otherwise immutable credential sets.
201 */
202static inline void put_cred(const struct cred *_cred)
203{
204 struct cred *cred = (struct cred *) _cred;
205
206 BUG_ON(atomic_read(&(cred)->usage) <= 0);
207 if (atomic_dec_and_test(&(cred)->usage))
208 __put_cred(cred);
209}
210
211/**
212 * current_cred - Access the current task's subjective credentials
213 *
214 * Access the subjective credentials of the current task.
215 */
216#define current_cred() \
217 (current->cred)
218
219/**
220 * __task_cred - Access a task's objective credentials
221 * @task: The task to query
222 *
223 * Access the objective credentials of a task. The caller must hold the RCU
224 * readlock.
225 *
226 * The caller must make sure task doesn't go away, either by holding a ref on
227 * task or by holding tasklist_lock to prevent it from being unlinked.
228 */
229#define __task_cred(task) \
230 ((const struct cred *)(rcu_dereference((task)->real_cred)))
231
232/**
233 * get_task_cred - Get another task's objective credentials
234 * @task: The task to query
235 *
236 * Get the objective credentials of a task, pinning them so that they can't go
237 * away. Accessing a task's credentials directly is not permitted.
238 *
239 * The caller must make sure task doesn't go away, either by holding a ref on
240 * task or by holding tasklist_lock to prevent it from being unlinked.
241 */
242#define get_task_cred(task) \
243({ \
244 struct cred *__cred; \
245 rcu_read_lock(); \
246 __cred = (struct cred *) __task_cred((task)); \
247 get_cred(__cred); \
248 rcu_read_unlock(); \
249 __cred; \
250})
251
252/**
253 * get_current_cred - Get the current task's subjective credentials
254 *
255 * Get the subjective credentials of the current task, pinning them so that
256 * they can't go away. Accessing the current task's credentials directly is
257 * not permitted.
258 */
259#define get_current_cred() \
260 (get_cred(current_cred()))
261
262/**
263 * get_current_user - Get the current task's user_struct
264 *
265 * Get the user record of the current task, pinning it so that it can't go
266 * away.
267 */
268#define get_current_user() \
269({ \
270 struct user_struct *__u; \
271 struct cred *__cred; \
272 __cred = (struct cred *) current_cred(); \
273 __u = get_uid(__cred->user); \
274 __u; \
275})
276
277/**
278 * get_current_groups - Get the current task's supplementary group list
279 *
280 * Get the supplementary group list of the current task, pinning it so that it
281 * can't go away.
282 */
283#define get_current_groups() \
284({ \
285 struct group_info *__groups; \
286 struct cred *__cred; \
287 __cred = (struct cred *) current_cred(); \
288 __groups = get_group_info(__cred->group_info); \
289 __groups; \
290})
291
292#define task_cred_xxx(task, xxx) \
293({ \
294 __typeof__(((struct cred *)NULL)->xxx) ___val; \
295 rcu_read_lock(); \
296 ___val = __task_cred((task))->xxx; \
297 rcu_read_unlock(); \
298 ___val; \
299})
300
301#define task_uid(task) (task_cred_xxx((task), uid))
302#define task_euid(task) (task_cred_xxx((task), euid))
303
304#define current_cred_xxx(xxx) \
305({ \
306 current->cred->xxx; \
307})
308
309#define current_uid() (current_cred_xxx(uid))
310#define current_gid() (current_cred_xxx(gid))
311#define current_euid() (current_cred_xxx(euid))
312#define current_egid() (current_cred_xxx(egid))
313#define current_suid() (current_cred_xxx(suid))
314#define current_sgid() (current_cred_xxx(sgid))
315#define current_fsuid() (current_cred_xxx(fsuid))
316#define current_fsgid() (current_cred_xxx(fsgid))
317#define current_cap() (current_cred_xxx(cap_effective))
318#define current_user() (current_cred_xxx(user))
319#define current_user_ns() (current_cred_xxx(user)->user_ns)
320#define current_security() (current_cred_xxx(security))
31 321
32#define current_uid_gid(_uid, _gid) \ 322#define current_uid_gid(_uid, _gid) \
33do { \ 323do { \
34 *(_uid) = current->uid; \ 324 const struct cred *__cred; \
35 *(_gid) = current->gid; \ 325 __cred = current_cred(); \
326 *(_uid) = __cred->uid; \
327 *(_gid) = __cred->gid; \
36} while(0) 328} while(0)
37 329
38#define current_euid_egid(_uid, _gid) \ 330#define current_euid_egid(_euid, _egid) \
39do { \ 331do { \
40 *(_uid) = current->euid; \ 332 const struct cred *__cred; \
41 *(_gid) = current->egid; \ 333 __cred = current_cred(); \
334 *(_euid) = __cred->euid; \
335 *(_egid) = __cred->egid; \
42} while(0) 336} while(0)
43 337
44#define current_fsuid_fsgid(_uid, _gid) \ 338#define current_fsuid_fsgid(_fsuid, _fsgid) \
45do { \ 339do { \
46 *(_uid) = current->fsuid; \ 340 const struct cred *__cred; \
47 *(_gid) = current->fsgid; \ 341 __cred = current_cred(); \
342 *(_fsuid) = __cred->fsuid; \
343 *(_fsgid) = __cred->fsgid; \
48} while(0) 344} while(0)
49 345
50#endif /* _LINUX_CRED_H */ 346#endif /* _LINUX_CRED_H */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 4a853ef6fd35..195a8cb2a749 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -316,6 +316,7 @@ struct poll_table_struct;
316struct kstatfs; 316struct kstatfs;
317struct vm_area_struct; 317struct vm_area_struct;
318struct vfsmount; 318struct vfsmount;
319struct cred;
319 320
320extern void __init inode_init(void); 321extern void __init inode_init(void);
321extern void __init inode_init_early(void); 322extern void __init inode_init_early(void);
@@ -827,7 +828,7 @@ struct file {
827 fmode_t f_mode; 828 fmode_t f_mode;
828 loff_t f_pos; 829 loff_t f_pos;
829 struct fown_struct f_owner; 830 struct fown_struct f_owner;
830 unsigned int f_uid, f_gid; 831 const struct cred *f_cred;
831 struct file_ra_state f_ra; 832 struct file_ra_state f_ra;
832 833
833 u64 f_version; 834 u64 f_version;
@@ -1194,7 +1195,7 @@ enum {
1194#define has_fs_excl() atomic_read(&current->fs_excl) 1195#define has_fs_excl() atomic_read(&current->fs_excl)
1195 1196
1196#define is_owner_or_cap(inode) \ 1197#define is_owner_or_cap(inode) \
1197 ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) 1198 ((current_fsuid() == (inode)->i_uid) || capable(CAP_FOWNER))
1198 1199
1199/* not quite ready to be deprecated, but... */ 1200/* not quite ready to be deprecated, but... */
1200extern void lock_super(struct super_block *); 1201extern void lock_super(struct super_block *);
@@ -1674,7 +1675,8 @@ extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
1674extern long do_sys_open(int dfd, const char __user *filename, int flags, 1675extern long do_sys_open(int dfd, const char __user *filename, int flags,
1675 int mode); 1676 int mode);
1676extern struct file *filp_open(const char *, int, int); 1677extern struct file *filp_open(const char *, int, int);
1677extern struct file * dentry_open(struct dentry *, struct vfsmount *, int); 1678extern struct file * dentry_open(struct dentry *, struct vfsmount *, int,
1679 const struct cred *);
1678extern int filp_close(struct file *, fl_owner_t id); 1680extern int filp_close(struct file *, fl_owner_t id);
1679extern char * getname(const char __user *); 1681extern char * getname(const char __user *);
1680 1682
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 23fd8909b9e5..959f5522d10a 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy;
57 .mnt_ns = NULL, \ 57 .mnt_ns = NULL, \
58 INIT_NET_NS(net_ns) \ 58 INIT_NET_NS(net_ns) \
59 INIT_IPC_NS(ipc_ns) \ 59 INIT_IPC_NS(ipc_ns) \
60 .user_ns = &init_user_ns, \
61} 60}
62 61
63#define INIT_SIGHAND(sighand) { \ 62#define INIT_SIGHAND(sighand) { \
@@ -113,6 +112,8 @@ extern struct group_info init_groups;
113# define CAP_INIT_BSET CAP_INIT_EFF_SET 112# define CAP_INIT_BSET CAP_INIT_EFF_SET
114#endif 113#endif
115 114
115extern struct cred init_cred;
116
116/* 117/*
117 * INIT_TASK is used to set up the first task table, touch at 118 * INIT_TASK is used to set up the first task table, touch at
118 * your own risk!. Base=0, limit=0x1fffff (=2MB) 119 * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -147,13 +148,10 @@ extern struct group_info init_groups;
147 .children = LIST_HEAD_INIT(tsk.children), \ 148 .children = LIST_HEAD_INIT(tsk.children), \
148 .sibling = LIST_HEAD_INIT(tsk.sibling), \ 149 .sibling = LIST_HEAD_INIT(tsk.sibling), \
149 .group_leader = &tsk, \ 150 .group_leader = &tsk, \
150 .group_info = &init_groups, \ 151 .real_cred = &init_cred, \
151 .cap_effective = CAP_INIT_EFF_SET, \ 152 .cred = &init_cred, \
152 .cap_inheritable = CAP_INIT_INH_SET, \ 153 .cred_exec_mutex = \
153 .cap_permitted = CAP_FULL_SET, \ 154 __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \
154 .cap_bset = CAP_INIT_BSET, \
155 .securebits = SECUREBITS_DEFAULT, \
156 .user = INIT_USER, \
157 .comm = "swapper", \ 155 .comm = "swapper", \
158 .thread = INIT_THREAD, \ 156 .thread = INIT_THREAD, \
159 .fs = &init_fs, \ 157 .fs = &init_fs, \
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
deleted file mode 100644
index e8b8a7a5c496..000000000000
--- a/include/linux/key-ui.h
+++ /dev/null
@@ -1,66 +0,0 @@
1/* key-ui.h: key userspace interface stuff
2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_KEY_UI_H
13#define _LINUX_KEY_UI_H
14
15#include <linux/key.h>
16
17/* the key tree */
18extern struct rb_root key_serial_tree;
19extern spinlock_t key_serial_lock;
20
21/* required permissions */
22#define KEY_VIEW 0x01 /* require permission to view attributes */
23#define KEY_READ 0x02 /* require permission to read content */
24#define KEY_WRITE 0x04 /* require permission to update / modify */
25#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
26#define KEY_LINK 0x10 /* require permission to link */
27#define KEY_SETATTR 0x20 /* require permission to change attributes */
28#define KEY_ALL 0x3f /* all the above permissions */
29
30/*
31 * the keyring payload contains a list of the keys to which the keyring is
32 * subscribed
33 */
34struct keyring_list {
35 struct rcu_head rcu; /* RCU deletion hook */
36 unsigned short maxkeys; /* max keys this list can hold */
37 unsigned short nkeys; /* number of keys currently held */
38 unsigned short delkey; /* key to be unlinked by RCU */
39 struct key *keys[0];
40};
41
42/*
43 * check to see whether permission is granted to use a key in the desired way
44 */
45extern int key_task_permission(const key_ref_t key_ref,
46 struct task_struct *context,
47 key_perm_t perm);
48
49static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
50{
51 return key_task_permission(key_ref, current, perm);
52}
53
54extern key_ref_t lookup_user_key(struct task_struct *context,
55 key_serial_t id, int create, int partial,
56 key_perm_t perm);
57
58extern long join_session_keyring(const char *name);
59
60extern struct key_type *key_type_lookup(const char *type);
61extern void key_type_put(struct key_type *ktype);
62
63#define key_negative_timeout 60 /* default timeout on a negative key's existence */
64
65
66#endif /* _LINUX_KEY_UI_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index 1b70e35a71e3..21d32a142c00 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -73,6 +73,7 @@ struct key;
73struct seq_file; 73struct seq_file;
74struct user_struct; 74struct user_struct;
75struct signal_struct; 75struct signal_struct;
76struct cred;
76 77
77struct key_type; 78struct key_type;
78struct key_owner; 79struct key_owner;
@@ -181,7 +182,7 @@ struct key {
181extern struct key *key_alloc(struct key_type *type, 182extern struct key *key_alloc(struct key_type *type,
182 const char *desc, 183 const char *desc,
183 uid_t uid, gid_t gid, 184 uid_t uid, gid_t gid,
184 struct task_struct *ctx, 185 const struct cred *cred,
185 key_perm_t perm, 186 key_perm_t perm,
186 unsigned long flags); 187 unsigned long flags);
187 188
@@ -249,7 +250,7 @@ extern int key_unlink(struct key *keyring,
249 struct key *key); 250 struct key *key);
250 251
251extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 252extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
252 struct task_struct *ctx, 253 const struct cred *cred,
253 unsigned long flags, 254 unsigned long flags,
254 struct key *dest); 255 struct key *dest);
255 256
@@ -276,24 +277,11 @@ extern ctl_table key_sysctls[];
276/* 277/*
277 * the userspace interface 278 * the userspace interface
278 */ 279 */
279extern void switch_uid_keyring(struct user_struct *new_user); 280extern int install_thread_keyring_to_cred(struct cred *cred);
280extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
281extern int copy_thread_group_keys(struct task_struct *tsk);
282extern void exit_keys(struct task_struct *tsk);
283extern void exit_thread_group_keys(struct signal_struct *tg);
284extern int suid_keys(struct task_struct *tsk);
285extern int exec_keys(struct task_struct *tsk);
286extern void key_fsuid_changed(struct task_struct *tsk); 281extern void key_fsuid_changed(struct task_struct *tsk);
287extern void key_fsgid_changed(struct task_struct *tsk); 282extern void key_fsgid_changed(struct task_struct *tsk);
288extern void key_init(void); 283extern void key_init(void);
289 284
290#define __install_session_keyring(tsk, keyring) \
291({ \
292 struct key *old_session = tsk->signal->session_keyring; \
293 tsk->signal->session_keyring = keyring; \
294 old_session; \
295})
296
297#else /* CONFIG_KEYS */ 285#else /* CONFIG_KEYS */
298 286
299#define key_validate(k) 0 287#define key_validate(k) 0
@@ -302,17 +290,9 @@ extern void key_init(void);
302#define key_revoke(k) do { } while(0) 290#define key_revoke(k) do { } while(0)
303#define key_put(k) do { } while(0) 291#define key_put(k) do { } while(0)
304#define key_ref_put(k) do { } while(0) 292#define key_ref_put(k) do { } while(0)
305#define make_key_ref(k, p) ({ NULL; }) 293#define make_key_ref(k, p) NULL
306#define key_ref_to_ptr(k) ({ NULL; }) 294#define key_ref_to_ptr(k) NULL
307#define is_key_possessed(k) 0 295#define is_key_possessed(k) 0
308#define switch_uid_keyring(u) do { } while(0)
309#define __install_session_keyring(t, k) ({ NULL; })
310#define copy_keys(f,t) 0
311#define copy_thread_group_keys(t) 0
312#define exit_keys(t) do { } while(0)
313#define exit_thread_group_keys(tg) do { } while(0)
314#define suid_keys(t) do { } while(0)
315#define exec_keys(t) do { } while(0)
316#define key_fsuid_changed(t) do { } while(0) 296#define key_fsuid_changed(t) do { } while(0)
317#define key_fsgid_changed(t) do { } while(0) 297#define key_fsgid_changed(t) do { } while(0)
318#define key_init() do { } while(0) 298#define key_init() do { } while(0)
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 656ee6b77a4a..c0688eb72093 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -1,6 +1,6 @@
1/* keyctl.h: keyctl command IDs 1/* keyctl.h: keyctl command IDs
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -20,6 +20,7 @@
20#define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ 20#define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */
21#define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ 21#define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */
22#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ 22#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */
23#define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */
23 24
24/* request-key default keyrings */ 25/* request-key default keyrings */
25#define KEY_REQKEY_DEFL_NO_CHANGE -1 26#define KEY_REQKEY_DEFL_NO_CHANGE -1
@@ -30,6 +31,7 @@
30#define KEY_REQKEY_DEFL_USER_KEYRING 4 31#define KEY_REQKEY_DEFL_USER_KEYRING 4
31#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 32#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5
32#define KEY_REQKEY_DEFL_GROUP_KEYRING 6 33#define KEY_REQKEY_DEFL_GROUP_KEYRING 6
34#define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7
33 35
34/* keyctl commands */ 36/* keyctl commands */
35#define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ 37#define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
index c8a768e59640..afad7dec1b36 100644
--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -27,7 +27,6 @@ struct nsproxy {
27 struct ipc_namespace *ipc_ns; 27 struct ipc_namespace *ipc_ns;
28 struct mnt_namespace *mnt_ns; 28 struct mnt_namespace *mnt_ns;
29 struct pid_namespace *pid_ns; 29 struct pid_namespace *pid_ns;
30 struct user_namespace *user_ns;
31 struct net *net_ns; 30 struct net *net_ns;
32}; 31};
33extern struct nsproxy init_nsproxy; 32extern struct nsproxy init_nsproxy;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 55e30d114477..9624e2cfc2dc 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -572,12 +572,6 @@ struct signal_struct {
572 */ 572 */
573 struct rlimit rlim[RLIM_NLIMITS]; 573 struct rlimit rlim[RLIM_NLIMITS];
574 574
575 /* keep the process-shared keyrings here so that they do the right
576 * thing in threads created with CLONE_THREAD */
577#ifdef CONFIG_KEYS
578 struct key *session_keyring; /* keyring inherited over fork */
579 struct key *process_keyring; /* keyring private to this process */
580#endif
581#ifdef CONFIG_BSD_PROCESS_ACCT 575#ifdef CONFIG_BSD_PROCESS_ACCT
582 struct pacct_struct pacct; /* per-process accounting information */ 576 struct pacct_struct pacct; /* per-process accounting information */
583#endif 577#endif
@@ -648,6 +642,7 @@ struct user_struct {
648 /* Hash table maintenance information */ 642 /* Hash table maintenance information */
649 struct hlist_node uidhash_node; 643 struct hlist_node uidhash_node;
650 uid_t uid; 644 uid_t uid;
645 struct user_namespace *user_ns;
651 646
652#ifdef CONFIG_USER_SCHED 647#ifdef CONFIG_USER_SCHED
653 struct task_group *tg; 648 struct task_group *tg;
@@ -665,6 +660,7 @@ extern struct user_struct *find_user(uid_t);
665extern struct user_struct root_user; 660extern struct user_struct root_user;
666#define INIT_USER (&root_user) 661#define INIT_USER (&root_user)
667 662
663
668struct backing_dev_info; 664struct backing_dev_info;
669struct reclaim_state; 665struct reclaim_state;
670 666
@@ -888,38 +884,7 @@ partition_sched_domains(int ndoms_new, cpumask_t *doms_new,
888#endif /* !CONFIG_SMP */ 884#endif /* !CONFIG_SMP */
889 885
890struct io_context; /* See blkdev.h */ 886struct io_context; /* See blkdev.h */
891#define NGROUPS_SMALL 32
892#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
893struct group_info {
894 int ngroups;
895 atomic_t usage;
896 gid_t small_block[NGROUPS_SMALL];
897 int nblocks;
898 gid_t *blocks[0];
899};
900 887
901/*
902 * get_group_info() must be called with the owning task locked (via task_lock())
903 * when task != current. The reason being that the vast majority of callers are
904 * looking at current->group_info, which can not be changed except by the
905 * current task. Changing current->group_info requires the task lock, too.
906 */
907#define get_group_info(group_info) do { \
908 atomic_inc(&(group_info)->usage); \
909} while (0)
910
911#define put_group_info(group_info) do { \
912 if (atomic_dec_and_test(&(group_info)->usage)) \
913 groups_free(group_info); \
914} while (0)
915
916extern struct group_info *groups_alloc(int gidsetsize);
917extern void groups_free(struct group_info *group_info);
918extern int set_current_groups(struct group_info *group_info);
919extern int groups_search(struct group_info *group_info, gid_t grp);
920/* access the groups "array" with this macro */
921#define GROUP_AT(gi, i) \
922 ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK])
923 888
924#ifdef ARCH_HAS_PREFETCH_SWITCH_STACK 889#ifdef ARCH_HAS_PREFETCH_SWITCH_STACK
925extern void prefetch_stack(struct task_struct *t); 890extern void prefetch_stack(struct task_struct *t);
@@ -1186,17 +1151,12 @@ struct task_struct {
1186 struct list_head cpu_timers[3]; 1151 struct list_head cpu_timers[3];
1187 1152
1188/* process credentials */ 1153/* process credentials */
1189 uid_t uid,euid,suid,fsuid; 1154 const struct cred *real_cred; /* objective and real subjective task
1190 gid_t gid,egid,sgid,fsgid; 1155 * credentials (COW) */
1191 struct group_info *group_info; 1156 const struct cred *cred; /* effective (overridable) subjective task
1192 kernel_cap_t cap_effective, cap_inheritable, cap_permitted, cap_bset; 1157 * credentials (COW) */
1193 struct user_struct *user; 1158 struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */
1194 unsigned securebits; 1159
1195#ifdef CONFIG_KEYS
1196 unsigned char jit_keyring; /* default keyring to attach requested keys to */
1197 struct key *request_key_auth; /* assumed request_key authority */
1198 struct key *thread_keyring; /* keyring private to this thread */
1199#endif
1200 char comm[TASK_COMM_LEN]; /* executable name excluding path 1160 char comm[TASK_COMM_LEN]; /* executable name excluding path
1201 - access with [gs]et_task_comm (which lock 1161 - access with [gs]et_task_comm (which lock
1202 it with task_lock()) 1162 it with task_lock())
@@ -1233,9 +1193,6 @@ struct task_struct {
1233 int (*notifier)(void *priv); 1193 int (*notifier)(void *priv);
1234 void *notifier_data; 1194 void *notifier_data;
1235 sigset_t *notifier_mask; 1195 sigset_t *notifier_mask;
1236#ifdef CONFIG_SECURITY
1237 void *security;
1238#endif
1239 struct audit_context *audit_context; 1196 struct audit_context *audit_context;
1240#ifdef CONFIG_AUDITSYSCALL 1197#ifdef CONFIG_AUDITSYSCALL
1241 uid_t loginuid; 1198 uid_t loginuid;
@@ -1775,7 +1732,6 @@ static inline struct user_struct *get_uid(struct user_struct *u)
1775 return u; 1732 return u;
1776} 1733}
1777extern void free_uid(struct user_struct *); 1734extern void free_uid(struct user_struct *);
1778extern void switch_uid(struct user_struct *);
1779extern void release_uids(struct user_namespace *ns); 1735extern void release_uids(struct user_namespace *ns);
1780 1736
1781#include <asm/current.h> 1737#include <asm/current.h>
@@ -1794,9 +1750,6 @@ extern void wake_up_new_task(struct task_struct *tsk,
1794extern void sched_fork(struct task_struct *p, int clone_flags); 1750extern void sched_fork(struct task_struct *p, int clone_flags);
1795extern void sched_dead(struct task_struct *p); 1751extern void sched_dead(struct task_struct *p);
1796 1752
1797extern int in_group_p(gid_t);
1798extern int in_egroup_p(gid_t);
1799
1800extern void proc_caches_init(void); 1753extern void proc_caches_init(void);
1801extern void flush_signals(struct task_struct *); 1754extern void flush_signals(struct task_struct *);
1802extern void ignore_signals(struct task_struct *); 1755extern void ignore_signals(struct task_struct *);
@@ -1928,6 +1881,8 @@ static inline unsigned long wait_task_inactive(struct task_struct *p,
1928#define for_each_process(p) \ 1881#define for_each_process(p) \
1929 for (p = &init_task ; (p = next_task(p)) != &init_task ; ) 1882 for (p = &init_task ; (p = next_task(p)) != &init_task ; )
1930 1883
1884extern bool is_single_threaded(struct task_struct *);
1885
1931/* 1886/*
1932 * Careful: do_each_thread/while_each_thread is a double loop so 1887 * Careful: do_each_thread/while_each_thread is a double loop so
1933 * 'break' will not work as expected - use goto instead. 1888 * 'break' will not work as expected - use goto instead.
diff --git a/include/linux/securebits.h b/include/linux/securebits.h
index 92f09bdf1175..d2c5ed845bcc 100644
--- a/include/linux/securebits.h
+++ b/include/linux/securebits.h
@@ -32,7 +32,7 @@
32 setting is locked or not. A setting which is locked cannot be 32 setting is locked or not. A setting which is locked cannot be
33 changed from user-level. */ 33 changed from user-level. */
34#define issecure_mask(X) (1 << (X)) 34#define issecure_mask(X) (1 << (X))
35#define issecure(X) (issecure_mask(X) & current->securebits) 35#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
36 36
37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ 37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \ 38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \
diff --git a/include/linux/security.h b/include/linux/security.h
index e3d4ecda2673..3416cb85e77b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -37,6 +37,10 @@
37/* Maximum number of letters for an LSM name string */ 37/* Maximum number of letters for an LSM name string */
38#define SECURITY_NAME_MAX 10 38#define SECURITY_NAME_MAX 10
39 39
40/* If capable should audit the security request */
41#define SECURITY_CAP_NOAUDIT 0
42#define SECURITY_CAP_AUDIT 1
43
40struct ctl_table; 44struct ctl_table;
41struct audit_krule; 45struct audit_krule;
42 46
@@ -44,25 +48,25 @@ struct audit_krule;
44 * These functions are in security/capability.c and are used 48 * These functions are in security/capability.c and are used
45 * as the default capabilities functions 49 * as the default capabilities functions
46 */ 50 */
47extern int cap_capable(struct task_struct *tsk, int cap); 51extern int cap_capable(struct task_struct *tsk, int cap, int audit);
48extern int cap_settime(struct timespec *ts, struct timezone *tz); 52extern int cap_settime(struct timespec *ts, struct timezone *tz);
49extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); 53extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
50extern int cap_ptrace_traceme(struct task_struct *parent); 54extern int cap_ptrace_traceme(struct task_struct *parent);
51extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 55extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
52extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 56extern int cap_capset(struct cred *new, const struct cred *old,
53extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 57 const kernel_cap_t *effective,
54extern int cap_bprm_set_security(struct linux_binprm *bprm); 58 const kernel_cap_t *inheritable,
55extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); 59 const kernel_cap_t *permitted);
60extern int cap_bprm_set_creds(struct linux_binprm *bprm);
56extern int cap_bprm_secureexec(struct linux_binprm *bprm); 61extern int cap_bprm_secureexec(struct linux_binprm *bprm);
57extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 62extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
58 const void *value, size_t size, int flags); 63 const void *value, size_t size, int flags);
59extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 64extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
60extern int cap_inode_need_killpriv(struct dentry *dentry); 65extern int cap_inode_need_killpriv(struct dentry *dentry);
61extern int cap_inode_killpriv(struct dentry *dentry); 66extern int cap_inode_killpriv(struct dentry *dentry);
62extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 67extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
63extern void cap_task_reparent_to_init(struct task_struct *p);
64extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 68extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
65 unsigned long arg4, unsigned long arg5, long *rc_p); 69 unsigned long arg4, unsigned long arg5);
66extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); 70extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
67extern int cap_task_setioprio(struct task_struct *p, int ioprio); 71extern int cap_task_setioprio(struct task_struct *p, int ioprio);
68extern int cap_task_setnice(struct task_struct *p, int nice); 72extern int cap_task_setnice(struct task_struct *p, int nice);
@@ -105,7 +109,7 @@ extern unsigned long mmap_min_addr;
105struct sched_param; 109struct sched_param;
106struct request_sock; 110struct request_sock;
107 111
108/* bprm_apply_creds unsafe reasons */ 112/* bprm->unsafe reasons */
109#define LSM_UNSAFE_SHARE 1 113#define LSM_UNSAFE_SHARE 1
110#define LSM_UNSAFE_PTRACE 2 114#define LSM_UNSAFE_PTRACE 2
111#define LSM_UNSAFE_PTRACE_CAP 4 115#define LSM_UNSAFE_PTRACE_CAP 4
@@ -149,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
149 * 153 *
150 * Security hooks for program execution operations. 154 * Security hooks for program execution operations.
151 * 155 *
152 * @bprm_alloc_security: 156 * @bprm_set_creds:
153 * Allocate and attach a security structure to the @bprm->security field.
154 * The security field is initialized to NULL when the bprm structure is
155 * allocated.
156 * @bprm contains the linux_binprm structure to be modified.
157 * Return 0 if operation was successful.
158 * @bprm_free_security:
159 * @bprm contains the linux_binprm structure to be modified.
160 * Deallocate and clear the @bprm->security field.
161 * @bprm_apply_creds:
162 * Compute and set the security attributes of a process being transformed
163 * by an execve operation based on the old attributes (current->security)
164 * and the information saved in @bprm->security by the set_security hook.
165 * Since this hook function (and its caller) are void, this hook can not
166 * return an error. However, it can leave the security attributes of the
167 * process unchanged if an access failure occurs at this point.
168 * bprm_apply_creds is called under task_lock. @unsafe indicates various
169 * reasons why it may be unsafe to change security state.
170 * @bprm contains the linux_binprm structure.
171 * @bprm_post_apply_creds:
172 * Runs after bprm_apply_creds with the task_lock dropped, so that
173 * functions which cannot be called safely under the task_lock can
174 * be used. This hook is a good place to perform state changes on
175 * the process such as closing open file descriptors to which access
176 * is no longer granted if the attributes were changed.
177 * Note that a security module might need to save state between
178 * bprm_apply_creds and bprm_post_apply_creds to store the decision
179 * on whether the process may proceed.
180 * @bprm contains the linux_binprm structure.
181 * @bprm_set_security:
182 * Save security information in the bprm->security field, typically based 157 * Save security information in the bprm->security field, typically based
183 * on information about the bprm->file, for later use by the apply_creds 158 * on information about the bprm->file, for later use by the apply_creds
184 * hook. This hook may also optionally check permissions (e.g. for 159 * hook. This hook may also optionally check permissions (e.g. for
@@ -191,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
191 * @bprm contains the linux_binprm structure. 166 * @bprm contains the linux_binprm structure.
192 * Return 0 if the hook is successful and permission is granted. 167 * Return 0 if the hook is successful and permission is granted.
193 * @bprm_check_security: 168 * @bprm_check_security:
194 * This hook mediates the point when a search for a binary handler will 169 * This hook mediates the point when a search for a binary handler will
195 * begin. It allows a check the @bprm->security value which is set in 170 * begin. It allows a check the @bprm->security value which is set in the
196 * the preceding set_security call. The primary difference from 171 * preceding set_creds call. The primary difference from set_creds is
197 * set_security is that the argv list and envp list are reliably 172 * that the argv list and envp list are reliably available in @bprm. This
198 * available in @bprm. This hook may be called multiple times 173 * hook may be called multiple times during a single execve; and in each
199 * during a single execve; and in each pass set_security is called 174 * pass set_creds is called first.
200 * first.
201 * @bprm contains the linux_binprm structure. 175 * @bprm contains the linux_binprm structure.
202 * Return 0 if the hook is successful and permission is granted. 176 * Return 0 if the hook is successful and permission is granted.
177 * @bprm_committing_creds:
178 * Prepare to install the new security attributes of a process being
179 * transformed by an execve operation, based on the old credentials
180 * pointed to by @current->cred and the information set in @bprm->cred by
181 * the bprm_set_creds hook. @bprm points to the linux_binprm structure.
182 * This hook is a good place to perform state changes on the process such
183 * as closing open file descriptors to which access will no longer be
184 * granted when the attributes are changed. This is called immediately
185 * before commit_creds().
186 * @bprm_committed_creds:
187 * Tidy up after the installation of the new security attributes of a
188 * process being transformed by an execve operation. The new credentials
189 * have, by this point, been set to @current->cred. @bprm points to the
190 * linux_binprm structure. This hook is a good place to perform state
191 * changes on the process such as clearing out non-inheritable signal
192 * state. This is called immediately after commit_creds().
203 * @bprm_secureexec: 193 * @bprm_secureexec:
204 * Return a boolean value (0 or 1) indicating whether a "secure exec" 194 * Return a boolean value (0 or 1) indicating whether a "secure exec"
205 * is required. The flag is passed in the auxiliary table 195 * is required. The flag is passed in the auxiliary table
@@ -585,15 +575,31 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
585 * manual page for definitions of the @clone_flags. 575 * manual page for definitions of the @clone_flags.
586 * @clone_flags contains the flags indicating what should be shared. 576 * @clone_flags contains the flags indicating what should be shared.
587 * Return 0 if permission is granted. 577 * Return 0 if permission is granted.
588 * @task_alloc_security: 578 * @cred_free:
589 * @p contains the task_struct for child process. 579 * @cred points to the credentials.
590 * Allocate and attach a security structure to the p->security field. The 580 * Deallocate and clear the cred->security field in a set of credentials.
591 * security field is initialized to NULL when the task structure is 581 * @cred_prepare:
592 * allocated. 582 * @new points to the new credentials.
593 * Return 0 if operation was successful. 583 * @old points to the original credentials.
594 * @task_free_security: 584 * @gfp indicates the atomicity of any memory allocations.
595 * @p contains the task_struct for process. 585 * Prepare a new set of credentials by copying the data from the old set.
596 * Deallocate and clear the p->security field. 586 * @cred_commit:
587 * @new points to the new credentials.
588 * @old points to the original credentials.
589 * Install a new set of credentials.
590 * @kernel_act_as:
591 * Set the credentials for a kernel service to act as (subjective context).
592 * @new points to the credentials to be modified.
593 * @secid specifies the security ID to be set
594 * The current task must be the one that nominated @secid.
595 * Return 0 if successful.
596 * @kernel_create_files_as:
597 * Set the file creation context in a set of credentials to be the same as
598 * the objective context of the specified inode.
599 * @new points to the credentials to be modified.
600 * @inode points to the inode to use as a reference.
601 * The current task must be the one that nominated @inode.
602 * Return 0 if successful.
597 * @task_setuid: 603 * @task_setuid:
598 * Check permission before setting one or more of the user identity 604 * Check permission before setting one or more of the user identity
599 * attributes of the current process. The @flags parameter indicates 605 * attributes of the current process. The @flags parameter indicates
@@ -606,15 +612,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
606 * @id2 contains a uid. 612 * @id2 contains a uid.
607 * @flags contains one of the LSM_SETID_* values. 613 * @flags contains one of the LSM_SETID_* values.
608 * Return 0 if permission is granted. 614 * Return 0 if permission is granted.
609 * @task_post_setuid: 615 * @task_fix_setuid:
610 * Update the module's state after setting one or more of the user 616 * Update the module's state after setting one or more of the user
611 * identity attributes of the current process. The @flags parameter 617 * identity attributes of the current process. The @flags parameter
612 * indicates which of the set*uid system calls invoked this hook. If 618 * indicates which of the set*uid system calls invoked this hook. If
613 * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other 619 * @new is the set of credentials that will be installed. Modifications
614 * parameters are not used. 620 * should be made to this rather than to @current->cred.
615 * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). 621 * @old is the set of credentials that are being replaces
616 * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
617 * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
618 * @flags contains one of the LSM_SETID_* values. 622 * @flags contains one of the LSM_SETID_* values.
619 * Return 0 on success. 623 * Return 0 on success.
620 * @task_setgid: 624 * @task_setgid:
@@ -717,13 +721,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
717 * @arg3 contains a argument. 721 * @arg3 contains a argument.
718 * @arg4 contains a argument. 722 * @arg4 contains a argument.
719 * @arg5 contains a argument. 723 * @arg5 contains a argument.
720 * @rc_p contains a pointer to communicate back the forced return code 724 * Return -ENOSYS if no-one wanted to handle this op, any other value to
721 * Return 0 if permission is granted, and non-zero if the security module 725 * cause prctl() to return immediately with that value.
722 * has taken responsibility (setting *rc_p) for the prctl call.
723 * @task_reparent_to_init:
724 * Set the security attributes in @p->security for a kernel thread that
725 * is being reparented to the init task.
726 * @p contains the task_struct for the kernel thread.
727 * @task_to_inode: 726 * @task_to_inode:
728 * Set the security attributes for an inode based on an associated task's 727 * Set the security attributes for an inode based on an associated task's
729 * security attributes, e.g. for /proc/pid inodes. 728 * security attributes, e.g. for /proc/pid inodes.
@@ -1000,7 +999,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1000 * See whether a specific operational right is granted to a process on a 999 * See whether a specific operational right is granted to a process on a
1001 * key. 1000 * key.
1002 * @key_ref refers to the key (key pointer + possession attribute bit). 1001 * @key_ref refers to the key (key pointer + possession attribute bit).
1003 * @context points to the process to provide the context against which to 1002 * @cred points to the credentials to provide the context against which to
1004 * evaluate the security data on the key. 1003 * evaluate the security data on the key.
1005 * @perm describes the combination of permissions required of this key. 1004 * @perm describes the combination of permissions required of this key.
1006 * Return 1 if permission granted, 0 if permission denied and -ve it the 1005 * Return 1 if permission granted, 0 if permission denied and -ve it the
@@ -1162,6 +1161,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1162 * @child process. 1161 * @child process.
1163 * Security modules may also want to perform a process tracing check 1162 * Security modules may also want to perform a process tracing check
1164 * during an execve in the set_security or apply_creds hooks of 1163 * during an execve in the set_security or apply_creds hooks of
1164 * tracing check during an execve in the bprm_set_creds hook of
1165 * binprm_security_ops if the process is being traced and its security 1165 * binprm_security_ops if the process is being traced and its security
1166 * attributes would be changed by the execve. 1166 * attributes would be changed by the execve.
1167 * @child contains the task_struct structure for the target process. 1167 * @child contains the task_struct structure for the target process.
@@ -1185,29 +1185,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1185 * @inheritable contains the inheritable capability set. 1185 * @inheritable contains the inheritable capability set.
1186 * @permitted contains the permitted capability set. 1186 * @permitted contains the permitted capability set.
1187 * Return 0 if the capability sets were successfully obtained. 1187 * Return 0 if the capability sets were successfully obtained.
1188 * @capset_check: 1188 * @capset:
1189 * Check permission before setting the @effective, @inheritable, and
1190 * @permitted capability sets for the @target process.
1191 * Caveat: @target is also set to current if a set of processes is
1192 * specified (i.e. all processes other than current and init or a
1193 * particular process group). Hence, the capset_set hook may need to
1194 * revalidate permission to the actual target process.
1195 * @target contains the task_struct structure for target process.
1196 * @effective contains the effective capability set.
1197 * @inheritable contains the inheritable capability set.
1198 * @permitted contains the permitted capability set.
1199 * Return 0 if permission is granted.
1200 * @capset_set:
1201 * Set the @effective, @inheritable, and @permitted capability sets for 1189 * Set the @effective, @inheritable, and @permitted capability sets for
1202 * the @target process. Since capset_check cannot always check permission 1190 * the current process.
1203 * to the real @target process, this hook may also perform permission 1191 * @new contains the new credentials structure for target process.
1204 * checking to determine if the current process is allowed to set the 1192 * @old contains the current credentials structure for target process.
1205 * capability sets of the @target process. However, this hook has no way
1206 * of returning an error due to the structure of the sys_capset code.
1207 * @target contains the task_struct structure for target process.
1208 * @effective contains the effective capability set. 1193 * @effective contains the effective capability set.
1209 * @inheritable contains the inheritable capability set. 1194 * @inheritable contains the inheritable capability set.
1210 * @permitted contains the permitted capability set. 1195 * @permitted contains the permitted capability set.
1196 * Return 0 and update @new if permission is granted.
1211 * @capable: 1197 * @capable:
1212 * Check whether the @tsk process has the @cap capability. 1198 * Check whether the @tsk process has the @cap capability.
1213 * @tsk contains the task_struct for the process. 1199 * @tsk contains the task_struct for the process.
@@ -1299,15 +1285,12 @@ struct security_operations {
1299 int (*capget) (struct task_struct *target, 1285 int (*capget) (struct task_struct *target,
1300 kernel_cap_t *effective, 1286 kernel_cap_t *effective,
1301 kernel_cap_t *inheritable, kernel_cap_t *permitted); 1287 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1302 int (*capset_check) (struct task_struct *target, 1288 int (*capset) (struct cred *new,
1303 kernel_cap_t *effective, 1289 const struct cred *old,
1304 kernel_cap_t *inheritable, 1290 const kernel_cap_t *effective,
1305 kernel_cap_t *permitted); 1291 const kernel_cap_t *inheritable,
1306 void (*capset_set) (struct task_struct *target, 1292 const kernel_cap_t *permitted);
1307 kernel_cap_t *effective, 1293 int (*capable) (struct task_struct *tsk, int cap, int audit);
1308 kernel_cap_t *inheritable,
1309 kernel_cap_t *permitted);
1310 int (*capable) (struct task_struct *tsk, int cap);
1311 int (*acct) (struct file *file); 1294 int (*acct) (struct file *file);
1312 int (*sysctl) (struct ctl_table *table, int op); 1295 int (*sysctl) (struct ctl_table *table, int op);
1313 int (*quotactl) (int cmds, int type, int id, struct super_block *sb); 1296 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
@@ -1316,18 +1299,16 @@ struct security_operations {
1316 int (*settime) (struct timespec *ts, struct timezone *tz); 1299 int (*settime) (struct timespec *ts, struct timezone *tz);
1317 int (*vm_enough_memory) (struct mm_struct *mm, long pages); 1300 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1318 1301
1319 int (*bprm_alloc_security) (struct linux_binprm *bprm); 1302 int (*bprm_set_creds) (struct linux_binprm *bprm);
1320 void (*bprm_free_security) (struct linux_binprm *bprm);
1321 void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe);
1322 void (*bprm_post_apply_creds) (struct linux_binprm *bprm);
1323 int (*bprm_set_security) (struct linux_binprm *bprm);
1324 int (*bprm_check_security) (struct linux_binprm *bprm); 1303 int (*bprm_check_security) (struct linux_binprm *bprm);
1325 int (*bprm_secureexec) (struct linux_binprm *bprm); 1304 int (*bprm_secureexec) (struct linux_binprm *bprm);
1305 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1306 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1326 1307
1327 int (*sb_alloc_security) (struct super_block *sb); 1308 int (*sb_alloc_security) (struct super_block *sb);
1328 void (*sb_free_security) (struct super_block *sb); 1309 void (*sb_free_security) (struct super_block *sb);
1329 int (*sb_copy_data) (char *orig, char *copy); 1310 int (*sb_copy_data) (char *orig, char *copy);
1330 int (*sb_kern_mount) (struct super_block *sb, void *data); 1311 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1331 int (*sb_show_options) (struct seq_file *m, struct super_block *sb); 1312 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1332 int (*sb_statfs) (struct dentry *dentry); 1313 int (*sb_statfs) (struct dentry *dentry);
1333 int (*sb_mount) (char *dev_name, struct path *path, 1314 int (*sb_mount) (char *dev_name, struct path *path,
@@ -1406,14 +1387,18 @@ struct security_operations {
1406 int (*file_send_sigiotask) (struct task_struct *tsk, 1387 int (*file_send_sigiotask) (struct task_struct *tsk,
1407 struct fown_struct *fown, int sig); 1388 struct fown_struct *fown, int sig);
1408 int (*file_receive) (struct file *file); 1389 int (*file_receive) (struct file *file);
1409 int (*dentry_open) (struct file *file); 1390 int (*dentry_open) (struct file *file, const struct cred *cred);
1410 1391
1411 int (*task_create) (unsigned long clone_flags); 1392 int (*task_create) (unsigned long clone_flags);
1412 int (*task_alloc_security) (struct task_struct *p); 1393 void (*cred_free) (struct cred *cred);
1413 void (*task_free_security) (struct task_struct *p); 1394 int (*cred_prepare)(struct cred *new, const struct cred *old,
1395 gfp_t gfp);
1396 void (*cred_commit)(struct cred *new, const struct cred *old);
1397 int (*kernel_act_as)(struct cred *new, u32 secid);
1398 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1414 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1399 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1415 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , 1400 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1416 uid_t old_euid, uid_t old_suid, int flags); 1401 int flags);
1417 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); 1402 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1418 int (*task_setpgid) (struct task_struct *p, pid_t pgid); 1403 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1419 int (*task_getpgid) (struct task_struct *p); 1404 int (*task_getpgid) (struct task_struct *p);
@@ -1433,8 +1418,7 @@ struct security_operations {
1433 int (*task_wait) (struct task_struct *p); 1418 int (*task_wait) (struct task_struct *p);
1434 int (*task_prctl) (int option, unsigned long arg2, 1419 int (*task_prctl) (int option, unsigned long arg2,
1435 unsigned long arg3, unsigned long arg4, 1420 unsigned long arg3, unsigned long arg4,
1436 unsigned long arg5, long *rc_p); 1421 unsigned long arg5);
1437 void (*task_reparent_to_init) (struct task_struct *p);
1438 void (*task_to_inode) (struct task_struct *p, struct inode *inode); 1422 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1439 1423
1440 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); 1424 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
@@ -1539,10 +1523,10 @@ struct security_operations {
1539 1523
1540 /* key management security hooks */ 1524 /* key management security hooks */
1541#ifdef CONFIG_KEYS 1525#ifdef CONFIG_KEYS
1542 int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); 1526 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1543 void (*key_free) (struct key *key); 1527 void (*key_free) (struct key *key);
1544 int (*key_permission) (key_ref_t key_ref, 1528 int (*key_permission) (key_ref_t key_ref,
1545 struct task_struct *context, 1529 const struct cred *cred,
1546 key_perm_t perm); 1530 key_perm_t perm);
1547 int (*key_getsecurity)(struct key *key, char **_buffer); 1531 int (*key_getsecurity)(struct key *key, char **_buffer);
1548#endif /* CONFIG_KEYS */ 1532#endif /* CONFIG_KEYS */
@@ -1568,15 +1552,12 @@ int security_capget(struct task_struct *target,
1568 kernel_cap_t *effective, 1552 kernel_cap_t *effective,
1569 kernel_cap_t *inheritable, 1553 kernel_cap_t *inheritable,
1570 kernel_cap_t *permitted); 1554 kernel_cap_t *permitted);
1571int security_capset_check(struct task_struct *target, 1555int security_capset(struct cred *new, const struct cred *old,
1572 kernel_cap_t *effective, 1556 const kernel_cap_t *effective,
1573 kernel_cap_t *inheritable, 1557 const kernel_cap_t *inheritable,
1574 kernel_cap_t *permitted); 1558 const kernel_cap_t *permitted);
1575void security_capset_set(struct task_struct *target,
1576 kernel_cap_t *effective,
1577 kernel_cap_t *inheritable,
1578 kernel_cap_t *permitted);
1579int security_capable(struct task_struct *tsk, int cap); 1559int security_capable(struct task_struct *tsk, int cap);
1560int security_capable_noaudit(struct task_struct *tsk, int cap);
1580int security_acct(struct file *file); 1561int security_acct(struct file *file);
1581int security_sysctl(struct ctl_table *table, int op); 1562int security_sysctl(struct ctl_table *table, int op);
1582int security_quotactl(int cmds, int type, int id, struct super_block *sb); 1563int security_quotactl(int cmds, int type, int id, struct super_block *sb);
@@ -1586,17 +1567,15 @@ int security_settime(struct timespec *ts, struct timezone *tz);
1586int security_vm_enough_memory(long pages); 1567int security_vm_enough_memory(long pages);
1587int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 1568int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1588int security_vm_enough_memory_kern(long pages); 1569int security_vm_enough_memory_kern(long pages);
1589int security_bprm_alloc(struct linux_binprm *bprm); 1570int security_bprm_set_creds(struct linux_binprm *bprm);
1590void security_bprm_free(struct linux_binprm *bprm);
1591void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
1592void security_bprm_post_apply_creds(struct linux_binprm *bprm);
1593int security_bprm_set(struct linux_binprm *bprm);
1594int security_bprm_check(struct linux_binprm *bprm); 1571int security_bprm_check(struct linux_binprm *bprm);
1572void security_bprm_committing_creds(struct linux_binprm *bprm);
1573void security_bprm_committed_creds(struct linux_binprm *bprm);
1595int security_bprm_secureexec(struct linux_binprm *bprm); 1574int security_bprm_secureexec(struct linux_binprm *bprm);
1596int security_sb_alloc(struct super_block *sb); 1575int security_sb_alloc(struct super_block *sb);
1597void security_sb_free(struct super_block *sb); 1576void security_sb_free(struct super_block *sb);
1598int security_sb_copy_data(char *orig, char *copy); 1577int security_sb_copy_data(char *orig, char *copy);
1599int security_sb_kern_mount(struct super_block *sb, void *data); 1578int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1600int security_sb_show_options(struct seq_file *m, struct super_block *sb); 1579int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1601int security_sb_statfs(struct dentry *dentry); 1580int security_sb_statfs(struct dentry *dentry);
1602int security_sb_mount(char *dev_name, struct path *path, 1581int security_sb_mount(char *dev_name, struct path *path,
@@ -1663,13 +1642,16 @@ int security_file_set_fowner(struct file *file);
1663int security_file_send_sigiotask(struct task_struct *tsk, 1642int security_file_send_sigiotask(struct task_struct *tsk,
1664 struct fown_struct *fown, int sig); 1643 struct fown_struct *fown, int sig);
1665int security_file_receive(struct file *file); 1644int security_file_receive(struct file *file);
1666int security_dentry_open(struct file *file); 1645int security_dentry_open(struct file *file, const struct cred *cred);
1667int security_task_create(unsigned long clone_flags); 1646int security_task_create(unsigned long clone_flags);
1668int security_task_alloc(struct task_struct *p); 1647void security_cred_free(struct cred *cred);
1669void security_task_free(struct task_struct *p); 1648int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1649void security_commit_creds(struct cred *new, const struct cred *old);
1650int security_kernel_act_as(struct cred *new, u32 secid);
1651int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1670int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); 1652int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1671int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 1653int security_task_fix_setuid(struct cred *new, const struct cred *old,
1672 uid_t old_suid, int flags); 1654 int flags);
1673int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); 1655int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1674int security_task_setpgid(struct task_struct *p, pid_t pgid); 1656int security_task_setpgid(struct task_struct *p, pid_t pgid);
1675int security_task_getpgid(struct task_struct *p); 1657int security_task_getpgid(struct task_struct *p);
@@ -1688,8 +1670,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info,
1688 int sig, u32 secid); 1670 int sig, u32 secid);
1689int security_task_wait(struct task_struct *p); 1671int security_task_wait(struct task_struct *p);
1690int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 1672int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1691 unsigned long arg4, unsigned long arg5, long *rc_p); 1673 unsigned long arg4, unsigned long arg5);
1692void security_task_reparent_to_init(struct task_struct *p);
1693void security_task_to_inode(struct task_struct *p, struct inode *inode); 1674void security_task_to_inode(struct task_struct *p, struct inode *inode);
1694int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 1675int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1695void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 1676void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
@@ -1764,25 +1745,23 @@ static inline int security_capget(struct task_struct *target,
1764 return cap_capget(target, effective, inheritable, permitted); 1745 return cap_capget(target, effective, inheritable, permitted);
1765} 1746}
1766 1747
1767static inline int security_capset_check(struct task_struct *target, 1748static inline int security_capset(struct cred *new,
1768 kernel_cap_t *effective, 1749 const struct cred *old,
1769 kernel_cap_t *inheritable, 1750 const kernel_cap_t *effective,
1770 kernel_cap_t *permitted) 1751 const kernel_cap_t *inheritable,
1752 const kernel_cap_t *permitted)
1771{ 1753{
1772 return cap_capset_check(target, effective, inheritable, permitted); 1754 return cap_capset(new, old, effective, inheritable, permitted);
1773} 1755}
1774 1756
1775static inline void security_capset_set(struct task_struct *target, 1757static inline int security_capable(struct task_struct *tsk, int cap)
1776 kernel_cap_t *effective,
1777 kernel_cap_t *inheritable,
1778 kernel_cap_t *permitted)
1779{ 1758{
1780 cap_capset_set(target, effective, inheritable, permitted); 1759 return cap_capable(tsk, cap, SECURITY_CAP_AUDIT);
1781} 1760}
1782 1761
1783static inline int security_capable(struct task_struct *tsk, int cap) 1762static inline int security_capable_noaudit(struct task_struct *tsk, int cap)
1784{ 1763{
1785 return cap_capable(tsk, cap); 1764 return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT);
1786} 1765}
1787 1766
1788static inline int security_acct(struct file *file) 1767static inline int security_acct(struct file *file)
@@ -1835,32 +1814,22 @@ static inline int security_vm_enough_memory_kern(long pages)
1835 return cap_vm_enough_memory(current->mm, pages); 1814 return cap_vm_enough_memory(current->mm, pages);
1836} 1815}
1837 1816
1838static inline int security_bprm_alloc(struct linux_binprm *bprm) 1817static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1839{
1840 return 0;
1841}
1842
1843static inline void security_bprm_free(struct linux_binprm *bprm)
1844{ }
1845
1846static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1847{ 1818{
1848 cap_bprm_apply_creds(bprm, unsafe); 1819 return cap_bprm_set_creds(bprm);
1849} 1820}
1850 1821
1851static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) 1822static inline int security_bprm_check(struct linux_binprm *bprm)
1852{ 1823{
1853 return; 1824 return 0;
1854} 1825}
1855 1826
1856static inline int security_bprm_set(struct linux_binprm *bprm) 1827static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1857{ 1828{
1858 return cap_bprm_set_security(bprm);
1859} 1829}
1860 1830
1861static inline int security_bprm_check(struct linux_binprm *bprm) 1831static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1862{ 1832{
1863 return 0;
1864} 1833}
1865 1834
1866static inline int security_bprm_secureexec(struct linux_binprm *bprm) 1835static inline int security_bprm_secureexec(struct linux_binprm *bprm)
@@ -1881,7 +1850,7 @@ static inline int security_sb_copy_data(char *orig, char *copy)
1881 return 0; 1850 return 0;
1882} 1851}
1883 1852
1884static inline int security_sb_kern_mount(struct super_block *sb, void *data) 1853static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
1885{ 1854{
1886 return 0; 1855 return 0;
1887} 1856}
@@ -2177,7 +2146,8 @@ static inline int security_file_receive(struct file *file)
2177 return 0; 2146 return 0;
2178} 2147}
2179 2148
2180static inline int security_dentry_open(struct file *file) 2149static inline int security_dentry_open(struct file *file,
2150 const struct cred *cred)
2181{ 2151{
2182 return 0; 2152 return 0;
2183} 2153}
@@ -2187,13 +2157,31 @@ static inline int security_task_create(unsigned long clone_flags)
2187 return 0; 2157 return 0;
2188} 2158}
2189 2159
2190static inline int security_task_alloc(struct task_struct *p) 2160static inline void security_cred_free(struct cred *cred)
2161{ }
2162
2163static inline int security_prepare_creds(struct cred *new,
2164 const struct cred *old,
2165 gfp_t gfp)
2191{ 2166{
2192 return 0; 2167 return 0;
2193} 2168}
2194 2169
2195static inline void security_task_free(struct task_struct *p) 2170static inline void security_commit_creds(struct cred *new,
2196{ } 2171 const struct cred *old)
2172{
2173}
2174
2175static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2176{
2177 return 0;
2178}
2179
2180static inline int security_kernel_create_files_as(struct cred *cred,
2181 struct inode *inode)
2182{
2183 return 0;
2184}
2197 2185
2198static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, 2186static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2199 int flags) 2187 int flags)
@@ -2201,10 +2189,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2201 return 0; 2189 return 0;
2202} 2190}
2203 2191
2204static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 2192static inline int security_task_fix_setuid(struct cred *new,
2205 uid_t old_suid, int flags) 2193 const struct cred *old,
2194 int flags)
2206{ 2195{
2207 return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); 2196 return cap_task_fix_setuid(new, old, flags);
2208} 2197}
2209 2198
2210static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, 2199static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2,
@@ -2291,14 +2280,9 @@ static inline int security_task_wait(struct task_struct *p)
2291static inline int security_task_prctl(int option, unsigned long arg2, 2280static inline int security_task_prctl(int option, unsigned long arg2,
2292 unsigned long arg3, 2281 unsigned long arg3,
2293 unsigned long arg4, 2282 unsigned long arg4,
2294 unsigned long arg5, long *rc_p) 2283 unsigned long arg5)
2295{
2296 return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p);
2297}
2298
2299static inline void security_task_reparent_to_init(struct task_struct *p)
2300{ 2284{
2301 cap_task_reparent_to_init(p); 2285 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2302} 2286}
2303 2287
2304static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 2288static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
@@ -2724,16 +2708,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
2724#ifdef CONFIG_KEYS 2708#ifdef CONFIG_KEYS
2725#ifdef CONFIG_SECURITY 2709#ifdef CONFIG_SECURITY
2726 2710
2727int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); 2711int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2728void security_key_free(struct key *key); 2712void security_key_free(struct key *key);
2729int security_key_permission(key_ref_t key_ref, 2713int security_key_permission(key_ref_t key_ref,
2730 struct task_struct *context, key_perm_t perm); 2714 const struct cred *cred, key_perm_t perm);
2731int security_key_getsecurity(struct key *key, char **_buffer); 2715int security_key_getsecurity(struct key *key, char **_buffer);
2732 2716
2733#else 2717#else
2734 2718
2735static inline int security_key_alloc(struct key *key, 2719static inline int security_key_alloc(struct key *key,
2736 struct task_struct *tsk, 2720 const struct cred *cred,
2737 unsigned long flags) 2721 unsigned long flags)
2738{ 2722{
2739 return 0; 2723 return 0;
@@ -2744,7 +2728,7 @@ static inline void security_key_free(struct key *key)
2744} 2728}
2745 2729
2746static inline int security_key_permission(key_ref_t key_ref, 2730static inline int security_key_permission(key_ref_t key_ref,
2747 struct task_struct *context, 2731 const struct cred *cred,
2748 key_perm_t perm) 2732 key_perm_t perm)
2749{ 2733{
2750 return 0; 2734 return 0;
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 3b8121d4e36f..580700f20a1c 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -442,6 +442,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
442 size_t size); 442 size_t size);
443extern void tty_audit_exit(void); 443extern void tty_audit_exit(void);
444extern void tty_audit_fork(struct signal_struct *sig); 444extern void tty_audit_fork(struct signal_struct *sig);
445extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
445extern void tty_audit_push(struct tty_struct *tty); 446extern void tty_audit_push(struct tty_struct *tty);
446extern void tty_audit_push_task(struct task_struct *tsk, 447extern void tty_audit_push_task(struct task_struct *tsk,
447 uid_t loginuid, u32 sessionid); 448 uid_t loginuid, u32 sessionid);
@@ -450,6 +451,9 @@ static inline void tty_audit_add_data(struct tty_struct *tty,
450 unsigned char *data, size_t size) 451 unsigned char *data, size_t size)
451{ 452{
452} 453}
454static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch)
455{
456}
453static inline void tty_audit_exit(void) 457static inline void tty_audit_exit(void)
454{ 458{
455} 459}
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index b5f41d4c2eec..315bcd375224 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -12,7 +12,7 @@
12struct user_namespace { 12struct user_namespace {
13 struct kref kref; 13 struct kref kref;
14 struct hlist_head uidhash_table[UIDHASH_SZ]; 14 struct hlist_head uidhash_table[UIDHASH_SZ];
15 struct user_struct *root_user; 15 struct user_struct *creator;
16}; 16};
17 17
18extern struct user_namespace init_user_ns; 18extern struct user_namespace init_user_ns;
@@ -26,8 +26,7 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
26 return ns; 26 return ns;
27} 27}
28 28
29extern struct user_namespace *copy_user_ns(int flags, 29extern int create_user_ns(struct cred *new);
30 struct user_namespace *old_ns);
31extern void free_user_ns(struct kref *kref); 30extern void free_user_ns(struct kref *kref);
32 31
33static inline void put_user_ns(struct user_namespace *ns) 32static inline void put_user_ns(struct user_namespace *ns)
@@ -43,13 +42,9 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
43 return &init_user_ns; 42 return &init_user_ns;
44} 43}
45 44
46static inline struct user_namespace *copy_user_ns(int flags, 45static inline int create_user_ns(struct cred *new)
47 struct user_namespace *old_ns)
48{ 46{
49 if (flags & CLONE_NEWUSER) 47 return -EINVAL;
50 return ERR_PTR(-EINVAL);
51
52 return old_ns;
53} 48}
54 49
55static inline void put_user_ns(struct user_namespace *ns) 50static inline void put_user_ns(struct user_namespace *ns)