diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:17 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:17 -0500 |
commit | f1752eec6145c97163dbce62d17cf5d928e28a27 (patch) | |
tree | 16bc51166d38815092de36a461b845b0b4b522f9 /include | |
parent | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (diff) |
CRED: Detach the credentials from task_struct
Detach the credentials from task_struct, duplicating them in copy_process()
and releasing them in __put_task_struct().
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/cred.h | 29 | ||||
-rw-r--r-- | include/linux/init_task.h | 16 | ||||
-rw-r--r-- | include/linux/sched.h | 1 | ||||
-rw-r--r-- | include/linux/security.h | 26 |
4 files changed, 43 insertions, 29 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 3e65587a72e5..a7a686074cb0 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -158,4 +158,33 @@ do { \ | |||
158 | *(_gid) = current->cred->fsgid; \ | 158 | *(_gid) = current->cred->fsgid; \ |
159 | } while(0) | 159 | } while(0) |
160 | 160 | ||
161 | extern void __put_cred(struct cred *); | ||
162 | extern int copy_creds(struct task_struct *, unsigned long); | ||
163 | |||
164 | /** | ||
165 | * get_cred - Get a reference on a set of credentials | ||
166 | * @cred: The credentials to reference | ||
167 | * | ||
168 | * Get a reference on the specified set of credentials. The caller must | ||
169 | * release the reference. | ||
170 | */ | ||
171 | static inline struct cred *get_cred(struct cred *cred) | ||
172 | { | ||
173 | atomic_inc(&cred->usage); | ||
174 | return cred; | ||
175 | } | ||
176 | |||
177 | /** | ||
178 | * put_cred - Release a reference to a set of credentials | ||
179 | * @cred: The credentials to release | ||
180 | * | ||
181 | * Release a reference to a set of credentials, deleting them when the last ref | ||
182 | * is released. | ||
183 | */ | ||
184 | static inline void put_cred(struct cred *cred) | ||
185 | { | ||
186 | if (atomic_dec_and_test(&(cred)->usage)) | ||
187 | __put_cred(cred); | ||
188 | } | ||
189 | |||
161 | #endif /* _LINUX_CRED_H */ | 190 | #endif /* _LINUX_CRED_H */ |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 9de41ccd67b5..5e24c54b6dfd 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
@@ -115,19 +115,6 @@ extern struct group_info init_groups; | |||
115 | 115 | ||
116 | extern struct cred init_cred; | 116 | extern struct cred init_cred; |
117 | 117 | ||
118 | #define INIT_CRED(p) \ | ||
119 | { \ | ||
120 | .usage = ATOMIC_INIT(3), \ | ||
121 | .securebits = SECUREBITS_DEFAULT, \ | ||
122 | .cap_inheritable = CAP_INIT_INH_SET, \ | ||
123 | .cap_permitted = CAP_FULL_SET, \ | ||
124 | .cap_effective = CAP_INIT_EFF_SET, \ | ||
125 | .cap_bset = CAP_INIT_BSET, \ | ||
126 | .user = INIT_USER, \ | ||
127 | .group_info = &init_groups, \ | ||
128 | .lock = __SPIN_LOCK_UNLOCKED(p.lock), \ | ||
129 | } | ||
130 | |||
131 | /* | 118 | /* |
132 | * INIT_TASK is used to set up the first task table, touch at | 119 | * INIT_TASK is used to set up the first task table, touch at |
133 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | 120 | * your own risk!. Base=0, limit=0x1fffff (=2MB) |
@@ -162,8 +149,7 @@ extern struct cred init_cred; | |||
162 | .children = LIST_HEAD_INIT(tsk.children), \ | 149 | .children = LIST_HEAD_INIT(tsk.children), \ |
163 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ | 150 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ |
164 | .group_leader = &tsk, \ | 151 | .group_leader = &tsk, \ |
165 | .__temp_cred = INIT_CRED(tsk.__temp_cred), \ | 152 | .cred = &init_cred, \ |
166 | .cred = &tsk.__temp_cred, \ | ||
167 | .comm = "swapper", \ | 153 | .comm = "swapper", \ |
168 | .thread = INIT_THREAD, \ | 154 | .thread = INIT_THREAD, \ |
169 | .fs = &init_fs, \ | 155 | .fs = &init_fs, \ |
diff --git a/include/linux/sched.h b/include/linux/sched.h index c8b92502354d..740cf946c8cc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -1151,7 +1151,6 @@ struct task_struct { | |||
1151 | struct list_head cpu_timers[3]; | 1151 | struct list_head cpu_timers[3]; |
1152 | 1152 | ||
1153 | /* process credentials */ | 1153 | /* process credentials */ |
1154 | struct cred __temp_cred __deprecated; /* temporary credentials to be removed */ | ||
1155 | struct cred *cred; /* actual/objective task credentials */ | 1154 | struct cred *cred; /* actual/objective task credentials */ |
1156 | 1155 | ||
1157 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 1156 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
diff --git a/include/linux/security.h b/include/linux/security.h index 9f305d4a31a7..9239cc11eb9c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -593,15 +593,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
593 | * manual page for definitions of the @clone_flags. | 593 | * manual page for definitions of the @clone_flags. |
594 | * @clone_flags contains the flags indicating what should be shared. | 594 | * @clone_flags contains the flags indicating what should be shared. |
595 | * Return 0 if permission is granted. | 595 | * Return 0 if permission is granted. |
596 | * @task_alloc_security: | 596 | * @cred_alloc_security: |
597 | * @p contains the task_struct for child process. | 597 | * @cred contains the cred struct for child process. |
598 | * Allocate and attach a security structure to the p->security field. The | 598 | * Allocate and attach a security structure to the cred->security field. |
599 | * security field is initialized to NULL when the task structure is | 599 | * The security field is initialized to NULL when the task structure is |
600 | * allocated. | 600 | * allocated. |
601 | * Return 0 if operation was successful. | 601 | * Return 0 if operation was successful. |
602 | * @task_free_security: | 602 | * @cred_free: |
603 | * @p contains the task_struct for process. | 603 | * @cred points to the credentials. |
604 | * Deallocate and clear the p->security field. | 604 | * Deallocate and clear the cred->security field in a set of credentials. |
605 | * @task_setuid: | 605 | * @task_setuid: |
606 | * Check permission before setting one or more of the user identity | 606 | * Check permission before setting one or more of the user identity |
607 | * attributes of the current process. The @flags parameter indicates | 607 | * attributes of the current process. The @flags parameter indicates |
@@ -1405,8 +1405,8 @@ struct security_operations { | |||
1405 | int (*dentry_open) (struct file *file); | 1405 | int (*dentry_open) (struct file *file); |
1406 | 1406 | ||
1407 | int (*task_create) (unsigned long clone_flags); | 1407 | int (*task_create) (unsigned long clone_flags); |
1408 | int (*task_alloc_security) (struct task_struct *p); | 1408 | int (*cred_alloc_security) (struct cred *cred); |
1409 | void (*task_free_security) (struct task_struct *p); | 1409 | void (*cred_free) (struct cred *cred); |
1410 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1410 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1411 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , | 1411 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , |
1412 | uid_t old_euid, uid_t old_suid, int flags); | 1412 | uid_t old_euid, uid_t old_suid, int flags); |
@@ -1660,8 +1660,8 @@ int security_file_send_sigiotask(struct task_struct *tsk, | |||
1660 | int security_file_receive(struct file *file); | 1660 | int security_file_receive(struct file *file); |
1661 | int security_dentry_open(struct file *file); | 1661 | int security_dentry_open(struct file *file); |
1662 | int security_task_create(unsigned long clone_flags); | 1662 | int security_task_create(unsigned long clone_flags); |
1663 | int security_task_alloc(struct task_struct *p); | 1663 | int security_cred_alloc(struct cred *cred); |
1664 | void security_task_free(struct task_struct *p); | 1664 | void security_cred_free(struct cred *cred); |
1665 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1665 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1666 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 1666 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, |
1667 | uid_t old_suid, int flags); | 1667 | uid_t old_suid, int flags); |
@@ -2181,12 +2181,12 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2181 | return 0; | 2181 | return 0; |
2182 | } | 2182 | } |
2183 | 2183 | ||
2184 | static inline int security_task_alloc(struct task_struct *p) | 2184 | static inline int security_cred_alloc(struct cred *cred) |
2185 | { | 2185 | { |
2186 | return 0; | 2186 | return 0; |
2187 | } | 2187 | } |
2188 | 2188 | ||
2189 | static inline void security_task_free(struct task_struct *p) | 2189 | static inline void security_cred_free(struct cred *cred) |
2190 | { } | 2190 | { } |
2191 | 2191 | ||
2192 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2192 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |