aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:17 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:17 -0500
commitf1752eec6145c97163dbce62d17cf5d928e28a27 (patch)
tree16bc51166d38815092de36a461b845b0b4b522f9 /include
parentb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (diff)
CRED: Detach the credentials from task_struct
Detach the credentials from task_struct, duplicating them in copy_process() and releasing them in __put_task_struct(). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/cred.h29
-rw-r--r--include/linux/init_task.h16
-rw-r--r--include/linux/sched.h1
-rw-r--r--include/linux/security.h26
4 files changed, 43 insertions, 29 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 3e65587a72e5..a7a686074cb0 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -158,4 +158,33 @@ do { \
158 *(_gid) = current->cred->fsgid; \ 158 *(_gid) = current->cred->fsgid; \
159} while(0) 159} while(0)
160 160
161extern void __put_cred(struct cred *);
162extern int copy_creds(struct task_struct *, unsigned long);
163
164/**
165 * get_cred - Get a reference on a set of credentials
166 * @cred: The credentials to reference
167 *
168 * Get a reference on the specified set of credentials. The caller must
169 * release the reference.
170 */
171static inline struct cred *get_cred(struct cred *cred)
172{
173 atomic_inc(&cred->usage);
174 return cred;
175}
176
177/**
178 * put_cred - Release a reference to a set of credentials
179 * @cred: The credentials to release
180 *
181 * Release a reference to a set of credentials, deleting them when the last ref
182 * is released.
183 */
184static inline void put_cred(struct cred *cred)
185{
186 if (atomic_dec_and_test(&(cred)->usage))
187 __put_cred(cred);
188}
189
161#endif /* _LINUX_CRED_H */ 190#endif /* _LINUX_CRED_H */
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 9de41ccd67b5..5e24c54b6dfd 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -115,19 +115,6 @@ extern struct group_info init_groups;
115 115
116extern struct cred init_cred; 116extern struct cred init_cred;
117 117
118#define INIT_CRED(p) \
119{ \
120 .usage = ATOMIC_INIT(3), \
121 .securebits = SECUREBITS_DEFAULT, \
122 .cap_inheritable = CAP_INIT_INH_SET, \
123 .cap_permitted = CAP_FULL_SET, \
124 .cap_effective = CAP_INIT_EFF_SET, \
125 .cap_bset = CAP_INIT_BSET, \
126 .user = INIT_USER, \
127 .group_info = &init_groups, \
128 .lock = __SPIN_LOCK_UNLOCKED(p.lock), \
129}
130
131/* 118/*
132 * INIT_TASK is used to set up the first task table, touch at 119 * INIT_TASK is used to set up the first task table, touch at
133 * your own risk!. Base=0, limit=0x1fffff (=2MB) 120 * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -162,8 +149,7 @@ extern struct cred init_cred;
162 .children = LIST_HEAD_INIT(tsk.children), \ 149 .children = LIST_HEAD_INIT(tsk.children), \
163 .sibling = LIST_HEAD_INIT(tsk.sibling), \ 150 .sibling = LIST_HEAD_INIT(tsk.sibling), \
164 .group_leader = &tsk, \ 151 .group_leader = &tsk, \
165 .__temp_cred = INIT_CRED(tsk.__temp_cred), \ 152 .cred = &init_cred, \
166 .cred = &tsk.__temp_cred, \
167 .comm = "swapper", \ 153 .comm = "swapper", \
168 .thread = INIT_THREAD, \ 154 .thread = INIT_THREAD, \
169 .fs = &init_fs, \ 155 .fs = &init_fs, \
diff --git a/include/linux/sched.h b/include/linux/sched.h
index c8b92502354d..740cf946c8cc 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1151,7 +1151,6 @@ struct task_struct {
1151 struct list_head cpu_timers[3]; 1151 struct list_head cpu_timers[3];
1152 1152
1153/* process credentials */ 1153/* process credentials */
1154 struct cred __temp_cred __deprecated; /* temporary credentials to be removed */
1155 struct cred *cred; /* actual/objective task credentials */ 1154 struct cred *cred; /* actual/objective task credentials */
1156 1155
1157 char comm[TASK_COMM_LEN]; /* executable name excluding path 1156 char comm[TASK_COMM_LEN]; /* executable name excluding path
diff --git a/include/linux/security.h b/include/linux/security.h
index 9f305d4a31a7..9239cc11eb9c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -593,15 +593,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
593 * manual page for definitions of the @clone_flags. 593 * manual page for definitions of the @clone_flags.
594 * @clone_flags contains the flags indicating what should be shared. 594 * @clone_flags contains the flags indicating what should be shared.
595 * Return 0 if permission is granted. 595 * Return 0 if permission is granted.
596 * @task_alloc_security: 596 * @cred_alloc_security:
597 * @p contains the task_struct for child process. 597 * @cred contains the cred struct for child process.
598 * Allocate and attach a security structure to the p->security field. The 598 * Allocate and attach a security structure to the cred->security field.
599 * security field is initialized to NULL when the task structure is 599 * The security field is initialized to NULL when the task structure is
600 * allocated. 600 * allocated.
601 * Return 0 if operation was successful. 601 * Return 0 if operation was successful.
602 * @task_free_security: 602 * @cred_free:
603 * @p contains the task_struct for process. 603 * @cred points to the credentials.
604 * Deallocate and clear the p->security field. 604 * Deallocate and clear the cred->security field in a set of credentials.
605 * @task_setuid: 605 * @task_setuid:
606 * Check permission before setting one or more of the user identity 606 * Check permission before setting one or more of the user identity
607 * attributes of the current process. The @flags parameter indicates 607 * attributes of the current process. The @flags parameter indicates
@@ -1405,8 +1405,8 @@ struct security_operations {
1405 int (*dentry_open) (struct file *file); 1405 int (*dentry_open) (struct file *file);
1406 1406
1407 int (*task_create) (unsigned long clone_flags); 1407 int (*task_create) (unsigned long clone_flags);
1408 int (*task_alloc_security) (struct task_struct *p); 1408 int (*cred_alloc_security) (struct cred *cred);
1409 void (*task_free_security) (struct task_struct *p); 1409 void (*cred_free) (struct cred *cred);
1410 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1410 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1411 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , 1411 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ ,
1412 uid_t old_euid, uid_t old_suid, int flags); 1412 uid_t old_euid, uid_t old_suid, int flags);
@@ -1660,8 +1660,8 @@ int security_file_send_sigiotask(struct task_struct *tsk,
1660int security_file_receive(struct file *file); 1660int security_file_receive(struct file *file);
1661int security_dentry_open(struct file *file); 1661int security_dentry_open(struct file *file);
1662int security_task_create(unsigned long clone_flags); 1662int security_task_create(unsigned long clone_flags);
1663int security_task_alloc(struct task_struct *p); 1663int security_cred_alloc(struct cred *cred);
1664void security_task_free(struct task_struct *p); 1664void security_cred_free(struct cred *cred);
1665int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); 1665int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1666int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 1666int security_task_post_setuid(uid_t old_ruid, uid_t old_euid,
1667 uid_t old_suid, int flags); 1667 uid_t old_suid, int flags);
@@ -2181,12 +2181,12 @@ static inline int security_task_create(unsigned long clone_flags)
2181 return 0; 2181 return 0;
2182} 2182}
2183 2183
2184static inline int security_task_alloc(struct task_struct *p) 2184static inline int security_cred_alloc(struct cred *cred)
2185{ 2185{
2186 return 0; 2186 return 0;
2187} 2187}
2188 2188
2189static inline void security_task_free(struct task_struct *p) 2189static inline void security_cred_free(struct cred *cred)
2190{ } 2190{ }
2191 2191
2192static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, 2192static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,