diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/auditsc.c | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9c7e47ae4576..2febf5165fad 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -447,6 +447,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
447 | struct audit_names *name, | 447 | struct audit_names *name, |
448 | enum audit_state *state) | 448 | enum audit_state *state) |
449 | { | 449 | { |
450 | struct cred *cred = tsk->cred; | ||
450 | int i, j, need_sid = 1; | 451 | int i, j, need_sid = 1; |
451 | u32 sid; | 452 | u32 sid; |
452 | 453 | ||
@@ -466,28 +467,28 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
466 | } | 467 | } |
467 | break; | 468 | break; |
468 | case AUDIT_UID: | 469 | case AUDIT_UID: |
469 | result = audit_comparator(tsk->uid, f->op, f->val); | 470 | result = audit_comparator(cred->uid, f->op, f->val); |
470 | break; | 471 | break; |
471 | case AUDIT_EUID: | 472 | case AUDIT_EUID: |
472 | result = audit_comparator(tsk->euid, f->op, f->val); | 473 | result = audit_comparator(cred->euid, f->op, f->val); |
473 | break; | 474 | break; |
474 | case AUDIT_SUID: | 475 | case AUDIT_SUID: |
475 | result = audit_comparator(tsk->suid, f->op, f->val); | 476 | result = audit_comparator(cred->suid, f->op, f->val); |
476 | break; | 477 | break; |
477 | case AUDIT_FSUID: | 478 | case AUDIT_FSUID: |
478 | result = audit_comparator(tsk->fsuid, f->op, f->val); | 479 | result = audit_comparator(cred->fsuid, f->op, f->val); |
479 | break; | 480 | break; |
480 | case AUDIT_GID: | 481 | case AUDIT_GID: |
481 | result = audit_comparator(tsk->gid, f->op, f->val); | 482 | result = audit_comparator(cred->gid, f->op, f->val); |
482 | break; | 483 | break; |
483 | case AUDIT_EGID: | 484 | case AUDIT_EGID: |
484 | result = audit_comparator(tsk->egid, f->op, f->val); | 485 | result = audit_comparator(cred->egid, f->op, f->val); |
485 | break; | 486 | break; |
486 | case AUDIT_SGID: | 487 | case AUDIT_SGID: |
487 | result = audit_comparator(tsk->sgid, f->op, f->val); | 488 | result = audit_comparator(cred->sgid, f->op, f->val); |
488 | break; | 489 | break; |
489 | case AUDIT_FSGID: | 490 | case AUDIT_FSGID: |
490 | result = audit_comparator(tsk->fsgid, f->op, f->val); | 491 | result = audit_comparator(cred->fsgid, f->op, f->val); |
491 | break; | 492 | break; |
492 | case AUDIT_PERS: | 493 | case AUDIT_PERS: |
493 | result = audit_comparator(tsk->personality, f->op, f->val); | 494 | result = audit_comparator(tsk->personality, f->op, f->val); |
@@ -1228,6 +1229,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) | |||
1228 | 1229 | ||
1229 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) | 1230 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
1230 | { | 1231 | { |
1232 | struct cred *cred = tsk->cred; | ||
1231 | int i, call_panic = 0; | 1233 | int i, call_panic = 0; |
1232 | struct audit_buffer *ab; | 1234 | struct audit_buffer *ab; |
1233 | struct audit_aux_data *aux; | 1235 | struct audit_aux_data *aux; |
@@ -1237,14 +1239,14 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1237 | context->pid = tsk->pid; | 1239 | context->pid = tsk->pid; |
1238 | if (!context->ppid) | 1240 | if (!context->ppid) |
1239 | context->ppid = sys_getppid(); | 1241 | context->ppid = sys_getppid(); |
1240 | context->uid = tsk->uid; | 1242 | context->uid = cred->uid; |
1241 | context->gid = tsk->gid; | 1243 | context->gid = cred->gid; |
1242 | context->euid = tsk->euid; | 1244 | context->euid = cred->euid; |
1243 | context->suid = tsk->suid; | 1245 | context->suid = cred->suid; |
1244 | context->fsuid = tsk->fsuid; | 1246 | context->fsuid = cred->fsuid; |
1245 | context->egid = tsk->egid; | 1247 | context->egid = cred->egid; |
1246 | context->sgid = tsk->sgid; | 1248 | context->sgid = cred->sgid; |
1247 | context->fsgid = tsk->fsgid; | 1249 | context->fsgid = cred->fsgid; |
1248 | context->personality = tsk->personality; | 1250 | context->personality = tsk->personality; |
1249 | 1251 | ||
1250 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); | 1252 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); |
@@ -2086,7 +2088,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid) | |||
2086 | audit_log_format(ab, "login pid=%d uid=%u " | 2088 | audit_log_format(ab, "login pid=%d uid=%u " |
2087 | "old auid=%u new auid=%u" | 2089 | "old auid=%u new auid=%u" |
2088 | " old ses=%u new ses=%u", | 2090 | " old ses=%u new ses=%u", |
2089 | task->pid, task->uid, | 2091 | task->pid, task->cred->uid, |
2090 | task->loginuid, loginuid, | 2092 | task->loginuid, loginuid, |
2091 | task->sessionid, sessionid); | 2093 | task->sessionid, sessionid); |
2092 | audit_log_end(ab); | 2094 | audit_log_end(ab); |
@@ -2469,7 +2471,7 @@ void __audit_ptrace(struct task_struct *t) | |||
2469 | 2471 | ||
2470 | context->target_pid = t->pid; | 2472 | context->target_pid = t->pid; |
2471 | context->target_auid = audit_get_loginuid(t); | 2473 | context->target_auid = audit_get_loginuid(t); |
2472 | context->target_uid = t->uid; | 2474 | context->target_uid = t->cred->uid; |
2473 | context->target_sessionid = audit_get_sessionid(t); | 2475 | context->target_sessionid = audit_get_sessionid(t); |
2474 | security_task_getsecid(t, &context->target_sid); | 2476 | security_task_getsecid(t, &context->target_sid); |
2475 | memcpy(context->target_comm, t->comm, TASK_COMM_LEN); | 2477 | memcpy(context->target_comm, t->comm, TASK_COMM_LEN); |
@@ -2495,7 +2497,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2495 | if (tsk->loginuid != -1) | 2497 | if (tsk->loginuid != -1) |
2496 | audit_sig_uid = tsk->loginuid; | 2498 | audit_sig_uid = tsk->loginuid; |
2497 | else | 2499 | else |
2498 | audit_sig_uid = tsk->uid; | 2500 | audit_sig_uid = tsk->cred->uid; |
2499 | security_task_getsecid(tsk, &audit_sig_sid); | 2501 | security_task_getsecid(tsk, &audit_sig_sid); |
2500 | } | 2502 | } |
2501 | if (!audit_signals || audit_dummy_context()) | 2503 | if (!audit_signals || audit_dummy_context()) |
@@ -2507,7 +2509,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2507 | if (!ctx->target_pid) { | 2509 | if (!ctx->target_pid) { |
2508 | ctx->target_pid = t->tgid; | 2510 | ctx->target_pid = t->tgid; |
2509 | ctx->target_auid = audit_get_loginuid(t); | 2511 | ctx->target_auid = audit_get_loginuid(t); |
2510 | ctx->target_uid = t->uid; | 2512 | ctx->target_uid = t->cred->uid; |
2511 | ctx->target_sessionid = audit_get_sessionid(t); | 2513 | ctx->target_sessionid = audit_get_sessionid(t); |
2512 | security_task_getsecid(t, &ctx->target_sid); | 2514 | security_task_getsecid(t, &ctx->target_sid); |
2513 | memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); | 2515 | memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); |
@@ -2528,7 +2530,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2528 | 2530 | ||
2529 | axp->target_pid[axp->pid_count] = t->tgid; | 2531 | axp->target_pid[axp->pid_count] = t->tgid; |
2530 | axp->target_auid[axp->pid_count] = audit_get_loginuid(t); | 2532 | axp->target_auid[axp->pid_count] = audit_get_loginuid(t); |
2531 | axp->target_uid[axp->pid_count] = t->uid; | 2533 | axp->target_uid[axp->pid_count] = t->cred->uid; |
2532 | axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); | 2534 | axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); |
2533 | security_task_getsecid(t, &axp->target_sid[axp->pid_count]); | 2535 | security_task_getsecid(t, &axp->target_sid[axp->pid_count]); |
2534 | memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); | 2536 | memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); |
@@ -2575,12 +2577,12 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_ | |||
2575 | ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; | 2577 | ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; |
2576 | 2578 | ||
2577 | ax->old_pcap.permitted = *pP; | 2579 | ax->old_pcap.permitted = *pP; |
2578 | ax->old_pcap.inheritable = current->cap_inheritable; | 2580 | ax->old_pcap.inheritable = current->cred->cap_inheritable; |
2579 | ax->old_pcap.effective = *pE; | 2581 | ax->old_pcap.effective = *pE; |
2580 | 2582 | ||
2581 | ax->new_pcap.permitted = current->cap_permitted; | 2583 | ax->new_pcap.permitted = current->cred->cap_permitted; |
2582 | ax->new_pcap.inheritable = current->cap_inheritable; | 2584 | ax->new_pcap.inheritable = current->cred->cap_inheritable; |
2583 | ax->new_pcap.effective = current->cap_effective; | 2585 | ax->new_pcap.effective = current->cred->cap_effective; |
2584 | } | 2586 | } |
2585 | 2587 | ||
2586 | /** | 2588 | /** |