aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:16 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:16 -0500
commitb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/auditsc.c
parent15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c52
1 files changed, 27 insertions, 25 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9c7e47ae4576..2febf5165fad 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -447,6 +447,7 @@ static int audit_filter_rules(struct task_struct *tsk,
447 struct audit_names *name, 447 struct audit_names *name,
448 enum audit_state *state) 448 enum audit_state *state)
449{ 449{
450 struct cred *cred = tsk->cred;
450 int i, j, need_sid = 1; 451 int i, j, need_sid = 1;
451 u32 sid; 452 u32 sid;
452 453
@@ -466,28 +467,28 @@ static int audit_filter_rules(struct task_struct *tsk,
466 } 467 }
467 break; 468 break;
468 case AUDIT_UID: 469 case AUDIT_UID:
469 result = audit_comparator(tsk->uid, f->op, f->val); 470 result = audit_comparator(cred->uid, f->op, f->val);
470 break; 471 break;
471 case AUDIT_EUID: 472 case AUDIT_EUID:
472 result = audit_comparator(tsk->euid, f->op, f->val); 473 result = audit_comparator(cred->euid, f->op, f->val);
473 break; 474 break;
474 case AUDIT_SUID: 475 case AUDIT_SUID:
475 result = audit_comparator(tsk->suid, f->op, f->val); 476 result = audit_comparator(cred->suid, f->op, f->val);
476 break; 477 break;
477 case AUDIT_FSUID: 478 case AUDIT_FSUID:
478 result = audit_comparator(tsk->fsuid, f->op, f->val); 479 result = audit_comparator(cred->fsuid, f->op, f->val);
479 break; 480 break;
480 case AUDIT_GID: 481 case AUDIT_GID:
481 result = audit_comparator(tsk->gid, f->op, f->val); 482 result = audit_comparator(cred->gid, f->op, f->val);
482 break; 483 break;
483 case AUDIT_EGID: 484 case AUDIT_EGID:
484 result = audit_comparator(tsk->egid, f->op, f->val); 485 result = audit_comparator(cred->egid, f->op, f->val);
485 break; 486 break;
486 case AUDIT_SGID: 487 case AUDIT_SGID:
487 result = audit_comparator(tsk->sgid, f->op, f->val); 488 result = audit_comparator(cred->sgid, f->op, f->val);
488 break; 489 break;
489 case AUDIT_FSGID: 490 case AUDIT_FSGID:
490 result = audit_comparator(tsk->fsgid, f->op, f->val); 491 result = audit_comparator(cred->fsgid, f->op, f->val);
491 break; 492 break;
492 case AUDIT_PERS: 493 case AUDIT_PERS:
493 result = audit_comparator(tsk->personality, f->op, f->val); 494 result = audit_comparator(tsk->personality, f->op, f->val);
@@ -1228,6 +1229,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
1228 1229
1229static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1230static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1230{ 1231{
1232 struct cred *cred = tsk->cred;
1231 int i, call_panic = 0; 1233 int i, call_panic = 0;
1232 struct audit_buffer *ab; 1234 struct audit_buffer *ab;
1233 struct audit_aux_data *aux; 1235 struct audit_aux_data *aux;
@@ -1237,14 +1239,14 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1237 context->pid = tsk->pid; 1239 context->pid = tsk->pid;
1238 if (!context->ppid) 1240 if (!context->ppid)
1239 context->ppid = sys_getppid(); 1241 context->ppid = sys_getppid();
1240 context->uid = tsk->uid; 1242 context->uid = cred->uid;
1241 context->gid = tsk->gid; 1243 context->gid = cred->gid;
1242 context->euid = tsk->euid; 1244 context->euid = cred->euid;
1243 context->suid = tsk->suid; 1245 context->suid = cred->suid;
1244 context->fsuid = tsk->fsuid; 1246 context->fsuid = cred->fsuid;
1245 context->egid = tsk->egid; 1247 context->egid = cred->egid;
1246 context->sgid = tsk->sgid; 1248 context->sgid = cred->sgid;
1247 context->fsgid = tsk->fsgid; 1249 context->fsgid = cred->fsgid;
1248 context->personality = tsk->personality; 1250 context->personality = tsk->personality;
1249 1251
1250 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); 1252 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -2086,7 +2088,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
2086 audit_log_format(ab, "login pid=%d uid=%u " 2088 audit_log_format(ab, "login pid=%d uid=%u "
2087 "old auid=%u new auid=%u" 2089 "old auid=%u new auid=%u"
2088 " old ses=%u new ses=%u", 2090 " old ses=%u new ses=%u",
2089 task->pid, task->uid, 2091 task->pid, task->cred->uid,
2090 task->loginuid, loginuid, 2092 task->loginuid, loginuid,
2091 task->sessionid, sessionid); 2093 task->sessionid, sessionid);
2092 audit_log_end(ab); 2094 audit_log_end(ab);
@@ -2469,7 +2471,7 @@ void __audit_ptrace(struct task_struct *t)
2469 2471
2470 context->target_pid = t->pid; 2472 context->target_pid = t->pid;
2471 context->target_auid = audit_get_loginuid(t); 2473 context->target_auid = audit_get_loginuid(t);
2472 context->target_uid = t->uid; 2474 context->target_uid = t->cred->uid;
2473 context->target_sessionid = audit_get_sessionid(t); 2475 context->target_sessionid = audit_get_sessionid(t);
2474 security_task_getsecid(t, &context->target_sid); 2476 security_task_getsecid(t, &context->target_sid);
2475 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); 2477 memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
@@ -2495,7 +2497,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2495 if (tsk->loginuid != -1) 2497 if (tsk->loginuid != -1)
2496 audit_sig_uid = tsk->loginuid; 2498 audit_sig_uid = tsk->loginuid;
2497 else 2499 else
2498 audit_sig_uid = tsk->uid; 2500 audit_sig_uid = tsk->cred->uid;
2499 security_task_getsecid(tsk, &audit_sig_sid); 2501 security_task_getsecid(tsk, &audit_sig_sid);
2500 } 2502 }
2501 if (!audit_signals || audit_dummy_context()) 2503 if (!audit_signals || audit_dummy_context())
@@ -2507,7 +2509,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2507 if (!ctx->target_pid) { 2509 if (!ctx->target_pid) {
2508 ctx->target_pid = t->tgid; 2510 ctx->target_pid = t->tgid;
2509 ctx->target_auid = audit_get_loginuid(t); 2511 ctx->target_auid = audit_get_loginuid(t);
2510 ctx->target_uid = t->uid; 2512 ctx->target_uid = t->cred->uid;
2511 ctx->target_sessionid = audit_get_sessionid(t); 2513 ctx->target_sessionid = audit_get_sessionid(t);
2512 security_task_getsecid(t, &ctx->target_sid); 2514 security_task_getsecid(t, &ctx->target_sid);
2513 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); 2515 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
@@ -2528,7 +2530,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2528 2530
2529 axp->target_pid[axp->pid_count] = t->tgid; 2531 axp->target_pid[axp->pid_count] = t->tgid;
2530 axp->target_auid[axp->pid_count] = audit_get_loginuid(t); 2532 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2531 axp->target_uid[axp->pid_count] = t->uid; 2533 axp->target_uid[axp->pid_count] = t->cred->uid;
2532 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); 2534 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
2533 security_task_getsecid(t, &axp->target_sid[axp->pid_count]); 2535 security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
2534 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); 2536 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
@@ -2575,12 +2577,12 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_
2575 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; 2577 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT;
2576 2578
2577 ax->old_pcap.permitted = *pP; 2579 ax->old_pcap.permitted = *pP;
2578 ax->old_pcap.inheritable = current->cap_inheritable; 2580 ax->old_pcap.inheritable = current->cred->cap_inheritable;
2579 ax->old_pcap.effective = *pE; 2581 ax->old_pcap.effective = *pE;
2580 2582
2581 ax->new_pcap.permitted = current->cap_permitted; 2583 ax->new_pcap.permitted = current->cred->cap_permitted;
2582 ax->new_pcap.inheritable = current->cap_inheritable; 2584 ax->new_pcap.inheritable = current->cred->cap_inheritable;
2583 ax->new_pcap.effective = current->cap_effective; 2585 ax->new_pcap.effective = current->cred->cap_effective;
2584} 2586}
2585 2587
2586/** 2588/**