diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:28 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:28 -0500 |
| commit | 3a3b7ce9336952ea7b9564d976d068a238976c9d (patch) | |
| tree | 3f0a3be33022492161f534636a20a4b1059f8236 /security/capability.c | |
| parent | 1bfdc75ae077d60a01572a7781ec6264d55ab1b9 (diff) | |
CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions
performed by a task by duplicating a set of credentials, modifying it and then
using task_struct::cred to point to it when performing operations on behalf of
a task.
This is used, for example, by CacheFiles which has to transparently access the
cache on behalf of a process that thinks it is doing, say, NFS accesses with a
potentially inappropriate (with respect to accessing the cache) set of
credentials.
This patch provides two LSM hooks for modifying a task security record:
(*) security_kernel_act_as() which allows modification of the security datum
with which a task acts on other objects (most notably files).
(*) security_kernel_create_files_as() which allows modification of the
security datum that is used to initialise the security data on a file that
a task creates.
The patch also provides four new credentials handling functions, which wrap the
LSM functions:
(1) prepare_kernel_cred()
Prepare a set of credentials for a kernel service to use, based either on
a daemon's credentials or on init_cred. All the keyrings are cleared.
(2) set_security_override()
Set the LSM security ID in a set of credentials to a specific security
context, assuming permission from the LSM policy.
(3) set_security_override_from_ctx()
As (2), but takes the security context as a string.
(4) set_create_files_as()
Set the file creation LSM security ID in a set of credentials to be the
same as that on a particular inode.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes]
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/capability.c')
| -rw-r--r-- | security/capability.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index 185804f99ad1..b9e391425e6f 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -348,6 +348,16 @@ static void cap_cred_commit(struct cred *new, const struct cred *old) | |||
| 348 | { | 348 | { |
| 349 | } | 349 | } |
| 350 | 350 | ||
| 351 | static int cap_kernel_act_as(struct cred *new, u32 secid) | ||
| 352 | { | ||
| 353 | return 0; | ||
| 354 | } | ||
| 355 | |||
| 356 | static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
| 357 | { | ||
| 358 | return 0; | ||
| 359 | } | ||
| 360 | |||
| 351 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 361 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
| 352 | { | 362 | { |
| 353 | return 0; | 363 | return 0; |
| @@ -889,6 +899,8 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 889 | set_to_cap_if_null(ops, cred_free); | 899 | set_to_cap_if_null(ops, cred_free); |
| 890 | set_to_cap_if_null(ops, cred_prepare); | 900 | set_to_cap_if_null(ops, cred_prepare); |
| 891 | set_to_cap_if_null(ops, cred_commit); | 901 | set_to_cap_if_null(ops, cred_commit); |
| 902 | set_to_cap_if_null(ops, kernel_act_as); | ||
| 903 | set_to_cap_if_null(ops, kernel_create_files_as); | ||
| 892 | set_to_cap_if_null(ops, task_setuid); | 904 | set_to_cap_if_null(ops, task_setuid); |
| 893 | set_to_cap_if_null(ops, task_fix_setuid); | 905 | set_to_cap_if_null(ops, task_fix_setuid); |
| 894 | set_to_cap_if_null(ops, task_setgid); | 906 | set_to_cap_if_null(ops, task_setgid); |