aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:28 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:28 -0500
commit3a3b7ce9336952ea7b9564d976d068a238976c9d (patch)
tree3f0a3be33022492161f534636a20a4b1059f8236 /security/capability.c
parent1bfdc75ae077d60a01572a7781ec6264d55ab1b9 (diff)
CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions performed by a task by duplicating a set of credentials, modifying it and then using task_struct::cred to point to it when performing operations on behalf of a task. This is used, for example, by CacheFiles which has to transparently access the cache on behalf of a process that thinks it is doing, say, NFS accesses with a potentially inappropriate (with respect to accessing the cache) set of credentials. This patch provides two LSM hooks for modifying a task security record: (*) security_kernel_act_as() which allows modification of the security datum with which a task acts on other objects (most notably files). (*) security_kernel_create_files_as() which allows modification of the security datum that is used to initialise the security data on a file that a task creates. The patch also provides four new credentials handling functions, which wrap the LSM functions: (1) prepare_kernel_cred() Prepare a set of credentials for a kernel service to use, based either on a daemon's credentials or on init_cred. All the keyrings are cleared. (2) set_security_override() Set the LSM security ID in a set of credentials to a specific security context, assuming permission from the LSM policy. (3) set_security_override_from_ctx() As (2), but takes the security context as a string. (4) set_create_files_as() Set the file creation LSM security ID in a set of credentials to be the same as that on a particular inode. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 185804f99ad1..b9e391425e6f 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -348,6 +348,16 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
348{ 348{
349} 349}
350 350
351static int cap_kernel_act_as(struct cred *new, u32 secid)
352{
353 return 0;
354}
355
356static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
357{
358 return 0;
359}
360
351static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 361static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
352{ 362{
353 return 0; 363 return 0;
@@ -889,6 +899,8 @@ void security_fixup_ops(struct security_operations *ops)
889 set_to_cap_if_null(ops, cred_free); 899 set_to_cap_if_null(ops, cred_free);
890 set_to_cap_if_null(ops, cred_prepare); 900 set_to_cap_if_null(ops, cred_prepare);
891 set_to_cap_if_null(ops, cred_commit); 901 set_to_cap_if_null(ops, cred_commit);
902 set_to_cap_if_null(ops, kernel_act_as);
903 set_to_cap_if_null(ops, kernel_create_files_as);
892 set_to_cap_if_null(ops, task_setuid); 904 set_to_cap_if_null(ops, task_setuid);
893 set_to_cap_if_null(ops, task_fix_setuid); 905 set_to_cap_if_null(ops, task_fix_setuid);
894 set_to_cap_if_null(ops, task_setgid); 906 set_to_cap_if_null(ops, task_setgid);