diff options
author | Roland McGrath <roland@redhat.com> | 2008-07-25 22:45:49 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 15:00:08 -0400 |
commit | 0d094efeb1e98010c6b99923f1eb7e17bf1e3a74 (patch) | |
tree | 6ee271b6da5796e5321d2ab6f9d7d9ba03c300a2 /security/selinux/hooks.c | |
parent | dae33574dcf5211e1f43c7e45fa29f73ba3e00cb (diff) |
tracehook: tracehook_tracer_task
This adds the tracehook_tracer_task() hook to consolidate all forms of
"Who is using ptrace on me?" logic. This is used for "TracerPid:" in
/proc and for permission checks. We also clean up the selinux code the
called an identical accessor.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Reviewed-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 63f131fc42e4..3481cde5bf15 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -25,7 +25,7 @@ | |||
25 | 25 | ||
26 | #include <linux/init.h> | 26 | #include <linux/init.h> |
27 | #include <linux/kernel.h> | 27 | #include <linux/kernel.h> |
28 | #include <linux/ptrace.h> | 28 | #include <linux/tracehook.h> |
29 | #include <linux/errno.h> | 29 | #include <linux/errno.h> |
30 | #include <linux/sched.h> | 30 | #include <linux/sched.h> |
31 | #include <linux/security.h> | 31 | #include <linux/security.h> |
@@ -1971,22 +1971,6 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
1971 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 1971 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
1972 | } | 1972 | } |
1973 | 1973 | ||
1974 | /** | ||
1975 | * task_tracer_task - return the task that is tracing the given task | ||
1976 | * @task: task to consider | ||
1977 | * | ||
1978 | * Returns NULL if noone is tracing @task, or the &struct task_struct | ||
1979 | * pointer to its tracer. | ||
1980 | * | ||
1981 | * Must be called under rcu_read_lock(). | ||
1982 | */ | ||
1983 | static struct task_struct *task_tracer_task(struct task_struct *task) | ||
1984 | { | ||
1985 | if (task->ptrace & PT_PTRACED) | ||
1986 | return rcu_dereference(task->parent); | ||
1987 | return NULL; | ||
1988 | } | ||
1989 | |||
1990 | /* binprm security operations */ | 1974 | /* binprm security operations */ |
1991 | 1975 | ||
1992 | static int selinux_bprm_alloc_security(struct linux_binprm *bprm) | 1976 | static int selinux_bprm_alloc_security(struct linux_binprm *bprm) |
@@ -2238,7 +2222,7 @@ static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | |||
2238 | u32 ptsid = 0; | 2222 | u32 ptsid = 0; |
2239 | 2223 | ||
2240 | rcu_read_lock(); | 2224 | rcu_read_lock(); |
2241 | tracer = task_tracer_task(current); | 2225 | tracer = tracehook_tracer_task(current); |
2242 | if (likely(tracer != NULL)) { | 2226 | if (likely(tracer != NULL)) { |
2243 | sec = tracer->security; | 2227 | sec = tracer->security; |
2244 | ptsid = sec->sid; | 2228 | ptsid = sec->sid; |
@@ -5247,7 +5231,7 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5247 | Otherwise, leave SID unchanged and fail. */ | 5231 | Otherwise, leave SID unchanged and fail. */ |
5248 | task_lock(p); | 5232 | task_lock(p); |
5249 | rcu_read_lock(); | 5233 | rcu_read_lock(); |
5250 | tracer = task_tracer_task(p); | 5234 | tracer = tracehook_tracer_task(p); |
5251 | if (tracer != NULL) { | 5235 | if (tracer != NULL) { |
5252 | struct task_security_struct *ptsec = tracer->security; | 5236 | struct task_security_struct *ptsec = tracer->security; |
5253 | u32 ptsid = ptsec->sid; | 5237 | u32 ptsid = ptsec->sid; |