diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:28 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:28 -0500 |
commit | 3a3b7ce9336952ea7b9564d976d068a238976c9d (patch) | |
tree | 3f0a3be33022492161f534636a20a4b1059f8236 /security/selinux/hooks.c | |
parent | 1bfdc75ae077d60a01572a7781ec6264d55ab1b9 (diff) |
CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions
performed by a task by duplicating a set of credentials, modifying it and then
using task_struct::cred to point to it when performing operations on behalf of
a task.
This is used, for example, by CacheFiles which has to transparently access the
cache on behalf of a process that thinks it is doing, say, NFS accesses with a
potentially inappropriate (with respect to accessing the cache) set of
credentials.
This patch provides two LSM hooks for modifying a task security record:
(*) security_kernel_act_as() which allows modification of the security datum
with which a task acts on other objects (most notably files).
(*) security_kernel_create_files_as() which allows modification of the
security datum that is used to initialise the security data on a file that
a task creates.
The patch also provides four new credentials handling functions, which wrap the
LSM functions:
(1) prepare_kernel_cred()
Prepare a set of credentials for a kernel service to use, based either on
a daemon's credentials or on init_cred. All the keyrings are cleared.
(2) set_security_override()
Set the LSM security ID in a set of credentials to a specific security
context, assuming permission from the LSM policy.
(3) set_security_override_from_ctx()
As (2), but takes the security context as a string.
(4) set_create_files_as()
Set the file creation LSM security ID in a set of credentials to be the
same as that on a particular inode.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes]
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 91b06f2aa963..520f82ab3fbf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3277,6 +3277,50 @@ static void selinux_cred_commit(struct cred *new, const struct cred *old) | |||
3277 | secondary_ops->cred_commit(new, old); | 3277 | secondary_ops->cred_commit(new, old); |
3278 | } | 3278 | } |
3279 | 3279 | ||
3280 | /* | ||
3281 | * set the security data for a kernel service | ||
3282 | * - all the creation contexts are set to unlabelled | ||
3283 | */ | ||
3284 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | ||
3285 | { | ||
3286 | struct task_security_struct *tsec = new->security; | ||
3287 | u32 sid = current_sid(); | ||
3288 | int ret; | ||
3289 | |||
3290 | ret = avc_has_perm(sid, secid, | ||
3291 | SECCLASS_KERNEL_SERVICE, | ||
3292 | KERNEL_SERVICE__USE_AS_OVERRIDE, | ||
3293 | NULL); | ||
3294 | if (ret == 0) { | ||
3295 | tsec->sid = secid; | ||
3296 | tsec->create_sid = 0; | ||
3297 | tsec->keycreate_sid = 0; | ||
3298 | tsec->sockcreate_sid = 0; | ||
3299 | } | ||
3300 | return ret; | ||
3301 | } | ||
3302 | |||
3303 | /* | ||
3304 | * set the file creation context in a security record to the same as the | ||
3305 | * objective context of the specified inode | ||
3306 | */ | ||
3307 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
3308 | { | ||
3309 | struct inode_security_struct *isec = inode->i_security; | ||
3310 | struct task_security_struct *tsec = new->security; | ||
3311 | u32 sid = current_sid(); | ||
3312 | int ret; | ||
3313 | |||
3314 | ret = avc_has_perm(sid, isec->sid, | ||
3315 | SECCLASS_KERNEL_SERVICE, | ||
3316 | KERNEL_SERVICE__CREATE_FILES_AS, | ||
3317 | NULL); | ||
3318 | |||
3319 | if (ret == 0) | ||
3320 | tsec->create_sid = isec->sid; | ||
3321 | return 0; | ||
3322 | } | ||
3323 | |||
3280 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3324 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
3281 | { | 3325 | { |
3282 | /* Since setuid only affects the current process, and | 3326 | /* Since setuid only affects the current process, and |
@@ -5593,6 +5637,8 @@ static struct security_operations selinux_ops = { | |||
5593 | .cred_free = selinux_cred_free, | 5637 | .cred_free = selinux_cred_free, |
5594 | .cred_prepare = selinux_cred_prepare, | 5638 | .cred_prepare = selinux_cred_prepare, |
5595 | .cred_commit = selinux_cred_commit, | 5639 | .cred_commit = selinux_cred_commit, |
5640 | .kernel_act_as = selinux_kernel_act_as, | ||
5641 | .kernel_create_files_as = selinux_kernel_create_files_as, | ||
5596 | .task_setuid = selinux_task_setuid, | 5642 | .task_setuid = selinux_task_setuid, |
5597 | .task_fix_setuid = selinux_task_fix_setuid, | 5643 | .task_fix_setuid = selinux_task_fix_setuid, |
5598 | .task_setgid = selinux_task_setgid, | 5644 | .task_setgid = selinux_task_setgid, |