aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:28 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:28 -0500
commit3a3b7ce9336952ea7b9564d976d068a238976c9d (patch)
tree3f0a3be33022492161f534636a20a4b1059f8236 /security/selinux/hooks.c
parent1bfdc75ae077d60a01572a7781ec6264d55ab1b9 (diff)
CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions performed by a task by duplicating a set of credentials, modifying it and then using task_struct::cred to point to it when performing operations on behalf of a task. This is used, for example, by CacheFiles which has to transparently access the cache on behalf of a process that thinks it is doing, say, NFS accesses with a potentially inappropriate (with respect to accessing the cache) set of credentials. This patch provides two LSM hooks for modifying a task security record: (*) security_kernel_act_as() which allows modification of the security datum with which a task acts on other objects (most notably files). (*) security_kernel_create_files_as() which allows modification of the security datum that is used to initialise the security data on a file that a task creates. The patch also provides four new credentials handling functions, which wrap the LSM functions: (1) prepare_kernel_cred() Prepare a set of credentials for a kernel service to use, based either on a daemon's credentials or on init_cred. All the keyrings are cleared. (2) set_security_override() Set the LSM security ID in a set of credentials to a specific security context, assuming permission from the LSM policy. (3) set_security_override_from_ctx() As (2), but takes the security context as a string. (4) set_create_files_as() Set the file creation LSM security ID in a set of credentials to be the same as that on a particular inode. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 91b06f2aa963..520f82ab3fbf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3277,6 +3277,50 @@ static void selinux_cred_commit(struct cred *new, const struct cred *old)
3277 secondary_ops->cred_commit(new, old); 3277 secondary_ops->cred_commit(new, old);
3278} 3278}
3279 3279
3280/*
3281 * set the security data for a kernel service
3282 * - all the creation contexts are set to unlabelled
3283 */
3284static int selinux_kernel_act_as(struct cred *new, u32 secid)
3285{
3286 struct task_security_struct *tsec = new->security;
3287 u32 sid = current_sid();
3288 int ret;
3289
3290 ret = avc_has_perm(sid, secid,
3291 SECCLASS_KERNEL_SERVICE,
3292 KERNEL_SERVICE__USE_AS_OVERRIDE,
3293 NULL);
3294 if (ret == 0) {
3295 tsec->sid = secid;
3296 tsec->create_sid = 0;
3297 tsec->keycreate_sid = 0;
3298 tsec->sockcreate_sid = 0;
3299 }
3300 return ret;
3301}
3302
3303/*
3304 * set the file creation context in a security record to the same as the
3305 * objective context of the specified inode
3306 */
3307static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3308{
3309 struct inode_security_struct *isec = inode->i_security;
3310 struct task_security_struct *tsec = new->security;
3311 u32 sid = current_sid();
3312 int ret;
3313
3314 ret = avc_has_perm(sid, isec->sid,
3315 SECCLASS_KERNEL_SERVICE,
3316 KERNEL_SERVICE__CREATE_FILES_AS,
3317 NULL);
3318
3319 if (ret == 0)
3320 tsec->create_sid = isec->sid;
3321 return 0;
3322}
3323
3280static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 3324static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3281{ 3325{
3282 /* Since setuid only affects the current process, and 3326 /* Since setuid only affects the current process, and
@@ -5593,6 +5637,8 @@ static struct security_operations selinux_ops = {
5593 .cred_free = selinux_cred_free, 5637 .cred_free = selinux_cred_free,
5594 .cred_prepare = selinux_cred_prepare, 5638 .cred_prepare = selinux_cred_prepare,
5595 .cred_commit = selinux_cred_commit, 5639 .cred_commit = selinux_cred_commit,
5640 .kernel_act_as = selinux_kernel_act_as,
5641 .kernel_create_files_as = selinux_kernel_create_files_as,
5596 .task_setuid = selinux_task_setuid, 5642 .task_setuid = selinux_task_setuid,
5597 .task_fix_setuid = selinux_task_fix_setuid, 5643 .task_fix_setuid = selinux_task_fix_setuid,
5598 .task_setgid = selinux_task_setgid, 5644 .task_setgid = selinux_task_setgid,