diff options
219 files changed, 5568 insertions, 3298 deletions
diff --git a/Documentation/credentials.txt b/Documentation/credentials.txt new file mode 100644 index 000000000000..df03169782ea --- /dev/null +++ b/Documentation/credentials.txt | |||
@@ -0,0 +1,582 @@ | |||
1 | ==================== | ||
2 | CREDENTIALS IN LINUX | ||
3 | ==================== | ||
4 | |||
5 | By: David Howells <dhowells@redhat.com> | ||
6 | |||
7 | Contents: | ||
8 | |||
9 | (*) Overview. | ||
10 | |||
11 | (*) Types of credentials. | ||
12 | |||
13 | (*) File markings. | ||
14 | |||
15 | (*) Task credentials. | ||
16 | |||
17 | - Immutable credentials. | ||
18 | - Accessing task credentials. | ||
19 | - Accessing another task's credentials. | ||
20 | - Altering credentials. | ||
21 | - Managing credentials. | ||
22 | |||
23 | (*) Open file credentials. | ||
24 | |||
25 | (*) Overriding the VFS's use of credentials. | ||
26 | |||
27 | |||
28 | ======== | ||
29 | OVERVIEW | ||
30 | ======== | ||
31 | |||
32 | There are several parts to the security check performed by Linux when one | ||
33 | object acts upon another: | ||
34 | |||
35 | (1) Objects. | ||
36 | |||
37 | Objects are things in the system that may be acted upon directly by | ||
38 | userspace programs. Linux has a variety of actionable objects, including: | ||
39 | |||
40 | - Tasks | ||
41 | - Files/inodes | ||
42 | - Sockets | ||
43 | - Message queues | ||
44 | - Shared memory segments | ||
45 | - Semaphores | ||
46 | - Keys | ||
47 | |||
48 | As a part of the description of all these objects there is a set of | ||
49 | credentials. What's in the set depends on the type of object. | ||
50 | |||
51 | (2) Object ownership. | ||
52 | |||
53 | Amongst the credentials of most objects, there will be a subset that | ||
54 | indicates the ownership of that object. This is used for resource | ||
55 | accounting and limitation (disk quotas and task rlimits for example). | ||
56 | |||
57 | In a standard UNIX filesystem, for instance, this will be defined by the | ||
58 | UID marked on the inode. | ||
59 | |||
60 | (3) The objective context. | ||
61 | |||
62 | Also amongst the credentials of those objects, there will be a subset that | ||
63 | indicates the 'objective context' of that object. This may or may not be | ||
64 | the same set as in (2) - in standard UNIX files, for instance, this is the | ||
65 | defined by the UID and the GID marked on the inode. | ||
66 | |||
67 | The objective context is used as part of the security calculation that is | ||
68 | carried out when an object is acted upon. | ||
69 | |||
70 | (4) Subjects. | ||
71 | |||
72 | A subject is an object that is acting upon another object. | ||
73 | |||
74 | Most of the objects in the system are inactive: they don't act on other | ||
75 | objects within the system. Processes/tasks are the obvious exception: | ||
76 | they do stuff; they access and manipulate things. | ||
77 | |||
78 | Objects other than tasks may under some circumstances also be subjects. | ||
79 | For instance an open file may send SIGIO to a task using the UID and EUID | ||
80 | given to it by a task that called fcntl(F_SETOWN) upon it. In this case, | ||
81 | the file struct will have a subjective context too. | ||
82 | |||
83 | (5) The subjective context. | ||
84 | |||
85 | A subject has an additional interpretation of its credentials. A subset | ||
86 | of its credentials forms the 'subjective context'. The subjective context | ||
87 | is used as part of the security calculation that is carried out when a | ||
88 | subject acts. | ||
89 | |||
90 | A Linux task, for example, has the FSUID, FSGID and the supplementary | ||
91 | group list for when it is acting upon a file - which are quite separate | ||
92 | from the real UID and GID that normally form the objective context of the | ||
93 | task. | ||
94 | |||
95 | (6) Actions. | ||
96 | |||
97 | Linux has a number of actions available that a subject may perform upon an | ||
98 | object. The set of actions available depends on the nature of the subject | ||
99 | and the object. | ||
100 | |||
101 | Actions include reading, writing, creating and deleting files; forking or | ||
102 | signalling and tracing tasks. | ||
103 | |||
104 | (7) Rules, access control lists and security calculations. | ||
105 | |||
106 | When a subject acts upon an object, a security calculation is made. This | ||
107 | involves taking the subjective context, the objective context and the | ||
108 | action, and searching one or more sets of rules to see whether the subject | ||
109 | is granted or denied permission to act in the desired manner on the | ||
110 | object, given those contexts. | ||
111 | |||
112 | There are two main sources of rules: | ||
113 | |||
114 | (a) Discretionary access control (DAC): | ||
115 | |||
116 | Sometimes the object will include sets of rules as part of its | ||
117 | description. This is an 'Access Control List' or 'ACL'. A Linux | ||
118 | file may supply more than one ACL. | ||
119 | |||
120 | A traditional UNIX file, for example, includes a permissions mask that | ||
121 | is an abbreviated ACL with three fixed classes of subject ('user', | ||
122 | 'group' and 'other'), each of which may be granted certain privileges | ||
123 | ('read', 'write' and 'execute' - whatever those map to for the object | ||
124 | in question). UNIX file permissions do not allow the arbitrary | ||
125 | specification of subjects, however, and so are of limited use. | ||
126 | |||
127 | A Linux file might also sport a POSIX ACL. This is a list of rules | ||
128 | that grants various permissions to arbitrary subjects. | ||
129 | |||
130 | (b) Mandatory access control (MAC): | ||
131 | |||
132 | The system as a whole may have one or more sets of rules that get | ||
133 | applied to all subjects and objects, regardless of their source. | ||
134 | SELinux and Smack are examples of this. | ||
135 | |||
136 | In the case of SELinux and Smack, each object is given a label as part | ||
137 | of its credentials. When an action is requested, they take the | ||
138 | subject label, the object label and the action and look for a rule | ||
139 | that says that this action is either granted or denied. | ||
140 | |||
141 | |||
142 | ==================== | ||
143 | TYPES OF CREDENTIALS | ||
144 | ==================== | ||
145 | |||
146 | The Linux kernel supports the following types of credentials: | ||
147 | |||
148 | (1) Traditional UNIX credentials. | ||
149 | |||
150 | Real User ID | ||
151 | Real Group ID | ||
152 | |||
153 | The UID and GID are carried by most, if not all, Linux objects, even if in | ||
154 | some cases it has to be invented (FAT or CIFS files for example, which are | ||
155 | derived from Windows). These (mostly) define the objective context of | ||
156 | that object, with tasks being slightly different in some cases. | ||
157 | |||
158 | Effective, Saved and FS User ID | ||
159 | Effective, Saved and FS Group ID | ||
160 | Supplementary groups | ||
161 | |||
162 | These are additional credentials used by tasks only. Usually, an | ||
163 | EUID/EGID/GROUPS will be used as the subjective context, and real UID/GID | ||
164 | will be used as the objective. For tasks, it should be noted that this is | ||
165 | not always true. | ||
166 | |||
167 | (2) Capabilities. | ||
168 | |||
169 | Set of permitted capabilities | ||
170 | Set of inheritable capabilities | ||
171 | Set of effective capabilities | ||
172 | Capability bounding set | ||
173 | |||
174 | These are only carried by tasks. They indicate superior capabilities | ||
175 | granted piecemeal to a task that an ordinary task wouldn't otherwise have. | ||
176 | These are manipulated implicitly by changes to the traditional UNIX | ||
177 | credentials, but can also be manipulated directly by the capset() system | ||
178 | call. | ||
179 | |||
180 | The permitted capabilities are those caps that the process might grant | ||
181 | itself to its effective or permitted sets through capset(). This | ||
182 | inheritable set might also be so constrained. | ||
183 | |||
184 | The effective capabilities are the ones that a task is actually allowed to | ||
185 | make use of itself. | ||
186 | |||
187 | The inheritable capabilities are the ones that may get passed across | ||
188 | execve(). | ||
189 | |||
190 | The bounding set limits the capabilities that may be inherited across | ||
191 | execve(), especially when a binary is executed that will execute as UID 0. | ||
192 | |||
193 | (3) Secure management flags (securebits). | ||
194 | |||
195 | These are only carried by tasks. These govern the way the above | ||
196 | credentials are manipulated and inherited over certain operations such as | ||
197 | execve(). They aren't used directly as objective or subjective | ||
198 | credentials. | ||
199 | |||
200 | (4) Keys and keyrings. | ||
201 | |||
202 | These are only carried by tasks. They carry and cache security tokens | ||
203 | that don't fit into the other standard UNIX credentials. They are for | ||
204 | making such things as network filesystem keys available to the file | ||
205 | accesses performed by processes, without the necessity of ordinary | ||
206 | programs having to know about security details involved. | ||
207 | |||
208 | Keyrings are a special type of key. They carry sets of other keys and can | ||
209 | be searched for the desired key. Each process may subscribe to a number | ||
210 | of keyrings: | ||
211 | |||
212 | Per-thread keying | ||
213 | Per-process keyring | ||
214 | Per-session keyring | ||
215 | |||
216 | When a process accesses a key, if not already present, it will normally be | ||
217 | cached on one of these keyrings for future accesses to find. | ||
218 | |||
219 | For more information on using keys, see Documentation/keys.txt. | ||
220 | |||
221 | (5) LSM | ||
222 | |||
223 | The Linux Security Module allows extra controls to be placed over the | ||
224 | operations that a task may do. Currently Linux supports two main | ||
225 | alternate LSM options: SELinux and Smack. | ||
226 | |||
227 | Both work by labelling the objects in a system and then applying sets of | ||
228 | rules (policies) that say what operations a task with one label may do to | ||
229 | an object with another label. | ||
230 | |||
231 | (6) AF_KEY | ||
232 | |||
233 | This is a socket-based approach to credential management for networking | ||
234 | stacks [RFC 2367]. It isn't discussed by this document as it doesn't | ||
235 | interact directly with task and file credentials; rather it keeps system | ||
236 | level credentials. | ||
237 | |||
238 | |||
239 | When a file is opened, part of the opening task's subjective context is | ||
240 | recorded in the file struct created. This allows operations using that file | ||
241 | struct to use those credentials instead of the subjective context of the task | ||
242 | that issued the operation. An example of this would be a file opened on a | ||
243 | network filesystem where the credentials of the opened file should be presented | ||
244 | to the server, regardless of who is actually doing a read or a write upon it. | ||
245 | |||
246 | |||
247 | ============= | ||
248 | FILE MARKINGS | ||
249 | ============= | ||
250 | |||
251 | Files on disk or obtained over the network may have annotations that form the | ||
252 | objective security context of that file. Depending on the type of filesystem, | ||
253 | this may include one or more of the following: | ||
254 | |||
255 | (*) UNIX UID, GID, mode; | ||
256 | |||
257 | (*) Windows user ID; | ||
258 | |||
259 | (*) Access control list; | ||
260 | |||
261 | (*) LSM security label; | ||
262 | |||
263 | (*) UNIX exec privilege escalation bits (SUID/SGID); | ||
264 | |||
265 | (*) File capabilities exec privilege escalation bits. | ||
266 | |||
267 | These are compared to the task's subjective security context, and certain | ||
268 | operations allowed or disallowed as a result. In the case of execve(), the | ||
269 | privilege escalation bits come into play, and may allow the resulting process | ||
270 | extra privileges, based on the annotations on the executable file. | ||
271 | |||
272 | |||
273 | ================ | ||
274 | TASK CREDENTIALS | ||
275 | ================ | ||
276 | |||
277 | In Linux, all of a task's credentials are held in (uid, gid) or through | ||
278 | (groups, keys, LSM security) a refcounted structure of type 'struct cred'. | ||
279 | Each task points to its credentials by a pointer called 'cred' in its | ||
280 | task_struct. | ||
281 | |||
282 | Once a set of credentials has been prepared and committed, it may not be | ||
283 | changed, barring the following exceptions: | ||
284 | |||
285 | (1) its reference count may be changed; | ||
286 | |||
287 | (2) the reference count on the group_info struct it points to may be changed; | ||
288 | |||
289 | (3) the reference count on the security data it points to may be changed; | ||
290 | |||
291 | (4) the reference count on any keyrings it points to may be changed; | ||
292 | |||
293 | (5) any keyrings it points to may be revoked, expired or have their security | ||
294 | attributes changed; and | ||
295 | |||
296 | (6) the contents of any keyrings to which it points may be changed (the whole | ||
297 | point of keyrings being a shared set of credentials, modifiable by anyone | ||
298 | with appropriate access). | ||
299 | |||
300 | To alter anything in the cred struct, the copy-and-replace principle must be | ||
301 | adhered to. First take a copy, then alter the copy and then use RCU to change | ||
302 | the task pointer to make it point to the new copy. There are wrappers to aid | ||
303 | with this (see below). | ||
304 | |||
305 | A task may only alter its _own_ credentials; it is no longer permitted for a | ||
306 | task to alter another's credentials. This means the capset() system call is no | ||
307 | longer permitted to take any PID other than the one of the current process. | ||
308 | Also keyctl_instantiate() and keyctl_negate() functions no longer permit | ||
309 | attachment to process-specific keyrings in the requesting process as the | ||
310 | instantiating process may need to create them. | ||
311 | |||
312 | |||
313 | IMMUTABLE CREDENTIALS | ||
314 | --------------------- | ||
315 | |||
316 | Once a set of credentials has been made public (by calling commit_creds() for | ||
317 | example), it must be considered immutable, barring two exceptions: | ||
318 | |||
319 | (1) The reference count may be altered. | ||
320 | |||
321 | (2) Whilst the keyring subscriptions of a set of credentials may not be | ||
322 | changed, the keyrings subscribed to may have their contents altered. | ||
323 | |||
324 | To catch accidental credential alteration at compile time, struct task_struct | ||
325 | has _const_ pointers to its credential sets, as does struct file. Furthermore, | ||
326 | certain functions such as get_cred() and put_cred() operate on const pointers, | ||
327 | thus rendering casts unnecessary, but require to temporarily ditch the const | ||
328 | qualification to be able to alter the reference count. | ||
329 | |||
330 | |||
331 | ACCESSING TASK CREDENTIALS | ||
332 | -------------------------- | ||
333 | |||
334 | A task being able to alter only its own credentials permits the current process | ||
335 | to read or replace its own credentials without the need for any form of locking | ||
336 | - which simplifies things greatly. It can just call: | ||
337 | |||
338 | const struct cred *current_cred() | ||
339 | |||
340 | to get a pointer to its credentials structure, and it doesn't have to release | ||
341 | it afterwards. | ||
342 | |||
343 | There are convenience wrappers for retrieving specific aspects of a task's | ||
344 | credentials (the value is simply returned in each case): | ||
345 | |||
346 | uid_t current_uid(void) Current's real UID | ||
347 | gid_t current_gid(void) Current's real GID | ||
348 | uid_t current_euid(void) Current's effective UID | ||
349 | gid_t current_egid(void) Current's effective GID | ||
350 | uid_t current_fsuid(void) Current's file access UID | ||
351 | gid_t current_fsgid(void) Current's file access GID | ||
352 | kernel_cap_t current_cap(void) Current's effective capabilities | ||
353 | void *current_security(void) Current's LSM security pointer | ||
354 | struct user_struct *current_user(void) Current's user account | ||
355 | |||
356 | There are also convenience wrappers for retrieving specific associated pairs of | ||
357 | a task's credentials: | ||
358 | |||
359 | void current_uid_gid(uid_t *, gid_t *); | ||
360 | void current_euid_egid(uid_t *, gid_t *); | ||
361 | void current_fsuid_fsgid(uid_t *, gid_t *); | ||
362 | |||
363 | which return these pairs of values through their arguments after retrieving | ||
364 | them from the current task's credentials. | ||
365 | |||
366 | |||
367 | In addition, there is a function for obtaining a reference on the current | ||
368 | process's current set of credentials: | ||
369 | |||
370 | const struct cred *get_current_cred(void); | ||
371 | |||
372 | and functions for getting references to one of the credentials that don't | ||
373 | actually live in struct cred: | ||
374 | |||
375 | struct user_struct *get_current_user(void); | ||
376 | struct group_info *get_current_groups(void); | ||
377 | |||
378 | which get references to the current process's user accounting structure and | ||
379 | supplementary groups list respectively. | ||
380 | |||
381 | Once a reference has been obtained, it must be released with put_cred(), | ||
382 | free_uid() or put_group_info() as appropriate. | ||
383 | |||
384 | |||
385 | ACCESSING ANOTHER TASK'S CREDENTIALS | ||
386 | ------------------------------------ | ||
387 | |||
388 | Whilst a task may access its own credentials without the need for locking, the | ||
389 | same is not true of a task wanting to access another task's credentials. It | ||
390 | must use the RCU read lock and rcu_dereference(). | ||
391 | |||
392 | The rcu_dereference() is wrapped by: | ||
393 | |||
394 | const struct cred *__task_cred(struct task_struct *task); | ||
395 | |||
396 | This should be used inside the RCU read lock, as in the following example: | ||
397 | |||
398 | void foo(struct task_struct *t, struct foo_data *f) | ||
399 | { | ||
400 | const struct cred *tcred; | ||
401 | ... | ||
402 | rcu_read_lock(); | ||
403 | tcred = __task_cred(t); | ||
404 | f->uid = tcred->uid; | ||
405 | f->gid = tcred->gid; | ||
406 | f->groups = get_group_info(tcred->groups); | ||
407 | rcu_read_unlock(); | ||
408 | ... | ||
409 | } | ||
410 | |||
411 | A function need not get RCU read lock to use __task_cred() if it is holding a | ||
412 | spinlock at the time as this implicitly holds the RCU read lock. | ||
413 | |||
414 | Should it be necessary to hold another task's credentials for a long period of | ||
415 | time, and possibly to sleep whilst doing so, then the caller should get a | ||
416 | reference on them using: | ||
417 | |||
418 | const struct cred *get_task_cred(struct task_struct *task); | ||
419 | |||
420 | This does all the RCU magic inside of it. The caller must call put_cred() on | ||
421 | the credentials so obtained when they're finished with. | ||
422 | |||
423 | There are a couple of convenience functions to access bits of another task's | ||
424 | credentials, hiding the RCU magic from the caller: | ||
425 | |||
426 | uid_t task_uid(task) Task's real UID | ||
427 | uid_t task_euid(task) Task's effective UID | ||
428 | |||
429 | If the caller is holding a spinlock or the RCU read lock at the time anyway, | ||
430 | then: | ||
431 | |||
432 | __task_cred(task)->uid | ||
433 | __task_cred(task)->euid | ||
434 | |||
435 | should be used instead. Similarly, if multiple aspects of a task's credentials | ||
436 | need to be accessed, RCU read lock or a spinlock should be used, __task_cred() | ||
437 | called, the result stored in a temporary pointer and then the credential | ||
438 | aspects called from that before dropping the lock. This prevents the | ||
439 | potentially expensive RCU magic from being invoked multiple times. | ||
440 | |||
441 | Should some other single aspect of another task's credentials need to be | ||
442 | accessed, then this can be used: | ||
443 | |||
444 | task_cred_xxx(task, member) | ||
445 | |||
446 | where 'member' is a non-pointer member of the cred struct. For instance: | ||
447 | |||
448 | uid_t task_cred_xxx(task, suid); | ||
449 | |||
450 | will retrieve 'struct cred::suid' from the task, doing the appropriate RCU | ||
451 | magic. This may not be used for pointer members as what they point to may | ||
452 | disappear the moment the RCU read lock is dropped. | ||
453 | |||
454 | |||
455 | ALTERING CREDENTIALS | ||
456 | -------------------- | ||
457 | |||
458 | As previously mentioned, a task may only alter its own credentials, and may not | ||
459 | alter those of another task. This means that it doesn't need to use any | ||
460 | locking to alter its own credentials. | ||
461 | |||
462 | To alter the current process's credentials, a function should first prepare a | ||
463 | new set of credentials by calling: | ||
464 | |||
465 | struct cred *prepare_creds(void); | ||
466 | |||
467 | this locks current->cred_replace_mutex and then allocates and constructs a | ||
468 | duplicate of the current process's credentials, returning with the mutex still | ||
469 | held if successful. It returns NULL if not successful (out of memory). | ||
470 | |||
471 | The mutex prevents ptrace() from altering the ptrace state of a process whilst | ||
472 | security checks on credentials construction and changing is taking place as | ||
473 | the ptrace state may alter the outcome, particularly in the case of execve(). | ||
474 | |||
475 | The new credentials set should be altered appropriately, and any security | ||
476 | checks and hooks done. Both the current and the proposed sets of credentials | ||
477 | are available for this purpose as current_cred() will return the current set | ||
478 | still at this point. | ||
479 | |||
480 | |||
481 | When the credential set is ready, it should be committed to the current process | ||
482 | by calling: | ||
483 | |||
484 | int commit_creds(struct cred *new); | ||
485 | |||
486 | This will alter various aspects of the credentials and the process, giving the | ||
487 | LSM a chance to do likewise, then it will use rcu_assign_pointer() to actually | ||
488 | commit the new credentials to current->cred, it will release | ||
489 | current->cred_replace_mutex to allow ptrace() to take place, and it will notify | ||
490 | the scheduler and others of the changes. | ||
491 | |||
492 | This function is guaranteed to return 0, so that it can be tail-called at the | ||
493 | end of such functions as sys_setresuid(). | ||
494 | |||
495 | Note that this function consumes the caller's reference to the new credentials. | ||
496 | The caller should _not_ call put_cred() on the new credentials afterwards. | ||
497 | |||
498 | Furthermore, once this function has been called on a new set of credentials, | ||
499 | those credentials may _not_ be changed further. | ||
500 | |||
501 | |||
502 | Should the security checks fail or some other error occur after prepare_creds() | ||
503 | has been called, then the following function should be invoked: | ||
504 | |||
505 | void abort_creds(struct cred *new); | ||
506 | |||
507 | This releases the lock on current->cred_replace_mutex that prepare_creds() got | ||
508 | and then releases the new credentials. | ||
509 | |||
510 | |||
511 | A typical credentials alteration function would look something like this: | ||
512 | |||
513 | int alter_suid(uid_t suid) | ||
514 | { | ||
515 | struct cred *new; | ||
516 | int ret; | ||
517 | |||
518 | new = prepare_creds(); | ||
519 | if (!new) | ||
520 | return -ENOMEM; | ||
521 | |||
522 | new->suid = suid; | ||
523 | ret = security_alter_suid(new); | ||
524 | if (ret < 0) { | ||
525 | abort_creds(new); | ||
526 | return ret; | ||
527 | } | ||
528 | |||
529 | return commit_creds(new); | ||
530 | } | ||
531 | |||
532 | |||
533 | MANAGING CREDENTIALS | ||
534 | -------------------- | ||
535 | |||
536 | There are some functions to help manage credentials: | ||
537 | |||
538 | (*) void put_cred(const struct cred *cred); | ||
539 | |||
540 | This releases a reference to the given set of credentials. If the | ||
541 | reference count reaches zero, the credentials will be scheduled for | ||
542 | destruction by the RCU system. | ||
543 | |||
544 | (*) const struct cred *get_cred(const struct cred *cred); | ||
545 | |||
546 | This gets a reference on a live set of credentials, returning a pointer to | ||
547 | that set of credentials. | ||
548 | |||
549 | (*) struct cred *get_new_cred(struct cred *cred); | ||
550 | |||
551 | This gets a reference on a set of credentials that is under construction | ||
552 | and is thus still mutable, returning a pointer to that set of credentials. | ||
553 | |||
554 | |||
555 | ===================== | ||
556 | OPEN FILE CREDENTIALS | ||
557 | ===================== | ||
558 | |||
559 | When a new file is opened, a reference is obtained on the opening task's | ||
560 | credentials and this is attached to the file struct as 'f_cred' in place of | ||
561 | 'f_uid' and 'f_gid'. Code that used to access file->f_uid and file->f_gid | ||
562 | should now access file->f_cred->fsuid and file->f_cred->fsgid. | ||
563 | |||
564 | It is safe to access f_cred without the use of RCU or locking because the | ||
565 | pointer will not change over the lifetime of the file struct, and nor will the | ||
566 | contents of the cred struct pointed to, barring the exceptions listed above | ||
567 | (see the Task Credentials section). | ||
568 | |||
569 | |||
570 | ======================================= | ||
571 | OVERRIDING THE VFS'S USE OF CREDENTIALS | ||
572 | ======================================= | ||
573 | |||
574 | Under some circumstances it is desirable to override the credentials used by | ||
575 | the VFS, and that can be done by calling into such as vfs_mkdir() with a | ||
576 | different set of credentials. This is done in the following places: | ||
577 | |||
578 | (*) sys_faccessat(). | ||
579 | |||
580 | (*) do_coredump(). | ||
581 | |||
582 | (*) nfs4recover.c. | ||
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index e0f346d201ed..d8c4ceec3743 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt | |||
@@ -1449,6 +1449,10 @@ and is between 256 and 4096 characters. It is defined in the file | |||
1449 | instruction doesn't work correctly and not to | 1449 | instruction doesn't work correctly and not to |
1450 | use it. | 1450 | use it. |
1451 | 1451 | ||
1452 | no_file_caps Tells the kernel not to honor file capabilities. The | ||
1453 | only way then for a file to be executed with privilege | ||
1454 | is to be setuid root or executed by root. | ||
1455 | |||
1452 | nohalt [IA-64] Tells the kernel not to use the power saving | 1456 | nohalt [IA-64] Tells the kernel not to use the power saving |
1453 | function PAL_HALT_LIGHT when idle. This increases | 1457 | function PAL_HALT_LIGHT when idle. This increases |
1454 | power-consumption. On the positive side, it reduces | 1458 | power-consumption. On the positive side, it reduces |
diff --git a/arch/alpha/kernel/asm-offsets.c b/arch/alpha/kernel/asm-offsets.c index 4b18cd94d59d..6ff8886e7e22 100644 --- a/arch/alpha/kernel/asm-offsets.c +++ b/arch/alpha/kernel/asm-offsets.c | |||
@@ -19,15 +19,18 @@ void foo(void) | |||
19 | BLANK(); | 19 | BLANK(); |
20 | 20 | ||
21 | DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked)); | 21 | DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked)); |
22 | DEFINE(TASK_UID, offsetof(struct task_struct, uid)); | 22 | DEFINE(TASK_CRED, offsetof(struct task_struct, cred)); |
23 | DEFINE(TASK_EUID, offsetof(struct task_struct, euid)); | ||
24 | DEFINE(TASK_GID, offsetof(struct task_struct, gid)); | ||
25 | DEFINE(TASK_EGID, offsetof(struct task_struct, egid)); | ||
26 | DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent)); | 23 | DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent)); |
27 | DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader)); | 24 | DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader)); |
28 | DEFINE(TASK_TGID, offsetof(struct task_struct, tgid)); | 25 | DEFINE(TASK_TGID, offsetof(struct task_struct, tgid)); |
29 | BLANK(); | 26 | BLANK(); |
30 | 27 | ||
28 | DEFINE(CRED_UID, offsetof(struct cred, uid)); | ||
29 | DEFINE(CRED_EUID, offsetof(struct cred, euid)); | ||
30 | DEFINE(CRED_GID, offsetof(struct cred, gid)); | ||
31 | DEFINE(CRED_EGID, offsetof(struct cred, egid)); | ||
32 | BLANK(); | ||
33 | |||
31 | DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs)); | 34 | DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs)); |
32 | DEFINE(PT_PTRACED, PT_PTRACED); | 35 | DEFINE(PT_PTRACED, PT_PTRACED); |
33 | DEFINE(CLONE_VM, CLONE_VM); | 36 | DEFINE(CLONE_VM, CLONE_VM); |
diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S index 5fc61e281ac7..f77345bc66a9 100644 --- a/arch/alpha/kernel/entry.S +++ b/arch/alpha/kernel/entry.S | |||
@@ -850,8 +850,9 @@ osf_getpriority: | |||
850 | sys_getxuid: | 850 | sys_getxuid: |
851 | .prologue 0 | 851 | .prologue 0 |
852 | ldq $2, TI_TASK($8) | 852 | ldq $2, TI_TASK($8) |
853 | ldl $0, TASK_UID($2) | 853 | ldq $3, TASK_CRED($2) |
854 | ldl $1, TASK_EUID($2) | 854 | ldl $0, CRED_UID($3) |
855 | ldl $1, CRED_EUID($3) | ||
855 | stq $1, 80($sp) | 856 | stq $1, 80($sp) |
856 | ret | 857 | ret |
857 | .end sys_getxuid | 858 | .end sys_getxuid |
@@ -862,8 +863,9 @@ sys_getxuid: | |||
862 | sys_getxgid: | 863 | sys_getxgid: |
863 | .prologue 0 | 864 | .prologue 0 |
864 | ldq $2, TI_TASK($8) | 865 | ldq $2, TI_TASK($8) |
865 | ldl $0, TASK_GID($2) | 866 | ldq $3, TASK_CRED($2) |
866 | ldl $1, TASK_EGID($2) | 867 | ldl $0, CRED_GID($3) |
868 | ldl $1, CRED_EGID($3) | ||
867 | stq $1, 80($sp) | 869 | stq $1, 80($sp) |
868 | ret | 870 | ret |
869 | .end sys_getxgid | 871 | .end sys_getxgid |
diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c index 5e92ae00bdbb..16ef61a91d95 100644 --- a/arch/ia64/ia32/sys_ia32.c +++ b/arch/ia64/ia32/sys_ia32.c | |||
@@ -1767,25 +1767,24 @@ groups16_from_user(struct group_info *group_info, short __user *grouplist) | |||
1767 | asmlinkage long | 1767 | asmlinkage long |
1768 | sys32_getgroups16 (int gidsetsize, short __user *grouplist) | 1768 | sys32_getgroups16 (int gidsetsize, short __user *grouplist) |
1769 | { | 1769 | { |
1770 | const struct cred *cred = current_cred(); | ||
1770 | int i; | 1771 | int i; |
1771 | 1772 | ||
1772 | if (gidsetsize < 0) | 1773 | if (gidsetsize < 0) |
1773 | return -EINVAL; | 1774 | return -EINVAL; |
1774 | 1775 | ||
1775 | get_group_info(current->group_info); | 1776 | i = cred->group_info->ngroups; |
1776 | i = current->group_info->ngroups; | ||
1777 | if (gidsetsize) { | 1777 | if (gidsetsize) { |
1778 | if (i > gidsetsize) { | 1778 | if (i > gidsetsize) { |
1779 | i = -EINVAL; | 1779 | i = -EINVAL; |
1780 | goto out; | 1780 | goto out; |
1781 | } | 1781 | } |
1782 | if (groups16_to_user(grouplist, current->group_info)) { | 1782 | if (groups16_to_user(grouplist, cred->group_info)) { |
1783 | i = -EFAULT; | 1783 | i = -EFAULT; |
1784 | goto out; | 1784 | goto out; |
1785 | } | 1785 | } |
1786 | } | 1786 | } |
1787 | out: | 1787 | out: |
1788 | put_group_info(current->group_info); | ||
1789 | return i; | 1788 | return i; |
1790 | } | 1789 | } |
1791 | 1790 | ||
diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c index fab1d21a4f2c..f94aaa86933f 100644 --- a/arch/ia64/kernel/mca_drv.c +++ b/arch/ia64/kernel/mca_drv.c | |||
@@ -158,7 +158,7 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr) | |||
158 | ia64_mlogbuf_dump(); | 158 | ia64_mlogbuf_dump(); |
159 | printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, " | 159 | printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, " |
160 | "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n", | 160 | "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n", |
161 | raw_smp_processor_id(), current->pid, current->uid, | 161 | raw_smp_processor_id(), current->pid, current_uid(), |
162 | iip, ipsr, paddr, current->comm); | 162 | iip, ipsr, paddr, current->comm); |
163 | 163 | ||
164 | spin_lock(&mca_bh_lock); | 164 | spin_lock(&mca_bh_lock); |
diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c index 6543a5547c84..0e499757309b 100644 --- a/arch/ia64/kernel/perfmon.c +++ b/arch/ia64/kernel/perfmon.c | |||
@@ -2220,8 +2220,8 @@ pfm_alloc_file(pfm_context_t *ctx) | |||
2220 | DPRINT(("new inode ino=%ld @%p\n", inode->i_ino, inode)); | 2220 | DPRINT(("new inode ino=%ld @%p\n", inode->i_ino, inode)); |
2221 | 2221 | ||
2222 | inode->i_mode = S_IFCHR|S_IRUGO; | 2222 | inode->i_mode = S_IFCHR|S_IRUGO; |
2223 | inode->i_uid = current->fsuid; | 2223 | inode->i_uid = current_fsuid(); |
2224 | inode->i_gid = current->fsgid; | 2224 | inode->i_gid = current_fsgid(); |
2225 | 2225 | ||
2226 | sprintf(name, "[%lu]", inode->i_ino); | 2226 | sprintf(name, "[%lu]", inode->i_ino); |
2227 | this.name = name; | 2227 | this.name = name; |
@@ -2399,22 +2399,33 @@ error_kmem: | |||
2399 | static int | 2399 | static int |
2400 | pfm_bad_permissions(struct task_struct *task) | 2400 | pfm_bad_permissions(struct task_struct *task) |
2401 | { | 2401 | { |
2402 | const struct cred *tcred; | ||
2403 | uid_t uid = current_uid(); | ||
2404 | gid_t gid = current_gid(); | ||
2405 | int ret; | ||
2406 | |||
2407 | rcu_read_lock(); | ||
2408 | tcred = __task_cred(task); | ||
2409 | |||
2402 | /* inspired by ptrace_attach() */ | 2410 | /* inspired by ptrace_attach() */ |
2403 | DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n", | 2411 | DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n", |
2404 | current->uid, | 2412 | uid, |
2405 | current->gid, | 2413 | gid, |
2406 | task->euid, | 2414 | tcred->euid, |
2407 | task->suid, | 2415 | tcred->suid, |
2408 | task->uid, | 2416 | tcred->uid, |
2409 | task->egid, | 2417 | tcred->egid, |
2410 | task->sgid)); | 2418 | tcred->sgid)); |
2411 | 2419 | ||
2412 | return ((current->uid != task->euid) | 2420 | ret = ((uid != tcred->euid) |
2413 | || (current->uid != task->suid) | 2421 | || (uid != tcred->suid) |
2414 | || (current->uid != task->uid) | 2422 | || (uid != tcred->uid) |
2415 | || (current->gid != task->egid) | 2423 | || (gid != tcred->egid) |
2416 | || (current->gid != task->sgid) | 2424 | || (gid != tcred->sgid) |
2417 | || (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE); | 2425 | || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE); |
2426 | |||
2427 | rcu_read_unlock(); | ||
2428 | return ret; | ||
2418 | } | 2429 | } |
2419 | 2430 | ||
2420 | static int | 2431 | static int |
diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c index e12500a9c443..e1821ca4c7df 100644 --- a/arch/ia64/kernel/signal.c +++ b/arch/ia64/kernel/signal.c | |||
@@ -229,7 +229,7 @@ ia64_rt_sigreturn (struct sigscratch *scr) | |||
229 | si.si_errno = 0; | 229 | si.si_errno = 0; |
230 | si.si_code = SI_KERNEL; | 230 | si.si_code = SI_KERNEL; |
231 | si.si_pid = task_pid_vnr(current); | 231 | si.si_pid = task_pid_vnr(current); |
232 | si.si_uid = current->uid; | 232 | si.si_uid = current_uid(); |
233 | si.si_addr = sc; | 233 | si.si_addr = sc; |
234 | force_sig_info(SIGSEGV, &si, current); | 234 | force_sig_info(SIGSEGV, &si, current); |
235 | return retval; | 235 | return retval; |
@@ -326,7 +326,7 @@ force_sigsegv_info (int sig, void __user *addr) | |||
326 | si.si_errno = 0; | 326 | si.si_errno = 0; |
327 | si.si_code = SI_KERNEL; | 327 | si.si_code = SI_KERNEL; |
328 | si.si_pid = task_pid_vnr(current); | 328 | si.si_pid = task_pid_vnr(current); |
329 | si.si_uid = current->uid; | 329 | si.si_uid = current_uid(); |
330 | si.si_addr = addr; | 330 | si.si_addr = addr; |
331 | force_sig_info(SIGSEGV, &si, current); | 331 | force_sig_info(SIGSEGV, &si, current); |
332 | return 0; | 332 | return 0; |
diff --git a/arch/mips/kernel/kspd.c b/arch/mips/kernel/kspd.c index b0591ae0ce56..fd6e51224034 100644 --- a/arch/mips/kernel/kspd.c +++ b/arch/mips/kernel/kspd.c | |||
@@ -174,8 +174,8 @@ static unsigned int translate_open_flags(int flags) | |||
174 | 174 | ||
175 | static void sp_setfsuidgid( uid_t uid, gid_t gid) | 175 | static void sp_setfsuidgid( uid_t uid, gid_t gid) |
176 | { | 176 | { |
177 | current->fsuid = uid; | 177 | current->cred->fsuid = uid; |
178 | current->fsgid = gid; | 178 | current->cred->fsgid = gid; |
179 | 179 | ||
180 | key_fsuid_changed(current); | 180 | key_fsuid_changed(current); |
181 | key_fsgid_changed(current); | 181 | key_fsgid_changed(current); |
diff --git a/arch/mips/kernel/mips-mt-fpaff.c b/arch/mips/kernel/mips-mt-fpaff.c index dc9eb72ed9de..5e77a3a21f98 100644 --- a/arch/mips/kernel/mips-mt-fpaff.c +++ b/arch/mips/kernel/mips-mt-fpaff.c | |||
@@ -51,6 +51,7 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len, | |||
51 | int retval; | 51 | int retval; |
52 | struct task_struct *p; | 52 | struct task_struct *p; |
53 | struct thread_info *ti; | 53 | struct thread_info *ti; |
54 | uid_t euid; | ||
54 | 55 | ||
55 | if (len < sizeof(new_mask)) | 56 | if (len < sizeof(new_mask)) |
56 | return -EINVAL; | 57 | return -EINVAL; |
@@ -76,9 +77,9 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len, | |||
76 | */ | 77 | */ |
77 | get_task_struct(p); | 78 | get_task_struct(p); |
78 | 79 | ||
80 | euid = current_euid(); | ||
79 | retval = -EPERM; | 81 | retval = -EPERM; |
80 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 82 | if (euid != p->euid && euid != p->uid && !capable(CAP_SYS_NICE)) { |
81 | !capable(CAP_SYS_NICE)) { | ||
82 | read_unlock(&tasklist_lock); | 83 | read_unlock(&tasklist_lock); |
83 | goto out_unlock; | 84 | goto out_unlock; |
84 | } | 85 | } |
diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c index 972b2d2b8401..09786e496375 100644 --- a/arch/mips/kernel/vpe.c +++ b/arch/mips/kernel/vpe.c | |||
@@ -1085,8 +1085,8 @@ static int vpe_open(struct inode *inode, struct file *filp) | |||
1085 | v->load_addr = NULL; | 1085 | v->load_addr = NULL; |
1086 | v->len = 0; | 1086 | v->len = 0; |
1087 | 1087 | ||
1088 | v->uid = filp->f_uid; | 1088 | v->uid = filp->f_cred->fsuid; |
1089 | v->gid = filp->f_gid; | 1089 | v->gid = filp->f_cred->fsgid; |
1090 | 1090 | ||
1091 | #ifdef CONFIG_MIPS_APSP_KSPD | 1091 | #ifdef CONFIG_MIPS_APSP_KSPD |
1092 | /* get kspd to tell us when a syscall_exit happens */ | 1092 | /* get kspd to tell us when a syscall_exit happens */ |
diff --git a/arch/parisc/kernel/signal.c b/arch/parisc/kernel/signal.c index 06213d1d6d95..f82544225e8e 100644 --- a/arch/parisc/kernel/signal.c +++ b/arch/parisc/kernel/signal.c | |||
@@ -182,7 +182,7 @@ give_sigsegv: | |||
182 | si.si_errno = 0; | 182 | si.si_errno = 0; |
183 | si.si_code = SI_KERNEL; | 183 | si.si_code = SI_KERNEL; |
184 | si.si_pid = task_pid_vnr(current); | 184 | si.si_pid = task_pid_vnr(current); |
185 | si.si_uid = current->uid; | 185 | si.si_uid = current_uid(); |
186 | si.si_addr = &frame->uc; | 186 | si.si_addr = &frame->uc; |
187 | force_sig_info(SIGSEGV, &si, current); | 187 | force_sig_info(SIGSEGV, &si, current); |
188 | return; | 188 | return; |
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index 565b7a237c84..866098686da8 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c | |||
@@ -339,7 +339,7 @@ bad_area_nosemaphore: | |||
339 | && printk_ratelimit()) | 339 | && printk_ratelimit()) |
340 | printk(KERN_CRIT "kernel tried to execute NX-protected" | 340 | printk(KERN_CRIT "kernel tried to execute NX-protected" |
341 | " page (%lx) - exploit attempt? (uid: %d)\n", | 341 | " page (%lx) - exploit attempt? (uid: %d)\n", |
342 | address, current->uid); | 342 | address, current_uid()); |
343 | 343 | ||
344 | return SIGSEGV; | 344 | return SIGSEGV; |
345 | 345 | ||
diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c index cb85d237e492..6296bfd9cb0b 100644 --- a/arch/powerpc/platforms/cell/spufs/inode.c +++ b/arch/powerpc/platforms/cell/spufs/inode.c | |||
@@ -95,8 +95,8 @@ spufs_new_inode(struct super_block *sb, int mode) | |||
95 | goto out; | 95 | goto out; |
96 | 96 | ||
97 | inode->i_mode = mode; | 97 | inode->i_mode = mode; |
98 | inode->i_uid = current->fsuid; | 98 | inode->i_uid = current_fsuid(); |
99 | inode->i_gid = current->fsgid; | 99 | inode->i_gid = current_fsgid(); |
100 | inode->i_blocks = 0; | 100 | inode->i_blocks = 0; |
101 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 101 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
102 | out: | 102 | out: |
@@ -323,7 +323,7 @@ static int spufs_context_open(struct dentry *dentry, struct vfsmount *mnt) | |||
323 | goto out; | 323 | goto out; |
324 | } | 324 | } |
325 | 325 | ||
326 | filp = dentry_open(dentry, mnt, O_RDONLY); | 326 | filp = dentry_open(dentry, mnt, O_RDONLY, current_cred()); |
327 | if (IS_ERR(filp)) { | 327 | if (IS_ERR(filp)) { |
328 | put_unused_fd(ret); | 328 | put_unused_fd(ret); |
329 | ret = PTR_ERR(filp); | 329 | ret = PTR_ERR(filp); |
@@ -562,7 +562,7 @@ static int spufs_gang_open(struct dentry *dentry, struct vfsmount *mnt) | |||
562 | goto out; | 562 | goto out; |
563 | } | 563 | } |
564 | 564 | ||
565 | filp = dentry_open(dentry, mnt, O_RDONLY); | 565 | filp = dentry_open(dentry, mnt, O_RDONLY, current_cred()); |
566 | if (IS_ERR(filp)) { | 566 | if (IS_ERR(filp)) { |
567 | put_unused_fd(ret); | 567 | put_unused_fd(ret); |
568 | ret = PTR_ERR(filp); | 568 | ret = PTR_ERR(filp); |
diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c index 36313801cd5c..8aadcd7a7cf8 100644 --- a/arch/s390/hypfs/inode.c +++ b/arch/s390/hypfs/inode.c | |||
@@ -280,8 +280,8 @@ static int hypfs_fill_super(struct super_block *sb, void *data, int silent) | |||
280 | if (!sbi) | 280 | if (!sbi) |
281 | return -ENOMEM; | 281 | return -ENOMEM; |
282 | mutex_init(&sbi->lock); | 282 | mutex_init(&sbi->lock); |
283 | sbi->uid = current->uid; | 283 | sbi->uid = current_uid(); |
284 | sbi->gid = current->gid; | 284 | sbi->gid = current_gid(); |
285 | sb->s_fs_info = sbi; | 285 | sb->s_fs_info = sbi; |
286 | sb->s_blocksize = PAGE_CACHE_SIZE; | 286 | sb->s_blocksize = PAGE_CACHE_SIZE; |
287 | sb->s_blocksize_bits = PAGE_CACHE_SHIFT; | 287 | sb->s_blocksize_bits = PAGE_CACHE_SHIFT; |
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c index 4646382af34f..6cc87d8c8682 100644 --- a/arch/s390/kernel/compat_linux.c +++ b/arch/s390/kernel/compat_linux.c | |||
@@ -148,9 +148,9 @@ asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user | |||
148 | { | 148 | { |
149 | int retval; | 149 | int retval; |
150 | 150 | ||
151 | if (!(retval = put_user(high2lowuid(current->uid), ruid)) && | 151 | if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) && |
152 | !(retval = put_user(high2lowuid(current->euid), euid))) | 152 | !(retval = put_user(high2lowuid(current->cred->euid), euid))) |
153 | retval = put_user(high2lowuid(current->suid), suid); | 153 | retval = put_user(high2lowuid(current->cred->suid), suid); |
154 | 154 | ||
155 | return retval; | 155 | return retval; |
156 | } | 156 | } |
@@ -165,9 +165,9 @@ asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user | |||
165 | { | 165 | { |
166 | int retval; | 166 | int retval; |
167 | 167 | ||
168 | if (!(retval = put_user(high2lowgid(current->gid), rgid)) && | 168 | if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) && |
169 | !(retval = put_user(high2lowgid(current->egid), egid))) | 169 | !(retval = put_user(high2lowgid(current->cred->egid), egid))) |
170 | retval = put_user(high2lowgid(current->sgid), sgid); | 170 | retval = put_user(high2lowgid(current->cred->sgid), sgid); |
171 | 171 | ||
172 | return retval; | 172 | return retval; |
173 | } | 173 | } |
@@ -217,20 +217,20 @@ asmlinkage long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) | |||
217 | if (gidsetsize < 0) | 217 | if (gidsetsize < 0) |
218 | return -EINVAL; | 218 | return -EINVAL; |
219 | 219 | ||
220 | get_group_info(current->group_info); | 220 | get_group_info(current->cred->group_info); |
221 | i = current->group_info->ngroups; | 221 | i = current->cred->group_info->ngroups; |
222 | if (gidsetsize) { | 222 | if (gidsetsize) { |
223 | if (i > gidsetsize) { | 223 | if (i > gidsetsize) { |
224 | i = -EINVAL; | 224 | i = -EINVAL; |
225 | goto out; | 225 | goto out; |
226 | } | 226 | } |
227 | if (groups16_to_user(grouplist, current->group_info)) { | 227 | if (groups16_to_user(grouplist, current->cred->group_info)) { |
228 | i = -EFAULT; | 228 | i = -EFAULT; |
229 | goto out; | 229 | goto out; |
230 | } | 230 | } |
231 | } | 231 | } |
232 | out: | 232 | out: |
233 | put_group_info(current->group_info); | 233 | put_group_info(current->cred->group_info); |
234 | return i; | 234 | return i; |
235 | } | 235 | } |
236 | 236 | ||
@@ -261,22 +261,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) | |||
261 | 261 | ||
262 | asmlinkage long sys32_getuid16(void) | 262 | asmlinkage long sys32_getuid16(void) |
263 | { | 263 | { |
264 | return high2lowuid(current->uid); | 264 | return high2lowuid(current->cred->uid); |
265 | } | 265 | } |
266 | 266 | ||
267 | asmlinkage long sys32_geteuid16(void) | 267 | asmlinkage long sys32_geteuid16(void) |
268 | { | 268 | { |
269 | return high2lowuid(current->euid); | 269 | return high2lowuid(current->cred->euid); |
270 | } | 270 | } |
271 | 271 | ||
272 | asmlinkage long sys32_getgid16(void) | 272 | asmlinkage long sys32_getgid16(void) |
273 | { | 273 | { |
274 | return high2lowgid(current->gid); | 274 | return high2lowgid(current->cred->gid); |
275 | } | 275 | } |
276 | 276 | ||
277 | asmlinkage long sys32_getegid16(void) | 277 | asmlinkage long sys32_getegid16(void) |
278 | { | 278 | { |
279 | return high2lowgid(current->egid); | 279 | return high2lowgid(current->cred->egid); |
280 | } | 280 | } |
281 | 281 | ||
282 | /* | 282 | /* |
diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c index 19d579d74d27..16d3b3789a50 100644 --- a/arch/um/drivers/mconsole_kern.c +++ b/arch/um/drivers/mconsole_kern.c | |||
@@ -159,7 +159,8 @@ void mconsole_proc(struct mc_request *req) | |||
159 | goto out_kill; | 159 | goto out_kill; |
160 | } | 160 | } |
161 | 161 | ||
162 | file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY); | 162 | file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY, |
163 | current_cred()); | ||
163 | if (IS_ERR(file)) { | 164 | if (IS_ERR(file)) { |
164 | mconsole_reply(req, "Failed to open file", 1, 0); | 165 | mconsole_reply(req, "Failed to open file", 1, 0); |
165 | goto out_kill; | 166 | goto out_kill; |
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c index 127ec3f07214..2a4d073d2cf1 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c | |||
@@ -327,7 +327,7 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs) | |||
327 | current->mm->cached_hole_size = 0; | 327 | current->mm->cached_hole_size = 0; |
328 | 328 | ||
329 | current->mm->mmap = NULL; | 329 | current->mm->mmap = NULL; |
330 | compute_creds(bprm); | 330 | install_exec_creds(bprm); |
331 | current->flags &= ~PF_FORKNOEXEC; | 331 | current->flags &= ~PF_FORKNOEXEC; |
332 | 332 | ||
333 | if (N_MAGIC(ex) == OMAGIC) { | 333 | if (N_MAGIC(ex) == OMAGIC) { |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 31e8730fa246..3a1b6ef4f05d 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c | |||
@@ -393,7 +393,7 @@ static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, | |||
393 | if (pte && pte_present(*pte) && !pte_exec(*pte)) | 393 | if (pte && pte_present(*pte) && !pte_exec(*pte)) |
394 | printk(KERN_CRIT "kernel tried to execute " | 394 | printk(KERN_CRIT "kernel tried to execute " |
395 | "NX-protected page - exploit attempt? " | 395 | "NX-protected page - exploit attempt? " |
396 | "(uid: %d)\n", current->uid); | 396 | "(uid: %d)\n", current_uid()); |
397 | } | 397 | } |
398 | #endif | 398 | #endif |
399 | 399 | ||
diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 5c4ee70d5cf3..fb06ed659212 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c | |||
@@ -936,8 +936,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) | |||
936 | { | 936 | { |
937 | int err; | 937 | int err; |
938 | struct loop_func_table *xfer; | 938 | struct loop_func_table *xfer; |
939 | uid_t uid = current_uid(); | ||
939 | 940 | ||
940 | if (lo->lo_encrypt_key_size && lo->lo_key_owner != current->uid && | 941 | if (lo->lo_encrypt_key_size && |
942 | lo->lo_key_owner != uid && | ||
941 | !capable(CAP_SYS_ADMIN)) | 943 | !capable(CAP_SYS_ADMIN)) |
942 | return -EPERM; | 944 | return -EPERM; |
943 | if (lo->lo_state != Lo_bound) | 945 | if (lo->lo_state != Lo_bound) |
@@ -992,7 +994,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) | |||
992 | if (info->lo_encrypt_key_size) { | 994 | if (info->lo_encrypt_key_size) { |
993 | memcpy(lo->lo_encrypt_key, info->lo_encrypt_key, | 995 | memcpy(lo->lo_encrypt_key, info->lo_encrypt_key, |
994 | info->lo_encrypt_key_size); | 996 | info->lo_encrypt_key_size); |
995 | lo->lo_key_owner = current->uid; | 997 | lo->lo_key_owner = uid; |
996 | } | 998 | } |
997 | 999 | ||
998 | return 0; | 1000 | return 0; |
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index 5787249934c8..d961fa9612c4 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c | |||
@@ -86,10 +86,12 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | |||
86 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); | 86 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); |
87 | if (ab) { | 87 | if (ab) { |
88 | char name[sizeof(tsk->comm)]; | 88 | char name[sizeof(tsk->comm)]; |
89 | uid_t uid = task_uid(tsk); | ||
89 | 90 | ||
90 | audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " | 91 | audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " |
91 | "major=%d minor=%d comm=", tsk->pid, tsk->uid, | 92 | "major=%d minor=%d comm=", |
92 | loginuid, sessionid, buf->major, buf->minor); | 93 | tsk->pid, uid, loginuid, sessionid, |
94 | buf->major, buf->minor); | ||
93 | get_task_comm(name, tsk); | 95 | get_task_comm(name, tsk); |
94 | audit_log_untrustedstring(ab, name); | 96 | audit_log_untrustedstring(ab, name); |
95 | audit_log_format(ab, " data="); | 97 | audit_log_format(ab, " data="); |
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 5c9f67f98d10..c5afc98e2675 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c | |||
@@ -106,6 +106,7 @@ void proc_id_connector(struct task_struct *task, int which_id) | |||
106 | struct proc_event *ev; | 106 | struct proc_event *ev; |
107 | __u8 buffer[CN_PROC_MSG_SIZE]; | 107 | __u8 buffer[CN_PROC_MSG_SIZE]; |
108 | struct timespec ts; | 108 | struct timespec ts; |
109 | const struct cred *cred; | ||
109 | 110 | ||
110 | if (atomic_read(&proc_event_num_listeners) < 1) | 111 | if (atomic_read(&proc_event_num_listeners) < 1) |
111 | return; | 112 | return; |
@@ -115,14 +116,19 @@ void proc_id_connector(struct task_struct *task, int which_id) | |||
115 | ev->what = which_id; | 116 | ev->what = which_id; |
116 | ev->event_data.id.process_pid = task->pid; | 117 | ev->event_data.id.process_pid = task->pid; |
117 | ev->event_data.id.process_tgid = task->tgid; | 118 | ev->event_data.id.process_tgid = task->tgid; |
119 | rcu_read_lock(); | ||
120 | cred = __task_cred(task); | ||
118 | if (which_id == PROC_EVENT_UID) { | 121 | if (which_id == PROC_EVENT_UID) { |
119 | ev->event_data.id.r.ruid = task->uid; | 122 | ev->event_data.id.r.ruid = cred->uid; |
120 | ev->event_data.id.e.euid = task->euid; | 123 | ev->event_data.id.e.euid = cred->euid; |
121 | } else if (which_id == PROC_EVENT_GID) { | 124 | } else if (which_id == PROC_EVENT_GID) { |
122 | ev->event_data.id.r.rgid = task->gid; | 125 | ev->event_data.id.r.rgid = cred->gid; |
123 | ev->event_data.id.e.egid = task->egid; | 126 | ev->event_data.id.e.egid = cred->egid; |
124 | } else | 127 | } else { |
128 | rcu_read_unlock(); | ||
125 | return; | 129 | return; |
130 | } | ||
131 | rcu_read_unlock(); | ||
126 | get_seq(&msg->seq, &ev->cpu); | 132 | get_seq(&msg->seq, &ev->cpu); |
127 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ | 133 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
128 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); | 134 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
diff --git a/drivers/isdn/capi/capifs.c b/drivers/isdn/capi/capifs.c index 550e80f390a6..0aa66ec4cbdd 100644 --- a/drivers/isdn/capi/capifs.c +++ b/drivers/isdn/capi/capifs.c | |||
@@ -156,8 +156,8 @@ void capifs_new_ncci(unsigned int number, dev_t device) | |||
156 | if (!inode) | 156 | if (!inode) |
157 | return; | 157 | return; |
158 | inode->i_ino = number+2; | 158 | inode->i_ino = number+2; |
159 | inode->i_uid = config.setuid ? config.uid : current->fsuid; | 159 | inode->i_uid = config.setuid ? config.uid : current_fsuid(); |
160 | inode->i_gid = config.setgid ? config.gid : current->fsgid; | 160 | inode->i_gid = config.setgid ? config.gid : current_fsgid(); |
161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | 161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; |
162 | init_special_inode(inode, S_IFCHR|config.mode, device); | 162 | init_special_inode(inode, S_IFCHR|config.mode, device); |
163 | //inode->i_op = &capifs_file_inode_operations; | 163 | //inode->i_op = &capifs_file_inode_operations; |
diff --git a/drivers/isdn/hysdn/hysdn_procconf.c b/drivers/isdn/hysdn/hysdn_procconf.c index 484299b031f8..8f9f4912de32 100644 --- a/drivers/isdn/hysdn/hysdn_procconf.c +++ b/drivers/isdn/hysdn/hysdn_procconf.c | |||
@@ -246,7 +246,8 @@ hysdn_conf_open(struct inode *ino, struct file *filep) | |||
246 | } | 246 | } |
247 | if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) | 247 | if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) |
248 | hysdn_addlog(card, "config open for uid=%d gid=%d mode=0x%x", | 248 | hysdn_addlog(card, "config open for uid=%d gid=%d mode=0x%x", |
249 | filep->f_uid, filep->f_gid, filep->f_mode); | 249 | filep->f_cred->fsuid, filep->f_cred->fsgid, |
250 | filep->f_mode); | ||
250 | 251 | ||
251 | if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { | 252 | if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { |
252 | /* write only access -> write boot file or conf line */ | 253 | /* write only access -> write boot file or conf line */ |
@@ -331,7 +332,8 @@ hysdn_conf_close(struct inode *ino, struct file *filep) | |||
331 | } | 332 | } |
332 | if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) | 333 | if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) |
333 | hysdn_addlog(card, "config close for uid=%d gid=%d mode=0x%x", | 334 | hysdn_addlog(card, "config close for uid=%d gid=%d mode=0x%x", |
334 | filep->f_uid, filep->f_gid, filep->f_mode); | 335 | filep->f_cred->fsuid, filep->f_cred->fsgid, |
336 | filep->f_mode); | ||
335 | 337 | ||
336 | if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { | 338 | if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { |
337 | /* write only access -> write boot file or conf line */ | 339 | /* write only access -> write boot file or conf line */ |
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 33b6d1b122fb..55dc70c6b4db 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c | |||
@@ -702,6 +702,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | |||
702 | struct tun_net *tn; | 702 | struct tun_net *tn; |
703 | struct tun_struct *tun; | 703 | struct tun_struct *tun; |
704 | struct net_device *dev; | 704 | struct net_device *dev; |
705 | const struct cred *cred = current_cred(); | ||
705 | int err; | 706 | int err; |
706 | 707 | ||
707 | tn = net_generic(net, tun_net_id); | 708 | tn = net_generic(net, tun_net_id); |
@@ -712,11 +713,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | |||
712 | 713 | ||
713 | /* Check permissions */ | 714 | /* Check permissions */ |
714 | if (((tun->owner != -1 && | 715 | if (((tun->owner != -1 && |
715 | current->euid != tun->owner) || | 716 | cred->euid != tun->owner) || |
716 | (tun->group != -1 && | 717 | (tun->group != -1 && |
717 | current->egid != tun->group)) && | 718 | cred->egid != tun->group)) && |
718 | !capable(CAP_NET_ADMIN)) | 719 | !capable(CAP_NET_ADMIN)) { |
719 | return -EPERM; | 720 | return -EPERM; |
721 | } | ||
720 | } | 722 | } |
721 | else if (__dev_get_by_name(net, ifr->ifr_name)) | 723 | else if (__dev_get_by_name(net, ifr->ifr_name)) |
722 | return -EINVAL; | 724 | return -EINVAL; |
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 2bccefebff1b..aa79280df15d 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c | |||
@@ -574,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file) | |||
574 | { | 574 | { |
575 | struct usb_device *dev = NULL; | 575 | struct usb_device *dev = NULL; |
576 | struct dev_state *ps; | 576 | struct dev_state *ps; |
577 | const struct cred *cred = current_cred(); | ||
577 | int ret; | 578 | int ret; |
578 | 579 | ||
579 | lock_kernel(); | 580 | lock_kernel(); |
@@ -617,8 +618,8 @@ static int usbdev_open(struct inode *inode, struct file *file) | |||
617 | init_waitqueue_head(&ps->wait); | 618 | init_waitqueue_head(&ps->wait); |
618 | ps->discsignr = 0; | 619 | ps->discsignr = 0; |
619 | ps->disc_pid = get_pid(task_pid(current)); | 620 | ps->disc_pid = get_pid(task_pid(current)); |
620 | ps->disc_uid = current->uid; | 621 | ps->disc_uid = cred->uid; |
621 | ps->disc_euid = current->euid; | 622 | ps->disc_euid = cred->euid; |
622 | ps->disccontext = NULL; | 623 | ps->disccontext = NULL; |
623 | ps->ifclaimed = 0; | 624 | ps->ifclaimed = 0; |
624 | security_task_getsecid(current, &ps->secid); | 625 | security_task_getsecid(current, &ps->secid); |
@@ -967,6 +968,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, | |||
967 | struct usb_host_endpoint *ep; | 968 | struct usb_host_endpoint *ep; |
968 | struct async *as; | 969 | struct async *as; |
969 | struct usb_ctrlrequest *dr = NULL; | 970 | struct usb_ctrlrequest *dr = NULL; |
971 | const struct cred *cred = current_cred(); | ||
970 | unsigned int u, totlen, isofrmlen; | 972 | unsigned int u, totlen, isofrmlen; |
971 | int ret, ifnum = -1; | 973 | int ret, ifnum = -1; |
972 | int is_in; | 974 | int is_in; |
@@ -1174,8 +1176,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, | |||
1174 | as->signr = uurb->signr; | 1176 | as->signr = uurb->signr; |
1175 | as->ifnum = ifnum; | 1177 | as->ifnum = ifnum; |
1176 | as->pid = get_pid(task_pid(current)); | 1178 | as->pid = get_pid(task_pid(current)); |
1177 | as->uid = current->uid; | 1179 | as->uid = cred->uid; |
1178 | as->euid = current->euid; | 1180 | as->euid = cred->euid; |
1179 | security_task_getsecid(current, &as->secid); | 1181 | security_task_getsecid(current, &as->secid); |
1180 | if (!is_in) { | 1182 | if (!is_in) { |
1181 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, | 1183 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, |
diff --git a/drivers/usb/core/inode.c b/drivers/usb/core/inode.c index 94632264dccf..185be760833e 100644 --- a/drivers/usb/core/inode.c +++ b/drivers/usb/core/inode.c | |||
@@ -277,8 +277,8 @@ static struct inode *usbfs_get_inode (struct super_block *sb, int mode, dev_t de | |||
277 | 277 | ||
278 | if (inode) { | 278 | if (inode) { |
279 | inode->i_mode = mode; | 279 | inode->i_mode = mode; |
280 | inode->i_uid = current->fsuid; | 280 | inode->i_uid = current_fsuid(); |
281 | inode->i_gid = current->fsgid; | 281 | inode->i_gid = current_fsgid(); |
282 | inode->i_blocks = 0; | 282 | inode->i_blocks = 0; |
283 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 283 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
284 | switch (mode & S_IFMT) { | 284 | switch (mode & S_IFMT) { |
diff --git a/fs/9p/fid.c b/fs/9p/fid.c index 3031e3233dd6..a43e4ab7c6c3 100644 --- a/fs/9p/fid.c +++ b/fs/9p/fid.c | |||
@@ -120,7 +120,7 @@ struct p9_fid *v9fs_fid_lookup(struct dentry *dentry) | |||
120 | switch (access) { | 120 | switch (access) { |
121 | case V9FS_ACCESS_SINGLE: | 121 | case V9FS_ACCESS_SINGLE: |
122 | case V9FS_ACCESS_USER: | 122 | case V9FS_ACCESS_USER: |
123 | uid = current->fsuid; | 123 | uid = current_fsuid(); |
124 | any = 0; | 124 | any = 0; |
125 | break; | 125 | break; |
126 | 126 | ||
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 8314d3f43b71..8fddfe86a0dc 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c | |||
@@ -215,8 +215,8 @@ struct inode *v9fs_get_inode(struct super_block *sb, int mode) | |||
215 | inode = new_inode(sb); | 215 | inode = new_inode(sb); |
216 | if (inode) { | 216 | if (inode) { |
217 | inode->i_mode = mode; | 217 | inode->i_mode = mode; |
218 | inode->i_uid = current->fsuid; | 218 | inode->i_uid = current_fsuid(); |
219 | inode->i_gid = current->fsgid; | 219 | inode->i_gid = current_fsgid(); |
220 | inode->i_blocks = 0; | 220 | inode->i_blocks = 0; |
221 | inode->i_rdev = 0; | 221 | inode->i_rdev = 0; |
222 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 222 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c index d6cb1a0ca724..93212e40221a 100644 --- a/fs/9p/vfs_super.c +++ b/fs/9p/vfs_super.c | |||
@@ -113,8 +113,8 @@ static int v9fs_get_sb(struct file_system_type *fs_type, int flags, | |||
113 | struct v9fs_session_info *v9ses = NULL; | 113 | struct v9fs_session_info *v9ses = NULL; |
114 | struct p9_wstat *st = NULL; | 114 | struct p9_wstat *st = NULL; |
115 | int mode = S_IRWXUGO | S_ISVTX; | 115 | int mode = S_IRWXUGO | S_ISVTX; |
116 | uid_t uid = current->fsuid; | 116 | uid_t uid = current_fsuid(); |
117 | gid_t gid = current->fsgid; | 117 | gid_t gid = current_fsgid(); |
118 | struct p9_fid *fid; | 118 | struct p9_fid *fid; |
119 | int retval = 0; | 119 | int retval = 0; |
120 | 120 | ||
diff --git a/fs/affs/inode.c b/fs/affs/inode.c index a13b334a3910..415d9c67ac16 100644 --- a/fs/affs/inode.c +++ b/fs/affs/inode.c | |||
@@ -293,8 +293,8 @@ affs_new_inode(struct inode *dir) | |||
293 | mark_buffer_dirty_inode(bh, inode); | 293 | mark_buffer_dirty_inode(bh, inode); |
294 | affs_brelse(bh); | 294 | affs_brelse(bh); |
295 | 295 | ||
296 | inode->i_uid = current->fsuid; | 296 | inode->i_uid = current_fsuid(); |
297 | inode->i_gid = current->fsgid; | 297 | inode->i_gid = current_fsgid(); |
298 | inode->i_ino = block; | 298 | inode->i_ino = block; |
299 | inode->i_nlink = 1; | 299 | inode->i_nlink = 1; |
300 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 300 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
diff --git a/fs/affs/super.c b/fs/affs/super.c index 8989c93193ed..a19d64b582aa 100644 --- a/fs/affs/super.c +++ b/fs/affs/super.c | |||
@@ -163,8 +163,8 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s | |||
163 | 163 | ||
164 | /* Fill in defaults */ | 164 | /* Fill in defaults */ |
165 | 165 | ||
166 | *uid = current->uid; | 166 | *uid = current_uid(); |
167 | *gid = current->gid; | 167 | *gid = current_gid(); |
168 | *reserved = 2; | 168 | *reserved = 2; |
169 | *root = -1; | 169 | *root = -1; |
170 | *blocksize = -1; | 170 | *blocksize = -1; |
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 3662dd44896b..c16d9be1b017 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c | |||
@@ -154,8 +154,8 @@ static struct inode *anon_inode_mkinode(void) | |||
154 | */ | 154 | */ |
155 | inode->i_state = I_DIRTY; | 155 | inode->i_state = I_DIRTY; |
156 | inode->i_mode = S_IRUSR | S_IWUSR; | 156 | inode->i_mode = S_IRUSR | S_IWUSR; |
157 | inode->i_uid = current->fsuid; | 157 | inode->i_uid = current_fsuid(); |
158 | inode->i_gid = current->fsgid; | 158 | inode->i_gid = current_fsgid(); |
159 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 159 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
160 | return inode; | 160 | return inode; |
161 | } | 161 | } |
@@ -29,13 +29,13 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) | |||
29 | 29 | ||
30 | /* Make sure a caller can chown. */ | 30 | /* Make sure a caller can chown. */ |
31 | if ((ia_valid & ATTR_UID) && | 31 | if ((ia_valid & ATTR_UID) && |
32 | (current->fsuid != inode->i_uid || | 32 | (current_fsuid() != inode->i_uid || |
33 | attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) | 33 | attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) |
34 | goto error; | 34 | goto error; |
35 | 35 | ||
36 | /* Make sure caller can chgrp. */ | 36 | /* Make sure caller can chgrp. */ |
37 | if ((ia_valid & ATTR_GID) && | 37 | if ((ia_valid & ATTR_GID) && |
38 | (current->fsuid != inode->i_uid || | 38 | (current_fsuid() != inode->i_uid || |
39 | (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && | 39 | (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && |
40 | !capable(CAP_CHOWN)) | 40 | !capable(CAP_CHOWN)) |
41 | goto error; | 41 | goto error; |
diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c index b70eea1e8c59..c773680d5c60 100644 --- a/fs/autofs/inode.c +++ b/fs/autofs/inode.c | |||
@@ -76,8 +76,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid, | |||
76 | substring_t args[MAX_OPT_ARGS]; | 76 | substring_t args[MAX_OPT_ARGS]; |
77 | int option; | 77 | int option; |
78 | 78 | ||
79 | *uid = current->uid; | 79 | *uid = current_uid(); |
80 | *gid = current->gid; | 80 | *gid = current_gid(); |
81 | *pgrp = task_pgrp_nr(current); | 81 | *pgrp = task_pgrp_nr(current); |
82 | 82 | ||
83 | *minproto = *maxproto = AUTOFS_PROTO_VERSION; | 83 | *minproto = *maxproto = AUTOFS_PROTO_VERSION; |
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c index 33bf8cbfd051..63b7c7afe8df 100644 --- a/fs/autofs4/dev-ioctl.c +++ b/fs/autofs4/dev-ioctl.c | |||
@@ -308,7 +308,8 @@ static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid) | |||
308 | goto out; | 308 | goto out; |
309 | } | 309 | } |
310 | 310 | ||
311 | filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY); | 311 | filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY, |
312 | current_cred()); | ||
312 | if (IS_ERR(filp)) { | 313 | if (IS_ERR(filp)) { |
313 | err = PTR_ERR(filp); | 314 | err = PTR_ERR(filp); |
314 | goto out; | 315 | goto out; |
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index c7e65bb30ba0..7b19802cfef4 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c | |||
@@ -235,8 +235,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid, | |||
235 | substring_t args[MAX_OPT_ARGS]; | 235 | substring_t args[MAX_OPT_ARGS]; |
236 | int option; | 236 | int option; |
237 | 237 | ||
238 | *uid = current->uid; | 238 | *uid = current_uid(); |
239 | *gid = current->gid; | 239 | *gid = current_gid(); |
240 | *pgrp = task_pgrp_nr(current); | 240 | *pgrp = task_pgrp_nr(current); |
241 | 241 | ||
242 | *minproto = AUTOFS_MIN_PROTO_VERSION; | 242 | *minproto = AUTOFS_MIN_PROTO_VERSION; |
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c index 4b67c2a2d77c..e02cc8ae5eb3 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c | |||
@@ -391,8 +391,8 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, | |||
391 | memcpy(&wq->name, &qstr, sizeof(struct qstr)); | 391 | memcpy(&wq->name, &qstr, sizeof(struct qstr)); |
392 | wq->dev = autofs4_get_dev(sbi); | 392 | wq->dev = autofs4_get_dev(sbi); |
393 | wq->ino = autofs4_get_ino(sbi); | 393 | wq->ino = autofs4_get_ino(sbi); |
394 | wq->uid = current->uid; | 394 | wq->uid = current_uid(); |
395 | wq->gid = current->gid; | 395 | wq->gid = current_gid(); |
396 | wq->pid = current->pid; | 396 | wq->pid = current->pid; |
397 | wq->tgid = current->tgid; | 397 | wq->tgid = current->tgid; |
398 | wq->status = -EINTR; /* Status return if interrupted */ | 398 | wq->status = -EINTR; /* Status return if interrupted */ |
diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c index daae463068e4..4dd1b623f937 100644 --- a/fs/bfs/dir.c +++ b/fs/bfs/dir.c | |||
@@ -106,8 +106,8 @@ static int bfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
106 | } | 106 | } |
107 | set_bit(ino, info->si_imap); | 107 | set_bit(ino, info->si_imap); |
108 | info->si_freei--; | 108 | info->si_freei--; |
109 | inode->i_uid = current->fsuid; | 109 | inode->i_uid = current_fsuid(); |
110 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; | 110 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid(); |
111 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 111 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
112 | inode->i_blocks = 0; | 112 | inode->i_blocks = 0; |
113 | inode->i_op = &bfs_file_inops; | 113 | inode->i_op = &bfs_file_inops; |
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index 204cfd1d7676..f1f3f4192a60 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c | |||
@@ -320,7 +320,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
320 | current->mm->free_area_cache = current->mm->mmap_base; | 320 | current->mm->free_area_cache = current->mm->mmap_base; |
321 | current->mm->cached_hole_size = 0; | 321 | current->mm->cached_hole_size = 0; |
322 | 322 | ||
323 | compute_creds(bprm); | 323 | install_exec_creds(bprm); |
324 | current->flags &= ~PF_FORKNOEXEC; | 324 | current->flags &= ~PF_FORKNOEXEC; |
325 | #ifdef __sparc__ | 325 | #ifdef __sparc__ |
326 | if (N_MAGIC(ex) == NMAGIC) { | 326 | if (N_MAGIC(ex) == NMAGIC) { |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 8fcfa398d350..f458c1217c5e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
@@ -157,7 +157,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
157 | int items; | 157 | int items; |
158 | elf_addr_t *elf_info; | 158 | elf_addr_t *elf_info; |
159 | int ei_index = 0; | 159 | int ei_index = 0; |
160 | struct task_struct *tsk = current; | 160 | const struct cred *cred = current_cred(); |
161 | struct vm_area_struct *vma; | 161 | struct vm_area_struct *vma; |
162 | 162 | ||
163 | /* | 163 | /* |
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); | 223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); |
224 | NEW_AUX_ENT(AT_FLAGS, 0); | 224 | NEW_AUX_ENT(AT_FLAGS, 0); |
225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); | 225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); |
226 | NEW_AUX_ENT(AT_UID, tsk->uid); | 226 | NEW_AUX_ENT(AT_UID, cred->uid); |
227 | NEW_AUX_ENT(AT_EUID, tsk->euid); | 227 | NEW_AUX_ENT(AT_EUID, cred->euid); |
228 | NEW_AUX_ENT(AT_GID, tsk->gid); | 228 | NEW_AUX_ENT(AT_GID, cred->gid); |
229 | NEW_AUX_ENT(AT_EGID, tsk->egid); | 229 | NEW_AUX_ENT(AT_EGID, cred->egid); |
230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
232 | if (k_platform) { | 232 | if (k_platform) { |
@@ -956,7 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) | |||
956 | } | 956 | } |
957 | #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ | 957 | #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ |
958 | 958 | ||
959 | compute_creds(bprm); | 959 | install_exec_creds(bprm); |
960 | current->flags &= ~PF_FORKNOEXEC; | 960 | current->flags &= ~PF_FORKNOEXEC; |
961 | retval = create_elf_tables(bprm, &loc->elf_ex, | 961 | retval = create_elf_tables(bprm, &loc->elf_ex, |
962 | load_addr, interp_load_addr); | 962 | load_addr, interp_load_addr); |
@@ -1361,6 +1361,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
1362 | struct mm_struct *mm) | 1362 | struct mm_struct *mm) |
1363 | { | 1363 | { |
1364 | const struct cred *cred; | ||
1364 | unsigned int i, len; | 1365 | unsigned int i, len; |
1365 | 1366 | ||
1366 | /* first copy the parameters from user space */ | 1367 | /* first copy the parameters from user space */ |
@@ -1388,8 +1389,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1388 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1389 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1389 | psinfo->pr_nice = task_nice(p); | 1390 | psinfo->pr_nice = task_nice(p); |
1390 | psinfo->pr_flag = p->flags; | 1391 | psinfo->pr_flag = p->flags; |
1391 | SET_UID(psinfo->pr_uid, p->uid); | 1392 | rcu_read_lock(); |
1392 | SET_GID(psinfo->pr_gid, p->gid); | 1393 | cred = __task_cred(p); |
1394 | SET_UID(psinfo->pr_uid, cred->uid); | ||
1395 | SET_GID(psinfo->pr_gid, cred->gid); | ||
1396 | rcu_read_unlock(); | ||
1393 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1397 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1394 | 1398 | ||
1395 | return 0; | 1399 | return 0; |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 5b5424cb3391..aa5b43205e37 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
@@ -404,7 +404,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm, | |||
404 | current->mm->start_stack = current->mm->start_brk + stack_size; | 404 | current->mm->start_stack = current->mm->start_brk + stack_size; |
405 | #endif | 405 | #endif |
406 | 406 | ||
407 | compute_creds(bprm); | 407 | install_exec_creds(bprm); |
408 | current->flags &= ~PF_FORKNOEXEC; | 408 | current->flags &= ~PF_FORKNOEXEC; |
409 | if (create_elf_fdpic_tables(bprm, current->mm, | 409 | if (create_elf_fdpic_tables(bprm, current->mm, |
410 | &exec_params, &interp_params) < 0) | 410 | &exec_params, &interp_params) < 0) |
@@ -475,6 +475,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
475 | struct elf_fdpic_params *exec_params, | 475 | struct elf_fdpic_params *exec_params, |
476 | struct elf_fdpic_params *interp_params) | 476 | struct elf_fdpic_params *interp_params) |
477 | { | 477 | { |
478 | const struct cred *cred = current_cred(); | ||
478 | unsigned long sp, csp, nitems; | 479 | unsigned long sp, csp, nitems; |
479 | elf_caddr_t __user *argv, *envp; | 480 | elf_caddr_t __user *argv, *envp; |
480 | size_t platform_len = 0, len; | 481 | size_t platform_len = 0, len; |
@@ -623,10 +624,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
623 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); | 624 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); |
624 | NEW_AUX_ENT(AT_FLAGS, 0); | 625 | NEW_AUX_ENT(AT_FLAGS, 0); |
625 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); | 626 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); |
626 | NEW_AUX_ENT(AT_UID, (elf_addr_t) current->uid); | 627 | NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid); |
627 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->euid); | 628 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid); |
628 | NEW_AUX_ENT(AT_GID, (elf_addr_t) current->gid); | 629 | NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid); |
629 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->egid); | 630 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid); |
630 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 631 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
631 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 632 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
632 | 633 | ||
@@ -1413,6 +1414,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
1413 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1414 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
1414 | struct mm_struct *mm) | 1415 | struct mm_struct *mm) |
1415 | { | 1416 | { |
1417 | const struct cred *cred; | ||
1416 | unsigned int i, len; | 1418 | unsigned int i, len; |
1417 | 1419 | ||
1418 | /* first copy the parameters from user space */ | 1420 | /* first copy the parameters from user space */ |
@@ -1440,8 +1442,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1440 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1442 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1441 | psinfo->pr_nice = task_nice(p); | 1443 | psinfo->pr_nice = task_nice(p); |
1442 | psinfo->pr_flag = p->flags; | 1444 | psinfo->pr_flag = p->flags; |
1443 | SET_UID(psinfo->pr_uid, p->uid); | 1445 | rcu_read_lock(); |
1444 | SET_GID(psinfo->pr_gid, p->gid); | 1446 | cred = __task_cred(p); |
1447 | SET_UID(psinfo->pr_uid, cred->uid); | ||
1448 | SET_GID(psinfo->pr_gid, cred->gid); | ||
1449 | rcu_read_unlock(); | ||
1445 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1450 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1446 | 1451 | ||
1447 | return 0; | 1452 | return 0; |
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index ccb781a6a804..7bbd5c6b3725 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c | |||
@@ -880,7 +880,7 @@ static int load_flat_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
880 | (libinfo.lib_list[j].loaded)? | 880 | (libinfo.lib_list[j].loaded)? |
881 | libinfo.lib_list[j].start_data:UNLOADED_LIB; | 881 | libinfo.lib_list[j].start_data:UNLOADED_LIB; |
882 | 882 | ||
883 | compute_creds(bprm); | 883 | install_exec_creds(bprm); |
884 | current->flags &= ~PF_FORKNOEXEC; | 884 | current->flags &= ~PF_FORKNOEXEC; |
885 | 885 | ||
886 | set_binfmt(&flat_format); | 886 | set_binfmt(&flat_format); |
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c index 74e587a52796..08644a61616e 100644 --- a/fs/binfmt_som.c +++ b/fs/binfmt_som.c | |||
@@ -255,7 +255,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
255 | kfree(hpuxhdr); | 255 | kfree(hpuxhdr); |
256 | 256 | ||
257 | set_binfmt(&som_format); | 257 | set_binfmt(&som_format); |
258 | compute_creds(bprm); | 258 | install_exec_creds(bprm); |
259 | setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); | 259 | setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); |
260 | 260 | ||
261 | create_som_tables(bprm); | 261 | create_som_tables(bprm); |
diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h index 877c85409f1f..1e7b87497f26 100644 --- a/fs/cifs/cifs_fs_sb.h +++ b/fs/cifs/cifs_fs_sb.h | |||
@@ -19,7 +19,7 @@ | |||
19 | #define _CIFS_FS_SB_H | 19 | #define _CIFS_FS_SB_H |
20 | 20 | ||
21 | #define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ | 21 | #define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ |
22 | #define CIFS_MOUNT_SET_UID 2 /* set current->euid in create etc. */ | 22 | #define CIFS_MOUNT_SET_UID 2 /* set current's euid in create etc. */ |
23 | #define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ | 23 | #define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ |
24 | #define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ | 24 | #define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ |
25 | #define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ | 25 | #define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ |
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 6f21ecb85ce5..9d8b978137ad 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -39,7 +39,7 @@ extern int smb_send(struct socket *, struct smb_hdr *, | |||
39 | unsigned int /* length */ , struct sockaddr *, bool); | 39 | unsigned int /* length */ , struct sockaddr *, bool); |
40 | extern unsigned int _GetXid(void); | 40 | extern unsigned int _GetXid(void); |
41 | extern void _FreeXid(unsigned int); | 41 | extern void _FreeXid(unsigned int); |
42 | #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid)); | 42 | #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid())); |
43 | #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} | 43 | #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} |
44 | extern char *build_path_from_dentry(struct dentry *); | 44 | extern char *build_path_from_dentry(struct dentry *); |
45 | extern char *build_wildcard_path_from_dentry(struct dentry *direntry); | 45 | extern char *build_wildcard_path_from_dentry(struct dentry *direntry); |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c7d341714586..683dee4d2f76 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -836,8 +836,8 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
836 | /* null target name indicates to use *SMBSERVR default called name | 836 | /* null target name indicates to use *SMBSERVR default called name |
837 | if we end up sending RFC1001 session initialize */ | 837 | if we end up sending RFC1001 session initialize */ |
838 | vol->target_rfc1001_name[0] = 0; | 838 | vol->target_rfc1001_name[0] = 0; |
839 | vol->linux_uid = current->uid; /* current->euid instead? */ | 839 | vol->linux_uid = current_uid(); /* use current_euid() instead? */ |
840 | vol->linux_gid = current->gid; | 840 | vol->linux_gid = current_gid(); |
841 | vol->dir_mode = S_IRWXUGO; | 841 | vol->dir_mode = S_IRWXUGO; |
842 | /* 2767 perms indicate mandatory locking support */ | 842 | /* 2767 perms indicate mandatory locking support */ |
843 | vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); | 843 | vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); |
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index e962e75e6f7b..2f02c52db666 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c | |||
@@ -235,11 +235,11 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, | |||
235 | }; | 235 | }; |
236 | 236 | ||
237 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 237 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
238 | args.uid = (__u64) current->fsuid; | 238 | args.uid = (__u64) current_fsuid(); |
239 | if (inode->i_mode & S_ISGID) | 239 | if (inode->i_mode & S_ISGID) |
240 | args.gid = (__u64) inode->i_gid; | 240 | args.gid = (__u64) inode->i_gid; |
241 | else | 241 | else |
242 | args.gid = (__u64) current->fsgid; | 242 | args.gid = (__u64) current_fsgid(); |
243 | } else { | 243 | } else { |
244 | args.uid = NO_CHANGE_64; | 244 | args.uid = NO_CHANGE_64; |
245 | args.gid = NO_CHANGE_64; | 245 | args.gid = NO_CHANGE_64; |
@@ -271,13 +271,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, | |||
271 | if ((oplock & CIFS_CREATE_ACTION) && | 271 | if ((oplock & CIFS_CREATE_ACTION) && |
272 | (cifs_sb->mnt_cifs_flags & | 272 | (cifs_sb->mnt_cifs_flags & |
273 | CIFS_MOUNT_SET_UID)) { | 273 | CIFS_MOUNT_SET_UID)) { |
274 | newinode->i_uid = current->fsuid; | 274 | newinode->i_uid = current_fsuid(); |
275 | if (inode->i_mode & S_ISGID) | 275 | if (inode->i_mode & S_ISGID) |
276 | newinode->i_gid = | 276 | newinode->i_gid = |
277 | inode->i_gid; | 277 | inode->i_gid; |
278 | else | 278 | else |
279 | newinode->i_gid = | 279 | newinode->i_gid = |
280 | current->fsgid; | 280 | current_fsgid(); |
281 | } | 281 | } |
282 | } | 282 | } |
283 | } | 283 | } |
@@ -375,8 +375,8 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, | |||
375 | .device = device_number, | 375 | .device = device_number, |
376 | }; | 376 | }; |
377 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 377 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
378 | args.uid = (__u64) current->fsuid; | 378 | args.uid = (__u64) current_fsuid(); |
379 | args.gid = (__u64) current->fsgid; | 379 | args.gid = (__u64) current_fsgid(); |
380 | } else { | 380 | } else { |
381 | args.uid = NO_CHANGE_64; | 381 | args.uid = NO_CHANGE_64; |
382 | args.gid = NO_CHANGE_64; | 382 | args.gid = NO_CHANGE_64; |
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index ff8c68de4a92..8b7305e73d7e 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c | |||
@@ -1143,11 +1143,11 @@ mkdir_get_info: | |||
1143 | .device = 0, | 1143 | .device = 0, |
1144 | }; | 1144 | }; |
1145 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 1145 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
1146 | args.uid = (__u64)current->fsuid; | 1146 | args.uid = (__u64)current_fsuid(); |
1147 | if (inode->i_mode & S_ISGID) | 1147 | if (inode->i_mode & S_ISGID) |
1148 | args.gid = (__u64)inode->i_gid; | 1148 | args.gid = (__u64)inode->i_gid; |
1149 | else | 1149 | else |
1150 | args.gid = (__u64)current->fsgid; | 1150 | args.gid = (__u64)current_fsgid(); |
1151 | } else { | 1151 | } else { |
1152 | args.uid = NO_CHANGE_64; | 1152 | args.uid = NO_CHANGE_64; |
1153 | args.gid = NO_CHANGE_64; | 1153 | args.gid = NO_CHANGE_64; |
@@ -1184,13 +1184,13 @@ mkdir_get_info: | |||
1184 | if (cifs_sb->mnt_cifs_flags & | 1184 | if (cifs_sb->mnt_cifs_flags & |
1185 | CIFS_MOUNT_SET_UID) { | 1185 | CIFS_MOUNT_SET_UID) { |
1186 | direntry->d_inode->i_uid = | 1186 | direntry->d_inode->i_uid = |
1187 | current->fsuid; | 1187 | current_fsuid(); |
1188 | if (inode->i_mode & S_ISGID) | 1188 | if (inode->i_mode & S_ISGID) |
1189 | direntry->d_inode->i_gid = | 1189 | direntry->d_inode->i_gid = |
1190 | inode->i_gid; | 1190 | inode->i_gid; |
1191 | else | 1191 | else |
1192 | direntry->d_inode->i_gid = | 1192 | direntry->d_inode->i_gid = |
1193 | current->fsgid; | 1193 | current_fsgid(); |
1194 | } | 1194 | } |
1195 | } | 1195 | } |
1196 | } | 1196 | } |
diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c index 0088a5b52564..f94650683a00 100644 --- a/fs/cifs/ioctl.c +++ b/fs/cifs/ioctl.c | |||
@@ -65,7 +65,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) | |||
65 | switch (command) { | 65 | switch (command) { |
66 | case CIFS_IOC_CHECKUMOUNT: | 66 | case CIFS_IOC_CHECKUMOUNT: |
67 | cFYI(1, ("User unmount attempted")); | 67 | cFYI(1, ("User unmount attempted")); |
68 | if (cifs_sb->mnt_uid == current->uid) | 68 | if (cifs_sb->mnt_uid == current_uid()) |
69 | rc = 0; | 69 | rc = 0; |
70 | else { | 70 | else { |
71 | rc = -EACCES; | 71 | rc = -EACCES; |
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 9ee3f689c2b0..8a82d076450b 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -338,13 +338,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
338 | /* BB Add support for establishing new tCon and SMB Session */ | 338 | /* BB Add support for establishing new tCon and SMB Session */ |
339 | /* with userid/password pairs found on the smb session */ | 339 | /* with userid/password pairs found on the smb session */ |
340 | /* for other target tcp/ip addresses BB */ | 340 | /* for other target tcp/ip addresses BB */ |
341 | if (current->fsuid != treeCon->ses->linux_uid) { | 341 | if (current_fsuid() != treeCon->ses->linux_uid) { |
342 | cFYI(1, ("Multiuser mode and UID " | 342 | cFYI(1, ("Multiuser mode and UID " |
343 | "did not match tcon uid")); | 343 | "did not match tcon uid")); |
344 | read_lock(&cifs_tcp_ses_lock); | 344 | read_lock(&cifs_tcp_ses_lock); |
345 | list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) { | 345 | list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) { |
346 | ses = list_entry(temp_item, struct cifsSesInfo, smb_ses_list); | 346 | ses = list_entry(temp_item, struct cifsSesInfo, smb_ses_list); |
347 | if (ses->linux_uid == current->fsuid) { | 347 | if (ses->linux_uid == current_fsuid()) { |
348 | if (ses->server == treeCon->ses->server) { | 348 | if (ses->server == treeCon->ses->server) { |
349 | cFYI(1, ("found matching uid substitute right smb_uid")); | 349 | cFYI(1, ("found matching uid substitute right smb_uid")); |
350 | buffer->Uid = ses->Suid; | 350 | buffer->Uid = ses->Suid; |
diff --git a/fs/coda/cache.c b/fs/coda/cache.c index 8a2370341c7a..a5bf5771a22a 100644 --- a/fs/coda/cache.c +++ b/fs/coda/cache.c | |||
@@ -32,8 +32,8 @@ void coda_cache_enter(struct inode *inode, int mask) | |||
32 | struct coda_inode_info *cii = ITOC(inode); | 32 | struct coda_inode_info *cii = ITOC(inode); |
33 | 33 | ||
34 | cii->c_cached_epoch = atomic_read(&permission_epoch); | 34 | cii->c_cached_epoch = atomic_read(&permission_epoch); |
35 | if (cii->c_uid != current->fsuid) { | 35 | if (cii->c_uid != current_fsuid()) { |
36 | cii->c_uid = current->fsuid; | 36 | cii->c_uid = current_fsuid(); |
37 | cii->c_cached_perm = mask; | 37 | cii->c_cached_perm = mask; |
38 | } else | 38 | } else |
39 | cii->c_cached_perm |= mask; | 39 | cii->c_cached_perm |= mask; |
@@ -60,7 +60,7 @@ int coda_cache_check(struct inode *inode, int mask) | |||
60 | int hit; | 60 | int hit; |
61 | 61 | ||
62 | hit = (mask & cii->c_cached_perm) == mask && | 62 | hit = (mask & cii->c_cached_perm) == mask && |
63 | cii->c_uid == current->fsuid && | 63 | cii->c_uid == current_fsuid() && |
64 | cii->c_cached_epoch == atomic_read(&permission_epoch); | 64 | cii->c_cached_epoch == atomic_read(&permission_epoch); |
65 | 65 | ||
66 | return hit; | 66 | return hit; |
diff --git a/fs/coda/file.c b/fs/coda/file.c index 29137ff3ca67..466303db2df6 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c | |||
@@ -13,6 +13,7 @@ | |||
13 | #include <linux/file.h> | 13 | #include <linux/file.h> |
14 | #include <linux/fs.h> | 14 | #include <linux/fs.h> |
15 | #include <linux/stat.h> | 15 | #include <linux/stat.h> |
16 | #include <linux/cred.h> | ||
16 | #include <linux/errno.h> | 17 | #include <linux/errno.h> |
17 | #include <linux/smp_lock.h> | 18 | #include <linux/smp_lock.h> |
18 | #include <linux/string.h> | 19 | #include <linux/string.h> |
@@ -174,7 +175,7 @@ int coda_release(struct inode *coda_inode, struct file *coda_file) | |||
174 | BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC); | 175 | BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC); |
175 | 176 | ||
176 | err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode), | 177 | err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode), |
177 | coda_flags, coda_file->f_uid); | 178 | coda_flags, coda_file->f_cred->fsuid); |
178 | 179 | ||
179 | host_inode = cfi->cfi_container->f_path.dentry->d_inode; | 180 | host_inode = cfi->cfi_container->f_path.dentry->d_inode; |
180 | cii = ITOC(coda_inode); | 181 | cii = ITOC(coda_inode); |
diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c index ce432bca95d1..c274d949179d 100644 --- a/fs/coda/upcall.c +++ b/fs/coda/upcall.c | |||
@@ -52,7 +52,7 @@ static void *alloc_upcall(int opcode, int size) | |||
52 | inp->ih.opcode = opcode; | 52 | inp->ih.opcode = opcode; |
53 | inp->ih.pid = current->pid; | 53 | inp->ih.pid = current->pid; |
54 | inp->ih.pgid = task_pgrp_nr(current); | 54 | inp->ih.pgid = task_pgrp_nr(current); |
55 | inp->ih.uid = current->fsuid; | 55 | inp->ih.uid = current_fsuid(); |
56 | 56 | ||
57 | return (void*)inp; | 57 | return (void*)inp; |
58 | } | 58 | } |
diff --git a/fs/compat.c b/fs/compat.c index e5f49f538502..d1ece79b6411 100644 --- a/fs/compat.c +++ b/fs/compat.c | |||
@@ -1393,10 +1393,20 @@ int compat_do_execve(char * filename, | |||
1393 | if (!bprm) | 1393 | if (!bprm) |
1394 | goto out_ret; | 1394 | goto out_ret; |
1395 | 1395 | ||
1396 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | ||
1397 | if (retval < 0) | ||
1398 | goto out_free; | ||
1399 | |||
1400 | retval = -ENOMEM; | ||
1401 | bprm->cred = prepare_exec_creds(); | ||
1402 | if (!bprm->cred) | ||
1403 | goto out_unlock; | ||
1404 | check_unsafe_exec(bprm); | ||
1405 | |||
1396 | file = open_exec(filename); | 1406 | file = open_exec(filename); |
1397 | retval = PTR_ERR(file); | 1407 | retval = PTR_ERR(file); |
1398 | if (IS_ERR(file)) | 1408 | if (IS_ERR(file)) |
1399 | goto out_kfree; | 1409 | goto out_unlock; |
1400 | 1410 | ||
1401 | sched_exec(); | 1411 | sched_exec(); |
1402 | 1412 | ||
@@ -1410,14 +1420,10 @@ int compat_do_execve(char * filename, | |||
1410 | 1420 | ||
1411 | bprm->argc = compat_count(argv, MAX_ARG_STRINGS); | 1421 | bprm->argc = compat_count(argv, MAX_ARG_STRINGS); |
1412 | if ((retval = bprm->argc) < 0) | 1422 | if ((retval = bprm->argc) < 0) |
1413 | goto out_mm; | 1423 | goto out; |
1414 | 1424 | ||
1415 | bprm->envc = compat_count(envp, MAX_ARG_STRINGS); | 1425 | bprm->envc = compat_count(envp, MAX_ARG_STRINGS); |
1416 | if ((retval = bprm->envc) < 0) | 1426 | if ((retval = bprm->envc) < 0) |
1417 | goto out_mm; | ||
1418 | |||
1419 | retval = security_bprm_alloc(bprm); | ||
1420 | if (retval) | ||
1421 | goto out; | 1427 | goto out; |
1422 | 1428 | ||
1423 | retval = prepare_binprm(bprm); | 1429 | retval = prepare_binprm(bprm); |
@@ -1438,19 +1444,16 @@ int compat_do_execve(char * filename, | |||
1438 | goto out; | 1444 | goto out; |
1439 | 1445 | ||
1440 | retval = search_binary_handler(bprm, regs); | 1446 | retval = search_binary_handler(bprm, regs); |
1441 | if (retval >= 0) { | 1447 | if (retval < 0) |
1442 | /* execve success */ | 1448 | goto out; |
1443 | security_bprm_free(bprm); | ||
1444 | acct_update_integrals(current); | ||
1445 | free_bprm(bprm); | ||
1446 | return retval; | ||
1447 | } | ||
1448 | 1449 | ||
1449 | out: | 1450 | /* execve succeeded */ |
1450 | if (bprm->security) | 1451 | mutex_unlock(¤t->cred_exec_mutex); |
1451 | security_bprm_free(bprm); | 1452 | acct_update_integrals(current); |
1453 | free_bprm(bprm); | ||
1454 | return retval; | ||
1452 | 1455 | ||
1453 | out_mm: | 1456 | out: |
1454 | if (bprm->mm) | 1457 | if (bprm->mm) |
1455 | mmput(bprm->mm); | 1458 | mmput(bprm->mm); |
1456 | 1459 | ||
@@ -1460,7 +1463,10 @@ out_file: | |||
1460 | fput(bprm->file); | 1463 | fput(bprm->file); |
1461 | } | 1464 | } |
1462 | 1465 | ||
1463 | out_kfree: | 1466 | out_unlock: |
1467 | mutex_unlock(¤t->cred_exec_mutex); | ||
1468 | |||
1469 | out_free: | ||
1464 | free_bprm(bprm); | 1470 | free_bprm(bprm); |
1465 | 1471 | ||
1466 | out_ret: | 1472 | out_ret: |
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 4a714f6c1bed..5d61b7c06e13 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c | |||
@@ -222,8 +222,8 @@ int devpts_pty_new(struct inode *ptmx_inode, struct tty_struct *tty) | |||
222 | return -ENOMEM; | 222 | return -ENOMEM; |
223 | 223 | ||
224 | inode->i_ino = number+2; | 224 | inode->i_ino = number+2; |
225 | inode->i_uid = config.setuid ? config.uid : current->fsuid; | 225 | inode->i_uid = config.setuid ? config.uid : current_fsuid(); |
226 | inode->i_gid = config.setgid ? config.gid : current->fsgid; | 226 | inode->i_gid = config.setgid ? config.gid : current_fsgid(); |
227 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | 227 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; |
228 | init_special_inode(inode, S_IFCHR|config.mode, device); | 228 | init_special_inode(inode, S_IFCHR|config.mode, device); |
229 | inode->i_private = tty; | 229 | inode->i_private = tty; |
diff --git a/fs/dquot.c b/fs/dquot.c index 5e95261005b2..c237ccc8581c 100644 --- a/fs/dquot.c +++ b/fs/dquot.c | |||
@@ -874,7 +874,7 @@ static inline int need_print_warning(struct dquot *dquot) | |||
874 | 874 | ||
875 | switch (dquot->dq_type) { | 875 | switch (dquot->dq_type) { |
876 | case USRQUOTA: | 876 | case USRQUOTA: |
877 | return current->fsuid == dquot->dq_id; | 877 | return current_fsuid() == dquot->dq_id; |
878 | case GRPQUOTA: | 878 | case GRPQUOTA: |
879 | return in_group_p(dquot->dq_id); | 879 | return in_group_p(dquot->dq_id); |
880 | } | 880 | } |
@@ -981,7 +981,7 @@ static void send_warning(const struct dquot *dquot, const char warntype) | |||
981 | MINOR(dquot->dq_sb->s_dev)); | 981 | MINOR(dquot->dq_sb->s_dev)); |
982 | if (ret) | 982 | if (ret) |
983 | goto attr_err_out; | 983 | goto attr_err_out; |
984 | ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current->user->uid); | 984 | ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid()); |
985 | if (ret) | 985 | if (ret) |
986 | goto attr_err_out; | 986 | goto attr_err_out; |
987 | genlmsg_end(skb, msg_head); | 987 | genlmsg_end(skb, msg_head); |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 3504cf9df358..a75026d35d16 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void); | |||
691 | void ecryptfs_destroy_kthread(void); | 691 | void ecryptfs_destroy_kthread(void); |
692 | int ecryptfs_privileged_open(struct file **lower_file, | 692 | int ecryptfs_privileged_open(struct file **lower_file, |
693 | struct dentry *lower_dentry, | 693 | struct dentry *lower_dentry, |
694 | struct vfsmount *lower_mnt); | 694 | struct vfsmount *lower_mnt, |
695 | const struct cred *cred); | ||
695 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); | 696 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); |
696 | 697 | ||
697 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 698 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c index c440c6b58b2d..c6d7a4d748a0 100644 --- a/fs/ecryptfs/kthread.c +++ b/fs/ecryptfs/kthread.c | |||
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored) | |||
73 | mntget(req->lower_mnt); | 73 | mntget(req->lower_mnt); |
74 | (*req->lower_file) = dentry_open( | 74 | (*req->lower_file) = dentry_open( |
75 | req->lower_dentry, req->lower_mnt, | 75 | req->lower_dentry, req->lower_mnt, |
76 | (O_RDWR | O_LARGEFILE)); | 76 | (O_RDWR | O_LARGEFILE), current_cred()); |
77 | req->flags |= ECRYPTFS_REQ_PROCESSED; | 77 | req->flags |= ECRYPTFS_REQ_PROCESSED; |
78 | } | 78 | } |
79 | wake_up(&req->wait); | 79 | wake_up(&req->wait); |
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void) | |||
132 | */ | 132 | */ |
133 | int ecryptfs_privileged_open(struct file **lower_file, | 133 | int ecryptfs_privileged_open(struct file **lower_file, |
134 | struct dentry *lower_dentry, | 134 | struct dentry *lower_dentry, |
135 | struct vfsmount *lower_mnt) | 135 | struct vfsmount *lower_mnt, |
136 | const struct cred *cred) | ||
136 | { | 137 | { |
137 | struct ecryptfs_open_req *req; | 138 | struct ecryptfs_open_req *req; |
138 | int rc = 0; | 139 | int rc = 0; |
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
143 | dget(lower_dentry); | 144 | dget(lower_dentry); |
144 | mntget(lower_mnt); | 145 | mntget(lower_mnt); |
145 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 146 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
146 | (O_RDWR | O_LARGEFILE)); | 147 | (O_RDWR | O_LARGEFILE), cred); |
147 | if (!IS_ERR(*lower_file)) | 148 | if (!IS_ERR(*lower_file)) |
148 | goto out; | 149 | goto out; |
149 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); | 150 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); |
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
184 | dget(lower_dentry); | 185 | dget(lower_dentry); |
185 | mntget(lower_mnt); | 186 | mntget(lower_mnt); |
186 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 187 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
187 | (O_RDONLY | O_LARGEFILE)); | 188 | (O_RDONLY | O_LARGEFILE), cred); |
188 | if (IS_ERR(*lower_file)) { | 189 | if (IS_ERR(*lower_file)) { |
189 | rc = PTR_ERR(*req->lower_file); | 190 | rc = PTR_ERR(*req->lower_file); |
190 | (*lower_file) = NULL; | 191 | (*lower_file) = NULL; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 64d2ba980df4..fd630713c5c7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...) | |||
115 | */ | 115 | */ |
116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | 116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) |
117 | { | 117 | { |
118 | const struct cred *cred = current_cred(); | ||
118 | struct ecryptfs_inode_info *inode_info = | 119 | struct ecryptfs_inode_info *inode_info = |
119 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 120 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
120 | int rc = 0; | 121 | int rc = 0; |
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
127 | 128 | ||
128 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 129 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
129 | rc = ecryptfs_privileged_open(&inode_info->lower_file, | 130 | rc = ecryptfs_privileged_open(&inode_info->lower_file, |
130 | lower_dentry, lower_mnt); | 131 | lower_dentry, lower_mnt, cred); |
131 | if (rc || IS_ERR(inode_info->lower_file)) { | 132 | if (rc || IS_ERR(inode_info->lower_file)) { |
132 | printk(KERN_ERR "Error opening lower persistent file " | 133 | printk(KERN_ERR "Error opening lower persistent file " |
133 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " | 134 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " |
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index c6983978a31e..6913f727624d 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -360,7 +360,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
360 | struct ecryptfs_msg_ctx *msg_ctx; | 360 | struct ecryptfs_msg_ctx *msg_ctx; |
361 | size_t msg_size; | 361 | size_t msg_size; |
362 | struct nsproxy *nsproxy; | 362 | struct nsproxy *nsproxy; |
363 | struct user_namespace *current_user_ns; | 363 | struct user_namespace *tsk_user_ns; |
364 | uid_t ctx_euid; | ||
364 | int rc; | 365 | int rc; |
365 | 366 | ||
366 | if (msg->index >= ecryptfs_message_buf_len) { | 367 | if (msg->index >= ecryptfs_message_buf_len) { |
@@ -384,9 +385,9 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
384 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 385 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
385 | goto wake_up; | 386 | goto wake_up; |
386 | } | 387 | } |
387 | current_user_ns = nsproxy->user_ns; | 388 | tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns; |
388 | rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, | 389 | ctx_euid = task_euid(msg_ctx->task); |
389 | current_user_ns); | 390 | rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns); |
390 | rcu_read_unlock(); | 391 | rcu_read_unlock(); |
391 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 392 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
392 | if (rc) { | 393 | if (rc) { |
@@ -394,28 +395,28 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
394 | printk(KERN_WARNING "%s: User [%d] received a " | 395 | printk(KERN_WARNING "%s: User [%d] received a " |
395 | "message response from process [0x%p] but does " | 396 | "message response from process [0x%p] but does " |
396 | "not have a registered daemon\n", __func__, | 397 | "not have a registered daemon\n", __func__, |
397 | msg_ctx->task->euid, pid); | 398 | ctx_euid, pid); |
398 | goto wake_up; | 399 | goto wake_up; |
399 | } | 400 | } |
400 | if (msg_ctx->task->euid != euid) { | 401 | if (ctx_euid != euid) { |
401 | rc = -EBADMSG; | 402 | rc = -EBADMSG; |
402 | printk(KERN_WARNING "%s: Received message from user " | 403 | printk(KERN_WARNING "%s: Received message from user " |
403 | "[%d]; expected message from user [%d]\n", __func__, | 404 | "[%d]; expected message from user [%d]\n", __func__, |
404 | euid, msg_ctx->task->euid); | 405 | euid, ctx_euid); |
405 | goto unlock; | 406 | goto unlock; |
406 | } | 407 | } |
407 | if (current_user_ns != user_ns) { | 408 | if (tsk_user_ns != user_ns) { |
408 | rc = -EBADMSG; | 409 | rc = -EBADMSG; |
409 | printk(KERN_WARNING "%s: Received message from user_ns " | 410 | printk(KERN_WARNING "%s: Received message from user_ns " |
410 | "[0x%p]; expected message from user_ns [0x%p]\n", | 411 | "[0x%p]; expected message from user_ns [0x%p]\n", |
411 | __func__, user_ns, nsproxy->user_ns); | 412 | __func__, user_ns, tsk_user_ns); |
412 | goto unlock; | 413 | goto unlock; |
413 | } | 414 | } |
414 | if (daemon->pid != pid) { | 415 | if (daemon->pid != pid) { |
415 | rc = -EBADMSG; | 416 | rc = -EBADMSG; |
416 | printk(KERN_ERR "%s: User [%d] sent a message response " | 417 | printk(KERN_ERR "%s: User [%d] sent a message response " |
417 | "from an unrecognized process [0x%p]\n", | 418 | "from an unrecognized process [0x%p]\n", |
418 | __func__, msg_ctx->task->euid, pid); | 419 | __func__, ctx_euid, pid); |
419 | goto unlock; | 420 | goto unlock; |
420 | } | 421 | } |
421 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | 422 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
@@ -464,14 +465,14 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, | |||
464 | struct ecryptfs_msg_ctx **msg_ctx) | 465 | struct ecryptfs_msg_ctx **msg_ctx) |
465 | { | 466 | { |
466 | struct ecryptfs_daemon *daemon; | 467 | struct ecryptfs_daemon *daemon; |
468 | uid_t euid = current_euid(); | ||
467 | int rc; | 469 | int rc; |
468 | 470 | ||
469 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 471 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); |
470 | current->nsproxy->user_ns); | ||
471 | if (rc || !daemon) { | 472 | if (rc || !daemon) { |
472 | rc = -ENOTCONN; | 473 | rc = -ENOTCONN; |
473 | printk(KERN_ERR "%s: User [%d] does not have a daemon " | 474 | printk(KERN_ERR "%s: User [%d] does not have a daemon " |
474 | "registered\n", __func__, current->euid); | 475 | "registered\n", __func__, euid); |
475 | goto out; | 476 | goto out; |
476 | } | 477 | } |
477 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | 478 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index b484792a0996..efd95a0ed1ea 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c | |||
@@ -42,12 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) | |||
42 | { | 42 | { |
43 | struct ecryptfs_daemon *daemon; | 43 | struct ecryptfs_daemon *daemon; |
44 | unsigned int mask = 0; | 44 | unsigned int mask = 0; |
45 | uid_t euid = current_euid(); | ||
45 | int rc; | 46 | int rc; |
46 | 47 | ||
47 | mutex_lock(&ecryptfs_daemon_hash_mux); | 48 | mutex_lock(&ecryptfs_daemon_hash_mux); |
48 | /* TODO: Just use file->private_data? */ | 49 | /* TODO: Just use file->private_data? */ |
49 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 50 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); |
50 | current->nsproxy->user_ns); | ||
51 | BUG_ON(rc || !daemon); | 51 | BUG_ON(rc || !daemon); |
52 | mutex_lock(&daemon->mux); | 52 | mutex_lock(&daemon->mux); |
53 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 53 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
@@ -83,6 +83,7 @@ static int | |||
83 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) | 83 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) |
84 | { | 84 | { |
85 | struct ecryptfs_daemon *daemon = NULL; | 85 | struct ecryptfs_daemon *daemon = NULL; |
86 | uid_t euid = current_euid(); | ||
86 | int rc; | 87 | int rc; |
87 | 88 | ||
88 | mutex_lock(&ecryptfs_daemon_hash_mux); | 89 | mutex_lock(&ecryptfs_daemon_hash_mux); |
@@ -93,11 +94,9 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) | |||
93 | "count; rc = [%d]\n", __func__, rc); | 94 | "count; rc = [%d]\n", __func__, rc); |
94 | goto out_unlock_daemon_list; | 95 | goto out_unlock_daemon_list; |
95 | } | 96 | } |
96 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 97 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); |
97 | current->nsproxy->user_ns); | ||
98 | if (rc || !daemon) { | 98 | if (rc || !daemon) { |
99 | rc = ecryptfs_spawn_daemon(&daemon, current->euid, | 99 | rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(), |
100 | current->nsproxy->user_ns, | ||
101 | task_pid(current)); | 100 | task_pid(current)); |
102 | if (rc) { | 101 | if (rc) { |
103 | printk(KERN_ERR "%s: Error attempting to spawn daemon; " | 102 | printk(KERN_ERR "%s: Error attempting to spawn daemon; " |
@@ -147,11 +146,11 @@ static int | |||
147 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) | 146 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) |
148 | { | 147 | { |
149 | struct ecryptfs_daemon *daemon = NULL; | 148 | struct ecryptfs_daemon *daemon = NULL; |
149 | uid_t euid = current_euid(); | ||
150 | int rc; | 150 | int rc; |
151 | 151 | ||
152 | mutex_lock(&ecryptfs_daemon_hash_mux); | 152 | mutex_lock(&ecryptfs_daemon_hash_mux); |
153 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 153 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); |
154 | current->nsproxy->user_ns); | ||
155 | BUG_ON(rc || !daemon); | 154 | BUG_ON(rc || !daemon); |
156 | mutex_lock(&daemon->mux); | 155 | mutex_lock(&daemon->mux); |
157 | BUG_ON(daemon->pid != task_pid(current)); | 156 | BUG_ON(daemon->pid != task_pid(current)); |
@@ -246,12 +245,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | |||
246 | char packet_length[3]; | 245 | char packet_length[3]; |
247 | size_t i; | 246 | size_t i; |
248 | size_t total_length; | 247 | size_t total_length; |
248 | uid_t euid = current_euid(); | ||
249 | int rc; | 249 | int rc; |
250 | 250 | ||
251 | mutex_lock(&ecryptfs_daemon_hash_mux); | 251 | mutex_lock(&ecryptfs_daemon_hash_mux); |
252 | /* TODO: Just use file->private_data? */ | 252 | /* TODO: Just use file->private_data? */ |
253 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 253 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); |
254 | current->nsproxy->user_ns); | ||
255 | BUG_ON(rc || !daemon); | 254 | BUG_ON(rc || !daemon); |
256 | mutex_lock(&daemon->mux); | 255 | mutex_lock(&daemon->mux); |
257 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { | 256 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
@@ -290,8 +289,8 @@ check_list: | |||
290 | * message from the queue; try again */ | 289 | * message from the queue; try again */ |
291 | goto check_list; | 290 | goto check_list; |
292 | } | 291 | } |
293 | BUG_ON(current->euid != daemon->euid); | 292 | BUG_ON(euid != daemon->euid); |
294 | BUG_ON(current->nsproxy->user_ns != daemon->user_ns); | 293 | BUG_ON(current_user_ns() != daemon->user_ns); |
295 | BUG_ON(task_pid(current) != daemon->pid); | 294 | BUG_ON(task_pid(current) != daemon->pid); |
296 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, | 295 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, |
297 | struct ecryptfs_msg_ctx, daemon_out_list); | 296 | struct ecryptfs_msg_ctx, daemon_out_list); |
@@ -414,6 +413,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
414 | size_t packet_size, packet_size_length, i; | 413 | size_t packet_size, packet_size_length, i; |
415 | ssize_t sz = 0; | 414 | ssize_t sz = 0; |
416 | char *data; | 415 | char *data; |
416 | uid_t euid = current_euid(); | ||
417 | int rc; | 417 | int rc; |
418 | 418 | ||
419 | if (count == 0) | 419 | if (count == 0) |
@@ -463,8 +463,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
463 | goto out_free; | 463 | goto out_free; |
464 | } | 464 | } |
465 | rc = ecryptfs_miscdev_response(&data[i], packet_size, | 465 | rc = ecryptfs_miscdev_response(&data[i], packet_size, |
466 | current->euid, | 466 | euid, current_user_ns(), |
467 | current->nsproxy->user_ns, | ||
468 | task_pid(current), seq); | 467 | task_pid(current), seq); |
469 | if (rc) | 468 | if (rc) |
470 | printk(KERN_WARNING "%s: Failed to deliver miscdev " | 469 | printk(KERN_WARNING "%s: Failed to deliver miscdev " |
@@ -55,6 +55,7 @@ | |||
55 | #include <asm/uaccess.h> | 55 | #include <asm/uaccess.h> |
56 | #include <asm/mmu_context.h> | 56 | #include <asm/mmu_context.h> |
57 | #include <asm/tlb.h> | 57 | #include <asm/tlb.h> |
58 | #include "internal.h" | ||
58 | 59 | ||
59 | #ifdef __alpha__ | 60 | #ifdef __alpha__ |
60 | /* for /sbin/loader handling in search_binary_handler() */ | 61 | /* for /sbin/loader handling in search_binary_handler() */ |
@@ -980,7 +981,7 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
980 | /* This is the point of no return */ | 981 | /* This is the point of no return */ |
981 | current->sas_ss_sp = current->sas_ss_size = 0; | 982 | current->sas_ss_sp = current->sas_ss_size = 0; |
982 | 983 | ||
983 | if (current->euid == current->uid && current->egid == current->gid) | 984 | if (current_euid() == current_uid() && current_egid() == current_gid()) |
984 | set_dumpable(current->mm, 1); | 985 | set_dumpable(current->mm, 1); |
985 | else | 986 | else |
986 | set_dumpable(current->mm, suid_dumpable); | 987 | set_dumpable(current->mm, suid_dumpable); |
@@ -1007,16 +1008,17 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
1007 | */ | 1008 | */ |
1008 | current->mm->task_size = TASK_SIZE; | 1009 | current->mm->task_size = TASK_SIZE; |
1009 | 1010 | ||
1010 | if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) { | 1011 | /* install the new credentials */ |
1011 | suid_keys(current); | 1012 | if (bprm->cred->uid != current_euid() || |
1012 | set_dumpable(current->mm, suid_dumpable); | 1013 | bprm->cred->gid != current_egid()) { |
1013 | current->pdeath_signal = 0; | 1014 | current->pdeath_signal = 0; |
1014 | } else if (file_permission(bprm->file, MAY_READ) || | 1015 | } else if (file_permission(bprm->file, MAY_READ) || |
1015 | (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) { | 1016 | bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) { |
1016 | suid_keys(current); | ||
1017 | set_dumpable(current->mm, suid_dumpable); | 1017 | set_dumpable(current->mm, suid_dumpable); |
1018 | } | 1018 | } |
1019 | 1019 | ||
1020 | current->personality &= ~bprm->per_clear; | ||
1021 | |||
1020 | /* An exec changes our domain. We are no longer part of the thread | 1022 | /* An exec changes our domain. We are no longer part of the thread |
1021 | group */ | 1023 | group */ |
1022 | 1024 | ||
@@ -1033,13 +1035,50 @@ out: | |||
1033 | 1035 | ||
1034 | EXPORT_SYMBOL(flush_old_exec); | 1036 | EXPORT_SYMBOL(flush_old_exec); |
1035 | 1037 | ||
1038 | /* | ||
1039 | * install the new credentials for this executable | ||
1040 | */ | ||
1041 | void install_exec_creds(struct linux_binprm *bprm) | ||
1042 | { | ||
1043 | security_bprm_committing_creds(bprm); | ||
1044 | |||
1045 | commit_creds(bprm->cred); | ||
1046 | bprm->cred = NULL; | ||
1047 | |||
1048 | /* cred_exec_mutex must be held at least to this point to prevent | ||
1049 | * ptrace_attach() from altering our determination of the task's | ||
1050 | * credentials; any time after this it may be unlocked */ | ||
1051 | |||
1052 | security_bprm_committed_creds(bprm); | ||
1053 | } | ||
1054 | EXPORT_SYMBOL(install_exec_creds); | ||
1055 | |||
1056 | /* | ||
1057 | * determine how safe it is to execute the proposed program | ||
1058 | * - the caller must hold current->cred_exec_mutex to protect against | ||
1059 | * PTRACE_ATTACH | ||
1060 | */ | ||
1061 | void check_unsafe_exec(struct linux_binprm *bprm) | ||
1062 | { | ||
1063 | struct task_struct *p = current; | ||
1064 | |||
1065 | bprm->unsafe = tracehook_unsafe_exec(p); | ||
1066 | |||
1067 | if (atomic_read(&p->fs->count) > 1 || | ||
1068 | atomic_read(&p->files->count) > 1 || | ||
1069 | atomic_read(&p->sighand->count) > 1) | ||
1070 | bprm->unsafe |= LSM_UNSAFE_SHARE; | ||
1071 | } | ||
1072 | |||
1036 | /* | 1073 | /* |
1037 | * Fill the binprm structure from the inode. | 1074 | * Fill the binprm structure from the inode. |
1038 | * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes | 1075 | * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
1076 | * | ||
1077 | * This may be called multiple times for binary chains (scripts for example). | ||
1039 | */ | 1078 | */ |
1040 | int prepare_binprm(struct linux_binprm *bprm) | 1079 | int prepare_binprm(struct linux_binprm *bprm) |
1041 | { | 1080 | { |
1042 | int mode; | 1081 | umode_t mode; |
1043 | struct inode * inode = bprm->file->f_path.dentry->d_inode; | 1082 | struct inode * inode = bprm->file->f_path.dentry->d_inode; |
1044 | int retval; | 1083 | int retval; |
1045 | 1084 | ||
@@ -1047,14 +1086,15 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
1047 | if (bprm->file->f_op == NULL) | 1086 | if (bprm->file->f_op == NULL) |
1048 | return -EACCES; | 1087 | return -EACCES; |
1049 | 1088 | ||
1050 | bprm->e_uid = current->euid; | 1089 | /* clear any previous set[ug]id data from a previous binary */ |
1051 | bprm->e_gid = current->egid; | 1090 | bprm->cred->euid = current_euid(); |
1091 | bprm->cred->egid = current_egid(); | ||
1052 | 1092 | ||
1053 | if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { | 1093 | if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { |
1054 | /* Set-uid? */ | 1094 | /* Set-uid? */ |
1055 | if (mode & S_ISUID) { | 1095 | if (mode & S_ISUID) { |
1056 | current->personality &= ~PER_CLEAR_ON_SETID; | 1096 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
1057 | bprm->e_uid = inode->i_uid; | 1097 | bprm->cred->euid = inode->i_uid; |
1058 | } | 1098 | } |
1059 | 1099 | ||
1060 | /* Set-gid? */ | 1100 | /* Set-gid? */ |
@@ -1064,52 +1104,23 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
1064 | * executable. | 1104 | * executable. |
1065 | */ | 1105 | */ |
1066 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { | 1106 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
1067 | current->personality &= ~PER_CLEAR_ON_SETID; | 1107 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
1068 | bprm->e_gid = inode->i_gid; | 1108 | bprm->cred->egid = inode->i_gid; |
1069 | } | 1109 | } |
1070 | } | 1110 | } |
1071 | 1111 | ||
1072 | /* fill in binprm security blob */ | 1112 | /* fill in binprm security blob */ |
1073 | retval = security_bprm_set(bprm); | 1113 | retval = security_bprm_set_creds(bprm); |
1074 | if (retval) | 1114 | if (retval) |
1075 | return retval; | 1115 | return retval; |
1116 | bprm->cred_prepared = 1; | ||
1076 | 1117 | ||
1077 | memset(bprm->buf,0,BINPRM_BUF_SIZE); | 1118 | memset(bprm->buf, 0, BINPRM_BUF_SIZE); |
1078 | return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE); | 1119 | return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE); |
1079 | } | 1120 | } |
1080 | 1121 | ||
1081 | EXPORT_SYMBOL(prepare_binprm); | 1122 | EXPORT_SYMBOL(prepare_binprm); |
1082 | 1123 | ||
1083 | static int unsafe_exec(struct task_struct *p) | ||
1084 | { | ||
1085 | int unsafe = tracehook_unsafe_exec(p); | ||
1086 | |||
1087 | if (atomic_read(&p->fs->count) > 1 || | ||
1088 | atomic_read(&p->files->count) > 1 || | ||
1089 | atomic_read(&p->sighand->count) > 1) | ||
1090 | unsafe |= LSM_UNSAFE_SHARE; | ||
1091 | |||
1092 | return unsafe; | ||
1093 | } | ||
1094 | |||
1095 | void compute_creds(struct linux_binprm *bprm) | ||
1096 | { | ||
1097 | int unsafe; | ||
1098 | |||
1099 | if (bprm->e_uid != current->uid) { | ||
1100 | suid_keys(current); | ||
1101 | current->pdeath_signal = 0; | ||
1102 | } | ||
1103 | exec_keys(current); | ||
1104 | |||
1105 | task_lock(current); | ||
1106 | unsafe = unsafe_exec(current); | ||
1107 | security_bprm_apply_creds(bprm, unsafe); | ||
1108 | task_unlock(current); | ||
1109 | security_bprm_post_apply_creds(bprm); | ||
1110 | } | ||
1111 | EXPORT_SYMBOL(compute_creds); | ||
1112 | |||
1113 | /* | 1124 | /* |
1114 | * Arguments are '\0' separated strings found at the location bprm->p | 1125 | * Arguments are '\0' separated strings found at the location bprm->p |
1115 | * points to; chop off the first by relocating brpm->p to right after | 1126 | * points to; chop off the first by relocating brpm->p to right after |
@@ -1262,6 +1273,8 @@ EXPORT_SYMBOL(search_binary_handler); | |||
1262 | void free_bprm(struct linux_binprm *bprm) | 1273 | void free_bprm(struct linux_binprm *bprm) |
1263 | { | 1274 | { |
1264 | free_arg_pages(bprm); | 1275 | free_arg_pages(bprm); |
1276 | if (bprm->cred) | ||
1277 | abort_creds(bprm->cred); | ||
1265 | kfree(bprm); | 1278 | kfree(bprm); |
1266 | } | 1279 | } |
1267 | 1280 | ||
@@ -1287,10 +1300,20 @@ int do_execve(char * filename, | |||
1287 | if (!bprm) | 1300 | if (!bprm) |
1288 | goto out_files; | 1301 | goto out_files; |
1289 | 1302 | ||
1303 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | ||
1304 | if (retval < 0) | ||
1305 | goto out_free; | ||
1306 | |||
1307 | retval = -ENOMEM; | ||
1308 | bprm->cred = prepare_exec_creds(); | ||
1309 | if (!bprm->cred) | ||
1310 | goto out_unlock; | ||
1311 | check_unsafe_exec(bprm); | ||
1312 | |||
1290 | file = open_exec(filename); | 1313 | file = open_exec(filename); |
1291 | retval = PTR_ERR(file); | 1314 | retval = PTR_ERR(file); |
1292 | if (IS_ERR(file)) | 1315 | if (IS_ERR(file)) |
1293 | goto out_kfree; | 1316 | goto out_unlock; |
1294 | 1317 | ||
1295 | sched_exec(); | 1318 | sched_exec(); |
1296 | 1319 | ||
@@ -1304,14 +1327,10 @@ int do_execve(char * filename, | |||
1304 | 1327 | ||
1305 | bprm->argc = count(argv, MAX_ARG_STRINGS); | 1328 | bprm->argc = count(argv, MAX_ARG_STRINGS); |
1306 | if ((retval = bprm->argc) < 0) | 1329 | if ((retval = bprm->argc) < 0) |
1307 | goto out_mm; | 1330 | goto out; |
1308 | 1331 | ||
1309 | bprm->envc = count(envp, MAX_ARG_STRINGS); | 1332 | bprm->envc = count(envp, MAX_ARG_STRINGS); |
1310 | if ((retval = bprm->envc) < 0) | 1333 | if ((retval = bprm->envc) < 0) |
1311 | goto out_mm; | ||
1312 | |||
1313 | retval = security_bprm_alloc(bprm); | ||
1314 | if (retval) | ||
1315 | goto out; | 1334 | goto out; |
1316 | 1335 | ||
1317 | retval = prepare_binprm(bprm); | 1336 | retval = prepare_binprm(bprm); |
@@ -1333,21 +1352,18 @@ int do_execve(char * filename, | |||
1333 | 1352 | ||
1334 | current->flags &= ~PF_KTHREAD; | 1353 | current->flags &= ~PF_KTHREAD; |
1335 | retval = search_binary_handler(bprm,regs); | 1354 | retval = search_binary_handler(bprm,regs); |
1336 | if (retval >= 0) { | 1355 | if (retval < 0) |
1337 | /* execve success */ | 1356 | goto out; |
1338 | security_bprm_free(bprm); | ||
1339 | acct_update_integrals(current); | ||
1340 | free_bprm(bprm); | ||
1341 | if (displaced) | ||
1342 | put_files_struct(displaced); | ||
1343 | return retval; | ||
1344 | } | ||
1345 | 1357 | ||
1346 | out: | 1358 | /* execve succeeded */ |
1347 | if (bprm->security) | 1359 | mutex_unlock(¤t->cred_exec_mutex); |
1348 | security_bprm_free(bprm); | 1360 | acct_update_integrals(current); |
1361 | free_bprm(bprm); | ||
1362 | if (displaced) | ||
1363 | put_files_struct(displaced); | ||
1364 | return retval; | ||
1349 | 1365 | ||
1350 | out_mm: | 1366 | out: |
1351 | if (bprm->mm) | 1367 | if (bprm->mm) |
1352 | mmput (bprm->mm); | 1368 | mmput (bprm->mm); |
1353 | 1369 | ||
@@ -1356,7 +1372,11 @@ out_file: | |||
1356 | allow_write_access(bprm->file); | 1372 | allow_write_access(bprm->file); |
1357 | fput(bprm->file); | 1373 | fput(bprm->file); |
1358 | } | 1374 | } |
1359 | out_kfree: | 1375 | |
1376 | out_unlock: | ||
1377 | mutex_unlock(¤t->cred_exec_mutex); | ||
1378 | |||
1379 | out_free: | ||
1360 | free_bprm(bprm); | 1380 | free_bprm(bprm); |
1361 | 1381 | ||
1362 | out_files: | 1382 | out_files: |
@@ -1388,6 +1408,7 @@ EXPORT_SYMBOL(set_binfmt); | |||
1388 | */ | 1408 | */ |
1389 | static int format_corename(char *corename, long signr) | 1409 | static int format_corename(char *corename, long signr) |
1390 | { | 1410 | { |
1411 | const struct cred *cred = current_cred(); | ||
1391 | const char *pat_ptr = core_pattern; | 1412 | const char *pat_ptr = core_pattern; |
1392 | int ispipe = (*pat_ptr == '|'); | 1413 | int ispipe = (*pat_ptr == '|'); |
1393 | char *out_ptr = corename; | 1414 | char *out_ptr = corename; |
@@ -1424,7 +1445,7 @@ static int format_corename(char *corename, long signr) | |||
1424 | /* uid */ | 1445 | /* uid */ |
1425 | case 'u': | 1446 | case 'u': |
1426 | rc = snprintf(out_ptr, out_end - out_ptr, | 1447 | rc = snprintf(out_ptr, out_end - out_ptr, |
1427 | "%d", current->uid); | 1448 | "%d", cred->uid); |
1428 | if (rc > out_end - out_ptr) | 1449 | if (rc > out_end - out_ptr) |
1429 | goto out; | 1450 | goto out; |
1430 | out_ptr += rc; | 1451 | out_ptr += rc; |
@@ -1432,7 +1453,7 @@ static int format_corename(char *corename, long signr) | |||
1432 | /* gid */ | 1453 | /* gid */ |
1433 | case 'g': | 1454 | case 'g': |
1434 | rc = snprintf(out_ptr, out_end - out_ptr, | 1455 | rc = snprintf(out_ptr, out_end - out_ptr, |
1435 | "%d", current->gid); | 1456 | "%d", cred->gid); |
1436 | if (rc > out_end - out_ptr) | 1457 | if (rc > out_end - out_ptr) |
1437 | goto out; | 1458 | goto out; |
1438 | out_ptr += rc; | 1459 | out_ptr += rc; |
@@ -1708,8 +1729,9 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1708 | struct linux_binfmt * binfmt; | 1729 | struct linux_binfmt * binfmt; |
1709 | struct inode * inode; | 1730 | struct inode * inode; |
1710 | struct file * file; | 1731 | struct file * file; |
1732 | const struct cred *old_cred; | ||
1733 | struct cred *cred; | ||
1711 | int retval = 0; | 1734 | int retval = 0; |
1712 | int fsuid = current->fsuid; | ||
1713 | int flag = 0; | 1735 | int flag = 0; |
1714 | int ispipe = 0; | 1736 | int ispipe = 0; |
1715 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; | 1737 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; |
@@ -1722,12 +1744,20 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1722 | binfmt = current->binfmt; | 1744 | binfmt = current->binfmt; |
1723 | if (!binfmt || !binfmt->core_dump) | 1745 | if (!binfmt || !binfmt->core_dump) |
1724 | goto fail; | 1746 | goto fail; |
1747 | |||
1748 | cred = prepare_creds(); | ||
1749 | if (!cred) { | ||
1750 | retval = -ENOMEM; | ||
1751 | goto fail; | ||
1752 | } | ||
1753 | |||
1725 | down_write(&mm->mmap_sem); | 1754 | down_write(&mm->mmap_sem); |
1726 | /* | 1755 | /* |
1727 | * If another thread got here first, or we are not dumpable, bail out. | 1756 | * If another thread got here first, or we are not dumpable, bail out. |
1728 | */ | 1757 | */ |
1729 | if (mm->core_state || !get_dumpable(mm)) { | 1758 | if (mm->core_state || !get_dumpable(mm)) { |
1730 | up_write(&mm->mmap_sem); | 1759 | up_write(&mm->mmap_sem); |
1760 | put_cred(cred); | ||
1731 | goto fail; | 1761 | goto fail; |
1732 | } | 1762 | } |
1733 | 1763 | ||
@@ -1738,12 +1768,16 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1738 | */ | 1768 | */ |
1739 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ | 1769 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ |
1740 | flag = O_EXCL; /* Stop rewrite attacks */ | 1770 | flag = O_EXCL; /* Stop rewrite attacks */ |
1741 | current->fsuid = 0; /* Dump root private */ | 1771 | cred->fsuid = 0; /* Dump root private */ |
1742 | } | 1772 | } |
1743 | 1773 | ||
1744 | retval = coredump_wait(exit_code, &core_state); | 1774 | retval = coredump_wait(exit_code, &core_state); |
1745 | if (retval < 0) | 1775 | if (retval < 0) { |
1776 | put_cred(cred); | ||
1746 | goto fail; | 1777 | goto fail; |
1778 | } | ||
1779 | |||
1780 | old_cred = override_creds(cred); | ||
1747 | 1781 | ||
1748 | /* | 1782 | /* |
1749 | * Clear any false indication of pending signals that might | 1783 | * Clear any false indication of pending signals that might |
@@ -1815,7 +1849,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1815 | * Dont allow local users get cute and trick others to coredump | 1849 | * Dont allow local users get cute and trick others to coredump |
1816 | * into their pre-created files: | 1850 | * into their pre-created files: |
1817 | */ | 1851 | */ |
1818 | if (inode->i_uid != current->fsuid) | 1852 | if (inode->i_uid != current_fsuid()) |
1819 | goto close_fail; | 1853 | goto close_fail; |
1820 | if (!file->f_op) | 1854 | if (!file->f_op) |
1821 | goto close_fail; | 1855 | goto close_fail; |
@@ -1834,7 +1868,8 @@ fail_unlock: | |||
1834 | if (helper_argv) | 1868 | if (helper_argv) |
1835 | argv_free(helper_argv); | 1869 | argv_free(helper_argv); |
1836 | 1870 | ||
1837 | current->fsuid = fsuid; | 1871 | revert_creds(old_cred); |
1872 | put_cred(cred); | ||
1838 | coredump_finish(mm); | 1873 | coredump_finish(mm); |
1839 | fail: | 1874 | fail: |
1840 | return retval; | 1875 | return retval; |
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c index 80246bad1b7f..ec1fb918200f 100644 --- a/fs/exportfs/expfs.c +++ b/fs/exportfs/expfs.c | |||
@@ -14,6 +14,7 @@ | |||
14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
15 | #include <linux/mount.h> | 15 | #include <linux/mount.h> |
16 | #include <linux/namei.h> | 16 | #include <linux/namei.h> |
17 | #include <linux/sched.h> | ||
17 | 18 | ||
18 | #define dprintk(fmt, args...) do{}while(0) | 19 | #define dprintk(fmt, args...) do{}while(0) |
19 | 20 | ||
@@ -249,6 +250,7 @@ static int filldir_one(void * __buf, const char * name, int len, | |||
249 | static int get_name(struct vfsmount *mnt, struct dentry *dentry, | 250 | static int get_name(struct vfsmount *mnt, struct dentry *dentry, |
250 | char *name, struct dentry *child) | 251 | char *name, struct dentry *child) |
251 | { | 252 | { |
253 | const struct cred *cred = current_cred(); | ||
252 | struct inode *dir = dentry->d_inode; | 254 | struct inode *dir = dentry->d_inode; |
253 | int error; | 255 | int error; |
254 | struct file *file; | 256 | struct file *file; |
@@ -263,7 +265,7 @@ static int get_name(struct vfsmount *mnt, struct dentry *dentry, | |||
263 | /* | 265 | /* |
264 | * Open the directory ... | 266 | * Open the directory ... |
265 | */ | 267 | */ |
266 | file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY); | 268 | file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY, cred); |
267 | error = PTR_ERR(file); | 269 | error = PTR_ERR(file); |
268 | if (IS_ERR(file)) | 270 | if (IS_ERR(file)) |
269 | goto out; | 271 | goto out; |
diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c index 6dac7ba2d22d..4a29d6376081 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c | |||
@@ -1193,7 +1193,7 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) | |||
1193 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | 1193 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); |
1194 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | 1194 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); |
1195 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | 1195 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && |
1196 | sbi->s_resuid != current->fsuid && | 1196 | sbi->s_resuid != current_fsuid() && |
1197 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | 1197 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { |
1198 | return 0; | 1198 | return 0; |
1199 | } | 1199 | } |
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c index f59741346760..8d0add625870 100644 --- a/fs/ext2/ialloc.c +++ b/fs/ext2/ialloc.c | |||
@@ -550,7 +550,7 @@ got: | |||
550 | 550 | ||
551 | sb->s_dirt = 1; | 551 | sb->s_dirt = 1; |
552 | mark_buffer_dirty(bh2); | 552 | mark_buffer_dirty(bh2); |
553 | inode->i_uid = current->fsuid; | 553 | inode->i_uid = current_fsuid(); |
554 | if (test_opt (sb, GRPID)) | 554 | if (test_opt (sb, GRPID)) |
555 | inode->i_gid = dir->i_gid; | 555 | inode->i_gid = dir->i_gid; |
556 | else if (dir->i_mode & S_ISGID) { | 556 | else if (dir->i_mode & S_ISGID) { |
@@ -558,7 +558,7 @@ got: | |||
558 | if (S_ISDIR(mode)) | 558 | if (S_ISDIR(mode)) |
559 | mode |= S_ISGID; | 559 | mode |= S_ISGID; |
560 | } else | 560 | } else |
561 | inode->i_gid = current->fsgid; | 561 | inode->i_gid = current_fsgid(); |
562 | inode->i_mode = mode; | 562 | inode->i_mode = mode; |
563 | 563 | ||
564 | inode->i_ino = ino; | 564 | inode->i_ino = ino; |
diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c index f5b57a2ca35a..0dbf1c048475 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c | |||
@@ -1422,7 +1422,7 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi) | |||
1422 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | 1422 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); |
1423 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | 1423 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); |
1424 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | 1424 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && |
1425 | sbi->s_resuid != current->fsuid && | 1425 | sbi->s_resuid != current_fsuid() && |
1426 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | 1426 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { |
1427 | return 0; | 1427 | return 0; |
1428 | } | 1428 | } |
diff --git a/fs/ext3/ialloc.c b/fs/ext3/ialloc.c index 47b678d73e7a..490bd0ed7896 100644 --- a/fs/ext3/ialloc.c +++ b/fs/ext3/ialloc.c | |||
@@ -539,7 +539,7 @@ got: | |||
539 | percpu_counter_inc(&sbi->s_dirs_counter); | 539 | percpu_counter_inc(&sbi->s_dirs_counter); |
540 | sb->s_dirt = 1; | 540 | sb->s_dirt = 1; |
541 | 541 | ||
542 | inode->i_uid = current->fsuid; | 542 | inode->i_uid = current_fsuid(); |
543 | if (test_opt (sb, GRPID)) | 543 | if (test_opt (sb, GRPID)) |
544 | inode->i_gid = dir->i_gid; | 544 | inode->i_gid = dir->i_gid; |
545 | else if (dir->i_mode & S_ISGID) { | 545 | else if (dir->i_mode & S_ISGID) { |
@@ -547,7 +547,7 @@ got: | |||
547 | if (S_ISDIR(mode)) | 547 | if (S_ISDIR(mode)) |
548 | mode |= S_ISGID; | 548 | mode |= S_ISGID; |
549 | } else | 549 | } else |
550 | inode->i_gid = current->fsgid; | 550 | inode->i_gid = current_fsgid(); |
551 | inode->i_mode = mode; | 551 | inode->i_mode = mode; |
552 | 552 | ||
553 | inode->i_ino = ino; | 553 | inode->i_ino = ino; |
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index d2003cdc36aa..a932b9a29240 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c | |||
@@ -624,7 +624,7 @@ int ext4_has_free_blocks(struct ext4_sb_info *sbi, s64 nblocks) | |||
624 | return 1; | 624 | return 1; |
625 | 625 | ||
626 | /* Hm, nope. Are (enough) root reserved blocks available? */ | 626 | /* Hm, nope. Are (enough) root reserved blocks available? */ |
627 | if (sbi->s_resuid == current->fsuid || | 627 | if (sbi->s_resuid == current_fsuid() || |
628 | ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || | 628 | ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || |
629 | capable(CAP_SYS_RESOURCE)) { | 629 | capable(CAP_SYS_RESOURCE)) { |
630 | if (free_blocks >= (nblocks + dirty_blocks)) | 630 | if (free_blocks >= (nblocks + dirty_blocks)) |
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 2a117e286e54..08cac9fcace2 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c | |||
@@ -787,7 +787,7 @@ got: | |||
787 | spin_unlock(sb_bgl_lock(sbi, flex_group)); | 787 | spin_unlock(sb_bgl_lock(sbi, flex_group)); |
788 | } | 788 | } |
789 | 789 | ||
790 | inode->i_uid = current->fsuid; | 790 | inode->i_uid = current_fsuid(); |
791 | if (test_opt(sb, GRPID)) | 791 | if (test_opt(sb, GRPID)) |
792 | inode->i_gid = dir->i_gid; | 792 | inode->i_gid = dir->i_gid; |
793 | else if (dir->i_mode & S_ISGID) { | 793 | else if (dir->i_mode & S_ISGID) { |
@@ -795,7 +795,7 @@ got: | |||
795 | if (S_ISDIR(mode)) | 795 | if (S_ISDIR(mode)) |
796 | mode |= S_ISGID; | 796 | mode |= S_ISGID; |
797 | } else | 797 | } else |
798 | inode->i_gid = current->fsgid; | 798 | inode->i_gid = current_fsgid(); |
799 | inode->i_mode = mode; | 799 | inode->i_mode = mode; |
800 | 800 | ||
801 | inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb); | 801 | inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb); |
diff --git a/fs/fat/file.c b/fs/fat/file.c index f06a4e525ece..0a7f4a9918b3 100644 --- a/fs/fat/file.c +++ b/fs/fat/file.c | |||
@@ -304,7 +304,7 @@ static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode) | |||
304 | { | 304 | { |
305 | mode_t allow_utime = sbi->options.allow_utime; | 305 | mode_t allow_utime = sbi->options.allow_utime; |
306 | 306 | ||
307 | if (current->fsuid != inode->i_uid) { | 307 | if (current_fsuid() != inode->i_uid) { |
308 | if (in_group_p(inode->i_gid)) | 308 | if (in_group_p(inode->i_gid)) |
309 | allow_utime >>= 3; | 309 | allow_utime >>= 3; |
310 | if (allow_utime & MAY_WRITE) | 310 | if (allow_utime & MAY_WRITE) |
diff --git a/fs/fat/inode.c b/fs/fat/inode.c index bdd8fb7be2ca..d937aaf77374 100644 --- a/fs/fat/inode.c +++ b/fs/fat/inode.c | |||
@@ -926,8 +926,8 @@ static int parse_options(char *options, int is_vfat, int silent, int *debug, | |||
926 | 926 | ||
927 | opts->isvfat = is_vfat; | 927 | opts->isvfat = is_vfat; |
928 | 928 | ||
929 | opts->fs_uid = current->uid; | 929 | opts->fs_uid = current_uid(); |
930 | opts->fs_gid = current->gid; | 930 | opts->fs_gid = current_gid(); |
931 | opts->fs_fmask = opts->fs_dmask = current->fs->umask; | 931 | opts->fs_fmask = opts->fs_dmask = current->fs->umask; |
932 | opts->allow_utime = -1; | 932 | opts->allow_utime = -1; |
933 | opts->codepage = fat_default_codepage; | 933 | opts->codepage = fat_default_codepage; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index ac4f7db9f134..87c39f1f0817 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -205,13 +205,14 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, | |||
205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, | 205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, |
206 | int force) | 206 | int force) |
207 | { | 207 | { |
208 | const struct cred *cred = current_cred(); | ||
208 | int err; | 209 | int err; |
209 | 210 | ||
210 | err = security_file_set_fowner(filp); | 211 | err = security_file_set_fowner(filp); |
211 | if (err) | 212 | if (err) |
212 | return err; | 213 | return err; |
213 | 214 | ||
214 | f_modown(filp, pid, type, current->uid, current->euid, force); | 215 | f_modown(filp, pid, type, cred->uid, cred->euid, force); |
215 | return 0; | 216 | return 0; |
216 | } | 217 | } |
217 | EXPORT_SYMBOL(__f_setown); | 218 | EXPORT_SYMBOL(__f_setown); |
@@ -400,10 +401,17 @@ static const long band_table[NSIGPOLL] = { | |||
400 | static inline int sigio_perm(struct task_struct *p, | 401 | static inline int sigio_perm(struct task_struct *p, |
401 | struct fown_struct *fown, int sig) | 402 | struct fown_struct *fown, int sig) |
402 | { | 403 | { |
403 | return (((fown->euid == 0) || | 404 | const struct cred *cred; |
404 | (fown->euid == p->suid) || (fown->euid == p->uid) || | 405 | int ret; |
405 | (fown->uid == p->suid) || (fown->uid == p->uid)) && | 406 | |
406 | !security_file_send_sigiotask(p, fown, sig)); | 407 | rcu_read_lock(); |
408 | cred = __task_cred(p); | ||
409 | ret = ((fown->euid == 0 || | ||
410 | fown->euid == cred->suid || fown->euid == cred->uid || | ||
411 | fown->uid == cred->suid || fown->uid == cred->uid) && | ||
412 | !security_file_send_sigiotask(p, fown, sig)); | ||
413 | rcu_read_unlock(); | ||
414 | return ret; | ||
407 | } | 415 | } |
408 | 416 | ||
409 | static void send_sigio_to_task(struct task_struct *p, | 417 | static void send_sigio_to_task(struct task_struct *p, |
diff --git a/fs/file_table.c b/fs/file_table.c index 5ad0eca6eea2..0fbcacc3ea75 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
@@ -36,7 +36,9 @@ static struct percpu_counter nr_files __cacheline_aligned_in_smp; | |||
36 | 36 | ||
37 | static inline void file_free_rcu(struct rcu_head *head) | 37 | static inline void file_free_rcu(struct rcu_head *head) |
38 | { | 38 | { |
39 | struct file *f = container_of(head, struct file, f_u.fu_rcuhead); | 39 | struct file *f = container_of(head, struct file, f_u.fu_rcuhead); |
40 | |||
41 | put_cred(f->f_cred); | ||
40 | kmem_cache_free(filp_cachep, f); | 42 | kmem_cache_free(filp_cachep, f); |
41 | } | 43 | } |
42 | 44 | ||
@@ -94,7 +96,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp, | |||
94 | */ | 96 | */ |
95 | struct file *get_empty_filp(void) | 97 | struct file *get_empty_filp(void) |
96 | { | 98 | { |
97 | struct task_struct *tsk; | 99 | const struct cred *cred = current_cred(); |
98 | static int old_max; | 100 | static int old_max; |
99 | struct file * f; | 101 | struct file * f; |
100 | 102 | ||
@@ -118,12 +120,10 @@ struct file *get_empty_filp(void) | |||
118 | if (security_file_alloc(f)) | 120 | if (security_file_alloc(f)) |
119 | goto fail_sec; | 121 | goto fail_sec; |
120 | 122 | ||
121 | tsk = current; | ||
122 | INIT_LIST_HEAD(&f->f_u.fu_list); | 123 | INIT_LIST_HEAD(&f->f_u.fu_list); |
123 | atomic_long_set(&f->f_count, 1); | 124 | atomic_long_set(&f->f_count, 1); |
124 | rwlock_init(&f->f_owner.lock); | 125 | rwlock_init(&f->f_owner.lock); |
125 | f->f_uid = tsk->fsuid; | 126 | f->f_cred = get_cred(cred); |
126 | f->f_gid = tsk->fsgid; | ||
127 | eventpoll_init_file(f); | 127 | eventpoll_init_file(f); |
128 | /* f->f_version: 0 */ | 128 | /* f->f_version: 0 */ |
129 | return f; | 129 | return f; |
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index b72361479be2..fba571648a8e 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c | |||
@@ -87,8 +87,8 @@ static void __fuse_put_request(struct fuse_req *req) | |||
87 | 87 | ||
88 | static void fuse_req_init_context(struct fuse_req *req) | 88 | static void fuse_req_init_context(struct fuse_req *req) |
89 | { | 89 | { |
90 | req->in.h.uid = current->fsuid; | 90 | req->in.h.uid = current_fsuid(); |
91 | req->in.h.gid = current->fsgid; | 91 | req->in.h.gid = current_fsgid(); |
92 | req->in.h.pid = current->pid; | 92 | req->in.h.pid = current->pid; |
93 | } | 93 | } |
94 | 94 | ||
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index fd03330cadeb..95bc22bdd060 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c | |||
@@ -869,18 +869,25 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat, | |||
869 | */ | 869 | */ |
870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) | 870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) |
871 | { | 871 | { |
872 | const struct cred *cred; | ||
873 | int ret; | ||
874 | |||
872 | if (fc->flags & FUSE_ALLOW_OTHER) | 875 | if (fc->flags & FUSE_ALLOW_OTHER) |
873 | return 1; | 876 | return 1; |
874 | 877 | ||
875 | if (task->euid == fc->user_id && | 878 | rcu_read_lock(); |
876 | task->suid == fc->user_id && | 879 | ret = 0; |
877 | task->uid == fc->user_id && | 880 | cred = __task_cred(task); |
878 | task->egid == fc->group_id && | 881 | if (cred->euid == fc->user_id && |
879 | task->sgid == fc->group_id && | 882 | cred->suid == fc->user_id && |
880 | task->gid == fc->group_id) | 883 | cred->uid == fc->user_id && |
881 | return 1; | 884 | cred->egid == fc->group_id && |
885 | cred->sgid == fc->group_id && | ||
886 | cred->gid == fc->group_id) | ||
887 | ret = 1; | ||
888 | rcu_read_unlock(); | ||
882 | 889 | ||
883 | return 0; | 890 | return ret; |
884 | } | 891 | } |
885 | 892 | ||
886 | static int fuse_access(struct inode *inode, int mask) | 893 | static int fuse_access(struct inode *inode, int mask) |
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 7cee695fa441..d57616840e89 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
@@ -705,18 +705,18 @@ static void munge_mode_uid_gid(struct gfs2_inode *dip, unsigned int *mode, | |||
705 | (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) { | 705 | (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) { |
706 | if (S_ISDIR(*mode)) | 706 | if (S_ISDIR(*mode)) |
707 | *mode |= S_ISUID; | 707 | *mode |= S_ISUID; |
708 | else if (dip->i_inode.i_uid != current->fsuid) | 708 | else if (dip->i_inode.i_uid != current_fsuid()) |
709 | *mode &= ~07111; | 709 | *mode &= ~07111; |
710 | *uid = dip->i_inode.i_uid; | 710 | *uid = dip->i_inode.i_uid; |
711 | } else | 711 | } else |
712 | *uid = current->fsuid; | 712 | *uid = current_fsuid(); |
713 | 713 | ||
714 | if (dip->i_inode.i_mode & S_ISGID) { | 714 | if (dip->i_inode.i_mode & S_ISGID) { |
715 | if (S_ISDIR(*mode)) | 715 | if (S_ISDIR(*mode)) |
716 | *mode |= S_ISGID; | 716 | *mode |= S_ISGID; |
717 | *gid = dip->i_inode.i_gid; | 717 | *gid = dip->i_inode.i_gid; |
718 | } else | 718 | } else |
719 | *gid = current->fsgid; | 719 | *gid = current_fsgid(); |
720 | } | 720 | } |
721 | 721 | ||
722 | static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation) | 722 | static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation) |
@@ -1124,8 +1124,8 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
1124 | return -EPERM; | 1124 | return -EPERM; |
1125 | 1125 | ||
1126 | if ((dip->i_inode.i_mode & S_ISVTX) && | 1126 | if ((dip->i_inode.i_mode & S_ISVTX) && |
1127 | dip->i_inode.i_uid != current->fsuid && | 1127 | dip->i_inode.i_uid != current_fsuid() && |
1128 | ip->i_inode.i_uid != current->fsuid && !capable(CAP_FOWNER)) | 1128 | ip->i_inode.i_uid != current_fsuid() && !capable(CAP_FOWNER)) |
1129 | return -EPERM; | 1129 | return -EPERM; |
1130 | 1130 | ||
1131 | if (IS_APPEND(&dip->i_inode)) | 1131 | if (IS_APPEND(&dip->i_inode)) |
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c index c69b7ac75bf7..9435dda8f1e0 100644 --- a/fs/hfs/inode.c +++ b/fs/hfs/inode.c | |||
@@ -155,8 +155,8 @@ struct inode *hfs_new_inode(struct inode *dir, struct qstr *name, int mode) | |||
155 | hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name); | 155 | hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name); |
156 | inode->i_ino = HFS_SB(sb)->next_id++; | 156 | inode->i_ino = HFS_SB(sb)->next_id++; |
157 | inode->i_mode = mode; | 157 | inode->i_mode = mode; |
158 | inode->i_uid = current->fsuid; | 158 | inode->i_uid = current_fsuid(); |
159 | inode->i_gid = current->fsgid; | 159 | inode->i_gid = current_fsgid(); |
160 | inode->i_nlink = 1; | 160 | inode->i_nlink = 1; |
161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
162 | HFS_I(inode)->flags = 0; | 162 | HFS_I(inode)->flags = 0; |
diff --git a/fs/hfs/super.c b/fs/hfs/super.c index 3c7c7637719c..c8b5acf4b0b7 100644 --- a/fs/hfs/super.c +++ b/fs/hfs/super.c | |||
@@ -210,8 +210,8 @@ static int parse_options(char *options, struct hfs_sb_info *hsb) | |||
210 | int tmp, token; | 210 | int tmp, token; |
211 | 211 | ||
212 | /* initialize the sb with defaults */ | 212 | /* initialize the sb with defaults */ |
213 | hsb->s_uid = current->uid; | 213 | hsb->s_uid = current_uid(); |
214 | hsb->s_gid = current->gid; | 214 | hsb->s_gid = current_gid(); |
215 | hsb->s_file_umask = 0133; | 215 | hsb->s_file_umask = 0133; |
216 | hsb->s_dir_umask = 0022; | 216 | hsb->s_dir_umask = 0022; |
217 | hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */ | 217 | hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */ |
diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c index b207f0e6fc22..f105ee9e1cc4 100644 --- a/fs/hfsplus/inode.c +++ b/fs/hfsplus/inode.c | |||
@@ -296,8 +296,8 @@ struct inode *hfsplus_new_inode(struct super_block *sb, int mode) | |||
296 | 296 | ||
297 | inode->i_ino = HFSPLUS_SB(sb).next_cnid++; | 297 | inode->i_ino = HFSPLUS_SB(sb).next_cnid++; |
298 | inode->i_mode = mode; | 298 | inode->i_mode = mode; |
299 | inode->i_uid = current->fsuid; | 299 | inode->i_uid = current_fsuid(); |
300 | inode->i_gid = current->fsgid; | 300 | inode->i_gid = current_fsgid(); |
301 | inode->i_nlink = 1; | 301 | inode->i_nlink = 1; |
302 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 302 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
303 | INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list); | 303 | INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list); |
diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c index 9699c56d323f..bab7f8d1bdfa 100644 --- a/fs/hfsplus/options.c +++ b/fs/hfsplus/options.c | |||
@@ -49,8 +49,8 @@ void hfsplus_fill_defaults(struct hfsplus_sb_info *opts) | |||
49 | opts->creator = HFSPLUS_DEF_CR_TYPE; | 49 | opts->creator = HFSPLUS_DEF_CR_TYPE; |
50 | opts->type = HFSPLUS_DEF_CR_TYPE; | 50 | opts->type = HFSPLUS_DEF_CR_TYPE; |
51 | opts->umask = current->fs->umask; | 51 | opts->umask = current->fs->umask; |
52 | opts->uid = current->uid; | 52 | opts->uid = current_uid(); |
53 | opts->gid = current->gid; | 53 | opts->gid = current_gid(); |
54 | opts->part = -1; | 54 | opts->part = -1; |
55 | opts->session = -1; | 55 | opts->session = -1; |
56 | } | 56 | } |
diff --git a/fs/hpfs/namei.c b/fs/hpfs/namei.c index 10783f3d265a..b649232dde97 100644 --- a/fs/hpfs/namei.c +++ b/fs/hpfs/namei.c | |||
@@ -92,11 +92,11 @@ static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
92 | inc_nlink(dir); | 92 | inc_nlink(dir); |
93 | insert_inode_hash(result); | 93 | insert_inode_hash(result); |
94 | 94 | ||
95 | if (result->i_uid != current->fsuid || | 95 | if (result->i_uid != current_fsuid() || |
96 | result->i_gid != current->fsgid || | 96 | result->i_gid != current_fsgid() || |
97 | result->i_mode != (mode | S_IFDIR)) { | 97 | result->i_mode != (mode | S_IFDIR)) { |
98 | result->i_uid = current->fsuid; | 98 | result->i_uid = current_fsuid(); |
99 | result->i_gid = current->fsgid; | 99 | result->i_gid = current_fsgid(); |
100 | result->i_mode = mode | S_IFDIR; | 100 | result->i_mode = mode | S_IFDIR; |
101 | hpfs_write_inode_nolock(result); | 101 | hpfs_write_inode_nolock(result); |
102 | } | 102 | } |
@@ -184,11 +184,11 @@ static int hpfs_create(struct inode *dir, struct dentry *dentry, int mode, struc | |||
184 | 184 | ||
185 | insert_inode_hash(result); | 185 | insert_inode_hash(result); |
186 | 186 | ||
187 | if (result->i_uid != current->fsuid || | 187 | if (result->i_uid != current_fsuid() || |
188 | result->i_gid != current->fsgid || | 188 | result->i_gid != current_fsgid() || |
189 | result->i_mode != (mode | S_IFREG)) { | 189 | result->i_mode != (mode | S_IFREG)) { |
190 | result->i_uid = current->fsuid; | 190 | result->i_uid = current_fsuid(); |
191 | result->i_gid = current->fsgid; | 191 | result->i_gid = current_fsgid(); |
192 | result->i_mode = mode | S_IFREG; | 192 | result->i_mode = mode | S_IFREG; |
193 | hpfs_write_inode_nolock(result); | 193 | hpfs_write_inode_nolock(result); |
194 | } | 194 | } |
@@ -247,8 +247,8 @@ static int hpfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t | |||
247 | result->i_mtime.tv_nsec = 0; | 247 | result->i_mtime.tv_nsec = 0; |
248 | result->i_atime.tv_nsec = 0; | 248 | result->i_atime.tv_nsec = 0; |
249 | hpfs_i(result)->i_ea_size = 0; | 249 | hpfs_i(result)->i_ea_size = 0; |
250 | result->i_uid = current->fsuid; | 250 | result->i_uid = current_fsuid(); |
251 | result->i_gid = current->fsgid; | 251 | result->i_gid = current_fsgid(); |
252 | result->i_nlink = 1; | 252 | result->i_nlink = 1; |
253 | result->i_size = 0; | 253 | result->i_size = 0; |
254 | result->i_blocks = 1; | 254 | result->i_blocks = 1; |
@@ -325,8 +325,8 @@ static int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *sy | |||
325 | result->i_atime.tv_nsec = 0; | 325 | result->i_atime.tv_nsec = 0; |
326 | hpfs_i(result)->i_ea_size = 0; | 326 | hpfs_i(result)->i_ea_size = 0; |
327 | result->i_mode = S_IFLNK | 0777; | 327 | result->i_mode = S_IFLNK | 0777; |
328 | result->i_uid = current->fsuid; | 328 | result->i_uid = current_fsuid(); |
329 | result->i_gid = current->fsgid; | 329 | result->i_gid = current_fsgid(); |
330 | result->i_blocks = 1; | 330 | result->i_blocks = 1; |
331 | result->i_nlink = 1; | 331 | result->i_nlink = 1; |
332 | result->i_size = strlen(symlink); | 332 | result->i_size = strlen(symlink); |
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c index 29ad461d568f..0d049b8919c4 100644 --- a/fs/hpfs/super.c +++ b/fs/hpfs/super.c | |||
@@ -475,8 +475,8 @@ static int hpfs_fill_super(struct super_block *s, void *options, int silent) | |||
475 | 475 | ||
476 | init_MUTEX(&sbi->hpfs_creation_de); | 476 | init_MUTEX(&sbi->hpfs_creation_de); |
477 | 477 | ||
478 | uid = current->uid; | 478 | uid = current_uid(); |
479 | gid = current->gid; | 479 | gid = current_gid(); |
480 | umask = current->fs->umask; | 480 | umask = current->fs->umask; |
481 | lowercase = 0; | 481 | lowercase = 0; |
482 | conv = CONV_BINARY; | 482 | conv = CONV_BINARY; |
diff --git a/fs/hppfs/hppfs.c b/fs/hppfs/hppfs.c index 2b3d1828db99..b278f7f52024 100644 --- a/fs/hppfs/hppfs.c +++ b/fs/hppfs/hppfs.c | |||
@@ -426,6 +426,7 @@ static int file_mode(int fmode) | |||
426 | 426 | ||
427 | static int hppfs_open(struct inode *inode, struct file *file) | 427 | static int hppfs_open(struct inode *inode, struct file *file) |
428 | { | 428 | { |
429 | const struct cred *cred = file->f_cred; | ||
429 | struct hppfs_private *data; | 430 | struct hppfs_private *data; |
430 | struct vfsmount *proc_mnt; | 431 | struct vfsmount *proc_mnt; |
431 | struct dentry *proc_dentry; | 432 | struct dentry *proc_dentry; |
@@ -446,7 +447,7 @@ static int hppfs_open(struct inode *inode, struct file *file) | |||
446 | 447 | ||
447 | /* XXX This isn't closed anywhere */ | 448 | /* XXX This isn't closed anywhere */ |
448 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), | 449 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), |
449 | file_mode(file->f_mode)); | 450 | file_mode(file->f_mode), cred); |
450 | err = PTR_ERR(data->proc_file); | 451 | err = PTR_ERR(data->proc_file); |
451 | if (IS_ERR(data->proc_file)) | 452 | if (IS_ERR(data->proc_file)) |
452 | goto out_free1; | 453 | goto out_free1; |
@@ -489,6 +490,7 @@ static int hppfs_open(struct inode *inode, struct file *file) | |||
489 | 490 | ||
490 | static int hppfs_dir_open(struct inode *inode, struct file *file) | 491 | static int hppfs_dir_open(struct inode *inode, struct file *file) |
491 | { | 492 | { |
493 | const struct cred *cred = file->f_cred; | ||
492 | struct hppfs_private *data; | 494 | struct hppfs_private *data; |
493 | struct vfsmount *proc_mnt; | 495 | struct vfsmount *proc_mnt; |
494 | struct dentry *proc_dentry; | 496 | struct dentry *proc_dentry; |
@@ -502,7 +504,7 @@ static int hppfs_dir_open(struct inode *inode, struct file *file) | |||
502 | proc_dentry = HPPFS_I(inode)->proc_dentry; | 504 | proc_dentry = HPPFS_I(inode)->proc_dentry; |
503 | proc_mnt = inode->i_sb->s_fs_info; | 505 | proc_mnt = inode->i_sb->s_fs_info; |
504 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), | 506 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), |
505 | file_mode(file->f_mode)); | 507 | file_mode(file->f_mode), cred); |
506 | err = PTR_ERR(data->proc_file); | 508 | err = PTR_ERR(data->proc_file); |
507 | if (IS_ERR(data->proc_file)) | 509 | if (IS_ERR(data->proc_file)) |
508 | goto out_free; | 510 | goto out_free; |
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 61edc701b0e6..7d479ce3aceb 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c | |||
@@ -551,9 +551,9 @@ static int hugetlbfs_mknod(struct inode *dir, | |||
551 | if (S_ISDIR(mode)) | 551 | if (S_ISDIR(mode)) |
552 | mode |= S_ISGID; | 552 | mode |= S_ISGID; |
553 | } else { | 553 | } else { |
554 | gid = current->fsgid; | 554 | gid = current_fsgid(); |
555 | } | 555 | } |
556 | inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, gid, mode, dev); | 556 | inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(), gid, mode, dev); |
557 | if (inode) { | 557 | if (inode) { |
558 | dir->i_ctime = dir->i_mtime = CURRENT_TIME; | 558 | dir->i_ctime = dir->i_mtime = CURRENT_TIME; |
559 | d_instantiate(dentry, inode); | 559 | d_instantiate(dentry, inode); |
@@ -586,9 +586,9 @@ static int hugetlbfs_symlink(struct inode *dir, | |||
586 | if (dir->i_mode & S_ISGID) | 586 | if (dir->i_mode & S_ISGID) |
587 | gid = dir->i_gid; | 587 | gid = dir->i_gid; |
588 | else | 588 | else |
589 | gid = current->fsgid; | 589 | gid = current_fsgid(); |
590 | 590 | ||
591 | inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, | 591 | inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(), |
592 | gid, S_IFLNK|S_IRWXUGO, 0); | 592 | gid, S_IFLNK|S_IRWXUGO, 0); |
593 | if (inode) { | 593 | if (inode) { |
594 | int l = strlen(symname)+1; | 594 | int l = strlen(symname)+1; |
@@ -854,8 +854,8 @@ hugetlbfs_fill_super(struct super_block *sb, void *data, int silent) | |||
854 | 854 | ||
855 | config.nr_blocks = -1; /* No limit on size by default */ | 855 | config.nr_blocks = -1; /* No limit on size by default */ |
856 | config.nr_inodes = -1; /* No limit on number of inodes by default */ | 856 | config.nr_inodes = -1; /* No limit on number of inodes by default */ |
857 | config.uid = current->fsuid; | 857 | config.uid = current_fsuid(); |
858 | config.gid = current->fsgid; | 858 | config.gid = current_fsgid(); |
859 | config.mode = 0755; | 859 | config.mode = 0755; |
860 | config.hstate = &default_hstate; | 860 | config.hstate = &default_hstate; |
861 | ret = hugetlbfs_parse_options(data, &config); | 861 | ret = hugetlbfs_parse_options(data, &config); |
@@ -951,6 +951,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
951 | struct inode *inode; | 951 | struct inode *inode; |
952 | struct dentry *dentry, *root; | 952 | struct dentry *dentry, *root; |
953 | struct qstr quick_string; | 953 | struct qstr quick_string; |
954 | struct user_struct *user = current_user(); | ||
954 | 955 | ||
955 | if (!hugetlbfs_vfsmount) | 956 | if (!hugetlbfs_vfsmount) |
956 | return ERR_PTR(-ENOENT); | 957 | return ERR_PTR(-ENOENT); |
@@ -958,7 +959,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
958 | if (!can_do_hugetlb_shm()) | 959 | if (!can_do_hugetlb_shm()) |
959 | return ERR_PTR(-EPERM); | 960 | return ERR_PTR(-EPERM); |
960 | 961 | ||
961 | if (!user_shm_lock(size, current->user)) | 962 | if (!user_shm_lock(size, user)) |
962 | return ERR_PTR(-ENOMEM); | 963 | return ERR_PTR(-ENOMEM); |
963 | 964 | ||
964 | root = hugetlbfs_vfsmount->mnt_root; | 965 | root = hugetlbfs_vfsmount->mnt_root; |
@@ -970,8 +971,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
970 | goto out_shm_unlock; | 971 | goto out_shm_unlock; |
971 | 972 | ||
972 | error = -ENOSPC; | 973 | error = -ENOSPC; |
973 | inode = hugetlbfs_get_inode(root->d_sb, current->fsuid, | 974 | inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(), |
974 | current->fsgid, S_IFREG | S_IRWXUGO, 0); | 975 | current_fsgid(), S_IFREG | S_IRWXUGO, 0); |
975 | if (!inode) | 976 | if (!inode) |
976 | goto out_dentry; | 977 | goto out_dentry; |
977 | 978 | ||
@@ -998,7 +999,7 @@ out_inode: | |||
998 | out_dentry: | 999 | out_dentry: |
999 | dput(dentry); | 1000 | dput(dentry); |
1000 | out_shm_unlock: | 1001 | out_shm_unlock: |
1001 | user_shm_unlock(size, current->user); | 1002 | user_shm_unlock(size, user); |
1002 | return ERR_PTR(error); | 1003 | return ERR_PTR(error); |
1003 | } | 1004 | } |
1004 | 1005 | ||
diff --git a/fs/inotify_user.c b/fs/inotify_user.c index d367e9b92862..e2425bbd871f 100644 --- a/fs/inotify_user.c +++ b/fs/inotify_user.c | |||
@@ -601,7 +601,7 @@ asmlinkage long sys_inotify_init1(int flags) | |||
601 | goto out_put_fd; | 601 | goto out_put_fd; |
602 | } | 602 | } |
603 | 603 | ||
604 | user = get_uid(current->user); | 604 | user = get_current_user(); |
605 | if (unlikely(atomic_read(&user->inotify_devs) >= | 605 | if (unlikely(atomic_read(&user->inotify_devs) >= |
606 | inotify_max_user_instances)) { | 606 | inotify_max_user_instances)) { |
607 | ret = -EMFILE; | 607 | ret = -EMFILE; |
diff --git a/fs/internal.h b/fs/internal.h index 80aa9a023372..53af885f1732 100644 --- a/fs/internal.h +++ b/fs/internal.h | |||
@@ -10,6 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | struct super_block; | 12 | struct super_block; |
13 | struct linux_binprm; | ||
13 | 14 | ||
14 | /* | 15 | /* |
15 | * block_dev.c | 16 | * block_dev.c |
@@ -40,6 +41,11 @@ static inline int sb_is_blkdev_sb(struct super_block *sb) | |||
40 | extern void __init chrdev_init(void); | 41 | extern void __init chrdev_init(void); |
41 | 42 | ||
42 | /* | 43 | /* |
44 | * exec.c | ||
45 | */ | ||
46 | extern void check_unsafe_exec(struct linux_binprm *); | ||
47 | |||
48 | /* | ||
43 | * namespace.c | 49 | * namespace.c |
44 | */ | 50 | */ |
45 | extern int copy_mount_options(const void __user *, unsigned long *); | 51 | extern int copy_mount_options(const void __user *, unsigned long *); |
diff --git a/fs/ioprio.c b/fs/ioprio.c index da3cc460d4df..3569e0ad86a2 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -31,10 +31,16 @@ static int set_task_ioprio(struct task_struct *task, int ioprio) | |||
31 | { | 31 | { |
32 | int err; | 32 | int err; |
33 | struct io_context *ioc; | 33 | struct io_context *ioc; |
34 | const struct cred *cred = current_cred(), *tcred; | ||
34 | 35 | ||
35 | if (task->uid != current->euid && | 36 | rcu_read_lock(); |
36 | task->uid != current->uid && !capable(CAP_SYS_NICE)) | 37 | tcred = __task_cred(task); |
38 | if (tcred->uid != cred->euid && | ||
39 | tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { | ||
40 | rcu_read_unlock(); | ||
37 | return -EPERM; | 41 | return -EPERM; |
42 | } | ||
43 | rcu_read_unlock(); | ||
38 | 44 | ||
39 | err = security_task_setioprio(task, ioprio); | 45 | err = security_task_setioprio(task, ioprio); |
40 | if (err) | 46 | if (err) |
@@ -123,7 +129,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
123 | break; | 129 | break; |
124 | case IOPRIO_WHO_USER: | 130 | case IOPRIO_WHO_USER: |
125 | if (!who) | 131 | if (!who) |
126 | user = current->user; | 132 | user = current_user(); |
127 | else | 133 | else |
128 | user = find_user(who); | 134 | user = find_user(who); |
129 | 135 | ||
@@ -131,7 +137,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
131 | break; | 137 | break; |
132 | 138 | ||
133 | do_each_thread(g, p) { | 139 | do_each_thread(g, p) { |
134 | if (p->uid != who) | 140 | if (__task_cred(p)->uid != who) |
135 | continue; | 141 | continue; |
136 | ret = set_task_ioprio(p, ioprio); | 142 | ret = set_task_ioprio(p, ioprio); |
137 | if (ret) | 143 | if (ret) |
@@ -216,7 +222,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
216 | break; | 222 | break; |
217 | case IOPRIO_WHO_USER: | 223 | case IOPRIO_WHO_USER: |
218 | if (!who) | 224 | if (!who) |
219 | user = current->user; | 225 | user = current_user(); |
220 | else | 226 | else |
221 | user = find_user(who); | 227 | user = find_user(who); |
222 | 228 | ||
@@ -224,7 +230,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
224 | break; | 230 | break; |
225 | 231 | ||
226 | do_each_thread(g, p) { | 232 | do_each_thread(g, p) { |
227 | if (p->uid != user->uid) | 233 | if (__task_cred(p)->uid != user->uid) |
228 | continue; | 234 | continue; |
229 | tmpio = get_task_ioprio(p); | 235 | tmpio = get_task_ioprio(p); |
230 | if (tmpio < 0) | 236 | if (tmpio < 0) |
diff --git a/fs/jfs/jfs_inode.c b/fs/jfs/jfs_inode.c index ed6574bee51a..70022fd1c539 100644 --- a/fs/jfs/jfs_inode.c +++ b/fs/jfs/jfs_inode.c | |||
@@ -93,13 +93,13 @@ struct inode *ialloc(struct inode *parent, umode_t mode) | |||
93 | return ERR_PTR(rc); | 93 | return ERR_PTR(rc); |
94 | } | 94 | } |
95 | 95 | ||
96 | inode->i_uid = current->fsuid; | 96 | inode->i_uid = current_fsuid(); |
97 | if (parent->i_mode & S_ISGID) { | 97 | if (parent->i_mode & S_ISGID) { |
98 | inode->i_gid = parent->i_gid; | 98 | inode->i_gid = parent->i_gid; |
99 | if (S_ISDIR(mode)) | 99 | if (S_ISDIR(mode)) |
100 | mode |= S_ISGID; | 100 | mode |= S_ISGID; |
101 | } else | 101 | } else |
102 | inode->i_gid = current->fsgid; | 102 | inode->i_gid = current_fsgid(); |
103 | 103 | ||
104 | /* | 104 | /* |
105 | * New inodes need to save sane values on disk when | 105 | * New inodes need to save sane values on disk when |
diff --git a/fs/locks.c b/fs/locks.c index 09062e3ff104..46a2e12f7d42 100644 --- a/fs/locks.c +++ b/fs/locks.c | |||
@@ -1349,7 +1349,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) | |||
1349 | struct inode *inode = dentry->d_inode; | 1349 | struct inode *inode = dentry->d_inode; |
1350 | int error, rdlease_count = 0, wrlease_count = 0; | 1350 | int error, rdlease_count = 0, wrlease_count = 0; |
1351 | 1351 | ||
1352 | if ((current->fsuid != inode->i_uid) && !capable(CAP_LEASE)) | 1352 | if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE)) |
1353 | return -EACCES; | 1353 | return -EACCES; |
1354 | if (!S_ISREG(inode->i_mode)) | 1354 | if (!S_ISREG(inode->i_mode)) |
1355 | return -EINVAL; | 1355 | return -EINVAL; |
diff --git a/fs/minix/bitmap.c b/fs/minix/bitmap.c index 703cc35e04b9..3aebe322271a 100644 --- a/fs/minix/bitmap.c +++ b/fs/minix/bitmap.c | |||
@@ -262,8 +262,8 @@ struct inode * minix_new_inode(const struct inode * dir, int * error) | |||
262 | iput(inode); | 262 | iput(inode); |
263 | return NULL; | 263 | return NULL; |
264 | } | 264 | } |
265 | inode->i_uid = current->fsuid; | 265 | inode->i_uid = current_fsuid(); |
266 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; | 266 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid(); |
267 | inode->i_ino = j; | 267 | inode->i_ino = j; |
268 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 268 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
269 | inode->i_blocks = 0; | 269 | inode->i_blocks = 0; |
diff --git a/fs/namei.c b/fs/namei.c index d34e0f9681c6..af3783fff1de 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -186,7 +186,7 @@ int generic_permission(struct inode *inode, int mask, | |||
186 | 186 | ||
187 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | 187 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; |
188 | 188 | ||
189 | if (current->fsuid == inode->i_uid) | 189 | if (current_fsuid() == inode->i_uid) |
190 | mode >>= 6; | 190 | mode >>= 6; |
191 | else { | 191 | else { |
192 | if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { | 192 | if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { |
@@ -441,7 +441,7 @@ static int exec_permission_lite(struct inode *inode) | |||
441 | if (inode->i_op && inode->i_op->permission) | 441 | if (inode->i_op && inode->i_op->permission) |
442 | return -EAGAIN; | 442 | return -EAGAIN; |
443 | 443 | ||
444 | if (current->fsuid == inode->i_uid) | 444 | if (current_fsuid() == inode->i_uid) |
445 | mode >>= 6; | 445 | mode >>= 6; |
446 | else if (in_group_p(inode->i_gid)) | 446 | else if (in_group_p(inode->i_gid)) |
447 | mode >>= 3; | 447 | mode >>= 3; |
@@ -1334,11 +1334,13 @@ static int user_path_parent(int dfd, const char __user *path, | |||
1334 | */ | 1334 | */ |
1335 | static inline int check_sticky(struct inode *dir, struct inode *inode) | 1335 | static inline int check_sticky(struct inode *dir, struct inode *inode) |
1336 | { | 1336 | { |
1337 | uid_t fsuid = current_fsuid(); | ||
1338 | |||
1337 | if (!(dir->i_mode & S_ISVTX)) | 1339 | if (!(dir->i_mode & S_ISVTX)) |
1338 | return 0; | 1340 | return 0; |
1339 | if (inode->i_uid == current->fsuid) | 1341 | if (inode->i_uid == fsuid) |
1340 | return 0; | 1342 | return 0; |
1341 | if (dir->i_uid == current->fsuid) | 1343 | if (dir->i_uid == fsuid) |
1342 | return 0; | 1344 | return 0; |
1343 | return !capable(CAP_FOWNER); | 1345 | return !capable(CAP_FOWNER); |
1344 | } | 1346 | } |
diff --git a/fs/namespace.c b/fs/namespace.c index 65b3dc844c87..1c09cab8f7cf 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
@@ -1176,7 +1176,7 @@ static int mount_is_safe(struct path *path) | |||
1176 | if (S_ISLNK(path->dentry->d_inode->i_mode)) | 1176 | if (S_ISLNK(path->dentry->d_inode->i_mode)) |
1177 | return -EPERM; | 1177 | return -EPERM; |
1178 | if (path->dentry->d_inode->i_mode & S_ISVTX) { | 1178 | if (path->dentry->d_inode->i_mode & S_ISVTX) { |
1179 | if (current->uid != path->dentry->d_inode->i_uid) | 1179 | if (current_uid() != path->dentry->d_inode->i_uid) |
1180 | return -EPERM; | 1180 | return -EPERM; |
1181 | } | 1181 | } |
1182 | if (inode_permission(path->dentry->d_inode, MAY_WRITE)) | 1182 | if (inode_permission(path->dentry->d_inode, MAY_WRITE)) |
diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c index 3a97c95e1ca2..6d04e050c74e 100644 --- a/fs/ncpfs/ioctl.c +++ b/fs/ncpfs/ioctl.c | |||
@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file, | |||
40 | struct inode *inode = file->f_path.dentry->d_inode; | 40 | struct inode *inode = file->f_path.dentry->d_inode; |
41 | struct ncp_fs_info info; | 41 | struct ncp_fs_info info; |
42 | 42 | ||
43 | if ((file_permission(file, MAY_WRITE) != 0) | 43 | if (file_permission(file, MAY_WRITE) != 0 |
44 | && (current->uid != server->m.mounted_uid)) { | 44 | && current_uid() != server->m.mounted_uid) |
45 | return -EACCES; | 45 | return -EACCES; |
46 | } | 46 | |
47 | if (copy_from_user(&info, arg, sizeof(info))) | 47 | if (copy_from_user(&info, arg, sizeof(info))) |
48 | return -EFAULT; | 48 | return -EFAULT; |
49 | 49 | ||
@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file, | |||
70 | struct inode *inode = file->f_path.dentry->d_inode; | 70 | struct inode *inode = file->f_path.dentry->d_inode; |
71 | struct ncp_fs_info_v2 info2; | 71 | struct ncp_fs_info_v2 info2; |
72 | 72 | ||
73 | if ((file_permission(file, MAY_WRITE) != 0) | 73 | if (file_permission(file, MAY_WRITE) != 0 |
74 | && (current->uid != server->m.mounted_uid)) { | 74 | && current_uid() != server->m.mounted_uid) |
75 | return -EACCES; | 75 | return -EACCES; |
76 | } | 76 | |
77 | if (copy_from_user(&info2, arg, sizeof(info2))) | 77 | if (copy_from_user(&info2, arg, sizeof(info2))) |
78 | return -EFAULT; | 78 | return -EFAULT; |
79 | 79 | ||
@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file, | |||
141 | struct inode *inode = file->f_path.dentry->d_inode; | 141 | struct inode *inode = file->f_path.dentry->d_inode; |
142 | struct compat_ncp_fs_info_v2 info2; | 142 | struct compat_ncp_fs_info_v2 info2; |
143 | 143 | ||
144 | if ((file_permission(file, MAY_WRITE) != 0) | 144 | if (file_permission(file, MAY_WRITE) != 0 |
145 | && (current->uid != server->m.mounted_uid)) { | 145 | && current_uid() != server->m.mounted_uid) |
146 | return -EACCES; | 146 | return -EACCES; |
147 | } | 147 | |
148 | if (copy_from_user(&info2, arg, sizeof(info2))) | 148 | if (copy_from_user(&info2, arg, sizeof(info2))) |
149 | return -EFAULT; | 149 | return -EFAULT; |
150 | 150 | ||
@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
270 | struct ncp_ioctl_request request; | 270 | struct ncp_ioctl_request request; |
271 | char* bouncebuffer; | 271 | char* bouncebuffer; |
272 | void __user *argp = (void __user *)arg; | 272 | void __user *argp = (void __user *)arg; |
273 | uid_t uid = current_uid(); | ||
273 | 274 | ||
274 | switch (cmd) { | 275 | switch (cmd) { |
275 | #ifdef CONFIG_COMPAT | 276 | #ifdef CONFIG_COMPAT |
276 | case NCP_IOC_NCPREQUEST_32: | 277 | case NCP_IOC_NCPREQUEST_32: |
277 | #endif | 278 | #endif |
278 | case NCP_IOC_NCPREQUEST: | 279 | case NCP_IOC_NCPREQUEST: |
279 | if ((file_permission(filp, MAY_WRITE) != 0) | 280 | if (file_permission(filp, MAY_WRITE) != 0 |
280 | && (current->uid != server->m.mounted_uid)) { | 281 | && uid != server->m.mounted_uid) |
281 | return -EACCES; | 282 | return -EACCES; |
282 | } | 283 | |
283 | #ifdef CONFIG_COMPAT | 284 | #ifdef CONFIG_COMPAT |
284 | if (cmd == NCP_IOC_NCPREQUEST_32) { | 285 | if (cmd == NCP_IOC_NCPREQUEST_32) { |
285 | struct compat_ncp_ioctl_request request32; | 286 | struct compat_ncp_ioctl_request request32; |
@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
356 | case NCP_IOC_GETMOUNTUID16: | 357 | case NCP_IOC_GETMOUNTUID16: |
357 | case NCP_IOC_GETMOUNTUID32: | 358 | case NCP_IOC_GETMOUNTUID32: |
358 | case NCP_IOC_GETMOUNTUID64: | 359 | case NCP_IOC_GETMOUNTUID64: |
359 | if ((file_permission(filp, MAY_READ) != 0) | 360 | if (file_permission(filp, MAY_READ) != 0 |
360 | && (current->uid != server->m.mounted_uid)) { | 361 | && uid != server->m.mounted_uid) |
361 | return -EACCES; | 362 | return -EACCES; |
362 | } | 363 | |
363 | if (cmd == NCP_IOC_GETMOUNTUID16) { | 364 | if (cmd == NCP_IOC_GETMOUNTUID16) { |
364 | u16 uid; | 365 | u16 uid; |
365 | SET_UID(uid, server->m.mounted_uid); | 366 | SET_UID(uid, server->m.mounted_uid); |
@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
380 | { | 381 | { |
381 | struct ncp_setroot_ioctl sr; | 382 | struct ncp_setroot_ioctl sr; |
382 | 383 | ||
383 | if ((file_permission(filp, MAY_READ) != 0) | 384 | if (file_permission(filp, MAY_READ) != 0 |
384 | && (current->uid != server->m.mounted_uid)) | 385 | && uid != server->m.mounted_uid) |
385 | { | ||
386 | return -EACCES; | 386 | return -EACCES; |
387 | } | 387 | |
388 | if (server->m.mounted_vol[0]) { | 388 | if (server->m.mounted_vol[0]) { |
389 | struct dentry* dentry = inode->i_sb->s_root; | 389 | struct dentry* dentry = inode->i_sb->s_root; |
390 | 390 | ||
@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
408 | return -EFAULT; | 408 | return -EFAULT; |
409 | return 0; | 409 | return 0; |
410 | } | 410 | } |
411 | |||
411 | case NCP_IOC_SETROOT: | 412 | case NCP_IOC_SETROOT: |
412 | { | 413 | { |
413 | struct ncp_setroot_ioctl sr; | 414 | struct ncp_setroot_ioctl sr; |
@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
455 | 456 | ||
456 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | 457 | #ifdef CONFIG_NCPFS_PACKET_SIGNING |
457 | case NCP_IOC_SIGN_INIT: | 458 | case NCP_IOC_SIGN_INIT: |
458 | if ((file_permission(filp, MAY_WRITE) != 0) | 459 | if (file_permission(filp, MAY_WRITE) != 0 |
459 | && (current->uid != server->m.mounted_uid)) | 460 | && uid != server->m.mounted_uid) |
460 | { | ||
461 | return -EACCES; | 461 | return -EACCES; |
462 | } | 462 | |
463 | if (argp) { | 463 | if (argp) { |
464 | if (server->sign_wanted) | 464 | if (server->sign_wanted) |
465 | { | 465 | { |
@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
478 | return 0; | 478 | return 0; |
479 | 479 | ||
480 | case NCP_IOC_SIGN_WANTED: | 480 | case NCP_IOC_SIGN_WANTED: |
481 | if ((file_permission(filp, MAY_READ) != 0) | 481 | if (file_permission(filp, MAY_READ) != 0 |
482 | && (current->uid != server->m.mounted_uid)) | 482 | && uid != server->m.mounted_uid) |
483 | { | ||
484 | return -EACCES; | 483 | return -EACCES; |
485 | } | ||
486 | 484 | ||
487 | if (put_user(server->sign_wanted, (int __user *)argp)) | 485 | if (put_user(server->sign_wanted, (int __user *)argp)) |
488 | return -EFAULT; | 486 | return -EFAULT; |
489 | return 0; | 487 | return 0; |
488 | |||
490 | case NCP_IOC_SET_SIGN_WANTED: | 489 | case NCP_IOC_SET_SIGN_WANTED: |
491 | { | 490 | { |
492 | int newstate; | 491 | int newstate; |
493 | 492 | ||
494 | if ((file_permission(filp, MAY_WRITE) != 0) | 493 | if (file_permission(filp, MAY_WRITE) != 0 |
495 | && (current->uid != server->m.mounted_uid)) | 494 | && uid != server->m.mounted_uid) |
496 | { | ||
497 | return -EACCES; | 495 | return -EACCES; |
498 | } | 496 | |
499 | /* get only low 8 bits... */ | 497 | /* get only low 8 bits... */ |
500 | if (get_user(newstate, (unsigned char __user *)argp)) | 498 | if (get_user(newstate, (unsigned char __user *)argp)) |
501 | return -EFAULT; | 499 | return -EFAULT; |
@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
512 | 510 | ||
513 | #ifdef CONFIG_NCPFS_IOCTL_LOCKING | 511 | #ifdef CONFIG_NCPFS_IOCTL_LOCKING |
514 | case NCP_IOC_LOCKUNLOCK: | 512 | case NCP_IOC_LOCKUNLOCK: |
515 | if ((file_permission(filp, MAY_WRITE) != 0) | 513 | if (file_permission(filp, MAY_WRITE) != 0 |
516 | && (current->uid != server->m.mounted_uid)) | 514 | && uid != server->m.mounted_uid) |
517 | { | ||
518 | return -EACCES; | 515 | return -EACCES; |
519 | } | 516 | |
520 | { | 517 | { |
521 | struct ncp_lock_ioctl rqdata; | 518 | struct ncp_lock_ioctl rqdata; |
522 | 519 | ||
@@ -585,9 +582,8 @@ outrel: | |||
585 | 582 | ||
586 | #ifdef CONFIG_COMPAT | 583 | #ifdef CONFIG_COMPAT |
587 | case NCP_IOC_GETOBJECTNAME_32: | 584 | case NCP_IOC_GETOBJECTNAME_32: |
588 | if (current->uid != server->m.mounted_uid) { | 585 | if (uid != server->m.mounted_uid) |
589 | return -EACCES; | 586 | return -EACCES; |
590 | } | ||
591 | { | 587 | { |
592 | struct compat_ncp_objectname_ioctl user; | 588 | struct compat_ncp_objectname_ioctl user; |
593 | size_t outl; | 589 | size_t outl; |
@@ -609,10 +605,10 @@ outrel: | |||
609 | return 0; | 605 | return 0; |
610 | } | 606 | } |
611 | #endif | 607 | #endif |
608 | |||
612 | case NCP_IOC_GETOBJECTNAME: | 609 | case NCP_IOC_GETOBJECTNAME: |
613 | if (current->uid != server->m.mounted_uid) { | 610 | if (uid != server->m.mounted_uid) |
614 | return -EACCES; | 611 | return -EACCES; |
615 | } | ||
616 | { | 612 | { |
617 | struct ncp_objectname_ioctl user; | 613 | struct ncp_objectname_ioctl user; |
618 | size_t outl; | 614 | size_t outl; |
@@ -633,13 +629,13 @@ outrel: | |||
633 | return -EFAULT; | 629 | return -EFAULT; |
634 | return 0; | 630 | return 0; |
635 | } | 631 | } |
632 | |||
636 | #ifdef CONFIG_COMPAT | 633 | #ifdef CONFIG_COMPAT |
637 | case NCP_IOC_SETOBJECTNAME_32: | 634 | case NCP_IOC_SETOBJECTNAME_32: |
638 | #endif | 635 | #endif |
639 | case NCP_IOC_SETOBJECTNAME: | 636 | case NCP_IOC_SETOBJECTNAME: |
640 | if (current->uid != server->m.mounted_uid) { | 637 | if (uid != server->m.mounted_uid) |
641 | return -EACCES; | 638 | return -EACCES; |
642 | } | ||
643 | { | 639 | { |
644 | struct ncp_objectname_ioctl user; | 640 | struct ncp_objectname_ioctl user; |
645 | void* newname; | 641 | void* newname; |
@@ -691,13 +687,13 @@ outrel: | |||
691 | kfree(oldname); | 687 | kfree(oldname); |
692 | return 0; | 688 | return 0; |
693 | } | 689 | } |
690 | |||
694 | #ifdef CONFIG_COMPAT | 691 | #ifdef CONFIG_COMPAT |
695 | case NCP_IOC_GETPRIVATEDATA_32: | 692 | case NCP_IOC_GETPRIVATEDATA_32: |
696 | #endif | 693 | #endif |
697 | case NCP_IOC_GETPRIVATEDATA: | 694 | case NCP_IOC_GETPRIVATEDATA: |
698 | if (current->uid != server->m.mounted_uid) { | 695 | if (uid != server->m.mounted_uid) |
699 | return -EACCES; | 696 | return -EACCES; |
700 | } | ||
701 | { | 697 | { |
702 | struct ncp_privatedata_ioctl user; | 698 | struct ncp_privatedata_ioctl user; |
703 | size_t outl; | 699 | size_t outl; |
@@ -736,13 +732,13 @@ outrel: | |||
736 | 732 | ||
737 | return 0; | 733 | return 0; |
738 | } | 734 | } |
735 | |||
739 | #ifdef CONFIG_COMPAT | 736 | #ifdef CONFIG_COMPAT |
740 | case NCP_IOC_SETPRIVATEDATA_32: | 737 | case NCP_IOC_SETPRIVATEDATA_32: |
741 | #endif | 738 | #endif |
742 | case NCP_IOC_SETPRIVATEDATA: | 739 | case NCP_IOC_SETPRIVATEDATA: |
743 | if (current->uid != server->m.mounted_uid) { | 740 | if (uid != server->m.mounted_uid) |
744 | return -EACCES; | 741 | return -EACCES; |
745 | } | ||
746 | { | 742 | { |
747 | struct ncp_privatedata_ioctl user; | 743 | struct ncp_privatedata_ioctl user; |
748 | void* new; | 744 | void* new; |
@@ -794,9 +790,10 @@ outrel: | |||
794 | #endif /* CONFIG_NCPFS_NLS */ | 790 | #endif /* CONFIG_NCPFS_NLS */ |
795 | 791 | ||
796 | case NCP_IOC_SETDENTRYTTL: | 792 | case NCP_IOC_SETDENTRYTTL: |
797 | if ((file_permission(filp, MAY_WRITE) != 0) && | 793 | if (file_permission(filp, MAY_WRITE) != 0 && |
798 | (current->uid != server->m.mounted_uid)) | 794 | uid != server->m.mounted_uid) |
799 | return -EACCES; | 795 | return -EACCES; |
796 | |||
800 | { | 797 | { |
801 | u_int32_t user; | 798 | u_int32_t user; |
802 | 799 | ||
diff --git a/fs/nfsctl.c b/fs/nfsctl.c index aed8145d9087..b1acbd6ab6fb 100644 --- a/fs/nfsctl.c +++ b/fs/nfsctl.c | |||
@@ -10,6 +10,8 @@ | |||
10 | #include <linux/sunrpc/svc.h> | 10 | #include <linux/sunrpc/svc.h> |
11 | #include <linux/nfsd/nfsd.h> | 11 | #include <linux/nfsd/nfsd.h> |
12 | #include <linux/nfsd/syscall.h> | 12 | #include <linux/nfsd/syscall.h> |
13 | #include <linux/cred.h> | ||
14 | #include <linux/sched.h> | ||
13 | #include <linux/linkage.h> | 15 | #include <linux/linkage.h> |
14 | #include <linux/namei.h> | 16 | #include <linux/namei.h> |
15 | #include <linux/mount.h> | 17 | #include <linux/mount.h> |
@@ -41,7 +43,8 @@ static struct file *do_open(char *name, int flags) | |||
41 | error = may_open(&nd, MAY_WRITE, FMODE_WRITE); | 43 | error = may_open(&nd, MAY_WRITE, FMODE_WRITE); |
42 | 44 | ||
43 | if (!error) | 45 | if (!error) |
44 | return dentry_open(nd.path.dentry, nd.path.mnt, flags); | 46 | return dentry_open(nd.path.dentry, nd.path.mnt, flags, |
47 | current_cred()); | ||
45 | 48 | ||
46 | path_put(&nd.path); | 49 | path_put(&nd.path); |
47 | return ERR_PTR(error); | 50 | return ERR_PTR(error); |
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 294992e9bf69..0184fe9b514c 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
@@ -27,53 +27,70 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) | |||
27 | 27 | ||
28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | 28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) |
29 | { | 29 | { |
30 | struct svc_cred cred = rqstp->rq_cred; | 30 | struct group_info *rqgi; |
31 | struct group_info *gi; | ||
32 | struct cred *new; | ||
31 | int i; | 33 | int i; |
32 | int flags = nfsexp_flags(rqstp, exp); | 34 | int flags = nfsexp_flags(rqstp, exp); |
33 | int ret; | 35 | int ret; |
34 | 36 | ||
37 | /* discard any old override before preparing the new set */ | ||
38 | revert_creds(get_cred(current->real_cred)); | ||
39 | new = prepare_creds(); | ||
40 | if (!new) | ||
41 | return -ENOMEM; | ||
42 | |||
43 | new->fsuid = rqstp->rq_cred.cr_uid; | ||
44 | new->fsgid = rqstp->rq_cred.cr_gid; | ||
45 | |||
46 | rqgi = rqstp->rq_cred.cr_group_info; | ||
47 | |||
35 | if (flags & NFSEXP_ALLSQUASH) { | 48 | if (flags & NFSEXP_ALLSQUASH) { |
36 | cred.cr_uid = exp->ex_anon_uid; | 49 | new->fsuid = exp->ex_anon_uid; |
37 | cred.cr_gid = exp->ex_anon_gid; | 50 | new->fsgid = exp->ex_anon_gid; |
38 | cred.cr_group_info = groups_alloc(0); | 51 | gi = groups_alloc(0); |
39 | } else if (flags & NFSEXP_ROOTSQUASH) { | 52 | } else if (flags & NFSEXP_ROOTSQUASH) { |
40 | struct group_info *gi; | 53 | if (!new->fsuid) |
41 | if (!cred.cr_uid) | 54 | new->fsuid = exp->ex_anon_uid; |
42 | cred.cr_uid = exp->ex_anon_uid; | 55 | if (!new->fsgid) |
43 | if (!cred.cr_gid) | 56 | new->fsgid = exp->ex_anon_gid; |
44 | cred.cr_gid = exp->ex_anon_gid; | ||
45 | gi = groups_alloc(cred.cr_group_info->ngroups); | ||
46 | if (gi) | ||
47 | for (i = 0; i < cred.cr_group_info->ngroups; i++) { | ||
48 | if (!GROUP_AT(cred.cr_group_info, i)) | ||
49 | GROUP_AT(gi, i) = exp->ex_anon_gid; | ||
50 | else | ||
51 | GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i); | ||
52 | } | ||
53 | cred.cr_group_info = gi; | ||
54 | } else | ||
55 | get_group_info(cred.cr_group_info); | ||
56 | |||
57 | if (cred.cr_uid != (uid_t) -1) | ||
58 | current->fsuid = cred.cr_uid; | ||
59 | else | ||
60 | current->fsuid = exp->ex_anon_uid; | ||
61 | if (cred.cr_gid != (gid_t) -1) | ||
62 | current->fsgid = cred.cr_gid; | ||
63 | else | ||
64 | current->fsgid = exp->ex_anon_gid; | ||
65 | 57 | ||
66 | if (!cred.cr_group_info) | 58 | gi = groups_alloc(rqgi->ngroups); |
67 | return -ENOMEM; | 59 | if (!gi) |
68 | ret = set_current_groups(cred.cr_group_info); | 60 | goto oom; |
69 | put_group_info(cred.cr_group_info); | 61 | |
70 | if ((cred.cr_uid)) { | 62 | for (i = 0; i < rqgi->ngroups; i++) { |
71 | current->cap_effective = | 63 | if (!GROUP_AT(rqgi, i)) |
72 | cap_drop_nfsd_set(current->cap_effective); | 64 | GROUP_AT(gi, i) = exp->ex_anon_gid; |
65 | else | ||
66 | GROUP_AT(gi, i) = GROUP_AT(rqgi, i); | ||
67 | } | ||
73 | } else { | 68 | } else { |
74 | current->cap_effective = | 69 | gi = get_group_info(rqgi); |
75 | cap_raise_nfsd_set(current->cap_effective, | ||
76 | current->cap_permitted); | ||
77 | } | 70 | } |
71 | |||
72 | if (new->fsuid == (uid_t) -1) | ||
73 | new->fsuid = exp->ex_anon_uid; | ||
74 | if (new->fsgid == (gid_t) -1) | ||
75 | new->fsgid = exp->ex_anon_gid; | ||
76 | |||
77 | ret = set_groups(new, gi); | ||
78 | put_group_info(gi); | ||
79 | if (!ret) | ||
80 | goto error; | ||
81 | |||
82 | if (new->uid) | ||
83 | new->cap_effective = cap_drop_nfsd_set(new->cap_effective); | ||
84 | else | ||
85 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, | ||
86 | new->cap_permitted); | ||
87 | put_cred(override_creds(new)); | ||
88 | return 0; | ||
89 | |||
90 | oom: | ||
91 | ret = -ENOMEM; | ||
92 | error: | ||
93 | abort_creds(new); | ||
78 | return ret; | 94 | return ret; |
79 | } | 95 | } |
96 | |||
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index b79ec930d9f1..0f9d6efaa62b 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c | |||
@@ -54,20 +54,26 @@ | |||
54 | static struct path rec_dir; | 54 | static struct path rec_dir; |
55 | static int rec_dir_init = 0; | 55 | static int rec_dir_init = 0; |
56 | 56 | ||
57 | static void | 57 | static int |
58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) | 58 | nfs4_save_creds(const struct cred **original_creds) |
59 | { | 59 | { |
60 | *saveuid = current->fsuid; | 60 | struct cred *new; |
61 | *savegid = current->fsgid; | 61 | |
62 | current->fsuid = 0; | 62 | new = prepare_creds(); |
63 | current->fsgid = 0; | 63 | if (!new) |
64 | return -ENOMEM; | ||
65 | |||
66 | new->fsuid = 0; | ||
67 | new->fsgid = 0; | ||
68 | *original_creds = override_creds(new); | ||
69 | put_cred(new); | ||
70 | return 0; | ||
64 | } | 71 | } |
65 | 72 | ||
66 | static void | 73 | static void |
67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) | 74 | nfs4_reset_creds(const struct cred *original) |
68 | { | 75 | { |
69 | current->fsuid = saveuid; | 76 | revert_creds(original); |
70 | current->fsgid = savegid; | ||
71 | } | 77 | } |
72 | 78 | ||
73 | static void | 79 | static void |
@@ -129,10 +135,9 @@ nfsd4_sync_rec_dir(void) | |||
129 | int | 135 | int |
130 | nfsd4_create_clid_dir(struct nfs4_client *clp) | 136 | nfsd4_create_clid_dir(struct nfs4_client *clp) |
131 | { | 137 | { |
138 | const struct cred *original_cred; | ||
132 | char *dname = clp->cl_recdir; | 139 | char *dname = clp->cl_recdir; |
133 | struct dentry *dentry; | 140 | struct dentry *dentry; |
134 | uid_t uid; | ||
135 | gid_t gid; | ||
136 | int status; | 141 | int status; |
137 | 142 | ||
138 | dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname); | 143 | dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname); |
@@ -140,7 +145,9 @@ nfsd4_create_clid_dir(struct nfs4_client *clp) | |||
140 | if (!rec_dir_init || clp->cl_firststate) | 145 | if (!rec_dir_init || clp->cl_firststate) |
141 | return 0; | 146 | return 0; |
142 | 147 | ||
143 | nfs4_save_user(&uid, &gid); | 148 | status = nfs4_save_creds(&original_cred); |
149 | if (status < 0) | ||
150 | return status; | ||
144 | 151 | ||
145 | /* lock the parent */ | 152 | /* lock the parent */ |
146 | mutex_lock(&rec_dir.dentry->d_inode->i_mutex); | 153 | mutex_lock(&rec_dir.dentry->d_inode->i_mutex); |
@@ -168,7 +175,7 @@ out_unlock: | |||
168 | clp->cl_firststate = 1; | 175 | clp->cl_firststate = 1; |
169 | nfsd4_sync_rec_dir(); | 176 | nfsd4_sync_rec_dir(); |
170 | } | 177 | } |
171 | nfs4_reset_user(uid, gid); | 178 | nfs4_reset_creds(original_cred); |
172 | dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status); | 179 | dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status); |
173 | return status; | 180 | return status; |
174 | } | 181 | } |
@@ -211,26 +218,29 @@ nfsd4_build_dentrylist(void *arg, const char *name, int namlen, | |||
211 | static int | 218 | static int |
212 | nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f) | 219 | nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f) |
213 | { | 220 | { |
221 | const struct cred *original_cred; | ||
214 | struct file *filp; | 222 | struct file *filp; |
215 | struct dentry_list_arg dla = { | 223 | struct dentry_list_arg dla = { |
216 | .parent = dir, | 224 | .parent = dir, |
217 | }; | 225 | }; |
218 | struct list_head *dentries = &dla.dentries; | 226 | struct list_head *dentries = &dla.dentries; |
219 | struct dentry_list *child; | 227 | struct dentry_list *child; |
220 | uid_t uid; | ||
221 | gid_t gid; | ||
222 | int status; | 228 | int status; |
223 | 229 | ||
224 | if (!rec_dir_init) | 230 | if (!rec_dir_init) |
225 | return 0; | 231 | return 0; |
226 | 232 | ||
227 | nfs4_save_user(&uid, &gid); | 233 | status = nfs4_save_creds(&original_cred); |
234 | if (status < 0) | ||
235 | return status; | ||
228 | INIT_LIST_HEAD(dentries); | 236 | INIT_LIST_HEAD(dentries); |
229 | 237 | ||
230 | filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY); | 238 | filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY, |
239 | current_cred()); | ||
231 | status = PTR_ERR(filp); | 240 | status = PTR_ERR(filp); |
232 | if (IS_ERR(filp)) | 241 | if (IS_ERR(filp)) |
233 | goto out; | 242 | goto out; |
243 | INIT_LIST_HEAD(dentries); | ||
234 | status = vfs_readdir(filp, nfsd4_build_dentrylist, &dla); | 244 | status = vfs_readdir(filp, nfsd4_build_dentrylist, &dla); |
235 | fput(filp); | 245 | fput(filp); |
236 | while (!list_empty(dentries)) { | 246 | while (!list_empty(dentries)) { |
@@ -249,7 +259,7 @@ out: | |||
249 | dput(child->dentry); | 259 | dput(child->dentry); |
250 | kfree(child); | 260 | kfree(child); |
251 | } | 261 | } |
252 | nfs4_reset_user(uid, gid); | 262 | nfs4_reset_creds(original_cred); |
253 | return status; | 263 | return status; |
254 | } | 264 | } |
255 | 265 | ||
@@ -311,8 +321,7 @@ out: | |||
311 | void | 321 | void |
312 | nfsd4_remove_clid_dir(struct nfs4_client *clp) | 322 | nfsd4_remove_clid_dir(struct nfs4_client *clp) |
313 | { | 323 | { |
314 | uid_t uid; | 324 | const struct cred *original_cred; |
315 | gid_t gid; | ||
316 | int status; | 325 | int status; |
317 | 326 | ||
318 | if (!rec_dir_init || !clp->cl_firststate) | 327 | if (!rec_dir_init || !clp->cl_firststate) |
@@ -322,9 +331,13 @@ nfsd4_remove_clid_dir(struct nfs4_client *clp) | |||
322 | if (status) | 331 | if (status) |
323 | goto out; | 332 | goto out; |
324 | clp->cl_firststate = 0; | 333 | clp->cl_firststate = 0; |
325 | nfs4_save_user(&uid, &gid); | 334 | |
335 | status = nfs4_save_creds(&original_cred); | ||
336 | if (status < 0) | ||
337 | goto out; | ||
338 | |||
326 | status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1); | 339 | status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1); |
327 | nfs4_reset_user(uid, gid); | 340 | nfs4_reset_creds(original_cred); |
328 | if (status == 0) | 341 | if (status == 0) |
329 | nfsd4_sync_rec_dir(); | 342 | nfsd4_sync_rec_dir(); |
330 | mnt_drop_write(rec_dir.mnt); | 343 | mnt_drop_write(rec_dir.mnt); |
@@ -401,16 +414,21 @@ nfsd4_recdir_load(void) { | |||
401 | void | 414 | void |
402 | nfsd4_init_recdir(char *rec_dirname) | 415 | nfsd4_init_recdir(char *rec_dirname) |
403 | { | 416 | { |
404 | uid_t uid = 0; | 417 | const struct cred *original_cred; |
405 | gid_t gid = 0; | 418 | int status; |
406 | int status; | ||
407 | 419 | ||
408 | printk("NFSD: Using %s as the NFSv4 state recovery directory\n", | 420 | printk("NFSD: Using %s as the NFSv4 state recovery directory\n", |
409 | rec_dirname); | 421 | rec_dirname); |
410 | 422 | ||
411 | BUG_ON(rec_dir_init); | 423 | BUG_ON(rec_dir_init); |
412 | 424 | ||
413 | nfs4_save_user(&uid, &gid); | 425 | status = nfs4_save_creds(&original_cred); |
426 | if (status < 0) { | ||
427 | printk("NFSD: Unable to change credentials to find recovery" | ||
428 | " directory: error %d\n", | ||
429 | status); | ||
430 | return; | ||
431 | } | ||
414 | 432 | ||
415 | status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, | 433 | status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
416 | &rec_dir); | 434 | &rec_dir); |
@@ -420,7 +438,7 @@ nfsd4_init_recdir(char *rec_dirname) | |||
420 | 438 | ||
421 | if (!status) | 439 | if (!status) |
422 | rec_dir_init = 1; | 440 | rec_dir_init = 1; |
423 | nfs4_reset_user(uid, gid); | 441 | nfs4_reset_creds(original_cred); |
424 | } | 442 | } |
425 | 443 | ||
426 | void | 444 | void |
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index cd25d91895a1..f0da7d9c3a92 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
@@ -186,9 +186,14 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) | |||
186 | * access control settings being in effect, we cannot | 186 | * access control settings being in effect, we cannot |
187 | * fix that case easily. | 187 | * fix that case easily. |
188 | */ | 188 | */ |
189 | current->cap_effective = | 189 | struct cred *new = prepare_creds(); |
190 | cap_raise_nfsd_set(current->cap_effective, | 190 | if (!new) |
191 | current->cap_permitted); | 191 | return nfserrno(-ENOMEM); |
192 | new->cap_effective = | ||
193 | cap_raise_nfsd_set(new->cap_effective, | ||
194 | new->cap_permitted); | ||
195 | put_cred(override_creds(new)); | ||
196 | put_cred(new); | ||
192 | } else { | 197 | } else { |
193 | error = nfsd_setuser_and_check_port(rqstp, exp); | 198 | error = nfsd_setuser_and_check_port(rqstp, exp); |
194 | if (error) | 199 | if (error) |
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 4433c8f00163..d1c5f787b365 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c | |||
@@ -671,6 +671,7 @@ __be32 | |||
671 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | 671 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, |
672 | int access, struct file **filp) | 672 | int access, struct file **filp) |
673 | { | 673 | { |
674 | const struct cred *cred = current_cred(); | ||
674 | struct dentry *dentry; | 675 | struct dentry *dentry; |
675 | struct inode *inode; | 676 | struct inode *inode; |
676 | int flags = O_RDONLY|O_LARGEFILE; | 677 | int flags = O_RDONLY|O_LARGEFILE; |
@@ -725,7 +726,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | |||
725 | DQUOT_INIT(inode); | 726 | DQUOT_INIT(inode); |
726 | } | 727 | } |
727 | *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), | 728 | *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), |
728 | flags); | 729 | flags, cred); |
729 | if (IS_ERR(*filp)) | 730 | if (IS_ERR(*filp)) |
730 | host_err = PTR_ERR(*filp); | 731 | host_err = PTR_ERR(*filp); |
731 | out_nfserr: | 732 | out_nfserr: |
@@ -1169,7 +1170,7 @@ nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp, | |||
1169 | * send along the gid on create when it tries to implement | 1170 | * send along the gid on create when it tries to implement |
1170 | * setgid directories via NFS: | 1171 | * setgid directories via NFS: |
1171 | */ | 1172 | */ |
1172 | if (current->fsuid != 0) | 1173 | if (current_fsuid() != 0) |
1173 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); | 1174 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); |
1174 | if (iap->ia_valid) | 1175 | if (iap->ia_valid) |
1175 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); | 1176 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); |
@@ -2001,7 +2002,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, | |||
2001 | IS_APPEND(inode)? " append" : "", | 2002 | IS_APPEND(inode)? " append" : "", |
2002 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); | 2003 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); |
2003 | dprintk(" owner %d/%d user %d/%d\n", | 2004 | dprintk(" owner %d/%d user %d/%d\n", |
2004 | inode->i_uid, inode->i_gid, current->fsuid, current->fsgid); | 2005 | inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid()); |
2005 | #endif | 2006 | #endif |
2006 | 2007 | ||
2007 | /* Normally we reject any write/sattr etc access on a read-only file | 2008 | /* Normally we reject any write/sattr etc access on a read-only file |
@@ -2044,7 +2045,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, | |||
2044 | * with NFSv3. | 2045 | * with NFSv3. |
2045 | */ | 2046 | */ |
2046 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && | 2047 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && |
2047 | inode->i_uid == current->fsuid) | 2048 | inode->i_uid == current_fsuid()) |
2048 | return 0; | 2049 | return 0; |
2049 | 2050 | ||
2050 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ | 2051 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ |
diff --git a/fs/ocfs2/dlm/dlmfs.c b/fs/ocfs2/dlm/dlmfs.c index ba962d71b34d..6f7a77d54020 100644 --- a/fs/ocfs2/dlm/dlmfs.c +++ b/fs/ocfs2/dlm/dlmfs.c | |||
@@ -339,8 +339,8 @@ static struct inode *dlmfs_get_root_inode(struct super_block *sb) | |||
339 | ip = DLMFS_I(inode); | 339 | ip = DLMFS_I(inode); |
340 | 340 | ||
341 | inode->i_mode = mode; | 341 | inode->i_mode = mode; |
342 | inode->i_uid = current->fsuid; | 342 | inode->i_uid = current_fsuid(); |
343 | inode->i_gid = current->fsgid; | 343 | inode->i_gid = current_fsgid(); |
344 | inode->i_blocks = 0; | 344 | inode->i_blocks = 0; |
345 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; | 345 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; |
346 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 346 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
@@ -365,8 +365,8 @@ static struct inode *dlmfs_get_inode(struct inode *parent, | |||
365 | return NULL; | 365 | return NULL; |
366 | 366 | ||
367 | inode->i_mode = mode; | 367 | inode->i_mode = mode; |
368 | inode->i_uid = current->fsuid; | 368 | inode->i_uid = current_fsuid(); |
369 | inode->i_gid = current->fsgid; | 369 | inode->i_gid = current_fsgid(); |
370 | inode->i_blocks = 0; | 370 | inode->i_blocks = 0; |
371 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; | 371 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; |
372 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 372 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index f4967e634ffd..2545e7402efe 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c | |||
@@ -421,13 +421,13 @@ static int ocfs2_mknod_locked(struct ocfs2_super *osb, | |||
421 | fe->i_blkno = cpu_to_le64(fe_blkno); | 421 | fe->i_blkno = cpu_to_le64(fe_blkno); |
422 | fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); | 422 | fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); |
423 | fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); | 423 | fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); |
424 | fe->i_uid = cpu_to_le32(current->fsuid); | 424 | fe->i_uid = cpu_to_le32(current_fsuid()); |
425 | if (dir->i_mode & S_ISGID) { | 425 | if (dir->i_mode & S_ISGID) { |
426 | fe->i_gid = cpu_to_le32(dir->i_gid); | 426 | fe->i_gid = cpu_to_le32(dir->i_gid); |
427 | if (S_ISDIR(mode)) | 427 | if (S_ISDIR(mode)) |
428 | mode |= S_ISGID; | 428 | mode |= S_ISGID; |
429 | } else | 429 | } else |
430 | fe->i_gid = cpu_to_le32(current->fsgid); | 430 | fe->i_gid = cpu_to_le32(current_fsgid()); |
431 | fe->i_mode = cpu_to_le16(mode); | 431 | fe->i_mode = cpu_to_le16(mode); |
432 | if (S_ISCHR(mode) || S_ISBLK(mode)) | 432 | if (S_ISCHR(mode) || S_ISBLK(mode)) |
433 | fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); | 433 | fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); |
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index cbf047a847c5..6afe57c84f84 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c | |||
@@ -37,8 +37,8 @@ struct inode *omfs_new_inode(struct inode *dir, int mode) | |||
37 | 37 | ||
38 | inode->i_ino = new_block; | 38 | inode->i_ino = new_block; |
39 | inode->i_mode = mode; | 39 | inode->i_mode = mode; |
40 | inode->i_uid = current->fsuid; | 40 | inode->i_uid = current_fsuid(); |
41 | inode->i_gid = current->fsgid; | 41 | inode->i_gid = current_fsgid(); |
42 | inode->i_blocks = 0; | 42 | inode->i_blocks = 0; |
43 | inode->i_mapping->a_ops = &omfs_aops; | 43 | inode->i_mapping->a_ops = &omfs_aops; |
44 | 44 | ||
@@ -420,8 +420,8 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) | |||
420 | 420 | ||
421 | sb->s_fs_info = sbi; | 421 | sb->s_fs_info = sbi; |
422 | 422 | ||
423 | sbi->s_uid = current->uid; | 423 | sbi->s_uid = current_uid(); |
424 | sbi->s_gid = current->gid; | 424 | sbi->s_gid = current_gid(); |
425 | sbi->s_dmask = sbi->s_fmask = current->fs->umask; | 425 | sbi->s_dmask = sbi->s_fmask = current->fs->umask; |
426 | 426 | ||
427 | if (!parse_options((char *) data, sbi)) | 427 | if (!parse_options((char *) data, sbi)) |
@@ -425,39 +425,33 @@ out: | |||
425 | */ | 425 | */ |
426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | 426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) |
427 | { | 427 | { |
428 | const struct cred *old_cred; | ||
429 | struct cred *override_cred; | ||
428 | struct path path; | 430 | struct path path; |
429 | struct inode *inode; | 431 | struct inode *inode; |
430 | int old_fsuid, old_fsgid; | ||
431 | kernel_cap_t uninitialized_var(old_cap); /* !SECURE_NO_SETUID_FIXUP */ | ||
432 | int res; | 432 | int res; |
433 | 433 | ||
434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ | 434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
435 | return -EINVAL; | 435 | return -EINVAL; |
436 | 436 | ||
437 | old_fsuid = current->fsuid; | 437 | override_cred = prepare_creds(); |
438 | old_fsgid = current->fsgid; | 438 | if (!override_cred) |
439 | return -ENOMEM; | ||
439 | 440 | ||
440 | current->fsuid = current->uid; | 441 | override_cred->fsuid = override_cred->uid; |
441 | current->fsgid = current->gid; | 442 | override_cred->fsgid = override_cred->gid; |
442 | 443 | ||
443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 444 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
444 | /* | 445 | /* Clear the capabilities if we switch to a non-root user */ |
445 | * Clear the capabilities if we switch to a non-root user | 446 | if (override_cred->uid) |
446 | */ | 447 | cap_clear(override_cred->cap_effective); |
447 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
448 | /* | ||
449 | * FIXME: There is a race here against sys_capset. The | ||
450 | * capabilities can change yet we will restore the old | ||
451 | * value below. We should hold task_capabilities_lock, | ||
452 | * but we cannot because user_path_at can sleep. | ||
453 | */ | ||
454 | #endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
455 | if (current->uid) | ||
456 | old_cap = cap_set_effective(__cap_empty_set); | ||
457 | else | 448 | else |
458 | old_cap = cap_set_effective(current->cap_permitted); | 449 | override_cred->cap_effective = |
450 | override_cred->cap_permitted; | ||
459 | } | 451 | } |
460 | 452 | ||
453 | old_cred = override_creds(override_cred); | ||
454 | |||
461 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); | 455 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
462 | if (res) | 456 | if (res) |
463 | goto out; | 457 | goto out; |
@@ -494,12 +488,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
494 | out_path_release: | 488 | out_path_release: |
495 | path_put(&path); | 489 | path_put(&path); |
496 | out: | 490 | out: |
497 | current->fsuid = old_fsuid; | 491 | revert_creds(old_cred); |
498 | current->fsgid = old_fsgid; | 492 | put_cred(override_cred); |
499 | |||
500 | if (!issecure(SECURE_NO_SETUID_FIXUP)) | ||
501 | cap_set_effective(old_cap); | ||
502 | |||
503 | return res; | 493 | return res; |
504 | } | 494 | } |
505 | 495 | ||
@@ -792,7 +782,8 @@ static inline int __get_file_write_access(struct inode *inode, | |||
792 | 782 | ||
793 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | 783 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, |
794 | int flags, struct file *f, | 784 | int flags, struct file *f, |
795 | int (*open)(struct inode *, struct file *)) | 785 | int (*open)(struct inode *, struct file *), |
786 | const struct cred *cred) | ||
796 | { | 787 | { |
797 | struct inode *inode; | 788 | struct inode *inode; |
798 | int error; | 789 | int error; |
@@ -816,7 +807,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | |||
816 | f->f_op = fops_get(inode->i_fop); | 807 | f->f_op = fops_get(inode->i_fop); |
817 | file_move(f, &inode->i_sb->s_files); | 808 | file_move(f, &inode->i_sb->s_files); |
818 | 809 | ||
819 | error = security_dentry_open(f); | 810 | error = security_dentry_open(f, cred); |
820 | if (error) | 811 | if (error) |
821 | goto cleanup_all; | 812 | goto cleanup_all; |
822 | 813 | ||
@@ -891,6 +882,8 @@ cleanup_file: | |||
891 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, | 882 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, |
892 | int (*open)(struct inode *, struct file *)) | 883 | int (*open)(struct inode *, struct file *)) |
893 | { | 884 | { |
885 | const struct cred *cred = current_cred(); | ||
886 | |||
894 | if (IS_ERR(nd->intent.open.file)) | 887 | if (IS_ERR(nd->intent.open.file)) |
895 | goto out; | 888 | goto out; |
896 | if (IS_ERR(dentry)) | 889 | if (IS_ERR(dentry)) |
@@ -898,7 +891,7 @@ struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry | |||
898 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), | 891 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), |
899 | nd->intent.open.flags - 1, | 892 | nd->intent.open.flags - 1, |
900 | nd->intent.open.file, | 893 | nd->intent.open.file, |
901 | open); | 894 | open, cred); |
902 | out: | 895 | out: |
903 | return nd->intent.open.file; | 896 | return nd->intent.open.file; |
904 | out_err: | 897 | out_err: |
@@ -917,6 +910,7 @@ EXPORT_SYMBOL_GPL(lookup_instantiate_filp); | |||
917 | */ | 910 | */ |
918 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) | 911 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) |
919 | { | 912 | { |
913 | const struct cred *cred = current_cred(); | ||
920 | struct file *filp; | 914 | struct file *filp; |
921 | 915 | ||
922 | /* Pick up the filp from the open intent */ | 916 | /* Pick up the filp from the open intent */ |
@@ -924,7 +918,7 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
924 | /* Has the filesystem initialised the file for us? */ | 918 | /* Has the filesystem initialised the file for us? */ |
925 | if (filp->f_path.dentry == NULL) | 919 | if (filp->f_path.dentry == NULL) |
926 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, | 920 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, |
927 | NULL); | 921 | NULL, cred); |
928 | else | 922 | else |
929 | path_put(&nd->path); | 923 | path_put(&nd->path); |
930 | return filp; | 924 | return filp; |
@@ -934,7 +928,8 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
934 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an | 928 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an |
935 | * error. | 929 | * error. |
936 | */ | 930 | */ |
937 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | 931 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags, |
932 | const struct cred *cred) | ||
938 | { | 933 | { |
939 | int error; | 934 | int error; |
940 | struct file *f; | 935 | struct file *f; |
@@ -959,7 +954,7 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | |||
959 | return ERR_PTR(error); | 954 | return ERR_PTR(error); |
960 | } | 955 | } |
961 | 956 | ||
962 | return __dentry_open(dentry, mnt, flags, f, NULL); | 957 | return __dentry_open(dentry, mnt, flags, f, NULL, cred); |
963 | } | 958 | } |
964 | EXPORT_SYMBOL(dentry_open); | 959 | EXPORT_SYMBOL(dentry_open); |
965 | 960 | ||
@@ -899,8 +899,8 @@ static struct inode * get_pipe_inode(void) | |||
899 | */ | 899 | */ |
900 | inode->i_state = I_DIRTY; | 900 | inode->i_state = I_DIRTY; |
901 | inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; | 901 | inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; |
902 | inode->i_uid = current->fsuid; | 902 | inode->i_uid = current_fsuid(); |
903 | inode->i_gid = current->fsgid; | 903 | inode->i_gid = current_fsgid(); |
904 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 904 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
905 | 905 | ||
906 | return inode; | 906 | return inode; |
diff --git a/fs/posix_acl.c b/fs/posix_acl.c index aec931e09973..39df95a0ec25 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c | |||
@@ -217,11 +217,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) | |||
217 | switch(pa->e_tag) { | 217 | switch(pa->e_tag) { |
218 | case ACL_USER_OBJ: | 218 | case ACL_USER_OBJ: |
219 | /* (May have been checked already) */ | 219 | /* (May have been checked already) */ |
220 | if (inode->i_uid == current->fsuid) | 220 | if (inode->i_uid == current_fsuid()) |
221 | goto check_perm; | 221 | goto check_perm; |
222 | break; | 222 | break; |
223 | case ACL_USER: | 223 | case ACL_USER: |
224 | if (pa->e_id == current->fsuid) | 224 | if (pa->e_id == current_fsuid()) |
225 | goto mask; | 225 | goto mask; |
226 | break; | 226 | break; |
227 | case ACL_GROUP_OBJ: | 227 | case ACL_GROUP_OBJ: |
diff --git a/fs/proc/array.c b/fs/proc/array.c index 6af7fba7abb1..7e4877d9dcb5 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
@@ -159,6 +159,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
159 | struct group_info *group_info; | 159 | struct group_info *group_info; |
160 | int g; | 160 | int g; |
161 | struct fdtable *fdt = NULL; | 161 | struct fdtable *fdt = NULL; |
162 | const struct cred *cred; | ||
162 | pid_t ppid, tpid; | 163 | pid_t ppid, tpid; |
163 | 164 | ||
164 | rcu_read_lock(); | 165 | rcu_read_lock(); |
@@ -170,6 +171,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
170 | if (tracer) | 171 | if (tracer) |
171 | tpid = task_pid_nr_ns(tracer, ns); | 172 | tpid = task_pid_nr_ns(tracer, ns); |
172 | } | 173 | } |
174 | cred = get_cred((struct cred *) __task_cred(p)); | ||
173 | seq_printf(m, | 175 | seq_printf(m, |
174 | "State:\t%s\n" | 176 | "State:\t%s\n" |
175 | "Tgid:\t%d\n" | 177 | "Tgid:\t%d\n" |
@@ -182,8 +184,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
182 | task_tgid_nr_ns(p, ns), | 184 | task_tgid_nr_ns(p, ns), |
183 | pid_nr_ns(pid, ns), | 185 | pid_nr_ns(pid, ns), |
184 | ppid, tpid, | 186 | ppid, tpid, |
185 | p->uid, p->euid, p->suid, p->fsuid, | 187 | cred->uid, cred->euid, cred->suid, cred->fsuid, |
186 | p->gid, p->egid, p->sgid, p->fsgid); | 188 | cred->gid, cred->egid, cred->sgid, cred->fsgid); |
187 | 189 | ||
188 | task_lock(p); | 190 | task_lock(p); |
189 | if (p->files) | 191 | if (p->files) |
@@ -194,13 +196,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
194 | fdt ? fdt->max_fds : 0); | 196 | fdt ? fdt->max_fds : 0); |
195 | rcu_read_unlock(); | 197 | rcu_read_unlock(); |
196 | 198 | ||
197 | group_info = p->group_info; | 199 | group_info = cred->group_info; |
198 | get_group_info(group_info); | ||
199 | task_unlock(p); | 200 | task_unlock(p); |
200 | 201 | ||
201 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) | 202 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) |
202 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); | 203 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); |
203 | put_group_info(group_info); | 204 | put_cred(cred); |
204 | 205 | ||
205 | seq_printf(m, "\n"); | 206 | seq_printf(m, "\n"); |
206 | } | 207 | } |
@@ -262,7 +263,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) | |||
262 | blocked = p->blocked; | 263 | blocked = p->blocked; |
263 | collect_sigign_sigcatch(p, &ignored, &caught); | 264 | collect_sigign_sigcatch(p, &ignored, &caught); |
264 | num_threads = atomic_read(&p->signal->count); | 265 | num_threads = atomic_read(&p->signal->count); |
265 | qsize = atomic_read(&p->user->sigpending); | 266 | qsize = atomic_read(&__task_cred(p)->user->sigpending); |
266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; | 267 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
267 | unlock_task_sighand(p, &flags); | 268 | unlock_task_sighand(p, &flags); |
268 | } | 269 | } |
@@ -293,10 +294,21 @@ static void render_cap_t(struct seq_file *m, const char *header, | |||
293 | 294 | ||
294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) | 295 | static inline void task_cap(struct seq_file *m, struct task_struct *p) |
295 | { | 296 | { |
296 | render_cap_t(m, "CapInh:\t", &p->cap_inheritable); | 297 | const struct cred *cred; |
297 | render_cap_t(m, "CapPrm:\t", &p->cap_permitted); | 298 | kernel_cap_t cap_inheritable, cap_permitted, cap_effective, cap_bset; |
298 | render_cap_t(m, "CapEff:\t", &p->cap_effective); | 299 | |
299 | render_cap_t(m, "CapBnd:\t", &p->cap_bset); | 300 | rcu_read_lock(); |
301 | cred = __task_cred(p); | ||
302 | cap_inheritable = cred->cap_inheritable; | ||
303 | cap_permitted = cred->cap_permitted; | ||
304 | cap_effective = cred->cap_effective; | ||
305 | cap_bset = cred->cap_bset; | ||
306 | rcu_read_unlock(); | ||
307 | |||
308 | render_cap_t(m, "CapInh:\t", &cap_inheritable); | ||
309 | render_cap_t(m, "CapPrm:\t", &cap_permitted); | ||
310 | render_cap_t(m, "CapEff:\t", &cap_effective); | ||
311 | render_cap_t(m, "CapBnd:\t", &cap_bset); | ||
300 | } | 312 | } |
301 | 313 | ||
302 | static inline void task_context_switch_counts(struct seq_file *m, | 314 | static inline void task_context_switch_counts(struct seq_file *m, |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 486cf3fe7139..cf42c42cbfbb 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -1406,6 +1406,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1406 | { | 1406 | { |
1407 | struct inode * inode; | 1407 | struct inode * inode; |
1408 | struct proc_inode *ei; | 1408 | struct proc_inode *ei; |
1409 | const struct cred *cred; | ||
1409 | 1410 | ||
1410 | /* We need a new inode */ | 1411 | /* We need a new inode */ |
1411 | 1412 | ||
@@ -1428,8 +1429,11 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1428 | inode->i_uid = 0; | 1429 | inode->i_uid = 0; |
1429 | inode->i_gid = 0; | 1430 | inode->i_gid = 0; |
1430 | if (task_dumpable(task)) { | 1431 | if (task_dumpable(task)) { |
1431 | inode->i_uid = task->euid; | 1432 | rcu_read_lock(); |
1432 | inode->i_gid = task->egid; | 1433 | cred = __task_cred(task); |
1434 | inode->i_uid = cred->euid; | ||
1435 | inode->i_gid = cred->egid; | ||
1436 | rcu_read_unlock(); | ||
1433 | } | 1437 | } |
1434 | security_task_to_inode(task, inode); | 1438 | security_task_to_inode(task, inode); |
1435 | 1439 | ||
@@ -1445,6 +1449,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1445 | { | 1449 | { |
1446 | struct inode *inode = dentry->d_inode; | 1450 | struct inode *inode = dentry->d_inode; |
1447 | struct task_struct *task; | 1451 | struct task_struct *task; |
1452 | const struct cred *cred; | ||
1453 | |||
1448 | generic_fillattr(inode, stat); | 1454 | generic_fillattr(inode, stat); |
1449 | 1455 | ||
1450 | rcu_read_lock(); | 1456 | rcu_read_lock(); |
@@ -1454,8 +1460,9 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1454 | if (task) { | 1460 | if (task) { |
1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1461 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1456 | task_dumpable(task)) { | 1462 | task_dumpable(task)) { |
1457 | stat->uid = task->euid; | 1463 | cred = __task_cred(task); |
1458 | stat->gid = task->egid; | 1464 | stat->uid = cred->euid; |
1465 | stat->gid = cred->egid; | ||
1459 | } | 1466 | } |
1460 | } | 1467 | } |
1461 | rcu_read_unlock(); | 1468 | rcu_read_unlock(); |
@@ -1483,11 +1490,16 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1483 | { | 1490 | { |
1484 | struct inode *inode = dentry->d_inode; | 1491 | struct inode *inode = dentry->d_inode; |
1485 | struct task_struct *task = get_proc_task(inode); | 1492 | struct task_struct *task = get_proc_task(inode); |
1493 | const struct cred *cred; | ||
1494 | |||
1486 | if (task) { | 1495 | if (task) { |
1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1496 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1488 | task_dumpable(task)) { | 1497 | task_dumpable(task)) { |
1489 | inode->i_uid = task->euid; | 1498 | rcu_read_lock(); |
1490 | inode->i_gid = task->egid; | 1499 | cred = __task_cred(task); |
1500 | inode->i_uid = cred->euid; | ||
1501 | inode->i_gid = cred->egid; | ||
1502 | rcu_read_unlock(); | ||
1491 | } else { | 1503 | } else { |
1492 | inode->i_uid = 0; | 1504 | inode->i_uid = 0; |
1493 | inode->i_gid = 0; | 1505 | inode->i_gid = 0; |
@@ -1649,6 +1661,7 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1649 | struct task_struct *task = get_proc_task(inode); | 1661 | struct task_struct *task = get_proc_task(inode); |
1650 | int fd = proc_fd(inode); | 1662 | int fd = proc_fd(inode); |
1651 | struct files_struct *files; | 1663 | struct files_struct *files; |
1664 | const struct cred *cred; | ||
1652 | 1665 | ||
1653 | if (task) { | 1666 | if (task) { |
1654 | files = get_files_struct(task); | 1667 | files = get_files_struct(task); |
@@ -1658,8 +1671,11 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1658 | rcu_read_unlock(); | 1671 | rcu_read_unlock(); |
1659 | put_files_struct(files); | 1672 | put_files_struct(files); |
1660 | if (task_dumpable(task)) { | 1673 | if (task_dumpable(task)) { |
1661 | inode->i_uid = task->euid; | 1674 | rcu_read_lock(); |
1662 | inode->i_gid = task->egid; | 1675 | cred = __task_cred(task); |
1676 | inode->i_uid = cred->euid; | ||
1677 | inode->i_gid = cred->egid; | ||
1678 | rcu_read_unlock(); | ||
1663 | } else { | 1679 | } else { |
1664 | inode->i_uid = 0; | 1680 | inode->i_uid = 0; |
1665 | inode->i_gid = 0; | 1681 | inode->i_gid = 0; |
diff --git a/fs/quota.c b/fs/quota.c index 7f4386ebc23a..b7fe44e01618 100644 --- a/fs/quota.c +++ b/fs/quota.c | |||
@@ -79,7 +79,7 @@ static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, qid | |||
79 | 79 | ||
80 | /* Check privileges */ | 80 | /* Check privileges */ |
81 | if (cmd == Q_GETQUOTA) { | 81 | if (cmd == Q_GETQUOTA) { |
82 | if (((type == USRQUOTA && current->euid != id) || | 82 | if (((type == USRQUOTA && current_euid() != id) || |
83 | (type == GRPQUOTA && !in_egroup_p(id))) && | 83 | (type == GRPQUOTA && !in_egroup_p(id))) && |
84 | !capable(CAP_SYS_ADMIN)) | 84 | !capable(CAP_SYS_ADMIN)) |
85 | return -EPERM; | 85 | return -EPERM; |
@@ -130,7 +130,7 @@ static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t i | |||
130 | 130 | ||
131 | /* Check privileges */ | 131 | /* Check privileges */ |
132 | if (cmd == Q_XGETQUOTA) { | 132 | if (cmd == Q_XGETQUOTA) { |
133 | if (((type == XQM_USRQUOTA && current->euid != id) || | 133 | if (((type == XQM_USRQUOTA && current_euid() != id) || |
134 | (type == XQM_GRPQUOTA && !in_egroup_p(id))) && | 134 | (type == XQM_GRPQUOTA && !in_egroup_p(id))) && |
135 | !capable(CAP_SYS_ADMIN)) | 135 | !capable(CAP_SYS_ADMIN)) |
136 | return -EPERM; | 136 | return -EPERM; |
diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c index f031d1c925f0..a83a3518ae33 100644 --- a/fs/ramfs/inode.c +++ b/fs/ramfs/inode.c | |||
@@ -55,8 +55,8 @@ struct inode *ramfs_get_inode(struct super_block *sb, int mode, dev_t dev) | |||
55 | 55 | ||
56 | if (inode) { | 56 | if (inode) { |
57 | inode->i_mode = mode; | 57 | inode->i_mode = mode; |
58 | inode->i_uid = current->fsuid; | 58 | inode->i_uid = current_fsuid(); |
59 | inode->i_gid = current->fsgid; | 59 | inode->i_gid = current_fsgid(); |
60 | inode->i_blocks = 0; | 60 | inode->i_blocks = 0; |
61 | inode->i_mapping->a_ops = &ramfs_aops; | 61 | inode->i_mapping->a_ops = &ramfs_aops; |
62 | inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info; | 62 | inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info; |
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c index f89ebb943f3f..4f322e5ed840 100644 --- a/fs/reiserfs/namei.c +++ b/fs/reiserfs/namei.c | |||
@@ -573,7 +573,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode) | |||
573 | /* the quota init calls have to know who to charge the quota to, so | 573 | /* the quota init calls have to know who to charge the quota to, so |
574 | ** we have to set uid and gid here | 574 | ** we have to set uid and gid here |
575 | */ | 575 | */ |
576 | inode->i_uid = current->fsuid; | 576 | inode->i_uid = current_fsuid(); |
577 | inode->i_mode = mode; | 577 | inode->i_mode = mode; |
578 | /* Make inode invalid - just in case we are going to drop it before | 578 | /* Make inode invalid - just in case we are going to drop it before |
579 | * the initialization happens */ | 579 | * the initialization happens */ |
@@ -584,7 +584,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode) | |||
584 | if (S_ISDIR(mode)) | 584 | if (S_ISDIR(mode)) |
585 | inode->i_mode |= S_ISGID; | 585 | inode->i_mode |= S_ISGID; |
586 | } else { | 586 | } else { |
587 | inode->i_gid = current->fsgid; | 587 | inode->i_gid = current_fsgid(); |
588 | } | 588 | } |
589 | DQUOT_INIT(inode); | 589 | DQUOT_INIT(inode); |
590 | return 0; | 590 | return 0; |
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c index 48da4fa6b7d4..e7ddd0328ddc 100644 --- a/fs/smbfs/dir.c +++ b/fs/smbfs/dir.c | |||
@@ -667,8 +667,7 @@ smb_make_node(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | |||
667 | 667 | ||
668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; | 668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; |
669 | attr.ia_mode = mode; | 669 | attr.ia_mode = mode; |
670 | attr.ia_uid = current->euid; | 670 | current_euid_egid(&attr.ia_uid, &attr.ia_gid); |
671 | attr.ia_gid = current->egid; | ||
672 | 671 | ||
673 | if (!new_valid_dev(dev)) | 672 | if (!new_valid_dev(dev)) |
674 | return -EINVAL; | 673 | return -EINVAL; |
diff --git a/fs/smbfs/inode.c b/fs/smbfs/inode.c index 3528f40ffb0f..fc27fbfc5397 100644 --- a/fs/smbfs/inode.c +++ b/fs/smbfs/inode.c | |||
@@ -586,7 +586,7 @@ static int smb_fill_super(struct super_block *sb, void *raw_data, int silent) | |||
586 | if (parse_options(mnt, raw_data)) | 586 | if (parse_options(mnt, raw_data)) |
587 | goto out_bad_option; | 587 | goto out_bad_option; |
588 | } | 588 | } |
589 | mnt->mounted_uid = current->uid; | 589 | mnt->mounted_uid = current_uid(); |
590 | smb_setcodepage(server, &mnt->codepage); | 590 | smb_setcodepage(server, &mnt->codepage); |
591 | 591 | ||
592 | /* | 592 | /* |
diff --git a/fs/smbfs/proc.c b/fs/smbfs/proc.c index ee536e8a649a..9468168b9af5 100644 --- a/fs/smbfs/proc.c +++ b/fs/smbfs/proc.c | |||
@@ -864,7 +864,7 @@ smb_newconn(struct smb_sb_info *server, struct smb_conn_opt *opt) | |||
864 | goto out; | 864 | goto out; |
865 | 865 | ||
866 | error = -EACCES; | 866 | error = -EACCES; |
867 | if (current->uid != server->mnt->mounted_uid && | 867 | if (current_uid() != server->mnt->mounted_uid && |
868 | !capable(CAP_SYS_ADMIN)) | 868 | !capable(CAP_SYS_ADMIN)) |
869 | goto out; | 869 | goto out; |
870 | 870 | ||
diff --git a/fs/sysv/ialloc.c b/fs/sysv/ialloc.c index 115ab0d6f4bc..241e9765cfad 100644 --- a/fs/sysv/ialloc.c +++ b/fs/sysv/ialloc.c | |||
@@ -165,9 +165,9 @@ struct inode * sysv_new_inode(const struct inode * dir, mode_t mode) | |||
165 | if (S_ISDIR(mode)) | 165 | if (S_ISDIR(mode)) |
166 | mode |= S_ISGID; | 166 | mode |= S_ISGID; |
167 | } else | 167 | } else |
168 | inode->i_gid = current->fsgid; | 168 | inode->i_gid = current_fsgid(); |
169 | 169 | ||
170 | inode->i_uid = current->fsuid; | 170 | inode->i_uid = current_fsuid(); |
171 | inode->i_ino = fs16_to_cpu(sbi, ino); | 171 | inode->i_ino = fs16_to_cpu(sbi, ino); |
172 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 172 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
173 | inode->i_blocks = 0; | 173 | inode->i_blocks = 0; |
diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c index 1a4973e10664..4a18f084cc42 100644 --- a/fs/ubifs/budget.c +++ b/fs/ubifs/budget.c | |||
@@ -363,7 +363,7 @@ long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs) | |||
363 | */ | 363 | */ |
364 | static int can_use_rp(struct ubifs_info *c) | 364 | static int can_use_rp(struct ubifs_info *c) |
365 | { | 365 | { |
366 | if (current->fsuid == c->rp_uid || capable(CAP_SYS_RESOURCE) || | 366 | if (current_fsuid() == c->rp_uid || capable(CAP_SYS_RESOURCE) || |
367 | (c->rp_gid != 0 && in_group_p(c->rp_gid))) | 367 | (c->rp_gid != 0 && in_group_p(c->rp_gid))) |
368 | return 1; | 368 | return 1; |
369 | return 0; | 369 | return 0; |
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 0422c98e1793..f448ab1f9c38 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c | |||
@@ -104,13 +104,13 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, const struct inode *dir, | |||
104 | */ | 104 | */ |
105 | inode->i_flags |= (S_NOCMTIME); | 105 | inode->i_flags |= (S_NOCMTIME); |
106 | 106 | ||
107 | inode->i_uid = current->fsuid; | 107 | inode->i_uid = current_fsuid(); |
108 | if (dir->i_mode & S_ISGID) { | 108 | if (dir->i_mode & S_ISGID) { |
109 | inode->i_gid = dir->i_gid; | 109 | inode->i_gid = dir->i_gid; |
110 | if (S_ISDIR(mode)) | 110 | if (S_ISDIR(mode)) |
111 | mode |= S_ISGID; | 111 | mode |= S_ISGID; |
112 | } else | 112 | } else |
113 | inode->i_gid = current->fsgid; | 113 | inode->i_gid = current_fsgid(); |
114 | inode->i_mode = mode; | 114 | inode->i_mode = mode; |
115 | inode->i_mtime = inode->i_atime = inode->i_ctime = | 115 | inode->i_mtime = inode->i_atime = inode->i_ctime = |
116 | ubifs_current_time(inode); | 116 | ubifs_current_time(inode); |
diff --git a/fs/udf/ialloc.c b/fs/udf/ialloc.c index a4f2b3ce45b0..31fc84297ddb 100644 --- a/fs/udf/ialloc.c +++ b/fs/udf/ialloc.c | |||
@@ -126,13 +126,13 @@ struct inode *udf_new_inode(struct inode *dir, int mode, int *err) | |||
126 | } | 126 | } |
127 | mutex_unlock(&sbi->s_alloc_mutex); | 127 | mutex_unlock(&sbi->s_alloc_mutex); |
128 | inode->i_mode = mode; | 128 | inode->i_mode = mode; |
129 | inode->i_uid = current->fsuid; | 129 | inode->i_uid = current_fsuid(); |
130 | if (dir->i_mode & S_ISGID) { | 130 | if (dir->i_mode & S_ISGID) { |
131 | inode->i_gid = dir->i_gid; | 131 | inode->i_gid = dir->i_gid; |
132 | if (S_ISDIR(mode)) | 132 | if (S_ISDIR(mode)) |
133 | mode |= S_ISGID; | 133 | mode |= S_ISGID; |
134 | } else { | 134 | } else { |
135 | inode->i_gid = current->fsgid; | 135 | inode->i_gid = current_fsgid(); |
136 | } | 136 | } |
137 | 137 | ||
138 | iinfo->i_location.logicalBlockNum = block; | 138 | iinfo->i_location.logicalBlockNum = block; |
diff --git a/fs/udf/namei.c b/fs/udf/namei.c index 082409cd4b8a..f84bfaa8d941 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c | |||
@@ -604,7 +604,7 @@ static int udf_mknod(struct inode *dir, struct dentry *dentry, int mode, | |||
604 | goto out; | 604 | goto out; |
605 | 605 | ||
606 | iinfo = UDF_I(inode); | 606 | iinfo = UDF_I(inode); |
607 | inode->i_uid = current->fsuid; | 607 | inode->i_uid = current_fsuid(); |
608 | init_special_inode(inode, mode, rdev); | 608 | init_special_inode(inode, mode, rdev); |
609 | fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); | 609 | fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); |
610 | if (!fi) { | 610 | if (!fi) { |
diff --git a/fs/ufs/ialloc.c b/fs/ufs/ialloc.c index ac181f6806a3..6f5dcf006096 100644 --- a/fs/ufs/ialloc.c +++ b/fs/ufs/ialloc.c | |||
@@ -304,13 +304,13 @@ cg_found: | |||
304 | 304 | ||
305 | inode->i_ino = cg * uspi->s_ipg + bit; | 305 | inode->i_ino = cg * uspi->s_ipg + bit; |
306 | inode->i_mode = mode; | 306 | inode->i_mode = mode; |
307 | inode->i_uid = current->fsuid; | 307 | inode->i_uid = current_fsuid(); |
308 | if (dir->i_mode & S_ISGID) { | 308 | if (dir->i_mode & S_ISGID) { |
309 | inode->i_gid = dir->i_gid; | 309 | inode->i_gid = dir->i_gid; |
310 | if (S_ISDIR(mode)) | 310 | if (S_ISDIR(mode)) |
311 | inode->i_mode |= S_ISGID; | 311 | inode->i_mode |= S_ISGID; |
312 | } else | 312 | } else |
313 | inode->i_gid = current->fsgid; | 313 | inode->i_gid = current_fsgid(); |
314 | 314 | ||
315 | inode->i_blocks = 0; | 315 | inode->i_blocks = 0; |
316 | inode->i_generation = 0; | 316 | inode->i_generation = 0; |
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h index 652721ce0ea5..8c022cd0ad67 100644 --- a/fs/xfs/linux-2.6/xfs_cred.h +++ b/fs/xfs/linux-2.6/xfs_cred.h | |||
@@ -23,11 +23,9 @@ | |||
23 | /* | 23 | /* |
24 | * Credentials | 24 | * Credentials |
25 | */ | 25 | */ |
26 | typedef struct cred { | 26 | typedef const struct cred cred_t; |
27 | /* EMPTY */ | ||
28 | } cred_t; | ||
29 | 27 | ||
30 | extern struct cred *sys_cred; | 28 | extern cred_t *sys_cred; |
31 | 29 | ||
32 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ | 30 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ |
33 | static inline int capable_cred(cred_t *cr, int cid) | 31 | static inline int capable_cred(cred_t *cr, int cid) |
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h index 2770b0085ee8..6eda8a3eb6f1 100644 --- a/fs/xfs/linux-2.6/xfs_globals.h +++ b/fs/xfs/linux-2.6/xfs_globals.h | |||
@@ -19,6 +19,6 @@ | |||
19 | #define __XFS_GLOBALS_H__ | 19 | #define __XFS_GLOBALS_H__ |
20 | 20 | ||
21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ | 21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ |
22 | extern struct cred *sys_cred; | 22 | extern cred_t *sys_cred; |
23 | 23 | ||
24 | #endif /* __XFS_GLOBALS_H__ */ | 24 | #endif /* __XFS_GLOBALS_H__ */ |
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c index d3438c72dcaf..281cbd5a25cf 100644 --- a/fs/xfs/linux-2.6/xfs_ioctl.c +++ b/fs/xfs/linux-2.6/xfs_ioctl.c | |||
@@ -256,6 +256,7 @@ xfs_open_by_handle( | |||
256 | struct file *parfilp, | 256 | struct file *parfilp, |
257 | struct inode *parinode) | 257 | struct inode *parinode) |
258 | { | 258 | { |
259 | const struct cred *cred = current_cred(); | ||
259 | int error; | 260 | int error; |
260 | int new_fd; | 261 | int new_fd; |
261 | int permflag; | 262 | int permflag; |
@@ -321,7 +322,7 @@ xfs_open_by_handle( | |||
321 | mntget(parfilp->f_path.mnt); | 322 | mntget(parfilp->f_path.mnt); |
322 | 323 | ||
323 | /* Create file pointer. */ | 324 | /* Create file pointer. */ |
324 | filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags); | 325 | filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags, cred); |
325 | if (IS_ERR(filp)) { | 326 | if (IS_ERR(filp)) { |
326 | put_unused_fd(new_fd); | 327 | put_unused_fd(new_fd); |
327 | return -XFS_ERROR(-PTR_ERR(filp)); | 328 | return -XFS_ERROR(-PTR_ERR(filp)); |
@@ -1007,7 +1008,7 @@ xfs_ioctl_setattr( | |||
1007 | * to the file owner ID, except in cases where the | 1008 | * to the file owner ID, except in cases where the |
1008 | * CAP_FSETID capability is applicable. | 1009 | * CAP_FSETID capability is applicable. |
1009 | */ | 1010 | */ |
1010 | if (current->fsuid != ip->i_d.di_uid && !capable(CAP_FOWNER)) { | 1011 | if (current_fsuid() != ip->i_d.di_uid && !capable(CAP_FOWNER)) { |
1011 | code = XFS_ERROR(EPERM); | 1012 | code = XFS_ERROR(EPERM); |
1012 | goto error_return; | 1013 | goto error_return; |
1013 | } | 1014 | } |
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c index b2f639a1416f..91d69338d3b2 100644 --- a/fs/xfs/xfs_acl.c +++ b/fs/xfs/xfs_acl.c | |||
@@ -366,7 +366,7 @@ xfs_acl_allow_set( | |||
366 | return ENOTDIR; | 366 | return ENOTDIR; |
367 | if (vp->i_sb->s_flags & MS_RDONLY) | 367 | if (vp->i_sb->s_flags & MS_RDONLY) |
368 | return EROFS; | 368 | return EROFS; |
369 | if (XFS_I(vp)->i_d.di_uid != current->fsuid && !capable(CAP_FOWNER)) | 369 | if (XFS_I(vp)->i_d.di_uid != current_fsuid() && !capable(CAP_FOWNER)) |
370 | return EPERM; | 370 | return EPERM; |
371 | return 0; | 371 | return 0; |
372 | } | 372 | } |
@@ -413,13 +413,13 @@ xfs_acl_access( | |||
413 | switch (fap->acl_entry[i].ae_tag) { | 413 | switch (fap->acl_entry[i].ae_tag) { |
414 | case ACL_USER_OBJ: | 414 | case ACL_USER_OBJ: |
415 | seen_userobj = 1; | 415 | seen_userobj = 1; |
416 | if (fuid != current->fsuid) | 416 | if (fuid != current_fsuid()) |
417 | continue; | 417 | continue; |
418 | matched.ae_tag = ACL_USER_OBJ; | 418 | matched.ae_tag = ACL_USER_OBJ; |
419 | matched.ae_perm = allows; | 419 | matched.ae_perm = allows; |
420 | break; | 420 | break; |
421 | case ACL_USER: | 421 | case ACL_USER: |
422 | if (fap->acl_entry[i].ae_id != current->fsuid) | 422 | if (fap->acl_entry[i].ae_id != current_fsuid()) |
423 | continue; | 423 | continue; |
424 | matched.ae_tag = ACL_USER; | 424 | matched.ae_tag = ACL_USER; |
425 | matched.ae_perm = allows; | 425 | matched.ae_perm = allows; |
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 1420c49674d7..6be310d41daf 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h | |||
@@ -497,7 +497,7 @@ int xfs_iread(struct xfs_mount *, struct xfs_trans *, xfs_ino_t, | |||
497 | xfs_inode_t **, xfs_daddr_t, uint); | 497 | xfs_inode_t **, xfs_daddr_t, uint); |
498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); | 498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); |
499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, | 499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, |
500 | xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t, | 500 | xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t, |
501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); | 501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); |
502 | void xfs_dinode_from_disk(struct xfs_icdinode *, | 502 | void xfs_dinode_from_disk(struct xfs_icdinode *, |
503 | struct xfs_dinode_core *); | 503 | struct xfs_dinode_core *); |
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h index e932a96bec54..7b0c2ab88333 100644 --- a/fs/xfs/xfs_vnodeops.h +++ b/fs/xfs/xfs_vnodeops.h | |||
@@ -16,7 +16,7 @@ struct xfs_iomap; | |||
16 | 16 | ||
17 | int xfs_open(struct xfs_inode *ip); | 17 | int xfs_open(struct xfs_inode *ip); |
18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, | 18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, |
19 | struct cred *credp); | 19 | cred_t *credp); |
20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ | 20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ |
21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ | 21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ |
22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ | 22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ |
@@ -28,24 +28,24 @@ int xfs_inactive(struct xfs_inode *ip); | |||
28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, | 28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, |
29 | struct xfs_inode **ipp, struct xfs_name *ci_name); | 29 | struct xfs_inode **ipp, struct xfs_name *ci_name); |
30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, | 30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, |
31 | xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp); | 31 | xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp); |
32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, | 32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, |
33 | struct xfs_inode *ip); | 33 | struct xfs_inode *ip); |
34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, | 34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, |
35 | struct xfs_name *target_name); | 35 | struct xfs_name *target_name); |
36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, | 36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, |
37 | mode_t mode, struct xfs_inode **ipp, struct cred *credp); | 37 | mode_t mode, struct xfs_inode **ipp, cred_t *credp); |
38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, | 38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, |
39 | xfs_off_t *offset, filldir_t filldir); | 39 | xfs_off_t *offset, filldir_t filldir); |
40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, | 40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, |
41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, | 41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, |
42 | struct cred *credp); | 42 | cred_t *credp); |
43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); | 43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); |
44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); | 44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); |
45 | int xfs_reclaim(struct xfs_inode *ip); | 45 | int xfs_reclaim(struct xfs_inode *ip); |
46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, | 46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, |
47 | xfs_flock64_t *bf, xfs_off_t offset, | 47 | xfs_flock64_t *bf, xfs_off_t offset, |
48 | struct cred *credp, int attr_flags); | 48 | cred_t *credp, int attr_flags); |
49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, | 49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, |
50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, | 50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, |
51 | struct xfs_name *target_name, struct xfs_inode *target_ip); | 51 | struct xfs_name *target_name, struct xfs_inode *target_ip); |
diff --git a/include/keys/keyring-type.h b/include/keys/keyring-type.h new file mode 100644 index 000000000000..843f872a4b63 --- /dev/null +++ b/include/keys/keyring-type.h | |||
@@ -0,0 +1,31 @@ | |||
1 | /* Keyring key type | ||
2 | * | ||
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _KEYS_KEYRING_TYPE_H | ||
13 | #define _KEYS_KEYRING_TYPE_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | #include <linux/rcupdate.h> | ||
17 | |||
18 | /* | ||
19 | * the keyring payload contains a list of the keys to which the keyring is | ||
20 | * subscribed | ||
21 | */ | ||
22 | struct keyring_list { | ||
23 | struct rcu_head rcu; /* RCU deletion hook */ | ||
24 | unsigned short maxkeys; /* max keys this list can hold */ | ||
25 | unsigned short nkeys; /* number of keys currently held */ | ||
26 | unsigned short delkey; /* key to be unlinked by RCU */ | ||
27 | struct key *keys[0]; | ||
28 | }; | ||
29 | |||
30 | |||
31 | #endif /* _KEYS_KEYRING_TYPE_H */ | ||
diff --git a/include/linux/audit.h b/include/linux/audit.h index 6272a395d43c..e8ce2c4c7ac7 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -99,6 +99,8 @@ | |||
99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ |
100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ | 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ |
101 | #define AUDIT_EOE 1320 /* End of multi-record event */ | 101 | #define AUDIT_EOE 1320 /* End of multi-record event */ |
102 | #define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */ | ||
103 | #define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */ | ||
102 | 104 | ||
103 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 105 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
104 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 106 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -452,6 +454,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr | |||
452 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 454 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); |
453 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 455 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); |
454 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | 456 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
457 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
458 | const struct cred *new, | ||
459 | const struct cred *old); | ||
460 | extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | ||
455 | 461 | ||
456 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | 462 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) |
457 | { | 463 | { |
@@ -501,6 +507,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
501 | return __audit_mq_getsetattr(mqdes, mqstat); | 507 | return __audit_mq_getsetattr(mqdes, mqstat); |
502 | return 0; | 508 | return 0; |
503 | } | 509 | } |
510 | |||
511 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
512 | const struct cred *new, | ||
513 | const struct cred *old) | ||
514 | { | ||
515 | if (unlikely(!audit_dummy_context())) | ||
516 | return __audit_log_bprm_fcaps(bprm, new, old); | ||
517 | return 0; | ||
518 | } | ||
519 | |||
520 | static inline int audit_log_capset(pid_t pid, const struct cred *new, | ||
521 | const struct cred *old) | ||
522 | { | ||
523 | if (unlikely(!audit_dummy_context())) | ||
524 | return __audit_log_capset(pid, new, old); | ||
525 | return 0; | ||
526 | } | ||
527 | |||
504 | extern int audit_n_rules; | 528 | extern int audit_n_rules; |
505 | extern int audit_signals; | 529 | extern int audit_signals; |
506 | #else | 530 | #else |
@@ -532,6 +556,8 @@ extern int audit_signals; | |||
532 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 556 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
533 | #define audit_mq_notify(d,n) ({ 0; }) | 557 | #define audit_mq_notify(d,n) ({ 0; }) |
534 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 558 | #define audit_mq_getsetattr(d,s) ({ 0; }) |
559 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) | ||
560 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) | ||
535 | #define audit_ptrace(t) ((void)0) | 561 | #define audit_ptrace(t) ((void)0) |
536 | #define audit_n_rules 0 | 562 | #define audit_n_rules 0 |
537 | #define audit_signals 0 | 563 | #define audit_signals 0 |
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 7394b5b349ff..6cbfbe297180 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
@@ -35,16 +35,20 @@ struct linux_binprm{ | |||
35 | struct mm_struct *mm; | 35 | struct mm_struct *mm; |
36 | unsigned long p; /* current top of mem */ | 36 | unsigned long p; /* current top of mem */ |
37 | unsigned int sh_bang:1, | 37 | unsigned int sh_bang:1, |
38 | misc_bang:1; | 38 | misc_bang:1, |
39 | cred_prepared:1,/* true if creds already prepared (multiple | ||
40 | * preps happen for interpreters) */ | ||
41 | cap_effective:1;/* true if has elevated effective capabilities, | ||
42 | * false if not; except for init which inherits | ||
43 | * its parent's caps anyway */ | ||
39 | #ifdef __alpha__ | 44 | #ifdef __alpha__ |
40 | unsigned int taso:1; | 45 | unsigned int taso:1; |
41 | #endif | 46 | #endif |
42 | unsigned int recursion_depth; | 47 | unsigned int recursion_depth; |
43 | struct file * file; | 48 | struct file * file; |
44 | int e_uid, e_gid; | 49 | struct cred *cred; /* new credentials */ |
45 | kernel_cap_t cap_post_exec_permitted; | 50 | int unsafe; /* how unsafe this exec is (mask of LSM_UNSAFE_*) */ |
46 | bool cap_effective; | 51 | unsigned int per_clear; /* bits to clear in current->personality */ |
47 | void *security; | ||
48 | int argc, envc; | 52 | int argc, envc; |
49 | char * filename; /* Name of binary as seen by procps */ | 53 | char * filename; /* Name of binary as seen by procps */ |
50 | char * interp; /* Name of the binary really executed. Most | 54 | char * interp; /* Name of the binary really executed. Most |
@@ -101,7 +105,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm, | |||
101 | int executable_stack); | 105 | int executable_stack); |
102 | extern int bprm_mm_init(struct linux_binprm *bprm); | 106 | extern int bprm_mm_init(struct linux_binprm *bprm); |
103 | extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); | 107 | extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); |
104 | extern void compute_creds(struct linux_binprm *binprm); | 108 | extern void install_exec_creds(struct linux_binprm *bprm); |
105 | extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); | 109 | extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); |
106 | extern int set_binfmt(struct linux_binfmt *new); | 110 | extern int set_binfmt(struct linux_binfmt *new); |
107 | extern void free_bprm(struct linux_binprm *); | 111 | extern void free_bprm(struct linux_binprm *); |
diff --git a/include/linux/capability.h b/include/linux/capability.h index 9d1fe30b6f6c..e22f48c2a46f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -53,6 +53,7 @@ typedef struct __user_cap_data_struct { | |||
53 | #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX | 53 | #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX |
54 | 54 | ||
55 | #define VFS_CAP_REVISION_MASK 0xFF000000 | 55 | #define VFS_CAP_REVISION_MASK 0xFF000000 |
56 | #define VFS_CAP_REVISION_SHIFT 24 | ||
56 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK | 57 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK |
57 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | 58 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 |
58 | 59 | ||
@@ -68,6 +69,9 @@ typedef struct __user_cap_data_struct { | |||
68 | #define VFS_CAP_U32 VFS_CAP_U32_2 | 69 | #define VFS_CAP_U32 VFS_CAP_U32_2 |
69 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 | 70 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 |
70 | 71 | ||
72 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
73 | extern int file_caps_enabled; | ||
74 | #endif | ||
71 | 75 | ||
72 | struct vfs_cap_data { | 76 | struct vfs_cap_data { |
73 | __le32 magic_etc; /* Little endian */ | 77 | __le32 magic_etc; /* Little endian */ |
@@ -96,6 +100,13 @@ typedef struct kernel_cap_struct { | |||
96 | __u32 cap[_KERNEL_CAPABILITY_U32S]; | 100 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
97 | } kernel_cap_t; | 101 | } kernel_cap_t; |
98 | 102 | ||
103 | /* exact same as vfs_cap_data but in cpu endian and always filled completely */ | ||
104 | struct cpu_vfs_cap_data { | ||
105 | __u32 magic_etc; | ||
106 | kernel_cap_t permitted; | ||
107 | kernel_cap_t inheritable; | ||
108 | }; | ||
109 | |||
99 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) | 110 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
100 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) | 111 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
101 | 112 | ||
@@ -454,6 +465,13 @@ static inline int cap_isclear(const kernel_cap_t a) | |||
454 | return 1; | 465 | return 1; |
455 | } | 466 | } |
456 | 467 | ||
468 | /* | ||
469 | * Check if "a" is a subset of "set". | ||
470 | * return 1 if ALL of the capabilities in "a" are also in "set" | ||
471 | * cap_issubset(0101, 1111) will return 1 | ||
472 | * return 0 if ANY of the capabilities in "a" are not in "set" | ||
473 | * cap_issubset(1111, 0101) will return 0 | ||
474 | */ | ||
457 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) | 475 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
458 | { | 476 | { |
459 | kernel_cap_t dest; | 477 | kernel_cap_t dest; |
@@ -501,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set; | |||
501 | extern const kernel_cap_t __cap_full_set; | 519 | extern const kernel_cap_t __cap_full_set; |
502 | extern const kernel_cap_t __cap_init_eff_set; | 520 | extern const kernel_cap_t __cap_init_eff_set; |
503 | 521 | ||
504 | kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); | ||
505 | |||
506 | /** | 522 | /** |
507 | * has_capability - Determine if a task has a superior capability available | 523 | * has_capability - Determine if a task has a superior capability available |
508 | * @t: The task in question | 524 | * @t: The task in question |
@@ -514,9 +530,14 @@ kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); | |||
514 | * Note that this does not set PF_SUPERPRIV on the task. | 530 | * Note that this does not set PF_SUPERPRIV on the task. |
515 | */ | 531 | */ |
516 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) | 532 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) |
533 | #define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0) | ||
517 | 534 | ||
518 | extern int capable(int cap); | 535 | extern int capable(int cap); |
519 | 536 | ||
537 | /* audit system wants to get cap info from files as well */ | ||
538 | struct dentry; | ||
539 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); | ||
540 | |||
520 | #endif /* __KERNEL__ */ | 541 | #endif /* __KERNEL__ */ |
521 | 542 | ||
522 | #endif /* !_LINUX_CAPABILITY_H */ | 543 | #endif /* !_LINUX_CAPABILITY_H */ |
diff --git a/include/linux/cred.h b/include/linux/cred.h index b69222cc1fd2..3282ee4318e7 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* Credentials management | 1 | /* Credentials management - see Documentation/credentials.txt |
2 | * | 2 | * |
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
@@ -12,39 +12,335 @@ | |||
12 | #ifndef _LINUX_CRED_H | 12 | #ifndef _LINUX_CRED_H |
13 | #define _LINUX_CRED_H | 13 | #define _LINUX_CRED_H |
14 | 14 | ||
15 | #define get_current_user() (get_uid(current->user)) | 15 | #include <linux/capability.h> |
16 | #include <linux/key.h> | ||
17 | #include <asm/atomic.h> | ||
16 | 18 | ||
17 | #define task_uid(task) ((task)->uid) | 19 | struct user_struct; |
18 | #define task_gid(task) ((task)->gid) | 20 | struct cred; |
19 | #define task_euid(task) ((task)->euid) | 21 | struct inode; |
20 | #define task_egid(task) ((task)->egid) | ||
21 | 22 | ||
22 | #define current_uid() (current->uid) | 23 | /* |
23 | #define current_gid() (current->gid) | 24 | * COW Supplementary groups list |
24 | #define current_euid() (current->euid) | 25 | */ |
25 | #define current_egid() (current->egid) | 26 | #define NGROUPS_SMALL 32 |
26 | #define current_suid() (current->suid) | 27 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) |
27 | #define current_sgid() (current->sgid) | 28 | |
28 | #define current_fsuid() (current->fsuid) | 29 | struct group_info { |
29 | #define current_fsgid() (current->fsgid) | 30 | atomic_t usage; |
30 | #define current_cap() (current->cap_effective) | 31 | int ngroups; |
32 | int nblocks; | ||
33 | gid_t small_block[NGROUPS_SMALL]; | ||
34 | gid_t *blocks[0]; | ||
35 | }; | ||
36 | |||
37 | /** | ||
38 | * get_group_info - Get a reference to a group info structure | ||
39 | * @group_info: The group info to reference | ||
40 | * | ||
41 | * This gets a reference to a set of supplementary groups. | ||
42 | * | ||
43 | * If the caller is accessing a task's credentials, they must hold the RCU read | ||
44 | * lock when reading. | ||
45 | */ | ||
46 | static inline struct group_info *get_group_info(struct group_info *gi) | ||
47 | { | ||
48 | atomic_inc(&gi->usage); | ||
49 | return gi; | ||
50 | } | ||
51 | |||
52 | /** | ||
53 | * put_group_info - Release a reference to a group info structure | ||
54 | * @group_info: The group info to release | ||
55 | */ | ||
56 | #define put_group_info(group_info) \ | ||
57 | do { \ | ||
58 | if (atomic_dec_and_test(&(group_info)->usage)) \ | ||
59 | groups_free(group_info); \ | ||
60 | } while (0) | ||
61 | |||
62 | extern struct group_info *groups_alloc(int); | ||
63 | extern struct group_info init_groups; | ||
64 | extern void groups_free(struct group_info *); | ||
65 | extern int set_current_groups(struct group_info *); | ||
66 | extern int set_groups(struct cred *, struct group_info *); | ||
67 | extern int groups_search(const struct group_info *, gid_t); | ||
68 | |||
69 | /* access the groups "array" with this macro */ | ||
70 | #define GROUP_AT(gi, i) \ | ||
71 | ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK]) | ||
72 | |||
73 | extern int in_group_p(gid_t); | ||
74 | extern int in_egroup_p(gid_t); | ||
75 | |||
76 | /* | ||
77 | * The common credentials for a thread group | ||
78 | * - shared by CLONE_THREAD | ||
79 | */ | ||
80 | #ifdef CONFIG_KEYS | ||
81 | struct thread_group_cred { | ||
82 | atomic_t usage; | ||
83 | pid_t tgid; /* thread group process ID */ | ||
84 | spinlock_t lock; | ||
85 | struct key *session_keyring; /* keyring inherited over fork */ | ||
86 | struct key *process_keyring; /* keyring private to this process */ | ||
87 | struct rcu_head rcu; /* RCU deletion hook */ | ||
88 | }; | ||
89 | #endif | ||
90 | |||
91 | /* | ||
92 | * The security context of a task | ||
93 | * | ||
94 | * The parts of the context break down into two categories: | ||
95 | * | ||
96 | * (1) The objective context of a task. These parts are used when some other | ||
97 | * task is attempting to affect this one. | ||
98 | * | ||
99 | * (2) The subjective context. These details are used when the task is acting | ||
100 | * upon another object, be that a file, a task, a key or whatever. | ||
101 | * | ||
102 | * Note that some members of this structure belong to both categories - the | ||
103 | * LSM security pointer for instance. | ||
104 | * | ||
105 | * A task has two security pointers. task->real_cred points to the objective | ||
106 | * context that defines that task's actual details. The objective part of this | ||
107 | * context is used whenever that task is acted upon. | ||
108 | * | ||
109 | * task->cred points to the subjective context that defines the details of how | ||
110 | * that task is going to act upon another object. This may be overridden | ||
111 | * temporarily to point to another security context, but normally points to the | ||
112 | * same context as task->real_cred. | ||
113 | */ | ||
114 | struct cred { | ||
115 | atomic_t usage; | ||
116 | uid_t uid; /* real UID of the task */ | ||
117 | gid_t gid; /* real GID of the task */ | ||
118 | uid_t suid; /* saved UID of the task */ | ||
119 | gid_t sgid; /* saved GID of the task */ | ||
120 | uid_t euid; /* effective UID of the task */ | ||
121 | gid_t egid; /* effective GID of the task */ | ||
122 | uid_t fsuid; /* UID for VFS ops */ | ||
123 | gid_t fsgid; /* GID for VFS ops */ | ||
124 | unsigned securebits; /* SUID-less security management */ | ||
125 | kernel_cap_t cap_inheritable; /* caps our children can inherit */ | ||
126 | kernel_cap_t cap_permitted; /* caps we're permitted */ | ||
127 | kernel_cap_t cap_effective; /* caps we can actually use */ | ||
128 | kernel_cap_t cap_bset; /* capability bounding set */ | ||
129 | #ifdef CONFIG_KEYS | ||
130 | unsigned char jit_keyring; /* default keyring to attach requested | ||
131 | * keys to */ | ||
132 | struct key *thread_keyring; /* keyring private to this thread */ | ||
133 | struct key *request_key_auth; /* assumed request_key authority */ | ||
134 | struct thread_group_cred *tgcred; /* thread-group shared credentials */ | ||
135 | #endif | ||
136 | #ifdef CONFIG_SECURITY | ||
137 | void *security; /* subjective LSM security */ | ||
138 | #endif | ||
139 | struct user_struct *user; /* real user ID subscription */ | ||
140 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ | ||
141 | struct rcu_head rcu; /* RCU deletion hook */ | ||
142 | }; | ||
143 | |||
144 | extern void __put_cred(struct cred *); | ||
145 | extern int copy_creds(struct task_struct *, unsigned long); | ||
146 | extern struct cred *prepare_creds(void); | ||
147 | extern struct cred *prepare_exec_creds(void); | ||
148 | extern struct cred *prepare_usermodehelper_creds(void); | ||
149 | extern int commit_creds(struct cred *); | ||
150 | extern void abort_creds(struct cred *); | ||
151 | extern const struct cred *override_creds(const struct cred *); | ||
152 | extern void revert_creds(const struct cred *); | ||
153 | extern struct cred *prepare_kernel_cred(struct task_struct *); | ||
154 | extern int change_create_files_as(struct cred *, struct inode *); | ||
155 | extern int set_security_override(struct cred *, u32); | ||
156 | extern int set_security_override_from_ctx(struct cred *, const char *); | ||
157 | extern int set_create_files_as(struct cred *, struct inode *); | ||
158 | extern void __init cred_init(void); | ||
159 | |||
160 | /** | ||
161 | * get_new_cred - Get a reference on a new set of credentials | ||
162 | * @cred: The new credentials to reference | ||
163 | * | ||
164 | * Get a reference on the specified set of new credentials. The caller must | ||
165 | * release the reference. | ||
166 | */ | ||
167 | static inline struct cred *get_new_cred(struct cred *cred) | ||
168 | { | ||
169 | atomic_inc(&cred->usage); | ||
170 | return cred; | ||
171 | } | ||
172 | |||
173 | /** | ||
174 | * get_cred - Get a reference on a set of credentials | ||
175 | * @cred: The credentials to reference | ||
176 | * | ||
177 | * Get a reference on the specified set of credentials. The caller must | ||
178 | * release the reference. | ||
179 | * | ||
180 | * This is used to deal with a committed set of credentials. Although the | ||
181 | * pointer is const, this will temporarily discard the const and increment the | ||
182 | * usage count. The purpose of this is to attempt to catch at compile time the | ||
183 | * accidental alteration of a set of credentials that should be considered | ||
184 | * immutable. | ||
185 | */ | ||
186 | static inline const struct cred *get_cred(const struct cred *cred) | ||
187 | { | ||
188 | return get_new_cred((struct cred *) cred); | ||
189 | } | ||
190 | |||
191 | /** | ||
192 | * put_cred - Release a reference to a set of credentials | ||
193 | * @cred: The credentials to release | ||
194 | * | ||
195 | * Release a reference to a set of credentials, deleting them when the last ref | ||
196 | * is released. | ||
197 | * | ||
198 | * This takes a const pointer to a set of credentials because the credentials | ||
199 | * on task_struct are attached by const pointers to prevent accidental | ||
200 | * alteration of otherwise immutable credential sets. | ||
201 | */ | ||
202 | static inline void put_cred(const struct cred *_cred) | ||
203 | { | ||
204 | struct cred *cred = (struct cred *) _cred; | ||
205 | |||
206 | BUG_ON(atomic_read(&(cred)->usage) <= 0); | ||
207 | if (atomic_dec_and_test(&(cred)->usage)) | ||
208 | __put_cred(cred); | ||
209 | } | ||
210 | |||
211 | /** | ||
212 | * current_cred - Access the current task's subjective credentials | ||
213 | * | ||
214 | * Access the subjective credentials of the current task. | ||
215 | */ | ||
216 | #define current_cred() \ | ||
217 | (current->cred) | ||
218 | |||
219 | /** | ||
220 | * __task_cred - Access a task's objective credentials | ||
221 | * @task: The task to query | ||
222 | * | ||
223 | * Access the objective credentials of a task. The caller must hold the RCU | ||
224 | * readlock. | ||
225 | * | ||
226 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
227 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
228 | */ | ||
229 | #define __task_cred(task) \ | ||
230 | ((const struct cred *)(rcu_dereference((task)->real_cred))) | ||
231 | |||
232 | /** | ||
233 | * get_task_cred - Get another task's objective credentials | ||
234 | * @task: The task to query | ||
235 | * | ||
236 | * Get the objective credentials of a task, pinning them so that they can't go | ||
237 | * away. Accessing a task's credentials directly is not permitted. | ||
238 | * | ||
239 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
240 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
241 | */ | ||
242 | #define get_task_cred(task) \ | ||
243 | ({ \ | ||
244 | struct cred *__cred; \ | ||
245 | rcu_read_lock(); \ | ||
246 | __cred = (struct cred *) __task_cred((task)); \ | ||
247 | get_cred(__cred); \ | ||
248 | rcu_read_unlock(); \ | ||
249 | __cred; \ | ||
250 | }) | ||
251 | |||
252 | /** | ||
253 | * get_current_cred - Get the current task's subjective credentials | ||
254 | * | ||
255 | * Get the subjective credentials of the current task, pinning them so that | ||
256 | * they can't go away. Accessing the current task's credentials directly is | ||
257 | * not permitted. | ||
258 | */ | ||
259 | #define get_current_cred() \ | ||
260 | (get_cred(current_cred())) | ||
261 | |||
262 | /** | ||
263 | * get_current_user - Get the current task's user_struct | ||
264 | * | ||
265 | * Get the user record of the current task, pinning it so that it can't go | ||
266 | * away. | ||
267 | */ | ||
268 | #define get_current_user() \ | ||
269 | ({ \ | ||
270 | struct user_struct *__u; \ | ||
271 | struct cred *__cred; \ | ||
272 | __cred = (struct cred *) current_cred(); \ | ||
273 | __u = get_uid(__cred->user); \ | ||
274 | __u; \ | ||
275 | }) | ||
276 | |||
277 | /** | ||
278 | * get_current_groups - Get the current task's supplementary group list | ||
279 | * | ||
280 | * Get the supplementary group list of the current task, pinning it so that it | ||
281 | * can't go away. | ||
282 | */ | ||
283 | #define get_current_groups() \ | ||
284 | ({ \ | ||
285 | struct group_info *__groups; \ | ||
286 | struct cred *__cred; \ | ||
287 | __cred = (struct cred *) current_cred(); \ | ||
288 | __groups = get_group_info(__cred->group_info); \ | ||
289 | __groups; \ | ||
290 | }) | ||
291 | |||
292 | #define task_cred_xxx(task, xxx) \ | ||
293 | ({ \ | ||
294 | __typeof__(((struct cred *)NULL)->xxx) ___val; \ | ||
295 | rcu_read_lock(); \ | ||
296 | ___val = __task_cred((task))->xxx; \ | ||
297 | rcu_read_unlock(); \ | ||
298 | ___val; \ | ||
299 | }) | ||
300 | |||
301 | #define task_uid(task) (task_cred_xxx((task), uid)) | ||
302 | #define task_euid(task) (task_cred_xxx((task), euid)) | ||
303 | |||
304 | #define current_cred_xxx(xxx) \ | ||
305 | ({ \ | ||
306 | current->cred->xxx; \ | ||
307 | }) | ||
308 | |||
309 | #define current_uid() (current_cred_xxx(uid)) | ||
310 | #define current_gid() (current_cred_xxx(gid)) | ||
311 | #define current_euid() (current_cred_xxx(euid)) | ||
312 | #define current_egid() (current_cred_xxx(egid)) | ||
313 | #define current_suid() (current_cred_xxx(suid)) | ||
314 | #define current_sgid() (current_cred_xxx(sgid)) | ||
315 | #define current_fsuid() (current_cred_xxx(fsuid)) | ||
316 | #define current_fsgid() (current_cred_xxx(fsgid)) | ||
317 | #define current_cap() (current_cred_xxx(cap_effective)) | ||
318 | #define current_user() (current_cred_xxx(user)) | ||
319 | #define current_user_ns() (current_cred_xxx(user)->user_ns) | ||
320 | #define current_security() (current_cred_xxx(security)) | ||
31 | 321 | ||
32 | #define current_uid_gid(_uid, _gid) \ | 322 | #define current_uid_gid(_uid, _gid) \ |
33 | do { \ | 323 | do { \ |
34 | *(_uid) = current->uid; \ | 324 | const struct cred *__cred; \ |
35 | *(_gid) = current->gid; \ | 325 | __cred = current_cred(); \ |
326 | *(_uid) = __cred->uid; \ | ||
327 | *(_gid) = __cred->gid; \ | ||
36 | } while(0) | 328 | } while(0) |
37 | 329 | ||
38 | #define current_euid_egid(_uid, _gid) \ | 330 | #define current_euid_egid(_euid, _egid) \ |
39 | do { \ | 331 | do { \ |
40 | *(_uid) = current->euid; \ | 332 | const struct cred *__cred; \ |
41 | *(_gid) = current->egid; \ | 333 | __cred = current_cred(); \ |
334 | *(_euid) = __cred->euid; \ | ||
335 | *(_egid) = __cred->egid; \ | ||
42 | } while(0) | 336 | } while(0) |
43 | 337 | ||
44 | #define current_fsuid_fsgid(_uid, _gid) \ | 338 | #define current_fsuid_fsgid(_fsuid, _fsgid) \ |
45 | do { \ | 339 | do { \ |
46 | *(_uid) = current->fsuid; \ | 340 | const struct cred *__cred; \ |
47 | *(_gid) = current->fsgid; \ | 341 | __cred = current_cred(); \ |
342 | *(_fsuid) = __cred->fsuid; \ | ||
343 | *(_fsgid) = __cred->fsgid; \ | ||
48 | } while(0) | 344 | } while(0) |
49 | 345 | ||
50 | #endif /* _LINUX_CRED_H */ | 346 | #endif /* _LINUX_CRED_H */ |
diff --git a/include/linux/fs.h b/include/linux/fs.h index 0dcdd9458f4b..c0fb6d81d89b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
@@ -315,6 +315,7 @@ struct poll_table_struct; | |||
315 | struct kstatfs; | 315 | struct kstatfs; |
316 | struct vm_area_struct; | 316 | struct vm_area_struct; |
317 | struct vfsmount; | 317 | struct vfsmount; |
318 | struct cred; | ||
318 | 319 | ||
319 | extern void __init inode_init(void); | 320 | extern void __init inode_init(void); |
320 | extern void __init inode_init_early(void); | 321 | extern void __init inode_init_early(void); |
@@ -826,7 +827,7 @@ struct file { | |||
826 | fmode_t f_mode; | 827 | fmode_t f_mode; |
827 | loff_t f_pos; | 828 | loff_t f_pos; |
828 | struct fown_struct f_owner; | 829 | struct fown_struct f_owner; |
829 | unsigned int f_uid, f_gid; | 830 | const struct cred *f_cred; |
830 | struct file_ra_state f_ra; | 831 | struct file_ra_state f_ra; |
831 | 832 | ||
832 | u64 f_version; | 833 | u64 f_version; |
@@ -1193,7 +1194,7 @@ enum { | |||
1193 | #define has_fs_excl() atomic_read(¤t->fs_excl) | 1194 | #define has_fs_excl() atomic_read(¤t->fs_excl) |
1194 | 1195 | ||
1195 | #define is_owner_or_cap(inode) \ | 1196 | #define is_owner_or_cap(inode) \ |
1196 | ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) | 1197 | ((current_fsuid() == (inode)->i_uid) || capable(CAP_FOWNER)) |
1197 | 1198 | ||
1198 | /* not quite ready to be deprecated, but... */ | 1199 | /* not quite ready to be deprecated, but... */ |
1199 | extern void lock_super(struct super_block *); | 1200 | extern void lock_super(struct super_block *); |
@@ -1673,7 +1674,8 @@ extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, | |||
1673 | extern long do_sys_open(int dfd, const char __user *filename, int flags, | 1674 | extern long do_sys_open(int dfd, const char __user *filename, int flags, |
1674 | int mode); | 1675 | int mode); |
1675 | extern struct file *filp_open(const char *, int, int); | 1676 | extern struct file *filp_open(const char *, int, int); |
1676 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int); | 1677 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int, |
1678 | const struct cred *); | ||
1677 | extern int filp_close(struct file *, fl_owner_t id); | 1679 | extern int filp_close(struct file *, fl_owner_t id); |
1678 | extern char * getname(const char __user *); | 1680 | extern char * getname(const char __user *); |
1679 | 1681 | ||
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 23fd8909b9e5..959f5522d10a 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
@@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy; | |||
57 | .mnt_ns = NULL, \ | 57 | .mnt_ns = NULL, \ |
58 | INIT_NET_NS(net_ns) \ | 58 | INIT_NET_NS(net_ns) \ |
59 | INIT_IPC_NS(ipc_ns) \ | 59 | INIT_IPC_NS(ipc_ns) \ |
60 | .user_ns = &init_user_ns, \ | ||
61 | } | 60 | } |
62 | 61 | ||
63 | #define INIT_SIGHAND(sighand) { \ | 62 | #define INIT_SIGHAND(sighand) { \ |
@@ -113,6 +112,8 @@ extern struct group_info init_groups; | |||
113 | # define CAP_INIT_BSET CAP_INIT_EFF_SET | 112 | # define CAP_INIT_BSET CAP_INIT_EFF_SET |
114 | #endif | 113 | #endif |
115 | 114 | ||
115 | extern struct cred init_cred; | ||
116 | |||
116 | /* | 117 | /* |
117 | * INIT_TASK is used to set up the first task table, touch at | 118 | * INIT_TASK is used to set up the first task table, touch at |
118 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | 119 | * your own risk!. Base=0, limit=0x1fffff (=2MB) |
@@ -147,13 +148,10 @@ extern struct group_info init_groups; | |||
147 | .children = LIST_HEAD_INIT(tsk.children), \ | 148 | .children = LIST_HEAD_INIT(tsk.children), \ |
148 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ | 149 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ |
149 | .group_leader = &tsk, \ | 150 | .group_leader = &tsk, \ |
150 | .group_info = &init_groups, \ | 151 | .real_cred = &init_cred, \ |
151 | .cap_effective = CAP_INIT_EFF_SET, \ | 152 | .cred = &init_cred, \ |
152 | .cap_inheritable = CAP_INIT_INH_SET, \ | 153 | .cred_exec_mutex = \ |
153 | .cap_permitted = CAP_FULL_SET, \ | 154 | __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \ |
154 | .cap_bset = CAP_INIT_BSET, \ | ||
155 | .securebits = SECUREBITS_DEFAULT, \ | ||
156 | .user = INIT_USER, \ | ||
157 | .comm = "swapper", \ | 155 | .comm = "swapper", \ |
158 | .thread = INIT_THREAD, \ | 156 | .thread = INIT_THREAD, \ |
159 | .fs = &init_fs, \ | 157 | .fs = &init_fs, \ |
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h deleted file mode 100644 index e8b8a7a5c496..000000000000 --- a/include/linux/key-ui.h +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | /* key-ui.h: key userspace interface stuff | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_KEY_UI_H | ||
13 | #define _LINUX_KEY_UI_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | |||
17 | /* the key tree */ | ||
18 | extern struct rb_root key_serial_tree; | ||
19 | extern spinlock_t key_serial_lock; | ||
20 | |||
21 | /* required permissions */ | ||
22 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
23 | #define KEY_READ 0x02 /* require permission to read content */ | ||
24 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
25 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
26 | #define KEY_LINK 0x10 /* require permission to link */ | ||
27 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
28 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
29 | |||
30 | /* | ||
31 | * the keyring payload contains a list of the keys to which the keyring is | ||
32 | * subscribed | ||
33 | */ | ||
34 | struct keyring_list { | ||
35 | struct rcu_head rcu; /* RCU deletion hook */ | ||
36 | unsigned short maxkeys; /* max keys this list can hold */ | ||
37 | unsigned short nkeys; /* number of keys currently held */ | ||
38 | unsigned short delkey; /* key to be unlinked by RCU */ | ||
39 | struct key *keys[0]; | ||
40 | }; | ||
41 | |||
42 | /* | ||
43 | * check to see whether permission is granted to use a key in the desired way | ||
44 | */ | ||
45 | extern int key_task_permission(const key_ref_t key_ref, | ||
46 | struct task_struct *context, | ||
47 | key_perm_t perm); | ||
48 | |||
49 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
50 | { | ||
51 | return key_task_permission(key_ref, current, perm); | ||
52 | } | ||
53 | |||
54 | extern key_ref_t lookup_user_key(struct task_struct *context, | ||
55 | key_serial_t id, int create, int partial, | ||
56 | key_perm_t perm); | ||
57 | |||
58 | extern long join_session_keyring(const char *name); | ||
59 | |||
60 | extern struct key_type *key_type_lookup(const char *type); | ||
61 | extern void key_type_put(struct key_type *ktype); | ||
62 | |||
63 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
64 | |||
65 | |||
66 | #endif /* _LINUX_KEY_UI_H */ | ||
diff --git a/include/linux/key.h b/include/linux/key.h index 1b70e35a71e3..21d32a142c00 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
@@ -73,6 +73,7 @@ struct key; | |||
73 | struct seq_file; | 73 | struct seq_file; |
74 | struct user_struct; | 74 | struct user_struct; |
75 | struct signal_struct; | 75 | struct signal_struct; |
76 | struct cred; | ||
76 | 77 | ||
77 | struct key_type; | 78 | struct key_type; |
78 | struct key_owner; | 79 | struct key_owner; |
@@ -181,7 +182,7 @@ struct key { | |||
181 | extern struct key *key_alloc(struct key_type *type, | 182 | extern struct key *key_alloc(struct key_type *type, |
182 | const char *desc, | 183 | const char *desc, |
183 | uid_t uid, gid_t gid, | 184 | uid_t uid, gid_t gid, |
184 | struct task_struct *ctx, | 185 | const struct cred *cred, |
185 | key_perm_t perm, | 186 | key_perm_t perm, |
186 | unsigned long flags); | 187 | unsigned long flags); |
187 | 188 | ||
@@ -249,7 +250,7 @@ extern int key_unlink(struct key *keyring, | |||
249 | struct key *key); | 250 | struct key *key); |
250 | 251 | ||
251 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | 252 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
252 | struct task_struct *ctx, | 253 | const struct cred *cred, |
253 | unsigned long flags, | 254 | unsigned long flags, |
254 | struct key *dest); | 255 | struct key *dest); |
255 | 256 | ||
@@ -276,24 +277,11 @@ extern ctl_table key_sysctls[]; | |||
276 | /* | 277 | /* |
277 | * the userspace interface | 278 | * the userspace interface |
278 | */ | 279 | */ |
279 | extern void switch_uid_keyring(struct user_struct *new_user); | 280 | extern int install_thread_keyring_to_cred(struct cred *cred); |
280 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); | ||
281 | extern int copy_thread_group_keys(struct task_struct *tsk); | ||
282 | extern void exit_keys(struct task_struct *tsk); | ||
283 | extern void exit_thread_group_keys(struct signal_struct *tg); | ||
284 | extern int suid_keys(struct task_struct *tsk); | ||
285 | extern int exec_keys(struct task_struct *tsk); | ||
286 | extern void key_fsuid_changed(struct task_struct *tsk); | 281 | extern void key_fsuid_changed(struct task_struct *tsk); |
287 | extern void key_fsgid_changed(struct task_struct *tsk); | 282 | extern void key_fsgid_changed(struct task_struct *tsk); |
288 | extern void key_init(void); | 283 | extern void key_init(void); |
289 | 284 | ||
290 | #define __install_session_keyring(tsk, keyring) \ | ||
291 | ({ \ | ||
292 | struct key *old_session = tsk->signal->session_keyring; \ | ||
293 | tsk->signal->session_keyring = keyring; \ | ||
294 | old_session; \ | ||
295 | }) | ||
296 | |||
297 | #else /* CONFIG_KEYS */ | 285 | #else /* CONFIG_KEYS */ |
298 | 286 | ||
299 | #define key_validate(k) 0 | 287 | #define key_validate(k) 0 |
@@ -302,17 +290,9 @@ extern void key_init(void); | |||
302 | #define key_revoke(k) do { } while(0) | 290 | #define key_revoke(k) do { } while(0) |
303 | #define key_put(k) do { } while(0) | 291 | #define key_put(k) do { } while(0) |
304 | #define key_ref_put(k) do { } while(0) | 292 | #define key_ref_put(k) do { } while(0) |
305 | #define make_key_ref(k, p) ({ NULL; }) | 293 | #define make_key_ref(k, p) NULL |
306 | #define key_ref_to_ptr(k) ({ NULL; }) | 294 | #define key_ref_to_ptr(k) NULL |
307 | #define is_key_possessed(k) 0 | 295 | #define is_key_possessed(k) 0 |
308 | #define switch_uid_keyring(u) do { } while(0) | ||
309 | #define __install_session_keyring(t, k) ({ NULL; }) | ||
310 | #define copy_keys(f,t) 0 | ||
311 | #define copy_thread_group_keys(t) 0 | ||
312 | #define exit_keys(t) do { } while(0) | ||
313 | #define exit_thread_group_keys(tg) do { } while(0) | ||
314 | #define suid_keys(t) do { } while(0) | ||
315 | #define exec_keys(t) do { } while(0) | ||
316 | #define key_fsuid_changed(t) do { } while(0) | 296 | #define key_fsuid_changed(t) do { } while(0) |
317 | #define key_fsgid_changed(t) do { } while(0) | 297 | #define key_fsgid_changed(t) do { } while(0) |
318 | #define key_init() do { } while(0) | 298 | #define key_init() do { } while(0) |
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index 656ee6b77a4a..c0688eb72093 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h | |||
@@ -1,6 +1,6 @@ | |||
1 | /* keyctl.h: keyctl command IDs | 1 | /* keyctl.h: keyctl command IDs |
2 | * | 2 | * |
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | 5 | * |
6 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
@@ -20,6 +20,7 @@ | |||
20 | #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ | 20 | #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ |
21 | #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ | 21 | #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ |
22 | #define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ | 22 | #define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ |
23 | #define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */ | ||
23 | 24 | ||
24 | /* request-key default keyrings */ | 25 | /* request-key default keyrings */ |
25 | #define KEY_REQKEY_DEFL_NO_CHANGE -1 | 26 | #define KEY_REQKEY_DEFL_NO_CHANGE -1 |
@@ -30,6 +31,7 @@ | |||
30 | #define KEY_REQKEY_DEFL_USER_KEYRING 4 | 31 | #define KEY_REQKEY_DEFL_USER_KEYRING 4 |
31 | #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 | 32 | #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 |
32 | #define KEY_REQKEY_DEFL_GROUP_KEYRING 6 | 33 | #define KEY_REQKEY_DEFL_GROUP_KEYRING 6 |
34 | #define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7 | ||
33 | 35 | ||
34 | /* keyctl commands */ | 36 | /* keyctl commands */ |
35 | #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ | 37 | #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ |
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h index c8a768e59640..afad7dec1b36 100644 --- a/include/linux/nsproxy.h +++ b/include/linux/nsproxy.h | |||
@@ -27,7 +27,6 @@ struct nsproxy { | |||
27 | struct ipc_namespace *ipc_ns; | 27 | struct ipc_namespace *ipc_ns; |
28 | struct mnt_namespace *mnt_ns; | 28 | struct mnt_namespace *mnt_ns; |
29 | struct pid_namespace *pid_ns; | 29 | struct pid_namespace *pid_ns; |
30 | struct user_namespace *user_ns; | ||
31 | struct net *net_ns; | 30 | struct net *net_ns; |
32 | }; | 31 | }; |
33 | extern struct nsproxy init_nsproxy; | 32 | extern struct nsproxy init_nsproxy; |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 55e30d114477..9624e2cfc2dc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -572,12 +572,6 @@ struct signal_struct { | |||
572 | */ | 572 | */ |
573 | struct rlimit rlim[RLIM_NLIMITS]; | 573 | struct rlimit rlim[RLIM_NLIMITS]; |
574 | 574 | ||
575 | /* keep the process-shared keyrings here so that they do the right | ||
576 | * thing in threads created with CLONE_THREAD */ | ||
577 | #ifdef CONFIG_KEYS | ||
578 | struct key *session_keyring; /* keyring inherited over fork */ | ||
579 | struct key *process_keyring; /* keyring private to this process */ | ||
580 | #endif | ||
581 | #ifdef CONFIG_BSD_PROCESS_ACCT | 575 | #ifdef CONFIG_BSD_PROCESS_ACCT |
582 | struct pacct_struct pacct; /* per-process accounting information */ | 576 | struct pacct_struct pacct; /* per-process accounting information */ |
583 | #endif | 577 | #endif |
@@ -648,6 +642,7 @@ struct user_struct { | |||
648 | /* Hash table maintenance information */ | 642 | /* Hash table maintenance information */ |
649 | struct hlist_node uidhash_node; | 643 | struct hlist_node uidhash_node; |
650 | uid_t uid; | 644 | uid_t uid; |
645 | struct user_namespace *user_ns; | ||
651 | 646 | ||
652 | #ifdef CONFIG_USER_SCHED | 647 | #ifdef CONFIG_USER_SCHED |
653 | struct task_group *tg; | 648 | struct task_group *tg; |
@@ -665,6 +660,7 @@ extern struct user_struct *find_user(uid_t); | |||
665 | extern struct user_struct root_user; | 660 | extern struct user_struct root_user; |
666 | #define INIT_USER (&root_user) | 661 | #define INIT_USER (&root_user) |
667 | 662 | ||
663 | |||
668 | struct backing_dev_info; | 664 | struct backing_dev_info; |
669 | struct reclaim_state; | 665 | struct reclaim_state; |
670 | 666 | ||
@@ -888,38 +884,7 @@ partition_sched_domains(int ndoms_new, cpumask_t *doms_new, | |||
888 | #endif /* !CONFIG_SMP */ | 884 | #endif /* !CONFIG_SMP */ |
889 | 885 | ||
890 | struct io_context; /* See blkdev.h */ | 886 | struct io_context; /* See blkdev.h */ |
891 | #define NGROUPS_SMALL 32 | ||
892 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) | ||
893 | struct group_info { | ||
894 | int ngroups; | ||
895 | atomic_t usage; | ||
896 | gid_t small_block[NGROUPS_SMALL]; | ||
897 | int nblocks; | ||
898 | gid_t *blocks[0]; | ||
899 | }; | ||
900 | 887 | ||
901 | /* | ||
902 | * get_group_info() must be called with the owning task locked (via task_lock()) | ||
903 | * when task != current. The reason being that the vast majority of callers are | ||
904 | * looking at current->group_info, which can not be changed except by the | ||
905 | * current task. Changing current->group_info requires the task lock, too. | ||
906 | */ | ||
907 | #define get_group_info(group_info) do { \ | ||
908 | atomic_inc(&(group_info)->usage); \ | ||
909 | } while (0) | ||
910 | |||
911 | #define put_group_info(group_info) do { \ | ||
912 | if (atomic_dec_and_test(&(group_info)->usage)) \ | ||
913 | groups_free(group_info); \ | ||
914 | } while (0) | ||
915 | |||
916 | extern struct group_info *groups_alloc(int gidsetsize); | ||
917 | extern void groups_free(struct group_info *group_info); | ||
918 | extern int set_current_groups(struct group_info *group_info); | ||
919 | extern int groups_search(struct group_info *group_info, gid_t grp); | ||
920 | /* access the groups "array" with this macro */ | ||
921 | #define GROUP_AT(gi, i) \ | ||
922 | ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK]) | ||
923 | 888 | ||
924 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK | 889 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK |
925 | extern void prefetch_stack(struct task_struct *t); | 890 | extern void prefetch_stack(struct task_struct *t); |
@@ -1186,17 +1151,12 @@ struct task_struct { | |||
1186 | struct list_head cpu_timers[3]; | 1151 | struct list_head cpu_timers[3]; |
1187 | 1152 | ||
1188 | /* process credentials */ | 1153 | /* process credentials */ |
1189 | uid_t uid,euid,suid,fsuid; | 1154 | const struct cred *real_cred; /* objective and real subjective task |
1190 | gid_t gid,egid,sgid,fsgid; | 1155 | * credentials (COW) */ |
1191 | struct group_info *group_info; | 1156 | const struct cred *cred; /* effective (overridable) subjective task |
1192 | kernel_cap_t cap_effective, cap_inheritable, cap_permitted, cap_bset; | 1157 | * credentials (COW) */ |
1193 | struct user_struct *user; | 1158 | struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */ |
1194 | unsigned securebits; | 1159 | |
1195 | #ifdef CONFIG_KEYS | ||
1196 | unsigned char jit_keyring; /* default keyring to attach requested keys to */ | ||
1197 | struct key *request_key_auth; /* assumed request_key authority */ | ||
1198 | struct key *thread_keyring; /* keyring private to this thread */ | ||
1199 | #endif | ||
1200 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 1160 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
1201 | - access with [gs]et_task_comm (which lock | 1161 | - access with [gs]et_task_comm (which lock |
1202 | it with task_lock()) | 1162 | it with task_lock()) |
@@ -1233,9 +1193,6 @@ struct task_struct { | |||
1233 | int (*notifier)(void *priv); | 1193 | int (*notifier)(void *priv); |
1234 | void *notifier_data; | 1194 | void *notifier_data; |
1235 | sigset_t *notifier_mask; | 1195 | sigset_t *notifier_mask; |
1236 | #ifdef CONFIG_SECURITY | ||
1237 | void *security; | ||
1238 | #endif | ||
1239 | struct audit_context *audit_context; | 1196 | struct audit_context *audit_context; |
1240 | #ifdef CONFIG_AUDITSYSCALL | 1197 | #ifdef CONFIG_AUDITSYSCALL |
1241 | uid_t loginuid; | 1198 | uid_t loginuid; |
@@ -1775,7 +1732,6 @@ static inline struct user_struct *get_uid(struct user_struct *u) | |||
1775 | return u; | 1732 | return u; |
1776 | } | 1733 | } |
1777 | extern void free_uid(struct user_struct *); | 1734 | extern void free_uid(struct user_struct *); |
1778 | extern void switch_uid(struct user_struct *); | ||
1779 | extern void release_uids(struct user_namespace *ns); | 1735 | extern void release_uids(struct user_namespace *ns); |
1780 | 1736 | ||
1781 | #include <asm/current.h> | 1737 | #include <asm/current.h> |
@@ -1794,9 +1750,6 @@ extern void wake_up_new_task(struct task_struct *tsk, | |||
1794 | extern void sched_fork(struct task_struct *p, int clone_flags); | 1750 | extern void sched_fork(struct task_struct *p, int clone_flags); |
1795 | extern void sched_dead(struct task_struct *p); | 1751 | extern void sched_dead(struct task_struct *p); |
1796 | 1752 | ||
1797 | extern int in_group_p(gid_t); | ||
1798 | extern int in_egroup_p(gid_t); | ||
1799 | |||
1800 | extern void proc_caches_init(void); | 1753 | extern void proc_caches_init(void); |
1801 | extern void flush_signals(struct task_struct *); | 1754 | extern void flush_signals(struct task_struct *); |
1802 | extern void ignore_signals(struct task_struct *); | 1755 | extern void ignore_signals(struct task_struct *); |
@@ -1928,6 +1881,8 @@ static inline unsigned long wait_task_inactive(struct task_struct *p, | |||
1928 | #define for_each_process(p) \ | 1881 | #define for_each_process(p) \ |
1929 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) | 1882 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) |
1930 | 1883 | ||
1884 | extern bool is_single_threaded(struct task_struct *); | ||
1885 | |||
1931 | /* | 1886 | /* |
1932 | * Careful: do_each_thread/while_each_thread is a double loop so | 1887 | * Careful: do_each_thread/while_each_thread is a double loop so |
1933 | * 'break' will not work as expected - use goto instead. | 1888 | * 'break' will not work as expected - use goto instead. |
diff --git a/include/linux/securebits.h b/include/linux/securebits.h index 92f09bdf1175..d2c5ed845bcc 100644 --- a/include/linux/securebits.h +++ b/include/linux/securebits.h | |||
@@ -32,7 +32,7 @@ | |||
32 | setting is locked or not. A setting which is locked cannot be | 32 | setting is locked or not. A setting which is locked cannot be |
33 | changed from user-level. */ | 33 | changed from user-level. */ |
34 | #define issecure_mask(X) (1 << (X)) | 34 | #define issecure_mask(X) (1 << (X)) |
35 | #define issecure(X) (issecure_mask(X) & current->securebits) | 35 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
36 | 36 | ||
37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ | 37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ | 38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
diff --git a/include/linux/security.h b/include/linux/security.h index e3d4ecda2673..6423abf1ac0f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -37,6 +37,10 @@ | |||
37 | /* Maximum number of letters for an LSM name string */ | 37 | /* Maximum number of letters for an LSM name string */ |
38 | #define SECURITY_NAME_MAX 10 | 38 | #define SECURITY_NAME_MAX 10 |
39 | 39 | ||
40 | /* If capable should audit the security request */ | ||
41 | #define SECURITY_CAP_NOAUDIT 0 | ||
42 | #define SECURITY_CAP_AUDIT 1 | ||
43 | |||
40 | struct ctl_table; | 44 | struct ctl_table; |
41 | struct audit_krule; | 45 | struct audit_krule; |
42 | 46 | ||
@@ -44,25 +48,25 @@ struct audit_krule; | |||
44 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
45 | * as the default capabilities functions | 49 | * as the default capabilities functions |
46 | */ | 50 | */ |
47 | extern int cap_capable(struct task_struct *tsk, int cap); | 51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); |
48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
49 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
50 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
51 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
52 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 56 | extern int cap_capset(struct cred *new, const struct cred *old, |
53 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 57 | const kernel_cap_t *effective, |
54 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 58 | const kernel_cap_t *inheritable, |
55 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 59 | const kernel_cap_t *permitted); |
60 | extern int cap_bprm_set_creds(struct linux_binprm *bprm); | ||
56 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 61 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
57 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | 62 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
58 | const void *value, size_t size, int flags); | 63 | const void *value, size_t size, int flags); |
59 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 64 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
60 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 65 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
61 | extern int cap_inode_killpriv(struct dentry *dentry); | 66 | extern int cap_inode_killpriv(struct dentry *dentry); |
62 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 67 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
63 | extern void cap_task_reparent_to_init(struct task_struct *p); | ||
64 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 68 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
65 | unsigned long arg4, unsigned long arg5, long *rc_p); | 69 | unsigned long arg4, unsigned long arg5); |
66 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 70 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); |
67 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 71 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
68 | extern int cap_task_setnice(struct task_struct *p, int nice); | 72 | extern int cap_task_setnice(struct task_struct *p, int nice); |
@@ -105,7 +109,7 @@ extern unsigned long mmap_min_addr; | |||
105 | struct sched_param; | 109 | struct sched_param; |
106 | struct request_sock; | 110 | struct request_sock; |
107 | 111 | ||
108 | /* bprm_apply_creds unsafe reasons */ | 112 | /* bprm->unsafe reasons */ |
109 | #define LSM_UNSAFE_SHARE 1 | 113 | #define LSM_UNSAFE_SHARE 1 |
110 | #define LSM_UNSAFE_PTRACE 2 | 114 | #define LSM_UNSAFE_PTRACE 2 |
111 | #define LSM_UNSAFE_PTRACE_CAP 4 | 115 | #define LSM_UNSAFE_PTRACE_CAP 4 |
@@ -149,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
149 | * | 153 | * |
150 | * Security hooks for program execution operations. | 154 | * Security hooks for program execution operations. |
151 | * | 155 | * |
152 | * @bprm_alloc_security: | 156 | * @bprm_set_creds: |
153 | * Allocate and attach a security structure to the @bprm->security field. | ||
154 | * The security field is initialized to NULL when the bprm structure is | ||
155 | * allocated. | ||
156 | * @bprm contains the linux_binprm structure to be modified. | ||
157 | * Return 0 if operation was successful. | ||
158 | * @bprm_free_security: | ||
159 | * @bprm contains the linux_binprm structure to be modified. | ||
160 | * Deallocate and clear the @bprm->security field. | ||
161 | * @bprm_apply_creds: | ||
162 | * Compute and set the security attributes of a process being transformed | ||
163 | * by an execve operation based on the old attributes (current->security) | ||
164 | * and the information saved in @bprm->security by the set_security hook. | ||
165 | * Since this hook function (and its caller) are void, this hook can not | ||
166 | * return an error. However, it can leave the security attributes of the | ||
167 | * process unchanged if an access failure occurs at this point. | ||
168 | * bprm_apply_creds is called under task_lock. @unsafe indicates various | ||
169 | * reasons why it may be unsafe to change security state. | ||
170 | * @bprm contains the linux_binprm structure. | ||
171 | * @bprm_post_apply_creds: | ||
172 | * Runs after bprm_apply_creds with the task_lock dropped, so that | ||
173 | * functions which cannot be called safely under the task_lock can | ||
174 | * be used. This hook is a good place to perform state changes on | ||
175 | * the process such as closing open file descriptors to which access | ||
176 | * is no longer granted if the attributes were changed. | ||
177 | * Note that a security module might need to save state between | ||
178 | * bprm_apply_creds and bprm_post_apply_creds to store the decision | ||
179 | * on whether the process may proceed. | ||
180 | * @bprm contains the linux_binprm structure. | ||
181 | * @bprm_set_security: | ||
182 | * Save security information in the bprm->security field, typically based | 157 | * Save security information in the bprm->security field, typically based |
183 | * on information about the bprm->file, for later use by the apply_creds | 158 | * on information about the bprm->file, for later use by the apply_creds |
184 | * hook. This hook may also optionally check permissions (e.g. for | 159 | * hook. This hook may also optionally check permissions (e.g. for |
@@ -191,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
191 | * @bprm contains the linux_binprm structure. | 166 | * @bprm contains the linux_binprm structure. |
192 | * Return 0 if the hook is successful and permission is granted. | 167 | * Return 0 if the hook is successful and permission is granted. |
193 | * @bprm_check_security: | 168 | * @bprm_check_security: |
194 | * This hook mediates the point when a search for a binary handler will | 169 | * This hook mediates the point when a search for a binary handler will |
195 | * begin. It allows a check the @bprm->security value which is set in | 170 | * begin. It allows a check the @bprm->security value which is set in the |
196 | * the preceding set_security call. The primary difference from | 171 | * preceding set_creds call. The primary difference from set_creds is |
197 | * set_security is that the argv list and envp list are reliably | 172 | * that the argv list and envp list are reliably available in @bprm. This |
198 | * available in @bprm. This hook may be called multiple times | 173 | * hook may be called multiple times during a single execve; and in each |
199 | * during a single execve; and in each pass set_security is called | 174 | * pass set_creds is called first. |
200 | * first. | ||
201 | * @bprm contains the linux_binprm structure. | 175 | * @bprm contains the linux_binprm structure. |
202 | * Return 0 if the hook is successful and permission is granted. | 176 | * Return 0 if the hook is successful and permission is granted. |
177 | * @bprm_committing_creds: | ||
178 | * Prepare to install the new security attributes of a process being | ||
179 | * transformed by an execve operation, based on the old credentials | ||
180 | * pointed to by @current->cred and the information set in @bprm->cred by | ||
181 | * the bprm_set_creds hook. @bprm points to the linux_binprm structure. | ||
182 | * This hook is a good place to perform state changes on the process such | ||
183 | * as closing open file descriptors to which access will no longer be | ||
184 | * granted when the attributes are changed. This is called immediately | ||
185 | * before commit_creds(). | ||
186 | * @bprm_committed_creds: | ||
187 | * Tidy up after the installation of the new security attributes of a | ||
188 | * process being transformed by an execve operation. The new credentials | ||
189 | * have, by this point, been set to @current->cred. @bprm points to the | ||
190 | * linux_binprm structure. This hook is a good place to perform state | ||
191 | * changes on the process such as clearing out non-inheritable signal | ||
192 | * state. This is called immediately after commit_creds(). | ||
203 | * @bprm_secureexec: | 193 | * @bprm_secureexec: |
204 | * Return a boolean value (0 or 1) indicating whether a "secure exec" | 194 | * Return a boolean value (0 or 1) indicating whether a "secure exec" |
205 | * is required. The flag is passed in the auxiliary table | 195 | * is required. The flag is passed in the auxiliary table |
@@ -585,15 +575,31 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
585 | * manual page for definitions of the @clone_flags. | 575 | * manual page for definitions of the @clone_flags. |
586 | * @clone_flags contains the flags indicating what should be shared. | 576 | * @clone_flags contains the flags indicating what should be shared. |
587 | * Return 0 if permission is granted. | 577 | * Return 0 if permission is granted. |
588 | * @task_alloc_security: | 578 | * @cred_free: |
589 | * @p contains the task_struct for child process. | 579 | * @cred points to the credentials. |
590 | * Allocate and attach a security structure to the p->security field. The | 580 | * Deallocate and clear the cred->security field in a set of credentials. |
591 | * security field is initialized to NULL when the task structure is | 581 | * @cred_prepare: |
592 | * allocated. | 582 | * @new points to the new credentials. |
593 | * Return 0 if operation was successful. | 583 | * @old points to the original credentials. |
594 | * @task_free_security: | 584 | * @gfp indicates the atomicity of any memory allocations. |
595 | * @p contains the task_struct for process. | 585 | * Prepare a new set of credentials by copying the data from the old set. |
596 | * Deallocate and clear the p->security field. | 586 | * @cred_commit: |
587 | * @new points to the new credentials. | ||
588 | * @old points to the original credentials. | ||
589 | * Install a new set of credentials. | ||
590 | * @kernel_act_as: | ||
591 | * Set the credentials for a kernel service to act as (subjective context). | ||
592 | * @new points to the credentials to be modified. | ||
593 | * @secid specifies the security ID to be set | ||
594 | * The current task must be the one that nominated @secid. | ||
595 | * Return 0 if successful. | ||
596 | * @kernel_create_files_as: | ||
597 | * Set the file creation context in a set of credentials to be the same as | ||
598 | * the objective context of the specified inode. | ||
599 | * @new points to the credentials to be modified. | ||
600 | * @inode points to the inode to use as a reference. | ||
601 | * The current task must be the one that nominated @inode. | ||
602 | * Return 0 if successful. | ||
597 | * @task_setuid: | 603 | * @task_setuid: |
598 | * Check permission before setting one or more of the user identity | 604 | * Check permission before setting one or more of the user identity |
599 | * attributes of the current process. The @flags parameter indicates | 605 | * attributes of the current process. The @flags parameter indicates |
@@ -606,15 +612,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
606 | * @id2 contains a uid. | 612 | * @id2 contains a uid. |
607 | * @flags contains one of the LSM_SETID_* values. | 613 | * @flags contains one of the LSM_SETID_* values. |
608 | * Return 0 if permission is granted. | 614 | * Return 0 if permission is granted. |
609 | * @task_post_setuid: | 615 | * @task_fix_setuid: |
610 | * Update the module's state after setting one or more of the user | 616 | * Update the module's state after setting one or more of the user |
611 | * identity attributes of the current process. The @flags parameter | 617 | * identity attributes of the current process. The @flags parameter |
612 | * indicates which of the set*uid system calls invoked this hook. If | 618 | * indicates which of the set*uid system calls invoked this hook. If |
613 | * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other | 619 | * @new is the set of credentials that will be installed. Modifications |
614 | * parameters are not used. | 620 | * should be made to this rather than to @current->cred. |
615 | * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). | 621 | * @old is the set of credentials that are being replaces |
616 | * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS). | ||
617 | * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS). | ||
618 | * @flags contains one of the LSM_SETID_* values. | 622 | * @flags contains one of the LSM_SETID_* values. |
619 | * Return 0 on success. | 623 | * Return 0 on success. |
620 | * @task_setgid: | 624 | * @task_setgid: |
@@ -717,13 +721,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
717 | * @arg3 contains a argument. | 721 | * @arg3 contains a argument. |
718 | * @arg4 contains a argument. | 722 | * @arg4 contains a argument. |
719 | * @arg5 contains a argument. | 723 | * @arg5 contains a argument. |
720 | * @rc_p contains a pointer to communicate back the forced return code | 724 | * Return -ENOSYS if no-one wanted to handle this op, any other value to |
721 | * Return 0 if permission is granted, and non-zero if the security module | 725 | * cause prctl() to return immediately with that value. |
722 | * has taken responsibility (setting *rc_p) for the prctl call. | ||
723 | * @task_reparent_to_init: | ||
724 | * Set the security attributes in @p->security for a kernel thread that | ||
725 | * is being reparented to the init task. | ||
726 | * @p contains the task_struct for the kernel thread. | ||
727 | * @task_to_inode: | 726 | * @task_to_inode: |
728 | * Set the security attributes for an inode based on an associated task's | 727 | * Set the security attributes for an inode based on an associated task's |
729 | * security attributes, e.g. for /proc/pid inodes. | 728 | * security attributes, e.g. for /proc/pid inodes. |
@@ -1000,7 +999,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1000 | * See whether a specific operational right is granted to a process on a | 999 | * See whether a specific operational right is granted to a process on a |
1001 | * key. | 1000 | * key. |
1002 | * @key_ref refers to the key (key pointer + possession attribute bit). | 1001 | * @key_ref refers to the key (key pointer + possession attribute bit). |
1003 | * @context points to the process to provide the context against which to | 1002 | * @cred points to the credentials to provide the context against which to |
1004 | * evaluate the security data on the key. | 1003 | * evaluate the security data on the key. |
1005 | * @perm describes the combination of permissions required of this key. | 1004 | * @perm describes the combination of permissions required of this key. |
1006 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1005 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
@@ -1162,6 +1161,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1162 | * @child process. | 1161 | * @child process. |
1163 | * Security modules may also want to perform a process tracing check | 1162 | * Security modules may also want to perform a process tracing check |
1164 | * during an execve in the set_security or apply_creds hooks of | 1163 | * during an execve in the set_security or apply_creds hooks of |
1164 | * tracing check during an execve in the bprm_set_creds hook of | ||
1165 | * binprm_security_ops if the process is being traced and its security | 1165 | * binprm_security_ops if the process is being traced and its security |
1166 | * attributes would be changed by the execve. | 1166 | * attributes would be changed by the execve. |
1167 | * @child contains the task_struct structure for the target process. | 1167 | * @child contains the task_struct structure for the target process. |
@@ -1185,29 +1185,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1185 | * @inheritable contains the inheritable capability set. | 1185 | * @inheritable contains the inheritable capability set. |
1186 | * @permitted contains the permitted capability set. | 1186 | * @permitted contains the permitted capability set. |
1187 | * Return 0 if the capability sets were successfully obtained. | 1187 | * Return 0 if the capability sets were successfully obtained. |
1188 | * @capset_check: | 1188 | * @capset: |
1189 | * Check permission before setting the @effective, @inheritable, and | ||
1190 | * @permitted capability sets for the @target process. | ||
1191 | * Caveat: @target is also set to current if a set of processes is | ||
1192 | * specified (i.e. all processes other than current and init or a | ||
1193 | * particular process group). Hence, the capset_set hook may need to | ||
1194 | * revalidate permission to the actual target process. | ||
1195 | * @target contains the task_struct structure for target process. | ||
1196 | * @effective contains the effective capability set. | ||
1197 | * @inheritable contains the inheritable capability set. | ||
1198 | * @permitted contains the permitted capability set. | ||
1199 | * Return 0 if permission is granted. | ||
1200 | * @capset_set: | ||
1201 | * Set the @effective, @inheritable, and @permitted capability sets for | 1189 | * Set the @effective, @inheritable, and @permitted capability sets for |
1202 | * the @target process. Since capset_check cannot always check permission | 1190 | * the current process. |
1203 | * to the real @target process, this hook may also perform permission | 1191 | * @new contains the new credentials structure for target process. |
1204 | * checking to determine if the current process is allowed to set the | 1192 | * @old contains the current credentials structure for target process. |
1205 | * capability sets of the @target process. However, this hook has no way | ||
1206 | * of returning an error due to the structure of the sys_capset code. | ||
1207 | * @target contains the task_struct structure for target process. | ||
1208 | * @effective contains the effective capability set. | 1193 | * @effective contains the effective capability set. |
1209 | * @inheritable contains the inheritable capability set. | 1194 | * @inheritable contains the inheritable capability set. |
1210 | * @permitted contains the permitted capability set. | 1195 | * @permitted contains the permitted capability set. |
1196 | * Return 0 and update @new if permission is granted. | ||
1211 | * @capable: | 1197 | * @capable: |
1212 | * Check whether the @tsk process has the @cap capability. | 1198 | * Check whether the @tsk process has the @cap capability. |
1213 | * @tsk contains the task_struct for the process. | 1199 | * @tsk contains the task_struct for the process. |
@@ -1299,15 +1285,12 @@ struct security_operations { | |||
1299 | int (*capget) (struct task_struct *target, | 1285 | int (*capget) (struct task_struct *target, |
1300 | kernel_cap_t *effective, | 1286 | kernel_cap_t *effective, |
1301 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1287 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
1302 | int (*capset_check) (struct task_struct *target, | 1288 | int (*capset) (struct cred *new, |
1303 | kernel_cap_t *effective, | 1289 | const struct cred *old, |
1304 | kernel_cap_t *inheritable, | 1290 | const kernel_cap_t *effective, |
1305 | kernel_cap_t *permitted); | 1291 | const kernel_cap_t *inheritable, |
1306 | void (*capset_set) (struct task_struct *target, | 1292 | const kernel_cap_t *permitted); |
1307 | kernel_cap_t *effective, | 1293 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
1308 | kernel_cap_t *inheritable, | ||
1309 | kernel_cap_t *permitted); | ||
1310 | int (*capable) (struct task_struct *tsk, int cap); | ||
1311 | int (*acct) (struct file *file); | 1294 | int (*acct) (struct file *file); |
1312 | int (*sysctl) (struct ctl_table *table, int op); | 1295 | int (*sysctl) (struct ctl_table *table, int op); |
1313 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1296 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
@@ -1316,13 +1299,11 @@ struct security_operations { | |||
1316 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1299 | int (*settime) (struct timespec *ts, struct timezone *tz); |
1317 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1300 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
1318 | 1301 | ||
1319 | int (*bprm_alloc_security) (struct linux_binprm *bprm); | 1302 | int (*bprm_set_creds) (struct linux_binprm *bprm); |
1320 | void (*bprm_free_security) (struct linux_binprm *bprm); | ||
1321 | void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); | ||
1322 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); | ||
1323 | int (*bprm_set_security) (struct linux_binprm *bprm); | ||
1324 | int (*bprm_check_security) (struct linux_binprm *bprm); | 1303 | int (*bprm_check_security) (struct linux_binprm *bprm); |
1325 | int (*bprm_secureexec) (struct linux_binprm *bprm); | 1304 | int (*bprm_secureexec) (struct linux_binprm *bprm); |
1305 | void (*bprm_committing_creds) (struct linux_binprm *bprm); | ||
1306 | void (*bprm_committed_creds) (struct linux_binprm *bprm); | ||
1326 | 1307 | ||
1327 | int (*sb_alloc_security) (struct super_block *sb); | 1308 | int (*sb_alloc_security) (struct super_block *sb); |
1328 | void (*sb_free_security) (struct super_block *sb); | 1309 | void (*sb_free_security) (struct super_block *sb); |
@@ -1406,14 +1387,18 @@ struct security_operations { | |||
1406 | int (*file_send_sigiotask) (struct task_struct *tsk, | 1387 | int (*file_send_sigiotask) (struct task_struct *tsk, |
1407 | struct fown_struct *fown, int sig); | 1388 | struct fown_struct *fown, int sig); |
1408 | int (*file_receive) (struct file *file); | 1389 | int (*file_receive) (struct file *file); |
1409 | int (*dentry_open) (struct file *file); | 1390 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1410 | 1391 | ||
1411 | int (*task_create) (unsigned long clone_flags); | 1392 | int (*task_create) (unsigned long clone_flags); |
1412 | int (*task_alloc_security) (struct task_struct *p); | 1393 | void (*cred_free) (struct cred *cred); |
1413 | void (*task_free_security) (struct task_struct *p); | 1394 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1395 | gfp_t gfp); | ||
1396 | void (*cred_commit)(struct cred *new, const struct cred *old); | ||
1397 | int (*kernel_act_as)(struct cred *new, u32 secid); | ||
1398 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | ||
1414 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1399 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1415 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , | 1400 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1416 | uid_t old_euid, uid_t old_suid, int flags); | 1401 | int flags); |
1417 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | 1402 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
1418 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1403 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1419 | int (*task_getpgid) (struct task_struct *p); | 1404 | int (*task_getpgid) (struct task_struct *p); |
@@ -1433,8 +1418,7 @@ struct security_operations { | |||
1433 | int (*task_wait) (struct task_struct *p); | 1418 | int (*task_wait) (struct task_struct *p); |
1434 | int (*task_prctl) (int option, unsigned long arg2, | 1419 | int (*task_prctl) (int option, unsigned long arg2, |
1435 | unsigned long arg3, unsigned long arg4, | 1420 | unsigned long arg3, unsigned long arg4, |
1436 | unsigned long arg5, long *rc_p); | 1421 | unsigned long arg5); |
1437 | void (*task_reparent_to_init) (struct task_struct *p); | ||
1438 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); | 1422 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); |
1439 | 1423 | ||
1440 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); | 1424 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); |
@@ -1539,10 +1523,10 @@ struct security_operations { | |||
1539 | 1523 | ||
1540 | /* key management security hooks */ | 1524 | /* key management security hooks */ |
1541 | #ifdef CONFIG_KEYS | 1525 | #ifdef CONFIG_KEYS |
1542 | int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); | 1526 | int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags); |
1543 | void (*key_free) (struct key *key); | 1527 | void (*key_free) (struct key *key); |
1544 | int (*key_permission) (key_ref_t key_ref, | 1528 | int (*key_permission) (key_ref_t key_ref, |
1545 | struct task_struct *context, | 1529 | const struct cred *cred, |
1546 | key_perm_t perm); | 1530 | key_perm_t perm); |
1547 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1531 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1548 | #endif /* CONFIG_KEYS */ | 1532 | #endif /* CONFIG_KEYS */ |
@@ -1568,15 +1552,12 @@ int security_capget(struct task_struct *target, | |||
1568 | kernel_cap_t *effective, | 1552 | kernel_cap_t *effective, |
1569 | kernel_cap_t *inheritable, | 1553 | kernel_cap_t *inheritable, |
1570 | kernel_cap_t *permitted); | 1554 | kernel_cap_t *permitted); |
1571 | int security_capset_check(struct task_struct *target, | 1555 | int security_capset(struct cred *new, const struct cred *old, |
1572 | kernel_cap_t *effective, | 1556 | const kernel_cap_t *effective, |
1573 | kernel_cap_t *inheritable, | 1557 | const kernel_cap_t *inheritable, |
1574 | kernel_cap_t *permitted); | 1558 | const kernel_cap_t *permitted); |
1575 | void security_capset_set(struct task_struct *target, | ||
1576 | kernel_cap_t *effective, | ||
1577 | kernel_cap_t *inheritable, | ||
1578 | kernel_cap_t *permitted); | ||
1579 | int security_capable(struct task_struct *tsk, int cap); | 1559 | int security_capable(struct task_struct *tsk, int cap); |
1560 | int security_capable_noaudit(struct task_struct *tsk, int cap); | ||
1580 | int security_acct(struct file *file); | 1561 | int security_acct(struct file *file); |
1581 | int security_sysctl(struct ctl_table *table, int op); | 1562 | int security_sysctl(struct ctl_table *table, int op); |
1582 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1563 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
@@ -1586,12 +1567,10 @@ int security_settime(struct timespec *ts, struct timezone *tz); | |||
1586 | int security_vm_enough_memory(long pages); | 1567 | int security_vm_enough_memory(long pages); |
1587 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1568 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
1588 | int security_vm_enough_memory_kern(long pages); | 1569 | int security_vm_enough_memory_kern(long pages); |
1589 | int security_bprm_alloc(struct linux_binprm *bprm); | 1570 | int security_bprm_set_creds(struct linux_binprm *bprm); |
1590 | void security_bprm_free(struct linux_binprm *bprm); | ||
1591 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | ||
1592 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); | ||
1593 | int security_bprm_set(struct linux_binprm *bprm); | ||
1594 | int security_bprm_check(struct linux_binprm *bprm); | 1571 | int security_bprm_check(struct linux_binprm *bprm); |
1572 | void security_bprm_committing_creds(struct linux_binprm *bprm); | ||
1573 | void security_bprm_committed_creds(struct linux_binprm *bprm); | ||
1595 | int security_bprm_secureexec(struct linux_binprm *bprm); | 1574 | int security_bprm_secureexec(struct linux_binprm *bprm); |
1596 | int security_sb_alloc(struct super_block *sb); | 1575 | int security_sb_alloc(struct super_block *sb); |
1597 | void security_sb_free(struct super_block *sb); | 1576 | void security_sb_free(struct super_block *sb); |
@@ -1663,13 +1642,16 @@ int security_file_set_fowner(struct file *file); | |||
1663 | int security_file_send_sigiotask(struct task_struct *tsk, | 1642 | int security_file_send_sigiotask(struct task_struct *tsk, |
1664 | struct fown_struct *fown, int sig); | 1643 | struct fown_struct *fown, int sig); |
1665 | int security_file_receive(struct file *file); | 1644 | int security_file_receive(struct file *file); |
1666 | int security_dentry_open(struct file *file); | 1645 | int security_dentry_open(struct file *file, const struct cred *cred); |
1667 | int security_task_create(unsigned long clone_flags); | 1646 | int security_task_create(unsigned long clone_flags); |
1668 | int security_task_alloc(struct task_struct *p); | 1647 | void security_cred_free(struct cred *cred); |
1669 | void security_task_free(struct task_struct *p); | 1648 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1649 | void security_commit_creds(struct cred *new, const struct cred *old); | ||
1650 | int security_kernel_act_as(struct cred *new, u32 secid); | ||
1651 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | ||
1670 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1652 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1671 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 1653 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1672 | uid_t old_suid, int flags); | 1654 | int flags); |
1673 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | 1655 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
1674 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1656 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1675 | int security_task_getpgid(struct task_struct *p); | 1657 | int security_task_getpgid(struct task_struct *p); |
@@ -1688,8 +1670,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, | |||
1688 | int sig, u32 secid); | 1670 | int sig, u32 secid); |
1689 | int security_task_wait(struct task_struct *p); | 1671 | int security_task_wait(struct task_struct *p); |
1690 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 1672 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
1691 | unsigned long arg4, unsigned long arg5, long *rc_p); | 1673 | unsigned long arg4, unsigned long arg5); |
1692 | void security_task_reparent_to_init(struct task_struct *p); | ||
1693 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1674 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1694 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1675 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1695 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | 1676 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); |
@@ -1764,25 +1745,23 @@ static inline int security_capget(struct task_struct *target, | |||
1764 | return cap_capget(target, effective, inheritable, permitted); | 1745 | return cap_capget(target, effective, inheritable, permitted); |
1765 | } | 1746 | } |
1766 | 1747 | ||
1767 | static inline int security_capset_check(struct task_struct *target, | 1748 | static inline int security_capset(struct cred *new, |
1768 | kernel_cap_t *effective, | 1749 | const struct cred *old, |
1769 | kernel_cap_t *inheritable, | 1750 | const kernel_cap_t *effective, |
1770 | kernel_cap_t *permitted) | 1751 | const kernel_cap_t *inheritable, |
1752 | const kernel_cap_t *permitted) | ||
1771 | { | 1753 | { |
1772 | return cap_capset_check(target, effective, inheritable, permitted); | 1754 | return cap_capset(new, old, effective, inheritable, permitted); |
1773 | } | 1755 | } |
1774 | 1756 | ||
1775 | static inline void security_capset_set(struct task_struct *target, | 1757 | static inline int security_capable(struct task_struct *tsk, int cap) |
1776 | kernel_cap_t *effective, | ||
1777 | kernel_cap_t *inheritable, | ||
1778 | kernel_cap_t *permitted) | ||
1779 | { | 1758 | { |
1780 | cap_capset_set(target, effective, inheritable, permitted); | 1759 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); |
1781 | } | 1760 | } |
1782 | 1761 | ||
1783 | static inline int security_capable(struct task_struct *tsk, int cap) | 1762 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) |
1784 | { | 1763 | { |
1785 | return cap_capable(tsk, cap); | 1764 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
1786 | } | 1765 | } |
1787 | 1766 | ||
1788 | static inline int security_acct(struct file *file) | 1767 | static inline int security_acct(struct file *file) |
@@ -1835,32 +1814,22 @@ static inline int security_vm_enough_memory_kern(long pages) | |||
1835 | return cap_vm_enough_memory(current->mm, pages); | 1814 | return cap_vm_enough_memory(current->mm, pages); |
1836 | } | 1815 | } |
1837 | 1816 | ||
1838 | static inline int security_bprm_alloc(struct linux_binprm *bprm) | 1817 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) |
1839 | { | ||
1840 | return 0; | ||
1841 | } | ||
1842 | |||
1843 | static inline void security_bprm_free(struct linux_binprm *bprm) | ||
1844 | { } | ||
1845 | |||
1846 | static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
1847 | { | 1818 | { |
1848 | cap_bprm_apply_creds(bprm, unsafe); | 1819 | return cap_bprm_set_creds(bprm); |
1849 | } | 1820 | } |
1850 | 1821 | ||
1851 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 1822 | static inline int security_bprm_check(struct linux_binprm *bprm) |
1852 | { | 1823 | { |
1853 | return; | 1824 | return 0; |
1854 | } | 1825 | } |
1855 | 1826 | ||
1856 | static inline int security_bprm_set(struct linux_binprm *bprm) | 1827 | static inline void security_bprm_committing_creds(struct linux_binprm *bprm) |
1857 | { | 1828 | { |
1858 | return cap_bprm_set_security(bprm); | ||
1859 | } | 1829 | } |
1860 | 1830 | ||
1861 | static inline int security_bprm_check(struct linux_binprm *bprm) | 1831 | static inline void security_bprm_committed_creds(struct linux_binprm *bprm) |
1862 | { | 1832 | { |
1863 | return 0; | ||
1864 | } | 1833 | } |
1865 | 1834 | ||
1866 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) | 1835 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) |
@@ -2177,7 +2146,8 @@ static inline int security_file_receive(struct file *file) | |||
2177 | return 0; | 2146 | return 0; |
2178 | } | 2147 | } |
2179 | 2148 | ||
2180 | static inline int security_dentry_open(struct file *file) | 2149 | static inline int security_dentry_open(struct file *file, |
2150 | const struct cred *cred) | ||
2181 | { | 2151 | { |
2182 | return 0; | 2152 | return 0; |
2183 | } | 2153 | } |
@@ -2187,13 +2157,31 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2187 | return 0; | 2157 | return 0; |
2188 | } | 2158 | } |
2189 | 2159 | ||
2190 | static inline int security_task_alloc(struct task_struct *p) | 2160 | static inline void security_cred_free(struct cred *cred) |
2161 | { } | ||
2162 | |||
2163 | static inline int security_prepare_creds(struct cred *new, | ||
2164 | const struct cred *old, | ||
2165 | gfp_t gfp) | ||
2191 | { | 2166 | { |
2192 | return 0; | 2167 | return 0; |
2193 | } | 2168 | } |
2194 | 2169 | ||
2195 | static inline void security_task_free(struct task_struct *p) | 2170 | static inline void security_commit_creds(struct cred *new, |
2196 | { } | 2171 | const struct cred *old) |
2172 | { | ||
2173 | } | ||
2174 | |||
2175 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) | ||
2176 | { | ||
2177 | return 0; | ||
2178 | } | ||
2179 | |||
2180 | static inline int security_kernel_create_files_as(struct cred *cred, | ||
2181 | struct inode *inode) | ||
2182 | { | ||
2183 | return 0; | ||
2184 | } | ||
2197 | 2185 | ||
2198 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2186 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |
2199 | int flags) | 2187 | int flags) |
@@ -2201,10 +2189,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |||
2201 | return 0; | 2189 | return 0; |
2202 | } | 2190 | } |
2203 | 2191 | ||
2204 | static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 2192 | static inline int security_task_fix_setuid(struct cred *new, |
2205 | uid_t old_suid, int flags) | 2193 | const struct cred *old, |
2194 | int flags) | ||
2206 | { | 2195 | { |
2207 | return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); | 2196 | return cap_task_fix_setuid(new, old, flags); |
2208 | } | 2197 | } |
2209 | 2198 | ||
2210 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | 2199 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, |
@@ -2291,14 +2280,9 @@ static inline int security_task_wait(struct task_struct *p) | |||
2291 | static inline int security_task_prctl(int option, unsigned long arg2, | 2280 | static inline int security_task_prctl(int option, unsigned long arg2, |
2292 | unsigned long arg3, | 2281 | unsigned long arg3, |
2293 | unsigned long arg4, | 2282 | unsigned long arg4, |
2294 | unsigned long arg5, long *rc_p) | 2283 | unsigned long arg5) |
2295 | { | ||
2296 | return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); | ||
2297 | } | ||
2298 | |||
2299 | static inline void security_task_reparent_to_init(struct task_struct *p) | ||
2300 | { | 2284 | { |
2301 | cap_task_reparent_to_init(p); | 2285 | return cap_task_prctl(option, arg2, arg3, arg3, arg5); |
2302 | } | 2286 | } |
2303 | 2287 | ||
2304 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) | 2288 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -2724,16 +2708,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi | |||
2724 | #ifdef CONFIG_KEYS | 2708 | #ifdef CONFIG_KEYS |
2725 | #ifdef CONFIG_SECURITY | 2709 | #ifdef CONFIG_SECURITY |
2726 | 2710 | ||
2727 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); | 2711 | int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); |
2728 | void security_key_free(struct key *key); | 2712 | void security_key_free(struct key *key); |
2729 | int security_key_permission(key_ref_t key_ref, | 2713 | int security_key_permission(key_ref_t key_ref, |
2730 | struct task_struct *context, key_perm_t perm); | 2714 | const struct cred *cred, key_perm_t perm); |
2731 | int security_key_getsecurity(struct key *key, char **_buffer); | 2715 | int security_key_getsecurity(struct key *key, char **_buffer); |
2732 | 2716 | ||
2733 | #else | 2717 | #else |
2734 | 2718 | ||
2735 | static inline int security_key_alloc(struct key *key, | 2719 | static inline int security_key_alloc(struct key *key, |
2736 | struct task_struct *tsk, | 2720 | const struct cred *cred, |
2737 | unsigned long flags) | 2721 | unsigned long flags) |
2738 | { | 2722 | { |
2739 | return 0; | 2723 | return 0; |
@@ -2744,7 +2728,7 @@ static inline void security_key_free(struct key *key) | |||
2744 | } | 2728 | } |
2745 | 2729 | ||
2746 | static inline int security_key_permission(key_ref_t key_ref, | 2730 | static inline int security_key_permission(key_ref_t key_ref, |
2747 | struct task_struct *context, | 2731 | const struct cred *cred, |
2748 | key_perm_t perm) | 2732 | key_perm_t perm) |
2749 | { | 2733 | { |
2750 | return 0; | 2734 | return 0; |
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index b5f41d4c2eec..315bcd375224 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h | |||
@@ -12,7 +12,7 @@ | |||
12 | struct user_namespace { | 12 | struct user_namespace { |
13 | struct kref kref; | 13 | struct kref kref; |
14 | struct hlist_head uidhash_table[UIDHASH_SZ]; | 14 | struct hlist_head uidhash_table[UIDHASH_SZ]; |
15 | struct user_struct *root_user; | 15 | struct user_struct *creator; |
16 | }; | 16 | }; |
17 | 17 | ||
18 | extern struct user_namespace init_user_ns; | 18 | extern struct user_namespace init_user_ns; |
@@ -26,8 +26,7 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |||
26 | return ns; | 26 | return ns; |
27 | } | 27 | } |
28 | 28 | ||
29 | extern struct user_namespace *copy_user_ns(int flags, | 29 | extern int create_user_ns(struct cred *new); |
30 | struct user_namespace *old_ns); | ||
31 | extern void free_user_ns(struct kref *kref); | 30 | extern void free_user_ns(struct kref *kref); |
32 | 31 | ||
33 | static inline void put_user_ns(struct user_namespace *ns) | 32 | static inline void put_user_ns(struct user_namespace *ns) |
@@ -43,13 +42,9 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |||
43 | return &init_user_ns; | 42 | return &init_user_ns; |
44 | } | 43 | } |
45 | 44 | ||
46 | static inline struct user_namespace *copy_user_ns(int flags, | 45 | static inline int create_user_ns(struct cred *new) |
47 | struct user_namespace *old_ns) | ||
48 | { | 46 | { |
49 | if (flags & CLONE_NEWUSER) | 47 | return -EINVAL; |
50 | return ERR_PTR(-EINVAL); | ||
51 | |||
52 | return old_ns; | ||
53 | } | 48 | } |
54 | 49 | ||
55 | static inline void put_user_ns(struct user_namespace *ns) | 50 | static inline void put_user_ns(struct user_namespace *ns) |
diff --git a/include/net/scm.h b/include/net/scm.h index 33e9986beb86..f45bb6eca7d4 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
@@ -55,8 +55,8 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
55 | struct scm_cookie *scm) | 55 | struct scm_cookie *scm) |
56 | { | 56 | { |
57 | struct task_struct *p = current; | 57 | struct task_struct *p = current; |
58 | scm->creds.uid = p->uid; | 58 | scm->creds.uid = current_uid(); |
59 | scm->creds.gid = p->gid; | 59 | scm->creds.gid = current_gid(); |
60 | scm->creds.pid = task_tgid_vnr(p); | 60 | scm->creds.pid = task_tgid_vnr(p); |
61 | scm->fp = NULL; | 61 | scm->fp = NULL; |
62 | scm->seq = 0; | 62 | scm->seq = 0; |
diff --git a/init/main.c b/init/main.c index 7e117a231af1..db843bff5732 100644 --- a/init/main.c +++ b/init/main.c | |||
@@ -669,6 +669,7 @@ asmlinkage void __init start_kernel(void) | |||
669 | efi_enter_virtual_mode(); | 669 | efi_enter_virtual_mode(); |
670 | #endif | 670 | #endif |
671 | thread_info_cache_init(); | 671 | thread_info_cache_init(); |
672 | cred_init(); | ||
672 | fork_init(num_physpages); | 673 | fork_init(num_physpages); |
673 | proc_caches_init(); | 674 | proc_caches_init(); |
674 | buffer_init(); | 675 | buffer_init(); |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 68eb857cfdea..d9393f8e4c3e 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -112,13 +112,14 @@ static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode) | |||
112 | static struct inode *mqueue_get_inode(struct super_block *sb, int mode, | 112 | static struct inode *mqueue_get_inode(struct super_block *sb, int mode, |
113 | struct mq_attr *attr) | 113 | struct mq_attr *attr) |
114 | { | 114 | { |
115 | struct user_struct *u = current_user(); | ||
115 | struct inode *inode; | 116 | struct inode *inode; |
116 | 117 | ||
117 | inode = new_inode(sb); | 118 | inode = new_inode(sb); |
118 | if (inode) { | 119 | if (inode) { |
119 | inode->i_mode = mode; | 120 | inode->i_mode = mode; |
120 | inode->i_uid = current->fsuid; | 121 | inode->i_uid = current_fsuid(); |
121 | inode->i_gid = current->fsgid; | 122 | inode->i_gid = current_fsgid(); |
122 | inode->i_blocks = 0; | 123 | inode->i_blocks = 0; |
123 | inode->i_mtime = inode->i_ctime = inode->i_atime = | 124 | inode->i_mtime = inode->i_ctime = inode->i_atime = |
124 | CURRENT_TIME; | 125 | CURRENT_TIME; |
@@ -126,7 +127,6 @@ static struct inode *mqueue_get_inode(struct super_block *sb, int mode, | |||
126 | if (S_ISREG(mode)) { | 127 | if (S_ISREG(mode)) { |
127 | struct mqueue_inode_info *info; | 128 | struct mqueue_inode_info *info; |
128 | struct task_struct *p = current; | 129 | struct task_struct *p = current; |
129 | struct user_struct *u = p->user; | ||
130 | unsigned long mq_bytes, mq_msg_tblsz; | 130 | unsigned long mq_bytes, mq_msg_tblsz; |
131 | 131 | ||
132 | inode->i_fop = &mqueue_file_operations; | 132 | inode->i_fop = &mqueue_file_operations; |
@@ -507,7 +507,7 @@ static void __do_notify(struct mqueue_inode_info *info) | |||
507 | sig_i.si_code = SI_MESGQ; | 507 | sig_i.si_code = SI_MESGQ; |
508 | sig_i.si_value = info->notify.sigev_value; | 508 | sig_i.si_value = info->notify.sigev_value; |
509 | sig_i.si_pid = task_tgid_vnr(current); | 509 | sig_i.si_pid = task_tgid_vnr(current); |
510 | sig_i.si_uid = current->uid; | 510 | sig_i.si_uid = current_uid(); |
511 | 511 | ||
512 | kill_pid_info(info->notify.sigev_signo, | 512 | kill_pid_info(info->notify.sigev_signo, |
513 | &sig_i, info->notify_owner); | 513 | &sig_i, info->notify_owner); |
@@ -594,6 +594,7 @@ static int mq_attr_ok(struct mq_attr *attr) | |||
594 | static struct file *do_create(struct dentry *dir, struct dentry *dentry, | 594 | static struct file *do_create(struct dentry *dir, struct dentry *dentry, |
595 | int oflag, mode_t mode, struct mq_attr __user *u_attr) | 595 | int oflag, mode_t mode, struct mq_attr __user *u_attr) |
596 | { | 596 | { |
597 | const struct cred *cred = current_cred(); | ||
597 | struct mq_attr attr; | 598 | struct mq_attr attr; |
598 | struct file *result; | 599 | struct file *result; |
599 | int ret; | 600 | int ret; |
@@ -618,7 +619,7 @@ static struct file *do_create(struct dentry *dir, struct dentry *dentry, | |||
618 | if (ret) | 619 | if (ret) |
619 | goto out_drop_write; | 620 | goto out_drop_write; |
620 | 621 | ||
621 | result = dentry_open(dentry, mqueue_mnt, oflag); | 622 | result = dentry_open(dentry, mqueue_mnt, oflag, cred); |
622 | /* | 623 | /* |
623 | * dentry_open() took a persistent mnt_want_write(), | 624 | * dentry_open() took a persistent mnt_want_write(), |
624 | * so we can now drop this one. | 625 | * so we can now drop this one. |
@@ -637,8 +638,10 @@ out: | |||
637 | /* Opens existing queue */ | 638 | /* Opens existing queue */ |
638 | static struct file *do_open(struct dentry *dentry, int oflag) | 639 | static struct file *do_open(struct dentry *dentry, int oflag) |
639 | { | 640 | { |
640 | static int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE, | 641 | const struct cred *cred = current_cred(); |
641 | MAY_READ | MAY_WRITE }; | 642 | |
643 | static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE, | ||
644 | MAY_READ | MAY_WRITE }; | ||
642 | 645 | ||
643 | if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) { | 646 | if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) { |
644 | dput(dentry); | 647 | dput(dentry); |
@@ -652,7 +655,7 @@ static int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE, | |||
652 | return ERR_PTR(-EACCES); | 655 | return ERR_PTR(-EACCES); |
653 | } | 656 | } |
654 | 657 | ||
655 | return dentry_open(dentry, mqueue_mnt, oflag); | 658 | return dentry_open(dentry, mqueue_mnt, oflag, cred); |
656 | } | 659 | } |
657 | 660 | ||
658 | asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | 661 | asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, |
@@ -366,7 +366,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) | |||
366 | if (shmflg & SHM_HUGETLB) { | 366 | if (shmflg & SHM_HUGETLB) { |
367 | /* hugetlb_file_setup takes care of mlock user accounting */ | 367 | /* hugetlb_file_setup takes care of mlock user accounting */ |
368 | file = hugetlb_file_setup(name, size); | 368 | file = hugetlb_file_setup(name, size); |
369 | shp->mlock_user = current->user; | 369 | shp->mlock_user = current_user(); |
370 | } else { | 370 | } else { |
371 | int acctflag = VM_ACCOUNT; | 371 | int acctflag = VM_ACCOUNT; |
372 | /* | 372 | /* |
@@ -752,9 +752,10 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf) | |||
752 | goto out_unlock; | 752 | goto out_unlock; |
753 | 753 | ||
754 | if (!capable(CAP_IPC_LOCK)) { | 754 | if (!capable(CAP_IPC_LOCK)) { |
755 | uid_t euid = current_euid(); | ||
755 | err = -EPERM; | 756 | err = -EPERM; |
756 | if (current->euid != shp->shm_perm.uid && | 757 | if (euid != shp->shm_perm.uid && |
757 | current->euid != shp->shm_perm.cuid) | 758 | euid != shp->shm_perm.cuid) |
758 | goto out_unlock; | 759 | goto out_unlock; |
759 | if (cmd == SHM_LOCK && | 760 | if (cmd == SHM_LOCK && |
760 | !current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) | 761 | !current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) |
@@ -766,7 +767,7 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf) | |||
766 | goto out_unlock; | 767 | goto out_unlock; |
767 | 768 | ||
768 | if(cmd==SHM_LOCK) { | 769 | if(cmd==SHM_LOCK) { |
769 | struct user_struct * user = current->user; | 770 | struct user_struct *user = current_user(); |
770 | if (!is_file_hugepages(shp->shm_file)) { | 771 | if (!is_file_hugepages(shp->shm_file)) { |
771 | err = shmem_lock(shp->shm_file, 1, user); | 772 | err = shmem_lock(shp->shm_file, 1, user); |
772 | if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ | 773 | if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ |
diff --git a/ipc/util.c b/ipc/util.c index 361fd1c96fcf..5a1808c774a2 100644 --- a/ipc/util.c +++ b/ipc/util.c | |||
@@ -258,6 +258,8 @@ int ipc_get_maxid(struct ipc_ids *ids) | |||
258 | 258 | ||
259 | int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) | 259 | int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) |
260 | { | 260 | { |
261 | uid_t euid; | ||
262 | gid_t egid; | ||
261 | int id, err; | 263 | int id, err; |
262 | 264 | ||
263 | if (size > IPCMNI) | 265 | if (size > IPCMNI) |
@@ -280,8 +282,9 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) | |||
280 | 282 | ||
281 | ids->in_use++; | 283 | ids->in_use++; |
282 | 284 | ||
283 | new->cuid = new->uid = current->euid; | 285 | current_euid_egid(&euid, &egid); |
284 | new->gid = new->cgid = current->egid; | 286 | new->cuid = new->uid = euid; |
287 | new->gid = new->cgid = egid; | ||
285 | 288 | ||
286 | new->seq = ids->seq++; | 289 | new->seq = ids->seq++; |
287 | if(ids->seq > ids->seq_max) | 290 | if(ids->seq > ids->seq_max) |
@@ -620,13 +623,15 @@ void ipc_rcu_putref(void *ptr) | |||
620 | 623 | ||
621 | int ipcperms (struct kern_ipc_perm *ipcp, short flag) | 624 | int ipcperms (struct kern_ipc_perm *ipcp, short flag) |
622 | { /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ | 625 | { /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ |
626 | uid_t euid = current_euid(); | ||
623 | int requested_mode, granted_mode, err; | 627 | int requested_mode, granted_mode, err; |
624 | 628 | ||
625 | if (unlikely((err = audit_ipc_obj(ipcp)))) | 629 | if (unlikely((err = audit_ipc_obj(ipcp)))) |
626 | return err; | 630 | return err; |
627 | requested_mode = (flag >> 6) | (flag >> 3) | flag; | 631 | requested_mode = (flag >> 6) | (flag >> 3) | flag; |
628 | granted_mode = ipcp->mode; | 632 | granted_mode = ipcp->mode; |
629 | if (current->euid == ipcp->cuid || current->euid == ipcp->uid) | 633 | if (euid == ipcp->cuid || |
634 | euid == ipcp->uid) | ||
630 | granted_mode >>= 6; | 635 | granted_mode >>= 6; |
631 | else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) | 636 | else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) |
632 | granted_mode >>= 3; | 637 | granted_mode >>= 3; |
@@ -788,6 +793,7 @@ struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd, | |||
788 | struct ipc64_perm *perm, int extra_perm) | 793 | struct ipc64_perm *perm, int extra_perm) |
789 | { | 794 | { |
790 | struct kern_ipc_perm *ipcp; | 795 | struct kern_ipc_perm *ipcp; |
796 | uid_t euid; | ||
791 | int err; | 797 | int err; |
792 | 798 | ||
793 | down_write(&ids->rw_mutex); | 799 | down_write(&ids->rw_mutex); |
@@ -807,8 +813,10 @@ struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd, | |||
807 | if (err) | 813 | if (err) |
808 | goto out_unlock; | 814 | goto out_unlock; |
809 | } | 815 | } |
810 | if (current->euid == ipcp->cuid || | 816 | |
811 | current->euid == ipcp->uid || capable(CAP_SYS_ADMIN)) | 817 | euid = current_euid(); |
818 | if (euid == ipcp->cuid || | ||
819 | euid == ipcp->uid || capable(CAP_SYS_ADMIN)) | ||
812 | return ipcp; | 820 | return ipcp; |
813 | 821 | ||
814 | err = -EPERM; | 822 | err = -EPERM; |
diff --git a/kernel/Makefile b/kernel/Makefile index 19fad003b19d..b1e6b6625ea2 100644 --- a/kernel/Makefile +++ b/kernel/Makefile | |||
@@ -9,7 +9,7 @@ obj-y = sched.o fork.o exec_domain.o panic.o printk.o \ | |||
9 | rcupdate.o extable.o params.o posix-timers.o \ | 9 | rcupdate.o extable.o params.o posix-timers.o \ |
10 | kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ | 10 | kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ |
11 | hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \ | 11 | hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \ |
12 | notifier.o ksysfs.o pm_qos_params.o sched_clock.o | 12 | notifier.o ksysfs.o pm_qos_params.o sched_clock.o cred.o |
13 | 13 | ||
14 | ifdef CONFIG_FUNCTION_TRACER | 14 | ifdef CONFIG_FUNCTION_TRACER |
15 | # Do not trace debug files and internal ftrace files | 15 | # Do not trace debug files and internal ftrace files |
diff --git a/kernel/acct.c b/kernel/acct.c index f6006a60df5d..d57b7cbb98b6 100644 --- a/kernel/acct.c +++ b/kernel/acct.c | |||
@@ -530,15 +530,14 @@ static void do_acct_process(struct bsd_acct_struct *acct, | |||
530 | do_div(elapsed, AHZ); | 530 | do_div(elapsed, AHZ); |
531 | ac.ac_btime = get_seconds() - elapsed; | 531 | ac.ac_btime = get_seconds() - elapsed; |
532 | /* we really need to bite the bullet and change layout */ | 532 | /* we really need to bite the bullet and change layout */ |
533 | ac.ac_uid = current->uid; | 533 | current_uid_gid(&ac.ac_uid, &ac.ac_gid); |
534 | ac.ac_gid = current->gid; | ||
535 | #if ACCT_VERSION==2 | 534 | #if ACCT_VERSION==2 |
536 | ac.ac_ahz = AHZ; | 535 | ac.ac_ahz = AHZ; |
537 | #endif | 536 | #endif |
538 | #if ACCT_VERSION==1 || ACCT_VERSION==2 | 537 | #if ACCT_VERSION==1 || ACCT_VERSION==2 |
539 | /* backward-compatible 16 bit fields */ | 538 | /* backward-compatible 16 bit fields */ |
540 | ac.ac_uid16 = current->uid; | 539 | ac.ac_uid16 = ac.ac_uid; |
541 | ac.ac_gid16 = current->gid; | 540 | ac.ac_gid16 = ac.ac_gid; |
542 | #endif | 541 | #endif |
543 | #if ACCT_VERSION==3 | 542 | #if ACCT_VERSION==3 |
544 | ac.ac_pid = task_tgid_nr_ns(current, ns); | 543 | ac.ac_pid = task_tgid_nr_ns(current, ns); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cf5bc2f5f9c3..bc1e2d854bf6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -65,6 +65,7 @@ | |||
65 | #include <linux/highmem.h> | 65 | #include <linux/highmem.h> |
66 | #include <linux/syscalls.h> | 66 | #include <linux/syscalls.h> |
67 | #include <linux/inotify.h> | 67 | #include <linux/inotify.h> |
68 | #include <linux/capability.h> | ||
68 | 69 | ||
69 | #include "audit.h" | 70 | #include "audit.h" |
70 | 71 | ||
@@ -84,6 +85,15 @@ int audit_n_rules; | |||
84 | /* determines whether we collect data for signals sent */ | 85 | /* determines whether we collect data for signals sent */ |
85 | int audit_signals; | 86 | int audit_signals; |
86 | 87 | ||
88 | struct audit_cap_data { | ||
89 | kernel_cap_t permitted; | ||
90 | kernel_cap_t inheritable; | ||
91 | union { | ||
92 | unsigned int fE; /* effective bit of a file capability */ | ||
93 | kernel_cap_t effective; /* effective set of a process */ | ||
94 | }; | ||
95 | }; | ||
96 | |||
87 | /* When fs/namei.c:getname() is called, we store the pointer in name and | 97 | /* When fs/namei.c:getname() is called, we store the pointer in name and |
88 | * we don't let putname() free it (instead we free all of the saved | 98 | * we don't let putname() free it (instead we free all of the saved |
89 | * pointers at syscall exit time). | 99 | * pointers at syscall exit time). |
@@ -100,6 +110,8 @@ struct audit_names { | |||
100 | gid_t gid; | 110 | gid_t gid; |
101 | dev_t rdev; | 111 | dev_t rdev; |
102 | u32 osid; | 112 | u32 osid; |
113 | struct audit_cap_data fcap; | ||
114 | unsigned int fcap_ver; | ||
103 | }; | 115 | }; |
104 | 116 | ||
105 | struct audit_aux_data { | 117 | struct audit_aux_data { |
@@ -184,6 +196,20 @@ struct audit_aux_data_pids { | |||
184 | int pid_count; | 196 | int pid_count; |
185 | }; | 197 | }; |
186 | 198 | ||
199 | struct audit_aux_data_bprm_fcaps { | ||
200 | struct audit_aux_data d; | ||
201 | struct audit_cap_data fcap; | ||
202 | unsigned int fcap_ver; | ||
203 | struct audit_cap_data old_pcap; | ||
204 | struct audit_cap_data new_pcap; | ||
205 | }; | ||
206 | |||
207 | struct audit_aux_data_capset { | ||
208 | struct audit_aux_data d; | ||
209 | pid_t pid; | ||
210 | struct audit_cap_data cap; | ||
211 | }; | ||
212 | |||
187 | struct audit_tree_refs { | 213 | struct audit_tree_refs { |
188 | struct audit_tree_refs *next; | 214 | struct audit_tree_refs *next; |
189 | struct audit_chunk *c[31]; | 215 | struct audit_chunk *c[31]; |
@@ -421,6 +447,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
421 | struct audit_names *name, | 447 | struct audit_names *name, |
422 | enum audit_state *state) | 448 | enum audit_state *state) |
423 | { | 449 | { |
450 | const struct cred *cred = get_task_cred(tsk); | ||
424 | int i, j, need_sid = 1; | 451 | int i, j, need_sid = 1; |
425 | u32 sid; | 452 | u32 sid; |
426 | 453 | ||
@@ -440,28 +467,28 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
440 | } | 467 | } |
441 | break; | 468 | break; |
442 | case AUDIT_UID: | 469 | case AUDIT_UID: |
443 | result = audit_comparator(tsk->uid, f->op, f->val); | 470 | result = audit_comparator(cred->uid, f->op, f->val); |
444 | break; | 471 | break; |
445 | case AUDIT_EUID: | 472 | case AUDIT_EUID: |
446 | result = audit_comparator(tsk->euid, f->op, f->val); | 473 | result = audit_comparator(cred->euid, f->op, f->val); |
447 | break; | 474 | break; |
448 | case AUDIT_SUID: | 475 | case AUDIT_SUID: |
449 | result = audit_comparator(tsk->suid, f->op, f->val); | 476 | result = audit_comparator(cred->suid, f->op, f->val); |
450 | break; | 477 | break; |
451 | case AUDIT_FSUID: | 478 | case AUDIT_FSUID: |
452 | result = audit_comparator(tsk->fsuid, f->op, f->val); | 479 | result = audit_comparator(cred->fsuid, f->op, f->val); |
453 | break; | 480 | break; |
454 | case AUDIT_GID: | 481 | case AUDIT_GID: |
455 | result = audit_comparator(tsk->gid, f->op, f->val); | 482 | result = audit_comparator(cred->gid, f->op, f->val); |
456 | break; | 483 | break; |
457 | case AUDIT_EGID: | 484 | case AUDIT_EGID: |
458 | result = audit_comparator(tsk->egid, f->op, f->val); | 485 | result = audit_comparator(cred->egid, f->op, f->val); |
459 | break; | 486 | break; |
460 | case AUDIT_SGID: | 487 | case AUDIT_SGID: |
461 | result = audit_comparator(tsk->sgid, f->op, f->val); | 488 | result = audit_comparator(cred->sgid, f->op, f->val); |
462 | break; | 489 | break; |
463 | case AUDIT_FSGID: | 490 | case AUDIT_FSGID: |
464 | result = audit_comparator(tsk->fsgid, f->op, f->val); | 491 | result = audit_comparator(cred->fsgid, f->op, f->val); |
465 | break; | 492 | break; |
466 | case AUDIT_PERS: | 493 | case AUDIT_PERS: |
467 | result = audit_comparator(tsk->personality, f->op, f->val); | 494 | result = audit_comparator(tsk->personality, f->op, f->val); |
@@ -615,8 +642,10 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
615 | break; | 642 | break; |
616 | } | 643 | } |
617 | 644 | ||
618 | if (!result) | 645 | if (!result) { |
646 | put_cred(cred); | ||
619 | return 0; | 647 | return 0; |
648 | } | ||
620 | } | 649 | } |
621 | if (rule->filterkey && ctx) | 650 | if (rule->filterkey && ctx) |
622 | ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); | 651 | ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); |
@@ -624,6 +653,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
624 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; | 653 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; |
625 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; | 654 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; |
626 | } | 655 | } |
656 | put_cred(cred); | ||
627 | return 1; | 657 | return 1; |
628 | } | 658 | } |
629 | 659 | ||
@@ -1171,8 +1201,38 @@ static void audit_log_execve_info(struct audit_context *context, | |||
1171 | kfree(buf); | 1201 | kfree(buf); |
1172 | } | 1202 | } |
1173 | 1203 | ||
1204 | static void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap) | ||
1205 | { | ||
1206 | int i; | ||
1207 | |||
1208 | audit_log_format(ab, " %s=", prefix); | ||
1209 | CAP_FOR_EACH_U32(i) { | ||
1210 | audit_log_format(ab, "%08x", cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]); | ||
1211 | } | ||
1212 | } | ||
1213 | |||
1214 | static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) | ||
1215 | { | ||
1216 | kernel_cap_t *perm = &name->fcap.permitted; | ||
1217 | kernel_cap_t *inh = &name->fcap.inheritable; | ||
1218 | int log = 0; | ||
1219 | |||
1220 | if (!cap_isclear(*perm)) { | ||
1221 | audit_log_cap(ab, "cap_fp", perm); | ||
1222 | log = 1; | ||
1223 | } | ||
1224 | if (!cap_isclear(*inh)) { | ||
1225 | audit_log_cap(ab, "cap_fi", inh); | ||
1226 | log = 1; | ||
1227 | } | ||
1228 | |||
1229 | if (log) | ||
1230 | audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); | ||
1231 | } | ||
1232 | |||
1174 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) | 1233 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
1175 | { | 1234 | { |
1235 | const struct cred *cred; | ||
1176 | int i, call_panic = 0; | 1236 | int i, call_panic = 0; |
1177 | struct audit_buffer *ab; | 1237 | struct audit_buffer *ab; |
1178 | struct audit_aux_data *aux; | 1238 | struct audit_aux_data *aux; |
@@ -1182,14 +1242,15 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1182 | context->pid = tsk->pid; | 1242 | context->pid = tsk->pid; |
1183 | if (!context->ppid) | 1243 | if (!context->ppid) |
1184 | context->ppid = sys_getppid(); | 1244 | context->ppid = sys_getppid(); |
1185 | context->uid = tsk->uid; | 1245 | cred = current_cred(); |
1186 | context->gid = tsk->gid; | 1246 | context->uid = cred->uid; |
1187 | context->euid = tsk->euid; | 1247 | context->gid = cred->gid; |
1188 | context->suid = tsk->suid; | 1248 | context->euid = cred->euid; |
1189 | context->fsuid = tsk->fsuid; | 1249 | context->suid = cred->suid; |
1190 | context->egid = tsk->egid; | 1250 | context->fsuid = cred->fsuid; |
1191 | context->sgid = tsk->sgid; | 1251 | context->egid = cred->egid; |
1192 | context->fsgid = tsk->fsgid; | 1252 | context->sgid = cred->sgid; |
1253 | context->fsgid = cred->fsgid; | ||
1193 | context->personality = tsk->personality; | 1254 | context->personality = tsk->personality; |
1194 | 1255 | ||
1195 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); | 1256 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); |
@@ -1334,6 +1395,28 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1334 | audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); | 1395 | audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); |
1335 | break; } | 1396 | break; } |
1336 | 1397 | ||
1398 | case AUDIT_BPRM_FCAPS: { | ||
1399 | struct audit_aux_data_bprm_fcaps *axs = (void *)aux; | ||
1400 | audit_log_format(ab, "fver=%x", axs->fcap_ver); | ||
1401 | audit_log_cap(ab, "fp", &axs->fcap.permitted); | ||
1402 | audit_log_cap(ab, "fi", &axs->fcap.inheritable); | ||
1403 | audit_log_format(ab, " fe=%d", axs->fcap.fE); | ||
1404 | audit_log_cap(ab, "old_pp", &axs->old_pcap.permitted); | ||
1405 | audit_log_cap(ab, "old_pi", &axs->old_pcap.inheritable); | ||
1406 | audit_log_cap(ab, "old_pe", &axs->old_pcap.effective); | ||
1407 | audit_log_cap(ab, "new_pp", &axs->new_pcap.permitted); | ||
1408 | audit_log_cap(ab, "new_pi", &axs->new_pcap.inheritable); | ||
1409 | audit_log_cap(ab, "new_pe", &axs->new_pcap.effective); | ||
1410 | break; } | ||
1411 | |||
1412 | case AUDIT_CAPSET: { | ||
1413 | struct audit_aux_data_capset *axs = (void *)aux; | ||
1414 | audit_log_format(ab, "pid=%d", axs->pid); | ||
1415 | audit_log_cap(ab, "cap_pi", &axs->cap.inheritable); | ||
1416 | audit_log_cap(ab, "cap_pp", &axs->cap.permitted); | ||
1417 | audit_log_cap(ab, "cap_pe", &axs->cap.effective); | ||
1418 | break; } | ||
1419 | |||
1337 | } | 1420 | } |
1338 | audit_log_end(ab); | 1421 | audit_log_end(ab); |
1339 | } | 1422 | } |
@@ -1421,6 +1504,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1421 | } | 1504 | } |
1422 | } | 1505 | } |
1423 | 1506 | ||
1507 | audit_log_fcaps(ab, n); | ||
1508 | |||
1424 | audit_log_end(ab); | 1509 | audit_log_end(ab); |
1425 | } | 1510 | } |
1426 | 1511 | ||
@@ -1787,8 +1872,36 @@ static int audit_inc_name_count(struct audit_context *context, | |||
1787 | return 0; | 1872 | return 0; |
1788 | } | 1873 | } |
1789 | 1874 | ||
1875 | |||
1876 | static inline int audit_copy_fcaps(struct audit_names *name, const struct dentry *dentry) | ||
1877 | { | ||
1878 | struct cpu_vfs_cap_data caps; | ||
1879 | int rc; | ||
1880 | |||
1881 | memset(&name->fcap.permitted, 0, sizeof(kernel_cap_t)); | ||
1882 | memset(&name->fcap.inheritable, 0, sizeof(kernel_cap_t)); | ||
1883 | name->fcap.fE = 0; | ||
1884 | name->fcap_ver = 0; | ||
1885 | |||
1886 | if (!dentry) | ||
1887 | return 0; | ||
1888 | |||
1889 | rc = get_vfs_caps_from_disk(dentry, &caps); | ||
1890 | if (rc) | ||
1891 | return rc; | ||
1892 | |||
1893 | name->fcap.permitted = caps.permitted; | ||
1894 | name->fcap.inheritable = caps.inheritable; | ||
1895 | name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); | ||
1896 | name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; | ||
1897 | |||
1898 | return 0; | ||
1899 | } | ||
1900 | |||
1901 | |||
1790 | /* Copy inode data into an audit_names. */ | 1902 | /* Copy inode data into an audit_names. */ |
1791 | static void audit_copy_inode(struct audit_names *name, const struct inode *inode) | 1903 | static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, |
1904 | const struct inode *inode) | ||
1792 | { | 1905 | { |
1793 | name->ino = inode->i_ino; | 1906 | name->ino = inode->i_ino; |
1794 | name->dev = inode->i_sb->s_dev; | 1907 | name->dev = inode->i_sb->s_dev; |
@@ -1797,6 +1910,7 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode | |||
1797 | name->gid = inode->i_gid; | 1910 | name->gid = inode->i_gid; |
1798 | name->rdev = inode->i_rdev; | 1911 | name->rdev = inode->i_rdev; |
1799 | security_inode_getsecid(inode, &name->osid); | 1912 | security_inode_getsecid(inode, &name->osid); |
1913 | audit_copy_fcaps(name, dentry); | ||
1800 | } | 1914 | } |
1801 | 1915 | ||
1802 | /** | 1916 | /** |
@@ -1831,7 +1945,7 @@ void __audit_inode(const char *name, const struct dentry *dentry) | |||
1831 | context->names[idx].name = NULL; | 1945 | context->names[idx].name = NULL; |
1832 | } | 1946 | } |
1833 | handle_path(dentry); | 1947 | handle_path(dentry); |
1834 | audit_copy_inode(&context->names[idx], inode); | 1948 | audit_copy_inode(&context->names[idx], dentry, inode); |
1835 | } | 1949 | } |
1836 | 1950 | ||
1837 | /** | 1951 | /** |
@@ -1892,7 +2006,7 @@ void __audit_inode_child(const char *dname, const struct dentry *dentry, | |||
1892 | if (!strcmp(dname, n->name) || | 2006 | if (!strcmp(dname, n->name) || |
1893 | !audit_compare_dname_path(dname, n->name, &dirlen)) { | 2007 | !audit_compare_dname_path(dname, n->name, &dirlen)) { |
1894 | if (inode) | 2008 | if (inode) |
1895 | audit_copy_inode(n, inode); | 2009 | audit_copy_inode(n, NULL, inode); |
1896 | else | 2010 | else |
1897 | n->ino = (unsigned long)-1; | 2011 | n->ino = (unsigned long)-1; |
1898 | found_child = n->name; | 2012 | found_child = n->name; |
@@ -1906,7 +2020,7 @@ add_names: | |||
1906 | return; | 2020 | return; |
1907 | idx = context->name_count - 1; | 2021 | idx = context->name_count - 1; |
1908 | context->names[idx].name = NULL; | 2022 | context->names[idx].name = NULL; |
1909 | audit_copy_inode(&context->names[idx], parent); | 2023 | audit_copy_inode(&context->names[idx], NULL, parent); |
1910 | } | 2024 | } |
1911 | 2025 | ||
1912 | if (!found_child) { | 2026 | if (!found_child) { |
@@ -1927,7 +2041,7 @@ add_names: | |||
1927 | } | 2041 | } |
1928 | 2042 | ||
1929 | if (inode) | 2043 | if (inode) |
1930 | audit_copy_inode(&context->names[idx], inode); | 2044 | audit_copy_inode(&context->names[idx], NULL, inode); |
1931 | else | 2045 | else |
1932 | context->names[idx].ino = (unsigned long)-1; | 2046 | context->names[idx].ino = (unsigned long)-1; |
1933 | } | 2047 | } |
@@ -1978,7 +2092,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid) | |||
1978 | audit_log_format(ab, "login pid=%d uid=%u " | 2092 | audit_log_format(ab, "login pid=%d uid=%u " |
1979 | "old auid=%u new auid=%u" | 2093 | "old auid=%u new auid=%u" |
1980 | " old ses=%u new ses=%u", | 2094 | " old ses=%u new ses=%u", |
1981 | task->pid, task->uid, | 2095 | task->pid, task_uid(task), |
1982 | task->loginuid, loginuid, | 2096 | task->loginuid, loginuid, |
1983 | task->sessionid, sessionid); | 2097 | task->sessionid, sessionid); |
1984 | audit_log_end(ab); | 2098 | audit_log_end(ab); |
@@ -2361,7 +2475,7 @@ void __audit_ptrace(struct task_struct *t) | |||
2361 | 2475 | ||
2362 | context->target_pid = t->pid; | 2476 | context->target_pid = t->pid; |
2363 | context->target_auid = audit_get_loginuid(t); | 2477 | context->target_auid = audit_get_loginuid(t); |
2364 | context->target_uid = t->uid; | 2478 | context->target_uid = task_uid(t); |
2365 | context->target_sessionid = audit_get_sessionid(t); | 2479 | context->target_sessionid = audit_get_sessionid(t); |
2366 | security_task_getsecid(t, &context->target_sid); | 2480 | security_task_getsecid(t, &context->target_sid); |
2367 | memcpy(context->target_comm, t->comm, TASK_COMM_LEN); | 2481 | memcpy(context->target_comm, t->comm, TASK_COMM_LEN); |
@@ -2380,6 +2494,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2380 | struct audit_aux_data_pids *axp; | 2494 | struct audit_aux_data_pids *axp; |
2381 | struct task_struct *tsk = current; | 2495 | struct task_struct *tsk = current; |
2382 | struct audit_context *ctx = tsk->audit_context; | 2496 | struct audit_context *ctx = tsk->audit_context; |
2497 | uid_t uid = current_uid(), t_uid = task_uid(t); | ||
2383 | 2498 | ||
2384 | if (audit_pid && t->tgid == audit_pid) { | 2499 | if (audit_pid && t->tgid == audit_pid) { |
2385 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { | 2500 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { |
@@ -2387,7 +2502,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2387 | if (tsk->loginuid != -1) | 2502 | if (tsk->loginuid != -1) |
2388 | audit_sig_uid = tsk->loginuid; | 2503 | audit_sig_uid = tsk->loginuid; |
2389 | else | 2504 | else |
2390 | audit_sig_uid = tsk->uid; | 2505 | audit_sig_uid = uid; |
2391 | security_task_getsecid(tsk, &audit_sig_sid); | 2506 | security_task_getsecid(tsk, &audit_sig_sid); |
2392 | } | 2507 | } |
2393 | if (!audit_signals || audit_dummy_context()) | 2508 | if (!audit_signals || audit_dummy_context()) |
@@ -2399,7 +2514,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2399 | if (!ctx->target_pid) { | 2514 | if (!ctx->target_pid) { |
2400 | ctx->target_pid = t->tgid; | 2515 | ctx->target_pid = t->tgid; |
2401 | ctx->target_auid = audit_get_loginuid(t); | 2516 | ctx->target_auid = audit_get_loginuid(t); |
2402 | ctx->target_uid = t->uid; | 2517 | ctx->target_uid = t_uid; |
2403 | ctx->target_sessionid = audit_get_sessionid(t); | 2518 | ctx->target_sessionid = audit_get_sessionid(t); |
2404 | security_task_getsecid(t, &ctx->target_sid); | 2519 | security_task_getsecid(t, &ctx->target_sid); |
2405 | memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); | 2520 | memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); |
@@ -2420,7 +2535,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2420 | 2535 | ||
2421 | axp->target_pid[axp->pid_count] = t->tgid; | 2536 | axp->target_pid[axp->pid_count] = t->tgid; |
2422 | axp->target_auid[axp->pid_count] = audit_get_loginuid(t); | 2537 | axp->target_auid[axp->pid_count] = audit_get_loginuid(t); |
2423 | axp->target_uid[axp->pid_count] = t->uid; | 2538 | axp->target_uid[axp->pid_count] = t_uid; |
2424 | axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); | 2539 | axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); |
2425 | security_task_getsecid(t, &axp->target_sid[axp->pid_count]); | 2540 | security_task_getsecid(t, &axp->target_sid[axp->pid_count]); |
2426 | memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); | 2541 | memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); |
@@ -2430,6 +2545,86 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2430 | } | 2545 | } |
2431 | 2546 | ||
2432 | /** | 2547 | /** |
2548 | * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps | ||
2549 | * @bprm: pointer to the bprm being processed | ||
2550 | * @new: the proposed new credentials | ||
2551 | * @old: the old credentials | ||
2552 | * | ||
2553 | * Simply check if the proc already has the caps given by the file and if not | ||
2554 | * store the priv escalation info for later auditing at the end of the syscall | ||
2555 | * | ||
2556 | * -Eric | ||
2557 | */ | ||
2558 | int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
2559 | const struct cred *new, const struct cred *old) | ||
2560 | { | ||
2561 | struct audit_aux_data_bprm_fcaps *ax; | ||
2562 | struct audit_context *context = current->audit_context; | ||
2563 | struct cpu_vfs_cap_data vcaps; | ||
2564 | struct dentry *dentry; | ||
2565 | |||
2566 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); | ||
2567 | if (!ax) | ||
2568 | return -ENOMEM; | ||
2569 | |||
2570 | ax->d.type = AUDIT_BPRM_FCAPS; | ||
2571 | ax->d.next = context->aux; | ||
2572 | context->aux = (void *)ax; | ||
2573 | |||
2574 | dentry = dget(bprm->file->f_dentry); | ||
2575 | get_vfs_caps_from_disk(dentry, &vcaps); | ||
2576 | dput(dentry); | ||
2577 | |||
2578 | ax->fcap.permitted = vcaps.permitted; | ||
2579 | ax->fcap.inheritable = vcaps.inheritable; | ||
2580 | ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); | ||
2581 | ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; | ||
2582 | |||
2583 | ax->old_pcap.permitted = old->cap_permitted; | ||
2584 | ax->old_pcap.inheritable = old->cap_inheritable; | ||
2585 | ax->old_pcap.effective = old->cap_effective; | ||
2586 | |||
2587 | ax->new_pcap.permitted = new->cap_permitted; | ||
2588 | ax->new_pcap.inheritable = new->cap_inheritable; | ||
2589 | ax->new_pcap.effective = new->cap_effective; | ||
2590 | return 0; | ||
2591 | } | ||
2592 | |||
2593 | /** | ||
2594 | * __audit_log_capset - store information about the arguments to the capset syscall | ||
2595 | * @pid: target pid of the capset call | ||
2596 | * @new: the new credentials | ||
2597 | * @old: the old (current) credentials | ||
2598 | * | ||
2599 | * Record the aguments userspace sent to sys_capset for later printing by the | ||
2600 | * audit system if applicable | ||
2601 | */ | ||
2602 | int __audit_log_capset(pid_t pid, | ||
2603 | const struct cred *new, const struct cred *old) | ||
2604 | { | ||
2605 | struct audit_aux_data_capset *ax; | ||
2606 | struct audit_context *context = current->audit_context; | ||
2607 | |||
2608 | if (likely(!audit_enabled || !context || context->dummy)) | ||
2609 | return 0; | ||
2610 | |||
2611 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); | ||
2612 | if (!ax) | ||
2613 | return -ENOMEM; | ||
2614 | |||
2615 | ax->d.type = AUDIT_CAPSET; | ||
2616 | ax->d.next = context->aux; | ||
2617 | context->aux = (void *)ax; | ||
2618 | |||
2619 | ax->pid = pid; | ||
2620 | ax->cap.effective = new->cap_effective; | ||
2621 | ax->cap.inheritable = new->cap_effective; | ||
2622 | ax->cap.permitted = new->cap_permitted; | ||
2623 | |||
2624 | return 0; | ||
2625 | } | ||
2626 | |||
2627 | /** | ||
2433 | * audit_core_dumps - record information about processes that end abnormally | 2628 | * audit_core_dumps - record information about processes that end abnormally |
2434 | * @signr: signal value | 2629 | * @signr: signal value |
2435 | * | 2630 | * |
@@ -2440,7 +2635,8 @@ void audit_core_dumps(long signr) | |||
2440 | { | 2635 | { |
2441 | struct audit_buffer *ab; | 2636 | struct audit_buffer *ab; |
2442 | u32 sid; | 2637 | u32 sid; |
2443 | uid_t auid = audit_get_loginuid(current); | 2638 | uid_t auid = audit_get_loginuid(current), uid; |
2639 | gid_t gid; | ||
2444 | unsigned int sessionid = audit_get_sessionid(current); | 2640 | unsigned int sessionid = audit_get_sessionid(current); |
2445 | 2641 | ||
2446 | if (!audit_enabled) | 2642 | if (!audit_enabled) |
@@ -2450,8 +2646,9 @@ void audit_core_dumps(long signr) | |||
2450 | return; | 2646 | return; |
2451 | 2647 | ||
2452 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); | 2648 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); |
2649 | current_uid_gid(&uid, &gid); | ||
2453 | audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", | 2650 | audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", |
2454 | auid, current->uid, current->gid, sessionid); | 2651 | auid, uid, gid, sessionid); |
2455 | security_task_getsecid(current, &sid); | 2652 | security_task_getsecid(current, &sid); |
2456 | if (sid) { | 2653 | if (sid) { |
2457 | char *ctx = NULL; | 2654 | char *ctx = NULL; |
diff --git a/kernel/capability.c b/kernel/capability.c index 33e51e78c2d8..36b4b4daebec 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
@@ -7,6 +7,7 @@ | |||
7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> | 7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> |
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include <linux/audit.h> | ||
10 | #include <linux/capability.h> | 11 | #include <linux/capability.h> |
11 | #include <linux/mm.h> | 12 | #include <linux/mm.h> |
12 | #include <linux/module.h> | 13 | #include <linux/module.h> |
@@ -14,12 +15,7 @@ | |||
14 | #include <linux/syscalls.h> | 15 | #include <linux/syscalls.h> |
15 | #include <linux/pid_namespace.h> | 16 | #include <linux/pid_namespace.h> |
16 | #include <asm/uaccess.h> | 17 | #include <asm/uaccess.h> |
17 | 18 | #include "cred-internals.h" | |
18 | /* | ||
19 | * This lock protects task->cap_* for all tasks including current. | ||
20 | * Locking rule: acquire this prior to tasklist_lock. | ||
21 | */ | ||
22 | static DEFINE_SPINLOCK(task_capability_lock); | ||
23 | 19 | ||
24 | /* | 20 | /* |
25 | * Leveraged for setting/resetting capabilities | 21 | * Leveraged for setting/resetting capabilities |
@@ -33,6 +29,17 @@ EXPORT_SYMBOL(__cap_empty_set); | |||
33 | EXPORT_SYMBOL(__cap_full_set); | 29 | EXPORT_SYMBOL(__cap_full_set); |
34 | EXPORT_SYMBOL(__cap_init_eff_set); | 30 | EXPORT_SYMBOL(__cap_init_eff_set); |
35 | 31 | ||
32 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
33 | int file_caps_enabled = 1; | ||
34 | |||
35 | static int __init file_caps_disable(char *str) | ||
36 | { | ||
37 | file_caps_enabled = 0; | ||
38 | return 1; | ||
39 | } | ||
40 | __setup("no_file_caps", file_caps_disable); | ||
41 | #endif | ||
42 | |||
36 | /* | 43 | /* |
37 | * More recent versions of libcap are available from: | 44 | * More recent versions of libcap are available from: |
38 | * | 45 | * |
@@ -115,167 +122,12 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy) | |||
115 | return 0; | 122 | return 0; |
116 | } | 123 | } |
117 | 124 | ||
118 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
119 | |||
120 | /* | ||
121 | * Without filesystem capability support, we nominally support one process | ||
122 | * setting the capabilities of another | ||
123 | */ | ||
124 | static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | ||
125 | kernel_cap_t *pIp, kernel_cap_t *pPp) | ||
126 | { | ||
127 | struct task_struct *target; | ||
128 | int ret; | ||
129 | |||
130 | spin_lock(&task_capability_lock); | ||
131 | read_lock(&tasklist_lock); | ||
132 | |||
133 | if (pid && pid != task_pid_vnr(current)) { | ||
134 | target = find_task_by_vpid(pid); | ||
135 | if (!target) { | ||
136 | ret = -ESRCH; | ||
137 | goto out; | ||
138 | } | ||
139 | } else | ||
140 | target = current; | ||
141 | |||
142 | ret = security_capget(target, pEp, pIp, pPp); | ||
143 | |||
144 | out: | ||
145 | read_unlock(&tasklist_lock); | ||
146 | spin_unlock(&task_capability_lock); | ||
147 | |||
148 | return ret; | ||
149 | } | ||
150 | |||
151 | /* | ||
152 | * cap_set_pg - set capabilities for all processes in a given process | ||
153 | * group. We call this holding task_capability_lock and tasklist_lock. | ||
154 | */ | ||
155 | static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective, | ||
156 | kernel_cap_t *inheritable, | ||
157 | kernel_cap_t *permitted) | ||
158 | { | ||
159 | struct task_struct *g, *target; | ||
160 | int ret = -EPERM; | ||
161 | int found = 0; | ||
162 | struct pid *pgrp; | ||
163 | |||
164 | spin_lock(&task_capability_lock); | ||
165 | read_lock(&tasklist_lock); | ||
166 | |||
167 | pgrp = find_vpid(pgrp_nr); | ||
168 | do_each_pid_task(pgrp, PIDTYPE_PGID, g) { | ||
169 | target = g; | ||
170 | while_each_thread(g, target) { | ||
171 | if (!security_capset_check(target, effective, | ||
172 | inheritable, permitted)) { | ||
173 | security_capset_set(target, effective, | ||
174 | inheritable, permitted); | ||
175 | ret = 0; | ||
176 | } | ||
177 | found = 1; | ||
178 | } | ||
179 | } while_each_pid_task(pgrp, PIDTYPE_PGID, g); | ||
180 | |||
181 | read_unlock(&tasklist_lock); | ||
182 | spin_unlock(&task_capability_lock); | ||
183 | |||
184 | if (!found) | ||
185 | ret = 0; | ||
186 | return ret; | ||
187 | } | ||
188 | |||
189 | /* | ||
190 | * cap_set_all - set capabilities for all processes other than init | ||
191 | * and self. We call this holding task_capability_lock and tasklist_lock. | ||
192 | */ | ||
193 | static inline int cap_set_all(kernel_cap_t *effective, | ||
194 | kernel_cap_t *inheritable, | ||
195 | kernel_cap_t *permitted) | ||
196 | { | ||
197 | struct task_struct *g, *target; | ||
198 | int ret = -EPERM; | ||
199 | int found = 0; | ||
200 | |||
201 | spin_lock(&task_capability_lock); | ||
202 | read_lock(&tasklist_lock); | ||
203 | |||
204 | do_each_thread(g, target) { | ||
205 | if (target == current | ||
206 | || is_container_init(target->group_leader)) | ||
207 | continue; | ||
208 | found = 1; | ||
209 | if (security_capset_check(target, effective, inheritable, | ||
210 | permitted)) | ||
211 | continue; | ||
212 | ret = 0; | ||
213 | security_capset_set(target, effective, inheritable, permitted); | ||
214 | } while_each_thread(g, target); | ||
215 | |||
216 | read_unlock(&tasklist_lock); | ||
217 | spin_unlock(&task_capability_lock); | ||
218 | |||
219 | if (!found) | ||
220 | ret = 0; | ||
221 | |||
222 | return ret; | ||
223 | } | ||
224 | |||
225 | /* | ||
226 | * Given the target pid does not refer to the current process we | ||
227 | * need more elaborate support... (This support is not present when | ||
228 | * filesystem capabilities are configured.) | ||
229 | */ | ||
230 | static inline int do_sys_capset_other_tasks(pid_t pid, kernel_cap_t *effective, | ||
231 | kernel_cap_t *inheritable, | ||
232 | kernel_cap_t *permitted) | ||
233 | { | ||
234 | struct task_struct *target; | ||
235 | int ret; | ||
236 | |||
237 | if (!capable(CAP_SETPCAP)) | ||
238 | return -EPERM; | ||
239 | |||
240 | if (pid == -1) /* all procs other than current and init */ | ||
241 | return cap_set_all(effective, inheritable, permitted); | ||
242 | |||
243 | else if (pid < 0) /* all procs in process group */ | ||
244 | return cap_set_pg(-pid, effective, inheritable, permitted); | ||
245 | |||
246 | /* target != current */ | ||
247 | spin_lock(&task_capability_lock); | ||
248 | read_lock(&tasklist_lock); | ||
249 | |||
250 | target = find_task_by_vpid(pid); | ||
251 | if (!target) | ||
252 | ret = -ESRCH; | ||
253 | else { | ||
254 | ret = security_capset_check(target, effective, inheritable, | ||
255 | permitted); | ||
256 | |||
257 | /* having verified that the proposed changes are legal, | ||
258 | we now put them into effect. */ | ||
259 | if (!ret) | ||
260 | security_capset_set(target, effective, inheritable, | ||
261 | permitted); | ||
262 | } | ||
263 | |||
264 | read_unlock(&tasklist_lock); | ||
265 | spin_unlock(&task_capability_lock); | ||
266 | |||
267 | return ret; | ||
268 | } | ||
269 | |||
270 | #else /* ie., def CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
271 | |||
272 | /* | 125 | /* |
273 | * If we have configured with filesystem capability support, then the | 126 | * The only thing that can change the capabilities of the current |
274 | * only thing that can change the capabilities of the current process | 127 | * process is the current process. As such, we can't be in this code |
275 | * is the current process. As such, we can't be in this code at the | 128 | * at the same time as we are in the process of setting capabilities |
276 | * same time as we are in the process of setting capabilities in this | 129 | * in this process. The net result is that we can limit our use of |
277 | * process. The net result is that we can limit our use of locks to | 130 | * locks to when we are reading the caps of another process. |
278 | * when we are reading the caps of another process. | ||
279 | */ | 131 | */ |
280 | static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | 132 | static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, |
281 | kernel_cap_t *pIp, kernel_cap_t *pPp) | 133 | kernel_cap_t *pIp, kernel_cap_t *pPp) |
@@ -285,7 +137,6 @@ static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | |||
285 | if (pid && (pid != task_pid_vnr(current))) { | 137 | if (pid && (pid != task_pid_vnr(current))) { |
286 | struct task_struct *target; | 138 | struct task_struct *target; |
287 | 139 | ||
288 | spin_lock(&task_capability_lock); | ||
289 | read_lock(&tasklist_lock); | 140 | read_lock(&tasklist_lock); |
290 | 141 | ||
291 | target = find_task_by_vpid(pid); | 142 | target = find_task_by_vpid(pid); |
@@ -295,50 +146,12 @@ static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | |||
295 | ret = security_capget(target, pEp, pIp, pPp); | 146 | ret = security_capget(target, pEp, pIp, pPp); |
296 | 147 | ||
297 | read_unlock(&tasklist_lock); | 148 | read_unlock(&tasklist_lock); |
298 | spin_unlock(&task_capability_lock); | ||
299 | } else | 149 | } else |
300 | ret = security_capget(current, pEp, pIp, pPp); | 150 | ret = security_capget(current, pEp, pIp, pPp); |
301 | 151 | ||
302 | return ret; | 152 | return ret; |
303 | } | 153 | } |
304 | 154 | ||
305 | /* | ||
306 | * With filesystem capability support configured, the kernel does not | ||
307 | * permit the changing of capabilities in one process by another | ||
308 | * process. (CAP_SETPCAP has much less broad semantics when configured | ||
309 | * this way.) | ||
310 | */ | ||
311 | static inline int do_sys_capset_other_tasks(pid_t pid, | ||
312 | kernel_cap_t *effective, | ||
313 | kernel_cap_t *inheritable, | ||
314 | kernel_cap_t *permitted) | ||
315 | { | ||
316 | return -EPERM; | ||
317 | } | ||
318 | |||
319 | #endif /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
320 | |||
321 | /* | ||
322 | * Atomically modify the effective capabilities returning the original | ||
323 | * value. No permission check is performed here - it is assumed that the | ||
324 | * caller is permitted to set the desired effective capabilities. | ||
325 | */ | ||
326 | kernel_cap_t cap_set_effective(const kernel_cap_t pE_new) | ||
327 | { | ||
328 | kernel_cap_t pE_old; | ||
329 | |||
330 | spin_lock(&task_capability_lock); | ||
331 | |||
332 | pE_old = current->cap_effective; | ||
333 | current->cap_effective = pE_new; | ||
334 | |||
335 | spin_unlock(&task_capability_lock); | ||
336 | |||
337 | return pE_old; | ||
338 | } | ||
339 | |||
340 | EXPORT_SYMBOL(cap_set_effective); | ||
341 | |||
342 | /** | 155 | /** |
343 | * sys_capget - get the capabilities of a given process. | 156 | * sys_capget - get the capabilities of a given process. |
344 | * @header: pointer to struct that contains capability version and | 157 | * @header: pointer to struct that contains capability version and |
@@ -366,7 +179,6 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) | |||
366 | return -EINVAL; | 179 | return -EINVAL; |
367 | 180 | ||
368 | ret = cap_get_target_pid(pid, &pE, &pI, &pP); | 181 | ret = cap_get_target_pid(pid, &pE, &pI, &pP); |
369 | |||
370 | if (!ret) { | 182 | if (!ret) { |
371 | struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; | 183 | struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; |
372 | unsigned i; | 184 | unsigned i; |
@@ -412,16 +224,14 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) | |||
412 | * @data: pointer to struct that contains the effective, permitted, | 224 | * @data: pointer to struct that contains the effective, permitted, |
413 | * and inheritable capabilities | 225 | * and inheritable capabilities |
414 | * | 226 | * |
415 | * Set capabilities for a given process, all processes, or all | 227 | * Set capabilities for the current process only. The ability to any other |
416 | * processes in a given process group. | 228 | * process(es) has been deprecated and removed. |
417 | * | 229 | * |
418 | * The restrictions on setting capabilities are specified as: | 230 | * The restrictions on setting capabilities are specified as: |
419 | * | 231 | * |
420 | * [pid is for the 'target' task. 'current' is the calling task.] | 232 | * I: any raised capabilities must be a subset of the old permitted |
421 | * | 233 | * P: any raised capabilities must be a subset of the old permitted |
422 | * I: any raised capabilities must be a subset of the (old current) permitted | 234 | * E: must be set to a subset of new permitted |
423 | * P: any raised capabilities must be a subset of the (old current) permitted | ||
424 | * E: must be set to a subset of (new target) permitted | ||
425 | * | 235 | * |
426 | * Returns 0 on success and < 0 on error. | 236 | * Returns 0 on success and < 0 on error. |
427 | */ | 237 | */ |
@@ -430,6 +240,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
430 | struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; | 240 | struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; |
431 | unsigned i, tocopy; | 241 | unsigned i, tocopy; |
432 | kernel_cap_t inheritable, permitted, effective; | 242 | kernel_cap_t inheritable, permitted, effective; |
243 | struct cred *new; | ||
433 | int ret; | 244 | int ret; |
434 | pid_t pid; | 245 | pid_t pid; |
435 | 246 | ||
@@ -440,10 +251,13 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
440 | if (get_user(pid, &header->pid)) | 251 | if (get_user(pid, &header->pid)) |
441 | return -EFAULT; | 252 | return -EFAULT; |
442 | 253 | ||
443 | if (copy_from_user(&kdata, data, tocopy | 254 | /* may only affect current now */ |
444 | * sizeof(struct __user_cap_data_struct))) { | 255 | if (pid != 0 && pid != task_pid_vnr(current)) |
256 | return -EPERM; | ||
257 | |||
258 | if (copy_from_user(&kdata, data, | ||
259 | tocopy * sizeof(struct __user_cap_data_struct))) | ||
445 | return -EFAULT; | 260 | return -EFAULT; |
446 | } | ||
447 | 261 | ||
448 | for (i = 0; i < tocopy; i++) { | 262 | for (i = 0; i < tocopy; i++) { |
449 | effective.cap[i] = kdata[i].effective; | 263 | effective.cap[i] = kdata[i].effective; |
@@ -457,32 +271,23 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
457 | i++; | 271 | i++; |
458 | } | 272 | } |
459 | 273 | ||
460 | if (pid && (pid != task_pid_vnr(current))) | 274 | new = prepare_creds(); |
461 | ret = do_sys_capset_other_tasks(pid, &effective, &inheritable, | 275 | if (!new) |
462 | &permitted); | 276 | return -ENOMEM; |
463 | else { | ||
464 | /* | ||
465 | * This lock is required even when filesystem | ||
466 | * capability support is configured - it protects the | ||
467 | * sys_capget() call from returning incorrect data in | ||
468 | * the case that the targeted process is not the | ||
469 | * current one. | ||
470 | */ | ||
471 | spin_lock(&task_capability_lock); | ||
472 | 277 | ||
473 | ret = security_capset_check(current, &effective, &inheritable, | 278 | ret = security_capset(new, current_cred(), |
474 | &permitted); | 279 | &effective, &inheritable, &permitted); |
475 | /* | 280 | if (ret < 0) |
476 | * Having verified that the proposed changes are | 281 | goto error; |
477 | * legal, we now put them into effect. | 282 | |
478 | */ | 283 | ret = audit_log_capset(pid, new, current_cred()); |
479 | if (!ret) | 284 | if (ret < 0) |
480 | security_capset_set(current, &effective, &inheritable, | 285 | return ret; |
481 | &permitted); | ||
482 | spin_unlock(&task_capability_lock); | ||
483 | } | ||
484 | 286 | ||
287 | return commit_creds(new); | ||
485 | 288 | ||
289 | error: | ||
290 | abort_creds(new); | ||
486 | return ret; | 291 | return ret; |
487 | } | 292 | } |
488 | 293 | ||
@@ -498,6 +303,11 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
498 | */ | 303 | */ |
499 | int capable(int cap) | 304 | int capable(int cap) |
500 | { | 305 | { |
306 | if (unlikely(!cap_valid(cap))) { | ||
307 | printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap); | ||
308 | BUG(); | ||
309 | } | ||
310 | |||
501 | if (has_capability(current, cap)) { | 311 | if (has_capability(current, cap)) { |
502 | current->flags |= PF_SUPERPRIV; | 312 | current->flags |= PF_SUPERPRIV; |
503 | return 1; | 313 | return 1; |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index fe00b3b983a8..dee025f2f286 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c | |||
@@ -571,8 +571,8 @@ static struct inode *cgroup_new_inode(mode_t mode, struct super_block *sb) | |||
571 | 571 | ||
572 | if (inode) { | 572 | if (inode) { |
573 | inode->i_mode = mode; | 573 | inode->i_mode = mode; |
574 | inode->i_uid = current->fsuid; | 574 | inode->i_uid = current_fsuid(); |
575 | inode->i_gid = current->fsgid; | 575 | inode->i_gid = current_fsgid(); |
576 | inode->i_blocks = 0; | 576 | inode->i_blocks = 0; |
577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; | 578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; |
@@ -1279,6 +1279,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) | |||
1279 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | 1279 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) |
1280 | { | 1280 | { |
1281 | struct task_struct *tsk; | 1281 | struct task_struct *tsk; |
1282 | const struct cred *cred = current_cred(), *tcred; | ||
1282 | int ret; | 1283 | int ret; |
1283 | 1284 | ||
1284 | if (pid) { | 1285 | if (pid) { |
@@ -1288,14 +1289,16 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | |||
1288 | rcu_read_unlock(); | 1289 | rcu_read_unlock(); |
1289 | return -ESRCH; | 1290 | return -ESRCH; |
1290 | } | 1291 | } |
1291 | get_task_struct(tsk); | ||
1292 | rcu_read_unlock(); | ||
1293 | 1292 | ||
1294 | if ((current->euid) && (current->euid != tsk->uid) | 1293 | tcred = __task_cred(tsk); |
1295 | && (current->euid != tsk->suid)) { | 1294 | if (cred->euid && |
1296 | put_task_struct(tsk); | 1295 | cred->euid != tcred->uid && |
1296 | cred->euid != tcred->suid) { | ||
1297 | rcu_read_unlock(); | ||
1297 | return -EACCES; | 1298 | return -EACCES; |
1298 | } | 1299 | } |
1300 | get_task_struct(tsk); | ||
1301 | rcu_read_unlock(); | ||
1299 | } else { | 1302 | } else { |
1300 | tsk = current; | 1303 | tsk = current; |
1301 | get_task_struct(tsk); | 1304 | get_task_struct(tsk); |
diff --git a/kernel/cred-internals.h b/kernel/cred-internals.h new file mode 100644 index 000000000000..2dc4fc2d0bf1 --- /dev/null +++ b/kernel/cred-internals.h | |||
@@ -0,0 +1,21 @@ | |||
1 | /* Internal credentials stuff | ||
2 | * | ||
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | /* | ||
13 | * user.c | ||
14 | */ | ||
15 | static inline void sched_switch_user(struct task_struct *p) | ||
16 | { | ||
17 | #ifdef CONFIG_USER_SCHED | ||
18 | sched_move_task(p); | ||
19 | #endif /* CONFIG_USER_SCHED */ | ||
20 | } | ||
21 | |||
diff --git a/kernel/cred.c b/kernel/cred.c new file mode 100644 index 000000000000..ff7bc071991c --- /dev/null +++ b/kernel/cred.c | |||
@@ -0,0 +1,588 @@ | |||
1 | /* Task credentials management - see Documentation/credentials.txt | ||
2 | * | ||
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | #include <linux/module.h> | ||
12 | #include <linux/cred.h> | ||
13 | #include <linux/sched.h> | ||
14 | #include <linux/key.h> | ||
15 | #include <linux/keyctl.h> | ||
16 | #include <linux/init_task.h> | ||
17 | #include <linux/security.h> | ||
18 | #include <linux/cn_proc.h> | ||
19 | #include "cred-internals.h" | ||
20 | |||
21 | static struct kmem_cache *cred_jar; | ||
22 | |||
23 | /* | ||
24 | * The common credentials for the initial task's thread group | ||
25 | */ | ||
26 | #ifdef CONFIG_KEYS | ||
27 | static struct thread_group_cred init_tgcred = { | ||
28 | .usage = ATOMIC_INIT(2), | ||
29 | .tgid = 0, | ||
30 | .lock = SPIN_LOCK_UNLOCKED, | ||
31 | }; | ||
32 | #endif | ||
33 | |||
34 | /* | ||
35 | * The initial credentials for the initial task | ||
36 | */ | ||
37 | struct cred init_cred = { | ||
38 | .usage = ATOMIC_INIT(4), | ||
39 | .securebits = SECUREBITS_DEFAULT, | ||
40 | .cap_inheritable = CAP_INIT_INH_SET, | ||
41 | .cap_permitted = CAP_FULL_SET, | ||
42 | .cap_effective = CAP_INIT_EFF_SET, | ||
43 | .cap_bset = CAP_INIT_BSET, | ||
44 | .user = INIT_USER, | ||
45 | .group_info = &init_groups, | ||
46 | #ifdef CONFIG_KEYS | ||
47 | .tgcred = &init_tgcred, | ||
48 | #endif | ||
49 | }; | ||
50 | |||
51 | /* | ||
52 | * Dispose of the shared task group credentials | ||
53 | */ | ||
54 | #ifdef CONFIG_KEYS | ||
55 | static void release_tgcred_rcu(struct rcu_head *rcu) | ||
56 | { | ||
57 | struct thread_group_cred *tgcred = | ||
58 | container_of(rcu, struct thread_group_cred, rcu); | ||
59 | |||
60 | BUG_ON(atomic_read(&tgcred->usage) != 0); | ||
61 | |||
62 | key_put(tgcred->session_keyring); | ||
63 | key_put(tgcred->process_keyring); | ||
64 | kfree(tgcred); | ||
65 | } | ||
66 | #endif | ||
67 | |||
68 | /* | ||
69 | * Release a set of thread group credentials. | ||
70 | */ | ||
71 | static void release_tgcred(struct cred *cred) | ||
72 | { | ||
73 | #ifdef CONFIG_KEYS | ||
74 | struct thread_group_cred *tgcred = cred->tgcred; | ||
75 | |||
76 | if (atomic_dec_and_test(&tgcred->usage)) | ||
77 | call_rcu(&tgcred->rcu, release_tgcred_rcu); | ||
78 | #endif | ||
79 | } | ||
80 | |||
81 | /* | ||
82 | * The RCU callback to actually dispose of a set of credentials | ||
83 | */ | ||
84 | static void put_cred_rcu(struct rcu_head *rcu) | ||
85 | { | ||
86 | struct cred *cred = container_of(rcu, struct cred, rcu); | ||
87 | |||
88 | if (atomic_read(&cred->usage) != 0) | ||
89 | panic("CRED: put_cred_rcu() sees %p with usage %d\n", | ||
90 | cred, atomic_read(&cred->usage)); | ||
91 | |||
92 | security_cred_free(cred); | ||
93 | key_put(cred->thread_keyring); | ||
94 | key_put(cred->request_key_auth); | ||
95 | release_tgcred(cred); | ||
96 | put_group_info(cred->group_info); | ||
97 | free_uid(cred->user); | ||
98 | kmem_cache_free(cred_jar, cred); | ||
99 | } | ||
100 | |||
101 | /** | ||
102 | * __put_cred - Destroy a set of credentials | ||
103 | * @cred: The record to release | ||
104 | * | ||
105 | * Destroy a set of credentials on which no references remain. | ||
106 | */ | ||
107 | void __put_cred(struct cred *cred) | ||
108 | { | ||
109 | BUG_ON(atomic_read(&cred->usage) != 0); | ||
110 | |||
111 | call_rcu(&cred->rcu, put_cred_rcu); | ||
112 | } | ||
113 | EXPORT_SYMBOL(__put_cred); | ||
114 | |||
115 | /** | ||
116 | * prepare_creds - Prepare a new set of credentials for modification | ||
117 | * | ||
118 | * Prepare a new set of task credentials for modification. A task's creds | ||
119 | * shouldn't generally be modified directly, therefore this function is used to | ||
120 | * prepare a new copy, which the caller then modifies and then commits by | ||
121 | * calling commit_creds(). | ||
122 | * | ||
123 | * Preparation involves making a copy of the objective creds for modification. | ||
124 | * | ||
125 | * Returns a pointer to the new creds-to-be if successful, NULL otherwise. | ||
126 | * | ||
127 | * Call commit_creds() or abort_creds() to clean up. | ||
128 | */ | ||
129 | struct cred *prepare_creds(void) | ||
130 | { | ||
131 | struct task_struct *task = current; | ||
132 | const struct cred *old; | ||
133 | struct cred *new; | ||
134 | |||
135 | BUG_ON(atomic_read(&task->real_cred->usage) < 1); | ||
136 | |||
137 | new = kmem_cache_alloc(cred_jar, GFP_KERNEL); | ||
138 | if (!new) | ||
139 | return NULL; | ||
140 | |||
141 | old = task->cred; | ||
142 | memcpy(new, old, sizeof(struct cred)); | ||
143 | |||
144 | atomic_set(&new->usage, 1); | ||
145 | get_group_info(new->group_info); | ||
146 | get_uid(new->user); | ||
147 | |||
148 | #ifdef CONFIG_KEYS | ||
149 | key_get(new->thread_keyring); | ||
150 | key_get(new->request_key_auth); | ||
151 | atomic_inc(&new->tgcred->usage); | ||
152 | #endif | ||
153 | |||
154 | #ifdef CONFIG_SECURITY | ||
155 | new->security = NULL; | ||
156 | #endif | ||
157 | |||
158 | if (security_prepare_creds(new, old, GFP_KERNEL) < 0) | ||
159 | goto error; | ||
160 | return new; | ||
161 | |||
162 | error: | ||
163 | abort_creds(new); | ||
164 | return NULL; | ||
165 | } | ||
166 | EXPORT_SYMBOL(prepare_creds); | ||
167 | |||
168 | /* | ||
169 | * Prepare credentials for current to perform an execve() | ||
170 | * - The caller must hold current->cred_exec_mutex | ||
171 | */ | ||
172 | struct cred *prepare_exec_creds(void) | ||
173 | { | ||
174 | struct thread_group_cred *tgcred = NULL; | ||
175 | struct cred *new; | ||
176 | |||
177 | #ifdef CONFIG_KEYS | ||
178 | tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); | ||
179 | if (!tgcred) | ||
180 | return NULL; | ||
181 | #endif | ||
182 | |||
183 | new = prepare_creds(); | ||
184 | if (!new) { | ||
185 | kfree(tgcred); | ||
186 | return new; | ||
187 | } | ||
188 | |||
189 | #ifdef CONFIG_KEYS | ||
190 | /* newly exec'd tasks don't get a thread keyring */ | ||
191 | key_put(new->thread_keyring); | ||
192 | new->thread_keyring = NULL; | ||
193 | |||
194 | /* create a new per-thread-group creds for all this set of threads to | ||
195 | * share */ | ||
196 | memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred)); | ||
197 | |||
198 | atomic_set(&tgcred->usage, 1); | ||
199 | spin_lock_init(&tgcred->lock); | ||
200 | |||
201 | /* inherit the session keyring; new process keyring */ | ||
202 | key_get(tgcred->session_keyring); | ||
203 | tgcred->process_keyring = NULL; | ||
204 | |||
205 | release_tgcred(new); | ||
206 | new->tgcred = tgcred; | ||
207 | #endif | ||
208 | |||
209 | return new; | ||
210 | } | ||
211 | |||
212 | /* | ||
213 | * prepare new credentials for the usermode helper dispatcher | ||
214 | */ | ||
215 | struct cred *prepare_usermodehelper_creds(void) | ||
216 | { | ||
217 | #ifdef CONFIG_KEYS | ||
218 | struct thread_group_cred *tgcred = NULL; | ||
219 | #endif | ||
220 | struct cred *new; | ||
221 | |||
222 | #ifdef CONFIG_KEYS | ||
223 | tgcred = kzalloc(sizeof(*new->tgcred), GFP_ATOMIC); | ||
224 | if (!tgcred) | ||
225 | return NULL; | ||
226 | #endif | ||
227 | |||
228 | new = kmem_cache_alloc(cred_jar, GFP_ATOMIC); | ||
229 | if (!new) | ||
230 | return NULL; | ||
231 | |||
232 | memcpy(new, &init_cred, sizeof(struct cred)); | ||
233 | |||
234 | atomic_set(&new->usage, 1); | ||
235 | get_group_info(new->group_info); | ||
236 | get_uid(new->user); | ||
237 | |||
238 | #ifdef CONFIG_KEYS | ||
239 | new->thread_keyring = NULL; | ||
240 | new->request_key_auth = NULL; | ||
241 | new->jit_keyring = KEY_REQKEY_DEFL_DEFAULT; | ||
242 | |||
243 | atomic_set(&tgcred->usage, 1); | ||
244 | spin_lock_init(&tgcred->lock); | ||
245 | new->tgcred = tgcred; | ||
246 | #endif | ||
247 | |||
248 | #ifdef CONFIG_SECURITY | ||
249 | new->security = NULL; | ||
250 | #endif | ||
251 | if (security_prepare_creds(new, &init_cred, GFP_ATOMIC) < 0) | ||
252 | goto error; | ||
253 | |||
254 | BUG_ON(atomic_read(&new->usage) != 1); | ||
255 | return new; | ||
256 | |||
257 | error: | ||
258 | put_cred(new); | ||
259 | return NULL; | ||
260 | } | ||
261 | |||
262 | /* | ||
263 | * Copy credentials for the new process created by fork() | ||
264 | * | ||
265 | * We share if we can, but under some circumstances we have to generate a new | ||
266 | * set. | ||
267 | * | ||
268 | * The new process gets the current process's subjective credentials as its | ||
269 | * objective and subjective credentials | ||
270 | */ | ||
271 | int copy_creds(struct task_struct *p, unsigned long clone_flags) | ||
272 | { | ||
273 | #ifdef CONFIG_KEYS | ||
274 | struct thread_group_cred *tgcred; | ||
275 | #endif | ||
276 | struct cred *new; | ||
277 | int ret; | ||
278 | |||
279 | mutex_init(&p->cred_exec_mutex); | ||
280 | |||
281 | if ( | ||
282 | #ifdef CONFIG_KEYS | ||
283 | !p->cred->thread_keyring && | ||
284 | #endif | ||
285 | clone_flags & CLONE_THREAD | ||
286 | ) { | ||
287 | p->real_cred = get_cred(p->cred); | ||
288 | get_cred(p->cred); | ||
289 | atomic_inc(&p->cred->user->processes); | ||
290 | return 0; | ||
291 | } | ||
292 | |||
293 | new = prepare_creds(); | ||
294 | if (!new) | ||
295 | return -ENOMEM; | ||
296 | |||
297 | if (clone_flags & CLONE_NEWUSER) { | ||
298 | ret = create_user_ns(new); | ||
299 | if (ret < 0) | ||
300 | goto error_put; | ||
301 | } | ||
302 | |||
303 | #ifdef CONFIG_KEYS | ||
304 | /* new threads get their own thread keyrings if their parent already | ||
305 | * had one */ | ||
306 | if (new->thread_keyring) { | ||
307 | key_put(new->thread_keyring); | ||
308 | new->thread_keyring = NULL; | ||
309 | if (clone_flags & CLONE_THREAD) | ||
310 | install_thread_keyring_to_cred(new); | ||
311 | } | ||
312 | |||
313 | /* we share the process and session keyrings between all the threads in | ||
314 | * a process - this is slightly icky as we violate COW credentials a | ||
315 | * bit */ | ||
316 | if (!(clone_flags & CLONE_THREAD)) { | ||
317 | tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); | ||
318 | if (!tgcred) { | ||
319 | ret = -ENOMEM; | ||
320 | goto error_put; | ||
321 | } | ||
322 | atomic_set(&tgcred->usage, 1); | ||
323 | spin_lock_init(&tgcred->lock); | ||
324 | tgcred->process_keyring = NULL; | ||
325 | tgcred->session_keyring = key_get(new->tgcred->session_keyring); | ||
326 | |||
327 | release_tgcred(new); | ||
328 | new->tgcred = tgcred; | ||
329 | } | ||
330 | #endif | ||
331 | |||
332 | atomic_inc(&new->user->processes); | ||
333 | p->cred = p->real_cred = get_cred(new); | ||
334 | return 0; | ||
335 | |||
336 | error_put: | ||
337 | put_cred(new); | ||
338 | return ret; | ||
339 | } | ||
340 | |||
341 | /** | ||
342 | * commit_creds - Install new credentials upon the current task | ||
343 | * @new: The credentials to be assigned | ||
344 | * | ||
345 | * Install a new set of credentials to the current task, using RCU to replace | ||
346 | * the old set. Both the objective and the subjective credentials pointers are | ||
347 | * updated. This function may not be called if the subjective credentials are | ||
348 | * in an overridden state. | ||
349 | * | ||
350 | * This function eats the caller's reference to the new credentials. | ||
351 | * | ||
352 | * Always returns 0 thus allowing this function to be tail-called at the end | ||
353 | * of, say, sys_setgid(). | ||
354 | */ | ||
355 | int commit_creds(struct cred *new) | ||
356 | { | ||
357 | struct task_struct *task = current; | ||
358 | const struct cred *old; | ||
359 | |||
360 | BUG_ON(task->cred != task->real_cred); | ||
361 | BUG_ON(atomic_read(&task->real_cred->usage) < 2); | ||
362 | BUG_ON(atomic_read(&new->usage) < 1); | ||
363 | |||
364 | old = task->real_cred; | ||
365 | security_commit_creds(new, old); | ||
366 | |||
367 | get_cred(new); /* we will require a ref for the subj creds too */ | ||
368 | |||
369 | /* dumpability changes */ | ||
370 | if (old->euid != new->euid || | ||
371 | old->egid != new->egid || | ||
372 | old->fsuid != new->fsuid || | ||
373 | old->fsgid != new->fsgid || | ||
374 | !cap_issubset(new->cap_permitted, old->cap_permitted)) { | ||
375 | set_dumpable(task->mm, suid_dumpable); | ||
376 | task->pdeath_signal = 0; | ||
377 | smp_wmb(); | ||
378 | } | ||
379 | |||
380 | /* alter the thread keyring */ | ||
381 | if (new->fsuid != old->fsuid) | ||
382 | key_fsuid_changed(task); | ||
383 | if (new->fsgid != old->fsgid) | ||
384 | key_fsgid_changed(task); | ||
385 | |||
386 | /* do it | ||
387 | * - What if a process setreuid()'s and this brings the | ||
388 | * new uid over his NPROC rlimit? We can check this now | ||
389 | * cheaply with the new uid cache, so if it matters | ||
390 | * we should be checking for it. -DaveM | ||
391 | */ | ||
392 | if (new->user != old->user) | ||
393 | atomic_inc(&new->user->processes); | ||
394 | rcu_assign_pointer(task->real_cred, new); | ||
395 | rcu_assign_pointer(task->cred, new); | ||
396 | if (new->user != old->user) | ||
397 | atomic_dec(&old->user->processes); | ||
398 | |||
399 | sched_switch_user(task); | ||
400 | |||
401 | /* send notifications */ | ||
402 | if (new->uid != old->uid || | ||
403 | new->euid != old->euid || | ||
404 | new->suid != old->suid || | ||
405 | new->fsuid != old->fsuid) | ||
406 | proc_id_connector(task, PROC_EVENT_UID); | ||
407 | |||
408 | if (new->gid != old->gid || | ||
409 | new->egid != old->egid || | ||
410 | new->sgid != old->sgid || | ||
411 | new->fsgid != old->fsgid) | ||
412 | proc_id_connector(task, PROC_EVENT_GID); | ||
413 | |||
414 | /* release the old obj and subj refs both */ | ||
415 | put_cred(old); | ||
416 | put_cred(old); | ||
417 | return 0; | ||
418 | } | ||
419 | EXPORT_SYMBOL(commit_creds); | ||
420 | |||
421 | /** | ||
422 | * abort_creds - Discard a set of credentials and unlock the current task | ||
423 | * @new: The credentials that were going to be applied | ||
424 | * | ||
425 | * Discard a set of credentials that were under construction and unlock the | ||
426 | * current task. | ||
427 | */ | ||
428 | void abort_creds(struct cred *new) | ||
429 | { | ||
430 | BUG_ON(atomic_read(&new->usage) < 1); | ||
431 | put_cred(new); | ||
432 | } | ||
433 | EXPORT_SYMBOL(abort_creds); | ||
434 | |||
435 | /** | ||
436 | * override_creds - Override the current process's subjective credentials | ||
437 | * @new: The credentials to be assigned | ||
438 | * | ||
439 | * Install a set of temporary override subjective credentials on the current | ||
440 | * process, returning the old set for later reversion. | ||
441 | */ | ||
442 | const struct cred *override_creds(const struct cred *new) | ||
443 | { | ||
444 | const struct cred *old = current->cred; | ||
445 | |||
446 | rcu_assign_pointer(current->cred, get_cred(new)); | ||
447 | return old; | ||
448 | } | ||
449 | EXPORT_SYMBOL(override_creds); | ||
450 | |||
451 | /** | ||
452 | * revert_creds - Revert a temporary subjective credentials override | ||
453 | * @old: The credentials to be restored | ||
454 | * | ||
455 | * Revert a temporary set of override subjective credentials to an old set, | ||
456 | * discarding the override set. | ||
457 | */ | ||
458 | void revert_creds(const struct cred *old) | ||
459 | { | ||
460 | const struct cred *override = current->cred; | ||
461 | |||
462 | rcu_assign_pointer(current->cred, old); | ||
463 | put_cred(override); | ||
464 | } | ||
465 | EXPORT_SYMBOL(revert_creds); | ||
466 | |||
467 | /* | ||
468 | * initialise the credentials stuff | ||
469 | */ | ||
470 | void __init cred_init(void) | ||
471 | { | ||
472 | /* allocate a slab in which we can store credentials */ | ||
473 | cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), | ||
474 | 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); | ||
475 | } | ||
476 | |||
477 | /** | ||
478 | * prepare_kernel_cred - Prepare a set of credentials for a kernel service | ||
479 | * @daemon: A userspace daemon to be used as a reference | ||
480 | * | ||
481 | * Prepare a set of credentials for a kernel service. This can then be used to | ||
482 | * override a task's own credentials so that work can be done on behalf of that | ||
483 | * task that requires a different subjective context. | ||
484 | * | ||
485 | * @daemon is used to provide a base for the security record, but can be NULL. | ||
486 | * If @daemon is supplied, then the security data will be derived from that; | ||
487 | * otherwise they'll be set to 0 and no groups, full capabilities and no keys. | ||
488 | * | ||
489 | * The caller may change these controls afterwards if desired. | ||
490 | * | ||
491 | * Returns the new credentials or NULL if out of memory. | ||
492 | * | ||
493 | * Does not take, and does not return holding current->cred_replace_mutex. | ||
494 | */ | ||
495 | struct cred *prepare_kernel_cred(struct task_struct *daemon) | ||
496 | { | ||
497 | const struct cred *old; | ||
498 | struct cred *new; | ||
499 | |||
500 | new = kmem_cache_alloc(cred_jar, GFP_KERNEL); | ||
501 | if (!new) | ||
502 | return NULL; | ||
503 | |||
504 | if (daemon) | ||
505 | old = get_task_cred(daemon); | ||
506 | else | ||
507 | old = get_cred(&init_cred); | ||
508 | |||
509 | get_uid(new->user); | ||
510 | get_group_info(new->group_info); | ||
511 | |||
512 | #ifdef CONFIG_KEYS | ||
513 | atomic_inc(&init_tgcred.usage); | ||
514 | new->tgcred = &init_tgcred; | ||
515 | new->request_key_auth = NULL; | ||
516 | new->thread_keyring = NULL; | ||
517 | new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; | ||
518 | #endif | ||
519 | |||
520 | #ifdef CONFIG_SECURITY | ||
521 | new->security = NULL; | ||
522 | #endif | ||
523 | if (security_prepare_creds(new, old, GFP_KERNEL) < 0) | ||
524 | goto error; | ||
525 | |||
526 | atomic_set(&new->usage, 1); | ||
527 | put_cred(old); | ||
528 | return new; | ||
529 | |||
530 | error: | ||
531 | put_cred(new); | ||
532 | return NULL; | ||
533 | } | ||
534 | EXPORT_SYMBOL(prepare_kernel_cred); | ||
535 | |||
536 | /** | ||
537 | * set_security_override - Set the security ID in a set of credentials | ||
538 | * @new: The credentials to alter | ||
539 | * @secid: The LSM security ID to set | ||
540 | * | ||
541 | * Set the LSM security ID in a set of credentials so that the subjective | ||
542 | * security is overridden when an alternative set of credentials is used. | ||
543 | */ | ||
544 | int set_security_override(struct cred *new, u32 secid) | ||
545 | { | ||
546 | return security_kernel_act_as(new, secid); | ||
547 | } | ||
548 | EXPORT_SYMBOL(set_security_override); | ||
549 | |||
550 | /** | ||
551 | * set_security_override_from_ctx - Set the security ID in a set of credentials | ||
552 | * @new: The credentials to alter | ||
553 | * @secctx: The LSM security context to generate the security ID from. | ||
554 | * | ||
555 | * Set the LSM security ID in a set of credentials so that the subjective | ||
556 | * security is overridden when an alternative set of credentials is used. The | ||
557 | * security ID is specified in string form as a security context to be | ||
558 | * interpreted by the LSM. | ||
559 | */ | ||
560 | int set_security_override_from_ctx(struct cred *new, const char *secctx) | ||
561 | { | ||
562 | u32 secid; | ||
563 | int ret; | ||
564 | |||
565 | ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); | ||
566 | if (ret < 0) | ||
567 | return ret; | ||
568 | |||
569 | return set_security_override(new, secid); | ||
570 | } | ||
571 | EXPORT_SYMBOL(set_security_override_from_ctx); | ||
572 | |||
573 | /** | ||
574 | * set_create_files_as - Set the LSM file create context in a set of credentials | ||
575 | * @new: The credentials to alter | ||
576 | * @inode: The inode to take the context from | ||
577 | * | ||
578 | * Change the LSM file creation context in a set of credentials to be the same | ||
579 | * as the object context of the specified inode, so that the new inodes have | ||
580 | * the same MAC context as that inode. | ||
581 | */ | ||
582 | int set_create_files_as(struct cred *new, struct inode *inode) | ||
583 | { | ||
584 | new->fsuid = inode->i_uid; | ||
585 | new->fsgid = inode->i_gid; | ||
586 | return security_kernel_create_files_as(new, inode); | ||
587 | } | ||
588 | EXPORT_SYMBOL(set_create_files_as); | ||
diff --git a/kernel/exit.c b/kernel/exit.c index 2d8be7ebb0f7..ccb87162ff62 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -46,12 +46,14 @@ | |||
46 | #include <linux/blkdev.h> | 46 | #include <linux/blkdev.h> |
47 | #include <linux/task_io_accounting_ops.h> | 47 | #include <linux/task_io_accounting_ops.h> |
48 | #include <linux/tracehook.h> | 48 | #include <linux/tracehook.h> |
49 | #include <linux/init_task.h> | ||
49 | #include <trace/sched.h> | 50 | #include <trace/sched.h> |
50 | 51 | ||
51 | #include <asm/uaccess.h> | 52 | #include <asm/uaccess.h> |
52 | #include <asm/unistd.h> | 53 | #include <asm/unistd.h> |
53 | #include <asm/pgtable.h> | 54 | #include <asm/pgtable.h> |
54 | #include <asm/mmu_context.h> | 55 | #include <asm/mmu_context.h> |
56 | #include "cred-internals.h" | ||
55 | 57 | ||
56 | static void exit_mm(struct task_struct * tsk); | 58 | static void exit_mm(struct task_struct * tsk); |
57 | 59 | ||
@@ -164,7 +166,10 @@ void release_task(struct task_struct * p) | |||
164 | int zap_leader; | 166 | int zap_leader; |
165 | repeat: | 167 | repeat: |
166 | tracehook_prepare_release_task(p); | 168 | tracehook_prepare_release_task(p); |
167 | atomic_dec(&p->user->processes); | 169 | /* don't need to get the RCU readlock here - the process is dead and |
170 | * can't be modifying its own credentials */ | ||
171 | atomic_dec(&__task_cred(p)->user->processes); | ||
172 | |||
168 | proc_flush_task(p); | 173 | proc_flush_task(p); |
169 | write_lock_irq(&tasklist_lock); | 174 | write_lock_irq(&tasklist_lock); |
170 | tracehook_finish_release_task(p); | 175 | tracehook_finish_release_task(p); |
@@ -339,12 +344,12 @@ static void reparent_to_kthreadd(void) | |||
339 | /* cpus_allowed? */ | 344 | /* cpus_allowed? */ |
340 | /* rt_priority? */ | 345 | /* rt_priority? */ |
341 | /* signals? */ | 346 | /* signals? */ |
342 | security_task_reparent_to_init(current); | ||
343 | memcpy(current->signal->rlim, init_task.signal->rlim, | 347 | memcpy(current->signal->rlim, init_task.signal->rlim, |
344 | sizeof(current->signal->rlim)); | 348 | sizeof(current->signal->rlim)); |
345 | atomic_inc(&(INIT_USER->__count)); | 349 | |
350 | atomic_inc(&init_cred.usage); | ||
351 | commit_creds(&init_cred); | ||
346 | write_unlock_irq(&tasklist_lock); | 352 | write_unlock_irq(&tasklist_lock); |
347 | switch_uid(INIT_USER); | ||
348 | } | 353 | } |
349 | 354 | ||
350 | void __set_special_pids(struct pid *pid) | 355 | void __set_special_pids(struct pid *pid) |
@@ -1078,7 +1083,6 @@ NORET_TYPE void do_exit(long code) | |||
1078 | check_stack_usage(); | 1083 | check_stack_usage(); |
1079 | exit_thread(); | 1084 | exit_thread(); |
1080 | cgroup_exit(tsk, 1); | 1085 | cgroup_exit(tsk, 1); |
1081 | exit_keys(tsk); | ||
1082 | 1086 | ||
1083 | if (group_dead && tsk->signal->leader) | 1087 | if (group_dead && tsk->signal->leader) |
1084 | disassociate_ctty(1); | 1088 | disassociate_ctty(1); |
@@ -1263,12 +1267,12 @@ static int wait_task_zombie(struct task_struct *p, int options, | |||
1263 | unsigned long state; | 1267 | unsigned long state; |
1264 | int retval, status, traced; | 1268 | int retval, status, traced; |
1265 | pid_t pid = task_pid_vnr(p); | 1269 | pid_t pid = task_pid_vnr(p); |
1270 | uid_t uid = __task_cred(p)->uid; | ||
1266 | 1271 | ||
1267 | if (!likely(options & WEXITED)) | 1272 | if (!likely(options & WEXITED)) |
1268 | return 0; | 1273 | return 0; |
1269 | 1274 | ||
1270 | if (unlikely(options & WNOWAIT)) { | 1275 | if (unlikely(options & WNOWAIT)) { |
1271 | uid_t uid = p->uid; | ||
1272 | int exit_code = p->exit_code; | 1276 | int exit_code = p->exit_code; |
1273 | int why, status; | 1277 | int why, status; |
1274 | 1278 | ||
@@ -1389,7 +1393,7 @@ static int wait_task_zombie(struct task_struct *p, int options, | |||
1389 | if (!retval && infop) | 1393 | if (!retval && infop) |
1390 | retval = put_user(pid, &infop->si_pid); | 1394 | retval = put_user(pid, &infop->si_pid); |
1391 | if (!retval && infop) | 1395 | if (!retval && infop) |
1392 | retval = put_user(p->uid, &infop->si_uid); | 1396 | retval = put_user(uid, &infop->si_uid); |
1393 | if (!retval) | 1397 | if (!retval) |
1394 | retval = pid; | 1398 | retval = pid; |
1395 | 1399 | ||
@@ -1454,7 +1458,8 @@ static int wait_task_stopped(int ptrace, struct task_struct *p, | |||
1454 | if (!unlikely(options & WNOWAIT)) | 1458 | if (!unlikely(options & WNOWAIT)) |
1455 | p->exit_code = 0; | 1459 | p->exit_code = 0; |
1456 | 1460 | ||
1457 | uid = p->uid; | 1461 | /* don't need the RCU readlock here as we're holding a spinlock */ |
1462 | uid = __task_cred(p)->uid; | ||
1458 | unlock_sig: | 1463 | unlock_sig: |
1459 | spin_unlock_irq(&p->sighand->siglock); | 1464 | spin_unlock_irq(&p->sighand->siglock); |
1460 | if (!exit_code) | 1465 | if (!exit_code) |
@@ -1528,10 +1533,10 @@ static int wait_task_continued(struct task_struct *p, int options, | |||
1528 | } | 1533 | } |
1529 | if (!unlikely(options & WNOWAIT)) | 1534 | if (!unlikely(options & WNOWAIT)) |
1530 | p->signal->flags &= ~SIGNAL_STOP_CONTINUED; | 1535 | p->signal->flags &= ~SIGNAL_STOP_CONTINUED; |
1536 | uid = __task_cred(p)->uid; | ||
1531 | spin_unlock_irq(&p->sighand->siglock); | 1537 | spin_unlock_irq(&p->sighand->siglock); |
1532 | 1538 | ||
1533 | pid = task_pid_vnr(p); | 1539 | pid = task_pid_vnr(p); |
1534 | uid = p->uid; | ||
1535 | get_task_struct(p); | 1540 | get_task_struct(p); |
1536 | read_unlock(&tasklist_lock); | 1541 | read_unlock(&tasklist_lock); |
1537 | 1542 | ||
diff --git a/kernel/fork.c b/kernel/fork.c index 2a372a0e206f..1dd89451fae4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -147,9 +147,8 @@ void __put_task_struct(struct task_struct *tsk) | |||
147 | WARN_ON(atomic_read(&tsk->usage)); | 147 | WARN_ON(atomic_read(&tsk->usage)); |
148 | WARN_ON(tsk == current); | 148 | WARN_ON(tsk == current); |
149 | 149 | ||
150 | security_task_free(tsk); | 150 | put_cred(tsk->real_cred); |
151 | free_uid(tsk->user); | 151 | put_cred(tsk->cred); |
152 | put_group_info(tsk->group_info); | ||
153 | delayacct_tsk_free(tsk); | 152 | delayacct_tsk_free(tsk); |
154 | 153 | ||
155 | if (!profile_handoff_task(tsk)) | 154 | if (!profile_handoff_task(tsk)) |
@@ -815,12 +814,6 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) | |||
815 | if (!sig) | 814 | if (!sig) |
816 | return -ENOMEM; | 815 | return -ENOMEM; |
817 | 816 | ||
818 | ret = copy_thread_group_keys(tsk); | ||
819 | if (ret < 0) { | ||
820 | kmem_cache_free(signal_cachep, sig); | ||
821 | return ret; | ||
822 | } | ||
823 | |||
824 | atomic_set(&sig->count, 1); | 817 | atomic_set(&sig->count, 1); |
825 | atomic_set(&sig->live, 1); | 818 | atomic_set(&sig->live, 1); |
826 | init_waitqueue_head(&sig->wait_chldexit); | 819 | init_waitqueue_head(&sig->wait_chldexit); |
@@ -865,7 +858,6 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) | |||
865 | void __cleanup_signal(struct signal_struct *sig) | 858 | void __cleanup_signal(struct signal_struct *sig) |
866 | { | 859 | { |
867 | thread_group_cputime_free(sig); | 860 | thread_group_cputime_free(sig); |
868 | exit_thread_group_keys(sig); | ||
869 | tty_kref_put(sig->tty); | 861 | tty_kref_put(sig->tty); |
870 | kmem_cache_free(signal_cachep, sig); | 862 | kmem_cache_free(signal_cachep, sig); |
871 | } | 863 | } |
@@ -981,16 +973,16 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
981 | DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); | 973 | DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); |
982 | #endif | 974 | #endif |
983 | retval = -EAGAIN; | 975 | retval = -EAGAIN; |
984 | if (atomic_read(&p->user->processes) >= | 976 | if (atomic_read(&p->real_cred->user->processes) >= |
985 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { | 977 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { |
986 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && | 978 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && |
987 | p->user != current->nsproxy->user_ns->root_user) | 979 | p->real_cred->user != INIT_USER) |
988 | goto bad_fork_free; | 980 | goto bad_fork_free; |
989 | } | 981 | } |
990 | 982 | ||
991 | atomic_inc(&p->user->__count); | 983 | retval = copy_creds(p, clone_flags); |
992 | atomic_inc(&p->user->processes); | 984 | if (retval < 0) |
993 | get_group_info(p->group_info); | 985 | goto bad_fork_free; |
994 | 986 | ||
995 | /* | 987 | /* |
996 | * If multiple threads are within copy_process(), then this check | 988 | * If multiple threads are within copy_process(), then this check |
@@ -1045,10 +1037,6 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
1045 | do_posix_clock_monotonic_gettime(&p->start_time); | 1037 | do_posix_clock_monotonic_gettime(&p->start_time); |
1046 | p->real_start_time = p->start_time; | 1038 | p->real_start_time = p->start_time; |
1047 | monotonic_to_bootbased(&p->real_start_time); | 1039 | monotonic_to_bootbased(&p->real_start_time); |
1048 | #ifdef CONFIG_SECURITY | ||
1049 | p->security = NULL; | ||
1050 | #endif | ||
1051 | p->cap_bset = current->cap_bset; | ||
1052 | p->io_context = NULL; | 1040 | p->io_context = NULL; |
1053 | p->audit_context = NULL; | 1041 | p->audit_context = NULL; |
1054 | cgroup_fork(p); | 1042 | cgroup_fork(p); |
@@ -1093,10 +1081,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
1093 | /* Perform scheduler related setup. Assign this task to a CPU. */ | 1081 | /* Perform scheduler related setup. Assign this task to a CPU. */ |
1094 | sched_fork(p, clone_flags); | 1082 | sched_fork(p, clone_flags); |
1095 | 1083 | ||
1096 | if ((retval = security_task_alloc(p))) | ||
1097 | goto bad_fork_cleanup_policy; | ||
1098 | if ((retval = audit_alloc(p))) | 1084 | if ((retval = audit_alloc(p))) |
1099 | goto bad_fork_cleanup_security; | 1085 | goto bad_fork_cleanup_policy; |
1100 | /* copy all the process information */ | 1086 | /* copy all the process information */ |
1101 | if ((retval = copy_semundo(clone_flags, p))) | 1087 | if ((retval = copy_semundo(clone_flags, p))) |
1102 | goto bad_fork_cleanup_audit; | 1088 | goto bad_fork_cleanup_audit; |
@@ -1110,10 +1096,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
1110 | goto bad_fork_cleanup_sighand; | 1096 | goto bad_fork_cleanup_sighand; |
1111 | if ((retval = copy_mm(clone_flags, p))) | 1097 | if ((retval = copy_mm(clone_flags, p))) |
1112 | goto bad_fork_cleanup_signal; | 1098 | goto bad_fork_cleanup_signal; |
1113 | if ((retval = copy_keys(clone_flags, p))) | ||
1114 | goto bad_fork_cleanup_mm; | ||
1115 | if ((retval = copy_namespaces(clone_flags, p))) | 1099 | if ((retval = copy_namespaces(clone_flags, p))) |
1116 | goto bad_fork_cleanup_keys; | 1100 | goto bad_fork_cleanup_mm; |
1117 | if ((retval = copy_io(clone_flags, p))) | 1101 | if ((retval = copy_io(clone_flags, p))) |
1118 | goto bad_fork_cleanup_namespaces; | 1102 | goto bad_fork_cleanup_namespaces; |
1119 | retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); | 1103 | retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); |
@@ -1278,8 +1262,6 @@ bad_fork_cleanup_io: | |||
1278 | put_io_context(p->io_context); | 1262 | put_io_context(p->io_context); |
1279 | bad_fork_cleanup_namespaces: | 1263 | bad_fork_cleanup_namespaces: |
1280 | exit_task_namespaces(p); | 1264 | exit_task_namespaces(p); |
1281 | bad_fork_cleanup_keys: | ||
1282 | exit_keys(p); | ||
1283 | bad_fork_cleanup_mm: | 1265 | bad_fork_cleanup_mm: |
1284 | if (p->mm) | 1266 | if (p->mm) |
1285 | mmput(p->mm); | 1267 | mmput(p->mm); |
@@ -1295,8 +1277,6 @@ bad_fork_cleanup_semundo: | |||
1295 | exit_sem(p); | 1277 | exit_sem(p); |
1296 | bad_fork_cleanup_audit: | 1278 | bad_fork_cleanup_audit: |
1297 | audit_free(p); | 1279 | audit_free(p); |
1298 | bad_fork_cleanup_security: | ||
1299 | security_task_free(p); | ||
1300 | bad_fork_cleanup_policy: | 1280 | bad_fork_cleanup_policy: |
1301 | #ifdef CONFIG_NUMA | 1281 | #ifdef CONFIG_NUMA |
1302 | mpol_put(p->mempolicy); | 1282 | mpol_put(p->mempolicy); |
@@ -1309,9 +1289,9 @@ bad_fork_cleanup_cgroup: | |||
1309 | bad_fork_cleanup_put_domain: | 1289 | bad_fork_cleanup_put_domain: |
1310 | module_put(task_thread_info(p)->exec_domain->module); | 1290 | module_put(task_thread_info(p)->exec_domain->module); |
1311 | bad_fork_cleanup_count: | 1291 | bad_fork_cleanup_count: |
1312 | put_group_info(p->group_info); | 1292 | atomic_dec(&p->cred->user->processes); |
1313 | atomic_dec(&p->user->processes); | 1293 | put_cred(p->real_cred); |
1314 | free_uid(p->user); | 1294 | put_cred(p->cred); |
1315 | bad_fork_free: | 1295 | bad_fork_free: |
1316 | free_task(p); | 1296 | free_task(p); |
1317 | fork_out: | 1297 | fork_out: |
@@ -1355,6 +1335,20 @@ long do_fork(unsigned long clone_flags, | |||
1355 | long nr; | 1335 | long nr; |
1356 | 1336 | ||
1357 | /* | 1337 | /* |
1338 | * Do some preliminary argument and permissions checking before we | ||
1339 | * actually start allocating stuff | ||
1340 | */ | ||
1341 | if (clone_flags & CLONE_NEWUSER) { | ||
1342 | if (clone_flags & CLONE_THREAD) | ||
1343 | return -EINVAL; | ||
1344 | /* hopefully this check will go away when userns support is | ||
1345 | * complete | ||
1346 | */ | ||
1347 | if (!capable(CAP_SYS_ADMIN)) | ||
1348 | return -EPERM; | ||
1349 | } | ||
1350 | |||
1351 | /* | ||
1358 | * We hope to recycle these flags after 2.6.26 | 1352 | * We hope to recycle these flags after 2.6.26 |
1359 | */ | 1353 | */ |
1360 | if (unlikely(clone_flags & CLONE_STOPPED)) { | 1354 | if (unlikely(clone_flags & CLONE_STOPPED)) { |
@@ -1601,8 +1595,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) | |||
1601 | err = -EINVAL; | 1595 | err = -EINVAL; |
1602 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| | 1596 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| |
1603 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| | 1597 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| |
1604 | CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER| | 1598 | CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET)) |
1605 | CLONE_NEWNET)) | ||
1606 | goto bad_unshare_out; | 1599 | goto bad_unshare_out; |
1607 | 1600 | ||
1608 | /* | 1601 | /* |
diff --git a/kernel/futex.c b/kernel/futex.c index 8af10027514b..4fe790e89d0f 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -439,13 +439,20 @@ static void free_pi_state(struct futex_pi_state *pi_state) | |||
439 | static struct task_struct * futex_find_get_task(pid_t pid) | 439 | static struct task_struct * futex_find_get_task(pid_t pid) |
440 | { | 440 | { |
441 | struct task_struct *p; | 441 | struct task_struct *p; |
442 | const struct cred *cred = current_cred(), *pcred; | ||
442 | 443 | ||
443 | rcu_read_lock(); | 444 | rcu_read_lock(); |
444 | p = find_task_by_vpid(pid); | 445 | p = find_task_by_vpid(pid); |
445 | if (!p || ((current->euid != p->euid) && (current->euid != p->uid))) | 446 | if (!p) { |
446 | p = ERR_PTR(-ESRCH); | 447 | p = ERR_PTR(-ESRCH); |
447 | else | 448 | } else { |
448 | get_task_struct(p); | 449 | pcred = __task_cred(p); |
450 | if (cred->euid != pcred->euid && | ||
451 | cred->euid != pcred->uid) | ||
452 | p = ERR_PTR(-ESRCH); | ||
453 | else | ||
454 | get_task_struct(p); | ||
455 | } | ||
449 | 456 | ||
450 | rcu_read_unlock(); | 457 | rcu_read_unlock(); |
451 | 458 | ||
@@ -1829,6 +1836,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1829 | { | 1836 | { |
1830 | struct robust_list_head __user *head; | 1837 | struct robust_list_head __user *head; |
1831 | unsigned long ret; | 1838 | unsigned long ret; |
1839 | const struct cred *cred = current_cred(), *pcred; | ||
1832 | 1840 | ||
1833 | if (!futex_cmpxchg_enabled) | 1841 | if (!futex_cmpxchg_enabled) |
1834 | return -ENOSYS; | 1842 | return -ENOSYS; |
@@ -1844,8 +1852,10 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1844 | if (!p) | 1852 | if (!p) |
1845 | goto err_unlock; | 1853 | goto err_unlock; |
1846 | ret = -EPERM; | 1854 | ret = -EPERM; |
1847 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 1855 | pcred = __task_cred(p); |
1848 | !capable(CAP_SYS_PTRACE)) | 1856 | if (cred->euid != pcred->euid && |
1857 | cred->euid != pcred->uid && | ||
1858 | !capable(CAP_SYS_PTRACE)) | ||
1849 | goto err_unlock; | 1859 | goto err_unlock; |
1850 | head = p->robust_list; | 1860 | head = p->robust_list; |
1851 | rcu_read_unlock(); | 1861 | rcu_read_unlock(); |
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index 04ac3a9e42cf..d607a5b9ee29 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c | |||
@@ -135,6 +135,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
135 | { | 135 | { |
136 | struct compat_robust_list_head __user *head; | 136 | struct compat_robust_list_head __user *head; |
137 | unsigned long ret; | 137 | unsigned long ret; |
138 | const struct cred *cred = current_cred(), *pcred; | ||
138 | 139 | ||
139 | if (!futex_cmpxchg_enabled) | 140 | if (!futex_cmpxchg_enabled) |
140 | return -ENOSYS; | 141 | return -ENOSYS; |
@@ -150,8 +151,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
150 | if (!p) | 151 | if (!p) |
151 | goto err_unlock; | 152 | goto err_unlock; |
152 | ret = -EPERM; | 153 | ret = -EPERM; |
153 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 154 | pcred = __task_cred(p); |
154 | !capable(CAP_SYS_PTRACE)) | 155 | if (cred->euid != pcred->euid && |
156 | cred->euid != pcred->uid && | ||
157 | !capable(CAP_SYS_PTRACE)) | ||
155 | goto err_unlock; | 158 | goto err_unlock; |
156 | head = p->compat_robust_list; | 159 | head = p->compat_robust_list; |
157 | read_unlock(&tasklist_lock); | 160 | read_unlock(&tasklist_lock); |
diff --git a/kernel/kmod.c b/kernel/kmod.c index 3d3c3ea3a023..b46dbb908669 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c | |||
@@ -118,10 +118,10 @@ EXPORT_SYMBOL(request_module); | |||
118 | struct subprocess_info { | 118 | struct subprocess_info { |
119 | struct work_struct work; | 119 | struct work_struct work; |
120 | struct completion *complete; | 120 | struct completion *complete; |
121 | struct cred *cred; | ||
121 | char *path; | 122 | char *path; |
122 | char **argv; | 123 | char **argv; |
123 | char **envp; | 124 | char **envp; |
124 | struct key *ring; | ||
125 | enum umh_wait wait; | 125 | enum umh_wait wait; |
126 | int retval; | 126 | int retval; |
127 | struct file *stdin; | 127 | struct file *stdin; |
@@ -134,19 +134,20 @@ struct subprocess_info { | |||
134 | static int ____call_usermodehelper(void *data) | 134 | static int ____call_usermodehelper(void *data) |
135 | { | 135 | { |
136 | struct subprocess_info *sub_info = data; | 136 | struct subprocess_info *sub_info = data; |
137 | struct key *new_session, *old_session; | ||
138 | int retval; | 137 | int retval; |
139 | 138 | ||
140 | /* Unblock all signals and set the session keyring. */ | 139 | BUG_ON(atomic_read(&sub_info->cred->usage) != 1); |
141 | new_session = key_get(sub_info->ring); | 140 | |
141 | /* Unblock all signals */ | ||
142 | spin_lock_irq(¤t->sighand->siglock); | 142 | spin_lock_irq(¤t->sighand->siglock); |
143 | old_session = __install_session_keyring(current, new_session); | ||
144 | flush_signal_handlers(current, 1); | 143 | flush_signal_handlers(current, 1); |
145 | sigemptyset(¤t->blocked); | 144 | sigemptyset(¤t->blocked); |
146 | recalc_sigpending(); | 145 | recalc_sigpending(); |
147 | spin_unlock_irq(¤t->sighand->siglock); | 146 | spin_unlock_irq(¤t->sighand->siglock); |
148 | 147 | ||
149 | key_put(old_session); | 148 | /* Install the credentials */ |
149 | commit_creds(sub_info->cred); | ||
150 | sub_info->cred = NULL; | ||
150 | 151 | ||
151 | /* Install input pipe when needed */ | 152 | /* Install input pipe when needed */ |
152 | if (sub_info->stdin) { | 153 | if (sub_info->stdin) { |
@@ -185,6 +186,8 @@ void call_usermodehelper_freeinfo(struct subprocess_info *info) | |||
185 | { | 186 | { |
186 | if (info->cleanup) | 187 | if (info->cleanup) |
187 | (*info->cleanup)(info->argv, info->envp); | 188 | (*info->cleanup)(info->argv, info->envp); |
189 | if (info->cred) | ||
190 | put_cred(info->cred); | ||
188 | kfree(info); | 191 | kfree(info); |
189 | } | 192 | } |
190 | EXPORT_SYMBOL(call_usermodehelper_freeinfo); | 193 | EXPORT_SYMBOL(call_usermodehelper_freeinfo); |
@@ -240,6 +243,8 @@ static void __call_usermodehelper(struct work_struct *work) | |||
240 | pid_t pid; | 243 | pid_t pid; |
241 | enum umh_wait wait = sub_info->wait; | 244 | enum umh_wait wait = sub_info->wait; |
242 | 245 | ||
246 | BUG_ON(atomic_read(&sub_info->cred->usage) != 1); | ||
247 | |||
243 | /* CLONE_VFORK: wait until the usermode helper has execve'd | 248 | /* CLONE_VFORK: wait until the usermode helper has execve'd |
244 | * successfully We need the data structures to stay around | 249 | * successfully We need the data structures to stay around |
245 | * until that is done. */ | 250 | * until that is done. */ |
@@ -362,6 +367,9 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, | |||
362 | sub_info->path = path; | 367 | sub_info->path = path; |
363 | sub_info->argv = argv; | 368 | sub_info->argv = argv; |
364 | sub_info->envp = envp; | 369 | sub_info->envp = envp; |
370 | sub_info->cred = prepare_usermodehelper_creds(); | ||
371 | if (!sub_info->cred) | ||
372 | return NULL; | ||
365 | 373 | ||
366 | out: | 374 | out: |
367 | return sub_info; | 375 | return sub_info; |
@@ -376,7 +384,13 @@ EXPORT_SYMBOL(call_usermodehelper_setup); | |||
376 | void call_usermodehelper_setkeys(struct subprocess_info *info, | 384 | void call_usermodehelper_setkeys(struct subprocess_info *info, |
377 | struct key *session_keyring) | 385 | struct key *session_keyring) |
378 | { | 386 | { |
379 | info->ring = session_keyring; | 387 | #ifdef CONFIG_KEYS |
388 | struct thread_group_cred *tgcred = info->cred->tgcred; | ||
389 | key_put(tgcred->session_keyring); | ||
390 | tgcred->session_keyring = key_get(session_keyring); | ||
391 | #else | ||
392 | BUG(); | ||
393 | #endif | ||
380 | } | 394 | } |
381 | EXPORT_SYMBOL(call_usermodehelper_setkeys); | 395 | EXPORT_SYMBOL(call_usermodehelper_setkeys); |
382 | 396 | ||
@@ -444,6 +458,8 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, | |||
444 | DECLARE_COMPLETION_ONSTACK(done); | 458 | DECLARE_COMPLETION_ONSTACK(done); |
445 | int retval = 0; | 459 | int retval = 0; |
446 | 460 | ||
461 | BUG_ON(atomic_read(&sub_info->cred->usage) != 1); | ||
462 | |||
447 | helper_lock(); | 463 | helper_lock(); |
448 | if (sub_info->path[0] == '\0') | 464 | if (sub_info->path[0] == '\0') |
449 | goto out; | 465 | goto out; |
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 1d3ef29a2583..63598dca2d0c 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
@@ -80,12 +80,6 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, | |||
80 | goto out_pid; | 80 | goto out_pid; |
81 | } | 81 | } |
82 | 82 | ||
83 | new_nsp->user_ns = copy_user_ns(flags, tsk->nsproxy->user_ns); | ||
84 | if (IS_ERR(new_nsp->user_ns)) { | ||
85 | err = PTR_ERR(new_nsp->user_ns); | ||
86 | goto out_user; | ||
87 | } | ||
88 | |||
89 | new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns); | 83 | new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns); |
90 | if (IS_ERR(new_nsp->net_ns)) { | 84 | if (IS_ERR(new_nsp->net_ns)) { |
91 | err = PTR_ERR(new_nsp->net_ns); | 85 | err = PTR_ERR(new_nsp->net_ns); |
@@ -95,9 +89,6 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, | |||
95 | return new_nsp; | 89 | return new_nsp; |
96 | 90 | ||
97 | out_net: | 91 | out_net: |
98 | if (new_nsp->user_ns) | ||
99 | put_user_ns(new_nsp->user_ns); | ||
100 | out_user: | ||
101 | if (new_nsp->pid_ns) | 92 | if (new_nsp->pid_ns) |
102 | put_pid_ns(new_nsp->pid_ns); | 93 | put_pid_ns(new_nsp->pid_ns); |
103 | out_pid: | 94 | out_pid: |
@@ -130,7 +121,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) | |||
130 | get_nsproxy(old_ns); | 121 | get_nsproxy(old_ns); |
131 | 122 | ||
132 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | | 123 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | |
133 | CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET))) | 124 | CLONE_NEWPID | CLONE_NEWNET))) |
134 | return 0; | 125 | return 0; |
135 | 126 | ||
136 | if (!capable(CAP_SYS_ADMIN)) { | 127 | if (!capable(CAP_SYS_ADMIN)) { |
@@ -173,8 +164,6 @@ void free_nsproxy(struct nsproxy *ns) | |||
173 | put_ipc_ns(ns->ipc_ns); | 164 | put_ipc_ns(ns->ipc_ns); |
174 | if (ns->pid_ns) | 165 | if (ns->pid_ns) |
175 | put_pid_ns(ns->pid_ns); | 166 | put_pid_ns(ns->pid_ns); |
176 | if (ns->user_ns) | ||
177 | put_user_ns(ns->user_ns); | ||
178 | put_net(ns->net_ns); | 167 | put_net(ns->net_ns); |
179 | kmem_cache_free(nsproxy_cachep, ns); | 168 | kmem_cache_free(nsproxy_cachep, ns); |
180 | } | 169 | } |
@@ -189,7 +178,7 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, | |||
189 | int err = 0; | 178 | int err = 0; |
190 | 179 | ||
191 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | | 180 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | |
192 | CLONE_NEWUSER | CLONE_NEWNET))) | 181 | CLONE_NEWNET))) |
193 | return 0; | 182 | return 0; |
194 | 183 | ||
195 | if (!capable(CAP_SYS_ADMIN)) | 184 | if (!capable(CAP_SYS_ADMIN)) |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 4c8bcd7dd8e0..ca2df68faf76 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -115,6 +115,8 @@ int ptrace_check_attach(struct task_struct *child, int kill) | |||
115 | 115 | ||
116 | int __ptrace_may_access(struct task_struct *task, unsigned int mode) | 116 | int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
117 | { | 117 | { |
118 | const struct cred *cred = current_cred(), *tcred; | ||
119 | |||
118 | /* May we inspect the given task? | 120 | /* May we inspect the given task? |
119 | * This check is used both for attaching with ptrace | 121 | * This check is used both for attaching with ptrace |
120 | * and for allowing access to sensitive information in /proc. | 122 | * and for allowing access to sensitive information in /proc. |
@@ -127,13 +129,19 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) | |||
127 | /* Don't let security modules deny introspection */ | 129 | /* Don't let security modules deny introspection */ |
128 | if (task == current) | 130 | if (task == current) |
129 | return 0; | 131 | return 0; |
130 | if (((current->uid != task->euid) || | 132 | rcu_read_lock(); |
131 | (current->uid != task->suid) || | 133 | tcred = __task_cred(task); |
132 | (current->uid != task->uid) || | 134 | if ((cred->uid != tcred->euid || |
133 | (current->gid != task->egid) || | 135 | cred->uid != tcred->suid || |
134 | (current->gid != task->sgid) || | 136 | cred->uid != tcred->uid || |
135 | (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) | 137 | cred->gid != tcred->egid || |
138 | cred->gid != tcred->sgid || | ||
139 | cred->gid != tcred->gid) && | ||
140 | !capable(CAP_SYS_PTRACE)) { | ||
141 | rcu_read_unlock(); | ||
136 | return -EPERM; | 142 | return -EPERM; |
143 | } | ||
144 | rcu_read_unlock(); | ||
137 | smp_rmb(); | 145 | smp_rmb(); |
138 | if (task->mm) | 146 | if (task->mm) |
139 | dumpable = get_dumpable(task->mm); | 147 | dumpable = get_dumpable(task->mm); |
@@ -163,6 +171,14 @@ int ptrace_attach(struct task_struct *task) | |||
163 | if (same_thread_group(task, current)) | 171 | if (same_thread_group(task, current)) |
164 | goto out; | 172 | goto out; |
165 | 173 | ||
174 | /* Protect exec's credential calculations against our interference; | ||
175 | * SUID, SGID and LSM creds get determined differently under ptrace. | ||
176 | */ | ||
177 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | ||
178 | if (retval < 0) | ||
179 | goto out; | ||
180 | |||
181 | retval = -EPERM; | ||
166 | repeat: | 182 | repeat: |
167 | /* | 183 | /* |
168 | * Nasty, nasty. | 184 | * Nasty, nasty. |
@@ -202,6 +218,7 @@ repeat: | |||
202 | bad: | 218 | bad: |
203 | write_unlock_irqrestore(&tasklist_lock, flags); | 219 | write_unlock_irqrestore(&tasklist_lock, flags); |
204 | task_unlock(task); | 220 | task_unlock(task); |
221 | mutex_unlock(¤t->cred_exec_mutex); | ||
205 | out: | 222 | out: |
206 | return retval; | 223 | return retval; |
207 | } | 224 | } |
diff --git a/kernel/sched.c b/kernel/sched.c index b7480fb5c3dc..993bc74a290c 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
@@ -345,7 +345,9 @@ static inline struct task_group *task_group(struct task_struct *p) | |||
345 | struct task_group *tg; | 345 | struct task_group *tg; |
346 | 346 | ||
347 | #ifdef CONFIG_USER_SCHED | 347 | #ifdef CONFIG_USER_SCHED |
348 | tg = p->user->tg; | 348 | rcu_read_lock(); |
349 | tg = __task_cred(p)->user->tg; | ||
350 | rcu_read_unlock(); | ||
349 | #elif defined(CONFIG_CGROUP_SCHED) | 351 | #elif defined(CONFIG_CGROUP_SCHED) |
350 | tg = container_of(task_subsys_state(p, cpu_cgroup_subsys_id), | 352 | tg = container_of(task_subsys_state(p, cpu_cgroup_subsys_id), |
351 | struct task_group, css); | 353 | struct task_group, css); |
@@ -5134,6 +5136,22 @@ __setscheduler(struct rq *rq, struct task_struct *p, int policy, int prio) | |||
5134 | set_load_weight(p); | 5136 | set_load_weight(p); |
5135 | } | 5137 | } |
5136 | 5138 | ||
5139 | /* | ||
5140 | * check the target process has a UID that matches the current process's | ||
5141 | */ | ||
5142 | static bool check_same_owner(struct task_struct *p) | ||
5143 | { | ||
5144 | const struct cred *cred = current_cred(), *pcred; | ||
5145 | bool match; | ||
5146 | |||
5147 | rcu_read_lock(); | ||
5148 | pcred = __task_cred(p); | ||
5149 | match = (cred->euid == pcred->euid || | ||
5150 | cred->euid == pcred->uid); | ||
5151 | rcu_read_unlock(); | ||
5152 | return match; | ||
5153 | } | ||
5154 | |||
5137 | static int __sched_setscheduler(struct task_struct *p, int policy, | 5155 | static int __sched_setscheduler(struct task_struct *p, int policy, |
5138 | struct sched_param *param, bool user) | 5156 | struct sched_param *param, bool user) |
5139 | { | 5157 | { |
@@ -5193,8 +5211,7 @@ recheck: | |||
5193 | return -EPERM; | 5211 | return -EPERM; |
5194 | 5212 | ||
5195 | /* can't change other user's priorities */ | 5213 | /* can't change other user's priorities */ |
5196 | if ((current->euid != p->euid) && | 5214 | if (!check_same_owner(p)) |
5197 | (current->euid != p->uid)) | ||
5198 | return -EPERM; | 5215 | return -EPERM; |
5199 | } | 5216 | } |
5200 | 5217 | ||
@@ -5426,8 +5443,7 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) | |||
5426 | read_unlock(&tasklist_lock); | 5443 | read_unlock(&tasklist_lock); |
5427 | 5444 | ||
5428 | retval = -EPERM; | 5445 | retval = -EPERM; |
5429 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 5446 | if (!check_same_owner(p) && !capable(CAP_SYS_NICE)) |
5430 | !capable(CAP_SYS_NICE)) | ||
5431 | goto out_unlock; | 5447 | goto out_unlock; |
5432 | 5448 | ||
5433 | retval = security_task_setscheduler(p, 0, NULL); | 5449 | retval = security_task_setscheduler(p, 0, NULL); |
diff --git a/kernel/signal.c b/kernel/signal.c index 4530fc654455..2a64304ed54b 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -177,6 +177,11 @@ int next_signal(struct sigpending *pending, sigset_t *mask) | |||
177 | return sig; | 177 | return sig; |
178 | } | 178 | } |
179 | 179 | ||
180 | /* | ||
181 | * allocate a new signal queue record | ||
182 | * - this may be called without locks if and only if t == current, otherwise an | ||
183 | * appopriate lock must be held to stop the target task from exiting | ||
184 | */ | ||
180 | static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, | 185 | static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, |
181 | int override_rlimit) | 186 | int override_rlimit) |
182 | { | 187 | { |
@@ -184,11 +189,12 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, | |||
184 | struct user_struct *user; | 189 | struct user_struct *user; |
185 | 190 | ||
186 | /* | 191 | /* |
187 | * In order to avoid problems with "switch_user()", we want to make | 192 | * We won't get problems with the target's UID changing under us |
188 | * sure that the compiler doesn't re-load "t->user" | 193 | * because changing it requires RCU be used, and if t != current, the |
194 | * caller must be holding the RCU readlock (by way of a spinlock) and | ||
195 | * we use RCU protection here | ||
189 | */ | 196 | */ |
190 | user = t->user; | 197 | user = get_uid(__task_cred(t)->user); |
191 | barrier(); | ||
192 | atomic_inc(&user->sigpending); | 198 | atomic_inc(&user->sigpending); |
193 | if (override_rlimit || | 199 | if (override_rlimit || |
194 | atomic_read(&user->sigpending) <= | 200 | atomic_read(&user->sigpending) <= |
@@ -196,12 +202,14 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, | |||
196 | q = kmem_cache_alloc(sigqueue_cachep, flags); | 202 | q = kmem_cache_alloc(sigqueue_cachep, flags); |
197 | if (unlikely(q == NULL)) { | 203 | if (unlikely(q == NULL)) { |
198 | atomic_dec(&user->sigpending); | 204 | atomic_dec(&user->sigpending); |
205 | free_uid(user); | ||
199 | } else { | 206 | } else { |
200 | INIT_LIST_HEAD(&q->list); | 207 | INIT_LIST_HEAD(&q->list); |
201 | q->flags = 0; | 208 | q->flags = 0; |
202 | q->user = get_uid(user); | 209 | q->user = user; |
203 | } | 210 | } |
204 | return(q); | 211 | |
212 | return q; | ||
205 | } | 213 | } |
206 | 214 | ||
207 | static void __sigqueue_free(struct sigqueue *q) | 215 | static void __sigqueue_free(struct sigqueue *q) |
@@ -562,10 +570,12 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s) | |||
562 | 570 | ||
563 | /* | 571 | /* |
564 | * Bad permissions for sending the signal | 572 | * Bad permissions for sending the signal |
573 | * - the caller must hold at least the RCU read lock | ||
565 | */ | 574 | */ |
566 | static int check_kill_permission(int sig, struct siginfo *info, | 575 | static int check_kill_permission(int sig, struct siginfo *info, |
567 | struct task_struct *t) | 576 | struct task_struct *t) |
568 | { | 577 | { |
578 | const struct cred *cred = current_cred(), *tcred; | ||
569 | struct pid *sid; | 579 | struct pid *sid; |
570 | int error; | 580 | int error; |
571 | 581 | ||
@@ -579,8 +589,11 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
579 | if (error) | 589 | if (error) |
580 | return error; | 590 | return error; |
581 | 591 | ||
582 | if ((current->euid ^ t->suid) && (current->euid ^ t->uid) && | 592 | tcred = __task_cred(t); |
583 | (current->uid ^ t->suid) && (current->uid ^ t->uid) && | 593 | if ((cred->euid ^ tcred->suid) && |
594 | (cred->euid ^ tcred->uid) && | ||
595 | (cred->uid ^ tcred->suid) && | ||
596 | (cred->uid ^ tcred->uid) && | ||
584 | !capable(CAP_KILL)) { | 597 | !capable(CAP_KILL)) { |
585 | switch (sig) { | 598 | switch (sig) { |
586 | case SIGCONT: | 599 | case SIGCONT: |
@@ -844,7 +857,7 @@ static int send_signal(int sig, struct siginfo *info, struct task_struct *t, | |||
844 | q->info.si_errno = 0; | 857 | q->info.si_errno = 0; |
845 | q->info.si_code = SI_USER; | 858 | q->info.si_code = SI_USER; |
846 | q->info.si_pid = task_pid_vnr(current); | 859 | q->info.si_pid = task_pid_vnr(current); |
847 | q->info.si_uid = current->uid; | 860 | q->info.si_uid = current_uid(); |
848 | break; | 861 | break; |
849 | case (unsigned long) SEND_SIG_PRIV: | 862 | case (unsigned long) SEND_SIG_PRIV: |
850 | q->info.si_signo = sig; | 863 | q->info.si_signo = sig; |
@@ -1008,6 +1021,10 @@ struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long | |||
1008 | return sighand; | 1021 | return sighand; |
1009 | } | 1022 | } |
1010 | 1023 | ||
1024 | /* | ||
1025 | * send signal info to all the members of a group | ||
1026 | * - the caller must hold the RCU read lock at least | ||
1027 | */ | ||
1011 | int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) | 1028 | int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) |
1012 | { | 1029 | { |
1013 | unsigned long flags; | 1030 | unsigned long flags; |
@@ -1029,8 +1046,8 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) | |||
1029 | /* | 1046 | /* |
1030 | * __kill_pgrp_info() sends a signal to a process group: this is what the tty | 1047 | * __kill_pgrp_info() sends a signal to a process group: this is what the tty |
1031 | * control characters do (^C, ^Z etc) | 1048 | * control characters do (^C, ^Z etc) |
1049 | * - the caller must hold at least a readlock on tasklist_lock | ||
1032 | */ | 1050 | */ |
1033 | |||
1034 | int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp) | 1051 | int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp) |
1035 | { | 1052 | { |
1036 | struct task_struct *p = NULL; | 1053 | struct task_struct *p = NULL; |
@@ -1086,6 +1103,7 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid, | |||
1086 | { | 1103 | { |
1087 | int ret = -EINVAL; | 1104 | int ret = -EINVAL; |
1088 | struct task_struct *p; | 1105 | struct task_struct *p; |
1106 | const struct cred *pcred; | ||
1089 | 1107 | ||
1090 | if (!valid_signal(sig)) | 1108 | if (!valid_signal(sig)) |
1091 | return ret; | 1109 | return ret; |
@@ -1096,9 +1114,11 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid, | |||
1096 | ret = -ESRCH; | 1114 | ret = -ESRCH; |
1097 | goto out_unlock; | 1115 | goto out_unlock; |
1098 | } | 1116 | } |
1099 | if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) | 1117 | pcred = __task_cred(p); |
1100 | && (euid != p->suid) && (euid != p->uid) | 1118 | if ((info == SEND_SIG_NOINFO || |
1101 | && (uid != p->suid) && (uid != p->uid)) { | 1119 | (!is_si_special(info) && SI_FROMUSER(info))) && |
1120 | euid != pcred->suid && euid != pcred->uid && | ||
1121 | uid != pcred->suid && uid != pcred->uid) { | ||
1102 | ret = -EPERM; | 1122 | ret = -EPERM; |
1103 | goto out_unlock; | 1123 | goto out_unlock; |
1104 | } | 1124 | } |
@@ -1369,10 +1389,9 @@ int do_notify_parent(struct task_struct *tsk, int sig) | |||
1369 | */ | 1389 | */ |
1370 | rcu_read_lock(); | 1390 | rcu_read_lock(); |
1371 | info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); | 1391 | info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); |
1392 | info.si_uid = __task_cred(tsk)->uid; | ||
1372 | rcu_read_unlock(); | 1393 | rcu_read_unlock(); |
1373 | 1394 | ||
1374 | info.si_uid = tsk->uid; | ||
1375 | |||
1376 | thread_group_cputime(tsk, &cputime); | 1395 | thread_group_cputime(tsk, &cputime); |
1377 | info.si_utime = cputime_to_jiffies(cputime.utime); | 1396 | info.si_utime = cputime_to_jiffies(cputime.utime); |
1378 | info.si_stime = cputime_to_jiffies(cputime.stime); | 1397 | info.si_stime = cputime_to_jiffies(cputime.stime); |
@@ -1440,10 +1459,9 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, int why) | |||
1440 | */ | 1459 | */ |
1441 | rcu_read_lock(); | 1460 | rcu_read_lock(); |
1442 | info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); | 1461 | info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); |
1462 | info.si_uid = __task_cred(tsk)->uid; | ||
1443 | rcu_read_unlock(); | 1463 | rcu_read_unlock(); |
1444 | 1464 | ||
1445 | info.si_uid = tsk->uid; | ||
1446 | |||
1447 | info.si_utime = cputime_to_clock_t(tsk->utime); | 1465 | info.si_utime = cputime_to_clock_t(tsk->utime); |
1448 | info.si_stime = cputime_to_clock_t(tsk->stime); | 1466 | info.si_stime = cputime_to_clock_t(tsk->stime); |
1449 | 1467 | ||
@@ -1598,7 +1616,7 @@ void ptrace_notify(int exit_code) | |||
1598 | info.si_signo = SIGTRAP; | 1616 | info.si_signo = SIGTRAP; |
1599 | info.si_code = exit_code; | 1617 | info.si_code = exit_code; |
1600 | info.si_pid = task_pid_vnr(current); | 1618 | info.si_pid = task_pid_vnr(current); |
1601 | info.si_uid = current->uid; | 1619 | info.si_uid = current_uid(); |
1602 | 1620 | ||
1603 | /* Let the debugger run. */ | 1621 | /* Let the debugger run. */ |
1604 | spin_lock_irq(¤t->sighand->siglock); | 1622 | spin_lock_irq(¤t->sighand->siglock); |
@@ -1710,7 +1728,7 @@ static int ptrace_signal(int signr, siginfo_t *info, | |||
1710 | info->si_errno = 0; | 1728 | info->si_errno = 0; |
1711 | info->si_code = SI_USER; | 1729 | info->si_code = SI_USER; |
1712 | info->si_pid = task_pid_vnr(current->parent); | 1730 | info->si_pid = task_pid_vnr(current->parent); |
1713 | info->si_uid = current->parent->uid; | 1731 | info->si_uid = task_uid(current->parent); |
1714 | } | 1732 | } |
1715 | 1733 | ||
1716 | /* If the (new) signal is now blocked, requeue it. */ | 1734 | /* If the (new) signal is now blocked, requeue it. */ |
@@ -2211,7 +2229,7 @@ sys_kill(pid_t pid, int sig) | |||
2211 | info.si_errno = 0; | 2229 | info.si_errno = 0; |
2212 | info.si_code = SI_USER; | 2230 | info.si_code = SI_USER; |
2213 | info.si_pid = task_tgid_vnr(current); | 2231 | info.si_pid = task_tgid_vnr(current); |
2214 | info.si_uid = current->uid; | 2232 | info.si_uid = current_uid(); |
2215 | 2233 | ||
2216 | return kill_something_info(sig, &info, pid); | 2234 | return kill_something_info(sig, &info, pid); |
2217 | } | 2235 | } |
@@ -2228,7 +2246,7 @@ static int do_tkill(pid_t tgid, pid_t pid, int sig) | |||
2228 | info.si_errno = 0; | 2246 | info.si_errno = 0; |
2229 | info.si_code = SI_TKILL; | 2247 | info.si_code = SI_TKILL; |
2230 | info.si_pid = task_tgid_vnr(current); | 2248 | info.si_pid = task_tgid_vnr(current); |
2231 | info.si_uid = current->uid; | 2249 | info.si_uid = current_uid(); |
2232 | 2250 | ||
2233 | rcu_read_lock(); | 2251 | rcu_read_lock(); |
2234 | p = find_task_by_vpid(pid); | 2252 | p = find_task_by_vpid(pid); |
diff --git a/kernel/sys.c b/kernel/sys.c index 31deba8f7d16..ebe65c2c9873 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -112,12 +112,17 @@ EXPORT_SYMBOL(cad_pid); | |||
112 | 112 | ||
113 | void (*pm_power_off_prepare)(void); | 113 | void (*pm_power_off_prepare)(void); |
114 | 114 | ||
115 | /* | ||
116 | * set the priority of a task | ||
117 | * - the caller must hold the RCU read lock | ||
118 | */ | ||
115 | static int set_one_prio(struct task_struct *p, int niceval, int error) | 119 | static int set_one_prio(struct task_struct *p, int niceval, int error) |
116 | { | 120 | { |
121 | const struct cred *cred = current_cred(), *pcred = __task_cred(p); | ||
117 | int no_nice; | 122 | int no_nice; |
118 | 123 | ||
119 | if (p->uid != current->euid && | 124 | if (pcred->uid != cred->euid && |
120 | p->euid != current->euid && !capable(CAP_SYS_NICE)) { | 125 | pcred->euid != cred->euid && !capable(CAP_SYS_NICE)) { |
121 | error = -EPERM; | 126 | error = -EPERM; |
122 | goto out; | 127 | goto out; |
123 | } | 128 | } |
@@ -141,6 +146,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) | |||
141 | { | 146 | { |
142 | struct task_struct *g, *p; | 147 | struct task_struct *g, *p; |
143 | struct user_struct *user; | 148 | struct user_struct *user; |
149 | const struct cred *cred = current_cred(); | ||
144 | int error = -EINVAL; | 150 | int error = -EINVAL; |
145 | struct pid *pgrp; | 151 | struct pid *pgrp; |
146 | 152 | ||
@@ -174,18 +180,18 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) | |||
174 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 180 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
175 | break; | 181 | break; |
176 | case PRIO_USER: | 182 | case PRIO_USER: |
177 | user = current->user; | 183 | user = (struct user_struct *) cred->user; |
178 | if (!who) | 184 | if (!who) |
179 | who = current->uid; | 185 | who = cred->uid; |
180 | else | 186 | else if ((who != cred->uid) && |
181 | if ((who != current->uid) && !(user = find_user(who))) | 187 | !(user = find_user(who))) |
182 | goto out_unlock; /* No processes for this user */ | 188 | goto out_unlock; /* No processes for this user */ |
183 | 189 | ||
184 | do_each_thread(g, p) | 190 | do_each_thread(g, p) |
185 | if (p->uid == who) | 191 | if (__task_cred(p)->uid == who) |
186 | error = set_one_prio(p, niceval, error); | 192 | error = set_one_prio(p, niceval, error); |
187 | while_each_thread(g, p); | 193 | while_each_thread(g, p); |
188 | if (who != current->uid) | 194 | if (who != cred->uid) |
189 | free_uid(user); /* For find_user() */ | 195 | free_uid(user); /* For find_user() */ |
190 | break; | 196 | break; |
191 | } | 197 | } |
@@ -205,6 +211,7 @@ asmlinkage long sys_getpriority(int which, int who) | |||
205 | { | 211 | { |
206 | struct task_struct *g, *p; | 212 | struct task_struct *g, *p; |
207 | struct user_struct *user; | 213 | struct user_struct *user; |
214 | const struct cred *cred = current_cred(); | ||
208 | long niceval, retval = -ESRCH; | 215 | long niceval, retval = -ESRCH; |
209 | struct pid *pgrp; | 216 | struct pid *pgrp; |
210 | 217 | ||
@@ -236,21 +243,21 @@ asmlinkage long sys_getpriority(int which, int who) | |||
236 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 243 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
237 | break; | 244 | break; |
238 | case PRIO_USER: | 245 | case PRIO_USER: |
239 | user = current->user; | 246 | user = (struct user_struct *) cred->user; |
240 | if (!who) | 247 | if (!who) |
241 | who = current->uid; | 248 | who = cred->uid; |
242 | else | 249 | else if ((who != cred->uid) && |
243 | if ((who != current->uid) && !(user = find_user(who))) | 250 | !(user = find_user(who))) |
244 | goto out_unlock; /* No processes for this user */ | 251 | goto out_unlock; /* No processes for this user */ |
245 | 252 | ||
246 | do_each_thread(g, p) | 253 | do_each_thread(g, p) |
247 | if (p->uid == who) { | 254 | if (__task_cred(p)->uid == who) { |
248 | niceval = 20 - task_nice(p); | 255 | niceval = 20 - task_nice(p); |
249 | if (niceval > retval) | 256 | if (niceval > retval) |
250 | retval = niceval; | 257 | retval = niceval; |
251 | } | 258 | } |
252 | while_each_thread(g, p); | 259 | while_each_thread(g, p); |
253 | if (who != current->uid) | 260 | if (who != cred->uid) |
254 | free_uid(user); /* for find_user() */ | 261 | free_uid(user); /* for find_user() */ |
255 | break; | 262 | break; |
256 | } | 263 | } |
@@ -472,46 +479,48 @@ void ctrl_alt_del(void) | |||
472 | */ | 479 | */ |
473 | asmlinkage long sys_setregid(gid_t rgid, gid_t egid) | 480 | asmlinkage long sys_setregid(gid_t rgid, gid_t egid) |
474 | { | 481 | { |
475 | int old_rgid = current->gid; | 482 | const struct cred *old; |
476 | int old_egid = current->egid; | 483 | struct cred *new; |
477 | int new_rgid = old_rgid; | ||
478 | int new_egid = old_egid; | ||
479 | int retval; | 484 | int retval; |
480 | 485 | ||
486 | new = prepare_creds(); | ||
487 | if (!new) | ||
488 | return -ENOMEM; | ||
489 | old = current_cred(); | ||
490 | |||
481 | retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); | 491 | retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); |
482 | if (retval) | 492 | if (retval) |
483 | return retval; | 493 | goto error; |
484 | 494 | ||
495 | retval = -EPERM; | ||
485 | if (rgid != (gid_t) -1) { | 496 | if (rgid != (gid_t) -1) { |
486 | if ((old_rgid == rgid) || | 497 | if (old->gid == rgid || |
487 | (current->egid==rgid) || | 498 | old->egid == rgid || |
488 | capable(CAP_SETGID)) | 499 | capable(CAP_SETGID)) |
489 | new_rgid = rgid; | 500 | new->gid = rgid; |
490 | else | 501 | else |
491 | return -EPERM; | 502 | goto error; |
492 | } | 503 | } |
493 | if (egid != (gid_t) -1) { | 504 | if (egid != (gid_t) -1) { |
494 | if ((old_rgid == egid) || | 505 | if (old->gid == egid || |
495 | (current->egid == egid) || | 506 | old->egid == egid || |
496 | (current->sgid == egid) || | 507 | old->sgid == egid || |
497 | capable(CAP_SETGID)) | 508 | capable(CAP_SETGID)) |
498 | new_egid = egid; | 509 | new->egid = egid; |
499 | else | 510 | else |
500 | return -EPERM; | 511 | goto error; |
501 | } | ||
502 | if (new_egid != old_egid) { | ||
503 | set_dumpable(current->mm, suid_dumpable); | ||
504 | smp_wmb(); | ||
505 | } | 512 | } |
513 | |||
506 | if (rgid != (gid_t) -1 || | 514 | if (rgid != (gid_t) -1 || |
507 | (egid != (gid_t) -1 && egid != old_rgid)) | 515 | (egid != (gid_t) -1 && egid != old->gid)) |
508 | current->sgid = new_egid; | 516 | new->sgid = new->egid; |
509 | current->fsgid = new_egid; | 517 | new->fsgid = new->egid; |
510 | current->egid = new_egid; | 518 | |
511 | current->gid = new_rgid; | 519 | return commit_creds(new); |
512 | key_fsgid_changed(current); | 520 | |
513 | proc_id_connector(current, PROC_EVENT_GID); | 521 | error: |
514 | return 0; | 522 | abort_creds(new); |
523 | return retval; | ||
515 | } | 524 | } |
516 | 525 | ||
517 | /* | 526 | /* |
@@ -521,56 +530,54 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid) | |||
521 | */ | 530 | */ |
522 | asmlinkage long sys_setgid(gid_t gid) | 531 | asmlinkage long sys_setgid(gid_t gid) |
523 | { | 532 | { |
524 | int old_egid = current->egid; | 533 | const struct cred *old; |
534 | struct cred *new; | ||
525 | int retval; | 535 | int retval; |
526 | 536 | ||
537 | new = prepare_creds(); | ||
538 | if (!new) | ||
539 | return -ENOMEM; | ||
540 | old = current_cred(); | ||
541 | |||
527 | retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); | 542 | retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); |
528 | if (retval) | 543 | if (retval) |
529 | return retval; | 544 | goto error; |
530 | 545 | ||
531 | if (capable(CAP_SETGID)) { | 546 | retval = -EPERM; |
532 | if (old_egid != gid) { | 547 | if (capable(CAP_SETGID)) |
533 | set_dumpable(current->mm, suid_dumpable); | 548 | new->gid = new->egid = new->sgid = new->fsgid = gid; |
534 | smp_wmb(); | 549 | else if (gid == old->gid || gid == old->sgid) |
535 | } | 550 | new->egid = new->fsgid = gid; |
536 | current->gid = current->egid = current->sgid = current->fsgid = gid; | ||
537 | } else if ((gid == current->gid) || (gid == current->sgid)) { | ||
538 | if (old_egid != gid) { | ||
539 | set_dumpable(current->mm, suid_dumpable); | ||
540 | smp_wmb(); | ||
541 | } | ||
542 | current->egid = current->fsgid = gid; | ||
543 | } | ||
544 | else | 551 | else |
545 | return -EPERM; | 552 | goto error; |
546 | 553 | ||
547 | key_fsgid_changed(current); | 554 | return commit_creds(new); |
548 | proc_id_connector(current, PROC_EVENT_GID); | 555 | |
549 | return 0; | 556 | error: |
557 | abort_creds(new); | ||
558 | return retval; | ||
550 | } | 559 | } |
551 | 560 | ||
552 | static int set_user(uid_t new_ruid, int dumpclear) | 561 | /* |
562 | * change the user struct in a credentials set to match the new UID | ||
563 | */ | ||
564 | static int set_user(struct cred *new) | ||
553 | { | 565 | { |
554 | struct user_struct *new_user; | 566 | struct user_struct *new_user; |
555 | 567 | ||
556 | new_user = alloc_uid(current->nsproxy->user_ns, new_ruid); | 568 | new_user = alloc_uid(current_user_ns(), new->uid); |
557 | if (!new_user) | 569 | if (!new_user) |
558 | return -EAGAIN; | 570 | return -EAGAIN; |
559 | 571 | ||
560 | if (atomic_read(&new_user->processes) >= | 572 | if (atomic_read(&new_user->processes) >= |
561 | current->signal->rlim[RLIMIT_NPROC].rlim_cur && | 573 | current->signal->rlim[RLIMIT_NPROC].rlim_cur && |
562 | new_user != current->nsproxy->user_ns->root_user) { | 574 | new_user != INIT_USER) { |
563 | free_uid(new_user); | 575 | free_uid(new_user); |
564 | return -EAGAIN; | 576 | return -EAGAIN; |
565 | } | 577 | } |
566 | 578 | ||
567 | switch_uid(new_user); | 579 | free_uid(new->user); |
568 | 580 | new->user = new_user; | |
569 | if (dumpclear) { | ||
570 | set_dumpable(current->mm, suid_dumpable); | ||
571 | smp_wmb(); | ||
572 | } | ||
573 | current->uid = new_ruid; | ||
574 | return 0; | 581 | return 0; |
575 | } | 582 | } |
576 | 583 | ||
@@ -591,54 +598,56 @@ static int set_user(uid_t new_ruid, int dumpclear) | |||
591 | */ | 598 | */ |
592 | asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) | 599 | asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) |
593 | { | 600 | { |
594 | int old_ruid, old_euid, old_suid, new_ruid, new_euid; | 601 | const struct cred *old; |
602 | struct cred *new; | ||
595 | int retval; | 603 | int retval; |
596 | 604 | ||
605 | new = prepare_creds(); | ||
606 | if (!new) | ||
607 | return -ENOMEM; | ||
608 | old = current_cred(); | ||
609 | |||
597 | retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); | 610 | retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); |
598 | if (retval) | 611 | if (retval) |
599 | return retval; | 612 | goto error; |
600 | |||
601 | new_ruid = old_ruid = current->uid; | ||
602 | new_euid = old_euid = current->euid; | ||
603 | old_suid = current->suid; | ||
604 | 613 | ||
614 | retval = -EPERM; | ||
605 | if (ruid != (uid_t) -1) { | 615 | if (ruid != (uid_t) -1) { |
606 | new_ruid = ruid; | 616 | new->uid = ruid; |
607 | if ((old_ruid != ruid) && | 617 | if (old->uid != ruid && |
608 | (current->euid != ruid) && | 618 | old->euid != ruid && |
609 | !capable(CAP_SETUID)) | 619 | !capable(CAP_SETUID)) |
610 | return -EPERM; | 620 | goto error; |
611 | } | 621 | } |
612 | 622 | ||
613 | if (euid != (uid_t) -1) { | 623 | if (euid != (uid_t) -1) { |
614 | new_euid = euid; | 624 | new->euid = euid; |
615 | if ((old_ruid != euid) && | 625 | if (old->uid != euid && |
616 | (current->euid != euid) && | 626 | old->euid != euid && |
617 | (current->suid != euid) && | 627 | old->suid != euid && |
618 | !capable(CAP_SETUID)) | 628 | !capable(CAP_SETUID)) |
619 | return -EPERM; | 629 | goto error; |
620 | } | 630 | } |
621 | 631 | ||
622 | if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0) | 632 | retval = -EAGAIN; |
623 | return -EAGAIN; | 633 | if (new->uid != old->uid && set_user(new) < 0) |
634 | goto error; | ||
624 | 635 | ||
625 | if (new_euid != old_euid) { | ||
626 | set_dumpable(current->mm, suid_dumpable); | ||
627 | smp_wmb(); | ||
628 | } | ||
629 | current->fsuid = current->euid = new_euid; | ||
630 | if (ruid != (uid_t) -1 || | 636 | if (ruid != (uid_t) -1 || |
631 | (euid != (uid_t) -1 && euid != old_ruid)) | 637 | (euid != (uid_t) -1 && euid != old->uid)) |
632 | current->suid = current->euid; | 638 | new->suid = new->euid; |
633 | current->fsuid = current->euid; | 639 | new->fsuid = new->euid; |
634 | 640 | ||
635 | key_fsuid_changed(current); | 641 | retval = security_task_fix_setuid(new, old, LSM_SETID_RE); |
636 | proc_id_connector(current, PROC_EVENT_UID); | 642 | if (retval < 0) |
637 | 643 | goto error; | |
638 | return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); | ||
639 | } | ||
640 | 644 | ||
645 | return commit_creds(new); | ||
641 | 646 | ||
647 | error: | ||
648 | abort_creds(new); | ||
649 | return retval; | ||
650 | } | ||
642 | 651 | ||
643 | /* | 652 | /* |
644 | * setuid() is implemented like SysV with SAVED_IDS | 653 | * setuid() is implemented like SysV with SAVED_IDS |
@@ -653,36 +662,41 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) | |||
653 | */ | 662 | */ |
654 | asmlinkage long sys_setuid(uid_t uid) | 663 | asmlinkage long sys_setuid(uid_t uid) |
655 | { | 664 | { |
656 | int old_euid = current->euid; | 665 | const struct cred *old; |
657 | int old_ruid, old_suid, new_suid; | 666 | struct cred *new; |
658 | int retval; | 667 | int retval; |
659 | 668 | ||
669 | new = prepare_creds(); | ||
670 | if (!new) | ||
671 | return -ENOMEM; | ||
672 | old = current_cred(); | ||
673 | |||
660 | retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); | 674 | retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); |
661 | if (retval) | 675 | if (retval) |
662 | return retval; | 676 | goto error; |
663 | 677 | ||
664 | old_ruid = current->uid; | 678 | retval = -EPERM; |
665 | old_suid = current->suid; | ||
666 | new_suid = old_suid; | ||
667 | |||
668 | if (capable(CAP_SETUID)) { | 679 | if (capable(CAP_SETUID)) { |
669 | if (uid != old_ruid && set_user(uid, old_euid != uid) < 0) | 680 | new->suid = new->uid = uid; |
670 | return -EAGAIN; | 681 | if (uid != old->uid && set_user(new) < 0) { |
671 | new_suid = uid; | 682 | retval = -EAGAIN; |
672 | } else if ((uid != current->uid) && (uid != new_suid)) | 683 | goto error; |
673 | return -EPERM; | 684 | } |
674 | 685 | } else if (uid != old->uid && uid != new->suid) { | |
675 | if (old_euid != uid) { | 686 | goto error; |
676 | set_dumpable(current->mm, suid_dumpable); | ||
677 | smp_wmb(); | ||
678 | } | 687 | } |
679 | current->fsuid = current->euid = uid; | ||
680 | current->suid = new_suid; | ||
681 | 688 | ||
682 | key_fsuid_changed(current); | 689 | new->fsuid = new->euid = uid; |
683 | proc_id_connector(current, PROC_EVENT_UID); | 690 | |
691 | retval = security_task_fix_setuid(new, old, LSM_SETID_ID); | ||
692 | if (retval < 0) | ||
693 | goto error; | ||
684 | 694 | ||
685 | return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); | 695 | return commit_creds(new); |
696 | |||
697 | error: | ||
698 | abort_creds(new); | ||
699 | return retval; | ||
686 | } | 700 | } |
687 | 701 | ||
688 | 702 | ||
@@ -692,54 +706,63 @@ asmlinkage long sys_setuid(uid_t uid) | |||
692 | */ | 706 | */ |
693 | asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) | 707 | asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) |
694 | { | 708 | { |
695 | int old_ruid = current->uid; | 709 | const struct cred *old; |
696 | int old_euid = current->euid; | 710 | struct cred *new; |
697 | int old_suid = current->suid; | ||
698 | int retval; | 711 | int retval; |
699 | 712 | ||
713 | new = prepare_creds(); | ||
714 | if (!new) | ||
715 | return -ENOMEM; | ||
716 | |||
700 | retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); | 717 | retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); |
701 | if (retval) | 718 | if (retval) |
702 | return retval; | 719 | goto error; |
720 | old = current_cred(); | ||
703 | 721 | ||
722 | retval = -EPERM; | ||
704 | if (!capable(CAP_SETUID)) { | 723 | if (!capable(CAP_SETUID)) { |
705 | if ((ruid != (uid_t) -1) && (ruid != current->uid) && | 724 | if (ruid != (uid_t) -1 && ruid != old->uid && |
706 | (ruid != current->euid) && (ruid != current->suid)) | 725 | ruid != old->euid && ruid != old->suid) |
707 | return -EPERM; | 726 | goto error; |
708 | if ((euid != (uid_t) -1) && (euid != current->uid) && | 727 | if (euid != (uid_t) -1 && euid != old->uid && |
709 | (euid != current->euid) && (euid != current->suid)) | 728 | euid != old->euid && euid != old->suid) |
710 | return -EPERM; | 729 | goto error; |
711 | if ((suid != (uid_t) -1) && (suid != current->uid) && | 730 | if (suid != (uid_t) -1 && suid != old->uid && |
712 | (suid != current->euid) && (suid != current->suid)) | 731 | suid != old->euid && suid != old->suid) |
713 | return -EPERM; | 732 | goto error; |
714 | } | 733 | } |
734 | |||
735 | retval = -EAGAIN; | ||
715 | if (ruid != (uid_t) -1) { | 736 | if (ruid != (uid_t) -1) { |
716 | if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0) | 737 | new->uid = ruid; |
717 | return -EAGAIN; | 738 | if (ruid != old->uid && set_user(new) < 0) |
739 | goto error; | ||
718 | } | 740 | } |
719 | if (euid != (uid_t) -1) { | 741 | if (euid != (uid_t) -1) |
720 | if (euid != current->euid) { | 742 | new->euid = euid; |
721 | set_dumpable(current->mm, suid_dumpable); | ||
722 | smp_wmb(); | ||
723 | } | ||
724 | current->euid = euid; | ||
725 | } | ||
726 | current->fsuid = current->euid; | ||
727 | if (suid != (uid_t) -1) | 743 | if (suid != (uid_t) -1) |
728 | current->suid = suid; | 744 | new->suid = suid; |
745 | new->fsuid = new->euid; | ||
746 | |||
747 | retval = security_task_fix_setuid(new, old, LSM_SETID_RES); | ||
748 | if (retval < 0) | ||
749 | goto error; | ||
729 | 750 | ||
730 | key_fsuid_changed(current); | 751 | return commit_creds(new); |
731 | proc_id_connector(current, PROC_EVENT_UID); | ||
732 | 752 | ||
733 | return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); | 753 | error: |
754 | abort_creds(new); | ||
755 | return retval; | ||
734 | } | 756 | } |
735 | 757 | ||
736 | asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) | 758 | asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) |
737 | { | 759 | { |
760 | const struct cred *cred = current_cred(); | ||
738 | int retval; | 761 | int retval; |
739 | 762 | ||
740 | if (!(retval = put_user(current->uid, ruid)) && | 763 | if (!(retval = put_user(cred->uid, ruid)) && |
741 | !(retval = put_user(current->euid, euid))) | 764 | !(retval = put_user(cred->euid, euid))) |
742 | retval = put_user(current->suid, suid); | 765 | retval = put_user(cred->suid, suid); |
743 | 766 | ||
744 | return retval; | 767 | return retval; |
745 | } | 768 | } |
@@ -749,48 +772,55 @@ asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __us | |||
749 | */ | 772 | */ |
750 | asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) | 773 | asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) |
751 | { | 774 | { |
775 | const struct cred *old; | ||
776 | struct cred *new; | ||
752 | int retval; | 777 | int retval; |
753 | 778 | ||
779 | new = prepare_creds(); | ||
780 | if (!new) | ||
781 | return -ENOMEM; | ||
782 | old = current_cred(); | ||
783 | |||
754 | retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); | 784 | retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); |
755 | if (retval) | 785 | if (retval) |
756 | return retval; | 786 | goto error; |
757 | 787 | ||
788 | retval = -EPERM; | ||
758 | if (!capable(CAP_SETGID)) { | 789 | if (!capable(CAP_SETGID)) { |
759 | if ((rgid != (gid_t) -1) && (rgid != current->gid) && | 790 | if (rgid != (gid_t) -1 && rgid != old->gid && |
760 | (rgid != current->egid) && (rgid != current->sgid)) | 791 | rgid != old->egid && rgid != old->sgid) |
761 | return -EPERM; | 792 | goto error; |
762 | if ((egid != (gid_t) -1) && (egid != current->gid) && | 793 | if (egid != (gid_t) -1 && egid != old->gid && |
763 | (egid != current->egid) && (egid != current->sgid)) | 794 | egid != old->egid && egid != old->sgid) |
764 | return -EPERM; | 795 | goto error; |
765 | if ((sgid != (gid_t) -1) && (sgid != current->gid) && | 796 | if (sgid != (gid_t) -1 && sgid != old->gid && |
766 | (sgid != current->egid) && (sgid != current->sgid)) | 797 | sgid != old->egid && sgid != old->sgid) |
767 | return -EPERM; | 798 | goto error; |
768 | } | 799 | } |
769 | if (egid != (gid_t) -1) { | 800 | |
770 | if (egid != current->egid) { | ||
771 | set_dumpable(current->mm, suid_dumpable); | ||
772 | smp_wmb(); | ||
773 | } | ||
774 | current->egid = egid; | ||
775 | } | ||
776 | current->fsgid = current->egid; | ||
777 | if (rgid != (gid_t) -1) | 801 | if (rgid != (gid_t) -1) |
778 | current->gid = rgid; | 802 | new->gid = rgid; |
803 | if (egid != (gid_t) -1) | ||
804 | new->egid = egid; | ||
779 | if (sgid != (gid_t) -1) | 805 | if (sgid != (gid_t) -1) |
780 | current->sgid = sgid; | 806 | new->sgid = sgid; |
807 | new->fsgid = new->egid; | ||
781 | 808 | ||
782 | key_fsgid_changed(current); | 809 | return commit_creds(new); |
783 | proc_id_connector(current, PROC_EVENT_GID); | 810 | |
784 | return 0; | 811 | error: |
812 | abort_creds(new); | ||
813 | return retval; | ||
785 | } | 814 | } |
786 | 815 | ||
787 | asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) | 816 | asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) |
788 | { | 817 | { |
818 | const struct cred *cred = current_cred(); | ||
789 | int retval; | 819 | int retval; |
790 | 820 | ||
791 | if (!(retval = put_user(current->gid, rgid)) && | 821 | if (!(retval = put_user(cred->gid, rgid)) && |
792 | !(retval = put_user(current->egid, egid))) | 822 | !(retval = put_user(cred->egid, egid))) |
793 | retval = put_user(current->sgid, sgid); | 823 | retval = put_user(cred->sgid, sgid); |
794 | 824 | ||
795 | return retval; | 825 | return retval; |
796 | } | 826 | } |
@@ -804,27 +834,35 @@ asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __us | |||
804 | */ | 834 | */ |
805 | asmlinkage long sys_setfsuid(uid_t uid) | 835 | asmlinkage long sys_setfsuid(uid_t uid) |
806 | { | 836 | { |
807 | int old_fsuid; | 837 | const struct cred *old; |
838 | struct cred *new; | ||
839 | uid_t old_fsuid; | ||
808 | 840 | ||
809 | old_fsuid = current->fsuid; | 841 | new = prepare_creds(); |
810 | if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)) | 842 | if (!new) |
811 | return old_fsuid; | 843 | return current_fsuid(); |
844 | old = current_cred(); | ||
845 | old_fsuid = old->fsuid; | ||
812 | 846 | ||
813 | if (uid == current->uid || uid == current->euid || | 847 | if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) |
814 | uid == current->suid || uid == current->fsuid || | 848 | goto error; |
849 | |||
850 | if (uid == old->uid || uid == old->euid || | ||
851 | uid == old->suid || uid == old->fsuid || | ||
815 | capable(CAP_SETUID)) { | 852 | capable(CAP_SETUID)) { |
816 | if (uid != old_fsuid) { | 853 | if (uid != old_fsuid) { |
817 | set_dumpable(current->mm, suid_dumpable); | 854 | new->fsuid = uid; |
818 | smp_wmb(); | 855 | if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) |
856 | goto change_okay; | ||
819 | } | 857 | } |
820 | current->fsuid = uid; | ||
821 | } | 858 | } |
822 | 859 | ||
823 | key_fsuid_changed(current); | 860 | error: |
824 | proc_id_connector(current, PROC_EVENT_UID); | 861 | abort_creds(new); |
825 | 862 | return old_fsuid; | |
826 | security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); | ||
827 | 863 | ||
864 | change_okay: | ||
865 | commit_creds(new); | ||
828 | return old_fsuid; | 866 | return old_fsuid; |
829 | } | 867 | } |
830 | 868 | ||
@@ -833,23 +871,34 @@ asmlinkage long sys_setfsuid(uid_t uid) | |||
833 | */ | 871 | */ |
834 | asmlinkage long sys_setfsgid(gid_t gid) | 872 | asmlinkage long sys_setfsgid(gid_t gid) |
835 | { | 873 | { |
836 | int old_fsgid; | 874 | const struct cred *old; |
875 | struct cred *new; | ||
876 | gid_t old_fsgid; | ||
877 | |||
878 | new = prepare_creds(); | ||
879 | if (!new) | ||
880 | return current_fsgid(); | ||
881 | old = current_cred(); | ||
882 | old_fsgid = old->fsgid; | ||
837 | 883 | ||
838 | old_fsgid = current->fsgid; | ||
839 | if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) | 884 | if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) |
840 | return old_fsgid; | 885 | goto error; |
841 | 886 | ||
842 | if (gid == current->gid || gid == current->egid || | 887 | if (gid == old->gid || gid == old->egid || |
843 | gid == current->sgid || gid == current->fsgid || | 888 | gid == old->sgid || gid == old->fsgid || |
844 | capable(CAP_SETGID)) { | 889 | capable(CAP_SETGID)) { |
845 | if (gid != old_fsgid) { | 890 | if (gid != old_fsgid) { |
846 | set_dumpable(current->mm, suid_dumpable); | 891 | new->fsgid = gid; |
847 | smp_wmb(); | 892 | goto change_okay; |
848 | } | 893 | } |
849 | current->fsgid = gid; | ||
850 | key_fsgid_changed(current); | ||
851 | proc_id_connector(current, PROC_EVENT_GID); | ||
852 | } | 894 | } |
895 | |||
896 | error: | ||
897 | abort_creds(new); | ||
898 | return old_fsgid; | ||
899 | |||
900 | change_okay: | ||
901 | commit_creds(new); | ||
853 | return old_fsgid; | 902 | return old_fsgid; |
854 | } | 903 | } |
855 | 904 | ||
@@ -1118,7 +1167,7 @@ EXPORT_SYMBOL(groups_free); | |||
1118 | 1167 | ||
1119 | /* export the group_info to a user-space array */ | 1168 | /* export the group_info to a user-space array */ |
1120 | static int groups_to_user(gid_t __user *grouplist, | 1169 | static int groups_to_user(gid_t __user *grouplist, |
1121 | struct group_info *group_info) | 1170 | const struct group_info *group_info) |
1122 | { | 1171 | { |
1123 | int i; | 1172 | int i; |
1124 | unsigned int count = group_info->ngroups; | 1173 | unsigned int count = group_info->ngroups; |
@@ -1186,7 +1235,7 @@ static void groups_sort(struct group_info *group_info) | |||
1186 | } | 1235 | } |
1187 | 1236 | ||
1188 | /* a simple bsearch */ | 1237 | /* a simple bsearch */ |
1189 | int groups_search(struct group_info *group_info, gid_t grp) | 1238 | int groups_search(const struct group_info *group_info, gid_t grp) |
1190 | { | 1239 | { |
1191 | unsigned int left, right; | 1240 | unsigned int left, right; |
1192 | 1241 | ||
@@ -1208,51 +1257,74 @@ int groups_search(struct group_info *group_info, gid_t grp) | |||
1208 | return 0; | 1257 | return 0; |
1209 | } | 1258 | } |
1210 | 1259 | ||
1211 | /* validate and set current->group_info */ | 1260 | /** |
1212 | int set_current_groups(struct group_info *group_info) | 1261 | * set_groups - Change a group subscription in a set of credentials |
1262 | * @new: The newly prepared set of credentials to alter | ||
1263 | * @group_info: The group list to install | ||
1264 | * | ||
1265 | * Validate a group subscription and, if valid, insert it into a set | ||
1266 | * of credentials. | ||
1267 | */ | ||
1268 | int set_groups(struct cred *new, struct group_info *group_info) | ||
1213 | { | 1269 | { |
1214 | int retval; | 1270 | int retval; |
1215 | struct group_info *old_info; | ||
1216 | 1271 | ||
1217 | retval = security_task_setgroups(group_info); | 1272 | retval = security_task_setgroups(group_info); |
1218 | if (retval) | 1273 | if (retval) |
1219 | return retval; | 1274 | return retval; |
1220 | 1275 | ||
1276 | put_group_info(new->group_info); | ||
1221 | groups_sort(group_info); | 1277 | groups_sort(group_info); |
1222 | get_group_info(group_info); | 1278 | get_group_info(group_info); |
1279 | new->group_info = group_info; | ||
1280 | return 0; | ||
1281 | } | ||
1282 | |||
1283 | EXPORT_SYMBOL(set_groups); | ||
1223 | 1284 | ||
1224 | task_lock(current); | 1285 | /** |
1225 | old_info = current->group_info; | 1286 | * set_current_groups - Change current's group subscription |
1226 | current->group_info = group_info; | 1287 | * @group_info: The group list to impose |
1227 | task_unlock(current); | 1288 | * |
1289 | * Validate a group subscription and, if valid, impose it upon current's task | ||
1290 | * security record. | ||
1291 | */ | ||
1292 | int set_current_groups(struct group_info *group_info) | ||
1293 | { | ||
1294 | struct cred *new; | ||
1295 | int ret; | ||
1228 | 1296 | ||
1229 | put_group_info(old_info); | 1297 | new = prepare_creds(); |
1298 | if (!new) | ||
1299 | return -ENOMEM; | ||
1230 | 1300 | ||
1231 | return 0; | 1301 | ret = set_groups(new, group_info); |
1302 | if (ret < 0) { | ||
1303 | abort_creds(new); | ||
1304 | return ret; | ||
1305 | } | ||
1306 | |||
1307 | return commit_creds(new); | ||
1232 | } | 1308 | } |
1233 | 1309 | ||
1234 | EXPORT_SYMBOL(set_current_groups); | 1310 | EXPORT_SYMBOL(set_current_groups); |
1235 | 1311 | ||
1236 | asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) | 1312 | asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) |
1237 | { | 1313 | { |
1238 | int i = 0; | 1314 | const struct cred *cred = current_cred(); |
1239 | 1315 | int i; | |
1240 | /* | ||
1241 | * SMP: Nobody else can change our grouplist. Thus we are | ||
1242 | * safe. | ||
1243 | */ | ||
1244 | 1316 | ||
1245 | if (gidsetsize < 0) | 1317 | if (gidsetsize < 0) |
1246 | return -EINVAL; | 1318 | return -EINVAL; |
1247 | 1319 | ||
1248 | /* no need to grab task_lock here; it cannot change */ | 1320 | /* no need to grab task_lock here; it cannot change */ |
1249 | i = current->group_info->ngroups; | 1321 | i = cred->group_info->ngroups; |
1250 | if (gidsetsize) { | 1322 | if (gidsetsize) { |
1251 | if (i > gidsetsize) { | 1323 | if (i > gidsetsize) { |
1252 | i = -EINVAL; | 1324 | i = -EINVAL; |
1253 | goto out; | 1325 | goto out; |
1254 | } | 1326 | } |
1255 | if (groups_to_user(grouplist, current->group_info)) { | 1327 | if (groups_to_user(grouplist, cred->group_info)) { |
1256 | i = -EFAULT; | 1328 | i = -EFAULT; |
1257 | goto out; | 1329 | goto out; |
1258 | } | 1330 | } |
@@ -1296,9 +1368,11 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist) | |||
1296 | */ | 1368 | */ |
1297 | int in_group_p(gid_t grp) | 1369 | int in_group_p(gid_t grp) |
1298 | { | 1370 | { |
1371 | const struct cred *cred = current_cred(); | ||
1299 | int retval = 1; | 1372 | int retval = 1; |
1300 | if (grp != current->fsgid) | 1373 | |
1301 | retval = groups_search(current->group_info, grp); | 1374 | if (grp != cred->fsgid) |
1375 | retval = groups_search(cred->group_info, grp); | ||
1302 | return retval; | 1376 | return retval; |
1303 | } | 1377 | } |
1304 | 1378 | ||
@@ -1306,9 +1380,11 @@ EXPORT_SYMBOL(in_group_p); | |||
1306 | 1380 | ||
1307 | int in_egroup_p(gid_t grp) | 1381 | int in_egroup_p(gid_t grp) |
1308 | { | 1382 | { |
1383 | const struct cred *cred = current_cred(); | ||
1309 | int retval = 1; | 1384 | int retval = 1; |
1310 | if (grp != current->egid) | 1385 | |
1311 | retval = groups_search(current->group_info, grp); | 1386 | if (grp != cred->egid) |
1387 | retval = groups_search(cred->group_info, grp); | ||
1312 | return retval; | 1388 | return retval; |
1313 | } | 1389 | } |
1314 | 1390 | ||
@@ -1624,50 +1700,56 @@ asmlinkage long sys_umask(int mask) | |||
1624 | asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, | 1700 | asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, |
1625 | unsigned long arg4, unsigned long arg5) | 1701 | unsigned long arg4, unsigned long arg5) |
1626 | { | 1702 | { |
1627 | long error = 0; | 1703 | struct task_struct *me = current; |
1704 | unsigned char comm[sizeof(me->comm)]; | ||
1705 | long error; | ||
1628 | 1706 | ||
1629 | if (security_task_prctl(option, arg2, arg3, arg4, arg5, &error)) | 1707 | error = security_task_prctl(option, arg2, arg3, arg4, arg5); |
1708 | if (error != -ENOSYS) | ||
1630 | return error; | 1709 | return error; |
1631 | 1710 | ||
1711 | error = 0; | ||
1632 | switch (option) { | 1712 | switch (option) { |
1633 | case PR_SET_PDEATHSIG: | 1713 | case PR_SET_PDEATHSIG: |
1634 | if (!valid_signal(arg2)) { | 1714 | if (!valid_signal(arg2)) { |
1635 | error = -EINVAL; | 1715 | error = -EINVAL; |
1636 | break; | 1716 | break; |
1637 | } | 1717 | } |
1638 | current->pdeath_signal = arg2; | 1718 | me->pdeath_signal = arg2; |
1719 | error = 0; | ||
1639 | break; | 1720 | break; |
1640 | case PR_GET_PDEATHSIG: | 1721 | case PR_GET_PDEATHSIG: |
1641 | error = put_user(current->pdeath_signal, (int __user *)arg2); | 1722 | error = put_user(me->pdeath_signal, (int __user *)arg2); |
1642 | break; | 1723 | break; |
1643 | case PR_GET_DUMPABLE: | 1724 | case PR_GET_DUMPABLE: |
1644 | error = get_dumpable(current->mm); | 1725 | error = get_dumpable(me->mm); |
1645 | break; | 1726 | break; |
1646 | case PR_SET_DUMPABLE: | 1727 | case PR_SET_DUMPABLE: |
1647 | if (arg2 < 0 || arg2 > 1) { | 1728 | if (arg2 < 0 || arg2 > 1) { |
1648 | error = -EINVAL; | 1729 | error = -EINVAL; |
1649 | break; | 1730 | break; |
1650 | } | 1731 | } |
1651 | set_dumpable(current->mm, arg2); | 1732 | set_dumpable(me->mm, arg2); |
1733 | error = 0; | ||
1652 | break; | 1734 | break; |
1653 | 1735 | ||
1654 | case PR_SET_UNALIGN: | 1736 | case PR_SET_UNALIGN: |
1655 | error = SET_UNALIGN_CTL(current, arg2); | 1737 | error = SET_UNALIGN_CTL(me, arg2); |
1656 | break; | 1738 | break; |
1657 | case PR_GET_UNALIGN: | 1739 | case PR_GET_UNALIGN: |
1658 | error = GET_UNALIGN_CTL(current, arg2); | 1740 | error = GET_UNALIGN_CTL(me, arg2); |
1659 | break; | 1741 | break; |
1660 | case PR_SET_FPEMU: | 1742 | case PR_SET_FPEMU: |
1661 | error = SET_FPEMU_CTL(current, arg2); | 1743 | error = SET_FPEMU_CTL(me, arg2); |
1662 | break; | 1744 | break; |
1663 | case PR_GET_FPEMU: | 1745 | case PR_GET_FPEMU: |
1664 | error = GET_FPEMU_CTL(current, arg2); | 1746 | error = GET_FPEMU_CTL(me, arg2); |
1665 | break; | 1747 | break; |
1666 | case PR_SET_FPEXC: | 1748 | case PR_SET_FPEXC: |
1667 | error = SET_FPEXC_CTL(current, arg2); | 1749 | error = SET_FPEXC_CTL(me, arg2); |
1668 | break; | 1750 | break; |
1669 | case PR_GET_FPEXC: | 1751 | case PR_GET_FPEXC: |
1670 | error = GET_FPEXC_CTL(current, arg2); | 1752 | error = GET_FPEXC_CTL(me, arg2); |
1671 | break; | 1753 | break; |
1672 | case PR_GET_TIMING: | 1754 | case PR_GET_TIMING: |
1673 | error = PR_TIMING_STATISTICAL; | 1755 | error = PR_TIMING_STATISTICAL; |
@@ -1675,33 +1757,28 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
1675 | case PR_SET_TIMING: | 1757 | case PR_SET_TIMING: |
1676 | if (arg2 != PR_TIMING_STATISTICAL) | 1758 | if (arg2 != PR_TIMING_STATISTICAL) |
1677 | error = -EINVAL; | 1759 | error = -EINVAL; |
1760 | else | ||
1761 | error = 0; | ||
1678 | break; | 1762 | break; |
1679 | 1763 | ||
1680 | case PR_SET_NAME: { | 1764 | case PR_SET_NAME: |
1681 | struct task_struct *me = current; | 1765 | comm[sizeof(me->comm)-1] = 0; |
1682 | unsigned char ncomm[sizeof(me->comm)]; | 1766 | if (strncpy_from_user(comm, (char __user *)arg2, |
1683 | 1767 | sizeof(me->comm) - 1) < 0) | |
1684 | ncomm[sizeof(me->comm)-1] = 0; | ||
1685 | if (strncpy_from_user(ncomm, (char __user *)arg2, | ||
1686 | sizeof(me->comm)-1) < 0) | ||
1687 | return -EFAULT; | 1768 | return -EFAULT; |
1688 | set_task_comm(me, ncomm); | 1769 | set_task_comm(me, comm); |
1689 | return 0; | 1770 | return 0; |
1690 | } | 1771 | case PR_GET_NAME: |
1691 | case PR_GET_NAME: { | 1772 | get_task_comm(comm, me); |
1692 | struct task_struct *me = current; | 1773 | if (copy_to_user((char __user *)arg2, comm, |
1693 | unsigned char tcomm[sizeof(me->comm)]; | 1774 | sizeof(comm))) |
1694 | |||
1695 | get_task_comm(tcomm, me); | ||
1696 | if (copy_to_user((char __user *)arg2, tcomm, sizeof(tcomm))) | ||
1697 | return -EFAULT; | 1775 | return -EFAULT; |
1698 | return 0; | 1776 | return 0; |
1699 | } | ||
1700 | case PR_GET_ENDIAN: | 1777 | case PR_GET_ENDIAN: |
1701 | error = GET_ENDIAN(current, arg2); | 1778 | error = GET_ENDIAN(me, arg2); |
1702 | break; | 1779 | break; |
1703 | case PR_SET_ENDIAN: | 1780 | case PR_SET_ENDIAN: |
1704 | error = SET_ENDIAN(current, arg2); | 1781 | error = SET_ENDIAN(me, arg2); |
1705 | break; | 1782 | break; |
1706 | 1783 | ||
1707 | case PR_GET_SECCOMP: | 1784 | case PR_GET_SECCOMP: |
@@ -1725,6 +1802,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
1725 | current->default_timer_slack_ns; | 1802 | current->default_timer_slack_ns; |
1726 | else | 1803 | else |
1727 | current->timer_slack_ns = arg2; | 1804 | current->timer_slack_ns = arg2; |
1805 | error = 0; | ||
1728 | break; | 1806 | break; |
1729 | default: | 1807 | default: |
1730 | error = -EINVAL; | 1808 | error = -EINVAL; |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 3d56fe7570da..9d52b57310af 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -1651,7 +1651,7 @@ out: | |||
1651 | 1651 | ||
1652 | static int test_perm(int mode, int op) | 1652 | static int test_perm(int mode, int op) |
1653 | { | 1653 | { |
1654 | if (!current->euid) | 1654 | if (!current_euid()) |
1655 | mode >>= 6; | 1655 | mode >>= 6; |
1656 | else if (in_egroup_p(0)) | 1656 | else if (in_egroup_p(0)) |
1657 | mode >>= 3; | 1657 | mode >>= 3; |
diff --git a/kernel/timer.c b/kernel/timer.c index dbd50fabe4c7..566257d1dc10 100644 --- a/kernel/timer.c +++ b/kernel/timer.c | |||
@@ -1192,25 +1192,25 @@ asmlinkage long sys_getppid(void) | |||
1192 | asmlinkage long sys_getuid(void) | 1192 | asmlinkage long sys_getuid(void) |
1193 | { | 1193 | { |
1194 | /* Only we change this so SMP safe */ | 1194 | /* Only we change this so SMP safe */ |
1195 | return current->uid; | 1195 | return current_uid(); |
1196 | } | 1196 | } |
1197 | 1197 | ||
1198 | asmlinkage long sys_geteuid(void) | 1198 | asmlinkage long sys_geteuid(void) |
1199 | { | 1199 | { |
1200 | /* Only we change this so SMP safe */ | 1200 | /* Only we change this so SMP safe */ |
1201 | return current->euid; | 1201 | return current_euid(); |
1202 | } | 1202 | } |
1203 | 1203 | ||
1204 | asmlinkage long sys_getgid(void) | 1204 | asmlinkage long sys_getgid(void) |
1205 | { | 1205 | { |
1206 | /* Only we change this so SMP safe */ | 1206 | /* Only we change this so SMP safe */ |
1207 | return current->gid; | 1207 | return current_gid(); |
1208 | } | 1208 | } |
1209 | 1209 | ||
1210 | asmlinkage long sys_getegid(void) | 1210 | asmlinkage long sys_getegid(void) |
1211 | { | 1211 | { |
1212 | /* Only we change this so SMP safe */ | 1212 | /* Only we change this so SMP safe */ |
1213 | return current->egid; | 1213 | return current_egid(); |
1214 | } | 1214 | } |
1215 | 1215 | ||
1216 | #endif | 1216 | #endif |
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index d86e3252f300..1ee9e4e454a0 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c | |||
@@ -246,7 +246,7 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu) | |||
246 | 246 | ||
247 | memcpy(data->comm, tsk->comm, TASK_COMM_LEN); | 247 | memcpy(data->comm, tsk->comm, TASK_COMM_LEN); |
248 | data->pid = tsk->pid; | 248 | data->pid = tsk->pid; |
249 | data->uid = tsk->uid; | 249 | data->uid = task_uid(tsk); |
250 | data->nice = tsk->static_prio - 20 - MAX_RT_PRIO; | 250 | data->nice = tsk->static_prio - 20 - MAX_RT_PRIO; |
251 | data->policy = tsk->policy; | 251 | data->policy = tsk->policy; |
252 | data->rt_priority = tsk->rt_priority; | 252 | data->rt_priority = tsk->rt_priority; |
diff --git a/kernel/tsacct.c b/kernel/tsacct.c index 8ebcd8532dfb..2dc06ab35716 100644 --- a/kernel/tsacct.c +++ b/kernel/tsacct.c | |||
@@ -27,6 +27,7 @@ | |||
27 | */ | 27 | */ |
28 | void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk) | 28 | void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk) |
29 | { | 29 | { |
30 | const struct cred *tcred; | ||
30 | struct timespec uptime, ts; | 31 | struct timespec uptime, ts; |
31 | u64 ac_etime; | 32 | u64 ac_etime; |
32 | 33 | ||
@@ -53,10 +54,11 @@ void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk) | |||
53 | stats->ac_flag |= AXSIG; | 54 | stats->ac_flag |= AXSIG; |
54 | stats->ac_nice = task_nice(tsk); | 55 | stats->ac_nice = task_nice(tsk); |
55 | stats->ac_sched = tsk->policy; | 56 | stats->ac_sched = tsk->policy; |
56 | stats->ac_uid = tsk->uid; | ||
57 | stats->ac_gid = tsk->gid; | ||
58 | stats->ac_pid = tsk->pid; | 57 | stats->ac_pid = tsk->pid; |
59 | rcu_read_lock(); | 58 | rcu_read_lock(); |
59 | tcred = __task_cred(tsk); | ||
60 | stats->ac_uid = tcred->uid; | ||
61 | stats->ac_gid = tcred->gid; | ||
60 | stats->ac_ppid = pid_alive(tsk) ? | 62 | stats->ac_ppid = pid_alive(tsk) ? |
61 | rcu_dereference(tsk->real_parent)->tgid : 0; | 63 | rcu_dereference(tsk->real_parent)->tgid : 0; |
62 | rcu_read_unlock(); | 64 | rcu_read_unlock(); |
diff --git a/kernel/uid16.c b/kernel/uid16.c index 3e41c1673e2f..2460c3199b5a 100644 --- a/kernel/uid16.c +++ b/kernel/uid16.c | |||
@@ -84,11 +84,12 @@ asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) | |||
84 | 84 | ||
85 | asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) | 85 | asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) |
86 | { | 86 | { |
87 | const struct cred *cred = current_cred(); | ||
87 | int retval; | 88 | int retval; |
88 | 89 | ||
89 | if (!(retval = put_user(high2lowuid(current->uid), ruid)) && | 90 | if (!(retval = put_user(high2lowuid(cred->uid), ruid)) && |
90 | !(retval = put_user(high2lowuid(current->euid), euid))) | 91 | !(retval = put_user(high2lowuid(cred->euid), euid))) |
91 | retval = put_user(high2lowuid(current->suid), suid); | 92 | retval = put_user(high2lowuid(cred->suid), suid); |
92 | 93 | ||
93 | return retval; | 94 | return retval; |
94 | } | 95 | } |
@@ -104,11 +105,12 @@ asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid) | |||
104 | 105 | ||
105 | asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) | 106 | asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) |
106 | { | 107 | { |
108 | const struct cred *cred = current_cred(); | ||
107 | int retval; | 109 | int retval; |
108 | 110 | ||
109 | if (!(retval = put_user(high2lowgid(current->gid), rgid)) && | 111 | if (!(retval = put_user(high2lowgid(cred->gid), rgid)) && |
110 | !(retval = put_user(high2lowgid(current->egid), egid))) | 112 | !(retval = put_user(high2lowgid(cred->egid), egid))) |
111 | retval = put_user(high2lowgid(current->sgid), sgid); | 113 | retval = put_user(high2lowgid(cred->sgid), sgid); |
112 | 114 | ||
113 | return retval; | 115 | return retval; |
114 | } | 116 | } |
@@ -161,25 +163,24 @@ static int groups16_from_user(struct group_info *group_info, | |||
161 | 163 | ||
162 | asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) | 164 | asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) |
163 | { | 165 | { |
164 | int i = 0; | 166 | const struct cred *cred = current_cred(); |
167 | int i; | ||
165 | 168 | ||
166 | if (gidsetsize < 0) | 169 | if (gidsetsize < 0) |
167 | return -EINVAL; | 170 | return -EINVAL; |
168 | 171 | ||
169 | get_group_info(current->group_info); | 172 | i = cred->group_info->ngroups; |
170 | i = current->group_info->ngroups; | ||
171 | if (gidsetsize) { | 173 | if (gidsetsize) { |
172 | if (i > gidsetsize) { | 174 | if (i > gidsetsize) { |
173 | i = -EINVAL; | 175 | i = -EINVAL; |
174 | goto out; | 176 | goto out; |
175 | } | 177 | } |
176 | if (groups16_to_user(grouplist, current->group_info)) { | 178 | if (groups16_to_user(grouplist, cred->group_info)) { |
177 | i = -EFAULT; | 179 | i = -EFAULT; |
178 | goto out; | 180 | goto out; |
179 | } | 181 | } |
180 | } | 182 | } |
181 | out: | 183 | out: |
182 | put_group_info(current->group_info); | ||
183 | return i; | 184 | return i; |
184 | } | 185 | } |
185 | 186 | ||
@@ -210,20 +211,20 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) | |||
210 | 211 | ||
211 | asmlinkage long sys_getuid16(void) | 212 | asmlinkage long sys_getuid16(void) |
212 | { | 213 | { |
213 | return high2lowuid(current->uid); | 214 | return high2lowuid(current_uid()); |
214 | } | 215 | } |
215 | 216 | ||
216 | asmlinkage long sys_geteuid16(void) | 217 | asmlinkage long sys_geteuid16(void) |
217 | { | 218 | { |
218 | return high2lowuid(current->euid); | 219 | return high2lowuid(current_euid()); |
219 | } | 220 | } |
220 | 221 | ||
221 | asmlinkage long sys_getgid16(void) | 222 | asmlinkage long sys_getgid16(void) |
222 | { | 223 | { |
223 | return high2lowgid(current->gid); | 224 | return high2lowgid(current_gid()); |
224 | } | 225 | } |
225 | 226 | ||
226 | asmlinkage long sys_getegid16(void) | 227 | asmlinkage long sys_getegid16(void) |
227 | { | 228 | { |
228 | return high2lowgid(current->egid); | 229 | return high2lowgid(current_egid()); |
229 | } | 230 | } |
diff --git a/kernel/user.c b/kernel/user.c index 39d6159fae43..97202cb29adc 100644 --- a/kernel/user.c +++ b/kernel/user.c | |||
@@ -16,12 +16,13 @@ | |||
16 | #include <linux/interrupt.h> | 16 | #include <linux/interrupt.h> |
17 | #include <linux/module.h> | 17 | #include <linux/module.h> |
18 | #include <linux/user_namespace.h> | 18 | #include <linux/user_namespace.h> |
19 | #include "cred-internals.h" | ||
19 | 20 | ||
20 | struct user_namespace init_user_ns = { | 21 | struct user_namespace init_user_ns = { |
21 | .kref = { | 22 | .kref = { |
22 | .refcount = ATOMIC_INIT(2), | 23 | .refcount = ATOMIC_INIT(1), |
23 | }, | 24 | }, |
24 | .root_user = &root_user, | 25 | .creator = &root_user, |
25 | }; | 26 | }; |
26 | EXPORT_SYMBOL_GPL(init_user_ns); | 27 | EXPORT_SYMBOL_GPL(init_user_ns); |
27 | 28 | ||
@@ -47,12 +48,14 @@ static struct kmem_cache *uid_cachep; | |||
47 | */ | 48 | */ |
48 | static DEFINE_SPINLOCK(uidhash_lock); | 49 | static DEFINE_SPINLOCK(uidhash_lock); |
49 | 50 | ||
51 | /* root_user.__count is 2, 1 for init task cred, 1 for init_user_ns->creator */ | ||
50 | struct user_struct root_user = { | 52 | struct user_struct root_user = { |
51 | .__count = ATOMIC_INIT(1), | 53 | .__count = ATOMIC_INIT(2), |
52 | .processes = ATOMIC_INIT(1), | 54 | .processes = ATOMIC_INIT(1), |
53 | .files = ATOMIC_INIT(0), | 55 | .files = ATOMIC_INIT(0), |
54 | .sigpending = ATOMIC_INIT(0), | 56 | .sigpending = ATOMIC_INIT(0), |
55 | .locked_shm = 0, | 57 | .locked_shm = 0, |
58 | .user_ns = &init_user_ns, | ||
56 | #ifdef CONFIG_USER_SCHED | 59 | #ifdef CONFIG_USER_SCHED |
57 | .tg = &init_task_group, | 60 | .tg = &init_task_group, |
58 | #endif | 61 | #endif |
@@ -104,16 +107,10 @@ static int sched_create_user(struct user_struct *up) | |||
104 | return rc; | 107 | return rc; |
105 | } | 108 | } |
106 | 109 | ||
107 | static void sched_switch_user(struct task_struct *p) | ||
108 | { | ||
109 | sched_move_task(p); | ||
110 | } | ||
111 | |||
112 | #else /* CONFIG_USER_SCHED */ | 110 | #else /* CONFIG_USER_SCHED */ |
113 | 111 | ||
114 | static void sched_destroy_user(struct user_struct *up) { } | 112 | static void sched_destroy_user(struct user_struct *up) { } |
115 | static int sched_create_user(struct user_struct *up) { return 0; } | 113 | static int sched_create_user(struct user_struct *up) { return 0; } |
116 | static void sched_switch_user(struct task_struct *p) { } | ||
117 | 114 | ||
118 | #endif /* CONFIG_USER_SCHED */ | 115 | #endif /* CONFIG_USER_SCHED */ |
119 | 116 | ||
@@ -319,12 +316,13 @@ done: | |||
319 | * IRQ state (as stored in flags) is restored and uidhash_lock released | 316 | * IRQ state (as stored in flags) is restored and uidhash_lock released |
320 | * upon function exit. | 317 | * upon function exit. |
321 | */ | 318 | */ |
322 | static inline void free_user(struct user_struct *up, unsigned long flags) | 319 | static void free_user(struct user_struct *up, unsigned long flags) |
323 | { | 320 | { |
324 | /* restore back the count */ | 321 | /* restore back the count */ |
325 | atomic_inc(&up->__count); | 322 | atomic_inc(&up->__count); |
326 | spin_unlock_irqrestore(&uidhash_lock, flags); | 323 | spin_unlock_irqrestore(&uidhash_lock, flags); |
327 | 324 | ||
325 | put_user_ns(up->user_ns); | ||
328 | INIT_WORK(&up->work, remove_user_sysfs_dir); | 326 | INIT_WORK(&up->work, remove_user_sysfs_dir); |
329 | schedule_work(&up->work); | 327 | schedule_work(&up->work); |
330 | } | 328 | } |
@@ -340,13 +338,14 @@ static inline void uids_mutex_unlock(void) { } | |||
340 | * IRQ state (as stored in flags) is restored and uidhash_lock released | 338 | * IRQ state (as stored in flags) is restored and uidhash_lock released |
341 | * upon function exit. | 339 | * upon function exit. |
342 | */ | 340 | */ |
343 | static inline void free_user(struct user_struct *up, unsigned long flags) | 341 | static void free_user(struct user_struct *up, unsigned long flags) |
344 | { | 342 | { |
345 | uid_hash_remove(up); | 343 | uid_hash_remove(up); |
346 | spin_unlock_irqrestore(&uidhash_lock, flags); | 344 | spin_unlock_irqrestore(&uidhash_lock, flags); |
347 | sched_destroy_user(up); | 345 | sched_destroy_user(up); |
348 | key_put(up->uid_keyring); | 346 | key_put(up->uid_keyring); |
349 | key_put(up->session_keyring); | 347 | key_put(up->session_keyring); |
348 | put_user_ns(up->user_ns); | ||
350 | kmem_cache_free(uid_cachep, up); | 349 | kmem_cache_free(uid_cachep, up); |
351 | } | 350 | } |
352 | 351 | ||
@@ -362,7 +361,7 @@ struct user_struct *find_user(uid_t uid) | |||
362 | { | 361 | { |
363 | struct user_struct *ret; | 362 | struct user_struct *ret; |
364 | unsigned long flags; | 363 | unsigned long flags; |
365 | struct user_namespace *ns = current->nsproxy->user_ns; | 364 | struct user_namespace *ns = current_user_ns(); |
366 | 365 | ||
367 | spin_lock_irqsave(&uidhash_lock, flags); | 366 | spin_lock_irqsave(&uidhash_lock, flags); |
368 | ret = uid_hash_find(uid, uidhashentry(ns, uid)); | 367 | ret = uid_hash_find(uid, uidhashentry(ns, uid)); |
@@ -409,6 +408,8 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid) | |||
409 | if (sched_create_user(new) < 0) | 408 | if (sched_create_user(new) < 0) |
410 | goto out_free_user; | 409 | goto out_free_user; |
411 | 410 | ||
411 | new->user_ns = get_user_ns(ns); | ||
412 | |||
412 | if (uids_user_create(new)) | 413 | if (uids_user_create(new)) |
413 | goto out_destoy_sched; | 414 | goto out_destoy_sched; |
414 | 415 | ||
@@ -432,7 +433,6 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid) | |||
432 | up = new; | 433 | up = new; |
433 | } | 434 | } |
434 | spin_unlock_irq(&uidhash_lock); | 435 | spin_unlock_irq(&uidhash_lock); |
435 | |||
436 | } | 436 | } |
437 | 437 | ||
438 | uids_mutex_unlock(); | 438 | uids_mutex_unlock(); |
@@ -441,6 +441,7 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid) | |||
441 | 441 | ||
442 | out_destoy_sched: | 442 | out_destoy_sched: |
443 | sched_destroy_user(new); | 443 | sched_destroy_user(new); |
444 | put_user_ns(new->user_ns); | ||
444 | out_free_user: | 445 | out_free_user: |
445 | kmem_cache_free(uid_cachep, new); | 446 | kmem_cache_free(uid_cachep, new); |
446 | out_unlock: | 447 | out_unlock: |
@@ -448,63 +449,6 @@ out_unlock: | |||
448 | return NULL; | 449 | return NULL; |
449 | } | 450 | } |
450 | 451 | ||
451 | void switch_uid(struct user_struct *new_user) | ||
452 | { | ||
453 | struct user_struct *old_user; | ||
454 | |||
455 | /* What if a process setreuid()'s and this brings the | ||
456 | * new uid over his NPROC rlimit? We can check this now | ||
457 | * cheaply with the new uid cache, so if it matters | ||
458 | * we should be checking for it. -DaveM | ||
459 | */ | ||
460 | old_user = current->user; | ||
461 | atomic_inc(&new_user->processes); | ||
462 | atomic_dec(&old_user->processes); | ||
463 | switch_uid_keyring(new_user); | ||
464 | current->user = new_user; | ||
465 | sched_switch_user(current); | ||
466 | |||
467 | /* | ||
468 | * We need to synchronize with __sigqueue_alloc() | ||
469 | * doing a get_uid(p->user).. If that saw the old | ||
470 | * user value, we need to wait until it has exited | ||
471 | * its critical region before we can free the old | ||
472 | * structure. | ||
473 | */ | ||
474 | smp_mb(); | ||
475 | spin_unlock_wait(¤t->sighand->siglock); | ||
476 | |||
477 | free_uid(old_user); | ||
478 | suid_keys(current); | ||
479 | } | ||
480 | |||
481 | #ifdef CONFIG_USER_NS | ||
482 | void release_uids(struct user_namespace *ns) | ||
483 | { | ||
484 | int i; | ||
485 | unsigned long flags; | ||
486 | struct hlist_head *head; | ||
487 | struct hlist_node *nd; | ||
488 | |||
489 | spin_lock_irqsave(&uidhash_lock, flags); | ||
490 | /* | ||
491 | * collapse the chains so that the user_struct-s will | ||
492 | * be still alive, but not in hashes. subsequent free_uid() | ||
493 | * will free them. | ||
494 | */ | ||
495 | for (i = 0; i < UIDHASH_SZ; i++) { | ||
496 | head = ns->uidhash_table + i; | ||
497 | while (!hlist_empty(head)) { | ||
498 | nd = head->first; | ||
499 | hlist_del_init(nd); | ||
500 | } | ||
501 | } | ||
502 | spin_unlock_irqrestore(&uidhash_lock, flags); | ||
503 | |||
504 | free_uid(ns->root_user); | ||
505 | } | ||
506 | #endif | ||
507 | |||
508 | static int __init uid_cache_init(void) | 452 | static int __init uid_cache_init(void) |
509 | { | 453 | { |
510 | int n; | 454 | int n; |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 532858fa5b88..79084311ee57 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
@@ -9,60 +9,55 @@ | |||
9 | #include <linux/nsproxy.h> | 9 | #include <linux/nsproxy.h> |
10 | #include <linux/slab.h> | 10 | #include <linux/slab.h> |
11 | #include <linux/user_namespace.h> | 11 | #include <linux/user_namespace.h> |
12 | #include <linux/cred.h> | ||
12 | 13 | ||
13 | /* | 14 | /* |
14 | * Clone a new ns copying an original user ns, setting refcount to 1 | 15 | * Create a new user namespace, deriving the creator from the user in the |
15 | * @old_ns: namespace to clone | 16 | * passed credentials, and replacing that user with the new root user for the |
16 | * Return NULL on error (failure to kmalloc), new ns otherwise | 17 | * new namespace. |
18 | * | ||
19 | * This is called by copy_creds(), which will finish setting the target task's | ||
20 | * credentials. | ||
17 | */ | 21 | */ |
18 | static struct user_namespace *clone_user_ns(struct user_namespace *old_ns) | 22 | int create_user_ns(struct cred *new) |
19 | { | 23 | { |
20 | struct user_namespace *ns; | 24 | struct user_namespace *ns; |
21 | struct user_struct *new_user; | 25 | struct user_struct *root_user; |
22 | int n; | 26 | int n; |
23 | 27 | ||
24 | ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL); | 28 | ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL); |
25 | if (!ns) | 29 | if (!ns) |
26 | return ERR_PTR(-ENOMEM); | 30 | return -ENOMEM; |
27 | 31 | ||
28 | kref_init(&ns->kref); | 32 | kref_init(&ns->kref); |
29 | 33 | ||
30 | for (n = 0; n < UIDHASH_SZ; ++n) | 34 | for (n = 0; n < UIDHASH_SZ; ++n) |
31 | INIT_HLIST_HEAD(ns->uidhash_table + n); | 35 | INIT_HLIST_HEAD(ns->uidhash_table + n); |
32 | 36 | ||
33 | /* Insert new root user. */ | 37 | /* Alloc new root user. */ |
34 | ns->root_user = alloc_uid(ns, 0); | 38 | root_user = alloc_uid(ns, 0); |
35 | if (!ns->root_user) { | 39 | if (!root_user) { |
36 | kfree(ns); | 40 | kfree(ns); |
37 | return ERR_PTR(-ENOMEM); | 41 | return -ENOMEM; |
38 | } | 42 | } |
39 | 43 | ||
40 | /* Reset current->user with a new one */ | 44 | /* set the new root user in the credentials under preparation */ |
41 | new_user = alloc_uid(ns, current->uid); | 45 | ns->creator = new->user; |
42 | if (!new_user) { | 46 | new->user = root_user; |
43 | free_uid(ns->root_user); | 47 | new->uid = new->euid = new->suid = new->fsuid = 0; |
44 | kfree(ns); | 48 | new->gid = new->egid = new->sgid = new->fsgid = 0; |
45 | return ERR_PTR(-ENOMEM); | 49 | put_group_info(new->group_info); |
46 | } | 50 | new->group_info = get_group_info(&init_groups); |
47 | 51 | #ifdef CONFIG_KEYS | |
48 | switch_uid(new_user); | 52 | key_put(new->request_key_auth); |
49 | return ns; | 53 | new->request_key_auth = NULL; |
50 | } | 54 | #endif |
51 | 55 | /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */ | |
52 | struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) | ||
53 | { | ||
54 | struct user_namespace *new_ns; | ||
55 | |||
56 | BUG_ON(!old_ns); | ||
57 | get_user_ns(old_ns); | ||
58 | |||
59 | if (!(flags & CLONE_NEWUSER)) | ||
60 | return old_ns; | ||
61 | 56 | ||
62 | new_ns = clone_user_ns(old_ns); | 57 | /* alloc_uid() incremented the userns refcount. Just set it to 1 */ |
58 | kref_set(&ns->kref, 1); | ||
63 | 59 | ||
64 | put_user_ns(old_ns); | 60 | return 0; |
65 | return new_ns; | ||
66 | } | 61 | } |
67 | 62 | ||
68 | void free_user_ns(struct kref *kref) | 63 | void free_user_ns(struct kref *kref) |
@@ -70,7 +65,7 @@ void free_user_ns(struct kref *kref) | |||
70 | struct user_namespace *ns; | 65 | struct user_namespace *ns; |
71 | 66 | ||
72 | ns = container_of(kref, struct user_namespace, kref); | 67 | ns = container_of(kref, struct user_namespace, kref); |
73 | release_uids(ns); | 68 | free_uid(ns->creator); |
74 | kfree(ns); | 69 | kfree(ns); |
75 | } | 70 | } |
76 | EXPORT_SYMBOL(free_user_ns); | 71 | EXPORT_SYMBOL(free_user_ns); |
diff --git a/kernel/workqueue.c b/kernel/workqueue.c index d4dc69ddebd7..4952322cba45 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c | |||
@@ -84,21 +84,21 @@ static cpumask_t cpu_singlethread_map __read_mostly; | |||
84 | static cpumask_t cpu_populated_map __read_mostly; | 84 | static cpumask_t cpu_populated_map __read_mostly; |
85 | 85 | ||
86 | /* If it's single threaded, it isn't in the list of workqueues. */ | 86 | /* If it's single threaded, it isn't in the list of workqueues. */ |
87 | static inline int is_single_threaded(struct workqueue_struct *wq) | 87 | static inline int is_wq_single_threaded(struct workqueue_struct *wq) |
88 | { | 88 | { |
89 | return wq->singlethread; | 89 | return wq->singlethread; |
90 | } | 90 | } |
91 | 91 | ||
92 | static const cpumask_t *wq_cpu_map(struct workqueue_struct *wq) | 92 | static const cpumask_t *wq_cpu_map(struct workqueue_struct *wq) |
93 | { | 93 | { |
94 | return is_single_threaded(wq) | 94 | return is_wq_single_threaded(wq) |
95 | ? &cpu_singlethread_map : &cpu_populated_map; | 95 | ? &cpu_singlethread_map : &cpu_populated_map; |
96 | } | 96 | } |
97 | 97 | ||
98 | static | 98 | static |
99 | struct cpu_workqueue_struct *wq_per_cpu(struct workqueue_struct *wq, int cpu) | 99 | struct cpu_workqueue_struct *wq_per_cpu(struct workqueue_struct *wq, int cpu) |
100 | { | 100 | { |
101 | if (unlikely(is_single_threaded(wq))) | 101 | if (unlikely(is_wq_single_threaded(wq))) |
102 | cpu = singlethread_cpu; | 102 | cpu = singlethread_cpu; |
103 | return per_cpu_ptr(wq->cpu_wq, cpu); | 103 | return per_cpu_ptr(wq->cpu_wq, cpu); |
104 | } | 104 | } |
@@ -769,7 +769,7 @@ static int create_workqueue_thread(struct cpu_workqueue_struct *cwq, int cpu) | |||
769 | { | 769 | { |
770 | struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 }; | 770 | struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 }; |
771 | struct workqueue_struct *wq = cwq->wq; | 771 | struct workqueue_struct *wq = cwq->wq; |
772 | const char *fmt = is_single_threaded(wq) ? "%s" : "%s/%d"; | 772 | const char *fmt = is_wq_single_threaded(wq) ? "%s" : "%s/%d"; |
773 | struct task_struct *p; | 773 | struct task_struct *p; |
774 | 774 | ||
775 | p = kthread_create(worker_thread, cwq, fmt, wq->name, cpu); | 775 | p = kthread_create(worker_thread, cwq, fmt, wq->name, cpu); |
diff --git a/lib/Makefile b/lib/Makefile index 7cb65d85aeb0..80fe8a3ec12a 100644 --- a/lib/Makefile +++ b/lib/Makefile | |||
@@ -11,7 +11,7 @@ lib-y := ctype.o string.o vsprintf.o cmdline.o \ | |||
11 | rbtree.o radix-tree.o dump_stack.o \ | 11 | rbtree.o radix-tree.o dump_stack.o \ |
12 | idr.o int_sqrt.o extable.o prio_tree.o \ | 12 | idr.o int_sqrt.o extable.o prio_tree.o \ |
13 | sha1.o irq_regs.o reciprocal_div.o argv_split.o \ | 13 | sha1.o irq_regs.o reciprocal_div.o argv_split.o \ |
14 | proportions.o prio_heap.o ratelimit.o show_mem.o | 14 | proportions.o prio_heap.o ratelimit.o show_mem.o is_single_threaded.o |
15 | 15 | ||
16 | lib-$(CONFIG_MMU) += ioremap.o | 16 | lib-$(CONFIG_MMU) += ioremap.o |
17 | lib-$(CONFIG_SMP) += cpumask.o | 17 | lib-$(CONFIG_SMP) += cpumask.o |
diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c new file mode 100644 index 000000000000..f1ed2fe76c65 --- /dev/null +++ b/lib/is_single_threaded.c | |||
@@ -0,0 +1,45 @@ | |||
1 | /* Function to determine if a thread group is single threaded or not | ||
2 | * | ||
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * - Derived from security/selinux/hooks.c | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or | ||
8 | * modify it under the terms of the GNU General Public Licence | ||
9 | * as published by the Free Software Foundation; either version | ||
10 | * 2 of the Licence, or (at your option) any later version. | ||
11 | */ | ||
12 | |||
13 | #include <linux/sched.h> | ||
14 | |||
15 | /** | ||
16 | * is_single_threaded - Determine if a thread group is single-threaded or not | ||
17 | * @p: A task in the thread group in question | ||
18 | * | ||
19 | * This returns true if the thread group to which a task belongs is single | ||
20 | * threaded, false if it is not. | ||
21 | */ | ||
22 | bool is_single_threaded(struct task_struct *p) | ||
23 | { | ||
24 | struct task_struct *g, *t; | ||
25 | struct mm_struct *mm = p->mm; | ||
26 | |||
27 | if (atomic_read(&p->signal->count) != 1) | ||
28 | goto no; | ||
29 | |||
30 | if (atomic_read(&p->mm->mm_users) != 1) { | ||
31 | read_lock(&tasklist_lock); | ||
32 | do_each_thread(g, t) { | ||
33 | if (t->mm == mm && t != p) | ||
34 | goto no_unlock; | ||
35 | } while_each_thread(g, t); | ||
36 | read_unlock(&tasklist_lock); | ||
37 | } | ||
38 | |||
39 | return true; | ||
40 | |||
41 | no_unlock: | ||
42 | read_unlock(&tasklist_lock); | ||
43 | no: | ||
44 | return false; | ||
45 | } | ||
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index e9493b1c1117..e412ffa8e52e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
@@ -1114,6 +1114,7 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
1114 | const unsigned long __user *old_nodes, | 1114 | const unsigned long __user *old_nodes, |
1115 | const unsigned long __user *new_nodes) | 1115 | const unsigned long __user *new_nodes) |
1116 | { | 1116 | { |
1117 | const struct cred *cred = current_cred(), *tcred; | ||
1117 | struct mm_struct *mm; | 1118 | struct mm_struct *mm; |
1118 | struct task_struct *task; | 1119 | struct task_struct *task; |
1119 | nodemask_t old; | 1120 | nodemask_t old; |
@@ -1148,12 +1149,16 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
1148 | * capabilities, superuser privileges or the same | 1149 | * capabilities, superuser privileges or the same |
1149 | * userid as the target process. | 1150 | * userid as the target process. |
1150 | */ | 1151 | */ |
1151 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1152 | rcu_read_lock(); |
1152 | (current->uid != task->suid) && (current->uid != task->uid) && | 1153 | tcred = __task_cred(task); |
1154 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | ||
1155 | cred->uid != tcred->suid && cred->uid != tcred->uid && | ||
1153 | !capable(CAP_SYS_NICE)) { | 1156 | !capable(CAP_SYS_NICE)) { |
1157 | rcu_read_unlock(); | ||
1154 | err = -EPERM; | 1158 | err = -EPERM; |
1155 | goto out; | 1159 | goto out; |
1156 | } | 1160 | } |
1161 | rcu_read_unlock(); | ||
1157 | 1162 | ||
1158 | task_nodes = cpuset_mems_allowed(task); | 1163 | task_nodes = cpuset_mems_allowed(task); |
1159 | /* Is the user allowed to access the target nodes? */ | 1164 | /* Is the user allowed to access the target nodes? */ |
diff --git a/mm/migrate.c b/mm/migrate.c index 1e0d6b237f44..0461fc6c961c 100644 --- a/mm/migrate.c +++ b/mm/migrate.c | |||
@@ -1042,6 +1042,7 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
1042 | const int __user *nodes, | 1042 | const int __user *nodes, |
1043 | int __user *status, int flags) | 1043 | int __user *status, int flags) |
1044 | { | 1044 | { |
1045 | const struct cred *cred = current_cred(), *tcred; | ||
1045 | struct task_struct *task; | 1046 | struct task_struct *task; |
1046 | struct mm_struct *mm; | 1047 | struct mm_struct *mm; |
1047 | int err; | 1048 | int err; |
@@ -1072,12 +1073,16 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
1072 | * capabilities, superuser privileges or the same | 1073 | * capabilities, superuser privileges or the same |
1073 | * userid as the target process. | 1074 | * userid as the target process. |
1074 | */ | 1075 | */ |
1075 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1076 | rcu_read_lock(); |
1076 | (current->uid != task->suid) && (current->uid != task->uid) && | 1077 | tcred = __task_cred(task); |
1078 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | ||
1079 | cred->uid != tcred->suid && cred->uid != tcred->uid && | ||
1077 | !capable(CAP_SYS_NICE)) { | 1080 | !capable(CAP_SYS_NICE)) { |
1081 | rcu_read_unlock(); | ||
1078 | err = -EPERM; | 1082 | err = -EPERM; |
1079 | goto out; | 1083 | goto out; |
1080 | } | 1084 | } |
1085 | rcu_read_unlock(); | ||
1081 | 1086 | ||
1082 | err = security_task_movememory(task); | 1087 | err = security_task_movememory(task); |
1083 | if (err) | 1088 | if (err) |
diff --git a/mm/oom_kill.c b/mm/oom_kill.c index a0a01902f551..558f9afe6e4e 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c | |||
@@ -128,8 +128,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
128 | * Superuser processes are usually more important, so we make it | 128 | * Superuser processes are usually more important, so we make it |
129 | * less likely that we kill those. | 129 | * less likely that we kill those. |
130 | */ | 130 | */ |
131 | if (has_capability(p, CAP_SYS_ADMIN) || | 131 | if (has_capability_noaudit(p, CAP_SYS_ADMIN) || |
132 | has_capability(p, CAP_SYS_RESOURCE)) | 132 | has_capability_noaudit(p, CAP_SYS_RESOURCE)) |
133 | points /= 4; | 133 | points /= 4; |
134 | 134 | ||
135 | /* | 135 | /* |
@@ -138,7 +138,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
138 | * tend to only have this flag set on applications they think | 138 | * tend to only have this flag set on applications they think |
139 | * of as important. | 139 | * of as important. |
140 | */ | 140 | */ |
141 | if (has_capability(p, CAP_SYS_RAWIO)) | 141 | if (has_capability_noaudit(p, CAP_SYS_RAWIO)) |
142 | points /= 4; | 142 | points /= 4; |
143 | 143 | ||
144 | /* | 144 | /* |
@@ -299,9 +299,9 @@ static void dump_tasks(const struct mem_cgroup *mem) | |||
299 | 299 | ||
300 | task_lock(p); | 300 | task_lock(p); |
301 | printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n", | 301 | printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n", |
302 | p->pid, p->uid, p->tgid, p->mm->total_vm, | 302 | p->pid, __task_cred(p)->uid, p->tgid, |
303 | get_mm_rss(p->mm), (int)task_cpu(p), p->oomkilladj, | 303 | p->mm->total_vm, get_mm_rss(p->mm), (int)task_cpu(p), |
304 | p->comm); | 304 | p->oomkilladj, p->comm); |
305 | task_unlock(p); | 305 | task_unlock(p); |
306 | } while_each_thread(g, p); | 306 | } while_each_thread(g, p); |
307 | } | 307 | } |
diff --git a/mm/shmem.c b/mm/shmem.c index 0ed075215e5f..f1b0d4871f3a 100644 --- a/mm/shmem.c +++ b/mm/shmem.c | |||
@@ -1513,8 +1513,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev) | |||
1513 | inode = new_inode(sb); | 1513 | inode = new_inode(sb); |
1514 | if (inode) { | 1514 | if (inode) { |
1515 | inode->i_mode = mode; | 1515 | inode->i_mode = mode; |
1516 | inode->i_uid = current->fsuid; | 1516 | inode->i_uid = current_fsuid(); |
1517 | inode->i_gid = current->fsgid; | 1517 | inode->i_gid = current_fsgid(); |
1518 | inode->i_blocks = 0; | 1518 | inode->i_blocks = 0; |
1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; | 1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; |
1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
@@ -2278,8 +2278,8 @@ static int shmem_fill_super(struct super_block *sb, | |||
2278 | sbinfo->max_blocks = 0; | 2278 | sbinfo->max_blocks = 0; |
2279 | sbinfo->max_inodes = 0; | 2279 | sbinfo->max_inodes = 0; |
2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; | 2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; |
2281 | sbinfo->uid = current->fsuid; | 2281 | sbinfo->uid = current_fsuid(); |
2282 | sbinfo->gid = current->fsgid; | 2282 | sbinfo->gid = current_fsgid(); |
2283 | sbinfo->mpol = NULL; | 2283 | sbinfo->mpol = NULL; |
2284 | sb->s_fs_info = sbinfo; | 2284 | sb->s_fs_info = sbinfo; |
2285 | 2285 | ||
diff --git a/net/9p/client.c b/net/9p/client.c index 4b529454616d..821f1ec0b2c3 100644 --- a/net/9p/client.c +++ b/net/9p/client.c | |||
@@ -627,7 +627,7 @@ static struct p9_fid *p9_fid_create(struct p9_client *clnt) | |||
627 | memset(&fid->qid, 0, sizeof(struct p9_qid)); | 627 | memset(&fid->qid, 0, sizeof(struct p9_qid)); |
628 | fid->mode = -1; | 628 | fid->mode = -1; |
629 | fid->rdir_fpos = 0; | 629 | fid->rdir_fpos = 0; |
630 | fid->uid = current->fsuid; | 630 | fid->uid = current_fsuid(); |
631 | fid->clnt = clnt; | 631 | fid->clnt = clnt; |
632 | fid->aux = NULL; | 632 | fid->aux = NULL; |
633 | 633 | ||
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c index 28c71574a781..00d9e5e13158 100644 --- a/net/ax25/af_ax25.c +++ b/net/ax25/af_ax25.c | |||
@@ -1045,7 +1045,7 @@ static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
1045 | if (addr->fsa_ax25.sax25_family != AF_AX25) | 1045 | if (addr->fsa_ax25.sax25_family != AF_AX25) |
1046 | return -EINVAL; | 1046 | return -EINVAL; |
1047 | 1047 | ||
1048 | user = ax25_findbyuid(current->euid); | 1048 | user = ax25_findbyuid(current_euid()); |
1049 | if (user) { | 1049 | if (user) { |
1050 | call = user->call; | 1050 | call = user->call; |
1051 | ax25_uid_put(user); | 1051 | ax25_uid_put(user); |
diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c index 8672cd84fdf9..c833ba4c45a5 100644 --- a/net/ax25/ax25_route.c +++ b/net/ax25/ax25_route.c | |||
@@ -421,7 +421,7 @@ int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr) | |||
421 | goto put; | 421 | goto put; |
422 | } | 422 | } |
423 | 423 | ||
424 | user = ax25_findbyuid(current->euid); | 424 | user = ax25_findbyuid(current_euid()); |
425 | if (user) { | 425 | if (user) { |
426 | ax25->source_addr = user->call; | 426 | ax25->source_addr = user->call; |
427 | ax25_uid_put(user); | 427 | ax25_uid_put(user); |
diff --git a/net/core/dev.c b/net/core/dev.c index 9174c77d3112..89912ae6de65 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -2961,6 +2961,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags) | |||
2961 | static int __dev_set_promiscuity(struct net_device *dev, int inc) | 2961 | static int __dev_set_promiscuity(struct net_device *dev, int inc) |
2962 | { | 2962 | { |
2963 | unsigned short old_flags = dev->flags; | 2963 | unsigned short old_flags = dev->flags; |
2964 | uid_t uid; | ||
2965 | gid_t gid; | ||
2964 | 2966 | ||
2965 | ASSERT_RTNL(); | 2967 | ASSERT_RTNL(); |
2966 | 2968 | ||
@@ -2985,15 +2987,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc) | |||
2985 | printk(KERN_INFO "device %s %s promiscuous mode\n", | 2987 | printk(KERN_INFO "device %s %s promiscuous mode\n", |
2986 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : | 2988 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : |
2987 | "left"); | 2989 | "left"); |
2988 | if (audit_enabled) | 2990 | if (audit_enabled) { |
2991 | current_uid_gid(&uid, &gid); | ||
2989 | audit_log(current->audit_context, GFP_ATOMIC, | 2992 | audit_log(current->audit_context, GFP_ATOMIC, |
2990 | AUDIT_ANOM_PROMISCUOUS, | 2993 | AUDIT_ANOM_PROMISCUOUS, |
2991 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", | 2994 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", |
2992 | dev->name, (dev->flags & IFF_PROMISC), | 2995 | dev->name, (dev->flags & IFF_PROMISC), |
2993 | (old_flags & IFF_PROMISC), | 2996 | (old_flags & IFF_PROMISC), |
2994 | audit_get_loginuid(current), | 2997 | audit_get_loginuid(current), |
2995 | current->uid, current->gid, | 2998 | uid, gid, |
2996 | audit_get_sessionid(current)); | 2999 | audit_get_sessionid(current)); |
3000 | } | ||
2997 | 3001 | ||
2998 | dev_change_rx_flags(dev, IFF_PROMISC); | 3002 | dev_change_rx_flags(dev, IFF_PROMISC); |
2999 | } | 3003 | } |
diff --git a/net/core/scm.c b/net/core/scm.c index b12303dd39d9..b7ba91b074b3 100644 --- a/net/core/scm.c +++ b/net/core/scm.c | |||
@@ -44,11 +44,13 @@ | |||
44 | 44 | ||
45 | static __inline__ int scm_check_creds(struct ucred *creds) | 45 | static __inline__ int scm_check_creds(struct ucred *creds) |
46 | { | 46 | { |
47 | const struct cred *cred = current_cred(); | ||
48 | |||
47 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && | 49 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && |
48 | ((creds->uid == current->uid || creds->uid == current->euid || | 50 | ((creds->uid == cred->uid || creds->uid == cred->euid || |
49 | creds->uid == current->suid) || capable(CAP_SETUID)) && | 51 | creds->uid == cred->suid) || capable(CAP_SETUID)) && |
50 | ((creds->gid == current->gid || creds->gid == current->egid || | 52 | ((creds->gid == cred->gid || creds->gid == cred->egid || |
51 | creds->gid == current->sgid) || capable(CAP_SETGID))) { | 53 | creds->gid == cred->sgid) || capable(CAP_SETGID))) { |
52 | return 0; | 54 | return 0; |
53 | } | 55 | } |
54 | return -EPERM; | 56 | return -EPERM; |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index fc6ce04a3e35..7b5dbe118c09 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -340,8 +340,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
340 | read_lock_bh(&skb->sk->sk_callback_lock); | 340 | read_lock_bh(&skb->sk->sk_callback_lock); |
341 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | 341 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) |
342 | printk("UID=%u GID=%u ", | 342 | printk("UID=%u GID=%u ", |
343 | skb->sk->sk_socket->file->f_uid, | 343 | skb->sk->sk_socket->file->f_cred->fsuid, |
344 | skb->sk->sk_socket->file->f_gid); | 344 | skb->sk->sk_socket->file->f_cred->fsgid); |
345 | read_unlock_bh(&skb->sk->sk_callback_lock); | 345 | read_unlock_bh(&skb->sk->sk_callback_lock); |
346 | } | 346 | } |
347 | 347 | ||
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index 37a4e777e347..bd3c7b96bbaa 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c | |||
@@ -388,7 +388,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval, | |||
388 | fl->owner = current->pid; | 388 | fl->owner = current->pid; |
389 | break; | 389 | break; |
390 | case IPV6_FL_S_USER: | 390 | case IPV6_FL_S_USER: |
391 | fl->owner = current->euid; | 391 | fl->owner = current_euid(); |
392 | break; | 392 | break; |
393 | default: | 393 | default: |
394 | err = -EINVAL; | 394 | err = -EINVAL; |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index caa441d09567..871d157cec4e 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
@@ -364,8 +364,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
364 | read_lock_bh(&skb->sk->sk_callback_lock); | 364 | read_lock_bh(&skb->sk->sk_callback_lock); |
365 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | 365 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) |
366 | printk("UID=%u GID=%u ", | 366 | printk("UID=%u GID=%u ", |
367 | skb->sk->sk_socket->file->f_uid, | 367 | skb->sk->sk_socket->file->f_cred->fsuid, |
368 | skb->sk->sk_socket->file->f_gid); | 368 | skb->sk->sk_socket->file->f_cred->fsgid); |
369 | read_unlock_bh(&skb->sk->sk_callback_lock); | 369 | read_unlock_bh(&skb->sk->sk_callback_lock); |
370 | } | 370 | } |
371 | 371 | ||
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 41e0105d3828..38f9efd90e8d 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
@@ -474,8 +474,9 @@ __build_packet_message(struct nfulnl_instance *inst, | |||
474 | if (skb->sk) { | 474 | if (skb->sk) { |
475 | read_lock_bh(&skb->sk->sk_callback_lock); | 475 | read_lock_bh(&skb->sk->sk_callback_lock); |
476 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) { | 476 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) { |
477 | __be32 uid = htonl(skb->sk->sk_socket->file->f_uid); | 477 | struct file *file = skb->sk->sk_socket->file; |
478 | __be32 gid = htonl(skb->sk->sk_socket->file->f_gid); | 478 | __be32 uid = htonl(file->f_cred->fsuid); |
479 | __be32 gid = htonl(file->f_cred->fsgid); | ||
479 | /* need to unlock here since NLA_PUT may goto */ | 480 | /* need to unlock here since NLA_PUT may goto */ |
480 | read_unlock_bh(&skb->sk->sk_callback_lock); | 481 | read_unlock_bh(&skb->sk->sk_callback_lock); |
481 | NLA_PUT_BE32(inst->skb, NFULA_UID, uid); | 482 | NLA_PUT_BE32(inst->skb, NFULA_UID, uid); |
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c index f19ebd9b78f5..22b2a5e881ea 100644 --- a/net/netfilter/xt_owner.c +++ b/net/netfilter/xt_owner.c | |||
@@ -34,12 +34,12 @@ owner_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) | |||
34 | return false; | 34 | return false; |
35 | 35 | ||
36 | if (info->match & IPT_OWNER_UID) | 36 | if (info->match & IPT_OWNER_UID) |
37 | if ((filp->f_uid != info->uid) ^ | 37 | if ((filp->f_cred->fsuid != info->uid) ^ |
38 | !!(info->invert & IPT_OWNER_UID)) | 38 | !!(info->invert & IPT_OWNER_UID)) |
39 | return false; | 39 | return false; |
40 | 40 | ||
41 | if (info->match & IPT_OWNER_GID) | 41 | if (info->match & IPT_OWNER_GID) |
42 | if ((filp->f_gid != info->gid) ^ | 42 | if ((filp->f_cred->fsgid != info->gid) ^ |
43 | !!(info->invert & IPT_OWNER_GID)) | 43 | !!(info->invert & IPT_OWNER_GID)) |
44 | return false; | 44 | return false; |
45 | 45 | ||
@@ -60,12 +60,12 @@ owner_mt6_v0(const struct sk_buff *skb, const struct xt_match_param *par) | |||
60 | return false; | 60 | return false; |
61 | 61 | ||
62 | if (info->match & IP6T_OWNER_UID) | 62 | if (info->match & IP6T_OWNER_UID) |
63 | if ((filp->f_uid != info->uid) ^ | 63 | if ((filp->f_cred->fsuid != info->uid) ^ |
64 | !!(info->invert & IP6T_OWNER_UID)) | 64 | !!(info->invert & IP6T_OWNER_UID)) |
65 | return false; | 65 | return false; |
66 | 66 | ||
67 | if (info->match & IP6T_OWNER_GID) | 67 | if (info->match & IP6T_OWNER_GID) |
68 | if ((filp->f_gid != info->gid) ^ | 68 | if ((filp->f_cred->fsgid != info->gid) ^ |
69 | !!(info->invert & IP6T_OWNER_GID)) | 69 | !!(info->invert & IP6T_OWNER_GID)) |
70 | return false; | 70 | return false; |
71 | 71 | ||
@@ -93,14 +93,14 @@ owner_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
93 | (XT_OWNER_UID | XT_OWNER_GID)) == 0; | 93 | (XT_OWNER_UID | XT_OWNER_GID)) == 0; |
94 | 94 | ||
95 | if (info->match & XT_OWNER_UID) | 95 | if (info->match & XT_OWNER_UID) |
96 | if ((filp->f_uid >= info->uid_min && | 96 | if ((filp->f_cred->fsuid >= info->uid_min && |
97 | filp->f_uid <= info->uid_max) ^ | 97 | filp->f_cred->fsuid <= info->uid_max) ^ |
98 | !(info->invert & XT_OWNER_UID)) | 98 | !(info->invert & XT_OWNER_UID)) |
99 | return false; | 99 | return false; |
100 | 100 | ||
101 | if (info->match & XT_OWNER_GID) | 101 | if (info->match & XT_OWNER_GID) |
102 | if ((filp->f_gid >= info->gid_min && | 102 | if ((filp->f_cred->fsgid >= info->gid_min && |
103 | filp->f_gid <= info->gid_max) ^ | 103 | filp->f_cred->fsgid <= info->gid_max) ^ |
104 | !(info->invert & XT_OWNER_GID)) | 104 | !(info->invert & XT_OWNER_GID)) |
105 | return false; | 105 | return false; |
106 | 106 | ||
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 9f1ea4a27b35..e9c05b8f4f45 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c | |||
@@ -609,7 +609,7 @@ static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
609 | } else { | 609 | } else { |
610 | source = &addr->fsa_ax25.sax25_call; | 610 | source = &addr->fsa_ax25.sax25_call; |
611 | 611 | ||
612 | user = ax25_findbyuid(current->euid); | 612 | user = ax25_findbyuid(current_euid()); |
613 | if (user) { | 613 | if (user) { |
614 | nr->user_addr = user->call; | 614 | nr->user_addr = user->call; |
615 | ax25_uid_put(user); | 615 | ax25_uid_put(user); |
@@ -683,7 +683,7 @@ static int nr_connect(struct socket *sock, struct sockaddr *uaddr, | |||
683 | } | 683 | } |
684 | source = (ax25_address *)dev->dev_addr; | 684 | source = (ax25_address *)dev->dev_addr; |
685 | 685 | ||
686 | user = ax25_findbyuid(current->euid); | 686 | user = ax25_findbyuid(current_euid()); |
687 | if (user) { | 687 | if (user) { |
688 | nr->user_addr = user->call; | 688 | nr->user_addr = user->call; |
689 | ax25_uid_put(user); | 689 | ax25_uid_put(user); |
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index 0c1cc7612800..01392649b462 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c | |||
@@ -690,7 +690,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
690 | 690 | ||
691 | source = &addr->srose_call; | 691 | source = &addr->srose_call; |
692 | 692 | ||
693 | user = ax25_findbyuid(current->euid); | 693 | user = ax25_findbyuid(current_euid()); |
694 | if (user) { | 694 | if (user) { |
695 | rose->source_call = user->call; | 695 | rose->source_call = user->call; |
696 | ax25_uid_put(user); | 696 | ax25_uid_put(user); |
@@ -791,7 +791,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le | |||
791 | goto out_release; | 791 | goto out_release; |
792 | } | 792 | } |
793 | 793 | ||
794 | user = ax25_findbyuid(current->euid); | 794 | user = ax25_findbyuid(current_euid()); |
795 | if (!user) { | 795 | if (!user) { |
796 | err = -EINVAL; | 796 | err = -EINVAL; |
797 | goto out_release; | 797 | goto out_release; |
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index 9a8ff684da79..ad8c7a782da1 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c | |||
@@ -287,6 +287,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, | |||
287 | time_t expiry, | 287 | time_t expiry, |
288 | u32 kvno) | 288 | u32 kvno) |
289 | { | 289 | { |
290 | const struct cred *cred = current_cred(); | ||
290 | struct key *key; | 291 | struct key *key; |
291 | int ret; | 292 | int ret; |
292 | 293 | ||
@@ -297,7 +298,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, | |||
297 | 298 | ||
298 | _enter(""); | 299 | _enter(""); |
299 | 300 | ||
300 | key = key_alloc(&key_type_rxrpc, "x", 0, 0, current, 0, | 301 | key = key_alloc(&key_type_rxrpc, "x", 0, 0, cred, 0, |
301 | KEY_ALLOC_NOT_IN_QUOTA); | 302 | KEY_ALLOC_NOT_IN_QUOTA); |
302 | if (IS_ERR(key)) { | 303 | if (IS_ERR(key)) { |
303 | _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); | 304 | _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); |
@@ -340,10 +341,11 @@ EXPORT_SYMBOL(rxrpc_get_server_data_key); | |||
340 | */ | 341 | */ |
341 | struct key *rxrpc_get_null_key(const char *keyname) | 342 | struct key *rxrpc_get_null_key(const char *keyname) |
342 | { | 343 | { |
344 | const struct cred *cred = current_cred(); | ||
343 | struct key *key; | 345 | struct key *key; |
344 | int ret; | 346 | int ret; |
345 | 347 | ||
346 | key = key_alloc(&key_type_rxrpc, keyname, 0, 0, current, | 348 | key = key_alloc(&key_type_rxrpc, keyname, 0, 0, cred, |
347 | KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); | 349 | KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); |
348 | if (IS_ERR(key)) | 350 | if (IS_ERR(key)) |
349 | return key; | 351 | return key; |
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c index 0ebaff637e31..0ef4e3065bcd 100644 --- a/net/sched/cls_flow.c +++ b/net/sched/cls_flow.c | |||
@@ -260,14 +260,14 @@ static u32 flow_get_rtclassid(const struct sk_buff *skb) | |||
260 | static u32 flow_get_skuid(const struct sk_buff *skb) | 260 | static u32 flow_get_skuid(const struct sk_buff *skb) |
261 | { | 261 | { |
262 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) | 262 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) |
263 | return skb->sk->sk_socket->file->f_uid; | 263 | return skb->sk->sk_socket->file->f_cred->fsuid; |
264 | return 0; | 264 | return 0; |
265 | } | 265 | } |
266 | 266 | ||
267 | static u32 flow_get_skgid(const struct sk_buff *skb) | 267 | static u32 flow_get_skgid(const struct sk_buff *skb) |
268 | { | 268 | { |
269 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) | 269 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) |
270 | return skb->sk->sk_socket->file->f_gid; | 270 | return skb->sk->sk_socket->file->f_cred->fsgid; |
271 | return 0; | 271 | return 0; |
272 | } | 272 | } |
273 | 273 | ||
diff --git a/net/socket.c b/net/socket.c index 92764d836891..b7a562e655e9 100644 --- a/net/socket.c +++ b/net/socket.c | |||
@@ -491,8 +491,8 @@ static struct socket *sock_alloc(void) | |||
491 | sock = SOCKET_I(inode); | 491 | sock = SOCKET_I(inode); |
492 | 492 | ||
493 | inode->i_mode = S_IFSOCK | S_IRWXUGO; | 493 | inode->i_mode = S_IFSOCK | S_IRWXUGO; |
494 | inode->i_uid = current->fsuid; | 494 | inode->i_uid = current_fsuid(); |
495 | inode->i_gid = current->fsgid; | 495 | inode->i_gid = current_fsgid(); |
496 | 496 | ||
497 | get_cpu_var(sockets_in_use)++; | 497 | get_cpu_var(sockets_in_use)++; |
498 | put_cpu_var(sockets_in_use); | 498 | put_cpu_var(sockets_in_use); |
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c index cb216b2df666..0443f8349458 100644 --- a/net/sunrpc/auth.c +++ b/net/sunrpc/auth.c | |||
@@ -350,16 +350,18 @@ EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache); | |||
350 | struct rpc_cred * | 350 | struct rpc_cred * |
351 | rpcauth_lookupcred(struct rpc_auth *auth, int flags) | 351 | rpcauth_lookupcred(struct rpc_auth *auth, int flags) |
352 | { | 352 | { |
353 | struct auth_cred acred = { | 353 | struct auth_cred acred; |
354 | .uid = current->fsuid, | ||
355 | .gid = current->fsgid, | ||
356 | .group_info = current->group_info, | ||
357 | }; | ||
358 | struct rpc_cred *ret; | 354 | struct rpc_cred *ret; |
355 | const struct cred *cred = current_cred(); | ||
359 | 356 | ||
360 | dprintk("RPC: looking up %s cred\n", | 357 | dprintk("RPC: looking up %s cred\n", |
361 | auth->au_ops->au_name); | 358 | auth->au_ops->au_name); |
362 | get_group_info(acred.group_info); | 359 | |
360 | memset(&acred, 0, sizeof(acred)); | ||
361 | acred.uid = cred->fsuid; | ||
362 | acred.gid = cred->fsgid; | ||
363 | acred.group_info = get_group_info(((struct cred *)cred)->group_info); | ||
364 | |||
363 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); | 365 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); |
364 | put_group_info(acred.group_info); | 366 | put_group_info(acred.group_info); |
365 | return ret; | 367 | return ret; |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 66d5ac4773ab..b152e2b9b988 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
@@ -467,8 +467,7 @@ static int unix_listen(struct socket *sock, int backlog) | |||
467 | sk->sk_state = TCP_LISTEN; | 467 | sk->sk_state = TCP_LISTEN; |
468 | /* set credentials so connect can copy them */ | 468 | /* set credentials so connect can copy them */ |
469 | sk->sk_peercred.pid = task_tgid_vnr(current); | 469 | sk->sk_peercred.pid = task_tgid_vnr(current); |
470 | sk->sk_peercred.uid = current->euid; | 470 | current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid); |
471 | sk->sk_peercred.gid = current->egid; | ||
472 | err = 0; | 471 | err = 0; |
473 | 472 | ||
474 | out_unlock: | 473 | out_unlock: |
@@ -1126,8 +1125,7 @@ restart: | |||
1126 | newsk->sk_state = TCP_ESTABLISHED; | 1125 | newsk->sk_state = TCP_ESTABLISHED; |
1127 | newsk->sk_type = sk->sk_type; | 1126 | newsk->sk_type = sk->sk_type; |
1128 | newsk->sk_peercred.pid = task_tgid_vnr(current); | 1127 | newsk->sk_peercred.pid = task_tgid_vnr(current); |
1129 | newsk->sk_peercred.uid = current->euid; | 1128 | current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid); |
1130 | newsk->sk_peercred.gid = current->egid; | ||
1131 | newu = unix_sk(newsk); | 1129 | newu = unix_sk(newsk); |
1132 | newsk->sk_sleep = &newu->peer_wait; | 1130 | newsk->sk_sleep = &newu->peer_wait; |
1133 | otheru = unix_sk(other); | 1131 | otheru = unix_sk(other); |
@@ -1187,8 +1185,9 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb) | |||
1187 | unix_peer(ska)=skb; | 1185 | unix_peer(ska)=skb; |
1188 | unix_peer(skb)=ska; | 1186 | unix_peer(skb)=ska; |
1189 | ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); | 1187 | ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); |
1190 | ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid; | 1188 | current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid); |
1191 | ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid; | 1189 | ska->sk_peercred.uid = skb->sk_peercred.uid; |
1190 | ska->sk_peercred.gid = skb->sk_peercred.gid; | ||
1192 | 1191 | ||
1193 | if (ska->sk_type != SOCK_DGRAM) { | 1192 | if (ska->sk_type != SOCK_DGRAM) { |
1194 | ska->sk_state = TCP_ESTABLISHED; | 1193 | ska->sk_state = TCP_ESTABLISHED; |
diff --git a/security/capability.c b/security/capability.c index 245874819036..b9e391425e6f 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -32,24 +32,19 @@ static int cap_quota_on(struct dentry *dentry) | |||
32 | return 0; | 32 | return 0; |
33 | } | 33 | } |
34 | 34 | ||
35 | static int cap_bprm_alloc_security(struct linux_binprm *bprm) | 35 | static int cap_bprm_check_security (struct linux_binprm *bprm) |
36 | { | 36 | { |
37 | return 0; | 37 | return 0; |
38 | } | 38 | } |
39 | 39 | ||
40 | static void cap_bprm_free_security(struct linux_binprm *bprm) | 40 | static void cap_bprm_committing_creds(struct linux_binprm *bprm) |
41 | { | 41 | { |
42 | } | 42 | } |
43 | 43 | ||
44 | static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) | 44 | static void cap_bprm_committed_creds(struct linux_binprm *bprm) |
45 | { | 45 | { |
46 | } | 46 | } |
47 | 47 | ||
48 | static int cap_bprm_check_security(struct linux_binprm *bprm) | ||
49 | { | ||
50 | return 0; | ||
51 | } | ||
52 | |||
53 | static int cap_sb_alloc_security(struct super_block *sb) | 48 | static int cap_sb_alloc_security(struct super_block *sb) |
54 | { | 49 | { |
55 | return 0; | 50 | return 0; |
@@ -330,7 +325,7 @@ static int cap_file_receive(struct file *file) | |||
330 | return 0; | 325 | return 0; |
331 | } | 326 | } |
332 | 327 | ||
333 | static int cap_dentry_open(struct file *file) | 328 | static int cap_dentry_open(struct file *file, const struct cred *cred) |
334 | { | 329 | { |
335 | return 0; | 330 | return 0; |
336 | } | 331 | } |
@@ -340,15 +335,29 @@ static int cap_task_create(unsigned long clone_flags) | |||
340 | return 0; | 335 | return 0; |
341 | } | 336 | } |
342 | 337 | ||
343 | static int cap_task_alloc_security(struct task_struct *p) | 338 | static void cap_cred_free(struct cred *cred) |
339 | { | ||
340 | } | ||
341 | |||
342 | static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) | ||
344 | { | 343 | { |
345 | return 0; | 344 | return 0; |
346 | } | 345 | } |
347 | 346 | ||
348 | static void cap_task_free_security(struct task_struct *p) | 347 | static void cap_cred_commit(struct cred *new, const struct cred *old) |
349 | { | 348 | { |
350 | } | 349 | } |
351 | 350 | ||
351 | static int cap_kernel_act_as(struct cred *new, u32 secid) | ||
352 | { | ||
353 | return 0; | ||
354 | } | ||
355 | |||
356 | static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
357 | { | ||
358 | return 0; | ||
359 | } | ||
360 | |||
352 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 361 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
353 | { | 362 | { |
354 | return 0; | 363 | return 0; |
@@ -750,7 +759,7 @@ static void cap_release_secctx(char *secdata, u32 seclen) | |||
750 | } | 759 | } |
751 | 760 | ||
752 | #ifdef CONFIG_KEYS | 761 | #ifdef CONFIG_KEYS |
753 | static int cap_key_alloc(struct key *key, struct task_struct *ctx, | 762 | static int cap_key_alloc(struct key *key, const struct cred *cred, |
754 | unsigned long flags) | 763 | unsigned long flags) |
755 | { | 764 | { |
756 | return 0; | 765 | return 0; |
@@ -760,7 +769,7 @@ static void cap_key_free(struct key *key) | |||
760 | { | 769 | { |
761 | } | 770 | } |
762 | 771 | ||
763 | static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, | 772 | static int cap_key_permission(key_ref_t key_ref, const struct cred *cred, |
764 | key_perm_t perm) | 773 | key_perm_t perm) |
765 | { | 774 | { |
766 | return 0; | 775 | return 0; |
@@ -814,8 +823,7 @@ void security_fixup_ops(struct security_operations *ops) | |||
814 | set_to_cap_if_null(ops, ptrace_may_access); | 823 | set_to_cap_if_null(ops, ptrace_may_access); |
815 | set_to_cap_if_null(ops, ptrace_traceme); | 824 | set_to_cap_if_null(ops, ptrace_traceme); |
816 | set_to_cap_if_null(ops, capget); | 825 | set_to_cap_if_null(ops, capget); |
817 | set_to_cap_if_null(ops, capset_check); | 826 | set_to_cap_if_null(ops, capset); |
818 | set_to_cap_if_null(ops, capset_set); | ||
819 | set_to_cap_if_null(ops, acct); | 827 | set_to_cap_if_null(ops, acct); |
820 | set_to_cap_if_null(ops, capable); | 828 | set_to_cap_if_null(ops, capable); |
821 | set_to_cap_if_null(ops, quotactl); | 829 | set_to_cap_if_null(ops, quotactl); |
@@ -824,11 +832,9 @@ void security_fixup_ops(struct security_operations *ops) | |||
824 | set_to_cap_if_null(ops, syslog); | 832 | set_to_cap_if_null(ops, syslog); |
825 | set_to_cap_if_null(ops, settime); | 833 | set_to_cap_if_null(ops, settime); |
826 | set_to_cap_if_null(ops, vm_enough_memory); | 834 | set_to_cap_if_null(ops, vm_enough_memory); |
827 | set_to_cap_if_null(ops, bprm_alloc_security); | 835 | set_to_cap_if_null(ops, bprm_set_creds); |
828 | set_to_cap_if_null(ops, bprm_free_security); | 836 | set_to_cap_if_null(ops, bprm_committing_creds); |
829 | set_to_cap_if_null(ops, bprm_apply_creds); | 837 | set_to_cap_if_null(ops, bprm_committed_creds); |
830 | set_to_cap_if_null(ops, bprm_post_apply_creds); | ||
831 | set_to_cap_if_null(ops, bprm_set_security); | ||
832 | set_to_cap_if_null(ops, bprm_check_security); | 838 | set_to_cap_if_null(ops, bprm_check_security); |
833 | set_to_cap_if_null(ops, bprm_secureexec); | 839 | set_to_cap_if_null(ops, bprm_secureexec); |
834 | set_to_cap_if_null(ops, sb_alloc_security); | 840 | set_to_cap_if_null(ops, sb_alloc_security); |
@@ -890,10 +896,13 @@ void security_fixup_ops(struct security_operations *ops) | |||
890 | set_to_cap_if_null(ops, file_receive); | 896 | set_to_cap_if_null(ops, file_receive); |
891 | set_to_cap_if_null(ops, dentry_open); | 897 | set_to_cap_if_null(ops, dentry_open); |
892 | set_to_cap_if_null(ops, task_create); | 898 | set_to_cap_if_null(ops, task_create); |
893 | set_to_cap_if_null(ops, task_alloc_security); | 899 | set_to_cap_if_null(ops, cred_free); |
894 | set_to_cap_if_null(ops, task_free_security); | 900 | set_to_cap_if_null(ops, cred_prepare); |
901 | set_to_cap_if_null(ops, cred_commit); | ||
902 | set_to_cap_if_null(ops, kernel_act_as); | ||
903 | set_to_cap_if_null(ops, kernel_create_files_as); | ||
895 | set_to_cap_if_null(ops, task_setuid); | 904 | set_to_cap_if_null(ops, task_setuid); |
896 | set_to_cap_if_null(ops, task_post_setuid); | 905 | set_to_cap_if_null(ops, task_fix_setuid); |
897 | set_to_cap_if_null(ops, task_setgid); | 906 | set_to_cap_if_null(ops, task_setgid); |
898 | set_to_cap_if_null(ops, task_setpgid); | 907 | set_to_cap_if_null(ops, task_setpgid); |
899 | set_to_cap_if_null(ops, task_getpgid); | 908 | set_to_cap_if_null(ops, task_getpgid); |
@@ -910,7 +919,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
910 | set_to_cap_if_null(ops, task_wait); | 919 | set_to_cap_if_null(ops, task_wait); |
911 | set_to_cap_if_null(ops, task_kill); | 920 | set_to_cap_if_null(ops, task_kill); |
912 | set_to_cap_if_null(ops, task_prctl); | 921 | set_to_cap_if_null(ops, task_prctl); |
913 | set_to_cap_if_null(ops, task_reparent_to_init); | ||
914 | set_to_cap_if_null(ops, task_to_inode); | 922 | set_to_cap_if_null(ops, task_to_inode); |
915 | set_to_cap_if_null(ops, ipc_permission); | 923 | set_to_cap_if_null(ops, ipc_permission); |
916 | set_to_cap_if_null(ops, ipc_getsecid); | 924 | set_to_cap_if_null(ops, ipc_getsecid); |
diff --git a/security/commoncap.c b/security/commoncap.c index 3976613db829..79713545cd63 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -8,6 +8,7 @@ | |||
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include <linux/capability.h> | 10 | #include <linux/capability.h> |
11 | #include <linux/audit.h> | ||
11 | #include <linux/module.h> | 12 | #include <linux/module.h> |
12 | #include <linux/init.h> | 13 | #include <linux/init.h> |
13 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
@@ -29,7 +30,7 @@ | |||
29 | 30 | ||
30 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | 31 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) |
31 | { | 32 | { |
32 | NETLINK_CB(skb).eff_cap = current->cap_effective; | 33 | NETLINK_CB(skb).eff_cap = current_cap(); |
33 | return 0; | 34 | return 0; |
34 | } | 35 | } |
35 | 36 | ||
@@ -39,23 +40,41 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
39 | return -EPERM; | 40 | return -EPERM; |
40 | return 0; | 41 | return 0; |
41 | } | 42 | } |
42 | |||
43 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
44 | 44 | ||
45 | /* | 45 | /** |
46 | * cap_capable - Determine whether a task has a particular effective capability | ||
47 | * @tsk: The task to query | ||
48 | * @cap: The capability to check for | ||
49 | * @audit: Whether to write an audit message or not | ||
50 | * | ||
51 | * Determine whether the nominated task has the specified capability amongst | ||
52 | * its effective set, returning 0 if it does, -ve if it does not. | ||
53 | * | ||
46 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
47 | * function. That is, it has the reverse semantics: cap_capable() | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
48 | * returns 0 when a task has a capability, but the kernel's capable() | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
49 | * returns 1 for this case. | 57 | * case. |
50 | */ | 58 | */ |
51 | int cap_capable (struct task_struct *tsk, int cap) | 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
52 | { | 60 | { |
61 | __u32 cap_raised; | ||
62 | |||
53 | /* Derived from include/linux/sched.h:capable. */ | 63 | /* Derived from include/linux/sched.h:capable. */ |
54 | if (cap_raised(tsk->cap_effective, cap)) | 64 | rcu_read_lock(); |
55 | return 0; | 65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); |
56 | return -EPERM; | 66 | rcu_read_unlock(); |
67 | return cap_raised ? 0 : -EPERM; | ||
57 | } | 68 | } |
58 | 69 | ||
70 | /** | ||
71 | * cap_settime - Determine whether the current process may set the system clock | ||
72 | * @ts: The time to set | ||
73 | * @tz: The timezone to set | ||
74 | * | ||
75 | * Determine whether the current process may set the system clock and timezone | ||
76 | * information, returning 0 if permission granted, -ve if denied. | ||
77 | */ | ||
59 | int cap_settime(struct timespec *ts, struct timezone *tz) | 78 | int cap_settime(struct timespec *ts, struct timezone *tz) |
60 | { | 79 | { |
61 | if (!capable(CAP_SYS_TIME)) | 80 | if (!capable(CAP_SYS_TIME)) |
@@ -63,121 +82,157 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
63 | return 0; | 82 | return 0; |
64 | } | 83 | } |
65 | 84 | ||
85 | /** | ||
86 | * cap_ptrace_may_access - Determine whether the current process may access | ||
87 | * another | ||
88 | * @child: The process to be accessed | ||
89 | * @mode: The mode of attachment. | ||
90 | * | ||
91 | * Determine whether a process may access another, returning 0 if permission | ||
92 | * granted, -ve if denied. | ||
93 | */ | ||
66 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | 94 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) |
67 | { | 95 | { |
68 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 96 | int ret = 0; |
69 | if (cap_issubset(child->cap_permitted, current->cap_permitted)) | 97 | |
70 | return 0; | 98 | rcu_read_lock(); |
71 | if (capable(CAP_SYS_PTRACE)) | 99 | if (!cap_issubset(__task_cred(child)->cap_permitted, |
72 | return 0; | 100 | current_cred()->cap_permitted) && |
73 | return -EPERM; | 101 | !capable(CAP_SYS_PTRACE)) |
102 | ret = -EPERM; | ||
103 | rcu_read_unlock(); | ||
104 | return ret; | ||
74 | } | 105 | } |
75 | 106 | ||
107 | /** | ||
108 | * cap_ptrace_traceme - Determine whether another process may trace the current | ||
109 | * @parent: The task proposed to be the tracer | ||
110 | * | ||
111 | * Determine whether the nominated task is permitted to trace the current | ||
112 | * process, returning 0 if permission is granted, -ve if denied. | ||
113 | */ | ||
76 | int cap_ptrace_traceme(struct task_struct *parent) | 114 | int cap_ptrace_traceme(struct task_struct *parent) |
77 | { | 115 | { |
78 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 116 | int ret = 0; |
79 | if (cap_issubset(current->cap_permitted, parent->cap_permitted)) | 117 | |
80 | return 0; | 118 | rcu_read_lock(); |
81 | if (has_capability(parent, CAP_SYS_PTRACE)) | 119 | if (!cap_issubset(current_cred()->cap_permitted, |
82 | return 0; | 120 | __task_cred(parent)->cap_permitted) && |
83 | return -EPERM; | 121 | !has_capability(parent, CAP_SYS_PTRACE)) |
122 | ret = -EPERM; | ||
123 | rcu_read_unlock(); | ||
124 | return ret; | ||
84 | } | 125 | } |
85 | 126 | ||
86 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, | 127 | /** |
87 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 128 | * cap_capget - Retrieve a task's capability sets |
129 | * @target: The task from which to retrieve the capability sets | ||
130 | * @effective: The place to record the effective set | ||
131 | * @inheritable: The place to record the inheritable set | ||
132 | * @permitted: The place to record the permitted set | ||
133 | * | ||
134 | * This function retrieves the capabilities of the nominated task and returns | ||
135 | * them to the caller. | ||
136 | */ | ||
137 | int cap_capget(struct task_struct *target, kernel_cap_t *effective, | ||
138 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
88 | { | 139 | { |
140 | const struct cred *cred; | ||
141 | |||
89 | /* Derived from kernel/capability.c:sys_capget. */ | 142 | /* Derived from kernel/capability.c:sys_capget. */ |
90 | *effective = target->cap_effective; | 143 | rcu_read_lock(); |
91 | *inheritable = target->cap_inheritable; | 144 | cred = __task_cred(target); |
92 | *permitted = target->cap_permitted; | 145 | *effective = cred->cap_effective; |
146 | *inheritable = cred->cap_inheritable; | ||
147 | *permitted = cred->cap_permitted; | ||
148 | rcu_read_unlock(); | ||
93 | return 0; | 149 | return 0; |
94 | } | 150 | } |
95 | 151 | ||
96 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 152 | /* |
97 | 153 | * Determine whether the inheritable capabilities are limited to the old | |
98 | static inline int cap_block_setpcap(struct task_struct *target) | 154 | * permitted set. Returns 1 if they are limited, 0 if they are not. |
99 | { | 155 | */ |
100 | /* | ||
101 | * No support for remote process capability manipulation with | ||
102 | * filesystem capability support. | ||
103 | */ | ||
104 | return (target != current); | ||
105 | } | ||
106 | |||
107 | static inline int cap_inh_is_capped(void) | 156 | static inline int cap_inh_is_capped(void) |
108 | { | 157 | { |
109 | /* | 158 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
110 | * Return 1 if changes to the inheritable set are limited | ||
111 | * to the old permitted set. That is, if the current task | ||
112 | * does *not* possess the CAP_SETPCAP capability. | ||
113 | */ | ||
114 | return (cap_capable(current, CAP_SETPCAP) != 0); | ||
115 | } | ||
116 | |||
117 | static inline int cap_limit_ptraced_target(void) { return 1; } | ||
118 | |||
119 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
120 | 159 | ||
121 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } | 160 | /* they are so limited unless the current task has the CAP_SETPCAP |
122 | static inline int cap_inh_is_capped(void) { return 1; } | 161 | * capability |
123 | static inline int cap_limit_ptraced_target(void) | 162 | */ |
124 | { | 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
125 | return !capable(CAP_SETPCAP); | 164 | return 0; |
165 | #endif | ||
166 | return 1; | ||
126 | } | 167 | } |
127 | 168 | ||
128 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 169 | /** |
129 | 170 | * cap_capset - Validate and apply proposed changes to current's capabilities | |
130 | int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, | 171 | * @new: The proposed new credentials; alterations should be made here |
131 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 172 | * @old: The current task's current credentials |
132 | { | 173 | * @effective: A pointer to the proposed new effective capabilities set |
133 | if (cap_block_setpcap(target)) { | 174 | * @inheritable: A pointer to the proposed new inheritable capabilities set |
134 | return -EPERM; | 175 | * @permitted: A pointer to the proposed new permitted capabilities set |
135 | } | 176 | * |
136 | if (cap_inh_is_capped() | 177 | * This function validates and applies a proposed mass change to the current |
137 | && !cap_issubset(*inheritable, | 178 | * process's capability sets. The changes are made to the proposed new |
138 | cap_combine(target->cap_inheritable, | 179 | * credentials, and assuming no error, will be committed by the caller of LSM. |
139 | current->cap_permitted))) { | 180 | */ |
181 | int cap_capset(struct cred *new, | ||
182 | const struct cred *old, | ||
183 | const kernel_cap_t *effective, | ||
184 | const kernel_cap_t *inheritable, | ||
185 | const kernel_cap_t *permitted) | ||
186 | { | ||
187 | if (cap_inh_is_capped() && | ||
188 | !cap_issubset(*inheritable, | ||
189 | cap_combine(old->cap_inheritable, | ||
190 | old->cap_permitted))) | ||
140 | /* incapable of using this inheritable set */ | 191 | /* incapable of using this inheritable set */ |
141 | return -EPERM; | 192 | return -EPERM; |
142 | } | 193 | |
143 | if (!cap_issubset(*inheritable, | 194 | if (!cap_issubset(*inheritable, |
144 | cap_combine(target->cap_inheritable, | 195 | cap_combine(old->cap_inheritable, |
145 | current->cap_bset))) { | 196 | old->cap_bset))) |
146 | /* no new pI capabilities outside bounding set */ | 197 | /* no new pI capabilities outside bounding set */ |
147 | return -EPERM; | 198 | return -EPERM; |
148 | } | ||
149 | 199 | ||
150 | /* verify restrictions on target's new Permitted set */ | 200 | /* verify restrictions on target's new Permitted set */ |
151 | if (!cap_issubset (*permitted, | 201 | if (!cap_issubset(*permitted, old->cap_permitted)) |
152 | cap_combine (target->cap_permitted, | ||
153 | current->cap_permitted))) { | ||
154 | return -EPERM; | 202 | return -EPERM; |
155 | } | ||
156 | 203 | ||
157 | /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ | 204 | /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ |
158 | if (!cap_issubset (*effective, *permitted)) { | 205 | if (!cap_issubset(*effective, *permitted)) |
159 | return -EPERM; | 206 | return -EPERM; |
160 | } | ||
161 | 207 | ||
208 | new->cap_effective = *effective; | ||
209 | new->cap_inheritable = *inheritable; | ||
210 | new->cap_permitted = *permitted; | ||
162 | return 0; | 211 | return 0; |
163 | } | 212 | } |
164 | 213 | ||
165 | void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, | 214 | /* |
166 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 215 | * Clear proposed capability sets for execve(). |
167 | { | 216 | */ |
168 | target->cap_effective = *effective; | ||
169 | target->cap_inheritable = *inheritable; | ||
170 | target->cap_permitted = *permitted; | ||
171 | } | ||
172 | |||
173 | static inline void bprm_clear_caps(struct linux_binprm *bprm) | 217 | static inline void bprm_clear_caps(struct linux_binprm *bprm) |
174 | { | 218 | { |
175 | cap_clear(bprm->cap_post_exec_permitted); | 219 | cap_clear(bprm->cred->cap_permitted); |
176 | bprm->cap_effective = false; | 220 | bprm->cap_effective = false; |
177 | } | 221 | } |
178 | 222 | ||
179 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 223 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
180 | 224 | ||
225 | /** | ||
226 | * cap_inode_need_killpriv - Determine if inode change affects privileges | ||
227 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV | ||
228 | * | ||
229 | * Determine if an inode having a change applied that's marked ATTR_KILL_PRIV | ||
230 | * affects the security markings on that inode, and if it is, should | ||
231 | * inode_killpriv() be invoked or the change rejected? | ||
232 | * | ||
233 | * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and | ||
234 | * -ve to deny the change. | ||
235 | */ | ||
181 | int cap_inode_need_killpriv(struct dentry *dentry) | 236 | int cap_inode_need_killpriv(struct dentry *dentry) |
182 | { | 237 | { |
183 | struct inode *inode = dentry->d_inode; | 238 | struct inode *inode = dentry->d_inode; |
@@ -192,6 +247,14 @@ int cap_inode_need_killpriv(struct dentry *dentry) | |||
192 | return 1; | 247 | return 1; |
193 | } | 248 | } |
194 | 249 | ||
250 | /** | ||
251 | * cap_inode_killpriv - Erase the security markings on an inode | ||
252 | * @dentry: The inode/dentry to alter | ||
253 | * | ||
254 | * Erase the privilege-enhancing security markings on an inode. | ||
255 | * | ||
256 | * Returns 0 if successful, -ve on error. | ||
257 | */ | ||
195 | int cap_inode_killpriv(struct dentry *dentry) | 258 | int cap_inode_killpriv(struct dentry *dentry) |
196 | { | 259 | { |
197 | struct inode *inode = dentry->d_inode; | 260 | struct inode *inode = dentry->d_inode; |
@@ -202,19 +265,75 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
202 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); | 265 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); |
203 | } | 266 | } |
204 | 267 | ||
205 | static inline int cap_from_disk(struct vfs_cap_data *caps, | 268 | /* |
206 | struct linux_binprm *bprm, unsigned size) | 269 | * Calculate the new process capability sets from the capability sets attached |
270 | * to a file. | ||
271 | */ | ||
272 | static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, | ||
273 | struct linux_binprm *bprm, | ||
274 | bool *effective) | ||
275 | { | ||
276 | struct cred *new = bprm->cred; | ||
277 | unsigned i; | ||
278 | int ret = 0; | ||
279 | |||
280 | if (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE) | ||
281 | *effective = true; | ||
282 | |||
283 | CAP_FOR_EACH_U32(i) { | ||
284 | __u32 permitted = caps->permitted.cap[i]; | ||
285 | __u32 inheritable = caps->inheritable.cap[i]; | ||
286 | |||
287 | /* | ||
288 | * pP' = (X & fP) | (pI & fI) | ||
289 | */ | ||
290 | new->cap_permitted.cap[i] = | ||
291 | (new->cap_bset.cap[i] & permitted) | | ||
292 | (new->cap_inheritable.cap[i] & inheritable); | ||
293 | |||
294 | if (permitted & ~new->cap_permitted.cap[i]) | ||
295 | /* insufficient to execute correctly */ | ||
296 | ret = -EPERM; | ||
297 | } | ||
298 | |||
299 | /* | ||
300 | * For legacy apps, with no internal support for recognizing they | ||
301 | * do not have enough capabilities, we return an error if they are | ||
302 | * missing some "forced" (aka file-permitted) capabilities. | ||
303 | */ | ||
304 | return *effective ? ret : 0; | ||
305 | } | ||
306 | |||
307 | /* | ||
308 | * Extract the on-exec-apply capability sets for an executable file. | ||
309 | */ | ||
310 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) | ||
207 | { | 311 | { |
312 | struct inode *inode = dentry->d_inode; | ||
208 | __u32 magic_etc; | 313 | __u32 magic_etc; |
209 | unsigned tocopy, i; | 314 | unsigned tocopy, i; |
210 | int ret; | 315 | int size; |
316 | struct vfs_cap_data caps; | ||
317 | |||
318 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | ||
319 | |||
320 | if (!inode || !inode->i_op || !inode->i_op->getxattr) | ||
321 | return -ENODATA; | ||
322 | |||
323 | size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, | ||
324 | XATTR_CAPS_SZ); | ||
325 | if (size == -ENODATA || size == -EOPNOTSUPP) | ||
326 | /* no data, that's ok */ | ||
327 | return -ENODATA; | ||
328 | if (size < 0) | ||
329 | return size; | ||
211 | 330 | ||
212 | if (size < sizeof(magic_etc)) | 331 | if (size < sizeof(magic_etc)) |
213 | return -EINVAL; | 332 | return -EINVAL; |
214 | 333 | ||
215 | magic_etc = le32_to_cpu(caps->magic_etc); | 334 | cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc); |
216 | 335 | ||
217 | switch ((magic_etc & VFS_CAP_REVISION_MASK)) { | 336 | switch (magic_etc & VFS_CAP_REVISION_MASK) { |
218 | case VFS_CAP_REVISION_1: | 337 | case VFS_CAP_REVISION_1: |
219 | if (size != XATTR_CAPS_SZ_1) | 338 | if (size != XATTR_CAPS_SZ_1) |
220 | return -EINVAL; | 339 | return -EINVAL; |
@@ -229,77 +348,48 @@ static inline int cap_from_disk(struct vfs_cap_data *caps, | |||
229 | return -EINVAL; | 348 | return -EINVAL; |
230 | } | 349 | } |
231 | 350 | ||
232 | if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE) { | ||
233 | bprm->cap_effective = true; | ||
234 | } else { | ||
235 | bprm->cap_effective = false; | ||
236 | } | ||
237 | |||
238 | ret = 0; | ||
239 | |||
240 | CAP_FOR_EACH_U32(i) { | 351 | CAP_FOR_EACH_U32(i) { |
241 | __u32 value_cpu; | 352 | if (i >= tocopy) |
242 | 353 | break; | |
243 | if (i >= tocopy) { | 354 | cpu_caps->permitted.cap[i] = le32_to_cpu(caps.data[i].permitted); |
244 | /* | 355 | cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable); |
245 | * Legacy capability sets have no upper bits | ||
246 | */ | ||
247 | bprm->cap_post_exec_permitted.cap[i] = 0; | ||
248 | continue; | ||
249 | } | ||
250 | /* | ||
251 | * pP' = (X & fP) | (pI & fI) | ||
252 | */ | ||
253 | value_cpu = le32_to_cpu(caps->data[i].permitted); | ||
254 | bprm->cap_post_exec_permitted.cap[i] = | ||
255 | (current->cap_bset.cap[i] & value_cpu) | | ||
256 | (current->cap_inheritable.cap[i] & | ||
257 | le32_to_cpu(caps->data[i].inheritable)); | ||
258 | if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) { | ||
259 | /* | ||
260 | * insufficient to execute correctly | ||
261 | */ | ||
262 | ret = -EPERM; | ||
263 | } | ||
264 | } | 356 | } |
265 | 357 | ||
266 | /* | 358 | return 0; |
267 | * For legacy apps, with no internal support for recognizing they | ||
268 | * do not have enough capabilities, we return an error if they are | ||
269 | * missing some "forced" (aka file-permitted) capabilities. | ||
270 | */ | ||
271 | return bprm->cap_effective ? ret : 0; | ||
272 | } | 359 | } |
273 | 360 | ||
274 | /* Locate any VFS capabilities: */ | 361 | /* |
275 | static int get_file_caps(struct linux_binprm *bprm) | 362 | * Attempt to get the on-exec apply capability sets for an executable file from |
363 | * its xattrs and, if present, apply them to the proposed credentials being | ||
364 | * constructed by execve(). | ||
365 | */ | ||
366 | static int get_file_caps(struct linux_binprm *bprm, bool *effective) | ||
276 | { | 367 | { |
277 | struct dentry *dentry; | 368 | struct dentry *dentry; |
278 | int rc = 0; | 369 | int rc = 0; |
279 | struct vfs_cap_data vcaps; | 370 | struct cpu_vfs_cap_data vcaps; |
280 | struct inode *inode; | ||
281 | 371 | ||
282 | bprm_clear_caps(bprm); | 372 | bprm_clear_caps(bprm); |
283 | 373 | ||
374 | if (!file_caps_enabled) | ||
375 | return 0; | ||
376 | |||
284 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) | 377 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) |
285 | return 0; | 378 | return 0; |
286 | 379 | ||
287 | dentry = dget(bprm->file->f_dentry); | 380 | dentry = dget(bprm->file->f_dentry); |
288 | inode = dentry->d_inode; | ||
289 | if (!inode->i_op || !inode->i_op->getxattr) | ||
290 | goto out; | ||
291 | 381 | ||
292 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &vcaps, | 382 | rc = get_vfs_caps_from_disk(dentry, &vcaps); |
293 | XATTR_CAPS_SZ); | 383 | if (rc < 0) { |
294 | if (rc == -ENODATA || rc == -EOPNOTSUPP) { | 384 | if (rc == -EINVAL) |
295 | /* no data, that's ok */ | 385 | printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n", |
296 | rc = 0; | 386 | __func__, rc, bprm->filename); |
387 | else if (rc == -ENODATA) | ||
388 | rc = 0; | ||
297 | goto out; | 389 | goto out; |
298 | } | 390 | } |
299 | if (rc < 0) | ||
300 | goto out; | ||
301 | 391 | ||
302 | rc = cap_from_disk(&vcaps, bprm, rc); | 392 | rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective); |
303 | if (rc == -EINVAL) | 393 | if (rc == -EINVAL) |
304 | printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", | 394 | printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", |
305 | __func__, rc, bprm->filename); | 395 | __func__, rc, bprm->filename); |
@@ -323,18 +413,57 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
323 | return 0; | 413 | return 0; |
324 | } | 414 | } |
325 | 415 | ||
326 | static inline int get_file_caps(struct linux_binprm *bprm) | 416 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) |
417 | { | ||
418 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | ||
419 | return -ENODATA; | ||
420 | } | ||
421 | |||
422 | static inline int get_file_caps(struct linux_binprm *bprm, bool *effective) | ||
327 | { | 423 | { |
328 | bprm_clear_caps(bprm); | 424 | bprm_clear_caps(bprm); |
329 | return 0; | 425 | return 0; |
330 | } | 426 | } |
331 | #endif | 427 | #endif |
332 | 428 | ||
333 | int cap_bprm_set_security (struct linux_binprm *bprm) | 429 | /* |
430 | * Determine whether a exec'ing process's new permitted capabilities should be | ||
431 | * limited to just what it already has. | ||
432 | * | ||
433 | * This prevents processes that are being ptraced from gaining access to | ||
434 | * CAP_SETPCAP, unless the process they're tracing already has it, and the | ||
435 | * binary they're executing has filecaps that elevate it. | ||
436 | * | ||
437 | * Returns 1 if they should be limited, 0 if they are not. | ||
438 | */ | ||
439 | static inline int cap_limit_ptraced_target(void) | ||
440 | { | ||
441 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
442 | if (capable(CAP_SETPCAP)) | ||
443 | return 0; | ||
444 | #endif | ||
445 | return 1; | ||
446 | } | ||
447 | |||
448 | /** | ||
449 | * cap_bprm_set_creds - Set up the proposed credentials for execve(). | ||
450 | * @bprm: The execution parameters, including the proposed creds | ||
451 | * | ||
452 | * Set up the proposed credentials for a new execution context being | ||
453 | * constructed by execve(). The proposed creds in @bprm->cred is altered, | ||
454 | * which won't take effect immediately. Returns 0 if successful, -ve on error. | ||
455 | */ | ||
456 | int cap_bprm_set_creds(struct linux_binprm *bprm) | ||
334 | { | 457 | { |
458 | const struct cred *old = current_cred(); | ||
459 | struct cred *new = bprm->cred; | ||
460 | bool effective; | ||
335 | int ret; | 461 | int ret; |
336 | 462 | ||
337 | ret = get_file_caps(bprm); | 463 | effective = false; |
464 | ret = get_file_caps(bprm, &effective); | ||
465 | if (ret < 0) | ||
466 | return ret; | ||
338 | 467 | ||
339 | if (!issecure(SECURE_NOROOT)) { | 468 | if (!issecure(SECURE_NOROOT)) { |
340 | /* | 469 | /* |
@@ -342,75 +471,113 @@ int cap_bprm_set_security (struct linux_binprm *bprm) | |||
342 | * executables under compatibility mode, we override the | 471 | * executables under compatibility mode, we override the |
343 | * capability sets for the file. | 472 | * capability sets for the file. |
344 | * | 473 | * |
345 | * If only the real uid is 0, we do not set the effective | 474 | * If only the real uid is 0, we do not set the effective bit. |
346 | * bit. | ||
347 | */ | 475 | */ |
348 | if (bprm->e_uid == 0 || current->uid == 0) { | 476 | if (new->euid == 0 || new->uid == 0) { |
349 | /* pP' = (cap_bset & ~0) | (pI & ~0) */ | 477 | /* pP' = (cap_bset & ~0) | (pI & ~0) */ |
350 | bprm->cap_post_exec_permitted = cap_combine( | 478 | new->cap_permitted = cap_combine(old->cap_bset, |
351 | current->cap_bset, current->cap_inheritable | 479 | old->cap_inheritable); |
352 | ); | ||
353 | bprm->cap_effective = (bprm->e_uid == 0); | ||
354 | ret = 0; | ||
355 | } | 480 | } |
481 | if (new->euid == 0) | ||
482 | effective = true; | ||
356 | } | 483 | } |
357 | 484 | ||
358 | return ret; | 485 | /* Don't let someone trace a set[ug]id/setpcap binary with the revised |
359 | } | 486 | * credentials unless they have the appropriate permit |
360 | 487 | */ | |
361 | void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | 488 | if ((new->euid != old->uid || |
362 | { | 489 | new->egid != old->gid || |
363 | if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || | 490 | !cap_issubset(new->cap_permitted, old->cap_permitted)) && |
364 | !cap_issubset(bprm->cap_post_exec_permitted, | 491 | bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { |
365 | current->cap_permitted)) { | 492 | /* downgrade; they get no more than they had, and maybe less */ |
366 | set_dumpable(current->mm, suid_dumpable); | 493 | if (!capable(CAP_SETUID)) { |
367 | current->pdeath_signal = 0; | 494 | new->euid = new->uid; |
368 | 495 | new->egid = new->gid; | |
369 | if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) { | ||
370 | if (!capable(CAP_SETUID)) { | ||
371 | bprm->e_uid = current->uid; | ||
372 | bprm->e_gid = current->gid; | ||
373 | } | ||
374 | if (cap_limit_ptraced_target()) { | ||
375 | bprm->cap_post_exec_permitted = cap_intersect( | ||
376 | bprm->cap_post_exec_permitted, | ||
377 | current->cap_permitted); | ||
378 | } | ||
379 | } | 496 | } |
497 | if (cap_limit_ptraced_target()) | ||
498 | new->cap_permitted = cap_intersect(new->cap_permitted, | ||
499 | old->cap_permitted); | ||
380 | } | 500 | } |
381 | 501 | ||
382 | current->suid = current->euid = current->fsuid = bprm->e_uid; | 502 | new->suid = new->fsuid = new->euid; |
383 | current->sgid = current->egid = current->fsgid = bprm->e_gid; | 503 | new->sgid = new->fsgid = new->egid; |
384 | 504 | ||
385 | /* For init, we want to retain the capabilities set | 505 | /* For init, we want to retain the capabilities set in the initial |
386 | * in the init_task struct. Thus we skip the usual | 506 | * task. Thus we skip the usual capability rules |
387 | * capability rules */ | 507 | */ |
388 | if (!is_global_init(current)) { | 508 | if (!is_global_init(current)) { |
389 | current->cap_permitted = bprm->cap_post_exec_permitted; | 509 | if (effective) |
390 | if (bprm->cap_effective) | 510 | new->cap_effective = new->cap_permitted; |
391 | current->cap_effective = bprm->cap_post_exec_permitted; | ||
392 | else | 511 | else |
393 | cap_clear(current->cap_effective); | 512 | cap_clear(new->cap_effective); |
394 | } | 513 | } |
514 | bprm->cap_effective = effective; | ||
395 | 515 | ||
396 | /* AUD: Audit candidate if current->cap_effective is set */ | 516 | /* |
517 | * Audit candidate if current->cap_effective is set | ||
518 | * | ||
519 | * We do not bother to audit if 3 things are true: | ||
520 | * 1) cap_effective has all caps | ||
521 | * 2) we are root | ||
522 | * 3) root is supposed to have all caps (SECURE_NOROOT) | ||
523 | * Since this is just a normal root execing a process. | ||
524 | * | ||
525 | * Number 1 above might fail if you don't have a full bset, but I think | ||
526 | * that is interesting information to audit. | ||
527 | */ | ||
528 | if (!cap_isclear(new->cap_effective)) { | ||
529 | if (!cap_issubset(CAP_FULL_SET, new->cap_effective) || | ||
530 | new->euid != 0 || new->uid != 0 || | ||
531 | issecure(SECURE_NOROOT)) { | ||
532 | ret = audit_log_bprm_fcaps(bprm, new, old); | ||
533 | if (ret < 0) | ||
534 | return ret; | ||
535 | } | ||
536 | } | ||
397 | 537 | ||
398 | current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); | 538 | new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); |
539 | return 0; | ||
399 | } | 540 | } |
400 | 541 | ||
401 | int cap_bprm_secureexec (struct linux_binprm *bprm) | 542 | /** |
543 | * cap_bprm_secureexec - Determine whether a secure execution is required | ||
544 | * @bprm: The execution parameters | ||
545 | * | ||
546 | * Determine whether a secure execution is required, return 1 if it is, and 0 | ||
547 | * if it is not. | ||
548 | * | ||
549 | * The credentials have been committed by this point, and so are no longer | ||
550 | * available through @bprm->cred. | ||
551 | */ | ||
552 | int cap_bprm_secureexec(struct linux_binprm *bprm) | ||
402 | { | 553 | { |
403 | if (current->uid != 0) { | 554 | const struct cred *cred = current_cred(); |
555 | |||
556 | if (cred->uid != 0) { | ||
404 | if (bprm->cap_effective) | 557 | if (bprm->cap_effective) |
405 | return 1; | 558 | return 1; |
406 | if (!cap_isclear(bprm->cap_post_exec_permitted)) | 559 | if (!cap_isclear(cred->cap_permitted)) |
407 | return 1; | 560 | return 1; |
408 | } | 561 | } |
409 | 562 | ||
410 | return (current->euid != current->uid || | 563 | return (cred->euid != cred->uid || |
411 | current->egid != current->gid); | 564 | cred->egid != cred->gid); |
412 | } | 565 | } |
413 | 566 | ||
567 | /** | ||
568 | * cap_inode_setxattr - Determine whether an xattr may be altered | ||
569 | * @dentry: The inode/dentry being altered | ||
570 | * @name: The name of the xattr to be changed | ||
571 | * @value: The value that the xattr will be changed to | ||
572 | * @size: The size of value | ||
573 | * @flags: The replacement flag | ||
574 | * | ||
575 | * Determine whether an xattr may be altered or set on an inode, returning 0 if | ||
576 | * permission is granted, -ve if denied. | ||
577 | * | ||
578 | * This is used to make sure security xattrs don't get updated or set by those | ||
579 | * who aren't privileged to do so. | ||
580 | */ | ||
414 | int cap_inode_setxattr(struct dentry *dentry, const char *name, | 581 | int cap_inode_setxattr(struct dentry *dentry, const char *name, |
415 | const void *value, size_t size, int flags) | 582 | const void *value, size_t size, int flags) |
416 | { | 583 | { |
@@ -418,28 +585,42 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, | |||
418 | if (!capable(CAP_SETFCAP)) | 585 | if (!capable(CAP_SETFCAP)) |
419 | return -EPERM; | 586 | return -EPERM; |
420 | return 0; | 587 | return 0; |
421 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 588 | } |
589 | |||
590 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
422 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 591 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
423 | !capable(CAP_SYS_ADMIN)) | 592 | !capable(CAP_SYS_ADMIN)) |
424 | return -EPERM; | 593 | return -EPERM; |
425 | return 0; | 594 | return 0; |
426 | } | 595 | } |
427 | 596 | ||
597 | /** | ||
598 | * cap_inode_removexattr - Determine whether an xattr may be removed | ||
599 | * @dentry: The inode/dentry being altered | ||
600 | * @name: The name of the xattr to be changed | ||
601 | * | ||
602 | * Determine whether an xattr may be removed from an inode, returning 0 if | ||
603 | * permission is granted, -ve if denied. | ||
604 | * | ||
605 | * This is used to make sure security xattrs don't get removed by those who | ||
606 | * aren't privileged to remove them. | ||
607 | */ | ||
428 | int cap_inode_removexattr(struct dentry *dentry, const char *name) | 608 | int cap_inode_removexattr(struct dentry *dentry, const char *name) |
429 | { | 609 | { |
430 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 610 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
431 | if (!capable(CAP_SETFCAP)) | 611 | if (!capable(CAP_SETFCAP)) |
432 | return -EPERM; | 612 | return -EPERM; |
433 | return 0; | 613 | return 0; |
434 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 614 | } |
615 | |||
616 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
435 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 617 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
436 | !capable(CAP_SYS_ADMIN)) | 618 | !capable(CAP_SYS_ADMIN)) |
437 | return -EPERM; | 619 | return -EPERM; |
438 | return 0; | 620 | return 0; |
439 | } | 621 | } |
440 | 622 | ||
441 | /* moved from kernel/sys.c. */ | 623 | /* |
442 | /* | ||
443 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of | 624 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of |
444 | * a process after a call to setuid, setreuid, or setresuid. | 625 | * a process after a call to setuid, setreuid, or setresuid. |
445 | * | 626 | * |
@@ -453,10 +634,10 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) | |||
453 | * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective | 634 | * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective |
454 | * capabilities are set to the permitted capabilities. | 635 | * capabilities are set to the permitted capabilities. |
455 | * | 636 | * |
456 | * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should | 637 | * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should |
457 | * never happen. | 638 | * never happen. |
458 | * | 639 | * |
459 | * -astor | 640 | * -astor |
460 | * | 641 | * |
461 | * cevans - New behaviour, Oct '99 | 642 | * cevans - New behaviour, Oct '99 |
462 | * A process may, via prctl(), elect to keep its capabilities when it | 643 | * A process may, via prctl(), elect to keep its capabilities when it |
@@ -468,61 +649,60 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) | |||
468 | * files.. | 649 | * files.. |
469 | * Thanks to Olaf Kirch and Peter Benie for spotting this. | 650 | * Thanks to Olaf Kirch and Peter Benie for spotting this. |
470 | */ | 651 | */ |
471 | static inline void cap_emulate_setxuid (int old_ruid, int old_euid, | 652 | static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old) |
472 | int old_suid) | ||
473 | { | 653 | { |
474 | if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && | 654 | if ((old->uid == 0 || old->euid == 0 || old->suid == 0) && |
475 | (current->uid != 0 && current->euid != 0 && current->suid != 0) && | 655 | (new->uid != 0 && new->euid != 0 && new->suid != 0) && |
476 | !issecure(SECURE_KEEP_CAPS)) { | 656 | !issecure(SECURE_KEEP_CAPS)) { |
477 | cap_clear (current->cap_permitted); | 657 | cap_clear(new->cap_permitted); |
478 | cap_clear (current->cap_effective); | 658 | cap_clear(new->cap_effective); |
479 | } | ||
480 | if (old_euid == 0 && current->euid != 0) { | ||
481 | cap_clear (current->cap_effective); | ||
482 | } | ||
483 | if (old_euid != 0 && current->euid == 0) { | ||
484 | current->cap_effective = current->cap_permitted; | ||
485 | } | 659 | } |
660 | if (old->euid == 0 && new->euid != 0) | ||
661 | cap_clear(new->cap_effective); | ||
662 | if (old->euid != 0 && new->euid == 0) | ||
663 | new->cap_effective = new->cap_permitted; | ||
486 | } | 664 | } |
487 | 665 | ||
488 | int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | 666 | /** |
489 | int flags) | 667 | * cap_task_fix_setuid - Fix up the results of setuid() call |
668 | * @new: The proposed credentials | ||
669 | * @old: The current task's current credentials | ||
670 | * @flags: Indications of what has changed | ||
671 | * | ||
672 | * Fix up the results of setuid() call before the credential changes are | ||
673 | * actually applied, returning 0 to grant the changes, -ve to deny them. | ||
674 | */ | ||
675 | int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) | ||
490 | { | 676 | { |
491 | switch (flags) { | 677 | switch (flags) { |
492 | case LSM_SETID_RE: | 678 | case LSM_SETID_RE: |
493 | case LSM_SETID_ID: | 679 | case LSM_SETID_ID: |
494 | case LSM_SETID_RES: | 680 | case LSM_SETID_RES: |
495 | /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ | 681 | /* juggle the capabilities to follow [RES]UID changes unless |
496 | if (!issecure (SECURE_NO_SETUID_FIXUP)) { | 682 | * otherwise suppressed */ |
497 | cap_emulate_setxuid (old_ruid, old_euid, old_suid); | 683 | if (!issecure(SECURE_NO_SETUID_FIXUP)) |
498 | } | 684 | cap_emulate_setxuid(new, old); |
499 | break; | 685 | break; |
500 | case LSM_SETID_FS: | ||
501 | { | ||
502 | uid_t old_fsuid = old_ruid; | ||
503 | 686 | ||
504 | /* Copied from kernel/sys.c:setfsuid. */ | 687 | case LSM_SETID_FS: |
505 | 688 | /* juggle the capabilties to follow FSUID changes, unless | |
506 | /* | 689 | * otherwise suppressed |
507 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? | 690 | * |
508 | * if not, we might be a bit too harsh here. | 691 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? |
509 | */ | 692 | * if not, we might be a bit too harsh here. |
510 | 693 | */ | |
511 | if (!issecure (SECURE_NO_SETUID_FIXUP)) { | 694 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
512 | if (old_fsuid == 0 && current->fsuid != 0) { | 695 | if (old->fsuid == 0 && new->fsuid != 0) |
513 | current->cap_effective = | 696 | new->cap_effective = |
514 | cap_drop_fs_set( | 697 | cap_drop_fs_set(new->cap_effective); |
515 | current->cap_effective); | 698 | |
516 | } | 699 | if (old->fsuid != 0 && new->fsuid == 0) |
517 | if (old_fsuid != 0 && current->fsuid == 0) { | 700 | new->cap_effective = |
518 | current->cap_effective = | 701 | cap_raise_fs_set(new->cap_effective, |
519 | cap_raise_fs_set( | 702 | new->cap_permitted); |
520 | current->cap_effective, | ||
521 | current->cap_permitted); | ||
522 | } | ||
523 | } | ||
524 | break; | ||
525 | } | 703 | } |
704 | break; | ||
705 | |||
526 | default: | 706 | default: |
527 | return -EINVAL; | 707 | return -EINVAL; |
528 | } | 708 | } |
@@ -543,42 +723,71 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | |||
543 | */ | 723 | */ |
544 | static int cap_safe_nice(struct task_struct *p) | 724 | static int cap_safe_nice(struct task_struct *p) |
545 | { | 725 | { |
546 | if (!cap_issubset(p->cap_permitted, current->cap_permitted) && | 726 | int is_subset; |
547 | !capable(CAP_SYS_NICE)) | 727 | |
728 | rcu_read_lock(); | ||
729 | is_subset = cap_issubset(__task_cred(p)->cap_permitted, | ||
730 | current_cred()->cap_permitted); | ||
731 | rcu_read_unlock(); | ||
732 | |||
733 | if (!is_subset && !capable(CAP_SYS_NICE)) | ||
548 | return -EPERM; | 734 | return -EPERM; |
549 | return 0; | 735 | return 0; |
550 | } | 736 | } |
551 | 737 | ||
552 | int cap_task_setscheduler (struct task_struct *p, int policy, | 738 | /** |
739 | * cap_task_setscheduler - Detemine if scheduler policy change is permitted | ||
740 | * @p: The task to affect | ||
741 | * @policy: The policy to effect | ||
742 | * @lp: The parameters to the scheduling policy | ||
743 | * | ||
744 | * Detemine if the requested scheduler policy change is permitted for the | ||
745 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
746 | */ | ||
747 | int cap_task_setscheduler(struct task_struct *p, int policy, | ||
553 | struct sched_param *lp) | 748 | struct sched_param *lp) |
554 | { | 749 | { |
555 | return cap_safe_nice(p); | 750 | return cap_safe_nice(p); |
556 | } | 751 | } |
557 | 752 | ||
558 | int cap_task_setioprio (struct task_struct *p, int ioprio) | 753 | /** |
754 | * cap_task_ioprio - Detemine if I/O priority change is permitted | ||
755 | * @p: The task to affect | ||
756 | * @ioprio: The I/O priority to set | ||
757 | * | ||
758 | * Detemine if the requested I/O priority change is permitted for the specified | ||
759 | * task, returning 0 if permission is granted, -ve if denied. | ||
760 | */ | ||
761 | int cap_task_setioprio(struct task_struct *p, int ioprio) | ||
559 | { | 762 | { |
560 | return cap_safe_nice(p); | 763 | return cap_safe_nice(p); |
561 | } | 764 | } |
562 | 765 | ||
563 | int cap_task_setnice (struct task_struct *p, int nice) | 766 | /** |
767 | * cap_task_ioprio - Detemine if task priority change is permitted | ||
768 | * @p: The task to affect | ||
769 | * @nice: The nice value to set | ||
770 | * | ||
771 | * Detemine if the requested task priority change is permitted for the | ||
772 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
773 | */ | ||
774 | int cap_task_setnice(struct task_struct *p, int nice) | ||
564 | { | 775 | { |
565 | return cap_safe_nice(p); | 776 | return cap_safe_nice(p); |
566 | } | 777 | } |
567 | 778 | ||
568 | /* | 779 | /* |
569 | * called from kernel/sys.c for prctl(PR_CABSET_DROP) | 780 | * Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from |
570 | * done without task_capability_lock() because it introduces | 781 | * the current task's bounding set. Returns 0 on success, -ve on error. |
571 | * no new races - i.e. only another task doing capget() on | ||
572 | * this task could get inconsistent info. There can be no | ||
573 | * racing writer bc a task can only change its own caps. | ||
574 | */ | 782 | */ |
575 | static long cap_prctl_drop(unsigned long cap) | 783 | static long cap_prctl_drop(struct cred *new, unsigned long cap) |
576 | { | 784 | { |
577 | if (!capable(CAP_SETPCAP)) | 785 | if (!capable(CAP_SETPCAP)) |
578 | return -EPERM; | 786 | return -EPERM; |
579 | if (!cap_valid(cap)) | 787 | if (!cap_valid(cap)) |
580 | return -EINVAL; | 788 | return -EINVAL; |
581 | cap_lower(current->cap_bset, cap); | 789 | |
790 | cap_lower(new->cap_bset, cap); | ||
582 | return 0; | 791 | return 0; |
583 | } | 792 | } |
584 | 793 | ||
@@ -598,22 +807,42 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
598 | } | 807 | } |
599 | #endif | 808 | #endif |
600 | 809 | ||
810 | /** | ||
811 | * cap_task_prctl - Implement process control functions for this security module | ||
812 | * @option: The process control function requested | ||
813 | * @arg2, @arg3, @arg4, @arg5: The argument data for this function | ||
814 | * | ||
815 | * Allow process control functions (sys_prctl()) to alter capabilities; may | ||
816 | * also deny access to other functions not otherwise implemented here. | ||
817 | * | ||
818 | * Returns 0 or +ve on success, -ENOSYS if this function is not implemented | ||
819 | * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM | ||
820 | * modules will consider performing the function. | ||
821 | */ | ||
601 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 822 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
602 | unsigned long arg4, unsigned long arg5, long *rc_p) | 823 | unsigned long arg4, unsigned long arg5) |
603 | { | 824 | { |
825 | struct cred *new; | ||
604 | long error = 0; | 826 | long error = 0; |
605 | 827 | ||
828 | new = prepare_creds(); | ||
829 | if (!new) | ||
830 | return -ENOMEM; | ||
831 | |||
606 | switch (option) { | 832 | switch (option) { |
607 | case PR_CAPBSET_READ: | 833 | case PR_CAPBSET_READ: |
834 | error = -EINVAL; | ||
608 | if (!cap_valid(arg2)) | 835 | if (!cap_valid(arg2)) |
609 | error = -EINVAL; | 836 | goto error; |
610 | else | 837 | error = !!cap_raised(new->cap_bset, arg2); |
611 | error = !!cap_raised(current->cap_bset, arg2); | 838 | goto no_change; |
612 | break; | 839 | |
613 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 840 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
614 | case PR_CAPBSET_DROP: | 841 | case PR_CAPBSET_DROP: |
615 | error = cap_prctl_drop(arg2); | 842 | error = cap_prctl_drop(new, arg2); |
616 | break; | 843 | if (error < 0) |
844 | goto error; | ||
845 | goto changed; | ||
617 | 846 | ||
618 | /* | 847 | /* |
619 | * The next four prctl's remain to assist with transitioning a | 848 | * The next four prctl's remain to assist with transitioning a |
@@ -635,12 +864,12 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
635 | * capability-based-privilege environment. | 864 | * capability-based-privilege environment. |
636 | */ | 865 | */ |
637 | case PR_SET_SECUREBITS: | 866 | case PR_SET_SECUREBITS: |
638 | if ((((current->securebits & SECURE_ALL_LOCKS) >> 1) | 867 | error = -EPERM; |
639 | & (current->securebits ^ arg2)) /*[1]*/ | 868 | if ((((new->securebits & SECURE_ALL_LOCKS) >> 1) |
640 | || ((current->securebits & SECURE_ALL_LOCKS | 869 | & (new->securebits ^ arg2)) /*[1]*/ |
641 | & ~arg2)) /*[2]*/ | 870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
642 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
643 | || (cap_capable(current, CAP_SETPCAP) != 0)) { /*[4]*/ | 872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ |
644 | /* | 873 | /* |
645 | * [1] no changing of bits that are locked | 874 | * [1] no changing of bits that are locked |
646 | * [2] no unlocking of locks | 875 | * [2] no unlocking of locks |
@@ -648,65 +877,80 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
648 | * [4] doing anything requires privilege (go read about | 877 | * [4] doing anything requires privilege (go read about |
649 | * the "sendmail capabilities bug") | 878 | * the "sendmail capabilities bug") |
650 | */ | 879 | */ |
651 | error = -EPERM; /* cannot change a locked bit */ | 880 | ) |
652 | } else { | 881 | /* cannot change a locked bit */ |
653 | current->securebits = arg2; | 882 | goto error; |
654 | } | 883 | new->securebits = arg2; |
655 | break; | 884 | goto changed; |
885 | |||
656 | case PR_GET_SECUREBITS: | 886 | case PR_GET_SECUREBITS: |
657 | error = current->securebits; | 887 | error = new->securebits; |
658 | break; | 888 | goto no_change; |
659 | 889 | ||
660 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 890 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ |
661 | 891 | ||
662 | case PR_GET_KEEPCAPS: | 892 | case PR_GET_KEEPCAPS: |
663 | if (issecure(SECURE_KEEP_CAPS)) | 893 | if (issecure(SECURE_KEEP_CAPS)) |
664 | error = 1; | 894 | error = 1; |
665 | break; | 895 | goto no_change; |
896 | |||
666 | case PR_SET_KEEPCAPS: | 897 | case PR_SET_KEEPCAPS: |
898 | error = -EINVAL; | ||
667 | if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */ | 899 | if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */ |
668 | error = -EINVAL; | 900 | goto error; |
669 | else if (issecure(SECURE_KEEP_CAPS_LOCKED)) | 901 | error = -EPERM; |
670 | error = -EPERM; | 902 | if (issecure(SECURE_KEEP_CAPS_LOCKED)) |
671 | else if (arg2) | 903 | goto error; |
672 | current->securebits |= issecure_mask(SECURE_KEEP_CAPS); | 904 | if (arg2) |
905 | new->securebits |= issecure_mask(SECURE_KEEP_CAPS); | ||
673 | else | 906 | else |
674 | current->securebits &= | 907 | new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); |
675 | ~issecure_mask(SECURE_KEEP_CAPS); | 908 | goto changed; |
676 | break; | ||
677 | 909 | ||
678 | default: | 910 | default: |
679 | /* No functionality available - continue with default */ | 911 | /* No functionality available - continue with default */ |
680 | return 0; | 912 | error = -ENOSYS; |
913 | goto error; | ||
681 | } | 914 | } |
682 | 915 | ||
683 | /* Functionality provided */ | 916 | /* Functionality provided */ |
684 | *rc_p = error; | 917 | changed: |
685 | return 1; | 918 | return commit_creds(new); |
686 | } | ||
687 | 919 | ||
688 | void cap_task_reparent_to_init (struct task_struct *p) | 920 | no_change: |
689 | { | 921 | error = 0; |
690 | cap_set_init_eff(p->cap_effective); | 922 | error: |
691 | cap_clear(p->cap_inheritable); | 923 | abort_creds(new); |
692 | cap_set_full(p->cap_permitted); | 924 | return error; |
693 | p->securebits = SECUREBITS_DEFAULT; | ||
694 | return; | ||
695 | } | 925 | } |
696 | 926 | ||
697 | int cap_syslog (int type) | 927 | /** |
928 | * cap_syslog - Determine whether syslog function is permitted | ||
929 | * @type: Function requested | ||
930 | * | ||
931 | * Determine whether the current process is permitted to use a particular | ||
932 | * syslog function, returning 0 if permission is granted, -ve if not. | ||
933 | */ | ||
934 | int cap_syslog(int type) | ||
698 | { | 935 | { |
699 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 936 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) |
700 | return -EPERM; | 937 | return -EPERM; |
701 | return 0; | 938 | return 0; |
702 | } | 939 | } |
703 | 940 | ||
941 | /** | ||
942 | * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted | ||
943 | * @mm: The VM space in which the new mapping is to be made | ||
944 | * @pages: The size of the mapping | ||
945 | * | ||
946 | * Determine whether the allocation of a new virtual mapping by the current | ||
947 | * task is permitted, returning 0 if permission is granted, -ve if not. | ||
948 | */ | ||
704 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) | 949 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) |
705 | { | 950 | { |
706 | int cap_sys_admin = 0; | 951 | int cap_sys_admin = 0; |
707 | 952 | ||
708 | if (cap_capable(current, CAP_SYS_ADMIN) == 0) | 953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
709 | cap_sys_admin = 1; | 954 | cap_sys_admin = 1; |
710 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 955 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
711 | } | 956 | } |
712 | |||
diff --git a/security/keys/internal.h b/security/keys/internal.h index 239098f0fd76..81932abefe7b 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
@@ -12,8 +12,8 @@ | |||
12 | #ifndef _INTERNAL_H | 12 | #ifndef _INTERNAL_H |
13 | #define _INTERNAL_H | 13 | #define _INTERNAL_H |
14 | 14 | ||
15 | #include <linux/sched.h> | ||
15 | #include <linux/key-type.h> | 16 | #include <linux/key-type.h> |
16 | #include <linux/key-ui.h> | ||
17 | 17 | ||
18 | static inline __attribute__((format(printf, 1, 2))) | 18 | static inline __attribute__((format(printf, 1, 2))) |
19 | void no_printk(const char *fmt, ...) | 19 | void no_printk(const char *fmt, ...) |
@@ -26,7 +26,7 @@ void no_printk(const char *fmt, ...) | |||
26 | #define kleave(FMT, ...) \ | 26 | #define kleave(FMT, ...) \ |
27 | printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) | 27 | printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
28 | #define kdebug(FMT, ...) \ | 28 | #define kdebug(FMT, ...) \ |
29 | printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) | 29 | printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__) |
30 | #else | 30 | #else |
31 | #define kenter(FMT, ...) \ | 31 | #define kenter(FMT, ...) \ |
32 | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) | 32 | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
@@ -82,6 +82,9 @@ extern struct mutex key_construction_mutex; | |||
82 | extern wait_queue_head_t request_key_conswq; | 82 | extern wait_queue_head_t request_key_conswq; |
83 | 83 | ||
84 | 84 | ||
85 | extern struct key_type *key_type_lookup(const char *type); | ||
86 | extern void key_type_put(struct key_type *ktype); | ||
87 | |||
85 | extern int __key_link(struct key *keyring, struct key *key); | 88 | extern int __key_link(struct key *keyring, struct key *key); |
86 | 89 | ||
87 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, | 90 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
@@ -95,7 +98,7 @@ extern struct key *keyring_search_instkey(struct key *keyring, | |||
95 | typedef int (*key_match_func_t)(const struct key *, const void *); | 98 | typedef int (*key_match_func_t)(const struct key *, const void *); |
96 | 99 | ||
97 | extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | 100 | extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
98 | struct task_struct *tsk, | 101 | const struct cred *cred, |
99 | struct key_type *type, | 102 | struct key_type *type, |
100 | const void *description, | 103 | const void *description, |
101 | key_match_func_t match); | 104 | key_match_func_t match); |
@@ -103,13 +106,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
103 | extern key_ref_t search_process_keyrings(struct key_type *type, | 106 | extern key_ref_t search_process_keyrings(struct key_type *type, |
104 | const void *description, | 107 | const void *description, |
105 | key_match_func_t match, | 108 | key_match_func_t match, |
106 | struct task_struct *tsk); | 109 | const struct cred *cred); |
107 | 110 | ||
108 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); | 111 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); |
109 | 112 | ||
110 | extern int install_user_keyrings(struct task_struct *tsk); | 113 | extern int install_user_keyrings(void); |
111 | extern int install_thread_keyring(struct task_struct *tsk); | 114 | extern int install_thread_keyring_to_cred(struct cred *); |
112 | extern int install_process_keyring(struct task_struct *tsk); | 115 | extern int install_process_keyring_to_cred(struct cred *); |
113 | 116 | ||
114 | extern struct key *request_key_and_link(struct key_type *type, | 117 | extern struct key *request_key_and_link(struct key_type *type, |
115 | const char *description, | 118 | const char *description, |
@@ -119,12 +122,39 @@ extern struct key *request_key_and_link(struct key_type *type, | |||
119 | struct key *dest_keyring, | 122 | struct key *dest_keyring, |
120 | unsigned long flags); | 123 | unsigned long flags); |
121 | 124 | ||
125 | extern key_ref_t lookup_user_key(key_serial_t id, int create, int partial, | ||
126 | key_perm_t perm); | ||
127 | |||
128 | extern long join_session_keyring(const char *name); | ||
129 | |||
130 | /* | ||
131 | * check to see whether permission is granted to use a key in the desired way | ||
132 | */ | ||
133 | extern int key_task_permission(const key_ref_t key_ref, | ||
134 | const struct cred *cred, | ||
135 | key_perm_t perm); | ||
136 | |||
137 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
138 | { | ||
139 | return key_task_permission(key_ref, current_cred(), perm); | ||
140 | } | ||
141 | |||
142 | /* required permissions */ | ||
143 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
144 | #define KEY_READ 0x02 /* require permission to read content */ | ||
145 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
146 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
147 | #define KEY_LINK 0x10 /* require permission to link */ | ||
148 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
149 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
150 | |||
122 | /* | 151 | /* |
123 | * request_key authorisation | 152 | * request_key authorisation |
124 | */ | 153 | */ |
125 | struct request_key_auth { | 154 | struct request_key_auth { |
126 | struct key *target_key; | 155 | struct key *target_key; |
127 | struct task_struct *context; | 156 | struct key *dest_keyring; |
157 | const struct cred *cred; | ||
128 | void *callout_info; | 158 | void *callout_info; |
129 | size_t callout_len; | 159 | size_t callout_len; |
130 | pid_t pid; | 160 | pid_t pid; |
@@ -133,7 +163,8 @@ struct request_key_auth { | |||
133 | extern struct key_type key_type_request_key_auth; | 163 | extern struct key_type key_type_request_key_auth; |
134 | extern struct key *request_key_auth_new(struct key *target, | 164 | extern struct key *request_key_auth_new(struct key *target, |
135 | const void *callout_info, | 165 | const void *callout_info, |
136 | size_t callout_len); | 166 | size_t callout_len, |
167 | struct key *dest_keyring); | ||
137 | 168 | ||
138 | extern struct key *key_get_instantiation_authkey(key_serial_t target_id); | 169 | extern struct key *key_get_instantiation_authkey(key_serial_t target_id); |
139 | 170 | ||
diff --git a/security/keys/key.c b/security/keys/key.c index 14948cf83ef6..f76c8a546fd3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -218,7 +218,7 @@ serial_exists: | |||
218 | * instantiate the key or discard it before returning | 218 | * instantiate the key or discard it before returning |
219 | */ | 219 | */ |
220 | struct key *key_alloc(struct key_type *type, const char *desc, | 220 | struct key *key_alloc(struct key_type *type, const char *desc, |
221 | uid_t uid, gid_t gid, struct task_struct *ctx, | 221 | uid_t uid, gid_t gid, const struct cred *cred, |
222 | key_perm_t perm, unsigned long flags) | 222 | key_perm_t perm, unsigned long flags) |
223 | { | 223 | { |
224 | struct key_user *user = NULL; | 224 | struct key_user *user = NULL; |
@@ -294,7 +294,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
294 | #endif | 294 | #endif |
295 | 295 | ||
296 | /* let the security module know about the key */ | 296 | /* let the security module know about the key */ |
297 | ret = security_key_alloc(key, ctx, flags); | 297 | ret = security_key_alloc(key, cred, flags); |
298 | if (ret < 0) | 298 | if (ret < 0) |
299 | goto security_error; | 299 | goto security_error; |
300 | 300 | ||
@@ -391,7 +391,7 @@ static int __key_instantiate_and_link(struct key *key, | |||
391 | const void *data, | 391 | const void *data, |
392 | size_t datalen, | 392 | size_t datalen, |
393 | struct key *keyring, | 393 | struct key *keyring, |
394 | struct key *instkey) | 394 | struct key *authkey) |
395 | { | 395 | { |
396 | int ret, awaken; | 396 | int ret, awaken; |
397 | 397 | ||
@@ -421,8 +421,8 @@ static int __key_instantiate_and_link(struct key *key, | |||
421 | ret = __key_link(keyring, key); | 421 | ret = __key_link(keyring, key); |
422 | 422 | ||
423 | /* disable the authorisation key */ | 423 | /* disable the authorisation key */ |
424 | if (instkey) | 424 | if (authkey) |
425 | key_revoke(instkey); | 425 | key_revoke(authkey); |
426 | } | 426 | } |
427 | } | 427 | } |
428 | 428 | ||
@@ -444,14 +444,14 @@ int key_instantiate_and_link(struct key *key, | |||
444 | const void *data, | 444 | const void *data, |
445 | size_t datalen, | 445 | size_t datalen, |
446 | struct key *keyring, | 446 | struct key *keyring, |
447 | struct key *instkey) | 447 | struct key *authkey) |
448 | { | 448 | { |
449 | int ret; | 449 | int ret; |
450 | 450 | ||
451 | if (keyring) | 451 | if (keyring) |
452 | down_write(&keyring->sem); | 452 | down_write(&keyring->sem); |
453 | 453 | ||
454 | ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey); | 454 | ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey); |
455 | 455 | ||
456 | if (keyring) | 456 | if (keyring) |
457 | up_write(&keyring->sem); | 457 | up_write(&keyring->sem); |
@@ -469,7 +469,7 @@ EXPORT_SYMBOL(key_instantiate_and_link); | |||
469 | int key_negate_and_link(struct key *key, | 469 | int key_negate_and_link(struct key *key, |
470 | unsigned timeout, | 470 | unsigned timeout, |
471 | struct key *keyring, | 471 | struct key *keyring, |
472 | struct key *instkey) | 472 | struct key *authkey) |
473 | { | 473 | { |
474 | struct timespec now; | 474 | struct timespec now; |
475 | int ret, awaken; | 475 | int ret, awaken; |
@@ -504,8 +504,8 @@ int key_negate_and_link(struct key *key, | |||
504 | ret = __key_link(keyring, key); | 504 | ret = __key_link(keyring, key); |
505 | 505 | ||
506 | /* disable the authorisation key */ | 506 | /* disable the authorisation key */ |
507 | if (instkey) | 507 | if (authkey) |
508 | key_revoke(instkey); | 508 | key_revoke(authkey); |
509 | } | 509 | } |
510 | 510 | ||
511 | mutex_unlock(&key_construction_mutex); | 511 | mutex_unlock(&key_construction_mutex); |
@@ -743,6 +743,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
743 | key_perm_t perm, | 743 | key_perm_t perm, |
744 | unsigned long flags) | 744 | unsigned long flags) |
745 | { | 745 | { |
746 | const struct cred *cred = current_cred(); | ||
746 | struct key_type *ktype; | 747 | struct key_type *ktype; |
747 | struct key *keyring, *key = NULL; | 748 | struct key *keyring, *key = NULL; |
748 | key_ref_t key_ref; | 749 | key_ref_t key_ref; |
@@ -802,8 +803,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
802 | } | 803 | } |
803 | 804 | ||
804 | /* allocate a new key */ | 805 | /* allocate a new key */ |
805 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | 806 | key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred, |
806 | current, perm, flags); | 807 | perm, flags); |
807 | if (IS_ERR(key)) { | 808 | if (IS_ERR(key)) { |
808 | key_ref = ERR_CAST(key); | 809 | key_ref = ERR_CAST(key); |
809 | goto error_3; | 810 | goto error_3; |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index acc9c89e40a8..7c72baa02f2e 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -103,7 +103,7 @@ asmlinkage long sys_add_key(const char __user *_type, | |||
103 | } | 103 | } |
104 | 104 | ||
105 | /* find the target keyring (which must be writable) */ | 105 | /* find the target keyring (which must be writable) */ |
106 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 106 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
107 | if (IS_ERR(keyring_ref)) { | 107 | if (IS_ERR(keyring_ref)) { |
108 | ret = PTR_ERR(keyring_ref); | 108 | ret = PTR_ERR(keyring_ref); |
109 | goto error3; | 109 | goto error3; |
@@ -185,7 +185,7 @@ asmlinkage long sys_request_key(const char __user *_type, | |||
185 | /* get the destination keyring if specified */ | 185 | /* get the destination keyring if specified */ |
186 | dest_ref = NULL; | 186 | dest_ref = NULL; |
187 | if (destringid) { | 187 | if (destringid) { |
188 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); | 188 | dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); |
189 | if (IS_ERR(dest_ref)) { | 189 | if (IS_ERR(dest_ref)) { |
190 | ret = PTR_ERR(dest_ref); | 190 | ret = PTR_ERR(dest_ref); |
191 | goto error3; | 191 | goto error3; |
@@ -235,7 +235,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create) | |||
235 | key_ref_t key_ref; | 235 | key_ref_t key_ref; |
236 | long ret; | 236 | long ret; |
237 | 237 | ||
238 | key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); | 238 | key_ref = lookup_user_key(id, create, 0, KEY_SEARCH); |
239 | if (IS_ERR(key_ref)) { | 239 | if (IS_ERR(key_ref)) { |
240 | ret = PTR_ERR(key_ref); | 240 | ret = PTR_ERR(key_ref); |
241 | goto error; | 241 | goto error; |
@@ -308,7 +308,7 @@ long keyctl_update_key(key_serial_t id, | |||
308 | } | 308 | } |
309 | 309 | ||
310 | /* find the target key (which must be writable) */ | 310 | /* find the target key (which must be writable) */ |
311 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); | 311 | key_ref = lookup_user_key(id, 0, 0, KEY_WRITE); |
312 | if (IS_ERR(key_ref)) { | 312 | if (IS_ERR(key_ref)) { |
313 | ret = PTR_ERR(key_ref); | 313 | ret = PTR_ERR(key_ref); |
314 | goto error2; | 314 | goto error2; |
@@ -336,7 +336,7 @@ long keyctl_revoke_key(key_serial_t id) | |||
336 | key_ref_t key_ref; | 336 | key_ref_t key_ref; |
337 | long ret; | 337 | long ret; |
338 | 338 | ||
339 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); | 339 | key_ref = lookup_user_key(id, 0, 0, KEY_WRITE); |
340 | if (IS_ERR(key_ref)) { | 340 | if (IS_ERR(key_ref)) { |
341 | ret = PTR_ERR(key_ref); | 341 | ret = PTR_ERR(key_ref); |
342 | goto error; | 342 | goto error; |
@@ -362,7 +362,7 @@ long keyctl_keyring_clear(key_serial_t ringid) | |||
362 | key_ref_t keyring_ref; | 362 | key_ref_t keyring_ref; |
363 | long ret; | 363 | long ret; |
364 | 364 | ||
365 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 365 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
366 | if (IS_ERR(keyring_ref)) { | 366 | if (IS_ERR(keyring_ref)) { |
367 | ret = PTR_ERR(keyring_ref); | 367 | ret = PTR_ERR(keyring_ref); |
368 | goto error; | 368 | goto error; |
@@ -388,13 +388,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) | |||
388 | key_ref_t keyring_ref, key_ref; | 388 | key_ref_t keyring_ref, key_ref; |
389 | long ret; | 389 | long ret; |
390 | 390 | ||
391 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 391 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
392 | if (IS_ERR(keyring_ref)) { | 392 | if (IS_ERR(keyring_ref)) { |
393 | ret = PTR_ERR(keyring_ref); | 393 | ret = PTR_ERR(keyring_ref); |
394 | goto error; | 394 | goto error; |
395 | } | 395 | } |
396 | 396 | ||
397 | key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK); | 397 | key_ref = lookup_user_key(id, 1, 0, KEY_LINK); |
398 | if (IS_ERR(key_ref)) { | 398 | if (IS_ERR(key_ref)) { |
399 | ret = PTR_ERR(key_ref); | 399 | ret = PTR_ERR(key_ref); |
400 | goto error2; | 400 | goto error2; |
@@ -422,13 +422,13 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) | |||
422 | key_ref_t keyring_ref, key_ref; | 422 | key_ref_t keyring_ref, key_ref; |
423 | long ret; | 423 | long ret; |
424 | 424 | ||
425 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); | 425 | keyring_ref = lookup_user_key(ringid, 0, 0, KEY_WRITE); |
426 | if (IS_ERR(keyring_ref)) { | 426 | if (IS_ERR(keyring_ref)) { |
427 | ret = PTR_ERR(keyring_ref); | 427 | ret = PTR_ERR(keyring_ref); |
428 | goto error; | 428 | goto error; |
429 | } | 429 | } |
430 | 430 | ||
431 | key_ref = lookup_user_key(NULL, id, 0, 0, 0); | 431 | key_ref = lookup_user_key(id, 0, 0, 0); |
432 | if (IS_ERR(key_ref)) { | 432 | if (IS_ERR(key_ref)) { |
433 | ret = PTR_ERR(key_ref); | 433 | ret = PTR_ERR(key_ref); |
434 | goto error2; | 434 | goto error2; |
@@ -464,7 +464,7 @@ long keyctl_describe_key(key_serial_t keyid, | |||
464 | char *tmpbuf; | 464 | char *tmpbuf; |
465 | long ret; | 465 | long ret; |
466 | 466 | ||
467 | key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); | 467 | key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW); |
468 | if (IS_ERR(key_ref)) { | 468 | if (IS_ERR(key_ref)) { |
469 | /* viewing a key under construction is permitted if we have the | 469 | /* viewing a key under construction is permitted if we have the |
470 | * authorisation token handy */ | 470 | * authorisation token handy */ |
@@ -472,7 +472,7 @@ long keyctl_describe_key(key_serial_t keyid, | |||
472 | instkey = key_get_instantiation_authkey(keyid); | 472 | instkey = key_get_instantiation_authkey(keyid); |
473 | if (!IS_ERR(instkey)) { | 473 | if (!IS_ERR(instkey)) { |
474 | key_put(instkey); | 474 | key_put(instkey); |
475 | key_ref = lookup_user_key(NULL, keyid, | 475 | key_ref = lookup_user_key(keyid, |
476 | 0, 1, 0); | 476 | 0, 1, 0); |
477 | if (!IS_ERR(key_ref)) | 477 | if (!IS_ERR(key_ref)) |
478 | goto okay; | 478 | goto okay; |
@@ -557,7 +557,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
557 | } | 557 | } |
558 | 558 | ||
559 | /* get the keyring at which to begin the search */ | 559 | /* get the keyring at which to begin the search */ |
560 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); | 560 | keyring_ref = lookup_user_key(ringid, 0, 0, KEY_SEARCH); |
561 | if (IS_ERR(keyring_ref)) { | 561 | if (IS_ERR(keyring_ref)) { |
562 | ret = PTR_ERR(keyring_ref); | 562 | ret = PTR_ERR(keyring_ref); |
563 | goto error2; | 563 | goto error2; |
@@ -566,7 +566,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
566 | /* get the destination keyring if specified */ | 566 | /* get the destination keyring if specified */ |
567 | dest_ref = NULL; | 567 | dest_ref = NULL; |
568 | if (destringid) { | 568 | if (destringid) { |
569 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); | 569 | dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); |
570 | if (IS_ERR(dest_ref)) { | 570 | if (IS_ERR(dest_ref)) { |
571 | ret = PTR_ERR(dest_ref); | 571 | ret = PTR_ERR(dest_ref); |
572 | goto error3; | 572 | goto error3; |
@@ -636,7 +636,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) | |||
636 | long ret; | 636 | long ret; |
637 | 637 | ||
638 | /* find the key first */ | 638 | /* find the key first */ |
639 | key_ref = lookup_user_key(NULL, keyid, 0, 0, 0); | 639 | key_ref = lookup_user_key(keyid, 0, 0, 0); |
640 | if (IS_ERR(key_ref)) { | 640 | if (IS_ERR(key_ref)) { |
641 | ret = -ENOKEY; | 641 | ret = -ENOKEY; |
642 | goto error; | 642 | goto error; |
@@ -699,7 +699,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) | |||
699 | if (uid == (uid_t) -1 && gid == (gid_t) -1) | 699 | if (uid == (uid_t) -1 && gid == (gid_t) -1) |
700 | goto error; | 700 | goto error; |
701 | 701 | ||
702 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 702 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
703 | if (IS_ERR(key_ref)) { | 703 | if (IS_ERR(key_ref)) { |
704 | ret = PTR_ERR(key_ref); | 704 | ret = PTR_ERR(key_ref); |
705 | goto error; | 705 | goto error; |
@@ -804,7 +804,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
804 | if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) | 804 | if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) |
805 | goto error; | 805 | goto error; |
806 | 806 | ||
807 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 807 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
808 | if (IS_ERR(key_ref)) { | 808 | if (IS_ERR(key_ref)) { |
809 | ret = PTR_ERR(key_ref); | 809 | ret = PTR_ERR(key_ref); |
810 | goto error; | 810 | goto error; |
@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
817 | down_write(&key->sem); | 817 | down_write(&key->sem); |
818 | 818 | ||
819 | /* if we're not the sysadmin, we can only change a key that we own */ | 819 | /* if we're not the sysadmin, we can only change a key that we own */ |
820 | if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { | 820 | if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { |
821 | key->perm = perm; | 821 | key->perm = perm; |
822 | ret = 0; | 822 | ret = 0; |
823 | } | 823 | } |
@@ -829,6 +829,60 @@ error: | |||
829 | 829 | ||
830 | } /* end keyctl_setperm_key() */ | 830 | } /* end keyctl_setperm_key() */ |
831 | 831 | ||
832 | /* | ||
833 | * get the destination keyring for instantiation | ||
834 | */ | ||
835 | static long get_instantiation_keyring(key_serial_t ringid, | ||
836 | struct request_key_auth *rka, | ||
837 | struct key **_dest_keyring) | ||
838 | { | ||
839 | key_ref_t dkref; | ||
840 | |||
841 | /* just return a NULL pointer if we weren't asked to make a link */ | ||
842 | if (ringid == 0) { | ||
843 | *_dest_keyring = NULL; | ||
844 | return 0; | ||
845 | } | ||
846 | |||
847 | /* if a specific keyring is nominated by ID, then use that */ | ||
848 | if (ringid > 0) { | ||
849 | dkref = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
850 | if (IS_ERR(dkref)) | ||
851 | return PTR_ERR(dkref); | ||
852 | *_dest_keyring = key_ref_to_ptr(dkref); | ||
853 | return 0; | ||
854 | } | ||
855 | |||
856 | if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) | ||
857 | return -EINVAL; | ||
858 | |||
859 | /* otherwise specify the destination keyring recorded in the | ||
860 | * authorisation key (any KEY_SPEC_*_KEYRING) */ | ||
861 | if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { | ||
862 | *_dest_keyring = rka->dest_keyring; | ||
863 | return 0; | ||
864 | } | ||
865 | |||
866 | return -ENOKEY; | ||
867 | } | ||
868 | |||
869 | /* | ||
870 | * change the request_key authorisation key on the current process | ||
871 | */ | ||
872 | static int keyctl_change_reqkey_auth(struct key *key) | ||
873 | { | ||
874 | struct cred *new; | ||
875 | |||
876 | new = prepare_creds(); | ||
877 | if (!new) | ||
878 | return -ENOMEM; | ||
879 | |||
880 | key_put(new->request_key_auth); | ||
881 | new->request_key_auth = key_get(key); | ||
882 | |||
883 | return commit_creds(new); | ||
884 | } | ||
885 | |||
832 | /*****************************************************************************/ | 886 | /*****************************************************************************/ |
833 | /* | 887 | /* |
834 | * instantiate the key with the specified payload, and, if one is given, link | 888 | * instantiate the key with the specified payload, and, if one is given, link |
@@ -839,13 +893,15 @@ long keyctl_instantiate_key(key_serial_t id, | |||
839 | size_t plen, | 893 | size_t plen, |
840 | key_serial_t ringid) | 894 | key_serial_t ringid) |
841 | { | 895 | { |
896 | const struct cred *cred = current_cred(); | ||
842 | struct request_key_auth *rka; | 897 | struct request_key_auth *rka; |
843 | struct key *instkey; | 898 | struct key *instkey, *dest_keyring; |
844 | key_ref_t keyring_ref; | ||
845 | void *payload; | 899 | void *payload; |
846 | long ret; | 900 | long ret; |
847 | bool vm = false; | 901 | bool vm = false; |
848 | 902 | ||
903 | kenter("%d,,%zu,%d", id, plen, ringid); | ||
904 | |||
849 | ret = -EINVAL; | 905 | ret = -EINVAL; |
850 | if (plen > 1024 * 1024 - 1) | 906 | if (plen > 1024 * 1024 - 1) |
851 | goto error; | 907 | goto error; |
@@ -853,7 +909,7 @@ long keyctl_instantiate_key(key_serial_t id, | |||
853 | /* the appropriate instantiation authorisation key must have been | 909 | /* the appropriate instantiation authorisation key must have been |
854 | * assumed before calling this */ | 910 | * assumed before calling this */ |
855 | ret = -EPERM; | 911 | ret = -EPERM; |
856 | instkey = current->request_key_auth; | 912 | instkey = cred->request_key_auth; |
857 | if (!instkey) | 913 | if (!instkey) |
858 | goto error; | 914 | goto error; |
859 | 915 | ||
@@ -883,28 +939,20 @@ long keyctl_instantiate_key(key_serial_t id, | |||
883 | 939 | ||
884 | /* find the destination keyring amongst those belonging to the | 940 | /* find the destination keyring amongst those belonging to the |
885 | * requesting task */ | 941 | * requesting task */ |
886 | keyring_ref = NULL; | 942 | ret = get_instantiation_keyring(ringid, rka, &dest_keyring); |
887 | if (ringid) { | 943 | if (ret < 0) |
888 | keyring_ref = lookup_user_key(rka->context, ringid, 1, 0, | 944 | goto error2; |
889 | KEY_WRITE); | ||
890 | if (IS_ERR(keyring_ref)) { | ||
891 | ret = PTR_ERR(keyring_ref); | ||
892 | goto error2; | ||
893 | } | ||
894 | } | ||
895 | 945 | ||
896 | /* instantiate the key and link it into a keyring */ | 946 | /* instantiate the key and link it into a keyring */ |
897 | ret = key_instantiate_and_link(rka->target_key, payload, plen, | 947 | ret = key_instantiate_and_link(rka->target_key, payload, plen, |
898 | key_ref_to_ptr(keyring_ref), instkey); | 948 | dest_keyring, instkey); |
899 | 949 | ||
900 | key_ref_put(keyring_ref); | 950 | key_put(dest_keyring); |
901 | 951 | ||
902 | /* discard the assumed authority if it's just been disabled by | 952 | /* discard the assumed authority if it's just been disabled by |
903 | * instantiation of the key */ | 953 | * instantiation of the key */ |
904 | if (ret == 0) { | 954 | if (ret == 0) |
905 | key_put(current->request_key_auth); | 955 | keyctl_change_reqkey_auth(NULL); |
906 | current->request_key_auth = NULL; | ||
907 | } | ||
908 | 956 | ||
909 | error2: | 957 | error2: |
910 | if (!vm) | 958 | if (!vm) |
@@ -923,15 +971,17 @@ error: | |||
923 | */ | 971 | */ |
924 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | 972 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) |
925 | { | 973 | { |
974 | const struct cred *cred = current_cred(); | ||
926 | struct request_key_auth *rka; | 975 | struct request_key_auth *rka; |
927 | struct key *instkey; | 976 | struct key *instkey, *dest_keyring; |
928 | key_ref_t keyring_ref; | ||
929 | long ret; | 977 | long ret; |
930 | 978 | ||
979 | kenter("%d,%u,%d", id, timeout, ringid); | ||
980 | |||
931 | /* the appropriate instantiation authorisation key must have been | 981 | /* the appropriate instantiation authorisation key must have been |
932 | * assumed before calling this */ | 982 | * assumed before calling this */ |
933 | ret = -EPERM; | 983 | ret = -EPERM; |
934 | instkey = current->request_key_auth; | 984 | instkey = cred->request_key_auth; |
935 | if (!instkey) | 985 | if (!instkey) |
936 | goto error; | 986 | goto error; |
937 | 987 | ||
@@ -941,27 +991,20 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
941 | 991 | ||
942 | /* find the destination keyring if present (which must also be | 992 | /* find the destination keyring if present (which must also be |
943 | * writable) */ | 993 | * writable) */ |
944 | keyring_ref = NULL; | 994 | ret = get_instantiation_keyring(ringid, rka, &dest_keyring); |
945 | if (ringid) { | 995 | if (ret < 0) |
946 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 996 | goto error; |
947 | if (IS_ERR(keyring_ref)) { | ||
948 | ret = PTR_ERR(keyring_ref); | ||
949 | goto error; | ||
950 | } | ||
951 | } | ||
952 | 997 | ||
953 | /* instantiate the key and link it into a keyring */ | 998 | /* instantiate the key and link it into a keyring */ |
954 | ret = key_negate_and_link(rka->target_key, timeout, | 999 | ret = key_negate_and_link(rka->target_key, timeout, |
955 | key_ref_to_ptr(keyring_ref), instkey); | 1000 | dest_keyring, instkey); |
956 | 1001 | ||
957 | key_ref_put(keyring_ref); | 1002 | key_put(dest_keyring); |
958 | 1003 | ||
959 | /* discard the assumed authority if it's just been disabled by | 1004 | /* discard the assumed authority if it's just been disabled by |
960 | * instantiation of the key */ | 1005 | * instantiation of the key */ |
961 | if (ret == 0) { | 1006 | if (ret == 0) |
962 | key_put(current->request_key_auth); | 1007 | keyctl_change_reqkey_auth(NULL); |
963 | current->request_key_auth = NULL; | ||
964 | } | ||
965 | 1008 | ||
966 | error: | 1009 | error: |
967 | return ret; | 1010 | return ret; |
@@ -975,35 +1018,56 @@ error: | |||
975 | */ | 1018 | */ |
976 | long keyctl_set_reqkey_keyring(int reqkey_defl) | 1019 | long keyctl_set_reqkey_keyring(int reqkey_defl) |
977 | { | 1020 | { |
978 | int ret; | 1021 | struct cred *new; |
1022 | int ret, old_setting; | ||
1023 | |||
1024 | old_setting = current_cred_xxx(jit_keyring); | ||
1025 | |||
1026 | if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) | ||
1027 | return old_setting; | ||
1028 | |||
1029 | new = prepare_creds(); | ||
1030 | if (!new) | ||
1031 | return -ENOMEM; | ||
979 | 1032 | ||
980 | switch (reqkey_defl) { | 1033 | switch (reqkey_defl) { |
981 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | 1034 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
982 | ret = install_thread_keyring(current); | 1035 | ret = install_thread_keyring_to_cred(new); |
983 | if (ret < 0) | 1036 | if (ret < 0) |
984 | return ret; | 1037 | goto error; |
985 | goto set; | 1038 | goto set; |
986 | 1039 | ||
987 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 1040 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
988 | ret = install_process_keyring(current); | 1041 | ret = install_process_keyring_to_cred(new); |
989 | if (ret < 0) | 1042 | if (ret < 0) { |
990 | return ret; | 1043 | if (ret != -EEXIST) |
1044 | goto error; | ||
1045 | ret = 0; | ||
1046 | } | ||
1047 | goto set; | ||
991 | 1048 | ||
992 | case KEY_REQKEY_DEFL_DEFAULT: | 1049 | case KEY_REQKEY_DEFL_DEFAULT: |
993 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 1050 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
994 | case KEY_REQKEY_DEFL_USER_KEYRING: | 1051 | case KEY_REQKEY_DEFL_USER_KEYRING: |
995 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 1052 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
996 | set: | 1053 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
997 | current->jit_keyring = reqkey_defl; | 1054 | goto set; |
998 | 1055 | ||
999 | case KEY_REQKEY_DEFL_NO_CHANGE: | 1056 | case KEY_REQKEY_DEFL_NO_CHANGE: |
1000 | return current->jit_keyring; | ||
1001 | |||
1002 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 1057 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
1003 | default: | 1058 | default: |
1004 | return -EINVAL; | 1059 | ret = -EINVAL; |
1060 | goto error; | ||
1005 | } | 1061 | } |
1006 | 1062 | ||
1063 | set: | ||
1064 | new->jit_keyring = reqkey_defl; | ||
1065 | commit_creds(new); | ||
1066 | return old_setting; | ||
1067 | error: | ||
1068 | abort_creds(new); | ||
1069 | return -EINVAL; | ||
1070 | |||
1007 | } /* end keyctl_set_reqkey_keyring() */ | 1071 | } /* end keyctl_set_reqkey_keyring() */ |
1008 | 1072 | ||
1009 | /*****************************************************************************/ | 1073 | /*****************************************************************************/ |
@@ -1018,7 +1082,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) | |||
1018 | time_t expiry; | 1082 | time_t expiry; |
1019 | long ret; | 1083 | long ret; |
1020 | 1084 | ||
1021 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 1085 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
1022 | if (IS_ERR(key_ref)) { | 1086 | if (IS_ERR(key_ref)) { |
1023 | ret = PTR_ERR(key_ref); | 1087 | ret = PTR_ERR(key_ref); |
1024 | goto error; | 1088 | goto error; |
@@ -1062,9 +1126,7 @@ long keyctl_assume_authority(key_serial_t id) | |||
1062 | 1126 | ||
1063 | /* we divest ourselves of authority if given an ID of 0 */ | 1127 | /* we divest ourselves of authority if given an ID of 0 */ |
1064 | if (id == 0) { | 1128 | if (id == 0) { |
1065 | key_put(current->request_key_auth); | 1129 | ret = keyctl_change_reqkey_auth(NULL); |
1066 | current->request_key_auth = NULL; | ||
1067 | ret = 0; | ||
1068 | goto error; | 1130 | goto error; |
1069 | } | 1131 | } |
1070 | 1132 | ||
@@ -1079,10 +1141,12 @@ long keyctl_assume_authority(key_serial_t id) | |||
1079 | goto error; | 1141 | goto error; |
1080 | } | 1142 | } |
1081 | 1143 | ||
1082 | key_put(current->request_key_auth); | 1144 | ret = keyctl_change_reqkey_auth(authkey); |
1083 | current->request_key_auth = authkey; | 1145 | if (ret < 0) |
1084 | ret = authkey->serial; | 1146 | goto error; |
1147 | key_put(authkey); | ||
1085 | 1148 | ||
1149 | ret = authkey->serial; | ||
1086 | error: | 1150 | error: |
1087 | return ret; | 1151 | return ret; |
1088 | 1152 | ||
@@ -1105,7 +1169,7 @@ long keyctl_get_security(key_serial_t keyid, | |||
1105 | char *context; | 1169 | char *context; |
1106 | long ret; | 1170 | long ret; |
1107 | 1171 | ||
1108 | key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); | 1172 | key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW); |
1109 | if (IS_ERR(key_ref)) { | 1173 | if (IS_ERR(key_ref)) { |
1110 | if (PTR_ERR(key_ref) != -EACCES) | 1174 | if (PTR_ERR(key_ref) != -EACCES) |
1111 | return PTR_ERR(key_ref); | 1175 | return PTR_ERR(key_ref); |
@@ -1117,7 +1181,7 @@ long keyctl_get_security(key_serial_t keyid, | |||
1117 | return PTR_ERR(key_ref); | 1181 | return PTR_ERR(key_ref); |
1118 | key_put(instkey); | 1182 | key_put(instkey); |
1119 | 1183 | ||
1120 | key_ref = lookup_user_key(NULL, keyid, 0, 1, 0); | 1184 | key_ref = lookup_user_key(keyid, 0, 1, 0); |
1121 | if (IS_ERR(key_ref)) | 1185 | if (IS_ERR(key_ref)) |
1122 | return PTR_ERR(key_ref); | 1186 | return PTR_ERR(key_ref); |
1123 | } | 1187 | } |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index a9ab8affc092..ed851574d073 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
@@ -16,6 +16,7 @@ | |||
16 | #include <linux/security.h> | 16 | #include <linux/security.h> |
17 | #include <linux/seq_file.h> | 17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
19 | #include <keys/keyring-type.h> | ||
19 | #include <asm/uaccess.h> | 20 | #include <asm/uaccess.h> |
20 | #include "internal.h" | 21 | #include "internal.h" |
21 | 22 | ||
@@ -244,14 +245,14 @@ static long keyring_read(const struct key *keyring, | |||
244 | * allocate a keyring and link into the destination keyring | 245 | * allocate a keyring and link into the destination keyring |
245 | */ | 246 | */ |
246 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | 247 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
247 | struct task_struct *ctx, unsigned long flags, | 248 | const struct cred *cred, unsigned long flags, |
248 | struct key *dest) | 249 | struct key *dest) |
249 | { | 250 | { |
250 | struct key *keyring; | 251 | struct key *keyring; |
251 | int ret; | 252 | int ret; |
252 | 253 | ||
253 | keyring = key_alloc(&key_type_keyring, description, | 254 | keyring = key_alloc(&key_type_keyring, description, |
254 | uid, gid, ctx, | 255 | uid, gid, cred, |
255 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, | 256 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, |
256 | flags); | 257 | flags); |
257 | 258 | ||
@@ -280,7 +281,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | |||
280 | * - we propagate the possession attribute from the keyring ref to the key ref | 281 | * - we propagate the possession attribute from the keyring ref to the key ref |
281 | */ | 282 | */ |
282 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, | 283 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
283 | struct task_struct *context, | 284 | const struct cred *cred, |
284 | struct key_type *type, | 285 | struct key_type *type, |
285 | const void *description, | 286 | const void *description, |
286 | key_match_func_t match) | 287 | key_match_func_t match) |
@@ -303,7 +304,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
303 | key_check(keyring); | 304 | key_check(keyring); |
304 | 305 | ||
305 | /* top keyring must have search permission to begin the search */ | 306 | /* top keyring must have search permission to begin the search */ |
306 | err = key_task_permission(keyring_ref, context, KEY_SEARCH); | 307 | err = key_task_permission(keyring_ref, cred, KEY_SEARCH); |
307 | if (err < 0) { | 308 | if (err < 0) { |
308 | key_ref = ERR_PTR(err); | 309 | key_ref = ERR_PTR(err); |
309 | goto error; | 310 | goto error; |
@@ -376,7 +377,7 @@ descend: | |||
376 | 377 | ||
377 | /* key must have search permissions */ | 378 | /* key must have search permissions */ |
378 | if (key_task_permission(make_key_ref(key, possessed), | 379 | if (key_task_permission(make_key_ref(key, possessed), |
379 | context, KEY_SEARCH) < 0) | 380 | cred, KEY_SEARCH) < 0) |
380 | continue; | 381 | continue; |
381 | 382 | ||
382 | /* we set a different error code if we pass a negative key */ | 383 | /* we set a different error code if we pass a negative key */ |
@@ -403,7 +404,7 @@ ascend: | |||
403 | continue; | 404 | continue; |
404 | 405 | ||
405 | if (key_task_permission(make_key_ref(key, possessed), | 406 | if (key_task_permission(make_key_ref(key, possessed), |
406 | context, KEY_SEARCH) < 0) | 407 | cred, KEY_SEARCH) < 0) |
407 | continue; | 408 | continue; |
408 | 409 | ||
409 | /* stack the current position */ | 410 | /* stack the current position */ |
@@ -458,7 +459,7 @@ key_ref_t keyring_search(key_ref_t keyring, | |||
458 | if (!type->match) | 459 | if (!type->match) |
459 | return ERR_PTR(-ENOKEY); | 460 | return ERR_PTR(-ENOKEY); |
460 | 461 | ||
461 | return keyring_search_aux(keyring, current, | 462 | return keyring_search_aux(keyring, current->cred, |
462 | type, description, type->match); | 463 | type, description, type->match); |
463 | 464 | ||
464 | } /* end keyring_search() */ | 465 | } /* end keyring_search() */ |
diff --git a/security/keys/permission.c b/security/keys/permission.c index 3b41f9b52537..5d9fc7b93f2e 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
@@ -14,12 +14,19 @@ | |||
14 | #include "internal.h" | 14 | #include "internal.h" |
15 | 15 | ||
16 | /*****************************************************************************/ | 16 | /*****************************************************************************/ |
17 | /* | 17 | /** |
18 | * check to see whether permission is granted to use a key in the desired way, | 18 | * key_task_permission - Check a key can be used |
19 | * but permit the security modules to override | 19 | * @key_ref: The key to check |
20 | * @cred: The credentials to use | ||
21 | * @perm: The permissions to check for | ||
22 | * | ||
23 | * Check to see whether permission is granted to use a key in the desired way, | ||
24 | * but permit the security modules to override. | ||
25 | * | ||
26 | * The caller must hold either a ref on cred or must hold the RCU readlock or a | ||
27 | * spinlock. | ||
20 | */ | 28 | */ |
21 | int key_task_permission(const key_ref_t key_ref, | 29 | int key_task_permission(const key_ref_t key_ref, const struct cred *cred, |
22 | struct task_struct *context, | ||
23 | key_perm_t perm) | 30 | key_perm_t perm) |
24 | { | 31 | { |
25 | struct key *key; | 32 | struct key *key; |
@@ -29,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
29 | key = key_ref_to_ptr(key_ref); | 36 | key = key_ref_to_ptr(key_ref); |
30 | 37 | ||
31 | /* use the second 8-bits of permissions for keys the caller owns */ | 38 | /* use the second 8-bits of permissions for keys the caller owns */ |
32 | if (key->uid == context->fsuid) { | 39 | if (key->uid == cred->fsuid) { |
33 | kperm = key->perm >> 16; | 40 | kperm = key->perm >> 16; |
34 | goto use_these_perms; | 41 | goto use_these_perms; |
35 | } | 42 | } |
@@ -37,15 +44,12 @@ int key_task_permission(const key_ref_t key_ref, | |||
37 | /* use the third 8-bits of permissions for keys the caller has a group | 44 | /* use the third 8-bits of permissions for keys the caller has a group |
38 | * membership in common with */ | 45 | * membership in common with */ |
39 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { | 46 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { |
40 | if (key->gid == context->fsgid) { | 47 | if (key->gid == cred->fsgid) { |
41 | kperm = key->perm >> 8; | 48 | kperm = key->perm >> 8; |
42 | goto use_these_perms; | 49 | goto use_these_perms; |
43 | } | 50 | } |
44 | 51 | ||
45 | task_lock(context); | 52 | ret = groups_search(cred->group_info, key->gid); |
46 | ret = groups_search(context->group_info, key->gid); | ||
47 | task_unlock(context); | ||
48 | |||
49 | if (ret) { | 53 | if (ret) { |
50 | kperm = key->perm >> 8; | 54 | kperm = key->perm >> 8; |
51 | goto use_these_perms; | 55 | goto use_these_perms; |
@@ -56,6 +60,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
56 | kperm = key->perm; | 60 | kperm = key->perm; |
57 | 61 | ||
58 | use_these_perms: | 62 | use_these_perms: |
63 | |||
59 | /* use the top 8-bits of permissions for keys the caller possesses | 64 | /* use the top 8-bits of permissions for keys the caller possesses |
60 | * - possessor permissions are additive with other permissions | 65 | * - possessor permissions are additive with other permissions |
61 | */ | 66 | */ |
@@ -68,7 +73,7 @@ use_these_perms: | |||
68 | return -EACCES; | 73 | return -EACCES; |
69 | 74 | ||
70 | /* let LSM be the final arbiter */ | 75 | /* let LSM be the final arbiter */ |
71 | return security_key_permission(key_ref, context, perm); | 76 | return security_key_permission(key_ref, cred, perm); |
72 | 77 | ||
73 | } /* end key_task_permission() */ | 78 | } /* end key_task_permission() */ |
74 | 79 | ||
diff --git a/security/keys/proc.c b/security/keys/proc.c index f619170da760..7f508def50e3 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
@@ -136,8 +136,12 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
136 | int rc; | 136 | int rc; |
137 | 137 | ||
138 | /* check whether the current task is allowed to view the key (assuming | 138 | /* check whether the current task is allowed to view the key (assuming |
139 | * non-possession) */ | 139 | * non-possession) |
140 | rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW); | 140 | * - the caller holds a spinlock, and thus the RCU read lock, making our |
141 | * access to __current_cred() safe | ||
142 | */ | ||
143 | rc = key_task_permission(make_key_ref(key, 0), current_cred(), | ||
144 | KEY_VIEW); | ||
141 | if (rc < 0) | 145 | if (rc < 0) |
142 | return 0; | 146 | return 0; |
143 | 147 | ||
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 45b240af6dbe..2f5d89e92b85 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -40,13 +40,17 @@ struct key_user root_key_user = { | |||
40 | /* | 40 | /* |
41 | * install user and user session keyrings for a particular UID | 41 | * install user and user session keyrings for a particular UID |
42 | */ | 42 | */ |
43 | int install_user_keyrings(struct task_struct *tsk) | 43 | int install_user_keyrings(void) |
44 | { | 44 | { |
45 | struct user_struct *user = tsk->user; | 45 | struct user_struct *user; |
46 | const struct cred *cred; | ||
46 | struct key *uid_keyring, *session_keyring; | 47 | struct key *uid_keyring, *session_keyring; |
47 | char buf[20]; | 48 | char buf[20]; |
48 | int ret; | 49 | int ret; |
49 | 50 | ||
51 | cred = current_cred(); | ||
52 | user = cred->user; | ||
53 | |||
50 | kenter("%p{%u}", user, user->uid); | 54 | kenter("%p{%u}", user, user->uid); |
51 | 55 | ||
52 | if (user->uid_keyring) { | 56 | if (user->uid_keyring) { |
@@ -67,7 +71,7 @@ int install_user_keyrings(struct task_struct *tsk) | |||
67 | uid_keyring = find_keyring_by_name(buf, true); | 71 | uid_keyring = find_keyring_by_name(buf, true); |
68 | if (IS_ERR(uid_keyring)) { | 72 | if (IS_ERR(uid_keyring)) { |
69 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | 73 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, |
70 | tsk, KEY_ALLOC_IN_QUOTA, | 74 | cred, KEY_ALLOC_IN_QUOTA, |
71 | NULL); | 75 | NULL); |
72 | if (IS_ERR(uid_keyring)) { | 76 | if (IS_ERR(uid_keyring)) { |
73 | ret = PTR_ERR(uid_keyring); | 77 | ret = PTR_ERR(uid_keyring); |
@@ -83,7 +87,7 @@ int install_user_keyrings(struct task_struct *tsk) | |||
83 | if (IS_ERR(session_keyring)) { | 87 | if (IS_ERR(session_keyring)) { |
84 | session_keyring = | 88 | session_keyring = |
85 | keyring_alloc(buf, user->uid, (gid_t) -1, | 89 | keyring_alloc(buf, user->uid, (gid_t) -1, |
86 | tsk, KEY_ALLOC_IN_QUOTA, NULL); | 90 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
87 | if (IS_ERR(session_keyring)) { | 91 | if (IS_ERR(session_keyring)) { |
88 | ret = PTR_ERR(session_keyring); | 92 | ret = PTR_ERR(session_keyring); |
89 | goto error_release; | 93 | goto error_release; |
@@ -115,140 +119,128 @@ error: | |||
115 | return ret; | 119 | return ret; |
116 | } | 120 | } |
117 | 121 | ||
118 | /*****************************************************************************/ | ||
119 | /* | 122 | /* |
120 | * deal with the UID changing | 123 | * install a fresh thread keyring directly to new credentials |
121 | */ | 124 | */ |
122 | void switch_uid_keyring(struct user_struct *new_user) | 125 | int install_thread_keyring_to_cred(struct cred *new) |
123 | { | 126 | { |
124 | #if 0 /* do nothing for now */ | 127 | struct key *keyring; |
125 | struct key *old; | ||
126 | |||
127 | /* switch to the new user's session keyring if we were running under | ||
128 | * root's default session keyring */ | ||
129 | if (new_user->uid != 0 && | ||
130 | current->session_keyring == &root_session_keyring | ||
131 | ) { | ||
132 | atomic_inc(&new_user->session_keyring->usage); | ||
133 | |||
134 | task_lock(current); | ||
135 | old = current->session_keyring; | ||
136 | current->session_keyring = new_user->session_keyring; | ||
137 | task_unlock(current); | ||
138 | 128 | ||
139 | key_put(old); | 129 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
140 | } | 130 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
141 | #endif | 131 | if (IS_ERR(keyring)) |
132 | return PTR_ERR(keyring); | ||
142 | 133 | ||
143 | } /* end switch_uid_keyring() */ | 134 | new->thread_keyring = keyring; |
135 | return 0; | ||
136 | } | ||
144 | 137 | ||
145 | /*****************************************************************************/ | ||
146 | /* | 138 | /* |
147 | * install a fresh thread keyring, discarding the old one | 139 | * install a fresh thread keyring, discarding the old one |
148 | */ | 140 | */ |
149 | int install_thread_keyring(struct task_struct *tsk) | 141 | static int install_thread_keyring(void) |
150 | { | 142 | { |
151 | struct key *keyring, *old; | 143 | struct cred *new; |
152 | char buf[20]; | ||
153 | int ret; | 144 | int ret; |
154 | 145 | ||
155 | sprintf(buf, "_tid.%u", tsk->pid); | 146 | new = prepare_creds(); |
147 | if (!new) | ||
148 | return -ENOMEM; | ||
156 | 149 | ||
157 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | 150 | BUG_ON(new->thread_keyring); |
158 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 151 | |
159 | if (IS_ERR(keyring)) { | 152 | ret = install_thread_keyring_to_cred(new); |
160 | ret = PTR_ERR(keyring); | 153 | if (ret < 0) { |
161 | goto error; | 154 | abort_creds(new); |
155 | return ret; | ||
162 | } | 156 | } |
163 | 157 | ||
164 | task_lock(tsk); | 158 | return commit_creds(new); |
165 | old = tsk->thread_keyring; | 159 | } |
166 | tsk->thread_keyring = keyring; | ||
167 | task_unlock(tsk); | ||
168 | 160 | ||
169 | ret = 0; | 161 | /* |
162 | * install a process keyring directly to a credentials struct | ||
163 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | ||
164 | * and other -ve on any other error | ||
165 | */ | ||
166 | int install_process_keyring_to_cred(struct cred *new) | ||
167 | { | ||
168 | struct key *keyring; | ||
169 | int ret; | ||
170 | 170 | ||
171 | key_put(old); | 171 | if (new->tgcred->process_keyring) |
172 | error: | 172 | return -EEXIST; |
173 | |||
174 | keyring = keyring_alloc("_pid", new->uid, new->gid, | ||
175 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | ||
176 | if (IS_ERR(keyring)) | ||
177 | return PTR_ERR(keyring); | ||
178 | |||
179 | spin_lock_irq(&new->tgcred->lock); | ||
180 | if (!new->tgcred->process_keyring) { | ||
181 | new->tgcred->process_keyring = keyring; | ||
182 | keyring = NULL; | ||
183 | ret = 0; | ||
184 | } else { | ||
185 | ret = -EEXIST; | ||
186 | } | ||
187 | spin_unlock_irq(&new->tgcred->lock); | ||
188 | key_put(keyring); | ||
173 | return ret; | 189 | return ret; |
190 | } | ||
174 | 191 | ||
175 | } /* end install_thread_keyring() */ | ||
176 | |||
177 | /*****************************************************************************/ | ||
178 | /* | 192 | /* |
179 | * make sure a process keyring is installed | 193 | * make sure a process keyring is installed |
194 | * - we | ||
180 | */ | 195 | */ |
181 | int install_process_keyring(struct task_struct *tsk) | 196 | static int install_process_keyring(void) |
182 | { | 197 | { |
183 | struct key *keyring; | 198 | struct cred *new; |
184 | char buf[20]; | ||
185 | int ret; | 199 | int ret; |
186 | 200 | ||
187 | might_sleep(); | 201 | new = prepare_creds(); |
188 | 202 | if (!new) | |
189 | if (!tsk->signal->process_keyring) { | 203 | return -ENOMEM; |
190 | sprintf(buf, "_pid.%u", tsk->tgid); | ||
191 | |||
192 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | ||
193 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | ||
194 | if (IS_ERR(keyring)) { | ||
195 | ret = PTR_ERR(keyring); | ||
196 | goto error; | ||
197 | } | ||
198 | |||
199 | /* attach keyring */ | ||
200 | spin_lock_irq(&tsk->sighand->siglock); | ||
201 | if (!tsk->signal->process_keyring) { | ||
202 | tsk->signal->process_keyring = keyring; | ||
203 | keyring = NULL; | ||
204 | } | ||
205 | spin_unlock_irq(&tsk->sighand->siglock); | ||
206 | 204 | ||
207 | key_put(keyring); | 205 | ret = install_process_keyring_to_cred(new); |
206 | if (ret < 0) { | ||
207 | abort_creds(new); | ||
208 | return ret != -EEXIST ?: 0; | ||
208 | } | 209 | } |
209 | 210 | ||
210 | ret = 0; | 211 | return commit_creds(new); |
211 | error: | 212 | } |
212 | return ret; | ||
213 | |||
214 | } /* end install_process_keyring() */ | ||
215 | 213 | ||
216 | /*****************************************************************************/ | ||
217 | /* | 214 | /* |
218 | * install a session keyring, discarding the old one | 215 | * install a session keyring directly to a credentials struct |
219 | * - if a keyring is not supplied, an empty one is invented | ||
220 | */ | 216 | */ |
221 | static int install_session_keyring(struct task_struct *tsk, | 217 | static int install_session_keyring_to_cred(struct cred *cred, |
222 | struct key *keyring) | 218 | struct key *keyring) |
223 | { | 219 | { |
224 | unsigned long flags; | 220 | unsigned long flags; |
225 | struct key *old; | 221 | struct key *old; |
226 | char buf[20]; | ||
227 | 222 | ||
228 | might_sleep(); | 223 | might_sleep(); |
229 | 224 | ||
230 | /* create an empty session keyring */ | 225 | /* create an empty session keyring */ |
231 | if (!keyring) { | 226 | if (!keyring) { |
232 | sprintf(buf, "_ses.%u", tsk->tgid); | ||
233 | |||
234 | flags = KEY_ALLOC_QUOTA_OVERRUN; | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
235 | if (tsk->signal->session_keyring) | 228 | if (cred->tgcred->session_keyring) |
236 | flags = KEY_ALLOC_IN_QUOTA; | 229 | flags = KEY_ALLOC_IN_QUOTA; |
237 | 230 | ||
238 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | 231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
239 | flags, NULL); | 232 | cred, flags, NULL); |
240 | if (IS_ERR(keyring)) | 233 | if (IS_ERR(keyring)) |
241 | return PTR_ERR(keyring); | 234 | return PTR_ERR(keyring); |
242 | } | 235 | } else { |
243 | else { | ||
244 | atomic_inc(&keyring->usage); | 236 | atomic_inc(&keyring->usage); |
245 | } | 237 | } |
246 | 238 | ||
247 | /* install the keyring */ | 239 | /* install the keyring */ |
248 | spin_lock_irq(&tsk->sighand->siglock); | 240 | spin_lock_irq(&cred->tgcred->lock); |
249 | old = tsk->signal->session_keyring; | 241 | old = cred->tgcred->session_keyring; |
250 | rcu_assign_pointer(tsk->signal->session_keyring, keyring); | 242 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); |
251 | spin_unlock_irq(&tsk->sighand->siglock); | 243 | spin_unlock_irq(&cred->tgcred->lock); |
252 | 244 | ||
253 | /* we're using RCU on the pointer, but there's no point synchronising | 245 | /* we're using RCU on the pointer, but there's no point synchronising |
254 | * on it if it didn't previously point to anything */ | 246 | * on it if it didn't previously point to anything */ |
@@ -258,110 +250,29 @@ static int install_session_keyring(struct task_struct *tsk, | |||
258 | } | 250 | } |
259 | 251 | ||
260 | return 0; | 252 | return 0; |
253 | } | ||
261 | 254 | ||
262 | } /* end install_session_keyring() */ | ||
263 | |||
264 | /*****************************************************************************/ | ||
265 | /* | ||
266 | * copy the keys in a thread group for fork without CLONE_THREAD | ||
267 | */ | ||
268 | int copy_thread_group_keys(struct task_struct *tsk) | ||
269 | { | ||
270 | key_check(current->thread_group->session_keyring); | ||
271 | key_check(current->thread_group->process_keyring); | ||
272 | |||
273 | /* no process keyring yet */ | ||
274 | tsk->signal->process_keyring = NULL; | ||
275 | |||
276 | /* same session keyring */ | ||
277 | rcu_read_lock(); | ||
278 | tsk->signal->session_keyring = | ||
279 | key_get(rcu_dereference(current->signal->session_keyring)); | ||
280 | rcu_read_unlock(); | ||
281 | |||
282 | return 0; | ||
283 | |||
284 | } /* end copy_thread_group_keys() */ | ||
285 | |||
286 | /*****************************************************************************/ | ||
287 | /* | ||
288 | * copy the keys for fork | ||
289 | */ | ||
290 | int copy_keys(unsigned long clone_flags, struct task_struct *tsk) | ||
291 | { | ||
292 | key_check(tsk->thread_keyring); | ||
293 | key_check(tsk->request_key_auth); | ||
294 | |||
295 | /* no thread keyring yet */ | ||
296 | tsk->thread_keyring = NULL; | ||
297 | |||
298 | /* copy the request_key() authorisation for this thread */ | ||
299 | key_get(tsk->request_key_auth); | ||
300 | |||
301 | return 0; | ||
302 | |||
303 | } /* end copy_keys() */ | ||
304 | |||
305 | /*****************************************************************************/ | ||
306 | /* | ||
307 | * dispose of thread group keys upon thread group destruction | ||
308 | */ | ||
309 | void exit_thread_group_keys(struct signal_struct *tg) | ||
310 | { | ||
311 | key_put(tg->session_keyring); | ||
312 | key_put(tg->process_keyring); | ||
313 | |||
314 | } /* end exit_thread_group_keys() */ | ||
315 | |||
316 | /*****************************************************************************/ | ||
317 | /* | ||
318 | * dispose of per-thread keys upon thread exit | ||
319 | */ | ||
320 | void exit_keys(struct task_struct *tsk) | ||
321 | { | ||
322 | key_put(tsk->thread_keyring); | ||
323 | key_put(tsk->request_key_auth); | ||
324 | |||
325 | } /* end exit_keys() */ | ||
326 | |||
327 | /*****************************************************************************/ | ||
328 | /* | 255 | /* |
329 | * deal with execve() | 256 | * install a session keyring, discarding the old one |
257 | * - if a keyring is not supplied, an empty one is invented | ||
330 | */ | 258 | */ |
331 | int exec_keys(struct task_struct *tsk) | 259 | static int install_session_keyring(struct key *keyring) |
332 | { | 260 | { |
333 | struct key *old; | 261 | struct cred *new; |
334 | 262 | int ret; | |
335 | /* newly exec'd tasks don't get a thread keyring */ | ||
336 | task_lock(tsk); | ||
337 | old = tsk->thread_keyring; | ||
338 | tsk->thread_keyring = NULL; | ||
339 | task_unlock(tsk); | ||
340 | |||
341 | key_put(old); | ||
342 | |||
343 | /* discard the process keyring from a newly exec'd task */ | ||
344 | spin_lock_irq(&tsk->sighand->siglock); | ||
345 | old = tsk->signal->process_keyring; | ||
346 | tsk->signal->process_keyring = NULL; | ||
347 | spin_unlock_irq(&tsk->sighand->siglock); | ||
348 | |||
349 | key_put(old); | ||
350 | |||
351 | return 0; | ||
352 | 263 | ||
353 | } /* end exec_keys() */ | 264 | new = prepare_creds(); |
265 | if (!new) | ||
266 | return -ENOMEM; | ||
354 | 267 | ||
355 | /*****************************************************************************/ | 268 | ret = install_session_keyring_to_cred(new, NULL); |
356 | /* | 269 | if (ret < 0) { |
357 | * deal with SUID programs | 270 | abort_creds(new); |
358 | * - we might want to make this invent a new session keyring | 271 | return ret; |
359 | */ | 272 | } |
360 | int suid_keys(struct task_struct *tsk) | ||
361 | { | ||
362 | return 0; | ||
363 | 273 | ||
364 | } /* end suid_keys() */ | 274 | return commit_creds(new); |
275 | } | ||
365 | 276 | ||
366 | /*****************************************************************************/ | 277 | /*****************************************************************************/ |
367 | /* | 278 | /* |
@@ -370,10 +281,11 @@ int suid_keys(struct task_struct *tsk) | |||
370 | void key_fsuid_changed(struct task_struct *tsk) | 281 | void key_fsuid_changed(struct task_struct *tsk) |
371 | { | 282 | { |
372 | /* update the ownership of the thread keyring */ | 283 | /* update the ownership of the thread keyring */ |
373 | if (tsk->thread_keyring) { | 284 | BUG_ON(!tsk->cred); |
374 | down_write(&tsk->thread_keyring->sem); | 285 | if (tsk->cred->thread_keyring) { |
375 | tsk->thread_keyring->uid = tsk->fsuid; | 286 | down_write(&tsk->cred->thread_keyring->sem); |
376 | up_write(&tsk->thread_keyring->sem); | 287 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; |
288 | up_write(&tsk->cred->thread_keyring->sem); | ||
377 | } | 289 | } |
378 | 290 | ||
379 | } /* end key_fsuid_changed() */ | 291 | } /* end key_fsuid_changed() */ |
@@ -385,10 +297,11 @@ void key_fsuid_changed(struct task_struct *tsk) | |||
385 | void key_fsgid_changed(struct task_struct *tsk) | 297 | void key_fsgid_changed(struct task_struct *tsk) |
386 | { | 298 | { |
387 | /* update the ownership of the thread keyring */ | 299 | /* update the ownership of the thread keyring */ |
388 | if (tsk->thread_keyring) { | 300 | BUG_ON(!tsk->cred); |
389 | down_write(&tsk->thread_keyring->sem); | 301 | if (tsk->cred->thread_keyring) { |
390 | tsk->thread_keyring->gid = tsk->fsgid; | 302 | down_write(&tsk->cred->thread_keyring->sem); |
391 | up_write(&tsk->thread_keyring->sem); | 303 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; |
304 | up_write(&tsk->cred->thread_keyring->sem); | ||
392 | } | 305 | } |
393 | 306 | ||
394 | } /* end key_fsgid_changed() */ | 307 | } /* end key_fsgid_changed() */ |
@@ -404,7 +317,7 @@ void key_fsgid_changed(struct task_struct *tsk) | |||
404 | key_ref_t search_process_keyrings(struct key_type *type, | 317 | key_ref_t search_process_keyrings(struct key_type *type, |
405 | const void *description, | 318 | const void *description, |
406 | key_match_func_t match, | 319 | key_match_func_t match, |
407 | struct task_struct *context) | 320 | const struct cred *cred) |
408 | { | 321 | { |
409 | struct request_key_auth *rka; | 322 | struct request_key_auth *rka; |
410 | key_ref_t key_ref, ret, err; | 323 | key_ref_t key_ref, ret, err; |
@@ -423,10 +336,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
423 | err = ERR_PTR(-EAGAIN); | 336 | err = ERR_PTR(-EAGAIN); |
424 | 337 | ||
425 | /* search the thread keyring first */ | 338 | /* search the thread keyring first */ |
426 | if (context->thread_keyring) { | 339 | if (cred->thread_keyring) { |
427 | key_ref = keyring_search_aux( | 340 | key_ref = keyring_search_aux( |
428 | make_key_ref(context->thread_keyring, 1), | 341 | make_key_ref(cred->thread_keyring, 1), |
429 | context, type, description, match); | 342 | cred, type, description, match); |
430 | if (!IS_ERR(key_ref)) | 343 | if (!IS_ERR(key_ref)) |
431 | goto found; | 344 | goto found; |
432 | 345 | ||
@@ -444,10 +357,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
444 | } | 357 | } |
445 | 358 | ||
446 | /* search the process keyring second */ | 359 | /* search the process keyring second */ |
447 | if (context->signal->process_keyring) { | 360 | if (cred->tgcred->process_keyring) { |
448 | key_ref = keyring_search_aux( | 361 | key_ref = keyring_search_aux( |
449 | make_key_ref(context->signal->process_keyring, 1), | 362 | make_key_ref(cred->tgcred->process_keyring, 1), |
450 | context, type, description, match); | 363 | cred, type, description, match); |
451 | if (!IS_ERR(key_ref)) | 364 | if (!IS_ERR(key_ref)) |
452 | goto found; | 365 | goto found; |
453 | 366 | ||
@@ -465,13 +378,13 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
465 | } | 378 | } |
466 | 379 | ||
467 | /* search the session keyring */ | 380 | /* search the session keyring */ |
468 | if (context->signal->session_keyring) { | 381 | if (cred->tgcred->session_keyring) { |
469 | rcu_read_lock(); | 382 | rcu_read_lock(); |
470 | key_ref = keyring_search_aux( | 383 | key_ref = keyring_search_aux( |
471 | make_key_ref(rcu_dereference( | 384 | make_key_ref(rcu_dereference( |
472 | context->signal->session_keyring), | 385 | cred->tgcred->session_keyring), |
473 | 1), | 386 | 1), |
474 | context, type, description, match); | 387 | cred, type, description, match); |
475 | rcu_read_unlock(); | 388 | rcu_read_unlock(); |
476 | 389 | ||
477 | if (!IS_ERR(key_ref)) | 390 | if (!IS_ERR(key_ref)) |
@@ -490,10 +403,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
490 | } | 403 | } |
491 | } | 404 | } |
492 | /* or search the user-session keyring */ | 405 | /* or search the user-session keyring */ |
493 | else if (context->user->session_keyring) { | 406 | else if (cred->user->session_keyring) { |
494 | key_ref = keyring_search_aux( | 407 | key_ref = keyring_search_aux( |
495 | make_key_ref(context->user->session_keyring, 1), | 408 | make_key_ref(cred->user->session_keyring, 1), |
496 | context, type, description, match); | 409 | cred, type, description, match); |
497 | if (!IS_ERR(key_ref)) | 410 | if (!IS_ERR(key_ref)) |
498 | goto found; | 411 | goto found; |
499 | 412 | ||
@@ -514,20 +427,20 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
514 | * search the keyrings of the process mentioned there | 427 | * search the keyrings of the process mentioned there |
515 | * - we don't permit access to request_key auth keys via this method | 428 | * - we don't permit access to request_key auth keys via this method |
516 | */ | 429 | */ |
517 | if (context->request_key_auth && | 430 | if (cred->request_key_auth && |
518 | context == current && | 431 | cred == current_cred() && |
519 | type != &key_type_request_key_auth | 432 | type != &key_type_request_key_auth |
520 | ) { | 433 | ) { |
521 | /* defend against the auth key being revoked */ | 434 | /* defend against the auth key being revoked */ |
522 | down_read(&context->request_key_auth->sem); | 435 | down_read(&cred->request_key_auth->sem); |
523 | 436 | ||
524 | if (key_validate(context->request_key_auth) == 0) { | 437 | if (key_validate(cred->request_key_auth) == 0) { |
525 | rka = context->request_key_auth->payload.data; | 438 | rka = cred->request_key_auth->payload.data; |
526 | 439 | ||
527 | key_ref = search_process_keyrings(type, description, | 440 | key_ref = search_process_keyrings(type, description, |
528 | match, rka->context); | 441 | match, rka->cred); |
529 | 442 | ||
530 | up_read(&context->request_key_auth->sem); | 443 | up_read(&cred->request_key_auth->sem); |
531 | 444 | ||
532 | if (!IS_ERR(key_ref)) | 445 | if (!IS_ERR(key_ref)) |
533 | goto found; | 446 | goto found; |
@@ -544,7 +457,7 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
544 | break; | 457 | break; |
545 | } | 458 | } |
546 | } else { | 459 | } else { |
547 | up_read(&context->request_key_auth->sem); | 460 | up_read(&cred->request_key_auth->sem); |
548 | } | 461 | } |
549 | } | 462 | } |
550 | 463 | ||
@@ -572,93 +485,98 @@ static int lookup_user_key_possessed(const struct key *key, const void *target) | |||
572 | * - don't create special keyrings unless so requested | 485 | * - don't create special keyrings unless so requested |
573 | * - partially constructed keys aren't found unless requested | 486 | * - partially constructed keys aren't found unless requested |
574 | */ | 487 | */ |
575 | key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | 488 | key_ref_t lookup_user_key(key_serial_t id, int create, int partial, |
576 | int create, int partial, key_perm_t perm) | 489 | key_perm_t perm) |
577 | { | 490 | { |
578 | key_ref_t key_ref, skey_ref; | 491 | struct request_key_auth *rka; |
492 | const struct cred *cred; | ||
579 | struct key *key; | 493 | struct key *key; |
494 | key_ref_t key_ref, skey_ref; | ||
580 | int ret; | 495 | int ret; |
581 | 496 | ||
582 | if (!context) | 497 | try_again: |
583 | context = current; | 498 | cred = get_current_cred(); |
584 | |||
585 | key_ref = ERR_PTR(-ENOKEY); | 499 | key_ref = ERR_PTR(-ENOKEY); |
586 | 500 | ||
587 | switch (id) { | 501 | switch (id) { |
588 | case KEY_SPEC_THREAD_KEYRING: | 502 | case KEY_SPEC_THREAD_KEYRING: |
589 | if (!context->thread_keyring) { | 503 | if (!cred->thread_keyring) { |
590 | if (!create) | 504 | if (!create) |
591 | goto error; | 505 | goto error; |
592 | 506 | ||
593 | ret = install_thread_keyring(context); | 507 | ret = install_thread_keyring(); |
594 | if (ret < 0) { | 508 | if (ret < 0) { |
595 | key = ERR_PTR(ret); | 509 | key = ERR_PTR(ret); |
596 | goto error; | 510 | goto error; |
597 | } | 511 | } |
512 | goto reget_creds; | ||
598 | } | 513 | } |
599 | 514 | ||
600 | key = context->thread_keyring; | 515 | key = cred->thread_keyring; |
601 | atomic_inc(&key->usage); | 516 | atomic_inc(&key->usage); |
602 | key_ref = make_key_ref(key, 1); | 517 | key_ref = make_key_ref(key, 1); |
603 | break; | 518 | break; |
604 | 519 | ||
605 | case KEY_SPEC_PROCESS_KEYRING: | 520 | case KEY_SPEC_PROCESS_KEYRING: |
606 | if (!context->signal->process_keyring) { | 521 | if (!cred->tgcred->process_keyring) { |
607 | if (!create) | 522 | if (!create) |
608 | goto error; | 523 | goto error; |
609 | 524 | ||
610 | ret = install_process_keyring(context); | 525 | ret = install_process_keyring(); |
611 | if (ret < 0) { | 526 | if (ret < 0) { |
612 | key = ERR_PTR(ret); | 527 | key = ERR_PTR(ret); |
613 | goto error; | 528 | goto error; |
614 | } | 529 | } |
530 | goto reget_creds; | ||
615 | } | 531 | } |
616 | 532 | ||
617 | key = context->signal->process_keyring; | 533 | key = cred->tgcred->process_keyring; |
618 | atomic_inc(&key->usage); | 534 | atomic_inc(&key->usage); |
619 | key_ref = make_key_ref(key, 1); | 535 | key_ref = make_key_ref(key, 1); |
620 | break; | 536 | break; |
621 | 537 | ||
622 | case KEY_SPEC_SESSION_KEYRING: | 538 | case KEY_SPEC_SESSION_KEYRING: |
623 | if (!context->signal->session_keyring) { | 539 | if (!cred->tgcred->session_keyring) { |
624 | /* always install a session keyring upon access if one | 540 | /* always install a session keyring upon access if one |
625 | * doesn't exist yet */ | 541 | * doesn't exist yet */ |
626 | ret = install_user_keyrings(context); | 542 | ret = install_user_keyrings(); |
627 | if (ret < 0) | 543 | if (ret < 0) |
628 | goto error; | 544 | goto error; |
629 | ret = install_session_keyring( | 545 | ret = install_session_keyring( |
630 | context, context->user->session_keyring); | 546 | cred->user->session_keyring); |
547 | |||
631 | if (ret < 0) | 548 | if (ret < 0) |
632 | goto error; | 549 | goto error; |
550 | goto reget_creds; | ||
633 | } | 551 | } |
634 | 552 | ||
635 | rcu_read_lock(); | 553 | rcu_read_lock(); |
636 | key = rcu_dereference(context->signal->session_keyring); | 554 | key = rcu_dereference(cred->tgcred->session_keyring); |
637 | atomic_inc(&key->usage); | 555 | atomic_inc(&key->usage); |
638 | rcu_read_unlock(); | 556 | rcu_read_unlock(); |
639 | key_ref = make_key_ref(key, 1); | 557 | key_ref = make_key_ref(key, 1); |
640 | break; | 558 | break; |
641 | 559 | ||
642 | case KEY_SPEC_USER_KEYRING: | 560 | case KEY_SPEC_USER_KEYRING: |
643 | if (!context->user->uid_keyring) { | 561 | if (!cred->user->uid_keyring) { |
644 | ret = install_user_keyrings(context); | 562 | ret = install_user_keyrings(); |
645 | if (ret < 0) | 563 | if (ret < 0) |
646 | goto error; | 564 | goto error; |
647 | } | 565 | } |
648 | 566 | ||
649 | key = context->user->uid_keyring; | 567 | key = cred->user->uid_keyring; |
650 | atomic_inc(&key->usage); | 568 | atomic_inc(&key->usage); |
651 | key_ref = make_key_ref(key, 1); | 569 | key_ref = make_key_ref(key, 1); |
652 | break; | 570 | break; |
653 | 571 | ||
654 | case KEY_SPEC_USER_SESSION_KEYRING: | 572 | case KEY_SPEC_USER_SESSION_KEYRING: |
655 | if (!context->user->session_keyring) { | 573 | if (!cred->user->session_keyring) { |
656 | ret = install_user_keyrings(context); | 574 | ret = install_user_keyrings(); |
657 | if (ret < 0) | 575 | if (ret < 0) |
658 | goto error; | 576 | goto error; |
659 | } | 577 | } |
660 | 578 | ||
661 | key = context->user->session_keyring; | 579 | key = cred->user->session_keyring; |
662 | atomic_inc(&key->usage); | 580 | atomic_inc(&key->usage); |
663 | key_ref = make_key_ref(key, 1); | 581 | key_ref = make_key_ref(key, 1); |
664 | break; | 582 | break; |
@@ -669,7 +587,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
669 | goto error; | 587 | goto error; |
670 | 588 | ||
671 | case KEY_SPEC_REQKEY_AUTH_KEY: | 589 | case KEY_SPEC_REQKEY_AUTH_KEY: |
672 | key = context->request_key_auth; | 590 | key = cred->request_key_auth; |
673 | if (!key) | 591 | if (!key) |
674 | goto error; | 592 | goto error; |
675 | 593 | ||
@@ -677,6 +595,25 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
677 | key_ref = make_key_ref(key, 1); | 595 | key_ref = make_key_ref(key, 1); |
678 | break; | 596 | break; |
679 | 597 | ||
598 | case KEY_SPEC_REQUESTOR_KEYRING: | ||
599 | if (!cred->request_key_auth) | ||
600 | goto error; | ||
601 | |||
602 | down_read(&cred->request_key_auth->sem); | ||
603 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { | ||
604 | key_ref = ERR_PTR(-EKEYREVOKED); | ||
605 | key = NULL; | ||
606 | } else { | ||
607 | rka = cred->request_key_auth->payload.data; | ||
608 | key = rka->dest_keyring; | ||
609 | atomic_inc(&key->usage); | ||
610 | } | ||
611 | up_read(&cred->request_key_auth->sem); | ||
612 | if (!key) | ||
613 | goto error; | ||
614 | key_ref = make_key_ref(key, 1); | ||
615 | break; | ||
616 | |||
680 | default: | 617 | default: |
681 | key_ref = ERR_PTR(-EINVAL); | 618 | key_ref = ERR_PTR(-EINVAL); |
682 | if (id < 1) | 619 | if (id < 1) |
@@ -693,7 +630,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
693 | /* check to see if we possess the key */ | 630 | /* check to see if we possess the key */ |
694 | skey_ref = search_process_keyrings(key->type, key, | 631 | skey_ref = search_process_keyrings(key->type, key, |
695 | lookup_user_key_possessed, | 632 | lookup_user_key_possessed, |
696 | current); | 633 | cred); |
697 | 634 | ||
698 | if (!IS_ERR(skey_ref)) { | 635 | if (!IS_ERR(skey_ref)) { |
699 | key_put(key); | 636 | key_put(key); |
@@ -725,11 +662,12 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
725 | goto invalid_key; | 662 | goto invalid_key; |
726 | 663 | ||
727 | /* check the permissions */ | 664 | /* check the permissions */ |
728 | ret = key_task_permission(key_ref, context, perm); | 665 | ret = key_task_permission(key_ref, cred, perm); |
729 | if (ret < 0) | 666 | if (ret < 0) |
730 | goto invalid_key; | 667 | goto invalid_key; |
731 | 668 | ||
732 | error: | 669 | error: |
670 | put_cred(cred); | ||
733 | return key_ref; | 671 | return key_ref; |
734 | 672 | ||
735 | invalid_key: | 673 | invalid_key: |
@@ -737,6 +675,12 @@ invalid_key: | |||
737 | key_ref = ERR_PTR(ret); | 675 | key_ref = ERR_PTR(ret); |
738 | goto error; | 676 | goto error; |
739 | 677 | ||
678 | /* if we attempted to install a keyring, then it may have caused new | ||
679 | * creds to be installed */ | ||
680 | reget_creds: | ||
681 | put_cred(cred); | ||
682 | goto try_again; | ||
683 | |||
740 | } /* end lookup_user_key() */ | 684 | } /* end lookup_user_key() */ |
741 | 685 | ||
742 | /*****************************************************************************/ | 686 | /*****************************************************************************/ |
@@ -748,20 +692,33 @@ invalid_key: | |||
748 | */ | 692 | */ |
749 | long join_session_keyring(const char *name) | 693 | long join_session_keyring(const char *name) |
750 | { | 694 | { |
751 | struct task_struct *tsk = current; | 695 | const struct cred *old; |
696 | struct cred *new; | ||
752 | struct key *keyring; | 697 | struct key *keyring; |
753 | long ret; | 698 | long ret, serial; |
699 | |||
700 | /* only permit this if there's a single thread in the thread group - | ||
701 | * this avoids us having to adjust the creds on all threads and risking | ||
702 | * ENOMEM */ | ||
703 | if (!is_single_threaded(current)) | ||
704 | return -EMLINK; | ||
705 | |||
706 | new = prepare_creds(); | ||
707 | if (!new) | ||
708 | return -ENOMEM; | ||
709 | old = current_cred(); | ||
754 | 710 | ||
755 | /* if no name is provided, install an anonymous keyring */ | 711 | /* if no name is provided, install an anonymous keyring */ |
756 | if (!name) { | 712 | if (!name) { |
757 | ret = install_session_keyring(tsk, NULL); | 713 | ret = install_session_keyring_to_cred(new, NULL); |
758 | if (ret < 0) | 714 | if (ret < 0) |
759 | goto error; | 715 | goto error; |
760 | 716 | ||
761 | rcu_read_lock(); | 717 | serial = new->tgcred->session_keyring->serial; |
762 | ret = rcu_dereference(tsk->signal->session_keyring)->serial; | 718 | ret = commit_creds(new); |
763 | rcu_read_unlock(); | 719 | if (ret == 0) |
764 | goto error; | 720 | ret = serial; |
721 | goto okay; | ||
765 | } | 722 | } |
766 | 723 | ||
767 | /* allow the user to join or create a named keyring */ | 724 | /* allow the user to join or create a named keyring */ |
@@ -771,29 +728,33 @@ long join_session_keyring(const char *name) | |||
771 | keyring = find_keyring_by_name(name, false); | 728 | keyring = find_keyring_by_name(name, false); |
772 | if (PTR_ERR(keyring) == -ENOKEY) { | 729 | if (PTR_ERR(keyring) == -ENOKEY) { |
773 | /* not found - try and create a new one */ | 730 | /* not found - try and create a new one */ |
774 | keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, | 731 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
775 | KEY_ALLOC_IN_QUOTA, NULL); | 732 | KEY_ALLOC_IN_QUOTA, NULL); |
776 | if (IS_ERR(keyring)) { | 733 | if (IS_ERR(keyring)) { |
777 | ret = PTR_ERR(keyring); | 734 | ret = PTR_ERR(keyring); |
778 | goto error2; | 735 | goto error2; |
779 | } | 736 | } |
780 | } | 737 | } else if (IS_ERR(keyring)) { |
781 | else if (IS_ERR(keyring)) { | ||
782 | ret = PTR_ERR(keyring); | 738 | ret = PTR_ERR(keyring); |
783 | goto error2; | 739 | goto error2; |
784 | } | 740 | } |
785 | 741 | ||
786 | /* we've got a keyring - now to install it */ | 742 | /* we've got a keyring - now to install it */ |
787 | ret = install_session_keyring(tsk, keyring); | 743 | ret = install_session_keyring_to_cred(new, keyring); |
788 | if (ret < 0) | 744 | if (ret < 0) |
789 | goto error2; | 745 | goto error2; |
790 | 746 | ||
747 | commit_creds(new); | ||
748 | mutex_unlock(&key_session_mutex); | ||
749 | |||
791 | ret = keyring->serial; | 750 | ret = keyring->serial; |
792 | key_put(keyring); | 751 | key_put(keyring); |
752 | okay: | ||
753 | return ret; | ||
793 | 754 | ||
794 | error2: | 755 | error2: |
795 | mutex_unlock(&key_session_mutex); | 756 | mutex_unlock(&key_session_mutex); |
796 | error: | 757 | error: |
758 | abort_creds(new); | ||
797 | return ret; | 759 | return ret; |
798 | 760 | } | |
799 | } /* end join_session_keyring() */ | ||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index abea08f87fe2..0e04f72ef2d4 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -19,6 +19,8 @@ | |||
19 | #include <linux/slab.h> | 19 | #include <linux/slab.h> |
20 | #include "internal.h" | 20 | #include "internal.h" |
21 | 21 | ||
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
23 | |||
22 | /* | 24 | /* |
23 | * wait_on_bit() sleep function for uninterruptible waiting | 25 | * wait_on_bit() sleep function for uninterruptible waiting |
24 | */ | 26 | */ |
@@ -64,7 +66,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
64 | const char *op, | 66 | const char *op, |
65 | void *aux) | 67 | void *aux) |
66 | { | 68 | { |
67 | struct task_struct *tsk = current; | 69 | const struct cred *cred = current_cred(); |
68 | key_serial_t prkey, sskey; | 70 | key_serial_t prkey, sskey; |
69 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; | 71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
70 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | 72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
@@ -74,15 +76,17 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
74 | 76 | ||
75 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); | 77 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
76 | 78 | ||
77 | ret = install_user_keyrings(tsk); | 79 | ret = install_user_keyrings(); |
78 | if (ret < 0) | 80 | if (ret < 0) |
79 | goto error_alloc; | 81 | goto error_alloc; |
80 | 82 | ||
81 | /* allocate a new session keyring */ | 83 | /* allocate a new session keyring */ |
82 | sprintf(desc, "_req.%u", key->serial); | 84 | sprintf(desc, "_req.%u", key->serial); |
83 | 85 | ||
84 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, | 86 | cred = get_current_cred(); |
87 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | ||
85 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 88 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
89 | put_cred(cred); | ||
86 | if (IS_ERR(keyring)) { | 90 | if (IS_ERR(keyring)) { |
87 | ret = PTR_ERR(keyring); | 91 | ret = PTR_ERR(keyring); |
88 | goto error_alloc; | 92 | goto error_alloc; |
@@ -94,29 +98,24 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
94 | goto error_link; | 98 | goto error_link; |
95 | 99 | ||
96 | /* record the UID and GID */ | 100 | /* record the UID and GID */ |
97 | sprintf(uid_str, "%d", current->fsuid); | 101 | sprintf(uid_str, "%d", cred->fsuid); |
98 | sprintf(gid_str, "%d", current->fsgid); | 102 | sprintf(gid_str, "%d", cred->fsgid); |
99 | 103 | ||
100 | /* we say which key is under construction */ | 104 | /* we say which key is under construction */ |
101 | sprintf(key_str, "%d", key->serial); | 105 | sprintf(key_str, "%d", key->serial); |
102 | 106 | ||
103 | /* we specify the process's default keyrings */ | 107 | /* we specify the process's default keyrings */ |
104 | sprintf(keyring_str[0], "%d", | 108 | sprintf(keyring_str[0], "%d", |
105 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | 109 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
106 | 110 | ||
107 | prkey = 0; | 111 | prkey = 0; |
108 | if (tsk->signal->process_keyring) | 112 | if (cred->tgcred->process_keyring) |
109 | prkey = tsk->signal->process_keyring->serial; | 113 | prkey = cred->tgcred->process_keyring->serial; |
110 | |||
111 | sprintf(keyring_str[1], "%d", prkey); | ||
112 | 114 | ||
113 | if (tsk->signal->session_keyring) { | 115 | if (cred->tgcred->session_keyring) |
114 | rcu_read_lock(); | 116 | sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; |
115 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | 117 | else |
116 | rcu_read_unlock(); | 118 | sskey = cred->user->session_keyring->serial; |
117 | } else { | ||
118 | sskey = tsk->user->session_keyring->serial; | ||
119 | } | ||
120 | 119 | ||
121 | sprintf(keyring_str[2], "%d", sskey); | 120 | sprintf(keyring_str[2], "%d", sskey); |
122 | 121 | ||
@@ -157,8 +156,8 @@ error_link: | |||
157 | key_put(keyring); | 156 | key_put(keyring); |
158 | 157 | ||
159 | error_alloc: | 158 | error_alloc: |
160 | kleave(" = %d", ret); | ||
161 | complete_request_key(cons, ret); | 159 | complete_request_key(cons, ret); |
160 | kleave(" = %d", ret); | ||
162 | return ret; | 161 | return ret; |
163 | } | 162 | } |
164 | 163 | ||
@@ -167,7 +166,8 @@ error_alloc: | |||
167 | * - we ignore program failure and go on key status instead | 166 | * - we ignore program failure and go on key status instead |
168 | */ | 167 | */ |
169 | static int construct_key(struct key *key, const void *callout_info, | 168 | static int construct_key(struct key *key, const void *callout_info, |
170 | size_t callout_len, void *aux) | 169 | size_t callout_len, void *aux, |
170 | struct key *dest_keyring) | ||
171 | { | 171 | { |
172 | struct key_construction *cons; | 172 | struct key_construction *cons; |
173 | request_key_actor_t actor; | 173 | request_key_actor_t actor; |
@@ -181,7 +181,8 @@ static int construct_key(struct key *key, const void *callout_info, | |||
181 | return -ENOMEM; | 181 | return -ENOMEM; |
182 | 182 | ||
183 | /* allocate an authorisation key */ | 183 | /* allocate an authorisation key */ |
184 | authkey = request_key_auth_new(key, callout_info, callout_len); | 184 | authkey = request_key_auth_new(key, callout_info, callout_len, |
185 | dest_keyring); | ||
185 | if (IS_ERR(authkey)) { | 186 | if (IS_ERR(authkey)) { |
186 | kfree(cons); | 187 | kfree(cons); |
187 | ret = PTR_ERR(authkey); | 188 | ret = PTR_ERR(authkey); |
@@ -209,46 +210,67 @@ static int construct_key(struct key *key, const void *callout_info, | |||
209 | } | 210 | } |
210 | 211 | ||
211 | /* | 212 | /* |
212 | * link a key to the appropriate destination keyring | 213 | * get the appropriate destination keyring for the request |
213 | * - the caller must hold a write lock on the destination keyring | 214 | * - we return whatever keyring we select with an extra reference upon it which |
215 | * the caller must release | ||
214 | */ | 216 | */ |
215 | static void construct_key_make_link(struct key *key, struct key *dest_keyring) | 217 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
216 | { | 218 | { |
217 | struct task_struct *tsk = current; | 219 | struct request_key_auth *rka; |
218 | struct key *drop = NULL; | 220 | const struct cred *cred = current_cred(); |
221 | struct key *dest_keyring = *_dest_keyring, *authkey; | ||
219 | 222 | ||
220 | kenter("{%d},%p", key->serial, dest_keyring); | 223 | kenter("%p", dest_keyring); |
221 | 224 | ||
222 | /* find the appropriate keyring */ | 225 | /* find the appropriate keyring */ |
223 | if (!dest_keyring) { | 226 | if (dest_keyring) { |
224 | switch (tsk->jit_keyring) { | 227 | /* the caller supplied one */ |
228 | key_get(dest_keyring); | ||
229 | } else { | ||
230 | /* use a default keyring; falling through the cases until we | ||
231 | * find one that we actually have */ | ||
232 | switch (cred->jit_keyring) { | ||
225 | case KEY_REQKEY_DEFL_DEFAULT: | 233 | case KEY_REQKEY_DEFL_DEFAULT: |
234 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: | ||
235 | if (cred->request_key_auth) { | ||
236 | authkey = cred->request_key_auth; | ||
237 | down_read(&authkey->sem); | ||
238 | rka = authkey->payload.data; | ||
239 | if (!test_bit(KEY_FLAG_REVOKED, | ||
240 | &authkey->flags)) | ||
241 | dest_keyring = | ||
242 | key_get(rka->dest_keyring); | ||
243 | up_read(&authkey->sem); | ||
244 | if (dest_keyring) | ||
245 | break; | ||
246 | } | ||
247 | |||
226 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | 248 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
227 | dest_keyring = tsk->thread_keyring; | 249 | dest_keyring = key_get(cred->thread_keyring); |
228 | if (dest_keyring) | 250 | if (dest_keyring) |
229 | break; | 251 | break; |
230 | 252 | ||
231 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 253 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
232 | dest_keyring = tsk->signal->process_keyring; | 254 | dest_keyring = key_get(cred->tgcred->process_keyring); |
233 | if (dest_keyring) | 255 | if (dest_keyring) |
234 | break; | 256 | break; |
235 | 257 | ||
236 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 258 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
237 | rcu_read_lock(); | 259 | rcu_read_lock(); |
238 | dest_keyring = key_get( | 260 | dest_keyring = key_get( |
239 | rcu_dereference(tsk->signal->session_keyring)); | 261 | rcu_dereference(cred->tgcred->session_keyring)); |
240 | rcu_read_unlock(); | 262 | rcu_read_unlock(); |
241 | drop = dest_keyring; | ||
242 | 263 | ||
243 | if (dest_keyring) | 264 | if (dest_keyring) |
244 | break; | 265 | break; |
245 | 266 | ||
246 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 267 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
247 | dest_keyring = tsk->user->session_keyring; | 268 | dest_keyring = |
269 | key_get(cred->user->session_keyring); | ||
248 | break; | 270 | break; |
249 | 271 | ||
250 | case KEY_REQKEY_DEFL_USER_KEYRING: | 272 | case KEY_REQKEY_DEFL_USER_KEYRING: |
251 | dest_keyring = tsk->user->uid_keyring; | 273 | dest_keyring = key_get(cred->user->uid_keyring); |
252 | break; | 274 | break; |
253 | 275 | ||
254 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 276 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
@@ -257,10 +279,9 @@ static void construct_key_make_link(struct key *key, struct key *dest_keyring) | |||
257 | } | 279 | } |
258 | } | 280 | } |
259 | 281 | ||
260 | /* and attach the key to it */ | 282 | *_dest_keyring = dest_keyring; |
261 | __key_link(dest_keyring, key); | 283 | kleave(" [dk %d]", key_serial(dest_keyring)); |
262 | key_put(drop); | 284 | return; |
263 | kleave(""); | ||
264 | } | 285 | } |
265 | 286 | ||
266 | /* | 287 | /* |
@@ -275,6 +296,7 @@ static int construct_alloc_key(struct key_type *type, | |||
275 | struct key_user *user, | 296 | struct key_user *user, |
276 | struct key **_key) | 297 | struct key **_key) |
277 | { | 298 | { |
299 | const struct cred *cred = current_cred(); | ||
278 | struct key *key; | 300 | struct key *key; |
279 | key_ref_t key_ref; | 301 | key_ref_t key_ref; |
280 | 302 | ||
@@ -282,33 +304,28 @@ static int construct_alloc_key(struct key_type *type, | |||
282 | 304 | ||
283 | mutex_lock(&user->cons_lock); | 305 | mutex_lock(&user->cons_lock); |
284 | 306 | ||
285 | key = key_alloc(type, description, | 307 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
286 | current->fsuid, current->fsgid, current, KEY_POS_ALL, | 308 | KEY_POS_ALL, flags); |
287 | flags); | ||
288 | if (IS_ERR(key)) | 309 | if (IS_ERR(key)) |
289 | goto alloc_failed; | 310 | goto alloc_failed; |
290 | 311 | ||
291 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | 312 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
292 | 313 | ||
293 | if (dest_keyring) | 314 | down_write(&dest_keyring->sem); |
294 | down_write(&dest_keyring->sem); | ||
295 | 315 | ||
296 | /* attach the key to the destination keyring under lock, but we do need | 316 | /* attach the key to the destination keyring under lock, but we do need |
297 | * to do another check just in case someone beat us to it whilst we | 317 | * to do another check just in case someone beat us to it whilst we |
298 | * waited for locks */ | 318 | * waited for locks */ |
299 | mutex_lock(&key_construction_mutex); | 319 | mutex_lock(&key_construction_mutex); |
300 | 320 | ||
301 | key_ref = search_process_keyrings(type, description, type->match, | 321 | key_ref = search_process_keyrings(type, description, type->match, cred); |
302 | current); | ||
303 | if (!IS_ERR(key_ref)) | 322 | if (!IS_ERR(key_ref)) |
304 | goto key_already_present; | 323 | goto key_already_present; |
305 | 324 | ||
306 | if (dest_keyring) | 325 | __key_link(dest_keyring, key); |
307 | construct_key_make_link(key, dest_keyring); | ||
308 | 326 | ||
309 | mutex_unlock(&key_construction_mutex); | 327 | mutex_unlock(&key_construction_mutex); |
310 | if (dest_keyring) | 328 | up_write(&dest_keyring->sem); |
311 | up_write(&dest_keyring->sem); | ||
312 | mutex_unlock(&user->cons_lock); | 329 | mutex_unlock(&user->cons_lock); |
313 | *_key = key; | 330 | *_key = key; |
314 | kleave(" = 0 [%d]", key_serial(key)); | 331 | kleave(" = 0 [%d]", key_serial(key)); |
@@ -346,25 +363,36 @@ static struct key *construct_key_and_link(struct key_type *type, | |||
346 | struct key *key; | 363 | struct key *key; |
347 | int ret; | 364 | int ret; |
348 | 365 | ||
349 | user = key_user_lookup(current->fsuid); | 366 | kenter(""); |
367 | |||
368 | user = key_user_lookup(current_fsuid()); | ||
350 | if (!user) | 369 | if (!user) |
351 | return ERR_PTR(-ENOMEM); | 370 | return ERR_PTR(-ENOMEM); |
352 | 371 | ||
372 | construct_get_dest_keyring(&dest_keyring); | ||
373 | |||
353 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, | 374 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
354 | &key); | 375 | &key); |
355 | key_user_put(user); | 376 | key_user_put(user); |
356 | 377 | ||
357 | if (ret == 0) { | 378 | if (ret == 0) { |
358 | ret = construct_key(key, callout_info, callout_len, aux); | 379 | ret = construct_key(key, callout_info, callout_len, aux, |
359 | if (ret < 0) | 380 | dest_keyring); |
381 | if (ret < 0) { | ||
382 | kdebug("cons failed"); | ||
360 | goto construction_failed; | 383 | goto construction_failed; |
384 | } | ||
361 | } | 385 | } |
362 | 386 | ||
387 | key_put(dest_keyring); | ||
388 | kleave(" = key %d", key_serial(key)); | ||
363 | return key; | 389 | return key; |
364 | 390 | ||
365 | construction_failed: | 391 | construction_failed: |
366 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | 392 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); |
367 | key_put(key); | 393 | key_put(key); |
394 | key_put(dest_keyring); | ||
395 | kleave(" = %d", ret); | ||
368 | return ERR_PTR(ret); | 396 | return ERR_PTR(ret); |
369 | } | 397 | } |
370 | 398 | ||
@@ -383,6 +411,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
383 | struct key *dest_keyring, | 411 | struct key *dest_keyring, |
384 | unsigned long flags) | 412 | unsigned long flags) |
385 | { | 413 | { |
414 | const struct cred *cred = current_cred(); | ||
386 | struct key *key; | 415 | struct key *key; |
387 | key_ref_t key_ref; | 416 | key_ref_t key_ref; |
388 | 417 | ||
@@ -392,7 +421,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
392 | 421 | ||
393 | /* search all the process keyrings for a key */ | 422 | /* search all the process keyrings for a key */ |
394 | key_ref = search_process_keyrings(type, description, type->match, | 423 | key_ref = search_process_keyrings(type, description, type->match, |
395 | current); | 424 | cred); |
396 | 425 | ||
397 | if (!IS_ERR(key_ref)) { | 426 | if (!IS_ERR(key_ref)) { |
398 | key = key_ref_to_ptr(key_ref); | 427 | key = key_ref_to_ptr(key_ref); |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index bd237b0a6331..86747151ee5b 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key) | |||
105 | 105 | ||
106 | kenter("{%d}", key->serial); | 106 | kenter("{%d}", key->serial); |
107 | 107 | ||
108 | if (rka->context) { | 108 | if (rka->cred) { |
109 | put_task_struct(rka->context); | 109 | put_cred(rka->cred); |
110 | rka->context = NULL; | 110 | rka->cred = NULL; |
111 | } | 111 | } |
112 | 112 | ||
113 | } /* end request_key_auth_revoke() */ | 113 | } /* end request_key_auth_revoke() */ |
@@ -122,12 +122,13 @@ static void request_key_auth_destroy(struct key *key) | |||
122 | 122 | ||
123 | kenter("{%d}", key->serial); | 123 | kenter("{%d}", key->serial); |
124 | 124 | ||
125 | if (rka->context) { | 125 | if (rka->cred) { |
126 | put_task_struct(rka->context); | 126 | put_cred(rka->cred); |
127 | rka->context = NULL; | 127 | rka->cred = NULL; |
128 | } | 128 | } |
129 | 129 | ||
130 | key_put(rka->target_key); | 130 | key_put(rka->target_key); |
131 | key_put(rka->dest_keyring); | ||
131 | kfree(rka->callout_info); | 132 | kfree(rka->callout_info); |
132 | kfree(rka); | 133 | kfree(rka); |
133 | 134 | ||
@@ -139,9 +140,10 @@ static void request_key_auth_destroy(struct key *key) | |||
139 | * access to the caller's security data | 140 | * access to the caller's security data |
140 | */ | 141 | */ |
141 | struct key *request_key_auth_new(struct key *target, const void *callout_info, | 142 | struct key *request_key_auth_new(struct key *target, const void *callout_info, |
142 | size_t callout_len) | 143 | size_t callout_len, struct key *dest_keyring) |
143 | { | 144 | { |
144 | struct request_key_auth *rka, *irka; | 145 | struct request_key_auth *rka, *irka; |
146 | const struct cred *cred = current->cred; | ||
145 | struct key *authkey = NULL; | 147 | struct key *authkey = NULL; |
146 | char desc[20]; | 148 | char desc[20]; |
147 | int ret; | 149 | int ret; |
@@ -163,31 +165,29 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
163 | 165 | ||
164 | /* see if the calling process is already servicing the key request of | 166 | /* see if the calling process is already servicing the key request of |
165 | * another process */ | 167 | * another process */ |
166 | if (current->request_key_auth) { | 168 | if (cred->request_key_auth) { |
167 | /* it is - use that instantiation context here too */ | 169 | /* it is - use that instantiation context here too */ |
168 | down_read(¤t->request_key_auth->sem); | 170 | down_read(&cred->request_key_auth->sem); |
169 | 171 | ||
170 | /* if the auth key has been revoked, then the key we're | 172 | /* if the auth key has been revoked, then the key we're |
171 | * servicing is already instantiated */ | 173 | * servicing is already instantiated */ |
172 | if (test_bit(KEY_FLAG_REVOKED, | 174 | if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) |
173 | ¤t->request_key_auth->flags)) | ||
174 | goto auth_key_revoked; | 175 | goto auth_key_revoked; |
175 | 176 | ||
176 | irka = current->request_key_auth->payload.data; | 177 | irka = cred->request_key_auth->payload.data; |
177 | rka->context = irka->context; | 178 | rka->cred = get_cred(irka->cred); |
178 | rka->pid = irka->pid; | 179 | rka->pid = irka->pid; |
179 | get_task_struct(rka->context); | ||
180 | 180 | ||
181 | up_read(¤t->request_key_auth->sem); | 181 | up_read(&cred->request_key_auth->sem); |
182 | } | 182 | } |
183 | else { | 183 | else { |
184 | /* it isn't - use this process as the context */ | 184 | /* it isn't - use this process as the context */ |
185 | rka->context = current; | 185 | rka->cred = get_cred(cred); |
186 | rka->pid = current->pid; | 186 | rka->pid = current->pid; |
187 | get_task_struct(rka->context); | ||
188 | } | 187 | } |
189 | 188 | ||
190 | rka->target_key = key_get(target); | 189 | rka->target_key = key_get(target); |
190 | rka->dest_keyring = key_get(dest_keyring); | ||
191 | memcpy(rka->callout_info, callout_info, callout_len); | 191 | memcpy(rka->callout_info, callout_info, callout_len); |
192 | rka->callout_len = callout_len; | 192 | rka->callout_len = callout_len; |
193 | 193 | ||
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
195 | sprintf(desc, "%x", target->serial); | 195 | sprintf(desc, "%x", target->serial); |
196 | 196 | ||
197 | authkey = key_alloc(&key_type_request_key_auth, desc, | 197 | authkey = key_alloc(&key_type_request_key_auth, desc, |
198 | current->fsuid, current->fsgid, current, | 198 | cred->fsuid, cred->fsgid, cred, |
199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | | 199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | |
200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); | 200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); |
201 | if (IS_ERR(authkey)) { | 201 | if (IS_ERR(authkey)) { |
@@ -203,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
203 | goto error_alloc; | 203 | goto error_alloc; |
204 | } | 204 | } |
205 | 205 | ||
206 | /* construct and attach to the keyring */ | 206 | /* construct the auth key */ |
207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); | 207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); |
208 | if (ret < 0) | 208 | if (ret < 0) |
209 | goto error_inst; | 209 | goto error_inst; |
210 | 210 | ||
211 | kleave(" = {%d}", authkey->serial); | 211 | kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage)); |
212 | return authkey; | 212 | return authkey; |
213 | 213 | ||
214 | auth_key_revoked: | 214 | auth_key_revoked: |
215 | up_read(¤t->request_key_auth->sem); | 215 | up_read(&cred->request_key_auth->sem); |
216 | kfree(rka->callout_info); | 216 | kfree(rka->callout_info); |
217 | kfree(rka); | 217 | kfree(rka); |
218 | kleave("= -EKEYREVOKED"); | 218 | kleave("= -EKEYREVOKED"); |
@@ -223,6 +223,7 @@ error_inst: | |||
223 | key_put(authkey); | 223 | key_put(authkey); |
224 | error_alloc: | 224 | error_alloc: |
225 | key_put(rka->target_key); | 225 | key_put(rka->target_key); |
226 | key_put(rka->dest_keyring); | ||
226 | kfree(rka->callout_info); | 227 | kfree(rka->callout_info); |
227 | kfree(rka); | 228 | kfree(rka); |
228 | kleave("= %d", ret); | 229 | kleave("= %d", ret); |
@@ -254,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key, | |||
254 | */ | 255 | */ |
255 | struct key *key_get_instantiation_authkey(key_serial_t target_id) | 256 | struct key *key_get_instantiation_authkey(key_serial_t target_id) |
256 | { | 257 | { |
258 | const struct cred *cred = current_cred(); | ||
257 | struct key *authkey; | 259 | struct key *authkey; |
258 | key_ref_t authkey_ref; | 260 | key_ref_t authkey_ref; |
259 | 261 | ||
@@ -261,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) | |||
261 | &key_type_request_key_auth, | 263 | &key_type_request_key_auth, |
262 | (void *) (unsigned long) target_id, | 264 | (void *) (unsigned long) target_id, |
263 | key_get_instantiation_authkey_match, | 265 | key_get_instantiation_authkey_match, |
264 | current); | 266 | cred); |
265 | 267 | ||
266 | if (IS_ERR(authkey_ref)) { | 268 | if (IS_ERR(authkey_ref)) { |
267 | authkey = ERR_CAST(authkey_ref); | 269 | authkey = ERR_CAST(authkey_ref); |
diff --git a/security/root_plug.c b/security/root_plug.c index c3f68b5b372d..40fb4f15e27b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -55,9 +55,9 @@ static int rootplug_bprm_check_security (struct linux_binprm *bprm) | |||
55 | struct usb_device *dev; | 55 | struct usb_device *dev; |
56 | 56 | ||
57 | root_dbg("file %s, e_uid = %d, e_gid = %d\n", | 57 | root_dbg("file %s, e_uid = %d, e_gid = %d\n", |
58 | bprm->filename, bprm->e_uid, bprm->e_gid); | 58 | bprm->filename, bprm->cred->euid, bprm->cred->egid); |
59 | 59 | ||
60 | if (bprm->e_gid == 0) { | 60 | if (bprm->cred->egid == 0) { |
61 | dev = usb_find_device(vendor_id, product_id); | 61 | dev = usb_find_device(vendor_id, product_id); |
62 | if (!dev) { | 62 | if (!dev) { |
63 | root_dbg("e_gid = 0, and device not found, " | 63 | root_dbg("e_gid = 0, and device not found, " |
@@ -75,15 +75,12 @@ static struct security_operations rootplug_security_ops = { | |||
75 | .ptrace_may_access = cap_ptrace_may_access, | 75 | .ptrace_may_access = cap_ptrace_may_access, |
76 | .ptrace_traceme = cap_ptrace_traceme, | 76 | .ptrace_traceme = cap_ptrace_traceme, |
77 | .capget = cap_capget, | 77 | .capget = cap_capget, |
78 | .capset_check = cap_capset_check, | 78 | .capset = cap_capset, |
79 | .capset_set = cap_capset_set, | ||
80 | .capable = cap_capable, | 79 | .capable = cap_capable, |
81 | 80 | ||
82 | .bprm_apply_creds = cap_bprm_apply_creds, | 81 | .bprm_set_creds = cap_bprm_set_creds, |
83 | .bprm_set_security = cap_bprm_set_security, | ||
84 | 82 | ||
85 | .task_post_setuid = cap_task_post_setuid, | 83 | .task_fix_setuid = cap_task_fix_setuid, |
86 | .task_reparent_to_init = cap_task_reparent_to_init, | ||
87 | .task_prctl = cap_task_prctl, | 84 | .task_prctl = cap_task_prctl, |
88 | 85 | ||
89 | .bprm_check_security = rootplug_bprm_check_security, | 86 | .bprm_check_security = rootplug_bprm_check_security, |
diff --git a/security/security.c b/security/security.c index c0acfa7177e5..f0d96a6cc4e9 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -145,25 +145,23 @@ int security_capget(struct task_struct *target, | |||
145 | return security_ops->capget(target, effective, inheritable, permitted); | 145 | return security_ops->capget(target, effective, inheritable, permitted); |
146 | } | 146 | } |
147 | 147 | ||
148 | int security_capset_check(struct task_struct *target, | 148 | int security_capset(struct cred *new, const struct cred *old, |
149 | kernel_cap_t *effective, | 149 | const kernel_cap_t *effective, |
150 | kernel_cap_t *inheritable, | 150 | const kernel_cap_t *inheritable, |
151 | kernel_cap_t *permitted) | 151 | const kernel_cap_t *permitted) |
152 | { | 152 | { |
153 | return security_ops->capset_check(target, effective, inheritable, permitted); | 153 | return security_ops->capset(new, old, |
154 | effective, inheritable, permitted); | ||
154 | } | 155 | } |
155 | 156 | ||
156 | void security_capset_set(struct task_struct *target, | 157 | int security_capable(struct task_struct *tsk, int cap) |
157 | kernel_cap_t *effective, | ||
158 | kernel_cap_t *inheritable, | ||
159 | kernel_cap_t *permitted) | ||
160 | { | 158 | { |
161 | security_ops->capset_set(target, effective, inheritable, permitted); | 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); |
162 | } | 160 | } |
163 | 161 | ||
164 | int security_capable(struct task_struct *tsk, int cap) | 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) |
165 | { | 163 | { |
166 | return security_ops->capable(tsk, cap); | 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
167 | } | 165 | } |
168 | 166 | ||
169 | int security_acct(struct file *file) | 167 | int security_acct(struct file *file) |
@@ -215,34 +213,24 @@ int security_vm_enough_memory_kern(long pages) | |||
215 | return security_ops->vm_enough_memory(current->mm, pages); | 213 | return security_ops->vm_enough_memory(current->mm, pages); |
216 | } | 214 | } |
217 | 215 | ||
218 | int security_bprm_alloc(struct linux_binprm *bprm) | 216 | int security_bprm_set_creds(struct linux_binprm *bprm) |
219 | { | ||
220 | return security_ops->bprm_alloc_security(bprm); | ||
221 | } | ||
222 | |||
223 | void security_bprm_free(struct linux_binprm *bprm) | ||
224 | { | ||
225 | security_ops->bprm_free_security(bprm); | ||
226 | } | ||
227 | |||
228 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
229 | { | 217 | { |
230 | security_ops->bprm_apply_creds(bprm, unsafe); | 218 | return security_ops->bprm_set_creds(bprm); |
231 | } | 219 | } |
232 | 220 | ||
233 | void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 221 | int security_bprm_check(struct linux_binprm *bprm) |
234 | { | 222 | { |
235 | security_ops->bprm_post_apply_creds(bprm); | 223 | return security_ops->bprm_check_security(bprm); |
236 | } | 224 | } |
237 | 225 | ||
238 | int security_bprm_set(struct linux_binprm *bprm) | 226 | void security_bprm_committing_creds(struct linux_binprm *bprm) |
239 | { | 227 | { |
240 | return security_ops->bprm_set_security(bprm); | 228 | security_ops->bprm_committing_creds(bprm); |
241 | } | 229 | } |
242 | 230 | ||
243 | int security_bprm_check(struct linux_binprm *bprm) | 231 | void security_bprm_committed_creds(struct linux_binprm *bprm) |
244 | { | 232 | { |
245 | return security_ops->bprm_check_security(bprm); | 233 | security_ops->bprm_committed_creds(bprm); |
246 | } | 234 | } |
247 | 235 | ||
248 | int security_bprm_secureexec(struct linux_binprm *bprm) | 236 | int security_bprm_secureexec(struct linux_binprm *bprm) |
@@ -603,9 +591,9 @@ int security_file_receive(struct file *file) | |||
603 | return security_ops->file_receive(file); | 591 | return security_ops->file_receive(file); |
604 | } | 592 | } |
605 | 593 | ||
606 | int security_dentry_open(struct file *file) | 594 | int security_dentry_open(struct file *file, const struct cred *cred) |
607 | { | 595 | { |
608 | return security_ops->dentry_open(file); | 596 | return security_ops->dentry_open(file, cred); |
609 | } | 597 | } |
610 | 598 | ||
611 | int security_task_create(unsigned long clone_flags) | 599 | int security_task_create(unsigned long clone_flags) |
@@ -613,14 +601,29 @@ int security_task_create(unsigned long clone_flags) | |||
613 | return security_ops->task_create(clone_flags); | 601 | return security_ops->task_create(clone_flags); |
614 | } | 602 | } |
615 | 603 | ||
616 | int security_task_alloc(struct task_struct *p) | 604 | void security_cred_free(struct cred *cred) |
617 | { | 605 | { |
618 | return security_ops->task_alloc_security(p); | 606 | security_ops->cred_free(cred); |
619 | } | 607 | } |
620 | 608 | ||
621 | void security_task_free(struct task_struct *p) | 609 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) |
622 | { | 610 | { |
623 | security_ops->task_free_security(p); | 611 | return security_ops->cred_prepare(new, old, gfp); |
612 | } | ||
613 | |||
614 | void security_commit_creds(struct cred *new, const struct cred *old) | ||
615 | { | ||
616 | security_ops->cred_commit(new, old); | ||
617 | } | ||
618 | |||
619 | int security_kernel_act_as(struct cred *new, u32 secid) | ||
620 | { | ||
621 | return security_ops->kernel_act_as(new, secid); | ||
622 | } | ||
623 | |||
624 | int security_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
625 | { | ||
626 | return security_ops->kernel_create_files_as(new, inode); | ||
624 | } | 627 | } |
625 | 628 | ||
626 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 629 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -628,10 +631,10 @@ int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |||
628 | return security_ops->task_setuid(id0, id1, id2, flags); | 631 | return security_ops->task_setuid(id0, id1, id2, flags); |
629 | } | 632 | } |
630 | 633 | ||
631 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 634 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
632 | uid_t old_suid, int flags) | 635 | int flags) |
633 | { | 636 | { |
634 | return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, flags); | 637 | return security_ops->task_fix_setuid(new, old, flags); |
635 | } | 638 | } |
636 | 639 | ||
637 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 640 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
@@ -713,14 +716,9 @@ int security_task_wait(struct task_struct *p) | |||
713 | } | 716 | } |
714 | 717 | ||
715 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 718 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
716 | unsigned long arg4, unsigned long arg5, long *rc_p) | 719 | unsigned long arg4, unsigned long arg5) |
717 | { | ||
718 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); | ||
719 | } | ||
720 | |||
721 | void security_task_reparent_to_init(struct task_struct *p) | ||
722 | { | 720 | { |
723 | security_ops->task_reparent_to_init(p); | 721 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
724 | } | 722 | } |
725 | 723 | ||
726 | void security_task_to_inode(struct task_struct *p, struct inode *inode) | 724 | void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -1120,9 +1118,10 @@ EXPORT_SYMBOL(security_skb_classify_flow); | |||
1120 | 1118 | ||
1121 | #ifdef CONFIG_KEYS | 1119 | #ifdef CONFIG_KEYS |
1122 | 1120 | ||
1123 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags) | 1121 | int security_key_alloc(struct key *key, const struct cred *cred, |
1122 | unsigned long flags) | ||
1124 | { | 1123 | { |
1125 | return security_ops->key_alloc(key, tsk, flags); | 1124 | return security_ops->key_alloc(key, cred, flags); |
1126 | } | 1125 | } |
1127 | 1126 | ||
1128 | void security_key_free(struct key *key) | 1127 | void security_key_free(struct key *key) |
@@ -1131,9 +1130,9 @@ void security_key_free(struct key *key) | |||
1131 | } | 1130 | } |
1132 | 1131 | ||
1133 | int security_key_permission(key_ref_t key_ref, | 1132 | int security_key_permission(key_ref_t key_ref, |
1134 | struct task_struct *context, key_perm_t perm) | 1133 | const struct cred *cred, key_perm_t perm) |
1135 | { | 1134 | { |
1136 | return security_ops->key_permission(key_ref, context, perm); | 1135 | return security_ops->key_permission(key_ref, cred, perm); |
1137 | } | 1136 | } |
1138 | 1137 | ||
1139 | int security_key_getsecurity(struct key *key, char **_buffer) | 1138 | int security_key_getsecurity(struct key *key, char **_buffer) |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index 64af2d3409ef..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
40 | { | 40 | { |
41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
42 | struct task_security_struct *tsec = current->security; | 42 | const struct task_security_struct *__tsec; |
43 | u32 tsid; | ||
43 | 44 | ||
44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
46 | } | 50 | } |
47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f85597a4d733..520f82ab3fbf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -156,33 +156,62 @@ static int selinux_secmark_enabled(void) | |||
156 | return (atomic_read(&selinux_secmark_refcount) > 0); | 156 | return (atomic_read(&selinux_secmark_refcount) > 0); |
157 | } | 157 | } |
158 | 158 | ||
159 | /* Allocate and free functions for each kind of security blob. */ | 159 | /* |
160 | 160 | * initialise the security for the init task | |
161 | static int task_alloc_security(struct task_struct *task) | 161 | */ |
162 | static void cred_init_security(void) | ||
162 | { | 163 | { |
164 | struct cred *cred = (struct cred *) current->real_cred; | ||
163 | struct task_security_struct *tsec; | 165 | struct task_security_struct *tsec; |
164 | 166 | ||
165 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 167 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); |
166 | if (!tsec) | 168 | if (!tsec) |
167 | return -ENOMEM; | 169 | panic("SELinux: Failed to initialize initial task.\n"); |
168 | 170 | ||
169 | tsec->osid = tsec->sid = SECINITSID_UNLABELED; | 171 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
170 | task->security = tsec; | 172 | cred->security = tsec; |
173 | } | ||
171 | 174 | ||
172 | return 0; | 175 | /* |
176 | * get the security ID of a set of credentials | ||
177 | */ | ||
178 | static inline u32 cred_sid(const struct cred *cred) | ||
179 | { | ||
180 | const struct task_security_struct *tsec; | ||
181 | |||
182 | tsec = cred->security; | ||
183 | return tsec->sid; | ||
173 | } | 184 | } |
174 | 185 | ||
175 | static void task_free_security(struct task_struct *task) | 186 | /* |
187 | * get the objective security ID of a task | ||
188 | */ | ||
189 | static inline u32 task_sid(const struct task_struct *task) | ||
176 | { | 190 | { |
177 | struct task_security_struct *tsec = task->security; | 191 | u32 sid; |
178 | task->security = NULL; | 192 | |
179 | kfree(tsec); | 193 | rcu_read_lock(); |
194 | sid = cred_sid(__task_cred(task)); | ||
195 | rcu_read_unlock(); | ||
196 | return sid; | ||
180 | } | 197 | } |
181 | 198 | ||
199 | /* | ||
200 | * get the subjective security ID of the current task | ||
201 | */ | ||
202 | static inline u32 current_sid(void) | ||
203 | { | ||
204 | const struct task_security_struct *tsec = current_cred()->security; | ||
205 | |||
206 | return tsec->sid; | ||
207 | } | ||
208 | |||
209 | /* Allocate and free functions for each kind of security blob. */ | ||
210 | |||
182 | static int inode_alloc_security(struct inode *inode) | 211 | static int inode_alloc_security(struct inode *inode) |
183 | { | 212 | { |
184 | struct task_security_struct *tsec = current->security; | ||
185 | struct inode_security_struct *isec; | 213 | struct inode_security_struct *isec; |
214 | u32 sid = current_sid(); | ||
186 | 215 | ||
187 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); | 216 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); |
188 | if (!isec) | 217 | if (!isec) |
@@ -193,7 +222,7 @@ static int inode_alloc_security(struct inode *inode) | |||
193 | isec->inode = inode; | 222 | isec->inode = inode; |
194 | isec->sid = SECINITSID_UNLABELED; | 223 | isec->sid = SECINITSID_UNLABELED; |
195 | isec->sclass = SECCLASS_FILE; | 224 | isec->sclass = SECCLASS_FILE; |
196 | isec->task_sid = tsec->sid; | 225 | isec->task_sid = sid; |
197 | inode->i_security = isec; | 226 | inode->i_security = isec; |
198 | 227 | ||
199 | return 0; | 228 | return 0; |
@@ -215,15 +244,15 @@ static void inode_free_security(struct inode *inode) | |||
215 | 244 | ||
216 | static int file_alloc_security(struct file *file) | 245 | static int file_alloc_security(struct file *file) |
217 | { | 246 | { |
218 | struct task_security_struct *tsec = current->security; | ||
219 | struct file_security_struct *fsec; | 247 | struct file_security_struct *fsec; |
248 | u32 sid = current_sid(); | ||
220 | 249 | ||
221 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); | 250 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); |
222 | if (!fsec) | 251 | if (!fsec) |
223 | return -ENOMEM; | 252 | return -ENOMEM; |
224 | 253 | ||
225 | fsec->sid = tsec->sid; | 254 | fsec->sid = sid; |
226 | fsec->fown_sid = tsec->sid; | 255 | fsec->fown_sid = sid; |
227 | file->f_security = fsec; | 256 | file->f_security = fsec; |
228 | 257 | ||
229 | return 0; | 258 | return 0; |
@@ -338,8 +367,9 @@ static const match_table_t tokens = { | |||
338 | 367 | ||
339 | static int may_context_mount_sb_relabel(u32 sid, | 368 | static int may_context_mount_sb_relabel(u32 sid, |
340 | struct superblock_security_struct *sbsec, | 369 | struct superblock_security_struct *sbsec, |
341 | struct task_security_struct *tsec) | 370 | const struct cred *cred) |
342 | { | 371 | { |
372 | const struct task_security_struct *tsec = cred->security; | ||
343 | int rc; | 373 | int rc; |
344 | 374 | ||
345 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 375 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
@@ -354,8 +384,9 @@ static int may_context_mount_sb_relabel(u32 sid, | |||
354 | 384 | ||
355 | static int may_context_mount_inode_relabel(u32 sid, | 385 | static int may_context_mount_inode_relabel(u32 sid, |
356 | struct superblock_security_struct *sbsec, | 386 | struct superblock_security_struct *sbsec, |
357 | struct task_security_struct *tsec) | 387 | const struct cred *cred) |
358 | { | 388 | { |
389 | const struct task_security_struct *tsec = cred->security; | ||
359 | int rc; | 390 | int rc; |
360 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 391 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
361 | FILESYSTEM__RELABELFROM, NULL); | 392 | FILESYSTEM__RELABELFROM, NULL); |
@@ -553,8 +584,8 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag, | |||
553 | static int selinux_set_mnt_opts(struct super_block *sb, | 584 | static int selinux_set_mnt_opts(struct super_block *sb, |
554 | struct security_mnt_opts *opts) | 585 | struct security_mnt_opts *opts) |
555 | { | 586 | { |
587 | const struct cred *cred = current_cred(); | ||
556 | int rc = 0, i; | 588 | int rc = 0, i; |
557 | struct task_security_struct *tsec = current->security; | ||
558 | struct superblock_security_struct *sbsec = sb->s_security; | 589 | struct superblock_security_struct *sbsec = sb->s_security; |
559 | const char *name = sb->s_type->name; | 590 | const char *name = sb->s_type->name; |
560 | struct inode *inode = sbsec->sb->s_root->d_inode; | 591 | struct inode *inode = sbsec->sb->s_root->d_inode; |
@@ -680,8 +711,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
680 | 711 | ||
681 | /* sets the context of the superblock for the fs being mounted. */ | 712 | /* sets the context of the superblock for the fs being mounted. */ |
682 | if (fscontext_sid) { | 713 | if (fscontext_sid) { |
683 | 714 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); | |
684 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec); | ||
685 | if (rc) | 715 | if (rc) |
686 | goto out; | 716 | goto out; |
687 | 717 | ||
@@ -695,12 +725,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
695 | */ | 725 | */ |
696 | if (context_sid) { | 726 | if (context_sid) { |
697 | if (!fscontext_sid) { | 727 | if (!fscontext_sid) { |
698 | rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec); | 728 | rc = may_context_mount_sb_relabel(context_sid, sbsec, |
729 | cred); | ||
699 | if (rc) | 730 | if (rc) |
700 | goto out; | 731 | goto out; |
701 | sbsec->sid = context_sid; | 732 | sbsec->sid = context_sid; |
702 | } else { | 733 | } else { |
703 | rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec); | 734 | rc = may_context_mount_inode_relabel(context_sid, sbsec, |
735 | cred); | ||
704 | if (rc) | 736 | if (rc) |
705 | goto out; | 737 | goto out; |
706 | } | 738 | } |
@@ -712,7 +744,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
712 | } | 744 | } |
713 | 745 | ||
714 | if (rootcontext_sid) { | 746 | if (rootcontext_sid) { |
715 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec); | 747 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, |
748 | cred); | ||
716 | if (rc) | 749 | if (rc) |
717 | goto out; | 750 | goto out; |
718 | 751 | ||
@@ -730,7 +763,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
730 | 763 | ||
731 | if (defcontext_sid != sbsec->def_sid) { | 764 | if (defcontext_sid != sbsec->def_sid) { |
732 | rc = may_context_mount_inode_relabel(defcontext_sid, | 765 | rc = may_context_mount_inode_relabel(defcontext_sid, |
733 | sbsec, tsec); | 766 | sbsec, cred); |
734 | if (rc) | 767 | if (rc) |
735 | goto out; | 768 | goto out; |
736 | } | 769 | } |
@@ -1345,18 +1378,53 @@ static inline u32 signal_to_av(int sig) | |||
1345 | return perm; | 1378 | return perm; |
1346 | } | 1379 | } |
1347 | 1380 | ||
1348 | /* Check permission betweeen a pair of tasks, e.g. signal checks, | 1381 | /* |
1349 | fork check, ptrace check, etc. */ | 1382 | * Check permission between a pair of credentials |
1350 | static int task_has_perm(struct task_struct *tsk1, | 1383 | * fork check, ptrace check, etc. |
1351 | struct task_struct *tsk2, | 1384 | */ |
1385 | static int cred_has_perm(const struct cred *actor, | ||
1386 | const struct cred *target, | ||
1387 | u32 perms) | ||
1388 | { | ||
1389 | u32 asid = cred_sid(actor), tsid = cred_sid(target); | ||
1390 | |||
1391 | return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1392 | } | ||
1393 | |||
1394 | /* | ||
1395 | * Check permission between a pair of tasks, e.g. signal checks, | ||
1396 | * fork check, ptrace check, etc. | ||
1397 | * tsk1 is the actor and tsk2 is the target | ||
1398 | * - this uses the default subjective creds of tsk1 | ||
1399 | */ | ||
1400 | static int task_has_perm(const struct task_struct *tsk1, | ||
1401 | const struct task_struct *tsk2, | ||
1352 | u32 perms) | 1402 | u32 perms) |
1353 | { | 1403 | { |
1354 | struct task_security_struct *tsec1, *tsec2; | 1404 | const struct task_security_struct *__tsec1, *__tsec2; |
1405 | u32 sid1, sid2; | ||
1355 | 1406 | ||
1356 | tsec1 = tsk1->security; | 1407 | rcu_read_lock(); |
1357 | tsec2 = tsk2->security; | 1408 | __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; |
1358 | return avc_has_perm(tsec1->sid, tsec2->sid, | 1409 | __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; |
1359 | SECCLASS_PROCESS, perms, NULL); | 1410 | rcu_read_unlock(); |
1411 | return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); | ||
1412 | } | ||
1413 | |||
1414 | /* | ||
1415 | * Check permission between current and another task, e.g. signal checks, | ||
1416 | * fork check, ptrace check, etc. | ||
1417 | * current is the actor and tsk2 is the target | ||
1418 | * - this uses current's subjective creds | ||
1419 | */ | ||
1420 | static int current_has_perm(const struct task_struct *tsk, | ||
1421 | u32 perms) | ||
1422 | { | ||
1423 | u32 sid, tsid; | ||
1424 | |||
1425 | sid = current_sid(); | ||
1426 | tsid = task_sid(tsk); | ||
1427 | return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1360 | } | 1428 | } |
1361 | 1429 | ||
1362 | #if CAP_LAST_CAP > 63 | 1430 | #if CAP_LAST_CAP > 63 |
@@ -1365,14 +1433,14 @@ static int task_has_perm(struct task_struct *tsk1, | |||
1365 | 1433 | ||
1366 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1367 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1368 | int cap) | 1436 | int cap, int audit) |
1369 | { | 1437 | { |
1370 | struct task_security_struct *tsec; | ||
1371 | struct avc_audit_data ad; | 1438 | struct avc_audit_data ad; |
1439 | struct av_decision avd; | ||
1372 | u16 sclass; | 1440 | u16 sclass; |
1441 | u32 sid = task_sid(tsk); | ||
1373 | u32 av = CAP_TO_MASK(cap); | 1442 | u32 av = CAP_TO_MASK(cap); |
1374 | 1443 | int rc; | |
1375 | tsec = tsk->security; | ||
1376 | 1444 | ||
1377 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 1445 | AVC_AUDIT_DATA_INIT(&ad, CAP); |
1378 | ad.tsk = tsk; | 1446 | ad.tsk = tsk; |
@@ -1390,37 +1458,39 @@ static int task_has_capability(struct task_struct *tsk, | |||
1390 | "SELinux: out of range capability %d\n", cap); | 1458 | "SELinux: out of range capability %d\n", cap); |
1391 | BUG(); | 1459 | BUG(); |
1392 | } | 1460 | } |
1393 | return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); | 1461 | |
1462 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | ||
1463 | if (audit == SECURITY_CAP_AUDIT) | ||
1464 | avc_audit(sid, sid, sclass, av, &avd, rc, &ad); | ||
1465 | return rc; | ||
1394 | } | 1466 | } |
1395 | 1467 | ||
1396 | /* Check whether a task is allowed to use a system operation. */ | 1468 | /* Check whether a task is allowed to use a system operation. */ |
1397 | static int task_has_system(struct task_struct *tsk, | 1469 | static int task_has_system(struct task_struct *tsk, |
1398 | u32 perms) | 1470 | u32 perms) |
1399 | { | 1471 | { |
1400 | struct task_security_struct *tsec; | 1472 | u32 sid = task_sid(tsk); |
1401 | 1473 | ||
1402 | tsec = tsk->security; | 1474 | return avc_has_perm(sid, SECINITSID_KERNEL, |
1403 | |||
1404 | return avc_has_perm(tsec->sid, SECINITSID_KERNEL, | ||
1405 | SECCLASS_SYSTEM, perms, NULL); | 1475 | SECCLASS_SYSTEM, perms, NULL); |
1406 | } | 1476 | } |
1407 | 1477 | ||
1408 | /* Check whether a task has a particular permission to an inode. | 1478 | /* Check whether a task has a particular permission to an inode. |
1409 | The 'adp' parameter is optional and allows other audit | 1479 | The 'adp' parameter is optional and allows other audit |
1410 | data to be passed (e.g. the dentry). */ | 1480 | data to be passed (e.g. the dentry). */ |
1411 | static int inode_has_perm(struct task_struct *tsk, | 1481 | static int inode_has_perm(const struct cred *cred, |
1412 | struct inode *inode, | 1482 | struct inode *inode, |
1413 | u32 perms, | 1483 | u32 perms, |
1414 | struct avc_audit_data *adp) | 1484 | struct avc_audit_data *adp) |
1415 | { | 1485 | { |
1416 | struct task_security_struct *tsec; | ||
1417 | struct inode_security_struct *isec; | 1486 | struct inode_security_struct *isec; |
1418 | struct avc_audit_data ad; | 1487 | struct avc_audit_data ad; |
1488 | u32 sid; | ||
1419 | 1489 | ||
1420 | if (unlikely(IS_PRIVATE(inode))) | 1490 | if (unlikely(IS_PRIVATE(inode))) |
1421 | return 0; | 1491 | return 0; |
1422 | 1492 | ||
1423 | tsec = tsk->security; | 1493 | sid = cred_sid(cred); |
1424 | isec = inode->i_security; | 1494 | isec = inode->i_security; |
1425 | 1495 | ||
1426 | if (!adp) { | 1496 | if (!adp) { |
@@ -1429,23 +1499,24 @@ static int inode_has_perm(struct task_struct *tsk, | |||
1429 | ad.u.fs.inode = inode; | 1499 | ad.u.fs.inode = inode; |
1430 | } | 1500 | } |
1431 | 1501 | ||
1432 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); | 1502 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); |
1433 | } | 1503 | } |
1434 | 1504 | ||
1435 | /* Same as inode_has_perm, but pass explicit audit data containing | 1505 | /* Same as inode_has_perm, but pass explicit audit data containing |
1436 | the dentry to help the auditing code to more easily generate the | 1506 | the dentry to help the auditing code to more easily generate the |
1437 | pathname if needed. */ | 1507 | pathname if needed. */ |
1438 | static inline int dentry_has_perm(struct task_struct *tsk, | 1508 | static inline int dentry_has_perm(const struct cred *cred, |
1439 | struct vfsmount *mnt, | 1509 | struct vfsmount *mnt, |
1440 | struct dentry *dentry, | 1510 | struct dentry *dentry, |
1441 | u32 av) | 1511 | u32 av) |
1442 | { | 1512 | { |
1443 | struct inode *inode = dentry->d_inode; | 1513 | struct inode *inode = dentry->d_inode; |
1444 | struct avc_audit_data ad; | 1514 | struct avc_audit_data ad; |
1515 | |||
1445 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1516 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1446 | ad.u.fs.path.mnt = mnt; | 1517 | ad.u.fs.path.mnt = mnt; |
1447 | ad.u.fs.path.dentry = dentry; | 1518 | ad.u.fs.path.dentry = dentry; |
1448 | return inode_has_perm(tsk, inode, av, &ad); | 1519 | return inode_has_perm(cred, inode, av, &ad); |
1449 | } | 1520 | } |
1450 | 1521 | ||
1451 | /* Check whether a task can use an open file descriptor to | 1522 | /* Check whether a task can use an open file descriptor to |
@@ -1456,33 +1527,35 @@ static inline int dentry_has_perm(struct task_struct *tsk, | |||
1456 | has the same SID as the process. If av is zero, then | 1527 | has the same SID as the process. If av is zero, then |
1457 | access to the file is not checked, e.g. for cases | 1528 | access to the file is not checked, e.g. for cases |
1458 | where only the descriptor is affected like seek. */ | 1529 | where only the descriptor is affected like seek. */ |
1459 | static int file_has_perm(struct task_struct *tsk, | 1530 | static int file_has_perm(const struct cred *cred, |
1460 | struct file *file, | 1531 | struct file *file, |
1461 | u32 av) | 1532 | u32 av) |
1462 | { | 1533 | { |
1463 | struct task_security_struct *tsec = tsk->security; | ||
1464 | struct file_security_struct *fsec = file->f_security; | 1534 | struct file_security_struct *fsec = file->f_security; |
1465 | struct inode *inode = file->f_path.dentry->d_inode; | 1535 | struct inode *inode = file->f_path.dentry->d_inode; |
1466 | struct avc_audit_data ad; | 1536 | struct avc_audit_data ad; |
1537 | u32 sid = cred_sid(cred); | ||
1467 | int rc; | 1538 | int rc; |
1468 | 1539 | ||
1469 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1540 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1470 | ad.u.fs.path = file->f_path; | 1541 | ad.u.fs.path = file->f_path; |
1471 | 1542 | ||
1472 | if (tsec->sid != fsec->sid) { | 1543 | if (sid != fsec->sid) { |
1473 | rc = avc_has_perm(tsec->sid, fsec->sid, | 1544 | rc = avc_has_perm(sid, fsec->sid, |
1474 | SECCLASS_FD, | 1545 | SECCLASS_FD, |
1475 | FD__USE, | 1546 | FD__USE, |
1476 | &ad); | 1547 | &ad); |
1477 | if (rc) | 1548 | if (rc) |
1478 | return rc; | 1549 | goto out; |
1479 | } | 1550 | } |
1480 | 1551 | ||
1481 | /* av is zero if only checking access to the descriptor. */ | 1552 | /* av is zero if only checking access to the descriptor. */ |
1553 | rc = 0; | ||
1482 | if (av) | 1554 | if (av) |
1483 | return inode_has_perm(tsk, inode, av, &ad); | 1555 | rc = inode_has_perm(cred, inode, av, &ad); |
1484 | 1556 | ||
1485 | return 0; | 1557 | out: |
1558 | return rc; | ||
1486 | } | 1559 | } |
1487 | 1560 | ||
1488 | /* Check whether a task can create a file. */ | 1561 | /* Check whether a task can create a file. */ |
@@ -1490,36 +1563,36 @@ static int may_create(struct inode *dir, | |||
1490 | struct dentry *dentry, | 1563 | struct dentry *dentry, |
1491 | u16 tclass) | 1564 | u16 tclass) |
1492 | { | 1565 | { |
1493 | struct task_security_struct *tsec; | 1566 | const struct cred *cred = current_cred(); |
1567 | const struct task_security_struct *tsec = cred->security; | ||
1494 | struct inode_security_struct *dsec; | 1568 | struct inode_security_struct *dsec; |
1495 | struct superblock_security_struct *sbsec; | 1569 | struct superblock_security_struct *sbsec; |
1496 | u32 newsid; | 1570 | u32 sid, newsid; |
1497 | struct avc_audit_data ad; | 1571 | struct avc_audit_data ad; |
1498 | int rc; | 1572 | int rc; |
1499 | 1573 | ||
1500 | tsec = current->security; | ||
1501 | dsec = dir->i_security; | 1574 | dsec = dir->i_security; |
1502 | sbsec = dir->i_sb->s_security; | 1575 | sbsec = dir->i_sb->s_security; |
1503 | 1576 | ||
1577 | sid = tsec->sid; | ||
1578 | newsid = tsec->create_sid; | ||
1579 | |||
1504 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1580 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1505 | ad.u.fs.path.dentry = dentry; | 1581 | ad.u.fs.path.dentry = dentry; |
1506 | 1582 | ||
1507 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, | 1583 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
1508 | DIR__ADD_NAME | DIR__SEARCH, | 1584 | DIR__ADD_NAME | DIR__SEARCH, |
1509 | &ad); | 1585 | &ad); |
1510 | if (rc) | 1586 | if (rc) |
1511 | return rc; | 1587 | return rc; |
1512 | 1588 | ||
1513 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 1589 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
1514 | newsid = tsec->create_sid; | 1590 | rc = security_transition_sid(sid, dsec->sid, tclass, &newsid); |
1515 | } else { | ||
1516 | rc = security_transition_sid(tsec->sid, dsec->sid, tclass, | ||
1517 | &newsid); | ||
1518 | if (rc) | 1591 | if (rc) |
1519 | return rc; | 1592 | return rc; |
1520 | } | 1593 | } |
1521 | 1594 | ||
1522 | rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); | 1595 | rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); |
1523 | if (rc) | 1596 | if (rc) |
1524 | return rc; | 1597 | return rc; |
1525 | 1598 | ||
@@ -1532,11 +1605,9 @@ static int may_create(struct inode *dir, | |||
1532 | static int may_create_key(u32 ksid, | 1605 | static int may_create_key(u32 ksid, |
1533 | struct task_struct *ctx) | 1606 | struct task_struct *ctx) |
1534 | { | 1607 | { |
1535 | struct task_security_struct *tsec; | 1608 | u32 sid = task_sid(ctx); |
1536 | 1609 | ||
1537 | tsec = ctx->security; | 1610 | return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); |
1538 | |||
1539 | return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); | ||
1540 | } | 1611 | } |
1541 | 1612 | ||
1542 | #define MAY_LINK 0 | 1613 | #define MAY_LINK 0 |
@@ -1549,13 +1620,12 @@ static int may_link(struct inode *dir, | |||
1549 | int kind) | 1620 | int kind) |
1550 | 1621 | ||
1551 | { | 1622 | { |
1552 | struct task_security_struct *tsec; | ||
1553 | struct inode_security_struct *dsec, *isec; | 1623 | struct inode_security_struct *dsec, *isec; |
1554 | struct avc_audit_data ad; | 1624 | struct avc_audit_data ad; |
1625 | u32 sid = current_sid(); | ||
1555 | u32 av; | 1626 | u32 av; |
1556 | int rc; | 1627 | int rc; |
1557 | 1628 | ||
1558 | tsec = current->security; | ||
1559 | dsec = dir->i_security; | 1629 | dsec = dir->i_security; |
1560 | isec = dentry->d_inode->i_security; | 1630 | isec = dentry->d_inode->i_security; |
1561 | 1631 | ||
@@ -1564,7 +1634,7 @@ static int may_link(struct inode *dir, | |||
1564 | 1634 | ||
1565 | av = DIR__SEARCH; | 1635 | av = DIR__SEARCH; |
1566 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); | 1636 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
1567 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); | 1637 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); |
1568 | if (rc) | 1638 | if (rc) |
1569 | return rc; | 1639 | return rc; |
1570 | 1640 | ||
@@ -1584,7 +1654,7 @@ static int may_link(struct inode *dir, | |||
1584 | return 0; | 1654 | return 0; |
1585 | } | 1655 | } |
1586 | 1656 | ||
1587 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); | 1657 | rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); |
1588 | return rc; | 1658 | return rc; |
1589 | } | 1659 | } |
1590 | 1660 | ||
@@ -1593,14 +1663,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1593 | struct inode *new_dir, | 1663 | struct inode *new_dir, |
1594 | struct dentry *new_dentry) | 1664 | struct dentry *new_dentry) |
1595 | { | 1665 | { |
1596 | struct task_security_struct *tsec; | ||
1597 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1666 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
1598 | struct avc_audit_data ad; | 1667 | struct avc_audit_data ad; |
1668 | u32 sid = current_sid(); | ||
1599 | u32 av; | 1669 | u32 av; |
1600 | int old_is_dir, new_is_dir; | 1670 | int old_is_dir, new_is_dir; |
1601 | int rc; | 1671 | int rc; |
1602 | 1672 | ||
1603 | tsec = current->security; | ||
1604 | old_dsec = old_dir->i_security; | 1673 | old_dsec = old_dir->i_security; |
1605 | old_isec = old_dentry->d_inode->i_security; | 1674 | old_isec = old_dentry->d_inode->i_security; |
1606 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1675 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
@@ -1609,16 +1678,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1609 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1678 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1610 | 1679 | ||
1611 | ad.u.fs.path.dentry = old_dentry; | 1680 | ad.u.fs.path.dentry = old_dentry; |
1612 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, | 1681 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
1613 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); | 1682 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
1614 | if (rc) | 1683 | if (rc) |
1615 | return rc; | 1684 | return rc; |
1616 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1685 | rc = avc_has_perm(sid, old_isec->sid, |
1617 | old_isec->sclass, FILE__RENAME, &ad); | 1686 | old_isec->sclass, FILE__RENAME, &ad); |
1618 | if (rc) | 1687 | if (rc) |
1619 | return rc; | 1688 | return rc; |
1620 | if (old_is_dir && new_dir != old_dir) { | 1689 | if (old_is_dir && new_dir != old_dir) { |
1621 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1690 | rc = avc_has_perm(sid, old_isec->sid, |
1622 | old_isec->sclass, DIR__REPARENT, &ad); | 1691 | old_isec->sclass, DIR__REPARENT, &ad); |
1623 | if (rc) | 1692 | if (rc) |
1624 | return rc; | 1693 | return rc; |
@@ -1628,13 +1697,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1628 | av = DIR__ADD_NAME | DIR__SEARCH; | 1697 | av = DIR__ADD_NAME | DIR__SEARCH; |
1629 | if (new_dentry->d_inode) | 1698 | if (new_dentry->d_inode) |
1630 | av |= DIR__REMOVE_NAME; | 1699 | av |= DIR__REMOVE_NAME; |
1631 | rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); | 1700 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); |
1632 | if (rc) | 1701 | if (rc) |
1633 | return rc; | 1702 | return rc; |
1634 | if (new_dentry->d_inode) { | 1703 | if (new_dentry->d_inode) { |
1635 | new_isec = new_dentry->d_inode->i_security; | 1704 | new_isec = new_dentry->d_inode->i_security; |
1636 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); | 1705 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); |
1637 | rc = avc_has_perm(tsec->sid, new_isec->sid, | 1706 | rc = avc_has_perm(sid, new_isec->sid, |
1638 | new_isec->sclass, | 1707 | new_isec->sclass, |
1639 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); | 1708 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); |
1640 | if (rc) | 1709 | if (rc) |
@@ -1645,18 +1714,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1645 | } | 1714 | } |
1646 | 1715 | ||
1647 | /* Check whether a task can perform a filesystem operation. */ | 1716 | /* Check whether a task can perform a filesystem operation. */ |
1648 | static int superblock_has_perm(struct task_struct *tsk, | 1717 | static int superblock_has_perm(const struct cred *cred, |
1649 | struct super_block *sb, | 1718 | struct super_block *sb, |
1650 | u32 perms, | 1719 | u32 perms, |
1651 | struct avc_audit_data *ad) | 1720 | struct avc_audit_data *ad) |
1652 | { | 1721 | { |
1653 | struct task_security_struct *tsec; | ||
1654 | struct superblock_security_struct *sbsec; | 1722 | struct superblock_security_struct *sbsec; |
1723 | u32 sid = cred_sid(cred); | ||
1655 | 1724 | ||
1656 | tsec = tsk->security; | ||
1657 | sbsec = sb->s_security; | 1725 | sbsec = sb->s_security; |
1658 | return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 1726 | return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); |
1659 | perms, ad); | ||
1660 | } | 1727 | } |
1661 | 1728 | ||
1662 | /* Convert a Linux mode and permission mask to an access vector. */ | 1729 | /* Convert a Linux mode and permission mask to an access vector. */ |
@@ -1687,15 +1754,39 @@ static inline u32 file_mask_to_av(int mode, int mask) | |||
1687 | return av; | 1754 | return av; |
1688 | } | 1755 | } |
1689 | 1756 | ||
1757 | /* Convert a Linux file to an access vector. */ | ||
1758 | static inline u32 file_to_av(struct file *file) | ||
1759 | { | ||
1760 | u32 av = 0; | ||
1761 | |||
1762 | if (file->f_mode & FMODE_READ) | ||
1763 | av |= FILE__READ; | ||
1764 | if (file->f_mode & FMODE_WRITE) { | ||
1765 | if (file->f_flags & O_APPEND) | ||
1766 | av |= FILE__APPEND; | ||
1767 | else | ||
1768 | av |= FILE__WRITE; | ||
1769 | } | ||
1770 | if (!av) { | ||
1771 | /* | ||
1772 | * Special file opened with flags 3 for ioctl-only use. | ||
1773 | */ | ||
1774 | av = FILE__IOCTL; | ||
1775 | } | ||
1776 | |||
1777 | return av; | ||
1778 | } | ||
1779 | |||
1690 | /* | 1780 | /* |
1691 | * Convert a file mask to an access vector and include the correct open | 1781 | * Convert a file to an access vector and include the correct open |
1692 | * open permission. | 1782 | * open permission. |
1693 | */ | 1783 | */ |
1694 | static inline u32 open_file_mask_to_av(int mode, int mask) | 1784 | static inline u32 open_file_to_av(struct file *file) |
1695 | { | 1785 | { |
1696 | u32 av = file_mask_to_av(mode, mask); | 1786 | u32 av = file_to_av(file); |
1697 | 1787 | ||
1698 | if (selinux_policycap_openperm) { | 1788 | if (selinux_policycap_openperm) { |
1789 | mode_t mode = file->f_path.dentry->d_inode->i_mode; | ||
1699 | /* | 1790 | /* |
1700 | * lnk files and socks do not really have an 'open' | 1791 | * lnk files and socks do not really have an 'open' |
1701 | */ | 1792 | */ |
@@ -1711,34 +1802,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask) | |||
1711 | av |= DIR__OPEN; | 1802 | av |= DIR__OPEN; |
1712 | else | 1803 | else |
1713 | printk(KERN_ERR "SELinux: WARNING: inside %s with " | 1804 | printk(KERN_ERR "SELinux: WARNING: inside %s with " |
1714 | "unknown mode:%x\n", __func__, mode); | 1805 | "unknown mode:%o\n", __func__, mode); |
1715 | } | 1806 | } |
1716 | return av; | 1807 | return av; |
1717 | } | 1808 | } |
1718 | 1809 | ||
1719 | /* Convert a Linux file to an access vector. */ | ||
1720 | static inline u32 file_to_av(struct file *file) | ||
1721 | { | ||
1722 | u32 av = 0; | ||
1723 | |||
1724 | if (file->f_mode & FMODE_READ) | ||
1725 | av |= FILE__READ; | ||
1726 | if (file->f_mode & FMODE_WRITE) { | ||
1727 | if (file->f_flags & O_APPEND) | ||
1728 | av |= FILE__APPEND; | ||
1729 | else | ||
1730 | av |= FILE__WRITE; | ||
1731 | } | ||
1732 | if (!av) { | ||
1733 | /* | ||
1734 | * Special file opened with flags 3 for ioctl-only use. | ||
1735 | */ | ||
1736 | av = FILE__IOCTL; | ||
1737 | } | ||
1738 | |||
1739 | return av; | ||
1740 | } | ||
1741 | |||
1742 | /* Hook functions begin here. */ | 1810 | /* Hook functions begin here. */ |
1743 | 1811 | ||
1744 | static int selinux_ptrace_may_access(struct task_struct *child, | 1812 | static int selinux_ptrace_may_access(struct task_struct *child, |
@@ -1751,13 +1819,12 @@ static int selinux_ptrace_may_access(struct task_struct *child, | |||
1751 | return rc; | 1819 | return rc; |
1752 | 1820 | ||
1753 | if (mode == PTRACE_MODE_READ) { | 1821 | if (mode == PTRACE_MODE_READ) { |
1754 | struct task_security_struct *tsec = current->security; | 1822 | u32 sid = current_sid(); |
1755 | struct task_security_struct *csec = child->security; | 1823 | u32 csid = task_sid(child); |
1756 | return avc_has_perm(tsec->sid, csec->sid, | 1824 | return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); |
1757 | SECCLASS_FILE, FILE__READ, NULL); | ||
1758 | } | 1825 | } |
1759 | 1826 | ||
1760 | return task_has_perm(current, child, PROCESS__PTRACE); | 1827 | return current_has_perm(child, PROCESS__PTRACE); |
1761 | } | 1828 | } |
1762 | 1829 | ||
1763 | static int selinux_ptrace_traceme(struct task_struct *parent) | 1830 | static int selinux_ptrace_traceme(struct task_struct *parent) |
@@ -1776,40 +1843,37 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, | |||
1776 | { | 1843 | { |
1777 | int error; | 1844 | int error; |
1778 | 1845 | ||
1779 | error = task_has_perm(current, target, PROCESS__GETCAP); | 1846 | error = current_has_perm(target, PROCESS__GETCAP); |
1780 | if (error) | 1847 | if (error) |
1781 | return error; | 1848 | return error; |
1782 | 1849 | ||
1783 | return secondary_ops->capget(target, effective, inheritable, permitted); | 1850 | return secondary_ops->capget(target, effective, inheritable, permitted); |
1784 | } | 1851 | } |
1785 | 1852 | ||
1786 | static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, | 1853 | static int selinux_capset(struct cred *new, const struct cred *old, |
1787 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1854 | const kernel_cap_t *effective, |
1855 | const kernel_cap_t *inheritable, | ||
1856 | const kernel_cap_t *permitted) | ||
1788 | { | 1857 | { |
1789 | int error; | 1858 | int error; |
1790 | 1859 | ||
1791 | error = secondary_ops->capset_check(target, effective, inheritable, permitted); | 1860 | error = secondary_ops->capset(new, old, |
1861 | effective, inheritable, permitted); | ||
1792 | if (error) | 1862 | if (error) |
1793 | return error; | 1863 | return error; |
1794 | 1864 | ||
1795 | return task_has_perm(current, target, PROCESS__SETCAP); | 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1796 | } | 1866 | } |
1797 | 1867 | ||
1798 | static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, | 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
1799 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
1800 | { | ||
1801 | secondary_ops->capset_set(target, effective, inheritable, permitted); | ||
1802 | } | ||
1803 | |||
1804 | static int selinux_capable(struct task_struct *tsk, int cap) | ||
1805 | { | 1869 | { |
1806 | int rc; | 1870 | int rc; |
1807 | 1871 | ||
1808 | rc = secondary_ops->capable(tsk, cap); | 1872 | rc = secondary_ops->capable(tsk, cap, audit); |
1809 | if (rc) | 1873 | if (rc) |
1810 | return rc; | 1874 | return rc; |
1811 | 1875 | ||
1812 | return task_has_capability(tsk, cap); | 1876 | return task_has_capability(tsk, cap, audit); |
1813 | } | 1877 | } |
1814 | 1878 | ||
1815 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -1857,15 +1921,14 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1857 | { | 1921 | { |
1858 | int error = 0; | 1922 | int error = 0; |
1859 | u32 av; | 1923 | u32 av; |
1860 | struct task_security_struct *tsec; | 1924 | u32 tsid, sid; |
1861 | u32 tsid; | ||
1862 | int rc; | 1925 | int rc; |
1863 | 1926 | ||
1864 | rc = secondary_ops->sysctl(table, op); | 1927 | rc = secondary_ops->sysctl(table, op); |
1865 | if (rc) | 1928 | if (rc) |
1866 | return rc; | 1929 | return rc; |
1867 | 1930 | ||
1868 | tsec = current->security; | 1931 | sid = current_sid(); |
1869 | 1932 | ||
1870 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? | 1933 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? |
1871 | SECCLASS_DIR : SECCLASS_FILE, &tsid); | 1934 | SECCLASS_DIR : SECCLASS_FILE, &tsid); |
@@ -1877,7 +1940,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1877 | /* The op values are "defined" in sysctl.c, thereby creating | 1940 | /* The op values are "defined" in sysctl.c, thereby creating |
1878 | * a bad coupling between this module and sysctl.c */ | 1941 | * a bad coupling between this module and sysctl.c */ |
1879 | if (op == 001) { | 1942 | if (op == 001) { |
1880 | error = avc_has_perm(tsec->sid, tsid, | 1943 | error = avc_has_perm(sid, tsid, |
1881 | SECCLASS_DIR, DIR__SEARCH, NULL); | 1944 | SECCLASS_DIR, DIR__SEARCH, NULL); |
1882 | } else { | 1945 | } else { |
1883 | av = 0; | 1946 | av = 0; |
@@ -1886,7 +1949,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1886 | if (op & 002) | 1949 | if (op & 002) |
1887 | av |= FILE__WRITE; | 1950 | av |= FILE__WRITE; |
1888 | if (av) | 1951 | if (av) |
1889 | error = avc_has_perm(tsec->sid, tsid, | 1952 | error = avc_has_perm(sid, tsid, |
1890 | SECCLASS_FILE, av, NULL); | 1953 | SECCLASS_FILE, av, NULL); |
1891 | } | 1954 | } |
1892 | 1955 | ||
@@ -1895,6 +1958,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1895 | 1958 | ||
1896 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | 1959 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) |
1897 | { | 1960 | { |
1961 | const struct cred *cred = current_cred(); | ||
1898 | int rc = 0; | 1962 | int rc = 0; |
1899 | 1963 | ||
1900 | if (!sb) | 1964 | if (!sb) |
@@ -1906,14 +1970,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1906 | case Q_QUOTAOFF: | 1970 | case Q_QUOTAOFF: |
1907 | case Q_SETINFO: | 1971 | case Q_SETINFO: |
1908 | case Q_SETQUOTA: | 1972 | case Q_SETQUOTA: |
1909 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, | 1973 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); |
1910 | NULL); | ||
1911 | break; | 1974 | break; |
1912 | case Q_GETFMT: | 1975 | case Q_GETFMT: |
1913 | case Q_GETINFO: | 1976 | case Q_GETINFO: |
1914 | case Q_GETQUOTA: | 1977 | case Q_GETQUOTA: |
1915 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, | 1978 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); |
1916 | NULL); | ||
1917 | break; | 1979 | break; |
1918 | default: | 1980 | default: |
1919 | rc = 0; /* let the kernel handle invalid cmds */ | 1981 | rc = 0; /* let the kernel handle invalid cmds */ |
@@ -1924,7 +1986,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1924 | 1986 | ||
1925 | static int selinux_quota_on(struct dentry *dentry) | 1987 | static int selinux_quota_on(struct dentry *dentry) |
1926 | { | 1988 | { |
1927 | return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); | 1989 | const struct cred *cred = current_cred(); |
1990 | |||
1991 | return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); | ||
1928 | } | 1992 | } |
1929 | 1993 | ||
1930 | static int selinux_syslog(int type) | 1994 | static int selinux_syslog(int type) |
@@ -1972,16 +2036,8 @@ static int selinux_syslog(int type) | |||
1972 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | 2036 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) |
1973 | { | 2037 | { |
1974 | int rc, cap_sys_admin = 0; | 2038 | int rc, cap_sys_admin = 0; |
1975 | struct task_security_struct *tsec = current->security; | ||
1976 | |||
1977 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN); | ||
1978 | if (rc == 0) | ||
1979 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
1980 | SECCLASS_CAPABILITY, | ||
1981 | CAP_TO_MASK(CAP_SYS_ADMIN), | ||
1982 | 0, | ||
1983 | NULL); | ||
1984 | 2039 | ||
2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | ||
1985 | if (rc == 0) | 2041 | if (rc == 0) |
1986 | cap_sys_admin = 1; | 2042 | cap_sys_admin = 1; |
1987 | 2043 | ||
@@ -1990,59 +2046,45 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
1990 | 2046 | ||
1991 | /* binprm security operations */ | 2047 | /* binprm security operations */ |
1992 | 2048 | ||
1993 | static int selinux_bprm_alloc_security(struct linux_binprm *bprm) | 2049 | static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
1994 | { | ||
1995 | struct bprm_security_struct *bsec; | ||
1996 | |||
1997 | bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); | ||
1998 | if (!bsec) | ||
1999 | return -ENOMEM; | ||
2000 | |||
2001 | bsec->sid = SECINITSID_UNLABELED; | ||
2002 | bsec->set = 0; | ||
2003 | |||
2004 | bprm->security = bsec; | ||
2005 | return 0; | ||
2006 | } | ||
2007 | |||
2008 | static int selinux_bprm_set_security(struct linux_binprm *bprm) | ||
2009 | { | 2050 | { |
2010 | struct task_security_struct *tsec; | 2051 | const struct task_security_struct *old_tsec; |
2011 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 2052 | struct task_security_struct *new_tsec; |
2012 | struct inode_security_struct *isec; | 2053 | struct inode_security_struct *isec; |
2013 | struct bprm_security_struct *bsec; | ||
2014 | u32 newsid; | ||
2015 | struct avc_audit_data ad; | 2054 | struct avc_audit_data ad; |
2055 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | ||
2016 | int rc; | 2056 | int rc; |
2017 | 2057 | ||
2018 | rc = secondary_ops->bprm_set_security(bprm); | 2058 | rc = secondary_ops->bprm_set_creds(bprm); |
2019 | if (rc) | 2059 | if (rc) |
2020 | return rc; | 2060 | return rc; |
2021 | 2061 | ||
2022 | bsec = bprm->security; | 2062 | /* SELinux context only depends on initial program or script and not |
2023 | 2063 | * the script interpreter */ | |
2024 | if (bsec->set) | 2064 | if (bprm->cred_prepared) |
2025 | return 0; | 2065 | return 0; |
2026 | 2066 | ||
2027 | tsec = current->security; | 2067 | old_tsec = current_security(); |
2068 | new_tsec = bprm->cred->security; | ||
2028 | isec = inode->i_security; | 2069 | isec = inode->i_security; |
2029 | 2070 | ||
2030 | /* Default to the current task SID. */ | 2071 | /* Default to the current task SID. */ |
2031 | bsec->sid = tsec->sid; | 2072 | new_tsec->sid = old_tsec->sid; |
2073 | new_tsec->osid = old_tsec->sid; | ||
2032 | 2074 | ||
2033 | /* Reset fs, key, and sock SIDs on execve. */ | 2075 | /* Reset fs, key, and sock SIDs on execve. */ |
2034 | tsec->create_sid = 0; | 2076 | new_tsec->create_sid = 0; |
2035 | tsec->keycreate_sid = 0; | 2077 | new_tsec->keycreate_sid = 0; |
2036 | tsec->sockcreate_sid = 0; | 2078 | new_tsec->sockcreate_sid = 0; |
2037 | 2079 | ||
2038 | if (tsec->exec_sid) { | 2080 | if (old_tsec->exec_sid) { |
2039 | newsid = tsec->exec_sid; | 2081 | new_tsec->sid = old_tsec->exec_sid; |
2040 | /* Reset exec SID on execve. */ | 2082 | /* Reset exec SID on execve. */ |
2041 | tsec->exec_sid = 0; | 2083 | new_tsec->exec_sid = 0; |
2042 | } else { | 2084 | } else { |
2043 | /* Check for a default transition on this program. */ | 2085 | /* Check for a default transition on this program. */ |
2044 | rc = security_transition_sid(tsec->sid, isec->sid, | 2086 | rc = security_transition_sid(old_tsec->sid, isec->sid, |
2045 | SECCLASS_PROCESS, &newsid); | 2087 | SECCLASS_PROCESS, &new_tsec->sid); |
2046 | if (rc) | 2088 | if (rc) |
2047 | return rc; | 2089 | return rc; |
2048 | } | 2090 | } |
@@ -2051,33 +2093,63 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) | |||
2051 | ad.u.fs.path = bprm->file->f_path; | 2093 | ad.u.fs.path = bprm->file->f_path; |
2052 | 2094 | ||
2053 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 2095 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
2054 | newsid = tsec->sid; | 2096 | new_tsec->sid = old_tsec->sid; |
2055 | 2097 | ||
2056 | if (tsec->sid == newsid) { | 2098 | if (new_tsec->sid == old_tsec->sid) { |
2057 | rc = avc_has_perm(tsec->sid, isec->sid, | 2099 | rc = avc_has_perm(old_tsec->sid, isec->sid, |
2058 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); | 2100 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); |
2059 | if (rc) | 2101 | if (rc) |
2060 | return rc; | 2102 | return rc; |
2061 | } else { | 2103 | } else { |
2062 | /* Check permissions for the transition. */ | 2104 | /* Check permissions for the transition. */ |
2063 | rc = avc_has_perm(tsec->sid, newsid, | 2105 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
2064 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); | 2106 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); |
2065 | if (rc) | 2107 | if (rc) |
2066 | return rc; | 2108 | return rc; |
2067 | 2109 | ||
2068 | rc = avc_has_perm(newsid, isec->sid, | 2110 | rc = avc_has_perm(new_tsec->sid, isec->sid, |
2069 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); | 2111 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); |
2070 | if (rc) | 2112 | if (rc) |
2071 | return rc; | 2113 | return rc; |
2072 | 2114 | ||
2073 | /* Clear any possibly unsafe personality bits on exec: */ | 2115 | /* Check for shared state */ |
2074 | current->personality &= ~PER_CLEAR_ON_SETID; | 2116 | if (bprm->unsafe & LSM_UNSAFE_SHARE) { |
2117 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, | ||
2118 | SECCLASS_PROCESS, PROCESS__SHARE, | ||
2119 | NULL); | ||
2120 | if (rc) | ||
2121 | return -EPERM; | ||
2122 | } | ||
2123 | |||
2124 | /* Make sure that anyone attempting to ptrace over a task that | ||
2125 | * changes its SID has the appropriate permit */ | ||
2126 | if (bprm->unsafe & | ||
2127 | (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2128 | struct task_struct *tracer; | ||
2129 | struct task_security_struct *sec; | ||
2130 | u32 ptsid = 0; | ||
2131 | |||
2132 | rcu_read_lock(); | ||
2133 | tracer = tracehook_tracer_task(current); | ||
2134 | if (likely(tracer != NULL)) { | ||
2135 | sec = __task_cred(tracer)->security; | ||
2136 | ptsid = sec->sid; | ||
2137 | } | ||
2138 | rcu_read_unlock(); | ||
2075 | 2139 | ||
2076 | /* Set the security field to the new SID. */ | 2140 | if (ptsid != 0) { |
2077 | bsec->sid = newsid; | 2141 | rc = avc_has_perm(ptsid, new_tsec->sid, |
2142 | SECCLASS_PROCESS, | ||
2143 | PROCESS__PTRACE, NULL); | ||
2144 | if (rc) | ||
2145 | return -EPERM; | ||
2146 | } | ||
2147 | } | ||
2148 | |||
2149 | /* Clear any possibly unsafe personality bits on exec: */ | ||
2150 | bprm->per_clear |= PER_CLEAR_ON_SETID; | ||
2078 | } | 2151 | } |
2079 | 2152 | ||
2080 | bsec->set = 1; | ||
2081 | return 0; | 2153 | return 0; |
2082 | } | 2154 | } |
2083 | 2155 | ||
@@ -2086,35 +2158,34 @@ static int selinux_bprm_check_security(struct linux_binprm *bprm) | |||
2086 | return secondary_ops->bprm_check_security(bprm); | 2158 | return secondary_ops->bprm_check_security(bprm); |
2087 | } | 2159 | } |
2088 | 2160 | ||
2089 | |||
2090 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | 2161 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) |
2091 | { | 2162 | { |
2092 | struct task_security_struct *tsec = current->security; | 2163 | const struct cred *cred = current_cred(); |
2164 | const struct task_security_struct *tsec = cred->security; | ||
2165 | u32 sid, osid; | ||
2093 | int atsecure = 0; | 2166 | int atsecure = 0; |
2094 | 2167 | ||
2095 | if (tsec->osid != tsec->sid) { | 2168 | sid = tsec->sid; |
2169 | osid = tsec->osid; | ||
2170 | |||
2171 | if (osid != sid) { | ||
2096 | /* Enable secure mode for SIDs transitions unless | 2172 | /* Enable secure mode for SIDs transitions unless |
2097 | the noatsecure permission is granted between | 2173 | the noatsecure permission is granted between |
2098 | the two SIDs, i.e. ahp returns 0. */ | 2174 | the two SIDs, i.e. ahp returns 0. */ |
2099 | atsecure = avc_has_perm(tsec->osid, tsec->sid, | 2175 | atsecure = avc_has_perm(osid, sid, |
2100 | SECCLASS_PROCESS, | 2176 | SECCLASS_PROCESS, |
2101 | PROCESS__NOATSECURE, NULL); | 2177 | PROCESS__NOATSECURE, NULL); |
2102 | } | 2178 | } |
2103 | 2179 | ||
2104 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); | 2180 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); |
2105 | } | 2181 | } |
2106 | 2182 | ||
2107 | static void selinux_bprm_free_security(struct linux_binprm *bprm) | ||
2108 | { | ||
2109 | kfree(bprm->security); | ||
2110 | bprm->security = NULL; | ||
2111 | } | ||
2112 | |||
2113 | extern struct vfsmount *selinuxfs_mount; | 2183 | extern struct vfsmount *selinuxfs_mount; |
2114 | extern struct dentry *selinux_null; | 2184 | extern struct dentry *selinux_null; |
2115 | 2185 | ||
2116 | /* Derived from fs/exec.c:flush_old_files. */ | 2186 | /* Derived from fs/exec.c:flush_old_files. */ |
2117 | static inline void flush_unauthorized_files(struct files_struct *files) | 2187 | static inline void flush_unauthorized_files(const struct cred *cred, |
2188 | struct files_struct *files) | ||
2118 | { | 2189 | { |
2119 | struct avc_audit_data ad; | 2190 | struct avc_audit_data ad; |
2120 | struct file *file, *devnull = NULL; | 2191 | struct file *file, *devnull = NULL; |
@@ -2136,7 +2207,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2136 | interested in the inode-based check here. */ | 2207 | interested in the inode-based check here. */ |
2137 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); | 2208 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
2138 | inode = file->f_path.dentry->d_inode; | 2209 | inode = file->f_path.dentry->d_inode; |
2139 | if (inode_has_perm(current, inode, | 2210 | if (inode_has_perm(cred, inode, |
2140 | FILE__READ | FILE__WRITE, NULL)) { | 2211 | FILE__READ | FILE__WRITE, NULL)) { |
2141 | drop_tty = 1; | 2212 | drop_tty = 1; |
2142 | } | 2213 | } |
@@ -2171,7 +2242,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2171 | file = fget(i); | 2242 | file = fget(i); |
2172 | if (!file) | 2243 | if (!file) |
2173 | continue; | 2244 | continue; |
2174 | if (file_has_perm(current, | 2245 | if (file_has_perm(cred, |
2175 | file, | 2246 | file, |
2176 | file_to_av(file))) { | 2247 | file_to_av(file))) { |
2177 | sys_close(i); | 2248 | sys_close(i); |
@@ -2185,7 +2256,10 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2185 | if (devnull) { | 2256 | if (devnull) { |
2186 | get_file(devnull); | 2257 | get_file(devnull); |
2187 | } else { | 2258 | } else { |
2188 | devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); | 2259 | devnull = dentry_open( |
2260 | dget(selinux_null), | ||
2261 | mntget(selinuxfs_mount), | ||
2262 | O_RDWR, cred); | ||
2189 | if (IS_ERR(devnull)) { | 2263 | if (IS_ERR(devnull)) { |
2190 | devnull = NULL; | 2264 | devnull = NULL; |
2191 | put_unused_fd(fd); | 2265 | put_unused_fd(fd); |
@@ -2204,94 +2278,78 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2204 | spin_unlock(&files->file_lock); | 2278 | spin_unlock(&files->file_lock); |
2205 | } | 2279 | } |
2206 | 2280 | ||
2207 | static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | 2281 | /* |
2282 | * Prepare a process for imminent new credential changes due to exec | ||
2283 | */ | ||
2284 | static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | ||
2208 | { | 2285 | { |
2209 | struct task_security_struct *tsec; | 2286 | struct task_security_struct *new_tsec; |
2210 | struct bprm_security_struct *bsec; | 2287 | struct rlimit *rlim, *initrlim; |
2211 | u32 sid; | 2288 | int rc, i; |
2212 | int rc; | ||
2213 | |||
2214 | secondary_ops->bprm_apply_creds(bprm, unsafe); | ||
2215 | |||
2216 | tsec = current->security; | ||
2217 | 2289 | ||
2218 | bsec = bprm->security; | 2290 | secondary_ops->bprm_committing_creds(bprm); |
2219 | sid = bsec->sid; | ||
2220 | 2291 | ||
2221 | tsec->osid = tsec->sid; | 2292 | new_tsec = bprm->cred->security; |
2222 | bsec->unsafe = 0; | 2293 | if (new_tsec->sid == new_tsec->osid) |
2223 | if (tsec->sid != sid) { | 2294 | return; |
2224 | /* Check for shared state. If not ok, leave SID | ||
2225 | unchanged and kill. */ | ||
2226 | if (unsafe & LSM_UNSAFE_SHARE) { | ||
2227 | rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | ||
2228 | PROCESS__SHARE, NULL); | ||
2229 | if (rc) { | ||
2230 | bsec->unsafe = 1; | ||
2231 | return; | ||
2232 | } | ||
2233 | } | ||
2234 | 2295 | ||
2235 | /* Check for ptracing, and update the task SID if ok. | 2296 | /* Close files for which the new task SID is not authorized. */ |
2236 | Otherwise, leave SID unchanged and kill. */ | 2297 | flush_unauthorized_files(bprm->cred, current->files); |
2237 | if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2238 | struct task_struct *tracer; | ||
2239 | struct task_security_struct *sec; | ||
2240 | u32 ptsid = 0; | ||
2241 | 2298 | ||
2242 | rcu_read_lock(); | 2299 | /* Always clear parent death signal on SID transitions. */ |
2243 | tracer = tracehook_tracer_task(current); | 2300 | current->pdeath_signal = 0; |
2244 | if (likely(tracer != NULL)) { | ||
2245 | sec = tracer->security; | ||
2246 | ptsid = sec->sid; | ||
2247 | } | ||
2248 | rcu_read_unlock(); | ||
2249 | 2301 | ||
2250 | if (ptsid != 0) { | 2302 | /* Check whether the new SID can inherit resource limits from the old |
2251 | rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, | 2303 | * SID. If not, reset all soft limits to the lower of the current |
2252 | PROCESS__PTRACE, NULL); | 2304 | * task's hard limit and the init task's soft limit. |
2253 | if (rc) { | 2305 | * |
2254 | bsec->unsafe = 1; | 2306 | * Note that the setting of hard limits (even to lower them) can be |
2255 | return; | 2307 | * controlled by the setrlimit check. The inclusion of the init task's |
2256 | } | 2308 | * soft limit into the computation is to avoid resetting soft limits |
2257 | } | 2309 | * higher than the default soft limit for cases where the default is |
2310 | * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. | ||
2311 | */ | ||
2312 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | ||
2313 | PROCESS__RLIMITINH, NULL); | ||
2314 | if (rc) { | ||
2315 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2316 | rlim = current->signal->rlim + i; | ||
2317 | initrlim = init_task.signal->rlim + i; | ||
2318 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2258 | } | 2319 | } |
2259 | tsec->sid = sid; | 2320 | update_rlimit_cpu(rlim->rlim_cur); |
2260 | } | 2321 | } |
2261 | } | 2322 | } |
2262 | 2323 | ||
2263 | /* | 2324 | /* |
2264 | * called after apply_creds without the task lock held | 2325 | * Clean up the process immediately after the installation of new credentials |
2326 | * due to exec | ||
2265 | */ | 2327 | */ |
2266 | static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | 2328 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) |
2267 | { | 2329 | { |
2268 | struct task_security_struct *tsec; | 2330 | const struct task_security_struct *tsec = current_security(); |
2269 | struct rlimit *rlim, *initrlim; | ||
2270 | struct itimerval itimer; | 2331 | struct itimerval itimer; |
2271 | struct bprm_security_struct *bsec; | 2332 | struct sighand_struct *psig; |
2333 | u32 osid, sid; | ||
2272 | int rc, i; | 2334 | int rc, i; |
2335 | unsigned long flags; | ||
2273 | 2336 | ||
2274 | tsec = current->security; | 2337 | secondary_ops->bprm_committed_creds(bprm); |
2275 | bsec = bprm->security; | ||
2276 | 2338 | ||
2277 | if (bsec->unsafe) { | 2339 | osid = tsec->osid; |
2278 | force_sig_specific(SIGKILL, current); | 2340 | sid = tsec->sid; |
2279 | return; | 2341 | |
2280 | } | 2342 | if (sid == osid) |
2281 | if (tsec->osid == tsec->sid) | ||
2282 | return; | 2343 | return; |
2283 | 2344 | ||
2284 | /* Close files for which the new task SID is not authorized. */ | 2345 | /* Check whether the new SID can inherit signal state from the old SID. |
2285 | flush_unauthorized_files(current->files); | 2346 | * If not, clear itimers to avoid subsequent signal generation and |
2286 | 2347 | * flush and unblock signals. | |
2287 | /* Check whether the new SID can inherit signal state | 2348 | * |
2288 | from the old SID. If not, clear itimers to avoid | 2349 | * This must occur _after_ the task SID has been updated so that any |
2289 | subsequent signal generation and flush and unblock | 2350 | * kill done after the flush will be checked against the new SID. |
2290 | signals. This must occur _after_ the task SID has | 2351 | */ |
2291 | been updated so that any kill done after the flush | 2352 | rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); |
2292 | will be checked against the new SID. */ | ||
2293 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2294 | PROCESS__SIGINH, NULL); | ||
2295 | if (rc) { | 2353 | if (rc) { |
2296 | memset(&itimer, 0, sizeof itimer); | 2354 | memset(&itimer, 0, sizeof itimer); |
2297 | for (i = 0; i < 3; i++) | 2355 | for (i = 0; i < 3; i++) |
@@ -2304,33 +2362,14 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
2304 | spin_unlock_irq(¤t->sighand->siglock); | 2362 | spin_unlock_irq(¤t->sighand->siglock); |
2305 | } | 2363 | } |
2306 | 2364 | ||
2307 | /* Always clear parent death signal on SID transitions. */ | 2365 | /* Wake up the parent if it is waiting so that it can recheck |
2308 | current->pdeath_signal = 0; | 2366 | * wait permission to the new task SID. */ |
2309 | 2367 | read_lock_irq(&tasklist_lock); | |
2310 | /* Check whether the new SID can inherit resource limits | 2368 | psig = current->parent->sighand; |
2311 | from the old SID. If not, reset all soft limits to | 2369 | spin_lock_irqsave(&psig->siglock, flags); |
2312 | the lower of the current task's hard limit and the init | ||
2313 | task's soft limit. Note that the setting of hard limits | ||
2314 | (even to lower them) can be controlled by the setrlimit | ||
2315 | check. The inclusion of the init task's soft limit into | ||
2316 | the computation is to avoid resetting soft limits higher | ||
2317 | than the default soft limit for cases where the default | ||
2318 | is lower than the hard limit, e.g. RLIMIT_CORE or | ||
2319 | RLIMIT_STACK.*/ | ||
2320 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2321 | PROCESS__RLIMITINH, NULL); | ||
2322 | if (rc) { | ||
2323 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2324 | rlim = current->signal->rlim + i; | ||
2325 | initrlim = init_task.signal->rlim+i; | ||
2326 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2327 | } | ||
2328 | update_rlimit_cpu(rlim->rlim_cur); | ||
2329 | } | ||
2330 | |||
2331 | /* Wake up the parent if it is waiting so that it can | ||
2332 | recheck wait permission to the new task SID. */ | ||
2333 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); | 2370 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); |
2371 | spin_unlock_irqrestore(&psig->siglock, flags); | ||
2372 | read_unlock_irq(&tasklist_lock); | ||
2334 | } | 2373 | } |
2335 | 2374 | ||
2336 | /* superblock security operations */ | 2375 | /* superblock security operations */ |
@@ -2437,6 +2476,7 @@ out: | |||
2437 | 2476 | ||
2438 | static int selinux_sb_kern_mount(struct super_block *sb, void *data) | 2477 | static int selinux_sb_kern_mount(struct super_block *sb, void *data) |
2439 | { | 2478 | { |
2479 | const struct cred *cred = current_cred(); | ||
2440 | struct avc_audit_data ad; | 2480 | struct avc_audit_data ad; |
2441 | int rc; | 2481 | int rc; |
2442 | 2482 | ||
@@ -2446,16 +2486,17 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data) | |||
2446 | 2486 | ||
2447 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2487 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2448 | ad.u.fs.path.dentry = sb->s_root; | 2488 | ad.u.fs.path.dentry = sb->s_root; |
2449 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); | 2489 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
2450 | } | 2490 | } |
2451 | 2491 | ||
2452 | static int selinux_sb_statfs(struct dentry *dentry) | 2492 | static int selinux_sb_statfs(struct dentry *dentry) |
2453 | { | 2493 | { |
2494 | const struct cred *cred = current_cred(); | ||
2454 | struct avc_audit_data ad; | 2495 | struct avc_audit_data ad; |
2455 | 2496 | ||
2456 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2497 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2457 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2498 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
2458 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2499 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2459 | } | 2500 | } |
2460 | 2501 | ||
2461 | static int selinux_mount(char *dev_name, | 2502 | static int selinux_mount(char *dev_name, |
@@ -2464,6 +2505,7 @@ static int selinux_mount(char *dev_name, | |||
2464 | unsigned long flags, | 2505 | unsigned long flags, |
2465 | void *data) | 2506 | void *data) |
2466 | { | 2507 | { |
2508 | const struct cred *cred = current_cred(); | ||
2467 | int rc; | 2509 | int rc; |
2468 | 2510 | ||
2469 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); | 2511 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); |
@@ -2471,22 +2513,23 @@ static int selinux_mount(char *dev_name, | |||
2471 | return rc; | 2513 | return rc; |
2472 | 2514 | ||
2473 | if (flags & MS_REMOUNT) | 2515 | if (flags & MS_REMOUNT) |
2474 | return superblock_has_perm(current, path->mnt->mnt_sb, | 2516 | return superblock_has_perm(cred, path->mnt->mnt_sb, |
2475 | FILESYSTEM__REMOUNT, NULL); | 2517 | FILESYSTEM__REMOUNT, NULL); |
2476 | else | 2518 | else |
2477 | return dentry_has_perm(current, path->mnt, path->dentry, | 2519 | return dentry_has_perm(cred, path->mnt, path->dentry, |
2478 | FILE__MOUNTON); | 2520 | FILE__MOUNTON); |
2479 | } | 2521 | } |
2480 | 2522 | ||
2481 | static int selinux_umount(struct vfsmount *mnt, int flags) | 2523 | static int selinux_umount(struct vfsmount *mnt, int flags) |
2482 | { | 2524 | { |
2525 | const struct cred *cred = current_cred(); | ||
2483 | int rc; | 2526 | int rc; |
2484 | 2527 | ||
2485 | rc = secondary_ops->sb_umount(mnt, flags); | 2528 | rc = secondary_ops->sb_umount(mnt, flags); |
2486 | if (rc) | 2529 | if (rc) |
2487 | return rc; | 2530 | return rc; |
2488 | 2531 | ||
2489 | return superblock_has_perm(current, mnt->mnt_sb, | 2532 | return superblock_has_perm(cred, mnt->mnt_sb, |
2490 | FILESYSTEM__UNMOUNT, NULL); | 2533 | FILESYSTEM__UNMOUNT, NULL); |
2491 | } | 2534 | } |
2492 | 2535 | ||
@@ -2506,21 +2549,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2506 | char **name, void **value, | 2549 | char **name, void **value, |
2507 | size_t *len) | 2550 | size_t *len) |
2508 | { | 2551 | { |
2509 | struct task_security_struct *tsec; | 2552 | const struct cred *cred = current_cred(); |
2553 | const struct task_security_struct *tsec = cred->security; | ||
2510 | struct inode_security_struct *dsec; | 2554 | struct inode_security_struct *dsec; |
2511 | struct superblock_security_struct *sbsec; | 2555 | struct superblock_security_struct *sbsec; |
2512 | u32 newsid, clen; | 2556 | u32 sid, newsid, clen; |
2513 | int rc; | 2557 | int rc; |
2514 | char *namep = NULL, *context; | 2558 | char *namep = NULL, *context; |
2515 | 2559 | ||
2516 | tsec = current->security; | ||
2517 | dsec = dir->i_security; | 2560 | dsec = dir->i_security; |
2518 | sbsec = dir->i_sb->s_security; | 2561 | sbsec = dir->i_sb->s_security; |
2519 | 2562 | ||
2520 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 2563 | sid = tsec->sid; |
2521 | newsid = tsec->create_sid; | 2564 | newsid = tsec->create_sid; |
2522 | } else { | 2565 | |
2523 | rc = security_transition_sid(tsec->sid, dsec->sid, | 2566 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
2567 | rc = security_transition_sid(sid, dsec->sid, | ||
2524 | inode_mode_to_security_class(inode->i_mode), | 2568 | inode_mode_to_security_class(inode->i_mode), |
2525 | &newsid); | 2569 | &newsid); |
2526 | if (rc) { | 2570 | if (rc) { |
@@ -2623,21 +2667,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent | |||
2623 | 2667 | ||
2624 | static int selinux_inode_readlink(struct dentry *dentry) | 2668 | static int selinux_inode_readlink(struct dentry *dentry) |
2625 | { | 2669 | { |
2626 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2670 | const struct cred *cred = current_cred(); |
2671 | |||
2672 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); | ||
2627 | } | 2673 | } |
2628 | 2674 | ||
2629 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) | 2675 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) |
2630 | { | 2676 | { |
2677 | const struct cred *cred = current_cred(); | ||
2631 | int rc; | 2678 | int rc; |
2632 | 2679 | ||
2633 | rc = secondary_ops->inode_follow_link(dentry, nameidata); | 2680 | rc = secondary_ops->inode_follow_link(dentry, nameidata); |
2634 | if (rc) | 2681 | if (rc) |
2635 | return rc; | 2682 | return rc; |
2636 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2683 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); |
2637 | } | 2684 | } |
2638 | 2685 | ||
2639 | static int selinux_inode_permission(struct inode *inode, int mask) | 2686 | static int selinux_inode_permission(struct inode *inode, int mask) |
2640 | { | 2687 | { |
2688 | const struct cred *cred = current_cred(); | ||
2641 | int rc; | 2689 | int rc; |
2642 | 2690 | ||
2643 | rc = secondary_ops->inode_permission(inode, mask); | 2691 | rc = secondary_ops->inode_permission(inode, mask); |
@@ -2649,12 +2697,13 @@ static int selinux_inode_permission(struct inode *inode, int mask) | |||
2649 | return 0; | 2697 | return 0; |
2650 | } | 2698 | } |
2651 | 2699 | ||
2652 | return inode_has_perm(current, inode, | 2700 | return inode_has_perm(cred, inode, |
2653 | open_file_mask_to_av(inode->i_mode, mask), NULL); | 2701 | file_mask_to_av(inode->i_mode, mask), NULL); |
2654 | } | 2702 | } |
2655 | 2703 | ||
2656 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 2704 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
2657 | { | 2705 | { |
2706 | const struct cred *cred = current_cred(); | ||
2658 | int rc; | 2707 | int rc; |
2659 | 2708 | ||
2660 | rc = secondary_ops->inode_setattr(dentry, iattr); | 2709 | rc = secondary_ops->inode_setattr(dentry, iattr); |
@@ -2666,18 +2715,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
2666 | 2715 | ||
2667 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | | 2716 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | |
2668 | ATTR_ATIME_SET | ATTR_MTIME_SET)) | 2717 | ATTR_ATIME_SET | ATTR_MTIME_SET)) |
2669 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2718 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2670 | 2719 | ||
2671 | return dentry_has_perm(current, NULL, dentry, FILE__WRITE); | 2720 | return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); |
2672 | } | 2721 | } |
2673 | 2722 | ||
2674 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 2723 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
2675 | { | 2724 | { |
2676 | return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); | 2725 | const struct cred *cred = current_cred(); |
2726 | |||
2727 | return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); | ||
2677 | } | 2728 | } |
2678 | 2729 | ||
2679 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | 2730 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) |
2680 | { | 2731 | { |
2732 | const struct cred *cred = current_cred(); | ||
2733 | |||
2681 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 2734 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
2682 | sizeof XATTR_SECURITY_PREFIX - 1)) { | 2735 | sizeof XATTR_SECURITY_PREFIX - 1)) { |
2683 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 2736 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
@@ -2692,18 +2745,17 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | |||
2692 | 2745 | ||
2693 | /* Not an attribute we recognize, so just check the | 2746 | /* Not an attribute we recognize, so just check the |
2694 | ordinary setattr permission. */ | 2747 | ordinary setattr permission. */ |
2695 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2748 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2696 | } | 2749 | } |
2697 | 2750 | ||
2698 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | 2751 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, |
2699 | const void *value, size_t size, int flags) | 2752 | const void *value, size_t size, int flags) |
2700 | { | 2753 | { |
2701 | struct task_security_struct *tsec = current->security; | ||
2702 | struct inode *inode = dentry->d_inode; | 2754 | struct inode *inode = dentry->d_inode; |
2703 | struct inode_security_struct *isec = inode->i_security; | 2755 | struct inode_security_struct *isec = inode->i_security; |
2704 | struct superblock_security_struct *sbsec; | 2756 | struct superblock_security_struct *sbsec; |
2705 | struct avc_audit_data ad; | 2757 | struct avc_audit_data ad; |
2706 | u32 newsid; | 2758 | u32 newsid, sid = current_sid(); |
2707 | int rc = 0; | 2759 | int rc = 0; |
2708 | 2760 | ||
2709 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2761 | if (strcmp(name, XATTR_NAME_SELINUX)) |
@@ -2719,7 +2771,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2719 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2771 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2720 | ad.u.fs.path.dentry = dentry; | 2772 | ad.u.fs.path.dentry = dentry; |
2721 | 2773 | ||
2722 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, | 2774 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
2723 | FILE__RELABELFROM, &ad); | 2775 | FILE__RELABELFROM, &ad); |
2724 | if (rc) | 2776 | if (rc) |
2725 | return rc; | 2777 | return rc; |
@@ -2733,12 +2785,12 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2733 | if (rc) | 2785 | if (rc) |
2734 | return rc; | 2786 | return rc; |
2735 | 2787 | ||
2736 | rc = avc_has_perm(tsec->sid, newsid, isec->sclass, | 2788 | rc = avc_has_perm(sid, newsid, isec->sclass, |
2737 | FILE__RELABELTO, &ad); | 2789 | FILE__RELABELTO, &ad); |
2738 | if (rc) | 2790 | if (rc) |
2739 | return rc; | 2791 | return rc; |
2740 | 2792 | ||
2741 | rc = security_validate_transition(isec->sid, newsid, tsec->sid, | 2793 | rc = security_validate_transition(isec->sid, newsid, sid, |
2742 | isec->sclass); | 2794 | isec->sclass); |
2743 | if (rc) | 2795 | if (rc) |
2744 | return rc; | 2796 | return rc; |
@@ -2778,12 +2830,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
2778 | 2830 | ||
2779 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) | 2831 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) |
2780 | { | 2832 | { |
2781 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2833 | const struct cred *cred = current_cred(); |
2834 | |||
2835 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2782 | } | 2836 | } |
2783 | 2837 | ||
2784 | static int selinux_inode_listxattr(struct dentry *dentry) | 2838 | static int selinux_inode_listxattr(struct dentry *dentry) |
2785 | { | 2839 | { |
2786 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2840 | const struct cred *cred = current_cred(); |
2841 | |||
2842 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2787 | } | 2843 | } |
2788 | 2844 | ||
2789 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) | 2845 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) |
@@ -2806,7 +2862,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2806 | u32 size; | 2862 | u32 size; |
2807 | int error; | 2863 | int error; |
2808 | char *context = NULL; | 2864 | char *context = NULL; |
2809 | struct task_security_struct *tsec = current->security; | ||
2810 | struct inode_security_struct *isec = inode->i_security; | 2865 | struct inode_security_struct *isec = inode->i_security; |
2811 | 2866 | ||
2812 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2867 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
@@ -2821,13 +2876,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2821 | * and lack of permission just means that we fall back to the | 2876 | * and lack of permission just means that we fall back to the |
2822 | * in-core context value, not a denial. | 2877 | * in-core context value, not a denial. |
2823 | */ | 2878 | */ |
2824 | error = secondary_ops->capable(current, CAP_MAC_ADMIN); | 2879 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2825 | if (!error) | ||
2826 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
2827 | SECCLASS_CAPABILITY2, | ||
2828 | CAPABILITY2__MAC_ADMIN, | ||
2829 | 0, | ||
2830 | NULL); | ||
2831 | if (!error) | 2880 | if (!error) |
2832 | error = security_sid_to_context_force(isec->sid, &context, | 2881 | error = security_sid_to_context_force(isec->sid, &context, |
2833 | &size); | 2882 | &size); |
@@ -2894,6 +2943,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | |||
2894 | 2943 | ||
2895 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2944 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
2896 | { | 2945 | { |
2946 | const struct cred *cred = current_cred(); | ||
2897 | int rc; | 2947 | int rc; |
2898 | struct inode *inode = file->f_path.dentry->d_inode; | 2948 | struct inode *inode = file->f_path.dentry->d_inode; |
2899 | 2949 | ||
@@ -2906,7 +2956,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2906 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) | 2956 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
2907 | mask |= MAY_APPEND; | 2957 | mask |= MAY_APPEND; |
2908 | 2958 | ||
2909 | rc = file_has_perm(current, file, | 2959 | rc = file_has_perm(cred, file, |
2910 | file_mask_to_av(inode->i_mode, mask)); | 2960 | file_mask_to_av(inode->i_mode, mask)); |
2911 | if (rc) | 2961 | if (rc) |
2912 | return rc; | 2962 | return rc; |
@@ -2917,16 +2967,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2917 | static int selinux_file_permission(struct file *file, int mask) | 2967 | static int selinux_file_permission(struct file *file, int mask) |
2918 | { | 2968 | { |
2919 | struct inode *inode = file->f_path.dentry->d_inode; | 2969 | struct inode *inode = file->f_path.dentry->d_inode; |
2920 | struct task_security_struct *tsec = current->security; | ||
2921 | struct file_security_struct *fsec = file->f_security; | 2970 | struct file_security_struct *fsec = file->f_security; |
2922 | struct inode_security_struct *isec = inode->i_security; | 2971 | struct inode_security_struct *isec = inode->i_security; |
2972 | u32 sid = current_sid(); | ||
2923 | 2973 | ||
2924 | if (!mask) { | 2974 | if (!mask) { |
2925 | /* No permission to check. Existence test. */ | 2975 | /* No permission to check. Existence test. */ |
2926 | return 0; | 2976 | return 0; |
2927 | } | 2977 | } |
2928 | 2978 | ||
2929 | if (tsec->sid == fsec->sid && fsec->isid == isec->sid | 2979 | if (sid == fsec->sid && fsec->isid == isec->sid |
2930 | && fsec->pseqno == avc_policy_seqno()) | 2980 | && fsec->pseqno == avc_policy_seqno()) |
2931 | return selinux_netlbl_inode_permission(inode, mask); | 2981 | return selinux_netlbl_inode_permission(inode, mask); |
2932 | 2982 | ||
@@ -2946,6 +2996,7 @@ static void selinux_file_free_security(struct file *file) | |||
2946 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 2996 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2947 | unsigned long arg) | 2997 | unsigned long arg) |
2948 | { | 2998 | { |
2999 | const struct cred *cred = current_cred(); | ||
2949 | u32 av = 0; | 3000 | u32 av = 0; |
2950 | 3001 | ||
2951 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 3002 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
@@ -2955,11 +3006,14 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, | |||
2955 | if (!av) | 3006 | if (!av) |
2956 | av = FILE__IOCTL; | 3007 | av = FILE__IOCTL; |
2957 | 3008 | ||
2958 | return file_has_perm(current, file, av); | 3009 | return file_has_perm(cred, file, av); |
2959 | } | 3010 | } |
2960 | 3011 | ||
2961 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 3012 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |
2962 | { | 3013 | { |
3014 | const struct cred *cred = current_cred(); | ||
3015 | int rc = 0; | ||
3016 | |||
2963 | #ifndef CONFIG_PPC32 | 3017 | #ifndef CONFIG_PPC32 |
2964 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { | 3018 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { |
2965 | /* | 3019 | /* |
@@ -2967,9 +3021,9 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2967 | * private file mapping that will also be writable. | 3021 | * private file mapping that will also be writable. |
2968 | * This has an additional check. | 3022 | * This has an additional check. |
2969 | */ | 3023 | */ |
2970 | int rc = task_has_perm(current, current, PROCESS__EXECMEM); | 3024 | rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); |
2971 | if (rc) | 3025 | if (rc) |
2972 | return rc; | 3026 | goto error; |
2973 | } | 3027 | } |
2974 | #endif | 3028 | #endif |
2975 | 3029 | ||
@@ -2984,9 +3038,11 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2984 | if (prot & PROT_EXEC) | 3038 | if (prot & PROT_EXEC) |
2985 | av |= FILE__EXECUTE; | 3039 | av |= FILE__EXECUTE; |
2986 | 3040 | ||
2987 | return file_has_perm(current, file, av); | 3041 | return file_has_perm(cred, file, av); |
2988 | } | 3042 | } |
2989 | return 0; | 3043 | |
3044 | error: | ||
3045 | return rc; | ||
2990 | } | 3046 | } |
2991 | 3047 | ||
2992 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3048 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, |
@@ -2994,7 +3050,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
2994 | unsigned long addr, unsigned long addr_only) | 3050 | unsigned long addr, unsigned long addr_only) |
2995 | { | 3051 | { |
2996 | int rc = 0; | 3052 | int rc = 0; |
2997 | u32 sid = ((struct task_security_struct *)(current->security))->sid; | 3053 | u32 sid = current_sid(); |
2998 | 3054 | ||
2999 | if (addr < mmap_min_addr) | 3055 | if (addr < mmap_min_addr) |
3000 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, | 3056 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
@@ -3013,6 +3069,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3013 | unsigned long reqprot, | 3069 | unsigned long reqprot, |
3014 | unsigned long prot) | 3070 | unsigned long prot) |
3015 | { | 3071 | { |
3072 | const struct cred *cred = current_cred(); | ||
3016 | int rc; | 3073 | int rc; |
3017 | 3074 | ||
3018 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); | 3075 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); |
@@ -3027,12 +3084,11 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3027 | rc = 0; | 3084 | rc = 0; |
3028 | if (vma->vm_start >= vma->vm_mm->start_brk && | 3085 | if (vma->vm_start >= vma->vm_mm->start_brk && |
3029 | vma->vm_end <= vma->vm_mm->brk) { | 3086 | vma->vm_end <= vma->vm_mm->brk) { |
3030 | rc = task_has_perm(current, current, | 3087 | rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); |
3031 | PROCESS__EXECHEAP); | ||
3032 | } else if (!vma->vm_file && | 3088 | } else if (!vma->vm_file && |
3033 | vma->vm_start <= vma->vm_mm->start_stack && | 3089 | vma->vm_start <= vma->vm_mm->start_stack && |
3034 | vma->vm_end >= vma->vm_mm->start_stack) { | 3090 | vma->vm_end >= vma->vm_mm->start_stack) { |
3035 | rc = task_has_perm(current, current, PROCESS__EXECSTACK); | 3091 | rc = current_has_perm(current, PROCESS__EXECSTACK); |
3036 | } else if (vma->vm_file && vma->anon_vma) { | 3092 | } else if (vma->vm_file && vma->anon_vma) { |
3037 | /* | 3093 | /* |
3038 | * We are making executable a file mapping that has | 3094 | * We are making executable a file mapping that has |
@@ -3041,8 +3097,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3041 | * modified content. This typically should only | 3097 | * modified content. This typically should only |
3042 | * occur for text relocations. | 3098 | * occur for text relocations. |
3043 | */ | 3099 | */ |
3044 | rc = file_has_perm(current, vma->vm_file, | 3100 | rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); |
3045 | FILE__EXECMOD); | ||
3046 | } | 3101 | } |
3047 | if (rc) | 3102 | if (rc) |
3048 | return rc; | 3103 | return rc; |
@@ -3054,12 +3109,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3054 | 3109 | ||
3055 | static int selinux_file_lock(struct file *file, unsigned int cmd) | 3110 | static int selinux_file_lock(struct file *file, unsigned int cmd) |
3056 | { | 3111 | { |
3057 | return file_has_perm(current, file, FILE__LOCK); | 3112 | const struct cred *cred = current_cred(); |
3113 | |||
3114 | return file_has_perm(cred, file, FILE__LOCK); | ||
3058 | } | 3115 | } |
3059 | 3116 | ||
3060 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, | 3117 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, |
3061 | unsigned long arg) | 3118 | unsigned long arg) |
3062 | { | 3119 | { |
3120 | const struct cred *cred = current_cred(); | ||
3063 | int err = 0; | 3121 | int err = 0; |
3064 | 3122 | ||
3065 | switch (cmd) { | 3123 | switch (cmd) { |
@@ -3070,7 +3128,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3070 | } | 3128 | } |
3071 | 3129 | ||
3072 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { | 3130 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { |
3073 | err = file_has_perm(current, file, FILE__WRITE); | 3131 | err = file_has_perm(cred, file, FILE__WRITE); |
3074 | break; | 3132 | break; |
3075 | } | 3133 | } |
3076 | /* fall through */ | 3134 | /* fall through */ |
@@ -3080,7 +3138,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3080 | case F_GETOWN: | 3138 | case F_GETOWN: |
3081 | case F_GETSIG: | 3139 | case F_GETSIG: |
3082 | /* Just check FD__USE permission */ | 3140 | /* Just check FD__USE permission */ |
3083 | err = file_has_perm(current, file, 0); | 3141 | err = file_has_perm(cred, file, 0); |
3084 | break; | 3142 | break; |
3085 | case F_GETLK: | 3143 | case F_GETLK: |
3086 | case F_SETLK: | 3144 | case F_SETLK: |
@@ -3094,7 +3152,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3094 | err = -EINVAL; | 3152 | err = -EINVAL; |
3095 | break; | 3153 | break; |
3096 | } | 3154 | } |
3097 | err = file_has_perm(current, file, FILE__LOCK); | 3155 | err = file_has_perm(cred, file, FILE__LOCK); |
3098 | break; | 3156 | break; |
3099 | } | 3157 | } |
3100 | 3158 | ||
@@ -3103,12 +3161,10 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3103 | 3161 | ||
3104 | static int selinux_file_set_fowner(struct file *file) | 3162 | static int selinux_file_set_fowner(struct file *file) |
3105 | { | 3163 | { |
3106 | struct task_security_struct *tsec; | ||
3107 | struct file_security_struct *fsec; | 3164 | struct file_security_struct *fsec; |
3108 | 3165 | ||
3109 | tsec = current->security; | ||
3110 | fsec = file->f_security; | 3166 | fsec = file->f_security; |
3111 | fsec->fown_sid = tsec->sid; | 3167 | fsec->fown_sid = current_sid(); |
3112 | 3168 | ||
3113 | return 0; | 3169 | return 0; |
3114 | } | 3170 | } |
@@ -3117,14 +3173,13 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3117 | struct fown_struct *fown, int signum) | 3173 | struct fown_struct *fown, int signum) |
3118 | { | 3174 | { |
3119 | struct file *file; | 3175 | struct file *file; |
3176 | u32 sid = current_sid(); | ||
3120 | u32 perm; | 3177 | u32 perm; |
3121 | struct task_security_struct *tsec; | ||
3122 | struct file_security_struct *fsec; | 3178 | struct file_security_struct *fsec; |
3123 | 3179 | ||
3124 | /* struct fown_struct is never outside the context of a struct file */ | 3180 | /* struct fown_struct is never outside the context of a struct file */ |
3125 | file = container_of(fown, struct file, f_owner); | 3181 | file = container_of(fown, struct file, f_owner); |
3126 | 3182 | ||
3127 | tsec = tsk->security; | ||
3128 | fsec = file->f_security; | 3183 | fsec = file->f_security; |
3129 | 3184 | ||
3130 | if (!signum) | 3185 | if (!signum) |
@@ -3132,20 +3187,23 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3132 | else | 3187 | else |
3133 | perm = signal_to_av(signum); | 3188 | perm = signal_to_av(signum); |
3134 | 3189 | ||
3135 | return avc_has_perm(fsec->fown_sid, tsec->sid, | 3190 | return avc_has_perm(fsec->fown_sid, sid, |
3136 | SECCLASS_PROCESS, perm, NULL); | 3191 | SECCLASS_PROCESS, perm, NULL); |
3137 | } | 3192 | } |
3138 | 3193 | ||
3139 | static int selinux_file_receive(struct file *file) | 3194 | static int selinux_file_receive(struct file *file) |
3140 | { | 3195 | { |
3141 | return file_has_perm(current, file, file_to_av(file)); | 3196 | const struct cred *cred = current_cred(); |
3197 | |||
3198 | return file_has_perm(cred, file, file_to_av(file)); | ||
3142 | } | 3199 | } |
3143 | 3200 | ||
3144 | static int selinux_dentry_open(struct file *file) | 3201 | static int selinux_dentry_open(struct file *file, const struct cred *cred) |
3145 | { | 3202 | { |
3146 | struct file_security_struct *fsec; | 3203 | struct file_security_struct *fsec; |
3147 | struct inode *inode; | 3204 | struct inode *inode; |
3148 | struct inode_security_struct *isec; | 3205 | struct inode_security_struct *isec; |
3206 | |||
3149 | inode = file->f_path.dentry->d_inode; | 3207 | inode = file->f_path.dentry->d_inode; |
3150 | fsec = file->f_security; | 3208 | fsec = file->f_security; |
3151 | isec = inode->i_security; | 3209 | isec = inode->i_security; |
@@ -3166,7 +3224,7 @@ static int selinux_dentry_open(struct file *file) | |||
3166 | * new inode label or new policy. | 3224 | * new inode label or new policy. |
3167 | * This check is not redundant - do not remove. | 3225 | * This check is not redundant - do not remove. |
3168 | */ | 3226 | */ |
3169 | return inode_has_perm(current, inode, file_to_av(file), NULL); | 3227 | return inode_has_perm(cred, inode, open_file_to_av(file), NULL); |
3170 | } | 3228 | } |
3171 | 3229 | ||
3172 | /* task security operations */ | 3230 | /* task security operations */ |
@@ -3179,36 +3237,88 @@ static int selinux_task_create(unsigned long clone_flags) | |||
3179 | if (rc) | 3237 | if (rc) |
3180 | return rc; | 3238 | return rc; |
3181 | 3239 | ||
3182 | return task_has_perm(current, current, PROCESS__FORK); | 3240 | return current_has_perm(current, PROCESS__FORK); |
3183 | } | 3241 | } |
3184 | 3242 | ||
3185 | static int selinux_task_alloc_security(struct task_struct *tsk) | 3243 | /* |
3244 | * detach and free the LSM part of a set of credentials | ||
3245 | */ | ||
3246 | static void selinux_cred_free(struct cred *cred) | ||
3186 | { | 3247 | { |
3187 | struct task_security_struct *tsec1, *tsec2; | 3248 | struct task_security_struct *tsec = cred->security; |
3188 | int rc; | 3249 | cred->security = NULL; |
3189 | 3250 | kfree(tsec); | |
3190 | tsec1 = current->security; | 3251 | } |
3191 | 3252 | ||
3192 | rc = task_alloc_security(tsk); | 3253 | /* |
3193 | if (rc) | 3254 | * prepare a new set of credentials for modification |
3194 | return rc; | 3255 | */ |
3195 | tsec2 = tsk->security; | 3256 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, |
3257 | gfp_t gfp) | ||
3258 | { | ||
3259 | const struct task_security_struct *old_tsec; | ||
3260 | struct task_security_struct *tsec; | ||
3196 | 3261 | ||
3197 | tsec2->osid = tsec1->osid; | 3262 | old_tsec = old->security; |
3198 | tsec2->sid = tsec1->sid; | ||
3199 | 3263 | ||
3200 | /* Retain the exec, fs, key, and sock SIDs across fork */ | 3264 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); |
3201 | tsec2->exec_sid = tsec1->exec_sid; | 3265 | if (!tsec) |
3202 | tsec2->create_sid = tsec1->create_sid; | 3266 | return -ENOMEM; |
3203 | tsec2->keycreate_sid = tsec1->keycreate_sid; | ||
3204 | tsec2->sockcreate_sid = tsec1->sockcreate_sid; | ||
3205 | 3267 | ||
3268 | new->security = tsec; | ||
3206 | return 0; | 3269 | return 0; |
3207 | } | 3270 | } |
3208 | 3271 | ||
3209 | static void selinux_task_free_security(struct task_struct *tsk) | 3272 | /* |
3273 | * commit new credentials | ||
3274 | */ | ||
3275 | static void selinux_cred_commit(struct cred *new, const struct cred *old) | ||
3276 | { | ||
3277 | secondary_ops->cred_commit(new, old); | ||
3278 | } | ||
3279 | |||
3280 | /* | ||
3281 | * set the security data for a kernel service | ||
3282 | * - all the creation contexts are set to unlabelled | ||
3283 | */ | ||
3284 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | ||
3210 | { | 3285 | { |
3211 | task_free_security(tsk); | 3286 | struct task_security_struct *tsec = new->security; |
3287 | u32 sid = current_sid(); | ||
3288 | int ret; | ||
3289 | |||
3290 | ret = avc_has_perm(sid, secid, | ||
3291 | SECCLASS_KERNEL_SERVICE, | ||
3292 | KERNEL_SERVICE__USE_AS_OVERRIDE, | ||
3293 | NULL); | ||
3294 | if (ret == 0) { | ||
3295 | tsec->sid = secid; | ||
3296 | tsec->create_sid = 0; | ||
3297 | tsec->keycreate_sid = 0; | ||
3298 | tsec->sockcreate_sid = 0; | ||
3299 | } | ||
3300 | return ret; | ||
3301 | } | ||
3302 | |||
3303 | /* | ||
3304 | * set the file creation context in a security record to the same as the | ||
3305 | * objective context of the specified inode | ||
3306 | */ | ||
3307 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
3308 | { | ||
3309 | struct inode_security_struct *isec = inode->i_security; | ||
3310 | struct task_security_struct *tsec = new->security; | ||
3311 | u32 sid = current_sid(); | ||
3312 | int ret; | ||
3313 | |||
3314 | ret = avc_has_perm(sid, isec->sid, | ||
3315 | SECCLASS_KERNEL_SERVICE, | ||
3316 | KERNEL_SERVICE__CREATE_FILES_AS, | ||
3317 | NULL); | ||
3318 | |||
3319 | if (ret == 0) | ||
3320 | tsec->create_sid = isec->sid; | ||
3321 | return 0; | ||
3212 | } | 3322 | } |
3213 | 3323 | ||
3214 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3324 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -3222,9 +3332,10 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |||
3222 | return 0; | 3332 | return 0; |
3223 | } | 3333 | } |
3224 | 3334 | ||
3225 | static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3335 | static int selinux_task_fix_setuid(struct cred *new, const struct cred *old, |
3336 | int flags) | ||
3226 | { | 3337 | { |
3227 | return secondary_ops->task_post_setuid(id0, id1, id2, flags); | 3338 | return secondary_ops->task_fix_setuid(new, old, flags); |
3228 | } | 3339 | } |
3229 | 3340 | ||
3230 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 3341 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
@@ -3235,23 +3346,22 @@ static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |||
3235 | 3346 | ||
3236 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 3347 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
3237 | { | 3348 | { |
3238 | return task_has_perm(current, p, PROCESS__SETPGID); | 3349 | return current_has_perm(p, PROCESS__SETPGID); |
3239 | } | 3350 | } |
3240 | 3351 | ||
3241 | static int selinux_task_getpgid(struct task_struct *p) | 3352 | static int selinux_task_getpgid(struct task_struct *p) |
3242 | { | 3353 | { |
3243 | return task_has_perm(current, p, PROCESS__GETPGID); | 3354 | return current_has_perm(p, PROCESS__GETPGID); |
3244 | } | 3355 | } |
3245 | 3356 | ||
3246 | static int selinux_task_getsid(struct task_struct *p) | 3357 | static int selinux_task_getsid(struct task_struct *p) |
3247 | { | 3358 | { |
3248 | return task_has_perm(current, p, PROCESS__GETSESSION); | 3359 | return current_has_perm(p, PROCESS__GETSESSION); |
3249 | } | 3360 | } |
3250 | 3361 | ||
3251 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) | 3362 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) |
3252 | { | 3363 | { |
3253 | struct task_security_struct *tsec = p->security; | 3364 | *secid = task_sid(p); |
3254 | *secid = tsec->sid; | ||
3255 | } | 3365 | } |
3256 | 3366 | ||
3257 | static int selinux_task_setgroups(struct group_info *group_info) | 3367 | static int selinux_task_setgroups(struct group_info *group_info) |
@@ -3268,7 +3378,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice) | |||
3268 | if (rc) | 3378 | if (rc) |
3269 | return rc; | 3379 | return rc; |
3270 | 3380 | ||
3271 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3381 | return current_has_perm(p, PROCESS__SETSCHED); |
3272 | } | 3382 | } |
3273 | 3383 | ||
3274 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) | 3384 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) |
@@ -3279,12 +3389,12 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio) | |||
3279 | if (rc) | 3389 | if (rc) |
3280 | return rc; | 3390 | return rc; |
3281 | 3391 | ||
3282 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3392 | return current_has_perm(p, PROCESS__SETSCHED); |
3283 | } | 3393 | } |
3284 | 3394 | ||
3285 | static int selinux_task_getioprio(struct task_struct *p) | 3395 | static int selinux_task_getioprio(struct task_struct *p) |
3286 | { | 3396 | { |
3287 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3397 | return current_has_perm(p, PROCESS__GETSCHED); |
3288 | } | 3398 | } |
3289 | 3399 | ||
3290 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 3400 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) |
@@ -3299,9 +3409,9 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim | |||
3299 | /* Control the ability to change the hard limit (whether | 3409 | /* Control the ability to change the hard limit (whether |
3300 | lowering or raising it), so that the hard limit can | 3410 | lowering or raising it), so that the hard limit can |
3301 | later be used as a safe reset point for the soft limit | 3411 | later be used as a safe reset point for the soft limit |
3302 | upon context transitions. See selinux_bprm_apply_creds. */ | 3412 | upon context transitions. See selinux_bprm_committing_creds. */ |
3303 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3413 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
3304 | return task_has_perm(current, current, PROCESS__SETRLIMIT); | 3414 | return current_has_perm(current, PROCESS__SETRLIMIT); |
3305 | 3415 | ||
3306 | return 0; | 3416 | return 0; |
3307 | } | 3417 | } |
@@ -3314,17 +3424,17 @@ static int selinux_task_setscheduler(struct task_struct *p, int policy, struct s | |||
3314 | if (rc) | 3424 | if (rc) |
3315 | return rc; | 3425 | return rc; |
3316 | 3426 | ||
3317 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3427 | return current_has_perm(p, PROCESS__SETSCHED); |
3318 | } | 3428 | } |
3319 | 3429 | ||
3320 | static int selinux_task_getscheduler(struct task_struct *p) | 3430 | static int selinux_task_getscheduler(struct task_struct *p) |
3321 | { | 3431 | { |
3322 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3432 | return current_has_perm(p, PROCESS__GETSCHED); |
3323 | } | 3433 | } |
3324 | 3434 | ||
3325 | static int selinux_task_movememory(struct task_struct *p) | 3435 | static int selinux_task_movememory(struct task_struct *p) |
3326 | { | 3436 | { |
3327 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3437 | return current_has_perm(p, PROCESS__SETSCHED); |
3328 | } | 3438 | } |
3329 | 3439 | ||
3330 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | 3440 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
@@ -3332,7 +3442,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3332 | { | 3442 | { |
3333 | u32 perm; | 3443 | u32 perm; |
3334 | int rc; | 3444 | int rc; |
3335 | struct task_security_struct *tsec; | ||
3336 | 3445 | ||
3337 | rc = secondary_ops->task_kill(p, info, sig, secid); | 3446 | rc = secondary_ops->task_kill(p, info, sig, secid); |
3338 | if (rc) | 3447 | if (rc) |
@@ -3342,11 +3451,11 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3342 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3451 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
3343 | else | 3452 | else |
3344 | perm = signal_to_av(sig); | 3453 | perm = signal_to_av(sig); |
3345 | tsec = p->security; | ||
3346 | if (secid) | 3454 | if (secid) |
3347 | rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); | 3455 | rc = avc_has_perm(secid, task_sid(p), |
3456 | SECCLASS_PROCESS, perm, NULL); | ||
3348 | else | 3457 | else |
3349 | rc = task_has_perm(current, p, perm); | 3458 | rc = current_has_perm(p, perm); |
3350 | return rc; | 3459 | return rc; |
3351 | } | 3460 | } |
3352 | 3461 | ||
@@ -3354,13 +3463,12 @@ static int selinux_task_prctl(int option, | |||
3354 | unsigned long arg2, | 3463 | unsigned long arg2, |
3355 | unsigned long arg3, | 3464 | unsigned long arg3, |
3356 | unsigned long arg4, | 3465 | unsigned long arg4, |
3357 | unsigned long arg5, | 3466 | unsigned long arg5) |
3358 | long *rc_p) | ||
3359 | { | 3467 | { |
3360 | /* The current prctl operations do not appear to require | 3468 | /* The current prctl operations do not appear to require |
3361 | any SELinux controls since they merely observe or modify | 3469 | any SELinux controls since they merely observe or modify |
3362 | the state of the current process. */ | 3470 | the state of the current process. */ |
3363 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); | 3471 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
3364 | } | 3472 | } |
3365 | 3473 | ||
3366 | static int selinux_task_wait(struct task_struct *p) | 3474 | static int selinux_task_wait(struct task_struct *p) |
@@ -3368,27 +3476,14 @@ static int selinux_task_wait(struct task_struct *p) | |||
3368 | return task_has_perm(p, current, PROCESS__SIGCHLD); | 3476 | return task_has_perm(p, current, PROCESS__SIGCHLD); |
3369 | } | 3477 | } |
3370 | 3478 | ||
3371 | static void selinux_task_reparent_to_init(struct task_struct *p) | ||
3372 | { | ||
3373 | struct task_security_struct *tsec; | ||
3374 | |||
3375 | secondary_ops->task_reparent_to_init(p); | ||
3376 | |||
3377 | tsec = p->security; | ||
3378 | tsec->osid = tsec->sid; | ||
3379 | tsec->sid = SECINITSID_KERNEL; | ||
3380 | return; | ||
3381 | } | ||
3382 | |||
3383 | static void selinux_task_to_inode(struct task_struct *p, | 3479 | static void selinux_task_to_inode(struct task_struct *p, |
3384 | struct inode *inode) | 3480 | struct inode *inode) |
3385 | { | 3481 | { |
3386 | struct task_security_struct *tsec = p->security; | ||
3387 | struct inode_security_struct *isec = inode->i_security; | 3482 | struct inode_security_struct *isec = inode->i_security; |
3483 | u32 sid = task_sid(p); | ||
3388 | 3484 | ||
3389 | isec->sid = tsec->sid; | 3485 | isec->sid = sid; |
3390 | isec->initialized = 1; | 3486 | isec->initialized = 1; |
3391 | return; | ||
3392 | } | 3487 | } |
3393 | 3488 | ||
3394 | /* Returns error only if unable to parse addresses */ | 3489 | /* Returns error only if unable to parse addresses */ |
@@ -3627,19 +3722,19 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
3627 | u32 perms) | 3722 | u32 perms) |
3628 | { | 3723 | { |
3629 | struct inode_security_struct *isec; | 3724 | struct inode_security_struct *isec; |
3630 | struct task_security_struct *tsec; | ||
3631 | struct avc_audit_data ad; | 3725 | struct avc_audit_data ad; |
3726 | u32 sid; | ||
3632 | int err = 0; | 3727 | int err = 0; |
3633 | 3728 | ||
3634 | tsec = task->security; | ||
3635 | isec = SOCK_INODE(sock)->i_security; | 3729 | isec = SOCK_INODE(sock)->i_security; |
3636 | 3730 | ||
3637 | if (isec->sid == SECINITSID_KERNEL) | 3731 | if (isec->sid == SECINITSID_KERNEL) |
3638 | goto out; | 3732 | goto out; |
3733 | sid = task_sid(task); | ||
3639 | 3734 | ||
3640 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3735 | AVC_AUDIT_DATA_INIT(&ad, NET); |
3641 | ad.u.net.sk = sock->sk; | 3736 | ad.u.net.sk = sock->sk; |
3642 | err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 3737 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
3643 | 3738 | ||
3644 | out: | 3739 | out: |
3645 | return err; | 3740 | return err; |
@@ -3648,18 +3743,20 @@ out: | |||
3648 | static int selinux_socket_create(int family, int type, | 3743 | static int selinux_socket_create(int family, int type, |
3649 | int protocol, int kern) | 3744 | int protocol, int kern) |
3650 | { | 3745 | { |
3746 | const struct cred *cred = current_cred(); | ||
3747 | const struct task_security_struct *tsec = cred->security; | ||
3748 | u32 sid, newsid; | ||
3749 | u16 secclass; | ||
3651 | int err = 0; | 3750 | int err = 0; |
3652 | struct task_security_struct *tsec; | ||
3653 | u32 newsid; | ||
3654 | 3751 | ||
3655 | if (kern) | 3752 | if (kern) |
3656 | goto out; | 3753 | goto out; |
3657 | 3754 | ||
3658 | tsec = current->security; | 3755 | sid = tsec->sid; |
3659 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3756 | newsid = tsec->sockcreate_sid ?: sid; |
3660 | err = avc_has_perm(tsec->sid, newsid, | 3757 | |
3661 | socket_type_to_security_class(family, type, | 3758 | secclass = socket_type_to_security_class(family, type, protocol); |
3662 | protocol), SOCKET__CREATE, NULL); | 3759 | err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL); |
3663 | 3760 | ||
3664 | out: | 3761 | out: |
3665 | return err; | 3762 | return err; |
@@ -3668,18 +3765,26 @@ out: | |||
3668 | static int selinux_socket_post_create(struct socket *sock, int family, | 3765 | static int selinux_socket_post_create(struct socket *sock, int family, |
3669 | int type, int protocol, int kern) | 3766 | int type, int protocol, int kern) |
3670 | { | 3767 | { |
3671 | int err = 0; | 3768 | const struct cred *cred = current_cred(); |
3769 | const struct task_security_struct *tsec = cred->security; | ||
3672 | struct inode_security_struct *isec; | 3770 | struct inode_security_struct *isec; |
3673 | struct task_security_struct *tsec; | ||
3674 | struct sk_security_struct *sksec; | 3771 | struct sk_security_struct *sksec; |
3675 | u32 newsid; | 3772 | u32 sid, newsid; |
3773 | int err = 0; | ||
3774 | |||
3775 | sid = tsec->sid; | ||
3776 | newsid = tsec->sockcreate_sid; | ||
3676 | 3777 | ||
3677 | isec = SOCK_INODE(sock)->i_security; | 3778 | isec = SOCK_INODE(sock)->i_security; |
3678 | 3779 | ||
3679 | tsec = current->security; | 3780 | if (kern) |
3680 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3781 | isec->sid = SECINITSID_KERNEL; |
3782 | else if (newsid) | ||
3783 | isec->sid = newsid; | ||
3784 | else | ||
3785 | isec->sid = sid; | ||
3786 | |||
3681 | isec->sclass = socket_type_to_security_class(family, type, protocol); | 3787 | isec->sclass = socket_type_to_security_class(family, type, protocol); |
3682 | isec->sid = kern ? SECINITSID_KERNEL : newsid; | ||
3683 | isec->initialized = 1; | 3788 | isec->initialized = 1; |
3684 | 3789 | ||
3685 | if (sock->sk) { | 3790 | if (sock->sk) { |
@@ -3714,7 +3819,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3714 | if (family == PF_INET || family == PF_INET6) { | 3819 | if (family == PF_INET || family == PF_INET6) { |
3715 | char *addrp; | 3820 | char *addrp; |
3716 | struct inode_security_struct *isec; | 3821 | struct inode_security_struct *isec; |
3717 | struct task_security_struct *tsec; | ||
3718 | struct avc_audit_data ad; | 3822 | struct avc_audit_data ad; |
3719 | struct sockaddr_in *addr4 = NULL; | 3823 | struct sockaddr_in *addr4 = NULL; |
3720 | struct sockaddr_in6 *addr6 = NULL; | 3824 | struct sockaddr_in6 *addr6 = NULL; |
@@ -3722,7 +3826,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3722 | struct sock *sk = sock->sk; | 3826 | struct sock *sk = sock->sk; |
3723 | u32 sid, node_perm; | 3827 | u32 sid, node_perm; |
3724 | 3828 | ||
3725 | tsec = current->security; | ||
3726 | isec = SOCK_INODE(sock)->i_security; | 3829 | isec = SOCK_INODE(sock)->i_security; |
3727 | 3830 | ||
3728 | if (family == PF_INET) { | 3831 | if (family == PF_INET) { |
@@ -4387,7 +4490,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
4387 | "SELinux: unrecognized netlink message" | 4490 | "SELinux: unrecognized netlink message" |
4388 | " type=%hu for sclass=%hu\n", | 4491 | " type=%hu for sclass=%hu\n", |
4389 | nlh->nlmsg_type, isec->sclass); | 4492 | nlh->nlmsg_type, isec->sclass); |
4390 | if (!selinux_enforcing) | 4493 | if (!selinux_enforcing || security_get_allow_unknown()) |
4391 | err = 0; | 4494 | err = 0; |
4392 | } | 4495 | } |
4393 | 4496 | ||
@@ -4763,15 +4866,16 @@ static int ipc_alloc_security(struct task_struct *task, | |||
4763 | struct kern_ipc_perm *perm, | 4866 | struct kern_ipc_perm *perm, |
4764 | u16 sclass) | 4867 | u16 sclass) |
4765 | { | 4868 | { |
4766 | struct task_security_struct *tsec = task->security; | ||
4767 | struct ipc_security_struct *isec; | 4869 | struct ipc_security_struct *isec; |
4870 | u32 sid; | ||
4768 | 4871 | ||
4769 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | 4872 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); |
4770 | if (!isec) | 4873 | if (!isec) |
4771 | return -ENOMEM; | 4874 | return -ENOMEM; |
4772 | 4875 | ||
4876 | sid = task_sid(task); | ||
4773 | isec->sclass = sclass; | 4877 | isec->sclass = sclass; |
4774 | isec->sid = tsec->sid; | 4878 | isec->sid = sid; |
4775 | perm->security = isec; | 4879 | perm->security = isec; |
4776 | 4880 | ||
4777 | return 0; | 4881 | return 0; |
@@ -4809,17 +4913,16 @@ static void msg_msg_free_security(struct msg_msg *msg) | |||
4809 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 4913 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
4810 | u32 perms) | 4914 | u32 perms) |
4811 | { | 4915 | { |
4812 | struct task_security_struct *tsec; | ||
4813 | struct ipc_security_struct *isec; | 4916 | struct ipc_security_struct *isec; |
4814 | struct avc_audit_data ad; | 4917 | struct avc_audit_data ad; |
4918 | u32 sid = current_sid(); | ||
4815 | 4919 | ||
4816 | tsec = current->security; | ||
4817 | isec = ipc_perms->security; | 4920 | isec = ipc_perms->security; |
4818 | 4921 | ||
4819 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4922 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4820 | ad.u.ipc_id = ipc_perms->key; | 4923 | ad.u.ipc_id = ipc_perms->key; |
4821 | 4924 | ||
4822 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 4925 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
4823 | } | 4926 | } |
4824 | 4927 | ||
4825 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | 4928 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) |
@@ -4835,22 +4938,21 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
4835 | /* message queue security operations */ | 4938 | /* message queue security operations */ |
4836 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4939 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
4837 | { | 4940 | { |
4838 | struct task_security_struct *tsec; | ||
4839 | struct ipc_security_struct *isec; | 4941 | struct ipc_security_struct *isec; |
4840 | struct avc_audit_data ad; | 4942 | struct avc_audit_data ad; |
4943 | u32 sid = current_sid(); | ||
4841 | int rc; | 4944 | int rc; |
4842 | 4945 | ||
4843 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); | 4946 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); |
4844 | if (rc) | 4947 | if (rc) |
4845 | return rc; | 4948 | return rc; |
4846 | 4949 | ||
4847 | tsec = current->security; | ||
4848 | isec = msq->q_perm.security; | 4950 | isec = msq->q_perm.security; |
4849 | 4951 | ||
4850 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4952 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4851 | ad.u.ipc_id = msq->q_perm.key; | 4953 | ad.u.ipc_id = msq->q_perm.key; |
4852 | 4954 | ||
4853 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4955 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4854 | MSGQ__CREATE, &ad); | 4956 | MSGQ__CREATE, &ad); |
4855 | if (rc) { | 4957 | if (rc) { |
4856 | ipc_free_security(&msq->q_perm); | 4958 | ipc_free_security(&msq->q_perm); |
@@ -4866,17 +4968,16 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq) | |||
4866 | 4968 | ||
4867 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4969 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
4868 | { | 4970 | { |
4869 | struct task_security_struct *tsec; | ||
4870 | struct ipc_security_struct *isec; | 4971 | struct ipc_security_struct *isec; |
4871 | struct avc_audit_data ad; | 4972 | struct avc_audit_data ad; |
4973 | u32 sid = current_sid(); | ||
4872 | 4974 | ||
4873 | tsec = current->security; | ||
4874 | isec = msq->q_perm.security; | 4975 | isec = msq->q_perm.security; |
4875 | 4976 | ||
4876 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4977 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4877 | ad.u.ipc_id = msq->q_perm.key; | 4978 | ad.u.ipc_id = msq->q_perm.key; |
4878 | 4979 | ||
4879 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4980 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4880 | MSGQ__ASSOCIATE, &ad); | 4981 | MSGQ__ASSOCIATE, &ad); |
4881 | } | 4982 | } |
4882 | 4983 | ||
@@ -4910,13 +5011,12 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
4910 | 5011 | ||
4911 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) | 5012 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) |
4912 | { | 5013 | { |
4913 | struct task_security_struct *tsec; | ||
4914 | struct ipc_security_struct *isec; | 5014 | struct ipc_security_struct *isec; |
4915 | struct msg_security_struct *msec; | 5015 | struct msg_security_struct *msec; |
4916 | struct avc_audit_data ad; | 5016 | struct avc_audit_data ad; |
5017 | u32 sid = current_sid(); | ||
4917 | int rc; | 5018 | int rc; |
4918 | 5019 | ||
4919 | tsec = current->security; | ||
4920 | isec = msq->q_perm.security; | 5020 | isec = msq->q_perm.security; |
4921 | msec = msg->security; | 5021 | msec = msg->security; |
4922 | 5022 | ||
@@ -4928,9 +5028,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4928 | * Compute new sid based on current process and | 5028 | * Compute new sid based on current process and |
4929 | * message queue this message will be stored in | 5029 | * message queue this message will be stored in |
4930 | */ | 5030 | */ |
4931 | rc = security_transition_sid(tsec->sid, | 5031 | rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, |
4932 | isec->sid, | ||
4933 | SECCLASS_MSG, | ||
4934 | &msec->sid); | 5032 | &msec->sid); |
4935 | if (rc) | 5033 | if (rc) |
4936 | return rc; | 5034 | return rc; |
@@ -4940,16 +5038,16 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4940 | ad.u.ipc_id = msq->q_perm.key; | 5038 | ad.u.ipc_id = msq->q_perm.key; |
4941 | 5039 | ||
4942 | /* Can this process write to the queue? */ | 5040 | /* Can this process write to the queue? */ |
4943 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 5041 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4944 | MSGQ__WRITE, &ad); | 5042 | MSGQ__WRITE, &ad); |
4945 | if (!rc) | 5043 | if (!rc) |
4946 | /* Can this process send the message */ | 5044 | /* Can this process send the message */ |
4947 | rc = avc_has_perm(tsec->sid, msec->sid, | 5045 | rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, |
4948 | SECCLASS_MSG, MSG__SEND, &ad); | 5046 | MSG__SEND, &ad); |
4949 | if (!rc) | 5047 | if (!rc) |
4950 | /* Can the message be put in the queue? */ | 5048 | /* Can the message be put in the queue? */ |
4951 | rc = avc_has_perm(msec->sid, isec->sid, | 5049 | rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, |
4952 | SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); | 5050 | MSGQ__ENQUEUE, &ad); |
4953 | 5051 | ||
4954 | return rc; | 5052 | return rc; |
4955 | } | 5053 | } |
@@ -4958,23 +5056,22 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4958 | struct task_struct *target, | 5056 | struct task_struct *target, |
4959 | long type, int mode) | 5057 | long type, int mode) |
4960 | { | 5058 | { |
4961 | struct task_security_struct *tsec; | ||
4962 | struct ipc_security_struct *isec; | 5059 | struct ipc_security_struct *isec; |
4963 | struct msg_security_struct *msec; | 5060 | struct msg_security_struct *msec; |
4964 | struct avc_audit_data ad; | 5061 | struct avc_audit_data ad; |
5062 | u32 sid = task_sid(target); | ||
4965 | int rc; | 5063 | int rc; |
4966 | 5064 | ||
4967 | tsec = target->security; | ||
4968 | isec = msq->q_perm.security; | 5065 | isec = msq->q_perm.security; |
4969 | msec = msg->security; | 5066 | msec = msg->security; |
4970 | 5067 | ||
4971 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5068 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4972 | ad.u.ipc_id = msq->q_perm.key; | 5069 | ad.u.ipc_id = msq->q_perm.key; |
4973 | 5070 | ||
4974 | rc = avc_has_perm(tsec->sid, isec->sid, | 5071 | rc = avc_has_perm(sid, isec->sid, |
4975 | SECCLASS_MSGQ, MSGQ__READ, &ad); | 5072 | SECCLASS_MSGQ, MSGQ__READ, &ad); |
4976 | if (!rc) | 5073 | if (!rc) |
4977 | rc = avc_has_perm(tsec->sid, msec->sid, | 5074 | rc = avc_has_perm(sid, msec->sid, |
4978 | SECCLASS_MSG, MSG__RECEIVE, &ad); | 5075 | SECCLASS_MSG, MSG__RECEIVE, &ad); |
4979 | return rc; | 5076 | return rc; |
4980 | } | 5077 | } |
@@ -4982,22 +5079,21 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4982 | /* Shared Memory security operations */ | 5079 | /* Shared Memory security operations */ |
4983 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 5080 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
4984 | { | 5081 | { |
4985 | struct task_security_struct *tsec; | ||
4986 | struct ipc_security_struct *isec; | 5082 | struct ipc_security_struct *isec; |
4987 | struct avc_audit_data ad; | 5083 | struct avc_audit_data ad; |
5084 | u32 sid = current_sid(); | ||
4988 | int rc; | 5085 | int rc; |
4989 | 5086 | ||
4990 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); | 5087 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); |
4991 | if (rc) | 5088 | if (rc) |
4992 | return rc; | 5089 | return rc; |
4993 | 5090 | ||
4994 | tsec = current->security; | ||
4995 | isec = shp->shm_perm.security; | 5091 | isec = shp->shm_perm.security; |
4996 | 5092 | ||
4997 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5093 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4998 | ad.u.ipc_id = shp->shm_perm.key; | 5094 | ad.u.ipc_id = shp->shm_perm.key; |
4999 | 5095 | ||
5000 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5096 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5001 | SHM__CREATE, &ad); | 5097 | SHM__CREATE, &ad); |
5002 | if (rc) { | 5098 | if (rc) { |
5003 | ipc_free_security(&shp->shm_perm); | 5099 | ipc_free_security(&shp->shm_perm); |
@@ -5013,17 +5109,16 @@ static void selinux_shm_free_security(struct shmid_kernel *shp) | |||
5013 | 5109 | ||
5014 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 5110 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
5015 | { | 5111 | { |
5016 | struct task_security_struct *tsec; | ||
5017 | struct ipc_security_struct *isec; | 5112 | struct ipc_security_struct *isec; |
5018 | struct avc_audit_data ad; | 5113 | struct avc_audit_data ad; |
5114 | u32 sid = current_sid(); | ||
5019 | 5115 | ||
5020 | tsec = current->security; | ||
5021 | isec = shp->shm_perm.security; | 5116 | isec = shp->shm_perm.security; |
5022 | 5117 | ||
5023 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5118 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5024 | ad.u.ipc_id = shp->shm_perm.key; | 5119 | ad.u.ipc_id = shp->shm_perm.key; |
5025 | 5120 | ||
5026 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5121 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5027 | SHM__ASSOCIATE, &ad); | 5122 | SHM__ASSOCIATE, &ad); |
5028 | } | 5123 | } |
5029 | 5124 | ||
@@ -5081,22 +5176,21 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
5081 | /* Semaphore security operations */ | 5176 | /* Semaphore security operations */ |
5082 | static int selinux_sem_alloc_security(struct sem_array *sma) | 5177 | static int selinux_sem_alloc_security(struct sem_array *sma) |
5083 | { | 5178 | { |
5084 | struct task_security_struct *tsec; | ||
5085 | struct ipc_security_struct *isec; | 5179 | struct ipc_security_struct *isec; |
5086 | struct avc_audit_data ad; | 5180 | struct avc_audit_data ad; |
5181 | u32 sid = current_sid(); | ||
5087 | int rc; | 5182 | int rc; |
5088 | 5183 | ||
5089 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); | 5184 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); |
5090 | if (rc) | 5185 | if (rc) |
5091 | return rc; | 5186 | return rc; |
5092 | 5187 | ||
5093 | tsec = current->security; | ||
5094 | isec = sma->sem_perm.security; | 5188 | isec = sma->sem_perm.security; |
5095 | 5189 | ||
5096 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5190 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5097 | ad.u.ipc_id = sma->sem_perm.key; | 5191 | ad.u.ipc_id = sma->sem_perm.key; |
5098 | 5192 | ||
5099 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5193 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5100 | SEM__CREATE, &ad); | 5194 | SEM__CREATE, &ad); |
5101 | if (rc) { | 5195 | if (rc) { |
5102 | ipc_free_security(&sma->sem_perm); | 5196 | ipc_free_security(&sma->sem_perm); |
@@ -5112,17 +5206,16 @@ static void selinux_sem_free_security(struct sem_array *sma) | |||
5112 | 5206 | ||
5113 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 5207 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
5114 | { | 5208 | { |
5115 | struct task_security_struct *tsec; | ||
5116 | struct ipc_security_struct *isec; | 5209 | struct ipc_security_struct *isec; |
5117 | struct avc_audit_data ad; | 5210 | struct avc_audit_data ad; |
5211 | u32 sid = current_sid(); | ||
5118 | 5212 | ||
5119 | tsec = current->security; | ||
5120 | isec = sma->sem_perm.security; | 5213 | isec = sma->sem_perm.security; |
5121 | 5214 | ||
5122 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5215 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5123 | ad.u.ipc_id = sma->sem_perm.key; | 5216 | ad.u.ipc_id = sma->sem_perm.key; |
5124 | 5217 | ||
5125 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5218 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5126 | SEM__ASSOCIATE, &ad); | 5219 | SEM__ASSOCIATE, &ad); |
5127 | } | 5220 | } |
5128 | 5221 | ||
@@ -5212,33 +5305,35 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) | |||
5212 | static int selinux_getprocattr(struct task_struct *p, | 5305 | static int selinux_getprocattr(struct task_struct *p, |
5213 | char *name, char **value) | 5306 | char *name, char **value) |
5214 | { | 5307 | { |
5215 | struct task_security_struct *tsec; | 5308 | const struct task_security_struct *__tsec; |
5216 | u32 sid; | 5309 | u32 sid; |
5217 | int error; | 5310 | int error; |
5218 | unsigned len; | 5311 | unsigned len; |
5219 | 5312 | ||
5220 | if (current != p) { | 5313 | if (current != p) { |
5221 | error = task_has_perm(current, p, PROCESS__GETATTR); | 5314 | error = current_has_perm(p, PROCESS__GETATTR); |
5222 | if (error) | 5315 | if (error) |
5223 | return error; | 5316 | return error; |
5224 | } | 5317 | } |
5225 | 5318 | ||
5226 | tsec = p->security; | 5319 | rcu_read_lock(); |
5320 | __tsec = __task_cred(p)->security; | ||
5227 | 5321 | ||
5228 | if (!strcmp(name, "current")) | 5322 | if (!strcmp(name, "current")) |
5229 | sid = tsec->sid; | 5323 | sid = __tsec->sid; |
5230 | else if (!strcmp(name, "prev")) | 5324 | else if (!strcmp(name, "prev")) |
5231 | sid = tsec->osid; | 5325 | sid = __tsec->osid; |
5232 | else if (!strcmp(name, "exec")) | 5326 | else if (!strcmp(name, "exec")) |
5233 | sid = tsec->exec_sid; | 5327 | sid = __tsec->exec_sid; |
5234 | else if (!strcmp(name, "fscreate")) | 5328 | else if (!strcmp(name, "fscreate")) |
5235 | sid = tsec->create_sid; | 5329 | sid = __tsec->create_sid; |
5236 | else if (!strcmp(name, "keycreate")) | 5330 | else if (!strcmp(name, "keycreate")) |
5237 | sid = tsec->keycreate_sid; | 5331 | sid = __tsec->keycreate_sid; |
5238 | else if (!strcmp(name, "sockcreate")) | 5332 | else if (!strcmp(name, "sockcreate")) |
5239 | sid = tsec->sockcreate_sid; | 5333 | sid = __tsec->sockcreate_sid; |
5240 | else | 5334 | else |
5241 | return -EINVAL; | 5335 | goto invalid; |
5336 | rcu_read_unlock(); | ||
5242 | 5337 | ||
5243 | if (!sid) | 5338 | if (!sid) |
5244 | return 0; | 5339 | return 0; |
@@ -5247,6 +5342,10 @@ static int selinux_getprocattr(struct task_struct *p, | |||
5247 | if (error) | 5342 | if (error) |
5248 | return error; | 5343 | return error; |
5249 | return len; | 5344 | return len; |
5345 | |||
5346 | invalid: | ||
5347 | rcu_read_unlock(); | ||
5348 | return -EINVAL; | ||
5250 | } | 5349 | } |
5251 | 5350 | ||
5252 | static int selinux_setprocattr(struct task_struct *p, | 5351 | static int selinux_setprocattr(struct task_struct *p, |
@@ -5254,7 +5353,8 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5254 | { | 5353 | { |
5255 | struct task_security_struct *tsec; | 5354 | struct task_security_struct *tsec; |
5256 | struct task_struct *tracer; | 5355 | struct task_struct *tracer; |
5257 | u32 sid = 0; | 5356 | struct cred *new; |
5357 | u32 sid = 0, ptsid; | ||
5258 | int error; | 5358 | int error; |
5259 | char *str = value; | 5359 | char *str = value; |
5260 | 5360 | ||
@@ -5270,15 +5370,15 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5270 | * above restriction is ever removed. | 5370 | * above restriction is ever removed. |
5271 | */ | 5371 | */ |
5272 | if (!strcmp(name, "exec")) | 5372 | if (!strcmp(name, "exec")) |
5273 | error = task_has_perm(current, p, PROCESS__SETEXEC); | 5373 | error = current_has_perm(p, PROCESS__SETEXEC); |
5274 | else if (!strcmp(name, "fscreate")) | 5374 | else if (!strcmp(name, "fscreate")) |
5275 | error = task_has_perm(current, p, PROCESS__SETFSCREATE); | 5375 | error = current_has_perm(p, PROCESS__SETFSCREATE); |
5276 | else if (!strcmp(name, "keycreate")) | 5376 | else if (!strcmp(name, "keycreate")) |
5277 | error = task_has_perm(current, p, PROCESS__SETKEYCREATE); | 5377 | error = current_has_perm(p, PROCESS__SETKEYCREATE); |
5278 | else if (!strcmp(name, "sockcreate")) | 5378 | else if (!strcmp(name, "sockcreate")) |
5279 | error = task_has_perm(current, p, PROCESS__SETSOCKCREATE); | 5379 | error = current_has_perm(p, PROCESS__SETSOCKCREATE); |
5280 | else if (!strcmp(name, "current")) | 5380 | else if (!strcmp(name, "current")) |
5281 | error = task_has_perm(current, p, PROCESS__SETCURRENT); | 5381 | error = current_has_perm(p, PROCESS__SETCURRENT); |
5282 | else | 5382 | else |
5283 | error = -EINVAL; | 5383 | error = -EINVAL; |
5284 | if (error) | 5384 | if (error) |
@@ -5301,87 +5401,75 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5301 | return error; | 5401 | return error; |
5302 | } | 5402 | } |
5303 | 5403 | ||
5404 | new = prepare_creds(); | ||
5405 | if (!new) | ||
5406 | return -ENOMEM; | ||
5407 | |||
5304 | /* Permission checking based on the specified context is | 5408 | /* Permission checking based on the specified context is |
5305 | performed during the actual operation (execve, | 5409 | performed during the actual operation (execve, |
5306 | open/mkdir/...), when we know the full context of the | 5410 | open/mkdir/...), when we know the full context of the |
5307 | operation. See selinux_bprm_set_security for the execve | 5411 | operation. See selinux_bprm_set_creds for the execve |
5308 | checks and may_create for the file creation checks. The | 5412 | checks and may_create for the file creation checks. The |
5309 | operation will then fail if the context is not permitted. */ | 5413 | operation will then fail if the context is not permitted. */ |
5310 | tsec = p->security; | 5414 | tsec = new->security; |
5311 | if (!strcmp(name, "exec")) | 5415 | if (!strcmp(name, "exec")) { |
5312 | tsec->exec_sid = sid; | 5416 | tsec->exec_sid = sid; |
5313 | else if (!strcmp(name, "fscreate")) | 5417 | } else if (!strcmp(name, "fscreate")) { |
5314 | tsec->create_sid = sid; | 5418 | tsec->create_sid = sid; |
5315 | else if (!strcmp(name, "keycreate")) { | 5419 | } else if (!strcmp(name, "keycreate")) { |
5316 | error = may_create_key(sid, p); | 5420 | error = may_create_key(sid, p); |
5317 | if (error) | 5421 | if (error) |
5318 | return error; | 5422 | goto abort_change; |
5319 | tsec->keycreate_sid = sid; | 5423 | tsec->keycreate_sid = sid; |
5320 | } else if (!strcmp(name, "sockcreate")) | 5424 | } else if (!strcmp(name, "sockcreate")) { |
5321 | tsec->sockcreate_sid = sid; | 5425 | tsec->sockcreate_sid = sid; |
5322 | else if (!strcmp(name, "current")) { | 5426 | } else if (!strcmp(name, "current")) { |
5323 | struct av_decision avd; | 5427 | error = -EINVAL; |
5324 | |||
5325 | if (sid == 0) | 5428 | if (sid == 0) |
5326 | return -EINVAL; | 5429 | goto abort_change; |
5327 | /* | 5430 | |
5328 | * SELinux allows to change context in the following case only. | 5431 | /* Only allow single threaded processes to change context */ |
5329 | * - Single threaded processes. | 5432 | error = -EPERM; |
5330 | * - Multi threaded processes intend to change its context into | 5433 | if (!is_single_threaded(p)) { |
5331 | * more restricted domain (defined by TYPEBOUNDS statement). | 5434 | error = security_bounded_transition(tsec->sid, sid); |
5332 | */ | 5435 | if (error) |
5333 | if (atomic_read(&p->mm->mm_users) != 1) { | 5436 | goto abort_change; |
5334 | struct task_struct *g, *t; | ||
5335 | struct mm_struct *mm = p->mm; | ||
5336 | read_lock(&tasklist_lock); | ||
5337 | do_each_thread(g, t) { | ||
5338 | if (t->mm == mm && t != p) { | ||
5339 | read_unlock(&tasklist_lock); | ||
5340 | error = security_bounded_transition(tsec->sid, sid); | ||
5341 | if (!error) | ||
5342 | goto boundary_ok; | ||
5343 | |||
5344 | return error; | ||
5345 | } | ||
5346 | } while_each_thread(g, t); | ||
5347 | read_unlock(&tasklist_lock); | ||
5348 | } | 5437 | } |
5349 | boundary_ok: | ||
5350 | 5438 | ||
5351 | /* Check permissions for the transition. */ | 5439 | /* Check permissions for the transition. */ |
5352 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | 5440 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, |
5353 | PROCESS__DYNTRANSITION, NULL); | 5441 | PROCESS__DYNTRANSITION, NULL); |
5354 | if (error) | 5442 | if (error) |
5355 | return error; | 5443 | goto abort_change; |
5356 | 5444 | ||
5357 | /* Check for ptracing, and update the task SID if ok. | 5445 | /* Check for ptracing, and update the task SID if ok. |
5358 | Otherwise, leave SID unchanged and fail. */ | 5446 | Otherwise, leave SID unchanged and fail. */ |
5447 | ptsid = 0; | ||
5359 | task_lock(p); | 5448 | task_lock(p); |
5360 | rcu_read_lock(); | ||
5361 | tracer = tracehook_tracer_task(p); | 5449 | tracer = tracehook_tracer_task(p); |
5362 | if (tracer != NULL) { | 5450 | if (tracer) |
5363 | struct task_security_struct *ptsec = tracer->security; | 5451 | ptsid = task_sid(tracer); |
5364 | u32 ptsid = ptsec->sid; | 5452 | task_unlock(p); |
5365 | rcu_read_unlock(); | 5453 | |
5366 | error = avc_has_perm_noaudit(ptsid, sid, | 5454 | if (tracer) { |
5367 | SECCLASS_PROCESS, | 5455 | error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, |
5368 | PROCESS__PTRACE, 0, &avd); | 5456 | PROCESS__PTRACE, NULL); |
5369 | if (!error) | ||
5370 | tsec->sid = sid; | ||
5371 | task_unlock(p); | ||
5372 | avc_audit(ptsid, sid, SECCLASS_PROCESS, | ||
5373 | PROCESS__PTRACE, &avd, error, NULL); | ||
5374 | if (error) | 5457 | if (error) |
5375 | return error; | 5458 | goto abort_change; |
5376 | } else { | ||
5377 | rcu_read_unlock(); | ||
5378 | tsec->sid = sid; | ||
5379 | task_unlock(p); | ||
5380 | } | 5459 | } |
5381 | } else | ||
5382 | return -EINVAL; | ||
5383 | 5460 | ||
5461 | tsec->sid = sid; | ||
5462 | } else { | ||
5463 | error = -EINVAL; | ||
5464 | goto abort_change; | ||
5465 | } | ||
5466 | |||
5467 | commit_creds(new); | ||
5384 | return size; | 5468 | return size; |
5469 | |||
5470 | abort_change: | ||
5471 | abort_creds(new); | ||
5472 | return error; | ||
5385 | } | 5473 | } |
5386 | 5474 | ||
5387 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 5475 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
@@ -5401,22 +5489,23 @@ static void selinux_release_secctx(char *secdata, u32 seclen) | |||
5401 | 5489 | ||
5402 | #ifdef CONFIG_KEYS | 5490 | #ifdef CONFIG_KEYS |
5403 | 5491 | ||
5404 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, | 5492 | static int selinux_key_alloc(struct key *k, const struct cred *cred, |
5405 | unsigned long flags) | 5493 | unsigned long flags) |
5406 | { | 5494 | { |
5407 | struct task_security_struct *tsec = tsk->security; | 5495 | const struct task_security_struct *tsec; |
5408 | struct key_security_struct *ksec; | 5496 | struct key_security_struct *ksec; |
5409 | 5497 | ||
5410 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); | 5498 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); |
5411 | if (!ksec) | 5499 | if (!ksec) |
5412 | return -ENOMEM; | 5500 | return -ENOMEM; |
5413 | 5501 | ||
5502 | tsec = cred->security; | ||
5414 | if (tsec->keycreate_sid) | 5503 | if (tsec->keycreate_sid) |
5415 | ksec->sid = tsec->keycreate_sid; | 5504 | ksec->sid = tsec->keycreate_sid; |
5416 | else | 5505 | else |
5417 | ksec->sid = tsec->sid; | 5506 | ksec->sid = tsec->sid; |
5418 | k->security = ksec; | ||
5419 | 5507 | ||
5508 | k->security = ksec; | ||
5420 | return 0; | 5509 | return 0; |
5421 | } | 5510 | } |
5422 | 5511 | ||
@@ -5429,17 +5518,12 @@ static void selinux_key_free(struct key *k) | |||
5429 | } | 5518 | } |
5430 | 5519 | ||
5431 | static int selinux_key_permission(key_ref_t key_ref, | 5520 | static int selinux_key_permission(key_ref_t key_ref, |
5432 | struct task_struct *ctx, | 5521 | const struct cred *cred, |
5433 | key_perm_t perm) | 5522 | key_perm_t perm) |
5434 | { | 5523 | { |
5435 | struct key *key; | 5524 | struct key *key; |
5436 | struct task_security_struct *tsec; | ||
5437 | struct key_security_struct *ksec; | 5525 | struct key_security_struct *ksec; |
5438 | 5526 | u32 sid; | |
5439 | key = key_ref_to_ptr(key_ref); | ||
5440 | |||
5441 | tsec = ctx->security; | ||
5442 | ksec = key->security; | ||
5443 | 5527 | ||
5444 | /* if no specific permissions are requested, we skip the | 5528 | /* if no specific permissions are requested, we skip the |
5445 | permission check. No serious, additional covert channels | 5529 | permission check. No serious, additional covert channels |
@@ -5447,8 +5531,12 @@ static int selinux_key_permission(key_ref_t key_ref, | |||
5447 | if (perm == 0) | 5531 | if (perm == 0) |
5448 | return 0; | 5532 | return 0; |
5449 | 5533 | ||
5450 | return avc_has_perm(tsec->sid, ksec->sid, | 5534 | sid = cred_sid(cred); |
5451 | SECCLASS_KEY, perm, NULL); | 5535 | |
5536 | key = key_ref_to_ptr(key_ref); | ||
5537 | ksec = key->security; | ||
5538 | |||
5539 | return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); | ||
5452 | } | 5540 | } |
5453 | 5541 | ||
5454 | static int selinux_key_getsecurity(struct key *key, char **_buffer) | 5542 | static int selinux_key_getsecurity(struct key *key, char **_buffer) |
@@ -5473,8 +5561,7 @@ static struct security_operations selinux_ops = { | |||
5473 | .ptrace_may_access = selinux_ptrace_may_access, | 5561 | .ptrace_may_access = selinux_ptrace_may_access, |
5474 | .ptrace_traceme = selinux_ptrace_traceme, | 5562 | .ptrace_traceme = selinux_ptrace_traceme, |
5475 | .capget = selinux_capget, | 5563 | .capget = selinux_capget, |
5476 | .capset_check = selinux_capset_check, | 5564 | .capset = selinux_capset, |
5477 | .capset_set = selinux_capset_set, | ||
5478 | .sysctl = selinux_sysctl, | 5565 | .sysctl = selinux_sysctl, |
5479 | .capable = selinux_capable, | 5566 | .capable = selinux_capable, |
5480 | .quotactl = selinux_quotactl, | 5567 | .quotactl = selinux_quotactl, |
@@ -5485,12 +5572,10 @@ static struct security_operations selinux_ops = { | |||
5485 | .netlink_send = selinux_netlink_send, | 5572 | .netlink_send = selinux_netlink_send, |
5486 | .netlink_recv = selinux_netlink_recv, | 5573 | .netlink_recv = selinux_netlink_recv, |
5487 | 5574 | ||
5488 | .bprm_alloc_security = selinux_bprm_alloc_security, | 5575 | .bprm_set_creds = selinux_bprm_set_creds, |
5489 | .bprm_free_security = selinux_bprm_free_security, | ||
5490 | .bprm_apply_creds = selinux_bprm_apply_creds, | ||
5491 | .bprm_post_apply_creds = selinux_bprm_post_apply_creds, | ||
5492 | .bprm_set_security = selinux_bprm_set_security, | ||
5493 | .bprm_check_security = selinux_bprm_check_security, | 5576 | .bprm_check_security = selinux_bprm_check_security, |
5577 | .bprm_committing_creds = selinux_bprm_committing_creds, | ||
5578 | .bprm_committed_creds = selinux_bprm_committed_creds, | ||
5494 | .bprm_secureexec = selinux_bprm_secureexec, | 5579 | .bprm_secureexec = selinux_bprm_secureexec, |
5495 | 5580 | ||
5496 | .sb_alloc_security = selinux_sb_alloc_security, | 5581 | .sb_alloc_security = selinux_sb_alloc_security, |
@@ -5549,10 +5634,13 @@ static struct security_operations selinux_ops = { | |||
5549 | .dentry_open = selinux_dentry_open, | 5634 | .dentry_open = selinux_dentry_open, |
5550 | 5635 | ||
5551 | .task_create = selinux_task_create, | 5636 | .task_create = selinux_task_create, |
5552 | .task_alloc_security = selinux_task_alloc_security, | 5637 | .cred_free = selinux_cred_free, |
5553 | .task_free_security = selinux_task_free_security, | 5638 | .cred_prepare = selinux_cred_prepare, |
5639 | .cred_commit = selinux_cred_commit, | ||
5640 | .kernel_act_as = selinux_kernel_act_as, | ||
5641 | .kernel_create_files_as = selinux_kernel_create_files_as, | ||
5554 | .task_setuid = selinux_task_setuid, | 5642 | .task_setuid = selinux_task_setuid, |
5555 | .task_post_setuid = selinux_task_post_setuid, | 5643 | .task_fix_setuid = selinux_task_fix_setuid, |
5556 | .task_setgid = selinux_task_setgid, | 5644 | .task_setgid = selinux_task_setgid, |
5557 | .task_setpgid = selinux_task_setpgid, | 5645 | .task_setpgid = selinux_task_setpgid, |
5558 | .task_getpgid = selinux_task_getpgid, | 5646 | .task_getpgid = selinux_task_getpgid, |
@@ -5569,7 +5657,6 @@ static struct security_operations selinux_ops = { | |||
5569 | .task_kill = selinux_task_kill, | 5657 | .task_kill = selinux_task_kill, |
5570 | .task_wait = selinux_task_wait, | 5658 | .task_wait = selinux_task_wait, |
5571 | .task_prctl = selinux_task_prctl, | 5659 | .task_prctl = selinux_task_prctl, |
5572 | .task_reparent_to_init = selinux_task_reparent_to_init, | ||
5573 | .task_to_inode = selinux_task_to_inode, | 5660 | .task_to_inode = selinux_task_to_inode, |
5574 | 5661 | ||
5575 | .ipc_permission = selinux_ipc_permission, | 5662 | .ipc_permission = selinux_ipc_permission, |
@@ -5665,8 +5752,6 @@ static struct security_operations selinux_ops = { | |||
5665 | 5752 | ||
5666 | static __init int selinux_init(void) | 5753 | static __init int selinux_init(void) |
5667 | { | 5754 | { |
5668 | struct task_security_struct *tsec; | ||
5669 | |||
5670 | if (!security_module_enable(&selinux_ops)) { | 5755 | if (!security_module_enable(&selinux_ops)) { |
5671 | selinux_enabled = 0; | 5756 | selinux_enabled = 0; |
5672 | return 0; | 5757 | return 0; |
@@ -5680,10 +5765,7 @@ static __init int selinux_init(void) | |||
5680 | printk(KERN_INFO "SELinux: Initializing.\n"); | 5765 | printk(KERN_INFO "SELinux: Initializing.\n"); |
5681 | 5766 | ||
5682 | /* Set the security state for the initial task. */ | 5767 | /* Set the security state for the initial task. */ |
5683 | if (task_alloc_security(current)) | 5768 | cred_init_security(); |
5684 | panic("SELinux: Failed to initialize initial task.\n"); | ||
5685 | tsec = current->security; | ||
5686 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | ||
5687 | 5769 | ||
5688 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | 5770 | sel_inode_cache = kmem_cache_create("selinux_inode_security", |
5689 | sizeof(struct inode_security_struct), | 5771 | sizeof(struct inode_security_struct), |
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 1223b4ff9bee..c0c885427b91 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -176,3 +176,5 @@ | |||
176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | 176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") |
177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | 177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") |
178 | S_(SECCLASS_PEER, PEER__RECV, "recv") | 178 | S_(SECCLASS_PEER, PEER__RECV, "recv") |
179 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override") | ||
180 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index c4c51165c505..0ba79fe00e11 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -841,3 +841,5 @@ | |||
841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL | 841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL |
842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL | 842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL |
843 | #define PEER__RECV 0x00000001UL | 843 | #define PEER__RECV 0x00000001UL |
844 | #define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL | ||
845 | #define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index bd813c366e34..21ec786611d4 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -72,3 +72,8 @@ | |||
72 | S_(NULL) | 72 | S_(NULL) |
73 | S_("peer") | 73 | S_("peer") |
74 | S_("capability2") | 74 | S_("capability2") |
75 | S_(NULL) | ||
76 | S_(NULL) | ||
77 | S_(NULL) | ||
78 | S_(NULL) | ||
79 | S_("kernel_service") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index febf8868e852..882f27d66fac 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -52,6 +52,7 @@ | |||
52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 68 |
54 | #define SECCLASS_CAPABILITY2 69 | 54 | #define SECCLASS_CAPABILITY2 69 |
55 | #define SECCLASS_KERNEL_SERVICE 74 | ||
55 | 56 | ||
56 | /* | 57 | /* |
57 | * Security identifier indices for initial entities | 58 | * Security identifier indices for initial entities |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index f8be8d7fa26d..3cc45168f674 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -77,17 +77,6 @@ struct ipc_security_struct { | |||
77 | u32 sid; /* SID of IPC resource */ | 77 | u32 sid; /* SID of IPC resource */ |
78 | }; | 78 | }; |
79 | 79 | ||
80 | struct bprm_security_struct { | ||
81 | u32 sid; /* SID for transformed process */ | ||
82 | unsigned char set; | ||
83 | |||
84 | /* | ||
85 | * unsafe is used to share failure information from bprm_apply_creds() | ||
86 | * to bprm_post_apply_creds(). | ||
87 | */ | ||
88 | char unsafe; | ||
89 | }; | ||
90 | |||
91 | struct netif_security_struct { | 80 | struct netif_security_struct { |
92 | int ifindex; /* device index */ | 81 | int ifindex; /* device index */ |
93 | u32 sid; /* SID for this interface */ | 82 | u32 sid; /* SID for this interface */ |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index ff59c0c4804b..4ed7bab89c59 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] = | |||
63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
66 | { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
67 | { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
68 | { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | ||
66 | }; | 69 | }; |
67 | 70 | ||
68 | static struct nlmsg_perm nlmsg_firewall_perms[] = | 71 | static struct nlmsg_perm nlmsg_firewall_perms[] = |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 69c9dccc8cf0..c86303638235 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val); | |||
95 | static int task_has_security(struct task_struct *tsk, | 95 | static int task_has_security(struct task_struct *tsk, |
96 | u32 perms) | 96 | u32 perms) |
97 | { | 97 | { |
98 | struct task_security_struct *tsec; | 98 | const struct task_security_struct *tsec; |
99 | 99 | u32 sid = 0; | |
100 | tsec = tsk->security; | 100 | |
101 | rcu_read_lock(); | ||
102 | tsec = __task_cred(tsk)->security; | ||
103 | if (tsec) | ||
104 | sid = tsec->sid; | ||
105 | rcu_read_unlock(); | ||
101 | if (!tsec) | 106 | if (!tsec) |
102 | return -EACCES; | 107 | return -EACCES; |
103 | 108 | ||
104 | return avc_has_perm(tsec->sid, SECINITSID_SECURITY, | 109 | return avc_has_perm(sid, SECINITSID_SECURITY, |
105 | SECCLASS_SECURITY, perms, NULL); | 110 | SECCLASS_SECURITY, perms, NULL); |
106 | } | 111 | } |
107 | 112 | ||
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 8f17f542a116..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
198 | { | 198 | { |
199 | int rc = 0; | 199 | int rc = 0; |
200 | struct task_security_struct *tsec = current->security; | 200 | const struct task_security_struct *tsec = current_security(); |
201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
203 | u32 str_len; | 203 | u32 str_len; |
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
333 | */ | 333 | */ |
334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
335 | { | 335 | { |
336 | struct task_security_struct *tsec = current->security; | 336 | const struct task_security_struct *tsec = current_security(); |
337 | int rc = 0; | 337 | int rc = 0; |
338 | 338 | ||
339 | if (ctx) { | 339 | if (ctx) { |
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
378 | */ | 378 | */ |
379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
380 | { | 380 | { |
381 | struct task_security_struct *tsec = current->security; | 381 | const struct task_security_struct *tsec = current_security(); |
382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
383 | int rc = 0; | 383 | int rc = 0; |
384 | 384 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 79ff21ed4c3b..247cec3b5a43 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
164 | { | 164 | { |
165 | int rc; | 165 | int rc; |
166 | 166 | ||
167 | rc = smk_access(current->security, obj_label, mode); | 167 | rc = smk_access(current_security(), obj_label, mode); |
168 | if (rc == 0) | 168 | if (rc == 0) |
169 | return 0; | 169 | return 0; |
170 | 170 | ||
@@ -173,7 +173,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
173 | * only one that gets privilege and current does not | 173 | * only one that gets privilege and current does not |
174 | * have that label. | 174 | * have that label. |
175 | */ | 175 | */ |
176 | if (smack_onlycap != NULL && smack_onlycap != current->security) | 176 | if (smack_onlycap != NULL && smack_onlycap != current->cred->security) |
177 | return rc; | 177 | return rc; |
178 | 178 | ||
179 | if (capable(CAP_MAC_OVERRIDE)) | 179 | if (capable(CAP_MAC_OVERRIDE)) |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6e2dc0bab70d..8ad48161cef5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -30,6 +30,8 @@ | |||
30 | 30 | ||
31 | #include "smack.h" | 31 | #include "smack.h" |
32 | 32 | ||
33 | #define task_security(task) (task_cred_xxx((task), security)) | ||
34 | |||
33 | /* | 35 | /* |
34 | * I hope these are the hokeyist lines of code in the module. Casey. | 36 | * I hope these are the hokeyist lines of code in the module. Casey. |
35 | */ | 37 | */ |
@@ -102,7 +104,7 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) | |||
102 | if (rc != 0) | 104 | if (rc != 0) |
103 | return rc; | 105 | return rc; |
104 | 106 | ||
105 | rc = smk_access(current->security, ctp->security, MAY_READWRITE); | 107 | rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE); |
106 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) | 108 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) |
107 | return 0; | 109 | return 0; |
108 | return rc; | 110 | return rc; |
@@ -124,7 +126,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
124 | if (rc != 0) | 126 | if (rc != 0) |
125 | return rc; | 127 | return rc; |
126 | 128 | ||
127 | rc = smk_access(ptp->security, current->security, MAY_READWRITE); | 129 | rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE); |
128 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) | 130 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) |
129 | return 0; | 131 | return 0; |
130 | return rc; | 132 | return rc; |
@@ -141,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
141 | static int smack_syslog(int type) | 143 | static int smack_syslog(int type) |
142 | { | 144 | { |
143 | int rc; | 145 | int rc; |
144 | char *sp = current->security; | 146 | char *sp = current_security(); |
145 | 147 | ||
146 | rc = cap_syslog(type); | 148 | rc = cap_syslog(type); |
147 | if (rc != 0) | 149 | if (rc != 0) |
@@ -373,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
373 | */ | 375 | */ |
374 | static int smack_inode_alloc_security(struct inode *inode) | 376 | static int smack_inode_alloc_security(struct inode *inode) |
375 | { | 377 | { |
376 | inode->i_security = new_inode_smack(current->security); | 378 | inode->i_security = new_inode_smack(current_security()); |
377 | if (inode->i_security == NULL) | 379 | if (inode->i_security == NULL) |
378 | return -ENOMEM; | 380 | return -ENOMEM; |
379 | return 0; | 381 | return 0; |
@@ -818,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask) | |||
818 | */ | 820 | */ |
819 | static int smack_file_alloc_security(struct file *file) | 821 | static int smack_file_alloc_security(struct file *file) |
820 | { | 822 | { |
821 | file->f_security = current->security; | 823 | file->f_security = current_security(); |
822 | return 0; | 824 | return 0; |
823 | } | 825 | } |
824 | 826 | ||
@@ -916,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
916 | */ | 918 | */ |
917 | static int smack_file_set_fowner(struct file *file) | 919 | static int smack_file_set_fowner(struct file *file) |
918 | { | 920 | { |
919 | file->f_security = current->security; | 921 | file->f_security = current_security(); |
920 | return 0; | 922 | return 0; |
921 | } | 923 | } |
922 | 924 | ||
@@ -941,7 +943,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
941 | * struct fown_struct is never outside the context of a struct file | 943 | * struct fown_struct is never outside the context of a struct file |
942 | */ | 944 | */ |
943 | file = container_of(fown, struct file, f_owner); | 945 | file = container_of(fown, struct file, f_owner); |
944 | rc = smk_access(file->f_security, tsk->security, MAY_WRITE); | 946 | rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE); |
945 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) | 947 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) |
946 | return 0; | 948 | return 0; |
947 | return rc; | 949 | return rc; |
@@ -973,33 +975,75 @@ static int smack_file_receive(struct file *file) | |||
973 | */ | 975 | */ |
974 | 976 | ||
975 | /** | 977 | /** |
976 | * smack_task_alloc_security - "allocate" a task blob | 978 | * smack_cred_free - "free" task-level security credentials |
977 | * @tsk: the task in need of a blob | 979 | * @cred: the credentials in question |
978 | * | 980 | * |
979 | * Smack isn't using copies of blobs. Everyone | 981 | * Smack isn't using copies of blobs. Everyone |
980 | * points to an immutable list. No alloc required. | 982 | * points to an immutable list. The blobs never go away. |
981 | * No data copy required. | 983 | * There is no leak here. |
984 | */ | ||
985 | static void smack_cred_free(struct cred *cred) | ||
986 | { | ||
987 | cred->security = NULL; | ||
988 | } | ||
989 | |||
990 | /** | ||
991 | * smack_cred_prepare - prepare new set of credentials for modification | ||
992 | * @new: the new credentials | ||
993 | * @old: the original credentials | ||
994 | * @gfp: the atomicity of any memory allocations | ||
995 | * | ||
996 | * Prepare a new set of credentials for modification. | ||
997 | */ | ||
998 | static int smack_cred_prepare(struct cred *new, const struct cred *old, | ||
999 | gfp_t gfp) | ||
1000 | { | ||
1001 | new->security = old->security; | ||
1002 | return 0; | ||
1003 | } | ||
1004 | |||
1005 | /* | ||
1006 | * commit new credentials | ||
1007 | * @new: the new credentials | ||
1008 | * @old: the original credentials | ||
1009 | */ | ||
1010 | static void smack_cred_commit(struct cred *new, const struct cred *old) | ||
1011 | { | ||
1012 | } | ||
1013 | |||
1014 | /** | ||
1015 | * smack_kernel_act_as - Set the subjective context in a set of credentials | ||
1016 | * @new points to the set of credentials to be modified. | ||
1017 | * @secid specifies the security ID to be set | ||
982 | * | 1018 | * |
983 | * Always returns 0 | 1019 | * Set the security data for a kernel service. |
984 | */ | 1020 | */ |
985 | static int smack_task_alloc_security(struct task_struct *tsk) | 1021 | static int smack_kernel_act_as(struct cred *new, u32 secid) |
986 | { | 1022 | { |
987 | tsk->security = current->security; | 1023 | char *smack = smack_from_secid(secid); |
1024 | |||
1025 | if (smack == NULL) | ||
1026 | return -EINVAL; | ||
988 | 1027 | ||
1028 | new->security = smack; | ||
989 | return 0; | 1029 | return 0; |
990 | } | 1030 | } |
991 | 1031 | ||
992 | /** | 1032 | /** |
993 | * smack_task_free_security - "free" a task blob | 1033 | * smack_kernel_create_files_as - Set the file creation label in a set of creds |
994 | * @task: the task with the blob | 1034 | * @new points to the set of credentials to be modified |
1035 | * @inode points to the inode to use as a reference | ||
995 | * | 1036 | * |
996 | * Smack isn't using copies of blobs. Everyone | 1037 | * Set the file creation context in a set of credentials to the same |
997 | * points to an immutable list. The blobs never go away. | 1038 | * as the objective context of the specified inode |
998 | * There is no leak here. | ||
999 | */ | 1039 | */ |
1000 | static void smack_task_free_security(struct task_struct *task) | 1040 | static int smack_kernel_create_files_as(struct cred *new, |
1041 | struct inode *inode) | ||
1001 | { | 1042 | { |
1002 | task->security = NULL; | 1043 | struct inode_smack *isp = inode->i_security; |
1044 | |||
1045 | new->security = isp->smk_inode; | ||
1046 | return 0; | ||
1003 | } | 1047 | } |
1004 | 1048 | ||
1005 | /** | 1049 | /** |
@@ -1011,7 +1055,7 @@ static void smack_task_free_security(struct task_struct *task) | |||
1011 | */ | 1055 | */ |
1012 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | 1056 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) |
1013 | { | 1057 | { |
1014 | return smk_curacc(p->security, MAY_WRITE); | 1058 | return smk_curacc(task_security(p), MAY_WRITE); |
1015 | } | 1059 | } |
1016 | 1060 | ||
1017 | /** | 1061 | /** |
@@ -1022,7 +1066,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | |||
1022 | */ | 1066 | */ |
1023 | static int smack_task_getpgid(struct task_struct *p) | 1067 | static int smack_task_getpgid(struct task_struct *p) |
1024 | { | 1068 | { |
1025 | return smk_curacc(p->security, MAY_READ); | 1069 | return smk_curacc(task_security(p), MAY_READ); |
1026 | } | 1070 | } |
1027 | 1071 | ||
1028 | /** | 1072 | /** |
@@ -1033,7 +1077,7 @@ static int smack_task_getpgid(struct task_struct *p) | |||
1033 | */ | 1077 | */ |
1034 | static int smack_task_getsid(struct task_struct *p) | 1078 | static int smack_task_getsid(struct task_struct *p) |
1035 | { | 1079 | { |
1036 | return smk_curacc(p->security, MAY_READ); | 1080 | return smk_curacc(task_security(p), MAY_READ); |
1037 | } | 1081 | } |
1038 | 1082 | ||
1039 | /** | 1083 | /** |
@@ -1045,7 +1089,7 @@ static int smack_task_getsid(struct task_struct *p) | |||
1045 | */ | 1089 | */ |
1046 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) | 1090 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) |
1047 | { | 1091 | { |
1048 | *secid = smack_to_secid(p->security); | 1092 | *secid = smack_to_secid(task_security(p)); |
1049 | } | 1093 | } |
1050 | 1094 | ||
1051 | /** | 1095 | /** |
@@ -1061,7 +1105,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) | |||
1061 | 1105 | ||
1062 | rc = cap_task_setnice(p, nice); | 1106 | rc = cap_task_setnice(p, nice); |
1063 | if (rc == 0) | 1107 | if (rc == 0) |
1064 | rc = smk_curacc(p->security, MAY_WRITE); | 1108 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1065 | return rc; | 1109 | return rc; |
1066 | } | 1110 | } |
1067 | 1111 | ||
@@ -1078,7 +1122,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1078 | 1122 | ||
1079 | rc = cap_task_setioprio(p, ioprio); | 1123 | rc = cap_task_setioprio(p, ioprio); |
1080 | if (rc == 0) | 1124 | if (rc == 0) |
1081 | rc = smk_curacc(p->security, MAY_WRITE); | 1125 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1082 | return rc; | 1126 | return rc; |
1083 | } | 1127 | } |
1084 | 1128 | ||
@@ -1090,7 +1134,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1090 | */ | 1134 | */ |
1091 | static int smack_task_getioprio(struct task_struct *p) | 1135 | static int smack_task_getioprio(struct task_struct *p) |
1092 | { | 1136 | { |
1093 | return smk_curacc(p->security, MAY_READ); | 1137 | return smk_curacc(task_security(p), MAY_READ); |
1094 | } | 1138 | } |
1095 | 1139 | ||
1096 | /** | 1140 | /** |
@@ -1108,7 +1152,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1108 | 1152 | ||
1109 | rc = cap_task_setscheduler(p, policy, lp); | 1153 | rc = cap_task_setscheduler(p, policy, lp); |
1110 | if (rc == 0) | 1154 | if (rc == 0) |
1111 | rc = smk_curacc(p->security, MAY_WRITE); | 1155 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1112 | return rc; | 1156 | return rc; |
1113 | } | 1157 | } |
1114 | 1158 | ||
@@ -1120,7 +1164,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1120 | */ | 1164 | */ |
1121 | static int smack_task_getscheduler(struct task_struct *p) | 1165 | static int smack_task_getscheduler(struct task_struct *p) |
1122 | { | 1166 | { |
1123 | return smk_curacc(p->security, MAY_READ); | 1167 | return smk_curacc(task_security(p), MAY_READ); |
1124 | } | 1168 | } |
1125 | 1169 | ||
1126 | /** | 1170 | /** |
@@ -1131,7 +1175,7 @@ static int smack_task_getscheduler(struct task_struct *p) | |||
1131 | */ | 1175 | */ |
1132 | static int smack_task_movememory(struct task_struct *p) | 1176 | static int smack_task_movememory(struct task_struct *p) |
1133 | { | 1177 | { |
1134 | return smk_curacc(p->security, MAY_WRITE); | 1178 | return smk_curacc(task_security(p), MAY_WRITE); |
1135 | } | 1179 | } |
1136 | 1180 | ||
1137 | /** | 1181 | /** |
@@ -1154,13 +1198,13 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
1154 | * can write the receiver. | 1198 | * can write the receiver. |
1155 | */ | 1199 | */ |
1156 | if (secid == 0) | 1200 | if (secid == 0) |
1157 | return smk_curacc(p->security, MAY_WRITE); | 1201 | return smk_curacc(task_security(p), MAY_WRITE); |
1158 | /* | 1202 | /* |
1159 | * If the secid isn't 0 we're dealing with some USB IO | 1203 | * If the secid isn't 0 we're dealing with some USB IO |
1160 | * specific behavior. This is not clean. For one thing | 1204 | * specific behavior. This is not clean. For one thing |
1161 | * we can't take privilege into account. | 1205 | * we can't take privilege into account. |
1162 | */ | 1206 | */ |
1163 | return smk_access(smack_from_secid(secid), p->security, MAY_WRITE); | 1207 | return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); |
1164 | } | 1208 | } |
1165 | 1209 | ||
1166 | /** | 1210 | /** |
@@ -1173,7 +1217,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1173 | { | 1217 | { |
1174 | int rc; | 1218 | int rc; |
1175 | 1219 | ||
1176 | rc = smk_access(current->security, p->security, MAY_WRITE); | 1220 | rc = smk_access(current_security(), task_security(p), MAY_WRITE); |
1177 | if (rc == 0) | 1221 | if (rc == 0) |
1178 | return 0; | 1222 | return 0; |
1179 | 1223 | ||
@@ -1204,7 +1248,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1204 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | 1248 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) |
1205 | { | 1249 | { |
1206 | struct inode_smack *isp = inode->i_security; | 1250 | struct inode_smack *isp = inode->i_security; |
1207 | isp->smk_inode = p->security; | 1251 | isp->smk_inode = task_security(p); |
1208 | } | 1252 | } |
1209 | 1253 | ||
1210 | /* | 1254 | /* |
@@ -1223,7 +1267,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
1223 | */ | 1267 | */ |
1224 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1268 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
1225 | { | 1269 | { |
1226 | char *csp = current->security; | 1270 | char *csp = current_security(); |
1227 | struct socket_smack *ssp; | 1271 | struct socket_smack *ssp; |
1228 | 1272 | ||
1229 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1273 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
@@ -1448,7 +1492,7 @@ static int smack_flags_to_may(int flags) | |||
1448 | */ | 1492 | */ |
1449 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 1493 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
1450 | { | 1494 | { |
1451 | msg->security = current->security; | 1495 | msg->security = current_security(); |
1452 | return 0; | 1496 | return 0; |
1453 | } | 1497 | } |
1454 | 1498 | ||
@@ -1484,7 +1528,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp) | |||
1484 | { | 1528 | { |
1485 | struct kern_ipc_perm *isp = &shp->shm_perm; | 1529 | struct kern_ipc_perm *isp = &shp->shm_perm; |
1486 | 1530 | ||
1487 | isp->security = current->security; | 1531 | isp->security = current_security(); |
1488 | return 0; | 1532 | return 0; |
1489 | } | 1533 | } |
1490 | 1534 | ||
@@ -1593,7 +1637,7 @@ static int smack_sem_alloc_security(struct sem_array *sma) | |||
1593 | { | 1637 | { |
1594 | struct kern_ipc_perm *isp = &sma->sem_perm; | 1638 | struct kern_ipc_perm *isp = &sma->sem_perm; |
1595 | 1639 | ||
1596 | isp->security = current->security; | 1640 | isp->security = current_security(); |
1597 | return 0; | 1641 | return 0; |
1598 | } | 1642 | } |
1599 | 1643 | ||
@@ -1697,7 +1741,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq) | |||
1697 | { | 1741 | { |
1698 | struct kern_ipc_perm *kisp = &msq->q_perm; | 1742 | struct kern_ipc_perm *kisp = &msq->q_perm; |
1699 | 1743 | ||
1700 | kisp->security = current->security; | 1744 | kisp->security = current_security(); |
1701 | return 0; | 1745 | return 0; |
1702 | } | 1746 | } |
1703 | 1747 | ||
@@ -1852,7 +1896,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
1852 | struct super_block *sbp; | 1896 | struct super_block *sbp; |
1853 | struct superblock_smack *sbsp; | 1897 | struct superblock_smack *sbsp; |
1854 | struct inode_smack *isp; | 1898 | struct inode_smack *isp; |
1855 | char *csp = current->security; | 1899 | char *csp = current_security(); |
1856 | char *fetched; | 1900 | char *fetched; |
1857 | char *final; | 1901 | char *final; |
1858 | struct dentry *dp; | 1902 | struct dentry *dp; |
@@ -2009,7 +2053,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) | |||
2009 | if (strcmp(name, "current") != 0) | 2053 | if (strcmp(name, "current") != 0) |
2010 | return -EINVAL; | 2054 | return -EINVAL; |
2011 | 2055 | ||
2012 | cp = kstrdup(p->security, GFP_KERNEL); | 2056 | cp = kstrdup(task_security(p), GFP_KERNEL); |
2013 | if (cp == NULL) | 2057 | if (cp == NULL) |
2014 | return -ENOMEM; | 2058 | return -ENOMEM; |
2015 | 2059 | ||
@@ -2033,6 +2077,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) | |||
2033 | static int smack_setprocattr(struct task_struct *p, char *name, | 2077 | static int smack_setprocattr(struct task_struct *p, char *name, |
2034 | void *value, size_t size) | 2078 | void *value, size_t size) |
2035 | { | 2079 | { |
2080 | struct cred *new; | ||
2036 | char *newsmack; | 2081 | char *newsmack; |
2037 | 2082 | ||
2038 | /* | 2083 | /* |
@@ -2055,7 +2100,11 @@ static int smack_setprocattr(struct task_struct *p, char *name, | |||
2055 | if (newsmack == NULL) | 2100 | if (newsmack == NULL) |
2056 | return -EINVAL; | 2101 | return -EINVAL; |
2057 | 2102 | ||
2058 | p->security = newsmack; | 2103 | new = prepare_creds(); |
2104 | if (!new) | ||
2105 | return -ENOMEM; | ||
2106 | new->security = newsmack; | ||
2107 | commit_creds(new); | ||
2059 | return size; | 2108 | return size; |
2060 | } | 2109 | } |
2061 | 2110 | ||
@@ -2288,8 +2337,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
2288 | return; | 2337 | return; |
2289 | 2338 | ||
2290 | ssp = sk->sk_security; | 2339 | ssp = sk->sk_security; |
2291 | ssp->smk_in = current->security; | 2340 | ssp->smk_in = ssp->smk_out = current_security(); |
2292 | ssp->smk_out = current->security; | ||
2293 | ssp->smk_packet[0] = '\0'; | 2341 | ssp->smk_packet[0] = '\0'; |
2294 | 2342 | ||
2295 | rc = smack_netlabel(sk); | 2343 | rc = smack_netlabel(sk); |
@@ -2352,17 +2400,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
2352 | /** | 2400 | /** |
2353 | * smack_key_alloc - Set the key security blob | 2401 | * smack_key_alloc - Set the key security blob |
2354 | * @key: object | 2402 | * @key: object |
2355 | * @tsk: the task associated with the key | 2403 | * @cred: the credentials to use |
2356 | * @flags: unused | 2404 | * @flags: unused |
2357 | * | 2405 | * |
2358 | * No allocation required | 2406 | * No allocation required |
2359 | * | 2407 | * |
2360 | * Returns 0 | 2408 | * Returns 0 |
2361 | */ | 2409 | */ |
2362 | static int smack_key_alloc(struct key *key, struct task_struct *tsk, | 2410 | static int smack_key_alloc(struct key *key, const struct cred *cred, |
2363 | unsigned long flags) | 2411 | unsigned long flags) |
2364 | { | 2412 | { |
2365 | key->security = tsk->security; | 2413 | key->security = cred->security; |
2366 | return 0; | 2414 | return 0; |
2367 | } | 2415 | } |
2368 | 2416 | ||
@@ -2380,14 +2428,14 @@ static void smack_key_free(struct key *key) | |||
2380 | /* | 2428 | /* |
2381 | * smack_key_permission - Smack access on a key | 2429 | * smack_key_permission - Smack access on a key |
2382 | * @key_ref: gets to the object | 2430 | * @key_ref: gets to the object |
2383 | * @context: task involved | 2431 | * @cred: the credentials to use |
2384 | * @perm: unused | 2432 | * @perm: unused |
2385 | * | 2433 | * |
2386 | * Return 0 if the task has read and write to the object, | 2434 | * Return 0 if the task has read and write to the object, |
2387 | * an error code otherwise | 2435 | * an error code otherwise |
2388 | */ | 2436 | */ |
2389 | static int smack_key_permission(key_ref_t key_ref, | 2437 | static int smack_key_permission(key_ref_t key_ref, |
2390 | struct task_struct *context, key_perm_t perm) | 2438 | const struct cred *cred, key_perm_t perm) |
2391 | { | 2439 | { |
2392 | struct key *keyp; | 2440 | struct key *keyp; |
2393 | 2441 | ||
@@ -2403,10 +2451,10 @@ static int smack_key_permission(key_ref_t key_ref, | |||
2403 | /* | 2451 | /* |
2404 | * This should not occur | 2452 | * This should not occur |
2405 | */ | 2453 | */ |
2406 | if (context->security == NULL) | 2454 | if (cred->security == NULL) |
2407 | return -EACCES; | 2455 | return -EACCES; |
2408 | 2456 | ||
2409 | return smk_access(context->security, keyp->security, MAY_READWRITE); | 2457 | return smk_access(cred->security, keyp->security, MAY_READWRITE); |
2410 | } | 2458 | } |
2411 | #endif /* CONFIG_KEYS */ | 2459 | #endif /* CONFIG_KEYS */ |
2412 | 2460 | ||
@@ -2577,15 +2625,13 @@ struct security_operations smack_ops = { | |||
2577 | .ptrace_may_access = smack_ptrace_may_access, | 2625 | .ptrace_may_access = smack_ptrace_may_access, |
2578 | .ptrace_traceme = smack_ptrace_traceme, | 2626 | .ptrace_traceme = smack_ptrace_traceme, |
2579 | .capget = cap_capget, | 2627 | .capget = cap_capget, |
2580 | .capset_check = cap_capset_check, | 2628 | .capset = cap_capset, |
2581 | .capset_set = cap_capset_set, | ||
2582 | .capable = cap_capable, | 2629 | .capable = cap_capable, |
2583 | .syslog = smack_syslog, | 2630 | .syslog = smack_syslog, |
2584 | .settime = cap_settime, | 2631 | .settime = cap_settime, |
2585 | .vm_enough_memory = cap_vm_enough_memory, | 2632 | .vm_enough_memory = cap_vm_enough_memory, |
2586 | 2633 | ||
2587 | .bprm_apply_creds = cap_bprm_apply_creds, | 2634 | .bprm_set_creds = cap_bprm_set_creds, |
2588 | .bprm_set_security = cap_bprm_set_security, | ||
2589 | .bprm_secureexec = cap_bprm_secureexec, | 2635 | .bprm_secureexec = cap_bprm_secureexec, |
2590 | 2636 | ||
2591 | .sb_alloc_security = smack_sb_alloc_security, | 2637 | .sb_alloc_security = smack_sb_alloc_security, |
@@ -2627,9 +2673,12 @@ struct security_operations smack_ops = { | |||
2627 | .file_send_sigiotask = smack_file_send_sigiotask, | 2673 | .file_send_sigiotask = smack_file_send_sigiotask, |
2628 | .file_receive = smack_file_receive, | 2674 | .file_receive = smack_file_receive, |
2629 | 2675 | ||
2630 | .task_alloc_security = smack_task_alloc_security, | 2676 | .cred_free = smack_cred_free, |
2631 | .task_free_security = smack_task_free_security, | 2677 | .cred_prepare = smack_cred_prepare, |
2632 | .task_post_setuid = cap_task_post_setuid, | 2678 | .cred_commit = smack_cred_commit, |
2679 | .kernel_act_as = smack_kernel_act_as, | ||
2680 | .kernel_create_files_as = smack_kernel_create_files_as, | ||
2681 | .task_fix_setuid = cap_task_fix_setuid, | ||
2633 | .task_setpgid = smack_task_setpgid, | 2682 | .task_setpgid = smack_task_setpgid, |
2634 | .task_getpgid = smack_task_getpgid, | 2683 | .task_getpgid = smack_task_getpgid, |
2635 | .task_getsid = smack_task_getsid, | 2684 | .task_getsid = smack_task_getsid, |
@@ -2642,7 +2691,6 @@ struct security_operations smack_ops = { | |||
2642 | .task_movememory = smack_task_movememory, | 2691 | .task_movememory = smack_task_movememory, |
2643 | .task_kill = smack_task_kill, | 2692 | .task_kill = smack_task_kill, |
2644 | .task_wait = smack_task_wait, | 2693 | .task_wait = smack_task_wait, |
2645 | .task_reparent_to_init = cap_task_reparent_to_init, | ||
2646 | .task_to_inode = smack_task_to_inode, | 2694 | .task_to_inode = smack_task_to_inode, |
2647 | .task_prctl = cap_task_prctl, | 2695 | .task_prctl = cap_task_prctl, |
2648 | 2696 | ||
@@ -2718,6 +2766,8 @@ struct security_operations smack_ops = { | |||
2718 | */ | 2766 | */ |
2719 | static __init int smack_init(void) | 2767 | static __init int smack_init(void) |
2720 | { | 2768 | { |
2769 | struct cred *cred; | ||
2770 | |||
2721 | if (!security_module_enable(&smack_ops)) | 2771 | if (!security_module_enable(&smack_ops)) |
2722 | return 0; | 2772 | return 0; |
2723 | 2773 | ||
@@ -2726,7 +2776,8 @@ static __init int smack_init(void) | |||
2726 | /* | 2776 | /* |
2727 | * Set the security state for the initial task. | 2777 | * Set the security state for the initial task. |
2728 | */ | 2778 | */ |
2729 | current->security = &smack_known_floor.smk_known; | 2779 | cred = (struct cred *) current->cred; |
2780 | cred->security = &smack_known_floor.smk_known; | ||
2730 | 2781 | ||
2731 | /* | 2782 | /* |
2732 | * Initialize locks | 2783 | * Initialize locks |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c21d8c8bf0c7..ca257dfdc75d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void) | |||
336 | 336 | ||
337 | audit_info.loginuid = audit_get_loginuid(current); | 337 | audit_info.loginuid = audit_get_loginuid(current); |
338 | audit_info.sessionid = audit_get_sessionid(current); | 338 | audit_info.sessionid = audit_get_sessionid(current); |
339 | audit_info.secid = smack_to_secid(current->security); | 339 | audit_info.secid = smack_to_secid(current_security()); |
340 | 340 | ||
341 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
342 | if (rc != 0) | 342 | if (rc != 0) |
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient) | |||
371 | 371 | ||
372 | audit_info.loginuid = audit_get_loginuid(current); | 372 | audit_info.loginuid = audit_get_loginuid(current); |
373 | audit_info.sessionid = audit_get_sessionid(current); | 373 | audit_info.sessionid = audit_get_sessionid(current); |
374 | audit_info.secid = smack_to_secid(current->security); | 374 | audit_info.secid = smack_to_secid(current_security()); |
375 | 375 | ||
376 | if (oldambient != NULL) { | 376 | if (oldambient != NULL) { |
377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); |
@@ -843,7 +843,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, | |||
843 | size_t count, loff_t *ppos) | 843 | size_t count, loff_t *ppos) |
844 | { | 844 | { |
845 | char in[SMK_LABELLEN]; | 845 | char in[SMK_LABELLEN]; |
846 | char *sp = current->security; | 846 | char *sp = current->cred->security; |
847 | 847 | ||
848 | if (!capable(CAP_MAC_ADMIN)) | 848 | if (!capable(CAP_MAC_ADMIN)) |
849 | return -EPERM; | 849 | return -EPERM; |