aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/security.h20
-rw-r--r--kernel/sys.c15
-rw-r--r--security/capability.c6
-rw-r--r--security/security.c5
4 files changed, 0 insertions, 46 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 33b0c1b27f82..447c57fcec88 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -674,18 +674,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
674 * userspace to load a kernel module with the given name. 674 * userspace to load a kernel module with the given name.
675 * @kmod_name name of the module requested by the kernel 675 * @kmod_name name of the module requested by the kernel
676 * Return 0 if successful. 676 * Return 0 if successful.
677 * @task_setuid:
678 * Check permission before setting one or more of the user identity
679 * attributes of the current process. The @flags parameter indicates
680 * which of the set*uid system calls invoked this hook and how to
681 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
682 * definitions at the beginning of this file for the @flags values and
683 * their meanings.
684 * @id0 contains a uid.
685 * @id1 contains a uid.
686 * @id2 contains a uid.
687 * @flags contains one of the LSM_SETID_* values.
688 * Return 0 if permission is granted.
689 * @task_fix_setuid: 677 * @task_fix_setuid:
690 * Update the module's state after setting one or more of the user 678 * Update the module's state after setting one or more of the user
691 * identity attributes of the current process. The @flags parameter 679 * identity attributes of the current process. The @flags parameter
@@ -1536,7 +1524,6 @@ struct security_operations {
1536 int (*kernel_act_as)(struct cred *new, u32 secid); 1524 int (*kernel_act_as)(struct cred *new, u32 secid);
1537 int (*kernel_create_files_as)(struct cred *new, struct inode *inode); 1525 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1538 int (*kernel_module_request)(char *kmod_name); 1526 int (*kernel_module_request)(char *kmod_name);
1539 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1540 int (*task_fix_setuid) (struct cred *new, const struct cred *old, 1527 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1541 int flags); 1528 int flags);
1542 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); 1529 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
@@ -1793,7 +1780,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old);
1793int security_kernel_act_as(struct cred *new, u32 secid); 1780int security_kernel_act_as(struct cred *new, u32 secid);
1794int security_kernel_create_files_as(struct cred *new, struct inode *inode); 1781int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1795int security_kernel_module_request(char *kmod_name); 1782int security_kernel_module_request(char *kmod_name);
1796int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1797int security_task_fix_setuid(struct cred *new, const struct cred *old, 1783int security_task_fix_setuid(struct cred *new, const struct cred *old,
1798 int flags); 1784 int flags);
1799int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); 1785int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
@@ -2330,12 +2316,6 @@ static inline int security_kernel_module_request(char *kmod_name)
2330 return 0; 2316 return 0;
2331} 2317}
2332 2318
2333static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2334 int flags)
2335{
2336 return 0;
2337}
2338
2339static inline int security_task_fix_setuid(struct cred *new, 2319static inline int security_task_fix_setuid(struct cred *new,
2340 const struct cred *old, 2320 const struct cred *old,
2341 int flags) 2321 int flags)
diff --git a/kernel/sys.c b/kernel/sys.c
index 8298878f4f71..396c11cd9a20 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -609,10 +609,6 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
609 return -ENOMEM; 609 return -ENOMEM;
610 old = current_cred(); 610 old = current_cred();
611 611
612 retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
613 if (retval)
614 goto error;
615
616 retval = -EPERM; 612 retval = -EPERM;
617 if (ruid != (uid_t) -1) { 613 if (ruid != (uid_t) -1) {
618 new->uid = ruid; 614 new->uid = ruid;
@@ -674,10 +670,6 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
674 return -ENOMEM; 670 return -ENOMEM;
675 old = current_cred(); 671 old = current_cred();
676 672
677 retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
678 if (retval)
679 goto error;
680
681 retval = -EPERM; 673 retval = -EPERM;
682 if (capable(CAP_SETUID)) { 674 if (capable(CAP_SETUID)) {
683 new->suid = new->uid = uid; 675 new->suid = new->uid = uid;
@@ -718,9 +710,6 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
718 if (!new) 710 if (!new)
719 return -ENOMEM; 711 return -ENOMEM;
720 712
721 retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
722 if (retval)
723 goto error;
724 old = current_cred(); 713 old = current_cred();
725 714
726 retval = -EPERM; 715 retval = -EPERM;
@@ -850,9 +839,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
850 old = current_cred(); 839 old = current_cred();
851 old_fsuid = old->fsuid; 840 old_fsuid = old->fsuid;
852 841
853 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
854 goto error;
855
856 if (uid == old->uid || uid == old->euid || 842 if (uid == old->uid || uid == old->euid ||
857 uid == old->suid || uid == old->fsuid || 843 uid == old->suid || uid == old->fsuid ||
858 capable(CAP_SETUID)) { 844 capable(CAP_SETUID)) {
@@ -863,7 +849,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
863 } 849 }
864 } 850 }
865 851
866error:
867 abort_creds(new); 852 abort_creds(new);
868 return old_fsuid; 853 return old_fsuid;
869 854
diff --git a/security/capability.c b/security/capability.c
index a927bdea1816..41ff54f3b4d8 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -392,11 +392,6 @@ static int cap_kernel_module_request(char *kmod_name)
392 return 0; 392 return 0;
393} 393}
394 394
395static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
396{
397 return 0;
398}
399
400static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) 395static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
401{ 396{
402 return 0; 397 return 0;
@@ -972,7 +967,6 @@ void security_fixup_ops(struct security_operations *ops)
972 set_to_cap_if_null(ops, kernel_act_as); 967 set_to_cap_if_null(ops, kernel_act_as);
973 set_to_cap_if_null(ops, kernel_create_files_as); 968 set_to_cap_if_null(ops, kernel_create_files_as);
974 set_to_cap_if_null(ops, kernel_module_request); 969 set_to_cap_if_null(ops, kernel_module_request);
975 set_to_cap_if_null(ops, task_setuid);
976 set_to_cap_if_null(ops, task_fix_setuid); 970 set_to_cap_if_null(ops, task_fix_setuid);
977 set_to_cap_if_null(ops, task_setgid); 971 set_to_cap_if_null(ops, task_setgid);
978 set_to_cap_if_null(ops, task_setpgid); 972 set_to_cap_if_null(ops, task_setpgid);
diff --git a/security/security.c b/security/security.c
index 6e5942653d4f..3900da3da87b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -732,11 +732,6 @@ int security_kernel_module_request(char *kmod_name)
732 return security_ops->kernel_module_request(kmod_name); 732 return security_ops->kernel_module_request(kmod_name);
733} 733}
734 734
735int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
736{
737 return security_ops->task_setuid(id0, id1, id2, flags);
738}
739
740int security_task_fix_setuid(struct cred *new, const struct cred *old, 735int security_task_fix_setuid(struct cred *new, const struct cred *old,
741 int flags) 736 int flags)
742{ 737{