diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 103 |
1 files changed, 37 insertions, 66 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 68be11251447..56a0eed65673 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -57,8 +57,7 @@ extern int cap_capset(struct cred *new, const struct cred *old, | |||
| 57 | const kernel_cap_t *effective, | 57 | const kernel_cap_t *effective, |
| 58 | const kernel_cap_t *inheritable, | 58 | const kernel_cap_t *inheritable, |
| 59 | const kernel_cap_t *permitted); | 59 | const kernel_cap_t *permitted); |
| 60 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 60 | extern int cap_bprm_set_creds(struct linux_binprm *bprm); |
| 61 | extern int cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | ||
| 62 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 61 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
| 63 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | 62 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
| 64 | const void *value, size_t size, int flags); | 63 | const void *value, size_t size, int flags); |
| @@ -110,7 +109,7 @@ extern unsigned long mmap_min_addr; | |||
| 110 | struct sched_param; | 109 | struct sched_param; |
| 111 | struct request_sock; | 110 | struct request_sock; |
| 112 | 111 | ||
| 113 | /* bprm_apply_creds unsafe reasons */ | 112 | /* bprm->unsafe reasons */ |
| 114 | #define LSM_UNSAFE_SHARE 1 | 113 | #define LSM_UNSAFE_SHARE 1 |
| 115 | #define LSM_UNSAFE_PTRACE 2 | 114 | #define LSM_UNSAFE_PTRACE 2 |
| 116 | #define LSM_UNSAFE_PTRACE_CAP 4 | 115 | #define LSM_UNSAFE_PTRACE_CAP 4 |
| @@ -154,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 154 | * | 153 | * |
| 155 | * Security hooks for program execution operations. | 154 | * Security hooks for program execution operations. |
| 156 | * | 155 | * |
| 157 | * @bprm_alloc_security: | 156 | * @bprm_set_creds: |
| 158 | * Allocate and attach a security structure to the @bprm->security field. | ||
| 159 | * The security field is initialized to NULL when the bprm structure is | ||
| 160 | * allocated. | ||
| 161 | * @bprm contains the linux_binprm structure to be modified. | ||
| 162 | * Return 0 if operation was successful. | ||
| 163 | * @bprm_free_security: | ||
| 164 | * @bprm contains the linux_binprm structure to be modified. | ||
| 165 | * Deallocate and clear the @bprm->security field. | ||
| 166 | * @bprm_apply_creds: | ||
| 167 | * Compute and set the security attributes of a process being transformed | ||
| 168 | * by an execve operation based on the old attributes (current->security) | ||
| 169 | * and the information saved in @bprm->security by the set_security hook. | ||
| 170 | * Since this function may return an error, in which case the process will | ||
| 171 | * be killed. However, it can leave the security attributes of the | ||
| 172 | * process unchanged if an access failure occurs at this point. | ||
| 173 | * bprm_apply_creds is called under task_lock. @unsafe indicates various | ||
| 174 | * reasons why it may be unsafe to change security state. | ||
| 175 | * @bprm contains the linux_binprm structure. | ||
| 176 | * @bprm_post_apply_creds: | ||
| 177 | * Runs after bprm_apply_creds with the task_lock dropped, so that | ||
| 178 | * functions which cannot be called safely under the task_lock can | ||
| 179 | * be used. This hook is a good place to perform state changes on | ||
| 180 | * the process such as closing open file descriptors to which access | ||
| 181 | * is no longer granted if the attributes were changed. | ||
| 182 | * Note that a security module might need to save state between | ||
| 183 | * bprm_apply_creds and bprm_post_apply_creds to store the decision | ||
| 184 | * on whether the process may proceed. | ||
| 185 | * @bprm contains the linux_binprm structure. | ||
| 186 | * @bprm_set_security: | ||
| 187 | * Save security information in the bprm->security field, typically based | 157 | * Save security information in the bprm->security field, typically based |
| 188 | * on information about the bprm->file, for later use by the apply_creds | 158 | * on information about the bprm->file, for later use by the apply_creds |
| 189 | * hook. This hook may also optionally check permissions (e.g. for | 159 | * hook. This hook may also optionally check permissions (e.g. for |
| @@ -196,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 196 | * @bprm contains the linux_binprm structure. | 166 | * @bprm contains the linux_binprm structure. |
| 197 | * Return 0 if the hook is successful and permission is granted. | 167 | * Return 0 if the hook is successful and permission is granted. |
| 198 | * @bprm_check_security: | 168 | * @bprm_check_security: |
| 199 | * This hook mediates the point when a search for a binary handler will | 169 | * This hook mediates the point when a search for a binary handler will |
| 200 | * begin. It allows a check the @bprm->security value which is set in | 170 | * begin. It allows a check the @bprm->security value which is set in the |
| 201 | * the preceding set_security call. The primary difference from | 171 | * preceding set_creds call. The primary difference from set_creds is |
| 202 | * set_security is that the argv list and envp list are reliably | 172 | * that the argv list and envp list are reliably available in @bprm. This |
| 203 | * available in @bprm. This hook may be called multiple times | 173 | * hook may be called multiple times during a single execve; and in each |
| 204 | * during a single execve; and in each pass set_security is called | 174 | * pass set_creds is called first. |
| 205 | * first. | ||
| 206 | * @bprm contains the linux_binprm structure. | 175 | * @bprm contains the linux_binprm structure. |
| 207 | * Return 0 if the hook is successful and permission is granted. | 176 | * Return 0 if the hook is successful and permission is granted. |
| 177 | * @bprm_committing_creds: | ||
| 178 | * Prepare to install the new security attributes of a process being | ||
| 179 | * transformed by an execve operation, based on the old credentials | ||
| 180 | * pointed to by @current->cred and the information set in @bprm->cred by | ||
| 181 | * the bprm_set_creds hook. @bprm points to the linux_binprm structure. | ||
| 182 | * This hook is a good place to perform state changes on the process such | ||
| 183 | * as closing open file descriptors to which access will no longer be | ||
| 184 | * granted when the attributes are changed. This is called immediately | ||
| 185 | * before commit_creds(). | ||
| 186 | * @bprm_committed_creds: | ||
| 187 | * Tidy up after the installation of the new security attributes of a | ||
| 188 | * process being transformed by an execve operation. The new credentials | ||
| 189 | * have, by this point, been set to @current->cred. @bprm points to the | ||
| 190 | * linux_binprm structure. This hook is a good place to perform state | ||
| 191 | * changes on the process such as clearing out non-inheritable signal | ||
| 192 | * state. This is called immediately after commit_creds(). | ||
| 208 | * @bprm_secureexec: | 193 | * @bprm_secureexec: |
| 209 | * Return a boolean value (0 or 1) indicating whether a "secure exec" | 194 | * Return a boolean value (0 or 1) indicating whether a "secure exec" |
| 210 | * is required. The flag is passed in the auxiliary table | 195 | * is required. The flag is passed in the auxiliary table |
| @@ -1301,13 +1286,11 @@ struct security_operations { | |||
| 1301 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1286 | int (*settime) (struct timespec *ts, struct timezone *tz); |
| 1302 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1287 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
| 1303 | 1288 | ||
| 1304 | int (*bprm_alloc_security) (struct linux_binprm *bprm); | 1289 | int (*bprm_set_creds) (struct linux_binprm *bprm); |
| 1305 | void (*bprm_free_security) (struct linux_binprm *bprm); | ||
| 1306 | int (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); | ||
| 1307 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); | ||
| 1308 | int (*bprm_set_security) (struct linux_binprm *bprm); | ||
| 1309 | int (*bprm_check_security) (struct linux_binprm *bprm); | 1290 | int (*bprm_check_security) (struct linux_binprm *bprm); |
| 1310 | int (*bprm_secureexec) (struct linux_binprm *bprm); | 1291 | int (*bprm_secureexec) (struct linux_binprm *bprm); |
| 1292 | void (*bprm_committing_creds) (struct linux_binprm *bprm); | ||
| 1293 | void (*bprm_committed_creds) (struct linux_binprm *bprm); | ||
| 1311 | 1294 | ||
| 1312 | int (*sb_alloc_security) (struct super_block *sb); | 1295 | int (*sb_alloc_security) (struct super_block *sb); |
| 1313 | void (*sb_free_security) (struct super_block *sb); | 1296 | void (*sb_free_security) (struct super_block *sb); |
| @@ -1569,12 +1552,10 @@ int security_settime(struct timespec *ts, struct timezone *tz); | |||
| 1569 | int security_vm_enough_memory(long pages); | 1552 | int security_vm_enough_memory(long pages); |
| 1570 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1553 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
| 1571 | int security_vm_enough_memory_kern(long pages); | 1554 | int security_vm_enough_memory_kern(long pages); |
| 1572 | int security_bprm_alloc(struct linux_binprm *bprm); | 1555 | int security_bprm_set_creds(struct linux_binprm *bprm); |
| 1573 | void security_bprm_free(struct linux_binprm *bprm); | ||
| 1574 | int security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | ||
| 1575 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); | ||
| 1576 | int security_bprm_set(struct linux_binprm *bprm); | ||
| 1577 | int security_bprm_check(struct linux_binprm *bprm); | 1556 | int security_bprm_check(struct linux_binprm *bprm); |
| 1557 | void security_bprm_committing_creds(struct linux_binprm *bprm); | ||
| 1558 | void security_bprm_committed_creds(struct linux_binprm *bprm); | ||
| 1578 | int security_bprm_secureexec(struct linux_binprm *bprm); | 1559 | int security_bprm_secureexec(struct linux_binprm *bprm); |
| 1579 | int security_sb_alloc(struct super_block *sb); | 1560 | int security_sb_alloc(struct super_block *sb); |
| 1580 | void security_sb_free(struct super_block *sb); | 1561 | void security_sb_free(struct super_block *sb); |
| @@ -1812,32 +1793,22 @@ static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) | |||
| 1812 | return cap_vm_enough_memory(mm, pages); | 1793 | return cap_vm_enough_memory(mm, pages); |
| 1813 | } | 1794 | } |
| 1814 | 1795 | ||
| 1815 | static inline int security_bprm_alloc(struct linux_binprm *bprm) | 1796 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) |
| 1816 | { | ||
| 1817 | return 0; | ||
| 1818 | } | ||
| 1819 | |||
| 1820 | static inline void security_bprm_free(struct linux_binprm *bprm) | ||
| 1821 | { } | ||
| 1822 | |||
| 1823 | static inline int security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
| 1824 | { | 1797 | { |
| 1825 | return cap_bprm_apply_creds(bprm, unsafe); | 1798 | return cap_bprm_set_creds(bprm); |
| 1826 | } | 1799 | } |
| 1827 | 1800 | ||
| 1828 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 1801 | static inline int security_bprm_check(struct linux_binprm *bprm) |
| 1829 | { | 1802 | { |
| 1830 | return; | 1803 | return 0; |
| 1831 | } | 1804 | } |
| 1832 | 1805 | ||
| 1833 | static inline int security_bprm_set(struct linux_binprm *bprm) | 1806 | static inline void security_bprm_committing_creds(struct linux_binprm *bprm) |
| 1834 | { | 1807 | { |
| 1835 | return cap_bprm_set_security(bprm); | ||
| 1836 | } | 1808 | } |
| 1837 | 1809 | ||
| 1838 | static inline int security_bprm_check(struct linux_binprm *bprm) | 1810 | static inline void security_bprm_committed_creds(struct linux_binprm *bprm) |
| 1839 | { | 1811 | { |
| 1840 | return 0; | ||
| 1841 | } | 1812 | } |
| 1842 | 1813 | ||
| 1843 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) | 1814 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) |