1 files changed, 49 insertions, 0 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 4739cfbb41b7..5c23afb31ece 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -17,6 +17,7 @@
 #include <linux/fs.h>
 #include <linux/err.h>
 #include <linux/mutex.h>
+#include <linux/security.h>
 #include <linux/user_namespace.h>
 #include <asm/uaccess.h>
 #include "internal.h"
@@ -768,3 +769,51 @@ error:
        abort_creds(new);
        return ret;
 }
+/*
+ * Replace a process's session keyring when that process resumes userspace on
+ * behalf of one of its children
+ */
+void key_replace_session_keyring(void)
+{
+        const struct cred *old;
+        struct cred *new;
+        if (!current->replacement_session_keyring)
+                return;
+        write_lock_irq(&tasklist_lock);
+        new = current->replacement_session_keyring;
+        current->replacement_session_keyring = NULL;
+        write_unlock_irq(&tasklist_lock);
+        if (!new)
+                return;
+        old = current_cred();
+        new->  uid      = old->  uid;
+        new-> euid      = old-> euid;
+        new-> suid      = old-> suid;
+        new->fsuid      = old->fsuid;
+        new->  gid      = old->  gid;
+        new-> egid      = old-> egid;
+        new-> sgid      = old-> sgid;
+        new->fsgid      = old->fsgid;
+        new->user       = get_uid(old->user);
+        new->group_info = get_group_info(old->group_info);
+        new->securebits = old->securebits;
+        new->cap_inheritable    = old->cap_inheritable;
+        new->cap_permitted      = old->cap_permitted;
+        new->cap_effective      = old->cap_effective;
+        new->cap_bset           = old->cap_bset;
+        new->jit_keyring        = old->jit_keyring;
+        new->thread_keyring     = key_get(old->thread_keyring);
+        new->tgcred->tgid       = old->tgcred->tgid;
+        new->tgcred->process_keyring = key_get(old->tgcred->process_keyring);
+        security_transfer_creds(new, old);
+        commit_creds(new);
+}

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 4739cfbb41b7..5c23afb31ece 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c
@@ -17,6 +17,7 @@
17	#include <linux/fs.h>	17	#include <linux/fs.h>
18	#include <linux/err.h>	18	#include <linux/err.h>
19	#include <linux/mutex.h>	19	#include <linux/mutex.h>
		20	#include <linux/security.h>
20	#include <linux/user_namespace.h>	21	#include <linux/user_namespace.h>
21	#include <asm/uaccess.h>	22	#include <asm/uaccess.h>
22	#include "internal.h"	23	#include "internal.h"
@@ -768,3 +769,51 @@ error:
768	abort_creds(new);	769	abort_creds(new);
769	return ret;	770	return ret;
770	}	771	}
		772
		773	/*
		774	* Replace a process's session keyring when that process resumes userspace on
		775	* behalf of one of its children
		776	*/
		777	void key_replace_session_keyring(void)
		778	{
		779	const struct cred *old;
		780	struct cred *new;
		781
		782	if (!current->replacement_session_keyring)
		783	return;
		784
		785	write_lock_irq(&tasklist_lock);
		786	new = current->replacement_session_keyring;
		787	current->replacement_session_keyring = NULL;
		788	write_unlock_irq(&tasklist_lock);
		789
		790	if (!new)
		791	return;
		792
		793	old = current_cred();
		794	new-> uid = old-> uid;
		795	new-> euid = old-> euid;
		796	new-> suid = old-> suid;
		797	new->fsuid = old->fsuid;
		798	new-> gid = old-> gid;
		799	new-> egid = old-> egid;
		800	new-> sgid = old-> sgid;
		801	new->fsgid = old->fsgid;
		802	new->user = get_uid(old->user);
		803	new->group_info = get_group_info(old->group_info);
		804
		805	new->securebits = old->securebits;
		806	new->cap_inheritable = old->cap_inheritable;
		807	new->cap_permitted = old->cap_permitted;
		808	new->cap_effective = old->cap_effective;
		809	new->cap_bset = old->cap_bset;
		810
		811	new->jit_keyring = old->jit_keyring;
		812	new->thread_keyring = key_get(old->thread_keyring);
		813	new->tgcred->tgid = old->tgcred->tgid;
		814	new->tgcred->process_keyring = key_get(old->tgcred->process_keyring);
		815
		816	security_transfer_creds(new, old);
		817
		818	commit_creds(new);
		819	}