diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/exports.c | 8 | ||||
-rw-r--r-- | security/selinux/hooks.c | 1254 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 2 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 2 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 5 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 1 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 11 | ||||
-rw-r--r-- | security/selinux/nlmsgtab.c | 3 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 13 | ||||
-rw-r--r-- | security/selinux/xfrm.c | 6 |
10 files changed, 701 insertions, 604 deletions
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index 64af2d3409ef..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
40 | { | 40 | { |
41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
42 | struct task_security_struct *tsec = current->security; | 42 | const struct task_security_struct *__tsec; |
43 | u32 tsid; | ||
43 | 44 | ||
44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
46 | } | 50 | } |
47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f85597a4d733..853b58c8b2cb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -156,33 +156,62 @@ static int selinux_secmark_enabled(void) | |||
156 | return (atomic_read(&selinux_secmark_refcount) > 0); | 156 | return (atomic_read(&selinux_secmark_refcount) > 0); |
157 | } | 157 | } |
158 | 158 | ||
159 | /* Allocate and free functions for each kind of security blob. */ | 159 | /* |
160 | 160 | * initialise the security for the init task | |
161 | static int task_alloc_security(struct task_struct *task) | 161 | */ |
162 | static void cred_init_security(void) | ||
162 | { | 163 | { |
164 | struct cred *cred = (struct cred *) current->real_cred; | ||
163 | struct task_security_struct *tsec; | 165 | struct task_security_struct *tsec; |
164 | 166 | ||
165 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 167 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); |
166 | if (!tsec) | 168 | if (!tsec) |
167 | return -ENOMEM; | 169 | panic("SELinux: Failed to initialize initial task.\n"); |
168 | 170 | ||
169 | tsec->osid = tsec->sid = SECINITSID_UNLABELED; | 171 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
170 | task->security = tsec; | 172 | cred->security = tsec; |
173 | } | ||
171 | 174 | ||
172 | return 0; | 175 | /* |
176 | * get the security ID of a set of credentials | ||
177 | */ | ||
178 | static inline u32 cred_sid(const struct cred *cred) | ||
179 | { | ||
180 | const struct task_security_struct *tsec; | ||
181 | |||
182 | tsec = cred->security; | ||
183 | return tsec->sid; | ||
173 | } | 184 | } |
174 | 185 | ||
175 | static void task_free_security(struct task_struct *task) | 186 | /* |
187 | * get the objective security ID of a task | ||
188 | */ | ||
189 | static inline u32 task_sid(const struct task_struct *task) | ||
176 | { | 190 | { |
177 | struct task_security_struct *tsec = task->security; | 191 | u32 sid; |
178 | task->security = NULL; | 192 | |
179 | kfree(tsec); | 193 | rcu_read_lock(); |
194 | sid = cred_sid(__task_cred(task)); | ||
195 | rcu_read_unlock(); | ||
196 | return sid; | ||
180 | } | 197 | } |
181 | 198 | ||
199 | /* | ||
200 | * get the subjective security ID of the current task | ||
201 | */ | ||
202 | static inline u32 current_sid(void) | ||
203 | { | ||
204 | const struct task_security_struct *tsec = current_cred()->security; | ||
205 | |||
206 | return tsec->sid; | ||
207 | } | ||
208 | |||
209 | /* Allocate and free functions for each kind of security blob. */ | ||
210 | |||
182 | static int inode_alloc_security(struct inode *inode) | 211 | static int inode_alloc_security(struct inode *inode) |
183 | { | 212 | { |
184 | struct task_security_struct *tsec = current->security; | ||
185 | struct inode_security_struct *isec; | 213 | struct inode_security_struct *isec; |
214 | u32 sid = current_sid(); | ||
186 | 215 | ||
187 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); | 216 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); |
188 | if (!isec) | 217 | if (!isec) |
@@ -193,7 +222,7 @@ static int inode_alloc_security(struct inode *inode) | |||
193 | isec->inode = inode; | 222 | isec->inode = inode; |
194 | isec->sid = SECINITSID_UNLABELED; | 223 | isec->sid = SECINITSID_UNLABELED; |
195 | isec->sclass = SECCLASS_FILE; | 224 | isec->sclass = SECCLASS_FILE; |
196 | isec->task_sid = tsec->sid; | 225 | isec->task_sid = sid; |
197 | inode->i_security = isec; | 226 | inode->i_security = isec; |
198 | 227 | ||
199 | return 0; | 228 | return 0; |
@@ -215,15 +244,15 @@ static void inode_free_security(struct inode *inode) | |||
215 | 244 | ||
216 | static int file_alloc_security(struct file *file) | 245 | static int file_alloc_security(struct file *file) |
217 | { | 246 | { |
218 | struct task_security_struct *tsec = current->security; | ||
219 | struct file_security_struct *fsec; | 247 | struct file_security_struct *fsec; |
248 | u32 sid = current_sid(); | ||
220 | 249 | ||
221 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); | 250 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); |
222 | if (!fsec) | 251 | if (!fsec) |
223 | return -ENOMEM; | 252 | return -ENOMEM; |
224 | 253 | ||
225 | fsec->sid = tsec->sid; | 254 | fsec->sid = sid; |
226 | fsec->fown_sid = tsec->sid; | 255 | fsec->fown_sid = sid; |
227 | file->f_security = fsec; | 256 | file->f_security = fsec; |
228 | 257 | ||
229 | return 0; | 258 | return 0; |
@@ -338,8 +367,9 @@ static const match_table_t tokens = { | |||
338 | 367 | ||
339 | static int may_context_mount_sb_relabel(u32 sid, | 368 | static int may_context_mount_sb_relabel(u32 sid, |
340 | struct superblock_security_struct *sbsec, | 369 | struct superblock_security_struct *sbsec, |
341 | struct task_security_struct *tsec) | 370 | const struct cred *cred) |
342 | { | 371 | { |
372 | const struct task_security_struct *tsec = cred->security; | ||
343 | int rc; | 373 | int rc; |
344 | 374 | ||
345 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 375 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
@@ -354,8 +384,9 @@ static int may_context_mount_sb_relabel(u32 sid, | |||
354 | 384 | ||
355 | static int may_context_mount_inode_relabel(u32 sid, | 385 | static int may_context_mount_inode_relabel(u32 sid, |
356 | struct superblock_security_struct *sbsec, | 386 | struct superblock_security_struct *sbsec, |
357 | struct task_security_struct *tsec) | 387 | const struct cred *cred) |
358 | { | 388 | { |
389 | const struct task_security_struct *tsec = cred->security; | ||
359 | int rc; | 390 | int rc; |
360 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 391 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
361 | FILESYSTEM__RELABELFROM, NULL); | 392 | FILESYSTEM__RELABELFROM, NULL); |
@@ -553,8 +584,8 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag, | |||
553 | static int selinux_set_mnt_opts(struct super_block *sb, | 584 | static int selinux_set_mnt_opts(struct super_block *sb, |
554 | struct security_mnt_opts *opts) | 585 | struct security_mnt_opts *opts) |
555 | { | 586 | { |
587 | const struct cred *cred = current_cred(); | ||
556 | int rc = 0, i; | 588 | int rc = 0, i; |
557 | struct task_security_struct *tsec = current->security; | ||
558 | struct superblock_security_struct *sbsec = sb->s_security; | 589 | struct superblock_security_struct *sbsec = sb->s_security; |
559 | const char *name = sb->s_type->name; | 590 | const char *name = sb->s_type->name; |
560 | struct inode *inode = sbsec->sb->s_root->d_inode; | 591 | struct inode *inode = sbsec->sb->s_root->d_inode; |
@@ -671,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
671 | sbsec->proc = 1; | 702 | sbsec->proc = 1; |
672 | 703 | ||
673 | /* Determine the labeling behavior to use for this filesystem type. */ | 704 | /* Determine the labeling behavior to use for this filesystem type. */ |
674 | rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); | 705 | rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid); |
675 | if (rc) { | 706 | if (rc) { |
676 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", | 707 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", |
677 | __func__, sb->s_type->name, rc); | 708 | __func__, sb->s_type->name, rc); |
@@ -680,8 +711,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
680 | 711 | ||
681 | /* sets the context of the superblock for the fs being mounted. */ | 712 | /* sets the context of the superblock for the fs being mounted. */ |
682 | if (fscontext_sid) { | 713 | if (fscontext_sid) { |
683 | 714 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); | |
684 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec); | ||
685 | if (rc) | 715 | if (rc) |
686 | goto out; | 716 | goto out; |
687 | 717 | ||
@@ -695,12 +725,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
695 | */ | 725 | */ |
696 | if (context_sid) { | 726 | if (context_sid) { |
697 | if (!fscontext_sid) { | 727 | if (!fscontext_sid) { |
698 | rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec); | 728 | rc = may_context_mount_sb_relabel(context_sid, sbsec, |
729 | cred); | ||
699 | if (rc) | 730 | if (rc) |
700 | goto out; | 731 | goto out; |
701 | sbsec->sid = context_sid; | 732 | sbsec->sid = context_sid; |
702 | } else { | 733 | } else { |
703 | rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec); | 734 | rc = may_context_mount_inode_relabel(context_sid, sbsec, |
735 | cred); | ||
704 | if (rc) | 736 | if (rc) |
705 | goto out; | 737 | goto out; |
706 | } | 738 | } |
@@ -712,7 +744,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
712 | } | 744 | } |
713 | 745 | ||
714 | if (rootcontext_sid) { | 746 | if (rootcontext_sid) { |
715 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec); | 747 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, |
748 | cred); | ||
716 | if (rc) | 749 | if (rc) |
717 | goto out; | 750 | goto out; |
718 | 751 | ||
@@ -730,7 +763,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
730 | 763 | ||
731 | if (defcontext_sid != sbsec->def_sid) { | 764 | if (defcontext_sid != sbsec->def_sid) { |
732 | rc = may_context_mount_inode_relabel(defcontext_sid, | 765 | rc = may_context_mount_inode_relabel(defcontext_sid, |
733 | sbsec, tsec); | 766 | sbsec, cred); |
734 | if (rc) | 767 | if (rc) |
735 | goto out; | 768 | goto out; |
736 | } | 769 | } |
@@ -1345,18 +1378,53 @@ static inline u32 signal_to_av(int sig) | |||
1345 | return perm; | 1378 | return perm; |
1346 | } | 1379 | } |
1347 | 1380 | ||
1348 | /* Check permission betweeen a pair of tasks, e.g. signal checks, | 1381 | /* |
1349 | fork check, ptrace check, etc. */ | 1382 | * Check permission between a pair of credentials |
1350 | static int task_has_perm(struct task_struct *tsk1, | 1383 | * fork check, ptrace check, etc. |
1351 | struct task_struct *tsk2, | 1384 | */ |
1385 | static int cred_has_perm(const struct cred *actor, | ||
1386 | const struct cred *target, | ||
1387 | u32 perms) | ||
1388 | { | ||
1389 | u32 asid = cred_sid(actor), tsid = cred_sid(target); | ||
1390 | |||
1391 | return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1392 | } | ||
1393 | |||
1394 | /* | ||
1395 | * Check permission between a pair of tasks, e.g. signal checks, | ||
1396 | * fork check, ptrace check, etc. | ||
1397 | * tsk1 is the actor and tsk2 is the target | ||
1398 | * - this uses the default subjective creds of tsk1 | ||
1399 | */ | ||
1400 | static int task_has_perm(const struct task_struct *tsk1, | ||
1401 | const struct task_struct *tsk2, | ||
1352 | u32 perms) | 1402 | u32 perms) |
1353 | { | 1403 | { |
1354 | struct task_security_struct *tsec1, *tsec2; | 1404 | const struct task_security_struct *__tsec1, *__tsec2; |
1405 | u32 sid1, sid2; | ||
1355 | 1406 | ||
1356 | tsec1 = tsk1->security; | 1407 | rcu_read_lock(); |
1357 | tsec2 = tsk2->security; | 1408 | __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; |
1358 | return avc_has_perm(tsec1->sid, tsec2->sid, | 1409 | __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; |
1359 | SECCLASS_PROCESS, perms, NULL); | 1410 | rcu_read_unlock(); |
1411 | return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); | ||
1412 | } | ||
1413 | |||
1414 | /* | ||
1415 | * Check permission between current and another task, e.g. signal checks, | ||
1416 | * fork check, ptrace check, etc. | ||
1417 | * current is the actor and tsk2 is the target | ||
1418 | * - this uses current's subjective creds | ||
1419 | */ | ||
1420 | static int current_has_perm(const struct task_struct *tsk, | ||
1421 | u32 perms) | ||
1422 | { | ||
1423 | u32 sid, tsid; | ||
1424 | |||
1425 | sid = current_sid(); | ||
1426 | tsid = task_sid(tsk); | ||
1427 | return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1360 | } | 1428 | } |
1361 | 1429 | ||
1362 | #if CAP_LAST_CAP > 63 | 1430 | #if CAP_LAST_CAP > 63 |
@@ -1365,14 +1433,14 @@ static int task_has_perm(struct task_struct *tsk1, | |||
1365 | 1433 | ||
1366 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1367 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1368 | int cap) | 1436 | int cap, int audit) |
1369 | { | 1437 | { |
1370 | struct task_security_struct *tsec; | ||
1371 | struct avc_audit_data ad; | 1438 | struct avc_audit_data ad; |
1439 | struct av_decision avd; | ||
1372 | u16 sclass; | 1440 | u16 sclass; |
1441 | u32 sid = task_sid(tsk); | ||
1373 | u32 av = CAP_TO_MASK(cap); | 1442 | u32 av = CAP_TO_MASK(cap); |
1374 | 1443 | int rc; | |
1375 | tsec = tsk->security; | ||
1376 | 1444 | ||
1377 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 1445 | AVC_AUDIT_DATA_INIT(&ad, CAP); |
1378 | ad.tsk = tsk; | 1446 | ad.tsk = tsk; |
@@ -1390,37 +1458,39 @@ static int task_has_capability(struct task_struct *tsk, | |||
1390 | "SELinux: out of range capability %d\n", cap); | 1458 | "SELinux: out of range capability %d\n", cap); |
1391 | BUG(); | 1459 | BUG(); |
1392 | } | 1460 | } |
1393 | return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); | 1461 | |
1462 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | ||
1463 | if (audit == SECURITY_CAP_AUDIT) | ||
1464 | avc_audit(sid, sid, sclass, av, &avd, rc, &ad); | ||
1465 | return rc; | ||
1394 | } | 1466 | } |
1395 | 1467 | ||
1396 | /* Check whether a task is allowed to use a system operation. */ | 1468 | /* Check whether a task is allowed to use a system operation. */ |
1397 | static int task_has_system(struct task_struct *tsk, | 1469 | static int task_has_system(struct task_struct *tsk, |
1398 | u32 perms) | 1470 | u32 perms) |
1399 | { | 1471 | { |
1400 | struct task_security_struct *tsec; | 1472 | u32 sid = task_sid(tsk); |
1401 | 1473 | ||
1402 | tsec = tsk->security; | 1474 | return avc_has_perm(sid, SECINITSID_KERNEL, |
1403 | |||
1404 | return avc_has_perm(tsec->sid, SECINITSID_KERNEL, | ||
1405 | SECCLASS_SYSTEM, perms, NULL); | 1475 | SECCLASS_SYSTEM, perms, NULL); |
1406 | } | 1476 | } |
1407 | 1477 | ||
1408 | /* Check whether a task has a particular permission to an inode. | 1478 | /* Check whether a task has a particular permission to an inode. |
1409 | The 'adp' parameter is optional and allows other audit | 1479 | The 'adp' parameter is optional and allows other audit |
1410 | data to be passed (e.g. the dentry). */ | 1480 | data to be passed (e.g. the dentry). */ |
1411 | static int inode_has_perm(struct task_struct *tsk, | 1481 | static int inode_has_perm(const struct cred *cred, |
1412 | struct inode *inode, | 1482 | struct inode *inode, |
1413 | u32 perms, | 1483 | u32 perms, |
1414 | struct avc_audit_data *adp) | 1484 | struct avc_audit_data *adp) |
1415 | { | 1485 | { |
1416 | struct task_security_struct *tsec; | ||
1417 | struct inode_security_struct *isec; | 1486 | struct inode_security_struct *isec; |
1418 | struct avc_audit_data ad; | 1487 | struct avc_audit_data ad; |
1488 | u32 sid; | ||
1419 | 1489 | ||
1420 | if (unlikely(IS_PRIVATE(inode))) | 1490 | if (unlikely(IS_PRIVATE(inode))) |
1421 | return 0; | 1491 | return 0; |
1422 | 1492 | ||
1423 | tsec = tsk->security; | 1493 | sid = cred_sid(cred); |
1424 | isec = inode->i_security; | 1494 | isec = inode->i_security; |
1425 | 1495 | ||
1426 | if (!adp) { | 1496 | if (!adp) { |
@@ -1429,23 +1499,24 @@ static int inode_has_perm(struct task_struct *tsk, | |||
1429 | ad.u.fs.inode = inode; | 1499 | ad.u.fs.inode = inode; |
1430 | } | 1500 | } |
1431 | 1501 | ||
1432 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); | 1502 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); |
1433 | } | 1503 | } |
1434 | 1504 | ||
1435 | /* Same as inode_has_perm, but pass explicit audit data containing | 1505 | /* Same as inode_has_perm, but pass explicit audit data containing |
1436 | the dentry to help the auditing code to more easily generate the | 1506 | the dentry to help the auditing code to more easily generate the |
1437 | pathname if needed. */ | 1507 | pathname if needed. */ |
1438 | static inline int dentry_has_perm(struct task_struct *tsk, | 1508 | static inline int dentry_has_perm(const struct cred *cred, |
1439 | struct vfsmount *mnt, | 1509 | struct vfsmount *mnt, |
1440 | struct dentry *dentry, | 1510 | struct dentry *dentry, |
1441 | u32 av) | 1511 | u32 av) |
1442 | { | 1512 | { |
1443 | struct inode *inode = dentry->d_inode; | 1513 | struct inode *inode = dentry->d_inode; |
1444 | struct avc_audit_data ad; | 1514 | struct avc_audit_data ad; |
1515 | |||
1445 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1516 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1446 | ad.u.fs.path.mnt = mnt; | 1517 | ad.u.fs.path.mnt = mnt; |
1447 | ad.u.fs.path.dentry = dentry; | 1518 | ad.u.fs.path.dentry = dentry; |
1448 | return inode_has_perm(tsk, inode, av, &ad); | 1519 | return inode_has_perm(cred, inode, av, &ad); |
1449 | } | 1520 | } |
1450 | 1521 | ||
1451 | /* Check whether a task can use an open file descriptor to | 1522 | /* Check whether a task can use an open file descriptor to |
@@ -1456,33 +1527,35 @@ static inline int dentry_has_perm(struct task_struct *tsk, | |||
1456 | has the same SID as the process. If av is zero, then | 1527 | has the same SID as the process. If av is zero, then |
1457 | access to the file is not checked, e.g. for cases | 1528 | access to the file is not checked, e.g. for cases |
1458 | where only the descriptor is affected like seek. */ | 1529 | where only the descriptor is affected like seek. */ |
1459 | static int file_has_perm(struct task_struct *tsk, | 1530 | static int file_has_perm(const struct cred *cred, |
1460 | struct file *file, | 1531 | struct file *file, |
1461 | u32 av) | 1532 | u32 av) |
1462 | { | 1533 | { |
1463 | struct task_security_struct *tsec = tsk->security; | ||
1464 | struct file_security_struct *fsec = file->f_security; | 1534 | struct file_security_struct *fsec = file->f_security; |
1465 | struct inode *inode = file->f_path.dentry->d_inode; | 1535 | struct inode *inode = file->f_path.dentry->d_inode; |
1466 | struct avc_audit_data ad; | 1536 | struct avc_audit_data ad; |
1537 | u32 sid = cred_sid(cred); | ||
1467 | int rc; | 1538 | int rc; |
1468 | 1539 | ||
1469 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1540 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1470 | ad.u.fs.path = file->f_path; | 1541 | ad.u.fs.path = file->f_path; |
1471 | 1542 | ||
1472 | if (tsec->sid != fsec->sid) { | 1543 | if (sid != fsec->sid) { |
1473 | rc = avc_has_perm(tsec->sid, fsec->sid, | 1544 | rc = avc_has_perm(sid, fsec->sid, |
1474 | SECCLASS_FD, | 1545 | SECCLASS_FD, |
1475 | FD__USE, | 1546 | FD__USE, |
1476 | &ad); | 1547 | &ad); |
1477 | if (rc) | 1548 | if (rc) |
1478 | return rc; | 1549 | goto out; |
1479 | } | 1550 | } |
1480 | 1551 | ||
1481 | /* av is zero if only checking access to the descriptor. */ | 1552 | /* av is zero if only checking access to the descriptor. */ |
1553 | rc = 0; | ||
1482 | if (av) | 1554 | if (av) |
1483 | return inode_has_perm(tsk, inode, av, &ad); | 1555 | rc = inode_has_perm(cred, inode, av, &ad); |
1484 | 1556 | ||
1485 | return 0; | 1557 | out: |
1558 | return rc; | ||
1486 | } | 1559 | } |
1487 | 1560 | ||
1488 | /* Check whether a task can create a file. */ | 1561 | /* Check whether a task can create a file. */ |
@@ -1490,36 +1563,36 @@ static int may_create(struct inode *dir, | |||
1490 | struct dentry *dentry, | 1563 | struct dentry *dentry, |
1491 | u16 tclass) | 1564 | u16 tclass) |
1492 | { | 1565 | { |
1493 | struct task_security_struct *tsec; | 1566 | const struct cred *cred = current_cred(); |
1567 | const struct task_security_struct *tsec = cred->security; | ||
1494 | struct inode_security_struct *dsec; | 1568 | struct inode_security_struct *dsec; |
1495 | struct superblock_security_struct *sbsec; | 1569 | struct superblock_security_struct *sbsec; |
1496 | u32 newsid; | 1570 | u32 sid, newsid; |
1497 | struct avc_audit_data ad; | 1571 | struct avc_audit_data ad; |
1498 | int rc; | 1572 | int rc; |
1499 | 1573 | ||
1500 | tsec = current->security; | ||
1501 | dsec = dir->i_security; | 1574 | dsec = dir->i_security; |
1502 | sbsec = dir->i_sb->s_security; | 1575 | sbsec = dir->i_sb->s_security; |
1503 | 1576 | ||
1577 | sid = tsec->sid; | ||
1578 | newsid = tsec->create_sid; | ||
1579 | |||
1504 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1580 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1505 | ad.u.fs.path.dentry = dentry; | 1581 | ad.u.fs.path.dentry = dentry; |
1506 | 1582 | ||
1507 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, | 1583 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
1508 | DIR__ADD_NAME | DIR__SEARCH, | 1584 | DIR__ADD_NAME | DIR__SEARCH, |
1509 | &ad); | 1585 | &ad); |
1510 | if (rc) | 1586 | if (rc) |
1511 | return rc; | 1587 | return rc; |
1512 | 1588 | ||
1513 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 1589 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
1514 | newsid = tsec->create_sid; | 1590 | rc = security_transition_sid(sid, dsec->sid, tclass, &newsid); |
1515 | } else { | ||
1516 | rc = security_transition_sid(tsec->sid, dsec->sid, tclass, | ||
1517 | &newsid); | ||
1518 | if (rc) | 1591 | if (rc) |
1519 | return rc; | 1592 | return rc; |
1520 | } | 1593 | } |
1521 | 1594 | ||
1522 | rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); | 1595 | rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); |
1523 | if (rc) | 1596 | if (rc) |
1524 | return rc; | 1597 | return rc; |
1525 | 1598 | ||
@@ -1532,11 +1605,9 @@ static int may_create(struct inode *dir, | |||
1532 | static int may_create_key(u32 ksid, | 1605 | static int may_create_key(u32 ksid, |
1533 | struct task_struct *ctx) | 1606 | struct task_struct *ctx) |
1534 | { | 1607 | { |
1535 | struct task_security_struct *tsec; | 1608 | u32 sid = task_sid(ctx); |
1536 | 1609 | ||
1537 | tsec = ctx->security; | 1610 | return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); |
1538 | |||
1539 | return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); | ||
1540 | } | 1611 | } |
1541 | 1612 | ||
1542 | #define MAY_LINK 0 | 1613 | #define MAY_LINK 0 |
@@ -1549,13 +1620,12 @@ static int may_link(struct inode *dir, | |||
1549 | int kind) | 1620 | int kind) |
1550 | 1621 | ||
1551 | { | 1622 | { |
1552 | struct task_security_struct *tsec; | ||
1553 | struct inode_security_struct *dsec, *isec; | 1623 | struct inode_security_struct *dsec, *isec; |
1554 | struct avc_audit_data ad; | 1624 | struct avc_audit_data ad; |
1625 | u32 sid = current_sid(); | ||
1555 | u32 av; | 1626 | u32 av; |
1556 | int rc; | 1627 | int rc; |
1557 | 1628 | ||
1558 | tsec = current->security; | ||
1559 | dsec = dir->i_security; | 1629 | dsec = dir->i_security; |
1560 | isec = dentry->d_inode->i_security; | 1630 | isec = dentry->d_inode->i_security; |
1561 | 1631 | ||
@@ -1564,7 +1634,7 @@ static int may_link(struct inode *dir, | |||
1564 | 1634 | ||
1565 | av = DIR__SEARCH; | 1635 | av = DIR__SEARCH; |
1566 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); | 1636 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
1567 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); | 1637 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); |
1568 | if (rc) | 1638 | if (rc) |
1569 | return rc; | 1639 | return rc; |
1570 | 1640 | ||
@@ -1584,7 +1654,7 @@ static int may_link(struct inode *dir, | |||
1584 | return 0; | 1654 | return 0; |
1585 | } | 1655 | } |
1586 | 1656 | ||
1587 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); | 1657 | rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); |
1588 | return rc; | 1658 | return rc; |
1589 | } | 1659 | } |
1590 | 1660 | ||
@@ -1593,14 +1663,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1593 | struct inode *new_dir, | 1663 | struct inode *new_dir, |
1594 | struct dentry *new_dentry) | 1664 | struct dentry *new_dentry) |
1595 | { | 1665 | { |
1596 | struct task_security_struct *tsec; | ||
1597 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1666 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
1598 | struct avc_audit_data ad; | 1667 | struct avc_audit_data ad; |
1668 | u32 sid = current_sid(); | ||
1599 | u32 av; | 1669 | u32 av; |
1600 | int old_is_dir, new_is_dir; | 1670 | int old_is_dir, new_is_dir; |
1601 | int rc; | 1671 | int rc; |
1602 | 1672 | ||
1603 | tsec = current->security; | ||
1604 | old_dsec = old_dir->i_security; | 1673 | old_dsec = old_dir->i_security; |
1605 | old_isec = old_dentry->d_inode->i_security; | 1674 | old_isec = old_dentry->d_inode->i_security; |
1606 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1675 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
@@ -1609,16 +1678,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1609 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1678 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1610 | 1679 | ||
1611 | ad.u.fs.path.dentry = old_dentry; | 1680 | ad.u.fs.path.dentry = old_dentry; |
1612 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, | 1681 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
1613 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); | 1682 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
1614 | if (rc) | 1683 | if (rc) |
1615 | return rc; | 1684 | return rc; |
1616 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1685 | rc = avc_has_perm(sid, old_isec->sid, |
1617 | old_isec->sclass, FILE__RENAME, &ad); | 1686 | old_isec->sclass, FILE__RENAME, &ad); |
1618 | if (rc) | 1687 | if (rc) |
1619 | return rc; | 1688 | return rc; |
1620 | if (old_is_dir && new_dir != old_dir) { | 1689 | if (old_is_dir && new_dir != old_dir) { |
1621 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1690 | rc = avc_has_perm(sid, old_isec->sid, |
1622 | old_isec->sclass, DIR__REPARENT, &ad); | 1691 | old_isec->sclass, DIR__REPARENT, &ad); |
1623 | if (rc) | 1692 | if (rc) |
1624 | return rc; | 1693 | return rc; |
@@ -1628,13 +1697,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1628 | av = DIR__ADD_NAME | DIR__SEARCH; | 1697 | av = DIR__ADD_NAME | DIR__SEARCH; |
1629 | if (new_dentry->d_inode) | 1698 | if (new_dentry->d_inode) |
1630 | av |= DIR__REMOVE_NAME; | 1699 | av |= DIR__REMOVE_NAME; |
1631 | rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); | 1700 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); |
1632 | if (rc) | 1701 | if (rc) |
1633 | return rc; | 1702 | return rc; |
1634 | if (new_dentry->d_inode) { | 1703 | if (new_dentry->d_inode) { |
1635 | new_isec = new_dentry->d_inode->i_security; | 1704 | new_isec = new_dentry->d_inode->i_security; |
1636 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); | 1705 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); |
1637 | rc = avc_has_perm(tsec->sid, new_isec->sid, | 1706 | rc = avc_has_perm(sid, new_isec->sid, |
1638 | new_isec->sclass, | 1707 | new_isec->sclass, |
1639 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); | 1708 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); |
1640 | if (rc) | 1709 | if (rc) |
@@ -1645,18 +1714,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1645 | } | 1714 | } |
1646 | 1715 | ||
1647 | /* Check whether a task can perform a filesystem operation. */ | 1716 | /* Check whether a task can perform a filesystem operation. */ |
1648 | static int superblock_has_perm(struct task_struct *tsk, | 1717 | static int superblock_has_perm(const struct cred *cred, |
1649 | struct super_block *sb, | 1718 | struct super_block *sb, |
1650 | u32 perms, | 1719 | u32 perms, |
1651 | struct avc_audit_data *ad) | 1720 | struct avc_audit_data *ad) |
1652 | { | 1721 | { |
1653 | struct task_security_struct *tsec; | ||
1654 | struct superblock_security_struct *sbsec; | 1722 | struct superblock_security_struct *sbsec; |
1723 | u32 sid = cred_sid(cred); | ||
1655 | 1724 | ||
1656 | tsec = tsk->security; | ||
1657 | sbsec = sb->s_security; | 1725 | sbsec = sb->s_security; |
1658 | return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 1726 | return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); |
1659 | perms, ad); | ||
1660 | } | 1727 | } |
1661 | 1728 | ||
1662 | /* Convert a Linux mode and permission mask to an access vector. */ | 1729 | /* Convert a Linux mode and permission mask to an access vector. */ |
@@ -1687,15 +1754,39 @@ static inline u32 file_mask_to_av(int mode, int mask) | |||
1687 | return av; | 1754 | return av; |
1688 | } | 1755 | } |
1689 | 1756 | ||
1757 | /* Convert a Linux file to an access vector. */ | ||
1758 | static inline u32 file_to_av(struct file *file) | ||
1759 | { | ||
1760 | u32 av = 0; | ||
1761 | |||
1762 | if (file->f_mode & FMODE_READ) | ||
1763 | av |= FILE__READ; | ||
1764 | if (file->f_mode & FMODE_WRITE) { | ||
1765 | if (file->f_flags & O_APPEND) | ||
1766 | av |= FILE__APPEND; | ||
1767 | else | ||
1768 | av |= FILE__WRITE; | ||
1769 | } | ||
1770 | if (!av) { | ||
1771 | /* | ||
1772 | * Special file opened with flags 3 for ioctl-only use. | ||
1773 | */ | ||
1774 | av = FILE__IOCTL; | ||
1775 | } | ||
1776 | |||
1777 | return av; | ||
1778 | } | ||
1779 | |||
1690 | /* | 1780 | /* |
1691 | * Convert a file mask to an access vector and include the correct open | 1781 | * Convert a file to an access vector and include the correct open |
1692 | * open permission. | 1782 | * open permission. |
1693 | */ | 1783 | */ |
1694 | static inline u32 open_file_mask_to_av(int mode, int mask) | 1784 | static inline u32 open_file_to_av(struct file *file) |
1695 | { | 1785 | { |
1696 | u32 av = file_mask_to_av(mode, mask); | 1786 | u32 av = file_to_av(file); |
1697 | 1787 | ||
1698 | if (selinux_policycap_openperm) { | 1788 | if (selinux_policycap_openperm) { |
1789 | mode_t mode = file->f_path.dentry->d_inode->i_mode; | ||
1699 | /* | 1790 | /* |
1700 | * lnk files and socks do not really have an 'open' | 1791 | * lnk files and socks do not really have an 'open' |
1701 | */ | 1792 | */ |
@@ -1711,34 +1802,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask) | |||
1711 | av |= DIR__OPEN; | 1802 | av |= DIR__OPEN; |
1712 | else | 1803 | else |
1713 | printk(KERN_ERR "SELinux: WARNING: inside %s with " | 1804 | printk(KERN_ERR "SELinux: WARNING: inside %s with " |
1714 | "unknown mode:%x\n", __func__, mode); | 1805 | "unknown mode:%o\n", __func__, mode); |
1715 | } | 1806 | } |
1716 | return av; | 1807 | return av; |
1717 | } | 1808 | } |
1718 | 1809 | ||
1719 | /* Convert a Linux file to an access vector. */ | ||
1720 | static inline u32 file_to_av(struct file *file) | ||
1721 | { | ||
1722 | u32 av = 0; | ||
1723 | |||
1724 | if (file->f_mode & FMODE_READ) | ||
1725 | av |= FILE__READ; | ||
1726 | if (file->f_mode & FMODE_WRITE) { | ||
1727 | if (file->f_flags & O_APPEND) | ||
1728 | av |= FILE__APPEND; | ||
1729 | else | ||
1730 | av |= FILE__WRITE; | ||
1731 | } | ||
1732 | if (!av) { | ||
1733 | /* | ||
1734 | * Special file opened with flags 3 for ioctl-only use. | ||
1735 | */ | ||
1736 | av = FILE__IOCTL; | ||
1737 | } | ||
1738 | |||
1739 | return av; | ||
1740 | } | ||
1741 | |||
1742 | /* Hook functions begin here. */ | 1810 | /* Hook functions begin here. */ |
1743 | 1811 | ||
1744 | static int selinux_ptrace_may_access(struct task_struct *child, | 1812 | static int selinux_ptrace_may_access(struct task_struct *child, |
@@ -1751,13 +1819,12 @@ static int selinux_ptrace_may_access(struct task_struct *child, | |||
1751 | return rc; | 1819 | return rc; |
1752 | 1820 | ||
1753 | if (mode == PTRACE_MODE_READ) { | 1821 | if (mode == PTRACE_MODE_READ) { |
1754 | struct task_security_struct *tsec = current->security; | 1822 | u32 sid = current_sid(); |
1755 | struct task_security_struct *csec = child->security; | 1823 | u32 csid = task_sid(child); |
1756 | return avc_has_perm(tsec->sid, csec->sid, | 1824 | return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); |
1757 | SECCLASS_FILE, FILE__READ, NULL); | ||
1758 | } | 1825 | } |
1759 | 1826 | ||
1760 | return task_has_perm(current, child, PROCESS__PTRACE); | 1827 | return current_has_perm(child, PROCESS__PTRACE); |
1761 | } | 1828 | } |
1762 | 1829 | ||
1763 | static int selinux_ptrace_traceme(struct task_struct *parent) | 1830 | static int selinux_ptrace_traceme(struct task_struct *parent) |
@@ -1776,40 +1843,37 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, | |||
1776 | { | 1843 | { |
1777 | int error; | 1844 | int error; |
1778 | 1845 | ||
1779 | error = task_has_perm(current, target, PROCESS__GETCAP); | 1846 | error = current_has_perm(target, PROCESS__GETCAP); |
1780 | if (error) | 1847 | if (error) |
1781 | return error; | 1848 | return error; |
1782 | 1849 | ||
1783 | return secondary_ops->capget(target, effective, inheritable, permitted); | 1850 | return secondary_ops->capget(target, effective, inheritable, permitted); |
1784 | } | 1851 | } |
1785 | 1852 | ||
1786 | static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, | 1853 | static int selinux_capset(struct cred *new, const struct cred *old, |
1787 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1854 | const kernel_cap_t *effective, |
1855 | const kernel_cap_t *inheritable, | ||
1856 | const kernel_cap_t *permitted) | ||
1788 | { | 1857 | { |
1789 | int error; | 1858 | int error; |
1790 | 1859 | ||
1791 | error = secondary_ops->capset_check(target, effective, inheritable, permitted); | 1860 | error = secondary_ops->capset(new, old, |
1861 | effective, inheritable, permitted); | ||
1792 | if (error) | 1862 | if (error) |
1793 | return error; | 1863 | return error; |
1794 | 1864 | ||
1795 | return task_has_perm(current, target, PROCESS__SETCAP); | 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1796 | } | 1866 | } |
1797 | 1867 | ||
1798 | static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, | 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
1799 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
1800 | { | ||
1801 | secondary_ops->capset_set(target, effective, inheritable, permitted); | ||
1802 | } | ||
1803 | |||
1804 | static int selinux_capable(struct task_struct *tsk, int cap) | ||
1805 | { | 1869 | { |
1806 | int rc; | 1870 | int rc; |
1807 | 1871 | ||
1808 | rc = secondary_ops->capable(tsk, cap); | 1872 | rc = secondary_ops->capable(tsk, cap, audit); |
1809 | if (rc) | 1873 | if (rc) |
1810 | return rc; | 1874 | return rc; |
1811 | 1875 | ||
1812 | return task_has_capability(tsk, cap); | 1876 | return task_has_capability(tsk, cap, audit); |
1813 | } | 1877 | } |
1814 | 1878 | ||
1815 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -1857,15 +1921,14 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1857 | { | 1921 | { |
1858 | int error = 0; | 1922 | int error = 0; |
1859 | u32 av; | 1923 | u32 av; |
1860 | struct task_security_struct *tsec; | 1924 | u32 tsid, sid; |
1861 | u32 tsid; | ||
1862 | int rc; | 1925 | int rc; |
1863 | 1926 | ||
1864 | rc = secondary_ops->sysctl(table, op); | 1927 | rc = secondary_ops->sysctl(table, op); |
1865 | if (rc) | 1928 | if (rc) |
1866 | return rc; | 1929 | return rc; |
1867 | 1930 | ||
1868 | tsec = current->security; | 1931 | sid = current_sid(); |
1869 | 1932 | ||
1870 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? | 1933 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? |
1871 | SECCLASS_DIR : SECCLASS_FILE, &tsid); | 1934 | SECCLASS_DIR : SECCLASS_FILE, &tsid); |
@@ -1877,7 +1940,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1877 | /* The op values are "defined" in sysctl.c, thereby creating | 1940 | /* The op values are "defined" in sysctl.c, thereby creating |
1878 | * a bad coupling between this module and sysctl.c */ | 1941 | * a bad coupling between this module and sysctl.c */ |
1879 | if (op == 001) { | 1942 | if (op == 001) { |
1880 | error = avc_has_perm(tsec->sid, tsid, | 1943 | error = avc_has_perm(sid, tsid, |
1881 | SECCLASS_DIR, DIR__SEARCH, NULL); | 1944 | SECCLASS_DIR, DIR__SEARCH, NULL); |
1882 | } else { | 1945 | } else { |
1883 | av = 0; | 1946 | av = 0; |
@@ -1886,7 +1949,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1886 | if (op & 002) | 1949 | if (op & 002) |
1887 | av |= FILE__WRITE; | 1950 | av |= FILE__WRITE; |
1888 | if (av) | 1951 | if (av) |
1889 | error = avc_has_perm(tsec->sid, tsid, | 1952 | error = avc_has_perm(sid, tsid, |
1890 | SECCLASS_FILE, av, NULL); | 1953 | SECCLASS_FILE, av, NULL); |
1891 | } | 1954 | } |
1892 | 1955 | ||
@@ -1895,6 +1958,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1895 | 1958 | ||
1896 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | 1959 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) |
1897 | { | 1960 | { |
1961 | const struct cred *cred = current_cred(); | ||
1898 | int rc = 0; | 1962 | int rc = 0; |
1899 | 1963 | ||
1900 | if (!sb) | 1964 | if (!sb) |
@@ -1906,14 +1970,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1906 | case Q_QUOTAOFF: | 1970 | case Q_QUOTAOFF: |
1907 | case Q_SETINFO: | 1971 | case Q_SETINFO: |
1908 | case Q_SETQUOTA: | 1972 | case Q_SETQUOTA: |
1909 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, | 1973 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); |
1910 | NULL); | ||
1911 | break; | 1974 | break; |
1912 | case Q_GETFMT: | 1975 | case Q_GETFMT: |
1913 | case Q_GETINFO: | 1976 | case Q_GETINFO: |
1914 | case Q_GETQUOTA: | 1977 | case Q_GETQUOTA: |
1915 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, | 1978 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); |
1916 | NULL); | ||
1917 | break; | 1979 | break; |
1918 | default: | 1980 | default: |
1919 | rc = 0; /* let the kernel handle invalid cmds */ | 1981 | rc = 0; /* let the kernel handle invalid cmds */ |
@@ -1924,7 +1986,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1924 | 1986 | ||
1925 | static int selinux_quota_on(struct dentry *dentry) | 1987 | static int selinux_quota_on(struct dentry *dentry) |
1926 | { | 1988 | { |
1927 | return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); | 1989 | const struct cred *cred = current_cred(); |
1990 | |||
1991 | return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); | ||
1928 | } | 1992 | } |
1929 | 1993 | ||
1930 | static int selinux_syslog(int type) | 1994 | static int selinux_syslog(int type) |
@@ -1972,16 +2036,8 @@ static int selinux_syslog(int type) | |||
1972 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | 2036 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) |
1973 | { | 2037 | { |
1974 | int rc, cap_sys_admin = 0; | 2038 | int rc, cap_sys_admin = 0; |
1975 | struct task_security_struct *tsec = current->security; | ||
1976 | |||
1977 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN); | ||
1978 | if (rc == 0) | ||
1979 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
1980 | SECCLASS_CAPABILITY, | ||
1981 | CAP_TO_MASK(CAP_SYS_ADMIN), | ||
1982 | 0, | ||
1983 | NULL); | ||
1984 | 2039 | ||
2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | ||
1985 | if (rc == 0) | 2041 | if (rc == 0) |
1986 | cap_sys_admin = 1; | 2042 | cap_sys_admin = 1; |
1987 | 2043 | ||
@@ -1990,59 +2046,45 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
1990 | 2046 | ||
1991 | /* binprm security operations */ | 2047 | /* binprm security operations */ |
1992 | 2048 | ||
1993 | static int selinux_bprm_alloc_security(struct linux_binprm *bprm) | 2049 | static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
1994 | { | ||
1995 | struct bprm_security_struct *bsec; | ||
1996 | |||
1997 | bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); | ||
1998 | if (!bsec) | ||
1999 | return -ENOMEM; | ||
2000 | |||
2001 | bsec->sid = SECINITSID_UNLABELED; | ||
2002 | bsec->set = 0; | ||
2003 | |||
2004 | bprm->security = bsec; | ||
2005 | return 0; | ||
2006 | } | ||
2007 | |||
2008 | static int selinux_bprm_set_security(struct linux_binprm *bprm) | ||
2009 | { | 2050 | { |
2010 | struct task_security_struct *tsec; | 2051 | const struct task_security_struct *old_tsec; |
2011 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 2052 | struct task_security_struct *new_tsec; |
2012 | struct inode_security_struct *isec; | 2053 | struct inode_security_struct *isec; |
2013 | struct bprm_security_struct *bsec; | ||
2014 | u32 newsid; | ||
2015 | struct avc_audit_data ad; | 2054 | struct avc_audit_data ad; |
2055 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | ||
2016 | int rc; | 2056 | int rc; |
2017 | 2057 | ||
2018 | rc = secondary_ops->bprm_set_security(bprm); | 2058 | rc = secondary_ops->bprm_set_creds(bprm); |
2019 | if (rc) | 2059 | if (rc) |
2020 | return rc; | 2060 | return rc; |
2021 | 2061 | ||
2022 | bsec = bprm->security; | 2062 | /* SELinux context only depends on initial program or script and not |
2023 | 2063 | * the script interpreter */ | |
2024 | if (bsec->set) | 2064 | if (bprm->cred_prepared) |
2025 | return 0; | 2065 | return 0; |
2026 | 2066 | ||
2027 | tsec = current->security; | 2067 | old_tsec = current_security(); |
2068 | new_tsec = bprm->cred->security; | ||
2028 | isec = inode->i_security; | 2069 | isec = inode->i_security; |
2029 | 2070 | ||
2030 | /* Default to the current task SID. */ | 2071 | /* Default to the current task SID. */ |
2031 | bsec->sid = tsec->sid; | 2072 | new_tsec->sid = old_tsec->sid; |
2073 | new_tsec->osid = old_tsec->sid; | ||
2032 | 2074 | ||
2033 | /* Reset fs, key, and sock SIDs on execve. */ | 2075 | /* Reset fs, key, and sock SIDs on execve. */ |
2034 | tsec->create_sid = 0; | 2076 | new_tsec->create_sid = 0; |
2035 | tsec->keycreate_sid = 0; | 2077 | new_tsec->keycreate_sid = 0; |
2036 | tsec->sockcreate_sid = 0; | 2078 | new_tsec->sockcreate_sid = 0; |
2037 | 2079 | ||
2038 | if (tsec->exec_sid) { | 2080 | if (old_tsec->exec_sid) { |
2039 | newsid = tsec->exec_sid; | 2081 | new_tsec->sid = old_tsec->exec_sid; |
2040 | /* Reset exec SID on execve. */ | 2082 | /* Reset exec SID on execve. */ |
2041 | tsec->exec_sid = 0; | 2083 | new_tsec->exec_sid = 0; |
2042 | } else { | 2084 | } else { |
2043 | /* Check for a default transition on this program. */ | 2085 | /* Check for a default transition on this program. */ |
2044 | rc = security_transition_sid(tsec->sid, isec->sid, | 2086 | rc = security_transition_sid(old_tsec->sid, isec->sid, |
2045 | SECCLASS_PROCESS, &newsid); | 2087 | SECCLASS_PROCESS, &new_tsec->sid); |
2046 | if (rc) | 2088 | if (rc) |
2047 | return rc; | 2089 | return rc; |
2048 | } | 2090 | } |
@@ -2051,33 +2093,63 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) | |||
2051 | ad.u.fs.path = bprm->file->f_path; | 2093 | ad.u.fs.path = bprm->file->f_path; |
2052 | 2094 | ||
2053 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 2095 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
2054 | newsid = tsec->sid; | 2096 | new_tsec->sid = old_tsec->sid; |
2055 | 2097 | ||
2056 | if (tsec->sid == newsid) { | 2098 | if (new_tsec->sid == old_tsec->sid) { |
2057 | rc = avc_has_perm(tsec->sid, isec->sid, | 2099 | rc = avc_has_perm(old_tsec->sid, isec->sid, |
2058 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); | 2100 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); |
2059 | if (rc) | 2101 | if (rc) |
2060 | return rc; | 2102 | return rc; |
2061 | } else { | 2103 | } else { |
2062 | /* Check permissions for the transition. */ | 2104 | /* Check permissions for the transition. */ |
2063 | rc = avc_has_perm(tsec->sid, newsid, | 2105 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
2064 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); | 2106 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); |
2065 | if (rc) | 2107 | if (rc) |
2066 | return rc; | 2108 | return rc; |
2067 | 2109 | ||
2068 | rc = avc_has_perm(newsid, isec->sid, | 2110 | rc = avc_has_perm(new_tsec->sid, isec->sid, |
2069 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); | 2111 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); |
2070 | if (rc) | 2112 | if (rc) |
2071 | return rc; | 2113 | return rc; |
2072 | 2114 | ||
2073 | /* Clear any possibly unsafe personality bits on exec: */ | 2115 | /* Check for shared state */ |
2074 | current->personality &= ~PER_CLEAR_ON_SETID; | 2116 | if (bprm->unsafe & LSM_UNSAFE_SHARE) { |
2117 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, | ||
2118 | SECCLASS_PROCESS, PROCESS__SHARE, | ||
2119 | NULL); | ||
2120 | if (rc) | ||
2121 | return -EPERM; | ||
2122 | } | ||
2123 | |||
2124 | /* Make sure that anyone attempting to ptrace over a task that | ||
2125 | * changes its SID has the appropriate permit */ | ||
2126 | if (bprm->unsafe & | ||
2127 | (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2128 | struct task_struct *tracer; | ||
2129 | struct task_security_struct *sec; | ||
2130 | u32 ptsid = 0; | ||
2075 | 2131 | ||
2076 | /* Set the security field to the new SID. */ | 2132 | rcu_read_lock(); |
2077 | bsec->sid = newsid; | 2133 | tracer = tracehook_tracer_task(current); |
2134 | if (likely(tracer != NULL)) { | ||
2135 | sec = __task_cred(tracer)->security; | ||
2136 | ptsid = sec->sid; | ||
2137 | } | ||
2138 | rcu_read_unlock(); | ||
2139 | |||
2140 | if (ptsid != 0) { | ||
2141 | rc = avc_has_perm(ptsid, new_tsec->sid, | ||
2142 | SECCLASS_PROCESS, | ||
2143 | PROCESS__PTRACE, NULL); | ||
2144 | if (rc) | ||
2145 | return -EPERM; | ||
2146 | } | ||
2147 | } | ||
2148 | |||
2149 | /* Clear any possibly unsafe personality bits on exec: */ | ||
2150 | bprm->per_clear |= PER_CLEAR_ON_SETID; | ||
2078 | } | 2151 | } |
2079 | 2152 | ||
2080 | bsec->set = 1; | ||
2081 | return 0; | 2153 | return 0; |
2082 | } | 2154 | } |
2083 | 2155 | ||
@@ -2086,35 +2158,34 @@ static int selinux_bprm_check_security(struct linux_binprm *bprm) | |||
2086 | return secondary_ops->bprm_check_security(bprm); | 2158 | return secondary_ops->bprm_check_security(bprm); |
2087 | } | 2159 | } |
2088 | 2160 | ||
2089 | |||
2090 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | 2161 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) |
2091 | { | 2162 | { |
2092 | struct task_security_struct *tsec = current->security; | 2163 | const struct cred *cred = current_cred(); |
2164 | const struct task_security_struct *tsec = cred->security; | ||
2165 | u32 sid, osid; | ||
2093 | int atsecure = 0; | 2166 | int atsecure = 0; |
2094 | 2167 | ||
2095 | if (tsec->osid != tsec->sid) { | 2168 | sid = tsec->sid; |
2169 | osid = tsec->osid; | ||
2170 | |||
2171 | if (osid != sid) { | ||
2096 | /* Enable secure mode for SIDs transitions unless | 2172 | /* Enable secure mode for SIDs transitions unless |
2097 | the noatsecure permission is granted between | 2173 | the noatsecure permission is granted between |
2098 | the two SIDs, i.e. ahp returns 0. */ | 2174 | the two SIDs, i.e. ahp returns 0. */ |
2099 | atsecure = avc_has_perm(tsec->osid, tsec->sid, | 2175 | atsecure = avc_has_perm(osid, sid, |
2100 | SECCLASS_PROCESS, | 2176 | SECCLASS_PROCESS, |
2101 | PROCESS__NOATSECURE, NULL); | 2177 | PROCESS__NOATSECURE, NULL); |
2102 | } | 2178 | } |
2103 | 2179 | ||
2104 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); | 2180 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); |
2105 | } | 2181 | } |
2106 | 2182 | ||
2107 | static void selinux_bprm_free_security(struct linux_binprm *bprm) | ||
2108 | { | ||
2109 | kfree(bprm->security); | ||
2110 | bprm->security = NULL; | ||
2111 | } | ||
2112 | |||
2113 | extern struct vfsmount *selinuxfs_mount; | 2183 | extern struct vfsmount *selinuxfs_mount; |
2114 | extern struct dentry *selinux_null; | 2184 | extern struct dentry *selinux_null; |
2115 | 2185 | ||
2116 | /* Derived from fs/exec.c:flush_old_files. */ | 2186 | /* Derived from fs/exec.c:flush_old_files. */ |
2117 | static inline void flush_unauthorized_files(struct files_struct *files) | 2187 | static inline void flush_unauthorized_files(const struct cred *cred, |
2188 | struct files_struct *files) | ||
2118 | { | 2189 | { |
2119 | struct avc_audit_data ad; | 2190 | struct avc_audit_data ad; |
2120 | struct file *file, *devnull = NULL; | 2191 | struct file *file, *devnull = NULL; |
@@ -2136,7 +2207,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2136 | interested in the inode-based check here. */ | 2207 | interested in the inode-based check here. */ |
2137 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); | 2208 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
2138 | inode = file->f_path.dentry->d_inode; | 2209 | inode = file->f_path.dentry->d_inode; |
2139 | if (inode_has_perm(current, inode, | 2210 | if (inode_has_perm(cred, inode, |
2140 | FILE__READ | FILE__WRITE, NULL)) { | 2211 | FILE__READ | FILE__WRITE, NULL)) { |
2141 | drop_tty = 1; | 2212 | drop_tty = 1; |
2142 | } | 2213 | } |
@@ -2171,7 +2242,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2171 | file = fget(i); | 2242 | file = fget(i); |
2172 | if (!file) | 2243 | if (!file) |
2173 | continue; | 2244 | continue; |
2174 | if (file_has_perm(current, | 2245 | if (file_has_perm(cred, |
2175 | file, | 2246 | file, |
2176 | file_to_av(file))) { | 2247 | file_to_av(file))) { |
2177 | sys_close(i); | 2248 | sys_close(i); |
@@ -2185,7 +2256,10 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2185 | if (devnull) { | 2256 | if (devnull) { |
2186 | get_file(devnull); | 2257 | get_file(devnull); |
2187 | } else { | 2258 | } else { |
2188 | devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); | 2259 | devnull = dentry_open( |
2260 | dget(selinux_null), | ||
2261 | mntget(selinuxfs_mount), | ||
2262 | O_RDWR, cred); | ||
2189 | if (IS_ERR(devnull)) { | 2263 | if (IS_ERR(devnull)) { |
2190 | devnull = NULL; | 2264 | devnull = NULL; |
2191 | put_unused_fd(fd); | 2265 | put_unused_fd(fd); |
@@ -2204,94 +2278,78 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2204 | spin_unlock(&files->file_lock); | 2278 | spin_unlock(&files->file_lock); |
2205 | } | 2279 | } |
2206 | 2280 | ||
2207 | static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | 2281 | /* |
2282 | * Prepare a process for imminent new credential changes due to exec | ||
2283 | */ | ||
2284 | static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | ||
2208 | { | 2285 | { |
2209 | struct task_security_struct *tsec; | 2286 | struct task_security_struct *new_tsec; |
2210 | struct bprm_security_struct *bsec; | 2287 | struct rlimit *rlim, *initrlim; |
2211 | u32 sid; | 2288 | int rc, i; |
2212 | int rc; | ||
2213 | |||
2214 | secondary_ops->bprm_apply_creds(bprm, unsafe); | ||
2215 | |||
2216 | tsec = current->security; | ||
2217 | 2289 | ||
2218 | bsec = bprm->security; | 2290 | secondary_ops->bprm_committing_creds(bprm); |
2219 | sid = bsec->sid; | ||
2220 | 2291 | ||
2221 | tsec->osid = tsec->sid; | 2292 | new_tsec = bprm->cred->security; |
2222 | bsec->unsafe = 0; | 2293 | if (new_tsec->sid == new_tsec->osid) |
2223 | if (tsec->sid != sid) { | 2294 | return; |
2224 | /* Check for shared state. If not ok, leave SID | ||
2225 | unchanged and kill. */ | ||
2226 | if (unsafe & LSM_UNSAFE_SHARE) { | ||
2227 | rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | ||
2228 | PROCESS__SHARE, NULL); | ||
2229 | if (rc) { | ||
2230 | bsec->unsafe = 1; | ||
2231 | return; | ||
2232 | } | ||
2233 | } | ||
2234 | 2295 | ||
2235 | /* Check for ptracing, and update the task SID if ok. | 2296 | /* Close files for which the new task SID is not authorized. */ |
2236 | Otherwise, leave SID unchanged and kill. */ | 2297 | flush_unauthorized_files(bprm->cred, current->files); |
2237 | if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2238 | struct task_struct *tracer; | ||
2239 | struct task_security_struct *sec; | ||
2240 | u32 ptsid = 0; | ||
2241 | 2298 | ||
2242 | rcu_read_lock(); | 2299 | /* Always clear parent death signal on SID transitions. */ |
2243 | tracer = tracehook_tracer_task(current); | 2300 | current->pdeath_signal = 0; |
2244 | if (likely(tracer != NULL)) { | ||
2245 | sec = tracer->security; | ||
2246 | ptsid = sec->sid; | ||
2247 | } | ||
2248 | rcu_read_unlock(); | ||
2249 | 2301 | ||
2250 | if (ptsid != 0) { | 2302 | /* Check whether the new SID can inherit resource limits from the old |
2251 | rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, | 2303 | * SID. If not, reset all soft limits to the lower of the current |
2252 | PROCESS__PTRACE, NULL); | 2304 | * task's hard limit and the init task's soft limit. |
2253 | if (rc) { | 2305 | * |
2254 | bsec->unsafe = 1; | 2306 | * Note that the setting of hard limits (even to lower them) can be |
2255 | return; | 2307 | * controlled by the setrlimit check. The inclusion of the init task's |
2256 | } | 2308 | * soft limit into the computation is to avoid resetting soft limits |
2257 | } | 2309 | * higher than the default soft limit for cases where the default is |
2310 | * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. | ||
2311 | */ | ||
2312 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | ||
2313 | PROCESS__RLIMITINH, NULL); | ||
2314 | if (rc) { | ||
2315 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2316 | rlim = current->signal->rlim + i; | ||
2317 | initrlim = init_task.signal->rlim + i; | ||
2318 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2258 | } | 2319 | } |
2259 | tsec->sid = sid; | 2320 | update_rlimit_cpu(rlim->rlim_cur); |
2260 | } | 2321 | } |
2261 | } | 2322 | } |
2262 | 2323 | ||
2263 | /* | 2324 | /* |
2264 | * called after apply_creds without the task lock held | 2325 | * Clean up the process immediately after the installation of new credentials |
2326 | * due to exec | ||
2265 | */ | 2327 | */ |
2266 | static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | 2328 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) |
2267 | { | 2329 | { |
2268 | struct task_security_struct *tsec; | 2330 | const struct task_security_struct *tsec = current_security(); |
2269 | struct rlimit *rlim, *initrlim; | ||
2270 | struct itimerval itimer; | 2331 | struct itimerval itimer; |
2271 | struct bprm_security_struct *bsec; | 2332 | struct sighand_struct *psig; |
2333 | u32 osid, sid; | ||
2272 | int rc, i; | 2334 | int rc, i; |
2335 | unsigned long flags; | ||
2273 | 2336 | ||
2274 | tsec = current->security; | 2337 | secondary_ops->bprm_committed_creds(bprm); |
2275 | bsec = bprm->security; | ||
2276 | 2338 | ||
2277 | if (bsec->unsafe) { | 2339 | osid = tsec->osid; |
2278 | force_sig_specific(SIGKILL, current); | 2340 | sid = tsec->sid; |
2279 | return; | 2341 | |
2280 | } | 2342 | if (sid == osid) |
2281 | if (tsec->osid == tsec->sid) | ||
2282 | return; | 2343 | return; |
2283 | 2344 | ||
2284 | /* Close files for which the new task SID is not authorized. */ | 2345 | /* Check whether the new SID can inherit signal state from the old SID. |
2285 | flush_unauthorized_files(current->files); | 2346 | * If not, clear itimers to avoid subsequent signal generation and |
2286 | 2347 | * flush and unblock signals. | |
2287 | /* Check whether the new SID can inherit signal state | 2348 | * |
2288 | from the old SID. If not, clear itimers to avoid | 2349 | * This must occur _after_ the task SID has been updated so that any |
2289 | subsequent signal generation and flush and unblock | 2350 | * kill done after the flush will be checked against the new SID. |
2290 | signals. This must occur _after_ the task SID has | 2351 | */ |
2291 | been updated so that any kill done after the flush | 2352 | rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); |
2292 | will be checked against the new SID. */ | ||
2293 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2294 | PROCESS__SIGINH, NULL); | ||
2295 | if (rc) { | 2353 | if (rc) { |
2296 | memset(&itimer, 0, sizeof itimer); | 2354 | memset(&itimer, 0, sizeof itimer); |
2297 | for (i = 0; i < 3; i++) | 2355 | for (i = 0; i < 3; i++) |
@@ -2304,33 +2362,14 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
2304 | spin_unlock_irq(¤t->sighand->siglock); | 2362 | spin_unlock_irq(¤t->sighand->siglock); |
2305 | } | 2363 | } |
2306 | 2364 | ||
2307 | /* Always clear parent death signal on SID transitions. */ | 2365 | /* Wake up the parent if it is waiting so that it can recheck |
2308 | current->pdeath_signal = 0; | 2366 | * wait permission to the new task SID. */ |
2309 | 2367 | read_lock_irq(&tasklist_lock); | |
2310 | /* Check whether the new SID can inherit resource limits | 2368 | psig = current->parent->sighand; |
2311 | from the old SID. If not, reset all soft limits to | 2369 | spin_lock_irqsave(&psig->siglock, flags); |
2312 | the lower of the current task's hard limit and the init | ||
2313 | task's soft limit. Note that the setting of hard limits | ||
2314 | (even to lower them) can be controlled by the setrlimit | ||
2315 | check. The inclusion of the init task's soft limit into | ||
2316 | the computation is to avoid resetting soft limits higher | ||
2317 | than the default soft limit for cases where the default | ||
2318 | is lower than the hard limit, e.g. RLIMIT_CORE or | ||
2319 | RLIMIT_STACK.*/ | ||
2320 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2321 | PROCESS__RLIMITINH, NULL); | ||
2322 | if (rc) { | ||
2323 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2324 | rlim = current->signal->rlim + i; | ||
2325 | initrlim = init_task.signal->rlim+i; | ||
2326 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2327 | } | ||
2328 | update_rlimit_cpu(rlim->rlim_cur); | ||
2329 | } | ||
2330 | |||
2331 | /* Wake up the parent if it is waiting so that it can | ||
2332 | recheck wait permission to the new task SID. */ | ||
2333 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); | 2370 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); |
2371 | spin_unlock_irqrestore(&psig->siglock, flags); | ||
2372 | read_unlock_irq(&tasklist_lock); | ||
2334 | } | 2373 | } |
2335 | 2374 | ||
2336 | /* superblock security operations */ | 2375 | /* superblock security operations */ |
@@ -2435,8 +2474,9 @@ out: | |||
2435 | return rc; | 2474 | return rc; |
2436 | } | 2475 | } |
2437 | 2476 | ||
2438 | static int selinux_sb_kern_mount(struct super_block *sb, void *data) | 2477 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) |
2439 | { | 2478 | { |
2479 | const struct cred *cred = current_cred(); | ||
2440 | struct avc_audit_data ad; | 2480 | struct avc_audit_data ad; |
2441 | int rc; | 2481 | int rc; |
2442 | 2482 | ||
@@ -2444,18 +2484,23 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data) | |||
2444 | if (rc) | 2484 | if (rc) |
2445 | return rc; | 2485 | return rc; |
2446 | 2486 | ||
2487 | /* Allow all mounts performed by the kernel */ | ||
2488 | if (flags & MS_KERNMOUNT) | ||
2489 | return 0; | ||
2490 | |||
2447 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2491 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2448 | ad.u.fs.path.dentry = sb->s_root; | 2492 | ad.u.fs.path.dentry = sb->s_root; |
2449 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); | 2493 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
2450 | } | 2494 | } |
2451 | 2495 | ||
2452 | static int selinux_sb_statfs(struct dentry *dentry) | 2496 | static int selinux_sb_statfs(struct dentry *dentry) |
2453 | { | 2497 | { |
2498 | const struct cred *cred = current_cred(); | ||
2454 | struct avc_audit_data ad; | 2499 | struct avc_audit_data ad; |
2455 | 2500 | ||
2456 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2501 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2457 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2502 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
2458 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2503 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2459 | } | 2504 | } |
2460 | 2505 | ||
2461 | static int selinux_mount(char *dev_name, | 2506 | static int selinux_mount(char *dev_name, |
@@ -2464,6 +2509,7 @@ static int selinux_mount(char *dev_name, | |||
2464 | unsigned long flags, | 2509 | unsigned long flags, |
2465 | void *data) | 2510 | void *data) |
2466 | { | 2511 | { |
2512 | const struct cred *cred = current_cred(); | ||
2467 | int rc; | 2513 | int rc; |
2468 | 2514 | ||
2469 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); | 2515 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); |
@@ -2471,22 +2517,23 @@ static int selinux_mount(char *dev_name, | |||
2471 | return rc; | 2517 | return rc; |
2472 | 2518 | ||
2473 | if (flags & MS_REMOUNT) | 2519 | if (flags & MS_REMOUNT) |
2474 | return superblock_has_perm(current, path->mnt->mnt_sb, | 2520 | return superblock_has_perm(cred, path->mnt->mnt_sb, |
2475 | FILESYSTEM__REMOUNT, NULL); | 2521 | FILESYSTEM__REMOUNT, NULL); |
2476 | else | 2522 | else |
2477 | return dentry_has_perm(current, path->mnt, path->dentry, | 2523 | return dentry_has_perm(cred, path->mnt, path->dentry, |
2478 | FILE__MOUNTON); | 2524 | FILE__MOUNTON); |
2479 | } | 2525 | } |
2480 | 2526 | ||
2481 | static int selinux_umount(struct vfsmount *mnt, int flags) | 2527 | static int selinux_umount(struct vfsmount *mnt, int flags) |
2482 | { | 2528 | { |
2529 | const struct cred *cred = current_cred(); | ||
2483 | int rc; | 2530 | int rc; |
2484 | 2531 | ||
2485 | rc = secondary_ops->sb_umount(mnt, flags); | 2532 | rc = secondary_ops->sb_umount(mnt, flags); |
2486 | if (rc) | 2533 | if (rc) |
2487 | return rc; | 2534 | return rc; |
2488 | 2535 | ||
2489 | return superblock_has_perm(current, mnt->mnt_sb, | 2536 | return superblock_has_perm(cred, mnt->mnt_sb, |
2490 | FILESYSTEM__UNMOUNT, NULL); | 2537 | FILESYSTEM__UNMOUNT, NULL); |
2491 | } | 2538 | } |
2492 | 2539 | ||
@@ -2506,21 +2553,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2506 | char **name, void **value, | 2553 | char **name, void **value, |
2507 | size_t *len) | 2554 | size_t *len) |
2508 | { | 2555 | { |
2509 | struct task_security_struct *tsec; | 2556 | const struct cred *cred = current_cred(); |
2557 | const struct task_security_struct *tsec = cred->security; | ||
2510 | struct inode_security_struct *dsec; | 2558 | struct inode_security_struct *dsec; |
2511 | struct superblock_security_struct *sbsec; | 2559 | struct superblock_security_struct *sbsec; |
2512 | u32 newsid, clen; | 2560 | u32 sid, newsid, clen; |
2513 | int rc; | 2561 | int rc; |
2514 | char *namep = NULL, *context; | 2562 | char *namep = NULL, *context; |
2515 | 2563 | ||
2516 | tsec = current->security; | ||
2517 | dsec = dir->i_security; | 2564 | dsec = dir->i_security; |
2518 | sbsec = dir->i_sb->s_security; | 2565 | sbsec = dir->i_sb->s_security; |
2519 | 2566 | ||
2520 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 2567 | sid = tsec->sid; |
2521 | newsid = tsec->create_sid; | 2568 | newsid = tsec->create_sid; |
2522 | } else { | 2569 | |
2523 | rc = security_transition_sid(tsec->sid, dsec->sid, | 2570 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
2571 | rc = security_transition_sid(sid, dsec->sid, | ||
2524 | inode_mode_to_security_class(inode->i_mode), | 2572 | inode_mode_to_security_class(inode->i_mode), |
2525 | &newsid); | 2573 | &newsid); |
2526 | if (rc) { | 2574 | if (rc) { |
@@ -2623,21 +2671,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent | |||
2623 | 2671 | ||
2624 | static int selinux_inode_readlink(struct dentry *dentry) | 2672 | static int selinux_inode_readlink(struct dentry *dentry) |
2625 | { | 2673 | { |
2626 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2674 | const struct cred *cred = current_cred(); |
2675 | |||
2676 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); | ||
2627 | } | 2677 | } |
2628 | 2678 | ||
2629 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) | 2679 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) |
2630 | { | 2680 | { |
2681 | const struct cred *cred = current_cred(); | ||
2631 | int rc; | 2682 | int rc; |
2632 | 2683 | ||
2633 | rc = secondary_ops->inode_follow_link(dentry, nameidata); | 2684 | rc = secondary_ops->inode_follow_link(dentry, nameidata); |
2634 | if (rc) | 2685 | if (rc) |
2635 | return rc; | 2686 | return rc; |
2636 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2687 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); |
2637 | } | 2688 | } |
2638 | 2689 | ||
2639 | static int selinux_inode_permission(struct inode *inode, int mask) | 2690 | static int selinux_inode_permission(struct inode *inode, int mask) |
2640 | { | 2691 | { |
2692 | const struct cred *cred = current_cred(); | ||
2641 | int rc; | 2693 | int rc; |
2642 | 2694 | ||
2643 | rc = secondary_ops->inode_permission(inode, mask); | 2695 | rc = secondary_ops->inode_permission(inode, mask); |
@@ -2649,12 +2701,13 @@ static int selinux_inode_permission(struct inode *inode, int mask) | |||
2649 | return 0; | 2701 | return 0; |
2650 | } | 2702 | } |
2651 | 2703 | ||
2652 | return inode_has_perm(current, inode, | 2704 | return inode_has_perm(cred, inode, |
2653 | open_file_mask_to_av(inode->i_mode, mask), NULL); | 2705 | file_mask_to_av(inode->i_mode, mask), NULL); |
2654 | } | 2706 | } |
2655 | 2707 | ||
2656 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 2708 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
2657 | { | 2709 | { |
2710 | const struct cred *cred = current_cred(); | ||
2658 | int rc; | 2711 | int rc; |
2659 | 2712 | ||
2660 | rc = secondary_ops->inode_setattr(dentry, iattr); | 2713 | rc = secondary_ops->inode_setattr(dentry, iattr); |
@@ -2666,18 +2719,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
2666 | 2719 | ||
2667 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | | 2720 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | |
2668 | ATTR_ATIME_SET | ATTR_MTIME_SET)) | 2721 | ATTR_ATIME_SET | ATTR_MTIME_SET)) |
2669 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2722 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2670 | 2723 | ||
2671 | return dentry_has_perm(current, NULL, dentry, FILE__WRITE); | 2724 | return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); |
2672 | } | 2725 | } |
2673 | 2726 | ||
2674 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 2727 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
2675 | { | 2728 | { |
2676 | return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); | 2729 | const struct cred *cred = current_cred(); |
2730 | |||
2731 | return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); | ||
2677 | } | 2732 | } |
2678 | 2733 | ||
2679 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | 2734 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) |
2680 | { | 2735 | { |
2736 | const struct cred *cred = current_cred(); | ||
2737 | |||
2681 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 2738 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
2682 | sizeof XATTR_SECURITY_PREFIX - 1)) { | 2739 | sizeof XATTR_SECURITY_PREFIX - 1)) { |
2683 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 2740 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
@@ -2692,18 +2749,17 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | |||
2692 | 2749 | ||
2693 | /* Not an attribute we recognize, so just check the | 2750 | /* Not an attribute we recognize, so just check the |
2694 | ordinary setattr permission. */ | 2751 | ordinary setattr permission. */ |
2695 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2752 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2696 | } | 2753 | } |
2697 | 2754 | ||
2698 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | 2755 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, |
2699 | const void *value, size_t size, int flags) | 2756 | const void *value, size_t size, int flags) |
2700 | { | 2757 | { |
2701 | struct task_security_struct *tsec = current->security; | ||
2702 | struct inode *inode = dentry->d_inode; | 2758 | struct inode *inode = dentry->d_inode; |
2703 | struct inode_security_struct *isec = inode->i_security; | 2759 | struct inode_security_struct *isec = inode->i_security; |
2704 | struct superblock_security_struct *sbsec; | 2760 | struct superblock_security_struct *sbsec; |
2705 | struct avc_audit_data ad; | 2761 | struct avc_audit_data ad; |
2706 | u32 newsid; | 2762 | u32 newsid, sid = current_sid(); |
2707 | int rc = 0; | 2763 | int rc = 0; |
2708 | 2764 | ||
2709 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2765 | if (strcmp(name, XATTR_NAME_SELINUX)) |
@@ -2719,7 +2775,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2719 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2775 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2720 | ad.u.fs.path.dentry = dentry; | 2776 | ad.u.fs.path.dentry = dentry; |
2721 | 2777 | ||
2722 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, | 2778 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
2723 | FILE__RELABELFROM, &ad); | 2779 | FILE__RELABELFROM, &ad); |
2724 | if (rc) | 2780 | if (rc) |
2725 | return rc; | 2781 | return rc; |
@@ -2733,12 +2789,12 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2733 | if (rc) | 2789 | if (rc) |
2734 | return rc; | 2790 | return rc; |
2735 | 2791 | ||
2736 | rc = avc_has_perm(tsec->sid, newsid, isec->sclass, | 2792 | rc = avc_has_perm(sid, newsid, isec->sclass, |
2737 | FILE__RELABELTO, &ad); | 2793 | FILE__RELABELTO, &ad); |
2738 | if (rc) | 2794 | if (rc) |
2739 | return rc; | 2795 | return rc; |
2740 | 2796 | ||
2741 | rc = security_validate_transition(isec->sid, newsid, tsec->sid, | 2797 | rc = security_validate_transition(isec->sid, newsid, sid, |
2742 | isec->sclass); | 2798 | isec->sclass); |
2743 | if (rc) | 2799 | if (rc) |
2744 | return rc; | 2800 | return rc; |
@@ -2778,12 +2834,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
2778 | 2834 | ||
2779 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) | 2835 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) |
2780 | { | 2836 | { |
2781 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2837 | const struct cred *cred = current_cred(); |
2838 | |||
2839 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2782 | } | 2840 | } |
2783 | 2841 | ||
2784 | static int selinux_inode_listxattr(struct dentry *dentry) | 2842 | static int selinux_inode_listxattr(struct dentry *dentry) |
2785 | { | 2843 | { |
2786 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2844 | const struct cred *cred = current_cred(); |
2845 | |||
2846 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2787 | } | 2847 | } |
2788 | 2848 | ||
2789 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) | 2849 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) |
@@ -2806,7 +2866,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2806 | u32 size; | 2866 | u32 size; |
2807 | int error; | 2867 | int error; |
2808 | char *context = NULL; | 2868 | char *context = NULL; |
2809 | struct task_security_struct *tsec = current->security; | ||
2810 | struct inode_security_struct *isec = inode->i_security; | 2869 | struct inode_security_struct *isec = inode->i_security; |
2811 | 2870 | ||
2812 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2871 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
@@ -2821,13 +2880,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2821 | * and lack of permission just means that we fall back to the | 2880 | * and lack of permission just means that we fall back to the |
2822 | * in-core context value, not a denial. | 2881 | * in-core context value, not a denial. |
2823 | */ | 2882 | */ |
2824 | error = secondary_ops->capable(current, CAP_MAC_ADMIN); | 2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2825 | if (!error) | ||
2826 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
2827 | SECCLASS_CAPABILITY2, | ||
2828 | CAPABILITY2__MAC_ADMIN, | ||
2829 | 0, | ||
2830 | NULL); | ||
2831 | if (!error) | 2884 | if (!error) |
2832 | error = security_sid_to_context_force(isec->sid, &context, | 2885 | error = security_sid_to_context_force(isec->sid, &context, |
2833 | &size); | 2886 | &size); |
@@ -2894,6 +2947,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | |||
2894 | 2947 | ||
2895 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2948 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
2896 | { | 2949 | { |
2950 | const struct cred *cred = current_cred(); | ||
2897 | int rc; | 2951 | int rc; |
2898 | struct inode *inode = file->f_path.dentry->d_inode; | 2952 | struct inode *inode = file->f_path.dentry->d_inode; |
2899 | 2953 | ||
@@ -2906,7 +2960,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2906 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) | 2960 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
2907 | mask |= MAY_APPEND; | 2961 | mask |= MAY_APPEND; |
2908 | 2962 | ||
2909 | rc = file_has_perm(current, file, | 2963 | rc = file_has_perm(cred, file, |
2910 | file_mask_to_av(inode->i_mode, mask)); | 2964 | file_mask_to_av(inode->i_mode, mask)); |
2911 | if (rc) | 2965 | if (rc) |
2912 | return rc; | 2966 | return rc; |
@@ -2917,16 +2971,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2917 | static int selinux_file_permission(struct file *file, int mask) | 2971 | static int selinux_file_permission(struct file *file, int mask) |
2918 | { | 2972 | { |
2919 | struct inode *inode = file->f_path.dentry->d_inode; | 2973 | struct inode *inode = file->f_path.dentry->d_inode; |
2920 | struct task_security_struct *tsec = current->security; | ||
2921 | struct file_security_struct *fsec = file->f_security; | 2974 | struct file_security_struct *fsec = file->f_security; |
2922 | struct inode_security_struct *isec = inode->i_security; | 2975 | struct inode_security_struct *isec = inode->i_security; |
2976 | u32 sid = current_sid(); | ||
2923 | 2977 | ||
2924 | if (!mask) { | 2978 | if (!mask) { |
2925 | /* No permission to check. Existence test. */ | 2979 | /* No permission to check. Existence test. */ |
2926 | return 0; | 2980 | return 0; |
2927 | } | 2981 | } |
2928 | 2982 | ||
2929 | if (tsec->sid == fsec->sid && fsec->isid == isec->sid | 2983 | if (sid == fsec->sid && fsec->isid == isec->sid |
2930 | && fsec->pseqno == avc_policy_seqno()) | 2984 | && fsec->pseqno == avc_policy_seqno()) |
2931 | return selinux_netlbl_inode_permission(inode, mask); | 2985 | return selinux_netlbl_inode_permission(inode, mask); |
2932 | 2986 | ||
@@ -2946,6 +3000,7 @@ static void selinux_file_free_security(struct file *file) | |||
2946 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 3000 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2947 | unsigned long arg) | 3001 | unsigned long arg) |
2948 | { | 3002 | { |
3003 | const struct cred *cred = current_cred(); | ||
2949 | u32 av = 0; | 3004 | u32 av = 0; |
2950 | 3005 | ||
2951 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 3006 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
@@ -2955,11 +3010,14 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, | |||
2955 | if (!av) | 3010 | if (!av) |
2956 | av = FILE__IOCTL; | 3011 | av = FILE__IOCTL; |
2957 | 3012 | ||
2958 | return file_has_perm(current, file, av); | 3013 | return file_has_perm(cred, file, av); |
2959 | } | 3014 | } |
2960 | 3015 | ||
2961 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 3016 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |
2962 | { | 3017 | { |
3018 | const struct cred *cred = current_cred(); | ||
3019 | int rc = 0; | ||
3020 | |||
2963 | #ifndef CONFIG_PPC32 | 3021 | #ifndef CONFIG_PPC32 |
2964 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { | 3022 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { |
2965 | /* | 3023 | /* |
@@ -2967,9 +3025,9 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2967 | * private file mapping that will also be writable. | 3025 | * private file mapping that will also be writable. |
2968 | * This has an additional check. | 3026 | * This has an additional check. |
2969 | */ | 3027 | */ |
2970 | int rc = task_has_perm(current, current, PROCESS__EXECMEM); | 3028 | rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); |
2971 | if (rc) | 3029 | if (rc) |
2972 | return rc; | 3030 | goto error; |
2973 | } | 3031 | } |
2974 | #endif | 3032 | #endif |
2975 | 3033 | ||
@@ -2984,9 +3042,11 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2984 | if (prot & PROT_EXEC) | 3042 | if (prot & PROT_EXEC) |
2985 | av |= FILE__EXECUTE; | 3043 | av |= FILE__EXECUTE; |
2986 | 3044 | ||
2987 | return file_has_perm(current, file, av); | 3045 | return file_has_perm(cred, file, av); |
2988 | } | 3046 | } |
2989 | return 0; | 3047 | |
3048 | error: | ||
3049 | return rc; | ||
2990 | } | 3050 | } |
2991 | 3051 | ||
2992 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3052 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, |
@@ -2994,7 +3054,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
2994 | unsigned long addr, unsigned long addr_only) | 3054 | unsigned long addr, unsigned long addr_only) |
2995 | { | 3055 | { |
2996 | int rc = 0; | 3056 | int rc = 0; |
2997 | u32 sid = ((struct task_security_struct *)(current->security))->sid; | 3057 | u32 sid = current_sid(); |
2998 | 3058 | ||
2999 | if (addr < mmap_min_addr) | 3059 | if (addr < mmap_min_addr) |
3000 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, | 3060 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
@@ -3013,6 +3073,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3013 | unsigned long reqprot, | 3073 | unsigned long reqprot, |
3014 | unsigned long prot) | 3074 | unsigned long prot) |
3015 | { | 3075 | { |
3076 | const struct cred *cred = current_cred(); | ||
3016 | int rc; | 3077 | int rc; |
3017 | 3078 | ||
3018 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); | 3079 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); |
@@ -3027,12 +3088,11 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3027 | rc = 0; | 3088 | rc = 0; |
3028 | if (vma->vm_start >= vma->vm_mm->start_brk && | 3089 | if (vma->vm_start >= vma->vm_mm->start_brk && |
3029 | vma->vm_end <= vma->vm_mm->brk) { | 3090 | vma->vm_end <= vma->vm_mm->brk) { |
3030 | rc = task_has_perm(current, current, | 3091 | rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); |
3031 | PROCESS__EXECHEAP); | ||
3032 | } else if (!vma->vm_file && | 3092 | } else if (!vma->vm_file && |
3033 | vma->vm_start <= vma->vm_mm->start_stack && | 3093 | vma->vm_start <= vma->vm_mm->start_stack && |
3034 | vma->vm_end >= vma->vm_mm->start_stack) { | 3094 | vma->vm_end >= vma->vm_mm->start_stack) { |
3035 | rc = task_has_perm(current, current, PROCESS__EXECSTACK); | 3095 | rc = current_has_perm(current, PROCESS__EXECSTACK); |
3036 | } else if (vma->vm_file && vma->anon_vma) { | 3096 | } else if (vma->vm_file && vma->anon_vma) { |
3037 | /* | 3097 | /* |
3038 | * We are making executable a file mapping that has | 3098 | * We are making executable a file mapping that has |
@@ -3041,8 +3101,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3041 | * modified content. This typically should only | 3101 | * modified content. This typically should only |
3042 | * occur for text relocations. | 3102 | * occur for text relocations. |
3043 | */ | 3103 | */ |
3044 | rc = file_has_perm(current, vma->vm_file, | 3104 | rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); |
3045 | FILE__EXECMOD); | ||
3046 | } | 3105 | } |
3047 | if (rc) | 3106 | if (rc) |
3048 | return rc; | 3107 | return rc; |
@@ -3054,12 +3113,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3054 | 3113 | ||
3055 | static int selinux_file_lock(struct file *file, unsigned int cmd) | 3114 | static int selinux_file_lock(struct file *file, unsigned int cmd) |
3056 | { | 3115 | { |
3057 | return file_has_perm(current, file, FILE__LOCK); | 3116 | const struct cred *cred = current_cred(); |
3117 | |||
3118 | return file_has_perm(cred, file, FILE__LOCK); | ||
3058 | } | 3119 | } |
3059 | 3120 | ||
3060 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, | 3121 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, |
3061 | unsigned long arg) | 3122 | unsigned long arg) |
3062 | { | 3123 | { |
3124 | const struct cred *cred = current_cred(); | ||
3063 | int err = 0; | 3125 | int err = 0; |
3064 | 3126 | ||
3065 | switch (cmd) { | 3127 | switch (cmd) { |
@@ -3070,7 +3132,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3070 | } | 3132 | } |
3071 | 3133 | ||
3072 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { | 3134 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { |
3073 | err = file_has_perm(current, file, FILE__WRITE); | 3135 | err = file_has_perm(cred, file, FILE__WRITE); |
3074 | break; | 3136 | break; |
3075 | } | 3137 | } |
3076 | /* fall through */ | 3138 | /* fall through */ |
@@ -3080,7 +3142,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3080 | case F_GETOWN: | 3142 | case F_GETOWN: |
3081 | case F_GETSIG: | 3143 | case F_GETSIG: |
3082 | /* Just check FD__USE permission */ | 3144 | /* Just check FD__USE permission */ |
3083 | err = file_has_perm(current, file, 0); | 3145 | err = file_has_perm(cred, file, 0); |
3084 | break; | 3146 | break; |
3085 | case F_GETLK: | 3147 | case F_GETLK: |
3086 | case F_SETLK: | 3148 | case F_SETLK: |
@@ -3094,7 +3156,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3094 | err = -EINVAL; | 3156 | err = -EINVAL; |
3095 | break; | 3157 | break; |
3096 | } | 3158 | } |
3097 | err = file_has_perm(current, file, FILE__LOCK); | 3159 | err = file_has_perm(cred, file, FILE__LOCK); |
3098 | break; | 3160 | break; |
3099 | } | 3161 | } |
3100 | 3162 | ||
@@ -3103,12 +3165,10 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3103 | 3165 | ||
3104 | static int selinux_file_set_fowner(struct file *file) | 3166 | static int selinux_file_set_fowner(struct file *file) |
3105 | { | 3167 | { |
3106 | struct task_security_struct *tsec; | ||
3107 | struct file_security_struct *fsec; | 3168 | struct file_security_struct *fsec; |
3108 | 3169 | ||
3109 | tsec = current->security; | ||
3110 | fsec = file->f_security; | 3170 | fsec = file->f_security; |
3111 | fsec->fown_sid = tsec->sid; | 3171 | fsec->fown_sid = current_sid(); |
3112 | 3172 | ||
3113 | return 0; | 3173 | return 0; |
3114 | } | 3174 | } |
@@ -3117,14 +3177,13 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3117 | struct fown_struct *fown, int signum) | 3177 | struct fown_struct *fown, int signum) |
3118 | { | 3178 | { |
3119 | struct file *file; | 3179 | struct file *file; |
3180 | u32 sid = current_sid(); | ||
3120 | u32 perm; | 3181 | u32 perm; |
3121 | struct task_security_struct *tsec; | ||
3122 | struct file_security_struct *fsec; | 3182 | struct file_security_struct *fsec; |
3123 | 3183 | ||
3124 | /* struct fown_struct is never outside the context of a struct file */ | 3184 | /* struct fown_struct is never outside the context of a struct file */ |
3125 | file = container_of(fown, struct file, f_owner); | 3185 | file = container_of(fown, struct file, f_owner); |
3126 | 3186 | ||
3127 | tsec = tsk->security; | ||
3128 | fsec = file->f_security; | 3187 | fsec = file->f_security; |
3129 | 3188 | ||
3130 | if (!signum) | 3189 | if (!signum) |
@@ -3132,20 +3191,23 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3132 | else | 3191 | else |
3133 | perm = signal_to_av(signum); | 3192 | perm = signal_to_av(signum); |
3134 | 3193 | ||
3135 | return avc_has_perm(fsec->fown_sid, tsec->sid, | 3194 | return avc_has_perm(fsec->fown_sid, sid, |
3136 | SECCLASS_PROCESS, perm, NULL); | 3195 | SECCLASS_PROCESS, perm, NULL); |
3137 | } | 3196 | } |
3138 | 3197 | ||
3139 | static int selinux_file_receive(struct file *file) | 3198 | static int selinux_file_receive(struct file *file) |
3140 | { | 3199 | { |
3141 | return file_has_perm(current, file, file_to_av(file)); | 3200 | const struct cred *cred = current_cred(); |
3201 | |||
3202 | return file_has_perm(cred, file, file_to_av(file)); | ||
3142 | } | 3203 | } |
3143 | 3204 | ||
3144 | static int selinux_dentry_open(struct file *file) | 3205 | static int selinux_dentry_open(struct file *file, const struct cred *cred) |
3145 | { | 3206 | { |
3146 | struct file_security_struct *fsec; | 3207 | struct file_security_struct *fsec; |
3147 | struct inode *inode; | 3208 | struct inode *inode; |
3148 | struct inode_security_struct *isec; | 3209 | struct inode_security_struct *isec; |
3210 | |||
3149 | inode = file->f_path.dentry->d_inode; | 3211 | inode = file->f_path.dentry->d_inode; |
3150 | fsec = file->f_security; | 3212 | fsec = file->f_security; |
3151 | isec = inode->i_security; | 3213 | isec = inode->i_security; |
@@ -3166,7 +3228,7 @@ static int selinux_dentry_open(struct file *file) | |||
3166 | * new inode label or new policy. | 3228 | * new inode label or new policy. |
3167 | * This check is not redundant - do not remove. | 3229 | * This check is not redundant - do not remove. |
3168 | */ | 3230 | */ |
3169 | return inode_has_perm(current, inode, file_to_av(file), NULL); | 3231 | return inode_has_perm(cred, inode, open_file_to_av(file), NULL); |
3170 | } | 3232 | } |
3171 | 3233 | ||
3172 | /* task security operations */ | 3234 | /* task security operations */ |
@@ -3179,36 +3241,88 @@ static int selinux_task_create(unsigned long clone_flags) | |||
3179 | if (rc) | 3241 | if (rc) |
3180 | return rc; | 3242 | return rc; |
3181 | 3243 | ||
3182 | return task_has_perm(current, current, PROCESS__FORK); | 3244 | return current_has_perm(current, PROCESS__FORK); |
3183 | } | 3245 | } |
3184 | 3246 | ||
3185 | static int selinux_task_alloc_security(struct task_struct *tsk) | 3247 | /* |
3248 | * detach and free the LSM part of a set of credentials | ||
3249 | */ | ||
3250 | static void selinux_cred_free(struct cred *cred) | ||
3186 | { | 3251 | { |
3187 | struct task_security_struct *tsec1, *tsec2; | 3252 | struct task_security_struct *tsec = cred->security; |
3188 | int rc; | 3253 | cred->security = NULL; |
3189 | 3254 | kfree(tsec); | |
3190 | tsec1 = current->security; | 3255 | } |
3191 | 3256 | ||
3192 | rc = task_alloc_security(tsk); | 3257 | /* |
3193 | if (rc) | 3258 | * prepare a new set of credentials for modification |
3194 | return rc; | 3259 | */ |
3195 | tsec2 = tsk->security; | 3260 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, |
3261 | gfp_t gfp) | ||
3262 | { | ||
3263 | const struct task_security_struct *old_tsec; | ||
3264 | struct task_security_struct *tsec; | ||
3196 | 3265 | ||
3197 | tsec2->osid = tsec1->osid; | 3266 | old_tsec = old->security; |
3198 | tsec2->sid = tsec1->sid; | ||
3199 | 3267 | ||
3200 | /* Retain the exec, fs, key, and sock SIDs across fork */ | 3268 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); |
3201 | tsec2->exec_sid = tsec1->exec_sid; | 3269 | if (!tsec) |
3202 | tsec2->create_sid = tsec1->create_sid; | 3270 | return -ENOMEM; |
3203 | tsec2->keycreate_sid = tsec1->keycreate_sid; | ||
3204 | tsec2->sockcreate_sid = tsec1->sockcreate_sid; | ||
3205 | 3271 | ||
3272 | new->security = tsec; | ||
3206 | return 0; | 3273 | return 0; |
3207 | } | 3274 | } |
3208 | 3275 | ||
3209 | static void selinux_task_free_security(struct task_struct *tsk) | 3276 | /* |
3277 | * commit new credentials | ||
3278 | */ | ||
3279 | static void selinux_cred_commit(struct cred *new, const struct cred *old) | ||
3280 | { | ||
3281 | secondary_ops->cred_commit(new, old); | ||
3282 | } | ||
3283 | |||
3284 | /* | ||
3285 | * set the security data for a kernel service | ||
3286 | * - all the creation contexts are set to unlabelled | ||
3287 | */ | ||
3288 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | ||
3289 | { | ||
3290 | struct task_security_struct *tsec = new->security; | ||
3291 | u32 sid = current_sid(); | ||
3292 | int ret; | ||
3293 | |||
3294 | ret = avc_has_perm(sid, secid, | ||
3295 | SECCLASS_KERNEL_SERVICE, | ||
3296 | KERNEL_SERVICE__USE_AS_OVERRIDE, | ||
3297 | NULL); | ||
3298 | if (ret == 0) { | ||
3299 | tsec->sid = secid; | ||
3300 | tsec->create_sid = 0; | ||
3301 | tsec->keycreate_sid = 0; | ||
3302 | tsec->sockcreate_sid = 0; | ||
3303 | } | ||
3304 | return ret; | ||
3305 | } | ||
3306 | |||
3307 | /* | ||
3308 | * set the file creation context in a security record to the same as the | ||
3309 | * objective context of the specified inode | ||
3310 | */ | ||
3311 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
3210 | { | 3312 | { |
3211 | task_free_security(tsk); | 3313 | struct inode_security_struct *isec = inode->i_security; |
3314 | struct task_security_struct *tsec = new->security; | ||
3315 | u32 sid = current_sid(); | ||
3316 | int ret; | ||
3317 | |||
3318 | ret = avc_has_perm(sid, isec->sid, | ||
3319 | SECCLASS_KERNEL_SERVICE, | ||
3320 | KERNEL_SERVICE__CREATE_FILES_AS, | ||
3321 | NULL); | ||
3322 | |||
3323 | if (ret == 0) | ||
3324 | tsec->create_sid = isec->sid; | ||
3325 | return 0; | ||
3212 | } | 3326 | } |
3213 | 3327 | ||
3214 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3328 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -3222,9 +3336,10 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |||
3222 | return 0; | 3336 | return 0; |
3223 | } | 3337 | } |
3224 | 3338 | ||
3225 | static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3339 | static int selinux_task_fix_setuid(struct cred *new, const struct cred *old, |
3340 | int flags) | ||
3226 | { | 3341 | { |
3227 | return secondary_ops->task_post_setuid(id0, id1, id2, flags); | 3342 | return secondary_ops->task_fix_setuid(new, old, flags); |
3228 | } | 3343 | } |
3229 | 3344 | ||
3230 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 3345 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
@@ -3235,23 +3350,22 @@ static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |||
3235 | 3350 | ||
3236 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 3351 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
3237 | { | 3352 | { |
3238 | return task_has_perm(current, p, PROCESS__SETPGID); | 3353 | return current_has_perm(p, PROCESS__SETPGID); |
3239 | } | 3354 | } |
3240 | 3355 | ||
3241 | static int selinux_task_getpgid(struct task_struct *p) | 3356 | static int selinux_task_getpgid(struct task_struct *p) |
3242 | { | 3357 | { |
3243 | return task_has_perm(current, p, PROCESS__GETPGID); | 3358 | return current_has_perm(p, PROCESS__GETPGID); |
3244 | } | 3359 | } |
3245 | 3360 | ||
3246 | static int selinux_task_getsid(struct task_struct *p) | 3361 | static int selinux_task_getsid(struct task_struct *p) |
3247 | { | 3362 | { |
3248 | return task_has_perm(current, p, PROCESS__GETSESSION); | 3363 | return current_has_perm(p, PROCESS__GETSESSION); |
3249 | } | 3364 | } |
3250 | 3365 | ||
3251 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) | 3366 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) |
3252 | { | 3367 | { |
3253 | struct task_security_struct *tsec = p->security; | 3368 | *secid = task_sid(p); |
3254 | *secid = tsec->sid; | ||
3255 | } | 3369 | } |
3256 | 3370 | ||
3257 | static int selinux_task_setgroups(struct group_info *group_info) | 3371 | static int selinux_task_setgroups(struct group_info *group_info) |
@@ -3268,7 +3382,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice) | |||
3268 | if (rc) | 3382 | if (rc) |
3269 | return rc; | 3383 | return rc; |
3270 | 3384 | ||
3271 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3385 | return current_has_perm(p, PROCESS__SETSCHED); |
3272 | } | 3386 | } |
3273 | 3387 | ||
3274 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) | 3388 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) |
@@ -3279,12 +3393,12 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio) | |||
3279 | if (rc) | 3393 | if (rc) |
3280 | return rc; | 3394 | return rc; |
3281 | 3395 | ||
3282 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3396 | return current_has_perm(p, PROCESS__SETSCHED); |
3283 | } | 3397 | } |
3284 | 3398 | ||
3285 | static int selinux_task_getioprio(struct task_struct *p) | 3399 | static int selinux_task_getioprio(struct task_struct *p) |
3286 | { | 3400 | { |
3287 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3401 | return current_has_perm(p, PROCESS__GETSCHED); |
3288 | } | 3402 | } |
3289 | 3403 | ||
3290 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 3404 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) |
@@ -3299,9 +3413,9 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim | |||
3299 | /* Control the ability to change the hard limit (whether | 3413 | /* Control the ability to change the hard limit (whether |
3300 | lowering or raising it), so that the hard limit can | 3414 | lowering or raising it), so that the hard limit can |
3301 | later be used as a safe reset point for the soft limit | 3415 | later be used as a safe reset point for the soft limit |
3302 | upon context transitions. See selinux_bprm_apply_creds. */ | 3416 | upon context transitions. See selinux_bprm_committing_creds. */ |
3303 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3417 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
3304 | return task_has_perm(current, current, PROCESS__SETRLIMIT); | 3418 | return current_has_perm(current, PROCESS__SETRLIMIT); |
3305 | 3419 | ||
3306 | return 0; | 3420 | return 0; |
3307 | } | 3421 | } |
@@ -3314,17 +3428,17 @@ static int selinux_task_setscheduler(struct task_struct *p, int policy, struct s | |||
3314 | if (rc) | 3428 | if (rc) |
3315 | return rc; | 3429 | return rc; |
3316 | 3430 | ||
3317 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3431 | return current_has_perm(p, PROCESS__SETSCHED); |
3318 | } | 3432 | } |
3319 | 3433 | ||
3320 | static int selinux_task_getscheduler(struct task_struct *p) | 3434 | static int selinux_task_getscheduler(struct task_struct *p) |
3321 | { | 3435 | { |
3322 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3436 | return current_has_perm(p, PROCESS__GETSCHED); |
3323 | } | 3437 | } |
3324 | 3438 | ||
3325 | static int selinux_task_movememory(struct task_struct *p) | 3439 | static int selinux_task_movememory(struct task_struct *p) |
3326 | { | 3440 | { |
3327 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3441 | return current_has_perm(p, PROCESS__SETSCHED); |
3328 | } | 3442 | } |
3329 | 3443 | ||
3330 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | 3444 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
@@ -3332,7 +3446,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3332 | { | 3446 | { |
3333 | u32 perm; | 3447 | u32 perm; |
3334 | int rc; | 3448 | int rc; |
3335 | struct task_security_struct *tsec; | ||
3336 | 3449 | ||
3337 | rc = secondary_ops->task_kill(p, info, sig, secid); | 3450 | rc = secondary_ops->task_kill(p, info, sig, secid); |
3338 | if (rc) | 3451 | if (rc) |
@@ -3342,11 +3455,11 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3342 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3455 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
3343 | else | 3456 | else |
3344 | perm = signal_to_av(sig); | 3457 | perm = signal_to_av(sig); |
3345 | tsec = p->security; | ||
3346 | if (secid) | 3458 | if (secid) |
3347 | rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); | 3459 | rc = avc_has_perm(secid, task_sid(p), |
3460 | SECCLASS_PROCESS, perm, NULL); | ||
3348 | else | 3461 | else |
3349 | rc = task_has_perm(current, p, perm); | 3462 | rc = current_has_perm(p, perm); |
3350 | return rc; | 3463 | return rc; |
3351 | } | 3464 | } |
3352 | 3465 | ||
@@ -3354,13 +3467,12 @@ static int selinux_task_prctl(int option, | |||
3354 | unsigned long arg2, | 3467 | unsigned long arg2, |
3355 | unsigned long arg3, | 3468 | unsigned long arg3, |
3356 | unsigned long arg4, | 3469 | unsigned long arg4, |
3357 | unsigned long arg5, | 3470 | unsigned long arg5) |
3358 | long *rc_p) | ||
3359 | { | 3471 | { |
3360 | /* The current prctl operations do not appear to require | 3472 | /* The current prctl operations do not appear to require |
3361 | any SELinux controls since they merely observe or modify | 3473 | any SELinux controls since they merely observe or modify |
3362 | the state of the current process. */ | 3474 | the state of the current process. */ |
3363 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); | 3475 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
3364 | } | 3476 | } |
3365 | 3477 | ||
3366 | static int selinux_task_wait(struct task_struct *p) | 3478 | static int selinux_task_wait(struct task_struct *p) |
@@ -3368,27 +3480,14 @@ static int selinux_task_wait(struct task_struct *p) | |||
3368 | return task_has_perm(p, current, PROCESS__SIGCHLD); | 3480 | return task_has_perm(p, current, PROCESS__SIGCHLD); |
3369 | } | 3481 | } |
3370 | 3482 | ||
3371 | static void selinux_task_reparent_to_init(struct task_struct *p) | ||
3372 | { | ||
3373 | struct task_security_struct *tsec; | ||
3374 | |||
3375 | secondary_ops->task_reparent_to_init(p); | ||
3376 | |||
3377 | tsec = p->security; | ||
3378 | tsec->osid = tsec->sid; | ||
3379 | tsec->sid = SECINITSID_KERNEL; | ||
3380 | return; | ||
3381 | } | ||
3382 | |||
3383 | static void selinux_task_to_inode(struct task_struct *p, | 3483 | static void selinux_task_to_inode(struct task_struct *p, |
3384 | struct inode *inode) | 3484 | struct inode *inode) |
3385 | { | 3485 | { |
3386 | struct task_security_struct *tsec = p->security; | ||
3387 | struct inode_security_struct *isec = inode->i_security; | 3486 | struct inode_security_struct *isec = inode->i_security; |
3487 | u32 sid = task_sid(p); | ||
3388 | 3488 | ||
3389 | isec->sid = tsec->sid; | 3489 | isec->sid = sid; |
3390 | isec->initialized = 1; | 3490 | isec->initialized = 1; |
3391 | return; | ||
3392 | } | 3491 | } |
3393 | 3492 | ||
3394 | /* Returns error only if unable to parse addresses */ | 3493 | /* Returns error only if unable to parse addresses */ |
@@ -3627,19 +3726,19 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
3627 | u32 perms) | 3726 | u32 perms) |
3628 | { | 3727 | { |
3629 | struct inode_security_struct *isec; | 3728 | struct inode_security_struct *isec; |
3630 | struct task_security_struct *tsec; | ||
3631 | struct avc_audit_data ad; | 3729 | struct avc_audit_data ad; |
3730 | u32 sid; | ||
3632 | int err = 0; | 3731 | int err = 0; |
3633 | 3732 | ||
3634 | tsec = task->security; | ||
3635 | isec = SOCK_INODE(sock)->i_security; | 3733 | isec = SOCK_INODE(sock)->i_security; |
3636 | 3734 | ||
3637 | if (isec->sid == SECINITSID_KERNEL) | 3735 | if (isec->sid == SECINITSID_KERNEL) |
3638 | goto out; | 3736 | goto out; |
3737 | sid = task_sid(task); | ||
3639 | 3738 | ||
3640 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3739 | AVC_AUDIT_DATA_INIT(&ad, NET); |
3641 | ad.u.net.sk = sock->sk; | 3740 | ad.u.net.sk = sock->sk; |
3642 | err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 3741 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
3643 | 3742 | ||
3644 | out: | 3743 | out: |
3645 | return err; | 3744 | return err; |
@@ -3648,18 +3747,20 @@ out: | |||
3648 | static int selinux_socket_create(int family, int type, | 3747 | static int selinux_socket_create(int family, int type, |
3649 | int protocol, int kern) | 3748 | int protocol, int kern) |
3650 | { | 3749 | { |
3750 | const struct cred *cred = current_cred(); | ||
3751 | const struct task_security_struct *tsec = cred->security; | ||
3752 | u32 sid, newsid; | ||
3753 | u16 secclass; | ||
3651 | int err = 0; | 3754 | int err = 0; |
3652 | struct task_security_struct *tsec; | ||
3653 | u32 newsid; | ||
3654 | 3755 | ||
3655 | if (kern) | 3756 | if (kern) |
3656 | goto out; | 3757 | goto out; |
3657 | 3758 | ||
3658 | tsec = current->security; | 3759 | sid = tsec->sid; |
3659 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3760 | newsid = tsec->sockcreate_sid ?: sid; |
3660 | err = avc_has_perm(tsec->sid, newsid, | 3761 | |
3661 | socket_type_to_security_class(family, type, | 3762 | secclass = socket_type_to_security_class(family, type, protocol); |
3662 | protocol), SOCKET__CREATE, NULL); | 3763 | err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL); |
3663 | 3764 | ||
3664 | out: | 3765 | out: |
3665 | return err; | 3766 | return err; |
@@ -3668,18 +3769,26 @@ out: | |||
3668 | static int selinux_socket_post_create(struct socket *sock, int family, | 3769 | static int selinux_socket_post_create(struct socket *sock, int family, |
3669 | int type, int protocol, int kern) | 3770 | int type, int protocol, int kern) |
3670 | { | 3771 | { |
3671 | int err = 0; | 3772 | const struct cred *cred = current_cred(); |
3773 | const struct task_security_struct *tsec = cred->security; | ||
3672 | struct inode_security_struct *isec; | 3774 | struct inode_security_struct *isec; |
3673 | struct task_security_struct *tsec; | ||
3674 | struct sk_security_struct *sksec; | 3775 | struct sk_security_struct *sksec; |
3675 | u32 newsid; | 3776 | u32 sid, newsid; |
3777 | int err = 0; | ||
3778 | |||
3779 | sid = tsec->sid; | ||
3780 | newsid = tsec->sockcreate_sid; | ||
3676 | 3781 | ||
3677 | isec = SOCK_INODE(sock)->i_security; | 3782 | isec = SOCK_INODE(sock)->i_security; |
3678 | 3783 | ||
3679 | tsec = current->security; | 3784 | if (kern) |
3680 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3785 | isec->sid = SECINITSID_KERNEL; |
3786 | else if (newsid) | ||
3787 | isec->sid = newsid; | ||
3788 | else | ||
3789 | isec->sid = sid; | ||
3790 | |||
3681 | isec->sclass = socket_type_to_security_class(family, type, protocol); | 3791 | isec->sclass = socket_type_to_security_class(family, type, protocol); |
3682 | isec->sid = kern ? SECINITSID_KERNEL : newsid; | ||
3683 | isec->initialized = 1; | 3792 | isec->initialized = 1; |
3684 | 3793 | ||
3685 | if (sock->sk) { | 3794 | if (sock->sk) { |
@@ -3714,7 +3823,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3714 | if (family == PF_INET || family == PF_INET6) { | 3823 | if (family == PF_INET || family == PF_INET6) { |
3715 | char *addrp; | 3824 | char *addrp; |
3716 | struct inode_security_struct *isec; | 3825 | struct inode_security_struct *isec; |
3717 | struct task_security_struct *tsec; | ||
3718 | struct avc_audit_data ad; | 3826 | struct avc_audit_data ad; |
3719 | struct sockaddr_in *addr4 = NULL; | 3827 | struct sockaddr_in *addr4 = NULL; |
3720 | struct sockaddr_in6 *addr6 = NULL; | 3828 | struct sockaddr_in6 *addr6 = NULL; |
@@ -3722,7 +3830,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3722 | struct sock *sk = sock->sk; | 3830 | struct sock *sk = sock->sk; |
3723 | u32 sid, node_perm; | 3831 | u32 sid, node_perm; |
3724 | 3832 | ||
3725 | tsec = current->security; | ||
3726 | isec = SOCK_INODE(sock)->i_security; | 3833 | isec = SOCK_INODE(sock)->i_security; |
3727 | 3834 | ||
3728 | if (family == PF_INET) { | 3835 | if (family == PF_INET) { |
@@ -4387,7 +4494,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
4387 | "SELinux: unrecognized netlink message" | 4494 | "SELinux: unrecognized netlink message" |
4388 | " type=%hu for sclass=%hu\n", | 4495 | " type=%hu for sclass=%hu\n", |
4389 | nlh->nlmsg_type, isec->sclass); | 4496 | nlh->nlmsg_type, isec->sclass); |
4390 | if (!selinux_enforcing) | 4497 | if (!selinux_enforcing || security_get_allow_unknown()) |
4391 | err = 0; | 4498 | err = 0; |
4392 | } | 4499 | } |
4393 | 4500 | ||
@@ -4763,15 +4870,16 @@ static int ipc_alloc_security(struct task_struct *task, | |||
4763 | struct kern_ipc_perm *perm, | 4870 | struct kern_ipc_perm *perm, |
4764 | u16 sclass) | 4871 | u16 sclass) |
4765 | { | 4872 | { |
4766 | struct task_security_struct *tsec = task->security; | ||
4767 | struct ipc_security_struct *isec; | 4873 | struct ipc_security_struct *isec; |
4874 | u32 sid; | ||
4768 | 4875 | ||
4769 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | 4876 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); |
4770 | if (!isec) | 4877 | if (!isec) |
4771 | return -ENOMEM; | 4878 | return -ENOMEM; |
4772 | 4879 | ||
4880 | sid = task_sid(task); | ||
4773 | isec->sclass = sclass; | 4881 | isec->sclass = sclass; |
4774 | isec->sid = tsec->sid; | 4882 | isec->sid = sid; |
4775 | perm->security = isec; | 4883 | perm->security = isec; |
4776 | 4884 | ||
4777 | return 0; | 4885 | return 0; |
@@ -4809,17 +4917,16 @@ static void msg_msg_free_security(struct msg_msg *msg) | |||
4809 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 4917 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
4810 | u32 perms) | 4918 | u32 perms) |
4811 | { | 4919 | { |
4812 | struct task_security_struct *tsec; | ||
4813 | struct ipc_security_struct *isec; | 4920 | struct ipc_security_struct *isec; |
4814 | struct avc_audit_data ad; | 4921 | struct avc_audit_data ad; |
4922 | u32 sid = current_sid(); | ||
4815 | 4923 | ||
4816 | tsec = current->security; | ||
4817 | isec = ipc_perms->security; | 4924 | isec = ipc_perms->security; |
4818 | 4925 | ||
4819 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4926 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4820 | ad.u.ipc_id = ipc_perms->key; | 4927 | ad.u.ipc_id = ipc_perms->key; |
4821 | 4928 | ||
4822 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 4929 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
4823 | } | 4930 | } |
4824 | 4931 | ||
4825 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | 4932 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) |
@@ -4835,22 +4942,21 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
4835 | /* message queue security operations */ | 4942 | /* message queue security operations */ |
4836 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4943 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
4837 | { | 4944 | { |
4838 | struct task_security_struct *tsec; | ||
4839 | struct ipc_security_struct *isec; | 4945 | struct ipc_security_struct *isec; |
4840 | struct avc_audit_data ad; | 4946 | struct avc_audit_data ad; |
4947 | u32 sid = current_sid(); | ||
4841 | int rc; | 4948 | int rc; |
4842 | 4949 | ||
4843 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); | 4950 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); |
4844 | if (rc) | 4951 | if (rc) |
4845 | return rc; | 4952 | return rc; |
4846 | 4953 | ||
4847 | tsec = current->security; | ||
4848 | isec = msq->q_perm.security; | 4954 | isec = msq->q_perm.security; |
4849 | 4955 | ||
4850 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4956 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4851 | ad.u.ipc_id = msq->q_perm.key; | 4957 | ad.u.ipc_id = msq->q_perm.key; |
4852 | 4958 | ||
4853 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4959 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4854 | MSGQ__CREATE, &ad); | 4960 | MSGQ__CREATE, &ad); |
4855 | if (rc) { | 4961 | if (rc) { |
4856 | ipc_free_security(&msq->q_perm); | 4962 | ipc_free_security(&msq->q_perm); |
@@ -4866,17 +4972,16 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq) | |||
4866 | 4972 | ||
4867 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4973 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
4868 | { | 4974 | { |
4869 | struct task_security_struct *tsec; | ||
4870 | struct ipc_security_struct *isec; | 4975 | struct ipc_security_struct *isec; |
4871 | struct avc_audit_data ad; | 4976 | struct avc_audit_data ad; |
4977 | u32 sid = current_sid(); | ||
4872 | 4978 | ||
4873 | tsec = current->security; | ||
4874 | isec = msq->q_perm.security; | 4979 | isec = msq->q_perm.security; |
4875 | 4980 | ||
4876 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4981 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4877 | ad.u.ipc_id = msq->q_perm.key; | 4982 | ad.u.ipc_id = msq->q_perm.key; |
4878 | 4983 | ||
4879 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4984 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4880 | MSGQ__ASSOCIATE, &ad); | 4985 | MSGQ__ASSOCIATE, &ad); |
4881 | } | 4986 | } |
4882 | 4987 | ||
@@ -4910,13 +5015,12 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
4910 | 5015 | ||
4911 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) | 5016 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) |
4912 | { | 5017 | { |
4913 | struct task_security_struct *tsec; | ||
4914 | struct ipc_security_struct *isec; | 5018 | struct ipc_security_struct *isec; |
4915 | struct msg_security_struct *msec; | 5019 | struct msg_security_struct *msec; |
4916 | struct avc_audit_data ad; | 5020 | struct avc_audit_data ad; |
5021 | u32 sid = current_sid(); | ||
4917 | int rc; | 5022 | int rc; |
4918 | 5023 | ||
4919 | tsec = current->security; | ||
4920 | isec = msq->q_perm.security; | 5024 | isec = msq->q_perm.security; |
4921 | msec = msg->security; | 5025 | msec = msg->security; |
4922 | 5026 | ||
@@ -4928,9 +5032,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4928 | * Compute new sid based on current process and | 5032 | * Compute new sid based on current process and |
4929 | * message queue this message will be stored in | 5033 | * message queue this message will be stored in |
4930 | */ | 5034 | */ |
4931 | rc = security_transition_sid(tsec->sid, | 5035 | rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, |
4932 | isec->sid, | ||
4933 | SECCLASS_MSG, | ||
4934 | &msec->sid); | 5036 | &msec->sid); |
4935 | if (rc) | 5037 | if (rc) |
4936 | return rc; | 5038 | return rc; |
@@ -4940,16 +5042,16 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4940 | ad.u.ipc_id = msq->q_perm.key; | 5042 | ad.u.ipc_id = msq->q_perm.key; |
4941 | 5043 | ||
4942 | /* Can this process write to the queue? */ | 5044 | /* Can this process write to the queue? */ |
4943 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 5045 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4944 | MSGQ__WRITE, &ad); | 5046 | MSGQ__WRITE, &ad); |
4945 | if (!rc) | 5047 | if (!rc) |
4946 | /* Can this process send the message */ | 5048 | /* Can this process send the message */ |
4947 | rc = avc_has_perm(tsec->sid, msec->sid, | 5049 | rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, |
4948 | SECCLASS_MSG, MSG__SEND, &ad); | 5050 | MSG__SEND, &ad); |
4949 | if (!rc) | 5051 | if (!rc) |
4950 | /* Can the message be put in the queue? */ | 5052 | /* Can the message be put in the queue? */ |
4951 | rc = avc_has_perm(msec->sid, isec->sid, | 5053 | rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, |
4952 | SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); | 5054 | MSGQ__ENQUEUE, &ad); |
4953 | 5055 | ||
4954 | return rc; | 5056 | return rc; |
4955 | } | 5057 | } |
@@ -4958,23 +5060,22 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4958 | struct task_struct *target, | 5060 | struct task_struct *target, |
4959 | long type, int mode) | 5061 | long type, int mode) |
4960 | { | 5062 | { |
4961 | struct task_security_struct *tsec; | ||
4962 | struct ipc_security_struct *isec; | 5063 | struct ipc_security_struct *isec; |
4963 | struct msg_security_struct *msec; | 5064 | struct msg_security_struct *msec; |
4964 | struct avc_audit_data ad; | 5065 | struct avc_audit_data ad; |
5066 | u32 sid = task_sid(target); | ||
4965 | int rc; | 5067 | int rc; |
4966 | 5068 | ||
4967 | tsec = target->security; | ||
4968 | isec = msq->q_perm.security; | 5069 | isec = msq->q_perm.security; |
4969 | msec = msg->security; | 5070 | msec = msg->security; |
4970 | 5071 | ||
4971 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5072 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4972 | ad.u.ipc_id = msq->q_perm.key; | 5073 | ad.u.ipc_id = msq->q_perm.key; |
4973 | 5074 | ||
4974 | rc = avc_has_perm(tsec->sid, isec->sid, | 5075 | rc = avc_has_perm(sid, isec->sid, |
4975 | SECCLASS_MSGQ, MSGQ__READ, &ad); | 5076 | SECCLASS_MSGQ, MSGQ__READ, &ad); |
4976 | if (!rc) | 5077 | if (!rc) |
4977 | rc = avc_has_perm(tsec->sid, msec->sid, | 5078 | rc = avc_has_perm(sid, msec->sid, |
4978 | SECCLASS_MSG, MSG__RECEIVE, &ad); | 5079 | SECCLASS_MSG, MSG__RECEIVE, &ad); |
4979 | return rc; | 5080 | return rc; |
4980 | } | 5081 | } |
@@ -4982,22 +5083,21 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4982 | /* Shared Memory security operations */ | 5083 | /* Shared Memory security operations */ |
4983 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 5084 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
4984 | { | 5085 | { |
4985 | struct task_security_struct *tsec; | ||
4986 | struct ipc_security_struct *isec; | 5086 | struct ipc_security_struct *isec; |
4987 | struct avc_audit_data ad; | 5087 | struct avc_audit_data ad; |
5088 | u32 sid = current_sid(); | ||
4988 | int rc; | 5089 | int rc; |
4989 | 5090 | ||
4990 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); | 5091 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); |
4991 | if (rc) | 5092 | if (rc) |
4992 | return rc; | 5093 | return rc; |
4993 | 5094 | ||
4994 | tsec = current->security; | ||
4995 | isec = shp->shm_perm.security; | 5095 | isec = shp->shm_perm.security; |
4996 | 5096 | ||
4997 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5097 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4998 | ad.u.ipc_id = shp->shm_perm.key; | 5098 | ad.u.ipc_id = shp->shm_perm.key; |
4999 | 5099 | ||
5000 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5100 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5001 | SHM__CREATE, &ad); | 5101 | SHM__CREATE, &ad); |
5002 | if (rc) { | 5102 | if (rc) { |
5003 | ipc_free_security(&shp->shm_perm); | 5103 | ipc_free_security(&shp->shm_perm); |
@@ -5013,17 +5113,16 @@ static void selinux_shm_free_security(struct shmid_kernel *shp) | |||
5013 | 5113 | ||
5014 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 5114 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
5015 | { | 5115 | { |
5016 | struct task_security_struct *tsec; | ||
5017 | struct ipc_security_struct *isec; | 5116 | struct ipc_security_struct *isec; |
5018 | struct avc_audit_data ad; | 5117 | struct avc_audit_data ad; |
5118 | u32 sid = current_sid(); | ||
5019 | 5119 | ||
5020 | tsec = current->security; | ||
5021 | isec = shp->shm_perm.security; | 5120 | isec = shp->shm_perm.security; |
5022 | 5121 | ||
5023 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5122 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5024 | ad.u.ipc_id = shp->shm_perm.key; | 5123 | ad.u.ipc_id = shp->shm_perm.key; |
5025 | 5124 | ||
5026 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5125 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5027 | SHM__ASSOCIATE, &ad); | 5126 | SHM__ASSOCIATE, &ad); |
5028 | } | 5127 | } |
5029 | 5128 | ||
@@ -5081,22 +5180,21 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
5081 | /* Semaphore security operations */ | 5180 | /* Semaphore security operations */ |
5082 | static int selinux_sem_alloc_security(struct sem_array *sma) | 5181 | static int selinux_sem_alloc_security(struct sem_array *sma) |
5083 | { | 5182 | { |
5084 | struct task_security_struct *tsec; | ||
5085 | struct ipc_security_struct *isec; | 5183 | struct ipc_security_struct *isec; |
5086 | struct avc_audit_data ad; | 5184 | struct avc_audit_data ad; |
5185 | u32 sid = current_sid(); | ||
5087 | int rc; | 5186 | int rc; |
5088 | 5187 | ||
5089 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); | 5188 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); |
5090 | if (rc) | 5189 | if (rc) |
5091 | return rc; | 5190 | return rc; |
5092 | 5191 | ||
5093 | tsec = current->security; | ||
5094 | isec = sma->sem_perm.security; | 5192 | isec = sma->sem_perm.security; |
5095 | 5193 | ||
5096 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5194 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5097 | ad.u.ipc_id = sma->sem_perm.key; | 5195 | ad.u.ipc_id = sma->sem_perm.key; |
5098 | 5196 | ||
5099 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5197 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5100 | SEM__CREATE, &ad); | 5198 | SEM__CREATE, &ad); |
5101 | if (rc) { | 5199 | if (rc) { |
5102 | ipc_free_security(&sma->sem_perm); | 5200 | ipc_free_security(&sma->sem_perm); |
@@ -5112,17 +5210,16 @@ static void selinux_sem_free_security(struct sem_array *sma) | |||
5112 | 5210 | ||
5113 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 5211 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
5114 | { | 5212 | { |
5115 | struct task_security_struct *tsec; | ||
5116 | struct ipc_security_struct *isec; | 5213 | struct ipc_security_struct *isec; |
5117 | struct avc_audit_data ad; | 5214 | struct avc_audit_data ad; |
5215 | u32 sid = current_sid(); | ||
5118 | 5216 | ||
5119 | tsec = current->security; | ||
5120 | isec = sma->sem_perm.security; | 5217 | isec = sma->sem_perm.security; |
5121 | 5218 | ||
5122 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5219 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5123 | ad.u.ipc_id = sma->sem_perm.key; | 5220 | ad.u.ipc_id = sma->sem_perm.key; |
5124 | 5221 | ||
5125 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5222 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5126 | SEM__ASSOCIATE, &ad); | 5223 | SEM__ASSOCIATE, &ad); |
5127 | } | 5224 | } |
5128 | 5225 | ||
@@ -5212,33 +5309,35 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) | |||
5212 | static int selinux_getprocattr(struct task_struct *p, | 5309 | static int selinux_getprocattr(struct task_struct *p, |
5213 | char *name, char **value) | 5310 | char *name, char **value) |
5214 | { | 5311 | { |
5215 | struct task_security_struct *tsec; | 5312 | const struct task_security_struct *__tsec; |
5216 | u32 sid; | 5313 | u32 sid; |
5217 | int error; | 5314 | int error; |
5218 | unsigned len; | 5315 | unsigned len; |
5219 | 5316 | ||
5220 | if (current != p) { | 5317 | if (current != p) { |
5221 | error = task_has_perm(current, p, PROCESS__GETATTR); | 5318 | error = current_has_perm(p, PROCESS__GETATTR); |
5222 | if (error) | 5319 | if (error) |
5223 | return error; | 5320 | return error; |
5224 | } | 5321 | } |
5225 | 5322 | ||
5226 | tsec = p->security; | 5323 | rcu_read_lock(); |
5324 | __tsec = __task_cred(p)->security; | ||
5227 | 5325 | ||
5228 | if (!strcmp(name, "current")) | 5326 | if (!strcmp(name, "current")) |
5229 | sid = tsec->sid; | 5327 | sid = __tsec->sid; |
5230 | else if (!strcmp(name, "prev")) | 5328 | else if (!strcmp(name, "prev")) |
5231 | sid = tsec->osid; | 5329 | sid = __tsec->osid; |
5232 | else if (!strcmp(name, "exec")) | 5330 | else if (!strcmp(name, "exec")) |
5233 | sid = tsec->exec_sid; | 5331 | sid = __tsec->exec_sid; |
5234 | else if (!strcmp(name, "fscreate")) | 5332 | else if (!strcmp(name, "fscreate")) |
5235 | sid = tsec->create_sid; | 5333 | sid = __tsec->create_sid; |
5236 | else if (!strcmp(name, "keycreate")) | 5334 | else if (!strcmp(name, "keycreate")) |
5237 | sid = tsec->keycreate_sid; | 5335 | sid = __tsec->keycreate_sid; |
5238 | else if (!strcmp(name, "sockcreate")) | 5336 | else if (!strcmp(name, "sockcreate")) |
5239 | sid = tsec->sockcreate_sid; | 5337 | sid = __tsec->sockcreate_sid; |
5240 | else | 5338 | else |
5241 | return -EINVAL; | 5339 | goto invalid; |
5340 | rcu_read_unlock(); | ||
5242 | 5341 | ||
5243 | if (!sid) | 5342 | if (!sid) |
5244 | return 0; | 5343 | return 0; |
@@ -5247,6 +5346,10 @@ static int selinux_getprocattr(struct task_struct *p, | |||
5247 | if (error) | 5346 | if (error) |
5248 | return error; | 5347 | return error; |
5249 | return len; | 5348 | return len; |
5349 | |||
5350 | invalid: | ||
5351 | rcu_read_unlock(); | ||
5352 | return -EINVAL; | ||
5250 | } | 5353 | } |
5251 | 5354 | ||
5252 | static int selinux_setprocattr(struct task_struct *p, | 5355 | static int selinux_setprocattr(struct task_struct *p, |
@@ -5254,7 +5357,8 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5254 | { | 5357 | { |
5255 | struct task_security_struct *tsec; | 5358 | struct task_security_struct *tsec; |
5256 | struct task_struct *tracer; | 5359 | struct task_struct *tracer; |
5257 | u32 sid = 0; | 5360 | struct cred *new; |
5361 | u32 sid = 0, ptsid; | ||
5258 | int error; | 5362 | int error; |
5259 | char *str = value; | 5363 | char *str = value; |
5260 | 5364 | ||
@@ -5270,15 +5374,15 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5270 | * above restriction is ever removed. | 5374 | * above restriction is ever removed. |
5271 | */ | 5375 | */ |
5272 | if (!strcmp(name, "exec")) | 5376 | if (!strcmp(name, "exec")) |
5273 | error = task_has_perm(current, p, PROCESS__SETEXEC); | 5377 | error = current_has_perm(p, PROCESS__SETEXEC); |
5274 | else if (!strcmp(name, "fscreate")) | 5378 | else if (!strcmp(name, "fscreate")) |
5275 | error = task_has_perm(current, p, PROCESS__SETFSCREATE); | 5379 | error = current_has_perm(p, PROCESS__SETFSCREATE); |
5276 | else if (!strcmp(name, "keycreate")) | 5380 | else if (!strcmp(name, "keycreate")) |
5277 | error = task_has_perm(current, p, PROCESS__SETKEYCREATE); | 5381 | error = current_has_perm(p, PROCESS__SETKEYCREATE); |
5278 | else if (!strcmp(name, "sockcreate")) | 5382 | else if (!strcmp(name, "sockcreate")) |
5279 | error = task_has_perm(current, p, PROCESS__SETSOCKCREATE); | 5383 | error = current_has_perm(p, PROCESS__SETSOCKCREATE); |
5280 | else if (!strcmp(name, "current")) | 5384 | else if (!strcmp(name, "current")) |
5281 | error = task_has_perm(current, p, PROCESS__SETCURRENT); | 5385 | error = current_has_perm(p, PROCESS__SETCURRENT); |
5282 | else | 5386 | else |
5283 | error = -EINVAL; | 5387 | error = -EINVAL; |
5284 | if (error) | 5388 | if (error) |
@@ -5301,87 +5405,75 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5301 | return error; | 5405 | return error; |
5302 | } | 5406 | } |
5303 | 5407 | ||
5408 | new = prepare_creds(); | ||
5409 | if (!new) | ||
5410 | return -ENOMEM; | ||
5411 | |||
5304 | /* Permission checking based on the specified context is | 5412 | /* Permission checking based on the specified context is |
5305 | performed during the actual operation (execve, | 5413 | performed during the actual operation (execve, |
5306 | open/mkdir/...), when we know the full context of the | 5414 | open/mkdir/...), when we know the full context of the |
5307 | operation. See selinux_bprm_set_security for the execve | 5415 | operation. See selinux_bprm_set_creds for the execve |
5308 | checks and may_create for the file creation checks. The | 5416 | checks and may_create for the file creation checks. The |
5309 | operation will then fail if the context is not permitted. */ | 5417 | operation will then fail if the context is not permitted. */ |
5310 | tsec = p->security; | 5418 | tsec = new->security; |
5311 | if (!strcmp(name, "exec")) | 5419 | if (!strcmp(name, "exec")) { |
5312 | tsec->exec_sid = sid; | 5420 | tsec->exec_sid = sid; |
5313 | else if (!strcmp(name, "fscreate")) | 5421 | } else if (!strcmp(name, "fscreate")) { |
5314 | tsec->create_sid = sid; | 5422 | tsec->create_sid = sid; |
5315 | else if (!strcmp(name, "keycreate")) { | 5423 | } else if (!strcmp(name, "keycreate")) { |
5316 | error = may_create_key(sid, p); | 5424 | error = may_create_key(sid, p); |
5317 | if (error) | 5425 | if (error) |
5318 | return error; | 5426 | goto abort_change; |
5319 | tsec->keycreate_sid = sid; | 5427 | tsec->keycreate_sid = sid; |
5320 | } else if (!strcmp(name, "sockcreate")) | 5428 | } else if (!strcmp(name, "sockcreate")) { |
5321 | tsec->sockcreate_sid = sid; | 5429 | tsec->sockcreate_sid = sid; |
5322 | else if (!strcmp(name, "current")) { | 5430 | } else if (!strcmp(name, "current")) { |
5323 | struct av_decision avd; | 5431 | error = -EINVAL; |
5324 | |||
5325 | if (sid == 0) | 5432 | if (sid == 0) |
5326 | return -EINVAL; | 5433 | goto abort_change; |
5327 | /* | 5434 | |
5328 | * SELinux allows to change context in the following case only. | 5435 | /* Only allow single threaded processes to change context */ |
5329 | * - Single threaded processes. | 5436 | error = -EPERM; |
5330 | * - Multi threaded processes intend to change its context into | 5437 | if (!is_single_threaded(p)) { |
5331 | * more restricted domain (defined by TYPEBOUNDS statement). | 5438 | error = security_bounded_transition(tsec->sid, sid); |
5332 | */ | 5439 | if (error) |
5333 | if (atomic_read(&p->mm->mm_users) != 1) { | 5440 | goto abort_change; |
5334 | struct task_struct *g, *t; | ||
5335 | struct mm_struct *mm = p->mm; | ||
5336 | read_lock(&tasklist_lock); | ||
5337 | do_each_thread(g, t) { | ||
5338 | if (t->mm == mm && t != p) { | ||
5339 | read_unlock(&tasklist_lock); | ||
5340 | error = security_bounded_transition(tsec->sid, sid); | ||
5341 | if (!error) | ||
5342 | goto boundary_ok; | ||
5343 | |||
5344 | return error; | ||
5345 | } | ||
5346 | } while_each_thread(g, t); | ||
5347 | read_unlock(&tasklist_lock); | ||
5348 | } | 5441 | } |
5349 | boundary_ok: | ||
5350 | 5442 | ||
5351 | /* Check permissions for the transition. */ | 5443 | /* Check permissions for the transition. */ |
5352 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | 5444 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, |
5353 | PROCESS__DYNTRANSITION, NULL); | 5445 | PROCESS__DYNTRANSITION, NULL); |
5354 | if (error) | 5446 | if (error) |
5355 | return error; | 5447 | goto abort_change; |
5356 | 5448 | ||
5357 | /* Check for ptracing, and update the task SID if ok. | 5449 | /* Check for ptracing, and update the task SID if ok. |
5358 | Otherwise, leave SID unchanged and fail. */ | 5450 | Otherwise, leave SID unchanged and fail. */ |
5451 | ptsid = 0; | ||
5359 | task_lock(p); | 5452 | task_lock(p); |
5360 | rcu_read_lock(); | ||
5361 | tracer = tracehook_tracer_task(p); | 5453 | tracer = tracehook_tracer_task(p); |
5362 | if (tracer != NULL) { | 5454 | if (tracer) |
5363 | struct task_security_struct *ptsec = tracer->security; | 5455 | ptsid = task_sid(tracer); |
5364 | u32 ptsid = ptsec->sid; | 5456 | task_unlock(p); |
5365 | rcu_read_unlock(); | 5457 | |
5366 | error = avc_has_perm_noaudit(ptsid, sid, | 5458 | if (tracer) { |
5367 | SECCLASS_PROCESS, | 5459 | error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, |
5368 | PROCESS__PTRACE, 0, &avd); | 5460 | PROCESS__PTRACE, NULL); |
5369 | if (!error) | ||
5370 | tsec->sid = sid; | ||
5371 | task_unlock(p); | ||
5372 | avc_audit(ptsid, sid, SECCLASS_PROCESS, | ||
5373 | PROCESS__PTRACE, &avd, error, NULL); | ||
5374 | if (error) | 5461 | if (error) |
5375 | return error; | 5462 | goto abort_change; |
5376 | } else { | ||
5377 | rcu_read_unlock(); | ||
5378 | tsec->sid = sid; | ||
5379 | task_unlock(p); | ||
5380 | } | 5463 | } |
5381 | } else | ||
5382 | return -EINVAL; | ||
5383 | 5464 | ||
5465 | tsec->sid = sid; | ||
5466 | } else { | ||
5467 | error = -EINVAL; | ||
5468 | goto abort_change; | ||
5469 | } | ||
5470 | |||
5471 | commit_creds(new); | ||
5384 | return size; | 5472 | return size; |
5473 | |||
5474 | abort_change: | ||
5475 | abort_creds(new); | ||
5476 | return error; | ||
5385 | } | 5477 | } |
5386 | 5478 | ||
5387 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 5479 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
@@ -5401,22 +5493,23 @@ static void selinux_release_secctx(char *secdata, u32 seclen) | |||
5401 | 5493 | ||
5402 | #ifdef CONFIG_KEYS | 5494 | #ifdef CONFIG_KEYS |
5403 | 5495 | ||
5404 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, | 5496 | static int selinux_key_alloc(struct key *k, const struct cred *cred, |
5405 | unsigned long flags) | 5497 | unsigned long flags) |
5406 | { | 5498 | { |
5407 | struct task_security_struct *tsec = tsk->security; | 5499 | const struct task_security_struct *tsec; |
5408 | struct key_security_struct *ksec; | 5500 | struct key_security_struct *ksec; |
5409 | 5501 | ||
5410 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); | 5502 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); |
5411 | if (!ksec) | 5503 | if (!ksec) |
5412 | return -ENOMEM; | 5504 | return -ENOMEM; |
5413 | 5505 | ||
5506 | tsec = cred->security; | ||
5414 | if (tsec->keycreate_sid) | 5507 | if (tsec->keycreate_sid) |
5415 | ksec->sid = tsec->keycreate_sid; | 5508 | ksec->sid = tsec->keycreate_sid; |
5416 | else | 5509 | else |
5417 | ksec->sid = tsec->sid; | 5510 | ksec->sid = tsec->sid; |
5418 | k->security = ksec; | ||
5419 | 5511 | ||
5512 | k->security = ksec; | ||
5420 | return 0; | 5513 | return 0; |
5421 | } | 5514 | } |
5422 | 5515 | ||
@@ -5429,17 +5522,12 @@ static void selinux_key_free(struct key *k) | |||
5429 | } | 5522 | } |
5430 | 5523 | ||
5431 | static int selinux_key_permission(key_ref_t key_ref, | 5524 | static int selinux_key_permission(key_ref_t key_ref, |
5432 | struct task_struct *ctx, | 5525 | const struct cred *cred, |
5433 | key_perm_t perm) | 5526 | key_perm_t perm) |
5434 | { | 5527 | { |
5435 | struct key *key; | 5528 | struct key *key; |
5436 | struct task_security_struct *tsec; | ||
5437 | struct key_security_struct *ksec; | 5529 | struct key_security_struct *ksec; |
5438 | 5530 | u32 sid; | |
5439 | key = key_ref_to_ptr(key_ref); | ||
5440 | |||
5441 | tsec = ctx->security; | ||
5442 | ksec = key->security; | ||
5443 | 5531 | ||
5444 | /* if no specific permissions are requested, we skip the | 5532 | /* if no specific permissions are requested, we skip the |
5445 | permission check. No serious, additional covert channels | 5533 | permission check. No serious, additional covert channels |
@@ -5447,8 +5535,12 @@ static int selinux_key_permission(key_ref_t key_ref, | |||
5447 | if (perm == 0) | 5535 | if (perm == 0) |
5448 | return 0; | 5536 | return 0; |
5449 | 5537 | ||
5450 | return avc_has_perm(tsec->sid, ksec->sid, | 5538 | sid = cred_sid(cred); |
5451 | SECCLASS_KEY, perm, NULL); | 5539 | |
5540 | key = key_ref_to_ptr(key_ref); | ||
5541 | ksec = key->security; | ||
5542 | |||
5543 | return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); | ||
5452 | } | 5544 | } |
5453 | 5545 | ||
5454 | static int selinux_key_getsecurity(struct key *key, char **_buffer) | 5546 | static int selinux_key_getsecurity(struct key *key, char **_buffer) |
@@ -5473,8 +5565,7 @@ static struct security_operations selinux_ops = { | |||
5473 | .ptrace_may_access = selinux_ptrace_may_access, | 5565 | .ptrace_may_access = selinux_ptrace_may_access, |
5474 | .ptrace_traceme = selinux_ptrace_traceme, | 5566 | .ptrace_traceme = selinux_ptrace_traceme, |
5475 | .capget = selinux_capget, | 5567 | .capget = selinux_capget, |
5476 | .capset_check = selinux_capset_check, | 5568 | .capset = selinux_capset, |
5477 | .capset_set = selinux_capset_set, | ||
5478 | .sysctl = selinux_sysctl, | 5569 | .sysctl = selinux_sysctl, |
5479 | .capable = selinux_capable, | 5570 | .capable = selinux_capable, |
5480 | .quotactl = selinux_quotactl, | 5571 | .quotactl = selinux_quotactl, |
@@ -5485,12 +5576,10 @@ static struct security_operations selinux_ops = { | |||
5485 | .netlink_send = selinux_netlink_send, | 5576 | .netlink_send = selinux_netlink_send, |
5486 | .netlink_recv = selinux_netlink_recv, | 5577 | .netlink_recv = selinux_netlink_recv, |
5487 | 5578 | ||
5488 | .bprm_alloc_security = selinux_bprm_alloc_security, | 5579 | .bprm_set_creds = selinux_bprm_set_creds, |
5489 | .bprm_free_security = selinux_bprm_free_security, | ||
5490 | .bprm_apply_creds = selinux_bprm_apply_creds, | ||
5491 | .bprm_post_apply_creds = selinux_bprm_post_apply_creds, | ||
5492 | .bprm_set_security = selinux_bprm_set_security, | ||
5493 | .bprm_check_security = selinux_bprm_check_security, | 5580 | .bprm_check_security = selinux_bprm_check_security, |
5581 | .bprm_committing_creds = selinux_bprm_committing_creds, | ||
5582 | .bprm_committed_creds = selinux_bprm_committed_creds, | ||
5494 | .bprm_secureexec = selinux_bprm_secureexec, | 5583 | .bprm_secureexec = selinux_bprm_secureexec, |
5495 | 5584 | ||
5496 | .sb_alloc_security = selinux_sb_alloc_security, | 5585 | .sb_alloc_security = selinux_sb_alloc_security, |
@@ -5549,10 +5638,13 @@ static struct security_operations selinux_ops = { | |||
5549 | .dentry_open = selinux_dentry_open, | 5638 | .dentry_open = selinux_dentry_open, |
5550 | 5639 | ||
5551 | .task_create = selinux_task_create, | 5640 | .task_create = selinux_task_create, |
5552 | .task_alloc_security = selinux_task_alloc_security, | 5641 | .cred_free = selinux_cred_free, |
5553 | .task_free_security = selinux_task_free_security, | 5642 | .cred_prepare = selinux_cred_prepare, |
5643 | .cred_commit = selinux_cred_commit, | ||
5644 | .kernel_act_as = selinux_kernel_act_as, | ||
5645 | .kernel_create_files_as = selinux_kernel_create_files_as, | ||
5554 | .task_setuid = selinux_task_setuid, | 5646 | .task_setuid = selinux_task_setuid, |
5555 | .task_post_setuid = selinux_task_post_setuid, | 5647 | .task_fix_setuid = selinux_task_fix_setuid, |
5556 | .task_setgid = selinux_task_setgid, | 5648 | .task_setgid = selinux_task_setgid, |
5557 | .task_setpgid = selinux_task_setpgid, | 5649 | .task_setpgid = selinux_task_setpgid, |
5558 | .task_getpgid = selinux_task_getpgid, | 5650 | .task_getpgid = selinux_task_getpgid, |
@@ -5569,7 +5661,6 @@ static struct security_operations selinux_ops = { | |||
5569 | .task_kill = selinux_task_kill, | 5661 | .task_kill = selinux_task_kill, |
5570 | .task_wait = selinux_task_wait, | 5662 | .task_wait = selinux_task_wait, |
5571 | .task_prctl = selinux_task_prctl, | 5663 | .task_prctl = selinux_task_prctl, |
5572 | .task_reparent_to_init = selinux_task_reparent_to_init, | ||
5573 | .task_to_inode = selinux_task_to_inode, | 5664 | .task_to_inode = selinux_task_to_inode, |
5574 | 5665 | ||
5575 | .ipc_permission = selinux_ipc_permission, | 5666 | .ipc_permission = selinux_ipc_permission, |
@@ -5665,8 +5756,6 @@ static struct security_operations selinux_ops = { | |||
5665 | 5756 | ||
5666 | static __init int selinux_init(void) | 5757 | static __init int selinux_init(void) |
5667 | { | 5758 | { |
5668 | struct task_security_struct *tsec; | ||
5669 | |||
5670 | if (!security_module_enable(&selinux_ops)) { | 5759 | if (!security_module_enable(&selinux_ops)) { |
5671 | selinux_enabled = 0; | 5760 | selinux_enabled = 0; |
5672 | return 0; | 5761 | return 0; |
@@ -5680,10 +5769,7 @@ static __init int selinux_init(void) | |||
5680 | printk(KERN_INFO "SELinux: Initializing.\n"); | 5769 | printk(KERN_INFO "SELinux: Initializing.\n"); |
5681 | 5770 | ||
5682 | /* Set the security state for the initial task. */ | 5771 | /* Set the security state for the initial task. */ |
5683 | if (task_alloc_security(current)) | 5772 | cred_init_security(); |
5684 | panic("SELinux: Failed to initialize initial task.\n"); | ||
5685 | tsec = current->security; | ||
5686 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | ||
5687 | 5773 | ||
5688 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | 5774 | sel_inode_cache = kmem_cache_create("selinux_inode_security", |
5689 | sizeof(struct inode_security_struct), | 5775 | sizeof(struct inode_security_struct), |
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 1223b4ff9bee..c0c885427b91 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -176,3 +176,5 @@ | |||
176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | 176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") |
177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | 177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") |
178 | S_(SECCLASS_PEER, PEER__RECV, "recv") | 178 | S_(SECCLASS_PEER, PEER__RECV, "recv") |
179 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override") | ||
180 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index c4c51165c505..0ba79fe00e11 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -841,3 +841,5 @@ | |||
841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL | 841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL |
842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL | 842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL |
843 | #define PEER__RECV 0x00000001UL | 843 | #define PEER__RECV 0x00000001UL |
844 | #define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL | ||
845 | #define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index bd813c366e34..21ec786611d4 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -72,3 +72,8 @@ | |||
72 | S_(NULL) | 72 | S_(NULL) |
73 | S_("peer") | 73 | S_("peer") |
74 | S_("capability2") | 74 | S_("capability2") |
75 | S_(NULL) | ||
76 | S_(NULL) | ||
77 | S_(NULL) | ||
78 | S_(NULL) | ||
79 | S_("kernel_service") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index febf8868e852..882f27d66fac 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -52,6 +52,7 @@ | |||
52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 68 |
54 | #define SECCLASS_CAPABILITY2 69 | 54 | #define SECCLASS_CAPABILITY2 69 |
55 | #define SECCLASS_KERNEL_SERVICE 74 | ||
55 | 56 | ||
56 | /* | 57 | /* |
57 | * Security identifier indices for initial entities | 58 | * Security identifier indices for initial entities |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index f8be8d7fa26d..3cc45168f674 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -77,17 +77,6 @@ struct ipc_security_struct { | |||
77 | u32 sid; /* SID of IPC resource */ | 77 | u32 sid; /* SID of IPC resource */ |
78 | }; | 78 | }; |
79 | 79 | ||
80 | struct bprm_security_struct { | ||
81 | u32 sid; /* SID for transformed process */ | ||
82 | unsigned char set; | ||
83 | |||
84 | /* | ||
85 | * unsafe is used to share failure information from bprm_apply_creds() | ||
86 | * to bprm_post_apply_creds(). | ||
87 | */ | ||
88 | char unsafe; | ||
89 | }; | ||
90 | |||
91 | struct netif_security_struct { | 80 | struct netif_security_struct { |
92 | int ifindex; /* device index */ | 81 | int ifindex; /* device index */ |
93 | u32 sid; /* SID for this interface */ | 82 | u32 sid; /* SID for this interface */ |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index ff59c0c4804b..4ed7bab89c59 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] = | |||
63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
66 | { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
67 | { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
68 | { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | ||
66 | }; | 69 | }; |
67 | 70 | ||
68 | static struct nlmsg_perm nlmsg_firewall_perms[] = | 71 | static struct nlmsg_perm nlmsg_firewall_perms[] = |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 69c9dccc8cf0..c86303638235 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val); | |||
95 | static int task_has_security(struct task_struct *tsk, | 95 | static int task_has_security(struct task_struct *tsk, |
96 | u32 perms) | 96 | u32 perms) |
97 | { | 97 | { |
98 | struct task_security_struct *tsec; | 98 | const struct task_security_struct *tsec; |
99 | 99 | u32 sid = 0; | |
100 | tsec = tsk->security; | 100 | |
101 | rcu_read_lock(); | ||
102 | tsec = __task_cred(tsk)->security; | ||
103 | if (tsec) | ||
104 | sid = tsec->sid; | ||
105 | rcu_read_unlock(); | ||
101 | if (!tsec) | 106 | if (!tsec) |
102 | return -EACCES; | 107 | return -EACCES; |
103 | 108 | ||
104 | return avc_has_perm(tsec->sid, SECINITSID_SECURITY, | 109 | return avc_has_perm(sid, SECINITSID_SECURITY, |
105 | SECCLASS_SECURITY, perms, NULL); | 110 | SECCLASS_SECURITY, perms, NULL); |
106 | } | 111 | } |
107 | 112 | ||
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 8f17f542a116..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
198 | { | 198 | { |
199 | int rc = 0; | 199 | int rc = 0; |
200 | struct task_security_struct *tsec = current->security; | 200 | const struct task_security_struct *tsec = current_security(); |
201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
203 | u32 str_len; | 203 | u32 str_len; |
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
333 | */ | 333 | */ |
334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
335 | { | 335 | { |
336 | struct task_security_struct *tsec = current->security; | 336 | const struct task_security_struct *tsec = current_security(); |
337 | int rc = 0; | 337 | int rc = 0; |
338 | 338 | ||
339 | if (ctx) { | 339 | if (ctx) { |
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
378 | */ | 378 | */ |
379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
380 | { | 380 | { |
381 | struct task_security_struct *tsec = current->security; | 381 | const struct task_security_struct *tsec = current_security(); |
382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
383 | int rc = 0; | 383 | int rc = 0; |
384 | 384 | ||