aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/exports.c8
-rw-r--r--security/selinux/hooks.c1254
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h2
-rw-r--r--security/selinux/include/class_to_string.h5
-rw-r--r--security/selinux/include/flask.h1
-rw-r--r--security/selinux/include/objsec.h11
-rw-r--r--security/selinux/nlmsgtab.c3
-rw-r--r--security/selinux/selinuxfs.c13
-rw-r--r--security/selinux/xfrm.c6
10 files changed, 701 insertions, 604 deletions
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 64af2d3409ef..c73aeaa008e8 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid);
39int selinux_secmark_relabel_packet_permission(u32 sid) 39int selinux_secmark_relabel_packet_permission(u32 sid)
40{ 40{
41 if (selinux_enabled) { 41 if (selinux_enabled) {
42 struct task_security_struct *tsec = current->security; 42 const struct task_security_struct *__tsec;
43 u32 tsid;
43 44
44 return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, 45 __tsec = current_security();
46 tsid = __tsec->sid;
47
48 return avc_has_perm(tsid, sid, SECCLASS_PACKET,
45 PACKET__RELABELTO, NULL); 49 PACKET__RELABELTO, NULL);
46 } 50 }
47 return 0; 51 return 0;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f85597a4d733..853b58c8b2cb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -156,33 +156,62 @@ static int selinux_secmark_enabled(void)
156 return (atomic_read(&selinux_secmark_refcount) > 0); 156 return (atomic_read(&selinux_secmark_refcount) > 0);
157} 157}
158 158
159/* Allocate and free functions for each kind of security blob. */ 159/*
160 160 * initialise the security for the init task
161static int task_alloc_security(struct task_struct *task) 161 */
162static void cred_init_security(void)
162{ 163{
164 struct cred *cred = (struct cred *) current->real_cred;
163 struct task_security_struct *tsec; 165 struct task_security_struct *tsec;
164 166
165 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); 167 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
166 if (!tsec) 168 if (!tsec)
167 return -ENOMEM; 169 panic("SELinux: Failed to initialize initial task.\n");
168 170
169 tsec->osid = tsec->sid = SECINITSID_UNLABELED; 171 tsec->osid = tsec->sid = SECINITSID_KERNEL;
170 task->security = tsec; 172 cred->security = tsec;
173}
171 174
172 return 0; 175/*
176 * get the security ID of a set of credentials
177 */
178static inline u32 cred_sid(const struct cred *cred)
179{
180 const struct task_security_struct *tsec;
181
182 tsec = cred->security;
183 return tsec->sid;
173} 184}
174 185
175static void task_free_security(struct task_struct *task) 186/*
187 * get the objective security ID of a task
188 */
189static inline u32 task_sid(const struct task_struct *task)
176{ 190{
177 struct task_security_struct *tsec = task->security; 191 u32 sid;
178 task->security = NULL; 192
179 kfree(tsec); 193 rcu_read_lock();
194 sid = cred_sid(__task_cred(task));
195 rcu_read_unlock();
196 return sid;
180} 197}
181 198
199/*
200 * get the subjective security ID of the current task
201 */
202static inline u32 current_sid(void)
203{
204 const struct task_security_struct *tsec = current_cred()->security;
205
206 return tsec->sid;
207}
208
209/* Allocate and free functions for each kind of security blob. */
210
182static int inode_alloc_security(struct inode *inode) 211static int inode_alloc_security(struct inode *inode)
183{ 212{
184 struct task_security_struct *tsec = current->security;
185 struct inode_security_struct *isec; 213 struct inode_security_struct *isec;
214 u32 sid = current_sid();
186 215
187 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); 216 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
188 if (!isec) 217 if (!isec)
@@ -193,7 +222,7 @@ static int inode_alloc_security(struct inode *inode)
193 isec->inode = inode; 222 isec->inode = inode;
194 isec->sid = SECINITSID_UNLABELED; 223 isec->sid = SECINITSID_UNLABELED;
195 isec->sclass = SECCLASS_FILE; 224 isec->sclass = SECCLASS_FILE;
196 isec->task_sid = tsec->sid; 225 isec->task_sid = sid;
197 inode->i_security = isec; 226 inode->i_security = isec;
198 227
199 return 0; 228 return 0;
@@ -215,15 +244,15 @@ static void inode_free_security(struct inode *inode)
215 244
216static int file_alloc_security(struct file *file) 245static int file_alloc_security(struct file *file)
217{ 246{
218 struct task_security_struct *tsec = current->security;
219 struct file_security_struct *fsec; 247 struct file_security_struct *fsec;
248 u32 sid = current_sid();
220 249
221 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); 250 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
222 if (!fsec) 251 if (!fsec)
223 return -ENOMEM; 252 return -ENOMEM;
224 253
225 fsec->sid = tsec->sid; 254 fsec->sid = sid;
226 fsec->fown_sid = tsec->sid; 255 fsec->fown_sid = sid;
227 file->f_security = fsec; 256 file->f_security = fsec;
228 257
229 return 0; 258 return 0;
@@ -338,8 +367,9 @@ static const match_table_t tokens = {
338 367
339static int may_context_mount_sb_relabel(u32 sid, 368static int may_context_mount_sb_relabel(u32 sid,
340 struct superblock_security_struct *sbsec, 369 struct superblock_security_struct *sbsec,
341 struct task_security_struct *tsec) 370 const struct cred *cred)
342{ 371{
372 const struct task_security_struct *tsec = cred->security;
343 int rc; 373 int rc;
344 374
345 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 375 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
@@ -354,8 +384,9 @@ static int may_context_mount_sb_relabel(u32 sid,
354 384
355static int may_context_mount_inode_relabel(u32 sid, 385static int may_context_mount_inode_relabel(u32 sid,
356 struct superblock_security_struct *sbsec, 386 struct superblock_security_struct *sbsec,
357 struct task_security_struct *tsec) 387 const struct cred *cred)
358{ 388{
389 const struct task_security_struct *tsec = cred->security;
359 int rc; 390 int rc;
360 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 391 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
361 FILESYSTEM__RELABELFROM, NULL); 392 FILESYSTEM__RELABELFROM, NULL);
@@ -553,8 +584,8 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag,
553static int selinux_set_mnt_opts(struct super_block *sb, 584static int selinux_set_mnt_opts(struct super_block *sb,
554 struct security_mnt_opts *opts) 585 struct security_mnt_opts *opts)
555{ 586{
587 const struct cred *cred = current_cred();
556 int rc = 0, i; 588 int rc = 0, i;
557 struct task_security_struct *tsec = current->security;
558 struct superblock_security_struct *sbsec = sb->s_security; 589 struct superblock_security_struct *sbsec = sb->s_security;
559 const char *name = sb->s_type->name; 590 const char *name = sb->s_type->name;
560 struct inode *inode = sbsec->sb->s_root->d_inode; 591 struct inode *inode = sbsec->sb->s_root->d_inode;
@@ -671,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
671 sbsec->proc = 1; 702 sbsec->proc = 1;
672 703
673 /* Determine the labeling behavior to use for this filesystem type. */ 704 /* Determine the labeling behavior to use for this filesystem type. */
674 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); 705 rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
675 if (rc) { 706 if (rc) {
676 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", 707 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
677 __func__, sb->s_type->name, rc); 708 __func__, sb->s_type->name, rc);
@@ -680,8 +711,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
680 711
681 /* sets the context of the superblock for the fs being mounted. */ 712 /* sets the context of the superblock for the fs being mounted. */
682 if (fscontext_sid) { 713 if (fscontext_sid) {
683 714 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
684 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec);
685 if (rc) 715 if (rc)
686 goto out; 716 goto out;
687 717
@@ -695,12 +725,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
695 */ 725 */
696 if (context_sid) { 726 if (context_sid) {
697 if (!fscontext_sid) { 727 if (!fscontext_sid) {
698 rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec); 728 rc = may_context_mount_sb_relabel(context_sid, sbsec,
729 cred);
699 if (rc) 730 if (rc)
700 goto out; 731 goto out;
701 sbsec->sid = context_sid; 732 sbsec->sid = context_sid;
702 } else { 733 } else {
703 rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec); 734 rc = may_context_mount_inode_relabel(context_sid, sbsec,
735 cred);
704 if (rc) 736 if (rc)
705 goto out; 737 goto out;
706 } 738 }
@@ -712,7 +744,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
712 } 744 }
713 745
714 if (rootcontext_sid) { 746 if (rootcontext_sid) {
715 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec); 747 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
748 cred);
716 if (rc) 749 if (rc)
717 goto out; 750 goto out;
718 751
@@ -730,7 +763,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
730 763
731 if (defcontext_sid != sbsec->def_sid) { 764 if (defcontext_sid != sbsec->def_sid) {
732 rc = may_context_mount_inode_relabel(defcontext_sid, 765 rc = may_context_mount_inode_relabel(defcontext_sid,
733 sbsec, tsec); 766 sbsec, cred);
734 if (rc) 767 if (rc)
735 goto out; 768 goto out;
736 } 769 }
@@ -1345,18 +1378,53 @@ static inline u32 signal_to_av(int sig)
1345 return perm; 1378 return perm;
1346} 1379}
1347 1380
1348/* Check permission betweeen a pair of tasks, e.g. signal checks, 1381/*
1349 fork check, ptrace check, etc. */ 1382 * Check permission between a pair of credentials
1350static int task_has_perm(struct task_struct *tsk1, 1383 * fork check, ptrace check, etc.
1351 struct task_struct *tsk2, 1384 */
1385static int cred_has_perm(const struct cred *actor,
1386 const struct cred *target,
1387 u32 perms)
1388{
1389 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1390
1391 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1392}
1393
1394/*
1395 * Check permission between a pair of tasks, e.g. signal checks,
1396 * fork check, ptrace check, etc.
1397 * tsk1 is the actor and tsk2 is the target
1398 * - this uses the default subjective creds of tsk1
1399 */
1400static int task_has_perm(const struct task_struct *tsk1,
1401 const struct task_struct *tsk2,
1352 u32 perms) 1402 u32 perms)
1353{ 1403{
1354 struct task_security_struct *tsec1, *tsec2; 1404 const struct task_security_struct *__tsec1, *__tsec2;
1405 u32 sid1, sid2;
1355 1406
1356 tsec1 = tsk1->security; 1407 rcu_read_lock();
1357 tsec2 = tsk2->security; 1408 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1358 return avc_has_perm(tsec1->sid, tsec2->sid, 1409 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1359 SECCLASS_PROCESS, perms, NULL); 1410 rcu_read_unlock();
1411 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1412}
1413
1414/*
1415 * Check permission between current and another task, e.g. signal checks,
1416 * fork check, ptrace check, etc.
1417 * current is the actor and tsk2 is the target
1418 * - this uses current's subjective creds
1419 */
1420static int current_has_perm(const struct task_struct *tsk,
1421 u32 perms)
1422{
1423 u32 sid, tsid;
1424
1425 sid = current_sid();
1426 tsid = task_sid(tsk);
1427 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1360} 1428}
1361 1429
1362#if CAP_LAST_CAP > 63 1430#if CAP_LAST_CAP > 63
@@ -1365,14 +1433,14 @@ static int task_has_perm(struct task_struct *tsk1,
1365 1433
1366/* Check whether a task is allowed to use a capability. */ 1434/* Check whether a task is allowed to use a capability. */
1367static int task_has_capability(struct task_struct *tsk, 1435static int task_has_capability(struct task_struct *tsk,
1368 int cap) 1436 int cap, int audit)
1369{ 1437{
1370 struct task_security_struct *tsec;
1371 struct avc_audit_data ad; 1438 struct avc_audit_data ad;
1439 struct av_decision avd;
1372 u16 sclass; 1440 u16 sclass;
1441 u32 sid = task_sid(tsk);
1373 u32 av = CAP_TO_MASK(cap); 1442 u32 av = CAP_TO_MASK(cap);
1374 1443 int rc;
1375 tsec = tsk->security;
1376 1444
1377 AVC_AUDIT_DATA_INIT(&ad, CAP); 1445 AVC_AUDIT_DATA_INIT(&ad, CAP);
1378 ad.tsk = tsk; 1446 ad.tsk = tsk;
@@ -1390,37 +1458,39 @@ static int task_has_capability(struct task_struct *tsk,
1390 "SELinux: out of range capability %d\n", cap); 1458 "SELinux: out of range capability %d\n", cap);
1391 BUG(); 1459 BUG();
1392 } 1460 }
1393 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); 1461
1462 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1463 if (audit == SECURITY_CAP_AUDIT)
1464 avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1465 return rc;
1394} 1466}
1395 1467
1396/* Check whether a task is allowed to use a system operation. */ 1468/* Check whether a task is allowed to use a system operation. */
1397static int task_has_system(struct task_struct *tsk, 1469static int task_has_system(struct task_struct *tsk,
1398 u32 perms) 1470 u32 perms)
1399{ 1471{
1400 struct task_security_struct *tsec; 1472 u32 sid = task_sid(tsk);
1401 1473
1402 tsec = tsk->security; 1474 return avc_has_perm(sid, SECINITSID_KERNEL,
1403
1404 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1405 SECCLASS_SYSTEM, perms, NULL); 1475 SECCLASS_SYSTEM, perms, NULL);
1406} 1476}
1407 1477
1408/* Check whether a task has a particular permission to an inode. 1478/* Check whether a task has a particular permission to an inode.
1409 The 'adp' parameter is optional and allows other audit 1479 The 'adp' parameter is optional and allows other audit
1410 data to be passed (e.g. the dentry). */ 1480 data to be passed (e.g. the dentry). */
1411static int inode_has_perm(struct task_struct *tsk, 1481static int inode_has_perm(const struct cred *cred,
1412 struct inode *inode, 1482 struct inode *inode,
1413 u32 perms, 1483 u32 perms,
1414 struct avc_audit_data *adp) 1484 struct avc_audit_data *adp)
1415{ 1485{
1416 struct task_security_struct *tsec;
1417 struct inode_security_struct *isec; 1486 struct inode_security_struct *isec;
1418 struct avc_audit_data ad; 1487 struct avc_audit_data ad;
1488 u32 sid;
1419 1489
1420 if (unlikely(IS_PRIVATE(inode))) 1490 if (unlikely(IS_PRIVATE(inode)))
1421 return 0; 1491 return 0;
1422 1492
1423 tsec = tsk->security; 1493 sid = cred_sid(cred);
1424 isec = inode->i_security; 1494 isec = inode->i_security;
1425 1495
1426 if (!adp) { 1496 if (!adp) {
@@ -1429,23 +1499,24 @@ static int inode_has_perm(struct task_struct *tsk,
1429 ad.u.fs.inode = inode; 1499 ad.u.fs.inode = inode;
1430 } 1500 }
1431 1501
1432 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); 1502 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1433} 1503}
1434 1504
1435/* Same as inode_has_perm, but pass explicit audit data containing 1505/* Same as inode_has_perm, but pass explicit audit data containing
1436 the dentry to help the auditing code to more easily generate the 1506 the dentry to help the auditing code to more easily generate the
1437 pathname if needed. */ 1507 pathname if needed. */
1438static inline int dentry_has_perm(struct task_struct *tsk, 1508static inline int dentry_has_perm(const struct cred *cred,
1439 struct vfsmount *mnt, 1509 struct vfsmount *mnt,
1440 struct dentry *dentry, 1510 struct dentry *dentry,
1441 u32 av) 1511 u32 av)
1442{ 1512{
1443 struct inode *inode = dentry->d_inode; 1513 struct inode *inode = dentry->d_inode;
1444 struct avc_audit_data ad; 1514 struct avc_audit_data ad;
1515
1445 AVC_AUDIT_DATA_INIT(&ad, FS); 1516 AVC_AUDIT_DATA_INIT(&ad, FS);
1446 ad.u.fs.path.mnt = mnt; 1517 ad.u.fs.path.mnt = mnt;
1447 ad.u.fs.path.dentry = dentry; 1518 ad.u.fs.path.dentry = dentry;
1448 return inode_has_perm(tsk, inode, av, &ad); 1519 return inode_has_perm(cred, inode, av, &ad);
1449} 1520}
1450 1521
1451/* Check whether a task can use an open file descriptor to 1522/* Check whether a task can use an open file descriptor to
@@ -1456,33 +1527,35 @@ static inline int dentry_has_perm(struct task_struct *tsk,
1456 has the same SID as the process. If av is zero, then 1527 has the same SID as the process. If av is zero, then
1457 access to the file is not checked, e.g. for cases 1528 access to the file is not checked, e.g. for cases
1458 where only the descriptor is affected like seek. */ 1529 where only the descriptor is affected like seek. */
1459static int file_has_perm(struct task_struct *tsk, 1530static int file_has_perm(const struct cred *cred,
1460 struct file *file, 1531 struct file *file,
1461 u32 av) 1532 u32 av)
1462{ 1533{
1463 struct task_security_struct *tsec = tsk->security;
1464 struct file_security_struct *fsec = file->f_security; 1534 struct file_security_struct *fsec = file->f_security;
1465 struct inode *inode = file->f_path.dentry->d_inode; 1535 struct inode *inode = file->f_path.dentry->d_inode;
1466 struct avc_audit_data ad; 1536 struct avc_audit_data ad;
1537 u32 sid = cred_sid(cred);
1467 int rc; 1538 int rc;
1468 1539
1469 AVC_AUDIT_DATA_INIT(&ad, FS); 1540 AVC_AUDIT_DATA_INIT(&ad, FS);
1470 ad.u.fs.path = file->f_path; 1541 ad.u.fs.path = file->f_path;
1471 1542
1472 if (tsec->sid != fsec->sid) { 1543 if (sid != fsec->sid) {
1473 rc = avc_has_perm(tsec->sid, fsec->sid, 1544 rc = avc_has_perm(sid, fsec->sid,
1474 SECCLASS_FD, 1545 SECCLASS_FD,
1475 FD__USE, 1546 FD__USE,
1476 &ad); 1547 &ad);
1477 if (rc) 1548 if (rc)
1478 return rc; 1549 goto out;
1479 } 1550 }
1480 1551
1481 /* av is zero if only checking access to the descriptor. */ 1552 /* av is zero if only checking access to the descriptor. */
1553 rc = 0;
1482 if (av) 1554 if (av)
1483 return inode_has_perm(tsk, inode, av, &ad); 1555 rc = inode_has_perm(cred, inode, av, &ad);
1484 1556
1485 return 0; 1557out:
1558 return rc;
1486} 1559}
1487 1560
1488/* Check whether a task can create a file. */ 1561/* Check whether a task can create a file. */
@@ -1490,36 +1563,36 @@ static int may_create(struct inode *dir,
1490 struct dentry *dentry, 1563 struct dentry *dentry,
1491 u16 tclass) 1564 u16 tclass)
1492{ 1565{
1493 struct task_security_struct *tsec; 1566 const struct cred *cred = current_cred();
1567 const struct task_security_struct *tsec = cred->security;
1494 struct inode_security_struct *dsec; 1568 struct inode_security_struct *dsec;
1495 struct superblock_security_struct *sbsec; 1569 struct superblock_security_struct *sbsec;
1496 u32 newsid; 1570 u32 sid, newsid;
1497 struct avc_audit_data ad; 1571 struct avc_audit_data ad;
1498 int rc; 1572 int rc;
1499 1573
1500 tsec = current->security;
1501 dsec = dir->i_security; 1574 dsec = dir->i_security;
1502 sbsec = dir->i_sb->s_security; 1575 sbsec = dir->i_sb->s_security;
1503 1576
1577 sid = tsec->sid;
1578 newsid = tsec->create_sid;
1579
1504 AVC_AUDIT_DATA_INIT(&ad, FS); 1580 AVC_AUDIT_DATA_INIT(&ad, FS);
1505 ad.u.fs.path.dentry = dentry; 1581 ad.u.fs.path.dentry = dentry;
1506 1582
1507 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, 1583 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1508 DIR__ADD_NAME | DIR__SEARCH, 1584 DIR__ADD_NAME | DIR__SEARCH,
1509 &ad); 1585 &ad);
1510 if (rc) 1586 if (rc)
1511 return rc; 1587 return rc;
1512 1588
1513 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 1589 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
1514 newsid = tsec->create_sid; 1590 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1515 } else {
1516 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1517 &newsid);
1518 if (rc) 1591 if (rc)
1519 return rc; 1592 return rc;
1520 } 1593 }
1521 1594
1522 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); 1595 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1523 if (rc) 1596 if (rc)
1524 return rc; 1597 return rc;
1525 1598
@@ -1532,11 +1605,9 @@ static int may_create(struct inode *dir,
1532static int may_create_key(u32 ksid, 1605static int may_create_key(u32 ksid,
1533 struct task_struct *ctx) 1606 struct task_struct *ctx)
1534{ 1607{
1535 struct task_security_struct *tsec; 1608 u32 sid = task_sid(ctx);
1536 1609
1537 tsec = ctx->security; 1610 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1538
1539 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1540} 1611}
1541 1612
1542#define MAY_LINK 0 1613#define MAY_LINK 0
@@ -1549,13 +1620,12 @@ static int may_link(struct inode *dir,
1549 int kind) 1620 int kind)
1550 1621
1551{ 1622{
1552 struct task_security_struct *tsec;
1553 struct inode_security_struct *dsec, *isec; 1623 struct inode_security_struct *dsec, *isec;
1554 struct avc_audit_data ad; 1624 struct avc_audit_data ad;
1625 u32 sid = current_sid();
1555 u32 av; 1626 u32 av;
1556 int rc; 1627 int rc;
1557 1628
1558 tsec = current->security;
1559 dsec = dir->i_security; 1629 dsec = dir->i_security;
1560 isec = dentry->d_inode->i_security; 1630 isec = dentry->d_inode->i_security;
1561 1631
@@ -1564,7 +1634,7 @@ static int may_link(struct inode *dir,
1564 1634
1565 av = DIR__SEARCH; 1635 av = DIR__SEARCH;
1566 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1636 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1567 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); 1637 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1568 if (rc) 1638 if (rc)
1569 return rc; 1639 return rc;
1570 1640
@@ -1584,7 +1654,7 @@ static int may_link(struct inode *dir,
1584 return 0; 1654 return 0;
1585 } 1655 }
1586 1656
1587 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); 1657 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1588 return rc; 1658 return rc;
1589} 1659}
1590 1660
@@ -1593,14 +1663,13 @@ static inline int may_rename(struct inode *old_dir,
1593 struct inode *new_dir, 1663 struct inode *new_dir,
1594 struct dentry *new_dentry) 1664 struct dentry *new_dentry)
1595{ 1665{
1596 struct task_security_struct *tsec;
1597 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1666 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1598 struct avc_audit_data ad; 1667 struct avc_audit_data ad;
1668 u32 sid = current_sid();
1599 u32 av; 1669 u32 av;
1600 int old_is_dir, new_is_dir; 1670 int old_is_dir, new_is_dir;
1601 int rc; 1671 int rc;
1602 1672
1603 tsec = current->security;
1604 old_dsec = old_dir->i_security; 1673 old_dsec = old_dir->i_security;
1605 old_isec = old_dentry->d_inode->i_security; 1674 old_isec = old_dentry->d_inode->i_security;
1606 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1675 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
@@ -1609,16 +1678,16 @@ static inline int may_rename(struct inode *old_dir,
1609 AVC_AUDIT_DATA_INIT(&ad, FS); 1678 AVC_AUDIT_DATA_INIT(&ad, FS);
1610 1679
1611 ad.u.fs.path.dentry = old_dentry; 1680 ad.u.fs.path.dentry = old_dentry;
1612 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, 1681 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1613 DIR__REMOVE_NAME | DIR__SEARCH, &ad); 1682 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1614 if (rc) 1683 if (rc)
1615 return rc; 1684 return rc;
1616 rc = avc_has_perm(tsec->sid, old_isec->sid, 1685 rc = avc_has_perm(sid, old_isec->sid,
1617 old_isec->sclass, FILE__RENAME, &ad); 1686 old_isec->sclass, FILE__RENAME, &ad);
1618 if (rc) 1687 if (rc)
1619 return rc; 1688 return rc;
1620 if (old_is_dir && new_dir != old_dir) { 1689 if (old_is_dir && new_dir != old_dir) {
1621 rc = avc_has_perm(tsec->sid, old_isec->sid, 1690 rc = avc_has_perm(sid, old_isec->sid,
1622 old_isec->sclass, DIR__REPARENT, &ad); 1691 old_isec->sclass, DIR__REPARENT, &ad);
1623 if (rc) 1692 if (rc)
1624 return rc; 1693 return rc;
@@ -1628,13 +1697,13 @@ static inline int may_rename(struct inode *old_dir,
1628 av = DIR__ADD_NAME | DIR__SEARCH; 1697 av = DIR__ADD_NAME | DIR__SEARCH;
1629 if (new_dentry->d_inode) 1698 if (new_dentry->d_inode)
1630 av |= DIR__REMOVE_NAME; 1699 av |= DIR__REMOVE_NAME;
1631 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); 1700 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1632 if (rc) 1701 if (rc)
1633 return rc; 1702 return rc;
1634 if (new_dentry->d_inode) { 1703 if (new_dentry->d_inode) {
1635 new_isec = new_dentry->d_inode->i_security; 1704 new_isec = new_dentry->d_inode->i_security;
1636 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); 1705 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1637 rc = avc_has_perm(tsec->sid, new_isec->sid, 1706 rc = avc_has_perm(sid, new_isec->sid,
1638 new_isec->sclass, 1707 new_isec->sclass,
1639 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 1708 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1640 if (rc) 1709 if (rc)
@@ -1645,18 +1714,16 @@ static inline int may_rename(struct inode *old_dir,
1645} 1714}
1646 1715
1647/* Check whether a task can perform a filesystem operation. */ 1716/* Check whether a task can perform a filesystem operation. */
1648static int superblock_has_perm(struct task_struct *tsk, 1717static int superblock_has_perm(const struct cred *cred,
1649 struct super_block *sb, 1718 struct super_block *sb,
1650 u32 perms, 1719 u32 perms,
1651 struct avc_audit_data *ad) 1720 struct avc_audit_data *ad)
1652{ 1721{
1653 struct task_security_struct *tsec;
1654 struct superblock_security_struct *sbsec; 1722 struct superblock_security_struct *sbsec;
1723 u32 sid = cred_sid(cred);
1655 1724
1656 tsec = tsk->security;
1657 sbsec = sb->s_security; 1725 sbsec = sb->s_security;
1658 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 1726 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1659 perms, ad);
1660} 1727}
1661 1728
1662/* Convert a Linux mode and permission mask to an access vector. */ 1729/* Convert a Linux mode and permission mask to an access vector. */
@@ -1687,15 +1754,39 @@ static inline u32 file_mask_to_av(int mode, int mask)
1687 return av; 1754 return av;
1688} 1755}
1689 1756
1757/* Convert a Linux file to an access vector. */
1758static inline u32 file_to_av(struct file *file)
1759{
1760 u32 av = 0;
1761
1762 if (file->f_mode & FMODE_READ)
1763 av |= FILE__READ;
1764 if (file->f_mode & FMODE_WRITE) {
1765 if (file->f_flags & O_APPEND)
1766 av |= FILE__APPEND;
1767 else
1768 av |= FILE__WRITE;
1769 }
1770 if (!av) {
1771 /*
1772 * Special file opened with flags 3 for ioctl-only use.
1773 */
1774 av = FILE__IOCTL;
1775 }
1776
1777 return av;
1778}
1779
1690/* 1780/*
1691 * Convert a file mask to an access vector and include the correct open 1781 * Convert a file to an access vector and include the correct open
1692 * open permission. 1782 * open permission.
1693 */ 1783 */
1694static inline u32 open_file_mask_to_av(int mode, int mask) 1784static inline u32 open_file_to_av(struct file *file)
1695{ 1785{
1696 u32 av = file_mask_to_av(mode, mask); 1786 u32 av = file_to_av(file);
1697 1787
1698 if (selinux_policycap_openperm) { 1788 if (selinux_policycap_openperm) {
1789 mode_t mode = file->f_path.dentry->d_inode->i_mode;
1699 /* 1790 /*
1700 * lnk files and socks do not really have an 'open' 1791 * lnk files and socks do not really have an 'open'
1701 */ 1792 */
@@ -1711,34 +1802,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
1711 av |= DIR__OPEN; 1802 av |= DIR__OPEN;
1712 else 1803 else
1713 printk(KERN_ERR "SELinux: WARNING: inside %s with " 1804 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1714 "unknown mode:%x\n", __func__, mode); 1805 "unknown mode:%o\n", __func__, mode);
1715 } 1806 }
1716 return av; 1807 return av;
1717} 1808}
1718 1809
1719/* Convert a Linux file to an access vector. */
1720static inline u32 file_to_av(struct file *file)
1721{
1722 u32 av = 0;
1723
1724 if (file->f_mode & FMODE_READ)
1725 av |= FILE__READ;
1726 if (file->f_mode & FMODE_WRITE) {
1727 if (file->f_flags & O_APPEND)
1728 av |= FILE__APPEND;
1729 else
1730 av |= FILE__WRITE;
1731 }
1732 if (!av) {
1733 /*
1734 * Special file opened with flags 3 for ioctl-only use.
1735 */
1736 av = FILE__IOCTL;
1737 }
1738
1739 return av;
1740}
1741
1742/* Hook functions begin here. */ 1810/* Hook functions begin here. */
1743 1811
1744static int selinux_ptrace_may_access(struct task_struct *child, 1812static int selinux_ptrace_may_access(struct task_struct *child,
@@ -1751,13 +1819,12 @@ static int selinux_ptrace_may_access(struct task_struct *child,
1751 return rc; 1819 return rc;
1752 1820
1753 if (mode == PTRACE_MODE_READ) { 1821 if (mode == PTRACE_MODE_READ) {
1754 struct task_security_struct *tsec = current->security; 1822 u32 sid = current_sid();
1755 struct task_security_struct *csec = child->security; 1823 u32 csid = task_sid(child);
1756 return avc_has_perm(tsec->sid, csec->sid, 1824 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1757 SECCLASS_FILE, FILE__READ, NULL);
1758 } 1825 }
1759 1826
1760 return task_has_perm(current, child, PROCESS__PTRACE); 1827 return current_has_perm(child, PROCESS__PTRACE);
1761} 1828}
1762 1829
1763static int selinux_ptrace_traceme(struct task_struct *parent) 1830static int selinux_ptrace_traceme(struct task_struct *parent)
@@ -1776,40 +1843,37 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1776{ 1843{
1777 int error; 1844 int error;
1778 1845
1779 error = task_has_perm(current, target, PROCESS__GETCAP); 1846 error = current_has_perm(target, PROCESS__GETCAP);
1780 if (error) 1847 if (error)
1781 return error; 1848 return error;
1782 1849
1783 return secondary_ops->capget(target, effective, inheritable, permitted); 1850 return secondary_ops->capget(target, effective, inheritable, permitted);
1784} 1851}
1785 1852
1786static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, 1853static int selinux_capset(struct cred *new, const struct cred *old,
1787 kernel_cap_t *inheritable, kernel_cap_t *permitted) 1854 const kernel_cap_t *effective,
1855 const kernel_cap_t *inheritable,
1856 const kernel_cap_t *permitted)
1788{ 1857{
1789 int error; 1858 int error;
1790 1859
1791 error = secondary_ops->capset_check(target, effective, inheritable, permitted); 1860 error = secondary_ops->capset(new, old,
1861 effective, inheritable, permitted);
1792 if (error) 1862 if (error)
1793 return error; 1863 return error;
1794 1864
1795 return task_has_perm(current, target, PROCESS__SETCAP); 1865 return cred_has_perm(old, new, PROCESS__SETCAP);
1796} 1866}
1797 1867
1798static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, 1868static int selinux_capable(struct task_struct *tsk, int cap, int audit)
1799 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1800{
1801 secondary_ops->capset_set(target, effective, inheritable, permitted);
1802}
1803
1804static int selinux_capable(struct task_struct *tsk, int cap)
1805{ 1869{
1806 int rc; 1870 int rc;
1807 1871
1808 rc = secondary_ops->capable(tsk, cap); 1872 rc = secondary_ops->capable(tsk, cap, audit);
1809 if (rc) 1873 if (rc)
1810 return rc; 1874 return rc;
1811 1875
1812 return task_has_capability(tsk, cap); 1876 return task_has_capability(tsk, cap, audit);
1813} 1877}
1814 1878
1815static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) 1879static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
@@ -1857,15 +1921,14 @@ static int selinux_sysctl(ctl_table *table, int op)
1857{ 1921{
1858 int error = 0; 1922 int error = 0;
1859 u32 av; 1923 u32 av;
1860 struct task_security_struct *tsec; 1924 u32 tsid, sid;
1861 u32 tsid;
1862 int rc; 1925 int rc;
1863 1926
1864 rc = secondary_ops->sysctl(table, op); 1927 rc = secondary_ops->sysctl(table, op);
1865 if (rc) 1928 if (rc)
1866 return rc; 1929 return rc;
1867 1930
1868 tsec = current->security; 1931 sid = current_sid();
1869 1932
1870 rc = selinux_sysctl_get_sid(table, (op == 0001) ? 1933 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1871 SECCLASS_DIR : SECCLASS_FILE, &tsid); 1934 SECCLASS_DIR : SECCLASS_FILE, &tsid);
@@ -1877,7 +1940,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1877 /* The op values are "defined" in sysctl.c, thereby creating 1940 /* The op values are "defined" in sysctl.c, thereby creating
1878 * a bad coupling between this module and sysctl.c */ 1941 * a bad coupling between this module and sysctl.c */
1879 if (op == 001) { 1942 if (op == 001) {
1880 error = avc_has_perm(tsec->sid, tsid, 1943 error = avc_has_perm(sid, tsid,
1881 SECCLASS_DIR, DIR__SEARCH, NULL); 1944 SECCLASS_DIR, DIR__SEARCH, NULL);
1882 } else { 1945 } else {
1883 av = 0; 1946 av = 0;
@@ -1886,7 +1949,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1886 if (op & 002) 1949 if (op & 002)
1887 av |= FILE__WRITE; 1950 av |= FILE__WRITE;
1888 if (av) 1951 if (av)
1889 error = avc_has_perm(tsec->sid, tsid, 1952 error = avc_has_perm(sid, tsid,
1890 SECCLASS_FILE, av, NULL); 1953 SECCLASS_FILE, av, NULL);
1891 } 1954 }
1892 1955
@@ -1895,6 +1958,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1895 1958
1896static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 1959static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1897{ 1960{
1961 const struct cred *cred = current_cred();
1898 int rc = 0; 1962 int rc = 0;
1899 1963
1900 if (!sb) 1964 if (!sb)
@@ -1906,14 +1970,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1906 case Q_QUOTAOFF: 1970 case Q_QUOTAOFF:
1907 case Q_SETINFO: 1971 case Q_SETINFO:
1908 case Q_SETQUOTA: 1972 case Q_SETQUOTA:
1909 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, 1973 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1910 NULL);
1911 break; 1974 break;
1912 case Q_GETFMT: 1975 case Q_GETFMT:
1913 case Q_GETINFO: 1976 case Q_GETINFO:
1914 case Q_GETQUOTA: 1977 case Q_GETQUOTA:
1915 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, 1978 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1916 NULL);
1917 break; 1979 break;
1918 default: 1980 default:
1919 rc = 0; /* let the kernel handle invalid cmds */ 1981 rc = 0; /* let the kernel handle invalid cmds */
@@ -1924,7 +1986,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1924 1986
1925static int selinux_quota_on(struct dentry *dentry) 1987static int selinux_quota_on(struct dentry *dentry)
1926{ 1988{
1927 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); 1989 const struct cred *cred = current_cred();
1990
1991 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
1928} 1992}
1929 1993
1930static int selinux_syslog(int type) 1994static int selinux_syslog(int type)
@@ -1972,16 +2036,8 @@ static int selinux_syslog(int type)
1972static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) 2036static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1973{ 2037{
1974 int rc, cap_sys_admin = 0; 2038 int rc, cap_sys_admin = 0;
1975 struct task_security_struct *tsec = current->security;
1976
1977 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1978 if (rc == 0)
1979 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1980 SECCLASS_CAPABILITY,
1981 CAP_TO_MASK(CAP_SYS_ADMIN),
1982 0,
1983 NULL);
1984 2039
2040 rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT);
1985 if (rc == 0) 2041 if (rc == 0)
1986 cap_sys_admin = 1; 2042 cap_sys_admin = 1;
1987 2043
@@ -1990,59 +2046,45 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1990 2046
1991/* binprm security operations */ 2047/* binprm security operations */
1992 2048
1993static int selinux_bprm_alloc_security(struct linux_binprm *bprm) 2049static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1994{
1995 struct bprm_security_struct *bsec;
1996
1997 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1998 if (!bsec)
1999 return -ENOMEM;
2000
2001 bsec->sid = SECINITSID_UNLABELED;
2002 bsec->set = 0;
2003
2004 bprm->security = bsec;
2005 return 0;
2006}
2007
2008static int selinux_bprm_set_security(struct linux_binprm *bprm)
2009{ 2050{
2010 struct task_security_struct *tsec; 2051 const struct task_security_struct *old_tsec;
2011 struct inode *inode = bprm->file->f_path.dentry->d_inode; 2052 struct task_security_struct *new_tsec;
2012 struct inode_security_struct *isec; 2053 struct inode_security_struct *isec;
2013 struct bprm_security_struct *bsec;
2014 u32 newsid;
2015 struct avc_audit_data ad; 2054 struct avc_audit_data ad;
2055 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2016 int rc; 2056 int rc;
2017 2057
2018 rc = secondary_ops->bprm_set_security(bprm); 2058 rc = secondary_ops->bprm_set_creds(bprm);
2019 if (rc) 2059 if (rc)
2020 return rc; 2060 return rc;
2021 2061
2022 bsec = bprm->security; 2062 /* SELinux context only depends on initial program or script and not
2023 2063 * the script interpreter */
2024 if (bsec->set) 2064 if (bprm->cred_prepared)
2025 return 0; 2065 return 0;
2026 2066
2027 tsec = current->security; 2067 old_tsec = current_security();
2068 new_tsec = bprm->cred->security;
2028 isec = inode->i_security; 2069 isec = inode->i_security;
2029 2070
2030 /* Default to the current task SID. */ 2071 /* Default to the current task SID. */
2031 bsec->sid = tsec->sid; 2072 new_tsec->sid = old_tsec->sid;
2073 new_tsec->osid = old_tsec->sid;
2032 2074
2033 /* Reset fs, key, and sock SIDs on execve. */ 2075 /* Reset fs, key, and sock SIDs on execve. */
2034 tsec->create_sid = 0; 2076 new_tsec->create_sid = 0;
2035 tsec->keycreate_sid = 0; 2077 new_tsec->keycreate_sid = 0;
2036 tsec->sockcreate_sid = 0; 2078 new_tsec->sockcreate_sid = 0;
2037 2079
2038 if (tsec->exec_sid) { 2080 if (old_tsec->exec_sid) {
2039 newsid = tsec->exec_sid; 2081 new_tsec->sid = old_tsec->exec_sid;
2040 /* Reset exec SID on execve. */ 2082 /* Reset exec SID on execve. */
2041 tsec->exec_sid = 0; 2083 new_tsec->exec_sid = 0;
2042 } else { 2084 } else {
2043 /* Check for a default transition on this program. */ 2085 /* Check for a default transition on this program. */
2044 rc = security_transition_sid(tsec->sid, isec->sid, 2086 rc = security_transition_sid(old_tsec->sid, isec->sid,
2045 SECCLASS_PROCESS, &newsid); 2087 SECCLASS_PROCESS, &new_tsec->sid);
2046 if (rc) 2088 if (rc)
2047 return rc; 2089 return rc;
2048 } 2090 }
@@ -2051,33 +2093,63 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
2051 ad.u.fs.path = bprm->file->f_path; 2093 ad.u.fs.path = bprm->file->f_path;
2052 2094
2053 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2095 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2054 newsid = tsec->sid; 2096 new_tsec->sid = old_tsec->sid;
2055 2097
2056 if (tsec->sid == newsid) { 2098 if (new_tsec->sid == old_tsec->sid) {
2057 rc = avc_has_perm(tsec->sid, isec->sid, 2099 rc = avc_has_perm(old_tsec->sid, isec->sid,
2058 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2100 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2059 if (rc) 2101 if (rc)
2060 return rc; 2102 return rc;
2061 } else { 2103 } else {
2062 /* Check permissions for the transition. */ 2104 /* Check permissions for the transition. */
2063 rc = avc_has_perm(tsec->sid, newsid, 2105 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2064 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2106 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2065 if (rc) 2107 if (rc)
2066 return rc; 2108 return rc;
2067 2109
2068 rc = avc_has_perm(newsid, isec->sid, 2110 rc = avc_has_perm(new_tsec->sid, isec->sid,
2069 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2111 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2070 if (rc) 2112 if (rc)
2071 return rc; 2113 return rc;
2072 2114
2073 /* Clear any possibly unsafe personality bits on exec: */ 2115 /* Check for shared state */
2074 current->personality &= ~PER_CLEAR_ON_SETID; 2116 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2117 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2118 SECCLASS_PROCESS, PROCESS__SHARE,
2119 NULL);
2120 if (rc)
2121 return -EPERM;
2122 }
2123
2124 /* Make sure that anyone attempting to ptrace over a task that
2125 * changes its SID has the appropriate permit */
2126 if (bprm->unsafe &
2127 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2128 struct task_struct *tracer;
2129 struct task_security_struct *sec;
2130 u32 ptsid = 0;
2075 2131
2076 /* Set the security field to the new SID. */ 2132 rcu_read_lock();
2077 bsec->sid = newsid; 2133 tracer = tracehook_tracer_task(current);
2134 if (likely(tracer != NULL)) {
2135 sec = __task_cred(tracer)->security;
2136 ptsid = sec->sid;
2137 }
2138 rcu_read_unlock();
2139
2140 if (ptsid != 0) {
2141 rc = avc_has_perm(ptsid, new_tsec->sid,
2142 SECCLASS_PROCESS,
2143 PROCESS__PTRACE, NULL);
2144 if (rc)
2145 return -EPERM;
2146 }
2147 }
2148
2149 /* Clear any possibly unsafe personality bits on exec: */
2150 bprm->per_clear |= PER_CLEAR_ON_SETID;
2078 } 2151 }
2079 2152
2080 bsec->set = 1;
2081 return 0; 2153 return 0;
2082} 2154}
2083 2155
@@ -2086,35 +2158,34 @@ static int selinux_bprm_check_security(struct linux_binprm *bprm)
2086 return secondary_ops->bprm_check_security(bprm); 2158 return secondary_ops->bprm_check_security(bprm);
2087} 2159}
2088 2160
2089
2090static int selinux_bprm_secureexec(struct linux_binprm *bprm) 2161static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2091{ 2162{
2092 struct task_security_struct *tsec = current->security; 2163 const struct cred *cred = current_cred();
2164 const struct task_security_struct *tsec = cred->security;
2165 u32 sid, osid;
2093 int atsecure = 0; 2166 int atsecure = 0;
2094 2167
2095 if (tsec->osid != tsec->sid) { 2168 sid = tsec->sid;
2169 osid = tsec->osid;
2170
2171 if (osid != sid) {
2096 /* Enable secure mode for SIDs transitions unless 2172 /* Enable secure mode for SIDs transitions unless
2097 the noatsecure permission is granted between 2173 the noatsecure permission is granted between
2098 the two SIDs, i.e. ahp returns 0. */ 2174 the two SIDs, i.e. ahp returns 0. */
2099 atsecure = avc_has_perm(tsec->osid, tsec->sid, 2175 atsecure = avc_has_perm(osid, sid,
2100 SECCLASS_PROCESS, 2176 SECCLASS_PROCESS,
2101 PROCESS__NOATSECURE, NULL); 2177 PROCESS__NOATSECURE, NULL);
2102 } 2178 }
2103 2179
2104 return (atsecure || secondary_ops->bprm_secureexec(bprm)); 2180 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2105} 2181}
2106 2182
2107static void selinux_bprm_free_security(struct linux_binprm *bprm)
2108{
2109 kfree(bprm->security);
2110 bprm->security = NULL;
2111}
2112
2113extern struct vfsmount *selinuxfs_mount; 2183extern struct vfsmount *selinuxfs_mount;
2114extern struct dentry *selinux_null; 2184extern struct dentry *selinux_null;
2115 2185
2116/* Derived from fs/exec.c:flush_old_files. */ 2186/* Derived from fs/exec.c:flush_old_files. */
2117static inline void flush_unauthorized_files(struct files_struct *files) 2187static inline void flush_unauthorized_files(const struct cred *cred,
2188 struct files_struct *files)
2118{ 2189{
2119 struct avc_audit_data ad; 2190 struct avc_audit_data ad;
2120 struct file *file, *devnull = NULL; 2191 struct file *file, *devnull = NULL;
@@ -2136,7 +2207,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2136 interested in the inode-based check here. */ 2207 interested in the inode-based check here. */
2137 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); 2208 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2138 inode = file->f_path.dentry->d_inode; 2209 inode = file->f_path.dentry->d_inode;
2139 if (inode_has_perm(current, inode, 2210 if (inode_has_perm(cred, inode,
2140 FILE__READ | FILE__WRITE, NULL)) { 2211 FILE__READ | FILE__WRITE, NULL)) {
2141 drop_tty = 1; 2212 drop_tty = 1;
2142 } 2213 }
@@ -2171,7 +2242,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2171 file = fget(i); 2242 file = fget(i);
2172 if (!file) 2243 if (!file)
2173 continue; 2244 continue;
2174 if (file_has_perm(current, 2245 if (file_has_perm(cred,
2175 file, 2246 file,
2176 file_to_av(file))) { 2247 file_to_av(file))) {
2177 sys_close(i); 2248 sys_close(i);
@@ -2185,7 +2256,10 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2185 if (devnull) { 2256 if (devnull) {
2186 get_file(devnull); 2257 get_file(devnull);
2187 } else { 2258 } else {
2188 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); 2259 devnull = dentry_open(
2260 dget(selinux_null),
2261 mntget(selinuxfs_mount),
2262 O_RDWR, cred);
2189 if (IS_ERR(devnull)) { 2263 if (IS_ERR(devnull)) {
2190 devnull = NULL; 2264 devnull = NULL;
2191 put_unused_fd(fd); 2265 put_unused_fd(fd);
@@ -2204,94 +2278,78 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2204 spin_unlock(&files->file_lock); 2278 spin_unlock(&files->file_lock);
2205} 2279}
2206 2280
2207static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) 2281/*
2282 * Prepare a process for imminent new credential changes due to exec
2283 */
2284static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2208{ 2285{
2209 struct task_security_struct *tsec; 2286 struct task_security_struct *new_tsec;
2210 struct bprm_security_struct *bsec; 2287 struct rlimit *rlim, *initrlim;
2211 u32 sid; 2288 int rc, i;
2212 int rc;
2213
2214 secondary_ops->bprm_apply_creds(bprm, unsafe);
2215
2216 tsec = current->security;
2217 2289
2218 bsec = bprm->security; 2290 secondary_ops->bprm_committing_creds(bprm);
2219 sid = bsec->sid;
2220 2291
2221 tsec->osid = tsec->sid; 2292 new_tsec = bprm->cred->security;
2222 bsec->unsafe = 0; 2293 if (new_tsec->sid == new_tsec->osid)
2223 if (tsec->sid != sid) { 2294 return;
2224 /* Check for shared state. If not ok, leave SID
2225 unchanged and kill. */
2226 if (unsafe & LSM_UNSAFE_SHARE) {
2227 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
2228 PROCESS__SHARE, NULL);
2229 if (rc) {
2230 bsec->unsafe = 1;
2231 return;
2232 }
2233 }
2234 2295
2235 /* Check for ptracing, and update the task SID if ok. 2296 /* Close files for which the new task SID is not authorized. */
2236 Otherwise, leave SID unchanged and kill. */ 2297 flush_unauthorized_files(bprm->cred, current->files);
2237 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2238 struct task_struct *tracer;
2239 struct task_security_struct *sec;
2240 u32 ptsid = 0;
2241 2298
2242 rcu_read_lock(); 2299 /* Always clear parent death signal on SID transitions. */
2243 tracer = tracehook_tracer_task(current); 2300 current->pdeath_signal = 0;
2244 if (likely(tracer != NULL)) {
2245 sec = tracer->security;
2246 ptsid = sec->sid;
2247 }
2248 rcu_read_unlock();
2249 2301
2250 if (ptsid != 0) { 2302 /* Check whether the new SID can inherit resource limits from the old
2251 rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, 2303 * SID. If not, reset all soft limits to the lower of the current
2252 PROCESS__PTRACE, NULL); 2304 * task's hard limit and the init task's soft limit.
2253 if (rc) { 2305 *
2254 bsec->unsafe = 1; 2306 * Note that the setting of hard limits (even to lower them) can be
2255 return; 2307 * controlled by the setrlimit check. The inclusion of the init task's
2256 } 2308 * soft limit into the computation is to avoid resetting soft limits
2257 } 2309 * higher than the default soft limit for cases where the default is
2310 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
2311 */
2312 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2313 PROCESS__RLIMITINH, NULL);
2314 if (rc) {
2315 for (i = 0; i < RLIM_NLIMITS; i++) {
2316 rlim = current->signal->rlim + i;
2317 initrlim = init_task.signal->rlim + i;
2318 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2258 } 2319 }
2259 tsec->sid = sid; 2320 update_rlimit_cpu(rlim->rlim_cur);
2260 } 2321 }
2261} 2322}
2262 2323
2263/* 2324/*
2264 * called after apply_creds without the task lock held 2325 * Clean up the process immediately after the installation of new credentials
2326 * due to exec
2265 */ 2327 */
2266static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) 2328static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2267{ 2329{
2268 struct task_security_struct *tsec; 2330 const struct task_security_struct *tsec = current_security();
2269 struct rlimit *rlim, *initrlim;
2270 struct itimerval itimer; 2331 struct itimerval itimer;
2271 struct bprm_security_struct *bsec; 2332 struct sighand_struct *psig;
2333 u32 osid, sid;
2272 int rc, i; 2334 int rc, i;
2335 unsigned long flags;
2273 2336
2274 tsec = current->security; 2337 secondary_ops->bprm_committed_creds(bprm);
2275 bsec = bprm->security;
2276 2338
2277 if (bsec->unsafe) { 2339 osid = tsec->osid;
2278 force_sig_specific(SIGKILL, current); 2340 sid = tsec->sid;
2279 return; 2341
2280 } 2342 if (sid == osid)
2281 if (tsec->osid == tsec->sid)
2282 return; 2343 return;
2283 2344
2284 /* Close files for which the new task SID is not authorized. */ 2345 /* Check whether the new SID can inherit signal state from the old SID.
2285 flush_unauthorized_files(current->files); 2346 * If not, clear itimers to avoid subsequent signal generation and
2286 2347 * flush and unblock signals.
2287 /* Check whether the new SID can inherit signal state 2348 *
2288 from the old SID. If not, clear itimers to avoid 2349 * This must occur _after_ the task SID has been updated so that any
2289 subsequent signal generation and flush and unblock 2350 * kill done after the flush will be checked against the new SID.
2290 signals. This must occur _after_ the task SID has 2351 */
2291 been updated so that any kill done after the flush 2352 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2292 will be checked against the new SID. */
2293 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2294 PROCESS__SIGINH, NULL);
2295 if (rc) { 2353 if (rc) {
2296 memset(&itimer, 0, sizeof itimer); 2354 memset(&itimer, 0, sizeof itimer);
2297 for (i = 0; i < 3; i++) 2355 for (i = 0; i < 3; i++)
@@ -2304,33 +2362,14 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2304 spin_unlock_irq(&current->sighand->siglock); 2362 spin_unlock_irq(&current->sighand->siglock);
2305 } 2363 }
2306 2364
2307 /* Always clear parent death signal on SID transitions. */ 2365 /* Wake up the parent if it is waiting so that it can recheck
2308 current->pdeath_signal = 0; 2366 * wait permission to the new task SID. */
2309 2367 read_lock_irq(&tasklist_lock);
2310 /* Check whether the new SID can inherit resource limits 2368 psig = current->parent->sighand;
2311 from the old SID. If not, reset all soft limits to 2369 spin_lock_irqsave(&psig->siglock, flags);
2312 the lower of the current task's hard limit and the init
2313 task's soft limit. Note that the setting of hard limits
2314 (even to lower them) can be controlled by the setrlimit
2315 check. The inclusion of the init task's soft limit into
2316 the computation is to avoid resetting soft limits higher
2317 than the default soft limit for cases where the default
2318 is lower than the hard limit, e.g. RLIMIT_CORE or
2319 RLIMIT_STACK.*/
2320 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2321 PROCESS__RLIMITINH, NULL);
2322 if (rc) {
2323 for (i = 0; i < RLIM_NLIMITS; i++) {
2324 rlim = current->signal->rlim + i;
2325 initrlim = init_task.signal->rlim+i;
2326 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2327 }
2328 update_rlimit_cpu(rlim->rlim_cur);
2329 }
2330
2331 /* Wake up the parent if it is waiting so that it can
2332 recheck wait permission to the new task SID. */
2333 wake_up_interruptible(&current->parent->signal->wait_chldexit); 2370 wake_up_interruptible(&current->parent->signal->wait_chldexit);
2371 spin_unlock_irqrestore(&psig->siglock, flags);
2372 read_unlock_irq(&tasklist_lock);
2334} 2373}
2335 2374
2336/* superblock security operations */ 2375/* superblock security operations */
@@ -2435,8 +2474,9 @@ out:
2435 return rc; 2474 return rc;
2436} 2475}
2437 2476
2438static int selinux_sb_kern_mount(struct super_block *sb, void *data) 2477static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2439{ 2478{
2479 const struct cred *cred = current_cred();
2440 struct avc_audit_data ad; 2480 struct avc_audit_data ad;
2441 int rc; 2481 int rc;
2442 2482
@@ -2444,18 +2484,23 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2444 if (rc) 2484 if (rc)
2445 return rc; 2485 return rc;
2446 2486
2487 /* Allow all mounts performed by the kernel */
2488 if (flags & MS_KERNMOUNT)
2489 return 0;
2490
2447 AVC_AUDIT_DATA_INIT(&ad, FS); 2491 AVC_AUDIT_DATA_INIT(&ad, FS);
2448 ad.u.fs.path.dentry = sb->s_root; 2492 ad.u.fs.path.dentry = sb->s_root;
2449 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); 2493 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2450} 2494}
2451 2495
2452static int selinux_sb_statfs(struct dentry *dentry) 2496static int selinux_sb_statfs(struct dentry *dentry)
2453{ 2497{
2498 const struct cred *cred = current_cred();
2454 struct avc_audit_data ad; 2499 struct avc_audit_data ad;
2455 2500
2456 AVC_AUDIT_DATA_INIT(&ad, FS); 2501 AVC_AUDIT_DATA_INIT(&ad, FS);
2457 ad.u.fs.path.dentry = dentry->d_sb->s_root; 2502 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2458 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2503 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2459} 2504}
2460 2505
2461static int selinux_mount(char *dev_name, 2506static int selinux_mount(char *dev_name,
@@ -2464,6 +2509,7 @@ static int selinux_mount(char *dev_name,
2464 unsigned long flags, 2509 unsigned long flags,
2465 void *data) 2510 void *data)
2466{ 2511{
2512 const struct cred *cred = current_cred();
2467 int rc; 2513 int rc;
2468 2514
2469 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); 2515 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
@@ -2471,22 +2517,23 @@ static int selinux_mount(char *dev_name,
2471 return rc; 2517 return rc;
2472 2518
2473 if (flags & MS_REMOUNT) 2519 if (flags & MS_REMOUNT)
2474 return superblock_has_perm(current, path->mnt->mnt_sb, 2520 return superblock_has_perm(cred, path->mnt->mnt_sb,
2475 FILESYSTEM__REMOUNT, NULL); 2521 FILESYSTEM__REMOUNT, NULL);
2476 else 2522 else
2477 return dentry_has_perm(current, path->mnt, path->dentry, 2523 return dentry_has_perm(cred, path->mnt, path->dentry,
2478 FILE__MOUNTON); 2524 FILE__MOUNTON);
2479} 2525}
2480 2526
2481static int selinux_umount(struct vfsmount *mnt, int flags) 2527static int selinux_umount(struct vfsmount *mnt, int flags)
2482{ 2528{
2529 const struct cred *cred = current_cred();
2483 int rc; 2530 int rc;
2484 2531
2485 rc = secondary_ops->sb_umount(mnt, flags); 2532 rc = secondary_ops->sb_umount(mnt, flags);
2486 if (rc) 2533 if (rc)
2487 return rc; 2534 return rc;
2488 2535
2489 return superblock_has_perm(current, mnt->mnt_sb, 2536 return superblock_has_perm(cred, mnt->mnt_sb,
2490 FILESYSTEM__UNMOUNT, NULL); 2537 FILESYSTEM__UNMOUNT, NULL);
2491} 2538}
2492 2539
@@ -2506,21 +2553,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2506 char **name, void **value, 2553 char **name, void **value,
2507 size_t *len) 2554 size_t *len)
2508{ 2555{
2509 struct task_security_struct *tsec; 2556 const struct cred *cred = current_cred();
2557 const struct task_security_struct *tsec = cred->security;
2510 struct inode_security_struct *dsec; 2558 struct inode_security_struct *dsec;
2511 struct superblock_security_struct *sbsec; 2559 struct superblock_security_struct *sbsec;
2512 u32 newsid, clen; 2560 u32 sid, newsid, clen;
2513 int rc; 2561 int rc;
2514 char *namep = NULL, *context; 2562 char *namep = NULL, *context;
2515 2563
2516 tsec = current->security;
2517 dsec = dir->i_security; 2564 dsec = dir->i_security;
2518 sbsec = dir->i_sb->s_security; 2565 sbsec = dir->i_sb->s_security;
2519 2566
2520 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 2567 sid = tsec->sid;
2521 newsid = tsec->create_sid; 2568 newsid = tsec->create_sid;
2522 } else { 2569
2523 rc = security_transition_sid(tsec->sid, dsec->sid, 2570 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
2571 rc = security_transition_sid(sid, dsec->sid,
2524 inode_mode_to_security_class(inode->i_mode), 2572 inode_mode_to_security_class(inode->i_mode),
2525 &newsid); 2573 &newsid);
2526 if (rc) { 2574 if (rc) {
@@ -2623,21 +2671,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent
2623 2671
2624static int selinux_inode_readlink(struct dentry *dentry) 2672static int selinux_inode_readlink(struct dentry *dentry)
2625{ 2673{
2626 return dentry_has_perm(current, NULL, dentry, FILE__READ); 2674 const struct cred *cred = current_cred();
2675
2676 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2627} 2677}
2628 2678
2629static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) 2679static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2630{ 2680{
2681 const struct cred *cred = current_cred();
2631 int rc; 2682 int rc;
2632 2683
2633 rc = secondary_ops->inode_follow_link(dentry, nameidata); 2684 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2634 if (rc) 2685 if (rc)
2635 return rc; 2686 return rc;
2636 return dentry_has_perm(current, NULL, dentry, FILE__READ); 2687 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2637} 2688}
2638 2689
2639static int selinux_inode_permission(struct inode *inode, int mask) 2690static int selinux_inode_permission(struct inode *inode, int mask)
2640{ 2691{
2692 const struct cred *cred = current_cred();
2641 int rc; 2693 int rc;
2642 2694
2643 rc = secondary_ops->inode_permission(inode, mask); 2695 rc = secondary_ops->inode_permission(inode, mask);
@@ -2649,12 +2701,13 @@ static int selinux_inode_permission(struct inode *inode, int mask)
2649 return 0; 2701 return 0;
2650 } 2702 }
2651 2703
2652 return inode_has_perm(current, inode, 2704 return inode_has_perm(cred, inode,
2653 open_file_mask_to_av(inode->i_mode, mask), NULL); 2705 file_mask_to_av(inode->i_mode, mask), NULL);
2654} 2706}
2655 2707
2656static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2708static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2657{ 2709{
2710 const struct cred *cred = current_cred();
2658 int rc; 2711 int rc;
2659 2712
2660 rc = secondary_ops->inode_setattr(dentry, iattr); 2713 rc = secondary_ops->inode_setattr(dentry, iattr);
@@ -2666,18 +2719,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2666 2719
2667 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | 2720 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2668 ATTR_ATIME_SET | ATTR_MTIME_SET)) 2721 ATTR_ATIME_SET | ATTR_MTIME_SET))
2669 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2722 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2670 2723
2671 return dentry_has_perm(current, NULL, dentry, FILE__WRITE); 2724 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2672} 2725}
2673 2726
2674static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 2727static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2675{ 2728{
2676 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); 2729 const struct cred *cred = current_cred();
2730
2731 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2677} 2732}
2678 2733
2679static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) 2734static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2680{ 2735{
2736 const struct cred *cred = current_cred();
2737
2681 if (!strncmp(name, XATTR_SECURITY_PREFIX, 2738 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2682 sizeof XATTR_SECURITY_PREFIX - 1)) { 2739 sizeof XATTR_SECURITY_PREFIX - 1)) {
2683 if (!strcmp(name, XATTR_NAME_CAPS)) { 2740 if (!strcmp(name, XATTR_NAME_CAPS)) {
@@ -2692,18 +2749,17 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2692 2749
2693 /* Not an attribute we recognize, so just check the 2750 /* Not an attribute we recognize, so just check the
2694 ordinary setattr permission. */ 2751 ordinary setattr permission. */
2695 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2752 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2696} 2753}
2697 2754
2698static int selinux_inode_setxattr(struct dentry *dentry, const char *name, 2755static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2699 const void *value, size_t size, int flags) 2756 const void *value, size_t size, int flags)
2700{ 2757{
2701 struct task_security_struct *tsec = current->security;
2702 struct inode *inode = dentry->d_inode; 2758 struct inode *inode = dentry->d_inode;
2703 struct inode_security_struct *isec = inode->i_security; 2759 struct inode_security_struct *isec = inode->i_security;
2704 struct superblock_security_struct *sbsec; 2760 struct superblock_security_struct *sbsec;
2705 struct avc_audit_data ad; 2761 struct avc_audit_data ad;
2706 u32 newsid; 2762 u32 newsid, sid = current_sid();
2707 int rc = 0; 2763 int rc = 0;
2708 2764
2709 if (strcmp(name, XATTR_NAME_SELINUX)) 2765 if (strcmp(name, XATTR_NAME_SELINUX))
@@ -2719,7 +2775,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2719 AVC_AUDIT_DATA_INIT(&ad, FS); 2775 AVC_AUDIT_DATA_INIT(&ad, FS);
2720 ad.u.fs.path.dentry = dentry; 2776 ad.u.fs.path.dentry = dentry;
2721 2777
2722 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, 2778 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2723 FILE__RELABELFROM, &ad); 2779 FILE__RELABELFROM, &ad);
2724 if (rc) 2780 if (rc)
2725 return rc; 2781 return rc;
@@ -2733,12 +2789,12 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2733 if (rc) 2789 if (rc)
2734 return rc; 2790 return rc;
2735 2791
2736 rc = avc_has_perm(tsec->sid, newsid, isec->sclass, 2792 rc = avc_has_perm(sid, newsid, isec->sclass,
2737 FILE__RELABELTO, &ad); 2793 FILE__RELABELTO, &ad);
2738 if (rc) 2794 if (rc)
2739 return rc; 2795 return rc;
2740 2796
2741 rc = security_validate_transition(isec->sid, newsid, tsec->sid, 2797 rc = security_validate_transition(isec->sid, newsid, sid,
2742 isec->sclass); 2798 isec->sclass);
2743 if (rc) 2799 if (rc)
2744 return rc; 2800 return rc;
@@ -2778,12 +2834,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2778 2834
2779static int selinux_inode_getxattr(struct dentry *dentry, const char *name) 2835static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2780{ 2836{
2781 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2837 const struct cred *cred = current_cred();
2838
2839 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2782} 2840}
2783 2841
2784static int selinux_inode_listxattr(struct dentry *dentry) 2842static int selinux_inode_listxattr(struct dentry *dentry)
2785{ 2843{
2786 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2844 const struct cred *cred = current_cred();
2845
2846 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2787} 2847}
2788 2848
2789static int selinux_inode_removexattr(struct dentry *dentry, const char *name) 2849static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
@@ -2806,7 +2866,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
2806 u32 size; 2866 u32 size;
2807 int error; 2867 int error;
2808 char *context = NULL; 2868 char *context = NULL;
2809 struct task_security_struct *tsec = current->security;
2810 struct inode_security_struct *isec = inode->i_security; 2869 struct inode_security_struct *isec = inode->i_security;
2811 2870
2812 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2871 if (strcmp(name, XATTR_SELINUX_SUFFIX))
@@ -2821,13 +2880,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
2821 * and lack of permission just means that we fall back to the 2880 * and lack of permission just means that we fall back to the
2822 * in-core context value, not a denial. 2881 * in-core context value, not a denial.
2823 */ 2882 */
2824 error = secondary_ops->capable(current, CAP_MAC_ADMIN); 2883 error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT);
2825 if (!error)
2826 error = avc_has_perm_noaudit(tsec->sid, tsec->sid,
2827 SECCLASS_CAPABILITY2,
2828 CAPABILITY2__MAC_ADMIN,
2829 0,
2830 NULL);
2831 if (!error) 2884 if (!error)
2832 error = security_sid_to_context_force(isec->sid, &context, 2885 error = security_sid_to_context_force(isec->sid, &context,
2833 &size); 2886 &size);
@@ -2894,6 +2947,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2894 2947
2895static int selinux_revalidate_file_permission(struct file *file, int mask) 2948static int selinux_revalidate_file_permission(struct file *file, int mask)
2896{ 2949{
2950 const struct cred *cred = current_cred();
2897 int rc; 2951 int rc;
2898 struct inode *inode = file->f_path.dentry->d_inode; 2952 struct inode *inode = file->f_path.dentry->d_inode;
2899 2953
@@ -2906,7 +2960,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2906 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2960 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2907 mask |= MAY_APPEND; 2961 mask |= MAY_APPEND;
2908 2962
2909 rc = file_has_perm(current, file, 2963 rc = file_has_perm(cred, file,
2910 file_mask_to_av(inode->i_mode, mask)); 2964 file_mask_to_av(inode->i_mode, mask));
2911 if (rc) 2965 if (rc)
2912 return rc; 2966 return rc;
@@ -2917,16 +2971,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2917static int selinux_file_permission(struct file *file, int mask) 2971static int selinux_file_permission(struct file *file, int mask)
2918{ 2972{
2919 struct inode *inode = file->f_path.dentry->d_inode; 2973 struct inode *inode = file->f_path.dentry->d_inode;
2920 struct task_security_struct *tsec = current->security;
2921 struct file_security_struct *fsec = file->f_security; 2974 struct file_security_struct *fsec = file->f_security;
2922 struct inode_security_struct *isec = inode->i_security; 2975 struct inode_security_struct *isec = inode->i_security;
2976 u32 sid = current_sid();
2923 2977
2924 if (!mask) { 2978 if (!mask) {
2925 /* No permission to check. Existence test. */ 2979 /* No permission to check. Existence test. */
2926 return 0; 2980 return 0;
2927 } 2981 }
2928 2982
2929 if (tsec->sid == fsec->sid && fsec->isid == isec->sid 2983 if (sid == fsec->sid && fsec->isid == isec->sid
2930 && fsec->pseqno == avc_policy_seqno()) 2984 && fsec->pseqno == avc_policy_seqno())
2931 return selinux_netlbl_inode_permission(inode, mask); 2985 return selinux_netlbl_inode_permission(inode, mask);
2932 2986
@@ -2946,6 +3000,7 @@ static void selinux_file_free_security(struct file *file)
2946static int selinux_file_ioctl(struct file *file, unsigned int cmd, 3000static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2947 unsigned long arg) 3001 unsigned long arg)
2948{ 3002{
3003 const struct cred *cred = current_cred();
2949 u32 av = 0; 3004 u32 av = 0;
2950 3005
2951 if (_IOC_DIR(cmd) & _IOC_WRITE) 3006 if (_IOC_DIR(cmd) & _IOC_WRITE)
@@ -2955,11 +3010,14 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2955 if (!av) 3010 if (!av)
2956 av = FILE__IOCTL; 3011 av = FILE__IOCTL;
2957 3012
2958 return file_has_perm(current, file, av); 3013 return file_has_perm(cred, file, av);
2959} 3014}
2960 3015
2961static int file_map_prot_check(struct file *file, unsigned long prot, int shared) 3016static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2962{ 3017{
3018 const struct cred *cred = current_cred();
3019 int rc = 0;
3020
2963#ifndef CONFIG_PPC32 3021#ifndef CONFIG_PPC32
2964 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { 3022 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2965 /* 3023 /*
@@ -2967,9 +3025,9 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
2967 * private file mapping that will also be writable. 3025 * private file mapping that will also be writable.
2968 * This has an additional check. 3026 * This has an additional check.
2969 */ 3027 */
2970 int rc = task_has_perm(current, current, PROCESS__EXECMEM); 3028 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
2971 if (rc) 3029 if (rc)
2972 return rc; 3030 goto error;
2973 } 3031 }
2974#endif 3032#endif
2975 3033
@@ -2984,9 +3042,11 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
2984 if (prot & PROT_EXEC) 3042 if (prot & PROT_EXEC)
2985 av |= FILE__EXECUTE; 3043 av |= FILE__EXECUTE;
2986 3044
2987 return file_has_perm(current, file, av); 3045 return file_has_perm(cred, file, av);
2988 } 3046 }
2989 return 0; 3047
3048error:
3049 return rc;
2990} 3050}
2991 3051
2992static int selinux_file_mmap(struct file *file, unsigned long reqprot, 3052static int selinux_file_mmap(struct file *file, unsigned long reqprot,
@@ -2994,7 +3054,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2994 unsigned long addr, unsigned long addr_only) 3054 unsigned long addr, unsigned long addr_only)
2995{ 3055{
2996 int rc = 0; 3056 int rc = 0;
2997 u32 sid = ((struct task_security_struct *)(current->security))->sid; 3057 u32 sid = current_sid();
2998 3058
2999 if (addr < mmap_min_addr) 3059 if (addr < mmap_min_addr)
3000 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, 3060 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
@@ -3013,6 +3073,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3013 unsigned long reqprot, 3073 unsigned long reqprot,
3014 unsigned long prot) 3074 unsigned long prot)
3015{ 3075{
3076 const struct cred *cred = current_cred();
3016 int rc; 3077 int rc;
3017 3078
3018 rc = secondary_ops->file_mprotect(vma, reqprot, prot); 3079 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
@@ -3027,12 +3088,11 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3027 rc = 0; 3088 rc = 0;
3028 if (vma->vm_start >= vma->vm_mm->start_brk && 3089 if (vma->vm_start >= vma->vm_mm->start_brk &&
3029 vma->vm_end <= vma->vm_mm->brk) { 3090 vma->vm_end <= vma->vm_mm->brk) {
3030 rc = task_has_perm(current, current, 3091 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3031 PROCESS__EXECHEAP);
3032 } else if (!vma->vm_file && 3092 } else if (!vma->vm_file &&
3033 vma->vm_start <= vma->vm_mm->start_stack && 3093 vma->vm_start <= vma->vm_mm->start_stack &&
3034 vma->vm_end >= vma->vm_mm->start_stack) { 3094 vma->vm_end >= vma->vm_mm->start_stack) {
3035 rc = task_has_perm(current, current, PROCESS__EXECSTACK); 3095 rc = current_has_perm(current, PROCESS__EXECSTACK);
3036 } else if (vma->vm_file && vma->anon_vma) { 3096 } else if (vma->vm_file && vma->anon_vma) {
3037 /* 3097 /*
3038 * We are making executable a file mapping that has 3098 * We are making executable a file mapping that has
@@ -3041,8 +3101,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3041 * modified content. This typically should only 3101 * modified content. This typically should only
3042 * occur for text relocations. 3102 * occur for text relocations.
3043 */ 3103 */
3044 rc = file_has_perm(current, vma->vm_file, 3104 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3045 FILE__EXECMOD);
3046 } 3105 }
3047 if (rc) 3106 if (rc)
3048 return rc; 3107 return rc;
@@ -3054,12 +3113,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3054 3113
3055static int selinux_file_lock(struct file *file, unsigned int cmd) 3114static int selinux_file_lock(struct file *file, unsigned int cmd)
3056{ 3115{
3057 return file_has_perm(current, file, FILE__LOCK); 3116 const struct cred *cred = current_cred();
3117
3118 return file_has_perm(cred, file, FILE__LOCK);
3058} 3119}
3059 3120
3060static int selinux_file_fcntl(struct file *file, unsigned int cmd, 3121static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3061 unsigned long arg) 3122 unsigned long arg)
3062{ 3123{
3124 const struct cred *cred = current_cred();
3063 int err = 0; 3125 int err = 0;
3064 3126
3065 switch (cmd) { 3127 switch (cmd) {
@@ -3070,7 +3132,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3070 } 3132 }
3071 3133
3072 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 3134 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3073 err = file_has_perm(current, file, FILE__WRITE); 3135 err = file_has_perm(cred, file, FILE__WRITE);
3074 break; 3136 break;
3075 } 3137 }
3076 /* fall through */ 3138 /* fall through */
@@ -3080,7 +3142,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3080 case F_GETOWN: 3142 case F_GETOWN:
3081 case F_GETSIG: 3143 case F_GETSIG:
3082 /* Just check FD__USE permission */ 3144 /* Just check FD__USE permission */
3083 err = file_has_perm(current, file, 0); 3145 err = file_has_perm(cred, file, 0);
3084 break; 3146 break;
3085 case F_GETLK: 3147 case F_GETLK:
3086 case F_SETLK: 3148 case F_SETLK:
@@ -3094,7 +3156,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3094 err = -EINVAL; 3156 err = -EINVAL;
3095 break; 3157 break;
3096 } 3158 }
3097 err = file_has_perm(current, file, FILE__LOCK); 3159 err = file_has_perm(cred, file, FILE__LOCK);
3098 break; 3160 break;
3099 } 3161 }
3100 3162
@@ -3103,12 +3165,10 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3103 3165
3104static int selinux_file_set_fowner(struct file *file) 3166static int selinux_file_set_fowner(struct file *file)
3105{ 3167{
3106 struct task_security_struct *tsec;
3107 struct file_security_struct *fsec; 3168 struct file_security_struct *fsec;
3108 3169
3109 tsec = current->security;
3110 fsec = file->f_security; 3170 fsec = file->f_security;
3111 fsec->fown_sid = tsec->sid; 3171 fsec->fown_sid = current_sid();
3112 3172
3113 return 0; 3173 return 0;
3114} 3174}
@@ -3117,14 +3177,13 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3117 struct fown_struct *fown, int signum) 3177 struct fown_struct *fown, int signum)
3118{ 3178{
3119 struct file *file; 3179 struct file *file;
3180 u32 sid = current_sid();
3120 u32 perm; 3181 u32 perm;
3121 struct task_security_struct *tsec;
3122 struct file_security_struct *fsec; 3182 struct file_security_struct *fsec;
3123 3183
3124 /* struct fown_struct is never outside the context of a struct file */ 3184 /* struct fown_struct is never outside the context of a struct file */
3125 file = container_of(fown, struct file, f_owner); 3185 file = container_of(fown, struct file, f_owner);
3126 3186
3127 tsec = tsk->security;
3128 fsec = file->f_security; 3187 fsec = file->f_security;
3129 3188
3130 if (!signum) 3189 if (!signum)
@@ -3132,20 +3191,23 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3132 else 3191 else
3133 perm = signal_to_av(signum); 3192 perm = signal_to_av(signum);
3134 3193
3135 return avc_has_perm(fsec->fown_sid, tsec->sid, 3194 return avc_has_perm(fsec->fown_sid, sid,
3136 SECCLASS_PROCESS, perm, NULL); 3195 SECCLASS_PROCESS, perm, NULL);
3137} 3196}
3138 3197
3139static int selinux_file_receive(struct file *file) 3198static int selinux_file_receive(struct file *file)
3140{ 3199{
3141 return file_has_perm(current, file, file_to_av(file)); 3200 const struct cred *cred = current_cred();
3201
3202 return file_has_perm(cred, file, file_to_av(file));
3142} 3203}
3143 3204
3144static int selinux_dentry_open(struct file *file) 3205static int selinux_dentry_open(struct file *file, const struct cred *cred)
3145{ 3206{
3146 struct file_security_struct *fsec; 3207 struct file_security_struct *fsec;
3147 struct inode *inode; 3208 struct inode *inode;
3148 struct inode_security_struct *isec; 3209 struct inode_security_struct *isec;
3210
3149 inode = file->f_path.dentry->d_inode; 3211 inode = file->f_path.dentry->d_inode;
3150 fsec = file->f_security; 3212 fsec = file->f_security;
3151 isec = inode->i_security; 3213 isec = inode->i_security;
@@ -3166,7 +3228,7 @@ static int selinux_dentry_open(struct file *file)
3166 * new inode label or new policy. 3228 * new inode label or new policy.
3167 * This check is not redundant - do not remove. 3229 * This check is not redundant - do not remove.
3168 */ 3230 */
3169 return inode_has_perm(current, inode, file_to_av(file), NULL); 3231 return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3170} 3232}
3171 3233
3172/* task security operations */ 3234/* task security operations */
@@ -3179,36 +3241,88 @@ static int selinux_task_create(unsigned long clone_flags)
3179 if (rc) 3241 if (rc)
3180 return rc; 3242 return rc;
3181 3243
3182 return task_has_perm(current, current, PROCESS__FORK); 3244 return current_has_perm(current, PROCESS__FORK);
3183} 3245}
3184 3246
3185static int selinux_task_alloc_security(struct task_struct *tsk) 3247/*
3248 * detach and free the LSM part of a set of credentials
3249 */
3250static void selinux_cred_free(struct cred *cred)
3186{ 3251{
3187 struct task_security_struct *tsec1, *tsec2; 3252 struct task_security_struct *tsec = cred->security;
3188 int rc; 3253 cred->security = NULL;
3189 3254 kfree(tsec);
3190 tsec1 = current->security; 3255}
3191 3256
3192 rc = task_alloc_security(tsk); 3257/*
3193 if (rc) 3258 * prepare a new set of credentials for modification
3194 return rc; 3259 */
3195 tsec2 = tsk->security; 3260static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3261 gfp_t gfp)
3262{
3263 const struct task_security_struct *old_tsec;
3264 struct task_security_struct *tsec;
3196 3265
3197 tsec2->osid = tsec1->osid; 3266 old_tsec = old->security;
3198 tsec2->sid = tsec1->sid;
3199 3267
3200 /* Retain the exec, fs, key, and sock SIDs across fork */ 3268 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3201 tsec2->exec_sid = tsec1->exec_sid; 3269 if (!tsec)
3202 tsec2->create_sid = tsec1->create_sid; 3270 return -ENOMEM;
3203 tsec2->keycreate_sid = tsec1->keycreate_sid;
3204 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
3205 3271
3272 new->security = tsec;
3206 return 0; 3273 return 0;
3207} 3274}
3208 3275
3209static void selinux_task_free_security(struct task_struct *tsk) 3276/*
3277 * commit new credentials
3278 */
3279static void selinux_cred_commit(struct cred *new, const struct cred *old)
3280{
3281 secondary_ops->cred_commit(new, old);
3282}
3283
3284/*
3285 * set the security data for a kernel service
3286 * - all the creation contexts are set to unlabelled
3287 */
3288static int selinux_kernel_act_as(struct cred *new, u32 secid)
3289{
3290 struct task_security_struct *tsec = new->security;
3291 u32 sid = current_sid();
3292 int ret;
3293
3294 ret = avc_has_perm(sid, secid,
3295 SECCLASS_KERNEL_SERVICE,
3296 KERNEL_SERVICE__USE_AS_OVERRIDE,
3297 NULL);
3298 if (ret == 0) {
3299 tsec->sid = secid;
3300 tsec->create_sid = 0;
3301 tsec->keycreate_sid = 0;
3302 tsec->sockcreate_sid = 0;
3303 }
3304 return ret;
3305}
3306
3307/*
3308 * set the file creation context in a security record to the same as the
3309 * objective context of the specified inode
3310 */
3311static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3210{ 3312{
3211 task_free_security(tsk); 3313 struct inode_security_struct *isec = inode->i_security;
3314 struct task_security_struct *tsec = new->security;
3315 u32 sid = current_sid();
3316 int ret;
3317
3318 ret = avc_has_perm(sid, isec->sid,
3319 SECCLASS_KERNEL_SERVICE,
3320 KERNEL_SERVICE__CREATE_FILES_AS,
3321 NULL);
3322
3323 if (ret == 0)
3324 tsec->create_sid = isec->sid;
3325 return 0;
3212} 3326}
3213 3327
3214static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 3328static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
@@ -3222,9 +3336,10 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3222 return 0; 3336 return 0;
3223} 3337}
3224 3338
3225static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 3339static int selinux_task_fix_setuid(struct cred *new, const struct cred *old,
3340 int flags)
3226{ 3341{
3227 return secondary_ops->task_post_setuid(id0, id1, id2, flags); 3342 return secondary_ops->task_fix_setuid(new, old, flags);
3228} 3343}
3229 3344
3230static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) 3345static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
@@ -3235,23 +3350,22 @@ static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3235 3350
3236static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 3351static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3237{ 3352{
3238 return task_has_perm(current, p, PROCESS__SETPGID); 3353 return current_has_perm(p, PROCESS__SETPGID);
3239} 3354}
3240 3355
3241static int selinux_task_getpgid(struct task_struct *p) 3356static int selinux_task_getpgid(struct task_struct *p)
3242{ 3357{
3243 return task_has_perm(current, p, PROCESS__GETPGID); 3358 return current_has_perm(p, PROCESS__GETPGID);
3244} 3359}
3245 3360
3246static int selinux_task_getsid(struct task_struct *p) 3361static int selinux_task_getsid(struct task_struct *p)
3247{ 3362{
3248 return task_has_perm(current, p, PROCESS__GETSESSION); 3363 return current_has_perm(p, PROCESS__GETSESSION);
3249} 3364}
3250 3365
3251static void selinux_task_getsecid(struct task_struct *p, u32 *secid) 3366static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3252{ 3367{
3253 struct task_security_struct *tsec = p->security; 3368 *secid = task_sid(p);
3254 *secid = tsec->sid;
3255} 3369}
3256 3370
3257static int selinux_task_setgroups(struct group_info *group_info) 3371static int selinux_task_setgroups(struct group_info *group_info)
@@ -3268,7 +3382,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice)
3268 if (rc) 3382 if (rc)
3269 return rc; 3383 return rc;
3270 3384
3271 return task_has_perm(current, p, PROCESS__SETSCHED); 3385 return current_has_perm(p, PROCESS__SETSCHED);
3272} 3386}
3273 3387
3274static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3388static int selinux_task_setioprio(struct task_struct *p, int ioprio)
@@ -3279,12 +3393,12 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3279 if (rc) 3393 if (rc)
3280 return rc; 3394 return rc;
3281 3395
3282 return task_has_perm(current, p, PROCESS__SETSCHED); 3396 return current_has_perm(p, PROCESS__SETSCHED);
3283} 3397}
3284 3398
3285static int selinux_task_getioprio(struct task_struct *p) 3399static int selinux_task_getioprio(struct task_struct *p)
3286{ 3400{
3287 return task_has_perm(current, p, PROCESS__GETSCHED); 3401 return current_has_perm(p, PROCESS__GETSCHED);
3288} 3402}
3289 3403
3290static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 3404static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
@@ -3299,9 +3413,9 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim
3299 /* Control the ability to change the hard limit (whether 3413 /* Control the ability to change the hard limit (whether
3300 lowering or raising it), so that the hard limit can 3414 lowering or raising it), so that the hard limit can
3301 later be used as a safe reset point for the soft limit 3415 later be used as a safe reset point for the soft limit
3302 upon context transitions. See selinux_bprm_apply_creds. */ 3416 upon context transitions. See selinux_bprm_committing_creds. */
3303 if (old_rlim->rlim_max != new_rlim->rlim_max) 3417 if (old_rlim->rlim_max != new_rlim->rlim_max)
3304 return task_has_perm(current, current, PROCESS__SETRLIMIT); 3418 return current_has_perm(current, PROCESS__SETRLIMIT);
3305 3419
3306 return 0; 3420 return 0;
3307} 3421}
@@ -3314,17 +3428,17 @@ static int selinux_task_setscheduler(struct task_struct *p, int policy, struct s
3314 if (rc) 3428 if (rc)
3315 return rc; 3429 return rc;
3316 3430
3317 return task_has_perm(current, p, PROCESS__SETSCHED); 3431 return current_has_perm(p, PROCESS__SETSCHED);
3318} 3432}
3319 3433
3320static int selinux_task_getscheduler(struct task_struct *p) 3434static int selinux_task_getscheduler(struct task_struct *p)
3321{ 3435{
3322 return task_has_perm(current, p, PROCESS__GETSCHED); 3436 return current_has_perm(p, PROCESS__GETSCHED);
3323} 3437}
3324 3438
3325static int selinux_task_movememory(struct task_struct *p) 3439static int selinux_task_movememory(struct task_struct *p)
3326{ 3440{
3327 return task_has_perm(current, p, PROCESS__SETSCHED); 3441 return current_has_perm(p, PROCESS__SETSCHED);
3328} 3442}
3329 3443
3330static int selinux_task_kill(struct task_struct *p, struct siginfo *info, 3444static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
@@ -3332,7 +3446,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3332{ 3446{
3333 u32 perm; 3447 u32 perm;
3334 int rc; 3448 int rc;
3335 struct task_security_struct *tsec;
3336 3449
3337 rc = secondary_ops->task_kill(p, info, sig, secid); 3450 rc = secondary_ops->task_kill(p, info, sig, secid);
3338 if (rc) 3451 if (rc)
@@ -3342,11 +3455,11 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3342 perm = PROCESS__SIGNULL; /* null signal; existence test */ 3455 perm = PROCESS__SIGNULL; /* null signal; existence test */
3343 else 3456 else
3344 perm = signal_to_av(sig); 3457 perm = signal_to_av(sig);
3345 tsec = p->security;
3346 if (secid) 3458 if (secid)
3347 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); 3459 rc = avc_has_perm(secid, task_sid(p),
3460 SECCLASS_PROCESS, perm, NULL);
3348 else 3461 else
3349 rc = task_has_perm(current, p, perm); 3462 rc = current_has_perm(p, perm);
3350 return rc; 3463 return rc;
3351} 3464}
3352 3465
@@ -3354,13 +3467,12 @@ static int selinux_task_prctl(int option,
3354 unsigned long arg2, 3467 unsigned long arg2,
3355 unsigned long arg3, 3468 unsigned long arg3,
3356 unsigned long arg4, 3469 unsigned long arg4,
3357 unsigned long arg5, 3470 unsigned long arg5)
3358 long *rc_p)
3359{ 3471{
3360 /* The current prctl operations do not appear to require 3472 /* The current prctl operations do not appear to require
3361 any SELinux controls since they merely observe or modify 3473 any SELinux controls since they merely observe or modify
3362 the state of the current process. */ 3474 the state of the current process. */
3363 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); 3475 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5);
3364} 3476}
3365 3477
3366static int selinux_task_wait(struct task_struct *p) 3478static int selinux_task_wait(struct task_struct *p)
@@ -3368,27 +3480,14 @@ static int selinux_task_wait(struct task_struct *p)
3368 return task_has_perm(p, current, PROCESS__SIGCHLD); 3480 return task_has_perm(p, current, PROCESS__SIGCHLD);
3369} 3481}
3370 3482
3371static void selinux_task_reparent_to_init(struct task_struct *p)
3372{
3373 struct task_security_struct *tsec;
3374
3375 secondary_ops->task_reparent_to_init(p);
3376
3377 tsec = p->security;
3378 tsec->osid = tsec->sid;
3379 tsec->sid = SECINITSID_KERNEL;
3380 return;
3381}
3382
3383static void selinux_task_to_inode(struct task_struct *p, 3483static void selinux_task_to_inode(struct task_struct *p,
3384 struct inode *inode) 3484 struct inode *inode)
3385{ 3485{
3386 struct task_security_struct *tsec = p->security;
3387 struct inode_security_struct *isec = inode->i_security; 3486 struct inode_security_struct *isec = inode->i_security;
3487 u32 sid = task_sid(p);
3388 3488
3389 isec->sid = tsec->sid; 3489 isec->sid = sid;
3390 isec->initialized = 1; 3490 isec->initialized = 1;
3391 return;
3392} 3491}
3393 3492
3394/* Returns error only if unable to parse addresses */ 3493/* Returns error only if unable to parse addresses */
@@ -3627,19 +3726,19 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3627 u32 perms) 3726 u32 perms)
3628{ 3727{
3629 struct inode_security_struct *isec; 3728 struct inode_security_struct *isec;
3630 struct task_security_struct *tsec;
3631 struct avc_audit_data ad; 3729 struct avc_audit_data ad;
3730 u32 sid;
3632 int err = 0; 3731 int err = 0;
3633 3732
3634 tsec = task->security;
3635 isec = SOCK_INODE(sock)->i_security; 3733 isec = SOCK_INODE(sock)->i_security;
3636 3734
3637 if (isec->sid == SECINITSID_KERNEL) 3735 if (isec->sid == SECINITSID_KERNEL)
3638 goto out; 3736 goto out;
3737 sid = task_sid(task);
3639 3738
3640 AVC_AUDIT_DATA_INIT(&ad, NET); 3739 AVC_AUDIT_DATA_INIT(&ad, NET);
3641 ad.u.net.sk = sock->sk; 3740 ad.u.net.sk = sock->sk;
3642 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); 3741 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3643 3742
3644out: 3743out:
3645 return err; 3744 return err;
@@ -3648,18 +3747,20 @@ out:
3648static int selinux_socket_create(int family, int type, 3747static int selinux_socket_create(int family, int type,
3649 int protocol, int kern) 3748 int protocol, int kern)
3650{ 3749{
3750 const struct cred *cred = current_cred();
3751 const struct task_security_struct *tsec = cred->security;
3752 u32 sid, newsid;
3753 u16 secclass;
3651 int err = 0; 3754 int err = 0;
3652 struct task_security_struct *tsec;
3653 u32 newsid;
3654 3755
3655 if (kern) 3756 if (kern)
3656 goto out; 3757 goto out;
3657 3758
3658 tsec = current->security; 3759 sid = tsec->sid;
3659 newsid = tsec->sockcreate_sid ? : tsec->sid; 3760 newsid = tsec->sockcreate_sid ?: sid;
3660 err = avc_has_perm(tsec->sid, newsid, 3761
3661 socket_type_to_security_class(family, type, 3762 secclass = socket_type_to_security_class(family, type, protocol);
3662 protocol), SOCKET__CREATE, NULL); 3763 err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
3663 3764
3664out: 3765out:
3665 return err; 3766 return err;
@@ -3668,18 +3769,26 @@ out:
3668static int selinux_socket_post_create(struct socket *sock, int family, 3769static int selinux_socket_post_create(struct socket *sock, int family,
3669 int type, int protocol, int kern) 3770 int type, int protocol, int kern)
3670{ 3771{
3671 int err = 0; 3772 const struct cred *cred = current_cred();
3773 const struct task_security_struct *tsec = cred->security;
3672 struct inode_security_struct *isec; 3774 struct inode_security_struct *isec;
3673 struct task_security_struct *tsec;
3674 struct sk_security_struct *sksec; 3775 struct sk_security_struct *sksec;
3675 u32 newsid; 3776 u32 sid, newsid;
3777 int err = 0;
3778
3779 sid = tsec->sid;
3780 newsid = tsec->sockcreate_sid;
3676 3781
3677 isec = SOCK_INODE(sock)->i_security; 3782 isec = SOCK_INODE(sock)->i_security;
3678 3783
3679 tsec = current->security; 3784 if (kern)
3680 newsid = tsec->sockcreate_sid ? : tsec->sid; 3785 isec->sid = SECINITSID_KERNEL;
3786 else if (newsid)
3787 isec->sid = newsid;
3788 else
3789 isec->sid = sid;
3790
3681 isec->sclass = socket_type_to_security_class(family, type, protocol); 3791 isec->sclass = socket_type_to_security_class(family, type, protocol);
3682 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3683 isec->initialized = 1; 3792 isec->initialized = 1;
3684 3793
3685 if (sock->sk) { 3794 if (sock->sk) {
@@ -3714,7 +3823,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3714 if (family == PF_INET || family == PF_INET6) { 3823 if (family == PF_INET || family == PF_INET6) {
3715 char *addrp; 3824 char *addrp;
3716 struct inode_security_struct *isec; 3825 struct inode_security_struct *isec;
3717 struct task_security_struct *tsec;
3718 struct avc_audit_data ad; 3826 struct avc_audit_data ad;
3719 struct sockaddr_in *addr4 = NULL; 3827 struct sockaddr_in *addr4 = NULL;
3720 struct sockaddr_in6 *addr6 = NULL; 3828 struct sockaddr_in6 *addr6 = NULL;
@@ -3722,7 +3830,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3722 struct sock *sk = sock->sk; 3830 struct sock *sk = sock->sk;
3723 u32 sid, node_perm; 3831 u32 sid, node_perm;
3724 3832
3725 tsec = current->security;
3726 isec = SOCK_INODE(sock)->i_security; 3833 isec = SOCK_INODE(sock)->i_security;
3727 3834
3728 if (family == PF_INET) { 3835 if (family == PF_INET) {
@@ -4387,7 +4494,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4387 "SELinux: unrecognized netlink message" 4494 "SELinux: unrecognized netlink message"
4388 " type=%hu for sclass=%hu\n", 4495 " type=%hu for sclass=%hu\n",
4389 nlh->nlmsg_type, isec->sclass); 4496 nlh->nlmsg_type, isec->sclass);
4390 if (!selinux_enforcing) 4497 if (!selinux_enforcing || security_get_allow_unknown())
4391 err = 0; 4498 err = 0;
4392 } 4499 }
4393 4500
@@ -4763,15 +4870,16 @@ static int ipc_alloc_security(struct task_struct *task,
4763 struct kern_ipc_perm *perm, 4870 struct kern_ipc_perm *perm,
4764 u16 sclass) 4871 u16 sclass)
4765{ 4872{
4766 struct task_security_struct *tsec = task->security;
4767 struct ipc_security_struct *isec; 4873 struct ipc_security_struct *isec;
4874 u32 sid;
4768 4875
4769 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 4876 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4770 if (!isec) 4877 if (!isec)
4771 return -ENOMEM; 4878 return -ENOMEM;
4772 4879
4880 sid = task_sid(task);
4773 isec->sclass = sclass; 4881 isec->sclass = sclass;
4774 isec->sid = tsec->sid; 4882 isec->sid = sid;
4775 perm->security = isec; 4883 perm->security = isec;
4776 4884
4777 return 0; 4885 return 0;
@@ -4809,17 +4917,16 @@ static void msg_msg_free_security(struct msg_msg *msg)
4809static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 4917static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4810 u32 perms) 4918 u32 perms)
4811{ 4919{
4812 struct task_security_struct *tsec;
4813 struct ipc_security_struct *isec; 4920 struct ipc_security_struct *isec;
4814 struct avc_audit_data ad; 4921 struct avc_audit_data ad;
4922 u32 sid = current_sid();
4815 4923
4816 tsec = current->security;
4817 isec = ipc_perms->security; 4924 isec = ipc_perms->security;
4818 4925
4819 AVC_AUDIT_DATA_INIT(&ad, IPC); 4926 AVC_AUDIT_DATA_INIT(&ad, IPC);
4820 ad.u.ipc_id = ipc_perms->key; 4927 ad.u.ipc_id = ipc_perms->key;
4821 4928
4822 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); 4929 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4823} 4930}
4824 4931
4825static int selinux_msg_msg_alloc_security(struct msg_msg *msg) 4932static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
@@ -4835,22 +4942,21 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg)
4835/* message queue security operations */ 4942/* message queue security operations */
4836static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 4943static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4837{ 4944{
4838 struct task_security_struct *tsec;
4839 struct ipc_security_struct *isec; 4945 struct ipc_security_struct *isec;
4840 struct avc_audit_data ad; 4946 struct avc_audit_data ad;
4947 u32 sid = current_sid();
4841 int rc; 4948 int rc;
4842 4949
4843 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); 4950 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4844 if (rc) 4951 if (rc)
4845 return rc; 4952 return rc;
4846 4953
4847 tsec = current->security;
4848 isec = msq->q_perm.security; 4954 isec = msq->q_perm.security;
4849 4955
4850 AVC_AUDIT_DATA_INIT(&ad, IPC); 4956 AVC_AUDIT_DATA_INIT(&ad, IPC);
4851 ad.u.ipc_id = msq->q_perm.key; 4957 ad.u.ipc_id = msq->q_perm.key;
4852 4958
4853 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 4959 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4854 MSGQ__CREATE, &ad); 4960 MSGQ__CREATE, &ad);
4855 if (rc) { 4961 if (rc) {
4856 ipc_free_security(&msq->q_perm); 4962 ipc_free_security(&msq->q_perm);
@@ -4866,17 +4972,16 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq)
4866 4972
4867static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 4973static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4868{ 4974{
4869 struct task_security_struct *tsec;
4870 struct ipc_security_struct *isec; 4975 struct ipc_security_struct *isec;
4871 struct avc_audit_data ad; 4976 struct avc_audit_data ad;
4977 u32 sid = current_sid();
4872 4978
4873 tsec = current->security;
4874 isec = msq->q_perm.security; 4979 isec = msq->q_perm.security;
4875 4980
4876 AVC_AUDIT_DATA_INIT(&ad, IPC); 4981 AVC_AUDIT_DATA_INIT(&ad, IPC);
4877 ad.u.ipc_id = msq->q_perm.key; 4982 ad.u.ipc_id = msq->q_perm.key;
4878 4983
4879 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 4984 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4880 MSGQ__ASSOCIATE, &ad); 4985 MSGQ__ASSOCIATE, &ad);
4881} 4986}
4882 4987
@@ -4910,13 +5015,12 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4910 5015
4911static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) 5016static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4912{ 5017{
4913 struct task_security_struct *tsec;
4914 struct ipc_security_struct *isec; 5018 struct ipc_security_struct *isec;
4915 struct msg_security_struct *msec; 5019 struct msg_security_struct *msec;
4916 struct avc_audit_data ad; 5020 struct avc_audit_data ad;
5021 u32 sid = current_sid();
4917 int rc; 5022 int rc;
4918 5023
4919 tsec = current->security;
4920 isec = msq->q_perm.security; 5024 isec = msq->q_perm.security;
4921 msec = msg->security; 5025 msec = msg->security;
4922 5026
@@ -4928,9 +5032,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4928 * Compute new sid based on current process and 5032 * Compute new sid based on current process and
4929 * message queue this message will be stored in 5033 * message queue this message will be stored in
4930 */ 5034 */
4931 rc = security_transition_sid(tsec->sid, 5035 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4932 isec->sid,
4933 SECCLASS_MSG,
4934 &msec->sid); 5036 &msec->sid);
4935 if (rc) 5037 if (rc)
4936 return rc; 5038 return rc;
@@ -4940,16 +5042,16 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4940 ad.u.ipc_id = msq->q_perm.key; 5042 ad.u.ipc_id = msq->q_perm.key;
4941 5043
4942 /* Can this process write to the queue? */ 5044 /* Can this process write to the queue? */
4943 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 5045 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4944 MSGQ__WRITE, &ad); 5046 MSGQ__WRITE, &ad);
4945 if (!rc) 5047 if (!rc)
4946 /* Can this process send the message */ 5048 /* Can this process send the message */
4947 rc = avc_has_perm(tsec->sid, msec->sid, 5049 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4948 SECCLASS_MSG, MSG__SEND, &ad); 5050 MSG__SEND, &ad);
4949 if (!rc) 5051 if (!rc)
4950 /* Can the message be put in the queue? */ 5052 /* Can the message be put in the queue? */
4951 rc = avc_has_perm(msec->sid, isec->sid, 5053 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4952 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); 5054 MSGQ__ENQUEUE, &ad);
4953 5055
4954 return rc; 5056 return rc;
4955} 5057}
@@ -4958,23 +5060,22 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4958 struct task_struct *target, 5060 struct task_struct *target,
4959 long type, int mode) 5061 long type, int mode)
4960{ 5062{
4961 struct task_security_struct *tsec;
4962 struct ipc_security_struct *isec; 5063 struct ipc_security_struct *isec;
4963 struct msg_security_struct *msec; 5064 struct msg_security_struct *msec;
4964 struct avc_audit_data ad; 5065 struct avc_audit_data ad;
5066 u32 sid = task_sid(target);
4965 int rc; 5067 int rc;
4966 5068
4967 tsec = target->security;
4968 isec = msq->q_perm.security; 5069 isec = msq->q_perm.security;
4969 msec = msg->security; 5070 msec = msg->security;
4970 5071
4971 AVC_AUDIT_DATA_INIT(&ad, IPC); 5072 AVC_AUDIT_DATA_INIT(&ad, IPC);
4972 ad.u.ipc_id = msq->q_perm.key; 5073 ad.u.ipc_id = msq->q_perm.key;
4973 5074
4974 rc = avc_has_perm(tsec->sid, isec->sid, 5075 rc = avc_has_perm(sid, isec->sid,
4975 SECCLASS_MSGQ, MSGQ__READ, &ad); 5076 SECCLASS_MSGQ, MSGQ__READ, &ad);
4976 if (!rc) 5077 if (!rc)
4977 rc = avc_has_perm(tsec->sid, msec->sid, 5078 rc = avc_has_perm(sid, msec->sid,
4978 SECCLASS_MSG, MSG__RECEIVE, &ad); 5079 SECCLASS_MSG, MSG__RECEIVE, &ad);
4979 return rc; 5080 return rc;
4980} 5081}
@@ -4982,22 +5083,21 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4982/* Shared Memory security operations */ 5083/* Shared Memory security operations */
4983static int selinux_shm_alloc_security(struct shmid_kernel *shp) 5084static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4984{ 5085{
4985 struct task_security_struct *tsec;
4986 struct ipc_security_struct *isec; 5086 struct ipc_security_struct *isec;
4987 struct avc_audit_data ad; 5087 struct avc_audit_data ad;
5088 u32 sid = current_sid();
4988 int rc; 5089 int rc;
4989 5090
4990 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); 5091 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4991 if (rc) 5092 if (rc)
4992 return rc; 5093 return rc;
4993 5094
4994 tsec = current->security;
4995 isec = shp->shm_perm.security; 5095 isec = shp->shm_perm.security;
4996 5096
4997 AVC_AUDIT_DATA_INIT(&ad, IPC); 5097 AVC_AUDIT_DATA_INIT(&ad, IPC);
4998 ad.u.ipc_id = shp->shm_perm.key; 5098 ad.u.ipc_id = shp->shm_perm.key;
4999 5099
5000 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 5100 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5001 SHM__CREATE, &ad); 5101 SHM__CREATE, &ad);
5002 if (rc) { 5102 if (rc) {
5003 ipc_free_security(&shp->shm_perm); 5103 ipc_free_security(&shp->shm_perm);
@@ -5013,17 +5113,16 @@ static void selinux_shm_free_security(struct shmid_kernel *shp)
5013 5113
5014static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 5114static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5015{ 5115{
5016 struct task_security_struct *tsec;
5017 struct ipc_security_struct *isec; 5116 struct ipc_security_struct *isec;
5018 struct avc_audit_data ad; 5117 struct avc_audit_data ad;
5118 u32 sid = current_sid();
5019 5119
5020 tsec = current->security;
5021 isec = shp->shm_perm.security; 5120 isec = shp->shm_perm.security;
5022 5121
5023 AVC_AUDIT_DATA_INIT(&ad, IPC); 5122 AVC_AUDIT_DATA_INIT(&ad, IPC);
5024 ad.u.ipc_id = shp->shm_perm.key; 5123 ad.u.ipc_id = shp->shm_perm.key;
5025 5124
5026 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 5125 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5027 SHM__ASSOCIATE, &ad); 5126 SHM__ASSOCIATE, &ad);
5028} 5127}
5029 5128
@@ -5081,22 +5180,21 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
5081/* Semaphore security operations */ 5180/* Semaphore security operations */
5082static int selinux_sem_alloc_security(struct sem_array *sma) 5181static int selinux_sem_alloc_security(struct sem_array *sma)
5083{ 5182{
5084 struct task_security_struct *tsec;
5085 struct ipc_security_struct *isec; 5183 struct ipc_security_struct *isec;
5086 struct avc_audit_data ad; 5184 struct avc_audit_data ad;
5185 u32 sid = current_sid();
5087 int rc; 5186 int rc;
5088 5187
5089 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); 5188 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5090 if (rc) 5189 if (rc)
5091 return rc; 5190 return rc;
5092 5191
5093 tsec = current->security;
5094 isec = sma->sem_perm.security; 5192 isec = sma->sem_perm.security;
5095 5193
5096 AVC_AUDIT_DATA_INIT(&ad, IPC); 5194 AVC_AUDIT_DATA_INIT(&ad, IPC);
5097 ad.u.ipc_id = sma->sem_perm.key; 5195 ad.u.ipc_id = sma->sem_perm.key;
5098 5196
5099 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 5197 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5100 SEM__CREATE, &ad); 5198 SEM__CREATE, &ad);
5101 if (rc) { 5199 if (rc) {
5102 ipc_free_security(&sma->sem_perm); 5200 ipc_free_security(&sma->sem_perm);
@@ -5112,17 +5210,16 @@ static void selinux_sem_free_security(struct sem_array *sma)
5112 5210
5113static int selinux_sem_associate(struct sem_array *sma, int semflg) 5211static int selinux_sem_associate(struct sem_array *sma, int semflg)
5114{ 5212{
5115 struct task_security_struct *tsec;
5116 struct ipc_security_struct *isec; 5213 struct ipc_security_struct *isec;
5117 struct avc_audit_data ad; 5214 struct avc_audit_data ad;
5215 u32 sid = current_sid();
5118 5216
5119 tsec = current->security;
5120 isec = sma->sem_perm.security; 5217 isec = sma->sem_perm.security;
5121 5218
5122 AVC_AUDIT_DATA_INIT(&ad, IPC); 5219 AVC_AUDIT_DATA_INIT(&ad, IPC);
5123 ad.u.ipc_id = sma->sem_perm.key; 5220 ad.u.ipc_id = sma->sem_perm.key;
5124 5221
5125 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 5222 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5126 SEM__ASSOCIATE, &ad); 5223 SEM__ASSOCIATE, &ad);
5127} 5224}
5128 5225
@@ -5212,33 +5309,35 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5212static int selinux_getprocattr(struct task_struct *p, 5309static int selinux_getprocattr(struct task_struct *p,
5213 char *name, char **value) 5310 char *name, char **value)
5214{ 5311{
5215 struct task_security_struct *tsec; 5312 const struct task_security_struct *__tsec;
5216 u32 sid; 5313 u32 sid;
5217 int error; 5314 int error;
5218 unsigned len; 5315 unsigned len;
5219 5316
5220 if (current != p) { 5317 if (current != p) {
5221 error = task_has_perm(current, p, PROCESS__GETATTR); 5318 error = current_has_perm(p, PROCESS__GETATTR);
5222 if (error) 5319 if (error)
5223 return error; 5320 return error;
5224 } 5321 }
5225 5322
5226 tsec = p->security; 5323 rcu_read_lock();
5324 __tsec = __task_cred(p)->security;
5227 5325
5228 if (!strcmp(name, "current")) 5326 if (!strcmp(name, "current"))
5229 sid = tsec->sid; 5327 sid = __tsec->sid;
5230 else if (!strcmp(name, "prev")) 5328 else if (!strcmp(name, "prev"))
5231 sid = tsec->osid; 5329 sid = __tsec->osid;
5232 else if (!strcmp(name, "exec")) 5330 else if (!strcmp(name, "exec"))
5233 sid = tsec->exec_sid; 5331 sid = __tsec->exec_sid;
5234 else if (!strcmp(name, "fscreate")) 5332 else if (!strcmp(name, "fscreate"))
5235 sid = tsec->create_sid; 5333 sid = __tsec->create_sid;
5236 else if (!strcmp(name, "keycreate")) 5334 else if (!strcmp(name, "keycreate"))
5237 sid = tsec->keycreate_sid; 5335 sid = __tsec->keycreate_sid;
5238 else if (!strcmp(name, "sockcreate")) 5336 else if (!strcmp(name, "sockcreate"))
5239 sid = tsec->sockcreate_sid; 5337 sid = __tsec->sockcreate_sid;
5240 else 5338 else
5241 return -EINVAL; 5339 goto invalid;
5340 rcu_read_unlock();
5242 5341
5243 if (!sid) 5342 if (!sid)
5244 return 0; 5343 return 0;
@@ -5247,6 +5346,10 @@ static int selinux_getprocattr(struct task_struct *p,
5247 if (error) 5346 if (error)
5248 return error; 5347 return error;
5249 return len; 5348 return len;
5349
5350invalid:
5351 rcu_read_unlock();
5352 return -EINVAL;
5250} 5353}
5251 5354
5252static int selinux_setprocattr(struct task_struct *p, 5355static int selinux_setprocattr(struct task_struct *p,
@@ -5254,7 +5357,8 @@ static int selinux_setprocattr(struct task_struct *p,
5254{ 5357{
5255 struct task_security_struct *tsec; 5358 struct task_security_struct *tsec;
5256 struct task_struct *tracer; 5359 struct task_struct *tracer;
5257 u32 sid = 0; 5360 struct cred *new;
5361 u32 sid = 0, ptsid;
5258 int error; 5362 int error;
5259 char *str = value; 5363 char *str = value;
5260 5364
@@ -5270,15 +5374,15 @@ static int selinux_setprocattr(struct task_struct *p,
5270 * above restriction is ever removed. 5374 * above restriction is ever removed.
5271 */ 5375 */
5272 if (!strcmp(name, "exec")) 5376 if (!strcmp(name, "exec"))
5273 error = task_has_perm(current, p, PROCESS__SETEXEC); 5377 error = current_has_perm(p, PROCESS__SETEXEC);
5274 else if (!strcmp(name, "fscreate")) 5378 else if (!strcmp(name, "fscreate"))
5275 error = task_has_perm(current, p, PROCESS__SETFSCREATE); 5379 error = current_has_perm(p, PROCESS__SETFSCREATE);
5276 else if (!strcmp(name, "keycreate")) 5380 else if (!strcmp(name, "keycreate"))
5277 error = task_has_perm(current, p, PROCESS__SETKEYCREATE); 5381 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5278 else if (!strcmp(name, "sockcreate")) 5382 else if (!strcmp(name, "sockcreate"))
5279 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE); 5383 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5280 else if (!strcmp(name, "current")) 5384 else if (!strcmp(name, "current"))
5281 error = task_has_perm(current, p, PROCESS__SETCURRENT); 5385 error = current_has_perm(p, PROCESS__SETCURRENT);
5282 else 5386 else
5283 error = -EINVAL; 5387 error = -EINVAL;
5284 if (error) 5388 if (error)
@@ -5301,87 +5405,75 @@ static int selinux_setprocattr(struct task_struct *p,
5301 return error; 5405 return error;
5302 } 5406 }
5303 5407
5408 new = prepare_creds();
5409 if (!new)
5410 return -ENOMEM;
5411
5304 /* Permission checking based on the specified context is 5412 /* Permission checking based on the specified context is
5305 performed during the actual operation (execve, 5413 performed during the actual operation (execve,
5306 open/mkdir/...), when we know the full context of the 5414 open/mkdir/...), when we know the full context of the
5307 operation. See selinux_bprm_set_security for the execve 5415 operation. See selinux_bprm_set_creds for the execve
5308 checks and may_create for the file creation checks. The 5416 checks and may_create for the file creation checks. The
5309 operation will then fail if the context is not permitted. */ 5417 operation will then fail if the context is not permitted. */
5310 tsec = p->security; 5418 tsec = new->security;
5311 if (!strcmp(name, "exec")) 5419 if (!strcmp(name, "exec")) {
5312 tsec->exec_sid = sid; 5420 tsec->exec_sid = sid;
5313 else if (!strcmp(name, "fscreate")) 5421 } else if (!strcmp(name, "fscreate")) {
5314 tsec->create_sid = sid; 5422 tsec->create_sid = sid;
5315 else if (!strcmp(name, "keycreate")) { 5423 } else if (!strcmp(name, "keycreate")) {
5316 error = may_create_key(sid, p); 5424 error = may_create_key(sid, p);
5317 if (error) 5425 if (error)
5318 return error; 5426 goto abort_change;
5319 tsec->keycreate_sid = sid; 5427 tsec->keycreate_sid = sid;
5320 } else if (!strcmp(name, "sockcreate")) 5428 } else if (!strcmp(name, "sockcreate")) {
5321 tsec->sockcreate_sid = sid; 5429 tsec->sockcreate_sid = sid;
5322 else if (!strcmp(name, "current")) { 5430 } else if (!strcmp(name, "current")) {
5323 struct av_decision avd; 5431 error = -EINVAL;
5324
5325 if (sid == 0) 5432 if (sid == 0)
5326 return -EINVAL; 5433 goto abort_change;
5327 /* 5434
5328 * SELinux allows to change context in the following case only. 5435 /* Only allow single threaded processes to change context */
5329 * - Single threaded processes. 5436 error = -EPERM;
5330 * - Multi threaded processes intend to change its context into 5437 if (!is_single_threaded(p)) {
5331 * more restricted domain (defined by TYPEBOUNDS statement). 5438 error = security_bounded_transition(tsec->sid, sid);
5332 */ 5439 if (error)
5333 if (atomic_read(&p->mm->mm_users) != 1) { 5440 goto abort_change;
5334 struct task_struct *g, *t;
5335 struct mm_struct *mm = p->mm;
5336 read_lock(&tasklist_lock);
5337 do_each_thread(g, t) {
5338 if (t->mm == mm && t != p) {
5339 read_unlock(&tasklist_lock);
5340 error = security_bounded_transition(tsec->sid, sid);
5341 if (!error)
5342 goto boundary_ok;
5343
5344 return error;
5345 }
5346 } while_each_thread(g, t);
5347 read_unlock(&tasklist_lock);
5348 } 5441 }
5349boundary_ok:
5350 5442
5351 /* Check permissions for the transition. */ 5443 /* Check permissions for the transition. */
5352 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 5444 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5353 PROCESS__DYNTRANSITION, NULL); 5445 PROCESS__DYNTRANSITION, NULL);
5354 if (error) 5446 if (error)
5355 return error; 5447 goto abort_change;
5356 5448
5357 /* Check for ptracing, and update the task SID if ok. 5449 /* Check for ptracing, and update the task SID if ok.
5358 Otherwise, leave SID unchanged and fail. */ 5450 Otherwise, leave SID unchanged and fail. */
5451 ptsid = 0;
5359 task_lock(p); 5452 task_lock(p);
5360 rcu_read_lock();
5361 tracer = tracehook_tracer_task(p); 5453 tracer = tracehook_tracer_task(p);
5362 if (tracer != NULL) { 5454 if (tracer)
5363 struct task_security_struct *ptsec = tracer->security; 5455 ptsid = task_sid(tracer);
5364 u32 ptsid = ptsec->sid; 5456 task_unlock(p);
5365 rcu_read_unlock(); 5457
5366 error = avc_has_perm_noaudit(ptsid, sid, 5458 if (tracer) {
5367 SECCLASS_PROCESS, 5459 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5368 PROCESS__PTRACE, 0, &avd); 5460 PROCESS__PTRACE, NULL);
5369 if (!error)
5370 tsec->sid = sid;
5371 task_unlock(p);
5372 avc_audit(ptsid, sid, SECCLASS_PROCESS,
5373 PROCESS__PTRACE, &avd, error, NULL);
5374 if (error) 5461 if (error)
5375 return error; 5462 goto abort_change;
5376 } else {
5377 rcu_read_unlock();
5378 tsec->sid = sid;
5379 task_unlock(p);
5380 } 5463 }
5381 } else
5382 return -EINVAL;
5383 5464
5465 tsec->sid = sid;
5466 } else {
5467 error = -EINVAL;
5468 goto abort_change;
5469 }
5470
5471 commit_creds(new);
5384 return size; 5472 return size;
5473
5474abort_change:
5475 abort_creds(new);
5476 return error;
5385} 5477}
5386 5478
5387static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 5479static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
@@ -5401,22 +5493,23 @@ static void selinux_release_secctx(char *secdata, u32 seclen)
5401 5493
5402#ifdef CONFIG_KEYS 5494#ifdef CONFIG_KEYS
5403 5495
5404static int selinux_key_alloc(struct key *k, struct task_struct *tsk, 5496static int selinux_key_alloc(struct key *k, const struct cred *cred,
5405 unsigned long flags) 5497 unsigned long flags)
5406{ 5498{
5407 struct task_security_struct *tsec = tsk->security; 5499 const struct task_security_struct *tsec;
5408 struct key_security_struct *ksec; 5500 struct key_security_struct *ksec;
5409 5501
5410 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); 5502 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5411 if (!ksec) 5503 if (!ksec)
5412 return -ENOMEM; 5504 return -ENOMEM;
5413 5505
5506 tsec = cred->security;
5414 if (tsec->keycreate_sid) 5507 if (tsec->keycreate_sid)
5415 ksec->sid = tsec->keycreate_sid; 5508 ksec->sid = tsec->keycreate_sid;
5416 else 5509 else
5417 ksec->sid = tsec->sid; 5510 ksec->sid = tsec->sid;
5418 k->security = ksec;
5419 5511
5512 k->security = ksec;
5420 return 0; 5513 return 0;
5421} 5514}
5422 5515
@@ -5429,17 +5522,12 @@ static void selinux_key_free(struct key *k)
5429} 5522}
5430 5523
5431static int selinux_key_permission(key_ref_t key_ref, 5524static int selinux_key_permission(key_ref_t key_ref,
5432 struct task_struct *ctx, 5525 const struct cred *cred,
5433 key_perm_t perm) 5526 key_perm_t perm)
5434{ 5527{
5435 struct key *key; 5528 struct key *key;
5436 struct task_security_struct *tsec;
5437 struct key_security_struct *ksec; 5529 struct key_security_struct *ksec;
5438 5530 u32 sid;
5439 key = key_ref_to_ptr(key_ref);
5440
5441 tsec = ctx->security;
5442 ksec = key->security;
5443 5531
5444 /* if no specific permissions are requested, we skip the 5532 /* if no specific permissions are requested, we skip the
5445 permission check. No serious, additional covert channels 5533 permission check. No serious, additional covert channels
@@ -5447,8 +5535,12 @@ static int selinux_key_permission(key_ref_t key_ref,
5447 if (perm == 0) 5535 if (perm == 0)
5448 return 0; 5536 return 0;
5449 5537
5450 return avc_has_perm(tsec->sid, ksec->sid, 5538 sid = cred_sid(cred);
5451 SECCLASS_KEY, perm, NULL); 5539
5540 key = key_ref_to_ptr(key_ref);
5541 ksec = key->security;
5542
5543 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5452} 5544}
5453 5545
5454static int selinux_key_getsecurity(struct key *key, char **_buffer) 5546static int selinux_key_getsecurity(struct key *key, char **_buffer)
@@ -5473,8 +5565,7 @@ static struct security_operations selinux_ops = {
5473 .ptrace_may_access = selinux_ptrace_may_access, 5565 .ptrace_may_access = selinux_ptrace_may_access,
5474 .ptrace_traceme = selinux_ptrace_traceme, 5566 .ptrace_traceme = selinux_ptrace_traceme,
5475 .capget = selinux_capget, 5567 .capget = selinux_capget,
5476 .capset_check = selinux_capset_check, 5568 .capset = selinux_capset,
5477 .capset_set = selinux_capset_set,
5478 .sysctl = selinux_sysctl, 5569 .sysctl = selinux_sysctl,
5479 .capable = selinux_capable, 5570 .capable = selinux_capable,
5480 .quotactl = selinux_quotactl, 5571 .quotactl = selinux_quotactl,
@@ -5485,12 +5576,10 @@ static struct security_operations selinux_ops = {
5485 .netlink_send = selinux_netlink_send, 5576 .netlink_send = selinux_netlink_send,
5486 .netlink_recv = selinux_netlink_recv, 5577 .netlink_recv = selinux_netlink_recv,
5487 5578
5488 .bprm_alloc_security = selinux_bprm_alloc_security, 5579 .bprm_set_creds = selinux_bprm_set_creds,
5489 .bprm_free_security = selinux_bprm_free_security,
5490 .bprm_apply_creds = selinux_bprm_apply_creds,
5491 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
5492 .bprm_set_security = selinux_bprm_set_security,
5493 .bprm_check_security = selinux_bprm_check_security, 5580 .bprm_check_security = selinux_bprm_check_security,
5581 .bprm_committing_creds = selinux_bprm_committing_creds,
5582 .bprm_committed_creds = selinux_bprm_committed_creds,
5494 .bprm_secureexec = selinux_bprm_secureexec, 5583 .bprm_secureexec = selinux_bprm_secureexec,
5495 5584
5496 .sb_alloc_security = selinux_sb_alloc_security, 5585 .sb_alloc_security = selinux_sb_alloc_security,
@@ -5549,10 +5638,13 @@ static struct security_operations selinux_ops = {
5549 .dentry_open = selinux_dentry_open, 5638 .dentry_open = selinux_dentry_open,
5550 5639
5551 .task_create = selinux_task_create, 5640 .task_create = selinux_task_create,
5552 .task_alloc_security = selinux_task_alloc_security, 5641 .cred_free = selinux_cred_free,
5553 .task_free_security = selinux_task_free_security, 5642 .cred_prepare = selinux_cred_prepare,
5643 .cred_commit = selinux_cred_commit,
5644 .kernel_act_as = selinux_kernel_act_as,
5645 .kernel_create_files_as = selinux_kernel_create_files_as,
5554 .task_setuid = selinux_task_setuid, 5646 .task_setuid = selinux_task_setuid,
5555 .task_post_setuid = selinux_task_post_setuid, 5647 .task_fix_setuid = selinux_task_fix_setuid,
5556 .task_setgid = selinux_task_setgid, 5648 .task_setgid = selinux_task_setgid,
5557 .task_setpgid = selinux_task_setpgid, 5649 .task_setpgid = selinux_task_setpgid,
5558 .task_getpgid = selinux_task_getpgid, 5650 .task_getpgid = selinux_task_getpgid,
@@ -5569,7 +5661,6 @@ static struct security_operations selinux_ops = {
5569 .task_kill = selinux_task_kill, 5661 .task_kill = selinux_task_kill,
5570 .task_wait = selinux_task_wait, 5662 .task_wait = selinux_task_wait,
5571 .task_prctl = selinux_task_prctl, 5663 .task_prctl = selinux_task_prctl,
5572 .task_reparent_to_init = selinux_task_reparent_to_init,
5573 .task_to_inode = selinux_task_to_inode, 5664 .task_to_inode = selinux_task_to_inode,
5574 5665
5575 .ipc_permission = selinux_ipc_permission, 5666 .ipc_permission = selinux_ipc_permission,
@@ -5665,8 +5756,6 @@ static struct security_operations selinux_ops = {
5665 5756
5666static __init int selinux_init(void) 5757static __init int selinux_init(void)
5667{ 5758{
5668 struct task_security_struct *tsec;
5669
5670 if (!security_module_enable(&selinux_ops)) { 5759 if (!security_module_enable(&selinux_ops)) {
5671 selinux_enabled = 0; 5760 selinux_enabled = 0;
5672 return 0; 5761 return 0;
@@ -5680,10 +5769,7 @@ static __init int selinux_init(void)
5680 printk(KERN_INFO "SELinux: Initializing.\n"); 5769 printk(KERN_INFO "SELinux: Initializing.\n");
5681 5770
5682 /* Set the security state for the initial task. */ 5771 /* Set the security state for the initial task. */
5683 if (task_alloc_security(current)) 5772 cred_init_security();
5684 panic("SELinux: Failed to initialize initial task.\n");
5685 tsec = current->security;
5686 tsec->osid = tsec->sid = SECINITSID_KERNEL;
5687 5773
5688 sel_inode_cache = kmem_cache_create("selinux_inode_security", 5774 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5689 sizeof(struct inode_security_struct), 5775 sizeof(struct inode_security_struct),
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 1223b4ff9bee..c0c885427b91 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -176,3 +176,5 @@
176 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") 176 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
177 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") 177 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
178 S_(SECCLASS_PEER, PEER__RECV, "recv") 178 S_(SECCLASS_PEER, PEER__RECV, "recv")
179 S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override")
180 S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index c4c51165c505..0ba79fe00e11 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -841,3 +841,5 @@
841#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL 841#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
842#define MEMPROTECT__MMAP_ZERO 0x00000001UL 842#define MEMPROTECT__MMAP_ZERO 0x00000001UL
843#define PEER__RECV 0x00000001UL 843#define PEER__RECV 0x00000001UL
844#define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL
845#define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index bd813c366e34..21ec786611d4 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -72,3 +72,8 @@
72 S_(NULL) 72 S_(NULL)
73 S_("peer") 73 S_("peer")
74 S_("capability2") 74 S_("capability2")
75 S_(NULL)
76 S_(NULL)
77 S_(NULL)
78 S_(NULL)
79 S_("kernel_service")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index febf8868e852..882f27d66fac 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -52,6 +52,7 @@
52#define SECCLASS_MEMPROTECT 61 52#define SECCLASS_MEMPROTECT 61
53#define SECCLASS_PEER 68 53#define SECCLASS_PEER 68
54#define SECCLASS_CAPABILITY2 69 54#define SECCLASS_CAPABILITY2 69
55#define SECCLASS_KERNEL_SERVICE 74
55 56
56/* 57/*
57 * Security identifier indices for initial entities 58 * Security identifier indices for initial entities
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index f8be8d7fa26d..3cc45168f674 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -77,17 +77,6 @@ struct ipc_security_struct {
77 u32 sid; /* SID of IPC resource */ 77 u32 sid; /* SID of IPC resource */
78}; 78};
79 79
80struct bprm_security_struct {
81 u32 sid; /* SID for transformed process */
82 unsigned char set;
83
84 /*
85 * unsafe is used to share failure information from bprm_apply_creds()
86 * to bprm_post_apply_creds().
87 */
88 char unsafe;
89};
90
91struct netif_security_struct { 80struct netif_security_struct {
92 int ifindex; /* device index */ 81 int ifindex; /* device index */
93 u32 sid; /* SID for this interface */ 82 u32 sid; /* SID for this interface */
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index ff59c0c4804b..4ed7bab89c59 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] =
63 { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, 63 { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
64 { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, 64 { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
65 { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, 65 { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
66 { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
67 { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
68 { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
66}; 69};
67 70
68static struct nlmsg_perm nlmsg_firewall_perms[] = 71static struct nlmsg_perm nlmsg_firewall_perms[] =
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 69c9dccc8cf0..c86303638235 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val);
95static int task_has_security(struct task_struct *tsk, 95static int task_has_security(struct task_struct *tsk,
96 u32 perms) 96 u32 perms)
97{ 97{
98 struct task_security_struct *tsec; 98 const struct task_security_struct *tsec;
99 99 u32 sid = 0;
100 tsec = tsk->security; 100
101 rcu_read_lock();
102 tsec = __task_cred(tsk)->security;
103 if (tsec)
104 sid = tsec->sid;
105 rcu_read_unlock();
101 if (!tsec) 106 if (!tsec)
102 return -EACCES; 107 return -EACCES;
103 108
104 return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 109 return avc_has_perm(sid, SECINITSID_SECURITY,
105 SECCLASS_SECURITY, perms, NULL); 110 SECCLASS_SECURITY, perms, NULL);
106} 111}
107 112
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 8f17f542a116..c0eb72013d67 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
197 struct xfrm_user_sec_ctx *uctx, u32 sid) 197 struct xfrm_user_sec_ctx *uctx, u32 sid)
198{ 198{
199 int rc = 0; 199 int rc = 0;
200 struct task_security_struct *tsec = current->security; 200 const struct task_security_struct *tsec = current_security();
201 struct xfrm_sec_ctx *ctx = NULL; 201 struct xfrm_sec_ctx *ctx = NULL;
202 char *ctx_str = NULL; 202 char *ctx_str = NULL;
203 u32 str_len; 203 u32 str_len;
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
333 */ 333 */
334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
335{ 335{
336 struct task_security_struct *tsec = current->security; 336 const struct task_security_struct *tsec = current_security();
337 int rc = 0; 337 int rc = 0;
338 338
339 if (ctx) { 339 if (ctx) {
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x)
378 */ 378 */
379int selinux_xfrm_state_delete(struct xfrm_state *x) 379int selinux_xfrm_state_delete(struct xfrm_state *x)
380{ 380{
381 struct task_security_struct *tsec = current->security; 381 const struct task_security_struct *tsec = current_security();
382 struct xfrm_sec_ctx *ctx = x->security; 382 struct xfrm_sec_ctx *ctx = x->security;
383 int rc = 0; 383 int rc = 0;
384 384