aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack.h10
-rw-r--r--security/smack/smack_lsm.c24
2 files changed, 23 insertions, 11 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 7629eaeb1fb2..67ccb7b2b89b 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -299,6 +299,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp)
299 return tsp->smk_task; 299 return tsp->smk_task;
300} 300}
301 301
302static inline struct smack_known *smk_of_task_struct(const struct task_struct *t)
303{
304 struct smack_known *skp;
305
306 rcu_read_lock();
307 skp = smk_of_task(__task_cred(t)->security);
308 rcu_read_unlock();
309 return skp;
310}
311
302/* 312/*
303 * Present a pointer to the forked smack label entry in an task blob. 313 * Present a pointer to the forked smack label entry in an task blob.
304 */ 314 */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f60ded3a8da1..a0ccce4e46f8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -43,8 +43,6 @@
43#include <linux/binfmts.h> 43#include <linux/binfmts.h>
44#include "smack.h" 44#include "smack.h"
45 45
46#define task_security(task) (task_cred_xxx((task), security))
47
48#define TRANS_TRUE "TRUE" 46#define TRANS_TRUE "TRUE"
49#define TRANS_TRUE_SIZE 4 47#define TRANS_TRUE_SIZE 4
50 48
@@ -123,7 +121,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp,
123static int smk_bu_task(struct task_struct *otp, int mode, int rc) 121static int smk_bu_task(struct task_struct *otp, int mode, int rc)
124{ 122{
125 struct task_smack *tsp = current_security(); 123 struct task_smack *tsp = current_security();
126 struct task_smack *otsp = task_security(otp); 124 struct smack_known *smk_task = smk_of_task_struct(otp);
127 char acc[SMK_NUM_ACCESS_TYPE + 1]; 125 char acc[SMK_NUM_ACCESS_TYPE + 1];
128 126
129 if (rc <= 0) 127 if (rc <= 0)
@@ -131,7 +129,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
131 129
132 smk_bu_mode(mode, acc); 130 smk_bu_mode(mode, acc);
133 pr_info("Smack Bringup: (%s %s %s) %s to %s\n", 131 pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
134 tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc, 132 tsp->smk_task->smk_known, smk_task->smk_known, acc,
135 current->comm, otp->comm); 133 current->comm, otp->comm);
136 return 0; 134 return 0;
137} 135}
@@ -352,7 +350,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
352 saip = &ad; 350 saip = &ad;
353 } 351 }
354 352
355 tsp = task_security(tracer); 353 rcu_read_lock();
354 tsp = __task_cred(tracer)->security;
356 tracer_known = smk_of_task(tsp); 355 tracer_known = smk_of_task(tsp);
357 356
358 if ((mode & PTRACE_MODE_ATTACH) && 357 if ((mode & PTRACE_MODE_ATTACH) &&
@@ -372,11 +371,14 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
372 tracee_known->smk_known, 371 tracee_known->smk_known,
373 0, rc, saip); 372 0, rc, saip);
374 373
374 rcu_read_unlock();
375 return rc; 375 return rc;
376 } 376 }
377 377
378 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ 378 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
379 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); 379 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
380
381 rcu_read_unlock();
380 return rc; 382 return rc;
381} 383}
382 384
@@ -403,7 +405,7 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
403 if (rc != 0) 405 if (rc != 0)
404 return rc; 406 return rc;
405 407
406 skp = smk_of_task(task_security(ctp)); 408 skp = smk_of_task_struct(ctp);
407 409
408 rc = smk_ptrace_rule_check(current, skp, mode, __func__); 410 rc = smk_ptrace_rule_check(current, skp, mode, __func__);
409 return rc; 411 return rc;
@@ -1830,7 +1832,7 @@ static int smk_curacc_on_task(struct task_struct *p, int access,
1830 const char *caller) 1832 const char *caller)
1831{ 1833{
1832 struct smk_audit_info ad; 1834 struct smk_audit_info ad;
1833 struct smack_known *skp = smk_of_task(task_security(p)); 1835 struct smack_known *skp = smk_of_task_struct(p);
1834 int rc; 1836 int rc;
1835 1837
1836 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); 1838 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
@@ -1883,7 +1885,7 @@ static int smack_task_getsid(struct task_struct *p)
1883 */ 1885 */
1884static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1886static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1885{ 1887{
1886 struct smack_known *skp = smk_of_task(task_security(p)); 1888 struct smack_known *skp = smk_of_task_struct(p);
1887 1889
1888 *secid = skp->smk_secid; 1890 *secid = skp->smk_secid;
1889} 1891}
@@ -1990,7 +1992,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1990{ 1992{
1991 struct smk_audit_info ad; 1993 struct smk_audit_info ad;
1992 struct smack_known *skp; 1994 struct smack_known *skp;
1993 struct smack_known *tkp = smk_of_task(task_security(p)); 1995 struct smack_known *tkp = smk_of_task_struct(p);
1994 int rc; 1996 int rc;
1995 1997
1996 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1998 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
@@ -2044,7 +2046,7 @@ static int smack_task_wait(struct task_struct *p)
2044static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2046static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2045{ 2047{
2046 struct inode_smack *isp = inode->i_security; 2048 struct inode_smack *isp = inode->i_security;
2047 struct smack_known *skp = smk_of_task(task_security(p)); 2049 struct smack_known *skp = smk_of_task_struct(p);
2048 2050
2049 isp->smk_inode = skp; 2051 isp->smk_inode = skp;
2050} 2052}
@@ -3226,7 +3228,7 @@ unlockandout:
3226 */ 3228 */
3227static int smack_getprocattr(struct task_struct *p, char *name, char **value) 3229static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3228{ 3230{
3229 struct smack_known *skp = smk_of_task(task_security(p)); 3231 struct smack_known *skp = smk_of_task_struct(p);
3230 char *cp; 3232 char *cp;
3231 int slen; 3233 int slen;
3232 3234
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-18 02:14:53 -0500