diff options
Diffstat (limited to 'security')
26 files changed, 1988 insertions, 1493 deletions
diff --git a/security/capability.c b/security/capability.c index 245874819036..2dce66fcb992 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -32,24 +32,19 @@ static int cap_quota_on(struct dentry *dentry) | |||
32 | return 0; | 32 | return 0; |
33 | } | 33 | } |
34 | 34 | ||
35 | static int cap_bprm_alloc_security(struct linux_binprm *bprm) | 35 | static int cap_bprm_check_security (struct linux_binprm *bprm) |
36 | { | 36 | { |
37 | return 0; | 37 | return 0; |
38 | } | 38 | } |
39 | 39 | ||
40 | static void cap_bprm_free_security(struct linux_binprm *bprm) | 40 | static void cap_bprm_committing_creds(struct linux_binprm *bprm) |
41 | { | 41 | { |
42 | } | 42 | } |
43 | 43 | ||
44 | static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) | 44 | static void cap_bprm_committed_creds(struct linux_binprm *bprm) |
45 | { | 45 | { |
46 | } | 46 | } |
47 | 47 | ||
48 | static int cap_bprm_check_security(struct linux_binprm *bprm) | ||
49 | { | ||
50 | return 0; | ||
51 | } | ||
52 | |||
53 | static int cap_sb_alloc_security(struct super_block *sb) | 48 | static int cap_sb_alloc_security(struct super_block *sb) |
54 | { | 49 | { |
55 | return 0; | 50 | return 0; |
@@ -64,7 +59,7 @@ static int cap_sb_copy_data(char *orig, char *copy) | |||
64 | return 0; | 59 | return 0; |
65 | } | 60 | } |
66 | 61 | ||
67 | static int cap_sb_kern_mount(struct super_block *sb, void *data) | 62 | static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) |
68 | { | 63 | { |
69 | return 0; | 64 | return 0; |
70 | } | 65 | } |
@@ -330,7 +325,7 @@ static int cap_file_receive(struct file *file) | |||
330 | return 0; | 325 | return 0; |
331 | } | 326 | } |
332 | 327 | ||
333 | static int cap_dentry_open(struct file *file) | 328 | static int cap_dentry_open(struct file *file, const struct cred *cred) |
334 | { | 329 | { |
335 | return 0; | 330 | return 0; |
336 | } | 331 | } |
@@ -340,15 +335,29 @@ static int cap_task_create(unsigned long clone_flags) | |||
340 | return 0; | 335 | return 0; |
341 | } | 336 | } |
342 | 337 | ||
343 | static int cap_task_alloc_security(struct task_struct *p) | 338 | static void cap_cred_free(struct cred *cred) |
339 | { | ||
340 | } | ||
341 | |||
342 | static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) | ||
344 | { | 343 | { |
345 | return 0; | 344 | return 0; |
346 | } | 345 | } |
347 | 346 | ||
348 | static void cap_task_free_security(struct task_struct *p) | 347 | static void cap_cred_commit(struct cred *new, const struct cred *old) |
349 | { | 348 | { |
350 | } | 349 | } |
351 | 350 | ||
351 | static int cap_kernel_act_as(struct cred *new, u32 secid) | ||
352 | { | ||
353 | return 0; | ||
354 | } | ||
355 | |||
356 | static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
357 | { | ||
358 | return 0; | ||
359 | } | ||
360 | |||
352 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 361 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
353 | { | 362 | { |
354 | return 0; | 363 | return 0; |
@@ -750,7 +759,7 @@ static void cap_release_secctx(char *secdata, u32 seclen) | |||
750 | } | 759 | } |
751 | 760 | ||
752 | #ifdef CONFIG_KEYS | 761 | #ifdef CONFIG_KEYS |
753 | static int cap_key_alloc(struct key *key, struct task_struct *ctx, | 762 | static int cap_key_alloc(struct key *key, const struct cred *cred, |
754 | unsigned long flags) | 763 | unsigned long flags) |
755 | { | 764 | { |
756 | return 0; | 765 | return 0; |
@@ -760,7 +769,7 @@ static void cap_key_free(struct key *key) | |||
760 | { | 769 | { |
761 | } | 770 | } |
762 | 771 | ||
763 | static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, | 772 | static int cap_key_permission(key_ref_t key_ref, const struct cred *cred, |
764 | key_perm_t perm) | 773 | key_perm_t perm) |
765 | { | 774 | { |
766 | return 0; | 775 | return 0; |
@@ -814,8 +823,7 @@ void security_fixup_ops(struct security_operations *ops) | |||
814 | set_to_cap_if_null(ops, ptrace_may_access); | 823 | set_to_cap_if_null(ops, ptrace_may_access); |
815 | set_to_cap_if_null(ops, ptrace_traceme); | 824 | set_to_cap_if_null(ops, ptrace_traceme); |
816 | set_to_cap_if_null(ops, capget); | 825 | set_to_cap_if_null(ops, capget); |
817 | set_to_cap_if_null(ops, capset_check); | 826 | set_to_cap_if_null(ops, capset); |
818 | set_to_cap_if_null(ops, capset_set); | ||
819 | set_to_cap_if_null(ops, acct); | 827 | set_to_cap_if_null(ops, acct); |
820 | set_to_cap_if_null(ops, capable); | 828 | set_to_cap_if_null(ops, capable); |
821 | set_to_cap_if_null(ops, quotactl); | 829 | set_to_cap_if_null(ops, quotactl); |
@@ -824,11 +832,9 @@ void security_fixup_ops(struct security_operations *ops) | |||
824 | set_to_cap_if_null(ops, syslog); | 832 | set_to_cap_if_null(ops, syslog); |
825 | set_to_cap_if_null(ops, settime); | 833 | set_to_cap_if_null(ops, settime); |
826 | set_to_cap_if_null(ops, vm_enough_memory); | 834 | set_to_cap_if_null(ops, vm_enough_memory); |
827 | set_to_cap_if_null(ops, bprm_alloc_security); | 835 | set_to_cap_if_null(ops, bprm_set_creds); |
828 | set_to_cap_if_null(ops, bprm_free_security); | 836 | set_to_cap_if_null(ops, bprm_committing_creds); |
829 | set_to_cap_if_null(ops, bprm_apply_creds); | 837 | set_to_cap_if_null(ops, bprm_committed_creds); |
830 | set_to_cap_if_null(ops, bprm_post_apply_creds); | ||
831 | set_to_cap_if_null(ops, bprm_set_security); | ||
832 | set_to_cap_if_null(ops, bprm_check_security); | 838 | set_to_cap_if_null(ops, bprm_check_security); |
833 | set_to_cap_if_null(ops, bprm_secureexec); | 839 | set_to_cap_if_null(ops, bprm_secureexec); |
834 | set_to_cap_if_null(ops, sb_alloc_security); | 840 | set_to_cap_if_null(ops, sb_alloc_security); |
@@ -890,10 +896,13 @@ void security_fixup_ops(struct security_operations *ops) | |||
890 | set_to_cap_if_null(ops, file_receive); | 896 | set_to_cap_if_null(ops, file_receive); |
891 | set_to_cap_if_null(ops, dentry_open); | 897 | set_to_cap_if_null(ops, dentry_open); |
892 | set_to_cap_if_null(ops, task_create); | 898 | set_to_cap_if_null(ops, task_create); |
893 | set_to_cap_if_null(ops, task_alloc_security); | 899 | set_to_cap_if_null(ops, cred_free); |
894 | set_to_cap_if_null(ops, task_free_security); | 900 | set_to_cap_if_null(ops, cred_prepare); |
901 | set_to_cap_if_null(ops, cred_commit); | ||
902 | set_to_cap_if_null(ops, kernel_act_as); | ||
903 | set_to_cap_if_null(ops, kernel_create_files_as); | ||
895 | set_to_cap_if_null(ops, task_setuid); | 904 | set_to_cap_if_null(ops, task_setuid); |
896 | set_to_cap_if_null(ops, task_post_setuid); | 905 | set_to_cap_if_null(ops, task_fix_setuid); |
897 | set_to_cap_if_null(ops, task_setgid); | 906 | set_to_cap_if_null(ops, task_setgid); |
898 | set_to_cap_if_null(ops, task_setpgid); | 907 | set_to_cap_if_null(ops, task_setpgid); |
899 | set_to_cap_if_null(ops, task_getpgid); | 908 | set_to_cap_if_null(ops, task_getpgid); |
@@ -910,7 +919,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
910 | set_to_cap_if_null(ops, task_wait); | 919 | set_to_cap_if_null(ops, task_wait); |
911 | set_to_cap_if_null(ops, task_kill); | 920 | set_to_cap_if_null(ops, task_kill); |
912 | set_to_cap_if_null(ops, task_prctl); | 921 | set_to_cap_if_null(ops, task_prctl); |
913 | set_to_cap_if_null(ops, task_reparent_to_init); | ||
914 | set_to_cap_if_null(ops, task_to_inode); | 922 | set_to_cap_if_null(ops, task_to_inode); |
915 | set_to_cap_if_null(ops, ipc_permission); | 923 | set_to_cap_if_null(ops, ipc_permission); |
916 | set_to_cap_if_null(ops, ipc_getsecid); | 924 | set_to_cap_if_null(ops, ipc_getsecid); |
diff --git a/security/commoncap.c b/security/commoncap.c index 3976613db829..79713545cd63 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -8,6 +8,7 @@ | |||
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include <linux/capability.h> | 10 | #include <linux/capability.h> |
11 | #include <linux/audit.h> | ||
11 | #include <linux/module.h> | 12 | #include <linux/module.h> |
12 | #include <linux/init.h> | 13 | #include <linux/init.h> |
13 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
@@ -29,7 +30,7 @@ | |||
29 | 30 | ||
30 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | 31 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) |
31 | { | 32 | { |
32 | NETLINK_CB(skb).eff_cap = current->cap_effective; | 33 | NETLINK_CB(skb).eff_cap = current_cap(); |
33 | return 0; | 34 | return 0; |
34 | } | 35 | } |
35 | 36 | ||
@@ -39,23 +40,41 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
39 | return -EPERM; | 40 | return -EPERM; |
40 | return 0; | 41 | return 0; |
41 | } | 42 | } |
42 | |||
43 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
44 | 44 | ||
45 | /* | 45 | /** |
46 | * cap_capable - Determine whether a task has a particular effective capability | ||
47 | * @tsk: The task to query | ||
48 | * @cap: The capability to check for | ||
49 | * @audit: Whether to write an audit message or not | ||
50 | * | ||
51 | * Determine whether the nominated task has the specified capability amongst | ||
52 | * its effective set, returning 0 if it does, -ve if it does not. | ||
53 | * | ||
46 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
47 | * function. That is, it has the reverse semantics: cap_capable() | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
48 | * returns 0 when a task has a capability, but the kernel's capable() | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
49 | * returns 1 for this case. | 57 | * case. |
50 | */ | 58 | */ |
51 | int cap_capable (struct task_struct *tsk, int cap) | 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
52 | { | 60 | { |
61 | __u32 cap_raised; | ||
62 | |||
53 | /* Derived from include/linux/sched.h:capable. */ | 63 | /* Derived from include/linux/sched.h:capable. */ |
54 | if (cap_raised(tsk->cap_effective, cap)) | 64 | rcu_read_lock(); |
55 | return 0; | 65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); |
56 | return -EPERM; | 66 | rcu_read_unlock(); |
67 | return cap_raised ? 0 : -EPERM; | ||
57 | } | 68 | } |
58 | 69 | ||
70 | /** | ||
71 | * cap_settime - Determine whether the current process may set the system clock | ||
72 | * @ts: The time to set | ||
73 | * @tz: The timezone to set | ||
74 | * | ||
75 | * Determine whether the current process may set the system clock and timezone | ||
76 | * information, returning 0 if permission granted, -ve if denied. | ||
77 | */ | ||
59 | int cap_settime(struct timespec *ts, struct timezone *tz) | 78 | int cap_settime(struct timespec *ts, struct timezone *tz) |
60 | { | 79 | { |
61 | if (!capable(CAP_SYS_TIME)) | 80 | if (!capable(CAP_SYS_TIME)) |
@@ -63,121 +82,157 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
63 | return 0; | 82 | return 0; |
64 | } | 83 | } |
65 | 84 | ||
85 | /** | ||
86 | * cap_ptrace_may_access - Determine whether the current process may access | ||
87 | * another | ||
88 | * @child: The process to be accessed | ||
89 | * @mode: The mode of attachment. | ||
90 | * | ||
91 | * Determine whether a process may access another, returning 0 if permission | ||
92 | * granted, -ve if denied. | ||
93 | */ | ||
66 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | 94 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) |
67 | { | 95 | { |
68 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 96 | int ret = 0; |
69 | if (cap_issubset(child->cap_permitted, current->cap_permitted)) | 97 | |
70 | return 0; | 98 | rcu_read_lock(); |
71 | if (capable(CAP_SYS_PTRACE)) | 99 | if (!cap_issubset(__task_cred(child)->cap_permitted, |
72 | return 0; | 100 | current_cred()->cap_permitted) && |
73 | return -EPERM; | 101 | !capable(CAP_SYS_PTRACE)) |
102 | ret = -EPERM; | ||
103 | rcu_read_unlock(); | ||
104 | return ret; | ||
74 | } | 105 | } |
75 | 106 | ||
107 | /** | ||
108 | * cap_ptrace_traceme - Determine whether another process may trace the current | ||
109 | * @parent: The task proposed to be the tracer | ||
110 | * | ||
111 | * Determine whether the nominated task is permitted to trace the current | ||
112 | * process, returning 0 if permission is granted, -ve if denied. | ||
113 | */ | ||
76 | int cap_ptrace_traceme(struct task_struct *parent) | 114 | int cap_ptrace_traceme(struct task_struct *parent) |
77 | { | 115 | { |
78 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 116 | int ret = 0; |
79 | if (cap_issubset(current->cap_permitted, parent->cap_permitted)) | 117 | |
80 | return 0; | 118 | rcu_read_lock(); |
81 | if (has_capability(parent, CAP_SYS_PTRACE)) | 119 | if (!cap_issubset(current_cred()->cap_permitted, |
82 | return 0; | 120 | __task_cred(parent)->cap_permitted) && |
83 | return -EPERM; | 121 | !has_capability(parent, CAP_SYS_PTRACE)) |
122 | ret = -EPERM; | ||
123 | rcu_read_unlock(); | ||
124 | return ret; | ||
84 | } | 125 | } |
85 | 126 | ||
86 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, | 127 | /** |
87 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 128 | * cap_capget - Retrieve a task's capability sets |
129 | * @target: The task from which to retrieve the capability sets | ||
130 | * @effective: The place to record the effective set | ||
131 | * @inheritable: The place to record the inheritable set | ||
132 | * @permitted: The place to record the permitted set | ||
133 | * | ||
134 | * This function retrieves the capabilities of the nominated task and returns | ||
135 | * them to the caller. | ||
136 | */ | ||
137 | int cap_capget(struct task_struct *target, kernel_cap_t *effective, | ||
138 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
88 | { | 139 | { |
140 | const struct cred *cred; | ||
141 | |||
89 | /* Derived from kernel/capability.c:sys_capget. */ | 142 | /* Derived from kernel/capability.c:sys_capget. */ |
90 | *effective = target->cap_effective; | 143 | rcu_read_lock(); |
91 | *inheritable = target->cap_inheritable; | 144 | cred = __task_cred(target); |
92 | *permitted = target->cap_permitted; | 145 | *effective = cred->cap_effective; |
146 | *inheritable = cred->cap_inheritable; | ||
147 | *permitted = cred->cap_permitted; | ||
148 | rcu_read_unlock(); | ||
93 | return 0; | 149 | return 0; |
94 | } | 150 | } |
95 | 151 | ||
96 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 152 | /* |
97 | 153 | * Determine whether the inheritable capabilities are limited to the old | |
98 | static inline int cap_block_setpcap(struct task_struct *target) | 154 | * permitted set. Returns 1 if they are limited, 0 if they are not. |
99 | { | 155 | */ |
100 | /* | ||
101 | * No support for remote process capability manipulation with | ||
102 | * filesystem capability support. | ||
103 | */ | ||
104 | return (target != current); | ||
105 | } | ||
106 | |||
107 | static inline int cap_inh_is_capped(void) | 156 | static inline int cap_inh_is_capped(void) |
108 | { | 157 | { |
109 | /* | 158 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
110 | * Return 1 if changes to the inheritable set are limited | ||
111 | * to the old permitted set. That is, if the current task | ||
112 | * does *not* possess the CAP_SETPCAP capability. | ||
113 | */ | ||
114 | return (cap_capable(current, CAP_SETPCAP) != 0); | ||
115 | } | ||
116 | |||
117 | static inline int cap_limit_ptraced_target(void) { return 1; } | ||
118 | |||
119 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
120 | 159 | ||
121 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } | 160 | /* they are so limited unless the current task has the CAP_SETPCAP |
122 | static inline int cap_inh_is_capped(void) { return 1; } | 161 | * capability |
123 | static inline int cap_limit_ptraced_target(void) | 162 | */ |
124 | { | 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
125 | return !capable(CAP_SETPCAP); | 164 | return 0; |
165 | #endif | ||
166 | return 1; | ||
126 | } | 167 | } |
127 | 168 | ||
128 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 169 | /** |
129 | 170 | * cap_capset - Validate and apply proposed changes to current's capabilities | |
130 | int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, | 171 | * @new: The proposed new credentials; alterations should be made here |
131 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 172 | * @old: The current task's current credentials |
132 | { | 173 | * @effective: A pointer to the proposed new effective capabilities set |
133 | if (cap_block_setpcap(target)) { | 174 | * @inheritable: A pointer to the proposed new inheritable capabilities set |
134 | return -EPERM; | 175 | * @permitted: A pointer to the proposed new permitted capabilities set |
135 | } | 176 | * |
136 | if (cap_inh_is_capped() | 177 | * This function validates and applies a proposed mass change to the current |
137 | && !cap_issubset(*inheritable, | 178 | * process's capability sets. The changes are made to the proposed new |
138 | cap_combine(target->cap_inheritable, | 179 | * credentials, and assuming no error, will be committed by the caller of LSM. |
139 | current->cap_permitted))) { | 180 | */ |
181 | int cap_capset(struct cred *new, | ||
182 | const struct cred *old, | ||
183 | const kernel_cap_t *effective, | ||
184 | const kernel_cap_t *inheritable, | ||
185 | const kernel_cap_t *permitted) | ||
186 | { | ||
187 | if (cap_inh_is_capped() && | ||
188 | !cap_issubset(*inheritable, | ||
189 | cap_combine(old->cap_inheritable, | ||
190 | old->cap_permitted))) | ||
140 | /* incapable of using this inheritable set */ | 191 | /* incapable of using this inheritable set */ |
141 | return -EPERM; | 192 | return -EPERM; |
142 | } | 193 | |
143 | if (!cap_issubset(*inheritable, | 194 | if (!cap_issubset(*inheritable, |
144 | cap_combine(target->cap_inheritable, | 195 | cap_combine(old->cap_inheritable, |
145 | current->cap_bset))) { | 196 | old->cap_bset))) |
146 | /* no new pI capabilities outside bounding set */ | 197 | /* no new pI capabilities outside bounding set */ |
147 | return -EPERM; | 198 | return -EPERM; |
148 | } | ||
149 | 199 | ||
150 | /* verify restrictions on target's new Permitted set */ | 200 | /* verify restrictions on target's new Permitted set */ |
151 | if (!cap_issubset (*permitted, | 201 | if (!cap_issubset(*permitted, old->cap_permitted)) |
152 | cap_combine (target->cap_permitted, | ||
153 | current->cap_permitted))) { | ||
154 | return -EPERM; | 202 | return -EPERM; |
155 | } | ||
156 | 203 | ||
157 | /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ | 204 | /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ |
158 | if (!cap_issubset (*effective, *permitted)) { | 205 | if (!cap_issubset(*effective, *permitted)) |
159 | return -EPERM; | 206 | return -EPERM; |
160 | } | ||
161 | 207 | ||
208 | new->cap_effective = *effective; | ||
209 | new->cap_inheritable = *inheritable; | ||
210 | new->cap_permitted = *permitted; | ||
162 | return 0; | 211 | return 0; |
163 | } | 212 | } |
164 | 213 | ||
165 | void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, | 214 | /* |
166 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 215 | * Clear proposed capability sets for execve(). |
167 | { | 216 | */ |
168 | target->cap_effective = *effective; | ||
169 | target->cap_inheritable = *inheritable; | ||
170 | target->cap_permitted = *permitted; | ||
171 | } | ||
172 | |||
173 | static inline void bprm_clear_caps(struct linux_binprm *bprm) | 217 | static inline void bprm_clear_caps(struct linux_binprm *bprm) |
174 | { | 218 | { |
175 | cap_clear(bprm->cap_post_exec_permitted); | 219 | cap_clear(bprm->cred->cap_permitted); |
176 | bprm->cap_effective = false; | 220 | bprm->cap_effective = false; |
177 | } | 221 | } |
178 | 222 | ||
179 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 223 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
180 | 224 | ||
225 | /** | ||
226 | * cap_inode_need_killpriv - Determine if inode change affects privileges | ||
227 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV | ||
228 | * | ||
229 | * Determine if an inode having a change applied that's marked ATTR_KILL_PRIV | ||
230 | * affects the security markings on that inode, and if it is, should | ||
231 | * inode_killpriv() be invoked or the change rejected? | ||
232 | * | ||
233 | * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and | ||
234 | * -ve to deny the change. | ||
235 | */ | ||
181 | int cap_inode_need_killpriv(struct dentry *dentry) | 236 | int cap_inode_need_killpriv(struct dentry *dentry) |
182 | { | 237 | { |
183 | struct inode *inode = dentry->d_inode; | 238 | struct inode *inode = dentry->d_inode; |
@@ -192,6 +247,14 @@ int cap_inode_need_killpriv(struct dentry *dentry) | |||
192 | return 1; | 247 | return 1; |
193 | } | 248 | } |
194 | 249 | ||
250 | /** | ||
251 | * cap_inode_killpriv - Erase the security markings on an inode | ||
252 | * @dentry: The inode/dentry to alter | ||
253 | * | ||
254 | * Erase the privilege-enhancing security markings on an inode. | ||
255 | * | ||
256 | * Returns 0 if successful, -ve on error. | ||
257 | */ | ||
195 | int cap_inode_killpriv(struct dentry *dentry) | 258 | int cap_inode_killpriv(struct dentry *dentry) |
196 | { | 259 | { |
197 | struct inode *inode = dentry->d_inode; | 260 | struct inode *inode = dentry->d_inode; |
@@ -202,19 +265,75 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
202 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); | 265 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); |
203 | } | 266 | } |
204 | 267 | ||
205 | static inline int cap_from_disk(struct vfs_cap_data *caps, | 268 | /* |
206 | struct linux_binprm *bprm, unsigned size) | 269 | * Calculate the new process capability sets from the capability sets attached |
270 | * to a file. | ||
271 | */ | ||
272 | static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, | ||
273 | struct linux_binprm *bprm, | ||
274 | bool *effective) | ||
275 | { | ||
276 | struct cred *new = bprm->cred; | ||
277 | unsigned i; | ||
278 | int ret = 0; | ||
279 | |||
280 | if (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE) | ||
281 | *effective = true; | ||
282 | |||
283 | CAP_FOR_EACH_U32(i) { | ||
284 | __u32 permitted = caps->permitted.cap[i]; | ||
285 | __u32 inheritable = caps->inheritable.cap[i]; | ||
286 | |||
287 | /* | ||
288 | * pP' = (X & fP) | (pI & fI) | ||
289 | */ | ||
290 | new->cap_permitted.cap[i] = | ||
291 | (new->cap_bset.cap[i] & permitted) | | ||
292 | (new->cap_inheritable.cap[i] & inheritable); | ||
293 | |||
294 | if (permitted & ~new->cap_permitted.cap[i]) | ||
295 | /* insufficient to execute correctly */ | ||
296 | ret = -EPERM; | ||
297 | } | ||
298 | |||
299 | /* | ||
300 | * For legacy apps, with no internal support for recognizing they | ||
301 | * do not have enough capabilities, we return an error if they are | ||
302 | * missing some "forced" (aka file-permitted) capabilities. | ||
303 | */ | ||
304 | return *effective ? ret : 0; | ||
305 | } | ||
306 | |||
307 | /* | ||
308 | * Extract the on-exec-apply capability sets for an executable file. | ||
309 | */ | ||
310 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) | ||
207 | { | 311 | { |
312 | struct inode *inode = dentry->d_inode; | ||
208 | __u32 magic_etc; | 313 | __u32 magic_etc; |
209 | unsigned tocopy, i; | 314 | unsigned tocopy, i; |
210 | int ret; | 315 | int size; |
316 | struct vfs_cap_data caps; | ||
317 | |||
318 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | ||
319 | |||
320 | if (!inode || !inode->i_op || !inode->i_op->getxattr) | ||
321 | return -ENODATA; | ||
322 | |||
323 | size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, | ||
324 | XATTR_CAPS_SZ); | ||
325 | if (size == -ENODATA || size == -EOPNOTSUPP) | ||
326 | /* no data, that's ok */ | ||
327 | return -ENODATA; | ||
328 | if (size < 0) | ||
329 | return size; | ||
211 | 330 | ||
212 | if (size < sizeof(magic_etc)) | 331 | if (size < sizeof(magic_etc)) |
213 | return -EINVAL; | 332 | return -EINVAL; |
214 | 333 | ||
215 | magic_etc = le32_to_cpu(caps->magic_etc); | 334 | cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc); |
216 | 335 | ||
217 | switch ((magic_etc & VFS_CAP_REVISION_MASK)) { | 336 | switch (magic_etc & VFS_CAP_REVISION_MASK) { |
218 | case VFS_CAP_REVISION_1: | 337 | case VFS_CAP_REVISION_1: |
219 | if (size != XATTR_CAPS_SZ_1) | 338 | if (size != XATTR_CAPS_SZ_1) |
220 | return -EINVAL; | 339 | return -EINVAL; |
@@ -229,77 +348,48 @@ static inline int cap_from_disk(struct vfs_cap_data *caps, | |||
229 | return -EINVAL; | 348 | return -EINVAL; |
230 | } | 349 | } |
231 | 350 | ||
232 | if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE) { | ||
233 | bprm->cap_effective = true; | ||
234 | } else { | ||
235 | bprm->cap_effective = false; | ||
236 | } | ||
237 | |||
238 | ret = 0; | ||
239 | |||
240 | CAP_FOR_EACH_U32(i) { | 351 | CAP_FOR_EACH_U32(i) { |
241 | __u32 value_cpu; | 352 | if (i >= tocopy) |
242 | 353 | break; | |
243 | if (i >= tocopy) { | 354 | cpu_caps->permitted.cap[i] = le32_to_cpu(caps.data[i].permitted); |
244 | /* | 355 | cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable); |
245 | * Legacy capability sets have no upper bits | ||
246 | */ | ||
247 | bprm->cap_post_exec_permitted.cap[i] = 0; | ||
248 | continue; | ||
249 | } | ||
250 | /* | ||
251 | * pP' = (X & fP) | (pI & fI) | ||
252 | */ | ||
253 | value_cpu = le32_to_cpu(caps->data[i].permitted); | ||
254 | bprm->cap_post_exec_permitted.cap[i] = | ||
255 | (current->cap_bset.cap[i] & value_cpu) | | ||
256 | (current->cap_inheritable.cap[i] & | ||
257 | le32_to_cpu(caps->data[i].inheritable)); | ||
258 | if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) { | ||
259 | /* | ||
260 | * insufficient to execute correctly | ||
261 | */ | ||
262 | ret = -EPERM; | ||
263 | } | ||
264 | } | 356 | } |
265 | 357 | ||
266 | /* | 358 | return 0; |
267 | * For legacy apps, with no internal support for recognizing they | ||
268 | * do not have enough capabilities, we return an error if they are | ||
269 | * missing some "forced" (aka file-permitted) capabilities. | ||
270 | */ | ||
271 | return bprm->cap_effective ? ret : 0; | ||
272 | } | 359 | } |
273 | 360 | ||
274 | /* Locate any VFS capabilities: */ | 361 | /* |
275 | static int get_file_caps(struct linux_binprm *bprm) | 362 | * Attempt to get the on-exec apply capability sets for an executable file from |
363 | * its xattrs and, if present, apply them to the proposed credentials being | ||
364 | * constructed by execve(). | ||
365 | */ | ||
366 | static int get_file_caps(struct linux_binprm *bprm, bool *effective) | ||
276 | { | 367 | { |
277 | struct dentry *dentry; | 368 | struct dentry *dentry; |
278 | int rc = 0; | 369 | int rc = 0; |
279 | struct vfs_cap_data vcaps; | 370 | struct cpu_vfs_cap_data vcaps; |
280 | struct inode *inode; | ||
281 | 371 | ||
282 | bprm_clear_caps(bprm); | 372 | bprm_clear_caps(bprm); |
283 | 373 | ||
374 | if (!file_caps_enabled) | ||
375 | return 0; | ||
376 | |||
284 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) | 377 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) |
285 | return 0; | 378 | return 0; |
286 | 379 | ||
287 | dentry = dget(bprm->file->f_dentry); | 380 | dentry = dget(bprm->file->f_dentry); |
288 | inode = dentry->d_inode; | ||
289 | if (!inode->i_op || !inode->i_op->getxattr) | ||
290 | goto out; | ||
291 | 381 | ||
292 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &vcaps, | 382 | rc = get_vfs_caps_from_disk(dentry, &vcaps); |
293 | XATTR_CAPS_SZ); | 383 | if (rc < 0) { |
294 | if (rc == -ENODATA || rc == -EOPNOTSUPP) { | 384 | if (rc == -EINVAL) |
295 | /* no data, that's ok */ | 385 | printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n", |
296 | rc = 0; | 386 | __func__, rc, bprm->filename); |
387 | else if (rc == -ENODATA) | ||
388 | rc = 0; | ||
297 | goto out; | 389 | goto out; |
298 | } | 390 | } |
299 | if (rc < 0) | ||
300 | goto out; | ||
301 | 391 | ||
302 | rc = cap_from_disk(&vcaps, bprm, rc); | 392 | rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective); |
303 | if (rc == -EINVAL) | 393 | if (rc == -EINVAL) |
304 | printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", | 394 | printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", |
305 | __func__, rc, bprm->filename); | 395 | __func__, rc, bprm->filename); |
@@ -323,18 +413,57 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
323 | return 0; | 413 | return 0; |
324 | } | 414 | } |
325 | 415 | ||
326 | static inline int get_file_caps(struct linux_binprm *bprm) | 416 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) |
417 | { | ||
418 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | ||
419 | return -ENODATA; | ||
420 | } | ||
421 | |||
422 | static inline int get_file_caps(struct linux_binprm *bprm, bool *effective) | ||
327 | { | 423 | { |
328 | bprm_clear_caps(bprm); | 424 | bprm_clear_caps(bprm); |
329 | return 0; | 425 | return 0; |
330 | } | 426 | } |
331 | #endif | 427 | #endif |
332 | 428 | ||
333 | int cap_bprm_set_security (struct linux_binprm *bprm) | 429 | /* |
430 | * Determine whether a exec'ing process's new permitted capabilities should be | ||
431 | * limited to just what it already has. | ||
432 | * | ||
433 | * This prevents processes that are being ptraced from gaining access to | ||
434 | * CAP_SETPCAP, unless the process they're tracing already has it, and the | ||
435 | * binary they're executing has filecaps that elevate it. | ||
436 | * | ||
437 | * Returns 1 if they should be limited, 0 if they are not. | ||
438 | */ | ||
439 | static inline int cap_limit_ptraced_target(void) | ||
440 | { | ||
441 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
442 | if (capable(CAP_SETPCAP)) | ||
443 | return 0; | ||
444 | #endif | ||
445 | return 1; | ||
446 | } | ||
447 | |||
448 | /** | ||
449 | * cap_bprm_set_creds - Set up the proposed credentials for execve(). | ||
450 | * @bprm: The execution parameters, including the proposed creds | ||
451 | * | ||
452 | * Set up the proposed credentials for a new execution context being | ||
453 | * constructed by execve(). The proposed creds in @bprm->cred is altered, | ||
454 | * which won't take effect immediately. Returns 0 if successful, -ve on error. | ||
455 | */ | ||
456 | int cap_bprm_set_creds(struct linux_binprm *bprm) | ||
334 | { | 457 | { |
458 | const struct cred *old = current_cred(); | ||
459 | struct cred *new = bprm->cred; | ||
460 | bool effective; | ||
335 | int ret; | 461 | int ret; |
336 | 462 | ||
337 | ret = get_file_caps(bprm); | 463 | effective = false; |
464 | ret = get_file_caps(bprm, &effective); | ||
465 | if (ret < 0) | ||
466 | return ret; | ||
338 | 467 | ||
339 | if (!issecure(SECURE_NOROOT)) { | 468 | if (!issecure(SECURE_NOROOT)) { |
340 | /* | 469 | /* |
@@ -342,75 +471,113 @@ int cap_bprm_set_security (struct linux_binprm *bprm) | |||
342 | * executables under compatibility mode, we override the | 471 | * executables under compatibility mode, we override the |
343 | * capability sets for the file. | 472 | * capability sets for the file. |
344 | * | 473 | * |
345 | * If only the real uid is 0, we do not set the effective | 474 | * If only the real uid is 0, we do not set the effective bit. |
346 | * bit. | ||
347 | */ | 475 | */ |
348 | if (bprm->e_uid == 0 || current->uid == 0) { | 476 | if (new->euid == 0 || new->uid == 0) { |
349 | /* pP' = (cap_bset & ~0) | (pI & ~0) */ | 477 | /* pP' = (cap_bset & ~0) | (pI & ~0) */ |
350 | bprm->cap_post_exec_permitted = cap_combine( | 478 | new->cap_permitted = cap_combine(old->cap_bset, |
351 | current->cap_bset, current->cap_inheritable | 479 | old->cap_inheritable); |
352 | ); | ||
353 | bprm->cap_effective = (bprm->e_uid == 0); | ||
354 | ret = 0; | ||
355 | } | 480 | } |
481 | if (new->euid == 0) | ||
482 | effective = true; | ||
356 | } | 483 | } |
357 | 484 | ||
358 | return ret; | 485 | /* Don't let someone trace a set[ug]id/setpcap binary with the revised |
359 | } | 486 | * credentials unless they have the appropriate permit |
360 | 487 | */ | |
361 | void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | 488 | if ((new->euid != old->uid || |
362 | { | 489 | new->egid != old->gid || |
363 | if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || | 490 | !cap_issubset(new->cap_permitted, old->cap_permitted)) && |
364 | !cap_issubset(bprm->cap_post_exec_permitted, | 491 | bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { |
365 | current->cap_permitted)) { | 492 | /* downgrade; they get no more than they had, and maybe less */ |
366 | set_dumpable(current->mm, suid_dumpable); | 493 | if (!capable(CAP_SETUID)) { |
367 | current->pdeath_signal = 0; | 494 | new->euid = new->uid; |
368 | 495 | new->egid = new->gid; | |
369 | if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) { | ||
370 | if (!capable(CAP_SETUID)) { | ||
371 | bprm->e_uid = current->uid; | ||
372 | bprm->e_gid = current->gid; | ||
373 | } | ||
374 | if (cap_limit_ptraced_target()) { | ||
375 | bprm->cap_post_exec_permitted = cap_intersect( | ||
376 | bprm->cap_post_exec_permitted, | ||
377 | current->cap_permitted); | ||
378 | } | ||
379 | } | 496 | } |
497 | if (cap_limit_ptraced_target()) | ||
498 | new->cap_permitted = cap_intersect(new->cap_permitted, | ||
499 | old->cap_permitted); | ||
380 | } | 500 | } |
381 | 501 | ||
382 | current->suid = current->euid = current->fsuid = bprm->e_uid; | 502 | new->suid = new->fsuid = new->euid; |
383 | current->sgid = current->egid = current->fsgid = bprm->e_gid; | 503 | new->sgid = new->fsgid = new->egid; |
384 | 504 | ||
385 | /* For init, we want to retain the capabilities set | 505 | /* For init, we want to retain the capabilities set in the initial |
386 | * in the init_task struct. Thus we skip the usual | 506 | * task. Thus we skip the usual capability rules |
387 | * capability rules */ | 507 | */ |
388 | if (!is_global_init(current)) { | 508 | if (!is_global_init(current)) { |
389 | current->cap_permitted = bprm->cap_post_exec_permitted; | 509 | if (effective) |
390 | if (bprm->cap_effective) | 510 | new->cap_effective = new->cap_permitted; |
391 | current->cap_effective = bprm->cap_post_exec_permitted; | ||
392 | else | 511 | else |
393 | cap_clear(current->cap_effective); | 512 | cap_clear(new->cap_effective); |
394 | } | 513 | } |
514 | bprm->cap_effective = effective; | ||
395 | 515 | ||
396 | /* AUD: Audit candidate if current->cap_effective is set */ | 516 | /* |
517 | * Audit candidate if current->cap_effective is set | ||
518 | * | ||
519 | * We do not bother to audit if 3 things are true: | ||
520 | * 1) cap_effective has all caps | ||
521 | * 2) we are root | ||
522 | * 3) root is supposed to have all caps (SECURE_NOROOT) | ||
523 | * Since this is just a normal root execing a process. | ||
524 | * | ||
525 | * Number 1 above might fail if you don't have a full bset, but I think | ||
526 | * that is interesting information to audit. | ||
527 | */ | ||
528 | if (!cap_isclear(new->cap_effective)) { | ||
529 | if (!cap_issubset(CAP_FULL_SET, new->cap_effective) || | ||
530 | new->euid != 0 || new->uid != 0 || | ||
531 | issecure(SECURE_NOROOT)) { | ||
532 | ret = audit_log_bprm_fcaps(bprm, new, old); | ||
533 | if (ret < 0) | ||
534 | return ret; | ||
535 | } | ||
536 | } | ||
397 | 537 | ||
398 | current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); | 538 | new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); |
539 | return 0; | ||
399 | } | 540 | } |
400 | 541 | ||
401 | int cap_bprm_secureexec (struct linux_binprm *bprm) | 542 | /** |
543 | * cap_bprm_secureexec - Determine whether a secure execution is required | ||
544 | * @bprm: The execution parameters | ||
545 | * | ||
546 | * Determine whether a secure execution is required, return 1 if it is, and 0 | ||
547 | * if it is not. | ||
548 | * | ||
549 | * The credentials have been committed by this point, and so are no longer | ||
550 | * available through @bprm->cred. | ||
551 | */ | ||
552 | int cap_bprm_secureexec(struct linux_binprm *bprm) | ||
402 | { | 553 | { |
403 | if (current->uid != 0) { | 554 | const struct cred *cred = current_cred(); |
555 | |||
556 | if (cred->uid != 0) { | ||
404 | if (bprm->cap_effective) | 557 | if (bprm->cap_effective) |
405 | return 1; | 558 | return 1; |
406 | if (!cap_isclear(bprm->cap_post_exec_permitted)) | 559 | if (!cap_isclear(cred->cap_permitted)) |
407 | return 1; | 560 | return 1; |
408 | } | 561 | } |
409 | 562 | ||
410 | return (current->euid != current->uid || | 563 | return (cred->euid != cred->uid || |
411 | current->egid != current->gid); | 564 | cred->egid != cred->gid); |
412 | } | 565 | } |
413 | 566 | ||
567 | /** | ||
568 | * cap_inode_setxattr - Determine whether an xattr may be altered | ||
569 | * @dentry: The inode/dentry being altered | ||
570 | * @name: The name of the xattr to be changed | ||
571 | * @value: The value that the xattr will be changed to | ||
572 | * @size: The size of value | ||
573 | * @flags: The replacement flag | ||
574 | * | ||
575 | * Determine whether an xattr may be altered or set on an inode, returning 0 if | ||
576 | * permission is granted, -ve if denied. | ||
577 | * | ||
578 | * This is used to make sure security xattrs don't get updated or set by those | ||
579 | * who aren't privileged to do so. | ||
580 | */ | ||
414 | int cap_inode_setxattr(struct dentry *dentry, const char *name, | 581 | int cap_inode_setxattr(struct dentry *dentry, const char *name, |
415 | const void *value, size_t size, int flags) | 582 | const void *value, size_t size, int flags) |
416 | { | 583 | { |
@@ -418,28 +585,42 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, | |||
418 | if (!capable(CAP_SETFCAP)) | 585 | if (!capable(CAP_SETFCAP)) |
419 | return -EPERM; | 586 | return -EPERM; |
420 | return 0; | 587 | return 0; |
421 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 588 | } |
589 | |||
590 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
422 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 591 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
423 | !capable(CAP_SYS_ADMIN)) | 592 | !capable(CAP_SYS_ADMIN)) |
424 | return -EPERM; | 593 | return -EPERM; |
425 | return 0; | 594 | return 0; |
426 | } | 595 | } |
427 | 596 | ||
597 | /** | ||
598 | * cap_inode_removexattr - Determine whether an xattr may be removed | ||
599 | * @dentry: The inode/dentry being altered | ||
600 | * @name: The name of the xattr to be changed | ||
601 | * | ||
602 | * Determine whether an xattr may be removed from an inode, returning 0 if | ||
603 | * permission is granted, -ve if denied. | ||
604 | * | ||
605 | * This is used to make sure security xattrs don't get removed by those who | ||
606 | * aren't privileged to remove them. | ||
607 | */ | ||
428 | int cap_inode_removexattr(struct dentry *dentry, const char *name) | 608 | int cap_inode_removexattr(struct dentry *dentry, const char *name) |
429 | { | 609 | { |
430 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 610 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
431 | if (!capable(CAP_SETFCAP)) | 611 | if (!capable(CAP_SETFCAP)) |
432 | return -EPERM; | 612 | return -EPERM; |
433 | return 0; | 613 | return 0; |
434 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 614 | } |
615 | |||
616 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
435 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 617 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
436 | !capable(CAP_SYS_ADMIN)) | 618 | !capable(CAP_SYS_ADMIN)) |
437 | return -EPERM; | 619 | return -EPERM; |
438 | return 0; | 620 | return 0; |
439 | } | 621 | } |
440 | 622 | ||
441 | /* moved from kernel/sys.c. */ | 623 | /* |
442 | /* | ||
443 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of | 624 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of |
444 | * a process after a call to setuid, setreuid, or setresuid. | 625 | * a process after a call to setuid, setreuid, or setresuid. |
445 | * | 626 | * |
@@ -453,10 +634,10 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) | |||
453 | * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective | 634 | * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective |
454 | * capabilities are set to the permitted capabilities. | 635 | * capabilities are set to the permitted capabilities. |
455 | * | 636 | * |
456 | * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should | 637 | * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should |
457 | * never happen. | 638 | * never happen. |
458 | * | 639 | * |
459 | * -astor | 640 | * -astor |
460 | * | 641 | * |
461 | * cevans - New behaviour, Oct '99 | 642 | * cevans - New behaviour, Oct '99 |
462 | * A process may, via prctl(), elect to keep its capabilities when it | 643 | * A process may, via prctl(), elect to keep its capabilities when it |
@@ -468,61 +649,60 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) | |||
468 | * files.. | 649 | * files.. |
469 | * Thanks to Olaf Kirch and Peter Benie for spotting this. | 650 | * Thanks to Olaf Kirch and Peter Benie for spotting this. |
470 | */ | 651 | */ |
471 | static inline void cap_emulate_setxuid (int old_ruid, int old_euid, | 652 | static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old) |
472 | int old_suid) | ||
473 | { | 653 | { |
474 | if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && | 654 | if ((old->uid == 0 || old->euid == 0 || old->suid == 0) && |
475 | (current->uid != 0 && current->euid != 0 && current->suid != 0) && | 655 | (new->uid != 0 && new->euid != 0 && new->suid != 0) && |
476 | !issecure(SECURE_KEEP_CAPS)) { | 656 | !issecure(SECURE_KEEP_CAPS)) { |
477 | cap_clear (current->cap_permitted); | 657 | cap_clear(new->cap_permitted); |
478 | cap_clear (current->cap_effective); | 658 | cap_clear(new->cap_effective); |
479 | } | ||
480 | if (old_euid == 0 && current->euid != 0) { | ||
481 | cap_clear (current->cap_effective); | ||
482 | } | ||
483 | if (old_euid != 0 && current->euid == 0) { | ||
484 | current->cap_effective = current->cap_permitted; | ||
485 | } | 659 | } |
660 | if (old->euid == 0 && new->euid != 0) | ||
661 | cap_clear(new->cap_effective); | ||
662 | if (old->euid != 0 && new->euid == 0) | ||
663 | new->cap_effective = new->cap_permitted; | ||
486 | } | 664 | } |
487 | 665 | ||
488 | int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | 666 | /** |
489 | int flags) | 667 | * cap_task_fix_setuid - Fix up the results of setuid() call |
668 | * @new: The proposed credentials | ||
669 | * @old: The current task's current credentials | ||
670 | * @flags: Indications of what has changed | ||
671 | * | ||
672 | * Fix up the results of setuid() call before the credential changes are | ||
673 | * actually applied, returning 0 to grant the changes, -ve to deny them. | ||
674 | */ | ||
675 | int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) | ||
490 | { | 676 | { |
491 | switch (flags) { | 677 | switch (flags) { |
492 | case LSM_SETID_RE: | 678 | case LSM_SETID_RE: |
493 | case LSM_SETID_ID: | 679 | case LSM_SETID_ID: |
494 | case LSM_SETID_RES: | 680 | case LSM_SETID_RES: |
495 | /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ | 681 | /* juggle the capabilities to follow [RES]UID changes unless |
496 | if (!issecure (SECURE_NO_SETUID_FIXUP)) { | 682 | * otherwise suppressed */ |
497 | cap_emulate_setxuid (old_ruid, old_euid, old_suid); | 683 | if (!issecure(SECURE_NO_SETUID_FIXUP)) |
498 | } | 684 | cap_emulate_setxuid(new, old); |
499 | break; | 685 | break; |
500 | case LSM_SETID_FS: | ||
501 | { | ||
502 | uid_t old_fsuid = old_ruid; | ||
503 | 686 | ||
504 | /* Copied from kernel/sys.c:setfsuid. */ | 687 | case LSM_SETID_FS: |
505 | 688 | /* juggle the capabilties to follow FSUID changes, unless | |
506 | /* | 689 | * otherwise suppressed |
507 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? | 690 | * |
508 | * if not, we might be a bit too harsh here. | 691 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? |
509 | */ | 692 | * if not, we might be a bit too harsh here. |
510 | 693 | */ | |
511 | if (!issecure (SECURE_NO_SETUID_FIXUP)) { | 694 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
512 | if (old_fsuid == 0 && current->fsuid != 0) { | 695 | if (old->fsuid == 0 && new->fsuid != 0) |
513 | current->cap_effective = | 696 | new->cap_effective = |
514 | cap_drop_fs_set( | 697 | cap_drop_fs_set(new->cap_effective); |
515 | current->cap_effective); | 698 | |
516 | } | 699 | if (old->fsuid != 0 && new->fsuid == 0) |
517 | if (old_fsuid != 0 && current->fsuid == 0) { | 700 | new->cap_effective = |
518 | current->cap_effective = | 701 | cap_raise_fs_set(new->cap_effective, |
519 | cap_raise_fs_set( | 702 | new->cap_permitted); |
520 | current->cap_effective, | ||
521 | current->cap_permitted); | ||
522 | } | ||
523 | } | ||
524 | break; | ||
525 | } | 703 | } |
704 | break; | ||
705 | |||
526 | default: | 706 | default: |
527 | return -EINVAL; | 707 | return -EINVAL; |
528 | } | 708 | } |
@@ -543,42 +723,71 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | |||
543 | */ | 723 | */ |
544 | static int cap_safe_nice(struct task_struct *p) | 724 | static int cap_safe_nice(struct task_struct *p) |
545 | { | 725 | { |
546 | if (!cap_issubset(p->cap_permitted, current->cap_permitted) && | 726 | int is_subset; |
547 | !capable(CAP_SYS_NICE)) | 727 | |
728 | rcu_read_lock(); | ||
729 | is_subset = cap_issubset(__task_cred(p)->cap_permitted, | ||
730 | current_cred()->cap_permitted); | ||
731 | rcu_read_unlock(); | ||
732 | |||
733 | if (!is_subset && !capable(CAP_SYS_NICE)) | ||
548 | return -EPERM; | 734 | return -EPERM; |
549 | return 0; | 735 | return 0; |
550 | } | 736 | } |
551 | 737 | ||
552 | int cap_task_setscheduler (struct task_struct *p, int policy, | 738 | /** |
739 | * cap_task_setscheduler - Detemine if scheduler policy change is permitted | ||
740 | * @p: The task to affect | ||
741 | * @policy: The policy to effect | ||
742 | * @lp: The parameters to the scheduling policy | ||
743 | * | ||
744 | * Detemine if the requested scheduler policy change is permitted for the | ||
745 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
746 | */ | ||
747 | int cap_task_setscheduler(struct task_struct *p, int policy, | ||
553 | struct sched_param *lp) | 748 | struct sched_param *lp) |
554 | { | 749 | { |
555 | return cap_safe_nice(p); | 750 | return cap_safe_nice(p); |
556 | } | 751 | } |
557 | 752 | ||
558 | int cap_task_setioprio (struct task_struct *p, int ioprio) | 753 | /** |
754 | * cap_task_ioprio - Detemine if I/O priority change is permitted | ||
755 | * @p: The task to affect | ||
756 | * @ioprio: The I/O priority to set | ||
757 | * | ||
758 | * Detemine if the requested I/O priority change is permitted for the specified | ||
759 | * task, returning 0 if permission is granted, -ve if denied. | ||
760 | */ | ||
761 | int cap_task_setioprio(struct task_struct *p, int ioprio) | ||
559 | { | 762 | { |
560 | return cap_safe_nice(p); | 763 | return cap_safe_nice(p); |
561 | } | 764 | } |
562 | 765 | ||
563 | int cap_task_setnice (struct task_struct *p, int nice) | 766 | /** |
767 | * cap_task_ioprio - Detemine if task priority change is permitted | ||
768 | * @p: The task to affect | ||
769 | * @nice: The nice value to set | ||
770 | * | ||
771 | * Detemine if the requested task priority change is permitted for the | ||
772 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
773 | */ | ||
774 | int cap_task_setnice(struct task_struct *p, int nice) | ||
564 | { | 775 | { |
565 | return cap_safe_nice(p); | 776 | return cap_safe_nice(p); |
566 | } | 777 | } |
567 | 778 | ||
568 | /* | 779 | /* |
569 | * called from kernel/sys.c for prctl(PR_CABSET_DROP) | 780 | * Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from |
570 | * done without task_capability_lock() because it introduces | 781 | * the current task's bounding set. Returns 0 on success, -ve on error. |
571 | * no new races - i.e. only another task doing capget() on | ||
572 | * this task could get inconsistent info. There can be no | ||
573 | * racing writer bc a task can only change its own caps. | ||
574 | */ | 782 | */ |
575 | static long cap_prctl_drop(unsigned long cap) | 783 | static long cap_prctl_drop(struct cred *new, unsigned long cap) |
576 | { | 784 | { |
577 | if (!capable(CAP_SETPCAP)) | 785 | if (!capable(CAP_SETPCAP)) |
578 | return -EPERM; | 786 | return -EPERM; |
579 | if (!cap_valid(cap)) | 787 | if (!cap_valid(cap)) |
580 | return -EINVAL; | 788 | return -EINVAL; |
581 | cap_lower(current->cap_bset, cap); | 789 | |
790 | cap_lower(new->cap_bset, cap); | ||
582 | return 0; | 791 | return 0; |
583 | } | 792 | } |
584 | 793 | ||
@@ -598,22 +807,42 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
598 | } | 807 | } |
599 | #endif | 808 | #endif |
600 | 809 | ||
810 | /** | ||
811 | * cap_task_prctl - Implement process control functions for this security module | ||
812 | * @option: The process control function requested | ||
813 | * @arg2, @arg3, @arg4, @arg5: The argument data for this function | ||
814 | * | ||
815 | * Allow process control functions (sys_prctl()) to alter capabilities; may | ||
816 | * also deny access to other functions not otherwise implemented here. | ||
817 | * | ||
818 | * Returns 0 or +ve on success, -ENOSYS if this function is not implemented | ||
819 | * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM | ||
820 | * modules will consider performing the function. | ||
821 | */ | ||
601 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 822 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
602 | unsigned long arg4, unsigned long arg5, long *rc_p) | 823 | unsigned long arg4, unsigned long arg5) |
603 | { | 824 | { |
825 | struct cred *new; | ||
604 | long error = 0; | 826 | long error = 0; |
605 | 827 | ||
828 | new = prepare_creds(); | ||
829 | if (!new) | ||
830 | return -ENOMEM; | ||
831 | |||
606 | switch (option) { | 832 | switch (option) { |
607 | case PR_CAPBSET_READ: | 833 | case PR_CAPBSET_READ: |
834 | error = -EINVAL; | ||
608 | if (!cap_valid(arg2)) | 835 | if (!cap_valid(arg2)) |
609 | error = -EINVAL; | 836 | goto error; |
610 | else | 837 | error = !!cap_raised(new->cap_bset, arg2); |
611 | error = !!cap_raised(current->cap_bset, arg2); | 838 | goto no_change; |
612 | break; | 839 | |
613 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 840 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
614 | case PR_CAPBSET_DROP: | 841 | case PR_CAPBSET_DROP: |
615 | error = cap_prctl_drop(arg2); | 842 | error = cap_prctl_drop(new, arg2); |
616 | break; | 843 | if (error < 0) |
844 | goto error; | ||
845 | goto changed; | ||
617 | 846 | ||
618 | /* | 847 | /* |
619 | * The next four prctl's remain to assist with transitioning a | 848 | * The next four prctl's remain to assist with transitioning a |
@@ -635,12 +864,12 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
635 | * capability-based-privilege environment. | 864 | * capability-based-privilege environment. |
636 | */ | 865 | */ |
637 | case PR_SET_SECUREBITS: | 866 | case PR_SET_SECUREBITS: |
638 | if ((((current->securebits & SECURE_ALL_LOCKS) >> 1) | 867 | error = -EPERM; |
639 | & (current->securebits ^ arg2)) /*[1]*/ | 868 | if ((((new->securebits & SECURE_ALL_LOCKS) >> 1) |
640 | || ((current->securebits & SECURE_ALL_LOCKS | 869 | & (new->securebits ^ arg2)) /*[1]*/ |
641 | & ~arg2)) /*[2]*/ | 870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
642 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
643 | || (cap_capable(current, CAP_SETPCAP) != 0)) { /*[4]*/ | 872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ |
644 | /* | 873 | /* |
645 | * [1] no changing of bits that are locked | 874 | * [1] no changing of bits that are locked |
646 | * [2] no unlocking of locks | 875 | * [2] no unlocking of locks |
@@ -648,65 +877,80 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
648 | * [4] doing anything requires privilege (go read about | 877 | * [4] doing anything requires privilege (go read about |
649 | * the "sendmail capabilities bug") | 878 | * the "sendmail capabilities bug") |
650 | */ | 879 | */ |
651 | error = -EPERM; /* cannot change a locked bit */ | 880 | ) |
652 | } else { | 881 | /* cannot change a locked bit */ |
653 | current->securebits = arg2; | 882 | goto error; |
654 | } | 883 | new->securebits = arg2; |
655 | break; | 884 | goto changed; |
885 | |||
656 | case PR_GET_SECUREBITS: | 886 | case PR_GET_SECUREBITS: |
657 | error = current->securebits; | 887 | error = new->securebits; |
658 | break; | 888 | goto no_change; |
659 | 889 | ||
660 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 890 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ |
661 | 891 | ||
662 | case PR_GET_KEEPCAPS: | 892 | case PR_GET_KEEPCAPS: |
663 | if (issecure(SECURE_KEEP_CAPS)) | 893 | if (issecure(SECURE_KEEP_CAPS)) |
664 | error = 1; | 894 | error = 1; |
665 | break; | 895 | goto no_change; |
896 | |||
666 | case PR_SET_KEEPCAPS: | 897 | case PR_SET_KEEPCAPS: |
898 | error = -EINVAL; | ||
667 | if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */ | 899 | if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */ |
668 | error = -EINVAL; | 900 | goto error; |
669 | else if (issecure(SECURE_KEEP_CAPS_LOCKED)) | 901 | error = -EPERM; |
670 | error = -EPERM; | 902 | if (issecure(SECURE_KEEP_CAPS_LOCKED)) |
671 | else if (arg2) | 903 | goto error; |
672 | current->securebits |= issecure_mask(SECURE_KEEP_CAPS); | 904 | if (arg2) |
905 | new->securebits |= issecure_mask(SECURE_KEEP_CAPS); | ||
673 | else | 906 | else |
674 | current->securebits &= | 907 | new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); |
675 | ~issecure_mask(SECURE_KEEP_CAPS); | 908 | goto changed; |
676 | break; | ||
677 | 909 | ||
678 | default: | 910 | default: |
679 | /* No functionality available - continue with default */ | 911 | /* No functionality available - continue with default */ |
680 | return 0; | 912 | error = -ENOSYS; |
913 | goto error; | ||
681 | } | 914 | } |
682 | 915 | ||
683 | /* Functionality provided */ | 916 | /* Functionality provided */ |
684 | *rc_p = error; | 917 | changed: |
685 | return 1; | 918 | return commit_creds(new); |
686 | } | ||
687 | 919 | ||
688 | void cap_task_reparent_to_init (struct task_struct *p) | 920 | no_change: |
689 | { | 921 | error = 0; |
690 | cap_set_init_eff(p->cap_effective); | 922 | error: |
691 | cap_clear(p->cap_inheritable); | 923 | abort_creds(new); |
692 | cap_set_full(p->cap_permitted); | 924 | return error; |
693 | p->securebits = SECUREBITS_DEFAULT; | ||
694 | return; | ||
695 | } | 925 | } |
696 | 926 | ||
697 | int cap_syslog (int type) | 927 | /** |
928 | * cap_syslog - Determine whether syslog function is permitted | ||
929 | * @type: Function requested | ||
930 | * | ||
931 | * Determine whether the current process is permitted to use a particular | ||
932 | * syslog function, returning 0 if permission is granted, -ve if not. | ||
933 | */ | ||
934 | int cap_syslog(int type) | ||
698 | { | 935 | { |
699 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 936 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) |
700 | return -EPERM; | 937 | return -EPERM; |
701 | return 0; | 938 | return 0; |
702 | } | 939 | } |
703 | 940 | ||
941 | /** | ||
942 | * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted | ||
943 | * @mm: The VM space in which the new mapping is to be made | ||
944 | * @pages: The size of the mapping | ||
945 | * | ||
946 | * Determine whether the allocation of a new virtual mapping by the current | ||
947 | * task is permitted, returning 0 if permission is granted, -ve if not. | ||
948 | */ | ||
704 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) | 949 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) |
705 | { | 950 | { |
706 | int cap_sys_admin = 0; | 951 | int cap_sys_admin = 0; |
707 | 952 | ||
708 | if (cap_capable(current, CAP_SYS_ADMIN) == 0) | 953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
709 | cap_sys_admin = 1; | 954 | cap_sys_admin = 1; |
710 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 955 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
711 | } | 956 | } |
712 | |||
diff --git a/security/keys/internal.h b/security/keys/internal.h index 239098f0fd76..81932abefe7b 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
@@ -12,8 +12,8 @@ | |||
12 | #ifndef _INTERNAL_H | 12 | #ifndef _INTERNAL_H |
13 | #define _INTERNAL_H | 13 | #define _INTERNAL_H |
14 | 14 | ||
15 | #include <linux/sched.h> | ||
15 | #include <linux/key-type.h> | 16 | #include <linux/key-type.h> |
16 | #include <linux/key-ui.h> | ||
17 | 17 | ||
18 | static inline __attribute__((format(printf, 1, 2))) | 18 | static inline __attribute__((format(printf, 1, 2))) |
19 | void no_printk(const char *fmt, ...) | 19 | void no_printk(const char *fmt, ...) |
@@ -26,7 +26,7 @@ void no_printk(const char *fmt, ...) | |||
26 | #define kleave(FMT, ...) \ | 26 | #define kleave(FMT, ...) \ |
27 | printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) | 27 | printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
28 | #define kdebug(FMT, ...) \ | 28 | #define kdebug(FMT, ...) \ |
29 | printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) | 29 | printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__) |
30 | #else | 30 | #else |
31 | #define kenter(FMT, ...) \ | 31 | #define kenter(FMT, ...) \ |
32 | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) | 32 | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
@@ -82,6 +82,9 @@ extern struct mutex key_construction_mutex; | |||
82 | extern wait_queue_head_t request_key_conswq; | 82 | extern wait_queue_head_t request_key_conswq; |
83 | 83 | ||
84 | 84 | ||
85 | extern struct key_type *key_type_lookup(const char *type); | ||
86 | extern void key_type_put(struct key_type *ktype); | ||
87 | |||
85 | extern int __key_link(struct key *keyring, struct key *key); | 88 | extern int __key_link(struct key *keyring, struct key *key); |
86 | 89 | ||
87 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, | 90 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
@@ -95,7 +98,7 @@ extern struct key *keyring_search_instkey(struct key *keyring, | |||
95 | typedef int (*key_match_func_t)(const struct key *, const void *); | 98 | typedef int (*key_match_func_t)(const struct key *, const void *); |
96 | 99 | ||
97 | extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | 100 | extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
98 | struct task_struct *tsk, | 101 | const struct cred *cred, |
99 | struct key_type *type, | 102 | struct key_type *type, |
100 | const void *description, | 103 | const void *description, |
101 | key_match_func_t match); | 104 | key_match_func_t match); |
@@ -103,13 +106,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
103 | extern key_ref_t search_process_keyrings(struct key_type *type, | 106 | extern key_ref_t search_process_keyrings(struct key_type *type, |
104 | const void *description, | 107 | const void *description, |
105 | key_match_func_t match, | 108 | key_match_func_t match, |
106 | struct task_struct *tsk); | 109 | const struct cred *cred); |
107 | 110 | ||
108 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); | 111 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); |
109 | 112 | ||
110 | extern int install_user_keyrings(struct task_struct *tsk); | 113 | extern int install_user_keyrings(void); |
111 | extern int install_thread_keyring(struct task_struct *tsk); | 114 | extern int install_thread_keyring_to_cred(struct cred *); |
112 | extern int install_process_keyring(struct task_struct *tsk); | 115 | extern int install_process_keyring_to_cred(struct cred *); |
113 | 116 | ||
114 | extern struct key *request_key_and_link(struct key_type *type, | 117 | extern struct key *request_key_and_link(struct key_type *type, |
115 | const char *description, | 118 | const char *description, |
@@ -119,12 +122,39 @@ extern struct key *request_key_and_link(struct key_type *type, | |||
119 | struct key *dest_keyring, | 122 | struct key *dest_keyring, |
120 | unsigned long flags); | 123 | unsigned long flags); |
121 | 124 | ||
125 | extern key_ref_t lookup_user_key(key_serial_t id, int create, int partial, | ||
126 | key_perm_t perm); | ||
127 | |||
128 | extern long join_session_keyring(const char *name); | ||
129 | |||
130 | /* | ||
131 | * check to see whether permission is granted to use a key in the desired way | ||
132 | */ | ||
133 | extern int key_task_permission(const key_ref_t key_ref, | ||
134 | const struct cred *cred, | ||
135 | key_perm_t perm); | ||
136 | |||
137 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
138 | { | ||
139 | return key_task_permission(key_ref, current_cred(), perm); | ||
140 | } | ||
141 | |||
142 | /* required permissions */ | ||
143 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
144 | #define KEY_READ 0x02 /* require permission to read content */ | ||
145 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
146 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
147 | #define KEY_LINK 0x10 /* require permission to link */ | ||
148 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
149 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
150 | |||
122 | /* | 151 | /* |
123 | * request_key authorisation | 152 | * request_key authorisation |
124 | */ | 153 | */ |
125 | struct request_key_auth { | 154 | struct request_key_auth { |
126 | struct key *target_key; | 155 | struct key *target_key; |
127 | struct task_struct *context; | 156 | struct key *dest_keyring; |
157 | const struct cred *cred; | ||
128 | void *callout_info; | 158 | void *callout_info; |
129 | size_t callout_len; | 159 | size_t callout_len; |
130 | pid_t pid; | 160 | pid_t pid; |
@@ -133,7 +163,8 @@ struct request_key_auth { | |||
133 | extern struct key_type key_type_request_key_auth; | 163 | extern struct key_type key_type_request_key_auth; |
134 | extern struct key *request_key_auth_new(struct key *target, | 164 | extern struct key *request_key_auth_new(struct key *target, |
135 | const void *callout_info, | 165 | const void *callout_info, |
136 | size_t callout_len); | 166 | size_t callout_len, |
167 | struct key *dest_keyring); | ||
137 | 168 | ||
138 | extern struct key *key_get_instantiation_authkey(key_serial_t target_id); | 169 | extern struct key *key_get_instantiation_authkey(key_serial_t target_id); |
139 | 170 | ||
diff --git a/security/keys/key.c b/security/keys/key.c index 14948cf83ef6..f76c8a546fd3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -218,7 +218,7 @@ serial_exists: | |||
218 | * instantiate the key or discard it before returning | 218 | * instantiate the key or discard it before returning |
219 | */ | 219 | */ |
220 | struct key *key_alloc(struct key_type *type, const char *desc, | 220 | struct key *key_alloc(struct key_type *type, const char *desc, |
221 | uid_t uid, gid_t gid, struct task_struct *ctx, | 221 | uid_t uid, gid_t gid, const struct cred *cred, |
222 | key_perm_t perm, unsigned long flags) | 222 | key_perm_t perm, unsigned long flags) |
223 | { | 223 | { |
224 | struct key_user *user = NULL; | 224 | struct key_user *user = NULL; |
@@ -294,7 +294,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
294 | #endif | 294 | #endif |
295 | 295 | ||
296 | /* let the security module know about the key */ | 296 | /* let the security module know about the key */ |
297 | ret = security_key_alloc(key, ctx, flags); | 297 | ret = security_key_alloc(key, cred, flags); |
298 | if (ret < 0) | 298 | if (ret < 0) |
299 | goto security_error; | 299 | goto security_error; |
300 | 300 | ||
@@ -391,7 +391,7 @@ static int __key_instantiate_and_link(struct key *key, | |||
391 | const void *data, | 391 | const void *data, |
392 | size_t datalen, | 392 | size_t datalen, |
393 | struct key *keyring, | 393 | struct key *keyring, |
394 | struct key *instkey) | 394 | struct key *authkey) |
395 | { | 395 | { |
396 | int ret, awaken; | 396 | int ret, awaken; |
397 | 397 | ||
@@ -421,8 +421,8 @@ static int __key_instantiate_and_link(struct key *key, | |||
421 | ret = __key_link(keyring, key); | 421 | ret = __key_link(keyring, key); |
422 | 422 | ||
423 | /* disable the authorisation key */ | 423 | /* disable the authorisation key */ |
424 | if (instkey) | 424 | if (authkey) |
425 | key_revoke(instkey); | 425 | key_revoke(authkey); |
426 | } | 426 | } |
427 | } | 427 | } |
428 | 428 | ||
@@ -444,14 +444,14 @@ int key_instantiate_and_link(struct key *key, | |||
444 | const void *data, | 444 | const void *data, |
445 | size_t datalen, | 445 | size_t datalen, |
446 | struct key *keyring, | 446 | struct key *keyring, |
447 | struct key *instkey) | 447 | struct key *authkey) |
448 | { | 448 | { |
449 | int ret; | 449 | int ret; |
450 | 450 | ||
451 | if (keyring) | 451 | if (keyring) |
452 | down_write(&keyring->sem); | 452 | down_write(&keyring->sem); |
453 | 453 | ||
454 | ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey); | 454 | ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey); |
455 | 455 | ||
456 | if (keyring) | 456 | if (keyring) |
457 | up_write(&keyring->sem); | 457 | up_write(&keyring->sem); |
@@ -469,7 +469,7 @@ EXPORT_SYMBOL(key_instantiate_and_link); | |||
469 | int key_negate_and_link(struct key *key, | 469 | int key_negate_and_link(struct key *key, |
470 | unsigned timeout, | 470 | unsigned timeout, |
471 | struct key *keyring, | 471 | struct key *keyring, |
472 | struct key *instkey) | 472 | struct key *authkey) |
473 | { | 473 | { |
474 | struct timespec now; | 474 | struct timespec now; |
475 | int ret, awaken; | 475 | int ret, awaken; |
@@ -504,8 +504,8 @@ int key_negate_and_link(struct key *key, | |||
504 | ret = __key_link(keyring, key); | 504 | ret = __key_link(keyring, key); |
505 | 505 | ||
506 | /* disable the authorisation key */ | 506 | /* disable the authorisation key */ |
507 | if (instkey) | 507 | if (authkey) |
508 | key_revoke(instkey); | 508 | key_revoke(authkey); |
509 | } | 509 | } |
510 | 510 | ||
511 | mutex_unlock(&key_construction_mutex); | 511 | mutex_unlock(&key_construction_mutex); |
@@ -743,6 +743,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
743 | key_perm_t perm, | 743 | key_perm_t perm, |
744 | unsigned long flags) | 744 | unsigned long flags) |
745 | { | 745 | { |
746 | const struct cred *cred = current_cred(); | ||
746 | struct key_type *ktype; | 747 | struct key_type *ktype; |
747 | struct key *keyring, *key = NULL; | 748 | struct key *keyring, *key = NULL; |
748 | key_ref_t key_ref; | 749 | key_ref_t key_ref; |
@@ -802,8 +803,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
802 | } | 803 | } |
803 | 804 | ||
804 | /* allocate a new key */ | 805 | /* allocate a new key */ |
805 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | 806 | key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred, |
806 | current, perm, flags); | 807 | perm, flags); |
807 | if (IS_ERR(key)) { | 808 | if (IS_ERR(key)) { |
808 | key_ref = ERR_CAST(key); | 809 | key_ref = ERR_CAST(key); |
809 | goto error_3; | 810 | goto error_3; |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index acc9c89e40a8..7c72baa02f2e 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -103,7 +103,7 @@ asmlinkage long sys_add_key(const char __user *_type, | |||
103 | } | 103 | } |
104 | 104 | ||
105 | /* find the target keyring (which must be writable) */ | 105 | /* find the target keyring (which must be writable) */ |
106 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 106 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
107 | if (IS_ERR(keyring_ref)) { | 107 | if (IS_ERR(keyring_ref)) { |
108 | ret = PTR_ERR(keyring_ref); | 108 | ret = PTR_ERR(keyring_ref); |
109 | goto error3; | 109 | goto error3; |
@@ -185,7 +185,7 @@ asmlinkage long sys_request_key(const char __user *_type, | |||
185 | /* get the destination keyring if specified */ | 185 | /* get the destination keyring if specified */ |
186 | dest_ref = NULL; | 186 | dest_ref = NULL; |
187 | if (destringid) { | 187 | if (destringid) { |
188 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); | 188 | dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); |
189 | if (IS_ERR(dest_ref)) { | 189 | if (IS_ERR(dest_ref)) { |
190 | ret = PTR_ERR(dest_ref); | 190 | ret = PTR_ERR(dest_ref); |
191 | goto error3; | 191 | goto error3; |
@@ -235,7 +235,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create) | |||
235 | key_ref_t key_ref; | 235 | key_ref_t key_ref; |
236 | long ret; | 236 | long ret; |
237 | 237 | ||
238 | key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); | 238 | key_ref = lookup_user_key(id, create, 0, KEY_SEARCH); |
239 | if (IS_ERR(key_ref)) { | 239 | if (IS_ERR(key_ref)) { |
240 | ret = PTR_ERR(key_ref); | 240 | ret = PTR_ERR(key_ref); |
241 | goto error; | 241 | goto error; |
@@ -308,7 +308,7 @@ long keyctl_update_key(key_serial_t id, | |||
308 | } | 308 | } |
309 | 309 | ||
310 | /* find the target key (which must be writable) */ | 310 | /* find the target key (which must be writable) */ |
311 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); | 311 | key_ref = lookup_user_key(id, 0, 0, KEY_WRITE); |
312 | if (IS_ERR(key_ref)) { | 312 | if (IS_ERR(key_ref)) { |
313 | ret = PTR_ERR(key_ref); | 313 | ret = PTR_ERR(key_ref); |
314 | goto error2; | 314 | goto error2; |
@@ -336,7 +336,7 @@ long keyctl_revoke_key(key_serial_t id) | |||
336 | key_ref_t key_ref; | 336 | key_ref_t key_ref; |
337 | long ret; | 337 | long ret; |
338 | 338 | ||
339 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); | 339 | key_ref = lookup_user_key(id, 0, 0, KEY_WRITE); |
340 | if (IS_ERR(key_ref)) { | 340 | if (IS_ERR(key_ref)) { |
341 | ret = PTR_ERR(key_ref); | 341 | ret = PTR_ERR(key_ref); |
342 | goto error; | 342 | goto error; |
@@ -362,7 +362,7 @@ long keyctl_keyring_clear(key_serial_t ringid) | |||
362 | key_ref_t keyring_ref; | 362 | key_ref_t keyring_ref; |
363 | long ret; | 363 | long ret; |
364 | 364 | ||
365 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 365 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
366 | if (IS_ERR(keyring_ref)) { | 366 | if (IS_ERR(keyring_ref)) { |
367 | ret = PTR_ERR(keyring_ref); | 367 | ret = PTR_ERR(keyring_ref); |
368 | goto error; | 368 | goto error; |
@@ -388,13 +388,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) | |||
388 | key_ref_t keyring_ref, key_ref; | 388 | key_ref_t keyring_ref, key_ref; |
389 | long ret; | 389 | long ret; |
390 | 390 | ||
391 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 391 | keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); |
392 | if (IS_ERR(keyring_ref)) { | 392 | if (IS_ERR(keyring_ref)) { |
393 | ret = PTR_ERR(keyring_ref); | 393 | ret = PTR_ERR(keyring_ref); |
394 | goto error; | 394 | goto error; |
395 | } | 395 | } |
396 | 396 | ||
397 | key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK); | 397 | key_ref = lookup_user_key(id, 1, 0, KEY_LINK); |
398 | if (IS_ERR(key_ref)) { | 398 | if (IS_ERR(key_ref)) { |
399 | ret = PTR_ERR(key_ref); | 399 | ret = PTR_ERR(key_ref); |
400 | goto error2; | 400 | goto error2; |
@@ -422,13 +422,13 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) | |||
422 | key_ref_t keyring_ref, key_ref; | 422 | key_ref_t keyring_ref, key_ref; |
423 | long ret; | 423 | long ret; |
424 | 424 | ||
425 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); | 425 | keyring_ref = lookup_user_key(ringid, 0, 0, KEY_WRITE); |
426 | if (IS_ERR(keyring_ref)) { | 426 | if (IS_ERR(keyring_ref)) { |
427 | ret = PTR_ERR(keyring_ref); | 427 | ret = PTR_ERR(keyring_ref); |
428 | goto error; | 428 | goto error; |
429 | } | 429 | } |
430 | 430 | ||
431 | key_ref = lookup_user_key(NULL, id, 0, 0, 0); | 431 | key_ref = lookup_user_key(id, 0, 0, 0); |
432 | if (IS_ERR(key_ref)) { | 432 | if (IS_ERR(key_ref)) { |
433 | ret = PTR_ERR(key_ref); | 433 | ret = PTR_ERR(key_ref); |
434 | goto error2; | 434 | goto error2; |
@@ -464,7 +464,7 @@ long keyctl_describe_key(key_serial_t keyid, | |||
464 | char *tmpbuf; | 464 | char *tmpbuf; |
465 | long ret; | 465 | long ret; |
466 | 466 | ||
467 | key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); | 467 | key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW); |
468 | if (IS_ERR(key_ref)) { | 468 | if (IS_ERR(key_ref)) { |
469 | /* viewing a key under construction is permitted if we have the | 469 | /* viewing a key under construction is permitted if we have the |
470 | * authorisation token handy */ | 470 | * authorisation token handy */ |
@@ -472,7 +472,7 @@ long keyctl_describe_key(key_serial_t keyid, | |||
472 | instkey = key_get_instantiation_authkey(keyid); | 472 | instkey = key_get_instantiation_authkey(keyid); |
473 | if (!IS_ERR(instkey)) { | 473 | if (!IS_ERR(instkey)) { |
474 | key_put(instkey); | 474 | key_put(instkey); |
475 | key_ref = lookup_user_key(NULL, keyid, | 475 | key_ref = lookup_user_key(keyid, |
476 | 0, 1, 0); | 476 | 0, 1, 0); |
477 | if (!IS_ERR(key_ref)) | 477 | if (!IS_ERR(key_ref)) |
478 | goto okay; | 478 | goto okay; |
@@ -557,7 +557,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
557 | } | 557 | } |
558 | 558 | ||
559 | /* get the keyring at which to begin the search */ | 559 | /* get the keyring at which to begin the search */ |
560 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); | 560 | keyring_ref = lookup_user_key(ringid, 0, 0, KEY_SEARCH); |
561 | if (IS_ERR(keyring_ref)) { | 561 | if (IS_ERR(keyring_ref)) { |
562 | ret = PTR_ERR(keyring_ref); | 562 | ret = PTR_ERR(keyring_ref); |
563 | goto error2; | 563 | goto error2; |
@@ -566,7 +566,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
566 | /* get the destination keyring if specified */ | 566 | /* get the destination keyring if specified */ |
567 | dest_ref = NULL; | 567 | dest_ref = NULL; |
568 | if (destringid) { | 568 | if (destringid) { |
569 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); | 569 | dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); |
570 | if (IS_ERR(dest_ref)) { | 570 | if (IS_ERR(dest_ref)) { |
571 | ret = PTR_ERR(dest_ref); | 571 | ret = PTR_ERR(dest_ref); |
572 | goto error3; | 572 | goto error3; |
@@ -636,7 +636,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) | |||
636 | long ret; | 636 | long ret; |
637 | 637 | ||
638 | /* find the key first */ | 638 | /* find the key first */ |
639 | key_ref = lookup_user_key(NULL, keyid, 0, 0, 0); | 639 | key_ref = lookup_user_key(keyid, 0, 0, 0); |
640 | if (IS_ERR(key_ref)) { | 640 | if (IS_ERR(key_ref)) { |
641 | ret = -ENOKEY; | 641 | ret = -ENOKEY; |
642 | goto error; | 642 | goto error; |
@@ -699,7 +699,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) | |||
699 | if (uid == (uid_t) -1 && gid == (gid_t) -1) | 699 | if (uid == (uid_t) -1 && gid == (gid_t) -1) |
700 | goto error; | 700 | goto error; |
701 | 701 | ||
702 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 702 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
703 | if (IS_ERR(key_ref)) { | 703 | if (IS_ERR(key_ref)) { |
704 | ret = PTR_ERR(key_ref); | 704 | ret = PTR_ERR(key_ref); |
705 | goto error; | 705 | goto error; |
@@ -804,7 +804,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
804 | if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) | 804 | if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) |
805 | goto error; | 805 | goto error; |
806 | 806 | ||
807 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 807 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
808 | if (IS_ERR(key_ref)) { | 808 | if (IS_ERR(key_ref)) { |
809 | ret = PTR_ERR(key_ref); | 809 | ret = PTR_ERR(key_ref); |
810 | goto error; | 810 | goto error; |
@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
817 | down_write(&key->sem); | 817 | down_write(&key->sem); |
818 | 818 | ||
819 | /* if we're not the sysadmin, we can only change a key that we own */ | 819 | /* if we're not the sysadmin, we can only change a key that we own */ |
820 | if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { | 820 | if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { |
821 | key->perm = perm; | 821 | key->perm = perm; |
822 | ret = 0; | 822 | ret = 0; |
823 | } | 823 | } |
@@ -829,6 +829,60 @@ error: | |||
829 | 829 | ||
830 | } /* end keyctl_setperm_key() */ | 830 | } /* end keyctl_setperm_key() */ |
831 | 831 | ||
832 | /* | ||
833 | * get the destination keyring for instantiation | ||
834 | */ | ||
835 | static long get_instantiation_keyring(key_serial_t ringid, | ||
836 | struct request_key_auth *rka, | ||
837 | struct key **_dest_keyring) | ||
838 | { | ||
839 | key_ref_t dkref; | ||
840 | |||
841 | /* just return a NULL pointer if we weren't asked to make a link */ | ||
842 | if (ringid == 0) { | ||
843 | *_dest_keyring = NULL; | ||
844 | return 0; | ||
845 | } | ||
846 | |||
847 | /* if a specific keyring is nominated by ID, then use that */ | ||
848 | if (ringid > 0) { | ||
849 | dkref = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
850 | if (IS_ERR(dkref)) | ||
851 | return PTR_ERR(dkref); | ||
852 | *_dest_keyring = key_ref_to_ptr(dkref); | ||
853 | return 0; | ||
854 | } | ||
855 | |||
856 | if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) | ||
857 | return -EINVAL; | ||
858 | |||
859 | /* otherwise specify the destination keyring recorded in the | ||
860 | * authorisation key (any KEY_SPEC_*_KEYRING) */ | ||
861 | if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { | ||
862 | *_dest_keyring = rka->dest_keyring; | ||
863 | return 0; | ||
864 | } | ||
865 | |||
866 | return -ENOKEY; | ||
867 | } | ||
868 | |||
869 | /* | ||
870 | * change the request_key authorisation key on the current process | ||
871 | */ | ||
872 | static int keyctl_change_reqkey_auth(struct key *key) | ||
873 | { | ||
874 | struct cred *new; | ||
875 | |||
876 | new = prepare_creds(); | ||
877 | if (!new) | ||
878 | return -ENOMEM; | ||
879 | |||
880 | key_put(new->request_key_auth); | ||
881 | new->request_key_auth = key_get(key); | ||
882 | |||
883 | return commit_creds(new); | ||
884 | } | ||
885 | |||
832 | /*****************************************************************************/ | 886 | /*****************************************************************************/ |
833 | /* | 887 | /* |
834 | * instantiate the key with the specified payload, and, if one is given, link | 888 | * instantiate the key with the specified payload, and, if one is given, link |
@@ -839,13 +893,15 @@ long keyctl_instantiate_key(key_serial_t id, | |||
839 | size_t plen, | 893 | size_t plen, |
840 | key_serial_t ringid) | 894 | key_serial_t ringid) |
841 | { | 895 | { |
896 | const struct cred *cred = current_cred(); | ||
842 | struct request_key_auth *rka; | 897 | struct request_key_auth *rka; |
843 | struct key *instkey; | 898 | struct key *instkey, *dest_keyring; |
844 | key_ref_t keyring_ref; | ||
845 | void *payload; | 899 | void *payload; |
846 | long ret; | 900 | long ret; |
847 | bool vm = false; | 901 | bool vm = false; |
848 | 902 | ||
903 | kenter("%d,,%zu,%d", id, plen, ringid); | ||
904 | |||
849 | ret = -EINVAL; | 905 | ret = -EINVAL; |
850 | if (plen > 1024 * 1024 - 1) | 906 | if (plen > 1024 * 1024 - 1) |
851 | goto error; | 907 | goto error; |
@@ -853,7 +909,7 @@ long keyctl_instantiate_key(key_serial_t id, | |||
853 | /* the appropriate instantiation authorisation key must have been | 909 | /* the appropriate instantiation authorisation key must have been |
854 | * assumed before calling this */ | 910 | * assumed before calling this */ |
855 | ret = -EPERM; | 911 | ret = -EPERM; |
856 | instkey = current->request_key_auth; | 912 | instkey = cred->request_key_auth; |
857 | if (!instkey) | 913 | if (!instkey) |
858 | goto error; | 914 | goto error; |
859 | 915 | ||
@@ -883,28 +939,20 @@ long keyctl_instantiate_key(key_serial_t id, | |||
883 | 939 | ||
884 | /* find the destination keyring amongst those belonging to the | 940 | /* find the destination keyring amongst those belonging to the |
885 | * requesting task */ | 941 | * requesting task */ |
886 | keyring_ref = NULL; | 942 | ret = get_instantiation_keyring(ringid, rka, &dest_keyring); |
887 | if (ringid) { | 943 | if (ret < 0) |
888 | keyring_ref = lookup_user_key(rka->context, ringid, 1, 0, | 944 | goto error2; |
889 | KEY_WRITE); | ||
890 | if (IS_ERR(keyring_ref)) { | ||
891 | ret = PTR_ERR(keyring_ref); | ||
892 | goto error2; | ||
893 | } | ||
894 | } | ||
895 | 945 | ||
896 | /* instantiate the key and link it into a keyring */ | 946 | /* instantiate the key and link it into a keyring */ |
897 | ret = key_instantiate_and_link(rka->target_key, payload, plen, | 947 | ret = key_instantiate_and_link(rka->target_key, payload, plen, |
898 | key_ref_to_ptr(keyring_ref), instkey); | 948 | dest_keyring, instkey); |
899 | 949 | ||
900 | key_ref_put(keyring_ref); | 950 | key_put(dest_keyring); |
901 | 951 | ||
902 | /* discard the assumed authority if it's just been disabled by | 952 | /* discard the assumed authority if it's just been disabled by |
903 | * instantiation of the key */ | 953 | * instantiation of the key */ |
904 | if (ret == 0) { | 954 | if (ret == 0) |
905 | key_put(current->request_key_auth); | 955 | keyctl_change_reqkey_auth(NULL); |
906 | current->request_key_auth = NULL; | ||
907 | } | ||
908 | 956 | ||
909 | error2: | 957 | error2: |
910 | if (!vm) | 958 | if (!vm) |
@@ -923,15 +971,17 @@ error: | |||
923 | */ | 971 | */ |
924 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | 972 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) |
925 | { | 973 | { |
974 | const struct cred *cred = current_cred(); | ||
926 | struct request_key_auth *rka; | 975 | struct request_key_auth *rka; |
927 | struct key *instkey; | 976 | struct key *instkey, *dest_keyring; |
928 | key_ref_t keyring_ref; | ||
929 | long ret; | 977 | long ret; |
930 | 978 | ||
979 | kenter("%d,%u,%d", id, timeout, ringid); | ||
980 | |||
931 | /* the appropriate instantiation authorisation key must have been | 981 | /* the appropriate instantiation authorisation key must have been |
932 | * assumed before calling this */ | 982 | * assumed before calling this */ |
933 | ret = -EPERM; | 983 | ret = -EPERM; |
934 | instkey = current->request_key_auth; | 984 | instkey = cred->request_key_auth; |
935 | if (!instkey) | 985 | if (!instkey) |
936 | goto error; | 986 | goto error; |
937 | 987 | ||
@@ -941,27 +991,20 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
941 | 991 | ||
942 | /* find the destination keyring if present (which must also be | 992 | /* find the destination keyring if present (which must also be |
943 | * writable) */ | 993 | * writable) */ |
944 | keyring_ref = NULL; | 994 | ret = get_instantiation_keyring(ringid, rka, &dest_keyring); |
945 | if (ringid) { | 995 | if (ret < 0) |
946 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); | 996 | goto error; |
947 | if (IS_ERR(keyring_ref)) { | ||
948 | ret = PTR_ERR(keyring_ref); | ||
949 | goto error; | ||
950 | } | ||
951 | } | ||
952 | 997 | ||
953 | /* instantiate the key and link it into a keyring */ | 998 | /* instantiate the key and link it into a keyring */ |
954 | ret = key_negate_and_link(rka->target_key, timeout, | 999 | ret = key_negate_and_link(rka->target_key, timeout, |
955 | key_ref_to_ptr(keyring_ref), instkey); | 1000 | dest_keyring, instkey); |
956 | 1001 | ||
957 | key_ref_put(keyring_ref); | 1002 | key_put(dest_keyring); |
958 | 1003 | ||
959 | /* discard the assumed authority if it's just been disabled by | 1004 | /* discard the assumed authority if it's just been disabled by |
960 | * instantiation of the key */ | 1005 | * instantiation of the key */ |
961 | if (ret == 0) { | 1006 | if (ret == 0) |
962 | key_put(current->request_key_auth); | 1007 | keyctl_change_reqkey_auth(NULL); |
963 | current->request_key_auth = NULL; | ||
964 | } | ||
965 | 1008 | ||
966 | error: | 1009 | error: |
967 | return ret; | 1010 | return ret; |
@@ -975,35 +1018,56 @@ error: | |||
975 | */ | 1018 | */ |
976 | long keyctl_set_reqkey_keyring(int reqkey_defl) | 1019 | long keyctl_set_reqkey_keyring(int reqkey_defl) |
977 | { | 1020 | { |
978 | int ret; | 1021 | struct cred *new; |
1022 | int ret, old_setting; | ||
1023 | |||
1024 | old_setting = current_cred_xxx(jit_keyring); | ||
1025 | |||
1026 | if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) | ||
1027 | return old_setting; | ||
1028 | |||
1029 | new = prepare_creds(); | ||
1030 | if (!new) | ||
1031 | return -ENOMEM; | ||
979 | 1032 | ||
980 | switch (reqkey_defl) { | 1033 | switch (reqkey_defl) { |
981 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | 1034 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
982 | ret = install_thread_keyring(current); | 1035 | ret = install_thread_keyring_to_cred(new); |
983 | if (ret < 0) | 1036 | if (ret < 0) |
984 | return ret; | 1037 | goto error; |
985 | goto set; | 1038 | goto set; |
986 | 1039 | ||
987 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 1040 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
988 | ret = install_process_keyring(current); | 1041 | ret = install_process_keyring_to_cred(new); |
989 | if (ret < 0) | 1042 | if (ret < 0) { |
990 | return ret; | 1043 | if (ret != -EEXIST) |
1044 | goto error; | ||
1045 | ret = 0; | ||
1046 | } | ||
1047 | goto set; | ||
991 | 1048 | ||
992 | case KEY_REQKEY_DEFL_DEFAULT: | 1049 | case KEY_REQKEY_DEFL_DEFAULT: |
993 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 1050 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
994 | case KEY_REQKEY_DEFL_USER_KEYRING: | 1051 | case KEY_REQKEY_DEFL_USER_KEYRING: |
995 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 1052 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
996 | set: | 1053 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
997 | current->jit_keyring = reqkey_defl; | 1054 | goto set; |
998 | 1055 | ||
999 | case KEY_REQKEY_DEFL_NO_CHANGE: | 1056 | case KEY_REQKEY_DEFL_NO_CHANGE: |
1000 | return current->jit_keyring; | ||
1001 | |||
1002 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 1057 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
1003 | default: | 1058 | default: |
1004 | return -EINVAL; | 1059 | ret = -EINVAL; |
1060 | goto error; | ||
1005 | } | 1061 | } |
1006 | 1062 | ||
1063 | set: | ||
1064 | new->jit_keyring = reqkey_defl; | ||
1065 | commit_creds(new); | ||
1066 | return old_setting; | ||
1067 | error: | ||
1068 | abort_creds(new); | ||
1069 | return -EINVAL; | ||
1070 | |||
1007 | } /* end keyctl_set_reqkey_keyring() */ | 1071 | } /* end keyctl_set_reqkey_keyring() */ |
1008 | 1072 | ||
1009 | /*****************************************************************************/ | 1073 | /*****************************************************************************/ |
@@ -1018,7 +1082,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) | |||
1018 | time_t expiry; | 1082 | time_t expiry; |
1019 | long ret; | 1083 | long ret; |
1020 | 1084 | ||
1021 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | 1085 | key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); |
1022 | if (IS_ERR(key_ref)) { | 1086 | if (IS_ERR(key_ref)) { |
1023 | ret = PTR_ERR(key_ref); | 1087 | ret = PTR_ERR(key_ref); |
1024 | goto error; | 1088 | goto error; |
@@ -1062,9 +1126,7 @@ long keyctl_assume_authority(key_serial_t id) | |||
1062 | 1126 | ||
1063 | /* we divest ourselves of authority if given an ID of 0 */ | 1127 | /* we divest ourselves of authority if given an ID of 0 */ |
1064 | if (id == 0) { | 1128 | if (id == 0) { |
1065 | key_put(current->request_key_auth); | 1129 | ret = keyctl_change_reqkey_auth(NULL); |
1066 | current->request_key_auth = NULL; | ||
1067 | ret = 0; | ||
1068 | goto error; | 1130 | goto error; |
1069 | } | 1131 | } |
1070 | 1132 | ||
@@ -1079,10 +1141,12 @@ long keyctl_assume_authority(key_serial_t id) | |||
1079 | goto error; | 1141 | goto error; |
1080 | } | 1142 | } |
1081 | 1143 | ||
1082 | key_put(current->request_key_auth); | 1144 | ret = keyctl_change_reqkey_auth(authkey); |
1083 | current->request_key_auth = authkey; | 1145 | if (ret < 0) |
1084 | ret = authkey->serial; | 1146 | goto error; |
1147 | key_put(authkey); | ||
1085 | 1148 | ||
1149 | ret = authkey->serial; | ||
1086 | error: | 1150 | error: |
1087 | return ret; | 1151 | return ret; |
1088 | 1152 | ||
@@ -1105,7 +1169,7 @@ long keyctl_get_security(key_serial_t keyid, | |||
1105 | char *context; | 1169 | char *context; |
1106 | long ret; | 1170 | long ret; |
1107 | 1171 | ||
1108 | key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); | 1172 | key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW); |
1109 | if (IS_ERR(key_ref)) { | 1173 | if (IS_ERR(key_ref)) { |
1110 | if (PTR_ERR(key_ref) != -EACCES) | 1174 | if (PTR_ERR(key_ref) != -EACCES) |
1111 | return PTR_ERR(key_ref); | 1175 | return PTR_ERR(key_ref); |
@@ -1117,7 +1181,7 @@ long keyctl_get_security(key_serial_t keyid, | |||
1117 | return PTR_ERR(key_ref); | 1181 | return PTR_ERR(key_ref); |
1118 | key_put(instkey); | 1182 | key_put(instkey); |
1119 | 1183 | ||
1120 | key_ref = lookup_user_key(NULL, keyid, 0, 1, 0); | 1184 | key_ref = lookup_user_key(keyid, 0, 1, 0); |
1121 | if (IS_ERR(key_ref)) | 1185 | if (IS_ERR(key_ref)) |
1122 | return PTR_ERR(key_ref); | 1186 | return PTR_ERR(key_ref); |
1123 | } | 1187 | } |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index a9ab8affc092..ed851574d073 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
@@ -16,6 +16,7 @@ | |||
16 | #include <linux/security.h> | 16 | #include <linux/security.h> |
17 | #include <linux/seq_file.h> | 17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
19 | #include <keys/keyring-type.h> | ||
19 | #include <asm/uaccess.h> | 20 | #include <asm/uaccess.h> |
20 | #include "internal.h" | 21 | #include "internal.h" |
21 | 22 | ||
@@ -244,14 +245,14 @@ static long keyring_read(const struct key *keyring, | |||
244 | * allocate a keyring and link into the destination keyring | 245 | * allocate a keyring and link into the destination keyring |
245 | */ | 246 | */ |
246 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | 247 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
247 | struct task_struct *ctx, unsigned long flags, | 248 | const struct cred *cred, unsigned long flags, |
248 | struct key *dest) | 249 | struct key *dest) |
249 | { | 250 | { |
250 | struct key *keyring; | 251 | struct key *keyring; |
251 | int ret; | 252 | int ret; |
252 | 253 | ||
253 | keyring = key_alloc(&key_type_keyring, description, | 254 | keyring = key_alloc(&key_type_keyring, description, |
254 | uid, gid, ctx, | 255 | uid, gid, cred, |
255 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, | 256 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, |
256 | flags); | 257 | flags); |
257 | 258 | ||
@@ -280,7 +281,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | |||
280 | * - we propagate the possession attribute from the keyring ref to the key ref | 281 | * - we propagate the possession attribute from the keyring ref to the key ref |
281 | */ | 282 | */ |
282 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, | 283 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
283 | struct task_struct *context, | 284 | const struct cred *cred, |
284 | struct key_type *type, | 285 | struct key_type *type, |
285 | const void *description, | 286 | const void *description, |
286 | key_match_func_t match) | 287 | key_match_func_t match) |
@@ -303,7 +304,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
303 | key_check(keyring); | 304 | key_check(keyring); |
304 | 305 | ||
305 | /* top keyring must have search permission to begin the search */ | 306 | /* top keyring must have search permission to begin the search */ |
306 | err = key_task_permission(keyring_ref, context, KEY_SEARCH); | 307 | err = key_task_permission(keyring_ref, cred, KEY_SEARCH); |
307 | if (err < 0) { | 308 | if (err < 0) { |
308 | key_ref = ERR_PTR(err); | 309 | key_ref = ERR_PTR(err); |
309 | goto error; | 310 | goto error; |
@@ -376,7 +377,7 @@ descend: | |||
376 | 377 | ||
377 | /* key must have search permissions */ | 378 | /* key must have search permissions */ |
378 | if (key_task_permission(make_key_ref(key, possessed), | 379 | if (key_task_permission(make_key_ref(key, possessed), |
379 | context, KEY_SEARCH) < 0) | 380 | cred, KEY_SEARCH) < 0) |
380 | continue; | 381 | continue; |
381 | 382 | ||
382 | /* we set a different error code if we pass a negative key */ | 383 | /* we set a different error code if we pass a negative key */ |
@@ -403,7 +404,7 @@ ascend: | |||
403 | continue; | 404 | continue; |
404 | 405 | ||
405 | if (key_task_permission(make_key_ref(key, possessed), | 406 | if (key_task_permission(make_key_ref(key, possessed), |
406 | context, KEY_SEARCH) < 0) | 407 | cred, KEY_SEARCH) < 0) |
407 | continue; | 408 | continue; |
408 | 409 | ||
409 | /* stack the current position */ | 410 | /* stack the current position */ |
@@ -458,7 +459,7 @@ key_ref_t keyring_search(key_ref_t keyring, | |||
458 | if (!type->match) | 459 | if (!type->match) |
459 | return ERR_PTR(-ENOKEY); | 460 | return ERR_PTR(-ENOKEY); |
460 | 461 | ||
461 | return keyring_search_aux(keyring, current, | 462 | return keyring_search_aux(keyring, current->cred, |
462 | type, description, type->match); | 463 | type, description, type->match); |
463 | 464 | ||
464 | } /* end keyring_search() */ | 465 | } /* end keyring_search() */ |
diff --git a/security/keys/permission.c b/security/keys/permission.c index 3b41f9b52537..5d9fc7b93f2e 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
@@ -14,12 +14,19 @@ | |||
14 | #include "internal.h" | 14 | #include "internal.h" |
15 | 15 | ||
16 | /*****************************************************************************/ | 16 | /*****************************************************************************/ |
17 | /* | 17 | /** |
18 | * check to see whether permission is granted to use a key in the desired way, | 18 | * key_task_permission - Check a key can be used |
19 | * but permit the security modules to override | 19 | * @key_ref: The key to check |
20 | * @cred: The credentials to use | ||
21 | * @perm: The permissions to check for | ||
22 | * | ||
23 | * Check to see whether permission is granted to use a key in the desired way, | ||
24 | * but permit the security modules to override. | ||
25 | * | ||
26 | * The caller must hold either a ref on cred or must hold the RCU readlock or a | ||
27 | * spinlock. | ||
20 | */ | 28 | */ |
21 | int key_task_permission(const key_ref_t key_ref, | 29 | int key_task_permission(const key_ref_t key_ref, const struct cred *cred, |
22 | struct task_struct *context, | ||
23 | key_perm_t perm) | 30 | key_perm_t perm) |
24 | { | 31 | { |
25 | struct key *key; | 32 | struct key *key; |
@@ -29,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
29 | key = key_ref_to_ptr(key_ref); | 36 | key = key_ref_to_ptr(key_ref); |
30 | 37 | ||
31 | /* use the second 8-bits of permissions for keys the caller owns */ | 38 | /* use the second 8-bits of permissions for keys the caller owns */ |
32 | if (key->uid == context->fsuid) { | 39 | if (key->uid == cred->fsuid) { |
33 | kperm = key->perm >> 16; | 40 | kperm = key->perm >> 16; |
34 | goto use_these_perms; | 41 | goto use_these_perms; |
35 | } | 42 | } |
@@ -37,15 +44,12 @@ int key_task_permission(const key_ref_t key_ref, | |||
37 | /* use the third 8-bits of permissions for keys the caller has a group | 44 | /* use the third 8-bits of permissions for keys the caller has a group |
38 | * membership in common with */ | 45 | * membership in common with */ |
39 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { | 46 | if (key->gid != -1 && key->perm & KEY_GRP_ALL) { |
40 | if (key->gid == context->fsgid) { | 47 | if (key->gid == cred->fsgid) { |
41 | kperm = key->perm >> 8; | 48 | kperm = key->perm >> 8; |
42 | goto use_these_perms; | 49 | goto use_these_perms; |
43 | } | 50 | } |
44 | 51 | ||
45 | task_lock(context); | 52 | ret = groups_search(cred->group_info, key->gid); |
46 | ret = groups_search(context->group_info, key->gid); | ||
47 | task_unlock(context); | ||
48 | |||
49 | if (ret) { | 53 | if (ret) { |
50 | kperm = key->perm >> 8; | 54 | kperm = key->perm >> 8; |
51 | goto use_these_perms; | 55 | goto use_these_perms; |
@@ -56,6 +60,7 @@ int key_task_permission(const key_ref_t key_ref, | |||
56 | kperm = key->perm; | 60 | kperm = key->perm; |
57 | 61 | ||
58 | use_these_perms: | 62 | use_these_perms: |
63 | |||
59 | /* use the top 8-bits of permissions for keys the caller possesses | 64 | /* use the top 8-bits of permissions for keys the caller possesses |
60 | * - possessor permissions are additive with other permissions | 65 | * - possessor permissions are additive with other permissions |
61 | */ | 66 | */ |
@@ -68,7 +73,7 @@ use_these_perms: | |||
68 | return -EACCES; | 73 | return -EACCES; |
69 | 74 | ||
70 | /* let LSM be the final arbiter */ | 75 | /* let LSM be the final arbiter */ |
71 | return security_key_permission(key_ref, context, perm); | 76 | return security_key_permission(key_ref, cred, perm); |
72 | 77 | ||
73 | } /* end key_task_permission() */ | 78 | } /* end key_task_permission() */ |
74 | 79 | ||
diff --git a/security/keys/proc.c b/security/keys/proc.c index f619170da760..7f508def50e3 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
@@ -136,8 +136,12 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
136 | int rc; | 136 | int rc; |
137 | 137 | ||
138 | /* check whether the current task is allowed to view the key (assuming | 138 | /* check whether the current task is allowed to view the key (assuming |
139 | * non-possession) */ | 139 | * non-possession) |
140 | rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW); | 140 | * - the caller holds a spinlock, and thus the RCU read lock, making our |
141 | * access to __current_cred() safe | ||
142 | */ | ||
143 | rc = key_task_permission(make_key_ref(key, 0), current_cred(), | ||
144 | KEY_VIEW); | ||
141 | if (rc < 0) | 145 | if (rc < 0) |
142 | return 0; | 146 | return 0; |
143 | 147 | ||
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 45b240af6dbe..2f5d89e92b85 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -40,13 +40,17 @@ struct key_user root_key_user = { | |||
40 | /* | 40 | /* |
41 | * install user and user session keyrings for a particular UID | 41 | * install user and user session keyrings for a particular UID |
42 | */ | 42 | */ |
43 | int install_user_keyrings(struct task_struct *tsk) | 43 | int install_user_keyrings(void) |
44 | { | 44 | { |
45 | struct user_struct *user = tsk->user; | 45 | struct user_struct *user; |
46 | const struct cred *cred; | ||
46 | struct key *uid_keyring, *session_keyring; | 47 | struct key *uid_keyring, *session_keyring; |
47 | char buf[20]; | 48 | char buf[20]; |
48 | int ret; | 49 | int ret; |
49 | 50 | ||
51 | cred = current_cred(); | ||
52 | user = cred->user; | ||
53 | |||
50 | kenter("%p{%u}", user, user->uid); | 54 | kenter("%p{%u}", user, user->uid); |
51 | 55 | ||
52 | if (user->uid_keyring) { | 56 | if (user->uid_keyring) { |
@@ -67,7 +71,7 @@ int install_user_keyrings(struct task_struct *tsk) | |||
67 | uid_keyring = find_keyring_by_name(buf, true); | 71 | uid_keyring = find_keyring_by_name(buf, true); |
68 | if (IS_ERR(uid_keyring)) { | 72 | if (IS_ERR(uid_keyring)) { |
69 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | 73 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, |
70 | tsk, KEY_ALLOC_IN_QUOTA, | 74 | cred, KEY_ALLOC_IN_QUOTA, |
71 | NULL); | 75 | NULL); |
72 | if (IS_ERR(uid_keyring)) { | 76 | if (IS_ERR(uid_keyring)) { |
73 | ret = PTR_ERR(uid_keyring); | 77 | ret = PTR_ERR(uid_keyring); |
@@ -83,7 +87,7 @@ int install_user_keyrings(struct task_struct *tsk) | |||
83 | if (IS_ERR(session_keyring)) { | 87 | if (IS_ERR(session_keyring)) { |
84 | session_keyring = | 88 | session_keyring = |
85 | keyring_alloc(buf, user->uid, (gid_t) -1, | 89 | keyring_alloc(buf, user->uid, (gid_t) -1, |
86 | tsk, KEY_ALLOC_IN_QUOTA, NULL); | 90 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
87 | if (IS_ERR(session_keyring)) { | 91 | if (IS_ERR(session_keyring)) { |
88 | ret = PTR_ERR(session_keyring); | 92 | ret = PTR_ERR(session_keyring); |
89 | goto error_release; | 93 | goto error_release; |
@@ -115,140 +119,128 @@ error: | |||
115 | return ret; | 119 | return ret; |
116 | } | 120 | } |
117 | 121 | ||
118 | /*****************************************************************************/ | ||
119 | /* | 122 | /* |
120 | * deal with the UID changing | 123 | * install a fresh thread keyring directly to new credentials |
121 | */ | 124 | */ |
122 | void switch_uid_keyring(struct user_struct *new_user) | 125 | int install_thread_keyring_to_cred(struct cred *new) |
123 | { | 126 | { |
124 | #if 0 /* do nothing for now */ | 127 | struct key *keyring; |
125 | struct key *old; | ||
126 | |||
127 | /* switch to the new user's session keyring if we were running under | ||
128 | * root's default session keyring */ | ||
129 | if (new_user->uid != 0 && | ||
130 | current->session_keyring == &root_session_keyring | ||
131 | ) { | ||
132 | atomic_inc(&new_user->session_keyring->usage); | ||
133 | |||
134 | task_lock(current); | ||
135 | old = current->session_keyring; | ||
136 | current->session_keyring = new_user->session_keyring; | ||
137 | task_unlock(current); | ||
138 | 128 | ||
139 | key_put(old); | 129 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
140 | } | 130 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
141 | #endif | 131 | if (IS_ERR(keyring)) |
132 | return PTR_ERR(keyring); | ||
142 | 133 | ||
143 | } /* end switch_uid_keyring() */ | 134 | new->thread_keyring = keyring; |
135 | return 0; | ||
136 | } | ||
144 | 137 | ||
145 | /*****************************************************************************/ | ||
146 | /* | 138 | /* |
147 | * install a fresh thread keyring, discarding the old one | 139 | * install a fresh thread keyring, discarding the old one |
148 | */ | 140 | */ |
149 | int install_thread_keyring(struct task_struct *tsk) | 141 | static int install_thread_keyring(void) |
150 | { | 142 | { |
151 | struct key *keyring, *old; | 143 | struct cred *new; |
152 | char buf[20]; | ||
153 | int ret; | 144 | int ret; |
154 | 145 | ||
155 | sprintf(buf, "_tid.%u", tsk->pid); | 146 | new = prepare_creds(); |
147 | if (!new) | ||
148 | return -ENOMEM; | ||
156 | 149 | ||
157 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | 150 | BUG_ON(new->thread_keyring); |
158 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 151 | |
159 | if (IS_ERR(keyring)) { | 152 | ret = install_thread_keyring_to_cred(new); |
160 | ret = PTR_ERR(keyring); | 153 | if (ret < 0) { |
161 | goto error; | 154 | abort_creds(new); |
155 | return ret; | ||
162 | } | 156 | } |
163 | 157 | ||
164 | task_lock(tsk); | 158 | return commit_creds(new); |
165 | old = tsk->thread_keyring; | 159 | } |
166 | tsk->thread_keyring = keyring; | ||
167 | task_unlock(tsk); | ||
168 | 160 | ||
169 | ret = 0; | 161 | /* |
162 | * install a process keyring directly to a credentials struct | ||
163 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | ||
164 | * and other -ve on any other error | ||
165 | */ | ||
166 | int install_process_keyring_to_cred(struct cred *new) | ||
167 | { | ||
168 | struct key *keyring; | ||
169 | int ret; | ||
170 | 170 | ||
171 | key_put(old); | 171 | if (new->tgcred->process_keyring) |
172 | error: | 172 | return -EEXIST; |
173 | |||
174 | keyring = keyring_alloc("_pid", new->uid, new->gid, | ||
175 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | ||
176 | if (IS_ERR(keyring)) | ||
177 | return PTR_ERR(keyring); | ||
178 | |||
179 | spin_lock_irq(&new->tgcred->lock); | ||
180 | if (!new->tgcred->process_keyring) { | ||
181 | new->tgcred->process_keyring = keyring; | ||
182 | keyring = NULL; | ||
183 | ret = 0; | ||
184 | } else { | ||
185 | ret = -EEXIST; | ||
186 | } | ||
187 | spin_unlock_irq(&new->tgcred->lock); | ||
188 | key_put(keyring); | ||
173 | return ret; | 189 | return ret; |
190 | } | ||
174 | 191 | ||
175 | } /* end install_thread_keyring() */ | ||
176 | |||
177 | /*****************************************************************************/ | ||
178 | /* | 192 | /* |
179 | * make sure a process keyring is installed | 193 | * make sure a process keyring is installed |
194 | * - we | ||
180 | */ | 195 | */ |
181 | int install_process_keyring(struct task_struct *tsk) | 196 | static int install_process_keyring(void) |
182 | { | 197 | { |
183 | struct key *keyring; | 198 | struct cred *new; |
184 | char buf[20]; | ||
185 | int ret; | 199 | int ret; |
186 | 200 | ||
187 | might_sleep(); | 201 | new = prepare_creds(); |
188 | 202 | if (!new) | |
189 | if (!tsk->signal->process_keyring) { | 203 | return -ENOMEM; |
190 | sprintf(buf, "_pid.%u", tsk->tgid); | ||
191 | |||
192 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | ||
193 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | ||
194 | if (IS_ERR(keyring)) { | ||
195 | ret = PTR_ERR(keyring); | ||
196 | goto error; | ||
197 | } | ||
198 | |||
199 | /* attach keyring */ | ||
200 | spin_lock_irq(&tsk->sighand->siglock); | ||
201 | if (!tsk->signal->process_keyring) { | ||
202 | tsk->signal->process_keyring = keyring; | ||
203 | keyring = NULL; | ||
204 | } | ||
205 | spin_unlock_irq(&tsk->sighand->siglock); | ||
206 | 204 | ||
207 | key_put(keyring); | 205 | ret = install_process_keyring_to_cred(new); |
206 | if (ret < 0) { | ||
207 | abort_creds(new); | ||
208 | return ret != -EEXIST ?: 0; | ||
208 | } | 209 | } |
209 | 210 | ||
210 | ret = 0; | 211 | return commit_creds(new); |
211 | error: | 212 | } |
212 | return ret; | ||
213 | |||
214 | } /* end install_process_keyring() */ | ||
215 | 213 | ||
216 | /*****************************************************************************/ | ||
217 | /* | 214 | /* |
218 | * install a session keyring, discarding the old one | 215 | * install a session keyring directly to a credentials struct |
219 | * - if a keyring is not supplied, an empty one is invented | ||
220 | */ | 216 | */ |
221 | static int install_session_keyring(struct task_struct *tsk, | 217 | static int install_session_keyring_to_cred(struct cred *cred, |
222 | struct key *keyring) | 218 | struct key *keyring) |
223 | { | 219 | { |
224 | unsigned long flags; | 220 | unsigned long flags; |
225 | struct key *old; | 221 | struct key *old; |
226 | char buf[20]; | ||
227 | 222 | ||
228 | might_sleep(); | 223 | might_sleep(); |
229 | 224 | ||
230 | /* create an empty session keyring */ | 225 | /* create an empty session keyring */ |
231 | if (!keyring) { | 226 | if (!keyring) { |
232 | sprintf(buf, "_ses.%u", tsk->tgid); | ||
233 | |||
234 | flags = KEY_ALLOC_QUOTA_OVERRUN; | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
235 | if (tsk->signal->session_keyring) | 228 | if (cred->tgcred->session_keyring) |
236 | flags = KEY_ALLOC_IN_QUOTA; | 229 | flags = KEY_ALLOC_IN_QUOTA; |
237 | 230 | ||
238 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, | 231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
239 | flags, NULL); | 232 | cred, flags, NULL); |
240 | if (IS_ERR(keyring)) | 233 | if (IS_ERR(keyring)) |
241 | return PTR_ERR(keyring); | 234 | return PTR_ERR(keyring); |
242 | } | 235 | } else { |
243 | else { | ||
244 | atomic_inc(&keyring->usage); | 236 | atomic_inc(&keyring->usage); |
245 | } | 237 | } |
246 | 238 | ||
247 | /* install the keyring */ | 239 | /* install the keyring */ |
248 | spin_lock_irq(&tsk->sighand->siglock); | 240 | spin_lock_irq(&cred->tgcred->lock); |
249 | old = tsk->signal->session_keyring; | 241 | old = cred->tgcred->session_keyring; |
250 | rcu_assign_pointer(tsk->signal->session_keyring, keyring); | 242 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); |
251 | spin_unlock_irq(&tsk->sighand->siglock); | 243 | spin_unlock_irq(&cred->tgcred->lock); |
252 | 244 | ||
253 | /* we're using RCU on the pointer, but there's no point synchronising | 245 | /* we're using RCU on the pointer, but there's no point synchronising |
254 | * on it if it didn't previously point to anything */ | 246 | * on it if it didn't previously point to anything */ |
@@ -258,110 +250,29 @@ static int install_session_keyring(struct task_struct *tsk, | |||
258 | } | 250 | } |
259 | 251 | ||
260 | return 0; | 252 | return 0; |
253 | } | ||
261 | 254 | ||
262 | } /* end install_session_keyring() */ | ||
263 | |||
264 | /*****************************************************************************/ | ||
265 | /* | ||
266 | * copy the keys in a thread group for fork without CLONE_THREAD | ||
267 | */ | ||
268 | int copy_thread_group_keys(struct task_struct *tsk) | ||
269 | { | ||
270 | key_check(current->thread_group->session_keyring); | ||
271 | key_check(current->thread_group->process_keyring); | ||
272 | |||
273 | /* no process keyring yet */ | ||
274 | tsk->signal->process_keyring = NULL; | ||
275 | |||
276 | /* same session keyring */ | ||
277 | rcu_read_lock(); | ||
278 | tsk->signal->session_keyring = | ||
279 | key_get(rcu_dereference(current->signal->session_keyring)); | ||
280 | rcu_read_unlock(); | ||
281 | |||
282 | return 0; | ||
283 | |||
284 | } /* end copy_thread_group_keys() */ | ||
285 | |||
286 | /*****************************************************************************/ | ||
287 | /* | ||
288 | * copy the keys for fork | ||
289 | */ | ||
290 | int copy_keys(unsigned long clone_flags, struct task_struct *tsk) | ||
291 | { | ||
292 | key_check(tsk->thread_keyring); | ||
293 | key_check(tsk->request_key_auth); | ||
294 | |||
295 | /* no thread keyring yet */ | ||
296 | tsk->thread_keyring = NULL; | ||
297 | |||
298 | /* copy the request_key() authorisation for this thread */ | ||
299 | key_get(tsk->request_key_auth); | ||
300 | |||
301 | return 0; | ||
302 | |||
303 | } /* end copy_keys() */ | ||
304 | |||
305 | /*****************************************************************************/ | ||
306 | /* | ||
307 | * dispose of thread group keys upon thread group destruction | ||
308 | */ | ||
309 | void exit_thread_group_keys(struct signal_struct *tg) | ||
310 | { | ||
311 | key_put(tg->session_keyring); | ||
312 | key_put(tg->process_keyring); | ||
313 | |||
314 | } /* end exit_thread_group_keys() */ | ||
315 | |||
316 | /*****************************************************************************/ | ||
317 | /* | ||
318 | * dispose of per-thread keys upon thread exit | ||
319 | */ | ||
320 | void exit_keys(struct task_struct *tsk) | ||
321 | { | ||
322 | key_put(tsk->thread_keyring); | ||
323 | key_put(tsk->request_key_auth); | ||
324 | |||
325 | } /* end exit_keys() */ | ||
326 | |||
327 | /*****************************************************************************/ | ||
328 | /* | 255 | /* |
329 | * deal with execve() | 256 | * install a session keyring, discarding the old one |
257 | * - if a keyring is not supplied, an empty one is invented | ||
330 | */ | 258 | */ |
331 | int exec_keys(struct task_struct *tsk) | 259 | static int install_session_keyring(struct key *keyring) |
332 | { | 260 | { |
333 | struct key *old; | 261 | struct cred *new; |
334 | 262 | int ret; | |
335 | /* newly exec'd tasks don't get a thread keyring */ | ||
336 | task_lock(tsk); | ||
337 | old = tsk->thread_keyring; | ||
338 | tsk->thread_keyring = NULL; | ||
339 | task_unlock(tsk); | ||
340 | |||
341 | key_put(old); | ||
342 | |||
343 | /* discard the process keyring from a newly exec'd task */ | ||
344 | spin_lock_irq(&tsk->sighand->siglock); | ||
345 | old = tsk->signal->process_keyring; | ||
346 | tsk->signal->process_keyring = NULL; | ||
347 | spin_unlock_irq(&tsk->sighand->siglock); | ||
348 | |||
349 | key_put(old); | ||
350 | |||
351 | return 0; | ||
352 | 263 | ||
353 | } /* end exec_keys() */ | 264 | new = prepare_creds(); |
265 | if (!new) | ||
266 | return -ENOMEM; | ||
354 | 267 | ||
355 | /*****************************************************************************/ | 268 | ret = install_session_keyring_to_cred(new, NULL); |
356 | /* | 269 | if (ret < 0) { |
357 | * deal with SUID programs | 270 | abort_creds(new); |
358 | * - we might want to make this invent a new session keyring | 271 | return ret; |
359 | */ | 272 | } |
360 | int suid_keys(struct task_struct *tsk) | ||
361 | { | ||
362 | return 0; | ||
363 | 273 | ||
364 | } /* end suid_keys() */ | 274 | return commit_creds(new); |
275 | } | ||
365 | 276 | ||
366 | /*****************************************************************************/ | 277 | /*****************************************************************************/ |
367 | /* | 278 | /* |
@@ -370,10 +281,11 @@ int suid_keys(struct task_struct *tsk) | |||
370 | void key_fsuid_changed(struct task_struct *tsk) | 281 | void key_fsuid_changed(struct task_struct *tsk) |
371 | { | 282 | { |
372 | /* update the ownership of the thread keyring */ | 283 | /* update the ownership of the thread keyring */ |
373 | if (tsk->thread_keyring) { | 284 | BUG_ON(!tsk->cred); |
374 | down_write(&tsk->thread_keyring->sem); | 285 | if (tsk->cred->thread_keyring) { |
375 | tsk->thread_keyring->uid = tsk->fsuid; | 286 | down_write(&tsk->cred->thread_keyring->sem); |
376 | up_write(&tsk->thread_keyring->sem); | 287 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; |
288 | up_write(&tsk->cred->thread_keyring->sem); | ||
377 | } | 289 | } |
378 | 290 | ||
379 | } /* end key_fsuid_changed() */ | 291 | } /* end key_fsuid_changed() */ |
@@ -385,10 +297,11 @@ void key_fsuid_changed(struct task_struct *tsk) | |||
385 | void key_fsgid_changed(struct task_struct *tsk) | 297 | void key_fsgid_changed(struct task_struct *tsk) |
386 | { | 298 | { |
387 | /* update the ownership of the thread keyring */ | 299 | /* update the ownership of the thread keyring */ |
388 | if (tsk->thread_keyring) { | 300 | BUG_ON(!tsk->cred); |
389 | down_write(&tsk->thread_keyring->sem); | 301 | if (tsk->cred->thread_keyring) { |
390 | tsk->thread_keyring->gid = tsk->fsgid; | 302 | down_write(&tsk->cred->thread_keyring->sem); |
391 | up_write(&tsk->thread_keyring->sem); | 303 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; |
304 | up_write(&tsk->cred->thread_keyring->sem); | ||
392 | } | 305 | } |
393 | 306 | ||
394 | } /* end key_fsgid_changed() */ | 307 | } /* end key_fsgid_changed() */ |
@@ -404,7 +317,7 @@ void key_fsgid_changed(struct task_struct *tsk) | |||
404 | key_ref_t search_process_keyrings(struct key_type *type, | 317 | key_ref_t search_process_keyrings(struct key_type *type, |
405 | const void *description, | 318 | const void *description, |
406 | key_match_func_t match, | 319 | key_match_func_t match, |
407 | struct task_struct *context) | 320 | const struct cred *cred) |
408 | { | 321 | { |
409 | struct request_key_auth *rka; | 322 | struct request_key_auth *rka; |
410 | key_ref_t key_ref, ret, err; | 323 | key_ref_t key_ref, ret, err; |
@@ -423,10 +336,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
423 | err = ERR_PTR(-EAGAIN); | 336 | err = ERR_PTR(-EAGAIN); |
424 | 337 | ||
425 | /* search the thread keyring first */ | 338 | /* search the thread keyring first */ |
426 | if (context->thread_keyring) { | 339 | if (cred->thread_keyring) { |
427 | key_ref = keyring_search_aux( | 340 | key_ref = keyring_search_aux( |
428 | make_key_ref(context->thread_keyring, 1), | 341 | make_key_ref(cred->thread_keyring, 1), |
429 | context, type, description, match); | 342 | cred, type, description, match); |
430 | if (!IS_ERR(key_ref)) | 343 | if (!IS_ERR(key_ref)) |
431 | goto found; | 344 | goto found; |
432 | 345 | ||
@@ -444,10 +357,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
444 | } | 357 | } |
445 | 358 | ||
446 | /* search the process keyring second */ | 359 | /* search the process keyring second */ |
447 | if (context->signal->process_keyring) { | 360 | if (cred->tgcred->process_keyring) { |
448 | key_ref = keyring_search_aux( | 361 | key_ref = keyring_search_aux( |
449 | make_key_ref(context->signal->process_keyring, 1), | 362 | make_key_ref(cred->tgcred->process_keyring, 1), |
450 | context, type, description, match); | 363 | cred, type, description, match); |
451 | if (!IS_ERR(key_ref)) | 364 | if (!IS_ERR(key_ref)) |
452 | goto found; | 365 | goto found; |
453 | 366 | ||
@@ -465,13 +378,13 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
465 | } | 378 | } |
466 | 379 | ||
467 | /* search the session keyring */ | 380 | /* search the session keyring */ |
468 | if (context->signal->session_keyring) { | 381 | if (cred->tgcred->session_keyring) { |
469 | rcu_read_lock(); | 382 | rcu_read_lock(); |
470 | key_ref = keyring_search_aux( | 383 | key_ref = keyring_search_aux( |
471 | make_key_ref(rcu_dereference( | 384 | make_key_ref(rcu_dereference( |
472 | context->signal->session_keyring), | 385 | cred->tgcred->session_keyring), |
473 | 1), | 386 | 1), |
474 | context, type, description, match); | 387 | cred, type, description, match); |
475 | rcu_read_unlock(); | 388 | rcu_read_unlock(); |
476 | 389 | ||
477 | if (!IS_ERR(key_ref)) | 390 | if (!IS_ERR(key_ref)) |
@@ -490,10 +403,10 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
490 | } | 403 | } |
491 | } | 404 | } |
492 | /* or search the user-session keyring */ | 405 | /* or search the user-session keyring */ |
493 | else if (context->user->session_keyring) { | 406 | else if (cred->user->session_keyring) { |
494 | key_ref = keyring_search_aux( | 407 | key_ref = keyring_search_aux( |
495 | make_key_ref(context->user->session_keyring, 1), | 408 | make_key_ref(cred->user->session_keyring, 1), |
496 | context, type, description, match); | 409 | cred, type, description, match); |
497 | if (!IS_ERR(key_ref)) | 410 | if (!IS_ERR(key_ref)) |
498 | goto found; | 411 | goto found; |
499 | 412 | ||
@@ -514,20 +427,20 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
514 | * search the keyrings of the process mentioned there | 427 | * search the keyrings of the process mentioned there |
515 | * - we don't permit access to request_key auth keys via this method | 428 | * - we don't permit access to request_key auth keys via this method |
516 | */ | 429 | */ |
517 | if (context->request_key_auth && | 430 | if (cred->request_key_auth && |
518 | context == current && | 431 | cred == current_cred() && |
519 | type != &key_type_request_key_auth | 432 | type != &key_type_request_key_auth |
520 | ) { | 433 | ) { |
521 | /* defend against the auth key being revoked */ | 434 | /* defend against the auth key being revoked */ |
522 | down_read(&context->request_key_auth->sem); | 435 | down_read(&cred->request_key_auth->sem); |
523 | 436 | ||
524 | if (key_validate(context->request_key_auth) == 0) { | 437 | if (key_validate(cred->request_key_auth) == 0) { |
525 | rka = context->request_key_auth->payload.data; | 438 | rka = cred->request_key_auth->payload.data; |
526 | 439 | ||
527 | key_ref = search_process_keyrings(type, description, | 440 | key_ref = search_process_keyrings(type, description, |
528 | match, rka->context); | 441 | match, rka->cred); |
529 | 442 | ||
530 | up_read(&context->request_key_auth->sem); | 443 | up_read(&cred->request_key_auth->sem); |
531 | 444 | ||
532 | if (!IS_ERR(key_ref)) | 445 | if (!IS_ERR(key_ref)) |
533 | goto found; | 446 | goto found; |
@@ -544,7 +457,7 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
544 | break; | 457 | break; |
545 | } | 458 | } |
546 | } else { | 459 | } else { |
547 | up_read(&context->request_key_auth->sem); | 460 | up_read(&cred->request_key_auth->sem); |
548 | } | 461 | } |
549 | } | 462 | } |
550 | 463 | ||
@@ -572,93 +485,98 @@ static int lookup_user_key_possessed(const struct key *key, const void *target) | |||
572 | * - don't create special keyrings unless so requested | 485 | * - don't create special keyrings unless so requested |
573 | * - partially constructed keys aren't found unless requested | 486 | * - partially constructed keys aren't found unless requested |
574 | */ | 487 | */ |
575 | key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | 488 | key_ref_t lookup_user_key(key_serial_t id, int create, int partial, |
576 | int create, int partial, key_perm_t perm) | 489 | key_perm_t perm) |
577 | { | 490 | { |
578 | key_ref_t key_ref, skey_ref; | 491 | struct request_key_auth *rka; |
492 | const struct cred *cred; | ||
579 | struct key *key; | 493 | struct key *key; |
494 | key_ref_t key_ref, skey_ref; | ||
580 | int ret; | 495 | int ret; |
581 | 496 | ||
582 | if (!context) | 497 | try_again: |
583 | context = current; | 498 | cred = get_current_cred(); |
584 | |||
585 | key_ref = ERR_PTR(-ENOKEY); | 499 | key_ref = ERR_PTR(-ENOKEY); |
586 | 500 | ||
587 | switch (id) { | 501 | switch (id) { |
588 | case KEY_SPEC_THREAD_KEYRING: | 502 | case KEY_SPEC_THREAD_KEYRING: |
589 | if (!context->thread_keyring) { | 503 | if (!cred->thread_keyring) { |
590 | if (!create) | 504 | if (!create) |
591 | goto error; | 505 | goto error; |
592 | 506 | ||
593 | ret = install_thread_keyring(context); | 507 | ret = install_thread_keyring(); |
594 | if (ret < 0) { | 508 | if (ret < 0) { |
595 | key = ERR_PTR(ret); | 509 | key = ERR_PTR(ret); |
596 | goto error; | 510 | goto error; |
597 | } | 511 | } |
512 | goto reget_creds; | ||
598 | } | 513 | } |
599 | 514 | ||
600 | key = context->thread_keyring; | 515 | key = cred->thread_keyring; |
601 | atomic_inc(&key->usage); | 516 | atomic_inc(&key->usage); |
602 | key_ref = make_key_ref(key, 1); | 517 | key_ref = make_key_ref(key, 1); |
603 | break; | 518 | break; |
604 | 519 | ||
605 | case KEY_SPEC_PROCESS_KEYRING: | 520 | case KEY_SPEC_PROCESS_KEYRING: |
606 | if (!context->signal->process_keyring) { | 521 | if (!cred->tgcred->process_keyring) { |
607 | if (!create) | 522 | if (!create) |
608 | goto error; | 523 | goto error; |
609 | 524 | ||
610 | ret = install_process_keyring(context); | 525 | ret = install_process_keyring(); |
611 | if (ret < 0) { | 526 | if (ret < 0) { |
612 | key = ERR_PTR(ret); | 527 | key = ERR_PTR(ret); |
613 | goto error; | 528 | goto error; |
614 | } | 529 | } |
530 | goto reget_creds; | ||
615 | } | 531 | } |
616 | 532 | ||
617 | key = context->signal->process_keyring; | 533 | key = cred->tgcred->process_keyring; |
618 | atomic_inc(&key->usage); | 534 | atomic_inc(&key->usage); |
619 | key_ref = make_key_ref(key, 1); | 535 | key_ref = make_key_ref(key, 1); |
620 | break; | 536 | break; |
621 | 537 | ||
622 | case KEY_SPEC_SESSION_KEYRING: | 538 | case KEY_SPEC_SESSION_KEYRING: |
623 | if (!context->signal->session_keyring) { | 539 | if (!cred->tgcred->session_keyring) { |
624 | /* always install a session keyring upon access if one | 540 | /* always install a session keyring upon access if one |
625 | * doesn't exist yet */ | 541 | * doesn't exist yet */ |
626 | ret = install_user_keyrings(context); | 542 | ret = install_user_keyrings(); |
627 | if (ret < 0) | 543 | if (ret < 0) |
628 | goto error; | 544 | goto error; |
629 | ret = install_session_keyring( | 545 | ret = install_session_keyring( |
630 | context, context->user->session_keyring); | 546 | cred->user->session_keyring); |
547 | |||
631 | if (ret < 0) | 548 | if (ret < 0) |
632 | goto error; | 549 | goto error; |
550 | goto reget_creds; | ||
633 | } | 551 | } |
634 | 552 | ||
635 | rcu_read_lock(); | 553 | rcu_read_lock(); |
636 | key = rcu_dereference(context->signal->session_keyring); | 554 | key = rcu_dereference(cred->tgcred->session_keyring); |
637 | atomic_inc(&key->usage); | 555 | atomic_inc(&key->usage); |
638 | rcu_read_unlock(); | 556 | rcu_read_unlock(); |
639 | key_ref = make_key_ref(key, 1); | 557 | key_ref = make_key_ref(key, 1); |
640 | break; | 558 | break; |
641 | 559 | ||
642 | case KEY_SPEC_USER_KEYRING: | 560 | case KEY_SPEC_USER_KEYRING: |
643 | if (!context->user->uid_keyring) { | 561 | if (!cred->user->uid_keyring) { |
644 | ret = install_user_keyrings(context); | 562 | ret = install_user_keyrings(); |
645 | if (ret < 0) | 563 | if (ret < 0) |
646 | goto error; | 564 | goto error; |
647 | } | 565 | } |
648 | 566 | ||
649 | key = context->user->uid_keyring; | 567 | key = cred->user->uid_keyring; |
650 | atomic_inc(&key->usage); | 568 | atomic_inc(&key->usage); |
651 | key_ref = make_key_ref(key, 1); | 569 | key_ref = make_key_ref(key, 1); |
652 | break; | 570 | break; |
653 | 571 | ||
654 | case KEY_SPEC_USER_SESSION_KEYRING: | 572 | case KEY_SPEC_USER_SESSION_KEYRING: |
655 | if (!context->user->session_keyring) { | 573 | if (!cred->user->session_keyring) { |
656 | ret = install_user_keyrings(context); | 574 | ret = install_user_keyrings(); |
657 | if (ret < 0) | 575 | if (ret < 0) |
658 | goto error; | 576 | goto error; |
659 | } | 577 | } |
660 | 578 | ||
661 | key = context->user->session_keyring; | 579 | key = cred->user->session_keyring; |
662 | atomic_inc(&key->usage); | 580 | atomic_inc(&key->usage); |
663 | key_ref = make_key_ref(key, 1); | 581 | key_ref = make_key_ref(key, 1); |
664 | break; | 582 | break; |
@@ -669,7 +587,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
669 | goto error; | 587 | goto error; |
670 | 588 | ||
671 | case KEY_SPEC_REQKEY_AUTH_KEY: | 589 | case KEY_SPEC_REQKEY_AUTH_KEY: |
672 | key = context->request_key_auth; | 590 | key = cred->request_key_auth; |
673 | if (!key) | 591 | if (!key) |
674 | goto error; | 592 | goto error; |
675 | 593 | ||
@@ -677,6 +595,25 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
677 | key_ref = make_key_ref(key, 1); | 595 | key_ref = make_key_ref(key, 1); |
678 | break; | 596 | break; |
679 | 597 | ||
598 | case KEY_SPEC_REQUESTOR_KEYRING: | ||
599 | if (!cred->request_key_auth) | ||
600 | goto error; | ||
601 | |||
602 | down_read(&cred->request_key_auth->sem); | ||
603 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { | ||
604 | key_ref = ERR_PTR(-EKEYREVOKED); | ||
605 | key = NULL; | ||
606 | } else { | ||
607 | rka = cred->request_key_auth->payload.data; | ||
608 | key = rka->dest_keyring; | ||
609 | atomic_inc(&key->usage); | ||
610 | } | ||
611 | up_read(&cred->request_key_auth->sem); | ||
612 | if (!key) | ||
613 | goto error; | ||
614 | key_ref = make_key_ref(key, 1); | ||
615 | break; | ||
616 | |||
680 | default: | 617 | default: |
681 | key_ref = ERR_PTR(-EINVAL); | 618 | key_ref = ERR_PTR(-EINVAL); |
682 | if (id < 1) | 619 | if (id < 1) |
@@ -693,7 +630,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
693 | /* check to see if we possess the key */ | 630 | /* check to see if we possess the key */ |
694 | skey_ref = search_process_keyrings(key->type, key, | 631 | skey_ref = search_process_keyrings(key->type, key, |
695 | lookup_user_key_possessed, | 632 | lookup_user_key_possessed, |
696 | current); | 633 | cred); |
697 | 634 | ||
698 | if (!IS_ERR(skey_ref)) { | 635 | if (!IS_ERR(skey_ref)) { |
699 | key_put(key); | 636 | key_put(key); |
@@ -725,11 +662,12 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, | |||
725 | goto invalid_key; | 662 | goto invalid_key; |
726 | 663 | ||
727 | /* check the permissions */ | 664 | /* check the permissions */ |
728 | ret = key_task_permission(key_ref, context, perm); | 665 | ret = key_task_permission(key_ref, cred, perm); |
729 | if (ret < 0) | 666 | if (ret < 0) |
730 | goto invalid_key; | 667 | goto invalid_key; |
731 | 668 | ||
732 | error: | 669 | error: |
670 | put_cred(cred); | ||
733 | return key_ref; | 671 | return key_ref; |
734 | 672 | ||
735 | invalid_key: | 673 | invalid_key: |
@@ -737,6 +675,12 @@ invalid_key: | |||
737 | key_ref = ERR_PTR(ret); | 675 | key_ref = ERR_PTR(ret); |
738 | goto error; | 676 | goto error; |
739 | 677 | ||
678 | /* if we attempted to install a keyring, then it may have caused new | ||
679 | * creds to be installed */ | ||
680 | reget_creds: | ||
681 | put_cred(cred); | ||
682 | goto try_again; | ||
683 | |||
740 | } /* end lookup_user_key() */ | 684 | } /* end lookup_user_key() */ |
741 | 685 | ||
742 | /*****************************************************************************/ | 686 | /*****************************************************************************/ |
@@ -748,20 +692,33 @@ invalid_key: | |||
748 | */ | 692 | */ |
749 | long join_session_keyring(const char *name) | 693 | long join_session_keyring(const char *name) |
750 | { | 694 | { |
751 | struct task_struct *tsk = current; | 695 | const struct cred *old; |
696 | struct cred *new; | ||
752 | struct key *keyring; | 697 | struct key *keyring; |
753 | long ret; | 698 | long ret, serial; |
699 | |||
700 | /* only permit this if there's a single thread in the thread group - | ||
701 | * this avoids us having to adjust the creds on all threads and risking | ||
702 | * ENOMEM */ | ||
703 | if (!is_single_threaded(current)) | ||
704 | return -EMLINK; | ||
705 | |||
706 | new = prepare_creds(); | ||
707 | if (!new) | ||
708 | return -ENOMEM; | ||
709 | old = current_cred(); | ||
754 | 710 | ||
755 | /* if no name is provided, install an anonymous keyring */ | 711 | /* if no name is provided, install an anonymous keyring */ |
756 | if (!name) { | 712 | if (!name) { |
757 | ret = install_session_keyring(tsk, NULL); | 713 | ret = install_session_keyring_to_cred(new, NULL); |
758 | if (ret < 0) | 714 | if (ret < 0) |
759 | goto error; | 715 | goto error; |
760 | 716 | ||
761 | rcu_read_lock(); | 717 | serial = new->tgcred->session_keyring->serial; |
762 | ret = rcu_dereference(tsk->signal->session_keyring)->serial; | 718 | ret = commit_creds(new); |
763 | rcu_read_unlock(); | 719 | if (ret == 0) |
764 | goto error; | 720 | ret = serial; |
721 | goto okay; | ||
765 | } | 722 | } |
766 | 723 | ||
767 | /* allow the user to join or create a named keyring */ | 724 | /* allow the user to join or create a named keyring */ |
@@ -771,29 +728,33 @@ long join_session_keyring(const char *name) | |||
771 | keyring = find_keyring_by_name(name, false); | 728 | keyring = find_keyring_by_name(name, false); |
772 | if (PTR_ERR(keyring) == -ENOKEY) { | 729 | if (PTR_ERR(keyring) == -ENOKEY) { |
773 | /* not found - try and create a new one */ | 730 | /* not found - try and create a new one */ |
774 | keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, | 731 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
775 | KEY_ALLOC_IN_QUOTA, NULL); | 732 | KEY_ALLOC_IN_QUOTA, NULL); |
776 | if (IS_ERR(keyring)) { | 733 | if (IS_ERR(keyring)) { |
777 | ret = PTR_ERR(keyring); | 734 | ret = PTR_ERR(keyring); |
778 | goto error2; | 735 | goto error2; |
779 | } | 736 | } |
780 | } | 737 | } else if (IS_ERR(keyring)) { |
781 | else if (IS_ERR(keyring)) { | ||
782 | ret = PTR_ERR(keyring); | 738 | ret = PTR_ERR(keyring); |
783 | goto error2; | 739 | goto error2; |
784 | } | 740 | } |
785 | 741 | ||
786 | /* we've got a keyring - now to install it */ | 742 | /* we've got a keyring - now to install it */ |
787 | ret = install_session_keyring(tsk, keyring); | 743 | ret = install_session_keyring_to_cred(new, keyring); |
788 | if (ret < 0) | 744 | if (ret < 0) |
789 | goto error2; | 745 | goto error2; |
790 | 746 | ||
747 | commit_creds(new); | ||
748 | mutex_unlock(&key_session_mutex); | ||
749 | |||
791 | ret = keyring->serial; | 750 | ret = keyring->serial; |
792 | key_put(keyring); | 751 | key_put(keyring); |
752 | okay: | ||
753 | return ret; | ||
793 | 754 | ||
794 | error2: | 755 | error2: |
795 | mutex_unlock(&key_session_mutex); | 756 | mutex_unlock(&key_session_mutex); |
796 | error: | 757 | error: |
758 | abort_creds(new); | ||
797 | return ret; | 759 | return ret; |
798 | 760 | } | |
799 | } /* end join_session_keyring() */ | ||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index abea08f87fe2..0e04f72ef2d4 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -19,6 +19,8 @@ | |||
19 | #include <linux/slab.h> | 19 | #include <linux/slab.h> |
20 | #include "internal.h" | 20 | #include "internal.h" |
21 | 21 | ||
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
23 | |||
22 | /* | 24 | /* |
23 | * wait_on_bit() sleep function for uninterruptible waiting | 25 | * wait_on_bit() sleep function for uninterruptible waiting |
24 | */ | 26 | */ |
@@ -64,7 +66,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
64 | const char *op, | 66 | const char *op, |
65 | void *aux) | 67 | void *aux) |
66 | { | 68 | { |
67 | struct task_struct *tsk = current; | 69 | const struct cred *cred = current_cred(); |
68 | key_serial_t prkey, sskey; | 70 | key_serial_t prkey, sskey; |
69 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; | 71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
70 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | 72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
@@ -74,15 +76,17 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
74 | 76 | ||
75 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); | 77 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
76 | 78 | ||
77 | ret = install_user_keyrings(tsk); | 79 | ret = install_user_keyrings(); |
78 | if (ret < 0) | 80 | if (ret < 0) |
79 | goto error_alloc; | 81 | goto error_alloc; |
80 | 82 | ||
81 | /* allocate a new session keyring */ | 83 | /* allocate a new session keyring */ |
82 | sprintf(desc, "_req.%u", key->serial); | 84 | sprintf(desc, "_req.%u", key->serial); |
83 | 85 | ||
84 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, | 86 | cred = get_current_cred(); |
87 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | ||
85 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 88 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
89 | put_cred(cred); | ||
86 | if (IS_ERR(keyring)) { | 90 | if (IS_ERR(keyring)) { |
87 | ret = PTR_ERR(keyring); | 91 | ret = PTR_ERR(keyring); |
88 | goto error_alloc; | 92 | goto error_alloc; |
@@ -94,29 +98,24 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
94 | goto error_link; | 98 | goto error_link; |
95 | 99 | ||
96 | /* record the UID and GID */ | 100 | /* record the UID and GID */ |
97 | sprintf(uid_str, "%d", current->fsuid); | 101 | sprintf(uid_str, "%d", cred->fsuid); |
98 | sprintf(gid_str, "%d", current->fsgid); | 102 | sprintf(gid_str, "%d", cred->fsgid); |
99 | 103 | ||
100 | /* we say which key is under construction */ | 104 | /* we say which key is under construction */ |
101 | sprintf(key_str, "%d", key->serial); | 105 | sprintf(key_str, "%d", key->serial); |
102 | 106 | ||
103 | /* we specify the process's default keyrings */ | 107 | /* we specify the process's default keyrings */ |
104 | sprintf(keyring_str[0], "%d", | 108 | sprintf(keyring_str[0], "%d", |
105 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | 109 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
106 | 110 | ||
107 | prkey = 0; | 111 | prkey = 0; |
108 | if (tsk->signal->process_keyring) | 112 | if (cred->tgcred->process_keyring) |
109 | prkey = tsk->signal->process_keyring->serial; | 113 | prkey = cred->tgcred->process_keyring->serial; |
110 | |||
111 | sprintf(keyring_str[1], "%d", prkey); | ||
112 | 114 | ||
113 | if (tsk->signal->session_keyring) { | 115 | if (cred->tgcred->session_keyring) |
114 | rcu_read_lock(); | 116 | sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; |
115 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | 117 | else |
116 | rcu_read_unlock(); | 118 | sskey = cred->user->session_keyring->serial; |
117 | } else { | ||
118 | sskey = tsk->user->session_keyring->serial; | ||
119 | } | ||
120 | 119 | ||
121 | sprintf(keyring_str[2], "%d", sskey); | 120 | sprintf(keyring_str[2], "%d", sskey); |
122 | 121 | ||
@@ -157,8 +156,8 @@ error_link: | |||
157 | key_put(keyring); | 156 | key_put(keyring); |
158 | 157 | ||
159 | error_alloc: | 158 | error_alloc: |
160 | kleave(" = %d", ret); | ||
161 | complete_request_key(cons, ret); | 159 | complete_request_key(cons, ret); |
160 | kleave(" = %d", ret); | ||
162 | return ret; | 161 | return ret; |
163 | } | 162 | } |
164 | 163 | ||
@@ -167,7 +166,8 @@ error_alloc: | |||
167 | * - we ignore program failure and go on key status instead | 166 | * - we ignore program failure and go on key status instead |
168 | */ | 167 | */ |
169 | static int construct_key(struct key *key, const void *callout_info, | 168 | static int construct_key(struct key *key, const void *callout_info, |
170 | size_t callout_len, void *aux) | 169 | size_t callout_len, void *aux, |
170 | struct key *dest_keyring) | ||
171 | { | 171 | { |
172 | struct key_construction *cons; | 172 | struct key_construction *cons; |
173 | request_key_actor_t actor; | 173 | request_key_actor_t actor; |
@@ -181,7 +181,8 @@ static int construct_key(struct key *key, const void *callout_info, | |||
181 | return -ENOMEM; | 181 | return -ENOMEM; |
182 | 182 | ||
183 | /* allocate an authorisation key */ | 183 | /* allocate an authorisation key */ |
184 | authkey = request_key_auth_new(key, callout_info, callout_len); | 184 | authkey = request_key_auth_new(key, callout_info, callout_len, |
185 | dest_keyring); | ||
185 | if (IS_ERR(authkey)) { | 186 | if (IS_ERR(authkey)) { |
186 | kfree(cons); | 187 | kfree(cons); |
187 | ret = PTR_ERR(authkey); | 188 | ret = PTR_ERR(authkey); |
@@ -209,46 +210,67 @@ static int construct_key(struct key *key, const void *callout_info, | |||
209 | } | 210 | } |
210 | 211 | ||
211 | /* | 212 | /* |
212 | * link a key to the appropriate destination keyring | 213 | * get the appropriate destination keyring for the request |
213 | * - the caller must hold a write lock on the destination keyring | 214 | * - we return whatever keyring we select with an extra reference upon it which |
215 | * the caller must release | ||
214 | */ | 216 | */ |
215 | static void construct_key_make_link(struct key *key, struct key *dest_keyring) | 217 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
216 | { | 218 | { |
217 | struct task_struct *tsk = current; | 219 | struct request_key_auth *rka; |
218 | struct key *drop = NULL; | 220 | const struct cred *cred = current_cred(); |
221 | struct key *dest_keyring = *_dest_keyring, *authkey; | ||
219 | 222 | ||
220 | kenter("{%d},%p", key->serial, dest_keyring); | 223 | kenter("%p", dest_keyring); |
221 | 224 | ||
222 | /* find the appropriate keyring */ | 225 | /* find the appropriate keyring */ |
223 | if (!dest_keyring) { | 226 | if (dest_keyring) { |
224 | switch (tsk->jit_keyring) { | 227 | /* the caller supplied one */ |
228 | key_get(dest_keyring); | ||
229 | } else { | ||
230 | /* use a default keyring; falling through the cases until we | ||
231 | * find one that we actually have */ | ||
232 | switch (cred->jit_keyring) { | ||
225 | case KEY_REQKEY_DEFL_DEFAULT: | 233 | case KEY_REQKEY_DEFL_DEFAULT: |
234 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: | ||
235 | if (cred->request_key_auth) { | ||
236 | authkey = cred->request_key_auth; | ||
237 | down_read(&authkey->sem); | ||
238 | rka = authkey->payload.data; | ||
239 | if (!test_bit(KEY_FLAG_REVOKED, | ||
240 | &authkey->flags)) | ||
241 | dest_keyring = | ||
242 | key_get(rka->dest_keyring); | ||
243 | up_read(&authkey->sem); | ||
244 | if (dest_keyring) | ||
245 | break; | ||
246 | } | ||
247 | |||
226 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | 248 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
227 | dest_keyring = tsk->thread_keyring; | 249 | dest_keyring = key_get(cred->thread_keyring); |
228 | if (dest_keyring) | 250 | if (dest_keyring) |
229 | break; | 251 | break; |
230 | 252 | ||
231 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 253 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
232 | dest_keyring = tsk->signal->process_keyring; | 254 | dest_keyring = key_get(cred->tgcred->process_keyring); |
233 | if (dest_keyring) | 255 | if (dest_keyring) |
234 | break; | 256 | break; |
235 | 257 | ||
236 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 258 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
237 | rcu_read_lock(); | 259 | rcu_read_lock(); |
238 | dest_keyring = key_get( | 260 | dest_keyring = key_get( |
239 | rcu_dereference(tsk->signal->session_keyring)); | 261 | rcu_dereference(cred->tgcred->session_keyring)); |
240 | rcu_read_unlock(); | 262 | rcu_read_unlock(); |
241 | drop = dest_keyring; | ||
242 | 263 | ||
243 | if (dest_keyring) | 264 | if (dest_keyring) |
244 | break; | 265 | break; |
245 | 266 | ||
246 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 267 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
247 | dest_keyring = tsk->user->session_keyring; | 268 | dest_keyring = |
269 | key_get(cred->user->session_keyring); | ||
248 | break; | 270 | break; |
249 | 271 | ||
250 | case KEY_REQKEY_DEFL_USER_KEYRING: | 272 | case KEY_REQKEY_DEFL_USER_KEYRING: |
251 | dest_keyring = tsk->user->uid_keyring; | 273 | dest_keyring = key_get(cred->user->uid_keyring); |
252 | break; | 274 | break; |
253 | 275 | ||
254 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 276 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
@@ -257,10 +279,9 @@ static void construct_key_make_link(struct key *key, struct key *dest_keyring) | |||
257 | } | 279 | } |
258 | } | 280 | } |
259 | 281 | ||
260 | /* and attach the key to it */ | 282 | *_dest_keyring = dest_keyring; |
261 | __key_link(dest_keyring, key); | 283 | kleave(" [dk %d]", key_serial(dest_keyring)); |
262 | key_put(drop); | 284 | return; |
263 | kleave(""); | ||
264 | } | 285 | } |
265 | 286 | ||
266 | /* | 287 | /* |
@@ -275,6 +296,7 @@ static int construct_alloc_key(struct key_type *type, | |||
275 | struct key_user *user, | 296 | struct key_user *user, |
276 | struct key **_key) | 297 | struct key **_key) |
277 | { | 298 | { |
299 | const struct cred *cred = current_cred(); | ||
278 | struct key *key; | 300 | struct key *key; |
279 | key_ref_t key_ref; | 301 | key_ref_t key_ref; |
280 | 302 | ||
@@ -282,33 +304,28 @@ static int construct_alloc_key(struct key_type *type, | |||
282 | 304 | ||
283 | mutex_lock(&user->cons_lock); | 305 | mutex_lock(&user->cons_lock); |
284 | 306 | ||
285 | key = key_alloc(type, description, | 307 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
286 | current->fsuid, current->fsgid, current, KEY_POS_ALL, | 308 | KEY_POS_ALL, flags); |
287 | flags); | ||
288 | if (IS_ERR(key)) | 309 | if (IS_ERR(key)) |
289 | goto alloc_failed; | 310 | goto alloc_failed; |
290 | 311 | ||
291 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | 312 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
292 | 313 | ||
293 | if (dest_keyring) | 314 | down_write(&dest_keyring->sem); |
294 | down_write(&dest_keyring->sem); | ||
295 | 315 | ||
296 | /* attach the key to the destination keyring under lock, but we do need | 316 | /* attach the key to the destination keyring under lock, but we do need |
297 | * to do another check just in case someone beat us to it whilst we | 317 | * to do another check just in case someone beat us to it whilst we |
298 | * waited for locks */ | 318 | * waited for locks */ |
299 | mutex_lock(&key_construction_mutex); | 319 | mutex_lock(&key_construction_mutex); |
300 | 320 | ||
301 | key_ref = search_process_keyrings(type, description, type->match, | 321 | key_ref = search_process_keyrings(type, description, type->match, cred); |
302 | current); | ||
303 | if (!IS_ERR(key_ref)) | 322 | if (!IS_ERR(key_ref)) |
304 | goto key_already_present; | 323 | goto key_already_present; |
305 | 324 | ||
306 | if (dest_keyring) | 325 | __key_link(dest_keyring, key); |
307 | construct_key_make_link(key, dest_keyring); | ||
308 | 326 | ||
309 | mutex_unlock(&key_construction_mutex); | 327 | mutex_unlock(&key_construction_mutex); |
310 | if (dest_keyring) | 328 | up_write(&dest_keyring->sem); |
311 | up_write(&dest_keyring->sem); | ||
312 | mutex_unlock(&user->cons_lock); | 329 | mutex_unlock(&user->cons_lock); |
313 | *_key = key; | 330 | *_key = key; |
314 | kleave(" = 0 [%d]", key_serial(key)); | 331 | kleave(" = 0 [%d]", key_serial(key)); |
@@ -346,25 +363,36 @@ static struct key *construct_key_and_link(struct key_type *type, | |||
346 | struct key *key; | 363 | struct key *key; |
347 | int ret; | 364 | int ret; |
348 | 365 | ||
349 | user = key_user_lookup(current->fsuid); | 366 | kenter(""); |
367 | |||
368 | user = key_user_lookup(current_fsuid()); | ||
350 | if (!user) | 369 | if (!user) |
351 | return ERR_PTR(-ENOMEM); | 370 | return ERR_PTR(-ENOMEM); |
352 | 371 | ||
372 | construct_get_dest_keyring(&dest_keyring); | ||
373 | |||
353 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, | 374 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
354 | &key); | 375 | &key); |
355 | key_user_put(user); | 376 | key_user_put(user); |
356 | 377 | ||
357 | if (ret == 0) { | 378 | if (ret == 0) { |
358 | ret = construct_key(key, callout_info, callout_len, aux); | 379 | ret = construct_key(key, callout_info, callout_len, aux, |
359 | if (ret < 0) | 380 | dest_keyring); |
381 | if (ret < 0) { | ||
382 | kdebug("cons failed"); | ||
360 | goto construction_failed; | 383 | goto construction_failed; |
384 | } | ||
361 | } | 385 | } |
362 | 386 | ||
387 | key_put(dest_keyring); | ||
388 | kleave(" = key %d", key_serial(key)); | ||
363 | return key; | 389 | return key; |
364 | 390 | ||
365 | construction_failed: | 391 | construction_failed: |
366 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | 392 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); |
367 | key_put(key); | 393 | key_put(key); |
394 | key_put(dest_keyring); | ||
395 | kleave(" = %d", ret); | ||
368 | return ERR_PTR(ret); | 396 | return ERR_PTR(ret); |
369 | } | 397 | } |
370 | 398 | ||
@@ -383,6 +411,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
383 | struct key *dest_keyring, | 411 | struct key *dest_keyring, |
384 | unsigned long flags) | 412 | unsigned long flags) |
385 | { | 413 | { |
414 | const struct cred *cred = current_cred(); | ||
386 | struct key *key; | 415 | struct key *key; |
387 | key_ref_t key_ref; | 416 | key_ref_t key_ref; |
388 | 417 | ||
@@ -392,7 +421,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
392 | 421 | ||
393 | /* search all the process keyrings for a key */ | 422 | /* search all the process keyrings for a key */ |
394 | key_ref = search_process_keyrings(type, description, type->match, | 423 | key_ref = search_process_keyrings(type, description, type->match, |
395 | current); | 424 | cred); |
396 | 425 | ||
397 | if (!IS_ERR(key_ref)) { | 426 | if (!IS_ERR(key_ref)) { |
398 | key = key_ref_to_ptr(key_ref); | 427 | key = key_ref_to_ptr(key_ref); |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index bd237b0a6331..86747151ee5b 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key) | |||
105 | 105 | ||
106 | kenter("{%d}", key->serial); | 106 | kenter("{%d}", key->serial); |
107 | 107 | ||
108 | if (rka->context) { | 108 | if (rka->cred) { |
109 | put_task_struct(rka->context); | 109 | put_cred(rka->cred); |
110 | rka->context = NULL; | 110 | rka->cred = NULL; |
111 | } | 111 | } |
112 | 112 | ||
113 | } /* end request_key_auth_revoke() */ | 113 | } /* end request_key_auth_revoke() */ |
@@ -122,12 +122,13 @@ static void request_key_auth_destroy(struct key *key) | |||
122 | 122 | ||
123 | kenter("{%d}", key->serial); | 123 | kenter("{%d}", key->serial); |
124 | 124 | ||
125 | if (rka->context) { | 125 | if (rka->cred) { |
126 | put_task_struct(rka->context); | 126 | put_cred(rka->cred); |
127 | rka->context = NULL; | 127 | rka->cred = NULL; |
128 | } | 128 | } |
129 | 129 | ||
130 | key_put(rka->target_key); | 130 | key_put(rka->target_key); |
131 | key_put(rka->dest_keyring); | ||
131 | kfree(rka->callout_info); | 132 | kfree(rka->callout_info); |
132 | kfree(rka); | 133 | kfree(rka); |
133 | 134 | ||
@@ -139,9 +140,10 @@ static void request_key_auth_destroy(struct key *key) | |||
139 | * access to the caller's security data | 140 | * access to the caller's security data |
140 | */ | 141 | */ |
141 | struct key *request_key_auth_new(struct key *target, const void *callout_info, | 142 | struct key *request_key_auth_new(struct key *target, const void *callout_info, |
142 | size_t callout_len) | 143 | size_t callout_len, struct key *dest_keyring) |
143 | { | 144 | { |
144 | struct request_key_auth *rka, *irka; | 145 | struct request_key_auth *rka, *irka; |
146 | const struct cred *cred = current->cred; | ||
145 | struct key *authkey = NULL; | 147 | struct key *authkey = NULL; |
146 | char desc[20]; | 148 | char desc[20]; |
147 | int ret; | 149 | int ret; |
@@ -163,31 +165,29 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
163 | 165 | ||
164 | /* see if the calling process is already servicing the key request of | 166 | /* see if the calling process is already servicing the key request of |
165 | * another process */ | 167 | * another process */ |
166 | if (current->request_key_auth) { | 168 | if (cred->request_key_auth) { |
167 | /* it is - use that instantiation context here too */ | 169 | /* it is - use that instantiation context here too */ |
168 | down_read(¤t->request_key_auth->sem); | 170 | down_read(&cred->request_key_auth->sem); |
169 | 171 | ||
170 | /* if the auth key has been revoked, then the key we're | 172 | /* if the auth key has been revoked, then the key we're |
171 | * servicing is already instantiated */ | 173 | * servicing is already instantiated */ |
172 | if (test_bit(KEY_FLAG_REVOKED, | 174 | if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) |
173 | ¤t->request_key_auth->flags)) | ||
174 | goto auth_key_revoked; | 175 | goto auth_key_revoked; |
175 | 176 | ||
176 | irka = current->request_key_auth->payload.data; | 177 | irka = cred->request_key_auth->payload.data; |
177 | rka->context = irka->context; | 178 | rka->cred = get_cred(irka->cred); |
178 | rka->pid = irka->pid; | 179 | rka->pid = irka->pid; |
179 | get_task_struct(rka->context); | ||
180 | 180 | ||
181 | up_read(¤t->request_key_auth->sem); | 181 | up_read(&cred->request_key_auth->sem); |
182 | } | 182 | } |
183 | else { | 183 | else { |
184 | /* it isn't - use this process as the context */ | 184 | /* it isn't - use this process as the context */ |
185 | rka->context = current; | 185 | rka->cred = get_cred(cred); |
186 | rka->pid = current->pid; | 186 | rka->pid = current->pid; |
187 | get_task_struct(rka->context); | ||
188 | } | 187 | } |
189 | 188 | ||
190 | rka->target_key = key_get(target); | 189 | rka->target_key = key_get(target); |
190 | rka->dest_keyring = key_get(dest_keyring); | ||
191 | memcpy(rka->callout_info, callout_info, callout_len); | 191 | memcpy(rka->callout_info, callout_info, callout_len); |
192 | rka->callout_len = callout_len; | 192 | rka->callout_len = callout_len; |
193 | 193 | ||
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
195 | sprintf(desc, "%x", target->serial); | 195 | sprintf(desc, "%x", target->serial); |
196 | 196 | ||
197 | authkey = key_alloc(&key_type_request_key_auth, desc, | 197 | authkey = key_alloc(&key_type_request_key_auth, desc, |
198 | current->fsuid, current->fsgid, current, | 198 | cred->fsuid, cred->fsgid, cred, |
199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | | 199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | |
200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); | 200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); |
201 | if (IS_ERR(authkey)) { | 201 | if (IS_ERR(authkey)) { |
@@ -203,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
203 | goto error_alloc; | 203 | goto error_alloc; |
204 | } | 204 | } |
205 | 205 | ||
206 | /* construct and attach to the keyring */ | 206 | /* construct the auth key */ |
207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); | 207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); |
208 | if (ret < 0) | 208 | if (ret < 0) |
209 | goto error_inst; | 209 | goto error_inst; |
210 | 210 | ||
211 | kleave(" = {%d}", authkey->serial); | 211 | kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage)); |
212 | return authkey; | 212 | return authkey; |
213 | 213 | ||
214 | auth_key_revoked: | 214 | auth_key_revoked: |
215 | up_read(¤t->request_key_auth->sem); | 215 | up_read(&cred->request_key_auth->sem); |
216 | kfree(rka->callout_info); | 216 | kfree(rka->callout_info); |
217 | kfree(rka); | 217 | kfree(rka); |
218 | kleave("= -EKEYREVOKED"); | 218 | kleave("= -EKEYREVOKED"); |
@@ -223,6 +223,7 @@ error_inst: | |||
223 | key_put(authkey); | 223 | key_put(authkey); |
224 | error_alloc: | 224 | error_alloc: |
225 | key_put(rka->target_key); | 225 | key_put(rka->target_key); |
226 | key_put(rka->dest_keyring); | ||
226 | kfree(rka->callout_info); | 227 | kfree(rka->callout_info); |
227 | kfree(rka); | 228 | kfree(rka); |
228 | kleave("= %d", ret); | 229 | kleave("= %d", ret); |
@@ -254,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key, | |||
254 | */ | 255 | */ |
255 | struct key *key_get_instantiation_authkey(key_serial_t target_id) | 256 | struct key *key_get_instantiation_authkey(key_serial_t target_id) |
256 | { | 257 | { |
258 | const struct cred *cred = current_cred(); | ||
257 | struct key *authkey; | 259 | struct key *authkey; |
258 | key_ref_t authkey_ref; | 260 | key_ref_t authkey_ref; |
259 | 261 | ||
@@ -261,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) | |||
261 | &key_type_request_key_auth, | 263 | &key_type_request_key_auth, |
262 | (void *) (unsigned long) target_id, | 264 | (void *) (unsigned long) target_id, |
263 | key_get_instantiation_authkey_match, | 265 | key_get_instantiation_authkey_match, |
264 | current); | 266 | cred); |
265 | 267 | ||
266 | if (IS_ERR(authkey_ref)) { | 268 | if (IS_ERR(authkey_ref)) { |
267 | authkey = ERR_CAST(authkey_ref); | 269 | authkey = ERR_CAST(authkey_ref); |
diff --git a/security/root_plug.c b/security/root_plug.c index c3f68b5b372d..40fb4f15e27b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -55,9 +55,9 @@ static int rootplug_bprm_check_security (struct linux_binprm *bprm) | |||
55 | struct usb_device *dev; | 55 | struct usb_device *dev; |
56 | 56 | ||
57 | root_dbg("file %s, e_uid = %d, e_gid = %d\n", | 57 | root_dbg("file %s, e_uid = %d, e_gid = %d\n", |
58 | bprm->filename, bprm->e_uid, bprm->e_gid); | 58 | bprm->filename, bprm->cred->euid, bprm->cred->egid); |
59 | 59 | ||
60 | if (bprm->e_gid == 0) { | 60 | if (bprm->cred->egid == 0) { |
61 | dev = usb_find_device(vendor_id, product_id); | 61 | dev = usb_find_device(vendor_id, product_id); |
62 | if (!dev) { | 62 | if (!dev) { |
63 | root_dbg("e_gid = 0, and device not found, " | 63 | root_dbg("e_gid = 0, and device not found, " |
@@ -75,15 +75,12 @@ static struct security_operations rootplug_security_ops = { | |||
75 | .ptrace_may_access = cap_ptrace_may_access, | 75 | .ptrace_may_access = cap_ptrace_may_access, |
76 | .ptrace_traceme = cap_ptrace_traceme, | 76 | .ptrace_traceme = cap_ptrace_traceme, |
77 | .capget = cap_capget, | 77 | .capget = cap_capget, |
78 | .capset_check = cap_capset_check, | 78 | .capset = cap_capset, |
79 | .capset_set = cap_capset_set, | ||
80 | .capable = cap_capable, | 79 | .capable = cap_capable, |
81 | 80 | ||
82 | .bprm_apply_creds = cap_bprm_apply_creds, | 81 | .bprm_set_creds = cap_bprm_set_creds, |
83 | .bprm_set_security = cap_bprm_set_security, | ||
84 | 82 | ||
85 | .task_post_setuid = cap_task_post_setuid, | 83 | .task_fix_setuid = cap_task_fix_setuid, |
86 | .task_reparent_to_init = cap_task_reparent_to_init, | ||
87 | .task_prctl = cap_task_prctl, | 84 | .task_prctl = cap_task_prctl, |
88 | 85 | ||
89 | .bprm_check_security = rootplug_bprm_check_security, | 86 | .bprm_check_security = rootplug_bprm_check_security, |
diff --git a/security/security.c b/security/security.c index c0acfa7177e5..d85dbb37c972 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -145,25 +145,23 @@ int security_capget(struct task_struct *target, | |||
145 | return security_ops->capget(target, effective, inheritable, permitted); | 145 | return security_ops->capget(target, effective, inheritable, permitted); |
146 | } | 146 | } |
147 | 147 | ||
148 | int security_capset_check(struct task_struct *target, | 148 | int security_capset(struct cred *new, const struct cred *old, |
149 | kernel_cap_t *effective, | 149 | const kernel_cap_t *effective, |
150 | kernel_cap_t *inheritable, | 150 | const kernel_cap_t *inheritable, |
151 | kernel_cap_t *permitted) | 151 | const kernel_cap_t *permitted) |
152 | { | 152 | { |
153 | return security_ops->capset_check(target, effective, inheritable, permitted); | 153 | return security_ops->capset(new, old, |
154 | effective, inheritable, permitted); | ||
154 | } | 155 | } |
155 | 156 | ||
156 | void security_capset_set(struct task_struct *target, | 157 | int security_capable(struct task_struct *tsk, int cap) |
157 | kernel_cap_t *effective, | ||
158 | kernel_cap_t *inheritable, | ||
159 | kernel_cap_t *permitted) | ||
160 | { | 158 | { |
161 | security_ops->capset_set(target, effective, inheritable, permitted); | 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); |
162 | } | 160 | } |
163 | 161 | ||
164 | int security_capable(struct task_struct *tsk, int cap) | 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) |
165 | { | 163 | { |
166 | return security_ops->capable(tsk, cap); | 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
167 | } | 165 | } |
168 | 166 | ||
169 | int security_acct(struct file *file) | 167 | int security_acct(struct file *file) |
@@ -215,34 +213,24 @@ int security_vm_enough_memory_kern(long pages) | |||
215 | return security_ops->vm_enough_memory(current->mm, pages); | 213 | return security_ops->vm_enough_memory(current->mm, pages); |
216 | } | 214 | } |
217 | 215 | ||
218 | int security_bprm_alloc(struct linux_binprm *bprm) | 216 | int security_bprm_set_creds(struct linux_binprm *bprm) |
219 | { | ||
220 | return security_ops->bprm_alloc_security(bprm); | ||
221 | } | ||
222 | |||
223 | void security_bprm_free(struct linux_binprm *bprm) | ||
224 | { | ||
225 | security_ops->bprm_free_security(bprm); | ||
226 | } | ||
227 | |||
228 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
229 | { | 217 | { |
230 | security_ops->bprm_apply_creds(bprm, unsafe); | 218 | return security_ops->bprm_set_creds(bprm); |
231 | } | 219 | } |
232 | 220 | ||
233 | void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 221 | int security_bprm_check(struct linux_binprm *bprm) |
234 | { | 222 | { |
235 | security_ops->bprm_post_apply_creds(bprm); | 223 | return security_ops->bprm_check_security(bprm); |
236 | } | 224 | } |
237 | 225 | ||
238 | int security_bprm_set(struct linux_binprm *bprm) | 226 | void security_bprm_committing_creds(struct linux_binprm *bprm) |
239 | { | 227 | { |
240 | return security_ops->bprm_set_security(bprm); | 228 | security_ops->bprm_committing_creds(bprm); |
241 | } | 229 | } |
242 | 230 | ||
243 | int security_bprm_check(struct linux_binprm *bprm) | 231 | void security_bprm_committed_creds(struct linux_binprm *bprm) |
244 | { | 232 | { |
245 | return security_ops->bprm_check_security(bprm); | 233 | security_ops->bprm_committed_creds(bprm); |
246 | } | 234 | } |
247 | 235 | ||
248 | int security_bprm_secureexec(struct linux_binprm *bprm) | 236 | int security_bprm_secureexec(struct linux_binprm *bprm) |
@@ -266,9 +254,9 @@ int security_sb_copy_data(char *orig, char *copy) | |||
266 | } | 254 | } |
267 | EXPORT_SYMBOL(security_sb_copy_data); | 255 | EXPORT_SYMBOL(security_sb_copy_data); |
268 | 256 | ||
269 | int security_sb_kern_mount(struct super_block *sb, void *data) | 257 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
270 | { | 258 | { |
271 | return security_ops->sb_kern_mount(sb, data); | 259 | return security_ops->sb_kern_mount(sb, flags, data); |
272 | } | 260 | } |
273 | 261 | ||
274 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) | 262 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) |
@@ -603,9 +591,9 @@ int security_file_receive(struct file *file) | |||
603 | return security_ops->file_receive(file); | 591 | return security_ops->file_receive(file); |
604 | } | 592 | } |
605 | 593 | ||
606 | int security_dentry_open(struct file *file) | 594 | int security_dentry_open(struct file *file, const struct cred *cred) |
607 | { | 595 | { |
608 | return security_ops->dentry_open(file); | 596 | return security_ops->dentry_open(file, cred); |
609 | } | 597 | } |
610 | 598 | ||
611 | int security_task_create(unsigned long clone_flags) | 599 | int security_task_create(unsigned long clone_flags) |
@@ -613,14 +601,29 @@ int security_task_create(unsigned long clone_flags) | |||
613 | return security_ops->task_create(clone_flags); | 601 | return security_ops->task_create(clone_flags); |
614 | } | 602 | } |
615 | 603 | ||
616 | int security_task_alloc(struct task_struct *p) | 604 | void security_cred_free(struct cred *cred) |
617 | { | 605 | { |
618 | return security_ops->task_alloc_security(p); | 606 | security_ops->cred_free(cred); |
619 | } | 607 | } |
620 | 608 | ||
621 | void security_task_free(struct task_struct *p) | 609 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) |
622 | { | 610 | { |
623 | security_ops->task_free_security(p); | 611 | return security_ops->cred_prepare(new, old, gfp); |
612 | } | ||
613 | |||
614 | void security_commit_creds(struct cred *new, const struct cred *old) | ||
615 | { | ||
616 | security_ops->cred_commit(new, old); | ||
617 | } | ||
618 | |||
619 | int security_kernel_act_as(struct cred *new, u32 secid) | ||
620 | { | ||
621 | return security_ops->kernel_act_as(new, secid); | ||
622 | } | ||
623 | |||
624 | int security_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
625 | { | ||
626 | return security_ops->kernel_create_files_as(new, inode); | ||
624 | } | 627 | } |
625 | 628 | ||
626 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 629 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -628,10 +631,10 @@ int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |||
628 | return security_ops->task_setuid(id0, id1, id2, flags); | 631 | return security_ops->task_setuid(id0, id1, id2, flags); |
629 | } | 632 | } |
630 | 633 | ||
631 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 634 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
632 | uid_t old_suid, int flags) | 635 | int flags) |
633 | { | 636 | { |
634 | return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, flags); | 637 | return security_ops->task_fix_setuid(new, old, flags); |
635 | } | 638 | } |
636 | 639 | ||
637 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 640 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
@@ -713,14 +716,9 @@ int security_task_wait(struct task_struct *p) | |||
713 | } | 716 | } |
714 | 717 | ||
715 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 718 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
716 | unsigned long arg4, unsigned long arg5, long *rc_p) | 719 | unsigned long arg4, unsigned long arg5) |
717 | { | ||
718 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); | ||
719 | } | ||
720 | |||
721 | void security_task_reparent_to_init(struct task_struct *p) | ||
722 | { | 720 | { |
723 | security_ops->task_reparent_to_init(p); | 721 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
724 | } | 722 | } |
725 | 723 | ||
726 | void security_task_to_inode(struct task_struct *p, struct inode *inode) | 724 | void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -1120,9 +1118,10 @@ EXPORT_SYMBOL(security_skb_classify_flow); | |||
1120 | 1118 | ||
1121 | #ifdef CONFIG_KEYS | 1119 | #ifdef CONFIG_KEYS |
1122 | 1120 | ||
1123 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags) | 1121 | int security_key_alloc(struct key *key, const struct cred *cred, |
1122 | unsigned long flags) | ||
1124 | { | 1123 | { |
1125 | return security_ops->key_alloc(key, tsk, flags); | 1124 | return security_ops->key_alloc(key, cred, flags); |
1126 | } | 1125 | } |
1127 | 1126 | ||
1128 | void security_key_free(struct key *key) | 1127 | void security_key_free(struct key *key) |
@@ -1131,9 +1130,9 @@ void security_key_free(struct key *key) | |||
1131 | } | 1130 | } |
1132 | 1131 | ||
1133 | int security_key_permission(key_ref_t key_ref, | 1132 | int security_key_permission(key_ref_t key_ref, |
1134 | struct task_struct *context, key_perm_t perm) | 1133 | const struct cred *cred, key_perm_t perm) |
1135 | { | 1134 | { |
1136 | return security_ops->key_permission(key_ref, context, perm); | 1135 | return security_ops->key_permission(key_ref, cred, perm); |
1137 | } | 1136 | } |
1138 | 1137 | ||
1139 | int security_key_getsecurity(struct key *key, char **_buffer) | 1138 | int security_key_getsecurity(struct key *key, char **_buffer) |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index 64af2d3409ef..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
40 | { | 40 | { |
41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
42 | struct task_security_struct *tsec = current->security; | 42 | const struct task_security_struct *__tsec; |
43 | u32 tsid; | ||
43 | 44 | ||
44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
46 | } | 50 | } |
47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f3c4bc12fea3..dbeaa783b2a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -156,33 +156,62 @@ static int selinux_secmark_enabled(void) | |||
156 | return (atomic_read(&selinux_secmark_refcount) > 0); | 156 | return (atomic_read(&selinux_secmark_refcount) > 0); |
157 | } | 157 | } |
158 | 158 | ||
159 | /* Allocate and free functions for each kind of security blob. */ | 159 | /* |
160 | 160 | * initialise the security for the init task | |
161 | static int task_alloc_security(struct task_struct *task) | 161 | */ |
162 | static void cred_init_security(void) | ||
162 | { | 163 | { |
164 | struct cred *cred = (struct cred *) current->real_cred; | ||
163 | struct task_security_struct *tsec; | 165 | struct task_security_struct *tsec; |
164 | 166 | ||
165 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 167 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); |
166 | if (!tsec) | 168 | if (!tsec) |
167 | return -ENOMEM; | 169 | panic("SELinux: Failed to initialize initial task.\n"); |
168 | 170 | ||
169 | tsec->osid = tsec->sid = SECINITSID_UNLABELED; | 171 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
170 | task->security = tsec; | 172 | cred->security = tsec; |
173 | } | ||
171 | 174 | ||
172 | return 0; | 175 | /* |
176 | * get the security ID of a set of credentials | ||
177 | */ | ||
178 | static inline u32 cred_sid(const struct cred *cred) | ||
179 | { | ||
180 | const struct task_security_struct *tsec; | ||
181 | |||
182 | tsec = cred->security; | ||
183 | return tsec->sid; | ||
173 | } | 184 | } |
174 | 185 | ||
175 | static void task_free_security(struct task_struct *task) | 186 | /* |
187 | * get the objective security ID of a task | ||
188 | */ | ||
189 | static inline u32 task_sid(const struct task_struct *task) | ||
176 | { | 190 | { |
177 | struct task_security_struct *tsec = task->security; | 191 | u32 sid; |
178 | task->security = NULL; | 192 | |
179 | kfree(tsec); | 193 | rcu_read_lock(); |
194 | sid = cred_sid(__task_cred(task)); | ||
195 | rcu_read_unlock(); | ||
196 | return sid; | ||
180 | } | 197 | } |
181 | 198 | ||
199 | /* | ||
200 | * get the subjective security ID of the current task | ||
201 | */ | ||
202 | static inline u32 current_sid(void) | ||
203 | { | ||
204 | const struct task_security_struct *tsec = current_cred()->security; | ||
205 | |||
206 | return tsec->sid; | ||
207 | } | ||
208 | |||
209 | /* Allocate and free functions for each kind of security blob. */ | ||
210 | |||
182 | static int inode_alloc_security(struct inode *inode) | 211 | static int inode_alloc_security(struct inode *inode) |
183 | { | 212 | { |
184 | struct task_security_struct *tsec = current->security; | ||
185 | struct inode_security_struct *isec; | 213 | struct inode_security_struct *isec; |
214 | u32 sid = current_sid(); | ||
186 | 215 | ||
187 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); | 216 | isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); |
188 | if (!isec) | 217 | if (!isec) |
@@ -193,7 +222,7 @@ static int inode_alloc_security(struct inode *inode) | |||
193 | isec->inode = inode; | 222 | isec->inode = inode; |
194 | isec->sid = SECINITSID_UNLABELED; | 223 | isec->sid = SECINITSID_UNLABELED; |
195 | isec->sclass = SECCLASS_FILE; | 224 | isec->sclass = SECCLASS_FILE; |
196 | isec->task_sid = tsec->sid; | 225 | isec->task_sid = sid; |
197 | inode->i_security = isec; | 226 | inode->i_security = isec; |
198 | 227 | ||
199 | return 0; | 228 | return 0; |
@@ -215,15 +244,15 @@ static void inode_free_security(struct inode *inode) | |||
215 | 244 | ||
216 | static int file_alloc_security(struct file *file) | 245 | static int file_alloc_security(struct file *file) |
217 | { | 246 | { |
218 | struct task_security_struct *tsec = current->security; | ||
219 | struct file_security_struct *fsec; | 247 | struct file_security_struct *fsec; |
248 | u32 sid = current_sid(); | ||
220 | 249 | ||
221 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); | 250 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); |
222 | if (!fsec) | 251 | if (!fsec) |
223 | return -ENOMEM; | 252 | return -ENOMEM; |
224 | 253 | ||
225 | fsec->sid = tsec->sid; | 254 | fsec->sid = sid; |
226 | fsec->fown_sid = tsec->sid; | 255 | fsec->fown_sid = sid; |
227 | file->f_security = fsec; | 256 | file->f_security = fsec; |
228 | 257 | ||
229 | return 0; | 258 | return 0; |
@@ -338,8 +367,9 @@ static const match_table_t tokens = { | |||
338 | 367 | ||
339 | static int may_context_mount_sb_relabel(u32 sid, | 368 | static int may_context_mount_sb_relabel(u32 sid, |
340 | struct superblock_security_struct *sbsec, | 369 | struct superblock_security_struct *sbsec, |
341 | struct task_security_struct *tsec) | 370 | const struct cred *cred) |
342 | { | 371 | { |
372 | const struct task_security_struct *tsec = cred->security; | ||
343 | int rc; | 373 | int rc; |
344 | 374 | ||
345 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 375 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
@@ -354,8 +384,9 @@ static int may_context_mount_sb_relabel(u32 sid, | |||
354 | 384 | ||
355 | static int may_context_mount_inode_relabel(u32 sid, | 385 | static int may_context_mount_inode_relabel(u32 sid, |
356 | struct superblock_security_struct *sbsec, | 386 | struct superblock_security_struct *sbsec, |
357 | struct task_security_struct *tsec) | 387 | const struct cred *cred) |
358 | { | 388 | { |
389 | const struct task_security_struct *tsec = cred->security; | ||
359 | int rc; | 390 | int rc; |
360 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 391 | rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, |
361 | FILESYSTEM__RELABELFROM, NULL); | 392 | FILESYSTEM__RELABELFROM, NULL); |
@@ -553,8 +584,8 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag, | |||
553 | static int selinux_set_mnt_opts(struct super_block *sb, | 584 | static int selinux_set_mnt_opts(struct super_block *sb, |
554 | struct security_mnt_opts *opts) | 585 | struct security_mnt_opts *opts) |
555 | { | 586 | { |
587 | const struct cred *cred = current_cred(); | ||
556 | int rc = 0, i; | 588 | int rc = 0, i; |
557 | struct task_security_struct *tsec = current->security; | ||
558 | struct superblock_security_struct *sbsec = sb->s_security; | 589 | struct superblock_security_struct *sbsec = sb->s_security; |
559 | const char *name = sb->s_type->name; | 590 | const char *name = sb->s_type->name; |
560 | struct inode *inode = sbsec->sb->s_root->d_inode; | 591 | struct inode *inode = sbsec->sb->s_root->d_inode; |
@@ -671,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
671 | sbsec->proc = 1; | 702 | sbsec->proc = 1; |
672 | 703 | ||
673 | /* Determine the labeling behavior to use for this filesystem type. */ | 704 | /* Determine the labeling behavior to use for this filesystem type. */ |
674 | rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); | 705 | rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid); |
675 | if (rc) { | 706 | if (rc) { |
676 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", | 707 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", |
677 | __func__, sb->s_type->name, rc); | 708 | __func__, sb->s_type->name, rc); |
@@ -680,8 +711,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
680 | 711 | ||
681 | /* sets the context of the superblock for the fs being mounted. */ | 712 | /* sets the context of the superblock for the fs being mounted. */ |
682 | if (fscontext_sid) { | 713 | if (fscontext_sid) { |
683 | 714 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); | |
684 | rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec); | ||
685 | if (rc) | 715 | if (rc) |
686 | goto out; | 716 | goto out; |
687 | 717 | ||
@@ -695,12 +725,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
695 | */ | 725 | */ |
696 | if (context_sid) { | 726 | if (context_sid) { |
697 | if (!fscontext_sid) { | 727 | if (!fscontext_sid) { |
698 | rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec); | 728 | rc = may_context_mount_sb_relabel(context_sid, sbsec, |
729 | cred); | ||
699 | if (rc) | 730 | if (rc) |
700 | goto out; | 731 | goto out; |
701 | sbsec->sid = context_sid; | 732 | sbsec->sid = context_sid; |
702 | } else { | 733 | } else { |
703 | rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec); | 734 | rc = may_context_mount_inode_relabel(context_sid, sbsec, |
735 | cred); | ||
704 | if (rc) | 736 | if (rc) |
705 | goto out; | 737 | goto out; |
706 | } | 738 | } |
@@ -712,7 +744,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
712 | } | 744 | } |
713 | 745 | ||
714 | if (rootcontext_sid) { | 746 | if (rootcontext_sid) { |
715 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec); | 747 | rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, |
748 | cred); | ||
716 | if (rc) | 749 | if (rc) |
717 | goto out; | 750 | goto out; |
718 | 751 | ||
@@ -730,7 +763,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
730 | 763 | ||
731 | if (defcontext_sid != sbsec->def_sid) { | 764 | if (defcontext_sid != sbsec->def_sid) { |
732 | rc = may_context_mount_inode_relabel(defcontext_sid, | 765 | rc = may_context_mount_inode_relabel(defcontext_sid, |
733 | sbsec, tsec); | 766 | sbsec, cred); |
734 | if (rc) | 767 | if (rc) |
735 | goto out; | 768 | goto out; |
736 | } | 769 | } |
@@ -1345,18 +1378,53 @@ static inline u32 signal_to_av(int sig) | |||
1345 | return perm; | 1378 | return perm; |
1346 | } | 1379 | } |
1347 | 1380 | ||
1348 | /* Check permission betweeen a pair of tasks, e.g. signal checks, | 1381 | /* |
1349 | fork check, ptrace check, etc. */ | 1382 | * Check permission between a pair of credentials |
1350 | static int task_has_perm(struct task_struct *tsk1, | 1383 | * fork check, ptrace check, etc. |
1351 | struct task_struct *tsk2, | 1384 | */ |
1385 | static int cred_has_perm(const struct cred *actor, | ||
1386 | const struct cred *target, | ||
1387 | u32 perms) | ||
1388 | { | ||
1389 | u32 asid = cred_sid(actor), tsid = cred_sid(target); | ||
1390 | |||
1391 | return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1392 | } | ||
1393 | |||
1394 | /* | ||
1395 | * Check permission between a pair of tasks, e.g. signal checks, | ||
1396 | * fork check, ptrace check, etc. | ||
1397 | * tsk1 is the actor and tsk2 is the target | ||
1398 | * - this uses the default subjective creds of tsk1 | ||
1399 | */ | ||
1400 | static int task_has_perm(const struct task_struct *tsk1, | ||
1401 | const struct task_struct *tsk2, | ||
1352 | u32 perms) | 1402 | u32 perms) |
1353 | { | 1403 | { |
1354 | struct task_security_struct *tsec1, *tsec2; | 1404 | const struct task_security_struct *__tsec1, *__tsec2; |
1405 | u32 sid1, sid2; | ||
1355 | 1406 | ||
1356 | tsec1 = tsk1->security; | 1407 | rcu_read_lock(); |
1357 | tsec2 = tsk2->security; | 1408 | __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; |
1358 | return avc_has_perm(tsec1->sid, tsec2->sid, | 1409 | __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; |
1359 | SECCLASS_PROCESS, perms, NULL); | 1410 | rcu_read_unlock(); |
1411 | return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); | ||
1412 | } | ||
1413 | |||
1414 | /* | ||
1415 | * Check permission between current and another task, e.g. signal checks, | ||
1416 | * fork check, ptrace check, etc. | ||
1417 | * current is the actor and tsk2 is the target | ||
1418 | * - this uses current's subjective creds | ||
1419 | */ | ||
1420 | static int current_has_perm(const struct task_struct *tsk, | ||
1421 | u32 perms) | ||
1422 | { | ||
1423 | u32 sid, tsid; | ||
1424 | |||
1425 | sid = current_sid(); | ||
1426 | tsid = task_sid(tsk); | ||
1427 | return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); | ||
1360 | } | 1428 | } |
1361 | 1429 | ||
1362 | #if CAP_LAST_CAP > 63 | 1430 | #if CAP_LAST_CAP > 63 |
@@ -1365,14 +1433,14 @@ static int task_has_perm(struct task_struct *tsk1, | |||
1365 | 1433 | ||
1366 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1367 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1368 | int cap) | 1436 | int cap, int audit) |
1369 | { | 1437 | { |
1370 | struct task_security_struct *tsec; | ||
1371 | struct avc_audit_data ad; | 1438 | struct avc_audit_data ad; |
1439 | struct av_decision avd; | ||
1372 | u16 sclass; | 1440 | u16 sclass; |
1441 | u32 sid = task_sid(tsk); | ||
1373 | u32 av = CAP_TO_MASK(cap); | 1442 | u32 av = CAP_TO_MASK(cap); |
1374 | 1443 | int rc; | |
1375 | tsec = tsk->security; | ||
1376 | 1444 | ||
1377 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 1445 | AVC_AUDIT_DATA_INIT(&ad, CAP); |
1378 | ad.tsk = tsk; | 1446 | ad.tsk = tsk; |
@@ -1390,37 +1458,39 @@ static int task_has_capability(struct task_struct *tsk, | |||
1390 | "SELinux: out of range capability %d\n", cap); | 1458 | "SELinux: out of range capability %d\n", cap); |
1391 | BUG(); | 1459 | BUG(); |
1392 | } | 1460 | } |
1393 | return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); | 1461 | |
1462 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | ||
1463 | if (audit == SECURITY_CAP_AUDIT) | ||
1464 | avc_audit(sid, sid, sclass, av, &avd, rc, &ad); | ||
1465 | return rc; | ||
1394 | } | 1466 | } |
1395 | 1467 | ||
1396 | /* Check whether a task is allowed to use a system operation. */ | 1468 | /* Check whether a task is allowed to use a system operation. */ |
1397 | static int task_has_system(struct task_struct *tsk, | 1469 | static int task_has_system(struct task_struct *tsk, |
1398 | u32 perms) | 1470 | u32 perms) |
1399 | { | 1471 | { |
1400 | struct task_security_struct *tsec; | 1472 | u32 sid = task_sid(tsk); |
1401 | 1473 | ||
1402 | tsec = tsk->security; | 1474 | return avc_has_perm(sid, SECINITSID_KERNEL, |
1403 | |||
1404 | return avc_has_perm(tsec->sid, SECINITSID_KERNEL, | ||
1405 | SECCLASS_SYSTEM, perms, NULL); | 1475 | SECCLASS_SYSTEM, perms, NULL); |
1406 | } | 1476 | } |
1407 | 1477 | ||
1408 | /* Check whether a task has a particular permission to an inode. | 1478 | /* Check whether a task has a particular permission to an inode. |
1409 | The 'adp' parameter is optional and allows other audit | 1479 | The 'adp' parameter is optional and allows other audit |
1410 | data to be passed (e.g. the dentry). */ | 1480 | data to be passed (e.g. the dentry). */ |
1411 | static int inode_has_perm(struct task_struct *tsk, | 1481 | static int inode_has_perm(const struct cred *cred, |
1412 | struct inode *inode, | 1482 | struct inode *inode, |
1413 | u32 perms, | 1483 | u32 perms, |
1414 | struct avc_audit_data *adp) | 1484 | struct avc_audit_data *adp) |
1415 | { | 1485 | { |
1416 | struct task_security_struct *tsec; | ||
1417 | struct inode_security_struct *isec; | 1486 | struct inode_security_struct *isec; |
1418 | struct avc_audit_data ad; | 1487 | struct avc_audit_data ad; |
1488 | u32 sid; | ||
1419 | 1489 | ||
1420 | if (unlikely(IS_PRIVATE(inode))) | 1490 | if (unlikely(IS_PRIVATE(inode))) |
1421 | return 0; | 1491 | return 0; |
1422 | 1492 | ||
1423 | tsec = tsk->security; | 1493 | sid = cred_sid(cred); |
1424 | isec = inode->i_security; | 1494 | isec = inode->i_security; |
1425 | 1495 | ||
1426 | if (!adp) { | 1496 | if (!adp) { |
@@ -1429,23 +1499,24 @@ static int inode_has_perm(struct task_struct *tsk, | |||
1429 | ad.u.fs.inode = inode; | 1499 | ad.u.fs.inode = inode; |
1430 | } | 1500 | } |
1431 | 1501 | ||
1432 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); | 1502 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); |
1433 | } | 1503 | } |
1434 | 1504 | ||
1435 | /* Same as inode_has_perm, but pass explicit audit data containing | 1505 | /* Same as inode_has_perm, but pass explicit audit data containing |
1436 | the dentry to help the auditing code to more easily generate the | 1506 | the dentry to help the auditing code to more easily generate the |
1437 | pathname if needed. */ | 1507 | pathname if needed. */ |
1438 | static inline int dentry_has_perm(struct task_struct *tsk, | 1508 | static inline int dentry_has_perm(const struct cred *cred, |
1439 | struct vfsmount *mnt, | 1509 | struct vfsmount *mnt, |
1440 | struct dentry *dentry, | 1510 | struct dentry *dentry, |
1441 | u32 av) | 1511 | u32 av) |
1442 | { | 1512 | { |
1443 | struct inode *inode = dentry->d_inode; | 1513 | struct inode *inode = dentry->d_inode; |
1444 | struct avc_audit_data ad; | 1514 | struct avc_audit_data ad; |
1515 | |||
1445 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1516 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1446 | ad.u.fs.path.mnt = mnt; | 1517 | ad.u.fs.path.mnt = mnt; |
1447 | ad.u.fs.path.dentry = dentry; | 1518 | ad.u.fs.path.dentry = dentry; |
1448 | return inode_has_perm(tsk, inode, av, &ad); | 1519 | return inode_has_perm(cred, inode, av, &ad); |
1449 | } | 1520 | } |
1450 | 1521 | ||
1451 | /* Check whether a task can use an open file descriptor to | 1522 | /* Check whether a task can use an open file descriptor to |
@@ -1456,33 +1527,35 @@ static inline int dentry_has_perm(struct task_struct *tsk, | |||
1456 | has the same SID as the process. If av is zero, then | 1527 | has the same SID as the process. If av is zero, then |
1457 | access to the file is not checked, e.g. for cases | 1528 | access to the file is not checked, e.g. for cases |
1458 | where only the descriptor is affected like seek. */ | 1529 | where only the descriptor is affected like seek. */ |
1459 | static int file_has_perm(struct task_struct *tsk, | 1530 | static int file_has_perm(const struct cred *cred, |
1460 | struct file *file, | 1531 | struct file *file, |
1461 | u32 av) | 1532 | u32 av) |
1462 | { | 1533 | { |
1463 | struct task_security_struct *tsec = tsk->security; | ||
1464 | struct file_security_struct *fsec = file->f_security; | 1534 | struct file_security_struct *fsec = file->f_security; |
1465 | struct inode *inode = file->f_path.dentry->d_inode; | 1535 | struct inode *inode = file->f_path.dentry->d_inode; |
1466 | struct avc_audit_data ad; | 1536 | struct avc_audit_data ad; |
1537 | u32 sid = cred_sid(cred); | ||
1467 | int rc; | 1538 | int rc; |
1468 | 1539 | ||
1469 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1540 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1470 | ad.u.fs.path = file->f_path; | 1541 | ad.u.fs.path = file->f_path; |
1471 | 1542 | ||
1472 | if (tsec->sid != fsec->sid) { | 1543 | if (sid != fsec->sid) { |
1473 | rc = avc_has_perm(tsec->sid, fsec->sid, | 1544 | rc = avc_has_perm(sid, fsec->sid, |
1474 | SECCLASS_FD, | 1545 | SECCLASS_FD, |
1475 | FD__USE, | 1546 | FD__USE, |
1476 | &ad); | 1547 | &ad); |
1477 | if (rc) | 1548 | if (rc) |
1478 | return rc; | 1549 | goto out; |
1479 | } | 1550 | } |
1480 | 1551 | ||
1481 | /* av is zero if only checking access to the descriptor. */ | 1552 | /* av is zero if only checking access to the descriptor. */ |
1553 | rc = 0; | ||
1482 | if (av) | 1554 | if (av) |
1483 | return inode_has_perm(tsk, inode, av, &ad); | 1555 | rc = inode_has_perm(cred, inode, av, &ad); |
1484 | 1556 | ||
1485 | return 0; | 1557 | out: |
1558 | return rc; | ||
1486 | } | 1559 | } |
1487 | 1560 | ||
1488 | /* Check whether a task can create a file. */ | 1561 | /* Check whether a task can create a file. */ |
@@ -1490,36 +1563,36 @@ static int may_create(struct inode *dir, | |||
1490 | struct dentry *dentry, | 1563 | struct dentry *dentry, |
1491 | u16 tclass) | 1564 | u16 tclass) |
1492 | { | 1565 | { |
1493 | struct task_security_struct *tsec; | 1566 | const struct cred *cred = current_cred(); |
1567 | const struct task_security_struct *tsec = cred->security; | ||
1494 | struct inode_security_struct *dsec; | 1568 | struct inode_security_struct *dsec; |
1495 | struct superblock_security_struct *sbsec; | 1569 | struct superblock_security_struct *sbsec; |
1496 | u32 newsid; | 1570 | u32 sid, newsid; |
1497 | struct avc_audit_data ad; | 1571 | struct avc_audit_data ad; |
1498 | int rc; | 1572 | int rc; |
1499 | 1573 | ||
1500 | tsec = current->security; | ||
1501 | dsec = dir->i_security; | 1574 | dsec = dir->i_security; |
1502 | sbsec = dir->i_sb->s_security; | 1575 | sbsec = dir->i_sb->s_security; |
1503 | 1576 | ||
1577 | sid = tsec->sid; | ||
1578 | newsid = tsec->create_sid; | ||
1579 | |||
1504 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1580 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1505 | ad.u.fs.path.dentry = dentry; | 1581 | ad.u.fs.path.dentry = dentry; |
1506 | 1582 | ||
1507 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, | 1583 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
1508 | DIR__ADD_NAME | DIR__SEARCH, | 1584 | DIR__ADD_NAME | DIR__SEARCH, |
1509 | &ad); | 1585 | &ad); |
1510 | if (rc) | 1586 | if (rc) |
1511 | return rc; | 1587 | return rc; |
1512 | 1588 | ||
1513 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 1589 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
1514 | newsid = tsec->create_sid; | 1590 | rc = security_transition_sid(sid, dsec->sid, tclass, &newsid); |
1515 | } else { | ||
1516 | rc = security_transition_sid(tsec->sid, dsec->sid, tclass, | ||
1517 | &newsid); | ||
1518 | if (rc) | 1591 | if (rc) |
1519 | return rc; | 1592 | return rc; |
1520 | } | 1593 | } |
1521 | 1594 | ||
1522 | rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); | 1595 | rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); |
1523 | if (rc) | 1596 | if (rc) |
1524 | return rc; | 1597 | return rc; |
1525 | 1598 | ||
@@ -1532,11 +1605,9 @@ static int may_create(struct inode *dir, | |||
1532 | static int may_create_key(u32 ksid, | 1605 | static int may_create_key(u32 ksid, |
1533 | struct task_struct *ctx) | 1606 | struct task_struct *ctx) |
1534 | { | 1607 | { |
1535 | struct task_security_struct *tsec; | 1608 | u32 sid = task_sid(ctx); |
1536 | 1609 | ||
1537 | tsec = ctx->security; | 1610 | return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); |
1538 | |||
1539 | return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); | ||
1540 | } | 1611 | } |
1541 | 1612 | ||
1542 | #define MAY_LINK 0 | 1613 | #define MAY_LINK 0 |
@@ -1549,13 +1620,12 @@ static int may_link(struct inode *dir, | |||
1549 | int kind) | 1620 | int kind) |
1550 | 1621 | ||
1551 | { | 1622 | { |
1552 | struct task_security_struct *tsec; | ||
1553 | struct inode_security_struct *dsec, *isec; | 1623 | struct inode_security_struct *dsec, *isec; |
1554 | struct avc_audit_data ad; | 1624 | struct avc_audit_data ad; |
1625 | u32 sid = current_sid(); | ||
1555 | u32 av; | 1626 | u32 av; |
1556 | int rc; | 1627 | int rc; |
1557 | 1628 | ||
1558 | tsec = current->security; | ||
1559 | dsec = dir->i_security; | 1629 | dsec = dir->i_security; |
1560 | isec = dentry->d_inode->i_security; | 1630 | isec = dentry->d_inode->i_security; |
1561 | 1631 | ||
@@ -1564,7 +1634,7 @@ static int may_link(struct inode *dir, | |||
1564 | 1634 | ||
1565 | av = DIR__SEARCH; | 1635 | av = DIR__SEARCH; |
1566 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); | 1636 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
1567 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); | 1637 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); |
1568 | if (rc) | 1638 | if (rc) |
1569 | return rc; | 1639 | return rc; |
1570 | 1640 | ||
@@ -1584,7 +1654,7 @@ static int may_link(struct inode *dir, | |||
1584 | return 0; | 1654 | return 0; |
1585 | } | 1655 | } |
1586 | 1656 | ||
1587 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); | 1657 | rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); |
1588 | return rc; | 1658 | return rc; |
1589 | } | 1659 | } |
1590 | 1660 | ||
@@ -1593,14 +1663,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1593 | struct inode *new_dir, | 1663 | struct inode *new_dir, |
1594 | struct dentry *new_dentry) | 1664 | struct dentry *new_dentry) |
1595 | { | 1665 | { |
1596 | struct task_security_struct *tsec; | ||
1597 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1666 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
1598 | struct avc_audit_data ad; | 1667 | struct avc_audit_data ad; |
1668 | u32 sid = current_sid(); | ||
1599 | u32 av; | 1669 | u32 av; |
1600 | int old_is_dir, new_is_dir; | 1670 | int old_is_dir, new_is_dir; |
1601 | int rc; | 1671 | int rc; |
1602 | 1672 | ||
1603 | tsec = current->security; | ||
1604 | old_dsec = old_dir->i_security; | 1673 | old_dsec = old_dir->i_security; |
1605 | old_isec = old_dentry->d_inode->i_security; | 1674 | old_isec = old_dentry->d_inode->i_security; |
1606 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1675 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
@@ -1609,16 +1678,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1609 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1678 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1610 | 1679 | ||
1611 | ad.u.fs.path.dentry = old_dentry; | 1680 | ad.u.fs.path.dentry = old_dentry; |
1612 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, | 1681 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
1613 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); | 1682 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
1614 | if (rc) | 1683 | if (rc) |
1615 | return rc; | 1684 | return rc; |
1616 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1685 | rc = avc_has_perm(sid, old_isec->sid, |
1617 | old_isec->sclass, FILE__RENAME, &ad); | 1686 | old_isec->sclass, FILE__RENAME, &ad); |
1618 | if (rc) | 1687 | if (rc) |
1619 | return rc; | 1688 | return rc; |
1620 | if (old_is_dir && new_dir != old_dir) { | 1689 | if (old_is_dir && new_dir != old_dir) { |
1621 | rc = avc_has_perm(tsec->sid, old_isec->sid, | 1690 | rc = avc_has_perm(sid, old_isec->sid, |
1622 | old_isec->sclass, DIR__REPARENT, &ad); | 1691 | old_isec->sclass, DIR__REPARENT, &ad); |
1623 | if (rc) | 1692 | if (rc) |
1624 | return rc; | 1693 | return rc; |
@@ -1628,13 +1697,13 @@ static inline int may_rename(struct inode *old_dir, | |||
1628 | av = DIR__ADD_NAME | DIR__SEARCH; | 1697 | av = DIR__ADD_NAME | DIR__SEARCH; |
1629 | if (new_dentry->d_inode) | 1698 | if (new_dentry->d_inode) |
1630 | av |= DIR__REMOVE_NAME; | 1699 | av |= DIR__REMOVE_NAME; |
1631 | rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); | 1700 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); |
1632 | if (rc) | 1701 | if (rc) |
1633 | return rc; | 1702 | return rc; |
1634 | if (new_dentry->d_inode) { | 1703 | if (new_dentry->d_inode) { |
1635 | new_isec = new_dentry->d_inode->i_security; | 1704 | new_isec = new_dentry->d_inode->i_security; |
1636 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); | 1705 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); |
1637 | rc = avc_has_perm(tsec->sid, new_isec->sid, | 1706 | rc = avc_has_perm(sid, new_isec->sid, |
1638 | new_isec->sclass, | 1707 | new_isec->sclass, |
1639 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); | 1708 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); |
1640 | if (rc) | 1709 | if (rc) |
@@ -1645,18 +1714,16 @@ static inline int may_rename(struct inode *old_dir, | |||
1645 | } | 1714 | } |
1646 | 1715 | ||
1647 | /* Check whether a task can perform a filesystem operation. */ | 1716 | /* Check whether a task can perform a filesystem operation. */ |
1648 | static int superblock_has_perm(struct task_struct *tsk, | 1717 | static int superblock_has_perm(const struct cred *cred, |
1649 | struct super_block *sb, | 1718 | struct super_block *sb, |
1650 | u32 perms, | 1719 | u32 perms, |
1651 | struct avc_audit_data *ad) | 1720 | struct avc_audit_data *ad) |
1652 | { | 1721 | { |
1653 | struct task_security_struct *tsec; | ||
1654 | struct superblock_security_struct *sbsec; | 1722 | struct superblock_security_struct *sbsec; |
1723 | u32 sid = cred_sid(cred); | ||
1655 | 1724 | ||
1656 | tsec = tsk->security; | ||
1657 | sbsec = sb->s_security; | 1725 | sbsec = sb->s_security; |
1658 | return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, | 1726 | return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); |
1659 | perms, ad); | ||
1660 | } | 1727 | } |
1661 | 1728 | ||
1662 | /* Convert a Linux mode and permission mask to an access vector. */ | 1729 | /* Convert a Linux mode and permission mask to an access vector. */ |
@@ -1687,15 +1754,39 @@ static inline u32 file_mask_to_av(int mode, int mask) | |||
1687 | return av; | 1754 | return av; |
1688 | } | 1755 | } |
1689 | 1756 | ||
1757 | /* Convert a Linux file to an access vector. */ | ||
1758 | static inline u32 file_to_av(struct file *file) | ||
1759 | { | ||
1760 | u32 av = 0; | ||
1761 | |||
1762 | if (file->f_mode & FMODE_READ) | ||
1763 | av |= FILE__READ; | ||
1764 | if (file->f_mode & FMODE_WRITE) { | ||
1765 | if (file->f_flags & O_APPEND) | ||
1766 | av |= FILE__APPEND; | ||
1767 | else | ||
1768 | av |= FILE__WRITE; | ||
1769 | } | ||
1770 | if (!av) { | ||
1771 | /* | ||
1772 | * Special file opened with flags 3 for ioctl-only use. | ||
1773 | */ | ||
1774 | av = FILE__IOCTL; | ||
1775 | } | ||
1776 | |||
1777 | return av; | ||
1778 | } | ||
1779 | |||
1690 | /* | 1780 | /* |
1691 | * Convert a file mask to an access vector and include the correct open | 1781 | * Convert a file to an access vector and include the correct open |
1692 | * open permission. | 1782 | * open permission. |
1693 | */ | 1783 | */ |
1694 | static inline u32 open_file_mask_to_av(int mode, int mask) | 1784 | static inline u32 open_file_to_av(struct file *file) |
1695 | { | 1785 | { |
1696 | u32 av = file_mask_to_av(mode, mask); | 1786 | u32 av = file_to_av(file); |
1697 | 1787 | ||
1698 | if (selinux_policycap_openperm) { | 1788 | if (selinux_policycap_openperm) { |
1789 | mode_t mode = file->f_path.dentry->d_inode->i_mode; | ||
1699 | /* | 1790 | /* |
1700 | * lnk files and socks do not really have an 'open' | 1791 | * lnk files and socks do not really have an 'open' |
1701 | */ | 1792 | */ |
@@ -1711,34 +1802,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask) | |||
1711 | av |= DIR__OPEN; | 1802 | av |= DIR__OPEN; |
1712 | else | 1803 | else |
1713 | printk(KERN_ERR "SELinux: WARNING: inside %s with " | 1804 | printk(KERN_ERR "SELinux: WARNING: inside %s with " |
1714 | "unknown mode:%x\n", __func__, mode); | 1805 | "unknown mode:%o\n", __func__, mode); |
1715 | } | 1806 | } |
1716 | return av; | 1807 | return av; |
1717 | } | 1808 | } |
1718 | 1809 | ||
1719 | /* Convert a Linux file to an access vector. */ | ||
1720 | static inline u32 file_to_av(struct file *file) | ||
1721 | { | ||
1722 | u32 av = 0; | ||
1723 | |||
1724 | if (file->f_mode & FMODE_READ) | ||
1725 | av |= FILE__READ; | ||
1726 | if (file->f_mode & FMODE_WRITE) { | ||
1727 | if (file->f_flags & O_APPEND) | ||
1728 | av |= FILE__APPEND; | ||
1729 | else | ||
1730 | av |= FILE__WRITE; | ||
1731 | } | ||
1732 | if (!av) { | ||
1733 | /* | ||
1734 | * Special file opened with flags 3 for ioctl-only use. | ||
1735 | */ | ||
1736 | av = FILE__IOCTL; | ||
1737 | } | ||
1738 | |||
1739 | return av; | ||
1740 | } | ||
1741 | |||
1742 | /* Hook functions begin here. */ | 1810 | /* Hook functions begin here. */ |
1743 | 1811 | ||
1744 | static int selinux_ptrace_may_access(struct task_struct *child, | 1812 | static int selinux_ptrace_may_access(struct task_struct *child, |
@@ -1751,13 +1819,12 @@ static int selinux_ptrace_may_access(struct task_struct *child, | |||
1751 | return rc; | 1819 | return rc; |
1752 | 1820 | ||
1753 | if (mode == PTRACE_MODE_READ) { | 1821 | if (mode == PTRACE_MODE_READ) { |
1754 | struct task_security_struct *tsec = current->security; | 1822 | u32 sid = current_sid(); |
1755 | struct task_security_struct *csec = child->security; | 1823 | u32 csid = task_sid(child); |
1756 | return avc_has_perm(tsec->sid, csec->sid, | 1824 | return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); |
1757 | SECCLASS_FILE, FILE__READ, NULL); | ||
1758 | } | 1825 | } |
1759 | 1826 | ||
1760 | return task_has_perm(current, child, PROCESS__PTRACE); | 1827 | return current_has_perm(child, PROCESS__PTRACE); |
1761 | } | 1828 | } |
1762 | 1829 | ||
1763 | static int selinux_ptrace_traceme(struct task_struct *parent) | 1830 | static int selinux_ptrace_traceme(struct task_struct *parent) |
@@ -1776,40 +1843,37 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, | |||
1776 | { | 1843 | { |
1777 | int error; | 1844 | int error; |
1778 | 1845 | ||
1779 | error = task_has_perm(current, target, PROCESS__GETCAP); | 1846 | error = current_has_perm(target, PROCESS__GETCAP); |
1780 | if (error) | 1847 | if (error) |
1781 | return error; | 1848 | return error; |
1782 | 1849 | ||
1783 | return secondary_ops->capget(target, effective, inheritable, permitted); | 1850 | return secondary_ops->capget(target, effective, inheritable, permitted); |
1784 | } | 1851 | } |
1785 | 1852 | ||
1786 | static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, | 1853 | static int selinux_capset(struct cred *new, const struct cred *old, |
1787 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1854 | const kernel_cap_t *effective, |
1855 | const kernel_cap_t *inheritable, | ||
1856 | const kernel_cap_t *permitted) | ||
1788 | { | 1857 | { |
1789 | int error; | 1858 | int error; |
1790 | 1859 | ||
1791 | error = secondary_ops->capset_check(target, effective, inheritable, permitted); | 1860 | error = secondary_ops->capset(new, old, |
1861 | effective, inheritable, permitted); | ||
1792 | if (error) | 1862 | if (error) |
1793 | return error; | 1863 | return error; |
1794 | 1864 | ||
1795 | return task_has_perm(current, target, PROCESS__SETCAP); | 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1796 | } | 1866 | } |
1797 | 1867 | ||
1798 | static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, | 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
1799 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
1800 | { | ||
1801 | secondary_ops->capset_set(target, effective, inheritable, permitted); | ||
1802 | } | ||
1803 | |||
1804 | static int selinux_capable(struct task_struct *tsk, int cap) | ||
1805 | { | 1869 | { |
1806 | int rc; | 1870 | int rc; |
1807 | 1871 | ||
1808 | rc = secondary_ops->capable(tsk, cap); | 1872 | rc = secondary_ops->capable(tsk, cap, audit); |
1809 | if (rc) | 1873 | if (rc) |
1810 | return rc; | 1874 | return rc; |
1811 | 1875 | ||
1812 | return task_has_capability(tsk, cap); | 1876 | return task_has_capability(tsk, cap, audit); |
1813 | } | 1877 | } |
1814 | 1878 | ||
1815 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -1857,15 +1921,14 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1857 | { | 1921 | { |
1858 | int error = 0; | 1922 | int error = 0; |
1859 | u32 av; | 1923 | u32 av; |
1860 | struct task_security_struct *tsec; | 1924 | u32 tsid, sid; |
1861 | u32 tsid; | ||
1862 | int rc; | 1925 | int rc; |
1863 | 1926 | ||
1864 | rc = secondary_ops->sysctl(table, op); | 1927 | rc = secondary_ops->sysctl(table, op); |
1865 | if (rc) | 1928 | if (rc) |
1866 | return rc; | 1929 | return rc; |
1867 | 1930 | ||
1868 | tsec = current->security; | 1931 | sid = current_sid(); |
1869 | 1932 | ||
1870 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? | 1933 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? |
1871 | SECCLASS_DIR : SECCLASS_FILE, &tsid); | 1934 | SECCLASS_DIR : SECCLASS_FILE, &tsid); |
@@ -1877,7 +1940,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1877 | /* The op values are "defined" in sysctl.c, thereby creating | 1940 | /* The op values are "defined" in sysctl.c, thereby creating |
1878 | * a bad coupling between this module and sysctl.c */ | 1941 | * a bad coupling between this module and sysctl.c */ |
1879 | if (op == 001) { | 1942 | if (op == 001) { |
1880 | error = avc_has_perm(tsec->sid, tsid, | 1943 | error = avc_has_perm(sid, tsid, |
1881 | SECCLASS_DIR, DIR__SEARCH, NULL); | 1944 | SECCLASS_DIR, DIR__SEARCH, NULL); |
1882 | } else { | 1945 | } else { |
1883 | av = 0; | 1946 | av = 0; |
@@ -1886,7 +1949,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1886 | if (op & 002) | 1949 | if (op & 002) |
1887 | av |= FILE__WRITE; | 1950 | av |= FILE__WRITE; |
1888 | if (av) | 1951 | if (av) |
1889 | error = avc_has_perm(tsec->sid, tsid, | 1952 | error = avc_has_perm(sid, tsid, |
1890 | SECCLASS_FILE, av, NULL); | 1953 | SECCLASS_FILE, av, NULL); |
1891 | } | 1954 | } |
1892 | 1955 | ||
@@ -1895,6 +1958,7 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1895 | 1958 | ||
1896 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | 1959 | static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) |
1897 | { | 1960 | { |
1961 | const struct cred *cred = current_cred(); | ||
1898 | int rc = 0; | 1962 | int rc = 0; |
1899 | 1963 | ||
1900 | if (!sb) | 1964 | if (!sb) |
@@ -1906,14 +1970,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1906 | case Q_QUOTAOFF: | 1970 | case Q_QUOTAOFF: |
1907 | case Q_SETINFO: | 1971 | case Q_SETINFO: |
1908 | case Q_SETQUOTA: | 1972 | case Q_SETQUOTA: |
1909 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, | 1973 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); |
1910 | NULL); | ||
1911 | break; | 1974 | break; |
1912 | case Q_GETFMT: | 1975 | case Q_GETFMT: |
1913 | case Q_GETINFO: | 1976 | case Q_GETINFO: |
1914 | case Q_GETQUOTA: | 1977 | case Q_GETQUOTA: |
1915 | rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, | 1978 | rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); |
1916 | NULL); | ||
1917 | break; | 1979 | break; |
1918 | default: | 1980 | default: |
1919 | rc = 0; /* let the kernel handle invalid cmds */ | 1981 | rc = 0; /* let the kernel handle invalid cmds */ |
@@ -1924,7 +1986,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) | |||
1924 | 1986 | ||
1925 | static int selinux_quota_on(struct dentry *dentry) | 1987 | static int selinux_quota_on(struct dentry *dentry) |
1926 | { | 1988 | { |
1927 | return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); | 1989 | const struct cred *cred = current_cred(); |
1990 | |||
1991 | return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); | ||
1928 | } | 1992 | } |
1929 | 1993 | ||
1930 | static int selinux_syslog(int type) | 1994 | static int selinux_syslog(int type) |
@@ -1972,16 +2036,8 @@ static int selinux_syslog(int type) | |||
1972 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | 2036 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) |
1973 | { | 2037 | { |
1974 | int rc, cap_sys_admin = 0; | 2038 | int rc, cap_sys_admin = 0; |
1975 | struct task_security_struct *tsec = current->security; | ||
1976 | |||
1977 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN); | ||
1978 | if (rc == 0) | ||
1979 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
1980 | SECCLASS_CAPABILITY, | ||
1981 | CAP_TO_MASK(CAP_SYS_ADMIN), | ||
1982 | 0, | ||
1983 | NULL); | ||
1984 | 2039 | ||
2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | ||
1985 | if (rc == 0) | 2041 | if (rc == 0) |
1986 | cap_sys_admin = 1; | 2042 | cap_sys_admin = 1; |
1987 | 2043 | ||
@@ -1990,59 +2046,45 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
1990 | 2046 | ||
1991 | /* binprm security operations */ | 2047 | /* binprm security operations */ |
1992 | 2048 | ||
1993 | static int selinux_bprm_alloc_security(struct linux_binprm *bprm) | 2049 | static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
1994 | { | ||
1995 | struct bprm_security_struct *bsec; | ||
1996 | |||
1997 | bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); | ||
1998 | if (!bsec) | ||
1999 | return -ENOMEM; | ||
2000 | |||
2001 | bsec->sid = SECINITSID_UNLABELED; | ||
2002 | bsec->set = 0; | ||
2003 | |||
2004 | bprm->security = bsec; | ||
2005 | return 0; | ||
2006 | } | ||
2007 | |||
2008 | static int selinux_bprm_set_security(struct linux_binprm *bprm) | ||
2009 | { | 2050 | { |
2010 | struct task_security_struct *tsec; | 2051 | const struct task_security_struct *old_tsec; |
2011 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 2052 | struct task_security_struct *new_tsec; |
2012 | struct inode_security_struct *isec; | 2053 | struct inode_security_struct *isec; |
2013 | struct bprm_security_struct *bsec; | ||
2014 | u32 newsid; | ||
2015 | struct avc_audit_data ad; | 2054 | struct avc_audit_data ad; |
2055 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | ||
2016 | int rc; | 2056 | int rc; |
2017 | 2057 | ||
2018 | rc = secondary_ops->bprm_set_security(bprm); | 2058 | rc = secondary_ops->bprm_set_creds(bprm); |
2019 | if (rc) | 2059 | if (rc) |
2020 | return rc; | 2060 | return rc; |
2021 | 2061 | ||
2022 | bsec = bprm->security; | 2062 | /* SELinux context only depends on initial program or script and not |
2023 | 2063 | * the script interpreter */ | |
2024 | if (bsec->set) | 2064 | if (bprm->cred_prepared) |
2025 | return 0; | 2065 | return 0; |
2026 | 2066 | ||
2027 | tsec = current->security; | 2067 | old_tsec = current_security(); |
2068 | new_tsec = bprm->cred->security; | ||
2028 | isec = inode->i_security; | 2069 | isec = inode->i_security; |
2029 | 2070 | ||
2030 | /* Default to the current task SID. */ | 2071 | /* Default to the current task SID. */ |
2031 | bsec->sid = tsec->sid; | 2072 | new_tsec->sid = old_tsec->sid; |
2073 | new_tsec->osid = old_tsec->sid; | ||
2032 | 2074 | ||
2033 | /* Reset fs, key, and sock SIDs on execve. */ | 2075 | /* Reset fs, key, and sock SIDs on execve. */ |
2034 | tsec->create_sid = 0; | 2076 | new_tsec->create_sid = 0; |
2035 | tsec->keycreate_sid = 0; | 2077 | new_tsec->keycreate_sid = 0; |
2036 | tsec->sockcreate_sid = 0; | 2078 | new_tsec->sockcreate_sid = 0; |
2037 | 2079 | ||
2038 | if (tsec->exec_sid) { | 2080 | if (old_tsec->exec_sid) { |
2039 | newsid = tsec->exec_sid; | 2081 | new_tsec->sid = old_tsec->exec_sid; |
2040 | /* Reset exec SID on execve. */ | 2082 | /* Reset exec SID on execve. */ |
2041 | tsec->exec_sid = 0; | 2083 | new_tsec->exec_sid = 0; |
2042 | } else { | 2084 | } else { |
2043 | /* Check for a default transition on this program. */ | 2085 | /* Check for a default transition on this program. */ |
2044 | rc = security_transition_sid(tsec->sid, isec->sid, | 2086 | rc = security_transition_sid(old_tsec->sid, isec->sid, |
2045 | SECCLASS_PROCESS, &newsid); | 2087 | SECCLASS_PROCESS, &new_tsec->sid); |
2046 | if (rc) | 2088 | if (rc) |
2047 | return rc; | 2089 | return rc; |
2048 | } | 2090 | } |
@@ -2051,33 +2093,63 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) | |||
2051 | ad.u.fs.path = bprm->file->f_path; | 2093 | ad.u.fs.path = bprm->file->f_path; |
2052 | 2094 | ||
2053 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 2095 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
2054 | newsid = tsec->sid; | 2096 | new_tsec->sid = old_tsec->sid; |
2055 | 2097 | ||
2056 | if (tsec->sid == newsid) { | 2098 | if (new_tsec->sid == old_tsec->sid) { |
2057 | rc = avc_has_perm(tsec->sid, isec->sid, | 2099 | rc = avc_has_perm(old_tsec->sid, isec->sid, |
2058 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); | 2100 | SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); |
2059 | if (rc) | 2101 | if (rc) |
2060 | return rc; | 2102 | return rc; |
2061 | } else { | 2103 | } else { |
2062 | /* Check permissions for the transition. */ | 2104 | /* Check permissions for the transition. */ |
2063 | rc = avc_has_perm(tsec->sid, newsid, | 2105 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
2064 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); | 2106 | SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); |
2065 | if (rc) | 2107 | if (rc) |
2066 | return rc; | 2108 | return rc; |
2067 | 2109 | ||
2068 | rc = avc_has_perm(newsid, isec->sid, | 2110 | rc = avc_has_perm(new_tsec->sid, isec->sid, |
2069 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); | 2111 | SECCLASS_FILE, FILE__ENTRYPOINT, &ad); |
2070 | if (rc) | 2112 | if (rc) |
2071 | return rc; | 2113 | return rc; |
2072 | 2114 | ||
2073 | /* Clear any possibly unsafe personality bits on exec: */ | 2115 | /* Check for shared state */ |
2074 | current->personality &= ~PER_CLEAR_ON_SETID; | 2116 | if (bprm->unsafe & LSM_UNSAFE_SHARE) { |
2117 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, | ||
2118 | SECCLASS_PROCESS, PROCESS__SHARE, | ||
2119 | NULL); | ||
2120 | if (rc) | ||
2121 | return -EPERM; | ||
2122 | } | ||
2123 | |||
2124 | /* Make sure that anyone attempting to ptrace over a task that | ||
2125 | * changes its SID has the appropriate permit */ | ||
2126 | if (bprm->unsafe & | ||
2127 | (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2128 | struct task_struct *tracer; | ||
2129 | struct task_security_struct *sec; | ||
2130 | u32 ptsid = 0; | ||
2075 | 2131 | ||
2076 | /* Set the security field to the new SID. */ | 2132 | rcu_read_lock(); |
2077 | bsec->sid = newsid; | 2133 | tracer = tracehook_tracer_task(current); |
2134 | if (likely(tracer != NULL)) { | ||
2135 | sec = __task_cred(tracer)->security; | ||
2136 | ptsid = sec->sid; | ||
2137 | } | ||
2138 | rcu_read_unlock(); | ||
2139 | |||
2140 | if (ptsid != 0) { | ||
2141 | rc = avc_has_perm(ptsid, new_tsec->sid, | ||
2142 | SECCLASS_PROCESS, | ||
2143 | PROCESS__PTRACE, NULL); | ||
2144 | if (rc) | ||
2145 | return -EPERM; | ||
2146 | } | ||
2147 | } | ||
2148 | |||
2149 | /* Clear any possibly unsafe personality bits on exec: */ | ||
2150 | bprm->per_clear |= PER_CLEAR_ON_SETID; | ||
2078 | } | 2151 | } |
2079 | 2152 | ||
2080 | bsec->set = 1; | ||
2081 | return 0; | 2153 | return 0; |
2082 | } | 2154 | } |
2083 | 2155 | ||
@@ -2086,35 +2158,34 @@ static int selinux_bprm_check_security(struct linux_binprm *bprm) | |||
2086 | return secondary_ops->bprm_check_security(bprm); | 2158 | return secondary_ops->bprm_check_security(bprm); |
2087 | } | 2159 | } |
2088 | 2160 | ||
2089 | |||
2090 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | 2161 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) |
2091 | { | 2162 | { |
2092 | struct task_security_struct *tsec = current->security; | 2163 | const struct cred *cred = current_cred(); |
2164 | const struct task_security_struct *tsec = cred->security; | ||
2165 | u32 sid, osid; | ||
2093 | int atsecure = 0; | 2166 | int atsecure = 0; |
2094 | 2167 | ||
2095 | if (tsec->osid != tsec->sid) { | 2168 | sid = tsec->sid; |
2169 | osid = tsec->osid; | ||
2170 | |||
2171 | if (osid != sid) { | ||
2096 | /* Enable secure mode for SIDs transitions unless | 2172 | /* Enable secure mode for SIDs transitions unless |
2097 | the noatsecure permission is granted between | 2173 | the noatsecure permission is granted between |
2098 | the two SIDs, i.e. ahp returns 0. */ | 2174 | the two SIDs, i.e. ahp returns 0. */ |
2099 | atsecure = avc_has_perm(tsec->osid, tsec->sid, | 2175 | atsecure = avc_has_perm(osid, sid, |
2100 | SECCLASS_PROCESS, | 2176 | SECCLASS_PROCESS, |
2101 | PROCESS__NOATSECURE, NULL); | 2177 | PROCESS__NOATSECURE, NULL); |
2102 | } | 2178 | } |
2103 | 2179 | ||
2104 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); | 2180 | return (atsecure || secondary_ops->bprm_secureexec(bprm)); |
2105 | } | 2181 | } |
2106 | 2182 | ||
2107 | static void selinux_bprm_free_security(struct linux_binprm *bprm) | ||
2108 | { | ||
2109 | kfree(bprm->security); | ||
2110 | bprm->security = NULL; | ||
2111 | } | ||
2112 | |||
2113 | extern struct vfsmount *selinuxfs_mount; | 2183 | extern struct vfsmount *selinuxfs_mount; |
2114 | extern struct dentry *selinux_null; | 2184 | extern struct dentry *selinux_null; |
2115 | 2185 | ||
2116 | /* Derived from fs/exec.c:flush_old_files. */ | 2186 | /* Derived from fs/exec.c:flush_old_files. */ |
2117 | static inline void flush_unauthorized_files(struct files_struct *files) | 2187 | static inline void flush_unauthorized_files(const struct cred *cred, |
2188 | struct files_struct *files) | ||
2118 | { | 2189 | { |
2119 | struct avc_audit_data ad; | 2190 | struct avc_audit_data ad; |
2120 | struct file *file, *devnull = NULL; | 2191 | struct file *file, *devnull = NULL; |
@@ -2136,7 +2207,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2136 | interested in the inode-based check here. */ | 2207 | interested in the inode-based check here. */ |
2137 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); | 2208 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
2138 | inode = file->f_path.dentry->d_inode; | 2209 | inode = file->f_path.dentry->d_inode; |
2139 | if (inode_has_perm(current, inode, | 2210 | if (inode_has_perm(cred, inode, |
2140 | FILE__READ | FILE__WRITE, NULL)) { | 2211 | FILE__READ | FILE__WRITE, NULL)) { |
2141 | drop_tty = 1; | 2212 | drop_tty = 1; |
2142 | } | 2213 | } |
@@ -2171,7 +2242,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2171 | file = fget(i); | 2242 | file = fget(i); |
2172 | if (!file) | 2243 | if (!file) |
2173 | continue; | 2244 | continue; |
2174 | if (file_has_perm(current, | 2245 | if (file_has_perm(cred, |
2175 | file, | 2246 | file, |
2176 | file_to_av(file))) { | 2247 | file_to_av(file))) { |
2177 | sys_close(i); | 2248 | sys_close(i); |
@@ -2185,7 +2256,10 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2185 | if (devnull) { | 2256 | if (devnull) { |
2186 | get_file(devnull); | 2257 | get_file(devnull); |
2187 | } else { | 2258 | } else { |
2188 | devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); | 2259 | devnull = dentry_open( |
2260 | dget(selinux_null), | ||
2261 | mntget(selinuxfs_mount), | ||
2262 | O_RDWR, cred); | ||
2189 | if (IS_ERR(devnull)) { | 2263 | if (IS_ERR(devnull)) { |
2190 | devnull = NULL; | 2264 | devnull = NULL; |
2191 | put_unused_fd(fd); | 2265 | put_unused_fd(fd); |
@@ -2204,94 +2278,78 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2204 | spin_unlock(&files->file_lock); | 2278 | spin_unlock(&files->file_lock); |
2205 | } | 2279 | } |
2206 | 2280 | ||
2207 | static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | 2281 | /* |
2282 | * Prepare a process for imminent new credential changes due to exec | ||
2283 | */ | ||
2284 | static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | ||
2208 | { | 2285 | { |
2209 | struct task_security_struct *tsec; | 2286 | struct task_security_struct *new_tsec; |
2210 | struct bprm_security_struct *bsec; | 2287 | struct rlimit *rlim, *initrlim; |
2211 | u32 sid; | 2288 | int rc, i; |
2212 | int rc; | ||
2213 | |||
2214 | secondary_ops->bprm_apply_creds(bprm, unsafe); | ||
2215 | |||
2216 | tsec = current->security; | ||
2217 | 2289 | ||
2218 | bsec = bprm->security; | 2290 | secondary_ops->bprm_committing_creds(bprm); |
2219 | sid = bsec->sid; | ||
2220 | 2291 | ||
2221 | tsec->osid = tsec->sid; | 2292 | new_tsec = bprm->cred->security; |
2222 | bsec->unsafe = 0; | 2293 | if (new_tsec->sid == new_tsec->osid) |
2223 | if (tsec->sid != sid) { | 2294 | return; |
2224 | /* Check for shared state. If not ok, leave SID | ||
2225 | unchanged and kill. */ | ||
2226 | if (unsafe & LSM_UNSAFE_SHARE) { | ||
2227 | rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | ||
2228 | PROCESS__SHARE, NULL); | ||
2229 | if (rc) { | ||
2230 | bsec->unsafe = 1; | ||
2231 | return; | ||
2232 | } | ||
2233 | } | ||
2234 | 2295 | ||
2235 | /* Check for ptracing, and update the task SID if ok. | 2296 | /* Close files for which the new task SID is not authorized. */ |
2236 | Otherwise, leave SID unchanged and kill. */ | 2297 | flush_unauthorized_files(bprm->cred, current->files); |
2237 | if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | ||
2238 | struct task_struct *tracer; | ||
2239 | struct task_security_struct *sec; | ||
2240 | u32 ptsid = 0; | ||
2241 | 2298 | ||
2242 | rcu_read_lock(); | 2299 | /* Always clear parent death signal on SID transitions. */ |
2243 | tracer = tracehook_tracer_task(current); | 2300 | current->pdeath_signal = 0; |
2244 | if (likely(tracer != NULL)) { | ||
2245 | sec = tracer->security; | ||
2246 | ptsid = sec->sid; | ||
2247 | } | ||
2248 | rcu_read_unlock(); | ||
2249 | 2301 | ||
2250 | if (ptsid != 0) { | 2302 | /* Check whether the new SID can inherit resource limits from the old |
2251 | rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, | 2303 | * SID. If not, reset all soft limits to the lower of the current |
2252 | PROCESS__PTRACE, NULL); | 2304 | * task's hard limit and the init task's soft limit. |
2253 | if (rc) { | 2305 | * |
2254 | bsec->unsafe = 1; | 2306 | * Note that the setting of hard limits (even to lower them) can be |
2255 | return; | 2307 | * controlled by the setrlimit check. The inclusion of the init task's |
2256 | } | 2308 | * soft limit into the computation is to avoid resetting soft limits |
2257 | } | 2309 | * higher than the default soft limit for cases where the default is |
2310 | * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. | ||
2311 | */ | ||
2312 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | ||
2313 | PROCESS__RLIMITINH, NULL); | ||
2314 | if (rc) { | ||
2315 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2316 | rlim = current->signal->rlim + i; | ||
2317 | initrlim = init_task.signal->rlim + i; | ||
2318 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2258 | } | 2319 | } |
2259 | tsec->sid = sid; | 2320 | update_rlimit_cpu(rlim->rlim_cur); |
2260 | } | 2321 | } |
2261 | } | 2322 | } |
2262 | 2323 | ||
2263 | /* | 2324 | /* |
2264 | * called after apply_creds without the task lock held | 2325 | * Clean up the process immediately after the installation of new credentials |
2326 | * due to exec | ||
2265 | */ | 2327 | */ |
2266 | static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | 2328 | static void selinux_bprm_committed_creds(struct linux_binprm *bprm) |
2267 | { | 2329 | { |
2268 | struct task_security_struct *tsec; | 2330 | const struct task_security_struct *tsec = current_security(); |
2269 | struct rlimit *rlim, *initrlim; | ||
2270 | struct itimerval itimer; | 2331 | struct itimerval itimer; |
2271 | struct bprm_security_struct *bsec; | 2332 | struct sighand_struct *psig; |
2333 | u32 osid, sid; | ||
2272 | int rc, i; | 2334 | int rc, i; |
2335 | unsigned long flags; | ||
2273 | 2336 | ||
2274 | tsec = current->security; | 2337 | secondary_ops->bprm_committed_creds(bprm); |
2275 | bsec = bprm->security; | ||
2276 | 2338 | ||
2277 | if (bsec->unsafe) { | 2339 | osid = tsec->osid; |
2278 | force_sig_specific(SIGKILL, current); | 2340 | sid = tsec->sid; |
2279 | return; | 2341 | |
2280 | } | 2342 | if (sid == osid) |
2281 | if (tsec->osid == tsec->sid) | ||
2282 | return; | 2343 | return; |
2283 | 2344 | ||
2284 | /* Close files for which the new task SID is not authorized. */ | 2345 | /* Check whether the new SID can inherit signal state from the old SID. |
2285 | flush_unauthorized_files(current->files); | 2346 | * If not, clear itimers to avoid subsequent signal generation and |
2286 | 2347 | * flush and unblock signals. | |
2287 | /* Check whether the new SID can inherit signal state | 2348 | * |
2288 | from the old SID. If not, clear itimers to avoid | 2349 | * This must occur _after_ the task SID has been updated so that any |
2289 | subsequent signal generation and flush and unblock | 2350 | * kill done after the flush will be checked against the new SID. |
2290 | signals. This must occur _after_ the task SID has | 2351 | */ |
2291 | been updated so that any kill done after the flush | 2352 | rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); |
2292 | will be checked against the new SID. */ | ||
2293 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2294 | PROCESS__SIGINH, NULL); | ||
2295 | if (rc) { | 2353 | if (rc) { |
2296 | memset(&itimer, 0, sizeof itimer); | 2354 | memset(&itimer, 0, sizeof itimer); |
2297 | for (i = 0; i < 3; i++) | 2355 | for (i = 0; i < 3; i++) |
@@ -2304,33 +2362,14 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
2304 | spin_unlock_irq(¤t->sighand->siglock); | 2362 | spin_unlock_irq(¤t->sighand->siglock); |
2305 | } | 2363 | } |
2306 | 2364 | ||
2307 | /* Always clear parent death signal on SID transitions. */ | 2365 | /* Wake up the parent if it is waiting so that it can recheck |
2308 | current->pdeath_signal = 0; | 2366 | * wait permission to the new task SID. */ |
2309 | 2367 | read_lock_irq(&tasklist_lock); | |
2310 | /* Check whether the new SID can inherit resource limits | 2368 | psig = current->parent->sighand; |
2311 | from the old SID. If not, reset all soft limits to | 2369 | spin_lock_irqsave(&psig->siglock, flags); |
2312 | the lower of the current task's hard limit and the init | ||
2313 | task's soft limit. Note that the setting of hard limits | ||
2314 | (even to lower them) can be controlled by the setrlimit | ||
2315 | check. The inclusion of the init task's soft limit into | ||
2316 | the computation is to avoid resetting soft limits higher | ||
2317 | than the default soft limit for cases where the default | ||
2318 | is lower than the hard limit, e.g. RLIMIT_CORE or | ||
2319 | RLIMIT_STACK.*/ | ||
2320 | rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, | ||
2321 | PROCESS__RLIMITINH, NULL); | ||
2322 | if (rc) { | ||
2323 | for (i = 0; i < RLIM_NLIMITS; i++) { | ||
2324 | rlim = current->signal->rlim + i; | ||
2325 | initrlim = init_task.signal->rlim+i; | ||
2326 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | ||
2327 | } | ||
2328 | update_rlimit_cpu(rlim->rlim_cur); | ||
2329 | } | ||
2330 | |||
2331 | /* Wake up the parent if it is waiting so that it can | ||
2332 | recheck wait permission to the new task SID. */ | ||
2333 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); | 2370 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); |
2371 | spin_unlock_irqrestore(&psig->siglock, flags); | ||
2372 | read_unlock_irq(&tasklist_lock); | ||
2334 | } | 2373 | } |
2335 | 2374 | ||
2336 | /* superblock security operations */ | 2375 | /* superblock security operations */ |
@@ -2435,8 +2474,9 @@ out: | |||
2435 | return rc; | 2474 | return rc; |
2436 | } | 2475 | } |
2437 | 2476 | ||
2438 | static int selinux_sb_kern_mount(struct super_block *sb, void *data) | 2477 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) |
2439 | { | 2478 | { |
2479 | const struct cred *cred = current_cred(); | ||
2440 | struct avc_audit_data ad; | 2480 | struct avc_audit_data ad; |
2441 | int rc; | 2481 | int rc; |
2442 | 2482 | ||
@@ -2444,18 +2484,23 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data) | |||
2444 | if (rc) | 2484 | if (rc) |
2445 | return rc; | 2485 | return rc; |
2446 | 2486 | ||
2487 | /* Allow all mounts performed by the kernel */ | ||
2488 | if (flags & MS_KERNMOUNT) | ||
2489 | return 0; | ||
2490 | |||
2447 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2491 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2448 | ad.u.fs.path.dentry = sb->s_root; | 2492 | ad.u.fs.path.dentry = sb->s_root; |
2449 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); | 2493 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
2450 | } | 2494 | } |
2451 | 2495 | ||
2452 | static int selinux_sb_statfs(struct dentry *dentry) | 2496 | static int selinux_sb_statfs(struct dentry *dentry) |
2453 | { | 2497 | { |
2498 | const struct cred *cred = current_cred(); | ||
2454 | struct avc_audit_data ad; | 2499 | struct avc_audit_data ad; |
2455 | 2500 | ||
2456 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2501 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2457 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2502 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
2458 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2503 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2459 | } | 2504 | } |
2460 | 2505 | ||
2461 | static int selinux_mount(char *dev_name, | 2506 | static int selinux_mount(char *dev_name, |
@@ -2464,6 +2509,7 @@ static int selinux_mount(char *dev_name, | |||
2464 | unsigned long flags, | 2509 | unsigned long flags, |
2465 | void *data) | 2510 | void *data) |
2466 | { | 2511 | { |
2512 | const struct cred *cred = current_cred(); | ||
2467 | int rc; | 2513 | int rc; |
2468 | 2514 | ||
2469 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); | 2515 | rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); |
@@ -2471,22 +2517,23 @@ static int selinux_mount(char *dev_name, | |||
2471 | return rc; | 2517 | return rc; |
2472 | 2518 | ||
2473 | if (flags & MS_REMOUNT) | 2519 | if (flags & MS_REMOUNT) |
2474 | return superblock_has_perm(current, path->mnt->mnt_sb, | 2520 | return superblock_has_perm(cred, path->mnt->mnt_sb, |
2475 | FILESYSTEM__REMOUNT, NULL); | 2521 | FILESYSTEM__REMOUNT, NULL); |
2476 | else | 2522 | else |
2477 | return dentry_has_perm(current, path->mnt, path->dentry, | 2523 | return dentry_has_perm(cred, path->mnt, path->dentry, |
2478 | FILE__MOUNTON); | 2524 | FILE__MOUNTON); |
2479 | } | 2525 | } |
2480 | 2526 | ||
2481 | static int selinux_umount(struct vfsmount *mnt, int flags) | 2527 | static int selinux_umount(struct vfsmount *mnt, int flags) |
2482 | { | 2528 | { |
2529 | const struct cred *cred = current_cred(); | ||
2483 | int rc; | 2530 | int rc; |
2484 | 2531 | ||
2485 | rc = secondary_ops->sb_umount(mnt, flags); | 2532 | rc = secondary_ops->sb_umount(mnt, flags); |
2486 | if (rc) | 2533 | if (rc) |
2487 | return rc; | 2534 | return rc; |
2488 | 2535 | ||
2489 | return superblock_has_perm(current, mnt->mnt_sb, | 2536 | return superblock_has_perm(cred, mnt->mnt_sb, |
2490 | FILESYSTEM__UNMOUNT, NULL); | 2537 | FILESYSTEM__UNMOUNT, NULL); |
2491 | } | 2538 | } |
2492 | 2539 | ||
@@ -2506,21 +2553,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2506 | char **name, void **value, | 2553 | char **name, void **value, |
2507 | size_t *len) | 2554 | size_t *len) |
2508 | { | 2555 | { |
2509 | struct task_security_struct *tsec; | 2556 | const struct cred *cred = current_cred(); |
2557 | const struct task_security_struct *tsec = cred->security; | ||
2510 | struct inode_security_struct *dsec; | 2558 | struct inode_security_struct *dsec; |
2511 | struct superblock_security_struct *sbsec; | 2559 | struct superblock_security_struct *sbsec; |
2512 | u32 newsid, clen; | 2560 | u32 sid, newsid, clen; |
2513 | int rc; | 2561 | int rc; |
2514 | char *namep = NULL, *context; | 2562 | char *namep = NULL, *context; |
2515 | 2563 | ||
2516 | tsec = current->security; | ||
2517 | dsec = dir->i_security; | 2564 | dsec = dir->i_security; |
2518 | sbsec = dir->i_sb->s_security; | 2565 | sbsec = dir->i_sb->s_security; |
2519 | 2566 | ||
2520 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | 2567 | sid = tsec->sid; |
2521 | newsid = tsec->create_sid; | 2568 | newsid = tsec->create_sid; |
2522 | } else { | 2569 | |
2523 | rc = security_transition_sid(tsec->sid, dsec->sid, | 2570 | if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) { |
2571 | rc = security_transition_sid(sid, dsec->sid, | ||
2524 | inode_mode_to_security_class(inode->i_mode), | 2572 | inode_mode_to_security_class(inode->i_mode), |
2525 | &newsid); | 2573 | &newsid); |
2526 | if (rc) { | 2574 | if (rc) { |
@@ -2623,21 +2671,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent | |||
2623 | 2671 | ||
2624 | static int selinux_inode_readlink(struct dentry *dentry) | 2672 | static int selinux_inode_readlink(struct dentry *dentry) |
2625 | { | 2673 | { |
2626 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2674 | const struct cred *cred = current_cred(); |
2675 | |||
2676 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); | ||
2627 | } | 2677 | } |
2628 | 2678 | ||
2629 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) | 2679 | static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) |
2630 | { | 2680 | { |
2681 | const struct cred *cred = current_cred(); | ||
2631 | int rc; | 2682 | int rc; |
2632 | 2683 | ||
2633 | rc = secondary_ops->inode_follow_link(dentry, nameidata); | 2684 | rc = secondary_ops->inode_follow_link(dentry, nameidata); |
2634 | if (rc) | 2685 | if (rc) |
2635 | return rc; | 2686 | return rc; |
2636 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | 2687 | return dentry_has_perm(cred, NULL, dentry, FILE__READ); |
2637 | } | 2688 | } |
2638 | 2689 | ||
2639 | static int selinux_inode_permission(struct inode *inode, int mask) | 2690 | static int selinux_inode_permission(struct inode *inode, int mask) |
2640 | { | 2691 | { |
2692 | const struct cred *cred = current_cred(); | ||
2641 | int rc; | 2693 | int rc; |
2642 | 2694 | ||
2643 | rc = secondary_ops->inode_permission(inode, mask); | 2695 | rc = secondary_ops->inode_permission(inode, mask); |
@@ -2649,12 +2701,13 @@ static int selinux_inode_permission(struct inode *inode, int mask) | |||
2649 | return 0; | 2701 | return 0; |
2650 | } | 2702 | } |
2651 | 2703 | ||
2652 | return inode_has_perm(current, inode, | 2704 | return inode_has_perm(cred, inode, |
2653 | open_file_mask_to_av(inode->i_mode, mask), NULL); | 2705 | file_mask_to_av(inode->i_mode, mask), NULL); |
2654 | } | 2706 | } |
2655 | 2707 | ||
2656 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 2708 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
2657 | { | 2709 | { |
2710 | const struct cred *cred = current_cred(); | ||
2658 | int rc; | 2711 | int rc; |
2659 | 2712 | ||
2660 | rc = secondary_ops->inode_setattr(dentry, iattr); | 2713 | rc = secondary_ops->inode_setattr(dentry, iattr); |
@@ -2666,18 +2719,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
2666 | 2719 | ||
2667 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | | 2720 | if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | |
2668 | ATTR_ATIME_SET | ATTR_MTIME_SET)) | 2721 | ATTR_ATIME_SET | ATTR_MTIME_SET)) |
2669 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2722 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2670 | 2723 | ||
2671 | return dentry_has_perm(current, NULL, dentry, FILE__WRITE); | 2724 | return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); |
2672 | } | 2725 | } |
2673 | 2726 | ||
2674 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 2727 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
2675 | { | 2728 | { |
2676 | return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); | 2729 | const struct cred *cred = current_cred(); |
2730 | |||
2731 | return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); | ||
2677 | } | 2732 | } |
2678 | 2733 | ||
2679 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | 2734 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) |
2680 | { | 2735 | { |
2736 | const struct cred *cred = current_cred(); | ||
2737 | |||
2681 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 2738 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
2682 | sizeof XATTR_SECURITY_PREFIX - 1)) { | 2739 | sizeof XATTR_SECURITY_PREFIX - 1)) { |
2683 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 2740 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
@@ -2692,18 +2749,17 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) | |||
2692 | 2749 | ||
2693 | /* Not an attribute we recognize, so just check the | 2750 | /* Not an attribute we recognize, so just check the |
2694 | ordinary setattr permission. */ | 2751 | ordinary setattr permission. */ |
2695 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2752 | return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); |
2696 | } | 2753 | } |
2697 | 2754 | ||
2698 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | 2755 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, |
2699 | const void *value, size_t size, int flags) | 2756 | const void *value, size_t size, int flags) |
2700 | { | 2757 | { |
2701 | struct task_security_struct *tsec = current->security; | ||
2702 | struct inode *inode = dentry->d_inode; | 2758 | struct inode *inode = dentry->d_inode; |
2703 | struct inode_security_struct *isec = inode->i_security; | 2759 | struct inode_security_struct *isec = inode->i_security; |
2704 | struct superblock_security_struct *sbsec; | 2760 | struct superblock_security_struct *sbsec; |
2705 | struct avc_audit_data ad; | 2761 | struct avc_audit_data ad; |
2706 | u32 newsid; | 2762 | u32 newsid, sid = current_sid(); |
2707 | int rc = 0; | 2763 | int rc = 0; |
2708 | 2764 | ||
2709 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2765 | if (strcmp(name, XATTR_NAME_SELINUX)) |
@@ -2719,7 +2775,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2719 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2775 | AVC_AUDIT_DATA_INIT(&ad, FS); |
2720 | ad.u.fs.path.dentry = dentry; | 2776 | ad.u.fs.path.dentry = dentry; |
2721 | 2777 | ||
2722 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, | 2778 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
2723 | FILE__RELABELFROM, &ad); | 2779 | FILE__RELABELFROM, &ad); |
2724 | if (rc) | 2780 | if (rc) |
2725 | return rc; | 2781 | return rc; |
@@ -2733,12 +2789,12 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2733 | if (rc) | 2789 | if (rc) |
2734 | return rc; | 2790 | return rc; |
2735 | 2791 | ||
2736 | rc = avc_has_perm(tsec->sid, newsid, isec->sclass, | 2792 | rc = avc_has_perm(sid, newsid, isec->sclass, |
2737 | FILE__RELABELTO, &ad); | 2793 | FILE__RELABELTO, &ad); |
2738 | if (rc) | 2794 | if (rc) |
2739 | return rc; | 2795 | return rc; |
2740 | 2796 | ||
2741 | rc = security_validate_transition(isec->sid, newsid, tsec->sid, | 2797 | rc = security_validate_transition(isec->sid, newsid, sid, |
2742 | isec->sclass); | 2798 | isec->sclass); |
2743 | if (rc) | 2799 | if (rc) |
2744 | return rc; | 2800 | return rc; |
@@ -2778,12 +2834,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
2778 | 2834 | ||
2779 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) | 2835 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) |
2780 | { | 2836 | { |
2781 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2837 | const struct cred *cred = current_cred(); |
2838 | |||
2839 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2782 | } | 2840 | } |
2783 | 2841 | ||
2784 | static int selinux_inode_listxattr(struct dentry *dentry) | 2842 | static int selinux_inode_listxattr(struct dentry *dentry) |
2785 | { | 2843 | { |
2786 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2844 | const struct cred *cred = current_cred(); |
2845 | |||
2846 | return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); | ||
2787 | } | 2847 | } |
2788 | 2848 | ||
2789 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) | 2849 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) |
@@ -2806,7 +2866,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2806 | u32 size; | 2866 | u32 size; |
2807 | int error; | 2867 | int error; |
2808 | char *context = NULL; | 2868 | char *context = NULL; |
2809 | struct task_security_struct *tsec = current->security; | ||
2810 | struct inode_security_struct *isec = inode->i_security; | 2869 | struct inode_security_struct *isec = inode->i_security; |
2811 | 2870 | ||
2812 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2871 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
@@ -2821,13 +2880,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2821 | * and lack of permission just means that we fall back to the | 2880 | * and lack of permission just means that we fall back to the |
2822 | * in-core context value, not a denial. | 2881 | * in-core context value, not a denial. |
2823 | */ | 2882 | */ |
2824 | error = secondary_ops->capable(current, CAP_MAC_ADMIN); | 2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2825 | if (!error) | ||
2826 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
2827 | SECCLASS_CAPABILITY2, | ||
2828 | CAPABILITY2__MAC_ADMIN, | ||
2829 | 0, | ||
2830 | NULL); | ||
2831 | if (!error) | 2884 | if (!error) |
2832 | error = security_sid_to_context_force(isec->sid, &context, | 2885 | error = security_sid_to_context_force(isec->sid, &context, |
2833 | &size); | 2886 | &size); |
@@ -2894,6 +2947,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | |||
2894 | 2947 | ||
2895 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2948 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
2896 | { | 2949 | { |
2950 | const struct cred *cred = current_cred(); | ||
2897 | int rc; | 2951 | int rc; |
2898 | struct inode *inode = file->f_path.dentry->d_inode; | 2952 | struct inode *inode = file->f_path.dentry->d_inode; |
2899 | 2953 | ||
@@ -2906,7 +2960,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2906 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) | 2960 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
2907 | mask |= MAY_APPEND; | 2961 | mask |= MAY_APPEND; |
2908 | 2962 | ||
2909 | rc = file_has_perm(current, file, | 2963 | rc = file_has_perm(cred, file, |
2910 | file_mask_to_av(inode->i_mode, mask)); | 2964 | file_mask_to_av(inode->i_mode, mask)); |
2911 | if (rc) | 2965 | if (rc) |
2912 | return rc; | 2966 | return rc; |
@@ -2917,16 +2971,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
2917 | static int selinux_file_permission(struct file *file, int mask) | 2971 | static int selinux_file_permission(struct file *file, int mask) |
2918 | { | 2972 | { |
2919 | struct inode *inode = file->f_path.dentry->d_inode; | 2973 | struct inode *inode = file->f_path.dentry->d_inode; |
2920 | struct task_security_struct *tsec = current->security; | ||
2921 | struct file_security_struct *fsec = file->f_security; | 2974 | struct file_security_struct *fsec = file->f_security; |
2922 | struct inode_security_struct *isec = inode->i_security; | 2975 | struct inode_security_struct *isec = inode->i_security; |
2976 | u32 sid = current_sid(); | ||
2923 | 2977 | ||
2924 | if (!mask) { | 2978 | if (!mask) { |
2925 | /* No permission to check. Existence test. */ | 2979 | /* No permission to check. Existence test. */ |
2926 | return 0; | 2980 | return 0; |
2927 | } | 2981 | } |
2928 | 2982 | ||
2929 | if (tsec->sid == fsec->sid && fsec->isid == isec->sid | 2983 | if (sid == fsec->sid && fsec->isid == isec->sid |
2930 | && fsec->pseqno == avc_policy_seqno()) | 2984 | && fsec->pseqno == avc_policy_seqno()) |
2931 | return selinux_netlbl_inode_permission(inode, mask); | 2985 | return selinux_netlbl_inode_permission(inode, mask); |
2932 | 2986 | ||
@@ -2946,6 +3000,7 @@ static void selinux_file_free_security(struct file *file) | |||
2946 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 3000 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2947 | unsigned long arg) | 3001 | unsigned long arg) |
2948 | { | 3002 | { |
3003 | const struct cred *cred = current_cred(); | ||
2949 | u32 av = 0; | 3004 | u32 av = 0; |
2950 | 3005 | ||
2951 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 3006 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
@@ -2955,11 +3010,14 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, | |||
2955 | if (!av) | 3010 | if (!av) |
2956 | av = FILE__IOCTL; | 3011 | av = FILE__IOCTL; |
2957 | 3012 | ||
2958 | return file_has_perm(current, file, av); | 3013 | return file_has_perm(cred, file, av); |
2959 | } | 3014 | } |
2960 | 3015 | ||
2961 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 3016 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |
2962 | { | 3017 | { |
3018 | const struct cred *cred = current_cred(); | ||
3019 | int rc = 0; | ||
3020 | |||
2963 | #ifndef CONFIG_PPC32 | 3021 | #ifndef CONFIG_PPC32 |
2964 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { | 3022 | if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { |
2965 | /* | 3023 | /* |
@@ -2967,9 +3025,9 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2967 | * private file mapping that will also be writable. | 3025 | * private file mapping that will also be writable. |
2968 | * This has an additional check. | 3026 | * This has an additional check. |
2969 | */ | 3027 | */ |
2970 | int rc = task_has_perm(current, current, PROCESS__EXECMEM); | 3028 | rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); |
2971 | if (rc) | 3029 | if (rc) |
2972 | return rc; | 3030 | goto error; |
2973 | } | 3031 | } |
2974 | #endif | 3032 | #endif |
2975 | 3033 | ||
@@ -2984,9 +3042,11 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
2984 | if (prot & PROT_EXEC) | 3042 | if (prot & PROT_EXEC) |
2985 | av |= FILE__EXECUTE; | 3043 | av |= FILE__EXECUTE; |
2986 | 3044 | ||
2987 | return file_has_perm(current, file, av); | 3045 | return file_has_perm(cred, file, av); |
2988 | } | 3046 | } |
2989 | return 0; | 3047 | |
3048 | error: | ||
3049 | return rc; | ||
2990 | } | 3050 | } |
2991 | 3051 | ||
2992 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3052 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, |
@@ -2994,7 +3054,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
2994 | unsigned long addr, unsigned long addr_only) | 3054 | unsigned long addr, unsigned long addr_only) |
2995 | { | 3055 | { |
2996 | int rc = 0; | 3056 | int rc = 0; |
2997 | u32 sid = ((struct task_security_struct *)(current->security))->sid; | 3057 | u32 sid = current_sid(); |
2998 | 3058 | ||
2999 | if (addr < mmap_min_addr) | 3059 | if (addr < mmap_min_addr) |
3000 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, | 3060 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
@@ -3013,6 +3073,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3013 | unsigned long reqprot, | 3073 | unsigned long reqprot, |
3014 | unsigned long prot) | 3074 | unsigned long prot) |
3015 | { | 3075 | { |
3076 | const struct cred *cred = current_cred(); | ||
3016 | int rc; | 3077 | int rc; |
3017 | 3078 | ||
3018 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); | 3079 | rc = secondary_ops->file_mprotect(vma, reqprot, prot); |
@@ -3027,12 +3088,11 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3027 | rc = 0; | 3088 | rc = 0; |
3028 | if (vma->vm_start >= vma->vm_mm->start_brk && | 3089 | if (vma->vm_start >= vma->vm_mm->start_brk && |
3029 | vma->vm_end <= vma->vm_mm->brk) { | 3090 | vma->vm_end <= vma->vm_mm->brk) { |
3030 | rc = task_has_perm(current, current, | 3091 | rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); |
3031 | PROCESS__EXECHEAP); | ||
3032 | } else if (!vma->vm_file && | 3092 | } else if (!vma->vm_file && |
3033 | vma->vm_start <= vma->vm_mm->start_stack && | 3093 | vma->vm_start <= vma->vm_mm->start_stack && |
3034 | vma->vm_end >= vma->vm_mm->start_stack) { | 3094 | vma->vm_end >= vma->vm_mm->start_stack) { |
3035 | rc = task_has_perm(current, current, PROCESS__EXECSTACK); | 3095 | rc = current_has_perm(current, PROCESS__EXECSTACK); |
3036 | } else if (vma->vm_file && vma->anon_vma) { | 3096 | } else if (vma->vm_file && vma->anon_vma) { |
3037 | /* | 3097 | /* |
3038 | * We are making executable a file mapping that has | 3098 | * We are making executable a file mapping that has |
@@ -3041,8 +3101,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3041 | * modified content. This typically should only | 3101 | * modified content. This typically should only |
3042 | * occur for text relocations. | 3102 | * occur for text relocations. |
3043 | */ | 3103 | */ |
3044 | rc = file_has_perm(current, vma->vm_file, | 3104 | rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); |
3045 | FILE__EXECMOD); | ||
3046 | } | 3105 | } |
3047 | if (rc) | 3106 | if (rc) |
3048 | return rc; | 3107 | return rc; |
@@ -3054,12 +3113,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
3054 | 3113 | ||
3055 | static int selinux_file_lock(struct file *file, unsigned int cmd) | 3114 | static int selinux_file_lock(struct file *file, unsigned int cmd) |
3056 | { | 3115 | { |
3057 | return file_has_perm(current, file, FILE__LOCK); | 3116 | const struct cred *cred = current_cred(); |
3117 | |||
3118 | return file_has_perm(cred, file, FILE__LOCK); | ||
3058 | } | 3119 | } |
3059 | 3120 | ||
3060 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, | 3121 | static int selinux_file_fcntl(struct file *file, unsigned int cmd, |
3061 | unsigned long arg) | 3122 | unsigned long arg) |
3062 | { | 3123 | { |
3124 | const struct cred *cred = current_cred(); | ||
3063 | int err = 0; | 3125 | int err = 0; |
3064 | 3126 | ||
3065 | switch (cmd) { | 3127 | switch (cmd) { |
@@ -3070,7 +3132,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3070 | } | 3132 | } |
3071 | 3133 | ||
3072 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { | 3134 | if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { |
3073 | err = file_has_perm(current, file, FILE__WRITE); | 3135 | err = file_has_perm(cred, file, FILE__WRITE); |
3074 | break; | 3136 | break; |
3075 | } | 3137 | } |
3076 | /* fall through */ | 3138 | /* fall through */ |
@@ -3080,7 +3142,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3080 | case F_GETOWN: | 3142 | case F_GETOWN: |
3081 | case F_GETSIG: | 3143 | case F_GETSIG: |
3082 | /* Just check FD__USE permission */ | 3144 | /* Just check FD__USE permission */ |
3083 | err = file_has_perm(current, file, 0); | 3145 | err = file_has_perm(cred, file, 0); |
3084 | break; | 3146 | break; |
3085 | case F_GETLK: | 3147 | case F_GETLK: |
3086 | case F_SETLK: | 3148 | case F_SETLK: |
@@ -3094,7 +3156,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3094 | err = -EINVAL; | 3156 | err = -EINVAL; |
3095 | break; | 3157 | break; |
3096 | } | 3158 | } |
3097 | err = file_has_perm(current, file, FILE__LOCK); | 3159 | err = file_has_perm(cred, file, FILE__LOCK); |
3098 | break; | 3160 | break; |
3099 | } | 3161 | } |
3100 | 3162 | ||
@@ -3103,12 +3165,10 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, | |||
3103 | 3165 | ||
3104 | static int selinux_file_set_fowner(struct file *file) | 3166 | static int selinux_file_set_fowner(struct file *file) |
3105 | { | 3167 | { |
3106 | struct task_security_struct *tsec; | ||
3107 | struct file_security_struct *fsec; | 3168 | struct file_security_struct *fsec; |
3108 | 3169 | ||
3109 | tsec = current->security; | ||
3110 | fsec = file->f_security; | 3170 | fsec = file->f_security; |
3111 | fsec->fown_sid = tsec->sid; | 3171 | fsec->fown_sid = current_sid(); |
3112 | 3172 | ||
3113 | return 0; | 3173 | return 0; |
3114 | } | 3174 | } |
@@ -3117,14 +3177,13 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3117 | struct fown_struct *fown, int signum) | 3177 | struct fown_struct *fown, int signum) |
3118 | { | 3178 | { |
3119 | struct file *file; | 3179 | struct file *file; |
3180 | u32 sid = current_sid(); | ||
3120 | u32 perm; | 3181 | u32 perm; |
3121 | struct task_security_struct *tsec; | ||
3122 | struct file_security_struct *fsec; | 3182 | struct file_security_struct *fsec; |
3123 | 3183 | ||
3124 | /* struct fown_struct is never outside the context of a struct file */ | 3184 | /* struct fown_struct is never outside the context of a struct file */ |
3125 | file = container_of(fown, struct file, f_owner); | 3185 | file = container_of(fown, struct file, f_owner); |
3126 | 3186 | ||
3127 | tsec = tsk->security; | ||
3128 | fsec = file->f_security; | 3187 | fsec = file->f_security; |
3129 | 3188 | ||
3130 | if (!signum) | 3189 | if (!signum) |
@@ -3132,20 +3191,23 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, | |||
3132 | else | 3191 | else |
3133 | perm = signal_to_av(signum); | 3192 | perm = signal_to_av(signum); |
3134 | 3193 | ||
3135 | return avc_has_perm(fsec->fown_sid, tsec->sid, | 3194 | return avc_has_perm(fsec->fown_sid, sid, |
3136 | SECCLASS_PROCESS, perm, NULL); | 3195 | SECCLASS_PROCESS, perm, NULL); |
3137 | } | 3196 | } |
3138 | 3197 | ||
3139 | static int selinux_file_receive(struct file *file) | 3198 | static int selinux_file_receive(struct file *file) |
3140 | { | 3199 | { |
3141 | return file_has_perm(current, file, file_to_av(file)); | 3200 | const struct cred *cred = current_cred(); |
3201 | |||
3202 | return file_has_perm(cred, file, file_to_av(file)); | ||
3142 | } | 3203 | } |
3143 | 3204 | ||
3144 | static int selinux_dentry_open(struct file *file) | 3205 | static int selinux_dentry_open(struct file *file, const struct cred *cred) |
3145 | { | 3206 | { |
3146 | struct file_security_struct *fsec; | 3207 | struct file_security_struct *fsec; |
3147 | struct inode *inode; | 3208 | struct inode *inode; |
3148 | struct inode_security_struct *isec; | 3209 | struct inode_security_struct *isec; |
3210 | |||
3149 | inode = file->f_path.dentry->d_inode; | 3211 | inode = file->f_path.dentry->d_inode; |
3150 | fsec = file->f_security; | 3212 | fsec = file->f_security; |
3151 | isec = inode->i_security; | 3213 | isec = inode->i_security; |
@@ -3166,7 +3228,7 @@ static int selinux_dentry_open(struct file *file) | |||
3166 | * new inode label or new policy. | 3228 | * new inode label or new policy. |
3167 | * This check is not redundant - do not remove. | 3229 | * This check is not redundant - do not remove. |
3168 | */ | 3230 | */ |
3169 | return inode_has_perm(current, inode, file_to_av(file), NULL); | 3231 | return inode_has_perm(cred, inode, open_file_to_av(file), NULL); |
3170 | } | 3232 | } |
3171 | 3233 | ||
3172 | /* task security operations */ | 3234 | /* task security operations */ |
@@ -3179,36 +3241,88 @@ static int selinux_task_create(unsigned long clone_flags) | |||
3179 | if (rc) | 3241 | if (rc) |
3180 | return rc; | 3242 | return rc; |
3181 | 3243 | ||
3182 | return task_has_perm(current, current, PROCESS__FORK); | 3244 | return current_has_perm(current, PROCESS__FORK); |
3183 | } | 3245 | } |
3184 | 3246 | ||
3185 | static int selinux_task_alloc_security(struct task_struct *tsk) | 3247 | /* |
3248 | * detach and free the LSM part of a set of credentials | ||
3249 | */ | ||
3250 | static void selinux_cred_free(struct cred *cred) | ||
3186 | { | 3251 | { |
3187 | struct task_security_struct *tsec1, *tsec2; | 3252 | struct task_security_struct *tsec = cred->security; |
3188 | int rc; | 3253 | cred->security = NULL; |
3189 | 3254 | kfree(tsec); | |
3190 | tsec1 = current->security; | 3255 | } |
3191 | 3256 | ||
3192 | rc = task_alloc_security(tsk); | 3257 | /* |
3193 | if (rc) | 3258 | * prepare a new set of credentials for modification |
3194 | return rc; | 3259 | */ |
3195 | tsec2 = tsk->security; | 3260 | static int selinux_cred_prepare(struct cred *new, const struct cred *old, |
3261 | gfp_t gfp) | ||
3262 | { | ||
3263 | const struct task_security_struct *old_tsec; | ||
3264 | struct task_security_struct *tsec; | ||
3196 | 3265 | ||
3197 | tsec2->osid = tsec1->osid; | 3266 | old_tsec = old->security; |
3198 | tsec2->sid = tsec1->sid; | ||
3199 | 3267 | ||
3200 | /* Retain the exec, fs, key, and sock SIDs across fork */ | 3268 | tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); |
3201 | tsec2->exec_sid = tsec1->exec_sid; | 3269 | if (!tsec) |
3202 | tsec2->create_sid = tsec1->create_sid; | 3270 | return -ENOMEM; |
3203 | tsec2->keycreate_sid = tsec1->keycreate_sid; | ||
3204 | tsec2->sockcreate_sid = tsec1->sockcreate_sid; | ||
3205 | 3271 | ||
3272 | new->security = tsec; | ||
3206 | return 0; | 3273 | return 0; |
3207 | } | 3274 | } |
3208 | 3275 | ||
3209 | static void selinux_task_free_security(struct task_struct *tsk) | 3276 | /* |
3277 | * commit new credentials | ||
3278 | */ | ||
3279 | static void selinux_cred_commit(struct cred *new, const struct cred *old) | ||
3280 | { | ||
3281 | secondary_ops->cred_commit(new, old); | ||
3282 | } | ||
3283 | |||
3284 | /* | ||
3285 | * set the security data for a kernel service | ||
3286 | * - all the creation contexts are set to unlabelled | ||
3287 | */ | ||
3288 | static int selinux_kernel_act_as(struct cred *new, u32 secid) | ||
3289 | { | ||
3290 | struct task_security_struct *tsec = new->security; | ||
3291 | u32 sid = current_sid(); | ||
3292 | int ret; | ||
3293 | |||
3294 | ret = avc_has_perm(sid, secid, | ||
3295 | SECCLASS_KERNEL_SERVICE, | ||
3296 | KERNEL_SERVICE__USE_AS_OVERRIDE, | ||
3297 | NULL); | ||
3298 | if (ret == 0) { | ||
3299 | tsec->sid = secid; | ||
3300 | tsec->create_sid = 0; | ||
3301 | tsec->keycreate_sid = 0; | ||
3302 | tsec->sockcreate_sid = 0; | ||
3303 | } | ||
3304 | return ret; | ||
3305 | } | ||
3306 | |||
3307 | /* | ||
3308 | * set the file creation context in a security record to the same as the | ||
3309 | * objective context of the specified inode | ||
3310 | */ | ||
3311 | static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | ||
3210 | { | 3312 | { |
3211 | task_free_security(tsk); | 3313 | struct inode_security_struct *isec = inode->i_security; |
3314 | struct task_security_struct *tsec = new->security; | ||
3315 | u32 sid = current_sid(); | ||
3316 | int ret; | ||
3317 | |||
3318 | ret = avc_has_perm(sid, isec->sid, | ||
3319 | SECCLASS_KERNEL_SERVICE, | ||
3320 | KERNEL_SERVICE__CREATE_FILES_AS, | ||
3321 | NULL); | ||
3322 | |||
3323 | if (ret == 0) | ||
3324 | tsec->create_sid = isec->sid; | ||
3325 | return 0; | ||
3212 | } | 3326 | } |
3213 | 3327 | ||
3214 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3328 | static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
@@ -3222,9 +3336,10 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |||
3222 | return 0; | 3336 | return 0; |
3223 | } | 3337 | } |
3224 | 3338 | ||
3225 | static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 3339 | static int selinux_task_fix_setuid(struct cred *new, const struct cred *old, |
3340 | int flags) | ||
3226 | { | 3341 | { |
3227 | return secondary_ops->task_post_setuid(id0, id1, id2, flags); | 3342 | return secondary_ops->task_fix_setuid(new, old, flags); |
3228 | } | 3343 | } |
3229 | 3344 | ||
3230 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 3345 | static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
@@ -3235,23 +3350,22 @@ static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |||
3235 | 3350 | ||
3236 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 3351 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
3237 | { | 3352 | { |
3238 | return task_has_perm(current, p, PROCESS__SETPGID); | 3353 | return current_has_perm(p, PROCESS__SETPGID); |
3239 | } | 3354 | } |
3240 | 3355 | ||
3241 | static int selinux_task_getpgid(struct task_struct *p) | 3356 | static int selinux_task_getpgid(struct task_struct *p) |
3242 | { | 3357 | { |
3243 | return task_has_perm(current, p, PROCESS__GETPGID); | 3358 | return current_has_perm(p, PROCESS__GETPGID); |
3244 | } | 3359 | } |
3245 | 3360 | ||
3246 | static int selinux_task_getsid(struct task_struct *p) | 3361 | static int selinux_task_getsid(struct task_struct *p) |
3247 | { | 3362 | { |
3248 | return task_has_perm(current, p, PROCESS__GETSESSION); | 3363 | return current_has_perm(p, PROCESS__GETSESSION); |
3249 | } | 3364 | } |
3250 | 3365 | ||
3251 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) | 3366 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) |
3252 | { | 3367 | { |
3253 | struct task_security_struct *tsec = p->security; | 3368 | *secid = task_sid(p); |
3254 | *secid = tsec->sid; | ||
3255 | } | 3369 | } |
3256 | 3370 | ||
3257 | static int selinux_task_setgroups(struct group_info *group_info) | 3371 | static int selinux_task_setgroups(struct group_info *group_info) |
@@ -3268,7 +3382,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice) | |||
3268 | if (rc) | 3382 | if (rc) |
3269 | return rc; | 3383 | return rc; |
3270 | 3384 | ||
3271 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3385 | return current_has_perm(p, PROCESS__SETSCHED); |
3272 | } | 3386 | } |
3273 | 3387 | ||
3274 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) | 3388 | static int selinux_task_setioprio(struct task_struct *p, int ioprio) |
@@ -3279,12 +3393,12 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio) | |||
3279 | if (rc) | 3393 | if (rc) |
3280 | return rc; | 3394 | return rc; |
3281 | 3395 | ||
3282 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3396 | return current_has_perm(p, PROCESS__SETSCHED); |
3283 | } | 3397 | } |
3284 | 3398 | ||
3285 | static int selinux_task_getioprio(struct task_struct *p) | 3399 | static int selinux_task_getioprio(struct task_struct *p) |
3286 | { | 3400 | { |
3287 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3401 | return current_has_perm(p, PROCESS__GETSCHED); |
3288 | } | 3402 | } |
3289 | 3403 | ||
3290 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 3404 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) |
@@ -3299,9 +3413,9 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim | |||
3299 | /* Control the ability to change the hard limit (whether | 3413 | /* Control the ability to change the hard limit (whether |
3300 | lowering or raising it), so that the hard limit can | 3414 | lowering or raising it), so that the hard limit can |
3301 | later be used as a safe reset point for the soft limit | 3415 | later be used as a safe reset point for the soft limit |
3302 | upon context transitions. See selinux_bprm_apply_creds. */ | 3416 | upon context transitions. See selinux_bprm_committing_creds. */ |
3303 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3417 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
3304 | return task_has_perm(current, current, PROCESS__SETRLIMIT); | 3418 | return current_has_perm(current, PROCESS__SETRLIMIT); |
3305 | 3419 | ||
3306 | return 0; | 3420 | return 0; |
3307 | } | 3421 | } |
@@ -3314,17 +3428,17 @@ static int selinux_task_setscheduler(struct task_struct *p, int policy, struct s | |||
3314 | if (rc) | 3428 | if (rc) |
3315 | return rc; | 3429 | return rc; |
3316 | 3430 | ||
3317 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3431 | return current_has_perm(p, PROCESS__SETSCHED); |
3318 | } | 3432 | } |
3319 | 3433 | ||
3320 | static int selinux_task_getscheduler(struct task_struct *p) | 3434 | static int selinux_task_getscheduler(struct task_struct *p) |
3321 | { | 3435 | { |
3322 | return task_has_perm(current, p, PROCESS__GETSCHED); | 3436 | return current_has_perm(p, PROCESS__GETSCHED); |
3323 | } | 3437 | } |
3324 | 3438 | ||
3325 | static int selinux_task_movememory(struct task_struct *p) | 3439 | static int selinux_task_movememory(struct task_struct *p) |
3326 | { | 3440 | { |
3327 | return task_has_perm(current, p, PROCESS__SETSCHED); | 3441 | return current_has_perm(p, PROCESS__SETSCHED); |
3328 | } | 3442 | } |
3329 | 3443 | ||
3330 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | 3444 | static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
@@ -3332,7 +3446,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3332 | { | 3446 | { |
3333 | u32 perm; | 3447 | u32 perm; |
3334 | int rc; | 3448 | int rc; |
3335 | struct task_security_struct *tsec; | ||
3336 | 3449 | ||
3337 | rc = secondary_ops->task_kill(p, info, sig, secid); | 3450 | rc = secondary_ops->task_kill(p, info, sig, secid); |
3338 | if (rc) | 3451 | if (rc) |
@@ -3342,11 +3455,11 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
3342 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3455 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
3343 | else | 3456 | else |
3344 | perm = signal_to_av(sig); | 3457 | perm = signal_to_av(sig); |
3345 | tsec = p->security; | ||
3346 | if (secid) | 3458 | if (secid) |
3347 | rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); | 3459 | rc = avc_has_perm(secid, task_sid(p), |
3460 | SECCLASS_PROCESS, perm, NULL); | ||
3348 | else | 3461 | else |
3349 | rc = task_has_perm(current, p, perm); | 3462 | rc = current_has_perm(p, perm); |
3350 | return rc; | 3463 | return rc; |
3351 | } | 3464 | } |
3352 | 3465 | ||
@@ -3354,13 +3467,12 @@ static int selinux_task_prctl(int option, | |||
3354 | unsigned long arg2, | 3467 | unsigned long arg2, |
3355 | unsigned long arg3, | 3468 | unsigned long arg3, |
3356 | unsigned long arg4, | 3469 | unsigned long arg4, |
3357 | unsigned long arg5, | 3470 | unsigned long arg5) |
3358 | long *rc_p) | ||
3359 | { | 3471 | { |
3360 | /* The current prctl operations do not appear to require | 3472 | /* The current prctl operations do not appear to require |
3361 | any SELinux controls since they merely observe or modify | 3473 | any SELinux controls since they merely observe or modify |
3362 | the state of the current process. */ | 3474 | the state of the current process. */ |
3363 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); | 3475 | return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
3364 | } | 3476 | } |
3365 | 3477 | ||
3366 | static int selinux_task_wait(struct task_struct *p) | 3478 | static int selinux_task_wait(struct task_struct *p) |
@@ -3368,27 +3480,14 @@ static int selinux_task_wait(struct task_struct *p) | |||
3368 | return task_has_perm(p, current, PROCESS__SIGCHLD); | 3480 | return task_has_perm(p, current, PROCESS__SIGCHLD); |
3369 | } | 3481 | } |
3370 | 3482 | ||
3371 | static void selinux_task_reparent_to_init(struct task_struct *p) | ||
3372 | { | ||
3373 | struct task_security_struct *tsec; | ||
3374 | |||
3375 | secondary_ops->task_reparent_to_init(p); | ||
3376 | |||
3377 | tsec = p->security; | ||
3378 | tsec->osid = tsec->sid; | ||
3379 | tsec->sid = SECINITSID_KERNEL; | ||
3380 | return; | ||
3381 | } | ||
3382 | |||
3383 | static void selinux_task_to_inode(struct task_struct *p, | 3483 | static void selinux_task_to_inode(struct task_struct *p, |
3384 | struct inode *inode) | 3484 | struct inode *inode) |
3385 | { | 3485 | { |
3386 | struct task_security_struct *tsec = p->security; | ||
3387 | struct inode_security_struct *isec = inode->i_security; | 3486 | struct inode_security_struct *isec = inode->i_security; |
3487 | u32 sid = task_sid(p); | ||
3388 | 3488 | ||
3389 | isec->sid = tsec->sid; | 3489 | isec->sid = sid; |
3390 | isec->initialized = 1; | 3490 | isec->initialized = 1; |
3391 | return; | ||
3392 | } | 3491 | } |
3393 | 3492 | ||
3394 | /* Returns error only if unable to parse addresses */ | 3493 | /* Returns error only if unable to parse addresses */ |
@@ -3627,19 +3726,19 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
3627 | u32 perms) | 3726 | u32 perms) |
3628 | { | 3727 | { |
3629 | struct inode_security_struct *isec; | 3728 | struct inode_security_struct *isec; |
3630 | struct task_security_struct *tsec; | ||
3631 | struct avc_audit_data ad; | 3729 | struct avc_audit_data ad; |
3730 | u32 sid; | ||
3632 | int err = 0; | 3731 | int err = 0; |
3633 | 3732 | ||
3634 | tsec = task->security; | ||
3635 | isec = SOCK_INODE(sock)->i_security; | 3733 | isec = SOCK_INODE(sock)->i_security; |
3636 | 3734 | ||
3637 | if (isec->sid == SECINITSID_KERNEL) | 3735 | if (isec->sid == SECINITSID_KERNEL) |
3638 | goto out; | 3736 | goto out; |
3737 | sid = task_sid(task); | ||
3639 | 3738 | ||
3640 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3739 | AVC_AUDIT_DATA_INIT(&ad, NET); |
3641 | ad.u.net.sk = sock->sk; | 3740 | ad.u.net.sk = sock->sk; |
3642 | err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 3741 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
3643 | 3742 | ||
3644 | out: | 3743 | out: |
3645 | return err; | 3744 | return err; |
@@ -3648,18 +3747,20 @@ out: | |||
3648 | static int selinux_socket_create(int family, int type, | 3747 | static int selinux_socket_create(int family, int type, |
3649 | int protocol, int kern) | 3748 | int protocol, int kern) |
3650 | { | 3749 | { |
3750 | const struct cred *cred = current_cred(); | ||
3751 | const struct task_security_struct *tsec = cred->security; | ||
3752 | u32 sid, newsid; | ||
3753 | u16 secclass; | ||
3651 | int err = 0; | 3754 | int err = 0; |
3652 | struct task_security_struct *tsec; | ||
3653 | u32 newsid; | ||
3654 | 3755 | ||
3655 | if (kern) | 3756 | if (kern) |
3656 | goto out; | 3757 | goto out; |
3657 | 3758 | ||
3658 | tsec = current->security; | 3759 | sid = tsec->sid; |
3659 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3760 | newsid = tsec->sockcreate_sid ?: sid; |
3660 | err = avc_has_perm(tsec->sid, newsid, | 3761 | |
3661 | socket_type_to_security_class(family, type, | 3762 | secclass = socket_type_to_security_class(family, type, protocol); |
3662 | protocol), SOCKET__CREATE, NULL); | 3763 | err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL); |
3663 | 3764 | ||
3664 | out: | 3765 | out: |
3665 | return err; | 3766 | return err; |
@@ -3668,18 +3769,26 @@ out: | |||
3668 | static int selinux_socket_post_create(struct socket *sock, int family, | 3769 | static int selinux_socket_post_create(struct socket *sock, int family, |
3669 | int type, int protocol, int kern) | 3770 | int type, int protocol, int kern) |
3670 | { | 3771 | { |
3671 | int err = 0; | 3772 | const struct cred *cred = current_cred(); |
3773 | const struct task_security_struct *tsec = cred->security; | ||
3672 | struct inode_security_struct *isec; | 3774 | struct inode_security_struct *isec; |
3673 | struct task_security_struct *tsec; | ||
3674 | struct sk_security_struct *sksec; | 3775 | struct sk_security_struct *sksec; |
3675 | u32 newsid; | 3776 | u32 sid, newsid; |
3777 | int err = 0; | ||
3778 | |||
3779 | sid = tsec->sid; | ||
3780 | newsid = tsec->sockcreate_sid; | ||
3676 | 3781 | ||
3677 | isec = SOCK_INODE(sock)->i_security; | 3782 | isec = SOCK_INODE(sock)->i_security; |
3678 | 3783 | ||
3679 | tsec = current->security; | 3784 | if (kern) |
3680 | newsid = tsec->sockcreate_sid ? : tsec->sid; | 3785 | isec->sid = SECINITSID_KERNEL; |
3786 | else if (newsid) | ||
3787 | isec->sid = newsid; | ||
3788 | else | ||
3789 | isec->sid = sid; | ||
3790 | |||
3681 | isec->sclass = socket_type_to_security_class(family, type, protocol); | 3791 | isec->sclass = socket_type_to_security_class(family, type, protocol); |
3682 | isec->sid = kern ? SECINITSID_KERNEL : newsid; | ||
3683 | isec->initialized = 1; | 3792 | isec->initialized = 1; |
3684 | 3793 | ||
3685 | if (sock->sk) { | 3794 | if (sock->sk) { |
@@ -3714,7 +3823,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3714 | if (family == PF_INET || family == PF_INET6) { | 3823 | if (family == PF_INET || family == PF_INET6) { |
3715 | char *addrp; | 3824 | char *addrp; |
3716 | struct inode_security_struct *isec; | 3825 | struct inode_security_struct *isec; |
3717 | struct task_security_struct *tsec; | ||
3718 | struct avc_audit_data ad; | 3826 | struct avc_audit_data ad; |
3719 | struct sockaddr_in *addr4 = NULL; | 3827 | struct sockaddr_in *addr4 = NULL; |
3720 | struct sockaddr_in6 *addr6 = NULL; | 3828 | struct sockaddr_in6 *addr6 = NULL; |
@@ -3722,7 +3830,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3722 | struct sock *sk = sock->sk; | 3830 | struct sock *sk = sock->sk; |
3723 | u32 sid, node_perm; | 3831 | u32 sid, node_perm; |
3724 | 3832 | ||
3725 | tsec = current->security; | ||
3726 | isec = SOCK_INODE(sock)->i_security; | 3833 | isec = SOCK_INODE(sock)->i_security; |
3727 | 3834 | ||
3728 | if (family == PF_INET) { | 3835 | if (family == PF_INET) { |
@@ -4387,7 +4494,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
4387 | "SELinux: unrecognized netlink message" | 4494 | "SELinux: unrecognized netlink message" |
4388 | " type=%hu for sclass=%hu\n", | 4495 | " type=%hu for sclass=%hu\n", |
4389 | nlh->nlmsg_type, isec->sclass); | 4496 | nlh->nlmsg_type, isec->sclass); |
4390 | if (!selinux_enforcing) | 4497 | if (!selinux_enforcing || security_get_allow_unknown()) |
4391 | err = 0; | 4498 | err = 0; |
4392 | } | 4499 | } |
4393 | 4500 | ||
@@ -4763,15 +4870,16 @@ static int ipc_alloc_security(struct task_struct *task, | |||
4763 | struct kern_ipc_perm *perm, | 4870 | struct kern_ipc_perm *perm, |
4764 | u16 sclass) | 4871 | u16 sclass) |
4765 | { | 4872 | { |
4766 | struct task_security_struct *tsec = task->security; | ||
4767 | struct ipc_security_struct *isec; | 4873 | struct ipc_security_struct *isec; |
4874 | u32 sid; | ||
4768 | 4875 | ||
4769 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | 4876 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); |
4770 | if (!isec) | 4877 | if (!isec) |
4771 | return -ENOMEM; | 4878 | return -ENOMEM; |
4772 | 4879 | ||
4880 | sid = task_sid(task); | ||
4773 | isec->sclass = sclass; | 4881 | isec->sclass = sclass; |
4774 | isec->sid = tsec->sid; | 4882 | isec->sid = sid; |
4775 | perm->security = isec; | 4883 | perm->security = isec; |
4776 | 4884 | ||
4777 | return 0; | 4885 | return 0; |
@@ -4809,17 +4917,16 @@ static void msg_msg_free_security(struct msg_msg *msg) | |||
4809 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 4917 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
4810 | u32 perms) | 4918 | u32 perms) |
4811 | { | 4919 | { |
4812 | struct task_security_struct *tsec; | ||
4813 | struct ipc_security_struct *isec; | 4920 | struct ipc_security_struct *isec; |
4814 | struct avc_audit_data ad; | 4921 | struct avc_audit_data ad; |
4922 | u32 sid = current_sid(); | ||
4815 | 4923 | ||
4816 | tsec = current->security; | ||
4817 | isec = ipc_perms->security; | 4924 | isec = ipc_perms->security; |
4818 | 4925 | ||
4819 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4926 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4820 | ad.u.ipc_id = ipc_perms->key; | 4927 | ad.u.ipc_id = ipc_perms->key; |
4821 | 4928 | ||
4822 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); | 4929 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
4823 | } | 4930 | } |
4824 | 4931 | ||
4825 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | 4932 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) |
@@ -4835,22 +4942,21 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
4835 | /* message queue security operations */ | 4942 | /* message queue security operations */ |
4836 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4943 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
4837 | { | 4944 | { |
4838 | struct task_security_struct *tsec; | ||
4839 | struct ipc_security_struct *isec; | 4945 | struct ipc_security_struct *isec; |
4840 | struct avc_audit_data ad; | 4946 | struct avc_audit_data ad; |
4947 | u32 sid = current_sid(); | ||
4841 | int rc; | 4948 | int rc; |
4842 | 4949 | ||
4843 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); | 4950 | rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); |
4844 | if (rc) | 4951 | if (rc) |
4845 | return rc; | 4952 | return rc; |
4846 | 4953 | ||
4847 | tsec = current->security; | ||
4848 | isec = msq->q_perm.security; | 4954 | isec = msq->q_perm.security; |
4849 | 4955 | ||
4850 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4956 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4851 | ad.u.ipc_id = msq->q_perm.key; | 4957 | ad.u.ipc_id = msq->q_perm.key; |
4852 | 4958 | ||
4853 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4959 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4854 | MSGQ__CREATE, &ad); | 4960 | MSGQ__CREATE, &ad); |
4855 | if (rc) { | 4961 | if (rc) { |
4856 | ipc_free_security(&msq->q_perm); | 4962 | ipc_free_security(&msq->q_perm); |
@@ -4866,17 +4972,16 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq) | |||
4866 | 4972 | ||
4867 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4973 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
4868 | { | 4974 | { |
4869 | struct task_security_struct *tsec; | ||
4870 | struct ipc_security_struct *isec; | 4975 | struct ipc_security_struct *isec; |
4871 | struct avc_audit_data ad; | 4976 | struct avc_audit_data ad; |
4977 | u32 sid = current_sid(); | ||
4872 | 4978 | ||
4873 | tsec = current->security; | ||
4874 | isec = msq->q_perm.security; | 4979 | isec = msq->q_perm.security; |
4875 | 4980 | ||
4876 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4981 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4877 | ad.u.ipc_id = msq->q_perm.key; | 4982 | ad.u.ipc_id = msq->q_perm.key; |
4878 | 4983 | ||
4879 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 4984 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4880 | MSGQ__ASSOCIATE, &ad); | 4985 | MSGQ__ASSOCIATE, &ad); |
4881 | } | 4986 | } |
4882 | 4987 | ||
@@ -4910,13 +5015,12 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
4910 | 5015 | ||
4911 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) | 5016 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) |
4912 | { | 5017 | { |
4913 | struct task_security_struct *tsec; | ||
4914 | struct ipc_security_struct *isec; | 5018 | struct ipc_security_struct *isec; |
4915 | struct msg_security_struct *msec; | 5019 | struct msg_security_struct *msec; |
4916 | struct avc_audit_data ad; | 5020 | struct avc_audit_data ad; |
5021 | u32 sid = current_sid(); | ||
4917 | int rc; | 5022 | int rc; |
4918 | 5023 | ||
4919 | tsec = current->security; | ||
4920 | isec = msq->q_perm.security; | 5024 | isec = msq->q_perm.security; |
4921 | msec = msg->security; | 5025 | msec = msg->security; |
4922 | 5026 | ||
@@ -4928,9 +5032,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4928 | * Compute new sid based on current process and | 5032 | * Compute new sid based on current process and |
4929 | * message queue this message will be stored in | 5033 | * message queue this message will be stored in |
4930 | */ | 5034 | */ |
4931 | rc = security_transition_sid(tsec->sid, | 5035 | rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, |
4932 | isec->sid, | ||
4933 | SECCLASS_MSG, | ||
4934 | &msec->sid); | 5036 | &msec->sid); |
4935 | if (rc) | 5037 | if (rc) |
4936 | return rc; | 5038 | return rc; |
@@ -4940,16 +5042,16 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4940 | ad.u.ipc_id = msq->q_perm.key; | 5042 | ad.u.ipc_id = msq->q_perm.key; |
4941 | 5043 | ||
4942 | /* Can this process write to the queue? */ | 5044 | /* Can this process write to the queue? */ |
4943 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, | 5045 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
4944 | MSGQ__WRITE, &ad); | 5046 | MSGQ__WRITE, &ad); |
4945 | if (!rc) | 5047 | if (!rc) |
4946 | /* Can this process send the message */ | 5048 | /* Can this process send the message */ |
4947 | rc = avc_has_perm(tsec->sid, msec->sid, | 5049 | rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, |
4948 | SECCLASS_MSG, MSG__SEND, &ad); | 5050 | MSG__SEND, &ad); |
4949 | if (!rc) | 5051 | if (!rc) |
4950 | /* Can the message be put in the queue? */ | 5052 | /* Can the message be put in the queue? */ |
4951 | rc = avc_has_perm(msec->sid, isec->sid, | 5053 | rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, |
4952 | SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); | 5054 | MSGQ__ENQUEUE, &ad); |
4953 | 5055 | ||
4954 | return rc; | 5056 | return rc; |
4955 | } | 5057 | } |
@@ -4958,23 +5060,22 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4958 | struct task_struct *target, | 5060 | struct task_struct *target, |
4959 | long type, int mode) | 5061 | long type, int mode) |
4960 | { | 5062 | { |
4961 | struct task_security_struct *tsec; | ||
4962 | struct ipc_security_struct *isec; | 5063 | struct ipc_security_struct *isec; |
4963 | struct msg_security_struct *msec; | 5064 | struct msg_security_struct *msec; |
4964 | struct avc_audit_data ad; | 5065 | struct avc_audit_data ad; |
5066 | u32 sid = task_sid(target); | ||
4965 | int rc; | 5067 | int rc; |
4966 | 5068 | ||
4967 | tsec = target->security; | ||
4968 | isec = msq->q_perm.security; | 5069 | isec = msq->q_perm.security; |
4969 | msec = msg->security; | 5070 | msec = msg->security; |
4970 | 5071 | ||
4971 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5072 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4972 | ad.u.ipc_id = msq->q_perm.key; | 5073 | ad.u.ipc_id = msq->q_perm.key; |
4973 | 5074 | ||
4974 | rc = avc_has_perm(tsec->sid, isec->sid, | 5075 | rc = avc_has_perm(sid, isec->sid, |
4975 | SECCLASS_MSGQ, MSGQ__READ, &ad); | 5076 | SECCLASS_MSGQ, MSGQ__READ, &ad); |
4976 | if (!rc) | 5077 | if (!rc) |
4977 | rc = avc_has_perm(tsec->sid, msec->sid, | 5078 | rc = avc_has_perm(sid, msec->sid, |
4978 | SECCLASS_MSG, MSG__RECEIVE, &ad); | 5079 | SECCLASS_MSG, MSG__RECEIVE, &ad); |
4979 | return rc; | 5080 | return rc; |
4980 | } | 5081 | } |
@@ -4982,22 +5083,21 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4982 | /* Shared Memory security operations */ | 5083 | /* Shared Memory security operations */ |
4983 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 5084 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
4984 | { | 5085 | { |
4985 | struct task_security_struct *tsec; | ||
4986 | struct ipc_security_struct *isec; | 5086 | struct ipc_security_struct *isec; |
4987 | struct avc_audit_data ad; | 5087 | struct avc_audit_data ad; |
5088 | u32 sid = current_sid(); | ||
4988 | int rc; | 5089 | int rc; |
4989 | 5090 | ||
4990 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); | 5091 | rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); |
4991 | if (rc) | 5092 | if (rc) |
4992 | return rc; | 5093 | return rc; |
4993 | 5094 | ||
4994 | tsec = current->security; | ||
4995 | isec = shp->shm_perm.security; | 5095 | isec = shp->shm_perm.security; |
4996 | 5096 | ||
4997 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5097 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
4998 | ad.u.ipc_id = shp->shm_perm.key; | 5098 | ad.u.ipc_id = shp->shm_perm.key; |
4999 | 5099 | ||
5000 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5100 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5001 | SHM__CREATE, &ad); | 5101 | SHM__CREATE, &ad); |
5002 | if (rc) { | 5102 | if (rc) { |
5003 | ipc_free_security(&shp->shm_perm); | 5103 | ipc_free_security(&shp->shm_perm); |
@@ -5013,17 +5113,16 @@ static void selinux_shm_free_security(struct shmid_kernel *shp) | |||
5013 | 5113 | ||
5014 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 5114 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
5015 | { | 5115 | { |
5016 | struct task_security_struct *tsec; | ||
5017 | struct ipc_security_struct *isec; | 5116 | struct ipc_security_struct *isec; |
5018 | struct avc_audit_data ad; | 5117 | struct avc_audit_data ad; |
5118 | u32 sid = current_sid(); | ||
5019 | 5119 | ||
5020 | tsec = current->security; | ||
5021 | isec = shp->shm_perm.security; | 5120 | isec = shp->shm_perm.security; |
5022 | 5121 | ||
5023 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5122 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5024 | ad.u.ipc_id = shp->shm_perm.key; | 5123 | ad.u.ipc_id = shp->shm_perm.key; |
5025 | 5124 | ||
5026 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, | 5125 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
5027 | SHM__ASSOCIATE, &ad); | 5126 | SHM__ASSOCIATE, &ad); |
5028 | } | 5127 | } |
5029 | 5128 | ||
@@ -5081,22 +5180,21 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
5081 | /* Semaphore security operations */ | 5180 | /* Semaphore security operations */ |
5082 | static int selinux_sem_alloc_security(struct sem_array *sma) | 5181 | static int selinux_sem_alloc_security(struct sem_array *sma) |
5083 | { | 5182 | { |
5084 | struct task_security_struct *tsec; | ||
5085 | struct ipc_security_struct *isec; | 5183 | struct ipc_security_struct *isec; |
5086 | struct avc_audit_data ad; | 5184 | struct avc_audit_data ad; |
5185 | u32 sid = current_sid(); | ||
5087 | int rc; | 5186 | int rc; |
5088 | 5187 | ||
5089 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); | 5188 | rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); |
5090 | if (rc) | 5189 | if (rc) |
5091 | return rc; | 5190 | return rc; |
5092 | 5191 | ||
5093 | tsec = current->security; | ||
5094 | isec = sma->sem_perm.security; | 5192 | isec = sma->sem_perm.security; |
5095 | 5193 | ||
5096 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5194 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5097 | ad.u.ipc_id = sma->sem_perm.key; | 5195 | ad.u.ipc_id = sma->sem_perm.key; |
5098 | 5196 | ||
5099 | rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5197 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5100 | SEM__CREATE, &ad); | 5198 | SEM__CREATE, &ad); |
5101 | if (rc) { | 5199 | if (rc) { |
5102 | ipc_free_security(&sma->sem_perm); | 5200 | ipc_free_security(&sma->sem_perm); |
@@ -5112,17 +5210,16 @@ static void selinux_sem_free_security(struct sem_array *sma) | |||
5112 | 5210 | ||
5113 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 5211 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
5114 | { | 5212 | { |
5115 | struct task_security_struct *tsec; | ||
5116 | struct ipc_security_struct *isec; | 5213 | struct ipc_security_struct *isec; |
5117 | struct avc_audit_data ad; | 5214 | struct avc_audit_data ad; |
5215 | u32 sid = current_sid(); | ||
5118 | 5216 | ||
5119 | tsec = current->security; | ||
5120 | isec = sma->sem_perm.security; | 5217 | isec = sma->sem_perm.security; |
5121 | 5218 | ||
5122 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 5219 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
5123 | ad.u.ipc_id = sma->sem_perm.key; | 5220 | ad.u.ipc_id = sma->sem_perm.key; |
5124 | 5221 | ||
5125 | return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, | 5222 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
5126 | SEM__ASSOCIATE, &ad); | 5223 | SEM__ASSOCIATE, &ad); |
5127 | } | 5224 | } |
5128 | 5225 | ||
@@ -5212,33 +5309,35 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) | |||
5212 | static int selinux_getprocattr(struct task_struct *p, | 5309 | static int selinux_getprocattr(struct task_struct *p, |
5213 | char *name, char **value) | 5310 | char *name, char **value) |
5214 | { | 5311 | { |
5215 | struct task_security_struct *tsec; | 5312 | const struct task_security_struct *__tsec; |
5216 | u32 sid; | 5313 | u32 sid; |
5217 | int error; | 5314 | int error; |
5218 | unsigned len; | 5315 | unsigned len; |
5219 | 5316 | ||
5220 | if (current != p) { | 5317 | if (current != p) { |
5221 | error = task_has_perm(current, p, PROCESS__GETATTR); | 5318 | error = current_has_perm(p, PROCESS__GETATTR); |
5222 | if (error) | 5319 | if (error) |
5223 | return error; | 5320 | return error; |
5224 | } | 5321 | } |
5225 | 5322 | ||
5226 | tsec = p->security; | 5323 | rcu_read_lock(); |
5324 | __tsec = __task_cred(p)->security; | ||
5227 | 5325 | ||
5228 | if (!strcmp(name, "current")) | 5326 | if (!strcmp(name, "current")) |
5229 | sid = tsec->sid; | 5327 | sid = __tsec->sid; |
5230 | else if (!strcmp(name, "prev")) | 5328 | else if (!strcmp(name, "prev")) |
5231 | sid = tsec->osid; | 5329 | sid = __tsec->osid; |
5232 | else if (!strcmp(name, "exec")) | 5330 | else if (!strcmp(name, "exec")) |
5233 | sid = tsec->exec_sid; | 5331 | sid = __tsec->exec_sid; |
5234 | else if (!strcmp(name, "fscreate")) | 5332 | else if (!strcmp(name, "fscreate")) |
5235 | sid = tsec->create_sid; | 5333 | sid = __tsec->create_sid; |
5236 | else if (!strcmp(name, "keycreate")) | 5334 | else if (!strcmp(name, "keycreate")) |
5237 | sid = tsec->keycreate_sid; | 5335 | sid = __tsec->keycreate_sid; |
5238 | else if (!strcmp(name, "sockcreate")) | 5336 | else if (!strcmp(name, "sockcreate")) |
5239 | sid = tsec->sockcreate_sid; | 5337 | sid = __tsec->sockcreate_sid; |
5240 | else | 5338 | else |
5241 | return -EINVAL; | 5339 | goto invalid; |
5340 | rcu_read_unlock(); | ||
5242 | 5341 | ||
5243 | if (!sid) | 5342 | if (!sid) |
5244 | return 0; | 5343 | return 0; |
@@ -5247,6 +5346,10 @@ static int selinux_getprocattr(struct task_struct *p, | |||
5247 | if (error) | 5346 | if (error) |
5248 | return error; | 5347 | return error; |
5249 | return len; | 5348 | return len; |
5349 | |||
5350 | invalid: | ||
5351 | rcu_read_unlock(); | ||
5352 | return -EINVAL; | ||
5250 | } | 5353 | } |
5251 | 5354 | ||
5252 | static int selinux_setprocattr(struct task_struct *p, | 5355 | static int selinux_setprocattr(struct task_struct *p, |
@@ -5254,7 +5357,8 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5254 | { | 5357 | { |
5255 | struct task_security_struct *tsec; | 5358 | struct task_security_struct *tsec; |
5256 | struct task_struct *tracer; | 5359 | struct task_struct *tracer; |
5257 | u32 sid = 0; | 5360 | struct cred *new; |
5361 | u32 sid = 0, ptsid; | ||
5258 | int error; | 5362 | int error; |
5259 | char *str = value; | 5363 | char *str = value; |
5260 | 5364 | ||
@@ -5270,15 +5374,15 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5270 | * above restriction is ever removed. | 5374 | * above restriction is ever removed. |
5271 | */ | 5375 | */ |
5272 | if (!strcmp(name, "exec")) | 5376 | if (!strcmp(name, "exec")) |
5273 | error = task_has_perm(current, p, PROCESS__SETEXEC); | 5377 | error = current_has_perm(p, PROCESS__SETEXEC); |
5274 | else if (!strcmp(name, "fscreate")) | 5378 | else if (!strcmp(name, "fscreate")) |
5275 | error = task_has_perm(current, p, PROCESS__SETFSCREATE); | 5379 | error = current_has_perm(p, PROCESS__SETFSCREATE); |
5276 | else if (!strcmp(name, "keycreate")) | 5380 | else if (!strcmp(name, "keycreate")) |
5277 | error = task_has_perm(current, p, PROCESS__SETKEYCREATE); | 5381 | error = current_has_perm(p, PROCESS__SETKEYCREATE); |
5278 | else if (!strcmp(name, "sockcreate")) | 5382 | else if (!strcmp(name, "sockcreate")) |
5279 | error = task_has_perm(current, p, PROCESS__SETSOCKCREATE); | 5383 | error = current_has_perm(p, PROCESS__SETSOCKCREATE); |
5280 | else if (!strcmp(name, "current")) | 5384 | else if (!strcmp(name, "current")) |
5281 | error = task_has_perm(current, p, PROCESS__SETCURRENT); | 5385 | error = current_has_perm(p, PROCESS__SETCURRENT); |
5282 | else | 5386 | else |
5283 | error = -EINVAL; | 5387 | error = -EINVAL; |
5284 | if (error) | 5388 | if (error) |
@@ -5301,87 +5405,75 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5301 | return error; | 5405 | return error; |
5302 | } | 5406 | } |
5303 | 5407 | ||
5408 | new = prepare_creds(); | ||
5409 | if (!new) | ||
5410 | return -ENOMEM; | ||
5411 | |||
5304 | /* Permission checking based on the specified context is | 5412 | /* Permission checking based on the specified context is |
5305 | performed during the actual operation (execve, | 5413 | performed during the actual operation (execve, |
5306 | open/mkdir/...), when we know the full context of the | 5414 | open/mkdir/...), when we know the full context of the |
5307 | operation. See selinux_bprm_set_security for the execve | 5415 | operation. See selinux_bprm_set_creds for the execve |
5308 | checks and may_create for the file creation checks. The | 5416 | checks and may_create for the file creation checks. The |
5309 | operation will then fail if the context is not permitted. */ | 5417 | operation will then fail if the context is not permitted. */ |
5310 | tsec = p->security; | 5418 | tsec = new->security; |
5311 | if (!strcmp(name, "exec")) | 5419 | if (!strcmp(name, "exec")) { |
5312 | tsec->exec_sid = sid; | 5420 | tsec->exec_sid = sid; |
5313 | else if (!strcmp(name, "fscreate")) | 5421 | } else if (!strcmp(name, "fscreate")) { |
5314 | tsec->create_sid = sid; | 5422 | tsec->create_sid = sid; |
5315 | else if (!strcmp(name, "keycreate")) { | 5423 | } else if (!strcmp(name, "keycreate")) { |
5316 | error = may_create_key(sid, p); | 5424 | error = may_create_key(sid, p); |
5317 | if (error) | 5425 | if (error) |
5318 | return error; | 5426 | goto abort_change; |
5319 | tsec->keycreate_sid = sid; | 5427 | tsec->keycreate_sid = sid; |
5320 | } else if (!strcmp(name, "sockcreate")) | 5428 | } else if (!strcmp(name, "sockcreate")) { |
5321 | tsec->sockcreate_sid = sid; | 5429 | tsec->sockcreate_sid = sid; |
5322 | else if (!strcmp(name, "current")) { | 5430 | } else if (!strcmp(name, "current")) { |
5323 | struct av_decision avd; | 5431 | error = -EINVAL; |
5324 | |||
5325 | if (sid == 0) | 5432 | if (sid == 0) |
5326 | return -EINVAL; | 5433 | goto abort_change; |
5327 | /* | 5434 | |
5328 | * SELinux allows to change context in the following case only. | 5435 | /* Only allow single threaded processes to change context */ |
5329 | * - Single threaded processes. | 5436 | error = -EPERM; |
5330 | * - Multi threaded processes intend to change its context into | 5437 | if (!is_single_threaded(p)) { |
5331 | * more restricted domain (defined by TYPEBOUNDS statement). | 5438 | error = security_bounded_transition(tsec->sid, sid); |
5332 | */ | 5439 | if (error) |
5333 | if (atomic_read(&p->mm->mm_users) != 1) { | 5440 | goto abort_change; |
5334 | struct task_struct *g, *t; | ||
5335 | struct mm_struct *mm = p->mm; | ||
5336 | read_lock(&tasklist_lock); | ||
5337 | do_each_thread(g, t) { | ||
5338 | if (t->mm == mm && t != p) { | ||
5339 | read_unlock(&tasklist_lock); | ||
5340 | error = security_bounded_transition(tsec->sid, sid); | ||
5341 | if (!error) | ||
5342 | goto boundary_ok; | ||
5343 | |||
5344 | return error; | ||
5345 | } | ||
5346 | } while_each_thread(g, t); | ||
5347 | read_unlock(&tasklist_lock); | ||
5348 | } | 5441 | } |
5349 | boundary_ok: | ||
5350 | 5442 | ||
5351 | /* Check permissions for the transition. */ | 5443 | /* Check permissions for the transition. */ |
5352 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, | 5444 | error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, |
5353 | PROCESS__DYNTRANSITION, NULL); | 5445 | PROCESS__DYNTRANSITION, NULL); |
5354 | if (error) | 5446 | if (error) |
5355 | return error; | 5447 | goto abort_change; |
5356 | 5448 | ||
5357 | /* Check for ptracing, and update the task SID if ok. | 5449 | /* Check for ptracing, and update the task SID if ok. |
5358 | Otherwise, leave SID unchanged and fail. */ | 5450 | Otherwise, leave SID unchanged and fail. */ |
5451 | ptsid = 0; | ||
5359 | task_lock(p); | 5452 | task_lock(p); |
5360 | rcu_read_lock(); | ||
5361 | tracer = tracehook_tracer_task(p); | 5453 | tracer = tracehook_tracer_task(p); |
5362 | if (tracer != NULL) { | 5454 | if (tracer) |
5363 | struct task_security_struct *ptsec = tracer->security; | 5455 | ptsid = task_sid(tracer); |
5364 | u32 ptsid = ptsec->sid; | 5456 | task_unlock(p); |
5365 | rcu_read_unlock(); | 5457 | |
5366 | error = avc_has_perm_noaudit(ptsid, sid, | 5458 | if (tracer) { |
5367 | SECCLASS_PROCESS, | 5459 | error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, |
5368 | PROCESS__PTRACE, 0, &avd); | 5460 | PROCESS__PTRACE, NULL); |
5369 | if (!error) | ||
5370 | tsec->sid = sid; | ||
5371 | task_unlock(p); | ||
5372 | avc_audit(ptsid, sid, SECCLASS_PROCESS, | ||
5373 | PROCESS__PTRACE, &avd, error, NULL); | ||
5374 | if (error) | 5461 | if (error) |
5375 | return error; | 5462 | goto abort_change; |
5376 | } else { | ||
5377 | rcu_read_unlock(); | ||
5378 | tsec->sid = sid; | ||
5379 | task_unlock(p); | ||
5380 | } | 5463 | } |
5381 | } else | ||
5382 | return -EINVAL; | ||
5383 | 5464 | ||
5465 | tsec->sid = sid; | ||
5466 | } else { | ||
5467 | error = -EINVAL; | ||
5468 | goto abort_change; | ||
5469 | } | ||
5470 | |||
5471 | commit_creds(new); | ||
5384 | return size; | 5472 | return size; |
5473 | |||
5474 | abort_change: | ||
5475 | abort_creds(new); | ||
5476 | return error; | ||
5385 | } | 5477 | } |
5386 | 5478 | ||
5387 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 5479 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
@@ -5401,22 +5493,23 @@ static void selinux_release_secctx(char *secdata, u32 seclen) | |||
5401 | 5493 | ||
5402 | #ifdef CONFIG_KEYS | 5494 | #ifdef CONFIG_KEYS |
5403 | 5495 | ||
5404 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, | 5496 | static int selinux_key_alloc(struct key *k, const struct cred *cred, |
5405 | unsigned long flags) | 5497 | unsigned long flags) |
5406 | { | 5498 | { |
5407 | struct task_security_struct *tsec = tsk->security; | 5499 | const struct task_security_struct *tsec; |
5408 | struct key_security_struct *ksec; | 5500 | struct key_security_struct *ksec; |
5409 | 5501 | ||
5410 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); | 5502 | ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); |
5411 | if (!ksec) | 5503 | if (!ksec) |
5412 | return -ENOMEM; | 5504 | return -ENOMEM; |
5413 | 5505 | ||
5506 | tsec = cred->security; | ||
5414 | if (tsec->keycreate_sid) | 5507 | if (tsec->keycreate_sid) |
5415 | ksec->sid = tsec->keycreate_sid; | 5508 | ksec->sid = tsec->keycreate_sid; |
5416 | else | 5509 | else |
5417 | ksec->sid = tsec->sid; | 5510 | ksec->sid = tsec->sid; |
5418 | k->security = ksec; | ||
5419 | 5511 | ||
5512 | k->security = ksec; | ||
5420 | return 0; | 5513 | return 0; |
5421 | } | 5514 | } |
5422 | 5515 | ||
@@ -5429,17 +5522,12 @@ static void selinux_key_free(struct key *k) | |||
5429 | } | 5522 | } |
5430 | 5523 | ||
5431 | static int selinux_key_permission(key_ref_t key_ref, | 5524 | static int selinux_key_permission(key_ref_t key_ref, |
5432 | struct task_struct *ctx, | 5525 | const struct cred *cred, |
5433 | key_perm_t perm) | 5526 | key_perm_t perm) |
5434 | { | 5527 | { |
5435 | struct key *key; | 5528 | struct key *key; |
5436 | struct task_security_struct *tsec; | ||
5437 | struct key_security_struct *ksec; | 5529 | struct key_security_struct *ksec; |
5438 | 5530 | u32 sid; | |
5439 | key = key_ref_to_ptr(key_ref); | ||
5440 | |||
5441 | tsec = ctx->security; | ||
5442 | ksec = key->security; | ||
5443 | 5531 | ||
5444 | /* if no specific permissions are requested, we skip the | 5532 | /* if no specific permissions are requested, we skip the |
5445 | permission check. No serious, additional covert channels | 5533 | permission check. No serious, additional covert channels |
@@ -5447,8 +5535,12 @@ static int selinux_key_permission(key_ref_t key_ref, | |||
5447 | if (perm == 0) | 5535 | if (perm == 0) |
5448 | return 0; | 5536 | return 0; |
5449 | 5537 | ||
5450 | return avc_has_perm(tsec->sid, ksec->sid, | 5538 | sid = cred_sid(cred); |
5451 | SECCLASS_KEY, perm, NULL); | 5539 | |
5540 | key = key_ref_to_ptr(key_ref); | ||
5541 | ksec = key->security; | ||
5542 | |||
5543 | return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); | ||
5452 | } | 5544 | } |
5453 | 5545 | ||
5454 | static int selinux_key_getsecurity(struct key *key, char **_buffer) | 5546 | static int selinux_key_getsecurity(struct key *key, char **_buffer) |
@@ -5473,8 +5565,7 @@ static struct security_operations selinux_ops = { | |||
5473 | .ptrace_may_access = selinux_ptrace_may_access, | 5565 | .ptrace_may_access = selinux_ptrace_may_access, |
5474 | .ptrace_traceme = selinux_ptrace_traceme, | 5566 | .ptrace_traceme = selinux_ptrace_traceme, |
5475 | .capget = selinux_capget, | 5567 | .capget = selinux_capget, |
5476 | .capset_check = selinux_capset_check, | 5568 | .capset = selinux_capset, |
5477 | .capset_set = selinux_capset_set, | ||
5478 | .sysctl = selinux_sysctl, | 5569 | .sysctl = selinux_sysctl, |
5479 | .capable = selinux_capable, | 5570 | .capable = selinux_capable, |
5480 | .quotactl = selinux_quotactl, | 5571 | .quotactl = selinux_quotactl, |
@@ -5485,12 +5576,10 @@ static struct security_operations selinux_ops = { | |||
5485 | .netlink_send = selinux_netlink_send, | 5576 | .netlink_send = selinux_netlink_send, |
5486 | .netlink_recv = selinux_netlink_recv, | 5577 | .netlink_recv = selinux_netlink_recv, |
5487 | 5578 | ||
5488 | .bprm_alloc_security = selinux_bprm_alloc_security, | 5579 | .bprm_set_creds = selinux_bprm_set_creds, |
5489 | .bprm_free_security = selinux_bprm_free_security, | ||
5490 | .bprm_apply_creds = selinux_bprm_apply_creds, | ||
5491 | .bprm_post_apply_creds = selinux_bprm_post_apply_creds, | ||
5492 | .bprm_set_security = selinux_bprm_set_security, | ||
5493 | .bprm_check_security = selinux_bprm_check_security, | 5580 | .bprm_check_security = selinux_bprm_check_security, |
5581 | .bprm_committing_creds = selinux_bprm_committing_creds, | ||
5582 | .bprm_committed_creds = selinux_bprm_committed_creds, | ||
5494 | .bprm_secureexec = selinux_bprm_secureexec, | 5583 | .bprm_secureexec = selinux_bprm_secureexec, |
5495 | 5584 | ||
5496 | .sb_alloc_security = selinux_sb_alloc_security, | 5585 | .sb_alloc_security = selinux_sb_alloc_security, |
@@ -5549,10 +5638,13 @@ static struct security_operations selinux_ops = { | |||
5549 | .dentry_open = selinux_dentry_open, | 5638 | .dentry_open = selinux_dentry_open, |
5550 | 5639 | ||
5551 | .task_create = selinux_task_create, | 5640 | .task_create = selinux_task_create, |
5552 | .task_alloc_security = selinux_task_alloc_security, | 5641 | .cred_free = selinux_cred_free, |
5553 | .task_free_security = selinux_task_free_security, | 5642 | .cred_prepare = selinux_cred_prepare, |
5643 | .cred_commit = selinux_cred_commit, | ||
5644 | .kernel_act_as = selinux_kernel_act_as, | ||
5645 | .kernel_create_files_as = selinux_kernel_create_files_as, | ||
5554 | .task_setuid = selinux_task_setuid, | 5646 | .task_setuid = selinux_task_setuid, |
5555 | .task_post_setuid = selinux_task_post_setuid, | 5647 | .task_fix_setuid = selinux_task_fix_setuid, |
5556 | .task_setgid = selinux_task_setgid, | 5648 | .task_setgid = selinux_task_setgid, |
5557 | .task_setpgid = selinux_task_setpgid, | 5649 | .task_setpgid = selinux_task_setpgid, |
5558 | .task_getpgid = selinux_task_getpgid, | 5650 | .task_getpgid = selinux_task_getpgid, |
@@ -5569,7 +5661,6 @@ static struct security_operations selinux_ops = { | |||
5569 | .task_kill = selinux_task_kill, | 5661 | .task_kill = selinux_task_kill, |
5570 | .task_wait = selinux_task_wait, | 5662 | .task_wait = selinux_task_wait, |
5571 | .task_prctl = selinux_task_prctl, | 5663 | .task_prctl = selinux_task_prctl, |
5572 | .task_reparent_to_init = selinux_task_reparent_to_init, | ||
5573 | .task_to_inode = selinux_task_to_inode, | 5664 | .task_to_inode = selinux_task_to_inode, |
5574 | 5665 | ||
5575 | .ipc_permission = selinux_ipc_permission, | 5666 | .ipc_permission = selinux_ipc_permission, |
@@ -5665,8 +5756,6 @@ static struct security_operations selinux_ops = { | |||
5665 | 5756 | ||
5666 | static __init int selinux_init(void) | 5757 | static __init int selinux_init(void) |
5667 | { | 5758 | { |
5668 | struct task_security_struct *tsec; | ||
5669 | |||
5670 | if (!security_module_enable(&selinux_ops)) { | 5759 | if (!security_module_enable(&selinux_ops)) { |
5671 | selinux_enabled = 0; | 5760 | selinux_enabled = 0; |
5672 | return 0; | 5761 | return 0; |
@@ -5680,10 +5769,7 @@ static __init int selinux_init(void) | |||
5680 | printk(KERN_INFO "SELinux: Initializing.\n"); | 5769 | printk(KERN_INFO "SELinux: Initializing.\n"); |
5681 | 5770 | ||
5682 | /* Set the security state for the initial task. */ | 5771 | /* Set the security state for the initial task. */ |
5683 | if (task_alloc_security(current)) | 5772 | cred_init_security(); |
5684 | panic("SELinux: Failed to initialize initial task.\n"); | ||
5685 | tsec = current->security; | ||
5686 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | ||
5687 | 5773 | ||
5688 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | 5774 | sel_inode_cache = kmem_cache_create("selinux_inode_security", |
5689 | sizeof(struct inode_security_struct), | 5775 | sizeof(struct inode_security_struct), |
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 1223b4ff9bee..c0c885427b91 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -176,3 +176,5 @@ | |||
176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | 176 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") |
177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | 177 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") |
178 | S_(SECCLASS_PEER, PEER__RECV, "recv") | 178 | S_(SECCLASS_PEER, PEER__RECV, "recv") |
179 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override") | ||
180 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index c4c51165c505..0ba79fe00e11 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -841,3 +841,5 @@ | |||
841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL | 841 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL |
842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL | 842 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL |
843 | #define PEER__RECV 0x00000001UL | 843 | #define PEER__RECV 0x00000001UL |
844 | #define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL | ||
845 | #define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index bd813c366e34..21ec786611d4 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -72,3 +72,8 @@ | |||
72 | S_(NULL) | 72 | S_(NULL) |
73 | S_("peer") | 73 | S_("peer") |
74 | S_("capability2") | 74 | S_("capability2") |
75 | S_(NULL) | ||
76 | S_(NULL) | ||
77 | S_(NULL) | ||
78 | S_(NULL) | ||
79 | S_("kernel_service") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index febf8868e852..882f27d66fac 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -52,6 +52,7 @@ | |||
52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 68 |
54 | #define SECCLASS_CAPABILITY2 69 | 54 | #define SECCLASS_CAPABILITY2 69 |
55 | #define SECCLASS_KERNEL_SERVICE 74 | ||
55 | 56 | ||
56 | /* | 57 | /* |
57 | * Security identifier indices for initial entities | 58 | * Security identifier indices for initial entities |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index f8be8d7fa26d..3cc45168f674 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -77,17 +77,6 @@ struct ipc_security_struct { | |||
77 | u32 sid; /* SID of IPC resource */ | 77 | u32 sid; /* SID of IPC resource */ |
78 | }; | 78 | }; |
79 | 79 | ||
80 | struct bprm_security_struct { | ||
81 | u32 sid; /* SID for transformed process */ | ||
82 | unsigned char set; | ||
83 | |||
84 | /* | ||
85 | * unsafe is used to share failure information from bprm_apply_creds() | ||
86 | * to bprm_post_apply_creds(). | ||
87 | */ | ||
88 | char unsafe; | ||
89 | }; | ||
90 | |||
91 | struct netif_security_struct { | 80 | struct netif_security_struct { |
92 | int ifindex; /* device index */ | 81 | int ifindex; /* device index */ |
93 | u32 sid; /* SID for this interface */ | 82 | u32 sid; /* SID for this interface */ |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index ff59c0c4804b..4ed7bab89c59 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] = | |||
63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 63 | { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 64 | { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 65 | { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
66 | { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
67 | { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | ||
68 | { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | ||
66 | }; | 69 | }; |
67 | 70 | ||
68 | static struct nlmsg_perm nlmsg_firewall_perms[] = | 71 | static struct nlmsg_perm nlmsg_firewall_perms[] = |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 69c9dccc8cf0..c86303638235 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val); | |||
95 | static int task_has_security(struct task_struct *tsk, | 95 | static int task_has_security(struct task_struct *tsk, |
96 | u32 perms) | 96 | u32 perms) |
97 | { | 97 | { |
98 | struct task_security_struct *tsec; | 98 | const struct task_security_struct *tsec; |
99 | 99 | u32 sid = 0; | |
100 | tsec = tsk->security; | 100 | |
101 | rcu_read_lock(); | ||
102 | tsec = __task_cred(tsk)->security; | ||
103 | if (tsec) | ||
104 | sid = tsec->sid; | ||
105 | rcu_read_unlock(); | ||
101 | if (!tsec) | 106 | if (!tsec) |
102 | return -EACCES; | 107 | return -EACCES; |
103 | 108 | ||
104 | return avc_has_perm(tsec->sid, SECINITSID_SECURITY, | 109 | return avc_has_perm(sid, SECINITSID_SECURITY, |
105 | SECCLASS_SECURITY, perms, NULL); | 110 | SECCLASS_SECURITY, perms, NULL); |
106 | } | 111 | } |
107 | 112 | ||
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 8f17f542a116..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
198 | { | 198 | { |
199 | int rc = 0; | 199 | int rc = 0; |
200 | struct task_security_struct *tsec = current->security; | 200 | const struct task_security_struct *tsec = current_security(); |
201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
203 | u32 str_len; | 203 | u32 str_len; |
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
333 | */ | 333 | */ |
334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
335 | { | 335 | { |
336 | struct task_security_struct *tsec = current->security; | 336 | const struct task_security_struct *tsec = current_security(); |
337 | int rc = 0; | 337 | int rc = 0; |
338 | 338 | ||
339 | if (ctx) { | 339 | if (ctx) { |
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
378 | */ | 378 | */ |
379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
380 | { | 380 | { |
381 | struct task_security_struct *tsec = current->security; | 381 | const struct task_security_struct *tsec = current_security(); |
382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
383 | int rc = 0; | 383 | int rc = 0; |
384 | 384 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 79ff21ed4c3b..247cec3b5a43 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
164 | { | 164 | { |
165 | int rc; | 165 | int rc; |
166 | 166 | ||
167 | rc = smk_access(current->security, obj_label, mode); | 167 | rc = smk_access(current_security(), obj_label, mode); |
168 | if (rc == 0) | 168 | if (rc == 0) |
169 | return 0; | 169 | return 0; |
170 | 170 | ||
@@ -173,7 +173,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
173 | * only one that gets privilege and current does not | 173 | * only one that gets privilege and current does not |
174 | * have that label. | 174 | * have that label. |
175 | */ | 175 | */ |
176 | if (smack_onlycap != NULL && smack_onlycap != current->security) | 176 | if (smack_onlycap != NULL && smack_onlycap != current->cred->security) |
177 | return rc; | 177 | return rc; |
178 | 178 | ||
179 | if (capable(CAP_MAC_OVERRIDE)) | 179 | if (capable(CAP_MAC_OVERRIDE)) |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6e2dc0bab70d..1b5551dfc1f7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -30,6 +30,8 @@ | |||
30 | 30 | ||
31 | #include "smack.h" | 31 | #include "smack.h" |
32 | 32 | ||
33 | #define task_security(task) (task_cred_xxx((task), security)) | ||
34 | |||
33 | /* | 35 | /* |
34 | * I hope these are the hokeyist lines of code in the module. Casey. | 36 | * I hope these are the hokeyist lines of code in the module. Casey. |
35 | */ | 37 | */ |
@@ -102,7 +104,7 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) | |||
102 | if (rc != 0) | 104 | if (rc != 0) |
103 | return rc; | 105 | return rc; |
104 | 106 | ||
105 | rc = smk_access(current->security, ctp->security, MAY_READWRITE); | 107 | rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE); |
106 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) | 108 | if (rc != 0 && capable(CAP_MAC_OVERRIDE)) |
107 | return 0; | 109 | return 0; |
108 | return rc; | 110 | return rc; |
@@ -124,7 +126,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
124 | if (rc != 0) | 126 | if (rc != 0) |
125 | return rc; | 127 | return rc; |
126 | 128 | ||
127 | rc = smk_access(ptp->security, current->security, MAY_READWRITE); | 129 | rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE); |
128 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) | 130 | if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) |
129 | return 0; | 131 | return 0; |
130 | return rc; | 132 | return rc; |
@@ -141,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
141 | static int smack_syslog(int type) | 143 | static int smack_syslog(int type) |
142 | { | 144 | { |
143 | int rc; | 145 | int rc; |
144 | char *sp = current->security; | 146 | char *sp = current_security(); |
145 | 147 | ||
146 | rc = cap_syslog(type); | 148 | rc = cap_syslog(type); |
147 | if (rc != 0) | 149 | if (rc != 0) |
@@ -248,11 +250,12 @@ static int smack_sb_copy_data(char *orig, char *smackopts) | |||
248 | /** | 250 | /** |
249 | * smack_sb_kern_mount - Smack specific mount processing | 251 | * smack_sb_kern_mount - Smack specific mount processing |
250 | * @sb: the file system superblock | 252 | * @sb: the file system superblock |
253 | * @flags: the mount flags | ||
251 | * @data: the smack mount options | 254 | * @data: the smack mount options |
252 | * | 255 | * |
253 | * Returns 0 on success, an error code on failure | 256 | * Returns 0 on success, an error code on failure |
254 | */ | 257 | */ |
255 | static int smack_sb_kern_mount(struct super_block *sb, void *data) | 258 | static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) |
256 | { | 259 | { |
257 | struct dentry *root = sb->s_root; | 260 | struct dentry *root = sb->s_root; |
258 | struct inode *inode = root->d_inode; | 261 | struct inode *inode = root->d_inode; |
@@ -373,7 +376,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
373 | */ | 376 | */ |
374 | static int smack_inode_alloc_security(struct inode *inode) | 377 | static int smack_inode_alloc_security(struct inode *inode) |
375 | { | 378 | { |
376 | inode->i_security = new_inode_smack(current->security); | 379 | inode->i_security = new_inode_smack(current_security()); |
377 | if (inode->i_security == NULL) | 380 | if (inode->i_security == NULL) |
378 | return -ENOMEM; | 381 | return -ENOMEM; |
379 | return 0; | 382 | return 0; |
@@ -818,7 +821,7 @@ static int smack_file_permission(struct file *file, int mask) | |||
818 | */ | 821 | */ |
819 | static int smack_file_alloc_security(struct file *file) | 822 | static int smack_file_alloc_security(struct file *file) |
820 | { | 823 | { |
821 | file->f_security = current->security; | 824 | file->f_security = current_security(); |
822 | return 0; | 825 | return 0; |
823 | } | 826 | } |
824 | 827 | ||
@@ -916,7 +919,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
916 | */ | 919 | */ |
917 | static int smack_file_set_fowner(struct file *file) | 920 | static int smack_file_set_fowner(struct file *file) |
918 | { | 921 | { |
919 | file->f_security = current->security; | 922 | file->f_security = current_security(); |
920 | return 0; | 923 | return 0; |
921 | } | 924 | } |
922 | 925 | ||
@@ -941,7 +944,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
941 | * struct fown_struct is never outside the context of a struct file | 944 | * struct fown_struct is never outside the context of a struct file |
942 | */ | 945 | */ |
943 | file = container_of(fown, struct file, f_owner); | 946 | file = container_of(fown, struct file, f_owner); |
944 | rc = smk_access(file->f_security, tsk->security, MAY_WRITE); | 947 | rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE); |
945 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) | 948 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) |
946 | return 0; | 949 | return 0; |
947 | return rc; | 950 | return rc; |
@@ -973,33 +976,75 @@ static int smack_file_receive(struct file *file) | |||
973 | */ | 976 | */ |
974 | 977 | ||
975 | /** | 978 | /** |
976 | * smack_task_alloc_security - "allocate" a task blob | 979 | * smack_cred_free - "free" task-level security credentials |
977 | * @tsk: the task in need of a blob | 980 | * @cred: the credentials in question |
978 | * | 981 | * |
979 | * Smack isn't using copies of blobs. Everyone | 982 | * Smack isn't using copies of blobs. Everyone |
980 | * points to an immutable list. No alloc required. | 983 | * points to an immutable list. The blobs never go away. |
981 | * No data copy required. | 984 | * There is no leak here. |
985 | */ | ||
986 | static void smack_cred_free(struct cred *cred) | ||
987 | { | ||
988 | cred->security = NULL; | ||
989 | } | ||
990 | |||
991 | /** | ||
992 | * smack_cred_prepare - prepare new set of credentials for modification | ||
993 | * @new: the new credentials | ||
994 | * @old: the original credentials | ||
995 | * @gfp: the atomicity of any memory allocations | ||
996 | * | ||
997 | * Prepare a new set of credentials for modification. | ||
998 | */ | ||
999 | static int smack_cred_prepare(struct cred *new, const struct cred *old, | ||
1000 | gfp_t gfp) | ||
1001 | { | ||
1002 | new->security = old->security; | ||
1003 | return 0; | ||
1004 | } | ||
1005 | |||
1006 | /* | ||
1007 | * commit new credentials | ||
1008 | * @new: the new credentials | ||
1009 | * @old: the original credentials | ||
1010 | */ | ||
1011 | static void smack_cred_commit(struct cred *new, const struct cred *old) | ||
1012 | { | ||
1013 | } | ||
1014 | |||
1015 | /** | ||
1016 | * smack_kernel_act_as - Set the subjective context in a set of credentials | ||
1017 | * @new points to the set of credentials to be modified. | ||
1018 | * @secid specifies the security ID to be set | ||
982 | * | 1019 | * |
983 | * Always returns 0 | 1020 | * Set the security data for a kernel service. |
984 | */ | 1021 | */ |
985 | static int smack_task_alloc_security(struct task_struct *tsk) | 1022 | static int smack_kernel_act_as(struct cred *new, u32 secid) |
986 | { | 1023 | { |
987 | tsk->security = current->security; | 1024 | char *smack = smack_from_secid(secid); |
1025 | |||
1026 | if (smack == NULL) | ||
1027 | return -EINVAL; | ||
988 | 1028 | ||
1029 | new->security = smack; | ||
989 | return 0; | 1030 | return 0; |
990 | } | 1031 | } |
991 | 1032 | ||
992 | /** | 1033 | /** |
993 | * smack_task_free_security - "free" a task blob | 1034 | * smack_kernel_create_files_as - Set the file creation label in a set of creds |
994 | * @task: the task with the blob | 1035 | * @new points to the set of credentials to be modified |
1036 | * @inode points to the inode to use as a reference | ||
995 | * | 1037 | * |
996 | * Smack isn't using copies of blobs. Everyone | 1038 | * Set the file creation context in a set of credentials to the same |
997 | * points to an immutable list. The blobs never go away. | 1039 | * as the objective context of the specified inode |
998 | * There is no leak here. | ||
999 | */ | 1040 | */ |
1000 | static void smack_task_free_security(struct task_struct *task) | 1041 | static int smack_kernel_create_files_as(struct cred *new, |
1042 | struct inode *inode) | ||
1001 | { | 1043 | { |
1002 | task->security = NULL; | 1044 | struct inode_smack *isp = inode->i_security; |
1045 | |||
1046 | new->security = isp->smk_inode; | ||
1047 | return 0; | ||
1003 | } | 1048 | } |
1004 | 1049 | ||
1005 | /** | 1050 | /** |
@@ -1011,7 +1056,7 @@ static void smack_task_free_security(struct task_struct *task) | |||
1011 | */ | 1056 | */ |
1012 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | 1057 | static int smack_task_setpgid(struct task_struct *p, pid_t pgid) |
1013 | { | 1058 | { |
1014 | return smk_curacc(p->security, MAY_WRITE); | 1059 | return smk_curacc(task_security(p), MAY_WRITE); |
1015 | } | 1060 | } |
1016 | 1061 | ||
1017 | /** | 1062 | /** |
@@ -1022,7 +1067,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid) | |||
1022 | */ | 1067 | */ |
1023 | static int smack_task_getpgid(struct task_struct *p) | 1068 | static int smack_task_getpgid(struct task_struct *p) |
1024 | { | 1069 | { |
1025 | return smk_curacc(p->security, MAY_READ); | 1070 | return smk_curacc(task_security(p), MAY_READ); |
1026 | } | 1071 | } |
1027 | 1072 | ||
1028 | /** | 1073 | /** |
@@ -1033,7 +1078,7 @@ static int smack_task_getpgid(struct task_struct *p) | |||
1033 | */ | 1078 | */ |
1034 | static int smack_task_getsid(struct task_struct *p) | 1079 | static int smack_task_getsid(struct task_struct *p) |
1035 | { | 1080 | { |
1036 | return smk_curacc(p->security, MAY_READ); | 1081 | return smk_curacc(task_security(p), MAY_READ); |
1037 | } | 1082 | } |
1038 | 1083 | ||
1039 | /** | 1084 | /** |
@@ -1045,7 +1090,7 @@ static int smack_task_getsid(struct task_struct *p) | |||
1045 | */ | 1090 | */ |
1046 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) | 1091 | static void smack_task_getsecid(struct task_struct *p, u32 *secid) |
1047 | { | 1092 | { |
1048 | *secid = smack_to_secid(p->security); | 1093 | *secid = smack_to_secid(task_security(p)); |
1049 | } | 1094 | } |
1050 | 1095 | ||
1051 | /** | 1096 | /** |
@@ -1061,7 +1106,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) | |||
1061 | 1106 | ||
1062 | rc = cap_task_setnice(p, nice); | 1107 | rc = cap_task_setnice(p, nice); |
1063 | if (rc == 0) | 1108 | if (rc == 0) |
1064 | rc = smk_curacc(p->security, MAY_WRITE); | 1109 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1065 | return rc; | 1110 | return rc; |
1066 | } | 1111 | } |
1067 | 1112 | ||
@@ -1078,7 +1123,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1078 | 1123 | ||
1079 | rc = cap_task_setioprio(p, ioprio); | 1124 | rc = cap_task_setioprio(p, ioprio); |
1080 | if (rc == 0) | 1125 | if (rc == 0) |
1081 | rc = smk_curacc(p->security, MAY_WRITE); | 1126 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1082 | return rc; | 1127 | return rc; |
1083 | } | 1128 | } |
1084 | 1129 | ||
@@ -1090,7 +1135,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) | |||
1090 | */ | 1135 | */ |
1091 | static int smack_task_getioprio(struct task_struct *p) | 1136 | static int smack_task_getioprio(struct task_struct *p) |
1092 | { | 1137 | { |
1093 | return smk_curacc(p->security, MAY_READ); | 1138 | return smk_curacc(task_security(p), MAY_READ); |
1094 | } | 1139 | } |
1095 | 1140 | ||
1096 | /** | 1141 | /** |
@@ -1108,7 +1153,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1108 | 1153 | ||
1109 | rc = cap_task_setscheduler(p, policy, lp); | 1154 | rc = cap_task_setscheduler(p, policy, lp); |
1110 | if (rc == 0) | 1155 | if (rc == 0) |
1111 | rc = smk_curacc(p->security, MAY_WRITE); | 1156 | rc = smk_curacc(task_security(p), MAY_WRITE); |
1112 | return rc; | 1157 | return rc; |
1113 | } | 1158 | } |
1114 | 1159 | ||
@@ -1120,7 +1165,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, | |||
1120 | */ | 1165 | */ |
1121 | static int smack_task_getscheduler(struct task_struct *p) | 1166 | static int smack_task_getscheduler(struct task_struct *p) |
1122 | { | 1167 | { |
1123 | return smk_curacc(p->security, MAY_READ); | 1168 | return smk_curacc(task_security(p), MAY_READ); |
1124 | } | 1169 | } |
1125 | 1170 | ||
1126 | /** | 1171 | /** |
@@ -1131,7 +1176,7 @@ static int smack_task_getscheduler(struct task_struct *p) | |||
1131 | */ | 1176 | */ |
1132 | static int smack_task_movememory(struct task_struct *p) | 1177 | static int smack_task_movememory(struct task_struct *p) |
1133 | { | 1178 | { |
1134 | return smk_curacc(p->security, MAY_WRITE); | 1179 | return smk_curacc(task_security(p), MAY_WRITE); |
1135 | } | 1180 | } |
1136 | 1181 | ||
1137 | /** | 1182 | /** |
@@ -1154,13 +1199,13 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
1154 | * can write the receiver. | 1199 | * can write the receiver. |
1155 | */ | 1200 | */ |
1156 | if (secid == 0) | 1201 | if (secid == 0) |
1157 | return smk_curacc(p->security, MAY_WRITE); | 1202 | return smk_curacc(task_security(p), MAY_WRITE); |
1158 | /* | 1203 | /* |
1159 | * If the secid isn't 0 we're dealing with some USB IO | 1204 | * If the secid isn't 0 we're dealing with some USB IO |
1160 | * specific behavior. This is not clean. For one thing | 1205 | * specific behavior. This is not clean. For one thing |
1161 | * we can't take privilege into account. | 1206 | * we can't take privilege into account. |
1162 | */ | 1207 | */ |
1163 | return smk_access(smack_from_secid(secid), p->security, MAY_WRITE); | 1208 | return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); |
1164 | } | 1209 | } |
1165 | 1210 | ||
1166 | /** | 1211 | /** |
@@ -1173,7 +1218,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1173 | { | 1218 | { |
1174 | int rc; | 1219 | int rc; |
1175 | 1220 | ||
1176 | rc = smk_access(current->security, p->security, MAY_WRITE); | 1221 | rc = smk_access(current_security(), task_security(p), MAY_WRITE); |
1177 | if (rc == 0) | 1222 | if (rc == 0) |
1178 | return 0; | 1223 | return 0; |
1179 | 1224 | ||
@@ -1204,7 +1249,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1204 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | 1249 | static void smack_task_to_inode(struct task_struct *p, struct inode *inode) |
1205 | { | 1250 | { |
1206 | struct inode_smack *isp = inode->i_security; | 1251 | struct inode_smack *isp = inode->i_security; |
1207 | isp->smk_inode = p->security; | 1252 | isp->smk_inode = task_security(p); |
1208 | } | 1253 | } |
1209 | 1254 | ||
1210 | /* | 1255 | /* |
@@ -1223,7 +1268,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
1223 | */ | 1268 | */ |
1224 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1269 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
1225 | { | 1270 | { |
1226 | char *csp = current->security; | 1271 | char *csp = current_security(); |
1227 | struct socket_smack *ssp; | 1272 | struct socket_smack *ssp; |
1228 | 1273 | ||
1229 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1274 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
@@ -1448,7 +1493,7 @@ static int smack_flags_to_may(int flags) | |||
1448 | */ | 1493 | */ |
1449 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 1494 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
1450 | { | 1495 | { |
1451 | msg->security = current->security; | 1496 | msg->security = current_security(); |
1452 | return 0; | 1497 | return 0; |
1453 | } | 1498 | } |
1454 | 1499 | ||
@@ -1484,7 +1529,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp) | |||
1484 | { | 1529 | { |
1485 | struct kern_ipc_perm *isp = &shp->shm_perm; | 1530 | struct kern_ipc_perm *isp = &shp->shm_perm; |
1486 | 1531 | ||
1487 | isp->security = current->security; | 1532 | isp->security = current_security(); |
1488 | return 0; | 1533 | return 0; |
1489 | } | 1534 | } |
1490 | 1535 | ||
@@ -1593,7 +1638,7 @@ static int smack_sem_alloc_security(struct sem_array *sma) | |||
1593 | { | 1638 | { |
1594 | struct kern_ipc_perm *isp = &sma->sem_perm; | 1639 | struct kern_ipc_perm *isp = &sma->sem_perm; |
1595 | 1640 | ||
1596 | isp->security = current->security; | 1641 | isp->security = current_security(); |
1597 | return 0; | 1642 | return 0; |
1598 | } | 1643 | } |
1599 | 1644 | ||
@@ -1697,7 +1742,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq) | |||
1697 | { | 1742 | { |
1698 | struct kern_ipc_perm *kisp = &msq->q_perm; | 1743 | struct kern_ipc_perm *kisp = &msq->q_perm; |
1699 | 1744 | ||
1700 | kisp->security = current->security; | 1745 | kisp->security = current_security(); |
1701 | return 0; | 1746 | return 0; |
1702 | } | 1747 | } |
1703 | 1748 | ||
@@ -1852,7 +1897,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
1852 | struct super_block *sbp; | 1897 | struct super_block *sbp; |
1853 | struct superblock_smack *sbsp; | 1898 | struct superblock_smack *sbsp; |
1854 | struct inode_smack *isp; | 1899 | struct inode_smack *isp; |
1855 | char *csp = current->security; | 1900 | char *csp = current_security(); |
1856 | char *fetched; | 1901 | char *fetched; |
1857 | char *final; | 1902 | char *final; |
1858 | struct dentry *dp; | 1903 | struct dentry *dp; |
@@ -2009,7 +2054,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) | |||
2009 | if (strcmp(name, "current") != 0) | 2054 | if (strcmp(name, "current") != 0) |
2010 | return -EINVAL; | 2055 | return -EINVAL; |
2011 | 2056 | ||
2012 | cp = kstrdup(p->security, GFP_KERNEL); | 2057 | cp = kstrdup(task_security(p), GFP_KERNEL); |
2013 | if (cp == NULL) | 2058 | if (cp == NULL) |
2014 | return -ENOMEM; | 2059 | return -ENOMEM; |
2015 | 2060 | ||
@@ -2033,6 +2078,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) | |||
2033 | static int smack_setprocattr(struct task_struct *p, char *name, | 2078 | static int smack_setprocattr(struct task_struct *p, char *name, |
2034 | void *value, size_t size) | 2079 | void *value, size_t size) |
2035 | { | 2080 | { |
2081 | struct cred *new; | ||
2036 | char *newsmack; | 2082 | char *newsmack; |
2037 | 2083 | ||
2038 | /* | 2084 | /* |
@@ -2055,7 +2101,11 @@ static int smack_setprocattr(struct task_struct *p, char *name, | |||
2055 | if (newsmack == NULL) | 2101 | if (newsmack == NULL) |
2056 | return -EINVAL; | 2102 | return -EINVAL; |
2057 | 2103 | ||
2058 | p->security = newsmack; | 2104 | new = prepare_creds(); |
2105 | if (!new) | ||
2106 | return -ENOMEM; | ||
2107 | new->security = newsmack; | ||
2108 | commit_creds(new); | ||
2059 | return size; | 2109 | return size; |
2060 | } | 2110 | } |
2061 | 2111 | ||
@@ -2288,8 +2338,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
2288 | return; | 2338 | return; |
2289 | 2339 | ||
2290 | ssp = sk->sk_security; | 2340 | ssp = sk->sk_security; |
2291 | ssp->smk_in = current->security; | 2341 | ssp->smk_in = ssp->smk_out = current_security(); |
2292 | ssp->smk_out = current->security; | ||
2293 | ssp->smk_packet[0] = '\0'; | 2342 | ssp->smk_packet[0] = '\0'; |
2294 | 2343 | ||
2295 | rc = smack_netlabel(sk); | 2344 | rc = smack_netlabel(sk); |
@@ -2352,17 +2401,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
2352 | /** | 2401 | /** |
2353 | * smack_key_alloc - Set the key security blob | 2402 | * smack_key_alloc - Set the key security blob |
2354 | * @key: object | 2403 | * @key: object |
2355 | * @tsk: the task associated with the key | 2404 | * @cred: the credentials to use |
2356 | * @flags: unused | 2405 | * @flags: unused |
2357 | * | 2406 | * |
2358 | * No allocation required | 2407 | * No allocation required |
2359 | * | 2408 | * |
2360 | * Returns 0 | 2409 | * Returns 0 |
2361 | */ | 2410 | */ |
2362 | static int smack_key_alloc(struct key *key, struct task_struct *tsk, | 2411 | static int smack_key_alloc(struct key *key, const struct cred *cred, |
2363 | unsigned long flags) | 2412 | unsigned long flags) |
2364 | { | 2413 | { |
2365 | key->security = tsk->security; | 2414 | key->security = cred->security; |
2366 | return 0; | 2415 | return 0; |
2367 | } | 2416 | } |
2368 | 2417 | ||
@@ -2380,14 +2429,14 @@ static void smack_key_free(struct key *key) | |||
2380 | /* | 2429 | /* |
2381 | * smack_key_permission - Smack access on a key | 2430 | * smack_key_permission - Smack access on a key |
2382 | * @key_ref: gets to the object | 2431 | * @key_ref: gets to the object |
2383 | * @context: task involved | 2432 | * @cred: the credentials to use |
2384 | * @perm: unused | 2433 | * @perm: unused |
2385 | * | 2434 | * |
2386 | * Return 0 if the task has read and write to the object, | 2435 | * Return 0 if the task has read and write to the object, |
2387 | * an error code otherwise | 2436 | * an error code otherwise |
2388 | */ | 2437 | */ |
2389 | static int smack_key_permission(key_ref_t key_ref, | 2438 | static int smack_key_permission(key_ref_t key_ref, |
2390 | struct task_struct *context, key_perm_t perm) | 2439 | const struct cred *cred, key_perm_t perm) |
2391 | { | 2440 | { |
2392 | struct key *keyp; | 2441 | struct key *keyp; |
2393 | 2442 | ||
@@ -2403,10 +2452,10 @@ static int smack_key_permission(key_ref_t key_ref, | |||
2403 | /* | 2452 | /* |
2404 | * This should not occur | 2453 | * This should not occur |
2405 | */ | 2454 | */ |
2406 | if (context->security == NULL) | 2455 | if (cred->security == NULL) |
2407 | return -EACCES; | 2456 | return -EACCES; |
2408 | 2457 | ||
2409 | return smk_access(context->security, keyp->security, MAY_READWRITE); | 2458 | return smk_access(cred->security, keyp->security, MAY_READWRITE); |
2410 | } | 2459 | } |
2411 | #endif /* CONFIG_KEYS */ | 2460 | #endif /* CONFIG_KEYS */ |
2412 | 2461 | ||
@@ -2577,15 +2626,13 @@ struct security_operations smack_ops = { | |||
2577 | .ptrace_may_access = smack_ptrace_may_access, | 2626 | .ptrace_may_access = smack_ptrace_may_access, |
2578 | .ptrace_traceme = smack_ptrace_traceme, | 2627 | .ptrace_traceme = smack_ptrace_traceme, |
2579 | .capget = cap_capget, | 2628 | .capget = cap_capget, |
2580 | .capset_check = cap_capset_check, | 2629 | .capset = cap_capset, |
2581 | .capset_set = cap_capset_set, | ||
2582 | .capable = cap_capable, | 2630 | .capable = cap_capable, |
2583 | .syslog = smack_syslog, | 2631 | .syslog = smack_syslog, |
2584 | .settime = cap_settime, | 2632 | .settime = cap_settime, |
2585 | .vm_enough_memory = cap_vm_enough_memory, | 2633 | .vm_enough_memory = cap_vm_enough_memory, |
2586 | 2634 | ||
2587 | .bprm_apply_creds = cap_bprm_apply_creds, | 2635 | .bprm_set_creds = cap_bprm_set_creds, |
2588 | .bprm_set_security = cap_bprm_set_security, | ||
2589 | .bprm_secureexec = cap_bprm_secureexec, | 2636 | .bprm_secureexec = cap_bprm_secureexec, |
2590 | 2637 | ||
2591 | .sb_alloc_security = smack_sb_alloc_security, | 2638 | .sb_alloc_security = smack_sb_alloc_security, |
@@ -2627,9 +2674,12 @@ struct security_operations smack_ops = { | |||
2627 | .file_send_sigiotask = smack_file_send_sigiotask, | 2674 | .file_send_sigiotask = smack_file_send_sigiotask, |
2628 | .file_receive = smack_file_receive, | 2675 | .file_receive = smack_file_receive, |
2629 | 2676 | ||
2630 | .task_alloc_security = smack_task_alloc_security, | 2677 | .cred_free = smack_cred_free, |
2631 | .task_free_security = smack_task_free_security, | 2678 | .cred_prepare = smack_cred_prepare, |
2632 | .task_post_setuid = cap_task_post_setuid, | 2679 | .cred_commit = smack_cred_commit, |
2680 | .kernel_act_as = smack_kernel_act_as, | ||
2681 | .kernel_create_files_as = smack_kernel_create_files_as, | ||
2682 | .task_fix_setuid = cap_task_fix_setuid, | ||
2633 | .task_setpgid = smack_task_setpgid, | 2683 | .task_setpgid = smack_task_setpgid, |
2634 | .task_getpgid = smack_task_getpgid, | 2684 | .task_getpgid = smack_task_getpgid, |
2635 | .task_getsid = smack_task_getsid, | 2685 | .task_getsid = smack_task_getsid, |
@@ -2642,7 +2692,6 @@ struct security_operations smack_ops = { | |||
2642 | .task_movememory = smack_task_movememory, | 2692 | .task_movememory = smack_task_movememory, |
2643 | .task_kill = smack_task_kill, | 2693 | .task_kill = smack_task_kill, |
2644 | .task_wait = smack_task_wait, | 2694 | .task_wait = smack_task_wait, |
2645 | .task_reparent_to_init = cap_task_reparent_to_init, | ||
2646 | .task_to_inode = smack_task_to_inode, | 2695 | .task_to_inode = smack_task_to_inode, |
2647 | .task_prctl = cap_task_prctl, | 2696 | .task_prctl = cap_task_prctl, |
2648 | 2697 | ||
@@ -2718,6 +2767,8 @@ struct security_operations smack_ops = { | |||
2718 | */ | 2767 | */ |
2719 | static __init int smack_init(void) | 2768 | static __init int smack_init(void) |
2720 | { | 2769 | { |
2770 | struct cred *cred; | ||
2771 | |||
2721 | if (!security_module_enable(&smack_ops)) | 2772 | if (!security_module_enable(&smack_ops)) |
2722 | return 0; | 2773 | return 0; |
2723 | 2774 | ||
@@ -2726,7 +2777,8 @@ static __init int smack_init(void) | |||
2726 | /* | 2777 | /* |
2727 | * Set the security state for the initial task. | 2778 | * Set the security state for the initial task. |
2728 | */ | 2779 | */ |
2729 | current->security = &smack_known_floor.smk_known; | 2780 | cred = (struct cred *) current->cred; |
2781 | cred->security = &smack_known_floor.smk_known; | ||
2730 | 2782 | ||
2731 | /* | 2783 | /* |
2732 | * Initialize locks | 2784 | * Initialize locks |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c21d8c8bf0c7..ca257dfdc75d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void) | |||
336 | 336 | ||
337 | audit_info.loginuid = audit_get_loginuid(current); | 337 | audit_info.loginuid = audit_get_loginuid(current); |
338 | audit_info.sessionid = audit_get_sessionid(current); | 338 | audit_info.sessionid = audit_get_sessionid(current); |
339 | audit_info.secid = smack_to_secid(current->security); | 339 | audit_info.secid = smack_to_secid(current_security()); |
340 | 340 | ||
341 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
342 | if (rc != 0) | 342 | if (rc != 0) |
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient) | |||
371 | 371 | ||
372 | audit_info.loginuid = audit_get_loginuid(current); | 372 | audit_info.loginuid = audit_get_loginuid(current); |
373 | audit_info.sessionid = audit_get_sessionid(current); | 373 | audit_info.sessionid = audit_get_sessionid(current); |
374 | audit_info.secid = smack_to_secid(current->security); | 374 | audit_info.secid = smack_to_secid(current_security()); |
375 | 375 | ||
376 | if (oldambient != NULL) { | 376 | if (oldambient != NULL) { |
377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); |
@@ -843,7 +843,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, | |||
843 | size_t count, loff_t *ppos) | 843 | size_t count, loff_t *ppos) |
844 | { | 844 | { |
845 | char in[SMK_LABELLEN]; | 845 | char in[SMK_LABELLEN]; |
846 | char *sp = current->security; | 846 | char *sp = current->cred->security; |
847 | 847 | ||
848 | if (!capable(CAP_MAC_ADMIN)) | 848 | if (!capable(CAP_MAC_ADMIN)) |
849 | return -EPERM; | 849 | return -EPERM; |