CRED: Allow kernel services to override LSM settings for task actions
Allow kernel services to override LSM settings appropriate to the actions
performed by a task by duplicating a set of credentials, modifying it and then
using task_struct::cred to point to it when performing operations on behalf of
a task.
This is used, for example, by CacheFiles which has to transparently access the
cache on behalf of a process that thinks it is doing, say, NFS accesses with a
potentially inappropriate (with respect to accessing the cache) set of
credentials.
This patch provides two LSM hooks for modifying a task security record:
(*) security_kernel_act_as() which allows modification of the security datum
with which a task acts on other objects (most notably files).
(*) security_kernel_create_files_as() which allows modification of the
security datum that is used to initialise the security data on a file that
a task creates.
The patch also provides four new credentials handling functions, which wrap the
LSM functions:
(1) prepare_kernel_cred()
Prepare a set of credentials for a kernel service to use, based either on
a daemon's credentials or on init_cred. All the keyrings are cleared.
(2) set_security_override()
Set the LSM security ID in a set of credentials to a specific security
context, assuming permission from the LSM policy.
(3) set_security_override_from_ctx()
As (2), but takes the security context as a string.
(4) set_create_files_as()
Set the file creation LSM security ID in a set of credentials to be the
same as that on a particular inode.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [Smack changes]
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
committed by
James Morris
James Morris
parent
1bfdc75ae0
commit
3a3b7ce933
@ -587,6 +587,19 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
||||
* @new points to the new credentials.
|
||||
* @old points to the original credentials.
|
||||
* Install a new set of credentials.
|
||||
* @kernel_act_as:
|
||||
* Set the credentials for a kernel service to act as (subjective context).
|
||||
* @new points to the credentials to be modified.
|
||||
* @secid specifies the security ID to be set
|
||||
* The current task must be the one that nominated @secid.
|
||||
* Return 0 if successful.
|
||||
* @kernel_create_files_as:
|
||||
* Set the file creation context in a set of credentials to be the same as
|
||||
* the objective context of the specified inode.
|
||||
* @new points to the credentials to be modified.
|
||||
* @inode points to the inode to use as a reference.
|
||||
* The current task must be the one that nominated @inode.
|
||||
* Return 0 if successful.
|
||||
* @task_setuid:
|
||||
* Check permission before setting one or more of the user identity
|
||||
* attributes of the current process. The @flags parameter indicates
|
||||
@ -1381,6 +1394,8 @@ struct security_operations {
|
||||
int (*cred_prepare)(struct cred *new, const struct cred *old,
|
||||
gfp_t gfp);
|
||||
void (*cred_commit)(struct cred *new, const struct cred *old);
|
||||
int (*kernel_act_as)(struct cred *new, u32 secid);
|
||||
int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
|
||||
int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
|
||||
int (*task_fix_setuid) (struct cred *new, const struct cred *old,
|
||||
int flags);
|
||||
@ -1632,6 +1647,8 @@ int security_task_create(unsigned long clone_flags);
|
||||
void security_cred_free(struct cred *cred);
|
||||
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
|
||||
void security_commit_creds(struct cred *new, const struct cred *old);
|
||||
int security_kernel_act_as(struct cred *new, u32 secid);
|
||||
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
|
||||
int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
|
||||
int security_task_fix_setuid(struct cred *new, const struct cred *old,
|
||||
int flags);
|
||||
@ -2151,6 +2168,17 @@ static inline void security_commit_creds(struct cred *new,
|
||||
{
|
||||
}
|
||||
|
||||
static inline int security_kernel_act_as(struct cred *cred, u32 secid)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_kernel_create_files_as(struct cred *cred,
|
||||
struct inode *inode)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
|
||||
int flags)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user