lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CRED: Detach the credentials from task_struct

Browse Source 
Detach the credentials from task_struct, duplicating them in copy_process()
and releasing them in __put_task_struct().

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
2008-11-14 10:39:17 +11:00
committed by James Morris
parent b6dff3ec5e
commit f1752eec61
11 changed files with 179 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
security/selinux/hooks.c
View File

@ -158,7 +158,7 @@ static int selinux_secmark_enabled(void)
/* Allocate and free functions for each kind of security blob. */
static int task_alloc_security(struct task_struct *task)
static int cred_alloc_security(struct cred *cred)
{
struct task_security_struct *tsec;
@ -167,18 +167,11 @@ static int task_alloc_security(struct task_struct *task)
return -ENOMEM;
tsec->osid = tsec->sid = SECINITSID_UNLABELED;
task->cred->security = tsec;
cred->security = tsec;
return 0;
}
static void task_free_security(struct task_struct *task)
{
struct task_security_struct *tsec = task->cred->security;
task->cred->security = NULL;
kfree(tsec);
}
static int inode_alloc_security(struct inode *inode)
{
struct task_security_struct *tsec = current->cred->security;
@ -3184,17 +3177,17 @@ static int selinux_task_create(unsigned long clone_flags)
return task_has_perm(current, current, PROCESS__FORK);
}
static int selinux_task_alloc_security(struct task_struct *tsk)
static int selinux_cred_alloc_security(struct cred *cred)
{
struct task_security_struct *tsec1, *tsec2;
int rc;
tsec1 = current->cred->security;
rc = task_alloc_security(tsk);
rc = cred_alloc_security(cred);
if (rc)
return rc;
tsec2 = tsk->cred->security;
tsec2 = cred->security;
tsec2->osid = tsec1->osid;
tsec2->sid = tsec1->sid;
@ -3208,9 +3201,14 @@ static int selinux_task_alloc_security(struct task_struct *tsk)
return 0;
}
static void selinux_task_free_security(struct task_struct *tsk)
/*
* detach and free the LSM part of a set of credentials
*/
static void selinux_cred_free(struct cred *cred)
{
task_free_security(tsk);
struct task_security_struct *tsec = cred->security;
cred->security = NULL;
kfree(tsec);
}
static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
@ -5552,8 +5550,8 @@ static struct security_operations selinux_ops = {
.dentry_open = selinux_dentry_open,
.task_create = selinux_task_create,
.task_alloc_security = selinux_task_alloc_security,
.task_free_security = selinux_task_free_security,
.cred_alloc_security = selinux_cred_alloc_security,
.cred_free = selinux_cred_free,
.task_setuid = selinux_task_setuid,
.task_post_setuid = selinux_task_post_setuid,
.task_setgid = selinux_task_setgid,
@ -5683,7 +5681,7 @@ static __init int selinux_init(void)
printk(KERN_INFO "SELinux: Initializing.\n");
/* Set the security state for the initial task. */
if (task_alloc_security(current))
if (cred_alloc_security(current->cred))
panic("SELinux: Failed to initialize initial task.\n");
tsec = current->cred->security;
tsec->osid = tsec->sid = SECINITSID_KERNEL;