Commit 88e67f3b authored by David Howells's avatar David Howells Committed by James Morris

CRED: Make inode_has_perm() and file_has_perm() take a cred pointer

Make inode_has_perm() and file_has_perm() take a cred pointer rather than a
task pointer.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 6cc88bc4
......@@ -172,17 +172,26 @@ static int cred_alloc_security(struct cred *cred)
return 0;
}
/*
* get the security ID of a set of credentials
*/
static inline u32 cred_sid(const struct cred *cred)
{
const struct task_security_struct *tsec;
tsec = cred->security;
return tsec->sid;
}
/*
* get the security ID of a task
*/
static inline u32 task_sid(const struct task_struct *task)
{
const struct task_security_struct *tsec;
u32 sid;
rcu_read_lock();
tsec = __task_cred(task)->security;
sid = tsec->sid;
sid = cred_sid(__task_cred(task));
rcu_read_unlock();
return sid;
}
......@@ -197,6 +206,8 @@ static inline u32 current_sid(void)
return tsec->sid;
}
/* Allocate and free functions for each kind of security blob. */
static int inode_alloc_security(struct inode *inode)
{
struct inode_security_struct *isec;
......@@ -1368,7 +1379,7 @@ static inline u32 signal_to_av(int sig)
}
/*
* Check permission betweeen a pair of tasks, e.g. signal checks,
* Check permission between a pair of tasks, e.g. signal checks,
* fork check, ptrace check, etc.
* tsk1 is the actor and tsk2 is the target
*/
......@@ -1437,7 +1448,7 @@ static int task_has_system(struct task_struct *tsk,
/* Check whether a task has a particular permission to an inode.
The 'adp' parameter is optional and allows other audit
data to be passed (e.g. the dentry). */
static int inode_has_perm(struct task_struct *tsk,
static int inode_has_perm(const struct cred *cred,
struct inode *inode,
u32 perms,
struct avc_audit_data *adp)
......@@ -1449,7 +1460,7 @@ static int inode_has_perm(struct task_struct *tsk,
if (unlikely(IS_PRIVATE(inode)))
return 0;
sid = task_sid(tsk);
sid = cred_sid(cred);
isec = inode->i_security;
if (!adp) {
......@@ -1464,17 +1475,18 @@ static int inode_has_perm(struct task_struct *tsk,
/* Same as inode_has_perm, but pass explicit audit data containing
the dentry to help the auditing code to more easily generate the
pathname if needed. */
static inline int dentry_has_perm(struct task_struct *tsk,
static inline int dentry_has_perm(const struct cred *cred,
struct vfsmount *mnt,
struct dentry *dentry,
u32 av)
{
struct inode *inode = dentry->d_inode;
struct avc_audit_data ad;
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.path.mnt = mnt;
ad.u.fs.path.dentry = dentry;
return inode_has_perm(tsk, inode, av, &ad);
return inode_has_perm(cred, inode, av, &ad);
}
/* Check whether a task can use an open file descriptor to
......@@ -1485,14 +1497,14 @@ static inline int dentry_has_perm(struct task_struct *tsk,
has the same SID as the process. If av is zero, then
access to the file is not checked, e.g. for cases
where only the descriptor is affected like seek. */
static int file_has_perm(struct task_struct *tsk,
static int file_has_perm(const struct cred *cred,
struct file *file,
u32 av)
{
struct file_security_struct *fsec = file->f_security;
struct inode *inode = file->f_path.dentry->d_inode;
struct avc_audit_data ad;
u32 sid = task_sid(tsk);
u32 sid = cred_sid(cred);
int rc;
AVC_AUDIT_DATA_INIT(&ad, FS);
......@@ -1504,14 +1516,16 @@ static int file_has_perm(struct task_struct *tsk,
FD__USE,
&ad);
if (rc)
return rc;
goto out;
}
/* av is zero if only checking access to the descriptor. */
rc = 0;
if (av)
return inode_has_perm(tsk, inode, av, &ad);
rc = inode_has_perm(cred, inode, av, &ad);
return 0;
out:
return rc;
}
/* Check whether a task can create a file. */
......@@ -1670,13 +1684,13 @@ static inline int may_rename(struct inode *old_dir,
}
/* Check whether a task can perform a filesystem operation. */
static int superblock_has_perm(struct task_struct *tsk,
static int superblock_has_perm(const struct cred *cred,
struct super_block *sb,
u32 perms,
struct avc_audit_data *ad)
{
struct superblock_security_struct *sbsec;
u32 sid = task_sid(tsk);
u32 sid = cred_sid(cred);
sbsec = sb->s_security;
return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
......@@ -1919,6 +1933,7 @@ static int selinux_sysctl(ctl_table *table, int op)
static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
{
const struct cred *cred = current_cred();
int rc = 0;
if (!sb)
......@@ -1930,14 +1945,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
case Q_QUOTAOFF:
case Q_SETINFO:
case Q_SETQUOTA:
rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
NULL);
rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
break;
case Q_GETFMT:
case Q_GETINFO:
case Q_GETQUOTA:
rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
NULL);
rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
break;
default:
rc = 0; /* let the kernel handle invalid cmds */
......@@ -1948,7 +1961,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
static int selinux_quota_on(struct dentry *dentry)
{
return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
const struct cred *cred = current_cred();
return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
}
static int selinux_syslog(int type)
......@@ -2137,6 +2152,7 @@ extern struct dentry *selinux_null;
/* Derived from fs/exec.c:flush_old_files. */
static inline void flush_unauthorized_files(struct files_struct *files)
{
const struct cred *cred = current_cred();
struct avc_audit_data ad;
struct file *file, *devnull = NULL;
struct tty_struct *tty;
......@@ -2157,7 +2173,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
interested in the inode-based check here. */
file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
inode = file->f_path.dentry->d_inode;
if (inode_has_perm(current, inode,
if (inode_has_perm(cred, inode,
FILE__READ | FILE__WRITE, NULL)) {
drop_tty = 1;
}
......@@ -2192,7 +2208,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
file = fget(i);
if (!file)
continue;
if (file_has_perm(current,
if (file_has_perm(cred,
file,
file_to_av(file))) {
sys_close(i);
......@@ -2465,6 +2481,7 @@ static int selinux_sb_copy_data(char *orig, char *copy)
static int selinux_sb_kern_mount(struct super_block *sb, void *data)
{
const struct cred *cred = current_cred();
struct avc_audit_data ad;
int rc;
......@@ -2474,16 +2491,17 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.path.dentry = sb->s_root;
return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
}
static int selinux_sb_statfs(struct dentry *dentry)
{
const struct cred *cred = current_cred();
struct avc_audit_data ad;
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.path.dentry = dentry->d_sb->s_root;
return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
}
static int selinux_mount(char *dev_name,
......@@ -2492,6 +2510,7 @@ static int selinux_mount(char *dev_name,
unsigned long flags,
void *data)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
......@@ -2499,22 +2518,23 @@ static int selinux_mount(char *dev_name,
return rc;
if (flags & MS_REMOUNT)
return superblock_has_perm(current, path->mnt->mnt_sb,
return superblock_has_perm(cred, path->mnt->mnt_sb,
FILESYSTEM__REMOUNT, NULL);
else
return dentry_has_perm(current, path->mnt, path->dentry,
return dentry_has_perm(cred, path->mnt, path->dentry,
FILE__MOUNTON);
}
static int selinux_umount(struct vfsmount *mnt, int flags)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->sb_umount(mnt, flags);
if (rc)
return rc;
return superblock_has_perm(current, mnt->mnt_sb,
return superblock_has_perm(cred, mnt->mnt_sb,
FILESYSTEM__UNMOUNT, NULL);
}
......@@ -2652,21 +2672,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent
static int selinux_inode_readlink(struct dentry *dentry)
{
return dentry_has_perm(current, NULL, dentry, FILE__READ);
const struct cred *cred = current_cred();
return dentry_has_perm(cred, NULL, dentry, FILE__READ);
}
static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->inode_follow_link(dentry, nameidata);
if (rc)
return rc;
return dentry_has_perm(current, NULL, dentry, FILE__READ);
return dentry_has_perm(cred, NULL, dentry, FILE__READ);
}
static int selinux_inode_permission(struct inode *inode, int mask)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->inode_permission(inode, mask);
......@@ -2678,12 +2702,13 @@ static int selinux_inode_permission(struct inode *inode, int mask)
return 0;
}
return inode_has_perm(current, inode,
return inode_has_perm(cred, inode,
file_mask_to_av(inode->i_mode, mask), NULL);
}
static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->inode_setattr(dentry, iattr);
......@@ -2695,18 +2720,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
ATTR_ATIME_SET | ATTR_MTIME_SET))
return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
}
static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
{
return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
const struct cred *cred = current_cred();
return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
}
static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
{
const struct cred *cred = current_cred();
if (!strncmp(name, XATTR_SECURITY_PREFIX,
sizeof XATTR_SECURITY_PREFIX - 1)) {
if (!strcmp(name, XATTR_NAME_CAPS)) {
......@@ -2721,7 +2750,7 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
/* Not an attribute we recognize, so just check the
ordinary setattr permission. */
return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
}
static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
......@@ -2806,12 +2835,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
{
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
const struct cred *cred = current_cred();
return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
}
static int selinux_inode_listxattr(struct dentry *dentry)
{
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
const struct cred *cred = current_cred();
return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
}
static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
......@@ -2915,6 +2948,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
static int selinux_revalidate_file_permission(struct file *file, int mask)
{
const struct cred *cred = current_cred();
int rc;
struct inode *inode = file->f_path.dentry->d_inode;
......@@ -2927,7 +2961,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
mask |= MAY_APPEND;
rc = file_has_perm(current, file,
rc = file_has_perm(cred, file,
file_mask_to_av(inode->i_mode, mask));
if (rc)
return rc;
......@@ -2967,6 +3001,7 @@ static void selinux_file_free_security(struct file *file)
static int selinux_file_ioctl(struct file *file, unsigned int cmd,
unsigned long arg)
{
const struct cred *cred = current_cred();
u32 av = 0;
if (_IOC_DIR(cmd) & _IOC_WRITE)
......@@ -2976,11 +3011,13 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
if (!av)
av = FILE__IOCTL;
return file_has_perm(current, file, av);
return file_has_perm(cred, file, av);
}
static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
{
const struct cred *cred = current_cred();
#ifndef CONFIG_PPC32
if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
/*
......@@ -3005,7 +3042,7 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
if (prot & PROT_EXEC)
av |= FILE__EXECUTE;
return file_has_perm(current, file, av);
return file_has_perm(cred, file, av);
}
return 0;
}
......@@ -3034,6 +3071,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
unsigned long reqprot,
unsigned long prot)
{
const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->file_mprotect(vma, reqprot, prot);
......@@ -3062,7 +3100,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
* modified content. This typically should only
* occur for text relocations.
*/
rc = file_has_perm(current, vma->vm_file,
rc = file_has_perm(cred, vma->vm_file,
FILE__EXECMOD);
}
if (rc)
......@@ -3075,12 +3113,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
static int selinux_file_lock(struct file *file, unsigned int cmd)
{
return file_has_perm(current, file, FILE__LOCK);
const struct cred *cred = current_cred();
return file_has_perm(cred, file, FILE__LOCK);
}
static int selinux_file_fcntl(struct file *file, unsigned int cmd,
unsigned long arg)
{
const struct cred *cred = current_cred();
int err = 0;
switch (cmd) {
......@@ -3091,7 +3132,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
}
if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
err = file_has_perm(current, file, FILE__WRITE);
err = file_has_perm(cred, file, FILE__WRITE);
break;
}
/* fall through */
......@@ -3101,7 +3142,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
case F_GETOWN:
case F_GETSIG:
/* Just check FD__USE permission */
err = file_has_perm(current, file, 0);
err = file_has_perm(cred, file, 0);
break;
case F_GETLK:
case F_SETLK:
......@@ -3115,7 +3156,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
err = -EINVAL;
break;
}
err = file_has_perm(current, file, FILE__LOCK);
err = file_has_perm(cred, file, FILE__LOCK);
break;
}
......@@ -3156,11 +3197,14 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
static int selinux_file_receive(struct file *file)
{
return file_has_perm(current, file, file_to_av(file));
const struct cred *cred = current_cred();
return file_has_perm(cred, file, file_to_av(file));
}
static int selinux_dentry_open(struct file *file)
{
const struct cred *cred = current_cred();
struct file_security_struct *fsec;
struct inode *inode;
struct inode_security_struct *isec;
......@@ -3184,7 +3228,7 @@ static int selinux_dentry_open(struct file *file)
* new inode label or new policy.
* This check is not redundant - do not remove.
*/
return inode_has_perm(current, inode, open_file_to_av(file), NULL);
return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
}
/* task security operations */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment