Commit 03ca0ec1 authored by Thomas Cedeno's avatar Thomas Cedeno Committed by Micah Morton

LSM: SafeSetID: Fix warnings reported by test bot

Fix multiple cast-to-union warnings related to casting kuid_t and kgid_t
types to kid_t union type. Also fix incompatible type warning that
arises from accidental omission of "__rcu" qualifier on the struct
setid_ruleset pointer in the argument list for safesetid_file_read().
Reported-by: default avatarkernel test robot <lkp@intel.com>
Signed-off-by: default avatarThomas Cedeno <thomascedeno@google.com>
Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
parent 5294bac9
...@@ -116,7 +116,7 @@ static int safesetid_security_capable(const struct cred *cred, ...@@ -116,7 +116,7 @@ static int safesetid_security_capable(const struct cred *cred,
* If no policy applies to this task, allow the use of CAP_SETUID for * If no policy applies to this task, allow the use of CAP_SETUID for
* other purposes. * other purposes.
*/ */
if (setid_policy_lookup((kid_t)cred->uid, INVALID_ID, UID) == SIDPOL_DEFAULT) if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
return 0; return 0;
/* /*
* Reject use of CAP_SETUID for functionality other than calling * Reject use of CAP_SETUID for functionality other than calling
...@@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, ...@@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred,
* If no policy applies to this task, allow the use of CAP_SETGID for * If no policy applies to this task, allow the use of CAP_SETGID for
* other purposes. * other purposes.
*/ */
if (setid_policy_lookup((kid_t)cred->gid, INVALID_ID, GID) == SIDPOL_DEFAULT) if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
return 0; return 0;
/* /*
* Reject use of CAP_SETUID for functionality other than calling * Reject use of CAP_SETUID for functionality other than calling
...@@ -174,7 +174,7 @@ static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum set ...@@ -174,7 +174,7 @@ static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum set
* RUID. * RUID.
*/ */
permitted = permitted =
setid_policy_lookup((kid_t)old->uid, new_id, new_type) != SIDPOL_CONSTRAINED; setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;
if (!permitted) { if (!permitted) {
if (new_type == UID) { if (new_type == UID) {
...@@ -202,13 +202,13 @@ static int safesetid_task_fix_setuid(struct cred *new, ...@@ -202,13 +202,13 @@ static int safesetid_task_fix_setuid(struct cred *new,
{ {
/* Do nothing if there are no setuid restrictions for our old RUID. */ /* Do nothing if there are no setuid restrictions for our old RUID. */
if (setid_policy_lookup((kid_t)old->uid, INVALID_ID, UID) == SIDPOL_DEFAULT) if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
return 0; return 0;
if (id_permitted_for_cred(old, (kid_t)new->uid, UID) && if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&
id_permitted_for_cred(old, (kid_t)new->euid, UID) && id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&
id_permitted_for_cred(old, (kid_t)new->suid, UID) && id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&
id_permitted_for_cred(old, (kid_t)new->fsuid, UID)) id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))
return 0; return 0;
/* /*
...@@ -226,13 +226,13 @@ static int safesetid_task_fix_setgid(struct cred *new, ...@@ -226,13 +226,13 @@ static int safesetid_task_fix_setgid(struct cred *new,
{ {
/* Do nothing if there are no setgid restrictions for our old RGID. */ /* Do nothing if there are no setgid restrictions for our old RGID. */
if (setid_policy_lookup((kid_t)old->gid, INVALID_ID, GID) == SIDPOL_DEFAULT) if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
return 0; return 0;
if (id_permitted_for_cred(old, (kid_t)new->gid, GID) && if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&
id_permitted_for_cred(old, (kid_t)new->egid, GID) && id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&
id_permitted_for_cred(old, (kid_t)new->sgid, GID) && id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&
id_permitted_for_cred(old, (kid_t)new->fsgid, GID)) id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))
return 0; return 0;
/* /*
......
...@@ -261,7 +261,7 @@ static ssize_t safesetid_gid_file_write(struct file *file, ...@@ -261,7 +261,7 @@ static ssize_t safesetid_gid_file_write(struct file *file,
} }
static ssize_t safesetid_file_read(struct file *file, char __user *buf, static ssize_t safesetid_file_read(struct file *file, char __user *buf,
size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct setid_ruleset* ruleset) size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset)
{ {
ssize_t res = 0; ssize_t res = 0;
struct setid_ruleset *pol; struct setid_ruleset *pol;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment